chocolate-doom: Imported version 3.0.0

OK from yhardy@.

(micha)

Mesa: it doesn't make sense for anything to be using this any more

everything should be including the individual packages instead.

mark it deprecated.

(nia)

chromium-bsu: doesn't actually need freeglut

(nia)

bullet: doesn't need glut, just depend on mesa and glu

(nia)

doc: removed glut

(nia)

Remove graphics/glut, replacement graphics/freeglut.

(nia)

MesaDemos: Update to 8.4.0nb2

- Use freeglut instead of glut
- Support wayland
- Support EGL
- Support GLESv2
- Support OSMesa

(nia)

doc: Updated www/grafana to 6.3.4

(tnn)

MesaLib: rename MESALIB_SUPPORTS_OS to MESALIB_SUPPORTS_OSMESA

(nia)

doc: Updated games/doom1 to 1.9

(micha)

grafana: update to 6.3.4 for CVE-2019-15043 DoS fix

(tnn)

doom1: Update to 1.9

- Update to latest shareware data file
- Add License (taken from Debian)
- Take maintainership

OK from wiz@.

(micha)

Switch packages using GLUT to FreeGLUT.

Start building FreeGLUT with GLUT compatibility on.

- GLUT's maintainance state is much worse than FreeGLUT's, with no
  substanital commits since 2011.
- GLUT can no longer be consider a core component of Mesa or X11.
- Nobody except us seems to be using it...

Other vendors still shipping GLUT:
- GoboLinux, T2 SDE, PLD Linux

Revbump packages using GLUT or freeglut by default.

(nia)

MesaLib: Make feature detection in buildlink3 cleaner.

XXX not sure how to detect the special case of native X but
PREFER_PKGSRC=MesaLib safely

(nia)

MesaLib: add a flag to buildlink3 to detect OSMesa support, similar to EGL

(nia)

Updated editors/emacs26 to 26.3
Updated editors/emacs26-nox11 to 26.3

(ryoon)

Update to 26.3

Changelog:
* Changes in Emacs 26.3

** New option 'help-enable-completion-auto-load'.
This allows disabling the new feature introduced in Emacs 26.1 which
loads files during completion of 'C-h f' and 'C-h v' according to
'definition-prefixes'.

** Emacs now supports the new Japanese Era name.
The newly assigned codepoint U+32FF was added to the Unicode Character
Database compiled into Emacs.

(ryoon)

Updated devel/boost-jam to 1.71.0nb1

(ryoon)

Fix RELRO build, bump PKGREVISION

Reported by wiz@, thank you.

(ryoon)

libglvnd: Add a buildlink3

(nia)

qterm: Fix building terrifying K&R C with compilers made in this decade.

(nia)

doc: Updated sysutils/monit to 5.26.0

(nia)

monit: Update to 5.26.0

- Fix build with OpenSSL 1.1
- Fix CVE-2016-7067
- ... many others, see https://mmonit.com/monit/changes/

(nia)

smpeg: gettext-lib is not needed in the buildlink.

(nia)

Updated sysutils/xenkernel48 to 4.8.5
Updated sysutils/xentools48 to 4.8.5
Updated sysutils/xenkernel411 to 4.11.2
Updated sysutils/xentools411 to 4.11.2

(bouyer)

Update Xen 4.8 packages to 4.8.5. Changes since 4.8.3:
- security patch up to and including XSA-282
- others bug fixes, code cleanup and minor improvements

Note that this includes a patch to xen/arch/x86/mm.c which removes
a new ASSERT() firing when shutting down a 64bit NetBSD guest.

(bouyer)

libglvnd: PYTHON_FOR_BUILD_ONLY

(nia)

Upgrade Xen 4.11 packages to 4.11.2. CHANGES since 4.11.1:
- include security patches up to and including XSA297
- various performances improvements, code cleanup and bug fixes

(bouyer)

MesaLib: various changes to how this is built

- Try to appease the Darwin build.
- Simplify and reduce the number of options to make testing easier.
- Silence lots of pkglint warnings.
- Enable the surfaceless platform as recommended by Mesa.
- Switch to gallium swrast as recommended by Mesa.
- Switch to gallium osmesa as recommended by Mesa.
- Support building without X11.

todo:
- glvnd support (needs testing to figure out which platforms it builds on)
- make AMD drivers optional on platforms like aarch64

Bump PKGREVISION.

(nia)

doc: Added graphics/libglvnd version 1.1.1

(nia)

Add graphics/libglvnd.

libglvnd is a vendor-neutral dispatch layer for arbitrating OpenGL API calls
between multiple vendors. It allows multiple drivers from different vendors
to coexist on the same filesystem, and determines which vendor to dispatch
each API call to at runtime.

