libnotify: Remove traces of autoconf.

(wiz)

doc: Updated sysutils/libnotify to 0.7.8

(wiz)

libnotify: update to 0.7.8.

Switch to meson build system. Remove introspection option.

New in 0.7.8
============
* Support meson build system [Marco; !3]
* notify-send: Support full URLs as hint values [Marco; !4]
* Mic. bug fixes [Ting-Wei, Florian; #760438, !8]

Contributors:
  Emmanuele Bassi, Abderrahim Kitouni, Ting-Wei Lan, Iain Lane, Florian M端llner,
  Jan Tojnar, Marco Trevisan (Trevi単o), Marco Trevisan

(wiz)

doc: Updated devel/libgsf to 1.14.46

(wiz)

libgsf: update to 1.14.46.

libgsf 1.14.46

Javier Jard�n:
* Upgrade to newer gettext.  [#7]

Morten:
* Warning fixes.
* Fix gsf-vba-dump crash.  [#15]

(wiz)

doc: Updated net/mtr to 0.93

(wiz)

mtr: update to 0.93.

V0.93
    Adam (1):
          Update README

    Adrien Gallouët (1):
          Add a help line for the t command in curses

    Alexander Blesius (1):
          convert README to markdown

    Arkadiusz Miśkiewicz (2):
          Also try SOCK_RAW/IPPROTO_ICMP when other fail.
          mtr to a unreachable host is possible again.

    Ben Williams (2):
          added UI hotkeys description (from internal help) to NOTES section in mtr man page
          renamed NOTES to INTERACTIVE CONTROL as per discussion in pull request

    Chonggang Li (4):
          mtr-packet: use ICMP and UDP without privilege on linux
          mtr-packet: fix Windows compilation
          mtr-packet: fix compilation on OS X
          mtr-packet: fix a bug causing IPv6 raw socket not working

    Markus Kötter (7):
          set udp checksum
          automake - configure show build options
          sockaddr - unify access to sockaddr_in/6 port & address
          probe - use INET6_ADDRSTRLEN
          probe - extend matching to src/dst host&port
          sockaddr - save a cast accessing the port
          construct - fix set port

    Matt Kimball (7):
          mtr-packet: report ICMP destination unreachable probes as "no route to host"
          ui: display "no route to host" error as host entry rather than abort
          json: Fix malformed json when the "hubs" list is empty
          commandline: Added --interface for using a named network interface
          Link portability/error.c with mtr-packet when missing on MacOS
          Mention Python mtrpacket package in mtr-packet man page
          Rework Cygwin mtr-packet to respond to signals (such as SIGTERM)

    R.E. Wolff (15):
          fixed some outdated text in README.
          minor changes top help Windows compilation on 32 bit machines
          fix #204 : added exec of mtr-packet in the place where mtr was started
                from. Quick and dirty, There is probably a better place to declare variables.
          Alternative 'skip uid 0 checks on cygwin' to adpoliak's implmentation
          fix stupid typo. Thanks adpoliak!
          possible fix for mac terminal 100% problem
          Sami Kerola: prevent MTR reporting unknown revision
          Merge branch 'master' of github.com:traviscross/mtr
          fixed split like for macos
          better fix. to dave's problem.
          -f equals -m fix from yvs2014
          rewritten weiyixuan's patch
          fixed typo
          Netbsd build fixes thanks to yvs2014
          Merge branch 'master' of github.com:traviscross/mtr

    Robert Scheck (1):
          Update incorrect FSF address

    Rogier Wolff (3):
          Fixed issue #286
          Manpage fix for Darwin by Matt. Rewritten by REW
          Added parentheses

    SaintBol (9):
          Update protocols.h
          Update deconstruct_unix.c
          Update probe.c
          Update probe.h
          Update cmdpipe.c
          Update curses.c
          Update mtr.h
          Update report.c
          Update mtr-packet.8.in

    Sami Kerola (1):
          mtr-packet: make address-not-available errors less likely

    Samuel Henrique (1):
          [typo]mtr.8.in: s/allows to/allows one to/

    Tobias Rittweiler (2):
          Add a .dir-locals.el file for Emacs.
          Replace perror(...); exit(...); by error(...);

    divinity76 (1):
          use setup.exe's package manager mode, replacing apt-cyg

    tk (1):
          Fix typo (resove -> resolve)

    weiyixuan (3):
          Option -y can not work properly
          Option --ipinfo 1 can not work properly
          for tcp, fix : bind port failed, try next sequence

(wiz)

doc: Updated net/filezilla to 3.44.2

(wiz)

filezilla: update to 3.44.2.

