pkgng/pkgng 1b726d2libpkg pkg_osvf.c

libpkg: Add CVE name parsing to OSVf parser

Add CVE names parsing to OSVf parser. As there
is no CVE name in OSVf schema. CVE names are extending
database_specific-object. Usage example JSON would be:
...
  "database_specific": {
    "references": {
      "cvename": [
        "CVE-2003-0031",
        "CVE-2003-0032"
      ]
    }
  }
...
DeltaFile
+52-0libpkg/pkg_osvf.c
+52-01 files

pkgng/pkgng 1eda235tests/lib FBSD-2025-05-28.json

tests: Add CVEs to example OSVf JSON

Add CVSs to example OSVf JSON. Currently
they are only for parsing and there is no
further testing are they correct
DeltaFile
+7-1tests/lib/FBSD-2025-05-28.json
+7-11 files

pkgng/pkgng e7c59betests/lib pkg_osvf.c FBSD-2025-05-28.json

fix: Update tests to support new updated OSVf Schema

In official OSVf Schema FreeBSD Ecosystem is not FBSD
but FreeBSD. Update correction to test json file and to library
test file.
DeltaFile
+1-1tests/lib/pkg_osvf.c
+1-1tests/lib/FBSD-2025-05-28.json
+2-22 files

pkgng/pkgng dd1dc71libpkg pkg_osvf.c

libpkg: Update OSVf JSON Schema to official version 1.7.5

Update OSVf JSON Schema to official version 1.7.5 which includes
FreeBSD Ecosystem.
DeltaFile
+14-4libpkg/pkg_osvf.c
+14-41 files

pkgng/pkgng e678a97src annotate.c autoremove.c

refactor: Add SPDX license identifier tags to files

Add SPDX license identifier tags to files that are licensed under the
LicenseRef-scancode-bsd-unchanged license
DeltaFile
+2-0src/annotate.c
+2-0src/autoremove.c
+2-0src/config.c
+2-0src/delete.c
+2-0src/event.c
+2-0src/fetch.c
+12-071 files not shown
+154-077 files

pkgng/pkgng 1bd4657libpkg yuarel.c yuarel.h

refactor: Add identifier tags to files that are licensed under the MIT

Add SPDX license identifier tags to files that are licensed under the
MIT license
DeltaFile
+2-0libpkg/yuarel.c
+2-0libpkg/yuarel.h
+4-02 files

pkgng/pkgng 5a73081compat closefrom.c

refactor: Add identifier tags to files that are licensed under the ISC

Add SPDX license identifier tags to files that are licensed under the
ISC license
DeltaFile
+2-0compat/closefrom.c
+2-01 files

pkgng/pkgng a84c1aacompat funopen.c, libpkg pkg_checksum.c pkg_jobs_universe.c

refactor: Add identifier tags to files that are licensed under the BSD-2-Clause

Add SPDX license identifier tags to files that are licensed under the
BSD-2-Clause license.
DeltaFile
+3-1compat/funopen.c
+3-1libpkg/pkg_checksum.c
+3-1libpkg/private/pkg_jobs.h
+3-1libpkg/pkg_jobs_universe.c
+2-1src/globals.c
+2-0libpkg/diff.c
+16-53 files not shown
+22-59 files

pkgng/pkgng 508d480compat humanize_number.h

refactor: Add identifier tags to files that are licensed under the BSD-3-Clause

Add SPDX license identifier tags to files that are licensed under the
BSD-3-Clause license
DeltaFile
+2-0compat/humanize_number.h
+2-01 files

pkgng/pkgng 49746cbdocs pkg-search.8

pkg-search.8: Introductory paragraph rewrite
DeltaFile
+9-9docs/pkg-search.8
+9-91 files

LLVM/project 013b335libcxx/include/__chrono duration.h

[libc++][NFC] Simplify duration comparisons a bit (#201788)

The comparisons have been delegated to a class which has been
specialized for the equality case. This has likely been done to avoid
`common_type` if possible. However, `common_type` got a lot cheaper, to
the point where the classes likely do more harm than good.
DeltaFile
+4-32libcxx/include/__chrono/duration.h
+4-321 files

pkgng/pkgng 6895ed1docs pkg.8

pkg.8: Document pkgnew and pkgsave files

Vermaden also mentioned pkgtemp, should we mention those too?

