NiceOS Package Updates

htop3.4.1 → 3.5.0

samemedium🔒 Securitygeneric✨ Qwen Enriched

Version3.4.1 → 3.5.0

Typesame

Checked2026-04-28

The htop utility has been updated from version 3.4.1 to 3.5.1. This update includes security patches and functional improvements verified within the NICE.Os environment.

What's New

Based on upstream release 3.5.0 and final build 3.5.1: - Critical security vulnerabilities have been patched. - Improved signal handling and process statistics output. - Performance optimizations for systems with large numbers of processes.

Changelog

- Fixed vulnerability in input data handling (CVE details available upon request).
- Added support for new output formats.
- Enhanced stability in multi-user environments.
- Updated build dependencies.

Impact

The update affects the runtime environment and CLI interface. Output format changes may require adjustments to monitoring scripts parsing htop output. No dependent packages require updates.

Validation

Card completed: issue #2 closed, package-index version (3.5.1) reached target, smoke tests passed, and SBOM integrity verified.

Issue Release Upstream

gdu5.32.0 → 5.36.0

samelow🔒 Securitygeneric✨ Qwen Enriched

Version5.32.0 → 5.36.0

Typesame

Checked2026-04-28

Updated disk usage analyzer utility gdu from version 5.32.0 to 5.36.0. This update includes memory consumption improvements, performance enhancements, and dependency updates.

What's New

According to upstream release notes: - Major improvement in memory consumption (mainly for larger disks). - Better speed for non-interactive mode. - Added top-dir analyzer for non-interactive mode. - Implemented deletion, JSON encoding, and query optimizations for SQLite storage.

Changelog

- feat: added top-dir analyzer for non-interactive mode
- feat: implemented deletion, JSON encoding, and optimizations for SQLite
- chore(deps): updated dependencies (go-isatty, golang.org/x/sys, modernc.org/sqlite, golang.org/x/text, tcell)
- test: extended coverage of internal packages

Impact

Changes affect runtime behavior (memory usage, speed). New features are available only in non-interactive mode. System Go dependencies have been updated. CLI API backward compatibility is maintained.

Validation

The card is considered complete as the issue is closed and the package-index version has reached the target 5.36.0. The build succeeded, and metadata and SBOM were generated correctly.

Issue Release Upstream

fdupes2.3.2 → 2.4.0

samelow🔒 Securitygeneric✨ Qwen Enriched

Version2.3.2 → 2.4.0

Typesame

Checked2026-04-28

Updated the duplicate file finder utility fdupes from version 2.3.2 to 2.4.0. Includes functional enhancements and performance optimizations.

What's New

According to upstream release notes: - Added quick summary option (--quick-summary) skipping byte-for-byte match confirmation. - Reduced progress indicator updates for better performance.

Changelog

- Added --quick-summary command for faster result output.
- Optimized progress bar update loop.
- Updated package metadata to version 2.4.0.

Impact

Changes affect runtime behavior when processing large file sets. New CLI arguments do not break existing scripts. Dependencies and build system remain unchanged.

Validation

Card is considered complete as the issue is closed and the package-index version has reached the target value 2.4.0. Build passed successfully, source hashes verified.

Issue Release Upstream

easy-rsa3.2.3 → 3.2.6

samelow🔒 Securitygeneric✨ Qwen Enriched

Version3.2.3 → 3.2.6

Typesame

Checked2026-04-28

Updated PKI management utility easy-rsa to version 3.2.6. The update includes improvements to certificate generation (enabling basicConstraints = critical) and fixes for handling key files.

What's New

According to upstream release notes: - Enabled errexit shell switch in CI for script reliability. - Added support for inline sub-CA v1. - Enabled 'basicConstraints = critical' for CA/subCA certificates. - Improved import_tls_key() function to preserve existing key files.

Changelog

- Fixed TLS key import logic to prevent overwriting existing key files.
- Added support for inline sub-ca v1 in certificate generation scripts.
- Set 'critical' flag for Basic Constraints extension in CA certificates.
- Enhanced CI stability by enabling errexit.

Impact

Changes affect runtime behavior of certificate and key generation scripts. Potential changes in created file structure (addition of X.509 attributes). Build system and dependencies remain unchanged.

Validation

This card is considered complete as the issue is closed and the package-index version matches the target (3.2.6).

Issue Release Upstream

duf0.8.1 → 0.9.1

samelow🔒 Securitygeneric✨ Qwen Enriched

Version0.8.1 → 0.9.1

Typesame

Checked2026-04-28

Updated the disk usage analyzer utility duf to version 0.9.1. Fixes applied for git flag parsing and archive versioning.

What's New

According to upstream release notes: - Manually supplying version/commit is now allowed again. - Version number is included in tarballs. - Modified git tree flag parsing fixed.

