From f45b3a1bafda192b217cb4b6b1eea8dcca7a147c Mon Sep 17 00:00:00 2001
From: Devin Carr <dcarr@cloudflare.com>
Date: Mon, 13 Oct 2025 17:18:22 -0700
Subject: [PATCH 1/3] TUN-9882: Bump datagram v3 write channel capacity

Bumping from 16 to 512 gives each flow a bit more buffer if the local OS is having trouble writing to the origin.

Closes TUN-9882
---
 quic/v3/session.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/quic/v3/session.go b/quic/v3/session.go
index 6a9b093f..6d59a59f 100644
--- a/quic/v3/session.go
+++ b/quic/v3/session.go
@@ -26,7 +26,7 @@ const (
 	// The maximum amount of datagrams a session will queue up before it begins dropping datagrams.
 	// This channel buffer is small because we assume that the dedicated writer to the origin is typically
 	// fast enought to keep the channel empty.
-	writeChanCapacity = 16
+	writeChanCapacity = 512
 
 	logFlowID        = "flowID"
 	logPacketSizeKey = "packetSize"

From 686347cf91580741e90552475c9f9c05e0a2372b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Garcia?= <ggarcia@cloudflare.com>
Date: Tue, 14 Oct 2025 09:12:54 +0000
Subject: [PATCH 2/3] chore: Fix upload of RPM repo file during double signing

* chore: Fix upload of RPM repo file during double signing

This commit fixes a variable that was supposed to hold the path of the repo file, but instead was being overwritten with the repo file handle
---
 release_pkgs.py | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/release_pkgs.py b/release_pkgs.py
index 56acf699..6214815a 100644
--- a/release_pkgs.py
+++ b/release_pkgs.py
@@ -50,7 +50,7 @@ class PkgUploader:
             config=config,
         )
 
-        print(f"uploading asset: {filename} to {upload_file_path} in bucket{self.bucket_name}...")
+        print(f"uploading asset: {filename} to {upload_file_path} in bucket {self.bucket_name}...")
         try:
             r2.upload_file(filename, self.bucket_name, upload_file_path)
         except ClientError as e:
@@ -133,16 +133,16 @@ class PkgCreator:
     """
 
     def create_repo_file(self, file_path, binary_name, baseurl, gpgkey_url):
-        repo_file = os.path.join(file_path, binary_name + '.repo')
-        with open(repo_file, "w+") as repo_file:
-            repo_file.write(f"[{binary_name}-stable]")
-            repo_file.write(f"{binary_name}-stable")
-            repo_file.write(f"baseurl={baseurl}/rpm")
-            repo_file.write("enabled=1")
-            repo_file.write("type=rpm")
-            repo_file.write("gpgcheck=1")
-            repo_file.write(f"gpgkey={gpgkey_url}")
-        return repo_file
+        repo_file_path = os.path.join(file_path, binary_name + '.repo')
+        with open(repo_file_path, "w+") as repo_file:
+            repo_file.write(f"[{binary_name}-stable]\n")
+            repo_file.write(f"name={binary_name}-stable\n")
+            repo_file.write(f"baseurl={baseurl}/rpm\n")
+            repo_file.write("enabled=1\n")
+            repo_file.write("type=rpm\n")
+            repo_file.write("gpgcheck=1\n")
+            repo_file.write(f"gpgkey={gpgkey_url}\n")
+        return repo_file_path
 
 
     def _sign_rpms(self, file_path, gpg_key_name):
@@ -153,7 +153,7 @@ class PkgCreator:
             raise
 
     def _sign_repomd(self):
-        p = Popen(["gpg", "--batch", "--detach-sign", "--armor", "./rpm/repodata/repomd.xml"], stdout=PIPE, stderr=PIPE)
+        p = Popen(["gpg", "--batch", "--yes", "--detach-sign", "--armor", "./rpm/repodata/repomd.xml"], stdout=PIPE, stderr=PIPE)
         out, err = p.communicate()
         if p.returncode != 0:
             print(f"sign repomd result => {out}, {err}")
@@ -322,7 +322,7 @@ def create_rpm_packaging(
     repo_file = pkg_creator.create_repo_file(artifacts_path, binary_name, base_url, gpg_key_url)
 
     print("Uploading repo file")
-    pkg_uploader.upload_pkg_to_r2(binary_name + "repo", repo_file)
+    pkg_uploader.upload_pkg_to_r2(repo_file, binary_name + ".repo")
 
     print("uploading latest to r2...")
     upload_from_directories(pkg_uploader, "rpm", None, binary_name)

From e10e0725992d9fd6238ad896fa630468f1e4a4aa Mon Sep 17 00:00:00 2001
From: Devin Carr <dcarr@cloudflare.com>
Date: Tue, 14 Oct 2025 09:16:36 -0700
Subject: [PATCH 3/3] Release 2025.10.0

---
 RELEASE_NOTES | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 737a262f..fc193df3 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -1,3 +1,17 @@
+2025.10.0
+- 2025-10-14 chore: Fix upload of RPM repo file during double signing
+- 2025-10-13 TUN-9882: Bump datagram v3 write channel capacity
+- 2025-10-10 chore: Fix import of GPG keys when two keys are provided
+- 2025-10-10 chore: Fix parameter order when uploading RPM .repo file to R2
+- 2025-10-10 TUN-9883: Add new datagram v3 feature flag
+- 2025-10-09 chore: Force usage of go-boring 1.24
+- 2025-10-08 TUN-9882: Improve metrics for datagram v3
+- 2025-10-07 GRC-16749: Add fedramp tags to catalog
+- 2025-10-07 TUN-9882: Add buffers for UDP and ICMP datagrams in datagram v3
+- 2025-10-07 TUN-9882: Add write deadline for UDP origin writes
+- 2025-09-29 TUN-9776: Support signing Debian packages with two keys for rollover
+- 2025-09-22 TUN-9800: Add pipeline to sync between gitlab and github repos
+
 2025.9.1
 - 2025-09-22 TUN-9855: Create script to ignore vulnerabilities from govuln check
 - 2025-09-19 TUN-9852: Remove fmt.Println from cloudflared access command