* Re: [OE-core] [PATCH v3] devtool: upgrade: extract changelog between versions
2026-05-13 13:56 [PATCH v3] devtool: upgrade: extract changelog between versions daniel.turull
@ 2026-05-14 20:06 ` Tim Orling
0 siblings, 0 replies; 2+ messages in thread
From: Tim Orling @ 2026-05-14 20:06 UTC (permalink / raw)
To: daniel.turull; +Cc: openembedded-core, alex.kanavin
[-- Attachment #1.1: Type: text/plain, Size: 22938 bytes --]
I tested this with python3-cryptography, python3-maturin and vim
(output attached). In all three cases the resulting <recipe>.txt file
looked like what I expected. It is interesting that the "changes"
output can succeed and provide information when the recipe
upgrade itself fails (python3-cryptography and vim fall into that
category).
I'll warn that automatically including the results in AUH upgrade
runs the risk of creating some fairly large "wall of text" commit logs.
I personally prefer more information rather than no information, so
I like this approach. Not everyone agrees with me.
One other idea would be to include the GitHub "compare" type URLs
when those are available [1][2][3].
Another idea might be including a link to the detected "changes" file,
or files depending on the recipe's upstream pattern.
I have a similar approach in progress forked from 'changelogs', but
it is limited by the tool to pypi, npm, rubygems [4] and also requires
too much manual fixing to detect the "changes" file.
On Wed, May 13, 2026 at 6:56 AM Daniel Turull via lists.openembedded.org
<daniel.turull=ericsson.com@lists.openembedded.org> wrote:
> From: Daniel Turull <daniel.turull@ericsson.com>
>
> Automatically extract changelog information when upgrading a recipe.
> Uses the devtool-base tags created during upgrade to diff known
> changelog files (NEWS, ChangeLog, CHANGES, etc.) between the old and
> new versions. For git-based sources, falls back to git log --oneline
> if no changelog file changed.
>
> Also match per-version release notes files like git's
> Documentation/RelNotes/2.53.0.adoc or mesa's docs/relnotes/26.0.3.rst.
>
> These are detected by matching filenames that contain a version
> number with a documentation extension (.txt, .md, .rst, .adoc).
> Their full content is read via git show since they are new files
> rather than modifications to an existing changelog.
>
> Collapse runs of multiple blank lines into a single blank line and
> strip leading/trailing whitespace from the extracted changelog. This
> produces cleaner output that is suitable for inclusion in commit
> messages by tools like AUH.
>
> Output is written to workspace/changelogs/<pn>.txt and cleaned up on
> devtool reset. This allows AUH and other tools to pick up the changelog
> without implementing their own extraction logic.
>
> Add test cases for existings test recipes
>
nit pick: typo s/existings/existing/
> Assisted-by: kiro:claude-opus-4.6
>
Our current standard is "AI-generated: <description of tool and LLM model>"
[5]
[1] https://github.com/pyca/cryptography/compare/46.0.7...48.0.0
[2] https://github.com/PyO3/maturin/compare/v1.13.1...v1.13.3
[3] https://github.com/vim/vim/compare/v9.2.0341...v9.2.0481
[4] https://github.com/moto-timo/changelogs/tree/dev-pyproject.toml
[5]
https://docs.yoctoproject.org/dev/singleindex.html#acceptance-of-ai-generated-code
Tested-by: Tim Orling <tim.orling@konsulko.com>
> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
>
> ---
>
> v2:
> - squash v1 patches into one commit and keep commit messages
> - Integrate test cases with exiting devtool selftests
>
> v3:
> - do not silently skip the test if changelog is missing
> ---
> .../python3-guessing-game_git.bb.changelog | 3 +
> .../devtool-upgrade-test1_1.5.3.bb.changelog | 24 +++++
> .../devtool-upgrade-test2_git.bb.changelog | 3 +
> .../devtool-upgrade-test3_1.5.3.bb.changelog | 24 +++++
> .../devtool-upgrade-test4_1.5.3.bb.changelog | 24 +++++
> .../devtool-upgrade-test5_git.bb.changelog | 3 +
> meta/lib/oeqa/selftest/cases/devtool.py | 27 ++++++
> scripts/lib/devtool/standard.py | 8 ++
> scripts/lib/devtool/upgrade.py | 95 +++++++++++++++++++
> 9 files changed, 211 insertions(+)
> create mode 100644
> meta-selftest/recipes-devtools/python/python3-guessing-game_git.bb.changelog
> create mode 100644
> meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.changelog
> create mode 100644
> meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.changelog
> create mode 100644
> meta-selftest/recipes-test/devtool/devtool-upgrade-test3_1.5.3.bb.changelog
> create mode 100644
> meta-selftest/recipes-test/devtool/devtool-upgrade-test4_1.5.3.bb.changelog
> create mode 100644
> meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.changelog
>
> diff --git
> a/meta-selftest/recipes-devtools/python/python3-guessing-game_git.bb.changelog
> b/meta-selftest/recipes-devtools/python/python3-guessing-game_git.bb.changelog
> new file mode 100644
> index 0000000000..571220b2a4
> --- /dev/null
> +++
> b/meta-selftest/recipes-devtools/python/python3-guessing-game_git.bb.changelog
> @@ -0,0 +1,3 @@
> +Changelog for python3-guessing-game: 0.1.0 -> 0.2.0
> +
> +40cf004 Sync with maturin tutorial source
> diff --git
> a/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.changelog
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.changelog
> new file mode 100644
> index 0000000000..04d9be5103
> --- /dev/null
> +++
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.changelog
> @@ -0,0 +1,24 @@
> +Changelog for devtool-upgrade-test1: 1.5.3 -> 1.6.0
> +
> +1.6.0 - 15 March 2015
> + - fix lstat64 support when unavailable - separate patches supplied by
> + Ganael Laplanche and Peter Korsgaard
> + - (#1506) new option "-D" / "--delay-start" to only show bar after N
> + seconds (Damon Harper)
> + - new option "--fineta" / "-I" to show ETA as time of day rather than