Both GLX and EGL are supported, in any combination with OpenGL and OpenGL ES.

(nia)

doc: Updated graphics/gnuplot to 5.2.7

(rin)

Update gnuplot to 5.2.7:

----

Release Notes date: 29-May-2019

Changes in 5.2.7
================

* NEW "set pm3d noclipcb" will skip drawing quadrangles with color < cbmin
* NEW pm terminal supports utf8, dashed lines, bold/italic text
* NEW imaginary component of array values is available to "using" in column 3
* NEW gnuplot --slow may help use of qt terminal with slow system font server
* CHANGE splot "with points pt 0" acts like "with dots"
* CHANGE (tikz) improved default interpretation of gnuplot arrowhead style
* CHANGE teach hidden3d to handle double-headed vectors (arrowstyle "heads")
* CHANGE "unset title" or "reset" resets all title properties to default
* CHANGE font names passed to enhanced text processing may be in quotes
* CHANGE cairo terminals accept fractional font sizes
* CHANGE "plot with table" does not output trailing field separator
* CHANGE better centering for clustered histograms
* CHANGE clear STATS_* variables before performing analysis
* CHANGE cairo, libgd, and svg terminals handle LT_NODRAW by not drawing at all
* CHANGE svg terminal clickable icons are in-line data rather than external refs
* CHANGE revise space allocated for ylabel; allow text justification for ylabel
* CHANGE reduce overhead, making it feasible to have 10^6 hypertext labels
* FIX "plot with table" unnecessarily limited string column output to 60 chars
* FIX (windows) make sure graph window is shown even if the program is "hidden"
* FIX hidden3d mode was not correctly dealing with arrowstyle backhead
* FIX sprintf in 'using' spec must not clobber numeric locale
* FIX tikz - request for polygon with 0 vertices could hang terminal
* FIX lua/tikz - do not attempt to ftruncate output being piped through stdout
* FIX tkcanvas - do not attempt to ftruncate output being piped through stdout
* FIX handle NaN values in input stream to "stats FOO matrix"
* FIX prevent extra read past the end of a datablock holding matrix data
* FIX pm - issues in box and polygon fill, (wide) lines, enhanced text, images
* FIX dropped character in piped input stream if plot window is manually closed
* FIX extraneous dots and potential segfault from splot with contour labels
* FIX boxplots - color sequence correctly starts with specified linetype
* FIX incomplete initialization led to segfault from "gnuplot -c foo.gp baz"
* FIX Allow "pm3d depthorder base" to handle 3D quadrangles with logscale z

(rin)

Updated devel/py-execnet, www/py-asgiref

(adam)

py-asgiref: updated to 3.2.2

3.2.2:
* WsgiToAsgi maps multi-part request bodies into a single WSGI input file
* WsgiToAsgi passes the `root_path` scope as SCRIPT_NAME
* WsgiToAsgi now checks the scope type to handle `lifespan` better
* WsgiToAsgi now passes the server port as a string, like WSGI
* SyncToAsync values are now identified as coroutine functions by asyncio
* SyncToAsync now handles __self__ correctly for methods

(adam)

py-execnet: updated to 1.7.1

1.7.1:
Revert linecache optimization introduced in 1.7.0 which broke remote execution.

(adam)

Note update of security/opendnssec to 1.4.14.

(he)

Update opendnssec to version 1.4.14.

Pkgsrc changes:
* Adapt patch to enforcer/utils/Makefile.in

Upstream changes:
* OPENDNSSEC-888: Fixup database conversion script.
* OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK
  have exactly the same paramaters.
* OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for
  same rrset are mismatching.

(he)

knotifications: add dependency on qt5-qtspeech

(markd)

ktextwidgets: add dependency on qt5-qtspeech

(markd)

Add qt5-qtspeech

(markd)

qt5-qtbase: note Makefile.common used by qt5-qtspeech

(markd)

x11: add qt5-qtspeech

(markd)

qt5-qtspeech: Add version 5.13.0

Qt5 module to make text to speech and speech recognition easy

(markd)

doc: Updated sysutils/dmidecode to 3.2nb4

(msaitoh)

Add two officially recommended patch to sysutils/dmidecode:

2019-08-26: Only scan /dev/mem for entry point on x86

x86 is the only architecture which can have a DMI entry point scanned
from /dev/mem. Do not attempt it on other architectures, because not
only it can't work, but it can even cause the system to reboot.

This fixes support request #109697:
https://savannah.nongnu.org/support/?109697

2019-08-26: Fix formatting of TPM table output

Added missing newlines.

