regress/tools: demonstrate wrong shell quoting in the tools wrapper

(rillig)

mk/tools: fix unintended filename expansion in the tool wrapper log file

(rillig)

regress/tools: demonstrate wrong quoting in tools wrapper logging

(rillig)

Updated devel/py-nose2, net/py-prometheus_client, www/py-notebook, ham/uhd

(adam)

uhd: updated to 3.13.1.0

003.013.001.000 Changelog

E320: Fix front panel GPIO readback
E320: Fix master_clock_rate setting
E320: Print extra ouptut for ref_clock BIST
E320: Fix gps_locked type
E320: Fix return value of get_fpga_type()
N3xx: Enable setting clock and time sources at runtime
N3xx: Add ref_clock BIST
N3xx: Improve set_time_source() and set_clock_source()
N3xx: Add exception for init failure
N3xx: Remove HA, XA images packages
N3xx: Change init() procedure to reduce configuration time
N310: Add frequency bounds
N310: Fix RX antenna mapping
N310: Add log messages when re-initializing dboards
N310: Add skip_rfic argument to reduce time of BIST
N310: Add initialization of TX bandwidth
E310: Fix initialization of antenna and frequency values
E310: Type-cast fix for Boost
X300: Improve firmware compat error message
X300: Updated niusrprio driver
X300: Add recovery for duplicate IP addresses in EEPROM
X300: Prevent duplicate MAC and IP addresses from being programmed
X300: New mode to configure master clock rate
X300: Implement RFNoC get antenna functions
B2xx: Fix values of MASK_GPIO_SHDN_SW and GPIO_AUX_PWR_ON in firmware
B2xx: Revert changes to DSP core to fix scaling factor adjustment
B2xx: Restore asynchronous reset of AD936x
(fixes LIBUSB_TRANSFER_OVERFLOW and unexpected sid errors)
TwinRX: enable ch1 lo amps if ch2 is using an external lo source
TwinRX: Correctly initialize antenna mapping on X300
TwinRX: Revise ADF5356 frac2 register calculation to prevent drifting spurs
TwinRX: Fix initialization
TwinRX: Tuning improvements
TwinRX: Enable phase resync on ADF535x
TwinRX: Make routing to LO1 and LO2 mutually exclusive
BasicRX/LFRX: Fix real mode in rx_frontend_core_3000
UHD: Define UHD_API as empty string when building static lib
UHD: Changed to 'all_matching' endpoint resolution for udp_simple transport
UHD: Add support for NEON SIMD
UHD: Fix usb_dummy_impl compilation in MSVC
UHD: Reconcile time_spec operators with boost concepts
UHD: Fix rounding in ddc/duc rate calculation
UHD: Increase MPMD RPC timeout when calling set_time_source()
UHD: Fix RX streamer SOB and EOB handling
UHD: Add UHD_SAFE_CALL to block_ctrl_base destructor
UHD: Change SOVERSION to ABI string and VERSION to full UHD version
UHD: Update cmake style to use lower case commands
UHD: Add SOURCE_DATE_EPOCH
UHD: Improve logic for UHD_IMAGES_DIR
UHD: Add RUNTIME_PYTHON_EXECUTABLE
UHD: Fix return value of get_rolloff() for filters
UHD: Properly register devtest
UHD: Fix log statement for Port number on RFNoC block
UHD: Use "MATCHES" instead of "STREQUAL" for "Clang"
UHD: Fix GPGGA string formatting for gpsd
Device3: Set default block control response SIDs
Device3: Fix block control flushing
RFNoC: Improved flushing mechanism in noc_shell and dma_fifo
RFNoC: Install missing dma_fifo_block_ctrl header
RFNoC: Replace some [] with .at() in radio_ctrl_impl
RFNoC: Fix graph traversal
MPM: Add Git hash, version to device info
MPM: Reset the RPC server upon reload
MPM: TDC: Update PDAC BIST and flatness test to use latest APIs
MPM: Fix handling of 0-valued dt-compat
MPM: Fix GPSD sensor names for N3xx and E320
MPM: Add args to update_ref_clock_freq to properly support dynamic setting
of clock and time references
MPM: Fix Pylint warnings
MPM: Identify sysfs gpios more generically
MPM: Add lock_guard() function
MPM: Factor E320 and N3xx BIST code into common module
MPM: Add gpsd error handling
MPM: Add FPGA git hash to device info
MPMD: Increase RPC timeout during readng mb sensor
MPMD: Improve error message for compat number mismatches
Python API: Enable Python API on Windows
Python API: Change .dll to .pyd for Win32
Python API: Fixing Boost.Python initializer visibility
Python API: Fix duration of benchmark rate
Python API: Add missing constructors of time_spec_t
Python API: Expose streamer timeouts
Python API: Tighten the scope of releasing the GIL
Python API: Add device_addr_t
Python API: Populate the tune_result_t binding
Utils: Many fixes and enhancements for uhd_images_downloader
Utils: Update query_gpsdo_sensors to work on E310
Examples: Removed some legacy code patterns from RFNoC examples
Examples: Fix channel argument for rx_samples_to_file
Examples: Fix benchmark_rate MIMO synchronization
Examples: Add phase alignment example
Examples: Fix RX antenna not being applied in txrx_loopback_to_file
Test: Add more env vars, make Py3k compatible
Test: Add multi_usrp_test.py to devtest
Test: Clean up, refactor, and improve devtest
Test: Enable rx_samples_to_file in E320 devtest and N3xx devtest
Test: Reduce sample rate for E320 1G devtest
Test: Add unit test for eeprom_utils
Docs: Add clock_source and time_source to n3xx argument list and fix WR clock_source call
Docs: Minor tweaks to the Python API manual page
Docs: Add E320 test procedures
Docs: Added TwinRX page
Docs: Fix N210 MIMO Phase Alignment test command
Docs: Add E320 information
Docs: Improve sections on clock/time references
Docs: Add section on X300 motherboard clocking
Docs: Add more information on Salt for N3xx and E320
Docs: Adjust E310 functional verification tests
Docs: Add documentation on GIL release
Debian: Update control files
Images: Add N3xx CPLD file to manifest

