NetBSD/pkgsrc GUqb3Txdoc TODO CHANGES-2026

   doc: Updated x11/xsetroot to 1.1.4
VersionDeltaFile
1.27555+2-2doc/TODO
1.4387+2-1doc/CHANGES-2026
+4-32 files

NetBSD/pkgsrc tP6dmD1x11/xsetroot Makefile distinfo

   xsetroot: update to 1.1.4.

   Alan Coopersmith (8):
         -help should exit(0) not (1)
         Accept --help & --version as aliases to -help & -version
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint`
         gitlab CI: drop the ci-fairy check-mr job
         Strip trailing whitespace from source files
         meson: Add option to build with meson
         xsetroot 1.1.4
VersionDeltaFile
1.13+3-5x11/xsetroot/Makefile
1.11+4-4x11/xsetroot/distinfo
+7-92 files

NetBSD/pkgsrc gaZ1witdoc CHANGES-2026

   doc: Updated x11/xset to 1.2.6
VersionDeltaFile
1.4386+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc UYbJFESx11/xset Makefile distinfo

   xset: update to 1.2.6.

   Alan Coopersmith (6):
         Add -help option
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10`
         gitlab CI: drop the ci-fairy check-mr job
         meson: Add option to build with meson
         xset 1.2.6

   Bjarni Ingi Gislason (1):
         xset.1: some editorial changes for this man page [Debian bug #1072502]
VersionDeltaFile
1.18+3-5x11/xset/Makefile
1.13+4-4x11/xset/distinfo
+7-92 files

NetBSD/pkgsrc Wc6a1hRdoc CHANGES-2026

   doc: Updated x11/xrefresh to 1.1.1
VersionDeltaFile
1.4385+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc IQdAjkKx11/xrefresh distinfo Makefile

   xrefresh: update to 1.1.1.

   Alan Coopersmith (10):
         Assume target platforms have strcasecmp now
         Use _stricmp() instead of strcasecmp() on Windows
         Accept --help & --version as aliases to -help & -version
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint`
         man page: add -delay & -help options
         gitlab CI: drop the ci-fairy check-mr job
         Strip trailing whitespace from source files
         meson: Add option to build with meson
         xrefresh 1.1.1
VersionDeltaFile
1.11+4-4x11/xrefresh/distinfo
1.14+3-5x11/xrefresh/Makefile
+7-92 files

NetBSD/pkgsrc YbHIb3qdoc TODO CHANGES-2026

   doc: Updated x11/xrdb to 1.2.3
VersionDeltaFile
1.27554+4-2doc/TODO
1.4384+2-1doc/CHANGES-2026
+6-32 files

NetBSD/pkgsrc v9fm87Ax11/xrdb Makefile distinfo

   xrdb: update to 1.2.3.

   Alan Coopersmith (8):
         Accept --help & --version as aliases to -help & -version
         Make -help exit with 0 instead of 1
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint`
         gitlab CI: drop the ci-fairy check-mr job
         meson: Add option to build with meson
         Git rid of -Wstringop-truncation warnings
         xrdb 1.2.3
VersionDeltaFile
1.17+3-5x11/xrdb/Makefile
1.15+4-4x11/xrdb/distinfo
+7-92 files

NetBSD/pkgsrc a2qcM61www/qt6-qtwebengine Makefile

   qt6-qtwebengine: my last two builds with node24 failed

   but the last one with node26 worked, so default to that
VersionDeltaFile
1.11+3-1www/qt6-qtwebengine/Makefile
+3-11 files

