doc: Updated devel/ruby-redmine_theme_changer to 0.4.0

(taca)

devel/ruby-redmine_theme_changer: update to  0.4.0

Update ruby-redmine_theme_changer to 0.4.0.

pkgsrc change:
* A few clean up.

0.4.0 (2018-12-31)

Compatible with Redmine 4.0.0.

This version is not compatible with Redmine 3.x or before.

0.3.1 (2017-09-11)

Added Russian translation.

(taca)

doc: Updated devel/ruby-redmine_lightbox2 to 0.5.1

(taca)

devel/ruby-redmine_lightbox2: update to 0.5.1

Update ruby-redmine_lightbox2 to 0.5.1.

pkgsrc change:
* A few clean up.

0.5.1 (for Redmine 4.x) (2019-11-02)

Features

* major upgrade to fancybox library (from 2.1.5 to 3.5.7), introducing a
  new, modern lightbox theme
* Added support for image and pdf lightbox preview in 'Files' module (#72)

DMSF plugin support

* support for image previews in DMSF browser (#64)
* use file description as title instead of file name (#53)
* add DMSF file ID to lightbox title (#73)
* bugfix: checked wrong classname for imagelinks

Bugfixes

* general bugfixes
* issues view: show consistent titles/captions
* javascript bugfix for IE11 (#66)
* fix wrong title of magnifier icon
* reset auto image-orientation for Firefox and Safari (#67)

0.5.0 (for Redmine 4.0) (2019-01-08)

* Added Support for Redmine 4.0 and Rails 5.2

Milestone: https://github.com/paginagmbh/redmine_lightbox2/milestone/4?closed=1

(taca)

doc: Updated devel/ruby-redmine_code_review to 1.0.0

(taca)

devel/ruby-redmine_code_review: update to 1.0.0

Update ruby-redmine_code_review to 1.0.0.

1.0.0 (2018-12-31)

Compatible with Redmine 4.0.0
This version is not compatible with Redmine 3.x or before.

0.9.0 (2017-08-08)

This is a bug fix release.
Target Redmine version is 3.4.0 or higher.

1. Add review tag does not appear on repository browser.
2. Delete confirmation dialog does not appear when click delete review link.

(taca)

revbump after boost update

(adam)

doc: Added devel/ruby-redmine-yh-theme version 1.6

(taca)

devel/Makefile: add and enable ruby-redmine-yh-theme

(taca)

devel/ruby-redmine-yh-theme: add package version 1.6

Add ruby-redmine-yh-theme package version 1.6.

Modern Redmine theme used in YeniHayat.

(taca)

doc: Added devel/ruby-redmine-purplemine2-theme version 2.10.2

(taca)

devel/Makefile: add and enable ruby-redmine-purplemine2-theme

(taca)

devel/ruby-redmine-purplemine2-theme: add package version 2.10.2

Add ruby-redmine-purplemine2-theme package version 2.10.2.

A free Redmine theme for modern browsers.

(taca)

doc: Added devel/ruby-redmine-minimalflat2-theme version 1.7.0

(taca)

devel/Makefile: add and enable ruby-redmine-minimalflat2-theme

(taca)

ruby-redmine-minimalflat2-theme: add package version 1.7.0

Add ruby-redmine-minimalflat2-theme package version 1.7.0.

Minimal and flat design theme for Redmine.

Features

* Minimal and flat design
* Modern color scheme by Flat UI & Espresso
* Flexible (resolution-independent) icon by IcoMoon
* Expandable tree view of the project list
* Favicon (Redmine 2.5 or later)
* Responsive layout (Redmine 3.2 or later)

(taca)

Updated boost to 1.73.0

(adam)

boost: updated to 1.73.0

1.73.0:

Known Issues
------------
These are patches from library authors which were found too late to be fixed in the release. Be careful as they have not been through the normal testing process.

New Libraries
-------------
Nowide:
Standard library functions with UTF-8 API on Windows, from Artyom Beilis.

StaticString:
A dynamically resizable string of characters with compile-time fixed capacity and contiguous embedded storage, from Vinnie Falco and Krystian Stasiowski

