Make a first attempt at a MacOS config for devel/ldapsdk.

Step towards PR 42040. (Next step is to actually make it work.)

(dholland)

(devel/ocaml-bin_prot) Add ocaml-ppx_optcomp/bld3.mk

(mef)

lang/tcl-expect: add workaround for deadlock seen on Linux and Solaris

Closes PR 34442.

(dholland)

mozilla-common.mk: use :Q with CPP in CONFIGURE_ENV.

Otherwise it blows up if CPP is $(CC) -E. Seen in the MacOS bulk builds.

(this commit syncs seamonkey and firefox52 with the newer firefoxes
that already have this fix)

(dholland)

Bump all elisp packages for the CONFLICTS change.

(dholland)

editors/emacs/modules.mk: remove explicit CONFLICTS

There's no need for CONFLICTS between the xemacs and emacs versions of
the same elisp package unless the PLISTs overlap, and if they do (most
don't because they install into different subtrees), that fact is
sufficient.

As suggested by PR 39886, a long long time ago.

(dholland)

Solarish needs __EXTENSIONS__.

(schmonz)

typo in comment

(dholland)

EXTRACT_USING=bsdtar to hopefully fix .zst extraction in bulk builds,
suggested by joerg@.

(schmonz)

Solarish needs -lsocket.

(schmonz)

Remove errant PLIST entry for a file that's installed under
XKB_OUTPUT_DIR, which is usually derived from VARBASE, and in any case
appears intended to be handled by OWN_DIRS. While here, remove
unrecognized configure options. Fixes packaging in typical
configurations, NFCI elsewhere.

(schmonz)

qwt6-qt5: fix pathname copypasta mistake

(tnn)

openjdk17: installs jdk.internal.vm.compiler on aarch64

(tnn)

py-qwt-qt5: fix build on macOS

(tnn)

pciutils: Update patch to current version.

(jperkin)

qwt6-qt5: libqwt.dylib needs rpath fixup

(tnn)

kfilemetadata5: Avoid attr dependency on SunOS.

Doesn't appear to be required, and the latter is unsupported.

(jperkin)

doc: Updated textproc/bat to 0.21.0

(fox)

textproc/bat: Updates to 0.21.0

Changes since 0.20.0:

v0.21.0
Features

  * Correctly render tab stops in --show-all, see #2038 (@Synthetica9)
  * Add a --style=default option and make it the default. It is less verbose
    than full, see #2061 (@IsaacHorvath)
  * Enable BusyBox less as pager, see #2162 (@nfisher1226)
  * File extensions are now matched case-insensitively. See #1854, #2181
    (@Enselic)

Bugfixes

  * Bump regex dependency from 1.5.4 to 1.5.5 to fix CVE-2022-24713, see #2145,
    #2139 (@Enselic)
  * bat no longer crashes when encountering files that references missing
    syntaxes. See #915, #2181 (@Enselic)

Performance

  * Skip syntax highlighting on long lines (> 16384 chars) to help improve
    performance. See #2165 (@keith-hall)
  * Vastly improve startup time by lazy-loading syntaxes via syntect 5.0.0. This
    makes bat display small files ~75% faster than before. See #951, #2181
    (@Enselic)

Other

  * Include info about custom assets in --diagnostics if used. See #2107, #2144
    (@Enselic)

Syntaxes

  * Mapped clang-format config file (.clang-format) to YAML syntax
    (@TruncatedDinosour)
  * log syntax: improved handling of escape characters in double quoted
    strings. See #2123 (@keith-hall)
  * Associate /var/spool/mail/* and /var/mail/* with the Email syntax. See #2156
    (@cyqsimon)
  * Added cmd-help syntax to scope --help messages. See #2148 (@victor-gp)
  * Slightly adjust Zig syntax. See #2136 (@Enselic)
  * Associate .inf files with the INI syntax. See #2190 (@Enselic)

Themes
bat as a library

  * Allow configuration of show_nonprintable with PrettyPrinter, see #2142
  * The binary format of syntaxes.bin has been changed due to syntaxes now being
    lazy-loaded via syntect 5.0.0. See #2181 (@Enselic)
  * Mark bat::error::Error enum as #[non_exhaustive] to allow adding new
    variants without future semver breakage. See #2181 (@Enselic)
  * Change Error::SyntectError(syntect::LoadingError) to
    Error::SyntectError(syntect::Error). See #2181 (@Enselic)
  * Add Error::SyntectLoadingError(syntect::LoadingError) enum variant. See
    #2181 (@Enselic)

(fox)

graphene: SunOS needs -D__EXTENSIONS__

(jperkin)

openjdk17: add back some patches upstreamed in openjdk11 but not openjdk17

(tnn)

qwt6-qt5: add some CHECK_SHLIB skips for Darwin

(tnn)

doc: Updated misc/s6-portable-utils to 2.2.4.0nb1

(schmonz)

Install manual pages. Bump PKGREVISION.

(schmonz)

doc: Updated textproc/ruby-nokogiri to 1.13.6

(tsutsui)

ruby-nokogiri: update to 1.13.6.

Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5

1.13.6 / 2022-05-08

Security

  * [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
    related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
    more information.

Improvements

  * {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
    TypeError instead of segfaulting when an incorrect type is passed.

1.13.5 / 2022-05-04

Security

  * [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
    GHSA-cgx6-hpwq-fhv5 for more information.

Dependencies

  * [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

Improvements

  * [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
    recovering some broken markup related to start-of-tag and bare <
    characters.

Changed

  * [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
    markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
    incorrectly-opened comments will result in HTML text nodes starting with &
    lt;! instead of skipping the invalid tag. This behavior is a direct result
    of the quadratic-behavior fix noted above. The behavior of downstream
    sanitizers relying on this behavior will also change. Some tests describing
    the changed behavior are in test/html4/test_comments.rb.

(tsutsui)

postgresql13-client: Mark MAKE_JOBS_SAFE=no.

(jperkin)

doc: Updated devel/lxqt-build-tools to 0.11.0nb1

(jperkin)

lxqt-build-tools: Avoid -Bsymbolic-* on SunOS.

Bump PKGREVISION.

(jperkin)

check-portability: drop -ggdb (gets stripped by default regardless)

(tnn)

openjdk*: remove broken patches that used misspelled __NetBSD_Version__

These were for NetBSD < 8. But since broken #ifdefs did not cause a compile
error we have been using compatibility waitid(2) code where we shouldn't.
Bump PKGREVISIONs.

(tnn)

gnome-tracker-miners: Apply sha256sum patch everywhere.

It's not just NetBSD that needs this, at least macOS and SmartOS too, and
likely many more.

