doc: Update mingw-w64 packages to 9.0.0

(ryoon)

mingw-w64: Update to 9.0.0

* Update binutils to 2.37.
* Update gcc to 10.3.0.

Changelog:
Notable changes:
    UCRT updates by Biswapriyo Nath
    Wine updates by Jacek Caban
    Various new and updated API headers by Biswapriyo Nath and Liu Hao
    Various UCRT and MSVCRT fixes by Martin Storsjo
    at_quick_exit implementation by Martin Storsjo
    dism API by Biswapriyo Nath
    idl fixes by Steve Lhomme
    Winpthreads fixes by Liu Hao
    gettimeofday precision increase by Christian Franke

(ryoon)

doc: Updated www/grafana to 8.1.2

(triaxx)

grafana: Update to 8.1.2

upstream changes:
-----------------
8.1.2 (2021-08-19)
Features and enhancements
  o AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. #38075, @joshhunt
  o Datasource: Change HTTP status code for failed datasource health check to 400. #37895, @stephaniehingtgen
  o Explore: Add span duration to left panel in trace viewer. #37806, @connorlindsey
  o Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. #37688, @wbrowne
  o Profiling: Add support for binding pprof server to custom network interfaces. #36580, @cinaglia
  o Search: Make search icon keyboard navigable. #37865, @tskarhed
  o Template variables: Keyboard navigation improvements. #38001, @tskarhed
  o Tooltip: Display ms within minute time range. #37569, @nikki-kiga
Bug fixes
  o Alerting: Fix saving LINE contact point. #37744, @xy-man
  o Alerting: Fix saving LINE contact point. #37718, @xy-man
  o Annotations: Fix alerting annotation coloring. #37412, @kylebrandt
  o Annotations: Alert annotations are now visible in the correct Panel. #37959, @hugohaggmark
  o Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. #37293, @wbrowne
  o Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. #37868, @ashharrison90
  o Elasticsearch: Fix metric names for alert queries. #37871, @dsotirakis
  o Explore: Fix showing of full log context. #37442, @ivanahuckova
  o PanelEdit: Fix 'Actual' size by passing the correct panel size to Das…. #37885, @ashharrison90
  o Plugins: Fix TLS datasource settings. #37797, @wbrowne
  o Variables: Fix issue with empty drop downs on navigation. #37776, @hugohaggmark
  o Variables: Fix URL util converting false into true. #37402, @simPod
Plugin development fixes & changes
  o Toolkit: Fix matchMedia not found error. #37643, @zoltanbedi

8.1.1 (2021-08-09)
Bug fixes
  o CloudWatch Logs: Fix crash when no region is selected. #37639, @aocenas
  o Reporting: Fix timezone parsing for scheduler (enterprise)

8.1.0 (2021-08-05)
Features and enhancements
  o Alerting: Deduplicate receivers during migration. #36812, @codesome
  o ColorPicker: Display colors as RGBA. #37231, @nikki-kiga
  o Select: Make portalling the menu opt-in, but opt-in everywhere. #37501, @ashharrison90
  o TimeRangePicker: Improve accessibility. #36912, @tskarhed
Bug fixes
  o Annotations: Correct annotations that are displayed upon page refresh. #37496, @axelavargas
  o Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. #37454, @axelavargas
  o Annotations: Fix data source template variable that was not available for annotations. #37506, @axelavargas
  o AzureMonitor: Fix annotations query editor that does not load. #37476, @torkelo
  o Geomap: Fix scale calculations. #37375, @ryantxu
  o GraphNG: Fix y-axis autosizing. #37464, @leeoniya
  o Live: Display stream rate and fix duplicate channels in list response. #37365, @FZambia
  o Loki: Update labels in log browser when time range changes. #37520, @ivanahuckova
  o Loki: Update labels in log browser when time range changes in dashboard. #37541, @ivanahuckova
  o NGAlert: Send resolve signal to alertmanager on alerting -> Normal. #37363, @kylebrandt
  o PasswordField: Prevent a password from being displayed when you click the Enter button. #37444, @tskarhed
  o Renderer: Remove debug.log file when Grafana is stopped. #37367, @AgnesToulet
  o Security: Update dependencies to fix CVE-2021-36222. #37546, @ying-jeanne

8.1.0-beta3 (2021-07-29)
Features and enhancements
  o Alerting: Support label matcher syntax in alert rule list filter. #36408, @nathanrodman
  o IconButton: Put tooltip text as aria-label. #36760, @tskarhed
  o Live: Experimental HA with Redis. #36787, @FZambia
  o UI: FileDropzone component. #36646, @zoltanbedi
  o [v8.1.x] CloudWatch: Add AWS LookoutMetrics. #37329, @ilyastoli
Bug fixes
  o Docker: Fix builds by delaying go mod verify until all required files are copied over. #37246, @wbrowne
  o Exemplars: Fix disable exemplars only on the query that failed. #37296, @zoltanbedi
  o SQL: Fix SQL dataframe resampling (fill mode + time intervals). #36937, @idafurjes

8.1.0-beta2 (2021-07-23)
Features and enhancements
  o Alerting: Expand the value string in alert annotations and labels. #37051, @gerobinson
  o Auth: Add Azure HTTP authentication middleware. #36932, @kostrse
  o Auth: Auth: Pass user role when using the authentication proxy. #36729, @yuwaMSFT2
  o Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. #37129, @bryanuribe
Bug fixes
  o Config: Fix Docker builds by correcting formatting in sample.ini. #37106, @FZambia
  o Explore: Fix encoding of internal URLs. #36919, @aocenas

