boost: updated to 1.77.0

1.77.0

New Libraries
Describe:
A C++14 reflection library, from Peter Dimov. Provides macros for describing enumerators and struct/class members, and primitives for querying this information.
Lambda2:
A C++14, dependency-free, single header lambda library, from Peter Dimov. Allows simple function objects to be constructed via expressions such as _1 + 5, _1 % 2 == 0, _1 > _2, or _1 == ' ' || _1 == '\t'.
Updated Libraries
Any:
Added boost::anys::basic_any - a data type with customizable Small Object Optimization whose instances can hold instances of any type that satisfies ValueType requirements (many thanks to Ruslan Arutyunyan @rarutyun). If you are not sure that you really need it, then use boost::any instead.
Started using GithubActions CI for additional testing
Asio:
Added support for cancellation of individual asynchronous operations.
Added the associator trait, used to generically forward associators.
Changed all asynchronous operations implemented in Asio to invoke their completion handlers as rvalue references.
Added support for asynchronous operations with multiple completion signatures.
Added operator&& and operator|| for awaitable<>, to allow coroutines to be trivially awaited in parallel.
Added the experimental::as_tuple completion token adapter.
Added the experimental::append completion token adapter.
Added the experimental::prepend completion token adapter.
Added the experimental::deferred completion token, whicih allows deferred execution of asynchronous operations.
Added the experimental::parallel_group class and experimental::make_parallel_group function.
Added experimental::promise, which allows eager execution and synchronisation of asynchronous operations.
Added the experimental::coro class template, a C++20 coroutine primitive with the ability to combine both asynchronous waiting (co_await) and yielding (co_yield).
Added move assignment to ssl::stream<>.
Changed co_spawn to dispatch the coroutine's initial step to the executor.
Enabled additional optimisations for any_executor and any_io_executor when used with asynchronous operations.
Added the nodiscard attribute to awaitable<>.
Increased the number of cached slots in the default recycling allocator.
Changed the default allocator behaviour to respect alignment requirements, to support over-aligned types.
Ensured the result strings are always initialised in reverse name resolution.
Fixed recursive template instantiation issues in use_awaitable_t::executor_with_default.
Fixed the any_io_executor equality operators to correctly return a result based on the target executor.
Fixed strand<> to avoid using a potentially moved-from executor.
Ensured gcc tests are not used for clang when detecting compiler features.
Disabled coroutines support for the clang shipped with MSVC.
Fixed compatibility with recent LibreSSL when OPENSSL_NO_SSL_INTERN is defined.
Fixed posix::basic_stream_descriptor move operations to work with non-defaulted executors.
Consult the Revision History for further details.
Atomic:
Added make_atomic_ref and make_ipc_atomic_ref factory functions for constructing atomic reference objects.
Added C++17 template argument deduction guides for atomic_ref and ipc_atomic_ref to allow omitting template arguments when they can be deduced from constructor arguments.
Beast:
This maintenance update brings minor bug fixes and updated CI reporting.
We'd love to know how you or your company use Beast, consider adding an entry to the Companies and Individuals Using Beast list.
See the full Release Notes for a complete list of changes.
Conversion:
boost::implicit_cast is now constexpr.
Fixed broken links.
Started using GithubActions CI for additional testing
Core:
boost/core/uncaught_exceptions.hpp has been modified for compatibility with Mac OS 10.4 and older.
DLL:
More runtime checks for malformed ELFs in boost::dll::library_info
In boost::dll::library_info use info from .dynsym ELF section if .symtab is empty or missing
List protected ELF symbols in boost::dll::library_info as they are available for import
Remove unneeded convert from wchar_t to char on POSIX environment, thanks to Vladislav Shchapov
Started using GithubAction CI for additional testing
Filesystem:
Introducing Boost.Filesystem v4. This new version of the library removes all deprecated features of v3 and also makes a number of breaking API changes intended to make Boost.Filesystem more compatible with std::filesystem introduced in C++17. The differences are described in the release notes and documentation using v3 and v4 tags and are also summarised in a separate section. Users can select Boost.Filesystem version by defining BOOST_FILESYSTEM_VERSION macro to either 3 or 4 when compiling their code. There is no need to separately compile Boost.Filesystem for each library version - a single binary supports both v3 and v4. Users should avoid using both v3 and v4 in the same application as this can lead to subtle bugs. Currently, v3 is the default. In a future release v4 will become the default, and eventually v3 will be removed. v4 is functional, but it is still a work in progress and there may be breaking API changes in the future.
v4: path::filename, path::stem and path::extension no longer consider root name or root directory of the path as a filename if the path only consists of those components. For example, on Windows path("C:").filename() used to return "C:" and path("C:\\").filename() used to return "\" and both will return an empty path now.
v4: path::stem and path::extension no longer treat a filename that starts with a dot and has no other dots as an extension. Filenames starting with a dot are commonly treated as filenames with an empty extension. The leading dot is used to indicate a hidden file on most UNIX-like systems.
New: Improved support for various path prefixes on Windows. Added support for local device prefix ("\\.\") and experimental support for NT path prefix ("\??\"). The prefixes will be included in the root name of a path. Note that using the prefixes with Boost.Filesystem v3 can lead to surprising results (e.g. path("\\\\.\\").stem() == "\\\\"). It is recommended to use the prefixes only with Boost.Filesystem v4.
Reworked path::lexically_normal implementation to eliminate some cases of duplicate dot (".") elements in the normalized paths.
New: Added runtime detection of the statx and getrandom system calls on Linux. This can be useful if the syscall is present at compile time but fails with ENOSYS at run time (for example, in Docker containers that restrict the syscall, even if available on the host).
New: Added support for disabling usage of various system APIs at library build time. This can be useful when a certain API is detected as present by the library configuration scripts but must not be used for some reason (for example, when runtime detection does not work on the target system). See the description of configuration macros in the library documentationfor for more details.
New: Added copy_options::synchronize_data and copy_options::synchronize options for the copy_file operation. These options allow to synchronize the written data and attributes with the permanent storage. These options are expensive in terms of performance, but allow to ensure reliability of the copied data. Note that copy_file performed implicit data synchronization on POSIX systems since Boost.Filesystem 1.74.0. This release adds support for more platforms and disables data synchronization by default while allowing the caller to explicitly request it.
Added handling of EINTR error code on POSIX systems for some system calls issued internally. In particular, EINTR could have been ignored on close, which on HP-UX would result in a leaked file descriptor.
In the copy_file implementations based on Linux sendfile and copy_file_range system calls, added handling of error codes indicating that a particular filesystem does not support the system call and fall back to the generic read/write loop. This should fix copy_file failing on eCryptFS and possibly other filesystems.
The copy_file_range system call is now used since Linux kernel 4.5, whereas previously it was only enabled since 5.3. The copy_file implementation will fall back to sendfile or read/write loop if copy_file_range fails to copy a given file across filesystems.
The copy_file implementations based on Linux sendfile and copy_file_range system calls will not be used on filesystems that are known to contain files with generated content. These system calls are incompatible with such files, and copying them would result in zero-sized files. The generic read/write loop will be used instead. Currently, the blacklisted filesystems are: procfs, sysfs, tracefs and debugfs.
In the copy_file implementation based on read/write loop, increased the maximum size of the buffer used for temporary storage and take into account the target filesystem block size for more optimal performance.
On Windows CE, calling current_path to obtain the current path for a process will now fail with an error instead of returning successfully with a root path. This platform does not support current directory. Changing the current path was already failing similarly in previous releases of Boost.Filesystem.
In canonical, fixed the check for a symlink referencing a directory above root, if an earlier symlink was resolved to an absolute path with a different root from the original path.
In canonical, added a limit for the maximum number of symlinks that can be resolved during the call. The limit is currently at least 40 symlinks.
On Windows, canonical and weakly_canonical will now use path::preferred_separator for the root directory separator in the resulting paths. This fixes "file not found" errors caused by Windows API not handling generic separators in UNC paths and paths that start with the Win32 filesystem prefix ("\\?\").
New: Added weakly_canonical overloads taking base path as an argument.
On Windows, weakly_canonical no longer fails with an error if the input path contains elements that do not exist in the filesystem but are cancelled by a subsequent dot-dot ("..") element. For example, weakly_canonical("C:\\a\\..") would previously fail if "C:\a" directory did not exist.
In read_symlink on Windows, corrected reparse point handling. The operation would return an empty path for some mount points (for example, created by Box cloud storage driver) and directory junction points that had empty print names. The new implementation now parses substitute name of the reparse point and attempts to reconstruct a Win32 path from it.
On Windows, file streams provided in boost/filesystem/fstream.hpp will use wide character paths on libc++ versions 7.0 and higher, when the standard library supports opening files with wide character paths.
On Windows, creating symlinks should no longer require elevated privileges, if Windows is configured in Developer mode.
With some compilers, global objects used internally in Boost.Filesystem are now destroyed after user's global destructors are called. This allows to call Boost.Filesystem methods during the program termination stage. In particular, this concerns the path locale that is used for character code conversion and can be installed by calling path::imbue. The supported compilers include MSVC, GCC and Clang, as well as other compilers that support customizing program initialization order through #pragma section (for MSVC-compatible compilers) or __attribute__ ((init_priority)) (for GCC-compatible compilers).
JSON:
value_to supports TupleLike types.
value_to and value_from support std::array and similar types.
Implicit conversion operator from string to std::string_view.
std::hash specializations for json types.
Fixed allocation errors in object and key_value_pair.
Fixed crash when constructing array from a pair of iterators that form an empty range.
LexicalCast:
Fixed assignment to an int of a floating point value that is out of representable range for int.
Started using GithubActions CI for additional testing
Log:
Fixed compilation for riscv32 target.
Mp11:
Added mp_intersperse, mp_split, mp_join
Multi-index Containers:
Maintenance work.
PFR:
A MurMur Hash based implementation of hash_combine() is now used to reduce collisions count and improve quality of boost::pfr::hash_value()
Visual Studio 2017 now supported in C++14 mode (thanks to Denis Mikhailov aka @denzor200)
Issues found by inspect tool were fixed
Fixed some warnings, including removal of extra semicolons in include/boost/pfr/detail/fields_count.hpp
Added a compile time assert for inherited types (thanks to Denis Mikhailov aka @denzor200)
Reflection of aggregates with non movable fields is now possible if guaranteed copy elision is on
Fixed spelling issues
Started using GithubActions CI for additional testing
PropertyTree:
This is a maintenance release.
Extend compiler coverage in CI.
Fix Boost compatibility for CMakeLists.txt.
System:
The conversion operator from error_category to std::error_category has been improved and no longer requires <map> or <mutex>.
The comparison operators of error_category are now inline friends instead of member functions (a side effect of the previous change.)
error_condition now defers calling generic_category() to avoid instantiating the object until it's actually needed.
error_condition::failed and error_condition::message have been undeprecated, and operator bool() now once again returns failed().
The system category now doesn't call generic_category(), to avoid instantiating the object.
The return value of default_error_condition changes in some cases into an error_condition from the generic category, instead of from the system category. This happens on POSIX when the input error_code is from the system category and does not correspond to any errc_t value.
The interoperability of error_code and std::error_code has been improved substantially. It is now possible to construct boost::system::error_code from std::error_code, and it's possible to pass boost::system::error_code to functions taking std::error_code&.
A stream insertion operator for error_condition has been added.
Uuid:
Added to_chars for writing uuid strings without allocating

(adam)

Updated www/nghttp2, graphics/leptonica

(adam)

leptonica: updated to 1.82.0

1.82.0
* Fix issue-585: reading tiff rgb with tiffbpl = 1.5 * packedbpl.
* Fix issue-586: failure to properly wrap tiff-g4 in pdf without
  transcoding.  The fix is to do transcoding for tiff-g4, as was
  done before April 2021.

(adam)

nghttp2: updated to 1.45.1

Nghttp2 v1.45.1

build

This release fixes packaging issues which lack some configuration files in tar archives.

Nghttp2 v1.45.0

lib

Stricter checks for :method: and :path pseudo header fields are introduced.

build

nghttp2 applications can be compiled with OpenSSL v3.0.0.

Fix warning about systemd when cmake is used.

Added build options to enable HTTP/3 and eBPF.

nghttpx

The experimental HTTP/3 support has been added.

���dnf��� (= ���do not forward���) parameter is added to backend option.

h2load

The experimental HTTP/3 support has been added.

SSLKEYLOGFILE environment variable support has been added.

(adam)

Updated security/py-cryptodome, devel/py-cachelib

(adam)

py-cachelib: updated to 0.3.0

Version 0.3.0
-------------
-  Optimize ``FileSystemCache`` pruning.
-  Fix a bug in ``FileSystemCache`` where entries would not be removed
    when the total was over the threshold, and the entry count would be
    lost.
-  ``FileSystemCache`` logs system-related exceptions.
-  Removal of expired entries in ``FileSystemCache`` is only triggered
    if the number of entries is over the ``threshhold`` when calling
    ``set``. ``get`` ``has`` still return ``None`` and ``False``
    respectively for expired entries, but will not remove the files. All
    removals happen at pruning time or explicitly with ``clear`` and
    ``delete``.

(adam)

py-cryptodome: updated to 3.10.4

3.10.4 (25 September 2021)

Resolved issues

Output of Crypto.Util.number.long_to_bytes() was not always a multiple of blocksize.

3.10.3 (22 September 2021)

Resolved issues

Fixed symbol conflict between different versions of libgmp.
Improved robustness of PKCS#1v1.5 decryption against timing attacks.
Fixed segmentation faults on Apple M1 and other Aarch64 SoCs, when the GMP library add accessed via ctypes. Do not use GMP's own sscanf and snprintf routines: instead, use simpler conversion routines.
Workaround for cffi calling ctypes.util.find_library(), which invokes gcc and ld on Linux, considerably slowing down all imports. On certain configurations, that may also leave temporary files behind.
Fix RSAES-OAEP, as it didn't always fail when zero padding was incorrect.

New features

Added support for SHA-3 hash functions to HMAC.

(adam)

Updated devel/py-more-itertools, www/py-urllib3, misc/py-tqdm, comms/py-rich

(adam)

py-rich: updated to 10.11.0

10.11.0
Added suppress parameter to tracebacks
Added max_frames parameter to tracebacks

(adam)

py-tqdm: updatedd to 4.62.3

tqdm v4.62.3 stable

fix minor typo
minor example fix
misc tidying & refactoring
misc build/dev framework updates
  update dependencies
  update linters
  update docs deployment branches
misc test/ci updates

(adam)

py-urllib3: updated to 1.26.7

1.26.7
------
* Fixed a bug with HTTPS hostname verification involving IP addresses and lack
  of SNI.
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname
  matching.

(adam)

py-more-itertools: updated to 8.10.0

8.10.0
------

* Changes to existing functions
    * The type stub for :func:`iter_except` was improved (thanks to  MarcinKonowalczyk)

* Other changes:
    *  Type stubs now ship with the source release (thanks to saaketp)
    *  The Sphinx docs were improved (thanks to MarcinKonowalczyk)

(adam)

Updated devel/memcached, devel/meson, devel/pango, misc/py-platformdirs

(adam)

py-platformdirs: updated to 2.4.0

2.4.0:
Add user_documents_dir

(adam)

pango: updated to 1.48.10

Overview of changes in 1.48.10
==============================
* Fix a crash in strikethrough drawing
* pango-view: Support antialiasing freetype
* pango-view: Use GraphicsMagick

(adam)

meson: updated to 0.59.2

0.59.2:
Bug fixes

(adam)

memcached: updated to 1.6.12

Memcached 1.6.12
Fixes a missing file from the 1.6.11 release.

Memcached 1.6.11
Bugfixes, potential performance improvements, improvements to logging. Includes some upstreamed changes for an upcoming feature.

