NetBSD/pkgsrc RARxY1Xdevel/py-zope.testing distinfo Makefile

   py-zope.testing: updated to 6.2

   6.2 (2026-07-03)

   - Add support for Python 3.15.

   - Deprecate ``zope.testing.doctestcase`` in favour of plain ``doctest``
     (e.g. ``doctest.DocTestSuite`` or ``doctest.DocFileSuite``).

   - Move package metadata from setup.py to pyproject.toml.
VersionDeltaFile
1.11+4-4devel/py-zope.testing/distinfo
1.12+3-3devel/py-zope.testing/Makefile
+7-72 files

NetBSD/pkgsrc LybWzCHdoc CHANGES-2026

   Updated security/gnupg2, security/libjwt
VersionDeltaFile
1.4209+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc RQEujQvgraphics/tiff Makefile

   graphics/tiff: Move c99 to USE_CC_FEATURES

   from the deprecated location in USE_LANGUAGES.  NFCI.
VersionDeltaFile
1.174+3-2graphics/tiff/Makefile
+3-21 files

NetBSD/pkgsrc mU69ycAsecurity/libjwt PLIST distinfo

   libjwt: updated to 3.6.1

   LibJWT 3.6.1 is a small test-portability patch release.

   The in-process HTTP server used by the cached-JWKS test cast write() to (void) to ignore its result. glibc marks write() warn_unused_result, and the (void) cast does not suppress that warning on newer glibc, so the -Werror test build failed. The result is now asserted with ck_assert_int_gt(write(...), 0).

   This is ABI-compatible with 3.6.0: no library source changed, so the exported symbol set is identical and per the libtool rules only the SONAME revision advances (18:0:4 → 18:1:4). The SONAME stays libjwt.so.14 and existing binaries keep working.
VersionDeltaFile
1.9+171-2security/libjwt/PLIST
1.10+4-4security/libjwt/distinfo
1.12+2-3security/libjwt/Makefile
+177-93 files

NetBSD/pkgsrc g243QkTsecurity/gnupg2 Makefile distinfo, security/gnupg2/patches patch-sm_decrypt.c

   gnupg2: updated to 2.5.21

   Noteworthy changes in version 2.5.21 (2026-07-02)

   * New and extended features:

     - gpg, gpgsm: Use partial file on decryption, remove on failure.
       Disable with "--compatibility-flags=no-partial-file-guard".

     - gpg: Use the INT_RCP_FPR subpacket in revocation signatures.

     - Create a pkgversioninfo.txt file when building using the speedo
       build system.

   * Bug fixes:

     - gpg: Fix potential use-after-free in batch key generation when
       handling the keyserver URL option.


    [18 lines not shown]
VersionDeltaFile
1.179+3-9security/gnupg2/Makefile
1.99+4-5security/gnupg2/distinfo
1.2+1-1security/gnupg2/patches/patch-sm_decrypt.c
+8-153 files

NetBSD/pkgsrc ztaUV1fdoc CHANGES-2026

   doc: Updated graphics/tiff to 4.7.2
VersionDeltaFile
1.4208+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc qIep7nDgraphics/tiff distinfo PLIST

   graphics/tiff: Update to 4.7.2

   Upstream NEWS:
     micro release
     a very large number of bugfixes, including integer overflows

   * Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer()
     (:issue:`781`)
VersionDeltaFile
1.111+4-4graphics/tiff/distinfo
1.37+6-1graphics/tiff/PLIST
1.173+4-3graphics/tiff/Makefile
+14-83 files

NetBSD/pkgsrc jyffJZOdoc CHANGES-2026

   Updated textproc/py-rebulk, textproc/py-guessit
VersionDeltaFile
1.4207+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc NlgvUSGtextproc/py-guessit PLIST Makefile

   py-guessit: updated to 4.0.2

   4.0.2 (2026-06-29)

   Bug Fixes

   - **title**: Keep languages instead of a language-only title


   v4.0.1 (2026-06-29)

