ham/chirp: Update to 20220613

Upstream changes are minor

(gdt)

doc: Updated devel/py-mercurial to 6.1.3

(wiz)

py-mercurial: update to 6.1.3.

Mercurial 6.1.3

security:

    narrow_widen_acl: enforce narrowacl in narrow_widen (SEC) 6b10151b9621

normal notes:

    censor: fix [hg update] away from a revision with censored files
    amend: stop losing copies when amending
    rhg: strengthen dirstate v2 writing in broken filesystems
    work around some broken DLL imports in Windows
    worker: adapt _blockingreader to work around a python3.8.[0-1] bug (issue6444)
    rhg: correctly handle the case where diffs are encoded relative to nullrev
    fix bugs and race-conditions in the Mercurial test runner
    chg: ignore already closed fds when cleaning up

(wiz)

doc: Updated security/py-cyclonedx-python-lib to 2.5.1

(wiz)

py-cyclonedx-python-lib: update to 2.5.1.

2.5.1

Fix

    Add missing Vulnerability comparator for sorting (#246) (c3f3d0d)

2.5.0

Feature

    Use SortedSet in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (8a1c404)

Documentation

    Fix typo "This is out" -> "This is our" (ef0278a)

2.4.0

Feature

    deps: Remove unused typing-extensions constraints (2ce358a)

(wiz)

doc: Updated x11/xscreensaver to 6.04

(wiz)

xscreensaver: update to 6.04.

New hacks, nakagin and chompytower.
Settings dialog shows diagnostics for bad image folders and feeds.
URLs for imageDirectory can now point at archive.org collections.
Sliders for various ���Speed��� preferences are easier to use.
X11: Settings dialog shows saver description below embedded preview.
X11: Better behavior when zero monitors are attached.
X11: Improvements to inhibiting blanking while videos are playing: No longer necessary to hack GNOME and KDE to get them to not usurp the org.freedesktop.ScreenSaver endpoint.
X11: unicrud displays character names.
Updated webcollage.

(wiz)

doc: Updated graphics/ImageMagick to 7.1.0.37

(wiz)

ImageMagick: update to 7.1.0.37.

7.1.0-37 - changes not found

7.1.0-36 - 2022-05-30

Commits

    beta release cfdb489
    Corrected the avif check to fix the issue reported in #5159. c638f3f
    introducing the dominant-color property 9135de4
    improve dominant color reporting 3077a6c
    Updated CodeQL Action. b7b90a1
    Try with different permissions. c092510
    Corrected permission name. 0014ddf
    Corrected pragma comments due to repository renames. ad98584
    Added arm64 to the main build. 5eb9b2b
    cosmetic 967fc1c
    Download ChangeLog after cloning the repositories. 7b0bf73
    latest ImageMagick documentation 0442c9d
    release cd1add4

(wiz)

doc: Updated devel/talloc to 2.3.4

(wiz)

talloc: update to 2.3.4.

Changes not found.

(wiz)

doc: Updated fonts/unifont to 14.0.04

(wiz)

unifont: update to 14.0.04.

2022-06-04: Release 14.0.04
  * Fix to font/ttfsrc/Makefile for TrueType & OpenType parallel builds.
  * Minor updates for some glyphs, notably Runic (U+16A0..U+16FF).
  * All Ahom glyphs (U+11700..U+1174F) are now rendered properly.

(wiz)

doc: Updated security/botan2 to 2.19.2

(wiz)

botan: update to 2.19.2.

Version 2.19.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for parallel computation in Argon2 (GH #2937 #2926)

* Add SSSE3 implementation of Argon2 (GH #2937 #2927)

* The OpenSSL provider was incompatible with OpenSSL 3.0.
  It has been removed (GH #2902)

* Avoid using reserve in secure_vector appending, which caused
  a performance problem (GH #2945 #2920)

* Fix TLS::Text_Policy behavior when X25519 is disabled
  at build time (GH #2894)

* Fix several warnings from Clang (#2888 #2886)

(wiz)

doc: Updated devel/ocaml-psq to 0.2.0

(jaapb)

Updated devel/ocaml-psq to version 0.2.0.

This version includes a semantics cleanup, with breaking API changes,
and is somewhat faster.

(jaapb)

Added ocaml-mimic to Makefile SUBDIRs

(jaapb)

doc: Added net/ocaml-mimic version 0.0.5

(jaapb)

Added net/ocaml-mimic, a dynamic flow instantiation library.

