ruby-net-telnet: Limit to ruby22.

Appears to be bundled with ruby23-base and newer, leading to conflicts.

(jperkin)

py-grpcio: Support SunOS.

(jperkin)

py-gevent: Fix SunOS C99 build.

(jperkin)

py-zstandard: add missing patch

(adam)

Updated archivers/zstd, archivers/py-zstandard

(adam)

py-zstandard: updated to 0.10.1

0.10.1:

Backwards Compatibility Notes
* ZstdCompressor.stream_reader().closed is now a property instead of a
  method.
* ZstdDecompressor.stream_reader().closed is now a property instead of a
  method.

Changes
* Stop attempting to package Python 3.6 for Miniconda. The latest version of
  Miniconda is using Python 3.7. The Python 3.6 Miniconda packages were a lie
  since this were built against Python 3.7.
* ZstdCompressor.stream_reader()'s and ZstdDecompressor.stream_reader()'s
  closed attribute is now a read-only property instead of a method. This now
  properly matches the IOBase API and allows instances to be used in more
  places that accept IOBase instances.

0.10.0:

Backwards Compatibility Notes
* ZstdDecompressor.stream_reader().read() now consistently requires an
  argument in both the C and CFFI backends. Before, the CFFI implementation
  would assume a default value of -1, which was later rejected.
* The compress_literals argument and attribute has been removed from
  zstd.ZstdCompressionParameters because it was removed by the zstd 1.3.5
  API.
* ZSTD_CCtx_setParametersUsingCCtxParams() is no longer called on every
  operation performed against ZstdCompressor instances. The reason for this
  change is that the zstd 1.3.5 API no longer allows this without calling
  ZSTD_CCtx_resetParameters() first. But if we called
  ZSTD_CCtx_resetParameters() on every operation, we'd have to redo
  potentially expensive setup when using dictionaries. We now call
  ZSTD_CCtx_reset() on every operation and don't attempt to change
  compression parameters.
* Objects returned by ZstdCompressor.stream_reader() no longer need to be
  used as a context manager. The context manager interface still exists and its
  behavior is unchanged.
* Objects returned by ZstdDecompressor.stream_reader() no longer need to be
  used as a context manager. The context manager interface still exists and its
  behavior is unchanged.

Bug Fixes
* ZstdDecompressor.decompressobj().decompress() should now return all data
  from internal buffers in more scenarios. Before, it was possible for data to
  remain in internal buffers. This data would be emitted on a subsequent call
  to decompress(). The overall output stream would still be valid. But if
  callers were expecting input data to exactly map to output data (say the
  producer had used flush(COMPRESSOBJ_FLUSH_BLOCK) and was attempting to
  map input chunks to output chunks), then the previous behavior would be
  wrong. The new behavior is such that output from
  flush(COMPRESSOBJ_FLUSH_BLOCK) fed into decompressobj().decompress()
  should produce all available compressed input.
* ZstdDecompressor.stream_reader().read() should no longer segfault after
  a previous context manager resulted in error.
* ZstdCompressor.compressobj().flush(COMPRESSOBJ_FLUSH_BLOCK) now returns
  all data necessary to flush a block. Before, it was possible for the
  flush() to not emit all data necessary to fully represent a block. This
  would mean decompressors wouldn't be able to decompress all data that had been
  fed into the compressor and flush()ed.

New Features
* New module constants BLOCKSIZELOG_MAX, BLOCKSIZE_MAX,
  TARGETLENGTH_MAX that expose constants from libzstd.
* New ZstdCompressor.chunker() API for manually feeding data into a
  compressor and emitting chunks of a fixed size. Like compressobj(), the
  API doesn't impose restrictions on the input or output types for the
  data streams. Unlike compressobj(), it ensures output chunks are of a
  fixed size. This makes this API useful when the compressed output is being
  fed into an I/O layer, where uniform write sizes are useful.
* ZstdCompressor.stream_reader() no longer needs to be used as a context
  manager.
* ZstdDecompressor.stream_reader() no longer needs to be used as a context
  manager.
* Bundled zstandard library upgraded from 1.3.4 to 1.3.6.