Updated Libraries
-----------------
Align:
* Update aligned_alloc to support older mingw32.
Any:
* Speedup compilation by not including <algorithm>.
* Maintenance work, including CI hardening.
Asio:
* Fixed compatibility with C++20 concept syntax.
* Marked the POSIX descriptor classes' move constructors as noexcept.
* Added the ssl::host_name_verification class, which is a drop-in replacement for ssl::rfc2818_verification. The ssl::rfc2818_verification class has been marked as deprecated. As a consequence of this change, SSL support now depends on functions that were introduced in OpenSSL 1.0.2.
* Added an ssl::context constructor to take ownership of a native handle.
* Changed C++ language version detection with gcc to use __cplusplus macro.
* Fixed a work counting issue in the asynchronous resolve operation for endpoints.
* Fixed the strand<> converting constructors and assignment operators.
* Ensured that resolvers are restarted correctly after a fork.
* Fixed compatibility with the current NetBSD release.
* Removed spurious handler requirement checks in some async_read overloads.
* Changed the ssl::context class to propagate non-EOF errors from the add_certificate_authority function.
* Fixed a Windows-specific thread_pool destructor hang that occurred when the pool had an associated I/O object.
* Changed the select reactor to recreate the "self pipe trick" sockets on error. This addresses an issue on some versions of Windows, where these sockets are discconected after a system sleep.
* Fixed a compile error in the buffered streams due to the lack of reference collapsing in C++98.
* Changed the priority_scheduler example to demonstrate calls to shutdown() and destroy().
* Removed some unnecessary null pointer checks.
* Changed Windows platform detection to recognise TV titles as Windows apps.
* Added some emscripten compatibility patches.
* Fixed a compile error in the use_awaitable_t::as_default_on function.
* Changed all uses of the boost.bind placeholders to use the boost::placeholders namespace.
* Fixed a potential compile error in the async_compose implementation due to incorrect overload selection.
* Suppressed some non-virtual destructor warnings.
* Various documentation fixes and improvements.
Assert:
* Added source_location.
Atomic:
* Implemented C++20 atomic_ref. See docs and especially the caveats section.
* Implemented atomic_flag::test operation, which was introduced in C++20.
* atomic<T> should now take into account alignment requirements of T, which makes a difference if those requirements are higher than that of the internal storage of atomic.
* Added static asserts enforcing the requirements on the value type T used with atomic and atomic_ref. This should prohibit invalid types from being used as atomics.
* Improved internal lock pool implementation. The pool is larger, and lock selection accounts for atomic object alignment, which should reduce the potential of thread contention.
* Fixed incorrect x86 code generated for bit_test_and_* operations on 8 and 16-bit arguments. Other architectures are not affected.
* Fixed a possible unaligned memory access in compare_exchange_* operations, if alignment requirements of value_type are less than that of the internal storage of atomic.
* boost/atomic/atomic.hpp no longer includes boost/atomic/atomic_flag.hpp and boost/atomic/fences.hpp and only defines the boost::atomic class template and related typedefs. Include the other headers explicitly or use boost/atomic.hpp to include all parts of Boost.Atomic.
* The atomic<T>::storage() accessor and associated atomic<T>::storage_type type are deprecated. Instead, users are advised to use atomic<T>::value() and atomic<T>::value_type, respectively. Users can define BOOST_ATOMIC_SILENCE_STORAGE_DEPRECATION to disable deprecation warnings for the time of transition. The deprecated pieces will be removed in a future release.
* Removed support for BOOST_ATOMIC_DETAIL_HIGHLIGHT_OP_AND_TEST. This macro was used as a helper for transition to the updated returned values of *_and_test operations in Boost.Atomic 1.67, which was released 2 years before 1.73.
Beast:
* This is a maintenance update.
* Nested mutable_data_type in Beast dynamic buffers is deprecated.
* We'd love to know how you or your company use Beast, consider adding an entry to the Companies and Individuals Using Beast list.
* See the full Release Notes for a complete list of changes.
Context:
* IBM Z: Fix fcontext routines
* mips64/n64: .align 3
* Use OSPLAT MIPS32/MIPS64 to set different ABI
* Fix non-PIC in RISC-V assembly
Conversion:
* Added boost::polymorphic_downcast for references (thanks to Julien Delacroix for the patch).
* Significant docs update.
date_time:
* Support constexpr in c++14 and above
* Make date_time all inline. Users no longer need to link the library for any functions. Library remains for build compatibility.
* Deprecate support for legacy io and USE_DATE_TIME_PRE_1_33_FACET_IO macro
* Misc documentation updates and bugfixes.
DLL:
* Fixes and tests for demangling in boost::dll::smart_library
* Make UB sanitizers happy with boost::dll::load_mode::type
* Ceased dependence on MPL improving compile times
* Clang and ICC on Windows fixes and CI support for those platforms
* Maintenance work, including CI hardening and tests improving.
Dynamic Bitset:
* Fixed a portability issue in the definition of the maximum block limit.
Flyweight:
* Maintenance work.
Geometry:
* Improvements
  - Missing input combinations in intersection() and introduction of tupled-output.
  - Added d3::point_xyz geometry model (thanks to Digvijay Janartha).
* Solved issues
  - Incorrect definition of EPSG:3785.
* Bugfixes
  - R-tree exception-safety improvement.
  - Andoyer inverse formula fixed for close points.
  - Fixed dangling reference in distance algorithm.
* Deprecation
  - Support for C++03 has been deprecated and Geometry will require C++14 from Boost 1.75 onwards.
GIL:
* Added move constructor and move assignment operator to image class
* New member function size() in any_image_view class
* Replace Boost.Test with Boost.LightweightTest as the only test framework used in GIL. This also restructured the test/extension/io/ sub-tree and targets in related Jamfile-s.
* Removed remaining uses of Boost.MPL
* Renamed all macros using BOOST_GIL_ prefix
* Renamed all CMake configuration options using BOOST_GIL_ prefix
* Removed extension/dynamic_image/reduce.hpp as unused and possibly unfinished. An implementation attempt of techniques described in the paper Efficient Run-Time Dispatching in Generic Programming with Minimal Code Bloat by Lubomir Bourdev, Jaakko Jarvi.
* Removed direct dependency on Boost.MPL, Boost.System and Boost.Test.
* Started removing public macros for compile-time configuration of I/O extension tests, i.e. BOOST_GIL_IO_TEST_ALLOW_READING_IMAGES and BOOST_GIL_IO_TEST_ALLOW_WRITING_IMAGES. Instead, if a test target is built, it builds all its test cases unconditionally.
* Avoid longjmp interaction during destruction of I/O extension objects.
* Fixed missing alignment default value in constructor of image class.
* Fixed segmentation fault when reading corrupted PNG file.
* Fixed illegal initialization of return values in the old IOv1 interface of I/O extension.
Histogram:
* Added crop command to reduce algorithm
* slice command in reduce now works on category axis
* Added count accumulator, can be used to add arbitrary metadata to each cell
* sum algorithm gained a new argument to optionally sum only over inner bins
* Several fixes for bugs in corner cases
* Enhanced documentation
icl:
* Remove references to date_time compiled library.
* Fix forward decl lower and upper less equal.
* Misc bugfixes.
IO:
* Made all the IOS state saver classes non-copyable. (Glen Fernandes)
* Correctly handle error upon first read from the input stream when reading a quoted string. (Glen Fernandes)
* Implemented ostream_joiner for delimiter based joining. (Glen Fernandes)
* Relocated ostream_string from the Utility library to the IO library as ostream_put.
* Correctly handle stream width and fill in quoted output. (Glen Fernandes)
* Optimize quoted output to write directly to the stream buffer. (Glen Fernandes)
* Glen Fernandes became the maintainer of the IO library.
LexicalCast:
* Maintenance work, including CI hardening and better workarounds for broken standard libraries
Log:
* Default sink used in trivial logging, when no sinks are registered in the logging core, now automatically flushes output after each log record
* core::flush now performs a flush on the default sink used for trivial logging, when no sinks are registered.
* Added a workaround for some syslog API implementations (e.g. glibc), which do not save the application identification string in openlog call. Such implementations could access already freed memory on each syslog call, resulting in undefined behavior.
* Fixed that log file rotation on a specific day of month (e.g. rotation_at_time_point(boost::gregorian::greg_day(1))) could be silently ignored and not happen.
* Fixed that text_file_backend::rotate_file could throw if there were no log records written yet and target file name pattern was set.
* Ported various components of the library to std::allocator_traits to improve compatibility with C++20 allocators.
* Fixed compilation errors when building in MSYS2 Cygwin environment.
Math:
IMPORTANT: C++03 support is now deprecated and will be removed from March 2021.
* Added Cubic Hermite Interpolation.
* Added Modified Akima Interpolation.
* Added PCHIP Interpolation.
* Added Quintic Hermite Interpolation.
* Added entropy to numerous distributions.
* Allow trivial quadrature case where the two end points are equal, and in addition allow bounds to be interchanged.
* Fix exp_sinh quadrature to work with complex types over a non-native range.
* Fix miscellaneous compiler warnings in factorial.hpp.
* Use std::chrono rather than boost::chrono in timed pFq calculations.
* Remove much of the old boost::mpl dependencies to improve constexpr support.
Mp11:
* Added mp_unique_if (contributed by Kris Jusiak)
* Added mp_flatten
* Added mp_rotate_left, mp_rotate_right (contributed by Duncan Barber)
* Added mp_compose
* Added mp_power_set
* Added mp_partial_sum
* Added mp_iterate
Multi-index Containers:
* multi_index_container is now AllocatorAware.
* Swapping of internal KeyFromValue, Compare, Hash and Pred objects now selects the appropriate swap function between std::swap and ADL candidates, in accordance with standard specifications in [swappable.requirements]
* Provided some internal copy constructors and assignment operators whose default implicit definition is deprecated in C++11 onwards ([depr.impldec]), which was warned about on some compilers.
Multiprecision:
* IMPORTANT: Mark C++03 support as deprecated and due for removal in 2021.
* Big update to cpp_int adds faster Karatsuba and Coomba multiplication routines.
* Fix conversion of gmp_rational to long double and __float128
* Fix up libtommath support to function with the latest libtom releases.
* Fix up some incompatibilities with the latest Intel C++ compiler.
* Fix up constexpr arithmetic support for latest MSVC release.
Outcome:
* Performance of Outcome-based code compiled by clang has been greatly improved. The previous implementation of Outcome's status bitfield confused clang's optimiser, which caused low quality codegen. Unlike most codegen issues, this was noticeably in empirical benchmarks of real world code, as was shown by P1886 Error speed benchmarking.
* The safe part of the better_optimisation Outcome v2.2.0 future branch was merged to Outcome v2.1.3 which includes a new status bitfield implementation. This appears to not confuse clang's optimiser, and clang 9 produces code which routinely beats GCC 9's code for various canned use cases.
* Installability is now CI tested per commit. Due to installability of standalone Outcome (e.g. make install) breaking itself rather more frequently than is ideal, installability is now tested on CI per commit.
* Newer Concepts implementing compilers were unhappy with the early check for destructibility of T and E, so removed template constraints, falling back to static assert which runs later in the type instantiation sequence.
* A false positive undefined behaviour sanitiser failure in some use cases of Experimental Outcome was worked around to avoid the failure message.
PolyCollection:
* Suppressed a potential redundant move warning in boost::poly_collection::for_each.
* Fixed a bug by which elements were copied rather than moved in allocator-extended move construction and move assigment between collections with non-propagating, unequal allocators.
* Allocator-extended move construction no longer decays to allocator-extended copy construction for the legacy version of libstdc++-v3 shipped with GCC 4.8 (which can also be used by Clang).
Stacktrace:
* Added documentation on distribution of PDBs
* Fixed msvc-9 build
* Maintenance work, including test fixes fixing typos CI improvements and hardening, inspect tool fixes.
Test:
* Boost.test v3.13 see the Changes log for more details.
* New feature: It is now possible to combine tolerance indication, user message and collection comparison modifier in a single BOOST_TEST expression. See change logs for more details.
ThrowException:
* Added an overload of throw_exception that takes a boost::source_location object.
* NOTE: Projects using BOOST_THROW_EXCEPTION with exceptions disabled will need to add a definition of this new overload.
TTI:
* Added introspection of function templates for more recent C++ compilers versions from gcc and vc++. as well as all versions of clang. Older versions of vc++ before 14.0 and gcc prior to 4.8 may fail.
* Added specific introspection for elements of struct/class, enum, and union types, which can be used for more fine-grained introspection than the general 'type' introspection.
TypeIndex:
* Maintenance work, including CI integration with inspect tool.
Utility:
* The ostream_string facility has moved from the Utility library to the IO library as ostream_put.
Variant:
* Removed unused includes
* Fixed zero-as-null-pointer-constat warnings
* Maintenance work, including typo fixes.
Variant2:
* Added support for std::hash, boost::hash.
* variant<T...> is now trivial when all types in T... are trivial. This improves performance by enabling it to be passed to, and returned from, functions in registers.
WinAPI:
* Headers in boost/detail/winapi are deprecated and will be removed in a future release.
* Boost.WinAPI headers no longer include winerror.h. Include boost/winapi/error_codes.hpp to get Windows error codes.

