Changes 2.6.3:
- avcodec/libtheoraenc: Check for av_malloc failure
- ffmpeg_opt: Fix -timestamp parsing
- hevc: make avcodec_decode_video2() fail if get_format() fails
- avcodec/cavsdec: Use ff_set_dimensions()
- swr: fix alignment issue caused by 8ch sse functions
- avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
- avcodec/jpeg2000dec: fix boolean operator
- avcodec/hevc_ps: Explicitly check num_tile_* for negative values
- avformat/matroskadec: Cleanup error handling for bz2 & zlib
- avformat/nutdec: Fix use of uinitialized value
- tools/graph2dot: use larger data types than int for array/string sizes
- avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv()
- avcodec/mpeg12dec: use the correct dimensions for checking SAR
- xcbgrab: Validate the capture area
- xcbgrab: Do not assume the non shm image data is always available
- avfilter/lavfutils: disable frame threads when decoding a single image
- avformat/mov: Do not read ACLR into extradata for H.264
- ffmpeg: remove incorrect network deinit
- OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
- libvpxenc: only set noise reduction w/vp8
- vp9: remove another optimization branch in iadst16 which causes overflows.
- lavf: Reset global flag on deinit
- network: Do not leave context locked on error
- vp9: remove one optimization branch in iadst16 which causes overflows.
- fate: Include branch information in the payload header
- avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use
- avformat/img2dec: do not rewind custom io buffers
- avcodec/alsdec: Use av_mallocz_array() for chan_data to ensure the arrays never contain random data
- avcodec/atrac3plusdsp: fix on stack alignment
- swresample/swresample-test: Randomly wipe out channel counts
- swresample: Check channel layouts and channels against each other and print human readable error messages
- swresample: Allow reinitialization without ever setting channel layouts (cherry picked from commit 80a28c7509a11114e1aea5b208d56c6646d69c07)
- swresample: Allow reinitialization without ever setting channel counts
- dashenc: replace attribute id with contentType for the AdaptationSet element
- avformat/matroskaenc: Use avoid_negative_ts_use_pts if no stream writes dts
- avformat/mux: Add avoid_negative_ts_use_pts
- tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
- cafdec: free extradata before allocating it
- imgutils: initialize palette padding bytes in av_image_alloc
- aacdec: don't return frames without data
- id3v2: catch avio_read errors in check_tag
- avi: Validate sample_size
- aacsbr: break infinite loop in sbr_hf_calc_npatches
- diracdec: avoid overflow of bytes*8 in decode_lowdelay
- diracdec: prevent overflow in data_unit_size check
- avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]
- matroskadec: use uint64_t instead of int for index_scale
- pngdec: don't use AV_PIX_FMT_MONOBLACK for apng
- pngdec: return correct error code from decode_frame_common
- nutdec: fix illegal count check in decode_main_header
- nutdec: fix memleaks on error in nut_read_header
- apedec: prevent out of array writes in decode_array_0000
- apedec: set s->samples only when init_frame_decoder succeeded
- swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete macro GET_VF() it was wrong
- alac: reject rice_limit 0 if compression is used
- alsdec: only adapt order for positive max_order
- bink: check vst->index_entries before using it
- mpeg4videodec: only allow a positive length
- aacpsy: correct calculation of minath in psy_3gpp_init
- alsdec: validate time diff index
- alsdec: ensure channel reordering is reversible
- ac3: validate end in ff_ac3_bit_alloc_calc_mask
- aacpsy: avoid psy_band->threshold becoming NaN
- aasc: return correct buffer size from aasc_decode_frame
- matroskadec: export cover art correctly
- mxfenc: don't try to write footer without header
- mxfenc: fix memleaks in mxf_write_footer
- rtpenc_mpegts: Set chain->rtp_ctx only after avformat_write_header succeeded
- rtpenc_mpegts: Free the right ->pb in the error path in the init function

(adam)

Updated devel/ccache to 3.2.2

(adam)

Changes 3.2.2:

New features and improvements
* Added support for CCACHE_COMPILERCHECK=string:<value>. This is a faster alternative to CCACHE_COMPILERCHECK=<command> if the command窶冱 output can be precalculated by the build system.
* Add support for caching code coverage results (compiling for gcov).

Bug fixes
* Fixed bug which could result in false cache hits when source code contains '"' followed by " /*" or " //" (with variations).
* Made hash of cached result created with and without CCACHE_CPP2 different. This makes it possible to rebuild with CCACHE_CPP2 set without having to clear the cache to get new results.
* Don窶冲 try to reset a non-existing stats file. This avoids 窶廸o such file or directory窶� messages in the ccache log when the cache directory doesn窶冲 exist.
* Fixed a bug where ccache deleted clang diagnostics after compiler failures.
* Avoid performing an unnecessary copy of the object file on a cache miss.
* Bail out on too hard compiler option -fmodules.
* Bail out on too hard compiler option -fplugin=libcc1plugin (interaction with GDB).
* Fixed build error when compiling ccache with recent clang versions.
* Removed signal-unsafe code from signal handler.
* Corrected logic for when to output cached stderr.
* Wipe the whole cached result on failure retrieving a cached file.
* Fixed build error when compiling ccache with recent clang versions.

(adam)

Updated databases/sqlite3 to 3.8.10

(adam)

Changes 3.8.10:
Added the sqldiff.exe utility program for computing the differences between two SQLite database files.
Added the y format string to the matchinfo() function of FTS3.
Performance improvements for ORDER BY, VACUUM, CREATE INDEX, PRAGMA integrity_check, and PRAGMA quick_check.
Fix many obscure problems discovered while SQL fuzzing.
Identify all methods for important objects in the interface documentation. (example)
Made the American Fuzzy Lop fuzzer a standard part of SQLite's testing strategy.
Add the ".binary" and ".limits" commands to the command-line shell.
Make the "dbstat" virtual table part of standard builds when compiled with the SQLITE_ENABLE_DBSTAT_VTAB option.

(adam)

Updated archivers/par2 to 0.6.12; audio/py-audiotools to 3.0

(adam)

Changes 3.0:
Unknown

(adam)

Changes 0.6.5:
* fix blocksize calculation
* lintian warning spelling fix
* add manfile for par2
* README in Markdown
* add spelling fixes to cmdline output
* fixed some spelling
* simplify FindFiles

(adam)

Updated www/squid3 to 3.5.4

(adam)

Changes 3.5.4:
* Fix X509 server certificate domain matching
* Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
* Cleanup: Display correct error code in debugging output for IoCallback::finish
* Cleanup: Fix spelling error in debug message in parseHttpRequest()
* Cleanup: Add whitespace to make debug message in writeComplete() more readable
* Add Kerberos support for MAC OS X 10.x
* Bug 4234: comm_connect_addr uses errno incorrectly
* Fix 'access_log none' to prevent following logs being used
* Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
* Docs: Update CONTRIBUTORS
* Ensure class Lock counter remains within bounds
* Portability: Add hacks to define C++11 explicit N-bit type limits
* Fix SSL_get_peer_certificate memory leak
* Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD
* Bug 4231 pt1: fd_open() not correctly handling empty descriptions
* Negotiate Kerberos authentication request size exceeds output buffer size.
* Do not increment an iterator invalidated by std::map::erase().
* Fix require-proxy-header preventing HTTPS proxying and ssl-bump
* Fix atomics check broken by C++11 #include added in v3.5 branch r13783
* Support for resuming TLS sessions
* Bug 4212: ssl_crtd crashes with corrupt database
* Fix rev.13795 ServerName class
* Add server_name ACL matching server name(s) obtained from various sources
* Bug 4226: digest_edirectory_auth: found but cannot be built
* Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError
* Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
* Fix cross-compile issues with SSL_get_certificate()
* Docs: RFC 7238 obsoleted by RFC 7538
* Boilerplate: reference Translator copyrights in CREDITS
* Cleanup: Place explicit size on ref-count lock counter
* Cleanup: extend SBuf debugging information
* digest_edirectory_auth: Fix -lnettle dependency error

(adam)

Updated databases/py-mysql-connector to 2.0.4

(adam)

Changes 2.0.4:
The Changes.txt file was missing from .msi and .dmg packages.
Encoding failure could occur for prepared cursors with UTF-8 statement parameters.
Values of the SET data type were not translated correctly if empty.
HASH sharding for Fabric failed.
Queries that produced a large result could result in an IndexError: bytearray index out of range exception.
The Django backend sometimes failed to properly convert SafeText objects, which then appeared in queries.

(adam)

Added devel/py-pyobjc version 3.0.4

(adam)

Added devel/py-pyobjc version 3.0.4

(adam)

The PyObjC project aims to provide a bridge between the Python and Objective-C
programming languages. The bridge is intended to be fully bidirectional,
allowing the Python programmer to take full advantage of the power provided by
various Objective-C based toolkits and the Objective-C programmer transparent
access to Python based functionality.

(adam)

The PyObjC project aims to provide a bridge between the Python and Objective-C
programming languages. The bridge is intended to be fully bidirectional,
allowing the Python programmer to take full advantage of the power provided by
various Objective-C based toolkits and the Objective-C programmer transparent
access to Python based functionality.