2019-08-15 - FileZilla Client 3.44.2 released

Bugfixes and minor changes:

    MSW: Fixed a crash if using predefined sites through fzdefaults.xml
    Fixes to protocol selection glitches in the Site Manager
    Increase maximum length of response lines when using FTP

2019-08-09 - FileZilla Client 3.44.1 released

Bugfixes and minor changes:

    Fixed a regression introduced in 3.44.0-rc1 breaking support for insecure servers

2019-08-09 - FileZilla Client 3.44.0 released

Bugfixes and minor changes:

    Fixed export in context menu of Site Manager to handle multiple selected items

(wiz)

doc: Updated net/libfilezilla to 0.18.1

(wiz)

libfilezilla: update to 0.18.1.

2019-08-15 - libfilezilla 0.18.1 released

New features:

    Added fz::buffer::resize

2019-08-02 - libfilezilla 0.18.0 released

New features:

    Added fz::spawn_detached_process
    Add operator+ to fz::duration
    *nix: If available, use eventfd instead of a self-pipe
    fz::to_integral and fz::hex_decode now work with string literals
    Added fz::listen_socket::fast_accept that only returns a descriptor instead of a fully-initialized fz::socket for use in a tight accept-and-dispatch loop
    Functions in libfilezilla/iputils.hpp now take string_view as arguments
    Added fz::socket::set_flags which can atomically enable or disable flags

Bugfixes and minor changes:

    fz::socket not returns an error instead of silently failing in case of file descriptor exhaustion
    Fix socket errors sometimes not being forwarded in fz::tls_layer when when writing fails in the underlying layer
    Fix double-closing of socket descriptios if connection establishment fails
    fz::tls_layer now fails the handshake instead of waiting indefinitely if started on a layer that has progressed passed the connected state
    Small compile-time improvements to fz::sprintf

(wiz)

doc: Updated sysutils/desktop-file-utils to 0.24

(wiz)

desktop-file-utils: update to 0.24.

============
Version 0.24
============

desktop-file-validate
  - Allow desktop file spec version 1.2 (Severin Gl旦ckner).
  - Add Budgie, Deepin, Enlightenment and Pantheon to list of
    registered desktop environments (fdo#10, fdo#11, fdo#16, oldfdo#97385)
    (Ikey Doherty, sensor.wen, Joonas Niilola, David Faure).

update-desktop-database
  - Sort output lines internally to conserve reproduceability (fdo#12)
    (Chris Lamb).
  - Use pledge(2) on OpenBSD to limit capabilities (fdo#13) (Jasper Lievisse
    Adriaanse).

common
  - Fix missing ; when appending to a list not ending with one (oldfdo#97388)
    (Pascal Terjan).
  - Add font as valid media type (Matthias Clasen).
  - Fix broken emacs blocking compile (fdo#15) (Hans Petter Jansson, reported
    by John).

(wiz)

Add www/hugo

(ryoon)

doc: Updated www/gnurl to 7.65.3

(ng0)

www/gnurl: Update to 7.65.3

Changelog:

* make the warning in buildconf more clear, month
  after noting that the hardfailure was not necessary.
* comment nroff parts of configure script, build +
  check + release without groff tested succesfully on NetBSD 9.99.4
* Dependencies: python-3 is now supported (should be in curl
  as well) for the tests. If python is required at all for
  the tests needs to be looked at more closely. groff/nroff dropped.

The usual curl Changelog applies, consult https://curl.haxx.se for the
ChangeLog.

