hs-cassava-megaparsec: add missing DEPENDS

Fixes build

(wiz)

Updated www/py-httplib2, lang/py-uncompyle6

(adam)

py-uncompyle6: updated to 3.6.5

3.6.5:
Back port some of the changes in decompile3 here which mostly helps 3.7 and 3.8 decompilation, although this may also help 3.6ish versions too.

Handle nested async for in for... and better async comprehension detection via xdis. Still more work is needed.
include token number in listings when -g and there is a parser error
remove unneeded Makefiles now that remake 4.3+1.5dbg is a thing that has -c
Bug in finding annotations in functions with docstrings
Fix bug found by 2.4 sre_parse.py testing
Fix transform module's ifelseif bugs
Fix bug in 3.0 name module detection
Fix docstring detection

(adam)

hs-tasty-hunit: add missing DEPENDS.

Fixes build.

(wiz)

hs-cassava: add missing DEPENDS.

Fixes build.

(wiz)

py-httplib2: updated to 0.17.1

0.17.1
python3: no_proxy was not checked with https

(adam)

hs-text-short: add missing DEPENDS.

Fixes build.

(wiz)

hs-tasty: add missing DEPENDS.

Fixes build.

(wiz)

hs-hashtables: add missing DEPENDS.

Fixes build.

(wiz)

hs-shakespeare: add missing DEPENDS.

Fixes build.

(wiz)

hs-lucid: add missing DEPENDS

Fixes build.

(wiz)

Updated security/py-cryptography, security/py-cryptography_vectors

(adam)

py-cryptography{_vectors}: updated to 2.9

2.9:
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.4 has been removed due to
  low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.0.1 has been removed.
  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for LibreSSL 2.6.x has been removed.
* Removed support for calling
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
  with no arguments, as per our deprecation policy. You must now pass
  ``encoding`` and ``format``.
* **BACKWARDS INCOMPATIBLE:** Reversed the order in which
  :meth:`~cryptography.x509.Name.rfc4514_string` returns the RDNs
  as required by :rfc:`4514`.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
  OpenSSL 1.1.1f.
* Added support for parsing
  :attr:`~cryptography.x509.ocsp.OCSPResponse.single_extensions` in an OCSP
  response.
* :class:`~cryptography.x509.NameAttribute` values can now be empty strings.

(adam)

compat80: mark as not RELRO safe

These are existing binaries, no way to fix them and not all of them are.

ERROR: emul/netbsd/usr/X11R7/lib/libXfontcache.so.2.0: missing RELRO
ERROR: emul/netbsd/usr/X11R7/lib/libfreetype.so.18.0.13: missing RELRO
ERROR: emul/netbsd/usr/lib/libbfd.so.15.0: missing RELRO
ERROR: emul/netbsd/usr/lib/libdes.so.12.0: missing RELRO
ERROR: emul/netbsd/usr/lib/libssl.so.12.0: missing RELRO

(wiz)

Updated x11/qt5

(adam)

qt5: updated to 5.14.2

Qt 5.14.2:
As usual this second patch release to Qt 5.14 series doesn't bring any new features but provide several bug fixes and other improvements. Compared to Qt 5.14.1 there are more than 200 bug fixes included in this release. For details of the most important changes please check the Changes files for Qt 5.14.2.

(adam)

doc/pkgsrc.*: regen

(leot)

doc: Updated doc/guide to 20200402

(leot)

doc/guide: Update htdocs-share to 20200402 (pkgsrc-2020Q1)

(leot)

doc: Fix devel/ruby-mode entry (not under lang/)

Pointed out by pkg-changes2html htutils script.

(leot)

xine-lib: Disable broken X video outputs

Bump PKGREVISION

(nia)

Temporarily disable "err" test; it will be fixed soon in upstream

(cheusov)

doc: correct ruby24-base version

* Correct ruby24-base version to 2.4.10nb2.
* Add update of lang/ruby-mode to 2.5.8.

(taca)

doc: Updated multimedia/xine-lib to 1.2.10

(nia)

doc: Updated multimedia/xine-ui to 0.99.12

(nia)

xine-ui: Update to 0.99.12

xine-ui (0.99.12)
  * Make XLockDisplay use user switchable.
  * Faster seek.
  * Optimize text rendering.
  * Add utf pixmap support.
  * Add animated logo.
  * Update splash.
  * Fix build with libxine <= 1.2.9.

xine-ui (0.99.11)
  * Offer all autoplay/autodir input plugins.
  * Dont treat hls as playlist.
  * Play ftp:/ mrls instead of downloading.
  * Update german translation.
  * Fix mrl browser background.
  * Fix user agent.
  * Fix libjpeg detection.
  * Fix linking with caca.
  * Fix memory and resource leaks.
  * Fix crashes.
  * Fix lirc build.
  * Code cleanup and "dust removal".

(nia)

