Weekly portage-stable package updates 2026-01-12 #3641

github-actions · 2026-01-12T07:18:05Z

CI: http://localhost:8080/job/container/job/sdk/2473/cldsv/

Closes flatcar/Flatcar#1890
Closes flatcar/Flatcar#1947
Closes flatcar/Flatcar#1951
Closes flatcar/Flatcar#1957
Closes flatcar/Flatcar#1966
Closes flatcar/Flatcar#1988

Partially addresses flatcar/Flatcar#1967

A rather large update: containerd, runc, gcc, portage, gnupg, docker, podman, rust, selinux refpolicy.

There is some noise in the changes because of the LLVM bump from 20 to 21.

--

acct-user/portage: [DEV]
- from 0-r3 to 0-r4
- runtime dependencies:
  - added a dependency 'acct-group/jobserver'
app-alternatives/gpg: [PROD] [DEV]
- from 0-r2 to 1-r3
- added IUSE flag 'sequoia'
  - for picking up Sequioa PGP as a GPG implementation
- added IUSE flag 'freepg'
  - for picking up FreePG as a GPG implementation
- runtime dependencies:
  - added a weak blocker '!=app-crypt/freepg-2.5.12_p1-r0'
  - added a weak blocker '!=app-crypt/gnupg-2.4.8-r1'
  - added a weak blocker '!=app-crypt/gnupg-2.5.13-r1'
  - added a dependency '>=app-crypt/freepg-2.5.12_p1-r1[nls?,ssl?]' for USE 'freepg?'
  - changes for app-crypt/gnupg with USE conditionals 'reference?':
    - changed version constraint from >=2.4.8-r1 to >=2.4.8-r2
  - added a dependency '>=app-crypt/sequoia-chameleon-gnupg-0.13.1-r3' for USE 'sequoia?'
app-arch/libarchive: [PROD] [DEV]
- from 3.8.1 to 3.8.5
- fixes CVE-2025-60753
  - update: libarchive Flatcar#1947
- package became unstable on 'amd64' and 'arm64'
  - added accept keywords to overlay profiles
- build dependencies:
  - changes for sec-keys/openpgp-keys-libarchive with USE conditionals 'verify-sig?':
    - changed version constraint from >=20221209 to >=20251118
- release notes: https://github.com/libarchive/libarchive/releases/tag/v3.8.5 https://github.com/libarchive/libarchive/releases/tag/v3.8.4 https://github.com/libarchive/libarchive/releases/tag/v3.8.3 https://github.com/libarchive/libarchive/releases/tag/v3.8.2
app-arch/tar: [PROD] [DEV]
- still at 1.35
- started using branding eclass
app-cdr/cdrtools:
- still at 3.02_alpha09-r5
- made cdda2wav, cdrecord and readcd suid binaries for compatibility with FEATURES=suidctl
app-containers/containerd: [SYSEXT-CONTAINERD]
- from 2.1.5 to 2.2.0
- runtime dependencies:
  - changes for app-containers/runc:
    - changed version constraint from >=1.3.3 to >=1.3.0
- release notes: https://github.com/containerd/containerd/releases/tag/v2.2.0
app-containers/containers-image: [SYSEXT-PODMAN]
- from 5.34.2 to 5.35.0
- release notes: https://github.com/containers/image/releases/tag/v5.35.0
app-containers/cri-tools: [PROD] [DEV]
- from 1.32.0 to 1.33.0
- fix cross-compilation issues with shell completion generation
- release notes: https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.33.0
app-containers/crun: [SYSEXT-PODMAN]
- still at 1.21
- fixed configure issues, dependencies below are added for running autoreconf
- build dependencies:
  - added a dependency '>=dev-build/libtool-2.4.7-r3'
  - added a dependency 'sys-devel/gnuconfig'
  - added a dependency '>=dev-build/automake-1.18:1.18' for USE '||'
  - added a dependency '>=dev-build/automake-1.17-r1:1.17' for USE '||'
  - added a dependency '>=dev-build/autoconf-2.72-r1:2.72' for USE '||'
app-containers/docker: [SYSEXT-DOCKER]
- from 28.0.4 to 28.2.2
- runtime dependencies:
  - changes for app-containers/containerd:
    - changed version constraint from >=2.0.4 to >=1.7.27
  - changes for app-containers/docker-cli weak blocker:
    - changed version constraint from <28.0.4 to <28.2.2
  - changes for app-containers/runc:
    - changed version constraint from >=1.2.5 to >=1.2.6
- release notes: https://github.com/moby/moby/releases/tag/v28.2.2 https://github.com/moby/moby/releases/tag/v28.2.1 https://github.com/moby/moby/releases/tag/v28.2.0 https://github.com/moby/moby/releases/tag/v28.1.1 https://github.com/moby/moby/releases/tag/v28.1.0
app-containers/docker-cli: [SYSEXT-DOCKER]
- from 28.0.4 to 28.4.0
- release notes: https://github.com/moby/moby/releases/tag/v28.4.0 https://github.com/moby/moby/releases/tag/v28.3.0 https://github.com/moby/moby/releases/tag/v28.2.0 https://github.com/moby/moby/releases/tag/v28.1.0
app-containers/incus: [SYSEXT-INCUS]
- from 6.0.4-r1 to 6.0.5
- build agents for multiple architectures and platforms
- dependencies:
  - changes for dev-libs/cowsql:
    - changed version constraint from >=1.15.6 to >=1.15.9
- runtime dependencies:
  - changes for dev-libs/cowsql:
    - changed version constraint from >=1.15.6 to >=1.15.9
  - added a dependency 'net-firewall/ebtables'
  - added a dependency 'sec-policy/apparmor-profiles' for USE 'apparmor?'