Fixes: 48a8132058a0 ("dmidecode: Add support for structure type 43
(TPM Device)")

(msaitoh)

No need to support ruby22, from taca@.

(schmonz)

doc: Updated x11/xfce4-screenshooter to 1.9.6

(gutteridge)

xfce4-screenshooter: update to 1.9.6

Change log:

1.9.6
======
- Do not show translation info on --help output (Bug #15883)
- Avoid destroying size window twice (Bug #15792)
- Replace GtkStock buttons
- Add missing NULL as last parameter of
  xfce_titled_dialog_new_with_buttons() (Bug #14973)
- Do not use root coordinates for region capture (Bug #15406)
- Install AppData into metainfo
- Update AppData file
- Try to grab seat more than once (Bug #15320)
- Use new xfce_gdk_screen_get_geometry if available
- Make screenshooter-imgur-dialog.ui translatable (Bug #15254)
- Translation Updates: Albanian, Arabic, Asturian, Basque, Belarusian,
  Bulgarian, Catalan, Chinese (China), Chinese (Taiwan), Croatian, Czech,
  Danish, Dutch, English (Australia), English (United Kingdom), Finnish, French,
  Galician, German, Greek, Hebrew, Hungarian, Icelandic, Indonesian, Italian,
  Japanese, Kazakh, Korean, Latvian, Lithuanian, Malay, Norwegian Bokm奪l,
  Norwegian Nynorsk, Occitan (post 1500), Polish, Portuguese,
  Portuguese (Brazil), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish,
  Swedish, Thai, Turkish, Uighur, Ukrainian, Urdu, Urdu (Pakistan), Vietnamese

(gutteridge)

Document config-fast-pkgsrc in README.pkgsrc, too.

(schmonz)

psi: fix PLIST

(nia)

Fix build on macOS. Bump PKGREVISION.

Patch from clement bouvier via pkg/54505, many thanks!

(alnsn)

Don't try to detect TERMCAP_LIB, let BROKEN_READLINE_DETECTION tell
us. Fixes at least Ubuntu builds. Tested on Ubuntu 16, NetBSD 8,
macOS 10.14.

(schmonz)

Also TOOL_DEPENDS on gettext-tools, for autopoint during configure.

(schmonz)

Update MASTER_SITES for easyrpg packages.

(nia)

Well actually ruby 22 and 25 both still install jquery.js.

(schmonz)

Updated cad/kicad to 5.1.4
Updated cad/kicad-doc to 5.1.4
Updated cad/kicad-footprints to 5.1.4
Updated cad/kicad-i18n to 5.1.4
Updated cad/kicad-packages3d to 5.1.4
Updated cad/kicad-symbols to 5.1.4
Updated cad/kicad-templates to 5.1.4

(bouyer)

Update kicad packages to 5.1.4. Changes since 5.1.2:

The KiCad project is proud to announce the latest series 5 stable release of
KiCad. The 5.1.4 stable version contains critical bug fixes and other minor
improvements since the 5.1.2 and 5.1.3 releases. It also includes improved
footprint, symbol, and 3D model libraries, translations, and documentation.
A list of all of the fixed bugs since the 5.1.2 and 5.1.3 releases can be
found on the KiCad 5.1.3 milestone page and the KiCad 5.1.4 milestone page.
This release contains several critical bug fixes so please consider upgrading
as soon as possible.

(bouyer)

With the latest ruby updates, jquery.js is only installed for ruby22-base.

(schmonz)

MesaLib: deal with missing PATH_MAX definition in Solaris builds

(nia)

Note update of lang/rust to 1.37.0.

(he)

Update rust to version 1.37.0

Pkgsrc changes:
* Add a patch to llvm to deal with const dli_saddr.
* Adapt two other patches.
* Cross-build currently fails, so i386, powerpc and sparc64 bootstrap
  kits for 1.37.0 are built natively.  Missing aarch64 hardware, so that's
  not available yet.
* Bump bootstrap requirements to 1.36.0 except for armv7-unknown-netbsd-eabihf
  which I've not managed to cross-build.

