gyp: Remove unused patches

(ryoon)

Removed security/py-ezPyCrypto, databases/py-elixir, www/py-cherrypy17, www/py-gdata

(adam)

py-gdata: removed (outdated)

(adam)

Removed cherrypy17 from versioned_dependencies.mk

(adam)

Removed cherrypy17 from versioned_dependencies.mk

(adam)

py-cherrypy17: removed

(adam)

py-elixir: removed

(adam)

py-ezPyCrypto: removed

(adam)

emulators: Improve accuracy of COMMENT

(nia)

Updated devel/py-dulwich, net/py-dropbox

(adam)

py-dropbox: updated to 11.2.0

v11.2.0
Automated Spec Update
Bump peter-evans/create-pull-request from v3.7.0 to v3.8.2

(adam)

py-dulwich: updated to 0.20.19

0.20.19
* Fix handling of negative matches in nested gitignores.

0.20.18
* Fix formatting in setup.py.
* Add release configuration.

0.20.17
* credentials: ignore end-of-line character.
* Fix failure in get_untracked_paths when the repository contains symlinks.
* docs: Clarify that Git objects are created on `git add`.

0.20.16
* Add flag to only attempt to fetch ignored untracked files when specifically requested.

(adam)

ghc80: merge fix for NetBSD-current from ghc810

(wiz)

doc: Updated lang/go116 to 1.16

(bsiegert)

go116: update to the final 1.16 release

I did not find a detailed changelog from rc1.

(bsiegert)

ghc84: merge NetBSD-current support from ghc810

(wiz)

doc: Updated sysutils/intel-microcode-netbsd to 20210216

(msaitoh)

Update intel-microcode-netbsd to 20210216.

## microcode-20210216

### Purpose

- Security updates for INTEL-SA-00381

### New Platforms

None

### Updated Platforms

| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP        | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable
| SKX-D          | M1      | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx
| CLX-SP        | B0      | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2
| CLX-SP        | B1      | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2

### Removed Platforms

None

(msaitoh)

Fix two null pointer reference

(manu)

mozc: Disable debug build. It is accidentally enabled

(ryoon)

ghc88: backport fix for NetBSD-current from ghc810

(wiz)

Updated devel/py-cffi, devel/py-configargparse, devel/py-txaio, textproc/py-dominate

(adam)

py-dominate: updated to 2.6.0

2.6.0:
Add get_current() to return the current active element in a with context.

(adam)

py-txaio: updated to 20.12.1

20.12.1
- new: CI/CD migrated to GitHub Actions
- new: support Python 3.9 (CI / testing added)
- new: minimum Python version is now 3.6

(adam)

py-configargparse: updated to 1.3

1.3:
Unknown changes

(adam)

py-cffi: updated to 1.14.5

v1.14.5

Source fix for old gcc versions
This and future releases should include wheels on more platforms, thanks to our new release managers Matt and Matt!

(adam)

ham/xlog: Improve workarounds for upstream portability issues

(gdt)

ham/xlog: Drop MAINTAINERship

Note upstream's unusual stance on people building from the repo.

(gdt)

Updated lang/python36, lang/python37, lang/py36-html-docs, lang/py37-html-docs

(adam)

python37 py37-html-docs: updated to 3.7.10

Python 3.7.10

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.

Library
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return None when triying to locate a library in an environment when gcc>=9 is available and ldconfig is not. Patch by Pablo Galindo

Documentation
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.

(adam)

python36 py36-html-docs: updated to 3.6.13

Python 3.6.13 final

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.

Core and Builtins
bpo-35560: Fix an assertion error in format() in debug build for floating point formatting with ���n��� format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan.

Library
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.