  - changes for net-firewall/nftables with USE conditionals '||':
    - added json use enabled requirement (must exist, no pretending if missing)
- release notes: https://discuss.linuxcontainers.org/t/incus-6-0-5-lts-has-been-released/24445
app-containers/lxc: [SYSEXT-INCUS]
- from 6.0.4-r1 to 6.0.5
- release notes: https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438
app-containers/podman: [SYSEXT-PODMAN]
- from 5.5.2 to 5.7.0
- fixes CVE-2025-9566, CVE-2025-52881
  - update: podman Flatcar#1890
- package became stable on 'amd64' and 'arm64'
  - dropped accept keywords from overlay profiles
- build dependencies:
  - added a dependency 'dev-lang/python:3.14' for USE '||'
- release notes: https://github.com/containers/podman/releases/tag/v5.7.0 https://github.com/containers/podman/releases/tag/v5.6.0
app-containers/runc: [SYSEXT-CONTAINERD]
- from 1.3.3 to 1.4.0-r1
- package became unstable on 'amd64'
  - the accept keywords in overlay profiles already handle this case
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.4.0
app-crypt/gnupg: [PROD] [DEV]
- from 2.4.8-r2 to 2.5.16
- fixes CVE-2025-68972, CVE-2025-68973, gnupg-20251228-notdash
  - update: gnupg Flatcar#1988
- dependencies:
  - changes for dev-libs/libassuan:
    - changed version constraint from >=2.5.0 to >=3.0.0-r1
  - changes for dev-libs/libgcrypt:
    - changed version constraint from >=1.9.1 to >=1.11.0
  - changes for dev-libs/libgpg-error:
    - changed version constraint from >=1.46 to >=1.56
- runtime dependencies:
  - changes for dev-libs/libassuan:
    - changed version constraint from >=2.5.0 to >=3.0.0-r1
  - changes for dev-libs/libgcrypt:
    - changed version constraint from >=1.9.1 to >=1.11.0
  - changes for dev-libs/libgpg-error:
    - changed version constraint from >=1.46 to >=1.56
- release notes: https://lists.gnupg.org/pipermail/gnupg-announce/2025q4/000500.html https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html
app-crypt/gpgme: [SYSEXT-PODMAN]
- from 2.0.0 to 2.0.1-r1
- dependencies:
  - dropped a dependency '>=app-crypt/gnupg-2'
  - added a dependency 'app-alternatives/gpg[reference]' for USE '||'
  - added a dependency 'app-alternatives/gpg[freepg(-)]' for USE '||'
- runtime dependencies:
  - dropped a dependency '>=app-crypt/gnupg-2'
  - added a dependency 'app-alternatives/gpg[reference]' for USE '||'
  - added a dependency 'app-alternatives/gpg[freepg(-)]' for USE '||'
- release notes: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=blob_plain;f=NEWS;h=1fd34dbd9143829e9163d402ab0191a9fc6adab2;hb=e4adebe020b07bc47e583817576ce98ca93e9711
app-crypt/mit-krb5: [PROD] [DEV]
- from 1.21.3 to 1.21.3-r1
- added a patch fixing build with c23
- package became unstable on 'arm64'
  - added accept keywords to overlay profiles
app-doc/eclass-manpages:
- from 20250815 to 20251126
- release notes: none
app-editors/nano:
- from 8.6 to 8.7
- release notes: https://lists.gnu.org/archive/html/info-gnu/2025-11/msg00002.html
app-editors/vim: [PROD] [DEV]
- from 9.1.1652 to 9.1.1652-r2
- added IUSE flag 'perl_features_ithreads'
  - brought by perl-module eclass
- added IUSE flag 'perl_features_quadmath'
  - brought by perl-module eclass
- added IUSE flag 'wayland'
  - brought by perl-module eclass
- added IUSE flag 'perl_features_debug'
  - brought by perl-module eclass
- dependencies:
  - added a dependency '>=dev-lang/perl-5.38.2-r3[perl_features_debug=,perl_features_ithreads=,perl_features_quadmath=]' for USE 'perl?'
  - added a dependency 'dev-libs/wayland' for USE 'wayland?'
- runtime dependencies:
  - added a dependency '>=dev-lang/perl-5.38.2-r3[perl_features_debug=,perl_features_ithreads=,perl_features_quadmath=]' for USE 'perl?'
  - added a dependency 'dev-libs/wayland' for USE 'wayland?'
