p5-ack: update to 3.10.0.
v3.10.0 Sun Jun 7 11:50:37 CDT 2026
========================================
[SECURITY]
CVE-2026-49147: filename ANSI escape sequences
CVE-2026-49146: project .ackrc -A -B -C memory exhaustion
CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration
[FIXES]
Fixed a bug where types set in the .ackrc could not be overridden from the
command line. Thanks, Dmitri Vereshchagin. (GH #393)
v3.9.0 Mon May 26 15:02:57 CDT 2025
========================================
The --not option can be used with either --and or --or.
The -g option can now use any of the boolean options, --and, --or or --not.
[39 lines not shown]
p5-YAML-PP: update to 0.41.0.
v0.41.0 2026-06-17 22:01:34+02:00
- tests: replace Test::Warn with Test::Warnings (PR #59, @haarg)
- Fix test suite tag data
v0.40.0 2026-04-24 16:51:28+02:00
- Security: Limit default allowed maximum nesting level.
Set it via new option 'max_depth'.
v0.39.0 2025-02-10 00:01:45+01:00
- Allow unknown tags again, reverting the previous change in v0.38.1 which
only was supposed to be a dev release
- Add new option require_footer
v0.38.1 2025-01-25 00:30:13+01:00
[17 lines not shown]
www/freenginx-devel: update from 1.31.2 to 1.31.3
Sponsored by: tipi.work
<ChangeLog>
*) Feature: additional checks are now used during variable substitution,
including during execution of the ngx_http_rewrite_module directives,
to prevent buffer overruns in case of errors in the code.
*) Bugfix: if the "auth_request_set" directive or regular expression
named captures were used to change prefix variables, such as
"$http_...", corresponding variables became empty in other parts of
the configuration.
*) Bugfix: changing the $limit_rate and $args variables with the
"auth_request_set" directive or regular expression named captures
worked incorrectly.
[23 lines not shown]
go: update to 1.26.5 and 1.25.12 (security)
These releases include 2 security fixes following the security policy:
- os: Root escape via symlink plus trailing slash
On Unix systems, opening a file in an os.Root improperly
followed symlinks to locations outside of the Root when
the final path component of the a path is a symbolic link
and the path ends in /.
For example, root.Open("symlink/") would open "symlink" even when
"symlink" is a symbolic link pointing outside of the root.
On Unix, openat(fd, path, O_NOFOLLOW) will follow symlinks
in path when path ends in a /. Root failed to account for
this behavior, permitting paths with a trailing / to escape.
It now properly sanitizes the path parameter provided to openat.
[18 lines not shown]
py-mocket: updated to 3.14.2
3.14.2
tests: add tests for hexdump and hexload, including ValueError on invalid hex
Better can_handle_fun documentation
Raise an error when both can_handle_fun and match_querystring are used
games/ajbsp: Update to 1.05
* support UDMF maps, creating XGL3 nodes
* better ability to embed as a library
* lots of code improvements, require C++11 now
* a facility for source ports: XWA files
news/canlock-hp: Update to 3.3.3
- Replace CC0 license with NLPL license for documentation files because
Fedora project does not accept CC0 for documentation (reported by
Dominik 'Rathann' Mierzejewski)
news/libcanlock: Update to 3.3.3
- Replace CC0 license with NLPL license for documentation files because
Fedora project does not accept CC0 for documentation (reported by
Dominik 'Rathann' Mierzejewski)
devel/php-libawl : Update to official release 0.65
Since we are already at 0.65, just bump PKGREVISION.
From upstream's changelog:
2026-03-24 Florian Schlichting <fsfs at debian.org>
* update AWLUtilities.php.in to match what we have in AWLUtilities.php
* acknowledge Debian NMU 0.64-1.1
* release awl 0.65
2024-07-23 Rene Kudlek <rene.kudlek at iserv.eu>
* Don't use PHP 7.0 features
* Perform null check on timezone_identifiers_list_cache in AWLUtilities