doc: Updated mail/pst-utils to 0.6.76

(tm)

mail/pst-utils: Update to 0.6.76

LibPST 0.6.76 (2021-03-27)
*  Stuart C. Naifeh - fix rfc2231 encoding when saving messages
    to both .eml and .msg formats.

(tm)

doc: Updated mail/postgrey to 1.37

(tm)

mail/postgrey: Update to 1.37

* 2016-09-22: version 1.37
  - added initial test suite
  - testing using travis-ci (https://travis-ci.org/schweikert/postgrey)
  - removed IP pool-detection code for --lookup-by-net, because it matched
    also the naming of some big hosters like facebook (#32, Michal Petrucha,
    Andrew Ayer, Jon Sailor)
  - fix early logging of errors and warnings to syslog
  - simplified IP matching code
  - added support for IPv6 whitelists with netmask
  - add network-range based whitelist for Office 365 (Holger Stember)
  - updated whitelist

(tm)

doc: Updated mail/mime-construct to 1.11

(tm)

mail/mime-construct: Update to 1.11

(tm)

doc: Updated mail/imapfilter to 2.7.5

(tm)

mail/imapfilter: Update to 2.7.5

IMAPFilter 2.7.5 - 5 Dec 2020
- New "hostnames" option can be used to disable hostname validation.
- Bug fix; "certificates" option incorrectly controlled hostname validation.

(tm)

sysutils/tiramisu: change version numbering

suggested by leot.
Thanks.

(pin)

doc: Added textproc/hgrep version 0.1.5

(pin)

Add textproc/hgrep

(pin)

textproc/hgrep: import package

hgrep is a grep tool to search files with given pattern and print the matched
code snippets with human-friendly syntax highlighting.
In short, it's a fusion of bat and grep or other alternatives like ripgrep.

This is similar to -C option of grep command, but hgrep focuses on human
readable outputs. hgrep is useful to survey the matches with contexts around
them.
When some matches are near enough, hgrep prints the lines within one code
snippet. Unlike grep -C, hgrep adopts some heuristics around blank lines to
determine efficient number of context lines.

As an optional feature, hgrep has builtin grep implementation thanks to ripgrep
as library. It's a subset of rg command. And it's faster when there are so many
matches since everything is done in the same process.

(pin)

doc: Updated sysutils/tiramisu to 20211019

(pin)

sysutils/tiramisu: update to 2.0-20211019

-The project has been re-written in vala, which is now required to build the
package.

(pin)

Updated lang/nodejs, devel/yarn

(adam)

yarn: updated 1.22.17

1.22.17:
Unknown changes

(adam)

nodejs12: updated to 12.22.7

Version 12.22.7 'Erbium' (LTS)

This is a security release.

Notable changes

CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

(adam)

Updated net/rabbitmq, lang/nodejs

(adam)

nodejs: updated to 14.18.1

Version 14.18.1 'Fermium' (LTS)

This is a security release.

Notable changes

CVE-2021-22959: HTTP Request Smuggling due to spaced in headers (Medium)
The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). More details will be available at CVE-2021-22959 after publication.
CVE-2021-22960: HTTP Request Smuggling when parsing the body (Medium)
The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. More details will be available at CVE-2021-22960 after publication.

(adam)

rabbitmq: updated to 3.9.8

3.9.8:

Core Server

Bug Fixes

* When the mandatory flag was used when publishing to classic queues,
  but publisher confirms were not, channels memory usage would grow indefinitely.

* `rabbitmq-diagnostics memory_breakdown` failed to read memory of connection
  reader, writer and channel processes.

* In some environments, Stream replicas advertised IP addresses that could not be reached by cluster peers
  (eg. IP addresses behind a NAT in a Docker deployment). RabbitMQ node hostnames are now advertised as well
  so that other peers can resolve them to get an externally visible IP address.

(adam)

doc: Updated pkgtools/pkgin to 21.10.1

(jperkin)

pkgin: Update to 21.10.1.

## Version 21.10.1 (2021-10-20)

* Free memory correctly when building package lists for printing.  Reduces
  memory usage considerably when operating on a large number of packages.

* Avoid infinite loop in package linked list when handling pkg_install.

(jperkin)

doc: Updated mail/offlineimap to 7.3.4

(tm)

mail/offlineimap: Update to 7.3.4

v7.3.4 (2021-08-03)
  Fixes
    - folder: IMAP: fix issue when the response of searchforheaders is
      the same UID multiple times. [Nicolas Sebrecht]
    - Fix hooks for IDLE sync. [Reto Schnyder]
    - Changed wrong comparison equal. [Rodolfo Garc鱈a Pe単as (kix)]
    - Comparison error. [Rodolfo Garc鱈a Pe単as (kix)]
    - remove outdated links to travis. [Nicolas Sebrecht]
    - ui init is lintian clean. [Rodolfo Garc鱈a Pe単as (kix)]
    - Require the minimal dependencies in python package. [Martin Di Paola]
  Changes
    - README: update regarding the offlineimap3 fork. [Nicolas Sebrecht]
    - redirect the users to offlineimap3. [Nicolas Sebrecht]
    - threadutil imports not used. [Rodolfo Garc鱈a Pe単as (kix)]
    - Move out pkg attributes from __init__.py. [Martin Di Paola]

v7.3.3 (2020-04-11)
  Features
    - export env. variables when running account hooks. [Frank LENORMAND]
  Fixes
    - Fix stale gss api authentication security context. [Herton R. Krzesinski]
    - Handle [ALREADYEXISTS] and Mailbox already exists!. [Chris Coleman]
  Changes
    - exec() the tunnel command. [martin f. krafft]

v7.3.2 (2019-12-17)
  Fixes
    - Revert "fix check for unsupported sep character". [Nicolas Sebrecht]
    - Fixing the Arch Linux name. [Jaroslav Lichtblau]

v7.3.1 (2019-12-15)
  Features
    - Additional address for sysloghandler to handle mac. [Chris Coutinho]
    - Added financial contributors to the README. [Jess]
    - Introduce FUNDING.yml for opencollective. [Nicolas Sebrecht]
  Fixes
    - Fix check for unsupported sep character. [Nicolas Sebrecht]
    - Contrib: use yaml.safe_load() instead of load(). [Nicolas Sebrecht]
    - Ensure python2 in the release workflow. [Nicolas Sebrecht]
    - Make docs: ensure py2 when running sphinx. [Nicolas Sebrecht]
  Changes
    - Update README.md. [Chris Coleman]

