doc: Updated cad/kicad to 8.0.2

(gdt)

cad/kicad: Update to 8.0.2

Upstream changes are bug fixes and minor improvements.

8.0.1 failed to build on NetBSD 10 amd64 with a complaint about const
pointer promotions, but this is problem is not present in 8.0.2.

Builds and starts on NetBSD 10 amd64.

(gdt)

normalize ioquake3 arch checks, missed in previous commit

(nia)

nlopt: disable Python autodetection.

Switch to cmake/build.mk.

(wiz)

doc: Updated devel/nss to 3.100

(wiz)

nss: update to 3.100.

Changes:

- Bug 1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
- Bug 1893752 - remove ckcapi.
- Bug 1893162 - avoid a potential PK11GenericObject memory leak.
- Bug 671060 - Remove incomplete ESDH code.
- Bug 215997 - Decrypt RSA OAEP encrypted messages.
- Bug 1887996 - Fix certutil CRLDP URI code.
- Bug 1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- Bug 676118: Add ability to encrypt and decrypt CMS messages using ECDH.
- Bug 676100 - Correct Templates for key agreement in smime/cmsasn.c.
- Bug 1548723 - Moving the decodedCert allocation to NSS.
- Bug 1885404 - Allow developers to speed up repeated local execution of NSS tests that depend on certificates.

(wiz)

Updated textproc/py-validate-pyproject, devel/py-tenacity

(adam)

py-tenacity: updated to 8.3.0

8.3.0

New Features

Added a new stop function: stop_before_delay, which will stop execution if the next sleep time would cause overall delay to exceed the specified delay. Useful for use cases where you have some upper bound on retry times that you must not exceed, so returning before that timeout is preferable than returning after that timeout.

Bug Fixes

Preserve defaults and kwdefaults through retry decorator

Other Notes

Add a "test" extra

(adam)

py-validate-pyproject: updated to 0.17

v0.17

Update version regex according to latest packaging version
Remove duplicate # ruff: noqa
Remove invalid top-of-the-file # type: ignore statement
Align tool.setuptools.dynamic.optional-dependencies with `project.optional-dependencies
Bump min Python version to 3.8

(adam)

Updated www/py-werkzeug, www/py-twill

(adam)

py-twill: updated to 3.2.4

3.2.4 (released 2024-04-27)

* Support latest version of httpx.

(adam)

py-werkzeug: updated to 3.0.3

Version 3.0.3

- Only allow ``localhost``, ``.localhost``, ``127.0.0.1``, or the specified
  hostname when running the dev server, to make debugger requests. Additional
  hosts can be added by using the debugger middleware directly. The debugger
  UI makes requests using the full URL rather than only the path.
  :ghsa:`2g68-c3qc-8985`
- Make reloader more robust when ``""`` is in ``sys.path``. :pr:`2823`
- Better TLS cert format with ``adhoc`` dev certs. :pr:`2891`
- Inform Python < 3.12 how to handle ``itms-services`` URIs correctly, rather
  than using an overly-broad workaround in Werkzeug that caused some redirect
  URIs to be passed on without encoding. :issue:`2828`
- Type annotation for ``Rule.endpoint`` and other uses of ``endpoint`` is
  ``Any``. :issue:`2836`

(adam)

doc: Updated lang/go122 to 1.22.3

(bsiegert)

go: update to 1.21.10 and 1.22.3 (security)

These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin

  On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple
  version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  Thanks to Juho Fors辿n of Mattermost for reporting this issue.

  This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop

  A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite
  loop.

  Thanks to @long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak
  for bringing the issue to our attention.

  This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.

(bsiegert)

Updated www/py-django, www/py-django4

(adam)

py-django4: updated to 4.2.13

Django 4.2.13 fixes a packaging error in 4.2.12.

(adam)

py-django: updated to 5.0.6

Django 5.0.6 fixes a packaging error in 5.0.5.

