NetBSD/pkgsrc fJUr9Smdoc CHANGES-2026

   Updated www/freenginx-devel to 1.31.3
VersionDeltaFile
1.4356+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc Hl5Hjdqwww/freenginx-devel Makefile distinfo, www/freenginx-devel/patches extra-patch-ndk_set_var.c

   www/freenginx-devel: update from 1.31.2 to 1.31.3

   Sponsored by:        tipi.work

   <ChangeLog>

   *) Feature: additional checks are now used during variable substitution,
      including during execution of the ngx_http_rewrite_module directives,
      to prevent buffer overruns in case of errors in the code.

   *) Bugfix: if the "auth_request_set" directive or regular expression
      named captures were used to change prefix variables, such as
      "$http_...", corresponding variables became empty in other parts of
      the configuration.

   *) Bugfix: changing the $limit_rate and $args variables with the
      "auth_request_set" directive or regular expression named captures
      worked incorrectly.


    [23 lines not shown]
VersionDeltaFile
1.1+31-0www/freenginx-devel/patches/extra-patch-ndk_set_var.c
1.18+5-3www/freenginx-devel/Makefile
1.16+4-4www/freenginx-devel/distinfo
+40-73 files

NetBSD/src Nr0QC9vusr.bin/ftp uri.c

   Stop searching for segment separator at segment end.
VersionDeltaFile
1.3+5-3usr.bin/ftp/uri.c
+5-31 files

NetBSD/pkgsrc U52f65kdoc CHANGES-2026

   Updated www/freenginx to 1.30.1nb1
VersionDeltaFile
1.4355+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc if3WeiPwww/freenginx distinfo options.mk, www/freenginx/patches extra-patch-njs-quickjs extra-patch-auto-quickjs

   www/freenginx: third-party modules management (+)

   Update cache_purge module and njs modules to their recent versions (merge
   changes from www/freenginx-devel).

   Bump PKGREVISION.

   Sponsored by:        tipi.work
VersionDeltaFile
1.1+28-0www/freenginx/patches/extra-patch-njs-quickjs
1.9+7-7www/freenginx/distinfo
1.7+3-3www/freenginx/options.mk
1.10+3-2www/freenginx/Makefile
1.4+0-0www/freenginx/patches/extra-patch-auto-quickjs
+41-125 files

NetBSD/pkgsrc-wip b57257bnextvi distinfo Makefile

nextvi: update to 6.1
DeltaFile
+3-3nextvi/distinfo
+1-1nextvi/Makefile
+4-42 files

NetBSD/pkgsrc OoMTzBbdoc CHANGES-2026

   doc: Updated lang/go126 to 1.26.5
VersionDeltaFile
1.4354+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc cDbYxmIaudio/sptui Makefile, audio/ymuse Makefile

   Revbump all Go packages after go126 update
VersionDeltaFile
1.25+2-2audio/sptui/Makefile
1.49+2-2audio/ymuse/Makefile
1.103+2-2chat/coyim/Makefile
1.62+2-2chat/gomuks/Makefile
1.91+2-2chat/matterircd/Makefile
1.27+2-2chat/neonmodem/Makefile
+12-12202 files not shown
+416-390208 files

NetBSD/pkgsrc IrSh8cMlang/go version.mk, lang/go125 distinfo PLIST

   go: update to 1.26.5 and 1.25.12 (security)

   These releases include 2 security fixes following the security policy:

   -   os: Root escape via symlink plus trailing slash

       On Unix systems, opening a file in an os.Root improperly
       followed symlinks to locations outside of the Root when
       the final path component of the a path is a symbolic link
       and the path ends in /.

       For example, root.Open("symlink/") would open "symlink" even when
       "symlink" is a symbolic link pointing outside of the root.

       On Unix, openat(fd, path, O_NOFOLLOW) will follow symlinks
       in path when path ends in a /. Root failed to account for
       this behavior, permitting paths with a trailing / to escape.
       It now properly sanitizes the path parameter provided to openat.


