regress/make-env-phases: fix test by ignoring changes to *FLAGS

The CPPFLAGS, CFLAGS, CXXFLAGS and LDFLAGS differ between the build phase
and the install phase. It's only a minor difference but may still
influence packages that use these flags at install time, even though they
shouldn't.

For now just document that the flags differ.

(rillig)

doc: Updated pkgtools/pkg_regress to 0.5

(rillig)

pkgtools/pkg_regress: update to 0.5

Changes since 0.4:

The log output in verbose mode surrounds each test now and says
immediately whether that test fails. Before, that information was
collected and only shown at the very end of the output, which was
inconvenient.

(rillig)

Note update of the "mutt" package to version 1.13.1

(tron)

mutt: Update to version 1.13.1

Changes since version 1.13.0:
! Bug fix release.
+ $sidebar_relative_shortpath_indent, default unset, enables the
  indentation and shortpath behavior introduced in 1.13.0.
+ $sidebar_use_mailbox_shortcuts, default unset, displays standard
  mailbox shortcuts, '~' and '=' in the sidebar.  When unset, the
  sidebar will remove a $folder prefix but won't display mailbox
  shortcuts.

(tron)

Fix build on non-linux ppc machines

Fix build on non-linux ppc machines, tested by julian sevard.

(nros)

doc: Updated archivers/py-zstandard to 0.12.0nb1

(leot)

py-zstandard: Use bundled zstd because not adapted to zstd-1.4.4

At least ZSTD_FRAMEHEADERSIZE_MIN and ZSTD_FRAMEHEADERSIZE_PREFIX
macros in 1.4.4 needs a `format' argument but py-zstandard is not
adapted to 1.4.4 yet.

PKGREVISION++

(leot)

doc: Updated net/mitmproxy to 5.0.0

(leot)

mitmproxy: Update to 5.0.0

Changes:
5.0.0
-----
** Major Changes **
  * Added new Table UI (@Jessonsotoventura)
  * Added EKU extension to certificates. This fixes support for macOS Catalina (@vin01)

** Security Fixes **
  * Fixed command injection vulnerabilities when exporting flows as curl/httpie commands (@cript0nauta)
  * Do not echo unsanitized user input in HTTP error responses (@fimad)

** Full Changelog **
  * Moved to Github CI for Continuous Integration, dropping support for old Linux and macOS releases. (#3728)
  * Vastly improved command parsing, in particular for setting flow filters (@typoon)
  * Added a new flow export for raw responses (@mckeimic)
  * URLs are now edited in an external editor (@Jessonsotoventura)
  * mitmproxy now has a command history (@typoon)
  * Added terminal like keyboard shortcuts for the command bar (ctrl+w, ctrl+a, ctrl+f, ...) (@typoon)
  * Fixed issue with improper handling of non-ascii characters in URLs (@rjt-gupta)
  * Filtering can now use unicode characters (@rjt-gupta)
  * Fixed issue with user keybindings not being able to override default keybindings
  * Improved installation instructions
  * Added support for IPV6-only environments (@sethb157)
  * Fixed bug with server replay (@rjt-gupta)
  * Fixed issue with duplicate error responses (@ccssrryy)
  * Users can now set a specific external editor using $MITMPROXY_EDITOR (@rjt-gupta)
  * Config file can now be called `config.yml` or `config.yaml` (@ylmrx)
  * Fixed crash on `view.focus.[next|prev]` (@ylmrx)
  * Updated documentation to help using mitmproxy certificate on Android (@jannst)
  * Added support to parse IPv6 entries from `pfctl` on MacOS. (@tomlabaude)
  * Fixed instructions on how to build the documentation (@jannst)
  * Added a new `--allow-hosts` option (@pierlon)
  * Added support for zstd content-encoding (@tsaaristo)
  * Fixed issue where the replay server would corrupt the Date header (@tonyb486)
  * Improve speed for WebSocket interception (@MathieuBordere)
  * Fixed issue with parsing JPEG files. (@lusceu)
  * Improve example code style (@BoboTiG)
  * Fixed issue converting void responses to HAR (@worldmind)
  * Color coded http status codes in mitmweb (@arun-94)
  * Added organization to generated certificates (@Abcdefghijklmnopqrstuvwxyzxyz)
  * Errors are now displayed on sys.stderr (@JessicaFavin)
  * Fixed issue with replay timestamps (@rjt-gupta)
  * Fixed copying in mitmweb on macOS (@XZzYassin)

(leot)

doc: Added archivers/py-brotli version 1.0.7

(leot)

archivers: Add py-brotli

(leot)

py-brotli: Import py-brotli-1.0.7 as archivers/py-brotli

Brotli is a generic-purpose lossless compression algorithm that compresses data
using a combination of a modern variant of the LZ77 algorithm, Huffman coding
and 2nd order context modeling, with a compression ratio comparable to the best
currently available general-purpose compression methods. It is similar in speed
with deflate but offers more dense compression.

This package contains Python bindings for Brotli.

