NetBSD/pkgsrc tZskjIAdoc CHANGES-2025

   doc: Updated net/openresolv to 3.17.1
VersionDeltaFile
1.7118+2-1doc/CHANGES-2025
+2-11 files

NetBSD/pkgsrc cInumNFnet/openresolv distinfo Makefile

   Import openresolv-3.17.1 with the following changes:

   resolvconf: Single quote parsed values from resolv.conf

   When parsing resolv.conf entries we build up shell variables.
   Because this is done via a pipe, we need to echo the variables
   to stdout and eval the result to get them into the main resolvconf.
   We have no idea what the values are, so we build up the output
   ensuring the parsed value is single quoted so eval will always
   interpret it as a string and nothing more.

   This avoids an attack like so:
        `echo 'search $(touch /tmp/foo)' | resolvconf -a bar`
VersionDeltaFile
1.34+4-4net/openresolv/distinfo
1.40+2-2net/openresolv/Makefile
+6-62 files

NetBSD/pkgsrc mGFTqWJwww/bozohttpd Makefile

   fix my email and reenable the home page.

   i had this lying around for ages.. oops.
VersionDeltaFile
1.103+3-3www/bozohttpd/Makefile
+3-31 files

NetBSD/pkgsrc y6dIOVMdoc CHANGES-2025

   doc: Updated emulators/nono to 1.6.4
VersionDeltaFile
1.7117+2-1doc/CHANGES-2025
+2-11 files

NetBSD/pkgsrc w7xGSlIemulators/nono distinfo Makefile

   nono: update to 1.6.4.

   1.6.4 (2025/12/08)

   m68k(Fix): "Fix SRP/URP register masks in 68040. This makes NetBSD newpmap kernel bootable."
   m68k(Fix): "Fix an issue where the lower 4 bits of SRP/CRP register in 68030 were cleared."
   m68k(Fix): "Fix memory accesses in PACK/UNPK instructions to a single word access."
   m68k(Update): "Implement several corner cases in 68030 PTEST instruction."
   m68k(Update): "Rewrite whole 68030 MMU and improve performance slightly."
   m68k(Update): "Improve 68030 ATC performance slightly."
   vm(Update): "Implement ESC D and ESC M in serial console emulation."
   host(Fix): "Fix an abnormal termination in usermode network."
   host(Fix): "Fix an issue that the application could not be terminated in usermode network."
   GUI(Update): "Improve the page table monitor."
   GUI(Fix): "Remove incorrect TT hit rate in 68030 ATC monitor since ver 1.6.3."
   debugger(Fix): "Fix an issue where different exceptions occurring consecutively at the same address were not recorded in Exception history."
   debugger(New): "Implement "pe" command."
VersionDeltaFile
1.44+4-4emulators/nono/distinfo
1.61+2-2emulators/nono/Makefile
+6-62 files

NetBSD/pkgsrc vdQJxBFdoc CHANGES-2025

   Updated lang/python31[34], lang/py31[34]-html-docs
VersionDeltaFile
1.7116+5-1doc/CHANGES-2025
+5-11 files

NetBSD/pkgsrc rsY4E6Plang/py314-html-docs distinfo Makefile, lang/python314 distinfo dist.mk

   python314 py314-html-docs: updated to 3.14.2

   Python 3.14.2

   Security

   gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
   gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

   Library

   gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions.

   gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).

   gh-142214: Fix two regressions in dataclasses in Python 3.14.1 related to annotations.

   An exception is no longer raised if slots=True is used and the __init__ method does not have an __annotate__ attribute (likely because init=False was used).
   An exception is no longer raised if annotations are requested on the __init__ method and one of the fields is not present in the class annotations. This can occur in certain dynamic scenarios.

    [6 lines not shown]
VersionDeltaFile
1.6+4-4lang/python314/distinfo
1.3+4-4lang/py314-html-docs/distinfo
1.3+2-2lang/python314/dist.mk
1.3+2-2lang/py314-html-docs/Makefile
+12-124 files

NetBSD/pkgsrc BQeNbZOlang/py313-html-docs distinfo Makefile, lang/python313 distinfo dist.mk

   python313 py313-html-docs: updated to 3.13.11

   Python 3.13.11

   Security

   gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
   gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
   gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.

   Library

   gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions.
   gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).