v7.3.0 (2019-08-19)
  Features
    - Implement Happy Eyeballs. [Olivier Mehani]
    - imaplib2 v2.101. [Nicolas Sebrecht]
    - imaplib2 v2.100. [Nicolas Sebrecht]
  Changes
    - Update readme to give an hint about Linux distros. [Dario Maiocchi]
    - travis: remove python3.6. [Nicolas Sebrecht]
    - README: add required dependency to rfc6555. [Nicolas Sebrecht]
  imaplib2
    - Do not use TIMEOUT_MAX for Condition.wait(). [Ilias Tsitsimpis]
    - Use SSLContext if available so we send SNI. [Julien Cristau]
    - Don't expect trailing space on command completion. [Ben Cotterell]

v7.2.4 (2019-06-08)
  Features
    - mkdir -p alike folder creation. [Kyle Altendorf]
  Fixes
    - Use portable locker to support cygwin in Windows. [kimim]
    - contrib/release.py: don't break if sphinx-build is missing. [Nicolas Sebrecht]
  Changes
    - Update FSF postal address. [Jelmer Vernoo蝶]
    - repository/IMAP: update copyright header date. [Nicolas Sebrecht]
    - PULL_REQUEST_TEMPLATE: add space between brackets to enable the edition
      in the gui. [Nicolas Sebrecht]

(tm)

emulators/simh: now hopefully works on MacOS.

Networking seemed to not crash for my test case (MacOS 11.6).

(rhialto)

Updated databases/mysql57-client, databases/mysql57-server, x11/py-sip, x11/py-qt5

(adam)

py-qt5: updated to 5.15.5

PyQt v5.15.5 has been released. This is a bug-fix release. There are corresponding releases of PyQtNetworkAuth and PyQtWebEngine.

Added the missing QPdfWriter.setPageSize() overload.
pylupdate5 now assumes that the default codec is UTF-8 and specifies v2.1 as the .ts file format.

PyQt v5.15.4 has been released. This is a minor bug-fix release. There are corresponding releases of the other PyQt5-related packages.

PyQt v5.15.3 has been released. This is a minor feature and bug-fix release. There are corresponding releases of the other PyQt5-related packages.

Added the missing QImage.setAlphaChannel().
Support for the QtNetworkAuth library has been moved to a separate PyQtNetworkAuth package.
Wheels no longer bundle the corresponding Qt libraries and instead automatically install them from an external wheel.

(adam)

py-sip: updated to 4.19.25

4.19.15:
Added support for Py_ssize_t (required by PyQt v5.15.3).

(adam)

mysql57: updated to 5.7.36

Changes in MySQL 5.7.36

Security Notes

Bugs Fixed

Security Notes

The linked OpenSSL library for MySQL Server has been updated to version 1.1.1l. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and and http://www.openssl.org/news/vulnerabilities.html.

Bugs Fixed

Incompatible Change: For all SELECT statements on a view, the query digest was based on the view definition. As a result, different queries had the same digest and aggregated together in the Performance Schema table events_statements_summary_by_digest, so statistics in that table were not usable for distinguishing distinct SELECT statements.

The query digest for each SELECT statement on a view now is based on the SELECT, not the view definition. This enables distinguishing distinct SELECT statements in the events_statements_summary_by_digest table. However, tools that use query digests may need some adjustment to account for this change. For example, MySQL Enterprise Firewall and query rewrite plugins rely on query digests and existing rules for them that are associated with views may need to be updated.

InnoDB: With undo log truncation enabled (innodb_undo_log_truncate=ON), it was possible for a deadlock and eventual failure to occur when an undo log truncate operation was initiated after a version upgrade from MySQL 5.6 to MySQL 5.7.34 or earlier. A patch introduced in MySQL 5.7.35

[Note] InnoDB: Found duplicate reference rseg: 33 space: 1 page: 3
[Note] InnoDB: Reset pre-5.7.2 rseg: 1 after duplicate is found.
If pre-5.7.2 rollback segment slots have no undo data to purge, a message similar to the following is emitted:

[Note] InnoDB: Successfully reset 32 pre-5.7.2 rseg slots.
If undo data is found in pre-5.7.2 rollback segment slots, a message similar to the following is emitted recommending a slow shutdown and restart:

[Note] InnoDB: pre-5.7.2 rseg: 2 holds data to be purged.
History length: 1. Recommend slow shutdown with innodb_fast_shutdown=0 and restart

InnoDB: Truncation of an undo tablespace during use by an active transaction raised an assertion failure. The transaction was prematurely marked as complete, permitting the truncation operation.

InnoDB: Deleting or updating a row from a parent table initiated a cascading SET NULL operation on the child table that set a virtual column value to NULL. The virtual column value should have been derived from the base column value.

Thanks to Yin Peng at Tencent for the contribution.

InnoDB: The InnoDB recovery process did not recognize that page compression had been applied to data that was being recovered, causing the tablespace data file to increase in size during the redo log apply phase, which could lead to a recovery failure for systems approaching a disk-full state.

Replication: The error messages issued by MySQL Replication when GTIDs required for auto-positioning have been purged could be incorrectly assigned or scrambled in some situations.

Replication: The contents of the gtid_executed and gtid_purged GTID sets were not persisted after restoring a dump taken using mysqldump. The dump file sequence has now been changed so that the mysql schema (which contains the mysql.gtid_executed table) is not dropped after the gtid_purged GTID set is written. A new option --skip-mysql-schema is added for mysqldump which lets you choose not to drop the mysql schema at all.

JSON: Conversion of JSON values to text caused linear growth of the destination string, resulting in an unnecessarily high number of reallocations. Now this process uses exponential growth instead, to reduce the number of allocations required.

This fix originally appeared in MySQL 8.0 and was backported to MySQL 5.7 by Annirudh Prasad, whom we thank for the contribution.

Concurrent insert operations on multiple tables with full-text indexes caused a large number of full-text index synchronization requests, resulting in an out of memory condition.

