NetBSD/pkgsrc HwgllNkemulators/qemu Makefile PLIST

   Add microblazeel to UE_ARCHS and PLIST

   Fixes build failure on Linux
VersionDeltaFile
1.403+2-2emulators/qemu/Makefile
1.106+2-1emulators/qemu/PLIST
+4-32 files

NetBSD/pkgsrc fMeFmf3doc CHANGES-2026

   doc: Updated games/luanti to 5.16.1
VersionDeltaFile
1.2978+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc TDd2jdMgames/luanti PLIST distinfo

   luanti: update to 5.16.1

   5.16.1:
   Fixed bug introduced in 5.16.0 with water rendering

   5.16.0:

   Deprecations and compatibility notes
   - Writing to mod directories is now disallowed
   Client / Audiovisuals
   - Texture pack override.txt now supports overriding overlay tiles
   - Restore inventory cube (item mesh) shading
   -  Fixed incorrect animation state when placing nodes quickly
   - Fixed a graphical issue where the fog incorrectly changed the
     color of semi-transparent particles
   - Support more mouse buttons (beyond X2)
   - Add keybinds for camera movement
   - Formspec: Bug fixes related to inventory list interactions
   - Formspec: Focus behavior improvements

    [44 lines not shown]
VersionDeltaFile
1.7+8-1games/luanti/PLIST
1.8+4-4games/luanti/distinfo
1.18+2-2games/luanti/Makefile
+14-73 files

NetBSD/pkgsrc vYd2XIwdoc CHANGES-2026

   Updated textproc/py-tomlkit, textproc/ugrep, net/haproxy
VersionDeltaFile
1.2977+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc beXwK5Jnet/haproxy distinfo Makefile

   haproxy: updated to 3.3.9

   3.3.9
   - BUG/MINOR: sink: do not free existing sinks on allocation error
   - BUG/MINOR: vars: make parse_store() return error on var_set() failure
   - BUG/MINOR: vars: don't store the variable twice with set-var-fmt
   - BUG/MINOR: vars: only print first invalid char in fill_desc()
   - BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
   - BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
   - BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
   - BUG/MINOR: map: do not leak a map descriptor on load error
   - CLEANUP: map/cli: fix some map-related help messages
   - BUG/MINOR: pattern: release the reference on failure to load from file
   - CI: github: add DEBUG_STRICT=2 to ASAN jobs
   - BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
   - BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
   - BUG/MINOR: dns: always validate the source address in responses
   - BUG/MINOR: tcpcheck: Properly report error for http health-checks
   - BUG/MINOR: resolvers: Free new requester on error when linking a resolution

    [17 lines not shown]
VersionDeltaFile
1.148+4-4net/haproxy/distinfo
1.156+2-2net/haproxy/Makefile
+6-62 files

NetBSD/pkgsrc 2EV4mkHtextproc/ugrep distinfo Makefile

   ugrep: updated to 7.8.1

   7.8.1
   Fixed two issues:

   fix 545 --disable-avx512 tested and working
   fix 544 (same as 537) a bug in the ugrep v7.6 ~ v7.8 (since March 5, 2026) that can't handle very long lines in huge files properly, outputting uninitialized input file buffer contents as if part of the matching line or contents read after the input file buffer as if part of the matching line.
VersionDeltaFile
1.98+4-4textproc/ugrep/distinfo
1.107+2-2textproc/ugrep/Makefile
+6-62 files

NetBSD/pkgsrc qBAcJ0Wtextproc/py-tomlkit distinfo Makefile

   py-tomlkit: updated to 0.15.0

   0.15.0

   Changed
   - Update parser to support TOML spec v1.1.0.
VersionDeltaFile
1.25+4-4textproc/py-tomlkit/distinfo
1.27+2-2textproc/py-tomlkit/Makefile
+6-62 files

NetBSD/pkgsrc gkvoxoOdoc CHANGES-2026

   Updated audio/taglib, graphics/libsquish
VersionDeltaFile
1.2976+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc yUVlqyCgraphics/libsquish distinfo Makefile

   libsquish: updated to 1.15.1.4

   1.15.1.4
   https://github.com/oblivioncth/libsquish/compare/v1.15.1.3...v1.15.1.4
VersionDeltaFile
1.2+7-7graphics/libsquish/distinfo
1.2+3-3graphics/libsquish/Makefile
1.2+2-2graphics/libsquish/PLIST
+12-123 files