(adam)

Updated devel/git to 2.3.6

(adam)

Changes 2.3.6:
* "diff-highlight" (in contrib/) used to show byte-by-byte
  differences, which meant that multi-byte characters can be chopped
  in the middle.  It learned to pay attention to character boundaries
  (assuming the UTF-8 payload).
Also contains typofixes, documentation updates and trivial code
clean-ups.

(adam)

Added www/py-django-treebeard version 3.0

(adam)

Added py-django-treebeard version 3.0

(adam)

django-treebeard is a library that implements efficient tree implementations
for the Django Web Framework 1.4+. It includes 3 different tree
implementations: Adjacency List, Materialized Path and Nested Sets.

(adam)

Revbump after updating devel/boost-libs

(adam)

Updated www/py-django-mptt to 0.7.1; www/py-django-classy-tags to 0.6.1

(adam)

Changes 0.6.1:
Added support for Django 1.8
Dropped support for Django 1.2

(adam)

Changes 0.7.1:
Unknown

(adam)

Fixed a typo

(adam)

Updated devel/boost to 1.58.0; games/wesnoth to 1.12.2; graphics/py-Pillow to 2.8.1; www/py-django-reversion to 1.8.6; www/py-django-cms to 3.0.13

(adam)

Changes 3.0.13:
Numerous documentation updates especially for installation and the tutorial
Numerous improvements to translations
Improves reliability of apphooks
Improves reliabiliy of Advanced Settings for pages when using apphooks
Allow page deletion after template removal
Improves upstream caching accuracy
Improves CMSAttachMenu registration
Improves handling of mistyped URLs
Improves redirection as a result of changes to page slugs, etc.
Improves performance of "watched models"
Improves frontend performance relating to resizing the sideframe
Corrects an issue where items might not be visible in structue mode menus
Limits version of django-mptt used in CMS for 3.0.x
Prevent accidental upgrades to Django 1.8, which is not yet supported

(adam)

Changes 1.8.6:
- Support for MySQL utf8mb4
- Fixing some Django deprecation warnings
- Versions passed through by reversion.post_revision_commit now contain a primary key

(adam)

Changes 2.8.1:
- Bug fix: Catch struct.error on invalid JPEG

(adam)

Changes 1.12.2:
This is a maintenance release for the stable 1.12.x series including a critical security fix, as well as an assortment of other bug fixes and improvements over version 1.12.1. We urge users of all previous versions to upgrade immediately.

(adam)

Changes 1.58.0:
* New Libraries:
  - Endian: Types and conversion functions for correct byte ordering and more regardless of processor endianness.
  - Sort: Includes spreadsort, a general-case hybrid radix sort that is faster than O(n*log(n))
* Updated Libraries:

(adam)

Updated devel/cmake to 3.2.2

(adam)

Changes 3.2.2:
* file(LOCK): Close file descriptor/handle when releasing a lock
* FindMFC: Use if(DEFINED) to simplify condition
* curl: Never consider using Windows APIs on Cygwin
* liblzma: Use unaligned access only on Intel and PowerPC archs
* liblzma: Disable XL compiler optimizations
* liblzma: Disable GNU 3.3 compiler optimizations
* KWSys SystemTools: Teach Touch with !create to succeed on missing file
* Makefile: Fix multiple custom command outputs with one missing
* libarchive: Fix string concatentation in Windows mktemp implementation

(adam)

Fix building on OS X

(adam)

Updated multimedia/ffmpeg2 to 2.6.2

(adam)

Changes 2.6.2:
- avcodec/h264: Do not fail with randomly truncated VUIs
- avcodec/h264_ps: Move truncation check from VUI to SPS
- avcodec/h264: Be more tolerant to changing pps id between slices
- avcodec/aacdec: Fix storing state before PCE decode
- avcodec/h264: reset the counts in the correct context
- avcodec/h264_slice: Do not reset mb_aff_frame per slice
- avcodec/h264: finish previous slices before switching to single thread mode
- avcodec/h264: Fix race between slices where one overwrites data from the next
- avformat/utils: avoid discarded streams in av_find_default_stream_index()
- ffmpeg: Fix extradata allocation
- avcodec/h264_refs: Do not set reference to things which do not exist
- avcodec/h264: Fail for invalid mixed IDR / non IDR frames in slice threading mode
- Revert "avcodec/exr: fix memset first arg in reverse_lut()"
- h264: avoid unnecessary calls to get_format
- avutil/pca: Check for av_malloc* failures
- avutil/cpu: add missing check for mmxext to av_force_cpu_flags
- lavc/dnxhd: Fix pix_fmt change.
- avformat/http: replace cookies with updated values instead of appending forever
- avformat/hls: store cookies returned in HLS key response
- avformat/rmdec: fix support for 0 sized mdpr
- avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
- avcodec/hevc_ps: Check cropping parameters more correctly
- hevc: make the crop sizes unsigned
- avcodec/dnxhddec: Reset is_444 if format is not 444
- avcodec/dnxhddec: Check that the frame is interlaced before using cur_field
- mips/float_dsp: fix vector_fmul_window_mips on mips64
- doc: Remove non-existing decklink options.

(adam)

Updated databases/sqlite3 to 3.8.9

(adam)

Changes 3.8.9:
Add VxWorks-7 as an officially supported and tested platform.
Added the sqlite3_status64() interface.
Fix memory size tracking so that it works even if SQLite uses more than 2GiB of memory.
Added the PRAGMA index_xinfo command.
Fix a potential 32-bit integer overflow problem in the sqlite3_blob_read() and sqlite3_blob_write() interfaces.
Ensure that prepared statements automatically reset on extended error codes of SQLITE_BUSY and SQLITE_LOCKED even when compiled using SQLITE_OMIT_AUTORESET.
Correct miscounts in the sqlite3_analyzer.exe utility related to WITHOUT ROWID tables.
Added the ".dbinfo" command to the command-line shell.
Improve the performance of fts3/4 queries that use the OR operator and at least one auxiliary fts function.
Fix a bug in the fts3 snippet() function causing it to omit leading separator characters from snippets that begin with the first token in a column.

(adam)

Updated net/miniupnpd to 1.9.20150307; devel/git to 2.3.5; databases/mysql55 to 5.5.43; databases/mysql56 to 5.6.24

(adam)

Changes 5.6.24:
* CMake support was updated to handle CMake version 3.1.
* The server now includes its version number when it writes the initial ���starting��� message to the error log, to make it easier to tell which server instance error log output applies to. This value is the same as that available from the version system variable.
* ALTER TABLE did not take advantage of fast alterations that might otherwise apply to the operation to be performed, if the table contained temporal columns found to be in pre-5.6.4 format (TIME, DATETIME, and TIMESTAMP columns without support for fractional seconds precision).
* Statement digesting as done previously by the Performance Schema is now done at the SQL level regardless of whether the Performance Schema is compiled in and is available to other aspects of server operation that could benefit from it. The default space available for digesting is 1024 bytes, but can be changed at server startup using the max_digest_length system variable.
* Bug fixes.

(adam)

Changes 5.5.43:
* CMake support was updated to handle CMake version 3.1.
* The server now includes its version number when it writes the initial ���starting��� message to the error log, to make it easier to tell which server instance error log output applies to. This value is the same as that available from the version system variable.
* Bug fixes.

(adam)

Changes 2.3.5:
* The prompt script (in contrib/) did not show the untracked sign
  when working in a subdirectory without any untracked files.

* Even though "git grep --quiet" is run merely to ask for the exit
  status, we spawned the pager regardless.  Stop doing that.

* Recommend format-patch and send-email for those who want to submit
  patches to this project.

* An failure early in the "git clone" that started creating the
  working tree and repository could have resulted in some directories
  and files left without getting cleaned up.

* "git fetch" that fetches a commit using the allow-tip-sha1-in-want
  extension could have failed to fetch all the requested refs.

* The split-index mode introduced at v2.3.0-rc0~41 was broken in the
  codepath to protect us against a broken reimplementation of Git
  that writes an invalid index with duplicated index entries, etc.

* "git prune" used to largely ignore broken refs when deciding which
  objects are still being used, which could spread an existing small
  damage and make it a larger one.

* "git tag -h" used to show the "--column" and "--sort" options
  that are about listing in a wrong section.

* The transfer.hiderefs support did not quite work for smart-http
  transport.

* The code that reads from the ctags file in the completion script
  (in contrib/) did not spell ${param/pattern/string} substitution
  correctly, which happened to work with bash but not with zsh.

* The explanation on "rebase --preserve-merges", "pull --rebase=preserve",
  and "push --force-with-lease" in the documentation was unclear.

(adam)

Changes 1.9.20150307:
* don't die when IPv6 is enabled and interface has no IPv4 address
* IP wildcard for AddPinhole() is empty string

(adam)

Updated devel/cmake to 3.2.1

(adam)

Changes 3.2.1:
* CMake learned to support unicode characters *encoded as UTF-8* on
  Windows.  This was already supported on platforms whose system APIs
  accept UTF-8 encoded strings. Unicode characters may now be used in
  CMake code, paths to source files, configured files such as ".h.in"
  files, and other files read and written by CMake.  Note that because
  CMake interoperates with many other tools, there may still be some
  limitations when using certain unicode characters.

