Updated security/py-cryptodome, time/py-dateutil, time/py-tzdata

(adam)

py-tzdata: updated to 2018.7

2018.7:
Unknown changes

(adam)

py-dateutil: updated to 2.7.5

Version 2.7.5:

Data updates
- Update tzdata to 2018g

(adam)

py-cryptodome: updated to 3.7.0

3.7.0:

New features
* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation).
* Added support for ChaCha20-Poly1305 AEAD cipher.
* New parameter output for Crypto.Util.strxor.strxor, Crypto.Util.strxor.strxor_c,
  encrypt and decrypt methods in symmetric ciphers (Crypto.Cipher package).
  output is a pre-allocated buffer (a bytearray or a writeable memoryview)
  where the result must be stored.
  This requires less memory for very large payloads; it is also more efficient when
  encrypting (or decrypting) several small payloads.

Resolved issues
* AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction.

Breaks in compatibility
* Drop support for Python 3.3.
* Remove Crypto.Util.py3compat.unhexlify and Crypto.Util.py3compat.hexlify.
* With the old Python 2.6, use only ctypes (and not cffi) to interface to native code.

(adam)

Update path to false(1). nologin(8) exists on Minix 3.4RC6, however, currently
status is set to 0 despite exiting with 1

(sevan)

Update some more paths from Minix 3.4RC6

(sevan)

Update path to chown(8) as found on Minix 3.4RC6

(sevan)

Add u-boot-odroid-xu3

(jmcneill)

Fix typo

(jmcneill)

Updated devel/py-hypothesis, devel/py-test

(adam)

py-test: updated to 3.9.3

pytest 3.9.3:
Bug Fixes
* Fix ���ValueError: Plugin already registered��� with conftest plugins via symlink.
* Handle race condition between creation and deletion of temporary folders.
* Fix bug where the warning summary at the end of the test session was not showing the test where the warning was originated.
* Fix regression when stacklevel for warnings was passed as positional argument on python2.

Improved Documentation
* Add reference to empty_parameter_set_mark ini option in documentation of @pytest.mark.parametrize

Trivial/Internal Changes
* Revert patching of sys.breakpointhook since it appears to do nothing.
* Apply an import sorter (reorder-python-imports) to the codebase.
* Remove use of unnecessary compat shim, six.binary_type

(adam)

py-hypothesis: updated to 3.81.0

3.81.0:
:class:~hypothesis.stateful.GenericStateMachine and :class:~hypothesis.stateful.RuleBasedStateMachine now raise an explicit error when instances of :obj:~hypothesis.settings are assigned to the classes' settings attribute, which is a no-op (:issue:1643). Instead assign to SomeStateMachine.TestCase.settings, or use @settings(...) as a class decorator to handle this automatically.

(adam)

Pullup ticket #5861 - requested by taca
lang/ruby: security update
lang/ruby24-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.196
- lang/ruby24-base/distinfo                                    1.10

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Oct 18 14:15:13 UTC 2018

  Modified Files:
  pkgsrc/lang/ruby: rubyversion.mk
  pkgsrc/lang/ruby24-base: distinfo

  Log Message:
  lang/ruby24-base: update to 2.4.5

  Ruby 2.4.5 Released

  Ruby 2.4.5 has been released.

  This release includes about 40 bug fixes after the previous release, and also
  includes several security fixes. Please check the topics below for details.

  * CVE-2018-16396: Tainted flags are not propagated in Array#pack and
    String#unpack with some directives

  * CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
    See the commit logs for details.

  To generate a diff of this commit:
  cvs rdiff -u -r1.195 -r1.196 pkgsrc/lang/ruby/rubyversion.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby24-base/distinfo

(spz)

Use the same method to create the pbulk user on Minix as NetBSD

(sevan)

Minix 3 is ELF based

(sevan)

firefox60

(maya)

firefox60{,-l10n}: update to 60.3.0
patches removed seem to be merged.

security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/

(maya)

Add GCC_REQD+=8 support to compiler/gcc.mk

(abs)

Bump PKGREVISION to match gcc8 change

(abs)