This is needed as a dependency of the update of devel/ocaml-git.

(jaapb)

Added ocaml-mirage-flow to Makefile SUBDIRs

(jaapb)

doc: Added devel/ocaml-mirage-flow version 3.0.0

(jaapb)

Added devel/ocaml-mirage-flow, flow implementations for Mirage

This is needed as a dependency for the update of devel/ocaml-git.

(jaapb)

Added ocaml-mirage-clock to Makefile SUBDIRs

(jaapb)

doc: Added time/ocaml-mirage-clock version 4.2.0

(jaapb)

Added time/ocaml-mirage-clock, a library for portable clocks.

This is needed as a dependency (of a dependency) for the new version
of devel/ocaml-git.

(jaapb)

libpano13: add missig patch

(adam)

deforaos-panel: fix PLIST

(wiz)

libpano13: add missing build tool dependency

(wiz)

puzzles: add missing build dependencies

(wiz)

mk/find-pkgconfig-files.mk: fix copy-and-paste leftovers

The pkg-config files are not header files.

While here, use ':=' for the variable assignments above procedure files
and document how to check the results during development.

(rillig)

Remove entry after downgrading ncspot

(pin)

audio/ncspot: downgrade to 0.9.8

See note in Makefile.

(pin)

doc/TODO: add some

+ ImageMagick-7.1.0.37, MesaLib-21.3.9, alsa-lib-1.2.7, botan2-2.19.2,
  npm-8.12.1, ocaml-findlib-1.9.4, poppler-22.06.0,
  py-cyclonedx-python-lib-2.5.1, py-mercurial-6.1.3,
  rust-analyzer-0.0.20220606, talloc-2.3.4, unifont-14.0.04.

(wiz)

doc: Updated archivers/xfce4-thunar-archive to 0.5.0

(gutteridge)

xfce4-thunar-archive: update to 0.5.0

Change log:

0.5.0
======
- Fix for ark (Issue #4)
- automake: INCLUDES -> AM_CPPFLAGS
- preserve callbacks in tap-provider
- remove GSpawnChildSetupFunc usage from tap_backend_run
- Adds new README.md
- updates AM_INIT_AUTOMAKE macro with foreign option
- Add basic GitLab pipeline
- Allow zip files (i.e. odt, docx...) to be compressed (Bug #15295)
- Start archive application from file's directory (Bug #14773)
- Replace AC_PROG_LIBTOOL with IT_PROG_INTLTOOL
- Add support for archive manager for MATE
- Translation Updates:
  Albanian, Amharic, Arabic, Armenian (Armenia), Asturian, Basque,
  Belarusian, Bulgarian, Catalan, Chinese (China), Chinese (Taiwan),
  Croatian, Czech, Danish, Dutch, Eastern Armenian, Eastern Armenian
  (Russia), English (Australia), English (United Kingdom), Esperanto,
  Estonian, Finnish, French, Galician, German, Greek, Hebrew, Hindi,
  Hungarian, Icelandic, Indonesian, Interlingue, Italian, Japanese,
  Kabyle, Kazakh, Korean, Latvian, Lithuanian, Malay, Norwegian
  Bokm奪l, Norwegian Nynorsk, Occitan (post 1500), Panjabi (Punjabi),
  Portuguese, Portuguese (Brazil), Romanian, Russian, Serbian, Slovak,
  Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Urdu, Urdu
  (Pakistan), Uyghur, Uzbek, Uzbek (Latin), Vietnamese

(gutteridge)

sbcl: remove removed patch from distinfo

(wiz)

doc: Updated audio/strawberry to 1.0.5

(nia)

strawberry: update to 1.0.5

Version 1.0.5 (2022.06.10)

Bugfixes:
    * Fixed smart playlist filetype search.
    * Fixed Radio Paradise URLs to use HTTPS instead of HTTP.
    * Fixed horizontal scrolling not affecting currently playing track
    * Fixed keep running in the background when window is closed with Wayland
    * Fixed percent-encoding of URLs when loading and saving XSPF playlists
    * Fixed fancy tabbar context menu showing on right clicks outside of tabbar when a song is playing.
    * Fixed possible duplicating songs in the database when moving songs to the collection using the organize feature.