When a query uses a temporary table for aggregation, the group by item is used as a unique constraint on the temporary table: If the item value is already present, the row is updated; otherwise, a new row is inserted into the temporary table. If the item has a result field or reference item, it it evaluated twice, once to check whether the result exists in the temporary table and, if not, again while constructing the row to be inserted. When the group by item was nondeterministic, the result value used to check for existence differed from that with which an insert was attempted, causing the insert to be rejected if the value already existed in the table.

We fix this by using the hash of any nondeterministic items as the unique constraint, so that the hash is evaluated once only.

Quote handling was improved for the SHOW GRANTS statement.

(adam)

doc: Updated mail/isync to 1.4.3

(schmonz)

Update to 1.4.3. From the changelog:

- limit maildir nesting depth
- enable embedding arbitrarily long strings into IMAP commands
- CVE-2021-3578: fix handling of unexpected APPENDUID response code
- don't crash on malformed CAPABILITY responses
- tolerate INBOX mis-casing in Path
- make UIDVALIDITY recovery more strict about vanished messages
- improve error messages about irrecoverably changed UIDVALIDITY
- CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB
- be more tolerant of formally malformed response codes
- fix bogus continuation of IMAP list parsing
- accept unsolicited FETCH responses (without payload) after all
- use correct <poll.h> header

(schmonz)

doc: Updated graphics/imlib2 to 1.7.4

(nia)

imlib2: update to 1.7.4

v1.7.4 - 2021-09-16
-------------------
Kim Woelders (14):
      imlib2_view: Move property stuff to separate file
      imlib2_view: Cleanups
      imlib2_view: By default scale large images to fit on screen
      imlib2_view: Add some debug
      imlib2_view: Fix issue with new default scaling
      WEBP loader: Remove forgotten debug printout
      WEBP loader: Rename fd variable to be same as everywhere else
      LBM loader: Fix potential out-of-bounds memory access
      GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix
      Revert "GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix"
      GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix - take 2
      Add script to generate Changelog
      Update Changelog to new format
      image.c: Use the LOAD_... macros to check loader return values

(nia)

doc: Updated chat/hexchat to 2.16.0

(nia)

hexchat: update to 2.16.0

2.16.0 (2021-10-01)

    * add support for IRCv3 SETNAME, invite-notify, account-tag, standard
      replies, and UTF8ONLY
    * add support for strikethrough formatting
    * update network list (including Libera.Chat as the default)
    * update OpenSSL on Windows
    * fix text clipping issues by respecting font line height
    * fix URLs not being escaped when opened
    * fix misc IRC message parsing issues
    * remove libnotify dependency on Linux, fixing hangs when notifications
      are shown
    * remove libproxy dependency on Linux
    * print ChanServ notices in the front tab by default
    * fishlim: add support for CBC mode
    * python: rewrite plugin in python with CFFI This lowers memory usage
      and fixed conflicts with many C Python modules including pygobject

(nia)

doc: Updated sysutils/htop to 3.1.1

(nia)

htop: update to 3.1.1

What's new in version 3.1.1

* Update license headers to explicitly say GPLv2+
* Document minimum version for libcap (thanks to James Brown)
* Fix mouse wheel collision with autogroups nice adjustment
* Adjust Makefile.am macro definitions for older automake versions
* Ensure consistent reporting of MemoryMeter 'used' memory
* Report hugepage memory as real and used memory (as before)
* Handle procExeDeleted, usesDeletedLib without mergedCommandline mode
* Validate meter configuration before proceeding beyond htoprc parsing
* Properly release memory on partially read configuration
* Handle interrupted sampling from within libpcp PDU transfers
* On Linux, provide O_PATH value if not defined
* On Linux, always compute procExeDeleted if already set
* Workaround for Rosetta 2 on Darwin (thanks to Alexander Momchilov)
* Fix FreeBSD cmdline memory leak in Process_updateCmdline, and
* Plug a Disk I/O meter memory leak on FreeBSD (thanks to Ximalas)

(nia)

doc: Updated security/libretls to 3.4.1

(schmonz)

Update to 3.4.1. From the changelog:

The shared library major version of libtls has been bumped to 22.

tls_connect(3) and friends now strip a trailing dot from servername.

This patch imports the missing scripts/wrap-compiler-for-flag-check
file, which was incorrectly causing compiler flags to not be used.

>From the upstream LibreSSL changelog:

* New Features
  - Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
  - Enabled the new X.509 validator to allow verification of
    modern certificate chains.
* Portable Improvements
  - Added Universal Windows Platform (UWP) build support.
  - Fixed mingw-w64 builds on newer versions with missing SSP support.
* API and Documentation Enhancements
  - Added the following APIs from OpenSSL
    BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
    EC_GROUP_order_bits EC_GROUP_set_curve
    EC_POINT_get_affine_coordinates
    EC_POINT_set_affine_coordinates
    EC_POINT_set_compressed_coordinates EVP_DigestSign
    EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
    SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
    SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
    SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
    SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
    SSL_SESSION_set_max_early_data SSL_get_early_data_status
    SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
    SSL_set_ciphersuites SSL_set_max_early_data
    SSL_set_post_handshake_auth
    SSL_set_psk_use_session_callback
    SSL_verify_client_post_handshake SSL_write_early_data
  - Added AES-GCM constants from RFC 7714 for SRTP.
* Compatibility Changes
  - Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
  - Call the info callback on connect/accept exit in TLSv1.3,
    needed for p5-Net-SSLeay.
  - Default to using named curve parameter encoding from
    pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
  - Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
* Testing and Proactive Security
  - Added additional state machine test coverage.
  - Improved integration test support with ruby/openssl tests.
  - Error codes and callback support in new X.509 validator made
    compatible with p5-Net_SSLeay tests.
* Internal Improvements
  - Numerous fixes and improvements to the new X.509 validator to
    ensure compatible error codes and callback support compatible
    with the legacy OpenSSL validator.

(schmonz)

jack: Fixup Darwin library install names.

(jperkin)

doc: Updated editors/nano to 5.9

(nia)

nano: update to 5.9

2021.10.06 - GNU nano 5.9 "El manicomio ha decidido: mañana sol!"
• The extension of a filename is added to the name of a corresponding
  temporary file, so that spell checking a C file, for example, will
  check only the comments and strings (when using 'aspell').
• The process number is added to the name of an emergency save file,
  so that when multiple nanos die they will not fight over a filename.
• Undoing a cutting operation will restore an anchor that was located
  in the cut area to its original line.
• When using --locking, saving a new buffer will create a lock file.
• Syntax highlighting for YAML files has been added.