(adam)

doc: Updated security/pcsc-lite to 1.9.1

(gdt)

security/pcsc-list: Update to 1.9.1

1.9.1: Ludovic Rousseau
16 February 2021
- Do not (possibly) lock a reader if allocating hCard fails
- Fix a hang in SCardTransmit()
- Do not report an error if the wrong interface is used by the driver
- Update reader state when a card is removed during an exchange
- readerfactory: Make sure a freed Reader Context is not accessed
- PHSetProtocol(): supports T=0&1 cards on T=0 reader
- hotplug-libusb:
  . support CCIDCLASSDRIVER
  . add interface name to reader name
  . remove obsolete libhal scheme
- Some other minor improvements

(gdt)

Updated security/py-rsa, devel/py-atpublic, www/py-sanic, security/py-google-auth

(adam)

py-google-auth: updated to 1.26.1

1.26.1

Documentation

fix a typo in the user guide (avaiable -> available)

Bug Fixes

revert workload identity federation support

1.26.0

Features

workload identity federation support

(adam)

py-sanic: updated to 20.12.2

Version 20.12.2

Dependencies

Fix uvloop to 0.14 because 0.15 drops Python 3.6 support
Remove old chardet requirement, add in hard multidict requirement

(adam)

py-atpublic: updated to 2.1.3

2.1.3
* I `blue <https://blue.readthedocs.io/en/latest/>`_ it!

(adam)

py-rsa: updated to 4.7.1

Version 4.7.1
Fix threading issue introduced in 4.7

(adam)

doc: Updated fonts/unifont to 13.0.06

(fcambus)

unifont: update to 13.0.06.

2021-02-13  Paul Hardy <unifoundry@unifoundry.com>
* 210205_Unifoundry_Memorandum.pdf: added legal memorandum.
* font/Makefile:
  - Updated copyright for 2021.
  - Changed unifontpic input to Unifont sample set glyphs.
* font/plane00csur/
  - plane00csur-spaces.hex: Added U+0020 space glyph.
  - plane00csur.hex: Fixed U+EB63 (Savannah bug 59763).
* font/ttfsrc/Makefile: updated copyright for 2021.

(fcambus)

doc: Added devel/wabt version 1.0.20

(fcambus)

Add wabt.

(fcambus)

devel/wabt: import wabt-1.0.20.

WABT (we pronounce it "wabbit") is a suite of tools for WebAssembly.

These tools are intended for use in (or for development of) toolchains
or other systems that want to manipulate WebAssembly files. Unlike
the WebAssembly spec interpreter (which is written to be as simple,
declarative and "speccy" as possible), they are written in C/C++
and designed for easier integration into other systems. Unlike
Binaryen these tools do not aim to provide an optimization platform
or a higher-level compiler target; instead they aim for full fidelity
and compliance with the spec (e.g. 1:1 round-trips with no changes
to instructions).

(fcambus)

ghc90: Fix COMMENT

(ryoon)

ghc810: Regenerate distinfo to include all distfiles and fix COMMENT

(ryoon)

doc: Updated net/s6-networking to 2.4.1.0

(schmonz)

Update to 2.4.1.0. From the changelog:

- Bugfixes.
- Handshake timeout now also works with the libtls backend.
- The SNI server name is now exported after the handshake in the
  SSL_TLS_SNI_SERVERNAME variable.

(schmonz)

doc: Updated sysutils/s6 to 2.10.0.2

(schmonz)

Update to 2.10.0.2. From the changelog:

- Bugfixes.

(schmonz)

doc: Updated lang/execline to 2.8.0.0

(schmonz)

Update to 2.8.0.0. From the changelog:

- By default, if now propagates its child exit code when it exits.
- backtick now propagates failure by default; its options have slightly
  different semantics (-i becomes default, new -x introduced).

pkgsrc changes:

- Add manual pages by flexibeast.

(schmonz)

doc: Updated devel/skalibs to 2.10.0.2

(schmonz)

Update to 2.10.0.2. From the changelog:

- Bugfixes.

(schmonz)

Updated devel/rudiments, databases/sqlrelay; Removed lang/nodejs8

(adam)

nodejs8: removed

(adam)

sqlrelay: updated to 1.8.0

SQL Relay 1.8.0

This release mainly lays the groundwork for some future features, including a generic import/export framework. Some notable progress was also made on the JDBC driver, though it's still not finished. The most significant (finshed) new feature is an aes128 password encryption module.

There are some bugfixes as well. A long-standing issue with postgresql that could cause results from multiple open cursors to get confused has been resolved. A subtle error that could cause counting of bind variables on the client-side to hang has been fixed. A long-standing, but apparently obscure, issue that could cause tables from other MySQL schemas to be included in a "show tables" command has been fixed. As well as various other issues.

