NetBSD/pkgsrc 6XrtjbJdoc CHANGES-2026

   doc: Updated textproc/xan to 0.60.0
VersionDeltaFile
1.4467+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 5kU64xhtextproc/xan PLIST distinfo

   textproc/xan: update to 0.60.0

   Breaking

       Renaming xan from --path to --root.
       Renaming xan separate -T/--txt to -L/--lines.

   Features

       Adding xan count -c/--check-alignment & -H/--human-readable.
       Adding xan sort -e -z/--compress.
       Adding xan sample -g -S/--sorted.
       Adding xan from -f=(json|ndjson) --model.
       Adding xan cat rows -I/--intersection & -U/--union.
       Adding xan top -g -S/--sorted.
       Adding the sort, dedup, flatten & flat_map moonblade function.
       Adding support for list & map columns when using xan from -f=parquet.

   Fixes

    [16 lines not shown]
VersionDeltaFile
1.9+13-0textproc/xan/PLIST
1.12+4-4textproc/xan/distinfo
1.12+2-2textproc/xan/Makefile
1.12+0-0textproc/xan/cargo-depends.mk
+19-64 files

NetBSD/pkgsrc quQEr3Qdoc CHANGES-2026

   doc: Updated misc/tui-journal to 0.17.0
VersionDeltaFile
1.4466+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc JpQvPj7misc/tui-journal distinfo cargo-depends.mk

   misc/tui-journal: update to 0.17.0

   Added

       Provide Linux ARM64 release binaries

   Changed

       Return focus to the entries list when pressing Escape in the editor's normal mode
       Improve JSON backend performance when assigning entry IDs and priorities
       Rename misspelled theme cursor keys while retaining compatibility with existing themes
       Use unique temporary files when opening entries in an external editor
       Add operation and path context to backend I/O errors
       Increase the minimum supported Rust version to 1.92.0
       Switch release automation to tag-based releases and remove Aeruginous changelog tooling
       Stop publishing Intel macOS release binaries

   Fixed

       Preserve an entry's original ID when undoing its deletion
VersionDeltaFile
1.33+610-634misc/tui-journal/distinfo
1.33+202-210misc/tui-journal/cargo-depends.mk
1.37+3-3misc/tui-journal/Makefile
+815-8473 files

NetBSD/pkgsrc CYSdp3jdoc CHANGES-2026

   doc: Updated net/xfr to 0.9.21
VersionDeltaFile
1.4465+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc yXLaMvinet/xfr distinfo cargo-depends.mk

   net/xfr: update to 0.9.21

   What's Changed

       fix(tcp): resume partial regular writes and zero-copy sends from correct offset by @lance0 in #113
       fix(server): clean up active test entry and metrics on abort/cancel/error by @lance0 in #114
       fix(server,stats,diff): aggregate final TCP info, round RTT averages, flag zero-baseline regressions by @lance0 in #115
       fix(output,ci,install): harden output and release paths by @lance0 in #116
       fix(auth,serve,cli): LAN-158 + LAN-171 security hardening by @lance0 in #117
       fix(protocol,probe,net): LAN-167 + LAN-168 protocol/probe validation by @lance0 in #118
       fix(tui,config,main): LAN-163 + LAN-173 TUI/preset polish by @lance0 in #119
       fix(misc): LAN-172 low-risk cleanups batch by @lance0 in #120
       fix(protocol,tcp): harden version and receive teardown by @lance0 in #121
       chore(tests): clean stale rate-limit timeout comment by @lance0 in #122
       Bump actions/checkout from 6 to 7 by @dependabot[bot] in #109
       Bump actions/cache from 5 to 6 by @dependabot[bot] in #111
       Bump the rust-dependencies group across 1 directory with 6 updates by @dependabot[bot] in #112
       fix: address post-release review regressions by @lance0 in #123
       fix: LAN-161 pause channel closure busy-loop and unawaited QUIC tasks by @lance0 in #124

    [7 lines not shown]
VersionDeltaFile
1.16+100-64net/xfr/distinfo
1.16+32-20net/xfr/cargo-depends.mk
1.16+2-2net/xfr/Makefile
+134-863 files

