BSD Commit Log Search

   inkscape: fix macos install

   Inkscape no longer adds an extra 0 to its libraries on macOS.

   naev: fixed PLIST

   doc: Updated editors/vim-share to 9.2.0496

   Update to version 9.2.0496.

   Changes:
   - patch 9.2.0496: [security]: Code Injection in cucumber filetype plugin
   - patch 9.2.0495: [security]: runtime(netrw): code injection via NetrwBookHistSave()
   - runtime(just): add 'suffixesadd' to ftplugin
   - runtime(sh): Do not conflate empty array and function declarations in Bash
   - patch 9.2.0494: User commands cannot handle single args with spaces
   - patch 9.2.0493: popup: missing  Popup, PopupBorder and PopupTitle hi groups
   - patch 9.2.0492: popup: decoration wrongly drawn with clipping on border
   - CI: Update clang to v22
   - runtime(htmldjango): Add syntax highlighting of comparison operators
   - runtime(django): Resolve FIXME of comparrison operators + localization tags
   - ccfilter: uses unbounded strcat()/strcpy()
   - NSIS: Don't install 32-bit dll on ARM64

   Tickets #288 - #292

   Pull up following revision(s) (requested by hgutch in ticket #292):

        external/mit/xorg/tools/fc-cache/Makefile: revision 1.24

   Build fc-cache tool with -std=gnu99 instead of -std=c99 to get necessary
   function prototypes on gcc-14/glibc build hosts.

   Tickets #1267 and #1268

   Pull up following revision(s) (requested by isaki in ticket #1268):

        etc/etc.luna68k/MAKEDEV.conf: revision 1.12

   luna68k: Add missing audio devices to MAKEDEV.

   Pull up following revision(s) (requested by isaki in ticket #291):

        etc/etc.luna68k/MAKEDEV.conf: revision 1.12

   luna68k: Add missing audio devices to MAKEDEV.

   Pull up following revision(s) (requested by riastradh in ticket #290):

        usr.sbin/inetd/inetd.h: revision 1.7
        usr.sbin/inetd/inetd.h: revision 1.8
        usr.sbin/inetd/inetd.c: revision 1.142
        tests/usr.sbin/inetd/Makefile: revision 1.3
        usr.sbin/inetd/parse_v2.c: revision 1.8
        usr.sbin/inetd/inetd.8: revision 1.69
        tests/usr.sbin/inetd/t_accept_max.sh: revision 1.1
        tests/usr.sbin/inetd/t_accept_max.sh: revision 1.2
        distrib/sets/lists/tests/mi: revision 1.1418
        usr.sbin/inetd/parse.c: revision 1.6

        (all via patch)

   Fix various typos in comments.

   Add an optional accept limit to stream/nowait services.
   Old syntax:

    [18 lines not shown]

   Pull up following revision(s) (requested by riastradh in ticket #289):

        usr.bin/ruptime/ruptime.c: revision 1.16
        usr.sbin/inetd/ratelimit.c: revision 1.3

   fix a couple of "allocate too little" issues GCC 14 pointed out.
   both ruptime and inetd allocate a less-than-struct-sized space and
   assign it to a struct pointer.  neither of them actually use more
   than the allocated memory, but this is still dodgy and technically
   wrong.  just allocate the right size.

   Pull up following revision(s) (requested by christos in ticket #288):

        crypto/external/bsd/openssh/dist/sshd-session.c: revision 1.13
        crypto/external/bsd/openssh/dist/sshd-auth.c: revision 1.6

   PR/60270: Jose Luis Duran: Add back accidentally removed probes.

   PR bin/60275 discard even less arriving signals

   Avoid signals arriving immediately after a fork() (or vfork())
   by blocking everything (everything possible) while the fork()
   happens, in the parent, for (close to) the minimum possible time,
   in the child, until it has its state init'd enough that it is
   safe for signals to arrive.