Full ChangeLog follows:

unattended tests
added sqlrresultsetdomnode class to c++ client API
fixed datedelimiters parameter
added support for SQLParamOptions with SQLUINTEGER arguments
sqlr-import detects uppercase .CSV suffix now
fixed a csv number-detection but in sqlr-import
fixed a delete[] of a const in sqlr-import
it's possible to specify a commitcount of 0 with sqlr-import now
moved sqlrimportxml/csv classes into libsqlrclient
moved sqlrexportxml/csv classes into libsqlrclient
csv import/export is consistent now
added some event methods to sqlrexport
migrated parsedatetime functions to rudiments datetime class
different postgresql cursors use different stmtNames now
sqlrimportcsv can create a primary key that's not in the CSV now
sqlrexportcsv quotes 12+ digit numbers now
fixed subtle, count-related issues when validating bind variables on the client side, that could cause a hang
added an aes128 pwdenc module
applied a patch to fix a crash in the debug logger (missing "%s")
added a tweak to getsitearchdir.rb to fix incorrect lib/lib64 reporting on some centos x64 systems
fixed mysql getColumnList to distinquish proper db/schema

SQL Relay 1.7.0

This release adds 2 significant features: support for the PostgreSQL client-server protocol, and a "replay" module to help automatically recover from deadlocks and lock-timeouts, but also has the usual assortment of minor bugfixes and internal changes.

Full ChangeLog follows:

added postgresql protocol module
updated postgresql connection module to get column info pre-execute
fixed postgresql connection module type oid bug
added tag filter/moduledata
added moduledata(s)::closeResultSet()/endTransaction()/endSession()
mysql protocol returns empty lobs correctly now (not as nulls)
configure replaces -lfbclient with -lgds on freebsd/firebird-2.0.3
fixed a bug that could cause sqlr-stop to try to kill pid 0
fixed unixodbc detection on solaris 11.4
added configure test for PQdescribePrepared
test improvements
documentation improvements
split sqlrelay-crash directive into its own module
deprecated drop-in replacement libraries in favor of protocol support
fixed various mysql 4.x bugs
sqlr-status creates statistics on heap now instead of stack, to work on platforms with a small default ulimit stack
mysql stored procedure test is bypassed for older mysql
tls test is bypassed for older openssl
added NULL handoff socket workaround
improved shutdown/crash handlers for sqlr-listener/connection
fixed hang when more-than-one address was specified in the instance:addresses attribute
*_null used instead of *_unset on PHP 7.4

SQL Relay 1.6.0

This release mainly addresses some recently discovered regressions, but also adds some internal features that required the minor version to be bumped.

ChangeLog follows:

added begin, commit, rollback events
fixed array_init() calls for php-7.3
integrated my_bool fix for mysql 8.0.1+
mysql sslmode=require/prefer + bad sslca/sslcapath generates warning rather than error now (like the mysql cli)
refactored various routines that parse bind variables out of queries
added bindvariabledelimiters config option to define supported bind variable delimiters
added fakeinputbindvariablesunicodestrings config option
added bind variable delimiters config methods to c++ api
replay trigger can now run a query (eg. "show engine innodb status") and log the reslits to a file when a replay condition occurs
replay trigger doesn't log/replay selects by defalit now (but this is configurable)
updated normalize translation to support queries containing binary data
fixed a backslash-escape bug in the normalize translation
refactored some sqlrclient api private methods
refactored various bind-manipliation/detection methods
sqlr-listener creates tmpdir now on start, if it doesn't exist (because this is often in /run, which is often a tmpfs)
postgresql connection modlie forces re-fetch of column data after execute now
everything uses charstring::isYes/isNo now, instead of direct comparisons against "yes" or "no"
fixed subtle sqlexecdirect bug
fixed subtle sqlserver max-varchar bind length bug
fixed various subtle sqlserver bugs where column-info isn't valid until after execute
odbc connection modlie sets column precision = column length if column precision = -1
when using odbc on front and back end, the object type works in SQLTables now
reslit set translations work with "show databases/tables/etc." queries with an ODBC backend now
increased oid buffer sizes in postgresql connection
fixed typemangling->tablemangling typo in postgresql connection - tablemangling sholid work without typemangling now
fixed a '...\\''...' parsing bug
non-odbc connection modlies now return odbc-compatible(ish) table lists
client info is no longer reset during endSession
fixed a bug that colid cause sqlite "show tables like '...'" to crash
fixed odbc unicode nlil user/password bug
fixed PyString_AsString for python 3.<3
fixed bug that caused some MSSQL lobs to sometimes be returned as nlils when using ODBC on the backend
fixed bug that caused some MSSQL date fields to get returned as garbage
fixed a few older sqlrclient compatibility bugs
fixed SQLFetch parameter type mismatch in ODBC api
removed a non-c++17-compliant "register" from custom_nw logger
added support for nodejs 12
SQLDriverConnect can take an inline DSN now
fixed odbc maxcolumncount=-1 crash
odbc, db2, and informix set bind format error now

