acmesh: update to 3.0.1

Changes:

- We don't have bugs for the DST roots, but we add a new useful command "--set-default-chain" for the users to fix the chains fast.
- More dns apis are added.
- More deploy hooks are added.
- Normal bug fixes.

(nia)

doc: Updated audio/abcmidi to 20211015

(nia)

abcmidi: update to 20211015

September 15 2021

abc2midi bug:
The last fix in June 27 2021 inserting a break introduced a new bug.
The chord associated with the 'b' gchord code was missing. b and f
codes were indistinguishable. Fix: removed the break in the switch
statement for case b:

October 11 2021

abc2midi new feature:
In compliance with the ABC draft standard 2.2, I introduced additional
K: and V: options for transposition. You can now indicate the number
of semitones to transpose by giving the original note and the
corresponding transposed note in the K: or V: field using either
shift = note1note2
sound = note1note2
instrument = note1/note2
The number of semitones is determined by the difference note2 - note1.

Abcm2ps and abc2svg recognize this command, but abc2abc, yaps, and
abcmatch ignore this new option.

http://abcnotation.com/wiki/abc:standard:v2.2#transposition

October 15 2021

Abc2abc -P bug

X:1
T: P bug
M:4/4
L:1/4
V:1 clef=treble
V:2 clef=bass
%%staves [1 2]
K:C
V:1
C2 D2  |  C4 |
V:2
C,2 G,2 | C,4|

The command
abc2abc t.abc -t 3 -P 1
fails to transpose voice 1

This bug has been around since this option was introduced in June 7 2011.
Fortunately, it has not bothered anyone until recently.
If you add another K:c after the first V:1 command in the body as
shown below.

X:1
T: P bug
M:4/4
L:1/4
V:1 clef=treble
V:2 clef=bass
%%staves [1 2]
K:C
V:1
K:C
C2 D2  |  C4 |
V:2
C,2 G,2 | C,4|

then voice 1 will be transposed correctly. Unfortunately, there is
no easy fix. When the -P option is present, abc2abc ignores the
first K: field command. (In toabc.c line 1643 event_key aborts
prior to setting up the arrays for a key transpose. Commenting
out this return statement introduces another problem.)

The main issue is that abc2abc only does one pass through the
input file. It does not know whether there is a K: field command
following V:1. If it assumes that there is none and forces a
call to event_key in event_voice, there may be another problem
when a different K: field command is found eventually. I have
decided to suspend support to the -P option because it would be
too complicated to fix this.

(nia)

doc: Updated databases/sqlite3 to 3.36.0nb1

(wiz)

sqlite3: fix (disputed) CVE-2021-36690

Bump PKGREVISION.

(wiz)

sqlite3: fix pkglint

(wiz)

doc/TODO: add some

+ ImageMagick-7.1.0.10, fzf-0.27.3, musicpd-0.23, poppler-data-0.4.11,
  py-uritemplate-4.1.1, py-yarl-1.7.0, texlab-3.3.0.

(wiz)

doc: Updated security/fail2ban to 0.11.2

(tm)

doc: Updated net/proftpd to 1.3.7c

(tm)

doc: Updated net/proftpd to 1.3.7c

(tm)

Update proftpd to 1.3.7c

1.3.7c
  + Fix memory disclosure to RADIUS servers by mod_radius (Issue #1284).
  + PCRE expressions with capture groups were not being handled properly
    (Issue #1300).

1.3.7b
  + Fixed occasional segfaults with FTPS data transfers using TLSv1.3, when
    session tickets cannot be decrypted (Issue #1063).
  + Passive transfers fail unexpectedly due to use of SO_REUSEPORT socket
    option (Issue #1171).
  + Implemented support for Redis 6.x AUTH semantics (Issue #1070).
  + Fixed memory use-after-free issue in mod_sftp which can cause unexpected
    login/authentication issues.
  + Fixed SQL syntax regression for some generated SQL statements
    (Issue #1149).
  + Fixed "Corrupted MAC on inptut" errors when SFTP uses the
    umac-64@openssh.com digest (Issue #1111).

1.3.7a
  + Fix build-time regression when using the --localstatedir configure option.

1.3.7
  + Support the SOURCE_DATE_EPOCH environment variable, for reproducible
    builds (Issue #1038).

1.3.7rc4
  + Implemented support for configuring certificate options for LDAP
    connections using SSL/TLS.
  + Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
  + Fixed handling of IPv6 addresses in From directives (Issue #682).
  + Added -b and -n command-line options to ftptop.
  + Ignore supplemental groups when run as non-root user (Issue #808).
  + Use re-entrant versions of time functions where available (Issue #983).
  + New Configuration Directives
    BanOptions
      The BanOptions directive is used to tune mod_ban behavior, such as
      creating ban entries that match/apply to all <VirtualHost> sections.
      See doc/contrib/mod_ban.html#BanOptions for more details.
    LDAPUseSASL
      The LDAPUseSASL directive configures a list of SASL authentication
      mechanisms to use, when using the LDAPBindDN to bind to the LDAP
      server.  See doc/contrib/mod_ldap.html#LDAPUseSASL for details.
    LogOptions
      The LogOptions directive is used to modify the default logging format
      for ProFTPD syslog, debug, and module logging.  See
      doc/modules/mod_log.html#LogOptions for more information.
    SQLKeepAlive
      The SQLKeepAlive directive configures a periodic "keepalive" query
      for ensuring the connection between mod_sql and the backend database
      server.  See doc/contrib/mod_sql.html#SQLKeepAlive for more information.
  + Changed Configuration Directives
    LDAPServer
      The LDAPServer directive now supports configuring the trusted CA
      file, client certificate and key files, SSL ciphers, and verification
      policies for LDAP connections.  See doc/contrib/mod_ldap.html#LDAPServer
      for more details.
    TraceOptions
      The TraceOptions directive now supports a "Timestamp" option, for
      disabling inclusion of timestamps in Trace logs.
  + Developer notes
    When MaxLoginAttempts is reach, the POST_CMD_ERR/LOG_CMD_ERR command
    handler phases will now run.  This allows interested modules, such
    as mod_exec and others, to react to these events (Issue #718).