(adam)

py-notebook: updated to 5.7.6

5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.

The attacking page is able to access some contents of files when using Internet Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.

5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods

(adam)

py-prometheus_client: updated to 0.6.0

0.6.0:
[ENHANCEMENT] Better exceptions on exposition failure
[BUGFIX] Fix deadlock in gcCollector, metrics are now different
[BUGFIX] Fix thread leak in Python 3.7
[BUGFIX] Make the format strings compatible with Python 2.6
[BUGFIX] parser: ensure samples are of type Sample

(adam)

py-nose2: updated to 0.9.0

0.9.0

Added
* nose2.plugins.prettyassert, enabled with --pretty-assert, which
  pretty-prints AssertionErrors generated by assert statements

Changed
* Update trove classifier to "beta" from "alpha" status
* Cleanup code for EOLed python versions

Removed
* Dropped support for distutils. Installation now requires setuptools

Fixed
* Result reporter respects failure status set by other plugins
* JUnit XML plugin now includes the skip reason in its output

(adam)

Fix previous; initialize os_overcommits for NetBSD >= 8.0.

(rin)

mk/tools: sort tools by name when calling "make show-all-tools"

(rillig)

Updated security/keepassxc to 2.4.0

(ryoon)

Update to 2.4.0

* Disable PaX MPROTECT to enable autotype

Changelog:
    New Database Wizard [#1952]
    Advanced Search [#1797]
    Automatic update checker [#2648]
    KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739]
    Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439]
    Remove KeePassHttp support [#1752]
    CLI: output info to stderr for easier scripting [#2558]
    CLI: Add --quiet option [#2507]
    CLI: Add create command [#2540]
    CLI: Add recursive listing of entries [#2345]
    CLI: Fix stdin/stdout encoding on Windows [#2425]
    SSH Agent: Support OpenSSH for Windows [#1994]
    macOS: TouchID Quick Unlock [#1851]
    macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583]
    Linux: Prevent Klipper from storing secrets in clipboard [#1969]
    Linux: Use polling based file watching for NFS [#2171]
    Linux: Enable use of browser plugin in Snap build [#2802]
    TOTP QR Code Generator [#1167]
    High-DPI Scaling for 4k screens [#2404]
    Make keyboard shortcuts more consistent [#2431]
    Warn user if deleting referenced entries [#1744]
    Allow toolbar to be hidden and repositioned [#1819, #2357]
    Increase max allowed database timeout to 12 hours [#2173]
    Password generator uses existing password length by default [#2318]
    Improve alert message box button labels [#2376]
    Show message when a database merge makes no changes [#2551]
    Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790]
    Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]

(ryoon)

Fix "token is not a valid binary operator in a preprocessor
subexpression" on OS X by nesting the "!__NetBSD_Prereq__(8,0,0)"
check in another #if.

