NetBSD/pkgsrc jsuQvaxdoc CHANGES-2026 TODO

   doc: Updated archivers/xz to 5.8.3
VersionDeltaFile
1.2037+2-1doc/CHANGES-2026
1.27031+2-1doc/TODO
+4-22 files

NetBSD/pkgsrc SIst9Ararchivers/xz PLIST distinfo

   xz: update to 5.8.3.

   5.8.3 (2026-03-31)

       IMPORTANT: This includes a fix for CVE-2026-34743 which affects all
       XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x
       releases will be made, but the fix is in the v5.2, v5.4, and v5.6
       branches in the xz Git repository.

       * liblzma:

           - Fix a buffer overflow in lzma_index_append(): If
             lzma_index_decoder() was used to decode an Index that
             contained no Records, the resulting lzma_index was left in
             a state where where a subsequent lzma_index_append() would
             allocate too little memory, and a buffer overflow would occur.

             The lzma_index functions are rarely used by applications
             directly. In the few applications that do use these functions,

    [35 lines not shown]
VersionDeltaFile
1.23+24-1archivers/xz/PLIST
1.43+4-4archivers/xz/distinfo
1.57+3-3archivers/xz/Makefile
+31-83 files

NetBSD/pkgsrc spWk1Drdoc CHANGES-2026

   doc: Updated lang/sbcl to 2.6.3
VersionDeltaFile
1.2036+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 3XB6vbtlang/sbcl distinfo Makefile

   sbcl: update to 2.6.3

   * minor incompatible change: (MAKE-ARRAY X :ELEMENT-TYPE 'UNDEFINED)
     now signals an error, consistent with (UPGRADED-ARRAY-ELEMENT-TYPE
     'UNDEFINED).
   * platform support:
     ** fix disassembler on ppc for the MFLR and ISEL instructions
     ** the Lisp Return Address object (as part of the Lisp calling
        convention) is no longer needed or supported on PPC, SPARC,
        MIPS or ARM.
     ** remove sensitivity to SBCL init files when building
         embedcore-sbcl.
     ** add support for the ADCX and ADOX instructions on x86-64.
     ** on PPC64, indicate the number of return values through flags,
        making function calls four times faster.
     ** fix FFI involving int128 arguments on x86-64
     ** fix build on OpenIndiana/x86-64
     ** fix build on Haiku/x86-64
   * bug fix: improved stability of (particularly) the mark-region

    [32 lines not shown]
VersionDeltaFile
1.88+4-4lang/sbcl/distinfo
1.115+2-2lang/sbcl/Makefile
+6-62 files

NetBSD/pkgsrc scJVYVrdoc CHANGES-2026

   doc: Updated sysutils/ncdu2 to 2.9.2
VersionDeltaFile
1.2035+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc qZchT3Nsysutils/ncdu2 distinfo Makefile

   ncdu: update to 2.9.2.

   2.9.2 - 2025-10-24
        - Still requires Zig 0.14 or 0.15
        - Fix hang on loading config file when compiled with Zig 0.15.2

   2.9.1 - 2025-08-21
        - Add support for building with Zig 0.15
        - Zig 0.14 is still supported

   2.9 - 2025-08-16
        - Still requires Zig 0.14
        - Add --delete-command option to replace the built-in file deletion
        - Move term cursor to selected option in delete confirmation window
        - Support binary import on older Linux kernels lacking statx() (may break
          again in the future, Zig does not officially support such old kernels)
VersionDeltaFile
1.5+4-4sysutils/ncdu2/distinfo
1.10+2-2sysutils/ncdu2/Makefile
+6-62 files

NetBSD/pkgsrc mw1nwzngames/lgogdownloader Makefile

   lgogdownloader: now needs C++17 (jsoncpp)
VersionDeltaFile
1.93+5-3games/lgogdownloader/Makefile
+5-31 files

