NetBSD/pkgsrc 0vtSpYstime/xclock Makefile

   xclock: set app defaults dir
VersionDeltaFile
1.20+3-1time/xclock/Makefile
+3-11 files

NetBSD/pkgsrc j5qOiREdoc CHANGES-2026

   Updated devel/py-ijson, misc/py-tqdm, converters/py-charset-normalizer, www/py-uvicorn
VersionDeltaFile
1.4344+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc pjliPrpdoc CHANGES-2026 TODO

   doc: Updated devel/p5-String-Util to 1.36
VersionDeltaFile
1.4343+2-1doc/CHANGES-2026
1.27553+2-1doc/TODO
+4-22 files

NetBSD/pkgsrc OoCkjG8devel/p5-String-Util distinfo Makefile

   p5-String-Util: update to 1.36.

   Changes not available, but:
   String::Util versions before 1.36 for Perl are susceptible to a regular
   expression denial of service.
VersionDeltaFile
1.9+4-4devel/p5-String-Util/distinfo
1.17+2-2devel/p5-String-Util/Makefile
+6-62 files

NetBSD/pkgsrc 0gziz6awww/py-uvicorn distinfo Makefile

   py-uvicorn: updated to 0.50.2

   0.50.2 (July 6, 2026)

   Fixed

   Require websockets>=13.0, which the default websockets-sansio implementation needs

   0.50.1 (July 6, 2026)

   Fixed

   Split comma-separated Sec-WebSocket-Protocol values in the websockets-sansio implementation

   0.50.0 (July 4, 2026)

   If you use WebSockets, note that --ws auto now picks the websockets-sansio implementation. You shouldn't need it, but you can pin --ws websockets to get the deprecated legacy one back.

   Changed

    [14 lines not shown]
VersionDeltaFile
1.58+4-4www/py-uvicorn/distinfo
1.67+3-3www/py-uvicorn/Makefile
1.16+4-1www/py-uvicorn/PLIST
+11-83 files

NetBSD/pkgsrc ObjnJvYconverters/py-charset-normalizer distinfo Makefile

   py-charset-normalizer: updated to 3.4.9

   3.4.9

   Fixed
   - Regression in our fallback path leading to a decode error.
     We've yanked 3.4.8 as a result of that bug.
VersionDeltaFile
1.28+4-4converters/py-charset-normalizer/distinfo
1.30+2-2converters/py-charset-normalizer/Makefile
+6-62 files

NetBSD/pkgsrc aTp2uDxmisc/py-tqdm distinfo PLIST

   py-tqdm: updated to 4.68.4

   4.68.4

   trim to ncols even when '{bar}' not in bar_format
   fix tqdm.write when stdout=None
VersionDeltaFile
1.51+4-4misc/py-tqdm/distinfo
1.19+5-1misc/py-tqdm/PLIST
1.59+2-2misc/py-tqdm/Makefile
+11-73 files

NetBSD/pkgsrc YZNCg5edevel/py-ijson distinfo Makefile

   py-ijson: updated to 3.5.1

   3.5.1

   * The internal `ijson.common.ObjectBuilder` no longer creates internal reference
     cycles, so discarded builders are freed by reference counting instead
     of waiting for a cyclic garbage collection pass. This lowers peak
     memory usage for code that builds and discards one large object at a
     time. As a side effect, `builder.value` is now `None` before any
     event is processed (previously accessing it raised `AttributeError`),
     and the undocumented `containers` attribute holds the in-progress
     containers rather than setter closures.
VersionDeltaFile
1.8+4-4devel/py-ijson/distinfo
1.10+2-2devel/py-ijson/Makefile
+6-62 files

NetBSD/pkgsrc ZmV9NPgdoc CHANGES-2026

   doc: Updated databases/p5-DBI to 1.650
VersionDeltaFile
1.4342+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc tUzI4eRdatabases/p5-DBI distinfo Makefile

   p5-DBI: update to 1.650.

   1.650 - 2026-07-06, H.Merijn Brand & Robert Rothenberg
       * Set a hard limit of 99999 on '?' placeholders (CVE-2026-14739)
       * Fix out-of-bounds read in preparse of SQL that starts with a comment (CVE-2026-14740)
       * Fix code injection via Profile DSN attribute or DBI_PROFILE variable (CVE-2026-14380)
       * Update dbipport.h to Devel::PPPort-3.73
       * Require Test::More 0.96 (tests will otherwise fail on pristine perl-5.12)
VersionDeltaFile
1.62+4-4databases/p5-DBI/distinfo
1.98+2-2databases/p5-DBI/Makefile
+6-62 files

NetBSD/pkgsrc p2Vn188doc CHANGES-2026

   doc: Updated wayland/xwayland to 24.1.13
VersionDeltaFile
1.4341+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc kHFg3Kzwayland/xwayland distinfo Makefile

   xwayland: update to 24.1.13.