xine-lib: Update to 1.2.10

xine-lib (1.2.10) 2019-12-13
  * Add first Android support.
  * Add (xcb)xv yuy2 emulation.
  * Add libavcodec v58 compatibility.
  * Add avio seek support.
  * Make libpostproc optional.
  * Add libdav1d, libaom and lavc AV1 video decoders.
  * Add libvpx multithreading.
  * Add libpng decoder.
  * Add a52 double and fixed point modes.
  * Add Opus audio support to ogg demuxer.
  * Add AV1 video support to matroska demuxer.
  * Add ivf demuxer.
  * Add mpeg-ts split payload support.
  * Add TLS support using gnutls or OpenSSL.
  * Add ftp input plugin (ftp://) with TLS support (ftpes://)
  * Add tls:// input plugin (raw TLS over TCP).
  * Add libnfs NFS input plugin.
  * Add ftp/http seek support.
  * Add scp forward seek support.
  * Add mp4 http streaming support (plain and fragment modes).
  * Add HLS streaming support.
  * Add HTTP 1.1 support.
  * Add OpenGL EGL and Wayland support.
  * Add generic bitrate estimation.
  * Add side stream feature.
  * Optimize demux_qt.
  * Optimize OSD.
  * Optimize output layers.
  * Optimize decoder threads.
  * Optimize event handling.
  * Optimize stream info.
  * Optimize TCP/TLS/HTTP network input.
  * Optimize network buffering control.
  * Alsa/oss startup optimization.
  * Optimize input_stdin_fifo.
  * Optimize internal liba52.
  * Optimize user seek.
  * Build optimizations.
  * Simply user config.
  * Better support for audio out drivers that cannot resume after pause.
  * Better support for mpeg pts jumps.
  * Better bluray seek.
  * XML parser fixes.
  * Fix midstream audio mode switch.
  * Fix FLAC audio playback via ffmpeg.
  * Fix ffmpeg mpeg1/2 video.
  * Fix C++ build.
  * Fix build on clang only systems.
  * Fix/optimize mpeg, mpeg-ts, qt, flv, matroska, real and asf demuxers.
  * Fix network seek.
  * Fix/optimize audio CD.
  * Fix DVD (occasional crashes, damaged video after a DVD had been played).
  * Fix opengl2 freeze after X server failure.
  * Fix tvtime deinterlacer crash.
  * Fix/optimize overlay.
  * Fix/optimize old VDR plugin.
  * Fix xine-ui freeze when opening a playlist while paused.
  * Security fixes.
  * Build fixes (C99 mode, vaapi, ImageMagick, libmvec, less warnings).
  * Many small fixes.
  * More error handling instead of aborting.
  * Update german translation.

(nia)

lang/ruby24-base: revert previous commit

Revert previous commit.  Yes, it was too late.

(taca)

lang/ruby24-base: one more forgot commit

Reset PKGREVISION should be done in previous commit.
(It is too late?)

(taca)

ruby24-base: update distinfo for 2.4.10 release

(wiz)

doc: Updated sysutils/upower to 0.99.11

(bsiegert)

Update upower to 0.99.11.

Version 0.99.11
~~~~~~~~~~~~~~~
Released: 2019-09-03

New Features:
- Add code of conduct document
- build: Migrate from intltool to gettext
- rules: Split off HID++ udev rules
- Harden systemd service
- Let systemd create /var/lib/upower
- Move D-Bus policy file to /usr/share/dbus-1/system.d/

Bug fixes:
- Fix endless loop burning 100% CPU on keyboard plugout with external
  backlight
- linux: Start polling for unknown device batteries too
- linux: Retry to get a battery type if it's unknown
- linux: Don't treat device batteries like laptop batteries
- Replace use of G_TYPE_INSTANCE_GET_PRIVATE and g_type_class_add_private()

Version 0.99.10
~~~~~~~~~~~~~~~
Released: 2019-02-20

Bugfixes:
- Set 'pending-charge' for DisplayDevice if at least one
  battery is in the 'pending-charge' state
- Map pending-charge to fully-charged when charge is 100%

Version 0.99.9
~~~~~~~~~~~~~~
Released: 2018-10-25

Bugfixes:
- Fix lack of update after AC status changes, and broken keyboard
  backlight, following the daemon lockdown added in 0.99.8
- Multiple API documentation fixes
- Out-of-tree build fixes

Version 0.99.8
~~~~~~~~~~~~~~
Released: 2018-06-18

New Features:
- Lock down systemd service file
- Add support for "Unknown" capacity level, and clarify handling
  of devices with coarse battery levels
- Add a new version of up_client_get_devices() which unrefs contents

Bugfixes:
- Fix warnings when D-Bus related properties change
- Prevent crash after attaching an Apple TV, and support newer
  versions of iOS
- Lower severity of "unhandled action" messages
- Fix battery status on MacBooks after a plug or unplug event
- Fix double-close on exit

Version 0.99.7
~~~~~~~~~~~~~~
Released: 2017-11-28

New Features:
- Add support for Bluetooth LE device batteries (Bastien Nocera)
- Allow to be replaced via --replace,-r (Christian Kellner)

Bugfixes:
- Fix critical action after resume from hibernate (Miroslav Sustek)
- Fix compilation with libimobiledevice git (Bastien Nocera)

Version 0.99.6
~~~~~~~~~~~~~~
Released: 2017-09-11

New Features:
- Add UP_DEVICE_KIND_GAMING_INPUT for gaming devices (Bastien Nocera)
- Detect joysticks as gaming input devices (Bastien Nocera)

Bugfixes:
- Correctly close inhibitor FD (Benjamin Berg)
- Fix crash when '@' is present in the device name (oleid, Bastien Nocera)
- Fix lid detection on FreeBSD (Alberto Villa)
- Grab the model name from device if unavailable from battery (Bastien Nocera)