NetBSD/pkgsrc yC5J9LSdoc CHANGES-2026

   Updated devel/libffi, security/p11-kit
VersionDeltaFile
1.4383+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc NbHQQPksecurity/p11-kit distinfo Makefile

   p11-kit: updated to 0.26.4

   0.26.4

   Build fix
   Update translations

   0.26.3

   server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing by enforcing a recursion depth limit (CVE-2026-13757)
   fixed confusing error message when trying to store an existing cert with trust anchor
   fixed assert when parsing p11-kit files with value (")
   fixed numerous memory management issues
   Build and test fixes
VersionDeltaFile
1.36+4-4security/p11-kit/distinfo
1.45+2-2security/p11-kit/Makefile
1.16+2-2security/p11-kit/PLIST
+8-83 files

NetBSD/pkgsrc 1SPin21devel/libffi distinfo Makefile

   libffi: updated to 3.7.1

   3.7.1

   Fix aarch64 ffi_call memory corruption when passing many large
   structs by value.
   Fix i386 thiscall/fastcall closure stack cleanup for 64-bit
   integer and struct arguments.
   Fix aarch64 int128 argument split between x7 and the stack on
   Darwin
   Fix aarch64 clang-cl link failure for HFA helper functions
   Build a generic ffi_call_plan fallback on Windows x86-64.
   Add Windows ARM64 (MSVC) build and continuous integration support.
VersionDeltaFile
1.72+4-4devel/libffi/distinfo
1.61+2-2devel/libffi/Makefile
+6-62 files

NetBSD/pkgsrc W9XnjK8doc CHANGES-2026

   doc: Updated www/resterm to 0.46.2
VersionDeltaFile
1.4382+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ukb9DEowww/resterm distinfo Makefile

   resterm: Update to 0.46.2

   v0.46.2
   What' New
   When the update check finds a newer version, the version section of the status bar shows both your current version and the latest one, joined by a "?" icon. Example: ? v0.46.1 ? v0.46.2
   Increased startup latency animation to 1s.

   v0.46.1
   This release rebuilds how resterm updates itself. Downloads are now verified end to end against checksums served by the GitHub release API, the new binary has to prove it is the right release before it replaces the current one.

   Verified self-updates
   resterm --update now verifies every download against the sha256 digest the GitHub release API publishes for each asset. There is no separate checksum file to fetch anymore - the expected hash arrives with the release metadata and the downloaded binary must match it exactly.
   Verification is mandatory. A missing digest, a size mismatch or a checksum mismatch aborts the update and leaves the current install untouched.
   As a final check, the downloaded binary is executed with --version and must report the release it claims to be before it is moved into place.
   The new binary is staged next to the current one and swapped in with an atomic rename. On Windows the update now installs in place instead of waiting for a restart: the previous executable stays beside the new one as resterm.exe.old and is cleaned up by the next update once no process is still running it.

   Safer installs
   install.sh and install.ps1 verify the downloaded binary against the release API digest before installing and refuse to install when the checksum does not match.


    [4 lines not shown]
VersionDeltaFile
1.11+10-4www/resterm/distinfo
1.13+1-2www/resterm/Makefile
1.4+2-0www/resterm/go-modules.mk
+13-63 files

NetBSD/pkgsrc m4aXL1bdoc CHANGES-2026

   Updated security/cargo-deny, audio/py-discid, time/py-tzdata
VersionDeltaFile
1.4381+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc CXIPziTtime/py-tzdata distinfo Makefile

   py-tzdata: updated to 2026.3

   2026.3

   Briefly:

   Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on
   2026-09-20. More integer overflow bugs have been fixed in zic.
VersionDeltaFile
1.24+4-4time/py-tzdata/distinfo
1.27+2-2time/py-tzdata/Makefile
+6-62 files

NetBSD/pkgsrc bLG3S0Qaudio/py-discid distinfo Makefile

   py-discid: updated to 1.4.2

   Changes in 1.4.2 (2026-07-10):
   * Provide Python wheel on PyPI.
   * Removed remaining Python 2 specific code from ``util.py``.
VersionDeltaFile
1.5+4-4audio/py-discid/distinfo
1.6+2-2audio/py-discid/Makefile
+6-62 files

NetBSD/pkgsrc C6ThQI7security/cargo-deny distinfo cargo-depends.mk

   cargo-deny: updated to 0.20.2

   0.20.2
   Fixed
   - fixed snapshot filenames on Windows which caused the release binary publish to fail...again.

   0.20.1
   Fixed
   - fixed snapshot filenames on Windows which caused the release binary publish to fail.

   0.20.0
   Changed
   - refactored the CLI, moving some duplicated options/flags into the root and removing several deprecated options/flags/values. See the PR for a full list of changes.

