lang/algol68g: update to 3.12.2
Version 3.12.0-2, April/May 2026
* Move from domain xs4all.nl to new domain algol68genie.nl.
* Minor fixes.
Version 3.11.0-3, March/April 2026
* Improves STRING handling.
* Minor fixes.
* Documentation updates.
* Adds environment enquiry "eof char".
* Adds operators CEIL, FIX, FLOOR, FRAC and TRUNC.
tk: updated to 8.6.18
8.6.18
Aqua: Non-menubar menu invisible if toplevel is on another display (chavez).
(bug) [a91b24] Correct macOSVersion on future macOS for older SDK builds (chavez)
(bug) [d93d96] Pointer arithmetic with NULL in ImgGetPhoto() (chavez)
(bug) [6c4795] leak in XCreateBitmapFromData() in ImgGetPhoto() (chavez)
(new) [04e173] Add support for Copy/Cut/Paste keys in X11 (nijtmans)
(bug) [95da0f] tkpWinRopModes[GXnoop] is R2_NOT, should be R2_NOP (chavez)
(bug) [2c240b] Install pkg-config file (oscarfv)
(bug) [816739] Install man pages (oscarfv)
[40 lines not shown]
py-django5: updated to 5.2.15
Django 5.2.15 fixes five security issues with severity “low” in 5.2.14.
CVE-2026-6873: Signed cookie salt namespace collision
get_signed_cookie() derived the signing salt by concatenating the cookie name (key) and salt arguments. When distinct name and salt pairs produced the same concatenation, cookies could be accepted in a context different from the one where they were signed.
Cookies are now signed with an unambiguous salt derivation. For backwards compatibility, cookies signed by older Django versions are accepted until Django 7.0. Projects affected by the above ambiguity should set SIGNED_COOKIE_LEGACY_SALT_FALLBACK to False to reject older cookies immediately.
This issue has severity “low” according to the Django security policy.
CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend
When using EMAIL_USE_TLS, a failed STARTTLS handshake could leave a partially-initialized connection that would subsequently be reused for sending email without encryption. This can occur with fail_silently=True, as used by send_mail() and BrokenLinkEmailsMiddleware, among others. Connections configured with EMAIL_USE_SSL are not affected.
This issue has severity “low” according to the Django security policy.
CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives
[18 lines not shown]
py-django: updated to 6.0.6
Django 6.0.6 fixes five security issues with severity “low” and one bug in 6.0.5.
CVE-2026-6873: Signed cookie salt namespace collision
get_signed_cookie() derived the signing salt by concatenating the cookie name (key) and salt arguments. When distinct name and salt pairs produced the same concatenation, cookies could be accepted in a context different from the one where they were signed.
Cookies are now signed with an unambiguous salt derivation. For backwards compatibility, cookies signed by older Django versions are accepted until Django 7.0. Projects affected by the above ambiguity should set SIGNED_COOKIE_LEGACY_SALT_FALLBACK to False to reject older cookies immediately.
This issue has severity “low” according to the Django security policy.
CVE-2026-7666: Potential unencrypted email transmission via STARTTLS in the SMTP backend
When using EMAIL_USE_TLS, a failed STARTTLS handshake could leave a partially-initialized connection that would subsequently be reused for sending email without encryption. This can occur with fail_silently=True, as used by send_mail() and BrokenLinkEmailsMiddleware, among others. Connections configured with EMAIL_USE_SSL are not affected.
This issue has severity “low” according to the Django security policy.
CVE-2026-8404: Potential exposure of private data via case-sensitive Cache-Control directives
[22 lines not shown]
Update to version 2.1.1
2026/03/04: Version 2.1.1
Patch release.
Updated external libraries: JPEG 10.0, PNG 1.6.48, TIFF 4.7.1, ZLIB 1.3.2.
Fixed FLIR and RAW parser to work correctly on big-endian systems.
2025/06/22: Version 2.1.0
Maintenance release.
Updated external libraries: PNG 1.6.48.
Improved RAW image handler to handle all data types correctly.
Fixed bug compiling with MSYS2/Clang64.
joker: update to 1.8.1
General improvements
- Add joker.mail namespace
Linter improvements
- Implement more thorough type checking
- Fix redundant do linter warning in joker.better-cond/cond
filesystems/fuse{,3}: Tidy, NFCI
- Align DESCR to each other, taking the text that describes what the
package is, vs marketing copy about FUSE. Explain fuse2 vs 3, and
add a NetBSD-only see-also to perfused(8).
- trim duplicate bsd.prefs.mk
- align whitespace between versions to reduce diffs
- reorder some lines to reduce diffs
Likely more diff-reduction could be done, but this is what I felt
confident would not cause even any binary change in the package.
filesystems/perfuse: Explain why this is ~never built
perfuse is part of the NetBSD base system since 6, so while packages
depend on this to ensure perfuse, the package is ~never built.
Update to version 9.2.0593.
Changes:
- patch 9.2.0593: :wqall ignores term_setkill() on running terminal buffers
- patch 9.2.0592: Error when restoring session with terminal window
- patch 9.2.0591: 'scrolljump' ignored when scrolling up
- patch 9.2.0590: GTK4: drawing area loses focus shape on popup menu open
- patch 9.2.0589: filetype: xinitrc files are not recognized
- runtime(doc): Update mapping descriptions
- runtime(kitty): Fix regex for kittyMapSeq region
- patch 9.2.0588: GTK4: drawing area loses focus after closing a menubar popover
- patch 9.2.0587: GTK4: left scrollbar overlaps drawarea
- runtime(doc): fix a typo in :write-plugin
- runtime(doc): Tweak documentation style
- runtime(cpp): recognize C++23 stdfloat types
- patch 9.2.0586: Crash with TextPut autocmd when pasting in terminal buffer
- runtime(c): classify type qualifiers, function specifiers and C23 attributes
- patch 9.2.0585: line number wrong after undoing a deletion in quickfix buffer
- runtime(sgf): Include sgf syntax script
[28 lines not shown]
pkgtools/pkglint: update to 23.21.0
Changes since 23.20.0 from 2026-01-31:
Warn about removed files that are still in CVS.
Allow the note about the "!=" assignment operator to be suppressed using
the standard rationale. Previously, the comment needed to be on the same
line, the line above didn't work.
Only allow ${RUN} at the beginning of a shell execution line, as that
variable expands to a "@".
Explain how to suppress diagnostics.
Allow the error about omf-scrollkeeper.mk to be suppressed.
pcsc-tools: updated to 1.7.5
1.7.5
po/PACKAGE: add Georgian
pcsc_scan: handle the case of an error during SCardGetStatusChange
If SCardGetStatusChange() returns in error then stop the spinner thread
before exiting.