sysutils/broot: Downgrade to 1.18.0

Newer versions require Rust >= 1.65

(pin)

Downgrade ncspot

(pin)

audio/ncspot: downgrade to 0.11.2

Newer version require Rust >= 1.65

(pin)

doc: Note update of ruby-padrino and related packages to 0.15.2

www/ruby-padrino-support
www/ruby-padrino-helpers
www/ruby-padrino-core
www/ruby-padrino-admin
www/ruby-padrino-cache
www/ruby-padrino-mailer
www/ruby-padrino

(taca)

www/ruby-padrino: update to 0.15.2

0.15.2 (2022-12-23)

* FIX #2261 Resolve failures in CI Build and update Circle config (@jkowens)
* FIX #2263 Padrino-gen fix for ActiveRecord 6.1 (@jkowens)
* FIX #2260 Pin HAML to newer version 5 (@jkowens)
* NEW #2259 Add Sinatra 3 compatibility (@jkowens)
* NEW #2251 Sets up CircleCI for new builds (@wikimatze)
* FIX #2243 for cascading mailer path when using partials (@HR-Partner)
* FIX #2250 I18n translation issue on Ruby 3.0 (@jinshen1983)
* FIX #2246 Various routing upgrades and fixes (@takeshi-yashiro)

(taca)

Doc: Note update of ruby-sinatra and relatead pacakges to 3.0.5

www/ruby-rack-protection
www/ruby-sinatra
www/ruby-sinatra-contrib

(taca)

doc: Updated www/ruby-mustermann to 3.0.0

(taca)

www/ruby-sinatra: update to 3.0.5

It also update rack-protection and sinatra-contrib.

3.0.5 (2022-12-16)

* Fix: Add Zeitwerk compatibility. #1831 by Dawid Janczak
* Fix: Allow CALLERS_TO_IGNORE to be overridden

3.0.4 (2022-11-25)

* Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei
  Sakai

3.0.3 (2022-11-11)

* Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by @ooooooo-q

3.0.2 (2022-10-01)

* New: Add Haml 6 support. #1820 by Jordan Owens

3.0.1 (2022-09-26)

* Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson

* Fix: Revert change to server start and stop messaging by using
  Kernel#warn. Renamed internal warn method warn_for_deprecation. #1818 by
  Jordan Owens

3.0.0 (2022-09-26)

* New: Add Falcon support. #1794 by Samuel Williams and @horaciob
* New: Add AES GCM encryption support for session cookies. [#1324] (#1324)
  by Michael Coyne
* Deprecated: Sinatra Reloader will be removed in the next major release.
* Fix: Internal Sinatra errors now extend Sinatra::Error. This fixes #1204
  and #1518. bda8c29d by Jordan Owens
* Fix: Preserve query param value if named route param nil. #1676 by Jordan
  Owens
* Require Ruby 2.6 as minimum Ruby version. #1699 by Eloy P辿rez
* Breaking change: Remove support for the Stylus template engine. #1697 by
  Eloy P辿rez
* Breaking change: Remove support for the erubis template engine. #1761 by
  Eloy P辿rez
* Breaking change: Remove support for the textile template engine. #1766 by
  Eloy P辿rez
* Breaking change: Remove support for SASS as a template engine. #1768 by
  Eloy P辿rez
* Breaking change: Remove support for Wlang as a template engine. #1780 by
  Eloy P辿rez
* Breaking change: Remove support for CoffeeScript as a template
  engine. #1790 by Eloy P辿rez
* Breaking change: Remove support for Mediawiki as a template engine. #1791
  by Eloy P辿rez
* Breaking change: Remove support for Creole as a template engine. #1792 by
  Eloy P辿rez
* Breaking change: Remove support for Radius as a template engine. #1793 by
  Eloy P辿rez
* Breaking change: Remove support for the defunct Less templating
  library. See #1716, #1715 for more discussion and background. d1af2f1e by
  Olle Jonsson
* Breaking change: Remove Reel integration. 54597502 by Olle Jonsson
* CI: Start testing on Ruby 3.1. 60e221940 and b0fa4bef by Johannes W端rbach
* Use Kernel#caller_locations. #1491 by Julik Tarkhanov
* Docs: Japanese documentation: Add notes about the default_content_type
  setting. #1650 by Akifumi Tominaga
* Docs: Polish documentation: Add section about Multithreaded modes and
  Routes. #1708 by Patrick Gramatowski
* Docs: Japanese documentation: Make Session section reflect changes done to
  README.md. #1731 by @shu-i-chi

(taca)

www/ruby-mustermann: update to 3.0.0

3.0.0 (2022-07-24)

* Drop support for old Rubies < 2.6.

(taca)

doc: Updated www/ruby-rack to 3.0.3

(taca)

www/ruby-rack: update to 3.0.3

3.0.3 (2022-12-26)

* Fix Regexp deprecated third argument with Regexp::NOENCODING (#1998)

3.0.2 (2022-12-05)

Fixed

* Utils.build_nested_query URL-encodes nested field names including the
  square brackets.
* Allow Rack::Response to pass through streaming bodies. (#1993, @ioquatix)

3.0.1 (2022-11-18)

Fixed

* MethodOverride does not look for an override if a request does not include
  form/parseable data.
* Rack::Lint::Wrapper correctly handles respond_to? with to_ary, each, call
  and to_path, forwarding to the body. (#1981, @ioquatix)

3.0.0 (2022-09-06)

* No changes

3.0.0.rc1 (2022-09-04)

SPEC Changes

* Stream argument must implement << #1959
* close may be called on rack.input #1956
* rack.response_finished may be used for executing code after the response
  has been finished #1952

3.0.0.beta1 (2022-08-08)

Security

* Do not use semicolon as GET parameter separator. (#1733, @jeremyevans)

SPEC Changes

* Response array must now be non-frozen.
* Response status must now be an integer greater than or equal to 100.
* Response headers must now be an unfrozen hash.
* Response header keys can no longer include uppercase characters.
* Response header values can be an Array to handle multiple values (and no
  longer supports \n encoded headers).
* Response body can now respond to #call (streaming body) instead of #each
  (enumerable body), for the equivalent of response hijacking in previous
  versions.
* Middleware must no longer call #each on the body, but they can call
  #to_ary on the body if it responds to #to_ary.
* rack.input is no longer required to be rewindable.
* rack.multithread/rack.multiprocess/rack.run_once/rack.version are no
  longer required environment keys.
* SERVER_PROTOCOL is now a required environment key, matching the HTTP
  protocol used in the request.
* rack.hijack? (partial hijack) and rack.hijack (full hijack) are now
  independently optional.
* rack.hijack_io has been removed completely.
* rack.response_finished is an optional environment key which contains an
  array of callable objects that must accept #call(env, status, headers,
  error) and are invoked after the response is finished (either successfully
  or unsuccessfully).
* It is okay to call #close on rack.input to indicate that you no longer
  need or care about the input.
* The stream argument supplied to the streaming body and hijack must support
  #<< for writing output.

Removed

* Remove rack.multithread/rack.multiprocess/rack.run_once. These variables
  generally come too late to be useful. (#1720, @ioquatix, @jeremyevans))
* Remove deprecated Rack::Request::SCHEME_WHITELIST. (@jeremyevans)
* Remove internal cookie deletion using pattern matching, there are very few
  practical cases where it would be useful and browsers handle it correctly
  without us doing anything special. (#1844, @ioquatix)
* Remove rack.version as it comes too late to be useful. (#1938, @ioquatix)
* Extract rackup command, Rack::Server, Rack::Handler, Rack::Lobster and
  related code into a separate gem. (#1937, @ioquatix)

Added

* Rack::Headers added to support lower-case header keys. (@jeremyevans)
* Rack::Utils#set_cookie_header now supports escape_key: false to avoid key
  escaping. (@jeremyevans)
* Rack::RewindableInput supports size. (@ahorek)
* Rack::RewindableInput::Middleware added for making rack.input
  rewindable. (@jeremyevans)
* The RFC 7239 Forwarded header is now supported and considered by default
  when looking for information on forwarding, falling back to the
  X-Forwarded-* headers. Rack::Request.forwarded_priority accessor has been
  added for configuring the priority of which header to check. (#1423,
  @jeremyevans)
* Allow response headers to contain array of values. (#1598, @ioquatix)
* Support callable body for explicit streaming support and clarify streaming
  response body behaviour. (#1745, @ioquatix, #1748, @wjordan)
* Allow Rack::Builder#run to take a block instead of an argument. (#1942,
  @ioquatix)
* Add rack.response_finished to Rack::Lint. (#1802, @BlakeWilliams, #1952,
  @ioquatix)
* The stream argument must implement #<<. (#1959, @ioquatix)