   Core and Builtins

   gh-142218: Fix crash when inserting into a split table dictionary with a non str key that matches an existing key.
VersionDeltaFile
1.12+4-4lang/py313-html-docs/distinfo
1.18+4-4lang/python313/distinfo
1.12+2-2lang/python313/dist.mk
1.12+2-2lang/py313-html-docs/Makefile
+12-124 files

NetBSD/pkgsrc 3KbDvsTdoc CHANGES-2025

   Updated sysutils/ansible-lint, www/py-django-allauth
VersionDeltaFile
1.7115+3-1doc/CHANGES-2025
+3-11 files

NetBSD/pkgsrc M7dFCJcwww/py-django-allauth distinfo Makefile

   py-django-allauth: updated to 65.13.1

   65.13.1

   Note worthy changes

   - Django 6.0 is now officially supported.

   Fixes

   - Internal imports related to headless token strategies were causing (harmless)
     deprecation warnings, fixed.

   - Pending social signups stored in the session by allauth versions prior to
     65.5.0 are not resumable by newer versions. This could cause 500s while
     upgrading, fixed.

   - Headless: the reauthentication-required response in the OpenAPI specification
     was wrongly nested and did not match the actual implementation, fixed.
VersionDeltaFile
1.21+4-4www/py-django-allauth/distinfo
1.24+2-2www/py-django-allauth/Makefile
+6-62 files

NetBSD/pkgsrc fnUALgssysutils/ansible-lint Makefile distinfo

   ansible-lint: updated to 25.12.1

   25.12.1

   Features

   feat(action): Allow users to override python_version

   Fixes

   fix: avoid stacktrace when ansible syntax check does not return filename
   fix: change setup-python action to specific commit
   fix: autofix comments missing space after hash

   Maintenance

   chore(deps): update all dependencies
   chore: pre-commit autoupdate
   chore: adopt pytest>=9.0.0 config
   chore(deps): update all dependencies
VersionDeltaFile
1.78+10-5sysutils/ansible-lint/Makefile
1.69+4-4sysutils/ansible-lint/distinfo
+14-92 files

NetBSD/pkgsrc PoSYQEtdoc CHANGES-2025

   Updated sysutils/ansible-core, sysutils/ansible
VersionDeltaFile
1.7114+3-1doc/CHANGES-2025
+3-11 files

NetBSD/pkgsrc kvXPT5Isysutils/ansible PLIST distinfo

   ansible: updated to 13.1.0

   13.1.0

   Major Changes

   vmware.vmware

   - Replace ``ansible.module_utils._text`` (https://github.com/ansible-collections/vmware.vmware/issues/268).
   - Replace ``ansible.module_utils.common._collections_compat`` (https://github.com/ansible-collections/vmware.vmware/issues/271).
VersionDeltaFile
1.62+849-590sysutils/ansible/PLIST
1.75+4-4sysutils/ansible/distinfo
1.102+3-3sysutils/ansible/Makefile
+856-5973 files

NetBSD/pkgsrc LTPDSbksysutils/ansible-core PLIST distinfo

   ansible-core: updated to 2.20.1

   v2.20.1

   Bugfixes

   - Fix ``AnsibleModule.human_to_bytes()``, which was never adjusted after the standalone ``human_to_bytes()`` got a new parameter ``default_unit`` (https://github.com/ansible/ansible/pull/85259).
   - Variable loading now uses file source instead of variables when invalidly formmated vars file is loaded.
   - ansible-test - The runtime-metadata sanity test now ignores pre-release and build identifiers in collection versions. This prevents errors if a tombstone version is ``X.0.0``, while the collection's version is ``X.0.0-prerelease`` (https://github.com/ansible/ansible/issues/85193)."
   - display - Fix ``getuser`` fallback error handling on Python 3.13 and later. (https://github.com/ansible/ansible/issues/86142)
   - first_found - Correct the "Include tasks only if one of the files exists, otherwise skip" example.
   - get_url - fix regex for GNU Digest line which is used in comparing checksums (https://github.com/ansible/ansible/issues/86132).
   - local connection - Fix ``getuser`` fallback error handling on Python 3.13 and later.

   v2.20.0

   Major Changes

   - ansible - Add support for Python 3.14.

    [2 lines not shown]
VersionDeltaFile
1.16+4-5sysutils/ansible-core/PLIST
1.46+4-4sysutils/ansible-core/distinfo
1.55+3-3sysutils/ansible-core/Makefile
+11-123 files

NetBSD/pkgsrc JLEyfu0doc pkg-vulnerabilities

   pkg-vulnerabilities: add recent MFSA

   + thunderbird, firefox
VersionDeltaFile
1.682+6-1doc/pkg-vulnerabilities
+6-11 files

NetBSD/pkgsrc F1C44rIdoc pkg-vulnerabilities

   pkg-vulnerabilities: add last day CVEs

   + libcares, mongodb, p5-Plack-Middleware-Session, powerdns-recursor
VersionDeltaFile
1.681+6-1doc/pkg-vulnerabilities
+6-11 files

