NetBSD/pkgsrc uCgxVhLdoc CHANGES-2026

   Removed devel/py-distorm3, devel/py-fields, devel/py-filechunkio, devel/py-funcsigs
VersionDeltaFile
1.4365+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc 0tcoYvQdevel Makefile, devel/py-distorm3 PLIST distinfo

   py-distorm3 py-fields py-filechunkio py-funcsigs: removed; obsolete
VersionDeltaFile
1.4652+1-5devel/Makefile
1.6+1-1devel/py-distorm3/PLIST
1.12+1-1devel/py-distorm3/distinfo
1.5+1-1devel/py-funcsigs/distinfo
1.17+1-1devel/py-distorm3/Makefile
1.6+1-1devel/py-filechunkio/PLIST
+6-1011 files not shown
+13-1717 files

NetBSD/pkgsrc bXr2u34doc CHANGES-2026

   Removed devel/py-d2to1, devel/py-daemonize, devel/py-dialog, devel/py-dictpath
VersionDeltaFile
1.4364+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc UVY5IBvdevel Makefile, devel/py-d2to1 Makefile PLIST

   py-d2to1 py-daemonize py-dialog py-dictpath: removed; obsolete
VersionDeltaFile
1.4651+1-5devel/Makefile
1.2+1-1devel/py-dictpath/distinfo
1.7+1-1devel/py-d2to1/Makefile
1.2+1-1devel/py-d2to1/PLIST
1.6+1-1devel/py-d2to1/distinfo
1.7+1-1devel/py-daemonize/Makefile
+6-1011 files not shown
+13-1717 files

NetBSD/pkgsrc r9fxOrxdoc CHANGES-2026

   Removed devel/py-clickclick, devel/py-cooldict, devel/py-crayons, devel/py-cyordereddict
VersionDeltaFile
1.4363+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc KYjldkHdevel Makefile, devel/py-cooldict Makefile PLIST

   py-clickclick py-cooldict py-crayons py-cyordereddict: removed; obsolete
VersionDeltaFile
1.4650+1-5devel/Makefile
1.4+1-1devel/py-cyordereddict/distinfo
1.4+1-1devel/py-cooldict/Makefile
1.5+1-1devel/py-cooldict/PLIST
1.4+1-1devel/py-cooldict/distinfo
1.8+1-1devel/py-crayons/Makefile
+6-1011 files not shown
+13-1717 files

NetBSD/pkgsrc ii8XT9Udoc CHANGES-2026

   note qemu-guest-agent 11.0.2nb1
VersionDeltaFile
1.4362+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc j1ap7Kedoc CHANGES-2026

   Removed devel/py-args, devel/py-cachy, devel/py-characteristic, devel/py-checker
VersionDeltaFile
1.4361+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc jSCDoM6devel Makefile, devel/py-args distinfo Makefile

   py-args, py-cachy, py-characteristic, py-checker: removed; obsolete
VersionDeltaFile
1.4649+1-5devel/Makefile
1.4+1-1devel/py-args/distinfo
1.3+1-1devel/py-args/Makefile
1.2+1-1devel/py-args/PLIST
1.3+1-1devel/py-cachy/Makefile
1.4+1-1devel/py-cachy/PLIST
+6-1012 files not shown
+14-1818 files

NetBSD/pkgsrc 013Ripqwww/chromium Makefile

   chromium: fix esbuild dependecy's version rule
VersionDeltaFile
1.68+1-2www/chromium/Makefile
+1-21 files

NetBSD/pkgsrc ETl6d8sdoc CHANGES-2026

   Updated net/gupnp-tools, devel/libffi
VersionDeltaFile
1.4360+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc OqsG3YQdevel/libffi distinfo Makefile

   libffi: updated to 3.7.0

   3.7.0 adds three new public interfaces (ffi_call_plan_alloc,
   ffi_call_plan_invoke, ffi_call_plan_free) additively, with no
   existing interface removed or changed.  Per the libtool rules:
   increment current, reset revision, increment age (11:1:3 -> 12:0:4).
   This keeps the change ABI backward-compatible; the soname stays
   libffi.so.8 (current - age = 8).
VersionDeltaFile
1.71+4-4devel/libffi/distinfo
1.60+2-2devel/libffi/Makefile
+6-62 files

NetBSD/pkgsrc ZEfg9mAnet/gupnp-tools PLIST distinfo

   gupnp-tools: updated to 0.12.4

   0.12.4 (stable)

   Bugs fixed in this release:
   - https://gitlab.gnome.org/GNOME/gupnp-tools/issues/29

   Merge requests included in this release:
   - https://gitlab.gnome.org/GNOME/gupnp-tools/merge_requests/8
   - https://gitlab.gnome.org/GNOME/gupnp-tools/merge_requests/7
VersionDeltaFile
1.8+7-7net/gupnp-tools/PLIST
1.16+4-4net/gupnp-tools/distinfo
1.109+2-4net/gupnp-tools/Makefile
+13-153 files

NetBSD/pkgsrc LH8UkgJdoc CHANGES-2026

   Updated security/py-asn1, www/py-flask-caching, devel/py-testfixtures
VersionDeltaFile
1.4359+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc YXnSKBudevel/py-testfixtures PLIST Makefile

   py-testfixtures: updated to 12.3.0

   12.3.0 (8 Jul 2026)

   - Added :doc:`pydantic <pydantic>` support: a :func:`comparer <testfixtures.pydantic.compare_basemodel>`
     for :class:`~pydantic.BaseModel` is automatically registered, and the ``testfixtures[pydantic]``
     extra installs a compatible version.