(adam)

rudiments: updated to 1.3.1

Rudiments 1.3.1

This patch release fixes a bug in the rpm spec file and a missing library dependency in the link command for librudiments-apache.

Rudiments 1.3.0

This release mainly featured integration of code from other projects. The remnants of the old firstworks project "stencil" have been merged in, as well as some MVC base classes from other projects. Some date-time parsing code from SQL Relay has been pushed down into the datetime class.

There are some new features as well - most notably an encryption framework and aes128 class. There are also sax/dom parsers for CSV, ini, and java-style properties files as well, similar to the xml/json sax/dom classes.

The logger classes have been refactored a bit, in back-incompatible ways. Thus the minor version bump.

Full ChangeLog follows:

unattended tests
added support for escaping single/double-quotes to templateengine
migrated in clasess from stencil project
added librudiments-apache
added \r\n support when parsing CSVs
integrated MVC base classes from other projects
added inisax/inidom and propsax/propdom classes
added cronschedule class
added logger start/end methods
logger string-write works like printf now
logger indent uses uint32_t now
removed some unused logger::write() methods
added a log level to the logger class
process::spawn()'s forked child exits if exec() fails now
charstring::replace() methods are null-safe now
migrated datetime::parse() and datetime::formatAs() from sqlrelay
csvsax accepts empty (or all whitespace) files now
logger::write() is null-safe now
base64encode is whitespace-safe now
added support for 5-part dates and day-month-year 4-part dates
added datetime::getWeekOfYear
added file::extension
added directory::createTemporaryDirectory
added directory::removeTree
added encryption interface
added aes128 encryption
added charstring::startsWith/endsWith

Rudiments 1.2.2

This is a minor bug-fix release. ChangeLog follows:

fixed another long-standing charstring::httpEscape bug
-Wno-deprecated-declarations is now included if possible
added configure tests for RB_HALT/AUTOBOOT (enums on solaris 11.4)
certificate tests use sha1 if sha256 is unavailable
filedescriptor::pvt->_lstnr is initialzed to NULL in clone operation now
listener::listen() safely handles non pollin/out events now
removed waitForChildren() from shutdown/crash handlers
sigsuspend() fails if errno!=EINTR now instead of whether it returns -1
filtered out -Wl,-Bsymbolic-functions -Wl,-z,relro from krb5-config

Rudiments 1.2.1

This is a minor bug-fix release. ChangeLog follows:

charstring::isYes includes "on" and charstring::isNo includes "off"
tabs are url-encoded correctly now
"unsafe" characters are url-encoded now
httpEscape uses character::isAlphanumeric now (to improve perforamnce)
some file-descriptor-passing tweaks for modern FreeBSD
fixed some json parsing bugs
updated default_md=sha256 in ca.cnf to generate ca.pem in tests
fixed a possible double-free in listener::cleanUp

Rudiments 1.2.0

This release adds a few minor features, and fixes a few minor bugs...

The jsonsax/dom classes handle escaping correctly now.

The url class features a getError() method which returns more detailed error information than the error class. For example, if there's a protocol error, as opposed to an operating-system-level error, then url::getError() returns it.

