NetBSD/pkgsrc QzWEyYWdoc CHANGES-2026

   doc: Updated graphics/lerc to 4.1.1
VersionDeltaFile
1.4215+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 4RjjX1Rgraphics/lerc distinfo Makefile

   lerc: update to 4.1.1

   Fixed two security issues and some minor bugs.
   (The changelog does not say what they are!)
VersionDeltaFile
1.4+4-4graphics/lerc/distinfo
1.3+2-2graphics/lerc/Makefile
+6-62 files

NetBSD/pkgsrc 7cl7RGLnet/coturn Makefile

   net/coturn: Drop stray disabling of rpath

   There's no justification for it, and the server starts without it.
   With or without, RPATH is present.
VersionDeltaFile
1.14+1-3net/coturn/Makefile
+1-31 files

NetBSD/pkgsrc 8bofxYwinputmethod/canna-canuum Makefile

   canna-canuum: make terminal library selection more explicit

   Use ${IMAKEOPTS} to define a proper macro prepared
   (but not properly set by default) in Imakefile,
   rather than forcibly patching Imakefile via SUBST.
VersionDeltaFile
1.19+8-6inputmethod/canna-canuum/Makefile
+8-61 files

NetBSD/src DGR33RPusr.bin/make var.c dir.c, usr.bin/make/unit-tests varmod-match.mk dir.mk

   ModifyWord_Match allow for alternate patterns

   Allow :M*{/Makefile*,.mk} to match either */Makefile.* and *.mk
   Use \{ and \} to match literal braces.

   Add a couple of basic unit-tests.

   Reviewed by: rillig
VersionDeltaFile
1.1181+40-12usr.bin/make/var.c
1.299+12-9usr.bin/make/dir.c
1.394+12-3usr.bin/make/make.1
1.33+11-1usr.bin/make/unit-tests/varmod-match.mk
1.12+2-2usr.bin/make/unit-tests/dir.mk
1.50+2-1usr.bin/make/dir.h
+79-286 files

NetBSD/pkgsrc dsLnkgqdoc CHANGES-2026

   doc: Updated net/coturn to 4.14.0
VersionDeltaFile
1.4214+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc w3RlgUsnet/coturn distinfo Makefile

   net/coturn: Update to 4.14.0

   Upstream NEWS content, less bugfixes and minor improvements:

   Release 4.14.0

   - Add optional TLS transport for Redis connections (#1951) (Pavel Punsky <eakraly at users.noreply.github.com>)

   Release 4.13.1

   - Add per-source rate-limiting of UDP 401 Unauthorized responses (Pavel Punsky <eakraly at users.noreply.github.com>)
   - Deny link-local / ULA / site-local relay peers by default (#1947) (Pavel Punsky <eakraly at users.noreply.github.com>)
   - Auto-deny coturn's own database backend endpoints as relay peers (#1946) (Pavel Punsky <eakraly at users.noreply.github.com>)
   - Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks (#1945) (Pavel Punsky <eakraly at users.noreply.github.com>)

   Release 4.13.0

   - Add continuous latency mode to stunclient (#1937) (Pavel Punsky <eakraly at users.noreply.github.com>)
   - Enable --udp-recvmmsg by default on Linux (#1930) (Pavel Punsky <eakraly at users.noreply.github.com>)

    [15 lines not shown]
VersionDeltaFile
1.4+4-4net/coturn/distinfo
1.13+2-2net/coturn/Makefile
+6-62 files

NetBSD/pkgsrc Aw2RCl3inputmethod/canna distinfo, inputmethod/canna-lib Makefile

   canna-lib: remove an unnecessary patch

   Symlinks prepared by post-configure in canna-lib/Makefile is enough.
VersionDeltaFile
1.19+2-1inputmethod/canna-lib/Makefile
1.22+1-2inputmethod/canna/distinfo
1.3+1-1inputmethod/canna/patches/patch-lib_RKC_convert.c
+4-43 files

NetBSD/pkgsrc-wip 1db8a17muon build.mk Makefile

muon: Remove, used to update devel/muon
DeltaFile
+0-74muon/build.mk
+0-60muon/Makefile
+0-40muon/COMMIT_MSG
+0-19muon/DESCR
+0-8muon/distinfo
+0-3muon/PLIST
+0-2041 files not shown
+0-2057 files

NetBSD/pkgsrc xzgcnYWdoc CHANGES-2026

   doc: Updated devel/muon to 0.6.0
VersionDeltaFile
1.4213+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc taM7p9Cdevel/muon Makefile distinfo

   devel/muon: Update to 0.6.0

   - Fetch source archive from homepage (formerly the source archive was
     fetched from sourcehut)
   - Execute pkg-config (formerly libpkgconf was used)


   Changelog 0.6.0
   ===============
   - internals / language features
     - in script mode: refactor how scope works, all variable resolution
       happens at compile time, globals are disallowed.
       Improves performance and clarifies scoping rules.
       (github pr)[https://github.com/muon-build/muon/pull/241]
     - all memory is tracked an managed with an arena allocator.
       This should improve memory usage, performance, and developer
       ergonomics.
   - toolchains
     - toolchains are now defined in scripts:

    [21 lines not shown]
VersionDeltaFile
1.6+13-13devel/muon/Makefile
1.3+7-7devel/muon/distinfo
+20-202 files

NetBSD/pkgsrc ip8Kn8wlang/nodejs22 buildlink3.mk, lang/nodejs24 buildlink3.mk

   nodejs2*: add upper bounds so the proper versions are selected
VersionDeltaFile
1.6+2-2lang/nodejs22/buildlink3.mk
1.4+2-2lang/nodejs24/buildlink3.mk
+4-42 files

NetBSD/pkgsrc xzdIiQvlang/nodejs nodeversion.mk buildlink3.mk

   nodejs: update for nodejs 26 (current version)
VersionDeltaFile
1.24+6-6lang/nodejs/nodeversion.mk
1.34+2-2lang/nodejs/buildlink3.mk
1.66+1-3lang/nodejs/Makefile.common
+9-113 files

NetBSD/pkgsrc k85yMwwdoc CHANGES-2026

   Updated net/haproxy
VersionDeltaFile
1.4212+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc rzYQC85net/haproxy distinfo Makefile

   haproxy: updated to 3.4.2

   3.4.2
   - BUG/MEDIUM: mux_quic: fix memory leak of rx app_buf on stream free
   - BUG/MINOR: hq-interop: fix transcoding of wrapping response buffer
   - BUG/MINOR: hq-interop: support transcoding of absolute URI
   - BUG/MEDIUM: server: initialise agent.health in srv_settings_init()
   - BUG/MINOR: sample: set SMP_F_CONST on srv_name fetch
   - BUG/MEDIUM: servers: Use a refcount for port_range and free it properly
   - MINOR: hbuf: new lightweight hbuf API
   - BUG/MINOR: init: fix default global settings being overwritten by -G
   - BUG/MINOR: tools: fix invalid character detection in strl2ic()
   - BUG/MAJOR: htx: Don't swap buffers for empty HTX message with an error
   - BUG/MINOR: mux-quic: Fix handling EOM after in qcs_http_rcv_buf()
   - BUG/MINOR: http-htx: Don't by-pass HTX API when merging cookie values
VersionDeltaFile
1.152+4-4net/haproxy/distinfo
1.161+2-2net/haproxy/Makefile
+6-62 files

NetBSD/pkgsrc AWpO7Lddoc CHANGES-2026

   Updated net/opentofu, devel/py-faker
VersionDeltaFile
1.4211+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc ojA1KZAdevel/py-faker PLIST distinfo

   py-faker: updated to 40.28.1

   v40.28.1

   * Fix: compute valid ISO 7064 Mod 11,10 check digit for `de_DE` `vat_id`

   v40.28.0

   * Add `es_MX` automotive license plate provider

   v40.27.0

   * Add `sr_BA` SSN provider

   v40.26.0

   * Update providers job, phone_number, bank and ssn for pt_BR
   * Update phone number test regex for pt_BR. Thanks @fcurella.
VersionDeltaFile
1.73+67-1devel/py-faker/PLIST
1.113+4-4devel/py-faker/distinfo
1.119+2-2devel/py-faker/Makefile
+73-73 files

NetBSD/pkgsrc 1CrYi4lnet/opentofu distinfo go-modules.mk

   opentofu: updated to 1.12.3

   1.12.3

   BUG FIXES:

   Properly handle TF_ENCRYPTION with only blank spaces.
   The value resulted from the lifecycle.enabled evaluation now has its deprecation marks processed correctly
   Update documentation to clarify the usage restriction of ephemeral values in lifecycle.enabled.
   tofu console -lock=false now works as intended.

   SECURITY ADVISORIES:

   Previous releases in the v1.12 series could read an arbitrary file during certain git operations via a maliciously crafted URL
   Advisory: GHSA-q7j3-v8qv-22vq
VersionDeltaFile
1.2+1,414-3,274net/opentofu/distinfo
1.3+471-1,091net/opentofu/go-modules.mk
1.2+3-27net/opentofu/DESCR
1.22+5-6net/opentofu/Makefile
+1,893-4,3984 files

NetBSD/pkgsrc eidcw5zdoc CHANGES-2026

   Updated devel/py-zope.testing, devel/py-treq
VersionDeltaFile
1.4210+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc VzJpyoGdevel/py-treq distinfo Makefile

   py-treq: updated to 26.7.0

   26.7.0 (2026-07-01)

   Features

   - Document support for Python 3.14.
   - PyPy 3.11 is now supported, and PyPy 3.9 and 3.10, which are no longer well-supported by the ecosystem, have been dropped.

   Bugfixes

   - treq no longer vendors the ``multipart`` library, now that it no longer has import conflicts with ``python-multipart``.
   - Fix building documentation with Sphinx 9.1.0.