   - Added :class:`ReprComparison` and :func:`repr_like` for asserting an object's type along with its
     :func:`repr`.

   - Added :class:`StrComparison` and :func:`str_like` for asserting an object's type along with its
     :class:`str`.

   - Added :func:`mapping`, the typed helper for :class:`MappingComparison`.

   - :func:`like` now accepts a regular expression, as a string or a compiled :class:`re.Pattern`,
     returning a :class:`TextComparison` typed as a :class:`str`. :class:`TextComparison` can also
     now be built directly from a compiled :class:`re.Pattern`.

    [9 lines not shown]
VersionDeltaFile
1.8+13-1devel/py-testfixtures/PLIST
1.10+7-2devel/py-testfixtures/Makefile
1.8+4-4devel/py-testfixtures/distinfo
+24-73 files

NetBSD/pkgsrc Q181FF8www/py-flask-caching distinfo Makefile

   py-flask-caching: updated to 2.4.1

   2.4.1

   - Use ``pallets_sphinx_themes`` for the documentation.
   - Type ``CachedResponse.__init__`` so it doesn't trigger mypy ``[no-untyped-call]``
     in strict downstream codebases. :issue:`628`
   - Docs: clarify that ``@memoize`` uses ``repr(obj)``
     (or ``__caching_id__``) for the ``self``/``cls`` identity, not Python's
     :func:`id`. :issue:`555`
   - Fix test failure with pytest 9.1. :issue:`651`
VersionDeltaFile
1.17+4-4www/py-flask-caching/distinfo
1.19+2-2www/py-flask-caching/Makefile
+6-62 files

NetBSD/pkgsrc d6SPMJSsecurity/py-asn1 distinfo Makefile

   py-asn1: updated to 0.6.4

   0.6.4, released 08-07-2026

   - CVE-2026-59885 (GHSA-8ppf-4f7h-5ppj): Fixed quadratic time
     complexity in the OBJECT IDENTIFIER and RELATIVE-OID decoders.
     A small crafted substrate encoding many arcs could consume
     excessive CPU. Arcs are now accumulated in linear time; decoded
     values are unchanged (thanks for reporting, tynus2)
   - CVE-2026-59884 (GHSA-m4p7-r5rc-7g4j): Limited BER long-form tag
     IDs to 20 octets (140 bits), matching the OID arc limit introduced
     in 0.6.2. Unbounded tag IDs allowed a crafted substrate to consume
     excessive CPU and memory; longer tag IDs are now rejected with
     PyAsn1Error. Also fixed Tag and TagSet repr() failing on huge tag
     (thanks for reporting, mikeappsec)
     IDs due to the integer-to-string conversion limit (Python 3.11+)
   - CVE-2026-59886 (GHSA-hm4w-wwcw-mr6r): Fixed excessive memory and
     CPU consumption in Real.__float__() for values with large base-10
     exponents. Conversion no longer materializes huge intermediate

    [7 lines not shown]
VersionDeltaFile
1.30+4-4security/py-asn1/distinfo
1.34+2-2security/py-asn1/Makefile
+6-62 files

NetBSD/pkgsrc bwCspAmdoc CHANGES-2026

   doc: Updated textproc/p5-ack to 3.10.0
VersionDeltaFile
1.4358+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc PHghJU5textproc/p5-ack distinfo Makefile

   p5-ack: update to 3.10.0.

   v3.10.0     Sun Jun  7 11:50:37 CDT 2026
   ========================================
   [SECURITY]
   CVE-2026-49147: filename ANSI escape sequences
   CVE-2026-49146: project .ackrc -A -B -C memory exhaustion
   CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration

   [FIXES]
   Fixed a bug where types set in the .ackrc could not be overridden from the
   command line. Thanks, Dmitri Vereshchagin. (GH #393)


   v3.9.0      Mon May 26 15:02:57 CDT 2025
   ========================================
   The --not option can be used with either --and or --or.

   The -g option can now use any of the boolean options, --and, --or or --not.