(jperkin)

firefox: patch shell portability issue

(tnn)

sudo: fix PLIST for LDAP

(adam)

Updated security/sudo, archivers/unrar

(adam)

unrar: updated to 6.1.7

6.1.7
Unknown changes

(adam)

sudo: updated to 1.9.10

What's new in Sudo 1.9.10

* Added new "log_passwords" and "passprompt_regex" sudoers options.
  If "log_passwords" is disabled, sudo will attempt to prevent passwords
  from being logged.  If sudo detects any of the regular expressions in
  the "passprompt_regex" list in the terminal output, sudo will log '*'
  characters instead of the terminal input until a newline or carriage
  return is found in the input or an output character is received.

* Added new "log_passwords" and "passprompt_regex" settings to
  sudo_logsrvd that operate like the sudoers options when logging
  terminal input.

* Fixed several few bugs in the cvtsudoers utility when merging
  multiple sudoers sources.

* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
  file, where the "retry_interval" in the [relay] section was not
  being recognized.

* Restored the pre-1.9.9 behavior of not performing authentication
  when sudo's -n option is specified.  A new "noninteractive_auth"
  sudoers option has been added to enable PAM authentication in
  non-interactive mode.

* On systems with /proc, if the /proc/self/stat (Linux) or
  /proc/pid/psinfo (other systems) file is missing or invalid,
  sudo will now check file descriptors 0-2 to determine the user's
  terminal.

* Fixed a compilation problem on Debian kFreeBSD.

* Fixed a crash in sudo_logsrvd when running in relay mode if
  an alert message is received.

* Fixed an issue that resulting in "problem with defaults entries"
  email to be sent if a user ran sudo when the sudoers entry in
  the nsswitch.conf file includes "sss" but no sudo provider is
  configured in /etc/sssd/sssd.conf.

* Updated the warning displayed when the invoking user is not
  allowed to run sudo.  If sudo has been configured to send mail
  on failed attempts (see the mail_* flags in sudoers), it will
  now print "This incident has been reported to the administrator."
  If the "mailto" or "mailerpath" sudoers settings are disabled,
  the message will not be printed and no mail will be sent.

* Fixed a bug where the user-specified command timeout was not
  being honored if the sudoers rule did not also specify a timeout.

* Added support for using POSIX extended regular expressions in
  sudoers rules.  A command and/or arguments in sudoers are treated
  as a regular expression if they start with a '^' character and
  end with a '$'.  The command and arguments are matched separately,
  either one (or both) may be a regular expression.

* A user may now only run "sudo -U otheruser -l" if they have a
  "sudo ALL" privilege where the RunAs user contains either "root"
  or "otheruser".  Previously, having "sudo ALL" was sufficient,
  regardless of the RunAs user.

* The sudo lecture is now displayed immediately before the password
  prompt.  As a result, sudo will no longer display the lecture
  unless the user needs to enter a password.  Authentication methods
  that don't interact with the user via a terminal do not trigger
  the lecture.

* Sudo now uses its own closefrom() emulation on Linux systems.
  The glibc version may not work in a chroot jail where /proc is
  not available.  If close_range(2) is present, it will be used
  in preference to /proc/self/fd.

What's new in Sudo 1.9.9

* Sudo can now be built with OpenSSL 3.0 without generating warnings
  about deprecated OpenSSL APIs.

* A digest can now be specified along with the "ALL" command in
  the LDAP and SSSD back-ends.  Sudo 1.9.0 introduced support for
  this in the sudoers file but did not include corresponding changes
  for the other back-ends.

* visudo now only warns about an undefined alias or a cycle in an
  alias once for each alias.

* The sudoRole cn was truncated by a single character in warning messages.

* The cvtsudoers utility has new --group-file and --passwd-file options
  to use a custom passwd or group file when the --match-local option is
  also used.

* The cvtsudoers utility can now filter or match based on a command.

* The cvtsudoers utility can now produce output in csv (comma-separated
  value) format.  This can be used to help generate entitlement reports.

* Fixed a bug in sudo_logsrvd that could result in the connection being
  dropped for very long command lines.

* Fixed a bug where sudo_logsrvd would not accept a restore point
  of zero.

* Fixed a bug in visudo where the value of the "editor" setting was not
  used if it did not match the user's EDITOR environment variable.
  This was only a problem if the "env_editor" setting was not enabled.

* Sudo now builds with the -fcf-protection compiler option and the
  "-z now" linker option if supported.

* The output of "sudoreplay -l" now more closely matches the
  traditional sudo log format.

* The sudo_sendlog utility will now use the full contents of the log.json
  file, if present.  This makes it possible to send sudo-format I/O logs
  that use the newer log.json format to sudo_logsrvd without losing any
  information.

* Fixed compilation of the arc4random_buf() replacement on systems with
  arc4random() but no arc4random_buf().

* Sudo now uses its own getentropy() by default on Linux.  The GNU libc
  version of getentropy() will fail on older kernels that don't support
  the getrandom() system call.

* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
  layer by using the --enable-wolfssl configure option.

* Fixed a bug related to Daylight Saving Time when parsing timestamps
  in Generalized Time format.  This affected the NOTBEFORE and
  NOTAFTER options in sudoers.

* Added the -O and -P options to visudo, which can be used to check
  or set the owner and permissions.  This can be used in conjunction
  with the -c option to check that the sudoers file ownership and
  permissions are correct.

* It is now possible to set resource limits in the sudoers file itself.
  The special values "default" and "user" refer to the default system
  limit and invoking user limit respectively.  The core dump size limit
  is now set to 0 by default unless overridden by the sudoers file.

* The cvtsudoers utility can now merge multiple sudoers sources into
  a single, combined sudoers file.  If there are conflicting entries,
  cvtsudoers will attempt to resolve them but manual intervention
  may be required.  The merging of sudoers rules is currently fairly
  simplistic but will be improved in a future release.

* Sudo was parsing but not applying the "deref" and "tls_reqcert"
  ldap.conf settings.  This meant the options were effectively
  ignored which broke dereferencing of aliases in LDAP.

* Clarified in the sudo man page that the security policy may
  override the user's PATH environment variable.

* When sudo is run in non-interactive mode (with the -n option), it
  will now attempt PAM authentication and only exit with an error
  if user interaction is required.  This allows PAM modules that
  don't interact with the user to succeed.  Previously, sudo
  would not attempt authentication if the -n option was specified.

* Fixed a regression introduced in version 1.9.1 when sudo is
  built with the --with-fqdn configure option.  The local host
  name was being resolved before the sudoers file was processed,
  making it impossible to disable DNS lookups by negating the
  "fqdn" sudoers option.