   Deprecations and Removals

   - treq no longer depends on `requests`. Consequently, the ``cookies()`` method no longer returns a `requests.cookies.RequestsCookieJar <https://requests.readthedocs.io/en/latest/api/#requests.cookies.RequestsCookieJar>`_. Instead, it returns `treq.cookies.IndexableCookieJar`, which implements ``__getitem__`` as a compatibility shim. We have *not* attempted to maintain full dict-interface compatibility with ``RequestsCookieJar``, as many of its interface extensions are difficult to use securely because they obscure the relationship between cookies and domains. treq interfaces still accept a ``request.cookies.RequestsCookieJar`` as the *cookies* parameter, like any `http.cookiejar.CookieJar` subclass.
   - Support for Python 3.8, which has reached end of support, has been dropped.
VersionDeltaFile
1.10+4-4devel/py-treq/distinfo
1.16+3-4devel/py-treq/Makefile
1.7+1-4devel/py-treq/PLIST
+8-123 files

NetBSD/pkgsrc RARxY1Xdevel/py-zope.testing distinfo Makefile

   py-zope.testing: updated to 6.2

   6.2 (2026-07-03)

   - Add support for Python 3.15.

   - Deprecate ``zope.testing.doctestcase`` in favour of plain ``doctest``
     (e.g. ``doctest.DocTestSuite`` or ``doctest.DocFileSuite``).

   - Move package metadata from setup.py to pyproject.toml.
VersionDeltaFile
1.11+4-4devel/py-zope.testing/distinfo
1.12+3-3devel/py-zope.testing/Makefile
+7-72 files

NetBSD/src Ci4gjpOsys/arch/aarch64/include armreg.h

   Fix ID_AA64PFR0_EL1_SEL2 definition - it's unused at present
VersionDeltaFile
1.77+2-2sys/arch/aarch64/include/armreg.h
+2-21 files

NetBSD/src wbEeJWCsys/arch/aarch64/include armreg.h

   Use __BITS(hi,lo) for consistency
VersionDeltaFile
1.76+2-2sys/arch/aarch64/include/armreg.h
+2-21 files

NetBSD/pkgsrc LybWzCHdoc CHANGES-2026

   Updated security/gnupg2, security/libjwt
VersionDeltaFile
1.4209+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc RQEujQvgraphics/tiff Makefile

   graphics/tiff: Move c99 to USE_CC_FEATURES

   from the deprecated location in USE_LANGUAGES.  NFCI.
VersionDeltaFile
1.174+3-2graphics/tiff/Makefile
+3-21 files

NetBSD/src 4EJ10oosys/arch/aarch64/aarch64 locore_el2.S

   Improve comment format
VersionDeltaFile
1.14+5-5sys/arch/aarch64/aarch64/locore_el2.S
+5-51 files

NetBSD/pkgsrc mU69ycAsecurity/libjwt PLIST distinfo

   libjwt: updated to 3.6.1

   LibJWT 3.6.1 is a small test-portability patch release.

   The in-process HTTP server used by the cached-JWKS test cast write() to (void) to ignore its result. glibc marks write() warn_unused_result, and the (void) cast does not suppress that warning on newer glibc, so the -Werror test build failed. The result is now asserted with ck_assert_int_gt(write(...), 0).

   This is ABI-compatible with 3.6.0: no library source changed, so the exported symbol set is identical and per the libtool rules only the SONAME revision advances (18:0:4 → 18:1:4). The SONAME stays libjwt.so.14 and existing binaries keep working.
VersionDeltaFile
1.9+171-2security/libjwt/PLIST
1.10+4-4security/libjwt/distinfo
1.12+2-3security/libjwt/Makefile
+177-93 files

NetBSD/pkgsrc g243QkTsecurity/gnupg2 Makefile distinfo, security/gnupg2/patches patch-sm_decrypt.c

   gnupg2: updated to 2.5.21

   Noteworthy changes in version 2.5.21 (2026-07-02)

   * New and extended features:

     - gpg, gpgsm: Use partial file on decryption, remove on failure.
       Disable with "--compatibility-flags=no-partial-file-guard".

     - gpg: Use the INT_RCP_FPR subpacket in revocation signatures.

     - Create a pkgversioninfo.txt file when building using the speedo
       build system.

   * Bug fixes:

     - gpg: Fix potential use-after-free in batch key generation when
       handling the keyserver URL option.


    [18 lines not shown]
VersionDeltaFile
1.179+3-9security/gnupg2/Makefile
1.99+4-5security/gnupg2/distinfo
1.2+1-1security/gnupg2/patches/patch-sm_decrypt.c
+8-153 files

NetBSD/pkgsrc ztaUV1fdoc CHANGES-2026

   doc: Updated graphics/tiff to 4.7.2
VersionDeltaFile
1.4208+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc qIep7nDgraphics/tiff distinfo PLIST

   graphics/tiff: Update to 4.7.2

   Upstream NEWS:
     micro release
     a very large number of bugfixes, including integer overflows

   * Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer()
     (:issue:`781`)
VersionDeltaFile
1.111+4-4graphics/tiff/distinfo
1.37+6-1graphics/tiff/PLIST
1.173+4-3graphics/tiff/Makefile
+14-83 files