ups-nut: install development files

From Edgar Fuß in PR 55479.

Some pkglint cleanup while here.

Bump PKGREVISION.

(wiz)

varnish: add buildlink3.mk

From Edgar Fuß in PR 55479

(wiz)

libvirt: add buildlink3.mk

From Edgar Fuß in PR 55479

(wiz)

ganglia-monitor-core: add buildlink3.mk

From Edgar Fuß in PR 55479.

Some pkglint cleanup while here.

(wiz)

tokyotyrant: add buildlink3.mk

From Edgar Fuß in PR 55479

Some pkglint cleanup while here.

(wiz)

doc: Updated pkgtools/pkgin to 20.7.0

(jperkin)

pkgin: Update to 20.7.0.

Update pkg_install dependency for "pkg_admin rebuild-tree" fixes.

## Version 20.7.0 (2020-07-13)

* Order package installs correctly.
* Switch to mdoc(7) manual page, converted by wizd(8).
* Remove -F (force reinstall) flag.
* Enable compiler warnings in maintainer mode.
* Match candidate packages correctly, avoiding issues with packages that
  include "-[0-9]" in their package names.
* Various internal cleanups.

(jperkin)

doc: Updated fonts/nanum-ttf to 20200506

(minskim)

fonts/nanum-ttf: Update to 20200506

Changes:
- Added Nanum Barun Gothic, Nanum Square, and Nanum Square Round.

Based on patches from nia@.

(minskim)

doc: Updated security/snallygaster to 0.0.8

(leot)

snallygaster: Update to 0.0.8

Changes:
0.0.8
-----
- add vb_test.php check
- add phpinfo test

0.0.7
-----
- add a test for openelasticsearch
- add check for django debugging on error pages
- print more information about invalid hostnames
- add laravel telescope test

(leot)

doc: Updated converters/bdf2psf to 1.196

(fcambus)

bdf2psf: update to 1.196.

ChangeLog:

  * Sort out licensing issue for Latvian.
  * Keyboard/ckb: update with keyboard data of version 2.29 of xkb files.
    (This change is not relevant for the binary packages in Debian.)
  * Drop macintosh_old layout and replace it with the macintosh layout.
  * Build-depend on debhelper >= 9.20160709, and remove dependency on empty
    transitional package dh-systemd. Closes: #958612

  [ Updated translations ]
  * Malayalam by Fahad Shihab
  * Tamil by Jeyanthinath MuthuRam

(fcambus)

Fix day-of-month format so that strftime(3) will recognize it.

(kim)

doc: Updated net/transmission to 3.00

(wiz)

transmission*: update to 3.00

### All Platforms
- Allow the RPC server to listen on an IPv6 address ([#161](https://github.com/transmission/transmission/pull/161))
- Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](https://github.com/transmission/transmission/pull/334))
- Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](https://github.com/transmission/transmission/pull/122))
- Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](https://github.com/transmission/transmission/pull/371))
- Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](https://github.com/transmission/transmission/pull/212))
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](https://github.com/transmission/transmission/pull/256), [#285](https://github.com/transmission/transmission/pull/285), [#355](https://github.com/transmission/transmission/pull/355), [#363](https://github.com/transmission/transmission/pull/363), [#386](https://github.com/transmission/transmission/pull/386))
- Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](https://github.com/transmission/transmission/pull/250))
- Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](https://github.com/transmission/transmission/pull/184))
- Improve ToS handling on IPv6 connections ([#128](https://github.com/transmission/transmission/pull/128), [#341](https://github.com/transmission/transmission/pull/341), [#360](https://github.com/transmission/transmission/pull/360), [#692](https://github.com/transmission/transmission/pull/692), [#737](https://github.com/transmission/transmission/pull/737))
- Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](https://github.com/transmission/transmission/pull/27))
- Don't switch trackers while announcing (leads to crash) ([#297](https://github.com/transmission/transmission/pull/297))
- Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](https://github.com/transmission/transmission/pull/405))
- Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](https://github.com/transmission/transmission/pull/861))
- Change torrent location even if no data move is needed ([#35](https://github.com/transmission/transmission/pull/35))
- Support CIDR-notated blocklists ([#230](https://github.com/transmission/transmission/pull/230), [#741](https://github.com/transmission/transmission/pull/741))
- Update the resume file before running scripts ([#825](https://github.com/transmission/transmission/pull/825))
- Make multiscrape limits adaptive ([#837](https://github.com/transmission/transmission/pull/837))
- Add labels support to libtransmission and transmission-remote ([#822](https://github.com/transmission/transmission/pull/822))
- Parse `session-id` header case-insensitively ([#765](https://github.com/transmission/transmission/pull/765))
- Sanitize suspicious path components instead of rejecting them ([#62](https://github.com/transmission/transmission/pull/62), [#294](https://github.com/transmission/transmission/pull/294))
- Load CA certs from system store on Windows / OpenSSL ([#446](https://github.com/transmission/transmission/pull/446))
- Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](https://github.com/transmission/transmission/pull/115), [#116](https://github.com/transmission/transmission/pull/116), [#284](https://github.com/transmission/transmission/pull/284), [#486](https://github.com/transmission/transmission/pull/486), [#524](https://github.com/transmission/transmission/pull/524), [#570](https://github.com/transmission/transmission/pull/570))
- Fix building against OpenSSL 1.1.0+ ([#24](https://github.com/transmission/transmission/pull/24))
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](https://github.com/transmission/transmission/pull/42), [#58](https://github.com/transmission/transmission/pull/58), [#312](https://github.com/transmission/transmission/pull/312))
- Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](https://github.com/transmission/transmission/pull/56))
- Bump miniupnpc version to 2.0.20170509 ([#347](https://github.com/transmission/transmission/pull/347))
- CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](https://github.com/transmission/transmission/pull/72), [#96](https://github.com/transmission/transmission/pull/96), [#117](https://github.com/transmission/transmission/pull/117), [#118](https://github.com/transmission/transmission/pull/118), [#133](https://github.com/transmission/transmission/pull/133), [#191](https://github.com/transmission/transmission/pull/191))
- Switch to submodules to manage (most of) third-party dependencies
- Fail installation on Windows if UCRT is not installed

### Mac Client
- Bump minimum macOS version to 10.10
- Dark Mode support ([#644](https://github.com/transmission/transmission/pull/644), [#722](https://github.com/transmission/transmission/pull/722), [#757](https://github.com/transmission/transmission/pull/757), [#779](https://github.com/transmission/transmission/pull/779), [#788](https://github.com/transmission/transmission/pull/788))
- Remove Growl support, notification center is always used ([#387](https://github.com/transmission/transmission/pull/387))
- Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](https://github.com/transmission/transmission/pull/121), [#600](https://github.com/transmission/transmission/pull/600))
- Transition to ARC ([#336](https://github.com/transmission/transmission/pull/336))
- Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](https://github.com/transmission/transmission/pull/11))
- Fix uncaught exception when dragging multiple items between groups ([#51](https://github.com/transmission/transmission/pull/51))
- Add flat variants of status icons for message log ([#134](https://github.com/transmission/transmission/pull/134))
- Optimize image resources size ([#304](https://github.com/transmission/transmission/pull/304), [#429](https://github.com/transmission/transmission/pull/429))
- Update file icon when file name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Update translations

### GTK+ Client
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Add AppData file ([#224](https://github.com/transmission/transmission/pull/224))
- Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](https://github.com/transmission/transmission/pull/414), [#449](https://github.com/transmission/transmission/pull/449))
- Update file icon when its name changes ([#37](https://github.com/transmission/transmission/pull/37))
- Switch from intltool to gettext for translations ([#584](https://github.com/transmission/transmission/pull/584), [#647](https://github.com/transmission/transmission/pull/647))
- Update translations, add new translations for Portuguese (Portugal)

### Qt Client
- Bump minimum Qt version to 5.2
- Fix dropping .torrent files into main window on Windows ([#269](https://github.com/transmission/transmission/pull/269))
- Fix prepending of drive letter to various user-selected paths on Windows ([#236](https://github.com/transmission/transmission/pull/236), [#307](https://github.com/transmission/transmission/pull/307), [#404](https://github.com/transmission/transmission/pull/404), [#437](https://github.com/transmission/transmission/pull/437), [#699](https://github.com/transmission/transmission/pull/699), [#723](https://github.com/transmission/transmission/pull/723), [#877](https://github.com/transmission/transmission/pull/877))
- Fix sorting by progress in presence of magnet transfers ([#234](https://github.com/transmission/transmission/pull/234))
- Fix .torrent file trashing upon addition ([#262](https://github.com/transmission/transmission/pull/262))
- Add queue up/down hotkeys ([#158](https://github.com/transmission/transmission/pull/158))
- Reduce torrent properties (file tree) memory usage
- Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](https://github.com/transmission/transmission/pull/411))
- Improve UI look on hi-dpi displays (YMMV)
- Use session ID (if available) to check if session is local or not ([#861](https://github.com/transmission/transmission/pull/861))
- Use default (instead of system) locale to be more flexible ([#130](https://github.com/transmission/transmission/pull/130))
- Modernize the .desktop file ([#162](https://github.com/transmission/transmission/pull/162))
- Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokm奪l, Slovenian

### Daemon
- Use libsystemd instead of libsystemd-daemon (TRAC-5921)
- Harden transmission-daemon.service by disallowing privileges elevation ([#795](https://github.com/transmission/transmission/pull/795))
- Fix exit code to be zero when dumping settings ([#487](https://github.com/transmission/transmission/pull/487))

### Web Client
- Fix tracker error XSS in inspector (CVE-?)
- Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
- Fix recognition of `https://` links in comments field ([#41](https://github.com/transmission/transmission/pull/41), [#180](https://github.com/transmission/transmission/pull/180))
- Fix torrent list style in Google Chrome 59+ ([#384](https://github.com/transmission/transmission/pull/384))
- Show ETA in compact view on non-mobile devices ([#146](https://github.com/transmission/transmission/pull/146))
- Show upload file button on mobile devices ([#320](https://github.com/transmission/transmission/pull/320), [#431](https://github.com/transmission/transmission/pull/431), [#956](https://github.com/transmission/transmission/pull/956))
- Add keyboard hotkeys for web interface ([#351](https://github.com/transmission/transmission/pull/351))
- Disable autocompletion in torrent URL field ([#367](https://github.com/transmission/transmission/pull/367))

### Utils
- Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](https://github.com/transmission/transmission/pull/609))
- Handle IPv6 RPC addresses in transmission-remote ([#247](https://github.com/transmission/transmission/pull/247))
- Add `--unsorted` option to transmission-show ([#767](https://github.com/transmission/transmission/pull/767))
- Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](https://github.com/transmission/transmission/pull/840))

(wiz)

doc: Updated security/openssl to 1.1.1gnb2

(jperkin)

openssl: Fix c_rehash manual page entry.

Previously after the openssl-* renames it ended up as a dangling symlink,
causing "pkg_admin check" failures.  Bump PKGREVISION.