* Added support for negated sudoUser attributes in the LDAP and
  SSSD sudoers back ends.  A matching sudoUser that is negated
  will cause the sudoRole containing it to be ignored.

* Fixed a bug where the stack resource limit could be set to a
  value smaller than that of the invoking user and not be reset
  before the command was run.

What's new in Sudo 1.9.8p2

* Fixed a potential out-of-bounds read with "sudo -i" when the
  target user's shell is bash.  This is a regression introduced
  in sudo 1.9.8.

* sudo_logsrvd now only sends a log ID for first command of a session.
  There is no need to send the log ID for each sub-command.

* Fixed a few minor memory leaks in intercept mode.

* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
  was enabled when handling sub-commands.  A new zero-length journal
  file was created for each sub-command instead of simply using
  the existing journal file.

* Fixed a bug where sudoedit would fail if one of the directories
  in the path to be edited had the immutable flag set (BSD, Linux
  or macOS).

What's new in Sudo 1.9.8p1

* Fixed support for passing a prompt (sudo -p) or a login class
  (sudo -c) on the command line.  This is a regression introduced
  in sudo 1.9.8.

* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
  This is a regression introduced in sudo 1.9.8.

* Fixed a compilation error when the --enable-static-sudoers configure
  option was specified.  This is a regression introduced in sudo
  1.9.8 caused by a symbol clash with the intercept and log server
  protobuf functions.

What's new in Sudo 1.9.8

* It is now possible to transparently intercepting sub-commands
  executed by the original command run via sudo.  Intercept support
  is implemented using LD_PRELOAD (or the equivalent supported by
  the system) and so has some limitations.  The two main limitations
  are that only dynamic executables are supported and only the
  execl, execle, execlp, execv, execve, execvp, and execvpe library
  functions are currently intercepted. Its main use case is to
  support restricting privileged shells run via sudo.

  To support this, there is a new "intercept" Defaults setting and
  an INTERCEPT command tag that can be used in sudoers.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    Defaults!SHELLS intercept

  would cause sudo to run the listed shells in intercept mode.
  This can also be set on a per-rule basis.  For example:

    Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
    chuck ALL = INTERCEPT: SHELLS

  would only apply intercept mode to user "chuck" when running one
  of the listed shells.

  In intercept mode, sudo will not prompt for a password before
  running a sub-command and will not allow a set-user-ID or
  set-group-ID program to be run by default.  The new
  intercept_authenticate and intercept_allow_setid sudoers settings
  can be used to change this behavior.

* The new "log_subcmds" sudoers setting can be used to log additional
  commands run in a privileged shell.  It uses the same mechanism as
  the intercept support described above and has the same limitations.

* The new "log_exit_status" sudoers setting can be used to log
  the exit status commands run via sudo.  This is also a corresponding
  "log_exit" setting in the sudo_logsrvd.conf eventlog stanza.

* Support for logging sudo_logsrvd errors via syslog or to a file.
  Previously, most sudo_logsrvd errors were only visible in the
  debug log.

* Better diagnostics when there is a TLS certificate validation error.

* Using the "+=" or "-=" operators in a Defaults setting that takes
  a string, not a list, now produces a warning from sudo and a
  syntax error from inside visudo.

* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
  had no effect when creating I/O log parent directories if the I/O log
  file name ended with the string "XXXXXX".

* Fixed a bug in the sudoers custom prompt code where the size
  parameter that was passed to the strlcpy() function was incorrect.
  No overflow was possible since the correct amount of memory was
  already pre-allocated.

* The mksigname and mksiglist helper programs are now built with
  the host compiler, not the target compiler, when cross-compiling.

* Fixed compilation error when the --enable-static-sudoers configure
  option was specified.  This was due to a typo introduced in sudo
  1.9.7.

(adam)

Updated devel/py-filelock, devel/py-bitarray

(adam)

py-bitarray: updated to 2.5.1

2.5.1:
* optimize `.reverse()`
* allow negative (byte) indices in `.bytereverse()`

(adam)

py-filelock: updated to 3.7.0

3.7.0
Add ability to return immediately when a lock cannot be obtained inst…

(adam)

Added sysutils/ansible-core; Removed sysutils/ansible-base; Updated sysutils/ansible, sysutils/ansible-lint

(adam)

ansible-base: finish removal

(wiz)

ansible-lint: updated to 6.1.0

v6.1.0

Minor Changes

Implement JSON Schema verification for several known file types
Improve cli argument handling
Add no-prompting rule as experimental
Add only-builtins rule to check compatibility with core
Add native SARIF output support
--write: Optionally pass rule names to --write in cli
--write: Allow Transforms to mark MatchErrors as fixed

Bugfixes

Fix support for block tasks in unnamed-task rule
Make sure all tasks get evaluated by matchtask including block/always/rescue and nested tasks
Ensure tags are escaped when printed
Detect role argument_specs files as a lintable kind
Fix var-naming rule to show line numbers and apply noqa
--write: Do not rewrite zero 0 as octal 00
Relax the yamllint rules on spaces inside braces for flow mappings
Update test and typing deps and remove special code paths for py < 3.8
Update package metadata for setuptools
Apply var-spacing tests to vars files
Add philosophy section to the documentation
Propagate error message to user on systemexit
Fix loading ansible-lint.yml in git projects

(adam)

ansible-base: removed

(adam)

ansible: updated to 5.7.1

v5.7.1

Minor Changes
-------------

- The version of fortinet.fortios has been rolled back to 2.1.4 (from 2.1.5) to address a syntax error pending a new release of
the collection

v5.7.0

Major Changes
-------------

community.postgresql
~~~~~~~~~~~~~~~~~~~~

- postgresql_user - the ``priv`` argument has been deprecated and will be removed in ``community.postgresql 3.0.0``. Please use the ``postgresql_privs`` module to grant/revoke privileges instead (https://github.com/ansible-collections/community.postgresql/issues/212).

fortinet.fortios
~~~~~~~~~~~~~~~~

- Support FortiOS 7.0.2, 7.0.3, 7.0.4, 7.0.5.