NetBSD/pkgsrc tl8MR5kdoc CHANGES-2025

   Updated www/lua-resty-core, devel/libgsf
VersionDeltaFile
1.7113+3-1doc/CHANGES-2025
+3-11 files

NetBSD/pkgsrc Crv5buddevel/libgsf distinfo PLIST, devel/libgsf/patches patch-thumbnailer_main.c

   libgsf: updated to 1.14.54

   1.14.54
   * Fix ABR is msole properties code.
   * Up thumbnailer's memory limit to 512MB.
   * Various build fixes.
VersionDeltaFile
1.60+4-5devel/libgsf/distinfo
1.44+1-5devel/libgsf/PLIST
1.123+2-3devel/libgsf/Makefile
1.2+1-1devel/libgsf/patches/patch-thumbnailer_main.c
+8-144 files

NetBSD/pkgsrc Do1ZCocwww/lua-resty-core distinfo Makefile

   lua-resty-core: updated to 0.1.32

   0.1.32
   tests: test failed under checkleak mode.
VersionDeltaFile
1.7+4-4www/lua-resty-core/distinfo
1.9+2-2www/lua-resty-core/Makefile
1.3+2-1www/lua-resty-core/PLIST
+8-73 files

NetBSD/pkgsrc DS29nNcmeta-pkgs/lxqt Makefile

   lxqt: revbump for lxqt-notificationd
VersionDeltaFile
1.44+3-3meta-pkgs/lxqt/Makefile
+3-31 files

NetBSD/pkgsrc DORhGCAdoc CHANGES-2025

   doc: Updated x11/lxqt-notificationd to 2.3.1
VersionDeltaFile
1.7112+2-1doc/CHANGES-2025
+2-11 files

NetBSD/pkgsrc C7ohEyxx11/lxqt-notificationd distinfo Makefile

   x11/lxqt-notificationd: update to 2.3.1

   lxqt-notificationd-2.3.1 / 2025-12-04
   ======================================
    * Fixed an old bug that interfered with the time-out after the cursor left the notification window.
VersionDeltaFile
1.17+4-4x11/lxqt-notificationd/distinfo
1.44+2-3x11/lxqt-notificationd/Makefile
+6-72 files

NetBSD/pkgsrc IRVQ5x4doc CHANGES-2025

   doc: Updated graphics/viu to 1.6.0
VersionDeltaFile
1.7111+2-1doc/CHANGES-2025
+2-11 files

NetBSD/pkgsrc 7nKljqFgraphics/viu distinfo cargo-depends.mk

   graphics/viu: update to 1.6.0

    - Update dependencies, see viuer's CHANGELOG.md
    - Add icy_sixel feature flag
    - Add --caption flag
VersionDeltaFile
1.8+388-409graphics/viu/distinfo
1.6+128-135graphics/viu/cargo-depends.mk
1.10+2-2graphics/viu/Makefile
+518-5463 files

NetBSD/pkgsrc 3qbEQlmdoc CHANGES-2025

   doc: Updated net/powerdns-recursor to 5.3.3
VersionDeltaFile
1.7110+2-1doc/CHANGES-2025
+2-11 files

NetBSD/pkgsrc FMnhlrbnet/powerdns-recursor distinfo Makefile

   net/powerdns-recursor: Update to version 5.3.3

   Provided by Marcin Gondek in wip.

   5.3.3
   Released: 8th of December 2025
   Bug Fixes
   Fix PowerDNS Security Advisory 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor.
   References: pull request 16618

   5.3.2
   Released: Never released publicly
VersionDeltaFile
1.45+4-4net/powerdns-recursor/distinfo
1.51+2-2net/powerdns-recursor/Makefile
+6-62 files

NetBSD/pkgsrc 0krrXRPtextproc/align Makefile

   align: fix previous

   noted by jperkin, thanks
VersionDeltaFile
1.4+3-3textproc/align/Makefile
+3-31 files

NetBSD/pkgsrc ukcxJMEsysutils/extipl Makefile

   extipl: comment out dead site
VersionDeltaFile
1.16+2-3sysutils/extipl/Makefile
+2-31 files

NetBSD/pkgsrc IjXXqQZgames/exchess Makefile

   exchess: update HOMEPAGE
VersionDeltaFile
1.21+2-2games/exchess/Makefile
+2-21 files

NetBSD/pkgsrc zDfbjqisysutils/eventlog Makefile

   eventlog: comment out dead site
VersionDeltaFile
1.5+2-2sysutils/eventlog/Makefile
+2-21 files