Add and enable lnetd.

Add and enable prefork.

Add lnetd: Utility to bind to UNIX domain socket and spawn children

Lnetd is a small program which will bind to a UNIX domain socket and
spawn children in the same way as inetd(8).

Add prefork: Utility to prefork inetd-style wait services

prefork is a utility to prefork inetd-style wait services which itself
runs as an inetd-style wait service. prefork expects to be passed file
descriptor zero (0) as a listening socket on which accept(2) can be
called and will spawn children, passing them file descriptor zero (0)
under the expectation that these children will service the incoming
connexions. The children should then service connexions by calling
accept(2) on the socket.

doc: Added sysutils/lnetd version 0.2

doc: Added sysutils/prefork version 0.3.0.0.20241029

coreutils: ignore y2038 requirement on Tiger.

doc: Updated security/libressl to 4.1.0

libressl: update to 4.1.0. Changes:

* Portable changes
  - Added initial experimental support for loongarch64.
  - Fixed compilation for mips32 and reenable CI.
  - Fixed CMake builds on FreeBSD.
  - Fixed the --prefix option for cmake --install.
  - Fixed tests for MinGW due to missing sh(1).
* Internal improvements
  - Cleaned up the error implementation.
  - Many bug fixes and simplifications in the EC ASN.1 code.
  - Corrected DER encoding for EC keys and parameters.
  - Polished EC_POINT_{oct2point,point2oct}() internals.
  - Rewrote the wNAF code for fast ECDSA verification.
  - Improved the code setting compressed coordinates for EC points.
  - Reworked CPU capabilities detection for amd64 and aarch64.
  - New SHA-1, SHA-256 and SHA-512 assembly implementations for amd64.
    These make use of the SHA-NI instruction if it is available and
    replace the perl-generated assembly optimized for museum pieces.
    These are not yet enabled in libressl-portable.
  - New SHA-256 and SHA-512 assembly implementations for aarch64
    making use of the ARM Cryptographic Extension (CE). Not yet
    enabled in libressl-portable.
  - New simplified, readable MD5 implementation for amd64.
  - Rewrote BN_bn2binpad() and its lebin siblings.
  - The BIGNUMs in EC_GROUP and EC_POINT are now heap allocated.
  - Rewrote TS_ASN1_INTEGER_print_bio().
  - Improved bit counter handling in MD5.
  - Simplified and cleaned up the BN_RECP_CTX internals.
  - Improved SM4 to match other symmetric ciphers more closely.
  - Rewrote X509_NAME_oneline() and X509_NAME_print() using CBS/CBB.
  - CRLs are now cached in the issuer cache like certificates.
  - Replaced combinations of BN_MONT_CTX_new/set with an internal
    BN_MONT_CTX_create().
  - Replaced BN_bn2hex() reimplementation in openssl(1) ca with
    a proper API call.
  - Fixed integer overflows due to signed shift in obj_dat.c.
  - Improved some X509_VERIFY_PARAM internals and avoid an out of
    bounds read from public API.
  - Imported ML-KEM 768 and 1024 from BoringSSL (not yet public API).
* Compatibility changes
  - Added an OPENSSL_INIT_NO_ATEXIT flag for OPENSSL_init_crypto().
    It has no effect since LibreSSL doesn't call atexit().
  - Elliptic curve parameters are only accepted if they encode a
    built-in curve.
  - EC_METHOD is no longer public and the API exposing it has been
    removed. This includes EC_GROUP_new(), EC_GFp_mont_method(),
    EC_GROUP_method_of() and EC_METHOD_get_field_type().
  - The precomputation stubs for EC_GROUP were removed.
  - The API setting Jacobian projective coordinates for a point was
    removed as were EC_POINTs_{mul,make_affine}().
  - All elliptic curves over fields with less than 224 bits and a
    few more were removed from the built-in curves. This includes
    all WTLS curves and P-192.
  - It is no longer necessary to set RSA_FLAG_SIGN_VER to use the
    sign and verify handlers set with RSA_meth_set_{sign,verify}.
  - Removed the -C option to generate "C code" from the openssl(1)
    dh, dhparam, dsaparam, ecparam, and x509 subcommands.
  - Removed #error in headers when OPENSSL_NO_* is defined.
  - CRYPTO_set_mem_functions() now matches OpenSSL 1.1 and
    CRYPTO_set_mem_ex_functions() was removed.
  - The tls_session_secret_cb_fn type now matches OpenSSL 1.1.
  - Unexport X509_NAME_print() and X509_OBJECT_up_ref_count().
  - const corrected UI_OpenSSL() and BN_MONT_CTX_copy().
  - Support OPENSSL_NO_FILENAMES.
  - Support SSL_OP_NO_RENEGOTIATION and SSL_OP_ALLOW_CLIENT_RENEGOTIATION.
  - Export PKCS12_key_gen_uni() again.
* New features
  - libtls has a new tls_peer_cert_common_name() API call to retrieve
    the peer's common name without having to inspect the PEM.
* Bug fixes
  - Plugged a leak in eckey_compute_pubkey().
  - Again allow the magic values -1, -2 and -3 for the salt length
    of an RSA-PSS key in the EVP_PKEY_CTX_ctrl_str() interface.
  - Fixed a few memory leaks in legacy code.
* Documentation
  - The remaining undocumented public EVP API is now documented.
  - Reorganization of existing documentation for clarity and accuracy.
* Testing and proactive security
  - Improved regress coverage of the EC code.