Add -fPIC to CRTSTUFF_CFLAGS to fix --enable-pie when building firefox

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87221

With this gcc8 can build a working firefox on NetBSD-8/amd64

(abs)

doc: Updated net/youtube-dl to 20181029

(leot)

youtube-dl: Update net/youtube-dl to 20181029

Changes:
version 2018.10.29

Core
+ [extractor/common] Add validation for JSON-LD URLs

Extractors
+ [sportbox] Add support for matchtv.ru
* [sportbox] Fix extraction (#17978)
* [screencast] Fix extraction (#14590, #14617, #17990)
+ [openload] Add support for oload.icu
+ [ivi] Add support for ivi.tv
* [crunchyroll] Improve extraction failsafeness (#17991)
* [dailymail] Fix formats extraction (#17976)
* [viewster] Reduce format requests
* [cwtv] Handle API errors (#17905)
+ [rutube] Use geo verification headers (#17897)
+ [brightcove:legacy] Add fallbacks to brightcove:new (#13912)
- [tv3] Remove extractor (#10461, #15339)
* [ted] Fix extraction for HTTP and RTMP formats (#5941, #17572, #17894)
+ [openload] Add support for oload.cc (#17823)
+ [patreon] Extract post_file URL (#17792)
* [patreon] Fix extraction (#14502, #10471)

(leot)

Unbreak build on Minix 3

(sevan)

libcompat_minix was removed some years back and minlib does not exist as a
linkable library in 3.4RC6 so don't try to link against these.

(sevan)

Minix runs on platforms besides x86, match GNU config.guess.

(sevan)

Add a patch so that this configures with rust >= 1.29, patterned after
https://bugzilla.mozilla.org/show_bug.cgi?id=1479540

(he)

Update location for true(1), taken from 3.4RC6 build.

(sevan)

doc: Updated net/ucspi-ssl to 0.999.10.6nb1

(schmonz)

Disable TLS 1.0. Bump PKGREVISION.

(schmonz)

Minix/arm currently ships with GCC but the i386 build ships with clang so check
the compiler.

(sevan)

doc: Updated mail/qmail-run to 20181028nb1

(schmonz)

Point to where servercert.pem actually is. While here, use the regularly
regenerated DH params too. Bump PKGREVISION.

(schmonz)

Avoid erroring out due to multiple -Werror=parentheses with gcc8

(abs)

doc/TODO: add openssh-7.9p1

+ openssh-7.9p1.

(taca)

doc/TODO: add newer mysql-server

+ mysql-server-5.5.62, mysql-server-5.6.42, mysql-server-5.7.24 and
  mysql-server-8.0.13.

(taca)

doc: Added devel/ruby-cucumber-messages version 1.1.2

(taca)

devel/Makefile: add and enable ruby-cucumber-messages

(taca)

devel/ruby-cucumber-messages: added version 1.1.2

Add ruby-cucumber-messages packages version 1.1.2.

Protocol Buffer messages for Cucumber's inter-process communication.

(taca)

doc: Added devel/ruby-google-protobuf version 3.6.1

(taca)

devel/Makefile: add and enable ruby-google-protobuf

(taca)

devel/ruby-google-protobuf: add version 3.6.1

Add devel/ruby-google-protobuf package version 3.6.1.

Protocol Buffers are Google's data interchange format.

(taca)

doc: Updated time/ruby-tzinfo-data to 1.2018.7

(taca)

time/ruby-tzinfo-data: update to 1.2018.7

1.2018.7 (2018/10/27)

Based on version 2018g of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000052.html).

(taca)

doc: Updated time/ruby-tzinfo03 to 0.3.55

(taca)

time/ruby-tzinfo03: update to 0.3.55

0.33.55 (2018/10/27)

Based on version 2018g of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000052.html).

(taca)

doc: update mail/roundcube* to 1.3.8

mail/roundcube
mail/roundcube-plugin-enigma
mail/roundcube-plugin-password
mail/roundcube-plugin-zipdownload

(taca)

mail/roundcube-plugin-zipdownload: update to 1.3.8

No change except version.

(taca)

mail/roundcube-plugin-password: update to 1.3.8

No change except version.

(taca)

mail/roundcube-plugin-enigma: update to 1.3.8

RELEASE 1.3.8
-------------

- Enigma: Fix deleting keys with authentication subkeys (#6381)

(taca)

mail/roundcube: update to 1.3.8

This update includes XSS security problem.

