shells/fish: update to 4.7.1
# pkgsrc changes
Illumos support has been upstreamed (yes!), hence most patches have been dropped.
# upstream changes (since 4.3.2)
fish 4.7.1 (released May 08, 2026)
==================================
This release fixes a regression in 4.7.0 that caused the web config (``fish_config``) to fail to start (:issue:`12717`).
fish 4.7.0 (released May 05, 2026)
==================================
Deprecations and removed features
---------------------------------
- The default theme (i.e. the ``fish_color_*`` variables) is no longer set in non-interactive shells.
[148 lines not shown]
py-mcomix: update to 3.1.1.
# MComix 3.1.1
## Release date: 2025-09-06
### Bug fixes
- Added official mime types for CBZ/CBR comic books to desktop
metadata file.
- Fix "context has already been set" error in Python 3.13.
# MComix 3.1.0
## Release date: 2024-01-21
### Features
- Image colors can be negated in the Image Enhancement dialog.
Furthermore, enhancements now apply to most UI elements, such as
[134 lines not shown]
fuse-httpdirfs: initial import of package
HTTPDirFS stands for Hyper Text Transfer Protocol Directory Filesystem.
It allows to mount HTTP directory listings or a single file, using the
FUSE API.
The performance of the program is excellent. HTTP connections are reused
through curl-multi interface. The FUSE component runs in the
multithreaded mode. A permanent cache system caches all the file
segments you have downloaded, so you don't need to these segments again
if you access them later.
www/chromium: update to 148.0.7778.96
* 148.0.7778.96
This update includes 127 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the Chrome Security Page for more information.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,
UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
[$43000][493747582] Critical CVE-2026-7896: Integer overflow in Blink. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-18
[N/A][504069514] Critical CVE-2026-7897: Use after free in Mobile. Reported by Google on 2026-04-18
[N/A][504587882] Critical CVE-2026-7898: Use after free in Chromoting. Reported by Google on 2026-04-20
[$55000][505481948] High CVE-2026-7899: Out of bounds read and write in V8. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-04-23
[$16000][496503799] High CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous on 2026-03-26
[244 lines not shown]
Address problems with MIPS Malta platform code found running under QEMU.
QEMU's "malta" system emulates a MIPS Malta with the Gallileo host bridge
and 32-bit or 64-bit CPUs of either endianness. It is one of the only
working QEMU system-level emulations that could run NetBSD with all
combinations of endianness and address size. After fixes to QEMU over the
past several years, NetBSD has been unable to use the emulated PCI bus in
big-endian and 64-bit configurations.
No actual Malta hardware with any Gallileo-based CPU card could be found
for testing. These changes have been checked against the databook and
some limited checking of the relevant QEMU changes (which seem to have
mostly come from former MIPS employees) was also performed.
Changes:
1. The GT-64120 host bridge _does_ byte-swap access to other PCI targets,
but _does not_ byte-swap access to itself (bus 0, device 0). QEMU
evidently used to get this wrong, but, I confirmed with the databook.
This means we need to manually byte-swap a bunch of access to the
[29 lines not shown]
Fix MKDEBUGKERNEL vs MKDEBUG for kernel debug file sets.
The problem manifests as checkflist failures when building ports that
have extensive ALL_KERNELS but not...building all the kernels; notably
the various "evb" ports with a bazillion kernels for a bazillion SoCs.
The mk.conf(5) man page documents MKDEBUGKERNEL as controlling
whether kernel debug files (netbsd-*.debug) appear in the
distribution sets. However, the prior implementation used MKDEBUG
(the general userland debug flag) instead.
This meant MKDEBUG=yes with MKDEBUGKERNEL=no incorrectly expected
kernel debug files for every kernel config listed in ALL_KERNELS.
When only a subset of kernels is built, checkflist fails with
missing files.
The fix is to make these variables fully conform to the longstanding
documentation. MKDEBUGKERNEL controls whether kernel debug symbols are
built; MKDEBUG controls everything else. If you want something like the
old behavior but minus the bugs, set both.
py-wtforms: update to 3.2.2.
What's Changed
remove slsa provenance by @davidism in #879
fix(validators): Disabled validation with provided formdata by @subnix in #880
Support Python versions from 3.10 to 3.14 by @azmeuk in #883
Update FAQ to reflect 3.10+ support by @kurtmckee in #884
GHA improvements by @azmeuk in #888