(nia)

doc: Updated sysutils/mc to 4.8.27

(nia)

mc: 4.8.27

Version 4.8.27

- Core

    * Minimal version of Autoconf is 2.64
    * Minimal version of Automake is 1.12
    * Minimal version of Gettext is 0.18.2
    * Minimal version of libssh2 is 1.2.8
    * Reimplement version detection
    * Significantly reduce rebuilt time after version change
    * Drop automatic migration of configuration from ~/.mc to XDG-based directories
    * zsh: support custom configuration file: ~/.local/share/mc/.zshrc
    * Widgets: implement WST_VISIBLE state to show/hide widgets
    * "Find File": add "Follow symlinks" option

- VFS

    * extfs: support unrar-6
    * extfs: support official 7z binary
    * ftpfs: apply file list parser from lftp project

- Editor

    * Word completion: get candidates from all open files
    * etags: get rid of hardcoded list length and window width
    * Update syntax files:
        - Python
    * Add syntax highlighting:
        - Verilog and SystemVerilog header files
        - JSON
        - openrc-run scripts

- Misc

    * Code clean up
    * Filehighlight of c++ and h++ files as sources
    * Filehighlight of JSON files as documents
    * Support of alacritty terminal emulator (https://github.com/alacritty/alacritty)
    * Support of foot terminal emulator (https://codeberg.org/dnkl/foot)
    * Support of (alt+)shift+arrow keys in st terminal emulator (st.suckless.org)
    * Mouse support in screen: don't check $DISPLAY variable
    * mc.ext: support fb2 e-books
    * ext.d: use mediainfo to view info about various media files
    * Remove OS/distro-specific package-related stuff from source tree

- Fixes

    * FTBFS against NCurses on OS X 10.9.5
    * Segfault on dialog before panels get visible
    * Crash if shadow is out of screen (build against NCurses)
    * Crash in search
    * Crash on startup with enabled subshell in FreeBSD (workaround)
    * Hang on start randomly with zsh as subshell
    * If command line is invisible it's partially displayed
    * Broken handling of zip archives
    * Broken handling of jar files as zip archives
    * Timestamps of symlinks, sockets, fifos, etc are not preserved after copy/move
    * %view action in the user menu doesn't work on no-exec filesystem
    * Hardlinks are not colored by file type or extension
    * mcedit: silent macro makes terminal disrupted
    * mcedit: disrupting of TAGS file path
    * vfs: unable to browse compressed tar archives
    * sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified (discovered by AUT-milCERT during an audit of open source software)
    * ftpfs vfs: month of file is always January
    * Tests: log files are written by libcheck and automake simultaneously

(nia)

glib2: Pull in python tool.mk

Required to find the correct meson python version.  Fixes build on e.g. Darwin
that ships with /usr/bin/python version 2.7.

(jperkin)

doc: Updated devel/pcre2 to 10.38

(nia)

pcre2: update to 10.38

Version 10.38 01-October-2021
-----------------------------

As well as some bug fixes and tidies (as always, see ChangeLog for details),
the documentation is updated to list the new URLs, following the move of the
source repository to GitHub and the mailing list to Google Groups.

* The CMake build system can now build both static and shared libraries in one
go.

* Following Perl's lead, \K is now locked out in lookaround assertions by
default, but an option is provided to re-enable the previous behaviour.

(nia)

doc: Updated x11/rofi to 1.7.0

(nia)

rofi: update to 1.7.0

v1.7.0: Iggy 2024
  - ADD: -steal-focus option.
  - ADD: [Config] Add nested configuration option support.
  - ADD: [Config] Support for handling dynamic config options.
  - ADD: [IconFetcher] Find images shipped with the theme.
  - ADD: [DRun] Add support for passing file (using file-browser) completer for desktop files that support his.
  - ADD: [DRun] Support for service files.
  - ADD: [FileBrowser] Allow setting startup directory (#1325)
  - ADD: [FileBrowser]: Add sorting-method. (#1340)
  - ADD: [FileBrowser] Add option to group directories ahead of files. (#1352)
  - ADD: [Filtering] Add prefix matching method. (#1237)
  - ADD: [Icon] Add option to square the widget.
  - ADD: [Icon|Button] Make action available on icon, button and keybinding name.
  - ADD: [KeyBinding] Add Ctrl-Shift-Enter option. (#874)
  - ADD: [ListView]-hover-select option. (#1234)
  - ADD: [Run] Add support for passing file (using file-browser) completer.
  - ADD: [Textbox] Allow theme to force markup on text widget.
  - ADD: [Theme] theme validation option. (`-rasi-validate`)
  - ADD: [View] Add support for user timeout and keybinding action.
  - ADD: [Widget] Add cursor property (#1313)
  - ADD: [Widget] Add scaling option to background-image.
  - ADD: [Widget] Add support background-image and lineair gradient option.
  - ADD: [Window] Add pango markup for window format (#1288)
  - ADD: [Window] Allow rofi to stay open after closing window.
  - FIX: [DSL] Move theme reset into grammar parser from lexer.
  - FIX: [Drun]: fix sorting on broken desktop files. (thanks to nick87720z)
  - FIX: [File Browser]: Fix escaping of paths.
  - FIX: [ListView] Fix wrong subwidget name.
  - FIX: [Script] Don't enable custom keybindings by default.
  - FIX: [TextBox] Fix height estimation.
  - FIX: [Theme] widget state and inherited properties. This should help fixing some old themes with changes from 1.6.1.
  - FIX: [Widget] Fix rendering of border and dashes. (Thanks to nick87720z)
  - FIX: [Build] Fix CI.
  - FIX: [Theme] Discard old theme, when explicitly passing one on command line.
  - REMOVE: -dump-xresources
  - REMOVE: -fullscreen
  - REMOVE: -show-match
  - REMOVE: Old xresources based configuration file.
  - REMOVE: fake transparency/background option, part of theme now.
  - REMOVE: xresources parsing via Xserver
  - Remove: [Theme] Remove backwards compatiblity hack.
  - DOC: Update changes to manpages

(nia)

doc: Updated www/snownews to 1.9

(nia)

snownews: remove dependency on libiconv

(nia)

snownew: update to 1.9

  msharov released this Oct 2, 2021

    * Make the UI more compact.
    * Simplify HTML detagging and rewrapping.
    * Store feed cache content detagged.
    * New translation for Serbian.
    * Support ncurses without widechars.
    * Quit normally on non-fatal signals.
    * Stop using libiconv because only UTF8 is supported.
    * Remove the need to configure html_entities.
    * Ignore atom link tags where rel != alternate.
    * Fix saving of changes to smart feeds.