NetBSD/pkgsrc b7RmxSdaudio/taglib PLIST distinfo

   taglib: updated to 2.3

   TagLib 2.3 (May 10, 2026)

   * MP4: Support for chapters (Nero and QuickTime).
   * WAV: Support for BEXT and iXML chunks.
   * FLAC: Support for BEXT and iXML application blocks.
   * Opus: New audio property `outputGain()`.
   * Speed up Matroska reading by using seek head for element lookup.
   * Speed up Matroska writing by offering multiple write style modes.
   * More tolerant handling of files with oversized RIFF chunks, zero size ID3v2
     frames and Matroska chapters without edition.
   * Avoid wrong content-based detection as MPEG files.
   * Fix bitrate calculations for MPEG ADTS and MP4 ESDS.
   * Fix data race with multi-threaded use of `MP4::ItemFactory`.
   * Fix unbounded recursion in EBML/Matroska `MasterElement` and MP4 atoms.
   * Limit number of MP4 atoms at top level.
   * Fix writing too many offsets when updating MP4 stco/co64 atoms.
   * Fix k bounds in Shorten Rice-Golomb coding.
VersionDeltaFile
1.28+8-3audio/taglib/PLIST
1.35+4-4audio/taglib/distinfo
1.58+2-2audio/taglib/Makefile
+14-93 files

NetBSD/pkgsrc NCLY2Rldoc CHANGES-2026

   Updated devel/py-maturin, devel/py-guppy3
VersionDeltaFile
1.2975+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc jddcmb6devel/py-guppy3 distinfo Makefile

   py-guppy3: updated to 3.1.7

   Nothing changed, just releasing 3.1.7
VersionDeltaFile
1.15+4-4devel/py-guppy3/distinfo
1.20+2-2devel/py-guppy3/Makefile
+6-62 files

NetBSD/pkgsrc gmi72o8devel/py-maturin distinfo Makefile

   py-maturin: updated to 1.13.3

   1.13.3

   * Fix: disable abi3 in pyo3 config for version-specific fallback builds
VersionDeltaFile
1.54+4-4devel/py-maturin/distinfo
1.58+2-2devel/py-maturin/Makefile
+6-62 files

NetBSD/pkgsrc eZcA2fadoc CHANGES-2026

   Updated security/py-gssapi, security/py-asyncssh
VersionDeltaFile
1.2974+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc Gn5lIDusecurity/py-asyncssh distinfo Makefile

   py-asyncssh: updated to 2.23.0

   Release 2.23.0 (8 Feb 2026)

   * Added support for "Match localnetwork". Thanks go to Théophile Bastian
     for reporting this new match type, added in OpenSSH 9.4.

   * Enabled support for RSA with SHA-2 signatures in ssh-agent and Pageant.
     Thanks go to GitHub user Netzvamp for reporting this.

   * Changed MAC algorithm negotation to be skipped when using AEAD ciphers.
     Thanks go to GitHub user LilleCarl for reporting this issue and
     suggesting a potential fix.

   * Improved graceful termination when using ProxyCommand, waiting for
     the ProxyCommand tunnel to close when cleaning up a connection. Thanks
     go to Simon Liétar for reporting this issue and helping to investigate
     possible solutions.


    [20 lines not shown]
VersionDeltaFile
1.49+4-4security/py-asyncssh/distinfo
1.57+4-3security/py-asyncssh/Makefile
+8-72 files

NetBSD/pkgsrc 7c680yNsecurity/py-gssapi PLIST distinfo

   py-gssapi: updated to 1.11.1

   1.11.1

   Add Free-Threading and Limited API/Stable ABI
   Fix up classifier from typo

   1.11.0

   Add Free-Threading and Limited API/Stable ABI
VersionDeltaFile
1.14+25-25security/py-gssapi/PLIST
1.26+4-4security/py-gssapi/distinfo
1.34+3-3security/py-gssapi/Makefile
+32-323 files

NetBSD/pkgsrc 6V8u2xldoc CHANGES-2026

   Updated lang/python314, lang/py314-html-docs
VersionDeltaFile
1.2973+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 2BjahgClang/py314-html-docs distinfo Makefile, lang/python314 distinfo PLIST

   python314 py314-html-docs: updated to 3.14.5

   Python 3.14.5

   Security

   gh-148178: Hardened _remote_debugging by validating remote debug offset tables before using them to size memory reads or interpret remote layouts.

