revert previous; didn't mean to commit it -- commented CFLAGS adjustment.

(mrg)

make this work on netbsd mips n64 -- don't pretend to be 32 bit.

noticed when w3m build didn't.

(mrg)

doc: Updated devel/go-tools to 0.39.0

(bsiegert)

go-tools: update to 0.39.0

This no longer contains the "godoc" binary, which makes it a lot less
useful. To get an HTTP server with package docs, try "go doc -http".

(bsiegert)

mongodb: Fix bogus configure check for mongoc-1.0

Unclear what changed (scons?) but it was passing "mongoc_get_major_version();"
to the command line arguments with each character being prefixed by -l.

(maya)

doc: Updated www/apache24 to 2.4.66

(taca)

www/apache24: update to 2.4.66

Apache 2.4.66 (2025-12-04)

Security changes with Apache 2.4.66:

  *) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec
    bypass via AllowOverride FileInfo (cve.mitre.org)
    mod_userdir+suexec bypass via AllowOverride FileInfo
    vulnerability in Apache HTTP Server. Users with access to use
    the RequestHeader directive in htaccess can cause some CGI
    scripts to run under an unexpected userid.
    This issue affects Apache HTTP Server: from 2.4.7 through
    2.4.65.
    Users are recommended to upgrade to version 2.4.66, which fixes
    the issue.
    Credits: Mattias Ã…sander (UmeÃ¥ University)

  *) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment
    variable override (cve.mitre.org)
    Improper Neutralization of Escape, Meta, or Control Sequences
    vulnerability in Apache HTTP Server through environment
    variables set via the Apache configuration unexpectedly
    superseding variables calculated by the server for CGI programs.
    This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
    Users are recommended to upgrade to version 2.4.66 which fixes
    the issue.
    Credits: Mattias Ã…sander (UmeÃ¥ University)

  *) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on
    Windows through UNC SSRF (cve.mitre.org)
    Server-Side Request Forgery (SSRF) vulnerability
    Â in Apache HTTP Server on Windows
    with AllowEncodedSlashes On and MergeSlashes Off  allows to
    potentially leak NTLM
    hashes to a malicious server via SSRF and malicious requests or
    content
    Users are recommended to upgrade to version 2.4.66, which fixes
    the issue.
    Credits: Orange Tsai (@orange_8361) from DEVCORE

  *) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side
    Includes adds query string to #exec cmd=... (cve.mitre.org)
    Apache HTTP Server 2.4.65 and earlier with Server Side Includes
    (SSI) enabled and mod_cgid (but not mod_cgi) passes the
    shell-escaped query string to #exec cmd="..." directives.
    This issue affects Apache HTTP Server before 2.4.66.
    Users are recommended to upgrade to version 2.4.66, which fixes
    the issue.
    Credits: Anthony Parfenov (United Rentals, Inc.)

  *) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME),
    unintended retry intervals (cve.mitre.org)
    An integer overflow in the case of failed ACME certificate
    renewal leads, after a number of failures (~30 days in default
    configurations), to the backoff timer becoming 0. Attempts to
    renew the certificate then are repeated without delays until it
    succeeds.
    This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.
    Users are recommended to upgrade to version 2.4.66, which fixes
    the issue.
    Credits: Aisle Research

(taca)

Ooops, fix double-patched file

(martin)

Updated games/woof, x11/py-qt6

(adam)

py-qt6: updated to 6.10.1

v6.10.1 5th December 2025
- Added support for `QRangeModel` (and related `QPyAbstractRange`,
  `QPySequenceRange` and `QPyTableRange`).
- Fixed a regression in `pylupdate6` when using Python v3.14.
- Fixed ownership issues with the result of calls to
  `createStandardContextMenu()` and `createMimeDataFromSelection()`.

(adam)

woof: updated to 15.3.0

15.3.0

New Features and Improvements

Mod Support:

Improvements to Chex support (thanks to @MelodicSpaceship):
Added proper obituaries for Chex 1 in its DEHACKED file.
Added a DEHACKED file for Chex 2 which sets correct level names and fitting obituaries for Chex 2's reskinned flemoids.
Enabled brightmaps to work in the Chex 3 Vanilla IWADs as well.
Enabled ANIMATE feature for default sky and SKYDEFS.
Added support for non-power-of-2 textures.
Added support for scalex SKYDEFS field.
Added BEX mnemonic for beta pickup sprite.
Added NyanDoom widescreen patch support.
Added partial support for GAMEVERS from NyanDoom (compatibility with RUST series).