* The "Compile Features" functionality is now aware of features
  supported by more compilers, including:

  * Apple Clang ("AppleClang") for Xcode versions 4.4 though 6.1.

  * GNU compiler versions 4.4 through 5.0 on UNIX and Apple ("GNU").

  * Microsoft Visual Studio ("MSVC") for versions 2010 through 2015.

  * Oracle SolarisStudio ("SunPro") version 12.4.

* The "add_custom_command()" and "add_custom_target()" commands
  learned a new "BYPRODUCTS" option to specify files produced as side
  effects of the custom commands.  These are not outputs because they
  do not always have to be newer than inputs.

* The "file(GENERATE)" command can now generate files which are used
  as source files for buildsystem targets.  Generated files
  automatically get their "GENERATED" property set to "TRUE".

Deprecated and Removed Features:

* Files written in the "cmake-language(7)", such as "CMakeLists.txt"
  or "*.cmake" files, are now expected to be encoded as UTF-8.  If
  files are already ASCII, they will be compatible.  If files were in
  a different encoding, including Latin 1, they will need to be
  converted.

* The "FindOpenGL" module no longer explicitly searches for any
  dependency on X11 libraries with the "FindX11" module.  Such
  dependencies should not need to be explicit. Applications using X11
  APIs themselves should find and link to X11 libraries explicitly.

(adam)

Updated multimedia/x265 to 1.6

(adam)

x265 1.6 has been released.  The changes from the 1.5 release are mostly
performance oriented, with heavy improvements for AVX2 capable platforms
(Haswell and later Intel CPUs) and work efficiency improvements for
multiple-socket machines.

(adam)

Updated print/ghostscript-agpl to 9.16

(adam)

Changes 9.16:

* "LockColorants" command line option for tiffsep and psdcmyk devices. Specifying -dLockColorants will restrict those devices to only the colorants list on the command line (thus: -c "<< /SeparationColorNames [ /Cyan /Magenta /Yellow /Black /Violet /Orange] /SeparationOrder [ /Cyan /Magenta /Yellow /Black /Violet /Orange]>> setpagedevice"), rather than allowing the devices to add new colorants as encountered in the input. This is, obviously, preferable for real printers, where only a certain of inks will be available.

* Improved high level devices handling of Forms. Whilst High level devices (eg pdfwrite) already checked Forms to see if they are duplicates, and if so use the initial definition. However, this does not improve performance, since the Form PaintProc still needs to be executed for each instance of the Form, and the matching algorithm could, in very odd circumstances, be defeated. The new implementation benefits both causes, meaning the second and subsequent invocation of the form need not re-run the PaintProc, and removes the heurisic aspect of the reuse detection.

* New URW+ fonts in which the families NimbusMono, NimbusRoman and NimbusSans have been augmented with production quality Greek and Cyrillic glyphs. These correspond to our substitutes for the PDF base 14 fonts.

* Plus the usual round of bug fixes, compatibility changes, and incremental improvements.

(adam)

Updated textproc/icu to 55.1

(adam)

Revbump after updating textproc/icu

(adam)

Changes 55.1:
The features for this release include support of CLDR 27 (with a major cleanup of region locales, among many other improvements), formatting for scientific notation ("1.2 × 10³"), an update to Unicode 7.0 data for spoof-checking, narrow AM/PM markers ("7:45p"), and various performance enhancements. For C/C++, there are new methods for flexible dates ("Nov 10", or "Sept 2015"), named capture groups for regular expressions, formatting of compound units ("3.5 meters per second"), new C wrappers, and independent timezone resource loading. ICU4J has been improved and tested for using ICU4C data and for running on Android.

(adam)

Updated multimedia/libaacs to 0.8.1

(adam)

Changes 0.8.1:
- Accept NULL mount / device path when application handles file system access.
- Fix FreeBSD build.
- Do not require pthread with gcrypt >= 1.6.0.

(adam)

Updated devel/subversion to 1.8.13

(adam)

Changes 1.8.13:

This release addresses 3 security issues.

  CVE-2015-0202: Subversion HTTP servers with FSFS repositories are
                vulnerable to a remotely triggerable excessive memory
                use with certain REPORT requests.
  CVE-2015-0248: Subversion mod_dav_svn and svnserve are vulnerable to a
                remotely triggerable assertion DoS vulnerability for certain
                requests with dynamically evaluated revision numbers
  CVE-2015-0251: Subversion HTTP servers allow spoofing svn:author property
                values for new revisions

(adam)

Updated www/py-django to 1.7.7; www/py-django14 to 1.4.20

(adam)

Changes 1.4.20:
* Mitigated possible XSS attack via user-supplied redirect URLs

(adam)

Changes 1.7.7:
* Fix for Denial-of-service possibility with strip_tags()
* Mitigated possible XSS attack via user-supplied redirect URLs

(adam)

Updated devel/py-nose to 1.3.4

(adam)

1.3.4 fixes an issue with Python 3.4 and initializing a TestSuite
properly, along with a couple of other minor issues.

(adam)

Updated databases/py-sqlalchemy to 0.9.9

(adam)

Release 0.9.9 is a large maintenance release featuring 30 changes, mostly bug fixes. A handful of modest feature adds are also present, including new Core features for SQLite, Postgresql, and new API features to provide better control of transaction isolation level when using the ORM.

(adam)

Updated mail/dovecot2 to 2.2.16

(adam)

Changes 2.2.16:
* dbox: Resyncing (e.g. doveadm force-resync) no longer deletes
  dovecot.index.cache file. The cache file was rarely the problem
  so this just caused unnecessary slowness.
* Mailbox name limits changed during mailbox creation: Each part of
  a hierarchical name (e.g. "x" or "y" in "x/y") can now be up to 255
  chars long (instead of 200). This also reduces the max number of
  hierarchical levels to 16 (instead of 20) to keep the maximum name
  length 4096 (a common PATH_MAX limit). The 255 char limit is
  hopefully large enough for migrations from all existing systems.
  It's also the limit on many filesystems.

+ director: Added director_consistent_hashing setting to enable
  consistent hashing (instead of the mostly-random MD5 hashing).
  This causes fewer user moves between backends when backend counts
  are changed, which may improve performance (mainly due to caching).
+ director: Added support for "tags", which allows one director ring
  to serve multiple backend clusters with different sets of users.
+ LMTP server: Added lmtp_user_concurrency_limit setting to limit how
  many LMTP deliveries can be done concurrently for a single user.
+ LMTP server: Added support for STARTTLS command.
+ If logging data is generated faster than it can be written, log a
  warning about it and show information about it in log process's
  process title in ps output. Also don't allow a single service to
  flood too long at the cost of delaying other services' logging.
+ stats: Added support for getting global statistics.
+ stats: Use the same session IDs as the rest of Dovecot.
+ stats: Plugins can now create their own statistics fields
+ doveadm server: Non-mail related commands can now also be used
  via doveadm server (TCP socket).
+ doveadm proxying: passdb lookup can now override doveadm_port and
  change the username.
+ doveadm: Search query supports now "oldestonly" parameter to stop
  immediately on the first non-match. This can be used to optimize:
  doveadm expunge mailbox Trash savedbefore 30d oldestonly
+ doveadm: Added "save" command to directly save mails to specified
  mailbox (bypassing Sieve).
+ doveadm fetch: Added body.snippet field, which returns the first
  100 chars of a message without whitespace or HTML tags. The result
  is stored into dovecot.index.cache, so it can be fetched efficiently.
+ dsync: Added -t <timestamp> parameter to sync only mails newer than
  the given received-timestamp.
+ dsync: Added -F [-]<flag> parameter to sync only mails with[out] the
  given flag/keyword.
+ dsync: Added -a <mailbox> parameter to specify the virtual mailbox
  containing user's all mails. If this mailbox is already found to
  contain the wanted mail (by its GUID), the message is copied from
  there instead of being re-saved. (This isn't efficient enough yet
  for incremental replication.)
+ dsync: -m parameter can now specify \Special-use names for mailboxes.
+ imapc: Added imapc_features=gmail-migration to help migrations from
  GMail. See http://wiki2.dovecot.org/Migration/Gmail
+ imapc: Added imapc_features=search to support IMAP SEARCH command.
  (Currently requires ESEARCH support from remote server.)
+ expire plugin: Added expire_cache=yes setting to cache most of the
  database lookups in dovecot index files.
+ quota: If overquota-flag in userdb doesn't match the current quota
  usage, execute a configured script.
+ redis dict: Added support for expiring keys (:expire_secs=n) and
  specifying the database number (:db=n)
- auth: Don't crash if master user login is attempted without
  any configured master=yes passdbs
- Parsing UTF-8 text for mails could have caused broken results
  sometimes if buffering was split in the middle of a UTF-8 character.
  This affected at least searching messages.
- String sanitization for some logged output wasn't done properly:
  UTF-8 text could have been truncated wrongly or the truncation may
  not have happened at all.
- fts-lucene: Lookups from virtual mailbox consisting of over 32
  physical mailboxes could have caused crashes.

