py-djangocms-video: updated to 2.1.1

2.1.1:
Fixed test matrix
Exclude tests folder from release build

(adam)

py-djangocms-text-ckeditor: updated to 3.7.0

3.7.0:
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django < 1.11
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 3.6

(adam)

py-djangocms-picture: updated to 2.1.3

2.1.3:
Added missing migration for Picture model

2.1.2:
Fixed an issue creating a validation error on the alt attribute
Fixed an issue in the template adding a } after the srcset
Adapted test matrix for django CMS 3.4, 3.5, 3.6 as well as Django 1.11, 2.0 and 2.1
Exclude tests folder from release build

(adam)

py-djangocms-file: updated to 2.2.0

2.2.0:
Fixed test matrix
Exclude tests folder from release build
Added missing migrations for Django 2.1
Added abstract models for File and Folder
Improved readability of Folder.get_files

(adam)

wxGTK30: allow building on Darwin

(adam)

py-djangocms-attributes-field: updated to 1.0.0

1.0.0:
Fixed compatibility with Django 2.x
Added proper test framework
Cleaned up file structure

(adam)

Updated textproc/py-pybtex, textproc/py-sphinxcontrib-bibtex

(adam)

py-sphinxcontrib-bibtex: updated to 0.4.1

0.4.1:
* Disable tinkerer test due to upstream bug.
* Remove crossref test due to changed upstream behaviour in pybtex.
* Fix latex test to match new upstream code generation.
* Fix documentation of encoding option.
* Migrate to sphinx.util.logging in favour of old deprecated logging
  method.

(adam)

py-pybtex: ...and do not install tests

(adam)

py-pybtex-docutils: clean-up

(adam)

py-pybtex: updated to 0.22.0

Version 0.22.0
Fixed handling of duplicate fields in .bib biles.
BibTeX parser is now up to 10% faster on some files.
Fixed parsing of names with \~ characters.
Fixed formatting proceedings without an editor field in unsrt.py.
In case of too many braces in a BibTeX string, PybtexSyntaxError is now raised instead of RecursionError.
Dropped 2to3, made the code compatible with both Python 2 and 3 with Six.
Moved tests outside of the pybtex package.
Fixed searching in docs with recent versions of Sphinx.
API: renamed bibtex.BibTeXEntryIterator to bibtex.LowLevelParser for clarity.
API: removed confusing usage of Person.text in tempate.names.
API: Entry.fields does not automagically look for cross-referenced entries anymore.

(adam)

Updated textproc/py-jsbeautifier, devel/py-test-xdist

(adam)

py-test-xdist: updated to 1.25.0

pytest-xdist 1.25.

Deprecations and Removals
Pytest versions older than 3.6 are no longer supported.

Features
Node setup information is hidden when pytest is run in quiet mode to reduce noise on many-core machines.
mainargv is made available in workerinput from the host's sys.argv.
This can be used via request.config.workerinput["mainargv"].

Bug Fixes
Fix report of module-level skips (pytest.skip(reason, allow_module_level=True)).
Fix support for gevent monkeypatching
pytest 4.1 support: ExceptionInfo API changes.
pytest 4.1 support: pytest_logwarning hook removed.

(adam)

py-jsbeautifier: updated to 1.8.9

v1.8.9:
Won't run from CLI - bad option name files
in the .vue file space_after_anon_function is invalid
Add function default_options() to beautifier.js
Support globs in CLI

(adam)

revbump for boost 1.69.0

(adam)

Updated databases/redis, databases/py-redis

(adam)

py-redis: updated to 3.0.1

* 3.0.1
    * Fixed regression with UnixDomainSocketConnection caused by 3.0.0.
    * Fixed an issue with the new asynchronous flag on flushdb and flushall.
    * Updated Lock.locked() method to indicate whether *any* process has
      acquired the lock, not just the current one. This is in line with
      the behavior of threading.Lock.
* 3.0.0
  BACKWARDS INCOMPATIBLE CHANGES
    * When using a Lock as a context manager and the lock fails to be acquired
      a LockError is now raised. This prevents the code block inside the
      context manager from being executed if the lock could not be acquired.
    * Renamed LuaLock to Lock.
    * Removed the pipeline based Lock implementation in favor of the LuaLock
      implementation.
    * Only bytes, strings and numbers (ints, longs and floats) are acceptable
      for keys and values. Previously redis-py attempted to cast other types
      to str() and store the result. This caused must confusion and frustration
      when passing boolean values (cast to 'True' and 'False') or None values
      (cast to 'None'). It is now the user's responsibility to cast all
      key names and values to bytes, strings or numbers before passing the
      value to redis-py.
    * The StrictRedis class has been renamed to Redis. StrictRedis will
      continue to exist as an alias of Redis for the forseeable future.
    * The legacy Redis client class has been removed. It caused much confusion
      to users.
    * ZINCRBY arguments 'value' and 'amount' have swapped order to match the
      the Redis server. The new argument order is: keyname, amount, value.
    * MGET no longer raises an error if zero keys are passed in. Instead an
      empty list is returned.
    * MSET and MSETNX now require all keys/values to be specified in a single
      dictionary argument named mapping. This was changed to allow for future
      options to these commands in the future.
    * ZADD now requires all element names/scores be specified in a single
      dictionary argument named mapping. This was required to allow the NX,
      XX, CH and INCR options to be specified.
    * Removed support for EOL Python 2.6 and 3.3.
  OTHER CHANGES
    * Added missing DECRBY command.
    * CLUSTER INFO and CLUSTER NODES respones are now properly decoded to
      strings.
    * Added a 'locked()' method to Lock objects. This method returns True
      if the lock has been acquired and owned by the current process,
      otherwise False.
    * EXISTS now supports multiple keys. It's return value is now the number
      of keys in the list that exist.
    * Ensure all commands can accept key names as bytes. This fixes issues
      with BLPOP, BRPOP and SORT.
    * All errors resulting from bad user input are raised as DataError
      exceptions. DataError is a subclass of RedisError so this should be
      transparent to anyone previously catching these.
    * Added support for NX, XX, CH and INCR options to ZADD
    * Added support for the MIGRATE command
    * Added support for the MEMORY USAGE and MEMORY PURGE commands.
    * Added support for the 'asynchronous' argument to FLUSHDB and FLUSHALL
      commands.
    * Added support for the BITFIELD command.
    * Improved performance on pipeline requests with large chunks of data.
    * Fixed test suite to not fail if another client is connected to the
      server the tests are running against.
    * Added support for SWAPDB.
    * Added support for all STREAM commands.
    * SHUTDOWN now accepts the 'save' and 'nosave' arguments.
    * Added support for ZPOPMAX, ZPOPMIN, BZPOPMAX, BZPOPMIN.
    * Added support for the 'type' argument in CLIENT LIST.
    * Added support for CLIENT PAUSE.
    * Added support for CLIENT ID and CLIENT UNBLOCK.
    * GEODIST now returns a None value when referencing a place that does
      not exist.
    * Added a ping() method to pubsub objects.
    * Fixed a bug with keys in the INFO dict that contained ':' symbols.
    * ssl_cert_reqs now has a default value of 'required' by default. This
      should make connecting to a remote Redis server over SSL more secure.
    * Fixed the select system call retry compatibility with Python 2.x.
    * max_connections is now a valid querystring argument for creating
      connection pools from URLs.
    * Added the UNLINK command.
    * Added socket_type option to Connection for configurability.
    * Lock.do_acquire now atomically sets acquires the lock and sets the
      expire value via set(nx=True, px=timeout).
    * Added 'count' argument to SPOP.
    * Fixed an issue parsing client_list respones that contained an '='.