(ng0)

Build fix for OS X Tiger via Macports

(sevan)

doc: Updated audio/fasttracker2 to 2.166

(fox)

fasttracker2: Update to b166

Changes since b165:

Beta #166 - 14.08.2019
- Bugfix: The clone would crash if you attempted to paste sample data to an
  empty instrument (not allocated). This bug was introduced in beta #163.

(fox)

doc: Added sysutils/ttyplot version 1.4

(fcambus)

Add ttyplot.

(fcambus)

sysutils/ttyplot: import ttyplot-1.4.

ttyplot is a realtime plotting utility for terminals. It takes data from
stdin, and plots on a terminal or console.

It supports rate calculation for counters, and up to two plots on a single
display using reverse video for the second line.

OK kamil@

(fcambus)

Updated www/apache24, www/nginx, www/nginx-devel

(adam)

nginx-devel: updated to 1.17.3

Changes with nginx 1.17.3

    *) Security: when using HTTP/2 a client might cause excessive memory
      consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
      CVE-2019-9516).

    *) Bugfix: "zero size buf" alerts might appear in logs when using
      gzipping; the bug had appeared in 1.17.2.

    *) Bugfix: a segmentation fault might occur in a worker process if the
      "resolver" directive was used in SMTP proxy.

Changes with nginx 1.17.2

    *) Change: minimum supported zlib version is 1.2.0.4.
      Thanks to Ilya Leoshkevich.

    *) Change: the $r->internal_redirect() embedded perl method now expects
      escaped URIs.

    *) Feature: it is now possible to switch to a named location using the
      $r->internal_redirect() embedded perl method.

    *) Bugfix: in error handling in embedded perl.

    *) Bugfix: a segmentation fault might occur on start or during
      reconfiguration if hash bucket size larger than 64 kilobytes was used
      in the configuration.

    *) Bugfix: nginx might hog CPU during unbuffered proxying and when
      proxying WebSocket connections if the select, poll, or /dev/poll
      methods were used.

    *) Bugfix: in the ngx_http_xslt_filter_module.

    *) Bugfix: in the ngx_http_ssi_filter_module.

Changes with nginx 1.17.1

    *) Feature: the "limit_req_dry_run" directive.

    *) Feature: when using the "hash" directive inside the "upstream" block
      an empty hash key now triggers round-robin balancing.
      Thanks to Niklas Keller.

    *) Bugfix: a segmentation fault might occur in a worker process if
      caching was used along with the "image_filter" directive, and errors
      with code 415 were redirected with the "error_page" directive; the
      bug had appeared in 1.11.10.

    *) Bugfix: a segmentation fault might occur in a worker process if
      embedded perl was used; the bug had appeared in 1.7.3.

(adam)

nginx: updated to 1.16.1

Changes with nginx 1.16.1

    *) Security: when using HTTP/2 a client might cause excessive memory
      consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
      CVE-2019-9516).

(adam)

apache24: updated to 2.4.41

Changes with Apache 2.4.41

  *) SECURITY: CVE-2019-10081 (cve.mitre.org)
    mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
    could lead to an overwrite of memory in the pushing request's pool,
    leading to crashes. The memory copied is that of the configured push
    link header values, not data supplied by the client.

  *) SECURITY: CVE-2019-9517 (cve.mitre.org)
    mod_http2: a malicious client could perform a DoS attack by flooding
    a connection with requests and basically never reading responses
    on the TCP connection. Depending on h2 worker dimensioning, it was
    possible to block those with relatively few connections.

  *) SECURITY: CVE-2019-10098 (cve.mitre.org)
    rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
    matches and substitutions with encoded line break characters.

  *) SECURITY: CVE-2019-10092 (cve.mitre.org)
    Remove HTML-escaped URLs from canned error responses to prevent misleading
    text/links being displayed via crafted links.

  *) SECURITY: CVE-2019-10097 (cve.mitre.org)
    mod_remoteip: Fix stack buffer overflow and NULL pointer deference
    when reading the PROXY protocol header.

  *) SECURITY: CVE-2019-10082 (cve.mitre.org)
    mod_http2: Using fuzzed network input, the http/2 session
    handling could be made to read memory after being freed,
    during connection shutdown.