Version 0.99.5
~~~~~~~~~~~~~~
Released: 2017-07-24

New Features:
- Add a more complete self test for HID++ devices (Bastien Nocera)
- Add BatteryLevel property for devices with a finite number of power levels (Bastien Nocera)
- Add support for pausing and resuming of the daemon poll (Christian Kellner, Bastien Nocera)
- Get a serial number for device batteries (Bastien Nocera)
- Refresh devices after waking up from sleep (Christian Kellner)

Bugfixes:
- Add proper error and cancellable handling to UpClient constructor (Martin Pitt)
- Do not spin in a loop when /proc/timer_stats cannot be written (Richard Hughes)
- Exit early from up-tool when connecting to upower fails (Martin Pitt)
- Expand the integration-tests to run in more environments (Bastien Nocera, Christian Kellner)
- Fix reading and writing the keyboard brightness level (Hans de Goede, Marco Trevisan)
- Fix -Wformat-y2k compilation errors (Bastien Nocera)
- Lower initial power usage when iDevice isn't accessible (Bastien Nocera)
- Simplify string checks in upower-glib (Bastien Nocera)

(bsiegert)

Updated databases/ldb, net/samba4

(adam)

samba4: updated to 4.12.0

samba 4.12.0:

NEW FEATURES/CHANGES
====================

Python 3.5 Required
-------------------

Samba's minimum runtime requirement for python was raised to Python
3.4 with samba 4.11.  Samba 4.12 raises this minimum version to Python
3.5 both to access new features and because this is the oldest version
we test with in our CI infrastructure.

(Build time support for the file server with Python 2.6 has not
changed)

Removing in-tree cryptography: GnuTLS 3.4.7 required
----------------------------------------------------

Samba is making efforts to remove in-tree cryptographic functionality,
and to instead rely on externally maintained libraries.  To this end,
Samba has chosen GnuTLS as our standard cryptographic provider.

Samba now requires GnuTLS 3.4.7 to be installed (including development
headers at build time) for all configurations, not just the Samba AD
DC.

Thanks to this work Samba no longer ships an in-tree DES
implementation and on GnuTLS 3.6.5 or later Samba will include no
in-tree cryptography other than the MD4 hash and that
implemented in our copy of Heimdal.

Using GnuTLS for SMB3 encryption you will notice huge performance and copy
speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3
show a 3x speed improvement for writing and a 2.5x speed improvement for reads!

NOTE WELL: The use of GnuTLS means that Samba will honour the
system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
standard) and so will not operate in many still common situations if
this system-wide parameter is in effect, as many of our protocols rely
on outdated cryptography.

A future Samba version will mitigate this to some extent where good
cryptography effectively wraps bad cryptography, but for now that above
applies.

zlib library is now required to build Samba
-------------------------------------------

Samba no longer includes a local copy of zlib in our source tarball.
By removing this we do not need to ship (even where we did not
build) the old, broken zip encryption code found there.

New Spotlight backend for Elasticsearch
---------------------------------------

Support for the macOS specific Spotlight search protocol has been enhanced
significantly. Starting with 4.12 Samba supports using Elasticsearch as search
backend. Various new parameters have been added to configure this:

  spotlight backend = noindex | elasticsearch | tracker
  elasticsearch:address = ADDRESS
  elasticsearch:port = PORT
  elasticsearch:use tls = BOOLEAN
  elasticsearch:index = INDEXNAME
  elasticsearch:mappings = PATH
  elasticsearch:max results = NUMBER

Samba also ships a Spotlight client command "mdfind" which can be used to search
any SMB server that runs the Spotlight RPC service. See the manpage of mdfind
for details.

Note that when upgrading existing installations that are using the previous
default Spotlight backend Gnome Tracker must explicitly set "spotlight backend =
tracker" as the new default is "noindex".

'net ads kerberos pac save' and 'net eventlog export'
-----------------------------------------------------

The 'net ads kerberos pac save' and 'net eventlog export' tools will
no longer silently overwrite an existing file during data export.  If
the filename given exits, an error will be shown.

Fuzzing
-------

A large number of fuzz targets have been added to Samba, and Samba has
been registered in Google's oss-fuzz cloud fuzzing service.  In
particular, we now have good fuzzing coverage of our generated NDR
parsing code.

A large number of issues have been found and fixed thanks to this
effort.

'samba-tool' improvements add contacts as member to groups
----------------------------------------------------------

Previously 'samba-tool group addmemers' can just add users, groups and
computers as members to groups. But also contacts can be members of
groups. Samba 4.12 adds the functionality to add contacts to
groups. Since contacts have no sAMAccountName, it's possible that
there are more than one contact with the same name in different
organizational units. Therefore it's necessary to have an option to
handle group members by their DN.

To get the DN of an object there is now the "--full-dn" option available
for all necessary commands.

The MS Windows UI allows to search for specific types of group members
when searching for new members for a group. This feature is included
here with the new samba-tool group addmembers "--object-type=OBJECTYPE"
option. The different types are selected accordingly to the Windows
UI. The default samba-toole behaviour shouldn't be changed.

Allow filtering by OU or subtree in samba-tool
----------------------------------------------

A new "--base-dn" and "--member-base-dn" option is added to relevant
samba-tool user, group and ou management commands to allow operation
on just one part of the AD tree, such as a single OU.

VFS
===

SMB_VFS_NTIMES
--------------

Samba now uses a sentinel value based on utimensat(2) UTIME_OMIT to denote
to-be-ignored timestamp variables passed to the SMB_VFS_NTIMES() VFS function.

VFS modules can check whether any of the time values inside a struct
smb_file_time is to be ignored by calling is_omit_timespec() on the value.

'io_uring' vfs module