app-editors/vim-core: [PROD] [DEV]
- from 9.1.1652 to 9.1.1652-r3
- runtime dependencies:
  - added a dependency 'dev-util/xxd'
- unbundled xxd, thus adding a dependency on it
app-emulation/qemu:
- still at 10.0.5
- package became stable on 'arm64'
  - dropped accept keywords from overlay profiles
app-shells/bash: [PROD] [DEV]
- from 5.3_p3-r3 to 5.3_p9
- release notes: https://cgit.git.savannah.gnu.org/cgit/bash.git/log/?id=637f5c8696a6adc9b4519f1cd74aa78492266b7f
app-shells/bash-completion: [DEV]
- from 2.16.0-r3 to 2.17.0
- runtime dependencies:
  - changes for net-fs/mc strong blocker:
    - changed version constraint from <=2025.04.16.18.13.26 to <=2025.04.16.18.13.26-r0
- release notes: https://github.com/scop/bash-completion/releases/tag/2.17.0
app-text/mandoc:
- from 1.14.6 to 1.14.6-r1
- EAPI changed from '7' to '8'
app-text/scdoc:
- from 1.11.3 to 1.11.4
- release notes: https://git.sr.ht/~sircmpwn/scdoc/refs/1.11.4
dev-build/autoconf:
- from 2.72-r4 to 2.72-r6
- backported two patches from upstream
dev-build/cmake:
- from 4.1.2-r1 to 4.1.4
- release notes: https://cmake.org/cmake/help/v4.1/release/4.1.html#updates
dev-build/make: [DEV]
- from 4.4.1-r101 to 4.4.1-r102
- added a patch fixing jobserver client not returning tokens on SIGINT
dev-build/ninja:
- from 1.13.1 to 1.13.2-r1
- added a patch allowing a use of pseudo-fifos for jobservers
- release notes: https://github.com/ninja-build/ninja/releases/tag/v1.13.2
dev-cpp/gtest:
- from 1.14.0-r2 to 1.17.0
- added IUSE flag 'abseil'
  - pulls in dev-cpp/abseil and dev-libs/re2
- dependencies:
  - added a dependency 'dev-cpp/abseil-cpp:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]' for USE 'abseil?'
  - added a dependency 'dev-libs/re2:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]' for USE 'abseil?'
- runtime dependencies:
  - added a dependency 'dev-cpp/abseil-cpp:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]' for USE 'abseil?'
  - added a dependency 'dev-libs/re2:=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_s390_32(-)?,abi_s390_64(-)?]' for USE 'abseil?'
- release notes: https://github.com/google/googletest/releases/tag/v1.17.0 https://github.com/google/googletest/releases/tag/v1.16.0 https://github.com/google/googletest/releases/tag/v1.15.0
dev-lang/go:
- from 1.25.3 to 1.25.5
- fixes CVE-2025-61727, CVE-2025-61729
  - update: go Flatcar#1967
- release notes: https://go.dev/doc/devel/release#go1.25.minor
dev-lang/perl:
- from 5.40.2 to 5.42.0-r1
- release notes: https://perldoc.perl.org/perl5420delta
dev-lang/rust:
- from 1.89.0 to 1.91.0
- removed IUSE flag 'llvm_slot_20'
- removed IUSE flag 'wasm'
  - renamed to rust_sysroots_wasm
- added IUSE flag 'llvm_slot_21'
- added IUSE flag 'rust_sysroots_bpf'
- deps changes below are from bumping llvm from 20 to 21.
- build dependencies:
  - changes for llvm-core/lld with USE conditionals 'lto?' -> 'system-llvm?' -> '||' -> 'llvm_slot_20?':
    - USE conditionals changed to 'lto?' -> 'system-llvm?' -> '||' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for dev-lang/rust with USE conditionals '||':
    - changed slot constraint from 1.89.0 to 1.91.0
  - changes for dev-lang/rust with USE conditionals '||':
    - changed slot constraint from 1.88.0 to 1.90.0
  - changes for dev-lang/rust-bin with USE conditionals '||':
    - changed slot constraint from 1.89.0 to 1.91.0
  - changes for dev-lang/rust-bin with USE conditionals '||':
    - changed slot constraint from 1.88.0 to 1.90.0
- dependencies:
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_targets_AArch64?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_targets_AArch64?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_targets_X86?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_targets_X86?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/lld with USE conditionals 'system-llvm?' -> 'wasm?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'rust_sysroots_wasm?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
- runtime dependencies:
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_targets_AArch64?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_targets_AArch64?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/llvm with USE conditionals 'system-llvm?' -> 'llvm_targets_X86?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'llvm_targets_X86?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
  - changes for llvm-core/lld with USE conditionals 'system-llvm?' -> 'wasm?' -> 'llvm_slot_20?':
    - USE conditionals changed to 'system-llvm?' -> 'rust_sysroots_wasm?' -> 'llvm_slot_21?'
    - changed slot constraint from 20 to 21
- release notes: https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/ https://blog.rust-lang.org/2025/09/18/Rust-1.90.0/
dev-lang/yasm:
- still at 1.3.0-r2
- package became stable on 'arm64'
  - dropped accept keywords from overlay profiles
dev-libs/cJSON: [DEV]
- from 1.7.18 to 1.7.19
- release notes: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19
dev-libs/elfutils: [PROD] [DEV]
- from 0.193-r1 to 0.194
- package became unstable on 'amd64'
  - added accept keywords to overlay profiles
- added IUSE flag 'libarchive'
  - gates enabling libarchive, mostly for debuginfod
- dependencies:
  - dropped a dependency '>=app-arch/libarchive-3.1.2:='
  - added a dependency '>=app-arch/libarchive-3.1.2:=' for USE 'libarchive?'
- runtime dependencies:
  - dropped a dependency '>=app-arch/libarchive-3.1.2:='
  - added a dependency '>=app-arch/libarchive-3.1.2:=' for USE 'libarchive?'
