NetBSD/pkgsrc VaVR9qrdoc CHANGES-2026

   doc: Updated net/libcares to 1.34.7
VersionDeltaFile
1.4297+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc fhZZsIinet/libcares distinfo Makefile

   libcares: update to 1.34.7.

   ## c-ares version 1.34.7 - July 6 2026

   This is a security release.

   Security:
   * CVE-2026-33630. Use-after-free / double-free in c-ares' query-completion
     handling, remotely triggerable via ares_getaddrinfo() over TCP. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
   * CPU-exhaustion denial of service via unbounded DNS name compression pointer
     chains. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-pjmc-gx33-gc76
   * Memory-amplification denial of service via unvalidated DNS header record
     counts. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-jv8r-gqr9-68wj

   Changes:
   * `ares_getaddrinfo()`: handle a NULL node per POSIX and implement

    [55 lines not shown]
VersionDeltaFile
1.47+4-4net/libcares/distinfo
1.55+2-2net/libcares/Makefile
1.36+2-2net/libcares/PLIST
+8-83 files

NetBSD/pkgsrc-wip fc6ef44ap-modsecurity2 COMMIT_MSG Makefile, ap-modsecurity2/files README.pkgsrc

ap-modsecurity2: remove, imported to pkgsrc
DeltaFile
+0-126ap-modsecurity2/COMMIT_MSG
+0-54ap-modsecurity2/Makefile
+0-26ap-modsecurity2/files/README.pkgsrc
+0-17ap-modsecurity2/options.mk
+0-7ap-modsecurity2/DESCR
+0-5ap-modsecurity2/PLIST
+0-2352 files not shown
+0-2418 files

NetBSD/pkgsrc WqmixqYsecurity/ap-modsecurity2 Makefile distinfo, security/ap-modsecurity2/files README.pkgsrc

   ap-modsecurity2: Update to version 2.9.14

   Last version changes:

   02 Jul 2026 - 2.9.14
   --------------------

    * chore: fix cppcheck issues with v2.21.0
      [Issue #3593 - @airween]
    * fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
      [Issue #3592 - @fzipi]
    * Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
      [Issue #3578 - @hnakamur]
    * Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
      [Issue #3560 - @g4mm4-VCF]

   28 Apr 2026 - 2.9.13
   --------------------


    [107 lines not shown]
VersionDeltaFile
1.1+26-0security/ap-modsecurity2/files/README.pkgsrc
1.76+13-12security/ap-modsecurity2/Makefile
1.13+4-6security/ap-modsecurity2/distinfo
1.9+2-1security/ap-modsecurity2/PLIST
1.4+1-1security/ap-modsecurity2/MESSAGE
1.2+1-1security/ap-modsecurity2/patches/patch-apache2_msc__crypt.c
+47-211 files not shown
+48-227 files

NetBSD/pkgsrc l2E4seMdoc CHANGES-2026

   doc: Updated security/ap-modsecurity2 to 2.9.14
VersionDeltaFile
1.4296+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc c4F3uxzdoc CHANGES-2026

   doc: Updated wayland/foot to 1.27.0
VersionDeltaFile
1.4295+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc swI2japwayland/foot distinfo Makefile, wayland/foot/patches patch-char32.c

   foot: update to 1.27.0

   1.27.0

   * url.style=none|single|double|curly|dotted|dashed option added,
     allowing you to configure how URL underlines are drawn. The default
     is dotted.
   * URL underlines are now dotted by default, instead of plain
     underlines. This can be changed with the new url.style option.
   * If the cursor foreground and background colors are identical, use
     the current cell's foreground and background colors (inverted),
     instead of the default foreground and background colors.

   Fixed:
   * Other output (key presses, query replies etc) being mixed with paste
     data, both interactive pastes and OSC-52.
   * Scrollback search not working correctly when the terminal
     application has enabled the kitty keyboard protocol with release
     event reporting.