Minor Changes
-------------

ansible.utils
~~~~~~~~~~~~~

- 'consolidate' filter plugin added.

cloud.common
~~~~~~~~~~~~

- Move the content of README_ansible_turbo.module.rst in the main README.md to get visibility on Ansible Galaxy.

community.dns
~~~~~~~~~~~~~

- Prepare collection for inclusion in an Execution Environment by declaring its dependencies (https://github.com/ansible-collections/community.dns/pull/93).

community.docker
~~~~~~~~~~~~~~~~

- Prepare collection for inclusion in an Execution Environment by declaring its dependencies. The ``docker_stack*`` modules are not supported (https://github.com/ansible-collections/community.docker/pull/336).
- current_container_facts - add detection for GitHub Actions (https://github.com/ansible-collections/community.docker/pull/336).
- docker_container - support returning Docker container log output when using Docker's ``local`` logging driver, an optimized local logging driver introduced in Docker 18.09 (https://github.com/ansible-collections/community.docker/pull/337).

community.general
~~~~~~~~~~~~~~~~~

- alternatives - add ``state`` parameter, which provides control over whether the alternative should be set as the active selection for its alternatives group (https://github.com/ansible-collections/community.general/issues/4543, https://github.com/ansible-collections/community.general/pull/4557).
- atomic_container - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- clc_alert_policy - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_loadbalancer - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- clc_server - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- cmd_runner module util - reusable command runner with consistent argument formatting and sensible defaults (https://github.com/ansible-collections/community.general/pull/4476).
- datadog_monitor - support new datadog event monitor of type `event-v2 alert` (https://github.com/ansible-collections/community.general/pull/4457)
- filesystem - add support for resizing btrfs (https://github.com/ansible-collections/community.general/issues/4465).
- lxd_container - adds ``project`` option to allow selecting project for LXD instance (https://github.com/ansible-collections/community.general/pull/4479).
- lxd_profile - adds ``project`` option to allow selecting project for LXD profile (https://github.com/ansible-collections/community.general/pull/4479).
- nmap inventory plugin - add ``sudo`` option in plugin in order to execute ``sudo nmap`` so that ``nmap`` runs with elevated privileges (https://github.com/ansible-collections/community.general/pull/4506).
- nomad_job - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- nomad_job_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_device - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_sshkey - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- packet_volume - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- profitbricks - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- proxmox - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- proxmox inventory plugin - add token authentication as an alternative to username/password (https://github.com/ansible-collections/community.general/pull/4540).
- proxmox inventory plugin - parse LXC configs returned by the proxmox API (https://github.com/ansible-collections/community.general/pull/4472).
- proxmox_snap - add restore snapshot option (https://github.com/ansible-collections/community.general/pull/4377).
- proxmox_snap - fixed timeout value to correctly reflect time in seconds. The timeout was off by one second (https://github.com/ansible-collections/community.general/pull/4377).
- redfish_command - add ``IndicatorLedOn``, ``IndicatorLedOff``, and ``IndicatorLedBlink`` commands to the Systems category for controling system LEDs (https://github.com/ansible-collections/community.general/issues/4084).
- seport - minor refactoring (https://github.com/ansible-collections/community.general/pull/4471).
- smartos_image_info - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- terraform - adds ``terraform_upgrade`` parameter which allows ``terraform init`` to satisfy new provider constraints in an existing Terraform project (https://github.com/ansible-collections/community.general/issues/4333).
- udm_group - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- udm_share - minor refactoring (https://github.com/ansible-collections/community.general/pull/4556).
- vmadm - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- webfaction_app - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- webfaction_db - minor refactoring (https://github.com/ansible-collections/community.general/pull/4567).
- xfconf - added missing value types ``char``, ``uchar``, ``int64`` and ``uint64`` (https://github.com/ansible-collections/community.general/pull/4534).

community.grafana
~~~~~~~~~~~~~~~~~

- Remove requirement for `ds_type` and `ds_url` parameters when deleting a datasource
- add `grafana` action group in `meta/runtime.yml` to support for module group defaults
- refactor grafana_notification_channel module

community.hrobot
~~~~~~~~~~~~~~~~

- Prepare collection for inclusion in an Execution Environment by declaring its dependencies (https://github.com/ansible-collections/community.hrobot/pull/45).

community.zabbix
~~~~~~~~~~~~~~~~

- all modules - prepare for deprecation of distutils LooseVersion.
- collection - Add dependencies to other collections. This helps Ansible Galaxy automatically downloading collections that this collection relies on to run.
- connection.httpapi (plugin) - add initial httpapi connection plugin.
- httpapi.jsonrpc (plugin) - add initial httpapi for future handling of json-rpc.
- new module zabbix authentication for configuring global authentication settings in Zabbix Server's Settings section of GUI.
- new module zabbix_autoregister for configuring global autoregistration settings in Zabbix Server's Settings section of GUI.
- new module zabbix_housekeeping for configuring global housekeeping settings in Zabbix Server's Settings section of GUI.
- test_zabbix_host_info - fix Template/Group names for 5.4
- test_zabbix_screen - disable testing for screen in 5.4 (deprecated)
- zabbix_action - additional fixes to make module work with Zabbix 6.0 (https://github.com/ansible-collections/community.zabbix/pull/664)
- zabbix_action - module ported to work with Zabbix 6.0 (https://github.com/ansible-collections/community.zabbix/pull/648, https://github.com/ansible-collections/community.zabbix/pull/653)
- zabbix_agent - Check if 'firewalld' exist and is running when handler is executed.
- zabbix_agent - Install the correct Python libxml2 package on SLES15
- zabbix_agent - Move inclusion of the apache.yml tasks to later stage during execution of role.
- zabbix_agent - Prepare for Zabbix 6.0.
- zabbix_agent - Specify a minor version with zabbix_agent_version_minor for RH systems.
- zabbix_agent - There was no way to configure a specific type for the macro.
- zabbix_agent - Use multiple aliases in the configuration file with ``zabbix_agent_zabbix_alias`` or ``zabbix_agent2_zabbix_alias``.
- zabbix_maintenance - added new module parameter `tags`, which allows configuring Problem Tags on maintenances.
- zabbix_proxy - Prepare for Zabbix 6.0.
- zabbix_proxy - Specify a minor version with zabbix_proxy_version_minor for RH systems.
- zabbix_proxy - Support for Sangoma and treat it like a RHEL system.
- zabbix_server - Check the 'zabbix_server_install_database_client' variable in RedHat tasks.
- zabbix_server - Prepare for Zabbix 6.0.
- zabbix_server - Specify a minor version with zabbix_server_version_minor for RH systems.
- zabbix_user - change alias property to username (changed in 5.4) (alias is now an alias for username)
- zabbix_user_info - change alias property to username (changed in 5.4) (alias is now an alias for username)
- zabbix_web - Change format ENCRYPTION, VERIFY_HOST from string to boolean.
- zabbix_web - Specify a minor version with zabbix_web_version_minor for RH systems.

