uriparser: update to 1.0.0.
Security fix release.
2025-12-15 -- 1.0.0
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Fixed: [CVE-2025-67899]
Protect from stack overflow during parsing by dissolving all 13 cases
of recursion, both direct and indirect. The attack vector was long
(or crafted) URI input. The known impact is denial of service or more.
Thanks for the report to Sergey Svistunov!
Thanks for in-depth review to Tim Düsterhus! (sponsored by Tideways GmbH)
Thanks for C callgraph tool "egypt" (https://www.gson.org/egypt/)
to Andreas Gustafsson and for "dot_find_cycles.py" to Jason Antman!
(GitHub #282, GitHub #284)
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
* Changed: Start requiring a C99 compiler (GitHub #264, GitHub #273)
* Changed: Require CMake >=3.15.0 (GitHub #270)
[53 lines not shown]
pngcheck: update to 4.0.1.
4.0.1
This release builds on version 4.0.0 with the following improvements:
New Features
Added support for Content Credentials caBX chunk from PNG Fourth Edition
Added support for Apple iDOT chunk (now registered)
Added cICP autodetect for BT.601 PAL, SECAM and NTSC
Added validation that cICP chunk must accompany the use of mDCV
Build System Improvements
Added GitHub Actions CI for CMake and Make builds on Ubuntu, macOS, and Windows
Required zlib library as a non-optional dependency
Auto-detect Windows platform without requiring the WIN32 macro
Imported the wildargs library for automatic wildcard argument expansion on Windows
[23 lines not shown]
shells/fish: fix build
Disable dynamic linking against pkgsrc pcre2, otherwise fish fails the
runtime library search path check.
This will be reported upstream.
doc: Note update of mail/roundcube and related pacakges to 1.6.12
mail/roundcube
mail/roundcube-plugin-enigma
mail/roundcube-plugin-password
mail/roundcube-plugin-zipdownload
mail/roundcube: update to 1.6.12
This release contains security related fixes, last two items.
Roundcube 1.6.12 (2025-12-14)
* Support IPv6 in database DSN (#9937)
* Don't force specific error_reporting setting
* Fix compatibility with PHP 8.5 regarding array_first()
* Remove X-XSS-Protection example from .htaccess file (#9875)
* Fix "Assign to group" action state after creation of a first group (#9889)
* Fix bug where contacts search would fail if `contactlist_fields` contained
vcard fields (#9850)
* Fix bug where an mbox export file could include inconsistent message
delimiters (#9879)
* Fix parsing of inline styles that aren't well-formatted (#9948)
* Fix Cross-Site-Scripting vulnerability via SVG's animate tag
* Fix Information Disclosure vulnerability in the HTML style sanitizer
sysutils/gravityfile: import package
Where mass accumulates, attention should follow.
A file system analyzer with an interactive TUI, built in Rust.
Features
- Interactive TUI - Beautiful terminal interface with vim-style navigation
- Parallel Scanning - Fast directory traversal using jwalk
- Duplicate Detection - Find duplicate files using BLAKE3 hashing with
partial-hash optimization
- Age Analysis - Identify stale directories and analyze file age distribution
- Drill-Down Navigation - Explore directories without rescanning
- Command Palette - Vim-style : commands for power users
- Multiple Themes - Dark and light theme support
- Library-First Design - Use as a library or standalone tool
- Export Support - Export scan results to JSON
shells/oh-my-posh: update to 28.3.0
Bug Fixes
dynamic Windows cache sizing with automatic growth (67a26ea)
shell: use safe parameter checks in bash/zsh init for set -u compatibility (f5026df)
themes: migrate to version 4 (367f5e8)
Features
kubectl: add cluster_aliases property (67fadc1), closes #7049
language: add default tooling option (d63203c)
python: add UV package manager support (4331698)
textproc/treemd: update to 0.5.3
[0.5.3] - 2025-12-13
Added
Styled keybinding hints footer - New context-aware footer bar showing relevant keybindings
Styled key badges with theme colors (help_key_bg, help_key_fg, help_desc_fg, footer_bg)
Hints update based on current mode (Normal, Interactive, LinkFollow, DocSearch, etc.)
Element-specific hints in interactive mode (Checkbox, Table, Link, Details, CodeBlock, Image)
Table mode shows cell navigation hints (j/k Row, h/l Col, e Edit, y Copy)
Vim-style count prefixes - Repeat motions with numeric prefixes like vim
5j moves down 5 items, 10k moves up 10 items
Works in Normal mode (outline/content navigation) and Interactive mode
Supports: j/k navigation, h/l table columns, content scrolling
0 without count goes to first item (vim behavior preserved)
Link follow mode still uses 1-9 for direct link jumping
Collapse/Expand commands - New command palette commands for outline management
[82 lines not shown]
devel/git-cliff: update to 2.11.0
2.11.0 - 2025-12-14
⛰️ Features
(changelog) Support failing on unmatched commits (#1298) - (a22a1a3)
(integration) Add support for azure devops (#1283) - (ef65be6)
(repo) Improve repository/directory path resolution (#1290) - (7b1825b)
(template) Add split_regex, replace_regex, find_regex filters (#1287) - (8270084)
🐛 Bug Fixes
(args) Set the include-path if workdir is set (#1293) - (50b8312)
(bump) Write bumped version to stdout even when output config is set (#1307) - (314ff57)
(remote) Use optional default branch for GitLab (#1305) - (d3cb938)
(repo) Always discover repositories - (b4db79f)
(workdir) Use the correct glob value for include-path - (0fbc625)
🚜 Refactor
[21 lines not shown]
devel/ast-grep: update to 0.40.2
fix: exit status to 1 when no match #2392
fix: reject unknown keys for pattern #2390
fix: allow number in identifier #2387
chore(deps): update dependency @napi-rs/cli to v3.5.0 090fcd0
chore(deps): update dependency @ast-grep/napi to v0.40.1 ac69fd7
chore: bump lsp version 58138ad
