shells/bosh: Update to 20200812

New features with AN-2020-07-18:
- Bourne Shell: A new symlink from /opt/schily/xpg4/bin/bosh to
  /opt/schily/xpg4/bin/sh is created when "smake install" is called.
  This helps people to call "bosh" in strict POSIX mode using the
  command line name "bosh" by putting /opt/schily/xpg4/bin in PATH
  before /opt/schily/bin, where the bosh implements better backwards
  cmpatibility to the Bourne Shell by default than a strictly POSIX
  compliant bosh would do. /opt/schily/xpg4/bin/bosh behaves the same
  as "/opt/schily/bin/bosh -o posix".

  Thanks to  Koichi Nakashima for reporting.

New features with AN-2020-08-12:
- autoconf: added a new test for the existence of <sys/auxv.h>

- autoconf: added new tests for Linux getauxval() and FreeBSD elf_aux_info()

- libschily: getexecpath.c now uses getauxval() on Linux and elf_aux_info()
  on FreeBSD. This was needed since readlink("/proc/curproc/file") on
  FreeBSD returns random values for hardlinked files, making it impossible
  to use the result in order to find out which behavior variant of a
  fat binary is requested.

- Bourne Shell: Several #ifdef SIG* have been added to make it compile
  on older UNIX versions.

  Thanks to a hint from Albert Wik.

(micha)

doc: s/smake/star/ for star update

(micha)

doc: Updated archivers/smake to 1.6.1nb10

(micha)

archivers/star: Update to 1.6.1nb10

New features with AN-2020-07-18:
- star: star could dump core if it was used as "star -t ..." or.
  "star -x ..." while being in a UTF-8 based locale and trying to deal
  with extremely long pathnames (more than PATH_MAX) in the archive.

  This bug was caused by the dummy conversion routines _to_utf8() or
  _from_utf8() that did not stop after "tolen" bytes (the current size
  of the dynamically growing path structure) have been copied.
  This bug has been introduced in 2018 when the dynamic path name
  variables have been introduced together with support for extremely
  long path names.

- star: lpath_unix.c and lhash.c renamed a local variable buflen to bflen
  to avoid a gcc shadowing warning with the rest of star.

- star: star.c fixed some fallthrough warnings from lint.

- star: The FIFO code (which is 30 years old) did use an int for the size
  which historically was OK, but this did limit the size of the FIFO to
  2 GB. Now with modern tape drives that are really fast, a FIFO with
  2 GB would only give a tape streaming reserve for approx. 8 seconds,
  which is not sufficient. Approx. 30 seconds reserve are recommended.
  With modern tape drives, this would need approx. 8 GB of FIFO. Be.
  however careful not to use more than half of the real RAM available
  in the whole system for the star FIFO.

  Note that this change induced the need for a lot of derived changes
  in approx. 1000 lines of code spread over the whole star project and
  for this reason, it is advised to carefully test the new version and
  to report if problems occur.

New features with AN-2020-08-12:
- autoconf: added a new test for the existence of <sys/auxv.h>

- autoconf: added new tests for Linux getauxval() and FreeBSD elf_aux_info()

- libschily: getexecpath.c now uses getauxval() on Linux and elf_aux_info()
  on FreeBSD. This was needed since readlink("/proc/curproc/file") on
  FreeBSD returns random values for hardlinked files, making it impossible
  to use the result in order to find out which behavior variant of a
  fat binary is requested.

- star: GNU cpio archives may contain longer path names than permitted by
  the AT&T documentation. This did cause problems with our automated
  recognition of swapped CPIO headers. We now use a more robust method.

- star: GNU cpio archives may contain longer path names than permitted by
  the AT&T documentation. This could cause star to dump core because the
  cpio module did not yet call the routine to grow our new dynamic path
  store.

- star: older GNU compilers seem to decide that a division:

      long long / long results in a long.

  We now cast the divisor to long long to definitely get the right
  result for a printf argument.

- star: changed a name in a parameter list for lreadlink() to avoid
  a GCC shadow warning.

- star: The variable use_fifo is also needed if the FIFO is not
  available (e.g. on DOS). The previous code did not compile on platforms
  that did not support to implement the FIFO. We moved
  extern BOOL use_fifo out of a #ifdef FIFO

  Thanks to a hint from Albert Wik.

- star: The file README.otherbugs has been changed to match the
  state of today and a geocrawler based URL now includes an
  archive.org prefix as geocrawler no longer exists.

(micha)

On macOS (Catalina, at least), python37 and python38 fail in _uuid.so
with `ld: library not found for -luuid` when building with native
libuuid. Rather than trying to fix Python's detection logic, just make
this mistake impossible for anyone using macOS native libuuid. Building
with pkgsrc libuuid continues to work fine.

(schmonz)

doc: Update devel/smake to 1.3nb13

(micha)

devel/smake: Update to 1.3nb13

New features with AN-2020-07-18:
- Makefile system: changed several "echo MAKING... && sh ./MKLINKS"
  into "echo MAKING... ; sh ./MKLINKS"

  This allows an optimization in smake to avoid a call to sh -c "cmd".
  if the command is a simple command or a simple command prefixed by
  "echo something ;". Since 2012, we implement an inline echo command
  in smake to speed up makefile execution.

- smake: The -a option is now no longer missing in the smake -help
  output. This has been forgotten when the option has been added in March.

New features with AN-2020-08-12:
- autoconf: added a new test for the existence of <sys/auxv.h>

- autoconf: added new tests for Linux getauxval() and FreeBSD elf_aux_info()

- libschily: getexecpath.c now uses getauxval() on Linux and elf_aux_info()
  on FreeBSD. This was needed since readlink("/proc/curproc/file") on
  FreeBSD returns random values for hardlinked files, making it impossible
  to use the result in order to find out which behavior variant of a
  fat binary is requested.