> time
> + remaining - patch supplied by Erkki Seppälä (r147)
> + - (#1509) change ETA (--eta / -e) so that days are given if the hours
> + remaining are 24 or more (Jacek Wielemborek)
> + - (#1499) repeat read and write attempts on partial buffer fill/empty to
> + work around post-signal transfer rate drop reported by Ralf Ramsauer
> + - (#1507) do not try to calculate total size in line mode, due to bug
> + reported by Jacek Wielemborek and Michiel Van Herwegen
> + - cleanup: removed defunct RATS comments and unnecessary copyright
> notices
> + - clean up displayed lines when using --watchfd PID, when PID exits
> + - output errors on a new line to avoid overwriting transfer bar
> +
> +1.5.7 - 26 August 2014
> + - show KiB instead of incorrect kiB (Debian bug #706175)
> + - (#1284) do not gzip man page, for non-Linux OSes (Bob Friesenhahn)
> + - work around "awk" bug in tests/016-numeric-timer in decimal ","
> locales
> + - fix "make rpm" and "make srpm", extend "make release" to sign releases
> diff --git
> a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.changelog
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.changelog
> new file mode 100644
> index 0000000000..b7f0019d56
> --- /dev/null
> +++
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.changelog
> @@ -0,0 +1,3 @@
> +Changelog for devtool-upgrade-test2: 0.1+git -> 0.1+git
> +
> +6cc6077 dbus-wait.c: Fix typo
> diff --git
> a/meta-selftest/recipes-test/devtool/devtool-upgrade-test3_1.5.3.bb.changelog
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test3_1.5.3.bb.changelog
> new file mode 100644
> index 0000000000..d9994fe063
> --- /dev/null
> +++
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test3_1.5.3.bb.changelog
> @@ -0,0 +1,24 @@
> +Changelog for devtool-upgrade-test3: 1.5.3 -> 1.6.0
> +
> +1.6.0 - 15 March 2015
> + - fix lstat64 support when unavailable - separate patches supplied by
> + Ganael Laplanche and Peter Korsgaard
> + - (#1506) new option "-D" / "--delay-start" to only show bar after N
> + seconds (Damon Harper)
> + - new option "--fineta" / "-I" to show ETA as time of day rather than
> time
> + remaining - patch supplied by Erkki Seppälä (r147)
> + - (#1509) change ETA (--eta / -e) so that days are given if the hours
> + remaining are 24 or more (Jacek Wielemborek)
> + - (#1499) repeat read and write attempts on partial buffer fill/empty to
> + work around post-signal transfer rate drop reported by Ralf Ramsauer
> + - (#1507) do not try to calculate total size in line mode, due to bug
> + reported by Jacek Wielemborek and Michiel Van Herwegen
> + - cleanup: removed defunct RATS comments and unnecessary copyright
> notices
> + - clean up displayed lines when using --watchfd PID, when PID exits
> + - output errors on a new line to avoid overwriting transfer bar
> +
> +1.5.7 - 26 August 2014
> + - show KiB instead of incorrect kiB (Debian bug #706175)
> + - (#1284) do not gzip man page, for non-Linux OSes (Bob Friesenhahn)
> + - work around "awk" bug in tests/016-numeric-timer in decimal ","
> locales
> + - fix "make rpm" and "make srpm", extend "make release" to sign releases
> diff --git
> a/meta-selftest/recipes-test/devtool/devtool-upgrade-test4_1.5.3.bb.changelog
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test4_1.5.3.bb.changelog
> new file mode 100644
> index 0000000000..3a37271eb7
> --- /dev/null
> +++
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test4_1.5.3.bb.changelog
> @@ -0,0 +1,24 @@
> +Changelog for devtool-upgrade-test4: 1.5.3 -> 1.6.0
> +
> +1.6.0 - 15 March 2015
> + - fix lstat64 support when unavailable - separate patches supplied by
> + Ganael Laplanche and Peter Korsgaard
> + - (#1506) new option "-D" / "--delay-start" to only show bar after N
> + seconds (Damon Harper)
> + - new option "--fineta" / "-I" to show ETA as time of day rather than
> time
> + remaining - patch supplied by Erkki Seppälä (r147)
> + - (#1509) change ETA (--eta / -e) so that days are given if the hours
> + remaining are 24 or more (Jacek Wielemborek)
> + - (#1499) repeat read and write attempts on partial buffer fill/empty to
> + work around post-signal transfer rate drop reported by Ralf Ramsauer
> + - (#1507) do not try to calculate total size in line mode, due to bug
> + reported by Jacek Wielemborek and Michiel Van Herwegen
> + - cleanup: removed defunct RATS comments and unnecessary copyright
> notices
> + - clean up displayed lines when using --watchfd PID, when PID exits
> + - output errors on a new line to avoid overwriting transfer bar
> +
> +1.5.7 - 26 August 2014
> + - show KiB instead of incorrect kiB (Debian bug #706175)
> + - (#1284) do not gzip man page, for non-Linux OSes (Bob Friesenhahn)
> + - work around "awk" bug in tests/016-numeric-timer in decimal ","
> locales
> + - fix "make rpm" and "make srpm", extend "make release" to sign releases
> diff --git
> a/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.changelog
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.changelog
> new file mode 100644
> index 0000000000..7c5ecf3505
> --- /dev/null
> +++
> b/meta-selftest/recipes-test/devtool/devtool-upgrade-test5_git.bb.changelog
> @@ -0,0 +1,3 @@
> +Changelog for devtool-upgrade-test5: 0.1+git -> 0.1+git
> +
> +0a60d6a Add dummy commit on tip for testing
> diff --git a/meta/lib/oeqa/selftest/cases/devtool.py
> b/meta/lib/oeqa/selftest/cases/devtool.py
> index 5ed69aee1b..5a6f38f8d5 100644
> --- a/meta/lib/oeqa/selftest/cases/devtool.py
> +++ b/meta/lib/oeqa/selftest/cases/devtool.py
> @@ -1944,6 +1944,22 @@ class DevtoolUpgradeTests(DevtoolBase):
> except:
> self.skip("Git user.name and user.email must be set")
>
> + def _check_changelog(self, recipe, oldrecipefile):
> + """Compare extracted changelog against reference data."""
