py-pdf: updated to 6.7.0
Version 6.7.0, 2026-02-08
Deprecations (DEP)
- Deprecate support for abbreviations in decode_stream_data
New Features (ENH)
- Add ability to add font resources for 14 Adobe Core fonts in text widget annotations
Bug Fixes (BUG)
- Avoid invalid load for ICCBased FlateDecode images in mode 1
Robustness (ROB)
- Fix AESV2 decryption when /Length missing in encrypt dict
- Fix merging when annotations point to NullObject
- Check for `self._info` being None in `compress_identical_objects`
py-pebble: updated to 5.2.0
5.2.0
Features:
- issue 158: set pending futures to BrokenProcessPool error
when ProcessPool internal errors occur.
Fixes:
- Cleanup resources when terminating pool's processes via SIGTERM.
Update CMake to 4.1.2
Major update from 3.31.8 to 4.1.2.
CMake 4.0 introduces a breaking change: compatibility with versions older than
3.5 has been removed. Projects calling cmake_minimum_required() or
cmake_policy() with versions < 3.5 now error out.
To maintain compatibility with existing ports during the transition, the cmake
module now provides MODCMAKE_POLICY_VERSION_OVERRIDE (idea from sthen@)
support:
- MODCMAKE_POLICY_VERSION_OVERRIDE ?= No
- MODCMAKE_POLICY_VERSION_OVERRIDE_VER ?= 3.5
When MODCMAKE_POLICY_VERSION_OVERRIDE is set to "yes", CMake is instructed to
accept policy versions down to the specified minimum (default 3.5) via
-DCMAKE_POLICY_VERSION_MINIMUM. This allows older ports to build while
acknowledging they may use deprecated features.
[5 lines not shown]
[VPlan] Run initial recipe simplification on VPlan0. (#176828)
In some cases, LV gets simplifyable IR as input. Directly apply
simplifications on the initial VPlan0 to avoid vectorization in cases
where the loop body can be folded away.
Using the end-to-end pipeline, this is relatively rare, but when
reducing test cases, the reduction often ends up with cases with trivial
folds. Rejecting those will result in more robust & realistic test
cases.
As follow-up, I also plan to add initial dead recipe removal.
Depends on https://github.com/llvm/llvm-project/pull/176795.
PR: https://github.com/llvm/llvm-project/pull/176828
www/freenginx-devel: update to 1.29.5
<ChangeLog>
*) Feature: optimized SSL_sendfile() usage on FreeBSD.
Thanks to Gleb Smirnoff.
*) Bugfix: upstream servers were not marked as failed after a response
with status code 500, 502, 503, 504, or 429 if the code was listed in
the "proxy_next_upstream" directive, but switching to the next server
was not possible.
*) Bugfix: the "stale-if-error" cache control extension was not applied
if a backend returned a response with status code 500, 502, 503, 504,
or 429 and the code was listed in the "proxy_next_upstream"
directive.
*) Bugfix: in handling of premature backend responses.
[3 lines not shown]
postgresql-timescaledb: updated to 2.25.0
2.25.0
This release contains performance improvements and bug fixes since the 2.24.0 release. We recommend that you upgrade at the next available opportunity.
Highlighted features in TimescaleDB v2.25.0
This release features multiple improvements for continuous aggregates on the columnstore:
Faster refreshes: You can now utilize direct compress during materialized view refreshes, resulting in higher throughput and reduced I/O usage.
Efficiency: The enablement of delete optimizations significantly lowers system resource requirements.
Smaller transactions: Adjusted defaults for buckets_per_batch to 10 reduces transaction sizes, requiring less WAL holding time.
Faster queries: Smarter defaults for segmentby and orderby yield improved query performance and better compression ratio on the columnstore.
[SCEV] Discard samesign when analyzing loop invariant exits (#181171)
If the predicate has samesign set, we could either perform the checks
with the unsigned predicate and return and unsigned invariant predicate,
or we could perform them with the signed predicate and return a signed
invariant predicate. The current implementation can end up mixing both,
using a signed predicate for one check and an unsigned one for the
other.
Avoid this by dropping the samesign flag.
Fixes https://github.com/llvm/llvm-project/issues/180870.
postgresql1[4-8]*: updated to 18.2, 17.8, 16.12, 15.16, and 14.21
PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21
Security Issues
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVSS v3.1 Base Score: 4.3
Supported, Vulnerable Versions: 14 - 18.
Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
The PostgreSQL project thanks Altan Birler for reporting this problem.
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVSS v3.1 Base Score: 8.8
[61 lines not shown]