  *) mod_proxy_balancer: Improve balancer-manager protection against
    XSS/XSRF attacks from trusted users.

  *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
    configure the session/cookie expiry's update interval.

  *) modules/filters: Fix broken compilation when using old GCC (<4.2.x).

  *) mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile
    configured for a domain managed by mod_md.

(adam)

sort

(jnemeth)

Note bash 5.0.9

(kre)

Update to bash 5.0.9 (5.0 patchlevel 9)

patch8: fix potential core dump if HISTSIZE is set to 0
patch9: fix fd leak if history file reading finds empty file

(kre)

doc: Updated net/youtube-dl to 20190813

(leot)

youtube-dl: Update to 20190813

Changes:
20190813
--------
Core
* [downloader/fragment] Fix ETA calculation of resumed download (#21992)
* [YoutubeDL] Check annotations availability (#18582)

Extractors
* [youtube:playlist] Improve flat extraction (#21927)
* [youtube] Fix annotations extraction (#22045)
+ [discovery] Extract series meta field (#21808)
* [youtube] Improve error detection (#16445)
* [vimeo] Fix album extraction (#1933, #15704, #15855, #18967, #21986)
+ [roosterteeth] Add support for watch URLs
* [discovery] Limit video data by show slug (#21980)

(leot)

R-ggtern: fix an incorrect dependency.

The missing dependency added in the previous commit was wrong, so fix it.

(brook)

allow NetBSD-[6-9]* on powerpc and mips64el

(macallan)

Add the biopython license to DEFAULT_ACCEPTABLE_LICENSES.

The biopython license is _very_ similar, but not identical, to many
other open source licenses used throughout pkgsrc.  The gratuitous
differences are being addressed by the project through an effort to
relicense all files to the 3-clause BSD license.  In the meantime,
Debian has accepted that the current biopython license meets the DFSG
and includes the package in their main distribution.  Consequently,
rename the license file and add it to DEFAULT_ACCEPTABLE_LICENSES.

See http://mail-index.netbsd.org/pkgsrc-changes/2019/08/13/msg195804.html.

(brook)

doc/pkgsrc.*: regen

(brook)

Add a section to "Common packages" describing a typical TeXlive package.

(brook)

Add a section to "Common packages" describing a typical R package.

(brook)

doc: Added sysutils/bdfresize version 1.5

(fcambus)

Add bdfresize.

(fcambus)

sysutils/bdfresize: import bdfresize-1.5.

Bdfresize is a command to magnify or reduce fonts which are described
with the standard BDF format.

OK kamil@

(fcambus)

rust: Avoid using external llvm when external llvm isn't pkgsrc llvm.

Reported as a build failure in #pkgsrc by ng0.

(nia)

doc: Added security/minisign version 0.8

(fcambus)

Add minisign.

(fcambus)

security/minisign: import minisign-0.8.

Minisign is a dead simple tool to sign files and verify signatures.

It is portable, lightweight, and uses the highly secure Ed25519 public-key
signature system.

OK kamil@

(fcambus)

Recursive bump of all packages using Go after Go 1.12.8 update.

(bsiegert)

doc: Updated lang/go112 to 1.12.8

(bsiegert)

go112: update to 1.12.8 (security release).

net/http: Denial of Service vulnerabilities in the HTTP/2 implementation

net/http and golang.org/x/net/http2 servers that accept direct connections from
untrusted clients could be remotely made to allocate an unlimited amount of
memory, until the program crashes. Servers will now close connections if the
send queue accumulates too many control messages.

The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.

This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.

net/url: parsing validation issue

url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.

The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
for discovering and reporting this issue.

(bsiegert)

py-importlib-metadata: fix distinfo for 0.19 update

(wiz)

go111: update to 1.11.13 (security release).

net/http: Denial of Service vulnerabilities in the HTTP/2 implementation

net/http and golang.org/x/net/http2 servers that accept direct connections from
untrusted clients could be remotely made to allocate an unlimited amount of
memory, until the program crashes. Servers will now close connections if the
send queue accumulates too many control messages.

The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.

This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.

net/url: parsing validation issue

url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.

The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
for discovering and reporting this issue.