(jperkin)

doc: Updated games/dMagnetic to 0.24

(wiz)

dMagnetic: update to 0.24.

Changes not found, but pkgsrc patch and test target were integrated
upstream.

(wiz)

doc: ffmpeg4 update already done

(wiz)

doc: Updated textproc/par to 1.53.0

(kim)

Upgrade par to 1.53.0

Par 1.53.0 released 2020-Mar-14
    Fixed the following bugs:
        An unintended bad interaction between <quote> and <repeat>.
            The specification was inconsistent.  Although it said that
            the lines inserted by the <quote> feature were vacant,
            the <repeat> feature could interpret the quote character
            of inserted lines as a repeat character, in which case
            the lines were not vacant (according to the definition),
            and more quote/repeat characters would be inserted to
            extend the line to the full width, which no one would ever
            want.  The definition of "bodiless line" is revised so that
            lines inserted by the <quote> feature are excluded from
            consideration by the <repeat> feature.
        A printf format string mismatch (ptrdiff_t vs. %d), reported by
            Quentin Barnes (qbarnes at gmail.com).
        protoMakefile's clean target removed par rather than par$E,
            reported by George V. Reilly (george at reilly.org).
    Added the following features:
        Locale support for single-byte character sets.
            The previous verson, 1.52, attempted to do this in one line
            of code (setlocale()), but it's not that simple.  Versions
            before 1.52 gave no thought to character sets other than
            US-ASCII and did not handle them entirely correctly.
            Calling setlocale() in version 1.52 corrected some flaws but
            not all, and created one new flaw.  This version and the
            previous two all have the same character handling in the
            "C" locale and when processing US-ASCII text; differences
            arise only when processing non-US-ASCII text in another
            locale.  In versions before 1.52 the implementation assumed
            that "uppercase letter" means only the 26 characters A-Z
            and that "lowercase letter" means only the 26 characters
            a-z, and the specification assumed that every letter is
            either upper case or lower case.  These assumptions hold
            for US-ASCII, but not for most other character sets;
            therefore versions before 1.52 did not really support
            non-US-ASCII text.  Version 1.52, by calling setlocale(),
            relaxed the three assumptions in the implementation but
            not the assumption in the specification, and inadvertantly
            caused the implementation to deviate from the specification
            by converting all space characters to spaces rather than
            converting only the specified white characters, which is not
            necessarily what you want (for example, you probably don't
            want no-break space converted to space, but some locales
            on some platforms have been known to classify no-break
            space as white-space, like FreeBSD did in 2004).  This
            version fixes the specification by introducing the concept
            of "neither-case letter" and redefining "alphanumeric
            character" to include it, and fixes the implementation to
            convert only the white characters to spaces.  It also makes
            the white characters configurable so that the version 1.52
            space-conversion behavior can be restored if desired (W=_S).
            Note that Par still assumes constant display width per byte,
            which is not true for UTF-8 nor ISO-2022-*, but is true for
            most single-byte charsets and for EUC-* text without the
            single-shift-in/out codes.
        The W option, for configuring the set of white characters.
        The Z option, for configuring the set of terminal characters.
        The _@ escape sequence (neither-case letter) in charset syntax.
        The _S escape sequence (any space) in charset syntax.
    Added _@ and apostrophe to the set of body characters in PARINIT.
    Add #includes for whatever interfaces are used rather than depending
        on included files to #include other files.
    In protoMakefile introduced CPPFLAGS and CFLAGS (default empty) into
        the default definition of CC.
    Added a test-par script and a test target in protoMakefile.
    Fixed a misspelling (preceed => precede) in par.doc and par.1.
    Changed the top-of-file comment convention so that every release
        won't need to touch every file (this is the last time).
    Updated the author contact information.
    Clarified the license and added the MIT License as an alternative.
    Adopted a modern version number format, with minor and patch numbers
        as dot-separated integers rather than adjacent single digits.

(kim)

squeak-vm: fix sandboxed builds

This needs pkg-config available in order to handle dependencies to
build its Freetype FT2Plugin component. This fixes the build under
NetBSD, though SunOS at least has other problems, too. (While here,
also tweak a variable reference to the common form, noted by pkglint.)

(gutteridge)

Updated finance/bitcoin

(adam)

bitcoin: updated to 0.20.0

0.20.0 change log

Mining
* miner: Avoid stack-use-after-return in validationinterface

Block and transaction handling
* log: Fix UB with bench on genesis block
* feefilter: Compute the absolute fee rather than stored rate
* log: Add validation interface logging
* log: Add timing information to FlushStateToDisk()
* O(1) OP_IF/NOTIF/ELSE/ENDIF script implementation
* introduce CChainState::GetCoinsCacheSizeState
* Walk pindexBestHeader back to ChainActive().Tip() if it is invalid
* Remove REJECT code from CValidationState
* Explain why fCheckDuplicateInputs can not be skipped and remove it
* GuessVerificationProgress: cap the ratio to 1
* Templatize ValidationState instead of subclassing
* node: Add reference to mempool in NodeContext
* prevector: Avoid misaligned member accesses
* Improve UpdateTransactionsFromBlock with Epochs
* Abstract out script execution out of VerifyWitnessProgram()
* Make VerifyWitnessProgram use a Span stack
* serialization: prevent int overflow for big Coin::nHeight
* chainparams: Bump assumed valid hash
* Do not clear validationinterface entries being executed

P2P protocol and network code
* Remove BIP61 reject messages
* Supply and use asmap to improve IP bucketing in addrman
* Continue relaying transactions after they expire from mapRelay
* Avoid allocating memory for addrKnown where we don't need it
* tools: add PoissonNextSend method that returns mockable time
* SocketHandler logs peer id for close and disconnect
* Seed RNG with precision timestamps on receipt of net messages
* Fix an uninitialized read in ProcessMessage(…, "tx", …) when receiving a transaction we already have
* Don't allow resolving of std::string with embedded NUL characters. Add tests
* Fix CNetAddr::IsRFC2544 comment + tests
* config, net, test: Asmap feature refinements and functional tests
* Use rolling bloom filter of recent block txs for AlreadyHave() check
* Remove forcerelay of rejected txs
* Fix some asmap issues
* Reference instead of copy in BlockConnected range loop
* Fix use-after-free in tests
* Make addr relay mockable, add test
* Add missing cs_vNodes lock
* Hardcoded seeds update for 0.20
* Drop unknown types in getdata
* Only send a getheaders for one block in an INV

Wallet
* Replace %w by wallet name in -walletnotify script
* Remove GetDepthInMainChain dependency on locked chain interface
* bumpfee: Return PSBT when wallet has privkeys disabled
* Disable -fallbackfee by default
* Make IsTrusted scan parents recursively
* Change default address type to bech32
* Only check the hash of transactions loaded from disk
* Handle duplicate fileid exception
* descriptors: Introduce sortedmulti descriptor
* Avoid showing GUI popups on RPC errors
* Remove wallet access to some node arguments
* LearnRelatedScripts only if KeepDestination
* Split some CWallet functions into new LegacyScriptPubKeyMan
* Make ScriptPubKeyMan an actual interface and the wallet to have multiple
* Enable BnB coin selection for preset inputs and subtract fee from outputs
* Various fixes and cleanup to keypool handling in LegacyScriptPubKeyMan and CWallet
* Rename db log category to walletdb
* Avoid showing GUI popups on RPC errors
* Make -walletdir network only
* Cleanup and move opportunistic and superfluous TopUp()s
* Remove out of date comments for CalculateMaximumSignedTxSize
* Fix when sufficient preset inputs and subtractFeeFromOutputs
* Activate watchonly wallet behavior for LegacySPKM only
* Document better -keypool as a look-ahead safety mechanism
* Reset reused transactions cache
* Improve CWallet:MarkDestinationsDirty
* Get the OutputType for a descriptor
* Improve LegacyScriptPubKeyMan::CanProvide script recognition
* Pass in transactions and messages for signing instead of exporting the private keys
* Bugfix: Wallet: Safely deal with change in the address book
* descriptors: Improve descriptor cache and cache xpubs
* rpc/wallet: Initialize nFeeRequired to avoid using garbage value on failure
* Remove deprecated fee bumping by totalFee
* Fix wallet unload race condition

RPC and other APIs
* Add RPC Whitelist Feature
* cli: -stdinwalletpassphrase and non-echo stdin passwords
* Add missing fields to wallet rpc help output
* Fix bug where duplicate PSBT keys are accepted
* UTXO snapshot creation
* psbt: Check that various indexes and amounts are within bounds
* Set default bip32derivs to true for psbt methods
* improve getaddressinfo test coverage, help, code docs
* cli: Add "headers" and "verificationprogress" to -getinfo
* replace asserts in RPC code with CHECK_NONFATAL and add linter
* Expose block height of wallet transactions
* Remove unused COINBASE_FLAGS
* Simplify getaddressinfo labels, deprecate previous behavior
* deprecate getaddressinfo label
* Remove vector copy from listtransactions
* Auto-format RPCResult
* Output a descriptor in createmultisig and addmultisigaddress
* Update validateaddress RPCExamples to bech32
* Change RPCExamples to bech32
* Remove redundant types from descriptions
* Document an RPCResult for all calls; Enforce at compile time
* Add missing HelpExampleRpc for getblockfilter
* Fix broken RPCExamples for waitforblock(height)
* Remove final comma for last entry of fixed-size arrays/objects in RPCResult
* Remove unused getbalances() code
* Correctly compute redeemScript from witnessScript for signrawtransaction
* Fix rpcRunLater race in walletpassphrase
* Make rpc documentation not depend on call-time rpc args
* Avoid initialization-order-fiasco on static CRPCCommand tables
* Make verifychain default values static, not depend on global args
* Do not advertise dumptxoutset as a way to flush the chainstate
* Relock wallet only if most recent callback

GUI
* Restore RPC Console to non-wallet tray icon menu
* Don't disable the sync overlay when wallet is disabled
* Show addresses for "SendToSelf" transactions
* Add shortcuts for tab tools
* create PSBT with watch-only wallet
* Change sendcoins dialogue Yes to Send
* Always generate bitcoinstrings.cpp on make translate
* Rename debug window
* Make RPCConsole::TabTypes an enum class
* Add toolTip and placeholderText to sign message fields
* Remove BIP70 support
* Improved tooltip for send amount field
* Add placeholder text to the sign message field
* Send amount placeholder value
* Fix payAmount tooltip in SendCoinsEntry
* Cleaning up hide button tool tip
* Changed tooltip for 'Label' & 'Message' text fields to be more clear
* Fix intro dialog labels when the prune button is toggled
* Bugfix: GUI: Recognise NETWORK_LIMITED in formatServicesStr
* Bump fee returns PSBT on clipboard for watchonly-only wallets
* Remove macOS start on login code
* Show watch-only balance in send screen
* Disable 3rd-party tx-urls when wallet disabled
* Force set nPruneSize in QSettings after the intro dialog
* Move static placeholder texts to forms
* Log Qt related info
* Restore English translation option
* Set CConnman byte counters earlier to avoid uninitialized reads
* Hide HD & encryption icons when no wallet loaded
* Shortcut to close ModalOverlay
* Bugfix: GUI: Hide the HD/encrypt icons earlier so they get re-shown if another wallet is open
* Drop PeerTableModel dependency to ClientModel
* Fix unintialized WalletView::progressDialog
* Pass clientmodel changes from walletframe to walletviews
* Fix deprecated QCharRef usage
* Throttle GUI update pace when -reindex
* Fix race in WalletModel::pollBalanceChanged
* Avoid Wallet::GetBalance in WalletModel::pollBalanceChanged
* Bump transifex slug and update English translations for 0.20
* Display mapped AS in peers info window
* Translations update pre-branch
* Fix Window -> Minimize menu item
* Fix leak in CoinControlDialog::updateView
* Fix manual coin control with multiple wallets loaded

