Update mikutter to mikutter.0.2.1.1142.

* fixes crash when recieve unknown entity format.
* openimg: update support of yfrog and instagram.
* extract: backport from 0.2.2, fixes crash.
* directmessage: fix to be fired when DM to myself.

(obache)

Instead of drop msgctxt, treat same as gettext-tools>=0.15.

tested with editors/medit and graphics/gimp and context specified translate
messages are appeared.

(obache)

revert last change, it is useless checking dcgettext().

(obache)

PR pkg/47792
Let me revert to as of 30mins before.
/usr/local may be left as it is for the case to compile
stuff outside of pkgsrc with this cmake.

(mef)

PR pkg/47792
Correct install PREFIX found on Modules/CMakeGenericSystem.cmake.
The example of problem was found on wip/trustedQSL (1.14)

(mef)

add patches from Redhat to fix possible buffer overflows in the
"tiff2pdf" tool by crafted TIFF image files
(CVE-2013-1960/61)
bump PKGREV

(drochner)

* bump required gettext-tools from pkgsrc to 0.15 to match required gettext-lib  capability.
* prevent to restrict gettext-tools capability from builtin gettext-tools' one
  even if using it from pkgsrc.

(obache)

Change builtin features good enough to replace GNU gettext from ngettext()
to dcgettext(), because BUILDLINK_API_DEPENDS.gettext-lib is now >=0.18.

(obache)

Updated emulators/suse121_libxml2 to 12.1nb6

(obache)

Update libxml2 RPM to 2.7.8+git20110708-3.24.1 for CVE-2013-1969.

Bump PKGREVISION.

(obache)

Updated www/py-tornado to 3.0.1

(wen)

Update to 3.0.1
Add test target

Upstream changes:
3.0.1
Apr 8, 2013
The interface of tornado.auth.FacebookGraphMixin is now consistent with its documentation and the rest of the module. The get_authenticated_user and facebook_request methods return a Future and the callback argument is optional.
The tornado.testing.gen_test decorator will no longer be recognized as a (broken) test by nose.
Work around a bug in Ubuntu 13.04 betas involving an incomplete backport of the ssl.match_hostname function.
tornado.websocket.websocket_connect now fails cleanly when it attempts to connect to a non-websocket url.
tornado.testing.LogTrapTestCase once again works with byte strings on Python 2.
The request attribute of tornado.httpclient.HTTPResponse is now always an ~tornado.httpclient.HTTPRequest, never a _RequestProxy.
Exceptions raised by the tornado.gen module now have better messages when tuples are used as callback keys.

3.0.0
Mar 29, 2013
Highlights

The callback argument to many asynchronous methods is now optional, and these methods return a .Future. The tornado.gen module now understands Futures, and these methods can be used directly without a .gen.Task wrapper.
New function .IOLoop.current returns the .IOLoop that is running on the current thread (as opposed to .IOLoop.instance, which returns a specific thread's (usually the main thread's) IOLoop.
New class tornado.netutil.Resolver provides an asynchronous interface to DNS resolution. The default implementation is still blocking, but non-blocking implementations are available using one of three optional dependencies: ~tornado.netutil.ThreadedResolver using the concurrent.futures thread pool, tornado.platform.caresresolver.CaresResolver using the pycares library, or tornado.platform.twisted.TwistedResolver using twisted
Tornado's logging is now less noisy, and it no longer goes directly to the root logger, allowing for finer-grained configuration.
New class tornado.process.Subprocess wraps subprocess.Popen with .PipeIOStream access to the child's file descriptors.
.IOLoop now has a static configure <.Configurable.configure> method like the one on .AsyncHTTPClient, which can be used to select an .IOLoop implementation other than the default.
.IOLoop can now optionally use a monotonic clock if available (see below for more details).
Backwards-incompatible changes

Python 2.5 is no longer supported. Python 3 is now supported in a single codebase instead of using 2to3
The tornado.database module has been removed. It is now available as a separate package, torndb
Functions that take an io_loop parameter now default to .IOLoop.current() instead of .IOLoop.instance().
Empty HTTP request arguments are no longer ignored. This applies to HTTPRequest.arguments and RequestHandler.get_argument[s] in WSGI and non-WSGI modes.
On Python 3, tornado.escape.json_encode no longer accepts byte strings.
On Python 3, the get_authenticated_user methods in tornado.auth now return character strings instead of byte strings.
tornado.netutil.TCPServer has moved to its own module, tornado.tcpserver.
The Tornado test suite now requires unittest2 when run on Python 2.6.
tornado.options.options is no longer a subclass of dict; attribute-style access is now required.
Detailed changes by module

Multiple modules

Tornado no longer logs to the root logger. Details on the new logging scheme can be found under the tornado.log module. Note that in some cases this will require that you add an explicit logging configuration in order to see any output (perhaps just calling logging.basicConfig()), although both .IOLoop.start() and tornado.options.parse_command_line will do this for you.
On python 3.2+, methods that take an ssl_options argument (on .SSLIOStream, .TCPServer, and .HTTPServer) now accept either a dictionary of options or an ssl.SSLContext object.
New optional dependency on concurrent.futures to provide better support for working with threads. concurrent.futures is in the standard library for Python 3.2+, and can be installed on older versions with pip install futures.
tornado.autoreload

tornado.autoreload is now more reliable when there are errors at import time.
Calling tornado.autoreload.start (or creating an .Application with debug=True) twice on the same .IOLoop now does nothing (instead of creating multiple periodic callbacks). Starting autoreload on more than one .IOLoop in the same process now logs a warning.
Scripts run by autoreload no longer inherit __future__ imports used by Tornado.
tornado.auth

On Python 3, the get_authenticated_user method family now returns character strings instead of byte strings.
Asynchronous methods defined in tornado.auth now return a .Future, and their callback argument is optional. The Future interface is preferred as it offers better error handling (the previous interface just logged a warning and returned None).
The tornado.auth mixin classes now define a method get_auth_http_client, which can be overridden to use a non-default .AsyncHTTPClient instance (e.g. to use a different .IOLoop)
Subclasses of .OAuthMixin are encouraged to override .OAuthMixin._oauth_get_user_future instead of _oauth_get_user, although both methods are still supported.
tornado.concurrent

New module tornado.concurrent contains code to support working with concurrent.futures, or to emulate future-based interface when that module is not available.
tornado.curl_httpclient

Preliminary support for tornado.curl_httpclient on Python 3. The latest official release of pycurl only supports Python 2, but Ubuntu has a port available in 12.10 (apt-get install python3-pycurl). This port currently has bugs that prevent it from handling arbitrary binary data but it should work for textual (utf8) resources.
Fix a crash with libcurl 7.29.0 if a curl object is created and closed without being used.
tornado.escape

On Python 3, ~tornado.escape.json_encode no longer accepts byte strings. This mirrors the behavior of the underlying json module. Python 2 behavior is unchanged but should be faster.
tornado.gen

New decorator @gen.coroutine is available as an alternative to @gen.engine. It automatically returns a .Future, and within the function instead of calling a callback you return a value with raise gen.Return(value) (or simply return value in Python 3.3).
Generators may now yield .Future objects.
Callbacks produced by .gen.Callback and .gen.Task are now automatically stack-context-wrapped, to minimize the risk of context leaks when used with asynchronous functions that don't do their own wrapping.
Fixed a memory leak involving generators, .RequestHandler.flush, and clients closing connections while output is being written.
Yielding a large list no longer has quadratic performance.
tornado.httpclient

