zix: updated to 0.8.2
zix (0.8.2) stable; urgency=medium
* Fix build with configure checks disabled
* Fix handling of invalid ring size parameters
* Fix potential out of bounds access on error
py-peewee: updated to 4.0.7
4.0.7
* Fixes for `playhouse.pwasyncio`: report correct UPDATE / DELETE rowcounts on
asyncpg, roll back open transactions when connections are returned to the
pool, raise instead of deadlocking when querying during `iterate()`, and
detect the MySQL / MariaDB server version.
* Additional `playhouse.pwasyncio` fixes: a second `iterate()` on a busy
connection raises instead of deadlocking, asyncpg exceptions are translated
to peewee exception types, registered aggregates / collations / window
functions / extensions and `timeout` are applied to async SQLite
connections, `:memory:` databases use a single connection, `atomic()`
accepts transaction arguments (e.g. `lock_type`), postgres connection URLs
and `isolation_level` are supported, `%%` in raw SQL is unescaped, and
attempting a query outside the greenlet bridge no longer emits "never
awaited" warnings.
* Fixes for `playhouse.pydantic_utils`: JSON fields validate as `Any` (now
including the sqlite_ext `JSONField`), foreign keys may be included /
[21 lines not shown]
protobuf py-protobuf: updated to [7.]35.1
Protocol Buffers v35.1
Bazel
Bazel 9 tests for csharp, hpb, objc, php, python, rust and upb
Break protobuf dependency on Bazel's proto fragment. Only respect the Starlark versions of --proto_toolchain_for*. This is a breaking change from 35.0, but matches the behavior in 34.x.
C++
Add cord setters to repeated string fields.
UPB (Python/PHP/Ruby C-Extension)
Avoid UB in upb by switching to the XCT section, which will run our constructors before the compiler-generated initializers.
(databases/R-RSQLite) Updated 2.3.9 to 3.53.1
# RSQLite 3.53.1 (2026-05-22)
## Features
- Upgrade bundled SQLite to 3.53.1 (#711).
# RSQLite 3.52.0 (2026-05-09)
## Features
- Upgrade bundled SQLite to 3.52.0 (#696), the package version is now aligned with the SQLite version.
- Implement `dbListObjects()` for attached SQLite databases with schema prefix support (#689, #690).
- Enable the percentile extension.
# RSQLite 2.4.6 (2026-02-05)
[86 lines not shown]
shells/brush-shell: Update to v0.4.0
Some key highlights:
A meaningful step forward in bash compatibility.
Major bash language features are now implemented or substantially expanded,
e.g.: set -e, set -u, pipefail, failglob, the ERR trap, coprocesses, and a great deal more.
Improved robustness across edge cases.
Closed pipes, broken stdout, unusual file-descriptor states, non-UTF8 history files,
and platform corner cases are now handled gracefully.
A systematic audit also removed an entire class of avoidable failure modes.
Broader platform support. Using brush as a login shell on macOS is now supported,
Windows path handling is overhauled, FreeBSD, Android and 32-bit targets build cleanly again,
and wasm32-wasip2 is now exercised in CI.
A more capable interactive shell. Optional TOML config,
zsh-style preexec/precmd hooks, experimental terminal integration,
expanded readline-macro support, and many completion improvements.
API improvements and foundations for what's next. Scaffolding for
a winnow-based parser, a generic Shell<Extensions> for embedders,
[4 lines not shown]
gdal-lib: Enable support for reading GeoPDF
gdal-lib could previously write GeoPDF, but could not read it. bl3 on
poppler, as upstream's preferred choice of the possibities that are
already in pkgsrc. This make's gdal-lib's dependencies a bit heavier,
but it's not a large fractional increase.
Tested in that opening a GeoPDF in qgis did not crash or have other
bad behavior. While georeferencing was off, it's not clear if that is
a write-side issue.
audio/vorbis-tools: Update to 1.4.3
1.4.3 -- 2025-04-13
* Made sure utf8_decode() prototype is found by newer GCC.
* Plugged memleak when using vorbiscomment -c (#2328)
* Plugged memory leak in vorbiscomment param parsing.
* Added simple self test check.
* Updated ogg123 http transport to avoid depricated
CURLOPT_PROGRESSFUNCTION.
* Code cleanup and avoiding some reserved names breaking MSVC build.
* Introduced new configure option --enable-gcc-sanitazion for more
checks.
* Updated translation files and added initial Norwegian BokmAYl
translation.
* Changed oggenc to no longer assume output path ends in a file name
(CVE-2023-43361).
* Adjusted build rules to avoi link error on MacOSX.
* Dropped version number from documenation install path.
* Adjusted ogg123 to handle disappearing audio device more
[2 lines not shown]
net/ipv6calc: Update to version 4.4.0
General:
internal databases: update
IP2Location 8.7.0 related (relates to https://github.com/chrislim2888/IP2Location-C-Library/releases/tag/8.7.0
which has unfortunatly incompatible API changes)
ipv6calcweb/ipv6calcweb.cgi.in: add support for new fields in DB26 with 8.7.0
add support for additional data in DB26 usable with IP2Location >= 8.7.0
check IP2Location > 8.6.1 related compatibility/fallback
Extensions:
add option --has-feature <NAME>
py-pip-audit: updated to 2.10.1
2.10.1
Fixed a KeyError crash when an OSV vulnerability record contains an
affected entry that omits the optional ranges field
py-bleach: updated to 6.4.0
Version 6.4.0 (June 5th, 2026)
**NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future
releases including for security issues.**
See issue: `<https://github.com/mozilla/bleach/issues/698>`__
**Backwards incompatible changes**
* Dropped support for pypy 3.10.
**Security fixes**
* Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.
Fix XSS issue with sanitize_uri_value where disallowed schemes with
Unicode invisible characters wouldn't be rejected.
[28 lines not shown]
