editors/micro: Update to 2.0.15
Changes:
New options:
- truecolor (supersedes the MICRO_TRUECOLOR environment variable)
- showchars (deprecates indentchar)
- lockbindings for completely disallowing plugins to modify
keybindings
- helpsplit for changing default split type for the help command
- pageoverlap for setting number of lines kept during page up/page
down
New actions:
- FirstTab, LastTab, FirstSplit and LastSplit
- Note: also changed the behavior of NextTab, PreviousTab,
NextSplit, PreviousSplit
- But adjusted the default keybindings so the default behavior
remains unchanged
[130 lines not shown]
math/bcal: Update to 2.5
Changes:
- remove dependency on external tools (bc, calc)
- support general purpose calculations (program option/prompt
switch 'b')
- arithmetic: addition, subtraction, multiplication, division,
modulo
- bitwise: AND (&), OR (|), XOR (^), complement (~), lshift (<<),
rshift (>>)
- functions: exp(n), log(base, n), ln(n) [natural log],
pow(n, exponent), root(radical, n)
- add program option/prompt switch p to show bit positions with bit
value of a number
- remove commas from input for general purpose calculations
Package now includes a test target.
net/exabgp: update to version 5.0.8.
Pkgsrc changes:
* Remove now-integrated patch.
* Update PLIST.
* Checksum updates.
Upstream changes:
Version 5.0.8:
* Fix: handle OPEN message with zero capabilities without crashing
Capabilities.unpack() read the parameter type byte before checking
whether the Optional Parameters Length was zero, raising IndexError
when a peer sent an OPEN with no optional parameters at all (a valid
single 0x00 byte payload per RFC 4271). The early-return guard sat
below the offending read so it never helped. Alternative to PR #1375.
Version 5.0.7:
* Fix: send zero-length capabilities in OPEN message (#1371)
[221 lines not shown]
www/chromium: update to 147.0.7727.55
* 147.0.7727.55
This update includes multiple security fixes. Please see the
Chrome Security Page for more information.
[$43000][493319454] Critical CVE-2026-5858: Heap buffer overflow in WebML.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17
[$43000][494158331] Critical CVE-2026-5859: Integer overflow in WebML.
Reported by Anonymous on 2026-03-19
[$11000][486495143] High CVE-2026-5860: Use after free in WebRTC.
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22
[$3000][486927780] High CVE-2026-5861: Use after free in V8.
Reported by 5shain on 2026-02-23
[TBD][470566252] High CVE-2026-5862: Inappropriate implementation in V8.
Reported by Google on 2025-12-21
[TBD][484527367] High CVE-2026-5863: Inappropriate implementation in V8.
Reported by Google on 2026-02-14
[111 lines not shown]
www/esbuild: update to 0.28.0
* 0.28.0
- Add support for with { type: 'text' } imports (#4435)
- Add integrity checks to fallback download path (#4343)
- Update the Go compiler from 1.25.7 to 1.26.1
* 0.27.7
- Fix lowering of define semantics for TypeScript parameter properties (#4421)
kitty: Fix serious bug in the setup.py patch.
Ensure candidates is a tuple, not a string. That single missing comma caused
builds on macOS to traverse the entire file system multiple times as:
for candidate in ('@PREFIX@/share/fonts/')
expands to e.g. ['/', 'o', 'p', 't', '/', ...], whereas:
for candidate in ('@PREFIX@/share/fonts/',)
correctly expands to e.g. ['/opt/pkg/share/fonts'].
