security/py-slip10: Add new port
slip10 is a reference implementation of the SLIP-0010 specification,
which generalizes BIP-0032 hierarchical deterministic key derivation for
multiple curves, including secp256k1, NIST P-256, ed25519, and
curve25519.
It supports deriving extended private and public keys along standard
paths and can operate from either seed material or serialized extended
keys.
security/py-shamir-mnemonic: Add new port
shamir-mnemonic is a Python implementation of SLIP-0039, a standard for
splitting secrets into multiple mnemonic word shares using Shamir's
Secret Sharing scheme.
It is designed primarily for use with cryptocurrency wallets and
hardware devices, enabling secure backup and recovery of sensitive
secrets through human-readable word lists.
The library provides tools for generating mnemonic shares, combining
shares to recover secrets, and validating share sets, while remaining
compatible with SLIP-0039 implementations used by Trezor and related
ecosystems.
[X86] broadcast-elm-cross-splat-vec.ll - avoid AND(ADD(X,1),1) pattern in tests (#181638)
This will fold to AND(NOT(X),1) in an upcoming fold, defeating the
purpose of the repeated constant tests
py-gunicorn: updated to 25.1.0
25.1.0 - 2026-02-13
New Features
- **Control Interface (gunicornc)**: Add interactive control interface for managing
running Gunicorn instances, similar to birdc for BIRD routing daemon
- Unix socket-based communication with JSON protocol
- Interactive mode with readline support and command history
- Commands: `show all/workers/dirty/config/stats/listeners`
- Worker management: `worker add/remove/kill`, `dirty add/remove`
- Server control: `reload`, `reopen`, `shutdown`
- New settings: `--control-socket`, `--control-socket-mode`, `--no-control-socket`
- New CLI tool: `gunicornc` for connecting to control socket
- See [Control Interface Guide](guides/gunicornc.md) for details
- **Dirty Stash**: Add global shared state between workers via `dirty.stash`
- In-memory key-value store accessible by all workers
[22 lines not shown]
slumber: update to 5.0.0.
[5.0.0] - 2026-02-14
5.0 is a huge release that focuses on two main areas:
A major refactor of the TUI includes:
A new layout with a collapsible sidebar to speed up navigation
Query/export command history navigation (similar to shell history)
QoL improvements such as selecting list items by click
CLI commands have been reorganized to be more consistent and discoverable
pgpdump: updated to 0.37
0.37 2027/02/12
Fix incorrect TAG_NUM macro causing out-of-bounds access.
Fix C23 compatibility.
Use Automake to run tests, and other test improvements.
Use Automake, and other build improvements.
*.c and *.h is now in src/.
0.36 2024/01/29
Skipping file to process when first/CTB is zero
Inserting "memset" for ELLIP_CURVES
0.35 2022/02/28
Adding BrainPool-384/512 curve definitions.
[6 lines not shown]
rumdl: update to 0.1.21.
## [0.1.21] - 2026-02-14
### Added
- **CLI**: New `full` output format with ruff-style source line display showing
offending lines with caret underlines
([#425](https://github.com/rvben/rumdl/issues/425))
- **GitHub Action**: Add generic `args` input for passing extra CLI flags like
`--output-format json`
([#406](https://github.com/rvben/rumdl/issues/406))
- **MD060**: `loose-last-column` now caps last column width at header text width —
body cells shorter than header are padded, longer cells extend beyond
([#424](https://github.com/rvben/rumdl/issues/424))
### Changed
- **CLI**: `--output-format` help text now documents all available formats with
[177 lines not shown]
py-django4: updated to 4.2.28
Django 4.2.28 fixes three security issues with severity “high”, two security issues with severity “moderate”, and one security issue with severity “low” in 4.2.27.
CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack.
This issue has severity “low” according to the Django security policy.
CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage.
This issue has severity “moderate” according to the Django security policy.
CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Raster lookups on GIS fields (only implemented on PostGIS) were subject to SQL injection if untrusted data was used as a band index.
[20 lines not shown]
py-django: updated to 5.2.11
5.2.11
Django 5.2.11 fixes three security issues with severity “high”, two security issues with severity “moderate”, and one security issue with severity “low” in 5.2.10.
CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack.
This issue has severity “low” according to the Django security policy.
CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage.
This issue has severity “moderate” according to the Django security policy.
CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
[22 lines not shown]
py-apache-libcloud: updated to 3.9.0
Changes in Apache Libcloud 3.9.0
Common
- Support for Python 3.9 which is EOL has been removed.
If you still want to use Libcloud with Python 3.9, you should use an older
release which still supports Python 3.9.
- Indicate we also support Python 3.12 (non beta) and Python 3.13.
- Support for Python 3.8 which is EOL has been removed.
If you still want to use Libcloud with Python 3.8, you should use an older
release which still supports Python 3.8.
- Support for Python 3.7 which is EOL has been removed.
[18 lines not shown]
py-rdflib: updated to 7.6.0
7.6.0
This release introduces a new major feature: GraphDB integration via the Python
GraphDB Client. Users can now manage GraphDB instances and perform
administrative tasks directly from Python. As GraphDB also supports the RDF4J
REST API, users may utilize the recently released RDF4J Client and Store with
GraphDB instances. For more details, see the new RDFLib GraphDB documentation
under the extras section of the RDFLib documentation.
This release also includes a number of fixes to Graph.cbd() and Turtle-related
serializers. Thanks to @mgberg and @lisat-dstg, the affected code is now more
standards-compliant.
At the request of users, the recently introduced CLI tool sq has been renamed
to sparqlquery to avoid conflicts with existing well-known packages.
Other maintenance tasks include updating all CI actions to the latest versions
[2 lines not shown]