Pullup ticket #6074 - requested by taca
www/ruby-loofah: seucurity fix

Revisions pulled up:
- www/ruby-loofah/Makefile                                      1.6
- www/ruby-loofah/PLIST                                        1.5
- www/ruby-loofah/distinfo                                      1.6

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Tue Oct 22 16:24:20 UTC 2019

  Modified Files:
  pkgsrc/www/ruby-loofah: Makefile PLIST distinfo

  Log Message:
  www/ruby-loofah: update to 2.3.1

  ## 2.3.1 / 2019-10-22

  ### Security

  Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

  This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

  ## 2.3.0 / unreleased

  ### Features

  * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
  * Expand set of allowed CSS functions. [related to #122]
  * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
  * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
  * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
  * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

  ### Bug fixes

  * CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

  ### Deprecations / Name Changes

  The following method and constants are hereby deprecated, and will be completely removed in a future release:

  * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
  * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
  * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

  Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

(bsiegert)

added nsm to changes-2019

(ng0)

Note update of vim

(morr)

Reset PKGREVISION

(morr)

Update to version 8.1.2200.

Patches:
8.1.1779  not showing the popup window right border is confusing
8.1.1780  warning for file no longer available is repeated
8.1.1781  Amiga: no builtin OS readable version info
8.1.1782  MS-Windows: system() has temp file error with 'noshelltemp'
8.1.1783  MS-Windows: compiler test may fail when using %:S
8.1.1784  MS-Windows: resolve() does not work if serial nr duplicated
8.1.1785  map functionality mixed with character input
8.1.1786  double click in popup scrollbar starts selection
8.1.1787  cannot resize a popup window
8.1.1788  missing changes in proto file
8.1.1789  cannot see file name of preview popup window
8.1.1790  :mkvimrc is not tested
8.1.1791  'completeslash' also applies to globpath()
8.1.1792  the vgetorpeek() function is too long
8.1.1793  mixed comment style in globals
8.1.1794  tests are flaky
8.1.1795  no syntax HL after splitting windows with :bufdo
8.1.1796  :argdo is not tested
8.1.1797  the vgetorpeek() function is too long
8.1.1798  warning for unused variable in tiny version
8.1.1799  cannot avoid mapping for a popup window
8.1.1800  function call functions have too many arguments
8.1.1801  cannot build without the +eval feature
8.1.1802  missing change to call_callback()
8.1.1803  all builtin functions are global
8.1.1804  no test for display updating without a scroll region
8.1.1805  au_did_filetype is declared twice
8.1.1806  test for display updating doesn't check without statusline
8.1.1807  more functions can be used as a method
8.1.1808  build failure for tiny version
8.1.1809  more functions can be used as a method
8.1.1810  popup_getoptions() is missing an entry for "mapping"
8.1.1811  popup window color cannot be set to "Normal"
8.1.1812  reading a truncted undo file hangs Vim
8.1.1813  ATTENTION prompt for a preview popup window
8.1.1814  a long title in a popup window overflows
8.1.1815  duplicating info for internal functions
8.1.1816  cannot use a user defined function as a method
8.1.1817  github contribution text is incomplete
8.1.1818  unused variable
8.1.1819  :pedit does not work with a popup preview window
8.1.1820  using expr->FuncRef() does not work
8.1.1821  no test for wrong number of method arguments
8.1.1822  confusing error message when range is not allowed
8.1.1823  command line history code is spread out
8.1.1824  crash when correctly spelled word is very long
8.1.1825  allocating more memory than needed for extended structs
8.1.1826  tests use hand coded feature and option checks
8.1.1827  allocating more memory than needed for extended structs
8.1.1828  not strict enough checking syntax of method invocation
8.1.1829  difference in screenshots
8.1.1830  Travis does not report error when tests fail
8.1.1831  confusing skipped message
8.1.1832  win_execute() does not work in other tab
8.1.1833  allocating a bit too much when there is no bad word.
8.1.1834  cannot use a lambda as a method
8.1.1835  cannot use printf() as a method
8.1.1836  inaccurate memory estimate for Amiga-like OS
8.1.1837  popup test fails if clipboard is supported but not working
8.1.1838  there is :spellwrong and :spellgood but not :spellrare
8.1.1839  insufficient info when test fails because of screen size
8.1.1840  Testing: WorkingClipboard() is not accurate
8.1.1841  no test for Ex shift commands
8.1.1842  test listed as flaky should no longer be flaky
8.1.1843  might be freeing memory that was not allocated
8.1.1844  buffer no longer unloaded when adding text properties
8.1.1845  may use NULL pointer when running out of memory
8.1.1846  inconsistently using GetVimCommand() and v:progpath
8.1.1847  suspend test is failing
8.1.1848  'langmap' is not used for CTRL-W command in terminal
8.1.1849  some insert complete functions in the wrong file
8.1.1850  focus may remain in popup window
8.1.1851  crash when sound_playfile() callback plays sound
8.1.1852  timers test is flaky
8.1.1853  timers test is still flaky
8.1.1854  now another timer test is flaky
8.1.1855  another failing timer test
8.1.1856  popup preview test fails sometimes
8.1.1857  cannot use modifier with multi-byte character
8.1.1858  test for multi-byte mapping fails on some systems
8.1.1859  timer test sometimes fails on Mac
8.1.1860  map timeout test is flaky
8.1.1861  only some assert functions can be used as a method
8.1.1862  Coverity warns for not using return value
8.1.1863  confusing error when using a builtin function as method
8.1.1864  still a timer test that is flaky on Mac
8.1.1865  spellrare and spellrepall in the wrong order
8.1.1866  modeless selection in GUI does not work properly
8.1.1867  still a timer test that is flaky on Mac
8.1.1868  multi-byte chars in 'listchars' fail with 'linebreak' set
8.1.1869  code for the argument list is spread out
8.1.1870  using :pedit from a help file sets help filetype
8.1.1871  modeless selection in GUI still not correct
8.1.1872  when Vim exits because of a signal, VimLeave is not triggered
8.1.1873  cannot build tiny version
8.1.1874  modeless selection in popup window overlaps scrollbar
8.1.1875  cannot get size and position of the popup menu
8.1.1876  proto file missing from distribution
8.1.1877  graduated features scattered
8.1.1878  negative float before method not parsed correctly
8.1.1879  more functions can be used as methods
8.1.1880  cannot show extra info for completion in a popup window
8.1.1881  popup window test fails in some configurations
8.1.1882  cannot specify properties of the info popup window
8.1.1883  options test fails
8.1.1884  cannot use mouse scroll wheel in popup in Insert mode
8.1.1885  comments in libvterm are inconsistent
8.1.1886  command line expansion code is spread out
8.1.1887  the +cmdline_compl feature is not in the tiny version
8.1.1888  more functions can be used as methods
8.1.1889  Coverity warns for using a NULL pointer
8.1.1890  ml_get error when deleting fold marker
8.1.1891  functions used in one file are global
8.1.1892  missing index entry and option menu for 'completepopup'
8.1.1893  script to summarize test results can be improved
8.1.1894  not checking for out-of-memory of autoload_name()
8.1.1895  using NULL pointer when out of memory
8.1.1896  compiler warning for unused variable
8.1.1897  may free memory twice when out of memory
8.1.1898  crash when out of memory during startup