Enhancements
    * Show more details in error dialog on GStreamer errors
    * Allow setting blur amount of playlist background image up to 100px
    * Include 128x128 icon sizes
    * Show right click copy context menu in context view on top text and lyrics
    * Improve fading between album covers in context view.
    * Added option for overwriting database playcounts in collection settings
    * Added option for disabling bar on currently playing track

(nia)

doc: Updated sysutils/lsd to 0.22.0

(pin)

sysutils/lsd: update to 0.22.0

0.22.0 - 2022-06-12
Added
  Add support for --header from MichaelAug
  Add support for --no-sort -U from MichaelAug
  Add --group-directories-first as an alias for --group-dirs=first to improve
  compatibility with coreutils/ls
  Add --permission flag to choose permission formatting (rwx, octal) from meain
  Display MAC contexts and MAC and ACL indicators from mmatous
  Add --hyperlink flag for adding hyperlinks to files from KSXGitHub and meain
  Add icons for HEIC, PEM and TOML from Nix

Changed
  Show Docker icon for files with Dockerfile extension #652 from TeamTamoad

Fixed
  Support non-bold bright colors #248 from meain
  Don't automatically dereference symlinks in tree/recursive #637 from meain
  Removed useless error message when attempting to make a hyperlink for a broken
  symlink from KodiCraft

(pin)

doc: Updated sysutils/dua-cli to 2.17.6

(pin)

sysutils/dua-cli: update to 2.17.6

2.17.6 (2022-06-12)
-A maintenance release which should make the ctrl + o feature open files without
blocking on linux thanks to an upgrade in the open crate which powers this
feauture.

(pin)

doc: Updated lang/sbcl to 2.2.5

(gdt)

lang/sbcl: Update to 2.2.5

Tested by building (and hence building clisp) on NetBSD 9 amd64, and
running sbcl and evaluating (+ 1 2), following report by Chavdar
Ivanov.

Upstream NEWS (less bugfixes and minor improvements)

changes in sbcl-2.2.5 relative to sbcl-2.2.4:
  * minor incompatible change: SB-EXT:*DERIVE-FUNCTION-TYPES* being NIL now
    means that function calls will strictly only use type information from
    proclaimed ftypes. The previous behavior (still the default) of using
    derived type information from the same file is specified with :SAME-FILE.
    (lp#1393302)
  * minor incompatible change: RENAME-FILE now overwrites the target file on
    Windows too, making its behaviour consistent with other platforms.
  * minor incompatible change: inlining of local function is inhibited if
    policy DEBUG = 3.
  * platform support:
    ** single-stepping is now supported on 64-bit PowerPC platforms.  (thanks
      to Thomas Fitzsimmons)
    ** the :SB-LINKABLE-RUNTIME feature is now supported on 32-bit and 64-bit
      PowerPC platforms.  (thanks to Thomas Fitzsimmons)
  * enhancement: debug source locations now work correctly for top level forms
    with policy DEBUG = 1, as well as for block compiled files.
  * enhancement: TRACE now supports tracing macro functions, compiler-macro
    functions, individual methods and local functions.  See the user manual for
    more details.  (lp#375314)

changes in sbcl-2.2.4 relative to sbcl-2.2.3:
  * enhancement: better constraint propagation in the compiler. Specifically,
    the compiler can now derive the type of X in control flow join situations
    such as
    (LAMBDA (X) (ECASE (1 ...) (2 ...)) X)
    or
    (LAMBDA (X) (ETYPECASE (INTEGER ...) (SYMBOL ...)) X)
    instead of forgetting all information about X after the E(TYPE)CASE.

changes in sbcl-2.2.3 relative to sbcl-2.2.2:
  * minor incompatible change: SB-THREAD:MUTEX-OWNER may return :THREAD-DEAD
    if the apparent owner either exited nearly instantly after releasing the
    mutex (and is not now the owner), or died and never released it.
  * minor incompatible change: building the system with the simple semi-space
    copying collector is no longer supported.
  * minor incompatible change: support for PPC/Darwin has been removed.
  * platform support:
    ** threads are now enabled by default on RISC-V.
    ** The generational garbage collector is now supported on MIPS.

changes in sbcl-2.2.2 relative to sbcl-2.2.1:
  * platform support:
    ** all architectures now share the coverage mark instrumentation
      implementation, meaning that performance now equals what had been
      implemented only on x86 architectures.
  * enhancement: improved handling of source locations for some classes
    of compile time and runtime errors.
  * enhancement: better source locations for structure accessors.