    [4 lines not shown]
VersionDeltaFile
1.2+5-6wayland/foot/patches/patch-char32.c
1.2+5-5wayland/foot/distinfo
1.2+2-2wayland/foot/Makefile
+12-133 files

NetBSD/pkgsrc BmIuMutdevel/libepoll-shim builtin.mk buildlink3.mk

   libepoll-shim: add builtin.mk to skip on Linux

   libepoll-shim is required for systems that have kqueue but not epoll.
   Linux does have epoll, so it is (a) unnecessary and (b) doesn't build.

   The detection logic is currently hardcoded to Linux only; I suppose it
   could be improved further.
VersionDeltaFile
1.1+49-0devel/libepoll-shim/builtin.mk
1.3+7-1devel/libepoll-shim/buildlink3.mk
+56-12 files

NetBSD/pkgsrc PT31WQbdoc CHANGES-2026

   doc: Updated devel/lcov to 2.5
VersionDeltaFile
1.4294+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc oSMMmY6devel/lcov PLIST Makefile, devel/lcov/patches patch-Makefile

   lcov: update to 2.5.

   Changes from previous release:

       add support for --unreachable-script callback - to filter unreachable branch and MC/DC expressions
       update llvm2lcov to support llvm/22
       generate man and HTML format documentation from RST.
       various bug fixes and test coverage improvements
VersionDeltaFile
1.5+95-0devel/lcov/PLIST
1.1+15-0devel/lcov/patches/patch-Makefile
1.24+9-3devel/lcov/Makefile
1.11+5-4devel/lcov/distinfo
+124-74 files

NetBSD/src axJLNYrsys/dev/pci viaide.c

   replace cp->name with channel in couple via_sata_chip_map_new() errors messages.

   channel name is never set in via_vt6421_chansetup(), so it's always null.
VersionDeltaFile
1.108+5-5sys/dev/pci/viaide.c
+5-51 files

NetBSD/pkgsrc 2SZ0HN1devel/aceunit Makefile

   devel/aceunit: Drop skipping vendor bash

   macOS has bash 3 builtin, and the tools platform used to accept that.
   Recently, tools bash was redefined to be >=4, and no longer uses macOS
   bash.

   The hack to avoid vendor bash was almost certainly about macOS, as I
   know of no other system with bash3, and I know of no other packge
   failures from bash 4.  On macOS, nothing will change; just a different
   reason not to use system baas.  On SmartOS, the package might use
   builtin bash 4, vs pkgsrc bash 5, but there's no reason to think
   that's a problem.
VersionDeltaFile
1.3+2-2devel/aceunit/Makefile
+2-21 files

NetBSD/pkgsrc qlE5iOagraphics/libjpeg-turbo Makefile buildlink3.mk

   libjpeg-turbo: fix linking; use system libz; bump revision
VersionDeltaFile
1.46+6-1graphics/libjpeg-turbo/Makefile
1.3+3-1graphics/libjpeg-turbo/buildlink3.mk
+9-22 files

NetBSD/pkgsrc-wip 941a686opencv PLIST TODO, opencv/patches patch-modules_dnn_src_protobuf__io.cpp patch-modules_dnn_src_layers_cast2__layer.cpp

opencv: fix build using upstream patches
DeltaFile
+303-312opencv/PLIST
+178-0opencv/patches/patch-modules_dnn_src_protobuf__io.cpp
+0-133opencv/TODO
+66-0opencv/patches/patch-modules_dnn_src_layers_cast2__layer.cpp
+0-55opencv/unapplied-patch
+49-0opencv/patches/patch-modules_dnn_src_protobuf__io.hpp
+596-50010 files not shown
+767-50216 files

NetBSD/pkgsrc pHy6bINdoc CHANGES-2026

   Updated devel/msgpack, editors/neovim
VersionDeltaFile
1.4293+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc gydpOnJeditors/neovim distinfo Makefile

   neovim: updated to 0.12.4

   0.12.4

   FEATURES
   - fec4045 lsp: clean up semantic token initialization and debounce
   - 55205b3 lsp: use LspNotify for semantic tokens