(bsiegert)

Updated devel/p5-PPI to 1.270

(wen)

Update to 1.270

Upstream changes:
1.270  2019-07-09 15:14:57Z
        Summary:
        - attempt to handle new blead binary/hexadecimal parsing behavior in tests

(wen)

Updated devel/p5-Proc-ProcessTable to 0.59

(wen)

Update to 0.59

Upstream changes:
0.59 2019-06-20
  * works again on AIX
  * fixed mswin32 stuff, hope it works now
  * reogranized code and started to use newest version ExtUtils::MakeMaker

(wen)

Updated devel/p5-Role-Tiny to 2.000008

(wen)

Update to 2.000008

Upstream changes:
2.000008 - 2019-08-05
  - reverting all changes from 2.000007 due to failures on some perl versions
    and a number of downstream users.  The changes will be reintroduced in a
    fixed form in a future version.

2.000007 - 2019-07-31
  - fix composing roles into packages that have stub subs in them
  - exclude all constant subs from method list

(wen)

Updated net/p5-Test-TCP to 2.20

(wen)

Update to 2.20

Upstream changes:
2.20 2019-08-03T22:47:58Z

    - Fix test for . not in @INC by default # 58

(wen)

Updated math/R to 3.6.1

(wen)

Update to 3.6.1

Upstream changes:
CHANGES IN R 3.6.1:

  INSTALLATION on a UNIX-ALIKE:

    * The default detection of the shell variable libNN is overridden
      for derivatives of Debian Linux, some of which have started to
      have a /usr/lib64 directory.  (E.g. Ubuntu 19.04.)  As before, it
      can be specified in config.site.

  UTILITIES:

    * R CMD config knows the values of AR and RANLIB, often set for LTO
      builds.

  DEPRECATED AND DEFUNCT:

    * The use of a character vector with .Fortran() is formally
      deprecated and gives a non-portability warning.  (It has long
      been strongly discouraged in 'Writing R Extensions'.)

  BUG FIXES:

    * On Windows, GUI package installation via menuInstallPkgs() works
      again, thanks to Len Weil's and Duncan Murdoch's PR#17556.

    * R CMD check on data() fixing PR#17558 thanks to Duncan Murdoch.

    * quasi(*, variance = list(..)) now works more efficiently, and
      should work in all cases fixing PR#17560.  Further, quasi(var =
      mu(1-mu)) and quasi(var = "mu ^ 3") now work, and quasi(variance
      = "log(mu)") now gives a correct error message.

    * Creation of lazy loading database during package installation is
      again robust to Rprofile changing the current working directory
      (PR#17559).

    * boxplot(y ~ f, horizontal=TRUE) now produces correct x- and
      y-labels.

    * rbind.data.frame() allows to keep <NA> levels from factor columns
      (PR#17562) via new option factor.exclude.

      Additionally, it works in one more case with matrix-columns which
      had been reported on 2017-01-16 by Krzysztof Banas.

    * Correct messaging in C++ pragma checks in tools code for R CMD
      check, fixing PR#17566 thanks to Xavier Robin.

    * print()ing and auto-printing no longer differs for functions with
      a user defined print.function, thanks to Bill Dunlap's report.

    * On Windows, writeClipboard(.., format = <n>) now does correctly
      pass format to the underlying C code, thanks to a bug report
      (with patch) by Jenny Bryan.

    * as.data.frame() treats 1D arrays the same as vectors, PR#17570.

    * Improvements in smoothEnds(x, *) working with NAs (towards
      runmed() working in that case, in the next version of R).

    * vcov(glm(<quasi>), dispersion = *) works correctly again, fixing
      PR#17571 thanks to Pavel Krivitsky.

    * R CMD INSTALL of binary packages on Windows now works also with
      per-directory locking.

    * R CMD INSTALL and install.packages() on Windows are now more
      robust against a locked file in an earlier installation of the
      package to be installed.  The default value of option
      install.lock on Windows has been changed to TRUE.

    * On Unix alikes (when readline is active), only expand tilde (~)
      file names starting with a tilde, instead of almost all tildes.