(adam)

redis: ... and new patches

(adam)

redis: updated to 5.0.3

Redis 5.0.3
===========
Upgrade urgency HIGH: Redis 5 is consolidating, upgrading is a good idea.
                      However there is nothing very critical here, but certain
                      issues resolved could lead to very rare crashes.

Welcome to Redis 5.0.3, several interesting bug fixes here:

* Redis no longer panics when you send data to a replica-mode connection that
  is in MONITOR or SYNC mode.

* Fixes to certain sorted set edge cases. You are unlikely to ever notice those
  issues, but now it is more correct.

* Certain BSD variants now are better supported: build & register logging
  on crash.

* The networking core now recovers if an IPv6 address is listed in bind but
  is actually not able to work because there is no such protocol in the
  system.

* redis-cli cluster mode improved in many ways. Especially the fix subcommand
  work was enhanced to cover other edge cases that were still not covered
  after the work done for Redis 5.

* MEMORY USAGE is now more accurate.

* DEBUG DIGEST-VALUE added in case you want to make sure a given set of keys
  (and not the whole DB) are excatly the same between two instances.

* Fix a potential crash in the networking code related to recent changes
  to the way the reply is consumed.

* Reject EXEC containing write commands against an instance that changed role
  from master to replica during our transaction.

* Fix a crash in KEYS and other commands using pattern matching, in an edge
  case where the pattern contains a zero byte.

* Fix eviction during AOF loading due to maxmemory triggered by commands
  executed in loading state.

Redis 5.0.2
===========
Upgrade urgency: CRITICAL if you use streams and consumer groups.
                HIGH if you use redis-cli with Redis Cluster.
                LOW otherwise.

Welcome to Redis 5.0.2. This release fixes two issues with Streams consumer
groups, where items could be returned duplicated by XREADGROUP when accessing
the history, and another bug where XREADGROUP can report some history even
if the comsumer pending list is empty. Both problems were addressed and unit
tests to avoid regressions implemented. Moreover this release fixes some
issue with redis-cli when in cluster mode. Finally some FreeBSD and DragonFly
build problems are now resolved. The list of the commits is below.

Redis 5.0.1
===========
Upgrade urgency: URGENT if you use Redis Streams. MODERATE otherwise.

Hi all, this is the first patch level release of Redis 5. It contains
both fixes and improvements. Here there is a list of the major ones, however
read the commit messages at the end of the changelog if you want to know
more about the smaller things. Let's start with the new features:

* Sentinel now supports authentication! Check the Sentinel official doc
  for more info.

* Redis-cli cluster "fix" is now able to fix a big number of clusters put
  in a bad condition. Previously many corner cases were not covered.

Now the critical fixes:

1. Fix RESTORE mismatch reply when certain keys already expired.
2. Fix an XCLAIM non trivial issue: sometimes the command returned a wrong
  entry or desynchronized the protocol.

And now the other fixes:

3. Stack trace generation on the Raspberry PI (and 32bit ARM) fixed.
4. Don't evict expired keys when the KEYS command is called, in order to
  avoid a mass deletion event. However expired keys are not displayed
  by KEYS as usually.
5. Improvements in the computation of the memory used, when estimating
  the AOF buffers.
6. XRANGE COUNT of 0 fixed.
7. "key misses" stats accounting fixed. Many cache misses were not counted.
8. When in MULTI state, return OOM while accumulating commands and there
  is no longer memory available.
9. Fix build on FreeBSD and possibly others.
10. Fix a crash in Redis modules, thread safe context reply accumulation.
11. Fix a race condition when producing the RDB file for full SYNC.
12. Disable protected mode in Sentinel.
13. More commands now have the HELP subcommand.
14. Fixed an issue about adaptive server HZ timer.
15. Fix cluster-replica-no-failover option name.

Redis 5.0.0
===========
Upgrade urgency CRITICAL: Several fixes to streams AOF and replication.

1. The new Stream data type. https://redis.io/topics/streams-intro
2. New Redis modules APIs: Timers, Cluster and Dictionary APIs.
3. RDB now store LFU and LRU information.
4. The cluster manager was ported from Ruby (redis-trib.rb) to C code
  inside redis-cli. Check `redis-cli --cluster help` for more info.
5. New sorted set commands: ZPOPMIN/MAX and blocking variants.
6. Active defragmentation version 2.
7. Improvemenets in HyperLogLog implementations.
8. Better memory reporting capabilities.
9. Many commands with sub-commands now have an HELP subcommand.
10. Better performances when clients connect and disconnect often.
11. Many bug fixes and other random improvements.
12. Jemalloc was upgraded to version 5.1
13. CLIENT UNBLOCK and CLIENT ID.
14. The LOLWUT command was added. http://antirez.com/news/123
15. We no longer use the "slave" word if not for API backward compatibility.
16. Differnet optimizations in the networking layer.
17. Lua improvements:
    - Better propagation of Lua scripts to replicas / AOF.
    - Lua scripts can now timeout and get in -BUSY state in the replica as well.
18. Dynamic HZ to balance idle CPU usage with responsiveness.
19. The Redis core was refactored and improved in many ways.

(adam)

Updated meta-pkgs/boost

(adam)

boost: updated to 1.69.0

New Libraries

Safe Numerics:
A library for guaranteed correct integer arithmetic for C++14 and later, from Robert Ramey.

