NetBSD/pkgsrc hjrh0gndoc CHANGES-2026

   doc: Updated textproc/expat to 2.7.5
VersionDeltaFile
1.1786+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc MAdQJNEtextproc/expat distinfo Makefile

   expat: update to 2.7.5.

   Ok maya@

   Release 2.7.5 Tue March 17 2026
           Security fixes:
              #1158  CVE-2026-32776 -- Fix NULL function pointer dereference for
                       empty external parameter entities; it takes use of both
                       functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
        #1161 #1162  CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START
                       infinite loop in function entityValueProcessor; it takes
                       use of both functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
              #1163  CVE-2026-32778 -- Fix NULL dereference in function setContext
                       on retry after an earlier ouf-of-memory condition; it takes
                       use of function XML_ParserCreateNS or XML_ParserCreate_MM

    [31 lines not shown]
VersionDeltaFile
1.57+4-4textproc/expat/distinfo
1.63+2-2textproc/expat/Makefile
+6-62 files

NetBSD/pkgsrc dUPsAgsdoc pkg-vulnerabilities

   Ajust patterns for xen*418 and xen*420; all known vulnerabilities are fixed
   in the latest version
VersionDeltaFile
1.751+19-19doc/pkg-vulnerabilities
+19-191 files

NetBSD/pkgsrc TmCrzZBdoc CHANGES-2026

   Updated sysutils/xenkernel418 to 20260317
   Updated sysutils/xentools418 to 20260317
VersionDeltaFile
1.1785+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc m6e2Bm7sysutils/xenkernel418 distinfo Makefile, sysutils/xenkernel418/patches patch-xsa475-1

   Update xenkernel418 and xentools418 to 20260317

   Changes since 20250701: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481
VersionDeltaFile
1.10+4-6sysutils/xenkernel418/distinfo
1.7+4-4sysutils/xentools418/version.mk
1.10+4-4sysutils/xentools418/distinfo
1.7+2-2sysutils/xenkernel418/Makefile
1.11+1-2sysutils/xentools418/Makefile
1.2+1-1sysutils/xenkernel418/patches/patch-xsa475-1
+16-191 files not shown
+17-207 files

NetBSD/pkgsrc Hz54Gh4doc CHANGES-2026

   doc: Updated security/libssh to 0.114
VersionDeltaFile
1.1784+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc RLvJyAVdoc pkg-vulnerabilities

   pkg-vulnerabilities: mark libssh vulns as fixed and adjust versions.

   We package libssh-0.11.4 as 0.114, for historical reasons, as mentioned
   in the package Makefile. Thus, 'libssh<0.11.2' never fires, so adjust
   all the 0.11.x vulnerabilities accordingly.
VersionDeltaFile
1.750+10-10doc/pkg-vulnerabilities
+10-101 files

NetBSD/pkgsrc N2D70hlsecurity/libssh distinfo Makefile, security/libssh/patches patch-tests_CMakeLists.txt patch-tests_client_torture__session.c

   libssh: update to 0.11.4

   This is a stable release in the 0.11 series. There is also 0.12.0
   available, but this has less potential for breakage, I assume.

   version 0.11.4 (released 2026-02-10)
    * Security:
      * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
        on Windows
      * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
      * CVE-2026-0965: Possible Denial of Service when parsing unexpected
        configuration files
      * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
      * CVE-2026-0967: Specially crafted patterns could cause DoS
      * CVE-2026-0968: OOB Read in sftp_parse_longname()
      * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
        extensions
    * Stability and compatibility improvements of ProxyJump


    [31 lines not shown]
VersionDeltaFile
1.3+5-27security/libssh/patches/patch-tests_CMakeLists.txt
1.35+5-8security/libssh/distinfo
1.56+3-4security/libssh/Makefile
1.23+2-2security/libssh/PLIST
1.2+1-1security/libssh/patches/patch-tests_client_torture__session.c
1.2+1-1security/libssh/patches/patch-tests_unittests_torture__misc.c
+17-431 files not shown
+17-437 files

NetBSD/pkgsrc rpSfAeScomms/libhidapi distinfo DESCR, comms/libhidapi/patches patch-netbsd_hid.c

   libhidapi: reduce diffs from ustream implementation.