changes in sbcl-2.2.1 relative to sbcl-2.2.0:
  * incompatible change: DEFINE-ALIEN-CALLBACK, which has never been exported
    from a public package, has been deleted.  It is superseded by
    SB-ALIEN:DEFINE-ALIEN-CALLABLE.
  * minor incompatible change: compiler warnings are emitted on more
    provably-erroneous code involving sequence functions on specialized
    arrays.
  * platform support:
    ** support getting thread IDs on FreeBSD.  (thanks to Felix Lange)
  * enhancement: provide a restart for method lambda list mismatches that
    fmakunbounds the generic function.
  * enhancement: provide a USE-VALUE restart around type errors signalled from
    (SETF SLOT-VALUE).
  * enhancement: when UPDATE-INSTANCE-FOR-DIFFERENT-CLASS (or -REDEFINED-)
    undergoes a non-local exit, restore the instance to its original state.
    (thanks to Michał phoe Herda)
  * enhancement: the :SYNCHRONIZED keyword argument to MAKE-HASH-TABLE is no
    longer experimental.

changes in sbcl-2.2.0 relative to sbcl-2.1.11:
  * platform support:
    ** support for FreeBSD on 64-bit arm platforms has been added.
    ** the :SB-LINKABLE-RUNTIME build-time feature is now supported on 32-bit
      and 64-bit arm platforms, and on the FreeBSD operating system.
  * enhancement: catch type mismatches for REPLACE, SUBSTITUTE, MAKE-ARRAY
    with :INITIAL-CONTENTS.

(gdt)

math/Makefile: Add basic-stats

(bacon)

doc: Added math/basic-stats version 0.1.2

(bacon)

math/basic-stats: Command-line tool for statistics on tabular data

Basic-stats is a command-line tool to perform basic statistics on a
tabular data stream.  It supports performing multiple functions such as
mean, median, etc. on independent rows and/or columns during a single
pass on independent rows and/or columns.  Memory use is trivial except
for functions that require loading the sample/population for sorting,
such as median.

(bacon)

qemu: Permit to use `-cpu host' with NVMM

PKGREVISION++

(leot)

doc: Updated www/ruby-rails-html-sanitizer to 1.4.3

(taca)

www/ruby-rails-html-sanitizer: update to 1.4.3

1.4.3 (2022-06-09)

* Address a possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Prevent the combination of `select` and `style` as allowed tags in
  SafeListSanitizer.

  Fixes CVE-2022-32209

  *Mike Dalessio*

(taca)

Note update of security/opendnssec2 to 2.1.10.

(he)

Update OpenDNSSEC2 to version 2.1.10.

Upstream changes:

OpenDNSSEC 2.1.10 - 2021-09-10

* OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
* OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
* OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count
  that is deemed too high.
* SUPPORT-265: Resolve conflict when deleting keys from HSM whilst
  also performing step in key roll process.  Typically a message
  "key_data_update failed" is present in logs.
* Provided RedHat/CentOS spec file in contrib directory.

(he)

security/ca-certificates: Add configurability for certificate store

- The location of the system certificate store can now be set using
  a new configuration file (ca-certificates-dir.conf).

- Installing the certificates to the system certificate store must
  be enabled by the administrator.

(kim)

htop: set USE_CURSES=getmouse rather than USE_NCURSES

(nia)

doc: Updated biology/peak-classifier to 0.1.4

(bacon)

biology/peak-classifier: Update to 0.1.4

Update for bl_gff_t API streamlining
https://github.com/auerlab/peak-classifier/releases

(bacon)

doc: Updated biology/vcf2hap to 0.1.6

(bacon)

biology/vcf2hap: Update to 0.1.6

Update for bl_vcf_t API streamlining
Changes: https://github.com/auerlab/vcf2hap/releases

(bacon)

biology/ad2vcf: Update to 0.1.6

Updates for bl_sam_t and bl_vcf_t API streamlining
Changes: https://github.com/auerlab/ad2vcf/releases

(bacon)

doc: Updated biology/vcf-split to 0.1.5

(bacon)

biology/vcf-split: Update to 0.1.5

Use latest biolibc API
Minor build system improvements
https://github.com/auerlab/vcf-split/releases

(bacon)

doc: Updated biology/biolibc-tools to 0.1.3

(bacon)

biology/biolibc-tools: Update to 0.1.3

Add vcf-downsample subcommand
Improvements to build system
extract-seq: Recurse to output subfeatures
Numerous other minor enhancements and fixes
Changes: https://github.com/auerlab/biolibc-tools/releases