> + changelog_ref = oldrecipefile + '.changelog'
> + self.assertExists(changelog_ref, 'Changelog reference file must
> exist for %s' % recipe)
> + changelog_file = os.path.join(self.workspacedir, 'changelogs',
> '%s.txt' % recipe)
> + with open(changelog_ref, 'r') as f:
> + expected = f.read()
> + if not expected:
> + self.assertNotExists(changelog_file,
> + 'Changelog file should not exist when reference is empty')
> + else:
> + self.assertExists(changelog_file, 'Changelog file should
> exist after upgrade')
> + with open(changelog_file, 'r') as f:
> + actual = f.read()
> + self.assertEqual(expected, actual)
> +
> def test_devtool_upgrade(self):
> # Check preconditions
> self.assertTrue(not os.path.exists(self.workspacedir), 'This test
> cannot be run with a workspace directory under the build directory')
> @@ -1982,6 +1998,8 @@ class DevtoolUpgradeTests(DevtoolBase):
> with open(newrecipefile, 'r') as f:
> newlines = f.readlines()
> self.assertEqual(desiredlines, newlines)
> + # Check changelog
> + self._check_changelog(recipe, oldrecipefile)
> # Check devtool reset recipe
> result = runCmd('devtool reset %s -n' % recipe)
> result = runCmd('devtool status')
> @@ -2016,11 +2034,14 @@ class DevtoolUpgradeTests(DevtoolBase):
> with open(newrecipefile, 'r') as f:
> newlines = f.readlines()
> self.assertEqual(desiredlines, newlines)
> + # Check changelog
> + self._check_changelog(recipe, oldrecipefile)
> # Check devtool reset recipe
> result = runCmd('devtool reset %s -n' % recipe)
> result = runCmd('devtool status')
> self.assertNotIn(recipe, result.output)
> self.assertNotExists(os.path.join(self.workspacedir, 'recipes',
> recipe), 'Recipe directory should not exist after resetting')
> + self.assertNotExists(os.path.join(self.workspacedir,
> 'changelogs', '%s.txt' % recipe), 'Changelog file should be removed after
> reset')
>
> def test_devtool_upgrade_git(self):
> self._test_devtool_upgrade_git_by_recipe('devtool-upgrade-test2',
> '6cc6077a36fe2648a5f993fe7c16c9632f946517')
> @@ -2051,6 +2072,8 @@ class DevtoolUpgradeTests(DevtoolBase):
> with open(newrecipefile, 'r') as f:
> newlines = f.readlines()
> self.assertEqual(desiredlines, newlines)
> + # Check changelog
> + self._check_changelog(recipe, oldrecipefile)
>
> def test_devtool_upgrade_all_checksums(self):
> # Check preconditions
> @@ -2075,6 +2098,8 @@ class DevtoolUpgradeTests(DevtoolBase):
> with open(newrecipefile, 'r') as f:
> newlines = f.readlines()
> self.assertEqual(desiredlines, newlines)
> + # Check changelog
> + self._check_changelog(recipe, oldrecipefile)
>
> def test_devtool_upgrade_recipe_upgrade_extra_tasks(self):
> # Check preconditions
> @@ -2116,6 +2141,8 @@ class DevtoolUpgradeTests(DevtoolBase):
> with open(newcratesincfile, 'r') as f:
> newlines = f.readlines()
> self.assertEqual(desiredlines, newlines)
> + # Check changelog
> + self._check_changelog(recipe, oldrecipefile)
> # Check devtool reset recipe
> result = runCmd('devtool reset %s -n' % recipe)
> result = runCmd('devtool status')
> diff --git a/scripts/lib/devtool/standard.py
> b/scripts/lib/devtool/standard.py
> index 42fb13872d..2a3a62d081 100644
> --- a/scripts/lib/devtool/standard.py
> +++ b/scripts/lib/devtool/standard.py
> @@ -2046,6 +2046,14 @@ def _reset(recipes, no_clean, remove_work, config,
> basepath, workspace):
>
> clean_preferred_provider(pn, config.workspace_path)
>
> + # Clean up changelog if present
> + changelog_file = os.path.join(config.workspace_path,
> 'changelogs', '%s.txt' % pn)
> + if os.path.exists(changelog_file):
> + os.remove(changelog_file)
> + changelog_dir = os.path.dirname(changelog_file)
> + if not os.listdir(changelog_dir):
> + os.rmdir(changelog_dir)
> +
> def reset(args, config, basepath, workspace):
> """Entry point for the devtool 'reset' subcommand"""
>
> diff --git a/scripts/lib/devtool/upgrade.py
> b/scripts/lib/devtool/upgrade.py
> index 8930fde5d6..e37ad07ea1 100644
> --- a/scripts/lib/devtool/upgrade.py
> +++ b/scripts/lib/devtool/upgrade.py
> @@ -9,6 +9,7 @@
> import os
> import sys
> import re
> +import shlex
> import shutil
> import tempfile
> import logging
> @@ -26,6 +27,31 @@ from devtool import exec_build_env_command,
> setup_tinfoil, DevtoolError, parse_r
>
> logger = logging.getLogger('devtool')
>
> +# Common changelog filenames found in upstream source trees (matched
> case-insensitively):
> +# changelog - util-linux, coreutils, dbus, acpid, hdparm
> +# changelog.md - libslirp, ttyrun, python3-maturin, libjpeg-turbo
> +# changelog.rst - python3-pluggy, python3-packaging
> +# changes - openssl, python3-babel, icu, tcl
> +# changes.md - openssl
> +# changes.rst - python3-babel, python3-pathspec
> +# changes.txt - python3-lxml, icu
> +# news - systemd, glib-2.0, libxml2, dbus
> +# news.md - libxml2
> +# news.rst - python3-sphinx
> +# news.adoc - ccache
> +# history.md - python3-requests, python3-hatch-vcs
> +# history.rst - python3-idna, python3-docutils
> +# releases.md - rust, cargo (includes CVEs)
> +# whatsnew.txt - libsdl2
> +_CHANGELOG_BASENAMES = {
> + 'changelog', 'changelog.md', 'changelog.rst', 'changelog.txt',
> + 'changes', 'changes.md', 'changes.rst', 'changes.txt',
> + 'news', 'news.md', 'news.rst', 'news.adoc',
> + 'history', 'history.md', 'history.rst',
> + 'releases.md',
> + 'whatsnew.txt',
> +}
> +
> def _run(cmd, cwd=''):
> logger.debug("Running command %s> %s" % (cwd,cmd))
> return bb.process.run('%s' % cmd, cwd=cwd)
> @@ -529,6 +555,63 @@ def _run_recipe_upgrade_extra_tasks(pn, rd, tinfoil):
> if not res:
> raise DevtoolError('Running extra recipe upgrade task %s for
> %s failed' % (task, pn))
>
> +def _extract_changelog(srctree, pn, old_ver, new_ver, old_tag, new_tag,
> workspace_path, is_git_source):
> + """Extract changelog between old and new version using devtool git
> tags."""
