Remove references to Python 3.4

(adam)

add help pages

(sevan)

doc/pkgsrc.*: regen

(sevan)

doc: Updated misc/tmux to 2.9a

(triaxx)

tmux: update to 2.9a

pkgsrc changes:
---------------
* patches removed, since applied upstream

upstream changes:
-----------------
CHANGES FROM 2.9 to 2.9a

* Fix bugs in select-pane and the main-horizontal and main-vertical layouts.

CHANGES FROM 2.8 to 2.9

* Attempt to preserve horizontal cursor position as well as vertical with
  reflow.

* Rewrite main-vertical and horizontal and change layouts to better handle the
  case where all panes won't fit into the window size, reduce problems with
  pane border status lines and fix other bugs mostly found by Thomas Sattler.

* Add format variables for the default formats in the various modes
  (tree_mode_format and so on) and add a -a flag to display-message to list
  variables with values.

* Add a -v flag to display-message to show verbose messages as the format is
  parsed, this allows formats to be debugged

* Add support for HPA (\033[`).

* Add support for origin mode (\033[?6h).

* No longer clear history on RIS.

* Extend the #[] style syntax and use that together with previous format
  changes to allow the status line to be entirely configured with a single
  option.

  Now that it is possible to configure their content, enable the existing code
  that lets the status line be multiple lines in height. The status option can
  now take a value of 2, 3, 4 or 5 (as well as the previous on or off) to
  configure more than one line. The new status-format array option configures
  the format of each line, the default just references the existing status-*
  options, although some of the more obscure status options may be eliminated
  in time.

  Additions to the #[] syntax are: "align" to specify alignment (left, centre,
  right), "list" for the window list and "range" to configure ranges of text
  for the mouse bindings.

  The "align" keyword can also be used to specify alignment of entries in tree
  mode and the pane status lines.

* Add E: and T: format modifiers to expand a format twice (useful to expand the
  value of an option).

* The individual -fg, -bg and -attr options have been removed; they
  were superseded by -style options in tmux 1.9.

* Allow more than one mode to be opened in a pane. Modes are kept on a stack
  and retrieved if the same mode is entered again. Exiting the active mode goes
  back to the previous one.

* When showing command output in copy mode, call it view mode instead (affects
  pane_mode format).

* Add -b to display-panes like run-shell.

* Handle UTF-8 in word-separators option.

* New "terminal" colour allowing options to use the terminal default colour
  rather than inheriting the default from a parent option.

* Do not move the cursor in copy mode when the mouse wheel is used.

* Use the same working directory rules for jobs as new windows rather than
  always starting in the user's home.

* Allow panes to be one line or column in size.

* Go to last line when goto-line number is out of range in copy mode.

* Yank previously cut text if any with C-y in the command prompt, only use the
  buffer if no text has been cut.

* Add q: format modifier to quote shell special characters.

* Add StatusLeft and StatusRight mouse locations (keys such as
  MouseDown1StatusLeft) for the status-left and status-right areas of the
  status line.

* Add -Z to find-window.

* Support for windows larger than the client. This adds two new options,
  window-size and default-size, and a new command, resize-window. The
  force-width and force-height options and the session_width and session_height
  formats have been removed.

  The new window-size option tells tmux how to work out the size of windows:
  largest means it picks the size of the largest session, smallest the smallest
  session (similar to the old behaviour) and manual means that it does not
  automatically resize windows. aggressive-resize modifies the choice of
  session for largest and smallest as it did before.

  If a window is in a session attached to a client that is too small, only part
  of the window is shown. tmux attempts to keep the cursor visible, so the part
  of the window displayed is changed as the cursor moves (with a small delay,
  to try and avoid excess redrawing when applications redraw status lines or
  similar that are not currently visible).

  Drawing windows which are larger than the client is not as efficient as those
  which fit, particularly when the cursor moves, so it is recommended to avoid
  using this on slow machines or networks (set window-size to smallest or
  manual).

  The resize-window command can be used to resize a window manually. If it is
  used, the window-size option is automatically set to manual for the window
  (undo this with "setw -u window-size"). resize-window works in a similar way
  to resize-pane (-U -D -L -R -x -y flags) but also has -a and -A flags. -a
  sets the window to the size of the smallest client (what it would be if
  window-size was smallest) and -A the largest.

  For the same behaviour as force-width or force-height, use resize-window -x
  or -y.

  If the global window-size option is set to manual, the default-size option is
  used for new windows. If -x or -y is used with new-session, that sets the
  default-size option for the new session.

  The maximum size of a window is 10000x10000. But expect applications to
  complain and higher memory use if making a window that big. The minimum size
  is the size required for the current layout including borders.

  The refresh-client command can be used to pan around a window, -U -D -L -R
  moves up, down, left or right and -c returns to automatic cursor
tracking. The position is reset when the current window is changed.

(triaxx)

Drop the use of compression in CVS.
"Do not use the cvs `-z` flag. The data stream gets out of sync,
leading to corruption on the client, or causing the client to hang
completely."

(sevan)

doc: Updated net/tor to 0.4.0.5

(wiz)

tor: update to 0.4.0.5.

Changes in version 0.4.0.5 - 2019-05-02
  This is the first stable release in the 0.4.0.x series. It contains
  improvements for power management and bootstrap reporting, as well as
  preliminary backend support for circuit padding to prevent some kinds
  of traffic analysis. It also continues our work in refactoring Tor for
  long-term maintainability.

  Per our support policy, we will support the 0.4.0.x series for nine
  months, or until three months after the release of a stable 0.4.1.x:
  whichever is longer. If you need longer-term support, please stick
  with 0.3.5.x, which will we plan to support until Feb 2022.

  Below are the changes since 0.3.5.7. For a complete list of changes
  since 0.4.0.4-rc, see the ChangeLog file.

  o Major features (battery management, client, dormant mode):
    - When Tor is running as a client, and it is unused for a long time,
      it can now enter a "dormant" state. When Tor is dormant, it avoids
      network and CPU activity until it is reawoken either by a user
      request or by a controller command. For more information, see the
      configuration options starting with "Dormant". Implements tickets
      2149 and 28335.
    - The client's memory of whether it is "dormant", and how long it
      has spent idle, persists across invocations. Implements
      ticket 28624.
    - There is a DormantOnFirstStartup option that integrators can use
      if they expect that in many cases, Tor will be installed but
      not used.

  o Major features (bootstrap reporting):
    - When reporting bootstrap progress, report the first connection
      uniformly, regardless of whether it's a connection for building
      application circuits. This allows finer-grained reporting of early
      progress than previously possible, with the improvements of ticket
      27169. Closes tickets 27167 and 27103. Addresses ticket 27308.
    - When reporting bootstrap progress, treat connecting to a proxy or
      pluggable transport as separate from having successfully used that
      proxy or pluggable transport to connect to a relay. Closes tickets
      27100 and 28884.