    * In R documentation (*.Rd) files, \item [..] is no longer treated
      specially when rendered in LaTeX and hence pdf, but rather shows
      the brackets in all cases.

(wen)

doc: Updated databases/pgbouncer to 1.10.0

(fox)

databases/pgbouncer: Update to 1.10.0

Changes since 1.9.0

2019-07-01 - PgBouncer 1.10.0 - "Afraid of the World"

    Features
        Add support for enabling and disabling TLS 1.3. (TLS 1.3 was
        already supported, depending on the OpenSSL library, but now the
        configuration settings to pick the TLS protocol versions also
        support it.)
    Fixes
        Fix TLS 1.3 support. This was broken with OpenSSL 1.1.1 and
        1.1.1a (but not before or after).
        Fix a rare crash in SHOW FDS
        (https://github.com/pgbouncer/pgbouncer/issues/311/).
        Fix an issue that could lead to prolonged downtime if many cancel
        requests arrive
        (https://github.com/pgbouncer/pgbouncer/issues/329/).
        Avoid "unexpected response from login query" after a postgres
        reload
        (https://github.com/pgbouncer/pgbouncer/issues/220/).
        Fix idle_transaction_timeout calculation
        (https://github.com/pgbouncer/pgbouncer/issues/125/). The
        bug would lead to premature timeouts in specific situations.
    Cleanups
        Make various log and error messages more precise.
        Fix issues found by Coverity (none had a significant impact in
        practice).
        Improve and document all test scripts.
        Add additional SHOW commands to the documentation.
        Convert the documentation from rst to Markdown.
        Python scripts in the source tree are all compatible with Python 3
        now.

(fox)

devel/py-ruamel-yaml: Sort with plist-sort

(gdt)

doc: Updated misc/ansiweather to 1.14.0

(fcambus)

ansiweather: Update to 1.14.0.

ChangeLog:

AnsiWeather 1.14.0 (2019-08-13)

- Add final dots for options descriptions in ansiweather.1
- Stop mentioning that ftp can be used on Mac OS X, as it's apparently
  not the case anymore in Mojave
- Remove space before percent sign for humidity display
- Respect freedesktop/XDG spec for configuration (Thanks Ryan Delaney)

OK kamil@

(fcambus)

doc: Updated graphics/ansilove to 4.0.2

(fcambus)

ansilove: Update to 4.0.2.

ChangeLog:

AnsiLove/C 4.0.2 (2019-08-13)

- Remove most examples from the repository, they continue to live on the
  website
- Move the remaining examples in per author directories, and add LICENSE
  files for these artworks, courtesy of their authors

OK kamil@

(fcambus)

rust: Build against non-internal LLVM by default.

This should help with some people's problems with the rust builds being
excessively long, and if we ever run into compatibility problems between
rust's llvm-current and our shipped version it should be easy to switch
on the internal LLVM by default again.

I've been using this for some time with Firefox without problems.

Bump PKGREVISION.

(nia)

doc: Updated print/zathura-pdf-mupdf to 0.3.5

(leot)

zathura-pdf-mupdf: Update to 0.3.5

Changes:
0.3.5
-----
- Compatible with mupdf 1.16

(leot)

Updated www/nghttp2, devel/py-dulwich

(adam)

py-dulwich: updated to 0.19.12

0.19.12:
BUG FIXES
* Update directory detection for get_unstaged_changes for Python 3.
* Add a basic porcelain.clean.
* Fix output format of porcelain.diff to match that of
  C Git
* Return a 404 not found error when repository is not found.
* Mark .git directories as hidden on Windows.
* Implement RefsContainer.__iter__
* Don't trust modes if they can't be modified after a file has been created.

(adam)

nghttp2: updated to 1.39.2

nghttp2 v1.39.2

This release fixes CVE-2019-9511 ���Data Dribble��� and CVE-2019-9513
���Resource Loop��� vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack.

Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall

(adam)

doc: Updated devel/py-packaging to 19.1nb1

(wiz)

py-packaging: add full py-attrs dependency, this is needed at runtime.

Fixes py-sphinx related build failures in other packages.

Bump PKGREVISION.