Build system
* Remove mingw linker workaround from win gitian descriptor
* Use new fork of osslsigncode for windows gitian signing
* Only pass --disable-dependency-tracking to packages that understand it
* Bump libevent to 2.1.11 in depends
* gitian: Various improvements for windows descriptor
* Disable _FORTIFY_SOURCE when enable-debug
* Switch to upstream libdmg-hfsplus
* Remove workaround for ancient libtool
* Added double quotes
* Add variable printing target to Makefiles
* depends macOS: point --sysroot to SDK
* Fix boost mac cross build with clang 9+
* Remove OpenSSL
* Update retry to current version
* nsis: Write to correct filename in first place
* Update univalue subtree
* Update leveldb to 1.22+
* Avoid hardcoded libfaketime dir in gitian
* Fix C{,XX} pickup
* Set gitian arch back to amd64
* Make Travis catch unused variables
* Bump minimum libc to 2.17 for release binaries
* Create test utility library from src/test/util/
* Remove libanl.so.1 from ALLOWED_LIBRARIES
* Fix configure report about qr
* Allow export of environ symbols and work around rv64 toolchain issue
* lcov: filter depends from coverage reports
* Add ability to skip building qrencode
* Support for S390X and POWER targets
* util: Update tinyformat to upstream
* Don't configure xcb_proto
* Remove Qt networking features
* Remove linking librt for backwards compatibility
* Remove configure checks for win libraries we don't link against
* Included test_bitcoin-qt in msvc build
* Remove WINDOWS_BITS from build system
* Set AC_PREREQ to 2.69
* Add -Wdate-time to Werror flags
* Remove double LIBBITCOIN_SERVER linking
* Consistent use of package variable
* guix: Pin Guix using guix time-machine
* pass -fno-ident in Windows gitian descriptor
* Remove --large-address-aware linker flag
* Don't embed a build-id when building libdmg-hfsplus
* Fix behavior when ALLOW_HOST_PACKAGES unset
* Add missing attributes to Win installer
* Skip i686 build by default in guix and gitian
* Add cov_fuzz target
* Add --enable-determinism configure flag
* Add Wreturn-type to Werror flags, check on more Travis machines
* Remove Boost Chrono
* Set minimum Automake version to 1.13
* guix: Remove now-unnecessary gcc make flag
* Use git archive as source tarball
* Fix libevent linking for bench_bitcoin binary
* scripts: Previous_release: improve behaviour on failed download
* Remove double LIBBITCOIN_SERVER from bench-Makefile
* Create test_fuzz library from src/test/fuzz/fuzz.cpp
* Fix boost detection for arch armv7l
* gitian: Add missing automake package to gitian-win-signer.yml
* Check libevent minimum version in configure script
* Ensure source tarball has leading directory name

Platform support
* Add Android NDK support
* macOS toolchain update
* Increase init file stop timeout
* Remove OpenSSL PRNG seeding
* Update README.md with working Android targets and API levels
* Only use D-Bus with Qt on linux
* Set minimum supported macOS to 10.12
* Appveyor install libevent[thread] vcpkg
* Remove deprecated key from macOS Info.plist
* Pass -dead_strip_dylibs to ld on macOS
* Don't use OpenGL in Qt on macOS
* Add -bind_at_load to macOS hardened LDFLAGS
* scripts: Add macho pie check to security-check.py
* random: don't special case clock usage on macOS
* scripts: Add macho dylib checks to symbol-check.py
* msvc: Ignore msvc linker warning and update to msvc build instructions
* windows: Enable heap terminate-on-corruption
* logging: Enable thread_local usage on macos
* Fix .gitignore policy in build_msvc directory
* scripts: Add macho lazy bindings check to security-check.py
* util: Fix compilation with mingw-w64 7.0.0
* Fix sysctl() detection on macOS
* random: remove getentropy() fallback for macOS < 10.12
* scripts: Add pe dylib checking to symbol-check.py
* scripts: Add macho tests to test-security-check.py
* releases: Update with new Windows code signing certificate
* Fix ASLR for bitcoin-cli on Windows

Tests and QA
* Build previous releases and run functional tests
* Add coverage to estimaterawfee and estimatesmartfee
* lint: Run the ci lint stage on mac
* Add getdescriptorinfo functional test
* Add wallet_implicitsegwit to test the ability to transform keys between address types
* Add ASSERT_DEBUG_LOG to unit test framework
* travis: Run full test suite on native macos
* Use self.chain instead of 'regtest' in all current tests
* add unit test for wallet watch-only methods involving PubKeys
* Add generatetodescriptor RPC
* Fix combine_logs.py for AppVeyor build
* Show debug log on unit test failure
* Seed test RNG context for each test case, print seed
* ci: Use busybox utils for one build
* Fix Python Docstring to include all Args
* ci: Run tests on arm
* Pass fuzzing inputs as constant references
* Add test for loadblock option and linearize scripts
* fix "tx-size-small" errors after default address change
* Speed up wallet_backup by whitelisting peers
* Speed up wallet_address_types by whitelisting peers
* Fix bug in blockfilter_index_tests
* use default address type
* ci: Enable address sanitizer
* Add testcase to simulate bitcoin schema in leveldb
* Remove no longer needed UBSan suppressions
* Add unit testing for the CompressScript function
* Test serialisation as part of deserialisation fuzzing. Test round-trip equality where possible
* Add RegTestingSetup to setup_common
* travis: Run unit and functional tests on native arm
* Skip unnecessary fuzzer initialisation. Hold ECCVerifyHandle only when needed
* ci: Disable functional tests on mac host
* Fix script_p2sh_tests OP_PUSHBACK2/4 missing
* bench: Fix negative values and zero for -evals flag
* pubkey: Assert CPubKey's ECCVerifyHandle precondition
* Added TestWrapper class for interactive Python environments
* Add new mempool benchmarks for a complex pool
* add reason checks for non-standard txs in test_IsStandard
* Fix input size assertion in wallet_bumpfee.py
* Add rpc_fundrawtransaction logging
* Add shrinkdebugfile=0 to regtest bitcoin.conf
* Speed up fundrawtransaction test
* Do not instantiate CAddrDB for static call CAddrDB::Read()
* Speed up wallet_avoidreuse, add logging
* add "diamond" unit test to MempoolAncestryTests
* Reset global args between test suites
* ci: Run non-cross-compile builds natively
* TestShell: Fix typos & implement cleanups
* Create new test library
* wallet_importmulti: use addresses of the same type as being imported
* Add missing newline in util_ChainMerge test
* Add util_ArgParsing test
* travis: Rework cache_err_msg
* ci: Make ci system read-only on the git work tree
* check custom ancestor limit in mempool_packages.py
* Update valgrind suppressions
* Check custom descendant limit in mempool_packages.py
* Remove fragile assert_memory_usage_stable
* ci: Use clang-8 for fuzzing to run on aarch64 ci systems
* Add unit test for non-standard txs with too large scriptSig
* Skip tests when utils haven't been compiled
* Add unit test for non-standard bare multisig txs
* Add bounds checks before base58 decoding
* ci: Bump to clang-8 for asan build to avoid segfaults on ppc64le
* Wait until mempool is loaded in wallet_abandonconflict
* Add functional test for non-standard txs with too large scriptSig
* Add functional test for non-standard bare multisig txs
* Add unit test for non-standard txs with wrong nVersion
* Add libtest_util library to msvc build configuration
* ci: Add big endian platform - s390x
* Move more utility functions into test utility library
* Add option --valgrind to run the functional tests under Valgrind
* ci: Add centos 7 build
* Add unit test for leveldb creation with unicode path
* Add initialization order fiasco detection in Travis
* Enable tests which are incorrectly skipped when running test_runner.py --usecli
* Fix bug in the descriptor parsing fuzzing harness
* re-enable CLI test support by using EncodeDecimal in json.dumps()
* add unit test for non-standard "scriptsig-not-pushonly" txs
* ci: Fix qemu issues
* ci: Update github actions ci vcpkg cache on msbuild update
* Change filemode of rpc_whitelist.py
* ci: Fix brew python link
* Add std::to_string to list of locale dependent functions
* Fix double-negative arg test
* ci: Combine 32-bit build with centos 7 build
* Test OP_CSV empty stack fail in feature_csv_activation.py
* Fix p2p_invalid_messages failing in Python 3.8 because of warning
* add unit test for non-standard txs with too large tx size
* Check specific reject reasons in feature_csv_activation.py
* Add p2p test for forcerelay permission
* Updated appveyor job to checkout a specific vcpkg commit ID
* fix fuzzing using libFuzzer on macOS
* bench: Fix benchmarks filters
* reset fIsBareMultisigStd after bare-multisig tests
* Fix appveyor test_bitcoin build of *.raw
* util: Allow scheduler to be mocked
* ci: Check for submodules
* Replace 'regtest' leftovers by self.chain
* Set a name for CI Docker containers
* Avoid hitting some known minor tinyformat issues when fuzzing strprintf(…)
* Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker
* Add --valgrind option to test/fuzz/test_runner.py for running fuzzing test cases under valgrind
* ci: Run fuzz testing test cases
* Transaction expiry from mempool
* Remove incorrect assumptions in validation_flush_tests
* Set catch_system_errors=no on boost unit tests
* Add cost_of_change parameter assertions to bnb_search_test
* Reduce unneeded whitelist permissions in tests
* Disable mockforward scheduler unit test for now
* Fix race in p2p_segwit
* Make AnalyzePSBT next role calculation simple, correct
* Add missing syncwithvalidationinterfacequeue
* Wait for both veracks in add_p2p_connection
* Bump timeouts to accomodate really slow disks
* Add bad-txns-*-toolarge test cases to invalid_txs
* rpc: change setmocktime check to use IsMockableChain
* Check that wait_until returns if time point is in the past
* Add locale fuzzer to FUZZERS_MISSING_CORPORA
* fuzz: Add assert(script == decompressed_script)
* Update FUZZERS_MISSING_CORPORA to enable regression fuzzing for all harnesses in master
* fuzz: Add option to merge input dir to test runner
* Explain why test logging should be used
* Add logging to wallet_listsinceblock.py
* Bumpfee test fix
* Add deserialization fuzzing of SnapshotMetadata
* fuzz: Add missing ECC_Start to key_io test
* Add basic test for BIP 37
* Fix mining to an invalid target + ensure that a new block has the correct hash internally
* Bugfix & simplify bn2vch using int.to_bytes
* Don't assume presence of __builtin_mul_overflow(…) in MultiplicationOverflow(…) fuzzing harness
* add executable flag for rpc_estimatefee.py
* listsinceblock block height checks
* ci: Only clone bitcoin-core/qa-assets when fuzzing
* ci: Use homebrew addon on native macos
* Add coverage for script parse error in ParseScript
* Remove unsafe BOOST_TEST_MESSAGE
* check that peer is connected when calling sync_*
* ci: Use focal for fuzzers
* add BIP37 'filterclear' test to p2p_filter.py
* Remove redundant sync_with_ping after add_p2p_connection
* fuzz: Avoid running over all inputs after merging them
* fuzz: Add CScriptNum::getint coverage
* remove rapidcheck integration and tests
* Add BIP37 remote crash bug [CVE-2013-5700] test to p2p_filter.py
* relax bumpfee dust_to_fee txsize an extra vbyte
* fuzz: Extend descriptor fuzz test
* fuzz: Extend script fuzz test
* fuzz: Add process_messages harness
* Add fuzzer version of randomized prevector test
* skip backwards compat tests if not compiled with wallet
* wallet_bumpfee assertion fixup
* Use one node to avoid a race due to missing sync in rpc_signrawtransaction
* Properly raise FailedToStartError when rpc shutdown before warmup finished
* ci: Run unit tests sequential once
* Fix unregister_all_during_call cleanup
* Set -use_value_profile=1 when merging fuzz inputs
* Remove enumeration of expected deserialization exceptions in ProcessMessage(…) fuzzer
* Add test for conflicted wallet tx notifications
* Remove const to work around compiler error on xenial