Reported by:    imp, vermaden
DeltaFile
+11-2docs/pkg.8
+11-21 files

pkgng/pkgng bc950b4libpkg pkg_solve.c

fix: indentation issue
DeltaFile
+2-1libpkg/pkg_solve.c
+2-11 files

pkgng/pkgng e40b909src version.c

fix: readd declaration removed by accident
DeltaFile
+2-0src/version.c
+2-01 files

LLVM/project 24ed5b2utils/bazel/llvm-project-overlay/llvm BUILD.bazel

Buildifier
DeltaFile
+1-1utils/bazel/llvm-project-overlay/llvm/BUILD.bazel
+1-11 files

NetBSD/pkgsrc jt8yVpLaudio/ymuse Makefile, chat/coyim Makefile

   Revbump all Go packages after go126 security update
VersionDeltaFile
1.45+2-2net/amfora/Makefile
1.47+2-2audio/ymuse/Makefile
1.101+2-2chat/coyim/Makefile
1.61+2-2chat/gomuks/Makefile
1.90+2-2chat/matterircd/Makefile
1.26+2-2chat/neonmodem/Makefile
+12-12199 files not shown
+410-387205 files

NetBSD/pkgsrc U92iKCxdoc CHANGES-2026

   doc: Updated lang/go126 to 1.26.4
VersionDeltaFile
1.3506+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc KSIJ72Glang/go version.mk, lang/go125 distinfo PLIST

   go: update to 1.26.4 and 1.25.11 (security).

   These releases include 3 security fixes following the security policy:

   -    mime: quadratic complexity in WordDecoder.DecodeHeader

        Decoding a maliciously-crafted MIME header containing many invalid
        encoded-words could consume excessive CPU.
        The MIME decoder now better handles this case.

        Thanks to p4p3r (https://hackerone.com/p4p3r_hak) for reporting this issue.

        This is CVE-2026-42504 and Go issue https://go.dev/issue/79217.

   -    net/textproto: arbitrary input are included in errors without any escaping

        When returning errors, functions in the net/textproto package would
        include its input as part of the error, without any escaping. Note that
        said input is often controlled by external parties when using this

    [26 lines not shown]
VersionDeltaFile
1.13+4-4lang/go125/distinfo
1.5+4-4lang/go126/distinfo
1.250+3-3lang/go/version.mk
1.5+1-0lang/go126/PLIST
1.8+1-0lang/go125/PLIST
+13-115 files

NetBSD/pkgsrc 26ONeO0doc CHANGES-2026

   doc: Updated textproc/xan to 0.58.0
VersionDeltaFile
1.3505+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc NHLc3PMtextproc/xan distinfo cargo-depends.mk

   textproc/xan: update to 0.58.0

   Breaking

       Stopping to serialize moonblade lists either as joined by some separator or JSON. This was awkard, error-prone & potentially lossy. Use the join function manually to format output when required.
       As per previous point, dropping xan scrape --sep.
       Dropping implicit unary function calls in moonblade pipelines. This feature was not well-known, confusing (an indentifier, could be understood as a call in a pipeline, only if not in first position...), and mostly useless now that moonblade has had a proper dot operator.
       xan plot -A/--aggregate does not take an expression anymore but has an automatic selection of two modes: sum and mean. It should also be faster.
       Renaming the index function as row_index for clarity.
       xan agg -C/--along-columns & -M/--along-matrix & xan groupby -C/--along-columns & -M/--along-matrix will not map current column index to the result of the index() function. The col_index() can be now used instead for this very purpose.
       xan window -g/--groupby does not require the file to be sorted anymore. This means using -g/--groupby will now require the whole file to be buffered into memory by the command. The old behavior can still be used through the -S/--sorted flag, thus aligning the xan window command with the rest of the tool.
       row_index will now error if the expression has no concept of row index, instead of returning nothing.
       xan parallel -z/--compress now take the desired compression (either gzip or zstd).
       Retiring the xan grep command in favor of xan search -Z/--fast-parser.
       xan tokenize --keep short flag becomes -k instead of -K to harmonize with other commands.
       Retiring the xan flatmap command in favor of xan explode -e.
       Retiring the xan fuzzy-join command in favor of a consolidated xan join command.
       Changing xan from -f txt -c <name> default to line instead of value.
       Renaming xan join -L/--prefix-left & -R/--prefix-right short flags to -l & -r respectively to avoid colliding with the added -R/--reverse flag that can be used for merge joins.

