pkg-vulnerabilities: mark libssh vulns as fixed and adjust versions.
We package libssh-0.11.4 as 0.114, for historical reasons, as mentioned
in the package Makefile. Thus, 'libssh<0.11.2' never fires, so adjust
all the 0.11.x vulnerabilities accordingly.
libssh: update to 0.11.4
This is a stable release in the 0.11 series. There is also 0.12.0
available, but this has less potential for breakage, I assume.
version 0.11.4 (released 2026-02-10)
* Security:
* CVE-2025-14821: libssh loads configuration files from the C:\etc directory
on Windows
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
* CVE-2026-0967: Specially crafted patterns could cause DoS
* CVE-2026-0968: OOB Read in sftp_parse_longname()
* libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
extensions
* Stability and compatibility improvements of ProxyJump
[31 lines not shown]
libhidapi: reduce diffs from ustream implementation.
Tested with ch32fun and UIAPduino on NetBSD/i386 10.1 with
both ohci and xhci.
Also sync DESCR with the latest version.
Update xenkernel420, xentools420 and xenstoretools to 20260317.
Changes since 20251113: mostly bug fixes and small improvements on
some hardware, including security fixes up to XSA481
net/powerdns-recursor: Update to version 5.4.0
From Marcin Gondek via wip.
Changelogs for 5.4.X
Before upgrading, it is advised to read the Upgrade Guide.
5.4.0
Released: 9th of March 2026 with no changes since 5.4.0-rc1 except the version.
5.4.0-rc1
Released: 17th of February 2026
Improvements
Harmonize with dnsdist PR #16741 with respect to OpenTelemetry instance name.
References: pull request 16756
Coverity 1644498 Variable copied when it could be moved.
References: pull request 16784
Opentelemetry: add flags field in TRACEPARENT EDNS option.
References: pull request 16786
[217 lines not shown]
devel/difftastic: update to 0.68.0
Git Support
- Fixed an issue where git with difftastic would terminate with fatal: external diff died when there was an unmerged path.
Parsing
- Updated Bash, C, Go, Lua, Nix, Perl, Python, Rust, Scala, Swift and YAML parsers.
- Fixed an issue with parsing raw string literals in Rust.
Build
- Difftastic now requires Rust 1.77 or later to build.
- Difftastic no longer uses jemalloc on any Windows builds. Previously jemalloc was only disabled for MSVC.
Command Line Interface
- Improved error reporting when invoked with an invalid number of arguments.
Display
- Fixed an issue with inline display where it didn't always respect the value of --context.
- Fixed an issue with side-by-side rendering when files contain tabs.
mk: Add MAKE_JOBS_SAFE to pbulk-index output.
Only add it if the variable is set to avoid unnecessarily growing the scan
output too much. Not currently used by pbulk (it will safely be ignored)
but bob will use it in the next release for dynamic job allocation. Ok wiz.
