gspell: forward icu dependency in bl3.mk
Seems it's needed:
meson.build:66:13: ERROR: Dependency lookup for gspell-1 with method 'pkg-config' failed: Could not generate cflags for gspell-1:
Update devel/objfw to 1.5.6
Changes from ObjFW 1.5.5:
* Unpaired UTF-16 surrogates are now converted to WTF-8
* Collections now refuse to be inserted into themselves
* Fixes OFMutableData dropping the itemSize in one convenience initializer
* Fixes OFFileIRIHandler setting the UID to the GID
* Fixes handling of BOM in -[OFUTF8String initWithUTF8StringNoCopy:length:freeWhenDone:]
* OFMutableIndexSet now correctly inserts / removes from self
* OFMutableUTF8String now correctly appends and replaces self
* Fixes handling of TLS close notifications
* Fixes relocking the mutex in OFCondition on Windows
* Fixes searching for a handler after a cleanup in the runtime
* Fixes parsing JSON containing an exponent without a decimal point
* Call va_end() after va_copy() everywhere
* Default depth limit of all parsers increased from 32 to 128
* -[OFIRI fileSystemRepresentation] now rejects IRIs with a non-empty host, except on Windows where it is used for UNC
* Fixes setting a nil extraField in OFMutableZIPArchiveEntry
* Fixes setting a nil Amiga comment in OFMutableTarArchiveEntry
[4 lines not shown]
py-WebOb: updated to 1.8.10
1.8.10 (2026-06-02)
Security Fix
- The fix for CVE-2024-42353 was incomplete: a Location value containing
ASCII tab, carriage return, or line feed characters between consecutive
slashes could still be interpreted as a protocol-relative URL by
``urllib.parse.urljoin`` on Python 3.10+, allowing an open redirect.
tor: updated to 0.4.9.10
Changes in version 0.4.9.10 - 2026-06-23
Another release with an important security fix and major bugfixes. We
strongly recommend upgrading as soon as possible.
o Major bugfixes (conflux, security, TROVE):
- Reject a CONFLUX_LINK cell that arrives on a circuit which already
has attached streams. A malicious client could send a
RELAY_COMMAND_BEGIN before the CONFLUX_LINK on the same circuit,
attaching an exit stream that would later end up orphan leaving a
dangling circuit back-pointer and a use-after-free (UAF) when the
circuit is freed. TROVE-2026-025. Fixes bug 41258; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (client):
- Resume warning about unsafe socks protocols (socks4 or
socks5-not-hostname) when SafeSocks is not set. Also resume
warning every time when TestSocks is set. Fixes bug 41290; bugfix
[37 lines not shown]
misc/py-libtmux: Update to 0.58.1
## libtmux 0.58.1 (2026-06-16)
libtmux 0.58.1 restores compatibility with pytest 9.1. The bundled
pytest plugin no longer aborts at import time, so projects that rely on
libtmux's fixtures can move to the latest pytest without their test
suite failing before collection.
## libtmux 0.58.0 (2026-05-23)
libtmux 0.58.0 fixes subprocess output decoding on non-UTF-8 locales.
Both {class}`~libtmux.common.tmux_cmd` and
{class}`~libtmux._internal.control_mode.ControlMode` now enforce UTF-8
when reading tmux output, matching tmux's own encoding contract.
## libtmux 0.57.1 (2026-05-18)
Restores the "lenient-by-default" behavior for
[68 lines not shown]
