security/vuxml: Document varnish/vinyl vulnerability
A deficiency in HTTP/2 request parsing can be exploited to launch a backend
request desync attack (request smuggling), which in turn can be used for cache
poisoning, authentication bypass or possibly even information disclosure and
manipulation.
devel/shiboken6: Pass BINARY_ALIAS for Sphix only if DOCS enabled
===== env: NO_DEPENDS=yes USER=root UID=0 GID=0
===> Missing "sphinx-build-3.11" to create a binary alias at "/wrkdirs/usr/ports/devel/shiboken6/work-py311/.bin/sphinx-build"
*** Error code 1
Stop.
Fixes: 2bf3834a197ccf8956332378eda8dd7577965246
lang/rust: fix build on armv7
We have previously (cf. PR 282663) disabled the has_thread_local feature
on armv7 to work around an rtld bug. The bug was fixed with D42415, but
the workaround remained. Earlier this year, rust started to fail to
build due to the workaround, as the fallback TLS implementation is
limited to the number of pthread TLS keys (256) and rust has started to
consume more and more of them. While a temporary workaround reducing
the hunger for TLS keys was implemented in 2026Q2, we can actually just
reenable has_thread_local to go back to how things are supposed to work.
PR: 294545
Approved by: mikael (rust)
MFH: no
cad/openvsp: Update to 3.50.3
ChangeLog:
https://openvsp.org/blogs/announcements/2026/05/15/openvsp-3-50-3-released
* Fix corrupt XML file output with vectors of vec3d’s
* Fix crash when changing XSec type when CEdit screen still open
* Fix problem reading VSPAERO results that caused ghost results
* Write full precision in files sent to VSPAERO
net-im/openfire: Update to 5.0.5
ChangeLog:
https://download.igniterealtime.org/openfire/docs/5.0.5/changelog.html
Improvement
* Display newlines in details of logged SecurityAuditManager events
* Do not show 'max users' count for a MUC when it is 0 (unlimited)
* Bump BouncyCastle.version from 1.78.1 to 1.84
* LDAP context-close failures are logged without their exception stack trace
* Upgrade MySQL Connector/J driver to 8.4.0 release
* Upgrade Jetty webserver library to 12.0.35 release
* Update org.glassfish.jaxb:jaxb-runtime to the latest of the 2.3.x line
Task
* Disabled performance benchmark in IQEntityTimeHandlerTest should be removed
or converted
[15 lines not shown]
