NetBSD/pkgsrc 3LF410Wnet/ipv6calc Makefile PLIST

   net/ipv6calc: Update to version 4.4.0

   General:
   internal databases: update
   IP2Location 8.7.0 related (relates to https://github.com/chrislim2888/IP2Location-C-Library/releases/tag/8.7.0
   which has unfortunatly incompatible API changes)

   ipv6calcweb/ipv6calcweb.cgi.in: add support for new fields in DB26 with 8.7.0
   add support for additional data in DB26 usable with IP2Location >= 8.7.0
   check IP2Location > 8.6.1 related compatibility/fallback
   Extensions:
   add option --has-feature <NAME>
VersionDeltaFile
1.40+17-10net/ipv6calc/Makefile
1.6+10-0net/ipv6calc/PLIST
1.20+4-4net/ipv6calc/distinfo
+31-143 files

NetBSD/pkgsrc eEEgQaadoc CHANGES-2026 TODO

   doc: Updated net/ipv6calc to 4.4.0
VersionDeltaFile
1.3722+2-1doc/CHANGES-2026
1.27395+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc Hv4uhV5doc CHANGES-2026

   Updated www/py-bleach, security/py-pip-audit
VersionDeltaFile
1.3721+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc MBfvWZusecurity/py-pip-audit Makefile distinfo

   py-pip-audit: updated to 2.10.1

   2.10.1

   Fixed a KeyError crash when an OSV vulnerability record contains an
   affected entry that omits the optional ranges field
VersionDeltaFile
1.43+3-5security/py-pip-audit/Makefile
1.35+4-4security/py-pip-audit/distinfo
+7-92 files

NetBSD/pkgsrc NbS93nKwww/py-bleach distinfo Makefile

   py-bleach: updated to 6.4.0

   Version 6.4.0 (June 5th, 2026)

   **NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future
   releases including for security issues.**
   See issue: `<https://github.com/mozilla/bleach/issues/698>`__

   **Backwards incompatible changes**

   * Dropped support for pypy 3.10.

   **Security fixes**

   * Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

     Fix XSS issue with sanitize_uri_value where disallowed schemes with
     Unicode invisible characters wouldn't be rejected.


    [28 lines not shown]
VersionDeltaFile
1.25+4-4www/py-bleach/distinfo
1.34+2-2www/py-bleach/Makefile
+6-62 files

NetBSD/pkgsrc hqL2HuIdoc CHANGES-2026

   doc: Added www/py-zensical version 0.0.44
VersionDeltaFile
1.3720+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc UFPjmHOwww Makefile

   www/Makefile: + py-zensical
VersionDeltaFile
1.1922+2-1www/Makefile
+2-11 files

NetBSD/pkgsrc aPfjHyOwww/py-zensical PLIST distinfo

   www/py-zensical: import py-zensical-0.0.44

   A modern static site generator built by the creators of Material
   for MkDocs.
VersionDeltaFile
1.1+16,609-0www/py-zensical/PLIST
1.1+530-0www/py-zensical/distinfo
1.1+177-0www/py-zensical/cargo-depends.mk
1.1+28-0www/py-zensical/Makefile
1.1+2-0www/py-zensical/DESCR
+17,346-05 files

NetBSD/pkgsrc anMRPXbdoc CHANGES-2026

   doc: Added textproc/py-pymdown-extensions version 10.21.3
VersionDeltaFile
1.3719+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ATVFmy3textproc Makefile

   textproc/Makefile: + py-pymdown-extensions
VersionDeltaFile
1.1592+2-1textproc/Makefile
+2-11 files

NetBSD/pkgsrc IMnlG25textproc/py-pymdown-extensions PLIST Makefile

   textproc/py-pymdown-extensions: import py-pymdown-extensions-10.21.3

   Packaged for wip by K.I.A.Derouiche.