.AsyncHTTPClient.fetch now returns a .Future and its callback argument is optional. When the future interface is used, any error will be raised automatically, as if .HTTPResponse.rethrow was called.
.AsyncHTTPClient.configure and all .AsyncHTTPClient constructors now take a defaults keyword argument. This argument should be a dictionary, and its values will be used in place of corresponding attributes of ~tornado.httpclient.HTTPRequest that are not set.
All unset attributes of tornado.httpclient.HTTPRequest are now None. The default values of some attributes (connect_timeout, request_timeout, follow_redirects, max_redirects, use_gzip, proxy_password, allow_nonstandard_methods, and validate_cert have been moved from ~tornado.httpclient.HTTPRequest to the client implementations.
The max_clients argument to .AsyncHTTPClient is now a keyword-only argument.
Keyword arguments to .AsyncHTTPClient.configure are no longer used when instantiating an implementation subclass directly.
Secondary .AsyncHTTPClient callbacks (streaming_callback, header_callback, and prepare_curl_callback) now respect .StackContext.
tornado.httpserver

.HTTPServer no longer logs an error when it is unable to read a second request from an HTTP 1.1 keep-alive connection.
.HTTPServer now takes a protocol keyword argument which can be set to https if the server is behind an SSL-decoding proxy that does not set any supported X-headers.
tornado.httpserver.HTTPConnection now has a set_close_callback method that should be used instead of reaching into its stream attribute.
Empty HTTP request arguments are no longer ignored. This applies to HTTPRequest.arguments and RequestHandler.get_argument[s] in WSGI and non-WSGI modes.
tornado.ioloop

New function .IOLoop.current returns the IOLoop that is running on the current thread (as opposed to .IOLoop.instance, which returns a specific thread's (usually the main thread's) IOLoop).
New method .IOLoop.add_future to run a callback on the IOLoop when an asynchronous .Future finishes.
.IOLoop now has a static configure <.Configurable.configure> method like the one on .AsyncHTTPClient, which can be used to select an .IOLoop implementation other than the default.
The .IOLoop poller implementations (select, epoll, kqueue) are now available as distinct subclasses of .IOLoop. Instantiating .IOLoop will continue to automatically choose the best available implementation.
The .IOLoop constructor has a new keyword argument time_func, which can be used to set the time function used when scheduling callbacks. This is most useful with the time.monotonic function, introduced in Python 3.3 and backported to older versions via the monotime module. Using a monotonic clock here avoids problems when the system clock is changed.
New function .IOLoop.time returns the current time according to the IOLoop. To use the new monotonic clock functionality, all calls to .IOLoop.add_timeout must be either pass a datetime.timedelta or a time relative to .IOLoop.time, not time.time. (time.time will continue to work only as long as the IOLoop's time_func argument is not used).
New convenience method .IOLoop.run_sync can be used to start an IOLoop just long enough to run a single coroutine.
New method .IOLoop.add_callback_from_signal is safe to use in a signal handler (the regular .add_callback method may deadlock).
.IOLoop now uses signal.set_wakeup_fd where available (Python 2.6+ on Unix) to avoid a race condition that could result in Python signal handlers being delayed.
Method IOLoop.running() has been removed.
.IOLoop has been refactored to better support subclassing.
.IOLoop.add_callback and .add_callback_from_signal now take *args, **kwargs to pass along to the callback.
tornado.iostream

.IOStream.connect now has an optional server_hostname argument which will be used for SSL certificate validation when applicable. Additionally, when supported (on Python 3.2+), this hostname will be sent via SNI (and this is supported by tornado.simple_httpclient)
Much of .IOStream has been refactored into a separate class .BaseIOStream.
New class tornado.iostream.PipeIOStream provides the IOStream interface on pipe file descriptors.
.IOStream now raises a new exception tornado.iostream.StreamClosedError when you attempt to read or write after the stream has been closed (by either side).
.IOStream now simply closes the connection when it gets an ECONNRESET error, rather than logging it as an error.
IOStream.error no longer picks up unrelated exceptions.
.BaseIOStream.close now has an exc_info argument (similar to the one used in the logging module) that can be used to set the stream's error attribute when closing it.
.BaseIOStream.read_until_close now works correctly when it is called while there is buffered data.
Fixed a major performance regression when run on PyPy (introduced in Tornado 2.3).
tornado.log

New module containing .enable_pretty_logging and .LogFormatter, moved from the options module.
.LogFormatter now handles non-ascii data in messages and tracebacks better.
tornado.netutil

New class tornado.netutil.Resolver provides an asynchronous interface to DNS resolution. The default implementation is still blocking, but non-blocking implementations are available using one of three optional dependencies: ~tornado.netutil.ThreadedResolver using the concurrent.futures thread pool, tornado.platform.caresresolver.CaresResolver using the pycares library, or tornado.platform.twisted.TwistedResolver using twisted
New function tornado.netutil.is_valid_ip returns true if a given string is a valid IP (v4 or v6) address.
tornado.netutil.bind_sockets has a new flags argument that can be used to pass additional flags to getaddrinfo.
tornado.netutil.bind_sockets no longer sets AI_ADDRCONFIG; this will cause it to bind to both ipv4 and ipv6 more often than before.
tornado.netutil.bind_sockets now works when Python was compiled with --disable-ipv6 but IPv6 DNS resolution is available on the system.
tornado.netutil.TCPServer has moved to its own module, tornado.tcpserver.
tornado.options

The class underlying the functions in tornado.options is now public (tornado.options.OptionParser). This can be used to create multiple independent option sets, such as for subcommands.
tornado.options.parse_config_file now configures logging automatically by default, in the same way that ~tornado.options.parse_command_line does.
New function tornado.options.add_parse_callback schedules a callback to be run after the command line or config file has been parsed. The keyword argument final=False can be used on either parsing function to supress these callbacks.
tornado.options.define now takes a callback argument. This callback will be run with the new value whenever the option is changed. This is especially useful for options that set other options, such as by reading from a config file.
tornado.options.parse_command_line --help output now goes to stderr rather than stdout.
tornado.options.options is no longer a subclass of dict; attribute-style access is now required.
tornado.options.options (and .OptionParser instances generally) now have a .mockable() method that returns a wrapper object compatible with mock.patch <unittest.mock.patch>.
Function tornado.options.enable_pretty_logging has been moved to the tornado.log module.
tornado.platform.caresresolver

New module containing an asynchronous implementation of the .Resolver interface, using the pycares library.
tornado.platform.twisted

New class tornado.platform.twisted.TwistedIOLoop allows Tornado code to be run on the Twisted reactor (as opposed to the existing .TornadoReactor, which bridges the gap in the other direction).
New class tornado.platform.twisted.TwistedResolver is an asynchronous implementation of the .Resolver interface.
tornado.process

New class tornado.process.Subprocess wraps subprocess.Popen with .PipeIOStream access to the child's file descriptors.
tornado.simple_httpclient

SimpleAsyncHTTPClient now takes a resolver keyword argument (which may be passed to either the constructor or configure <.Configurable.configure>), to allow it to use the new non-blocking tornado.netutil.Resolver.
When following redirects, SimpleAsyncHTTPClient now treats a 302 response code the same as a 303. This is contrary to the HTTP spec but consistent with all browsers and other major HTTP clients (including CurlAsyncHTTPClient).
The behavior of header_callback with SimpleAsyncHTTPClient has changed and is now the same as that of CurlAsyncHTTPClient. The header callback now receives the first line of the response (e.g. HTTP/1.0 200 OK) and the final empty line.
tornado.simple_httpclient now accepts responses with a 304 status code that include a Content-Length header.
Fixed a bug in which SimpleAsyncHTTPClient callbacks were being run in the client's stack_context.
tornado.stack_context