Sound and music:

Seamlessly pause and resume sounds. Side effect: No more chainsaw "rev up" sound when pausing game.
Improve doppler effect. Uses the correct velocity calculation. Adjust doppler effect scaling range.
Improve sound curve. Sound attenuation over distance is now more gradual when using the OpenAL 3D sound module.
Reduce PC speaker square wave amplitude. It was way too loud in comparison to the other sound modules.
Improve looping order for older MIDI hardware devices.
Disable SysEx for Fluidsynth (fixes DBP37_AUGZEN.wad MAP22).

Input:

The maximum pitch angle is 45 when direct aim is enabled. Add the max_pitch_angle config variable.
Added gamepad device selection to menu.
Added reset camera options for gyro button.
Don't turn off gamepad LED when exiting game.
Added support for binding the non-US backslash key.

Miscellaneous:

The map reveal cheats (IDDT) can now be repeated by repeating the final character (from DSDA-Doom).
Remove "Animated Health/Armor Count" feature.
Bring back "Original" fuzz mode option.
Remove SSG in Doom 1 feature (compatibility with RUST series).
If level title announce string is too long, draw author on next line.
Prevent P_LookForPlayers from retrying sighting a player who failed (from Eternity Engine). Improve perfomance in Necromantic Thirst MAP25.
Use $TMPDIR to find tempdir on Unix (thanks to @Usinganame).
Replace whole words in strings, use in player messages.
Update SUCKS time to match PrBoom's 100 hours.
Various menu tweaks.

Bug Fixes

Fixed buffer overflow in d_deh.c.
Fixed compatibility with "The Sky May Be" WAD.
Fixed switching weapons while zooming automap.
Fixed inconsistencies caused by load order:
Replace UMAPINFO with DEHACKED for E1M4b and E1M8b.
Always parse CHEX.DEH first.
Fixed restore defaults for advanced gamepad menu.
Fixed vanilla weapon switch logic, for example: DEHACKED chainsaw with ammo (thanks to @andrikpowell).
Fixed ghost monsters being blood-colored.
Fixed indicators flashing when invulnerability powerup fades out.
Fixed DEMOLOOP missing support for DEHACKED Text substitution.
Fixed exit from program if lump is not found in TRAKINFO.
Fixed raw input for XInput devices under Windows.
Fixed crash if animation speed is 0 in ANIMATED lump.
Fixed tracker music looping.
Fixed MUSINFO reset after level reload.
Fixed desync in mh1910-430.lmp demo. Match PrBoom+ A_FireOldBFG autoaim behavior.

(adam)

doc: Updated devel/fq to 0.16.0

(wiz)

fq: update to 0.16.0.

# 0.16.0

## Changes

- Update gojq fork. Changes from upstream:
  - Reduced memory usage for long running scripts (restore data offset when popping fork)
  - Support binding expressions with binary operators, ex `1 // 2 as $v | $v`
  - Fix repeating string to emit an error when the result is too large
  - Fix last/1 to be included in builtins/0
  - Implement toboolean/0 function
  - Implement trimstr/1 function
  - Increase the array index limit to 2^29
  - Round up end index of slicing for jq compatibility
- Documentation fixes #1185 Thanks @emanuele6

## Format changes

- `avc_nal` Decode slice header frame number and picture order #1227
- `flac_frame` Add option to decode sample and residuals details #802
- `matroska` Update to latest spec #1219
- `mpeg_asc` Decode SBR and PS hierarchical signalling #1192 Thanks @ntrrgc
- `mp4` Decode `elng` box #1182
- `safetensors` Add decoder #1203 Thanks @Leowbattle