(nia)

doc: Updated sysutils/vifm to 0.12

(nia)

vifm: update to 0.12

Vifm v0.12
September 29, 2021

  New version makes textual preview asynchronous, provides support for
  24-bit colors, improves tree-view and introduces experimental Lua plugins
  support.

  Thanks to everyone who tried out the beta.

  Main changes
    * Color schemes and preview now support 24-bit colors.
    * Depth of tree-view can now be limited and directories in it can be
      folded.
    * Textual preview of files is now done asynchronously.
    * List of files can now be directly piped to programs via new macros.
    * External editing now asks for a re-edit after a failure.
    * Status line can now take up several lines.
    * Vifm has received a more advanced, but currently experimental,
      extension interface in a form of Lua plugins.
    * New keys for controlling viewer while in view mode.
    * View column separators.
    * New logo.

(nia)

doc: Updated chat/weechat to 3.3

(nia)

weechat: update to 3.3

pkgsrc changes:
- re-enable man page generation
- remove patch that upstream fixed in a different way

== Version 3.3 (2021-09-19)

New features::

  * core: change key kbd:[Alt+h] to kbd:[Alt+h], kbd:[Alt+c] (clear hotlist)
  * core: add options "hotlist_remove_buffer", "hotlist_restore_buffer" and "hotlist_restore_all" in command /input, add default keys kbd:[Alt+h], kbd:[Alt+m] (remove buffer), kbd:[Alt+h], kbd:[Alt+r] (restore hotlist in current buffer) and kbd:[Alt+h], kbd:[Alt+Shift+R] (restore hotlist in all buffers)
  * core: add option "certs" in command /debug
  * core: add options "-o", "-ol", "-i" and "-il" in command "/plugin list"
  * api: add split of string and shell arguments in evaluation of expressions with "split:number,seps,flags,xxx" and "split_shell:number,xxx"
  * api: add `${re:repl_index}` to get the index of replacement in function string_eval_expression (issue #1689)
  * api: add random integer number in evaluation of expressions with "random:min,max"
  * api: add function string_cut
  * api: add function file_copy (issue #1667)
  * api: remember insertion order in hashtables
  * api: add keys/values with tags in output of irc_message_parse_to_hashtable (issue #1654)
  * irc: add option "-parted" in command /allchan (issue #1685)
  * irc: allow signals "irc_raw_in" and "irc_in" to eat messages (issue #1657)
  * irc: implement IRCv3.2 SASL authentication, add command /auth, reconnect by default to the server in case of SASL authentication failure (issue #413)
  * irc: add support of capability "message-tags" and TAGMSG messages (issue #1654)
  * irc: enable all capabilities by default (if supported by server and WeeChat), change default value of option irc.server_default.capabilities to "*" (issue #320)
  * irc: add options irc.look.display_account_message and irc.look.display_extended_join (issue #320)
  * irc: add command /setname, add support of message and capability "setname" (issue #1653)
  * irc: always set realname in nicks even when extended-join capability is not enabled (issue #1653)
  * irc: add support of FAIL/WARN/NOTE messages (issue #1653)
  * irc: drop support of DH-BLOWFISH and DH-AES SASL mechanisms (issue #175)
  * typing: new plugin "typing": display users currently writing messages on IRC channel/private buffers

Bug fixes::

  * core: fix decoding of attributes in basic ANSI colors (issue #1678)
  * api: fix function string_match with joker in the string if multiple words matched in input string
  * irc: fix send of empty JOIN when connecting to a server with only parted channels (issue #1638)
  * irc: fix SASL authentication when AUTHENTICATE message is received with a server name (issue #1679)
  * irc: remove unneeded message about Diffie-Hellman shared secret exchange during SSL connection to server (issue #857)
  * irc: escape/unescape IRC message tags values (issue #1654)
  * irc: set notify level to "private" for received WALLOPS
  * script: fix move of installed script on another filesystem (issue #1667)

Documentation::

  * add Spanish FAQ (issue #1656)
  * add Serbian translations (issue #1655)

Tests::

  * core: switch to PHP 8.0 in CI
  * core: add build on macOS in CI

Build::

  * core: fix build on macOS (issue #1662)
  * lua: add detection of Lua 5.4
  * php: add support of PHP 8.0 and 8.1 (issue #1599, issue #1668)

(nia)

doc: Updated chat/unrealircd to 5.2.2

(nia)

unrealircd: update to 5.2.2

UnrealIRCd 5.2.2 Release Notes
===============================

This 5.2.2 release only contains some minor changes.

Fixes:
* Fix issues with Let's Encrypt certificates for
  [remote includes](https://www.unrealircd.org/docs/Remote_includes) (quite
  common) and with linking to servers with link::verify-certificate enabled
  (more rare). Both issues only happen with:
  * OpenSSL 1.0.2 and older, which is officially unsupported, but still in
    use on e.g. Debian 8 and Ubuntu 16.04.
  * LibreSSL, such as with UnrealIRCd on Windows
* OpenBSD compile issue when using shipped c-ares

Enhancements:
* [set::allowed-nickchars](https://www.unrealircd.org/docs/Nick_Character_Sets):
  added ```arabic-utf8```
* [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking):
  add another autoconnect-strategy called ```sequential-fallback```.

Module coders / IRC protocol:
* S2S: Allow ```SVSLOGIN``` also when
[set::sasl-server](https://www.unrealircd.org/docs/Set_block#set::sasl-server)
is not set.
* Some minor ```CHATHISTORY``` fixes, for example the subcommand is now
  case-insensitive.
* You can use the new ```UNREAL_VERSION``` macro. It is easier than the
  old individual UNREAL_VERSION_MAJOR/MINOR/etc macros.