> + changelog_content = None
> +
> + # Try to find a changelog file that changed between versions
> + try:
> + stdout, _ = _run('git diff --name-only %s %s' % (old_tag,
> new_tag), srctree)
> + for fname in stdout.splitlines():
> + fname = fname.strip() # strip whitespace/CR from git output
> + if not fname:
> + continue
> + basename = os.path.basename(fname).lower()
> + if basename in _CHANGELOG_BASENAMES:
> + diff_out, _ = _run('git diff %s %s -- %s' % (old_tag,
> new_tag, shlex.quote(fname)), srctree)
> + if diff_out.strip():
> + # Extract only the added lines from the diff
> + lines = [line[1:] for line in diff_out.splitlines()
> + if line.startswith('+') and not
> line.startswith('+++')]
> + if lines:
> + changelog_content = '\n'.join(lines)
> + break
> + # Per-version release notes (e.g., git RelNotes/2.53.0.adoc,
> mesa relnotes/26.0.3.rst)
> + elif re.search(r'(\d+[.\-])+\d+\.(txt|md|rst|adoc)$',
> basename):
> + file_content, _ = _run('git show %s' %
> shlex.quote('%s:%s' % (new_tag, fname)), srctree)
> + if file_content.strip():
> + changelog_content = file_content.strip()
> + break
> + except bb.process.ExecutionError as e:
> + logger.warning('Changelog file extraction failed: %s' % str(e))
> +
> + # For git sources, fall back to git log if no changelog file was found
> + if not changelog_content and is_git_source:
> + try:
> + stdout, _ = _run('git log --oneline %s..%s' % (old_tag,
> new_tag), srctree)
> + if stdout.strip():
> + changelog_content = stdout.strip()
> + except bb.process.ExecutionError as e:
> + logger.warning('Changelog git log extraction failed: %s' %
> str(e))
> +
> + if not changelog_content:
> + return None
> +
> + # Clean up content for readability and commit message use
> + changelog_content = re.sub(r'\n{3,}', '\n\n',
> changelog_content).strip()
> + if not changelog_content:
> + return None
> +
> + changelog_dir = os.path.join(workspace_path, 'changelogs')
> + bb.utils.mkdirhier(changelog_dir)
> + changelog_path = os.path.join(changelog_dir, '%s.txt' % pn)
> + with open(changelog_path, 'w') as f:
> + f.write('Changelog for %s: %s -> %s\n\n' % (pn, old_ver, new_ver))
> + f.write(changelog_content)
> + f.write('\n')
> +
> + return changelog_path
> +
> def upgrade(args, config, basepath, workspace):
> """Entry point for the devtool 'upgrade' subcommand"""
>
> @@ -610,6 +693,18 @@ def upgrade(args, config, basepath, workspace):
>
> logger.info('Upgraded source extracted to %s' % srctree)
> logger.info('New recipe is %s' % rf)
> +
> + # Extract changelog between versions using the tags created by
> + # _extract_new_source(): devtool-base-new for git,
> devtool-base-<pv> for tarballs
> + is_git = old_srcrev is not None
> + newpv = args.version or rd.getVar('PV')
> + new_tag = 'devtool-base-new' if is_git else 'devtool-base-%s' %
> newpv
> + changelog_file = _extract_changelog(srctree, pn, old_ver, newpv,
> + 'devtool-base', new_tag,
> + config.workspace_path, is_git)
> + if changelog_file:
> + logger.info('Changelog extracted to %s' % changelog_file)
> +
> if license_diff:
> logger.info('License checksums have been updated in the new
> recipe; please refer to it for the difference between the old and the new
> license texts.')
> preferred_version = rd.getVar('PREFERRED_VERSION_%s' %
> rd.getVar('PN'))
> --
> 2.51.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#236986):
> https://lists.openembedded.org/g/openembedded-core/message/236986
> Mute This Topic: https://lists.openembedded.org/mt/119297341/924729
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ticotimo@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #1.2: Type: text/html, Size: 28118 bytes --]
[-- Attachment #2: python3-cryptography.txt --]
[-- Type: text/plain, Size: 7360 bytes --]
Changelog for python3-cryptography: 46.0.7 -> 48.0.0
.. _v48-0-0:
48.0.0 - 2026-05-04
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
``TBSCertList.signature`` algorithm does not match the outer
``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
:doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
later, in addition to the existing AWS-LC and BoringSSL support. This means
post-quantum algorithms are now available to users of our wheels.