(adam)

Updated devel/py-xdis, net/rabbitmq

(adam)

rabbitmq: updated to 3.9.7

3.9.7:
All Components

All bytecode is now compiled using the +deterministic compiler flag. This should eliminate the capture of some irrelevant build environment attributes in produced artifacts, improve consistency between builds, and reduce the file level diff between release artifacts.
Core Server

Enhancements

Classic queue shutdown now uses a much higher timeout (up to 10 minutes instead of 30 seconds).

In environments with many queues (especially mirrored queues) and many consumers this means that the chance of queue indices rebuilding after node restart is now substantially lower.
Prometheus Plugin

Enhancements

More configurability for metrics exposed via the Prometheus endpoint.
Shovel Plugin

Bug Fixes

Shovel URIs could be logged with credentials in some scenarios.

3.9.6:
Core Server

Bug Fixes

TLS information delivered in Proxy protocol header is now attached to connection metrics as if it was provided by a non-proxying client.
max_message_size had a one-off error in the validator.
mirroring_sync_batch_size was incorrectly validated as if it represented batch size in bytes. It represents batch size in number of messages, so the new default hard cap is now 1M (a very high number that's impractical)
Stream Plugin

Bug Fixes

Offset parameters were not stored correctly in some cases.
Partitions list order is now stable.
When stream clients close connections abruptly, publisher and consumer metrics get cleaned up correctly.
Management Plugin

Enhancements

Stream publishers are now listed on the individual stream page.
Counters have been added to the tiles of several sections on detail pages.

3.9.5:
Core Server

Bug Fixes

Virtual host metadata (description, tags) was not imported from definitions.
Reduced unnecessary debug logging from streams.
AWS Peer Discovery Plugin

Enhancements

AWS API calls are now retried multiple times.

Contributed by AWS.
Management Plugin

Enhancements

PUT /api/vhosts/{name} now can update metadata (tags and descriptions) for existing virtual hosts.

3.9.4:
Core Server

Enhancements

New Prometheus metrics for alarms
Nodes will now use four more environment variables, if set: RABBITMQ_DEFAULT_USER (overrides default_user in rabbitmq.conf), RABBITMQ_DEFAULT_PASS (overrides default_pass), RABBITMQ_DEFAULT_VHOST (overrides default_vhost) and RABBITMQ_ERLANG_COOKIE (sets shared authentication secret value). These variables are not recommended to be used in production but can be the only realistic option in some environment, such as service containers, ECS, and so on. Most users should continue using rabbitmq.conf and a securely generated local cookie file.
Definitions now can be imported from different sources, including those provided by plugins. Original local filesystem source is still supported in a backwards-compatible way.

3.9.3:
Core Server

Bug Fixes

Queues that had messages with per-message TTL in them could fail to recover their indices after a restart.
JSON logging could fail with an exception when a logged event included epoch-based timestamp value.
JSON logging now uses integers (as opposed to floats) to represent epoch-based timestamps

Enhancements

RabbitMQ application no longer reports the stopping event to systemd. This was counterproductive when the application was stopped but the runtime (Erlang VM) was kept running, e.g. via rabbitmqctl stop_app or by the pause minority partition handling strategy.

Now systemd service monitoring will recognize a node as stopped only when the runtime is stopped, which is usually the behavior operators expect.

3.9.2:
CLI Tools

Bug Fixes

rabbitmq-upgrade drain and rabbitmq-upgrade revive now log warning and info level instead of alert.
Shovel Plugin

Bug Fixes

Multiple Shovels could be started in some cases involving node restarts of failures.
Federation Plugin

Bug Fixes

Multiple Federation links could be started in some cases involving node restarts of failures.

3.9.1:
Core Server

Bug Fixes

Clients that used global QoS prefetch (deprecated as of 3.9.0) ran into an exception when acknowledging deliveries.
Improved resiliency of stream coordinator in certain conditions.
Nodes failed to start when hostname contained non-ASCII (broader Unicode) characters.

CLI Tools

Bug Fixes

rabbitmq-diagnostics stream_status fails with an exception when the --tracking option was used.
rabbitmq-diagnostics stream_status used an outdated documentation guide link.
RabbitMQ Erlang Client

Bug Fixes

New releases of the client are again published to Hex.pm.
connection_timeout was adjusted to avoid a confusing warning.
Corrected a typo in direct connection net tick time adjustment.

3.9.0:
Streams
Erlang 24 Support
Kubernetes
Logging in JSON

(adam)

py-xdis: updated to 5.0.13

5.0.13 2021-09-24
=================

Added knowledge of Python versions 3.6.15 and 3.7.12.

However the main motivation was to impove packaging to handle administration
of the 3 different branches or dialects of Python 2.4-2.7, 3.1-3.2, 3.3-3.5, and 3.6+

Restrict wheel packaging for Python 3 only.

Use the wheel for only the 3.x and newer version of Python.
Use eggs for 2.x versions (and others as well).

(adam)

Updated devel/py-anyio, devel/py-xopen

(adam)

py-xopen: updated to 1.2.0

v1.2.0
pbzip2 is now used to open .bz2 files if threads is greater than zero.

(adam)

py-anyio: updated to 3.3.2

3.3.2
- Fixed cancellation problem on asyncio where level-triggered cancellation for **all** parent
  cancel scopes would not resume after exiting a shielded nested scope

(adam)

Updated misc/stellarium, www/py-furl

(adam)

py-furl: updated to 2.1.3

v2.1.3
Fixed: Actually drop ';' as a query delimiter.

(adam)

stellarium: updated to 0.21.2

Stellarium v0.21.2

The major changes of this version:

Annual aberration correction. Planet positions are finally very accurate!
Bookmarks replaced by Observation Lists
Politically neutral geonames
Right-click opens plugin configuration
Improved computation of rising, transit, setting times
���Goto next twilight��� functionality
Two new Greek skycultures
Updated Mul-Apin skyculture with new artwork
Improved fidelity of Lunar eclipses
Fixed display of stellar proper motion
Many fixes in core and plugins

(adam)

Updated devel/py-ddt, security/py-josepy

(adam)

py-josepy: updated to 1.10.0

1.10.0 (2021-09-27)
-------------------
* josepy is now compliant with PEP-561: type checkers will fetch types from the inline
  types annotations when josepy is installed as a dependency in a Python project.
* Added a `field` function to assist in adding type annotations for Fields in classes.
  If the field function is used to define a `Field` in a `JSONObjectWithFields` based
  class without a type annotation, an error will be raised.
* josepy's tests can no longer be imported under the name josepy, however, they are still
  included in the package and you can run them by installing josepy with "tests" extras and
  running `python -m pytest`.

1.9.0 (2021-09-09)
------------------
* Removed pytest-cache testing dependency.
* Fixed a bug that sometimes caused incorrect padding to be used when
  serializing Elliptic Curve keys as JSON Web Keys.

(adam)

py-ddt: updated to 1.4.3

1.4.3:
Fix zero padding issue

(adam)

Updated net/py-impacket, devel/cmake

(adam)

cmake: updated to 3.21.3

CMake 3.21.3
* FindBoost: Add support for Boost 1.77
* MSVC: Fix MSVC_TOOLSET_VERSION for VS 2022 v143 toolset
* IRSL: Add discovery of VS 2022 v143 toolset redistributables
* gitlab-ci: Update Windows builds to MSVC 19.29-16.11 toolset
* VS: Fix managed C++ project generation for VS 2022
* VS: Update Visual Studio 17 2022 generator for Preview 4
* HIP: Detect ROCm path earlier
* HIP: Remove ROMClang compiler id and use Clang directly
* HIP: Simplify detection of HIP runtime CMake package
* Android: Restore searching PATH for executables
* IAR: Restore support for projects not enabling policy CMP0057
* FindPython: Ensure homebrew on Mac M1 is used
* Ninja: fix ARMClang paths for Windows
* HIP: Use 'rocm_agent_enumerator' to determine CMAKE_HIP_ARCHITECTURES
* KWSys: SystemTools: Ensure Windows Vista APIs are available before using them

(adam)

py-impacket: updated to 0.9.23

Impacket v0.9.23:

Library improvements

Support connect timeout with SMBTransport
Speeding up DcSync
Fixed Python3 issue when serving SOCKS5 requests
Moved docker container to Python 3.8
Added basic GitHub Actions workflow
Fixed Path Traversal vulnerabilities in smbserver.py - CVE-2021-31800
Fixed POST request processing in httprelayserver.py
Added cat command to smbclient.py
Added new features to the LDAP Interactive Shell to facilitate AD exploitation
Python 3.9 support

Examples improvements

addcomputer.py:
Enable the machine account created via SAMR
getST.py:
Added exploit for CVE-2020-17049 - Kerberos Bronze Bit attack
Compute NTHash and AESKey for the Bronze Bit attack automatically
ntlmrelayx.py:
Fixed target parsing error
wmipersist.py:
Fixed filterBinding error
Added PowerShell option for semi-interactive shells in dcomexec.py, smbexec.py and wmiexec.py
Added new parameter to select COMVERSION in dcomexec.py, wmiexec.py, wmipersist.py and wmiquery.py

New examples

Get-GPPPassword.py: This example extracts and decrypts Group Policy Preferences passwords using streams for treating files instead of mounting shares. Additionally, it can parse GPP XML files offline
smbpasswd.py: This script is an alternative to smbpasswd tool and intended to be used for changing expired passwords remotely over SMB (MSRPC-SAMR)

(adam)

Updated devel/meson, www/curl

(adam)

curl: updated to 7.79.1

Fixed in 7.79.1

Bugfixes:

Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1

(adam)

meson: updated to 0.59.1

0.59.0:
Unescaped variables in pkgconfig files
The custom_target() function now accepts a feed argument
Separate functions for qt preprocess
Cython as as first class language
Support for the Wine Resource Compiler
New vs2012 and vs2013 backend options
Developer environment
Fs Module now accepts files objects
Compiler argument checking for get_supported_arguments
New custom dependency for libintl
Parallelized meson subprojects commands
Using Vala no longer requires C in the project languages
The import() function gains required and disabler arguments
Objective C/C++ standard versions
Qt.preprocess source arguments deprecated
New build target methods
Automatically set up Visual Studio environment
gnome.compile_schemas() sets GSETTINGS_SCHEMA_DIR into devenv
update_desktop_database added to gnome.post_install()

(adam)

gcc10: allow builds on Darwin 21

(adam)

py-gevent: another PLIST fix for Python 2.7

(adam)

py-approvaltests: fix PLIST

(adam)

net-snmp: allow build on newer Darwin; fix #55927

(adam)

py-gevent: fix PLIST for Python 2.7

(adam)

lldb: add missing patch

(adam)

gdk-pixbuf2: fix building on Darwin

(adam)

Updated net/py-responses, devel/py-rope

(adam)

py-rope: updated to 0.20.1

Release 0.20.1

Bug fixes
- Fix caller of `_namedexpr_last()` throwing exception due to returning unexpected list
  instead of boolean

Release 0.20.0

New feature
- Added the ability to extract method to @staticmethod/@classmethod (@climbus)
- Changed Organize import to keep variables listed in `__all__`
- Change default .ropeproject/config.py to ignore code in folders named
  .venv and venv (@0x1e02)

Syntax support
- Add extract method refactoring of code containing `exec` (@ceridwen)
- Add extract method refactoring of code containing `async def`, `async for`, and `await`
- Support extract method of expressions containing inline assignment (walrus operator)

Bug fixes
- Fix list of variables that are returned and/or turned into argument when extracting method in a loop

(adam)

py-responses: updated to 0.14.0

0.14.0
------
* Added `responses.matchers`.
* Moved `responses.json_params_matcher` to `responses.matchers.json_params_matcher`
* Moved `responses.urlencoded_params_matcher` to
  `responses.matchers.urlencoded_params_matcher`
* Added `responses.matchers.query_param_matcher`. This matcher allows you
  to match query strings with a dictionary.
* Added `auto_calculate_content_length` option to `responses.add()`. When
  enabled, this option will generate a `Content-Length` header
  based on the number of bytes in the response body.

(adam)

Updated converters/py-charset-normalizer, comms/py-rich

(adam)

py-rich: updated to 10.10.0

10.10.0

Added

Added stdin support to rich.json

Fixed

Fixed pretty printing of objects with fo magic with getattr https://github.com/willmcgugan/rich/issues/1492

(adam)

py-charset-normalizer: updated to 2.0.6

Version 2.0.6

Changes:

Bugfix: �汾� Unforeseen regression with the loss of the backward-compatibility with some older minor of Python 3.5.x
Bugfix: �汾� Fix CLI crash when using --minimal output in certain cases
Improvement: 笨ｨ Minor improvement to the detection efficiency (less than 1%)

Version 2.0.5

Changes:

Internal: �沁ｨ The project now comply with: flake8, mypy, isort and black to ensure a better overall quality
Internal: �沁ｨ The MANIFEST.in was not exhaustive
Improvement: 笨ｨ The BC-support with v1.x was improved, the old staticmethods are restored
Remove: �沐･ The project no longer raise warning on tiny content given for detection, will be simply logged as warning instead
Improvement: 笨ｨ The Unicode detection is slightly improved
Bugfix: �汾� In some rare case, the chunks extractor could cut in the middle of a multi-byte character and could mislead the mess detection
Bugfix: �汾� Some rare 'space' characters could trip up the UnprintablePlugin/Mess detection
Improvement: �沁ｨ Add syntax sugar __bool__ for results CharsetMatches list-container

This release push further the detection coverage to 97 % !

Version 2.0.4

Changes:

Improvement: 笶��ｸ� Adjust the MD to lower the sensitivity, thus improving the global detection reliability
Improvement: 笶��ｸ� Allow fallback on specified encoding if any
Bugfix: �汾� The CLI no longer raise an unexpected exception when no encoding has been found
Bugfix: �汾� Fix accessing the 'alphabets' property when the payload contains surrogate characters
Bugfix: �汾� 笨擾ｸ� The logger could mislead (explain=True) on detected languages and the impact of one MBCS match
Bugfix: �汾� Submatch factoring could be wrong in rare edge cases
Bugfix: �汾� Multiple files given to the CLI were ignored when publishing results to STDOUT. (After the first path)
Internal: �沁ｨ Fix line endings from CRLF to LF for certain files

(adam)

Updated net/dnsmasq, textproc/py-phonenumbers

(adam)

py-phonenumbers: updated to 8.12.31

What's new in 8.12.24

Merge to upstream commit e9d8d84f531b; relevant code changes:

Updated As-You-Type-Formatter to exclude patterns where some digits would be dropped in the output. This also fixes the bug where an extra country code is added in some cases to the user's output. b/183053929

(adam)

dnsmasq: updated to 2.86

version 2.86

Handle DHCPREBIND requests in the DHCPv6 server code.
Thanks to Aichun Li for spotting this omission, and the initial
patch.

Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load. The code
checked that at least one free process table slot was
available before listening on TCP sockets, but didn't take
into account that more than one TCP connection could
arrive, so that check was not sufficient to ensure that
there would be slots for all new processes. It compounded
this error by silently failing to store the process when
it did run out of slots. Even when this bug is triggered,
all the right things happen, and answers are still returned.
Only under very exceptional circumstances, does the bug
manifest itself: see
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/014976.html
Thanks to Tijs Van Buggenhout for finding the conditions under
which the bug manifests itself, and then working out
exactly what was going on.

