BSD Commit Log Search

   Updated devel/libunit to 1.35.0
   Updated www/unit to 1.35.0
   Updated www/unit-perl to 1.35.0
   Updated www/unit-php to 1.35.0
   Updated www/unit-python to 1.35.0
   Updated www/unit-ruby to 1.35.0

   */*unit*: update NGINX Unit: 1.34.2 -> 1.35.0

   Going forward, NGINX Unit will no longer receive new features or
   enhancements from the project maintainers.

   NGINX Unit is still open to community contributions.

   The team is focusing its limited capacity to keep NGINX Unit stable,
   secure and high-quality. Its focus will be on critical maintenance, such
   as for security issues, dependency upgrades, and resolving crashes or
   undefined behavior.

   <ChangeLog>

   *) Security: fix missing websocket payload length validation in the Java
      language module which could lead to Java language module processes
      consuming excess CPU. (CVE-2025-1695).

   *) Change: if building with njs, version 0.9.0 or later is now required.

    [28 lines not shown]

   sops: Remove unused patch

   Noticed by <wiz>, thanks!

   doc/TODO: + py-docutils-0.22.1 [wip].

   nodejs: remove unused patch

   doc: revert previous

   doc: Updated wip/py-docutils to 0.22.1

   doc: Updated shells/oh-my-posh to 26.23.6

   shells/oh-my-posh: update to 26.23.6

   v26.23.6
   Bug Fixes

       config: resolve theme for extends (1a7da50), closes #6786
       init: cache remote config (7a88545), closes #6780

   v26.23.5
   Bug Fixes

       config: allow mixing path separators (1017992)
       notice: use cached config (c790816)
       upgrade: use cached config (873d429)

   Warning

   If you see the error  unknown command "prompt" for "oh-my-posh", remove the word prompt from your oh-my-posh init command.
   For example, if you have:

    [64 lines not shown]

   doc: note cargo-about downgrade

   cargo-about: downgrade to 0.7.1.

   To fix build of simp, see
   https://github.com/Kl4rry/simp/issues/46

   From pin@

   net/ruby-dnsruby: fix PLIST

   doc: Added sysutils/wimlib version 1.14.4

   Add sysutils/wimlib

   wimlib is a C library for creating, modifying, extracting, and mounting
   files in the Windows Imaging Format (WIM files). wimlib and its
   command-line frontend 'wimlib-imagex' provide a free and cross-platform
   alternative to Microsoft's WIMGAPI, ImageX, and DISM.

   doc: Updated devel/jj to 0.33.0

   jj: update to 0.33.0.

   ## [0.33.0] - 2025-09-03

   ### Release highlights

   * `jj undo` is now *sequential*: invoking it multiple times in sequence
     repeatedly undoes actions in the operation log. Previously, `jj undo` would
     only undo *the most recent* operation in the operation log. As a result, a new
     `jj redo` command has been added.

   * Experimental support for improving query performance over filesets and file
     queries (like `jj log path/to/file.txt`) has been added. This is not enabled
     by default. To enable this, you must use the `jj debug index-changed-paths`
     command.

   ### Breaking changes

   * `jj evolog` templates now accept `CommitEvolutionEntry` as context type. To

    [116 lines not shown]

   doc: Updated fonts/noto-emoji-ttf to 2.051

   noto-emoji-ttf: update to 2.051.

   Unicode 17.

   doc: Updated www/php-glpi to 10.0.20nb1

   www/php-glpi: update dependency

   https://glpi-install.readthedocs.io/en/latest/prerequisites.html dose not
   requires PHP imap extension.

   Bump PKGREVISION.

   skaffold: regenerate distinfo.

   misc/raspberrypi-userland: Hack around cmake deprecation

   doc: Updated textproc/expat to 2.7.2

   expat: update to 2.7.2.

   Release 2.7.2 Tue September 16 2025
           Security fixes:
        #1018 #1034  CVE-2025-59375 -- Disallow use of disproportional amounts of
                       dynamic memory from within an Expat parser (e.g. previously
                       a ~250 KiB sized document was able to cause allocation of
                       ~800 MiB from the heap, i.e. an "amplification" of factor
                       ~3,300); once a threshold (that defaults to 64 MiB) is
                       reached, a maximum amplification factor (that defaults to
                       100.0) is enforced, and violating documents are rejected
                       with an out-of-memory error.
                       There are two new API functions to fine-tune this new
                       behavior:
                         - XML_SetAllocTrackerActivationThreshold
                         - XML_SetAllocTrackerMaximumAmplification .
                       If you ever need to increase these defaults for non-attack
                       XML payload, please file a bug report with libexpat.
                         There is also a new environment variable

    [47 lines not shown]

   udunits: patch ctype(3) use

   Addresses a build failure observed in dependent R-units package on
   NetBSD >= 10.99.14.

   Update libxml2 vulnerability info

   https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

   doc/TODO: + gh-2.79.0.

   arm-none-eabi-gdb: restore accidentally dropped options.mk ref

   (I've no idea how this happened, as my tree was supposed to be up to
   date, but was missing r. 1.10 of Makefile but not the other changes
   from that commit.)

   arm-none-eabi-gdb: fix builds (one script expects bash)

   doc/TODO: aspire to have cross/aarch64-none* match arm