* **Note:** Going forward, we do not guarantee that all functionality
in ``cryptography`` will be available when building against
OpenSSL. See :doc:`/statements/state-of-openssl` for more information.
.. _v47-0-0:
47.0.0 - 2026-04-24
~~~~~~~~~~~~~~~~~~~
* Support for Python 3.8 is deprecated and will be removed in the next
``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
(``SECT*`` classes) has been removed. These curves are rarely used and
have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
keys with unsupported explicit curve encodings now raises
:class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
``ValueError``. This change affects
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
and :meth:`~cryptography.x509.Certificate.public_key` when called on
certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now
reject keys that incorrectly encode a private key of the wrong length because
such keys are impossible to process in a constant-time manner. We do not
believe keys with this problem are in wide use, however we may revert this
change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
:class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a
future release, only 192-bit (24-byte) keys will be accepted. Users should
expand shorter keys themselves (e.g., for single DES: ``key + key + key``,
for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
and will be removed in the next release. We will switch to publishing an
``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
and will be removed in the next release. Users should move to a 64-bit
Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided
for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
:class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
:class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module.
They will be removed from the ``modes`` module in 49.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
into :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module.
It will be removed from the ``cipher`` module in 49.0.0.
* Added :meth:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF.extract`
to :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`. The previous
private implementation will be removed in 49.0.0.
* Added support for loading elliptic curve keys that contain explicit encodings
of the curves ``secp256r1``, ``secp384r1``, and ``secp521r1``.
* Added support for :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2d`
and :class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2i`
when using OpenSSL 3.2.0+.
* Added ``derive_into`` methods to
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`,
:class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`,
:class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHash`,
:class:`~cryptography.hazmat.primitives.kdf.concatkdf.ConcatKDFHMAC`,
:class:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id`,
:class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`,
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC`,
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`,
:class:`~cryptography.hazmat.primitives.kdf.scrypt.Scrypt`, and
:class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF` to allow
deriving keys directly into pre-allocated buffers.
* Added ``encrypt_into`` and ``decrypt_into`` methods to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESCCM`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCMSIV`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`,
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV`, and
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305` to
allow encrypting directly into a pre-allocated buffer.
* Added support for PKCS1v15 signing without DigestInfo using
:class:`~cryptography.hazmat.primitives.asymmetric.utils.NoDigestInfo`.
* Added :meth:`~cryptography.hazmat.primitives.hashes.Hash.hash`, a one-shot
method for computing hashes.
* Added :doc:`/hazmat/primitives/hpke` support implementing :rfc:`9180` for
hybrid authenticated encryption.
* Added new :doc:`/hazmat/primitives/asymmetric/mlkem` module with
support for ML-KEM key encapsulation with AWS-LC and BoringSSL.
* **Note:** Post-quantum algorithm support requires AWS-LC or BoringSSL.
As we ship our wheels with OpenSSL, most users will not have access to
these APIs yet. See :doc:`/statements/state-of-openssl` for more
information on OpenSSL support.
* Added new :doc:`/hazmat/primitives/asymmetric/mldsa` module with
support for ML-DSA signing and verification with AWS-LC and BoringSSL.
* **Note:** Post-quantum algorithm support requires AWS-LC or BoringSSL.
As we ship our wheels with OpenSSL, most users will not have access to
these APIs yet. See :doc:`/statements/state-of-openssl` for more
information on OpenSSL support.
* Added new :doc:`/hazmat/asn1/index` module with support for declaratively
defining custom ASN.1 types and encoding/decoding them.
* Fixed compilation when using LibreSSL 4.3.0 and OpenSSL 4.0.0.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.0.
.. _v46-0-7:
46.0.7 - 2026-04-07
[-- Attachment #3: python3-maturin.txt --]
[-- Type: text/plain, Size: 3148 bytes --]
Changelog for python3-maturin: 1.13.1 -> 1.13.3
## 1.13.3
* Fix: disable abi3 in pyo3 config for version-specific fallback builds ([#3180](https://github.com/pyo3/maturin/pull/3180))
## 1.13.2
* Fix: resolve test failures in distro packaging environments ([#3129](https://github.com/pyo3/maturin/pull/3129))
* Fix: redirect tracing output to stderr to avoid breaking PEP 517 ([#3131](https://github.com/pyo3/maturin/pull/3131))