(nia)

doc: Updated sysutils/macchina to 2.0.0

(pin)

sysutils/macchina: update to 2.0.0

Breaking change:
-The palette option, previously taking a boolean value, now accepts the
following:
-Dark: Display darker color variants.
-Light: Display lighter color variants.
-Full: Display all color variants.

(pin)

doc: Updated benchmarks/hyperfine to 1.12.0

(pin)

benchmarks/hyperfine: update to 1.12.0

Features:
--command-name can now take parameter names from --parameter-* options, see #351
and #391 (@silathdiir)
-Exit codes (or signals) are now printed in cases of command failures, see #342
(@KaindlJulian)
-Exit codes are now part of the JSON output, see #371 (@JordiChauzi)
-Colorized output should now be enabled on Windows by default, see #427

Changes:
-When --export-* commands are used, result files are created before benchmark
execution
-to fail early in case of, e.g., wrong permissions. See #306 (@s1ck).
-When --export-* options are used, result files are written after each
individual
-benchmark command instead of writing after all benchmarks have finished. See
#306 (@s1ck).
-Reduce number of shell startup time measurements from 200 to 50, generally
speeding up benchmarks. See #378
-User and system time are now in consistent time units, see #408 and #409
(@film42)

(pin)

doc: Updated net/httpstat to 1.3.0

(tm)

net/httpstat: Update to 1.3.0

v1.3.0 - Oct 15, 2020
- Add HTTPSTAT_METRICS_ONLY env.
  If set to true, httpstat will only output metrics in json format,
  this is useful if you want to parse the data instead of reading it.

(tm)

doc: Updated net/rbldnsd to 0.998

(tm)

net/rbldnsd: Update to 0.998

0.998 (05 Dec 2015)
- bugfix: correctly handle V4MAPPED (v4 in v6) addresses, the
  original v6 prefix was wrong.  Thanks to Alex Lasoriti for
  finding the issue
- bugfix: sometimes IP4-based datasets gave false positives when
  an IP6 dataset were present, and it was also possible to have
  false positive in IP6 datasets.  Both has been fixed.

(tm)

doc: Updated mail/sieve-connect to 0.9

(tm)

mail/sieve-connect: Update to 0.90

0.90: minor cleanups
- Update various regular expressions to not break under a future
  Perl 5.30 release
- Use a .sieve filename extension for temporary files, to assist
  text-editors with mode selection.

(tm)

doc: Updated audio/mpg123-pulse to 1.29.1

(thor)

doc: Updated audio/mpg123-nas to 1.29.1

(thor)

doc: Updated audio/mpg123-jack to 1.29.1nb1

(thor)

doc: Updated audio/mpg123 to 1.29.1

(thor)

mpg123: version 1.29.1

Upstream changelog:

.29.1
------
- mpg123:
-- Keep default output encoding of s16 for raw and file outputs
  also with the new resampler. This reverts the unintentional change in
  1.26.0 of switching to f32 for forced output rate unless the NtoM
  resampler is selected. In any case, you should make sure to specify
  your desired --encoding if you depend on it.
-- Catch error in indexing (mpg123_scan() return value was ignored
  before, bug 322).
- mpg123-strip: Lift the resync limit, as it should be to clean up really
  dirty streams.
- mpg123-id3dump: Also lift resync limit for the same reasons.
- libout123: fix reporting of device property flags for buffer
- libmpg123: more safeguarding against attempts to decode if decoder
  setup failed and user ignored the returned error code (bug 322)

(thor)

doc: Updated chat/icbirc to 2.1

(tm)

chat/icbirc: Update to 2.1

2.1:
  Return *** as nick in IRC error messages (where missing), add
  pledge(2) call on OpenBSD, from semarie@.

2.0:
  Merge OpenBSD port patches, originally from ray@ in 2009:
  Fix corruption that occurs when connecting and reconnecting to icbirc
  repeatedly. After a while, icbirc starts reusing the command buffer
  from a previous connection, causing all further connections to
  incorrectly parse commands.

(tm)

doc: Updated sysutils/ts to 1.0.1

(tm)

sysutils/ts: Update to 1.0.1

v1.0.1:
- Fix possible buffer overflow (Alexander Inyukhin)
v1.0:
- Respect TMPDIR for output files.
v0.7.6:
- Add -k (send SIGTERM to process group). Replacement for "kill -- -`ts -p`".

(tm)

doc: Updated sysutils/ioping to 1.2

(tm)

sysutils/ioping: Update to 1.2

v1.2 / 2020-02-02
* makefile: merge compiling and linking
* ioping: add -r, -rate-limit
* ioping: reformat usage
* Merge pull request #42 from kohju/patch-Solaris
* Support for Solaris.
* ioping: option -J|-json for printing JSON
* ioping: add option -a|-warmup <count>
* ioping: add long options
* ioping: print filesystem size for file or directory target
* Merge pull request #39 from justinpitts/patch-1
* Fix grammar mistake.

(tm)

doc: Pullup ticket #6521

(tm)

Pullup ticket #6521 - requested by nia
mail/alpine: security fix

Revisions pulled up:
- mail/alpine/Makefile                                          1.48
- mail/alpine/distinfo                                          1.27
- mail/alpine/patches/patch-imap_src_mtest_mtest.c              deleted

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Sun Oct 17 09:49:10 UTC 2021

  Modified Files:
  pkgsrc/mail/alpine: Makefile distinfo
  Removed Files:
  pkgsrc/mail/alpine/patches: patch-imap_src_mtest_mtest.c

  Log Message:
  alpine: Update to 2.25.

  pkgsrc changes and notes:

  - According to the release notes, this fixes CVE-2021-38370 by
    Damian Poddebniak.
  - I have added the maildir patch, as FreeBSD does, because it seems
    useful.
  - I have removed the non-trivial patch for OpenBSD, because going by
    OpenBSD's ports repository it's no longer necessary at all.

      Version 2.25 includes several new features and bug fixes.

