gobject-introspection: bump PKGREVISION for glib2 2.88.0 update
gobject-introspection installs GLib/GObject/GModule/Gio/GioUnix
introspection data generated against the GLib version available at
build time.
After updating devel/glib2 to 2.88.0, the old gobject-introspection
package still contains typelibs generated against the previous GLib.
This can break runtime users of PyGObject like inputmethod/ibus-anthy.
net/unison: Update to 2.54.0
Packaging changes:
Upstream NEWS:
## Changes in 2.54.0
Released 2026-05-01
* Drop old wire protocol. Unison will no longer interoperate with
versions before 2.52.0 and will no longer read pre-2.52.0 archive
files.
* Document that LLM output is unwelcome in the Unison project (code,
issues, mailinglists, etc.).
* Add desktop file.
Deprecation warning: support for external rsync will be removed;
[13 lines not shown]
geography/py-ubx2: Update to 1.3.0
Upstream NEWS, less minor improvements and bugfixes:
### RELEASE 1.3.0
1. Add support for UBX MGA advanced calibration support commands and polls (MGA-SF-INI, MGA-SF-INI2, MGA-INI-ATT, MGA-SF) - thanks to @ariansharifi for contribution.
### RELEASE 1.2.60
1. Add UBXReader `encoding` argument for chunked encoded socket streams.
1. Add a third value '2' to UBXReader and UBXMessage `parsebitfield` argument (*previously a simple boolean*); 0 = parse bitfield as bytes, 1 = parse bitfield as individual bits, 2 = parse bitfield as *both* bytes *and* bits (1)
firefox140: update to 140.10.1
Mozilla Foundation Security Advisory 2026-36
Security Vulnerabilities fixed in Firefox ESR 140.10.1
Announced
April 28, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.10.1
#CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component
Reporter
Xuehao Guo
[45 lines not shown]
dasel: update to 3.8.1.
install man pages and shell completion
## [v3.8.1] - 2026-04-30
- `dasel man` now generates a reproducible manpage based on [SOURCE_DATE_EPOCH](https://reproducible-builds.org/specs/source-date-epoch).
sysutils/upower: update to 1.91.2
# upstream changes (since 1.90.9)
Version 1.91.2
--------------
Released: 2026-04-01
- Feature: Skip the systemd inhibitor when performing CriticalPowerAction (!309)
- Feature: Introduce "Auto" CriticalPowerAction using systemd-logind Sleep() (!309)
- Fix: Test CanPowerOff() availability before calling PowerOff() (!311)
- Fix: Add charge limit support for systems providing only charge_control_end_threshold (!310, #342, #285)
Version 1.91.1
--------------
Released: 2026-02-10
- Fix: a resource leak (!294)
- Fix: a NULL exception caused by a Non-NULL GError pointer (!295, #331)
[31 lines not shown]
glib2: avoid false g_module_symbol() failures on NetBSD
On NetBSD, do not turn a non-NULL dlsym() result into a
g_module_symbol() failure only because dlerror() has a non-NULL value.
POSIX specifies that it is implementation-defined whether dlerror()
is thread-safe:
https://pubs.opengroup.org/onlinepubs/9799919799/functions/dlerror.html
as already noted in gmodule-dl.c comments.
On NetBSD, dlerror(3) state is process-global and not thread-safe,
so a non-NULL dlerror() value is not a reliable reason to reject
a non-NULL dlsym() result. Marking dlerror() as not thread-safe
in GLib by DLERROR_IS_THREADSAFE=0 would only serialize GLib's
own dynamic linker calls and would not protect against dynamic
linker calls made outside GLib.
POSIX also specifies that dlsym() returns a null pointer if the
symbol cannot be found. However, glibc documents cases where
[8 lines not shown]
graphics/lcms2: Explain upstream's (very unclear) cmake status
I asked upstream a bunch of questions just now. For now, avoid
jumping to cmake because 1) upstream hasn't said it's baked and 2)
usually new cmake systems have regressions and this one hasn't been
tested.
py-test-order: updated to 1.4.0
1.4.0
Allows the plugin to run after `--failed-first` and similar options.
Changes
* removed official support for Python 3.7-3.9 (EOL), added Python 3.13 and 3.14
New features
* added option `--order-after-ff`, that allows to run `pytest-order` after built-in hooks
like the `--failed-first` option
Infrastructure
* use trusted publisher for release (see https://docs.pypi.org/trusted-publishers/)
* use `pyproject.toml` for project setup
Documentation
* use a theme for documentation supporting dark mode
* added use case for ordering test modules
* fixed documentation for `--indulgent-ordering` option
py-test-codspeed: updated to 4.5.0
4.5.0
Internals
Pre-build macos binary
Bump instrument-hooks submodule to use int32_t as pid
Add macos integration test
graphics/lcms: Drop MAINTAINERship
(Note that this is lcms-1, last released in 2009. It is a deletion
candidate, but there are multiple (surely unmaintained) packages
depending on it.)
mimalloc: updated to 3.3.2
3.3.2
various bug and security fixes through LLM audit (by @Zoxc). Only increase
minimal purge size automatically if allow_thp is set to 2. Enable large OS
alignment on all platforms (fixing OS large pages on Windows). Fix accounting
of committed memory on Linux/macOS. Update MSVC atomics implementation when
using C mode. Upstream Emscripten fixes. Proper atomic do-once implementation.
buf: updated to 1.69.0
1.69.0
- Increase check plugin WASM memory limits to 1GiB.
- Fix LSP stale diagnostics persisting after a file is closed or deleted.
- Fix handling of unprefixed newlines in block comments.
- Add LSP code lenses for `buf.gen.yaml` files: "Run buf generate" and "Check for plugin updates".
- Add LSP warnings for `lint.ignore` and `breaking.ignore` paths in `buf.yaml` that do not match any file in the workspace.
py-pip: updated to 26.1
26.1 (2026-04-26)
Deprecations and Removals
- Drop support for Python 3.9.
Features
- Add experimental support to read requirements from standardized pylock.toml files (``-r pylock.toml``).
- Allow ``--uploaded-prior-to`` to accept a duration in days (e.g., ``P3D`` for 3 days ago).
Enhancements
- Speed up dependency resolution when there are complex conflicts.
- Reduce memory usage when resolving large dependency trees.
- Emit a deprecation warning when pip imports an unexpected module after
installation of a distribution has started.
[30 lines not shown]