- smake: Added some code to allow better debugging of MAKEFLAGS related
  problems.

- smake: we now use strdup() to remember the content of the MAKEFLAGS
  environment as the content of a pointer into the environment array
  did change unexpectedly on DJGPP.

  Thanks to a hint from Albert Wik.

(micha)

Updated textproc/py-precis-i18n, devel/py-pip

(adam)

py-pip: updated to 20.2.2

20.2.2

Bug Fixes
- Only attempt to use the keyring once and if it fails, don't try again.
  This prevents spamming users with several keyring unlock prompts when they
  cannot unlock or don't want to do so.
- Fix regression that distributions in system site-packages are not correctly
  found when a virtual environment is configured with ``system-site-packages``
  on.
- Disable caching for range requests, which causes corrupted wheels
  when pip tries to obtain metadata using the feature ``fast-deps``.
- Always use UTF-8 to read ``pyvenv.cfg`` to match the built-in ``venv``.
- 2020 Resolver: Correctly handle marker evaluation in constraints and exclude
  them if their markers do not match the current environment.

(adam)

py-precis-i18n: updated to 1.0.2

1.0.2
- ``get_profile`` now supports alternative unicodedata2 module.
- ``get_profile`` maps ':' to '_' before look up.
- Test Unicode 12.1 for Python 3.8.
- Test Unicode 12.0 (Using optional unicodedata2 module)
- Test Unicode 13.0 for Python 3.9.
- Update copyright year (2020).

(adam)

Updated www/py-h11, devel/py-jupyter_client

(adam)

py-jupyter_client: updated to 6.1.7

6.1.7
- Fixed launching non python kernels from a windows store installed jupyter
- Silenced kill_kernel when kernel is already terminated
- Removed a number of python 2 code paths
- Documentation improvements around debug request/reply patterns

(adam)

py-h11: updated to 0.10.0

v0.10.0:
Drop support for Python 3.4.
Support Python 3.8.
Make error messages returned by match failures less ambiguous

(adam)

Updated security/py-acme, security/py-certbot*

(adam)

py-acme py-certbot*: updated to 1.7.0

Certbot 1.7.0

Added

Third-party plugins can be used without prefix (plugin_name instead of dist_name:plugin_name):
this concerns the plugin name, CLI flags, and keys in credential files.
The prefixed form is still supported but is deprecated, and will be removed in a future release.
Added --nginx-sleep-seconds (default 1) for environments where nginx takes a long time to reload.

Changed

The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200,
due to https://www.linode.com/blog/linode/linode-turns-17/
We deprecated support for Python 3.5 in Certbot and its ACME library.
Support for Python 3.5 will be removed in the next major release of Certbot.
More details about these changes can be found on our GitHub repo.

(adam)

modular-xorg-*: reset PKGREVISION after update

(wiz)

doc: Updated x11/modular-xorg-server to 1.20.9

(wiz)

modular-xorg-server: update to 1.20.9.

Aaron Ma (1):
      xfree86: add drm modes on non-GTF panels

Adam Jackson (2):
      linux: Make platform device probe less fragile
      linux: Fix platform device PCI detection for complex bus topologies

Alan Coopersmith (2):
      Update URL's in man pages
      doc: Update URLs in Xserver-DTrace.xml

Alex Goins (1):
      randr: Check rrPrivKey in RRHasScanoutPixmap()

Hans de Goede (1):
      modesetting: Disable pageflipping when using a swcursor

Huacai Chen (1):
      linux: Fix platform device probe for DT-based PCI

Jose Maria Casanova Crespo (1):
      modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation

Lyude Paul (1):
      xwayland: Store xwl_tablet_pad in its own private key

Martin Weber (1):
      hw/xfree86: Avoid cursor use after free

Matt Turner (1):
      xserver 1.20.9

Matthieu Herrb (5):
      fix for ZDI-11426
      Correct bounds checking in XkbSetNames()
      Fix XIChangeHierarchy() integer underflow
      Fix XkbSelectEvents() integer underflow
      Fix XRecordRegisterClients() Integer underflow

Michel D辰nzer (7):
      present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
      present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
      xwayland: Always use xwl_present_free_event for freeing Present events
      xwayland: Free all remaining events in xwl_present_cleanup
      xwayland: Hold a pixmap reference in struct xwl_present_event
      xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
      xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp

Olivier Fourdan (4):
      xwayland: Fix infinite loop at startup
      xwayland: Clear private on device removal
      xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
      xwayland: Use a fixed DPI value for core protocol

Roman Gilg (1):
      present: Check valid region in window mode flips

Samuel Thibault (1):
      dix: do not send focus event when grab actually does not change

Simon Ser (2):
      xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
      xwayland: only use linux-dmabuf if format/modifier was advertised

SimonP (1):
      xwayland: Initialise values in xwlVidModeGetGamma()

Sjoerd Simons (1):
      xwayland: Fix crashes when there is no pointer

(wiz)

doc: Updated x11/libX11 to 1.6.12

(wiz)

libX11: update to 1.6.12.

Christopher Chavez (1):
      Fix typo GCCLipYOrigin -> GCClipYOrigin in XCreateGC() manpage

Felix Yan (1):
      Correct a typo in GetStCmap.c

Matthieu Herrb (2):
      Fix an integer overflow in init_om()
      libX11 1.6.12

Maya Rashish (1):
      Avoid the use of "register" keyword in XkbTranslateKeySym.

Niclas Zeising (1):
      Fix input clients connecting to server

(wiz)

firefox: allow dbus to be disabled on Linux

From Michael Forney on tech-pkg

With the release of firefox 80, there are no longer any issues with
--disable-dbus on Linux[0].

[0] https://bugzilla.mozilla.org/show_bug.cgi?id=1561207

(wiz)

doc: Updated databases/py-barman to 2.11

(jperkin)

py-barman: Update to 2.11.