* Fix: skip interpreters with empty output for WSL2 cross-compile ([#3137](https://github.com/pyo3/maturin/pull/3137))
* Fix: set explicit lib_name in pyo3 config for Android abi3 cross-compilation ([#3130](https://github.com/pyo3/maturin/pull/3130))
* Chore: add sysconfig/cpython-freebsd-15.0-amd64.txt ([#3140](https://github.com/pyo3/maturin/pull/3140))
* Quote python-version in generated GitHub Actions workflow
* Update rustls-webpki
* Fix: two-phase bridge detection for conditional abi3 features ([#3144](https://github.com/pyo3/maturin/pull/3144))
* Update cargo-zigbuild to 0.22.2
* Update pyo3 to 0.28.3
* Treat pyo3 0.29.0+ as having Windows import lib support (raw-dylib) ([#3145](https://github.com/pyo3/maturin/pull/3145))
* Fix bin bindings with external shared library dependencies ([#3147](https://github.com/pyo3/maturin/pull/3147))
* Upgrade MSRV to 1.89.0 ([#3149](https://github.com/pyo3/maturin/pull/3149))
* Musllinux oci image ([#3152](https://github.com/pyo3/maturin/pull/3152))
* Remove Cirrus CI for FreeBSD ([#3156](https://github.com/pyo3/maturin/pull/3156))
* Perf: defer stage_artifact copy-back, finalize via rename when unpatched ([#3155](https://github.com/pyo3/maturin/pull/3155))
* Perf: eliminate stage_artifact double-copy, drop was_patched flag ([#3157](https://github.com/pyo3/maturin/pull/3157))
* Fix release pipeline ([#3158](https://github.com/pyo3/maturin/pull/3158))
* Auditwheel: copy unpatched cargo output back before in-place patching ([#3159](https://github.com/pyo3/maturin/pull/3159))
* Develop: fail loudly when pip leaves a stale `~` install behind (#1922) ([#3161](https://github.com/pyo3/maturin/pull/3161))
* Provide a link for the `lib.name` in Cargo.toml ([#3167](https://github.com/pyo3/maturin/pull/3167))
* Fix duplicated version in changelog ([#3171](https://github.com/pyo3/maturin/pull/3171))
* Switch to actions/attest from attest-build-provenance ([#3169](https://github.com/pyo3/maturin/pull/3169))
* Switch generation to actions/attest action, upgrade to v4 ([#3170](https://github.com/pyo3/maturin/pull/3170))
* Fix: avoid duplicate `--interpreter` panic in PEP 517 backend ([#3175](https://github.com/pyo3/maturin/pull/3175))
* Add trusted publishing options to `generate-ci` ([#3176](https://github.com/pyo3/maturin/pull/3176))
* Fix(sdist): handle symlinked `Cargo.toml` pointing outside project root ([#3178](https://github.com/pyo3/maturin/pull/3178))
* Stop install cffi for Python 3.8 in Dockerfile
* Fix: support pixi-managed virtualenvs in maturin develop ([#3165](https://github.com/pyo3/maturin/pull/3165))
* Support PEP 783 `pyemscripten_*_wasm32` wheel platform tag ([#3163](https://github.com/pyo3/maturin/pull/3163))
## 1.13.1
[-- Attachment #4: vim.txt --]
[-- Type: text/plain, Size: 14100 bytes --]
Changelog for vim: 9.2.0340 -> 9.2
8e41c34ab patch 9.2.0481: runtime(netrw): command injection possible via maps
8af0f098c patch 9.2.0480: [security]: runtime(netrw): code injection via mf command
3fb5e58fb patch 9.2.0479: [security]: runtime(tar): command injection in tar plugin
950f501a1 runtime(doc): Fix file mode for the Italian manpage
702d32e16 runtime(compiler): set zig errorformat
8aecd377f patch 9.2.0478: channel: redundant str/length assignments in channel_part_info()
3a9e1bb7e patch 9.2.0477: popup: leftover content after popup_free under layout change
38237411e patch 9.2.0476: pattern completion leaks memory on alloc failures
78302b7b4 translation(it): Update Italian manpage
f45ed6465 runtime(hlyamk): Allow to highlight put regions using TextPutPost
74019bea8 patch 9.2.0475: runtime(netrw): bookmark paths not normalized
7784fac15 patch 9.2.0474: MS-Windows: hard to tell which Visual Studio version was selected with MSVC
a70b7a85a patch 9.2.0473: Pasting ". register without autocommands breaks TextPut*
51f1447d2 patch 9.2.0472: popup: column jitters when scrolled outside viewport
1b65cfbac patch 9.2.0471: vimvars di_key initialized at runtime
852f4f43c runtime(doc): Fix manpage typo in description of '--ttyfail'
bfebd1209 runtime(javacc): Check for existence of javaFuncDef syn group before clearing it
e0781bd5b patch 9.2.0470: No way to hook into put commands
e3d992910 patch 9.2.0469: popup: textprop-anchored popups bleed past host window edges
ef1ecc3b6 patch 9.2.0468: popups: not correctly updated from a CmdlineChanged autocommand
5ef1eec5c patch 9.2.0467: multi-line statusline loses highlighting attributes
3a8b9e09b patch 9.2.0466: popup: redraw can use stale blended cells
2020e0bad patch 9.2.0465: modeline: foldmarker cannot be set with modelinestrict
ec76ac620 patch 9.2.0464: runtime(netrw): bookmarking directory uses current dir
6b8d2262d patch 9.2.0463: Not able to use legacy expression evaluation in a vim9script maps
3a1ac7ced patch 9.2.0462: MS-Windows: workaround for assert error on GUI
4f610f07b patch 9.2.0461: Corrupted undofile causes use-after-free
abd74fa12 patch 9.2.0460: did_set_shellpipe_redir() in wrong file
124f8bece patch 9.2.0459: tests: test_termcodes fails (after v9.2.0456)
fbec828c7 CI: Bump the github-actions group across 1 directory with 2 updates
84ae09dd7 patch 9.2.0458: Crash with invalid shellredir/shellpipe value
2f00656b3 patch 9.2.0457: Compile warning about unused variable
7644d9d61 patch 9.2.0456: stray p character displayed on some terms
9694ff58f patch 9.2.0455: 'findfunc' only allows extra info for cmdline completion
b207b5a2a patch 9.2.0454: tests: no test that "abbr" in customlist completion is shown
c895390e5 patch 9.2.0453: vertical separator of statusline blend into active statusline
b9871cef1 patch 9.2.0452: screen.c popup opacity blend logic is duplicated