(adam)

Updated lang/nodejs, lang/nodejs20

(adam)

Updated www/dillo to 3.1.0

(abs)

nodejs20: updated to 20.13.0

Node.js v20.13.0

buffer: improve base64 and base64url performance
crypto: deprecate implicitly shortened GCM tags
events,doc: mark CustomEvent as stable
fs: add stacktrace to fs/promises
report: add --report-exclude-network option
src: add uv_get_available_memory to report and process
stream: support typed arrays
util: support array of formats in util.styleText
v8: implement v8.queryObjects() for memory leak regression testing
watch: mark as stable

(adam)

Updated www/dillo to 3.1.0

Since the last release 3.0.5 from 2015 a lot of things have happened
to the Dillo project. A plot of number of commits over time colored
by authors. There is a missing gap from mid 2002 to mid 2008. And
from 2017 to end of 2023 there is almost no commits. Here is a
short timeline to put things into perspective:

- On 2016, the main developer of the layout engine, Sebastian
  Geerken, passed away
- On 2017, the development stopped
- On 2019, the last email from Jorge Arellano Cid, the lead
  developer of Dillo, was recorded by the mailing list
- On 2022, the domain dillo.org was lost
- On 2024, an attempt to resurrect the project began by Rodrigo
  Arias Mallo

This release contains a lot of changes accumulated from the 2015-2017
period, as well as fixes and small features introduced in 2024.
Here is a summary:

- Add support for floating HTML elements, which involved a big
  redesign
- Add support for OpenSSL, LibreSSL and mbed TLS for HTTPS, which
  is now enabled by default
- Add a CI pipeline to build Dillo on Ubuntu, MacOS, FreeBSD and
  Windows (via cygwin)
- Add automatic HTML rendering tests
- Improve and extend the Dillo manual

(abs)

nodejs: updated to 22.1.0

Node.js v22.1.0

module: implement NODE_COMPILE_CACHE for automatic on-disk code caching
buffer: improve base64 and base64url performance
(SEMVER-MINOR) dns: add order option and support ipv6first
events,doc: mark CustomEvent as stable
(SEMVER-MINOR) lib, url: add a windows option to path parsing
(SEMVER-MINOR) net: add CLI option for autoSelectFamilyAttemptTimeout
(SEMVER-MINOR) src: add string_view overload to snapshot FromBlob
src,permission: throw async errors on async APIs
(SEMVER-MINOR) test_runner: add --test-skip-pattern cli option
(SEMVER-MINOR) url: implement parse method for safer URL parsing

(adam)

sc-im: Note why this package doesn't work with netbsd curses in a comment

(nia)

doc/pkgsrc.*: regen

(gdt)

doc/guide/ftp-layout.xml: Catch up to modern reality

We don't have builds from date-based checkouts, or 4.99.x.
Mention that there are READMEs within ftp.

CVS: ----------------------------------------------------------------------
CVS: CVSROOT  cvs.NetBSD.org:/cvsroot
CVS: please use "PR category/123" to have the commitmsg appended to PR 123

(gdt)

nudoku: No longer just for ncurses

(nia)

nudoku: Adapt to new ncurses reality. Allow NetBSD curses.

(nia)

doc: Updated devel/py-ruff-lsp to 0.0.53

(nikita)

devel/py-ruff-lsp: import py-ruff-lsp version 0.0.53

Ruff-lsp is a Language Server Protocol implementation for Ruff,
an extremely fast Python linter and code formatter, written in Rust.

Ruff can be used to replace Flake8 (plus dozens of plugins),
Black, isort, pyupgrade, and more, all while executing tens or
hundreds of times faster than any individual tool.

Ruff-lsp enables Ruff to be used in any editor that supports
the LSP, including Neovim, Sublime Text, Emacs and more. For
Visual Studio Code, check out the Ruff VS Code extension.

Ruff-lsp supports surfacing Ruff diagnostics and providing
Code Actions to fix them, but is intended to be used alongside
another Python LSP in order to support features like navigation
and autocompletion.

(nikita)

doc: Added games/urbanterror version 4.3.4

(nia)

import games/urbanterror

Urban Terror is a free multiplayer first person shooter that will
run on any Quake III Arena compatible engine.