RELEASE 1.3.8
-------------

- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)

(taca)

doc: Updated devel/py-ZopeComponent to 4.5nb1

(taca)

devel/py-ZopeComponent: add missing dependency

Add depdendency to devel/py-zope.deferredimport, py-zope.deprecation and
devel/py-zope.hookable in order to fix secuiry/py-certbot runtime problem.

Bump PKGREVISION.

(taca)

doc: Added devel/py-zope.{deferredimport,deprecation,hookable}

devel/py-zope.deferredimport 4.3
devel/py-zope.deprecation 4.3.0
devel/py-zope.hookable 4.2.0

(taca)

devel/Makefile: add and enable py-zope.{deferredimport,deprecation,hookable}

(taca)

devel/py-zope.hookable: add version 4.2.0

Add devel/py-zope.hookable package version 4.2.0 with Python 3.7 support
from upstream.

===============
zope.hookable
===============

This package supports the efficient creation of "hookable" objects, which
are callable objects that are meant to be optionally replaced.

The idea is that you create a function that does some default thing and make it
hookable. Later, someone can modify what it does by calling its sethook method
and changing its implementation.  All users of the function, including those
that imported it, will see the change.

(taca)

devel/py-zope.deprecation: add version 4.3.0

Add py-zope.deprecation package version 4.3.0.

======================
``zope.deprecation``
======================

This package provides a simple function called ``deprecated(names, reason)``
to mark deprecated modules, classes, functions, methods and properties.

(taca)

devel/py-zope.deferredimport: add version 4.3

Add py-zope.deferredimport package version 4.3.

=========================
``zope.deferredimport``
=========================

Often, especially for package modules, you want to import names for
convenience, but not actually perform the imports until necessary.
The zope.deferredimport package provided facilities for defining names
in modules that will be imported from somewhere else when used.  You
can also cause deprecation warnings to be issued when a variable is
used.

(taca)

doc: Added www/py-zope.proxy version 4.3.1

(taca)

devel/Makefile: add and enable py-zope.proxy

(taca)

www/py-zope.proxy: add version 4.3.1

Add py-zope.proxy package version 4.3.1.

``zope.proxy``
==============

Proxies are special objects which serve as mostly-transparent
wrappers around another object, intervening in the apparent behavior of
the wrapped object only when necessary to apply the policy (e.g., access
checking, location brokering, etc.) for which the proxy is responsible.

zope.proxy is implemented via a C extension module, which lets it do things
like lie about its own ``__class__`` that are difficult in pure Python (and
were completely impossible before metaclasses).  It also proxies all the
internal slots (such as ``__int__``/``__str__``/``__add__``).

(taca)

doc: Updated mail/qmail-run to 20181028

(schmonz)

Update to 20181028. Changes:

- CERTFILE needs to be set early enough for sslserver. Move it to rc.d.
  UCSPITLS is application-specific and can stay in the CDB.
- Add PYMSGAUTH_TOLERATE_UNCONFIGURED to the CDB.
- Switch qmailpop3d from tcpserver+qmail-popup to sslserver+authup.
  Set UCSPITLS in the CDB to require STLS before USER/PASS.
- Specify a few new required_files.
- Point more precisely at the need to inspect alias/.qmail-*.

(schmonz)

Note update of lang/rust to 1.29.2.

(he)

Upgrade rust to version 1.29.2.

Upstream changes:
* Workaround for an aliasing-related LLVM bug, which caused miscompilation.
* The rls-preview component on the windows-gnu targets has been restored.

Pkgsrc changes:
* More commented-out settings for cross builds on NetBSD.
* Bump bootstrap kit versions to 1.29.2 for powerpc, sparc64
  and earm7hf.  Anyone up for testing for earm7hf?
* Because the built-in versions of libgit2, libssh2 and curl
  can no longer be built with the pkgsrc-provided headers for
  those packages (due to version skew; the built-in versions
  have been updated to un-released newer code), the buildlink3.mk
  files for those packages have been commented out.
* Similarly, to avoid using the native pkgsrc host's headers when cross-
  building, the gcc-wrap script has been adjusted to also re-point
  /usr/pkg/include into the destination's root (where those above pacakges
  are not to be installed).
* Also have the gcc-wrap script deal with "-I dir" style directives,
  and re-point these also into the destination's root.
* One patch has been integrated upstream, so removed here.