    [18 lines not shown]
VersionDeltaFile
1.14+4-4lang/go125/distinfo
1.6+4-4lang/go126/distinfo
1.251+3-3lang/go/version.mk
1.6+4-0lang/go126/PLIST
1.9+3-0lang/go125/PLIST
+18-115 files

NetBSD/pkgsrc BAboSRHdoc CHANGES-2026

   Updated lang/nodejs, devel/py-mocket
VersionDeltaFile
1.4353+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc Fkyq9jAdevel/py-mocket distinfo Makefile

   py-mocket: updated to 3.14.2

   3.14.2

   tests: add tests for hexdump and hexload, including ValueError on invalid hex
   Better can_handle_fun documentation
   Raise an error when both can_handle_fun and match_querystring are used
VersionDeltaFile
1.18+4-4devel/py-mocket/distinfo
1.18+2-2devel/py-mocket/Makefile
+6-62 files

NetBSD/pkgsrc LAmnwo0lang/nodejs distinfo Makefile

   nodejs: updated to 26.5.0

   26.5.0

   Notable changes

   - (SEMVER-MINOR) buffer: implement blob.textStream() (Matthew Aitken)
   - (SEMVER-MINOR) esm: add --experimental-import-text flag (Efe)
   - (SEMVER-MINOR) perf_hooks: sample delay per event loop iteration (Pablo Erhard)
   - (SEMVER-MINOR) stream: expose ReadableStreamTee (Matteo Collina)
   - (SEMVER-MINOR) tls: report negotiated TLS groups (Filip Skokan)
VersionDeltaFile
1.324+4-4lang/nodejs/distinfo
1.356+2-2lang/nodejs/Makefile
+6-62 files

NetBSD/pkgsrc AGg5W2Osysutils/qemu-guest-agent Makefile

   make this compile for and work on i386 (actually, i586 and up) 32bit VMs.
VersionDeltaFile
1.11+3-1sysutils/qemu-guest-agent/Makefile
+3-11 files

NetBSD/pkgsrc-wip 05ef5e3pam-pwdfile Makefile distinfo, pam-pwdfile/files _pam_macros.h

pam-pwdfile: update to 2.0
DeltaFile
+0-187pam-pwdfile/files/_pam_macros.h
+123-0pam-pwdfile/patches/patch-pam__pwdfile.c
+4-20pam-pwdfile/Makefile
+0-16pam-pwdfile/patches/patch-ab
+0-14pam-pwdfile/patches/patch-aa
+4-5pam-pwdfile/distinfo
+131-2422 files not shown
+132-2438 files

NetBSD/src sMrwysbusr.bin/ftp uri.c

   Call free with the malloc result, not with an incremented value.
VersionDeltaFile
1.2+4-4usr.bin/ftp/uri.c
+4-41 files

NetBSD/pkgsrc-wip 59a6804carburetta TODO distinfo, carburetta/patches patch-Makefile

carburetta: Update to 0.8.28

0.8.28 - 2026-01-11

 - Will now emit #line so C/C++ compilation errors on generated code
   will be located at the corresponding snippet code in the .cbrt input
   file, where appropatiate. Use --nolinedir to disable.

 - Can now emit a symbol_names[] table for all ordinal constants, this
   can be useful when writing code that uses Carburetta's internal
   structures more dynamically and you wish to emit debug information.
   Only generated when --sym-names is specified.

 - Instead of specifying a filename, you can now pass - (a dash) for
   the filename and the grammar input will be read from stdin.

