BSD Commit Log Search

   doc: Updated textproc/expat to 2.7.5

   expat: update to 2.7.5.

   Ok maya@

   Release 2.7.5 Tue March 17 2026
           Security fixes:
              #1158  CVE-2026-32776 -- Fix NULL function pointer dereference for
                       empty external parameter entities; it takes use of both
                       functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
        #1161 #1162  CVE-2026-32777 -- Protect from XML_TOK_INSTANCE_START
                       infinite loop in function entityValueProcessor; it takes
                       use of both functions XML_ExternalEntityParserCreate and
                       XML_SetParamEntityParsing for an application to be
                       vulnerable.
              #1163  CVE-2026-32778 -- Fix NULL dereference in function setContext
                       on retry after an earlier ouf-of-memory condition; it takes
                       use of function XML_ParserCreateNS or XML_ParserCreate_MM

    [31 lines not shown]

   Ajust patterns for xen*418 and xen*420; all known vulnerabilities are fixed
   in the latest version

   Updated sysutils/xenkernel418 to 20260317
   Updated sysutils/xentools418 to 20260317

   Update xenkernel418 and xentools418 to 20260317

   Changes since 20250701: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481

   doc: Updated security/libssh to 0.114

   pkg-vulnerabilities: mark libssh vulns as fixed and adjust versions.

   We package libssh-0.11.4 as 0.114, for historical reasons, as mentioned
   in the package Makefile. Thus, 'libssh<0.11.2' never fires, so adjust
   all the 0.11.x vulnerabilities accordingly.

   libssh: update to 0.11.4

   This is a stable release in the 0.11 series. There is also 0.12.0
   available, but this has less potential for breakage, I assume.

   version 0.11.4 (released 2026-02-10)
    * Security:
      * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
        on Windows
      * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
      * CVE-2026-0965: Possible Denial of Service when parsing unexpected
        configuration files
      * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
      * CVE-2026-0967: Specially crafted patterns could cause DoS
      * CVE-2026-0968: OOB Read in sftp_parse_longname()
      * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
        extensions
    * Stability and compatibility improvements of ProxyJump


    [31 lines not shown]

   libhidapi: reduce diffs from ustream implementation.

   Tested with ch32fun and UIAPduino on NetBSD/i386 10.1 with
   both ohci and xhci.
   Also sync DESCR with the latest version.

   Updated sysutils/xenkernel420 to 20260317
   Updated sysutils/xentools420 to 20260317
   Updated sysutils/xenstoretools to 20260317

   Update xenkernel420, xentools420 and xenstoretools to 20260317.
   Changes since 20251113: mostly bug fixes and small improvements on
   some hardware, including security fixes up to XSA481

   gst-plugins1-bad: PLIST.Linux: sync

   vim-share: Link with libnsl on SunOS.

   dte: Fix iconv usage.

   xmake: Fix implicit decl of bcopy(3).

   ce: Fix implicit decl of bcopy(3).

   locktests: Fix building with recent GCC.

   libast: Fix implicit declaration of rindex(3).

   libtai: Fix building with recent GCC.

   gtk4: Link against libsocket on SunOS

   doc: Updated net/yt-dlp-ejs to 0.7.0

   yt-dlp-ejs: update to 0.7.0.

   Reqired by current yt-dlp package.

   ldpc: Fix implicit function declarations.

   acunia-jam: Fix building with recent GCC.

   doc: Updated net/powerdns-recursor to 5.4.0

   net/powerdns-recursor: Update to version 5.4.0

   From Marcin Gondek via wip.

   Changelogs for 5.4.X
   Before upgrading, it is advised to read the Upgrade Guide.

   5.4.0
   Released: 9th of March 2026 with no changes since 5.4.0-rc1 except the version.

   5.4.0-rc1
   Released: 17th of February 2026
   Improvements
   Harmonize with dnsdist PR #16741 with respect to OpenTelemetry instance name.
   References: pull request 16756
   Coverity 1644498 Variable copied when it could be moved.
   References: pull request 16784
   Opentelemetry: add flags field in TRACEPARENT EDNS option.
   References: pull request 16786

    [217 lines not shown]

   doc: Updated textproc/prose to 0.6.2

   textproc/prose: update to 0.6.2

    - No ChangeLog provided.

   doc: Updated devel/difftastic to 0.68.0

   devel/difftastic: update to 0.68.0

   Git Support
    - Fixed an issue where git with difftastic would terminate with fatal: external diff died when there was an unmerged path.

   Parsing
    - Updated Bash, C, Go, Lua, Nix, Perl, Python, Rust, Scala, Swift and YAML parsers.
    - Fixed an issue with parsing raw string literals in Rust.

   Build
    - Difftastic now requires Rust 1.77 or later to build.
    - Difftastic no longer uses jemalloc on any Windows builds. Previously jemalloc was only disabled for MSVC.

   Command Line Interface
    - Improved error reporting when invoked with an invalid number of arguments.

   Display
    - Fixed an issue with inline display where it didn't always respect the value of --context.
    - Fixed an issue with side-by-side rendering when files contain tabs.