.stack_context.wrap now runs the wrapped callback in a more consistent environment by recreating contexts even if they already exist on the stack.
Fixed a bug in which stack contexts could leak from one callback chain to another.
Yield statements inside a with statement can cause stack contexts to become inconsistent; an exception will now be raised when this case is detected.
tornado.template

Errors while rendering templates no longer log the generated code, since the enhanced stack traces (from version 2.1) should make this unnecessary.
The {% apply %} directive now works properly with functions that return both unicode strings and byte strings (previously only byte strings were supported).
Code in templates is no longer affected by Tornado's __future__ imports (which previously included absolute_import and division).
tornado.testing

New function tornado.testing.bind_unused_port both chooses a port and binds a socket to it, so there is no risk of another process using the same port. get_unused_port is now deprecated.
New decorator tornado.testing.gen_test can be used to allow for yielding tornado.gen objects in tests, as an alternative to the stop and wait methods of .AsyncTestCase.
tornado.testing.AsyncTestCase and friends now extend unittest2.TestCase when it is available (and continue to use the standard unittest module when unittest2 is not available)
tornado.testing.ExpectLog can be used as a finer-grained alternative to tornado.testing.LogTrapTestCase
The command-line interface to tornado.testing.main now supports additional arguments from the underlying unittest module: verbose, quiet, failfast, catch, buffer.
The deprecated --autoreload option of tornado.testing.main has been removed. Use python -m tornado.autoreload as a prefix command instead.
The --httpclient option of tornado.testing.main has been moved to tornado.test.runtests so as not to pollute the application option namespace. The tornado.options module's new callback support now makes it easy to add options from a wrapper script instead of putting all possible options in tornado.testing.main.
.AsyncHTTPTestCase no longer calls .AsyncHTTPClient.close for tests that use the singleton .IOLoop.instance.
.LogTrapTestCase no longer fails when run in unknown logging configurations. This allows tests to be run under nose, which does its own log buffering (.LogTrapTestCase doesn't do anything useful in this case, but at least it doesn't break things any more).
tornado.util

tornado.util.b (which was only intended for internal use) is gone.
tornado.web

.RequestHandler.set_header now overwrites previous header values case-insensitively.
tornado.web.RequestHandler has new attributes path_args and path_kwargs, which contain the positional and keyword arguments that are passed to the get/post/etc method. These attributes are set before those methods are called, so they are available during prepare()
tornado.web.ErrorHandler no longer requires XSRF tokens on POST requests, so posts to an unknown url will always return 404 instead of complaining about XSRF tokens.
Several methods related to HTTP status codes now take a reason keyword argument to specify an alternate "reason" string (i.e. the "Not Found" in "HTTP/1.1 404 Not Found"). It is now possible to set status codes other than those defined in the spec, as long as a reason string is given.
The Date HTTP header is now set by default on all responses.
Etag/If-None-Match requests now work with .StaticFileHandler.
.StaticFileHandler no longer sets Cache-Control: public unnecessarily.
When gzip is enabled in a tornado.web.Application, appropriate Vary: Accept-Encoding headers are now sent.
It is no longer necessary to pass all handlers for a host in a single .Application.add_handlers call. Now the request will be matched against the handlers for any host_pattern that includes the request's Host header.
tornado.websocket

Client-side WebSocket support is now available: tornado.websocket.websocket_connect
.WebSocketHandler has new methods ~.WebSocketHandler.ping and ~.WebSocketHandler.on_pong to send pings to the browser (not supported on the draft76 protocol)

(wen)

Updated databases/p5-DBIx-Class to 0.08250

(wen)

Update to 0.08250
Update DEPENDS

Upstream changes:
0.08250 2013-04-29 22:00 (UTC)
    * New Features / Changes
        - Rewrite from scratch the result constructor codepath - many bugfixes
          and performance improvements (the current codebase is now capable of
          outperforming both DBIx::DataModel and Rose::DB::Object on some
          workloads). Some notable benefits:
          - Multiple has_many prefetch
          - Partial prefetch - you now can select only columns you are
            interested in, while preserving the collapse functionality
            (collapse is now exposed as a first-class API attribute)
          - Prefetch of resultsets with arbitrary order
            (RT#54949, RT#74024, RT#74584)
          - Prefetch no longer inserts right-side table order_by clauses
            (massively helps the deficient MySQL optimizer)
          - Prefetch with limit on right-side ordered resultsets now works
            correctly (via aggregated grouping)
          - No longer order the insides of a complex prefetch subquery,
            unless required to satisfy a limit
          - Stop erroneously considering order_by criteria from a join under
            distinct => 1 (the distinct should apply to the main source only)
        - Massively optimize codepath around ->cursor(), over 10x speedup
          on some iterating workloads.
        - Support standalone \[ $sql, $value ] in literal SQL with bind
          specifications: \[ '? + ?', 42, 69 ] is now equivalent to
          \[ '? + ?', [ {} => 42 ], [ {} => 69 ] ]
        - Changing the result_class of a ResultSet in progress is now
          explicitly forbidden. The behavior was undefined before, and
          would result in wildly differing outcomes depending on $rs
          attributes.
        - Deprecate returning of prefetched 'filter' rels as part of
          get_columns() and get_inflated_columns() data
        - Invoking get_inflated_columns() no longer fires get_columns() but
          instead retrieves data from individual non-inflatable columns via
          get_column()
        - Emit a warning on incorrect use of nullable columns within a
          primary key
        - Limited checks are performed on whether columns without declared
          is_nullable => 1 metadata do in fact sometimes fetch NULLs from
          the database (the check is currently very limited and is performed
          only on resultset collapse when the alternative is rather worse)

    * Fixes
        - Fix _dbi_attrs_for_bind() being called befor DBI has been loaded
          (regression in 0.08210)
        - Fix update/delete operations on resultsets *joining* the updated
          table failing on MySQL. Resolves oversights in the fixes for
          RT#81378 and RT#81897
        - Fix open cursors silently resetting when inherited across a fork
          or a thread
        - Properly support "MySQL-style" left-side group_by with prefetch
        - Fix $grouped_rs->get_column($col)->func($func) producing incorrect
          SQL (RT#81127)
        - Stop Sybase ASE storage from generating invalid SQL in subselects
          when a limit without offset is encountered
        - Even more robust behavior of GenericSubQuery limit dialect
        - Make sure deployment_statements() and cursor_class() are called on
          a resolved storage subclass

    * Misc
        - Fix tests failing due to unspecified resultset retrieval order
          (test suite now will pass with newest SQLite libs)

0.08210 2013-04-04 15:30 (UTC)
    * New Features / Changes
        - Officially deprecate the 'cols' and 'include_columns' resultset
          attributes
        - Remove ::Storage::DBI::sth() deprecated in 0.08191

    * Fixes
        - Work around a *critical* bug with potential for data loss in
          DBD::SQLite - RT#79576
        - Audit and correct potential bugs associated with braindead reuse
          of $1 on unsuccessful matches
        - Fix incorrect warning/exception originator reported by carp*() and
          throw_exception()

0.08209 2013-03-01 12:56 (UTC)
    * New Features / Changes
        - Debugging aid - warn on invalid result objects created by what
          seems like an invalid inheritance hierarchy

    * Fixes
        - Fix another embarrassing regression preventing correct refining of
          the search criteria on a prefetched relation (broken in 0.08205)
        - Fix incorrect callsite reporting by DBIC::Carp