Changes
* Added zstd_cffi.py and NEWS.rst to MANIFEST.in.
* zstandard.__version__ is now defined.
* Upgrade pip, setuptools, wheel, and cibuildwheel packages to latest versions.
* Upgrade various packages used in CI to latest versions. Notably tox (in
  order to support Python 3.7).
* Use relative paths in setup.py to appease Python 3.7.
* Added CI for Python 3.7.

(adam)

zstd: updated to 1.3.7

Zstandard v1.3.7
perf: slightly better decompression speed on clang (depending on hardware target)
fix: ratio for dictionary compression at levels 9 and 10, reported by @indygreg
build: no longer build backtrace by default in release mode; restrict further automatic mode
build: control backtrace support through build macro BACKTRACE
misc: added man pages for zstdless and zstdgrep, by @samrussell

(adam)

doc: Added mail/qmail-acceptutils version 20181022

(schmonz)

Add and enable qmail-acceptutils.

(schmonz)

Initial import of qmail-acceptutils, my SMTP AUTH implementation for
qmail. It avoids patch conflicts, adds new user-controlled features, and
is more consistent with qmail's design.

To SMTP-authenticate users without patching ofmipd(8) or qmail-smtpd(8),
compose the following programs into your configuration:

- reup runs a program repeatedly until it succeeds.
- authup offers SMTP or POP3 authentication and calls checkpassword.
- checknotroot refuses to run as UID 0.
- fixsmtpio filters SMTP I/O and exit status to suit authup.

(schmonz)

iftop: Fix build on SunOS.

(jperkin)

doc: Added graphics/p5-Graph-Easy version 0.76

(schmonz)

Add and enable p5-Graph-Easy.

(schmonz)

Initial import of p5-Graph-Easy, which lets you generate graphs
consisting of various shaped nodes connected by edges (with
optional labels).

It can read and write graphs in a variety of formats, as well as render
them via its own grid-based layouter.

Since the layouter works on a grid (manhattan layout), the output is
most useful for flow charts, network diagrams, or hierarchy trees.

(schmonz)

Updated devel/py-requests, devel/py-requests-futures

(adam)

py-requests-futures: updated to 0.9.8

0.9.8:
Unknown changes

(adam)

py-requests: updated to 2.20.0

2.20.0:
Bugfixes
Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).
Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.
Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)
should_bypass_proxies now handles URIs without hostnames (e.g. files).

Dependencies
Requests now supports urllib3 v1.24.

Deprecations
Requests has officially stopped support for Python 2.6.

(adam)

doc: Updated www/ikiwiki to 3.20180311nb4

(schmonz)

Add upstream patch to give graph an optional "file" param, like table's.
Bump PKGREVISION.

(schmonz)

doc: Updated misc/tmux to 2.8

(leot)

tmux: Update misc/tmux to 2.8

pkgsrc changes:
- Address -Wint-conversion warnings and properly cast to long, patch by
  <christos> from NetBSD, thanks!
- Remove patch-server-client.c, timersub() was added in compat.h
  since tmux-1.9 and is no longer needed
- Take MAINTAINERship

Changes:
2.8
---
* Make display-panes block the client until a pane is chosen or it
  times out.
* Clear history on RIS like most other terminals do.
* Add an "Any" key to run a command if a key is pressed that is not
  bound in the current key table.
* Expand formats in load-buffer and save-buffer.
* Add a rectangle_toggle format.
* Add set-hook -R to run a hook immediately.
* Add README.ja.
* Add pane focus hooks.
* Allow any punctuation as separator for s/x/y not only /.
* Improve resizing with the mouse (fix resizing the wrong pane in some
  layouts, and allow resizing multiple panes at the same time).
* Allow , and } to be escaped in formats as #, and #}.
* Add KRB5CCNAME to update-environment.
* Change meaning of -c to display-message so the client is used if it
  matches the session given to -t.
* Fixes to : form of SGR.
* Add x and X to choose-tree to kill sessions, windows or panes.

