py-tox: updated to 4.56.1
Bug fixes - 4.56.1
Fix { replace = "if" ... extend = true } corrupting the resulting list when then or else is a scalar string (e.g. then = "-v"): a non-empty scalar string is now appended as a single element instead of being iterated character-by-character, while a false if with no else (yielding "") contributes nothing rather than an empty element, and list/set results are still spread into the parent.
py-virtualenv: updated to 21.5.1
Bugfixes - 21.5.1
Refuse to create environments whose Python the bundled wheels no longer cover (currently below 3.9). virtualenv used to substitute the newest bundled pip, which cannot run on such a target, leaving a broken environment; seeder selection now rejects it up front with a clear error. --no-seed and third-party seeders that ship compatible wheels still work.
Features - 21.5.0
Drop support for Python 3.8; virtualenv now requires Python 3.9 or later to run and to create environments. Remove the embedded wheel seed package, which virtualenv bundled only for Python 3.8. The --wheel and --no-wheel options stay as no-ops, but now warn that virtualenv will remove them in a release after 2026-12
Bugfixes - 21.5.0
Upgrade embedded wheels.
Part of fix for PR lib/58282
Redo the logic for erasing lines when we have the capability, it was
broken and caused blanks to be written when clearing the screen instead
which caused thrashing and large outputs.
Back out changes to quickch() which were actually just work arounds
for broken hashes and were the cause of an infinite hang seen in
the previous commit of these changes.
blogc: update in response to feedback
Adjust the description to one that is perhaps a little more helpful. Add
a CC Features flag for c99. Add a COMMIT_MSG file for cvs. Add in a
TEST_TARGET to run checks. Remove an unnecessary entry in the PLIST.
jj: updated to 0.43.0
0.43.0
Release highlights
jj run allows you to run a command over a set of changes, each with their
own private working copy; the commands may update the working copy and
changes/conflicts are propagated accordingly, e.g., jj run -- cargo check --all-features or jj run -- cargo fix behaves as one might expect.
Breaking changes
The deprecated git_head() and git_refs() functions have been removed from
revsets and templates.
Git-like symbols (e.g. refs/heads/main) are no longer resolved to
revisions. Use the bookmark/tag <name> or <name>@<remote> syntax instead.
The deprecated ui.revsets-use-glob-by-default option has been removed.
[2 lines not shown]
libjxl: updated to 0.12.0
0.12.0
Added
A new buffering flag is now available in the CLI, alongside support for
streaming input with buffered output.
Introduced the new jxltran tool, which supports extracting codestreams from
jxlp boxes and packing raw codestreams into jxlc boxes.
Added the --reconstruct_jpeg flag to djxl to losslessly reconstruct a
JPEG and fail if impossible (mutually exclusive with --pixels_to_jpeg and
--jpeg_quality).
Added JXL_DEC_UNSUPPORTED (kUnsupported) status code to the core API to
better indicate when requested features or operations are not supported by
the decoder.
tools: added support for ProPhoto
color space names in CLI arguments (cjxl / djxl).
decoder API: support for out-of-order jxlp boxes (ftyp minor version 1).
[9 lines not shown]
wg-userspace(8): Ignore recvfrom errors.
On IPv6 networks, issuing sendto(2) when we've lost IPv6 connectivity
may eventually lead to the next recvfrom(2) failing with EHOSTDOWN.
Example ktrace:
8072 16529 rump_server 1782951176.090085182 CALL sendto(0xa,0x70fb4fa1b50c,0x60,0,0x70fb4f236b00,0x1c)
8072 16529 rump_server 1782951176.090085664 MISC msghdr: [name=0x70fb4f236b00, namelen=28, iov=0xffffc5126bfa8f50, iovlen=1, control=0x0, controllen=0, flags=0]
8072 16529 rump_server 1782951176.090086919 MISC mbsoname: [2601:...]
8072 16529 rump_server 1782951176.090093493 GIO fd 10 wrote 96 bytes
8072 16529 rump_server 1782951176.090094033 RET sendto 96/0x60
...
8072 23248 rump_server 1782951180.090105990 CALL recvfrom(0xa,0x70fb4efe203c,0x233a,0,0x70fb3f7cff50,0x70fb3f7cff4c)
8072 23248 rump_server 1782951180.090106339 MISC msghdr: [name=0x0, namelen=0, iov=0xffffc5126c63ff20, iovlen=1, control=0x0, controllen=0, flags=0]
8072 23248 rump_server 1782951180.090107309 RET recvfrom -1 errno 64 Host is down
In this case, wg_user_rcvthread mistakenly ignored the failing result
and blithely shoved the ssize_t -1 error indicator into
iov[1].iov_len and passed it on to rumpkern_recv_peer:
[34 lines not shown]
wg-userspace(8): Drop <4-byte UDP packets immediately.
Same as the kernel already does. Add an assertion into
wg_receive_packets about this and a couple comments cross-referencing
wg_overudp_cb and wg_receive_packets.
And, while here, as a precaution in case the
inpcb_register_overudp_cb mechanism ever breaks down or gets
refactored, make wg_receive_packets drop <4-byte packets too -- this
path should be hit only when handling handshake packets, so adding
another predicted-not-taken branch here should cost essentially
nothing.
PR bin/60392: assertion "mbuflen >= sizeof(struct wg_msg)" failed
rescue/ldd: Add a couple new symbols for recent rtld changes.
Should fix:
# link rescue/rescue
...
/tmp/build/2026.07.01.20.39.44-i386/tools/lib/gcc/i486--netbsdelf/14.3.0/../../../../i486--netbsdelf/bin/ld: /tmp/build/2026.07.01.20.39.44-i386/obj/usr.bin/ldd/elf32/libldd_elf32.a(load.o): in function `_rtld_load_object':
load.c:(.text+0x23b): undefined reference to `_rtld_objgen'
/tmp/build/2026.07.01.20.39.44-i386/tools/lib/gcc/i486--netbsdelf/14.3.0/../../../../i486--netbsdelf/bin/ld: load.c:(.text+0x256): undefined reference to `_rtld_objrelocpending'
PR lib/59751: dlclose is not MT-safe depending on the libraries
unloaded
libevent: update to 2.1.13.
Fix pkglint while here.
Changes in version 2.1.13-stable (01 July 2026)
This release contains several security fixes, affecting users of the
following modules: evbuffer, bufferevent, evtag, evrpc, evdns, evhttp.
If you have a program that uses one of those modules,
or if you distribute libevent, you should upgrade.
Additionally, this release backports some small modernizations to
the libevent codebase, to aid in compiling with the compilers
released over the last few years.
Security Fixes (evtag, evrpc):
- Fix an out-of-bounds read in decode_tag_internal.
(Found by @Brubbish. GHSA-fj29-64w6-73h6)
- Fix an integer overflow in evtag_unmarshal_header.
[33 lines not shown]