Upstream changes:

Version 1.37.0 (2019-08-15)
==========================

Language
--------
- `#[must_use]` will now warn if the type is contained in a [tuple][61100],
  [`Box`][62228], or an [array][62235] and unused.
- [You can now use the `cfg` and `cfg_attr` attributes on
  generic parameters.][61547]
- [You can now use enum variants through type alias.][61682] e.g. You can
  write the following:
  ```rust
  type MyOption = Option<u8>;

  fn increment_or_zero(x: MyOption) -> u8 {
      match x {
          MyOption::Some(y) => y + 1,
          MyOption::None => 0,
      }
  }
  ```
- [You can now use `_` as an identifier for consts.][61347] e.g. You can write
  `const _: u32 = 5;`.
- [You can now use `#[repr(align(X)]` on enums.][61229]
- [The  `?`/_"Kleene"_ macro operator is now available in the
  2015 edition.][60932]

Compiler
--------
- [You can now enable Profile-Guided Optimization with the `-C profile-generate`
  and `-C profile-use` flags.][61268] For more information on how to use profile
  guided optimization, please refer to the [rustc book][rustc-book-pgo].
- [The `rust-lldb` wrapper script should now work again.][61827]

Libraries
---------
- [`mem::MaybeUninit<T>` is now ABI-compatible with `T`.][61802]

Stabilized APIs
---------------
- [`BufReader::buffer`]
- [`BufWriter::buffer`]
- [`Cell::from_mut`]
- [`Cell<[T]>::as_slice_of_cells`][`Cell<slice>::as_slice_of_cells`]
- [`DoubleEndedIterator::nth_back`]
- [`Option::xor`]
- [`Wrapping::reverse_bits`]
- [`i128::reverse_bits`]
- [`i16::reverse_bits`]
- [`i32::reverse_bits`]
- [`i64::reverse_bits`]
- [`i8::reverse_bits`]
- [`isize::reverse_bits`]
- [`slice::copy_within`]
- [`u128::reverse_bits`]
- [`u16::reverse_bits`]
- [`u32::reverse_bits`]
- [`u64::reverse_bits`]
- [`u8::reverse_bits`]
- [`usize::reverse_bits`]

Cargo
-----
- [`Cargo.lock` files are now included by default when publishing executable crates
  with executables.][cargo/7026]
- [You can now specify `default-run="foo"` in `[package]` to specify the
  default executable to use for `cargo run`.][cargo/7056]

Misc
----

Compatibility Notes
-------------------
- [Using `...` for inclusive range patterns will now warn by default.][61342]
  Please transition your code to using the `..=` syntax for inclusive
  ranges instead.
- [Using a trait object without the `dyn` will now warn by default.][61203]
  Please transition your code to use `dyn Trait` for trait objects instead.

[62228]: https://github.com/rust-lang/rust/pull/62228/
[62235]: https://github.com/rust-lang/rust/pull/62235/
[61802]: https://github.com/rust-lang/rust/pull/61802/
[61827]: https://github.com/rust-lang/rust/pull/61827/
[61547]: https://github.com/rust-lang/rust/pull/61547/
[61682]: https://github.com/rust-lang/rust/pull/61682/
[61268]: https://github.com/rust-lang/rust/pull/61268/
[61342]: https://github.com/rust-lang/rust/pull/61342/
[61347]: https://github.com/rust-lang/rust/pull/61347/
[61100]: https://github.com/rust-lang/rust/pull/61100/
[61203]: https://github.com/rust-lang/rust/pull/61203/
[61229]: https://github.com/rust-lang/rust/pull/61229/
[60932]: https://github.com/rust-lang/rust/pull/60932/
[cargo/7026]: https://github.com/rust-lang/cargo/pull/7026/
[cargo/7056]: https://github.com/rust-lang/cargo/pull/7056/
[`BufReader::buffer`]: https://doc.rust-lang.org/std/io/struct.BufReader.html#method.buffer
[`BufWriter::buffer`]: https://doc.rust-lang.org/std/io/struct.BufWriter.html#method.buffer
[`Cell::from_mut`]: https://doc.rust-lang.org/std/cell/struct.Cell.html#method.from_mut
[`Cell<slice>::as_slice_of_cells`]: https://doc.rust-lang.org/std/cell/struct.Cell.html#method.as_slice_of_cells
[`DoubleEndedIterator::nth_back`]: https://doc.rust-lang.org/std/iter/trait.DoubleEndedIterator.html#method.nth_back
[`Option::xor`]: https://doc.rust-lang.org/std/option/enum.Option.html#method.xor
[`RefCell::try_borrow_unguarded`]: https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow_unguarded
[`Wrapping::reverse_bits`]: https://doc.rust-lang.org/std/num/struct.Wrapping.html#method.reverse_bits
[`i128::reverse_bits`]: https://doc.rust-lang.org/std/primitive.i128.html#method.reverse_bits
[`i16::reverse_bits`]: https://doc.rust-lang.org/std/primitive.i16.html#method.reverse_bits
[`i32::reverse_bits`]: https://doc.rust-lang.org/std/primitive.i32.html#method.reverse_bits
[`i64::reverse_bits`]: https://doc.rust-lang.org/std/primitive.i64.html#method.reverse_bits
[`i8::reverse_bits`]: https://doc.rust-lang.org/std/primitive.i8.html#method.reverse_bits
[`isize::reverse_bits`]: https://doc.rust-lang.org/std/primitive.isize.html#method.reverse_bits
[`slice::copy_within`]: https://doc.rust-lang.org/std/primitive.slice.html#method.copy_within
[`u128::reverse_bits`]: https://doc.rust-lang.org/std/primitive.u128.html#method.reverse_bits
[`u16::reverse_bits`]: https://doc.rust-lang.org/std/primitive.u16.html#method.reverse_bits
[`u32::reverse_bits`]: https://doc.rust-lang.org/std/primitive.u32.html#method.reverse_bits
[`u64::reverse_bits`]: https://doc.rust-lang.org/std/primitive.u64.html#method.reverse_bits
[`u8::reverse_bits`]: https://doc.rust-lang.org/std/primitive.u8.html#method.reverse_bits
[`usize::reverse_bits`]: https://doc.rust-lang.org/std/primitive.usize.html#method.reverse_bits
[rustc-book-pgo]: https://doc.rust-lang.org/rustc/profile-guided-optimization.html