NetBSD/pkgsrc Q0zEzn4devel/protobuf Makefile

   protobuf: mark as needing gcc>=13

   link to upstream bug report

   PR 60138.
VersionDeltaFile
1.103+4-1devel/protobuf/Makefile
+4-11 files

NetBSD/pkgsrc etBJQiLlang/ruby rubyversion.mk

   lang/ruby: fix build problem of ruby34

   Fix build problem of ruby34, correcting version of pstore gem.
VersionDeltaFile
1.317+2-2lang/ruby/rubyversion.mk
+2-21 files

NetBSD/pkgsrc 0wUwHBFdoc CHANGES-pkgsrc-2026Q1

   doc: update for tickets 7058, 7060-7066
VersionDeltaFile
1.1.2.3+55-1doc/CHANGES-pkgsrc-2026Q1
+55-11 files

NetBSD/pkgsrc 18J6k2zmail/roundcube distinfo Makefile.common, mail/roundcube-plugin-password distinfo

   Pullup ticket #7066 - requested by taca
   mail/roundcube-plugin-password: Security fix
   mail/roundcube: Security fix

   Revisions pulled up:
   - mail/roundcube-plugin-password/distinfo                       1.45
   - mail/roundcube/Makefile                                       1.103
   - mail/roundcube/Makefile.common                                1.43
   - mail/roundcube/distinfo                                       1.99

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Sun Mar 29 14:31:59 UTC 2026

      Modified Files:
        pkgsrc/mail/roundcube: Makefile Makefile.common distinfo
        pkgsrc/mail/roundcube-plugin-password: distinfo


    [21 lines not shown]
VersionDeltaFile
1.98.2.1+4-4mail/roundcube/distinfo
1.44.2.1+4-4mail/roundcube-plugin-password/distinfo
1.42.2.1+2-2mail/roundcube/Makefile.common
1.102.2.1+1-2mail/roundcube/Makefile
+11-124 files

NetBSD/pkgsrc nUjVf7Fdoc CHANGES-2026

   doc: Added misc/raspberrypi-usbboot version 1.0
VersionDeltaFile
1.2034+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc esegfMDmisc Makefile

   misc: add raspberrypi-usbboot
VersionDeltaFile
1.675+2-1misc/Makefile
+2-11 files

NetBSD/pkgsrc iphjykOmisc/raspberrypi-usbboot Makefile DESCR, misc/raspberrypi-usbboot/patches patch-Makefile patch-fmemopen.c

   misc: import raspberrypi-usbboot version 1.0

   This contains the Raspberry Pi USB device boot software known as rpiboot. The
   rpiboot tool provides a file server for loading software into memory on a
   Raspberry Pi for provisioning. By default, it boots the device with firmware
   that makes it appear to the host as a USB mass-storage device. The host
   operating system then treats it as a standard USB drive, allowing the filesystem
   to be accessed. An operating system image can be written to the device using the
   Raspberry Pi Imager.

   On Compute Module 4 and newer devices, rpiboot is also used to update the
   bootloader SPI flash EEPROM.

   Tested on macOS/amd64 and NetBSD/amd64.
VersionDeltaFile
1.1+39-0misc/raspberrypi-usbboot/patches/patch-Makefile
1.1+35-0misc/raspberrypi-usbboot/patches/patch-fmemopen.c
1.1+28-0misc/raspberrypi-usbboot/Makefile
1.1+10-0misc/raspberrypi-usbboot/DESCR
1.1+8-0misc/raspberrypi-usbboot/PLIST
1.1+7-0misc/raspberrypi-usbboot/distinfo
+127-06 files

NetBSD/pkgsrc Xqfm4Hcdatabases/ruby-activerecord80 distinfo, devel/ruby-activejob80 distinfo

   Pullup ticket #7062 - requested by taca
   databases/ruby-activerecord80: Security fix
   devel/ruby-activejob80: Security fix
   devel/ruby-activemodel80: Security fix
   devel/ruby-activestorage80: Security fix
   devel/ruby-activesupport80: Security fix
   devel/ruby-railties80: Security fix
   mail/ruby-actionmailbox80: Security fix
   mail/ruby-actionmailer80: Security fix
   textproc/ruby-actiontext80: Security fix
   www/ruby-actioncable80: Security fix
   www/ruby-actionpack80: Security fix
   www/ruby-actionview80: Security fix
   www/ruby-rails80: Security fix