   This release contains the fixes for the issues reported in today's
   security advisory:
   https://lists.x.org/archives/xorg-announce/2026-July/003716.html

    -  CVE-2026-55999: glamor Font Atlas Heap Buffer Overflow
    -  CVE-2026-56000: GLX contextTags Use-After-Free in CommonMakeCurrent()

   In addition we have a few other smaller cleanup fixes.
VersionDeltaFile
1.5+4-4wayland/xwayland/distinfo
1.5+2-2wayland/xwayland/Makefile
+6-62 files

NetBSD/pkgsrc bzTlVQPdoc CHANGES-2026

   Updated x11/wxGTK32
VersionDeltaFile
1.4340+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc J4PUWcydoc CHANGES-2026

   doc: Updated x11/modular-xorg-xephyr to 21.1.24
VersionDeltaFile
1.4339+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc BYxWLF6doc CHANGES-2026

   doc: Updated x11/modular-xorg-server to 21.1.24
VersionDeltaFile
1.4338+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc PsaVgkKx11/modular-xorg-server distinfo Makefile.common

   modular-xorg-server: update to 21.1.24.

   This release contains the fixes for the issues reported in today's
   security advisory:
   https://lists.x.org/archives/xorg-announce/2026-July/003716.html

     -  CVE-2026-55999: glamor Font Atlas Heap Buffer Overflow
     -  CVE-2026-56000: GLX contextTags Use-After-Free in CommonMakeCurrent()

   As noted in the security advisory, CVE-2026-56000 seems to depend on a
   commit not previously in a 21.1.x release (but is present in this
   release). As far as we can tell, 21.1.23 and earlier are not vulnerable
   to CVE-2026-56000.

   On top of those we have few cleanup fixes backported to the 21.1 releases.
VersionDeltaFile
1.136+4-4x11/modular-xorg-server/distinfo
1.69+2-2x11/modular-xorg-server/Makefile.common
+6-62 files

NetBSD/pkgsrc 7zZU4XEdoc CHANGES-2026

   doc: Updated x11/libXfont2 to 2.0.8
VersionDeltaFile
1.4337+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc D2XAXIWx11/libXfont2 distinfo Makefile

   libXfont2: update to 2.0.8.

   This release contains the fixes for the issues reported in today's
   security advisory:

   https://lists.x.org/archives/xorg-announce/2026-July/003714.html

     - CVE-2026-56001: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
     - CVE-2026-56002: PCF Font Parsing Heap Buffer Overflow
     - CVE-2026-56003: computeProps Property Buffer Heap Buffer Overflow

   Additionally it contains a number of minor cleanup patches and the
   removal of a decades-obsolete compat API.
VersionDeltaFile
1.11+4-4x11/libXfont2/distinfo
1.20+2-2x11/libXfont2/Makefile
+6-62 files

NetBSD/pkgsrc 0IeJGhyx11/wxGTK32 distinfo Makefile

   wxGTK32: updated to 3.2.11

   3.2.11 includes an unusually huge amount of bug fixes for possible security
   problems, probably prompted by the increasing use of LLMs for finding them and
   also helped by the addition of extra fuzzers. Upgrading to this version is
   strongly recommended if you use any of the functions or classes mentioned below
   in untrusted contexts:

   Fix multiple buffer overflows in wxBMPHandler: when loading malformed BMP files with invalid RLE data
   Fix multiple buffer overflows in wxXPMDecoder
   Fix multiple problems in wxGIFHandler: reject more invalid GIFs and do it without leaking memory
   Fix buffer overflow in wxTarInputStream
   Fix out-of-bounds read in wxFileType::ExpandCommand()
   Fix buffer overflow in wxVsnprintf()
   Fix out-of-bounds read in wxRegEx::Replace()
   Fix out-of-bounds read in wxUString
   Fix wxDateTime::Format() handling of invalid format
   Fix buffer overflow in wxGethostby{addr,name}_r()
   Fix multiple buffer overflows in wxIFFDecoder: out-of-bounds palette write

    [8 lines not shown]
VersionDeltaFile
1.22+4-4x11/wxGTK32/distinfo
1.71+2-3x11/wxGTK32/Makefile
+6-72 files

NetBSD/pkgsrc 3FNGPTHdoc CHANGES-2026

   doc: Updated x11/xlsfonts to 1.0.9
VersionDeltaFile
1.4336+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc Mbl3nFqfonts/terminus-font Makefile

   terminus-font: reset maintainer

   Closes PR 60424
VersionDeltaFile
1.32+2-2fonts/terminus-font/Makefile
+2-21 files

NetBSD/pkgsrc sgc1JHux11/xlsfonts distinfo Makefile

   xlsfonts: update to 1.0.9.

