emulators/free42: Update to 3.3.11
2026-01-13: release 3.3.11
* Added statistics sums to STAT->Σ and CATALOG->STAT menus.
2025-10-28: release 3.3.10
* Fixed crash in menu logic.
2025-10-15: release 3.3.9
* When a new program was created by inserting END, the new program could end up
being locked initially. Fixed.
* Linux version: Fixed beeper when running under Wayland.
* Linux version: Replaced built-in XPM icons with PNG ones, for compatibility
with certain recent Linux distros.
* Windows and MacOS versions: Made the links in the About box more obviously
clickable.
[14 lines not shown]
x11/xephem: Update to 4.2.0
* 4.2.0
Elwood himself has contributed a new option that lets you switch XEphem from giving your telescope J2000 coordinates to giving it equinox-of-date coordinates.
Sky View: the mouse wheel now zooms the view in and out.
Sky View: DSS image download has been fixed by upgrading to HTTPS, and the window should no longer awkwardly resize once the image arrives.
Data » Download: added the URL of the Celestrak “visual.txt” file.
Data » Download: replaced “ftp.lowell.edu” with modern HTTPS.
Data » Field Stars: François Meyer added support for the ucac5 catalog.
The precession formula has been updated to the one from the 2000 Astronomical Almanac.
A couple of compilation problems on modern Mac machines have been fixed.
XEphem now uses more modern SSL setup routines if the code detects it’s being compiled against OpenSSL ≥1.1.
Closing the INDI window with your window manager’s “Close” button no longer crashes XEphem.
All references to “celestrak.com” have been changed to their new hostname “celestrak.org”.
A few other small fixes.
[28 lines not shown]
expat: update to 2.7.4.
Release 2.7.4 Sat January 31 2026
Security fixes:
#1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate
failed to copy the encoding handler data passed to
XML_SetUnknownEncodingHandler from the parent to the new
subparser. This can cause a NULL dereference (CWE-476) from
external entities that declare use of an unknown encoding.
The expected impact is denial of service. It takes use of
both functions XML_ExternalEntityParserCreate and
XML_SetUnknownEncodingHandler for an application to be
vulnerable.
#1075 CVE-2026-25210 -- Add missing check for integer overflow
related to buffer size determination in function doContent
Bug fixes:
#1073 lib: Fix missing undoing of group size expansion in doProlog
failure cases
[58 lines not shown]
gitea: update to version 1.24.7
This includes a number of security fixes over the last version packaged,
1.23.8:
* Upgrade xz to v0.5.15 (#35385)
* Refactor legacy code, fix LFS auth bypass, fix symlink bypass (#35708)
(#35713)
* Fix password leak in log messages (#35584) (#35665)
* Fix a missed return in OAuth2 (#35655) (#35671)
Breaking changes are:
* Make Gitea always use its internal config, ignore /etc/gitconfig
(#33076)
* Improve log format (#33814)
* Fix markdown render behaviors (#34122)
* Add package version api endpoints (#34173)
[4 lines not shown]
pkgtools/pkglint: update to 23.20.0
Changes since 23.19.0 from 2025-08-15:
Warn on the condition "empty(${EXPR})" in .if directives, as typically
"empty(EXPR)" is intended.
Do not warn when a plain command "echo" or "printf" is not hidden, as
these commands are typically uninteresting.
Allow patch files to have abbreviated names. Previously, the only valid
names were the full path or the basename, now each possible suffix path
is valid.
Explain when and why the ":M*" modifier is necessary.
For GCC_REQD, allow only major versions such as 4.8 or 8 or 15.
Allow distinfo files with variant names, like distinfo-binutils or
distinfo-linux.
print/qpdf: Update to 12.3.2
Changelog:
12.3.2: January 24, 2026
Bug fixes
* Fix bug introduced in 12.3.0. If the --password was
specified for the same file multiple times a usage
error was thrown. Specifying the password multiple
times is common within the --pages option when using
the QPDFJob interface.
Import Jiaxun Yang's bochsfb(4) driver.
This is useful for getting graphics on qemu-system-aarch64 without
firmware runtime video support (e.g. using the -kernel option). At the
moment it is only wired up for -device VGA and -device secondary-vga
so that it doesn't conflict with viogpu.
PR kern/59410
misc/libreoffice: Fix build with converters/orcus-0.21.0
* And use security/gpgmepp for gpgme c++ support.
* Bump PKGREVISION because of new filename of orcus and dependency change.