58124789a patch 9.2.0451: 'findfunc' can't return extra info for cmdline completion
929933291 patch 9.2.0450: [security]: heap buffer overflow in spellfile.c read_compound()
4cbdef8e3 runtime(vim9): Check cmd.exe on WSL is executable
0ab4316fc patch 9.2.0449: Make proto fails in non GTK builds
4bcc8ba93 patch 9.2.0448: Vim9: dangling cmdline pointer after skip_expr_cctx()
c06002f3c patch 9.2.0447: cindent does not ignore comments
7ccc273a4 patch 9.2.0446: runtime(netrw): off-by-one bug in s:NetrwUnMarkFile()
40fc78f0a patch 9.2.0445: win_fix_scroll() called before win_comp_pos() in command_height()
88fb73991 patch 9.2.0444: Cannot set 'path' option via modeline
cf947e7ef patch 9.2.0443: GUI: cancelling save dialog overwrites or discards unnamed buffer
2bfddbea4 patch 9.2.0442: completion: i_CTRL-X_CTRL-V doesn't use dict from customlist
1903020b8 runtime(autopkgtest): update syntax script
b10159bcc Fix wrong comment in getchar.c
8c7d824b7 patch 9.2.0441: statusline: click handler not called on multi-line statusline
0c998003b patch 9.2.0440: MS-Windows: cursor flicker during update_screen()
3bfffcc29 patch 9.2.0439: completion: info popup not removed in cmdline mode
20a124a6e patch 9.2.0438: tests: test_plugin_termdebug is flaky
bb807ebc8 runtime(doc): Tweak documentation style
cb0b4cf45 Fix a few more typos
9d3019104 patch 9.2.0437: MS-Windows: cursor flicker in vtp mode
77677c33d patch 9.2.0436: Buffer overflow when parsing overlong errorformat lines
190cb3c2b patch 9.2.0435: [security]: backticks in 'path' may cause shell execution on completion
fde5a56ec patch 9.2.0434: cscope: filename interpreted by /bin/sh
5c700152a patch 9.2.0433: customlist completion cannot supply pum metadata
3bd25c63b patch 9.2.0432: blob to string conversion can be improved
e1e92fea9 patch 9.2.0431: blob encoding can be improved
2219c8901 patch 9.2.0430: tests: Test_shortmess_F3() is flaky on MS-Windows
e25933014 patch 9.2.0429: tests: flaky screendump Test_smoothscroll_incsearch()
e4413c5df runtime(algol68): Update syntax file, match symbolic identity relators
59e59a62b patch 9.2.0428: popup: no opacity support for completepopup/previewpopup
7b218ae98 patch 9.2.0427: popup: opacity blend may leaks white bg color
cf5d7102b patch 9.2.0426: tests: still some flaky screendump tests
d25f8d1b2 patch 9.2.0425: Cannot silence undo/redo messages
ec8b8bd82 patch 9.2.0424: popup: flicker when wildtrigger() refreshes the popup menu
587447ec6 patch 9.2.0423: popup: wrapped cmdline truncated with wildoptions=pum
ba85f88fe patch 9.2.0422: popup: leave stray char when scrollbar changes
7f3243e3a translation(sr): Update of Serbian translation
7da90de1c runtime(cabal): add missing haskell language editions
f793e9806 runtime(doc): clarify separator cell on status line rows
620557bd4 runtime(doc): Update help tags file
e7e35b9e3 runtime(doc): clarify that viminfo file should be trusted
77499e009 patch 9.2.0421: vimball: can smuggle Vimscript into VimballRecord file
3ac7b9743 patch 9.2.0420: channel: cannot handle binary data via channel callbacks
bd8716178 patch 9.2.0419: popup: rendering issues
20e98ff1c patch 9.2.0418: wildcards in expanded env vars reinterpreted by glob
af494af5f patch 9.2.0417: completion: no support for "noinsert" with 'wildmode'
c2bda0add patch 9.2.0416: Unix: filename completion splits at space for single-file Ex commands
6453a7c44 patch 9.2.0415: Wrong behavior when executing register that ends in Insert mode
458fed4f6 patch 9.2.0414: Flicker when drawing window separator and pum is shown
c5de8231f runtime(qml): Add optional chaining to QML syntax
bd0f3e6da patch 9.2.0413: Scrolling wrong with 'splitkeep' when changing 'cmdheight'
41c3379bd patch 9.2.0412: channel: term_start() out_cb/err_cb no longer deliver raw chunks
e7745b7cb patch 9.2.0411: tabpanel: no Vim script functions for the tabpanel
6146f3382 patch 9.2.0410: test suite races when run with parallel make
30b424073 runtime(doc): Update docs related to tabpanel
6cb417329 patch 9.2.0409: memory leaks in copy_substring_from_pos()
e47daed44 patch 9.2.0408: Insert-mode <Cmd> edits can corrupt undo
2d4324065 patch 9.2.0407: tabpanel: A few issues with the tabpanel
7e7651489 patch 9.2.0406: VisualNOS not used when Wayland selection ownership lost
ae196b2d5 patch 9.2.0405: when jumping to tags, will open URLs
3958188f6 patch 9.2.0404: redraw_listener_add() does not check secure flag
f1a944920 patch 9.2.0403: Vim9: def function sandbox bypass
7070a85d9 patch 9.2.0402: pum: opacity not applied to wildmenu pum
0bc64b19a patch 9.2.0401: tests: still a few flaky tests
dd9b31fb6 patch 9.2.0400: sandbox callbacks selected through 'complete'
a622dda91 patch 9.2.0399: MS-Windows: compile warning in strptime.c
96be27309 runtime(doc): fix :z command description again
036e40e6d patch 9.2.0398: MS-Windows: missing strptime() support
22aedc4a9 patch 9.2.0397: tabpanel: double-click opens a new tab
076366bd4 runtime(javascript): Fix regex highlighting after `(`
c23bfd792 runtime(help): fix wrong check for existing HelpComplete function
3cc7d5071 runtime(algol68): Add new syntax file, ftplugin and filetype detection
1ce03d674 runtime(dockerfile): Update syntax, fix RUN command highlighting
2baef82cd patch 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS
bf6892aaa runtime(doc): Update documentation on :z
0ca1121d1 runtime(help): make help omnifunc global
8d9c383aa patch 9.2.0395: tests: Test_backupskip() may read from $HOME
8f9cde459 patch 9.2.0394: xxd: offsets greater than LONG_MAX print as negative
807f2cd78 CI: Fix syntax error in lychee URL checker
