BSD Commit Log Search

   doc: Updated devel/ruby-getopt to 1.7.1

   devel/ruby-getopt: update to 1.7.1

   1.7.0 (2026-02-13)

   * Added the NEGATABLE option so you can do --no-whatever.
   * A few warnings were cleaned up, along with rubocop updates.
   * Some administrative stuff, updated Rakefile, Gemfile, etc.

   1.7.1 (2026-05-20)

   * Fixed short option parsing so aliases like -? work again.  Thanks go to
     swabianeagle for the spot.

   doc: Updated devel/ruby-cucumber-expressions to 19.0.1

   devel/ruby-cucumber-expressions: update to 19.0.1

   19.0.1 (2026-05-22)

   Fixed

   * [.Net] Downgrade dependency fluentassertions to 7.2.0 (#423)

   doc: Updated devel/ruby-console to 1.35.1

   devel/ruby-console: update to 1.35.1

   1.35.0 (2026-05-19)

   * Align decimals in elapsed time display. (#84)

   * Fix handling of Errno::ENODEV errors when calculating the width of a
     terminal that was been re-opened to File::NULL

   1.35.1 (2026-05-19)

   * Add missing context files to gemspec.
   * Fix gem metadata.

   mail/roundcube: fix replace-interpreter warnings

   Use simply REPLACE_PHP, NFC.

   mail/roundcube: correct distinfo

   Correct distinfo, restoring accidently removed check sums.

   Whitespace

   doc: Updated mail/roundcube and related packages to 1.6.16

        mail/roundcube
        mail/roundcube-plugin-enigma
        mail/roundcube-plugin-password
        mail/roundcube-plugin-zipdownload

   mail/roundcube: update to 1.6.16

   1.6.16 (2026-05-14)

   This is a security update to the LTS version 1.6 of Roundcube Webmail.
   It provides fixes to recently reported security vulnerabilities:

   * Fix stored XSS/HTML/CSS injection in subject field of the draft restore
     dialog, reported by zazy
   * Fix CSS injection bypass in HTML sanitizer via SVG <animate
     attributeName="style">, reported by wooseokdotkim
   * Fix pre-auth SQL injection in virtuser_query plugin via preg_replace
     backslash escape bypass, reported by skull
   * Fix SSRF bypass via specific local address URLs
   * Fix local/private URL fetch bypass when remote resources were not allowed,
     reported by Orange Cyberdefense Vulnerability Disclosure Team
   * Fix bypass of remote image blocking via CSS var(), reported by Geame
   * Fix pre-auth arbitrary file delete via redis/memcache session poisoning
     bypass, reported by valent1

    [24 lines not shown]

   py-influxdb: add missing tool dependency

   add a couple test dependencies, but this wants nose, which is Python
   2-only.

   kf6-kholidays: add bison to tools

   Hopefully helps SmartOS build

   callout(9): whitespace nit in callout_active description

   callout(9): revert previous, it is _not_ a typo

   Expand the comment that explains why it is not a typo.

   modular-xorg-server: handle nettle 4 API change

   doc/TODO: add some

   + afdko-5.0.1, dasel-3.11.0, fzf-0.73.0, gopls-0.22.0, jjui-0.10.6,
     libde265-1.0.19, libheif-1.22.0, libical-4.0.1, libxmlb-0.3.27,
     protobuf-35.0, py-JWT-2.13.0, py-aiodns-4.0.4, py-genshi-0.7.11,
     py-icalendar-7.1.2, py-idna-3.16, py-more-itertools-11.1.0,
     py-poetry-core-2.4.1, py-protobuf-7.35.0, py-ruff-0.15.14,
     py-trove-classifiers-2026.5.22.10, py-uv-build-0.11.16,
     rrdtool-1.10.2, rumdl-0.2.0, tree-sitter-0.26.9.

   fix typo

freetds: update to 1.5.18

   callout(9): tweak
   Don't change the name of the argument when explaining callout_pending.
   Don't do manual "code hilighing".
   Format the paper reference properly (and add missing information).

   Mention ticket #7127

   Pullup ticket #7127 - requested by gutteridge
   www/firefox140: security fix
   www/firefox140-l10n: dependent update

   Revisions pulled up:
   - www/firefox140-l10n/Makefile                                  1.12
   - www/firefox140-l10n/distinfo                                  1.12
   - www/firefox140/Makefile                                       1.17
   - www/firefox140/distinfo                                       1.17
   - www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c deleted

   ---
      Module Name:    pkgsrc
      Committed By:   gutteridge
      Date:           Thu May 21 15:34:06 UTC 2026

      Modified Files:
              pkgsrc/www/firefox140: Makefile distinfo
      Removed Files:

    [257 lines not shown]

   doc: Updated security/p5-Crypt-DSA to 1.20

   p5-Crypt-DSA: update to 1.20.

   1.20 -- Fri May 15 19:00:36 ADT 2026

       - This module is now makred as deprecated.  Crypt-DSA-GMP is a possible replacement.
       - Improve the call to IPC::Open3::open3
       - Security Fix CVE-2026-8704: replace two arg open
       - Security Fix CVE-2026-8700: replace rand()
       - Add a security policy
       - Add use warnings
       - Fixes #86424: typo fix

   doc: Updated www/p5-HTTP-Tiny to 0.094

   p5-HTTP-Tiny: update to 0.094.

   0.094     2026-05-17 10:31:00+02:00 Europe/Brussels

       - No changes from 0.093-TRIAL

   0.093     2026-05-11 17:18:12+02:00 Europe/Brussels (TRIAL RELEASE)

       - fix to prevent invalid characters in all headers, and prevent header
         smuggling (CVE-2026-7010)

   Updated misc/py-icecream, sysutils/fabric, security/py-paramiko; Removed devel/py-pathlib[2]

   py-pathlib: removed; included in Python 3.4 onwards; no longer needed in pkgsrc

   py-pathlib2: removed; used to provide Python 2.7 compatibility which is outdated

   py-setuptools44: removed commented-out TEST_DEPENDS