(leot)

doc: Added devel/py-semantic_version version 2.6.0

(minskim)

devel/Makefile: Add py-semantic_version

(minskim)

devel/py-semantic_version: Import version 2.6.0

This small python library provides a few tools to handle SemVer in
Python. It follows strictly the 2.0.0 version of the SemVer scheme.

(minskim)

doc/TODO: add some

+ MesaLib-18.2.3, cairo-1.16.0, calibre-3.33.1, harfbuzz-2.0.2.

(wiz)

doc: Updated time/ruby-tzinfo-data to 1.2018.6

(taca)

time/ruby-tzinfo-data: update to 1.2018.6

1.2018.6 (2018/10/18)

Based on version 2018f of the IANA Time Zone Database
(https://mm.icann.org/pipermail/tz-announce/2018-October/000051.html).

(taca)

doc: note update of bind911 and bind912

net/bind911 9.11.5
net/bind912 9.12.3

(taca)

net/bind912: udpate to 9.12.3

--- 9.12.3 released ---

--- 9.12.3rc1 released ---

5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]

5035. [test] Fixed errors that prevented the DNSRPS subtests
from running in the rpz and rpzrecurse system
tests. [GL #503]

5034. [bug] A race between threads could prevent zone maintenance
scheduled immediately after zone load from being
performed. [GL #542]

5033. [bug] When adding NTAs to multiple views using "rndc nta",
the text returned via rndc was incorrectly terminated
after the first line, making it look as if only one
NTA had been added. Also, it was not possible to
differentiate between views with the same name but
different classes; this has been corrected with the
addition of a "-class" option. [GL #105]

5032. [func] Add krb5-selfsub and ms-selfsub update policy rules.
[GL #511]

5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash
on architectures with strict alignment. [GL #521]

5028. [bug] Spread the initial RRSIG expiration times over the
entire working sig-validity-interval when signing a
zone in named to even out re-signing and transfer
loads. [GL #418]

5026. [bug] rndc reconfig should not touch already loaded zones.
[GL #276]

5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]

5021. [bug] dig returned a non-zero exit code when it received a
reply over TCP after a retry. [GL #487]

5019. [cleanup] A message is now logged when ixfr-from-differences is
set at zone level for an inline-signed zone. [GL #470]

5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c.
[GL !588]

5017. [bug] lib/isc/pk11.c failed to unlink the session before
releasing the lock which is unsafe. [GL !589]

5016. [bug] Named could assert with overlapping filter-aaaa and
dns64 acls. [GL #445]

5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]

5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]

5013. [bug] A referral response with a non-empty ANSWER section was
inadvertently being treated as an error. [GL #390]

5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590]

5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]

5008. [bug] "rndc signing -nsec3param ..." requests were silently
ignored for zones which were not yet loaded or
transferred. [GL #468]

5007. [cleanup] Replace custom ISC boolean and integer data types
with C99 stdint.h and stdbool.h types. [GL #9]

5006. [cleanup] Code preparing a delegation response was extracted from
query_delegation() and query_zone_delegation() into a
separate function in order to decrease code
duplication. [GL #431]

5005. [bug] dnssec-verify, and dnssec-signzone at the verification
step, failed on some validly signed zones. [GL #442]

5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]

5003. [bug] dns_acl_isinsecure did not handle geoip elements.
[GL #406]

5002. [bug] mdig: Handle malformed +ednsopt option, support 100
+ednsopt options per query rather than 100 total and
address memory leaks if +ednsopt was specified.
[GL #410]

5001. [bug] Fix refcount errors on error paths. [GL !563]

5000. [bug] named_server_servestale() could leave the server in
exclusive mode if an error occured. [GL #441]

4996. [bug] dig: Handle malformed +ednsopt option. [GL #403]

4995. [test] Add tests for "tcp-self" update policy. [GL !282]

4994. [bug] Trust anchor telemetry queries were not being sent
upstream for locally served zones. [GL #392]

4992. [bug] The wrong address was being logged for trust anchor
telemetry queries. [GL #379]

4990. [bug] Prevent a possible NULL reference in pkcs11-keygen.
[GL #401]

