As a temporary hack, model the timezone change for America/Vancouver
as occurring on 2026-11-01 02:00, not on 2026-03-09. This allows
for a transition period where America/Vancouver still shows as PDT.
It also replaces "-07" with "MST" post-transition until such time
as a better abbreviation is chosen.
mame: roll the port forward to slightly past the latest release.
This brings in some build fixes for ASIO for long deprecated function use,
which are required for building with the upcoming asio 1.36 update.
From Brad.
With it's own daemonization / fd cleaning code, ssh-agent opens /dev/null
O_RDWR after a pledge without "wpath". This is allowed in current pledge
because "/dev/null" is implicitly allowed to be opened even with the most
restrictive pledges or unveils. This is a design decision in pledge made
at the very beginning, to satisfy libc requirements. We've finally had
enough experience and know how to fix that in the near-future, but need
to review and fix all code which opens these implicit paths.
The fix is to add "wpath", so that "/dev/null" can be opened O_RDWR.
But that is uncomfortable, so we add unveil() allowing "/" with "r",
4 unveil "x" for the potential askpass and helpers to be execve'd,
and "/dev/null" with "wr". As a result filesystem access is substantially
more restricted than before, and ssh-agent is ready for the future pledge
change.
ok djm dtucker
Stop doing access() before execve(). It is a TOCTOU, but also it
forces use of unveil "rx" instead of "x".
This is done by using a pipe() through the fork+execve attempt to
expose execve failure and create the same error return as the access()
used to do.
ok djm dtucker
Use the (no YP, non-threaded) cleaned up copy of getpwent.c placed into
usr.bin/chpass instead of reaching around into libc and using crazy cpp
options.
In the near future the libc version will have more substantial changes
(intersecting with pledge and unveil) which are much more difficult to
manage using cpp features, so we stop this reacharound into libc subtree.
Fix variable substitution in target install-headers-subdirs.
There may be more than one subdir level.
Note this target is currently unused in xenocara.
update sqlitebrowser to a git checkout
build with the new Qt6 support, removing the last remaining use of
the Qt5 version of QScintilla
add optional sqlcipher flavour
geo/qgis: major update to 4.0, switches to Qt6 by default
see https://changelog.qgis.org/en/version/4.0/
that's one less direct consumer for x11/qt5/qtwebkit
still considered an early alpha upstream, but works in daily use. most
plugins need to be explicitely declared as compatible with it.