---------------------

The module makes use of the new io_uring infrastructure
(intruduced in Linux 5.1), see https://lwn.net/Articles/776703/

Currently this implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV
and avoids the overhead of the userspace threadpool in the default
vfs backend. See also vfs_io_uring(8).

In order to build the module you need the liburing userspace library
and its developement headers installed, see
https://git.kernel.dk/cgit/liburing/

At runtime you'll need a Linux kernel with version 5.1 or higher.
Note that 5.4.14 and 5.4.15 have a regression that breaks the Samba
module! The regression was fixed in Linux 5.4.16 again.

MS-DFS changes in the VFS
-------------------------

This release changes set getting and setting of MS-DFS redirects
on the filesystem to go through two new VFS functions:

SMB_VFS_CREATE_DFS_PATHAT()
SMB_VFS_READ_DFS_PATHAT()

instead of smbd explicitly storing MS-DFS redirects inside
symbolic links on the filesystem. The underlying default
implementations of this has not changed, the redirects are
still stored inside symbolic links on the filesystem, but
moving the creation and reading of these links into the VFS
as first-class functions now allows alternate methods of
storing them (maybe in extended attributes) for OEMs who
don't want to mis-use filesystem symbolic links in this
way.

CTDB changes
============

* The ctdb_mutex_fcntl_helper periodically re-checks the lock file

  The re-check period is specified using a 2nd argument to this
  helper.  The default re-check period is 5s.

  If the file no longer exists or the inode number changes then the
  helper exits.  This triggers an election.

REMOVED FEATURES
================

The smb.conf parameter "write cache size" has been removed.

Since the in-memory write caching code was written, our write path has
changed significantly. In particular we have gained very flexible
support for async I/O, with the new linux io_uring interface in
development.  The old write cache concept which cached data in main
memory followed by a blocking pwrite no longer gives any improvement
on modern systems, and may make performance worse on memory-contrained
systems, so this functionality should not be enabled in core smbd
code.

In addition, it complicated the write code, which is a performance
critical code path.

If required for specialist purposes, it can be recreated as a VFS
module.

Retiring DES encryption types in Kerberos.
------------------------------------------
With this release, support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause Kerberos
authentication to fail for that account (see RFC-6649).

Samba-DC: DES keys no longer saved in DB.
-----------------------------------------
When a new password is set for an account, Samba DC will store random keys
in DB instead of DES keys derived from the password.  If the account is being
migrated to Windbows or to an older version of Samba in order to use DES keys,
the password must be reset to make it work.

Heimdal-DC: removal of weak-crypto.
-----------------------------------
Following removal of DES encryption types from Samba, the embedded Heimdal
build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO).

vfs_netatalk: The netatalk VFS module has been removed.
-------------------------------------------------------

The netatalk VFS module has been removed. It was unmaintained and is not needed
any more.

BIND9_FLATFILE deprecated
-------------------------

The BIND9_FLATFILE DNS backend is deprecated in this release and will
be removed in the future.  This was only practically useful on a single
domain controller or under expert care and supervision.

This release removes the 'rndc command' smb.conf parameter, which
supported this configuration by writing out a list of DCs permitted to
make changes to the DNS Zone and nudging the 'named' server if a new
DC was added to the domain.  Administrators using BIND9_FLATFILE will
need to maintain this manually from now on.

(adam)

ldb: updated to 2.1.1

2.1.1:
Unknown changes (needed for Samba 4.12.0).

(adam)

doc: Added devel/py-codespell version 1.16.0

(wiz)

devel/Makefile: + py-codespell.

(wiz)

devel/py-codespell: import py-codespell-1.16.0

Fix common misspellings in text files. It's designed primarily for
checking misspelled words in source code, but it can be used with
other files as well.

(wiz)

doc: Updated lang/yabasic to 2.86.6

(fcambus)

yabasic: update to 2.86.6.

ChangeLog:

Version 2.86.6 (March 8, 2020)
  - Advancing version for technical reasons

Version 2.86.5 (March 8, 2020)
  - Fix double backslash in string before quote

(fcambus)

doc: Updated textproc/json-schema to 1.3

(wiz)

json-schema: update to 1.3.

1.3 [2020-03-31]
================

* option to add default values during validation
* add thread-safe API
* build static library by default (jsoncpp only builds static library by default)

(wiz)

doc: Updated net/fpdns to 0.10.0pre20190131

(fcambus)

fpdns: update to 0.10.0-20190131.

pkgsrc changes:

- Remove redundant PERL5_CONFIGURE directive
- Remove empty PLIST and now unneeded patches

ChangeLog:

- fpdns-rails implementation upgraded to 3.2.11 to fix security vulnerability
- Do not set header counters unless changed
- Knot DNS capture from response_collector
- Hack to work around an old problem in Net::DNS.  Up to Net::DNS 0.68
  the notify opcode was coded as NS_NOTIFY_OP.  That was changed in version
  0.69 through 0.71 with no backwards compatibility.  This hack
  tests for the new NOTIFY and falls back to NS_NOTIFY_OP if necessary.
- Don't pass an undef value to Net::DNS::Resolver::srcaddr()
- Existing unbound rules match up to 1.6.0

  Versions between 1.6.1 and 1.6.8 are misidentified as Raiden DNSD.
  Versions later than that are not recognized.

  This was verified on versions 1.5.10 and 1.6.0; versions prior to 1.5.10
  wasn't as easy to build due to openssl api changes.
- Identify Unbound 1.7.x to 1.9.x

  All Unbound releases between 1.7.0 and 1.9.6 were tested and verified to
  match these new rules. Prior to this change, none of them matched a
  signature. The old rules matched up to 1.6.0, but for 1.6.1 to 1.6.8,
  fpdns misidentifies Unbound as "Raiden DNSD" (and still does, even after
  this change).
- Update signatures for Unbound

(fcambus)

doc: Updated misc/vttest to 20200303

(nia)