8.1.1899  sign_place() does not work as documented
8.1.1900  sign test fails in the GUI
8.1.1901  the +insert_expand feature is not always available
8.1.1902  cannot have an info popup without a border
8.1.1903  cannot build without the +eval feature
8.1.1904  cannot have an info popup align with the popup menu
8.1.1905  cannot set all properties of the info popup
8.1.1906  info popup size is sometimes incorrect
8.1.1907  wrong position for info popup with scrollbar on the left
8.1.1908  every popup window consumes a buffer number
8.1.1909  more functions can be used as methods
8.1.1910  redrawing too much when toggling 'relativenumber'
8.1.1911  more functions can be used as methods
8.1.1912  more functions can be used as methods
8.1.1913  not easy to compute the space on the command line
8.1.1914  command line expansion code is spread out
8.1.1915  more functions can be used as methods
8.1.1916  trying to allocate negative amount of memory closing popup
8.1.1917  non-current window is not redrawn when moving popup
8.1.1918  redrawing popups is inefficient
8.1.1919  using window options when passing a buffer to popup_create()
8.1.1920  cannot always close a popup when filter consumes all events
8.1.1921  more functions can be used as methods
8.1.1922  in diff mode global operations can be very slow
8.1.1923  some source files are not in a normal encoding
8.1.1924  using empty string for current buffer is unexpected
8.1.1925  more functions can be used as methods
8.1.1926  cursorline not redrawn when putting a line above the cursor
8.1.1927  code for dealing with script files is spread out
8.1.1928  popup windows don't move with the text when making changes
8.1.1929  no tests for text property popup window
8.1.1930  cannot recognize .jsx and .tsx files
8.1.1931  syntax test fails
8.1.1932  ml_get errors after using append()
8.1.1933  the eval.c file is too big
8.1.1934  not enough tests for text property popup window
8.1.1935  test for text property popup window is flaky
8.1.1936  not enough tests for text property popup window
8.1.1937  errors when using javascriptreact
8.1.1938  may crash when out of memory
8.1.1939  code for handling v: variables in generic eval file
8.1.1940  script tests fail
8.1.1941  getftype() test fails on Mac
8.1.1942  shadow directory gets outdated when files are added
8.1.1943  more code can be moved to evalvars.c
8.1.1944  leaking memory when using sound callback
8.1.1945  popup window "firstline" cannot be reset
8.1.1946  memory error when profiling a function without a script ID
8.1.1947  when executing one test the report doesn't show it
8.1.1948  mouse doesn't work in Linux console
8.1.1949  cannot scroll a popup window to the very bottom
8.1.1950  using NULL pointer after an out-of-memory
8.1.1951  mouse double click test is a bit flaky
8.1.1952  more functions can be used as a method
8.1.1953  more functions can be used as a method
8.1.1954  more functions can be used as a method
8.1.1955  tests contain typos
8.1.1956  screenshot tests may use a different encoding
8.1.1957  more code can be moved to evalvars.c
8.1.1958  old style comments taking up space
8.1.1959  when using "firstline" in popup window text may jump
8.1.1960  fold code is spread out
8.1.1961  more functions can be used as a method
8.1.1962  leaking memory when using tagfunc()
8.1.1963  popup window filter may be called recursively
8.1.1964  crash when using nested map() and filter()
8.1.1965  search count message is not displayed when using a mapping
8.1.1966  some code in options.c fits better elsewhere
8.1.1967  line() only works for the current window
8.1.1968  crash when using nested map()
8.1.1969  popup window filter is used in all modes
8.1.1970  search stat space wrong, no test for 8.1.1965
8.1.1971  manually enabling features causes build errors
8.1.1972  no proper test for getchar()
8.1.1973  cannot build without the quickfix feature
8.1.1974  Coverity warns for using pointer as array
8.1.1975  MS-Windows GUI responds slowly to timer
8.1.1976  Travis log always shows test output
8.1.1977  terminal debugger plugin may hang
8.1.1978  the eval.c file is too big
8.1.1979  code for handling file names is spread out
8.1.1980  fix for search stat not tested
8.1.1981  the evalfunc.c file is too big
8.1.1982  more functions can be used as methods
8.1.1983  compiler nags for uninitialized variable and unused function
8.1.1984  more functions can be used as methods
8.1.1985  code for dealing with paths is spread out
8.1.1986  more functions can be used as methods
8.1.1987  more functions can be used as methods
8.1.1988  :startinsert! does not work the same way as "A"
8.1.1989  the evalfunc.c file is still too big
8.1.1990  cannot build with eval but without cscope
8.1.1991  still cannot build with eval but without cscope
8.1.1992  the search stat moves when wrapping at the end of the buffer
8.1.1993  more functions can be used as methods
8.1.1994  MS-Windows: cannot build with eval but without cscope
8.1.1995  more functions can be used as methods
8.1.1996  more functions can be used as methods
8.1.1997  no redraw after a popup window filter is invoked
8.1.1998  redraw even when no popup window filter was invoked
8.1.1999  calling both PlaySoundW() and PlaySoundA()
8.1.2000  plugin cannot get the current IME status
8.1.2001  some source files are too big
8.1.2002  version number 2000 missing
8.1.2003  MS-Windows: code page 65001 is not recognized
8.1.2004  more functions can be used as methods
8.1.2005  the regexp.c file is too big
8.1.2006  build failure with huge features but without channel feature
8.1.2007  no test for what 8.1.1926 fixes
8.1.2008  error for invalid range when using listener and undo
8.1.2009  cursorline highlighting not updated in popup window
8.1.2010  new file uses old style comments
8.1.2011  more functions can be used as methods
8.1.2012  more functions can be used as methods
8.1.2013  more functions can be used as methods
8.1.2014  terminal altscreen test fails sometimes
8.1.2015  terminal altscreen test still fails sometimes
8.1.2016  terminal altscreen test now fails on MS-Windows
8.1.2017  cannot execute commands after closing the cmdline window
8.1.2018  using freed memory when out of memory and displaying message
8.1.2019  'cursorline' always highlights the whole line
8.1.2020  it is not easy to change the window layout
8.1.2021  some global functions can be local to the file
8.1.2022  the option.c file is too big
8.1.2023  no test for synIDattr() returning "strikethrough"
8.1.2024  delete call commented out for debugging
8.1.2025  MS-Windows: Including shlguid.h causes problems for msys2
8.1.2026  possibly using uninitialized memory
8.1.2027  MS-Windows: problem with ambiwidth characters
8.1.2028  options test script does not work
8.1.2029  cannot control 'cursorline' highlighting well
8.1.2030  tests fail when build with normal features and terminal
8.1.2031  cursor position wrong when resizing and using conceal
8.1.2032  scrollbar thumb wrong in popup window
8.1.2033  cannot build with tiny features
8.1.2034  dark theme of GTK 3 not supported
8.1.2035  recognizing octal numbers is confusing
8.1.2036  the str2nr() tests fail
8.1.2037  can call win_gotoid() in cmdline window
8.1.2038  has('vimscript-4') is always 0
8.1.2039  character from 'showbreak' does not use 'wincolor'
8.1.2040  no highlighting of current line in quickfix window
8.1.2041  no test for diff mode with syntax highlighting
8.1.2042  the evalfunc.c file is too big
8.1.2043  not sufficient testing for quoted numbers
8.1.2044  no easy way to process postponed work
8.1.2045  the option.c file is too big
8.1.2046  SafeState may be triggered at the wrong moment
8.1.2047  cannot check the current state
8.1.2048  not clear why SafeState and SafeStateAgain are not triggered
8.1.2049  cannot build tiny version
8.1.2050  popup window test fails in some configurations