(adam)

Pullup ticket #6183 - requested by taca
www/drupal8: security fix

Revisions pulled up:
- www/drupal8/Makefile                                          1.31
- www/drupal8/PLIST                                            1.25
- www/drupal8/distinfo                                          1.27

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Apr 26 09:18:43 UTC 2020

  Modified Files:
  pkgsrc/www/drupal8: Makefile PLIST distinfo

  Log Message:
  www/drupal8: update to 8.7.12

  Update drupal8 to 8.7.12.

  Release notes

  Maintenance and security release of the Drupal 8 series.

  This release fixes security vulnerabilities. Sites are urged to upgrade
  immediately after reading the notes below and the security announcement:

  * Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

  No other fixes are included.

  Which release do I choose? Security coverage information

  * Sites on 8.7.x will receive security coverage until June 3, 2020 (when
    Drupal 8.9.0 is scheduled for release).
  * Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive
    security coverage.

  Important update information

  No changes have been made to the .htaccess, web.config, robots.txt or
  default settings.php files in this release, so upgrading custom versions of
  those files is not necessary if your site is already on the previous
  release.

(bsiegert)

*: Remove manual page entries from ALTERNATIVES files.

Thes are not supported by pkg_alternatives, and lead to breakage as found
in <pkg/2020/05/06/msg023089.html>.">http://mail-index.netbsd.org/tech-pkg/2020/05/06/msg023089.html>.

In many cases these were unnecessary anyway, as they match the corresponding
command that pkg_alternatives will have automatically detected manual page
entries for, plus many of them did not support PKGMANDIR.

In the one case (databases/py-peewee) where the manual page does not match
the command name, pkg_alternatives will need to be enhanced to support this
before it can be re-enabled.

(jperkin)

Follow openjdk11 and unlimit cputime as individual commands can take more
than 1hr of CPU time.

(jmcneill)

Pullup ticket #6182 - requested by taca
mail/roundcube-plugin-password: bugfix

Revisions pulled up:
- mail/roundcube-plugin-password/Makefile                      1.8
- mail/roundcube-plugin-password/distinfo                      1.16
- mail/roundcube-plugin-password/patches/patch-plugins_password_helpers_passwd-expect 1.1
- mail/roundcube/distinfo                                      1.67
- mail/roundcube/patches/patch-plugins_password_helpers_passwd-expect deleted

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Apr 26 08:48:24 UTC 2020

  Modified Files:
  pkgsrc/mail/roundcube: distinfo
  pkgsrc/mail/roundcube-plugin-password: Makefile
  Added Files:
  pkgsrc/mail/roundcube-plugin-password: distinfo
  pkgsrc/mail/roundcube-plugin-password/patches:
      patch-plugins_password_helpers_passwd-expect
  Removed Files:
  pkgsrc/mail/roundcube/patches:
      patch-plugins_password_helpers_passwd-expect

  Log Message:
  mail/roundcube-plugin-password: fix runtime problem

  Fix roundcube-plugin-password.

  * Patch for roundcube-plugin-password had not been applied accidently.
  * More changes were required to make it work on *BSD system.

  Bump PKGREVISION.

(bsiegert)

pidgin: Update DESCR

(nia)

Pullup ticket #6181 - requested by leot
devel/git-base: security fix

(via patch)

---
  git: Update to 2.25.4

  Changes:
  2.25.4
  ------
  This release is to address the security issue: CVE-2020-11008

    * With a crafted URL that contains a newline or empty host, or lacks
      a scheme, the credential helper machinery can be fooled into
      providing credential information that is not appropriate for the
      protocol in use and host being contacted.

      Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
      credentials are not for a host of the attacker's choosing; instead,
      they are for some unspecified host (based on how the configured
      credential helper handles an absent "host" parameter).

      The attack has been made impossible by refusing to work with
      under-specified credential patterns.

  Credit for finding the vulnerability goes to Carlo Arenas.

(bsiegert)

doc: Updated devel/ruby-redmine-minimalflat-theme to 1.0.2nb1

(taca)

devel/ruby-redmine-minimalflat-theme: a few clean up

A few clean up.

* Use GITHUB_RELEASE.
* Remove period from COMMENT.