vttest: Update to 20200303

20200303
+ spelling fixes found with codespell.

+ correct a few other highlighting items for Turkish NRCS and DEC
  Supplemental Graphic NRCS.

+ correct highlighting for Spanish NRCS pound-sign in character-sets
  (report by James Holderness)

+ updated/improved configure macros

20191231
+ updated/improved configure macros

+ update config.guess, config.sub

20190710
+ improve alternate-screen test, with additional cursor-position check.

+ add extensions found in DEC standard 070 to the primary response table.

+ updated/improved configure macros

+ update config.guess, config.sub

(nia)

doc: Updated net/tnftpd to 20190602

(nia)

tnftpd: Update to 20190602

Changes in tnftpd from 20130325 to 20190602:

Security fixes to avoid resource exhaustion when globbing paths,
traversing directories, or parsing numbers.

Support NetBSD blacklistd(8).

Add -f option to ftpd to stay in foreground with -D.

(nia)

doc: Updated print/zathura-pdf-poppler to 0.3.0

(nia)

zathura-pdf-poppler: Update to 0.3.0

Changelog

    * Small improvements

(nia)

doc: Updated print/zathura to 0.4.5

(nia)

zathura: Update to 0.4.5

Changelog

    * Fix step size for mouse wheel scrolling
    * Lookup fileinfo from database by hash as fallback
    * Various fixes and improvements
    * Updated translations

(nia)

doc: Updated sysutils/u-boot-rockpro64 to 2020.01.rc5

(tnn)

move u-boot-pinebook-pro/u-boot-rockchip.mk to u-boot/u-boot-rockchip.mk

(tnn)

u-boot-rock64: add a local copy of u-boot-rockchip.mk here

Since this package still uses the ayufan branch. This is so that
the main u-boot-rockchip.mk can move to mainline.

(tnn)

u-boot-rockpro64: switch to mainline U-Boot

Reach over to the pinebook pro package for patches and build glue.
XXX boot from SPI is currently broken, but SD-card works.

(tnn)

u-boot-odroid-c2: regen distinfo

To add patch-arch_powerpc_include_asm_byteorder.h

(wiz)

pam-p11: remove patch after update removed it from distinfo

(wiz)

mingw-w64-x86_64-gcc-winpthreads: remove unused distinfo file

(wiz)

Updated devel/git

(adam)

git: updated to 2.26.0

Git 2.26 Release Notes
======================

Updates since v2.25
-------------------

Backward compatibility notes

* "git rebase" uses a different backend that is based on the 'merge'
  machinery by default.  There are a few known differences in the
  behaviour from the traditional machinery based on patch+apply.

  If your workflow is negatively affected by this change, please
  report it to git@vger.kernel.org so that we can take a look into
  it.  After doing so, you can set the 'rebase.backend' configuration
  variable to 'apply', in order to use the old default behaviour in
  the meantime.

UI, Workflows & Features

* Sample credential helper for using .netrc has been updated to work
  out of the box.

* gpg.minTrustLevel configuration variable has been introduced to
  tell various signature verification codepaths the required minimum
  trust level.

* The command line completion (in contrib/) learned to complete
  subcommands and arguments to "git worktree".

* Disambiguation logic to tell revisions and pathspec apart has been
  tweaked so that backslash-escaped glob special characters do not
  count in the "wildcards are pathspec" rule.

* One effect of specifying where the GIT_DIR is (either with the
  environment variable, or with the "git --git-dir=<where> cmd"
  option) is to disable the repository discovery.  This has been
  placed a bit more stress in the documentation, as new users often
  get confused.

* Two help messages given when "git add" notices the user gave it
  nothing to add have been updated to use advise() API.

* A new version of fsmonitor-watchman hook has been introduced, to
  avoid races.

* "git config" learned to show in which "scope", in addition to in
  which file, each config setting comes from.

* The basic 7 colors learned the brighter counterparts
  (e.g. "brightred").

* "git sparse-checkout" learned a new "add" subcommand.

* A configuration element used for credential subsystem can now use
  wildcard pattern to specify for which set of URLs the entry
  applies.

* "git clone --recurse-submodules --single-branch" now uses the same
  single-branch option when cloning the submodules.

* "git rm" and "git stash" learns the new "--pathspec-from-file"
  option.

* "git am --show-current-patch" is a way to show the piece of e-mail
  for the stopped step, which is not suitable to directly feed "git
  apply" (it is designed to be a good "git am" input).  It learned a
  new option to show only the patch part.

* Handling of conflicting renames in merge-recursive have further
  been made consistent with how existing codepaths try to mimic what
  is done to add/add conflicts.

Performance, Internal Implementation, Development Support etc.

* Tell .editorconfig that in this project, *.txt files are indented
  with tabs.

* The test-lint machinery knew to check "VAR=VAL shell_function"
  construct, but did not check "VAR= shell_function", which has been
  corrected.

* Replace "git config --bool" calls with "git config --type=bool" in
  sample templates.

* The effort to move "git-add--interactive" to C continues.

* Improve error message generation for "git submodule add".

* Preparation of test scripts for the day when the object names will
  use SHA-256 continues.

* Warn programmers about pretend_object_file() that allows the code
  to tentatively use in-core objects.

* The way "git pack-objects" reuses objects stored in existing pack
  to generate its result has been improved.

* The transport protocol version 2 becomes the default one.

* Traditionally, we avoided threaded grep while searching in objects
  (as opposed to files in the working tree) as accesses to the object
  layer is not thread-safe.  This limitation is getting lifted.

* "git rebase -i" (and friends) used to unnecessarily check out the
  tip of the branch to be rebased, which has been corrected.

* A low-level API function get_oid(), that accepts various ways to
  name an object, used to issue end-user facing error messages
  without l10n, which has been updated to be translatable.

* Unneeded connectivity check is now disabled in a partial clone when
  fetching into it.

* Some rough edges in the sparse-checkout feature, especially around
