NetBSD/pkgsrc cTxkIRtdoc CHANGES-2026

   doc: Updated www/libcurl-gnutls to 8.19.0
VersionDeltaFile
1.1675+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 06A2Qxxwww/libcurl-gnutls Makefile

   libcurl-gnutls: update to 8.19.0.

   Match curl.
VersionDeltaFile
1.23+1-2www/libcurl-gnutls/Makefile
+1-21 files

NetBSD/pkgsrc gvVjd9Odoc CHANGES-2026

   doc: Updated www/curl to 8.19.0
VersionDeltaFile
1.1674+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 51uwF0Xwww/curl distinfo Makefile.common

   curl: update to 8.19.0.

   curl and libcurl 8.19.0

    Public curl releases:         273
    Command line options:         273
    curl_easy_setopt() options:   308
    Public functions in libcurl:  100
    Contributors:                 3619

   This release includes the following changes:

    o we stopped the bug bounty [23]
    o cmake: add `CURL_BUILD_EVERYTHING` option [51]
    o initial support for MQTTS [81]
    o tool: support fractions for --limit-rate and --max-filesize [79]
    o tool_cb_hdr: with -J, use the redirect name as a backup [147]
    o vquic: drop support for OpenSSL-QUIC [80]
    o windows: add build option to use the native CA store [82]

    [268 lines not shown]
VersionDeltaFile
1.223+4-4www/curl/distinfo
1.35+2-2www/curl/Makefile.common
1.305+1-2www/curl/Makefile
+7-83 files

NetBSD/pkgsrc n1DvFwXconverters/py-chardet Makefile

   py-chardet: mention that this shouldn't be updated to 7.x for now
VersionDeltaFile
1.38+4-1converters/py-chardet/Makefile
+4-11 files

NetBSD/pkgsrc mHYDsbWdoc CHANGES-2026

   Updated security/adguardhome, devel/py-configargparse
VersionDeltaFile
1.1673+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc otz5HsHdevel/py-configargparse distinfo Makefile

   py-configargparse: updated to 1.7.5

   1.7.5
   Slightly simplified PyPI deployment workflow via setuptools-scm
VersionDeltaFile
1.23+4-4devel/py-configargparse/distinfo
1.26+4-3devel/py-configargparse/Makefile
+8-72 files

NetBSD/pkgsrc iTRfCZ6security/adguardhome distinfo Makefile

   adguardhome: updated to 0.107.73

   0.107.73

   Security

   Authentication is now applied to requests that have been upgraded from HTTP/2 Cleartext (H2C) requests to public resources.
VersionDeltaFile
1.6+7-7security/adguardhome/distinfo
1.12+2-3security/adguardhome/Makefile
+9-102 files

NetBSD/pkgsrc W7uOplymath/R Makefile PLIST

   (math/R) Trying to fix PLIST on Darwin
VersionDeltaFile
1.280+6-1math/R/Makefile
1.44+2-1math/R/PLIST
+8-22 files

NetBSD/pkgsrc 62IfcKadoc CHANGES-2026

   doc: Updated graphics/giflib-util to 6.1.2
VersionDeltaFile
1.1672+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc v0amljedoc CHANGES-2026

   doc: Updated graphics/giflib to 6.1.2
VersionDeltaFile
1.1671+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc P9yH2T4graphics/giflib distinfo Makefile, graphics/giflib-util PLIST Makefile

   giflib*: update to 6.1.2

   Version 6.1.2
   =============

   Code Fixes
   ----------

   * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
     but not the core library - library clients need not be alarned.

   Version 6.1.1
   =============

   This release bumps the major version, but only one entry point -
   EGifSpew() - has changed signature and behavior (in order to be able
   to pass out a detailed error code). The internal error
   codes in the E_GIF_ERR series have changed value so none of them
   collides with GIF_ERROR.

    [66 lines not shown]
VersionDeltaFile
1.10+42-49graphics/giflib/patches/patch-Makefile
1.32+5-6graphics/giflib/distinfo
1.61+4-4graphics/giflib/Makefile
1.17+4-2graphics/giflib/Makefile.common
1.7+1-2graphics/giflib-util/PLIST
1.17+1-2graphics/giflib-util/Makefile
+57-651 files not shown
+58-667 files

NetBSD/pkgsrc qJAeM1Ytextproc/rumdl Makefile

   textproc/rumdl: Add note on MSRV
VersionDeltaFile
1.18+2-1textproc/rumdl/Makefile
+2-11 files