0.08208 2013-02-20 09:56 (UTC)
    * New Features / Changes
        - A bunch of nonsensically named arguments to the SQL::Translator
          parser have been marked as deprecated (while still fully
          supported)

    * Fixes
        - Fix duplicated selected columns when calling 'count' when a same
          aggregate function is used more than once in a 'having' clause
          (RT#83305)
        - Prevent SQL::Translator::Producer::YAML from seeing the $dbh
          in a potentially connected $schema instance (RT#75394)

    * Misc
        - Fixup our distbuilding process to stop creating world-writable
          tarball contents (implicitly fixes RT#83084)
        - Added strict and warnings tests for all lib and test files

0.08206 2013-02-08
    * Fixes
        - Fix dbh_do() failing to properly reconnect (regression in 0.08205)
        - Extra sanity check of a fresh DBI handle ($dbh). Fixes
          connection coderefs returning garbage (seen in the wild)

    * Misc
        - Only allow known globals in SQL::Translator leak allowance
        - General cleanup of error message texts - quote names/identifiers
          for easier reading
        - Stop t/52leaks.t from failing when AUTOMATED_TESTING=1

(wen)

Updated devel/p5-namespace-clean to 0.24

(wen)

Update to 0.24
Update DEPENDS

Upstream changes:
[0.24]
        - Properly skip debugger test when optional deps not available
        - Make sure pure-perl tests pass correctly on space-containing
          paths (RT#77528)
        - Remove all the pure-perl fallback code and depend on PP-capable
          B::H::EOS 0.12

(wen)

Updated devel/p5-B-Hooks-EndOfScope to 0.12

(wen)

Update to 0.12
Update DEPENDS

Upstream changes:
0.12  Tue, 4 Dec 2012 20:13:00 +0000
  * Complete pure-perl implementation in addition to the one based on
    Variable::Magic. You can specify the implementation explicitly by
    use-ing B::Hooks::EndOfScope::PP or B::Hooks::EndOfScope::XS, or
    by setting $ENV{B_HOOKS_ENDOFSCOPE_IMPLEMENTATION} to either 'XS'
    or 'PP'
  * Switch from using Sub::Exporter to the more conservative
    Sub::Exporter::Progressive

(wen)

Updated devel/p5-Class-Accessor-Grouped to 0.10010

(wen)

Update to 0.10010

Upstream changes:
0.10010 2013-04-24 02:58 (UTC)
    - Fix bug with identically-named 'simple' accessors in different
      classes set to access *differently named fields* getting their
      field access mixed up
    - Fix subtle pessimization when having identically-named accessors
      in different classes leads to 'simple' implementations not being
      replaced by Class::XSAccessor where appropriate

(wen)

Note addition of editors/em version 1.0.0

(agc)

Add and enable em.

(agc)

Import editors/em-1.0.0 into the Packages Collection

em - the editor for mortals - is a variant of the standard Unix text
editor - ed.  It includes all of ed, so the documentation for ed is
fully applicable to em.  Em also has a number of new commands and
facilities designed to improve its interaction and increase its
usefulness.

Em differs from ed in that it normally prefixes command lines with a
'>'.  For those who prefer silence, if the editor is invoked by any
name not having 'm' as its second character, no prompts will appear.
Other ways of controlling prompts are described below.

The em editor was designed for display terminals and was a
single-line-at-a-time visual editor.  It was one of the first programs
on Unix to make heavy use of "raw terminal input mode", in which the
running program, rather than the terminal device driver, handled all
keystrokes.

Inspired by em, and by their own tweaks to ed, Bill Joy and Chuck
Haley, both graduate students at UC Berkeley, took code from em to
make en, and then "extended" en to create ex version 0.1.

This version was translated from V6 Unix C (mid-70s era) to the
present day by Pierre Gaston.


Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(agc)

Updated databases/p5-DBI to 1.625

(wen)

Update to 1.625

UPstream changes:
Changes in DBI 1.625 (svn r15595) 28th March 2013

  Fixed heap-use-after-free during global destruction RT#75614
    thanks to Reini Urban.
Changes in DBI 1.624 (svn r15576) 22nd March 2013

  Fixed Gofer for hash randomization in perl 5.17.10+ RT#84146

  Clarify docs for can() re RT#83207

(wen)

Updated devel/p5-Test-Harness to 3.27

(wen)

Update to 3.27

Upstream changes:
3.27    2013-04-30
        - Dramatically reduce memory usage (Nick Clark, RT #84939)
        - Store test_num (in Grammar.pm) as a number instead of a string.
          Reduces memory usage (Nick Clark, RT #84939)
        - PERL5LIB is always propogated to a test's @INC, even with taint more
          (Schwern, RT #84377)

3.26    2013-01-16
        - Renamed env.opts.t to env_opts.t (for VMS)
        - Skipped some TAP::Formatter::HTML tests due to this bug: #82738

(wen)

Updated textproc/p5-XML-Bare to 0.52

(wen)

Update to 0.52

Upstream changes:
0.52 ( 4-29-13 )
  - Added proper binmode setting when outputting XML to address deficiences on Win32 ( such as failing Strawberry perl due to line endings )
  - Added evil OS check in file writing code to address differences in how files must be opened to write utf8 on win32 versus linux/cygwin.
  - Added note regarding using utf8 flag instead of using encoding(utf8)
  - Altered UTF8 test to also write XML containing UTF8 to a file.

0.51 ( 4-28-13 )
  - New 'unsafe' parsing mode, giving a 30% speed increase with some downfalls
  - New 'read_more' function, allowing more data to be read in before parsing into a tree
  - Fixed some memory leaks
  - Added 'Controversy' section to documentation
  - Updated speed comparisons for feed2.xml, adding a comparison against XML::Fast as well
    as a comparison of running in 'unsafe' mode.
  - Spelling correction
  - "Modernized" file handling using my variables

0.50 ( 4-24-13 )
  - Remove debugging print statements that were left in
  - Include the new test cases in the distribution

0.49 ( 4-23-13 )
  - Fixes to find_by_perl
    Can now be accessed in an object or namespace flexibly.
    Now ignores case of keys.
    Keys with underscores can be used.
    Will work properly when passed a single node instead of an array reference of nodes.
  - Fixes to xget
    Method of deferencing has been changed to be compatible with newer versions of perl ( 5.10.2+ )
  - Fixed handling of nodes named 'value'; they will no longer crash the XS code
  - Added a new function similar to new called 'simple', that works in the same way but automatically uses the 'simple' parser
  - Altered handling of node values in simple mode, so that it stores values when mixed with nodes or atttributes under 'content' ( like XML::Simple )
    This feature was requested by users so it has been added. Note that it only does this when the value is not composed of just spaces and carriage returns.

0.48 ( 4-22-13 )
  - Revert code back to 0.45 version
    Changes lost in the process:
      Content is not stored in the 'content' key any more; it is stored as the node itself when the node contains nothing else. As God intended.
      Memory leak fixes
      Quote handling
  - Code copyright returned fully to David Helkowski; any changes by other parties have been discarded. Any code ported in from other open source projects removed.
    This has been done intentionally so as to make it possible to relicense the software commerically.
  - XS code modofied to work in a multi-threaded environment
  - Reverting Makefile.PL back to original wierd hackish fixes. They are there for specific reasons.