  o Major features (circuit padding):
    - Implement preliminary support for the circuit padding portion of
      Proposal 254. The implementation supports Adaptive Padding (aka
      WTF-PAD) state machines for use between experimental clients and
      relays. Support is also provided for APE-style state machines that
      use probability distributions instead of histograms to specify
      inter-packet delay. At the moment, Tor does not provide any
      padding state machines that are used in normal operation: for now,
      this feature exists solely for experimentation. Closes
      ticket 28142.

  o Major features (refactoring):
    - Tor now uses an explicit list of its own subsystems when
      initializing and shutting down. Previously, these systems were
      managed implicitly in various places throughout the codebase.
      (There may still be some subsystems using the old system.) Closes
      ticket 28330.

  o Major bugfixes (cell scheduler, KIST, security):
    - Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on 0.3.2.1-alpha. This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

  o Major bugfixes (networking):
    - Gracefully handle empty username/password fields in SOCKS5
      username/password auth messsage and allow SOCKS5 handshake to
      continue. Previously, we had rejected these handshakes, breaking
      certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

  o Major bugfixes (NSS, relay):
    - When running with NSS, disable TLS 1.2 ciphersuites that use
      SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for
      these ciphersuites don't work -- which caused relays to fail to
      handshake with one another when these ciphersuites were enabled.
      Fixes bug 29241; bugfix on 0.3.5.1-alpha.

  o Major bugfixes (windows, startup):
    - When reading a consensus file from disk, detect whether it was
      written in text mode, and re-read it in text mode if so. Always
      write consensus files in binary mode so that we can map them into
      memory later. Previously, we had written in text mode, which
      confused us when we tried to map the file on windows. Fixes bug
      28614; bugfix on 0.4.0.1-alpha.

  o Minor features (address selection):
    - Treat the subnet 100.64.0.0/10 as public for some purposes;
      private for others. This subnet is the RFC 6598 (Carrier Grade
      NAT) IP range, and is deployed by many ISPs as an alternative to
      RFC 1918 that does not break existing internal networks. Tor now
      blocks SOCKS and control ports on these addresses and warns users
      if client ports or ExtORPorts are listening on a RFC 6598 address.
      Closes ticket 28525. Patch by Neel Chauhan.

  o Minor features (bandwidth authority):
    - Make bandwidth authorities ignore relays that are reported in the
      bandwidth file with the flag "vote=0". This change allows us to
      report unmeasured relays for diagnostic reasons without including
      their bandwidth in the bandwidth authorities' vote. Closes
      ticket 29806.
    - When a directory authority is using a bandwidth file to obtain the
      bandwidth values that will be included in the next vote, serve
      this bandwidth file at /tor/status-vote/next/bandwidth. Closes
      ticket 21377.

  o Minor features (bootstrap reporting):
    - When reporting bootstrap progress, stop distinguishing between
      situations where only internal paths are available and situations
      where external paths are available. Previously, Tor would often
      erroneously report that it had only internal paths. Closes
      ticket 27402.

  o Minor features (compilation):
    - Compile correctly when OpenSSL is built with engine support
      disabled, or with deprecated APIs disabled. Closes ticket 29026.
      Patches from "Mangix".

  o Minor features (continuous integration):
    - On Travis Rust builds, cleanup Rust registry and refrain from
      caching the "target/" directory to speed up builds. Resolves
      issue 29962.
    - Log Python version during each Travis CI job. Resolves
      issue 28551.
    - In Travis, tell timelimit to use stem's backtrace signals, and
      launch python directly from timelimit, so python receives the
      signals from timelimit, rather than make. Closes ticket 30117.

  o Minor features (controller):
    - Add a DROPOWNERSHIP command to undo the effects of TAKEOWNERSHIP.
      Implements ticket 28843.

  o Minor features (developer tooling):
    - Check that bugfix versions in changes files look like Tor versions
      from the versions spec. Warn when bugfixes claim to be on a future
      release. Closes ticket 27761.
    - Provide a git pre-commit hook that disallows commiting if we have
      any failures in our code and changelog formatting checks. It is
      now available in scripts/maint/pre-commit.git-hook. Implements
      feature 28976.
    - Provide a git hook script to prevent "fixup!" and "squash!"
      commits from ending up in the master branch, as scripts/main/pre-
      push.git-hook. Closes ticket 27993.

  o Minor features (diagnostic):
    - Add more diagnostic log messages in an attempt to solve the issue
      of NUL bytes appearing in a microdescriptor cache. Related to
      ticket 28223.

  o Minor features (directory authority):
    - When a directory authority is using a bandwidth file to obtain
      bandwidth values, include the digest of that file in the vote.
      Closes ticket 26698.
    - Directory authorities support a new consensus algorithm, under
      which the family lines in microdescriptors are encoded in a
      canonical form. This change makes family lines more compressible
      in transit, and on the client. Closes ticket 28266; implements
      proposal 298.

  o Minor features (directory authority, relay):
    - Authorities now vote on a "StaleDesc" flag to indicate that a
      relay's descriptor is so old that the relay should upload again
      soon. Relays treat this flag as a signal to upload a new
      descriptor. This flag will eventually let us remove the
      'published' date from routerstatus entries, and make our consensus
      diffs much smaller. Closes ticket 26770; implements proposal 293.

  o Minor features (dormant mode):
    - Add a DormantCanceledByStartup option to tell Tor that it should
      treat a startup event as cancelling any previous dormant state.
      Integrators should use this option with caution: it should only be
      used if Tor is being started because of something that the user
      did, and not if Tor is being automatically started in the
      background. Closes ticket 29357.

  o Minor features (fallback directory mirrors):
    - Update the fallback whitelist based on operator opt-ins and opt-
      outs. Closes ticket 24805, patch by Phoul.

  o Minor features (FreeBSD):
    - On FreeBSD-based systems, warn relay operators if the
      "net.inet.ip.random_id" sysctl (IP ID randomization) is disabled.
      Closes ticket 28518.

  o Minor features (geoip):
    - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2
      Country database. Closes ticket 29992.

  o Minor features (HTTP standards compliance):
    - Stop sending the header "Content-type: application/octet-stream"
      along with transparently compressed documents: this confused
      browsers. Closes ticket 28100.

  o Minor features (IPv6):
    - We add an option ClientAutoIPv6ORPort, to make clients randomly
      prefer a node's IPv4 or IPv6 ORPort. The random preference is set
      every time a node is loaded from a new consensus or bridge config.
      We expect that this option will enable clients to bootstrap more
      quickly without having to determine whether they support IPv4,
      IPv6, or both. Closes ticket 27490. Patch by Neel Chauhan.
    - When using addrs_in_same_network_family(), avoid choosing circuit
      paths that pass through the same IPv6 subnet more than once.
      Previously, we only checked IPv4 subnets. Closes ticket 24393.
      Patch by Neel Chauhan.

  o Minor features (log messages):
    - Improve log message in v3 onion services that could print out
      negative revision counters. Closes ticket 27707. Patch
      by "ffmancera".

  o Minor features (memory usage):
    - Save memory by storing microdescriptor family lists with a more
      compact representation. Closes ticket 27359.
    - Tor clients now use mmap() to read consensus files from disk, so
      that they no longer need keep the full text of a consensus in
      memory when parsing it or applying a diff. Closes ticket 27244.