Changed

* BREAKING CHANGE: Require status to be an Integer. (#1662, @olleolleolle)
* BREAKING CHANGE: Query parsing now treats parameters without = as having
  the empty string value instead of nil value, to conform to the URL
  spec. (#1696, @jeremyevans)
* Relax validations around Rack::Request#host and
  Rack::Request#hostname. (#1606, @pvande)
* Removed antiquated handlers: FCGI, LSWS, SCGI, Thin. (#1658, @ioquatix)
* Removed options from Rack::Builder.parse_file and
  Rack::Builder.load_file. (#1663, @ioquatix)
* Rack::HTTP_VERSION has been removed and the HTTP_VERSION env setting is no
  longer set in the CGI and Webrick handlers. (#970, @jeremyevans)
* Rack::Request#[] and #[]= now warn even in non-verbose mode. (#1277,
  @jeremyevans)
* Decrease default allowed parameter recursion level from 100 to 32. (#1640,
  @jeremyevans)
* Attempting to parse a multipart response with an empty body now raises
  Rack::Multipart::EmptyContentError. (#1603, @jeremyevans)
* Rack::Utils.secure_compare uses OpenSSL's faster implementation if
  available. (#1711, @bdewater)
* Rack::Request#POST now caches an empty hash if input content type is not
  parseable. (#749, @jeremyevans)
* BREAKING CHANGE: Updated trusted_proxy? to match full 127.0.0.0/8
  network. (#1781, @snbloch)
* Explicitly deprecate Rack::File which was an alias for
  Rack::Files. (#1811, @ioquatix).
* Moved Rack::Session into separate gem. (#1805, @ioquatix)
* rackup -D option to daemonizes no longer changes the working directory to
  the root. (#1813, @jeremyevans)
* The x-forwarded-proto header is now considered before the
  x-forwarded-scheme header for determining the forwarded
  protocol. Rack::Request.x_forwarded_proto_priority accessor has been added
  for configuring the priority of which header to check. (#1809,
  @jeremyevans)
* Rack::Request.forwarded_authority (and methods that call it, such as host)
  now returns the last authority in the forwarded header, instead of the
  first, as earlier forwarded authorities can be forged by clients. This
  restores the Rack 2.1 behavior. (#1829, @jeremyevans)
* Use lower case cookie attributes when creating cookies, and fold cookie
  attributes to lower case when reading cookies (specifically impacting
  secure and httponly attributes). (#1849, @ioquatix)
* The response array must now be mutable (non-frozen) so middleware can
  modify it without allocating a new Array,therefore reducing object
  allocations. (#1887, #1927, @amatsuda, @ioquatix)
* rack.hijack? (partial hijack) and rack.hijack (full hijack) are now
  independently optional. rack.hijack_io is no longer
  required/specified. (#1939, @ioquatix)
* Allow calling close on rack.input. (#1956, @ioquatix)

Fixed

* Make Rack::MockResponse handle non-hash headers. (#1629, @jeremyevans)
* TempfileReaper now deletes temp files if application raises an
  exception. (#1679, @jeremyevans)
* Handle cookies with values that end in '=' (#1645, @lukaso)
* Make Rack::NullLogger respond to #fatal! @jeremyevans)
* Fix multipart filename generation for filenames that contain
  spaces. Encode spaces as "%20" instead of "+" which will be decoded
  properly by the multipart parser. (#1736, @muirdm)
* Rack::Request#scheme returns ws or wss when one of the X-Forwarded-Scheme
  / X-Forwarded-Proto headers is set to ws or wss, respectively. (#1730,
  @erwanst)

(taca)

Switch dependency to www/ruby-rack2

Bump PKGREVISION.

(taca)

doc: Added www/ruby-rack2 version 2.2.4

(taca)

www/Makefile: add and enable ruby-rack2

(taca)

www/ruby-rack2: add package version 2.2.4

Add current ruby-rack package version 2.2.4 as ruby-rack2.

(taca)

doc: Updated textproc/libplist to 2.2.0nb2

(wiz)

libplist: remove python2 restriction

Builds fine for me with python 3.11.1 on NetBSD 10.99.2/amd64.

(wiz)

Pullup ticket #6713 - requested by gutteridge
devel/ccache: i386 build fix

Revisions pulled up:
- devel/ccache/Makefile                                        1.68

---
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Wed Jan  4 02:26:47 UTC 2023

  Modified Files:
            pkgsrc/devel/ccache: Makefile

  Log Message:
  ccache: fix builds on i386 (and possibly other arches)

  Addresses PR pkg/57157 from ano(ther)nymous.

(bsiegert)

Use RUBY_VERSIONS_ACCEPTED for ruby27 only packages.

No functinal change.

(taca)

Updated devel/py-setuptools_scm, devel/colordiff, www/py-httpx, converters/py-simplejson

(adam)

py-simplejson: updated to 3.18.1

Version 3.18.1 released 2023-01-03

* Remove unnecessary `i` variable from encoder module namespace
* Declare support for Python 3.11 and add wheels

(adam)

py-httpx: updated to 0.23.3

0.23.3 (4th Jan, 2023)

Fixed

Version 0.23.2 accidentally included stricter type checking on query parameters. This shouldn've have been included in a minor version bump, and is now reverted.

0.23.2 (2nd Jan, 2023)

Added

Support digest auth nonce counting to avoid multiple auth requests.

Fixed

Multipart file uploads where the file length cannot be determine now use chunked transfer encoding, rather than loading the entire file into memory in order to determine the Content-Length.
Raise TypeError if content is passed a dict-instance.
Partially revert the API breaking change in 0.23.1, which removed RawURL. We continue to expose a url.raw property which is now a plain named-tuple. This API is still expected to be deprecated, but we will do so with a major version bump.

(adam)

colordiff: updated to 1.0.21

Support for Windows C:\ProgramData instead of /etc, improved documentation for command-line options.

(adam)

py-setuptools_scm: updated to 7.1.0

v7.1.0
use tomllib from stdlib
handle non-ascii in setup.cfg
implement fallback file finders for archives
removed coding header in python template
declared Python 3.11 support
update .git_archival.txt templates match git-describe invocation
fix handling of .git-archival.txt from tagged commit

(adam)

Pullup ticket #6712 - requested by gutteridge
net/tcpreplay: security fix

Revisions pulled up:
- net/tcpreplay/Makefile                                        1.29
- net/tcpreplay/distinfo                                        1.19
- net/tcpreplay/patches/patch-configure                        deleted

---
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Thu Dec 29 23:29:04 UTC 2022

  Modified Files:
            pkgsrc/net/tcpreplay: Makefile distinfo
  Removed Files:
            pkgsrc/net/tcpreplay/patches: patch-configure

  Log Message:
  tcpreplay: update to 4.4.2

  08/28/2022 Version 4.4.2
        - remove autogen.sh from distribution tarballs (#745)
        - CVE-2022-37048 heap-overflow in get_l2len_protocol (#735)
        - replaying on a loopback interface is broken (#732)
        - replay edit with both --loop and --preload_pcap options (#729)
        - test suite bus error on armhf (#725)
        - CVE-2022-28487 format string vulnerability in fix_ipv6_checksums
  (#723)
        - CVE-2022-27942 heap-overflow in parse_mpls (#719)
        - CVE-2022-27940 CVE-2022-37047 CVE-2022-37049 heap-overflow in
  get_ipv6_next (#718)
        - CVE-2022-27939 reachable assertion in get_layer4_v6 (#717)
        - CVE-2022-25484 CVE-2022-27941 heap buffer overflow in
  get_l2len_protocol (#716)
        - remove bash-only test in configure script (#714)

(bsiegert)

Pullup ticket #6711 - requested by gdt
misc/raspberrypi-userland: build fix

Revisions pulled up:
- misc/raspberrypi-userland/Makefile                            1.19

---
  Module Name: pkgsrc
  Committed By: gdt
  Date: Mon Jan  2 21:03:57 UTC 2023

  Modified Files:
  pkgsrc/misc/raspberrypi-userland: Makefile

  Log Message:
  misc/raspberrypi-userland: Needs pkg-config

  (needs pullup)

(bsiegert)

doc: Updated www/lighttpd to 1.4.68

(wiz)

lighttpd: update to 1.4.68.

