go127: new package for Go 1.27 rc1
Go 1.27 now supports generic methods: a method declaration may declare its own
type parameters. This widely anticipated change allows adding generic functions
within the namespace of a particular data type where before one had to declare
such functions with a scope of the entire package. Note that methods of
interfaces may not declare type parameters nor can interface methods be
implemented by generic methods.
wip/py27-renpy: import py27-renpy-6.99.12.4
Ren'Py is a visual novel engine that helps you use words, images,
and sounds to tell stories with the computer. These can be both
visual novels and life simulation games. The easy to learn script
language allows you to efficiently write large visual novels, while
its Python scripting is enough for complex simulation games.
This is Python 2.7 based Ren'Py.
This is imported to play "Doki Doki Literature Club!".
wip/py27-game_sdl2: import py27-game_sdl2-2.1.0.06991204
Pygame is a set of Python modules designed for writing games. It is written on
top of the excellent SDL library. This allows you to create fully featured
games and multimedia programs in the python language. Pygame is highly
portable and runs on nearly every platform and operating system.
This package is solely for wip/py27-renpy.
wip/py27-cython: import py27-cython-0.26
The Cython language makes writing C extensions for the Python language
as easy as Python itself. Cython is a source code translator based on
the well-known Pyrex, but supports more cutting edge functionality and
optimizations.
The Cython language is very close to the Python language (and most
Python code is also valid Cython code), but Cython additionally supports
calling C functions and declaring C types on variables and class
attributes. This allows the compiler to generate very efficient C code
from Cython code.
This makes Cython the ideal language for writing glue code for external
C libraries, and for fast C modules that speed up the execution of
Python code.
zino: update to version 2.5.1.
Pkgsrc changes:
* version-bump + checksums + PLIST update.
* Require 0.2.1 of py-netsnmp-cffi.
Upstream changes:
- Add `zping` CLI utility to check if a Zino daemon is alive by
querying its SNMP agent for uptime.
([#528](https://github.com/Uninett/zino/issues/528))
- Configuration errors in `zino.toml` now report the underlying
parser message (with line and column) for syntax errors, and
friendlier messages â<80><94> including key suggestions â<80><94>
for validation errors. ([#539](https://github.com/Uninett/zino/issues/539))
- Single-interface link state verification no longer crashes with
an `AssertionError` when the target interface has disappeared from
[13 lines not shown]
py-netsnmp-cffi: upgrade to version 0.2.1.
Pkgsrc changes:
* Version + checksum updates.
Upstream changes:
Fixed
* Fix ffi.error from a size mismatch between the cdef and the
real C layout of struct enum_list, by marking the cdef declaration
as flexible. The mismatch caused crashes on platforms where
CFFI verifies struct sizes against the C compiler (e.g.
NetBSD/pkgsrc builds of net-snmp), any time MIB enumerations
were looked up. (#23)
Added
* Test suite now also tests on Python 3.13 and 3.14.
* Wheel build/publish process also builds wheels for Python 3.13 and 3.14.
bind920: update to BIND version 9.20.24.
Pkgsrc changes:
* Version bump, checksums.
Upstream changes:
Removed Features
~~~~~~~~~~~~~~~~
- Remove ineffective TCP fallback after repeated UDP timeouts.
When an authoritative server failed to respond to two consecutive UDP
queries, :iscman:`named` marked the next retry as TCP but still sent
it over UDP, producing misleading dnstap records. The ineffective
retry path has been removed; a corrected TCP fallback will be restored
in future BIND 9 versions. :gl:`#5529`
Feature Changes
[87 lines not shown]
chromium: make wayland support optional
Fix build on NetBSD-10: disable wayland support with native X11_TYPE
../../ui/ozone/platform/wayland/host/drm_syncobj_ioctl_wrapper.cc:50:10: error: use of undeclared identifier 'drmSyncobjEventfd'
50 | return drmSyncobjEventfd(fd_.get(), handle, point, ev_fd, flags);
| ^~~~~~~~~~~~~~~~~
sftpgo: update to 2.7.3
New features
Added a configurable minimum-entropy check (common.secret_min_entropy, default 80) for data-at-rest encryption secrets (CryptFs passphrase, S3 SSE-C key), to reject trivially weak key material at submission time.
Logs: added the virtual path to transfer/command logs and to event-log CSV exports.
WebClient: replaced glightbox with a custom lightbox implementation for better CSP compatibility.
Bug fixes
IP list: fixed matching when an IP is covered by multiple conflicting entries.
Fixed comparison of unordered slices.
Shares: enforce max_tokens atomically via a guarded conditional update, closing a check-then-write race that could let a usage-capped share be used more times than allowed under concurrent access.
In-memory reset-code manager: check code expiry at retrieval time instead of relying only on the background cleanup.
Security fixes
Fixed a path-confinement bypass in the public browsable-share partial ZIP download. CVE-2026-49244.
Fixed a stored XSS where the inline parameter on browsable-share and authenticated user file downloads suppressed Content-Disposition: attachment, allowing an attacker-supplied HTML file to execute in SFTPGo's web origin. These endpoints now always respond with Content-Disposition: attachment and the inline parameter has been removed. CVE-2026-49245.
Hardening
Neutralized CSV formula injection in the Event Manager and event-log CSV exports: cells starting with =, +, -, @, tab or CR are now prefixed with a single quote.
[6 lines not shown]