  o Minor features (NSS, diagnostic):
    - Try to log an error from NSS (if there is any) and a more useful
      description of our situation if we are using NSS and a call to
      SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241.

  o Minor features (parsing):
    - Directory authorities now validate that router descriptors and
      ExtraInfo documents are in a valid subset of UTF-8, and reject
      them if they are not. Closes ticket 27367.

  o Minor features (performance):
    - Cache the results of summarize_protocol_flags(), so that we don't
      have to parse the same protocol-versions string over and over.
      This should save us a huge number of malloc calls on startup, and
      may reduce memory fragmentation with some allocators. Closes
      ticket 27225.
    - Remove a needless memset() call from get_token_arguments, thereby
      speeding up the tokenization of directory objects by about 20%.
      Closes ticket 28852.
    - Replace parse_short_policy() with a faster implementation, to
      improve microdescriptor parsing time. Closes ticket 28853.
    - Speed up directory parsing a little by avoiding use of the non-
      inlined strcmp_len() function. Closes ticket 28856.
    - Speed up microdescriptor parsing by about 30%, to help improve
      startup time. Closes ticket 28839.

  o Minor features (pluggable transports):
    - Add support for emitting STATUS updates to Tor's control port from
      a pluggable transport process. Closes ticket 28846.
    - Add support for logging to Tor's logging subsystem from a
      pluggable transport process. Closes ticket 28180.

  o Minor features (process management):
    - Add a new process API for handling child processes. This new API
      allows Tor to have bi-directional communication with child
      processes on both Unix and Windows. Closes ticket 28179.
    - Use the subsystem manager to initialize and shut down the process
      module. Closes ticket 28847.

  o Minor features (relay):
    - When listing relay families, list them in canonical form including
      the relay's own identity, and try to give a more useful set of
      warnings. Part of ticket 28266 and proposal 298.

  o Minor features (required protocols):
    - Before exiting because of a missing required protocol, Tor will
      now check the publication time of the consensus, and not exit
      unless the consensus is newer than the Tor program's own release
      date. Previously, Tor would not check the consensus publication
      time, and so might exit because of a missing protocol that might
      no longer be required in a current consensus. Implements proposal
      297; closes ticket 27735.

  o Minor features (testing):
    - Treat all unexpected ERR and BUG messages as test failures. Closes
      ticket 28668.
    - Allow a HeartbeatPeriod of less than 30 minutes in testing Tor
      networks. Closes ticket 28840. Patch by Rob Jansen.
    - Use the approx_time() function when setting the "Expires" header
      in directory replies, to make them more testable. Needed for
      ticket 30001.

  o Minor bugfixes (security):
    - Fix a potential double free bug when reading huge bandwidth files.
      The issue is not exploitable in the current Tor network because
      the vulnerable code is only reached when directory authorities
      read bandwidth files, but bandwidth files come from a trusted
      source (usually the authorities themselves). Furthermore, the
      issue is only exploitable in rare (non-POSIX) 32-bit architectures,
      which are not used by any of the current authorities. Fixes bug
      30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by
      Tobias Stoeckmann.
    - Verify in more places that we are not about to create a buffer
      with more than INT_MAX bytes, to avoid possible OOB access in the
      event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and
      fixed by Tobias Stoeckmann.

  o Minor bugfix (continuous integration):
    - Reset coverage state on disk after Travis CI has finished. This
      should prevent future coverage merge errors from causing the test
      suite for the "process" subsystem to fail. The process subsystem
      was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix
      on 0.2.9.15.
    - Terminate test-stem if it takes more than 9.5 minutes to run.
      (Travis terminates the job after 10 minutes of no output.)
      Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.

  o Minor bugfixes (build, compatibility, rust):
    - Update Cargo.lock file to match the version made by the latest
      version of Rust, so that "make distcheck" will pass again. Fixes
      bug 29244; bugfix on 0.3.3.4-alpha.

  o Minor bugfixes (C correctness):
    - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug
      29824; bugfix on 0.3.1.1-alpha. This is Coverity warning
      CID 1444119.

  o Minor bugfixes (client, clock skew):
    - Bootstrap successfully even when Tor's clock is behind the clocks
      on the authorities. Fixes bug 28591; bugfix on 0.2.0.9-alpha.
    - Select guards even if the consensus has expired, as long as the
      consensus is still reasonably live. Fixes bug 24661; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (compilation):
    - Fix compilation warnings in test_circuitpadding.c. Fixes bug
      29169; bugfix on 0.4.0.1-alpha.
    - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug
      29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.
    - Compile correctly on OpenBSD; previously, we were missing some
      headers required in order to detect it properly. Fixes bug 28938;
      bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (directory clients):
    - Mark outdated dirservers when Tor only has a reasonably live
      consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.

  o Minor bugfixes (directory mirrors):
    - Even when a directory mirror's clock is behind the clocks on the
      authorities, we now allow the mirror to serve "future"
      consensuses. Fixes bug 28654; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (DNS):
    - Gracefully handle an empty or absent resolve.conf file by falling
      back to using "localhost" as a DNS server (and hoping it works).
      Previously, we would just stop running as an exit. Fixes bug
      21900; bugfix on 0.2.1.10-alpha.

  o Minor bugfixes (documentation):
    - Describe the contents of the v3 onion service client authorization
      files correctly: They hold public keys, not private keys. Fixes
      bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

  o Minor bugfixes (guards):
    - In count_acceptable_nodes(), the minimum number is now one bridge
      or guard node, and two non-guard nodes for a circuit. Previously,
      we had added up the sum of all nodes with a descriptor, but that
      could cause us to build failing circuits when we had either too
      many bridges or not enough guard nodes. Fixes bug 25885; bugfix on
      0.3.6.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (IPv6):
    - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
      IPv6 socket was bound using an address family of AF_INET instead
      of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
      Kris Katterjohn.

  o Minor bugfixes (linux seccomp sandbox):
    - Fix startup crash when experimental sandbox support is enabled.
      Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.

  o Minor bugfixes (logging):
    - Correct a misleading error message when IPv4Only or IPv6Only is
      used but the resolved address can not be interpreted as an address
      of the specified IP version. Fixes bug 13221; bugfix on
      0.2.3.9-alpha. Patch from Kris Katterjohn.
    - Log the correct port number for listening sockets when "auto" is
      used to let Tor pick the port number. Previously, port 0 was
      logged instead of the actual port number. Fixes bug 29144; bugfix
      on 0.3.5.1-alpha. Patch from Kris Katterjohn.
    - Stop logging a BUG() warning when Tor is waiting for exit
      descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha.
    - Avoid logging that we are relaxing a circuit timeout when that
      timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha.
    - Log more information at "warning" level when unable to read a
      private key; log more information at "info" level when unable to
      read a public key. We had warnings here before, but they were lost
      during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
    - Rework rep_hist_log_link_protocol_counts() to iterate through all
      link protocol versions when logging incoming/outgoing connection
      counts. Tor no longer skips version 5, and we won't have to
      remember to update this function when new link protocol version is
      developed. Fixes bug 28920; bugfix on 0.2.6.10.