(he)

Add go-gox.

(he)

Note addition of devel/go-gox version 1.0.1.

(he)

Add go-gox version 1.0.1.

Gox is a simple, no-frills tool for Go cross compilation that
behaves a lot like standard go build. Gox will parallelize builds
for multiple platforms. Gox will also build the cross-compilation
toolchain for you.

(he)

Apply previous fix to PHP5 as well.

(schmonz)

wayland: use wl_os_epoll_create_cloexec in tests when epoll is there.

should help with building tests on systems with epoll.

(nia)

mono6: disable boringtls to try to help things on linux

the provider is Linux-only and is complaining it doesn't have CMake.

(nia)

games/doom-pwad-sigil: Fixed PKGNAME

It's a mod for Doom (not Doom 2), the name of the directory is correct.

(micha)

wayland: Add platform.mk, based on rust's.

(nia)

openmsx: Pass CXX override as make flag rather than in the environment.

Seems to help avoid the wrath of the invalid compiler detector.

(nia)

doc: Updated sysutils/dmg2img to 1.6.7

(nia)

dmg2img: Update to 1.6.7.

pkgsrc changes:

- OpenSSL 1.1 support.

Upstream changes:

dmg2img-1.6.7:
09 February 2017 Peter Wu
    Fixed buffer underrun
    Avoid truncating .img file when run to list partition

dmg2img-1.6.6:
06 February 2017 Peter Wu
    Fixed a crash on invalid block signature

(nia)

doc: Updated pkgtools/x11-links to 1.30

(nia)

x11-links-1.30: Add xproxymngproto.pc

(nia)

webkit-gtk: Wayland support.

Build tested by leot, thanks.

(nia)

doc: Updated x11/py-gtk2 to 2.24.0nb28

(wiz)

(wiz)

Run self-test verbosely, to try to get more info from failing bulk builds.

(schmonz)

Missed in recent update: needs gettext.

(schmonz)

Updated textproc/py-rebulk, net/py-ncclient

(adam)

py-ncclient: updated to 0.6.6

v0.6.6:
Read ssh timeout from config file if not specified in method call
Tox support
Huge XML tree parser support
Adding optional bind address to connect

(adam)

py-rebulk: updated to 1.0.1

1.0.1:
Unknown changes

(adam)

Fix WRKSRC definition.

(schmonz)

Updated www/py-flask-jwt-extended, textproc/py-jsbeautifier

(adam)

py-jsbeautifier: updated to 1.10.2

v1.10.2
Closed Issues
Please update CodeMirror Addon
Nested braces indentation

v1.10.1
Closed Issues
javascript fails to format when <?php > is first text inside <script> tag
414 Request-URI Too Large

(adam)

py-flask-jwt-extended: updated to 3.22.0

3.22.0:
Adds ability to check CSRF double submit token from form data instead of headers.

(adam)

doc: note update of dovecot2 and related packages

mail/dovecot2 2.3.7.2
mail/dovecot2-gssapi 2.3.7.2
mail/dovecot2-ldap 2.3.7.2
mail/dovecot2-mysql 2.3.7.2
mail/dovecot2-pgsql 2.3.7.2
mail/dovecot2-sqlite 2.3.7.2
mail/dovecot2-pigeonhole 0.5.7.2

(taca)

mail/dovecot2-pigeonhole: update to 0.5.7.2

Update dovecot2-pigeonhole to 0.5.7.2.

Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

(taca)

mail/dovecot2: update to 2.3.7.2

Update dovecot2 and related packages to 2.3.7.2.

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

(taca)

cairo: Remove BUILDLINK_API_DEPENDS.