   Core and Builtins

   gh-146270: Fix a sequential consistency bug in structmember.c.
   gh-137293: Fix SystemError when searching ELF Files in sys.remote_exec().

   Library

   gh-149388: Make asyncio.windows_utils.PipeHandle closing idempotent.
   gh-149377: Update bundled pip to 26.1.1
   gh-138907: Support RFC 9309 in urllib.robotparser.
   gh-148615: Fix pdb to accept standard – end of options separator. Reported by haampie. Patched by Shrey Naithani.

    [12 lines not shown]
VersionDeltaFile
1.9+4-4lang/python314/distinfo
1.6+4-4lang/py314-html-docs/distinfo
1.5+3-5lang/python314/PLIST
1.6+2-2lang/python314/dist.mk
1.6+2-2lang/py314-html-docs/Makefile
+15-175 files

NetBSD/pkgsrc EfKIlSIdoc CHANGES-2026

   doc: Updated mail/mew to 6.11
VersionDeltaFile
1.2972+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc flpR5ctmail/mew PLIST distinfo

   Mew 6.11 (2026-05-11)

   * Supporting coming Emacs 31.
   * Removing fallback code from the "submission" port to the "smtp" port.
   * `mew-smtp-port` is now defined as `"submission"` instead of `"smtp"`.
   * Remove STARTTLS parameters for non-STARTTLS connections with GnuTLS
     [#212](github.com/kazu-yamamoto/Mew/pull/212)
   * Fix: BIMI logo color
     [#210](github.com/kazu-yamamoto/Mew/pull/210)
   * Support "BIMI-Indicator:" Header
     [#208](github.com/kazu-yamamoto/Mew/pull/208)
   * Hiding UI- in Message Mode
     [#204](https://github.com/kazu-yamamoto/Mew/pull/204)
   * Fix master password issues / Add Asymmetric (public key) encryption support
     [#201](https://github.com/kazu-yamamoto/Mew/pull/201)
VersionDeltaFile
1.21+5-4mail/mew/PLIST
1.55+4-4mail/mew/distinfo
1.110+2-2mail/mew/Makefile
+11-103 files

NetBSD/pkgsrc 4MDsyPVdoc CHANGES-2026

   Updated security/sqlmap, benchmarks/sysbench
VersionDeltaFile
1.2971+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 7BgnpBebenchmarks/sysbench Makefile PLIST, benchmarks/sysbench/patches patch-m4_ax__check__docbook.m4 patch-tests_Makefile.am

   sysbench: updated to 1.0.20

   1.0.20
   * build/CI/packaging: Add arm64 to Travis CI matrix
   * build/CI/packaging: add Ubuntu Focal
   * build/CI/packaging: remove Fedora Rawhide from CI matrix
   * build/CI/packaging: fix regression tests to work with MySQL 8.0.19+
   * build/CI/packaging: fix macOS builds in Travis
   * build/CI/packaging: remove Ubuntu Disco (EOL)
VersionDeltaFile
1.1+38-0benchmarks/sysbench/patches/patch-m4_ax__check__docbook.m4
1.30+20-12benchmarks/sysbench/Makefile
1.1+27-0benchmarks/sysbench/patches/patch-tests_Makefile.am
1.5+13-1benchmarks/sysbench/PLIST
1.6+6-5benchmarks/sysbench/distinfo
1.7+2-7benchmarks/sysbench/options.mk
+106-251 files not shown
+107-267 files

NetBSD/pkgsrc pOeSd8Ysecurity/sqlmap PLIST distinfo

   sqlmap: updated to 1.10.5

   1.10.5
   Minor update
VersionDeltaFile
1.21+22-1security/sqlmap/PLIST
1.30+4-4security/sqlmap/distinfo
1.45+2-2security/sqlmap/Makefile
+28-73 files

NetBSD/pkgsrc zqrW7FUdevel/concurrencykit Makefile

   concurrencykit: remove unnecessary default overrides; trim the comment
VersionDeltaFile
1.10+2-5devel/concurrencykit/Makefile
+2-51 files

NetBSD/pkgsrc nZ7s30qdoc CHANGES-2026

   Updated net/rsync, converters/py-bidi, devel/py-traitlets
VersionDeltaFile
1.2970+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc cDeCNaEdevel/py-traitlets distinfo Makefile

   py-traitlets: updated to 5.15.0

   5.15.0

   Enhancements made

   - Moved definitions of K and V outside of TYPE_CHECKING condition
   - Accept integer-valued numbers for Integer
   - Update `__new__` method to use Self type for improved type hinting
   - Fix whitespace formatting in CLI help.

