misc: import raspberrypi-usbboot version 1.0
This contains the Raspberry Pi USB device boot software known as rpiboot. The
rpiboot tool provides a file server for loading software into memory on a
Raspberry Pi for provisioning. By default, it boots the device with firmware
that makes it appear to the host as a USB mass-storage device. The host
operating system then treats it as a standard USB drive, allowing the filesystem
to be accessed. An operating system image can be written to the device using the
Raspberry Pi Imager.
On Compute Module 4 and newer devices, rpiboot is also used to update the
bootloader SPI flash EEPROM.
Tested on macOS/amd64 and NetBSD/amd64.
Fill in bus_dmamap_sync() for 68030. Since 68030 caches are write-through,
this is pretty trivial: just invalidate the on-chip + any external D cache
in the PREREAD case. (See comment in code for why PREREAD is preferred
over POSTREAD.)
PR kern/60144
uvm_swap.c: fix /dev/drum regression caused by swap encryption
* decrypt data using a bounce buffer
* reject writes with ENOTSUP for now
https://gnats.netbsd.org/60083
PR/60083
swread/swwrite: hold swap_syscall_lock (cont.)
fix a harmless merge botch i introduced while porting the patch
from git to cvs.
https://gnats.netbsd.org/60147
PR/60147
net/dnsdist: Update to version 2.0.3
Provided by Marcin Gondek in wip.
Improvements
Add a metric for the latency of the latest health-check
Export DNS flags via ProtoBuf
Add a histogram of health-check latencies for backends
Bug Fixes
CVE-2026-0396: An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either "DynBlockRulesGroup:setSuffixMatchRule" or "DynBlockRulesGroup:setSuffixMatchRuleFFI"
CVE-2026-0397: When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged into the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard
CVE-2026-24028: An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses "newDNSPacketOverlay" to parse DNS packets
CVE-2026-24029: When the "early_acl_drop" ("earlyACLDrop" in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the "nghttp2" provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL
CVE-2026-24030: An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in denial of service
CVE-2026-27853: An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the "DNSQuestion:changeName" or "DNSResponse:changeName" methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service
CVE-2026-27854: Denial of service when using "DNSQuestion:getEDNSOptions" method in custom Lua code
[8 lines not shown]
py-cairosvg: updated to 2.9.0
2.9.0
Version 2.9.0 released on 2026-03-13
WARNING: this is a security update.
Using a lot of recursively nested use tags could lead to long rendering times with relatively small inputs. CairoSVG now stops rendering when more than 100k use tags are rendered.
Using the --unsafe option allows to render larger documents.
Drop support of Python 3.9, add support of Python 3.14
ngtcp2: updated to 1.22.0
1.22.0
Consistent hex literals and integer suffixes
Add missing entries to .gitignore
Deprecate quictls
Introduce struct ngtcp2_stateless_reset_token
Fix assertion failure without get_new_connection_id
Migrate to new callbacks
Add ngtcp2_pkt_write_stateless_reset2
Add missing callbacks to callbacks test
Add ngtcp2_conn_get_active_dcid2 and ngtcp2_cid_token2
Prefer sizeof token instead of integer constant
Introduce struct ngtcp2_path_challenge_data
Store cid and token directly into frame
tests: Remove xcid_init in favor of make_xcid
tests: Inline initialization for transport parameters tests
tests: Make shared crypto objects static const
[59 lines not shown]
py-async-lru: updated to 2.3.0
2.3.0
Added cache_contains() for read-only key lookup.
Changed cross-loop cache access to auto-reset and rebind to the current event loop.
Added AlruCacheLoopResetWarning when an auto-reset happens due to event loop change.
Forwarded cache_close(wait=...) for bound methods.
py-pygit2: updated to 1.19.2
1.19.2 (2026-03-29)
- Fix refcount and error handling issues in `filter_register(...)`
- Fix config with valueless keys
- New `Repository.load_filter_list(...)` and `FilterList`
- New `Odb.read_header(...)` and now `Odb.read(...)` returns `enums.ObjectType` instead of int
- Build and CI fixes
py-numpy: updated to 2.4.4
2.4.4
MAINT: Prepare 2.4.x for further development
BUG: Add test to reproduce problem
BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP
BUG: avoid warning on ufunc with where=True and no output
DOC: document caveats of ndarray.resize on 3.14 and newer
TST: fix POWER VSX feature mapping
MAINT: numpy.i: Replace deprecated ``sprintf`` with ``snprintf``...
print/qpdf: Drop confusing comment about NetBSD 9 build failure
- Sort USE_LANGUAGES and USE_CXX_FEATURES properly.
- Failing to build on NetBSD 9 with USE_CXX_FEATURES=c++17 was a
pkgsrc bug, not a problem in qpdf or NetBSD 9. Upstream documents
that c++20 is required, and now our Makefile says that. The
comment is (now) confusing; we generally just translate upstream
documented requirements to pkgsrc variables and leave it at that.
mame: update to 0.287.
It’s the end of another month, which means it’s time for another
MAME release! As you’d expect, MAME 0.287 includes a wide-ranging
array of emulation improvements to a multitude of systems. Interesting
changes this month include better Namco System 23 graphics, improved
lighting for Sega Model 3, and software-controlled volume
control/panning for Philips CD-i (along with improved stability).
The GRiD Compass family has received a keyboard overhaul as well
as an initial DAC sound output implementation. The Apple II family
now handles tricky raster effects more realistically, as well as
getting a substantial software list update (metadata for the MECC
collection is in much better shape). And speaking of software lists,
a couple of NES prototypes have been added.