(schmonz)

Updated devel/nss to 3.43

(ryoon)

Update to 3.43

Changelog:
New Functionality:
* in sechash.h
    HASH_GetHashOidTagByHashType - convert type HASH_HashType to type
SECOidTag

* in sslexp.h
    SSL_SendCertificateRequest - allow server to request post-handshake client
    authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
    present, post-handshake authentication is currently not TLS 1.3 compliant
    due to Bug 1532312

Notable changes:
* The following CA certificates were Added:
  - CN = emSign Root CA - G1
    SHA-256 Fingerprint:
40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367

  - CN = emSign ECC Root CA - G3
    SHA-256 Fingerprint:
86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B

  - CN = emSign Root CA - C1
    SHA-256 Fingerprint:
125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F

  - CN = emSign ECC Root CA - C3
    SHA-256 Fingerprint:
BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3

  - CN = Hongkong Post Root CA 3
    SHA-256 Fingerprint:
5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6

Bugs fixed in NSS 3.43
* Bug 1528669 and Bug 1529308 - Improve Gyp build system handling

* Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird

* Bug 1530134 - If Docker isn't installed, try running a local clang-format
as a fallback

* Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
is set

* Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes

* Bug 1513909 - Add manual for nss-policy-check

* Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue

* Bug 1517714 - Properly handle ESNI with HRR

* Bug 1529813 - Expose HKDF-Expand-Label with mechanism

* Bug 1535122 - Align TLS 1.3 HKDF trace levels

* Bug 1530102 - Use getentropy on compatible versions of FreeBSD

(ryoon)

geography/gdal-lib: Replace std::fabs workaround with fix from upstream

(gdt)

doc: Updated geography/py-gdal to 2.4.1

(gdt)

doc: Updated geography/gdal-lib to 2.4.1

(gdt)

geography/gdal-lib: Update to 2.4.1

pkgsrc changes: add patch to fix or work around std::fabs

upstream changes: bug fixes

(gdt)

use http master site for newlib

(tnn)

aarch64-none-elf-gcc: remove unused variable & include

(tnn)

Updated devel/py-ipython, www/py-nbconvert

(adam)

py-nbconvert: updated to 5.4.1

5.4.1:
New Features
- Expose pygments styles
- Tornado 6.0 support -- Convert proxy handler from callback to coroutine
- Add option to overwrite the highlight_code filter

Fixing Problems
- Mathjax.tpl fix for rendering Latex in html
- Backwards compatbility for empty kernel names

Testing, Docs, and Builds
- DOC: Add missing language specification to code-block

(adam)

py-ipython: updated to 7.4.0

IPython 7.4.0
Unicode name completions
Make audio normalization optional
Fix improper acceptation of return outside of functions.
Fixed PyQt 5.11 backwards incompatibility causing sip import failure.
Fix Bug where type? woudl crash IPython.
Allow to apply @needs_local_scope to cell magics for convenience.

(adam)

Updated graphics/leptonica, net/grpc

(adam)

grpc: updated to 1.19.1

Release v1.19.1
Core
Backport 18201 to fix "symbol not found: _ares_library_init" error in C++ Bazel build on MacOS.

Python
Backport "Add the missing grpc_cfstream dependency" to v1.19.x.

Release v1.19.0
Core
Fix c-ares on Windows "DNS resolution failure" triggered by logging.
Disable c-ares on Android.
Ignore reserved bit in WINDOW_UPDATE frame.
Set c-ares as the default resolver.
Add period at end of metadata.google.internal to prevent unnecessary DNS lookups.
Decrease verbosity of ALTS platform check to avoid a spam log message.
Fix windows localhost address sorting bug.
Re-enable c-ares as the default resolver; but don't turn on SRV queries.
Remove filters from subchannel args.

C++
Register for cq avalanching when interceptors are going to be run.
Add a caching interceptor to the keyvaluestore example.
Enable per-channel subchannel pool.
Fix build with bazel 0.21.
Switch the default DNS resolver from native to c-ares.
Modifying semantics for GetSendMessage and GetSerializedSendMessage. Also adding ModifySendMessage.
Add interceptor methods to fail recv msg for hijacked rpcs and set recv message to nullptr on failure.
Add interceptor method to fail hijacked send messages and get status on POST_SEND_MESSAGE.
New Experimental Interception API - GetSendMessage and GetSerializedSendMessage.