8.1.2051  double-click test is a bit flaky
8.1.2052  using "x" before a closed fold may delete that fold
8.1.2053  SafeStateAgain not triggered if callback uses feedkeys()
8.1.2054  compiler test for Perl may fail
8.1.2055  not easy to jump to function line from profile
8.1.2056  "make test" for indent files doesn't cause make to fail
8.1.2057  the screen.c file is much too big
8.1.2058  function for ex command is named inconsistently
8.1.2059  fix for "x" deleting a fold has side effects
8.1.2060  "precedes" in 'listchars' not used properly
8.1.2061  MS-Windows GUI: ":sh" crashes when trying to use a terminal
8.1.2062  the mouse code is spread out
8.1.2063  some tests fail when +balloon_eval_term is missing
8.1.2064  MS-Windows: compiler warnings for unused arguments
8.1.2065  compiler warning building non-GUI with MinGW.
8.1.2066  no tests for state()
8.1.2067  no tests for SafeState and SafeStateAgain
8.1.2068  test for SafeState and SafeStateAgain may fail
8.1.2069  test for SafeStateAgain may still fail
8.1.2070  mouse code is spread out
8.1.2071  when 'wincolor' is set text property changes highlighting
8.1.2072  "gk" moves to start of line instead of upwards
8.1.2073  when editing a buffer 'colorcolumn' may not work
8.1.2074  test for SafeState autocommand is a bit flaky
8.1.2075  get many log messages when waiting for a typed character
8.1.2076  crash when trying to put a terminal in a popup window
8.1.2077  the ops.c file is too big
8.1.2078  build error with +textprop but without +terminal
8.1.2079  popup window test fails without +terminal
8.1.2080  the terminal API is limited and can't be disabled
8.1.2081  the spell.c file is too big
8.1.2082  some files have a weird name to fit in 8.3 characters
8.1.2083  multi-byte chars do not work properly with "%.*S" in printf()
8.1.2084  Amiga: cannot get the user name
8.1.2085  MS-Windows: draw error moving cursor over double-cell char
8.1.2086  missing a few changes for the renamed files
8.1.2087  cannot easily select one test function to execute
8.1.2088  renamed libvterm mouse.c file not in distributed file list
8.1.2089  do not get a hint that $TEST_FILTER was active
8.1.2090  not clear why channel log file ends
8.1.2091  double free when memory allocation fails
8.1.2092  MS-Windows: redirect in system() does not work
8.1.2093  MS-Windows: system() test fails
8.1.2094  the fileio.c file is too big
8.1.2095  leaking memory when getting item from dict
8.1.2096  too many #ifdefs
8.1.2097  :mksession is not sufficiently tested
8.1.2098  mksession test fails on MS-Windows
8.1.2099  state() test fails on some Mac systems
8.1.2100  :mksession is not sufficiently tested
8.1.2101  write_session_file() often defined but not used
8.1.2102  can't build with GTK and FEAT_GUI_GNOME
8.1.2103  wrong error message if "termdebugger" is not executable
8.1.2104  the normal.c file is too big
8.1.2105  MS-Windows: system() may crash
8.1.2106  no tests for dragging the mouse beyond the window
8.1.2107  various memory leaks reported by asan
8.1.2108  cannot close the cmdline window from CmdWinEnter
8.1.2109  popup_getoptions() hangs with tab-local popup
8.1.2110  CTRL-C closes two popups instead of one
8.1.2111  viminfo file not sufficiently tested
8.1.2112  build number for ConPTY is outdated
8.1.2113  ":help expr-!~?" only works after searching
8.1.2114  when a popup is closed with CTRL-C the callback aborts
8.1.2115  MS-Windows: shell commands fail if &shell contains a space
8.1.2116  no check for out of memory
8.1.2117  CursorLine highlight used while 'cursorline' is off
8.1.2118  termcodes test fails when $TERM is "dumb"
8.1.2119  memory access error for empty string
8.1.2120  some MB_ macros are more complicated than necessary
8.1.2121  mode is not updated when switching to terminal
8.1.2122  cannot build without terminal feature
8.1.2123  parsing CSI sequence is messy
8.1.2124  ruler is not updated if win_execute() moves cursor
8.1.2125  fnamemodify() fails when repeating :e
8.1.2126  viminfo not sufficiently tested
8.1.2127  the indent.c file is a bit big
8.1.2128  renamed libvterm sources makes merging difficult
8.1.2129  using hard coded executable path in test
8.1.2130  MSVC build fails
8.1.2131  MSVC tests fail
8.1.2132  MS-Windows: screen mess when not recognizing insider build
8.1.2133  some tests fail when run as root
8.1.2134  modifier keys are not always recognized
8.1.2135  with modifyOtherKeys Alt-a does not work properly
8.1.2136  using freed memory with autocmd from fuzzer
8.1.2137  parsing the termresponse is not tested
8.1.2138  including the build number in the Win32 binary is confusing
8.1.2139  the modifyOtherKeys codes are not tested
8.1.2140  "gk" and "gj" do not work correctly in number column
8.1.2141  :tselect has an extra hit-enter prompt
8.1.2142  some key mappings do not work with modifyOtherKeys
8.1.2143  cannot see each command even when 'verbose' is set
8.1.2144  side effects when using t_ti to enable modifyOtherKeys
8.1.2145  cannot map <C-H> when modifyOtherKeys is enabled
8.1.2146  build failure
8.1.2147  crash when allocating memory fails
8.1.2148  no test for right click extending Visual area
8.1.2149  crash when running out of memory very early
8.1.2150  no test for 'ttymouse' set from xterm version response
8.1.2151  state test is a bit flaky
8.1.2152  problems navigating tags file on MacOS Catalina
8.1.2153  combining text property and syntax highlight is wrong
8.1.2154  quickfix window height wrong when there is a tabline
8.1.2155  in a terminal window 'cursorlineopt' does not work properly
8.1.2156  first character after Tab is not highlighted
8.1.2157  libvterm source files missing from distribution
8.1.2158  terminal attributes missing in Terminal-normal mode
8.1.2159  some mappings are listed twice
8.1.2160  cannot build with +syntax but without +terminal
8.1.2161  mapping test fails
8.1.2162  popup resize test is flaky
8.1.2163  cannot build with +spell but without +syntax
8.1.2164  stuck when using "j" in a popupwin with popup_filter_menu
8.1.2165  mapping test fails on Mac
8.1.2166  rubyeval() not tested as a method
8.1.2167  mapping test fails on MS-Windows
8.1.2168  heredoc assignment not skipped in if block
8.1.2169  terminal flags are never reset
8.1.2170  cannot build without the +termresponse feature
8.1.2171  mouse support not always available
8.1.2172  spell highlight is wrong at start of the line
8.1.2173  searchit() has too many arguments
8.1.2174  screen not recognized as supporting "sgr" mouse codes
8.1.2175  meson files are not recognized
8.1.2176  syntax attributes not combined with Visual highlighting
8.1.2177  Dart files are not recognized
8.1.2178  accessing uninitialized memory in test
8.1.2179  pressing "q" at the more prompt doesn't stop Python output
8.1.2180  Error E303 is not useful when 'directory' is empty
8.1.2181  highlighting wrong when item follows tab
8.1.2182  test42 seen as binary by git diff
8.1.2183  running a test is a bit verbose
8.1.2184  option context is not copied when splitting a window
8.1.2185  syntax test fails
8.1.2186  cannot build without the +eval feature
8.1.2187  error for bad regexp even though regexp is not used
8.1.2188  build error for missing define
8.1.2189  syntax highlighting wrong for tab
8.1.2190  syntax test fails on Mac
8.1.2191  when using modifyOtherKeys CTRL-X mode may not work
8.1.2192  cannot easily fill the info popup asynchronously
8.1.2193  popup_setoptions(popup_getoptions()) does not work
8.1.2194  modifyOtherKeys is not enabled by default
8.1.2195  Vim does not exit when the terminal window is last window
8.1.2196  MS-Windows: running tests with MSVC lacks updates
8.1.2197  ExitPre autocommand may cause accessing freed memory
8.1.2198  crash when using :center in autocommand
8.1.2199  build failure when using normal features without GUI
8.1.2200  crash when memory allocation fails