  the cone mode, have been cleaned up.

* The diff-* plumbing family of subcommands now pay attention to the
  diff.wsErrorHighlight configuration, which has been ignored before;
  this allows "git add -p" to also show the whitespace problems to
  the end user.

* Some codepaths were given a repository instance as a parameter to
  work in the repository, but passed the_repository instance to its
  callees, which has been cleaned up (somewhat).

* Memory footprint and performance of "git name-rev" has been
  improved.

* The object reachability bitmap machinery and the partial cloning
  machinery were not prepared to work well together, because some
  object-filtering criteria that partial clones use inherently rely
  on object traversal, but the bitmap machinery is an optimization
  to bypass that object traversal.  There however are some cases
  where they can work together, and they were taught about them.

* "git rebase" has learned to use the merge backend (i.e. the
  machinery that drives "rebase -i") by default, while allowing
  "--apply" option to use the "apply" backend (e.g. the moral
  equivalent of "format-patch piped to am").  The rebase.backend
  configuration variable can be set to customize.

* Underlying machinery of "git bisect--helper" is being refactored
  into pieces that are more easily reused.

Fixes since v2.25
-----------------

* "git commit" gives output similar to "git status" when there is
  nothing to commit, but without honoring the advise.statusHints
  configuration variable, which has been corrected.

* has_object_file() said "no" given an object registered to the
  system via pretend_object_file(), making it inconsistent with
  read_object_file(), causing lazy fetch to attempt fetching an
  empty tree from promisor remotes.

* Complete an update to tutorial that encourages "git switch" over
  "git checkout" that was done only half-way.

* C pedantry ;-) fix.

* The code that tries to skip over the entries for the paths in a
  single directory using the cache-tree was not careful enough
  against corrupt index file.

* Reduce unnecessary round-trip when running "ls-remote" over the
  stateless RPC mechanism.

* "git restore --staged" did not correctly update the cache-tree
  structure, resulting in bogus trees to be written afterwards, which
  has been corrected.

* The code recently added to move to the entry beyond the ones in the
  same directory in the index in the sparse-cone mode did not count
  the number of entries to skip over incorrectly, which has been
  corrected.

* Rendering by "git log --graph" of ancestry lines leading to a merge
  commit were made suboptimal to waste vertical space a bit with a
  recent update, which has been corrected.

* Work around test breakages caused by custom regex engine used in
  libasan, when address sanitizer is used with more recent versions
  of gcc and clang.

* Minor bugfixes to "git add -i" that has recently been rewritten in C.

* "git fetch --refmap=" option has got a better documentation.

* "git checkout X" did not correctly fail when X is not a local
  branch but could name more than one remote-tracking branches
  (i.e. to be dwimmed as the starting point to create a corresponding
  local branch), which has been corrected.
  (merge fa74180d08 am/checkout-file-and-ref-ref-ambiguity later to maint).

* Corner case bugs in "git clean" that stems from a (necessarily for
  performance reasons) awkward calling convention in the directory
  enumeration API has been corrected.

* A fetch that is told to recursively fetch updates in submodules
  inevitably produces reams of output, and it becomes hard to spot
  error messages.  The command has been taught to enumerate
  submodules that had errors at the end of the operation.
  (merge 0222540827 es/fetch-show-failed-submodules-atend later to maint).

* The "--recurse-submodules" option of various subcommands did not
  work well when run in an alternate worktree, which has been
  corrected.

* Futureproofing a test not to depend on the current implementation
  detail.

* Running "git rm" on a submodule failed unnecessarily when
  .gitmodules is only cache-dirty, which has been corrected.

* C pedantry ;-) fix.

* "git grep --no-index" should not get affected by the contents of
  the .gitmodules file but when "--recurse-submodules" is given or
  the "submodule.recurse" variable is set, it did.  Now these
  settings are ignored in the "--no-index" mode.

* Technical details of the bundle format has been documented.

* Unhelpful warning messages during documentation build have been squelched.

* "git rebase -i" identifies existing commits in its todo file with
  their abbreviated object name, which could become ambiguous as it
  goes to create new commits, and has a mechanism to avoid ambiguity
  in the main part of its execution.  A few other cases however were
  not covered by the protection against ambiguity, which has been
  corrected.

* Allow the rebase.missingCommitsCheck configuration to kick in when
  "rebase --edit-todo" and "rebase --continue" restarts the procedure.
  (merge 5a5445d878 ag/edit-todo-drop-check later to maint).

* The way "git submodule status" reports an initialized but not yet
  populated submodule has not been reimplemented correctly when a
  part of the "git submodule" command was rewritten in C, which has
  been corrected.
  (merge f38c92452d pk/status-of-uncloned-submodule later to maint).

* The code to automatically shrink the fan-out in the notes tree had
  an off-by-one bug, which has been killed.

* The index-pack code now diagnoses a bad input packstream that
  records the same object twice when it is used as delta base; the
  code used to declare a software bug when encountering such an
  input, but it is an input error.

* The code to compute the commit-graph has been taught to use a more
  robust way to tell if two object directories refer to the same
  thing.
  (merge a7df60cac8 tb/commit-graph-object-dir later to maint).

* "git remote rename X Y" needs to adjust configuration variables
  (e.g. branch.<name>.remote) whose value used to be X to Y.
  branch.<name>.pushRemote is now also updated.

* Update to doc-diff.

* Doc markup fix.

* "git check-ignore" did not work when the given path is explicitly
  marked as not ignored with a negative entry in the .gitignore file.