Add and enable apaste.

Add apaste: Small command-line pastebin to share terminal output

apaste is a simple implementation of a pastebin, to publish data to a
server via a short command line.

doc: Added www/apaste version 0.0.3.0

doc: Updated devel/skalibs to 2.14.4.0

doc: Updated lang/execline to 2.9.7.0

doc: Updated mail/smtpd-starttls-proxy to 0.0.2.0

doc: Updated misc/s6-portable-utils to 2.3.1.0

doc: Updated net/s6-dns to 2.4.1.0

doc: Updated net/s6-networking to 2.7.1.0

doc: Updated net/shibari to 0.0.2.0

doc: Updated sysutils/s6 to 2.13.2.0

doc: Updated www/tipidee to 0.0.6.0

execline: update to 2.9.7.0. Changes:

- Bugfixes.
- pkg-config support.
- New "-P maxpar" option to forx and forstdin, for bounded parallelism.

s6-dns: update to 2.4.1.0. Changes:

- Bugfixes. (And a workaround for a bionic bug.)
- pkg-config support.

s6-networking: update to 2.7.1.0. Changes:

- Bugfixes.
- pkg-config support.

pkgsrc changes:

- Enable execline option by default.

s6-portable-utils: update to 2.3.1.0. Changes:

- Bugfixes.
- pkg-config support.

s6: update to 2.13.2.0. Changes:

- Bugfixes.
- pkg-config support.
- s6-svstat now correctly reports services that haven't started yet.

shibari: update to 0.0.2.0. Changes:

- Bugfixes.
- pkg-config support.

smtpd-starttls-proxy: update to 0.0.2.0. Changes:

- Bugfixes.
- pkg-config support.

tipidee: update to 0.0.6.0. Changes:

- Bugfixes.
- pkg-config support.
- CGI output is now streamed and can be autochunked.
- Support for ip-based tarpitting.

doc: Updated www/snac to 2.77

snac: update to 2.77. Changes:

As they look confusing in some platforms, links in content posts are no
longer included as `Link` attachments.

Reset PKGREVISION on xapian update.

doc: Updated textproc/xapian to 1.4.29

doc: Updated textproc/xapian-omega to 1.4.29

xapian-omega: update to 1.4.29. Changes:

indexers:

* omindex:

  + Abiword indexing now includes metadata, and also no longer tries to index
    base64 encoded data for embedded images, etc.  Mostly this would be skipped
    due to being longer than the 64 byte default word length limit, but junk
    terms could result from `/` or `+` in the base64 data, or a shorter final
    line.

portability:

* Improve check for broken faketime.  We now test the output of a small helper
  program which calls time() and gmtime() and reports the year.  Previously we
  tested the output of date +%Y but GNU date seems to call clock_gettime() on
  Linux and that doesn't catch if faketime fails to intercept time(), which is
  the case that we actually need to work.  Reported by Ian Jackson.