- release notes: https://inbox.sourceware.org/elfutils-devel/CAJDtP-S0rYAOZQeDZvMtPkQztgK9RboWtYwpqNLCNGNdaSGn-A@mail.gmail.com/T/#u
dev-libs/libaio: [PROD] [DEV]
- from 0.3.113-r2 to 0.3.113_p8
- took a patchset from Debian
dev-libs/libdnet: [VMWARE]
- from 1.18.0-r2 to 1.18.0-r3
- dependencies:
  - added a dependency 'dev-python/netifaces[python_targets_python3_11(-)?,python_targets_python3_12(-)?]' for USE 'python?'
- runtime dependencies:
  - added a dependency 'dev-python/netifaces[python_targets_python3_11(-)?,python_targets_python3_12(-)?]' for USE 'python?'
dev-libs/libnl: [PROD] [DEV]
- from 3.10.0 to 3.11.0
- package became unstable on 'amd64'
  - added accept keywords to overlay profiles
- release notes: https://lists.infradead.org/pipermail/libnl/2024-October/002441.html
dev-libs/libpcre2: [PROD] [DEV]
- from 10.46 to 10.47
- release notes: https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.47
dev-libs/libxml2: [PROD] [DEV]
- from 2.14.6 to 2.15.1
- added IUSE flag 'doc'
  - documentation
- IUSE flag 'python' became disabled by default
- build dependencies:
  - added a dependency 'app-text/docbook-xsl-stylesheets' for USE 'doc?'
  - added a dependency 'app-text/doxygen' for USE 'doc?'
  - added a dependency 'dev-libs/libxslt' for USE 'doc?'
  - added a dependency 'app-text/doxygen' for USE 'python?'
- release notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.15.1 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.15.0
dev-libs/libxslt: [VMWARE]
- from 1.1.43-r1 to 1.1.43-r2
- added a patchset
  - does not seem to conflict with our patch
dev-libs/tree-sitter:
- from 0.25.8 to 0.25.10
- release notes: https://github.com/tree-sitter/tree-sitter/commits/v0.25.10/
dev-libs/tree-sitter-bash:
- from 0.25.0 to 0.25.1
- release notes: https://github.com/tree-sitter/tree-sitter-bash/commits/v0.25.1/
dev-libs/userspace-rcu: [PROD] [DEV]
- from 0.15.3 to 0.15.5
- release notes: https://lwn.net/Articles/1046059/
dev-libs/xxhash:
- from 0.8.3 to 0.8.3-r1
- package became unstable on 'amd64' and on 'arm64'
  - added accept keywords to overlay profiles
dev-perl/File-Slurper:
- from 0.14.0 to 0.14.0-r1
- added IUSE flag 'minimal'
  - We enable it in profiles to drop the extra dependencies.
- build dependencies:
  - dropped a dependency 'dev-perl/PerlIO-utf8_strict'
  - added a dependency 'dev-perl/PerlIO-utf8_strict' for USE '!minimal?'
- runtime dependencies:
  - dropped a dependency 'dev-perl/PerlIO-utf8_strict'
  - added a dependency 'dev-perl/PerlIO-utf8_strict' for USE '!minimal?'
dev-python/charset-normalizer: [SYSEXT-PYTHON]
- from 3.4.3 to 3.4.4
- added IUSE flag 'verify-provenance'
  - some pypi specific check
- build dependencies:
  - added a dependency 'dev-python/pypi-attestations' for USE 'verify-provenance?'
- release notes: https://github.com/jawah/charset_normalizer/releases/tag/3.4.4
dev-python/cryptography:
- from 46.0.2 to 46.0.3
- release notes: https://cryptography.io/en/latest/changelog/#v46-0-3
dev-python/cython:
- from 3.1.4 to 3.1.7
- release notes: https://github.com/cython/cython/releases/tag/3.1.7
dev-python/ensurepip-pip: [AZURE] [DEV] [GCE] [SYSEXT-PYTHON]
- from 25.2 to 25.3
- build dependencies:
  - added a dependency '>=dev-python/flit-core-3.11.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - dropped a dependency '>=dev-python/setuptools-78.1.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
- release notes: https://github.com/pypa/pip/blob/25.3/NEWS.rst
dev-python/idna: [SYSEXT-PYTHON]
- from 3.10 to 3.11
- release notes: https://github.com/kjd/idna/releases/tag/v3.11
dev-python/lark:
- from 1.3.0 to 1.3.1
- build dependencies:
  - added a dependency '>=dev-python/setuptools-scm-9.2.2[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
- release notes: https://github.com/lark-parser/lark/releases/tag/1.3.1
dev-python/msgpack: [SYSEXT-PYTHON]
- from 1.1.1 to 1.1.2
- release notes: https://github.com/msgpack/msgpack-python/releases/tag/v1.1.2
dev-python/pip: [SYSEXT-PYTHON]
- from 25.2 to 25.3
- build dependencies:
  - added a dependency '>=dev-python/flit-core-3.11.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - dropped a dependency '>=dev-python/setuptools-78.1.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
- release notes: https://github.com/pypa/pip/blob/25.3/NEWS.rst
dev-python/setuptools-scm: [SYSEXT-PYTHON]
- from 9.2.0 to 9.2.2
- added IUSE flag 'verify-provenance'
  - some pypi specific check
- build dependencies:
  - added a dependency 'dev-python/pypi-attestations' for USE 'verify-provenance?'