  o Minor bugfixes (memory management):
    - Refactor the shared random state's memory management so that it
      actually takes ownership of the shared random value pointers.
      Fixes bug 29706; bugfix on 0.2.9.1-alpha.
    - Stop leaking parts of the shared random state in the shared-random
      unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (misc):
    - The amount of total available physical memory is now determined
      using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
      when it is defined and a 64-bit variant is not available. Fixes
      bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (networking):
    - Introduce additional checks into tor_addr_parse() to reject
      certain incorrect inputs that previously were not detected. Fixes
      bug 23082; bugfix on 0.2.0.10-alpha.

  o Minor bugfixes (onion service v3, client):
    - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
      connection waiting for a descriptor that we actually have in the
      cache. It turns out that this can actually happen, though it is
      rare. Now, tor will recover and retry the descriptor. Fixes bug
      28669; bugfix on 0.3.2.4-alpha.

  o Minor bugfixes (onion services):
    - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
      than one private key for a hidden service. Fixes bug 29040; bugfix
      on 0.3.5.1-alpha.
    - In hs_cache_store_as_client() log an HSDesc we failed to parse at
      "debug" level. Tor used to log it as a warning, which caused very
      long log lines to appear for some users. Fixes bug 29135; bugfix
      on 0.3.2.1-alpha.
    - Stop logging "Tried to establish rendezvous on non-OR circuit..."
      as a warning. Instead, log it as a protocol warning, because there
      is nothing that relay operators can do to fix it. Fixes bug 29029;
      bugfix on 0.2.5.7-rc.

  o Minor bugfixes (periodic events):
    - Refrain from calling routerlist_remove_old_routers() from
      check_descriptor_callback(). Instead, create a new hourly periodic
      event. Fixes bug 27929; bugfix on 0.2.8.1-alpha.

  o Minor bugfixes (pluggable transports):
    - Make sure that data is continously read from standard output and
      standard error pipes of a pluggable transport child-process, to
      avoid deadlocking when a pipe's buffer is full. Fixes bug 26360;
      bugfix on 0.2.3.6-alpha.

  o Minor bugfixes (rust):
    - Abort on panic in all build profiles, instead of potentially
      unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (scheduler):
    - When re-adding channels to the pending list, check the correct
      channel's sched_heap_idx. This issue has had no effect in mainline
      Tor, but could have led to bugs down the road in improved versions
      of our circuit scheduling code. Fixes bug 29508; bugfix
      on 0.3.2.10.

  o Minor bugfixes (shellcheck):
    - Look for scripts in their correct locations during "make
      shellcheck". Previously we had looked in the wrong place during
      out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (single onion services):
    - Allow connections to single onion services to remain idle without
      being disconnected. Previously, relays acting as rendezvous points
      for single onion services were mistakenly closing idle rendezvous
      circuits after 60 seconds, thinking that they were unused
      directory-fetching circuits that had served their purpose. Fixes
      bug 29665; bugfix on 0.2.1.26.

  o Minor bugfixes (stats):
    - When ExtraInfoStatistics is 0, stop including PaddingStatistics in
      relay and bridge extra-info documents. Fixes bug 29017; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (testing):
    - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a
      recent test-network.sh to use new chutney features in CI. Fixes
      bug 29703; bugfix on 0.2.9.1-alpha.
    - Fix a test failure on Windows caused by an unexpected "BUG"
      warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix
      on 0.2.9.3-alpha.
    - Downgrade some LOG_ERR messages in the address/* tests to
      warnings. The LOG_ERR messages were occurring when we had no
      configured network. We were failing the unit tests, because we
      backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug
      29530; bugfix on 0.3.5.8.
    - Fix our gcov wrapper script to look for object files at the
      correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha.
    - Decrease the false positive rate of stochastic probability
      distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha.
    - Fix intermittent failures on an adaptive padding test. Fixes one
      case of bug 29122; bugfix on 0.4.0.1-alpha.
    - Disable an unstable circuit-padding test that was failing
      intermittently because of an ill-defined small histogram. Such
      histograms will be allowed again after 29298 is implemented. Fixes
      a second case of bug 29122; bugfix on 0.4.0.1-alpha.
    - Detect and suppress "bug" warnings from the util/time test on
      Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
    - Do not log an error-level message if we fail to find an IPv6
      network interface from the unit tests. Fixes bug 29160; bugfix
      on 0.2.7.3-rc.
    - Instead of relying on hs_free_all() to clean up all onion service
      objects in test_build_descriptors(), we now deallocate them one by
      one. This lets Coverity know that we are not leaking memory there
      and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha.
    - Check the time in the "Expires" header using approx_time(). Fixes
      bug 30001; bugfix on 0.4.0.4-rc.

  o Minor bugfixes (TLS protocol):
    - When classifying a client's selection of TLS ciphers, if the
      client ciphers are not yet available, do not cache the result.
      Previously, we had cached the unavailability of the cipher list
      and never looked again, which in turn led us to assume that the
      client only supported the ancient V1 link protocol. This, in turn,
      was causing Stem integration tests to stall in some cases. Fixes
      bug 30021; bugfix on 0.2.4.8-alpha.

  o Minor bugfixes (UI):
    - Lower log level of unlink() errors during bootstrap. Fixes bug
      29930; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (usability):
    - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
      Some users took this phrasing to mean that the mentioned guard was
      under their control or responsibility, which it is not. Fixes bug
      28895; bugfix on Tor 0.3.0.1-alpha.

  o Minor bugfixes (Windows, CI):
    - Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit
      Windows Server 2012 R2 job. The remaining 2 jobs still provide
      coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set
      fast_finish, so failed jobs terminate the build immediately. Fixes
      bug 29601; bugfix on 0.3.5.4-alpha.

  o Code simplification and refactoring:
    - Introduce a connection_dir_buf_add() helper function that detects
      whether compression is in use, and adds a string accordingly.
      Resolves issue 28816.
    - Refactor handle_get_next_bandwidth() to use
      connection_dir_buf_add(). Implements ticket 29897.
    - Reimplement NETINFO cell parsing and generation to rely on
      trunnel-generated wire format handling code. Closes ticket 27325.
    - Remove unnecessary unsafe code from the Rust macro "cstr!". Closes
      ticket 28077.
    - Rework SOCKS wire format handling to rely on trunnel-generated
      parsing/generation code. Resolves ticket 27620.
    - Split out bootstrap progress reporting from control.c into a
      separate file. Part of ticket 27402.
    - The .may_include files that we use to describe our directory-by-
      directory dependency structure now describe a noncircular
      dependency graph over the directories that they cover. Our
      checkIncludes.py tool now enforces this noncircularity. Closes
      ticket 28362.

  o Documentation:
    - Clarify that Tor performs stream isolation among *Port listeners
      by default. Resolves issue 29121.
    - In the manpage entry describing MapAddress torrc setting, use
      example IP addresses from ranges specified for use in documentation
      by RFC 5737. Resolves issue 28623.
    - Mention that you cannot add a new onion service if Tor is already
      running with Sandbox enabled. Closes ticket 28560.
    - Improve ControlPort documentation. Mention that it accepts
      address:port pairs, and can be used multiple times. Closes
      ticket 28805.
    - Document the exact output of "tor --version". Closes ticket 28889.