Urban Terror can be described as a Hollywood tactical shooter;
somewhat realism based, but the motto is "fun over realism". This
results in a very unique, enjoyable and addictive game.

(nia)

doc: add Signal Desktop as suggested package

(wiz)

Updated www/nginx to 1.26.0

(osa)

www/nginx: update 1.24.0 -> 1.26.0

<ChangeLog>

*) 1.26.x stable branch.

</ChangeLog>

(osa)

Updated www/nginx-devel to 1.26.0

(osa)

www/nginx-devel: update 1.25.5 -> 1.26.0

<ChangeLog>

*) 1.26.x stable branch.

</ChangeLog>

(osa)

Updated www/nginx-devel to 1.25.5

(osa)

www/nginx-devel: update 1.25.4 -> 1.25.5

<ChangeLog>

*) Feature: virtual servers in the stream module.

*) Feature: the ngx_stream_pass_module.

*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
  the "listen" directive in the stream module.

*) Feature: cache line size detection for some architectures.
  Thanks to Piotr Sikora.

*) Feature: support for Homebrew on Apple Silicon.
  Thanks to Piotr Sikora.

*) Bugfix: Windows cross-compilation bugfixes and improvements.
  Thanks to Piotr Sikora.

*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
  Thanks to Vladimir Khomutov.

</ChangeLog>

(osa)

Updated devel/libnjs to 0.8.4
Updated lang/njs to 0.8.4
Updated www/nginx-devel to 1.25.4nb2
Updated www/nginx to 1.24.0nb18
Updated devel/libunit to 1.32.1
Updated www/unit to 1.32.1
Updated www/unit-perl to 1.32.1
Updated www/unit-php to 1.32.1
Updated www/unit-python to 1.32.1
Updated www/unit-ruby to 1.32.1

(osa)

www/unit: update distinfo with checksums for recently added patches

(osa)

*/*unit*: update NGINX Unit from 1.31.1 to 1.32.1

<ChangeLog>

Changes with Unit 1.32.1                                  26 Mar 2024

*) Bugfix: NJS variables in templates may have incorrect values due to
  improper caching.

*) Bugfix: Wasm application process hangs after receiving restart signal
  from the control.

Changes with Unit 1.32.0                                  27 Feb 2024

*) Feature: WebAssembly Components using WASI interfaces defined in
  wasi:http/proxy@0.2.0.

*) Feature: conditional access logging.

*) Feature: NJS variables access.

*) Feature: $request_id variable contains a string that is formed using
  random data and can be used as a unique request identifier.

*) Feature: options to set control socket permissions.

*) Feature: Ruby arrays in response headers, improving compatibility
  with Rack v3.0.

*) Feature: Python bytearray response bodies for ASGI applications.

*) Bugfix: router could crash while sending large files. Thanks to
  rustedsword.

*) Bugfix: serving static files from a network filesystem could lead to
  error.

*) Bugfix: "uidmap" and "gidmap" isolation options validation.

*) Bugfix: abstract UNIX socket name could be corrupted during
  configuration validation. Thanks to Alejandro Colomar.

*) Bugfix: HTTP header field value encoding could be misinterpreted in
  Python module.

*) Bugfix: Node.js http.createServer() accepts and ignores the "options"
  argument, improving compatibility with strapi applications, among
  others.

*) Bugfix: ServerRequest.flushHeaders() implemented in Node.js module to
  make it compatible with Next.js.

*) Bugfix: ServerRequest.httpVersion variable format in Node.js module.

*) Bugfix: Node.js module handles standard library imports prefixed with
  "node:", making it possible to run newer Nuxt applications, among
  others.

*) Bugfix: Node.js tarball location changed to avoid build/install
  errors.

*) Bugfix: Go module sets environment variables necessary for building
  on macOS/arm64 systems.

</ChangeLog>

(osa)

*/*: update NGINX JavaScript 0.8.2 -> 0.8.4

Bump PKGREVISION for www/nginx, www/nginx-devel.

<ChangeLog>

Changes with njs 0.8.4                                16 Apr 2024

nginx modules:

*) Feature: allowing to set Server header for outgoing headers.