- release notes: https://github.com/pypa/setuptools-scm/releases/tag/v9.2.2
dev-python/tree-sitter:
- from 0.25.1-r1 to 0.25.2
- release notes: https://github.com/tree-sitter/py-tree-sitter/releases/tag/v0.25.2
dev-python/trove-classifiers: [SYSEXT-PYTHON]
- from 2025.9.11.17 to 2025.11.14.15
- release notes: https://github.com/pypa/trove-classifiers/releases/tag/2025.11.14.15
dev-python/urllib3: [AZURE] [DEV] [SYSEXT-PYTHON]
- from 2.5.0 to 2.6.3
- fixes CVE-2025-66418, CVE-2025-66471
  - update: urllib3 Flatcar#1966
- added IUSE flag 'verify-provenance'
  - some pypi specific check
- build dependencies:
  - added a dependency 'dev-python/pypi-attestations' for USE 'verify-provenance?'
- runtime dependencies:
  - changes for dev-python/brotlicffi with USE conditionals 'brotli?':
    - changed version constraint from >=0.8.0 to >=1.2.0.0
  - added a dependency '>=dev-python/backports-zstd-1.0.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?]' for USE 'zstd?' -> 'python_targets_python3_12?'
  - dropped a dependency '>=dev-python/zstandard-0.18.0[python_targets_pypy3_11(-)?,python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]' for USE 'zstd?'
- release notes: https://raw.githubusercontent.com/urllib3/urllib3/refs/tags/2.6.3/CHANGES.rst
dev-util/maturin:
- from 1.9.6 to 1.10.2
- build dependencies:
  - changes for app-text/mdbook with USE conditionals 'doc?':
    - added version constraint >=0.5
  - changes for dev-lang/rust with USE conditionals '||':
    - changed version constraint from >=1.75.0 to >=1.83.0
  - changes for dev-lang/rust-bin with USE conditionals '||':
    - changed version constraint from >=1.75.0 to >=1.83.0
- licenses:
  - dropped license 'Boost-1.0'
  - added license 'BZIP2'
  - dropped license 'Unicode-DFS-2016'
  - added license 'ZLIB'
  - dropped license 'CC-BY-4.0' for USE 'doc?'
- release notes: https://github.com/PyO3/maturin/releases/tag/v1.10.2
dev-util/pkgcheck:
- from 0.10.37 to 0.10.37-r1
- build dependencies:
  - added a dependency '<dev-python/snakeoil-0.11.0[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - changes for sys-apps/pkgcore:
    - changed version constraint from >=0.12.30 to ~0.12.30
- runtime dependencies:
  - added a dependency '<dev-python/snakeoil-0.11.0[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - changes for sys-apps/pkgcore:
    - changed version constraint from >=0.12.30 to ~0.12.30
- added a patch to ignore new branding.eclass from some checks
dev-vcs/git: [PROD] [DEV]
- from 2.51.0 to 2.52.0
- added IUSE flag 'rust'
  - some extensions written in Rust
- runtime dependencies:
  - dropped a dependency 'app-crypt/gnupg' for USE 'gpg?'
  - added a dependency 'app-alternatives/gpg' for USE 'gpg?'
- release notes: https://raw.githubusercontent.com/git/git/refs/tags/v2.52.0/Documentation/RelNotes/2.52.0.adoc
eclass/branding.eclass:
- added from Gentoo
eclass/cargo.eclass:
- fixed builds for non-native multilib ABIs
eclass/check-reqs.eclass:
- some memory checks for other platforms
eclass/cmake.eclass:
- various fixes
eclass/desktop.eclass:
- some fixes, added options
eclass/distutils-r1.eclass:
- dropped parallel builds - too many issues
- added support for passing JSON config settings to the build backend
- export used PKG_CONFIG
eclass/elisp-common.eclass:
- added support for EAPI 9
eclass/fcaps.eclass:
- remove default value for owner/group
eclass/llvm-r1.eclass:
- bumped llvm stable version to 21
eclass/meson.eclass:
- fixed cross and multilib builds with rust
- no need for exe wrapper on multilib builds
eclass/multilib.eclass:
- fixed BUILD_ variables
eclass/pypi.eclass:
- handle Google Cloud as provenance provider
eclass/ruby-utils.eclass:
- bumped ruby versions
eclass/rust.eclass:
- added support for llvm 21
- doc fixes
eclass/selinux-policy-2.eclass:
- added support for EAPI 8
- unconditionally load all modules in the store in postinst
- relabeling fixes
- style fixes
eclass/toolchain-funcs.eclass:
- fixed pattern for detecting ld.bfd
eclass/toolchain.eclass:
- valgrind fixes
- gcc 16 tls fixes
- some nvptx accel fixes
licenses:
- updated OPENLDAP
media-libs/libpng:
- from 1.6.50-r1 to 1.6.51
- release notes: https://raw.githubusercontent.com/pnggroup/libpng/refs/tags/v1.6.51/ANNOUNCE
net-dns/bind: [PROD] [DEV]
- from 9.18.38 to 9.18.42
- fixes CVE-2025-40778, CVE-2025-40780, CVE-2025-8677
  - update: net-dns/bind Flatcar#1957
- release notes: https://bind9.readthedocs.io/en/v9.18.42/notes.html#notes-for-bind-9-18-42
net-libs/gnutls: [PROD] [DEV]
- from 3.8.10-r1 to 3.8.11
- fixes CVE-2025-9820
  - update: gnutls Flatcar#1951
- release notes: https://lists.gnu.org/archive/html/info-gnu/2025-11/msg00003.html