   Revisions pulled up:
   - databases/ruby-activerecord80/distinfo                        1.6
   - devel/ruby-activejob80/distinfo                               1.6
   - devel/ruby-activemodel80/distinfo                             1.6

    [126 lines not shown]
VersionDeltaFile
1.5.4.1+4-4mail/ruby-actionmailer80/distinfo
1.5.4.1+4-4databases/ruby-activerecord80/distinfo
1.5.4.1+4-4devel/ruby-activejob80/distinfo
1.5.4.1+4-4devel/ruby-activemodel80/distinfo
1.5.4.1+4-4devel/ruby-activestorage80/distinfo
1.5.4.1+4-4devel/ruby-activesupport80/distinfo
+24-2410 files not shown
+56-5816 files

NetBSD/pkgsrc iqK8mCndevel/ruby-activejob72 distinfo, devel/ruby-activemodel72 distinfo

   Pullup ticket #7061 - requested by taca
   databases/ruby-activerecord72: Security fix
   devel/ruby-activejob72: Security fix
   devel/ruby-activemodel72: Security fix
   devel/ruby-activestorage72: Security fix
   devel/ruby-activesupport72: Security fix
   devel/ruby-activesupport72: Security fix
   devel/ruby-railties72: Security fix
   devel/ruby-railties72: Security fix
   lang/ruby: Security fix
   mail/ruby-actionmailbox72: Security fix
   mail/ruby-actionmailer72: Security fix
   textproc/ruby-actiontext72: Security fix
   www/ruby-actioncable72: Security fix
   www/ruby-actionpack72: Security fix
   www/ruby-actionpack72: Security fix
   www/ruby-actionview72: Security fix
   www/ruby-rails72: Security fix


    [123 lines not shown]
VersionDeltaFile
1.3.4.1+4-4devel/ruby-activejob72/distinfo
1.3.4.1+4-4devel/ruby-activemodel72/distinfo
1.3.4.1+4-4devel/ruby-activestorage72/distinfo
1.3.4.1+4-4www/ruby-actionview72/distinfo
1.3.4.1+4-4devel/ruby-activesupport72/distinfo
1.3.4.1+4-4devel/ruby-railties72/distinfo
+24-2411 files not shown
+57-6017 files

NetBSD/pkgsrc 4LtVefvdoc CHANGES-2026

   doc: Updated net/dnsdist to 2.0.3
VersionDeltaFile
1.2033+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 2PvnEUznet/dnsdist distinfo Makefile, net/dnsdist/patches patch-dnsdist-protobuf.cc

   net/dnsdist: Update to version 2.0.3

   Provided by Marcin Gondek in wip.

   Improvements

   Add a metric for the latency of the latest health-check
   Export DNS flags via ProtoBuf
   Add a histogram of health-check latencies for backends

   Bug Fixes

   CVE-2026-0396: An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either "DynBlockRulesGroup:setSuffixMatchRule" or "DynBlockRulesGroup:setSuffixMatchRuleFFI"
   CVE-2026-0397: When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged into the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard
   CVE-2026-24028: An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses "newDNSPacketOverlay" to parse DNS packets
   CVE-2026-24029: When the "early_acl_drop" ("earlyACLDrop" in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the "nghttp2" provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL
   CVE-2026-24030: An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in denial of service
   CVE-2026-27853: An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the "DNSQuestion:changeName" or "DNSResponse:changeName" methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service
   CVE-2026-27854: Denial of service when using "DNSQuestion:getEDNSOptions" method in custom Lua code

    [8 lines not shown]
VersionDeltaFile
1.24+4-5net/dnsdist/distinfo
1.47+2-3net/dnsdist/Makefile
1.2+1-1net/dnsdist/patches/patch-dnsdist-protobuf.cc
+7-93 files

NetBSD/pkgsrc CbZ0xAodevel/ruby-redmine51 distinfo Makefile, devel/ruby-redmine51/patches patch-Gemfile