A sha256 class has been added. The sha1, sha256, and md5 classes now prefer to use libcrypto implementations, if they are available, as they might be hardware accelerated, but fall back to internal implementations if they are not available.

hash::getHash() returns binary data now, for all hashes. Previously sha1/256 returned binary data and md5 returned a string.

charstring::hexEncode()/hexDecode(), and charstring::before()/between()/after() methods have been added to the charstring class.

The url class now supports setting the user agent and other headers for http urls. It also supports making http POST requests.

The various container classes (linkedlist, avltree, dictionary, etc.) all support remove/clearAnd(Array)Delete methods. The removeAnd(Array)Delete methods remove the node from the container and delete the value stored in the node as well. The clearAnd(Array)Delete methods operate similarly, removing all nodes.

(adam)

doc: Updated graphics/glew to 2.2.0

(nia)

glew: Update to 2.2.0

Changes:
new extensions and minor bug fixes

(nia)

doc: Updated net/get_iplayer to 3.27

(nia)

get_iplayer: Update to 3.27

Release notes:
https://github.com/get-iplayer/get_iplayer/wiki/release320to329#release327

(nia)

doc: Updated chat/bitlbee-facebook to 1.2.2

(nia)

bitlbee-facebook: Update to 1.2.2

bitlbee-facebook-1.2.2 (2021-02-13):
  - Fix id assertion in fb_api_cb_publish_mst()
  - Increase sync_interval from 5 to 1440 ("The action attempted has been
    deemed abusive or is otherwise disallowed")
  - Bump the FB_ORCA_AGENT version once again

(nia)

Use setusercontext(3)

Using setusercontext(3) makes per-user tmp work. Fixes PR 55765.

(kim)

Pullup ticket #6427 - requested by taca
lang/php73: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.320
- lang/php73/distinfo                                          1.32

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Feb  5 14:46:58 UTC 2021

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php73: distinfo

  Log Message:
  lang/php73: update to 7.3.27

  04 Feb 2021, PHP 7.3.27

  - SOAP:
    . Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) (cmb, Stas)

(bsiegert)

Pullup ticket #6426 - requested by taca
lang/php74: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.319
- lang/php74/distinfo                                          1.19

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Feb  5 14:45:20 UTC 2021

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php74: distinfo

  Log Message:
  lang/php74: update to 7.4.15

  04 Feb 2021, PHP 7.4.15

  - Core:
    . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
    . Fixed bug #80384 (filter buffers entire read until file closed). (Adam
      Seitz, cmb)

  - Curl:
    . Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request). (cmb)

  - Date:
    . Fixed bug #80376 (last day of the month causes runway cpu usage. (Derick)

  - MySQLi:
    . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to
      interpret bit columns). (Nikita)
    . Fixed bug #64638 (Fetching resultsets from stored procedure with cursor
      fails). (Nikita)
    . Fixed bug #72862 (segfault using prepared statements on stored procedures
      that use a cursor). (Nikita)
    . Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP
      with a cursor). (Nikita)

  - Phar:
    . Fixed bug #77565 (Incorrect locator detection in ZIP-based phars). (cmb)
    . Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
      (cmb)

  - SOAP:
    . Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702) (cmb,
      Stas)

(bsiegert)

Pullup ticket #6425 - requested by bouyer
sysutils/xentools411: build fix, bugfix

Revisions pulled up:
- sysutils/xentools411/Makefile                                1.25
- sysutils/xentools411/distinfo                                1.16
- sysutils/xentools411/patches/patch-tools_ocaml_Makefile.rules 1.1
- sysutils/xentools411/patches/patch-tools_ocaml_common.make    1.2
- sysutils/xentools411/patches/patch-tools_xenstore_xenstored_core.c 1.1

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Thu Feb  4 11:45:53 UTC 2021

  Modified Files:
  pkgsrc/sysutils/xentools411: Makefile distinfo
  pkgsrc/sysutils/xentools411/patches: patch-tools_ocaml_common.make
  Added Files:
  pkgsrc/sysutils/xentools411/patches: patch-tools_ocaml_Makefile.rules
      patch-tools_xenstore_xenstored_core.c

  Log Message:
  Fix build with newer ocaml.
  Fix xenstored leaking file descriptors and busy-looping over them.