(morr)

Note update of www/wordpress

(morr)

Maintenance and security update to version 5.2.4.

Changes:
5.2.4:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

5.2.3:
#38415: New Custom Link menu item has a wrong fallback label
#45739: Block Editor: $editor_styles bug.
#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#46757: Media Trash: The Bulk Media options when in the Trash shouldn窶冲 provide two primary buttons
#46758: Media Trash: Primary button(s) should be on the left
#46899: Ensure that tables generated by the Settings API have no semantics
#47079: Incorrect version for excerpt_allowed_blocks filter
#47113: Media views: dismiss notice button is invisible
#47145: Feature Image dialog does not follow the dialog pattern
#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47390: Improve accessibility of forms elements within some 窶彷orm-table窶� forms
#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47458: Fix tab sequence order in the Media attachment browser
#47489: Emoji are substituted in preformatted blocks
#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47538: Minor Verbiage Update 窶� Switch 窶賄eveloper time窶� for 窶和 developer窶�
#47543: Twenty Seventeen: buttons don窶冲 change color on hover and focus
#47561: Plugin: View details popup layout issue
#47603: My account toggle on admin bar not visible at high zoom levels
#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47687: Use alt tags for gallery images in editor
#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47693: customizer Color picker should get closed when click on color picker area.
#47723: Adding a custom link in nav-menus.php doesn窶冲 trim whitespace
#47758: Font sizes on installation screen are too small
#47835: PHP requirement always set to null for plugins
#47888: Adding a custom link in menu via Customize doesn窶冲 trim whitespace.

Security Fixes
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of Fortinet窶冱 FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.

(morr)

doc: Added emulators/cannonball version 0.3.20190924

(fox)

Added cannonball to Makefile SUBDIRs.

(fox)

Import of cannonball 0.3.20190924 as emulators/cannonball.

CannonBall is a program which allows you to play an enhanced version
of Yu Suzuki's seminal arcade racer, OutRun, on a variety of systems.

(fox)

alure: use a PLIST variable to account for different names on macos.

From Clement Bouvier in PR pkg/54418, modified to be in the existing
PLIST file, to make it obvious for non-macos updates that if a new
file gets added, it shoudl be added for the mac variant naming as well.

(maya)

libvisual: comment out HAVE_SCHED on macos. it is missing the optional
sched_setscheduler needed by this package.

XXX would be nicer to have done this via an upstream-friendly
config test.

Omitting PKGREVISION bump since it's a compile fix.

From Clement Bouvier in PR pkg/54416.

(maya)

doc: Added print/xpdf4 version 4.02

(nia)

Add print/xpdf4.

Xpdf is a viewer for Portable Document Format (PDF) files using the Qt toolkit.

Note: this version does not include the command line tools because they
conflict with poppler-utils.

(nia)

Added devel/py-test5; Updated graphics/py-Pillow

(adam)

py-Pillow: updated to 6.2.1

6.2.1:
- This is the last Pillow release to support Python 2.7
- Add support for Python 3.8

(adam)

py-test5: added version 5.2.1

pytest 5.2.1:
Bug Fixes
* Fix warnings about deprecated cmp attribute in attrs>=19.2.

pytest 5.2.0:
Deprecations
* Passing arguments to pytest.fixture() as positional arguments is deprecated - pass them as a keyword argument instead.

Features
* The scope parameter of @pytest.fixture can now be a callable that receives the fixture name and the config object as keyword-only parameters. See the docs for more information.
* New behavior of the --pastebin option: failures to connect to the pastebin server are reported, without failing the pytest run

Bug Fixes
* Fix ���lexer��� being used when uploading to bpaste.net from --pastebin to ���text���.
* Fix --setup-only and --setup-show for custom pytest items.

Trivial/Internal Changes
* The HelpFormatter uses py.io.get_terminal_width for better width detection.

pytest 5.1.3:
Bug Fixes
* Fix pypy3.6 (nightly) on windows.
* Handle --fulltrace correctly with pytest.raises.
* Windows: Fix regression with conftest whose qualified name contains uppercase characters.

pytest 5.1.2:
Bug Fixes
* Fixed self reference in function-scoped fixtures defined plugin classes: previously self would be a reference to a test class, not the plugin class.
* Fixed long standing issue where fixture scope was not respected when indirect fixtures were used during parametrization.
* Fix decoding error when printing an error response from --pastebin.
* Chained exceptions in test and collection reports are now correctly serialized, allowing plugins like pytest-xdist to display them properly.
* Windows: Fix error that occurs in certain circumstances when loading conftest.py from a working directory that has casing other than the one stored in the filesystem (e.g., c:\test instead of C:\test).

pytest 5.1.1:
Bug Fixes
* Fixed TypeError when importing pytest on Python 3.5.0 and 3.5.1.

pytest 5.1.0:
Removals
* As per our policy, the following features have been deprecated in the 4.X series and are now removed:

Request.getfuncargvalue: use Request.getfixturevalue instead.
pytest.raises and pytest.warns no longer support strings as the second argument.
message parameter of pytest.raises.
pytest.raises, pytest.warns and ParameterSet.param now use native keyword-only syntax. This might change the exception message from previous versions, but they still raise TypeError on unknown keyword arguments as before.
pytest.config global variable.
tmpdir_factory.ensuretemp method.
pytest_logwarning hook.
RemovedInPytest4Warning warning type.
request is now a reserved name for fixtures.
For more information consult Deprecations and Removals in the docs.