*) Improvement: validating URI and args arguments in r.subrequest().

*) Improvement: checking for duplicate js_set variables.

*) Bugfix: fixed clear() method of a shared dictionary without
  timeout introduced in 0.8.3.

*) Bugfix: fixed r.send() with Buffer argument.

Core:

*) Feature: added QuickJS engine support in CLI.

*) Bugfix: fixed atob() with non-padded base64 strings.

Changes with njs 0.8.3                                07 Feb 2024

nginx modules:

*) Bugfix: fixed Headers.set().

*) Bugfix: fixed js_set with Buffer values.

*) Bugfix: fixed clear() method of a shared dictionary when
  a timeout is not specified.

*) Bugfix: fixed stub_status statistics when js_periodic is
  enabled.

Core:

*) Bugfix: fixed building with libxml2 2.12 and later.

*) Bugfix: fixed Date constructor for overflows and with
  NaN values.

*) Bugfix: fixed underflow in querystring.parse().

*) Bugfix: fixed potential buffer overread in
  String.prototype.match().

*) Bugfix: fixed parsing of for-in loops.

*) Bugfix: fixed parsing of hexadecimal, octal, and binary
  literals with no digits.

Changes with njs 0.8.2                                      24 Oct 2023

nginx modules:

*) Feature: introduced console object. The following methods
  were introduced: error(), info(), log(), time(), timeEnd(),
  warn().

Changes with njs 0.8.4                                      16 Apr 2024

nginx modules:

*) Feature: allowing to set Server header for outgoing headers.

*) Improvement: validating URI and args arguments in r.subrequest().

*) Improvement: checking for duplicate js_set variables.

*) Bugfix: fixed clear() method of a shared dictionary without
  timeout introduced in 0.8.3.

*) Bugfix: fixed r.send() with Buffer argument.

Core:

*) Feature: added QuickJS engine support in CLI.

*) Bugfix: fixed atob() with non-padded base64 strings.

Changes with njs 0.8.3                                      07 Feb 2024

nginx modules:

*) Bugfix: fixed Headers.set().

*) Bugfix: fixed js_set with Buffer values.

*) Bugfix: fixed clear() method of a shared dictionary when
  a timeout is not specified.

*) Bugfix: fixed stub_status statistics when js_periodic is
  enabled.

Core:

*) Bugfix: fixed building with libxml2 2.12 and later.

*) Bugfix: fixed Date constructor for overflows and with
  NaN values.

*) Bugfix: fixed underflow in querystring.parse().

*) Bugfix: fixed potential buffer overread in
  String.prototype.match().

*) Bugfix: fixed parsing of for-in loops.

*) Bugfix: fixed parsing of hexadecimal, octal, and binary
  literals with no digits.

</ChangeLog>

(osa)

u-boot: add u-boot-beaglebonegreen

(gutteridge)

Use proper method to install the program.

(nat)

Use proper method to install the binary.

As noted by jperkin@.

(nat)

graphics/gdk-pixbuf2: Note that 2.42.11 is broken

Add link to upstream ticket.
Upstream broke the API in a micro release, with no deprecation warnings visible in NEWS.
This broke unison on openSUSE.

(gdt)

doc: update tinyproxy vuln patterns

(wiz)

tinyproxy: fix CVE-2023-40533 = CVE-2022-40468.

Bump PKGREVISION.

(wiz)

doc: Updated www/tinyproxy to 1.11.1nb2

(wiz)

tinyproxy: Fix CVE-2023-49606 using upstream patch.

Bump PKGREVISION.

(wiz)

ccleste: fix build on darwin

(nia)

ncurses: Put back fake ncurses.pc handling.

Fixes build of e.g. editors/mg on macOS using builtin ncurses.

(jperkin)

doc: Added games/ccleste version 1.4.0

(nia)

missing file from previous commit

(nia)

Import games/ccleste

Celeste is a platform game developed and published by indie studio Maddy
Makes Games. The player controls Madeline, a young woman with anxiety and
depression who aims to climb Celeste Mountain. During her climb, she encounters
several characters, including a personification of her self-doubt known as
Badeline, who attempts to stop her from climbing the mountain.