(bsiegert)

Pullup ticket #6424 - requested by bouyer
sysutils/xenkernel411: security fix

Revisions pulled up:
- sysutils/xenkernel411/Makefile                                1.20
- sysutils/xenkernel411/distinfo                                1.18
- sysutils/xenkernel411/patches/patch-XSA355                    1.1

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Thu Feb  4 11:41:38 UTC 2021

  Modified Files:
  pkgsrc/sysutils/xenkernel411: Makefile distinfo
  Added Files:
  pkgsrc/sysutils/xenkernel411/patches: patch-XSA355

  Log Message:
  Add upstream patch for XSA355. Bump PKGREVISION

(bsiegert)

Pullup ticket #6422 - requested by bouyer
sysutils/xenkernel413: security fix

Revisions pulled up:
- sysutils/xenkernel413/Makefile                                1.12
- sysutils/xenkernel413/distinfo                                1.9
- sysutils/xenkernel413/patches/patch-XSA355                    1.1
- sysutils/xenkernel413/patches/patch-XSA360                    1.1

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Wed Feb  3 22:27:16 UTC 2021

  Modified Files:
  pkgsrc/sysutils/xenkernel413: Makefile distinfo
  Added Files:
  pkgsrc/sysutils/xenkernel413/patches: patch-XSA355 patch-XSA360

  Log Message:
  Add upstream patches for Xen security advisory 355 and 360.
  Bump PKGREVSION

(bsiegert)

texlive-collection-latex: broaden a dependency pattern

Redo v. 1.14: might as well make it explicitly accept anything, for
clarity.

(gutteridge)

texlive-collection-latex: adjust dependency to fix builds

print/tex-pslatex went from version 2009 to version 1.3, so adjust
accordingly. (This new pattern will accept the old versioning, but
the change log suggests that's viable.)

(gutteridge)

Update emulators/qemu to 5.1.0nb12 with a local patch to add VirtIO devices to
the MIPSSIM target machine. Its only supported in NetBSD-current as of today
15 feb 2021. Other OSs or earlier versions of NetBSD are not affected.

(reinoud)

Add *local* patch for the Qemu MIPS target MIPSSIM adding VirtIO devices for
development purposes.

(reinoud)

Updated misc/py-immutables, graphics/libwebp

(adam)

libwebp: updated to 1.2.0

version 1.2.0
* API changes:
  - libwebp:
    encode.h: add a qmin / qmax range for quality factor (cwebp adds -qrange)
* lossless encoder improvements
* SIMD support for Wasm builds
* add xcframeworkbuild.sh, supports Mac Catalyst builds
* import fuzzers from oss-fuzz & chromium
* webpmux: add an '-set loop <value>' option
* toolchain updates and bug fixes

(adam)

py-immutables: updated to 0.15

v0.15
New Features

Add support for Python 3.10 and more tests
Make __repr__ more similar to other mapping types

Misc

Minor docs and CI fixes

(adam)

Updated devel/cmake, devel/py-uvloop

(adam)

py-uvloop: updated to 0.15.1

v0.15.1

Bug Fixes

Fix a segfault issue when a Cython protocol is de-referencing itself from Context.run() callbacks

(adam)

cmake: updated to 3.19.5

3.19.5
When IOS_INSTALL_COMBINED is enabled and the Xcode generator is used, it is now possible to initiate an install or package creation by running cmake --install or cpack from the command line. When using the Xcode new build system, these are the only supported methods due to a limitation of Xcode. Initiating these operations by building the install or package targets in Xcode is only supported when using the legacy build system.
The framework handling introduced in 3.19.0 as part of supporting Xcode窶冱 Link Binaries With Libraries build phase broke the ability to switch between device and simulator builds without reconfiguring. That capability has now been restored.

(adam)

doc: Updated net/tor to 0.4.5.6

(wiz)

tor: update to 0.4.5.6.

Changes in version 0.4.5.6 - 2021-02-15
  The Tor 0.4.5.x release series is dedicated to the memory of Karsten
  Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.
  Karsten is best known for creating the Tor metrics portal and leading
  the metrics team, but he was involved in Tor from the early days. For
  example, while he was still a student he invented and implemented the
  v2 onion service directory design, and he also served as an ambassador
  to the many German researchers working in the anonymity field. We
  loved him and respected him for his patience, his consistency, and his
  welcoming approach to growing our community.