   PERFORMANCE
   - fded370 lsp: overscan semantic_token range requests
   - fa365ce treesitter: reduce memory usage of _select.lua

   FIXES
   - e57c37d api: nvim_buf_set_text resets changelist to 0
   - ea07b60 api: preserve ArrayOf metadata
   - 5ff4e14 cmdline: avoid redraw loop after wrapped line
   - a0d7e80 folds: foldcolumn is interrupted for virtual line above nested fold
   - a4cfded health: always set 'modifiable'
   - 7fd0f54 health: don't check node package via yarn

    [25 lines not shown]
VersionDeltaFile
1.27+4-4editors/neovim/distinfo
1.29+2-2editors/neovim/Makefile
+6-62 files

NetBSD/pkgsrc aKpA1Grdevel/msgpack distinfo Makefile

   msgpack: updated to 7.0.1

   7.0.1
   Set INSTALL_INTERFACE to CMAKE_INSTALL_INCLUDEDIR

   7.0.0
   Refine CI
   Updated cmake minimum required to 3.5-4.0
VersionDeltaFile
1.19+4-4devel/msgpack/distinfo
1.26+2-3devel/msgpack/Makefile
+6-72 files

NetBSD/pkgsrc xLGBB8Tdoc CHANGES-2026 TODO

   Updated textproc/mdbook, www/py-nh3, textproc/py-readme_renderer, net/py-responses
VersionDeltaFile
1.4292+5-1doc/CHANGES-2026
1.27550+1-3doc/TODO
+6-42 files

NetBSD/pkgsrc QaBALbGnet/py-responses distinfo Makefile

   py-responses: updated to 0.26.2

   0.26.2

   * Default headers (such as ``Content-Type``, ``Date`` and ``Server``) are now stripped
     from recorded files regardless of header name case. Previously, responses recorded from
     servers that send lowercase header names (for example over HTTP/2) kept these redundant
     headers in the generated file.
   * Fixed `query_param_matcher` mutating the caller's params dict when numeric
     values are provided.
VersionDeltaFile
1.42+4-4net/py-responses/distinfo
1.51+2-2net/py-responses/Makefile
+6-62 files

NetBSD/pkgsrc 927QHFKtextproc/py-readme_renderer distinfo Makefile

   py-readme_renderer: updated to 45.0

   45.0

   * Replace ``cmarkgfm`` with ``comrak``
   * Support footnotes in Markdown
   * Support inline link anchors
   * Allow ``class`` attribute on ``<pre>`` tags

   * Advertise support for Python 3.13
   * Remove support for Python 3.9, pypy 3.9, 3.10
   * Remove `python3` alias from Pygments
   * Fix test suite for Pygments update
   * Fix mypy annotations
   * Fix test failure with docutils 0.22
   * Fix package metadata
   * Fix ignored allowlists on ``clean()``
   * Don't abort reStructuredText rendering when a ``:scale:`` image can't be sized
   * Disable active input controls in rendered output

    [11 lines not shown]
VersionDeltaFile
1.14+4-4textproc/py-readme_renderer/distinfo
1.20+3-4textproc/py-readme_renderer/Makefile
+7-82 files

NetBSD/pkgsrc 9EOUHPhwww/py-nh3 distinfo cargo-depends.mk

   py-nh3: updated to 0.3.6

   0.3.6

   Validate clean_content_tags conflict with tags
   Document tag_attribute_values as alternate to attributes
   Add nh3.escape alias for clean_text
   Bump pyo3 from 0.28.3 to 0.29.0
   Expose ammonia's url_relative policy via url_relative kwarg
VersionDeltaFile
1.14+46-58www/py-nh3/distinfo
1.14+14-18www/py-nh3/cargo-depends.mk
1.16+4-4www/py-nh3/Makefile
+64-803 files

NetBSD/src sKYnDuxusr.sbin/fssconfig fssconfig.8

   fssconfig(8): Fix punctuation-o noticed milliseconds after commit.