(he)

doc: Updated emulators/libretro-reicast to 20181026

(nia)

libretro-reicast: Update to 20181026

Changes:

* Modem: issues with incoming TCP connections. 2K games packet mangling
* Auto save state changes
* Naomi: no need for lst files anymore
* Fix crash when toggling fullscreen on and off
* JVS: fix substract coin, array overflow and more
* Aica rec: revert to the original sequence of ops for branch to reg
* Aica: unaligned branch failure with arm and x86 dynarecs
* Naomi: fix arm dynarec do_sqw_nommu_area_3
* Naomi: fix crash on arm. GLES: Disable modifier volumes if no stencil
* Naomi: Better game identification, more robust lst parsing
* Add screen orientation setting for Naomi vertical screen games

(nia)

doc: Updated emulators/libretro-gambatte to 20181022

(nia)

libretro-gambatte: Update to 20181022

Changes:

* Add optional 'dark filter' (a.k.a. eye saver, for use with games with white backgrounds)
* Add the option to only apply colour correction when running a GBC game or using a GBC colour palette
* Add 'accurate' colour correction method derived from Pokefan531's gbc-colour shader
* Add palettes for original Game Boy, Game Boy Pocket and Game Boy Light
* Add SGB palettes
* Alter memory descriptors to accommodate bankswitched RAM size

(nia)

patches from upstream for
CVE-2017-11613 CVE-2017-18013 CVE-2018-5784 CVE-2018-10963
CVE-2018-17100 CVE-2018-17101

(spz)

doc: Updated net/mikutter to 3.8.2

(tsutsui)

mikutter: update to 3.8.2.

Upstream changes:

mikutter 3.8.2

* support Github image view
* thanks cob odo
* make display_requirements plugin depend on twitter
* thanks cob odo
* fix typo
* thanks cob odo
* explicitly miquire TypedArray used by activity settings
* thanks cob odo
* resolve deprecated font properties in console plugin
* thanks Akira Ouchi

Thanks for all visitors to OSC Tokyo!

(tsutsui)

doc: Updated textproc/xapian-omega to 1.4.8

(schmonz)

Update to 1.4.8. From the changelog:

indexers:

* omindex:

  + Improve date handling in .eml files.  We now handle a "Date:" header
    without the day of the week, which is allowed by RFC822 and RFC2822
    (though seems rare in practice).  If the date can't be parsed, we now
    just omit the date information rather than failing to process the file.

  + Add support for indexing Apple iWork documents (Keynote (.key), Numbers
    (.numbers) and Pages (.pages)) using libetonyek.  Currently only the file
    variants are handled since omindex doesn't currently support indexing a
    directory as a document.

  + Index Visio files using vsd2xhtml.

  + Extend --filter to support filters which produce SVG as output.

  + Handle SVG embedded in XML with svg: namespace prefix.

  + Add --read-filters option to read a list of filters from a file, each line
    of which is a rule as passed to --filter.  Based on a patch from Gaurav
    Arora.

  + Add new --mime-type-match option which allows specifying a MIME
    Content-Type for a given shell filename pattern pattern (with the special
    Content-Type values "ignore" and "skip" supported, as for --mime-type).

  + Adjust --mime-type to allow ':' in the extension.  A valid MIME
    Content-Type can't contain a colon, so if the argument to --mime-type
    contains more than one colon it makes more sense to split at the *last*
    colon (we used to split at the first), as an extension could conceivably
    contain a colon.  Mostly this change is for consistency with the new
    --mime-type-match option, where the leafname pattern could reasonably
    contain a colon.

  + Remove failed entries for ignored files.  If a file is mapped to
    pseudo-mimetype "ignore" then remove any existing failure record for it so
    that ignored files so we don't potentially end up with a lot of cruft
    failure records for files we are no longer trying to index.

  + If a file fails to index due to failing to allocate enough memory we now
    try to flag it as failed to index so it will be skipped by default on
    future runs.  This should help to avoid indexing getting stuck on
    problematic files.

  + Add a "pages" field with the number of pages in the document where we
    know how to determine this (currently only for PDF files for which pdfinfo
    reports this information).

  + Handle initially empty database exactly the same was as when --overwrite
    is specified.  This probably has no user-visible consequences, but it's
    cleaner for the handling to be exactly the same.

