BSD Commit Log Search

   qtcreator: updated to 19.0.1

   Qt Creator version 19.0.1 contains bug fixes.

   General

   Fixed

   * That preferences for newly enabled plugins were only available after restart
   * Various issues with marking the `Preferences` as dirty
   * A possible crash when opening the `About Qt Creator` dialog multiple times
   * That using the keyboard shortcut for `Advanced Find` did not raise the search
     widget
   * Model Context Protocol
       * A crash when using the `quit` action

   Editing

   Fixed

    [16 lines not shown]

   doc: Updated textproc/gsed to 4.10

   gsed: update to 4.10.

   * Noteworthy changes in release 4.10 (2026-04-21) [stable]

   ** Bug fixes

     sed 's/a/b/g' (and other global substitutions) now works on input
     lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
     would evoke a "panic" (exit 4).
     [bug present since the beginning]

     'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
     an attacker swap a symlink between resolution and open, causing sed to
     read attacker-chosen content and write it to the original target.
     [bug introduced in sed 4.1e]

     sed no longer falsely matches when back-references are combined with
     optional groups (.?) and the $ anchor.  For example, this no longer
     falsely matches the empty string at beginning of line:

    [49 lines not shown]

   aarch64: add pmap_test_mod_ref support

   Currently fails for non-ARMV81_HAFDBS kernels

   Updated meta-pkgs/qt6

   qt6: updated to 6.11.1

   6.11.1
   Bug fixes

   nist_hash_drbg: Fix citation to standard.

   - Note that it's Rev. 1.
   - Provide a URL.
   - Link also to the test vectors.
   - And link to an archive of the test vectors, just in case.

   virtio(4): Allow virtio 0.9 BAR0 type to be memory rather than I/O.

   This matches virtio>=1.0, and can't break working `hardware': any
   existing virtio devices that worked must have reported I/O-type BAR0,
   so they will continue to work; this will only enable previously
   unusable virtio devices, reporting memory-type BAR0, to work.

   Patch from Petri Koistinen.

   PR kern/60247: virtio(4): legacy attach fails when BAR0 is MMIO

   openssl: Disentangle thread-local initialization logic.

   https://github.com/openssl/openssl/issues/31166
   https://github.com/openssl/openssl/pull/31167
   PR lib/60244: openssl 3.5.6 pullup can emit pthread warnings on init

   math/py-numpy: Undo unintentional part of previous commit.

   PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around

   math/py-numpy: Tweak workaround for missing log2l/log1pl/expm1l.

   1. Put it in npy_math.c as needed by _umath_linalg.so.

   2. Limit it to NetBSD<10, since NetBSD>=10 has at least stubs (just
      like this workaround implements, in terms of double functions) if
      not proper long double implementations (NetBSD>=11).

   Fixes:

   >>> import numpy
   ...
   ImportError: /home/riastradh/pkgsrc/current/pkg/lib/python3.11/site-packages/numpy/linalg/_umath_linalg.so: Undefined PLT symbol "log1pl" (symnum = 20)

   PR pkg/60256: devel/py-numpy: log1pl workaround no longer works around

   py-cryptography reqires openssl3, make it so

   PR 60255 by riastradh

   doc: Updated sysutils/lima to 2.1.1

   sysutils/lima: update to version 2.1.1

   The default docker template still does not boot on my NetBSD host, but
   the docker.lima wrapper worked for me just fine when using debian-13
   instead, and installing docker.io there.

   Tested on NetBSD/amd64.