(wiz)

doc/TODO: add some

+ cups-2.4.16, dvdisaster-0.79.10, hwdata-0.402, jjui-0.9.7,
  kiwix-tools-3.8.1, libcups-2.4.16, libkiwix-14.1.1, libpaper-2.2.7,
  libxkbcommon-1.13.1, moor-2.9.4, ov-0.50.2, pandoc-cli-3.8.3,
  prometheus-3.8.0, protobuf-33.2, py-aiodns-3.6.0,
  py-cyclonedx-python-lib-11.6.0, py-lsp-server-1.14.0,
  py-platformdirs-4.5.1, py-protobuf-6.33.2, py-qt-builder-1.19.1,
  py-qt6-6.10.1, py-sip-qt6-13.10.3, py-sip6-6.15.0, py-sphinx-9.0.4,
  py-textual-6.7.1, py-uv-build-0.9.16, restish-0.21.1, rucola-0.8.1,
  tree-sitter-bash-0.25.1.

(wiz)

security/opendoas: some fixes

(vins)

defguard-proxy: add missing patch

(adam)

Updated security/py-acme, security/py-certbot*

(adam)

py-acme py-certbot*: updated to 5.2.1

Certbot 5.2.1

Added

Support for Python 3.14 was added.

Changed

While nothing significant should have changed from the user's perspective,
we've been doing a lot of internal refactoring in preparation for soon adding
support for IP address certificates to Certbot.

Fixed

Removed vhost_combined and vhost_common log formats from included Apache
configuration file.
Due to a mistake on our end playing with GitHub's new immutable
releases
feature that prevented our CI from uploading additional release assets,
Certbot 5.2.0 was not and will not be uploaded to most platforms. Instead,
that version number will be skipped and we'll go straight to 5.2.1.

(adam)

EasyPG: remove

No upstream.

This is part of the emacs and xemacs-packages packages nowadays anyway,
so no need for an outdated separate package.

(wiz)

abiword: fix build on NetBSD 11.99.4

Fix pkglint while here

(wiz)

easygit: switch to original author's recommended fork HOMEPAGE

via https://github.com/newren/easygit

(wiz)

dx: comment out dead sites

(wiz)

dvtm: switch to https

(wiz)

dvdisaster: update HOMEPAGE & MASTER_SITES

(wiz)

dvd+rw-tools: comment out dead site

(wiz)

doc: Updated time/p5-DateTime-Format-Strptime to 1.8000

(wiz)

p5-DateTime-Format-Strptime: update to 1.8000.

1.80    2025-12-06

* Fix the parse_datetime docs to state that it returns either an empty list of undef when it cannot
  parse the given string, depending on the context. Previously, the docs said it always returned
  undef, which is not true. Reported by @falsifian (James Cook). GH #33.

(wiz)

expat: improve builtin.mk

To fix configure step in abiword:
- do not remove too much before scanning before 'pkg-config' in USE_TOOLS
- hook to pre-configure to make sure to be called even when pre-configure
  is overridden

(wiz)

Updated graphics/oxipng, devel/py-test

(adam)

py-test: updated to 9.0.2

9.0.2

Bug fixes

The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.
You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.
The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.
Fixed quadratic-time behavior when handling unittest subtests in Python 3.10.

Improved documentation

The API Reference now contains cross-reference-able documentation of pytest窶冱 command-line flags.

(adam)

oxipng: updated to 10.0.0

10.0.0

[Breaking] CLI: Change short zopfli flag from -Z to -z.
[Breaking] CLI: Change --pretend/-P to --dry-run/-d.
[Breaking] CLI: Change --interlace options from 1/0 to on/off.
[Breaking] API: Change Options.interlace: Option<Interlacing> to Options.interlace: Option<bool>.
[Breaking] API: Change Options.filter: IndexSet<RowFilter> to Options.filters: IndexSet<FilterStrategy>.
[Breaking] API: Change Options.deflate: Deflaters to Options.deflater: Deflater.
[Breaking] API: Change Deflaters::Zopfli { .. } to Deflater::Zopfli(ZopfliOptions { .. }).
[Breaking] API: Change optimize() to return (usize, usize), with original and optimized sizes.
[Feature] Allow zopfli iterations higher than 255.
[Feature] Add --ziwi option for zopfli iterations without improvement.
[Feature] Add --max-raw-size option to skip images that are too large.
[Feature] Add --brute-level and --brute-lines options for advanced control of Brute filter.
[Improvement] Reduce memory usage for fast mode.
[Improvement] Slightly improve compression with Brute filter at levels 5 and 6.
[Misc] Change --preserve option to no longer preserve last access time.
[Misc] Make help output colored.

