Update version of external mbedtls to v4
Build option does not currently work, because the security/mbedtls4
package does not enable MBEDTLS_THREADING_PTHREAD and
MBEDTLS_THREADING_C.
www/hiawatha -- update to v12.0
From upstream's changelog:
hiawatha (12.0) stable; urgency=low
mbed TLS updated to 4.0.0. Thanks to Heiko Zimmermann.
Replaced strcpy() with strlcpy() and sprintf() with snprintf().
Thanks to Heiko Zimmermann.
Added OS sandbox. Credits to Heiko Zimmermann.
Removed DHsize option.
Known bug: mbed TLS v4.0.0 doesn't compile in Cygwin, so
building a Windows package is not possible.
ruby-addressable: update to 2.8.9
Upstream changes:
https://github.com/sporkmonger/addressable/blob/addressable-2.8.9/CHANGELOG.md
Addressable 2.8.9
* Reduce gem size by excluding test files (#569)
* No need for bundler as development dependency (#571, 5fc1d93)
* idna/pure: stop building the useless COMPOSITION_TABLE (removes the
Addressable::IDNA::COMPOSITION_TABLE constant) (#564)
Update sysutils/intel-microcode-netbsd to 20260210-rev1
### Purpose
- Updated security updates for INTEL-SA-01083 originally published on
Aug 13, 2024
- Security updates for INTEL-SA-01396
- Update for functional issues. Refer to 10th Gen Intel Core Processor Families
Specification Update for details.
- Update for functional issues. Refer to 11th Gen Intel Core Processor
Specification Update for details.
- Update for functional issues. Refer to 12th Generation Intel Core Processor
Family for details.
- Update for functional issues. Refer to 13th Generation Intel Core Processor
Specification Update for details.
- Update for functional issues. Refer to 13th/14th Gen Intel Core Processor
Specification Update for details.
- Update for functional issues. Refer to 3rd Generation Intel Xeon Processor
Scalable Family Specification Update for details.
- Update for functional issues. Refer to 4th Gen Intel Xeon Scalable Processors
[59 lines not shown]
py-nose2: updated to 0.16.0
0.16.0 (2026-03-01)
Added
* Added official support for Python 3.14.
Changed
* ``nose2`` now explicitly uses a multiprocessing context for the ``mp`` plugin,
which ensures that it is isolated from any multiprocessing settings used by
applications under test. This ensures that the ``fork`` start method is always
used on POSIX systems. ``spawn`` is used on Windows. Thanks
:user:`JimmyDurandWesolowski` and :user:`airtower-luna`!
Deprecated
* The ``coverage`` plugin is now deprecated, and is no longer tested on newer
[5 lines not shown]
py-simpleeval: updated to 1.0.5
1.0.5
Fixes Security issues with "dangerous" modules & functions leaking through as attributes of other names, see:
GHSA-44vg-5wv2-h2hg
py-scrapy: updated to 2.14.2
Scrapy 2.14.2 (2026-03-12)
Security bug fixes
- Values from the ``Referrer-Policy`` header of HTTP responses are no longer
executed as Python callables. See the `cwxj-rr6w-m6w7`_ security advisory
for details.
.. _cwxj-rr6w-m6w7: https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7
- In line with the `standard
<https://fetch.spec.whatwg.org/#http-redirect-fetch>`__, 301 redirects of
``POST`` requests are converted into ``GET`` requests.
Converting to a ``GET`` request implies not only a method change, but also
omitting the body and ``Content-*`` headers in the redirect request. On
cross-origin redirects (for example, cross-domain redirects), this is
[48 lines not shown]