Major rewrite of the DNS server and domain handling code.
This should be largely transparent, but it drastically
improves performance and reduces memory foot-print when
configuring large numbers domains of the form
local=/adserver.com/
or
local=/adserver.com/#
Lookup times now grow as log-to-base-2 of the number of domains,
rather than greater than linearly, as before.
The change makes multiple addresses associated with a domain work
address=/example.com/1.2.3.4
address=/example.com/5.6.7.8
It also handles multiple upstream servers for a domain better; using
the same try/retry algorithms as non domain-specific servers. This
also applies to DNSSEC-generated queries.
Finally, some of the oldest and gnarliest code in dnsmasq has had
a significant clean-up. It's far from perfect, but it _is_ better.

Revise resource handling for number of concurrent DNS queries. This
used to have a global limit, but that has a problem when using
different servers for different upstream domains. Queries which are
routed by domain to an upstream server which is not responding will
build up and trigger the limit, which breaks DNS service for
all other domains which could be handled by other servers. The
change is to make the limit per server-group, where a server group
is the set of servers configured for a particular domain. In the
common case, where only default servers are declared, there is
no effective change.

Improve efficiency of DNSSEC. The sharing point for DNSSEC RR data
used to be when it entered the cache, having been validated. After
that queries requiring the KEY or DS records would share the cached
values. There is a common case in dual-stack hosts that queries for
A and AAAA records for the same domain are made simultaneously.
If required keys were not in the cache, this would result in two
requests being sent upstream for the same key data (and all the
subsequent chain-of-trust queries.) Now we combine these requests
and elide the duplicates, resulting in fewer queries upstream
and better performance. To keep a better handle on what's
going on, the "extra" logging mode has been modified to associate
queries and answers  for DNSSEC queries in the same way as ordinary
queries. The requesting address and port have been removed from
DNSSEC logging lines, since this is no longer strictly defined.

Connection track mark based DNS query filtering. Thanks to
Etan Kissling for implementing this It extends query filtering
support beyond what is currently possible
with the `--ipset` configuration option, by adding support for:
1) Specifying allowlists on a per-client basis, based on their
  associated Linux connection track mark.
2) Dynamic configuration of allowlists via Ubus.
3) Reporting when a DNS query resolves or is rejected via Ubus.
4) DNS name patterns containing wildcards.
Disallowed queries are not forwarded; they are rejected
with a REFUSED error code.

Allow smaller than 64 prefix lengths in synth-domain, with caveats.
--synth-domain=1234:4567::/56,example.com is now valid.

Make domains generated by --synth-domain appear in replies
when in authoritative mode.

Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.

When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read (alphabetical order
of filename). Thanks to Ed Wildgoose for the initial patch
and motivation for this.

(adam)

Updated lang/nodejs12, lang/nodejs

(adam)

nodejs: updated to 14.17.6

Version 14.17.6 'Fermium' (LTS)

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

Version 14.17.5 'Fermium' (LTS)

This is a security release.

Notable Changes

CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

(adam)

nodejs12: updated to 12.22.6

Version 12.22.6 'Erbium' (LTS)

This is a security release.

Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

Version 12.22.5 'Erbium' (LTS)

This is a security release.

Notable Changes

CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

Version 12.22.4 'Erbium' (LTS)

This is a security release.

Notable Changes

CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

(adam)

Updated graphics/gd, www/py-flask-restful

(adam)

py-flask-restful: updated to 0.3.9

Version 0.3.9
Compatibility with Flask 2.0

(adam)

gd: updated to 2.3.3

2.3.3:

The LibGD team is proud to announce the 2.3.3 release of libgd. This release brings a few fixes as well as improved compilations and builds on all platforms. On Windows, vcpkg to install libGd dependencies is now well supported.

Fixed

* update cmake to generate config.h in the build dir
* gdPutBuf return value check
* HEIF builds fail with latest distros
* segfault in heif tests due to missing label.heic
* Test failure avif/compare_avif_to_png with libavif-0.8.2
* imagecopyresampled() produce artifacts on transparent PNG
* Fixes to build v2.3.0 on Windows with MinGW-w64
* optimize option in gif animation causes segfault
* _gdContributionsCalc() always uses DEFAULT_BOX_RADIUS
* gdImageRotateInterpolated() converts the source image to truecolor
* CMake and Makefiles build broken on Windows
* gdImageScaleTwoPass() looses top row and left column

(adam)

Updated net/qbittorrent, www/apache24

(adam)

qbittorrent: updated to 4.3.8

v4.3.8
- BUGFIX: Delay processing of watched folders
- BUGFIX: Use the same icon for selecting folders/files (Chocobo1)
- BUGFIX: Use default upper limits for ddns entries (Chocobo1)
- WEBUI: Expose SSRF mitigation
- WEBUI: Update webui libraries (Chocobo1)
- WEBUI: Group trackers by hostname
- WEBUI: Improve "last activity" calculation in WebAPI
- WINDOWS: NSIS: Add Polish translation

(adam)

apache24: updated to 2.4.49

Changes with Apache 2.4.49

*) SECURITY: CVE-2021-40438 (cve.mitre.org)
  mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]

*) SECURITY: CVE-2021-39275 (cve.mitre.org)
  core: ap_escape_quotes buffer overflow

*) SECURITY: CVE-2021-36160 (cve.mitre.org)
  mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]

*) SECURITY: CVE-2021-34798 (cve.mitre.org)
  core: null pointer dereference on malformed request

*) SECURITY: CVE-2021-33193 (cve.mitre.org)
  mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]

*) core/mod_proxy/mod_ssl:
  Adding `outgoing` flag to conn_rec, indicating a connection is
  initiated by the server to somewhere, in contrast to incoming
  connections from clients.
  Adding 'ap_ssl_bind_outgoing()` function that marks a connection
  as outgoing and is used by mod_proxy instead of the previous
  optional function `ssl_engine_set`. This enables other SSL
  module to secure proxy connections.
  The optional functions `ssl_engine_set`, `ssl_engine_disable` and
  `ssl_proxy_enable` are now provided by the core to have backward
  compatibility with non-httpd modules that might use them. mod_ssl
  itself no longer registers these functions, but keeps them in its
  header for backward compatibility.
  The core provided optional function wrap any registered function
  like it was done for `ssl_is_ssl`.
  [Stefan Eissing]

*) mod_ssl: Support logging private key material for use with
  wireshark via log file given by SSLKEYLOGFILE environment
  variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]

*) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
  "ProxyPassInterpolateEnv On" are configured.  PR 65549.
  [Joel Self <joelself gmail.com>]

*) mpm_event: Fix children processes possibly not stopped on graceful
  restart.  PR 63169.  [Joel Self <joelself gmail.com>]

*) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
  protocols from mod_proxy_http, and a timeout triggering falsely when
  using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
  upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]

*) mod_unique_id: Reduce the time window where duplicates may be generated
  PR 65159
  [Christophe Jaillet]

*) mpm_prefork: Block signals for child_init hooks to prevent potential
  threads created from there to catch MPM's signals.
  [Ruediger Pluem, Yann Ylavic]

*) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
  PR 65159" added in 2.4.47.
  This causes issue on Windows.
  [Christophe Jaillet]

*) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]

*) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
  as successful or a staged renewal is replacing the existing certificates.
  This avoid potential mess ups in the md store file system to render the active
  certificates non-working. [@mkauf]

*) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
  [Yann Ylavic]

*) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
  connections. If ALPN protocols are provided and sent to the
  remote server, the received protocol selected is inspected
  and checked for a match. Without match, the peer handshake
  fails.
  An exception is the proposal of "http/1.1" where it is
  accepted if the remote server did not answer ALPN with
  a selected protocol. This accomodates for hosts that do
  not observe/support ALPN and speak http/1.x be default.

*) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
  with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
  [Yann Ylavic]

*) mod_dav: Add method_precondition hook. WebDAV extensions define
  conditions that must exist before a WebDAV method can be executed.
  This hook allows a WebDAV extension to verify these preconditions.
  [Graham Leggett]

*) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
  modules apart from versioning implementations to handle the REPORT method.
  [Graham Leggett]

*) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
  dav_get_resource() to mod_dav.h. [Graham Leggett]

*) core: fix ap_escape_quotes substitution logic. [Eric Covener]

*) Easy patches: synch 2.4.x and trunk
  - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
  - mod_ldap: log and abort locking errors.
  - mod_ldap: style fix for r1831165
  - mod_ldap: build break fix for r1831165
  - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
  - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
  - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
  - mod_rewrite: Save a few cycles.
  - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
  - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
  [Christophe Jaillet]

*) core/mpm: add hook 'child_stopping` that gets called when the MPM is
  stopping a child process. The additional `graceful` parameter allows
  registered hooks to free resources early during a graceful shutdown.
  [Yann Ylavic, Stefan Eissing]

*) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
  balancer-manager, which can lead to a crash.  [Yann Ylavic]

*) mpm_event: Fix graceful stop/restart of children processes if connections
  are in lingering close for too long.  [Yann Ylavic]

*) mod_md: fixed a potential null pointer dereference if ACME/OCSP
  server returned 2xx responses without content type. Reported by chuangwen.
  [chuangwen, Stefan Eissing]

*) mod_md:
  - Domain names in `<MDomain ...>` can now appear in quoted form.
  - Fixed a failure in ACME challenge selection that aborted further searches
    when the tls-alpn-01 method did not seem to be suitable.
  - Changed the tls-alpn-01 setup to only become unsuitable when none of the
    dns names showed support for a configured 'Protocols ... acme-tls/1'. This
    allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
  [Stefan Eissing]

*) Add CPING to health check logic. [Jean-Frederic Clere]

*) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]

*) core, h2: common ap_parse_request_line() and ap_check_request_header()
  code. [Yann Ylavic]

*) core: Add StrictHostCheck to allow unconfigured hostnames to be
  rejected. [Eric Covener]

*) htcacheclean: Improve help messages.  [Christophe Jaillet]

(adam)

Updated devel/py-minidump, security/py-asyncssh

(adam)

py-asyncssh: updated to 2.7.2

Release 2.7.2
* Fixed a regression related to server host key selection when attempting
  to use a leading '+' to add algorithms to the front of the default list.
* Fixed logging to properly handle SFTPName objects with string filenames.
* Fixed SSH_EXT_INFO to only be sent after the first key exchange.

(adam)

py-minidump: updated to 0.0.20

0.0.20:
Minor fixes

0.0.19:
Minor fixes in the VAS memory search function, adding timestamp print to modules.

(adam)

Added textproc/cJSON; Updated devel/py-faker

(adam)

py-faker: updated to 8.13.2

v8.13.2
* Fixed: region_codes for bic must have 9 digits.

v8.13.1
* Change ``fi_FI`` Provinces to Regions.

v8.13.0
* ``uk_UA`` address provider - fix streets and cities names, added regions.

v8.12.3
* Fix missing underscores in ``mac_platform_token``.

v8.12.2
*  Remove period/fullstop from ``en_GB`` prefixes.

(adam)

cJSON: added version 1.7.15

cJSON aims to be the dumbest possible parser that you can get your job done
with. It's a single file of C, and a single header file.

(adam)

Updated www/nginx, www/nginx-devel

(adam)

nginx-devel: updated to 1.21.3

Changes with nginx 1.21.3                                        07 Sep 2021

    *) Change: optimization of client request body reading when using
      HTTP/2.

    *) Bugfix: in request body filters internal API when using HTTP/2 and
      buffering of the data being processed.

Changes with nginx 1.21.2                                        31 Aug 2021

    *) Change: now nginx rejects HTTP/1.0 requests with the
      "Transfer-Encoding" header line.

    *) Change: export ciphers are no longer supported.

    *) Feature: OpenSSL 3.0 compatibility.

    *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
      are now passed to the mail proxy authentication server.
      Thanks to Rob Mueller.

    *) Feature: request body filters API now permits buffering of the data
      being processed.

    *) Bugfix: backend SSL connections in the stream module might hang after
      an SSL handshake.

    *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
      newer, did not affect loading of the server certificates when set
      with "@SECLEVEL=N" in the "ssl_ciphers" directive.

    *) Bugfix: SSL connections with gRPC backends might hang if select,
      poll, or /dev/poll methods were used.

    *) Bugfix: when using HTTP/2 client request body was always written to
      disk if the "Content-Length" header line was not present in the
      request.

(adam)

nginx: updated nchan module; bumped revision

1.2.10 (Aug. 25 2021)
fix: Nchan could not be built without openssl due to hiredis dependency
      (introduced in v1.2.9)
feature: allow no separator for http-raw-stream (thanks @sclem)

1.2.9 (Aug. 12 2021)
feature: Redis cluster reconfiguration check timer,
      nchan_redis_cluster_check_interval setting
fix: detect Redis cluster reconfiguration when publishing messages in "nostore" mode
update: hiredis updated to v1.0.0
fix: segfault on out-of-shared-memory condition for multiplexed publishers

(adam)

Updated security/py-acme, security/py-certbot*

(adam)

py-acme py-certbot*: updated to 1.19.0

Certbot 1.19.0

Added

The certbot-dns-rfc2136 plugin always assumed the use of an IP address as the
target server, but this was never checked. Until now. The plugin raises an error
if the configured target server is not a valid IPv4 or IPv6 address.
Our acme library now supports requesting certificates for IP addresses.
This feature is still unsupported by Certbot and Let's Encrypt.

Changed

Several attributes in certbot.display.util module are deprecated and will
be removed in a future release of Certbot. Any import of these attributes will
emit a warning to prepare the transition for developers.
zope based interfaces in certbot.interfaces module are deprecated and will
be removed in a future release of Certbot. Any import of these interfaces will
emit a warning to prepare the transition for developers.
We removed the dependency on chardet from our acme library. Except for when
downloading a certificate in an alternate format, our acme library now
assumes all server responses are UTF-8 encoded which is required by RFC 8555.

Fixed

Fixed parsing of Defined values in the Apache plugin to allow for = in the value.
Fixed a relatively harmless crash when issuing a certificate with --quiet/-q.

(adam)

Updated net/grpc, net/py-grpcio, net/py-grpcio-testing, net/py-grpcio-tools

(adam)

grpc: updated to 1.40.0

Release v1.40.0

Core

Update Envoy API to the latest version (2021-07-30).
Enable retries by default.
Add opentelemetry as a submodule for latest xDS API.
Pointing the protobuf submodule to the new URL.
Remove BUILD.gn.
Prevent race causing early-destruction of grpc_winsocket object when creating a TCP connection.
TLS Security Connector: Add an always-fail-handshaker when certificates are not ready.
Enable layering checks in the Bazel build.
Support user provided "scope" in JWT and GDC.

C++

C++ opencensus filter: Fix point of creating context for overall call.
Open census call attempt span name and attribute changes
Open census filter: Use new internal stats API and record retry stats.
Add OpenCensus measures and views for retries.

Python

Add retry example for gRPC Python.
Remove Python 2.7 binary wheel generations.
[Aio][fix] catch application exception in request iterators.

(adam)

Updated devel/py-dialog, net/py-lexicon

(adam)

py-lexicon: updated to 3.7.0

3.7.0

Added

Add the Vercel provider (formerly known as Zeit)
Add the OpenShift Cloud Infrastructure (OCI) DNS provider

Modified

Keep old Zeit provider for compatibility purpose with deprecation notices
Support multiple domain statuses for Joker provider

(adam)

py-dialog: updated to 3.5.2

Release 3.5.2

Update ChangeLog.init (improve some log messages)

demo: add example of an msgbox with timeout

* examples/demo.py: add method MyApp.timeout_demo(), which shows how to
detect a timeout when an msgbox has been presented to the user.

Fix related to the 'timeout' option (--timeout for dialog)

* dialog.py (Dialog._perform): ignore the dialog output when a timeout
occurred, which we know thanks to the exit code. Without this change,
output parsing or checking (e.g., in Dialog._widget_with_no_output())
would be broken by the '\ntimeout\n' string printed by dialog in such
cases (seen with msgbox, at least).

