powerdns: Update to 5.1.2
Released: 25th of June 2026
This is release 5.1.2 of the Authoritative Server. It contains a security fix only.
Please review the Upgrade Notes before upgrading from versions < 5.1.x.
Bug Fixes
Fix PowerDNS Security Advisory 2026-07 for PowerDNS Authoritative Server
dnsdist: Update to 2.0.7
Released: 25th of June 2026
Bug Fixes
CVE-2026-42005: An attacker can send a web request that causes unlimited memory allocation in the internal web server,
leading to a denial of service. The internal web server is disabled by default.
CVE-2026-40210: An out-of-bounds read might happen when SetMacAddrAction is used,
potentially resulting in uninitialized memory being sent over the network or a crash.
CVE-2026-40209: An attacker might be able to cause outgoing TCP connections to backend to be
stuck until a timeout occurs instead of being released immediately by sending IXFR queries.
This could be used to cause a denial of service if there is a limit to the number of
concurrent connections to this backend, or if the process runs out of file descriptors.
CVE-2026-42004: An attacker can send a crafted EDNS OPT record that will be ignored by
DNSdist�s filtering rules, but will be rewritten as a valid OPT record when EDNS Client
Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.
[11 lines not shown]
textproc/rucola: update to 0.10.0
Release Notes
Added a diary option by GitHub user robin-thoene
Added a configuration option to enable the daily diary.
Added a keybinding that creates a diary note and opens it in the editor or display screen.
Added a configuration option to determine the format of the title of the diary note.
Added a configuration option to set the initial content of the diary note.
Added an option to copy (i.e. duplicate) notes in the select and display screen
If a note is copied and its filename contains a valid date string (e.g. %F), it will be replaced by chrono during the copy.
Otherwise, copy_ will be prepended to the new file name.
This can be used to create templates for e.g. monthly or weekly notes and quickly copy them, in addition to the daily note system outlined above.
py-sybil: updated to 10.1.0
10.1.0 (13 Jun 2026)
- Ignore trailing whitespace in doctest output by default, see
:data:`~sybil.evaluators.doctest.KEEP_TRAILING_WHITESPACE` if you need whitespace sensitivity.
- Make :func:`~sybil.testing.run_pytest` runs immune to ambient color environment variables.
py-vcs-versioning: updated to 2.2.0
2.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests to setuptools-scm where the entry points are registered.
fuse-emulator: updated to 1.9.0
1.9.0
* New features:
* Add NTSC TV and replace the PAL TV filters (derived from
snes_ntsc by Shay Green)
* Emulation core improvements:
* Tape traps: set the pulse level correctly after loading a ROM
block.
* TZX handling: don't ignore the embedded pause at the end of a
block.
* Release pressed keys after snapshot restore.
* UI improvements:
* GTK3: stop forcing X11 over Wayland (Alberto Garcia).
* SDL2: use layout-aware key mapping in keyboard handling
(Fredrick Meunier).
[36 lines not shown]
libspectrum: updated to 1.6.2
1.6.2
* Fix TZX pulse handling by starting blocks with the pulse level set to
low by default.
* Improve tape block handling by adding CONCAT block support to block
descriptions and edge generation, and fixing related memory leaks in
CONCAT, PULS and PZXT block handling (Fredrick Meunier).
* Various minor bug fixes/improvements:
* Split TZX PULSE_SEQUENCE blocks when needed to keep single-repeat
pulse counts within format limits (Fredrick Meunier).
* Fix error-path memory handling in CSW, SZX and RZX readers
(Fredrick Meunier).
* Improve TZX/PZX string and write handling, including bulk string
writes and simpler NUL-terminated string parsing (Fredrick
Meunier).
[7 lines not shown]
py-hypothesis: updated to 6.155.7
6.155.7 - 2026-06-21
This patch fixes a thread-safety bug where concurrent use of the same strategy instance could error in rare cases.
6.155.6 - 2026-06-19
This patch replaces some internal %-style string formatting with f-strings. There is no user-visible change.
6.155.5 - 2026-06-18
dates() now raises InvalidArgument if a datetime is passed as min_value or max_value. Because datetime is a subclass of date, such bounds were previously accepted and then failed with a confusing TypeError while generating examples.
6.155.4 - 2026-06-18
This patch removes a stray print() which fired whenever a dates() filter was rewritten.
py-setuptools_scm: updated to 10.2.0
10.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered.
py-mutagen: updated to 1.48.1
1.48.1 - 2026-06-25
* Revert: ``ID3: Fix saving ID3v2 comment fields from COMM:desc:lang tags``
to fix duplicated COMM frames in some cases.
Update nsd to version 4.14.3.
Pkgsrc changes:
* Checksum changes.
Upstream changes:
4.14.3
================
FEATURES:
BUG FIXES:
- Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap
overflow of up to 65509 attacker controlled bytes.
Thanks to Qifan Zhang, Palo Alto Networks for the report
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
- Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a
client that performs a TLS action, closing the connection early,
causes a crash and restart of the server process. An attacker can
keep all children in a crash-restart loop denying DoT service.
[12 lines not shown]
www/resterm: Update to v0.44.1
v0.44.1
Better error diagnostics
RTS expression errors now show exactly where they happened in the file.
This also covers @for-each and {{= }} templates which previously reported errors without a location.
error[script]: undefined name "missing"
--> requests.http:14:21
14 | # @for-each item in missing.value
Modal error handling
API errors, such as 4xx and 5xx responses and failed requests no longer open a popup which was unneccecery
since error rapporting already shows up in the response tab. A duplicate statusline error message was also removed.
Internal
RTS engine was refactored so the TUI, CLI and headless modes now share one execution path instead of keeping separate copies.