* Removed unused support code for unittest2.
* pytest.fail, pytest.xfail and pytest.skip no longer support bytes for the message argument.

Features
* New Config.invocation_args attribute containing the unchanged arguments passed to pytest.main().
* New NUMBER option for doctests to ignore irrelevant differences in floating-point numbers. Inspired by S辿bastien Boisg辿rault���s numtest extension for doctest.
Improvements
* JUnit XML now includes a timestamp and hostname in the testsuite tag.
* Time taken to run the test suite now includes a human-readable representation when it takes over 60 seconds, for example:

Bug Fixes
* Fix RuntimeError/StopIteration when trying to collect package with ���__init__.py��� only.
* Warnings issued during pytest_configure are explicitly not treated as errors, even if configured as such, because it otherwise completely breaks pytest.
* The XML file produced by --junitxml now correctly contain a <testsuites> root element.
* Fix issue where tmp_path and tmpdir would not remove directories containing files marked as read-only, which could lead to pytest crashing when executed a second time with the --basetemp option.
* Replace importlib_metadata backport with importlib.metadata from the standard library on Python 3.8+.
* Improve type checking for some exception-raising functions (pytest.xfail, pytest.skip, etc) so they provide better error messages when users meant to use marks (for example @pytest.xfail instead of @pytest.mark.xfail).
* Fixed internal error when test functions were patched with objects that cannot be compared for truth values against others, like numpy arrays.
* pytest.exit is now correctly handled in unittest cases. This makes unittest cases handle quit from pytest���s pdb correctly.
* Improved output when parsing an ini configuration file fails.
* Fix collection of staticmethod objects defined with functools.partial.
* Skip async generator test functions, and update the warning message to refer to async def functions.
Improved Documentation
* Add docstring for Testdir.copy_example.
Trivial/Internal Changes
* XML files of the xunit2 family are now validated against the schema by pytest���s own test suite to avoid future regressions.
* Cache node splitting function which can improve collection performance in very large test suites.
* Simplified internal SafeRepr class and removed some dead code.
* When invoking pytest���s own testsuite with PYTHONDONTWRITEBYTECODE=1, the test_xfail_handling test no longer fails.
* Replace manual handling of OSError.errno in the codebase by new OSError subclasses (PermissionError, FileNotFoundError, etc.).

pytest 5.0.1:
Bug Fixes
* Improve quoting in raises match failure message.
* Fixed using multiple short options together in the command-line (for example -vs) in Python 3.8+.
* --step-wise now handles xfail(strict=True) markers properly.
Improved Documentation
* Improve ���Declaring new hooks��� section in chapter ���Writing Plugins���

pytest 5.0.0:

Important
This release is a Python3.5+ only release.

For more details, see our Python 2.7 and 3.4 support plan.

Removals
* Pytest no longer accepts prefixes of command-line arguments, for example typing pytest --doctest-mod inplace of --doctest-modules. This was previously allowed where the ArgumentParser thought it was unambiguous, but this could be incorrect due to delayed parsing of options for plugins.

* PytestDeprecationWarning are now errors by default.

* ExceptionInfo objects (returned by pytest.raises) now have the same str representation as repr, which avoids some confusion when users use print(e) to inspect the object.

(adam)

Added textproc/py-elementpath, textproc/py-xmlschema

(adam)

py-xmlschema: added version 1.0.15

The xmlschema library is an implementation of XML Schema for Python (supports
Python 2.7 and Python 3.5+).

This library arises from the needs of a solid Python layer for processing XML
Schema based files for MaX (Materials design at the Exascale) European project.
A significant problem is the encoding and the decoding of the XML data files
produced by different simulation software. Another important requirement is the
XML data validation, in order to put the produced data under control. The lack
of a suitable alternative for Python in the schema-based decoding of XML data
has led to build this library. Obviously this library can be useful for other
cases related to XML Schema based processing, not only for the original scope.

(adam)

py-elementpath: added version 1.3.1

The proposal of this package is to provide XPath 1.0 and 2.0 selectors for
Python's ElementTree XML data structures, both for the standard ElementTree
library and for the lxml.etree library.

For lxml.etree this package can be useful for providing XPath 2.0 selectors,
because lxml.etree already has it's own implementation of XPath 1.0.

(adam)

doc: Updated security/pev to 0.80

(khorben)

Update pev to version 0.80

The new patches fix compatibility with OpenSSL 1.1.0, and attempt to fix
the build on FreeBSD, NetBSD, and OpenBSD. It does not link on NetBSD
(like the previous version, 0.70) but it does on macOS.

There was no changelog upstream.

(khorben)

doc: Updated www/ruby-loofah to 2.3.1

(taca)

www/ruby-loofah: update to 2.3.1

## 2.3.1 / 2019-10-22

### Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

## 2.3.0 / unreleased

### Features

* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

### Bug fixes

* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

### Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely removed in a future release:

* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

(taca)

doc: Updated mail/dovecot2-pigeonhole to 0.5.8

(taca)

mail/dovecot2-pigeonhole: update to 0.5.8

Update dovecot2-pigeonhole to 0.5.8.

0.5.8 2019-10-08

Changes

- Sieve may leak resources in rare cases when a redirect, vacation or
  report action fails to send the message. This mainly applies when Sieve
  is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE
  capabilities.

(taca)

doc: note update of dovecot2 and friends to 2.3.8

mail/dovecot2
mail/dovecot2-gssapi
mail/dovecot2-ldap
mail/dovecot2-mysql
mail/dovecot2-pgsql
mail/dovecot2-sqlite

(taca)

mail/dovecot2: update to 2.3.8

Update dovecot2 and friends to 2.3.8.

2.3.8 2019-10-08

Changes

+ Added mail_delivery_started and mail_delivery_finished events, see
  https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
  field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
  ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
  It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
  other mail access, dovecot.index.log keeps growing forever and
  dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
  another replica. This only happened if the mail only had keywords and no
  system flags.
- event filters: Non-textual event fields could not be filtered using
  wildcards.
- auth: Scope parameter was missing from OAuth password grant request.
- doveadm client-server communication may hang in some situations. It is
  also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
  instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
  caching decisions should be updated so that newly saved mails will have
  the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
  permission bits in some files may have become dropped with some NFS
  servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
  number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
  lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
  support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
  or returned too fast.
- In some rare situations "ps" output could have shown a lot of "?"
  characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
  Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
  the localpart of an address ended in '..'. For example
  "user+..@example.com" became ""user+.."@example.com in a
  sieve redirect.

(taca)

Updated devel/py-hypothesis, devel/py-test

(adam)

py-test: updated to 4.6.6

pytest 4.6.6:
Bug Fixes
* Fixed using multiple short options together in the command-line (for example -vs) in Python 3.8+.
* Replace importlib_metadata backport with importlib.metadata from the standard library on Python 3.8+.
* Fix ���lexer��� being used when uploading to bpaste.net from --pastebin to ���text���.
* Fix warnings about deprecated cmp attribute in attrs>=19.2.

Trivial/Internal Changes
* Fixes python version checks (detected by flake8-2020) in case python4 becomes a thing.