1.3.7rc3
  + Fixed regression in directory listing latency (Issue #863).
  + Fixed use-after-free vulnerability during data transfers (Issue #903).
  + Addressed out-of-bounds read in mod_cap by removing bundled libcap, and
    relying solely on the system-provided libcap (Issue #902).  Note that
    building ProFTPD from source will *not* automatically include the
    mod_cap module, unless the libcap library is available.
  + mod_sftp now supports OpenSSH-specific private host keys (Issue #793).
    Newer versions of OpenSSH ssh-keygen(1) automatically generate private
    keys formatted with this OpenSSH-specific format.
  + mod_sftp now supports Ed25519 keys (Bug #4221).
  + mod_sftp now supports RSA SHA-2 publickey signatures, per RFC 8332
    (Issue #907).
  + mod_tls now honors client-provided SNI as part of the TLS handshake,
    for implementing name-based virtual hosts via TLS SNI.
  + Changed Configuration Directives
    LogFormat %{transfer-port}
      The LogFormat directive supports a %{transfer-port} variable for
      logging the selected data transfer port.
    SFTPOptions NoExtensionNegotiation
      The mod_sftp module now supports SSH extension negotations (RFC 8332).
      If there any issues with this support, it can be disabled using:
        SFTPOptions NoExtensionNegotiation
    SQLAuthTypes bcrypt
      The mod_sql_passwd module now supports bcrypt-encrypted passwords.
      This can be enabled using:
        SQLAuthTypes bcrypt
      in your mod_sql configuration.  See doc/contrib/mod_sql_password.html
      for more information.
    TLSOption IgnoreSNI
      The TLSOption directive now supports an "IgnoreSNI" setting, to
      tell mod_tls to ignore/not use any SNI, provided by the client in the
      TLS handshake, for determining any name-based virtual hosts.  See
      doc/contrib/mod_tls.html#TLSOption for more details.
  + Added API
    FSIO pread(2), pwrite(2) (Issue#317)

1.3.7rc2
  + Fixed pre-authentication remote denial-of-service issue (Issue #846,
    CVE-2019-18217).

1.3.7rc1
  + RootRevoke is now on by default, meaning that once authentication succeeds,
    all root privileges are dropped by default, unless the UserOwner directive
    (which requires root privileges) is used (Bug#4241).
  + The mod_ident module is no longer automatically built by default.
    To include the mod_ident module in the build, it must be explicitly
    requested via --enable-ident or --with-shared=mod_ident.
    This means that configuration files using the IdentLookups directive
    will now want to using an enclosing <IfModule> section, like so:
      <IfModule mod_ident.c>
        IdentLookups off
      </IfModule>
  + The mod_tls module now performs basic sanity checks of configured TLS
    files on startup (Issue#491).
  + The mod_deflate module now supports MODE Z data transfers when TLS
    is used (Issue#505).
  + The mod_xfer module now supports the RANG FTP command; see
    https://tools.ietf.org/html/draft-bryan-ftp-range-08 (Issue#351).
  + The ftpasswd script now supports a --change-home option, for changing
    the home directory of a user in an AuthUserFile (Issue#566).
  + The ftpasswd script supports deleting a user from a group (Issue#620).
  + Refactored the LogFormat handling code so that it is not longer
    duplicated by mod_log, mod_sql, etc.  The new Jot API is the common API
    to be used by modules for LogFormat variables and logging.
  + Generated new DH parameters for mod_sftp, mod_tls.
  + New Configuration Directives
    AuthFileOptions
      The mod_auth_file module supports a configuration directive for disabling
      its requirement for secure permissions on configured
      AuthUserFile/AuthGroupFile.  See
      doc/modules/mod_auth_file.html#AuthFileOptions for information.
    RedisLogOnEvent
      The mod_redis module can be configured to log JSON messages based on
      specified events (Issue#392).  See the
      doc/modules/mod_redis.html#RedisLogOnEvent documentation for details.
    RedisOptions
      The mod_redis module now implements a RedisOptions directive, for tuning
      some of the module behavior (Issue#477).  The
      doc/modules/mod_redis.html#RedisOptions documentation has more details.
    RedisSentinel
      The mod_redis module now supports use of Redis Sentinels (Issue#396);
      see doc/modules/mod_redis.html#RedisSentinel.
  + Changed Configuration Directives
    AllowForeignAddress class-name
      The AllowForeignAddress directive supports a Class name, for finer-grained
      control over which clients are allowed to use foreign/mismatching IP
      addresses for transfers.  See
      doc/modules/mod_core.html#AllowForeignAddress for more information.
    ExecEnviron %b
      The ExecEnviron directive has been fixed to properly resolve the %b
      LogFormat variable (Issue#515).
    RedisServer db-index (Issue#550)
      The mod_redis module can now be configured to select a database index
      via the RedisServer directive (Issue#550).  See the
      doc/modules/mod_redis.html#RedisServer documentation for details.
    RewriteMap idnatrans
      The mod_rewrite module can now support rewriting `idn` to `idna`
      formats (Issue#231).  See the doc/modules/mod_rewrite#RewriteMap for
      details on how to do so.
    RootRevoke on
      The RootRevoke directive is now enabled by default (Bug#4241).  This
      makes for more secure configurations/sessions out-of-the-box.  See
      doc/modules/mod_auth.html#RootRevoke for more information.
    SFTPCiphers, SFTPDigests
      Some weak algorithms are now disabled by default in mod_sftp (Bug#4279).
      These algorithms, if need be, can be explicitly enabled by configuration;
      they are just not enabled automatically.  For list of the algorithms
      affected, see doc/contrib/mod_sftp.html#SFTPCiphers,
      doc/contrib/mod_sftp.html#SFTPDigests.
    SFTPOptions IncludeSFTPTimes
      The SFTOptions directive of mod_sftp now supports an option for explicitly
      including the timestamps of files when SFTP protocol 4 and higher are
      used, even if the SFTP client did not request these timestamps.  This
      works around a bug in the popular Rebex SFTP library; see
      doc/contrib/mod_sftp.html#SFTPOptions for details.
    TLSProtocol TLSv1.3
      The mod_tls module, and its TLSProtocol directive, now support TLSv1.3
      (Issue#536).  See doc/contrib/mod_tls.html#TLSProtocol for more
      information.
    TLSServerCipherPreference
      The TLSServerCipherPreference directive is now enabled by default.
      See doc/contrib/mod_tls.html#TLSServerCipherPrefrence.
    TLSStaplingOptions NoFakeTryLater
      Some TLS clients have trouble with the "fake" OCSP response that mod_tls
      might stable, when the client requested stapled OCSP responses and
      mod_tls is unable to contact the OCSP responder.  Use this option to
      disable such fake responses (Issue#518):
        TLSStaplingOptions NoFakeTryLater
      See doc/contrib/mod_tls.html#TLSStaplingOptions for details.
  + Removed Configuration Directives
    The following directives have been removed:
      GroupPassword
      LoginPasswordPrompt
      TransferPriority

(tm)

doc: Updated security/fail2ban to 0.11.2

(tm)