NetBSD/pkgsrc FLxzG8sdoc CHANGES-2026

   doc: Updated net/ttl to 0.21.0
VersionDeltaFile
1.4464+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc CNueg6Wnet/ttl distinfo cargo-depends.mk

   net/ttl: update to 0.21.0

   v0.21.0
   What's Changed

       ci: harden workflow coverage and automation by @lance0 in #120
       feat(update): allow disabling the update check (#110) by @lance0 in #122

   v0.20.2
   What's Changed

       Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #86
       Bump docker/metadata-action from 5 to 6 by @dependabot[bot] in #87
       Bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #88
       Bump docker/login-action from 3 to 4 by @dependabot[bot] in #89
       Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #90
       fix: PMTUD correlation, lock ordering, and enrichment dedup by @lance0 in #104
       fix: harden unsafe socket code against alignment UB and bad cmsg by @lance0 in #102
       fix: harden CLI validation against panics and port overflow by @lance0 in #99

    [17 lines not shown]
VersionDeltaFile
1.6+16-16net/ttl/distinfo
1.6+4-4net/ttl/cargo-depends.mk
1.6+2-2net/ttl/Makefile
+22-223 files

NetBSD/pkgsrc YxmffkKdoc CHANGES-2026

   doc: Updated net/piratebay to 0.4.1
VersionDeltaFile
1.4463+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc qmWIOJ2net/piratebay distinfo cargo-depends.mk, net/piratebay/patches patch-.._vendor_mio-0.8.11_src_sys_unix_selector_kqueue.rs

   net/piratebay: update to 0.4.1

   v0.4.1

   No Changelog provided.

   v0.4.0
   What's Changed

       feat: add ratatui TUI with search, categories, download and magnet copy by @tsirysndr in #21

   v0.3.0
   What's Changed

       feat: add pure-rust torrent download with streaming by @tsirysndr in #18
VersionDeltaFile
1.10+664-182net/piratebay/distinfo
1.9+220-59net/piratebay/cargo-depends.mk
1.13+2-2net/piratebay/Makefile
1.2+1-1net/piratebay/patches/patch-.._vendor_mio-0.8.11_src_sys_unix_selector_kqueue.rs
+887-2444 files

NetBSD/pkgsrc 4jXfrGodoc CHANGES-2026

   doc: Updated shells/oh-my-posh to 29.27.0
VersionDeltaFile
1.4462+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc M3mVZ42shells/oh-my-posh distinfo Makefile

   shells/oh-my-posh: update to 29.27.0

   v29.27.0
   Bug Fixes

       ci: refresh APM lockfile on Linux (31761a7)
       project: resolve TargetFramework from Directory.Build.props (24d1dff), closes #7670

   Features

       shell: ass yash support (7ca3e94), closes #7121
       transient: add .Interrupted template property and --interrupted flag (8a60d99)
       transient: support right-aligned template (367ec83), closes #4822

   v29.26.1
   Bug Fixes

       init: recover when the init script is held open on Windows (d193f44), closes #7654
       segment: skip fallback_template when a timeout kills the segment (25367ea), closes #7542

    [7 lines not shown]
VersionDeltaFile
1.312+4-4shells/oh-my-posh/distinfo
1.344+2-2shells/oh-my-posh/Makefile
+6-62 files

NetBSD/pkgsrc x7XbOBSdoc CHANGES-2026

   doc: Updated sysutils/lstr to 0.3.0
VersionDeltaFile
1.4461+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 0KXNHuUsysutils/lstr distinfo Makefile

   sysutils/lstr: update to 0.3.0

   [0.3.0] - 2026-07-12
   Added

       Added comprehensive sorting options for both classic and interactive modes:
           --sort <TYPE>: Sort by name (default), size, modified time, or extension
           --dirs-first: Sort directories before files
           --case-sensitive: Use case-sensitive sorting with specific order (numbers → uppercase → lowercase)
           --natural-sort: Version-aware sorting (file1 < file2 < file10)
           --reverse: Reverse any sort order
           --dotfiles-first: Priority ordering (dotfolders → folders → dotfiles → files)

       Added comprehensive examples directory (examples/sample-directory/) with various file types, nested structures, and test scenarios for validating lstr functionality including icons, gitignore behavior, and tree display.