(adam)

Updated audio/fdk-aac to 0.1.4

(adam)

Changes 0.1.4:
- Updated upstream sources, with minor changes to the decoder API
  breaking the ABI. (Calling code using AUDIO_CHANNEL_TYPE may need to
  be updated. A new option AAC_PCM_LIMITER_ENABLE has been added, enabled
  by default, which incurs extra decoding delay.)
- PowerPC optimizations, fixes for building on AIX
- Support for reading streamed wav files in the encoder example
- Fix VBR encoding of sample rates over 64 kHz

(adam)

Updated net/cacti to 0.8.8c

(adam)

Changes 0.8.8c:

Important Security Fixes

CVE-2013-5588 - XSS issue via installer or device editing
CVE-2013-5589 - SQL injection vulnerability in device editing
CVE-2014-2326 - XSS issue via CDEF editing
CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability
CVE-2014-2328 - Remote Command Execution Vulnerability in graph export
CVE-2014-4002 - XSS issues in multiple files
CVE-2014-5025 - XSS issue via data source editing
CVE-2014-5026 - XSS issues in multiple files

Important Updates

New graph tree view
Updated graph list and graph preview
Refactor graph tree view to remove GPL incompatible code
Updated command line database upgrade utility
Graph zooming now from everywhere

(adam)

Updated www/py-django to 1.7.6

(adam)

Changes 1.7.6:
These releases address a security issue in the Django admin.
* Issue: XSS attack via properties in ModelAdmin.readonly_fields
* Advisory: HTML escaping when calling template filters from Python code

(adam)

Updated multimedia/ffmpeg2 to 2.6; devel/git to 2.3.2; www/py-django-cms to 3.0.12

(adam)

Changes 3.0.12:
Core support for multiple instances of the same apphook'ed application
The template tag `render_model_add` can now accept a model class as well as a  model instance
Fixes an issue with reverting to Live mode when moving plugins
Fixes a missing migration issue
Fixes an issue when using the PageField widget
Fixes an issue where duplicate page slugs is not prevented in some cases
Fixes an issue where copying a page didn't copy its extensions
Fixes an issue where translations where broken when operating on a page
Fixes an edge-case SQLite issue under Django 1.7
Fixes an issue where a confirmation dialog shows only some of the plugins to  be deleted when usingthe "Empty All" context-menu item
Fixes an issue where deprecated 'mimetype' was used instead of 'contenttype'
Fixes an issue where `cms check` erroneous displays warnings when a plugin  uses class inheritance
Documentation updates

(adam)

Changes 2.3.1:

* "update-index --refresh" used to leak when an entry cannot be
  refreshed for whatever reason.

* "git fast-import" used to crash when it could not close and
  conclude the resulting packfile cleanly.

* "git blame" died, trying to free an uninitialized piece of memory.

* "git merge-file" did not work correctly in a subdirectory.

* "git submodule add" failed to squash "path/to/././submodule" to
  "path/to/submodule".

* In v2.2.0, we broke "git prune" that runs in a repository that
  borrows from an alternate object store.

* Certain older vintages of cURL give irregular output from
  "curl-config --vernum", which confused our build system.

* An earlier workaround to squelch unhelpful deprecation warnings
  from the complier on Mac OSX unnecessarily set minimum required
  version of the OS, which the user might want to raise (or lower)
  for other reasons.

* Longstanding configuration variable naming rules has been added to
  the documentation.

* The credential helper for Windows (in contrib/) used to mishandle
  a user name with an at-sign in it.

* Older GnuPG implementations may not correctly import the keyring
  material we prepare for the tests to use.

* Clarify in the documentation that "remote.<nick>.pushURL" and
  "remote.<nick>.URL" are there to name the same repository accessed
  via different transports, not two separate repositories.

* The pack bitmap support did not build with older versions of GCC.

* Reading configuration from a blob object, when it ends with a lone
  CR, use to confuse the configuration parser.

* We didn't format an integer that wouldn't fit in "int" but in
  "uintmax_t" correctly.

* "git push --signed" gave an incorrectly worded error message when
  the other side did not support the capability.

* "git fetch" over a remote-helper that cannot respond to "list"
  command could not fetch from a symbolic reference e.g. HEAD.

* The insn sheet "git rebase -i" creates did not fully honor
  core.abbrev settings.

* The tests that wanted to see that file becomes unreadable after
  running "chmod a-r file", and the tests that wanted to make sure it
  is not run as root, we used "can we write into the / directory?" as
  a cheap substitute, but on some platforms that is not a good
  heuristics.  The tests and their prerequisites have been updated to
  check what they really require.

* The configuration variable 'mailinfo.scissors' was hard to
  discover in the documentation.

* Correct a breakage to git-svn around v2.2 era that triggers
  premature closing of FileHandle.

* Even though we officially haven't dropped Perl 5.8 support, the
  Getopt::Long package that came with it does not support "--no-"
  prefix to negate a boolean option; manually add support to help
  people with older Getopt::Long package.

(adam)

Changes 2.6:
- nvenc encoder
- 10bit spp filter
- colorlevels filter
- RIFX format for *.wav files
- RTP/mpegts muxer
- non continuous cache protocol support
- tblend filter
- cropdetect support for non 8bpp, absolute (if limit >= 1) and relative (if limit < 1.0) threshold
- Camellia symmetric block cipher
- OpenH264 encoder wrapper
- VOC seeking support
- Closed caption Decoder
- fspp, uspp, pp7 MPlayer postprocessing filters ported to native filters
- showpalette filter
- Twofish symmetric block cipher
- Support DNx100 (960x720@8)
- eq2 filter ported from libmpcodecs as eq filter
- removed libmpcodecs
- Changed default DNxHD colour range in QuickTime .mov derivatives to mpeg range
- ported softpulldown filter from libmpcodecs as repeatfields filter
- dcshift filter
- RTP depacketizer for loss tolerant payload format for MP3 audio (RFC 5219)
- RTP depacketizer for AC3 payload format (RFC 4184)
- palettegen and paletteuse filters
- VP9 RTP payload format (draft 0) experimental depacketizer
- RTP depacketizer for DV (RFC 6469)
- DXVA2-accelerated HEVC decoding
- AAC ELD 480 decoding
- Intel QSV-accelerated H.264 decoding
- DSS SP decoder and DSS demuxer
- Fix stsd atom corruption in DNxHD QuickTimes
- Canopus HQX decoder
- RTP depacketization of T.140 text (RFC 4103)
- VP9 RTP payload format (draft 0) experimental depacketizer
- Port MIPS optimizations to 64-bit

(adam)

Updated databases/sqlite3 to 3.8.8.3

(adam)

Changes 3.8.8.3:
Fix a bug (ticket 2326c258d02ead33) that can lead to incorrect results if the qualifying constraint of a partial index appears in the ON clause of a LEFT JOIN.
Added the ability to link against the "linenoise" command-line editing library in unix builds of the command-line shell.

(adam)

Updated archivers/xz to 5.2.1; graphics/GraphicsMagick to 1.3.21

(adam)

Changes 1.3.21:

Security Fixes:
---------------
Annotate: Some requestable text-subsitution attributes caused a crash.
All formats: Image dimensions are checked to assure that they are within limits before proceeding to read the image.
BMP: Fix hang (endless loop) for certain files.
DCM: Fix crash as well as small heap over-write.
DPX: Fix crash due to DPX file reporting more elements than it has.
MNG: Validate MHDR chunk length to avoid huge memory allocation and DOS.
PCX: Fix for CVE-2014-8355. Validate file header in order to avoid buffer overun later.
PDB: Detect arithmetic overflows when calculating buffer sizes. Fix crash in writer when image width is not even multiple of 16. Fix buffer overrun with 2 and 4-bit PDB image files.
PNM: Validate PGM, PPM, and PAM header MaxValue parameter to avoid crash on poorly-formed input.
PNG: Impose a 10-million limit on dimensions when reading a PNG file to avoid denial of service.
PSD: Avoid problems caused by huge PSD colormap size.
PSD: Fix small stack over-write if more than 99 layers are written to PSD format.
PSD: Returns immediately if pixel limit was exceeded.
RLE: URT RLE reader is now more robust with errant files.
SUN: Header validation is now made fully robust, and arithmetic overflows in buffer-size calculations are detected to avoid heap overwrite.
TIFF: Fix crashes for photometrics which may delivery one or three samples per pixel (was assuming always three).
VIFF: Fixes to prevent buffer overflow. Validate colormap indexes.
Windows delegates: Fix unexpected argument splitting when invoking an external delegate program via delegates.mgk.
WPG: Fix use of NULL pointers. Fix buffer overflows.
XPM: Detect truncated row and quit with error rather than over-running a buffer.
XWD: Improve header validation. Added to UnstableCoderClass since the reader for this format should not be entrusted with untrustworthy input.