8.1.0-beta1 (2021-07-22)
Features and enhancements
  o Alerting: Add Alertmanager notifications tab. #35759, @nathanrodman
  o Alerting: Add button to deactivate current Alertmanager configuration. #36951, @domasx2
  o Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. #36552, @domasx2
  o Alerting: Allow any "evaluate for" value >=0 in the alert rule form. #35807, @domasx2
  o Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. #35769, @domasx2
  o Alerting: view to display alert rule and its underlying data. #35546, @mckn
  o Annotation panel: Release the annotation panel. #36959, @ryantxu
  o Annotations: Add typeahead support for tags in built-in annotations. #36377, @ashharrison90
  o AzureMonitor: Add curated dashboards for Azure services. #35356, @avidhanju
  o AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. #32273, @shuotli
  o AzureMonitor: Remove support for different credentials for Azure Monitor Logs. #35121, @andresmgot
  o AzureMonitor: Support querying any Resource for Logs queries. #33879, @joshhunt
  o Elasticsearch: Add frozen indices search support. #36018, @Elfo404
  o Elasticsearch: Name fields after template variables values instead of their name. #36035, @Elfo404
  o Elasticsearch: add rate aggregation. #33311, @estermv
  o Email: Allow configuration of content types for email notifications. #34530, @djairhogeuens
  o Explore: Add more meta information when line limit is hit. #33069, @ivanahuckova
  o Explore: UI improvements to trace view. #34276, @aocenas
  o FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. #35893, @torkelo
  o HTTP Client: Introduce dataproxy_max_idle_connections config variable. #35864, @dsotirakis
  o InfluxDB: InfluxQL: adds tags to timeseries data. #36702, @gabor
  o InfluxDB: InfluxQL: make measurement search case insensitive. #34563, @gabor
  o Legacy Alerting: Replace simplejson with a struct in webhook notification channel. #34952, @KEVISONG
  o Legend: Updates display name for Last (not null) to just Last*. #35633, @torkelo
  o Logs panel: Add option to show common labels. #36166, @ivanahuckova
  o Loki: Add $__range variable. #36175, @ivanahuckova
  o Loki: Add support for "label_values(log stream selector, label)" in templating. #35488, @ivanahuckova
  o Loki: Add support for ad-hoc filtering in dashboard. #36393, @ivanahuckova
  o MySQL Datasource: Add timezone parameter. #27535, @andipabst
  o NodeGraph: Show gradient fields in legend. #34078, @aocenas
  o PanelOptions: Don't mutate panel options/field config object when updating. #36441, @dprokop
  o PieChart: Make pie gradient more subtle to match other charts. #36961, @nikki-kiga
  o Prometheus: Update PromQL typeahead and highlighting. #36730, @ekpdt
  o Prometheus: interpolate variable for step field. #36437, @zoltanbedi
  o Provisioning: Improve validation by validating across all dashboard providers. #26742, @nabokihms
  o SQL Datasources: Allow multiple string/labels columns with time series. #36485, @kylebrandt
  o Select: Portal select menu to document.body. #36398, @ashharrison90
  o Team Sync: Add group mapping to support team sync in the Generic OAuth provider. #36307, @wardbekker
  o Tooltip: Make active series more noticeable. #36824, @nikki-kiga
  o Tracing: Add support to configure trace to logs start and end time. #34995, @zoltanbedi
  o Transformations: Skip merge when there is only a single data frame. #36407, @edgarpoce
  o ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. #33820, @torkelo
  o Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. #36548, @torkelo
  o live: Add support to handle origin without a value for the port when matching with root_url. #36834, @FZambia
Bug fixes
  o Alerting: Handle marshaling Inf values. #36947, @kylebrandt
  o AzureMonitor: Fix macro resolution for template variables. #36944, @andresmgot
  o AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. #32661, @pckls
  o AzureMonitor: Request and concat subsequent resource pages. #36958, @andresmgot
  o Bug: Fix parse duration for day. #36942, @idafurjes
  o Datasources: Improve error handling for error messages. #35120, @ifrost
  o Explore: Correct the functionality of shift-enter shortcut across all uses. #36600, @ivanahuckova
  o Explore: Show all dataFrames in data tab in Inspector. #32161, @ivanahuckova
  o GraphNG: Fix Tooltip mode 'All' for XYChart. #31260, @Posnet
  o Loki: Fix highlight of logs when using filter expressions with backticks. #36024, @ivanahuckova
  o Modal: Force modal content to overflow with scroll. #36754, @ashharrison90
  o Plugins: Ignore symlinked folders when verifying plugin signature. #34434, @wbrowne
Breaking changes
When parsing Elasticsearch query responses using template variables, each field gets named after the variable value instead of the name. For example, executing a terms aggregation on a variable named $groupBy that has @hostname as a value, the resulting column in the table response will be @hostname instead of $groupBy Issue #36035
Azure Monitor data source no longer supports different credentials for Metrics and Logs in existing data sources. To use different credentials for Azure Monitor Logs, create another data source. Issue #35121
Existing Azure Metrics Logs queries for Log Analytics Workspaces should be backward compatible with this change and should not get impacted. Panels will be migrated to use the new resource-centric backend when you first edit and save them.
Application Insights and Insights Analytics queries are now read-only and cannot be modified. To update Application Insights queries, users can manually recreate them as Metrics queries, and Insights Analytics are recreated with Logs.
Issue #33879
Plugin development fixes & changes
  o Toolkit: Improve error messages when tasks fail. #36381, @joshhunt

8.0.6 (2021-07-14)
Features and enhancements
  o Alerting: Add annotation upon alert state change. #36535, @davidmparrott
  o Alerting: Allow space in label and annotation names. #36549, @codesome
  o InfluxDB: Improve legend labels for InfluxDB query results. #36603, @gabor
Bug fixes
  o Alerting: Fix improper alert by changing the handling of empty labels. #36679, @davidmparrott
  o CloudWatch/Logs: Reestablish Cloud Watch alert behavior. #36558, @aocenas
  o Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. #36666, @glindstedt
  o DashboardList: Fix issue not re-fetching dashboard list after variable change. #36591, @torkelo
  o Database: Fix incorrect format of isolation level configuration parameter for MySQL. #36565, @marefr
  o InfluxDB: Correct tag filtering on InfluxDB data. #36570, @gabor
  o Links: Fix links that caused a full page reload. #36631, @torkelo
  o Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. #36664, @FZambia
  o Postgres/MySQL/MSSQL: Change time field to "Time" for time series queries. #36720, @marefr
  o Postgres: Fix the handling of a null return value in query results. #36648, @idafurjes
  o Tempo: Show hex strings instead of uints for IDs. #36471, @zoltanbedi
  o TimeSeries: Improve tooltip positioning when tooltip overflows. #36440, @ashharrison90
  o Transformations: Add 'prepare time series' transformer. #36737, @ryantxu

8.0.5 (2021-07-08)
Features and enhancements
  o Cloudwatch Logs: Send error down to client. #36277, @zoltanbedi
  o Folders: Return 409 Conflict status when folder already exists. #36429, @dsotirakis
  o TimeSeries: Do not show series in tooltip if it's hidden in the viz. #36353, @dprokop
Bug fixes
  o AzureMonitor: Fix issue where resource group name is missing on the resource picker button. #36400, @joshhunt
  o Chore: Fix AWS auth assuming role with workspace IAM. #36430, @wbrowne
  o DashboardQueryRunner: Fixes unrestrained subscriptions being created. #36371, @hugohaggmark
  o DateFormats: Fix reading correct setting key for use_browser_locale. #36428, @torkelo
  o Links: Fix links to other apps outside Grafana when under sub path. #36498, @torkelo
  o Snapshots: Fix snapshot absolute time range issue. #36350, @torkelo
  o Table: Fix data link color. #36446, @tharun208
  o Time Series: Fix X-axis time format when tick increment is larger than a year. #36335, @torkelo
  o Tooltip Plugin: Prevent tooltip render if field is undefined. #36260, @ashharrison90