  o Removed features:
    - Remove the old check-tor script. Resolves issue 29072.
    - Stop responding to the 'GETINFO status/version/num-concurring' and
      'GETINFO status/version/num-versioning' control port commands, as
      those were deprecated back in 0.2.0.30. Also stop listing them in
      output of 'GETINFO info/names'. Resolves ticket 28757.
    - The scripts used to generate and maintain the list of fallback
      directories have been extracted into a new "fallback-scripts"
      repository. Closes ticket 27914.

  o Testing:
    - Run shellcheck for scripts in the in scripts/ directory. Closes
      ticket 28058.
    - Add unit tests for tokenize_string() and get_next_token()
      functions. Resolves ticket 27625.

  o Code simplification and refactoring (onion service v3):
    - Consolidate the authorized client descriptor cookie computation
      code from client and service into one function. Closes
      ticket 27549.

  o Code simplification and refactoring (shell scripts):
    - Cleanup scan-build.sh to silence shellcheck warnings. Closes
      ticket 28007.
    - Fix issues that shellcheck found in chutney-git-bisect.sh.
      Resolves ticket 28006.
    - Fix issues that shellcheck found in updateRustDependencies.sh.
      Resolves ticket 28012.
    - Fix shellcheck warnings in cov-diff script. Resolves issue 28009.
    - Fix shellcheck warnings in run_calltool.sh. Resolves ticket 28011.
    - Fix shellcheck warnings in run_trunnel.sh. Resolves issue 28010.
    - Fix shellcheck warnings in scripts/test/coverage. Resolves
      issue 28008.

(wiz)

lang/perl5: do not use -delete option of find(1)

Do not use -delete option of find(1).  It is not supported on Solaris's
native find(1) reported by Sad Clouds.

(taca)

doc: Updated lang/php71 to 7.1.29

(taca)

lang/php71: Update to 7.1.29

Update php71 to 7.1.29.

02 May 2019, PHP 7.1.29

- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
  (CVE-2019-11036) (Stas)

- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)

04 Apr 2019, PHP 7.1.28

- EXIF:
  . Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
    (Stas)
  . Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
(CVE-2019-11035) (Stas)

- SQLite3:
  . Added sqlite3.defensive INI directive. (BohwaZ)

(taca)

doc: Updated net/dnscrypt-proxy2 to 2.0.23

(nia)

net/dnscrypt-proxy2: Update to version 2.0.23

Changes since 2.0.22:

- .onion servers are now automatically ignored if Tor routing is not
enabled.
- Caching of server addresses has been improved, especially when
using proxies.
- DNSCrypt communications are now automatically forced to using TCP
when a SOCKS proxy has been set up.

(nia)

opera-acroread7: remove

Depends on removed acroread7.

(wiz)

amavis-perl: remove

Depends on removed uvscan.

(wiz)

acroread*font*: remove

Support packages for removed acroread7/9, respectively.

(wiz)

python: Remove reference to python-3.4.

(wiz)

adapta-gtk-theme: Use TOOL_DEPENDS.

(nia)

gtar: fix build on SunOS

resolve conflict with sys/limits.h

(wiedi)

doc: Updated geography/gpsbabel to 1.6.0

(gdt)

geography/gpsbabel: Update to 1.6.0

This switches to qt5 (from qt4).

Upstream changes since 1.5.2 in 2015 are basically a very large number
of bugfixes and minor improvements, as well as modernizing
dependencies.

See https://www.gpsbabel.org/changes.html for details.

(gdt)

Updated lang/polyml to 5.7.1.

(alnsn)

Update to version 5.7.1. Switch to github releases.

Major Changes

  This release fixes a number of bugs and timing issues in version 5.7 mainly related to the code-generator.

(alnsn)

Updated fonts/ipaexfont to 00401

(ryoon)

Update to 00401

* Use fonts.mk framework

Changelog:
00401: (2019-04)
* Add U+32FF (SQUARE ERA NAME REIWA) character
* Update fontRevision in head table to 4.010
* Update ID0 (Copyright) in name table to 2003-2019
* Update ID3 (Unique Font Identifier) in name table to
  IPAexMincho Version 004.01 and IPAexGothic Version 004.01
* Update ID5 (Version) in name table Version to 004.01

00301: (2015-10)
* Implement SVS for 93 compatible Kanji characters
* Fix glyphs of U+26FF8 and U+663B
* Update nameID=2 to Regular
* Update fontRevision in head table to 3.010
* Update ID0 (Copyright) in name table to 2003-2015
* Update ID3 (Unique Font Identifier) in name table to
  IPAexMincho Version 003.01 and IPAexGothic Version 003.01
* Update ID5 (Version) in name table Version to 003.01

(ryoon)

doc: Updated sysutils/coreutils to 8.29nb2

(jperkin)

coreutils: Report uname -o as "illumos" where appropriate.

Fixes joyent/pkgsrc#195.  Bump PKGREVISION.

(jperkin)

doc: Updated lang/php73 to 7.3.5

(taca)

lang/php73: update to 7.3.5

Update php73 to 7.3.5.

02 May 2019, PHP 7.3.5

- Core:
  . Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
    (Nikita)

- CLI:
  . Fixed bug #77794 (Incorrect Date header format in built-in server).
    (kelunik)

- EXIF
  . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
    (CVE-2019-11036) (Stas)

- Interbase:
  . Fixed bug #72175 (Impossibility of creating multiple connections to
    Interbase with php 7.x). (Nikita)

- Intl:
  . Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
    = null). (Nikita)

- litespeed:
  . LiteSpeed SAPI 7.3.1, better process management, new API function
    litespeed_finish_request(). (George Wang)

- LDAP:
  . Fixed bug #77869 (Core dump when using server controls) (mcmic)

- Mail
  . Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)

- mbstring:
  . Implemented FR #72777 (Implement regex stack limits for mbregex functions).
    (Yasuo Ohgaki, Stas)

- MySQLi:
  . Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
    (Nikita)

- PCRE:
  . Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
    cmb)

- PDO:
  . Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
    (camporter)

- phpdbg:
  . Fixed bug #76801 (too many open files). (alekitto)
  . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
    (krakjoe)
  . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)

- Reflection:
  . Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
  . Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)

- Standard:
  . Fixed bug #77793 (Segmentation fault in extract() when overwriting
    reference with itself). (Nikita)
  . Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
    INI_SCANNER_TYPED). (Nikita)
  . Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
    haystack). (Nikita)

(taca)

doc: Updated lang/php72 to 7.2.18

(taca)

lang/php72: update to 7.2.18

Update php72 to update to 7.2.18.