(leot)

doc: Updated devel/py-ruamel-yaml to 0.16.5

(leot)

py-ruamel-yaml: Update to 0.16.5

pkgsrc changes:
- Remove dependency to py-typing, no longer needed since version 0.14.9
- Reset USE_LANGUAGES, C parts were splitted in py-ruamel-yaml-clib and a C
  compiler is no longer needed

Changes:
[0, 16, 5]: 2019-08-18
  - allow for ``YAML(typ=['unsafe', 'pytypes'])``

[0, 16, 4]: 2019-08-16
  - fix output of TAG directives with # (reported by `Thomas Smith
    <https://bitbucket.org/%7Bd4c57a72-f041-4843-8217-b4d48b6ece2f%7D/>`__)

[0, 16, 3]: 2019-08-15
  - move setting of version based on YAML directive to scanner, allowing to
    check for file version during TAG directive scanning

[0, 16, 2]: 2019-08-15
  - preserve YAML and TAG directives on roundtrip, correctly output #
    in URL for YAML 1.2 (both reported by `Thomas Smith
    <https://bitbucket.org/%7Bd4c57a72-f041-4843-8217-b4d48b6ece2f%7D/>`__)

[0, 16, 1]: 2019-08-08
  - Force the use of new version of ruamel.yaml.clib (reported by `Alex Joz
    <https://bitbucket.org/%7B9af55900-2534-4212-976c-61339b6ffe14%7D/>`__)
  - Allow '#' in tag URI as these are allowed in YAML 1.2 (reported by
    `Thomas Smith
    <https://bitbucket.org/%7Bd4c57a72-f041-4843-8217-b4d48b6ece2f%7D/>`__)

[0, 16, 0]: 2019-07-25
  - split of C source that generates .so file to ruamel.yaml.clib
  - duplicate keys are now an error when working with the old API as well

(leot)

doc: Added devel/py-ruamel-yaml-clib version 0.2.0

(leot)

devel: Add py-ruamel-yaml-clib

(leot)

py-ruamel-yaml-clib: Import py-ruamel-yaml-clib-0.2.0 as devel/py-ruamel-yaml-clib

ruamel.yaml.clib is the C based reader/scanner and emitter for ruamel.yaml.

(leot)

py-publicsuffix2: Reset USE_LANGUAGES

(No `c' compiler is needed to build this module.)

(leot)

doc: Added www/py-publicsuffix2 version 2.20190812

(leot)

www: Add py-publicsuffix2

(leot)

py-publicsuffix2: Import py-publicsuffix2-2.20190812 as www/py-publicsuffix2

This module allows you to get the public suffix, as well as the
registrable domain, of a domain name using the Public Suffix List from
http://publicsuffix.org

(leot)

doc: Updated textproc/xapian-omega to 1.4.14

(schmonz)

Update to 1.4.14. From the changelog:

documentation:

* Improve omindex --help docs for --duplicates.
* Document that $log will start to return an error message in 1.5.0, and that
  one can wrap it using a $if with no action now to be future-proof.

indexers:

* Add built-in support for iso-8859-15 so we can handle it without iconv.
  This charset is a variant of iso-8859-1 with 8 characters changed, most
  notably including the euro currency symbol.  It's the most commonly seen
  charset we didn't have built-in support for.
* Optimise converting us-ascii to UTF-8 to do nothing, like we already do when
  converting UTF-8 to UTF-8.
* scriptindex:
  + Add new 'gap' action which provides a way to leave a gap in the term
    positions between fields to prevent phrases and positional operators from
    matching across fields.

omega:

* Fix error handling in $lookup.  We now check for errors from cdb_init()
  and cdb_get().  We've never checked for errors from cdb_init(), while
  for cdb_get() this bug was introduced by a warning fix in 1.2.20.

templates:

* Future-proof use of $log against changes in 1.5.0.

(schmonz)

Reset PKGREVISION for xapian update.

(schmonz)

doc: Updated textproc/xapian to 1.4.14

(schmonz)

Update to 1.4.14. From the changelog:

API:

* Xapian::QueryParser: Handle "" inside a quoted phrase better.  In a quoted
  boolean term, "" is treated as an escaped ", so handle it in a compatible way
  for quoted phrases.  Previously we'd drop out of the phrase and start a new
  phrase.  Fixes #630, reported by Austin Clements.

* Xapian::Stem: The constructor which takes a stemmer name now takes an
  optional second bool parameter - if this is true, then an unknown stemmer
  name falls back to using the "none" stemmer instead of throwing an exception.
  This allows simply constructing a stemmer from an ISO language code without
  having to worry about whether there's a stemmer for that language, and
  without having to handle an exception if there isn't.

* Xapian::Stem: Fix a bug with handling 4-byte UTF-8 sequences which
  potentially affects most of the stemmers.  None of the stemmers work in
  languages where 4-byte UTF-8 sequences are part of the alphabet, but this
  bug could result in invalid UTF-8 sequences in terms generated from text
  containing high Unicode codepoints such as emoji, which can cause issues (for
  example, in some language bindings).  Fix synced from Snowball git post
  2.0.0.  Reported by Ilari Nieminen in
  https://github.com/snowballstem/snowball/issues/89.

* Xapian::Stem: Add a new is_none() method which tests if this is a "none"
  stemmer.

* Xapian::Weight: The total length of all documents is now made available to
  Xapian::Weight subclasses, and this is now used by DLHWeight, DPHWeight and
  LMWeight.  To maintain ABI compatibility, internally this still fetches the
  average length and the number of documents, multiplies them, then rounds the
  result, but in the next release series this will be handled directly.

* Xapian::Database::locked() on an inmemory database used to always return
  false, but an inmemory Database is always actually a WritableDatabase
  underneath, so now we always report true in this case because it's really
  always report being locked for writing.

