gsasl: update to 2.2.4.
Security fix release.
* Noteworthy changes in release 2.2.4 (2026-06-15) [stable]
** NTLM: Avoid use-of-uninitialized-value in libntlm.
The code is in the client side, and can be triggered by a malicious
server. Report and fix by zhangph <zhangph12138 at 163.com> in
<https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html>.
** i18n: Updated translations.
(geography/R-osmdata) Updated 0.2.5 to 0.3.0, fix build against R 4.6.0
# osmdata 0.3.0
## Breaking changes
- Remove `magrittr` from imports. User code relaying on reexported pipe `%>%`
from `osmdata` must explicitly load it with `library(magrittr)`.
Code examples, tests and vignettes now use the pipe from base (`|>`) available since R 4.1 (#361)
- `getbb(..., format_out = "polygon")` return polygons following [https://www.ogc.org/standards/sfa/].
Polygons are defined by a list of matrices of coordinates. The first ring defines the exterior boundary, and the following rings define holes if present.
Also fix `getbb(..., format_out = "sf_polygon")` returning each (multi)polygon as a row in an `sf` object.
Before, every ring was an independent polygon, even for holes or multipolygons,
and for `format_out = "sf_polygon"`, the features were split in a list with polygons in one item and multipolygons in another (#378).
## Major changes
- Implemented `c.osmdata_sc` method to join `osmdata_sc` objects (#333)
- Depends on R >= 4.1 to use the base pipe (`|>`) in examples and vignettes (#371)
[22 lines not shown]
devel/cmocka: Don't use newfangled attribute access on gcc < 12
The usage is guarded on __has_attribute(access), but that apparently
doesn't distinguish having access none. Fix inspired by an upstream
bug report (which has a huge hex string intstead of a number in the
brave new world of gitlab), avoid attribute access on gcc <= 12.
Upstream has not acted on or commented on the bug report, file on
April 10.
Resolves failure to build on NetBSD 10, probably resolves problems on
other gcc 10 hosts, and shouldn't affect systems with gcc >= 12.
(math/R-forecast) Updated 8.23.0 to 9.0.2, Fix build against R 4.6.0
# forecast 9.0.2
* `checkresiduals()` correctly handles the `test` argument again (#1100)
* `mstl()` now correctly accesses the `lambda` attribute on mstl matrix objects (#1097)
# forecast 9.0.1
* Performance improvements for ARFIMA model search
* `forecast.mlm()` now finds `newdata` when passed as an argument from another function (#880)
* `residuals.tslm()` now allows `type = "working"` as per CRAN request
* Code modernization and performance improvements
# forecast 9.0.0
* `ets()` now allows missing values in the time series (#952)
* Added `mean_model()` and `forecast.mean_model()`
* Added `rw_model()` and `forecast.rw_model()` (m-muecke, #969)
* Added `spline_model()` and `forecast.spline_model()` (#1013)
[12 lines not shown]
(math/R-igraph) Updated 2.1.4 to 2.3.2, Fix Build against R-4.6.0
# igraph 2.3.2
--------------
## Bug fixes
- Fix obsolete Fortran syntax (#2644).
# igraph 2.3.1
--------------
## Bug fixes
- Fix mismatches between C function signatures and function
calls. This only affects private functions that are defined but not
yet used (#2620).
# igraph 2.3.0
[321 lines not shown]
p5-Crypt-DSA: update to 1.21.
Security update. Please note that this package is deprecated.
1.21 -- Sun Jun 14 16:52:15 ADT 2026
- This module is now makred as deprecated. Crypt-DSA-GMP is a possible replacement.
- Fixed CVE-2026-12205 key material reuse for multiple signing events
- SECURITY (CWE-323): sign() reused the DSA nonce k across signatures
(r and k^-1 were cached on the key and not regenerated), allowing
private-key recovery from two signatures over different messages. Now
generates a fresh nonce per signature. Keys used to sign more than
once with an affected version should be considered compromised.
liba52: Build fixes for GCC 15.
Update configure test for return type of signal(2).
Restrict to C99. Uses "old-style function definitions", but also
restrict keyword.
lighttpd: update to 1.4.83. Changes:
Highlights
- add PQC hybrid KEM X25519MLKEM768 to default TLS groups
- mod_sockproxy can now route connections based on TLS SNI
- mod_proxy proxy.header enhanced config for url-path mapping of response headers
- HTTP Incremental header support
- portability/compatibility with library updates (lighttpd dependencies)
BEHAVIOR CHANGES
- add PQC hybrid KEM X25519MLKEM768 to default TLS groups
- HTTP/1.1 Upgrade: h2c has been deprecated; set default to disabled
in lighttpd, but can still be enabled in config, and http2 prior
knowledge is still enabled
* [systemd] add RestrictAddressFamilies AF_NETLINK
* [TLS] skip cert_is_active warnings for unset clock
[102 lines not shown]
filesystems/py-fuse-bindings: Change back to egg.mk to accomodate unmaintained fuse filesystems
wheel.mk does not allow 2.7 and there are 3 2.7-only filesystems
still. While they are probably ripe for removal, I don't want to
couple that.
Tested with python 3.13 and bup.