C#
Upgrade System.Interactive.Async to 3.2.0.
Refactor ServerServiceDefinition and move it to Grpc.Core.Api nuget.
Allow passing null implementation to generated BindService overload using ServiceBinderBase.
Move public types needed for server implementation to Grpc.Core.Api.

Objective-C
Disable c-ares on iOS.
Added support for tvOS.
Fixing a few thread safety issues in gRPC Objective-C library.
Rolling out new API for gRPC Objective-C library.

Python
grpc_prefork(): check grpc_is_initialized before creating execctx.
[gRPC] Enable Python 3 for Bazel to Run Tests.
Escalate the failure of protoc execution.
Remove dependency of grpc.framework.foundation.callable_util.

Ruby
Disable service config resolution with c-ares by default, for now.
Ruby: refactor init/shutdown logic to avoid using atexit; fix windows.
Ruby tooling: respect user toolchain overrides.

(adam)

leptonica: updated to 1.78.0

1.78.0:
* Various improvements in handling boxa sequences and transforms.
* New regression tests: boxa4_reg, string_reg
* New function for copying a pix, filtered by a boxa.
* Modify histogram method for image comparison.
* More careful attention to invalid boxes in box geometry functions.
* Better string and array functions for search and replace.
* Convenience functions for generating simple masks.
* Allow pdf writing of jp2k images, in full generality.
* Allow writing compressed ps images for printing.
* Modified enum comments to include a suggested enum name.
* New program: imagetops

(adam)

Updated devel/gflags, benchmarks/google-benchmark

(adam)

google-benchmark: updated to 1.4.1

v1.4.1
Bug-fix release on v1.4.
Realign expectation that State::iterations() returns 0 before the main benchmark loop begins.
CMake error message fixes
Enscripten check fix
OpenBSD porting
Windows bazel fixes
Bazel pthread linking
Negative regexes
gmock fix

v1.4.0
Removal of deprecated headers
Improved CPU cache info reporting
Support State::KeepRunningBatch()
Support int64_t for AddRange()
New platform support: NetBSD, s390x, Solaris
Bazel build support
Support googletest unit tests
Add assembler tests
Various warnings fixed

v1.3.0
Ranged for loop optimization!
Make installation optional
Better stats including user-provided ones
JSON reporter format fixes
Documentation improvements

(adam)

gflags: updated to 2.2.2

gflags 2.2.2
This maintenance release improves life of Bazel users (no more
"config.h" leaking into global include paths), fixes build with recent MinGW
versions, and silences a number of static code analyzer and compiler warnings.
The build targets exported by the CMake configuration of this library are now
also prefixed by the package name "gflags::" following a more recent
(unwritten) CMake convention. The unprefixed target names are still supported
to avoid that dependent projects have to be modified due to this change in
imported target names.

gflags 2.2.1
Maintenance release with mainly Windows build fixes.
* Link to online documentation in README
* Include utils by file instead of CMAKE_MODULE_PATH search
* Remove unused program_name variable
* Enable language C for older CMake versions when needed
* Changed include directory in bazel build
* Mark single argument constructors in mutex.h as explicit
* Use inttypes.h on VC++ 2013 and later
* Fix statically linked gflags library with MSVC
* Modify installation paths on Windows for vcpkg
* Fix static initialization order fiasco caused by global registry lock
* Fix use of ARGC in CMake macros
* Static code analyzer error regarding strncmp with empty kRootDir
* Check HAVE_STDINT_H or HAVE_INTTYPES_H for older MSVC versions

(adam)

Updated textproc/py-regex, devel/py-extratools

(adam)

py-extratools: updated to 0.8.2.1

0.8.2.1:
Unknown changes

(adam)

mk/tools: fix BISON_REQD handling for lists of multiple Bison versions

(rillig)

regress/infra-unittests: add small framework for testing mk/ with mocks

(rillig)

py-regex: updated to 2019.03.12

2019.03.12:
Unknown changes

(adam)

Updated devel/protobuf, devel/py-protobuf

(adam)

py-protobuf: updated to 3.7.0

version 3.7.0:
Python
* Added Python 3.7 compatibility.
* Modified ParseFromString to return bytes parsed .
* Introduce Proto C API.
* FindFileContainingSymbol in descriptor pool is now able to find field and enum values.
* reflection.MakeClass()  and  reflection.ParseMessage() are deprecated.
* Added DescriptorPool.FindMethodByName() method in pure python (c extension alreay has it)
* Flipped proto3 to preserve unknown fields by default.
* Added support for memoryview in python3 proto message parsing.
* Added MergeFrom for repeated scalar fields in c extension (pure python already has it)
* Surrogates are now rejected at setters in python3.
* Added public unknown field API.
* RecursionLimit is also set to max if allow_oversize_protos is enabled.
* Disallow duplicate scalars in proto3 text_format parse.
* Fix some segment faults for c extension map field.