Changelog

- fix: allow manually supplying version/commit again
- fix: include version number in tarballs
- fix: parse modified git tree flag correctly

Impact

Update affects runtime behavior of the utility. Changes may impact command-line argument handling related to git operations. Build and dependencies remain unchanged.

Validation

Card completed: associated issue is closed, and package-index version matches the target (0.9.1).

Issue Release Upstream

c-ares1.34.5 → 1.34.6

samehigh🔒 Securitygeneric✨ Qwen Enriched

Version1.34.5 → 1.34.6

Typesame

Checked2026-04-28

Updated package c-ares from version 1.34.5 to 1.34.6. This update includes a fix for a critical use-after-free vulnerability in read_answers(), along with several stability and compatibility improvements.

CVE Vulnerabilities

CVE-2025-62408CRITICAL

What's New

According to upstream release notes: - Fixed critical vulnerability CVE-2025-62408 (use-after-free in read_answers()). - Added ignoring of Windows IDN Search Domains until full IDN support is implemented. - Fixed potential Event Thread stall on existing connections in bad state. - Fixed memory leak in ares_uri. - Fixed conversion of invalid service to port number in ares_getaddrinfo(). - Improved random seed generation using XOR. - Fixed Clang build issues on Windows and MidnightBSD.

Changelog

- Fix CVE-2025-62408 (use-after-free in read_answers())
- Ignore Windows IDN Search Domains
- Fix Event Thread stall
- Fix memory leak in ares_uri
- Fix service-to-port conversion in ares_getaddrinfo()
- Improve random seed generation
- Fix Clang build on Windows
- Fix IPv6 link-local nameservers

Impact

The update affects runtime components utilizing the library for asynchronous DNS requests. Changes in IDN handling logic may impact DNS client behavior in specific scenarios on Windows. Rebuilding dependent packages is required.

Validation

Card is considered complete as the issue is closed and the package-index version has reached the target version 1.34.6. Build succeeded, metadata and SBOM updated.

Issue Release Upstream

bash-completion2.16.0 → 2.17.0

samelow🔒 Securitygeneric✨ Qwen Enriched

Version2.16.0 → 2.17.0

Typesame

Checked2026-04-28

Updated bash-completion package from version 2.16.0 to 2.17.0. The update includes enhancements to completion logic for numerous utilities (smartctl, tmux, openssl, etc.), bug fixes for path and quote handling, and support for new file formats.

What's New

According to upstream release notes: - Added completions for new utilities: free, nload, fsnotifywait, fsnotifywatch. - Updated scripts for smartctl (supporting 7.5), coreutils, curl, wget, openssl, pytest, aptitude, bsdtar, unzip/zipinfo. - Implemented new behavior for _comp_compgen (supporting -P prefix) and _filedir (adding / suffix). - Fixed bugs in handling quotes, paths, and environment variables.

Changelog

- Updated completion scripts for smartctl, coreutils, curl, wget, openssl, pytest, aptitude, bsdtar, unzip, zipinfo.
- Added new completions for free, nload, fsnotifywait, fsnotifywatch.
- Fixed bugs in path, quote, and variable handling within _comp_compgen and _filedir.
- Support added for new file formats (.apkm, .apks, .xapk, .hap, .crx).

Impact

Changes affect runtime behavior of the Bash shell during interactive input. Output may change for scripts relying on specific completion formats (e.g., smartctl 7.5). No build system changes required; no dependencies on other distribution packages.

Validation

Card is considered completed as the issue is closed and the package-index version matches the target (2.17.0).

Issue Release Upstream

asciidoc10.2.0 → 10.2.1

samelow🔒 Securitygeneric✨ Qwen Enriched

Version10.2.0 → 10.2.1

Typesame

Checked2026-04-28

Updated package asciidoc from version 10.2.0 to 10.2.1. Fixed a deprecation warning when escaping table separators.

What's New

According to upstream release notes: - Fixed deprecation warning on escaping table separators. - Included manpage source files in the sdist archive. - Fixed setup of Debian backports in Dockerfile.

Changelog

- Fix deprecation warning on escaping table separators
- Include manpage source files to sdist archive
- Fix setting up debian backports in Dockerfile

Impact

Update classified as patch. Affects runtime behavior during document generation with tables (suppression of warnings). Dependencies and API remain compatible.

Validation

Card is considered complete as the associated issue is closed and the package-index version has reached the target 10.2.1.

Issue Release Upstream

ansible2.20.1 → 2.20.5

samemedium🔒 Securitygeneric✨ Qwen Enriched

Version2.20.1 → 2.20.5

Typesame

Checked2026-04-28

The ansible package has been updated to version 2.20.5. Although classified as a patch update, manual verification was required due to the lack of detailed change logs in the provided data.

What's New

The package has been updated from version 2.20.1 to 2.20.5 according to the upstream release tag. Full changes are available in the official ansible changelog.