net-libs/libnftnl: [PROD] [DEV]
- from 1.3.0 to 1.3.1
- release notes: https://lwn.net/Articles/1049279/
net-libs/libtirpc: [PROD] [DEV]
- from 1.3.7 to 1.3.7-r2
- fixes for musl
net-misc/curl: [PROD] [DEV]
- from 8.16.0-r1 to 8.17.0-r1
- release notes: https://curl.se/ch/8.17.0.html
net-misc/openssh: [PROD] [DEV]
- still at 10.2_p1
- package became stable on 'amd64' and 'arm64'
  - dropped accept keywords from overlay profiles
net-misc/rsync: [PROD] [DEV]
- from 3.4.1 to 3.4.1-r1
- IUSE flag 'xxhash' became enabled by default
  - speeds up transfers
profiles:
- added selinux policy types expand variable
  - this will be used by selinux policy packages when they switch to eapi >=8
sec-policy/selinux-base: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-base-policy: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base:
    - changed version constraint from =2.20250213-r1 to =2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base:
    - changed version constraint from =2.20250213-r1 to =2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-container: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-dbus: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-policykit: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-sssd: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sec-policy/selinux-unconfined: [PROD] [DEV]
- from 2.20250213-r1 to 2.20250618-r1
- dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- runtime dependencies:
  - changes for sec-policy/selinux-base-policy:
    - changed version constraint from >=2.20250213-r1 to >=2.20250618-r1
- release notes: https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618
sys-apps/coreutils: [PROD] [DEV]
- from 9.8-r1 to 9.9-r1
- release notes: https://lists.gnu.org/archive/html/coreutils-announce/2025-11/msg00000.html
sys-apps/diffutils: [PROD] [DEV]
- still at 3.12
- use branding eclass
sys-apps/findutils: [PROD] [DEV]
- still at 4.10.0
- use branding eclass
sys-apps/grep: [PROD] [DEV]
- still at 3.12
- use branding eclass
sys-apps/kbd: [PROD] [DEV]
- from 2.9.0 to 2.9.0-r1
- use autotools eclass to call autoreconf - this brings the deps below
- build dependencies:
  - added a dependency '>=app-portage/elt-patches-20250306'
  - added a dependency '>=dev-build/libtool-2.4.7-r3'
  - added a dependency 'sys-devel/gnuconfig'
  - added a dependency '>=dev-build/automake-1.18:1.18' for USE '||'
  - added a dependency '>=dev-build/automake-1.17-r1:1.17' for USE '||'
  - added a dependency '>=dev-build/autoconf-2.72-r1:2.72' for USE '||'
sys-apps/kexec-tools: [PROD] [DEV]
- from 2.0.31 to 2.0.32
- release notes: https://github.com/horms/kexec-tools/commits/v2.0.32/
sys-apps/locale-gen:
- from 3.9-r1 to 3.9-r2
- added patch fixing selinux issue
sys-apps/lsb-release:
- still at 3.3
- use branding eclass
sys-apps/nvme-cli: [PROD] [DEV]
- from 2.15 to 2.16
- dependencies:
  - changes for sys-libs/libnvme:
    - changed version constraint from >=1.15 to >=1.16
- runtime dependencies:
  - changes for sys-libs/libnvme:
    - changed version constraint from >=1.15 to >=1.16
- release notes: https://github.com/linux-nvme/nvme-cli/releases/tag/v2.16
sys-apps/pkgcore:
- from 0.12.30 to 0.12.30-r1
- build dependencies:
  - added a dependency '<dev-python/snakeoil-0.11.0[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
- runtime dependencies:
  - added a dependency '<dev-python/snakeoil-0.11.0[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
sys-apps/portage: [DEV]
- from 3.0.69.3-r2 to 3.0.72-r1
- release notes: https://gitweb.gentoo.org/proj/portage.git/plain/NEWS?h=portage-3.0.72
sys-apps/pv:
- from 1.9.42 to 1.10.2
- release notes: https://codeberg.org/ivarch/pv/releases/tag/v1.10.2
sys-apps/sed: [PROD] [DEV]
- still at 4.9-r1
- use branding eclass
sys-apps/systemd: [PROD] [DEV]
- from 257.9 to 257.10
- release notes: https://github.com/systemd/systemd/commits/v257.10/
sys-apps/usbutils: [PROD] [DEV]
- from 018-r1 to 019
- release notes: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/plain/NEWS?h=v019
sys-auth/pambase: [PROD] [DEV]
- from 20251013 to 20251104
- release notes: https://gitweb.gentoo.org/proj/pambase.git/log/?h=pambase-20251104
sys-block/thin-provisioning-tools: [PROD] [DEV]
- from 1.3.0 to 1.3.1
- package became stable on 'amd64' and 'arm64'
  - dropped accept keywords from overlay profiles
- added IUSE flag 'llvm_slot_21'
  - LLVM 21 support
- build dependencies:
  - added a dependency 'dev-lang/rust:1.89.0[llvm_slot_20]' for USE 'llvm_slot_20?' -> '||'
  - added a dependency 'dev-lang/rust-bin:1.89.0[llvm_slot_20]' for USE 'llvm_slot_20?' -> '||'
  - added a dependency 'llvm-core/clang:21' for USE 'llvm_slot_21?'