* scriptindex:

  + Improve scriptindex diagnostic messages.  All diagnostics are now labelled
    as "error", "warning" or "note" as appropriate, and we now consistently
    report "FILE:LINE:" (and also "COLUMN:" in most cases) to make it clearer
    where the problem lies.

  + Add new "split" action which splits the text on a specified delimiter and
    executes the following actions for each piece.  Based on a patch by Gaurav
    Arora.

  + Missing whitespace after the closing " on an action argument is now
    flagged as an error.  Previously scriptindex would attempt to parse
    the following characters as the next action.

  + Support C-like escapes for quoted parameter values.  Notably this means it
    is now possible to include `"` in quoted parameter values.

omega:

  + Value-based date range filters can now be specified via CGI parameters
    START.N, END.N and/or SPAN.N where N is a value slot number, allowing
    multiple concurrent filters on different slots to be specified.

  + Support YYYY and YYYYMM limits in term-based date ranges.  Previously
    value-based date ranges supported these as limits, but term-based date
    ranges gave an error.

  + Add stem_strategy option and deprecate existing stem_all option in favour
    of this new more versatile option.

  + Support "natural" $sort option via new flag "#" which sorts embedded
    natural numbers in numerical order.

  + Support numeric $sort option via new flag "n", similar to GNU sort -n.

  + Rewrite field parsing to be more efficient, and store fields in an
    unordered_map for faster lookup.

(schmonz)

doc: Updated textproc/xapian to 1.4.8

(schmonz)

Update to 1.4.8. From the changelog:

API:

* QueryParser,TermGenerator: Add new stemming mode STEM_SOME_FULL_POS.
  This stores positional information for both stemmed and unstemmed terms,
  allowing NEAR and ADJ to work with stemmed terms.  The extra positional
  information is likely to take up a significant amount of extra disk space so
  the default STEM_SOME is likely to be a better choice for most users.

* Database::check(): Fetch and decompress the document data to catch problems
  with the splitting of large data into multiple entries, corruption of the
  compressed data, etc.  Also check that empty document data isn't explicitly
  stored for glass.

* Fix an incorrect type being used for term positions in the TermGenerator API.
  These were Xapian::termcount but should be Xapian::termpos.  Both are
  typedefs for the same 32-bit unsigned integer type by default (almost always
  "unsigned int") so this change is entirely compatible, except that if you
  were configuring 1.4.7 or earlier with --enable-64bit-termcount you need to
  also use the new --enable-64bit-termpos configure option with 1.4.8 and up or
  rebuild your applications.  This change was necessary to make
  --enable-64bit-termpos actually useful.

* Add Document::remove_postings() method which removes all postings in a
  specified term position range much more efficiently than by calling
  remove_posting() repeatedly.  It returns the number of postings removed.

* Fix bugs with handling term positions >= 0x80000000.  Reported by Gaurav
  Arora.

* Document::add_posting(): More efficiently handle insertion of a batch of
  extra positions in ascending order.

* Query: Simplify OP_SYNONYM with single OP_WILDCARD subquery by converting to
  OP_WILDCARD with combiner OP_SYNONYM, which means such cases can take
  advantage of the new matcher optimisation in this release to avoid needing
  document length for OP_WILDCARD with combiner OP_SYNONYM.

matcher:

* Avoid needing document length for an OP_WILDCARD with combiner OP_SYNONYM.
  We know that we can't get any duplicate terms in the expansion of a wildcard
  so the sum of the wdf from them can't possibly exceed the document length.

* OP_SYNONYM: No longer tries to initialise weights for its subquery, which
  should reduce the time taken to set up a large wildcard query.

* OP_SYNONYM: Fix frequency estimates when OP_SYNONYM is used with a
  subquery containing OP_XOR or OP_MAX - in such cases the frequency
  estimates for the first subquery of the OP_XOR/OP_MAX were used for
  all its subqueries.  Also the estimated collection frequency is
  now rounded to the nearest integer rather than always being rounded
  down.

glass backend:

* Revert change made in 1.4.6:

    Enable glass's "open_nearby_postlist" optimisation (which especially helps
    large wildcard queries) for writable databases without any uncommitted
    changes as well.

  The amended check isn't conservative enough as there may be postlist changes
  in the inverter while the table is unmodified.  This breaks testcase
  T150-tagging.sh in notmuch's testsuite, reported by David Bremner.