8.0.4 (2021-07-01)
Features and enhancements
  o Live: Rely on app url for origin check. #35983, @FZambia
  o PieChart: Sort legend descending, update placeholder to show default …. #36062, @ashharrison90
  o TimeSeries panel: Do not reinitialize plot when thresholds mode change. #35952, @dprokop
Bug fixes
  o Elasticsearch: Allow case sensitive custom options in date_histogram interval. #36168, @Elfo404
  o Elasticsearch: Restore previous field naming strategy when using variables. #35624, @Elfo404
  o Explore: Fix import of queries between SQL data sources. #36210, @ivanahuckova
  o InfluxDB: InfluxQL query editor: fix retention policy handling. #36022, @gabor
  o Loki: Send correct time range in template variable queries. #36268, @ivanahuckova
  o TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. #36134, @ashharrison90

(triaxx)

games/woof: Update comment section of patches.

(micha)

doc: Updated devel/mob to 1.10.0

(schmonz)

Update to 1.10.0. From the changelog:

- Print current time after mob start. This helps when scrolling through
  the terminal to distinguish the mob start calls.

(schmonz)

Vault 1.7.1 -> 1.7.4.

(he)

Note update of security/vault to 1.6.6.

(he)

Upgrade security/vault to version 1.6.6.

Pkgsrc changes:
* Note that we need go >= 1.15.15.

Upstream changes:

26 August 2021

SECURITY:

* UI Secret Caching: The Vault UI erroneously cached and exposed
  user-viewed secrets between authenticated sessions in a single
  shared browser, if the browser window / tab was not refreshed or
  closed between logout and a subsequent login. This vulnerability,
  CVE-2021-38554, was fixed in Vault 1.8.0 and will be addressed in
  pending 1.7.4 / 1.6.6 releases.

CHANGES:

* go: Update go version to 1.15.15 [GH-12423]

IMPROVEMENTS:

* db/cassandra: Added tls_server_name to specify server name for
  TLS validation [GH-11820]

BUG FIXES:

* physical/raft: Fix safeio.Rename error when restoring snapshots
  on windows [GH-12377]
* secret: fix the bug where transit encrypt batch doesn't work
  with key_version [GH-11628]
* secrets/database: Fixed an issue that prevented external database
  plugin processes from restarting after a shutdown. [GH-12087]
* ui: Automatically refresh the page when user logs out [GH-12035]
* ui: Fixes metrics page when read on counter config not allowed [GH-12348]
* ui: fix oidc login with Safari [GH-11884]

(he)

Updated net/unbound, sysutils/ansible-base

(adam)

ansible-base: updated to 2.10.13

v2.10.13
========

Minor Changes
-------------
- Allow unsafe_writes to be set on target via env var, for those targets that need a blanket setting.

Bugfixes
--------
- Setup virtualization_facts - add RHV and oVirt type. This change will fully work for VMs in clusters at cluster level 4.4 or newer (https://github.com/ansible/ansible/pull/72876).
- ansible-test - allow to ignore ``rstcheck`` errors (https://github.com/ansible/ansible/pull/75272).
- callback default, now uses task delegate_to instead of delegate vars to display delegate to host
- callbacks, restores missing delegate_vars
- dnf module - Use all components of a package name to determine if it's installed (https://github.com/ansible/ansible/issues/75311).

(adam)

unbound: updated to 1.13.2

1.13.2

Features

Merge 317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge 470 from edevil: Allow configuration of persistent TCP connections.
Fix 474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge 478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge 486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge 491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.