(adam)

protobuf: updated to 3.7.0

version 3.7.0:
C++
* Introduced new MOMI (maybe-outside-memory-interval) parser.
* Add an option to json_util to parse enum as case-insensitive. In the future, enum parsing in json_util will become case-sensitive.
* Added conformance test for enum aliases
* Added support for --cpp_out=speed:...
* Added use of C++ override keyword where appropriate
* Many other cleanups and fixes.

(adam)

doc: Updated mail/qmail-run to 20190321

(schmonz)

Defer SSL_UID and SSL_GID to qmailfoo_enable_tls(). Listen on ":0",
the updated dual-stack pseudo-host for ucspi-tcp6 and ucspi-ssl.
Bump version.

(schmonz)

doc: Updated net/ucspi-ssl to 0.999.10.8

(schmonz)

Update to 0.10.8. From the changelog:

- Added dualstack handling for servers applying the
  pseudo IP address ':0' on call (common now for all servers).
- Tailored TLS error handling for EAGAIN end error codes.
- Rewrote IPv4 CIDR address evaluation for rules.

(schmonz)

doc: Updated net/ucspi-tcp6 to 1.10.3

(schmonz)

Update to 1.10.3. From the changelog:

- Added dual-stack capabilities for tcpserver applying the
  pseudo IP address ':0' on call (common now for all servers).
- Rewrote IPv4 CIDR address evaluation for rules.
- MacOS has already function wait -> waiter (in rblsmtpd).

(schmonz)

Temporarily disabling missing dependencies, will fix ASAP

(jaapb)

Updated devel/py-mako, databases/py-apsw

(adam)

py-apsw: updated to 3.27.2

3.27.2-r1
Added constants:
* SQLITE_CONFIG_MEMDB_MAXSIZE, SQLITE_FCNTL_SIZE_LIMIT
Added support for the geopoly extension
Removed hash optimisation that isn窶冲 useful any more

(adam)

py-mako: updated to 1.0.8

1.0.8
[bug] Fixed an element in the AST Python generator which changed for Python 3.8, causing expression generation to fail.
[feature] Added --output-encoding flag to the mako-render script. Pull request courtesy lacsaP.
[bug] Removed unnecessary ���usage��� prefix from mako-render script. Pull request courtesy Hugo.

(adam)

emulators/Makefile: sort

(wiz)

sysutils: Remove arm-trusted-firmware-sun50iw1p1

(leot)

security: Add monocypher

(leot)

devel/Makefile: add some missing subdirs

(wiz)

doc: Updated devel/menhir to 20181113

(jaapb)

Updated devel/menhir to version 20181113.

No major changes upstream; minor bugfixes and improvements only.

(jaapb)

doc: Updated devel/ocamlbuild to 0.14.0

(jaapb)

Updated devel/ocamlbuild to version 0.14.0.

No major upstream changes - some extra features have been added dealing
with ppx, and the package is now compatible with OCaml 4.08.

(jaapb)

doc: Updated www/drupal7 to 7.65

(prlw1)

Update drupal7 to 7.65

* Drupal core - Cross-Site Scripting- SA-CORE-2019-004

Under certain circumstances the File module/subsystem allows a
malicious user to upload a file that can trigger a cross-site
scripting (XSS) vulnerability.

(prlw1)

doc: Updated www/drupal8 to 8.6.13

(prlw1)

Update drupal8 to 8.6.13

* Drupal core - Cross-Site Scripting- SA-CORE-2019-004

Under certain circumstances the File module/subsystem allows a
malicious user to upload a file that can trigger a cross-site
scripting (XSS) vulnerability.

(prlw1)

doc: Updated net/unison to 2.48.15v4

(jaapb)

Updated net/unison2.48 to version 2.48.15v4.

No large upstream changes, it seems, just a maintenance release to keep
compatibility with newer OCaml versions.

(jaapb)

doc: Updated net/unison2.51 to 2.51.2nb9

(jaapb)

net/hf6to4: fix build

Fix build.