* When indexing a document without any terms we now avoid some unnecessary work
  when storing its termlist.

tools:

* xapian-delve: Test for all docs empty using get_total_length() which is
  slightly simpler internally than get_avlength(), and avoids an exact floating
  point equality check.

examples:

* quest: Support --weight=coord.

* xapian-pos: New tool to show term position info to help debugging when using
  positional information in more complex ways.

portability:

* Fix undefined behaviour from C++ ODR violation due to using the same name
  two different non-static inline functions.  It seems that with current GCC
  versions the desired function always ends up being used, but with current
  clang the other function is sometimes used, resulting in database corruption
  when using value slots in docid 16384 or higher with the default glass
  backend.  Patch from Germ叩n M. Bravo.

* Suppress alignment cast warning on sparc Linux.  The pointer being cast is to
  a record returned by getdirentries(), so it should be suitable aligned.

* Drop special handling for Compaq C++.  We never actually achieved a working
  build using it, and I can find no evidence that this compiler still exists,
  let alone that it was updated for C++11 which we now require.

* Create new database directories in race-free way.

* Avoid throwing and handling an exception in replace_document() when
  adding a document with a specified docid which is <= last_docid but currently
  unused.

* Use our portable code for handling UUIDs on all platforms, and only use
  platform-specific code for generating a new UUID.  This fixes a bug with
  converting UUIDs to and from string representation on FreeBSD, NetBSD and
  OpenBSD on little-endian platforms which resulted in reversed byte order in
  the first three components, so the same database would report a different
  UUID on these platforms compared to other platforms.  With this fix, the
  UUIDs of existing databases will appear to change on these platforms
  (except in rare "palindronic" cases).  Reported by Germ叩n M. Bravo.

* Fix to build with a C++17 compiler.  Previously we used a "byte" type
  internally which clashed with "std::byte" in source files which use
  "using namespace std;".  Fixes #768, reported by Laurent Stacul.

* Adjust apitest testcase stubdb2 to allow for NetBSD oddity: NetBSD's
  getaddrinfo() in IPv4 mode seems to resolve ::1 to an IPv4 address on the
  local network.

* Avoid timer_create() on OpenBSD and NetBSD.  On OpenBSD it always fails with
  ENOSYS (and there's no prototype in the libc headers), while on NetBSD it
  seems to work, but the timer never seems to fire, so it's useless to us (see
  #770).

* Use SOCK_NONBLOCK if available to avoid a call to fcntl().  It's supported by
  at least Linux, FreeBSD, NetBSD and OpenBSD.

* Use O_NOINHERIT for O_CLOEXEC on Windows.  This flag has essentially the same
  effect, and it's common in other codebases to do this.

* On AIX O_CLOEXEC may be a 64-bit constant which won't fit in an int.  To
  workaround this stupidity we now call the non-standard open64x() instead
  of open() when the flags don't fit in an int.

* Add functions to add/multiply with overflow check.  These are implemented
  with compiler builtins or equivalent where possible, so the overflow check
  will typically just require a check of the processor's overflow or carry
  flag.

(schmonz)

Avoid some sprintf buffer overflows reported by gcc 8. Bump PKGREVISION

(abs)

Fix both stupid errors in PKG_DEVELOPER and gcc-8 check

(abs)

Avoid build issue with PKG_DEVELOPER and gcc-8

(abs)

emacs26: Do not (manually) inject X11 LDFLAGS via configure

On NetBSD and OpenBSD the configure script injects LD_SWITCH_X_SITE_RPATH
(e.g.  `-Wl,-rpath,/usr/X11R7/lib') early as LDFLAGS leading to link with
possible X11 native libraries when it is not requested.

Should fix PR pkg/53688.

Bump PKGREVISION

Thanks to <maya> for debug-fu help!

(leot)

emacs25: Do not (manually) inject X11 LDFLAGS via configure

On NetBSD and OpenBSD the configure script injects LD_SWITCH_X_SITE_RPATH
(e.g.  `-Wl,-rpath,/usr/X11R7/lib') early as LDFLAGS leading to link with
possible X11 native libraries when it is not requested.

Should fix PR pkg/53688.

Bump PKGREVISION

Thanks to <maya> for debug-fu help!