   Extension pack for Python Markdown
VersionDeltaFile
1.1+134-0textproc/py-pymdown-extensions/PLIST
1.1+20-0textproc/py-pymdown-extensions/Makefile
1.1+5-0textproc/py-pymdown-extensions/distinfo
1.1+1-0textproc/py-pymdown-extensions/DESCR
+160-04 files

NetBSD/pkgsrc nnYYjxNdoc CHANGES-2026

   doc: Added devel/py-deepmerge version 2.0
VersionDeltaFile
1.3718+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc gPgWmDQdevel Makefile

   devel/Makefile: + py-deepmerge
VersionDeltaFile
1.4637+2-1devel/Makefile
+2-11 files

NetBSD/pkgsrc 9aZQNkVdevel/py-deepmerge PLIST Makefile

   devel/py-deepmerge: import py-deepmerge-2.0

   A tools to handle merging of nested data structures in Python.
VersionDeltaFile
1.1+67-0devel/py-deepmerge/PLIST
1.1+19-0devel/py-deepmerge/Makefile
1.1+5-0devel/py-deepmerge/distinfo
1.1+1-0devel/py-deepmerge/DESCR
+92-04 files

NetBSD/pkgsrc gh62kLpdoc CHANGES-2026

   doc: Updated ham/trustedQSL to 2.8.6
VersionDeltaFile
1.3717+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ESTpCoydoc CHANGES-2026

   Updated net/ldns, net/drill, www/py-daphne
VersionDeltaFile
1.3716+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc cbWLdohwww/py-daphne Makefile distinfo

   py-daphne: updated to 4.2.2

   4.2.2 (2026-06-03)

   * Fixed a denial of service vulnerability via unbounded WebSocket message sizes.
     Daphne previously passed no message or frame size limits to autobahn,
     whose defaults are unbounded. This allowed an unauthenticated client
     to exhaust server memory by sending a very large WebSocket
     messages/frames (CVE-2026-44545).

     Both limits now default to 1 MiB and can be configured via the new
     ``--websocket-max-message-size`` and ``--websocket-max-frame-size`` CLI
     flags (or the matching ``Server`` constructor arguments). Pass ``0`` to
     restore the previous unlimited behaviour.

     Thanks to ParkHyunWoo for the report.

   * Fixed a header injection vulnerability on the WebSocket upgrade path
     (CVE-2026-44546).

    [12 lines not shown]
VersionDeltaFile
1.36+4-6www/py-daphne/Makefile
1.27+4-4www/py-daphne/distinfo
+8-102 files

NetBSD/pkgsrc kSi0idSnet/ldns distinfo version.mk

   ldns: updated to 1.9.2

   1.9.2   2026-06-10
   * Fix to set VERSION_INFO to create .so.3 instead of .so.11 which will
     be reserved for a future 1.10.0 release

   1.9.1   2026-06-10
   * Bugfix: Insufficient verification that responses belong to a
     query (CVE-2026-10846). Thanks Pablo Ruiz from 'codecome.ai'
VersionDeltaFile
1.31+4-4net/ldns/distinfo
1.4+2-2net/ldns/version.mk
+6-62 files

NetBSD/pkgsrc xDhOTq7security/pcsc-tools Makefile

   pcsc-tools: needs msgfmt
VersionDeltaFile
1.32+2-2security/pcsc-tools/Makefile
+2-21 files

NetBSD/pkgsrc FlW15SBdoc CHANGES-2026

   Updated lang/python31[34], lang/py31[34]-html-docs
VersionDeltaFile
1.3715+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc wtZiQRhlang/py314-html-docs distinfo Makefile, lang/python314 PLIST distinfo

