www/php-ja-wordpress: update to 6.9.5
6.9.5 (2026-7-17)
This is security release fixes these
* A facilitated SQL injection issue reported as a team by TF1T, dtro, and
haongo. (CVE-2026-60137 / GHSA-fpp7-x2x2-2mjf)
* A REST API batch-route confusion and SQL injection issue leading to Remote
Code. (CVE-2026-63030 / GHSA-ff9f-jf42-662q)
www/wordpress: update to 6.9.5
6.9.5 (2026-7-17)
This is security release fixes these
* A facilitated SQL injection issue reported as a team by TF1T, dtro, and
haongo. (CVE-2026-60137 / GHSA-fpp7-x2x2-2mjf)
* A REST API batch-route confusion and SQL injection issue leading to Remote
Code. (CVE-2026-63030 / GHSA-ff9f-jf42-662q)
geography/py-ubx2: Update to 1.3.6
Upstream NEWS, less minor improvements and bugfixes:
### RELEASE 1.3.6
1. Add `msgfilter` argument to UBXReader to allow user to filter
output by one or more message identities. If set, only filtered raw
messages will be parsed (e.g. UBX `0x0107` *(must be integer)*, NMEA
`"GNGSA"` or RTCM `1077`); the remainder will be `None`. Default is ""
(no filter). If you're only interested in specific messages, this can
significantly improve parsing speed for a given datastream.
1. Enhance `parsing` argument to UBXReader - permissible values:
- `PARSE_NONE` (0) - No message parsing, raw output only. Parsed data is `None`.
- `PARSE_FULL` (1) - Full parsing of all message attributes (the
default). Parsed data is a `UBXMessage`, `NMEAMessage` or
`RTCMMessage` object.
- `PARSE_META` (2) - Parse only basic metadata from messages
[3 lines not shown]
lang/gcc12: pull over the changes to rs6000/netbsd.h from our in-tree gcc.
This is so that this builds and runs on powerpc/11.0*.
The most important fix is that on powerpc, -msecure-plt is enabled by
default, so that resulting executables can be run with PAX_MPROTECT active.
Otherwise, we end up with executables with sections which have both
"write" and "execute" turned on, which PAX_MPROTECT rejects.
Fixes PR#60439.
Bump PKGREVISION for both gcc12 and gcc12-libs, to adhere to rules in comments.
p5-Data-Alias: update to 1.30.
1.30 2026-03-11 XMATH
- Use isGV_with_GP_on when available. (RT 173582)
1.29 2026-02-02 XMATH
- Fix compatibility with perl 5.43.8 (contributed by mauke)
bulk-test-boost: Drop mongodb3
because it's about to be deleted.
(It seems all mongodb are using vendored boost, but as non-MAINTAINER
I'm simply deleting mongodb3.)
p5-Mojo-JWT: update to 1.02.
1.02 2026-06-03
- This release contains fixes for security issues, everybody should upgrade!
- Improved security of decode to prevent timing side-channel attacks in symmetric signatures
1.01 2024-10-15
- Fix non-portable test
1.00 2024-10-15
- Use CryptX (libtomcrypt) for all cryptographic functions
- Crypt::OpenSSL input is still accepted but converted in-use