NetBSD/pkgsrc sZHDqm1doc CHANGES-2026

   doc: Updated shells/oh-my-posh to 29.8.0
VersionDeltaFile
1.1670+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc FeoMfFQshells/oh-my-posh distinfo go-modules.mk

   shells/oh-my-posh: update to 29.8.0

   Bug Fixes

       spotify: use correct D-Bus interface name on Linux (3c44733), closes #7365
       theme: align socials icons and add bluesky instead of at (8857a5c)
       zsh: prevent stream process from inheriting parent stdin (40164ef)

   Features

       lint markfown with vale (57df69a)
VersionDeltaFile
1.294+16-16shells/oh-my-posh/distinfo
1.122+4-4shells/oh-my-posh/go-modules.mk
1.322+2-3shells/oh-my-posh/Makefile
+22-233 files

NetBSD/pkgsrc 0clsKwGdoc CHANGES-2026

   doc: Updated net/xfr to 0.9.3
VersionDeltaFile
1.1669+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 51G5Inpnet/xfr distinfo cargo-depends.mk

   net/xfr: update to 0.9.3

   Added

    - Server --bind flag (#38) — xfr serve --bind <IP> binds TCP, QUIC, and UDP data listeners to a specific address.
      Validates against -4/-6 flags and rejects unspecified addresses (::, 0.0.0.0).

   Changed

    - Server sends random payloads (#34) — server-side TCP and UDP send paths now use random bytes by default in
      reverse and bidirectional modes, matching the client's default-on behavior.

   Fixed

    - QUIC dual-stack on Windows (#39) — QUIC server endpoint now creates its UDP socket via socket2 with explicit
      IPV6_V6ONLY handling instead of relying on Quinn's Endpoint::server(). On Windows/macOS where IPV6_V6ONLY defaults
      to true, binding to [::] would only accept IPv6 connections.
    - Server random payload on single-port TCP reverse (#34) — the single-port TCP handler (DataHello path used by all
      modern clients) was missing random_payload = true, causing reverse-mode downloads to still send zeros.

    [4 lines not shown]
VersionDeltaFile
1.5+28-28net/xfr/distinfo
1.5+8-8net/xfr/cargo-depends.mk
1.5+2-2net/xfr/Makefile
+38-383 files

NetBSD/pkgsrc 4xA4YoSdoc CHANGES-2026

   doc: Updated devel/ast-grep to 0.41.1
VersionDeltaFile
1.1668+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ZRSX72Ndevel/ast-grep distinfo cargo-depends.mk, devel/ast-grep/patches patch-.._vendor_mio-1.0.3_src_sys_unix_selector_kqueue.rs

   devel/ast-grep: update to 0.41.1

    - fix: lsp on change encounter deadlock #2511
    - chore(deps): update dependency oxlint to v1.51.0 #2512
    - chore(deps): update rust crate tempfile to v3.26.0 #2497
    - chore(deps): update rust crate inquire to v0.9.4 #2498
    - chore(deps): update dependency @types/node to v24.11.0 #2502
    - chore(deps): update dependency dprint to v0.52.0 #2499
    - fix: override severity on rule & inline-rules flags #2505
    - chore(deps): update github artifact actions #2507
    - chore(deps): update rust crate tree-sitter to v0.26.6 #2501
    - chore(deps): update dependency web-tree-sitter to v0.26.6 #2500
    - chore(deps): update dependency ava to v7 #2508
    - chore(deps): update dependency oxlint to v1.50.0 #2495
    - chore(deps): update dependency @ast-grep/napi to v0.41.0 #2494
    - fix: bump ls-types version #2525
    - refactor: change versioned ast work a86b2ab
    - fix: bump wasm-bindgen d23e334
    - fix: fix wasm package 0b92e94
VersionDeltaFile
1.78+349-332devel/ast-grep/distinfo
1.73+115-109devel/ast-grep/cargo-depends.mk
1.78+2-2devel/ast-grep/Makefile
1.2+1-1devel/ast-grep/patches/patch-.._vendor_mio-1.0.3_src_sys_unix_selector_kqueue.rs
+467-4444 files

NetBSD/pkgsrc 7fcqemrdoc CHANGES-2026

   Updated lang/quickjs to 20251222
VersionDeltaFile
1.1667+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc xvMdAQ7doc CHANGES-2026

   Updated www/freenginx-devel to 1.29.6
VersionDeltaFile
1.1666+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc zoLLVwawww/freenginx-devel distinfo Makefile

   www/freenginx-devel: update from 1.29.5 to 1.29.6

   Sponsored by:        tipi.work

   <ChangeLog>

   *) Bugfix: incorrect "upstream server temporarily disabled" messages
      might be logged when using variables in the "proxy_pass" directive.

   *) Bugfix: retrying a request to the next gRPC upstream server might not
      work correctly.
      Thanks to David Carlier.