* Fix write one past end of std::vector on certain QueryParser parser errors.
  This is undefined behaviour, but the write was always into reserved space, so
  in practice we'd actually get away with it (it was noticed because it
  triggers an error when running under ubsan and using libc++).  Reported by
  Germ叩n M. Bravo.

* MSet::get_matches_estimated(): Improve rounding of result - a bug meant we
  would almost always round down.

* Optimise test for UTF-8 continuation character.  Performing a signed char
  comparison shaves an instruction or two on most architectures.

* Database::get_revision(): Return revision 0 for a Database with no shards
  rather that throwing InvalidOperationError.

* DPHWeight: Avoid dividing by 0 when searching a sharded database when one
  shard is empty.  The result wasn't used in this case, but it's still
  undefined behaviour.  Detected by UBSan.

testsuite:

* Fix failing multi_glass_remoteprog_glass tests on x86.  When the tests are
  run under valgrind, remote servers should be run using the runsrv wrapper
  script, but this wasn't happening for remote servers in multi-databases - now
  it is.  Also, previously runsrv only used valgrind for the remote for an x86
  build that didn't use SSE, but it seems there are x87 instructions in libc
  that are affected by valgrind not providing excess precision, so do this for
  x86 builds which use SSE too.  Together these changes fix failures of
  topercent2, xor2, tradweight1 under backend multi_glass_remoteprog_glass on
  x86.

* Fix C++ One-Definition Rule (ODR) violation in testsuite code.  Two different
  source files linked into apitest were each defining a different `struct
  test`.  Wrap each in an anonymous namespace to localise it to the file it is
  defined and used in.  This was probably harmless in practice, unless trying
  to build with Link-Time Optimisation or similar (which is how it was
  detected).

* Test all language codes in stemlangs1.  The testsuite hardcodes a list of
  supported language codes which hadn't been updated since 2008.

* Improve DateRangeProcessor test coverage.

* The "singlefile" test harness backend manager now creates databases by
  compacting the corresponding underlying backend database (creating it first
  if need be) rather than always creating a temporary database to compact.

* Enable compaction testcases for multi and singlefile test harness backends.

* Add generated database support for remoteprog and remotetcp test harness
  backends.  Implemented by Tanmay Sachan.

* Add test harness support for running testcases using a multi database
  comprised of one local and one remote shard, or two remote shards.
  Implemented by Tanmay Sachan.

* Check if removing existing multi stub failed.  Previously if removing an
  existing stub failed, the test harness would create a temporary new stub and
  then try to rename it over the old one, which will always fail on Microsoft
  Windows.

* Wait for xapian-tcpsrv processes to finish before moving on to the next
  testcase under __WIN32__ like we already do on POSIX platforms.

matcher:

* Handle pruning under a positional check.  This used to be impossible, but
  since 1.4.13 it can happen as we now hoist AND_NOT to just below where we
  hoist the positional checks.  The code on master already handles pruning here
  so this bug is specific to the RELEASE/1.4 branch.  Fixes #796, reported by
  Oliver Runge.

* When searching with collapsing over multiple shards, at least some of which
  are remote, uncollapsed_upper_bound could be too low and
  uncollapsed_lower_bound too high.  This was causing assertion failures in
  testcases msize1 and msize2 under test harness backends
  multi_glass_remoteprog_glass and multi_remoteprog_glass.

* Internally we no longer calculate a bogus total_term_count as the sum of
  total_length * doc_count for all shards.  Instead we just use the sum of
  total_length, which gives the total number of term occurrences.  This change
  should improve the estimated collection_freq values for synonyms.

* Several places where we might divide zero by zero in a database where wdf was
  always zero have been fixed.

* Optimise OP_AND_NOT better.  We now combine its left argument with other
  connected and-like subqueries, and gather up and hoist the negated subqueries
  and apply them together above the combined and-like subqueries, just below
  any positional filters.

* Optimise OP_AND_MAYBE better.  We now combine its left argument with other
  connected and-like subqueries, and gather up and hoist the optional
  subqueries and apply them together above the combined and-like subqueries and
  any hoisted positional filters.

* Treat all BoolWeight queries as scaled by 0 - we can optimise better if we
  know the query is unweighted.

build system:

* configure: Stop using AC_FUNC_MEMCMP.  The autoconf manual marks it as
  "obsolescent", and it seems clear that nobody's relying on it as we're
  missing the "'AC_LIBOBJ' replacement for 'memcmp'" which it would try to
  use if needed.

glass backend:

* Allow zlib compression to reduce size by one byte.  We were specifying an
  output buffer size one byte smaller than the input, but it appears zlib won't
  use the final byte in the buffer, so we actually need to pass the input size
  as the output buffer size.

* Only try to compress Btree item values > 18 bytes, which saves CPU time
  without sacrificing any significant size savings.

remote backend:

* Fix match stats when searching with collapsing over multiple shards and at
  least some shards are remote.  Bug discovered by Tanmay Sachan's test harness
  improvements.

* Ignore orphaned remote protocol replies which can happen when searching with
  a remote shard if an exception is thrown by another shard.  Bug discovered
  by Tanmay Sachan's test harness improvements.