Documentation
* Doxygen-friendly script/descriptor.h comments
* Add detailed info about Bitcoin Core files
* Doxygen-friendly CuckooCache comments
* move-only: Steps for "before major release branch-off"
* Update bips.md for default bech32 addresses in 0.20.0
* Fix Makefile target in benchmarking.md
* Add missing indexes/blockfilter/basic to doc/files.md
* Fix broken bitcoin-cli examples
* Add switch on enum example to developer notes
* Update macdeploy README to include all files produced by make deploy
* github: Add warning for bug reports
* Added instructions for how to add an upsteam to forked repo
* Add a note about backporting
* Correct function name in ReportHardwareRand()
* Describe log files + consistent paths in test READMEs
* Changed miniupnp links to https
* Add developer note on c_str()
* Bip70 removal follow-up
* Fix help-debug -checkpoints
* update MSVC instructions to remove Qt OpenSSL linking
* Add template for good first issues
* Fix some misspellings
* Add ShellCheck to lint tests dependencies
* Update doc/bips.md with recent changes in master
* Added regtest config for linearize script
* Add some better examples for scripted diff
* Remove bitness from bitcoin-qt help message and manpage
* Update and improve Developer Notes
* Changed MiniUPnPc link to https in dependencies.md
* Change doxygen URL to doxygen.bitcoincore.org
* Update release process with latest changes
* Unify unix epoch time descriptions
* script: Add keyserver to verify-commits readme
* Rename wallet-tool references to bitcoin-wallet
* Add "ci" prefix to CONTRIBUTING.md
* Use recommended shebang approach in documentation code block
* Fix directory path for secp256k1 subtree in developer-notes
* Mention PR Club in CONTRIBUTING.md
* Misc RPC help fixes
* Developer notes guideline on RPCExamples addresses
* Update dependencies.md
* Add to Doxygen documentation guidelines
* Fix improper Doxygen inline comments
* Improve fuzzing docs for macOS users
* Fix doxygen errors
* Add missing supported rpcs to doc/descriptors.md
* Add note about brew doctor
* Remove PPA note from release-process.md
* Minor grammatical changes and flow improvements
* Add missing step in win deployment instructions
* Add warning against wallet.dat re-use
* Correct spelling errors in comments
* interfaces: Describe and follow some code conventions
* Explain rebase policy in CONTRIBUTING.md
* Mention MAKE=gmake workaround when building on a BSD
* Replace remaining literal BTC with CURRENCY_UNIT
* Add fuzzing quickstart guides for libFuzzer and afl-fuzz
* Fix nit in getblockchaininfo
* Comment fix merkle.cpp
* note the costs of fetching all pull requests
* Update init and reduce-traffic docs for -blocksonly
* Block-relay-only vs blocksonly
* Explain new test logging
* Update webchat URLs in README.md
* Fix git add argument
* Correct scripted-diff example link
* Fix naming of macOS SDK and clarify version

Miscellaneous
* lockedpool: When possible, use madvise to avoid including sensitive information in core dumps
* Merge settings one place instead of five places
* On bitcoind startup, write config args to debug.log
* util: Replace boost sleep with std sleep
* util: Fix compilation errors in support/lockedpool.cpp
* scripts: In linearize, search for next position of magic bytes rather than fail
* Add some general std::vector utility functions
* contrib: Bump gitian descriptors for 0.20
* scripts: Update copyright_header script to include additional files
* util: Simplify path argument for cblocktreedb ctor
* random: Remove call to RAND_screen()
* util: Add check_nonfatal and use it in src/rpc
* Replace the LogPrint function with a macro
* util: Rename decodedumptime to parseiso8601datetime
* Feed environment data into RNG initializers
* contrib: Remove accounts from bash completion
* Add assertion to randrange that input is not 0
* log: Fix log message for -par=1
* linter: Strip trailing / in path for git-subtree-check
* scripts: Search for first block file for linearize-data with some block files pruned
* scripts: Lint gitian descriptors with shellcheck
* util: Disallow network-qualified command line options
* random: mark RandAddPeriodic and SeedPeriodic as noexcept
* Fix CPUID subleaf iteration
* util: Make schedulebatchpriority advisory only
* util: Remove unwanted fields from bitcoin-cli -getinfo
* script: Fixed wget call in gitian-build.py
* Make env data logging optional
* util: Don't allow base58 decoding of non-base58 strings. add base58 tests
* util: Change getwarnings parameter to bool
* util: Don't allow base32/64-decoding or parsemoney(…) on strings with embedded nul characters. add tests
* scripts: Read suspicious hosts from a file instead of hardcoding
* util: Avoid potential uninitialized read in formatiso8601datetime(int64_t) by checking gmtime_s/gmtime_r return value
* Fix a violation of C++ standard rules where unions are used for type-punning
* util: Fail to parse empty string in parsemoney
* util: Fail to parse whitespace-only strings in parsemoney(…)
* util: Helpexamplerpc formatting
* Fix missing header in sync.h
* script: Fix script_err_sig_pushonly error string
* util: Limit decimal range of numbers parsescript accepts
* init: Replace URL_WEBSITE with PACKAGE_URL
* Remove PID file at the very end
* Avoid non-trivial global constants in SHA-NI code
* Do not expose and consider -logthreadnames when it does not work

(adam)

doc/TODO: add some

+ caff-2.11, catch2-2.12.4, ffmpeg4-4.3.1, gopls-0.4.3, libgcrypt-1.8.6,
  mpfr-4.1.0, poppler-0.90.1, py-google-auth-httplib2-0.0.4,
  py-setuptools-49.1.2, spdlog-1.7.0, sslh-1.21.

(wiz)

Updated net/fping, multimedia/ffmpeg2, multimedia/ffplay2, multimedia/ffmpeg3, multimedia/ffplay3, multimedia/ffmpeg4, multimedia/ffplay4, converters/help2man

(adam)

help2man: updated to 1.47.16

help2man 1.47.16

* Move table of contents to the top of the texi file so that it appears
  in the correct location in the html page.
* Update debian/rules maint-prep warning about $version mismatch.
* Update help2man.html.PL for new GNU boilerplate.

(adam)

ffmpeg4,ffplay4: updated to 4.3.1

version 4.3.1:
avcodec/tiff: Check input space in dng_decode_jpeg()
avcodec/mjpeg_parser: Adjust size rejection threshold
avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment()
avformat/sdp: Fix potential write beyond end of buffer
avformat/mm: Check for existence of audio stream
avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
avcodec/apedec: Fix undefined integer overflow with 24bit
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
avformat/smjpegdec: Check the existence of referred streams
avcodec/tiff: Check frame parameters before blit for DNG
avcodec/mjpegdec: Limit bayer to single plane outputting format
avcodec/pnmdec: Fix misaligned reads
avcodec/mv30: Fix integer overflows in idct2_1d()
avcodec/hcadec: Check total_band_count against imdct_in size
avcodec/scpr3: Fix out of array access with dectab
avcodec/tiff: Do not overrun the array ends in dng_blit()
avcodec/dstdec: Replace AC overread check by sample rate check
dnn_backend_native: Add overflow check for length calculation.
avcodec/h264_metadata_bsf: Fix invalid av_freep
avcodec/cbs_h265: set default VUI parameters when vui_parameters_present_flag is false
avcodec/av1_parser: initialize avctx->pix_fmt
avcodec/av1_parser: add missing parsing for RGB pixel format signaling
avcodec/av1_parser: set context values outside the OBU parsing loop
avutil/avsscanf: Add () to avoid integer overflow in scanexp()
avformat/utils: reorder duration computation to avoid overflow
avcodec/pngdec: Check for fctl after idat
avformat/hls: Pass a copy of the URL for probing
avutil/common: Fix integer overflow in av_ceil_log2_c()
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
avformat/mvdec: Fix integer overflow with billions of channels
avformat/microdvddec: skip malformed lines without frame number.
dnn_backend_native: check operand index
dnn_backend_native.c: refine code for fail case
avformat/mov: fix memleaks
libavformat/mov: Fix memleaks when demuxing DV audio
avcodec/cbs_av1: Fix writing uvlc numbers >= INT_MAX
avformat/avc, mxfenc: Avoid allocation of H264 SPS structure, fix memleak
avcodec/bitstream: Don't check for undefined behaviour after it happened
avformat/aviobuf: Also return truncated buffer in avio_get_dyn_buf()
avformat/aviobuf: Don't check for overflow after it happened

