giflib*: update to 6.1.2
Version 6.1.2
=============
Code Fixes
----------
* Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
but not the core library - library clients need not be alarned.
Version 6.1.1
=============
This release bumps the major version, but only one entry point -
EGifSpew() - has changed signature and behavior (in order to be able
to pass out a detailed error code). The internal error
codes in the E_GIF_ERR series have changed value so none of them
collides with GIF_ERROR.
[66 lines not shown]
shells/oh-my-posh: update to 29.8.0
Bug Fixes
spotify: use correct D-Bus interface name on Linux (3c44733), closes #7365
theme: align socials icons and add bluesky instead of at (8857a5c)
zsh: prevent stream process from inheriting parent stdin (40164ef)
Features
lint markfown with vale (57df69a)
net/xfr: update to 0.9.3
Added
- Server --bind flag (#38) — xfr serve --bind <IP> binds TCP, QUIC, and UDP data listeners to a specific address.
Validates against -4/-6 flags and rejects unspecified addresses (::, 0.0.0.0).
Changed
- Server sends random payloads (#34) — server-side TCP and UDP send paths now use random bytes by default in
reverse and bidirectional modes, matching the client's default-on behavior.
Fixed
- QUIC dual-stack on Windows (#39) — QUIC server endpoint now creates its UDP socket via socket2 with explicit
IPV6_V6ONLY handling instead of relying on Quinn's Endpoint::server(). On Windows/macOS where IPV6_V6ONLY defaults
to true, binding to [::] would only accept IPv6 connections.
- Server random payload on single-port TCP reverse (#34) — the single-port TCP handler (DataHello path used by all
modern clients) was missing random_payload = true, causing reverse-mode downloads to still send zeros.
[4 lines not shown]
www/freenginx-devel: update from 1.29.5 to 1.29.6
Sponsored by: tipi.work
<ChangeLog>
*) Bugfix: incorrect "upstream server temporarily disabled" messages
might be logged when using variables in the "proxy_pass" directive.
*) Bugfix: retrying a request to the next gRPC upstream server might not
work correctly.
Thanks to David Carlier.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_xslt_filter_module was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used.
[6 lines not shown]
security/cargo-auditable: import package
Know the exact crate versions used to build your Rust executable. Audit binaries
for known bugs or security vulnerabilities in production, at scale, with zero
bookkeeping.
This works by embedding data about the dependency tree in JSON format into a
dedicated linker section of the compiled executable.
devel/cargo-nextest: update to 0.9.130
Added
Nextest now sets several new environment variables for tests and setup scripts: (#3103)
NEXTEST_VERSION: the current nextest version as a semver string.
NEXTEST_REQUIRED_VERSION and NEXTEST_RECOMMENDED_VERSION: the minimum required and recommended nextest versions from the repository's nextest-version configuration. If not configured, the value is "none".
NEXTEST_TEST_THREADS: the computed number of test threads for this run.
NEXTEST_WORKSPACE_ROOT: the absolute path to the workspace root (respects --workspace-remap).
Nextest now sets CARGO_BIN_EXE_<name> at runtime for integration tests and benchmarks, matching cargo test in Rust 1.94 and above. Nextest sets this variable on all Rust versions. (#3137)
Previously, nextest only set NEXTEST_BIN_EXE_<name>, which remains available (and, with underscores, continues to be the recommended form). The CARGO_BIN_EXE_<name> form improves compatibility with tests written for cargo test.
Changed
The automatic migration of recorded test runs from the cache directory to the state directory, introduced in version 0.9.126, has been removed. Records in the old cache directory location will no longer be migrated. (#3101)
Fixed
[9 lines not shown]
shfmt: updated to 3.13.0
3.13.0
This release introduces support for Zsh in the parser and formatter, which was
tracked in issue 120 alongside the label zsh . While support is not complete,
it should be far enough for many use cases.
ugrep: updated to 7.6.0
7.6.0
new options --max-size and min-size to search files whose physical size is in the specified MIN and/or MAX range
fix zsh completion syntax error
update option --ignore-file to ignore files and directories specified in an .gitignore file as an absolute /glob to ignore those matching the glob under its sub-directories
fix emulation of GNU grep option -z (--null-data) to match newlines (zero bytes internally) with pattern \s (space), which requires non-standard regex behavior internally to include matching zero bytes with pattern \s
update --ignore-file=FILE to accept a FILE pathname to a non-local gitignore FILE that applies globally to ignore files and directories, similar to --exclude-from=FILE, but with the minor difference that gitignore rules match both files and directories with a single glob
fix third-party sourced zopen.c library (BSD open source) one-byte read beyond its allocated struct s_zstate state variable in getcode()
fix -m (--max-count) with context options -A or -C sometimes producing garbled after-context output that may cause a crash in the worst case
fix reverse sort by date --sort=rchanged and --sort=rcreated not recognized by the TUI at startup
update ugrep to search named pipe files specified as arguments on the command line instead of skipping them by default, such as process substitutions; also improve Linux special system files /proc and /sys skipping and/or reading and option -z file read error handling to avoid possible pipe fd leaks when thousands of /proc files are searched that produce (expected) read errors
support option --no-empty while using full grep-emulation mode, i.e. when ugrep is renamed to grep
py-rst2pdf: updated to 0.105
0.105 (2026-01-09)
* Changed: We have updated our dependencies to support the latest version of packaging (v)26 and pytest (v9)
