math/py-numpy: Tweak workaround for missing log2l/log1pl/expm1l.
1. Put it in npy_math.c as needed by _umath_linalg.so.
2. Limit it to NetBSD<10, since NetBSD>=10 has at least stubs (just
like this workaround implements, in terms of double functions) if
not proper long double implementations (NetBSD>=11).
Fixes:
>>> import numpy
...
ImportError: /home/riastradh/pkgsrc/current/pkg/lib/python3.11/site-packages/numpy/linalg/_umath_linalg.so: Undefined PLT symbol "log1pl" (symnum = 20)
PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around
sysutils/lima: update to version 2.1.1
The default docker template still does not boot on my NetBSD host, but
the docker.lima wrapper worked for me just fine when using debian-13
instead, and installing docker.io there.
Tested on NetBSD/amd64.
Changes since version 2.1.0:
* Binary release:
- Add Windows artifacts (#4789)
* macOS guest:
- Allow unusual range of UID (#4171, thanks to @balajiv113)
* vz:
- Honor audio.device=none (#4762, thanks to @BizerNotNull)
* nerdctl:
- Update from v2.2.1 to v2.2.2 (#4787)
. This release of the nerdctl distribution updates BuildKit
[59 lines not shown]
p5-YAML-Syck: update to 1.45.
1.45 Apr 23 2026
[Bug Fixes]
- Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
in base64 encode/decode buffers; also plugs a memory leak (PR #189)
- Fix: clear type tag on blessed scalar alias early-return so the stale
tag no longer leaks onto the next emitted item (GH #193, PR #194)
- Fix: negative float#base60 values produce wrong results; strip sign
before accumulating and avoid negative zero for portable
stringification (PR #191)
- Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
(PR #192)
[Maintenance]
- Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
- Test: add error handling coverage for LoadFile/DumpFile (PR #190)
- Update README
[149 lines not shown]
p5-libwww: update to 6.83.
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers
on cross-origin redirects (a different scheme, host, or port) to prevent
credential leakage to the redirect target. Same-origin redirects retain
credentials. Opt out with allow_credentialed_redirects => 1.
CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
Palmquist.
- LWP::UserAgent now refuses https to http redirects by default to prevent
leaking remaining request headers and bodies over plaintext. Opt in with
allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
Stig Palmquist.
graphics/lcms2: Update to 2.19.1
This is a bugfix release.
Note that one can use cmake, but upstream has not yet declared that to
be the official build system, so decline to switch. (As usual, the
autoconf build works fine.)
py-mypy: updated to 2.1.0
2.1
librt.vecs: Fast Growable Array Type for Mypyc
librt.random: Fast Pseudo-Random Number Generation
Mypyc Improvements
Fixes to Crashes
Changes to Messages
Other Notable Fixes and Improvements
- Rely on typeshed stubs for `slice` typing
- Improve negative narrowing for membership checks on tuples
- Narrow match captures based on previous cases
- Fix nondeterminism in overload resolution
- Respect file config comments for stale modules
- Fix JSON output mode for syntax errors in parallel mode
- Fix type variable with values as a supertype
- Add support for configuring `--num-workers` with an environment variable
- Respect JSON output mode for syntax errors
- Analyze `TypedDict` decorators
py-ast-serialize: added version 0.3.0
This is a fast Python extension for parsing Python files and serializing the
AST using the native binary format used by mypy. This will eventually replace
the current mypy parser, which uses the Python stdlib ast module for parsing.
