Import bind 9.20.23 (previous was 9.20.22)
Security Fixes
Limit resolver server list size. (CVE-2026-3592)
When resolving a domain with many nameservers that shared overlapping
IP addresses (e.g., 10 NS records all pointing at the same set of
addresses), BIND could previously waste time querying duplicate
addresses and build up excessively large server lists. Addresses
in the resolver's server list are now deduplicated so that each
unique IP is only queried once per resolution attempt, regardless
of how many NS records point to it. The number of addresses stored
per nameserver name is also now capped at six (combined A and AAAA),
preventing memory and CPU overhead from domains with unusually
large NS/glue sets.
ISC would like to thank Shuhan Zhang from Tsinghua University for
reporting this issue. [GL #5641]
[222 lines not shown]
lang/go126: Avoid excessive parallism
Tell "go build" to use at most ${MAKE_JOBS} threads, instead of the
vastly higher number that it tends to use, at least on machines with
many CPUs. This meets the intent of MAKE_JOBS because there is only
one "go build" process.
As discussed on tech-pkg@ with no $MAINTAINER objection.
bind920: update to version 9.20.23.
Pkgsrc changes:
* None, other than checksum changes.
Upstream changes:
BIND 9.20.23
------------
Security Fixes
~~~~~~~~~~~~~~
- Fix outgoing zone transfers' quota issue. ``1006b044b7``
Unauthorized clients could consume outgoing zone transfers quota and
block authorized zone transfer clients. This has been fixed.
:gl:`#3589`
[344 lines not shown]
sysutils/zellij: import package
Packaged in wip by ci4ic4 (with the aid of Claude Code). bsiegert and myself.
Zellij is a terminal workspace. It has the base functionality of a terminal
multiplexer (similar to tmux or screen) but includes many built-in features
that would allow users to extend it and create their own personalized
environment.
misc/tailspin: update to 6.1.0
Added
--extras jvm-stack-trace highlights JVM stack traces (Java, Kotlin, Scala, etc.)
TAILSPIN_EXTRAS environment variable to set extras without the --extras flag
Performance
Cache ANSI style prefixes in a thread-local, avoiding per-line allocation in the render pipeline
Fixed
Theme parse and read errors now include the path of the offending file
Reject unknown fields in theme.toml so they surface as errors instead of being silently ignored
--exec no longer tears down the pager the moment the spawned subprocess exits
Kill the pager when tailspin exits due to a stream error, instead of leaving it orphaned
Overriding builtin keywords in theme.toml should always take precedence over the builtin
ones (#267)
audio/spotify-qt: reset maintainer
Given constant changes in Spotifys API and increasing restrictions being
imposed, I can no longer test these packages.
- librespot
- ncspot
- spotify-player
- spotify-qt
It's still my intention to keep these up-to-date but, I can only run test
builds and no functional testing. Hence, dropping MAINTAINER.
audio/spotify-player: reset maintainer
Given constant changes in Spotifys API and increasing restrictions being
imposed, I can no longer test these packages.
- librespot
- ncspot
- spotify-player
- spotify-qt
It's still my intention to keep these up-to-date but, I can only run test
builds and no functional testing. Hence, dropping MAINTAINER.
audio/ncspot: reset maintainer
Given constant changes in Spotifys API and increasing restrictions being
imposed, I can no longer test these packages.
- librespot
- ncspot
- spotify-player
- spotify-qt
It's still my intention to keep these up-to-date but, I can only run test
builds and no functional testing. Hence, dropping MAINTAINER.
audio/librespot: reset maintainer
Given constant changes in Spotifys API and increasing restrictions being
imposed, I can no longer test these packages.
- librespot
- ncspot
- spotify-player
- spotify-qt
It's still my intention to keep these up-to-date but, I can only run test
builds and no functional testing. Hence, dropping MAINTAINER.
py-eliot: updated to 1.18.0
1.18.0
Bug fixes:
* Fixed traceback-logging issue in threaded logger on some versions of Python.
Enhancements:
* JSON logging will now output a repr for unserializable objects, rather than blowing up and failing to log. Thanks to Maciej Katafiasz for the patch.
* Official support for Python 3.14.
Deprecations and removals:
* Dropped support for Python 3.9.
lang/ruby40: update to 4.0.5
Ruby 4.0.5 (2026-05-20)
* CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout
handler
* Bug #22065: make rdoc fails with invalid byte sequence in US-ASCII on Ruby
4.0.4 under C locale - Ruby - Ruby Issue Tracking System