NetBSD/pkgsrc TKNoGPVmultimedia/libaom distinfo, multimedia/libaom/patches patch-aom__ports_ppc__cpudetect.c

   multimedia/libaom: restore buildability on NetBSD/macppc.

   Re-apply fix for "So far no dynamic CPU feature detection on NetBSD".
VersionDeltaFile
1.5+5-3multimedia/libaom/patches/patch-aom__ports_ppc__cpudetect.c
1.31+2-2multimedia/libaom/distinfo
+7-52 files

NetBSD/pkgsrc VaVR9qrdoc CHANGES-2026

   doc: Updated net/libcares to 1.34.7
VersionDeltaFile
1.4297+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc fhZZsIinet/libcares distinfo Makefile

   libcares: update to 1.34.7.

   ## c-ares version 1.34.7 - July 6 2026

   This is a security release.

   Security:
   * CVE-2026-33630. Use-after-free / double-free in c-ares' query-completion
     handling, remotely triggerable via ares_getaddrinfo() over TCP. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
   * CPU-exhaustion denial of service via unbounded DNS name compression pointer
     chains. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-pjmc-gx33-gc76
   * Memory-amplification denial of service via unvalidated DNS header record
     counts. Please see
     https://github.com/c-ares/c-ares/security/advisories/GHSA-jv8r-gqr9-68wj

   Changes:
   * `ares_getaddrinfo()`: handle a NULL node per POSIX and implement

    [55 lines not shown]
VersionDeltaFile
1.47+4-4net/libcares/distinfo
1.55+2-2net/libcares/Makefile
1.36+2-2net/libcares/PLIST
+8-83 files

NetBSD/pkgsrc WqmixqYsecurity/ap-modsecurity2 Makefile distinfo, security/ap-modsecurity2/files README.pkgsrc

   ap-modsecurity2: Update to version 2.9.14

   Last version changes:

   02 Jul 2026 - 2.9.14
   --------------------

    * chore: fix cppcheck issues with v2.21.0
      [Issue #3593 - @airween]
    * fix: ctl:ruleRemoveTargetByTag not removing XML attribute targets
      [Issue #3592 - @fzipi]
    * Remove deprecated REQBODY_PROCESSOR_ERROR and REQBODY_PROCESSOR_ERROR_MSG
      [Issue #3578 - @hnakamur]
    * Re-apply lost fix 4f33f5b: collection_unpack value_len underflow regression
      [Issue #3560 - @g4mm4-VCF]

   28 Apr 2026 - 2.9.13
   --------------------


    [107 lines not shown]
VersionDeltaFile
1.1+26-0security/ap-modsecurity2/files/README.pkgsrc
1.76+13-12security/ap-modsecurity2/Makefile
1.13+4-6security/ap-modsecurity2/distinfo
1.9+2-1security/ap-modsecurity2/PLIST
1.4+1-1security/ap-modsecurity2/MESSAGE
1.2+1-1security/ap-modsecurity2/patches/patch-apache2_msc__crypt.c
+47-211 files not shown
+48-227 files

NetBSD/pkgsrc l2E4seMdoc CHANGES-2026

   doc: Updated security/ap-modsecurity2 to 2.9.14
VersionDeltaFile
1.4296+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc c4F3uxzdoc CHANGES-2026

   doc: Updated wayland/foot to 1.27.0
VersionDeltaFile
1.4295+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc swI2japwayland/foot distinfo Makefile, wayland/foot/patches patch-char32.c

   foot: update to 1.27.0

   1.27.0

   * url.style=none|single|double|curly|dotted|dashed option added,
     allowing you to configure how URL underlines are drawn. The default
     is dotted.
   * URL underlines are now dotted by default, instead of plain
     underlines. This can be changed with the new url.style option.
   * If the cursor foreground and background colors are identical, use
     the current cell's foreground and background colors (inverted),
     instead of the default foreground and background colors.

   Fixed:
   * Other output (key presses, query replies etc) being mixed with paste
     data, both interactive pastes and OSC-52.
   * Scrollback search not working correctly when the terminal
     application has enabled the kitty keyboard protocol with release
     event reporting.

    [4 lines not shown]
VersionDeltaFile
1.2+5-6wayland/foot/patches/patch-char32.c
1.2+5-5wayland/foot/distinfo
1.2+2-2wayland/foot/Makefile
+12-133 files

NetBSD/pkgsrc BmIuMutdevel/libepoll-shim builtin.mk buildlink3.mk

   libepoll-shim: add builtin.mk to skip on Linux

   libepoll-shim is required for systems that have kqueue but not epoll.
   Linux does have epoll, so it is (a) unnecessary and (b) doesn't build.