f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~

- bigip_device_info - add UCS creation date to the data gathered
- bigip_virtual_server - add service_down_immediate_action parameter
- bigiq_regkey_license - add addon_keys parameter to the module

netapp.cloudmanager
~~~~~~~~~~~~~~~~~~~

- na_cloudmanager_connector_gcp - when using the user application default credential authentication by running the command gcloud auth application-default login, ``gcp_service_account_path`` is not needed.

netapp.ontap
~~~~~~~~~~~~

- na_ontap_cluster_config role - use na_ontap_login_messages as na_ontap_motd is deprecated.
- na_ontap_debug - report ansible version and ONTAP collection version.
- na_ontap_efficiency_policy - Added REST support.
- na_ontap_export_policy_rule - new option ``ntfs_unix_security`` for NTFS export UNIX security options added.
- na_ontap_lun - Added REST support.
- na_ontap_snapmirror -- Added more descriptive error messages for REST
- na_ontap_snapshot_policy - Added REST support to the na_ontap_snapshot_policy module.
- na_ontap_svm - add support for web services (ssl modify) - REST only with 9.8 or later.
- na_ontap_volume - add support for SnapLock - only for REST.
- na_ontap_volume - allow to modify volume after rename.
- na_ontap_volume - new option ``max_files`` to increase the inode count value.
- na_ontap_vserver_create role - support max_volumes option.

netbox.netbox
~~~~~~~~~~~~~

- Add meta information for use in Execution Environments
- Multiple modules - add new parameters added in NetBox 3.2
- nb_inventory - Add site_group as an option
- netbox_front_port and netbox_rear_port - Add label as parameter

sensu.sensu_go
~~~~~~~~~~~~~~

- Added support for ansible 2.13
- Removed support for CentOS 8

t_systems_mms.icinga_director
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- Add icinga_serviceset module (https://github.com/T-Systems-MMS/ansible-collection-icinga-director/pull/163)
- Test more ansible versions (https://github.com/T-Systems-MMS/ansible-collection-icinga-director/pull/162)

Deprecated Features
-------------------

community.general
~~~~~~~~~~~~~~~~~

- nmcli - deprecate default hairpin mode for a bridge. This so we can change it to ``false`` in community.general 7.0.0, as this is also the default in ``nmcli`` (https://github.com/ansible-collections/community.general/pull/4334).
- proxmox inventory plugin - the current default ``true`` of the ``want_proxmox_nodes_ansible_host`` option has been deprecated. The default will change to ``false`` in community.general 6.0.0. To keep the current behavior, explicitly set ``want_proxmox_nodes_ansible_host`` to ``true`` in your inventory configuration. We suggest to already switch to the new behavior by explicitly setting it to ``false``, and by using ``compose:`` to set ``ansible_host`` to the correct value. See the examples in the plugin documentation for details (https://github.com/ansible-collections/community.general/pull/4466).

Bugfixes
--------

Ansible-core
~~~~~~~~~~~~

- Ansible.ModuleUtils.SID - Use user principal name as is for lookup in the ``Convert-ToSID`` function - https://github.com/ansible/ansible/issues/77316
- Fix traceback when installing a collection from a git repository and git is not installed (https://github.com/ansible/ansible/issues/77479).
- ansible-test - Correctly detect when running as the ``root`` user (UID 0) on the origin host. The result of the detection was incorrectly being inverted.
- ansible-test - Fix skipping of tests marked ``needs/python`` on the origin host.
- ansible-test - Fix skipping of tests marked ``needs/root`` on the origin host.
- ansible-test compile sanity test - do not crash if a column could not be determined for an error (https://github.com/ansible/ansible/pull/77465).
- hostname - use ``file_get_content()`` to read the file containing the host name in the ``FileStrategy.get_permanent_hostname()`` method. This prevents a ``TypeError`` from being raised when the strategy is used (https://github.com/ansible/ansible/issues/77025).
- script - skip in check mode since the plugin cannot determine if a change will occur.
- shell/command - only skip in check mode if the options `creates` and `removes` are both None.
- winrm - Ensure ``kinit`` is run with the same ``PATH`` env var as the Ansible process

cloud.common
~~~~~~~~~~~~

- fix parameters with aliases not being passed through (https://github.com/ansible-collections/cloud.common/issues/91).
- fix turbo mode loading incorrect module (https://github.com/ansible-collections/cloud.common/pull/102).
- turbo - Ensure we don't call the module with duplicated aliased parameters.

community.dns
~~~~~~~~~~~~~

- Update Public Suffix List.

community.docker
~~~~~~~~~~~~~~~~

- docker connection plugin - make sure that ``docker_extra_args`` is used for querying the Docker version. Also ensures that the Docker version is only queried when needed. This is currently the case if a remote user is specified (https://github.com/ansible-collections/community.docker/issues/325, https://github.com/ansible-collections/community.docker/pull/327).

community.general
~~~~~~~~~~~~~~~~~

- dnsmadeeasy - fix failure on deleting DNS entries when API response does not contain monitor value (https://github.com/ansible-collections/community.general/issues/3620).
- git_branch - remove deprecated and unnecessary branch ``unprotect`` method (https://github.com/ansible-collections/community.general/pull/4496).
- gitlab_group - improve searching for projects inside group on deletion (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_group_members - handle more than 20 groups when finding a group (https://github.com/ansible-collections/community.general/pull/4491, https://github.com/ansible-collections/community.general/issues/4460, https://github.com/ansible-collections/community.general/issues/3729).
- gitlab_hook - handle more than 20 hooks when finding a hook (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_project - handle more than 20 namespaces when finding a namespace (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_project_members - handle more than 20 projects and users when finding a project resp. user (https://github.com/ansible-collections/community.general/pull/4491).
- gitlab_user - handle more than 20 users and SSH keys when finding a user resp. SSH key (https://github.com/ansible-collections/community.general/pull/4491).
- keycloak - fix parameters types for ``defaultDefaultClientScopes`` and ``defaultOptionalClientScopes`` from list of dictionaries to list of strings (https://github.com/ansible-collections/community.general/pull/4526).
- opennebula inventory plugin - complete the implementation of ``constructable`` for opennebula inventory plugin. Now ``keyed_groups``, ``compose``, ``groups`` actually work (https://github.com/ansible-collections/community.general/issues/4497).
- pacman - fixed bug where ``absent`` state did not work for locally installed packages (https://github.com/ansible-collections/community.general/pull/4464).
- pritunl - fixed bug where pritunl plugin api add unneeded data in ``auth_string`` parameter (https://github.com/ansible-collections/community.general/issues/4527).
- proxmox inventory plugin - fix error when parsing container with LXC configs (https://github.com/ansible-collections/community.general/issues/4472, https://github.com/ansible-collections/community.general/pull/4472).
- proxmox_kvm - fix a bug when getting a state of VM without name will fail (https://github.com/ansible-collections/community.general/pull/4508).
- xbps - fix error message that is reported when installing packages fails (https://github.com/ansible-collections/community.general/pull/4438).