(adam)

games/luanti: use mk/atomic64.mk so this builds on e.g. macppc.

(he)

fcitx: Fix build-time segmentation fault on NetBSD 11 by fixing ctype abuse

While here review the rest of the code for ctype abuse which might cause
run-time crashes in the same platform.

reviewed by riastradh.

(maya)

fcitx5: Fix build failure with fmtlib > 12.0.0 (pkgsrc version: 12.1.0)

Don't use optional code hunk that adds timestamps to logs for newer fmtlib.
The recommended migration path is for std::localtime, but this seemed like
a patch that I'm less likely to get wrong, as someone who is not experienced
in C++.

(maya)

log4shib: Build fix (seen in NetBSD 11 build results)

If GCC defaults to C++17, it errors out as that's when dynamic exceptions
were removed. Force us to use C++11.

(maya)

doc: Updated sysutils/collectd-web to 0.11.10

(wiz)

collectd-web: update to 0.11.10.

9 years of updates.

While here, add config file and wrapper for included Python HTTP
server.

(wiz)

doc: update for ticket 7035

(maya)

Pullup ticket #7035 - requested by bsiegert
graphics/png: Security fix

Revisions pulled up:
- graphics/png/Makefile                                        1.215-1.216
- graphics/png/distinfo                                        1.160-1.161

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sat Nov 22 07:06:11 UTC 2025

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  png: update to 1.6.51.

  Version 1.6.51 [November 21, 2025]
    Fixed CVE-2025-64505 (moderate severity):
      Heap buffer overflow in `png_do_quantize` via malformed palette index.
      (Reported by Samsung; analyzed by Fabio Gritti.)
    Fixed CVE-2025-64506 (moderate severity):
      Heap buffer over-read in `png_write_image_8bit` with 8-bit input and
      `convert_to_8bit` enabled.
      (Reported by Samsung and <weijinjinnihao@users.noreply.github.com>;
      analyzed by Fabio Gritti.)
    Fixed CVE-2025-64720 (high severity):
      Buffer overflow in `png_image_read_composite` via incorrect palette
      premultiplication.
      (Reported by Samsung; analyzed by John Bowler.)
    Fixed CVE-2025-65018 (high severity):
      Heap buffer overflow in `png_combine_row` triggered via
      `png_image_finish_read`.
      (Reported by <yosiimich@users.noreply.github.com>.)
    Fixed a memory leak in `png_set_quantize`.
      (Reported by Samsung; analyzed by Fabio Gritti.)
    Removed the experimental and incomplete ERROR_NUMBERS code.
      (Contributed by Tobias Stoeckmann.)
    Improved the RISC-V vector extension support; required RVV 1.0 or newer.
      (Contributed by Filip Wasil.)
    Added GitHub Actions workflows for automated testing.
    Performed various refactorings and cleanups.

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Wed Dec  3 23:11:32 UTC 2025

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  png: update to 1.6.52.

  Security fix release.

  Version 1.6.52 [December 3, 2025]
    Fixed CVE-2025-66293 (high severity):
      Out-of-bounds read in `png_image_read_composite`.
      (Reported by flyfish101 <flyfish101@users.noreply.github.com>.)
    Fixed the Paeth filter handling in the RISC-V RVV implementation.
      (Reported by Filip Wasil; fixed by Liang Junzhao.)
    Improved the performance of the RISC-V RVV implementation.
      (Contributed by Liang Junzhao.)
    Added allocation failure fuzzing to oss-fuzz.
      (Contributed by Philippe Antoine.)

(maya)

doc: Updated emulators/qemu to 10.1.2nb2

(leot)

qemu: Backport commit 98107c5d4c1c0a16f1a02a5efbfe01b567215cc6

Backport commit 98107c5d4c1c0a16f1a02a5efbfe01b567215cc6 in order to fix
PR pkg/59820.

