BSD Commit Log Search

   wireshark: Add explicit dependency on xxhash.

   pkg-vulnerabilities: add last days CVEs

   + ImageMagick{,6},
     binutils (no reference to upstream, recheck if fixed once upstream bug
     reports /information are available),
     cpp-httplib, expat, ffmpeg,
     giflib (no upstream information, assume not fixed),
     glpi, gpac, gst-plugins1-{good,bad,ugly},
     htslib,
     inetutils (no stable release with fixes),
     jenkins,
     libarchive (not fixed, possible PR under review),
     libexif (fixed upstream, no stable release with fix),
     libsoup (some not fixed),
     mongo-c-driver, mongodb, mumble,
     ncurses (under discussion, double-check later, assume valid and not fixed),
     nghttp2, p5-XML-Parser, p5-YAML-Syck, py-Glances, py-OpenSSL, py-asn1,
     py-authlib, py-simpleeval,
     python (no stable releases with the fix),
     radare2, samtools, wolfssl, xpdf

   Note update of pkgtools/depgraph to 20260319

   pkgsrc/pkgtools/depgraph: update depgraph to 20260319 to fix a portability
   bug in the shell function finding paths for executables. No more confusing
   messages on Mac/Darwin now.

   php74: SunOS needs socket libraries.

   php56: SunOS needs socket libraries.

   ppsspp: fix build on NetBSD

   gnutls: Fix build with clang 15.

   Remove --with-system-expat configure option

   ratfor: fix typo in DESCR

   From Robert Whitlock in PR 60109.

   doc: Updated textproc/p5-XML-Parser to 2.48

   p5-XML-Parser: update to 2.48.

   Security fix release.

   2.48 2026-03-18 (by Todd Rinaldo)

     Fixes:
       - GH #39 Fix off-by-one heap buffer overflow in st_serial_stack growth check (CVE-2006-10003)
       - GH #64 Fix buffer overflow in parse_stream when filehandle has :utf8 layer (CVE-2006-10002)
       - GH #27 Prevent symbol table auto-vivification in Expat::parse
       - GH #30 Set UTF-8 flag on sysid in ExternEnt handler and fix Debug style for non-ASCII chars
       - GH #36 Prevent position overflow for large files in line/column/error paths
       - GH #41 Fix xml_escape to escape all occurrences of quote characters
       - GH #44 Fix lexical filehandle handling in ExternEnt handler return values
       - GH #45 Clean up compiler warnings in Expat.xs
       - GH #47 Fix routing of character data after root element to Char handler
       - GH #48 Fix current_byte overflow for large XML files on 32-bit perl
       - GH #50 Propagate xpcroak errors in Subs style instead of swallowing them
       - GH #53 Fix parameter entity references in internal DTD subset breaking handler dispatch

    [51 lines not shown]

   doc: Updated www/firefox-l10n to 148.0.2

   www/firefox-l10n: Update to 148.0.2

   * Sync with www/firefox-148.0.2.

   doc: Updated www/firefox to 148.0.2

   www/firefox: Update to 148.0.2

   Changelog:
   148.0.2:
   Fixed

     * Fixed an issue where searches entered in the Firefox Home search field were
       incorrectly redirected to the address bar for some users who had disabled
       search handoff behavior via advanced settings. (Bug 2017049)

     * Fixed an issue where some web-based rich text editors stopped applying
       formatting, such as bold or italic. (Bug 2020927)

     * Fixed an issue where videos could autoplay unexpectedly on YouTube despite
       autoplay being blocked, particularly impacting screen reader users. (Bug
       2020233)

     * Fixed an issue that caused some absolutely positioned elements meant to be
       centered, for example, using margin: auto with inset: 0, to appear

    [17 lines not shown]

   heyu: Fix build with recent GCC.

   granulate: Fix implicit decl of strlen(3)

   cstream: Fix implicit decl of bzero(3)

   chord: Fix build with recent GCC

   doc: Updated graphics/prison to 5.116.0nb9

   prison: remove zxing-cpp bl3.mk and update PLIST

   This does not support zxing-cpp 3.x.

   Bump PKGREVISION.

   doc: Updated graphics/kf6-prison to 6.18.0nb4

   kf6-prison: this version does not support zxing-cpp 3.x

   The latest version does. Disable zxing-cpp support until the next update.

   Bump PKGREVISION.

   doc: Updated www/php-nextcloud to 32.0.6

   www/php-nextcloud: Update to 32.0.6

   This is 5 ~monthly micro updates; upstream has a long track record of
   stable micros.

   Tested on NetBSD 10 amd64 via nginx/fpm (the standard approach), both
   web interface and CalDAV.

   alacritty: fix icon path, follow install instruction of upstream

   p5-Clone: extract using gtar since it has EAs

   teapot: Fix implicit decl of mbslen

   sc: Fix implicit function decls