It might be that parsing is still disturbed for some widgets when a
timeout occurs, if they never produce an empty output in a no-timeout
situation: this remains to be checked. Also, it appears that the
--timeout option doesn't work with all widgets in the dialog
backend (tested with dialog 1.3-20201126: 'msgbox', 'checklist' and
'menu' support --timeout; 'inputbox' and 'mixedform' don't; other
widgets untested with this option).

Show use of d.add_persistent_args(["--no-nl-expand"]) in examples

* Using this option is quite relevant when using pythondialog. Thanks to
ChristianTacke for the report. Closes:
<https://github.com/frougon/pythondialog/issues/8>.

Improve support for the --timeout dialog option

* Set DIALOG_TIMEOUT in the environment when invoking dialog; this
allows us to distinguish between DIALOG_TIMEOUT and DIALOG_ESC. Add
the corresponding TIMEOUT attribute to the Dialog class.

(adam)

Updated devel/py-setuptools, net/py-tldextract

(adam)

py-tldextract: updated to 3.1.2

3.1.2 (2021-09-01)

* Misc.
    * Only run pylint in Tox environments, i.e. CI, not by default in tests

(adam)

py-setuptools: updated to 57.5.0

v57.5.0

Changes

Added implicit globbing support for [options.data_files] values.

Documentation changes

fix various syntax and style errors in code snippets in docs

(adam)

Updated devel/libatomic_ops, sysutils/ansible-base

(adam)

ansible-base: updated to 2.10.14

v2.10.14
========

Bugfixes
--------
- Restructured pipelining settings to be at the connection plugins leaving base config as global and for backwards compatiblity.
- command module, clarify order of remove/creates checks.
- command module, correctly handles chdir to symlinks.
- command module, move to standarized messages in 'msg' vs abusing 'stdout'.
- command module, now all options work in ad-hoc execution.
- command module, now always returns what we documented as 'returns always'.
- make previous versions compatible we new attributres w/o implementing them.

(adam)

libatomic_ops: updated to 7.6.12

Changes 7.6.12

Allow to generalize bool-CAS for sparc (gcc)
Declare argument of AO_load_next with const in atomic_ops_stack
Describe double_compare_and_swap operation in README_details
Document CAS operations better in README_details
Fix gcc/sunc x86 AO_compare_double_and_swap_double missing side effect
Fix library name in README_details
Fix link fail caused by missing GCC char/short atomic primitives on riscv64
Fix size of local variable passed to cas[x] (gcc/sparc)
Implement fetch-CAS for sparc (gcc)
Refactor gcc x86 memory constraints
Refine and reformat description of size prefix in README_details
Remove outdated notes in README_details
Replace x86 setz instruction by asm flag output operand (gcc)
Support MSYS host (configure)
Turn off compare_double_and_swap_double_full PIC hack for GCC 5+ (x86)
Update README_win32 to match Makefile.msft
Use GCC atomic intrinsics for s390x (clang 8.0+ and gcc 5.4+)
Use __alignof__ instead of sizeof in atomic variable alignment assertions
Workaround assertion violation in AO_load/store on m68k

(adam)

Updated www/py-httpcore, multimedia/libass

(adam)

libass: updated to 0.15.2

Release 0.15.2

This is a bug fix release without API or ABI changes, mainly to fix more known 0.15.0 and 0.15.1 regressions. But as a bonus, it is now possible to build the DirectWrite system font provider for Microsoft窶冱 Universal Windows Platform (UWP).

Two known minor 0.15.x DirectWrite system font regressions remain:

when a font is attached/memory-loaded but a different (non-attached) style of the same font is used by the subtitles
(only the attached style[s] will be used; this also affects Core Text since 0.13.0 but not Fontconfig);

in the unlikely case that the full name of a system font equals the family name of another system font
(only the family name matches will be found).

Also please note that our IRC channel #libass has moved from freenode.net to Libera.Chat, and all presence on freenode.net has been fully retired.

Changes:

Fix some known 0.15.x regressions:
Fix Core Text font fallback failing on some fonts with multiple names
Fix DirectWrite failing to look up any but the first loaded variant of system fonts
Fix some format string bugs, which could lead to garbled log messages or on some platforms crashes
Fix ass_set_fonts_dir failing to load long paths
Better handling of control characters that have no associated font glyphs
DirectWrite: font lookup is now closer to VSFilter
DirectWrite: this font provider can now be built for UWP

(adam)

py-httpcore: updated to 0.13.7

0.13.7
- Fix broken error messaging when URL scheme is missing, or a non HTTP(S) scheme is used.

(adam)

Updated net/py-zeep, finance/py-eth-hash

(adam)

py-eth-hash: updated to 0.3.2

eth-hash v0.3.2 (2021-09-03)

Miscellaneous changes

Drop eth-utils requirement, to fix dependency cycle

(adam)

py-zeep: updated to 4.1.0

4.1.0 (2021-08-15)
------------------
- Remove last dependency on `six`
- Use `platformdirs` instead of the `appsdirs` dependency
- Pass digest method when signing timestamp node
- Fix settings context manager when an exception is raised
- Don't render decimals using scientific notation
- Remove dependency on `defusedxml` (deprecated)
- Improve handling of str values for Duration

(adam)

Updated databases/tdb, net/samba4

(adam)

samba4: updated to 4.3.11

Changes since 4.13.10
* BUG 14769: smbd panic on force-close share during offload write.
* BUG 14731: Fix returned attributes on fake quota file handle and avoid
  hitting the VFS.
* BUG 14783: smbd "deadtime" parameter doesn't work anymore.
* BUG 14787: net conf list crashes when run as normal user.
* BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap
  7.3.7.
* BUG 14793: Start the SMB encryption as soon as possible.
* BUG 14792: Winbind should not start if the socket path for the privileged
  pipe is too long.

(adam)

tdb: updated to 1.4.5

1.4.5:
Unknown changes

(adam)

Updated devel/py-bitarray, security/py-asyncssh

(adam)

py-asyncssh: updated to 2.7.1

Release 2.7.1 (6 Sep 2021)
--------------------------

* Added an option to allow encrypted keys to be ignored when no passphrase
  is set. This behavior previously happened by default when loading keys
  from default locations, but now this option to load_keypairs() can be
  specified when loading any set of keys.

* Changed loading of default keys to automatically skip key types which
  aren't supported due to missing dependencies.

* Added the ability to specify "default" for server_host_key_algs, as
  a way for a client to request that its full set of default algorithms
  be advertised to the server, rather than just the algorithms matching
  keys in the client's known hosts list. Thanks go to Manfred Kaiser
  for suggesting this improvement.

* Added support for tilde-expansion in the config file "include"
  directive. Thanks go to Zack Cerza for reporting this and suggesting
  a fix.

* Improved interoperatbility of AsyncSSH SOCKS listener by sending a zero
  address rather than an empty hostname in the SOCKS CONNECT response.
  Thanks go to Github user juouy for reporting this and suggesting a fix.

* Fixed a couple of issues related to sending SSH_EXT_INFO messages.

* Fixed an issue with using SSHAcceptor as an async context manager.
  Thanks go to Paulo Costa for reporing this.

* Fixed an issue where a tunnel wasn't always cleaned up properly when
  creating a remote listener.

* Improved handling of connection drops, avoiding exceptions from being
  raised in some cases when the transport is abruptly closed.

* Made AsyncSSH SFTP support more tolerant of file permission values with
  undefined bits set. Thanks go to GitHub user ccwufu for reporting this.

* Added some missing key exchange algorithms in the AsyncSSH documentation.
  Thanks go to Jeremy Norris for noticing and reporting this.

* Added support for running AsyncSSH unit tests on systems with OpenSSL
  3.0 installed. Thanks go to Ken Dreyer for raising this issue and
  pointing out the new OpenSSL "provider" support for legacy algorithms.

(adam)

py-bitarray: updated to 2.3.4

2021-09-12  2.3.4:
-------------------
* Fix `util.ba2int()` for frozenbitarrays.  A bug was introduced in 2.3.0
  as `.tobytes()` no longer treats pad bits for read-only buffers as zero.
* add tests

2021-09-05  2.3.3:
-------------------
* improve some error messages
* add tests

2021-08-23  2.3.2:
-------------------
* fix slice assignment for shared buffer with offset case
* add tests (including internal debug mode tests for `buffers_overlap()`)

2021-08-20  2.3.1:
-------------------
* fix special shared buffer copy case
* add and improve tests

(adam)

Updated devel/pango

(adam)

pango: updated to 1.48.9

Overview of changes in 1.48.9
=============================
* Require fribidi 1.0.6
* Clean up fribidi api usage
* Fix a bug in the gravity data table

Overview of changes in 1.48.8
=============================
* Rename git `master` branch to `main`
* Fix threadsafety issues with Thai
* Fix a rounding problem on i386
* Fix font choice for ellipsis
* Fix a crash if no fonts are found

(adam)

Updated devel/glib2, devel/glib2-tools, devel/gdbus-codegen

(adam)

glib2: updated to 2.68.4

Overview of changes in GLib 2.68.4
==================================

* Bugs fixed:
- Read past the end of buffer in g_win32_package_parser_enum_packages
- Backport !2155 “glocalfilemonitor: Avoid a deadlock on finalization” to glib-2-68
- Backport !2174 “data-to-c.py: generate new-line at the end of the file” to glib-2-68
- Backport !2180 “correctly use 3 parameters for close_range” to glib-2-68
- Backport !2185 “glocalfile: Fix the global trash dir detection” to glib-2-68
- Backport !2208 “g_string_replace: Don't replace empty string more than once per location” to glib-2-68
- Backport GWin32AppInfo fixes to glib-2-68

* Translation updates:
- Chinese (China)
- Chinese (Taiwan)
- Occitan (post 1500)

(adam)

Updated devel/py-astroid, devel/py-pylint

(adam)

py-pylint: updated to 2.10.2

What's New in Pylint 2.10.2?
============================
* We now use platformdirs instead of appdirs since the latter is not maintained.
* Fix a crash in the checker raising ``shallow-copy-environ`` when failing to infer
  on ``copy.copy``

What's New in Pylint 2.10.1?
============================
* pylint does not crash when PYLINT_HOME does not exist.

What's New in Pylint 2.10.0?
============================
* pyreverse: add option to produce colored output.
* pyreverse: add output in PlantUML format.
* ``consider-using-with`` is no longer triggered if a context manager is returned from a function.
* pylint does not crash with a traceback anymore when a file is problematic. It
  creates a template text file for opening an issue on the bug tracker instead.
  The linting can go on for other non problematic files instead of being impossible.
* pyreverse: Show class has-a relationships inferred from the type-hint
* Fixed a crash when importing beyond the top level package during ``import-error``
  message creation
* Added ``ignored-parents`` option to the design checker to ignore specific
  classes from the ``too-many-ancestors`` check (R0901).
* Added ``unspecified-encoding``: Emitted when open() is called without specifying an encoding
* Improved the Similarity checker performance. Fix issue with ``--min-similarity-lines`` used with ``--jobs``.
* Don't emit ``no-member`` error if guarded behind if statement.
* The default for ``PYLINTHOME`` is now the standard ``XDG_CACHE_HOME``, and pylint now uses ``appdirs``.
* Added ``use-list-literal``: Emitted when ``list()`` is called with no arguments instead of using ``[]``
* Added ``use-dict-literal``: Emitted when ``dict()`` is called with no arguments instead of using ``{}``
* Added optional extension ``consider-ternary-expression``: Emitted whenever a variable is assigned in both branches of an if/else block.
* Added optional extension ``while-used``: Emitted whenever a ``while`` loop is used.
* Added ``forgotten-debug-statement``: Emitted when ``breakpoint``, ``pdb.set_trace`` or ``sys.breakpointhook`` calls are found
* Fix false-positive of ``unused-private-member`` when using nested functions in a class
* Fix crash for ``unused-private-member`` that occurred with nested attributes.
* Fix a false positive for ``unused-private-member`` with class names
* Fix false positives for ``superfluous-parens`` with walrus operator, ternary operator and inside list comprehension.
* Added ``format-string-without-interpolation`` checker: Emitted when formatting is applied to a string without any variables to be replaced
* Refactor of ``--list-msgs`` & ``--list-msgs-enabled``: both options now show whether messages are emittable with the current interpreter.
* Fix false negative for ``used-before-assignment`` when the variable is assigned
  in an exception handler, but used outside of the handler.
* Added ``disable-next`` option: allows using `# pylint: disable-next=msgid` to disable a message for the following line
* Added ``redundant-u-string-prefix`` checker: Emitted when the u prefix is added to a string
* Fixed ``cell-var-from-loop`` checker: handle cell variables in comprehensions within functions,
  and function default argument expressions. Also handle basic variable shadowing.
* Fixed bug with ``cell-var-from-loop`` checker: it no longer has false negatives when
  both ``unused-variable`` and ``used-before-assignment`` are disabled.
* Fix false postive for ``invalid-all-format`` if the list or tuple builtin functions are used
* Config files can now contain environment variables
* Fix false-positive ``used-before-assignment`` with an assignment expression in a ``Return`` node
* Added ``use-sequence-for-iteration``: Emitted when iterating over an in-place defined ``set``.
* ``CodeStyleChecker``
  * Limit ``consider-using-tuple`` to be emitted only for in-place defined ``lists``.
  * Emit ``consider-using-tuple`` even if list contains a ``starred`` expression.
* Ignore decorators lines by similarities checker when ignore signatures flag enabled
* Allow ``true`` and ``false`` values in ``pylintrc`` for better compatibility with ``toml`` config.
* Class methods' signatures are ignored the same way as functions' with similarities "ignore-signatures" option enabled
* Improve performance when inferring ``Call`` nodes, by utilizing caching.
* Improve error message for invalid-metaclass when the node is an Instance.

(adam)

py-astroid: updated to 2.7.3

What's New in astroid 2.7.3?
============================
* The transforms related to a module are applied only if this module has not been explicitly authorized to be imported
  (i.e is not in AstroidManager.extension_package_whitelist). Solves the following issues if numpy is authorized to be imported
  through the `extension-pkg-allow-list` option.
* Fixed bug in attribute inference from inside method calls.
* Fixed bug in inference for superclass instance methods called
  from the class rather than an instance.
* Fixed bug in inference of chained attributes where a subclass
  had an attribute that was an instance of its superclass.
* Adds a brain for the ctypes module.
* When processing dataclass attributes, exclude the same type hints from abc.collections
  as from typing.
* Apply dataclass inference to pydantic's dataclasses.

What's New in astroid 2.7.2?
============================
* ``BaseContainer`` is now public, and will replace ``_BaseContainer`` completely in astroid 3.0.
* The call cache used by inference functions produced by ``inference_tip``
  can now be cleared via ``clear_inference_tip_cache``.
* ``astroid.const.BUILTINS`` and ``astroid.bases.BUILTINS`` are not used internally anymore
  and will be removed in astroid 3.0. Simply replace this by the string 'builtins' for better
  performances and clarity.
* Add inference for dataclass initializer method.

What's New in astroid 2.7.1?
============================
* When processing dataclass attributes, only do typing inference on collection types.
  Support for instantiating other typing types is left for the future, if desired.
* Fixed LookupMixIn missing from ``astroid.node_classes``.

What's New in astroid 2.7.0?
============================
* Import from ``astroid.node_classes`` and ``astroid.scoped_nodes`` has been deprecated in favor of
  ``astroid.nodes``. Only the imports from ``astroid.nodes`` will work in astroid 3.0.0.
* Add support for arbitrary Enum subclass hierachies
* Add inference tips for dataclass attributes, including dataclasses.field calls.
  Also add support for InitVar.
* Adds a brain that deals with dynamic import of `IsolatedAsyncioTestCase` class of the `unittest` module.

