stellarium: updated to 26.2
26.2
The major changes of this version:
- Added new sky culture
- Added new plugin: Planes
- Many improvements in plugins
- Many improvements in Core and GUI
- Many updates in sky cultures
curl: update to 8.21.0.
Lots of security fixes.
Changes:
curl: named globs in output filename for upload glob references
HTTP/3: add proxy CONNECT and MASQUE CONNECT-UDP support (ngtcp2 QUIC)
http2: remove stream dependency tracking
lib: drop support for CURLAUTH_DIGEST_IE
libssh: add support for SHA256 host public keys
tool_urlglob: add named globs
Bugfixes:
_ENVIRONMENT.md. Windows does case insensitive env variables
_URL.md: remove the zone-id mention
AmigaOS: curl_setup.h avoid explicit_bzero with clib2
AmigaOS: fix build fallouts, re-add to CI
[270 lines not shown]
corewars: switch to gtk2, stop using argp.
Patches from OpenBSD ports (which got the GTK2 patch from Debian)
- thanks to both projects!
Bump PKGREVISION.
musicpd: update to 0.24.12.
ver 0.24.12 (2026/05/15)
* protocol
- allow empty URI in "lsinfo", "add" etc. (0.24.11 regression)
ver 0.24.11 (2026/05/15)
* protocol
- fix path traversal bug
* playlist: do not allow newlines in song URIs
* input
- curl: require version 7.85.0
* decoder
- pcm: fix stack buffer overflow
- sidplay: fall back to SIDLiteBuilder if ReSIDfpBuilder is unavailable
ver 0.24.10 (2026/05/06)
* input
- cache: fix deadlock bug
[16 lines not shown]
py-jwcrypto: updated to 1.5.8
1.5.8
Fix list iteration in claim format validation
fix: bump minimum cryptography dependency to >= 39.0.0
Wrap JWKSet parsing errors in InvalidJWKValue
jwt: add opt-in strict_serialization to enforce compact form
py-click: updated to 8.4.2
8.4.2
Fix Fish shell completion broken in 8.4.0 by {pr}3126. Newlines and tabs in option help text are now escaped, keeping the original completion format while still supporting multi-line help. {issue}3502 {issue}3043 {pr}3504 {pr}3508
Deprecated commands and options with empty or missing help text no longer render a stray leading space before the (DEPRECATED) label. {pr}3509
A {class}Group with invoke_without_command=True marks its subcommand as optional in the usage help, showing [COMMAND] instead of COMMAND. {issue}3059 {pr}3507
echo_via_pager flushes after each write, so passing a generator streams output to the pager incrementally instead of staying hidden until the pipe buffer fills. {issue}3242 {issue}2542 {pr}3534
echo_via_pager and get_pager_file no longer close a borrowed stdout stream when no external pager runs, completing the partial I/O operation on closed file fix from {pr}3482. {issue}3449 {pr}3533
py-cython: updated to 3.2.6
3.2.6 (2026-06-24)
Bugs fixed
* ``@functools.wraps()`` was broken in Py3.14+ for Cython compiled functions.
* A double-free in the t-string code was fixed.
* The ``-`` operator declarations for iterators in ``libcpp.vector`` we corrected.
* The shared utility code module no longer uses a temporary file path that
changed the C code on each generation.
* On 32 bit platforms, cached constants are no longer made immortal during module import.
net/libslirp: update to version 4.9.3
This is a security update for CVE-2026-9539: libslirp TCP URG OOB Read
Information Leak.
Changes in 4.9.3:
* Fix migration break on incorrect vmstate retcode
Changes in 4.9.2:
* Security:
- oob: cap urgent data count to what is actually available
* Fixed:
- Honor dns server port number on macos
- Cope with SO_ERROR possibly failing
- vmstate: pass on read/write errors for state
- Fix port conflict
- tcp_sockclosed: Set linger timer on remaining closing states
[62 lines not shown]
gspell: forward icu dependency in bl3.mk
Seems it's needed:
meson.build:66:13: ERROR: Dependency lookup for gspell-1 with method 'pkg-config' failed: Could not generate cflags for gspell-1:
