NetBSD/pkgsrc lDgkqqGmk/tools tools.Darwin.mk

   tools: Do not allow system bash on Darwin

   It's 3.2.57, and that's often not adequate.

   As proposed/discussed on tech-pkg@ and delayed until branch.
VersionDeltaFile
1.68+5-2mk/tools/tools.Darwin.mk
+5-21 files

NetBSD/pkgsrc xE1YRL8doc CHANGES-2026 TODO

   Updated devel/py-uv[-build]
VersionDeltaFile
1.4129+3-1doc/CHANGES-2026
1.27518+1-2doc/TODO
+4-32 files

NetBSD/pkgsrc lPr04xJdevel/py-uv distinfo cargo-depends.mk, devel/py-uv-build distinfo

   py-uv py-uv-build: updated to 0.11.25

   0.11.25

   Security

   This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

   See the upstream commits for a full list of changes.

   Enhancements

   Add a full "lockfile" to tool receipts
   Allow scoped overrides to add dependencies
   Avoid writing redundant lockfile markers with tool.uv.environments
   Factor supported environments out of lockfile markers
   Recommend our own build backend in the build frontend
   Reject wheels with multiple .dist-info directories
   Simplify dependency markers under parent reachability

    [17 lines not shown]
VersionDeltaFile
1.30+40-28devel/py-uv-build/distinfo
1.29+40-28devel/py-uv/distinfo
1.27+12-8devel/py-uv/cargo-depends.mk
1.31+2-2devel/py-uv/Makefile.common
+94-664 files

NetBSD/pkgsrc HvByfchcross/ppc-morphos-gcc Makefile PLIST, cross/ppc-morphos-gcc/files dummy.o

   cross/ppc-morphos-gcc: Add evil hack to make libatomic work
VersionDeltaFile
1.6+14-3cross/ppc-morphos-gcc/Makefile
1.3+5-1cross/ppc-morphos-gcc/PLIST
1.1+0-0cross/ppc-morphos-gcc/files/dummy.o
+19-43 files

NetBSD/pkgsrc 5V46MWacross/ppc-morphos-binutils Makefile, cross/ppc-morphos-gcc Makefile

   Fix cross/ppc-morphos-binutils not adding sdkid
VersionDeltaFile
1.5+3-2cross/ppc-morphos-gcc/Makefile
1.13+3-2cross/ppc-morphos-binutils/Makefile
+6-42 files

NetBSD/pkgsrc rZNlfkndoc CHANGES-2026

   Updated net/icinga2, databases/postgresql-timescaledb
VersionDeltaFile
1.4128+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc aBXcMZcdatabases/postgresql-timescaledb distinfo PLIST

   postgresql-timescaledb: updated to 2.28.1

   2.28.1

   This release contains performance improvements and bug fixes since the 2.28.0 release. We recommend that you upgrade at the next available opportunity.

   2.28.0

   Highlighted features in TimescaleDB v2.28.0

   Faster first() and last() queries on compressed data. TimescaleDB derives first(value, time) and last(value, time) aggregates straight from the columnstore's batch metadata, skipping batch decompression entirely. For the "latest reading per series" lookups that time-series workloads run constantly, that means meaningfully faster recency queries with no changes to your SQL queries.
   Lighter, less disruptive continuous aggregate refreshes. refresh_continuous_aggregate() can now run incrementally in batches — the same behavior refresh policies already use — enabling breaking large manual refreshes into smaller chunks (tunable via buckets_per_batch, max_batches_per_execution, and refresh_newest_first) instead of one heavy operation. Refreshes also now take a lighter lock while processing the invalidation log, so they no longer block unrelated concurrent operations on the same continuous aggregate, improving behavior for concurrent workloads.
   Vectorized execution now covers CASE expressions. TimescaleDB's columnar executor can now evaluate CASE ... WHEN expressions directly on compressed data, so queries using conditional logic stay on the fast vectorized path instead of falling back to slower row-by-row decompression. This speeds up a common pattern — conditional aggregations and computed columns over compressed history — with no query changes needed.
   Add new aggregations to a continuous aggregate without rebuilding it. You can now run ALTER MATERIALIZED VIEW <cagg> ADD COLUMN <name> <type> GENERATED ALWAYS AS (<aggregate>) STORED to add a new computed aggregate to an existing continuous aggregate in place — no more dropping and recreating the whole aggregate just to track one more metric. New data populates the column going forward, letting your rollups evolve alongside your application. (Existing rows start as NULL; a forced refresh backfills them when you need historical values.)
VersionDeltaFile
1.52+4-4databases/postgresql-timescaledb/distinfo
1.51+3-1databases/postgresql-timescaledb/PLIST
1.55+2-2databases/postgresql-timescaledb/Makefile
+9-73 files

NetBSD/pkgsrc GI4INwPnet/icinga2 distinfo Makefile

   icinga2: updated to 2.16.2

   2.16.2 (2026-06-29)

   This release fixes some critical security vulnerabilities in Icinga 2. Users are advised to upgrade immediately, as two
   of them allow an unauthenticated attacker to take over or crash the Icinga 2 process over the network. The other
   security fixes only affect authenticated API users.

   In addition, a new permission named `filter-expression` is introduced, which allows specifying if individual API users
   are allowed to use DSL filter expressions in API queries. This allows further restricting some API users that don't need
   this capability, for example, those only submitting individual check results. Due to the incompatibility of this change,
   enforcement of this permission is opt-in until v2.17; see the
   [upgrading docs](https://icinga.com/docs/icinga-2/latest/doc/16-upgrading-icinga-2/#upgrading-to-2-16-2) for details.

   * Verify that certificate update requests come from an authorized endpoint ([GHSA-vj39-ww8j-vvx5](https://github.com/Icinga/icinga2/security/advisories/GHSA-vj39-ww8j-vvx5))
   * Fix stack overflow due to deeply nested data structures ([GHSA-wh38-wg57-5w7g](https://github.com/Icinga/icinga2/security/advisories/GHSA-wh38-wg57-5w7g))
   * Prevent arbitrary config injection on object creation via the API ([GHSA-jgqj-x5j9-vgcm](https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm))
   * Fix that `/v1/config/files` could send uninitialized memory in case of file I/O errors
   * Add `filter-expression` permission to make it possible to prevent API users from using DSL filter expressions
   * Windows: Update bundled OpenSSL to v3.5.7
VersionDeltaFile
1.13+4-4net/icinga2/distinfo
1.28+2-3net/icinga2/Makefile
+6-72 files

NetBSD/pkgsrc QQPNN3Bdoc CHANGES-2026

   doc: Updated editors/vim-share to 9.2.0747
VersionDeltaFile
1.4127+7-6doc/CHANGES-2026
+7-61 files

NetBSD/pkgsrc tanVKOGeditors/vim-share distinfo PLIST

   Update to version 9.2.0747.

   Changes:
   - patch 9.2.0747: cscope: connection leak when growing the array fails
   - patch 9.2.0746: NULL pointer dereference in gui_photon
   - patch 9.2.0745: Crash with truncated spellfile
   - patch 9.2.0744: popup_atcursor() closes immediately on white space
   - runtime(odin): Update indent script, add indent tests
   - CI: MS-Windows: Run gvim/vim tests in parallel
   - patch 9.2.0743: string macros silently accept a size of the wrong type
   - runtime(vim): Fix heredoc triggering misidentifcation of Vim9 script
   - patch 9.2.0742: filetype: SSH keys and related filetypes not recognized
   - runtime(css): add more missing CSS properties
   - patch 9.2.0741: complete_check() does not return TRUE for mapped input
   - patch 9.2.0740: GTK4: scrollbar wrongly displayed
   - patch 9.2.0739: completion: 'autocompletedelay' blocks the main loop and drops autocommands
   - runtime: guard recommended style settings consistently
   - patch 9.2.0738: ml_recover() may write beyond block buffer
   - CI: Bump actions/checkout in the github-actions group across 1 directory

    [35 lines not shown]
VersionDeltaFile
1.241+4-4editors/vim-share/distinfo
1.93+5-0editors/vim-share/PLIST
1.177+2-2editors/vim-share/version.mk
+11-63 files

NetBSD/pkgsrc iRVFCTywww/resterm distinfo Makefile

   resterm: Update to version 0.44.4

   v0.44.4

   What's Changed
   Refreshed status bar icons - replaced the editor icon, which rendered as broken on some fonts.
   Status hints now clear when an action is confirmed or focus changes, instead of staying as stale text.
VersionDeltaFile
1.5+4-4www/resterm/distinfo
1.6+2-2www/resterm/Makefile
+6-62 files

NetBSD/pkgsrc pveWNJgdoc CHANGES-2026

   doc: Updated www/resterm to 0.44.4
VersionDeltaFile
1.4126+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc cC6xyNugames Makefile

   add and enable Zork-I, Zork-II, and Zork-III
VersionDeltaFile
1.566+4-1games/Makefile
+4-11 files

NetBSD/pkgsrc AMIq4fZdoc CHANGES-2026

   doc: Added games/Zork-III version 1.0
VersionDeltaFile
1.4125+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc GwmLNDvgames/Zork-III Makefile options.mk

   games/Zork-III: import Zork-III-1.0

   Zork III: The Dungeon Master

   This is Zork, the famous text adventure game from 1977.