* Wait for xapian-progsrv child to exit when a remote Database or
  WritableDatabase object is closed under __WIN32__ like we already do for
  POSIX platforms.

documentation:

* HACKING: Replace release docs with pointer to the developer guide where they
  are now maintained.

* Correct documentation of initial messages in replication protocol.

tools:

* quest: Report bounds and estimate of number of matches.

* xapian-delve: Improve output when database revision information is not
  available.  We now specially handle the cases of a DB with multiple shards
  and a backend which doesn't support get_revision().

portability:

* Eliminate 2 uses of atoi().  These are potentially problematic in a
  multithreaded application if setlocale() is called by another thread at the
  same time.  See #665.

* Don't check __GNUC__ in visibility.h as the configure probe before defining
  XAPIAN_ENABLE_VISIBILITY checks that the visibility attributes work.  This
  probably makes no difference in practice, as all compilers we're aware of
  which support symbol visibility also define __GNUC__.

* Document Sun C++ requires --disable-shared.  Closes #631.

* Fix warning from GCC 9 with -Wdeprecated-copy (which is enabled by -Wextra)
  if a reference to an Error object is thrown.

* Suppress GCC warning in our API headers when compiling code using Xapian with
  GCC and -Wduplicated-branches.

* Mark some internal classes as final (following GCC -Wsuggest-final-types
  suggestions to allow some method calls to be devirtualised).

* Fix to build with --enable-maintainer-mode and Perl < 5.10, which doesn't
  have the `//=` operator.  It's unlikely developers will have such an old
  Perl, but the mingw environment on appveyor CI does.  The use of `//=` was
  introduced by changes in 1.4.10.

(schmonz)

abiword-plugins: remove redundant configure setting

(gutteridge)

doc: Updated devel/asio to 1.10.8nb1

(gutteridge)

asio: build fix for NetBSD > 9.99.14

Carry over the same patch from the Boost meta-pkg to fix this same
file in this version of the asio implementation. (The patch looks a
little ungainly in isolation, but is simpler than creating multiple
#if/#else blocks in the target file.)

(TBD: this package is likely redundant, as a newer version of it is
subsumed within the Boost libraries. The only package depending on it
is abiword-plugins. At first glance, it appears that abiword-plugins
could simply be patched to reference the Boost namespace for this
functionality. But I haven't confirmed if there are any specific
functional gaps between the two implementations, so I'm making this
quick build fix for now.)

(gutteridge)

doc: Updated math/py-sympy to 1.3

(minskim)

math/py-sympy: Update to 1.3

Backwards compatibility breaks and deprecations:

    * Symbols no longer automatically convert to functions when called,
      e.g., if f = Symbol('f'), f(t) is now a TypeError. To create a
      function, use f = Function('f') or f = symbols('f', cls=Function).

    * .integrate() has been renamed to .compute_expectation() in
      sympy.stats in order to avoid confusion with the integrals module.

    * classof() and a2idx() in sympy.matrices.matrices have been
      deprecated in favor of the same functions in sympy.matrices.common.

    * The source() function has been deprecated. Use inspect.getsource or
      ?? in IPython.

See the release notes for the full list of changes.

    https://github.com/sympy/sympy/wiki/release-notes-for-1.3

(minskim)

doc: Updated net/djbdnscurve6 to 36a

(schmonz)

Update to 36a. From the changelog:

- Fixed CVE-2009-0858 in response.c (tx. Martin).
- Compliance with fehQlibs-13 given DNS return codes and dns timeouts aligned.
- DNS return codes streamlined with fehQlibs-13c.
- Fixed wrong evaluation of query_* (-1 -> DNS_*), making dnscache polling.

(schmonz)

doc: Updated net/ucspi-ssl to 0.999.11.1

(schmonz)

Update to 0.11.1 (as 0.999.11.1). From the changelog:

- Added compatibility with fehQlibs-13.
- Fixed wrong behavior of sslserver/sslclient given a local or remote
  IPv4 address. sslhandle is now an own program (man sslhandle.3).
- Code streamlined with ucspi-tcp6-1.11.0.
- Removed parenthesis from host in https@: [$host]:$port -> $host:port.
  Tx, A.E.
- Fixed TLSv1* macro's names in ucspissl.h to match ssl_context.c.
- Clarified usage of 'SSL_CTX_set_ciphersuites()' in ssl_ciphers.c.

(schmonz)

doc: Updated net/ucspi-tcp6 to 1.11.0

(schmonz)

Update to ucspi-tcp6-1.11.0. From the changelog:

- Fixed incorrect behavior for IPv4 address given as hostname for
  tcpserver and tcpclient.
- Added tcprulescheck verbose info message.
- Requires fehQlibs-13.

(schmonz)

doc: Updated net/fehqlibs to 0.9.13c

(schmonz)

Update to 13c (as 0.9.13c). From the changelog:

- Bugs fixed: str_copy (wrong parenthesis setting)
- UI changed: log() -> log_who()
- Added: man str(3)
- Fixed wrong input boundary checking for multiple DNSCACHE variables
  settings in dns_rcip.c. (Tx. J.W.)
- Added missing str_copyb() function in str.c.
- DNS stub return codes straightend with djbdnscurve6-36.

(schmonz)

velox: Fix error in MESSAGE

thanks ng0@ for pointing this out

(nia)

doc: Removed net/bittorrent

(nia)

net: Remove bittorrent

According to the wekpideas this has been unmaintained and replaced with a
closed source version more than a decade ago, ish.