02 May 2019, PHP 7.2.18

- CLI:
  . Fixed bug #77794 (Incorrect Date header format in built-in server).
    (kelunik)

- EXIF
  . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
    (CVE-2019-11036) (Stas)

- Interbase:
  . Fixed bug #72175 (Impossibility of creating multiple connections to
    Interbase with php 7.x). (Nikita)

- Intl:
  . Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale
    = null). (Nikita)

- litespeed:
  . LiteSpeed SAPI 7.3.1, better process management, new API function
    litespeed_finish_request(). (George Wang)

- Mail
  . Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)

- PCRE:
  . Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix,
    cmb)

- PDO:
  . Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
    (camporter)

- phpdbg:
  . Fixed bug #76801 (too many open files). (alekitto)
  . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
    (krakjoe)
  . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe)

- Reflection:
  . Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita)
  . Fixed bug #77882 (Different behavior: always calls destructor). (Nikita)

- Standard:
  . Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
    (Vlad Temian)
  . Fixed bug #77844 (Crash due to null pointer in parse_ini_string with
    INI_SCANNER_TYPED). (Nikita)
  . Fixed bug #77853 (Inconsistent substr_compare behaviour with empty
    haystack). (Nikita)

(taca)

doc: Updated net/bind912 to 9.12.4pl1nb1

(taca)

net/bind912: fix an error when reloading configuration

Fix an error when reloading configuration.  There is on more check to
"directory" in option statement is writable.

Bump PKGREVISION.

(taca)

doc: Updated net/bind914 to 9.14.1nb1

(taca)

net/bind914: fix an error when reloading configuration

Fix an error when reloading configuration.  There is on more check to
"directory" in option statement is writable.

Bump PKGREVISION.

(taca)

python37: fix find_library() on SunOS

Help find_library find pkgsrc libs also on SunOS.
While here pull in http://bugs.python.org/issue23287 like Oracle Solaris and
OpenIndiana already do.

(wiedi)

Updated print/qpdf to 8.4.1

(ryoon)

Update to 8.4.1

Changelog:
This is qpdf version 8.4.1. It contains a small handful of minor
CLI enhancements and a few bug fixes from 8.4.0 including handling
of Unicode filenames in Windows, a performance bug with --split-pages
and a few others. For a full list of changes, please see the release
notes.

(ryoon)

doc: Updated databases/openldap-client to 2.4.47nb1

(jperkin)

openldap-client: Fix FD_SETSIZE on SunOS 64-bit.

The OS default is 64k but OpenLDAP sets a hardcoded limit of 4k.  Bump
PKGREVISION.

(jperkin)

doc: Updated archivers/py-zstandard to 0.11.0nb1

(wiz)

py-zstandard: adapt for zstd-1.4.0 and depend on it

Bump PKGREVISION.

(wiz)

Updated www/py-autobahn, devel/py-nose2, security/py-trustme

(adam)

py-trustme: updated to 0.5.1

0.5.1:
Unknown changes

(adam)

py-nose2: updated to 0.9.1

0.9.1

Changed
* the prof plugin now uses `cProfile` instead of `hotshot` for profiling, and
  therefore now supports python versions which do not include `hotshot`
* skipped tests now include the user's reason in junit XML's `message` field

Fixed
* the prettyassert plugin mishandled multi-line function definitions
* Using a plugin's CLI flag when the plugin is already enabled via config no
  longer errors -- it is a no-op instead

(adam)

py-autobahn: updated to 19.3.3

19.3.3
fix: RegisterOptions should have details|bool parameter
new: WAMP callee disclosure
new: WAMP forward_for in more message types; expose forward_for in options/details types
new: expose underlying serializer modules on WAMP object serializers
fix: WAMP-cryptosign fix base64 encodings, add hex encoding

19.3.2
fix: import guards for flatbuffers (missed in CI as we run with "all deps installed" there)

19.3.1
new: add experimental support for WAMP-FlatBuffers serializer: EVENT and PUBLISH messages for now only
new: add FlatBuffers schema for WAMP messages
fix: improve serializer package preference behavior depending on CPy vs PyPy
fix: relax protocol violations: ignore unknown INTERRUPT and GOODBYE already sent; reduce log noise
fix: skipping Yield message if transport gets closed before success callback is called
fix: integer division in logging in py3
fix: Await tasks after they've been cancelled in autobahn.asycio.component.nicely_exit

(adam)

Removed lang/py34-html-docs, lang/py35-html-docs

(adam)

Removed lang/py3[45]-html-docs

(adam)

Forget about Python 3.4

(adam)

Forget about Python 3.5

(adam)

Forget about Python 3.4

(adam)

opencv-contrib-face: regen distinfo to add new patch in opencv/patches

(wiz)

crudesaml: add SHA512 checksum to distinfo

(wiz)

crudesaml: use https

(wiz)

uvscan: remove

Distfile does not exist and was not redistributable.
Package was marked BROKEN for this reason for some time.
Newer version available, package could be re-added if someone is interested.
(Last update was 2007.)

(wiz)

memconf: remove

Distfile from package not available.
Newer version is available, so can be re-added if someone is interested.
(last update was 2010)

(wiz)

acroread9: remove

Distfile not available, and not supposed to be redistributed.

(wiz)

Updated devel/py-isort, devel/py-xdis, textproc/py-jsbeautifier, www/py-hyperframe

(adam)

acroread7: remove

distfile not available, and not supposed to redistributed.

(wiz)

acroread7: remove

distfile not available, and not supposed to redistributed.

(wiz)

py-hyperframe: updated to 5.2.0

5.2.0:
API Changes (Backward-compatible)
- Add a new ENABLE_CONNECT_PROTOCOL settings paramter.

Other Changes
- Fix collections.abc deprecation.
- Drop support for Python 3.3 and support 3.7.

(adam)

acroread8: remove

Distfile not available and not supposed to be redistributed.

(wiz)

sun-jdk6, sun-jre6: remove

Last update in 2013, remove sun-jdk7/sun-jre7 instead

(wiz)

py-jsbeautifier: updated to 1.10.0

v1.10.0
Added templating setting to control when template languages are recognized. All languages are off by default in Javascript and on by default in HTML.

Closed Issues
beautifying scss selector with colon in it adds space
Javascript multiline comments duplicates
Tokenizer crashes if the input terminates with a dot character.
stop reformatting valid css \! into invalid \ !
wrong indent for unclosed <? - need to support disabling templating
Beautify inserts space before exclamation mark in comment <!-- in css <style>
'less' mixins parameter formatting problem
Change css tests to use 4 space indenting instead of tabs
Braces after case get pushed onto new line
Extra space in pseudo-elements and pseudo-classes selectors
LESS formatting - mixins with multiple variables
Bug in less format

(adam)

py-xdis: updated to 4.0.1

release-4.0.1
Add magics.IS_PYPY3 and correct is_pypy()
disassemble PyPY3 versions correctly

(adam)

py-isort: updated to 4.3.18

4.3.18:
- Fixed an issue with parsing files that contain unicode characters in Python 2
- Fixed issue 924 - Pulling in pip internals causes depreciation warning
- Fixed issue 938 - Providing a way to filter explicitly passed in files via configuration settings (`--filter-files`)
- Improved interoperability with toml configuration files

(adam)

mysql57-client: remove unused patch

(adam)

bind914: remove patch that probably was not supposed to be cvs added

Not listed in distinfo

(wiz)

gcc-aux: add SHA512 checksums for bootstraps

(wiz)

jini: remove

Distfile not available and was not allowed to be mirrored.