Version 2.11 - 9 Jul 2020

-  Introduction of the barman-cli-cloud package that contains all cloud
    related utilities.

-  Add barman-cloud-wal-restore to restore a WAL file previously
    archived with barman-cloud-wal-archive from an object store

-  Add barman-cloud-restore to restore a backup previously taken with
    barman-cloud-backup from an object store

-  Add barman-cloud-backup-list to list backups taken with
    barman-cloud-backup in an object store

-  Add support for arbitrary archive size for barman-cloud-backup

-  Add support for --endpoint-url option to cloud utilities

-  Remove strict superuser requirement for PG 10+ (by Kaarel Moppel)

-  Add --log-level runtime option for barman to override default log
    level for a specific command

-  Support for PostgreSQL 13

-  Bug fixes:

    -  Suppress messages and warning with SSH connections in barman-cli
        (GH-257)
    -  Fix a race condition when retrieving uploaded parts in
        barman-cloud-backup (GH-259)
    -  Close the PostgreSQL connection after a backup (GH-258)
    -  Check for uninitialized replication slots in receive-wal --reset
        (GH-260)
    -  Ensure that begin_wal is valorised before acting on it (GH-262)
    -  Fix bug in XLOG/WAL arithmetic with custom segment size (GH-287)
    -  Fix rsync compatibility error with recent rsync
    -  Fix PostgreSQLClient version parsing
    -  Fix PostgreSQL exception handling with non ASCII messages
    -  Ensure each postgres connection has an empty search_path
    -  Avoid connecting to PostgreSQL while reading a backup.info file

If you are using already barman-cloud-wal-archive or barman-cloud-backup
installed via RPM/Apt package and you are upgrading your system, you
must install the barman-cli-cloud package. All cloud related tools are
now part of the barman-cli-cloud package, including
barman-cloud-wal-archive and barman-cloud-backup that were previosly
shipped with barman-cli. The reason is complex dependency management of
the boto3 library, which is a requirement for the cloud utilities.

Version 2.10 - 5 Dec 2019

-  Pull .partial WAL files with get-wal and barman-wal-restore,
    allowing restore_command in a recovery scenario to fetch a partial
    WAL file's content from the Barman server. This feature simplifies
    and enhances RPO=0 recovery operations.

-  Store the PostgreSQL system identifier in the server directory and
    inside the backup information file. Improve check command to verify
    the consistency of the system identifier with active connections
    (standard and replication) and data on disk.

-  A new script called barman-cloud-wal-archive has been added to the
    barman-cli package to directly ship WAL files from PostgreSQL (using
    archive_command) to cloud object storage services that are
    compatible with AWS S3. It supports encryption and compression.

-  A new script called barman-cloud-backup has been added to the
    barman-cli package to directly ship base backups from a local
    PostgreSQL server to cloud object storage services that are
    compatible with AWS S3. It supports encryption, parallel upload,
    compression.

-  Automated creation of replication slots through the server/global
    option create_slot. When set to auto, Barman creates the replication
    slot, in case streaming_archiver is enabled and slot_name is
    defined. The default value is manual for back-compatibility.

-  Add '-w/--wait' option to backup command, making Barman wait for all
    required WAL files to be archived before considering the backup
    completed. Add also the --wait-timeout option (default 0, no
    timeout).

-  Redact passwords from Barman output, in particular from
    barman diagnose (InfoSec)

-  Improve robustness of receive-wal --reset command, by verifying that
    the last partial file is aligned with the current location or, if
    present, with replication slot's.

-  Documentation improvements

-  Bug fixes:

    -  Wrong string matching operation when excluding tablespaces
        inside PGDATA (GH-245)
    -  Minor fixes in WAL delete hook scripts (GH-240)
    -  Fix PostgreSQL connection aliveness check (GH-239)

Version 2.9 - 1 Aug 2019

-  Transparently support PostgreSQL 12, by supporting the new way of
    managing recovery and standby settings through GUC options and
    signal files (recovery.signal and standby.signal)

-  Add --bwlimit command line option to set bandwidth limitation for
    backup and recover commands

-  Ignore WAL archive failure for check command in case the latest
    backup is WAITING_FOR_WALS

-  Add --target-lsn option to set recovery target Log Sequence Number
    for recover command with PostgreSQL 10 or higher

-  Add --spool-dir option to barman-wal-restore so that users can
    change the spool directory location from the default, avoiding
    conflicts in case of multiple PostgreSQL instances on the same
    server (thanks to Drazen Kacar).

-  Rename barman_xlog directory to barman_wal

-  JSON output writer to export command output as JSON objects and
    facilitate integration with external tools and systems (thanks to
    Marcin Onufry Hlybin). Experimental in this release.

Bug fixes:

-  replication-status doesn’t show streamers with no slot (GH-222)

-  When checking that a connection is alive (“SELECT 1” query),
    preserve the status of the PostgreSQL connection (GH-149). This
    fixes those cases of connections that were terminated due to
    idle-in-transaction timeout, causing concurrent backups to fail.

Version 2.8 - 17 May 2019

-  Add support for reuse_backup in geo-redundancy for incremental
    backup copy in passive nodes

-  Improve performance of rsync based copy by using strptime instead of
    the more generic dateutil.parser (#210)

-  Add ‘--test’ option to barman-wal-archive and barman-wal-restore to
    verify the connection with the Barman server

-  Complain if backup_options is not explicitly set, as the future
    default value will change from exclusive_backup to concurrent_backup
    when PostgreSQL 9.5 will be declared EOL by the PGDG

-  Display additional settings in the show-server and diagnose
    commands: archive_timeout, data_checksums, hot_standby,
    max_wal_senders, max_replication_slots and wal_compression.

