lziprecover: updated to 1.26
Changes in version 1.26:
'--fec=create' can now process efficiently input files larger than RAM.
If the size of the input file is larger than half the system's RAM,
'--fec=create' now creates all the packets of the fec file concurrently to
avoid reading the input file more than once.
'--fec=repair' and '--fec=test' can now process input files larger than RAM.
'--fec=repair/test/list' now exit immediately with a diagnostic if the
protected file is passed by mistake as the fec file.
'--fec=repair' now inserts '_fixed' before '.tar' instead of after.
The new option '--append=<file>', which appends the contents of <file> as
trailing data to another file(s) in a safe way, has been added.
[25 lines not shown]
lzip: updated to 1.26
Changes in version 1.26:
'-dvv' and '-tvv' now print (de)compressed sizes instead of compression
ratio. (Sizes are more informative than compression ratio).
Large numbers in option arguments are now accepted with underscore
separators (-s 123_456_789).
Large numbers are now printed with underscore separators (123_456_789).
'-h' now prints a short help screen containing only the command-line
options. For full help, use '--help'.
'--list' now can safely skip any trailing data added to a lzip file by the
option '--append' of lziprecover.
'--list' now prints '+t' after the number of members to indicate the
[9 lines not shown]
py-bracex: updated to 3.0
3.0
- **BREAK**: If there are no expansions, `bracex` will not return an empty string by default in the list. This matches
Bash. To get the old behavior, enable the new `return_empty` parameter to always return at least an empty string if
expansion yields no expansions.
- **FIX**: To better match Bash, empty expansions are not returned as empty strings.
- **FIX**: No longer backtrack if a sequence is evaluated and is deemed to be invalid.
PR lib/60369 Update tests to match modern UTF-8
This just removes test cases using invalid (by current standards) UTF-8
sequences (in one case the test is modified to switch it from invalid to valid)
The XFAIL that was added is removed. ("removed" in all of this means
hashifd away).
There is, in this change, no attempt to fix either of the other very valid
concerns - actually testing invalid input to ensure it is rejected (would
need to be a whole new test case, the way they are currently structured is
not condusive to that - the input is simply known to be valid), nor having
the test continue to try the remaining cases if an invalid result is obtained
rather than simply abandoning ship at the first opportunity.
Also note that none of this really has anything whatever to do with the
PR, which had nothing at all to do with what is valid UTF-8 and what is
not, but merely when something that is to be treated as invalid is
detetected, that MUST be reported, the (libc, not test) code must not
go on to examine further bytes and end up reporting that more are needed
[2 lines not shown]
devel/gitpane: update to 0.8.1
[0.8.1] - 2026-06-29
Added
Right-click a file in the Changes panel to open a context menu with Stage, Unstage, Discard, Open, and Open folder. Stage and Unstage are gated by what the file actually supports: a worktree change can be staged, a staged change can be unstaged, and a partially staged file offers both. Discard is confirmation gated and restores a tracked file (or deletes an untracked one). Open launches the file through the configured [open] command, or the OS default app when none is set, and Open folder reveals the file in the system file manager. File operations run against the active worktree's tree when a worktree is selected, mirroring the diff view, while the parent repository row refreshes afterward. Submodule rows offer only Open and Open folder.
Fixed
Releasing no longer fails to reach crates.io silently. The publish step swallowed every error (including an expired token's 403 Forbidden) yet still reported success, so v0.7.15 and v0.8.0 were tagged and built but never published. The step now fails the job on real errors and treats only an already-published version as a skippable no-op.
[0.8.0] - 2026-06-26
Added
Open a repo or worktree with o. It opens the selected row in a new tmux pane (a shell in its directory) or runs a configurable [open] command such as a GUI editor. Where it runs is configurable through placement: a tmux split or new window (with right-of, below, or a named target), inline in the current terminal, or an interactive picker chosen at launch. When gitpane is not running inside tmux, a tmux placement falls back to running the command inline.
Review the selected repo or worktree's diff with v. It runs [review] command (default git diff {base}...HEAD) in a new tmux window. The base ref comes from [review] base or the repository's resolved default branch; when neither resolves, gitpane shows a clear error instead of running a doomed diff.
Create and remove linked worktrees from gitpane, via both the key bindings and the context menu. Creation makes the worktree on a new branch under [worktree] dir (or as a sibling of the repo). Removal is confirmation gated and runs git worktree remove without --force, so git refuses to delete a dirty or main worktree and no work is lost.
Mark repositories and worktrees that have a live tmux pane cwd'd inside them with a ◉ indicator, so you can see at a glance where an agent or shell is parked. The marker is tmux only and shows nothing when tmux is unavailable.
Go to a repo's live tmux session with G (or the context menu). gitpane auto-detects your terminal and opens the session in a new tab (WezTerm, kitty, GNOME Terminal, Konsole) or a new window (Ghostty, Alacritty), so the current view is never replaced and there is no in-place switch to get stranded by. The terminal table is data driven and documented, and [goto] command overrides it for any other terminal.
[10 lines not shown]
PR lib/58282 revert refresh.c 1.132 (Mon Jun 29 06:06:10 UTC 2026)
This "broke stuff" (reported by gson@ and ryo@) and was reported as:
This has been reverted and sysinst behaves for me now.
Yet it had not been. Now it has.
sshd_config(5): Clarify again how to disable password authentication.
Upstream changed their version of this text by adding some quotation
marks but not really making it clearer. We had replaced the comment a
while ago to cross-reference UsePAM but it got lost in the update to
OpenSSH 10.0 last year. Restore the explanation of how to disable
password authentication, and expand on the relevant knobs a little.
PR bin/32313: sshd 'PasswordAuthentication no' silently fails
tests/bin/expr - fix the regex & length tests for UTF-8 input
If LC_CTYPE is to be set to a UTF-8 charset, the input must be
valid UTF-8 encoded data, or the results will not be what is expected.
0xFF as input is *not* ever valid in a UTF-8 string. It cannot be
the initial byte of a character (the biggest conceivable value for
that is 0xFC and even that is beyond what current UTF-8 allows, the
actual biggest is 0xF4), and it cannot be a trailing byte, as those
always have 1 0 as the two higest bits (ie: range is 0x80..0xBF)
mbrtowc() fix a stupid typo in the previous version.
No idea how I managed to miss this previously. This update should
make at least some of the ATF tests (and other stuff) which failed
after the previous change start working again.
py-uv py-uv-build: updated to 0.11.25
0.11.25
Security
This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.
See the upstream commits for a full list of changes.
Enhancements
Add a full "lockfile" to tool receipts
Allow scoped overrides to add dependencies
Avoid writing redundant lockfile markers with tool.uv.environments
Factor supported environments out of lockfile markers
Recommend our own build backend in the build frontend
Reject wheels with multiple .dist-info directories
Simplify dependency markers under parent reachability
[17 lines not shown]
Pull up following revision(s) (requested by riastradh in ticket #2026):
sys/dev/mm.c: revision 1.26
mm(4): Only grant kva exposure if user opens /dev/kmem.
Don't apply the same to /dev/null, /dev/zero, or anything else.
PR kern/60374: opening /dev/null exposes kva