   Bug Fixes

   - **changelog**: Trim noise commit types from the changelog and PyPI page
   - **packaging**: Balance changelog code fences in the PyPI long description
VersionDeltaFile
1.10+26-4textproc/py-guessit/PLIST
1.14+7-10textproc/py-guessit/Makefile
1.11+4-4textproc/py-guessit/distinfo
+37-183 files

NetBSD/pkgsrc Nto8Qj1textproc/py-rebulk PLIST Makefile

   py-rebulk: updated to 6.0.1

   6.0.1

   Performance Improvements

   Cache getfullargspec on the hot matching path


   6.0.0

   Bug Fixes

   key: Skip private matches in declared-key value_type check

   Documentation

   Show declaring functional properties for check_keys


    [7 lines not shown]
VersionDeltaFile
1.3+18-7textproc/py-rebulk/PLIST
1.9+4-9textproc/py-rebulk/Makefile
1.9+4-4textproc/py-rebulk/distinfo
+26-203 files

NetBSD/pkgsrc Mx1hQK0math/R distinfo

   (math/R) regen distinfo
VersionDeltaFile
1.120+1-2math/R/distinfo
+1-21 files

NetBSD/pkgsrc fIXwEXYaudio/sox_ng PLIST

   sox_ng: fix PLIST
VersionDeltaFile
1.3+2-0audio/sox_ng/PLIST
+2-01 files

NetBSD/pkgsrc VW5rOcRmath/R Makefile, math/R/patches patch-src_include_R__ext_Error.h

   (math/R) removing patch-src_include_R__ext_Error.h suggested by Atsushi Tokokura
VersionDeltaFile
1.288+2-1math/R/Makefile
1.6+1-1math/R/patches/patch-src_include_R__ext_Error.h
+3-22 files

NetBSD/pkgsrc 92dxt84devel/elib distinfo, devel/elib/patches patch-dll-debug.el

   elib: fix path in patch
VersionDeltaFile
1.10+2-2devel/elib/distinfo
1.2+2-2devel/elib/patches/patch-dll-debug.el
+4-42 files

NetBSD/pkgsrc zYNoPAadoc CHANGES-2026

   Updated devel/py-uv, devel/py-uv-build
VersionDeltaFile
1.4206+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc uqBhddEaudio Makefile, audio/sox options.mk Makefile

   sox: remove

   Replaced by successor fork sox_ng.

   This version is unmaintained and has lots of CVEs against it.
VersionDeltaFile
1.729+1-2audio/Makefile
1.4205+2-1doc/CHANGES-2026
1.8+1-1audio/sox/options.mk
1.75+1-1audio/sox/Makefile
1.8+1-1audio/sox/PLIST
1.4+1-1audio/sox/buildlink3.mk
+7-78 files not shown
+14-1414 files

NetBSD/pkgsrc BPasul2doc CHANGES-2026

   doc: sox_ng updated to 14.8.0.1
VersionDeltaFile
1.4204+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc cbZsoOHdevel/py-uv distinfo cargo-depends.mk, devel/py-uv-build distinfo

   py-uv py-uv-build: updated to 0.11.26

   0.11.26

   Performance

   Adapt uv to IDs-only PubGrub dependencies
   Avoid allocations in ForkMap::contains
   Reuse resolver work across PubGrub iterations
   Speed up candidate selection for disjoint ranges

   Bug fixes

   Warn when the build cache is inside the source directory
VersionDeltaFile
1.30+58-40devel/py-uv/distinfo
1.31+58-40devel/py-uv-build/distinfo
1.28+18-12devel/py-uv/cargo-depends.mk
1.32+2-2devel/py-uv/Makefile.common
+136-944 files

NetBSD/pkgsrc CPRz9ZWemulators/suse15_gcc12 Makefile distinfo

   suse_gcc12: support static linking

   Allow creation of Linux binaries that do not need any of the suse_* packages installed.
   Add glibc-devel-static.
   Bump PKGREVISION.