Important changes:
* stronger TLS defaults (as previously announced)
* KTLS sendfile in mod_openssl and mod_gnutls, if available and enabled
* removal of deprecated modules

(wiz)

doc: Updated games/einstein-puzzle to 2.2

(wiz)

einstein-puzzle: update to 2.2.

Switch to a maintained fork: lots of code cleanups.

(wiz)

meta-pkgs/lxqt: reflect homepage change

(pin)

doc: Updated sysutils/broot to 1.19.0

(pin)

sysutils/broot: update to 1.19.0

- Nushell support - Fix #375 - Thanks @FrancescElies, @mediumrarez, and issue
  contributors

(pin)

doc: Updated finance/gnucash-docs to 4.13

(wiz)

gnucash-docs: update to 4.13.

4.13  - 18 December 2022
        o Bug 798620 - Unable to build docs on Mageia Cauldron
        o Bug 798623 - ENG. Typo "documenation"
        o Bug 798624 - Document how to check if GnuCash is running when
                      updating quotes
        o Bug 798645 - screens instead of WINDOWS
        o Bug 798665 - New: ENG. Typo: Unnecessary determiner "a"
                      in 2.6.1. Migrating financial data.
        o Bug 798674 - Broken link on Chapter 17. Python Bindings
        o Manual:de: Account_Actions: Tippfehler-Korrektur
        o Review URLs and replace them by entities in all parts and languages excepting in comments or FDL appendix
        o manual, ch_Finance-Quote: fix broken entities
        o gnc-gui-struct.dtd: fix some mistakes and add entities for menuitems and menuchoice.
        o Update url-irc to "irc://irc.gimp.net/gnucash" see the email announcement
        o Partial Modernization of Manual:C:Business: Differentiation of admonitions and improvement of lists
        o Manual:C: Convert CSV assistant into <procedure>
        o Multi-split csv elaboration
        o Update app-fq-vers to "1.53"
        o Replace "Online Quote Setup" instructions in Guide by links to the manual chapter.
        O Enhance bookinfos by subtitle and titleabbrev;drop "Help" from manual. Adding titleabbrev allows yelp to display the version in its titlebar
        o Guide:C: Fix image declarations: Some were not properly scaled and others didn't appear in the List of Figures.
        o Replace all hardcoded width="510[px]" by "&img-w;" for for both components in all languages
        o Ensure our documentation is also found when gnucash is run in KDE
        o Restore draft status in gnc-docbook.dtd.
        o New and Updated Translations: German

(wiz)

fish: link against terminfo

For now, only on NetBSD - probably needed on all platforms?

Needed by binutils 2.39.

(wiz)

ccache: fix builds on i386 (and possibly other arches)

Addresses PR pkg/57157 from ano(ther)nymous.

(gutteridge)

radare2: remove requirement on Git to build

This removes the need to clone repositories to build radare2.
Thanks wiz@ for the heads up.

Tested on NetBSD/amd64.

No revision bump as the resulting package should be identical.

(khorben)

lang/elixir: Improve locale handling

  - actually set the build env for the diagnostics
  - set LC_ALL after bsd.pkg.mk
  - document why we are setting it

(gdt)

lang/elixir: Add debugging printouts about locale

NFCI; just prints environment variables and locale before the build.

(gdt)

Updated lang/nodejs, devel/py-ipython

(adam)

py-ipython: updated to 8.8.0

IPython 8.8.0
-------------

First release of IPython in 2023 as there was no release at the end of
December.

This is an unusually big release (relatively speaking) with more than 15 Pull
Requests merge.

Of particular interest are:

- :ghpull:`13852` that replace the greedy completer and improve
  completion, in particular for dictionary keys.
- :ghpull:`13858` that adds ``py.typed`` to ``setup.cfg`` to make sure it is
  bundled in wheels.
- :ghpull:`13869` that implements tab completions for IPython options in the
  shell when using `argcomplete <https://github.com/kislyuk/argcomplete>`. I
  believe this also needs a recent version of Traitlets.
- :ghpull:`13865` makes the ``inspector`` class of `InteractiveShell`
  configurable.
- :ghpull:`13880` that remove minor-version entrypoints as the minor version
  entry points that would be included in the wheel would be the one of the
  Python version that was used to build the ``whl`` file.

In no particular order, the rest of the changes update the test suite to be
compatible with Pygments 2.14, various docfixes, testing on more recent python
versions and various updates.

(adam)

nodejs: updated to 19.3.0

Version 19.3.0 (Current)

Notable Changes

Updated npm to 9.2.0
build: disable v8 snapshot compression by default (Joyee Cheung)
doc: add doc-only deprecation for headers/trailers setters (Rich Trott)
doc: add Rafael Gonzaga to the TSC (Michael Dawson)
(SEMVER-MINOR) net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options (Paolo Insogna)
(SEMVER-MINOR) src: add uvwasi version (Jithil P Ponnan)
(SEMVER-MINOR) test_runner: add t.after() hook (Colin Ihrig)
(SEMVER-MINOR) test_runner: don't use a symbol for runHook() (Colin Ihrig)
tls: remove trustcor root ca certificates (Ben Noordhuis)

(adam)

doc: Updated devel/wayland-protocols to 1.31nb1

(ryoon)

wayland-protocols: Fix x11/gtk3 build

Fix another problematic .xml file to fix x11/gtk3 build.

BUmp PKGREVISION.

(ryoon)

Updated textproc/po4a, multimedia/mkvtoolnix

(adam)

mkvtoolnix: updated to 73.0.0

Version 73.0.0 "25 or 6 to 4" 2023-01-02

New features and enhancements

* mkvmerge: greatly enhanced the speed of Base64 decoding which is used used
  e.g. when reading pictures embedded in Ogg or FLAC files or for binary data
  inside XML chapter & tag files. Even small blocks of data could take
  unreasonably long.
* mkvmerge: added support for reading HEVC/H.265 video from FLV
  containers.

Bug fixes

* mkvmerge: splitting: fixed a typo in the string output in GUI mode regarding
  the timestamps before which splitting was done.
* MKVToolNix GUI: job output: after having run multiple jobs the "Clear
  output" functionality only reset the visible parts. However, using the "save
  output" function would also save the output generated before the user used
  "clear output". Now only the output after the last use of "clear output" is
  saved.
* build system: when probing for the FLAC library the Ogg libraries will be
  linked with the compiled test program as well. This fixes detection if the
  `pkg-config` settings for FLAC don't list Ogg & the linker doesn't find the
  library automatically (e.g. for my macOS builds).

(adam)

po4a: updated to 0.69

        ___  __  ___
__  __/ _ \ / /_ / _ \
\ \ / / | | | '_ \ (_) |          Happy New Year release.
\ V /| |_| | (_) \__, |
  \_/  \___(_)___/  /_/          (Released on 2023/01/01)

Markdown:
* Parts of a fenced divs are now translated separately

YAML and Yaml Front Matter:
* Use the implementation of YFM to parse YAML files too.
  - This reduces the code dupplication, and brings the nice features over:
    Numbers and arrays are not quoted anymore in Yaml files, as it should be.
  - This adds the yfm_paths option to Markdown and Asciidoc YFM,
    fixing GitHub's 392 along the way.
  - Please note that '-o keys' is now case-sensitive in Yaml documents.
* Do not translate nor quote booleans, so that they are not treated as string.
  Thanks Gissmo for GitHub's PR 393, even if I had to rework it quite a bit.

XML:
* Correctly handle placeholders of empty elements
* Translate attributes within attribute-folded inline and placeholder
  alt attribute of <img> can be properly handled with:
  -o 'attributes=<image>alt' -o 'inline=<image>' -o foldattributes
* Thanks k-yaegashi for the pull request fixing both issues

Project organization:
* Do not leak the generation date in our manpages
  Thanks Arnout Engelen for the pull request.

Translations:
* New translation: Georgian, thanks Temuri Doghonadze.
* Updated: Dutch, thanks Frans Spiesschaert.
* Updated: French, thanks Jérémie Tarot & Brandelune.
* Updated: Italian, thanks Marco Ciampa.
* Updated: Japanese, thanks gemmaro.
* Updated: Portuguese, thanks Hugo Carvalho.
* Updated: Portuguese (Brazil), thanks Rafael Fontenelle.
* Updated: Ukrainian, thanks Yuri Chornoivan (українська).