   Pullup ticket #7065 - requested by taca
   devel/ruby-redmine51: Security fix

   Revisions pulled up:
   - devel/ruby-redmine51/Makefile                                 1.21
   - devel/ruby-redmine51/PLIST                                    1.8
   - devel/ruby-redmine51/distinfo                                 1.15
   - devel/ruby-redmine51/patches/patch-Gemfile                    1.9

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Sun Mar 29 14:01:03 UTC 2026

      Modified Files:
        pkgsrc/devel/ruby-redmine51: Makefile PLIST distinfo
        pkgsrc/devel/ruby-redmine51/patches: patch-Gemfile

      Log Message:
      doc: Updated devel/ruby-redmine60 to 6.0.9
VersionDeltaFile
1.14.2.1+5-5devel/ruby-redmine51/distinfo
1.8.2.1+4-4devel/ruby-redmine51/patches/patch-Gemfile
1.20.2.1+2-3devel/ruby-redmine51/Makefile
1.7.2.1+2-1devel/ruby-redmine51/PLIST
+13-134 files

NetBSD/pkgsrc 5d2b0YNdoc CHANGES-2026

   Updated net/ngtcp2, converters/py-cairosvg
VersionDeltaFile
1.2032+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc tGytzmTconverters/py-cairosvg distinfo Makefile

   py-cairosvg: updated to 2.9.0

   2.9.0

   Version 2.9.0 released on 2026-03-13

   WARNING: this is a security update.

   Using a lot of recursively nested use tags could lead to long rendering times with relatively small inputs. CairoSVG now stops rendering when more than 100k use tags are rendered.

   Using the --unsafe option allows to render larger documents.

   Drop support of Python 3.9, add support of Python 3.14
VersionDeltaFile
1.23+4-4converters/py-cairosvg/distinfo
1.32+2-2converters/py-cairosvg/Makefile
+6-62 files

NetBSD/pkgsrc gYaBhHznet/ngtcp2 distinfo Makefile

   ngtcp2: updated to 1.22.0

   1.22.0

   Consistent hex literals and integer suffixes
   Add missing entries to .gitignore
   Deprecate quictls
   Introduce struct ngtcp2_stateless_reset_token
   Fix assertion failure without get_new_connection_id
   Migrate to new callbacks
   Add ngtcp2_pkt_write_stateless_reset2
   Add missing callbacks to callbacks test
   Add ngtcp2_conn_get_active_dcid2 and ngtcp2_cid_token2
   Prefer sizeof token instead of integer constant
   Introduce struct ngtcp2_path_challenge_data
   Store cid and token directly into frame
   tests: Remove xcid_init in favor of make_xcid
   tests: Inline initialization for transport parameters tests
   tests: Make shared crypto objects static const

    [59 lines not shown]
VersionDeltaFile
1.34+4-4net/ngtcp2/distinfo
1.35+2-2net/ngtcp2/Makefile
1.31+2-2net/ngtcp2/PLIST
+8-83 files

NetBSD/pkgsrc 0lK0iVMdoc CHANGES-2026

   Updated math/py-numpy, devel/py-pygit2, devel/py-async-lru
VersionDeltaFile
1.2031+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc ktScTQMdevel/py-async-lru distinfo Makefile

   py-async-lru: updated to 2.3.0

   2.3.0

   Added cache_contains() for read-only key lookup.
   Changed cross-loop cache access to auto-reset and rebind to the current event loop.
   Added AlruCacheLoopResetWarning when an auto-reset happens due to event loop change.
   Forwarded cache_close(wait=...) for bound methods.
VersionDeltaFile
1.5+4-4devel/py-async-lru/distinfo
1.5+2-2devel/py-async-lru/Makefile
+6-62 files

NetBSD/pkgsrc NndIT3Ddevel/py-pygit2 distinfo Makefile

   py-pygit2: updated to 1.19.2

   1.19.2 (2026-03-29)

   - Fix refcount and error handling issues in `filter_register(...)`
   - Fix config with valueless keys
   - New `Repository.load_filter_list(...)` and `FilterList`
   - New `Odb.read_header(...)` and now `Odb.read(...)` returns `enums.ObjectType` instead of int
   - Build and CI fixes
VersionDeltaFile
1.35+4-4devel/py-pygit2/distinfo
1.48+2-2devel/py-pygit2/Makefile
1.17+2-1devel/py-pygit2/PLIST
+8-73 files