Bump PKGREVISION since two files reduced their size by changing
EOL character.

(taca)

devel/ruby-redmine: fix build problem of rmagick

Fix build problem of rmagick with newer ImageMagick6.

(taca)

doc: Updated graphics/kvantum to 0.15.3

(pin)

graphics/kvantum: Update to 0.15.3

Changelog:
V0.15.3
---------
-A better calculation of the part of a progressbar's internal text which is
inside the indicator (this also fixes a small offset in KisSliderSpinBox).
-Don't draw a progressbar's busy indicator if it's wider than the progressbar
(although that never happens in practice).
-Added a workaround for a new but small bug in the toolbar timer of
Audacious 4.0.
-Align a menu-item's text with others if its icon isn't null but its pixmap is.
-Removed Qt4 related stuff with the default installation, at last.

Not noted in the Changelog, NetBSD specific patch has been merged upstream and
is no longer required.

(pin)

doc: Updated editors/featherpad to 0.14.1

(pin)

editors/featherpad: Update to 0.14.1

ChangeLog:
V0.14.1
---------
-Fixed a miscalculation in highlighting of multiline CSS values.

(pin)

doc: Updated devel/ruby-rb-fsevent to 0.10.4

(taca)

devel/ruby-rb-fsevent: update to 0.10.4

Update ruby-rb-fsevent to 0.10.4.

0.10.4 (2020-04-30)

* Remove bundler development dependency #85

(taca)

doc: Updated security/tor-browser to 9.0.10

(wiz)

tor-browser: update to 9.0.10.

This release updates Firefox to 68.8.0esr, NoScript to 11.0.25, and OpenSSL to 1.1.1g.

Also, this release features important security updates to Firefox.

The full changelog since Tor Browser 9.0.9 is:

    All Platforms
        Update Firefox to 68.8.0esr
        Bump NoScript to 11.0.25
    Windows + OS X + Linux
        Bug 34017: Bump openssl version to 1.1.1g

(wiz)

mk/subst.mk: allow identity substitutions with escaped dots

This fixes the build of converters/help2man in SUBST_NOOP_OK=no mode.

(rillig)

firefox: reflect new minimum NSS version for 76.0

(The configure script states "NSS >= 3.51.1", which would be NSS 3.52,
from pkgsrc's perspective.)

(gutteridge)

doc: Updated graphics/inkscape to 1.0

(ryoon)

doc/pkgsrc.*: regen

(gutteridge)

inkscape: Update to 1.0

Changelog:
Inkscape 1.0

Release highlights

    Theming support and more new customization options
    Better HiDPI (high resolution) screen support
    Native support for macOS with a signed and notarized .dmg file
    Coordinate origin in top left corner by default
    Canvas rotation and mirroring
    On-Canvas alignment of objects
    Split view and X-Ray modes
    PowerPencil for drawing editable, variable width strokes with a pressure sensitive graphics tablet
    New PNG export options
    Integrated centerline tracing for vectorization of line drawings
    Searchable Symbols dialog
    New Live Path Effect (LPE) selection dialog
    New Corners (Fillet/chamfer) LPE, (lossless) Boolean Operation LPE (experimental), Offset LPE and Measure Segments LPE (and more!)
    Path operations, deselection of a large number of paths as well as grouping/ungrouping are much faster now
    Much improved text line-height settings
    Variable fonts support (only if compiled with pango library version >= 1.41.1)
    Browser-compatible flowed text
    Extensions programming interface updated, with many new options
    Python 3 support for extensions

(ryoon)

configuring.xml: the default Fortran is now gfortran

(gutteridge)

doc: Updated devel/nss to 3.52

(ryoon)

nss: Update to 3.52

Changelog:
Notable Changes in NSS 3.52

    Bug 1603628 - Update NSS to support PKCS #11 v3.0.
    Bug 1623374 - Support new PKCS #11 v3.0 Message Interface for AES-GCM and ChaChaPoly.
    Bug 1612493 - Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.

Bugs fixed in NSS 3.52

    Bug 1633498 - Fix unused variable 'getauxval' error on iOS compilation.
    Bug 1630721 - Add Softoken functions for FIPS.
    Bug 1630458 - Fix problem of GYP MSVC builds not producing debug symbol files.
    Bug 1629663 - Add IKEv1 Quick Mode KDF.
    Bug 1629661 - MPConfig calls in SSL initialize policy before NSS is initialized.
    Bug 1629655 - Support temporary session objects in ckfw.
    Bug 1629105 - Add PKCS11 v3.0 functions to module debug logger.
    Bug 1626751 - Fix error in generation of fuzz32 docker image after updates.
    Bug 1625133 - Fix implicit declaration of function 'getopt' error.
    Bug 1624864 - Allow building of gcm-arm32-neon on non-armv7 architectures.
    Bug 1624402 - Fix compilation error in Firefox Android.
    Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed.
    Bug 1624377 - Fix clang warning for unknown argument '-msse4'.
    Bug 1623374 - Support new PKCS #11 v3.0 Message Interface for AES-GCM and ChaChaPoly.
    Bug 1623184 - Fix freebl_cpuid for querying Extended Features.
    Bug 1622555 - Fix argument parsing in lowhashtest.
    Bug 1620799 - Introduce NSS_DISABLE_GCM_ARM32_NEON to build on arm32 without NEON support.
    Bug 1619102 - Add workaround option to include both DTLS and TLS versions in DTLS supported_versions.
    Bug 1619056 - Update README: TLS 1.3 is not experimental anymore.
    Bug 1618915 - Fix UBSAN issue in ssl_ParseSessionTicket.
    Bug 1618739 - Don't assert fuzzer behavior in SSL_ParseSessionTicket.
    Bug 1617968 - Update Delegated Credentials implementation to draft-07.
    Bug 1617533 - Update HACL* dependencies for libintvector.h
    Bug 1613238 - Add vector accelerated SHA2 for POWER 8+.
    Bug 1612493 - Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.
    Bug 1612281 - Maintain PKCS11 C_GetAttributeValue semantics on attributes that lack NSS database columns.
    Bug 1612260 - Add Wycheproof RSA test vectors.
    Bug 1608250 - broken fipstest handling of KI_len.
    Bug 1608245 - Consistently handle NULL slot/session.
    Bug 1603801 - Avoid dcache pollution from sdb_measureAccess().
    Bug 1603628 - Update NSS to support PKCS #11 v3.0.
    Bug 1561637 - TLS 1.3 does not work in FIPS mode.
    Bug 1531906 - Fix overzealous assertion when evicting a cached sessionID or using external cache.
    Bug 1465613 - Fix issue where testlib makefile build produced extraneous object files.
    Bug 1619959 - Properly handle multi-block SEED ECB inputs.
    Bug 1630925 - Guard all instances of NSSCMSSignedData.signerInfo to avoid a CMS crash
    Bug 1571677 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name

Compatibility

NSS 3.52 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.52 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the functions
listed in NSS Public Functions will remain compatible with future versions
of the NSS shared libraries.

(ryoon)

doc: Updated www/firefox-l10n to 76.0

(ryoon)

firefox-l10n: Update to 76.0

* Sync with www/firefox-76.0.

