tex-markdown: Import version 3.12.0.
The Markdown package converts CommonMark markup to TeX commands. The
functionality is provided both as a Lua module and as plain TeX, LaTeX, and
ConTeXt macro packages that can be used to directly typeset TeX documents
containing markdown markup. Unlike other converters, the Markdown package
does not require any external programs, and makes it easy to redefine how
each and every markdown element is rendered. Creative abuse of the markdown
syntax is encouraged.
pkg-vulnerabilities: add last 24 hours CVEs
+ chromium, go, openvpn, pgbouncer, png
python (fixed upstream / backport in progress / no stable release with fix)
qt5-declarative (not fixed and seems the open source version EOL),
qt6-declarative (backported, fix will be present in 6.10.2 once released),
webkit-gtk (no further details available in references, assume not fixed)
py-sybil: updatd to 9.3.0
9.3.0 (2 Dec 2025)
- Add support for MyST ``code-cell`` :ref:`directives <syntax/directives>`.
- Provide :func:`sybil.testing.check_sybil`, :func:`sybil.testing.check_parser` and
:func:`sybil.testing.check_lexer` to help test custom lexers and parsers.
- Add documentation around testing custom lexers and parsers.
py-cucumber-tag-expressions: updated to 8.1.0
8.1.0
Added
[.NET] Add a .NET implementation
Fixed
Render the empty tag expression as an empty string
Improve error message for missing operands
adguardhome: updated to 0.107.70
0.107.70
Security
Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.5.
Added
New field "start_time" in the GET /control/status response.
Changed
Stale records in optimistic DNS cache now have an upper age limit of 12 hours.
New blocked services UI.
Fixed
Generated mobileconfig could not be installed on macOS 26.1.
arti: update to 1.8.0.
# Arti 1.8.0 — 1 December 2025
Arti 1.8.0 continues work on relay and directory authority development.
This release introduces a new, usage-based timeout for strongly isolated circuits,
experimental [`tokio-console`] support, a new `arti hsc ctor-migrate` command,
and a configuration option for controlling which onion services to launch.
As usual, there are also various under-the-hood improvements and bug fixes.
png: update to 1.6.52.
Security fix release.
Version 1.6.52 [December 3, 2025]
Fixed CVE-2025-66293 (high severity):
Out-of-bounds read in `png_image_read_composite`.
(Reported by flyfish101 <flyfish101 at users.noreply.github.com>.)
Fixed the Paeth filter handling in the RISC-V RVV implementation.
(Reported by Filip Wasil; fixed by Liang Junzhao.)
Improved the performance of the RISC-V RVV implementation.
(Contributed by Liang Junzhao.)
Added allocation failure fuzzing to oss-fuzz.
(Contributed by Philippe Antoine.)
Update to version 9.1.1952.
Changes:
- patch 9.1.1952: tests: need better tests for tf files
- runtime(quarto): add missing loaded guard
- runtime(python): Highlight t-strings
- runtime(sml): Update syntax, improve special constant matching
- runtime(hog): set undo_ftplugin correctly, delete trailing whitespace
- patch 9.1.1951: tests: Test_windows_external_cmd_in_cwd() only run in huge builds
- patch 9.1.1950: tests: Test_tagjump.vim leaves swapfiles behind
- patch 9.1.1949: :stag does not use 'swichtbuf' option
- runtime(doc): Update vim9.txt Section 1
- patch 9.1.1948: Windows: Vim adds current directory to search path
- patch 9.1.1947: [security]: Windows: Vim may execute commands from current directory
- patch 9.1.1946: Cannot open the help in the current window
- patch 9.1.1945: tests: Test_getbufwintabinfo() leaves swapfiles behind
- patch 9.1.1944: getwininfo() does not return if statusline is visible
- runtime(doc): clarify the use of v:errormsg
- patch 9.1.1943: Memory leak with :breakadd expr
[754 lines not shown]
doc: move m68ksf support news to NEWS
CHANGES-* is picky about containing exactly the package names.
Such news should be added to doc/NEWS instead.
Noticed via www@ htutils/changes/pkg-changes2html script.
sysutils/broot: update to 1.54.0
- fix crash on rendering B&W images with Kitty image protocol
- don't match directories when a composite pattern has a content pattern, even negated (eg /js$/&!c/;: it's clear the user wants to match js files not containing a semicolon)
py-fsspec: updated to 2025.12.0
2025.12.0
Enhancements
- fsspec.parquet to support filters and multiple files
Fixes
- passing withdirs in aync _glob()
- fix _rm_file/_rm redirection in async
- allow arrowFile to be seekable
- add size attribute to arrowFile
Other
- support py3.14 and drop 3.9
- avoid ruff warning