It turned into a fork of uTorrent, so qbittorrent is ~kind of a successor
to this.

(nia)

doc/TODO: Remove qbittorrent

(nia)

doc: Added net/qbittorrent version 4.2.0

(nia)

net: Add qbittorrent.

qBittorrent is a bittorrent client programmed in C++ / Qt that uses libtorrent

The qBittorrent project aims to provide an open-source software alternative
to uTorrent.

(nia)

doc: Added net/libtorrent-rasterbar version 1.2.2

(nia)

Update patch to more portable

a patch caused crashes, use suggestions by upstream that makes it more portable

(nros)

net: Add libtorrent-rasterbar

libtorrent-rasterbar is a feature complete C++ bittorrent implementation
focusing on efficiency and scalability.

(nia)

doc: Updated pkgtools/pkglint to 19.3.19

(rillig)

pkgtools/pkglint: update to 19.3.19

Changes since 19.3.18:

Small improvements to edge cases in SUBST blocks.

Small improvements to edge cases in variable assignment and alignment
of the continuation backslashes.

The --source option shows the changes from autofix, even when the
--show-autofix option is not given. This is a welcome side-effect of
making the autofix logging simpler and more predictable.

(rillig)

doc: Updated www/ruby-puma to 4.3.1

(taca)

www/ruby-puma: update to 4.3.1

## 4.3.1 and 3.12.2 / 2019-12-05

* Security
  * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.

## 4.3.0 / 2019-11-07

* Features
  * Strip whitespace at end of HTTP headers (#2010)
  * Optimize HTTP parser for JRuby (#2012)
  * Add SSL support for the control app and cli (#2046, #2052)

* Bugfixes
  * Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564)
  * Fix pumactl defaulting puma to development if an environment was not specified (#2035)
  * Fix closing file stream when reading pid from pidfile (#2048)
  * Fix a typo in configuration option `--extra_runtime_dependencies` (#2050)

## 4.2.1 / 2019-10-07

* 3 bugfixes
  * Fix socket activation of systemd (pre-existing) unix binder files (#1842, #1988)
  * Deal with multiple calls to bind correctly (#1986, #1994, #2006)
  * Accepts symbols for `verify_mode` (#1222)

## 4.2.0 / 2019-09-23

* 6 features
  * Pumactl has a new -e environment option and reads `config/puma/<environment>.rb` config files (#1885)
  * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine (#1934)
  * Allow extra dependencies to be defined when using prune_bundler (#1105)
  * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost (#1786)
  * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces (#1320)
  * Puma threads all now have their name set on Ruby 2.3+ (#1968)
* 4 bugfixes
  * Fix some misbehavior with phased restart and externally SIGTERMed workers (#1908, #1952)
  * Fix socket closing on error (#1941)
  * Removed unnecessary SIGINT trap for JRuby that caused some race conditions (#1961)
  * Fix socket files being left around after process stopped (#1970)
* Absolutely thousands of lines of test improvements and fixes thanks to @MSP-Greg

## 4.1.1 / 2019-09-05

* 3 bugfixes
  * Revert our attempt to not dup STDOUT/STDERR (#1946)
  * Fix socket close on error (#1941)
  * Fix workers not shutting down correctly (#1908)

## 4.1.0 / 2019-08-08

* 4 features
  * Add REQUEST_PATH on parse error message (#1831)
  * You can now easily add custom log formatters with the `log_formatter` config option (#1816)
  * Puma.stats now provides process start times (#1844)
  * Add support for disabling TLSv1.1 (#1836)

* 7 bugfixes
  * Fix issue where Puma was creating zombie process entries (#1887)
  * Fix bugs with line-endings and chunked encoding (#1812)
  * RACK_URL_SCHEME is now set correctly in all conditions (#1491)
  * We no longer mutate global STDOUT/STDERR, particularly the sync setting (#1837)
  * SSL read_nonblock no longer blocks (#1857)
  * Swallow connection errors when sending early hints (#1822)
  * Backtrace no longer dumped when invalid pumactl commands are run (#1863)

* 5 other
  * Avoid casting worker_timeout twice (#1838)
  * Removed a call to private that wasn't doing anything (#1882)
  * README, Rakefile, docs and test cleanups (#1848, #1847, #1846, #1853, #1859, #1850, #1866, #1870, #1872, #1833, #1888)
  * Puma.io has proper documentation now (https://puma.io/puma/)
  * Added the Contributor Covenant CoC

* 1 known issue
  * Some users are still experiencing issues surrounding socket activation and Unix sockets (#1842)

## 4.0.1 / 2019-07-11

* 2 bugfixes
  * Fix socket removed after reload - should fix problems with systemd socket activation. (#1829)
  * Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. Should fix "undefined symbol: DTLS_method" when compiling against old OpenSSL versions. (#1832)
  * Removed unnecessary RUBY_VERSION checks. (#1827)