Status of the binary translation:
* 100%: fr, it, nl, pt_BR, uk.
* >95%: eo (96%), nb (96%), pt (99%), sr_Cyrl (99%).
* >90%: de (94%), es (94%), hr (94%), hu (92%), ru (93%), zh_CN (94%), zh_Hant (94%).
* >70%: id (77%), sv (72%).
* >50%: cs (57%), da (62%), et (67%), eu (56%), ja (63%), pl (62%), sl (56%), vi (67%).
* >33%: ca (45%).
* Starting: ace (2%), af (7%), ar (14%), ka (16%), kn (7%), ko (18%), zh_HK (3%).

Status of the documentation translation:
* 100%: it, uk.
* >95%: de (98%), fr (99%), ja (96%), nl (99%), sr_Cyrl (98%).
* >90%: pt (93%), pt_BR (94%), zh_CHS (94%), zh_Hant (94%).
* >80%: es (83%).
* >50%: pl (66%), ru (64%).
* >33%: ca (43%).
* Starting: eo (2%), hr (0%), hu (0%), nb (4%).

(adam)

gnustep-objc: revert unintended commit

(wiz)

*: recursive bump for tiff shlib major bump

(wiz)

doc: Updated multimedia/libva to 2.16.0

(ryoon)

libva: Update to 2.16.0

Changelog:
2.16.0

  * add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e.
  * dep: Update README.md to remove badge links
  * dep: Removed waffle-io badge from README to fix broken link
  * dep: Drop mailing list, IRC and Slack
  * autotools: use wayland-scanner private-code
  * autotools: use the wayland-scanner.pc to locate the prog
  * meson: use wayland-scanner private-code
  * meson: request native wayland-scanner
  * meson: use the wayland-scanner.pc to locate the prog
  * meson: set HAVE_VA_X11 when applicable
  * style:Correct slight coding style in several new commits
  * trace: add Linux ftrace mode for va trace
  * trace: Add missing pthread_mutex_destroy
  * drm: remove no-longer needed X == X mappings
  * drm: fallback to drm driver name == va driver name
  * drm: simplify the mapping table
  * x11: simplify the mapping table
  * android: open() with O_CLOEXEC for device fd
  * android: remove convoluted open_device() helper
  * android: drop va_fool references
  * ci: strengthen ci with -Werror
  * ci: va/x11/nvctl: fix Wdeprecated-non-prototype on close_display
  * ci: add clang-15 coverage and rearrange runners
  * ci: upgrade FreeBSD to 13.1

(ryoon)

doc: Updated comms/asterisk16 to 16.29.1

(ryoon)

asterisk16: Update to 16.29.1

* Use bash for configure script. It uses bash-specific syntax.
* Use menuselect command to adjust options instead of manually
  crafted makeopts file. Manually crafted file does not work
  properly for me and 16.29.1 now.
* I have no idea about x11 option's status. It seems that
  gtk2 config UI is not available in this release at least,
  if I understand correctly.

Changelog:
16.29.1
Bugs fixed in this release:

[ASTERISK-30103] chan_ooh323 vulnerability in calling/called party IE (Reported By: Michael Bradeen)

[ASTERISK-30176] GetConfig can read files outside of Asterisk (Reported By: shawty)

[ASTERISK-30244] Occasional crash when TCP/TLS connection terminated and subscription persistence is removed (Reported By: nappsoft)

[ASTERISK-30338] Backport 2.13 security fixes from pjproject

16.29.0
New Features made in this release:

  * [ASTERISK-30037]        Add test support to calling external processes
                            (Reported by Philip Prindeville)
  * [ASTERISK-30161]        locks: add AMI event for deadlock
                            (Reported by N A)
  * [ASTERISK-30211]        app_confbridge: Add end_marked_any option
                            (Reported by N A)
  * [ASTERISK-30186]        res_pjsip: Add support for reloading TLS
                            certificate and key information
                            (Reported by Joshua C. Colp)
  * [ASTERISK-29899]        features: Add advanced transfer initiation options
                            (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-30235]        res_crypto and tests: Memory issues and and
                            uninitialized variable error
                            (Reported by George Joseph)
  * [ASTERISK-30234]        res_geolocation:  may be used uninitialized error
                            in geoloc_config.c
                            (Reported by George Joseph)
  * [ASTERISK-30215]        Inbound SIP INVITE with Geo Location causing a
                            Segmentation Fault
                            (Reported by Dan Cropp)
  * [ASTERISK-30135]        [res_musiconhold] Allows the moh only for the
                            answered call
                            (Reported by sungtae kim)
  * [ASTERISK-26894]        pjsip should support tel uri scheme
                            (Reported by Gergely D?ms?di)
  * [ASTERISK-30210]        func_frame_trace: Channel masquerade triggers
                            assertion
                            (Reported by N A)
  * [ASTERISK-30190]        res_geolocation: GEOLOC_PROFILE isn  t returning
                            correct values on incoming channel
                            (Reported by George Joseph)
  * [ASTERISK-29185]        chan_pjsip: Endpoint: allow = all is broken.
                            (Reported by Alexander Traud)
  * [ASTERISK-30192]        res_tonedetect: fix typo for frametype
                            (Reported by N A)
  * [ASTERISK-29453]        alembic: incoming_call_offer_pref and
                            outgoing_call_offer_pref missing in  ps_endpoints
                                table
                            (Reported by Daniel Th  men)
  * [ASTERISK-26826]        testsuite: Add support for Python 3
                            (Reported by Joshua C. Colp)
  * [ASTERISK-30167]        res_geolocation: Refactor for issues found by
                            users
                            (Reported by George Joseph)
  * [ASTERISK-28422]        Memory Leak in Confbridge menu
                            (Reported by Ted G)
  * [ASTERISK-29917]        ami: FilterList action doesn  t exist
                            (Reported by N A)
  * [ASTERISK-30020]        ConfbridgeListRooms Event Not Documented
                            (Reported by Michael Cargile)
  * [ASTERISK-30018]        app_meetme: MeetmeList AMI event not documented
                            (Reported by Michael Cargile)
  * [ASTERISK-30151]        Documentation doesn  t include info about  field
                              , a 3rd required parameter.
                            (Reported by Chris Young)

Improvements made in this release:

  * [ASTERISK-30241]        res_pjsip_gelocation: Downgrade some NOTICE scope
                            trace debugs to DEBUG level
                            (Reported by N A)
  * [ASTERISK-30178]        extend user_eq_phone behavior to local uri  s
                            (Reported by Michael Bradeen)
  * [ASTERISK-30046]        Reimplement res/res_crypto.c internals with
                            EVP_PKEY interface to Openssl API  s
                            (Reported by Philip Prindeville)
  * [ASTERISK-30045]        Add test coverage to res/res_crypto.c
                            functionality
                            (Reported by Philip Prindeville)
  * [ASTERISK-30185]        res_geolocation: Allow location parameters to be
                            specified in profiles
                            (Reported by George Joseph)
  * [ASTERISK-30177]        res_geolocation: Add option to suppress empty
                            elements
                            (Reported by George Joseph)
  * [ASTERISK-30182]        res_geolocation: Add built-in profiles to use in
                            fully dynamic configurations
                            (Reported by George Joseph)
  * [ASTERISK-29906]        update RLS to reflect the changes to the lists
                            (Reported by Alexei Gradinari)
  * [ASTERISK-30163]        general: fix minor formatting issues
                            (Reported by N A)
  * [ASTERISK-30164]        chan_iax2: Add missing option documentation
                            (Reported by N A)
  * [ASTERISK-30160]        cdr.conf: Remove obsolete app_mysql reference
                            (Reported by N A)
  * [ASTERISK-30159]        general: Remove obsolete SVN references
                            (Reported by N A)
  * [ASTERISK-30153]        logger: Improve log levels
                            (Reported by N A)

16.28.0
The following issues are resolved in this release:

Improvements made in this release:

  * [ASTERISK-30128]        Create PJSIP interface module for
                            Geolocation
                            (Reported by George Joseph)
  * [ASTERISK-30127]        Create core Geolocation capability for
                            Asterisk
                            (Reported by George Joseph)
  * [ASTERISK-30089]        general: fix typos
                            (Reported by N A)
  * [ASTERISK-30050]        Upgrade Asterisk to bundled pjproject
                            2.12.1
                            (Reported by Stanislav Abramenkov)