(wen)

Updated time/p5-DateTime-Format-Natural

(wen)

Update to 1.02

Upstream changlog is too long, please visit:
http://cpansearch.perl.org/src/SCHUBIGER/DateTime-Format-Natural-1.02/Changes

(wen)

Updated devel/p5-autobox to 2.79

(wen)

Update to 2.79

Upstream changes:
2.79 Tue Apr 30 21:22:05 2013
    - allow import arguments to be passed as a hashref
      - add t/import_hashref.t
    - doc tweaks

2.78 Tue Apr 30 18:53:54 2013
    - fix RT #80400 (thanks, Tokuhiro Matsuno)
      - added t/rt_80400.t

2.77  Thu Dec 13 19:59:48 2012
    - doc tweaks
    - add multiple-arg autoref tests

2.76  Wed Nov 21 14:35:33 2012
    - fix breaking tests in perl >= 5.17.5: update error message pattern (thanks, rjbs)
    - update ppport.h from 3.19 to 3.20

(wen)

Updated www/p5-Plack to 1.0024

(wen)

Update to 1.0024

Upstream changes:
1.0024  2013-05-01 10:05:56 PDT
    [IMPROVEMENTS]
        - Fix warnings for Plack::App::WrapCGI (frioux)
        - Ignore emacs lock file from restarter (maio)
        - Add documentation for environment variable in Auth::Basic
        - Some Metadata cleanup and Travis CI

(wen)

Updated filesystems/tahoe-lafs to 1.10.0

(gdt)

Update to:
Release 1.10.0 (2013-05-01)
'''''''''''''''''''''''''''

New Features
------------

- The Welcome page has been redesigned. This is a preview of the design style
  that is likely to be used in other parts of the WUI in future Tahoe-LAFS
  versions. (`#1713`_, `#1457`_, `#1735`_)
- A new extensible Introducer protocol has been added, as the basis for
  future improvements such as accounting. Compatibility with older nodes is
  not affected. When server, introducer, and client are all upgraded, the
  welcome page will show node IDs that start with "v0-" instead of the old
  tubid. See `<docs/nodekeys.rst>`__ for details. (`#466`_)
- The web-API has a new ``relink`` operation that supports directly moving
  files between directories. (`#1579`_)

Security Improvements
---------------------

- The ``introducer.furl`` for new Introducers is now unguessable. In previous
  releases, this FURL used a predictable swissnum, allowing a network
  eavesdropper who observes any node connecting to the Introducer to access
  the Introducer themselves, and thus use servers or offer storage service to
  clients (i.e. "join the grid"). In the new code, the only way to join a
  grid is to be told the ``introducer.furl`` by someone who already knew it.
  Note that pre-existing introducers are not changed. To force an introducer
  to generate a new FURL, delete the existing ``introducer.furl`` file and
  restart it. After doing this, the ``[client]introducer.furl`` setting of
  every client and server that should connect to that introducer must be
  updated. Note that other users of a shared machine may be able to read
  ``introducer.furl`` from your ``tahoe.cfg`` file unless you configure the
  file permissions to prevent them. (`#1802`_)
- Both ``introducer.furl`` and ``helper.furl`` are now censored from the
  Welcome page, to prevent users of your gateway from learning enough to
  create gateway nodes of their own.  For existing guessable introducer
  FURLs, the ``introducer`` swissnum is still displayed to show that a
  guessable FURL is in use. (`#860`_)

Command-line Syntax Changes
---------------------------

- Global options to ``tahoe``, such as ``-d``/``--node-directory``, must now
  come before rather than after the command name (for example,
  ``tahoe -d BASEDIR cp -r foo: bar:`` ). (`#166`_)

Notable Bugfixes
----------------

- In earlier versions, if a connection problem caused a download failure for
  an immutable file, subsequent attempts to download the same file could also
  fail. This is now fixed. (`#1679`_)
- Filenames in WUI directory pages are now displayed correctly when they
  contain characters that require HTML escaping. (`#1143`_)
- Non-ASCII node nicknames no longer cause WUI errors. (`#1298`_)
- Checking a LIT file using ``tahoe check`` no longer results in an
  exception. (`#1758`_)
- The SFTP frontend now works with recent versions of Twisted, rather than
  giving errors or warnings about use of ``IFinishableConsumer``. (`#1926`_,
  `#1564`_, `#1525`_)
- ``tahoe cp --verbose`` now counts the files being processed correctly.
  (`#1805`_, `#1783`_)
- Exceptions no longer trigger an unhelpful crash reporter on Ubuntu 12.04
  ("Precise") or later. (`#1746`_)
- The error message displayed when a CLI tool cannot connect to a gateway has
  been improved. (`#974`_)
- Other minor fixes: `#1781`_, `#1812`_, `#1915`_, `#1484`_, `#1525`_

Other Changes
-------------

- The provisioning/reliability pages were removed from the main client's web
  interface, and moved into a standalone web-based tool. Use the ``run.py``
  script in ``misc/operations_helpers/provisioning/`` to access them.
- Web clients can now cache (ETag) immutable directory pages. (`#443`_)
- `<docs/convergence_secret.rst>`__ was added to document the adminstration
  of convergence secrets. (`#1761`_)

(gdt)

Updated security/openssh to 6.2.1

(imil)

Removed OpenSSH-LPK support as AuthorizedKeysCommand obsoletes it

(imil)

Changes since OpenSSH 6.1
=========================

This release introduces a number of new features:

Features:

* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
  SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
  and aes256-gcm@openssh.com. It uses an identical packet format to the
  AES-GCM mode specified in RFC 5647, but uses simpler and different
  selection rules during key exchange.

* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
  for SSH protocol 2. These modes alter the packet format and compute
  the MAC over the packet length and encrypted packet rather than over
  the plaintext data. These modes are considered more secure and are
  used by default when available.

* ssh(1)/sshd(8): Added support for the UMAC-128 MAC as
  "umac-128@openssh.com" and "umac-128-etm@openssh.com". The latter
  being an encrypt-then-mac mode.

* sshd(8): Added support for multiple required authentication in SSH
  protocol 2 via an AuthenticationMethods option. This option lists
  one or more comma-separated lists of authentication method names.
  Successful completion of all the methods in any list is required for
  authentication to complete. This allows, for example, requiring a
  user having to authenticate via public key or GSSAPI before they
  are offered password authentication.

* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
  (KRLs), a compact binary format to represent lists of revoked keys
  and certificates that take as little as one bit per certificate when
  revoking by serial number. KRLs may be generated using ssh-keygen(1)
  and are loaded into sshd(8) via the existing RevokedKeys sshd_config
  option.

* ssh(1): IdentitiesOnly now applies to keys obtained from a
  PKCS11Provider. This allows control of which keys are offered from
  tokens using IdentityFile.

* sshd(8): sshd_config(5)'s AllowTcpForwarding now accepts "local"
  and "remote" in addition to its previous "yes"/"no" keywords to allow
  the server to specify whether just local or remote TCP forwarding is
  enabled.

* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
  support fetching authorized_keys from a command in addition to (or
  instead of) from the filesystem. The command is run under an account
  specified by an AuthorizedKeysCommandUser sshd_config(5) option.

* sftp-server(8): Now supports a -d option to allow the starting
  directory to be something other than the user's home directory.

* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
  tokens using "ssh-keygen -lD pkcs11_provider".

* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
  now immediately sends its SSH protocol banner to the server without
  waiting to receive the server's banner, saving time when connecting.

* ssh(1): Added ~v and ~V escape sequences to raise and lower the
  logging level respectively.

* ssh(1): Made the escape command help (~?) context sensitive so that
  only commands that will work in the current session are shown.

* ssh-keygen(1): When deleting host lines from known_hosts using
  "ssh-keygen -R host", ssh-keygen(1) now prints details of which lines
  were removed.

