BSD Commit Log Search

   Replace broken security patch for runtar.c with backport from
   current amanda version.

   Fixes PR 59874.

   doc: Updated lang/rust to 1.91.1

   rust: update to 1.91

   Based on wip/rust191 by he@, jperkin@, and adam@

   Changes:

   Add lint against dangling raw pointers from local variables

   Stabilized APIs

       Path::file_prefix
       AtomicPtr::fetch_ptr_add
       AtomicPtr::fetch_ptr_sub
       AtomicPtr::fetch_byte_add
       AtomicPtr::fetch_byte_sub
       AtomicPtr::fetch_or
       AtomicPtr::fetch_and
       AtomicPtr::fetch_xor
       {integer}::strict_add

    [61 lines not shown]

   doc: Updated x11/libxfce4windowing to 4.20.5

   libxfce4windowing: update to 4.20.5

   4.20.5 (2025-12-29)
   ======
   - I18n: Update po/LINGUAS list
   - build: Fix typo in optimization level
   - XfwWorkspaceWayland: Add missing sanity check
   - I18n: Update po/LINGUAS list
   - XfwWindowX11: Readjust entire monitor list when one is added/removed
   - I18n: Update po/LINGUAS list
   - autotools-build: Add *-docs.xml.in to EXTRA_DIST
   - Translation Updates:
     Arabic, Czech, Danish, Esperanto, Italian, Norwegian Bokmål, Occitan
     (post 1500), Portuguese (Brazil), Slovenian, Swedish, Thai, Uyghur,
     Vietnamese

   doc: updated www/firefox140 and www/firefox140-l10n to 140.7

   firefox140-l10n: update to 140.7.0

   Sync with www/firefox140 version.

   xapian-bindings: reset PKGREVISION for xapian update.

   doc: Updated textproc/xapian-omega to 1.4.30

   xapian-omega: update to 1.4.30. Changes:

   documentation:

   * INSTALL: Replace with improved version based on xapian-core's.

   indexers:

   * omindex:

     + Fix segmentation fault if an SVG file contains both <dc:title> and <title>
       with <dc:title> first.  Bug introduced in 1.4.21.

   doc: Updated textproc/xapian to 1.4.30

   xapian: update to 1.4.30. Changes:

   API:

   * Stem: 1.4.28 changed the English stemmer code to remove an exception
     for "skis" which we incorrectly thought wasn't needed.  This was not
     intended to be a functional change, so we've restored the exception.

   * Stem: Fix a bug in Snowball's runtime code for decoding 4-byte UTF-8
     sequences.  This affects grouping checks against Unicode codepoints U+40000
     to U+7FFFF and U+80000 to U+FFFFF, and we would decode a higher codepoint
     value.  The largest codepoint used in a grouping in any stemmer we ship is
     U+0585 so this seems to be a latent bug.  Reported in Snowball by Stephane
     Carrez.

   documentation:

   * The API docs still said DatabaseError was thrown for operations on a closed
     database, but since 1.4.10 we throw its subclass DatabaseClosedError instead.

    [19 lines not shown]

   firefox140: update to 140.7.0

   Mozilla Foundation Security Advisory 2026-03
   Security Vulnerabilities fixed in Firefox ESR 140.7

   Announced
       January 13, 2026
   Impact
       high
   Products
       Firefox ESR
   Fixed in

           Firefox ESR 140.7

   #CVE-2026-0877: Mitigation bypass in the DOM: Security component

   Reporter
       mingijung

    [142 lines not shown]

   doc: Updated databases/p5-App-Sqitch to 1.6.1

   p5-App-Sqitch: update to 1.6.1. Changes:

   - Fixed some ancient typos in sqitchtutorial-sqlite, with thanks to @ovid
     for the report!
   - Updated ClickHouse logic to always specify "default" as the hostname
     when connecting and the URI includes not hostname. This ensures it
     doesn't try to use `DSN=sqitch`, which is unlikely to be a configured
     DSN, and to align with the behavior of the ClickHouse client.

   doc: Updated devel/p5-Cucumber-TagExpressions to 8.1.0

   p5-Cucumber-TagExpressions: update to 8.1.0. Changes:

   - Render the empty tag expression as an empty string
   - Improve error message for missing operands

   doc: Updated textproc/p5-Text-HTML-Turndown to 0.10

   p5-Text-HTML-Turndown: update to 0.10. Changes:

   * Nicely indent generated Markdown tables
   * Simplify handling of <table> tags

   doc: Updated devel/ruby-jirametrics to 2.20.1

   ruby-jirametrics: update to 2.20.1. Changes:

   - Fixed an exception when using cookie based authentication.

   doc: Updated devel/mob to 5.4.1

   mob: update to 5.4.1. Changes:

   - Fix: `mob next` now correctly handles filenames with spaces when
     determining the last modified file for the open command.

   highlight: reset PKGREVISION for libhighlight update.

   doc: Updated textproc/libhighlight to 4.18

   highlight: update to 4.18. Changes:

   - updated astyle lib to version 3.6.13
   - fixed undefined variable in shellscript definition

   doc: Updated devel/goredo to 2.8.0

   goredo: update to 2.8.0. Changes:

   * Fix always-OOD '.do'-targets with nearby 'default.do'.
   * Proper '.do' file searching during source file determination.

   doc: Updated www/snac to 2.88

   snac: update to 2.88. Changes:

   ## 2.88

   If `disable_emojireact` is set to `true` in `server.json`, EmojiReacts
   (incoming and outgoing) are totally disabled.

   New command-line option `top_ten`, that returns the top ten most
   popular posts by a user (ordered by the sum of likes and boosts)
   (contributed by aov).

   Added a new set of per-user muted words; if a post contains any of them,
   it's hidden behind a dropdown (contributed by byte).

   If an account has a metadata named `pronouns`, it's shown by the name
   (contributed by violette).

   Mastodon API: children of a post are returned recursively, not just the
   first level (contributed by violette).

    [44 lines not shown]