(adam)

Updated devel/py-hypothesis, graphics/py-altgraph, devel/py-macholib, devel/py-xdis

(adam)

py-xdis: updated to 5.0.12

5.0.12 2021-09-11
=================
* Add Python version 3.9.7
* Document unmarshal beter
* Correct stack information for IMPORT_NAME
* Fix bug in code type handling where bytes were showing up as strings
* More type annotations in master branch. Create more older variations without annotations

(adam)

py-macholib: updated to 1.15.2

macholib 1.15.2
* Explicitly mention Python 3.10 in the project metadata

(adam)

py-altgraph: updated to 0.17.2

0.17.1
* Explicitly mark Python 3.10 as supported in wheel metadata.

(adam)

py-hypothesis: updated to 6.21.0

6.21.0 - 2021-09-11

This release introduces strategies for array/tensor libraries adopting the Array API standard. They are available in the hypothesis.extra.array_api extra, and work much like the existing strategies for NumPy.

6.20.1 - 2021-09-10

This patch fixes issue 961, where calling given() inline on a bound method would fail to handle the self argument correctly.

6.20.0 - 2021-09-09

This release allows slices() to generate step=None, and fixes an off-by-one error where the start index could be equal to size. This works fine for all Python sequences and Numpy arrays, but is undefined behaviour in the Array API standard.

6.19.0 - 2021-09-08

This release makes stateful testing more likely to tell you if you do something unexpected and unsupported:

The return_value health check now applies to rule() and initialize() rules, if they don窶冲 have target bundles, as well as invariant().
Using a consumes() bundle as a target is deprecated, and will be an error in a future version.
If existing code triggers these new checks, check for related bugs and misunderstandings - these patterns never had any effect.

6.18.0 - 2021-09-06

This release teaches from_type() a neat trick: when resolving an typing.Annotated type, if one of the annotations is a strategy object we use that as the inferred strategy. For example:

PositiveInt = Annotated[int, st.integers(min_value=1)]
If there are multiple strategies, we use the last outer-most annotation. See issue 2978 and pull request 3082 for discussion.

Requires Python 3.9 or later for get_type_hints(..., include_extras=False).

6.17.4 - 2021-08-31

This patch makes unique arrays() much more efficient, especially when there are only a few valid elements - such as for eight-bit integers.

6.17.3 - 2021-08-30

This patch fixes the repr of array_shapes().

6.17.2 - 2021-08-30

This patch wraps some internal helper code in our proxies decorator to prevent mutations of method docstrings carrying over to other instances of the respective methods.

6.17.1 - 2021-08-29

This patch moves some internal helper code in preparation for issue 3065. There is no user-visible change, unless you depended on undocumented internals.

6.17.0 - 2021-08-27

This release adds type annotations to the stateful testing API.

Thanks to Ruben Opdebeeck for this contribution!

6.16.0 - 2021-08-27

This release adds the DrawFn type as a reusable type hint for the draw argument of @composite functions.

Thanks to Ruben Opdebeeck for this contribution!

6.15.0 - 2021-08-22

This release emits a more useful error message when @given() is applied to a coroutine function, i.e. one defined using async def.

This was previously only handled by the generic return_value health check, which doesn窶冲 direct you to use either a custom executor or a library such as pytest-trio or pytest-asyncio to handle it for you.

6.14.9 - 2021-08-20

This patch fixes a regression in Hypothesis 6.14.8, where from_type() failed to resolve types which inherit from multiple parametrised generic types, affecting the returns package.

6.14.8 - 2021-08-16

This patch ensures that registering a strategy for a subclass of a a parametrised generic type such as class Lines(Sequence[str]): will not 窶徑eak窶� into unrelated strategies such as st.from_type(Sequence[int]). Unfortunately this fix requires PEP 560, meaning Python 3.7 or later.

6.14.7 - 2021-08-14

This patch fixes issue 3050, where attrs classes could cause an internal error in the ghostwriter.

6.14.6 - 2021-08-07

This patch improves the error message for issue 3016, where PEP 585 builtin generics with self-referential forward-reference strings cannot be resolved to a strategy by from_type().

6.14.5 - 2021-07-27

This patch fixes hypothesis.strategies._internal.types.is_a_new_type. It was failing on Python 3.10.0b4, where NewType is a function.

6.14.4 - 2021-07-26

This patch fixes from_type() and register_type_strategy() for typing.NewType on Python 3.10, which changed the underlying implementation (see bpo-44353 for details).

6.14.3 - 2021-07-18

This patch updates our autoformatting tools, improving our code style without any API changes.

6.14.2 - 2021-07-12

This patch ensures that we shorten tracebacks for tests which fail due to inconsistent data generation between runs (i.e. raise Flaky).

6.14.1 - 2021-07-02

This patch updates some internal type annotations. There is no user-visible change.

(adam)

Updated devel/py-queuelib, devel/py-more-itertools, textproc/py-elementpath, textproc/py-xmlschema

(adam)

py-xmlschema: updated to 1.7.1

`v1.7.1`_ (2021-09-03)
======================
* Activate mypy checks for package
* Fix for issues 257 and 259

`v1.7.0`_ (2021-08-02)
======================
* Make XSD annotation parsing lazy
* Add lazy annotations to schema instances
* Add get_annotation() method to multiple-facets classes

(adam)

py-elementpath: updated to 2.3.1

`v2.3.1`_ (2021-09-07)
======================
* Add LxmlElementProtocol
* Add pytest env to tox.ini

`v2.3.0`_ (2021-09-01)
======================
* Add inline type annotations check support
* Add structural Protocol based type checks (effective for Python 3.8+)

(adam)

py-more-itertools: updated to 8.9.0

8.9.0
-----

* New functions
    * :func:`interleave_evenly` (thanks to mbugert)
    * :func:`repeat_each` (thanks to FinalSh4re)
    * :func:`chunked_even` (thanks to valtron)
    * :func:`map_if` (thanks to sassbalint)
    * :func:`zip_broadcast` (thanks to kalekundert)

* Changes to existing functions
    * The type stub for :func:`chunked` was improved (thanks to  PhilMacKay)
    * The type stubs for :func:`zip_equal` and `zip_offset` were improved (thanks to maffoo)
    * Building Sphinx docs locally was improved (thanks to MarcinKonowalczyk)

(adam)

py-queuelib: updated to 1.6.2

Version 1.6.2
-------------
No functionality changes with respect to 1.6.1
* Added `python_requires>=3.5` to `setup.py`
* Formatted the codebase with `black`
* Added type annotations
* Added CI checks for typing, security and linting

(adam)

libvpx: fix building on Darwin 21

(adam)

Updated devel/py-anyio

(adam)

py-anyio: updated to 3.3.1

**3.3.1**

- Added missing documentation for the ``ExceptionGroup.exceptions`` attribute
- Changed the asyncio test runner not to use uvloop by default (to match the behavior of
  ``anyio.run()``)
- Fixed ``RuntimeError`` on asyncio when a ``CancelledError`` is raised from a task spawned through
  a ``BlockingPortal``
- Fixed asyncio warning about a ``Future`` with an exception that was never retrieved which
  happened when a socket was already written to but the peer abruptly closed the connection

(adam)

Updated devel/py-flexmock, comms/py-esptool

(adam)

py-esptool: updated to 3.1

Version 3.1

New Features

Support for ESP32-C3 SoC has been added
Added --encrypt-files option to specify which files need encryption before flashing.
Added --use_segments option for elf2image to use segments instead of sections to generate the image.
Improved the write_flash timeout calculation and status message.
Support for detecting ESP8285 versions -N08, -N16, -H08, and -H16 has been added.
Added support for all write_reg command forms (including delay and mask parameters) to flasher stub.
Added merge_bin command to combine binary files on host
Extended the --min-rev argument of elf2image to work on all chips apart from ESP8266.
Added diagnostic warnings about the memory regions needing to be erased during a flash write
Added --after no_reset_stub option to keep the flasher stub running and allow its repeated usage.
Added support for the USB-JTAG-Serial peripheral of ESP32-C3.

espsecure.py

Added custom command-line argument to allow calling from other Python scripts.
Added --aes-xts option to encrypt/decrypt flash data files with AES-XTS algorithm on the S2 and C3.
Fixed handling of files to forbid empty output and re-writing input.

espefuse.py

Added custom command-line argument to allow calling from other Python scripts.
Added security measures to prevent burning custom multicast MAC address.
Fixed errors when burning and read-protecting an efuse at the same time
Fixed burning of SPI pins configuration efuses

Internal features

These features are intended for use inside Espressif:

Support for ESP32-S3-beta3 & ESP32-C6-beta have been added. These SoCs are not generally available, so they are unsupported in this release. Official support will be added in a later esptool release.
Support for 32-bit addressing to enable 32/64MB flash memory chips on the S3.

Bug Fixes

Fixed error outputs when installing from pip.
Increased the timeout for writing to flash to improve stability
Fixed failing dump_mem overall bytes read message.
Allowed the write_mem mask argument to be optional to match with its usage example on Wiki.
Ensured expand_file_arguments gets called when using custom command-line arguments.
Fixed SecureBoot v2 public key extraction

Miscellaneous Changes

Decomposed port detection logic.
Added flushing after each command before waiting for a reply.
Made it easier to use esptool.py as a component by permitting passing an already formed esp object to main()
Added function to merge adjacent sections in elf2image for the use case of linker scripts that have a large number of sections.
Decoupled esptool reset logic for easier monkey-patching

(adam)

py-flexmock: updated to 0.10.9

Release 0.10.9

Fixed
- Fix flexmock not mocking methods properly on derived classes.

Release 0.10.8

Fixed
- Fix ``with_args`` not working built-in functions.

Release 0.10.7

Fixed
- Fix ``with_args`` not working built-in methods.
- Fix previous pytest ``--durations`` fix not working.

Release 0.10.6

Fixed
- Fix flexmock broken with Pytest 4 & 5.
- Fix new_instances method not working with Python 2.7.
- Fix multiple expectations for the same classmethod are not matched.

(adam)

Updated devel/py-bitstring; Added converters/py-reedsolo

(adam)

py-reedsolo: added version 1.5.4

A pure-python universal errors-and-erasures Reed-Solomon Codec , based on the
wonderful tutorial at wikiversity, written by "Bobmath" and "LRQ3000".

(adam)

py-bitstring: updated to 3.1.9

version 3.1.9
---------------------------------------
(version 3.1.8 was pulled due to serious issues)
Another maintenance release.

* Fixed a couple of outdated results in the readme (Issue 214).
* Some more documentation tidying.
* Turned off some debug code by default.
* Fixed a couple of failing tests in different Python versions.
* Fix for consistent pos initialisation semantics for different types.
* Change to allow wheels to be uploaded to PyPI.
* More work for LSB0 mode, but still not finished or documented (sorry).

(adam)

Updated audio/faudio, www/py-django-cors-headers

(adam)

py-django-cors-headers: updated to 3.8.0

3.8.0

Add type hints.
Stop distributing tests to reduce package size. Tests are not intended to be run outside of the tox setup in the repository. Repackagers can use GitHub's tarballs per tag.

(adam)

faudio: updated to 21.09

21.09

Fixes:

Game: Refactor Tick() loop to poll events more aggressively. This should dramatically improve input latency for fixed-step games with v-sync off, and stabilize timing in general for fixed-step games with v-sync on. Variable-step games should be unaffected.
SDL2_FNAPlatform: Check for : in our MonoPathRootWorkaround, to detect more rooted paths

(adam)

Updated net/py-zeroconf, devel/py-test

(adam)

py-test: updated to 6.2.5

pytest 6.2.5
Python 3.10 is now supported.
Enable compatibility with ``pluggy 1.0`` or later.

(adam)

py-zeroconf: updated to 0.36.2

0.36.2

Include NSEC records for non-existent types when responding with addresses
0.36.1

Skip goodbye packets for addresses when there is another service registered with the same name

If a ServiceInfo that used the same server name as another ServiceInfo was unregistered, goodbye packets would be sent for the addresses and would cause the other service to be seen as offline.

Fixed equality and hash for dns records with the unique bit

These records should have the same hash and equality since the unique bit (cache flush bit) is not considered when adding or removing the records from the cache.

0.36.0

Technically backwards incompatible:

Fill incomplete IPv6 tuples to avoid WinError on windows

0.35.1

Only reschedule types if the send next time changes

When the PTR response was seen again, the timer was being canceled and rescheduled even if the timer was for the same time. While this did not cause any breakage, it is quite inefficient.

Cache DNS record and question hashes

The hash was being recalculated every time the object was being used in a set or dict. Since the hashes are effectively immutable, we only calculate them once now.

0.35.0

Reduced chance of accidental synchronization of ServiceInfo requests
Sort aggregated responses to increase chance of name compression
Technically backwards incompatible:

Send unicast replies on the same socket the query was received

When replying to a QU question, we do not know if the sending host is reachable from all of the sending sockets. We now avoid this problem by replying via the receiving socket. This was the existing behavior when InterfaceChoice.Default is set.

This change extends the unicast relay behavior to used with InterfaceChoice.Default to apply when InterfaceChoice.All or interfaces are explicitly passed when instantiating a Zeroconf instance.

0.34.3

Fix sending immediate multicast responses
0.34.2

Coalesce aggregated multicast answers

When the random delay is shorter than the last scheduled response, answers are now added to the same outgoing time group.

This reduces traffic when we already know we will be sending a group of answers inside the random delay window described in datatracker.ietf.org/doc/html/rfc6762#section-6.3

Ensure ServiceInfo requests can be answered inside the default timeout with network protection

Adjust the time windows to ensure responses that have triggered the protection against against excessive packet flooding due to software bugs or malicious attack described in RFC6762 section 6 can respond in under 1350ms to ensure ServiceInfo can ask two questions within the default timeout of 3000ms

0.34.1

Ensure multicast aggregation sends responses within 620ms

Responses that trigger the protection against against excessive packet flooding due to software bugs or malicious attack described in RFC6762 section 6 could cause the multicast aggregation response to be delayed longer than 620ms (The maximum random delay of 120ms and 500ms additional for aggregation).

Only responses that trigger the protection are delayed longer than 620ms

0.34.0

Implemented Multicast Response Aggregation

Responses are now aggregated when possible per rules in RFC6762 section 6.4

Responses that trigger the protection against against excessive packet flooding due to software bugs or malicious attack described in RFC6762 section 6 are delayed instead of discarding as it was causing responders that implement Passive Observation Of Failures (POOF) to evict the records.

Probe responses are now always sent immediately as there were cases where they would fail to be answered in time to defend a name.

0.33.4

Ensure zeroconf can be loaded when the system disables IPv6

(adam)

Updated lang/python36, lang/python37, lang/py36-html-docs, lang/py37-html-docs

(adam)

python37: updated to 3.7.12

Python 3.7.12 final

Security

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ���Billion Laughs��� vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

Library

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

(adam)

python36: updated to 3.6.15

Python 3.6.15 final

Security

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ���Billion Laughs��� vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

Library

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

Tests

bpo-38965: Fix test_faulthandler on GCC 10. Use the ���volatile��� keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma.