  - changes for dev-lang/rust with USE conditionals '||':
    - USE conditionals changed to 'llvm_slot_21?' -> '||'
    - dropped version constraint
    - changed slot constraint from * to 9999
    - added llvm_slot_21 use enabled requirement (must exist, no pretending if missing)
  - added a dependency 'dev-lang/rust:1.91.0[llvm_slot_21]' for USE 'llvm_slot_21?' -> '||'
  - changes for dev-lang/rust-bin with USE conditionals '||':
    - USE conditionals changed to 'llvm_slot_21?' -> '||'
    - dropped version constraint
    - changed slot constraint from * to 9999
    - added llvm_slot_21 use enabled requirement (must exist, no pretending if missing)
  - added a dependency 'dev-lang/rust-bin:1.91.0[llvm_slot_21]' for USE 'llvm_slot_21?' -> '||'
- release notes: https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.3.1/CHANGES
sys-boot/grub:
- from 2.12-r7 to 2.12-r11
- added IUSE flag 'branding'
  - pulls in Gentoo theme, disabled in Flatcar
- runtime dependencies:
  - added a dependency '>=sys-boot/grub-themes-gentoo-1.0-r1' for USE 'branding?'
sys-devel/binutils: [DEV]
- from 2.45-r1 to 2.45.1
- release notes: https://sourceware.org/pipermail/binutils/2025-November/145592.html
sys-devel/binutils-config: [PROD] [DEV]
- from 5.5.2 to 5.6
- release notes: https://gitweb.gentoo.org/proj/binutils-config.git/log/?h=v5.6
sys-devel/crossdev:
- from 20251008 to 20251214
- release notes: https://gitweb.gentoo.org/proj/crossdev.git/log/?h=20251214
sys-devel/gcc: [PROD] [DEV]
- from 14.3.1_p20250801 to 15.2.1_p20251122
- added IUSE flag 'libgdiagnostics'
  - for building gcc diagnostics library, not relevant to Flatcar
- added IUSE flag 'cobol'
  - something something business oriented language, perhaps
- build dependencies:
  - changes for dev-lang/ada-bootstrap with USE conditionals 'ada?' -> '||':
    - changed version constraint from <15 to <16
  - changes for sys-devel/gcc with USE conditionals 'ada?' -> '||':
    - changed version constraint from <15 to <16
  - changes for sys-devel/gcc with USE conditionals 'd?':
    - USE conditionals changed to 'd?' -> '||'
    - changed version constraint from <15 to <16
  - added a dependency 'sys-devel/gcc:11' for USE 'd?' -> '||'
  - dropped a dependency 'dev-debug/valgrind' for USE 'valgrind?'
- dependencies:
  - added a dependency 'dev-debug/valgrind' for USE 'valgrind?'
- release notes: https://gcc.gnu.org/gcc-15/changes.html
sys-devel/gcc-config: [DEV]
- from 2.12.1 to 2.12.2
- release notes: https://gitweb.gentoo.org/proj/gcc-config.git/log/?h=v2.12.2
sys-devel/m4:
- still at 1.4.20
- use branding eclass
sys-fs/btrfs-progs: [PROD] [DEV]
- from 6.17 to 6.17.1
- release notes: https://github.com/kdave/btrfs-progs/releases/tag/v6.17.1
sys-fs/cryptsetup: [PROD] [DEV]
- from 2.8.1 to 2.8.1-r1
- dependencies:
  - added a dependency 'net-libs/libssh[sftp(+)]' for USE 'ssh?'
  - added a dependency 'net-libs/libssh[sftp(+)]' for USE 'static?' -> 'ssh?'
  - added a dependency 'net-libs/libssh[sftp(+)]' for USE 'static-libs?' -> 'ssh?'
- runtime dependencies:
  - added a dependency 'net-libs/libssh[sftp(+)]' for USE 'ssh?'
  - added a dependency 'net-libs/libssh[sftp(+)]' for USE 'static-libs?' -> 'ssh?'
sys-fs/erofs-utils:
- from 1.8.10 to 1.8.10-r1
- moved the accept keywords to base profile
- dependencies:
  - added a dependency 'app-arch/libdeflate:0=' for USE 'libdeflate?'
  - dropped a dependency 'app-arch/libdeflate:0=' for USE 'zlib?' -> 'libdeflate?'
  - changes for virtual/zlib with USE conditionals 'zlib?' -> '!libdeflate?':
    - USE conditionals changed to 'zlib?'
- runtime dependencies:
  - added a dependency 'app-arch/libdeflate:0=' for USE 'libdeflate?'
  - dropped a dependency 'app-arch/libdeflate:0=' for USE 'zlib?' -> 'libdeflate?'
  - changes for virtual/zlib with USE conditionals 'zlib?' -> '!libdeflate?':
    - USE conditionals changed to 'zlib?'