* Workaround autoconf 2.72 AC_SYS_LARGEFILE bug.  This configure probe always
  fails when run with the C++ compiler, like we do, which leads to large file
  support not being enabled when it isn't the default (e.g. on 32-bit Linux
  platforms).  Reported by Adrian Bunk.

xapian: update to 1.4.29. Changes:

API:

* Stem:

  + Optimise stemming algorithms.  The biggest improvement is for Tamil where
    there's a 47% reduction in the time taken to stem all the words in our test
    vocabulary.  Less dramatic improvements for Arabic, Danish, Dutch, English,
    French, Finnish, Irish, Kraaij-Pohlmann, Lithuanian, Norwegian, Swedish and
    Turkish.

  + Add dutch_porter as alias for current dutch stemmer for forward
    compatibility with the next release series where we will have
    kraaij_pohlmann as the default dutch stemmer.

testsuite:

* stemtest: Add support for gzipped vocabulary lists, which means we
  no longer skip testcase stemdict for Arabic.

glass backend:

* Improve exception message when asked to store too large a tag.  Reported by
  Jean-Francois Dockes on xapian-discuss.

* Optimise reading tag.  A special case for handling the first chunk of an item
  gives a measurable speed improvement.  Reported by uis.

portability:

* Work around autoconf 2.72 AC_SYS_LARGEFILE bug.  This configure probe always
  fails when run with the C++ compiler, like we do, which leads to large file
  support not being enabled when it isn't the default (e.g. on 32-bit Linux
  platforms).  Reported by Adrian Bunk.

* Fix C23 compatibility issues.  GCC 15 fails with compile errors due to C23
  dropping support for old-style function declarations and function
  definitions.

* Avoid calling frexp() on infinity or NaN.  The specification for frexp() says
  it returns an "unspecified" exponent for these cases.  Reported by awilfox.

* Fix GCC warning with 32-bit off_t.  Reported by Adrian Bunk.

* Fix compile error with newer emscripten.

build system:

* 1.4.28 had its library version information incorrectly set.  This resulted in
  the shared library having an incorrect SONUMBER - e.g. on Linux,
  libxapian.so.29 instead of libxapian.so.30.  This release has been made to
  fix this problem.  We have added a check to configure that the SONUMBER has
  the expected value to avoid repeats of this (it happened previously in 1.2.11
  as well).  Thanks to Vitaly Chikunov and Sven Joachim for reporting this.

codeberg-cli: update to 0.4.11. Changes:

- revert rust 2024 edition

doc: Updated devel/codeberg-cli to 0.4.11

doc: Updated www/snac to 2.76

snac: update to 2.76. Changes:

Added Webmention support for links (Markdown-style or direct) written in a post.

Added new command-line options for list maintenance.

Display custom emoji in more places (contributed by dandelions).

Mastodon API: fixed infinite scroll in many clients (thanks to cheeaun
for giving me the clue), added `/api/v1/accounts/.../lists` endpoint
(contributed by dandelions).

Email notifications can now be sent via `libcurl` SMTP instead of
spawning the `/usr/sbin/sendmail` program. To use this new feature, some
additional server configuration is needed, see `snac(8)` (contributed by
shtrophic).

bootstrap: ensure sysconfdir exists.

moretools: convert to pseudo-meta-package.

doc: Updated net/sniproxy to 0.6.1nb1

sniproxy: update to latest git. Changes:

- autoconf: fail with error if missing required library
- fix missing stdlib.h include
- libpcre2 support
- deprecate project
- cleanup autoconf and use debhelper
- accept CRLF and LF in HTTP headers, fix buffer overflow error

Also apply patch from renaudallard's fork to allocate enough buffer for
header sizes seen in common webservers.

