NetBSD/pkgsrc GN5rhmXdoc CHANGES-2026

   doc: Updated www/firefox140-l10n to 140.10.1
VersionDeltaFile
1.2713+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 7Gz0JGlwww/firefox140-l10n distinfo Makefile

   firefox140-l10n: update to 140.10.1
VersionDeltaFile
1.10+307-307www/firefox140-l10n/distinfo
1.10+2-2www/firefox140-l10n/Makefile
+309-3092 files

NetBSD/pkgsrc tS7MIEwdoc CHANGES-2026

   doc: Updated www/firefox140 to 140.10.1
VersionDeltaFile
1.2712+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc yKrZQOCwww/firefox140 distinfo Makefile, www/firefox140/patches patch-media_ffvpx_libavcodec_parser__list.c

   firefox140: update to 140.10.1

   Mozilla Foundation Security Advisory 2026-36
   Security Vulnerabilities fixed in Firefox ESR 140.10.1

   Announced
       April 28, 2026
   Impact
       high
   Products
       Firefox ESR
   Fixed in

           Firefox ESR 140.10.1

   #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component

   Reporter
       Xuehao Guo

    [45 lines not shown]
VersionDeltaFile
1.1+15-0www/firefox140/patches/patch-media_ffvpx_libavcodec_parser__list.c
1.14+5-4www/firefox140/distinfo
1.15+2-2www/firefox140/Makefile
+22-63 files

NetBSD/pkgsrc tFiOvnIdoc CHANGES-2026

   doc: Updated textproc/dasel to 3.8.1
VersionDeltaFile
1.2711+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc N34bY1Ptextproc/dasel Makefile distinfo

   dasel: update to 3.8.1.

   install man pages and shell completion

   ## [v3.8.1] - 2026-04-30

   - `dasel man` now generates a reproducible manpage based on [SOURCE_DATE_EPOCH](https://reproducible-builds.org/specs/source-date-epoch).
VersionDeltaFile
1.24+18-2textproc/dasel/Makefile
1.10+10-10textproc/dasel/distinfo
1.4+5-1textproc/dasel/PLIST
1.5+2-2textproc/dasel/go-modules.mk
+35-154 files

NetBSD/pkgsrc bAqIwPKdoc CHANGES-2026

   doc: Updated www/p5-Dancer to 1.3522
VersionDeltaFile
1.2710+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc kP91q7Zwww/p5-Dancer distinfo Makefile

   p5-Dancer: update to 1.3522.

   1.3522    2026-01-26 22:27:39+00:00 Europe/London

   [ENHANCEMENTS]
   - Remove unnecessary import from test file (avoid test failures on newer Perls)
   - Add security policy document
VersionDeltaFile
1.39+4-4www/p5-Dancer/distinfo
1.55+3-4www/p5-Dancer/Makefile
+7-82 files

NetBSD/pkgsrc 9A0KYriaudio/mixxx Makefile, misc/xfce4-weather-plugin Makefile

   *: bump revision after upower update
VersionDeltaFile
1.59+2-2sysutils/gnome-control-center/Makefile
1.84+2-2audio/mixxx/Makefile
1.114+2-2misc/xfce4-weather-plugin/Makefile
1.128+2-2sysutils/gnome-settings-daemon/Makefile
1.62+2-2sysutils/gnome-tracker-miners/Makefile
1.49+2-2sysutils/mate-power-manager/Makefile
+12-125 files not shown
+22-2111 files

NetBSD/pkgsrc qLhkHJ3doc CHANGES-2026

   doc: Updated devel/glib2 to 2.88.0nb1
VersionDeltaFile
1.2709+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc aWW5qOXsysutils/upower PLIST options.mk, sysutils/upower/patches patch-etc_UPower.conf.d_meson.build patch-etc_meson.build

   sysutils/upower: update to 1.91.2

   # upstream changes (since 1.90.9)

   Version 1.91.2
   --------------
   Released: 2026-04-01

   - Feature: Skip the systemd inhibitor when performing CriticalPowerAction (!309)
   - Feature: Introduce "Auto" CriticalPowerAction using systemd-logind Sleep() (!309)
   - Fix: Test CanPowerOff() availability before calling PowerOff() (!311)
   - Fix: Add charge limit support for systems providing only charge_control_end_threshold (!310, #342, #285)