Update fail2ban to 0.11.2

ver. 0.11.2 (2020/11/23) - heal-the-world-with-security-tools

Fixes:
* [stability] prevent race condition - no ban if filter (backend) is continuously busy if
  too many messages will be found in log, e. g. initial scan of large log-file or journal (gh-2660)
* pyinotify-backend sporadically avoided initial scanning of log-file by start
* python 3.9 compatibility (and Travis CI support)
* restoring a large number (500+ depending on files ulimit) of current bans when using PyPy fixed
* manual ban is written to database, so can be restored by restart (gh-2647)
* `jail.conf`: don't specify `action` directly in jails (use `action_` or `banaction` instead)
* no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified
  per jail or in default section in jail.local), closes gh-2357
* ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686)
* don't use `%(banaction)s` interpolation because it can be complex value (containing `[...]` and/or quotes),
  so would bother the action interpolation
* fixed type conversion in config readers (take place after all interpolations get ready), that allows to
  specify typed parameters variable (as substitutions) as well as to supply it in other sections or as init parameters.
* `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy
  between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh-2703)
* `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing
  with `jq`, gh-2140, gh-2656)
* `action.d/nftables.conf` (type=multiport only): fixed port range selector, replacing `:` with `-` (gh-2763)
* `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-` (gh-2821)
* `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num` (gh-2836)
* `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line`
  should be interpolated in definition section (inside the filter-config, gh-2650)
* `filter.d/dovecot.conf`:
  - add managesieve and submission support (gh-2795);
  - accept messages with more verbose logging (gh-2573);
* `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh-2697)
* `filter.d/traefik-auth.conf`: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle
  the match of username differently (gh-2693):
  - `normal`: matches 401 with supplied username only
  - `ddos`: matches 401 without supplied username only
  - `aggressive`: matches 401 and any variant (with and without username)
* `filter.d/sshd.conf`: normalizing of user pattern in all RE's, allowing empty user (gh-2749)

New Features and Enhancements:
* fail2ban-regex:
  - speedup formatted output (bypass unneeded stats creation)
  - extended with prefregex statistic
  - more informative output for `datepattern` (e. g. set from filter) - pattern : description
* parsing of action in jail-configs considers space between action-names as separator also
  (previously only new-line was allowed), for example `action = a b` would specify 2 actions `a` and `b`
* new filter and jail for GitLab recognizing failed application logins (gh-2689)
* new filter and jail for Grafana recognizing failed application logins (gh-2855)
* new filter and jail for SoftEtherVPN recognizing failed application logins (gh-2723)
* `filter.d/guacamole.conf` extended with `logging` parameter to follow webapp-logging if it's configured (gh-2631)
* `filter.d/bitwarden.conf` enhanced to support syslog (gh-2778)
* introduced new prefix `{UNB}` for `datepattern` to disable word boundaries in regex;
* datetemplate: improved anchor detection for capturing groups `(^...)`;
* datepattern: improved handling with wrong recognized timestamps (timezones, no datepattern, etc)
  as well as some warnings signaling user about invalid pattern or zone (gh-2814):
  - filter gets mode in-operation, which gets activated if filter starts processing of new messages;
    in this mode a timestamp read from log-line that appeared recently (not an old line), deviating too much
    from now (up too 24h), will be considered as now (assuming a timezone issue), so could avoid unexpected
    bypass of failure (previously exceeding `findtime`);
  - better interaction with non-matching optional datepattern or invalid timestamps;
  - implements special datepattern `{NONE}` - allow to find failures totally without date-time in log messages,
    whereas filter will use now as timestamp (gh-2802)
* performance optimization of `datepattern` (better search algorithm in datedetector, especially for single template);
* fail2ban-client: extended to unban IP range(s) by subnet (CIDR/mask) or hostname (DNS), gh-2791;
* extended capturing of alternate tags in filter, allowing combine of multiple groups to single tuple token with new tag
  prefix `<F-TUPLE_`, that would combine value of `<F-V>` with all value of `<F-TUPLE_V?_n?>` tags (gh-2755)

(tm)

Fix build on OpenBSD with native LibreSSL with patches taken from
OpenBSD ports. NFCI on other platforms.

(schmonz)

doc: Updated audio/ncspot to 0.9.0

(pin)

audio/ncspot: update to 0.9.0

Maintenance:
-Sort library after saving an album (#428)
-Add scoop instruction for installation (#602)
-Update librespot to 0.3.0, see also release notes

Features:
-Add command to show recommendations (#593)
-Enable binding multiple commands to a key (#598)
-Add "Share album" contextmenu entry (#606)
-Add redraw command and bind to CTRL+L (#609)
-Add initial_screen config variable (#616)
-Add userRating entity to MPRIS metadata, with 0 and 1 corresponding to
unliked/liked in Spotify (#624)

Note on the pkgsrc package:
As of version 0.8.0, pancurses in no longer a feature but, a full dependency,
regardless of the choosen UI backend.
Reflect this by moving the dependency ncursesw into the package Makefile and
drop it from options.mk.

(pin)

pfstools: OpenEXR support is broken. Fix PLIST for now.

(nia)

opencv: one more guard for V4L2_PIX_FMT_Y16

(adam)

doc: Updated sysutils/findutils to 4.8.0

(ryoon)

findutils: Update to 4.8.0

Changelog:
* Noteworthy changes in release 4.8.0 (2020-01-09) [stable]

** Changes in xargs

'xargs -t' no longer outputs a trailing blank to stderr after the last argument
of each constructed command line to be executed.  [#57291]

xargs now warns when more than one of the conflicting options --max-lines (-L,
-l), --replace (-i/-I) and --max-args (-n) are specified on the command line.
[#52137]

** Bug Fixes

find no longer crashes when an XFS filesystem is heavily changed during the run.
Discussed at: <https://lists.gnu.org/r/bug-gnulib/2020-04/msg00068.html>

find -used works again.  This predicate was not working properly since adding
the support for sub-second timestamp resolution for various predicates in
FINDUTILS_4_3_3-1 back in 2007.
Discussed at: <https://lists.gnu.org/r/bug-findutils/2019-11/msg00010.html>

** Improvements

'find -D exec' now diagnoses all -exec, -execdir, -ok and -okdir runs including
the call arguments and the exit code of the launched process. [#59083]

** Documentation Changes

The documentation of 'find -printf %Ak' has been improved: it now refers to the
strftime(3) documentation for a complete list of supported conversion
specifiers, and documents the 'F' conversion specifier ('yyyy-mm-dd').

The man pages (find.1, locate.1, locatedb.5, updatedb.1, and xargs.1) now
consistently end with the sections "REPORTING BUGS", "COPYRIGHT" and "SEE ALSO",
with the latter referring to the online page on the GNU web server.

The "EXAMPLES" section in the find.1 man page now shows the examples in a better
structure and uses consistent formatting.

Various man page fixes - syntax issues and typos.
[#59745, #59330, #59012, #58193, #57807, #57775]

Other documentation changes:

#58654: doc: clarify that 'find -perm +MODE' is unrelated to umask

#58458: doc: improve section 'Hard links', especially fix the description
        regarding 'find -L -samefile FILE'.