   Test:
   # /emul/linux/usr/bin/gcc-12 -static -o hellolinux hello.c
   # file hellolinux
   hellolinux: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=89293d07b15722eb4b069afda0d48e6c62115e22, for GNU/Linux 3.2.0, with debug_info, not stripped
   # pkg_delete suse_gcc12 suse_binutils suse_base
   # rm -r /emul/linux
   # ./hellolinux
   hello, world
VersionDeltaFile
1.3+3-2emulators/suse15_gcc12/Makefile
1.3+4-1emulators/suse15_gcc12/distinfo
+7-32 files

NetBSD/pkgsrc K3c67k9doc CHANGES-2026

   Updated www/py-autobahn, textproc/py-wcmatch, print/py-octoprint, www/py-zensical
VersionDeltaFile
1.4203+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc JYn1xNlaudio/sox_ng PLIST Makefile, audio/sox_ng/patches patch-src_oss.c patch-src_sox__ng.c

   sox_ng: update to 14.8.0.1.

   Enable compatibility symlinks so this can replace the unmaintained sox
   package.

   Enable test target.

   sox_ng-14.8.0.1      2026-05-26
   ---------------

   Changes since 14.8.0:

     o Fix builds without FFTW giving all-black spectrograms, broken in 14.8.0
     o Trivial fixes to the docs


   sox_ng-14.8.0        2026-05-18
   -------------


    [258 lines not shown]
VersionDeltaFile
1.2+18-0audio/sox_ng/PLIST
1.2+7-6audio/sox_ng/Makefile
1.2+4-7audio/sox_ng/distinfo
1.2+1-1audio/sox_ng/patches/patch-src_oss.c
1.2+1-1audio/sox_ng/patches/patch-src_sox__ng.c
1.2+1-1audio/sox_ng/patches/patch-src_sunaudio.c
+32-166 files

NetBSD/pkgsrc tIxfL2Ewww/py-zensical PLIST distinfo

   py-zensical: updated to 0.0.46

   0.0.46

   This version improves search result quality and includes several bug fixes and refactorings.
VersionDeltaFile
1.2+88-7www/py-zensical/PLIST
1.3+19-19www/py-zensical/distinfo
1.4+11-10www/py-zensical/Makefile
1.3+5-5www/py-zensical/cargo-depends.mk
+123-414 files

NetBSD/pkgsrc kP8EufXprint/py-octoprint Makefile distinfo

   py-octoprint: updated to 1.11.8

   1.11.8

   Security fixes

   XSS in Suppressed Command Notifications, severity Moderate (4.6): OctoPrint versions up to and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Suppressed Command notifications popups generated by the printer.

   An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance.

   See also the GitHub Security Advisory and CVE-2026-35163.

   File exfiltration possible via further parameter injection on upload endpoints, severity High (7.0): OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability was already reported as GHSA-m9jh-jf9h-x3h2/CVE-2025-48067 but the fix provided in OctoPrint 1.11.2 turned out to be incomplete.

   The primary risk lies in the potential exfiltration of secrets stored inside OctoPrint's config, or further system files. By removing important runtime files, this could also be used to impact the availability of the host after an attempted server restart. Given that the attacker requires a user account with file upload permissions, the actual impact of this should however hopefully be minimal in most cases.

   See also the GitHub Security Advisory and CVE-2026-54134.

   Bug fixes

    [2 lines not shown]
VersionDeltaFile
1.19+4-6print/py-octoprint/Makefile
1.11+4-4print/py-octoprint/distinfo
+8-102 files

NetBSD/pkgsrc RQDPXmatextproc/py-wcmatch distinfo Makefile

   py-wcmatch: updated to 10.2.1

   10.2.1
   - **FIX**: Properly update project requirements to ensure usage of `bracex` 3.0.
VersionDeltaFile
1.14+4-4textproc/py-wcmatch/distinfo
1.16+3-3textproc/py-wcmatch/Makefile
+7-72 files