Add TEST_TARGET. Test results are unchanged by this update on macOS
15.4.1 or NetBSD 10.1 (fail 7/skip 1/pass 14) or Ubuntu 24.04.2 LTS
(fails functional_test and bind_source_test, hangs on
connection_reset_test).

Bump PKGREVISION.

udns: add missing include to fix OpenBSD build.

Build-tested on NetBSD 10, Ubuntu 24, macOS 15.

Add LICENSE.md (the Unlicense).

Extract nbpkg to its own repo.

PKGSRC_MKREPRO is already no by default.

PKGSRC_USE_FORTIFY is already strong by default.

Parameterize some stuff.

Remove extra echos.

Turn off -fstack-check, seems sus by now.

Improve nb platform-tuple inference enough for today.

doc: Updated pkgtools/pkg_notify to 0.4.9

pkg_notify: reduce false positives. Bump version.

For distfiles that are .c, strip .c before transforming version for
comparison. Fixes false positive for qmail-spp-spf.

For distfiles where similarly named debian packaging distfiles are found
in the same directory, don't try to compare against the debian packaging
distfiles. Fixes false positive for ikiwiki.

vim-share: fix Tiger build.

Also tested on NetBSD 10.1 and macOS 15.4.1.

Add LICENSE.md (the Unlicense).

Update goals.

doc: Updated www/ikiwiki to 3.20250501

ikiwiki: update to 3.20250501. Changes:

* adjust logo from black to mid-point grey so it contrasts equally well
  on a black background to a white one.
* po4a: attempt to detect versions ≥ 0.70 and continue to support
  earlier versions (for now).
* actiontabs: add support for dark mode

Extract nbpkg to its own repo.

Revert "Defend against qemu 10.0, NetBSD/amd64 gets 1 CPU."

This reverts commit 14a0d788abc79a12a103a0180f1ef6b0d2e4bcc7.

Gonna stick with qemu 9.x for now.

Revert previous, no pkgconf update occurred.

doc: Updated devel/pkgconf to 2.4.3

pkgconf: on OS X < 10.10, link MacportsLegacySupport for readlinkat().

sqlite3: fix Tiger build. Sequoia and NetBSD still package.

doc: Updated www/tipidee to 0.0.5.1nb1

tipidee: install tipidee.conf{,.cdb} and a missing manual.

Fix PKG_SYSCONFDIR paths in manual pages.

While here, avoid -fstack-check on NetBSD for the moment (tipidee-config
dumps core, reported upstream).

Bump PKGREVISION.

libxml2: fix Tiger build.

doc: Updated databases/p5-App-Sqitch to 1.5.2

p5-App-Sqitch: update to 1.5.2. Changes:

- Added missing German translations, thanks to @0xflotus for the PR
  (#873)!
- Fixed bug where the location of reworked script files did not respect
  the `deploy_dir`, `revert_dir`, or `verify_dir` options. Thanks to Neil
  Freeman for the report (#875)!
- Updated the MySQL engine's installation of the `checkit()` function so
  that it no longer depends on permission-checking, since the current
  user may not have such permission. It instead attempts to create the
  function and ignores a failure due to a lack of permission. Thanks to
  Alastair Douglas for the report and solution (#874)!
- Added missing CockroachDB templates. Thanks to @Peterbyte for the
  report (#878)!
- Removed support for the `SNOWSQL_PORT` environment variable, which has
  long been deprecated by Snowflake and likely never did anything.
- Fixed the quoting of the role and schema names on connecting to
  Snowflake, which was silently failing and thus not properly using the
  registry schema, which lead to a failure to find the registry. Broken
  in v1.5.1.
- Added redaction of passwords from Snowflake URL query parameters in the
  display URL. Any query parameter matching `pwd` will now appear as
  "REDACTED".
- Expanded the documentation of Snowflake key pair authentication in
 `sqitch-authentication.pod` to recommend setting sensitive ODBC
  parameters in an `odbc.ini` file rather than connection URL query
  parameters.
- Switched to key pair authentication in the Snowflake CI workflows.
- Fixed another test failure with some Firebird configurations and
  improved diagnostic output when an engine cannot be integration-tested.