(adam)

py-hypothesis: updated to 4.41.3

4.41.3:
This patch is to ensure that our internals remain comprehensible to :pypi:`mypy` 0.740 - there is no user-visible change.

4.41.2:
This patch changes some internal hashes to SHA384, to better support users subject to FIPS-140. There is no user-visible API change.

4.41.1:
This release makes --hypothesis-show-statistics much more useful for tests using a :class:`~hypothesis.stateful.RuleBasedStateMachine`, by simplifying the reprs so that events are aggregated correctly.

4.41.0:
This release upgrades the :func:`~hypothesis.strategies.fixed_dictionaries` strategy to support optional keys (:issue:`1913`).

4.40.2:
This release makes some minor internal changes in support of improving the Hypothesis test suite. It should not have any user visible impact.

4.40.1:
This release changes how Hypothesis checks if a parameter to a test function is a mock object. It is unlikely to have any noticeable effect, but may result in a small performance improvement, especially for test functions where a mock object is being passed as the first argument.

4.40.0:
This release fixes a bug where our example database logic did not distinguish between failing examples based on arguments from a @pytest.mark.parametrize(...). This could in theory cause data loss if a common failure overwrote a rare one, and in practice caused occasional file-access collisions in highly concurrent workloads (e.g. during a 300-way parametrize on 16 cores).

For internal reasons this also involves bumping the minimum supported version of :pypi:`pytest` to 4.3

4.39.3:
This patch improves our type hints on the :func:`~hypothesis.strategies.emails`, :func:`~hypothesis.strategies.functions`, :func:`~hypothesis.strategies.integers`, :func:`~hypothesis.strategies.iterables`, and :func:`~hypothesis.strategies.slices` strategies, as well as the .filter() method.

There is no runtime change, but if you use :pypi:`mypy` or a similar type-checker on your tests the results will be a bit more precise.

4.39.2:
This patch improves the performance of unique collections such as :func:`~hypothesis.strategies.sets` of :func:`~hypothesis.strategies.just` or :func:`~hypothesis.strategies.booleans` strategies. They were already pretty good though, so you're unlikely to notice much!

4.39.1:
If a value in a dict passed to :func:`~hypothesis.strategies.fixed_dictionaries` is not a strategy, Hypothesis now tells you which one.

4.39.0:
This release adds the :func:`~hypothesis.extra.numpy.basic_indices` strategy, to generate basic indexes for arrays of the specified shape (:issue:`1930`).

It generates tuples containing some mix of integers, :obj:`python:slice` objects, ... (Ellipsis), and :obj:`numpy:numpy.newaxis`; which when used to index an array of the specified shape produce either a scalar or a shared-memory view of the array. Note that the index tuple may be longer or shorter than the array shape, and may produce a view with another dimensionality again!

4.38.3:
This patch defers creation of the .hypothesis directory until we have something to store in it, meaning that it will appear when Hypothesis is used rather than simply installed.

4.38.2:
This patch bumps our dependency on :pypi:`attrs` to >=19.2.0; but there are no user-visible changes to Hypothesis.

4.38.1:
This is a comment-only patch which tells :pypi:`mypy` 0.730 to ignore some internal compatibility shims we use to support older Pythons.

4.38.0:
This release adds the :func:`hypothesis.target` function, which implements experimental support for :ref:`targeted property-based testing <targeted-search>` (:issue:`1779`).

By calling :func:`~hypothesis.target` in your test function, Hypothesis can do a hill-climbing search for bugs. If you can calculate a suitable metric such as the load factor or length of a queue, this can help you find bugs with inputs that are highly improbably from unguided generation - however good our heuristics, example diversity, and deduplication logic might be. After all, those features are at work in targeted PBT too!

4.37.0:
This release emits a warning if you use the .example() method of a strategy in a non-interactive context.

:func:`~hypothesis.given` is a much better choice for writing tests, whether you care about performance, minimal examples, reproducing failures, or even just the variety of inputs that will be tested!

4.36.2:
This patch disables part of the :mod:`typing`-based inference for the :pypi:`attrs` package under Python 3.5.0, which has some incompatible internal details (:issue:`2095`).

4.36.1:
This patch fixes a bug in strategy inference for :pypi:`attrs` classes where Hypothesis would fail to infer a strategy for attributes of a generic type such as Union[int, str] or List[bool] (:issue:`2091`).

4.36.0:
This patch deprecates min_len or max_len of 0 in :func:`~hypothesis.extra.numpy.byte_string_dtypes` and :func:`~hypothesis.extra.numpy.unicode_string_dtypes`. The lower limit is now 1.

Numpy uses a length of 0 in these dtypes to indicate an undetermined size, chosen from the data at array creation. However, as the :func:`~hypothesis.extra.numpy.arrays` strategy creates arrays before filling them, strings were truncated to 1 byte.

4.35.1:
This patch improves the messaging that comes from invalid size arguments to collection strategies such as :func:`~hypothesis.strategies.lists`.

4.35.0:
This release improves the :func:`~hypothesis.extra.lark.from_lark` strategy, tightening argument validation and adding the explicit argument to allow use with terminals that use @declare instead of a string or regular expression.

This feature is required to handle features such as indent and dedent tokens in Python code, which can be generated with the :pypi:`hypothesmith` package.

4.34.0:
The :func:`~hypothesis.strategies.from_type` strategy now knows to look up the subclasses of abstract types, which cannot be instantiated directly.

This is very useful for :pypi:`hypothesmith` to support :pypi:`libCST`.

(adam)

Fix build error, c++ not found

(ryoon)

Pullup tickets #6072 and #6073

(bsiegert)

Pullup ticket #6073 - requested by ast
www/nostromo: security fix

Revisions pulled up:
- www/nostromo/Makefile                                        1.3
- www/nostromo/PLIST                                            1.2
- www/nostromo/distinfo                                        1.2
- www/nostromo/patches/patch-http_header_comp                  1.1
- www/nostromo/patches/patch-strcutl                            1.1

---
  Module Name:    pkgsrc
  Committed By:  ast
  Date:          Sun Oct 20 20:02:14 UTC 2019

  Modified Files:
          pkgsrc/www/nostromo: Makefile PLIST distinfo
  Added Files:
          pkgsrc/www/nostromo/patches: patch-http_header_comp patch-strcutl

  Log Message:
  www/nostromo: fixes for CVE-2019-16278 and CVE-2019-16279

(bsiegert)

Pullup ticket #6072 - requested by nia
textproc/aspell: security fix

Revisions pulled up:
- textproc/aspell/Makefile                                      1.74
- textproc/aspell/PLIST                                        1.18
- textproc/aspell/distinfo                                      1.31
- textproc/aspell/options.mk                                    deleted

---
  Module Name: pkgsrc
  Committed By: nia
  Date: Sat Oct 19 10:43:28 UTC 2019

  Modified Files:
  pkgsrc/textproc/aspell: Makefile PLIST distinfo
  Removed Files:
  pkgsrc/textproc/aspell: options.mk

  Log Message:
  aspell: Update to 0.68.8

  Please note that this version has the potential to break some applications
  that use null-terminated UCS-2 and UCS-4 encoded strings in order to fix a
  potentially unbounded buffer over-read.  Very few applications do this
  however.  For additional information please see "Upgrading from Aspell 0.60.7"
  in the manual.
  (http://aspell.net/man-html/Upgrading-from-Aspell-0_002e60_002e7.html)

  Major changes from 0.60.7 to 0.68.8:

      * Prevent a potentially unbounded buffer over-read by no longer
        supporting null-terminated UCS-2 and UCS-4 encoded strings with the
        original C API.