   Tested with ch32fun and UIAPduino on NetBSD/i386 10.1 with
   both ohci and xhci.
   Also sync DESCR with the latest version.
VersionDeltaFile
1.2+12-9comms/libhidapi/patches/patch-netbsd_hid.c
1.11+2-2comms/libhidapi/distinfo
1.2+2-1comms/libhidapi/DESCR
+16-123 files

NetBSD/pkgsrc nh1AQO6doc CHANGES-2026

   Updated sysutils/xenkernel420 to 20260317
   Updated sysutils/xentools420 to 20260317
   Updated sysutils/xenstoretools to 20260317
VersionDeltaFile
1.1783+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc V49rAJcsysutils/xenkernel420 distinfo, sysutils/xenstoretools Makefile

   Update xenkernel420, xentools420 and xenstoretools to 20260317.
   Changes since 20251113: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481
VersionDeltaFile
1.3+5-5sysutils/xentools420/version.mk
1.4+4-4sysutils/xentools420/distinfo
1.4+4-4sysutils/xenkernel420/distinfo
1.32+1-2sysutils/xenstoretools/Makefile
1.7+1-2sysutils/xentools420/Makefile
+15-175 files

NetBSD/pkgsrc 3MtKTKjmultimedia/gst-plugins1-bad PLIST.Linux

   gst-plugins1-bad: PLIST.Linux: sync
VersionDeltaFile
1.10+22-1multimedia/gst-plugins1-bad/PLIST.Linux
+22-11 files

NetBSD/pkgsrc gwnPj2weditors/vim-share Makefile.common

   vim-share: Link with libnsl on SunOS.
VersionDeltaFile
1.171+2-1editors/vim-share/Makefile.common
+2-11 files

NetBSD/pkgsrc p032pgFeditors/dte Makefile distinfo, editors/dte/patches patch-src_convert.c

   dte: Fix iconv usage.
VersionDeltaFile
1.1+31-0editors/dte/patches/patch-src_convert.c
1.7+3-1editors/dte/Makefile
1.7+2-1editors/dte/distinfo
+36-23 files

NetBSD/pkgsrc KXljFB8devel/xmake distinfo, devel/xmake/patches patch-defs.h

   xmake: Fix implicit decl of bcopy(3).
VersionDeltaFile
1.1+14-0devel/xmake/patches/patch-defs.h
1.6+2-1devel/xmake/distinfo
+16-12 files

NetBSD/pkgsrc gvTJcS5editors/ce distinfo, editors/ce/patches patch-celibc.h

   ce: Fix implicit decl of bcopy(3).
VersionDeltaFile
1.1+20-0editors/ce/patches/patch-celibc.h
1.14+2-1editors/ce/distinfo
+22-12 files

NetBSD/pkgsrc Vaki2H4devel/locktests distinfo, devel/locktests/patches patch-locktests.c

   locktests: Fix building with recent GCC.
VersionDeltaFile
1.1+15-0devel/locktests/patches/patch-locktests.c
1.5+2-1devel/locktests/distinfo
+17-12 files

NetBSD/pkgsrc 7DIt5Aidevel/libast distinfo, devel/libast/patches patch-include_libast__internal.h

   libast: Fix implicit declaration of rindex(3).
VersionDeltaFile
1.1+14-0devel/libast/patches/patch-include_libast__internal.h
1.9+2-1devel/libast/distinfo
+16-12 files

NetBSD/pkgsrc JOJJyLFdevel/libtai distinfo, devel/libtai/patches patch-easter.c patch-yearcal.c

   libtai: Fix building with recent GCC.
VersionDeltaFile
1.1+23-0devel/libtai/patches/patch-easter.c
1.1+23-0devel/libtai/patches/patch-yearcal.c
1.1+20-0devel/libtai/patches/patch-leapsecs.c
1.1+20-0devel/libtai/patches/patch-check.c
1.1+20-0devel/libtai/patches/patch-nowutc.c
1.12+7-2devel/libtai/distinfo
+113-21 files not shown
+117-57 files

NetBSD/pkgsrc jr4vo7Vx11/gtk4 Makefile

   gtk4: Link against libsocket on SunOS
VersionDeltaFile
1.72+3-1x11/gtk4/Makefile
+3-11 files

NetBSD/pkgsrc LkfiX2gdoc CHANGES-2026

   doc: Updated net/yt-dlp-ejs to 0.7.0
VersionDeltaFile
1.1782+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc DVauB7Rnet/yt-dlp-ejs distinfo Makefile

   yt-dlp-ejs: update to 0.7.0.