(ryoon)

doc: Updated www/firefox to 76.0

(ryoon)

firefox: Update to 76.0

Changelog:
New
    With today窶冱 release, Firefox strengthens protections for your
    online account logins and passwords, with innovative approaches
    to managing your accounts during this critical time:

Firefox displays critical alerts in the Lockwise password
manager when a website is breached;

If one of your accounts is involved in a website breach
and you've used the same password on other websites, you
will now be prompted to update your password. A key icon
identifies which accounts use that vulnerable password.

Automatically generate secure, complex passwords for new
accounts across more of the web that are easily saved right
in the browser;

You have been able to access and see your saved passwords
under Logins and Passwords easily under the main menu. If
your device happens to be shared among your family or
roommates, the latest update helps to prevent casual snooping
over your shoulder. If you don窶冲 have a master password
set up for Firefox, Windows and macOS now requires a login
to your operating system account before showing your saved
passwords.

    Picture-in-Picture allows you to multitask, the small video
    window following along no matter what you are doing on your
    computer, across different applications and even workspaces.
    Now, when you are ready to focus on the video, a double click
    can take the small window into full screen. Double click again
    to reduce the size again.

    Firefox now supports Audio Worklets that will allow more complex
    audio processing like VR and gaming on the web; and is being
    adopted by some of your favorite software programs.

With this change, you can now join Zoom calls on Firefox
without the need for any additional downloads.

    WebRender continues its roll out to more Firefox for Windows
    users, now available by default on modern Intel laptops with
    a small screen (<= 1920x1200) for improved graphics rendering.

Fixed
    Various security fixes

Changed
    Two updates to the address bar improve its usability and
    visibility:

The shadow around the address bar field is reduced in width
when a new tab is opened;

The bookmarks toolbar has expanded slightly in size to
improve its surface area for touchscreens.

Security fixes:
#CVE-2020-12387: Use-after-free during worker shutdown
#CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens
#CVE-2020-12389: Sandbox escape with improperly separated process types
#CVE-2020-6831: Buffer overflow in SCTP chunk input validation
#CVE-2020-12390: Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
#CVE-2020-12391: Content-Security-Policy bypass using object elements
#CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
#CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection
#CVE-2020-12394: URL spoofing in location bar when unfocussed
#CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
#CVE-2020-12396: Memory safety bugs fixed in Firefox 76

(ryoon)

(sysutils/webmin) Add missing patch, sorry tks joerg@

(mef)

devel/libthrift: fix bmake warnings about duplicate perl tool

Adding perl to TOOLS_BROKEN leads to these warnings:

make: "/usr/pkgsrc/mk/tools/create.mk" line 142:
warning: duplicate script for target ".../.tools/bin/perl" ignored

Since perl is not needed to build this package, disable it in the
configure script.

(rillig)

graphics/OpenRM: skip shell portability check

(rillig)

print/LPRng: skip shell portability check for RedHat files

They use the [[ keyword but are not needed for the pkgsrc build.

(rillig)

Updated devel/py-astroid, devel/py-pylint

(adam)

py-pylint: updated to 2.5.2

What's New in Pylint 2.5.2?
* ``pylint.Run`` accepts ``do_exit`` as a deprecated parameter

What's New in Pylint 2.5.1?
* Fix a crash in `method-hidden` lookup for unknown base classes
* Revert pylint.Run's `exit` parameter to ``do_exit``
  This has been inadvertently changed several releases ago to ``do_exit``.
* ``no-value-for-parameter`` variadic detection has improved for assign statements
* Allow package files to be properly discovered with multiple jobs
* Allow linting directories without `__init__.py` which was a regression in 2.5.

What's New in Pylint 2.5.0?
* Fix a false negative for ``undefined-variable`` when using class attribute in comprehension.
* Fix a false positive for ``undefined-variable`` when using class attribute in decorator or as type hint.
* Remove HTML quoting of messages in JSON output.
* Adjust the `invalid-name` rule to work with non-ASCII identifiers and add the `non-ascii-name` rule.
* Positional-only arguments are taken in account for ``useless-super-delegation``
* ``unidiomatic-typecheck`` is no longer emitted for ``in`` and ``not in`` operators
* Positional-only argument annotations are taken in account for ``unused-import``
* Add a command to list available extensions.
* Allow used variables to be properly consumed when different checks are enabled / disabled
* Fix dangerous-default-value rule to account for keyword argument defaults
* Fix a false positive of ``self-assigning-variable`` on tuple unpacking.
* ``no-self-use`` is no longer emitted for typing stubs.
* Fix a false positive for ``undefined-variable`` when ``__class__`` is used
* Emit ``invalid-name`` for variables defined in loops at module level.
* Add a check for cases where the second argument to `isinstance` is not a type.
* Add 'notes-rgx' option, to be used for fixme check.
* ``function-redefined`` exempts function redefined on a condition.
* ``typing.overload`` functions are exempted from docstring checks
* Emit ``invalid-overridden-method`` for improper async def overrides.
* Do not allow ``python -m pylint ...`` to import user code
  ``python -m pylint ...`` adds the current working directory as the first element
  of ``sys.path``. This opens up a potential security hole where ``pylint`` will import
  user level code as long as that code resides in modules having the same name as stdlib
  or pylint's own modules.
* Add `dummy-variables-rgx` option for `_redeclared-assigned-name` check.
* Fixed graph creation for relative paths
* Add a check for asserts on string literals.
* `not in` is considered iterating context for some of the Python 3 porting checkers.
* A new check `inconsistent-quotes` was added.
* Add a check for non string assignment to __name__ attribute.
* `__pow__`, `__imatmul__`, `__trunc__`, `__floor__`, and `__ceil__` are recognized as special method names.
* Added errors for protocol functions when invalid return types are detected.
  E0304 (invalid-bool-returned): __bool__ did not return a bool
  E0305 (invalid-index-returned): __index__ did not return an integer
  E0306 (invalid-repr-returned): __repr__ did not return a string
  E0307 (invalid-str-returned): __str__ did not return a string
  E0308 (invalid-bytes-returned): __bytes__ did not return a string
  E0309 (invalid-hash-returned): __hash__ did not return an integer
  E0310 (invalid-length-hint-returned): __length_hint__ did not return a non-negative integer
  E0311 (invalid-format-returned): __format__ did not return a string
  E0312 (invalid-getnewargs-returned): __getnewargs__ did not return a tuple
  E0313 (invalid-getnewargs-ex-returned): __getnewargs_ex__ did not return a tuple of the form (tuple, dict)
* ``missing-*-docstring`` can look for ``__doc__`` assignments.
* ``undefined-variable`` can now find undefined loop iterables
* ``safe_infer`` can infer a value as long as all the paths share the same type.
* Add a --fail-under <score> flag, also configurable in a .pylintrc file. If the final score is more than the specified score, it's considered a success and pylint exits with exitcode 0. Otherwise, it's considered a failure and pylint exits with its current exitcode based on the messages issued.
* Don't emit ``line-too-long`` for multilines when `disable=line-too-long` comment stands at their end
* Fixed an ``AttributeError`` caused by improper handling of ``dataclasses`` inference in ``pyreverse``
* Do not exempt bare except from ``undefined-variable`` and similar checks
  If a node was wrapped in a ``TryExcept``, ``pylint`` was taking a hint
  from the except handler when deciding to emit or not a message.
  We were treating bare except as a fully fledged ignore but only
  the corresponding exceptions should be handled that way (e.g. ``NameError`` or ``ImportError``)
* No longer emit ``assignment-from-no-return`` when a function only raises an exception
* Allow import aliases to exempt ``import-error`` when used in type annotations.
* ``Ellipsis` is exempted from ``multiple-statements`` for function overloads.
* No longer emit ``invalid-name`` for non-constants found at module level.
  Pylint was taking the following statement from PEP-8 too far, considering
  all module level variables as constants, which is not what the statement is saying:
  `Constants are usually defined on a module level and written in
  all capital letters with underscores separating words.`
* Allow ``implicit-str-concat-in-sequence`` to be emitted for string juxtaposition
* ``implicit-str-concat-in-sequence`` was renamed ``implicit-str-concat``
* The ``json`` reporter no longer bypasses ``redirect_stdout``.
* Move ``NoFileError``, ``OutputLine``, ``FunctionalTestReporter``,
  ``FunctionalTestFile``, ``LintModuleTest`` and related methods from
  ``test_functional.py`` to ``pylint.testutils`` to help testing for 3rd
  party pylint plugins.
* Can read config from a setup.cfg or pyproject.toml file.
* Fix exception-escape false positive with generators
* ``inspect.getargvalues`` is no longer marked as deprecated.
* A new check ``f-string-without-interpolation`` was added
* Flag mutable ``collections.*`` utilities as dangerous defaults
* ``docparams`` extension supports multiple types in raises sections.
  Multiple types can also be separated by commas in all valid sections.
* Allow parallel linting when run under Prospector
* Fixed false positives of ``method-hidden`` when a subclass defines the method that is being hidden.
* Python 3 porting mode is 30-50% faster on most codebases
* Python 3 porting mode no longer swallows syntax errors
* Pass the actual PyLinter object to sub processes to allow using custom
  PyLinter classes.
  PyLinter object (and all its members except reporter) needs to support
  pickling so the PyLinter object can be passed to worker processes.
* Clean up setup.py
  Make pytest-runner a requirement only if running tests, similar to McCabe.
  Clean up the setup.py file, resolving a number of warnings around it.
* Handle SyntaxError in files passed via ``--from-stdin`` option
  Pylint no longer outputs a traceback, if a file, read from stdin,
  contains a syntaxerror.
* Fix uppercase style to disallow 3+ uppercase followed by lowercase.
* Fixed ``undefined-variable`` and ``unused-import`` false positives
  when using a metaclass via an attribute.
* Emit ``unused-argument`` for functions that partially uses their argument list before raising an exception.
* Fixed ``broad_try_clause`` extension to check try/finally statements and to
  check for nested statements (e.g., inside of an ``if`` statement).
* Recognize classes explicitly inheriting from ``abc.ABC`` or having an
  ``abc.ABCMeta`` metaclass as abstract. This makes them not trigger W0223.
* Fix overzealous `arguments-differ` when overridden function uses variadics
  No message is emitted if the overriding function provides positional or
  keyword variadics in its signature that can feasibly accept and pass on
  all parameters given by the overridden function.
* Multiple types of string formatting are allowed in logging functions.
  The `logging-fstring-interpolation` message has been brought back to allow
  multiple types of string formatting to be used.

