NetBSD/pkgsrc IUFP6MJdoc CHANGES-2026

   Updated devel/py-setuptools, www/py-tornado
VersionDeltaFile
1.1679+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 0eOslV6www/py-tornado distinfo Makefile

   py-tornado: updated to 6.5.5

   What's new in Tornado 6.5.5

   Security fixes

   - ``multipart/form-data`` requests are now limited to 100 parts by default, to prevent a
     denial-of-service attack via very large requests with many parts. This limit is configurable
     via `tornado.httputil.ParseMultipartConfig`. Multipart parsing can also be disabled completely
     if not required for the application. Thanks to [0x-Apollyon](https://github.com/0x-Apollyon) and
     [bekkaze](https://github.com/bekkaze) for reporting this issue.
   - The ``domain``, ``path``, and ``samesite`` arguments to `.RequestHandler.set_cookie` are now
     validated for illegal characters, which could be abused to inject other attributes on the cookie.
     Thanks to Dhiral Vyas (Praetorian) for reporting this issue.
   - Carriage return characters are no longer accepted in ``multipart/form-data`` headers. Thanks to
     [sergeykochanov](https://github.com/sergeykochanov) for reporting this issue.
VersionDeltaFile
1.35+4-4www/py-tornado/distinfo
1.47+2-2www/py-tornado/Makefile
+6-62 files

NetBSD/pkgsrc TSTfSjidevel/py-setuptools PLIST distinfo

   py-setuptools: updated to 82.0.1

   82.0.1

   Bugfixes

   Fix the loading of launcher manifest.xml file.
   Replaced deprecated json.__version__ with fixture in tests.

   Improved Documentation

   Add advice about how to improve predictability when installing sdists.
VersionDeltaFile
1.107+8-8devel/py-setuptools/PLIST
1.250+4-4devel/py-setuptools/distinfo
1.276+2-2devel/py-setuptools/Makefile
+14-143 files

NetBSD/pkgsrc AnKImItdoc CHANGES-2026

   Updated www/nginx-devel, security/py-acme, security/py-certbot*
VersionDeltaFile
1.1678+19-1doc/CHANGES-2026
+19-11 files

NetBSD/pkgsrc 8dldv3Isecurity/py-certbot-dns-dnsmadeeasy distinfo, security/py-certbot-dns-gehirn distinfo

   py-acme py-certbot*: updated to 5.4.0

   5.4.0 - 2026-03-10

   Added
   - The webroot plugin now supports IP address issuance.

   Changed
   - certbot-nginx now requires pyparsing>=3.0.0.
VersionDeltaFile
1.70+4-4security/py-certbot-dns-dnsmadeeasy/distinfo
1.70+4-4security/py-certbot-dns-gehirn/distinfo
1.70+4-4security/py-certbot-dns-google/distinfo
1.70+4-4security/py-certbot-dns-linode/distinfo
1.75+4-4security/py-certbot-dns-luadns/distinfo
1.75+4-4security/py-certbot-dns-ovh/distinfo
+24-2413 files not shown
+72-7219 files

NetBSD/pkgsrc 99YuWm0www/nginx-devel distinfo Makefile

   nginx-devel: updated to 1.29.6

   Changes with nginx 1.29.6                                        10 Mar 2026

   *) Feature: session affinity support; the "sticky" directive in the
      "upstream" block of the "http" module; the "server" directive
      supports the "route" and "drain" parameters.

   *) Change: now nginx limits the size and rate of QUIC stateless reset
      packets.

   *) Bugfix: receiving a QUIC packet by a wrong worker process could cause
      the connection to terminate.

   *) Bugfix: "[crit] cache file ... contains invalid header" messages
      might appear in logs when sending a cached HTTP/2 response.

   *) Bugfix: proxying to scgi backends might not work when using chunked
      transfer encoding and the "scgi_request_buffering" directive.

    [9 lines not shown]
VersionDeltaFile
1.132+4-4www/nginx-devel/distinfo
1.167+2-2www/nginx-devel/Makefile
+6-62 files

NetBSD/pkgsrc uERqjIudoc CHANGES-2026, multimedia Makefile

   ffmpeg2, ffplay2: remove, unused

   use ffmpeg3, 4, 5, 6, 7, or 8.
VersionDeltaFile
1.360+1-3multimedia/Makefile
1.1677+3-1doc/CHANGES-2026
1.115+1-1multimedia/ffmpeg2/Makefile
1.49+1-1multimedia/ffplay2/Makefile
1.3+1-1multimedia/ffplay2/PLIST
1.71+1-1multimedia/ffmpeg2/Makefile.common
+8-817 files not shown
+22-2223 files

NetBSD/pkgsrc JfNC3ITaudio/cmus-legacy options.mk

   cmus-legacy: remove default-off ffmpeg(2) option
VersionDeltaFile
1.4+2-13audio/cmus-legacy/options.mk
+2-131 files