Bug fixes:
----------
CIN: Fix problem with text attribute values which are not NULL terminated. Validate sizes claimed by Cineon header.
Coverity: Fixes for many issues detected by Coverity scan (see ChangeLog).
DPX: Fix problem with text attribute values which are not NULL terminated.
DPX: Fix severe corruption of little-endian 32-bit packed output. Corruption was severe enough that it would have been noticed immediately.
Delegates: Fix possible memory leaks when invoking external application.
FITS: Properly validate values provided by file header.
GIF: Fix use of uninitialized data.
JBIG: Fix memory leaks.
JNG: Fix double-free error in error path.
JPEG: Verify the number of output components before attempting to decode the image.
Magick++: Image resolutionUnits() was not always returning correct value.
Magick++: Locking has not been working properly since the code was written in 1998. Apparently the issue has not been significant enough to cause run-time issues.
ICO: Windows icon reader is now much more robust.
MIFF: Reader now quits with an error if zip or bzip2 stream is corrupted.
MAT: Fix memory leaks.
PALM: Reader now reads various input formats (up to version 2) correctly whereas it was crashing or otherwise malfunctioning before. More work remains, particularly in the writer.
PCX: Eliminate memory leaks in error paths.
PDB: In PDB writer, void possible under-allocation due to arthimetic overflow when allocating packets.
PICT: Fix PICT reader crash with corrupted file.
PNG: Fix double-free error in error path.
PNG: Fixed handling of transparency when writing indexed PNG.
PNG: Avoid reading beyond the end of a tEXt keyword.
PSD: Fix error when reading PSDs files which have no layers.
RLA: Fix possible crash due to file header.
Signal Handling: Signal handling is now more robust and handles SIGSEGV and other critical signals. The sole purpose of the default signal handling is to remove any temporary files and quit. An informative message is printed for signals other than SIGINT.
SUN: Sun raster reader was not completely robust. Now it is.
SWF: Fix pixel cache access errors in 'ping' mode.
Text annotation: An empty text string is no longer treated as an error.
Text annotation: Fix regression added in 1.3.19 which caused spurious drawing errors to be produced while rendering with text when all of the text is off the left-hand side of the image.
TIFF: Fix unreliable reading JBIG compressed files by forcing use of strip reader rather than sometimes using scanline reader (which libtiff's JBIG codec does not support).
TIFF: Fix reading or writing planar min-is-white or min-is-black images with an associated alpha channel.
WebP: WebP writer now writes truely lossless output when requested.
identify / GetImageStatistics(): Failed to compute statistics for the Black channel of CMYK image files.
VICAR: Fix problem with continuing to "read" data when there is no more data left to read.
WMF: Fix memory leaks.
WPG: Fix potential DOS due to long reads during an error condition.
XPM: Avoid strncpy() of overlapping memory. Fixed memory leaks in error paths. Fixed bad memory access caused by empty file.

New Features:
-------------
compose: Supports composite operator names similar to the major *Magick brand, without losing any any compatibility with previous naming.
ICO: Windows ICO reader now supports reading PNG-encoded files.
Magick++ Geometry: New methods limitPixels() and fillArea() to support '@' and '^' geometry qualifiers. This enancement breaks the ABI due to previous use of inline methods and no place to put the new flags.
Magick++ Image::extent(): New method to place image on sized canvas of constant color using gravity.
Magick++ Image::formatExpression(): New method format a string based on a format similar to command-line -format.
Magick++ Image::resize(): New method to resize image specifying geometry, filter, and blur.
Magick++ STL extentImage: New New function object to invoke image extent method.
Magick++ Image::quiet(). New method which blocks (ignores) warning exceptions when passed a 'true' argument.
Resource limits: Added support for image Width and Height limits. Default image Width and Height limits are based on the range of a 32-bit signed integer, even for 64-bit builds which may have sufficient numeric range to image an entire galaxy. Limits may be increased as desired.
TIFF: Use define tiff:ignore-tags to ignore tags in 'corrupted' files with unknown and invalid tags. Use to read TIFF files which otherwise can not be read due to errors.
TIFF: Use '-define tiff:report-warnings=true' to enable that warnings reported by libtiff are thrown as warning exceptions so that they may be caught or will be reported at the gm command-line.
Windows Exceptions: A handler is registered (due to calling InitializeMagick()) to capture Windows Exceptions in a similar manner to the existing POSIX signal handler. If an application is using the library and wants to provide it own Windows exception handling, then it should make any changes after invoking InitializeMagick().

Windows Delegate Updates/Additions:
-----------------------------------
PNG: Update bundled libpng to 1.6.16. Resolves known security issues.
FreeType: Update bundled Freetype to 2.5.4. Resolves known security issues.
WebP: Update bundled WebP to 0.4.2 release.
WebP is auto-linked in Visual Studio.
Build Changes:

WebP is not included in the build when building with Visual Studio 6 (1998 vintage compiler!) since it requires more modern C.

Behavior Changes:
-----------------
AVI: Support for this format is removed since the implementation was worthless.
TIFF: Now uses YCbCr encoding when JPEG compression is requested for an RGB image.

(adam)

Changes 5.2.1:
* Fixed a compression-ratio regression in fast mode of LZMA1 and
  LZMA2. The bug is present in 5.1.4beta and 5.2.0 releases.
* Fixed a portability problem in xz that affected at least OpenBSD.
* Fixed xzdiff to be compatible with FreeBSD's mktemp which differs
  from most other mktemp implementations.
* Changed CPU core count detection to use cpuset_getaffinity() on
  FreeBSD.

(adam)

Updated multimedia/mpv to 0.8.2

(adam)

Changes 0.8.2:
Fix OSD placement accidentally messed up in 0.8.1.

(adam)

Updated lang/python34 to 3.4.3; www/py-django to 1.7.5

(adam)

Changes 1.7.5:
Bugfixes:
* Reverted a fix that prevented a migration crash when unapplying contrib.contenttypes窶冱 or contrib.auth窶冱 first migration (24075) due to severe impact on the test performance (24251) and problems in multi-database setups (24298).
* Fixed a regression that prevented custom fields inheriting from ManyToManyField from being recognized in migrations (24236).
* Fixed crash in contrib.sites migrations when a default database isn窶冲 used (24332).
* Added the ability to set the isolation level on PostgreSQL with psycopg2 竕･ 2.4.2 (24318). It was advertised as a new feature in Django 1.6 but it didn窶冲 work in practice.
* Formats for the Azerbaijani locale (az) have been added.

(adam)

Python 3.4.3 has many bugfixes and other small improvements over 3.4.2.

Issue 6639: Module-level turtle functions no longer raise TclError after closing the window.
Issues 814253, 9179: Warnings now are raised when group references and conditional group references are used in lookbehind assertions in regular expressions.
Issue 23215: Multibyte codecs with custom error handlers that ignores errors consumed too much memory and raised SystemError or MemoryError. Original patch by Aleksi Torhamo.
Issue 5700: io.FileIO() called flush() after closing the file. flush() was not called in close() if closefd=False.
Issue 23374: Fixed pydoc failure with non-ASCII files when stdout encoding differs from file system encoding (e.g. on Mac OS).
Issue 23481: Remove RC4 from the SSL module窶冱 default cipher list.
Issue 21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty docstrings.
Issue 22885: Fixed arbitrary code execution vulnerability in the dbm.dumb module. Original patch by Claudiu Popa.
Issue 23146: Fix mishandling of absolute Windows paths with forward slashes in pathlib.
Issue 23421: Fixed compression in tarfile CLI. Patch by wdv4758h.
Issue 23361: Fix possible overflow in Windows subprocess creation code.

(adam)

Updated www/squidanalyzer to 6.2.1

(adam)

Changes 6.2.1:
This release adds support to common or combined squid log format and a new
Italian translation file. There's also a new configuration directive UserReport
to be able to remove any user related reports, statistics about URL and domains
will remain. The second new directive is ExcludedCodes to be able to exclude
some log entries following the TCP code returned.

(adam)

Fix buidlinking when libvpx option is not turned on

(adam)

Added darwin13 targets

(adam)

Updated www/py-django-cms to 3.0.10

(adam)

Changes 3.0.10:
Improved Py3 compatibility
Improved the behavior when changing the operator's language
Numerous documentation updates
Revert a change that caused an issue with saving plugins in some browsers
Fix an issue where urls were not refreshed when a page slug changes
Fix an issue with FR translations
Fixed an issue preventing the correct rendering of custom contextual menu items for plugins
Fixed an issue relating to recovering deleted pages
Fixed an issue that caused the uncached placeholder tag to display cached content
Fixed an issue where extra slashed would appear in apphooked URLs when APPEND_SLASH=False
Fixed issues relating to the logout function

(adam)

Updated mail/roundcube to 1.1.0

(adam)

Changes 1.1.0:
Allow searching across multiple folders
Improved support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
Added namespace filter and folder searching in folder manager
New config option to disable UI elements/actions
Stronger password encryption using OpenSSL
Support for the IMAP SPECIAL-USE extension
Support for Oracle as database backend
Manage 3rd party libs with Composer

(adam)

Changes 2.5.4:
* avfilter/dctdnoiz: fix slice_h computation
* x86/lossless_audiodsp: fix compilation with --disable-yasm
* avutil/opencl: don't include config.h
* x86/swr: add missing alignment check to pack_6ch functions

(adam)

Updated databases/postgresql91 to 9.1.15; databases/postgresql90 to 9.0.19

(adam)

Updated databases/postgresql91 to 9.1.15; databases/postgresql90 to 9.0.19

(adam)

Changes 9.0.19:
Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

JSON and JSONB Unicode Escapes

Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.