(adam)

py-astroid: updated to 2.4.1

What's New in astroid 2.4.1?
* Handle the case where the raw builder fails to retrieve the ``__all__`` attribute
* Restructure the AST parsing heuristic to always pick the same module
* Changed setup.py to work with [distlib](https://pypi.org/project/distlib)
* Do not crash with SyntaxError when parsing namedtuples with invalid label
* Protect against ``infer_call_result`` failing with `InferenceError` in `Super.getattr()`

What's New in astroid 2.4.0?
* Expose a ast_from_string method in AstroidManager, which will accept
  source code as a string and return the corresponding astroid object
* ``BoundMethod.implicit_parameters`` returns a proper value for ``__new__``
* Allow slots added dynamically to a class to still be inferred
* Allow `FunctionDef.getattr` to look into both instance attrs and special attributes
* Infer qualified ``classmethod`` as a classmethod.
* Prevent a recursion error to happen when inferring the declared metaclass of a class
* Raise ``AttributeInferenceError`` when ``getattr()`` receives an empty name
* Prevent a recursion error for self reference variables and `type()` calls.
* Do not infer the first argument of a staticmethod in a metaclass as the class itself
* ``NodeNG.bool_value()`` gained an optional ``context`` parameter
  We need to pass an inference context downstream when inferring the boolean
  value of a node in order to prevent recursion errors and double inference.
  This fix prevents a recursion error with dask library.
* Pass a context argument to ``astroid.Arguments`` to prevent recursion errors
* Better inference of class and static methods decorated with custom methods
* Reverse the order of decorators for `infer_subscript`
  `path_wrapper` needs to come first, followed by `raise_if_nothing_inferred`,
  otherwise we won't handle `StopIteration` correctly.
* Prevent a recursion error when inferring self-referential variables without definition
* Numpy `datetime64.astype` return value is inferred as a `ndarray`.
* Skip non ``Assign`` and ``AnnAssign`` nodes from enum reinterpretation
* Numpy ``ndarray`` attributes ``imag`` and ``real`` are now inferred as ``ndarray``.
* Added a call to ``register_transform`` for all functions of the ``brain_numpy_core_multiarray``
  module in case the current node is an instance of ``astroid.Name``
* Use the parent of the node when inferring aug assign nodes instead of the statement
* Added some functions to the ``brain_numpy_core_umath`` module
* Added some functions of the ``numpy.core.multiarray`` module
* All the ``numpy ufunc`` functions derived now from a common class that
  implements the specific ``reduce``, ``accumulate``, ``reduceat``,
        ``outer`` and ``at`` methods.
* ``nodes.Const.itered`` returns a list of ``Const`` nodes, not strings
* The ``shape`` attribute of a ``numpy ndarray`` is now a ``ndarray``
* Don't ignore special methods when inspecting gi classes
* Added transform for ``scipy.gaussian``
* Add suport for inferring properties.
* Added a brain for ``responses``
* Allow inferring positional only arguments.
* Retry parsing a module that has invalid type comments
  It is possible for a module to use comments that might be interpreted
  as type comments by the `ast` library. We do not want to completely crash on those
  invalid type comments.
* Scope the inference to the current bound node when inferring instances of classes
  When inferring instances of classes from arguments, such as ``self``
  in a bound method, we could use as a hint the context's ``boundnode``,
  which indicates the instance from which the inference originated.
  As an example, a subclass that uses a parent's method which returns
  ``self``, will override the ``self`` to point to it instead of pointing
  to the parent class.
* Add support for inferring exception instances in all contexts
  We were able to infer exception instances as ``ExceptionInstance``
  only for a handful of cases, but not all. ``ExceptionInstance`` has
  support for better inference of `.args` and other exception related
  attributes that normal instances do not have.
  This additional support should remove certain false positives related
  to ``.args`` and other exception attributes in ``pylint``.
* Add more supported parameters to ``subprocess.check_output``
* Infer args unpacking of ``self``
  Certain stdlib modules use ``*args`` to encapsulate
  the ``self`` parameter, which results in uninferable
  instances given we rely on the presence of the ``self``
  argument to figure out the instance where we should be
  setting attributes.
* Clean up setup.py
  Make pytest-runner a requirement only if running tests, similar to what was
  done with McCabe.
  Clean up the setup.py file, resolving a handful of minor warnings with it.
* Handle StopIteration error in infer_int.
* Can access per argument type comments for positional only and keyword only arguments.
  The comments are accessed through through the new
  ``Arguments.type_comment_posonlyargs`` and
  ``Arguments.type_comment_kwonlyargs`` attributes respectively.
* Relax upper bound on `wrapt`
* Properly analyze CFFI compiled extensions.