(adam)

Updated devel/thrift, graphics/py-Pillow

(adam)

py-Pillow: updated to 8.3.2

8.3.2:
- CVE-2021-23437 Raise ValueError if color specifier is too long
- Fix 6-byte OOB read in FliDecode
- Add support for Python 3.10
- Ensure TIFF ``RowsPerStrip`` is multiple of 8 for JPEG compression
- Updates for ``ImagePalette`` channel order
- Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library

(adam)

thrift: updated to 0.14.2

0.14.2

Java
THRIFT-5383 - THRIFT-5383 TJSONProtocol Java readString throws on bounds check

Go
THRIFT-5369 - TConfiguration.GetMaxMessageSize() now also applies to container sizes in TProtocol implementations provided

(adam)

Updated misc/py-platformdirs, devel/py-typing-extensions, devel/py-traitlets, security/py-google-auth-oauthlib

(adam)

py-google-auth-oauthlib: updated to 0.4.6

0.4.6

Bug Fixes
remove dependency on six

(adam)

py-traitlets: updated to 5.1.0

Traitlets 5.1
-------------

Traitlets 5.1 brings a couple of updates and changes to traitlets, and is
recommended for all users. What follow is a non-exhaustive list of changes:

- Removal of the ``ipython_genutils`` dependency, this should remove any direct
  and indirect reliance on ``nose`` and prepare traitlets 5.1 for Python 3.10
  and above compatibility, some test suite changes also accommodate Python 3.10 changes.
  If you package traitlets downstream, make sure to remove this dependency.

- Removal of ``ipython_genutils`` may have change the default encoding detected
  for the command line argument parsing when not utf-8. We expect this to
  affect a small portion of older windows version. If you encounter issue let
  us know.

- Stop recommendation of ``CUnicode`` in some circumstances as it's
  deprecated.

- Our test suite is now using GitHub action instead of travis CI. If you are
  packaging downstream using the git repository, you may have to exclude the
  ``.github`` folder now, and can remove exclusion of

- It fixes a parsing issue for list of one single element on the CLI.

- We reserve the right to remove official support for Python 3.7 in subsequent
  minor revisions.

(adam)

py-typing-extensions: updated to 3.10.0.2

3.10.0.2:
Unknown changes

(adam)

py-pydicom: PLIST fix

(adam)

py-platformdirs: updated to 2.3.0

2.3.0
Add `user_runtime_dir` for `$XDG_RUNTIME_DIR`

(adam)

Updated lang/python3[89], lang/py3[89]-html-docs

(adam)

python39: updated to 3.9.7

Python 3.9.7 final

Security

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-41180: Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 窶廝illion Laughs窶� vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
Core and Builtins
bpo-45018: Fixed pickling of range iterators that iterated for over 2**32 times.
bpo-44962: Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run
bpo-44954: Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way.
bpo-44947: Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo.
bpo-44698: Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex.
bpo-44885: Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo
bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-25782: Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.
bpo-44698: Fix undefined behaviour in complex object exponentiation.
bpo-44562: Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias.
bpo-44523: Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo.
bpo-44472: Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo
bpo-44184: Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner.
bpo-39091: Fix crash when using passing a non-exception to a generator窶冱 throw() method. Patch by Noah Oxer

Library

bpo-41620: run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator.
bpo-43913: Fix bugs in cleaning up classes and modules in unittest:

Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module.
Functions registered with addClassCleanup() were not called if tearDownClass is set to None.
Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup().
Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes.
Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order.
And several lesser bugs.
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
bpo-44449: Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner.
bpo-44955: Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator.
bpo-38956: argparse.BooleanOptionalAction窶冱 default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter.
bpo-44581: Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.
bpo-44605: The @functools.total_ordering() decorator now works with metaclasses.
bpo-44822: sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland.
bpo-44815: Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep()
bpo-44806: Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes.
bpo-44667: The tokenize.tokenize() doesn窶冲 incorrectly generate a NEWLINE token if the source doesn窶冲 end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo
bpo-42853: Fix http.client.HTTPSConnection fails to download >2GiB data.
bpo-44752: rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method.
bpo-44720: weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing.
bpo-44704: The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__().
bpo-44666: Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan Hﾃｶlzl.
bpo-40897: Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong.
bpo-44608: Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple.
bpo-41928: Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected.
bpo-44566: handle StopIteration subclass raised from @contextlib.contextmanager generator
bpo-44558: Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na.
bpo-41249: Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules.
bpo-44461: Fix bug with pdb窶冱 handling of import error due to a package which does not have a __main__ module
bpo-42892: Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage.
bpo-27827: pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons.
bpo-34266: Handle exceptions from parsing the arg of pdb窶冱 run/restart command.
bpo-27334: The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland.
bpo-43853: Improved string handling for sqlite3 user-defined functions and aggregates:

It is now possible to pass strings with embedded null characters to UDFs
Conversion failures now correctly raise MemoryError
Patch by Erlend E. Aasland.
bpo-43048: Handle RecursionError in TracebackException窶冱 constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail.
bpo-41402: Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding.
bpo-32695: The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested.
bpo-34990: Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038.
bpo-38840: Fix test___all__ on platforms lacking a shared memory implementation.
bpo-30256: Pass multiprocessing BaseProxy argument manager_owned through AutoProxy.
bpo-27513: email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz.
bpo-33349: lib2to3 now recognizes async generators everywhere.
bpo-29298: Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile.

Documentation

bpo-44903: Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I窶况e added links to the Python Wiki page on GUI frameworks.
bpo-44756: Reverted automated virtual environment creation on make html when building documentation. It turned out to be disruptive for downstream distributors.
bpo-44693: Update the definition of __future__ in the glossary by replacing the confusing word 窶徘seudo-module窶� with a more accurate description.
bpo-35183: Add typical examples to os.path.splitext docs
bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.
bpo-44561: Update of three expired hyperlinks in Doc/distributing/index.rst: 窶弃roject structure窶�, 窶廝uilding and packaging the project窶�, and 窶弑ploading the project to the Python Packaging Index窶�.
bpo-42958: Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg.
bpo-44558: Match the docstring and python implementation of countOf() to the behavior of its c implementation.
bpo-44544: List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation.
bpo-38062: Clarify that atexit uses equality comparisons internally.
bpo-43066: Added a warning to zipfile docs: filename arg with a leading slash may cause archive to be un-openable on Windows systems.
bpo-27752: Documentation of csv.Dialect is more descriptive.
bpo-44453: Fix documentation for the return type of sysconfig.get_path().
bpo-39498: Add a 窶彜ecurity Considerations窶� index which links to standard library modules that have explicitly documented security considerations.
bpo-33479: Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c,

Tests

bpo-25130: Add calls of gc.collect() in tests to support PyPy.
bpo-45011: Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don窶冲 expect it in the output.
bpo-44852: Add ability to wholesale silence DeprecationWarnings while running the regression test suite.
bpo-40928: Notify users running test_decimal regression tests on macOS of potential harmless 窶徇alloc can窶冲 allocate region窶� messages spewed by test_decimal.
bpo-44734: Fixed floating point precision issue in turtle tests.
bpo-44708: Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file.
bpo-30256: Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy

Build

bpo-44535: Enable building using a Visual Studio 2022 install on Windows.
bpo-43298: Improved error message when building without a Windows SDK installed.

Windows

bpo-45007: Update to OpenSSL 1.1.1l in Windows build
bpo-44572: Avoid consuming standard input in the platform module
bpo-40263: This is a follow-on bug from https://bugs.python.org/issue26903. Once that is applied we run into an off-by-one assertion problem. The assert was not correct.

macOS

bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.

Tools/Demos

bpo-44756: In the Makefile for documentation (Doc/Makefile), the build rule is dependent on the venv rule. Therefore, html, latex, and other build-dependent rules are also now dependent on venv. The venv rule only performs an action if $(VENVDIR) does not exist. Doc/README.rst was updated; most users now only need to type make html.

(adam)

python38: updated to 3.8.12

Python 3.8.12 final

Security

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ���Billion Laughs��� vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.

Core and Builtins

bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.

Library

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

Documentation

bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.

Windows

bpo-45007: Update to OpenSSL 1.1.1l in Windows build

macOS

bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.

(adam)

Updated security/libssh2, comms/py-rich

(adam)

py-rich: updated to 10.9.0

10.9.0

Added

Added data parameter to print_json method / function
Added an --indent parameter to python -m rich.json

Changed

Changed default indent of JSON to 2 (down from 4)
Changed highlighting of JSON keys to new style (bold blue)

(adam)

libssh2: updated to 1.10.0

libssh2 1.10

This release includes the following enhancements and bugfixes:

o adds agent forwarding support
o adds OpenSSH Agent support on Windows
o adds ECDSA key support using the Mbed TLS backend
o adds ECDSA cert authentication
o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
  diffie-hellman-group18-sha512 key exchanges
o adds support for PKIX key reading when using ed25519 with OpenSSL
o adds support for EWOULDBLOCK on VMS systems
o adds support for building with OpenSSL 3
o adds support for using FIPS mode in OpenSSL
o adds debug symbols when building with MSVC
o adds support for building on the 3DS
o adds unicode build support on Windows
o restores os400 building
o increases min, max and opt Diffie Hellman group values
o improves portiablity of the make file
o improves timeout behavior with 2FA keyboard auth
o various improvements to the Wincng backend
o fixes reading parital packet replies when using an agent
o fixes Diffie Hellman key exchange on Windows 1903+ builds
o fixes building tests with older versions of OpenSSL
o fixes possible multiple definition warnings
o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
o fixes potential use after free if libssh2_init() is called twice
o improved linking when using Mbed TLS
o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
o fixes crash when loading public keys with no id
o fixes possible out of bounds read when exchanging keys
o fixes possible out of bounds read when reading packets
o fixes possible out of bounds read when opening an X11 connection
o fixes possible out of bounds read when ecdh host keys
o fixes possible hang when trying to read a disconnected socket
o fixes a crash when using the delayed compression option
o fixes read error with large known host entries
o fixes various warnings
o fixes various small memory leaks
o improved error handling, various detailed errors will now be reported
o builds are now using OSS-Fuzz
o builds now use autoreconf instead of a custom build script
o cmake now respects install directory
o improved CI backend
o updated HACKING-CRYPTO documentation
o use markdown file extensions
o improved unit tests

(adam)

Updated multimedia/mkvtoolnix, devel/py-macholib

(adam)

py-macholib: updated to 1.15.1

macholib 1.15.1
* Remove a debug print introduced in the previous release.

(adam)

mkvtoolnix: updated to 61.0.0

Version 61.0.0 "So" 2021-08-30

New features and enhancements

* all: IETF BCP 47/RFC 5646 language tags: implemented support for officially
  registered IANA language tag extensions.
* mkvmerge: track selection: when using language tags for selecting which
  tracks to keep, mkvmerge will now use component-based language tag matching
  instead of comparing them verbatim. This means that only those components
  (language, region etc.) the user specified will be required to exist and be
  equal. For example, if a file contains three subtitle tracks with languages
  `es` (generic Spanish), `es-MX` (Spanish as spoken in Mexico) and `es-ES`
  (Spanish as spoken in Spain), the user can use `--stracks es` to match all
  three tracks or be more specific with e.g. `--stracks es-MX` which would
  only match one track. Similarly inverting the selection with e.g. `--stracks
  !es` would get rid of all three tracks, not just the one for the generic
  Spanish.
* MKVToolNix GUI: multiplexer: deriving track languages from file names: the
  GUI can now detect full BCP 47/RFC 5646 language tags in file names.
* MKVToolNix GUI: multiplexer: deriving track languages from file names: the
  default list of boundary characters now includes `-`.
* MKVToolNix GUI: multiplexer: the GUI now defaults to the "lower" process
  priority setting for new installations in order to leave more room for other
  applications, especially interactive ones. Up to and including v59 the
  default was the "normal" process priority. v60 changed that to "lowest",
  which turned out to be much slower on Windows for no real gain over
  "lower". The setting will be auto-corrected by the GUI if the settings file
  were saved last with a version between v60.0.0.0 & v60.0.0.17 & "lowest" &
  it is still set to "lowest".
* HEVC dumper development tool: the tool has been renamed to `xvc_dump` and
  extended to be able to dump AVC/H.264 bitstreams, too. It now also detects
  the type of bitstream framing (ISO 14496-15 vs. ITU-T H.264/H.265 Annex B).

Bug fixes

* all: IETF BCP 47/RFC 5646 language tags: fixed a corner case of wrongfully
  allowing scripts/variants not listed in any of the entries in the prefix
  list when the prefix list contains prefixes restricting scripts/variants and
  a prefix solely with the language at the same time (example: the variant
  `ekavsk` with its prefixes `sr`, `sr-Cyrl` and `sr-Latn` where
  e.g. `sr-ekavsk` and `sr-Cyrl-ekavsk` should be allowed but not
  `sr-Bali-ekavsk`).
* mkvmerge: HEVC/H.265: the frame type of B frames was often wrongfully
  signalled as P frames instead, both with `BlockGroup` (missing second
  references) and `SimpleBlock` ("discardable" flag not set) elements.
* mkvmerge: SSA/ASS packetizer: the frame numbers will now be re-calculated
  when appending SSA/ASS tracks so that frame numbers of appended tracks are
  always strictly higher than frame numbers of the track they're appended to.
* mkvmerge, MKVToolNix GUI's chapter editor: BCP 47/RFC 5646 language tags:
  when BCP 47 language tags are used with a language code that isn't part of
  ISO 639-2, the programs will now write a legacy language element set to
  `und` ("undetermined") instead of not writing such an element at all or
  writing one with an invalid code.
* mkvmerge, MKVToolNix GUI's chapter editor: BCP 47/RFC 5646 language tags:
  the programs will ensure that the legacy and IETF language elements written
  will be unique within the scope of the same "chapter display" element.
* mkvinfo, MKVToolNix GUI's info tool: in summary mode the frame type was
  reported wrong for `BlockGroup` elements in which the `ReferenceBlock`
  elements were located behind the `Block` element.

Build system changes

* all: `std::codecvt_utf8` is now used instead of Boost's
  `utf8_codecvt_facet`. The bundled copy the latter in `lib/boost` has
  therefore been removed.

(adam)

Added misc/py-platformdirs; Updated devel/py-faker

(adam)

py-faker: updated to 8.12.1

v8.12.1
* Add missing diacritics in ``fr_FR`` ``person`` provider.

v8.12.0
* Added non-geo numbers and services phones format for ``pt_BR``.
* Add datetime formats in ``pt_BR``.
* Add currency formats in ``pt_BR``.

v8.11.0
* Add ``nic_handle``.

v8.10.3
* Remove potentially offensive surname in ``it_IT``.

v8.10.2
* Return list instead of tuple in ``choices_distribution``.

v8.10.1
* enable faker instances to be unpickled.

v8.10.0
* Add ``ar_AE`` (UAE) phone numbers.

v8.9.1
* Skip UnsupportedFeature's on the command line.

v8.9.0
* Add RIPE ID.

v8.8.2
* Avoid collision for ``date`` in ``datetime`` provider.

v8.8.1
* Fix ``left_digits`` ignored if ``min_value`` is given.

v8.8.0
* Add ``iana_id``, IANA Registrar ID.

v8.7.0
* Add tlds for ``th_TH`` internet provider.

v8.6.0
* Add ``aba()`` method to generate ABA routing numbers.

v8.5.1
* Fix deepcopy for Faker instances.

v8.5.0
* Add ``image`` provider.

v8.4.0
* Add license plates and language names for ``he_IL`` locale.

v8.3.0
* Add colors for ``he_IL``.

v8.2.1
* Add few more names in ``en_IN`` person provider.

v8.2.0
* Add ``city_name()`` and cities to ``support .city()`` for ``th_TH``.

(adam)

py-platformdirs: added version 2.2.0

When writing desktop application, finding the right location to store user data
and configuration varies per platform. Even for single-platform apps, there
may by plenty of nuances in figuring out the right location. This kind of thing
is what the platformdirs module is for.