Bugfixes:

* ssh(1): Force a clean shutdown of ControlMaster client sessions when
  the ~. escape sequence is used. This means that ~. should now work in
  mux clients even if the server is no longer responding.

* ssh(1): Correctly detect errors during local TCP forward setup in
  multiplexed clients. bz#2055

* ssh-add(1): Made deleting explicit keys "ssh-add -d" symmetric with
  adding keys with respect to certificates. It now tries to delete the
  corresponding certificate and respects the -k option to allow deleting
  of the key only.

* sftp(1): Fix a number of parsing and command-editing bugs, including
  bz#1956

* ssh(1): When muxmaster is run with -N, ensured that it shuts down
  gracefully when a client sends it "-O stop" rather than hanging around.
  bz#1985

* ssh-keygen(1): When screening moduli candidates, append to the file
  rather than overwriting to allow resumption. bz#1957

* ssh(1): Record "Received disconnect" messages at ERROR rather than
  INFO priority. bz#2057.

* ssh(1): Loudly warn if explicitly-provided private key is unreadable.
  bz#1981

Portable OpenSSH:

* sshd(8): The Linux seccomp-filter sandbox is now supported on ARM
  platforms where the kernel supports it.

* sshd(8): The seccomp-filter sandbox will not be enabled if the system
  headers support it at compile time, regardless of whether it can be
  enabled then. If the run-time system does not support seccomp-filter,
  sshd will fall back to the rlimit pseudo-sandbox.

* ssh(1): Don't link in the Kerberos libraries. They aren't necessary
  on the client, just on sshd(8). bz#2072

* Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI
  library. bz#2073

* Fix compilation on systems with openssl-1.0.0-fips.

* Fix a number of errors in the RPM spec files.

Changes since OpenSSH 6.0
=========================

This is primarily a bugfix release.

Features:

* sshd(8): This release turns on pre-auth sandboxing sshd by default for
  new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
* ssh-keygen(1): Add options to specify starting line number and number of
  lines to process when screening moduli candidates, allowing processing
  of different parts of a candidate moduli file in parallel
* sshd(8): The Match directive now supports matching on the local (listen)
  address and port upon which the incoming connection was received via
  LocalAddress and LocalPort clauses.
* sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
  and {Allow,Deny}{Users,Groups}
* Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
* ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
* sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
  an argument to refuse all port-forwarding requests.
* sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
* ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
* sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
  to append some arbitrary text to the server SSH protocol banner.

Bugfixes:

* ssh(1)/sshd(8): Don't spin in accept() in situations of file
  descriptor exhaustion. Instead back off for a while.
* ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
  they were removed from the specification. bz#2023,
* sshd(8): Handle long comments in config files better. bz#2025
* ssh(1): Delay setting tty_flag so RequestTTY options are correctly
  picked up. bz#1995
* sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
  on platforms that use login_cap.

Portable OpenSSH:

* sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
  sandbox from the Linux SECCOMP filter sandbox when the latter is
  not available in the kernel.
* ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
  retrieve a CNAME SSHFP record.
* Fix cross-compilation problems related to pkg-config. bz#1996

Changes since OpenSSH 5.9
=========================

This is primarily a bugfix release.

Features:

* ssh-keygen(1): Add optional checkpoints for moduli screening
* ssh-add(1): new -k option to load plain keys (skipping certificates)
* sshd(8): Add wildcard support to PermitOpen, allowing things like
  "PermitOpen localhost:*".  bz #1857
* ssh(1): support for cancelling local and remote port forwards via the
  multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
  to request the cancellation of the specified forwardings
* support cancellation of local/dynamic forwardings from ~C commandline

Bugfixes:

* ssh(1): ensure that $DISPLAY contains only valid characters before
  using it to extract xauth data so that it can't be used to play local
  shell metacharacter games.
* ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
* scp(1): uppress adding '--' to remote commandlines when the first
  argument does not start with '-'. saves breakage on some
  difficult-to-upgrade embedded/router platforms
* ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
  but there is an "AF21" class
* ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
  rekeying
* ssh(1): skip attempting to create ~/.ssh when -F is passed
* sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
* sshd(1): send tty break to pty master instead of (probably already
  closed) slave side; bz#1859
* sftp(1): silence error spam for "ls */foo" in directory with files;
  bz#1683
* Fixed a number of memory and file descriptor leaks

Portable OpenSSH:

* Add a new privilege separation sandbox implementation for Linux's
  new seccomp sandbox, automatically enabled on platforms that support
  it. (Note: privilege separation sandboxing is still experimental)
* Fix compilation problems on FreeBSD, where libutil contained openpty()
  but not login().
* ssh-keygen(1): don't fail in -A on platforms that don't support ECC
* Add optional support for LDNS, a BSD licensed DNS resolver library
  which supports DNSSEC
* Relax OpenSSL version check to allow running OpenSSH binaries on
  systems with OpenSSL libraries with a newer "fix" or "patch" level
  than the binaries were originally compiled on (previous check only
  allowed movement within "patch" releases). bz#1991
* Fix builds using contributed Redhat spec file. bz#1992

Changes since OpenSSH 5.8
=========================

Features:

* Introduce sandboxing of the pre-auth privsep child using an optional
  sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
  mandatory restrictions on the syscalls the privsep child can perform.
  This intention is to prevent a compromised privsep child from being
  used to attack other hosts (by opening sockets and proxying) or
  probing local kernel attack surface.

  Three concrete sandbox implementation are provided (selected at
  configure time): systrace, seatbelt and rlimit.

  The systrace sandbox uses systrace(4) in unsupervised "fast-path"
  mode, where a list of permitted syscalls is supplied. Any syscall not
  on the list results in SIGKILL being sent to the privsep child. Note
  that this requires a kernel with the new SYSTR_POLICY_KILL option
  (only OpenBSD has this mode at present).

  The seatbelt sandbox uses OS X/Darwin sandbox(7) facilities with a
  strict (kSBXProfilePureComputation) policy that disables access to
  filesystem and network resources.

  The rlimit sandbox is a fallback choice for platforms that don't
  support a better one; it uses setrlimit() to reset the hard-limit
  of file descriptors and processes to zero, which should prevent
  the privsep child from forking or opening new network connections.

  Sandboxing of the privilege separated child process is currently
  experimental but should become the default in a future release.
  Native sandboxes for other platforms are welcome (e.g. Capsicum,
  Linux pid/net namespaces, etc.)

* Add new SHA256-based HMAC transport integrity modes from
  http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
  These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
  and hmac-sha2-512-96, and are available by default in ssh(1) and
  sshd(8)

* The pre-authentication sshd(8) privilege separation slave process
  now logs via a socket shared with the master process, avoiding the
  need to maintain /dev/log inside the chroot.

* ssh(1) now warns when a server refuses X11 forwarding

* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
  separated by whitespace. The undocumented AuthorizedKeysFile2
  option is deprecated (though the default for AuthorizedKeysFile
  includes .ssh/authorized_keys2)

* sshd_config(5): similarly deprecate UserKnownHostsFile2 and
  GlobalKnownHostsFile2 by making UserKnownHostsFile and
  GlobalKnownHostsFile accept multiple options and default to
  include known_hosts2

* Retain key comments when loading v.2 keys. These will be visible
  in "ssh-add -l" and other places. bz#439

* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
  IPv4 ToS/DSCP). bz#1855

* ssh_config(5)'s ControlPath option now expands %L to the host
  portion of the destination host name.

* ssh_config(5) "Host" options now support negated Host matching, e.g.