These are lower than what's in their respective buildlink3.mk files.

(wiz)

doc: Updated mail/rss2email to 3.9nb3

(schmonz)

Switch to new upstream, and apply its patch to work around html2text
having gotten rid of unescape(). Mollify pkglint. Bump PKGREVISION.

(schmonz)

kde: set default plasma version to 5.16.4

(markd)

Reorder includes in PHP bindings to fix SmartOS bulk build error:
"/usr/include/locale.h:53:12: error: 'lconv' is already declared in this scope"
<https://trac.xapian.org/ticket/793>

(schmonz)

Extend patch to a new function, re-fixing the Illumos build.

(schmonz)

doc: update lang/ruby26-base and lang/ruby26 to 2.6.4

lang/ruby26-base
lang/ruby26

(taca)

lang/ruby26: update to 2.6.4

Update lang/ruby26-base and lang/ruby26 to 2.6.4.

Ruby 2.6.4 (2019-08-28)

Ruby 2.6.4 has been released.

This release includes a security fix of rdoc. Please check the topics below
for details.

* Multiple jQuery vulnerabilities in RDoc

See the commit logs for changes in detail.

(taca)

doc: update ruby25-base/ruby25 to 2.5.6

lang/ruby25-base
lang/ruby25

(taca)

lang/ruby25: update to 2.5.6

Update ruby25-base/ruby25 to 2.5.6.

Ruby 2.5.6 (2019-08-28)

Ruby 2.5.6 has been released.

This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.

* Multiple jQuery vulnerabilities in RDoc

See the commit log for details.

(taca)

doc: update ruby24-base to 2.4.7

lang/ruby24-base
databases/ruby-gdbm
devel/ruby-fiddle
devel/ruby-readline
lang/ruby

(taca)

lang/ruby24-base: update to 2.4.7

2.4.7 (2019-08-28)

Ruby 2.4.7 has been released.

This release includes a security fix. Please check the topics below for
details.

* Multiple jQuery vulnerabilities in RDoc

Ruby 2.4 is now under the state of the security maintenance phase, until
the end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 2.6 or 2.5.

(taca)

Updated net/nmap

(adam)

nmap: updated to 7.80

7.80:
Here is the full list of significant changes:

o [Windows] The Npcap Windows packet capturing library (https://npcap.org/)
  is faster and more stable than ever. Nmap 7.80 updates the bundled Npcap
  from version 0.99-r2 to 0.9982, including all of these changes from the
  last 15 Npcap releases: https://nmap.org/npcap/changelog

o [NSE] Added 11 NSE scripts, from 8 authors, bringing the total up to 598!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are
  below:

  +  broadcast-hid-discoveryd discovers HID devices on a LAN by
    sending a discoveryd network broadcast probe.

  +  broadcast-jenkins-discover discovers Jenkins servers on a LAN
    by sending a discovery broadcast probe.

  +  http-hp-ilo-info extracts information from HP
    Integrated Lights-Out (iLO) servers.

  +  http-sap-netweaver-leak detects SAP Netweaver Portal with the
    Knowledge Management Unit enabled with anonymous access.

  + https-redirect detects HTTP servers that redirect to the same port, but
    with HTTPS. Some nginx servers do this, which made ssl-* scripts not run
    properly.

  +  lu-enum enumerates Logical Units (LU) of TN3270E servers.

  +  rdp-ntlm-info extracts Windows domain information from RDP
    services.

  + smb-vuln-webexec checks whether the WebExService is installed and allows
    code execution.

  + smb-webexec-exploit exploits the WebExService to run arbitrary commands
    with SYSTEM privileges.

  +  ubiquiti-discovery extracts information from the Ubiquiti
    Discovery service and assists version detection.

  +  vulners queries the Vulners CVE database API using CPE
    information from Nmap's service and application version detection.

o Use pcap_create instead of pcap_live_open in
  Nmap, and set immediate mode on the pcap descriptor. This solves packet
  loss problems on Linux and may improve performance on other platforms.

o [NSE] Collected utility functions for string processing into a new
  library, stringaux.lua.

o [NSE] New rand.lua library uses the best sources of random available on
  the system to generate random strings.

o [NSE] New library, oops.lua, makes reporting errors easy, with plenty of
  debugging detail when needed, and no clutter when not.

o [NSE] Collected utility functions for manipulating and searching tables
  into a new library, tableaux.lua.

o [NSE] New knx.lua library holds common functions and definitions for
  communicating with KNX/Konnex devices.

o [NSE] The HTTP library now provides transparent support for gzip-
  encoded response body. (See https://github.com/nmap/nmap/pull/1571 for an
  overview.)