XXX: 'make test' needs 'make install' beforehand, please fix if you know how

(wiz)

It's been six years. Remove MESSAGE about 2.x -> 3.x transition.

(schmonz)

Updated devel/p5-IO-Async to 0.74

(wen)

Update to 0.74

Upstream changes:
0.74    2019-06-27 18:44:38
        [CHANGES]
        * Warn about IO::Async::Stream using autoflush on a blocking handle
        * Implement queuing priorities for IO::Async::Function calls (RT129918)
        * Send a terminating signal to a ->run_process process on cancellation
          (RT129225)
        * Optionally make ->run_process future fail when process exits non-zero
          (RT129225)
        * Implement the Future::IO->syswrite API

        [BUGFIXES]
        * Skip t/70future-io.t unless Future::IO is available (RT129807)
        * Remember to set O_NONBLOCK on IO::Async::Channel async mode
          filehandles (RT129879)
        * Handle Windows 7 which returns ENETDOWN to failed AF_UNIX connect()
          (RT129806)

0.73    2019-06-12 16:49:28
        [CHANGES]
        * Provide an IO::Async implementation of Future::IO
        * Added $loop->run_process (RT129225)
        * Clear $ONE_TRUE_LOOP in $loop->fork so that child processes can do
          IO::Async::Loop->new successfully
        * Added $notifier->adopted_futures accessor (RT127818)
        * Various docs fixes

(wen)

Updated devel/p5-indirect to 0.39

(wen)

Update to 0.39

Upstream changes:
0.39    2019-07-08 12:00 UTC
        + Fix : [RT #127118] : Fails on perl >= v5.28.0 with -DDEBUGGING
                The module has been amended to accomodate with a change of
                behaviour of a core macro.
        + Upd : Contact info.

(wen)

Updated devel/p5-Getopt-Long-Descriptive to 0.104

(wen)

Update to 0.104

Upstream changes:
0.104    2019-04-27 10:50:50+01:00 Europe/London
        - allow for verbatim text in descripition options

(wen)

Updated devel/p5-Future to 0.41

(wen)

Update to 0.41

Upstream changes:
0.41    2019-06-13
        [CHANGES]
        * Added Future::Exception->throw

(wen)

Updated devel/p5-Mouse to 2.5.7

(wen)

Update to 2.5.7
Add p5-Test-Deep as BUILD_DEPENDS to do more tests.

Upstream changes:
v2.5.7 2019-08-12T08:45:37Z
    - Bump Module::Build::XSUtil prereq (KnowZero #99)

(wen)

On Debian GNU/Linux 10, libfl from devel/flex is linked, fix packaging

(ryoon)

net/syncthing: Soften upgrade version language

The basic intent remains: if there is a protocol break we have to
coordinate with f-droid.  However, syncthing seems to have matured to
the point where protocol breaks no longer happen.

(gdt)

net/syncthing: Disable upgrade checks

syncthing phones home to check the version; not only is this a privacy
leak, but pkgsrc does updates differently so it isn't really useful.
Add a flag to the build to disable this.

From pkg/53951 by Daniel Ziltener.

(gdt)

doc: Updated devel/py-ruamel-yaml to 0.15.100

(gdt)

devel/py-ruamel-yaml: Update to 0.15.100

(While 0.16.1 is current, that update perhaps is more complicated, so
I'm updating to the last release of 0.15 as an intermediate step.)

[0, 15, 100]: 2019-07-17
  - fixing issue with dumping deep-copied data from commented YAML, by
    providing both the memo parameter to __deepcopy__, and by allowing
    startmarks to be compared on their content (reported by `Theofilos
    Petsios
    <https://bitbucket.org/%7Be550bc5d-403d-4fda-820b-bebbe71796d3%7D/>`__)

[0, 15, 99]: 2019-07-12
  - add `py.typed` to distribution, based on a PR submitted by
    `Michael Crusoe
    <https://bitbucket.org/%7Bc9fbde69-e746-48f5-900d-34992b7860c8%7D/>`__
  - merge PR 40 (also by Michael Crusoe) to more accurately specify
    repository in the README (also reported in a misunderstood issue
    some time ago)