This will be included in QEMU 10.1.3.

(leot)

doc: Updated devel/nss to 3.119

(wiz)

nss: update to 3.119.

Build-tested on Darwin by jperkin, thanks!

Changes:

  - Bug 1983320 - Fix ml-dsa return value for SECKEY_PrivateKeyStrengthInBits.
  - Bug 1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted.
  - Bug 2002246 - Add a pkcs12 fuzzer with crypto stubbed out.
  - Bug 2003314 - handle errors while setting sanitizers cflags in build.
  - Bug 1986912 - Ignore IVs for AES KW.
  - Bug 2003286 - Update Cryptofuzz version.
  - Bug 2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled.
  - Bug 1975855 - fix forwarding of sqlite_libs in sqlite.gyp.
  - Bug 1999204 - fix CPU_ARCH setting for arm64 makefile builds.
  - Bug 1998094 - remove unused calcThreads variable from cmd/rsaperf.
  - Bug 1978348 - Solving the incorrect tests introduced by extending EKU.
  - Bug 1972054 - Memory leaks in pkcs12 and pkcs7 decoders.
  - Bug 1978348 - Extending parsing with Microsoft Document Signing EKU.
  - Bug 1978348 - Extending parsing with Adobe Document Signing EKU.
  - Bug 1978348 - Extending pkix parsing with document signing EKUs.
  - Bug 2000737 - fix compilation failure on ia32.
  - Bug 2000737 - use hardware x64 GCM in static builds.
  - Bug 2000737 - separate ppc sha512 library from ppc gcm library.
  - Bug 2000737 - simplify cross-compilation from build.sh.
  - Bug 1724353 - use clang's integrated assembler.
  - Bug 2000737 - remove unused MP_IS_LITTLE_ENDIAN defines.
  - Bug 2000737 - fix logic for disabling altivec in gyp builds.
  - Bug 1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  - Bug 1972825 - Add TLS interoperability tests with openssl and gnutls.
  - Bug 1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest.
  - Bug 1965329 - add failure checks to pk11_mergeTrust() .
  - Bug 1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*.

(wiz)

nntpclnt: fix build on NetBSD 11.99.4

binutils deprecated 'l' and then reassigned it a new function.

(wiz)

doc: Updated graphics/png to 1.6.53

(wiz)

png: update to 1.6.53.

Version 1.6.53 [December 5, 2025]
  Fixed a build failure on RISC-V RVV caused by a misspelled intrinsic.
    (Contributed by Alexander Smorkalov.)
  Fixed a build failure with CMake 4.1 or newer, on Windows, when using
    Visual C++ without MASM installed.

(wiz)

doc: Updated audio/fasttracker2 to 2.01

(fox)

audio/fasttracker2: Update to 2.01

Changes since 2.00

v2.01 - 05.12.2025
- Reverted interpolation LUT size (phases) and calculation to that of v1.99

(fox)

doc: Updated textproc/treemd to 0.4.6

(pin)

textproc/treemd: update to 0.4.6

[0.4.6] - 2025-12-05

Fixed the non-existing file open modal.

The issue was that both exit_interactive_mode() and exit_link_follow_mode() unconditionally set self.mode = AppMode::Normal, which was overwriting the ConfirmFileCreate mode set by load_file() or load_wikilink() when a file doesn't exist.

[0.4.5] - 2025-12-04
Added

    Document overview for headerless files - Files without a top-level heading now show a "(Document)" entry in the outline (#25)
        Displays �沒� icon in outline for the document overview
        Shows entire file content including tables and text before the first heading
        Automatically added when there's preamble content or no headings at all

    Wikilink rendering in content - Wikilinks now render as clickable links in the content pane
        [[target]] displays as link with target as text
        [[target|alias]] displays alias text linking to target
        Works in both interactive mode and link follow mode
        Preprocessing converts wikilinks to standard markdown links for consistent parsing

    Links with spaces in URLs - Links like [text](path/to/my file.md) now work correctly
        CommonMark doesn't support spaces in URLs, but many wikis use them
        Preprocessing converts to angle bracket syntax for compatibility