community.hrobot
~~~~~~~~~~~~~~~~

- robot inventory plugin - do not crash if a server neither has name or primary IP set. Instead, fall back to using the server's number as the name. This can happen if unnamed rack reservations show up in your server list (https://github.com/ansible-collections/community.hrobot/issues/40, https://github.com/ansible-collections/community.hrobot/pull/47).

community.postgresql
~~~~~~~~~~~~~~~~~~~~

- postgresql_db - get rid of the deprecated psycopg2 connection alias ``database`` in favor of ``dbname`` when psycopg2 is 2.7+ is used (https://github.com/ansible-collections/community.postgresql/issues/194, https://github.com/ansible-collections/community.postgresql/pull/196).

community.proxysql
~~~~~~~~~~~~~~~~~~

- module_utils/mysql.py - Proxysql version suffix may not be an integer (https://github.com/ansible-collections/community.proxysql/pull/96).

community.zabbix
~~~~~~~~~~~~~~~~

- Various modules and plugins - use vendored version of ``distutils.version`` instead of the deprecated Python standard library ``distutils`` (https://github.com/ansible-collections/community.zabbix/pull/603).
- ZapiWrapper (module_utils) - fix only partial zabbix version is returned.
- zabbix_agent - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_agent - Install the Agent for MacOSX sooner than its configuration.
- zabbix_agent - The ``Install gpg key`` task for Debian did not work when a http proxy is configured.
- zabbix_agent - Use the correct URL with correct version.
- zabbix_agent - Use the correct path to determine Zabbix Agent 2 installation on Windows.
- zabbix_agent - Using the correct hostgroup as default now.
- zabbix_agent - fix for the autopsk, incl. tests with Molecule.
- zabbix_host - Added small notification that an user should have read access to get hostgroups overview.
- zabbix_host - adapter changed properties for interface comparisson
- zabbix_maintenance - should now work when creating maintenace on Zabbix 6.0 server
- zabbix_proxy - 'zcat' the zipped sql files to /tmp before executing it.
- zabbix_proxy - Check MySQL version before settings mysql_innodb_default_row_format value.
- zabbix_proxy - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_server - 'zcat' the zipped sql files to /tmp before executing it.
- zabbix_server - Check MySQL version before settings mysql_innodb_default_row_format value.
- zabbix_server - Install Zabbix packages when zabbix_repo == other is used with yum.
- zabbix_template - setting correct null values to fix unintentional changes
- zabbix_web - Added some default variables if the geerlingguys apache role is not used.
- zabbix_web - Specified the correct versions for php.

f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~

- bigip_command - fixed a bug that interpreted a pipe symbol inside an input string as pipe used to combine commands
- bigip_device_certificate - adds missing space to tmsh command
- bigip_gtm_wide_ip - fixed inability to change persistence setting on existing wide ip objects

fortinet.fortios
~~~~~~~~~~~~~~~~

- Fix issues in version mismatch logic.
- Fix status issue in fortios_json_generic().
- Fix the issue of inconsistent data types in different schemas.

netapp.cloudmanager
~~~~~~~~~~~~~~~~~~~

- Add check when volume is capacity tiered.
- na_cloudmanager_connector_azure - Fix string formatting error when deleting the connector.

netapp.ontap
~~~~~~~~~~~~

- Fixed ONTAP minor version ignored in checking minimum ONTAP version.
- na_ontap_aggregate - Fixed error in delete aggregate if the ``disk_count`` is less than current disk count.
- na_ontap_autosupport - Fixed `partner_address` not working in REST.
- na_ontap_command - document that a READONLY user is not supported, even for show commands.
- na_ontap_disk_options - ONTAP 9.10.1 returns on/off rather than True/False.
- na_ontap_info - Fixes issue with na_ontap_info failing in 9.1 because of ``job-schedule-cluster``.
- na_ontap_iscsi - Fixed issue with ``start_state`` always being set to stopped when creating an ISCSI.
- na_ontap_iscsi - fixed error starting iscsi service on vserver where Service, adapter, or operation already started.
- na_ontap_lun - Fixed KeyError on options ``force_resize``, ``force_remove`` and ``force_remove_fenced`` in Zapi.
- na_ontap_lun - Fixed ``force_remove`` option silently ignored in REST.
- na_ontap_lun_map - TypeError - '>' not supported between instances of 'int' and 'str '.
- na_ontap_qtree - Fixed issue with ``oplocks`` not being changed during a modify in Zapi.
- na_ontap_qtree - Fixed issue with ``oplocks`` not warning user about not being supported in REST
- na_ontap_snapmirror - Added use_rest condition for the REST support to work when use_rest `always`.
- na_ontap_snapshot - add error message if volume is not found with REST.
- na_ontap_snapshot - fix key error on volume when using REST.
- na_ontap_snapshot_policy - Do not validate parameter when state is ``absent`` and fix KeyError on ``comment``.
- na_ontap_svm - fixed KeyError issue on protocols when vserver is stopped.
- na_ontap_volume - do not attempt to mount volume if current state is offline.
- na_ontap_volume - fix idempotency issue with compression settings when using REST.
- na_ontap_vserver_peer - Added cluster peer accept code in REST.
- na_ontap_vserver_peer - Fixed AttributeError if ``dest_hostname`` or ``peer_options`` not present.
- na_ontap_vserver_peer - Fixed ``local_name_for_peer`` and ``local_name_for_source`` options silently ignored in REST.
- na_ontap_vserver_peer - Get peer cluster name if remote peer exist else use local cluster name.
- na_ontap_vserver_peer - ignore job entry doesn't exist error with REST to bypass ONTAP issue with FSx.
- na_ontap_vserver_peer - report error if SVM peer does not see a peering relationship after create.

netbox.netbox
~~~~~~~~~~~~~

- netbox_contact_group - Fix field description
- netbox_rack - Add location as a query parameter for uniqueness check

New Plugins
-----------

Connection
~~~~~~~~~~

- community.zabbix.httpapi - Use httpapi to run command on network appliances

Httpapi
~~~~~~~

- community.zabbix.jsonrpc - HttpApi Plugin for Zabbix

New Modules
-----------

community.general
~~~~~~~~~~~~~~~~~

Cloud
^^^^^

Lxd
...

- community.general.lxd_project - Manage LXD projects

Monitoring
^^^^^^^^^^

- community.general.alerta_customer - Manage customers in Alerta

community.zabbix
~~~~~~~~~~~~~~~~

