net-mgmt/monitoring-plugins: Update to 3.0.1
*) Security: fix a potential local privilege escalation in check_icmp,
which might be possible if check_icmp runs with setuid (the default)
*) Change: check_nt, check_ntp, check_nwstat and check_overcr were
removed upstream; check_ntp is replaced by check_ntp_time and
check_ntp_peer
*) Change: check_http is deprecated in favor of check_curl
*) Change: check_snmp now uses net-snmp natively instead of executing
snmpget
*) Change: generalized, mostly multi-line output for many plugins
*) Fix: check_curl now populates the DNS cache when the hostname is
resolved locally
Release Notes:
https://github.com/monitoring-plugins/monitoring-plugins/releases/tag/v3.0.1
PR: 296451
[3 lines not shown]
net-mgmt/monitoring-plugins: Update to 3.0.1
*) Security: fix a potential local privilege escalation in check_icmp,
which might be possible if check_icmp runs with setuid (the default)
*) Change: check_nt, check_ntp, check_nwstat and check_overcr were
removed upstream; check_ntp is replaced by check_ntp_time and
check_ntp_peer
*) Change: check_http is deprecated in favor of check_curl
*) Change: check_snmp now uses net-snmp natively instead of executing
snmpget
*) Change: generalized, mostly multi-line output for many plugins
*) Fix: check_curl now populates the DNS cache when the hostname is
resolved locally
Release Notes:
https://github.com/monitoring-plugins/monitoring-plugins/releases/tag/v3.0.1
PR: 296451
Sponsored by: Netzkommune GmbH
www/nginx-devel: Update to 1.31.3
Changes:
*) Security: heap buffer overflow when using the map directive with
regex matching (CVE-2026-42533)
*) Security: uninitialized memory access when using unnamed regex
captures with the "slice" directive or background cache update
(CVE-2026-60005)
*) Security: use-after-free when processing a specially crafted
proxied backend response with the ngx_http_ssi_filter_module
(CVE-2026-56434)
*) Change: the size of headers and trailers in HTTP/2 responses in
the ngx_http_proxy_v2_module and ngx_http_grpc_module is now
limited with "proxy_buffer_size" and "grpc_buffer_size"
*) Feature: the "xml_external_entities" directive in the
ngx_http_xslt_filter_module; loading of external entities is now
disabled by default
[11 lines not shown]
www/nginx-devel: Update to 1.31.3
Changes:
*) Security: heap buffer overflow when using the map directive with
regex matching (CVE-2026-42533)
*) Security: uninitialized memory access when using unnamed regex
captures with the "slice" directive or background cache update
(CVE-2026-60005)
*) Security: use-after-free when processing a specially crafted
proxied backend response with the ngx_http_ssi_filter_module
(CVE-2026-56434)
*) Change: the size of headers and trailers in HTTP/2 responses in
the ngx_http_proxy_v2_module and ngx_http_grpc_module is now
limited with "proxy_buffer_size" and "grpc_buffer_size"
*) Feature: the "xml_external_entities" directive in the
ngx_http_xslt_filter_module; loading of external entities is now
disabled by default
[9 lines not shown]
www/remark42: update to 1.16.4
Switch build toolchain from npm-node22 to npm-node24. The frontend
switched to pnpm workspaces but the app has no intra-repo dependencies,
so npm continues to work with COREPACK_ENABLE_STRICT=0.