(wiz)

ghc7: manually add SHA512 checksums for two bootstrap files

XXX: some bootstraps (e.g. solaris) seem to be missing completely
from distinfo. I'll leave this for someone on those platforms who cares

(wiz)

pvs: add solaris checksum

(wiz)

xanim: remove

This program used binary objects for the codes; these object files are from
1999 or earlier. The original site for this program has long disappeared, and
AFAICT there is one mirror left with only a part of the files this package
would like to use.

Use a source-code player like mpv or mplayer or ffmplay instead.

(wiz)

tkicb: remove package

Distfile is not available and was not supposed to be mirrored.
Last update was before 2001.

(wiz)

firefox: remove lingering references to Python 3.5

Remove lingering references to Python 3.5 in mozilla-common.mk. (This
code could perhaps be condensed, but, though Python 3.7 is now the
default, soon enough there'll be a Python 3.8, and so on.)

(gutteridge)

doc/TODO: + hdf-4.2.14

(wiz)

doc: Updated devel/hdf5 to 1.10.4nb1

(bacon)

devel/hdf5: Enable szip support by default

Support was off by default due to non-distributable archivers/szip dependency.
Replaced with BSD-licensed archivers/libaec, containing drop-in replacement
szip library.

(bacon)

archivers/szip: Add suggestion to DESCR to use libaec instead

libaec is BSD licensed while szip is not redistributable

(bacon)

doc: Updated geography/gpsd to 3.18.1

(gdt)

geography/gpsd: Update to 3.18.1

pkgsrc changes:
  - adapt to scons
  - patch upstream SConstruct to respect needed pkgsrc variables
  - patch upstream's use of "#!/usr/bin/env python"
  - other minor build adaptations

Upstream changes not in NEWS:

  libgpsd (header, lib, pc, man page) is no longer installed.  (This
  was an internal interface.)

Upstream NEWS:

3.18.1: 2018-10-19 (Gary E. Miller <gem@rellim.com>)
  Fix some installation issues.
  A few minor updates to ubxtool and driver_ubx.
  Add contrib/skyview2svg

3.18: 2018-10-02 (Gary E. Miller <gem@rellim.com>)
  Add ECEF support to ievermore, italk,Skytraq, SiRF, U-blox drivers.
  Add ECEF support to JSON, cgps and xgps.
  Add GREIS (Javad) driver from Virgin Orbit.
  Add CLI tools zerk and ubxtool to manage JAVAD and u-blox GPS.
  Add gnssid:svid to satellite_t, cgps and xgps.  PRN will die.
  Add gnssid:svid to JSON, cgps and xgps.
  Add stricter version checking (more to todo).
  More and better regression tests.
  Better Python dependency checking, at build time and runtime.
  Fix several buffer issues.
  New polar plots, and improved statistice, in gpsprof.
  gpsd master/slave mode works, first time ever.
  All isnan() changed to !isfinite(), fixing many bugs.
  Client-side Python libraries may automatically reconnect
  Too many other bug fixes and improvements to mention.
  Over 1,000 commits from 46 different commiters.

3.17: 2017-09-07 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Repair support for non-NMEA devices requring active probing
  (e.g. Garmin USB GPSes). Apply OS X build fixes.  Fix a SiRF driver
  bug that occasionally confused NTP.  Support for Spectratime iSync
  GRClok and LNRClok oscillators. gpxlogger can reconnect when
  the GPS loses the fix. xgps and xgpsspeed moved to python-gi,
  getting shut of the deprecated pygtk2 bindings. Default mode for
  xgpsspeed is now the more interesting nautical display. gpsmon
  includes the hostname with the device display. gpsprof now has
  centimeter precision.

3.16: 2016-01-08 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Test rebuilds for mid-2015 leapsecond bump. Regression tests will
  run even if "python" in Python 3.  Build correctly on systems where
  -ltinfo is split from -lncurses. Avoid some rare overflow conditions
  in PPS code.  Fix bugs in JSON sat-view parsing due to the JSON
  parser stuffing ints into shorts.  Various small fixes to AIS
  interpretation.  Prevent a memory leak in long-running gpsmon
  instances.  Fix Savannah bug #45270: serial driver does not work
  properly on pipes.  Fix Savannah bug #44648: GPSD won't build if
  CCFLAGS contains options that are only compatible with the
  cros1s-compiler. Fix Savannah bug #45342: SConstruct generates wrong
  *.pc files.  Fix Savannah bug #46495: gpsd_poll may crash due to
  unitialized pointer (probably due to buggy FD_ISSET on host
  system). Fix Savannah bug #46648: gpsd crashes and buffer overflow
  is reported when terminated.  Fix Savannah bug #46802: AIVDM to CSV
  is broken in some weird cases. Fix Savannah bug #46804: JSON
  satellite view parsing is somewhat broken.

3.15: 2015-06-03 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Fix a rare crash bug related to devices becoming inaccessible while timed out.
  Accept NMEA 4.1 GSV sentences with the trailing signal-ID field.
  Fixed incorrect decode of south latitudes in AIS Type 17 messages.
  splint has been retired; this removes almost 2KLOC of annotations.
  chrpath is no longer a build dependency. Corrected Beidou/QZNSS display
  in the Python clients so the graphics don't look like SBAS.

3.14: 2015-03-14 (Eric S. Raymond <esr@snark.thyrsus.com>)
  The Pi Day release, 3.14 on 3/14 2015 at 9:26. Longer timeouts on test clients.
  Skyview support for the Beidou and QZSS constellations in the NMEA0183 driver.
  ntpmon rename to ntpshmmon - it doesn't actually monitor NTP itself.
  New HOWTO on the website: "Introduction to Time Service".

3.13: 2015-02-26 (Eric S. Raymond <esr@snark.thyrsus.com>)
  compiler.h inclusion removed for gps.h so it's standalone for /usr/include.
  TOFF JSON report gives the offset between GPS top of second and clock time.
  A new ntpmon tool supports capturing clock samples from NTP SHM segments.

3.12: 2015-02-22 (Eric S. Raymond <esr@snark.thyrsus.com>)
  The daemon's power utilization has been reduced by changing from
  non-blocking to blocking I/O; this may be significant on mobile devices.
  Better protection against false matches of Inland AIS messages; this
  required a libgps version bump to 22 (as a side effect, per-device
  footprint has decreased). PPS feature is no longer marked
  experimental/unstable.  Sentence tag fields have been dropped from
  the JSON reports. GNSS and GLONASS SKY reports are now
  merged. Addressed versions of AIS Type 25 and 26 are now
  handled. The 'nmea' build option is now 'nmea0183'. New 'minimal'
  option sets all boolean options not explicitly set on the build
  command line to false.  The 'limited_max_devices' option is now
  'max_devices'; the 'limited_max_clients' option is now 'max_clients'
  The previously deprecated 'libQgpsmm' option has been removed; use 'qt'.
  A bug fix for error modeling when NMEA 0183 reports empty DOP
  fields.  On OS X, the "osx-pl203" driver has been explicitly listed
  as unsupported. The last remnants of the old pre-JSON query protocol
  have been removed from the client library.