Updated Libraries

Any:
Fixed issue with visibility. Now boost::any variables constructed in one shared library with hidden visibility could be used and destroyed in other shared library with hidden visibility.
Maintenance: dropped some dependencies on other Boost libraries, fixes for docs.

Asio:
Fixed a problem with the detection of std::future availability with libstdc++.
Fixed compile error in regex overload of read_until.
Fixed a timer heap corruption issue that can occur when moving a cancelled timer.
Fixed detection of std::experimental::string_view and std::string_view with newer clang/libc++.
Fixed MSVC version detection for availability of std::invoke_result.
Fixed the buffer sequence traits to test the new requirements, if decltype is available.
Fixed an MSVC issue when building with exceptions disabled.
Added SSL context options for TLS v1.3.
Added a compile-time test for TLS v1 support.
Fixed the macro used to test for TLS v1.2 support.
Prevented global objects from being created once per thread on Windows.
Fixed a crash when using size(), max_size() or empty() on default-constructed resolver results.
Changed to move the return value in basic_resolver_results::begin() to avoid copying.
Enabled move support for the Intel Compiler.
Fixed std::string_view detection issue when using clang-cl.
Fixed the handler tracking operation name for io_context::executor_type::dispatch.
Fixed a buffer overflow that could occur when parsing an address string with a 64-bit scope id.
Added examples showing how to write composed operations.
Added C++11 versions of the Timeouts, Timers, SOCKS4 and SSL examples.
Fixed minor issues in documentation and examples.

Assign:
Add rvalue reference, perfect forwarding, and variadic template support
Avoid conversion to container's allocator

Beast:
This version fixes some issues in the examples, and provides a new experimental socket which supports built-in timeouts on asynchronous operations.
New CppCon 2018 websocket chat example and presentation video.
For a complete list of changes, please view the official Release Notes.

CircularBuffer:
Use the empty base optimization for storing allocators that are empty and not final (Glen Fernandes).

Concept Check:
Removed dependency on mpl.

Context:
duplicate alias should be missing GCC alias
the clang-win toolset (clang-cl.exe) uses masm from the underlying msvc
remove useless lines in Jamfile.v2
add .file section for *_elf_gas.S files

Core:
Implemented boost::empty_value, for library authors to conveniently leverage the Empty Base Optimization to store objects of potentially empty types (Glen Fernandes). This facility is now used in Boost.Beast, Boost.CircularBuffer, Boost.MultiArray, and more.
Implemented boost::quick_exit to provide the C++11 standard library facility std::quick_exit functionality (Peter Dimov).
Reduced the number of statics in Lightweight Test, and employ lighter abort behavior for MSVC compilers upon failure to call boost::report_errors (Glen Fernandes).

DLL:
Resolved link issues with the smart library
Maintenance: fixes for docs and tests.
Dynamic Bitset:
Performance improvements (over 2x in some cases).
Added range-based set, reset, flip methods

Fiber:
unbuffered_channel push not return
Remove UTF-8 BOM at begining of the file
Fix boost-install use; should only be issued once

Filesystem:
Don't use readdir_r on Linux and Android since the readdir function is already thread-safe.
Fixed crashes in boost::filesystem::copy due to undefined behavior in the implementation.
Fixed undefined behavior in boost::filesystem::directory_iterator implementation.
Fixed compilation errors when using directory iterators with BOOST_FOREACH.
Removed workarounds for older PGI C++ compiler versions to fix compilation on the newer ones.
Fixed MSVC warnings about narrowing conversions.
Flyweight:
Fixed some issues in GCC related to Boost.MPL placeholder expression handling.
Maintenance fixes.

Function:
Removed dependencies on mpl, test

Geometry:
Karney's solution of direct geodesic problem for internal use
Discrete Frechet and Hausdorff distance algorithms
New run-time and upgraded compile-time SRS transformation interfaces (undocumented for now due to potential interface changes).

Integer:
boost/pending/integer_log2.hpp header is deprecated and will be removed in future releases. Use boost/integer/integer_log2.hpp instead.

Iostreams:
Remove call to nonexistent member seekpos() of std::fpos

Iterator:
Fixed compilation problems with ambiguous unqualified calls to advance and distance on iterators whose types involve types in the namespace boost.

LexicalCast:
Fixed sign-conversion warnings
Maintenance: dropped some dependencies on other Boost libraries, fixed build system warnings.

Log:
General changes:
Updated syslog sink backend to avoid using deprecated Boost.ASIO interfaces.
Bug fixes:
Fixed a possible incorrect estimation of the total size of rotated files in the target directory of a text file sink in some cases.
See changelog for more details.

Logic:
Breaking change: Use explicit operator bool when available

Math:
Add LambertW functions.
Update integration routines to support complex valued integrands and contour integrals.
Added the derivative of the Barycentric rational approximation.
Minor fixes to better support variable precision floating point types.
Removed use of deprecated Boost.Endian in favour of Predef.
Updated continued fraction and series evaluation code to support complex types.
Prevent logic error leading to infinite loop in toms748_solve.
Fix mean and standard_deviation for extreme_value_distribution.
Improve heuristics used in newton_raphson_iterate.
Fix result of erf(NaN).
Big push to reduce GCC warnings.
Refactor polynomial addition.
Fix for vxWorks having a real function in the global namespace.
Improve sinc approximations and add better tests.
Fix typo in Student's T hypothesis testing documentation,

Mp11:
Implemented the mp_starts_with facility (Glen Fernandes).

MultiArray:
Improve C++11 allocator model support including: Support for C++11 minimal allocators, support for stateful allocators, using the allocator for construction and destruction of the value type, and using the empty base optimization for storing empty or stateless allocators (Glen Fernandes).

Multi-index Containers:
Introduced an alternative terse key specification syntax for C++17 compliant environments.

Multiprecision:
Big update to better support variable precision types so that the precision of the result is always the largest of all the arguments.
Add support for allocators that are final in __cpp_int (Glen Fernandes).
Removed use of deprecated Boost.Endian in favour of Predef.
Add support for std::string_view.
Fixed minor bug in constant initialization.
Make assignment of non-finite value to cpp_int a runtime errors.
Added typedefs for cpp_bin_float_oct and cpp_complex_oct.

PolyCollection:
Added Bost.PolyCollection-specific versions of algorithms std::for_each_n and std::sample.