(adam)

Changes 9.1.15:
Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

JSON and JSONB Unicode Escapes

Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.

(adam)

Updated mail/exim to 4.85; databases/postgresql93 to 9.3.6; databases/postgresql92 to 9.2.10

(adam)

Changes 9.2.10:
Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

JSON and JSONB Unicode Escapes

Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.

(adam)

Changes 9.3.6:
Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

JSON and JSONB Unicode Escapes

Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.

(adam)

Exim version 4.85
-----------------
TL/01 When running the test suite, the README says that variables such as
      no_msglog_check are global and can be placed anywhere in a specific
      test's script, however it was observed that placement needed to be near
      the beginning for it to behave that way. Changed the runtest perl
      script to read through the entire script once to detect and set these
      variables, reset to the beginning of the script, and then run through
      the script parsing/test process like normal.

TL/02 The BSD's have an arc4random API. One of the functions to induce
      adding randomness was arc4random_stir(), but it has been removed in
      OpenBSD 5.5. Detect this OpenBSD version and skip calling this
      function when detected.

JH/01 Expand the EXPERIMENTAL_TPDA feature.  Several different events now
      cause callback expansion.

TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
      syntax errors in an expansion can be treated as a string instead of
      logging or causing an error, due to the internal use of bool_lax
      instead of bool when processing it.

JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
      server certificates when making smtp deliveries.

JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.

JH/04 Add ${sort {list}{condition}{extractor}} expansion item.

TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.

TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
      Merged patch from Sebastian Wiedenroth.

JH/05 Fix results-pipe from transport process.  Several recipients, combined
      with certificate use, exposed issues where response data items split
      over buffer boundaries were not parsed properly.  This eventually
      resulted in duplicates being sent.  This issue only became common enough
      to notice due to the introduction of conection certificate information,
      the item size being so much larger.  Found and fixed by Wolfgang Breyha.

JH/06 Bug 1533: Fix truncation of items in headers_remove lists.  A fixed
      size buffer was used, resulting in syntax errors when an expansion
      exceeded it.

JH/07 Add support for directories of certificates when compiled with a GnuTLS
      version 3.3.6 or later.

JH/08 Rename the TPDA expermimental facility to Event Actions.  The #ifdef
      is EXPERIMENTAL_EVENT, the main-configuration and transport options
      both become "event_action", the variables become $event_name, $event_data
      and $event_defer_errno.  There is a new variable $verify_mode, usable in
      routers, transports and related events.  The tls:cert event is now also
      raised for inbound connections, if the main configuration event_action
      option is defined.

TL/06 In test suite, disable OCSP for old versions of openssl which contained
      early OCSP support, but no stapling (appears to be less than 1.0.0).

JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
      server certificate names available under the smtp transport option
      "tls_verify_cert_hostname" now do not permit multi-component wildcard
      matches.

JH/10 Time-related extraction expansions from certificates now use the main
      option "timezone" setting for output formatting, and are consistent
      between OpenSSL and GnuTLS compilations.  Bug 1541.

JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
      encoded parameter in the incoming message.  Bug 1558.

JH/12 Bug 1527: Autogrow buffer used in reading spool files.  Since they now
      include certificate info, eximon was claiming there were spoolfile
      syntax errors.

JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.

JH/14 Log delivery-related information more consistently, using the sequence
      "H=<name> [<ip>]" wherever possible.

TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
      are problematic for Debian distribution, omit them from the release
      tarball.

JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.

JH/16 Fix string representation of time values on 64bit time_t anchitectures.
      Bug 1561.

JH/17 Fix a null-indirection in certextract expansions when a nondefault
      output list separator was used.

(adam)

Updated www/py-mod_wsgi to 4.4.8

(adam)

Changes 4.4.8:

Bugs Fixed

1. The eviction timeout was not being correctly applied when request timeout wasn窶冲 being applied at the same time. It may have partly worked if any of inactivity or graceful timeout were also specified, but the application of the timeout may still have been delayed.

New Features

1. Added the --error-log-name option to mod_wsgi-express to allow the name of the file used for the error log, when being written to the log directory, to be overridden.

2. Added the --access-log-name option to mod_wsgi-express to allow the name of the file used for the access log, when being written to the log directory, to be overridden.

3. Added the --startup-log-name option to mod_wsgi-express to allow the name of the file used for the startup log, when being written to the log directory, to be overridden.

(adam)

Changes 3.1.3:
Do not call setlocale() globally in CMake applications
Add setlocale() calls around use of libarchive APIs
Makefile: Fix regression in target-bound custom command COMMENT output

(adam)

Updated security/openssl to 1.0.2

(adam)

Changes 1.0.2:
Suite B support for TLS 1.2 and DTLS 1.2
Support for DTLS 1.2
TLS automatic EC curve selection.
API to set TLS supported signature algorithms and curves
SSL_CONF configuration API.
TLS Brainpool support.
ALPN support.
CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

(adam)

Changes 9.4.1:

Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

JSON and JSONB Unicode Escapes

Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.

(adam)

Updated multimedia/x265 to 1.5

(adam)

Changes 1.5:
search: use chroma reconQt buffer instead of recon picture (not yet updated)
This fixes non-determinism when psy-rd is enabled

(adam)

openssl option also requires --enable-nonfree

(adam)

Updated net/miniupnpd to 1.9.20141209

(adam)

Changes 1.9.20141209:
fix upnp_add_inboundpinhole() : check inet_pton() return
fix upnp_redirect() : check inet_aton() return
fix potential memory corruption in upnpsoap.c/GetListOfPortMappings()
fix buffer overrun in ParseHttpHeaders() if Content-Length doesn't contain any digit !
check if BuildHeader_upnphttp() failed to allocate memory

(adam)

Added gnutls and opeenssl as options

(adam)

Updated graphics/freetype2 to 2.5.5; multimedia/libass to 0.12.1; security/gnutls to 3.2.21

(adam)

Changes 3.2.21:
** libgnutls: Corrected regression introduced in 3.2.19 related to
session renegotiation. Reported by Dan Winship.
** libgnutls: Corrected parsing issue with OCSP responses.
** API and ABI modifications:
No changes since last version.

(adam)

Changes 0.12.1:
* Make ASS drawings with an extremely high number of control points work
  This change increases compatibility with VSFilter.
* Bugfixes
  * Fix a crash when using newer harfbuzz versions
  * Load embedded memory fonts correctly
  * Large shadow offsets rendered incorrectly
  * Fix incorrect closing of last drawing contour
  * Fix issues with undefined behavior in shifts
  * Lots of of malloc() error checking

(adam)

FreeType 2.5.5 has been released. This is a minor bug fix release: All users of PCF fonts should update, since version 2.5.4 introduced a bug that prevented reading of such font files if not compressed.

(adam)

Updated emulators/wine-devel to 1.7.36

(adam)

Changes 1.7.36:
Some preliminary 64-bit support for Mac OS X.
Support for configuring speakers in Winecfg.
Improved support for Mac OS X Trash folder.
Support for typographic features in DirectWrite.
Various bug fixes.

(adam)

Updated devel/git to 2.3.0

(adam)

Changes 2.3.0:
This one ended up to be a release with lots of small corrections and
improvements without big uncomfortably exciting features.  The recent
security fix that went to 2.2.1 and older maintenance tracks is also
contained in this update.

(adam)

Updated databases/mysql56 to 5.6.23

(adam)

Changes 5.6.23:
* The linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1j to version 1.0.1k.
* Support for the SSL 2.0 and SSL 3.0 protocols has been disabled because they provide weak encryption.
* yaSSL was upgraded to version 2.3.7.
* The valid date range of the SSL certificates in mysql-test/std_data has been extended to the year 2029.
* Bugs Fixed

(adam)

Updated databases/mysql55 to 5.5.42

(adam)

Changes 5.5.42:
* Support for the SSL 2.0 and SSL 3.0 protocols has been disabled because they provide weak encryption.
* yaSSL was upgraded to version 2.3.7.
* The valid date range of the SSL certificates in mysql-test/std_data has been extended to the year 2029.
* Bugs Fixed

(adam)

Updated devel/cmake to 3.1.2

(adam)

Changes 3.1.2:
* install: Fix regression in default configuration selection
* CPack: Fix packaging of source tarballs with symbolic links
* KWSys Directory: Check opendir return value before using it
* Help: Clarify status of link_libraries command
* Normalize OBJECT_DEPENDS paths to match custom commands
* MSVC: Fix initialization of RelWithDebInfo shared library link flags
* FeatureSummary: Fix bracket in documentation.
* FindOpenSSL: fix detection of OpenSSL 1.0.2
* ctest_build: Update GNU make error message matching

(adam)

Updated graphics/inkscape to 0.91

(adam)

Changes 0.91:
Cairo rendering for display and PNG export
OpenMP multithreading for all filters
C++ code conversion
Major improvements in the Text tool
Measure tool
Type design features
Symbol library and support for Visio stencils
Cross platform WMF and EMF import and export
Improved support for Corel DRAW documents, Visio importer
Support for real world document and page size units, e.g. millimeters
Numerous usability improvements
Native Windows 64-bit build

(adam)

Work-around NetBSD's native iconv lacking support for WCHAR_T.
See also PR 39765.
Need for graphics/inkscape 0.91.