   Version 1.91.1
   --------------
   Released: 2026-02-10

   - Fix: a resource leak (!294)
   - Fix: a NULL exception caused by a Non-NULL GError pointer (!295, #331)

    [31 lines not shown]
VersionDeltaFile
1.8+32-2sysutils/upower/PLIST
1.5+14-3sysutils/upower/options.mk
1.1+13-0sysutils/upower/patches/patch-etc_UPower.conf.d_meson.build
1.12+6-5sysutils/upower/distinfo
1.31+5-4sysutils/upower/Makefile
1.2+4-3sysutils/upower/patches/patch-etc_meson.build
+74-171 files not shown
+76-197 files

NetBSD/pkgsrc KxMaSuGdevel/glib2 Makefile distinfo, devel/glib2/patches patch-gmodule_gmodule-dl.c

   glib2: avoid false g_module_symbol() failures on NetBSD

   On NetBSD, do not turn a non-NULL dlsym() result into a
   g_module_symbol() failure only because dlerror() has a non-NULL value.

   POSIX specifies that it is implementation-defined whether dlerror()
   is thread-safe:
    https://pubs.opengroup.org/onlinepubs/9799919799/functions/dlerror.html
   as already noted in gmodule-dl.c comments.

   On NetBSD, dlerror(3) state is process-global and not thread-safe,
   so a non-NULL dlerror() value is not a reliable reason to reject
   a non-NULL dlsym() result.  Marking dlerror() as not thread-safe
   in GLib by DLERROR_IS_THREADSAFE=0 would only serialize GLib's
   own dynamic linker calls and would not protect against dynamic
   linker calls made outside GLib.

   POSIX also specifies that dlsym() returns a null pointer if the
   symbol cannot be found.  However, glibc documents cases where

    [8 lines not shown]
VersionDeltaFile
1.6+28-44devel/glib2/patches/patch-gmodule_gmodule-dl.c
1.314+2-1devel/glib2/Makefile
1.344+2-1devel/glib2/distinfo
+32-463 files

NetBSD/pkgsrc ZZ0naERgraphics/lcms2 Makefile

   graphics/lcms2: Explain upstream's (very unclear) cmake status

   I asked upstream a bunch of questions just now.   For now, avoid
   jumping to cmake because 1) upstream hasn't said it's baked and 2)
   usually new cmake systems have regressions and this one hasn't been
   tested.
VersionDeltaFile
1.25+8-1graphics/lcms2/Makefile
+8-11 files

NetBSD/pkgsrc YuxofXZdoc CHANGES-2026

   Updated www/py-scrapy, devel/py-test-codspeed, devel/py-test-order
VersionDeltaFile
1.2708+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc yl4ATb7devel/py-test-order distinfo Makefile

   py-test-order: updated to 1.4.0

   1.4.0
   Allows the plugin to run after `--failed-first` and similar options.

   Changes
   * removed official support for Python 3.7-3.9 (EOL), added Python 3.13 and 3.14

   New features
   * added option `--order-after-ff`, that allows to run `pytest-order` after built-in hooks
     like the `--failed-first` option

   Infrastructure
   * use trusted publisher for release (see https://docs.pypi.org/trusted-publishers/)
   * use `pyproject.toml` for project setup

   Documentation
   * use a theme for documentation supporting dark mode
   * added use case for ordering test modules
   * fixed documentation for `--indulgent-ordering` option
VersionDeltaFile
1.2+4-4devel/py-test-order/distinfo
1.2+2-2devel/py-test-order/Makefile
+6-62 files