Bugs fixed in this release:

  * [ASTERISK-30167]        res_geolocation: Refactor for issues found by
                            users
                            (Reported by George Joseph)
  * [ASTERISK-29966]        pbx_variables: ast_str_strlen can be wrong
                            (Reported by N A)
  * [ASTERISK-29905]        OSX: bininstall launchd issue on cross-platfrom
                            build
                            (Reported by Sergey V. Lobanov)
  * [ASTERISK-30137]        manager: Global disabled event filtered is
                            incomplete
                            (Reported by N A)
  * [ASTERISK-30109]        res_pjsip: no contact-status AMI event on register
                            of prune-on-boot contact that uses the same URI as
                            before Asterisk restart
                            (Reported by Michael Neuhauser)
  * [ASTERISK-30126]        Spelling mistake in configs/samples/queues.conf.
                            sample
                            (Reported by Sam Banks)
  * [ASTERISK-29991]        chan_dahdi, callerid: Caller ID does not honor
                            presentation
                            (Reported by N A)
  * [ASTERISK-29907]        res_pjsip, app_confbridge: Video call through
                            ConfBridge with normal endpoints causes infinite
                            loop/crash
                            (Reported by N A)
  * [ASTERISK-30029]        build: Git security vulnerability fix is sad with
                            our accessing git as root during  make install
                            (Reported by Joshua C. Colp)
  * [ASTERISK-30138]        Compile failure in res_geolocation/geoloc_
                            eprofile.c when optimization is enabled
                            (Reported by George Joseph)
  * [ASTERISK-30096]        cel_odbc: Column type 9 (field  cdr:cel:eventtime
                              ) is unsupported at this time
                            (Reported by Morvai Szabolcs)
  * [ASTERISK-30083]        chan_iax2: Optional dependency on openssl/
                            res_crypto is now mandatory
                            (Reported by Dmitry Melekhov)
  * [ASTERISK-30123]        features: Update automixmon documentation to
                            reflect reality
                            (Reported by Trevor Peirce)
  * [ASTERISK-30117]        pbx_lua: Remove compiler warnings
                            (Reported by Boris P. Korzun)
  * [ASTERISK-30001]        db: Removing nonexistent entries shows  Database
                            entry removed
                            (Reported by N A)
  * [ASTERISK-29822]        cli: Typing \? freezes the CLI permanently with
                            remote console
                            (Reported by N A)
  * [ASTERISK-30106]        res_calendar_icalendar: Microsoft online ICS
                            calendars no longer work
                            (Reported by N A)
  * [ASTERISK-30115]        app_dial: Allow hook flashes to propogate on
                            outbound dials
                            (Reported by N A)
  * [ASTERISK-29989]        app_dial, chan_dahdi: DIALSTATUS is inconsistent
                            for busy
                            (Reported by N A)
  * [ASTERISK-30072]        res_pjsip: allow TLS verification of wildcard
                            cert-bearing servers
                            (Reported by Kevin Harwell)
  * [ASTERISK-30075]        say: Abort if channel hangs up during playback
                            (Reported by N A)

New Features made in this release:

  * [ASTERISK-30136]        db: Add AMI action to retrieve all keys beginning
                            with a prefix
                            (Reported by N A)
  * [ASTERISK-30000]        chan_dahdi: Add POLARITY function
                            (Reported by N A)
  * [ASTERISK-30062]        cli: Add CLI command to execute a dialplan app
                            (Reported by N A)
  * [ASTERISK-29999]        pjsip: Get information from 200 OK INVITE reply
                            headers
                            (Reported by Jos  Lopes)
  * [ASTERISK-30061]        pbx: Add pbx helper application
                            (Reported by N A)

16.27.0
Improvements made in this release:

  * [ASTERISK-30090]        xmldocs: Use example tags for examples
                            (Reported by N A)
  * [ASTERISK-29906]        update RLS to reflect the changes to the lists
                            (Reported by Alexei Gradinari)
  * [ASTERISK-29891]        provide a display name for RLS subscriptions
                            (Reported by Alexei Gradinari)
  * [ASTERISK-30086]        res_parking: Warn when invalid parking space
                            requested
                            (Reported by N A)
  * [ASTERISK-30058]        Evaluate dialplan functions and variables in agi
                            exec
                            (Reported by Shloime Rosenblum)
  * [ASTERISK-30027]        ari: expose channel driver  s unique id (i.e.
                            Call-ID for chan_sip/chan_pjsip) in ARI channel
                            resource
                            (Reported by Moritz Fain)
  * [ASTERISK-29845]        res_pjsip_outbound_registration: Show time
                            remaining until registration lapses
                            (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-30097]        console: Recent documentation changes for
                            connecting to remote console are inconsistent
                            (Reported by Matthias Hensler)
  * [ASTERISK-30043]        Wrong party is disconnected when hook-flashing on
                            3-way bridge
                            (Reported by Josh Alberts)
  * [ASTERISK-29603]        res_pjsip: UPDATE/re-INVITE not sent when  timers
                            =always  is specified in pjsip.conf
                            (Reported by Ray Crumrine)
  * [ASTERISK-30092]        DateTime application: wrong inflection for one o
                            clock in German
                            (Reported by Christof Efkemann)
  * [ASTERISK-30064]        pbx: iax2 switch causes crash due to deadlock and
                            assertion
                            (Reported by N A)
  * [ASTERISK-29981]        res_calendar: Asterisk crashes when starting, and
                            will not run
                            (Reported by N A)
  * [ASTERISK-30039]        cli: Targeted debug on startup deadlocks and
                            creates unstable system
                            (Reported by N A)
  * [ASTERISK-30051]        res_pjsip: No video after un-hold with
                            moh_passthrough=yes
                            (Reported by Maximilian Fridrich)
  * [ASTERISK-24601]        Missing RFC4235 tags and attributes in PJSIP
                            NOTIFY event: dialog XML body
                            (Reported by Marco Paland)
  * [ASTERISK-30060]        loader: format warnings in dev mode
                            (Reported by N A)
  * [ASTERISK-30059]        menuselect: libxml include fails under Gentoo
                            (Reported by waltermoeller)
  * [ASTERISK-30065]        pjsip: Open Websocket connection is not reused for
                            outgoing requests
                            (Reported by LA)
  * [ASTERISK-30042]        res_pjsip_transport_websocket: Registration over
                            websocket returns a rewritten contact
                            (Reported by Thomas Guebels)
  * [ASTERISK-29993]        chan_dahdi: Operator control option borks both
                            lines involved on callee disconnect
                            (Reported by N A)
  * [ASTERISK-30044]        GCC 12 issues
                            (Reported by George Joseph)

New Features made in this release:

  * [ASTERISK-30063]        app_voicemail: Add option to prevent deletion of
                            messages
                            (Reported by N A)
  * [ASTERISK-30087]        res_parking: Add music on hold override option
                            (Reported by N A)
  * [ASTERISK-29965]        res_pjsip_outbound_registration: Make max
                            registration delay configurable
                            (Reported by N A)
  * [ASTERISK-30036]        app_confbridge: Add CONFBRIDGE_CHANNELS function
                            (Reported by N A)

16.26.1
Bugs fixed in this release:

  * [ASTERISK-30065]        pjsip: Open Websocket connection is not reused for
                            outgoing requests
                            (Reported by LA)

16.26.0
Security bugs fixed in this release:

  * [ASTERISK-29476]        res_stir_shaken: Blind SSRF vulnerabilities
                            (Reported by Clint Ruoho)
  * [ASTERISK-29838]        ${SQL_ESC()} not correctly escaping a terminating
                            \
                            (Reported by Leandro Dardini)
  * [ASTERISK-29872]        res_stir_shaken: Resource exhaustion with large
                            files
                            (Reported by Benjamin Keith Ford)

New Features made in this release:

  * [ASTERISK-29931]        Option to allow a user to not hear the join sound
                            on enter but everyone else can
                            (Reported by Michael Cargile)
  * [ASTERISK-29968]        func_db: Add a function to return cardinality of
                            keys at prefix
                            (Reported by N A)
  * [ASTERISK-29486]        Hint-like extension value lookup function without
                            device state
                            (Reported by N A)
  * [ASTERISK-29941]        chan_pjsip: Add ability to send flash events
                            (Reported by N A)
  * [ASTERISK-29820]        cli: Add command to evaluate a function
                            (Reported by N A)
  * [ASTERISK-29876]        app_queue: Add music on hold option
                            (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-28518]        chan_dahdi: Caller ID FSK Erroneously Sent when
                            Picking Up Dahdi Call On Hold
                            (Reported by Josh Alberts)
  * [ASTERISK-29990]        chan_dahdi: adding ring cadences is not idempotent
                            on dahdi restart
                            (Reported by N A)
  * [ASTERISK-30007]        chan_iax2: Prevent crashes due to attempted
                            encryption with missing secrets
                            (Reported by N A)
  * [ASTERISK-29728]        menuselect: Disabled by default modules that are
                            enabled are always recompiled
                            (Reported by N A)
  * [ASTERISK-30002]        app_meetme: Don  t erroneously set global
                            variables when channel is NULL
                            (Reported by N A)
  * [ASTERISK-29994]        chan_dahdi: Round robin array size is too small
                            for max number of groups
                            (Reported by N A)
  * [ASTERISK-22246]        Asterisk  s  T  flag is ignored when used with
                              r  or  R  flags. (documentation bug)
                            (Reported by Rusty Newton)
  * [ASTERISK-26582]        Asterisk seems to ignore the  n  parameter for
                              disable console colorization
                            (Reported by Sebastian Gutierrez)
  * [ASTERISK-29843]        Session timers get removed on UPDATE
                            (Reported by Mark Petersen)
  * [ASTERISK-29943]        file.c: seeking to negative file offset is not
                            prevented
                            (Reported by N A)
  * [ASTERISK-29955]        chan_sip: SIP route header is missing on UPDATE
                            (Reported by Mark Petersen)
  * [ASTERISK-29842]        Do not change 180 Ringing to 183 Progress even if
                            early_media already enabled
                            (Reported by Mark Petersen)
  * [ASTERISK-29948]        iostream: Infinite TCP timeout writing data
                            (Reported by N A)
  * [ASTERISK-29253]        Incorrect bridging on transfer
                            (Reported by Yury Kirsanov)
  * [ASTERISK-30024]        Failed to sign STIR/SHAKEN payload with
                            functionality not enabled
                            (Reported by Claude Diderich)
  * [ASTERISK-30006]        res_pjsip: UDP transport does not work when
                            async_operations is greater than 1
                            (Reported by Ross Beer)
  * [ASTERISK-29655]        res_pjsip_session: No video to caller if no camera
                            available
                            (Reported by Michael Auracher)
  * [ASTERISK-29638]        res_pjsip_session: No video after early media
                            (Reported by Michael Auracher)
  * [ASTERISK-30015]        pjsip / WebRTC: Chrome creating large number of
                            SDP attributes
                            (Reported by Josh Hogan)
  * [ASTERISK-30021]        ast_variable_list_replace_variable uses variable
                            with new keyword
                            (Reported by Jasper Hafkenscheid)
  * [ASTERISK-30023]        cdr_adaptive_odbc: does not support DATETIME
                            database columns
                            (Reported by Gregory Massel)
  * [ASTERISK-29411]        Crash in pjsip_msg_find_hdr_by_name
                            (Reported by LA)
  * [ASTERISK-29535]        Segmentation fault in libasteriskpj.so.2
                            (Reported by Daniel Bonazzi)
  * [ASTERISK-26719]        pbx: Only up to 127 includes in a dialplan context
                            (AST_PBX_MAX_STACK    1)
                            (Reported by Tzafrir Cohen)
  * [ASTERISK-29988]        REGRESSION: The build process is requiring xmllint
                            or xmlstarlet ro be installed when it shouldn  t
                            (Reported by George Joseph)
  * [ASTERISK-29986]        build: Asterisk 18.11.0 doesn  t compile when wget
                            isn  t available
                            (Reported by Stefan Ruijsenaars)
  * [ASTERISK-29895]        chan_iax2: Fix misaligned spacing in iax2 show
                            netstats printout
                            (Reported by N A)
  * [ASTERISK-29939]        agi: Fix xmldoc bug with set music
                            (Reported by N A)
  * [ASTERISK-28891]        documentation: AGICommand_set+music documentation
                            arguments displayed incorreclty
                            (Reported by Jonathan Harris)
  * [ASTERISK-29048]        chan_iax2:  iax2 show registry  shows host for
                            perceived
                            (Reported by David Herselman)
  * [ASTERISK-26689]        res_pjsip_sdp_rtp: 183 Session in Progress.
                            Disconnecting channel for lack of RTP activity
                            (Reported by Dmitriy Serov)
  * [ASTERISK-29929]        res_pjsip_sdp_rtp: Disconnecting channel for lack
                            of RTP activity in one way sessions
                            (Reported by Boris P. Korzun)
  * [ASTERISK-29674]        Adjust for 64bit time_t
                            (Reported by Andre Heider)
  * [ASTERISK-29961]        RLS: domain part of  uri  list attribute
                            mismatch with SUBSCRIBE request
                            (Reported by Alexei Gradinari)
  * [ASTERISK-29950]        SayNumber can handle  01  to  07  , but not
                            08  or  09
                            (Reported by Jim Van Meggelen)
  * [ASTERISK-29928]        logging messages truncated when using MUSL runtime
                            (Reported by Philip Prindeville)
  * [ASTERISK-29960]        ari: Retrieving stored recording can returns wrong
                            file
                            (Reported by Arix)

Improvements made in this release:

  * [ASTERISK-24827]        Missing documentation for chan_dahdi dial string
                            ring cadences
                            (Reported by Scott Griepentrog)
  * [ASTERISK-29940]        general: Add since tags to xmldocs
                            (Reported by N A)
  * [ASTERISK-29951]        app_mf, app_sf: Return -1 on hangup
                            (Reported by N A)
  * [ASTERISK-29954]        app_meetme: Emit warning if conference not found
                            (Reported by N A)
  * [ASTERISK-29351]        Qualify pjproject 2.12 for Asterisk
                            (Reported by George Joseph)
  * [ASTERISK-29877]        app_mf: Allow reading a maximum number of digits
                            (Reported by N A)
  * [ASTERISK-29976]        Should Readme include information about
                            install_prereq script?
                            (Reported by Marcel Wagner)
  * [ASTERISK-29970]        Use pkg-config to find libxml2 headers and
                            libraries
                            (Reported by Hugh McMaster)
  * [ASTERISK-25716]        Documentation: Document explanations and examples
                            for possible values of DIALSTATUS
                            (Reported by Rusty Newton)
  * [ASTERISK-29980]        build: External binary modules don  t use https
                            (Reported by INVADE International Ltd.)
  * [ASTERISK-29967]        pbx_builtins: Add missing documentation
                            (Reported by N A)

16.25.3
Bugs fixed in this release:

  * [ASTERISK-30024]        Failed to sign STIR/SHAKEN payload with
                            functionality not enabled
                            (Reported by Claude Diderich)

16.25.2
The following security vulnerabilities were resolved in 16.25.2:

  * AST-2022-001: res_stir_shaken: resource exhaustion with large files
    When using STIR/SHAKEN, it's possible to download files that are not
    certificates. These files could be much larger than what you would expect
    to
    download.
  * AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header
    When using STIR/SHAKEN, it's possible to send arbitrary requests like GET
    to
    interfaces such as localhost using the Identity header.
  * AST-2022-003: func_odbc: Possible SQL Injection
    Some databases can use backslashes to escape certain characters, such as
    backticks. If input is provided to func_odbc which includes backslashes it
    is
    possible for func_odbc to construct a broken SQL query and the SQL query to
    fail.