- community.zabbix.zabbix_authentication - Update Zabbix authentication
- community.zabbix.zabbix_autoregister - Update Zabbix autoregistration
- community.zabbix.zabbix_housekeeping - Update Zabbix housekeeping

f5networks.f5_modules
~~~~~~~~~~~~~~~~~~~~~

- f5networks.f5_modules.bigip_ltm_global - Manages global LTM settings

t_systems_mms.icinga_director
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

- t_systems_mms.icinga_director.icinga_serviceset - Manage servicesets in Icinga2

(adam)

ansible-core: added version 2.12.5

Ansible is a radically simple IT automation system. It handles configuration
management, application deployment, cloud provisioning, ad-hoc task execution,
network automation, and multi-node orchestration. Ansible makes complex changes
like zero-downtime rolling updates with load balancers easy.

(adam)

openjdk11: installs jdk.internal.vm.compiler on aarch64 now

(tnn)

pciutils: fix PLIST issue on Linux

(tnn)

regen distinfo

(tnn)

gimp: fix build on macOS

(tnn)

freecell-solver: Fix sys/cdefs.h abuse.

(jperkin)

doc: Updated sysutils/dua-cli to 2.17.5

(pin)

khtml: Force HAVE_ALLOCA_H on SunOS.

(jperkin)

sysutils/dua-cli: update to 2.17.5

2.17.5 (2022-05-13)
Bug Fixes
-update to latest version of trash to improve trashing on linux See their
respective release.

(pin)

graphviz: x11 option needs libXrender

usually gets implicitly pulled in via cairo but make it explicit

(tnn)

gegl: fix PLIST for Darwin

(tnn)

firefox: 100 requires nss>=3.76

(gutteridge)

cantor: bump PKGREVISION for dependency change

(wiz)

cantor: Drop dependency on discount.

It needs a patched version with mkd_latextext which our pkgsrc version does
not provide, but comes with a bundled copy that does.

(jperkin)

python27: properly undo the isysroot change

(tnn)

python27: patch unixccompiler.py instead and use SUBST for OSX_SDK_PATH

(-isysroot probably not wrapper safe)

(tnn)

cpu_features: stub some things to make it build on arm

(tnn)

qt5-qtwebengine: adapt for pciutils 3.8

(wiz)

ktexteditor: SunOS needs -mimpure-text workaround.

(jperkin)

python27: fix build on macOS

We must pass -isysroot with the explicit path to the MacOSX SDK in CFLAGS.
Without this setup.py fails to find builtin zlib and bzip2.
See comment in ${WRKSRC}/Lib/distutils/unixccompiler.py:find_library_file()
for why this is necessary.

(tnn)

marble: Avoid ambiguous function call.

(jperkin)

threadweaver: SunOS needs sys/loadavg.h for getloadavg().

(jperkin)

xentools415: update for pciutils 3.8.0

Untested because of

python3.10 ./scripts/ldnoexec.py out/rom16.o.strip.o out/rom16.noexec.o
Traceback (most recent call last):
  File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 32, in <module>
    main()
  File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 20, in main
    f = open(infilename, "rb")
FileNotFoundError: [Errno 2] No such file or directory: 'out/rom32seg.o.strip.o'
gmake[6]: *** [Makefile:133: out/rom32seg.noexec.o] Error 1
gmake[6]: *** Waiting for unfinished jobs....
Traceback (most recent call last):
  File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 32, in <module>
    main()
  File "/scratch/sysutils/xentools415/work/seabios-rel-1.14.0/./scripts/ldnoexec.py", line 20, in main
    f = open(infilename, "rb")
FileNotFoundError: [Errno 2] No such file or directory: 'out/rom16.o.strip.o'
gmake[6]: *** [Makefile:133: out/rom16.noexec.o] Error 1

on -current/amd64.

Run pkglint -F while here.

(wiz)

xentools413: adapt to pciutils 3.8

Untested because of

ld -N -T out/romlayout32flat.lds out/rom16.strip.o out/rom32seg.strip.o out/code32flat.o -o out/rom.o
ld: cannot find out/rom16.strip.o: No such file or directory
ld: cannot find out/rom32seg.strip.o: No such file or directory

on -current/amd64.

(wiz)

plasma-framework: kwayland is optional.

(jperkin)

xentools411: adapt for pciutils 3.8

Untested because of

In file included from include/ipxe/uaccess.h:27,
                from core/acpi.c:28:
./config/ioapi.h:17:10: fatal error: config/local/ioapi.h: No such file or directory
  17 | #include <config/local/ioapi.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~

on -current/amd64.

(wiz)

vbetool: adapt for pciutils 3.8.0

(wiz)

flashrom: adapt for pciutils 3.8

(wiz)

nvtv: adapt for pciutils 3.8.0

Untested since this is not-for-x86_64

(wiz)

hexchat: adapt libpci option for pciutils 3.8.0

default-off, so no PKGREVISION bump

(wiz)

openjdk17: Fetch bootstrap kits from ftp.NetBSD.org

(ryoon)

doc: Updated lang/php81 to 8.1.6

(taca)

lang/php81: update to 8.1.6

12 May 2022, PHP 8.1.6

- Core:
  . Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb)
  . Fixed potential race condition during resource ID allocation. (ryancaicse)
  . Fixed bug GH-8133 (Preloading of constants containing arrays with enums
    segfaults). (ilutov)
  . Fixed Haiku ZTS builds. (David Carlier)

- Date:
  . Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient
    data). (Derick)
  . Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick)
  . Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
    (Derick)
  . Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are
    not rethrown into the generator). (Bob)

- FFI:
  . Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
    (Bob)

- FPM:
  . Fixed bug #76003 (FPM /status reports wrong number of active processe).
    (Jakub Zelenka)
  . Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka)
  . Fixed comment in kqueue remove callback log message. (David Carlier)

- Hash:
  . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)

- Iconv:
  . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
    (cmb)

- Intl:
  . Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb)

- MBString:
  . Number of error markers emitted for invalid UTF-8 text matches WHATWG specification.
    This is a return to the behavior of PHP 8.0 and earlier. (alexdowad)

- MySQLi:
  . Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
    (cmb)

- SPL:
  . Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
    (cmb)
  . Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias)

- Streams:
  . Fixed php://temp does not preserve file-position when switched to temporary
    file. (Bernd Holzm端ller)

- zlib:
  . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
    (cmb)

(taca)

konsole: Newer QT API fixes.

(jperkin)

lang/php: make sure to update php80 to 8.0.19

Forgot to commit, make sure to update php80 to 8.0.19.

(taca)

mk/defaults: Add a description about sunaudio option

(ryoon)

mk: Enable openjdk17

(ryoon)

lang: Enable openjdk17

(ryoon)

doc: Added lang/openjdk17 version 1.17.0.3.7

(ryoon)

lang/openjdk17: import openjdk17-1.17.0.3.7

Open-source implementation of the Java Platform, Standard Edition.
This package privides OpenJDK 17 LTS.

This package is NOT certified to be compatible with any Java standard.
Use at own risk.