    File creation prompts - Following links to non-existent files prompts to create them
        Confirmation dialog with [y] to create, [n/Esc] to cancel
        Creates file with default heading based on filename
        Automatically opens the newly created file
        Works for both relative links and wikilinks

    Page navigation in interactive mode - Scroll content while staying in interactive mode
        Press u or PgUp to scroll up
        Press d or PgDn to scroll down
        Maintains element selection while scrolling

Fixed

    Screen artifacts when scrolling - Fixed rendering artifacts caused by tab characters in code blocks (#26)
        Tabs are now converted to 4 spaces in code block syntax highlighting
        Also applies to raw markdown view for consistency

    Shift+Tab navigation - Fixed Shift+Tab not working for backwards navigation (#18)
        Now uses KeyCode::BackTab instead of checking modifiers
        Works correctly in both interactive mode and link follow mode

    Interactive mode scroll preservation - Entering interactive mode no longer jumps to first element
        Now selects the element closest to current scroll position
        Preserves user's view when toggling interactive mode

    Wikilink anchor support - Wikilinks now support section anchors
        [[filename#section]] loads file and jumps to heading
        [[#section]] jumps to heading in current document

    Relative file link improvements - Better handling of wiki-style links without extensions
        Files without extension now try .md first before opening in editor
        Improves compatibility with Obsidian and other wiki tools

Changed

    Interactive mode status bar - Updated to show page navigation hints
        Now displays: [INTERACTIVE] Tab:Next Shift+Tab:Prev u/d:Page Esc:Exit

    Help text updated - Interactive mode section includes new keybindings
        Added u/d for page up/down navigation

Technical

    Wikilink preprocessing (src/parser/content.rs)
        preprocess_wikilinks() converts [[target]] to [target](wikilink:target) before parsing
        preprocess_links_with_spaces() wraps URLs containing spaces in angle brackets
        Both use compiled regex with OnceLock for performance

    File creation flow (src/tui/app.rs)
        AppMode::ConfirmFileCreate for pending file creation state
        pending_file_create and pending_file_create_message fields
        confirm_file_create() and cancel_file_create() methods

    Interactive mode improvements (src/tui/interactive.rs)
        enter_at_scroll_position() selects element closest to scroll position
        Elements sorted by line position after indexing for proper navigation order
        Wikilinks detected via wikilink: URL prefix from preprocessing

    Page navigation (src/tui/app.rs, src/tui/mod.rs)
        scroll_page_down_interactive() and scroll_page_up_interactive() methods
        Keybindings for u/d/PgUp/PgDn in interactive mode

    File creation popup (src/tui/ui/popups.rs)
        render_file_create_confirm() renders themed confirmation dialog

(pin)

doc: Updated devel/serie to 0.5.5

(pin)

devel/serie: update to 0.5.5

What's Changed

- Select commits in Detail and UserCommand views by @lusingander in #109

(pin)

lang/mlir: add use of mk/atomic64.mk to make progress building on NetBSD/macppc.

(he)

devel/cargo-about: use mk/atomic64.mk to extend buildability.

Verified on NetBSD/macppc.

(he)

dumpmpeg: add trailing slash in HOMEPAGE

(wiz)

dsk2rom: comment out dead site

(wiz)

doxx: fix CATEGORIES and pkglint

(wiz)

doc: Updated www/py-urllib3 to 2.6.0

(wiz)

py-urllib3: update to 2.6.0.

2.6.0 (2025-12-05)
==================

Security
--------

- Fixed a security issue where streaming API could improperly handle highly
  compressed HTTP content ("decompression bombs") leading to excessive resource
  consumption even when a small amount of data was requested. Reading small
  chunks of compressed data is safer and much more efficient now.
  (`GHSA-2xpw-w6gg-jr37 <https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37>`__)
- Fixed a security issue where an attacker could compose an HTTP response with
  virtually unlimited links in the ``Content-Encoding`` header, potentially
  leading to a denial of service (DoS) attack by exhausting system resources
  during decoding. The number of allowed chained encodings is now limited to 5.
  (`GHSA-gm62-xv2j-4w53 <https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53>`__)

.. caution::
  - If urllib3 is not installed with the optional `urllib3[brotli]` extra, but
    your environment contains a Brotli/brotlicffi/brotlipy package anyway, make
    sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to
    benefit from the security fixes and avoid warnings. Prefer using
    `urllib3[brotli]` to install a compatible Brotli package automatically.