16.25.1
Bugs fixed in this release:

  * [ASTERISK-29988]        REGRESSION: The build process is requiring xmllint
                            or xmlstarlet ro be installed when it shouldn??t
                            (Reported by George Joseph)
  * [ASTERISK-29986]        build: Asterisk 18.11.0 doesn??t compile when wget
                            isn??t available
                            (Reported by Stefan Ruijsenaars)

15.25.0
Security bugs fixed in this release:

  * [ASTERISK-29945]        pjproject: Security fixes for
                            things
                            (Reported by Kevin Harwell)

New Features made in this release:

  * [ASTERISK-29853]        ami: Allow events to be globally disabled
                            (Reported by N A)
  * [ASTERISK-29840]        func_channel: Add LASTCONTEXT and LASTEXTEN
                            fields
                            (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-29924]        res_config_pgsql: omit  unsupported column type
                              text'  error
                            (Reported by Boris P. Korzun)
  * [ASTERISK-29923]        docs, LICENSE: pbx.digium.com no longer exists
                            (Reported by N A)
  * [ASTERISK-29904]        RLS: Batched Notifications stop working
                            (Reported by Alexei Gradinari)
  * [ASTERISK-29365]        taskprocessor: Can cause assert at shutdown
                            (Reported by Joshua C. Colp)
  * [ASTERISK-29873]        Queue Realtime load
                            (Reported by Alexei Gradinari)
  * [ASTERISK-18416]        Realtime queue agents unavailable via AMI before a
                            call event.
                            (Reported by kwk)
  * [ASTERISK-27597]        AMI Queuestatus not working (with realtime queue)
                            (Reported by cagdas kopuz)
  * [ASTERISK-29886]        Asterisk AMI sends not-valid XML
                            (Reported by Napadailo Yaroslav)

Improvements made in this release:

  * [ASTERISK-29906]        update RLS to reflect the changes to the lists
                            (Reported by Alexei Gradinari)
  * [ASTERISK-29909]        app_queue: Add support for withdrawing a call
                            (Reported by Kfir Itzhak)
  * [ASTERISK-29353]        Qualify jansson 2.14 for asterisk
                            (Reported by George Joseph)
  * [ASTERISK-29897]        channels: Increase core debug levels for chatty
                            debugs
                            (Reported by N A)
  * [ASTERISK-29896]        xmldocs: Add since tag
                            (Reported by N A)
  * [ASTERISK-29861]        asterisk.h: add macro for curl user agent
                            (Reported by N A)
  * [ASTERISK-29920]        app_voicemail: Warn if trying to manage
                            nonexistent mailbox
                            (Reported by N A)
  * [ASTERISK-29925]        func_db: Warn about malformed key names
                            (Reported by N A)
  * [ASTERISK-29809]        curl, stir_shaken: refactor curl code
                            (Reported by N A)
  * [ASTERISK-29891]        provide a display name for RLS subscriptions
                            (Reported by Alexei Gradinari)
  * [ASTERISK-29866]        cli: add core dump information to core show
                            settings
                            (Reported by N A)
  * [ASTERISK-29898]        documentation: Add default attributes to
                            documentation
                            (Reported by N A)
  * [ASTERISK-29900]        app_mp3: Document and warn about https
                            incompatibility
                            (Reported by N A)

16.24.1
The following security vulnerabilities were resolved in 16.24.1:

  * AST-2022-004: pjproject: integer underflow on STUN message
    The header length on incoming STUN messages that contain an ERROR-CODE
    attribute is not properly checked. This can result in an integer underflow.
    Note, this requires ICE or WebRTC support to be in use with a malicious
    remote
    party.

  * AST-2022-005: pjproject: undefined behavior after freeing a dialog set
    When acting as a UAC, and when placing an outgoing call to a target that
    then
    forks Asterisk may experience undefined behavior (crashes, hangs, etc??)
    after a dialog set is prematurely freed.

  * AST-2022-006: pjproject: unconstrained malformed multipart SIP message
    If an incoming SIP message contains a malformed multi-part body an out of
    bounds read access may occur, which can result in undefined behavior. Note,
    it??s currently uncertain if there is any externally exploitable vector
    within Asterisk for this issue, but providing this as a security issue out
    of
    caution.[cleardot]

(ryoon)

doc: Updated graphics/tiff to 4.5.0

(wiz)

tiff: update to 4.5.0.

Changes in TIFF v4.5.0
======================

Major changes
-------------

* Whole code base reformatting of .c/.h files using new .clang-format format
* Documentation changed from static HTML and man pages to Restructured Text
  (rst). HTML and man pages are now build artifacts.

Software configuration changes
------------------------------

* SONAME version bumped to 6 due to changes in symbol versioning.
* autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into
  its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build.
* autoconf/cmake: detect sphinx-build to build HTML and man pages
* CMakeLists.txt: fix warning with -Wdev
* CMake: correctly set default value of 'lzma' option when liblzma is detected
  (:issue:`482`)
* CMake: Moved linking of CMath::CMath into CMath_LIBRARY check.
* Fix CMake build to be compatible with FetchContent.
* cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS (:issue:`443`)
* cmake: Fixes for Visual Studio 2022.
* Adds Requires.private generation so that pkg-config can correctly find
  the dependencies of libtiff.
* Fix dependency on libm on Android
* cmake: libtiffxx is static on win32
* Fix build in tif_lzw.c
* CMake: Add options for disabling tools, tests, contrib and docs.

Library changes
---------------

New/improved functionalities:

* Addition of an open option concept with the new functions
  :c:func:`TIFFOpenExt`, :c:func:`TIFFOpenWExt`, :c:func:`TIFFFdOpenExt`,
  :c:func:`TIFFClientOpenExt`, :c:func:`TIFFOpenOptionsAlloc`,
  :c:func:`TIFFOpenOptionsFree`
* Leveraging above mentioned open option concept, addition of a new capability
  to limit the size of a single dynamic memory allocation done
  by the library with :c:func:`TIFFOpenOptionsSetMaxSingleMemAlloc`
* Leveraging above mentioned open option concept, addition of a new capability
  to specify per-TIFF handle re-entrant error and warning callbacks
  with :c:func:`TIFFOpenOptionsSetErrorHandlerExtR` and
  :c:func:`TIFFOpenOptionsSetWarningHandlerExtR`
* Related to IFD-Loop detection refactoring, the number of IFDs that libtiff
  can browse through has been extended from 65535 to 1048576. This value is
  a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT
  variable or autoconf's --with-max-dir-count option.

API/ABI breaks:

* tdir_t type updated to uint32_t. This type is now used for the return value of
  :c:func:`TIFFCurrentDirectory` and :c:func:`TIFFNumberOfDirectories`, and
  as the argument of :c:func:`TIFFSetDirectory` and :c:func:`TIFFUnlinkDirectory`

Bug fixes:

* TIFFWriteRawStrip(): restore capabilities to append data in the current strip
  (:issue:`489`)
* _TIFFReadEncodedTileAndAllocBuffer(): avoid excessive memory allocation on
  broken files (:issue:`479`)
* TIFFReadRGBATileExt(): fix (unsigned) integer overflow on strips/tiles > 2 GB
  (oss-fuzz #53137)
* Replace sprintf calls with snprintf to fix warnings on macOS 13 SDK
* Added warning messages for FIELD_IGNORE tags for writing and for
  TIFF_SETGET_UNDEFINED for reading added. (:issue:`438`)
* tif_dirinfo.c: fix TIFFTAG_CLIPPATH tag declaration (:issue:`439`)
* tif_dirinfo.c: fix TIFFTAG_COMPRESSION and _BITSPERSAMPLE tag declaration
  (:issue:`364`)
* Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
  (:issue:`149`, :issue:`150`, :issue:`152`, :issue:`168`, :issue:`250`,
  :issue:`269`,:issue:`398`, CVE-2022-3599, :issue:`456`)
* TIFFAdvanceDirectory(): fix unsigned-integer-overflow in mapped case
  (oss-fuzz #52309)
* Improved/fixes IFD-Loop Handling (:issue:`455`).
* Update getimage to support large raster images.
* Presetting of default tag values extended (e.g. PlanarConfig). (:issue:`449`)
* Deal with RichTIFFIPTC tag written with LONG type (:issue:`225`)
* TIFFSetValue(): Writing IFD8 & LONG8 tags to ClassicTIFF corrected
  (:issue:`442`)
* tif_jpeg.c: allow to pass -DEXPECTED_JPEG_LIB_VERSION=number to do optional
  compile-time version check
* TIFFReadFromUserBuffer(): fix clearing of TIFF_CODERSETUP flag that could
  cause issues with reading JPEG compressed files
* _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific
  tag and the codec is not configured (:issue:`433`, :issue:`486`,
  CVE-2022-34526)
* Add basic 16 bit cielab support.
* WEBP codec: avoid temporary buffer and memcpy() on whole tile/strip decoding
* tif_predict.c: make horAcc8() work with icc (ICC) 2021.6.0 20220226 -O2

Tools changes
-------------

New/improved functionality:

* :program:`tiffinfo`: Updated to parse through SubIFDs and show their tags.

