Update textproc/gemtext2html to 1.1
* Includes encoding in <meta> tag.
* Includes xmlns in <html> tag for XHTML compatibility.
* Allows specifying a prefix for local links.
* Makes e-mail address links a separate link class.
* Adds SVG to default list of image formats.
ham/hamlib: Update to 4.7.2
Upstream NEWS, less bugfixes and minor improvements:
Version 4.7.2
* 2026-06-21
* rigctld: Fix send_raw stack out-of-bounds write and uninitialized memory;
CVE-2026-54634/GitHub GHSA-gpcq-c37x-pr4. (TNX George Baltz)
* rigctld: Fix stack/heap overflow primitive in read_string_generic +
auth bypass in rigctld + weak password handling; GitHub GHSA-f72v-7gmh-m9mj.
(TNX George Baltz)
Update committed in freeze, because:
- micro update
- good upstream history of micro being micro
- 6 dependencies (<25)
- carries CVE and would be pulled up anyway
and
- 5 deps build, and freedv is broken by a codec2 update
jq: update to 1.8.2.
Security fix release.
Ok leot@
# 1.8.2
This is a patch release with security fixes and bug fixes since 1.8.1, along with new builds for Windows arm64 and Docker arm/v7.
Full commit log can be found at <https://github.com/jqlang/jq/compare/jq-1.8.1...jq-1.8.2>.
## Security fixes
- CVE-2026-32316: Fix heap buffer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad`.
@itchyny e47e56d226519635768e6aab2f38f0ab037c09e5
- CVE-2026-33947: Limit path depth to prevent stack overflow in `jv_setpath`, `jv_getpath`, `jv_delpaths`.
@itchyny fb59f1491058d58bdc3e8dd28f1773d1ac690a1f
- CVE-2026-33948: Fix NUL truncation in the JSON parser.
@itchyny 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
[88 lines not shown]
(devel/R-pkgload) Updated 1.4.0 to 1.5.3, this is needed for fixing R-devtools packaging
# pkgload 1.5.3
* When reloading a package, `load_all()` now runs the unload hooks of the
previously loaded package (`.onUnload()` and user hooks registered with
`setHook()`), whether it was loaded with pkgload or regularly. The old
namespace and its DLL are still kept loaded so that dangling references
continue to work, and errors thrown from `.onUnload()` are demoted to
warnings so that they can't prevent reloading (#253).
# pkgload 1.5.2
* Better handling of S7 topics (#332).
# pkgload 1.5.1
* Fixes for CRAN checks.
[23 lines not shown]
(geography/R-sf) Updated 1.0.19 to 1.1.1, fix build against R-4.6.0
# version 1.1-1
---------------
* use RAII in functions calling GEOS for handling context, based on
how terra does this; #2604
* `st_graticule()` simplifies output lines; #1364
* `dplyr::count()` drops geometries if `.drop_geom = TRUE` is set;
#2596
* better handle graticules crossing the antemeridian; #2561
* add the option `by_element = TRUE` to binary geometry predicates,
measures and transformers; #2594 and #2595 by @rariariari w. help
from Claude
* add `MULTISURFACE` and `CURVEPOLYGON` to vctrs methods; #2589 #2601
[100 lines not shown]
py-pdf: update to 6.13.3.
Security fix release.
Security (SEC)
Apply MAX_DECLARED_STREAM_LENGTH to streams without length as well (#3871) by @stefan6419846
Performance Improvements (PI)
Avoid per-pixel getpixel loop for 1-bit indexed images (#3854) by @Samuel-Harris
Robustness (ROB)
Several fixes by @metsw24-max
Maintenance (MAINT)
Make mypy assert messages consistent (#3849) by @j-t-1
mail/mutt: Update to version 2.4.0
Changes since version 2.3.3:
! Maildir folders are now only recognized if they contain cur, new, and tmp
subfolders. Previously mutt only checked for the cur subfolder when
opening.
! --without-wc-funcs configure option is deprecated.
+ New functions <open-thread>, <open-all-threads>, <close-thread>,
<close-all-threads> were added to explicitly open/close a thread, in
addition to the thread toggle functions.
+ $tmpdraftdir, defaulting /var/tmp, sets the directory where message
composition drafts are saved.
! --textmode is no longer required for pgp classic mode signing, although
mutt still keeps the flags in the sample config files.
! ~C and ~L patterns match Bcc recipient lists too.
! When querying for addresses, via <query> or <complete-query>,
the query menu can be exiting via <quit> after tagging entries.
Previously, <select-entry> had to be used for tagged entries to be
processed.
[10 lines not shown]
py-msgpack: update to 1.2.1.
Security fix release.
1.2.1
Bump pypa/cibuildwheel from 4.0.0 to 4.1.0 in the all-dependencies group by @dependabot[bot] in #694
release v1.2.1 by @methane in #698
1.2.0
relax setuptools version by @methane in #652
update setuptools requirements to >=78.1.1 by @methane in #653
cython: freethreading_compatible by @methane in #654
drop Python 3.9 by @methane in #656
update cython and cibuildwheel by @methane in #658
ci: add riscv64 manylinux/musllinux wheels by @justeph in #664
fix: check unpack_callback_uint32 result by @KowalskiThomas in #666
fix: re-raise existing exception when available by @KowalskiThomas in #667
[23 lines not shown]
plasma6-plasma-workspace: mark as BROKEN
to save others investigating this build issue
Needs wip/plasma6-kwin to build, which needs pipewire... both can be
imported after the freeze.