   The detection logic is currently hardcoded to Linux only; I suppose it
   could be improved further.
VersionDeltaFile
1.1+49-0devel/libepoll-shim/builtin.mk
1.3+7-1devel/libepoll-shim/buildlink3.mk
+56-12 files

NetBSD/pkgsrc PT31WQbdoc CHANGES-2026

   doc: Updated devel/lcov to 2.5
VersionDeltaFile
1.4294+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc oSMMmY6devel/lcov PLIST Makefile, devel/lcov/patches patch-Makefile

   lcov: update to 2.5.

   Changes from previous release:

       add support for --unreachable-script callback - to filter unreachable branch and MC/DC expressions
       update llvm2lcov to support llvm/22
       generate man and HTML format documentation from RST.
       various bug fixes and test coverage improvements
VersionDeltaFile
1.5+95-0devel/lcov/PLIST
1.1+15-0devel/lcov/patches/patch-Makefile
1.24+9-3devel/lcov/Makefile
1.11+5-4devel/lcov/distinfo
+124-74 files

NetBSD/pkgsrc 2SZ0HN1devel/aceunit Makefile

   devel/aceunit: Drop skipping vendor bash

   macOS has bash 3 builtin, and the tools platform used to accept that.
   Recently, tools bash was redefined to be >=4, and no longer uses macOS
   bash.

   The hack to avoid vendor bash was almost certainly about macOS, as I
   know of no other system with bash3, and I know of no other packge
   failures from bash 4.  On macOS, nothing will change; just a different
   reason not to use system baas.  On SmartOS, the package might use
   builtin bash 4, vs pkgsrc bash 5, but there's no reason to think
   that's a problem.
VersionDeltaFile
1.3+2-2devel/aceunit/Makefile
+2-21 files

NetBSD/pkgsrc qlE5iOagraphics/libjpeg-turbo Makefile buildlink3.mk

   libjpeg-turbo: fix linking; use system libz; bump revision
VersionDeltaFile
1.46+6-1graphics/libjpeg-turbo/Makefile
1.3+3-1graphics/libjpeg-turbo/buildlink3.mk
+9-22 files

NetBSD/pkgsrc pHy6bINdoc CHANGES-2026

   Updated devel/msgpack, editors/neovim
VersionDeltaFile
1.4293+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc gydpOnJeditors/neovim distinfo Makefile

   neovim: updated to 0.12.4

   0.12.4

   FEATURES
   - fec4045 lsp: clean up semantic token initialization and debounce
   - 55205b3 lsp: use LspNotify for semantic tokens

   PERFORMANCE
   - fded370 lsp: overscan semantic_token range requests
   - fa365ce treesitter: reduce memory usage of _select.lua

   FIXES
   - e57c37d api: nvim_buf_set_text resets changelist to 0
   - ea07b60 api: preserve ArrayOf metadata
   - 5ff4e14 cmdline: avoid redraw loop after wrapped line
   - a0d7e80 folds: foldcolumn is interrupted for virtual line above nested fold
   - a4cfded health: always set 'modifiable'
   - 7fd0f54 health: don't check node package via yarn

    [25 lines not shown]
VersionDeltaFile
1.27+4-4editors/neovim/distinfo
1.29+2-2editors/neovim/Makefile
+6-62 files

NetBSD/pkgsrc aKpA1Grdevel/msgpack distinfo Makefile

   msgpack: updated to 7.0.1

   7.0.1
   Set INSTALL_INTERFACE to CMAKE_INSTALL_INCLUDEDIR

   7.0.0
   Refine CI
   Updated cmake minimum required to 3.5-4.0
VersionDeltaFile
1.19+4-4devel/msgpack/distinfo
1.26+2-3devel/msgpack/Makefile
+6-72 files

NetBSD/pkgsrc xLGBB8Tdoc CHANGES-2026 TODO

   Updated textproc/mdbook, www/py-nh3, textproc/py-readme_renderer, net/py-responses
VersionDeltaFile
1.4292+5-1doc/CHANGES-2026
1.27550+1-3doc/TODO
+6-42 files

NetBSD/pkgsrc QaBALbGnet/py-responses distinfo Makefile

   py-responses: updated to 0.26.2

   0.26.2

   * Default headers (such as ``Content-Type``, ``Date`` and ``Server``) are now stripped
     from recorded files regardless of header name case. Previously, responses recorded from
     servers that send lowercase header names (for example over HTTP/2) kept these redundant
     headers in the generated file.
   * Fixed `query_param_matcher` mutating the caller's params dict when numeric
     values are provided.
VersionDeltaFile
1.42+4-4net/py-responses/distinfo
1.51+2-2net/py-responses/Makefile
+6-62 files