Mandatory trademark notice:
    "OpenJDK is a trademark or registered trademark of Oracle America,
    Inc. in the United States and other countries."

(ryoon)

doc: Updated www/firefox-l10n to 100.0

(ryoon)

firefox-l10n: Update to 100.0

* Sync with www/firefox-100.0.

(ryoon)

doc: Updated www/firefox to 100.0

(ryoon)

firefox: Update to 100.0

* Simplify some option logics.
* Add sunaudio and jack options as audio backends.

Changelog
100.0:
New

  * We now support captions/subtitles display on YouTube, Prime Video, and
    Netflix videos you watch in Picture-in-Picture. Just turn on the subtitles
    on the in-page video player, and they will appear in PiP.

  * Picture-in-Picture now also supports video captions on websites that use
    WebVTT (Web Video Text Track) format, like Coursera.org, Canadian
    Broadcasting Corporation, and many more.

  * On the first run after install, Firefox detects when its language does not
    match the operating system language and offers the user a choice between
    the two languages.

  * Firefox spell checking now checks spelling in multiple languages. To enable
    additional languages, select them in the text field's context menu.

  * HDR video is now supported in Firefox on Mac --- starting with YouTube!
    Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
    higher-fidelity video content. No need to manually flip any preferences to
    turn HDR video support on --- just make sure battery preferences are NOT set
    to "optimize video streaming while on battery".

  * Hardware accelerated AV1 video decoding is enabled on Windows with
    supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce 30).
    Installing the AV1 Video Extension from the Microsoft Store may also be
    required.

  * Video overlay is enabled on Windows for Intel GPUs, reducing power usage
    during video playback.

  * Improved fairness between painting and handling other events. This
    noticeably improves the performance of the volume slider on Twitch.

  * Scrollbars on Linux and Windows 11 won't take space by default. On Linux,
    users can change this in Settings. On Windows, Firefox follows the system
    setting (System Settings > Accessibility > Visual Effects > Always show
    scrollbars).

  * Firefox now supports credit card autofill and capture in the United
    Kingdom.

  * Firefox now ignores less restricted referrer policies --- including
    unsafe-url, no-referrer-when-downgrade, and origin-when-cross-origin
    --- for cross-site subresource/iframe requests to prevent privacy
    leaks from the referrer.

Fixed

  * Users can now choose preferred color schemes for websites. Theme authors
    can now make better decisions about which color scheme Firefox uses for
    menus. Web content appearance can now be changed in Settings.

  * Beginning in this release, the Firefox installer for Windows is signed with
    a SHA-256 digest, rather than SHA-1. Update KB4474419 is required for
    successful installation on a computer running Microsoft Windows 7. For more
    details about this update, visit the Microsoft Technical Support website.

  * In macOS 11+ we now only rasterize the fonts once per window. This means
    that opening a new tab is fast, and switching tabs in the same window is
    also fast. (There's still work to do to share fonts across windows, or to
    reduce the time it takes to initialize these fonts.)

  * The performance of deeply-nested display: grid elements is greatly
    improved.

  * Support for profiling multiple java threads has been added.

  * Soft-reloading a web page will no longer cause revalidation for all
    resources.

  * Non-vsync tasks are given more time to run, which improves behavior on
    Google docs and Twitch.

  * Geckoview APIs have been added to control the start/stop time of capturing
    a profile.

  * Various security fixes.

Changed

  * Firefox has a new focus indicator for links which replaces the old dotted
    outline with a solid blue outline. This change unifies the focus indicators
    across form fields and links, which makes it easier to identify the focused
    link, especially for users with low vision.

  * New users can now set Firefox as the default PDF handler when setting
    Firefox as their default browser.

  * Some websites might not work correctly in Firefox version 100 due to
    Firefox's new three-digit number. You can read about it in our blog post
    here!

    See the Mozilla Support article Difficulties opening or using a website in
    Firefox 100 for possible workarounds you can use. There, you will also find
    instructions for reporting a broken website so that Mozilla can help fix
    the problem.

Mozilla Foundation Security Advisory 2022-16
#CVE-2022-29914: Fullscreen notification bypass using popups
#CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
#CVE-2022-29916: Leaking browser history with CSS variables
#CVE-2022-29911: iframe Sandbox bypass
#CVE-2022-29912: Reader mode bypassed SameSite cookies
#CVE-2022-29910: Firefox for Android forgot HTTP Strict Transport Security
settings
#CVE-2022-29915: Leaking cross-origin redirect through the Performance API
#CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
#CVE-2022-29918: Memory safety bugs fixed in Firefox 100

99.0.1:
Fixed

  * Fixed an issue for Windows users that prevented hardware video decoding on
    newer Intel drivers (bug 1762125)

  * Fixed an issue with text rendering in Bengali (bug 1763368)

  * Fixed a selection issue in the Download panel with drag and drop (bug
    1762723)

  * Fixed an issue preventing Zoom gallery mode for users who go to zoom.us
    URLs instead of subdomain.zoom.us URLs (bug 1763801)

99.0:
New

  * You can now toggle Narrate in ReaderMode with the keyboard shortcut "n."

  * You can find added support for search --- with or without diacritics ---
    in the PDF viewer.

  * The Linux sandbox has been strengthened: processes exposed to web content
    no longer have access to the X Window system (X11).

  * Firefox now supports credit card autofill and capture in Germany and
    France.

Fixed

  * Various security fixes.

Mozilla Foundation Security Advisory 2022-13
#CVE-2022-1097: Use-after-free in NSSToken objects
#CVE-2022-28281: Out of bounds write due to unexpected WebAuthN Extensions
#CVE-2022-28282: Use-after-free in DocumentL10n::TranslateDocument
#CVE-2022-28283: Missing security checks for fetching sourceMapURL
#CVE-2022-28284: Script could be executed via svg's use element
#CVE-2022-28285: Incorrect AliasSet used in JIT Codegen
#CVE-2022-28286: iframe contents could be rendered outside the border
#CVE-2022-28287: Text Selection could crash Firefox
#CVE-2022-24713: Denial of Service via complex regular expressions
#CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
#CVE-2022-28288: Memory safety bugs fixed in Firefox 99

(ryoon)