This is a C source port of the original Celeste (Celeste Classic for the
PICO-8), designed to be portable.

(nia)

spectrum: remove

Deprecated version 1, even newer major version 2 is kind-of-dead.

Ok nia@

(wiz)

doc: Updated pkgtools/pkglint to 23.4.2

(rillig)

pkgtools/pkglint: update to 23.4.2

Changes since 23.4.1:

Fixed the wrong suggestion that list variables or variables of an
unknown type could be compared using `${LIST} == word` instead of
`${LIST:Mword}`.

Fixed the wrong warning when a value is appended using `+=` to a
variable of unknown type.

(rillig)

cargo-c: try fixing Illumos build

(wiz)

Updated security/qca2-qt5*

(adam)

qca2-qt5*: updated to 2.3.8

2.3.8
Bug fixes

(adam)

Updated www/py-django, www/py-django4, www/py-django-sql-explorer, www/py-gunicorn

(adam)

py-gunicorn: updated to 22.0.0

22.0.0 - 2024-04-17
===================

- use `utime` to notify workers liveness
- migrate setup to pyproject.toml
- fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
- parsing additional requests is no longer attempted past unsupported request framing
- on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
- requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
- Trailer fields are no longer inspected for headers indicating secure scheme
- support Python 3.12

** Breaking changes **

- minimum version is Python 3.7
- the limitations on valid characters in the HTTP method have been bounded to Internet Standards
- requests specifying unsupported transfer coding (order) are refused by default (rare)
- HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
- HTTP methods containing the number sign (#) are no longer accepted by default (rare)
- HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
- HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
- HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
- HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
- requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
- empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

- fix CVE-2024-1135

(adam)

py-django-sql-explorer: updated to 4.2

4.2

Tracking should be opt-in and not use the SECRET_KEY
Import error (sql_metadata) with 4.1 version
Accessing the database during app initialization
Regex-injection vulnerability
Improved assistant UI

(adam)

py-django4: updated to 4.2.12

Django 4.2.12 fixes a compatibility issue with Python 3.11.9+ and 3.12.3+.

Fixed a crash in Django 4.2 when validating email max line lengths with content decoded using the surrogateescape error handling scheme

(adam)

py-django: updated to 5.0.5

Django 5.0.5 fixes several bugs in 5.0.4.

Fixed a bug in Django 5.0 that caused a crash of Model.save() when creating an instance of a model with a GeneratedField and providing a primary key
Fixed a compatibility issue encountered in Python 3.11.9+ and 3.12.3+ when validating email max line lengths with content decoded using the surrogateescape error handling scheme
Fixed a bug in Django 5.0 that caused a crash when applying migrations including alterations to GeneratedField such as setting db_index=True on SQLite
Allowed importing aprefetch_related_objects from django.db.models
Fixed a bug in Django 5.0 that caused a migration crash when a GeneratedField was added before any of the referenced fields from its expression definition
Fixed a bug in Django 5.0 that caused a migration crash when altering a GeneratedField referencing a renamed field
Fixed a bug in Django 5.0 where the querysets argument of GenericPrefetch was not required

(adam)

Updated security/py-cryptography, security/py-cryptography_vectors, security/py-truststore, devel/py-frozendict

(adam)

py-frozendict: updated to 2.4.4

frozendict v2.4.4

Added typing for deepfreeze, register and unregister

(adam)

py-truststore: updated to 0.9.1

0.9.1

Fixed an issue for CPython 3.13 where ssl.SSLSocket and ssl.SSLObject certificate chain APIs would return different types.

(adam)

py-cryptography py-cryptography_vectors: updated to 42.0.7

42.0.7 - 2024-05-06

* Restored Windows 7 compatibility for our pre-built wheels. Note that we do
  not test on Windows 7 and wheels for our next release will not support it.
  Microsoft no longer provides support for Windows 7 and users are encouraged
  to upgrade.

(adam)

mu: removed patches from distinfo

(ktnb)

import a legacy version of graphics/SDL2_image to go with legacy SDL2

(nia)

import a legacy version of SDL2_mixer to go with the legacy SDL2.

