NetBSD/pkgsrc if7Rd0Wdoc CHANGES-2026

   Updated net/py-subunit, textproc/py-regex, security/py-joserfc, www/py-hishel
VersionDeltaFile
1.2980+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc WtFn0AUwww/py-hishel PLIST distinfo

   py-hishel: updated to 1.2.1

   What's Changed in 1.2.1

   Miscellaneous Tasks
   * explicitly set build backend by @karpetrosyan


   What's Changed in 1.2.0

   Refactoring
   * improve sqlite concurrency by @karpetrosyan

   Miscellaneous Tasks
   * simplify pyproject.toml, use src layout by @karpetrosyan

   Documentation
   * mention support for Zapros HTTP Client by @karpetrosyan


    [2 lines not shown]
VersionDeltaFile
1.3+7-1www/py-hishel/PLIST
1.8+4-4www/py-hishel/distinfo
1.8+2-3www/py-hishel/Makefile
+13-83 files

NetBSD/pkgsrc 9PCfR7esecurity/py-joserfc distinfo Makefile

   py-joserfc: updated to 1.6.5

   1.6.5
   - **JWS**: increase registry's payload max size.
VersionDeltaFile
1.2+4-4security/py-joserfc/distinfo
1.2+2-2security/py-joserfc/Makefile
+6-62 files

NetBSD/pkgsrc rrAZ5y8textproc/py-regex distinfo Makefile

   py-regex: updated to 2026.5.9

   2026.5.9
   Reverse matching with full unicode casefolding could lead to out-of-range string indexes.
VersionDeltaFile
1.70+4-4textproc/py-regex/distinfo
1.74+2-2textproc/py-regex/Makefile
+6-62 files

NetBSD/pkgsrc 9mCn094net/py-subunit PLIST Makefile

   py-subunit: updated to 1.4.6

   1.4.6 (2026-05-04)

   BUG FIXES

   * Fix compatibility with testtools 2.8.2. (Jelmer Vernooij)

   * Fix ``ExecTestCase`` to work without executable permissions on the
     test script. (Jelmer Vernooij)

   * Fix ``ExecTestCase`` to properly handle shell scripts. (Jelmer Vernooij)

   IMPROVEMENTS

   * Stop installing tests. (Jelmer Vernooij)

   * Add ``subunit-combine`` script that runs multiple subunit-producing
     commands and merges their streams, optionally prefixing each command's

    [12 lines not shown]
VersionDeltaFile
1.7+13-52net/py-subunit/PLIST
1.15+9-10net/py-subunit/Makefile
1.10+4-4net/py-subunit/distinfo
1.2+3-0net/py-subunit/ALTERNATIVES
+29-664 files

NetBSD/pkgsrc BwH9CYVdoc CHANGES-2026

   Updated net/unbound, textproc/expat, devel/doxygen, databases/redis
VersionDeltaFile
1.2979+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc RUrXtFbdatabases/redis distinfo Makefile

   redis: updated to 8.6.3

   Redis 8.6.3    Released Tue 5 May 2026 16:00:00 IST

   Update urgency: `SECURITY`: There are security fixes in the release.

   Security fixes

   - (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
   - (CVE-2026-25243) Invalid memory access in `RESTORE` may lead to Remote Code Execution
   - (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
   - (CVE-2026-25588) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Time Series)
   - (CVE-2026-25589) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Probabilistic)

   Bug fixes

   - `SUBSCRIBE`, `PSUBSCRIBE`, `SSUBSCRIBE`: crash on OOM (RED-167788)
   - `CONFIG SET`: some settings allow invalid characters (RED-167787)
   - `SCRIPT DEBUG`: potential crash on scripts (RED-175507)

    [30 lines not shown]
VersionDeltaFile
1.93+4-4databases/redis/distinfo
1.103+2-2databases/redis/Makefile
+6-62 files

NetBSD/pkgsrc Iae8EIldevel/doxygen distinfo Makefile

   doxygen: updated to 1.17.0

   1.17.0

   Features

   Added support for Mermaid diagrams, via new commands @mermaid, @endmermaid, and @mermaidfile and new configuration options MERMAID_PATH, MERMAID_CONFIG_FILE, MERMAID_RENDER_MODE, MERMAID_JS_URL, MERMAIDFILE_DIRS
   Added support for running dot on batches of dot graphs to reduce process creation overhead. Can be tuned via new option DOT_BATCH_SIZE.
   issue 6926 Added support for documenting unnamed parameters
   Improve multi-threading performance by avoiding mutex contention
   Updated Portuguese, Polish and Greek translators to 1.16.0.
   Add support for long path name (>260 characters) for Doxygen on Windows (embedded manifest file)
   Added engines chart, nwdiag, packetdiag and project for PlantUML