#58205: find.1: clarify double dash '--' option

#58149: 'xargs --help' now mentions that --replace (-I, -i) splits the input
        at newline characters.

#57025: doc: enhance description of tests accepting numeric arguments in find.1
        [see also #49640].

#54730: Add additional valuable example of find -quit

#48135: Fix testsuite error on Hurd and BSD related to ln

#35253: Clarify descriptions of -printf %f, %h.

** Changes to the build process

The configure option --without-fts has been removed.  The attempt to use
it stopped configure with an error message since 4.5.18 (2015) anyway.

* Major changes in release 4.7.0, 2019-08-29

** Changes to locate / updatedb

Support for generating old-format databases (with updatedb
--old-format or updatedb --dbformat=old) has been removed.  The old
database format was deprecated in 2007 (and updatedb has warned about
this since that time).  The locate program will will read old-format
databases, though this support also will be removed.

The updatedb script now operates in the C locale only.  This means
that character encoding issues are now not likely to cause sort to
fail.  It also honours the TMPDIR environment variable if that was
set, and no longer sorts file names case-insensitively.

The (unspecified) order in which filenames are stored in the locate
database is now different to previous versions.  However, you should
not rely on locate's output appearing in any particular order in any
case.

** Improvements

All utilities now only show the full usage text when requested via
the --help option.  Previously, when the user passed invalid options
or arguments, the user's attention to the corresponding error
diagnostic was distracted by that lengthy text.

find now accepts multiple file type arguments to the -type and -xtype
options separated by comma ','.  For example, to search for symbolic
links and directories simply provide the shorter '-type l,d' instead
of the - yet more portable - '( -type l -o -type d )'.

find now diagnoses failures returned by readdir().  This bug was inherent
in the use of FTS.

find now exits in more cases immediately after the error diagnostic, i.e.,
without the following usage text, to make the former more eye-catching.

find now outputs a better hint in case the user passed an unquoted shell-
glob pattern to options like -name, i.e., when the offending argument is
an existing file.

find now supports the debug option '-D all' to include all of the other
debug options at once.

xargs now supports the -o, --open-tty option to reopen stdin as /dev/tty
in the child process before executing the command; useful to run an
interactive application.  Added for compatibility with BSD.

xargs now supports the GNU_FINDUTILS_FD_LEAK_CHECK environment
variable to enable/disable fd leak check.

'xargs -t' (--verbose) now properly quotes each part of the command to the
executed if needed when printing it to stderr; likewise -p (--interactive).

** Documentation Changes

Prefer https:// over http:// links where possible, e.g. for '*.gnu.org' servers.

Both find.1 and the find texinfo manual now consistently document all of the
'N', 'L' and '?' possibilities in '-printf %Y' output when the determination of
the type of a symlink target fails.

find.1 now correctly states the -prune has no effect when the -depth option is
given.  Before, it wrongly stated that -prune would return false in that case.

Some minor documentation improvements are listed in "Bug Fixes" below.

** Bug Fixes

#56820: find: improve diagnostic when a global option like -maxdepth is
        specified after another argument like a test, thus hopefully avoiding
        translation issues (at least French, German).

#56142: doc: fix bug #56142 by specifying which actions inhibit the
        default -print.

#55272: find: improve diagnostic when -name or -iname is used with a pattern
        containing a directory separator ('/'), suggesting to use -wholename
        or -iwholename respectively.

#54859: doc: fix typo in 'xargs -l' examples in texinfo manual.
        Change from 'xargs -1' (minus one) to 'xargs -l' (minus El) in 3 places.

#54838: doc: fix the examples of the -perm option in the texinfo documentation.
        The example '-perm -g+w,o+w' was misplaced.
        Bug present since FINDUTILS_4_2_27-1.

#54262: 'find -printf "%Y"' now correctly outputs 'N' for broken symlinks
        (ENOENT or ENOTDIR).  Previously, it output 'l' in such a case.
        Bug introduced while attempting to fix #29460 in version v4.5.8.

#54171: 'find -depth' now outputs the name of unreadable directories.
        Previously, FTS-based find missed to output those entries.
        Bug present since the FTS implementation in FINDUTILS_4_3_0-1.

#52981: find: the '-delete' action no longer complains about disappeared files
        when the '-ignore_readdir_race' option is given, too.  That action will
        also returns true in such a case now.

#52220: 'find -D' without any further argument no longer crashes.
        Bug present since the implementation of -D in FINDUTILS_4_3_1-1.

#51304: doc: use correct IEC unit prefixes in the documentation of 'find -size'.
        find(1) uses binary-based units for the suffixes 'k', 'M', and 'G' of
        the argument of the '-size' option: 1024, 1024*1024 and 1024^3.
        Therefore, the documentation should use the correct IEC prefixes
        kibibyte, mebibyte and gibibyte respectively (or their abbreviations
        'KiB', 'MiB' and 'GiB').

#50758: doc: fix the description of the -perm examples matching the permission
        mode "022" in find's texinfo manual: the match is for the file's group
        and 'other' mode bits instead of for user and group.
        Bug introduced when adding the -perm examples in FINDUTILS-4.2.11.

#50326: find no longer leaks memory for a recently added member in gnulib's
        mount list structure.

#50259: find -printf '%h' now outputs the correct path for arguments with one or
        more trailing slashes.  Previously, it would e.g. output "foo" instead
        of "." when "foo/" was passed; likewise, it would output "/user/xxx/"
        instead of "/user" when "/user/xxx//" was passed.
        Bug introduced in FINDUTILS-4.2.19.

#48180: find -noop (an internal option not intended to be exposed to the user)
        no longer crashes.  Bug introduced in FINDUTILS-4.3.1.

#48030: find -exec + does not pass all arguments for certain specific filename
        lengths.  After the internal (usually 128k) buffer is full and find(1)
        executed the given command with these arguments, it would miss to run
        the command yet another time if only one other file argument has to be
        processed.  Bug introduced in FINDUTILS-4.2.12.

#46784: frcode drops last char if no final newline

** Changes to the build process

The configure option --enable-id-cache has been removed.  It has been
a no-op since findnutils-4.5.15.

The configure option --enable-debug has been removed.  Debugging in
find is now controlled by its -D option only.

The configure option --enable-silent-rules is the default now.
Use --disable-silent-rules or "make V=1" to get verbose build output.

"make dist" no longer builds .tar.gz files.
xz is portable enough and in wide-enough use that distributing
only .tar.xz files is enough.

Maintainer builds from the Git repository now derive the version string from
the version control system instead of using a fixed string (changed after each
release manually).  As a result, the inter-release builds can now be
distinguished: e.g. "4.6.0.152-fe9c" is the 152th commit after the tag "v4.6.0"
and has the Git short hash "fe9c".  Builds from an unclean tree are marked with
the suffix "-dirty".