Pool:
Replace boost::mutex use to avoid a dependency on Boost.Thread

Preprocessor:
Supports the new C++ standard conforming preprocessor in VC++ 14.1, which is currently enabled by using the /experimental:preprocessor switch, in Visual Studio 2017 15.8 on up.
Rational:
Add constexpr support

Spirit.X3:
Drop own FP routines in favor of boost::math
Missing visibility mark on exception types
to_utf8: Fixed wchar_t handling on Windows

Spirit V2
Drop own FP routines in favor of boost::math
Missing visibility mark on exception types
Fixed transform_attribute ambiguity
to_utf8: Fixed wchar_t handling on Windows

Spirit.Classic:
Missing visibility mark on exception types

Stacktrace:
libbacktrace usage was significantly improved. BOOST_STACKTRACE_USE_BACKTRACE or boost_stacktrace_backtrace users are encouraged to update:
Memory consumprion dropped down.
Stack capturing became faster by an order of magnitude.
syminfo fallback enabled to provide information for visible symbols even without debug information
Exact location of the backtrace.h header now can be specified via BOOST_STACKTRACE_BACKTRACE_INCLUDE_FILE, to allow backtrace.h header usage on platforms and compilers where that header is unreachable otherwise (for example Ubuntu Xenial + Clang)
Optimized stack capturing if max_depth is set
Added to_string(const stacktrace& ) functions for fast conversion of stacktraces to std::string

System:
Boost.System is now header-only. A stub library is still built for compatibility, but linking to it is no longer necessary.
Even more functions have been marked constexpr.
The destructor of error_category is now protected and no longer virtual. This is a potentially breaking change, but its impact is expected to be limited.
error_category now has a constructor that accepts a 64 bit identifier, enabling distinct category objects to compare equal.
The constructors of error_category are now protected.
A non-allocating, nonthrowing overload of message has been added.
A virtual function failed has been added, allowing categories for which success is not synonymous with 0.
The deprecated boost::system::throws object has been removed.
boost::throws() is now deprecated and its use is discouraged.
The constructor of system_error taking a single error_code argument is now explicit.
system_error::code() now returns by value.

Test:
Boost.test v3.9 see the Changes log for more details.
New feature:
Official support of header-only variant of Boost.Test with multiple translation units.
Now possible to manually add a test case by specifying its name, with BOOST_TEST_CASE_NAME
Better support of boost::exception in the logs

TypeIndex:
Fix the regression and speed up parsing of the boost/type_traits.hpp header by 30%

Utility:
Added support for non-inheritable empty types to boost::compressed_pair by avoiding the empty base optimization for types which are declared as final (Glen Fernandes).

Variant:
Fixed issue with visibility. Now boost::bad_visit exception could cross the boundaries of shared library with hidden visibility and could be catched in other shared library with hidden visibility.

YAP:
Minor changes to support MSVC++ version 14.15 (Visual Studio 2017 version 15.8).
Doc fixes.

(adam)

Updated parallel/hwloc, devel/libatomic_ops

(adam)

libatomic_ops: updated to 7.6.8

Changes 7.6.8:
Eliminate 'casting signed to bigger unsigned int' CSA warning (test_stack)
Eliminate 'redundant blank line at start/end of block' CodeFactor warning
Fix 'Cannot implement CAS_full on this architecture' build error (nios2)
Fix a typo in arm_v6.h
Support aarch64-ilp32 (GCC) and UWP/arm64 (MS VC) targets
Undefine AO_ARM_HAVE_* private macros after their usage
Use standalone private macro to guard against AO_GCC_BARRIER redefinition
Workaround 'condition my_chunk_ptr is always false' cppcheck false positive

(adam)

hwloc: updated to 1.11.12

Version 1.11.12
* Fix a corner case of hwloc_topology_restrict() where children would
  become out-of-order.
* Fix the return length of export_xmlbuffer() functions to always
  include the ending \0.

Version 1.11.11
* Add support for Hygon Dhyana processors in the x86 backend,
  thanks to Pu Wen for the patch.
* Fix symbol renaming to also rename internal components,
  thanks to Evan Ramos for the patch.
* Fix build on HP-UX, thanks to Richard Lloyd for reporting the issues.
* Detect PCI link speed without being root on Linux >= 4.13.

(adam)

wmmoonclock: Put PKGNAME back to what it was before.

Fixes bulk builds.

(jperkin)

Copy harfbuzz patch to avoid playing _POSIX_C_SOURCE games on NetBSD - causes issues with some pkgsrc gcc versions

(abs)

compton: update HOMEPAGE

(tnn)

correct directory, oops

(bsiegert)

Updated databases/py-sqlalchemy, databases/py-sqlalchemy-utils

(adam)

py-sqlalchemy-utils: updated to 0.33.9

0.33.9:
- Fixed SQLite database_exists to check for correct file format

(adam)

py-sqlalchemy: updated to 1.2.15

1.2.15

orm

[orm] [bug] Fixed bug where the ORM annotations could be incorrect for the primaryjoin/secondaryjoin a relationship if one used the pattern ForeignKey(SomeClass.id) in the declarative mappings. This pattern would leak undesired annotations into the join conditions which can break aliasing operations done within Query that are not supposed to impact elements in that join condition. These annotations are now removed up front if present.

[orm] [bug] In continuing with a similar theme as that of very recent 4349, repaired issue with RelationshipProperty.Comparator.any() and RelationshipProperty.Comparator.has() where the ���secondary��� selectable needs to be explicitly part of the FROM clause in the EXISTS subquery to suit the case where this ���secondary��� is a Join object.

[orm] [bug] Fixed regression caused by 4349 where adding the ���secondary��� table to the FROM clause for a dynamic loader would affect the ability of the Query to make a subsequent join to another entity. The fix adds the primary entity as the first element of the FROM list since Query.join() wants to jump from that. Version 1.3 will have a more comprehensive solution to this problem as well.

[orm] [bug] Fixed bug where chaining of mapper options using RelationshipProperty.of_type() in conjunction with a chained option that refers to an attribute name by string only would fail to locate the attribute.

orm declarative

[bug] [declarative] [orm] A warning is emitted in the case that a column() object is applied to a declarative class, as it seems likely this intended to be a Column object.

misc

Added support for the write_timeout flag accepted by mysqlclient and pymysql to be passed in the URL string.

Fixed issue where reflection of a PostgreSQL domain that is expressed as an array would fail to be recognized.