(leot)

doc: Updated mail/qmail-run to 20181027

(schmonz)

Update to 20181027. Changes:

- Bump qmail-acceptutils for integrated privsep TLS using ucspi-ssl.
- Switch qmailofmipd rc.d script to sslserver, listening on the network.
- Install control/{pop3,smtp}capabilities, as newly required by authup.
- Organize INSTALL a bit better.
- Remove all vestiges of stunnel, including further shortening MESSAGE.

(schmonz)

doc: Updated mail/qmail-acceptutils to 20181027

(schmonz)

Update to 20181027. Changes:

- Implement SMTP "STARTTLS" and POP3 "STLS", relying on sslserver's UCSPI-TLS.
  Derived from s/qmail's implementation.
- Catch up to s/qmail's base64 implementation.
- Implement POP3 "CAPA" verb for POP3.
- Require admin to describe child program in control/{pop3,smtp}capabilities.
- Fix regression from qmail-popup: sleep after auth failure for SMTP only.
- Update authup(8) manual page.

pkgsrc changes:

- Replace security/stunnel dependency with net/ucspi-ssl.

(schmonz)

gtk3: Add a missing BUILDLINK_API_DEPENDS.libepoxy in buildlink3.mk

libepoxy>=1.4 is needed but in buildlink3.mk no such bond was specified leading
to link issues when building packages including gtk3 bl3.

Should fix PR pkg/53688.

(leot)

dnsperf: Fix build with BIND 9.12.3 and newer

(tron)

lsof: Use "bsdtar" instead of "gtar" during build

Remove unnecessary complex logic for optionally using "pax" as well

(tron)

Add u-boot-odroid-xu3

(skrll)

Add u-boot-odroid-xu3.

This package provides U-Boot for the Hardkernel ODROID-XU3 and XU4.

(skrll)

doc: Updated net/dnsmasq to 2.80

(maya)

dnsmasq: update to 2.80. add dnssec option (default disabled)
From i3endek, thanks!

version 2.80
Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
for the initial patch and motivation.

Alter the default for dnssec-check-unsigned. Versions of
dnsmasq prior to 2.80 defaulted to not checking unsigned
replies, and used --dnssec-check-unsigned to switch
        this on. Such configurations will continue to work as before,
        but those which used the default of no checking will need to be
        altered to explicitly select no checking. The new default is
        because switching off checking for unsigned replies is
inherently dangerous. Not only does it open the possiblity of forged
        replies, but it allows everything to appear to be working even
        when the upstream namesevers do not support DNSSEC, and in this
        case no DNSSEC validation at all is occuring.

        Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
are set. Thanks to Daniel Miess for help with this.

Add a facilty to store DNS packets sent/recieved in a
pcap-format file for later debugging. The file location
is given by the --dumpfile option, and a bitmap controlling
which packets should be dumped is given by the --dumpmask
option.

Handle the case of both standard and constructed dhcp-ranges on the
same interface better. We don't now contruct a dhcp-range if there's
already one specified. This allows the specified interface to
have different parameters and avoids advertising the same
prefix twice. Thanks to Luis Marsano for spotting this case.

Allow zone transfer in authoritative mode if auth-peer is specified,
even if auth-sec-servers is not. Thanks to Rapha谷l Halimi for
the suggestion.

Fix bug which sometimes caused dnsmasq to wrongly return answers
without DNSSEC RRs to queries with the do-bit set, but only when
DNSSEC validation was not enabled.
Thanks to Petr Men邸鱈k for spotting this.

Fix missing fatal errors with some malformed options
(server, local, address, rebind-domain-ok, ipset, alias).
Thanks to Eugene Lozovoy for spotting the problem.

Fix crash on startup with a --synth-domain which has no prefix.
Introduced in 2.79. Thanks to Andreas Engel for the bug report.

Fix missing EDNS0 section in some replies generated by local
DNS configuration which confused systemd-resolvd. Thanks to
Steve Dodd for characterising the problem.

Add --dhcp-name-match config option.

Add --caa-record config option.

Implement --address=/example.com/# as (more efficient) syntactic
sugar for --address=/example.com/0.0.0.0 and
--address=/example.com/::
Returning null addresses is a useful technique for ad-blocking.
Thanks to Peter Russell for the suggestion.

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Include in the example config file a formulation which
stops DHCP clients from claiming the DNS name "wpad".
This is a fix for the CERT Vulnerability VU#598349.