   python314 py314-html-docs: updated to 3.14.6

   Python 3.14.6

   Security
   gh-151159: Update Android and iOS installers to use OpenSSL 3.5.7.
   gh-150599: Fix a possible stack buffer overflow in bz2 when a bz2.BZ2Decompressor is reused after a decompression error. The decompressor now becomes unusable after libbz2 reports an error.
   gh-149835: shutil.move() now resolves symlinks via os.path.realpath() when checking whether the destination is inside the source directory, preventing a symlink-based bypass of that guard.
   gh-149698: Update bundled libexpat to version 2.8.1 for the fix for CVE 2026-45186.
   gh-87451: The ftplib module’s undocumented ftpcp function no longer trusts the IPv4 address value returned from the source server in response to the PASV command by default, completing the fix for CVE-2021-4189. As with ftplib.FTP, the former behavior can be re-enabled by setting the trust_server_pasv_ipv4_address attribute on the source ftplib.FTP instance to True. Thanks to Qi Deng at Aurascape AI for the report.
   gh-149486: tarfile.data_filter() now validates link targets using the same normalised value that is written to disk, strips trailing separators from the member name when resolving a symlink’s directory, and rejects link members that would replace the destination directory itself. This closes several path-traversal bypasses of the data extraction filter.
   gh-149079: Fix a potential denial of service in unicodedata.normalize(). The canonical ordering step of Unicode normalization used a quadratic-time insertion sort for reordering combining characters, which could be exploited with crafted input containing many combining characters in non-canonical order. Replaced with a linear-time counting sort for long runs.
   gh-149018: Improved protection against XML hash-flooding attacks in xml.parsers.expat and xml.etree.ElementTree when Python is compiled with libExpat 2.8.0 or later.
   Core and Builtins
   gh-151112: Fix a crash in the compiler that could occur when running out of memory.

   gh-151126: Fix a crash, when there’s no memory left on a device, which happened in:

   code compilation - _winapi.CreateProcess()

    [85 lines not shown]
VersionDeltaFile
1.6+11-2lang/python314/PLIST
1.7+4-4lang/py314-html-docs/distinfo
1.11+4-4lang/python314/distinfo
1.7+2-2lang/py314-html-docs/Makefile
1.7+2-2lang/python314/dist.mk
1.15+1-2lang/python314/Makefile
+24-166 files

NetBSD/pkgsrc WWh4UCilang/py313-html-docs distinfo Makefile, lang/python313 distinfo PLIST

   python313 py313-html-docs: updated to 3.13.14

   Python 3.13.14

   macOS
   gh-124111: Update macOS installer to use Tcl/Tk 8.6.18.
   gh-150644: When system logging is enabled (with config.use_system_logger, messages are now tagged as public. This allows the macOS 26 system logger to view messages without special configuration.
   gh-115119: Update macOS installer to use libmpdecimal 4.0.1.
   Windows
   gh-151159: Updated bundled version of OpenSSL to 3.0.21.
   gh-151159: Update macOS installer to use OpenSSL 3.0.21.
   Tests
   gh-151130: Add more tests for PyWeakref_* C API.
   gh-149776: Fix test_socket on Linux kernel 7.1 and newer: skip UDP Lite tests if it’s not supported. Patch by Victor Stinner.
   Security
   gh-151159: Bumps the OpenSSL version to 3.0.21 on Android.
   gh-150599: Fix a possible stack buffer overflow in bz2 when a bz2.BZ2Decompressor is reused after a decompression error. The decompressor now becomes unusable after libbz2 reports an error.
   gh-149835: shutil.move() now resolves symlinks via os.path.realpath() when checking whether the destination is inside the source directory, preventing a symlink-based bypass of that guard.
   gh-149698: Update bundled libexpat to version 2.8.1 for the fix for CVE 2026-45186.

    [115 lines not shown]
VersionDeltaFile
1.21+4-4lang/python313/distinfo
1.15+4-4lang/py313-html-docs/distinfo
1.14+6-2lang/python313/PLIST
1.15+2-2lang/python313/dist.mk
1.15+2-2lang/py313-html-docs/Makefile
+18-145 files

NetBSD/pkgsrc Xc6Ikkzdoc CHANGES-2026

   Updated databases/py-barman, www/py-beautifulsoup4
VersionDeltaFile
1.3714+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 4NLsqYtwww/py-beautifulsoup4 Makefile distinfo

   py-beautifulsoup4: updated to 4.15.0

   4.15.0 (20260607)

   * This is the last Beautiful Soup release to officially support Python
     3.7.