SUBST_STAGE was pre-configure, but the package has NO_CONFIGURE.  So,
never substituion was occur.  Changed it pre-install.

(taca)

Note additions of
  devel/p5-Data-Validate-IP version 0.27
  math/p5-Math-Int128 version 0.22
  net/p5-Net-Works version 0.22
  net/p5-MaxMind-DB-Common version 0.040001
  net/p5-MaxMind-DB-Reader version 1.000013
  net/p5-MaxMind-DB-Writer version 0.300003

(he)

Add p5-MaxMind-DB-Reader and p5-MaxMind-DB-Writer.

(he)

Add p5-MaxMind-DB-Writer version 0.300003 from pkgsrc-wip.

This distribution contains the code necessary to write MaxMind DB database
files.

(he)

Add p5-MaxMind-DB-Reader version 1.000013 from pkgsrc-wip.

This module provides a low-level interface to the MaxMind DB file format.

(he)

Updated devel/py-uvloop, www/py-websocket-client, devel/py-test-xdist, www/py-cfscrape

(adam)

Add p5-MaxMind-DB-Common.

(he)

py-cfscrape: updated to 1.9.7

1.9.7:
Update __init__.py

1.9.6:
Bump version

(adam)

Add p5-MaxMind-DB-Common version 0.040001 from pkgsrc-wip.

This distribution provides some shared code for use by both the MaxMind DB
reader and writer Perl modules.

(he)

py-test-xdist: updated to 1.27.0

pytest-xdist 1.27.0:

Features
- The new pytest_xdist_getremotemodule hook allows overriding the module run on remote nodes.
- Improve behavior of --numprocesses=auto to work well with --pdb option.

(adam)

Add p5-Net-Works.

(he)

doc: Updated audio/fasttracker2 to version 2.142

(fox)

Add p5-Net-Works version 0.22 from pkgsrc-wip.

This module provides an alternative API to NetAddr::IP that aims to address
the biggest problems with that module's API, as well as adding some additional
features.

(he)

Add p5-Data-IEEE754 and p5-Data-Validate-IP.

(he)

py-websocket-client: updated to 0.56.0

0.56.0:
Don't retry sockets with timeout set to

(adam)

Add p5-Math-Int128.

(he)

fasttracker2: update to b142

Changes since b141:

Beta #142 - 18.03.2019
- XM loader: fixed a bug where XMs with stereo samples would display a
  warning message box for every stereo sample loaded, instead of just one.

(fox)

Add p5-Math-Int128 version 0.22 from pkgsrc-wip.

This module adds support for 128 bit integers, signed and unsigned, to Perl.
(Requires platform support, so e.g. not on NetBSD i386/7.x)

(he)

py-uvloop: updated to 0.12.2

v0.12.2
Bug Fixes
* Fix circular references in SSL implementation to reduce
the need for GC.
* Fix a memory leak in call_later() and call_at().
  The leak occurred when a callback argument had a reference to
  the event loop.
* Fix compilation warnings.
* Round (instead of flooring) delay in call_later().
  This ensures that the callback is never called slightly before
  the specified time.

(adam)

Add p5-Data-Validate-IP version 0.27 from pkgsrc-wip.

This module provides a number IP address validation subs that both validate
and untaint their input. This includes both basic validation (is_ipv4() and
is_ipv6()) and special cases like checking whether an address belongs to a
specific network or whether an address is public or private (reserved).

(he)

Note update of sysutils/logrotate to 3.15.0nb1 and
addition of devel/p5-Data-IEEE754 version 0.02.

(he)

Add p5-Data-IEEE version 0.02 from pkgsrc-wip.

This module provides some simple convenience functions for packing and
unpacking big-endian IEEE 754 floats and doubles.

(he)

Added patches to net/unison2.51 for compilation with ocaml 4.08

(jaapb)

doc: Updated fonts/mkfontscale to 1.2.1

(wiz)

mkfontscale: update to 1.2.1.

This release fixes a regression introduced in the 1.2.0 release that could
leave the mkfontdir script containing an unexpanded reference to ${exec_prefix}
as shown in https://gitlab.freedesktop.org/xorg/app/mkfontscale/issues/5 .

Alan Coopersmith (2):
      Revert "Use autoconf instead of sed to substitute @bindir@ in mkfontdir.in"
      mkfontscale 1.2.1

(wiz)

doc: Updated ruby-gnome2 packages to 3.3.6

(tsutsui)

ruby-gnome2: update to 3.3.6.

