BSD Commit Log Search

py-pytokens: upgrade candidate, doesn't build

doesn't find init.c, which is not included in the tarball

webkit-gtk: more ruby path fixes

TODO: add some

+ codex-0.89.0, crush-0.35.0, dmarc-report-viewer-2.3.2, resterm-0.19.1.

rust193-bin: add package corresponding to rust193.

rust193: add requires cargo checksum updates from previous addition of patches.

py-qutrub: removed; last update 2009-08-26

py-registry: removed; last update 2019-05-08

dunst: add wayland support

Import x11/dunst

rofi: remove, imported to pkgsrc

rust193: replicate openssl-sys patch for earlier versions, allowing build...

...for ilp32 NetBSD targets.  Perhaps oddly, 32-bit arm succeeds without,
but neither does powerpc nor i386.

rust193: Add a package for rust 1.93.0.

Pkgsrc changes:
 * Update version & checksums.
 * Adapt openssl-src patches to minor version update.

Noteable failures at the time of commit:
 * The cross-build for sparc64 fails, not yet reported.

Upstream changes relative to 1.92.0:

Version 1.93 (2026-01-22)
==========================

Language
--------
- [Add warn-by-default `function_casts_as_integer` lint]
  (https://github.com/rust-lang/rust/pull/141470)
- [Add future-incompatibility warning for `...` function parameters

    [163 lines not shown]

includes further work on the compiler.

navidrome: remove

Has multiple vulnerabilities and depends on nodejs16, which is long
gone.

x11/xdgmenumaker: Add xdgmenumaker version 2.4

Packaged in wip by Dave Vollenweider.

rofi: update to 2.0.0

Import x11/rofi

Bump libvips to 8.18.0

Copy libvips 8.17.2nb1 from Pkgsrc main

webkit-gtk: include libatomic/bl3.mk to fix build

now dies in a segfault generating introspection files

webkit-gtk: remove outdated bl3.mk, let's recreate it when this works

sipp: Add reference to CVE-2026-0710

ape: Update to 3.5.3.187

Fix markdown image template

Remove yazi

Apparently @wiz did the same work and pushed it to main already :)

yazi: add update candidate

go126: update to 1.26rc2.

This release includes 6 security fixes following the security policy:

- archive/zip: denial of service when parsing arbitrary ZIP archives

  archive/zip used a super-linear file name indexing algorithm that is invoked
  the first time a file in an archive is opened. This can lead to a denial of
  service when consuming a maliciously constructed ZIP archive.

  Thanks to Thanks to Jakub Ciolek for reporting this issue.

  This is CVE-2025-61728 and Go issue https://go.dev/issue/77102.

- net/http: memory exhaustion in Request.ParseForm

  When parsing a URL-encoded form net/http may allocate an unexpected amount of
  memory when provided a large number of key-value pairs. This can result in a
  denial of service due to memory exhaustion.

    [91 lines not shown]

chromium: update to 144.0.7559.96

icu: removed; newer version is in base

owntone: Add reference to recent CVEs

bind920: update to BIND version 9.20.18.

Pkgsrc changes:
 * Version bump, checksums.

Upstream changes:

BIND 9.20.18
------------

Security Fixes
~~~~~~~~~~~~~~

- [CVE-2025-13878] Fix incorrect length checks for BRID and HHIT
  records. ``d4c0d61701``

  Malformed BRID and HHIT records could trigger an assertion failure.
  This has been fixed.


    [80 lines not shown]