NetBSD/pkgsrc iEUXD7Idevel/py-test-codspeed distinfo Makefile

   py-test-codspeed: updated to 4.5.0

   4.5.0

   Internals

   Pre-build macos binary
   Bump instrument-hooks submodule to use int32_t as pid
   Add macos integration test
VersionDeltaFile
1.9+4-4devel/py-test-codspeed/distinfo
1.11+2-2devel/py-test-codspeed/Makefile
+6-62 files

NetBSD/pkgsrc EvaJbKMgraphics/lcms Makefile

   graphics/lcms: Drop MAINTAINERship

   (Note that this is lcms-1, last released in 2009.   It is a deletion
   candidate, but there are multiple (surely unmaintained) packages
   depending on it.)
VersionDeltaFile
1.47+2-2graphics/lcms/Makefile
+2-21 files

NetBSD/pkgsrc j2qLKATwww/py-scrapy distinfo Makefile

   py-scrapy: updated to 2.15.2

   Scrapy 2.15.2 (2026-04-28)

   Bug fixes
   -   Fixed links in https://docs.scrapy.org/llms.txt
VersionDeltaFile
1.29+4-4www/py-scrapy/distinfo
1.39+2-2www/py-scrapy/Makefile
+6-62 files

NetBSD/pkgsrc tKoBl5mdoc CHANGES-2026

   Updated devel/buf, devel/mimalloc
VersionDeltaFile
1.2707+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc F4evApadevel/mimalloc distinfo Makefile

   mimalloc: updated to 3.3.2

   3.3.2

   various bug and security fixes through LLM audit (by @Zoxc). Only increase
   minimal purge size automatically if allow_thp is set to 2. Enable large OS
   alignment on all platforms (fixing OS large pages on Windows). Fix accounting
   of committed memory on Linux/macOS. Update MSVC atomics implementation when
   using C mode. Upstream Emscripten fixes. Proper atomic do-once implementation.
VersionDeltaFile
1.12+4-4devel/mimalloc/distinfo
1.16+2-2devel/mimalloc/Makefile
+6-62 files

NetBSD/pkgsrc phYoShcdevel/buf distinfo go-modules.mk

   buf: updated to 1.69.0

   1.69.0

   - Increase check plugin WASM memory limits to 1GiB.
   - Fix LSP stale diagnostics persisting after a file is closed or deleted.
   - Fix handling of unprefixed newlines in block comments.
   - Add LSP code lenses for `buf.gen.yaml` files: "Run buf generate" and "Check for plugin updates".
   - Add LSP warnings for `lint.ignore` and `breaking.ignore` paths in `buf.yaml` that do not match any file in the workspace.
VersionDeltaFile
1.6+76-76devel/buf/distinfo
1.6+24-24devel/buf/go-modules.mk
1.13+2-2devel/buf/Makefile
+102-1023 files

NetBSD/pkgsrc 7JbPSipdoc CHANGES-2026

   Updated security/py-fido2, devel/py-pip
VersionDeltaFile
1.2706+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc El0pGd4devel/py-pip PLIST distinfo

   py-pip: updated to 26.1

   26.1 (2026-04-26)

   Deprecations and Removals

   - Drop support for Python 3.9.

   Features

   - Add experimental support to read requirements from standardized pylock.toml files (``-r pylock.toml``).
   - Allow ``--uploaded-prior-to`` to accept a duration in days (e.g., ``P3D`` for 3 days ago).

   Enhancements

   - Speed up dependency resolution when there are complex conflicts.
   - Reduce memory usage when resolving large dependency trees.
   - Emit a deprecation warning when pip imports an unexpected module after
     installation of a distribution has started.