sys-fs/fuse-common: [SYSEXT-INCUS] [SYSEXT-PODMAN] [VMWARE]
- from 3.10.4 to 3.10.4-r2
- EAPI changed from '7' to '8'
- runtime dependencies:
  - added a dependency 'acct-group/cuse'
  - added a dependency 'virtual/tmpfiles'
sys-fs/lxcfs: [SYSEXT-INCUS]
- from 6.0.4 to 6.0.5
- release notes: https://discuss.linuxcontainers.org/t/lxcfs-6-0-5-lts-has-been-released/24437
sys-fs/squashfs-tools: [DEV] [SYSEXT-INCUS]
- from 4.7.2 to 4.7.4
- release notes: https://github.com/plougher/squashfs-tools/releases?q=4.7.4
sys-fs/xfsprogs: [PROD] [DEV]
- from 6.16.0 to 6.17.0-r1
- release notes: https://web.git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/plain/doc/CHANGES?h=v6.17.0
sys-fs/zfs: [SYSEXT-ZFS]
- from 2.3.3 to 2.3.4
- package became unstable on 'arm64'
  - added accept keywords to overlay profiles
- post dependencies:
  - changes for sys-fs/zfs-kmod with USE conditionals 'dist-kernel?':
    - changed version constraint from ~2.3.3 to ~2.3.4
- runtime dependencies:
  - changes for sys-fs/zfs-kmod with USE conditionals '!kernel-builtin?':
    - changed version constraint from ~2.3.3 to ~2.3.4
- release notes: https://github.com/openzfs/zfs/releases/tag/zfs-2.3.4
sys-fs/zfs-kmod: [SYSEXT-ZFS]
- from 2.3.3 to 2.3.4
- package became unstable on 'arm64'
  - added accept keywords to overlay profiles
- post dependencies:
  - changes for sys-fs/zfs with USE conditionals 'dist-kernel?':
    - changed version constraint from ~2.3.3 to ~2.3.4
- runtime dependencies:
  - changes for virtual/dist-kernel with USE conditionals 'dist-kernel-cap?' -> 'dist-kernel?':
    - changed version constraint from <6.16 to <6.17
- release notes: https://github.com/openzfs/zfs/releases/tag/zfs-2.3.4
sys-libs/binutils-libs: [PROD] [DEV]
- from 2.45-r1 to 2.45.1
- release notes: https://sourceware.org/pipermail/binutils/2025-November/145592.html
sys-libs/libcap: [PROD] [DEV]
- from 2.76 to 2.77
- release notes: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.mr55t4z9vzea
sys-libs/libnvme: [PROD] [DEV]
- from 1.15 to 1.16.1
- release notes: https://github.com/linux-nvme/libnvme/releases/tag/v1.16.1 https://github.com/linux-nvme/libnvme/releases/tag/v1.16
sys-libs/libseccomp: [PROD] [DEV]
- from 2.6.0-r2 to 2.6.0-r3
- runtime dependencies:
  - dropped a dependency '>=sys-kernel/linux-headers-5.15'
sys-libs/libselinux: [PROD] [DEV]
- from 3.8.1 to 3.8.1-r2
- fixed python handling (run in multilib context, use distutils)
- added IUSE flag 'debug'
  - added by distutils eclass
- build dependencies:
  - added a dependency '>=dev-python/gpep517-16[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - added a dependency '>=dev-python/setuptools-78.1.0[python_targets_python3_11(-)?,python_targets_python3_12(-)?,python_targets_python3_13(-)?,python_targets_python3_14(-)?]'
  - added a dependency 'dev-lang/python:3.12' for USE 'python_targets_python3_12?'
- dependencies:
  - added a dependency 'dev-lang/python:3.12' for USE 'python_targets_python3_12?'
- runtime dependencies:
  - added a dependency 'dev-lang/python:3.12' for USE 'python_targets_python3_12?'
sys-libs/pam: [PROD] [DEV]
- still at 1.7.1-r2
- build dependencies:
  - dropped a dependency 'sec-keys/openpgp-keys-strace' for USE 'verify-sig?'
  - added a dependency 'sec-keys/openpgp-keys-pam' for USE 'verify-sig?'
sys-libs/readline: [PROD] [DEV]
- from 8.3_p1 to 8.3_p3
- release notes: https://cgit.git.savannah.gnu.org/cgit/readline.git/log/?id=553d6bb272f26400d6d4d1cac7c1df84c447449b
sys-process/procps: [PROD] [DEV]
- from 4.0.5-r2 to 4.0.5-r3
- added two patches with fixes
virtual/perl-Exporter:
- from 5.780.0 to 5.790.0
- runtime dependencies:
  - changes for perl-core/Exporter weak blocker:
    - changed version constraint from <5.780.0 to <5.790.0
  - changes for perl-core/Exporter weak blocker:
    - changed version constraint from >5.780.0-r999 to >5.790.0-r999
  - changes for dev-lang/perl with USE conditionals '||':
    - changed version constraint from =5.40* to =5.42*
  - changes for perl-core/Exporter with USE conditionals '||':
    - changed version constraint from ~5.780.0 to ~5.790.0
virtual/perl-ExtUtils-MakeMaker:
- from 7.700.0-r1 to 7.760.0
- runtime dependencies:
  - changes for perl-core/ExtUtils-MakeMaker weak blocker:
    - changed version constraint from <7.700.0 to <7.760.0
  - changes for perl-core/ExtUtils-MakeMaker weak blocker:
    - changed version constraint from >7.700.0-r999 to >7.760.0-r999
  - changes for dev-lang/perl with USE conditionals '||':
    - changed version constraint from =5.40* to =5.42*
  - dropped a dependency '=dev-lang/perl-5.38*' for USE '||'
  - changes for perl-core/ExtUtils-MakeMaker with USE conditionals '||':
    - changed version constraint from ~7.700.0 to ~7.760.0
x11-drivers/nvidia-drivers: [SYSEXT-NVIDIA-DRIVERS-570] [SYSEXT-NVIDIA-DRIVERS-570-OPEN]
- from 570.195.03 to 570.207
- release notes: none
x11-libs/pixman:
- from 0.46.0 to 0.46.4
- release notes: https://gitlab.freedesktop.org/pixman/pixman/-/commits/pixman-0.46.4?ref_type=tags

--

changelog
image diff

It's from Gentoo commit 11067047d14040142f8ecb21dfa4bfba9302fa81. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>