(adam)

Updated www/py-yarl, net/py-xandikos

(adam)

py-xandikos: updated to 0.0.11

0.0.11:
Unknown changes

(adam)

py-yarl: updated to 1.3.0

1.3.0:
* Fix annotations for query parameter
* An incoming query sequence can have int variables (the same as for
  Mapping type)
* Add URL.explicit_port property
* Give a friendlier error when port cant be converted to int
* bool(URL()) now returns False

(adam)

Updated security/py-bcrypt, www/py-bottle

(adam)

py-bottle: updated to 0.12.15

0.12.15:
Bug fixes

(adam)

py-bcrypt: updated to 3.1.5

3.1.5
Added support for compilation on AIX.
Dropped Python 2.6 and 3.3 support.
Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

(adam)

nettle: use c99

Add c99 to USE_LANGUAGES as nettle 3.4.1 uses c99 for loop syntax, and
won't build on NetBSD 7.1 without it.

(gson)

qemu-system-ppcemb was removed by upstream (no longer in the PLIST) so
stop trying to disable PAX for the image!

OK leot@

(pgoyette)

doc: Updated databases/phpmyadmin to 4.8.4

(tm)

phpmyadmin: update to 4.8.4

4.8.4 (2018-12-11)
- issue #14452 Remove hash param in edit query URL
- issue #14295 Issue in Changing theme
- issue #13267 Ensure that database names with '.' are handled properly when DisableIS is true
- issue #14438 Invisible Icon "Show Full Queries"
- issue #14133 CSS issue in Designer
- issue #14447 Error while copying database (pma__column_info)
- issue #14571 "No database selected" - DROP a view
- issue #14636 Move operation causes SELECT * FROM `undefined`
- issue #14630 Enum '0' produces incorrect search SQL
- issue #14223 Fix TypeError in database designer
- issue #13621 QBE selenium tests broken since merge of #13342
- issue #14672 When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged even if $cfg['AuthLogSuccess'] was true.
- issue #14339 Fix infinite loop when sorting table rows by key.
- issue #14658 Regression on multi table query functionality (foreign keys)
- issue #14617 Fix designer errors when database is empty
- issue #13032 Fix designer errors when database contains special chars
- issue #14352 Fix designer javascript errors
- issue #14764 Fix left/right icons hidden
- issue        [security] Local file inclusion flaw in the Transformation feature (PMASA-2018-6)
- issue        [security] Multiple CSRF/XSRF vulnerabilities (PMASA-2018-7)
- issue        [security] XSS vulnerability in the navigation tree (PMASA-2018-8)

(tm)

Updated devel/py-setuptools, devel/py-faker, devel/py-hypothesis, finance/py-braintree

(adam)

py-braintree: updated to 3.50.0

3.50.0
Add fraud_service_provider field to risk_data
Add authorization_expires_at to Transaction
Remove invalid transaction tests
Allow PayPal payment ID and payer ID to be passed during transaction create
Add travel_flight support to industry-specific data
Add processor_response_type to Transaction, AuthorizationAdjustment, and CreditCardVerification.

(adam)

py-hypothesis: updated to 3.83.1

3.83.1:
This patch increases the variety of examples generated by st.from_type(type).

3.83.0:
Our pytest plugin now warns you when strategy functions have been collected as tests, which may happen when e.g. using the :func:@composite <hypothesis.strategies.composite> decorator when you should be using @given(st.data()) for inline draws. Such functions always pass when treated as tests, because the lazy creation of strategies mean that the function body is never actually executed!

3.82.6:
Hypothesis can now :ref:show statistics <statistics> when running under :pypi:pytest-xdist. Previously, statistics were only reported when all tests were run in a single process (:issue:700).

3.82.5:
This patch fixes :issue:1667, where passing bounds of Numpy dtype int64 to :func:~hypothesis.strategies.integers could cause errors on Python 3 due to internal rounding.

3.82.4:
Hypothesis now seeds and resets the global state of :class:np.random <numpy:numpy.random.RandomState> for each test case, to ensure that tests are reproducible.

This matches and complements the existing handling of the :mod:python:random module - Numpy simply maintains an independent PRNG for performance reasons.

3.82.3:
This is a no-op release to add the new Framework :: Hypothesis trove classifier to :pypi:hypothesis on PyPI.

You can use it as a filter to find Hypothesis-related packages such as extensions as they add the tag over the coming weeks, or simply visit :doc:our curated list <strategies>.

3.82.2:
The :ref:Hypothesis for Pandas extension <hypothesis-pandas> is now listed in setup.py, so you can pip install hypothesis[pandas]. Thanks to jmshi for this contribution.

(adam)

Security update to 5.0.1.

More information at:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

(morr)

py-faker: updated to 1.0.1

1.0.1:
* Fixed number of digits in phone_number provider for no_NO.
* Add categories to jp_JP company provider.
* Add trunk prefix for ru_RU phone numbers.

(adam)

py-setuptools: updated to 40.6.3

v40.6.3
* PEP 517 backend no longer declares setuptools as a dependency as it can be assumed.

(adam)

doc: Updated net/inetutils to 1.9.4nb2

(maya)

inetutils: avoid buffer overflow, infinite loop. bump PKGREVISION.

(maya)

Just set CFLAGS.Darwin in Makefile.

(schmonz)

Explicitly buildlink-depend on openssl<1.1. Fixes build on
NetBSD-current (by adding dependency on security/openssl to get a
sufficiently old version). NFCI elsewhere.

(schmonz)

doc: Updated misc/whohas to 0.29.1

(pho)

misc/whohas: Update to 0.29.1

Changes:

Uses less memory and improves threading (requires forks Perl module).

Update the documentation.

Fetch multiple suites at once for Debian/Ubuntu.

Improved options parsing.

Add a config file to set desired distros/releases.

Fixed support for Gentoo, Slackware, OpenBSD, FreeBSD,
Arch, AUR, Fedora, Fink, openSUSE, Mandriva and Cygwin.

(pho)

doc: Updated security/gnutls to 3.6.5nb1

(leot)

gnutls: Add a dependency to mozilla-rootcerts and configure to use them

Without providing `--with-default-trust-store-file=' configure
argument gnutls try to check a list of hardcoded paths for the
trust store file and use the first found.

If none of them is found gnutls_certificate_set_x509_system_trust()
returns GNUTLS_E_UNIMPLEMENTED_FEATURE and the location of trust
store file should be provided (e.g. in gnutls-cli via --x509cafile
option).

Depends on mozilla-rootcerts and pass `--with-default-trust-store-file='
similarly to security/p11-kit to always have a consistent default
trust store file and an implemented
gnutls_certificate_set_x509_system_trust().