Bug Fixes

Fix for Python 3.9, no longer use deprecated functions of PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now none), PyParser_SimpleParseFile (now Py_CompileString).
Merge 420 from dyunwei: DOH not responsing with "http2_query_read_done failure" logged.
Fix 422: IPv6 fallback issues when IPv6 is not properly enabled/configured.
Fix to make tests work with support indicators set for iterator.
Fix build on Python 3.10.
Fix doxygen and pydoc warnings.
Fix 429: rpz: url: with https: broken (regression in 1.13.1).
rpz skip nsec3param records, and nicer log for unsupported actions.
Fix 431: Squelch permission denied errors for tcp connect and udp connect from the logs, unless at high verbosity.
Fix for zonemd, that nxdomain for the chain of trust is allowed for island zones, it is treated as an insecure zone for verification.
Fix for zonemd, that domain-insecure zones work without dnssec.
Fix for zonemd, do not reject insecure result from trust anchor validation step in dnssec chain of trust.
On startup of unbound it checks if rlimits on memory size look sufficient for the configured cache size, and logs warning if not.
Fix function documentation.
Fix unit test for added ulimit checks.
spelling fix in header.
Fix 384: (1) A minor request to improve the log (2) A minor bug in one log message.
ipsecmod: Better logging for detecting a cycle when attaching the A/AAAA subquery.
Merge 367 : DNSTAP log local address. With code from 365 and fixes 368 : dnstap does not log the DNS message ID for FORWARDER_QUERY.
Fix to allow rpz with wildcard that applies to all TLDs at once.
Fix for 367: rc_ports don't have ub_sock; skip cleaning up.
Fix spurious errors about "Could not generate request: out of memory". The mesh detect cycle routine no longer wrongly stops the check when the calling mesh state is unique.
Workaround for 439: prevent loops in the reuse rbtree.
Debug output for 411 and 439: printout internal error and details.
Fix parse of LOC RR type for decimetres.
Fix 441: Minimal NSEC range not accepted for top level domains.
Fix for 447: squelch connection refused tcp connection failures from the log, unless verbosity is high.
Merge 449 from orbea: build: Add missing linker flags.
Comment out nonworking OSX and IOS travis tests, vm fails to start.
Fix compile error in listen_dnsport on Android.
Fix memory leak reported by asan in rpz SOA record query name.
Fix unused-function warning when compiling with --enable-dnscrypt.
Fix for 367: fix memory leak when cannot bind to listening port.
Reformat pythonmod/pythonmod_utils.{c,h}.
Travis enable all tests again. Clang analyzer only a couple times, when there is a difference. homebrew updates disabled, so it does not hang. removed trailing slashes from configure paths. Moved iOS tests to allow-failure.
travis, analyzer disabled on test without debug, that does not run anway. Turn off failing tests except one. Update iOS test to xcode image 12.2.
Fix deprecation test to work for iOS TVOS and WatchOS, it uses CFLAGS and CPPFLAGS and also checks if the item is unavailable.
Travis, fix script to fail when tasks fail.
Travis, fix warning in ubsan compile.
Fix configure Targetconfiditionals.h header check, to use compile.
Fix that cachedb does not produce empty object files when disabled.
Fix 429: Also fix end of transfer for http download of auth zones.
Disable the use of stack-protector for cross compiled 32-bit windows builds; relates to 444.
Fix stack-protector change to not override other CFLAGS options.
Clean makedist.sh.
Merge 460 from orbea: build: Link with the libtool archive.
Fix to stop IPv6 PMTU discovery.
Fix for 411: Depth protect for crash on deleted element timeout.
rebuild configure to set EXTRALINK to libunbound.la for 460.
Fix permission denied sendto log, squelch the log messages unless high verbosity is set.
Fix (increase) verbosity level for iterator error log in processQueryTargets().
Fix that nxdomain synthesis does not happen above the stub or forward definition.
Fix documentation comment for files previously residing in checkconf/.
Remove unused functions worker_handle_reply and libworker_handle_reply.
Merge 466 from FGasper: Support OpenSSLs that lack SSL_get0_alpn_selected.
Fix 468: OpenSSL 1.0.1 can no longer build Unbound.
Further fix for 468: detect SSL_CTX_set_alpn_protos for build with OpenSSL 1.0.1.
Fix that testcode dohclient has OpenSSL initialisation calls.
Fix compiler warning for signed/unsigned comparison for max_reuse_tcp_queries.
Fix 481: Fix comment in configuration file.
Fix to squelch tcp socket bind failures when the interface is gone.
Rerun flex and bison.
Fix for 367: only attempt to get the interface for queries that are no longer on the tcp_waiting_list.
Add more logging for out-of-memory cases.
Fix 485: Unbound occasionally reports broken stats.
Remove case fallthrough from deprecate-rsa-1024 code.
Merge 487: ifdef RLIMIT_AS in recently added check.
Fix that auth-zone zonefiles use last TTL if no TTL is specified.
Fix 489: Compile using MSYS2 MinGW 64-bit.
Fix for 411, 439, 469: Reset the DNS message ID when moving queries between TCP streams.
Refactor for uniform way to produce random DNS message IDs.
Test code has -q option for quiet output.
Fix 492: module-config respip missing in unbound.conf.5.in man page. Merges 494 from he32.
For 492: Fix font highlighting for the man page on emacs.
Merge 496 from banburybill: Use build system endianness if available, otherwise try to work it out.
Fix test for zonemd-check option.
Merge 448 from shoeper: Update unbound-control.8.in, fix rpz_disable typo.
Fix 425: Document auth-zone supports communication with DNS primary on nondefault port.
Fix unused variable warning when compiling with --enable-dnstap.
Generated lexer and parser for 486; updated example.conf.
Fix 413 (based on patch by k-ronny): unbound: does not compile on macOS 11.1-x86_64 host.
Use host_os instead of target_os in configure for Darwin8 build.
Fix 500: SPEC file in version 1.13.1 references version 1.4; unable to build RPM from source.
Fix contrib/unbound.spec, fixed url and comment.
Fix configure nonblocking test and onmingw test to use host.
Merge 440 by kimheino: Various fixes to contrib/unbound_munin_ file.
Fix a number of warnings reported by the gcc analyzer.
Fix 495: Documentation or implementation of "verbosity" option.
Fix 503: DNS over HTTPS response truncated.
Fix warnings reported by the gcc analyzer.
Add analyzer and port compile github workflow.
Fix up permissions on rpl data file in tests.
Fix testbound newline treatment in moment_read and tempfile write.
Fix configure grep for reuseport default for failure.
Fix compat ctime_r return value
Fix configure does not require pkg-config if not needed.
Fix unit test in the ctime_r calls for autotrust and in testbound.
Fix auth zone download on windows to unlink before rename.
Fix 506: Python Module Seems to Leak Memory if it Experiences an Unhandled Exception.
Fix Wunused-result compile warnings.
Fix compiler warnings for 491.
Fix clang-analysis warnings for testcode/readzone.c.
Merge 510 from ndptech: Don't call a function which hasn't been defined.
Fix for 510: in depth, use ifdefs for windows api event calls.
Fix spelling in doc/unbound.doxygen comment.
Fix spelling in localzone.h comment.
Fix unbound-control local_data and local_datas to print detailed syntax errors.
review fix to remove duplicate error printout.
Insert header into testcode/readzone.c, it was missing.
Fix from lint for ignored return value.
Fix for older parsers for function call in serve expired get cached.
Fix that ldns_zone_new_frm_fp_l counts the line number for an empty line after a comment.
Merge 512: unbound.service.in: upgrade hardening to latest standards.
Fix readzone unknown type print for memory resize.
Merge 513: Stream reuse, attempt to fix 411, 439, 469. This introduces a couple of fixes for the stream reuse functionality that could result in broken internal structures.
Fix 515: Compilation against openssl 3.0.0 beta2 is failing to build unbound.
For 515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and SSL_get_peer_certificate.
Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
Prepare for OpenSSL 3.0.0 provider API usage, move the sldns keyraw functions to produce EVP_PKEY results.
Move RSA and DSA to use OpenSSL 3.0.0 API.
Move ECDSA functions to use OpenSSL 3.0.0 API.
iana portlist update.
Fix verbose printout failure in tcp reuse unit test.
Merge 517 from dyunwei: 420 breaks the mesh reply list function that need to reuse the dns answer.
Annotate assertion into error printout; we think it may be an error, but the situation looks harmless.
Fix sign comparison warning on FreeBSD.
Listen to read or write events after the SSL handshake. Sticky events on windows would stick on read when write was needed.
Merge 415 from sibeream: Use /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing ports. (New --enable-linux-ip-local-port-range configuration option)
Bump MAX_RESTART_COUNT to 11 from 8; in relation to 438. This allows longer CNAME chains in Unbound.
In unit test use openssl set security level to allow keys in test.
Fix static analysis warnings about localzone locks that are unused.
Fix missing locks in zonemd unit test.
Fix readzone compile under debug config.
Fix out of sourcedir run of zonemd unit tests.
Fix libnettle zonemd unit test.
Fix unit test zonemd_reload for use in run_vm.
Fix 520: Unbound 1.13.2rc1 fails to build python module.