NetBSD/pkgsrc Wlh5Thwwww/py-autobahn PLIST Makefile

   py-autobahn: updated to 26.6.2

   26.6.2

   **WAMP Cryptosign**

   * Fix ``import autobahn.wamp.cryptosign`` raising ``TypeError: unsupported operand type(s) for |: 'str' and 'NoneType'`` on CPython 3.11/3.12/3.13 when crypto support (``nacl``) is installed. A ``ruff`` ``UP007`` autofix in 26.6.1 had rewritten ``Optional["ISecurityModule"]`` to ``"ISecurityModule" | None`` in a module that lacks ``from __future__ import annotations``, so the string forward-reference union was evaluated eagerly at class-definition time (CPython 3.14 was unaffected because PEP 649 defers annotation evaluation). The regression broke WAMP-cryptosign and any importer with crypto dependencies present (e.g. ``xbr``, Crossbar.io) on CPython < 3.14. Added ``from __future__ import annotations`` to ``cryptosign.py`` to defer annotation evaluation
VersionDeltaFile
1.25+12-7www/py-autobahn/PLIST
1.49+5-6www/py-autobahn/Makefile
1.36+4-4www/py-autobahn/distinfo
+21-173 files

NetBSD/pkgsrc KVQwdsPdoc CHANGES-2026

   Updated devel/SDL3, net/icinga2
VersionDeltaFile
1.4202+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 275J3cLnet/icinga2 distinfo Makefile

   icinga2: updated to 2.16.3

   2.16.3 (2026-07-01)

   This is a hotfix release that fixes a regression with the `Json.decode()` DSL function that was introduced in v2.16.2:
   The addition of a second argument to the internal `JsonDecode()` function unintentionally leaked into the DSL as a
   required argument. This version restores the old and intended behavior of `Json.decode()`.

   Changes

   * Restore single-argument `Json.decode()` in the DSL
   * Add the upgrading documentation for v2.15.1 again, which went missing with the v2.16.0 release
VersionDeltaFile
1.14+4-4net/icinga2/distinfo
1.29+2-2net/icinga2/Makefile
+6-62 files

NetBSD/pkgsrc OC6VNsJdevel/SDL3 distinfo Makefile

   SDL3: updated to 3.4.12

   3.4.12

   This is a stable bugfix release, with the following changes:

   Fixed an assert on Windows in SDL_SetWindowOpacity()
   Improved support for external surfaces under Wayland
   Fixed visual artifacts when switching render targets with the Vulkan renderer
   Fixed crash rendering YUV textures on NVIDIA drivers with the Vulkan renderer
   Added SDL_HINT_ENABLE_STEAM_SCREEN_KEYBOARD to customize behavior on Steam Deck and Steam Machine
   Improved support for gamepads under Emscripten
   Added hotplug detection support when using libusb for HIDAPI controllers
   Fixed flipped Xbox 360 controller axes on macOS
   Fixed truncated long text input sequences when using sdl2-compat
VersionDeltaFile
1.11+4-4devel/SDL3/distinfo
1.12+2-2devel/SDL3/Makefile
1.12+2-2devel/SDL3/PLIST
+8-83 files

NetBSD/pkgsrc XPfZB7Bdoc CHANGES-2026

   Updated databases/py-apsw, devel/py-argcomplete, devel/py-coverage, time/py-croniter
VersionDeltaFile
1.4201+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc zFMYeC3time/py-croniter distinfo Makefile

   py-croniter: updated to 6.2.3

   6.2.3 (2026-07-02)

   Features and Improvements
   - Fix quadratic expansion of comma-separated range lists for a large speed-up on expressions with many ranges.

   Bugfixes
   - Reject a zero step (e.g. ``5-5/0``) in equal and reversed cron ranges instead of silently accepting it.
   - Fix ``expand_from_start_time`` month low-bound off-by-one so stepped month ranges start on the correct month.
VersionDeltaFile
1.3+4-4time/py-croniter/distinfo
1.3+3-3time/py-croniter/Makefile
+7-72 files