Bump PKGREVISION

(leot)

p11-kit: Use `+=' to append to DEPENDS (not `=') (NFC)

(leot)

doc: Updated devel/boehm-gc to 8.0.0nb1

(wiz)

boehm-gc: update to 8.0.0nb1.

Disable munmap'ping to work around the regression in 8.0.0 on
NetBSD.

(wiz)

Remove entries for PR pkg/34473

(bsiegert)

fox-1.6.57

(bsiegert)

Update fox to 1.6.57.

This supersedes the 1.6.56 update from PR pkg/52967.

April 3 - FOX STABLE 1.6.57

    Libtool flags added on behalf of FXRuby builds and missing UNICODE flag
    added for CYGWIN32 build.

January 16 - FOX STABLE 1.6.56

    Problem fixed in FXString vformat().

July 19 - FOX STABLE 1.6.55

    Fix FXMemoryStream position() API: error code was set moving stream
    position to end of buffer.

April 20 - FOX STABLE 1.6.54

    Fix core dump using old GNU C Library or CYGWIN inside
    FXString::vformat.cpp.

December 3 - FOX STABLE 1.6.53

    Fixed typo in FXString::vformat.cpp.

March 15 - FOX STABLE 1.6.51

    Small fixes for 64-bit casts in dctest.cpp (compiler warning issues).
    JPEG image I/O color spaces handled better.
    FXApp input callback message ID for SEL_IO_EXCEPT was wrong.
    Change in how FXStat determines if a file is an executable (Windows).

(bsiegert)

Updated emulators/fuse-emulator, security/gpgme

(adam)

gpgme: updated to 1.12.0

Noteworthy changes in version 1.12.0

* Enhanced the JSON based interface tool gpgme-json to support Native
  Messaging as well as new Javascript code to support the browser
  site.  See lang/js/README for details.

* Major overhaul of the Python language bindings documentation.

* Even for old versions of gpg a missing MDC will now lead to a
  decryption failure.

* Added context flag "auto-key-locate" to control the
  behavior of GPGME_KEYLIST_MODE_LOCATE.

* New data function to create a data object from an estream.

* Add more interfaces to the C++ bindings.

* Improved error codes on decryption failure.

* Lots of minor fixes.

(adam)

fuse-emulator: updated to 1.5.7

1.5.7
GTK+ 3: Make the offset entry wider in memory browser
GTK+: Remove duplicated surface creation code
GTK+: Remove use of deprecated gtk_device_(un)grab functions
GTK+/Win32: Add *.bin as an allowed filetype to file selectors and amend .fmf filetype
Improve Fuse's Kempston mouse handling under GTK+ 3.x
"Save binary" command can now save 65536 bytes again (regression introduced in 1.5.6)
Various minor bugfixes

(adam)

Updated emulators/qemu, lang/nodejs

(adam)

nodejs: updated to 10.14.2

Version 10.14.2 'Dubnium' (LTS)
This LTS release comes with 374 commits. This includes 165 which are test or benchmark related, 77 which are doc related, 29 which are build / tool related and 15 commits which update dependencies.

Notable Changes
* deps:
  - upgrade to c-ares v1.15.0
* Windows:
  - A crashing process will now show the names of stack frames if the node.pdb file is available.

(adam)

qemu: updated to 3.1.0

3.1.0:
Incompatible changes
- The "qemu-system-ppcemb" target has been removed. "qemu-system-ppc" or "qemu-system-ppc64" should be used instead.
- The "tls", "x509", and "x509verify" options to "-vnc" have been removed. The "tls-creds" option should be used instead to point to a "tls-creds-x509" object created using "-object"
- The -drive options "cyls", "heads", "secs", "trans", "addr" and "serial" have been removed. The corresponding options of the "-device" parameter have to be used instead now.
- The "-balloon" option has been removed since it is replaced by "-device virtio-balloon" now.
- The "-nodefconfig" option has been removed. Use "-no-user-config" instead.
- The "-startdate", "-localtime" and "-rtc-td-hack" options have been removed. Use the corresponding parameters of "-rtc" instead.
- The "-tftp", "-bootp", "-redir" and "-smb" options have been removed. Use the corresponding parameters of "-nic" or "-netdev" instead.
- The "ssi-sd" device cannot be created anymore with "-device". This could be changed again in the future.
- x86 machines cannot be live-migrated if nested Intel virtualization is enabled. The next version of QEMU will be able to do live migration when nested virtualization is enabled, if supported by the kernel.

New deprecated options and features
- The '-machine enforce-config-section' parameter is replaced by the '-global migration.send-configuration' option.
- The 'name' parameter of the '-net' option is a synonym for the 'id' parameter, which should now be used instead.
- The 'hub_id name' parameter tuple of the 'hostfwd_add' and 'hostfwd_remove' HMP commands has been replaced by 'netdev_id'.
- The PowerPC target 'prep' machine type should be replaced by the '40p' machine type.
- Parsing of key,value pair filenames for the RBD block device
- Incorrect CPU topologies specified by -smp socket,core,thread options that are describing number of VCPUs not equal to 'maxcpus'

(adam)

Remove obsole patches and regen distinfo properly

(ryoon)

lang/php72: drop sqlite3 PKG_OPTIONS

Drop sqlite3 PKG_OPTIONS since sqlite3 is supported by
databases/php-sqlite3 package.

(taca)

ImageMagick-7.0.8.16

(bsiegert)

Update ImageMagick to 7.0.8.16.

The old distfile is no longer available upstream, and no one uploaded one :(

2018-12-02  7.0.8-16 Cristy  <quetzlzacatenango@image...>
  * Add support for -clahe clip limit with percentages (e.g. -clahe 2x2+128+3%)
  * Check for modulo underflow.
  * Change SVG default DPI to 96 from 90 to meet recommendation of SVG2 & CSS.

(bsiegert)

Updated www/hugo to 0.52

(ryoon)

Update to 0.52

Changelog:
The two big new items in this release is Inline Shortcodes and Consolidated File Caches. In Hugo we really care about build speed, and caching is important. With this release, you get much better control over your cache configuration, which is especially useful when building on a Continous Integration server (Netlify, CircleCI or similar). Inline Shortcodes was implemented to help the Bootstrap project move their documentation site to Hugo. Note that this feature is disabled by default. To enable, set enableInlineShortcodes = true in your site config. Worth mentioning is also the new param shortcode, which looks up the param in page front matter with the site's parameter as a fall back.