    Host *.example.org !c.example.org
        User mekmitasdigoat

  Will match "a.example.org", "b.example.org", but not "c.example.org"

* ssh_config(5): a new RequestTTY option provides control over when a
  TTY is requested for a connection, similar to the existing -t/-tt/-T
  ssh(1) commandline options.

* sshd(8): allow GSSAPI authentication to detect when a server-side
  failure causes authentication failure and don't count such failures
  against MaxAuthTries; bz#1244

* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa,
  dsa and ecdsa) for which host keys do not exist, generate the host
  keys with the default key file path, an empty passphrase, default
  bits for the key type, and default comment. This is useful for
  system initialisation scripts.

* ssh(1): Allow graceful shutdown of multiplexing: request that a mux
  server removes its listener socket and refuse future multiplexing
  requests but don't kill existing connections. This may be requested
  using "ssh -O stop ..."

* ssh-add(1) now accepts keys piped from standard input. E.g.
  "ssh-add - < /path/to/key"

* ssh-keysign(8) now signs hostbased authentication
  challenges correctly using ECDSA keys; bz#1858

* sftp(1): document that sftp accepts square brackets to delimit
  addresses (useful for IPv6); bz#1847a

* ssh(1): when using session multiplexing, the master process will
  change its process title to reflect the control path in use and
  when a ControlPersist-ed master is waiting to close; bz#1883 and
  bz#1911

* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892
  1900 1905 1913

Portable OpenSSH Bugfixes:

* Fix a compilation error in the SELinux support code. bz#1851

* This release removes support for ssh-rand-helper. OpenSSH now
  obtains its random numbers directly from OpenSSL or from
  a PRNGd/EGD instance specified at configure time.

* sshd(8) now resets the SELinux process execution context before
  executing passwd for password changes; bz#1891

* Since gcc >= 4.x ignores all -Wno-options options, test only the
  corresponding -W-option when trying to determine whether it is
  accepted; bz#1901

* Add ECDSA key generation to the Cygwin ssh-{host,user}-config
  scripts.

* Updated .spec and init files for Linux; bz#1920

* Improved SELinux error messages in context change failures and
  suppress error messages when attempting to change from the
  "unconfined_t" type; bz#1924 bz#1919

* Fix build errors on platforms without dlopen(); bz#1929

(imil)

Note update of misc/rump and filesystems/fs-utils to 20130430

(stacktic)

Update�misc/rump�and�filesystems/fs-utils�to�20130430�using�github�versions�which�are�available�respectively�at�https://github.com/anttikantee/buildrump.sh�and�https://github.com/stacktic/fs-utils

(stacktic)

Ignore interpretters in optional tools.

(fhajny)

Note update of security/libsodium to 0.4.1

(agc)

Update security/libsodium from version 0.3 to 0.4.1

Provided in pkg PR/47767 by csosstudy

Changes from previous version:

* Version 0.4.1
- sodium_version_*() functions were not exported in version 0.4. They
are now visible as intended.
- sodium_init() now calls randombytes_stir().
- optimized assembly version of salsa20 is now used on amd64.
- further cleanups and enhanced compatibility with non-C99 compilers.

* Version 0.4
- Most constants and operations are now available as actual functions
instead of macros, making it easier to use from other languages.
- New operation: crypto_generichash, featuring a variable key size, a
variable output size, and a streaming API. Currently implemented using
Blake2b.
- The package can be compiled in a separate directory.
- aes128ctr functions are exported.
- Optimized versions of curve25519 (curve25519_donna_c64), poly1305
(poly1305_53) and ed25519 (ed25519_ref10) are available. Optionally calling
sodium_init() once before using the library makes it pick the fastest
implementation.
- New convenience function: sodium_memzero() in order to securely
wipe a memory area.
- A whole bunch of cleanups and portability enhancements.
- On Windows, a .REF file is generated along with the shared library,
for use with Visual Studio. The installation path for these has become
$prefix/bin as expected by MingW.

pkgsrc change:

* install the NEWS file under share/ hierarchy

(agc)

Fix various case of missing includes due to libstdc++'s namespace
pollution.

(joerg)

Use <memory> for libc++.

(joerg)

Just use the C++ compiler for linking.

(joerg)

Match constness of other argument.

(joerg)

Pick wcschr from std.

(joerg)

When looking for a thread library, check using pthread_create, not
pthread_join.

(joerg)

Use <memory> for libc++.

(joerg)

Avoid conflict with std::is_function. Add some missing const and
a missing include.

(joerg)

Deal with 16bit ctype table change in NetBSD/current.

(joerg)

locale_t is surprisingly used by locale.h, so pick a different name.

(joerg)

Don't define abs/min/max as macros for C++ code.

(joerg)

Avoid conflict with C++11's std::move.

(joerg)

Don't pick up C++11's std::is_object trait.

(joerg)

Fix forward declaration. Avoid static_assert from C++11.

(joerg)

Add some const poison for stricter STL implementations.

(joerg)

Add missing include. Avoid incompatible forward declaration, just
include the correct header.

(joerg)

Avoid conflicts with std::hash and std::ref in C++11.

(joerg)

Try harder to give the custom string class an operand that it
understands.

(joerg)

Explicitly use the GNU namespace for finding hash, C++11 uses the same
identifier in std. Reference the local to_string as it is now also
support by std::string.

(joerg)

Use MASTER_SITE_BACKUP because tarball downloaded from original site changes from time to time

(cheusov)

Unbreak build on MirBSD by pre-including sys/types.h and sys/time.h in
header checks.
This will be submitted upstream.

(bsiegert)

gv update

(markd)

Update to 3.7.4

%%%%%%%%%%%%%%%%%%% GV 3.7.4 (March 2013) %%%%%%%%%%%%%%%%%%%%%%%%%%

# Fixed CVE-2012-3386 (by using updated automake)
# Fixed bug-gv] Problem after saving gv-settings
# improve wording of gv-update-userconfig manual
# Scrolling and memory access improved
# README.I18N adjusted for libXaw3d 1.6.x
# Fixed GNU gv 3.6.4 - 3.7.3 page selector button geometry bug

%%%%%%%%%%%%%%%%%%% GV 3.7.3.90 (March 2012) %%%%%%%%%%%%%%%%%%%%%%%%%%

# Support for libXaw3d-1.6.x

(markd)

Add a pulseaudio option.

(markd)

Updated net/samba to 3.6.14

(adam)

Changes 3.6.14:
* BUG 9130: Certain xattrs cause Windows error 0x800700FF.
* BUG 9724: Use is_encrypted_packet() function correctly inside server.
* BUG 9733: Fix 'smbcontrol close-share' is not working.
* BUG 9747: Make sure that we only propogate the INHERITED flag when we are
  allowed to.
* BUG 9748: Remove unneeded fstat system call from hot read path.
* BUG 9811: Fix bug in old create temp SMB request. Only use VFS functions.
* BUG 9650: New or deleted CUPS printerqueues are not recognized by Samba.
* BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon.
* BUG 9727: wkssvc: Fix NULL pointer dereference.
* BUG 9736: smbd: Tune "dir" a bit.
* BUG 9775: Fix segfault for "artificial" conn_structs.
* BUG 9809: RHEL SPEC: Package dbwrap_tool man page.
* BUG 9139: Fix the username map optimization.
* BUG 9699: Fix adding case sensitive spn.
* BUG 9723: Add a tool to migrate latin1 printing tdbs to registry.
* BUG 9735: Fix Winbind separator in upn to username conversion.
* BUG 9766: Cache name_to_sid/sid_to_name correctly.

(adam)

Pullup tickets #4128 and #4129.