  This release series introduces significant improvements in relay IPv6
  address discovery, a new "MetricsPort" mechanism for relay operators
  to measure performance, LTTng support, build system improvements to
  help when using Tor as a static library, and significant bugfixes
  related to Windows relay performance. It also includes numerous
  smaller features and bugfixes.

(wiz)

Updated databases/postgresqlNN

(adam)

postgresql: updated to 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25

The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.2, 12.6, 11.11, 10.16, 9.6.21, and 9.5.25. This release closes two security vulnerabilities and fixes over 80 bugs reported over the last three months.

Additionally, this is the final release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we suggest that you make plans to upgrade.

For the full list of changes, please review the release notes.

Security Issues

CVE-2021-3393: Partition constraint violation errors leak values of denied columns

Versions Affected: 11 - 13.

A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message. This is similar to CVE-2014-8161, but the conditions to exploit are more rare.

The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.

CVE-2021-20229: Single-column SELECT privilege enables reading all columns

Versions Affected: 13.

A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table.

Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed.

The PostgreSQL project thanks Sven Klemm for reporting this problem.

Bug Fixes and Improvements

This update fixes over 80 bugs that were reported in the last several months. Some of these issues only affect version 13, but could also apply to other supported versions.

Some of these fixes include:

Fix an issue with GiST indexes where concurrent insertions could lead to a corrupt index with entries placed in the wrong pages. You should REINDEX any affected GiST indexes.
Fix CREATE INDEX CONCURRENTLY to ensure rows from concurrent prepared transactions are included in the index. Installations that have enabled prepared transactions should REINDEX any concurrently-built indexes.
Fix for possible incorrect query results when a hash aggregation is spilled to disk.
Fix edge case in incremental sort that could lead to sorting results incorrectly or a "retrieved too many tuples in a bounded sort" error.
Avoid crash when a CALL or DO statement that performs a transaction rollback is executed via extended query protocol, such as from prepared statements.
Fix a failure when a PL/pgSQL procedure used CALL on another procedure that has OUT parameters that executed a COMMIT or ROLLBACK.
Remove errors from BEFORE UPDATE triggers on partitioned tables for restrictions that no longer apply.
Several fixes for queries with joins that could lead to error messages such as "no relation entry for relid N" or "failed to build any N-way joins".
Do not consider parallel-restricted or set-returning functions in an ORDER BY expressions when trying to parallelize sorts.
Fix ALTER DEFAULT PRIVILEGES to handle duplicate arguments safely.
Several fixes in behavior when wal_level is set to minimal, including when tables are rewritten within a transaction.
Several fixes for CREATE TABLE LIKE.
Ensure that allocated disk space for a dropped relation (e.g. a table) is released promptly when a transaction is committed.
Fix progress reporting for CLUSTER.
Fix handling of backslash-escaped multibyte characters in COPY FROM.
Fix recently-introduced race conditions in LISTEN/NOTIFY queue handling.
Allow the jsonb concatenation operator (||) to handle all combinations of JSON data types.
Fix WAL-reading logic so that standbys can handle timeline switches correctly. This issue could have shown itself with errors like "requested WAL segment has already been removed".
Several leak fixes for the walsender process around logical decoding and replication.
Ensure that a nonempty value of krb_server_keyfile always overrides any setting of KRB5_KTNAME in the server environment
Several fixes for GSS encryption support.
Ensure the \connect command allows the use of a password in the connection_string argument.
Fix assorted bugs with the \help command.
Several fixes for pg_dump.
Ensure that pg_rewind accounts for all WAL when rewinding a standby server.
Fix memory leak in contrib/auto_explain.
Ensure all postgres_fdw connections are closed if the a user mapping or foreign server object those connections depend on are dropped.
Fix JIT compilation to be compatible with LLVM 11 and LLVM 12.
This update also contains tzdata release 2021a for DST law changes in Russia (Volgograd zone) and South Sudan, plus historical corrections for Australia, Bahamas, Belize, Bermuda, Ghana, Israel, Kenya, Nigeria, Palestine, Seychelles, and Vanuatu.