(bacon)

doc: Updated biology/biolibc to 0.2.3

(bacon)

biology/biolibc: Update to 0.2.3

Expand use of tsv_read_field_malloc() to improve memory efficiency
Add SAM bit flag constants
Import SAM-GFF compare functions from diffanal
Updates for libxtend DSV API changes
Numerous minor bug fixes and enhancements
Changes: https://github.com/auerlab/biolibc/releases

(bacon)

doc: Updated devel/libxtend to 0.1.6

(bacon)

devel/libxtend: Update to 0.1.6

Add dsv_line_init(), strptrcasecmp()
A few API improvements and bug fixes
Changes: https://github.com/outpaddling/libxtend/releases

(bacon)

doc: Updated audio/ncspot to 0.10.0

(pin)

audio/ncspot: update to 0.10.0

Maintenance
    Update to Librespot 0.4.1
    Prevent integer overflow when calculating cache size (#823)
    Fix some errors and warnings when enabling/disabling features (#821)
    Fix: don't throw error if search yields no result (#832)

Features
    Add option (library_tabs) to customize library tabs (#798)
    Add track_format config option for custom track formatting in lists (#800)
    Add desktop entry & notification icon hint (#822)

(pin)

mk/help: replace 'appear' with 'occur', as it is more accurate

(rillig)

mk/curses: mark USE_NCURSES as package-settable

There are several packages that set this variable, even though it is not
documented in curses.buildlink3.mk.

(rillig)

deforaos-panel: depend on latest gtk-doc and bump PKGREVISION

PLIST already fixed by mef.

(wiz)

(x11/deforaos-panel) fix build, regen PLIST, +deprecated-api-index.html

(mef)

clang: add a z3 option to allow building against the Z3 constraint solver.

When both lang/llvm and lang/clang are built with the z3 option enabled,
the Z3 constraint solver is activated for the Clang static analyzer.

This option is not enabled by default.

(fcambus)

llvm: add a z3 option to allow building against the Z3 constraint solver.

When both lang/llvm and lang/clang are built with the z3 option enabled,
the Z3 constraint solver is activated for the Clang static analyzer.

This option is not enabled by default.

(fcambus)

doc: Updated graphics/scrot to 1.7

(nia)

scrot: update to 1.7. take maintainership.

Version 1.7

* Fixed: code style, add missing final newline.
* Fixed: autogen.sh: fix some shellcheck issues.
* Replace insecure c-strings functions (following libbsd integration).
* New option: --select=hole (-shole), hole selection area.
* New option: --select=hide (-shide), hide selection area, support image.
* New option: --select=blur (-sblur), blur selection area.
* New option: (-) add redirection to standard output (format PNG).
* Improvement option: --stack, add an optional join direction (v/h).
* Fixed: free memory image and font resources.
* Bug fixed: segfault if mouse cursor image was not obtained.
* Use err/warn functions (following libbsd integration).
* Others various code improvement.
* Added new library dependency: libbsd.
* Autotools: added option --without-libbsd.
* Improvement: Autotools: remove unused files, remove obsolete macros, assume
  C89 functions exist, delete scrot.spec.
* Improvement: remove unused C macro, use strndup function, use designated
  initializers (C99).
* Improvement: Doc: polish the txt2man manual, CONTRIBUTING.md, TODO.md.
* Others various code improvement.
* New option: --file (-F), provide the filename as an option.
* Fixed: code style guideline violations (WebKit).
* Use strlcpy/strlcat (following libbsd integration).
* Fixed a mistake in README.md.
* Convert all source files to the WebKit style.
* New option: --ignorekeyboard (-i), Don't exit for keyboard input. ESC still
  exits.