       Added interactive search functionality in TUI mode:
           Press / to enter search mode with real-time filename filtering
           Case-insensitive substring matching filters files as you type
           Press Esc to exit search and restore full file list

    [58 lines not shown]
VersionDeltaFile
1.2+10-4sysutils/lstr/distinfo
1.2+4-4sysutils/lstr/Makefile
1.2+2-0sysutils/lstr/cargo-depends.mk
+16-83 files

NetBSD/pkgsrc pBKB51vdoc CHANGES-2026

   doc: Updated math/kalker to 2.2.3
VersionDeltaFile
1.4460+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ynqoOO0math/kalker distinfo cargo-depends.mk, math/kalker/patches patch-.._vendor_gmp-mpfr-sys-1.6.8_gmp-6.3.0-c_config.sub patch-.._vendor_gmp-mpfr-sys-1.6.5_gmp-6.3.0-c_config.sub

   math/kalker: update to 2.2.3

   No Changelog provided.
VersionDeltaFile
1.16+44-11math/kalker/distinfo
1.12+13-2math/kalker/cargo-depends.mk
1.1+14-0math/kalker/patches/patch-.._vendor_gmp-mpfr-sys-1.6.8_gmp-6.3.0-c_config.sub
1.16+5-5math/kalker/Makefile
1.2+1-1math/kalker/patches/patch-.._vendor_gmp-mpfr-sys-1.6.5_gmp-6.3.0-c_config.sub
+77-195 files

NetBSD/pkgsrc WSKJ7Qcdoc CHANGES-2026

   doc: Updated devel/garden to 2.6.1
VersionDeltaFile
1.4459+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc pwjiiirdevel/garden distinfo cargo-depends.mk

   devel/garden: update to 2.6.1

   Released 2026-07-12
   Development:
    - The subprocess dependency was upgraded to v1.0.
    - The strum and strum_macros dependencies were upgraded to v0.28.
VersionDeltaFile
1.27+181-217devel/garden/distinfo
1.27+59-71devel/garden/cargo-depends.mk
1.28+4-4devel/garden/Makefile
+244-2923 files

NetBSD/pkgsrc eolCzh8doc CHANGES-2026

   Updated devel/capnproto, sysutils/ansible-core
VersionDeltaFile
1.4458+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 9KPBYoZsysutils/ansible-core distinfo PLIST

   ansible-core: updated to 2.21.2

   2.21.2

   Minor Changes

   - ansible-test - Added a timeout callback that dumps thread stacks when the test execution deadline defined by ``ansible-test env --timeout`` is approaching.
   - parallel fact gathering - the async wrapper now considers the timeout when determining whether to kill the process running the module. Previously, a 5 second sleep occurred twice before checking if the job had remaining time.

   Bugfixes

   - encrypt - fix bcrypt salt string formatting on musl libc by ensuring it is always zero-padded to 2 digits (https://github.com/ansible/ansible/issues/87180).
   - parallel fact gathering - fix hang caused by corrupt async job files.
VersionDeltaFile
1.54+4-4sysutils/ansible-core/distinfo
1.19+4-1sysutils/ansible-core/PLIST
1.63+2-2sysutils/ansible-core/Makefile
+10-73 files

NetBSD/pkgsrc mFmhyqidevel/capnproto distinfo Makefile

   capnproto: updated to 1.5.0

   1.5.0
   Unknown changes
VersionDeltaFile
1.9+4-4devel/capnproto/distinfo
1.13+2-2devel/capnproto/Makefile
+6-62 files

NetBSD/pkgsrc MWchVGUdoc CHANGES-2026

   doc: Updated security/p5-Crypt-OpenSSL-X509 to 2.1.3
VersionDeltaFile
1.4457+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc jxBQUWlsecurity/p5-Crypt-OpenSSL-X509 distinfo Makefile

   p5-Crypt-OpenSSL-X509: update to 2.1.3.

   ## 2.1.3 2026-07-12

   - Fixed CVE-2026-58102: heap out-of-bounds read in `hv_exts()`.
   The function allocated a fixed 128-byte buffer for an extension's
   OID string but used `OBJ_obj2txt()`'s return value (the full required
   length, not the number of bytes actually written) as the key length
   passed to `hv_store()`. A certificate with an extension whose OID
   stringifies to more than 128 bytes caused a heap over-read. Fixed
   with a two-phase `OBJ_obj2txt()` call (probe the required length,
   allocate exactly, then format) and by using `strlen(key)` rather
   than the `OBJ_obj2txt()` return value for the `hv_store()` key
   length. This is a **security fix; update is strongly recommended**