-  Merge the barman-cli project in Barman

-  Bug fixes:

    -  Fix encoding error in get-wal on Python 3 (Jeff Janes, #221)
    -  Fix exclude_and_protect_filter (Jeff Janes, #217)
    -  Remove spurious message when resetting WAL (Jeff Janes, #215)
    -  Fix sync-wals error if primary has WALs older than the first
        backup
    -  Support for double quotes in synchronous_standby_names setting

-  Minor changes:

    -  Improve messaging of check --nagios for inactive servers
    -  Log remote SSH command with recover command
    -  Hide logical decoding connections in replication-status command

This release officially supports Python 3 and deprecates Python 2 (which
might be discontinued in future releases).

PostgreSQL 9.3 and older is deprecated from this release of Barman.
Support for backup from standby is now limited to PostgreSQL 9.4 or
higher and to WAL shipping from the standby (please refer to the
documentation for details).

Version 2.7 - 21 Mar 2019

-  Fix error handling during the parallel backup. Previously an
    unrecoverable error during the copy could have corrupted the barman
    internal state, requiring a manual kill of barman process with
    SIGTERM and a manual cleanup of the running backup in PostgreSQL.
    (GH#199)

-  Fix support of UTF-8 characters in input and output (GH#194 and
    GH#196)

-  Ignore history/backup/partial files for first sync of geo-redundancy
    (GH#198)

-  Fix network failure with geo-redundancy causing cron to break
    (GH#202)

-  Fix backup validation in PostgreSQL older than 9.2

-  Various documentation fixes

Version 2.6 - 4 Feb 2019

-  Add support for Geographical redundancy, introducing 3 new commands:
    sync-info, sync-backup and sync-wals. Geo-redundancy allows a Barman
    server to use another Barman server as data source instead of a
    PostgreSQL server.

-  Add put-wal command that allows Barman to safely receive WAL files
    via PostgreSQL's archive_command using the barman-wal-archive script
    included in barman-cli

-  Add ANSI colour support to check command

-  Minor fixes:

    -  Fix switch-wal on standby with an empty WAL directory
    -  Honour archiver locking in wait_for_wal method
    -  Fix WAL compression detection algorithm
    -  Fix current_action in concurrent stop backup errors
    -  Do not treat lock file busy as an error when validating a backup

(jperkin)

tex-ifplatform depends on tex-catchfile. PKGREVISION -> 2

(dholland)

doc: Updated archivers/p5-Archive-Tar to 2.38

(gutteridge)

p5-Archive-Tar: update to 2.38

2.38  25/06/2020 (ATOOMIC)
- Avoid indirect calls
- Add use warnings to bin/ptar*

(gutteridge)

doc: add nedit update to TODO, and luakit has been imported

(gutteridge)

lua: fix typo in luaversion.mk

(gutteridge)

devel/bmake: Fix compiling on QNX 6.5

(js)

sysutils/dvd+rw-tools: ONLY_FOR_PLATFORM += Darwin

The referenced source file lists support for "Mac OS X" being added at
some point, and it seems to compile just fine.

(js)

Pullup ticket #6306 - requested by bouyer
misc/xygrib: build fix

Revisions pulled up:
- misc/xygrib/distinfo                                          1.5
- misc/xygrib/patches/patch-src_SkewT.h                        1.1

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Fri Aug 21 11:31:28 UTC 2020

  Modified Files:
  pkgsrc/misc/xygrib: distinfo
  Added Files:
  pkgsrc/misc/xygrib/patches: patch-src_SkewT.h

  Log Message:
  include <QPainterPath> to fix build with current version of Qt.

(bsiegert)

doc: Updated security/zoneminder to 1.29.0nb2

(gdt)

security/zoneminder: Update to 1.29.0

This is the last version that supports autoconf, and this update is
only because it's a reasonable benefit/cost tradeoff as an
intermediaate step.  Tested on netbsd-9/earmv7hf-el.

Upstream chanages:
  many bug fixes and improvements
  zoneminder API
  Multiserver
  limted ONVIF support

See more at
https://github.com/ZoneMinder/zoneminder/releases/tag/v1.29.0-rc2 and
before and after.

Note that when updating, one must run zmupdate to modify the db schema.

(gdt)

libgit2: Requires C99.

(jperkin)

security/zoneminder: Sort PLIST

(gdt)

doc: Updated misc/libcdio-paranoia to 2.0.1

(wiz)

libcdio-paranoia: update to 2.0.1.

10.2+2.0.1
---------
2019-09-16

- cdda toc routines now included (fixes #21)
- "make distcheck" broken in 2.0.0 works properly again
- Remove some gcc/clang warnings

(wiz)

doc: Updated finance/gnucash-docs to 4.1

(wiz)

gnucash-docs: update to 4.1.

4.1    - 26 July 2020
        o Various build system fixes.
        o Removed old Subversion log formatter.

(wiz)

doc: Updated www/firefox-l10n to 80.0

(ryoon)

firefox-l10n: Update to 80.0

* Sync with www/firefox-80.0.

(ryoon)

doc: Updated www/firefox to 80.0

(ryoon)

firefox: Update to 80.0

Changelog:
New
    Firefox can now be set as the default system PDF viewer.

    The name reported by accessibility tools for items in multi-tiered
    tree controls no longer incorrectly includes information from
    items at deeper levels, providing users with the correct level
    of content when using a screen reader.

Fixed
    Various security fixes.

    Several crashes while using a screen reader were fixed including
    a frequently encountered crash when using the JAWS screen
    reader.

    Firefox Developer Tools received significant fixes allowing
    screen reader users to benefit from some of the tools that were
    previously inaccessible.

    SVG title and desc elements (labels and descriptions) are now
    correctly exposed to assistive technology products such as
    screen readers.

Changed
    For users with reduced motion settings, we've reduced a number
    of animations such as tab loading to reduce motion for users
    with migraines and epilepsy.