* The merge-recursive machinery failed to refresh the cache entry for
  a merge result in a couple of places, resulting in an unnecessary
  merge failure, which has been fixed.

* Fix for a bug revealed by a recent change to make the protocol v2
  the default.

* In rare cases "git worktree add <path>" could think that <path>
  was already a registered worktree even when it wasn't and refuse
  to add the new worktree. This has been corrected.
  (merge bb69b3b009 es/worktree-avoid-duplication-fix later to maint).

* "git push" should stop from updating a branch that is checked out
  when receive.denyCurrentBranch configuration is set, but it failed
  to pay attention to checkouts in secondary worktrees.  This has
  been corrected.
  (merge 4d864895a2 hv/receive-denycurrent-everywhere later to maint).

* "git rebase BASE BRANCH" rebased/updated the tip of BRANCH and
  checked it out, even when the BRANCH is checked out in a different
  worktree.  This has been corrected.
  (merge b5cabb4a96 es/do-not-let-rebase-switch-to-protected-branch later to maint).

* "git describe" in a repository with multiple root commits sometimes
  gave up looking for the best tag to describe a given commit with
  too early, which has been adjusted.

* "git merge signed-tag" while lacking the public key started to say
  "No signature", which was utterly wrong.  This regression has been
  reverted.

* MinGW's poll() emulation has been improved.

* "git show" and others gave an object name in raw format in its
  error output, which has been corrected to give it in hex.

* "git fetch" over HTTP walker protocol did not show any progress
  output.  We inherently do not know how much work remains, but still
  we can show something not to bore users.
  (merge 7655b4119d rs/show-progress-in-dumb-http-fetch later to maint).

* Both "git ls-remote -h" and "git grep -h" give short usage help,
  like any other Git subcommand, but it is not unreasonable to expect
  that the former would behave the same as "git ls-remote --head"
  (there is no other sensible behaviour for the latter).  The
  documentation has been updated in an attempt to clarify this.

(adam)

doc: Updated textproc/libxslt to 1.1.34nb1

(wiz)

libxslt: fix man page

Addresses PR 55123 with a SUBST_SED.

Bump PKGREVISION.

(wiz)

updated editors/nano to 4.9

(schwarz)

updated MASTER_SITES

(schwarz)

depend on ruby, as there are ruby scripts

(plunky)

Added textproc/py-sphinxcontrib-log-cabinet; Updated www/py-werkzeug, www/py-werkzeug-docs

(adam)

py-werkzeug{-docs}: updated to 1.0.1

Version 1.0.1
-  Make the argument to ``RequestRedirect.get_response`` optional.
-  Only allow a single access control allow origin value.
-  Fix crash when trying to parse a non-existent Content Security
    Policy header.
-  ``http_date`` zero fills years < 1000 to always output four digits.
-  Fix missing local variables in interactive debugger console.
-  Fix passing file-like objects like ``io.BytesIO`` to
    ``FileStorage.save``.

Version 1.0.0
-  Drop support for Python 3.4. (:issue:`1478`)
-  Remove code that issued deprecation warnings in version 0.15.
    (:issue:`1477`)
-  Remove most top-level attributes provided by the ``werkzeug``
    module in favor of direct imports. For example, instead of
    ``import werkzeug; werkzeug.url_quote``, do
    ``from werkzeug.urls import url_quote``. Install version 0.16 first
    to see deprecation warnings while upgrading.
-  Added ``utils.invalidate_cached_property()`` to invalidate cached
    properties. (:pr:`1474`)
-  Directive keys for the ``Set-Cookie`` response header are not
    ignored when parsing the ``Cookie`` request header. This allows
    cookies with names such as "expires" and "version". (:issue:`1495`)
-  Request cookies are parsed into a ``MultiDict`` to capture all
    values for cookies with the same key. ``cookies[key]`` returns the
    first value rather than the last. Use ``cookies.getlist(key)`` to
    get all values. ``parse_cookie`` also defaults to a ``MultiDict``.
-  Add ``charset=utf-8`` to an HTTP exception response's
    ``CONTENT_TYPE`` header. (:pr:`1526`)
-  The interactive debugger handles outer variables in nested scopes
    such as lambdas and comprehensions.
-  The user agent for Opera 60 on Mac is correctly reported as
    "opera" instead of "chrome".
-  The platform for Crosswalk on Android is correctly reported as
    "android" instead of "chromeos". (:pr:`1572`)
-  Issue a warning when the current server name does not match the
    configured server name.
-  A configured server name with the default port for a scheme will
    match the current server name without the port if the current scheme
    matches.
-  :exc:`~exceptions.InternalServerError` has a ``original_exception``
    attribute that frameworks can use to track the original cause of the
    error.
-  Headers are tested for equality independent of the header key case,
    such that ``X-Foo`` is the same as ``x-foo``.
-  :meth:`http.dump_cookie` accepts ``'None'`` as a value for
    ``samesite``.
-  :meth:`~test.Client.set_cookie` accepts a ``samesite`` argument.
-  Support the Content Security Policy header through the
    `Response.content_security_policy` data structure.
-  ``LanguageAccept`` will fall back to matching "en" for "en-US" or
    "en-US" for "en" to better support clients or translations that
    only match at the primary language tag.
-  ``MIMEAccept`` uses MIME parameters for specificity when matching.
-  If the development server is started with an ``SSLContext``
    configured to verify client certificates, the certificate in PEM
    format will be available as ``environ["SSL_CLIENT_CERT"]``.
-  ``is_resource_modified`` will run for methods other than ``GET`` and
    ``HEAD``, rather than always returning ``False``.
-  ``SharedDataMiddleware`` returns 404 rather than 500 when trying to
    access a directory instead of a file with the package loader. The
    dependency on setuptools and pkg_resources is removed.
-  Add a ``response.cache_control.immutable`` flag. Keep in mind that
    browser support for this ``Cache-Control`` header option is still
    experimental and may not be implemented.
-  Optional request log highlighting with the development server is
    handled by Click instead of termcolor.
-  Optional ad-hoc TLS support for the development server is handled
