textproc/typst: update to 0.14.2
Version 0.14.2 (December 12, 2025)
Security
Updated the WebAssembly runtime used for executing plugins. The version used in Typst 0.14.0 and 0.14.1 suffers from a memory handling vulnerability. Based on our investigation, the vulnerability would be very hard to exploit in practice, but an exploit could theoretically be feasible. In any case, we recommend upgrading to Typst 0.14.2. This holds in particular for local users. In the web app, the bug is not critical as the browser offers an extra layer of protection.
Typst 0.13.1 and below are not affected by this vulnerability.
Technical details: The wasmi WebAssembly runtime versions used in 0.14.0 and 0.14.1 have a use-after-free memory handling bug in certain memory growth situations. Specifically, the bug occurs when the plugin tries to grow its memory, but allocating the requested amount of memory fails. Based on our investigation, the bug is hard to trigger in practice as the WebAssembly linear memory is always limited to 4GB on a technical level and modern operating systems rarely fail to serve a 4GB memory allocation request (typically not even under RAM pressure). Once the bug is triggered, it would also still be very challenging to turn it into an actual exploit. Regardless, we recommend upgrading to Typst 0.14.2 for protection against a potential exploit.
Diagnostics
Added a hint when array.sorted fails because a pair of elements could not be compared. This hint aids with fixing bugs in user code that were surfaced by a change in internal sorting behavior in Typst 0.14.1.
textproc/treemd: update to 0.5.2
[0.5.2] - 2025-12-12
Fixed regression from 0.5.1
[0.5.1] - 2025-12-12
Fixed
Search navigation after locking in results - Fixed n/N and Tab/Shift+Tab not cycling through matches after pressing Enter to accept search
Added missing keybindings in DocSearch mode for match navigation
Both outline search (s) and content search (/) now properly support cycling
Escape clears search instead of quitting - When search is locked in (after pressing Enter), Escape now clears the search and returns to normal mode instead of exiting the application
Re-enter search input with / - After locking in a search, pressing / re-enters input mode to edit the query (keeps existing query)
Added
Shift+Tab keybinding in Normal mode for ToggleFocusBack action
[113 lines not shown]
devel/seri: update to 0.5.6
What's Changed
Fix Linux clipboard persistence and enable native Wayland support by PiasekDev in #110
Support GoToParent action in Detail and UserCommand views by lusingander in #111
wm/lefthk: update to 0.3.1
Minor version bump for updates made as part of 1.92.0 release: https://releases.rs/docs/1.92.0/.
What's Changed
- chore: update dependencies (ron to 0.11) by @mautamu in #44
- chore: update for rust 1.92.0 by @mautamu in #45
NOTE for pkgsrc: This does not affect MSRV, it simply silences 1.92 clippy.
py-fonttools: updated to 4.61.1
4.61.1 (released 2025-12-12)
- [otlLib] buildCoverage: return empty Coverage instead of None
- [instancer] bug fix in ``avar2`` full instancing
- [designspaceLib] Preserve empty conditionsets when serializing to XML
- [fontBu ilder] Fix FontBuilder ``setupOS2()`` default params globally polluted
- [ttFont] Add more typing annotations to ttFont, xmlWriter, sfnt, varLib.models and others
- Explicitly test and declare support for Python 3.14, even though we were already shipping pre-built wheels for it
py-tzdata: updated to 2025.3
Version 2025.3
Upstream version 2025c released 2025-12-10T22:42:37+00:00
Briefly:
Several code changes for compatibility with FreeBSD.
Changes to past timestamps
Baja California agreed with California’s DST rules in 1953 and in 1961 through
1975, instead of observing standard time all year. (Thanks to Alois Treindl.)
Changes to commentary
The leapseconds file contains commentary about the IERS and NIST last-modified
and expiration timestamps for leap second data. (Thanks to Judah Levine.)
[4 lines not shown]
shells/fish3: reimport fish 3.x branch as fish3
fish is a user friendly command line shell for UNIX-like operating
systems, written mainly with interactive use in mind. It differs
from other shells in that it only provides as few commands as
built-ins as possible and has a daemon which allows it to have
shared variables and command-line history between shell instances.
It also features feature-rich tab-completion and has command-line
syntax highlighting.
This is the old 3.x branch of the fish shell, written in C++.
Unmaintained and no longer supported upstream, but kept in pkgsrc
for portability with platforms where a Rust compiler might not be
available.
