BSD Commit Log Search

   "overtaken" is actually more widespread than "overcome" by events

py-homeassistant: Rototill for NetBSD 10

and abandon NetBSD9 9.  (If you are on 9 and trying to run HA, you
should update.)

Switch to py314, because HA has.

   doc: Updated textproc/expat to 2.7.5

   expat: update to 2.7.5.

   Ok maya@

   Release 2.7.5 Tue March 17 2026
           Security fixes:
              #1158  CVE-2026-32776 -- Fix NULL function pointer dereference for
                       empty external parameter entities; it takes use of both
                       functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
        #1161 #1162  CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START
                       infinite loop in function entityValueProcessor; it takes
                       use of both functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
              #1163  CVE-2026-32778 -- Fix NULL dereference in function setContext
                       on retry after an earlier ouf-of-memory condition; it takes
                       use of function XML_ParserCreateNS or XML_ParserCreate_MM

    [31 lines not shown]

   +OBE overcome by events

   s/reognizes/recognizes/ and s/unrecogized/unrecognized/ in comments.

   expat 2.7.5 out, another security fix release

   Ajust patterns for xen*418 and xen*420; all known vulnerabilities are fixed
   in the latest version

   Updated sysutils/xenkernel418 to 20260317
   Updated sysutils/xentools418 to 20260317

   Update xenkernel418 and xentools418 to 20260317

   Changes since 20250701: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481

   doc: Updated security/libssh to 0.114

   pkg-vulnerabilities: mark libssh vulns as fixed and adjust versions.

   We package libssh-0.11.4 as 0.114, for historical reasons, as mentioned
   in the package Makefile. Thus, 'libssh<0.11.2' never fires, so adjust
   all the 0.11.x vulnerabilities accordingly.

   libssh: update to 0.11.4

   This is a stable release in the 0.11 series. There is also 0.12.0
   available, but this has less potential for breakage, I assume.

   version 0.11.4 (released 2026-02-10)
    * Security:
      * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
        on Windows
      * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
      * CVE-2026-0965: Possible Denial of Service when parsing unexpected
        configuration files
      * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
      * CVE-2026-0967: Specially crafted patterns could cause DoS
      * CVE-2026-0968: OOB Read in sftp_parse_longname()
      * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
        extensions
    * Stability and compatibility improvements of ProxyJump


    [31 lines not shown]

   libhidapi: reduce diffs from ustream implementation.

   Tested with ch32fun and UIAPduino on NetBSD/i386 10.1 with
   both ohci and xhci.
   Also sync DESCR with the latest version.

   Updated sysutils/xenkernel420 to 20260317
   Updated sysutils/xentools420 to 20260317
   Updated sysutils/xenstoretools to 20260317

   Update xenkernel420, xentools420 and xenstoretools to 20260317.
   Changes since 20251113: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481

   gst-plugins1-bad: PLIST.Linux: sync

   Do the same for m68ksf as for m68k with regard to fno-stack-protector.

   PR/59415: ssszcmawo: group(8) can rename a group to an existing group name

   PR/60086: Andrew Parker: cgdconfig may not always find ZFS device labels
   Updated cgdconfig to use the same alignment function as zdb
   (external/cddl/osnet/dist/cmd/zdb/zdb.c).

   vim-share: Link with libnsl on SunOS.

   dte: Fix iconv usage.

   xmake: Fix implicit decl of bcopy(3).

   ce: Fix implicit decl of bcopy(3).

   locktests: Fix building with recent GCC.

   libast: Fix implicit declaration of rindex(3).

   libtai: Fix building with recent GCC.

   gtk4: Link against libsocket on SunOS

   doc: Updated net/yt-dlp-ejs to 0.7.0

   yt-dlp-ejs: update to 0.7.0.

   Reqired by current yt-dlp package.