   Minor incompatibilities

   Dropped the jQuery dependency.
VersionDeltaFile
1.88+4-4devel/doxygen/distinfo
1.206+3-4devel/doxygen/Makefile
+7-82 files

NetBSD/pkgsrc rxyhhlztextproc/expat distinfo Makefile

   expat: updated to 2.8.1

   Release 2.8.1 Sun May 10 2026

   Security fixes:
   CVE-2026-45186 -- Fix quadratic runtime from attribute name
   collision checks that allowed denial of service attacks
   through moderately sized crafted XML input (CWE-407).
   Please note that a layer of compression around XML can
   significantly reduce the minimum attack payload size.

   Other changes:
   Drop more casts related to `void *` that C99 does not need
   xmlwf: Streamline use of `mmap`
   Version info bumped from 13:0:12 (libexpat*.so.1.12.0)
   to 13:1:12 (libexpat*.so.1.12.1); see https://verbump.de/
   for what these numbers do
VersionDeltaFile
1.59+4-4textproc/expat/distinfo
1.65+2-2textproc/expat/Makefile
+6-62 files

NetBSD/pkgsrc EPWwSQKnet/unbound distinfo Makefile, net/unbound/patches patch-configure

   unbound: updated to 1.25.0

   1.25.0

   Features
   Merge 1337: 0 TTL cached replies and some TTL behavior changes.
   TTL change: Cached records that reach TTL 0 are expired.
   TTL change: TTL 0 upstream answers are no longer cached by cachedb, as they should.
   TTL change: 'serve-expired-reply-ttl' is now capped by the original TTL value of the record to try and make some sense when replying with expired records.
   TTL change: TTL decoding was updated to adhere to RFC8767 section 4 where a 'set high-order bit' means the value is positive instead of 0.
   Merge 1374: Mesh reply counters. This adds the statistics num.queries.replyaddr_limit and requestlist.current.replies.
   Introduce the 'log-thread-id' configuration option to manage logging the system-wide Linux thread ID for easier debugging with system tools.
   Fix 1389: [FR] replacement with ECC-GOST12 according to RFC9558. Patch contributed by Igor V. Ruzanov, available in contrib/gost12.patch.
   Merge 1411: Allow synthesized DNAME TTL=0 to be served from cache within grace period. The responses are served from cache within a 1-second grace period. Reduces recursion when authoritative servers return DNAME with TTL=0 (RFC 2308). Response still returns TTL=0 to clients. Adds a test for it.
   Fix 278: DoT: complete unbound restart required on certificate renew. Fix so that a reload checks if the files have changed, and if so, reload the contexts. Also for DoH, DoQ and outgoing DoT.
   For 278: fast_reload can reload tls-service-key, tls-service-pem and tls-cert-bundle changes. It checks the modification time of the tls-service-key and tls-service-pem files for update.
   Fix to allow the control-interface config to use ip at port notation.
   Fix to shorten RRSIG count in scrubber, this protects against an overly large number of RRSIGs. It can be configured with `iter-scrub-rrsig: 8`, it has default 8. Thanks to Yuxiao Wu, Tsinghua University for the report.
   Introduce new 'tls-protocols' configuration option that specifies which of the supported TLS protocols will be used. TLSv1.2 is again enabled by default, but can be selectively turned off if desired (related to 1303).
   Merge 1400: Support pthread_setname_np. Adds support for pthread_setname_np and variants to set the name on spawned threads for easier debugging/monitoring.
VersionDeltaFile
1.7+15-3net/unbound/patches/patch-configure
1.90+5-5net/unbound/distinfo
1.134+3-4net/unbound/Makefile
+23-123 files

NetBSD/src U1RBsqisys/arch/alpha/common bus_dma.c

   We don't need avail_start.
VersionDeltaFile
1.75+3-3sys/arch/alpha/common/bus_dma.c
+3-31 files

NetBSD/pkgsrc HwgllNkemulators/qemu Makefile PLIST

   Add microblazeel to UE_ARCHS and PLIST

   Fixes build failure on Linux
VersionDeltaFile
1.403+2-2emulators/qemu/Makefile
1.106+2-1emulators/qemu/PLIST
+4-32 files