(adam)

Updated comms/srtp, comms/asterisk14

(adam)

asterisk14: updated to 14.7.8

asterisk 14.7.8:

* AST-2018-009: Fix crash processing websocket HTTP Upgrade requests

  The HTTP request processing in res_http_websocket allocates additional
  space on the stack for various headers received during an Upgrade request.
  An attacker could send a specially crafted request that causes this code
  to overflow the stack, resulting in a crash.

  * No longer allocate memory from the stack in a loop to parse the header
  values.  NOTE: There is a slight API change when using the passed in
  strings as is.  We now require the passed in strings to no longer have
  leading or trailing whitespace.  This isn't a problem as the only callers
  have already done this before passing the strings to the affected
  function.

asterisk 14.7.7:

* AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses.

  When endpoint specific ACL rules block a SIP request they respond with a
  403 forbidden.  However, if an endpoint is not identified then a 401
  unauthorized response is sent.  This vulnerability just discloses which
  requests hit a defined endpoint.  The ACL rules cannot be bypassed to gain
  access to the disclosed endpoints.

  * Made endpoint specific ACL rules now respond with a 401 unauthorized
  which is the same as if an endpoint were not identified.  The fix is
  accomplished by replacing the found endpoint with the artificial endpoint
  which always fails authentication.

asterisk 14.7.6:

* AST-2018-003: Crash with an invalid SDP fmtp attribute

  pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
  Because of this Asterisk would crash if given an SDP with an invalid fmtp
  attribute.

  When retrieving the format this patch now makes sure the fmtp attribute is
  available. If not available it now returns an error status.

* AST-2018-002: Crash with an invalid SDP media format description

  pjproject's media format parsing algorithm failed to catch invalid values.
  Because of this Asterisk would crash if given an SDP with a invalid media
  format description.

  When parsing the media format description this patch now properly parses the
  value and returns an error status if it can't successfully parse/convert the
  value.

* AST-2018-005: res_pjsip_transport_management:  Move to core

  Since res_pjsip_transport_management provides several attack
  mitigation features, its functionality moved to res_pjsip and
  this module has been removed.  This way the features will always
  be available if res_pjsip is loaded.

* AST-2018-005: Fix tdata leaks when calling pjsip_endpt_send_response(2)

  pjsip_distributor:
    authenticate() creates a tdata and uses it to send a challenge or
    failure response.  When pjsip_endpt_send_response2() succeeds, it
    automatically decrements the tdata ref count but when it fails, it
    doesn't.  Since we weren't checking for a return status, we weren't
    decrementing the count ourselves on error and were therefore leaking
    tdatas.

  res_pjsip_session:
    session_reinvite_on_rx_request wasn't decrementing the ref count
    if an error happened while sending a 491 response.
    pre_session_setup wasn't decrementing the ref count if
    while sending an error after a pjsip_inv_verify_request failure.

  res_pjsip:
    ast_sip_send_response wasn't decrementing the ref count on error.

* AST-2018-005: Add a check for NULL tdata in ast_sip_failover_request

  It was discovered that there are some corner cases where a pjsip tsx
  might have no last_tx so calling ast_sip_failover_request with
  a NULL last_tx as its tdata would cause a crash.

* AST-2018-004: Restrict the number of Accept headers in a SUBSCRIBE.

  When receiving a SUBSCRIBE request the Accept headers from it are
  stored locally. This operation has a fixed limit of 32 Accept headers
  but this limit was not enforced. As a result it was possible for
  memory outside of the allocated space to get written to resulting
  in a crash.

  This change enforces the limit so only 32 Accept headers are
  processed.

(adam)

srtp: updated to 2.3.0

libsrtp 2.3.0
Major changes in this release are a fuzzer for libsrtp, NSS as optional crypto back end and cmake support for building. For more details and a complete list of changes please see the CHANGES file.

libsrtp 2.2.0
First release in the 2.2 series.

The major change with this release is that the all the code has been reformatted to be consistent and this consistency can be enforced with the include .clang-format file. This resulted in a lot of none functional changes but was considered worth it to simplify maintenance in the future. There are numerous other minor fixes, see the CHANGES file for more details.

libsrtp 2.1.0
First release in the 2.1 series.

libsrtp 2.0.0
Initial libsrtp 2.0 release.

(adam)

emulators/BasiliskII: ignore bashism on macOS

(rillig)

php-ftp: php7 requirement to build with SSL

(tm)

sqtop: switch to squid4 now that squid3 is gone

Bump PKGREVISION.

Untested.

(wiz)

doc: Updated security/snallygaster to 0.0.6

(leot)

snallygaster: Update to 0.6

Changes:
(No changelog available but main changes inspecting commits):
- Add check for wordpress installer in subdir
- Remove CVS test, produces too false positives and hardly any true positives
- Add installer check for common PHP web applications
- Add info check for composer files
- Add info check for mailman
- Add check for monit default webinterface credentials
- Rework optionsbleed check and avoid ReDoS attack (upstream issue #24)

(leot)

doc: Updated devel/ruby-rspec-core to 3.9.2

(taca)

devel/ruby-rspec-core: update to 3.9.2

Update ruby-rspec-core to 3.9.2.

### 3.9.2 / 2020-05-02
[Full Changelog](http://github.com/rspec/rspec-core/compare/v3.9.1...v3.9.2)

Bug Fixes:

* Emit a warning when `around` hook is used with `:context` scope
  (Phil Pirozhkov, #2687)
* Prevent invalid implementations of `Exception#cause` from being treated as a
  valid cause (and causing strange errors) in `RSpec::Core::Formatters::ExceptionPresenter`.
  (Jon Rowe, #2703)
* Correctly detect patterns when `rspec_opts` is an array in `RSpec::Core::RakeTask`.
  (Marc-Andr辿 Lafortune, #2704)
* Make `RSpec.clear_examples` reset example counts for example groups. This fixes
  an issue with re-running specs not matching ids. (Agis Anastasopoulos, #2723)

(taca)

doc: Updated devel/ruby-rspec-support to 3.9.3

(taca)

devel/ruby-rspec-support: update to 3.9.3

Update ruby-rspec-support to 3.9.3.

