BSD Commit Log Search

   doc: Updated www/curl to 8.20.0

   curl: update to 8.20.0.

   This release includes the following changes:

    o async-thrdd: use thread queue for resolving [144]
    o build: make NTLM disabled by default [90]
    o cmake: drop support for CMake 3.17 and older [108]
    o lib: add thread pool and queue [74]
    o lib: drop support for < c-ares 1.16.0 [64]
    o lib: make SMB support opt-in [18]
    o multi.h: add CURLMNWC_CLEAR_ALL [127]
    o rtmp: drop support [91]

   This release includes the following bugfixes:

    o altsvc: cap the list at 5,000 entries [183]
    o altsvc: drop the prio field from the struct [185]
    o altsvc: skip expired entries read from file [187]
    o asyn-ares: connect async [220]

    [287 lines not shown]

   doc: Updated www/p5-Starman to 0.4018

   p5-Starman: update to 0.4018.

   0.4018  2026-04-27 12:29:41 PDT
           - Fix HTTP request smuggling: Transfer-Encoding now takes precedence
             over Content-Length per RFC 7230 <C2><A7>3.3.3 (CVE-2026-40560)

   0.4017  2023-09-13 13:27:02 PDT
           - Handle EINTR when doing sysread calls (Rob Mueller) #148
           - Requires perl 5.14

   0.4016  2022-09-13 10:11:34 PDT
           - Add psgix.informational callback #146

   doc: Updated textproc/ruby-nokogiri to 1.19.3

   ruby-nokogiri: update to 1.19.3

   Upstream changes:
    https://github.com/sparklemotion/nokogiri/releases/tag/v1.19.3
    https://github.com/sparklemotion/nokogiri/releases/tag/v1.19.2

   v1.19.3 / 2026-04-27

    Fixed / Security

     * Address exponential regex backtracking in CSS selector tokenizer.
       See GHSA-c4rq-3m3g-8wgx for more information.
     * [CRuby] Address memory leak in XSLT::Stylesheet#transform. See
       GHSA-v2fc-qm4h-8hqv for more information.

   v1.19.2 / 2026-03-19

    Dependencies


    [6 lines not shown]

   doc: Updated www/palemoon to 34.2.1

   palemoon: Update to 34.2.1

   Many security issues were addressed, including potential crash
   scenarios and code correctness issues. As a summary: 50 potential
   vulnerabilities were found applicable and fixed, 20 issues had DiD
   code changes applied, and 4 were already mitigated by us before being
   reported. Of the reported vulnerabilities, 270 were not applicable to
   our code (with the vast majority pertaining to e10s/multi-process
   browser architecture) and 6 low-impact ones were marked for further
   investigation at a later time.

   mail/imap-uw: add a couple of fixes

   doc: Updated textproc/treemd to 0.5.11

   textproc/treemd: update to 0.5.11

   [0.5.11] - 2026-04-28
   Fixed

       Toggle details no-op after section navigation - In interactive mode, pressing Enter on certain <details> blocks reported "✓ Toggled details" but produced no visible change. InteractiveState::element_states is keyed only by ElementId { block_idx, sub_idx }, so a previous section's Table state at a given block_idx silently blocked a fresh Details from initializing at the same key (the indexer used HashMap::entry().or_insert(), a no-op when present). toggle_details then matched no Details variant and silently failed. Indexer now overwrites stale wrong-variant entries while preserving same-section toggle state. Regression test added.
       --filter and --level ignored in --tree mode - CLI now honors both flags when rendering the tree output (c3c3fcd)
       --at-line not wired up; -s mismatched formatted headings - --at-line resolves to the enclosing heading; section selection (-s) now matches headings that contain inline formatting (36c4e60)

   Changed

       Upgraded all dependencies to latest - Refreshed clap_complete 4.6.2 → 4.6.3, mermaid-rs-renderer 0.2.1 → 0.2.2, turbovault-parser 1.4.0 → 1.4.1, turbovault-core 1.4.0 → 1.4.1, open 5.3.3 → 5.3.4, plus transitive refreshes (plist, wasm-bindgen, tokio, libc, js-sys, cc, etc.)