(nia)

(net/py-zmq) Fix build, +DEPENDS+= py-packaging

(mef)

doc: Updated graphics/gdk-pixbuf2 to 2.42.8

(nia)

gdk-pixbuf2: update to 2.42.8

2.42.8 (stable)
===

- Clear the pixbuf's memory buffer to avoid returning uninitialized memory
- Turn GdkPixbufModule functions into typed callbacks
- tiff: Use non-deprecated C99 integer types
- gif: Check for overflow when compositing or clearing frames
- Change png/jpeg/tiff build options from boolean to feature
- jpeg: Do not rely on UB around setjmp/longjmp
- Build fixes
- Documentation fixes
- Translation updates

(nia)

drawing: mine

(nia)

doc: Updated graphics/drawing to 1.0.1

(nia)

drawing: update to 1.0.1

drawing (1.0.1) unstable; urgency=low

  * enable the highlighter by default
  * less intrusive "what's new" message dialog
  * non-linear zooming speed profile
  * slower scrolling speed to have a better precision with higher zoom levels
  * require itstool as a dependency even though it's some useless bloat
  * fix the adaptivity of the elementaryOS layout
  * better keep the image centered on the mouse pointer when changing the zoom
  * avoid ���again��� insane attempts to open the binary as an image
  * update several translations

drawing (1.0.0) unstable; urgency=low

  * enable tools with "alt+letter" mnemonics
  * larger sidebar items, where the selected tool is easier to see
  * new "skew" tool
  * enable or disable specific tools options with the <shift> or <alt> keyboard modifiers
  * show more numerous, more dynamic, more contextual help tips as the window's subtitle
  * display cursor coordinates and other related data when pressing the <ctrl> keyboard modifier
  * dynamically change the label of the "options" submenu in the menu-bar, to increase its discoverability
  * scale tool option to set the size in percentage
  * suggest to "apply & save" when trying to save while an operation is unapplied
  * highlighter option to straighten the line, so it better follows the underlying text
  * improvements to the "points" tool's numbers readability
  * suggest to "apply & deselect" when trying to save while the selection is active
  * more precise tools for tiny modifications required by pixel-art
  *
  * display pixels sharply when zooming deeper than 400%
  * hide information messages after 4 seconds if they're not that useful
  * disable the 'reload image from the disk' action if the image has never been saved
  * new 'reset the canvas' action
  * warn the user if they're opening an already opened image
  * suggest to reload the picture if it has changed on the disk
  * artificially limited framerate to avoid overloading the CPU
  * menu item and action to change the theme variant preference
  * toggle the menubar with ctrl+f2
  *
  * update the user help manual
  * shorter appdata summary, to comply with guidelines
  * update several translations

drawing (0.8.5) unstable; urgency=low

  * text tool option for a thicker outline
  * visual feedback when the user moves the minimap preview
  * update several translations

drawing (0.8.4) unstable; urgency=low

  * option to disable anti-aliasing with the text tool
  * if "undo" is pressed several times in a short period, recompute only once
  * disable the 'reload image from the disk' action if it has never been saved
  * update several translations

(nia)

doc: Updated converters/sratom to 0.6.10

(nia)

sratom: update to 0.6.10

sratom (0.6.10) stable;

  * Fix documentation installation directory
  * Fix potential blank node ID truncation

(nia)

doc: Updated audio/suil to 0.10.12

(nia)

suil: update to 0.10.12

suil (0.10.12) stable;

  * Fix build issues with newer toolchains
  * Fix some compiler warnings
  * Remove Qt4 support

(nia)

doc: Updated textproc/sord to 0.16.10

(nia)

sord: update to 0.16.10

sord (0.16.10) stable;

  * Fix Windows build
  * Fix potential crash or incorrectness issue with GCC 10 again

(nia)

doc: Updated textproc/serd to 0.30.12

(nia)

serd: update to 0.30.12

serd (0.30.12) stable;

  * Fix warnings and build issues with clang 13 and VS 2019
  * Fix writing long literals with triple quotes
  * Improve documentation style
  * Support combining several BSD-style command line flags in serdi
  * Write statements with invalid URI characters in lax mode

(nia)

doc: Updated audio/lilv to 0.24.14

(nia)

lilv: update to 0.24.14

lilv (0.24.14) stable;

  * Fix build issues with newer toolchains
  * Fix unused parameter warnings
  * Update zix tree

(nia)

doc: Updated audio/lv2 to 1.18.4

(nia)

lv2: update to 1.18.4

lv2 (1.18.4) stable;

  * Fix build issues with newer toolchains.
  * Fix spelling errors.
  * atom: Fix spelling errors.
  * patch: Fix spelling errors.
  * patch: Fix type and range of patch:value.
  * patch: Make the type of patch:wildcard more precise.
  * state: Fix spelling errors.
  * ui: Deprecate ui:resize.
  * ui: Fix spelling errors.