[0, 15, 98]: 2019-07-09
  - regenerate ext/_ruamel_yaml.c with Cython version 0.29.12, needed
    for Python 3.8.0b2 (reported by `John Vandenberg
    <https://bitbucket.org/%7B6d4e8487-3c97-4dab-a060-088ec50c682c%7D/>`__)

[0, 15, 97]: 2019-06-06
  - regenerate ext/_ruamel_yaml.c with Cython version 0.29.10, needed for
    Python 3.8.0b1
  - regenerate ext/_ruamel_yaml.c with Cython version 0.29.9, needed for
    Python 3.8.0a4 (reported by `Anthony Sottile
    <https://bitbucket.org/%7B569cc8ea-0d9e-41cb-94a4-19ea517324df%7D/>`__)

[0, 15, 96]: 2019-05-16
  - fix failure to indent comments on round-trip anchored block style
    scalars in block sequence (reported by `William Kimball
    <https://bitbucket.org/%7Bba35ed20-4bb0-46f8-bb5d-c29871e86a22%7D/>`__)

[0, 15, 95]: 2019-05-16
  - fix failure to round-trip anchored scalars in block sequence
    (reported by `William Kimball
    <https://bitbucket.org/%7Bba35ed20-4bb0-46f8-bb5d-c29871e86a22%7D/>`__)
  - wheel files for Python 3.4 no longer provided (`Python 3.4 EOL 2019-03-18
    <https://www.python.org/dev/peps/pep-0429/>`__)

(gdt)

devel/py-ruamel-yaml: Sort PLIST

No functional change; PLIST was not sorted per print-PLIST, making
updates difficult.

(gdt)

add SPI loader. missed in previous commit

(tnn)

u-boot-rock{,pro}64: install the SPI boot loader. Bump.

(tnn)

more tex package updates

(markd)

texlive-collection-latexextra: add tex-(beamerposter,nfssext-cfr,outline,powerdot}

(markd)

texlive-collection-latexrecommended: add tex-ragged2e, remove tex-powerdot

(markd)

texlive-collection-pictures: add tex-chemfig

(markd)

tex-ms{,-doc}: update to 2019,  remove ragged2e (now separate package)

(markd)

print: add tex-ragged2e{,-doc}

(markd)

tex-ragged2e{,-doc}: add version 2.2

The package defines new commands \Centering, \RaggedLeft, and
\RaggedRight and new environments Center, FlushLeft, and
FlushRight, which set ragged text and are easily configurable
to allow hyphenation (the corresponding commands in LaTeX, all
of whose names are lower-case, prevent hyphenation altogether).

(markd)

graphics: add tex-tikz-feynhand{,-doc}

(markd)

tex-tikz-feynhand{,-doc}: add version 1.0.0

This package lets you draw Feynman diagrams using TikZ. It is a
low-end modification of the TikZ-Feynman package, one of whose
principal advantages is the automatic generation of diagrams,
for which it needs LuaTex. TikZ-FeynHand only provides the
manual mode and hence runs in LaTeX without any reference to
LuaTeX. In addition it provides some new styles for vertices
and propagators, alternative shorter keywords in addition to
TikZ-Feynman's longer ones, some shortcut commands for quickly
customizing the diagrams' look, and the new feature of putting
one propagator "on top" of another. It also includes a quick
user guide for getting started, with many examples and a
5-minute introduction to TikZ.

(markd)

doc: Updated devel/py-python-slugify to 3.0.3nb1

(gdt)

devel/py-python-slugify: Update to 3.0.3

## 3.0.3
  - Add Options to readme
  - Add more unit tests

## 3.0.2
  - Add official support of Py 3.7

## 3.0.1
  - Add test.py to manifest

## 3.0.0
  - Upgrade Unidecode
  - Promote text-unidecode as the primary decoding package
  - Add Unidecode as an optional extra. "pip install python-slugify[unidecode]"

## 2.0.1
  - Add replacements option e.g. [['|', 'or'], ['%', 'percent'], ['-', '_']] (@andriyor)

## 2.0.0
  - Fix alternative dependency installation

(gdt)