Bug fixes:

* :program:`tiffcrop`: add check if (bps != 1) in writeSingleSection()
  (:issue:`169`)
* :program:`tiffcrop`: Fix too many 'mode' options on command line
  (:issue:`470` and :issue:`450`)
* :program:`tiffcrop`: Fix memory allocation to require a larger buffer
  (:issue:`271`, :issue:`381`, :issue:`386`, :issue:`388`, :issue:`389`,
  :issue:`435`, CVE-2022-3570, CVE-2022-3598)
* :program:`tiffcrop`: disable incompatibility of -Z, -X, -Y, -z options with
  any PAGE_MODE_x option (:issue:`411`, CVE-2022-3627, :issue:`413`,
  CVE-2022-3597, :issue:`426`, CVE-2022-3626)
* :program:`tiffcrop`: -S option mutually exclusive (:issue:`349`,
  :issue:`414`, :issue:`422`, :issue:`423`, :issue:`424`)
* :program:`tiffcrop`: fix floating-point exception (:issue:`415`,
  :issue:`427`, :issue:`428`, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
* :program:`tiff2pdf`: Don't try to seek into stdout (:issue:`441`)
* :program:`tiffinfo`: update curdir from uint16_t to tdir_t for more than 64k
  IFD handling.

(wiz)

doc: Updated devel/gettext to 0.21.1

(wiz)

gettext*: update to 0.21.1

Version 0.21.1 - October 2022

* Runtime behaviour:
  - On AIX, locale names with a script or with an uppercase language are now
    supported.
    For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
    EN_US.UTF-8 is treated like en_US.UTF-8.

* The base Unicode standard is now updated to 14.0.0.

* Portability:
  - Building on macOS 11/arm64 is now supported.
  - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.

(wiz)

doc: Updated print/mupdf to 1.21.1

(wiz)

mupdf: update to 1.21.1.

List of changes in MuPDF 1.21.1 (Source only release for PyMuPDF)

Miscellaneous bug fixes, including:
Garbage collection problem causing file bloat on clean.
Don't assume sorted objects in pdf_objcmp.
Don't layout empty documents.
Type 3 font char bboxes.

List of changes in MuPDF 1.21.0

Added MOBI input format support.
Added Story API for creating PDF documents from formatted text.
Added API to create, edit, and delete links.

Support custom images for Stamp annotations.
Support interior color on Polygon annotations.
Support line endings on PolyLine annotations.

Improved SVG output.

C++/Python/C# binding:
Changes to naming of wrapper functions and classes.
Added limited support for callbacks into Python, using SWIG Directors.

(wiz)

doc: Updated x11/rterm to 0.0.7

(pin)

x11/rterm: update to 0.0.7

- Initial support for grapheme cluster.
- Fixing some issues caused by grapheme clusters (still some to fix).
- Move the pty from term to app.
- Added some initial tests to term.
- fix the same panic as in 82efa38
- fix selection regression: do not start selection on button press
- Initial code for wide glyph support.
- refactoring
- fixed start-up resize and trivial readme
- Fixed a bug when resizing while using less etc.
- enable blinking
- simplified alt screen handling

(pin)

doc: Updated devel/wayland-protocols to 1.31

(wiz)

wayland-protocols: update to 1.31.

1.31

This release introduces a new staging protocol: fractional scaling.
Without going into details, this protocol allows compositor to communicate
a scale with more precision than an integer. Clients can then use this
together with the wp_viewporter protocol to allocate more appropriately
sized buffers.

The other protocol related change in this release involves adding a new
error enum value to xdg-shell.

Since the last release, a new member, Smithay/cosmic-comp, was added,
represented by Victoria Brekenfeld. Some clarifications to the
governence about about protocol ACKs requirements was also done.

1.30

This release introduces a new staging protocol extension aiming for
letting clients communicate to compositors that they allow their content
to "tear" (screen showing part old, part new content). See the protocol
extension specification for details.

1.29

This release contains a bug fix to the 'content-type' protocol
extension, where an incorrect enum name was previously used.
See [1] for more information how it eventually can be avoided in the
future.

Apart from this, the linux-dmabuf extension saw documentation fixes.

1.28

This release includes one new staging protocol:

* Xwayland shell

This protocol is intended to exclusively be used by Xwayland to allow a
race condition free method for associating an X11 window with a
wl_surface in a compositor, and is intended to replace the old
WL_SURFACE_ID atom based method.

Apart from this, xdg-shell saw some new error codes for already existing
error conditions.

1.27

This release includes two new staging protocols:

* Content type hint

This protocol enables clients to provide hints to the compositor about
what kind of content it provides, allowing compositors to optionally
adapt its behavior accordingly.

* Idle notify

This extension allows compositors to notify clients about when the user
is idle.

Apart from these two new extensions, this release also brings the usual
clarifications, cleanups and fixes. Enjoy!

(wiz)

doc: Updated net/samba4 to 4.17.4

(wiz)

samba: update to 4.17.4.

This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:

o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
                  RC4-HMAC Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A Samba Active Directory DC will issue weak rc4-hmac
                  session keys for use between modern clients and servers
                  despite all modern Kerberos implementations supporting
                  the aes256-cts-hmac-sha1-96 cipher.

                  On Samba Active Directory DCs and members
                  'kerberos encryption types = legacy' would force
                  rc4-hmac as a client even if the server supports
                  aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.

                  https://www.samba.org/samba/security/CVE-2022-37966.html

o CVE-2022-37967: This is the Samba CVE for the Windows
                  Kerberos Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A service account with the special constrained
                  delegation permission could forge a more powerful
                  ticket than the one it was presented with.

                  https://www.samba.org/samba/security/CVE-2022-37967.html

o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                  same algorithms as rc4-hmac cryptography in Kerberos,
                  and so must also be assumed to be weak.

                  https://www.samba.org/samba/security/CVE-2022-38023.html

Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!

samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------

This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.

smb.conf changes
----------------

  Parameter Name                              Description            Default
  --------------                              -----------            -------
  allow nt4 crypto                            Deprecated              no
  allow nt4 crypto:COMPUTERACCOUNT            New
  kdc default domain supported enctypes        New (see manpage)
  kdc supported enctypes                      New (see manpage)
  kdc force enable rc4 weak session keys      New                    No
  reject md5 clients                          New Default, Deprecated Yes
  reject md5 servers                          New Default, Deprecated Yes
  server schannel                              Deprecated              Yes
  server schannel require seal                New, Deprecated        Yes
  server schannel require seal:COMPUTERACCOUNT New
  winbind sealed pipes                        Deprecated              Yes

Changes since 4.17.3
--------------------

o  Jeremy Allison <jra@samba.org>
  * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
    same size.

o  Andrew Bartlett <abartlet@samba.org>
  * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
    user-controlled pointer in FAST.
  * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
  * BUG 15237: CVE-2022-37966.
  * BUG 15258: filter-subunit is inefficient with large numbers of knownfails.

o  Ralph Boehme <slow@samba.org>
  * BUG 15240: CVE-2022-38023.
  * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.

o  Stefan Metzmacher <metze@samba.org>
  * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
    Windows.
  * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically.
  * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
    vulnerability.
  * BUG 15206: libnet: change_password() doesn't work with
    dcerpc_samr_ChangePasswordUser4().
  * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
  * BUG 15230: Memory leak in snprintf replacement functions.
  * BUG 15237: CVE-2022-37966.
  * BUG 15240: CVE-2022-38023.
  * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
    (CVE-2021-20251 regression).

o  Noel Power <noel.power@suse.com>
  * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
    same size.

o  Anoop C S <anoopcs@samba.org>
  * BUG 15198: Prevent EBADF errors with vfs_glusterfs.

o  Andreas Schneider <asn@samba.org>
  * BUG 15237: CVE-2022-37966.
  * BUG 15243: %U for include directive doesn't work for share listing
    (netshareenum).
  * BUG 15257: Stack smashing in net offlinejoin requestodj.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
  * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
  * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
  * BUG 15231: CVE-2022-37967.
  * BUG 15237: CVE-2022-37966.

o  Nicolas Williams <nico@twosigma.com>
  * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
    user-controlled pointer in FAST.

(wiz)

doc: Updated www/ruby-rails-html-sanitizer to 1.4.4

(taca)

www/ruby-rails-html-sanitizer: update to 1.4.4

1.4.4 (2022-12-13)

* Address inefficient regular expression complexity with certain
  configurations of Rails::Html::Sanitizer.

  Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

  Mike Dalessio

* Address improper sanitization of data URIs.

  Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

  Mike Dalessio

(taca)