(adam)

ffmpeg3,ffplay3: updated to 3.4.8

version 3.4.8:
avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
lavf/webm_chunk: Fix NULL dereference
avcodec/ttaenc: Fix undefined shift
fftools/ffmpeg: Free swresample dictionary during cleanup
avfilter/vf_xbr: Fix left shift of negative number
avfilter/vf_hqx: Fix undefined left shifts of negative numbers
avcodec/jpeg2000dwt: Fix undefined shifts of negative numbers
avcodec/ituh263dec: Fix undefined left shift of negative number
avcodec/dnxhdenc: Fix undefined left shifts of negative numbers
swscale/utils: Fix invalid left shifts of negative numbers
swscale/x86/swscale: Fix undefined left shifts of negative numbers
avcodec/exr: Fix undefined left shifts of negative numbers
avformat/movenc: Fix undefined shift
avcodec/pcm: Fix undefined shifts
avcodec/wavpackenc: Fix undefined shifts
avcodec/ac3enc: Fix invalid shift
avcodec/tdsc: Fix undefined shifts
fftools/ffmpeg_opt: Fix signed integer overflow
avformat/mov: Fix reel_name size check
avformat/mov: Fix memleak upon encountering repeating tags
avformat/matroskaenc: Don't use NULL for %s format string
avformat/webvttdec: Fix memleak upon read header failure
avformat/vplayerdec: Fix memleak upon read header failure
avformat/tedcaptionsdec: Fix memleak upon read header failure
avformat/subviewerdec: Fix memleak upon read header failure
avformat/subviewer1dec: Fix memleak upon read header failure
avformat/stldec: Fix memleak upon read header failure
avformat/srtdec: Fix memleak upon read header failure
avformat/sccdec: Fix memleak upon read header failure
avformat/samidec: Fix memleak upon read header failure
avformat/pjsdec: Fix memleak upon read header failure
avformat/mpsubdec: Fix memleak upon read header failure
avformat/mpl2dec: Fix memleak upon read header failure
avformat/microdvddec: Fix memleak upon read header failure
avformat/lrcdec: Fix memleak upon read header failure
avformat/jacosubdec: Fix memleak upon read header failure
avformat/assdec: Fix memleak upon read header failure
avformat/aqtitledec: Fix memleak upon read header failure
avformat/mov: Fix memleaks upon read_header failure
avformat/omadec: Fix memleaks upon read_header failure
avformat/matroskadec: Fix memleaks in WebM DASH manifest demuxer
avformat/matroskadec: Use right number of tracks
avformat/matroskadec: Fix handling gigantic durations
avformat/aviobuf: Don't check for overflow after it happened
avformat/matroskaenc: Fix memleak upon encountering bogus chapter
fftools/ffmpeg_opt: Check attachment filesize
avformat/webmdashenc: Check codec types
avformat/avidec: Fix memleak with embedded GAB2 subtitles
avformat/webmdashenc: Fix memleak upon realloc failure
avformat/matroskadec: Don't discard the upper 32bits of TrackNumber
avformat/hnm: Check for extradata allocation failure
avformat/subtitles: Don't increment packet counter prematurely
avformat/bethsoftvid: Fix potential memleak upon reallocation failure
avformat/smoothstreaming: Fix memleaks on errors
avformat/matroskaenc: Check BlockAdditional size before use
avformat/utils: Fix memleaks in avformat_open_input()
avcodec/cavsdsp: Fix undefined left shifts of negative numbers
avformat/hevc: Fix potential leak in case of ff_hevc_annexb2mp4_buf failure
avformat/matroskaenc: Check for reformatting errors
avcodec/ra144enc: Fix invalid left shift of negative number
avcodec/adxenc: Avoid undefined left shift of negative numbers
avcodec/adpcm: Fix undefined left shifts of negative numbers
avcodec/proresenc_anatoliy: Fix invalid left shift of negative number
avformat/wtvdec: Fix memleak when reading header fails
avformat/fitsdec: Fix potential leak of string in AVBPrint
avformat/mov: fix memleaks
libavformat/mov: Fix memleaks when demuxing DV audio
avcodec/bitstream: Don't check for undefined behaviour after it happened
avcodec/dstdec: Replace AC overread check by sample rate check
avformat/utils: reorder duration computation to avoid overflow
avcodec/pngdec: Check for fctl after idat
avformat/hls: Pass a copy of the URL for probing
avformat/hls: check segment duration value of EXTINF
avutil/common: Fix integer overflow in av_ceil_log2_c()
avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
avformat/mvdec: Fix integer overflow with billions of channels
avformat/microdvddec: skip malformed lines without frame number.
avformat/mxfdec: free duplicated utf16 strings
avformat/4xm: Check that a video stream was created before returning packets for it
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
avcodec/sonic: Fix several integer overflows
avcodec/pixlet: Fix log(0) check
avcodec/iff: Fix off by x error
avcodec/wmalosslessdec: Check block_align maximum
avcodec/loco: Fix signed integer overflow in loco_get_rice()
avformat/thp: Check fps
avformat/mpl2dec: Fix integer overflow with duration
avcodec/mpeg12dec: remove outdated comments
avcodec/snowdec: Avoid integer overflow with huge qlog
avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
avcodec/mpeg12dec: Fix got_output
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
avcodec/lzf: Consider the needed size in reallocation
avformat/mlvdec: fail reading a packet with 0 streams
avformat/thp: Check compcount
avcodec/adpcm: XA: Check shift similar to filter
avcodec/huffyuvdec: Test vertical coordinate more often
avcodec/hq_hqa: Check info size
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
avcodec/h264dec: Disable forced small_padding on flag2 fast
avformat/oggparsevorbis: Error out on double init of vp
avcodec/pnmdec: Use unsigned for maxval rescaling
avcodec/ivi: Clear got_p_frame before decoding a new frame using it
avcodec/dsddec: Check channels
avcodec/xvididct: Fix integer overflow in idct_row()
avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()
avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE
avformat/swfenc: Fix integer overflow in frame rate handling
avformat/aadec: Check toc_size to contain the minimum to demuxer uses
avformat/mov: Don't allow negative sample sizes.
mpeg4videoenc: Don't crash with -fsanitize=bounds
avformat/mpegts: Shuffle avio_seek
avcodec/binkaudio: Fix 2Ghz sample_rate
avcodec/adpcm: Fix integer overflow in ADPCM THP
avcodec/ralf: Check num_blocks before use
avcodec/iff: Test video_size being non zero
avcodec/utvideodec: Fix integer overflow in decode_plane()
avcodec/ttadsp: Fix several integer overflows in tta_filter_process_c()
avcodec/ralf: Fix integer overflow in decode_block()
avcodec/nuv: widen buf_size type
avcodec/iff: Fix several integer overflows
avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1
avcodec/alac: Fix integer overflow with 24/20bps samples
avcodec/dstdec: Check sample rate
avformat/thp: Require a video stream
avformat/mpeg: Decrease score by 1 for files with very little valid data
avcodec/pngdec: Check length in fdAT
avcodec/g2meet: Check tile_width in epic_jb_decode_tile()
avcodec/vp9dsp_template: Fix integer overflows in idct32_1d()
avcodec/alacdsp: Fix invalid shift in append_extra_bits()
libavcodec/wmalosslessdec: prevent sum of positive numbers from becoming negative
avcodec/dstdec: Fix integer overflow in read_table()
avcodec/txd: Check for input size against the header size.
avcodec/svq1dec: Check that there is data left after the header
avcodec/intrax8: Check for end of bitstream in ff_intrax8_decode_picture()
avcodec/hevc_mp4toannexb_bsf: Check nalu_size
avcodec/iff: Check length before memcpy() in decode_deep_rle32()
avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32()
avcodec/pngdec: Pass ret from decode_iccp_chunk()
avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_*()
avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
avcodec/flac_parser: Do not lose header count in find_headers_search()
avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c()
avformat/oggdec: Check for EOF after page header
swscale/yuv2rgb: Fix vertical dither offset with slices
avcodec/dpcm: clip exponent into supported range in XAN DPCM
avcodec/flacdsp_template: Fix invalid shifts in decorrelate
avcodec/xvididct: Fix integer overflow in MULT()
avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT
swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input
swscale/output: Fix integer overflow in alpha computation in yuv2gbrp16_full_X_c()
libavformat/amr.c: Check return value from avio_read()
libavformat/mov.c: Free aes_decrypt to avoid leaking memory
libavformat/oggdec.c: Check return value from avio_read()
avformat/asfdec_f: Fix overflow check in get_tag()
avformat/nsvdec: Fix memleaks on errors while reading the header
avcodec/ffwavesynth: Fix integer overflow in computation of ddphi
avcodec/adpcm: Fix invalid shift in AV_CODEC_ID_ADPCM_PSX
avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra()
avcodec/mpegaudioenc_template: fix invalid shift of sample
avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search()
libavformat/avienc: Check bits per sample for PAL8
avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet()
avcodec/magicyuv: Check that there are enough lines for interlacing to be possible
avformat/mvdec: Check stream numbers
avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF
avcodec/qdm2: Check fft_coefs_index
avformat/utils: Fix integer overflow with complex time bases in avformat_find_stream_info()
avformat/avidec: Avoid integer overflow in NI switch check
fftools/ffmpeg: Fix integer overflow in duration computation in seek_to_start()
avfilter/vf_aspect: Fix integer overflow in compute_dar()
avcodec/apedec: Fix invalid shift with 24 bps
avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index()
avcodec/dpcm: Fix integer overflow in AV_CODEC_ID_GREMLIN_DPCM
avcodec/wmalosslessdec: Fix integer overflow with sliding in padding bits
avcodec/wmalosslessdec: Fix loop in revert_acfilter()
avcodec/lagarith: Sanity check scale
avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()
avcodec/ralf: Fix integer overflow in apply_lpc()
avcodec/dca_lbr: Fix some error codes and error passing
avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()
avcodec/wmavoice: sanity check block_align
avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXF
avcodec/snappy: Sanity check bytestream2_get_levarint()
avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()
avcodec/avdct: Clear IDCTDSPContext context
avcodec/x86/diracdsp: Fix high bits on Windows x86_64
avformat/mov: Check STCO location
avcodec/wmalosslessdec: Fix multiple integer overflows
avcodec/apedec: Fix undefined integer overflow in decode_array_0000()
avcodec/smacker: Check space before decoding type
avcodec/rawdec: Use linesize in b64a
avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM
avcodec/x86/diracdsp: Fix incorrect src addressing in dequant_subband_32()
avfilter/vf_find_rect: Remove assert
avfilter/vf_find_rect: Increase worst case score
swscale/input: Fix several invalid shifts related to rgb2yuv constants
swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template()
swscale/swscale: Fix several invalid shifts related to vChrDrop
avcodec/hevc_mp4toannexb_bsf: check that nalu size doesnt overflow
avcodec/hevc_mp4toannexb_bsf: Avoid NULL memcpy()
avcodec/wmalosslessdec: move channel check up
avcodec/adpcm: Fix overflow in FFABS() IMA_EA_EACS
avcodec/alac: Fix integer overflow in LPC coefficient adaption
avcodec/g729postfilter: Optimize out overflowing multiplication from apply_tilt_comp()
avcodec/vc1dec: Check field_mode for sprites
avcodec/vc1dec: Limit bits by the actual bitstream size
avcodec/vmdaudio: Check block_align more
configure: bump year
avcodec/pgssubdec: Free subtitle on error
avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()
avcodec/cook: Use 3 stage VLC decoding for channel_coupling
avcodec/wmalosslessdec: Fixes undefined overflow in dequantization in decode_subframe()
avcodec/sonic: Check e in get_symbol()
avcodec/twinvqdec: Correct overflow in block align check
avcodec/vc1dec: Fix "return -1" cases
avcodec/vc1dec: Free sprite_output_frame on error
avcodec/wmadec: Keep track of exponent initialization per channel
avcodec/iff: Check that video_size is large enough for the read parameters
avcodec/adpcm: Clip predictor for APC
avcodec/targa: Check colors vs. available space
avcodec/dstdec: Use get_ur_golomb_jpegls()
avcodec/wmavoice: Check remaining input in parse_packet_header()
avcodec/wmalosslessdec: Fix 2 overflows in mclms
avcodec/wmaprodec: Fixes integer overflow with 32bit samples
avcodec/adpcm: Fix invalid shift in xa_decode()
avcodec/wmalosslessdec: Fix several integer issues
avcodec/wmalosslessdec: Check that padding bits is not more than sample bits
avcodec/iff: Skip overflowing runs in decode_delta_d()
avcodec/pnm: Check that the header is not truncated
avcodec/mp3_header_decompress_bsf: Check sample_rate_index
avformat/rmdec: Initialize and sanity check offset in ivr_read_header()
avcodec/apedec: Fix 2 integer overflows
avcodec/wmaprodec: Set packet_loss when we error out on a sanity check
avcodec/wmaprodec: Check offset
avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()
avcodec/wmaprodec: Check if the channel sum of all internal contexts match the external
libavcodec/libvpxenc: Don't free user-provided AVPacket
libavcodec/libmp3lame: Don't free user-provided AVPacket
avcodec/libopusenc: Don't free user-provided AVPacket
avformat/matroskadec: Fix default value of BlockAddID

