emulators/Ymir: drop support for FreeBSD 13
With FreeBSD 13 being EOL, the build fix regarding the OpenSSL version
constant is not needed anymore.
PORTREVISION bump not required because this fix only effected building
on FreeBSD < 14.
PR: 295120
Reported by: Stefan Schlosser <bsdcode at disroot.org> (maintainer)
Approved by: vvd (co-mentor)
[AA] No synchronization effects for never-escaping identified local (#193939)
Fences and other synchronizing operations (such as atomic accesses
stronger than monotonic) are modelled as reading and writing all memory,
in order to enforce their implied ordering constraints.
Currently, this happens even for identified function locals that do not
escape. This patch excludes those objects.
Notably, we can *not* reason based on captures-before here, because the
synchronizing operation still has an effect even if the object only
escapes *later*.
The hope here is that with this restriction in place, it may be viable
to respect potential synchronization inside non-nosync function calls.
[libc] Fix partial multi-byte write detection in File (#196402)
File::write_unlocked(const wchar_t*, size_t) checked 'write_res.value <
1' after writing a converted UTF-8 sequence. For multi-byte characters,
a short platform write (e.g. 2 of 3 bytes for a 3-byte character) passed
this check and was counted as a successful write. The output stream
would then contain an incomplete UTF-8 sequence with no error reported
to the caller.
Changed the check to 'write_res.value < char_size' and set the error
indicator on the stream when it triggers.
Added a regression test using a mock File subclass that limits
platform_write to 2 bytes per call, simulating short writes on pipes and
sockets.
Assisted-by: Automated tooling, human reviewed.
---------
Co-authored-by: Michael Jones <michaelrj at google.com>
py-traitlets: updated to 5.15.0
5.15.0
Enhancements made
- Moved definitions of K and V outside of TYPE_CHECKING condition
- Accept integer-valued numbers for Integer
- Update `__new__` method to use Self type for improved type hinting
- Fix whitespace formatting in CLI help.
Bugs fixed
- Fix `traitlets.__all__`
- The --config option with absolute paths will be loaded only once.
- Avoid using `return t.cast` which can prevent attribute access during process teardown
- Suppress exceptions when closing handlers during `__del__`
py-bidi: updated to 0.6.9
0.6.9
* Rust extension declares ``gil_used = false`` so it runs under free-threaded (no-GIL) Python [Meir Kriheli]
* Added concurrent stress test for ``get_display`` under free-threaded builds [Meir Kriheli]
* CI: optional cp313t/cp314t wheel builds when setup-python provides those interpreters; free-threaded test job prefers 3.14t with 3.13t fallback [Meir Kriheli]
* CI: Intel macOS wheels now built on macOS 15 (replacing macOS 13) [Meir Kriheli]
* Use ``uv`` for nox virtualenvs; add ``uv.lock`` and document uv-based dev setup in README and CONTRIBUTING [Meir Kriheli]
* Set ``requires-python = ">=3.9"`` explicitly in ``pyproject.toml`` [Meir Kriheli]
0.6.8
* Added missing 3.14 build for Linux
rsync: updated to 3.4.2
rsync 3.4.2 (28 Apr 2026)
Changes in this version:
SECURITY RELATED:
Several security-relevant defects were reported and fixed since 3.4.1. None were assigned a CVE — rsync's fork-per-connection design scopes the impact of each of these to the attacker's own connection, which is equivalent to the client closing the socket itself — but they are fixed here as a matter of hygiene and to reduce the chances of a future exploitable combination. Many thanks to the external researchers who reported these issues.
Fixed a signed integer overflow in the PROXY protocol v2 header parser: a negative len field could bypass the size check and cause a stack buffer overflow in read_buf(). Reported by John Walker of ZeroPath.
Fixed an invalid access to the files array. Reported by Calum Hutton of Rapid7.
Reject negative token values in the compressed-stream token decoder; a negative value could cause callers to misinterpret a missing data pointer as literal data. Reported by Will Sergeant.
Fixed the element count passed to the xattr qsort() (see https://www.openwall.com/lists/oss-security/2026/04/16/2).
Fixed a buffer underflow in clean_fname(), and added a regression test.
[60 lines not shown]
[LoopFusion] Remove SCEV-based dependence analysis path (#195864)
Loop Fusion has used Dependence Analysis (DA) as the default dependence
check since the option default was flipped in #187309. The SCEV-based
strategy and the combined "all" mode were retained only for fallback and
experimentation, with a comment noting that the SCEV code would be
removed in a follow-up.
This patch removes the SCEV-based dependence path and the now-unused
selector machinery.
Fixes #194821.
Assisted by Cursor.