   Changes since version 2.1.0:

   * Binary release:
     - Add Windows artifacts (#4789)
   * macOS guest:
     - Allow unusual range of UID (#4171, thanks to @balajiv113)
   * vz:
     - Honor audio.device=none (#4762, thanks to @BizerNotNull)
   * nerdctl:
     - Update from v2.2.1 to v2.2.2 (#4787)
       . This release of the nerdctl distribution updates BuildKit

    [59 lines not shown]

   fix so that it works out of the box (from RVP)

   Add a missing empty line

   Pullup tickets #7110 and #7111

   Pullup ticket #7111 - requested by morr
   editors/vim: security fix

   Revisions pulled up:
   - editors/vim-share/PLIST                                       1.88
   - editors/vim-share/distinfo                                    1.232-1.233
   - editors/vim-share/patches/patch-feature.h                     1.9
   - editors/vim-share/patches/patch-popupwin.c                    1.4
   - editors/vim-share/patches/patch-vim.h                         1.4
   - editors/vim-share/version.mk                                  1.168-1.169

   ---
      Module Name:    pkgsrc
      Committed By:   morr
      Date:           Wed May  6 20:26:50 UTC 2026

      Modified Files:
              pkgsrc/editors/vim-share: PLIST distinfo version.mk
              pkgsrc/editors/vim-share/patches: patch-feature.h patch-popupwin.c

    [124 lines not shown]

   Pullup ticket #7110 - requested by taca
   graphics/lcms2: security fix

   Revisions pulled up:
   - graphics/lcms2/Makefile                                       1.24
   - graphics/lcms2/distinfo                                       1.17

   ---
      Module Name:      pkgsrc
      Committed By:     wiz
      Date:             Thu Apr 30 05:13:08 UTC 2026

      Modified Files:
        pkgsrc/graphics/lcms2: Makefile distinfo

      Log Message:
      lcms2: update to 2.19.

      All tests pass.

    [67 lines not shown]

   Pullup tickets up to #7109

   Pullup ticket #7104 - requested by taca
   lang/ruby34: security fix

   Revisions pulled up:
   - lang/ruby/rubyversion.mk                                      1.321
   - lang/ruby34/Makefile                                          1.8
   - lang/ruby34/distinfo                                          1.14
   - lang/ruby34/patches/patch-lib_erb.rb                          1.1
   - lang/ruby34/patches/patch-lib_erb_version.rb                  1.1
   - lang/ruby34/patches/patch-test_erb_test__erb.rb               1.1

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Wed May  6 05:15:35 UTC 2026

      Modified Files:
        pkgsrc/lang/ruby: rubyversion.mk
        pkgsrc/lang/ruby34: Makefile distinfo

    [10 lines not shown]

   doc: Updated textproc/p5-YAML-Syck to 1.45

   p5-YAML-Syck: update to 1.45.

   1.45 Apr 23 2026

     [Bug Fixes]
     - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
       in base64 encode/decode buffers; also plugs a memory leak (PR #189)
     - Fix: clear type tag on blessed scalar alias early-return so the stale
       tag no longer leaks onto the next emitted item (GH #193, PR #194)
     - Fix: negative float#base60 values produce wrong results; strip sign
       before accumulating and avoid negative zero for portable
       stringification (PR #191)
     - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
       (PR #192)

     [Maintenance]
     - Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
     - Test: add error handling coverage for LoadFile/DumpFile (PR #190)
     - Update README

    [149 lines not shown]

   doc: Updated www/p5-libwww to 6.83

   p5-libwww: update to 6.83.

   6.83      2026-05-12 11:41:48Z
       - LWP::UserAgent now strips Authorization and Proxy-Authorization headers
         on cross-origin redirects (a different scheme, host, or port) to prevent
         credential leakage to the redirect target. Same-origin redirects retain
         credentials. Opt out with allow_credentialed_redirects => 1.
         CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
         Palmquist.
       - LWP::UserAgent now refuses https to http redirects by default to prevent
         leaking remaining request headers and bodies over plaintext. Opt in with
         allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
         Stig Palmquist.

   doc: Updated www/cgit to 1.3nb1

   cgit: install man page

   While here, simplify package.

   Bump PKGREVISION.

   Fixes PR 60252.

Update www/cgit: Trying to solve: "pkg/60252: www/cgit: missing cgitrc(5) man page" for learning purposes...

   doc: Updated games/greed to 5.0

   greed: update to 5.0.

   Ported to Rust.