   Tests

       Added end-to-end CLI integration suite covering --tree, --list, --filter, --level, --at-line, and -s (471d9d5)
       Added coverage for JSON output builder and config loading (ef250da)
       Added coverage for document tree/search and palette command matching (f185c4b)


    [3 lines not shown]

   doc: Updated mail/opendmarc to 1.4.2nb4

   opendmarc: Default to mariadb instead of mysql.

   The pkgsrc default is mariadb so it makes sense to avoid conflicts.  While
   here fix pkglint.  Bump PKGREVISION.

   Updated devel/py-pydantic-core, devel/py-pydantic

   py-pydantic: updated to 2.13.3

   2.13.3
   Handle AttributeError subclasses with from_attributes

   2.13.2
   Fix ValidationInfo.field_name missing with model_validate_json()

   2.13.1
   Fix ValidationInfo.data missing with model_validate_json()

   py-pydantic-core: updated to 2.46.3

   2.46.3
   Unknown changes

   Allow compilation on Cygwin

   doc: Updated devel/mise to 2026.4.24

   devel/mise: update to 2026.4.24

   2026.4.24 - 2026-04-27
   🚀 Features

       (ls-remote) add prereleases setting and --prerelease flag by @jdx in #9415

   🐛 Bug Fixes

       (http) retry transient HTTP failures with backoff and warn on rescue by @jdx in #9414
       (release) purge mise.en.dev CDN zone after each S3 publish by @jdx in #9416

   📚 Documentation

       prefix GitHub star count with ★ glyph by @jdx in #9417
       update intro messaging by @jdx in #9418

   Updated mail/py-checkdmarc

   py-checkdmarc: updated to 5.15.2

   5.15.2

   Cap the per-query UDP timeout at min(1.0, timeout) for single-nameserver
   configurations as well as multi-nameserver ones. Previously, when only one
   nameserver was configured (or the system default list had a single entry),
   resolver.timeout and resolver.lifetime were both set to the full
   timeout budget, which collapses dnspython's UDP retry loop to a single
   attempt — a single dropped UDP datagram then consumed the whole lifetime
   and raised LifetimeTimeout, while dig (which defaults to +tries=3)
   would mask the same blip by retrying. dnspython now retries UDP within
   the lifetime window (~2 attempts at the default 2s budget), matching
   dig's behavior in spirit and eliminating spurious single-NS timeouts
   on paths with occasional packet loss.

   doc: Updated shells/oh-my-posh to 29.11.0

   shells/oh-my-posh: update to 29.11.0

   Bug Fixes

    - address review feedback on backspace tooltip restore (cab53a3)
    - fish: trigger prompt repaint when Enter is pressed (65b603d), closes #7461
    - handle string epoch in date template functions (fad258a), closes #7470
    - ps1: ensure InvokePrompt always runs after encoding guard (d5599c4)
    - ps1: wrap InvokePrompt with UTF-8 encoding guard in backspace handler (4088f2f)

   Features

    - bash: support global .Jobs by passing --job-count (7087042), closes #7463
    - claude: add configurable gauge characters (433f419), closes #7471
    - http: add configurable timeout option (6394b26), closes #7476
    - restore rprompt on backspace when tooltip no longer matches (a87b0b4)

   Updated converters/dos2unix, security/py-acme-tiny

   py-acme-tiny: updated to 5.0.3

   5.0.3
   Fixed compatibility with OpenSSL 4.0.0

   dos2unix: updated to 7.5.5

   2026-04-06: Version 7.5.5

    * New option --error-binary: Return an error if a
      binary file is skipped.
    * Fix: dos2unix error on empty input. The problem was introduced
      in version 7.5.4.

   2026-01-30: Version 7.5.4

     * Don't return an error code if a binary file is skipped.
       Reverting change in 7.5.3.
     * Refactored code.

   grpc: fix patch checksum

   doc: Updated meta-pkgs/lxqt to 2.4.0

   LXQt: update to 2.4.0

   doc: Updated x11/lxqt-session to 2.4.0