o [Nsock][Ncat] Add AF_VSOCK (Linux VM sockets) functionality to
  Nsock and Ncat. VM sockets are used for communication between virtual
  machines and the hypervisor.

o [Security][Windows] Address CVE-2019-1552 in OpenSSL by building with the
  prefix "C:\Program Files (x86)\Nmap\OpenSSL". This should prevent
  unauthorized users from modifying OpenSSL defaults by writing
  configuration to this directory.

o [Security] Reduced LibPCRE resource limits so that
  version detection can't use as much of the stack. Previously Nmap could
  crash when run on low-memory systems against target services which are
  intentionally or accidentally difficult to match. Someone assigned
  CVE-2018-15173 for this issue.

o Deprecate and disable the -PR (ARP ping) host discovery
  option. ARP ping is already used whenever possible, and the -PR option
  would not force it to be used in any other case.

o [NSE] bin.lua is officially deprecated. Lua 5.3, added 2 years ago in Nmap
  7.25BETA2, has native support for binary data packing via string.pack and
  string.unpack. All existing scripts and libraries have been updated.

o [NSE] Completely removed the bit.lua NSE library. All of its functions are
  replaced by native Lua bitwise operations, except for `arshift`
  (arithmetic shift) which has been moved to the bits.lua library. [Daniel
  Miller]

o [NSE] The HTTP library is now enforcing a size limit on the
  received response body. The default limit can be adjusted with a script
  argument, which applies to all scripts, and can be overridden case-by-case
  with an HTTP request option. (See https://github.com/nmap/nmap/pull/1571
  for details.)

o [NSE] CR characters are no longer treated as illegal in script
  XML output.

o Allow resuming nmap scan with lengthy command line [Cl辿ment
  Notin]

o [NSE] Add TLS support to rdp-enum-encryption. Enables determining
  protocol version against servers that require TLS and lays ground work for
  some NLA/CredSSP information collection.

o [NSE] Address two protocol parsing issues in rdp-enum-encryption
  and the RDP nse library which broke scanning of Windows XP. Clarify
  protocol types

o [NSE] Script http-fileupload-exploiter failed to locate its
  resource file unless executed from a specific working
  directory.

o [NSE] Avoid clobbering the "severity" and "ignore_404" values of
  fingerprints in http-enum. None of the standard fingerprints uses these
  fields.

o [NSE] Fix a crash caused by a double-free of libssh2 session data
  when running SSH NSE scripts against non-SSH services.

o [NSE] Updates the execution rule of the mongodb scripts to be
  able to run on alternate ports.

o [Ncat] Allow Ncat to connect to servers on port 0, provided that
  the socket implementation allows this.

o Update the included libpcap to 1.9.0.

o [NSE] Fix a logic error that resulted in scripts not honoring the
  smbdomain script-arg when the target provided a domain in the NTLM
  challenge.

o [Nsock] Avoid a crash (Protocol not supported) caused by trying
  to reconnect with SSLv2 when an error occurs during DTLS connect. [Daniel
  Miller]

o [NSE] Removed OSVDB references from scripts and replaced them
  with BID references where possible.

o [NSE] Updates TN3270.lua and adds argument to disable TN3270E

o RMI parser could crash when encountering invalid input [Cl辿ment
  Notin]

o Avoid reporting negative latencies due to matching an ARP or ND
  response to a probe sent after it was recieved.

o [Ncat] To avoid confusion and to support non-default proxy ports,
  option --proxy now requires a literal IPv6 address to be specified using
  square-bracket notation, such as --proxy

o [Ncat] New ncat option provides control over
  whether proxy destinations are resolved by the remote proxy server or
  locally, by Ncat itself. See option --proxy-dns.

o [NSE] Updated script ftp-syst to prevent potential endless
  looping.

o New service probes and match lines for v1 and v2 of the Ubiquiti
  Discovery protocol. Devices often leave the related service open and it
  exposes significant amounts of information as well as the risk of being
  used as part of a DDoS. New nmap-payload entry for v1 of the
  protocol.

o [NSE] Removed hostmap-ip2hosts.nse as the API has been broken for a while
  and the service was completely shutdown on Feb 17th, 2019. [Paulino
  Calderon]

o [NSE] Adds TN3270E support and additional improvements to
  tn3270.lua and updates tn3270-screen.nse to display the new
  setting.

o [NSE] Updates product codes and adds a check for response length
  in enip-info.nse. The script now uses string.unpack.

o [Ncat] Temporary RSA keys are now 2048-bit to resolve a
  compatibility issue with OpenSSL library configured with security level 2,
  as seen on current Debian or Kali.

o [NSE] Fix a crash (double-free) when using SSH scripts against
  non-SSH services.