(adam)

ffmpeg2,ffplay2: updated to 2.8.17

version 2.8.17:
avcodec/apedec: Fix undefined integer overflow with 24bit
avcodec/loco: Fix integer overflow with large values from loco_get_rice()
avformat/smjpegdec: Check the existence of referred streams
avcodec/pnmdec: Fix misaligned reads
avformat/utils: reorder duration computation to avoid overflow
avcodec/pngdec: Check for fctl after idat
png: split header state and data state in two separate variables.
avformat/hls: Pass a copy of the URL for probing
avformat/hls: check segment duration value of EXTINF
avutil/common: Fix integer overflow in av_ceil_log2_c()
avformat/microdvddec: skip malformed lines without frame number.
avformat/4xm: Check that a video stream was created before returning packets for it
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
avcodec/sonic: Fix several integer overflows
avcodec/iff: Fix off by x error
avcodec/wmalosslessdec: Check block_align maximum
avcodec/loco: Fix signed integer overflow in loco_get_rice()
avformat/thp: Check fps
avformat/mpl2dec: Fix integer overflow with duration
avcodec/mpeg12dec: remove outdated comments
avcodec/snowdec: Avoid integer overflow with huge qlog
avcodec/mpeg12dec: Fix got_output
avformat/4xm: Cleanup on GET_LIST_HEADER() failure
avformat/mlvdec: fail reading a packet with 0 streams
avformat/thp: Check compcount
avcodec/adpcm: XA: Check shift similar to filter
avcodec/huffyuvdec: Test vertical coordinate more often
avcodec/hq_hqa: Check info size
avcodec/wmalosslessdec: Fix integer overflow in mclms_predict()
avcodec/vp9dsp_template: Fix integer overflow(s) in iadst16_1d()
avcodec/h264dec: Disable forced small_padding on flag2 fast
avcodec/pnmdec: Use unsigned for maxval rescaling
avcodec/ivi: Clear got_p_frame before decoding a new frame using it
avcodec/dsddec: Check channels
avcodec/xvididct: Fix integer overflow in idct_row()
avcodec/wmalosslessdec: Fix integer overflows in revert_inter_ch_decorr()
avformat/mpegenc: Fix integer overflow with AV_NOPTS_VALUE
avformat/aadec: Check toc_size to contain the minimum to demuxer uses
avformat/mov: Don't allow negative sample sizes.
mpeg4videoenc: Don't crash with -fsanitize=bounds
avcodec/binkaudio: Fix 2Ghz sample_rate
avcodec/adpcm: Fix integer overflow in ADPCM THP
avcodec/ralf: Check num_blocks before use
avcodec/utvideodec: Fix integer overflow in decode_plane()
avcodec/ralf: Fix integer overflow in decode_block()
avcodec/nuv: widen buf_size type
avcodec/g729postfilter: Clip gain before scaling with AGC_FAC1
avformat/thp: Require a video stream
avformat/mpeg: Decrease score by 1 for files with very little valid data
avcodec/pngdec: Check length in fdAT
avcodec/g2meet: Check tile_width in epic_jb_decode_tile()
avcodec/vp9dsp_template: Fix integer overflows in idct32_1d()
libavcodec/wmalosslessdec: prevent sum of positive numbers from becoming negative
avcodec/txd: Check for input size against the header size.
avcodec/svq1dec: Check that there is data left after the header
avformat/mov: fix memleaks
libavformat/mov: Fix memleaks when demuxing DV audio
libavcodec/libvpxenc: Don't free user-provided AVPacket
avcodec/libopusenc: Don't free user-provided AVPacket

