py-django-formtools: updated to 2.7
2.7.0 (2026-07-09)
- Fixed a regression in 2.6.x with ``get_form_list()`` caching not allowing
``form_list`` mutations.
- Dropped support for Python < 3.10 and Django < 5.2
py-django-stubs-ext: updated to 6.0.6
6.0.6
Fix task decorator typing for takes_context=True
Improve database backend typing
Fix only pk validation for abstract models
Make validators consistent
Allow aggregate filters to use expressions
Typecheck save()/asave() update_fields against model fields
py-django-polymorphic: updated to 4.11.6
4.11.6
Bump the gha-updates group with 6 updates
Bump starlette from 1.2.1 to 1.3.1
Bump cryptography from 48.0.0 to 48.0.1
Bump the gha-updates group with 6 updates
fix: KeyError when accessing fields deferred by base manager
widelands: direct download URL doesn't work
use distfile generated when clicking the download link
Bump PKGREVISION because for some reason, it differs to the recorded
data.
pkgconf: update to 3.0.2.
Changes from 3.0.1 to 3.0.2:
----------------------------
* Fix build on systems where readlinkat(2) is missing, such as Illumos when
built without appropriate CFLAGS.
* Fix detection of readlinkat(2) on systems where it is gated behind
_ATFILE_SOURCE, such as on certain builds of Illumos.
Pullup ticket #7156 - requested by bsiegert
graphics/lerc: Security fix
Revisions pulled up:
- graphics/lerc/Makefile 1.3
- graphics/lerc/distinfo 1.4
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jul 3 16:31:33 UTC 2026
Modified Files:
pkgsrc/graphics/lerc: Makefile distinfo
Log Message:
lerc: update to 4.1.1
Fixed two security issues and some minor bugs.
(The changelog does not say what they are!)
py-tree-sitter: updated to 0.26.0
0.26.0
Additions:
Point.edit()
Point.__repr__()
QueryCursor.set_containing_byte_range()
QueryCursor.set_containing_point_range()
Range.edit()
tree_sitter.__version__
Removals:
Language.version: use Language.abi_version !
Language.query(source): use Query(language, source) !
Parser.timeout_micros: use the progress_callback in parse() !
QueryCursor.timeout_micros: use the progress_callback in matches() or captures() !
[4 lines not shown]
radsecproxy: updated to 1.11.3
1.11.3
Bug Fixes:
- Fix Message-Authenticator validation for Accounting-Request
- Fix DtlsVersion config
- Fix Request-/Response Authenticator for recognized but unsupported types
- Fix fail if outgoing radius message is too big
- Fix Status-Server might not work when using RequireMessageAuthenticator
- Fix crash on startup when log file is not writable
- Fix DTLS reconnect loop
Misc:
- Improve message decode/verification error logging
- Don't fail startup when config include glob finds 0 files
- Maintain compatibility with nettle-4
- Maintain compatibility with OpenSSL 4
adguardhome: updated to 0.107.78
0.107.78
Security
AdGuard Home is now more resistant to JIGGLE attacks.
This is GHSA-p5f5-3p5g-rfjw. We thank @Nora-Qiu for reporting this security issue.
AdGuard Home now validates responses from DoH upstreams more strictly.
This is GHSA-4qjf-2hgm-92q6. We thank @wallace0409 for reporting this security issue.
QUIC connections are now protected from unbounded reads.
This is GHSA-qr92-rwvw-mhgh and GHSA-cccx-2r6r-m9r4. We thank @wallace0409 for reporting this security issue.
AdGuard Home now validates responses from DNSCrypt upstreams more strictly.
[27 lines not shown]
zxing-cpp: update to 3.1.0.
(libreoffice still builds.)
Changes:
New/Improved Symbologies
Added decoder support for Telepen symbology
Added decoder support for MicroPDF417 (sponsored by Allied Vision Konstanz GmbH)
Greatly improved Aztec detector for large, non-flat symbols by evaluating internal timing patterns
Greatly improved DataMatrix detector for large, non-flat symbols by evaluating internal alignment patterns
Major improvement in QRCode detection of many small symbols in a single image
New/Improved wrappers
Added a Go wrapper
Switched from pybind11 to nanobind in Python wrapper code (enhanced IDE support, faster build times, smaller binaries, free-threaded Python support)
[33 lines not shown]
lame: drop patches/patch-libmp3lame_lame.c, obsoleted upstream
I got direct communication from upstream that the underlying issue is
handled in a more robust manner elsewhere already. Dropping the old
patch.