(adam)

Updated databases/sqlite3-{docs,tcl} to 3.8.8.2

(adam)

Changes 3.8.8.2:
* Enhance sqlite3_wal_checkpoint_v2(TRUNCATE) interface so that it truncates the WAL file even if there is no checkpoint work to be done.

(adam)

Updated www/apache24 to 2.4.12

(adam)

Changes 2.4.12:

* CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K.
* CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924.
* CVE-2014-8109 mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments.
* CVE-2013-5704 core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior.

* Proxy FGI and websockets improvements
* Proxy capability via handler
* Finer control over scoping of RewriteRules
* Unix Domain Socket (UDS) support for mod_proxy backends.
* Support for larger shared memory sizes for mod_socache_shmcb
* mod_lua and mod_ssl enhancements
* Support named groups and backreferences within the LocationMatch, DirectoryMatch, FilesMatch and ProxyMatch directives.

(adam)

cppunit is required afer all

(adam)

Fixed buildlinking; disabled documentation building as in other libraries.

(adam)

Updated converters/librevenge to 0.0.2

(adam)

Fixed buildlinking

(adam)

Long double math is available on OS X 10.10 Yosemite

(adam)

Changes 0.0.2:
- Better handling of invalid input in RVNGDirectoryStream functions.
- Add documentation for RVNGDirectoryStream.
- Add text:outline-level to allowed paragraph properties. This is to allow
  import libraries to handle headings properly.
- Properly handle units in all generators, instead of expecting everything is
  in inches.
- Implement open/closeGroup for RVNGSVGDrawingGenerator.
- Improve handling of layers in RVNGSVGPresentationGenerator.
- Handle master pages in RVNGSVGDrawingGenerator and
  RVNGSVGPresentationGenerator.
- Simple handling of tables in RVNGSVGDrawingGenerator and
  RVNGSVGPresentationGenerator: just create a text box for each cell.
- Fix return value of RVNGStringStream::seek when seeking to end.
- Fix some warnings found by Coverity.
- Use symbol visibility on Linux. The library only exports public functions
  now.
- Fix several crashes or hangs when reading broken OLE2 or Zip files, found
  with the help of american-fuzzy-lop.
- Add fo:language, fo:country and fo:script to allowed span properties.
- Handle headings in RVNGHTMLTextGenerator.

(adam)

Fixed CONFIGURE_ARGS

(adam)

Updated multimedia/libbluray to 0.7.0; multimedia/libaacs to 0.8.0; multimedia/libbdplus to 0.1.2

(adam)

Changes 0.1.2:
- Add support for unmounted discs
- Fix use after free

(adam)

Changes 0.8.0:
- Add improved file system interface
- Support opening raw devices
- Reduce log level of failed PMSN query
- Optimizations

(adam)

Changes 0.7.0:
- Add player setting for BD-J persistent storage and cache paths.
- Add support for system fonts. BD-J fonts in jre/lib/fonts/ are not required anymore.
- Add BD-J organization ID and disc ID to BLURAY_DISC_INFO.
- Release still mode when BD-J terminates.
- Implement BD-J caching.
- Improve BD-J compability.
- Java 8 compability fixes.
- Fix storage size for bdjo object reference in BLURAY_DISC_INFO.
- Fix BD-J on-disc font usage.
- Fix animations in some BD-J menus.
- Fix BD-J storage path charset issues in Windows.

(adam)

Updated multimedia/libdvdcss to 1.3.99; multimedia/libdvdread to 5.0.2; multimedia/libdvdnav to 5.0.3

(adam)

Changes 5.0.3:
* added dvdnav_open_stream to read from external read/seek callbacks
* fixed reading DVD label regression

(adam)

Changes 5.0.2:
* Add DVDOpenStream to open a dvd from a set of callbacks

(adam)

Changes 1.3.99:
* Drop support for HP-UX.
* Drop support for Windows 9x and Windows NT.
  Windows 2000 is now required.
* Replace BeOS support by Haiku support.
* Add dvdcss_open_stream() to public API. This allows installing custom
  callback functions for accessing DVD, e.g. over the network.
* dvdcss_error() now returns "const char *" instad of "char *".
* Drop support for MSVC versions before 2010.
* Raw device access now errors out if the device cannot be opened.
* Miscellaneous cleanups to code, documentation, build system.

(adam)

Updated lang/clang to 3.5.1

(adam)

Changes 3.5.1:
All backends have been changed to use the MC asm printer and support for the non MC one has been removed.
Clang can now successfully self-host itself on Linux/Sparc64 and on FreeBSD/Sparc64.
LLVM now assumes the assembler supports .loc for generating debug line numbers. The old support for printing the debug line info directly was only used by llc and has been removed.
All inline assembly is parsed by the integrated assembler when it is enabled. Previously this was only the case for object-file output. It is now the case for assembly output as well. The integrated assembler can be disabled with the -no-integrated-as option.
llvm-ar now handles IR files like regular object files. In particular, a regular symbol table is created for symbols defined in IR files, including those in file scope inline assembly.
LLVM now always uses cfi directives for producing most stack unwinding information.
The prefix for loop vectorizer hint metadata has been changed from llvm.vectorizer to llvm.loop.vectorize. In addition, llvm.vectorizer.unroll metadata has been renamed llvm.loop.interleave.count.
Some backends previously implemented Atomic NAND(x,y) as x & ~y. Now all backends implement it as ~(x & y), matching the semantics of GCC 4.4 and later.

(adam)

Updated textproc/iso-codes to 3.57

(adam)

Changes 3.57:
  [ ISO 639-3 translations ]
  * Polish by Jakub Bogusz (TP)

  [ ISO 639-5 translations ]
  * Polish by Jakub Bogusz (TP)

  [ ISO 3166-2 translations ]
  * Danish by Joe Hansen (TP)

(adam)

Updated www/py-django to 1.7.4; www/py-django14 to 1.4.19

(adam)

Changes 1.7.4:
* Fixed a migration crash when unapplying contrib.contenttypes窶冱 or contrib.auth窶冱 first migration.
* Made the migration窶冱 RenameModel operation rename ManyToManyField tables.
* Fixed a migration crash on MySQL when migrating from a OneToOneField to a ForeignKey.
* Prevented the static.serve view from producing ResourceWarnings in certain circumstances.
* Fixed schema check for ManyToManyField to look for internal type instead of checking class instance, so you can write custom m2m-like fields with the same behaviour.

(adam)

Changes 1.4.19:
* GZipMiddleware now supports streaming responses. As part of the 1.4.18 security release, the django.views.static.serve() function was altered to stream the files it serves. Unfortunately, the GZipMiddleware consumed the stream prematurely and prevented files from being served properly.

(adam)

Fix PLIST for gtk3 quartz-backend

(adam)

Added www/py-mod_wsgi-metrics; Added www/py-mod_wsgi; Removed www/ap2-wsgi successor www/py-mod_wsgi

(adam)

Added www/py-mod_wsgi-metrics; Added py-mod_wsgi; Removed www/ap2-wsgi successor www/py-mod_wsgi

(adam)

Removed www/ap2-wsgi successor www/py-mod_wsgi

(adam)

The mod_wsgi-metrics package is an add on package for Apache/mod_wsgi. It generates metric information about the run time performance of Apache and mod_wsgi. At least mod_wsgi version 4.2.0 is required.

(adam)

The mod_wsgi package provides an Apache module that implements a WSGI compliant interface for hosting Python based web applications on top of the Apache web server.

(adam)

Better PLIST processing; won't fail if built as a dependency.

(adam)

Fixed building on Darwin; fixed running on NetBSD; fixed PLIST

(adam)

Fix building with -flto; do not force optimisation compiler flags

(adam)

Updated www/squid3 to 3.5.1

(adam)

Changes 3.5.1:
Support libecap v1.0
Authentication helper query extensions
Support named services
Upgraded squidclient tool
Helper support for concurrency channels
Native FTP Relay
Receive PROXY protocol, Versions 1 & 2
Basic authentication MSNT helper changes

(adam)

Updated databases/sqlite3 to 3.8.8.1

(adam)

Changes 3.8.8.1:
* Fix a bug in the sorting logic, present since version 3.8.4, that can cause output to appear in the wrong order on queries that contains an ORDER BY clause, a LIMIT clause, and that have approximately 60 or more columns in the result set.