Upstream changes:

== Ruby-GNOME2 3.3.6: 2019-03-21

This is a follow-up release of 3.3.5.

=== Changes

==== Ruby/GIO2

  * Improvements

    * (({Gio::File#read})): Added support for block.

    * (({Gio::File.open})): Added support for (({Pathname})).

    * (({Gio::InputStream.open})): Added support for block.

==== Ruby/CairoGObject

  * Fixes

    * Fixed a bug that old cairo may be used.

==== Ruby/GObjectIntrospection

  * Fixes

    * Fixed a bug that 64bit integer conversion may be failed for
      large integer.

    * Fixed typos.

(tsutsui)

x11-links: remove another Xprint straggler

Found by oster@

(wiz)

Updated lang/python35, lang/python34

(adam)

python34: updated to 3.4.10

Python 3.4.10 final

Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-35121: Don窶冲 send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy.

Library
bpo-35121: Don窶冲 set cookie for a request when the request path is a prefix match of the cookie窶冱 path attribute but doesn窶冲 end with 窶�/窶�.

Python 3.4.10 release candidate 1

Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat窶冱 default CSPRNG.

Library
bpo-33329: Fix multiprocessing regression on newer glibcs

(adam)

python35: updated to 3.5.7

Python 3.5.7 final

Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-35121: Don窶冲 send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy.

Library
bpo-35121: Don窶冲 set cookie for a request when the request path is a prefix match of the cookie窶冱 path attribute but doesn窶冲 end with 窶�/窶�.

Python 3.5.7 release candidate 1

Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat窶冱 default CSPRNG.

Library
bpo-33329: Fix multiprocessing regression on newer glibcs
bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.

(adam)

Fix testing

(adam)

Added databases/ldb; Updated net/samba4

(adam)

samba4: updated to 4.10.0

Release Notes for Samba 4.10.0

This is the first stable release of the Samba 4.10 release series.
Please read the release notes carefully before upgrading.

NEW FEATURES/CHANGES
====================

GPO Improvements
----------------

A new 'samba-tool gpo backup' command has been added that can export a
set of Group Policy Objects from a domain in a generalised XML format.

A corresponding 'samba-tool gpo restore' command has been added to
rebuild the Group Policy Objects from the XML after generalization.
(The administrator needs to correct the values of XML entities between
the backup and restore to account for the change in domain).

KDC prefork
-----------

The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.

Prefork 'prefork children'
--------------------------

The default value for this smdb.conf parameter has been increased from 1 to
4.

Netlogon prefork
----------------

DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
pre-forked when the prefork process model is selected for samba.

Offline domain backups
----------------------

The 'samba-tool domain backup' command has been extended with a new 'offline'
option. This safely creates a backup of the local DC's database directly from
disk. The main benefits of an offline backup are it's quicker, it stores more
database details (for forensic purposes), and the samba process does not have
to be running when the backup is made. Refer to the samba-tool help for more
details on using this command.

Group membership statistics
---------------------------

A new 'samba-tool group stats' command has been added. This provides summary
information about how the users are spread across groups in your domain.
The 'samba-tool group list --verbose' command has also been updated to include
the number of users in each group.

Paged results LDAP control
--------------------------

The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696)
has been changed to more closely match Windows servers, to improve memory
usage. Paged results may be used internally (or is requested by the user) by
LDAP libraries or tools that deal with large result sizes, for example, when
listing all the objects in the database.

Previously, results were returned as a snapshot of the database but now,
some changes made to the set of results while paging may be reflected in the
responses. If strict inter-record consistency is required in answers (which is
not possible on Windows with large result sets), consider avoiding the paged
results control or alternatively, it might be possible to enforce restrictions
using the LDAP filter expression.

For further details see https://wiki.samba.org/index.php/Paged_Results

Prefork process restart
-----------------------

The pre-fork process model now restarts failed processes. The delay between
restart attempts is controlled by the "prefork backoff increment" (default = 10)
and "prefork maximum backoff" (default = 120) smbd.conf parameters.  A linear
back off strategy is used with "prefork backoff increment" added to the
delay between restart attempts up until it reaches "prefork maximum backoff".

Using the default sequence the restart delays (in seconds) are:
  0, 10, 20, ..., 120, 120, ...