(adam)

doc: Removed go packages

(nia)

go-md2man: add missing file

(nia)

go-runewidth: remove, deprecated go-package, no users in pkgsrc

(nia)

go-termbox: remove, deprecated go-package, no users in pkgsrc

(nia)

go-kr-pretty: remove, deprecated go-package, no users in pkgsrc

(nia)

doc: Removed go packages

(nia)

go-sanitized_anchor_name: Remove, deprecated go-package, no users in pkgsrc

(nia)

go-blackfriday: Remove, deprecated go-package, no users in pkgsrc

(nia)

doc: Updated textproc/go-md2man to 2.0.1

(nia)

go-md2man: Update to 2.0.1. Switch to go-module build.

"This release has a number of rendering bugs resolved.
I窶囘 hoped to squash a few more but the fixes were a little more tricky and need more time to get right."

(nia)

security: Spell R-gitcreds correctly.

Should hopefully unbreak bulk builds.

(jperkin)

doc: Updated emulators/xcopilot to 0.6.6nb2

(ryoon)

xcopilot: Workaround for NetBSD/amd64. Bump PKGREVISION

* Add workaround for NetBSD/amd64. Not tested under other LP64PLATFORMS
  and OSes.
* Include some header files to resolve implicit uses.
* Fix some warinigs.

(ryoon)

doc: Updated emulators/qemu to 6.1.0

(ryoon)

qemu: Update to 6.1.0

* 6.1.0 release has NetBSD NVMM support.
* Fix NetBSD NVMM compile errors.
* Remove integrated Alpha patches.

Changelog:
Highlights include:

  * block: support for changing block node options after creation via
    'blockdev-reopen' QMP command
  * Crypto: more performant backend recommendations and improved documentation
  * I2C: emulation support for I2C muxes (pca9546, pca9548) and PMBus
  * TCG Plugins: now enabled by default, with new execlog and cache modelling
    plugins.
  * ARM: new board support for Aspeed (rainier-bmc, quanta-q7l1), npcm7xx
    (quanta-gbs-bmc), and Cortex-M3 (stm32vldiscovery) based machines
  * ARM: Aspeed support of Hash and Crypto Engine
  * ARM: emulation support for SVE2 (including bfloat16), integer matrix
    multiply accumulate operations, TLB invalidate in Outer Shareable domain,
    TLB range invalidate, and more.
  * PowerPC: pseries: support for detecting hotplug failures in newer guests
  * PowerPC: pseries: increased maximum CPU count
  * PowerPC: pseries: emulation support for some POWER10 prefixed instructions
  * PowerPC: new board support for Genesi/bPlan Pegasos II (pegasos2)
  * RISC-V: updates to OpenTitan platform support, including OpenTitan timer
  * RISC-V: support for virtio-vga
  * RISC-V: documentation improvements and general code cleanups/fixes
  * s390: emulation support for the vector-enhancements facility
  * s390: support for gen16 CPU models
  * x86: new Intel CPU model versions with support for XSAVES instruction
  * x86: added ACPI based PCI hotplug support for Q35 machine (now the default)
  * x86: improvements to emulation of AMD virtualization extensions
  * and lots more...

(ryoon)

Fix line split by a copy/paste, as pointed to wizd(8)

(manu)

Updated www/p5-URI-Fetch to 0.15

(wen)

Update to 0.15

Upstream changes:
0.15 2021-05-27 NEILB
    - Specify min perl as 5.008001 rather than 5.008_001, which was
      causing problems with some versions of ExtUtils::MakeMaker.
      RT#133491

0.14 2021-05-26 NEILB
    - When Benjamin created this, he had a server set up for doing the
      tests, but that's gone now. So to stop all the fails, I'm skipping
      the live tests for now. Could do with mocking, but this is a stop-gap.

0.13_01 2021-05-25 NEILB
    - Changed the test suite to use some online HTTP status code test servers.
      Let's see how reliable they are.

(wen)

Updated www/p5-WWW-Mechanize-Cached to 1.55

(wen)

Update to 1.55

Upstream changes:
Changes for version 1.55 - 2021-02-16
remove plan declared before Test::RequiresInternet (GH#26) (Dan Book)

(wen)

Updated www/p5-WWW-Mechanize to 2.04

(wen)

Update to 2.04

Upstream changes:
2.04      2021-08-06 12:28:31Z
    [ENHANCEMENTS]
    - Add a head() method to allow relative URLs (GH#321) (Julien Fiegehenn)

    [DOCUMENTATION]
    - Document that form_id() accepts an id, not a name (GH#319) (Olaf Alders)

(wen)

Updated time/p5-DateTime-Format-Flexible to 0.34

(wen)

Update to 0.34
Update DEPENDS

Upstream changes:
0.34
  - support timezones in parenthesis
  - Add support for YYYY-MM-DD HH:MM P.M. format
    - thanks Michael Schout for the patch!

0.33 Wed May 26 2021
  - changes to how some days are parsed to fix memory leaks
  - remove Module::Pluggable as a dependency
    - thanks BBKR rt #136597

(wen)

Updated time/p5-DateTime-Locale to 1.32

(wen)

Update to 1.32

Upstream changes:
Changes for version 1.32 - 2021-04-30
Rebuilt all locale data with the data from CLDR 39.0.0.

(wen)

bind911: Explicitly disable gssapi.

At some point it should be a proper option, but until then it needs to be
disabled to avoid bad detection (krb5 isn't even buildlinked).

(jperkin)

pulseaudio: Fix build on SunOS, and probably others.

The -Dtests=false is probably required everywhere as they depend on $ORIGIN
rpaths for internal libraries, and DATADIRNAME is no longer valid.

(jperkin)

Updated audio/mpg123, net/py-prometheus_client

(adam)

py-prometheus_client: updated to 0.11.0

0.11.0
[CHANGE] Specify that the labelvalues argument on metric constructors is internal by renaming it to _labelvalues. If you are affected by this change, it is likely that the metric was not being registered.
[BUGFIX] write_to_textfile will overwrite files in windows. If using python 3.4 or newer the replace will be atomic.

(adam)

mpg123: updated to 1.28.2

1.28.2
------
- libout123
-- Complete the fix for bug 314, reopening the device after format
  setup failure.

