py-snowballstemmer: updated to 3.1.1
3.1.1
+ Skip classifier for Sesotho which isn't yet in the official list of
trove classifiers.
+ Add classifier to indicate support for Python 3.14.
py-distlib: updated to 0.4.1
0.4.1
- scripts
- Fix path traversal bug in handling entry points which allowed escaping the scripts directory.
Thanks to tonghuaroot for the comprehensive report.
- tests
- Fix: Change test function following a reorganization which happened in the Python stdlib.
harfbuzz: updated to 14.2.1
14.2.1
Various AAT shaping fixes: legacy mort contextual offsets (which could produce out-of-font glyph IDs), in-place deleted-glyph replacements, and overflow in obsolete offset math.
Fix Arabic PUA fallback shaping for the isolated lam-alef-maksura ligature.
Fix float-to-int overflow in avar2 mapping with malformed fonts.
Harden buffer verification after detecting non-monotone clusters.
Various COLR v1 fixes: fix handling of .notdef without paint, round alpha consistently, and report the root clip under the font transform.
Various Glyph-extents fixes: inclusive rounding, and floating-point scaling before rounding so the reported box always covers the glyph.
Various Subsetting fixes: keep the palt spacing feature by default, raise the repacker MAX_SPACES limit, fix a repacker crash on shared LigatureSet nodes, guard gvar size overflow on 32-bit, and fix the post glyph-name sort comparator on macOS.
Replace std::sort with an internal quicksort, removing leaked std:: symbols from the libharfbuzz ABI.
Harden size computations with saturating arithmetic against 32-bit overflow.
Various improvements to the experimental Rust shaper (HarfRust) and font functions (fontations): honor custom font funcs, key shape plans on features, faster buffer handling, and update to HarfRust 0.8.
Various fixes to the experimental harfbuzz-gpu and harfbuzz-vector libraries, including a harfbuzz-vector heap buffer overflow and Windows build fixes.
Map the Hrkt (Katakana or Hiragana) script tag to the kana OpenType tag.
Build configuration: new HB_CONFIG_OVERRIDE_LAST_H override header, decouple HB_NO_DRAW from HB_NO_CFF, and an optional hb-allocator Cargo feature.
Various build, CI, and fuzzing fixes.
adguardhome: updated to 0.107.77
0.107.77
Security
Authorization in GLiNET mode is no longer vulnerable to path traversal attacks.
NOTE: This is CVE-2026-41448. We thank @djnnvx for reporting this security issue.
Added
New reason query parameter in GET /control/querylog. See openapi/openapi.yaml for the full description.
Deprecated
Query parameter response_status in GET /control/querylog is now deprecated. Use new reason query parameter instead.
filesystems/py-fuse-bindings: Clean up fuse bl3
There was longstanding commented-out confusion about whether this
depended on some fuse implementation or the specific standard but
non-portable approach. Decide that mk/fuse.buildlink3.mk is the right
answer and just do that, without any commented-out alternatives.
filesystems/py-fuse-bindings: Update to 1.0.9
Upstream's new tests fail, and I don't think that's a pkgsrc bug, but
a test bug.
Works with bup!
Upstream NEWS:
bug fixes and minor improvements
filesystems/py-fuse-bindings: Adapt to python function deprecations
convert to wheel.mk
Now, importing fuse in python 3.13 succeeds, instead of failing with a
missing symbol, as one would expect from the undefined name warning
during the build.
gam: update to 7.44.03
Changes since 7.42.00:
7.44.03
Added writerwithoutprivateaccess to <CalendarACLRole>; this will become effective 2026-06-29.
7.44.02
Added fields bluetoothadapterinfo and osversioncompliance to <CrOSFieldName> for use in gam info|print cros.
7.44.01
Added option oneitemperrow to gam print crostelemetry to have each of a device's report field entries displayed on a separate row with all of the other device fields.
Added additional fields to <CrOSTelemetryFieldName>and <CrOSTelemetryListFieldName>:
appreport
[83 lines not shown]
sbcl: update to 2.6.5
- minor incompatible change: the condition signalled when an
accessed slot is missing from an object is no longer a TYPE-ERROR.
- minor incompatible change: the condition signalled when accessing
an uninitialized structure slot is no longer a TYPE-ERROR.
- minor incompatible change: the implementations of standardized
functions treating lists as sets, such as INTERSECTION and UNION,
take more advantage of the freedom to return the elements of the
result in any order.
- platform support:
- add low-level support for floating point state manipulation on
PPC64/FreeBSD
- improve the software emulation of displaced instructions on
ARM64
- restore building the system using the musl C library
- fix some SB-SIMD shifting instructions on AVX2
- enhancement: definition sources for alien callbacks are now
findable by name in SB-INTROSPECT.
[24 lines not shown]
x11/lxqt-panel: update to 2.4.1
lxqt-panel-2.4.1 / 2026-05-29
==============================
* Fixed a regression in the adjusting step of Volume Control plugin.
* Updated Free Software Foundation address.