(nia)

Pullup tickets #6643 to #6645

(bsiegert)

Pullup ticket #6645 - requested by taca
www/apache24: security fix

Revisions pulled up:
- www/apache24/Makefile                                        1.111
- www/apache24/distinfo                                        1.53

---
  Module Name: pkgsrc
  Committed By: adam
  Date: Thu Jun  9 18:15:51 UTC 2022

  Modified Files:
  pkgsrc/www/apache24: Makefile distinfo

  Log Message:
  apache24: updated to 2.4.54

  Changes with Apache 2.4.54

  *) SECURITY: CVE-2022-31813: mod_proxy X-Forwarded-For dropped by
      hop-by-hop mechanism (cve.mitre.org)
      Apache HTTP Server 2.4.53 and earlier may not send the
      X-Forwarded-* headers to the origin server based on client side
      Connection header hop-by-hop mechanism.
      This may be used to bypass IP based authentication on the origin
      server/application.
      Credits: The Apache HTTP Server project would like to thank
      Gaetan Ferry (Synacktiv) for reporting this issue

  *) SECURITY: CVE-2022-30556: Information Disclosure in mod_lua with
      websockets (cve.mitre.org)
      Apache HTTP Server 2.4.53 and earlier may return lengths to
      applications calling r:wsread() that point past the end of the
      storage allocated for the buffer.
      Credits: The Apache HTTP Server project would like to thank
      Ronald Crane (Zippenhop LLC) for reporting this issue

  *) SECURITY: CVE-2022-30522: mod_sed denial of service
      (cve.mitre.org)
      If Apache HTTP Server 2.4.53 is configured to do transformations
      with mod_sed in contexts where the input to mod_sed may be very
      large, mod_sed may make excessively large memory allocations and
      trigger an abort.
      Credits: This issue was found by Brian Moussalli from the JFrog
      Security Research team

  *) SECURITY: CVE-2022-29404: Denial of service in mod_lua
      r:parsebody (cve.mitre.org)
      In Apache HTTP Server 2.4.53 and earlier, a malicious request to
      a lua script that calls r:parsebody(0) may cause a denial of
      service due to no default limit on possible input size.
      Credits: The Apache HTTP Server project would like to thank
      Ronald Crane (Zippenhop LLC) for reporting this issue

  *) SECURITY: CVE-2022-28615: Read beyond bounds in
      ap_strcmp_match() (cve.mitre.org)
      Apache HTTP Server 2.4.53 and earlier may crash or disclose
      information due to a read beyond bounds in ap_strcmp_match()
      when provided with an extremely large input buffer.  While no
      code distributed with the server can be coerced into such a
      call, third-party modules or lua scripts that use
      ap_strcmp_match() may hypothetically be affected.
      Credits: The Apache HTTP Server project would like to thank
      Ronald Crane (Zippenhop LLC) for reporting this issue

  *) SECURITY: CVE-2022-28614: read beyond bounds via ap_rwrite()
      (cve.mitre.org)
      The ap_rwrite() function in Apache HTTP Server 2.4.53 and
      earlier may read unintended memory if an attacker can cause the
      server to reflect very large input using ap_rwrite() or
      ap_rputs(), such as with mod_luas r:puts() function.
      Credits: The Apache HTTP Server project would like to thank
      Ronald Crane (Zippenhop LLC) for reporting this issue

  *) SECURITY: CVE-2022-28330: read beyond bounds in mod_isapi
      (cve.mitre.org)
      Apache HTTP Server 2.4.53 and earlier on Windows may read beyond
      bounds when configured to process requests with the mod_isapi
      module.
      Credits: The Apache HTTP Server project would like to thank
      Ronald Crane (Zippenhop LLC) for reporting this issue

  *) SECURITY: CVE-2022-26377: mod_proxy_ajp: Possible request
      smuggling (cve.mitre.org)
      Inconsistent Interpretation of HTTP Requests ('HTTP Request
      Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
      allows an attacker to smuggle requests to the AJP server it
      forwards requests to.  This issue affects Apache HTTP Server
      Apache HTTP Server 2.4 version 2.4.53 and prior versions.
      Credits: Ricter Z @ 360 Noah Lab

  *) mod_ssl: SSLFIPS compatible with OpenSSL 3.0.

  *) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.

  *) mod_md:  a bug was fixed that caused very large MDomains
      with the combined DNS names exceeding ~7k to fail, as
      request bodies would contain partially wrong data from
      uninitialized memory. This would have appeared as failure
      in signing-up/renewing such configurations.