(adam)

Updated biology/py-pydicom, security/py-trustme

(adam)

py-trustme: updated to 0.9.0

0.9.0:
Unknown changes

(adam)

py-pydicom: add ALTERNATIVES

(adam)

py-pydicom: updated to 2.2.1

Version 2.2.0

Changes

Data elements with a VR of AT must now be set with values acceptable to Tag(), and are always stored as a BaseTag. Previously, any Python type could be set.
BaseTag.__eq__() returns False rather than raising an exception when the operand cannot be converted to BaseTag
DA.__str__(), DT.__str__() and TM.__str__() return valid DICOM strings instead of the formatted date and time representations
If comparing FileDataset instances, the file metadata is now ignored. This makes it possible to compare a FileDataset object with a Dataset object.
rle_encode_frame() is deprecated and will be removed in v3.0, use compress() or RLELosslessEncoder instead.
read_file() is deprecated and will be removed in v3.0, use dcmread() instead.
write_file() is deprecated and will be removed in v3.0, use dcmwrite() instead.
Data dictionaries updated to version 2021b of the DICOM Standard
Dataset no longer inherits from dict

Enhancements

Added a command-line interface for pydicom. Current subcommands are:
show: display all or part of a DICOM file
codify to produce Python code for writing files or sequence items from scratch.
Please see the Command-line Interface Guide for examples and details of all the options for each command.
A field containing an invalid number of bytes will result in a warning instead of an exception when convert_wrong_length_to_UN is set to True.
Private tags known via the private dictionary will now get the configured VR if read from a dataset instead of UN
While reading explicit VR, a switch to implicit VR will be silently attempted if the VR bytes are not valid VR characters, and config option assume_implicit_vr_switch is True (default)
New functionality to help with correct formatting of decimal strings (DS)
Added is_valid_ds() to check whether a string is valid as a DICOM decimal string and format_number_as_ds() to format a given float or Decimal as a DS while retaining the highest possible level of precision
If enforce_valid_values is set to True, all DS objects created will be checked for the validity of their string representations.
Added optional auto_format parameter to the init methods of DSfloat and DSdecimal and the DS() factory function to allow explicitly requesting automatic formatting of the string representations of these objects when they are constructed.
Added methods to construct PersonName objects from individual components of names (family_name, given_name, etc.). See from_named_components() and from_named_components_veterinary().
Added support for downloading the large test files with the requests package in addition to urllib.request
Ensured convert_color_space() uses 32-bit floats for calculation, added per_frame flag to allow frame-by-frame processing and improved the speed by ~20-60%
Optimisations for RLE encoding using pydicom (~40% faster).
Added support for faster decoding (~4-5x) and encoding (~20x) of RLE Lossless Pixel Data via the pylibjpeg-rle plugin
Added Dataset.compress() function for compressing uncompressed pixel data using a given encoding format as specified by a UID. Only RLE Lossless is currently supported
Added encoders module and the following encoders:
RLELosslessEncoder with 窶湾ydicom窶�, 窶湾ylibjpeg窶� and 窶枠dcm窶� plugins
Added read parameter to get_testdata_file() to allow reading and returning the corresponding dataset
Handle decoded RLE segments with padding
Add option to JSON functions to suppress exception and continue
Allow searching FileSet s for a list of elements
Added hash function to SR Code

Fixes

Fixed pickling a Dataset instance with sequences after the sequence had been read
Fixed JSON export of numeric values
Fixed handling of sequences of unknown length that switch to implicit encoding, and sequences with VR UN
Do not load external data sources until needed - fixes problems with standard workflow if setuptools are not installed
Fixed empty PN elements read from file being str rather than PersonName
Fixed handling of JPEG (10918-1) images compressed using RGB colourspace rather than YBR with the Pillow pixel data handler
Allow to deepcopy a ~pydicom.dataset.FileDataset object
Fixed elements with a VR of OL, OD and OV not being set correctly when an encoded backslash was part of the element value
Fixed expansion of linear segments with floating point steps in segmented LUTs
Fixed handling of code extensions with person name component delimiter
Fixed bug decoding RBG jpg with APP14 marker due to change in Pillow
Fixed decoding for FloatPixelData and DoubleFloatPixelData via pydicom.pixel_data_handlers.numpy_handler

Version 2.1.1

Fixes

Remove py.typed
Fix ImportError with Python 3.6.0
Fix converting Sequences with Bulk Data when loading from JSON

Version 2.1.0

Changelog

Dropped support for Python 3.5 (only Python 3.6+ supported)

Enhancements

Large testing data is no longer distributed within the pydicom package with the aim to reduce the package download size. These test files will download on-the-fly whenever either the tests are run, or should the file(s) be requested via the data manager functions. For example:
To download all files and get their paths on disk you can run pydicom.data.get_testdata_files().
To download an individual file and get its path on disk you can use pydicom.data.get_testdata_file(), e.g. for RG1_UNCI.dcm use pydicom.data.get_testdata_file("RG1_UNCI.dcm")
Added a new pixel data handler based on pylibjpeg which supports all (non-retired) JPEG transfer syntaxes
Added apply_rescale() alias
Added apply_voi() and apply_windowing()
Added prefer_lut keyword parameter to apply_voi_lut() and handle empty VOI LUT module elements
Added ability to register external data sources for use with the functions in pydicom.data
__contains__, __next__ and __iter__ implementations added to PersonName
Added convenience constants for the MPEG transfer syntaxes to pydicom.uid
Added support for decoding Waveform Data:
Added pydicom.waveforms module and generate_multiplex() and multiplex_array() functions.
Added Dataset.waveform_array() which returns an ndarray for the multiplex group at index within a Waveform Sequence element.
When JPEG 2000 image data is unsigned and the Pixel Representation is 1 the image data is converted to signed
Added keyword property for the new UID keywords in version 2020d of the DICOM Standard
Added testing of the variable names used when setting Dataset attributes and INVALID_KEYWORD_BEHAVIOR config option to allow customizing the behavior when a camel case variable name is used that isn窶冲 a known element keyword
Added INVALID_KEY_BEHAVIOR config option to allow customizing the behavior when an invalid key is used with the Dataset in operator
Implemented full support (loading, accessing, modifying, writing) of DICOM File-sets and their DICOMDIR files via the FileSet class
Added AllTransferSyntaxes
Added option to turn on pydicom future breaking behavior to allow user code to check itself against the next major version release. Set environment variable 窶弃YDICOM_FUTURE窶� to 窶弋rue窶� or call future_behavior()
Added another signature to the bulk_data_uri_handler in from_json to allow for the communication of not just the URI but also the tag and VR to the handler. Previous handlers will work as expected, new signature handlers will get the additional information.
pack_bits() can now be used with 2D or 3D input arrays and will pad the packed data to even length by default.
Elements with the IS VR accept float strings that are convertible to integers without loss, e.g. 窶�1.0窶�
Added encapsulate_extended() function for use when an Extended Offset Table is required

Changes

Reading and adding unknown non-private tags now does not raise an exception per default, only when enforce_valid_values is set
Data dictionaries updated to version 2020d of the DICOM Standard
Updated a handful of the SOP Class variable names in _storage_sopclass_uids to use the new UID keywords. Variables with Multiframe in them become MultiFrame, those with and in them become And, and DICOSQuadrupoleResonanceQRStorage becomes DICOSQuadrupoleResonanceStorage.
The following UID constants are deprecated and will be removed in v2.2:
JPEGBaseline: use JPEGBaseline8Bit
JPEGExtended: use JPEGExtended12Bit
JPEGLossless: use JPEGLosslessSV1
JPEGLSLossy: use JPEGLSNearLossless
JPEG2000MultiComponentLossless: use JPEG2000MCLossless
JPEG2000MultiComponent: use JPEG2000MC
In v3.0 the value for JPEGLossless will change from 1.2.840.10008.1.2.4.70 to 1.2.840.10008.1.2.4.57 to match its UID keyword
The following lists of UIDs are deprecated and will be removed in v2.2:
JPEGLossyCompressedPixelTransferSyntaxes: use JPEGTransferSyntaxes
JPEGLSSupportedCompressedPixelTransferSyntaxes: use JPEGLSTransferSyntaxes
JPEG2000CompressedPixelTransferSyntaxes: use JPEG2000TransferSyntaxes
RLECompressedLosslessSyntaxes: use RLETransferSyntaxes
UncompressedPixelTransferSyntaxes: use UncompressedTransferSyntaxes
PILSupportedCompressedPixelTransferSyntaxes
DicomDir and the dicomdir module are deprecated and will be removed in v3.0. Use FileSet instead
pydicom.overlay_data_handlers is deprecated, use pydicom.overlays instead
Removed transfer syntax limitations when converting overlays to an ndarray
The overlay_data_handlers config option is deprecated, the default handler will always be used.

Fixes

Dataset.copy() now works as expected
Optimistically parse undefined length non-SQ data as if it窶冱 encapsulated pixel data to avoid erroring out on embedded sequence delimiter
Fixed get_testdata_file() and get_testdata_files() raising an exception if no network connection is available
Fixed GDCM < v2.8.8 not returning the pixel array for datasets not read from a file-like
Raise TypeError if dcmread() or dcmwrite() is called with wrong argument
Gracefully handle empty Specific Character Set
Fixed empty ambiguous VR elements raising an exception
Allow apply_voi_lut() to apply VOI lookup to an input float array
Fixed Dataset.setdefault() not adding working correctly when the default value is None and not adding private elements when enforce_valid_values is True

Version 2.0.0

Changelog

Dropped support for Python 2 (only Python 3.5+ supported)
Changes to Dataset.file_meta
file_meta now shown by default in dataset str or repr output; pydicom.config.show_file_meta can be set False to restore previous behavior
new FileMetaDataset class that accepts only group 2 data elements
Deprecation warning given unless Dataset.file_meta set with a FileMetaDataset object (in pydicom 3, it will be required)
Old PersonName class removed; PersonName3 renamed to PersonName. Classes PersonNameUnicode and PersonName3 are aliased to PersonName but are deprecated and will be removed in version 2.1
dataelem.isMultiValue (previously deprecated) has been removed. Use dataelem.DataElement.VM instead.

Enhancements

Allow PathLike objects for filename argument in dcmread, dcmwrite and Dataset.save_as
Deflate post-file meta information data when writing a dataset with the Deflated Explicit VR Little Endian transfer syntax UID
Added config.replace_un_with_known_vr to be able to switch off automatic VR conversion for known tags with VR 窶弑N窶�
Added config.use_DS_numpy and config.use_IS_numpy to have multi-valued data elements with VR of DS or IS return a numpy array

Fixes

Fixed reading of datasets with an empty Specific Character Set tag
Fixed failure to parse dataset with an empty LUT Descriptor or Red/Green/Blue Palette Color LUT Descriptor element.
Made Dataset.save_as a wrapper for dcmwrite
Removed 1.2.840.10008.1.2.4.70 - JPEG Lossless (Process 14, SV1) from the Pillow pixel data handler as Pillow doesn窶冲 support JPEG Lossless.
Fixed error when writing elements with a VR of OF
Fixed improper conversion when reading elements with a VR of OF
Fixed apply_voi_lut() and apply_modality_lut() not handling (0028,3006) LUT Data with a VR of OW
Fixed access to private creator tag in raw datasets
Fixed description of newly added known private tag
Fixed update of private blocks after deleting private creator
Fixed bug in updating pydicom.config.use_DS_Decimal flag in DS_decimal()

(adam)

Updated textproc/yaml-cpp, graphics/py-wand

(adam)

py-wand: updated to 0.6.7

Version 0.6.7
- Added :meth:`Image.image_add() <wand.image.Image.image_add>` method.
- Added :meth:`Image.image_get() <wand.image.Image.image_get>` method.
- Added :meth:`Image.image_remove() <wand.image.Image.image_remove>` method.
- Added :meth:`Image.image_set() <wand.image.Image.image_set>` method.
- Added :meth:`Image.image_swap() <wand.image.Image.image_swap>` method.
- Fixed sub-image extraction on read. [:issue:`532`]
- Fixed :attr:`~wand.image.BaseImage.background_color` attribute when image was not read.
- [DOC] Completed :doc:`Distortion <./guide/distortion>` guide. [:issue:`534`]
- [DOC] Added :doc:`Morphology <./guide/morphology>` guide.

(adam)

yaml-cpp: updated to 0.7.0

yaml-cpp-0.7.0

Bazel support
CMake improvements
Adopts many modern C++ syntaxes
Bug fixes

(adam)

Updated devel/py-ipython, comms/py-rich, devel/py-ruamel-yaml, net/py-tldextract

(adam)

py-tldextract: updated to 3.1.1

3.1.1:
* Bugfixes
    * Support Python 3.9
    * Drop support for EOL Python 3.5

(adam)

py-ruamel-yaml: updated to 0.17.15

0.17.15:
- fix issue 397, insert comment before key when a comment between key and value exists

(adam)

py-rich: updated to 10.8.0

10.8.0

Added

Added Panel.subtitle
Added Panel.subtitle_align
Added rich.json.JSON
Added rich.print_json and Console.print_json

Fixed

Fixed a bug where calling rich.reconfigure within a pytest_configure hook would lead to a crash
Fixed highlight not being passed through options https://github.com/willmcgugan/rich/issues/1404

(adam)

py-ipython: updated to 7.27.0

IPython 7.27 is a minor release that fixes a couple of issues and compatibility.
- Add support for GTK4
- Add support for Qt6
- Fix an issue with pip magic on windows

(adam)

Updated net/unbound, sysutils/ansible-base

(adam)

ansible-base: updated to 2.10.13

v2.10.13
========

Minor Changes
-------------
- Allow unsafe_writes to be set on target via env var, for those targets that need a blanket setting.

Bugfixes
--------
- Setup virtualization_facts - add RHV and oVirt type. This change will fully work for VMs in clusters at cluster level 4.4 or newer (https://github.com/ansible/ansible/pull/72876).
- ansible-test - allow to ignore ``rstcheck`` errors (https://github.com/ansible/ansible/pull/75272).
- callback default, now uses task delegate_to instead of delegate vars to display delegate to host
- callbacks, restores missing delegate_vars
- dnf module - Use all components of a package name to determine if it's installed (https://github.com/ansible/ansible/issues/75311).

(adam)

unbound: updated to 1.13.2

1.13.2

Features

Merge 317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge 470 from edevil: Allow configuration of persistent TCP connections.
Fix 474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge 478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge 486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge 491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.