1.28.1
------
- build:
-- Explain --with-default-audio in configure help better.
-- Fix build of arm_fpu (regression of configure reorg).
-- Re-introduce AC_PROG_C_C99 macro for autoconf 2.69, it's only
  obsolete after that.
-- Un-break CMake build for botched move of CheckCPUArch.c.in (bug 315).
-- Avoid conflict of warning macro with MSVC pragmas in two places. Also
  fix UWP build with strerror check and move down inclusion of intsym.h
  (bug 316).
-- Disable libout123 (and mpg123, out123) on UWP with cmake to get at least
  the decoder lib built (317).
-- Hack around CMake bug(?) with QUERY_HAS_FPU to make ports/cmake also
  work in MinGW (bug 318).
- libmpg123:
-- Make mpg123.h.in usable again with MPG123_NO_CONFIGURE,
  for external uses (bug 313).
-- Use predefined MPG123_API_VERSION in mpg123.h.in for the same.
-- Better handle the ssize_t situation via typedef mpg123_ssize_t, less
  likely to be broken in future MSVC versions.
-- Fix an integer constant definition for the most negative 32 bit numnber to
  avoid justified compiler complaints.
- libsyn123:
-- More support for MPG123_NO_CONFIGURE.
-- Optionally use predefined SYN123_API_VERSION in syn123.h.in for the same.
-- Add a cast to silence integer sign warning for offset in muloffdiv64()
  (bug 317)
- libout123:
-- Pulse module advertises wider format support now, not
  just s16. This makes mpg123 -e s24 work with it, not just out123.
-- Optionally use predefined OUT123_API_VERSION in out123.h.in for
  non-configure use.
-- Fix sndio output to properly query device format support and get
  default fomat on FreeBSD (bug 314).

(adam)

Updated net/wireshark, net/nmap

(adam)

nmap: updated to 7.92

Nmap 7.92 [2021-08-08]

o [Windows] Upgraded Npcap to version 1.50, the fastest and most stable release
  yet. Among the many exciting changes listed at https://npcap.org/changelog is
  support for Windows on ARM, which means Nmap can now run on lightweight
  Windows tablets like the Surface Pro X.

o  Updated Nmap's NPSL license to rewrite a poorly-worded
  clause which many folks interpreted as a "field of endeavor
  restriction" related to "proprietary software companies".  We are
  retroactively offering Nmap versions 7.90 and 7.91 under this new
  Version 0.93 of the NPSL so that users and distributors may choose
  either version of the license.

o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK,
  and the UCRT, removing support for Windows Vista and earlier. Npcap is
  required for packet injection and capture, not WinPcap.

o New Nmap option --unique will prevent Nmap from scanning the same IP address
  twice, which can happen when different names resolve to the same address. [Daniel Miller]

o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  +  nbns-interfaces queries NetBIOS name service (NBNS) to gather IP
    addresses of the target's network interfaces [Andrey Zhukov]

  +  openflow-info gathers preferred and supported protocol versions
    from OpenFlow devices [Jay Smith, Mak Kolybabi]

  + port-states prints a list of ports that were found in each state, including
    states that were summarized as "Not shown: X closed ports" [Daniel Miller]

o Several changes to UDP payloads to improve accuracy:

  +  Fix an issue with -sU where payload data went out-of-scope before
    it was used, causing corrupted payloads to be sent. [Mariusz Ziulek]

  + Nmap's retransmission limits were preventing some UDP payloads from being
    tried with -sU and -PU. Now, Nmap sends each payload for a particular port
    at the same time without delay. [Daniel Miller]

  + New UDP payloads:
    -  TS3INIT1 for UDP 3389 [colcrunch]
    -  DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]

o [NSE] TLS 1.3 now supported by most scripts for which it is
  relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel
  connections and certificate parsing will require OpenSSL 1.1.1 or later to
  fully support TLS 1.3. [Daniel Miller]

o Changes to Nmap's XML output:

  + If a host times out, the XML <host> element will have the attribute
    timedout="true" and the host's timing info (srtt etc.) will still be printed.

  + The "extrareasons" element now includes a list of port numbers for each
    "ignored" state. The "All X ports" and "Not shown:" lines in normal output
    have been changed slightly to provide more detail. [Daniel Miller]

o  Fix an issue in addrset matching that was causing all targets to be
  excluded if the --excludefile listed a CIDR range that contains an earlier,
  smaller CIDR range. [Daniel Miller]

o Setting --host-timeout=0 will disable the host timeout, which is set by -T5
  to 15 minutes. Earlier versions of Nmap require the user to specify a very
  long timeout instead.

o [NSE] Prevent the ssl-* NSE scripts from probing ports that were
  excluded from version scan, usually 9100-9107, since JetDirect will print
  anything sent to these ports. [Daniel Miller]

o  Nmap no longer produces cryptic message "Failed to convert
  source address to presentation format" when unable to find useable route
  to the target. [nnposter]

o [Ncat] Use safety-checked versions of FD_* macros to abort early if
  number of connections exceeds FD_SETSIZE. [Pavel Zhukov]

o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping
  server data sent right after the connection got established, such as port
  banners. [Sami P旦nk辰nen]

o [Ncat] Fixed a bug in proxy connect mode which would close the
  connection as soon as it was opened in Nmap 7.90 and 7.91.

o [NSE] Fixed NSE so it will not consolidate all port script output
  for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]

o [Zenmap] Fixed an issue where a failure to execute Nmap would result
  in a Zenmap crash with "TypeError: coercing to Unicode" exception.

o Nmap no longer considers an ICMP Host Unreachable as confirmation that a
  target is down, in accordance with RFC 1122 which says these errors may be
  transient. Instead, the probe will be destroyed and other probes used to
  determine aliveness. [Daniel Miller]

o [Ncat] Ncat no longer crashes when used with Unix domain sockets.

o [Ncat] Ncat is now again generating certificates
  with the duration of one year. Due to a bug, recent versions of Ncat were
  using only one minute. [Tobias Girstmair]

o [NSE] URL/percent-encoding is now using uppercase hex digits
  to align with RFC 3986, section 2.1, and to improve compatibility with some
  real-world web servers. [nnposter]

o [NSE] Script hostmap-crtsh got improved in several ways. The most
  visible are that certificate SANs are properly split apart and that
  identities that are syntactically incorrect to be hostnames are now ignored.
  [Michel Le Bihan, nnposter]

o [NSE] Loading of a Nikto database failed if the file was referenced
  relative to the Nmap directory [nnposter]

o [NSE] SMB2 dialect handling has been redesigned. Visible
  changes include:
  * Notable improvement in speed of script smb-protocols and others
  * Some SMB scripts are no longer using a hardcoded dialect, improving
    target interoperability
  * Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02
  [nnposter]

o [NSE] Script smb2-vuln-uptime no longer reports false positives when
  the target does not provide its boot time. [nnposter]

o [NSE] Client packets composed by the DHCP library will now contain
  option 51 (IP address lease time) only when requested. [nnposter]

o [NSE] XML decoding in library citrixxml no longer crashes when
  encountering a character reference with codepoint greater than 255. (These
  references are now left unmodified.) [nnposter]

o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
  the audit rule base. [nnposter]

o [NSE] It is now possible to control whether the SNMP library uses
  v1 (default) or v2c by setting script argument snmp.version. [nnposter]

(adam)

wireshark: updated to 3.4.8

Wireshark 3.4.8 Release Notes

Bug Fixes

The following bugs have been fixed:

  • Dissector bug reported for Bluetooth Cycling Power Measurement
    characteristic for extreme angles value Issue 17505[1].