(nia)

doc: Updated graphics/gimp to 2.10.38

(wiz)

gimp: update to 2.10.38.

Overview of Changes from GIMP 2.10.36 to GIMP 2.10.38
=====================================================

This release features some important feature backport for Windows: support of
Windows Ink API for input devices (i.e. graphics tablets in particular).

Other than this, it is mostly a bug-fix release of core and plug-in code. On any
OS other than Windows, there are no functional changes, though you will want to
update for fixes.

Core:

  - Windows Ink support backported from GIMP 3 (this also relies on GTK+3
    backports so the build for GIMP 2.10.38 requires specially-patched GTK+2, on
    Windows only).
  - On Windows, it would now be possible to use devices attached after GIMP has
    started through a fallback device.

Translations:

  - 15 translations were updated: Belarusian, Brazilian Portuguese, British
    English, Danish, Georgian, German, Hungarian, Icelandic, Italian, Norwegian
    Nynorsk, Slovenian, Spanish, Swedish, Turkish, Ukrainian.

Build:

  - Many GTK+2 patches for Windows (see #7498) were backported specially from
    newer GTK versions and are integrated in our installer.

(wiz)

assaultcube: fix on darwin again

(nia)

rebar3: fix build

Unset http_proxy and https_proxy when calling bootstrap - these variables
are validated even though the bootstrap shouldn't access the network.
Add link to upstream bug report.

While here, remove superfluous, incompletely defined SUBST section
that pkglint warned about.

(wiz)

Updated net/rabbitmq, textproc/py-cssutils

(adam)

py-cssutils: updated to 2.10.2

v2.10.2

Bugfixes

- Remove optional dependency only required on unsupported Python versions.

v2.10.1

Bugfixes

- Replace xunit-style setup with pytest fixtures.

v2.10.0

Features

- getPropertyValue now allows specifying a default value.

(adam)

rabbitmq: updated to 3.13.2

RabbitMQ 3.13.2

Core Broker

Bug Fixes

Several Quorum queues WAL and segment file operations are now more resilient to certain filesystem operation failures.

Classic queues v2 could run into an exception after a node restart.

Peer discovery failed in some IPv6-only environments. This behavior was new in 3.13.x.

rabbitmqctl stop_app is now faster, in particular for nodes that are not under significant load.

x-death counter was not incremented for messages that expired due to message TTL.
This behavior was new in 3.13.x.

Quorum queue replica removal now more resilient in clusters under close to peak load,
a condition that can trigger timeouts for certain operations involving multiple nodes.

rabbitmq-server (the shell script) now propagetes the exit code from the runtime process.

Enhancements

Definition import did not handle a scenario where some virtual hosts did not have
the default queue type metadata key set.

When a virtual host is deleted, several more internal events are emitted: for example,
the events related to removal of user permissions and runtime parameters associated
with the virtual host.

CLI Tools

Bug Fixes

rabbitmqctl list_unresponsive_queues now supports the (queue) type column.

MQTT Plugin

Bug Fixes

MQTT clients that did not configure a will (message) delay interval could run into
an exception due to an unnecessary permission check on the will target.

Messages published by MQTT clients were missing the timestamp_in_ms (the more precise header).
This behavior was new in 3.13.x.

Messages published using QoS 0 were unintentionally marked as durable internally.

Management Plugin

Bug Fixes

GET /api/queues/{vhost}/{name} could return duplicate keys for quorum queues.

Several endpoints responded with a 500 instead of a 404 when target virtual host
was non-existent.

OAuth 2 AuthN/AuthZ Plugin

Enhancements

The OpenID Connect RP-Initiated Logout feature is now only used if the identity provider service
lists it as supported.

Kubernetes Peer Discovery Plugin

Enhancements

More TLS client settings now can be configured:

cluster_formation.k8s.tls.cacertfile = /path/to/kubernetes/api/ca/certificate.pem
cluster_formation.k8s.tls.certfile = /path/to/client/tls/certificate.pem
cluster_formation.k8s.tls.keyfile = /path/to/client/tls/private_key.pem

cluster_formation.k8s.tls.verify = verify_peer
cluster_formation.k8s.tls.fail_if_no_peer_cert = true

JMS Topic Exchange Plugin

Enhancements

The plugin now stores its state on multiple nodes.

