go: update to 1.24.11 and 1.25.5 (security)
These releases include 2 security fixes following the security policy:
- crypto/x509: excessive resource consumption in printing error string for
host certificate validation
Within HostnameError.Error(), when constructing an error string, there is no
limit to the number of hosts that will be printed out.
Furthermore, the error string is constructed by repeated string
concatenation, leading to quadratic runtime.
Therefore, a certificate provided by a malicious actor can result in
excessive resource consumption.
HostnameError.Error() now limits the number of hosts and utilizes
strings.Builder when constructing an error string.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
[13 lines not shown]
gam: update to 7.29.01
Changes since 7.19.02:
7.29.01
Added option oneitemperrow to gam <UserTypeEntity> print calendars ... permissions to have each of a calendar's permissions displayed on a separate row with all of the other calendar fields.
Updated gam yubikey reset_piv to handle YubiKey firmware updates that caused an error.
7.29.00
Added options mappermissionsemail <EmailAddress> <EmailAddress> and mappermissionsemailfile <CSVFileInput> endcsv to these commands:
gam [<UserTypeEntity>] copy shareddriveacls <SharedDriveEntity> to <SharedDriveEntity>
gam [<UserTypeEntity>] sync shareddriveacls <SharedDriveEntity> with <SharedDriveEntity>
gam <UserTypeEntity> copy drivefile <DriveFileEntity>
gam <UserTypeEntity> move drivefile <DriveFileEntity>
[318 lines not shown]
py-pip-audit: updated to 2.10.0
2.10.0
Added
pip-audit now supports the --osv-url URL flag, which can be used to
retrieve vulnerabilities from a custom OSV service. This is useful for
organizations that host their own mirror of the OSV database, or that
have custom OSV records
pip-audit now supports the Ecosyste.ms vulnerability service with
--vulnerability-service=esms
Changed
The minimum version of Python is now 3.10
Fixed
[6 lines not shown]
haproxy: updated to 3.3.0
3.3.0
- BUG/MINOR: acme: better challenge_ready processing
- BUG/MINOR: acme: warning ‘ctx’ may be used uninitialized
- MINOR: httpclient: complete the https log
- BUG/MEDIUM: server: do not use default SNI if manually set
- BUG/MINOR: freq_ctr: Prevent possible signed overflow in freq_ctr_overshoot_period
- DOC: ssl: Document the restrictions on 0RTT.
- DOC: ssl: Note that 0rtt works fork QUIC with QuicTLS too.
- BUG/MEDIUM: quic: do not prevent sending if no BE token
- BUG/MINOR: quic/server: free quic_retry_token on srv drop
- MINOR: quic: split global CID tree between FE and BE sides
- MINOR: quic: use separate global quic_conns FE/BE lists
- MINOR: quic: add "clo" filter on show quic
- MINOR: quic: dump backend connections on show quic
- MINOR: quic: mark backend conns on show quic
- BUG/MINOR: quic: fix uninit list on show quic handler
- BUG/MINOR: quic: release BE quic_conn on connect failure
[10 lines not shown]
Update to nabud-1.4.1:
Upstream changes:
* Added a local copy of strlcpy(3) for platforms that do not include it
(some Linux systems, for example).
* Fixed a nabud crash when a connection has a Baud directive but no
StopBits directive.
* Fixed a nabud crash when a connection has a Channel directive that
does not match any configured channel.
py-pylint: updated to 4.0.4
4.0.4
False Positives Fixed
- Fixed false positive for ``invalid-name`` where module-level constants were incorrectly classified as variables when a class-level attribute with the same name exists.
- Fix a false positive for ``invalid-name`` on an UPPER_CASED name inside an ``if`` branch that assigns an object.
re2c: updated to 4.3.1
4.3.1 (2025-12-01)
- Fixed bugs:
(allow conditions that have no rules except for default rule)
(use unsigned character type in C/C++ examples)
(fix broken end of input rule $ with captures)
net/unison: Sync unison build targets with pkgsrc options
to avoid e.g. unison's build system trying to build the gui if lablgtk
is installed but not buildlinked.
textproc/treemd: update to 0.4.1
[0.4.1] - 2025-12-01
Fixed
Config file color_mode setting ignored - The color_mode setting in config.toml is now properly respected (#5)
Priority order: CLI flags > config file > auto-detection
Set color_mode = "rgb" or color_mode = "256" in config to override auto-detection
color_mode = "auto" (default) uses improved auto-detection
RGB auto-detection fails for truecolor terminals - Improved terminal color detection for Kitty, Alacritty, WezTerm, and other RGB-capable terminals (#5)
Now checks COLORTERM environment variable for truecolor or 24bit (primary standard per termstandard/colors)
Checks TERM for known truecolor terminals (kitty, alacritty, wezterm) and suffixes (-truecolor, -direct)
Checks TERM_PROGRAM for known apps (iTerm, Kitty, VS Code, Hyper, etc.)
Falls back to supports_color crate detection
Technical
Enhanced color detection (src/tui/terminal_compat.rs)
[164 lines not shown]