   Reqired by current yt-dlp package.
VersionDeltaFile
1.7+4-4net/yt-dlp-ejs/distinfo
1.9+2-2net/yt-dlp-ejs/Makefile
+6-62 files

NetBSD/pkgsrc fgoRYOadevel/ldpc distinfo, devel/ldpc/patches patch-distrib.c patch-make-gen.c

   ldpc: Fix implicit function declarations.
VersionDeltaFile
1.1+14-0devel/ldpc/patches/patch-distrib.c
1.1+14-0devel/ldpc/patches/patch-make-gen.c
1.7+3-1devel/ldpc/distinfo
+31-13 files

NetBSD/pkgsrc GT2I8icdevel/acunia-jam distinfo, devel/acunia-jam/patches patch-ac patch-jam.c

   acunia-jam: Fix building with recent GCC.
VersionDeltaFile
1.2+19-3devel/acunia-jam/patches/patch-ac
1.1+14-0devel/acunia-jam/patches/patch-jam.c
1.1+14-0devel/acunia-jam/patches/patch-mkjambase.c
1.9+4-2devel/acunia-jam/distinfo
+51-54 files

NetBSD/pkgsrc yqg4ijvdoc CHANGES-2026

   doc: Updated net/powerdns-recursor to 5.4.0
VersionDeltaFile
1.1781+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc lJ7JNjnnet/powerdns-recursor distinfo cargo-depends.mk

   net/powerdns-recursor: Update to version 5.4.0

   From Marcin Gondek via wip.

   Changelogs for 5.4.X
   Before upgrading, it is advised to read the Upgrade Guide.

   5.4.0
   Released: 9th of March 2026 with no changes since 5.4.0-rc1 except the version.

   5.4.0-rc1
   Released: 17th of February 2026
   Improvements
   Harmonize with dnsdist PR #16741 with respect to OpenTelemetry instance name.
   References: pull request 16756
   Coverity 1644498 Variable copied when it could be moved.
   References: pull request 16784
   Opentelemetry: add flags field in TRACEPARENT EDNS option.
   References: pull request 16786

    [217 lines not shown]
VersionDeltaFile
1.48+193-181net/powerdns-recursor/distinfo
1.3+63-59net/powerdns-recursor/cargo-depends.mk
1.57+2-2net/powerdns-recursor/Makefile
+258-2423 files

NetBSD/pkgsrc N43g9iodoc CHANGES-2026

   doc: Updated textproc/prose to 0.6.2
VersionDeltaFile
1.1780+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc WwQ3BmEtextproc/prose distinfo cargo-depends.mk

   textproc/prose: update to 0.6.2

    - No ChangeLog provided.
VersionDeltaFile
1.11+115-85textproc/prose/distinfo
1.9+37-27textproc/prose/cargo-depends.mk
1.11+2-2textproc/prose/Makefile
+154-1143 files

NetBSD/pkgsrc WciIH2Ldoc CHANGES-2026

   doc: Updated devel/difftastic to 0.68.0
VersionDeltaFile
1.1779+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 3e2kcfAdevel/difftastic distinfo cargo-depends.mk

   devel/difftastic: update to 0.68.0

   Git Support
    - Fixed an issue where git with difftastic would terminate with fatal: external diff died when there was an unmerged path.

   Parsing
    - Updated Bash, C, Go, Lua, Nix, Perl, Python, Rust, Scala, Swift and YAML parsers.
    - Fixed an issue with parsing raw string literals in Rust.

   Build
    - Difftastic now requires Rust 1.77 or later to build.
    - Difftastic no longer uses jemalloc on any Windows builds. Previously jemalloc was only disabled for MSVC.

   Command Line Interface
    - Improved error reporting when invoked with an invalid number of arguments.

   Display
    - Fixed an issue with inline display where it didn't always respect the value of --context.
    - Fixed an issue with side-by-side rendering when files contain tabs.
VersionDeltaFile
1.43+64-58devel/difftastic/distinfo
1.34+20-18devel/difftastic/cargo-depends.mk
1.44+3-3devel/difftastic/Makefile
+87-793 files