4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under
a DNAME. [GL #386]

(taca)

net/bind911: update to 9.11.5

--- 9.11.5 released ---

--- 9.11.5rc1 released ---

5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]

5034. [bug] A race between threads could prevent zone maintenance
scheduled immediately after zone load from being
performed. [GL #542]

5033. [bug] When adding NTAs to multiple views using "rndc nta",
the text returned via rndc was incorrectly terminated
after the first line, making it look as if only one
NTA had been added. Also, it was not possible to
differentiate between views with the same name but
different classes; this has been corrected with the
addition of a "-class" option. [GL #105]

5032. [func] Add krb5-selfsub and ms-selfsub update policy rules.
[GL #511]

5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash
on architectures with strict alignment. [GL #521]

5028. [bug] Spread the initial RRSIG expiration times over the
entire working sig-validity-interval when signing a
zone in named to even out re-signing and transfer
loads. [GL #418]

5026. [bug] rndc reconfig should not touch already loaded zones.
[GL #276]

5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]

5021. [bug] dig returned a non-zero exit code when it received a
reply over TCP after a retry. [GL #487]

5019. [cleanup] A message is now logged when ixfr-from-differences is
set at zone level for an inline-signed zone. [GL #470]

5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c.
[GL !588]

5017. [bug] lib/isc/pk11.c failed to unlink the session before
releasing the lock which is unsafe. [GL !589]

5016. [bug] Named could assert with overlapping filter-aaaa and
dns64 acls. [GL #445]

5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]

5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]

5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590]

5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]

5008. [bug] "rndc signing -nsec3param ..." requests were silently
ignored for zones which were not yet loaded or
transferred. [GL #468]

5007. [cleanup] Replace custom ISC boolean and integer data types
with C99 stdint.h and stdbool.h types. [GL #9]

5005. [bug] dnssec-verify, and dnssec-signzone at the verification
step, failed on some validly signed zones. [GL #442]

5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]

5003. [bug] dns_acl_isinsecure did not handle geoip elements.
[GL #406]

5002. [bug] mdig: Handle malformed +ednsopt option, support 100
+ednsopt options per query rather than 100 total and
address memory leaks if +ednsopt was specified.
[GL #410]

5001. [bug] Fix refcount errors on error paths. [GL !563]

4996. [bug] dig: Handle malformed +ednsopt option. [GL #403]

4995. [test] Add tests for "tcp-self" update policy. [GL !282]

4994. [bug] Trust anchor telemetry queries were not being sent
upstream for locally served zones. [GL #392]

4992. [bug] The wrong address was being logged for trust anchor
telemetry queries. [GL #379]

4990. [bug] Prevent a possible NULL reference in pkcs11-keygen.
[GL #401]

(taca)

Add checksum for patch-src-Toolbar.cc, thanks to leot@ for the hint.

(he)

etcmanage: even more belatedly commit distinfo for new patch

(gdt)

net/bind99: remove a left file

Remove a left file.

(taca)

tickets 5846-5850

(spz)

Pullup ticket #5850 - requested by bsiegert
lang/chicken: security update

Revisions pulled up:
- lang/chicken/Makefile                                        1.59-1.60
- lang/chicken/distinfo                                        1.43

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  leot
  Date:          Sun Oct 14 09:07:25 UTC 2018

  Modified Files:
          pkgsrc/lang/chicken: Makefile distinfo

  Log Message:
  chicken: Update lang/chicken to 4.13.0

  Patch provided by dziltener via PR pkg/52929, thanks!

  Changes:
  4.13.0

  - Security fixes
    - CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
      when allocating in non-GC memory, resulting in potential 1-word
      buffer overrun and/or segfault (thanks to Lemonboy).
    - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
      #1375, thanks to "megane").
    - CVE-2017-11343: The randomization factor of the symbol table was
      set before the random seed was set, causing it to have a fixed value
      on many platforms.