NetBSD/pkgsrc 927QHFKtextproc/py-readme_renderer distinfo Makefile

   py-readme_renderer: updated to 45.0

   45.0

   * Replace ``cmarkgfm`` with ``comrak``
   * Support footnotes in Markdown
   * Support inline link anchors
   * Allow ``class`` attribute on ``<pre>`` tags

   * Advertise support for Python 3.13
   * Remove support for Python 3.9, pypy 3.9, 3.10
   * Remove `python3` alias from Pygments
   * Fix test suite for Pygments update
   * Fix mypy annotations
   * Fix test failure with docutils 0.22
   * Fix package metadata
   * Fix ignored allowlists on ``clean()``
   * Don't abort reStructuredText rendering when a ``:scale:`` image can't be sized
   * Disable active input controls in rendered output

    [11 lines not shown]
VersionDeltaFile
1.14+4-4textproc/py-readme_renderer/distinfo
1.20+3-4textproc/py-readme_renderer/Makefile
+7-82 files

NetBSD/pkgsrc 9EOUHPhwww/py-nh3 distinfo cargo-depends.mk

   py-nh3: updated to 0.3.6

   0.3.6

   Validate clean_content_tags conflict with tags
   Document tag_attribute_values as alternate to attributes
   Add nh3.escape alias for clean_text
   Bump pyo3 from 0.28.3 to 0.29.0
   Expose ammonia's url_relative policy via url_relative kwarg
VersionDeltaFile
1.14+46-58www/py-nh3/distinfo
1.14+14-18www/py-nh3/cargo-depends.mk
1.16+4-4www/py-nh3/Makefile
+64-803 files

NetBSD/pkgsrc ddIuV1Htextproc/mdbook distinfo cargo-depends.mk

   mdbook: updated to 0.5.4

   mdBook 0.5.4

   Added

   - Added zoomable images feature.

   Changed

   - Updated dependencies.

   Fixed

   - Fixed layout bug with images in links.
   - Fixed previous-chapter nav hover overlapping sidebar resize handle.
   - Fixed missing LICENSE files in published crates.
   - Switched recommendation to linkcheck2 fork.
   - Fixed version in CI source install docs.
VersionDeltaFile
1.6+142-205textproc/mdbook/distinfo
1.5+46-67textproc/mdbook/cargo-depends.mk
1.6+3-3textproc/mdbook/Makefile
+191-2753 files

NetBSD/pkgsrc 3dLTdMwdoc CHANGES-2026 TODO

   doc: Updated security/openssh to 10.4p1
VersionDeltaFile
1.4291+2-1doc/CHANGES-2026
1.27549+2-1doc/TODO
+4-22 files

NetBSD/pkgsrc AWQOESasecurity/openssh distinfo Makefile

   openssh: update to 10.4p1.

   Changes since OpenSSH 10.3
   ==========================

   This release contains a number of security fixes as well as general
   bugfixes and a couple of new features.

   Security
   ========

    * sftp(1): when downloading files on the command-line using
      "sftp host:/path .", a malicious server could cause the file to
      be downloaded to an unexpected location. This issue was identified
      by the Swival Security Scanner.

    * scp(1): when copying files between two remote destinations, do
      not allow a malicious server to write files to the parent
      directory of the intended target directory.  This issue was

    [180 lines not shown]
VersionDeltaFile
1.131+4-4security/openssh/distinfo
1.293+2-2security/openssh/Makefile
+6-62 files

NetBSD/pkgsrc on2rne9x11/ocaml-lablgtk3 distinfo, x11/ocaml-lablgtk3/patches patch-tools_introspection_propcc.ml patch-tools_introspection_propcc.ml4

   ocaml-lablgtk3: fix build with ocaml-dune 3.24.0

   using patches from upstream merge ticket
VersionDeltaFile
1.1+16-0x11/ocaml-lablgtk3/patches/patch-tools_introspection_propcc.ml
1.1+16-0x11/ocaml-lablgtk3/patches/patch-tools_introspection_propcc.ml4
1.1+16-0x11/ocaml-lablgtk3/patches/patch-tools_propcc.ml
1.1+16-0x11/ocaml-lablgtk3/patches/patch-tools_propcc.ml4
1.9+5-1x11/ocaml-lablgtk3/distinfo
+69-15 files

NetBSD/pkgsrc gaTDgeOdoc CHANGES-2026

   Updated editors/xournalpp
VersionDeltaFile
1.4290+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc NrJAhVieditors/xournalpp Makefile distinfo, editors/xournalpp/patches patch-man_CMakeLists.txt

   xournalpp: updated to 1.3.5

   1.3.5

   This is a new minor version of Xournal++ with bug fixes and improvements from the community.