    by cryptography instead of pyOpenSSL.
-  ``FileStorage.save()`` supports ``pathlib`` and :pep:`519`
    ``PathLike`` objects.
-  The debugger security pin is unique in containers managed by Podman.
-  Building a URL when ``host_matching`` is enabled takes into account
    the current host when there are duplicate endpoints with different
    hosts.
-  The ``429 TooManyRequests`` and ``503 ServiceUnavailable`` HTTP
    exceptions takes a ``retry_after`` parameter to set the
    ``Retry-After`` header.
-  ``Map`` and ``Rule`` have a ``merge_slashes`` option to collapse
    multiple slashes into one, similar to how many HTTP servers behave.
    This is enabled by default.
-  Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status
    codes.
-  Add ``update``, ``setlist``, and ``setlistdefault`` methods to the
    ``Headers`` data structure. ``extend`` method can take ``MultiDict``
    and kwargs.
-  The development server accepts paths that start with two slashes,
    rather than stripping off the first path segment.
-  Add access control (Cross Origin Request Sharing, CORS) header
    properties to the ``Request`` and ``Response`` wrappers.
-  ``Accept`` values are no longer ordered alphabetically for equal
    quality tags. Instead the initial order is preserved.
-  Added ``Map.lock_class`` attribute for alternative
    implementations.
-  Support matching and building WebSocket rules in the routing system,
    for use by async frameworks.
-  Range requests that span an entire file respond with 206 instead of
    200, to be more compliant with :rfc:`7233`. This may help serving
    media to older browsers.
-  The :class:`~middleware.shared_data.SharedDataMiddleware` default
    ``fallback_mimetype`` is ``application/octet-stream``. If a filename
    looks like a text mimetype, the ``utf-8`` charset is added to it.
    This matches the behavior of :class:`~wrappers.BaseResponse` and
    Flask's ``send_file()``.

(adam)

arm cross toolchains: skip portability checks under contrib/*

(tnn)

py-sphinxcontrib-log-cabinet: added version 1.0.1

Organize changelogs generated by versionadded, versionchanged, deprecated
directives. The log will be sorted by newest to oldest version. For HTML docs,
older versions will be collapsed by default.

(adam)

doc: note update of ruby language packages

lang/ruby26-base 2.6.6
databases/ruby-gdbm 2.6.6
devel/ruby-fiddle 2.6.6
devel/ruby-readline 2.6.6
lang/ruby26 2.6.6
lang/ruby27-base 2.7.1
lang/ruby27 2.7.1
lang/ruby25-base 2.5.8
lang/ruby25 2.5.8
lang/ruby24-base 2.4.10
lang/ruby24 2.4.10

(taca)

devel/ruby-fiddle: reset PKGREVISION

Reset PKGREVISION by updates of all ruby2* packages.

(taca)

lang/ruby24-base: update to 2.4.10

Update ruby24-base (and ruby24) to 2.4.10.

This release includes a security fix. Please check the topics below for
details.

* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
  fix)

Ruby 2.4 is now under the state of the security maintenance phase, until the
end of March of 2020.  After that date, maintenance of Ruby 2.4 will be
ended.  Thus, this release would be the last of Ruby 2.4 series.  We
recommend you immediately upgrade Ruby to newer versions, such as 2.7 or 2.6
or 2.5.

(taca)

lang/ruby25-base: update to 2.5.8

Update ruby25-base (and ruby25) to 2.5.8.

2.5.8 (2020-03-31)

This release includes security fixes. Please check the topics below for
details.

* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
  fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

(taca)

lang/ruby27-base: update to 2.7.1

Update ruby27-base (and ruby27) to 2.7.1.

2.7.1 (2020-03-31)

This release includes security fixes. Please check the topics below for
details.

* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
  fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

(taca)

lang/ruby26-base: update to 2.6.6

Update ruby26-base (and ruby26 related packages) to 2.6.6.

2.6.6 (2020-03-31)

This release includes security fixes. Please check the topics below for
details.

* CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON (Additional
  fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

(taca)

mk/subst.mk: add user-settable SUBST_NOOP_OK

This variable allows to make SUBST stricter than before. This will break
several packages that have redundant filename patterns. Most of these are
typos or outdated and should be updated or removed.

(rillig)

weechat: Restore handling for NetBSD libcurses

If it can't find ncurses.so it gives up. Allow FAKE_NCURSES to work
properly when ncurses isn't installed.

(nia)

doc: Updated devel/meson to 0.54.0

(wiz)

meson: update to 0.54.0.

New features

Emscripten (emcc) now supports threads
Introduce dataonly for the pkgconfig module
Consistently report file locations relative to cwd
dependency() consistency
Override dependency()
Simplified dependency() fallback
Backend agnostic compile command
Native (build machine) compilers not always required
Summary improvements
Add a system type dependency for zlib
Added 'name' method
New option --quiet to meson install
Property support emscripten's wasm-ld
Skip sanity tests when cross compiling
Support for overiding the linker with ldc and gdc
Native file properties
Changed the signal used to terminate a test process (group)
Dynamic Linker environment variables actually match docs
Per subproject default_library and werror options
Environment Variables with Cross Builds
Added 'pkg_config_libdir' property
More new sample Meson templates for (Java, Cuda, and more)
Ninja version requirement bumped to 1.7
Added -C argument to meson init command
More than one argument to message() and warning()
Added has_tools method to qt module
The MSI installer is only available in 64 bit version
Uninstalled pkg-config files
CMake find_package COMPONENTS support
Added Microchip XC16 C compiler support
Added Texas Instruments C2000 C/C++ compiler support
Unity file block size is configurable

More details:
https://mesonbuild.com/Release-notes-for-0-54-0.html

(wiz)

doc: Updated lang/gcc8 to 8.3.0nb3

(wiz)

doc: Updated lang/gcc8-libs to 8.3.0nb4

(wiz)

gcc8*: reduce differences to gcc7*

This also fixes RELRO builds.

Bump PKGREVISION.

(wiz)

libgsf: Not tied to a specific GNOME version

(nia)

gcc7: reduce differences to gcc8

mostly, make dejagnu a TEST_DEPENDS

(wiz)

doc: Updated mail/claws-mail to 3.17.5

(nia)