Properly export the bitmap count and size.
I decided to not pull in rdemem into bitmap.c so instead create
bitmap_get_stats() which is called in the IMSG_CTL_SHOW_RIB_MEM
handler to update the rdemem stats before the exporting them.
OK tb@
let's take chardet back to 5.2.0 for now, 6.0.0 which we were using has
some performance regressions. also add comments linking to issues with
vibe-coded 7.x (incompatibility, serious startup speed issues, licensing
issues to be resolved).
jujutsu: avoid permission problems when using a jj work tree
If it exists, the "secure config" of a jj repo is stored in the 0600 file
.jj/repo/config-id which leads to permission problems if jj is run from
that repo with another user than the repo owner. This happens in particular
with PORTS_PRIVSEP if the ports tree is a jj work tree. So run jj from /tmp
to generate the man pages and the shell completions. This will still break
if you use jj to manage / or /tmp, but that's rather unlikely...
reported/tested/tweaked/ok semarie
mlkem: use timingsafe_memcmp() in decapsulation
Replace memcmp() with timingsafe_memcmp() when comparing the
re-encrypted ciphertext.
FIPS 203 Section 6.3 defines this comparison result as a secret piece
of intermediate data that must not be revealed in any form.
ok tb
add patch from upstream PR also needed to loosen tinycss2 version spec
when bleach is listed as a dependency via "bleach[css]"
reported by naddy->daniel
Do not use recallocarray because the stored size may have changed during
reflow so may not match what it expects, fixes crash reported by Caspar
Schutijser.
zlib: zero out allocation to avoid info leak (part of ZLB-01-003)
commit ecbaf031f81ddfcff200dcfd052df48c9047f3cf
Author: Mark Adler <git at madler.net>
Date: Sun Jan 11 09:46:29 2026 -0800
Zero inflate state on allocation.
To further guard against the propagation of uninitialized memory.
inflateCopy: fix a heap info leak (part of ZLB-01-003)
commit 3509ab515f29002f64455d6e34e19df0c16b1707
Author: Mark Adler <git at madler.net>
Date: Sun Dec 21 18:34:14 2025 -0800
Copy only the initialized window contents in inflateCopy.
To avoid the propagation and possible disclosure of uninitialized
memory contents.
version 6.1 does not link with base-gcc, erroring out with
"multiple definition of `ub_bsearch'"
Move to ports-gcc on gcc arches to fix build on sparc64