0.8.25 - 2025-04-14

 - New 'visit' feature. When specifying either %visit or %visit_params

    [87 lines not shown]
DeltaFile
+0-66carburetta/patches/patch-Makefile
+7-1carburetta/TODO
+3-4carburetta/distinfo
+1-1carburetta/Makefile
+11-724 files

NetBSD/pkgsrc rQiRUaxdoc CHANGES-2026

   doc: Updated games/ajbsp to 1.05
VersionDeltaFile
1.4352+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 5kLHll6games/ajbsp Makefile distinfo, games/ajbsp/patches patch-Makefile

   games/ajbsp: Update to 1.05

   * support UDMF maps, creating XGL3 nodes
   * better ability to embed as a library
   * lots of code improvements, require C++11 now
   * a facility for source ports: XWA files
VersionDeltaFile
1.3+12-35games/ajbsp/patches/patch-Makefile
1.4+7-5games/ajbsp/Makefile
1.5+5-5games/ajbsp/distinfo
+24-453 files

NetBSD/src PcdcbPaexternal/bsd/libevent libevent2netbsd

   account for macros changing names
VersionDeltaFile
1.5+15-15external/bsd/libevent/libevent2netbsd
+15-151 files

NetBSD/src Ue3P4fzexternal/bsd/libevent/include/event2 event-config.h

   manually fix the SIZEOF macros for now.
VersionDeltaFile
1.7+17-1external/bsd/libevent/include/event2/event-config.h
+17-11 files

NetBSD/pkgsrc j8HSCeKdoc CHANGES-2026

   doc: Updated x11/mlterm to 3.9.5
VersionDeltaFile
1.4351+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc DxBEvvqx11/mlterm distinfo Makefile, x11/mlterm/patches patch-uitoolkit_ui__display.h patch-uitoolkit_xlib_ui__display.c

   mlterm: update to 3.9.5

   pkgsrc changes:
   - remove obsolete MESSAGE

   Upstream changes:
    https://github.com/arakiken/mlterm/blob/3.9.5/doc/en/ReleaseNote

   * Support text-input-unstable-v3.
   * Support SGR Mouse Pixel Mode.
   * Support libvte-2.91-gtk4 compatible library. (Experimental)
   * Support DRCSMMv3. (https://github.com/kmiya-culti/RLogin/issues/152)
   * Support selecting regions in pictures with the mouse.
     (https://github.com/arakiken/mlterm/issues/151)
   * Support kmsdrm in mlterm-sdl2.
     (Inspired by https://github.com/chu-hai/mlterm/tree/sdl2_kmsdrm)
   * Add --adc/use_arabic_dynamic_comb option.
     (https://github.com/arakiken/mlterm/issues/136)
   * Add --crsz/cursor_size option to mlterm-fb.

    [25 lines not shown]
VersionDeltaFile
1.104+4-7x11/mlterm/distinfo
1.213+2-3x11/mlterm/Makefile
1.3+1-1x11/mlterm/MESSAGE
1.2+1-1x11/mlterm/patches/patch-uitoolkit_ui__display.h
1.2+1-1x11/mlterm/patches/patch-uitoolkit_xlib_ui__display.c
1.4+1-1x11/mlterm/patches/patch-uitoolkit_xlib_ui__window.c
+10-146 files

NetBSD/pkgsrc-wip 2d4d1dechromium TODO Makefile

chromium: update todo
DeltaFile
+3-17chromium/TODO
+0-1chromium/Makefile
+3-182 files

NetBSD/pkgsrc MSkpQl8doc CHANGES-2026

   doc: Updated www/chromium to 150.0.7871.100
VersionDeltaFile
1.4350+2-1doc/CHANGES-2026
+2-11 files

NetBSD/src seRALhQdoc 3RDPARTY CHANGES

   new libevent
VersionDeltaFile
1.2230+3-6doc/3RDPARTY
1.3278+2-1doc/CHANGES
+5-72 files

NetBSD/src 1qQ0gBxdistrib/sets/lists/base shl.mi, distrib/sets/lists/debug shl.mi

   bump libevent
VersionDeltaFile
1.1046+5-5distrib/sets/lists/base/shl.mi
1.409+5-5distrib/sets/lists/debug/shl.mi
+10-102 files