   Bugs fixed

   - Fix `traitlets.__all__`
   - The --config option with absolute paths will be loaded only once.
   - Avoid using `return t.cast` which can prevent attribute access during process teardown
   - Suppress exceptions when closing handlers during `__del__`
VersionDeltaFile
1.28+4-4devel/py-traitlets/distinfo
1.36+2-4devel/py-traitlets/Makefile
+6-82 files

NetBSD/pkgsrc lgm6eiUdoc CHANGES-2026

   doc: Updated textproc/p5-XML-LibXML to 2.0210nb9
VersionDeltaFile
1.2969+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc WS2MxtDtextproc/p5-XML-LibXML distinfo Makefile, textproc/p5-XML-LibXML/patches patch-dom.c patch-t_06elements.t

   p5-XML-LibXML: Add upstream patch to fix CVE-2026-8177

   Bump PKGREVISION.
VersionDeltaFile
1.1+68-0textproc/p5-XML-LibXML/patches/patch-dom.c
1.1+53-0textproc/p5-XML-LibXML/patches/patch-t_06elements.t
1.56+3-1textproc/p5-XML-LibXML/distinfo
1.106+2-2textproc/p5-XML-LibXML/Makefile
+126-34 files

NetBSD/pkgsrc uUS0KuKconverters/py-bidi Makefile distinfo

   py-bidi: updated to 0.6.9

   0.6.9

   * Rust extension declares ``gil_used = false`` so it runs under free-threaded (no-GIL) Python [Meir Kriheli]
   * Added concurrent stress test for ``get_display`` under free-threaded builds [Meir Kriheli]
   * CI: optional cp313t/cp314t wheel builds when setup-python provides those interpreters; free-threaded test job prefers 3.14t with 3.13t fallback [Meir Kriheli]
   * CI: Intel macOS wheels now built on macOS 15 (replacing macOS 13) [Meir Kriheli]
   * Use ``uv`` for nox virtualenvs; add ``uv.lock`` and document uv-based dev setup in README and CONTRIBUTING [Meir Kriheli]
   * Set ``requires-python = ">=3.9"`` explicitly in ``pyproject.toml`` [Meir Kriheli]

   0.6.8

   * Added missing 3.14 build for Linux
VersionDeltaFile
1.7+3-5converters/py-bidi/Makefile
1.6+4-4converters/py-bidi/distinfo
+7-92 files

NetBSD/pkgsrc T2dY5senet/rsync distinfo Makefile, net/rsync/patches patch-sender.c

   rsync: updated to 3.4.2

   rsync 3.4.2 (28 Apr 2026)

   Changes in this version:

   SECURITY RELATED:

   Several security-relevant defects were reported and fixed since 3.4.1. None were assigned a CVE — rsync's fork-per-connection design scopes the impact of each of these to the attacker's own connection, which is equivalent to the client closing the socket itself — but they are fixed here as a matter of hygiene and to reduce the chances of a future exploitable combination. Many thanks to the external researchers who reported these issues.

   Fixed a signed integer overflow in the PROXY protocol v2 header parser: a negative len field could bypass the size check and cause a stack buffer overflow in read_buf(). Reported by John Walker of ZeroPath.

   Fixed an invalid access to the files array. Reported by Calum Hutton of Rapid7.

   Reject negative token values in the compressed-stream token decoder; a negative value could cause callers to misinterpret a missing data pointer as literal data. Reported by Will Sergeant.

   Fixed the element count passed to the xattr qsort() (see https://www.openwall.com/lists/oss-security/2026/04/16/2).

   Fixed a buffer underflow in clean_fname(), and added a regression test.

    [60 lines not shown]
VersionDeltaFile
1.65+4-5net/rsync/distinfo
1.132+2-3net/rsync/Makefile
1.2+1-1net/rsync/patches/patch-sender.c
+7-93 files