Notably, the Australia/Currie zone has been corrected to the point where it is identical to Australia/Hobart.

For the full list of changes available, please review the release notes.

PostgreSQL 9.5 is EOL

This is the final release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see our versioning policy for more information.

(adam)

doc: Updated math/bc-gh to 3.2.7

(gdt)

bc-gh: Update to 3.2.7

Note that "DC_ENV_ARGS" will lead to dc exiting; this was new in 3.1.4
and I have reported that upstream.

Upstream changes, less bugfixes (and hence first/second do not make
sense; see the full NEWS.md in the sources if that upsets you):

## 3.2.5

This is a production release that fixes several bugs and adds a couple small
things.

The two most important bugs were bugs that causes `dc` to access memory
out-of-bounds (crash in debug builds). This was found by upgrading to `afl++`
from `afl`. Both were caused by a failure to distinguish between the same two
cases.

Fourth, the pseudo-random number now attempts to seed itself with `/dev/random`
if `/dev/urandom` fails.

## 3.2.0

This is a production release that has one bug fix and a major addition.

The major addition is a way to build a version of `bc`'s math code as a library.
This is done with the `-a` option to `configure.sh`. The API for the library can
be read in `./manuals/bcl.3.md` or `man bcl` once the library is installed with
`make install`.

This library was requested by developers before I even finished version 1.0, but
I could not figure out how to do it until now.

If the library has API breaking changes, the major version of `bc` will be
incremented.

## 3.1.4

This is a production release that fixes one bug, changes two behaviors, and
removes one environment variable.

The behavior that was changed is that `bc` now exits when given `-e`, `-f`,
`--expression` or `--file`. However, if the last one of those is `-f-` (using
`stdin` as the file), `bc` does not exit. If `-f-` exists and is not the last of
the `-e` and `-f` options (and equivalents), `bc` gives a fatal error and exits.

Next, I removed the `BC_EXPR_EXIT` and `DC_EXPR_EXIT` environment variables
since their use is not needed with the behavior change.

Finally, I made it so `bc` does not print the header, though the `-q` and
`--quiet` options were kept for compatibility with GNU `bc`.

(gdt)

www/unit-php: Do not accept php 7.2 as it has been removed from pkgsrc.

(otis)

www/unit-python: Fix DESCR with proper scripting language.

(otis)

mozc-server: Use += for PYTHON_VERSIONS_INCOMPATIBLE

Pointed by joerg@. Thank you.

(ryoon)

mozc: Python 2.7 is not acceptable to build mozc packages

Set PYTHON_VERSIONS_INCOMPATIBLE=27.

(ryoon)

mozc: Depend on newer devel/gyp

(ryoon)

(finance/py-eth-typing) build fix for py36 (others were OK)

py36 flags as follows:
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2071: ordinal not in range(128)

(mef)

x11: Enable xcb-imdkit

(ryoon)

doc: Added x11/xcb-imdkit version 1.0.2

(ryoon)

x11/xcb-imdkit: import xcb-imdkit-1.0.2

xcb-imdkit is an implementation of xim protocol in xcb, comparing
with the implementation of IMDkit with Xlib, and xim inside Xlib,
it has less memory foot print, better performance, and safer on
malformed client.

(ryoon)

cldr-emoji-annotation: Add buildlink3.mk for pkg-config file

This is required by upcomming inputmethod/fcitx5.

(ryoon)

(finance/py-eth-hash) build fix for py36 (only)

py36 gives following flag:
Traceback (most recent call last):
  File "setup.py", line 50, in <module>
    long_description = readme.read()
  File "/usr/pkg/lib/python3.6/encodings/ascii.py", line 26, in decode
    return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 2861: ordinal not in range(128)

(mef)

doc: Updated devel/gyp to 0.1pre20200512.caa60026e223fc501e8b337fd5086ece4028b1c6

(ryoon)

gyp: Update to 0.1pre20200512.caa60026e223fc501e8b337fd5086ece4028b1c6

Changelog is not availabel in compact form.
The most significant change is to add Python 3 support.

(ryoon)