   * This is also the last release to support the obsolete methods,
     attributes and classes that were deprecated in 4.13.0. In a
     subsequent point release, the DeprecationWarning issued when you use
     these obsolete features will be replaced by NotImplementedError,
     giving you a final chance to change your code before the
     implementations are removed entirely. Once the features are removed,
     code that tries to use them will start behaving strangely, since
     Beautiful Soup will generally interpret the method and attribute
     names as tag names.

   * It is now possible to call new_tag() or new_string() directly on an
     existing Tag or NavigableString object, rather than the associated

    [45 lines not shown]
VersionDeltaFile
1.42+5-4www/py-beautifulsoup4/Makefile
1.34+4-4www/py-beautifulsoup4/distinfo
+9-82 files

NetBSD/pkgsrc HJypvFZdatabases/py-barman distinfo Makefile

   py-barman: updated to 3.19.1

   3.19.1 (2026-05-26)

   Bugfixes

   - Fix `cloud-wal-restore` failing to find compressed WAL files

     Fixed a bug where `barman-cloud-wal-restore` and `barman cloud-wal-restore` commands
     would fail to locate a compressed WAL file when a backup file with the same prefix
     existed in the cloud storage bucket.

     For example, when requesting WAL `00000001000000030000001A` and the bucket
     contained both `00000001000000030000001A.gz` and
     `00000001000000030000001A.00000028.backup.gz`, Barman would only locate the backup
     file and then write an error log like:

     ```
     ERROR: WAL file 00000001000000030000001A for server pg does not exist

    [4 lines not shown]
VersionDeltaFile
1.27+4-4databases/py-barman/distinfo
1.33+2-2databases/py-barman/Makefile
+6-62 files

NetBSD/pkgsrc tbc5N5Edoc TODO

   doc/TODO: + amule-3.0.0.
VersionDeltaFile
1.27394+2-1doc/TODO
+2-11 files

NetBSD/pkgsrc saPL2xLdoc CHANGES-2026

   Updated graphics/ansilove, www/py-django-haystack, www/py-django-timezone-field
VersionDeltaFile
1.3713+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc ydeprbvwww/py-django-timezone-field distinfo Makefile

   py-django-timezone-field: updated to 7.2.2

   7.2.2
   Test aginst django 6.1 pre-release
VersionDeltaFile
1.10+4-4www/py-django-timezone-field/distinfo
1.13+3-3www/py-django-timezone-field/Makefile
+7-72 files

NetBSD/pkgsrc Ws2ZzPBwww/py-django-haystack distinfo Makefile

   py-django-haystack: updated to 3.4.0

   3.4.0

   Remove obsolete ElasticSearch2 support and tests
   Add Django v5.1 to the testing
   GitHub Actions: Add Python 3.13 to the testing
   Fix typo.
   Fix RelatedSearchQueryset.load_all() truncating results
   [FIXED] -- handle trailing slash in Solr index URL for core reload.
   Bump the github-actions group with 2 updates
   Update license field to use proper SPDX identifier
   dev: Update Python dependencies
   dev: Update django
   fix: handle HEAD requests like GET in generic_views
   feat: Add requires-python to pyproject.toml (PEP 621)
   Add Python 3.14 and 3.14t to the testing
   Fix race condition in ConnectionRouter.routers lazy initialization
   add postgres backend to backend_support.rst
   Actions: limit permissions for tests
VersionDeltaFile
1.3+4-4www/py-django-haystack/distinfo
1.7+3-4www/py-django-haystack/Makefile
1.4+1-5www/py-django-haystack/PLIST
+8-133 files

NetBSD/pkgsrc f4EFnJagraphics/ansilove distinfo Makefile

   ansilove: updated to 4.2.2

   AnsiLove/C 4.2.2 (2026-06-10)

   - Update README to add a link to the Nix package
   - Fix "Amiga Topaz 1" font selection from SAUCE metadata
   - Fix font table entry count to make topaz500+ reachable
VersionDeltaFile
1.23+4-4graphics/ansilove/distinfo
1.27+2-2graphics/ansilove/Makefile
+6-62 files