Shovel Plugin

Bug Fixes

Shovel metrics and internal state are now deleted when their shovel is, regardless of what node
it was hosted on and what node was targeted by the deleting (CLI or HTTP API) operation.

rabbitmqctl list_shovels CLI command now will list shovels running on all cluster nodes
and not just the target node.

Dependency Changes

ra was updated to 2.10.0

(adam)

nudoku: Switch over to ncurses.

This package was updated in between my posting the ncurses patch for
review and committing, so it was missed.

Remove mk/curses.buildlink3.mk include as it's a nop if ncurses is being
specifically requested, and add USE_CURSES=wide so that wide support is
enabled.

(jperkin)

ncurses: Provide a compat symlink for ncursesw.pc.

Some packages hardcode requests for this file, even though the actual
functionality is in libncurses, so just redirect there.

(jperkin)

doc: Added devel/cargo-zigbuild version 0.18.4

(nikita)

devel/cargo-zigbuild: import cargo-zigbuild version 0.18.4

Compile Cargo projects with zig as linker for easier cross compiling.

(nikita)

abbayedesmorts: Assumes compiler default to c99

(nia)

doc: Updated games/assaultcube to 1.3.0.2

(nia)

Note update of devel/py-rpds-py to 0.18.1.

(he)

assaultcube: Update to 1.3.0.2

Changes:
https://assault.cubers.net/docs/history.html

(nia)

devel/py-rpds-py: upgrade to version 0.18.1.

This bumps a few crate dependencies, including them pyo3 to 0.20.3,
so that we gain the ability to build this package on CPUs which do
not have native 64-bit atomic operations, thanks to the use of
the portable-atomic crate.

(he)

net/routinator: allow network access during build.

This can reportedly be reverted once 0.14.0 is released
and packaged.

(he)

neomutt: deprecate ncursesw option

Does the same as the ncurses option now

(wiz)

doc: Updated sysutils/fd-find to 10.0.0

(pin)

sysutils/fd-find: update to 10.0.0

v10.0.0

Features
- Add `dir` as an alias to `directory` when using `-t` \ `--type`, see #1460 and #1464 (@Ato2207).
- Add support for @%s date format in time filters similar to GNU date (seconds since Unix epoch for --older/--newer), see #1493 (@nabellows)
- Breaking: No longer automatically ignore `.git` when using `--hidden` with vcs ignore enabled. This reverts the change in v9.0.0. While this feature
  was often useful, it also broke some existing workflows, and there wasn't a good way to opt out of it. And there isn't really a good way for us to add
  a way to opt out of it. And you can easily get similar behavior by adding `.git/` to your global fdignore file.
    See #1457.

Bugfixes
- Respect NO_COLOR environment variable with `--list-details` option. (#1455)
- Fix bug that would cause hidden files to be included despite gitignore rules
  if search path is "." (#1461, BurntSushi/ripgrep#2711).
- aarch64 builds now use 64k page sizes with jemalloc. This fixes issues on some systems, such as ARM Macs that
  have a larger system page size than the system that the binary was built on. (#1547)
- Address [CVE-2024-24576](https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html), by increasing minimum rust version.

Changes
- Minimum supported rust version is now 1.77.2

On pkgsrc this has been reverted as CVE-2024-24576 only affects Windows.

(pin)

mutt: deprecate wide-curses option

It does the same as the curses option now.

(wiz)

enet: Update to 1.3.18

ENet 1.3.18 (April 14, 2024):

* Packet sending performance improvements
* MTU negotiation fixes
* Checksum alignment fix
* No more dynamic initialization of checksum table
* ENET_SOCKOPT_TTL
* Other miscellaneous small improvements

(nia)

Strip the binary prior to installation.

(nat)

assaultcube: Port to Darwin.

(nia)

doc: Updated mail/mu to 1.12.5

(ktnb)