### 3.9.3 / 2020-05-02
[Full Changelog](http://github.com/rspec/rspec-support/compare/v3.9.2...v3.9.3)

Bug Fixes:

* Mark ripper as unsupported on Truffle Ruby. (Brandon Fish, #395)
* Mark ripper as unsupported on JRuby 9.2.0.0. (Brian Hawley, #400)
* Capture `Mutex.new` for our `RSpec::Support:Mutex` in order to
  allow stubbing `Mutex.new`. (Jon Rowe, #411)

(taca)

doc: Updated devel/py-mercurial to 5.4

(wiz)

py-mercurial: update to 5.4.

Add links to bug reports about test failures.

I think these are the news:

== New Features ==

* `hg purge`/`hg clean` can now delete ignored files instead of
  untracked files, with the new -i flag.

* `hg pull` now has a `--confirm` flag to prompt before applying changes.
  Config option `pull.confirm` is also added for that.

* `hg log` now defaults to using an '%' symbol for commits involved
    in unresolved merge conflicts. That includes unresolved conflicts
    caused by e.g. `hg update --merge` and `hg graft`. '@' still takes
    precedence, so what used to be marked '@' still is.

* New `conflictlocal()` and `conflictother()` revsets return the
  commits that are being merged, when there are conflicts. Also works
  for conflicts caused by e.g. `hg graft`.

* `hg copy --forget` can be used to unmark a file as copied.

* The `format.revlog-compression` configuration entry now accept a list. The
  first available option will be used. for example setting::

    [format]
    revlog-compression=zstd, zlib

  Will use `zstd` compression for new repositories is available, and will
  simply fall back to `zlib` if not.

* `hg debugmergestate` output is now templated, which may be useful
  e.g. for IDEs that want to help the user resolve merge conflicts.

== New Experimental Features ==

* `hg copy` now supports a `--at-rev` argument to mark files as
  copied in the specified commit. It only works with `--after` for
  now (i.e., it's only useful for marking files copied using non-hg
  `cp` as copied).

* Use `hg copy --forget --at-rev REV` to unmark already committed
  copies.

== Bug Fixes  ==

* Fix server exception when concurrent pushes delete the same bookmark

* Prevent pushes of divergent bookmarks (foo@remote)

* The push error "remote repository changed while pushing - please
  try again" now only happens when a concurrent push changed related
  heads (instead of when a concurrent pushed any revision).

== Backwards Compatibility Changes ==

* When `hg rebase` pauses for merge conflict resolution, the working
  copy will no longer have the rebased node as a second parent. You
  can use the new `conflictparents()` revset for finding the other
  parent during a conflict.

* `hg rebase` now accepts repeated `--source` and `--base`
  arguments. For example, `hg rebase --source 'A + B'` is equivalent
  to `hg rebase --source A --source B`. This is a
  backwards-incompatible change because it will break overriding an
  alias `myrebase = rebase --source A` by `hg myrebase --source B`
  (it will now rebase `(A + B)::` instead of `B::`).

* `hg recover` does not verify the validity of the whole repository
  anymore. You can pass `--verify` or call `hg verify` if necessary.

* `hg debugmergestate` output format changed. Let us know if that is
  causing you problems and we'll roll it back.

* Resolved merge conflicts are now cleared by `hg commit` even if the
  working copy has no changes.

== Internal API Changes ==

* The deprecated `ui.progress()` has now been deleted. Please use
  `ui.makeprogress()` instead.

* `hg.merge()` now takes a `ctx` instead of the previous `repo` and
  `node` arguments.

* `hg.merge()` has lost its `abort` argument. Please call
  `hg.abortmerge()` directly instead.

* `hg.merge()` has lost its `mergeforce` argument. It should have
  only ever been called with the same value as the `force` argument.

* The `*others` argument of `cmdutil.check_incompatible_arguments()`
  changed from being varargs argument to being a single collection.

(wiz)

texlive 2020 package updates

(markd)

tex-[t-z]*: update to texlive 2020 package versions

tex-tcolorbox{,-doc} to 4.30
tex-tex4ebook{,-doc} to 0.3a
tex-tex4ht{,-doc} to 2020
tex-texdoc{,-doc} to 2020
tex-texdoctk{,-doc} to 0.6.0.54557
tex-texinfo to 5.1.54994
tex-textcase{,-doc} to 1.00
tex-thmtools{,-doc} to 68
tex-titlesec{,-doc} to 2.13
tex-tocloft{,-doc} to 2.3j
tex-tools{,-doc} to 2020
tex-tracklang{,-doc} to 1.4
tex-udesoftec{,-doc} to 1.6.6
tex-ulem{,-doc} to 2020
tex-unicode-data{,-doc} to 1.13
tex-updmap-map to 2020
tex-xetex{,-doc} to 2020
tex-zxjafont{,-doc} to 1.2

(markd)

doc: Updated graphics/ImageMagick to 7.0.10.10

(wiz)

ImageMagick: update to 7.0.10.10.

2020-04-27  7.0.10-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.10-10, GIT revision 17203:a2514e831:20200427

2020-04-27  7.0.10-10 Cristy  <quetzlzacatenango@image...>
  * Correction to allocate a colormap of the maximum colors when color
    reducing an image sequence.
  * Write to stdout for mp4:-.

2020-04-25  7.0.10-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.10-9, GIT revision 17190:13fdcd1:20200426.

2020-04-25  7.0.10-9 Cristy  <quetzlzacatenango@image...>
  * Allocate a colormap of the maximum colors when color reducing an image
    sequence.
  * Label was not centered properly (reference
    https://github.com/ImageMagick/ImageMagick/issues/1879).

(wiz)

cups-filters: Add dejavu-ttf as dependency

dejavu-ttf is always checked for existence since 1.27.3.

Problem noticed and discussed with <prlw1>, thanks!

(leot)

doc: Updated devel/binutils to 2.34nb2

(jperkin)

binutils: Handle broken 2.34 release without docs.

The binutils project released the binutils-2.34 tarball without pre-generated
documentation included due to a bug in their Makefiles.  This was fixed in the
source code 2 months ago, but they still have not issued a new tarball since
then, either via a new release or a snapshot.

Building the documentation ourselves is untenable, as it would require pulling
in perl and gtexinfo which would create major circular dependency headaches.

So we're left with no option but to remove the documentation completely until
there is a new release.  Note that until now we've actually been shipping
empty files, as we were ignoring perl errors that were trying to create the
docs.

While here tidy up a few things.  Bump PKGREVISION.

(jperkin)

An extension for RT4 that makes RT parse the content of Articles as
a template, when inserting the article into a ticket, using the
Text::Template module; this can be used to make your Articles dynamic.
Text::Template is the same module that RT's Templates use as well.
You need this extension to be able to generate form responses that
contain fields from the ticket.

(spz)

pkg_install: Revert part of last commit.

We need to use the library Makefile so that libnetpgpverify is built.  Fixes
bootstrap.

(jperkin)

textproc/ruby-rexml: drop dependency

Drop dependency to ruby-rexml since all current ruby*-base package have
rexml library.

(taca)

textproc/ruby-kramdown: restrict dependency

Restrict dependency to ruby-rexml before Ruby version 2.6.
Ruby 2.6 and later have bundled rexml.

(taca)

regress/infra-unittests: add tests for portability checks

Files like Makefile.am and configure.ac are usually not used during a
build, therefore there's no point in checking these for shell portability
issues.

(rillig)

doc: Updated textproc/ruby-review to 4.1.0

(taca)