   Through a number of subsidiaries, it is now owned by Microsoft and
   they have chosen to re-release it under the MIT license.

   This package is the third installment of the multi-part version,
   which was released in 1982.
VersionDeltaFile
1.1+25-0games/Zork-III/Makefile
1.1+20-0games/Zork-III/options.mk
1.1+9-0games/Zork-III/DESCR
1.1+5-0games/Zork-III/distinfo
1.1+2-0games/Zork-III/PLIST
+61-05 files

NetBSD/pkgsrc QzwRcLudoc CHANGES-2026

   doc: Added games/Zork-II version 1.0
VersionDeltaFile
1.4124+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 9F7IO7Ggames/Zork-II Makefile options.mk

   games/Zork-II: import Zork-II-1.0

   Zork II: The Wizard of Frobozz

   This is Zork, the famous text adventure game from 1977.

   Through a number of subsidiaries, it is now owned by Microsoft and
   they have chosen to re-release it under the MIT license.

   This package is the second installment of the multi-part version,
   which was released in 1981.
VersionDeltaFile
1.1+25-0games/Zork-II/Makefile
1.1+20-0games/Zork-II/options.mk
1.1+9-0games/Zork-II/DESCR
1.1+5-0games/Zork-II/distinfo
1.1+2-0games/Zork-II/PLIST
+61-05 files

NetBSD/pkgsrc P6hXDVzdoc CHANGES-2026

   doc: Added games/Zork-I version 1.0
VersionDeltaFile
1.4123+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc OVoJyH5games/Zork-I Makefile options.mk

   games/Zork-I: import Zork-I-1.0

   Zork I: The Great Underground Empire

   This is Zork, the famous text adventure game from 1977.

   Through a number of subsidiaries, it is now owned by Microsoft and
   they have chosen to re-release it under the MIT license.

   This package is the first installment of the multi-part version,
   which was released in 1980.
VersionDeltaFile
1.1+25-0games/Zork-I/Makefile
1.1+20-0games/Zork-I/options.mk
1.1+9-0games/Zork-I/DESCR
1.1+5-0games/Zork-I/distinfo
1.1+2-0games/Zork-I/PLIST
+61-05 files

NetBSD/pkgsrc EpFvYtSdoc CHANGES-2026

   Updated www/py-protego, textproc/py-regex
VersionDeltaFile
1.4122+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc C9SgO3Ntextproc/py-regex distinfo Makefile

   py-regex: updated to 2026.6.28

   2026.6.28
   Git issue 604: regex fails on free-threading python because setlocale is not thread-safe
VersionDeltaFile
1.71+4-4textproc/py-regex/distinfo
1.75+2-2textproc/py-regex/Makefile
+6-62 files

NetBSD/pkgsrc 0YxJVNJwww/py-protego distinfo Makefile

   py-protego: updated to 0.6.2

   0.6.2 (2026-06-25)

   -   Fixed a ReDoS (regular expression denial of service) vulnerability: URL
       patterns from ``robots.txt`` ``Allow`` and ``Disallow`` directives were
       compiled into regular expressions, where multiple ``*`` wildcards could
       cause exponential backtracking. A server could exploit this to cause denial
       of service by serving a crafted ``robots.txt`` file. Wildcard matching is
       now performed without regular expressions. Please, see the
       `CVE-2026-55520`_ and `GHSA-wjmf-p669-5m5p`_ security advisories for more
       information.

   0.6.1 (2026-06-11)

   -   Fixed parsing of ``Request-rate`` values where the seconds field has no
       time-unit suffix (e.g. ``1/60`` instead of ``1/60s``). Previously the last
       digit of the number was silently dropped.
VersionDeltaFile
1.10+4-4www/py-protego/distinfo
1.13+2-2www/py-protego/Makefile
+6-62 files

NetBSD/pkgsrc kNzsWVPdoc TODO CHANGES-2026

   Updated sysutils/psmisc
VersionDeltaFile
1.27517+1-2doc/TODO
1.4121+2-1doc/CHANGES-2026
+3-32 files

NetBSD/pkgsrc 65gS27Ysysutils/psmisc Makefile PLIST, sysutils/psmisc/patches patch-configure.ac patch-src_killall.c

   psmisc: updated to 23.7

   Changes in 23.7
   * build-sys: Make disable-statx work
   * fuser: Fallback to stat() if no statx() Debian 1030747
   * fuser: silently ignore EACCES when scanning proc directories
   * killall: small formatting fixes Debian
   * pstree: Do not assume root PID
   * pslog: include config.h
   * misc: Update gettext to 0.21
VersionDeltaFile
1.35+23-30sysutils/psmisc/Makefile
1.3+38-3sysutils/psmisc/PLIST
1.1+21-0sysutils/psmisc/patches/patch-configure.ac
1.12+6-10sysutils/psmisc/distinfo
1.1+15-0sysutils/psmisc/patches/patch-src_killall.c
1.8+1-1sysutils/psmisc/patches/patch-ad
+104-445 files not shown
+109-4911 files