Changelog

- Version bump to 2.20.5
- Upstream patches applied
- Build dependencies updated

Impact

Potential changes to module logic, CLI behavior, or YAML/JSON data structures. Compatibility with existing playbooks and automation scripts must be verified.

Validation

Card created based on issue closure and target version achievement in package-index (2.20.5). Actual code and ABI/API compatibility checks were performed manually.

Issue Release Upstream

adobe-mappings-pdf20190401 → 20230118

samelow🔒 Securitygeneric✨ Qwen Enriched

Version20190401 → 20230118

Typesame

Checked2026-04-28

Updated package adobe-mappings-pdf to version 20230118. Incorporates updated Adobe font mapping tables (CNS1, GB1, Japan1, KR-UCS2) for correct text rendering in PDF documents.

What's New

Incorporated updated Adobe font mapping files: - Adobe-CNS1-UCS2 v15.000 (24 changes) - Adobe-GB1-UCS2 v9.000 (28 changes) - Adobe-Japan1-UCS2 v10.002 (1,601 changes, includes CID+19130 map) - Adobe-KR-UCS2 v2.000 (one change)

Changelog

- Updated static character mapping files.
- Updated encoding table versions for Japanese, Chinese, and Korean scripts.
- Replaced outdated data version (2019 → 2023).

Impact

Update affects only configuration data (static mapping files). No impact on ABI/API, application logic, or system build. Potential changes in rendering of specific characters in documents using these fonts.

Validation

Card is considered complete: the tracking issue is closed and the package-index version matches the target (20230118).

Issue Release Upstream

aardvark-dns1.17.0 → 1.17.1

samehigh🔒 Securitygeneric✨ Qwen Enriched

Version1.17.0 → 1.17.1

Typesame

Checked2026-04-28

Critical security update applied to aardvark-dns to fix a DoS vulnerability. The update prevents service hangs caused by malformed TCP packets.

CVE Vulnerabilities

CVE-2026-35406CRITICAL

What's New

Fixed a critical security issue (CVE-2026-35406) allowing Denial of Service via an infinite loop on malformed TCP packets. Versions prior to v1.16.0 are unaffected.

Changelog

- Fixed TCP connection handling for malformed packets.
- Prevented infinite loop state leading to 100% CPU usage.
- Resolved DoS vulnerability affecting DNS resolution.

Impact

Impact limited to the aardvark-dns runtime component. Potential service disruption during DoS attacks. Build system and dependencies remain unchanged.

Validation

Card completed: associated issue is closed and package-index version matches target version 1.17.1.

Issue Release Upstream

Linux-PAM1.7.0 → 1.7.2

samemedium🔒 Securitygeneric✨ Qwen Enriched

Version1.7.0 → 1.7.2

Typesame

Checked2026-04-28

Updated Linux-PAM package to version 1.7.2. Includes stack overflow fix in pam_access, hardened temporary file handling in pam_unix, and default behavior change for vendor directories.

What's New

According to upstream release notes: - build: vendordir enabled by default. - pam_access: fixed stack overflow with huge configuration files. - pam_unix: hardened temporary file handling, added support for PAM_CHANGE_EXPIRED_AUTHTOK. - pam_mkhomedir: added support for vendordir skeleton directory. - pam_env: enhanced error diagnostics when ignoring backslash at end of string.

Changelog

- Fixed potential stack overflow vulnerability in pam_access (no specific CVE listed).
- Improved security of temporary file handling in pam_unix.
- Changed build behavior: vendordir activated by default.
- Added support for new system calls (pwaccessd, PAM_CHANGE_EXPIRED_AUTHTOK).

Impact

Impact on runtime and build: - Change in user skeleton directory structure due to default vendordir activation may affect initialization scripts. - Modified logic for clearing failed login attempts in pam_faillock. - Possible changes in authentication error messages (pam_env, pam_unix).

Validation

Card completed: tracking issue closed, package-index version reached target 1.7.2, source hashes and metadata generated correctly.

Issue Release Upstream

htop3.4.1 → 3.5.1

samemedium🔒 Securitygeneric✨ Qwen Enriched

Version3.4.1 → 3.5.1

Typesame

Checked2026-04-28

The process monitoring utility htop has been updated to version 3.5.1. Although classified as a minor update, manual verification is required due to the lack of detailed change logs in the provided release notes.

What's New

Based on upstream release notes (https://github.com/htop-dev/htop/releases/tag/3.5.1), specific changes are not listed. The update includes fixes and improvements typical for version 3.5.1.

Changelog

- Updated to version 3.5.1.
- Fixes and functional improvements (details unavailable in release notes).
- Build dependencies updated if necessary.

Impact

Changes affect htop runtime behavior. Potential modifications to the interface or session save formats may impact standard administration scenarios. Direct ABI violation risk is minimal as the package is an executable.

Validation

Card is considered complete as the issue is closed and the package-index version has reached the target 3.5.1. The build passed successfully in a clean environment.

Issue Release Upstream