The translation files in the PO directory are no longer version controlled;
instead bootstrap auto-updates them from "translationproject.org" during a
maintainer build.

A shell-style test framework borrowed from GNU coreutils has been added.
This allows better tests with more control over stdin, stdout, stderr,
signals, preparatory steps, cleanup, return code verification, root-only
tests, etc.

(ryoon)

boost-libs: disable pch everywhere

Operating under the assumption that more and more platforms will be
RELRO enabled and this will keep breaking because the conditional is
not kept up-to-date. (it broke on aarch64 after RELRO enablement)

(tnn)

gimp: needs gegl-0.4.32 or later

(bsiegert)

Updated www/py-mechanize, textproc/py-html5-parser

(adam)

py-html5-parser: updated to 0.4.10

0.4.10:
Unknown changes

(adam)

glib2: Put back SunOS xattr fix.

For some reason this was removed in the last update.

(jperkin)

py-mechanize: updated to 0.4.7

0.4.7 release
* Fix the ~ character being percent escaped when sending URLs to servers. See RFC 3986.

0.4.6 release
* Python 3.10 compatibility
* Fix a bug in the regex used to parse www-authenticate headers that could lead to Denial-of-Service

(adam)

mozilla-rootcerts-openssl: ... and update PLIST for 2.7

(wiz)

doc: Updated www/firefox-l10n to 93.0

(ryoon)

firefox-l10n: Update to 93.0

* Sync with www/firefox-93.0.

(ryoon)

doc: Updated www/firefox to 93.0

(ryoon)

firefox: Update to 93.0

Changelog:
New

  * Firefox now supports the new AVIF image format, which is based on the
    modern and royalty free AV1 video codec. It offers significant bandwidth
    savings for sites compared to existing image formats. It also supports
    transparency and other advanced features.

  * Firefox PDF viewer now supports filling more forms (XFA-based forms, used
    by multiple governments and banks). Learn more.

  * When available system memory is critically low, Firefox on Windows will
    automatically unload tabs based on their last access time, memory usage,
    and other attributes. This should help reduce Firefox out-of-memory
    crashes. Switching to an unloaded tab automatically reloads it.

  * To prevent session loss for macOS users who are running Firefox from a
    mounted .dmg file, they??ll now be prompted to finish installation. This
    permission prompt only appears the first time these users run Firefox on
    their computer.

  * Firefox now blocks downloads that rely on insecure connections, protecting
    against potentially malicious or unsafe downloads. Learn more and see where
    to find downloads in Firefox.

  * Improved web compatibility for privacy protections with SmartBlock 3.0.
    Learn more

  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing. Learn more

  * Introducing Firefox Suggest, a faster way to navigate the web. Learn more
    about the experience and locale-specific features.

Fixed

  * The VoiceOver screen reader now correctly reports checkable items in
    accessible tree controls as checked or unchecked.

  * The Orca screen reader now works correctly with Firefox, no longer
    requiring users to switch to another application after starting Firefox.

  * Various security fixes

Changed

  * TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can
    only be enabled when deprecated versions of TLS are also enabled. Learn
    more.

  * The download panel now follows the Firefox visual styles.

Enterprise

  * Various bug fixes and new policies have been implemented in the latest
    version of Firefox. See more details in the Firefox for Enterprise 93
    Release Notes.

Developer

  * Developer Information

Web Platform

  * The UI for <input type="datetime-local"> has been implemented.

Security fixes:
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
Firefox ESR 91.2
#CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
#CVE-2021-38499: Memory safety bugs fixed in Firefox 93

(ryoon)

doc: Updated sysutils/zoxide to 0.7.7

(pin)

sysutils/zoxide: update to 0.7.7

-Fix PowerShell: Hook not initializing correctly.

(pin)

doc: Updated mail/meli to 0.7.2

(pin)

mail/meli: update to 0.7.2

Added:
-Add forward mail option
-Add url_launcher config setting
-Add add_addresses_to_contacts command
-Add show_date_in_my_timezone pager config flag
-docs: add pager filter documentation
-mail/view: respect per-folder/account pager filter override
-pager: add filter command, esc to clear filter
-Show compile time features in with command argument

Fixed:
-melib/email/address: quote display_name if it contains ","
-melib/smtp: fix Cc and Bcc ignored when sending mail
-melib/email/address: quote display_name if it contains "."

(pin)

doc: Updated editors/featherpad to 1.0.1

(pin)

editors/featherpad: update to 1.0.1

-Fixed the detection of UTF-16 in special cases.
-Fixed tab detaching when the window is closed with its last tab.
-Don't try to restore window position under Wayland.
-Better inertial scrolling with touchpad and sensitive devices.

(pin)

doc: Updated archivers/arqiver to 0.9.0

(pin)

archivers/arqiver: update to 0.9.0

V0.9.0
--------
-Show childless directories whose names contain the filtering string.
-Fixed viewing or removing of files that have wildcard characters in their names
with bsdtar (by escaping some wildcard characters that come after "--include").
-Better smooth scrolling from inside the view (especially with touchpad).
-Added read-only support for AppImage bundle through 7z.
-When viewing a file in a password protected archive, ask the password again if
a nonempty, wrong password is entered.
-When viewing files, warn the user of links without targets instead of trying to
open them.

(pin)

Updated devel/py-slugify, devel/py-plumbum

(adam)

py-plumbum: updated to 1.7.0

1.7.0

Commands: support .with_cwd()
Commands: make iter_lines deal with decoding errors during iteration
Commands: fix handling of env-vars passed to plumbum BoundEnvCommands
Commands: fix support for win32 in iter_lines
Paths: fix incorrect __getitem__ method in Path
Paths: Remote path stat had odd OSError
Paths: Fix RemotePath.copy()
Paths: missing __fspath__ added
SSH: better error reporting on SshSession error
Internal: redesigned CI, major cleanup to setuptools distribution, Black formatting, style checking throughout.

(adam)

py-cookiecutter: not for Python 2.7 anymore

(adam)

py-slugify: updated to 5.0.2

5.0.2
- Enable twine publish

5.0.1
- Drop support for python 2.7, 3.5 & tox, clean up

5.0.0
- Add support for Py 3.9 - added tox (@jon-betts - Thx)
- Drop support for python 2.7, 3.5 & friends

(adam)

doc: Updated mail/neomutt to 20211015

(wiz)

neomutt: update to 20211015.