  • vcruntime140_1.dll deleted on Wireshark update/install Issue
    17506[2].

  • Raknet Addresses are incorrectly identified. Issue 17509[3].

  • Editcap saving files as ethernet when specifying '-T
    ieee-802-11-*' Issue 17520[4].

  • CoAP dissector confuses Content-Format with Accept Issue
    17536[5].

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet

New and Updated Capture File Support

There is no new or updated capture file support in this release.

(adam)

Updated devel/py-ruamel-yaml, devel/py-hexbytes

(adam)

py-hexbytes: updated to 0.2.2

0.2.2:
Unknown changes

(adam)

py-ruamel-yaml: updated to 0.17.14

[0, 17, 14]: 2021-08-25
  - fix issue 396, inserting key/val in merged-in dictionary (reported by `Bastien gerard
    <https://sourceforge.net/u/bagerard/>`__)

[0, 17, 13]: 2021-08-21
  - minor fix in attr handling

[0, 17, 12]: 2021-08-21
  - fix issue with anchor on registered class not preserved and those classes using package
    attrs with `@attr.s()` (both reported by `ssph <https://sourceforge.net/u/sph/>`__)

[0, 17, 11]: 2021-08-19
  - fix error baseclass for ``DuplicateKeyErorr`` (reported by `��ukasz Rogalski
    <https://sourceforge.net/u/lrogalski/>`__)
  - fix typo in reader error message, causing `KeyError` during reader error
    (reported by `MTU <https://sourceforge.net/u/mtu/>`__)

(adam)

Updated security/mit-krb5, devel/cmake

(adam)

cmake: updated to 3.21.2

CMake 3.21.2
* AUTOUIC: Add test for cyclic dependency between UI headers and timestamp
* CPackRPM: avoid a spurious `;` in the `%pre` and other sections with scripts
* FindMPI: do not detect `-framework` as a compile flag
* GNUInstallDirs: avoid unwanted variable dereference
* VS: Fix assertion failure on INCLUDE_DIRECTORIES in INTERFACE libraries
* VS: Fix /reference and /headerUnit flag table entries for v142 and v143
* CheckLanguage: Avoid CMP0126 warning
* AUTOUIC: Revert "Fix generating of dependency rules for UI header files"
* VS: Add special case for '-T version=14.29.16.11' under VS 16.11
* VS: Update Visual Studio 17 2022 generator for Preview 3.1
* Help: Add missing versionadded annotation for CPACK_DMG_FILESYSTEM
* Help: Fix unlinked mention of CMAKE_TOOLCHAIN_FILE
* BinUtils: Avoid searching CMAKE_PREFIX_PATH
* macOS: Restore support for Mac OS X 10.4 (Tiger)
* Platform/Haiku: Remove the include-once behavior
* CMakePresets: Check presets with their own file version
* CTest: Reset multi-options to persistent multi-options
* add_custom_command(DEPFILE) independent from CMAKE_DEPENDS_USE_COMPILER
* Help: get_filename_component: fix version info for cmake_path
* FindPkgConfig: Restore legacy behavior when CMP0126 is set to NEW
* Help: cmake_path: add missing parameter
* NVHPC: Support 21.07 change to '-MD' where it behaves like gcc
* NVHPC-CXX: Add support for C++20
* NVHPC-C: Add support for C17
* FindBinUtils: Fall back to ld for Clang without lld
* Android: Fix NDK toolchain dir on arm64 mac
* CUDA/Clang: Fix separable compilation in non-root directories with Makefiles
* CUDA/Clang: Simplify --register-link-binaries logic
* Ninja: Revert accidental LINK_WHAT_YOU_USE impl for static libraries

(adam)

mit-krb5: updated to 1.18.4

Major changes in 1.18.4

Fix a denial of service attack against the KDC encrypted challenge code [CVE-2021-36222].
Fix a memory leak when gss_inquire_cred() is called without a credential handle.

(adam)

doc: Updated textproc/split-thai to 2.8

(scole)

Update to 2.8
all changes for pthai.el
- replace parser to extract words from 'thai-word-table using a
  non-recursive algorithm which mitigates the need to adjust max-specpdl-size
- adjust pthai-twt-* functions to use new parser, fix pthai-twt-count
- fix some whitespace regexp boundary matching and boundary at end of thaiword
- add pthai-dictionary-save function
- rename a few functions for better organization

(scole)

Updated www/py-httptools, www/py-httpx

(adam)

py-httpx: updated to 0.19.0

0.19.0

Added

Add support for Client(allow_redirects=<bool>).
Add automatic character set detection, when no charset is included in the response Content-Type header.

Changed

Event hooks are now also called for any additional redirect or auth requests/responses.
Strictly enforce that upload files must be opened in binary mode.
Strictly enforce that client instances can only be opened and closed once, and cannot be re-opened.
Drop mode argument from httpx.Proxy(..., mode=...).

(adam)

py-httptools: updated to 0.3.0

v0.3.0

This release has no functional changes, only packaging: Python 3.5 is
EOL, so wheels are no longer built, and Python 3.10 has been added to
the roster along with aarch64 wheels on Linux and universal2 wheels on
macOS.

Changes:

Use cibuildwheel to build release wheels

(adam)

Updated textproc/py-babelfish, www/py-paste

(adam)

py-paste: updated to 3.5.0

3.5.0
Python 3 fixes to auth and wsgi.errors handling; notably making wsgi.errors text.

3.4.6
Explicit pkg_resource dependency to easy packaging.

3.4.5
Remove deprecated dependencies paste/fixture.py.

(adam)

py-babelfish: updated to 0.6.0

0.6.0

WARNING: Backward incompatible changes

Use poetry as build system
Use pytest as test runner
Move documentation to README
Use GitHub Actions CI

(adam)

doc: Updated net/gh to 2.0.0

(bsiegert)

gh: update to 2.0.0.

Support for command extensions

GitHub CLI extensions are additional gh commands that you can install from
other repositories.

For more information, see gh help extension. To see currently published
extensions, browse repositories with the gh-extension topic. Note that
extensions may have runtime dependencies other than gh.