Bug Fixes

Fix for Python 3.9, no longer use deprecated functions of PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now none), PyParser_SimpleParseFile (now Py_CompileString).
Merge 420 from dyunwei: DOH not responsing with "http2_query_read_done failure" logged.
Fix 422: IPv6 fallback issues when IPv6 is not properly enabled/configured.
Fix to make tests work with support indicators set for iterator.
Fix build on Python 3.10.
Fix doxygen and pydoc warnings.
Fix 429: rpz: url: with https: broken (regression in 1.13.1).
rpz skip nsec3param records, and nicer log for unsupported actions.
Fix 431: Squelch permission denied errors for tcp connect and udp connect from the logs, unless at high verbosity.
Fix for zonemd, that nxdomain for the chain of trust is allowed for island zones, it is treated as an insecure zone for verification.
Fix for zonemd, that domain-insecure zones work without dnssec.
Fix for zonemd, do not reject insecure result from trust anchor validation step in dnssec chain of trust.
On startup of unbound it checks if rlimits on memory size look sufficient for the configured cache size, and logs warning if not.
Fix function documentation.
Fix unit test for added ulimit checks.
spelling fix in header.
Fix 384: (1) A minor request to improve the log (2) A minor bug in one log message.
ipsecmod: Better logging for detecting a cycle when attaching the A/AAAA subquery.
Merge 367 : DNSTAP log local address. With code from 365 and fixes 368 : dnstap does not log the DNS message ID for FORWARDER_QUERY.
Fix to allow rpz with wildcard that applies to all TLDs at once.
Fix for 367: rc_ports don't have ub_sock; skip cleaning up.
Fix spurious errors about "Could not generate request: out of memory". The mesh detect cycle routine no longer wrongly stops the check when the calling mesh state is unique.
Workaround for 439: prevent loops in the reuse rbtree.
Debug output for 411 and 439: printout internal error and details.
Fix parse of LOC RR type for decimetres.
Fix 441: Minimal NSEC range not accepted for top level domains.
Fix for 447: squelch connection refused tcp connection failures from the log, unless verbosity is high.
Merge 449 from orbea: build: Add missing linker flags.
Comment out nonworking OSX and IOS travis tests, vm fails to start.
Fix compile error in listen_dnsport on Android.
Fix memory leak reported by asan in rpz SOA record query name.
Fix unused-function warning when compiling with --enable-dnscrypt.
Fix for 367: fix memory leak when cannot bind to listening port.
Reformat pythonmod/pythonmod_utils.{c,h}.
Travis enable all tests again. Clang analyzer only a couple times, when there is a difference. homebrew updates disabled, so it does not hang. removed trailing slashes from configure paths. Moved iOS tests to allow-failure.
travis, analyzer disabled on test without debug, that does not run anway. Turn off failing tests except one. Update iOS test to xcode image 12.2.
Fix deprecation test to work for iOS TVOS and WatchOS, it uses CFLAGS and CPPFLAGS and also checks if the item is unavailable.
Travis, fix script to fail when tasks fail.
Travis, fix warning in ubsan compile.
Fix configure Targetconfiditionals.h header check, to use compile.
Fix that cachedb does not produce empty object files when disabled.
Fix 429: Also fix end of transfer for http download of auth zones.
Disable the use of stack-protector for cross compiled 32-bit windows builds; relates to 444.
Fix stack-protector change to not override other CFLAGS options.
Clean makedist.sh.
Merge 460 from orbea: build: Link with the libtool archive.
Fix to stop IPv6 PMTU discovery.
Fix for 411: Depth protect for crash on deleted element timeout.
rebuild configure to set EXTRALINK to libunbound.la for 460.
Fix permission denied sendto log, squelch the log messages unless high verbosity is set.
Fix (increase) verbosity level for iterator error log in processQueryTargets().
Fix that nxdomain synthesis does not happen above the stub or forward definition.
Fix documentation comment for files previously residing in checkconf/.
Remove unused functions worker_handle_reply and libworker_handle_reply.
Merge 466 from FGasper: Support OpenSSLs that lack SSL_get0_alpn_selected.
Fix 468: OpenSSL 1.0.1 can no longer build Unbound.
Further fix for 468: detect SSL_CTX_set_alpn_protos for build with OpenSSL 1.0.1.
Fix that testcode dohclient has OpenSSL initialisation calls.
Fix compiler warning for signed/unsigned comparison for max_reuse_tcp_queries.
Fix 481: Fix comment in configuration file.
Fix to squelch tcp socket bind failures when the interface is gone.
Rerun flex and bison.
Fix for 367: only attempt to get the interface for queries that are no longer on the tcp_waiting_list.
Add more logging for out-of-memory cases.
Fix 485: Unbound occasionally reports broken stats.
Remove case fallthrough from deprecate-rsa-1024 code.
Merge 487: ifdef RLIMIT_AS in recently added check.
Fix that auth-zone zonefiles use last TTL if no TTL is specified.
Fix 489: Compile using MSYS2 MinGW 64-bit.
Fix for 411, 439, 469: Reset the DNS message ID when moving queries between TCP streams.
Refactor for uniform way to produce random DNS message IDs.
Test code has -q option for quiet output.
Fix 492: module-config respip missing in unbound.conf.5.in man page. Merges 494 from he32.
For 492: Fix font highlighting for the man page on emacs.
Merge 496 from banburybill: Use build system endianness if available, otherwise try to work it out.
Fix test for zonemd-check option.
Merge 448 from shoeper: Update unbound-control.8.in, fix rpz_disable typo.
Fix 425: Document auth-zone supports communication with DNS primary on nondefault port.
Fix unused variable warning when compiling with --enable-dnstap.
Generated lexer and parser for 486; updated example.conf.
Fix 413 (based on patch by k-ronny): unbound: does not compile on macOS 11.1-x86_64 host.
Use host_os instead of target_os in configure for Darwin8 build.
Fix 500: SPEC file in version 1.13.1 references version 1.4; unable to build RPM from source.
Fix contrib/unbound.spec, fixed url and comment.
Fix configure nonblocking test and onmingw test to use host.
Merge 440 by kimheino: Various fixes to contrib/unbound_munin_ file.
Fix a number of warnings reported by the gcc analyzer.
Fix 495: Documentation or implementation of "verbosity" option.
Fix 503: DNS over HTTPS response truncated.
Fix warnings reported by the gcc analyzer.
Add analyzer and port compile github workflow.
Fix up permissions on rpl data file in tests.
Fix testbound newline treatment in moment_read and tempfile write.
Fix configure grep for reuseport default for failure.
Fix compat ctime_r return value
Fix configure does not require pkg-config if not needed.
Fix unit test in the ctime_r calls for autotrust and in testbound.
Fix auth zone download on windows to unlink before rename.
Fix 506: Python Module Seems to Leak Memory if it Experiences an Unhandled Exception.
Fix Wunused-result compile warnings.
Fix compiler warnings for 491.
Fix clang-analysis warnings for testcode/readzone.c.
Merge 510 from ndptech: Don't call a function which hasn't been defined.
Fix for 510: in depth, use ifdefs for windows api event calls.
Fix spelling in doc/unbound.doxygen comment.
Fix spelling in localzone.h comment.
Fix unbound-control local_data and local_datas to print detailed syntax errors.
review fix to remove duplicate error printout.
Insert header into testcode/readzone.c, it was missing.
Fix from lint for ignored return value.
Fix for older parsers for function call in serve expired get cached.
Fix that ldns_zone_new_frm_fp_l counts the line number for an empty line after a comment.
Merge 512: unbound.service.in: upgrade hardening to latest standards.
Fix readzone unknown type print for memory resize.
Merge 513: Stream reuse, attempt to fix 411, 439, 469. This introduces a couple of fixes for the stream reuse functionality that could result in broken internal structures.
Fix 515: Compilation against openssl 3.0.0 beta2 is failing to build unbound.
For 515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and SSL_get_peer_certificate.
Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
Prepare for OpenSSL 3.0.0 provider API usage, move the sldns keyraw functions to produce EVP_PKEY results.
Move RSA and DSA to use OpenSSL 3.0.0 API.
Move ECDSA functions to use OpenSSL 3.0.0 API.
iana portlist update.
Fix verbose printout failure in tcp reuse unit test.
Merge 517 from dyunwei: 420 breaks the mesh reply list function that need to reuse the dns answer.
Annotate assertion into error printout; we think it may be an error, but the situation looks harmless.
Fix sign comparison warning on FreeBSD.
Listen to read or write events after the SSL handshake. Sticky events on windows would stick on read when write was needed.
Merge 415 from sibeream: Use /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing ports. (New --enable-linux-ip-local-port-range configuration option)
Bump MAX_RESTART_COUNT to 11 from 8; in relation to 438. This allows longer CNAME chains in Unbound.
In unit test use openssl set security level to allow keys in test.
Fix static analysis warnings about localzone locks that are unused.
Fix missing locks in zonemd unit test.
Fix readzone compile under debug config.
Fix out of sourcedir run of zonemd unit tests.
Fix libnettle zonemd unit test.
Fix unit test zonemd_reload for use in run_vm.
Fix 520: Unbound 1.13.2rc1 fails to build python module.

(adam)

Updated audio/mpg123, net/py-prometheus_client

(adam)

py-prometheus_client: updated to 0.11.0

0.11.0
[CHANGE] Specify that the labelvalues argument on metric constructors is internal by renaming it to _labelvalues. If you are affected by this change, it is likely that the metric was not being registered.
[BUGFIX] write_to_textfile will overwrite files in windows. If using python 3.4 or newer the replace will be atomic.

(adam)

mpg123: updated to 1.28.2

1.28.2
------
- libout123
-- Complete the fix for bug 314, reopening the device after format
  setup failure.

1.28.1
------
- build:
-- Explain --with-default-audio in configure help better.
-- Fix build of arm_fpu (regression of configure reorg).
-- Re-introduce AC_PROG_C_C99 macro for autoconf 2.69, it's only
  obsolete after that.
-- Un-break CMake build for botched move of CheckCPUArch.c.in (bug 315).
-- Avoid conflict of warning macro with MSVC pragmas in two places. Also
  fix UWP build with strerror check and move down inclusion of intsym.h
  (bug 316).
-- Disable libout123 (and mpg123, out123) on UWP with cmake to get at least
  the decoder lib built (317).
-- Hack around CMake bug(?) with QUERY_HAS_FPU to make ports/cmake also
  work in MinGW (bug 318).
- libmpg123:
-- Make mpg123.h.in usable again with MPG123_NO_CONFIGURE,
  for external uses (bug 313).
-- Use predefined MPG123_API_VERSION in mpg123.h.in for the same.
-- Better handle the ssize_t situation via typedef mpg123_ssize_t, less
  likely to be broken in future MSVC versions.
-- Fix an integer constant definition for the most negative 32 bit numnber to
  avoid justified compiler complaints.
- libsyn123:
-- More support for MPG123_NO_CONFIGURE.
-- Optionally use predefined SYN123_API_VERSION in syn123.h.in for the same.
-- Add a cast to silence integer sign warning for offset in muloffdiv64()
  (bug 317)
- libout123:
-- Pulse module advertises wider format support now, not
  just s16. This makes mpg123 -e s24 work with it, not just out123.
-- Optionally use predefined OUT123_API_VERSION in out123.h.in for
  non-configure use.
-- Fix sndio output to properly query device format support and get
  default fomat on FreeBSD (bug 314).

(adam)

Updated net/wireshark, net/nmap

(adam)

nmap: updated to 7.92

Nmap 7.92 [2021-08-08]

o [Windows] Upgraded Npcap to version 1.50, the fastest and most stable release
  yet. Among the many exciting changes listed at https://npcap.org/changelog is
  support for Windows on ARM, which means Nmap can now run on lightweight
  Windows tablets like the Surface Pro X.

o  Updated Nmap's NPSL license to rewrite a poorly-worded
  clause which many folks interpreted as a "field of endeavor
  restriction" related to "proprietary software companies".  We are
  retroactively offering Nmap versions 7.90 and 7.91 under this new
  Version 0.93 of the NPSL so that users and distributors may choose
  either version of the license.

o [Windows] Updated our Windows builds to Visual Studio 2019, Windows 10 SDK,
  and the UCRT, removing support for Windows Vista and earlier. Npcap is
  required for packet injection and capture, not WinPcap.

o New Nmap option --unique will prevent Nmap from scanning the same IP address
  twice, which can happen when different names resolve to the same address. [Daniel Miller]

o [NSE] Added 3 NSE scripts, from 4 authors, bringing the total up to 604!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  +  nbns-interfaces queries NetBIOS name service (NBNS) to gather IP
    addresses of the target's network interfaces [Andrey Zhukov]

  +  openflow-info gathers preferred and supported protocol versions
    from OpenFlow devices [Jay Smith, Mak Kolybabi]

  + port-states prints a list of ports that were found in each state, including
    states that were summarized as "Not shown: X closed ports" [Daniel Miller]

o Several changes to UDP payloads to improve accuracy:

  +  Fix an issue with -sU where payload data went out-of-scope before
    it was used, causing corrupted payloads to be sent. [Mariusz Ziulek]

  + Nmap's retransmission limits were preventing some UDP payloads from being
    tried with -sU and -PU. Now, Nmap sends each payload for a particular port
    at the same time without delay. [Daniel Miller]

  + New UDP payloads:
    -  TS3INIT1 for UDP 3389 [colcrunch]
    -  DTLS for UDP 3391 (RD Gateway) [Arnim Rupp]

o [NSE] TLS 1.3 now supported by most scripts for which it is
  relevant, such as ssl-enum-ciphers. Some functions like ssl tunnel
  connections and certificate parsing will require OpenSSL 1.1.1 or later to
  fully support TLS 1.3. [Daniel Miller]

o Changes to Nmap's XML output:

  + If a host times out, the XML <host> element will have the attribute
    timedout="true" and the host's timing info (srtt etc.) will still be printed.

  + The "extrareasons" element now includes a list of port numbers for each
    "ignored" state. The "All X ports" and "Not shown:" lines in normal output
    have been changed slightly to provide more detail. [Daniel Miller]

o  Fix an issue in addrset matching that was causing all targets to be
  excluded if the --excludefile listed a CIDR range that contains an earlier,
  smaller CIDR range. [Daniel Miller]

o Setting --host-timeout=0 will disable the host timeout, which is set by -T5
  to 15 minutes. Earlier versions of Nmap require the user to specify a very
  long timeout instead.

o [NSE] Prevent the ssl-* NSE scripts from probing ports that were
  excluded from version scan, usually 9100-9107, since JetDirect will print
  anything sent to these ports. [Daniel Miller]

o  Nmap no longer produces cryptic message "Failed to convert
  source address to presentation format" when unable to find useable route
  to the target. [nnposter]

o [Ncat] Use safety-checked versions of FD_* macros to abort early if
  number of connections exceeds FD_SETSIZE. [Pavel Zhukov]

o [Ncat] Connections proxied via SOCKS4/SOCKS5 were intermittently dropping
  server data sent right after the connection got established, such as port
  banners. [Sami P旦nk辰nen]

o [Ncat] Fixed a bug in proxy connect mode which would close the
  connection as soon as it was opened in Nmap 7.90 and 7.91.

o [NSE] Fixed NSE so it will not consolidate all port script output
  for targets which share an IP (e.g. HTTP vhosts) under one target. [Daniel Miller]

o [Zenmap] Fixed an issue where a failure to execute Nmap would result
  in a Zenmap crash with "TypeError: coercing to Unicode" exception.

o Nmap no longer considers an ICMP Host Unreachable as confirmation that a
  target is down, in accordance with RFC 1122 which says these errors may be
  transient. Instead, the probe will be destroyed and other probes used to
  determine aliveness. [Daniel Miller]

o [Ncat] Ncat no longer crashes when used with Unix domain sockets.

o [Ncat] Ncat is now again generating certificates
  with the duration of one year. Due to a bug, recent versions of Ncat were
  using only one minute. [Tobias Girstmair]

o [NSE] URL/percent-encoding is now using uppercase hex digits
  to align with RFC 3986, section 2.1, and to improve compatibility with some
  real-world web servers. [nnposter]

o [NSE] Script hostmap-crtsh got improved in several ways. The most
  visible are that certificate SANs are properly split apart and that
  identities that are syntactically incorrect to be hostnames are now ignored.
  [Michel Le Bihan, nnposter]

o [NSE] Loading of a Nikto database failed if the file was referenced
  relative to the Nmap directory [nnposter]

o [NSE] SMB2 dialect handling has been redesigned. Visible
  changes include:
  * Notable improvement in speed of script smb-protocols and others
  * Some SMB scripts are no longer using a hardcoded dialect, improving
    target interoperability
  * Dialect names are aligned with Microsoft, such as 3.0.2, instead of 3.02
  [nnposter]

o [NSE] Script smb2-vuln-uptime no longer reports false positives when
  the target does not provide its boot time. [nnposter]

o [NSE] Client packets composed by the DHCP library will now contain
  option 51 (IP address lease time) only when requested. [nnposter]

o [NSE] XML decoding in library citrixxml no longer crashes when
  encountering a character reference with codepoint greater than 255. (These
  references are now left unmodified.) [nnposter]

o [NSE] Script mysql-audit now defaults to the bundled mysql-cis.audit for
  the audit rule base. [nnposter]

o [NSE] It is now possible to control whether the SNMP library uses
  v1 (default) or v2c by setting script argument snmp.version. [nnposter]

(adam)