(tron)

Pullup ticket #4129 - requested by dholland
www/squid3: build fix

Revisions pulled up:
- www/squid3/options.mk                                        1.5

---
  Module Name: pkgsrc
  Committed By: dholland
  Date: Mon Apr 29 15:53:59 UTC 2013

  Modified Files:
  pkgsrc/www/squid3: options.mk

  Log Message:
  Fix options.mk, from Edgar Fuss in PR 47784.

(tron)

Pullup ticket #4128 - requested by tez
security/mit-krb5: security patch

Revisions pulled up:
- security/mit-krb5/Makefile                                    1.68
- security/mit-krb5/distinfo                                    1.41
- security/mit-krb5/patches/patch-kdc_do_tgs_req.c              1.1

---
  Module Name:    pkgsrc
  Committed By:  tez
  Date:          Tue Apr 23 22:09:44 UTC 2013

  Modified Files:
          pkgsrc/security/mit-krb5: Makefile distinfo
  Added Files:
          pkgsrc/security/mit-krb5/patches: patch-kdc_do_tgs_req.c

  Log Message:
  Fix for CVE-2013-1416 from:
    http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600

(tron)

Update to mksh-45.

* [tg] Make “set -x” print the commands run in escaped form
* [tg] PS4 in dot.mkshrc is now timestamped
* [tg] The &> GNU bash I/O redir is no longer parsed in -o posix, -o sh modes,
  lksh (breaks valid scripts)
* [tg] Implement ${ …;} more efficiently (deleted-open files)
* [tg] For shf, %#s (if you can get it past GCC’s printf format attribute)
  calls print_value_quoted, ignoring field width and precision
* [tg] Catch “typeset =” (regression) with better error message
* [tg, Tonnerre Lombard] add “doch” alias to dot.mkshrc which just repeats the
  last input line with sudo(8)
* [tg] Use unsigned integers for all calculations, to avoid ISO C “Undefined
  Behaviour” (and implementation-defined behaviour) throughout (most of) the
  code; emulate signed integer arithmetics using unsigned; not-lksh only
* [tg] Emulate signed modulo naïvely, for correct sign of the result
* [tg] Add <<< and >>> for ROL and ROR (rotate left and right, respectively)
  operations, <<<= and >>> assignments; bitwise AND the RHS of a shift/rotate
  op with 31 (not for lksh)
* [tg] Remove a warning by working around a workaround found in dietlibc which
  works around a bug in broken software such as GNU tar (really!)
* [tg] Correct and simplify list and categorisation of built-in commands as
  POSIX special and “everything else” plus a flag to keep assignments
* [tg] Handle ((foo)) as “let]” internally to avoid a conflict with
  user-defined functions called let (LP#1156707)
* [tg] Clean up the code

(bsiegert)

Fix directory name.

(hauke)

Updated net/netatalk224 to 2.2.4

(hauke)

Untangle the m0nster patch to configure.  To the quota experts: Please
check all the bells and whistles are still in place, and functional.

While here, update to Netatalk 2.2.4. Note that we will ship Netatalk
2 as long as NetBSD ships ddp ("netatalk") support, so v3 is not a
replacement.

Changes to package setup:

Set PLIST_VARS.{ea,acl} so that the package builds on Ubuntu Linux 10
LTS. I guess there are version and file-system dependencies?

Add dnssd option for mDNSResponder ("zeroconf") support.

Remaining (upstream) issues:

dbd(8) breaks with a less-than-helpful error message, see end of
PR pkg/47578

afpd(8) mis-maps user IDs -- a security issue

Upstream changes:

Changes in 2.2.4
================

* FIX: Missing UAM links
* FIX: Lockup in AFP logout on Fedora 17
* FIX: Reset signal handlers and alarm timer after successfull PAM
      authentication. Fixes a problem with AFP disconnects caused
      by pam_smbpass.so messing with our handlers and timer.
* FIX: afpd: Fix a possible problem with sendfile on Solaris derived
      platforms

Changes in 2.2.3
================

* NEW: afpd: support for mdnsresponder
* NEW: afpd: new LDAP config option ldap_uuid_string
* UPD: based on Unicode 6.1.0
* UPD: experimental systemd service files: always run both afpd and cnid_metad
* UPD: afpd: Ensure our umask is not altered by eg pam_umask
* UPD: afpd: Use GSS_C_NO_NAME as server principal when Kerberos options -fqdn
      and -krb5service are not set, from Jamie Gilbertson
* UPD: afpd: Changed behaviour for TimeMachine volumes in case there's a problem
      talking to the CNID daemons. Previously the volume was flagged read-only
      and an AFP message was sent to the client. As this might result in
      TimeMachine assuming the backup sparse bundle is damaged, we now just
      switch the CNID database to an in-memory tdb without the additional stuff.
* FIX: afpd: sendfile() on FreeBSD was broken, courtesy of Denis Ahrens
* FIX: afpd: Dont use searchdb when doing partial name search
* FIX: afpd: Fix a possible bug handling disconnected sessions,
      NetAFP Bug ID #16
* FIX: afpd: Close IPC fds in afpd session child inherited from the afpd
      master process
* FIX: dbd: Don't remove BerkeleyDB if it's still in use by eg cnid_dbd, fixes
      bug introduced in 2.2.2
* FIX: debian initscript: start avahi-daemon (if available) before atalkd
* FIX: Zeroconf could not advertise non-ASCII time machine volume name

Changes in 2.2.2
================

* NEW: afpd: New option "adminauthuser". Specifying eg "-adminauthuser root"
      whenever a normal user login fails, afpd tries to authenticate as
      the specified adminauthuser. If this succeeds, a normal session is
      created for the original connecting user. Said differently: if you
      know the password of adminauthuser, you can authenticate as any other
      user.
* NEW: configure option "--enable-suse-systemd" for openSUSE12.1 and later.
      "--enable-redhat-systemd" and "--enable-suse-systemd" are same as
      "--enable-systemd".
      "--enable-suse" is renamed "--enable-suse-sysv".
* NEW: experimental systemd service files in distrib/systemd/
* UPD: afpd: Enhanced POSIX ACL mapping semantics, from Laura Mueller
* UPD: afpd: Reset options every time a :DEFAULT: line is found in a
      AppleVolumes file
* UPD: afpd: Convert passwords from legacy encoding (wire format) to host
      encoding, NetAFP Bug ID #14
* UPD: afpd: Don't set ATTRBIT_SHARED flag for directories
* UPD: afpd: Use sendfile() on Solaris and FreeBSD for sending data
* UPD: afpd: Faster volume used size calculation for "volsizelimit" option,
      cf man AppleVolume.default for details
* FIX: afpd: ACL access checking
* FIX: afpd: Fix an error when duplicating files that lacked an AppleDouble
      file which lead to a possible Finder crash
* FIX: afpd: Read-only filesystems lead to afpd processes running as root
* FIX: afpd: Fix for filesystem without NFSv4 ACL support on Solaris
* FIX: afpd: Fix catsearch bug, NetAFP Bug ID #12
* FIX: afpd: Fix dircache bug, NetAFP Bug ID #13
* FIX: dbd: Better checking for duplicated or bogus CNIDs from AppleDouble
      files
* FIX: dbd: Remove BerkeleyDB database environment after running `dbd`. This
      is crucial for the automatic BerkeleyDB database upgrade feature which
      is built into cnid_dbd and dbd.
* FIX: Fix compilation error when AppleTalk support is disabled
* FIX: Portability fixes
* FIX: search of surrogate pair

(hauke)

Added misc/kz_h8write version 0.2.1

(ryoon)

Add kz_h8write

(ryoon)