## 4.0.0 / 2019-06-25

9 features
  * Add support for disabling TLSv1.0 (#1562)
  * Request body read time metric (#1569)
  * Add out_of_band hook (#1648)
  * Re-implement (native) IOBuffer for JRuby (#1691)
  * Min worker timeout (#1716)
  * Add option to suppress SignalException on SIGTERM (#1690)
  * Allow mutual TLS CA to be set using `ssl_bind` DSL (#1689)
  * Reactor now uses nio4r instead of `select` (#1728)
9 x bugfixes
  * Do not accept new requests on shutdown (#1685, #1808)
  * Fix 3 corner cases when request body is chunked (#1508)
  * Change pid existence check's condition branches (#1650)
  * Don't call .stop on a server that doesn't exist (#1655)
  * Implemented NID_X9_62_prime256v1 (P-256) curve over P-521 (#1671)
  * Fix @notify.close can't modify frozen IOError (RuntimeError) (#1583)
  * Fix Java 8 support (#1773)
  * Fix error `uninitialized constant Puma::Cluster` (#1731)
  * Fix `not_token` being able to be set to true (#1803)

## 3.12.1 / 2019-01-08

* 1 features
  * Internal strings are frozen (#1649)
* 3 bugfixes
  * Fix chunked ending check (#1607)
  * Rack handler should use provided default host (#1700)
  * Better support for detecting runtimes that support `fork` (#1630)

(taca)

doc: Updated www/php-ja-wordpress to 5.3.1

(taca)

www/php-ja-wordpress: update to 5.3.1

Update php-ja-wordpress from 4.5.3 to 5.3.1.

This release contains these security fixes.

* Props to Daniel Bachhuber for finding an issue where an unprivileged
  user could make a post sticky via the REST API.

* Props to Simon Scannell of RIPS Technologies for finding and
  disclosing an issue where cross-site scripting (XSS) could be stored
  in well-crafted links.

* Props to the WordPress.org Security Team for hardening
  wp_kses_bad_protocol() to ensure that it is aware of the named colon
  attribute.

* Props to Nguyen The Duc for discovering a stored XSS vulnerability
  using block editor content.

For more detail about version 5.3.1, please refer
<https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/>

And changes from 4.5.3 to 5.3.0, please refer HOMEPAGE and
<https://wordpress.org/>.

(taca)

Drop php71 support

Drop php71 support mechanically.

(taca)

databases/php-sqlrelay: update PHP_VERSIONS_ACCEPTED

Update PHP_VERSIONS_ACCEPTED, replace php71 with php73.

(taca)

lang/php: remove php71 support

Remove php71 (PHP 7.1.x) support.

(taca)

doc: remove PHP 7.1.x pacakges

lang/php71
meta-pkgs/php71-extensions

(taca)

lang/php71: remove php71 package

Remove php71 pacakge since PHP 7.1.x is EOL.

(taca)

lang/Makefile: remove php71

(taca)

meta-pkgs/php71-extensions: remove EOL package

Remove php71-extensions package since PHP 7.1.x is EOL.

(taca)

meta-pkgs/Makefile: remove php71-extensions

(taca)

doc: Updated meta-pkgs/bulk-medium to 20191216

(taca)

meta-pkgs/bulk-medium: build php73 instead of php71

Update bulk-medium to 20191216.

* Build php73 instead of php71.

(taca)

lang/php*: clean up php langauges

Clean up php languages.

* Clean up php/phpversions.mk a little.
* Add php/replace.mk to provide common shebang line replace for PHP.
* Define USE_TOOLS before including <bsd.prefs.mk>.
* Fix most warnings of pkglint.

No functional change should be done.

(taca)

mk/defaults/options.description: add some descrptions

Add descrption of ap-php, argon2, disable-filter-url, php-cgi and php-fpm.

(taca)

Also install host-cpu-c-abi.m4 from gettext-tools/gnulib-m4

This fixes errors about gl_HOST_CPU_C_ABI_32BIT not being defined when
running autoreconf, and errors about such a command not being found when
the generated configure script is run.

configure.ac:20: warning: gl_HOST_CPU_C_ABI_32BIT is m4_require'd but not m4_defun'd

Based on only a cursory understanding of autoconf, it seems like all
the files in share/aclocal are always included. Therefore it should be
possible to detect errors like this by running autoconf or autoreconf,
before committing to pkgsrc.

(kim)

Pullup tickets #6101, #6102 and #6104

(bsiegert)

Pullup ticket #6104 - requested by bouyer
sysutils/xenkernel411, sysutils/xentools411: security fix

Revisions pulled up:
- sysutils/xenkernel411/Makefile                                1.12
- sysutils/xenkernel411/distinfo                                1.9
- sysutils/xenkernel411/patches/patch-XSA298                    deleted
- sysutils/xenkernel411/patches/patch-XSA299                    deleted
- sysutils/xenkernel411/patches/patch-XSA302                    deleted
- sysutils/xenkernel411/patches/patch-XSA304                    deleted
- sysutils/xenkernel411/patches/patch-XSA305                    deleted
- sysutils/xenkernel411/patches/patch-XSA306                    deleted
- sysutils/xenkernel411/patches/patch-XSA307                    1.1
- sysutils/xenkernel411/patches/patch-XSA308                    1.1
- sysutils/xenkernel411/patches/patch-XSA309                    1.1
- sysutils/xenkernel411/patches/patch-XSA310                    1.1
- sysutils/xenkernel411/patches/patch-XSA311                    1.1
- sysutils/xentools411/Makefile                                1.12
- sysutils/xentools411/distinfo                                1.8

---
  Module Name: pkgsrc
  Committed By: bouyer
  Date: Fri Dec 13 13:44:21 UTC 2019