   Alan Coopersmith (9):
         Simplify qsort() comparision function to just call strcmp()
         Add --help and --version options
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10`
         Strip trailing whitespace from source files
         IgnoreError: tell the compiler the arguments are intentionally unused
         gitlab CI: drop the ci-fairy check-mr job
         meson: Add option to build with meson
         xlsfonts 1.0.9
VersionDeltaFile
1.11+4-4x11/xlsfonts/distinfo
1.10+3-3x11/xlsfonts/Makefile
+7-72 files

NetBSD/pkgsrc h4c0QC8doc CHANGES-2026

   doc: Updated x11/xlsatoms to 1.1.5
VersionDeltaFile
1.4335+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 5PEN2zex11/xlsatoms distinfo Makefile

   xlsatoms: update to 1.1.5.

   Alan Coopersmith (8):
         add -help option
         Accept --help & --version as aliases to -help & -version
         man page: fix warnings from `mandoc -T lint`
         Strip trailing whitespace from source files
         gitlab CI: drop the ci-fairy check-mr job
         COPYING: Add missing Open Text copyright notice to file
         meson: Add option to build with meson
         xlsatoms 1.1.5
VersionDeltaFile
1.8+4-4x11/xlsatoms/distinfo
1.8+3-3x11/xlsatoms/Makefile
+7-72 files

NetBSD/pkgsrc 4gYwPJqdoc CHANGES-2026

   doc: Updated x11/xkbutils to 1.0.7
VersionDeltaFile
1.4334+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc W4K1rPex11/xkbutils distinfo Makefile

   xkbutils: update to 1.0.7.

   Alan Coopersmith (11):
         Assume target platforms have strcasecmp now
         Use _stricmp() instead of strcasecmp() on Windows
         xkbbell, xkbvleds, xkbwatch: Print usage message for unknown arguments
         xkbwatch: add -help option
         Accept --help & --version as aliases to -help & -version
         Improve man page formatting
         man page: fix warnings from `mandoc -T lint`
         Strip trailing whitespace from source files
         gitlab CI: drop the ci-fairy check-mr job
         meson: Add option to build with meson
         xkbutils 1.0.7

   Alexander Ziaee (1):
         documentation: improve utility descriptions

   Bjarni Ingi Gislason (1):
         xkbvleds.man: Fix WARNING: skipping paragraph macro: PP empty
VersionDeltaFile
1.8+4-4x11/xkbutils/distinfo
1.8+3-3x11/xkbutils/Makefile
+7-72 files

NetBSD/pkgsrc 0LZYYeJdoc CHANGES-2026

   doc: Updated www/chromium to 150.0.7871.46nb1
VersionDeltaFile
1.4333+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 63ubT94www/chromium Makefile

   chromium: fix build

   The cmake cargo package needs cmake.
VersionDeltaFile
1.66+3-1www/chromium/Makefile
+3-11 files

NetBSD/pkgsrc 3A325ZJdoc CHANGES-2026

   Updated devel/catch2, devel/log4cplus, net/qbittorrent
VersionDeltaFile
1.4332+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc Vs2xkx3net/qbittorrent distinfo Makefile

   qbittorrent: updated to 5.2.3

   5.2.3

   BUGFIX: Fix MIME header encoding in email to require ASCII (quinot)
   BUGFIX: Fix potential invalid migration procedure (Chocobo1)
   BUGFIX: Resolve relative UI theme paths (TurboTheTurtle)
   BUGFIX: Clear transfer filters when sections collapse (TurboTheTurtle)
   BUGFIX: Fix potential deadlock when database transaction failed (Chocobo1)
   BUGFIX: Fix wrong torrent tracker conversion (Chocobo1)
   BUGFIX: Fix wrong encoding for Web Seeds (Chocobo1)
   BUGFIX: Use stricter parsing for Peer Address inputs (Chocobo1)
   BUGFIX: Revise regex expression for parsing HTML links (Chocobo1)
   WEBUI: Correctly escape CSS query selector so the UI won't break (vafada)
   RSS: Fix feeds not following the specified interval (vafada)
   SEARCH: Fix plugin counting when updating (Chocobo1)
   WINDOWS: Avoid using invalid file attributes when renaming files (Chocobo1)
VersionDeltaFile
1.51+4-4net/qbittorrent/distinfo
1.103+2-2net/qbittorrent/Makefile
+6-62 files