      Additions include:
        * Unix Alpine: New configuration variable ssl-ciphers that allows users
          to list the ciphers to use when connecting to a SSL server. Based on a
          collaboration with Professor Martin Trusler.
        * New hidden feature enable-delete-before-writing to add support for
          terminals that need lines to be deleted before being written. Based on
          a collaboration with Professor Martin Trusler.
        * Experimental: The instruction to remove the double quotes from the
          processing of customized headers existed in pine, but it was removed
          in alpine. Restoring old Alpine behavior. See this
        * Add the capability to record http debug. This is necessary to debug
          XOAUTH2 authentication, and records sensitive login information. Do
          not share your debug file if you use this form of debug.
        * Remove the ability to choose between the device and authorize methods
          to login to outlook, since the original client-id can only be used for
          the device method. One needs a special client-id and client-secret to
          use the authorize method in Outlook.
        * PC-Alpine only: Some service providers produce access tokens that are
          too long to save in the Windows Credentials, so the access tokens will
          be split and saved as several pieces. This means that old versions of
          Alpine will NOT be able to use saved passwords once this new version
          of Alpine is used.
        * PC-Alpine: Debug files used to be created with extension .txt1, .txt2,
          etc. Rename those files so that they have extension .txt.
        * Always follow **suppress-asterisks-in-password-prompt** setting in
          the various password prompts. Submitted by tienne Deparis.
        * Use 'alpine -F' instead of 'pine -F' as the browser default pager.
          Submitted by tienne Deparis.
        * Introduction of OTHER CMDS menu for the browser/pilot to let people
          discover the two new commands: "1" is a toggle that switches between 1
          column and multicolumn mode. The "." command toggles between hiding or
          showing hidden files, and the "G" command to travel between
          directories. Contributed by tienne Deparis.
        * Add option -xoauth2-flow to the command line, so that users can
          specify the parameters to set up an xoauth2 connection through the
          command line.
        * Alpine deletes, from its internal memory and external cache, passwords
          that do not work, even if they were saved by the user.
        * New format for saving passwords in the windows credential manager for
          PC-Alpine. Upon starting this new version of Alpine the passwords
          saved in the credential manager are converted to the new format and
          they will not be recognized by old versions of Alpine, but only by
          this and newer versions of Alpine.
        * Enabled encryption protocols in PC-Alpine are based on those enabled
          in the system, unless one is specified directly.

      Bugs that have been addressed include:
        * The c-client library parses information from an IMAP server during
          non-authenticated state which could lead to denial of service.
          Reported by Damian Poddebniak from Mnster University of Applied
          Sciences.
        * Memory corruption when alpine searches for a string that is an
          incomplete utf8 string in a local folder. This could happen by
          chopping a string to make it fit a buffer without regard to its
          content. We fix the string so that chopping it does not damage it.
          Reported by Andrew.
        * Crash in the ntlm authenticator when the user name does not include a
          domain. Reported and fixed by Anders Skargren.
        * When forwarding a message, replacing an attachment might make Alpine
          re-attach the original attachment. Reported by Michael Traxler.
        * When an attachment is deleted, the saved message with the deleted
          attachment contains extra null characters after the end of the
          attachment boundary.
        * Tcp and http debug information is not printed unless the default debug
          level is set to 1. Print this if requested, regardless of what the
          default debug level is.
        * When trying to select a folder for saving a message, one can only
          enter a subfolder by pressing the ">" command, rather than the normal
          navigation by pressing "Return". Reported by Ulf-Dietrich Braunmann.
        * Crash when attempting to remove a configuration for a XOAUTH2 server
          that has no usernames configured.
        * Crash caused by saving (and resaving) XOAUTH2 refresh and access
          tokens in PC-Alpine. Reported by Karl Lindauer.

(tm)

doc: Pullup ticket #6522

(tm)

Pullup ticket #6522 - requested by nia
mail/balsa: security fix

Revisions pulled up:
- mail/balsa/Makefile                                          1.169
- mail/balsa/distinfo                                          1.27
- mail/balsa/patches/patch-sounds_Makefile.in                  1.2
- mail/balsa/patches/patch-src_sendmsg-window.c                deleted

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Sun Oct 17 10:08:53 UTC 2021

  Modified Files:
  pkgsrc/mail/balsa: Makefile distinfo
  pkgsrc/mail/balsa/patches: patch-sounds_Makefile.in
  Removed Files:
  pkgsrc/mail/balsa/patches: patch-src_sendmsg-window.c

  Log Message:
  balsa: update to 2.6.3

  This fixes the STARTTLS-related crash bugs mentioned here:
  https://nostarttls.secvuln.info/

  * Balsa-2.6.3 release. Release date 2021-08-18

  - Improve Autocrypt-related error messages.
  - Improvements to communication with GnuPG key servers.
  - Create standard-compatible HTML messages.
  - Implement sender-dependent HTML message preferences.
  - Reuse HTTP connections when rendering HTML messages.
  - Do not send empty Reply-To, Cc, etc headers.
  - More robust IMAP parser and response handling.
  - Code cleanups, platform-dependent build fixes

(tm)

xf86-video-intel: Builds extra program with timerfd. Add LICENSE.

(nia)

doc: Updated graphics/feh to 3.7.2

(nia)

feh: update to 3.7.2

Sat, 25 Sep 2021 09:21:25 +0200  Daniel Friesel <derf+feh@finalrewind.org>

* Release v3.7.2
    * Fix crash when running feh without stdin file descriptor

(nia)

doc: Updated converters/fribidi to 1.0.11

(nia)

fribidi: update to 1.0.11

Overview of changes between 1.0.10 and 1.0.11
=============================================

* Updated Unicode tables to version 14.
* Skip isolates in fribidi_get_par_direction().
* Various fuzzing fixes.
* Various build fixes.

(nia)

doc: Pullup ticket #6520

(tm)

Pullup ticket #6520 - requested by wiz
databases/sqlite3: segfault fix

Revisions pulled up:
- databases/sqlite3/Makefile                                    1.142
- databases/sqlite3/distinfo                                    1.173
- databases/sqlite3/patches/patch-shell.c                      1.1

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sun Oct 17 07:14:27 UTC 2021

  Modified Files:
  pkgsrc/databases/sqlite3: Makefile distinfo
  Added Files:
  pkgsrc/databases/sqlite3/patches: patch-shell.c

  Log Message:
  sqlite3: fix (disputed) CVE-2021-36690

  Bump PKGREVISION.