    [30 lines not shown]
VersionDeltaFile
1.52+45-64devel/py-pip/PLIST
1.75+4-4devel/py-pip/distinfo
1.90+5-2devel/py-pip/Makefile
+54-703 files

NetBSD/pkgsrc vCLLAH3security/py-fido2 distinfo Makefile

   py-fido2: updated to 2.2.0

   2.2.0

   * Restrict DLL search paths (YSA-2026-01).
   * Add support for experimental previewSign extension:
     https://yubicolabs.github.io/webauthn-sign-extension/4/#sctn-sign-extension
   * Add support for PSL wildcard and exception rules to RP validation.
   * Fix: WindowsClient hmac_secret extension raising Null pointer access error.
   * Fix: TPM attestation certificate Subject field validation.
VersionDeltaFile
1.15+4-4security/py-fido2/distinfo
1.18+2-5security/py-fido2/Makefile
1.6+4-1security/py-fido2/PLIST
+10-103 files

NetBSD/pkgsrc 3DDRU0ldoc CHANGES-2026

   doc: Updated ham/hamlib to 4.7.1
VersionDeltaFile
1.2705+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 0NdiXMPham/hamlib distinfo Makefile

   ham/hamlib: Update to 4.7.1

   Upstream NEWS, less bugfixes and minor improvements:

   Version 4.7.1
           * 2026-04-15
           * Add power off capability to Flrig backend.  (TNX Philip Rose)
           * New simplecat backend.  Supports Bunzee Labs DDX.  (TNX Dhiru Kholia)
           * Add new rig model Harris PRC-138.  (TNX Antonio Regazzoni)
VersionDeltaFile
1.39+4-4ham/hamlib/distinfo
1.72+2-2ham/hamlib/Makefile
+6-62 files

NetBSD/pkgsrc mcpaAwudoc CHANGES-2026

   doc: Updated textproc/rumdl to 0.1.84
VersionDeltaFile
1.2704+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc wJvPhH3textproc/rumdl distinfo Makefile

   textproc/rumdl: update to 0.1.84

   Added

       md054: atomic ref-emit fixes via Fix.additional_edits (d1b757c)

   Fixed

       md054,lsp: exact EOL counting and UTF-16 LSP positions (b8488b5)
       fix_utils: preserve source order for same-offset zero-width inserts (06b786c)
       md064: skip column-aligned list blocks (0175b7c)
       md046: recognize list-internal indented code blocks (476c8d8)
       md036: default fix=true to match advertised FullyFixable capability (3faac50)
       md076: prefer tight on Consistent style ties (8ed1e30)
       lsp: canonicalize rule-name lists at Config boundaries (51932d9)
VersionDeltaFile
1.25+4-4textproc/rumdl/distinfo
1.27+2-2textproc/rumdl/Makefile
1.13+0-0textproc/rumdl/cargo-depends.mk
+6-63 files

NetBSD/pkgsrc Opdvbu6textproc/rucola distinfo cargo-depends.mk

   textproc/rucula: update to 0.9.0

   Release Notes

       Added an additional configuration option that allows users to freely customize the columns shown in the select screen and their headers.
       This also adds the new, optional columns 'Score' and 'LastModified' (and technically 'Shuffle', which doesn't show anyhting).
       Also added the option to manually sort by score after another sorting option had been chosen with an active filter.
       The tag list is now also navigable with the arrow keys.
       PageUp and PageDown can now be used to move by 10 lines in the select screen and the tag list.
       Replaced several icons that used to require an installed Nerd font with their unicode counterparts to increase readability.
       Updated several dependencies to fix security issues.
       Updated dependencies to allow configuration files to use newer TOML versions.
       Fixed a bug that caused the vault path to not get corrected when a malformed config file was detected, thus crashing the program instead of displaying an error message.
       Rucola now detects when $EDITOR or the editor configuration option are set to the empty string and ignores them in this case.
       When falling back to the open crate, rucola now uses the first command (xdg-open) instead of the last command (kde-open).
       This should reduce the amount of users for whom rucola will crash when running with neither editor nor $EDITOR set.
       Added a nix flake for direct installation on NixOS as well as installation instructions.
VersionDeltaFile
1.4+844-535textproc/rucola/distinfo
1.3+280-177textproc/rucola/cargo-depends.mk
1.4+5-2textproc/rucola/Makefile
+1,129-7143 files

NetBSD/pkgsrc i4Gcp3Ndoc CHANGES-2026

   doc: Updated net/sniffnet to 1.5.0
VersionDeltaFile
1.2703+2-1doc/CHANGES-2026
+2-11 files