* Security
  - Fix CVE-2021-32055
* Features
  - threads: implement the `$use_threads` feature
    https://neomutt.org/feature/use-threads
  - hooks: allow a -noregex param to folder and mbox hooks
  - mailing lists: implement list-(un)subscribe using RFC2369 headers
  - mailcap: implement x-neomutt-nowrap flag
  - pager: add `$local_date_header` option
  - imap, smtp: add support for authenticating using XOAUTH2
  - Allow `<sync-mailbox`> to fail quietly
  - imap: speed up server-side searches
  - pager: improve skip-quoted and skip-headers
  - notmuch: open database with user's configuration
  - notmuch: implement `<vfolder-window-reset>`
  - config: allow += modification of my_ variables
  - notmuch: tolerate file renames behind neomutt's back
  - pager: implement `$pager_read_delay`
  - notmuch: validate `nm_query_window_timebase`
  - notmuch: make $nm_record work in non-notmuch mailboxes
  - compose: add `$greeting` - a welcome message on top of emails
  - notmuch: show additional mail in query windows
* Changed Config
- Renamed lots of config, e.g.  `askbcc` to `ask_bcc`.
* Bug Fixes
  - imap: fix crash on external IMAP events
  - notmuch: handle missing libnotmuch version bumps
  - imap: add sanity check for qresync
  - notmuch: allow windows with 0 duration
  - index: fix index selection on `<collapse-all>`
  - imap: fix crash when sync'ing labels
  - search: fix searching by Message-Id in `<mark-message>`
  - threads: fix double sorting of threads
  - stats: don't check mailbox stats unless told
  - alias: fix crash on empty query
  - pager: honor mid-message config changes
  - mailbox: don't propagate read-only state across reopens
  - hcache: fix caching new labels in the header cache
  - crypto: set invalidity flags for gpgme/smime keys
  - notmuch: fix parsing of multiple `type=`
  - notmuch: validate $nm_default_url
  - messages: avoid unnecessary opening of messages
  - imap: fix seqset iterator when it ends in a comma
  - build: refuse to build without pcre2 when pcre2 is linked in ncurses
* Translation updates

(wiz)

Updated graphics/py-leather, databases/py-pypika

(adam)

py-pypika: updated to 0.48.8

0.48.8:
Unknown changes

(adam)

py-leather: updated to 0.3.4

0.3.4:
* Add Python 3.10 support.

(adam)

doc: Updated audio/libopenmpt to 0.5.12

(fcambus)

libopenmpt: update to 0.5.12.

### libopenmpt 0.5.12 (2021-10-04)

*  [**Sec**] Possible crash when loading malformed MDL files. (r15603)

*  [**Bug**] Fixed various undefined behaviour found with ubsan.

*  Seeking with sample sync sometimes didn't compute the correct sample
    position with pingpong-looped samples.
*  IT: Tremor command I11 erroneously behaved like I00 (use previous
    parameter) unless IT Old Effects were enabled.
*  PTM: Panning was translated wrong in some edge cases.
*  IMF / PTM: Note Slide commands were sometimes slightly off.
*  OKT: Better support for fine note slides.
*  DBM: Echo enable effect parameter range checks were incorrect.
*  XM: Sample texts in XMs made with MadTracker are now also decoded using
    Windows-1252 encoding.

*  in_openmpt: Song metadata is no longer reverted when viewing file info.

(fcambus)

emulators/simh: update PLIST too.

(rhialto)

doc: Updated audio/termusic to 0.5.0

(pin)

audio/termusic: update to 0.5.0

By default, termusic can display album cover in kitty or iterm2 (mac, not
tested). If you need album cover displayed on other terminals, please install
ueberzug.
-New: album photo for all kinds of terminals. Alacritty,kitty and st tested.
Require install ueberzug.

Note, this feature is not enabled by default.

(pin)

doc: Updated emulators/simh to 4.0.0.20211012

(rhialto)

emulators/simh: update to snapshot dated 2021-10-12.

Since there are no simh releases there are also no release notes to summarize.
The previous snapshot was over 3 years ago: 2018-09-19.

A somewhat controversial change with some people is that simh now
appends a "footer" block to disk image files, containing metadata
(struct simh_disk_footer).  ATTACH -r <disk_unit> <filename> will avoid
this but makes the device read-only.

New information from the README.md file:

    DO <stdin>                  Invokes a nested DO command with input from the
                                running console.
    RUNLIMIT Bound simulator execution time
    TAR                        Manipulate file archives
    CURL                        Access URLs from the web

Changes in the built emulator models:
- several new VAX models (vax8200, vaxstation{3100,4000}*, infoserver*)
- several new PDP-10 models (pdp10-{ka,ki,kl})
- new: pdp6
- Intel-Systems: Merge MDS, SDK, OEM simulators into Intel-MDS simulator

The files ka655x.bin and vmb.exe are no longer installed since they are
not required for operation (they are built into the VAX models that use
them), and it is strange to single out these ROM images out of over 30 to
install.  LOAD -r can load alternative versions.

(rhialto)

shells/nushell: fix PLIST

(pin)

doc: Updated geography/echomap to 0.6.1

(pin)

geography/echomap: update to 0.6.1

-Updated dependencies
-Cleaned up newer clippy lints

(pin)

mozilla-rootcerts-openssl: adapt for mozilla-rootcerts change

(wiz)

mozilla-rootcerts: mention mozilla-rootcerts-openssl more prominently

(wiz)

doc: Updated security/mozilla-rootcerts-openssl to 2.7

(wiz)

mozilla-rootcerts-openssl: bump for 20211014.

(wiz)

doc: Updated audio/librespot to 0.3.0

(pin)

audio/librespot: update to 0.3.0

Added:
- [discovery] The crate `librespot-discovery` for discovery in LAN was created.
Its functionality was previously part of `librespot-connect`.
- [playback] Add support for dithering with `--dither` for lower requantization
error (breaking)
- [playback] Add `--volume-range` option to set dB range and control `log` and
`cubic` volume control curves
- [playback] `alsamixer`: support for querying dB range from Alsa softvol
- [playback] Add `--format F64` (supported by Alsa and GStreamer only)
- [playback] Add `--normalisation-gain-type auto` that switches between album
and track automatically

Changed:
- [audio, playback] Moved `VorbisDecoder`, `VorbisError`, `AudioPacket`,
`PassthroughDecoder`, `PassthroughError`, `DecoderError`, `AudioDecoder` and the
`convert` module from `librespot-audio` to `librespot-playback`. The underlying
crates `vorbis`, `librespot-tremor`, `lewton` and `ogg` should be used directly.
(breaking)
- [audio, playback] Use `Duration` for time constants and functions (breaking)
- [connect, playback] Moved volume controls from `librespot-connect` to
`librespot-playback` crate
- [connect] Synchronize player volume with mixer volume on playback
- [playback] Store and pass samples in 64-bit floating point
- [playback] Make cubic volume control available to all mixers with
`--volume-ctrl cubic`
- [playback] Normalize volumes to `[0.0..1.0]` instead of `[0..65535]` for
greater precision and performance (breaking)
- [playback] `alsamixer`: complete rewrite (breaking)
- [playback] `alsamixer`: query card dB range for the volume control unless
specified otherwise
- [playback] `alsamixer`: use `--device` name for `--mixer-card` unless
specified otherwise
- [playback] `player`: consider errors in `sink.start`, `sink.stop` and
`sink.write` fatal and `exit(1)` (breaking)
- [playback] `player`: make `convert` and `decoder` public so you can implement
your own `Sink`
- [playback] `player`: update default normalisation threshold to -2 dBFS
- [playback] `player`: default normalisation type is now `auto`