Other additions

- Display label colors in issue list output
- Add tablerow/tablerender template functions for rendering data as tables
- Add GH_FORCE_TTY to enable terminal-style output even when redirected
- Add repo sync command to sync a branch with its upstream state
- Add pr checkout --branch flag to control the branch name
- Add release create --discussion-category flag
- Add gh config set browser option and GH_BROWSER environment variable
- Add gh repo list --topic filter
- Add PowerShell instructions to completion help

(bsiegert)

openssl: fix building on Darwin

(adam)

Updated devel/py-dulwich, comms/py-rich

(adam)

py-rich: updated to 10.7.0

10.7.0

Added

Added Text.apply_meta
Added meta argument to Text.assemble
Added Style.from_meta
Added Style.on
Added Text.on

Changed

Changed RenderGroup to Group and render_group to group (old names remain for compatibility but will be deprecated in the future)
Changed rich.repr.RichReprResult to rich.repr.Result (old names remain for compatibility but will be deprecated in the future)
Changed meta serialization to use pickle rather than marshal to permit callables

(adam)

py-dulwich: updated to 0.20.25

0.20.25
* Fix ``dulwich`` script when installed via setup.py.
* Make default file mask consistent with Git.

(adam)

Work around build failure on i386 caused by internal compiler error

On i386, cc1plus hits an internal error when building gfx/wr/swgl/src/gl.cc
with -O2 or -O1. This change adjusts the build script to force -O0.

(manu)

postgresql-promscale_extension: use correct pgx tree. Bump.

Readme.md say to pull the pgx crates from the "timescale" branch, but the
Cargo.toml specifies the "guardless" branch ...

(tnn)

doc: Updated security/openssl to 1.1.1l

(jperkin)

openssl: Update to 1.1.1l.

Changes between 1.1.1k and 1.1.1l [24 Aug 2021]

*) Fixed an SM2 Decryption Buffer Overflow.

  In order to decrypt SM2 encrypted data an application is expected to call the
  API function EVP_PKEY_decrypt(). Typically an application will call this
  function twice. The first time, on entry, the "out" parameter can be NULL and,
  on exit, the "outlen" parameter is populated with the buffer size required to
  hold the decrypted plaintext. The application can then allocate a sufficiently
  sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
  value for the "out" parameter.

  A bug in the implementation of the SM2 decryption code means that the
  calculation of the buffer size required to hold the plaintext returned by the
  first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
  the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
  called by the application a second time with a buffer that is too small.

  A malicious attacker who is able present SM2 content for decryption to an
  application could cause attacker chosen data to overflow the buffer by up to a
  maximum of 62 bytes altering the contents of other data held after the
  buffer, possibly changing application behaviour or causing the application to
  crash. The location of the buffer is application dependent but is typically
  heap allocated.
  (CVE-2021-3711)
  [Matt Caswell]

*) Fixed various read buffer overruns processing ASN.1 strings

  ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
  structure which contains a buffer holding the string data and a field holding
  the buffer length. This contrasts with normal C strings which are repesented as
  a buffer for the string data which is terminated with a NUL (0) byte.

  Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
  own "d2i" functions (and other similar parsing functions) as well as any string
  whose value has been set with the ASN1_STRING_set() function will additionally
  NUL terminate the byte array in the ASN1_STRING structure.

  However, it is possible for applications to directly construct valid ASN1_STRING
  structures which do not NUL terminate the byte array by directly setting the
  "data" and "length" fields in the ASN1_STRING array. This can also happen by
  using the ASN1_STRING_set0() function.

  Numerous OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "data" field, then a read buffer overrun can occur.

  The same thing can also occur during name constraints processing of certificates
  (for example if a certificate has been directly constructed by the application
  instead of loading it via the OpenSSL parsing functions, and the certificate
  contains non NUL terminated ASN1_STRING structures). It can also occur in the
  X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.

  If a malicious actor can cause an application to directly construct an
  ASN1_STRING and then process it through one of the affected OpenSSL functions
  then this issue could be hit. This might result in a crash (causing a Denial of
  Service attack). It could also result in the disclosure of private memory
  contents (such as private keys, or sensitive plaintext).
  (CVE-2021-3712)
  [Matt Caswell]

(jperkin)

postgresql-promscale_extension: fix previous update and bump rev

The update was incomplete because I forgot to update the GITHUB_TAG.

(tnn)

Updated textproc/py-validators, textproc/py-regex

(adam)

py-regex: updated to 2021.8.21

2021.8.21:
Unknown changes

(adam)

py-validators: updated to 0.18.2

0.18.2:
- Implement actual validation for old style BTC addresses including checksumming
- Use a regex to guesstimate validity of new segwit BTC addresses

(adam)

Updated www/py-curl, textproc/py-humanize

(adam)

py-humanize: updated to 3.11.0

3.11.0

Added
Add Bengali langauage

Fixed
Fix Korean localization

(adam)

py-curl: updated to 7.44.1

PycURL 7.44.1 - 2021-08-15
--------------------------
This release repairs incorrect Python thread initialization logic which
caused operations to hang.

PycURL 7.44.0 - 2021-08-08
--------------------------
This release reinstates best effort Python 2 support, adds Python 3.9 and
Python 3.10 alpha support and implements support for several libcurl options.

(adam)

fluidsynth: skip a portability check

(tnn)

Updated textproc/py-pygments, textproc/py-ujson

(adam)

py-ujson: updated to 4.1.0

4.1.0

Added

Add gcov coverage testing for C code
Test Python 3.10-dev

Changed

Remove unused variable
Remove explicit handling of manylinux platform tag

Fixed

dconv no longer uses global instances of StringToDoubleConverter and
Switch shebang for the manylinux-wheels script
Fix typos in error message

(adam)

py-pygments: updated to 2.10.0

Version 2.10.0

- Added lexers:

  * ASC armored files
  * GSQL
  * Javascript REPL
  * procfile
  * Smithy

- Updated lexers:

  * C-family: Fix preprocessor token issues
  * C#
  * CSound
  * Fennel
  * JavaScript
  * LLVM
  * Rust

    - Fix lexing of "break" and "continue"
    - Improve attribute handling

  * Scala: Add support for the ``\`` operator
  * Swift
  * Tcl: Allow ``,`` and ``@`` in strings

- Fix assert statements in TNT lexer.
- Token types across all lexers have been unified (using the most common token
  type name)
- Improve Jasmin min score analysis
- Add new alias for Go files
- Fix multi-line console highlighting
- Add a new trivial lexer which outputs everything as `Text.Generic.Output`
- Use the ``.ini`` lexer for ``systemd`` files
- Fix a ``FutureWarning`` related to ``words()``
- ``pwsh`` is now recognized as an alias for PowerShell

(adam)

doc: Removed go packages

(nia)

go-pflag: remove, deprecated go-package, no users in pkgsrc

(nia)

go-try: remove, deprecated go-package, no users in pkgsrc

(nia)

go-fsnotify: remove, deprecated go-package, no users in pkgsrc

(nia)