This release represents 33 contributions by 7 contributors to the main Hugo code base.
@bep leads the Hugo development with a significant amount of contributions, but also a big shoutout to @moorereason, @emirb, and @allizad for their ongoing contributions.
And a big thanks to @digitalcraftsman and @onedrawingperday for their relentless work on keeping the themes site in pristine condition and to @kaushalmodi for his great work on the documentation site.

Many have also been busy writing and fixing the documentation in hugoDocs,
which has received 10 contributions by 4 contributors. A special thanks to @budparr, @bep, @allizad, and @funkydan2 for their work on the documentation site.

Hugo now has:

    30595+ stars
    441+ contributors
    270+ themes

Enhancements
Templates

    Add tests ed698e94 @moorereason
    Regenerate templates 89e2716d @bep
    Add "param" shortcode f37c5a25 @bep #4010
    Add float64 support to where 112461fd @moorereason #5466

Core

    Fall back to title in ByLinkTitle sort a9a93d08 @bep #4953
    Improve nil handling in IsDescendant and IsAncestor b09a4033 @bep #5461

Other

    Remove duplicate mapstructure depdendency 7e75aeca @bep
    Add dependency list to README e14e0b19 @bep
    Document inline shortcodes aded0f25 @bep #4011
    Add inline shortcode support bc337e6a @bep #4011
    Include drafts in convert command dcfeed35 @bep #5457
    Handle themes in the new file cache (for images, assets) f9b4eb4f @bep #5460
    Add tests for permalink on Resource with baseURL with path 12742bac @bep #5226
    Add a comment about file mode for new files fabf026f @bep #5434
    Add a :project placeholder 94f0f7e5 @bep #5439
    Add a cache prune func 3c29c5af @bep #5439
    Add a filecache root dir 33502667 @bep
    Use time.Duration for maxAge d3489eba @bep #5438
    Split implementation and config into separate files 17d7ecde @bep
    Update to LibSASS 3.5.5 e4b25728 @bep #5432#5435
    More spelling corrections 782dd158 @bep
    Spelling corrections aff9c091 @bep
    Remove appveyor fdd4a768 @bep
    Document the new file cache abeeff13 @bep #5404
    Add a consolidated file cache f7aeaa61 @bep #5404
    Add Windows build config to Travis 7d78a2af @emirb
    Add Elasticsearch/bonsai.io to services doc. c0b3a1af @allizad

Fixes
Templates

    Fix whitespace issue aba2647c @max-arnold
    Fix test to pass with gccgo a8cb1b07 @ianlancetaylor

Other

    Fix handling of commented out front matter 7540a628 @bep #5478
    Fix when only shortcode and then summary 94ab125b @bep #5464
    Fix ignored --config flag with 'new' command e82b2dc8 @krisbudhram
    Fix Permalink for resource, baseURL with path and canonifyURLs set 5df2b79d @bep #5226

(ryoon)

Updated lang/openjdk8 to 1.8.192

(ryoon)

Update to 1.8.192

Changelog:
New Features
security-libs/javax.net.ssl
➜ Support for Customization of Default Enabled Cipher Suites via System Properties

The system property jdk.tls.client.cipherSuites can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property jdk.tls.server.cipherSuites can be used for customization on the server side.

The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicit setting of enabled cipher suites will override the system properties.

Please refer to the "Java Cryptography Architecture Standard Algorithm Name Documentation" for the standard JSSE cipher suite names, and the "Java Cryptography Architecture Oracle Providers Documentation" for the cipher suite names supported by the SunJSSE provider.

Note that the actual use of enabled cipher suites is restricted by algorithm constraints.

Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.

Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
See JDK-8162362

Bug Fixes

This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u192 Bug Fixes page.

Security bugs:
CVE-2018-3183
CVE-2018-3209
CVE-2018-3169
CVE-2018-3149
CVE-2018-3211
CVE-2018-3180
CVE-2018-3214
CVE-2018-3157
CVE-2018-3150
CVE-2018-13785
CVE-2018-3136
CVE-2018-3139

(ryoon)

Updated www/firefox-l10n to 64.0

(ryoon)

Update to 64.0

* Sync with www/firefox-64.0

(ryoon)

Updated www/firefox to 64.0

(ryoon)

Update to 64.0

Changelog:
New
    Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)

    Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily

    Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power

    Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)

    More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu

    Added option to remove add-ons using the context menu on their toolbar buttons

    New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments

Fixed
    Various security fixes

Changed
    RSS feed preview and live bookmarks are available only via add-ons

    TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.

    about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com

    The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter

Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4

(ryoon)

Updated devel/nss to 3.41

(ryoon)

Update to 3.41

New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

Notable changes:
* The following CA certificates were added:
    CN = Certigna Root CA
    CN = GTS Root R1
    CN = GTS Root R2
    CN = GTS Root R3
    CN = GTS Root R4
    CN = UCA Global G2 Root
    CN = UCA Extended Validation Root

* The following CA certificates were removed:
    CN = AC Ra鱈z Certic叩mara S.A.
    CN = Certplus Root CA G1
    CN = Certplus Root CA G2
    CN = OpenTrust Root CA G1
    CN = OpenTrust Root CA G2
    CN = OpenTrust Root CA G3

Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
  Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
  (CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3

(ryoon)

doc: Updated net/youtube-dl to 20181209

(leot)

youtube-dl: Update net/youtube-dl to 20181209

Changes:
2018.12.09
----------
Core
* [YoutubeDL] Keep session cookies in cookie file between runs
* [YoutubeDL] Recognize session cookies with expired set to 0 (#12929)

Extractors
+ [teachable] Add support for teachable platform sites (#5451, #18150, #18272)
+ [aenetworks] Add support for historyvault.com (#18460)
* [imgur] Improve gallery and album detection and extraction (#9133, #16577,
  #17223, #18404)
* [iprima] Relax URL regular expression (#18453)
* [hotstar] Fix video data extraction (#18386)
* [ard:mediathek] Fix title and description extraction (#18349, #18371)
* [xvideos] Switch to HTTPS (#18422, #18427)
+ [lecturio] Add support for lecturio.com (#18405)
+ [nrktv:series] Add support for extra materials
* [nrktv:season,series] Fix extraction (#17159, #17258)
* [nrktv] Relax URL regular expression (#18304, #18387)
* [yourporn] Fix extraction (#18424, #18425)
* [tbs] Fix info extraction (#18403)
+ [gamespot] Add support for review URLs

(leot)

doc: Updated time/wmmoonclock to 1.29

(pho)

Updated devel/creduce, textproc/oniguruma

(adam)

oniguruma: updated to 6.9.1

release 6.9.1
Speed improvement (* especially UTF-8)

(adam)

time/wmmoonclock: Update to 1.29

Changes:
Version 1.29 - released August 14, 2017
Update GPLv2 license text.
Update FSF address.
Remove trailing whitespace.
Use autotools for build.
Rename changelog to ChangeLog; clean up and split off TODO.
Correct bug report email address.
Remove unused variables.
Use unsigned char in mask bitmap to avoid overflow warnings.
Use correct includes for each file.
Add desktop entry file.