   Added
   - resolved 873 by adding a new [`bans.std-replacements`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-std-replacements-field-optional) lint which checks the graph for crates.io sourced crates that have been partially or fully replaced in `std` and/or `core`.

   Fixed
   - resolved 765 by respecting non-default build script paths in manifests.
   - resolved 874 by cleaning up the CLI, deduplicating some options/flags that caused bug in the `list` subcommand.
VersionDeltaFile
1.3+13-19security/cargo-deny/distinfo
1.3+3-5security/cargo-deny/cargo-depends.mk
1.3+2-2security/cargo-deny/Makefile
+18-263 files

NetBSD/pkgsrc BIL0R1Jdoc CHANGES-2026

   doc: Updated audio/kew to 4.1.8
VersionDeltaFile
1.4380+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 3KRXoskaudio/kew distinfo Makefile

   kew: update to 4.1.8

   Fixes end of list crash on Ubuntu/Wezterm
VersionDeltaFile
1.23+4-4audio/kew/distinfo
1.26+2-2audio/kew/Makefile
+6-62 files

NetBSD/pkgsrc MpcHUQDdoc CHANGES-2026

   Updated devel/py-build, devel/py-cffi
VersionDeltaFile
1.4379+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc COo2aJNdevel/py-cffi PLIST distinfo, devel/py-cffi/patches patch-setup.py

   py-cffi: updated to 2.1.0

   2.1.0

   Added the cffi-gen-src command-line tool (also invocable as python -m cffi.gen_src), which generates CFFI C extension source code, so that a build backend such as meson-python can build the extension. See Generating C Sources for CFFI Extensions for details. Integrated from the cffi-buildtool project by Rose Davidson.
   Added support for arm64 iOS wheels.
   Dropped support for Python 3.9.
   Added support for Python 3.15 and support for C extensions generated by CFFI to target the new abi3t free-threaded ABI.
   Avoid crashes inside of __delitem__.
   Avoid “string too big” error under MSVC.
   Fix mingw builds.
VersionDeltaFile
1.14+9-3devel/py-cffi/PLIST
1.53+5-5devel/py-cffi/distinfo
1.2+4-4devel/py-cffi/patches/patch-setup.py
1.63+4-2devel/py-cffi/Makefile
1.1+1-0devel/py-cffi/ALTERNATIVES
+23-145 files

NetBSD/pkgsrc aH7xAz3devel/py-build distinfo Makefile

   py-build: updated to 1.5.1

   1.5.1 (2026-07-09)

   Features

   - Add ``--report=PATH`` to write a machine-readable JSON report of built artifacts; ``--metadata`` now also accepts
     ``.whl`` files - by :user:`gaborbernat` (:issue:`198`)
   - The ``srcdir`` argument now accepts ``.tar.gz`` source distributions, extracting and building from them - by
     :user:`gaborbernat` (:issue:`311`)
   - The "Unmet dependencies" error from ``--no-isolation`` builds now shows the wanted version, found version, and
     interpreter - by :user:`gaborbernat` (:issue:`504`)
   - Add ``--sdist-extract-dir`` to extract the intermediate sdist into a persistent directory, enabling compiler cache reuse
     across rebuilds - by :user:`gaborbernat` (:issue:`614`)
   - Add ``--env-dir`` to place the isolated build environment at a fixed path, enabling compiler cache reuse across builds -
     by :user:`gaborbernat` (:issue:`655`)
   - Print a summary of resolved dependency versions (``name==version``) after installing them in isolated builds - by
     :user:`gaborbernat` (:issue:`959`)
   - On build failure, print a tip pointing to ``--env-dir`` and ``--sdist-extract-dir`` for debugging and link to the "Debug