Add VM: Mac OS X 10.4 Tiger PowerPC.

Add other Tiger install notes I didn't use.

Fix PKGSRC_USE_FORTIFY default.

More of previous.

Defend against qemu 10.0, NetBSD/amd64 gets 1 CPU.

See: https://gitlab.com/qemu-project/qemu/-/issues/2938

Use extramkconf's hardening options in nbpkg-shared.

OpenBSD 7.6 -> 7.7 (and drop i386, not worth it).

doc: Updated net/tinydyndns-run to 20250425

tinydyndns-run: python313 dropped crypt, use bcrypt. Bump version.

cvm-pwfile still uses crypt() to verify logins, so hopefully
Blowfish-hashed passwords are sufficiently broadly available to not
cause trouble on any pkgsrc platforms.

Add s6, tipidee.

Let's try Python 3.13.

Catch up PHP_VERSION_DEFAULT to upstream 8.2.

doc: Updated graphics/libcaca to 0.99.20

libcaca: Fix examples build with imlib2 -x11.

While here, add missing devel/zlib/buildlink3.mk. Bump PKGREVISION.

doc: Updated devel/texttest to 4.4.3.1nb2

texttest: setuptools>=78, fix PLIST, bump PKGREVISION.

doc: Updated net/py-awscli-plugin-logs-tail to 0.2nb1

py-awscli-plugin-logs-tail: setuptools>=78, fix PLIST, bump PKGREVISION.

doc: Updated mail/rss2email to 3.14nb3

rss2email: convert egg.mk to wheel.mk. Bump PKGREVISION.

This fixes a recent regression where r2e's shebang path had become an
unqualified "python".

While here, bump feedparser dependency for Python 3.13 support.

Add gron, looks handy.

doc: Updated www/snac to 2.75

snac: update to 2.75. Changes:

Added support for scheduled posts (for this to work correctly, users
will have to set their time zone, see below).

The user can now select a working time zone. This will be used to
correctly parse the local date and time of a scheduled post.

Fixed incorrect poll vote format, which was causing problems in
platforms like GotoSocial.

Mastodon API: added support for `/api/v1/instance/peers`.

Added a new `snac-admin` helper script (contributed by shtrophic).

In the web UI, posts are separated by the `<hr hidden>` tag; it's
invisible in graphical browsers, but it separates post clearly in
text-based browsers.

Some Finnish, Spanish, Czech and Russian translation updates and fixes.

doc: Updated security/py-acme-tiny to 5.0.1nb4

p5-Mojolicious: avoid extended attributes in distfile.

py-acme-tiny: require setuptools_scm>=8.2.0nb1, adjust PLIST.

zziplib: remove incorrect PLIST entries. Packages on macOS and NetBSD.

Add checklist for manual pre-release testing.

After setting project SDK to 17, IntelliJ wants me to commit this.

Bump build JDK to 17, so Gradle 9 will work.

Classes are still built for 1.8:

$ file build/classes/kotlin/main/com/schmonz/greencently/Greencently.class
build/classes/kotlin/main/com/schmonz/greencently/Greencently.class: compiled Java class data, version 52.0 (Java 1.8)

Don't gitignore *greencently* in subdirs.

Enable full Gradle warnings.

Extract TestListenerDelegate.

Extract TestResults.

Extract variable.

Fix lint.

Inline and rename delegate methods.

Inline.

Make sure I run lint locally when testing.

Organize manual testing notes.

Parameterize Greencently label.

Refactor a bunch, and improve debug output.

Remove timestamp when not complete-and-green.

Replace TESTING.md with test.sh.

Store timestamp under .greencently/. When not complete or green, remove it!

Switch to TrunkVer more thoroughly.