(tm)

doc: Updated net/bftpd to 6.0

(nia)

bftpd: update to 6.0

Jesse Smith <jessefrgsmith@yahoo.ca> -> 6.0
- Make extended passive mode respect the PASSIVE_PORTS variable
  in the bftpd configuration file. Previously random ports
  would be assigned.
- Minor code clean-up in mystrings library to avoid calculating
  string length multiple times.

Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.9
- Fixed output of directory listing so that file size is right-justified
  which makes output look cleaner.
  Fix suggested by uomo ukko.
- Addressed some compiler warnings. Make sure we bail out
          of situations even if they should never realisticaly return
  an error.

Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.8
- Many spelling errors in source code and documentation found and
  fixed by Jens of Fossies (fossies.org). Applied spelling corrections.
- Removed mark-up and special characters from COPYING, README, and INSTALL
  files.
- Fixed file size reporting on 32-bit ARM architecture when files are
  large (greater than 2GB).
  Problem and fix reported by uomo ukko.

Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.7
- A malicious client could cause a buffer overflow with
  a lot of EPSV commands sent in a row. We now close
  the pasv socket before each new use to avoid accumulating
  more than 1023.
  Thanks to Shisong Qin for reporting this issue and suggesting
  a fix.

(nia)

doc: Updated mail/balsa to 2.6.3

(nia)

balsa: update to 2.6.3

This fixes the STARTTLS-related crash bugs mentioned here:
https://nostarttls.secvuln.info/

* Balsa-2.6.3 release. Release date 2021-08-18

- Improve Autocrypt-related error messages.
- Improvements to communication with GnuPG key servers.
- Create standard-compatible HTML messages.
- Implement sender-dependent HTML message preferences.
- Reuse HTTP connections when rendering HTML messages.
- Do not send empty Reply-To, Cc, etc headers.
- More robust IMAP parser and response handling.
- Code cleanups, platform-dependent build fixes

(nia)

pkgin: Prefer gzip on more 32-bit archs.

(nia)

doc: Updated mail/alpine to 2.25

(nia)

alpine: Update to 2.25.

pkgsrc changes and notes:

- According to the release notes, this fixes CVE-2021-38370 by
  Damian Poddebniak.
- I have added the maildir patch, as FreeBSD does, because it seems
  useful.
- I have removed the non-trivial patch for OpenBSD, because going by
  OpenBSD's ports repository it's no longer necessary at all.

  Version 2.25 includes several new features and bug fixes.

  Additions include:
    * Unix Alpine: New configuration variable ssl-ciphers that allows users
      to list the ciphers to use when connecting to a SSL server. Based on a
      collaboration with Professor Martin Trusler.
    * New hidden feature enable-delete-before-writing to add support for
      terminals that need lines to be deleted before being written. Based on
      a collaboration with Professor Martin Trusler.
    * Experimental: The instruction to remove the double quotes from the
      processing of customized headers existed in pine, but it was removed
      in alpine. Restoring old Alpine behavior. See this
    * Add the capability to record http debug. This is necessary to debug
      XOAUTH2 authentication, and records sensitive login information. Do
      not share your debug file if you use this form of debug.
    * Remove the ability to choose between the device and authorize methods
      to login to outlook, since the original client-id can only be used for
      the device method. One needs a special client-id and client-secret to
      use the authorize method in Outlook.
    * PC-Alpine only: Some service providers produce access tokens that are
      too long to save in the Windows Credentials, so the access tokens will
      be split and saved as several pieces. This means that old versions of
      Alpine will NOT be able to use saved passwords once this new version
      of Alpine is used.
    * PC-Alpine: Debug files used to be created with extension .txt1, .txt2,
      etc. Rename those files so that they have extension .txt.
    * Always follow â**suppress-asterisks-in-password-promptâ** setting in
      the various password prompts. Submitted by Étienne Deparis.
    * Use 'alpine -F' instead of 'pine -F' as the browser default pager.
      Submitted by Étienne Deparis.
    * Introduction of OTHER CMDS menu for the browser/pilot to let people
      discover the two new commands: "1" is a toggle that switches between 1
      column and multicolumn mode. The "." command toggles between hiding or
      showing hidden files, and the "G" command to travel between
      directories. Contributed by Étienne Deparis.
    * Add option -xoauth2-flow to the command line, so that users can
      specify the parameters to set up an xoauth2 connection through the
      command line.
    * Alpine deletes, from its internal memory and external cache, passwords
      that do not work, even if they were saved by the user.
    * New format for saving passwords in the windows credential manager for
      PC-Alpine. Upon starting this new version of Alpine the passwords
      saved in the credential manager are converted to the new format and
      they will not be recognized by old versions of Alpine, but only by
      this and newer versions of Alpine.
    * Enabled encryption protocols in PC-Alpine are based on those enabled
      in the system, unless one is specified directly.

  Bugs that have been addressed include:
    * The c-client library parses information from an IMAP server during
      non-authenticated state which could lead to denial of service.
      Reported by Damian Poddebniak from Münster University of Applied
      Sciences.
    * Memory corruption when alpine searches for a string that is an
      incomplete utf8 string in a local folder. This could happen by
      chopping a string to make it fit a buffer without regard to its
      content. We fix the string so that chopping it does not damage it.
      Reported by Andrew.
    * Crash in the ntlm authenticator when the user name does not include a
      domain. Reported and fixed by Anders Skargren.
    * When forwarding a message, replacing an attachment might make Alpine
      re-attach the original attachment. Reported by Michael Traxler.
    * When an attachment is deleted, the saved message with the deleted
      attachment contains extra null characters after the end of the
      attachment boundary.
    * Tcp and http debug information is not printed unless the default debug
      level is set to 1. Print this if requested, regardless of what the
      default debug level is.
    * When trying to select a folder for saving a message, one can only
      enter a subfolder by pressing the ">" command, rather than the normal
      navigation by pressing "Return". Reported by Ulf-Dietrich Braunmann.
    * Crash when attempting to remove a configuration for a XOAUTH2 server
      that has no usernames configured.
    * Crash caused by saving (and resaving) XOAUTH2 refresh and access
      tokens in PC-Alpine. Reported by Karl Lindauer.

(nia)