(maya)

+hfstospell

(bsiegert)

Add a package for hfstospell-0.5.1.

This is a library that's part of providing a fully featured spellchecker
for Finnish. From DESCR:

This is a minimal hfst optimized lookup format based spell checker library and
a demonstrational implementation of command line based spell checker. The
library is licenced under Apache licence version 2, other licences can be
obtained from University of Helsinki.

(bsiegert)

doc: Updated multimedia/mkvtoolnix to 28.2.0

(maya)

mkvtoolnix: update to 28.2.0. security fix.

* mkvmerge, mkvinfo, mkvextract, mkvpropedit, MKVToolNix GUI's info tool &
  chapter editor: fixed a case of memory being accessed after it had been
  freed earlier. This can be triggered by specially crafted Matroska files and
  lead to arbitrary code execution. The vulnerability was reported as Cisco
  TALOS 2018-0694 on 2018-10-25.

(maya)

#5854

(spz)

Pullup ticket #5854 - requested by maya
www/seamonkey: security update
www/seamonkey-l10n: security update

Revisions pulled up:
- www/seamonkey-l10n/Makefile                                  1.44
- www/seamonkey-l10n/PLIST                                      1.29
- www/seamonkey-l10n/distinfo                                  1.42
- www/seamonkey/Makefile                                        1.181
- www/seamonkey/PLIST                                          1.62
- www/seamonkey/distinfo                                        1.155

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Tue Oct 23 22:55:13 UTC 2018

  Modified Files:
          pkgsrc/www/seamonkey: Makefile PLIST distinfo
          pkgsrc/www/seamonkey-l10n: Makefile PLIST distinfo

  Log Message:
  seamonkey: update to 2.49.4
  Note this update is based off an EOL firefox (ESR52). Use with caution.

  What's New in SeaMonkey 2.49.4
  SeaMonkey 2.49.4 uses the same backend as Firefox and contains the relevant Firefox 52.9.0 ESR security fixes.
  SeaMonkey 2.49.4 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 52.9.1 release notes for specific changes and security fixes in this release.

  SeaMonkey-specific changes
      Among the general platform and mail fixes this release contains backported fixes from Thunderbird for the EFAIL security vulnerability.
      SeaMonkey now uses gtk3 on Linux. If you experience a problem because of this please file a bug and link it to Switch Linux builds to GTK3 with SeaMonkey 2.49. Pleae try another OS theme first.
  Some of them are buggy and cause problems with SeaMonkey, Thunderbird and Firefox.

  To generate a diff of this commit:
  cvs rdiff -u -r1.180 -r1.181 pkgsrc/www/seamonkey/Makefile
  cvs rdiff -u -r1.61 -r1.62 pkgsrc/www/seamonkey/PLIST
  cvs rdiff -u -r1.154 -r1.155 pkgsrc/www/seamonkey/distinfo
  cvs rdiff -u -r1.43 -r1.44 pkgsrc/www/seamonkey-l10n/Makefile
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/www/seamonkey-l10n/PLIST
  cvs rdiff -u -r1.41 -r1.42 pkgsrc/www/seamonkey-l10n/distinfo

(spz)

Make enchant.ordering a CONF_FILE.

This mirrors the same commit in wip. Logically, the ordering file is the
default config.

No more PLIST conflicts between enchant versions 1 and 2.

(bsiegert)

go: Improve PRINT_PLIST_AWK patterns and avoid possible double definition

- Move GO_PLATFORM definition in lang/go/version.mk in order that also lang/go*
  packages can (re)use it
- Change PRINT_PLIST_AWK pattern that replace all ${GO_PLATFORM} and apply it
  only when ${GO_PLATFORM} is a directory (between two "/").  There are only
  3 exceptions to that in lang/go14.
  Move it to version.mk so lang/go* PLIST can be mostly automatically
  generated.

These changes should help to avoid (most) manual editing of
lang/go*/PLIST.

Discussed with and thanks to <bsiegert>!

(leot)

py-python-lua: Don't unnecessarily restrict the package to python36.

(jperkin)

py-openexr: Fix build on SunOS.

(jperkin)

gearmand: Disable -pie on SunOS.

(jperkin)

lua-rocks: Requires unzip.

(jperkin)

lua-lrexlib: Fix build on SunOS.

(jperkin)

py-peewee: Find libsqlite3 correctly.

(jperkin)