tigervnc: update to 1.16.2.
1.16.2
This is a second attempt at a bug fix release for the security
issue in x0vncserver. The TigerVNC 1.16.1 release unfortunately
had all fixes except the security fix.
Apologies for the extra noise and confusion.
1.16.1
The bug fix release TigerVNC 1.16.1 is now available. This release
is primarily a security release to fix an issue in x0vncserver,
where other users can observe and manipulate the screen contents.
Users of x0vncserver are advised to update immediately.
The release also contains a fix for using the Plain security type
with the new w0vncserver, as well as some translation updates.
py-textual: update to 8.2.1.
8.2.1
Fixes a crash when a selected widget is removed while selecting
8.2.0
This release enhances text selection, with auto-scrolling, and the ability to select across container widgets.
This work was sponsored by Mistral AI.
py-setuptools_scm: update to 10.0.5.
## 10.0.5 (2026-03-27)
### Fixed
- Allow `dump_version()` deprecation warning to be silenced by passing `scm_version=None`. ([#1286](https://github.com/pypa/setuptools-scm/issues/1286))
- Remove `[tool.uv.sources]` from `setuptools-scm/pyproject.toml` to fix sdist builds outside the workspace — the workspace root already declares the source mapping for development. ([#1330](https://github.com/pypa/setuptools-scm/issues/1330))
## 10.0.4 (2026-03-27)
### Fixed
- Anchor ``get_version`` in ``setup.py`` with ``relative_to`` and ``fallback_root`` so SCM fallbacks (e.g. ``PKG-INFO``) do not resolve against the wrong directory when the build cwd is the workspace or repo root. ([#1302](https://github.com/pypa/setuptools-scm/issues/1302))
- Enter ``GlobalOverrides`` for ``SETUPTOOLS_SCM`` when using ``setuptools_scm.get_version`` / ``_get_version``, avoiding implicit context warnings for direct API callers. ([#1314](https://github.com/pypa/setuptools-scm/issues/1314))
### Miscellaneous
[58 lines not shown]
devel/py-vcs-versioning: import py-vcs-versioning-1.1.1
Core VCS versioning functionality extracted as a standalone library
that can be used independently of setuptools.
www/zoraxy: Add new port
www/zoraxy: Add Zoraxy reverse proxy
Zoraxy is a general-purpose HTTP reverse proxy and forwarding tool
written in Go. It provides a web-based interface for managing
reverse proxy rules, routing, and access control.
Features:
- Web-based management interface
- Reverse proxy and forwarding capabilities
- Plugin support
- Lightweight and self-contained (no external web server required)
WWW: https://github.com/tobychui/zoraxy
Sponsored by: Netzkommune GmbH
py-requests: update to 2.33.0.
2.33.0 (2026-03-25)
--------------------
**Announcements**
- 📣 Requests is adding inline types. If you have a typed code base that
uses Requests, please take a look at #7271. Give it a try, and report
any gaps or feedback you may have in the issue. 📣
**Security**
- CVE-2026-25645 ``requests.utils.extract_zipped_paths`` now extracts
contents to a non-deterministic location to prevent malicious file
replacement. This does not affect default usage of Requests, only
applications calling the utility function directly.
**Improvements**
- Migrated to a PEP 517 build system using setuptools. (#7012)
[10 lines not shown]
dpaa2: Perform bus_dma pre-write sync before enqueue operation
Without a proper synchronization payload of the egress TCP segments
can be corrupted as tuexen@ described in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292006#c31.
This patch is indirectly related to 292006 because a properly enabled
and announced support for the TX checksum offloading hides potentially
corrupted frame payload.
NOTE: Returned back with updated placeholders.
PR: 292006
Reported by: tuexen@
Reviewed by: tuexen@
Tested by: dsl@, tuexen@
Differential Revision: https://reviews.freebsd.org/D56144
MFC after: 3 days
[LLVM] remove redundant uses of dyn_cast (NFC) (#189105)
This removes dyn_cast invocations where the argument is already of the
target type (including through subtyping). This was created by adding a
static assert in dyn_cast and letting an LLM iterate until the code base
compiled. I then went through each example and cleaned it up. This does
not commit the static assert in dyn_cast, because it would prevent a lot
of uses in templated code. To prevent backsliding we should instead add
an LLVM aware version of
https://clang.llvm.org/extra/clang-tidy/checks/readability/redundant-casting.html
(or expand the existing one).
dpaa2: Perform bus_dma pre-write sync before enqueue operation
Without a proper synchronization payload of the egress TCP segments
can be corrupted as tuexen@ described in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292006#c31.
This patch is indirectly related to 292006 because a properly enabled
and announced support for the TX checksum offloading hides potentially
corrupted frame payload.
PR: 292006
Reported by: tuexen@
Reviewed by: ...
Tested by: dsl@
Differential Revision: <https://reviews.freebsd.org/D###>
MFC after: 3 days
py-puremagic: update to 2.1.1.
Version 2.1.1
-------------
- Fixing #141 deep scan no longer overrides valid binary format matches (e.g. JPEG) for files without extensions (thanks to marph91)
Remove useless memory barriers in igmp and mld6 timer.
Multicast timers are protected by poper locks. The shortcut that
avoids locking when no timers are scheduled, does not need an
additional membar.
OK mvs@