   Prompted by the persistent confusion on my part that led to:

   PR bin/60383: fssconfig(8): distinguish between taking and loading a
   snapshot
VersionDeltaFile
1.14+3-3usr.sbin/fssconfig/fssconfig.8
+3-31 files

NetBSD/src N79tv7Qusr.sbin/fssconfig fssconfig.8

   fssconfig(8) Rework man page and give more practical examples.

   Prompted by the persistent confusion on my part that led to:

   PR bin/60383: fssconfig(8): distinguish between taking and loading a
   snapshot
VersionDeltaFile
1.13+238-79usr.sbin/fssconfig/fssconfig.8
+238-791 files

NetBSD/pkgsrc ddIuV1Htextproc/mdbook distinfo cargo-depends.mk

   mdbook: updated to 0.5.4

   mdBook 0.5.4

   Added

   - Added zoomable images feature.

   Changed

   - Updated dependencies.

   Fixed

   - Fixed layout bug with images in links.
   - Fixed previous-chapter nav hover overlapping sidebar resize handle.
   - Fixed missing LICENSE files in published crates.
   - Switched recommendation to linkcheck2 fork.
   - Fixed version in CI source install docs.
VersionDeltaFile
1.6+142-205textproc/mdbook/distinfo
1.5+46-67textproc/mdbook/cargo-depends.mk
1.6+3-3textproc/mdbook/Makefile
+191-2753 files

NetBSD/pkgsrc-wip 01ee5c1p5-Imager TODO

p5-Imager: CVE fixed (in 1.025)
DeltaFile
+0-2p5-Imager/TODO
+0-21 files

NetBSD/pkgsrc-wip 68486b2p5-Imager distinfo Makefile

p5-Imager: update to 1.032.

Imager 1.032 - 1 July 2026
============

 - JPEG: fix a memory leak from reading a JPEG image with more than
   one IPTC/APP13 block
   CVE-2026-13708

 - SGI: fix a buffer read over flow when reading a crafted RLE SGI
   file.
   CVE-2026-13705

 - getscanline() with type float in list context would leak the
   returned SVs.  Introduced in 1.013.

 - TIFF: sizeproc could potentiallly ignore a seek error when finding
   the current position (but then should fail later trying to restore
   it.)  Revealed by a signed comparison warning.

    [3 lines not shown]
DeltaFile
+3-3p5-Imager/distinfo
+1-1p5-Imager/Makefile
+4-42 files

NetBSD/src O31y1vwdoc 3RDPARTY

   openssh 10.4 is out
VersionDeltaFile
1.2228+3-3doc/3RDPARTY
+3-31 files

NetBSD/pkgsrc 3dLTdMwdoc CHANGES-2026 TODO

   doc: Updated security/openssh to 10.4p1
VersionDeltaFile
1.4291+2-1doc/CHANGES-2026
1.27549+2-1doc/TODO
+4-22 files

NetBSD/pkgsrc AWQOESasecurity/openssh distinfo Makefile

   openssh: update to 10.4p1.

   Changes since OpenSSH 10.3
   ==========================

   This release contains a number of security fixes as well as general
   bugfixes and a couple of new features.

   Security
   ========

    * sftp(1): when downloading files on the command-line using
      "sftp host:/path .", a malicious server could cause the file to
      be downloaded to an unexpected location. This issue was identified
      by the Swival Security Scanner.

    * scp(1): when copying files between two remote destinations, do
      not allow a malicious server to write files to the parent
      directory of the intended target directory.  This issue was

    [180 lines not shown]
VersionDeltaFile
1.131+4-4security/openssh/distinfo
1.293+2-2security/openssh/Makefile
+6-62 files

NetBSD/src 36ImsGGsys/arch/m68k/conf files.m68k

   Now that all m68k platforms are using the commonn db_memrw.c, declare
   that file in the common files.m68k.
VersionDeltaFile
1.76+2-1sys/arch/m68k/conf/files.m68k
+2-11 files