    [26 lines not shown]
VersionDeltaFile
1.17+4-4devel/py-build/distinfo
1.28+2-2devel/py-build/Makefile
+6-62 files

NetBSD/pkgsrc oOFNWDDdoc CHANGES-2026

   Updated net/rclone, net/helm, devel/memcached
VersionDeltaFile
1.4378+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc jZ2j672devel/memcached distinfo Makefile

   memcached: updated to 1.6.45

   1.6.45

   Fixes

   proxy: extra warning for user config error
   proto: convert more strto calls
   proto: meta preparse F flag fix
   proxy: fix res:line() returning wrong response
   proxy: fix overread of spaces for large gets
   ascii: safely convert flag args to numerics
   ascii: fix unlocked refcount-- on error path
   proxy: key filter null byte written to wrong place
   proxy: fix detail len clamp in request logging
   proxy: enforce minimum rate limit
   ascii: fix refcount leak on ms parse error
   proxy: reserve enough log space for proxy BE_EVENT
   network: fix segfault on OOM during net read

    [16 lines not shown]
VersionDeltaFile
1.65+4-4devel/memcached/distinfo
1.98+2-2devel/memcached/Makefile
+6-62 files

NetBSD/pkgsrc aHm1mU4net/helm distinfo go-modules.mk

   helm: updated to 4.2.3

   Helm v4.2.3 is a patch release. Users are encouraged to upgrade for the best experience.
VersionDeltaFile
1.6+52-52net/helm/distinfo
1.5+16-16net/helm/go-modules.mk
1.18+2-3net/helm/Makefile
+70-713 files

NetBSD/pkgsrc 8EfqPNmnet/rclone distinfo go-modules.mk

   rclone: updated to 1.74.4

   1.74.4

   Bug Fixes
   accounting
   Fix goroutine leak in ResetCounters (Nick Craig-Wood)
   Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402)
   archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood)
   build
   Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
   CVE-2026-39822: os: Root escape via symlink plus trailing slash
   CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
   Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood)
   CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset
   CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes
   CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
   CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
   cmd/mount2

    [43 lines not shown]
VersionDeltaFile
1.42+46-46net/rclone/distinfo
1.29+14-14net/rclone/go-modules.mk
1.106+2-3net/rclone/Makefile
+62-633 files

NetBSD/pkgsrc ImEkalkdoc CHANGES-2026

   Updated net/py-stone, www/py-django[5]
VersionDeltaFile
1.4377+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc q7sxhJGwww/py-django5 distinfo Makefile

   py-django5: updated to 5.2.16

   Django 5.2.16 fixes three security issues with severity “low” in 5.2.15.

   CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
   CVE-2026-53877: Heap buffer over-read in GDALRaster
   CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
VersionDeltaFile
1.4+4-4www/py-django5/distinfo
1.4+2-2www/py-django5/Makefile
+6-62 files

NetBSD/pkgsrc sdjm26Uwww/py-django distinfo Makefile

   py-django: updated to 6.0.7

   6.0.7

   Django 6.0.7 fixes three security issues with severity “low” and one bug in 6.0.6.

   CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
   CVE-2026-53877: Heap buffer over-read in GDALRaster
   CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

   Bugfixes

   Fixed a regression in Django 6.0 where the PBKDF2 and MD5 password hashers
   raised UnicodeDecodeError for bytes passwords that were not valid UTF-8.
   Passwords supplied as str or as UTF-8 bytes are unaffected
VersionDeltaFile
1.129+4-4www/py-django/distinfo
1.157+2-2www/py-django/Makefile
+6-62 files