version 2.8.16:
- avcodec/hevc_mp4toannexb_bsf: Check nalu_size
- avcodec/iff: Check length before memcpy() in decode_deep_rle32()
- avcodec/iff: Fix invalid pointer intermediates in decode_deep_rle32()
- avcodec/rv40dsp: Fix integer overflows in rv40_weight_func_*()
- avcodec/ac3dec_fixed: Fix several invalid left shifts in scale_coefs()
- avcodec/flac_parser: Do not lose header count in find_headers_search()
- avcodec/audiodsp: Fix integer overflow in scalarproduct_int16_c()
- avformat/oggdec: Check for EOF after page header
- swscale/yuv2rgb: Fix vertical dither offset with slices
- avcodec/dpcm: clip exponent into supported range in XAN DPCM
- avcodec/flacdsp_template: Fix invalid shifts in decorrelate
- avcodec/xvididct: Fix integer overflow in MULT()
- avcodec/ffwavesynth: Correct undefined overflow of PINK_UNIT
- swscale/output: Fix integer overflow in yuv2rgb_write_full() with out of range input
- libavformat/amr.c: Check return value from avio_read()
- libavformat/mov.c: Free aes_decrypt to avoid leaking memory
- libavformat/oggdec.c: Check return value from avio_read()
- avformat/asfdec_f: Fix overflow check in get_tag()
- avformat/nsvdec: Fix memleaks on errors while reading the header
- avcodec/ffwavesynth: Fix integer overflow in computation of ddphi
- avcodec/mpeg12dec: Fix invalid shift in mpeg2_fast_decode_block_intra()
- avcodec/mpegaudioenc_template: fix invalid shift of sample
- avcodec/motion_est_template: Fix invalid shifts in no_sub_motion_search()
- avformat/mpegts: Improve the position determination for avpriv_mpegts_parse_packet()
- avformat/mvdec: Check stream numbers
- avcodec/pcm: Fix invalid shift in AV_CODEC_ID_PCM_LXF
- avcodec/qdm2: Check fft_coefs_index
- avformat/avidec: Avoid integer overflow in NI switch check
- avfilter/vf_aspect: Fix integer overflow in compute_dar()
- avcodec/apedec: Fix invalid shift with 24 bps
- avformat/utils: Fix undefined behavior in ff_configure_buffers_for_index()
- avcodec/wmalosslessdec: Fix loop in revert_acfilter()
- avcodec/lagarith: Sanity check scale
- avcodec/apedec: Fix integer overflows in predictor_decode_mono_3950()
- avcodec/ralf: Fix integer overflow in apply_lpc()
- avcodec/wmavoice: Fix rounding and integer anomalies in calc_input_response()
- avcodec/pcm: Fix invalid shift in pcm_decode_frame for LXF
- avcodec/snappy: Sanity check bytestream2_get_levarint()
- avcodec/mlpdsp: Fix a invalid shift in ff_mlp_rematrix_channel()
- avcodec/avdct: Clear IDCTDSPContext context
- avcodec/apedec: Fix undefined integer overflow in decode_array_0000()
- avcodec/smacker: Check space before decoding type
- avcodec/iff: Over-allocate ham_palbuf for HAM6 IFF-PBM
- avfilter/vf_find_rect: Remove assert
- avfilter/vf_find_rect: Increase worst case score
- swscale/input: Fix several invalid shifts related to rgb2yuv constants
- swscale/output: Fix several invalid shifts in yuv2rgb_full_1_c_template()
- swscale/swscale: Fix several invalid shifts related to vChrDrop
- avcodec/hevc_mp4toannexb_bsf: Avoid NULL memcpy()
- avcodec/wmalosslessdec: move channel check up
- avcodec/adpcm: Fix overflow in FFABS() IMA_EA_EACS
- avcodec/alac: Fix integer overflow in LPC coefficient adaption
- avcodec/g729postfilter: Optimize out overflowing multiplication from apply_tilt_comp()
- avcodec/vc1dec: Check field_mode for sprites
- avcodec/vc1dec: Limit bits by the actual bitstream size
- avcodec/vmdaudio: Check block_align more
- configure: bump year
- avcodec/pgssubdec: Free subtitle on error
- avcodec/ffwavesynth: Fix undefined overflow in wavesynth_synth_sample()
- avcodec/cook: Use 3 stage VLC decoding for channel_coupling
- avcodec/sonic: Check e in get_symbol()
- avcodec/twinvqdec: Correct overflow in block align check
- avcodec/vc1dec: Fix "return -1" cases
- avcodec/vc1dec: Free sprite_output_frame on error
- avcodec/wmadec: Keep track of exponent initialization per channel
- avcodec/adpcm: Clip predictor for APC
- avcodec/targa: Check colors vs. available space
- avcodec/wmavoice: Check remaining input in parse_packet_header()
- avcodec/wmalosslessdec: Fix 2 overflows in mclms
- avcodec/wmaprodec: Fixes integer overflow with 32bit samples
- avcodec/adpcm: Fix invalid shift in xa_decode()
- avcodec/wmalosslessdec: Fix several integer issues
- avcodec/pnm: Check that the header is not truncated
- avcodec/mp3_header_decompress_bsf: Check sample_rate_index
- avcodec/apedec: Fix 2 integer overflows
- avcodec/wmaprodec: Set packet_loss when we error out on a sanity check
- avcodec/truemotion2: Fix 2 integer overflows in tm2_low_res_block()
- avformat/matroskadec: Fix default value of BlockAddID
- avcodec/utils: Check block_align
- avcodec/utils: Check sample_rate before opening the decoder
- avcodec/g729dec: require buf_size to be non 0
- avcodec/alac: Fix integer overflow in lpc_prediction() with sign
- avcodec/wmaprodec: Fix buflen computation in save_bits()
- avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv()
- avcodec/vmdaudio: Check chunk counts to avoid integer overflow
- avformat/mxfdec: Clear metadata_sets_count in mxf_read_close()
- avcodec/nuv: Use ff_set_dimensions()
- avcodec/ffwavesynth: Fix integer overflow with pink_ts_cur/next
- avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel()
- avcodec/g729dec: Use 64bit and clip in scalar product
- avcodec/mxpegdec: Check for multiple SOF
- avcodec/nuv: Move comptype check up
- avcodec/wmavoice: Fix integer overflow in synth_frame()
- avutil/lfg: Correct index increment type to avoid undefined behavior
- avcodec/cngdec: Remove AV_CODEC_CAP_DELAY
- avcodec/iff: Move index use after check in decodeplane8()
- avcodec/atrac3: Check for huge block aligns
- avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block()
- avcodec/wmadec: Require previous exponents for reuse
- avcodec/vc1_block: Fix undefined behavior in ac prediction rescaling
- avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter()
- avcodec/sonic: Fix integer overflow in predictor_calc_error()
- lavc/tableprint_vlc: Remove avpriv_request_sample() from included files.
- avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI
- avcodec/cook: Move up and extend block_align check
- avcodec/twinvq: Check block_align
- avcodec/cook: Enlarge gain table
- avcodec/atrac3plus: Check split point in fill mode 3
- avcodec/wmavoice: Check sample_rate
- avcodec/apedec: Fix integer overflow in filter_3800()
- avcodec/ffv1dec: Use a different error message for the slice level CRC
- avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()
- avcodec/snowenc: Fix 2 undefined shifts
- avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags()
- avcodec/truemotion2: Fix several integer overflows in tm2_low_res_block()
- avcodec/adpcm: Fix invalid shifts in ADPCM DTK
- avcodec/apedec: Only clear the needed buffer space, instead of all
- avcodec/libvorbisdec: Fix insufficient input checks leading to out of array reads
- avcodec/vp5: Check render_x/y
- avcodec/ralf: Skip initializing unused filter variables
- avformat/pjsdec: Check duration for overflow
- avcodec/ptx: Check that the input contains at least one line
- avcodec/alac: Fix integer overflow in LPC
- avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()
- avcodec/aliaspixdec: Check input size against minimal picture size
- avcodec/ffwavesynth: Fix integer overflows in pink noise addition
- avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv()
- avcodec/wmalosslessdec: Check block_align
- avcodec/g729postfilter: Fix left shift of negative value
- avcodec/binkaudio: Check sample rate
- avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS
- avcodec/apedec: Fix integer overflow in predictor_update_3930()
- avcodec/g729postfilter: Fix undefined intermediate pointers
- avcodec/g729postfilter: Fix undefined shifts
- avcodec/lsp: Fix undefined shifts in lsp2poly()
- avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA
- avfilter/vf_geq: Use av_clipd() instead of av_clipf()
- avcodec/ituh263dec: Check input for minimal frame size
- avcodec/truemotion1: Check that the input has enough space for a minimal index_stream
- avformat/mpsubdec: Clear queue on error
- avcodec/sunrast: Check that the input is large enough for the maximally compressed image
- avcodec/sunrast: Check for availability of maplength before allocating image
- avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize()
- avcodec/g2meet: Check for end of input in jpg_decode_block()
- avcodec/g2meet: Check if adjusted pixel was on the stack
- avcodec/motionpixels: Mark 2 functions as always_inline
- avcodec/ralf: Fix integer overflow in decode_channel()
- vcodec/vc1: compute rangex/y only for P/B frames
- avcodec/vc1_pred: Fix invalid shifts in scaleforopp()
- avcodec/vc1_block: Fix invalid shift with rangeredfrm
- avcodec/vc1: Check for excessive resolution
- avcodec/vc1: check REFDIST
- avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter()
- avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs()
- avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
- avcodec/atrac3: Check block_align
- avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop
- avcodec/g729_parser: Check block_size
- avcodec/aacdec: Check if we run out of input in read_stream_mux_config()
- avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
- avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
- avcodec/ffwavesynth: Fix integer overflow in timestamps
- avcodec/sunrast: Fix indention
- avcodec/sunrast: Fix return type for "unsupported (compression) type"
- avformat/cdxl: Fix integer overflow in intermediate
- avcodec/hevcdec: repeat character in skiped
- avcodec/alsdec: Check k from being outside what our implementation can handle
- avcodec/vp56rac: delay signaling an error on truncated input
- avcodec/vp5/6/8: use vpX_rac_is_end()
- avcodec/vp56: Add vpX_rac_is_end() to check for the end of input
- avcodec/qdm2: Check frame size
- avcodec/vc1_pred: Fix refdist in scaleforopp()
- avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2
- avcodec/iff: Check for overlap in cmap_read_palette()
- avcodec/apedec: Fix 32bit int overflow in do_apply_filter()
- avcodec/ralf: fix undefined shift in extend_code()
- avcodec/ralf: fix undefined shift
- avcodec/bgmc: Check input space in ff_bgmc_decode_init()
- avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()
- avcodec/vc1dec: Require res_sprite for wmv3images
- avcodec/vc1_block: Check for double escapes
- avcodec/vorbisdec: Check get_vlc2() failure
- avcodec/tta: Fix integer overflow in prediction
- avcodec/vb: Check input packet size to be large enough to contain flags
- avcodec/cavsdec: Limit the number of access units per packet to 2
- avcodec/alac: Fix multiple integer overflows in lpc_prediction()
- avcodec/rl2: set dimensions
- avformat/realtextdec: free queue on error
- avcodec/alsdec: Fix integer overflow in decode_var_block_data()
- avcodec/alsdec: Limit maximum channels to 512
- avcodec/anm: Check input size for a frame with just a stop code
- avcodec/loco: Check left column value
- avcodec/ffwavesynth: Fixes invalid shift with pink noise seeking
- avcodec/ffwavesynth: Fix integer overflow for some corner case values
- avcodec/indeo2: Check remaining input more often
- avcodec/vp56: Consider the alpha start as end of the prior header
- avcodec/4xm: Check for end of input in decode_p_block()
- avcodec/hnm4video: Optimize postprocess_current_frame()
- avcodec/hevc_refs: Optimize 16bit generate_missing_ref()
- avcodec/dds: Use ff_set_dimensions()
- avcodec/mpc8: Fix 32bit mask/enum
- avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()
- avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()
- avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
- libavcodec/iff: Use unsigned to avoid undefined behaviour
- avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()
- avcodec/vqavideo: Set video size
- avcodec/sanm: Check extradata_size before allocations
- avcodec/mss1: check for overread and forward errors
- avcodec/dirac_parser: Fix overflow in dts
- avcodec/ralf: Fix undefined pointer in decode_channel()
- avcodec/ralf: Fix integer overflow in apply_lpc()
- avcodec/vorbisdec: Implement vr->classifications = 1
- avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide
- avcodec/apedec: Fix 2 signed overflows
- avcodec/mss3: Check for the rac stream being invalid in rac_normalize()
- avcodec/vc1_block: Check get_vlc2() return before use
- avcodec/apedec: Do not partially clear data array
- avcodec/hnm4video: Forward errors of decode_interframe_v4()
- avcodec/vp3: Check that theora is theora
- avcodec/vc1_pred: Fix invalid shift in scaleforsame()
- avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()
- avcodec/truemotion2: Fix several integer overflows in tm2_motion_block()
- avcodec/apedec: make left/right unsigned to avoid undefined behavior
- avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()
- avcodec/eatgv: Check remaining size after the keyframe header
- avcodec/assdec: undefined use of memcpy()
- avcodec/brenderpix: Check input size before allocating image
- lafv/wavdec: Fail bext parsing on incomplete reads
- avcodec/vorbisdec: Check vlc for floor0 dec vector offset
- avcodec/vorbisdec: amplitude bits can be more than 25 bits
- avcodec/apedec: Fix various integer overflows
- avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()
- avcodec/alsdec: Fix 2 integer overflows
- avcodec/flicvideo: Make line_packets int
- avcodec/dvbsubdec: Use ff_set_dimensions()
- avcodec/ffwavesynth: Check if there is enough extradata before allocation
- avcodec/ffwavesynth: More correct cast in wavesynth_seek()
- avcodec/ffwavesynth: Check sample rate before use
- avformat/utils: Check rfps_duration_sum for overflow
- avcodec/parser: Check next index validity in ff_combine_frame()
- avcodec/ivi: Ask for samples with odd tiles
- avformat/xmv: Make bitrate 64bit
- avcodec/pngdec: Check that previous_picture has same w/h/format
- avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation)
- avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame()
- avcodec/hq_hqa: Use ff_set_dimensions()
- avcodec/rv10: Fix integer overflow in aspect ratio compare
- avcodec/4xm: Fix signed integer overflows in idct()
- avcodec/qdm2: Check checksum_size for 0
- avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop
- avcodec/qdm2: Do not read out of array in fix_coding_method_array()
- avcodec/svq3: Use ff_set_dimension()
- avcodec/iff: Check ham vs bpp
- avcodec/ffwavesynth: use uint32_t to compute difference, it is enough
- avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case
- avcodec/ffwavesynth: Fix backward lcg_seek()
- avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()
- avcodec/alac: Check lpc_quant
- avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP
- avcodec/alsdec: Fix integer overflow with buffer number
- avcodec/alsdec: Check opt_order / sb_length in ra_block handling
- avcodec/alsdec: Fix integer overflow with shifting samples
- avcodec/alsdec: Fix undefined behavior in decode_rice()
- avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()
- avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
- avcodec/qdm2: Move fft_order check up
- avcodec/libvorbisdec: Check extradata size
- avcodec/videodsp_template: Fix overflow of addition
- avcodec/ffwavesynth: Check ts_end - ts_start for overflow
- avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
- avcodec/tta: Fix undefined shift
- avcodec/bintext: Check font height
- avcodec/binkdsp: Fix integer overflows in idct
- avcodec/motionpixels: Check for vlc error in mp_get_vlc()
- avcodec/loco: Limit lossy parameter so it is sane and does not overflow
- avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
- avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()
- avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()
- avcodec/iff: finetune the palette size check in the mask case
- avcodec/bink: Reorder operations in init to avoid memleak on error
- avformat/wtvdec: Avoid (32bit signed) sectors
- avcodec/bitstream: Check for more conflicting codes in build_table()
- avcodec/bitstream: Check for integer code truncation in build_table()
- avformat/sbgdec: Fixes integer overflow in str_to_time() with hours
- avcodec/mjpegdec: Check for non ls PAL8
- avcodec/mss4: Check input size against skip bits
- avcodec/diracdec: Fix integer overflow in global_mv()
- avcodec/vmnc: Check available space against chunks before reget_buffer()
- avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure)
- avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
- avcodec/aacdec_template: Merge 3 #ifs related to noise handling
- avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify
- avformat/mp3enc: Avoid SEEK_END as it is unsupported
- avcodec/truemotion2: Fix several integer overflows in tm2_update_block()
- avformat/webm_chunk: Specify expected argument length of get_chunk_filename()
- avformat/webm_chunk: Check header filename length
- avcodec/cpia: Check input size also against linesizes and EOL
- libswcale: Fix possible string overflow in test.
- avcodec/hq_hqa: Check available space before reading slice offsets
- lavf/webm_chunk: Respect buffer size
- avcodec/jvdec: Use ff_get_buffer() when the content is not reused
- avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()
- avcodec/aacdec_fixed: Fix undefined shift in noise_scale()
- avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
- avformat/aadec: Check for scanf() failure
- avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside
- avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()
- avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation
- avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()
- avcodec/hevcdec: Avoid only partly skiping duplicate first slices
- lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
- avcodec/truemotion2: Fix integer overflow in tm2_null_res_block()
- avcodec/dfa: Check the chunk header is not truncated
- avcodec/dvbsubdec: Check object position
- avcodec/cdgraphics: Use ff_set_dimensions()
- avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
- avcodec/aic: Check remaining bits in aic_decode_coeffs()
- avcodec/bethsoftvideo: Check block_type
- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
- avcodec/error_resilience: Use a symmetric check for skipping MV estimation
- avcodec/mlpdec: Insuffient typo
- avcodec/jvdec: Check available input space before decode8x8()
- avformat/webmdashenc: Check id in adaption_sets
- avformat/http: Fix Out-of-Bounds access in process_line()
- avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
- avformat/mov.c: require tfhd to begin parsing trun
- avcodec/pgssubdec: Check for duplicate display segments
- avformat/rtsp: Check number of streams in sdp_parse_line()
- avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
- avcodec/fic: Check that there is input left in fic_decode_block()
- avutil/mem: Optimize fill32() by unrolling and using 64bit
- configure: bump year
- avcodec/4xm: Fix returned error codes
- avcodec/mjpegbdec: Fix some misplaced {} and spaces
- avformat/wvdec: detect and error out on WavPack DSD files
- avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
- avcodec/fic: Fail on invalid slice size/off
- postproc/postprocess_template: Avoid using %4 for the threshold compare
- avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
- lavf/id3v2: fail read_apic on EOF reading mimetype
- avformat/nutenc: Document trailer index assert better
- lavf/mov: ensure only one tkhd per trak
- avcodec/msvideo1: Check for too small dimensions
- avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
- avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
- avcodec/truemotion2: fix integer overflows in tm2_low_chroma()
- avutil/mem: Fix invalid use of av_alloc_size
- avcodec/hevcdec: decode at most one slice reporting being the first in the picture
- avfilter/af_silenceremove: fix possible crash if supplied duration is negative
- avcodec/pngdec: Check compression method
- avcodec/shorten: Fix integer overflow with offset
- avcodec/cavsdec: Propagate error codes inside decode_mb_i()
- avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case
- avformat/flvenc: Check audio packet size
- avutil/integer: Fix integer overflow in av_mul_i()
- avcodec/msrle: Check that the input is large enough to contain a end of picture code
- avcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handling
- avcodec/mpeg4videodec: Fix typo in sprite delta check
- avcodec/h264_cavlc: Check mb_skip_run
- avcodec/ra144: Fix integer overflow in add_wav()
- avformat/utils: Never store negative values in last_IP_duration
- avformat/utils: Fix integer overflow in discontinuity check
- avcodec/unary: Improve get_unary() docs
- avcodec/dvdsubdec: Sanity check len in decode_rle()
- avcodec/mpeg4videodec: Fix undefined shift in get_amv()
- avcodec/zmbv: Check that the decompressed data size is correct
- avcodec/zmbv: Update decomp_len in raw frames
- avcodec/shorten: Fix bitstream end check in read_header()
- avcodec/dvdsubdec: Avoid branch in decode_run_8bit()
- avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()
- avcodec/ra144: Fix undefined integer overflow in add_wav()
- avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()
- avcodec/vb: Check for end of bytestream before reading blocktype
- avcodec/snowdec: Fix integer overflow with motion vector residual
- avformat/nsvdec: Do not parse multiple NSVf
- avformat/mlvdec: read_string() received unsigned size, make the argument unsigned
- avcodec/shorten: Fix integer overflow in residual/LPC combination
- avcodec/shorten: Check verbatim length
- avcodec/mpegaudio_parser: Initialize poutbuf*
- avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()
- avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case
- avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()
- swresample/swresample: Fix input channel count in resample_first computation
- avutil/pixfmt: Document chroma plane size for odd resolutions