Switch to TrunkVer.

doc: Updated chat/twitch-tui to 2.6.19

doc: Updated textproc/py-html2text to 2025.4.15

py-html2text: update to 2025.4.15. Changes:

* Support tri-backquote style code block and fix ordered list indent.
* Fix invalid character reference parsing.

twitch-tui: update to 2.6.19. Changes:

- Corrected authentication config docs
- Bumped codebase to Rust 1.85 + 2024 edition
- Delete key was acting the same as the backspace key, removing the
  character to left instead of right

doc: Updated textproc/p5-Text-HTML-Turndown to 0.06

p5-Text-HTML-Turndown: update to 0.06. Changes:

* Don't generate Markdown for empty links as in
  <a href="https://example.com"></a>
  Such empty link tags are created by Markdown::Perl for text such as
  [https://example.com] , if automatic link generation is on
  (it generates <a ...><a ...></a></a> , and browsers turn the outer link
  into an empty link, as links cannot be nested)

dkimproxy: spaces to tabs (NFCI).

doc: Updated textproc/p5-Text-HTML-Turndown to 0.05

p5-Text-HTML-Turndown: update to 0.04. Changes:

* Handle newlines in table cells
  We convert them into <br/> , as Markdown tables don't really
  handle newlines

Not using p5-AnyEvent after all.

Add execline to supervise Minecraft.

Add p5-AnyEvent for Minecraft supervisor script.

openjdk21: set GNU_CONFIGURE_ICONV=no.

Fixes this configure error on at least NetBSD 10.1:

    Using autoconf at /var/tmp/pkgsrc/obj/lang/openjdk21/work.netbsd10-amd64/.tools/bin/autoconf [autoconf (GNU Autoconf) 2.72]
    configure: error: unrecognized options: --with-libiconv-prefix
    configure exiting with result code 1

Minecraft needs JRE 21. Add nearest package.

Remove vestigial override of nbvm isvm.

doc: Updated www/lighttpd to 1.4.79

lighttpd: update to 1.4.79, and take MAINTAINER. Changes:

* [autotools] spelling Couldn't => Could not
* [mod_openssl] revert SSL_CTX default cert assign
* [mod_openssl] spelling in comment
* [TLS] issue trace if unable to check/refresh cert
* [core] set server.max-fds = 4096 if not specified
* [core] clear Linux ambient capabilities, if any
* [core] rename remove_pid_file() -> server_pid_file_remove()
* [core] retry pidfile open on Linux
* [doc] systemd lighttpd.service hardening
* [doc] move TLS config to separate file tls.conf
* [doc] systemd lighttpd.service hardening addition
* [doc] systemd lighttpd*.socket activation examples
* [core] default listen() backlog to SOMAXCONN

djbdns-run: remove MESSAGE, README.pkgsrc suffices. Bump version.

doc: Updated mail/fastforward to 0.51nb3

doc: Updated mail/qmail-run to 20250402

doc: Updated net/djbdns-run to 20250402

fastforward: remove MESSAGE. Bump PKGREVISION.

qmail-run: remove MESSAGE, README.pkgsrc suffices. Bump version.

djbdns-run: generate 0-byte dnscache-ip during build. NFCI.

doc: Updated www/ikiwiki to 3.20250221nb1

ikiwiki: add missing DEPENDS to fix aggregator error:

    $ ikiwiki --setup ikiwiki.setup --aggregate --refresh --verbose
    Can't locate IO/Socket/SSL.pm in @INC
    Attempt to reload LWPx/Protocol/https_paranoid.pm aborted.

Bump PKGREVISION.

Add and enable p5-Text-HTML-Turndown.

Add p5-Text-HTML-Turndown: Convert HTML to Markdown

This is an adaptation of the turndown libraries to convert HTML to Markdown.

This port aims to be compatible with the Javascript code and uses the
same test suite. But the original library does not pass its tests and
the Joplin part does not use the original tests.

asdf: update to 0.16.7. Changes:

* remove comment from first line zsh completion output

doc: Added textproc/p5-Text-HTML-Turndown version 0.04

doc: Updated databases/p5-App-Sqitch to 1.5.1

doc: Updated devel/asdf to 0.16.7