p5-List-SomeUtils-XS: update to 0.59.
0.59 2026-06-22
- Fix a heap buffer overflow in the pairwise function when it would return a very large list. Fixed
by Paul Johnson.
expat: update to 2.8.2.
Release 2.8.2 Thu June 25 2026
Security fixes:
#1246 CVE-2026-50219 -- Disallow calls to functions
`XML_GetBuffer`, `XML_Parse`, `XML_ParseBuffer`,
`XML_ParserFree`, `XML_ParserReset` to guard e.g.
Expat bindings from memory corruption;
this CPython issue is related:
https://github.com/python/cpython/issues/146169
#1267 CVE-2026-56131 -- Protect XML_ResumeParser from being called
from a handler, plugging a hole in the fix
to CVE-2026-50219
#1272 CVE-2026-56132 -- Fix out-of-bound scaffolding index store
in `doProlog`
#1229 #1232 CVE-2026-56403 -- Integer overflow in `storeAtts`
#1249 CVE-2026-56404 -- Integer overflow in `addBinding`
#1251 CVE-2026-56405 -- Integer overflow in `getAttributeId`
#1255 CVE-2026-56406 -- Integer overflow in `XML_ParseBuffer`
[70 lines not shown]
nono: update to 1.8.1.
1.8.1 (2026/06/25)
vm(Update): "Rewrite whole SSG(YM2149). Implement envelope and noise."
vm(Fix): "Fix some tone pitches on SSG(YM2149)."
vm(New): "Support SSG(YM2149) even on LUNA-88K."
vm(Fix): "Fix an issue where the time display would become incorrect after 115 days since ver 1.8.0."
host(New): "Add PulseAudio to host sound driver. It can be enabled by configure --enable-pulseaudio."
host(Update): "Sound latency may be improved."
GUI(Update): "Show spectrum analyzer on the sound monitor."
resterm: Update to v0.44.2
v0.44.2
Dedicated test results block in the status bar
Script/assertion test results now render as their
own segment in the status bar instead of being appended
to the response status text.
New status bar block - test outcomes (@assert and script tests)
get a dedicated, separately styled segment in the left status sections,
colored by level (pass = success, fail = warn, error = error).
The main response status (e.g. 200 OK (200)) stays the same but is no
longer suffixed with - X 1 test(s) failed.
Summaries - the block shows V tests passed, X N test(s) failed (with correct singular/plural) or ! test error.
HTTP and gRPC - the test block is populated for both HTTP and gRPC responses.
Header icon - the test error icon in the response header changed from /!\ to !
powerdns: Update to 5.1.2
Released: 25th of June 2026
This is release 5.1.2 of the Authoritative Server. It contains a security fix only.
Please review the Upgrade Notes before upgrading from versions < 5.1.x.
Bug Fixes
Fix PowerDNS Security Advisory 2026-07 for PowerDNS Authoritative Server
dnsdist: Update to 2.0.7
Released: 25th of June 2026
Bug Fixes
CVE-2026-42005: An attacker can send a web request that causes unlimited memory allocation in the internal web server,
leading to a denial of service. The internal web server is disabled by default.
CVE-2026-40210: An out-of-bounds read might happen when SetMacAddrAction is used,
potentially resulting in uninitialized memory being sent over the network or a crash.
CVE-2026-40209: An attacker might be able to cause outgoing TCP connections to backend to be
stuck until a timeout occurs instead of being released immediately by sending IXFR queries.
This could be used to cause a denial of service if there is a limit to the number of
concurrent connections to this backend, or if the process runs out of file descriptors.
CVE-2026-42004: An attacker can send a crafted EDNS OPT record that will be ignored by
DNSdist�s filtering rules, but will be rewritten as a valid OPT record when EDNS Client
Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.
[11 lines not shown]
textproc/rucola: update to 0.10.0
Release Notes
Added a diary option by GitHub user robin-thoene
Added a configuration option to enable the daily diary.
Added a keybinding that creates a diary note and opens it in the editor or display screen.
Added a configuration option to determine the format of the title of the diary note.
Added a configuration option to set the initial content of the diary note.
Added an option to copy (i.e. duplicate) notes in the select and display screen
If a note is copied and its filename contains a valid date string (e.g. %F), it will be replaced by chrono during the copy.
Otherwise, copy_ will be prepended to the new file name.
This can be used to create templates for e.g. monthly or weekly notes and quickly copy them, in addition to the daily note system outlined above.
py-sybil: updated to 10.1.0
10.1.0 (13 Jun 2026)
- Ignore trailing whitespace in doctest output by default, see
:data:`~sybil.evaluators.doctest.KEEP_TRAILING_WHITESPACE` if you need whitespace sensitivity.
- Make :func:`~sybil.testing.run_pytest` runs immune to ambient color environment variables.
py-vcs-versioning: updated to 2.2.0
2.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests to setuptools-scm where the entry points are registered.
fuse-emulator: updated to 1.9.0
1.9.0
* New features:
* Add NTSC TV and replace the PAL TV filters (derived from
snes_ntsc by Shay Green)
* Emulation core improvements:
* Tape traps: set the pulse level correctly after loading a ROM
block.
* TZX handling: don't ignore the embedded pause at the end of a
block.
* Release pressed keys after snapshot restore.
* UI improvements:
* GTK3: stop forcing X11 over Wayland (Alberto Garcia).
* SDL2: use layout-aware key mapping in keyboard handling
(Fredrick Meunier).
[36 lines not shown]
libspectrum: updated to 1.6.2
1.6.2
* Fix TZX pulse handling by starting blocks with the pulse level set to
low by default.
* Improve tape block handling by adding CONCAT block support to block
descriptions and edge generation, and fixing related memory leaks in
CONCAT, PULS and PZXT block handling (Fredrick Meunier).
* Various minor bug fixes/improvements:
* Split TZX PULSE_SEQUENCE blocks when needed to keep single-repeat
pulse counts within format limits (Fredrick Meunier).
* Fix error-path memory handling in CSW, SZX and RZX readers
(Fredrick Meunier).
* Improve TZX/PZX string and write handling, including bulk string
writes and simpler NUL-terminated string parsing (Fredrick
Meunier).
[7 lines not shown]
py-hypothesis: updated to 6.155.7
6.155.7 - 2026-06-21
This patch fixes a thread-safety bug where concurrent use of the same strategy instance could error in rare cases.
6.155.6 - 2026-06-19
This patch replaces some internal %-style string formatting with f-strings. There is no user-visible change.
6.155.5 - 2026-06-18
dates() now raises InvalidArgument if a datetime is passed as min_value or max_value. Because datetime is a subclass of date, such bounds were previously accepted and then failed with a confusing TypeError while generating examples.
6.155.4 - 2026-06-18
This patch removes a stray print() which fired whenever a dates() filter was rewritten.
py-setuptools_scm: updated to 10.2.0
10.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered.
py-mutagen: updated to 1.48.1
1.48.1 - 2026-06-25
* Revert: ``ID3: Fix saving ID3v2 comment fields from COMM:desc:lang tags``
to fix duplicated COMM frames in some cases.