   Fixed crash when exiting after playing sound
   Fixed some button-to-tools configuration issues
   Fixed crash involving page background selection
   Added multidevice support for X11 palm rejection
   Reduced PDF cache retention for off-screen pages
   Fixed moving display when selecting "Fit to Screen"
   Fixed disabled "Merge layer" menu entry
   Fixed a concurrency crash when using layers
   Improved setting up environment on MacOS
   Fixed typos in some displayed strings
   Fixed "Missing background" display when missing PDF page
   Bumped dependency versions on MacOS and Windows
   Added Georgian translations
   Updated translations
VersionDeltaFile
1.101+12-21editors/xournalpp/Makefile
1.1+33-0editors/xournalpp/patches/patch-man_CMakeLists.txt
1.25+5-4editors/xournalpp/distinfo
1.9+2-1editors/xournalpp/PLIST
+52-264 files

NetBSD/pkgsrc hYwO3Kydevel/protobuf distinfo, devel/protobuf/patches patch-src_google_protobuf_io_zero_copy_stream_impl.cc

   protobuf: fix build with pkgsrc gcc-10

   Removing #define _POSIX_C_SOURCE 202405L is sufficient to fix the build
   with pkgsrc gcc10.

   This is for this bit of code:
   int robust_close(int fd) {
   #if defined(POSIX_CLOSE_RESTART)
     return posix_close(fd, 0);
   #else
     return close(fd);
   #endif
   }

   On most operating systems, posix_close doesn't exist anyway, so this code
   is all irrelevant:
   https://www.gnu.org/software/gnulib/manual/html_node/posix_005fclose.html
VersionDeltaFile
1.1+19-0devel/protobuf/patches/patch-src_google_protobuf_io_zero_copy_stream_impl.cc
1.102+2-1devel/protobuf/distinfo
+21-12 files

NetBSD/pkgsrc DwrvwKYdoc CHANGES-2026

   Updated graphics/librsvg, textproc/gtk-doc
VersionDeltaFile
1.4289+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc HolYrvbtextproc/gtk-doc Makefile distinfo

   gtk-doc: updated to 1.36.1

   GTK-Doc 1.36.1, 2026-04-10

   - scangobj: fix compilation warnings.
   - Some documentation updates.
   - Translation updates.


   GTK-Doc 1.36.0, 2026-03-10

   GTK-Doc can no longer be built with the Autotools:
     - You need to use Meson in order to build GTK-Doc.
     - Note that buildsystems/autotools/ is still there for GTK-Doc integration in
       projects using the Autotools.

   Meson:
     - Fix test-gobject-mkhtml unit test.
     - A few improvements.

    [5 lines not shown]
VersionDeltaFile
1.106+4-5textproc/gtk-doc/Makefile
1.32+4-4textproc/gtk-doc/distinfo
1.26+5-1textproc/gtk-doc/PLIST
+13-103 files

NetBSD/pkgsrc l7vy4sEgraphics/librsvg distinfo cargo-depends.mk, graphics/librsvg/patches patch-.._vendor_memchr-2.8.0_src_memchr.rs patch-.._vendor_memchr-2.8.0_src_memmem_searcher.rs

   librsvg: updated to 2.62.3

   Version 2.62.3

   librsvg crate version 2.62.3

   librsvg-rebind crate version 0.3.0

   - Remove loading limits from image-rs.  This means that raster
     images, when embedded in SVG documents, have no limits for their
     size or memory consumption.  The idea, for now, is that
     security-sensitive applications that use librsvg should do their own
     sandboxing if they want to impose memory limits.

   - Fix the logic for whether gdk-pixbuf-query-loaders should be run
     during cross-compilation.  Native builds can of course use it; cross
     builds can use it if they can run host binaries *and* an executable
     wrapper has been set *and* the target sysroot contains the
     corresponding gdk-pixbuf-query-loaders executable (Ross Burton).
VersionDeltaFile
1.74+459-387graphics/librsvg/distinfo
1.14+149-125graphics/librsvg/cargo-depends.mk
1.1+128-0graphics/librsvg/patches/patch-.._vendor_memchr-2.8.0_src_memchr.rs
1.1+78-0graphics/librsvg/patches/patch-.._vendor_memchr-2.8.0_src_memmem_searcher.rs
1.1+24-0graphics/librsvg/patches/patch-.._vendor_zune-jpeg-0.5.13_src_idct.rs
1.1+23-0graphics/librsvg/patches/patch-.._vendor_memchr-2.8.0_src_arch_aarch64_memchr.rs
+861-51214 files not shown
+937-53420 files

NetBSD/pkgsrc pghU93Dwww/php-nextcloud Makefile

   www/php-nextcloud: Update required php versions

   Upstream "documents" that >= php 8.5 is not ok.
VersionDeltaFile
1.88+3-4www/php-nextcloud/Makefile
+3-41 files