BSD Commit Log Search

   Add a missing empty line

   Pullup tickets #7110 and #7111

   Pullup ticket #7111 - requested by morr
   editors/vim: security fix

   Revisions pulled up:
   - editors/vim-share/PLIST                                       1.88
   - editors/vim-share/distinfo                                    1.232-1.233
   - editors/vim-share/patches/patch-feature.h                     1.9
   - editors/vim-share/patches/patch-popupwin.c                    1.4
   - editors/vim-share/patches/patch-vim.h                         1.4
   - editors/vim-share/version.mk                                  1.168-1.169

   ---
      Module Name:    pkgsrc
      Committed By:   morr
      Date:           Wed May  6 20:26:50 UTC 2026

      Modified Files:
              pkgsrc/editors/vim-share: PLIST distinfo version.mk
              pkgsrc/editors/vim-share/patches: patch-feature.h patch-popupwin.c

    [124 lines not shown]

   Pullup ticket #7110 - requested by taca
   graphics/lcms2: security fix

   Revisions pulled up:
   - graphics/lcms2/Makefile                                       1.24
   - graphics/lcms2/distinfo                                       1.17

   ---
      Module Name:      pkgsrc
      Committed By:     wiz
      Date:             Thu Apr 30 05:13:08 UTC 2026

      Modified Files:
        pkgsrc/graphics/lcms2: Makefile distinfo

      Log Message:
      lcms2: update to 2.19.

      All tests pass.

    [67 lines not shown]

   Pullup tickets up to #7109

   Pullup ticket #7104 - requested by taca
   lang/ruby34: security fix

   Revisions pulled up:
   - lang/ruby/rubyversion.mk                                      1.321
   - lang/ruby34/Makefile                                          1.8
   - lang/ruby34/distinfo                                          1.14
   - lang/ruby34/patches/patch-lib_erb.rb                          1.1
   - lang/ruby34/patches/patch-lib_erb_version.rb                  1.1
   - lang/ruby34/patches/patch-test_erb_test__erb.rb               1.1

   ---
      Module Name:      pkgsrc
      Committed By:     taca
      Date:             Wed May  6 05:15:35 UTC 2026

      Modified Files:
        pkgsrc/lang/ruby: rubyversion.mk
        pkgsrc/lang/ruby34: Makefile distinfo

    [10 lines not shown]

   doc: Updated textproc/p5-YAML-Syck to 1.45

   p5-YAML-Syck: update to 1.45.

   1.45 Apr 23 2026

     [Bug Fixes]
     - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
       in base64 encode/decode buffers; also plugs a memory leak (PR #189)
     - Fix: clear type tag on blessed scalar alias early-return so the stale
       tag no longer leaks onto the next emitted item (GH #193, PR #194)
     - Fix: negative float#base60 values produce wrong results; strip sign
       before accumulating and avoid negative zero for portable
       stringification (PR #191)
     - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
       (PR #192)

     [Maintenance]
     - Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
     - Test: add error handling coverage for LoadFile/DumpFile (PR #190)
     - Update README

    [149 lines not shown]

   doc: Updated www/p5-libwww to 6.83

   p5-libwww: update to 6.83.

   6.83      2026-05-12 11:41:48Z
       - LWP::UserAgent now strips Authorization and Proxy-Authorization headers
         on cross-origin redirects (a different scheme, host, or port) to prevent
         credential leakage to the redirect target. Same-origin redirects retain
         credentials. Opt out with allow_credentialed_redirects => 1.
         CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
         Palmquist.
       - LWP::UserAgent now refuses https to http redirects by default to prevent
         leaking remaining request headers and bodies over plaintext. Opt in with
         allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
         Stig Palmquist.

   doc: Updated www/cgit to 1.3nb1

   cgit: install man page

   While here, simplify package.

   Bump PKGREVISION.

   Fixes PR 60252.

   doc: Updated games/greed to 5.0

   greed: update to 5.0.

   Ported to Rust.

   doc: Updated graphics/lcms2 to 2.19.1

   graphics/lcms2: Update to 2.19.1

   This is a bugfix release.

   Note that one can use cmake, but upstream has not yet declared that to
   be the official build system, so decline to switch.  (As usual, the
   autoconf build works fine.)

   doc/TODO: update SOGo and dovecot

   + SOGo-5.12.8, SOPE-5.12.8, dovecot-2.4.2, dovecot2-pigeonhole-2.4.4.

   (print/tex-pdftex-doc) Fix build, missing REPLACE_BASH

   nodejs: set GCC_REQD+=14

   Added lang/py-ast-serialize; Updated lang/py-mypy

   py-mypy: updated to 2.1.0

   2.1
   librt.vecs: Fast Growable Array Type for Mypyc
   librt.random: Fast Pseudo-Random Number Generation
   Mypyc Improvements
   Fixes to Crashes
   Changes to Messages
   Other Notable Fixes and Improvements
   - Rely on typeshed stubs for `slice` typing
   - Improve negative narrowing for membership checks on tuples
   - Narrow match captures based on previous cases
   - Fix nondeterminism in overload resolution
   - Respect file config comments for stale modules
   - Fix JSON output mode for syntax errors in parallel mode
   - Fix type variable with values as a supertype
   - Add support for configuring `--num-workers` with an environment variable
   - Respect JSON output mode for syntax errors
   - Analyze `TypedDict` decorators

   py-ast-serialize: added version 0.3.0

   This is a fast Python extension for parsing Python files and serializing the
   AST using the native binary format used by mypy. This will eventually replace
   the current mypy parser, which uses the Python stdlib ast module for parsing.

   py-ruff: bump RUST_REQ; use PY_RENAME_BINARIES

   doc: Fix up packer entry.

   packer: Revert due to stupid license shenanigans.

   Add a note for the next unlucky person to find when they try to update.

   Updated print/py-reportlab, time/py-tempora

   py-tempora: updated to 5.9.0

   v5.9.0

   Features
   - Schedule.PeriodicCommand objects now retain custom attributes across 'next' instances.
   - DelayedCommand now renders the target and execution time in __str__.

   py-reportlab: updated to 4.5.0

   CHANGES  4.5.0   27/02/2026

   * shapes.py fix Group.asDrawing
   * fix __rl_get_module__ for Python 3.15
   * moved extformat.py elsewhere
   * added combineTransforms
   * improve colors.cssParse suggested by moritz dot schreiber at tu-ilmenau dot de
   * change None to mean no-draw in acroform.py: Cozmin Velciu cozmin dot velciu at gmail dot com
   * extend allowTableBoundsErrors scope: James Beith james dot beith at kraken dot tec

   doc: Updated sysutils/packer to 1.15.3

   packer: Update to 1.15.3.

   Around 800 lines of changes since 1.9.5, see the upstream changelog at
   https://github.com/hashicorp/packer/blob/main/CHANGELOG.md for full details.