    [70 lines not shown]
VersionDeltaFile
1.10+37-46textproc/xan/distinfo
1.10+11-14textproc/xan/cargo-depends.mk
1.7+2-3textproc/xan/PLIST
1.10+2-2textproc/xan/Makefile
+52-654 files

LLVM/project bf28543utils/bazel/llvm-project-overlay/llvm BUILD.bazel

[bazel] Add `LLVM_BUILD_STATIC` to `llvm-lto2`

This is added by add_llvm_tool in CMake side and affects `DTLTO` inline ctor.
(Introduced in #192629)
DeltaFile
+3-0utils/bazel/llvm-project-overlay/llvm/BUILD.bazel
+3-01 files

NetBSD/pkgsrc 7ee7OHwdoc CHANGES-2026

   doc: Updated editors/tp-note to 1.26.1
VersionDeltaFile
1.3504+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc txlZwtaeditors/tp-note distinfo Makefile

   editors/tp-note: update to 1.26.1

    - Bug fix for Wayland clipboard support
VersionDeltaFile
1.88+4-4editors/tp-note/distinfo
1.114+3-3editors/tp-note/Makefile
1.86+0-0editors/tp-note/cargo-depends.mk
+7-73 files

NetBSD/pkgsrc zHfDXOKdoc CHANGES-2026

   doc: Updated chat/senpai to 0.5.0
VersionDeltaFile
1.3503+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc RyWMq8Ochat/senpai distinfo go-modules.mk

   chat/senpai: update to 0.5.0

   This large senpai release brings 1 year of features
   and bug fixes!

   Major features:
   - Take a /SCREENSHOT from senpai, uploading it to
     your bouncer
   - Do an /UPLOAD from your clipboard by pasting an
     image with Ctrl+Alt+V
   - Customize your keyboard shortcuts with the shortcuts
     config directive, see man 5 senpai for details
   - Enable lightweight spell-check from your config,
     using harper-ls if installed
   - Pin/mute channels and users (ignore coming soon),
     saved across your bouncer

   Minor features:
   - irc:// links are now properly handled everywhere!

    [77 lines not shown]
VersionDeltaFile
1.6+40-22chat/senpai/distinfo
1.5+12-6chat/senpai/go-modules.mk
1.46+2-3chat/senpai/Makefile
+54-313 files

NetBSD/pkgsrc StuaAkbdoc CHANGES-2026

   doc: Updated audio/ncspot to 1.3.4
VersionDeltaFile
1.3502+2-1doc/CHANGES-2026
+2-11 files

LLVM/project 3570e9dutils/bazel/llvm-project-overlay/compiler-rt BUILD.bazel

[bazel] Exclude `profile_rocm` related file for now.

This has been intrdocued in #201606.
DeltaFile
+5-2utils/bazel/llvm-project-overlay/compiler-rt/BUILD.bazel
+5-21 files

NetBSD/pkgsrc 7GPLKTXaudio/ncspot distinfo cargo-depends.mk

   audio/ncspot: update to 1.3.4

   Maintenance release

   Minor updates, including a crash fix when a user tries to add a song to an existing playlist and dependency updates.
   What's Changed

       Fix crash when adding a song to a playlist by @AnAngryRaven in #1783
       chore(toolchain): update by @hrkfdn in #1785
       chore(deps): bump the cargo group across 1 directory with 11 updates by @dependabot[bot] in #1787
       test: add queue unit tests, fix shuffle append bug by @hrkfdn in #1788
       chore(deps): bump chrono from 0.4.43 to 0.4.44 in the cargo group by @dependabot[bot] in #1791
       chore(deps): bump the cargo group with 3 updates by @dependabot[bot] in #1792
       chore(deps): bump quinn-proto from 0.11.13 to 0.11.14 by @dependabot[bot] in #1794
       chore(toolchain): update by @hrkfdn in #1796
       chore(deps): bump the cargo group with 3 updates by @dependabot[bot] in #1797
       chore(deps): bump rustls-webpki from 0.103.8 to 0.103.10 by @dependabot[bot] in #1798
       chore(deps): bump softprops/action-gh-release from 2 to 3 in the github-actions group by @dependabot[bot] in #1807
       chore(deps): bump rand from 0.10.0 to 0.10.1 by @dependabot[bot] in #1809

    [7 lines not shown]
VersionDeltaFile
1.58+214-148audio/ncspot/distinfo
1.47+70-48audio/ncspot/cargo-depends.mk
1.87+4-4audio/ncspot/Makefile
+288-2003 files

NetBSD/pkgsrc M9ybApGdoc CHANGES-2026

   doc: Updated devel/garden to 2.6.0
VersionDeltaFile
1.3501+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc XIGefKedevel/garden distinfo cargo-depends.mk

   devel/garden: update to 2.6.0

   v2.6.0 Released 2026-03-14

   Features:

   garden <custom-cmd> now has a -x | --echo option that enables the shell's
   native echo mode.

   Packaging:

   Prebuilt binaries for Apple Darwin aarch64
   are now available.

   Garden can now be installed directly via
   Homebrew on macOS.
   The garden-rs/homebrew-garden tap repository has been archived and is no
   longer maintained.
VersionDeltaFile
1.26+508-472devel/garden/distinfo
1.26+168-156devel/garden/cargo-depends.mk
1.27+4-4devel/garden/Makefile
+680-6323 files