fix: memory leaks in pkg_jobs
Free local package references when they are not added to the universe,
preventing leaks in pkg_jobs_process_remote_pkg and pkg_jobs_find_upgrade.
plist: add support for @for ... @end loop
this allows to simplify makefiles the following way:
@for LANG fr en nl it
%%NLS%%/share/locale/%%LANG%%/LC_MESSAGES/pkg.mo
@end
[NFC][AArch64][Cyclone] Model WriteSTP with a local SchedWriteRes (#198844)
Cyclone scheduling model uses SchedAlias between 2 SchedWriteRes
definitions from AArch64Schedule.td.
This prevents other scheduling models from aliasing WriteSTP. This patch
address the issue by defining a new CyWriteSTP and using that instead.
rio: fix pre-configure for wgpu-28.x vendor crates
Update vendor crate version strings from wgpu-25.0.2/wgpu-core-25.0.2/
wgpu-core-deps-windows-linux-android-25.0.0 to the versions actually
bundled with rio-0.4.5 (wgpu-28.0.0, wgpu-core-28.0.1,
wgpu-core-deps-windows-linux-android-28.0.0).
Also update the sed patterns to match the wgpu-28 source layout:
- vulkan/gles anchor on freebsd (wgpu-28 already added FreeBSD) rather
than android (wgpu-25)
- gles Emscripten anchor is unchanged
- wgpu-core-deps target cfg includes freebsd in the existing list
Fix a make(1) quoting bug: the AWK pattern used a bare $, which make
expanded as an empty variable; change to 422 so make passes a literal $
to the shell and awk sees the correct end-of-line anchor.
Verified: clean pkgsrc build of rio-0.4.5 completes without errors on
NetBSD-current amd64.
[VPlan] Simplify VPSCEVExpander, clarify naming/comments (NFC). (#199423)
Address post-commit comments from
https://github.com/llvm/llvm-project/pull/189455,
removing unneeded member, and clarify naming/comments to stress the
current logic tries to expand a SCEV to VPInstructions, with only a small
sub-set of SCEV expression supported.
[SLP] Ensure TreeCost is scaled for ordered fadd reductions (#199388)
Resolves #199267
Addresses an issue where `getScaleToLoopIterations()` can return 1 on
isolated SLP trees because `UserTreeIndex` is invalid. This prevents
`TreeCost` from scaling alongside `ReductionCost`, causing the cost
model to incorrectly treat an unprofitable vector reduction as
profitable.
This patch passes the reduction root instruction down into
`calculateTreeCostAndTrimNonProfitable` and the underlying scale
calculation so `getScaleToLoopIterations` can get the correct block
context.
py-idna: update to 3.16.
## 3.16 (2026-05-22)
- Add a command-line interface (`python -m idna`, also available as
the `idna` script). Encodes or decodes one or more domains supplied
as arguments or on standard input, with options to select A-label
or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements
py-icalendar: update to 7.1.2.
7.1.2 (2026-05-22)
Bug fixes
Replaced the recursive Component.__repr__ implementation with an iterative stack-based walk so that deeply nested calendars no longer raise RecursionError when formatted via repr(), str(), or f-strings. The output format is unchanged for normally-shaped calendars. @gistrec (Issue #1370)
Documentation
Update maintenance documentation. Fix the version switcher on "stable" on Read the Docs. @stevepiercy (Issue #1352)
7.1.1 (2026-05-18)
New features
Created an ical_value property for the vPeriod component. @ZairKSM (Issue #876)
Created a ical_value() property for the vWeekday component, mirroring the existing pattern on vBoolean. @mvanhorn (Issue #1360)
[21 lines not shown]
py-genshi: update to 0.7.11.
Version 0.7.11
https://github.com/edgewall/genshi/releases/tag/0.7.11
(May 17 2026, from branches/stable/0.7.x)
* Replace use of `pkg_resources` with `importlib.resources` (or `importlib_resources` for Python < 3.9)
(#97 by Colin Watson)
* Update CI release workflow to use Ubuntu 22.04. (#96 by Simon Cross)
py-aiodns: update to 4.0.4.
4.0.4
=====
- Raise ``DNSError(ARES_ENODATA)`` from ``query()`` when the answer section has no records of the requested qtype, restoring the pycares 4.x NODATA contract and avoiding ``AttributeError`` for CNAME/SOA/PTR callers (#254).
- Add the missing ``build-backend`` entry to ``pyproject.toml`` so PEP 517 builds from the sdist work without falling back to the deprecated legacy setuptools backend (#252).
py-JWT: update to 2.13.0.
v2.13.0
-------
Security
~~~~~~~~
- Reject JWK JSON documents passed as raw HMAC secrets in
``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that
the existing PEM/SSH guard did not cover. Reported by @aradona91 in
`GHSA-xgmm-8j9v-c9wx <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx>`__.
- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during
verification so the caller's ``algorithms=[...]`` allow-list cannot be
bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported
by @sushi-gif in `GHSA-jq35-7prp-9v3f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f>`__.
- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-
influenced URIs cannot read local files or reach unintended schemes via
urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported
[31 lines not shown]
rio: fix NetBSD build and runtime; terminal now working
Four changes to make rio-0.4.5 fully functional on NetBSD:
1. teletypewriter patch: set B38400 baud rate in create_termp() BSD termios
branch. c_ispeed/c_ospeed=0 (B0) caused NetBSD tty.c to send SIGHUP to
the PTY session leader immediately on tcsetattr, killing the shell.
2. wgpu pre-configure patches: wgpu and wgpu-core hard-code platform
allowlists (Windows/Linux/Android/Apple) for their Vulkan and GLES
backends via cfg_aliases in build.rs. The pre-configure Makefile target
patches four vendor files at build time to include NetBSD:
- wgpu/build.rs: add netbsd to vulkan and gles cfg conditions
- wgpu-core/build.rs: add netbsd to windows_linux_android alias
- wgpu-core/Cargo.toml: extend target dep cfg + activate wgpu-hal
gles/vulkan features directly so the feature chain reaches wgpu-hal
- wgpu-core-deps-windows-linux-android/Cargo.toml: make wgpu-hal an
unconditional dependency (removes the Windows/Linux/Android restriction)
Cargo vendor checksums are cleared (files:{}) for each modified crate
[11 lines not shown]