Deprecated:
- [connect] The `discovery` module was deprecated in favor of the
`librespot-discovery` crate
- [playback] `alsamixer`: renamed `mixer-card` to `alsa-mixer-device`
- [playback] `alsamixer`: renamed `mixer-name` to `alsa-mixer-control`
- [playback] `alsamixer`: renamed `mixer-index` to `alsa-mixer-index`

Removed:
- [connect] Removed no-op mixer started/stopped logic (breaking)
- [playback] Removed `with-vorbis` and `with-tremor` features
- [playback] `alsamixer`: removed `--mixer-linear-volume` option, now that
`--volume-ctrl {linear|log}` work as expected on Alsa

Fixed:
- [connect] Fix step size on volume up/down events
- [connect] Fix looping back to the first track after the last track of an album
or playlist
- [playback] Incorrect `PlayerConfig::default().normalisation_threshold` caused
distortion when using dynamic volume normalisation downstream
- [playback] Fix `log` and `cubic` volume controls to be mute at zero volume
- [playback] Fix `S24_3` format on big-endian systems
- [playback] `alsamixer`: make `cubic` consistent between cards that report
minimum volume as mute, and cards that report some dB value
- [playback] `alsamixer`: make `--volume-ctrl {linear|log}` work as expected
- [playback] `alsa`, `gstreamer`, `pulseaudio`: always output in native
endianness
- [playback] `alsa`: revert buffer size to ~500 ms
- [playback] `alsa`, `pipe`, `pulseaudio`: better error handling
- [metadata] Skip tracks whose Spotify ID's can't be found (e.g. local files,
which aren't supported)

(pin)

Second attempt to correct the version number of the previous package update

(tron)

mozilla-rootcerts: Use date of the last change as the version number

(tron)

Note update of the "mozilla-rootcerts" package to version 1.0.20211014

(tron)

mozilla-rootcerts: update to 20211014 data

(tron)

doc: Updated databases/p5-DBI to 1.643nb3

(wiz)

doc: Updated multimedia/libmediainfo to 20.03nb1

(wiz)

p5-DBI: fix CVE-2014-10402

Bump PKGREVISION

(wiz)

medainfo: fix two CVEs using upstream patches

Bump PKGREVISION

(wiz)

py-pythran: add buildlink3.mk

(adam)

Set MKPIE_SUPPORTED to no, make them build again now that the default
changed to yes.

(bouyer)

doc: Updated sysutils/zoxide to 0.7.6

(pin)

sysutils/zoxide: update to 0.7.6

Changed:
-Nushell: upgrade minimum supported version to v0.37.0.

Fixed:
-Xonsh: error messages in zi.
-Xonsh: configuration environment variables not being handled correctly.

(pin)

gcc10: fix linking on macOS 12

(adam)

doc: Updated devel/py-mercurial to 5.9.2

(wiz)

py-mercurial: update to 5.9.2.

Changes not found.

Fix four test failures while here.

(wiz)

doc: Updated textproc/lowdown to 0.9.2

(fcambus)

lowdown: update to 0.9.2.

Version 0.9.2, 2021-10-08

Significantly improve -Tterm output, both in terms of styles and layout.
Terminal output styles are easy to set as compile-time constants by editing
term.h. If you're going to edit this for a downstream installation of
lowdown, please let me know and I can stash it in a styles directory!

Add --term-no-ansi to disable all ANSI escapes in output. This produces a
clean, undecorated terminal-formatted document.

(fcambus)

doc: Updated security/minisign to 0.10

(fcambus)

minisign: update to 0.10.

- Minisign can be compiled with Zig instead of cmake+make+a C toolchain
- Minimal VERIFY_ONLY versions can be built again
- Prehashing is now enabled by default, regardless of the input size. Support
  for non-prehashed signatures will eventually be removed
- Legacy signatures can be rejected with the addition of the -H flag

(fcambus)

doc: Updated x11/xterm to 369

(pin)

x11/xterm: update to 369

-modify run-tic.sh to work around bug in development version of ncurses which
was packaged in FreeBSD ports.
-remove ifdef's for OPT_COLOR_RES and OPT_COLOR_RES2.
-improve performance over slow connections (report by Harald Dunkel).
-update cursor if restoring mode for DECTCEM.
-modify CharWidth macro to ensure that the shortcut for Latin-1 is only applied
when UTF-8 is not enabled, to fix a bug in handling soft-hyphen from patch #334
changes (patch by Martijn van Duren).
-improve terminfo:
-fill-in function-keys in terminfo which are not Sun/HP keyboards using
xterm+nopcfkeys building-block.
-add kbeg to xterm+keypad to accommodate termcap applications
-add smglp and smgrp to vt420+lrmm, to provide useful data for the "tabs"
+m option
-support shift-tab in Sun, HP and SCO keyboards.
-document some legacy features in ctlseqs.ms (prompted by discussion with Jimmy
Aguilar Mena "Ergus").
-add “trim” option to cdXtraScroll and tiXtraScroll.
-remove support for non-fifo save-lines configuration.
-extend cdXtraScroll to check if the cursor is at the upper-left of the
scrolling region when the erasure is for the remainder of the screen versus the
whole screen (prompted by discussion with Jörg Breitbart).
-add workaround for broken pcre2 package in Debian 10.
-change screen-refresh call used for DECCARA and DECRARA to ensure that trailing
blanks which are part of the rectangle are repainted (report/analysis by Dennis
Filder).
-when resetting the terminal, ensure that the cursor shape also is reset, e.g.,
if DECSCUSR has been used to modify the cursor shape for an xterm which was
started with the underlined cursor option (report/analysis by Luis Javier
Merino).
-prevent DECSCUSR from blinking the cursor if the cursorBlink resource is
“never” (report by Vladimir D Seleznev).
-invert the sense of DECSDM, to correspond with VT382 manuals (lsix #41).
-update tables in wcwidth.c based on Unicode 14.0.0

(pin)

Updated devel/git, devel/py-wrapt

(adam)

py-wrapt: updated to 1.13.2

Version 1.13.2

Features Changed

On the Windows platform when using Python 2.7, by default the C extension will not be installed and the pure Python implementation will be used. This is because too often on Windows when using Python 2.7, there is no working compiler available. Prior to version 1.13.0, when installing the package it would fallback to using the pure Python implementation automatically but that relied on a workaround to do it when there was no working compiler. With the changes in 1.13.0 to use the builtin mechanism of Python to not fail when a C extension cannot be compiled, this fallback doesn't work when the compiler doesn't exist, as the builtin mechanism in Python regards lack of a compiler as fatal and not a condition for which it is okay to ignore the fact that the extension could not be compiled.