  Modified Files:
  pkgsrc/sysutils/xenkernel411: Makefile distinfo
  pkgsrc/sysutils/xentools411: Makefile distinfo
  Added Files:
  pkgsrc/sysutils/xenkernel411/patches: patch-XSA307 patch-XSA308
      patch-XSA309 patch-XSA310 patch-XSA311
  Removed Files:
  pkgsrc/sysutils/xenkernel411/patches: patch-XSA298 patch-XSA299
      patch-XSA302 patch-XSA304 patch-XSA305 patch-XSA306

  Log Message:
  Update xenkernel411 to 4.11.3nb1, and xentools411 to 4.11.3
  (PKGREVISION not reset on xenkernel411 on purpose, to enphasis that it's
  not a stock Xen 4.11.3 kernel).
  Changes since 4.11.2:
  - includes all security patches up to XSA306
  - other minor bug fixes, hardware support and performances improvements

  In addition, xenkernel411 includes all security patches released since 4.11.3,
  up to XSA311

(bsiegert)

waf: When replacing the executable we generally actually want it installed

(nia)

Pullup ticket #6102 - requested by nia
devel/libgit2: security fix

Revisions pulled up:
- devel/libgit2/Makefile                                        1.41
- devel/libgit2/distinfo                                        1.19

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Sat Dec 14 02:57:02 UTC 2019

  Modified Files:
  pkgsrc/devel/libgit2: Makefile distinfo

  Log Message:
  libgit2: Update to 0.28.4

  v0.28.4
  --------

  This is a security release fixing the following issues:

  - CVE-2019-1348: the fast-import stream command "feature
    export-marks=path" allows writing to arbitrary file paths. As
    libgit2 does not offer any interface for fast-import, it is not
    susceptible to this vulnerability.

  - CVE-2019-1349: by using NTFS 8.3 short names, backslashes or
    alternate filesystreams, it is possible to cause submodules to
    be written into pre-existing directories during a recursive
    clone using git. As libgit2 rejects cloning into non-empty
    directories by default, it is not susceptible to this
    vulnerability.

  - CVE-2019-1350: recursive clones may lead to arbitrary remote
    code executing due to improper quoting of command line
    arguments. As libgit2 uses libssh2, which does not require us
    to perform command line parsing, it is not susceptible to this
    vulnerability.

  - CVE-2019-1351: Windows provides the ability to substitute
    drive letters with arbitrary letters, including multi-byte
    Unicode letters. To fix any potential issues arising from
    interpreting such paths as relative paths, we have extended
    detection of DOS drive prefixes to accomodate for such cases.

  - CVE-2019-1352: by using NTFS-style alternative file streams for
    the ".git" directory, it is possible to overwrite parts of the
    repository. While this has been fixed in the past for Windows,
    the same vulnerability may also exist on other systems that
    write to NTFS filesystems. We now reject any paths starting
    with ".git:" on all systems.

  - CVE-2019-1353: by using NTFS-style 8.3 short names, it was
    possible to write to the ".git" directory and thus overwrite
    parts of the repository, leading to possible remote code
    execution. While this problem was already fixed in the past for
    Windows, other systems accessing NTFS filesystems are
    vulnerable to this issue too. We now enable NTFS protecions by
    default on all systems to fix this attack vector.

  - CVE-2019-1354: on Windows, backslashes are not a valid part of
    a filename but are instead interpreted as directory separators.
    As other platforms allowed to use such paths, it was possible
    to write such invalid entries into a Git repository and was
    thus an attack vector to write into the ".git" dierctory. We
    now reject any entries starting with ".git\" on all systems.

  - CVE-2019-1387: it is possible to let a submodule's git
    directory point into a sibling's submodule directory, which may
    result in overwriting parts of the Git repository and thus lead
    to arbitrary command execution. As libgit2 doesn't provide any
    way to do submodule clones natively, it is not susceptible to
    this vulnerability. Users of libgit2 that have implemented
    recursive submodule clones manually are encouraged to review
    their implementation for this vulnerability.

(bsiegert)

Pullup ticket #6101 - requested by nia
converters/fribidi: security fix

Revisions pulled up:
- converters/fribidi/Makefile                                  1.27
- converters/fribidi/distinfo                                  1.14

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Sat Dec 14 02:56:27 UTC 2019

  Modified Files:
  pkgsrc/converters/fribidi: Makefile distinfo

  Log Message:
  fribidi: Update to 1.0.8

  Overview of changes between 1.0.7 and 1.0.8
  =============================================

  * A bug fix in the fribidi unicode algorithm for multiple isolate sequences.

  * Fixed a potential buffer overflow for a long sequence of isolate overrides characters

(bsiegert)

Note update of net/fstrm to 0.6.0nb1.

(he)

Fix format / buffer size warnings with newer gcc (7.4.0) by
also leaving room for the terminating 0 character.
Also submitted as https://github.com/farsightsec/fstrm/pull/63
Bump PKGREVISION.

(he)

doc: Updated news/flnews to 0.17

(micha)

news/flnews: Update to 0.17

Removed pkgsrc patches merged upstream.