   Further, if a signal does arrive (in a child) which was trapped
   in the parent, but hasn't been cleaned up fully yet, instead of
   simply ignoring it, send it to ourselves, after setting its state
   to SIG_DFL (which is what would eventually happen to a trapped
   signal anyway).   If that doesn't kill us, then we will end up
   (harmlessly) setting the state to SIG_DFL again later as would happen
   if the signal hadn't arrived in this short window; we cannot record that
   it happened to avoid that, as we might be in a vforked child, and
   anything recorded by that would be visible back in the parent later
   (where the signal action was not changed).


    [12 lines not shown]

   Ticket #2012

   Pull up following revision(s) (requested by mrg in ticket #2012):

        sys/fs/cd9660/cd9660_rrip.c: revision 1.19

   cd9660: make sure that NM records are at least 5 bytes long.

   avoids an integer underflow when this length has 5 subtracted from it
   for a later path.

   Reported by Adam Crosser, Praetorian

   Pull up following revision(s) (requested by mrg in ticket #1267):

        sys/fs/cd9660/cd9660_rrip.c: revision 1.19

   cd9660: make sure that NM records are at least 5 bytes long.

   avoids an integer underflow when this length has 5 subtracted from it
   for a later path.

   Reported by Adam Crosser, Praetorian

   doc: Updated devel/py-nihtest to 1.11.1

   py-nihtest: update to 1.11.1.

   # 1.11.1 [2026-05-18]

   - Fix preload test on macOS.

   # 1.11.0 [2026-05-18]

   - Add support for preload on macOS.
   - Remove dependency on dateutil.

   build.sh: Make MAKEVERBOSE tests consistent.

   - Use "${MAKEVERBOSE}" to avoid trouble in case it has spaces or
     asterisks or whatever in the environment.

   - Default to 2 if it's not defined or empty.

   Should fix build.sh pkg=... without any -N argument or any
   MAKEVERBOSE set in the environment.

   doc: Updated www/firefox-l10n to 150.0.3

   www/firefox-l10n: Update to 150.0.3

   * Sync with www/firefox-150.0.3.

   doc: Fix directory name for previous

   doc: Updated www/firefox-150 to 150.0.3

   www/firefox: Update to 150.0.3

   * Builds on NetBSD 9 is broken. It is C++ issue in Rust style module.
     It seems that Rust build module does not select newer GCC from
     pkgsrc. I will revisit this later.
   * Webcam input is broken under NetBSD-current. It will be fixed in 151.

   Changelog:
   150.0.3:
   Fixed

     * Fixed an issue where characters entered into password fields could appear
       unmasked in print preview and printed pages. (Bug 2037803)

     * Various security fixes.

   Security fixes:
   Mozilla Foundation Security Advisory 2026-45
   #CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT

    [184 lines not shown]

   geography/qgis: Revbump due to spatialite

   doc: Updated geography/spatialindex to 2.0.0

   geography/spatialindex: Update to 2.0.0

   packaging NEWS:

     Note that 2.0.0 is not the latest release.  As described on qgis
     lists, 2.1.0 changed how nearest neighbor queries with custom
     functions work and it does not seem possible to use them correctly.
     Thus pkgsrc is avoiding 2.1.0, as recommended by qgis.

   Not mentioned in upstream NEWS:

     shlib version changed from 6.1.1 to 7.0.0

   upstream NEWS content;

     2.0.0 has been released on 07 JUNE 2024. There are no significant
     major enhancements or refactorings that should change any
     behaviors. It had been a long time (almost 5 years!) since a release
     and 2.0.0 was the next version number...

    [21 lines not shown]

   elftoolchain: Improve the instructions for importing from upstream.

   Updated mail/exim[-html]

   exim[-html]: updated to 4.99.3

   4.99.3
   This is a security release. It addresses CVE-2026-45185 (remote use-after-free via GnuTLS/CHUNKING).