If you are using Python 2.7 on Windows, have a working compiler, and still want to attempt to install the C extension, you can do so by setting the WRAPT_INSTALL_EXTENSIONS environment variable to true when installing the wrapt package.

Note that the next signficant release of wrapt will drop support for Python 2.7 and Python 3.5. The change described here is to ensure that wrapt can be used with Python 2.7 on Windows for just a little bit longer. If using Python 2.7 on non Windows platforms, it will still attempt to install the C extension.

(adam)

git: updated to 2.33.1

Git 2.33.1 Release Notes
========================

This primarily is to backport various fixes accumulated during the
development towards Git 2.34, the next feature release.

Fixes since v2.33
-----------------

* The unicode character width table (used for output alignment) has
  been updated.

* Input validation of "git pack-objects --stdin-packs" has been
  corrected.

* Bugfix for common ancestor negotiation recently introduced in "git
  push" codepath.

* "git pull" had various corner cases that were not well thought out
  around its --rebase backend, e.g. "git pull --ff-only" did not stop
  but went ahead and rebased when the history on other side is not a
  descendant of our history.  The series tries to fix them up.

* "git apply" miscounted the bytes and failed to read to the end of
  binary hunks.

* "git range-diff" code clean-up.

* "git commit --fixup" now works with "--edit" again, after it was
  broken in v2.32.

* Use upload-artifacts v1 (instead of v2) for 32-bit linux, as the
  new version has a blocker bug for that architecture.

* Checking out all the paths from HEAD during the last conflicted
  step in "git rebase" and continuing would cause the step to be
  skipped (which is expected), but leaves MERGE_MSG file behind in
  $GIT_DIR and confuses the next "git commit", which has been
  corrected.

* Various bugs in "git rebase -r" have been fixed.

* mmap() imitation used to call xmalloc() that dies upon malloc()
  failure, which has been corrected to just return an error to the
  caller to be handled.

* "git diff --relative" segfaulted and/or produced incorrect result
  when there are unmerged paths.

* The delayed checkout code path in "git checkout" etc. were chatty
  even when --quiet and/or --no-progress options were given.

* "git branch -D <branch>" used to refuse to remove a broken branch
  ref that points at a missing commit, which has been corrected.

* Build update for Apple clang.

* The parser for the "--nl" option of "git column" has been
  corrected.

* "git upload-pack" which runs on the other side of "git fetch"
  forgot to take the ref namespaces into account when handling
  want-ref requests.

* The sparse-index support can corrupt the index structure by storing
  a stale and/or uninitialized data, which has been corrected.

* Buggy tests could damage repositories outside the throw-away test
  area we created.  We now by default export GIT_CEILING_DIRECTORIES
  to limit the damage from such a stray test.

* Even when running "git send-email" without its own threaded
  discussion support, a threading related header in one message is
  carried over to the subsequent message to result in an unwanted
  threading, which has been corrected.

* The output from "git fast-export", when its anonymization feature
  is in use, showed an annotated tag incorrectly.

* Recent "diff -m" changes broke "gitk", which has been corrected.

* "git maintenance" scheduler fix for macOS.

* A pathname in an advice message has been made cut-and-paste ready.

* The "git apply -3" code path learned not to bother the lower level
  merge machinery when the three-way merge can be trivially resolved
  without the content level merge.

* The code that optionally creates the *.rev reverse index file has
  been optimized to avoid needless computation when it is not writing
  the file out.

* "git range-diff -I... <range> <range>" segfaulted, which has been
  corrected.

* The order in which various files that make up a single (conceptual)
  packfile has been reevaluated and straightened up.  This matters in
  correctness, as an incomplete set of files must not be shown to a
  running Git.

* The "mode" word is useless in a call to open(2) that does not
  create a new file.  Such a call in the files backend of the ref
  subsystem has been cleaned up.

* "git update-ref --stdin" failed to flush its output as needed,
  which potentially led the conversation to a deadlock.

* When "git am --abort" fails to abort correctly, it still exited
  with exit status of 0, which has been corrected.

* Correct nr and alloc members of strvec struct to be of type size_t.

* "git stash", where the tentative change involves changing a
  directory to a file (or vice versa), was confused, which has been
  corrected.

* "git clone" from a repository whose HEAD is unborn into a bare
  repository didn't follow the branch name the other side used, which
  is corrected.

* "git cvsserver" had a long-standing bug in its authentication code,
  which has finally been corrected (it is unclear and is a separate
  question if anybody is seriously using it, though).

* "git difftool --dir-diff" mishandled symbolic links.

* Sensitive data in the HTTP trace were supposed to be redacted, but
  we failed to do so in HTTP/2 requests.

* "make clean" has been updated to remove leftover .depend/
  directories, even when it is not told to use them to compute header
  dependencies.

* Protocol v0 clients can get stuck parsing a malformed feature line.

Also contains various documentation updates and code clean-ups.

(adam)

doc: Updated devel/geany to 1.38

(gutteridge)

geany: update to 1.38

Geany 1.38 (October 09, 2021)

    General
    * Increase speed when opening documents, especially on startup
      (Justin Blanchard, Issue#2883, Issue#2649, Issue#2791, PR#2884, PR#2747).
    * Synchronize Geany's Ctags implementation with Universal Ctags, this
      leads to updated symbol parsers (Ji�<99>í Techet, PR#2666).
    * Remove GTK+2 Support (PR#2602).
    * Geany needs a C++17 compiler to build (PR#2862).

    Bug fixes
    * Workaround crashes when pasting into VTE without having focus
      (Issue#2813, PR#2843).

    Interface
    * Add keybinding to reload all open documents (David Yang, PR#2859).

    Filetypes
    * Add Julia filetype (getzze, Issue#434, PR#2584).
    * Add Meson filetype (Andy Alt, PR#2850).

    Plugins
    * SaveActions: add configurable target directory for instantly saved files
      (Issue#640, PR#2769).

    Windows
    * Fix message window height after restart (Issue#2591, PR#2892).
    * Switch Windows builds to GTK3 and x86_64 (PR#2590).

    Internationalization
    * Updated translations: da, de, el, es, et, fr, it, ja, nl pt, pt BR,
      sk, tr, uk, zh_CN

(gutteridge)

Updated security/gnupg2, www/py-django-admin-sortable2

(adam)