      * Ensure that possible typos are listed before other suggestions when
        typo analysis is used.  Also fix a bug so that suggestions that
        split a word using a space or hyphen are not always first.

      * Add Markdown filter.

      * Add new 'wordlists' option, which is a list of UTF-8 files that
        contain additional words to accept.

      * Add new 'camel-case' option, which enables support for checking
        camelCase words.

      * Sort personal and replacement dictionaries.

      * Change 'ultra' suggestion mode to only find words that are within
        one-edit distance or have the same soundslike.

  Other changes from 0.60.7:

      * Implement the 'aspell filter' command.
      * Fix a bug in 'AspellDocumentChecker' that prevented it from working
        with UCS-2 and UCS-4 encoded strings.
      * Remove unused 'sug-edit-dist' option.
      * 'AspellDocumentChecker' now expects the document a line at a time
        in order to work with the new Markdown filter.  If the document is
        split on white space characters instead, nothing will break, but
        new filters such as the Markdown filter may give incorrect results.
      * The 'clean' option and command will no longer split a word.
      * Various documentation improvements.
      * Removal of several outdated appendices that don't really belong in
        the main manual.  Parts that are still relevent may eventually be
        moved elsewhere, but for now they are available online at
        <http://aspell.net/0.60.7/man-html/>.
      * Fix various crashes and other problems found by Google's OSS-Fuzz.

(bsiegert)

Add www/nsm version 1.15

Nifty Site Manager ("nsm") is a cross-platform framework for managing
and generating websites. Some of its features are:
- it can manage and generate static and dynamic websites.
- it has support for pre/post build/serve scripts to integrate with
  cURL, databases, SASS, Grunt, GraphQL, Python Web Server, Live
  Server/Reload, and more.
- there is multithreading support
- it is language agnostic, you can use any language you want
  (markdown, LATEX, html, xml, css, javascript, php, MySQL, etc)
- it integrates flawlessly with various Javascript and PHP frameworks
- it integrates with Git to clone from and push to various platforms
  including AWS, BitBucket, GitHub, GitLab, Netlify, surge.sh, ZEIT Now, etc
- it has a templating system

(ng0)

doc: Updated audio/fasttracker2 to 1.01

(fox)

audio/fasttracker2: Update to v1.01

Changes since v1.00:

v1.01 - 21.10.2019:
- Windows: Fixed an issue where the program would consume a lot of CPU time
  when the window was minimized.

(fox)

doc: Updated www/php-apcu to 5.1.17

(taca)

www/php-apcu: update to 5.1.17

Update php-apcu to 5.1.17.

5.1.17

- Fixed compatibility with PHP 7.4 and PHP 8.0.

(taca)

doc: Updated devel/php-xdebug to 2.7.2

(taca)

devel/php-xdebug: update to 2.7.2

Update php-xdebug to 2.7.2.

2.7.1 (2019-04-05)

= Fixed bugs:

- Fixed issue #1646: Missing newline in error message
- Fixed issue #1647: Memory corruption when a conditional breakpoint is used
- Fixed issue #1641: Perfomance degradation with getpid syscall (Kees
  Hoekzema)

2.7.2 (2019-05-06)

= Fixed bugs:

- Fixed issue #1488: Rewrite DBGp 'property_set' to always use eval
- Fixed issue #1586: error_reporting()'s return value is incorrect during
  debugger's 'eval' command
- Fixed issue #1615: Turn off Zend OPcache when remote debugger is turned on
- Fixed issue #1656: remote_connect_back alters header if multiple values
  are present
- Fixed issue #1662: __debugInfo should not be used for user-defined classes

(taca)

doc: Updated mail/pear-Mail_Mime to 1.10.4

(taca)

mail/pear-Mail_Mime: update to 1.10.4

Update pear-Mail_Mime to 1.10.4.

1.10.4 2019-10-13

* Fix E_STRICT errors introduced in the previous release [alec]

1.10.3 2019-09-25

* Fix deprecation warning for get_magic_quotes_runtime() use on PHP 7.4

(taca)

doc: Updated lang/pear to 1.10.9nb1

(taca)

doc: Updated archivers/ruby-archive-tar-minitar to 0.8

(taca)

lang/pear: update Archive_Tar to 1.4.8

Update pear Archive_Tar included in this package to 1.4.8

Bump PKGREVISION.

Archive_Tar 1.4.8 (2019-10-21 09:34 UTC)

Changelog:

* Fix Bug #23852: PHP 7.4 - Archive_Tar->_readHeader throws deprecation
  [mrook]

(taca)

archivers/ruby-archive-tar-minitar: update to 0.8

Update ruby-archive-tar-minitar to 0.8.

Now this package is left for compatibility and it using ruby-minitar and
ruby-minitar-cli.

(taca)

doc: Updated archivers/ruby-minitar-cli to 0.8

(taca)

archivers/ruby-minitar-cli: update to 0.8

Update ruby-minitar-cli to 0.8.

## 0.8 / 2019-01-05

*  Updated for compatibility with minitar 0.8

## 0.7 / 2018-02-19

*  Updated for compatibility with minitar 0.7

(taca)

doc: Updated archivers/ruby-minitar to 0.9

(taca)

archivers/ruby-minitar: update to 0.9

Update archivers/ruby-minitar to 0.9.

## 0.9 / 2019-09-04

*  jtappa added the ability to skip fsync with a new option to Minitar.unpack
    and Minitar::Input#extract_entry. Provide `:fsync => false` as the last
    parameter to enable. Merged from a modified version of PR [#37][].

## 0.8 / 2019-01-05

*  inkstak resolved an issue introduced in the fix for [#31][] by allowing
    spaces to be considered valid characters in strict octal handling. Octal
    conversion ignores leading spaces. Merged from a slightly modified version
    of PR [#35][].

*  dearblue contributed PR [#32][] providing an explicit call to #bytesize for
    strings that include multibyte characters. The PR has been modified to be
    compatible with older versions of Ruby and extend tests.

*  Akinori MUSHA (knu) contributed PR [#36][] that treats certain badly
    encoded regular files (with names ending in `/`) as if they were
    directories on decode.

## 0.7 / 2018-02-19

*  Fixed issue [#28][] with a modified version of PR [#29][] covering the
    security policy and position for Minitar. Thanks so much to ooooooo\_q for
    the report and an initial patch. Additional information was added as
    [#30][].

*  dearblue contributed PR [#33][] providing a fix for Minitar::Reader when
    the IO-like object does not have a `#pos` method.

*  Kevin McDermott contributed PR [#34][] so that an InvalidTarStream is
    raised if the tar header is not valid, preventing incorrect streaming of
    files from a non-tarfile. This is a minor breaking change, so the version
    has been bumped accordingly.