NetBSD/pkgsrc TrothZVwww/chromium distinfo, www/chromium/patches patch-base_files_file__path__watcher__kqueue.cc patch-third__party_vulkan-loader_src_loader_loader__environment.c

   chromium: update to 150.0.7871.100

   This update doesn't include security fixes.
   A full list of changes in this build is available in
   https://chromium.googlesource.com/chromium/src/+log/150.0.7871.47..150.0.7871.101?pretty=fuller&n=10000
VersionDeltaFile
1.50+1,628-1,621www/chromium/distinfo
1.3+45-16www/chromium/patches/patch-base_files_file__path__watcher__kqueue.cc
1.1+44-0www/chromium/patches/patch-third__party_vulkan-loader_src_loader_loader__environment.c
1.1+25-0www/chromium/patches/patch-third__party_vulkan-loader_src_loader_vk__loader__platform.h
1.1+24-0www/chromium/patches/patch-third__party_vulkan-loader_src_BUILD.gn
1.1+21-0www/chromium/patches/patch-third__party_nasm_output_outieee.c
+1,787-1,6371,620 files not shown
+3,450-3,2681,626 files

NetBSD/src ArpOLrRexternal/bsd/libevent/man event.h.3 http.h.3

   Merge changes between libevent 2.1.12 and 2.1.13
VersionDeltaFile
1.4+540-347external/bsd/libevent/man/event.h.3
1.5+336-301external/bsd/libevent/man/http.h.3
1.4+347-225external/bsd/libevent/man/rpc.h.3
1.2+263-218external/bsd/libevent/man/bufferevent.h.3
1.4+270-156external/bsd/libevent/man/util.h.3
1.4+237-186external/bsd/libevent/man/buffer.h.3
+1,993-1,43349 files not shown
+4,091-2,53255 files

NetBSD/src Di8fqKNexternal/bsd/libevent/dist configure aclocal.m4, external/bsd/libevent/dist/build-aux config.sub config.guess

   import libevent-2.1.13 (previous was 2.1.12)

   Changes in version 2.1.13-stable (01 July 2026)

    This release contains several security fixes, affecting users of the
    following modules: evbuffer, bufferevent, evtag, evrpc, evdns, evhttp.
    If you have a program that uses one of those modules,
    or if you distribute libevent, you should upgrade.

    Additionally, this release backports some small modernizations to
    the libevent codebase, to aid in compiling with the compilers
    released over the last few years.

    Security Fixes (evtag, evrpc):
    - Fix an out-of-bounds read in decode_tag_internal.
      (Found by @Brubbish. GHSA-fj29-64w6-73h6)
    - Fix an integer overflow in evtag_unmarshal_header.
      (Found by @Brubbish. GHSA-45c6-qx49-89m8)


    [31 lines not shown]
VersionDeltaFile
1.1.1.5+7,713-4,842external/bsd/libevent/dist/configure
1.1.1.2+993-432external/bsd/libevent/dist/build-aux/config.sub
1.1.1.2+711-563external/bsd/libevent/dist/build-aux/config.guess
1.1.1.2+495-347external/bsd/libevent/dist/build-aux/ltmain.sh
1.1.1.4+341-243external/bsd/libevent/dist/m4/libtool.m4
1.1.1.5+320-140external/bsd/libevent/dist/aclocal.m4
+10,573-6,56738 files not shown
+11,604-7,01744 files

NetBSD/pkgsrc-wip 27f9ff2chromium distinfo, chromium/patches patch-third__party_nasm_output_outieee.c patch-base_files_file__path__watcher__kqueue.cc

chromium: fix build
DeltaFile
+34-34chromium/distinfo
+5-2chromium/patches/patch-third__party_nasm_output_outieee.c
+3-4chromium/patches/patch-base_files_file__path__watcher__kqueue.cc
+1-1chromium/patches/patch-build_toolchain_freebsd_BUILD.gn
+1-1chromium/patches/patch-build_toolchain_netbsd_BUILD.gn
+1-1chromium/patches/patch-build_toolchain_openbsd_BUILD.gn
+45-4329 files not shown
+74-7235 files