inkscape: update to 1.4.4.
Inkscape 1.4.4 is a maintenance and bugfix release, which brings you
20 crash fixes, among them for three nasty bugs where Inkscape wouldn't even start
almost 20 bug fixes
6 performance improvements
a new palette
a new button for rotating stars and polygons into their 'neutral' or 'upright' position
27 updated interface translations
15 updated documentation translations
installation files for Windows on Arm
tor: update to 0.4.8.24.
Changes in version 0.4.8.24 - 2026-05-06
This is a security release fixing several major bugfixes that were reported
in the past weeks. Huge thanks to everyone that reported these issues! We
strongly recommend upgrading as soon as possible.
o Major bugfixes (cell handling):
- Fix out-of-bounds read (OOB) when END, TRUNCATE and TRUNCATED cell
have no reason in their payload. TROVE-2026-011. Found by Brian
Carpenter (geeknik). Fixes bug 41254; bugfix on 0.1.1.1-alpha.
o Major bugfixes (conflux):
- Do not attempt or accept BEGIN_DIR via conflux legs. TROVE-2026-
008. Credit to Anas Cherni from Calif.io in collaboration with
Claude and Anthropic Research. Fixes bug 41243; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (conflux, relay):
[25 lines not shown]
doas: add pkgsrc-specific paths to GLOBAL_PATH and SAFE_PATH
Issue noted by Takashi Shimizu on pkgsrc-users@.
This follows how these paths are defined ordering-wise based on doas.h.
The existing SunOS override approach in Makefile varies here, as added
that way upstream. The SunOS setting was left as-is, to keep with the
POLA. (Someone may be surprised by the change on other OSes,
regardless; so it goes.)
Update to version 9.2.449.
Changes:
- patch 9.2.0449: Make proto fails in non GTK builds
- patch 9.2.0448: Vim9: dangling cmdline pointer after skip_expr_cctx()
- patch 9.2.0447: cindent does not ignore comments
- patch 9.2.0446: runtime(netrw): off-by-one bug in s:NetrwUnMarkFile()
- patch 9.2.0445: win_fix_scroll() called before win_comp_pos() in command_height()
- patch 9.2.0444: Cannot set 'path' option via modeline
- patch 9.2.0443: GUI: cancelling save dialog overwrites or discards unnamed buffer
- patch 9.2.0442: completion: i_CTRL-X_CTRL-V doesn't use dict from customlist
- runtime(autopkgtest): update syntax script
- Fix wrong comment in getchar.c
- patch 9.2.0441: statusline: click handler not called on multi-line statusline
- patch 9.2.0440: MS-Windows: cursor flicker during update_screen()
- patch 9.2.0439: completion: info popup not removed in cmdline mode
- patch 9.2.0438: tests: test_plugin_termdebug is flaky
- runtime(doc): Tweak documentation style
- Fix a few more typos
[68 lines not shown]
www/ruby-aws-partitions: update to 1.1245.0
1.1245.0 (2026-05-05)
* Feature - Updated the partitions source data that determines the AWS
service regions and endpoints.
finance/ruby-braintree: update to 4.36.0
4.36.0 (2026-05-05)
* Add Local Payment Context support with LocalPaymentContextGateway.create
and LocalPaymentContextGateway.find methods
* Add support for MBWAY and CRYPTO payment types
* Add acquirerReferenceNumber to transaction search object
* Add international_phone to Customer in Transaction
* Deprecate merchant create functionality
* Add apiRequestKey (idempotency) for sale, credit, refund, void and
settlement operations.
* Add support for Ruby version 3.4.0, 4.0 and updated rubocop to 1.85.1 for
Ruby versions 2.7 and later
* Add surcharge_amount to transaction object
* Add support for apple pay card verifications
py-pymysql: updated to 1.1.3
v1.1.3
Security
* Fix `Cursor.callproc()` didn't escape procedure name.
There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.
NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like `"dbname.funcname"`, the previous version called `CALL dbname.funcname`, but from this version, it will call ``CALL `dbname.funcname` `` so you cannot specify procedure name with database name anymore.
py-authlib: updated to 1.7.2
1.7.2
Fix the readme links
Allow non-recommended algorithms in ClientSecretJWT and PrivateKey
Validate BCP47 language tags with a regex
Fix RFC7523 signing with non RSA keys
memcached: updated to 1.6.41
1.6.41
Overview
Important bugfix release over regressions starting from 1.6.34 and 1.6.40. The glitches are not likely critical but we want to raise awareness of them.
In 1.6.34 we introduced new memory mover code. In very rare cases a bug can lead to the memory mover becoming unable to make progress and pages will no longer be moved for either a period of time or forever.
This also introduced a rare crash when slabs_mover=2 start option is in use. However it is highly recommended that nobody use this option as it will give poor hit rates for most workloads.
In 1.6.40 we introduced a rewritten protocol parser. The lru tuning command was made inaccessible and is now fixed in this release.
Finally, this repairs a bug in extstore where frequently accessed items can be lost during data compaction. This has existed since extstore was written and is not a recent regression. It is more likely to happen on highly loaded systems with low memory available to keep active items in RAM vs disk.
Several ASAN triggering but otherwise harmless bugs were also fixed.
Fixes
[15 lines not shown]