*  Kazuyoshi Kato contributed PR [#26][] providing support for the GNU tar
    long filename extension.

*  Addressed a potential DOS with negative size fields in tar headers
    ([#31][]). This has been handled in two ways: the size field in a tar
    header is interpreted as a strict octal value and the Minitar reader will
    raise an InvalidTarStream if the size ends up being negative anyway.

(taca)

Updated textproc/py-pybtex, textproc/py-pybtex-docutils, textproc/py-sphinxcontrib-bibtex, devel/py-flake8-docstrings

(adam)

py-flake8-docstrings: updated to 1.5.0

1.5.0

- Add --ignore-decorators option which allows functions with a specific
  decorator to ignore error codes.

1.4.0

- Add --docstring-convention option which allows selection of conventions
  besides the default pep257.  Available options are based on those
  available from pydocstyle and are currently pep257, google, and
  numpy.  flake8-docstrings also adds a special all docstring
  convention which will enable all rules from pydocstyle.  Note that
  pydocstyle defines some conflicting rules so you'll want to use
  ignore / extend-ignore when selecting docstring-convention = all

- Bump minimum flake8 version to 3

- Fix proper handling of stdin via --stdin-display-name

(adam)

py-sphinxcontrib-bibtex: updated to 1.0.0

1.0.0:
* Drop Python 2.7 and 3.4 support (as upstream sphinx has dropped
  support for these as well).
* Add Python 3.8 support (contributed by hroncok).
* Update for Sphinx 2.x, and drop Sphinx 1.x support (as there is too
  much difference between the two versions).
* Non-bibtex citations will now no longer issue warnings
* Switch to codecov for coverage reporting.

(adam)

py-pybtex-docutils: updated to 0.2.2

0.2.2:
* Drop Python 3.3 support.
* New footnote and footnote_reference methods for docutils footnote
  support.

(adam)

py-pybtex: updated to 0.22.2

Version 0.22.2
- Fixed compatibility with Python 2 and older versions of Python 3.

Version 0.22.1
- Fixed non-working ``--backend`` option with ``pybtex -l python``.

(adam)

Updated devel/p5-Log-Any-Adapter-Screen to 0.140
Updated devel/p5-Log-Dispatchouli to 2.019
Updated devel/p5-Log-Report to 1.28

(mef)

(devel/p5-Log-Report) Updated 1.27 to 1.28
* pkgsrc *
  - Converted BUILD_DEPENDS to TEST_DEPENDS, but two left at BUILD_DEPENDS,
    for TEST_DEPENDS are not enough. They are asked for source expanded at
    test time.

* upstream ChangeLog *
version 1.28:
        Fixes:
        - Dancer2 version 0.166001 is too old as well. [cpantesters]
        - call to wasFatal($class)/reportFatal($class) without exception
          autovivified an 'undef' in the exception list. [Andrew Beverley]
        - fatal exception not always the last in try() block.

(mef)

doc: Updated net/youtube-dl to 20191022

(leot)

youtube-dl: Update to 20191022

Changes:
version 2019.10.22

Core
* [utils] Improve subtitles_filename (#22753)

Extractors
* [facebook] Bypass download rate limits (#21018)
+ [contv] Add support for contv.com
- [viewster] Remove extractor
* [xfileshare] Improve extractor (#17032, #17906, #18237, #18239)
    * Update the list of domains
    + Add support for aa-encoded video data
    * Improve jwplayer format extraction
    + Add support for Clappr sources
* [mangomolo] Fix video format extraction and add support for player URLs
* [audioboom] Improve metadata extraction
* [twitch] Update VOD URL matching (#22395, #22727)
- [mit] Remove support for video.mit.edu (#22403)
- [servingsys] Remove extractor (#22639)
* [dumpert] Fix extraction (#22428, #22564)
* [atresplayer] Fix extraction (#16277, #16716)

(leot)

(devel/p5-Log-Dispatchouli) Updated 2.017 to 2.019

2.019    2019-07-27 16:13:30-04:00 America/New_York
        - fix an initialization ordering bug for loggers using stdio

2.018    2019-07-26 18:36:56-04:00 America/New_York
        - add enable_stdout and enable_stderr to, uh, enable stdout and enable
          stderr (after initial construction)

(mef)

(devel/p5-Log-Any-Adapter-Screen) Updated 0.13 to 0.140

0.140  2018-12-22 (PERLANCAR)
        - Observe NO_COLOR.

(mef)

doc: Updated mail/wl-snapshot to 2.15.9.20190919

(mef)

(mail/wl-snapshot) Updated 0.20190623 to 0.20190919

2019-08-12  Kazuhiro Ito  <kzhr@d1.dion.ne.jp>

        * doc/wl.texi (Selecting Folder, Sticky Summary): Update key
        bindings.

        * doc/wl-ja.texi (Selecting Folder, Sticky Summary): Likewise.

(mef)

(correction) Updated devel/p5-IPC-Cmd

(mef)

Updated devel/p5-IPC-Cmd

(mef)

(devel/p5-IPC-Cmd) Updated 1.02 to 1.04

1.04 Sat Jul 13 10:08:08 BST 2019
  Bug fixes:
  - Fixed usage of setsid()

(mef)

Use gnu++11 to fix undefined reference to allocate, from joerg

(jmcneill)

mono6: add the missing bits for netbsd/aarch64 support.

unfortunately, mono-sgen crashes a lot, most likely due to pmap bugs.
it takes many retries to get further in the build.

(maya)

Updated www/emacs-w3m-snapshot to 1.4.632.20190920.1116

(mef)

(www/emacs-w3m-snapshot) Updated from 1.4.625+0.20180518 to 1.4.632+0.20190920.1116

(upstream)
  ChangeLog has too many lines, sorry to omit
(pkgsrc)
  - Some VARIABLES introduced to ease further version update
  - following two patches dropped
    (patch-w3mhack.el)
      Compile mew-shimbun.el and mew-w3m.el when
      emacs-w3m-mew option is set.
    (patch-aclocal.m4)
      Don't quote ${EGREP}, it may be set to "grep -E".
  - (pkglint) LOCALBASE -> PREFIX

(mef)

doc: Updated multimedia/mate-media to 1.22.2

(gutteridge)

mate-media: update to 1.22.2

Change log:

### mate-media 1.22.2

  * Translations update
  * applet: Update default output
  * gvc applet: add missing translations (i18n)
  * Add scroll interface tabs with mouse wheel
  * configure.ac: fix typos in var names, portability fixes, etc.

(gutteridge)

add ALTERNATIVES

(adam)

py-cookiecutter: fix

- switch to PYPI
- enable testing
- get rid of sphinx (building docs does not work)
- use alternatives

(adam)

Fix sphinx-build binary name

(adam)

Switch sphinx to versioned deps.

(adam)

Restore NetBSD patches.

Set correct link address for NetBSD/aarch64.
Add a dummy option for an aarch64 erratum for gcc compatibility.

(rjs)

Switch sphinx to versioned deps.

(adam)

Switch sphinx to versioned deps.

(adam)