1de887681 No guidance for AI coding agents
e7eef554f CI: Bump the github-actions group across 1 directory with 3 updates
0c2ac3480 patch 9.2.0393: MS-Windows: link error with XPM support on UCRT64
32a30cb5a runtime(doc): Update docs about tabpanel
1940bcb24 patch 9.2.0392: tests: Some tests are flaky
5f7c52408 runtime(doc): Update the ga output to match the actual output
10b57290d patch 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting
0f9218851 translation(ru): Fix typo in "може" to "можете" in lang/README.ru.txt
521eac187 patch 9.2.0390: filetype: some Beancount files are not recognized
44f707da6 patch 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app
f194676c9 patch 9.2.0388: strange indent in update_topline()
cee8fd73e patch 9.2.0387: DECRQM request may leave stray chars in terminal
2ea4a7c3b patch 9.2.0386: No scroll/scrollbar support in the tabpanel
10040bc9c runtime(sh): allow "#" in special derefs
33f396508 patch 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff'
3918f3232 runtime(doc): fix incorrect description of 'scrolloffpad'
16d28548d runtime(graphql): Update syntax script to September 2025 spec
d4fb31762 patch 9.2.0384: stale Insstart after <Cmd> cursor move breaks undo
405e2fb6d patch 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs
d0b6ee320 patch 9.2.0382: Wayland: focus-stealing is non-working
ec3f79e03 patch 9.2.0381: Vim9: Missing check_secure() in exec_instructions()
b328686d6 patch 9.2.0380: completion: a few issues in completion code
fe3c27ce0 patch 9.2.0379: gui.color_approx is never used
146d5da0d patch 9.2.0378: Using int as bool type in win_T struct
3c3050e64 patch 9.2.0377: Using int as bool type in gui_T struct
f74a41620 patch 9.2.0376: Vim9: elseif condition compiled in dead branch
c9d4c1dc4 patch 9.2.0375: prop_find() does not find a virt text in starting line
c62342e5c patch 9.2.0374: c_CTRL-{G,T} does not handle offset
49e8630a2 patch 9.2.0373: Ctrl-R mapping not triggered during completion
73ba353c9 patch 9.2.0372: pum: rendering issues with multibyte text and opacity
1c88aee1f runtime: Remove wrong syn oneline keyword from a few syntax files
b30803b23 patch 9.2.0371: filetype: ghostty config files are not recognized
2c436be6f patch 9.2.0370: duplicate code with literal string_T assignment
6ecff7812 patch 9.2.0369: multiple definitions of STRING_INIT macro
c13232699 patch 9.2.0368: too many strlen() calls when adding strings to dicts
723c0acf2 patch 9.2.0367: runtime(netrw): ~ note expanded on MS Windows
237d77e07 patch 9.2.0366: pum: flicker when updating pum in place
1966a1c89 patch 9.2.0365: using int as bool
618a327ce patch 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails
f2e920321 patch 9.2.0363: Vim9: variable shadowed by script-local function
0e31fb024 patch 9.2.0362: division by zero with smoothscroll and small windows
336533b35 CI: Bump the github-actions group across 2 directories with 4 updates
01d9a1951 patch 9.2.0361: tests: no tests for ch_listen() with IPs
30d42855e runtime(vim9): remove extra escaping in Open
e66659762 runtime(doc): make window option description a bit less vague
68d3129a0 runtime(django): Removed unsupported template statements and filters by current LTS.
8bcae3ca5 runtime(django): Add missing djangoStatement `get_language_info`.
6b26afea3 runtime(django): Add missing statements and filters.
450895d86 runtime(make): fix wrong highlighting with $ inside double quotes
1c299f263 patch 9.2.0360: Cannot handle mouse-clicks in the tabpanel
25e9fc44a patch 9.2.0359: wrong VertSplitNC highlighting on winbar
b076c4928 patch 9.2.0358: runtime(vimball): still path traversal attacks possible
ab02d65b1 runtime(gzip): Remove compatibility fall-backs, harden random filename generation
21c0cd29f runtime(netrw): add missing escape() calls
e6a84bb6b runtime(tar): missing g:tar_secure in tar#Extract()
c78194e41 patch 9.2.0357: [security]: command injection via backticks in tag files
a41463039 patch 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
490b737f3 patch 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
0e02be191 patch 9.2.0354: filetype: not all Bitbake include files are recognized
2041478e2 runtime(bitbake): support forward-slashes in bitbake varflags
7cc73a6c6 patch 9.2.0353: Missing out-of-memory check in register.c
60e925ca0 runtime(doc): Tweak documentation style in channel.txt
2252d2c1e patch 9.2.0352: 'winhighlight' of left window blends into right window
bfa46a52f patch 9.2.0351: repeat_string() can be improved
351a16c88 runtime(zip): also block single leading slash and absolute paths in Extract
4c2879471 patch 9.2.0350: Enabling modelines poses a risk
c72196529 patch 9.2.0349: cannot style non-current window separator
91b402f57 patch 9.2.0348: potential buffer underrun when setting statusline like option
f9cb0d14d CI: Separate out ASan tests
39875daec patch 9.2.0347: Vim9: script-local variable not found
c4fe1e958 patch 9.2.0346: Wrong cursor position when entering command line window
efbd48211 patch 9.2.0345: Wrong autoformatting with 'autocomplete'
962a540d7 patch 9.2.0344: channel: ch_listen() can bind to network interface
4b6f3f1d1 runtime(doc): Tweak documentation style in options.txt
9d95410aa patch 9.2.0343: tests: test_clientserver may fail on slower systems
c922202ea patch 9.2.0342: tests: test_excmd.vim leaves swapfiles behind
fcc4276db patch 9.2.0341: some functions can be run from the sandbox
683659973 runtime(zip): Detect path traversal issues on Windows
86dcb1878 Revert "runtime(jjdescription): allow to configure summary width"
^ permalink raw reply [flat|nested] 2+ messages in thread