  - If you use custom decompressors, please make sure to update them to
    respect the changed API of ``urllib3.response.ContentDecoder``.

Features
--------

- Enabled retrieval, deletion, and membership testing in ``HTTPHeaderDict`` using bytes keys. (`#3653 <https://github.com/urllib3/urllib3/issues/3653>`__)
- Added host and port information to string representations of ``HTTPConnection``. (`#3666 <https://github.com/urllib3/urllib3/issues/3666>`__)
- Added support for Python 3.14 free-threading builds explicitly. (`#3696 <https://github.com/urllib3/urllib3/issues/3696>`__)

Removals
--------

- Removed the ``HTTPResponse.getheaders()`` method in favor of ``HTTPResponse.headers``.
  Removed the ``HTTPResponse.getheader(name, default)`` method in favor of ``HTTPResponse.headers.get(name, default)``. (`#3622 <https://github.com/urllib3/urllib3/issues/3622>`__)

Bugfixes
--------

- Fixed redirect handling in ``urllib3.PoolManager`` when an integer is passed
  for the retries parameter. (`#3649 <https://github.com/urllib3/urllib3/issues/3649>`__)
- Fixed ``HTTPConnectionPool`` when used in Emscripten with no explicit port. (`#3664 <https://github.com/urllib3/urllib3/issues/3664>`__)
- Fixed handling of ``SSLKEYLOGFILE`` with expandable variables. (`#3700 <https://github.com/urllib3/urllib3/issues/3700>`__)

Misc
----

- Changed the ``zstd`` extra to install ``backports.zstd`` instead of ``zstandard`` on Python 3.13 and before. (`#3693 <https://github.com/urllib3/urllib3/issues/3693>`__)
- Improved the performance of content decoding by optimizing ``BytesQueueBuffer`` class. (`#3710 <https://github.com/urllib3/urllib3/issues/3710>`__)
- Allowed building the urllib3 package with newer setuptools-scm v9.x. (`#3652 <https://github.com/urllib3/urllib3/issues/3652>`__)
- Ensured successful urllib3 builds by setting Hatchling requirement to >= 1.27.0. (`#3638 <https://github.com/urllib3/urllib3/issues/3638>`__)

(wiz)

www/Makefile: + py-quart, py-quart-trio

(wiz)

doc: Added www/py-quart-trio version 0.12.0

(wiz)

www/py-quart-trio: import py-quart-trio-0.12.0

Quart-Trio is an extension for Quart to support the Trio event
loop. This is an alternative to using the asyncio event loop present
in the Python standard library and supported by default in Quart.

(wiz)

doc: Added www/py-quart version 0.20.0

(wiz)

www/py-quart: import py-quart-0.20.0

Quart is an async Python web application framework. Using Quart
you can,

- render and serve HTML templates,
- write (RESTful) JSON APIs,
- serve WebSockets,
- stream request and response data,
- do pretty much anything over the HTTP or WebSocket protocols.

(wiz)

doc: Added www/py-hypercorn version 0.18.0

(wiz)

www/Makefile: + py-hypercorn

(wiz)

www/py-hypercorn: import py-hypercorn-0.18.0

Hypercorn is an ASGI and WSGI web server based on the sans-io hyper,
h11, h2, and wsproto libraries and inspired by Gunicorn. Hypercorn
supports HTTP/1, HTTP/2, WebSockets (over HTTP/1 and HTTP/2), ASGI,
and WSGI specifications. Hypercorn can utilise asyncio, uvloop, or
trio worker types.

Hypercorn can optionally serve the current draft of the HTTP/3
specification using the aioquic library.

(wiz)

doc: Updated devel/py-test-trio to 0.8.0nb1

(wiz)

py-test-trio: update dependency pattern, convert to wheel.mk

Bump PKGREVISION.