(adam)

Fix building with libarchive v3; cosmetics

(adam)

Updated devel/git to 2.2.2

(adam)

Changes 2.2.2:
* "git checkout $treeish $path", when $path in the index and the
  working tree already matched what is in $treeish at the $path,
  still overwrote the $path unnecessarily.
* "git config --get-color" did not parse its command line arguments
  carefully.
* open() emulated on Windows platforms did not give EISDIR upon
  an attempt to open a directory for writing.
* A few code paths used abs() when they should have used labs() on
  long integers.
* "gitweb" used to depend on a behaviour recent CGI.pm deprecated.
* "git init" (hence "git clone") initialized the per-repository
  configuration file .git/config with x-bit by mistake.
* Git 2.0 was supposed to make the "simple" mode for the default of
  "git push", but it didn't.
* "Everyday" document had a broken link.
* The build procedure did not bother fixing perl and python scripts
  when NO_PERL and NO_PYTHON build-time configuration changed.
* The code that reads the reflog from the newer to the older entries
  did not handle an entry that crosses a boundary of block it uses to
  read them correctly.
* "git apply" was described in the documentation to take --ignore-date
  option, which it does not.
* Traditionally we tried to avoid interpreting date strings given by
  the user as future dates, e.g. GIT_COMMITTER_DATE=2014-12-10 when
  used early November 2014 was taken as "October 12, 2014" because it
  is likely that a date in the future, December 10, is a mistake.
  This heuristics has been loosened to allow people to express future
  dates (most notably, --until=<date> may want to be far in the
  future) and we no longer tiebreak by future-ness of the date when
  (1) ISO-like format is used, and
  (2) the string can make sense interpreted as both y-m-d and y-d-m.
  Git may still have to use the heuristics to tiebreak between dd/mm/yy
  and mm/dd/yy, though.
* The code to abbreviate an object name to its short unique prefix
  has been optimized when no abbreviation was requested.
* "git add --ignore-errors ..." did not ignore an error to
  give a file that did not exist.
* Git did not correctly read an overlong refname from a packed refs
  file.
Also contains typofixes, documentation updates and trivial code clean-ups.

(adam)

Updated archivers/ruby-libarchive to 0.1.2

(adam)

Changes 0.1.2:
Unknown

(adam)

Updated archivers/libarchive to 3.1.2; archivers/bsdtar to 3.1.2; devel/cmake to 3.1.0

(adam)

Changes 3.1.0:
* Windows Phone and Windows Store support has been added to  Visual Studio 11
  (2012) and above Generators.
* NVIDIA Nsight Tegra support has been added to  Visual Studio 10 (2010) and
  above Generators.
* New "target_compile_features" command allows populating target based compile
  features. CMake uses this information to ensure that the compiler in use is
  capable of building the target, and to add any necessary compile flags
  such as -std=gnu++11 to support language features.
  More information on this is found at:
  - http://www.cmake.org/cmake/help/v3.1/manual/cmake-compile-features.7.html
* The syntax for *Variable References* and *Escape Sequences* was simplified in
  order to allow a much faster implementation. See policy "CMP0053".
* The "if" command no longer automatically dereferences variables named in
  quoted or bracket arguments.  See policy "CMP0054".
* The target property "SOURCES" now generally supports "Generator Expressions".
  The generator expressions may be used in the "add_library" and
  "add_executable" commands.
* It is now possible to write and append to the target property "SOURCES".
  The variable "CMAKE_DEBUG_TARGET_PROPERTIES" can be used to trace the
  origin of sources.
* CPack gained "7Z" and "TXZ" generators supporting lzma-compressed archives.
* The ExternalProject module has learned to support lzma-compressed
  source tarballs with ".7z", ".tar.xz", and ".txz" extensions.
* The ExternalProject module ExternalProject_Add command learned a new
  BUILD_ALWAYS option to cause the external project build step to run every
  time the host project is built.
* The ctest_coverage command learned to support Intel coverage files with the
  "codecov" tool.
* The ctest_memcheck command learned to support sanitizer modes, including
  "AddressSanitizer", "MemorySanitizer", "ThreadSanitizer", and
  "UndefinedBehaviorSanitizer".

(adam)

Removed extra files

(adam)

Changes 3.1.2:
This is a maintenance update to fix issues with the new RAR seeking
feature. This new release also contains fixes for build failures when
building libarchive using Visual Studio 2012 and MinGW.

(adam)

Fix buidling when IPF is turned on

(adam)

Fix years

(adam)

Updated databases/sqlite3 to 3.8.8

(adam)

Changes 3.8.8:

New Features:
* Added the PRAGMA data_version command that can be used to determine if a database file has been modified by another process.
* Added the SQLITE_CHECKPOINT_TRUNCATE option to the sqlite3_wal_checkpoint_v2() interface, with corresponding enhancements to PRAGMA wal_checkpoint.
* Added the sqlite3_stmt_scanstatus() interface, available only when compiled with SQLITE_ENABLE_STMT_SCANSTATUS.
* The sqlite3_table_column_metadata() is enhanced to work correctly on WITHOUT ROWID tables and to check for the existence of a a table if the column name parameter is NULL. The interface is now also included in the build by default, without requiring the SQLITE_ENABLE_COLUMN_METADATA compile-time option.
* Added the SQLITE_ENABLE_API_ARMOR compile-time option.
* Added the SQLITE_REVERSE_UNORDERED_SELECTS compile-time option.
* Added the SQLITE_SORTER_PMASZ compile-time option and SQLITE_CONFIG_PMASZ start-time option.
* Added the SQLITE_CONFIG_PCACHE_HDRSZ option to sqlite3_config() which makes it easier for applications to determine the appropriate amount of memory for use with SQLITE_CONFIG_PAGECACHE.
* The number of rows in a VALUES clause is no longer limited by SQLITE_LIMIT_COMPOUND_SELECT.
* Added the eval.c loadable extension that implements an eval() SQL function that will recursively evaluate SQL.

Performance Enhancements:
* Reduce the number of memcpy() operations involved in balancing a b-tree, for 3.2% overall performance boost.
* Improvements to cost estimates for the skip-scan optimization.
* The automatic indexing optimization is now capable of generating a partial index if that is appropriate.

Bug fixes:
* Ensure durability following a power loss with "PRAGMA journal_mode=TRUNCATE" by calling fsync() right after truncating the journal file.
* The query planner now recognizes that any column in the right-hand table of a LEFT JOIN can be NULL, even if that column has a NOT NULL constraint. Avoid trying to optimize out NULL tests in those cases.
* Make sure ORDER BY puts rows in ascending order even if the DISTINCT operator is implemented using a descending index.
* Fix data races that might occur under stress when running with many threads in shared cache mode where some of the threads are opening and closing connections.
* Fix obscure crash bugs found by american fuzzy lop.
* Work around a GCC optimizer bug (for gcc 4.2.1 on MacOS 10.7) that caused the R-Tree extension to compute incorrect results when compiled with -O3.

Other changes:
* Disable the use of the strchrnul() C-library routine unless it is specifically enabled using the -DHAVE_STRCHRNULL compile-time option.
* Improvements to the effectiveness and accuracy of the likelihood(), likely(), and unlikely() SQL hint functions.

(adam)

Updated www/squid3 to 3.4.11

(adam)

Changes 3.4.11:
* cachemgr.cgi: memory leak in request parser
* Fix typo on commStartSslClose
* Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro
* Bug 3760: squidclient ignores --disable-ipv6
* Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
* Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
* Bug 4164: SEGFAULT when %W formating code used in errorpages
* Deleting first fs left psstate->servers pointing to uninitialized memory
* Maintenance: check release notes on packaging
* Bug 4057: Avoid on-exit crashes when adaptation is enabled.

(adam)

Updated databases/tdb to 1.3.4

(adam)

Changes 1.3.4:
Bug fixes.

(adam)

Added databases/postgresql94 version 9.4.0

(adam)

PostgreSQL 9.4.0:
This release adds many new features which enhance PostgreSQL's flexibility, scalability and performance for many different types of database users, including improvements to JSON support, replication and index performance.

(adam)

Updated www/py-django to 1.7.3; www/py-django14 to 1.4.18; www/py-django-cms to 3.0.9

(adam)

Changes 3.0.9:
* Revert a change that caused a regression in toolbar login
* Fix an error in a translated phrase
* Fix error when moving items in the page tree

(adam)

Fixed securify issues:
* WSGI header spoofing via underscore/dash conflation
* Mitigated possible XSS attack via user-supplied redirect URLs
* Denial-of-service attack against django.views.static.serve
* Database denial-of-service with ModelMultipleChoiceField

(adam)

Updated databases/py-ldap to 2.4.19

(adam)

Updated databases/py-ldap to 2.4.19

(adam)

Changes 2.4.19:
* Fixed missing ReconnectLDAPObject._reconnect_lock when pickling
* Added ldap.controls.pagedresults which is pure Python implementation of
  Simple Paged Results Control (see RFC 2696) and delivers the correct
  result size

(adam)

Updated www/py-django-sekizai to 0.8.1

(adam)

Changes 0.8.1:
Unknown.

(adam)

Updated archivers/unrar to 5.2.4

(adam)

Changes 5.2.4:
Unknown.

(adam)