   *) Bugfix: a segmentation fault might occur in a worker process if the
      ngx_http_xslt_filter_module was used.

   *) Bugfix: a segmentation fault might occur in a worker process if the
      ngx_http_mp4_module was used.


    [6 lines not shown]
VersionDeltaFile
1.4+4-4www/freenginx-devel/distinfo
1.6+2-2www/freenginx-devel/Makefile
+6-62 files

NetBSD/pkgsrc zFHVyHnlang/quickjs Makefile distinfo, lang/quickjs/patches patch-Makefile patch-quickjs.c

   lang/quickjs: update to the recent snapshot

   While I'm here enable building/installing a shared library, it may
   require to build nginx javascript module.

   Discussed:   https://mail-index.netbsd.org/pkgsrc-users/2026/03/05/msg042691.html
VersionDeltaFile
1.8+35-6lang/quickjs/patches/patch-Makefile
1.7+3-14lang/quickjs/patches/patch-quickjs.c
1.18+6-6lang/quickjs/Makefile
1.15+6-6lang/quickjs/distinfo
1.4+4-2lang/quickjs/buildlink3.mk
1.10+3-3lang/quickjs/PLIST
+57-376 files

NetBSD/pkgsrc v7dRrZ9doc CHANGES-2026

   doc: Added security/cargo-auditable version 0.7.4
VersionDeltaFile
1.1665+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc NEUn3ghsecurity Makefile

   Add cargo-auditable
VersionDeltaFile
1.1000+2-1security/Makefile
+2-11 files

NetBSD/pkgsrc uy6EI1Bsecurity/cargo-auditable distinfo cargo-depends.mk

   security/cargo-auditable: import package

   Know the exact crate versions used to build your Rust executable. Audit binaries
   for known bugs or security vulnerabilities in production, at scale, with zero
   bookkeeping.

   This works by embedding data about the dependency tree in JSON format into a
   dedicated linker section of the compiled executable.
VersionDeltaFile
1.1+290-0security/cargo-auditable/distinfo
1.1+97-0security/cargo-auditable/cargo-depends.mk
1.1+27-0security/cargo-auditable/Makefile
1.1+6-0security/cargo-auditable/DESCR
1.1+3-0security/cargo-auditable/PLIST
+423-05 files

NetBSD/pkgsrc fAgygDtdoc CHANGES-2026

   doc: Updated devel/cargo-nextest to 0.9.130
VersionDeltaFile
1.1664+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc SOkyh5idevel/cargo-nextest distinfo cargo-depends.mk

   devel/cargo-nextest: update to 0.9.130

   Added

       Nextest now sets several new environment variables for tests and setup scripts: (#3103)
           NEXTEST_VERSION: the current nextest version as a semver string.
           NEXTEST_REQUIRED_VERSION and NEXTEST_RECOMMENDED_VERSION: the minimum required and recommended nextest versions from the repository's nextest-version configuration. If not configured, the value is "none".
           NEXTEST_TEST_THREADS: the computed number of test threads for this run.
           NEXTEST_WORKSPACE_ROOT: the absolute path to the workspace root (respects --workspace-remap).

       Nextest now sets CARGO_BIN_EXE_<name> at runtime for integration tests and benchmarks, matching cargo test in Rust 1.94 and above. Nextest sets this variable on all Rust versions. (#3137)

       Previously, nextest only set NEXTEST_BIN_EXE_<name>, which remains available (and, with underscores, continues to be the recommended form). The CARGO_BIN_EXE_<name> form improves compatibility with tests written for cargo test.

   Changed

       The automatic migration of recorded test runs from the cache directory to the state directory, introduced in version 0.9.126, has been removed. Records in the old cache directory location will no longer be migrated. (#3101)

   Fixed

    [9 lines not shown]
VersionDeltaFile
1.14+67-67devel/cargo-nextest/distinfo
1.14+21-21devel/cargo-nextest/cargo-depends.mk
1.18+2-2devel/cargo-nextest/Makefile
+90-903 files

NetBSD/pkgsrc Y0m2xuzdoc CHANGES-2026

   doc: Updated sysutils/fd-find to 10.4.2
VersionDeltaFile
1.1663+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc zL2RFkNsysutils/fd-find distinfo Makefile

   sysutils/fd-find: update to 10.4.2

   Bugfixes
    - Fixed performance regression due to --ignore-contain; see #1913 and #1914
VersionDeltaFile
1.18+4-4sysutils/fd-find/distinfo
1.19+2-2sysutils/fd-find/Makefile
1.14+0-0sysutils/fd-find/cargo-depends.mk
+6-63 files