NetBSD/pkgsrc GAMRP2Sdoc CHANGES-2026

   Updated emulators/ppsspp, emulators/ppsspp-qt, emulators/libretro-ppsspp
VersionDeltaFile
1.1676+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc OaQt6gYemulators/libretro-ppsspp PLIST, emulators/ppsspp PLIST Makefile.common

   ppsspp ppsspp-qt libretro-ppsspp: updated to 1.20.2

   What's new in 1.20.2

   Improved server list for ad hoc multiplayer, dynamically updated and you can now add/remove entries
   Fix broken multitouch on iOS with OpenGL
   Ad hoc relay connection improvements
   Fix a lot of minor UI issues
   Fix background image selection on Android and iOS
   Fix file permission issue on iOS
   Add a "hold" version of axis swap toggle
   Fix regression in Gripshift
   Fix crash on audio device switch on Windows
   Fix timing glitches in gamepad input on Windows
   And other assorted fixes.
VersionDeltaFile
1.1+32-0emulators/ppsspp/patches/patch-CMakeLists.txt
1.2+23-8emulators/ppsspp/PLIST
1.2+23-8emulators/ppsspp-qt/PLIST
1.5+23-8emulators/libretro-ppsspp/PLIST
1.4+11-14emulators/ppsspp/Makefile.common
1.1+16-0emulators/ppsspp/patches/patch-ext_CMakeLists.txt
+128-387 files not shown
+155-5213 files

NetBSD/pkgsrc cTxkIRtdoc CHANGES-2026

   doc: Updated www/libcurl-gnutls to 8.19.0
VersionDeltaFile
1.1675+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 06A2Qxxwww/libcurl-gnutls Makefile

   libcurl-gnutls: update to 8.19.0.

   Match curl.
VersionDeltaFile
1.23+1-2www/libcurl-gnutls/Makefile
+1-21 files

NetBSD/pkgsrc gvVjd9Odoc CHANGES-2026

   doc: Updated www/curl to 8.19.0
VersionDeltaFile
1.1674+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 51uwF0Xwww/curl distinfo Makefile.common

   curl: update to 8.19.0.

   curl and libcurl 8.19.0

    Public curl releases:         273
    Command line options:         273
    curl_easy_setopt() options:   308
    Public functions in libcurl:  100
    Contributors:                 3619

   This release includes the following changes:

    o we stopped the bug bounty [23]
    o cmake: add `CURL_BUILD_EVERYTHING` option [51]
    o initial support for MQTTS [81]
    o tool: support fractions for --limit-rate and --max-filesize [79]
    o tool_cb_hdr: with -J, use the redirect name as a backup [147]
    o vquic: drop support for OpenSSL-QUIC [80]
    o windows: add build option to use the native CA store [82]

    [268 lines not shown]
VersionDeltaFile
1.223+4-4www/curl/distinfo
1.35+2-2www/curl/Makefile.common
1.305+1-2www/curl/Makefile
+7-83 files

NetBSD/pkgsrc n1DvFwXconverters/py-chardet Makefile

   py-chardet: mention that this shouldn't be updated to 7.x for now
VersionDeltaFile
1.38+4-1converters/py-chardet/Makefile
+4-11 files

NetBSD/pkgsrc mHYDsbWdoc CHANGES-2026

   Updated security/adguardhome, devel/py-configargparse
VersionDeltaFile
1.1673+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc otz5HsHdevel/py-configargparse distinfo Makefile

   py-configargparse: updated to 1.7.5

   1.7.5
   Slightly simplified PyPI deployment workflow via setuptools-scm
VersionDeltaFile
1.23+4-4devel/py-configargparse/distinfo
1.26+4-3devel/py-configargparse/Makefile
+8-72 files

NetBSD/pkgsrc iTRfCZ6security/adguardhome distinfo Makefile

   adguardhome: updated to 0.107.73

   0.107.73

   Security

   Authentication is now applied to requests that have been upgraded from HTTP/2 Cleartext (H2C) requests to public resources.
VersionDeltaFile
1.6+7-7security/adguardhome/distinfo
1.12+2-3security/adguardhome/Makefile
+9-102 files

NetBSD/pkgsrc W7uOplymath/R Makefile PLIST

   (math/R) Trying to fix PLIST on Darwin
VersionDeltaFile
1.280+6-1math/R/Makefile
1.44+2-1math/R/PLIST
+8-22 files

NetBSD/pkgsrc 62IfcKadoc CHANGES-2026

   doc: Updated graphics/giflib-util to 6.1.2
VersionDeltaFile
1.1672+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc v0amljedoc CHANGES-2026

   doc: Updated graphics/giflib to 6.1.2
VersionDeltaFile
1.1671+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc P9yH2T4graphics/giflib distinfo Makefile, graphics/giflib-util PLIST Makefile

   giflib*: update to 6.1.2

   Version 6.1.2
   =============

   Code Fixes
   ----------

   * Fix for low-severity CVE-2026-23868 affecting gifponge, giftool, and gifbuild,
     but not the core library - library clients need not be alarned.

   Version 6.1.1
   =============

   This release bumps the major version, but only one entry point -
   EGifSpew() - has changed signature and behavior (in order to be able
   to pass out a detailed error code). The internal error
   codes in the E_GIF_ERR series have changed value so none of them
   collides with GIF_ERROR.