NetBSD/pkgsrc fMeFmf3doc CHANGES-2026

   doc: Updated games/luanti to 5.16.1
VersionDeltaFile
1.2978+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc TDd2jdMgames/luanti PLIST distinfo

   luanti: update to 5.16.1

   5.16.1:
   Fixed bug introduced in 5.16.0 with water rendering

   5.16.0:

   Deprecations and compatibility notes
   - Writing to mod directories is now disallowed
   Client / Audiovisuals
   - Texture pack override.txt now supports overriding overlay tiles
   - Restore inventory cube (item mesh) shading
   -  Fixed incorrect animation state when placing nodes quickly
   - Fixed a graphical issue where the fog incorrectly changed the
     color of semi-transparent particles
   - Support more mouse buttons (beyond X2)
   - Add keybinds for camera movement
   - Formspec: Bug fixes related to inventory list interactions
   - Formspec: Focus behavior improvements

    [44 lines not shown]
VersionDeltaFile
1.7+8-1games/luanti/PLIST
1.8+4-4games/luanti/distinfo
1.18+2-2games/luanti/Makefile
+14-73 files

NetBSD/src rX6hZkZsys/ddb db_lwp.c

   If we're not running in the kernel and USPACE is not defined, then fetch
   it from the running kernel.
VersionDeltaFile
1.8+36-2sys/ddb/db_lwp.c
+36-21 files

NetBSD/pkgsrc vYd2XIwdoc CHANGES-2026

   Updated textproc/py-tomlkit, textproc/ugrep, net/haproxy
VersionDeltaFile
1.2977+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc beXwK5Jnet/haproxy distinfo Makefile

   haproxy: updated to 3.3.9

   3.3.9
   - BUG/MINOR: sink: do not free existing sinks on allocation error
   - BUG/MINOR: vars: make parse_store() return error on var_set() failure
   - BUG/MINOR: vars: don't store the variable twice with set-var-fmt
   - BUG/MINOR: vars: only print first invalid char in fill_desc()
   - BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
   - BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
   - BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
   - BUG/MINOR: map: do not leak a map descriptor on load error
   - CLEANUP: map/cli: fix some map-related help messages
   - BUG/MINOR: pattern: release the reference on failure to load from file
   - CI: github: add DEBUG_STRICT=2 to ASAN jobs
   - BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
   - BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
   - BUG/MINOR: dns: always validate the source address in responses
   - BUG/MINOR: tcpcheck: Properly report error for http health-checks
   - BUG/MINOR: resolvers: Free new requester on error when linking a resolution

    [17 lines not shown]
VersionDeltaFile
1.148+4-4net/haproxy/distinfo
1.156+2-2net/haproxy/Makefile
+6-62 files

NetBSD/pkgsrc 2EV4mkHtextproc/ugrep distinfo Makefile

   ugrep: updated to 7.8.1

   7.8.1
   Fixed two issues:

   fix 545 --disable-avx512 tested and working
   fix 544 (same as 537) a bug in the ugrep v7.6 ~ v7.8 (since March 5, 2026) that can't handle very long lines in huge files properly, outputting uninitialized input file buffer contents as if part of the matching line or contents read after the input file buffer as if part of the matching line.
VersionDeltaFile
1.98+4-4textproc/ugrep/distinfo
1.107+2-2textproc/ugrep/Makefile
+6-62 files

NetBSD/pkgsrc qBAcJ0Wtextproc/py-tomlkit distinfo Makefile

   py-tomlkit: updated to 0.15.0

   0.15.0

   Changed
   - Update parser to support TOML spec v1.1.0.
VersionDeltaFile
1.25+4-4textproc/py-tomlkit/distinfo
1.27+2-2textproc/py-tomlkit/Makefile
+6-62 files

NetBSD/pkgsrc gkvoxoOdoc CHANGES-2026

   Updated audio/taglib, graphics/libsquish
VersionDeltaFile
1.2976+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc yUVlqyCgraphics/libsquish distinfo Makefile

   libsquish: updated to 1.15.1.4

   1.15.1.4
   https://github.com/oblivioncth/libsquish/compare/v1.15.1.3...v1.15.1.4
VersionDeltaFile
1.2+7-7graphics/libsquish/distinfo
1.2+3-3graphics/libsquish/Makefile
1.2+2-2graphics/libsquish/PLIST
+12-123 files

