BSD Commit Log Search

   sysutils/docker-cli: update to 29.3.1

   Update to uv 0.11.1

   Involves an update to reqwest 0.13 and a switch from ring to aws-lc as a
   crypto backend for TLS. See the extensive discussion in the 0.11.0 notes

   https://github.com/astral-sh/uv/releases/tag/0.11.1
   https://github.com/astral-sh/uv/releases/tag/0.11.0

   libpcap now uses thread-local storage, so we need to use ports-gcc
   on base-gcc arches

   Fixes the build on sparc64

   security/nss: update to 3.122, required for gecko 150

   see https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html

   net/synapse: update to 1.150.0, from MAINTAINER Renaud Allard

   Fix for llvm-config --libs
   Add missing wantlib for execinfo
   Fix build on aarch64

   ok robert@

   devel/sbt: update to 1.12.8

   update to hylafax-7.0.11, switching to the less inactive hylafax+ fork
   from Larry Moore, some tweaks from me

   update to isc-bind-9.20.21

   Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
   Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
   Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
   Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
   Fix the handling of key statements defined inside views.

   update to isc-bind-9.20.21

   Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
   Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
   Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
   Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
   Fix the handling of key statements defined inside views.

   stone-soup: missing bdep on devel/bison

   update to py3-webob-1.8.9, add dep on py-legacy-cgi (would prefer to use
   multidict but the PR isn't ready yet, https://github.com/Pylons/webob/pull/466)

   Update to celestia-data-0.20260325.

   Update to celestia-1.7.0pre20260319.

   +py-legacy-cgi

   Initial revision

   update to 1.28.3; from Mark Patruck

   - buffer overflow vulnerability in the ngx_http_dav_module
      (CVE-2026-27654)

   - buffer overflow vulnerabilities in the ngx_http_mp4_module
      (CVE-2026-27784, CVE-2026-32647)

   - mail session authentication vulnerabilities
      (CVE-2026-27651, CVE-2026-28753)

   - OCSP result bypass vulnerability in stream
      (CVE-2026-28755)

   Update libopenmpt to 0.8.6.

   Update to gemini-cli-0.35.0.

   Update to epson-inkjet-printer-escpr-1.8.8.

   Update to epiphany-49.7.

   Update to google-cloud-sdk-562.0.0.

   Use \- for hyphens in tmux.1 to cause newer groff versions to render
   them correctly (ASCII hyphen rather than Unicode) which aids copy and
   paste. From Keith Thompson in GitHub issue 4948.

   Update to gegl04-0.4.70.

   www/hugo: update to 0.159.0

   Changes:
    - https://github.com/gohugoio/hugo/releases/tag/v0.159.0

   missed bump

   ruby 4.0 FFI also fails on aarch64 BTI machines without USE_NOBTCFI
   pointed out by gkoehler/tb

   update to tomcat-10.1.53

   MFC: build ruby 3.x with USE_NOBTCFI on aarch64 due to crashes at runtime
   when using FFI on machines which enforce BTI. (4.0 seems ok).

   ok tb jca kn

   (I left this as just 3.3/3.4 since we didn't provide a ruby32-ffi
   package)

   build ruby 3.x with USE_NOBTCFI on aarch64 due to crashes at runtime
   when using FFI on machines which enforce BTI. (4.0 seems ok).

   ok tb jeremy kn