(adam)

fping: updated to 4.3

fping 4.3

New features

Linux unprivileged ping support
Add SIGQUIT summary support similar to ping

Bugfixes and other changes

Corrected long option name of -s to --stats
Do not fail if using fping6 with -6 flag
Fail if interface binding (-I) does not work
Fix using option -4 when fping is compiled IPv4-only
Add Azure pipeline test build
GCC 10 compatibility fixes
Macos build fix
Fix xmt stats in Netdata output
Only increase num_alive if response is not a duplicate
Use line buffering for stdout

(adam)

Updated databases/py-aiosqlite, www/py-pylint-django, math/py-roman, www/py-django-import-export

(adam)

py-django-import-export: updated to 2.3.0

2.3.0:
Add missing translation keys for all languages
Added missing Portuguese translations
Add kazakh translations
Add bulk operations

(adam)

py-roman: updated to 3.3

3.3:
- added support for Python 3.9
- added CLI command ``roman`` with ``-r/--reverse`` to convert back from Roman
- added simple usage instructions

(adam)

py-pylint-django: updated to 2.1.0

Version 2.1.0
New checker to warn about missing backwards data migrations
Rename pylint_django.checkers.db_performance to pylint_django.checkers.migrations
Add URL to project Changelog for PyPI
Fix failing test suite b/c of missing CSV dialect.

(adam)

py-aiosqlite: updated to 0.14.1

v0.14.1
Bugfix release
- Remove debugging print() calls. Oops!

(adam)

security/zoneminder: Add workaround for stricter compiler

Add [0] to unspecified array; gcc 7 errors while gcc 5 was ok with the
previous code.  (Temporary until this package is updated.)

(gdt)

doc: Updated converters/bdf2sfd to 1.1.3

(fcambus)

bdf2sfd: update to 1.1.3.

bdf2sfd 1.1.3 (2020-07-12)

- Remove some unneeded seccomp related includes
- Validate architectures for seccomp
- Add seccomp support on i386, tested on glibc and musl
- Use __NR_ instead of SYS_ prefix in #if defined checks

(fcambus)

Note update of the "mutt" package to version 1.14.6

(tron)

mutt: Update to version 1.14.6

This is a bug-fix release fixing a problem resetting access times that snuck
in starting with 1.11.0.  This only affected relative-path mailboxes, but
caused Mutt to "forget" new mail in mbox files.

(tron)

doc: Updated misc/vttest to 20200610

(ryoon)

bvttest: Update to 20200610

changelog:
20200610
        + modify DECSCA test to show whether EL/ED and ECH/ICH/DCH ignore
          DECSCA.

        + modify DECERA test to assume that the terminal uses bce, and prompt
          for an additional color-change/erase to demonstrate this.

20200420
        + improve test-coverage for REP/SD/SL/SR/SU, exercising default params.

        + improve DA/DA2 reports for VT125, VT240, VT382, VT510 used in xterm.

(ryoon)

doc: Updated mail/notmuch to 0.30

(ryoon)

notmuch: Update to 0.30

Changelog:
Notmuch 0.30 (2020-07-10)
=========================

S/MIME
------

Handle S/MIME (PKCS#7) messages -- one-part signed messages, encrypted
messages, and multilayer messages. Treat them symmetrically to
OpenPGP messages. This includes handling protected headers
gracefully.

If you're using Notmuch with S/MIME, you currently need to configure
gpgsm appropriately.

Mixed-up MIME Repair
--------------------

Detect and automatically repair a common form of message mangling
created by Microsoft Exchange (see index.repaired=mixedup in
notmuch-properties(7)).

Protected Headers
-----------------

Avoid indexing the legacy-display part of an encrypted message that
has protected headers (see
index.repaired=skip-protected-headers-legacy-display in
notmuch-properties(7)).

Python
------

Drop support for python2, focus on python3.

Introduce new CFFI-based python bindings in the python module named
"notmuch2".  Officially deprecate (but still support) the older
"notmuch" module.

Dependencies
------------

Support for Xapian 1.2 is removed. The minimum supported version of
Xapian is now 1.4.0.

Notmuch 0.29.3 (2019-11-27)
===========================

General
-------

Fix for use-after-free in notmuch_config_list_{key,val}.

Fix for double close of file in notmuch-dump.

Debian
------

Drop python2 support from shipped debian packaging.

Notmuch 0.29.2 (2019-10-19)
===========================

General
-------

Fix for file descriptor leak when opening gzipped mail files. Thanks
to James Troup for the bug report and the fix.

Notmuch 0.29.1 (2019-06-11)
===========================

Build
-----

Fix for installation failure with `configure --without-emacs`.

(ryoon)

doc: Updated www/firefox-l10n to 78.0.2

(ryoon)

firefox-l10n: Update to 78.0.2

* Sync with www/firefox-78.0.2.

(ryoon)

doc: Updated www/firefox to 78.0.2

(ryoon)

firefox: Update to 78.0.2

* Fix build under NetBSD/i386 with PR pkg/55456.

Changelog:
Fixed
    Security fix

    Fixed an accessibility regression in reader mode (bug 1650922)

    Made the address bar more resilient to data corruption in the user profile (bug 1649981)

    Fixed a regression opening certain external applications (bug 1650162)

Security fix:
#MFSA-2020-0003: X-Frame-Options bypass using object or embed tags

(ryoon)

lua-busted: add ALTERNATIVES

(nia)

doc: Added parallel/lua-lanes version 3.13.0

(nia)

parallel: Add lua-lanes

Lua Lanes is a Lua extension library providing the possibility to run multiple
Lua states in parallel. It is intended to be used for optimizing performance
on multicore CPUs and to study ways to make Lua programs naturally parallel
to begin with.

(nia)

lang/module.mk: using rm: is probably more portable here

(nia)

lua/module.mk: Avoid compiling Lua 5.3 modules with -ansi

(nia)

lua-bustted: Use INSTALL_SCRIPT to install non-binaries

(nia)

lua-cqueues: Don't try to include sys/epoll.h on SunOS

(nia)

lua-ossl: Don't try to include sys/epoll.h on SunOS

(nia)

Add LUA_LINKER_MAGIC variable that centrally sets LDFLAGS on Darwin,
as should probably have been done to begin with. Remove per-package hacks.

(nia)

lua-cjson: Attemp to fix Darwin build

(nia)

lua-socket: Attempt to fix Darwin build

(nia)

revert accident

(nia)