NetBSD/pkgsrc b7RmxSdaudio/taglib PLIST distinfo

   taglib: updated to 2.3

   TagLib 2.3 (May 10, 2026)

   * MP4: Support for chapters (Nero and QuickTime).
   * WAV: Support for BEXT and iXML chunks.
   * FLAC: Support for BEXT and iXML application blocks.
   * Opus: New audio property `outputGain()`.
   * Speed up Matroska reading by using seek head for element lookup.
   * Speed up Matroska writing by offering multiple write style modes.
   * More tolerant handling of files with oversized RIFF chunks, zero size ID3v2
     frames and Matroska chapters without edition.
   * Avoid wrong content-based detection as MPEG files.
   * Fix bitrate calculations for MPEG ADTS and MP4 ESDS.
   * Fix data race with multi-threaded use of `MP4::ItemFactory`.
   * Fix unbounded recursion in EBML/Matroska `MasterElement` and MP4 atoms.
   * Limit number of MP4 atoms at top level.
   * Fix writing too many offsets when updating MP4 stco/co64 atoms.
   * Fix k bounds in Shorten Rice-Golomb coding.
VersionDeltaFile
1.28+8-3audio/taglib/PLIST
1.35+4-4audio/taglib/distinfo
1.58+2-2audio/taglib/Makefile
+14-93 files

NetBSD/pkgsrc NCLY2Rldoc CHANGES-2026

   Updated devel/py-maturin, devel/py-guppy3
VersionDeltaFile
1.2975+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc jddcmb6devel/py-guppy3 distinfo Makefile

   py-guppy3: updated to 3.1.7

   Nothing changed, just releasing 3.1.7
VersionDeltaFile
1.15+4-4devel/py-guppy3/distinfo
1.20+2-2devel/py-guppy3/Makefile
+6-62 files

NetBSD/pkgsrc gmi72o8devel/py-maturin distinfo Makefile

   py-maturin: updated to 1.13.3

   1.13.3

   * Fix: disable abi3 in pyo3 config for version-specific fallback builds
VersionDeltaFile
1.54+4-4devel/py-maturin/distinfo
1.58+2-2devel/py-maturin/Makefile
+6-62 files

NetBSD/pkgsrc eZcA2fadoc CHANGES-2026

   Updated security/py-gssapi, security/py-asyncssh
VersionDeltaFile
1.2974+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc Gn5lIDusecurity/py-asyncssh distinfo Makefile

   py-asyncssh: updated to 2.23.0

   Release 2.23.0 (8 Feb 2026)

   * Added support for "Match localnetwork". Thanks go to Théophile Bastian
     for reporting this new match type, added in OpenSSH 9.4.

   * Enabled support for RSA with SHA-2 signatures in ssh-agent and Pageant.
     Thanks go to GitHub user Netzvamp for reporting this.

   * Changed MAC algorithm negotation to be skipped when using AEAD ciphers.
     Thanks go to GitHub user LilleCarl for reporting this issue and
     suggesting a potential fix.

   * Improved graceful termination when using ProxyCommand, waiting for
     the ProxyCommand tunnel to close when cleaning up a connection. Thanks
     go to Simon Liétar for reporting this issue and helping to investigate
     possible solutions.


    [20 lines not shown]
VersionDeltaFile
1.49+4-4security/py-asyncssh/distinfo
1.57+4-3security/py-asyncssh/Makefile
+8-72 files

NetBSD/pkgsrc 7c680yNsecurity/py-gssapi PLIST distinfo

   py-gssapi: updated to 1.11.1

   1.11.1

   Add Free-Threading and Limited API/Stable ABI
   Fix up classifier from typo

   1.11.0

   Add Free-Threading and Limited API/Stable ABI
VersionDeltaFile
1.14+25-25security/py-gssapi/PLIST
1.26+4-4security/py-gssapi/distinfo
1.34+3-3security/py-gssapi/Makefile
+32-323 files

NetBSD/src tQW2Kfosys/arch/m68k/include param.h

   Revert previous.
VersionDeltaFile
1.35+0-7sys/arch/m68k/include/param.h
+0-71 files

NetBSD/src GHfcb5Wsys/arch/sun3/include param3.h

   Handle the fact that sun68k libsa always builds for 68010.
VersionDeltaFile
1.59+3-1sys/arch/sun3/include/param3.h
+3-11 files