Standard process model
----------------------

When using the standard process model samba forks a new process to handle ldap
and netlogon connections.  Samba now honours the 'max smbd processes' smb.conf
parameter.  The default value of 0, indicates there is no limit.  The limit
is applied individually to netlogon and ldap.  When the process limit is
exceeded Samba drops new connections immediately.

python3 support
---------------

This is the first release of Samba which has full support for Python 3.
Samba 4.10 still has support for Python 2, however, Python 3 will be used by
default, i.e. 'configure' & 'make' will execute using python3.

To build Samba with python2 you *must* set the 'PYTHON' environment variable
for both the 'configure' and 'make' steps, i.e.
  'PYTHON=python2 ./configure'
  'PYTHON=python2 make'
This will override the python3 default.

Alternatively, it is possible to produce Samba Python bindings for both
Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2'
as part of the 'configure' command. Note that python3 will still be used as
the default in this case.

Note that Samba 4.10 supports Python 3.4 onwards.

Future Python support
---------------------

Samba 4.10 will be the last release that comes with full support for
Python 2. Unfortunately, the Samba Team doesn't have the resources to support
both Python 2 and Python 3 long-term.

Samba 4.11 will not have any runtime support for Python 2. This means if
you use Python 2 bindings it is time to migrate to Python 3 now.

If you are building Samba using the '--disable-python' option (i.e. you're
excluding all the run-time Python support), then this will continue to work
on a system that supports either python2 or python3.

Also note that Samba 4.11 will most likely only support Python 3.6 onwards.

JSON logging
------------

Authentication messages now contain the Windows Event Id "eventId" and logon
type "logonType". The supported event codes and logon types are:
  Event codes:
    4624  Successful logon
    4625  Unsuccessful logon

  Logon Types:
    2  Interactive
    3  Network
    8  NetworkCleartext

The version number for Authentication messages is now 1.1, changed from 1.0

Password change messages now contain the Windows Event Id "eventId", the
supported event Id's are:
  4723 Password changed
  4724 Password reset

The version number for PasswordChange messages is now 1.1, changed from 1.0

Group membership change messages now contain the Windows Event Id "eventId",
the supported event Id's are:
  4728 A member was added to a security enabled global group
  4729 A member was removed from a security enabled global group
  4732 A member was added to a security enabled local group
  4733 A member was removed from a security enabled local group
  4746 A member was added to a security disabled local group
  4747 A member was removed from a security disabled local group
  4751 A member was added to a security disabled global group
  4752 A member was removed from a security disabled global group
  4756 A member was added to a security enabled universal group
  4757 A member was removed from a security enabled universal group
  4761 A member was added to a security disabled universal group
  4762 A member was removed from a security disabled universal group

The version number for GroupChange messages is now 1.1, changed from 1.0. Also
A GroupChange message is generated when a new user is created to log that the
user has been added to their primary group.

The leading "JSON <message type>:" and source file  prefix of the JSON formatted
log entries has been removed to make the parsing of the JSON log messages
easier. JSON log entries now start with 2 spaces followed by an opening brace
i.e. "  {"

SMBv2 samba-tool support
------------------------

On previous releases, some samba-tool commands would not work against a remote
DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
The affected commands are 'samba-tool domain backup|rename' and the
'samba-tool gpo' set of commands.

New glusterfs_fuse VFS module
-----------------------------

The new vfs_glusterfs_fuse module improves performance when Samba
accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
as part of the Linux kernel). It achieves that by leveraging a
mechanism to retrieve the appropriate case of filenames by querying a
specific extended attribute in the filesystem. No extra configuration
is required to use this module, only glusterfs_fuse needs to be set in
the "vfs objects" parameter. Further details can be found in the
vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
not replace the existing vfs_glusterfs module, it just provides an
additional, alternative mechanism to access a Gluster volume.

REMOVED FEATURES
================

MIT Kerberos build of the AD DC
-------------------------------

While not removed, the MIT Kerberos build of the Samba AD DC is still
considered experimental.  Because Samba will not issue security
patches for this configuration, such builds now require the explicit
configure option: --with-experimental-mit-ad-dc

For further details see
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

samba_backup
------------

The samba_backup script has been removed. This has now been replaced by the
'samba-tool domain backup offline' command.

SMB client Python bindings
--------------------------

The SMB client python bindings are now deprecated and will be removed in future
Samba releases. This will only affects users that may have used the Samba
Python bindings to write their own utilities, i.e. users with a custom Python
script that includes the line 'from samba import smb'.

(adam)