Pull up following revision(s) (requested by hgutch in ticket #292):
external/mit/xorg/tools/fc-cache/Makefile: revision 1.24
Build fc-cache tool with -std=gnu99 instead of -std=c99 to get necessary
function prototypes on gcc-14/glibc build hosts.
Pull up following revision(s) (requested by isaki in ticket #1268):
etc/etc.luna68k/MAKEDEV.conf: revision 1.12
luna68k: Add missing audio devices to MAKEDEV.
Pull up following revision(s) (requested by isaki in ticket #291):
etc/etc.luna68k/MAKEDEV.conf: revision 1.12
luna68k: Add missing audio devices to MAKEDEV.
Pull up following revision(s) (requested by riastradh in ticket #289):
usr.bin/ruptime/ruptime.c: revision 1.16
usr.sbin/inetd/ratelimit.c: revision 1.3
fix a couple of "allocate too little" issues GCC 14 pointed out.
both ruptime and inetd allocate a less-than-struct-sized space and
assign it to a struct pointer. neither of them actually use more
than the allocated memory, but this is still dodgy and technically
wrong. just allocate the right size.
Pull up following revision(s) (requested by christos in ticket #288):
crypto/external/bsd/openssh/dist/sshd-session.c: revision 1.13
crypto/external/bsd/openssh/dist/sshd-auth.c: revision 1.6
PR/60270: Jose Luis Duran: Add back accidentally removed probes.
PR bin/60275 discard even less arriving signals
Avoid signals arriving immediately after a fork() (or vfork())
by blocking everything (everything possible) while the fork()
happens, in the parent, for (close to) the minimum possible time,
in the child, until it has its state init'd enough that it is
safe for signals to arrive.
Further, if a signal does arrive (in a child) which was trapped
in the parent, but hasn't been cleaned up fully yet, instead of
simply ignoring it, send it to ourselves, after setting its state
to SIG_DFL (which is what would eventually happen to a trapped
signal anyway). If that doesn't kill us, then we will end up
(harmlessly) setting the state to SIG_DFL again later as would happen
if the signal hadn't arrived in this short window; we cannot record that
it happened to avoid that, as we might be in a vforked child, and
anything recorded by that would be visible back in the parent later
(where the signal action was not changed).
[12 lines not shown]
Pull up following revision(s) (requested by mrg in ticket #2012):
sys/fs/cd9660/cd9660_rrip.c: revision 1.19
cd9660: make sure that NM records are at least 5 bytes long.
avoids an integer underflow when this length has 5 subtracted from it
for a later path.
Reported by Adam Crosser, Praetorian
Pull up following revision(s) (requested by mrg in ticket #1267):
sys/fs/cd9660/cd9660_rrip.c: revision 1.19
cd9660: make sure that NM records are at least 5 bytes long.
avoids an integer underflow when this length has 5 subtracted from it
for a later path.
Reported by Adam Crosser, Praetorian
py-nihtest: update to 1.11.1.
# 1.11.1 [2026-05-18]
- Fix preload test on macOS.
# 1.11.0 [2026-05-18]
- Add support for preload on macOS.
- Remove dependency on dateutil.
build.sh: Make MAKEVERBOSE tests consistent.
- Use "${MAKEVERBOSE}" to avoid trouble in case it has spaces or
asterisks or whatever in the environment.
- Default to 2 if it's not defined or empty.
Should fix build.sh pkg=... without any -N argument or any
MAKEVERBOSE set in the environment.
www/firefox: Update to 150.0.3
* Builds on NetBSD 9 is broken. It is C++ issue in Rust style module.
It seems that Rust build module does not select newer GCC from
pkgsrc. I will revisit this later.
* Webcam input is broken under NetBSD-current. It will be fixed in 151.
Changelog:
150.0.3:
Fixed
* Fixed an issue where characters entered into password fields could appear
unmasked in print preview and printed pages. (Bug 2037803)
* Various security fixes.
Security fixes:
Mozilla Foundation Security Advisory 2026-45
#CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT
[184 lines not shown]
geography/spatialindex: Update to 2.0.0
packaging NEWS:
Note that 2.0.0 is not the latest release. As described on qgis
lists, 2.1.0 changed how nearest neighbor queries with custom
functions work and it does not seem possible to use them correctly.
Thus pkgsrc is avoiding 2.1.0, as recommended by qgis.
Not mentioned in upstream NEWS:
shlib version changed from 6.1.1 to 7.0.0
upstream NEWS content;
2.0.0 has been released on 07 JUNE 2024. There are no significant
major enhancements or refactorings that should change any
behaviors. It had been a long time (almost 5 years!) since a release
and 2.0.0 was the next version number...
[21 lines not shown]