  *) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.

  *) MPM event: Restart children processes killed before idle maintenance.

  *) ab: Allow for TLSv1.3 when the SSL library supports it.

  *) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
      transmission delays.

  *) MPM event: Fix accounting of active/total processes on ungraceful restart,

  *) core: make ap_escape_quotes() work correctly on strings
      with more than MAX_INT/2 characters, counting quotes double.
      Credit to <generalbugs@zippenhop.com> for finding this.

  *) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
      an ACME CA. This gives a failover for renewals when several consecutive attempts
      to get a certificate failed.
      A new directive was added: `MDRetryDelay` sets the delay of retries.
      A new directive was added: `MDRetryFailover` sets the number of errored
      attempts before an alternate CA is selected for certificate renewals.

  *) mod_http2: remove unused and insecure code.

  *) mod_proxy: Add backend port to log messages to
      ease identification of involved service.

  *) mod_http2: removing unscheduling of ongoing tasks when
      connection shows potential abuse by a client. This proved
      counter-productive and the abuse detection can false flag
      requests using server-side-events.
      Fixes <https://github.com/icing/mod_h2/issues/231>.

  *) mod_md: Implement full auto status ("key: value" type status output).
      Especially not only status summary counts for certificates and
      OCSP stapling but also lists. Auto status format is similar to
      what was used for mod_proxy_balancer.

  *) mod_md: fixed a bug leading to failed transfers for OCSP
      stapling information when more than 6 certificates needed
      updates in the same run.

  *) mod_proxy: Set a status code of 502 in case the backend just closed the
      connection in reply to our forwarded request.

  *) mod_md: a possible NULL pointer deref was fixed in
      the JSON code for persisting time periods (start+end).
      Fixes #282 on mod_md's github.
      Thanks to @marcstern for finding this.

  *) mod_heartmonitor: Set the documented default value
      "10" for HeartbeatMaxServers instead of "0". With "0"
      no shared memory slotmem was initialized.

  *) mod_md: added support for managing certificates via a
      local tailscale daemon for users of that secure networking.
      This gives trusted certificates for tailscale assigned
      domain names in the *.ts.net space.

(bsiegert)

Pullup ticket #6644 - requested by taca
www/ruby-rack: security fix

Revisions pulled up:
- www/ruby-rack/Makefile                                        1.30
- www/ruby-rack/distinfo                                        1.28

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat May 28 09:55:51 UTC 2022

  Modified Files:
  pkgsrc/www/ruby-rack: Makefile distinfo

  Log Message:
  www/ruby-rack: update to 2.2.3.1

  2.2.3.1 (2022-05-27)

  * [CVE-2022-30123] Fix shell escaping issue in Common Logger
  * [CVE-2022-30122] Restrict parsing of broken MIME attachments

(bsiegert)

Pullup ticket #6643 - requested by taca
security/clamav-doc: build fix after pullup #6625

Revisions pulled up:
- security/clamav-doc/Makefile                                  1.7
- security/clamav-doc/PLIST                                    1.9

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sun May 15 04:46:32 UTC 2022

  Modified Files:
  pkgsrc/security/clamav-doc: Makefile PLIST

  Log Message:
  clamav-doc: fix PLIST

  Bump PKGREVISION.

(bsiegert)

Forgot to commit the changelog for my last batch of pullups

(bsiegert)

postfix: FreeBSD 13 support

makedefs already contains the FreeBSD 12 stanza but not version 13.
From cubadevelop via Github Pull Request.

Fixes NetBSD/pkgsrc#97

(bsiegert)

qemu: correct pthread_setname_np invocation on macOS

From kflu in PR NetBSD/pkgsrc#107.

Note that I did not test a macOS build due to a lack of access to a Mac.

(bsiegert)

rarian: remove unnecessary chunk

(wiz)

rarian: avoid unnecessary error output

This package expects GNU getopt, as it uses the -n option. Restore a
patch that addresses this, so we don't get a bunch of logging spam from
non-GNU versions during the install phase of various dependant packages.
(The package already explicitly depends on GNU getopt from pkgsrc.)

Addresses PR pkg/56871 from Yasushi Oshima, who provided the analysis.

(gutteridge)

doc: Updated security/pleaser to 0.5.3

(pin)

security/pleaser: update to 0.5.3

-Fix bug regarding 'require_pass'

(pin)