    The new add-ons blocklist has been enabled to improve performance
    and scalability.

Enterprise
    A number of bug fixes and new policies have been implemented
    in the latest version of Firefox. You can see more details in
    the Firefox for Enterprise 80 Release Notes.

    Today's release is the final scheduled for Firefox 68 ESR
    (68.12) unless there is a critical security issue found prior
    to the release of Firefox ESR 78.3 on September 22, 2020. Users
    of Firefox 68 ESR will be automatically upgraded to the Firefox
    78 ESR series with the release of 78.3.

Developer
    We've shipped an experimental sidebar panel in the inspector
    to Firefox Developer Edition that helps developers more quickly
    identify potential browser compatibility problems based on MDN
    data.

    In the Network Monitor request list, a turtle icon is shown
    for "slow" requests that exceed a threshold for the waiting
    time.

    Firefox now supports RTX and Transport-cc for improved call
    quality in poor network conditions and better bandwidth
    estimation. These features also provide better compatibility
    with many websites using WebRTC.

Security fixes:
#CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
#CVE-2020-15664: Attacker-induced prompt for extension installation
#CVE-2020-12401: Timing-attack on ECDSA signature generation
#CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation
#CVE-2020-12400: P-384 and P-521 vulnerable to a side channel attack on modular inversion
#CVE-2020-15665: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown
#CVE-2020-15666: MediaError message property leaks cross-origin response status
#CVE-2020-15667: Heap overflow when processing an update file
#CVE-2020-15668: Data Race when reading certificate information
#CVE-2020-15670: Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

(ryoon)

doc: Updated devel/cbindgen to 0.14.4

(ryoon)

cbindgen: Update to 0.14.4

Changelog:
    * Allow to override the mangling separator (#502)

    * cbindgen now handles better having ZSTs in template parameters, and
      default template parameters (#563).

    * Support for annotating nonnull pointers (#558)

    * Fixed bitflags that overflow a signed integer (#556)

    * Support for wildcard argument names (#550)

    * Support for the never return type, with configurable annotation (#549)

    * Properly reject arrays as function arguments (#540)

(ryoon)

ham/chirp: Fix patches for previous commit

(gdt)

Haven't been using this; relinquish MAINTAINER.

(schmonz)

ham/chirp: Update to 20200807 (switching to daily builds)

Upstream does not have release notes (or releases).

chirp now tracks upstreams "chirp-daily" pseudoreleases, labeled by
date.  The package remains "chirp"; upstream only calls it chirp-daily
due to some GNU/Linux packaging issues.

This is a huge update as 0.4.1 is from many years ago.

(gdt)

ham/chirp: sort PLIST

(gdt)

Updated security/py-josepy, textproc/py-jsbeautifier

(adam)

py-jsbeautifier: updated to 1.13.0

v1.13.0

Description

This release truly fixes the python cssbeautifier installation and updates cssbeautifier cli to use the same general code as jsbeautifier.

Also, as of this release Node.js 8.x is no longer guaranteed to work. Node.js 8.x LTS reached end-of-life in January 2020. Parts of our test infrastructure no longer support Node.js 8.x. The js-beautifier should still run on Node.js 8.x, but it is not part of the CI system and so not guaranteed to work.

Closed Issues

(internal) Refactor python cssbeautifier to reuse jsbeautifier CLI methods
(internal) Switch from node-static to serve
Fixed pip install cssbeautifier

(adam)

py-josepy: updated to 1.4.0

1.4.0:
* Deprecated support for Python 3.5.

(adam)

On macOS, the build intermittently breaks because tests intermittently
give "gpg: can't connect to the agent: File name too long". Make this
less annoying by not running tests before 'make test' (and fixing that
pkgsrc target).

(schmonz)

doc: Updated lang/rust to 1.45.2nb1

(schmonz)

Add another post-install dylib rpath fixup for macOS. Bump PKGREVISION.

(schmonz)

extend PATH by $PREFIX/{bin,sbin} in config-lib-setup.sh to be able
to run pkgsrc programs out of the box (e. g. database tools).

(kardel)

doc: Updated editors/emacs27-nox11 to 27.1nb1

(ryoon)

emacs27-nox: Bump PKGREVISON from JSON support and emacsclient fix

(ryoon)

doc: Updated inputmethod/skk to 17.1

(ryoon)

skk: Update to 17.1

Changelog:
* Support Emacs 27.1.

(ryoon)

doc/TODO: add back outdated-perl-packages

(wiz)

curl: replace hardcoded perl shebang in tests

(leot)

curl: nghttpx is needed as test dependency for HTTP/2 tests

(leot)

Pullup tickets up to #6305

(bsiegert)

Pullup ticket #6305 - requested by bouyer
graphics/xfig: build fix

Revisions pulled up:
- graphics/xfig/Makefile                                        1.79

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Wed Aug 19 19:54:11 UTC 2020

  Modified Files:
  pkgsrc/graphics/xfig: Makefile

  Log Message:
  This needs netpbm (to build a pixmap file) in the build phase.

(bsiegert)

Pullup ticket #6304 - requested by taca
mail/dovecot2-pigeonhole: dependent update

Revisions pulled up:
- mail/dovecot2-pigeonhole/Makefile                            1.57
- mail/dovecot2-pigeonhole/distinfo                            1.43

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Aug 12 15:58:02 UTC 2020

  Modified Files:
  pkgsrc/mail/dovecot2-pigeonhole: Makefile distinfo

  Log Message:
  mail/dovecot2-pigeonhole: update to 0.5.11

  Update dovecot2-pigeonhole to 0.5.11.

  v0.5.11 2020-08-12  Aki Tuomi <aki.tuomi@open-xchange.com>

  * managesieve: managesieve_max_line_length setting is now a "size" type
    instead of just number of bytes. This allows using e.g. "64k" as the
    value.
  - lib-sieve: When folding white space is used in the Message-ID header,
    it is not stripped away correctly before the message ID value is used,
    causing e.g. garbled log lines at delivery.