Changelog
=========

0.17      Bugfix: Configuration test result for inttypes.h presence is used,
            reintroduce the test removed for 0.16
          Bugfix: BSD version of ntohl() for old systems was broken
          Bugfix: ISO-2022-JP decoder: Mask for unassigned codepoints fixed
          Bugfix: SHA2 support in OpenSSL 1.0.0 must be explicitly enabled
          Display article from "news" type URI in separate window (if it's not
            found in current group)
          Clickable References added (articles displayed in separate window)
          Search for Message-ID added to the Tools menu (Keyboard shortcut
            is Ctrl-s)
          Previous read article (in current group) menu entry added
          Keyboard shortcut for "Quit" changed from Ctrl-x to Ctrl-q (Proposed
            by Marcel Logen)
          Keyboard shortcut for "View source" changed from Ctrl-v to Ctrl-e
            (Proposed by Marcel Logen)
          Menu entry "Article->Mark as unread" (Ctrl-u) changed to toggle
            between read and unread state (Proposed by Marcel Logen)
          Command line option "-4" added (force usage of IPv4 network protocol)
          Flowed format: The 'flowed_insert_crlf' entry in configfile adds an
            empty line separator after every paragraph that ends with an empty
            line. Defaults to 0 (former behaviour)
          Flowed format: The behaviour of 'flowed_insert_crlf' can be requested
            by the sender of an article with "InsLine=yes" in the Content-Type
            headerfield.
          TLS module can now use OpenSSL 3 API (required for FFDHE group
            negotiation with TLSv1.2 and TLSv1.3 protocols)
          TLS module can now use LibreSSL 3 (formerly major version 2 was used
            to identify LibreSSL and distinguish it from OpenSSL)
          TLS modules compile time option 'CFG_USE_TLS_OWNCERTS' replaced by
            the new 'tls_owncerts' entry in configfile
          TLS modules experimental compile time option 'CFG_USE_TLS_CRLS'
            replaced by normal option 'CFG_TLS_CRLS_DISABLE'. Default is to use
            no CRLs (former behaviour) because this option increases the system
            requirements (to POSIX.1-2001 or XSI extension)
          TLS module now supports new 'crl_check' entry in configfile (ignored
            if CFG_TLS_CRLS_DISABLE is nonzero)
          TLS module now prints real LibreSSL version instead of generic 2.0.0
          TLS module no longer supports options 'CFG_USE_TLS_DHPARAM_CHECK' and
            'CFG_USE_TLS_SETSIGALG'. They were obsoleted by the OpenSSL 1.1 API
          Unicode database updated to version 12.1.0
          GUI module no longer supports experimental FLTK 1.3 option
            'USE_X11_GLYPH_SUBSTITUTION'. It was obsoleted by FLTK 1.4
          Modified LaTeX documentation to work with recent doxygen

(micha)

doc: Added x11/qt5ct version 0.41

(kamil)

+ qt5ct

(kamil)

x11/qt5ct: import qt5ct-0.41

This program allows users to configure Qt5 settings
(theme, font, icons, etc.) under DE/WM without Qt integration.

(kamil)

Updated devel/py-astor, devel/py-test-rerunfailures

(adam)

py-test-rerunfailures: updated 8.0

8.0:
Backwards incompatible changes
- Drop support for pytest version 3.10, 4.0, 4.1, 4.2 and 4.3
- Drop support for Python 3.4.

Features
- Add support for pytest version 4.4, 4.5, 4.6, 5.0, 5.1 and 5.2.

Bug fixes
- Explicitly depend on setuptools to ensure installation when working in
  environments without it.

(adam)

py-astor: updated to 0.8.1

0.8.1:
Create sdist before making a test release too

(adam)

Updated graphics/opencv, graphics/opencv-contrib-face

(adam)

opencv: updated to 3.4.8

version:3.4.8
OpenCV 3.4.8 has been released. Bug fixes, optimizations and other enhancements are propagated into OpenCV 4.1.2.

version:3.4.7
OpenCV 3.4.7 has been released. Bug fixes, optimizations and other enhancements are propagated into OpenCV 4.1.1.

(adam)

doc: Updated www/libmicrohttpd to 0.9.69

(ng0)

www/libmicrohttpd: Update to version 0.9.69

Changelog:

Sun 15 Dec 2019 02:12:02 PM CET
    Fix send() call (affects Mac OS X). #5977 -CG/fbrault
    Releasing libmicrohttpd 0.9.69. -CG

Fri 29 Nov 2019 11:22:25 PM CET
    If application suspends a connection before we could send 100 CONTINUE,
    give application another shot at queuing a reply before the upload begins. -CG

(ng0)

doc: Updated wm/marco to 1.22.4

(gutteridge)

marco: update to 1.22.4

Change log:

### marco 1.22.4

  * update translations
  * Revert "compositor: fix possible crash closing/destroying window"
  * theme.c: Fix window control hidpi rendering for all themes.
  * theme: Render window control buttons and icons as surfaces

### marco 1.22.3

  * update translations
  * frames: bump priority of style providers
  * window: add _GTK_THEME_VARIANT to initial window properties
  * frames: apply modified hack from Mutter/Metacity
  * frames: avoid infinite loop on the variants GList
  * frames: use style_updated instead of style_set
  * Fixed moving windows to edges to work with CSD clients.
  * window: Update allowed action hints
  * build: Remove rationales.txt from EXTRA_DIST target
  * Fix use of RBGA visual in frame.c when compositing is not in use
  * drop old and obsolete rationales.txt
  * boxes: Actually check for rectangle containment

(gutteridge)

doc: Updated print/atril to 1.22.3

(gutteridge)