curl & libcurl-gnutls: fix BUILDLINK_API_DEPENDS.openssl
The assignment shouldn't be placed in Makefile.common for more than one
reason (openssl is a build option, it should be propagated to packages
that link against libcurl, and, though harmless, makes no sense being
applied to libcurl-gnutls).
Related to PR pkg/59899. Also likely related to:
https://mail-index.netbsd.org/tech-pkg/2026/01/16/msg031893.html
www/chromium: update to 144.0.7559.59
* 144.0.7559.59
This update includes 10 security fixes. Below, we highlight fixes that
were contributed by external researchers. Please see the Chrome Security
Page for more information.
[$8000][458914193] High CVE-2026-0899: Out of bounds memory access in V8.
Reported by @p1nky4745 on 2025-11-08
[TBD][465730465] High CVE-2026-0900: Inappropriate implementation in V8.
Reported by Google on 2025-12-03
[TBD][40057499] High CVE-2026-0901: Inappropriate implementation in Blink.
Reported by Irvan Kurniawan (sourc7) on 2021-10-04
[$4000][469143679] Medium CVE-2026-0902: Inappropriate implementation in V8.
Reported by 303f06e3 on 2025-12-16
[$3000][444803530] Medium CVE-2026-0903: Insufficient validation of untrusted
input in Downloads. Reported by Azur on 2025-09-13
[$1000][452209495] Medium CVE-2026-0904: Incorrect security UI in Digital
[11 lines not shown]
lang/php85: update to 8.5.2
8.5.2 (2026-01-15)
15 Jan 2026, PHP 8.5.2
- Core:
. Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
with dynamic class const lookup default argument). (ilutov)
. Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing
malformed INI input via parse_ini_string()). (ndossche)
. Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
. Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant
ob_start() during error deactivation). (ndossche)
. Fixed bug GH-20745 ("Casting out of range floats to int" applies to
strings). (Bob)
- DOM:
. Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning
[51 lines not shown]
lang/ruby32-base: update to 3.2.10
3.2.10 (2026-01-14)
This release includes the following security fixes:
* CVE-2025-61594: URI Credential Leakage Bypass previous fixes | Ruby
* CVE-2025-58767: DoS vulnerability in REXML | Ruby
and the following fixes for some issues:
* Build issue of using Ruby 4.0 with BASERUBY at Windows platform
* Issue with OpenSSL 3.6.0
What's Changed
* Backport post_push.yml workflow to ruby_3_2 by k0kubun · Pull Request
#14771
* Backport fetch_changesets to ruby_3_2 by k0kubun · Pull Request #14774
[2 lines not shown]
py-last: updated to 7.0.2
7.0.2
Fixed
Fix user playcount for artists
Create httpx.Client with context manager to fix unclosed socket resource warning
Fix setting network for country.get_top_artists
Simplify xml.dom imports
ham/wsjtx: import wsjtx-2.5.4
Weak Signal Communication Software
WSJT-X, WSJT, MAP65, and WSPR are open-source programs designed for
weak-signal digital communication by amateur radio. Normal usage
requires a standard SSB transceiver and a personal computer with
soundcard, or the equivalent. SDR-style hardware including the
SDR-IQ, Perseus, SoftRock, and FUNcube Dongle is supported by MAP65
and WSPR. SimJT is a utility program that generates simulated signals
for test purposes. All of the programs are available free of charge,
licensed under the GNU General Public License. Installation packages
for WSJT-X are available for Windows, Linux, and OS X; WSJT and WSPR
have Windows and Linux packages, and MAP65 and SimJT are Windows only.
For further details about source code and operating systems, see the
Program Development page.
www/firefox: Update to 147.0.1
Changelog:
147.0.1:
Fixed
* Fixed compatibility problems with websites that use the new Compression
Dictionaries technology, such as ChatGPT, by temporarily disabling the
feature. (Bug 2010712)
* Fixed an issue where an unnecessary empty directory was created on Linux
systems. (Bug 2001887)
* Fixed an issue where time formats could cause certain websites to display
incorrectly. (Bug 2010411)
147.0:
New
[64 lines not shown]