    [66 lines not shown]
VersionDeltaFile
1.10+42-49graphics/giflib/patches/patch-Makefile
1.32+5-6graphics/giflib/distinfo
1.61+4-4graphics/giflib/Makefile
1.17+4-2graphics/giflib/Makefile.common
1.7+1-2graphics/giflib-util/PLIST
1.17+1-2graphics/giflib-util/Makefile
+57-651 files not shown
+58-667 files

NetBSD/pkgsrc qJAeM1Ytextproc/rumdl Makefile

   textproc/rumdl: Add note on MSRV
VersionDeltaFile
1.18+2-1textproc/rumdl/Makefile
+2-11 files

NetBSD/pkgsrc sZHDqm1doc CHANGES-2026

   doc: Updated shells/oh-my-posh to 29.8.0
VersionDeltaFile
1.1670+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc FeoMfFQshells/oh-my-posh distinfo go-modules.mk

   shells/oh-my-posh: update to 29.8.0

   Bug Fixes

       spotify: use correct D-Bus interface name on Linux (3c44733), closes #7365
       theme: align socials icons and add bluesky instead of at (8857a5c)
       zsh: prevent stream process from inheriting parent stdin (40164ef)

   Features

       lint markfown with vale (57df69a)
VersionDeltaFile
1.294+16-16shells/oh-my-posh/distinfo
1.122+4-4shells/oh-my-posh/go-modules.mk
1.322+2-3shells/oh-my-posh/Makefile
+22-233 files

NetBSD/pkgsrc 0clsKwGdoc CHANGES-2026

   doc: Updated net/xfr to 0.9.3
VersionDeltaFile
1.1669+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 51G5Inpnet/xfr distinfo cargo-depends.mk

   net/xfr: update to 0.9.3

   Added

    - Server --bind flag (#38) — xfr serve --bind <IP> binds TCP, QUIC, and UDP data listeners to a specific address.
      Validates against -4/-6 flags and rejects unspecified addresses (::, 0.0.0.0).

   Changed

    - Server sends random payloads (#34) — server-side TCP and UDP send paths now use random bytes by default in
      reverse and bidirectional modes, matching the client's default-on behavior.

   Fixed

    - QUIC dual-stack on Windows (#39) — QUIC server endpoint now creates its UDP socket via socket2 with explicit
      IPV6_V6ONLY handling instead of relying on Quinn's Endpoint::server(). On Windows/macOS where IPV6_V6ONLY defaults
      to true, binding to [::] would only accept IPv6 connections.
    - Server random payload on single-port TCP reverse (#34) — the single-port TCP handler (DataHello path used by all
      modern clients) was missing random_payload = true, causing reverse-mode downloads to still send zeros.

    [4 lines not shown]
VersionDeltaFile
1.5+28-28net/xfr/distinfo
1.5+8-8net/xfr/cargo-depends.mk
1.5+2-2net/xfr/Makefile
+38-383 files

NetBSD/pkgsrc 4xA4YoSdoc CHANGES-2026

   doc: Updated devel/ast-grep to 0.41.1
VersionDeltaFile
1.1668+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ZRSX72Ndevel/ast-grep distinfo cargo-depends.mk, devel/ast-grep/patches patch-.._vendor_mio-1.0.3_src_sys_unix_selector_kqueue.rs

   devel/ast-grep: update to 0.41.1

    - fix: lsp on change encounter deadlock #2511
    - chore(deps): update dependency oxlint to v1.51.0 #2512
    - chore(deps): update rust crate tempfile to v3.26.0 #2497
    - chore(deps): update rust crate inquire to v0.9.4 #2498
    - chore(deps): update dependency @types/node to v24.11.0 #2502
    - chore(deps): update dependency dprint to v0.52.0 #2499
    - fix: override severity on rule & inline-rules flags #2505
    - chore(deps): update github artifact actions #2507
    - chore(deps): update rust crate tree-sitter to v0.26.6 #2501
    - chore(deps): update dependency web-tree-sitter to v0.26.6 #2500
    - chore(deps): update dependency ava to v7 #2508
    - chore(deps): update dependency oxlint to v1.50.0 #2495
    - chore(deps): update dependency @ast-grep/napi to v0.41.0 #2494
    - fix: bump ls-types version #2525
    - refactor: change versioned ast work a86b2ab
    - fix: bump wasm-bindgen d23e334
    - fix: fix wasm package 0b92e94
VersionDeltaFile
1.78+349-332devel/ast-grep/distinfo
1.73+115-109devel/ast-grep/cargo-depends.mk
1.78+2-2devel/ast-grep/Makefile
1.2+1-1devel/ast-grep/patches/patch-.._vendor_mio-1.0.3_src_sys_unix_selector_kqueue.rs
+467-4444 files

NetBSD/pkgsrc 7fcqemrdoc CHANGES-2026

   Updated lang/quickjs to 20251222
VersionDeltaFile
1.1667+2-1doc/CHANGES-2026
+2-11 files