NetBSD/pkgsrc J5oQRs1doc CHANGES-2026

   Updated devel/py-scikit-build, math/py-pandas
VersionDeltaFile
1.4120+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc V5rCHdFmath/py-pandas distinfo Makefile

   py-pandas: updated to 3.0.4

   3.0.4

   Fixed regressions
   Fixed a performance regression in Series.searchsorted() and Index.searchsorted() with the string dtype, where a full O(n) NA scan made the operation much slower than the binary search itself (GH 65837)
   Fixed a regression in isin() raising an error when checking for pd.NA with ArrowDtype, which also affected DataFrame.drop() with ArrowDtype-backed indexes (GH 63304)
   Fixed a regression in arithmetic operations involving StringDtype and custom Python objects incorrectly raising instead of returning object-dtype results (GH 64107)
   Fixed a regression in localizing timestamps beyond the year 2100 when using zoneinfo timezones (GH 65733)
   Fixed a regression in setting into a DataFrame with MultiIndex columns and mixed-dtype level silently doing nothing (GH 65118)
   Bug fixes
   Fixed a bug in DataFrame.iloc() silently ignoring the assignment when setting values with an unordered or duplicated column indexer on a DataFrame whose values are referenced by another object (GH 65446)
   Fixed a bug in DataFrame.to_sql() and read_sql_table() when using an ADBC engine where table and schema names were not quoted as SQL identifiers, causing failures for identifiers containing spaces or reserved words, and making it vulnerable to SQL injection (GH 65065)
   Fixed a bug in Series.str.__getitem__() raising AttributeError when underlying array is ArrowExtensionArray (GH 65112)
   Fixed a bug in Series.str.match() and Index.str.match() with PyArrow-backed string dtypes where a leading ^ only anchored the first branch of an alternation pattern (e.g. r"^foo|bar") (GH 66069)
   Fixed a bug in eval() not honoring Copy-on-Write with the Python engine when columns were reused in the expression, causing unexpected mutation of the original DataFrame (GH 65664)
   Fixed a bug in arithmetic adding or subtracting a non-tick DateOffset (e.g. offsets.MonthEnd, offsets.QuarterEnd) to datetime data that could cause a segmentation fault when another thread was running concurrently, e.g. under pytest-xdist (GH 66031)
VersionDeltaFile
1.49+4-4math/py-pandas/distinfo
1.70+2-2math/py-pandas/Makefile
+6-62 files

NetBSD/pkgsrc tb0C3WLdevel/py-scikit-build distinfo Makefile

   py-scikit-build: updated to 0.19.1

   Scikit-build 0.19.1

   This is a patch release to add support for Visual Studio 2026.

   Features

   * Support Visual Studio 18 2026 in :pr:`1186`

   Bug fixes

   * Correctness bugs found in code review in :pr:`1191`
   * Resolve Visual Studio generator environments lazily in :pr:`1193`

   Testing

   * Add windows-latest job for Visual Studio 2026 in :pr:`1194`
   * Convert decorator into fixture in :pr:`1175`

    [12 lines not shown]
VersionDeltaFile
1.9+4-4devel/py-scikit-build/distinfo
1.10+2-2devel/py-scikit-build/Makefile
+6-62 files

NetBSD/pkgsrc cKbpyIidoc CHANGES-2026

   Updated net/tor, www/py-django-reversion, www/py-django-treebeard
VersionDeltaFile
1.4119+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc E7PdCPQwww/py-django-treebeard distinfo PLIST

   py-django-treebeard: updated to 5.3.0

   5.3.0

   Added support for loading data for many-to-many relationships with load_bulk(). These were previously exported when using dump_bulk(), but were not handled when loading the same data.
   Fixed an exception arising when running delete() operations on querysets that had a prefetch.
   Added a warning when the default manager for a model extending a Treebeard Node class does not subclass the corresponding Treebeard model manager. This will raise an error in the next major release of Treebeard.
VersionDeltaFile
1.23+4-4www/py-django-treebeard/distinfo
1.11+4-1www/py-django-treebeard/PLIST
1.25+2-2www/py-django-treebeard/Makefile
+10-73 files

NetBSD/pkgsrc ATMagYGwww/py-django-reversion distinfo Makefile

   py-django-reversion: updated to 6.3.0

   6.3.0 - 2026-06-12
   - Added Turkish translation
VersionDeltaFile
1.35+4-4www/py-django-reversion/distinfo
1.40+2-2www/py-django-reversion/Makefile
+6-62 files