(bsiegert)

Pullup ticket #6303 - requested by taca
mail/dovecot2: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                1.23
- mail/dovecot2/Makefile.common                                1.41
- mail/dovecot2/PLIST                                          1.70
- mail/dovecot2/buildlink3.mk                                  1.34
- mail/dovecot2/distinfo                                        1.105

---
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Wed Aug 12 15:54:38 UTC 2020

  Modified Files:
          pkgsrc/mail/dovecot2: Makefile.common PLIST buildlink3.mk distinfo
          pkgsrc/mail/dovecot2-sqlite: Makefile

  Log Message:
  mail/dovocot2: update to 2.3.11.3

  Update dovecot2 and related packages to 2.3.11.3.

  v2.3.11.3 2020-07-29    Aki Tuomi <aki.tuomi@open-xchange.com>

          - pop3-login: Login didn't handle commands in multiple IP packets properly.
            This mainly affected large XCLIENT commands or a large SASL initial
            response parameter in the AUTH command.
          - pop3: pop3_deleted_flag setting was broken, causing:
            Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
            assertion failed: (range[count-1].seq2 <= max_seq)

  v2.3.11.2 2020-07-13    Aki Tuomi <aki.tuomi@open-xchange.com>

          - auth: Lua passdb/userdb leaks stack elements per call, eventually
            causing the stack to become too deep and crashing the auth or
            auth-worker process.
          - lib-mail: v2.3.11 regression: MIME parts not returned correctly by
            Dovecot MIME parser.
          - pop3-login: Login would fail with "Input buffer full" if the initial
            response for SASL was too long.

  v2.3.11 2020-06-17  Aki Tuomi <aki.tuomi@open-xchange.com>

          * CVE-2020-12100: Parsing mails with a large number of MIME parts could
            have resulted in excessive CPU usage or a crash due to running out of
            stack memory.
          * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
            message buffer size, which leads to reading past allocation which can
            lead to crash.
          * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
            zero-length message, which leads to assert-crash later on.
          * Events: Fix inconsistency in events. See event documentation in
            https://doc.dovecot.org.
          * imap_command_finished event's cmd_name field now contains "unknown"
            for unknown commands. A new "cmd_input_name" field contains the
            command name exactly as it was sent.
          * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*.
            Note that these settings are mainly intended for testing and usually
            shouldn't be changed.
          * events: Renamed "index" event category to "mail-index".
          * events: service:<name> category is now using the name from
            configuration file.
          * dns-client: service dns_client was renamed to dns-client.
          * log: Prefixes generally use the service name from configuration file.
            For example dict-async service will now use
            "dict-async(pid): " log prefix instead of "dict(pid): "
          * *-login: Changed logging done by proxying to use a consistent prefix
            containing the IP address and port.
          * *-login: Changed disconnection log messages to be slightly clearer.
          + dict: Add events for dictionaries.
          + lib-index: Finish logging with events.
          + oauth2: Support local validation of JWT tokens.
          + stats: Add support for dynamic histograms and grouping. See
            https://doc.dovecot.org/configuration_manual/stats/.
          + imap: Implement RFC 8514: IMAP SAVEDATE
          + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge
            folder) adds a lot of data to dovecot.index.cache file, commit those
            changes periodically to make them visible to other concurrent sessions
            as well.
          + stats: Add OpenMetrics exporter for statistics. See
            https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
          + stats: Support disabling stats-writer socket by setting
            stats_writer_socket_path="".
          - auth-worker: Process keeps slowly increasing its memory usage and
            eventually dies with "out of memory" due to reaching vsz_limit.
          - auth: Prevent potential timing attacks in authentication secret
            comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result.
          - auth: Several auth-mechanisms allowed input to be truncated by NUL
            which can potentially lead to unintentional issues or even successful
            logins which should have failed.
          - auth: When auth policy returned a delay, auth_request_finished event
            had policy_result=ok field instead of policy_result=delayed.
          - auth: auth process crash when auth_policy_server_url is set to an
            invalid URL.
          - dict-ldap: Crash occurs if var_expand template expansion fails.
          - dict: If dict client disconnected while iteration was still running,
            dict process could have started using 100% CPU, although it was still
            handling clients.
          - doveadm: Running doveadm commands via proxying may hang, especially
            when doveadm is printing a lot of output.
          - imap: "MOVE * destfolder" goes to a loop copying the last mail to the
            destination until the imap process dies due to running out of memory.
          - imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite
            loop.
          - imap: SEARCH doesn't support $.
          - lib-compress: Buffer over-read in zlib stream read.
          - lib-dns: If DNS lookup times out, lib-dns can cause crash in calling
            process.
          - lib-index: Fixed several bugs in dovecot.index.cache handling that
            could have caused cached data to be lost.
          - lib-index: Writing to >=1 GB dovecot.index.cache files may cause
            assert-crashes:
            Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset):
            assertion failed: (offset < 0x40000000)
          - lib-ssl-iostream: Fix buggy OpenSSL error handling without
            assert-crashing. If there is no error available, log it as an error
            instead of crashing:
            Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error):
            assertion failed: (errno != 0)
          - lib-ssl-iostream: ssl_key_password setting did not work.
          - submission: A segfault crash may occur when the client or server
            disconnects while a non-transaction command like NOOP or VRFY is still
            being processed.
          - virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes:
            Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed:
            (copy_ctx->copy_count == seq_range_count(&copy_ctx->saved_uids))

(bsiegert)

Removed go113

(bsiegert)

We say goodbye to go113.

go115 is now in the tree. Upstream supports the last two releases.

(bsiegert)

Add a note on the runtime dependency on perl; no actual changes

(pho)

Update to GHC 8.8.4

The full change log is too long to paste here.

