giflib*: update to 6.1.2
Version 6.1.2
=============
Code Fixes
----------
* Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
but not the core library - library clients need not be alarned.
Version 6.1.1
=============
This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.
[66 lines not shown]
shells/oh-my-posh: update to 29.8.0
Bug Fixes
spotify: use correct D-Bus interface name on Linux (3c44733), closes #7365
theme: align socials icons and add bluesky instead of at (8857a5c)
zsh: prevent stream process from inheriting parent stdin (40164ef)
Features
lint markfown with vale (57df69a)
net/xfr: update to 0.9.3
Added
- Server --bind flag (#38) — xfr serve --bind <IP> binds TCP, QUIC, and UDP data listeners to a specific address.
Validates against -4/-6 flags and rejects unspecified addresses (::, 0.0.0.0).
Changed
- Server sends random payloads (#34) — server-side TCP and UDP send paths now use random bytes by default in
reverse and bidirectional modes, matching the client's default-on behavior.
Fixed
- QUIC dual-stack on Windows (#39) — QUIC server endpoint now creates its UDP socket via socket2 with explicit
IPV6_V6ONLY handling instead of relying on Quinn's Endpoint::server(). On Windows/macOS where IPV6_V6ONLY defaults
to true, binding to [::] would only accept IPv6 connections.
- Server random payload on single-port TCP reverse (#34) — the single-port TCP handler (DataHello path used by all
modern clients) was missing random_payload = true, causing reverse-mode downloads to still send zeros.
[4 lines not shown]
www/freenginx-devel: update from 1.29.5 to 1.29.6
Sponsored by: tipi.work
<ChangeLog>
*) Bugfix: incorrect "upstream server temporarily disabled" messages
might be logged when using variables in the "proxy_pass" directive.
*) Bugfix: retrying a request to the next gRPC upstream server might not
work correctly.
Thanks to David Carlier.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_xslt_filter_module was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used.
[6 lines not shown]
security/cargo-auditable: import package
Know the exact crate versions used to build your Rust executable. Audit binaries
for known bugs or security vulnerabilities in production, at scale, with zero
bookkeeping.
This works by embedding data about the dependency tree in JSON format into a
dedicated linker section of the compiled executable.
devel/cargo-nextest: update to 0.9.130
Added
Nextest now sets several new environment variables for tests and setup scripts: (#3103)
NEXTEST_VERSION: the current nextest version as a semver string.
NEXTEST_REQUIRED_VERSION and NEXTEST_RECOMMENDED_VERSION: the minimum required and recommended nextest versions from the repository's nextest-version configuration. If not configured, the value is "none".
NEXTEST_TEST_THREADS: the computed number of test threads for this run.
NEXTEST_WORKSPACE_ROOT: the absolute path to the workspace root (respects --workspace-remap).
Nextest now sets CARGO_BIN_EXE_<name> at runtime for integration tests and benchmarks, matching cargo test in Rust 1.94 and above. Nextest sets this variable on all Rust versions. (#3137)
Previously, nextest only set NEXTEST_BIN_EXE_<name>, which remains available (and, with underscores, continues to be the recommended form). The CARGO_BIN_EXE_<name> form improves compatibility with tests written for cargo test.
Changed
The automatic migration of recorded test runs from the cache directory to the state directory, introduced in version 0.9.126, has been removed. Records in the old cache directory location will no longer be migrated. (#3101)
Fixed
[9 lines not shown]