3.11: 2014-07-23 (Eric S. Raymond <esr@snark.thyrsus.com>)
  A bug that prevented track interpolation has been fixed.
  We now get vertical error position and speed estimates from the
  u-blox driver rather than having to interpolate them.
  Some unusual AIS talker IDs (NMEA 4.0 station classes) are supported.
  chrpath is no longer a dependency for building and testing, and
  now defaults to 'no'.  Full systemd support.  Fixes for handling
  large PPS offsets. Improved recovery from device flakeouts,
  gpsmon argument parsing.

3.10: 2013-11-22 (Eric S. Raymond <esr@snark.thyrsus.com>)
  AIS: Adds gps2udp, an AIS data relay, split24 option supports
  passing through Type 24 halves; support for Inland AIS; "scaled" no
  longer controls dumping of controlled-vocabulary fields; instead,
  the're always dumped numerically and as text, with text in an
  attribute name generated by appending "_text" to the name of the
  base attribute. The packetizer's handling of write boundaries not
  coinciding with packet boundaries is improved.  Better support for
  mode and speed switching in the UBX driver.  PPS message now ships
  nsec. PPS events are visible in gpsmon. Time-reporting fix to TSIP.

3.9: 2013-05-01 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Note to packagers: this is an urgent release that fixes a possible
  DoS or security hole!  Armor the AIS driver against an implausible
  overrun attack.  A (different) fix for our first malformed-packet
  crash since about 2007. Minor improvements to the NMEA2000
  driver. New FAQ entry on how to know WAAS/EGNOS is working.
  New -u and -uu options enable usec timestamps on gpspipe output.

3.8: 2013-02-25 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Fix various minor errors in the AIVDM/AIVDO description. Repair the
  xmlto support in the build system. Add two more regression
  tests. Significant improvements to NMEA2000 support. Upgrade the PHP
  client to v3 of the Google Maps API. Support for the Telit SL869
  chipset. Added a nautical-style display to xgpsspeed. Minor
  improvements to leapsecond.py.

3.7: 2012-07-02 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Snap release to get the midnight change in the default leap-second
  constant out the door.  Port tests now pass on all Debian supported
  architectures, including the Sparc and s390 that were giving us
  trouble before. Pre-2003 Delorme Earthmate works again.

3.6: 2012-05-23 (Eric S. Raymond <esr@snark.thyrsus.com>)
  It's the Fernando Poo Day release.  Code has zero detectible defects
  under Coverity scanning and cppcheck 1.52; this is mainly a cleanup
  release to get those minor fixes into the field.  If a leap-second
  warning is available from GPS subframe information it is passed to
  ntpd. NMEA2000 is now supported via the Linux kernel CAN interface.
  There's a chrpath=no config option for distribution makers, so
  chrpath is no longer a build dependency; see build.txt for
  explanation.

3.5: 2012-04-14 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Use pselect when it's available to cut down on wakeups and improve
  signal handling.  New {PPS} message exporting clock drift. The AIVDM
  driver now handles up to 16 interleaved 24A and 24B pair-halves.
  The NMEA driver interprets depth-sounder returns from SDDBT and
  reports them as negative altitudes. The pps-pin option is gone, the
  PPS code now just accepts any handshake pin. A bug that sometimes
  caused RTCM packets to be dropped rather than relayed is fixed.

3.4: 2012-01-12 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Don't barf when chrpath is not available, fall back to static linking;
  helps people not running Linux.

3.3: 2011-10-29 (Eric S. Raymond <esr@snark.thyrsus.com>)
  Improvements to build and release-procedure documentation. Make
  sirf=no build work again. Main reason for this release is to make
  chrpath a mandatory build dependency and explain why in the build
  documentation.

3.2: 2011-10-25 (Eric S. Raymond <esr@snark.thyrsus.com>)
  In the build recipe, (1) set pkgconfig properly for 64-bit Fedora
  systems, (2) clean up various derived files including *.pyc on scons
  -c, (3) add an option to disable stripping of binaries (strip=no),
  (4) for embedded targets, add an option to disable building Python
  support (python=no), (5) make the help for gpsd_group and gpsd_user
  a little clearer, (6) add a force_global option to build gpsd to
  listen to all addresses (rather than just loopback). The packet
  sniffer now accepts NMEA packets with the ECDIS packet leader 'EC'.
  SBAS satellites are now properly use-flagged in SiRF and UBX
  skyviews.  The -G option now works under IPv6. Cross-build is now
  officially supported and instructions included.  gpsprof works again
  and does whole-cycle profiling. gpsd.php has Open Street Map
  support.  The pp-on-cts option is replaced by a pps_pin option that
  lets you specify the pin; the default is still DCD. New supported
  device; the Jackson Labs Fury. The chrpath utility has become a
  build prerequisite.

3.1: 2011-07-28 (Eric S. Raymond <esr@snark.thyrsus.com>)
  The Irene release, rocking you like a hurricane and brought to you
  from the storm shelter in my basement. This is a snap release mainly
  to get some scons recipe cleanups out the door.  Parallelized builds
  now work. Small but fatal problems with reconfigure=no, netfeed=no
  and sock_export=no builds have been fixed.  Build recipe ported for
  Fedora, Darwin, FreeBSD and OpenBSD.  libgps now brings -lm with it
  on systems with implicit linking. One old bug fixed (code was
  previously present but broken): Under Linux, gpsd will refrain from
  opening serial or USB devices that another process has open,
  avoiding potential problems with class 0xFF USB devices opened by
  other programs.  One new bug fix: we now use an atof()
  implementation that ignores locale, avoiding problems where decimal
  point is a comma. One new feature: Change -N semantics so it only
  suppresses backgrounding; privileges are now dropped as in normal
  background operation.

3.0: 2011-07-19 (Eric S. Raymond <esr@snark.thyrsus.com>)
  POLL subobject name changes: fixes -> tpv, skyview -> sky.
  Fix a timestamp-clobbering bug in the C library revealed by an
  obscure car-nav device, the MyGuide 3100. The DEVICE 'activated'
  attribute becomes an ISO8601 string; the client libraries will
  still backward-compatibly read a float value. gps_unpack() is
  now a documented part of the library API. There is now a
  shared-memory export from the daemon that can be accessed through
  the C and C++ client libraries.  xgps and cgps may now display
  the Maidenhead grid locator for current lat/lon.  xgps displays
  GST noise statistics if they are available. Codebase now has
  an scons build recipe. Direct support for activation of gpsd from
  Mac OS/X systemd. gpsdecode can now filter reports by RTCM2, RTCM3,
  or AIS message type. NMEA HEHDT is implemented. Remote gpsd instances
  can now be used as data sources via a gpsd:// URL.  There is a client
  for live-feeding GPSD data to Google Earth. The hotplug sequence no
  longer requires Python.

(gdt)