(wiz)

doc: Added textproc/xleak version 0.2.5

(pin)

Add xleak

(pin)

textproc/xleak: import package

Expose Excel files in your terminal - no Microsoft Excel required!

Inspired by doxx, xleak brings Excel spreadsheets to your command line with
beautiful rendering, powerful export capabilities, and a feature-rich
interactive TUI.

xleak features full-text search, formula display, lazy loading for large files,
clipboard support, and export to CSV/JSON.

(pin)

doc: Added textproc/doxx version 0.1.2

(pin)

Add doxx

(pin)

textproc/doxx: import package

Packaged in wip by wiz@ and myself.

A fast, terminal-native document viewer for Word files. View,
search, and export '.docx' documents without leaving your command
line.

(pin)

docbook2odf: note in COMMENT this is for DocBook 4.x

(gutteridge)

docbook2odf: note this is for DocBook 4.x

(gutteridge)

Updated devel/py-mercurial, devel/py-hg-evolve

(adam)

py-hg-evolve: updated to 11.1.10

11.1.10

This is a bugfix release. The most notable change is the compatibility
with the upcoming Mercurial 7.2.

(adam)

py-mercurial: updated to 7.1.2

Mercurial 7.1.2

A scheduled minor release, with few user-facing changes. It is the last release of the 7.1 cycle, baring any critical release.

dispatch: reference the Heptapod bug tracker in stacktrace output
dirstate: read the dirstate data file once instead of doing it 6 times
rust-revlog: fix adjustment of the LRU size to take the factor in account
doc: support docutils >= 0.22
Use old license format in pyproject.toml to help with packaging compatibility
Improved macOS CI
Improved test harness robustness

(adam)

Updated devel/py-incremental, devel/py-txaio

(adam)

py-txaio: updated to 25.12.1

25.12.1
Automated wheel build from commit 2d0ca8e

(adam)

py-incremental: updated to 24.11.0

Incremental 24.11.0 (2025-11-27)

Features

- Incremental now provides a CLI script, ``incremental``, allowing you to run it with ``pipx run incremental``.
  The ``incremental update`` subcommand offers the same functionality as ``python -m incremental.update``.
- Incremental now depends on packaging instead of setuptools at runtime
- Add Python 3.13 and 3.14 to the test matrix.

Bugfixes

- Build Incremental itself with Hatchling, working around failures with certain versions of setuptools

Improved Documentation

- Incremental's documentation now highlights its primary features: CalVer and indeterminate versions (NEXT).

Deprecations and Removals

- Incremental's CLI no longer depends on Click, so you no longer need to install ``incremental[scripts]`` for it to function.
  The ``scripts`` extra is deprecated.
- Drop support for Python 3.8, which has been end-of-life since October 2024.

(adam)

drupal11: follow redirect

(wiz)

drraw: comment out dead site

(wiz)

Updated devel/py-ipython, mail/py-checkdmarc

(adam)

py-checkdmarc: updated to 5.12.26

5.12.26

Fixes

SPF void miscount
Reject SPF records with an all mechanism that is not preceded by whitespace

(adam)

dose3: update HOMEPAGE, comment out dead master site

(wiz)

py-ipython: updated to 9.8.0

IPython 9.8

This release brings improvements to concurrent execution, history commands, tab completion, and debugger performance.

- :ghpull:`15037` Fix some ruff issues with import
- :ghpull:`15060` Stricter typing for many utils files
- :ghpull:`15066` Strict typing of a few more files
- :ghpull:`15067` Fix self import of deprecated items
- :ghpull:`15069` Document :magic:`history` usage with all lines of a session
- :ghpull:`15070` Allow session number without trailing slash in :magic:`history` magic
- :ghpull:`15074` Use values for tab completion of variables created using annotated assignment
- :ghpull:`15076` Fix error on tab completions
- :ghpull:`15078` Show completions for annotated union types
- :ghpull:`15079` Fallback to type annotations for attribute completions
- :ghpull:`15081` Strictly suppress file completions in attribute completion context
- :ghpull:`15083` Minor performance improvements in debugger
- :ghpull:`15084` Documentation updates
- :ghpull:`15088` Make :any:`run_cell_async` reenterable for concurrent cell execution

(adam)