Version 1.28 - released September 20, 2011.
Debian patches added to the upstream version. These patches
are included:
01_all_previous_diff.diff, 02_update_time.diff,
03_add_southern_hemisphere_support.diff and
04_fix_hyphen_used_as_minus_sign.diff
BUGS file updated to report to wmaker-dev@lists.windowmaker.info
Source is now at http://repo.or.cz/w/dockapps.git
Updated by Rodolfo Garc鱈a Pe単as (kix) <kix@kix.es>

(pho)

creduce: fix for LLVM 7.0

(adam)

doc: Updated www/curl to 7.63.0

(leot)

curl: Update www/curl to 7.63.0

pkgsrc changes:
- Remove no longer needed patch-lib_connect.c: imported upstream

Changes:
7.63.0
------
This release includes the following changes:

o curl: add %{stderr} and %{stdout} for --write-out
o curl: add undocumented option --dump-module-paths for win32
o setopt: add CURLOPT_CURLU

This release includes the following bugfixes:

o (lib)curl.rc: fixup for minor bugs
o CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
o CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
o CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
o Curl_follow: accept non-supported schemes for "fake" redirects
o KNOWN_BUGS: add --proxy-any connection issue
o NTLM: Remove redundant ifdef USE_OPENSSL
o NTLM: force the connection to HTTP/1.1
o OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
o SECURITY-PROCESS: bountygraph shuts down again
o TODO: Have the URL API offer IDN decoding
o ares: remove fd from multi fd set when ares is about to close the fd
o axtls: removed
o checksrc: add COPYRIGHTYEAR check
o cmake: fix MIT/Heimdal Kerberos detection
o configure: include all libraries in ssl-libs fetch
o configure: show CFLAGS, LDFLAGS etc in summary
o connect: fix building for recent versions of Minix
o cookies: create the cookiejar even if no cookies to save
o cookies: expire "Max-Age=0" immediately
o curl: --local-port range was not "including"
o curl: fix --local-port integer overflow
o curl: fix memory leak reading --writeout from file
o curl: fixed UTF-8 in current console code page (Windows)
o curl_easy_perform: fix timeout handling
o curl_global_sslset(): id == -1 is not necessarily an error
o curl_multibyte: fix a malloc overcalculation
o curle: move deprecated error code to ifndef block
o docs: curl_formadd field and file names are now escaped
o docs: escape "\n" codes
o doh: fix memory leak in OOM situation
o doh: make it work for h2-disabled builds too
o examples/ephiperfifo: report error when epoll_ctl fails
o ftp: avoid two unsigned int overflows in FTP listing parser
o host names: allow trailing dot in name resolve, then strip it
o http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
o http: don't set CURLINFO_CONDITION_UNMET for http status code 204
o http: fix HTTP Digest auth to include query in URI
o http_negotiate: do not close connection until negotiation is completed
o impacket: add LICENSE
o infof: clearly indicate truncation
o ldap: fix LDAP URL parsing regressions
o libcurl: stop reading from paused transfers
o mprintf: avoid unsigned integer overflow warning
o netrc: don't ignore the login name specified with "--user"
o nss: Fall back to latest supported SSL version
o nss: Fix compatibility with nss versions 3.14 to 3.15
o nss: fix fallthrough comment to fix picky compiler warning
o nss: remove version selecting dead code
o nss: set default max-tls to 1.3/1.2
o openssl: Remove SSLEAY leftovers
o openssl: do not log excess "TLS app data" lines for TLS 1.3
o openssl: do not use file BIOs if not requested
o openssl: fix unused variable compiler warning with old openssl
o openssl: support session resume with TLS 1.3
o openvms: fix example name
o os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
o os400: add CURLOPT_CURLU to ILE/RPG binding
o os400: fix return type of curl_easy_pause() in ILE/RPG binding
o packages: remove old leftover files and dirs
o pop3: only do APOP with a valid timestamp
o runtests: use the local curl for verifying
o schannel: be consistent in Schannel capitalization
o schannel: better CURLOPT_CERTINFO support
o schannel: use Curl_ prefix for global private symbols
o snprintf: renamed and we now only use msnprintf()
o ssl: fix compilation with OpenSSL 0.9.7
o ssl: replace all internal uses of CURLE_SSL_CACERT
o symbols-in-versions: add missing CURLU_ symbols
o test328: verify Content-Encoding: none
o tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
o tests: drop http_pipe.py script no longer used
o tool_cb_wrt: Silence function cast compiler warning
o tool_doswin: Fix uninitialized field warning
o travis: build with clang sanitizers
o travis: remove curl before a normal build
o url: a short host name + port is not a scheme
o url: fix IPv6 numeral address parser
o urlapi: only skip encoding the first '=' with APPENDQUERY set

This release includes the following known bugs:

o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Alessandro Ghedini, Alexey Melnichuk, Antoni Villalonga, Ben Greear,
  bobmitchell1956 on github, Brad King, Brian Carpenter, daboul on github,
  Daniel Gustafsson, Daniel Stenberg, Dave Reisner, David Benjamin,
  Dheeraj Sangamkar, dtmsecurity on github, Elia Tufarolo, Frank Gevaerts,
  Gergely Nagy, Gisle Vanem, Hagai Auro, Han Han, infinnovation-dev on github,
  James Knight, J辿r辿my Rocher, Jeroen Ooms, Jim Fuller, Johannes Schindelin,
  Kamil Dudka, Konstantin Kushnir, Marcel Raad, Marc H旦rsken, Marcos Diazr,
  Michael Kaufmann, NTMan on Github, Patrick Monnerat, Paul Howarth,
  Pavel Pavlov, Peter Wu, Ray Satiro, Rod Widdowson, Romain Fliedel,
  Samuel Surtees, Sevan Janiyan, Stefan Kanthak, Sven Blumenstein, Tim R端hsen,
  Tobias Hintze, Tomas Hoger, tonystz on Github, tpaukrt on github,
  Viktor Szakats, Yasuhiro Matsumoto,
  (51 contributors)

        Thanks! (and sorry if I forgot to mention someone)

(leot)