mail/dmarc-report-viewer: import dmarc-report-viewer-2.5.1
A lightweight selfhosted standalone DMARC report viewer that
automatically fetches input data periodically from an IMAP mailbox.
Ideal for smaller selfhosted mailservers to browse, visualize and
analyze the DMARC reports.
The application is a single fully statically linked executable
written in Rust. It combines a DMARC report parser with an IMAP
client and an HTTP server. The embedded HTTP server offers a web
UI for easy access and filtering of the reports.
Packaged by wiz as wip/dmarc-report-viewer.
dropbear: updated to 2026.91
2026.91 - 10 May 2026
- scp: Fix test for disallowing -r with existing target directory. The logic
introduced in 2026.90 was incorrect, could also disallow non-recursive
transfers.
- scp: Fix regression in 2026.90 building on older glibc or other libc.
reallocarray() was required, it is no longer needed.
- Compression is now disabled by default for dbclient. A new -o compression option
can enable it. DROPBEAR_CLI_COMPRESSION in localoptions.h can change the default.
Enabling compression can be a security weakness in some
circumstances, as the size of network traffic may leak information
about the encrypted data.
- Added '-Q' argument for dbclient and dropbear to query supported algorithms,
kex sig cipher mac compress
pcsc-lite: updated to 2.5.0
2.5.0: Ludovic Rousseau
27 May 2026
- Do not limit to 16 readers only
- Remove support of autotools
- Fix a crash when rescanning serial configs
- Fix a memory leak in Polkit
- tokenparser: avoid a crash with corrupted Info.plist files
- Some other minor improvements
py-google-auth-oauthlib: updated to 1.4.0
1.4.0 (2026-05-06)
Bug Fixes
Drop support for Python 3.9
replace deprecated utcfromtimestamp in google-auth-oauthlib
py-myst-parser: updated to 5.1.0
5.1.0 - 2026-05-13
New Features
- Add `"alert"` syntax extension for [GFM alerts](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts) (e.g. `> [!NOTE]`), see [](syntax/alerts)
- Add `"gfm_autolink"` syntax extension for [GFM autolinks](https://github.github.com/gfm/#autolinks-extension-), see [](syntax/gfm-autolink)
- Add `myst_strikethrough_single_tilde` [config option](sphinx/config-options) to allow single tilde (`~`) for strikethrough
- Add `myst_colon_fence_exact_match` [config option](sphinx/config-options) to require the closing colon fence to have exactly the same number of colons as the opening, see [](syntax/colon_fence)
Improvements
- Update [`myst_gfm_only`](sphinx/config-options) mode to use the unified `gfm_plugin`, which now includes GFM autolinks, alerts, and improved strikethrough/tasklist handling
- Improve MathJax 4 compatibility for Sphinx 9
- Stop directive-option parsing at colon fences, fixing nested colon fence directives
Bug Fixes
[4 lines not shown]
py-sphinx-issues: updated to 6.0.0
6.0.0 (2026-03-13)
Backwards-incompatible: Remove implicit extraction of group/project from GitHub URLs in issues_uri. If you relied on setting _only_ issues_uri (e.g. https://github.com/myuser/myproject/issues/{issue}) without also setting issues_github_path or issues_default_group_project, you must now explicitly set one of those options in your conf.py:
Before:
issues_uri = "https://github.com/myuser/myproject/issues/{issue}"
After:
issues_github_path = "myuser/myproject"
Support Python 3.10-3.14. 3.9 is no longer supported, as it is EOL.
Pin lower bound of Sphinx to 8.1.0 (see "Sphinx version support policy above").
py-tornado: updated to 6.5.6
6.5.6
Security fixes
SimpleAsyncHTTPClient now strips the Authorization and Cookie headers from the request when following a redirect to a different origin. This matches the default behavior of CurlAsyncHTTPClient. Applications that need different behavior here can set follow_redirects=False and handle redirects manually. Thanks to [Yannick Wang](https://github.com/noobone123) for being first to report this issue, as well as additional reporters [Kai Aizen](https://github.com/SnailSploit), [HunSec](https://github.com/0xHunSec), and [Thai Son Dinh](https://github.com/sondt99).
SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size of the response, rather than the compressed size. This prevents a denial-of-service attack via a very large compressed response. Thanks to [Yuichiro Kedashiro](https://github.com/yuui25) for reporting this issue.
Fixed a bug in the C extension that could have read up to three bytes past the end of an input array. Thanks to [Thai Son Dinh](https://github.com/sondt99) for reporting this issue.
OpenIDMixin has improved parsing for the check_authentication response. Thanks to [Yannick Wang](https://github.com/noobone123) for reporting this issue.
Bug fixes
CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding deprecation warnings with recent versions of pycurl.
py-apache-libcloud: updated to 3.9.1
Changes in Apache Libcloud 3.9.1
Compute
- [VSphere] Add verify_ssl option
Add verify_ssl option, to enable the user to avoid SSL verification explicitly.
- [OpenStack] Initial Blazar support
This is an initial implementation of Blazar support in Libcloud. It currently
supports listing the available leases and hosts.
- [Azure ARM] Update US GovCloud AD endpoint for AZURE_ARM provider.
- [OpenStack] Add hypervisor_hostname attribute to OpenStack node.
- [GCP] Use the fully-qualified name for the GCP IMDS endpoint.
- [Azure ARM, Amazon S3] Add signed upload to azure and s3.
- [RcodeZero]: Fix issue when adding a record where a record with a different type already exists
DNS
[8 lines not shown]
py-sphinx-autodoc-typehints: updated to 3.10.3
3.10.3
Show version in error tracebacks
Support PEP 695 type statement and python 3.12+ TypeAliasType
Fix typehints_formatter cache warning
fix(stubs): resolve type hints for PyO3 native submodules
py-test_socket: updated to 0.8.0
0.8.0
Enhancements:
Block DNS resolution (getaddrinfo, gethostbyname) when sockets are disabled
Support CIDR network ranges in allow_hosts
Warn before raising on a blocked socket call
Cache hostname resolutions during a test run
Changes:
Removed support for Python 3.8 and 3.9. Python 3.10 is now the minimum.
Test against Python 3.13, 3.14, and free-threaded 3.13t/3.14t
Replaced Poetry with uv
Added type hints
Swapped pytest-httpbin for a local test fixture
Dependency, CI, and development updates
cargo-deny: added version 0.19.8
cargo-deny is a cargo plugin that lets you lint your project's dependency graph
to ensure all your dependencies conform to your expectations and requirements.
www/freenginx-devel: update from 1.31.1 to 1.31.2
Sponsored by: tipi.work
<ChangeLog>
*) Bugfix: a segmentation fault might occur in a worker process if
nested captures were used in the "rewrite" directive.
*) Bugfix: the "if" directive incorrectly handled relative paths when
checking files.
</ChangeLog>
libde265: updated to 1.1.0
1.1.0
Added de265_security_limits parameters to limit the maximum image size and memory that libde265 will use during decoding.
Security fixes
CVE TBD (GHSA-g2rg-wj66-w594) - Out-of-bounds write in process_reference_picture_set via predicted short-term RPS
CVE TBD (GHSA-vv8h-932h-7r86) - Heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow
CVE TBD (GHSA-g5hj-rf9f-7vxm) - Unbounded memory accumulation via orphaned slice headers in read_slice_NAL
(GHSA-x27c-jp65-g395) - Quadratic CPU consumption in NAL parser (remove_stuffing_bytes, resize)