NetBSD/pkgsrc xZU3Fwqmath/py-numpy distinfo Makefile

   py-numpy: updated to 2.4.4

   2.4.4

   MAINT: Prepare 2.4.x for further development
   BUG: Add test to reproduce problem
   BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP
   BUG: avoid warning on ufunc with where=True and no output
   DOC: document caveats of ndarray.resize on 3.14 and newer
   TST: fix POWER VSX feature mapping
   MAINT: numpy.i: Replace deprecated ``sprintf`` with ``snprintf``...
VersionDeltaFile
1.111+4-4math/py-numpy/distinfo
1.149+2-2math/py-numpy/Makefile
+6-62 files

NetBSD/pkgsrc LgnFjI9devel/ruby-redmine60 distinfo Makefile, devel/ruby-redmine60/patches patch-Gemfile

   Pullup ticket #7064 - requested by taca
   devel/ruby-redmine60: Security fix

   Revisions pulled up:
   - devel/ruby-redmine60/Makefile                                 1.13
   - devel/ruby-redmine60/PLIST                                    1.7
   - devel/ruby-redmine60/distinfo                                 1.9
   - devel/ruby-redmine60/patches/patch-Gemfile                    1.7

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Sun Mar 29 13:59:32 UTC 2026

      Modified Files:
        pkgsrc/devel/ruby-redmine60: Makefile PLIST distinfo
        pkgsrc/devel/ruby-redmine60/patches: patch-Gemfile

      Log Message:

    [57 lines not shown]
VersionDeltaFile
1.6.2.1+7-11devel/ruby-redmine60/patches/patch-Gemfile
1.8.2.1+5-5devel/ruby-redmine60/distinfo
1.12.2.1+2-3devel/ruby-redmine60/Makefile
1.6.2.1+2-1devel/ruby-redmine60/PLIST
+16-204 files

NetBSD/pkgsrc 4h6Elakdevel/ruby-redmine61 distinfo Makefile, devel/ruby-redmine61/patches patch-Gemfile

   Pullup ticket #7063 - requested by taca
   devel/ruby-redmine61: Security fix

   Revisions pulled up:
   - devel/ruby-redmine61/Makefile                                 1.2
   - devel/ruby-redmine61/PLIST                                    1.2
   - devel/ruby-redmine61/distinfo                                 1.2
   - devel/ruby-redmine61/patches/patch-Gemfile                    1.2

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Sun Mar 29 13:57:44 UTC 2026

      Modified Files:
        pkgsrc/devel/ruby-redmine61: Makefile PLIST distinfo
        pkgsrc/devel/ruby-redmine61/patches: patch-Gemfile

      Log Message:

    [93 lines not shown]
VersionDeltaFile
1.1.2.1+2-10devel/ruby-redmine61/patches/patch-Gemfile
1.1.2.1+4-4devel/ruby-redmine61/distinfo
1.1.2.1+1-1devel/ruby-redmine61/Makefile
1.1.2.1+2-0devel/ruby-redmine61/PLIST
+9-154 files

NetBSD/pkgsrc 6d3PPZEdoc CHANGES-2026

   doc: Updated x11/xscreensaver to 6.15
VersionDeltaFile
1.2030+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc kU3F0i9x11/xscreensaver PLIST distinfo, x11/xscreensaver/patches patch-hacks_glx_xshadertoy.c patch-hacks_glx_Makefile.in

   x11/xscreensaver: Update to v6.15

   Upstream lists all the cool new features at
   <https://www.jwz.org/blog/2026/03/xscreensaver-6-15/>.

   Remove upstreamed patches.
VersionDeltaFile
1.62+39-0x11/xscreensaver/PLIST
1.101+4-6x11/xscreensaver/distinfo
1.180+2-3x11/xscreensaver/Makefile
1.2+1-1x11/xscreensaver/patches/patch-hacks_glx_xshadertoy.c
1.2+1-1x11/xscreensaver/patches/patch-hacks_glx_Makefile.in
+47-115 files