Changes from 8.8.1 to 8.8.2:
https://downloads.haskell.org/~ghc/8.8.2/docs/html/users_guide/8.8.2-notes.html

Changes from 8.8.2 to 8.8.3:
https://downloads.haskell.org/~ghc/8.8.3/docs/html/users_guide/8.8.3-notes.html

Changes from 8.8.3 to 8.8.4:
https://downloads.haskell.org/~ghc/8.8.4/docs/html/users_guide/8.8.4-notes.html

(pho)

p5-Math-Systems: remove

The distfile contains invalid "." and ".." entries.
Both bsdtar and gtar refuse to unpack this.

The package is not used by any other packages in pkgsrc and upstream is
dead (distfile is from 2004).

(wiz)

Fix build with the upcoming GHC 8.8.4

(pho)

doc: Updated audio/fasttracker2 to 1.30

(fox)

audio/fasttracker2: Updates to v1.30

Changes since v1.27

v1.30 - 23.08.2020
- Fixed an off-by-one issue when dithering is enabled in 16-bit audio mode
- The WAV renderer now defaults to the same frequency/bitdepth as the ones
  selected in the "I/O devices" config screen.

v1.29 - 18.08.2020
- Fix wraparound-issues when using Tab in the pattern editor

v1.28 - 16.08.2020
- Bugfix: Don't redraw the instrument switcher when pressing numpad keys
  while certain screens (about/config/help/nibbles) are open.
- Slightly increased the volume precision in the audio channel mixer.
  This is most likely not measurable.
- Fixed some errors in the help text
- Small code cleanup

(fox)

doc: Updated pkgtools/pkg_notify to 0.4.7

(wiz)

pkg_notify: update to 0.4.7.

Improve github release detection.

(wiz)

Avoid choosing aligned_alloc() when it's not present. Fixes build on
CentOS 6 with lang/gcc7. Verified noop for CentOS 7 with gcc7, Ubuntu
16/18/19, macOS Catalina, NetBSD 9, FreeBSD 12.1, OpenBSD 6.7,
Tribblix m22.

(schmonz)

doc: Updated emulators/mame to 0.223

(wiz)

mame: update to 0.223.

pkgsrc change: add a BUILDLINK_TRANSFORM that should fix the build
on powerpc (and possibly sparc64), from he@.

MAME 0.223 has finally arrived, and what a release it is 窶� there窶冱
definitely something for everyone! Starting with some of the more
esoteric additions, Linus ﾃ�kesson窶冱 AVR-based hardware chiptune
project and Power Ninja Action Challenge demos are now supported.
These demos use minimal hardware to generate sound and/or video,
relying on precise CPU timings to work. With this release, every
hand-held LCD game from Nintendo窶冱 Game & Watch and related lines
is supported in MAME, with Donkey Kong Hockey bringing up the rear.
Also of note is the Bassmate Computer fishing aid, made by Nintendo
and marketed by Telko and other companies, which is clearly based
on the dual-screen Game & Watch design. The steady stream of TV
games hasn窶冲 stopped, with a number of French releases from
Conny/VideoJet among this month窶冱 batch.

For the first time ever, games running on the Barcrest MPU4 video
system are emulated well enough to be playable. Titles that are
now working include several games based on the popular British TV
game show The Crystal Maze, Adders and Ladders, The Mating Game,
and Prize Tetris. In a clear win for MAME窶冱 modular architecture,
the breakthrough came through the discovery of a significant flaw
in our Motorola MC6840 Programmable Timer Module emulation that
was causing issues for the Fairlight CMI IIx synthesiser. In the
same manner, the Busicom 141-PF desk calculator is now working,
thanks to improvements made to Intel 4004 CPU emulation that came
out of emulating the INTELLEC 4 development system and the prototype
4004-based controller board for Flicker pinball. The Busicom 141-PF
is historically significant, being the first application of Intel窶冱
first microprocessor.

Fans of classic vector arcade games are in for a treat this month.
Former project coordinator Aaron Giles has contributed netlist-based
sound emulation for thirteen Cinematronics vector games: Space War,
Barrier, Star Hawk, Speed Freak, Star Castle, War of the Worlds,
Sundance, Tail Gunner, Rip Off, Armor Attack, Warrior, Solar Quest
and Boxing Bugs. This resolves long-standing issues with the previous
simulation based on playing recorded samples. Colin Howell has also
refined the sound emulation for Midway窶冱 280-ZZZAP and Gun Fight.

V.Smile joystick inputs are now working for all dumped cartridges,
and with fixes for ROM bank selection the V.Smile Motion software
is also usable. The accelerometer-based V.Smile Motion controller
is not emulated, but the software can all be used with the standard
V.Smile joystick controller. Another pair of systems with inputs
that now work is the original Macintosh (128K/512K/512Ke) and
Macintosh Plus. These systems窶� keyboards are now fully emulated,
including the separate numeric keypad available for the original
Macintosh, the Macintosh Plus keyboard with integrated numeric
keypad, and a few European ISO layout keyboards for the original
Macintosh. There are still some emulation issues, but you can play
Beyond Dark Castle with MAME窶冱 Macintosh Plus emulation again.

In other home computer emulation news, MAME窶冱 SAM Coupﾃｩ driver now
supports a number of peripherals that connect to the rear expansion
port, a software list containing IRIX hard disk installations for
SGI MIPS workstations has been added, and tape loading now works
for the Specialist system (a DIY computer designed in the USSR).

(wiz)

Fix build with the upcoming GHC 8.8.4

(pho)

doc: Updated lang/gcc10 to 10.2.0

(wiz)

gcc10: update to 10.2.0.