o [Zenmap] Fix a crash when Nmap executable cannot be found and the system
  PATH contains non-UTF-8 bytes, such as on Windows.

o [Zenmap] Fix a crash in results search when using the dir: operator:
    AttributeError: 'SearchDB' object has no attribute 'match_dir' [Daniel
    Miller]

o [Ncat] Fixed an issue with Ncat -e on Windows that caused early
  termination of connections.

o [NSE] Fix a false-positive in http-phpmyadmin-dir-traversal when
  the server responds with 200 status to a POST request to any
  URI.

o [NSE] New vulnerability state in vulns.lua, UNKNOWN, is used to indicate
  that testing could not rule out vulnerability.

o When searching for Lua header files, actually use them where
  they are found instead of forcing /usr/include. [Fabrice Fontaine, Daniel
  Miller]

o [NSE] Script traceroute-geolocation no longer crashes when
  www.GeoPlugin.net returns null coordinates

o Limit verbose -v and debugging -d levels to a maximum of 10. Nmap does not
  use higher levels internally.

o [NSE] tls.lua when creating a client_hello message will now only use a
  SSLv3 record layer if the protocol version is SSLv3. Some TLS
  implementations will not handshake with a client offering less than
  TLSv1.0. Scripts will have to manually fall back to SSLv3 to talk to
  SSLv3-only servers.

o [NSE] Fix a few false-positive conditions in
  ssl-ccs-injection. TLS implementations that responded with fatal alerts
  other than "unexpected message" had been falsely marked as
  vulnerable.

o Emergency fix to Nmap's birthday announcement so Nmap wishes itself a
  "Happy 21st Birthday" rather than "Happy 21th" in verbose mode (-v) on
  September 1, 2018.

o Start host timeout clocks when the first probe is sent to a
  host, not when the hostgroup is started. Sometimes a host doesn't get
  probes until late in the hostgroup, increasing the chance it will time
  out.

o [NSE] Support for edns-client-subnet (ECS) in dns.lua has been improved
by:
  -
  - Properly trimming ECS address, as mandated by RFC 7871
  - Fixing a bug that prevented using the same ECS option table more than
    once

o [Ncat] Fixed communication with commands launched with -e or -c
  on Windows, especially when --ssl is used.

o [NSE] Script http-default-accounts can now select more than one
  fingerprint category. It now also possible to select fingerprints by name
  to support very specific scanning.

o [NSE] Script http-default-accounts was not able to run against more than
  one target host/port.

o [NSE] New script-arg `http.host` allows users to force a
  particular value for the Host header in all HTTP requests.

o [NSE] Use smtp.domain script arg or target's domain name instead
  of "example.com" in EHLO command used for STARTTLS.

o [NSE] Fix brute.lua's BruteSocket wrapper, which was crashing
  Nmap with an assertion failure due to socket mixup [Daniel Miller]: nmap:
  nse_nsock.cc:672: int receive_buf(lua_State*, int, lua_KContext):
  Assertion `lua_gettop(L) == 7' failed.

o [NSE] Handle an error condition in smb-vuln-ms17-010 caused by
  IPS closing the connection.

o [Ncat] Fixed literal IPv6 URL format for connecting through HTTP
  proxies.

o [NSE] Updates vendors from ODVA list for enip-info.
[NothinRandom]

o [NSE] Add two common error strings that improve MySQL detection
  by the script http-sql-injection.

o [NSE] Fix bug in http-vuln-cve2006-3392 that prevented the script
  to generate the vulnerability report correctly.

o [NSE] Fix bug related to screen rendering in NSE library
  tn3270. This patch also improves the brute force script
  tso-brute.

o [NSE] Fix SIP, SASL, and HTTP Digest authentication when the
  algorithm contains lowercase characters.

o Nmap could be fooled into ignoring TCP response packets if they
  used an unknown TCP Option, which would misalign the validation, causing
  it to fail.

o [NSE]The HTTP response parser now tolerates status lines without a reason
  phrase, which improves compatibility with some HTTP servers.

o [NSE]] Parser for HTTP Set-Cookie header
  is now more compliant with RFC 6265:
  - empty attributes are tolerated
  - double quotes in cookie and/or attribute values are treated literally
  - attributes with empty values and value-less attributes are parsed
equally
  - attributes named "name" or "value" are ignored

o [NSE] Fix parsing http-grep.match script-arg. [Hans van den
  Bogert]

o [Zenmap] Avoid a crash when recent_scans.txt cannot be written
  to.

o Fixed --resume when the path to Nmap contains spaces.

o New service probe and match lines for adb, the Android Debug Bridge, which
  allows remote code execution and is left enabled by default on many
  devices.

(adam)