   - Fixed CVE-2026-58101: NULL-pointer dereference in several
   `Crypt::OpenSSL::X509::Extension` helpers. `X509V3_EXT_d2i()`
   returns `NULL` when an extension's DER payload fails to parse, and
   the `AUTHORITY_KEYID` `keyid` field is legitimately `NULL` for

    [103 lines not shown]
VersionDeltaFile
1.2+4-4security/p5-Crypt-OpenSSL-X509/distinfo
1.3+3-4security/p5-Crypt-OpenSSL-X509/Makefile
+7-82 files

NetBSD/pkgsrc 53hgE7mdoc CHANGES-2026

   Updated devel/py-anyio, net/py-scp
VersionDeltaFile
1.4456+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc IjsuiYvnet/py-scp distinfo Makefile

   py-scp: updated to 0.16.0

   0.16.0 (2026-07-13)

   - Fix typing for `__init__()`
   - Wait for remote scp processs to exit before closing channel
VersionDeltaFile
1.16+4-4net/py-scp/distinfo
1.21+2-3net/py-scp/Makefile
+6-72 files

NetBSD/pkgsrc WW22GrEdevel/py-anyio distinfo Makefile

   py-anyio: updated to 4.14.2

   4.14.2

   - Changed ``ByteReceiveStream.receive()`` implementations to raise a ``ValueError`` when
     ``max_bytes`` is not a positive integer
   - Fixed ``CapacityLimiter.total_tokens`` rejecting ``float("inf")`` when the limiter was
     instantiated outside of an event loop. The adapter setter checked for infinity by
     identity (``value is math.inf``), so only the exact ``math.inf`` singleton was accepted,
     while every backend setter (using ``math.isinf()``) accepts any positive infinity
   - Fixed ``to_process.run_sync()`` deadlocking when the worker function writes enough data
     to ``sys.stderr`` to fill the (undrained) pipe buffer. The worker process now redirects
     ``sys.stderr`` to ``os.devnull`` as well, matching the documented behavior
   - Fixed ``TLSStream.wrap()`` matching an internationalized (unicode) host name against
     the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008,
     which could cause the host name to be matched against the wrong certificate
   - Fixed ``anyio.open_process()`` (and ``run_process()``) ignoring the ``extra_groups``
     argument, as it mistakenly passed the value of the ``group`` argument instead
   - Fixed ``CapacityLimiter.acquire_nowait()`` and

    [10 lines not shown]
VersionDeltaFile
1.33+4-4devel/py-anyio/distinfo
1.37+2-2devel/py-anyio/Makefile
+6-62 files

NetBSD/pkgsrc 4nQ9twTdoc CHANGES-2026

   Updated www/py-django-polymorphic, www/py-django-stubs-ext, www/py-django-formtools
VersionDeltaFile
1.4455+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc Dl4Pypzwww/py-django-formtools Makefile distinfo

   py-django-formtools: updated to 2.7

   2.7.0 (2026-07-09)

   - Fixed a regression in 2.6.x with ``get_form_list()`` caching not allowing
     ``form_list`` mutations.

   - Dropped support for Python < 3.10 and Django < 5.2
VersionDeltaFile
1.18+4-4www/py-django-formtools/Makefile
1.12+4-4www/py-django-formtools/distinfo
1.7+3-1www/py-django-formtools/PLIST
+11-93 files

NetBSD/pkgsrc aKbGe7owww/py-django-stubs-ext distinfo Makefile

   py-django-stubs-ext: updated to 6.0.6

   6.0.6

   Fix task decorator typing for takes_context=True
   Improve database backend typing
   Fix only pk validation for abstract models
   Make validators consistent
   Allow aggregate filters to use expressions
   Typecheck save()/asave() update_fields against model fields
VersionDeltaFile
1.8+4-4www/py-django-stubs-ext/distinfo
1.9+4-4www/py-django-stubs-ext/Makefile
+8-82 files

NetBSD/pkgsrc erNUj1Uwww/py-django-polymorphic distinfo Makefile

   py-django-polymorphic: updated to 4.11.6

   4.11.6

   Bump the gha-updates group with 6 updates
   Bump starlette from 1.2.1 to 1.3.1
   Bump cryptography from 48.0.0 to 48.0.1
   Bump the gha-updates group with 6 updates
   fix: KeyError when accessing fields deferred by base manager
VersionDeltaFile
1.17+4-4www/py-django-polymorphic/distinfo
1.19+2-2www/py-django-polymorphic/Makefile
+6-62 files