    [39 lines not shown]
VersionDeltaFile
1.22+4-4textproc/p5-ack/distinfo
1.44+4-4textproc/p5-ack/Makefile
+8-82 files

NetBSD/pkgsrc 55Sl6KJdoc CHANGES-2026

   doc: Updated textproc/p5-YAML-PP to 0.41.0
VersionDeltaFile
1.4357+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 5YTNk31textproc/p5-YAML-PP Makefile distinfo

   p5-YAML-PP: update to 0.41.0.

   v0.41.0 2026-06-17 22:01:34+02:00

       - tests: replace Test::Warn with Test::Warnings (PR #59, @haarg)
       - Fix test suite tag data

   v0.40.0 2026-04-24 16:51:28+02:00

       - Security: Limit default allowed maximum nesting level.
         Set it via new option 'max_depth'.

   v0.39.0 2025-02-10 00:01:45+01:00

       - Allow unknown tags again, reverting the previous change in v0.38.1 which
         only was supposed to be a dev release
       - Add new option require_footer

   v0.38.1 2025-01-25 00:30:13+01:00

    [17 lines not shown]
VersionDeltaFile
1.17+4-5textproc/p5-YAML-PP/Makefile
1.10+4-4textproc/p5-YAML-PP/distinfo
+8-92 files

NetBSD/pkgsrc fJUr9Smdoc CHANGES-2026

   Updated www/freenginx-devel to 1.31.3
VersionDeltaFile
1.4356+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc Hl5Hjdqwww/freenginx-devel distinfo Makefile, www/freenginx-devel/patches extra-patch-ndk_set_var.c

   www/freenginx-devel: update from 1.31.2 to 1.31.3

   Sponsored by:        tipi.work

   <ChangeLog>

   *) Feature: additional checks are now used during variable substitution,
      including during execution of the ngx_http_rewrite_module directives,
      to prevent buffer overruns in case of errors in the code.

   *) Bugfix: if the "auth_request_set" directive or regular expression
      named captures were used to change prefix variables, such as
      "$http_...", corresponding variables became empty in other parts of
      the configuration.

   *) Bugfix: changing the $limit_rate and $args variables with the
      "auth_request_set" directive or regular expression named captures
      worked incorrectly.


    [23 lines not shown]
VersionDeltaFile
1.1+31-0www/freenginx-devel/patches/extra-patch-ndk_set_var.c
1.16+4-4www/freenginx-devel/distinfo
1.18+5-3www/freenginx-devel/Makefile
+40-73 files

NetBSD/pkgsrc U52f65kdoc CHANGES-2026

   Updated www/freenginx to 1.30.1nb1
VersionDeltaFile
1.4355+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc if3WeiPwww/freenginx distinfo options.mk, www/freenginx/patches extra-patch-njs-quickjs extra-patch-auto-quickjs

   www/freenginx: third-party modules management (+)

   Update cache_purge module and njs modules to their recent versions (merge
   changes from www/freenginx-devel).

   Bump PKGREVISION.

   Sponsored by:        tipi.work
VersionDeltaFile
1.1+28-0www/freenginx/patches/extra-patch-njs-quickjs
1.9+7-7www/freenginx/distinfo
1.7+3-3www/freenginx/options.mk
1.10+3-2www/freenginx/Makefile
1.4+0-0www/freenginx/patches/extra-patch-auto-quickjs
+41-125 files

NetBSD/pkgsrc OoMTzBbdoc CHANGES-2026

   doc: Updated lang/go126 to 1.26.5
VersionDeltaFile
1.4354+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc cDbYxmIaudio/sptui Makefile, audio/ymuse Makefile

   Revbump all Go packages after go126 update
VersionDeltaFile
1.25+2-2audio/sptui/Makefile
1.49+2-2audio/ymuse/Makefile
1.103+2-2chat/coyim/Makefile
1.62+2-2chat/gomuks/Makefile
1.91+2-2chat/matterircd/Makefile
1.27+2-2chat/neonmodem/Makefile
+12-12202 files not shown
+416-390208 files

NetBSD/pkgsrc IrSh8cMlang/go version.mk, lang/go125 distinfo PLIST

   go: update to 1.26.5 and 1.25.12 (security)

   These releases include 2 security fixes following the security policy:

   -   os: Root escape via symlink plus trailing slash

       On Unix systems, opening a file in an os.Root improperly
       followed symlinks to locations outside of the Root when
       the final path component of the a path is a symbolic link
       and the path ends in /.

       For example, root.Open("symlink/") would open "symlink" even when
       "symlink" is a symbolic link pointing outside of the root.

       On Unix, openat(fd, path, O_NOFOLLOW) will follow symlinks
       in path when path ends in a /. Root failed to account for
       this behavior, permitting paths with a trailing / to escape.
       It now properly sanitizes the path parameter provided to openat.


    [18 lines not shown]
VersionDeltaFile
1.6+4-4lang/go126/distinfo
1.14+4-4lang/go125/distinfo
1.251+3-3lang/go/version.mk
1.6+4-0lang/go126/PLIST
1.9+3-0lang/go125/PLIST
+18-115 files

NetBSD/pkgsrc BAboSRHdoc CHANGES-2026

   Updated lang/nodejs, devel/py-mocket
VersionDeltaFile
1.4353+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc Fkyq9jAdevel/py-mocket distinfo Makefile

   py-mocket: updated to 3.14.2

   3.14.2

   tests: add tests for hexdump and hexload, including ValueError on invalid hex
   Better can_handle_fun documentation
   Raise an error when both can_handle_fun and match_querystring are used
VersionDeltaFile
1.18+4-4devel/py-mocket/distinfo
1.18+2-2devel/py-mocket/Makefile
+6-62 files