Bugfix release. The fixed bugs are listed here:
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=10.2

(wiz)

Updated sysutils/ansible, devel/py-cffi

(adam)

py-cffi: updated to 1.14.2

v1.14.2
=======

* CPython 3 on Windows: we again try to compile with ``Py_LIMITED_API``
  by default.  This flag is not added if you run the compilation with
  CPython 3.4, as it only works with CPython >= 3.5, but by now this
  version of Python is quite old (and we no longer distribute cffi
  wheels for it).

  This may require that you upgrade ``virtualenv`` (requires version 16
  or newer) or at least copy manually ``python3.dll`` into your existing
  virtualenvs.  For distributing wheels with your cffi modules, you may
  also need to upgrade ``wheel`` to the just-released version 0.35.

  You can manually disable ``Py_LIMITED_API`` by calling
  ``ffi.set_source(..., py_limited_api=False)``.

(adam)

ansible: updated to 2.9.12

v2.9.12
=======

Minor Changes
-------------
- ansible-test - the ACME test container was updated, it now supports external account creation and has a basic OCSP responder (https://github.com/ansible/ansible/pull/71097, https://github.com/ansible/acme-test-container/releases/tag/2.0.0).
- debconf - add a note about no_log=True since module might expose sensitive information to logs (https://github.com/ansible/ansible/issues/32386).

Security Fixes
--------------
- **security issue** - copy - Redact the value of the no_log 'content' parameter in the result's invocation.module_args in check mode. Previously when used with check mode and with '-vvv', the module would not censor the content if a change would be made to the destination path. (CVE-2020-14332)

- **security issue** atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736)

- Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736)

- Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330).
- reset logging level to INFO due to CVE-2019-14846.

Bugfixes
--------
- Address compat with rpmfluff-0.6 for integration tests
- Ensure password passed in by -k is used on delegated hosts that do not have ansible_password set
- Template connection variables before using them (https://github.com/ansible/ansible/issues/70598).
- Terminal plugins - add "\e[m" to the list of ANSI sequences stripped from device output
- add magic/connection vars updates from delegated host info.
- ansible-galaxy collection install - fix fallback mechanism if the AH server did not have the collection requested - https://github.com/ansible/ansible/issues/70940
- ansible-test - Add ``pytest < 6.0.0`` constraint for managed installations on Python 3.x to avoid issues with relative imports.
- ansible-test - Change detection now properly resolves relative imports instead of treating them as absolute imports.
- api - time.clock is removed in Python 3.8, add backward compatible code (https://github.com/ansible/ansible/issues/70649).
- avoid clobbering existing facts inside loop when task also returns ansible_facts.
- basic - use PollSelector implementation when DefaultSelector fails (https://github.com/ansible/ansible/issues/70238).
- cron - encode and decode crontab files in UTF-8 explicitly to allow non-ascii chars in cron filepath and job (https://github.com/ansible/ansible/issues/69492)
- ensure delegated vars can resolve hostvars object and access vars from hostvars[inventory_hostname].
- facts - account for Slackware OS with ``+`` in the name (https://github.com/ansible/ansible/issues/38760)
- facts - fix incorrect UTC timestamp in ``iso8601_micro`` and ``iso8601``
- fix issue with inventory_hostname and delegated host vars mixing on connection settings.
- hashi_vault - Handle equal sign in key=value (https://github.com/ansible/ansible/issues/55658).
- ipa_hostgroup - fix an issue with load-balanced ipa and cookie handling with Python 3 - (https://github.com/ansible/ansible/issues/71110).
- lineinfile - fix not subscriptable error in exception handling around file creation
- linux network facts - get the correct value for broadcast address (https://github.com/ansible/ansible/issues/64384)
- mysql_user - fix overriding password to the same (https://github.com/ansible-collections/community.general/issues/543).
- net_put - Fixed UnboundLocalError when there is no change This is a backport from U(https://github.com/ansible-collections/ansible.netcommon/pull/6)
- nxos_user - do not fail when a custom role is used (https://github.com/ansible-collections/cisco.nxos/pull/130)
- ovirt_vm - fix cd_iso search
- playbooks - detect and propagate failures in ``always`` blocks after ``rescue`` (https://github.com/ansible/ansible/issues/70000)
- profile_tasks - typecast result before slicing it (https://github.com/ansible/ansible/issues/59059).
- reboot - Add support for the runit init system, used on Void Linux, that does not support the normal Linux syntax.
- redfish_info, redfish_config, redfish_command - Fix Redfish response payload decode on Python 3.5 (https://github.com/ansible/ansible/issues/65889)
- shell - fix quoting of mkdir command in creation of remote_tmp in order to allow spaces and other special characters (https://github.com/ansible/ansible/issues/69577).
- templating - fix error message for ``x in y`` when y is undefined (https://github.com/ansible/ansible/issues/70984)
- unarchive - check ``fut_gid`` against ``run_gid`` in addition to supplemental groups (https://github.com/ansible/ansible/issues/49284)
- user - don't create home directory and missing parents when create_home == false (https://github.com/ansible/ansible/pull/70600).
- yum - fix yum list crashing if repoquery (used internally) prints errors in stdout (https://github.com/ansible/ansible/issues/56800)

(adam)

Updated sysutils/xentools411 to 4.11.4
Updated sysutils/xenkernel411 to 4.11.4nb1

(bouyer)

Update to 4.11.4nb1
Keep PKGREVISION at 1 to reflect that it's not a stock Xen 4.11.4 kernel,
we have additinnal security fixes (all relevant patches from upstream to
date).
Changes: mosly bug fixes and improvements; better support for newer AMD CPUs.
full changelog at https://xenproject.org/downloads/xen-project-archives/xen-proj
ect-4-11-series/xen-project-4-11-4/

(bouyer)

update to 4.11.4.
Changes: mosly bug fixes and improvements; better support for newer AMD CPUs.
full changelog at https://xenproject.org/downloads/xen-project-archives/xen-project-4-11-series/xen-project-4-11-4/

(bouyer)