  - Core Libraries
    - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
      interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
    - char-ready? on string ports now also returns #t at EOF, as per R5RS;
      in other words, it always returns #t (thanks to Moritz Heidkamp)
    - Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
      on s8vectors (thanks to Kristian Lein-Mathisen).
    - Large literals no longer crash with "invalid encoded numeric literal"
      on mingw-64 (#1344, thanks to Lemonboy).
    - Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
      from being matched correctly (Thanks to Lemonboy and Chunyang Xu).

  - Runtime system:
    - The profiler no longer uses malloc from a signal handler which may
      cause deadlocks (#1414, thanks to Lemonboy).
    - The scheduler no longer indirectly hangs on to the old thread
      when switching to a new one, which caused excessive memory
      consumption (#1367, thanks to "megane").
    - C++ programs no longer fail with a symbol lookup error when
      compiled with debugger support (-d3 or -debug-info).

  - Syntax expander
    - Renaming an identifier twice no longer results in an undo of the
      rename (fixes #1362, thanks to "megane").

  - Build system
    - Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
    - Fixed compilation on DragonflyBSD due to no feature macro support
      in its standard C library (thanks to Markus Pfeiffer).

  - Compiler
    - The scrutinizer no longer uses 'fixnum as the type for fixnums
      that might not fit into a fixnum on 32-bit architectures.

  - Foreign function interface
    - Correctly calculate memory requirements of Scheme objects produced
      from foreign types with "const" qualifiers, avoiding memory
      corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
    - Do not read beyond temporary stack buffer, which could lead to
      a crash when returning from a foreign callback (#1428).

  4.12.0

  - Security fixes
    - CVE-2016-6830: Fix buffer overrun due to excessively long argument
      or environment lists in process-execute and process-spawn (#1308).
      This also removes unnecessary limitations on the length of
      these lists (thanks to Vasilij Schneidermann).
    - CVE-2016-6831: Fix memory leak in process-execute and
      process-spawn.  If, during argument and environment list
      processing, a list item isn't a string, an exception is thrown,
      in which case previously malloc()ed strings weren't freed.
    - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
      an exponential explosion in compilation of nested "+" patterns.

  - Compiler:
    - define-constant now correctly keeps symbol values quoted.
    - Warnings are now emitted when using vector-{ref,set!} or one
      of take, drop, list-ref or list-tail with an out of range index
      for vectors and proper lists of a definitely known length.
    - The scrutinizer will no longer drop knowledge of the length of a
      vector.  It still drops types of its contents (which may be mutated).
    - Fixed incorrect argvector restoration after GC in directly
      recursive functions (#1317).
    - "Direct" procedure invocations now also maintain debug info (#894).

  - Syntax expander
    - DSSSL lambda lists have improved hygiene, so they don't need
      the chicken or scheme modules to be imported in full (#806).
    - The let-optionals* macro no longer needs "quote", "car" and "cdr"
      to be imported and bound to their default values (#806).

  - Runtime system:
    - C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
      which is faster because it is inlined (#1260, thanks to Kooda).
    - The default error handler now truncates very long condition
      messages (thanks to Lemonboy).
    - Weak symbol GC (-:w) no longer drops random symbols (#1173).
    - The number of arguments to procedures, both via "apply" and direct
      invocation, are now limited only by the C stack size (#1098).
    - "time" macro now shows peak memory usage (#1318, thanks to Kooda).
    - Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).

  - Core libraries:
    - Irregex has been updated to 0.9.5, which fixes matching of all "bow"
      occurrances beyond the first with irregex-fold (upstream issue #14).
    - Keywords are more consistently read/written, like symbols (#1332).
    - SRFI-39: When jumping out of a parameterized dynamic extent,
      "parameterize" now remember the actual values, so when jumping back
      in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
      This was a regression caused by the fix for #1227.

  - Tools:
    - "chicken-install"
      - When installing eggs in deploy mode with "-keep-installed", eggs
        under the prefix won't unnecessarily be reinstalled (#1144).
      - Added new option "-no-install-deps" which inhibits automatic
        installation of dependencies, useful with "-prefix" (#1298).

  To generate a diff of this commit:
  cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  jperkin
  Date:          Thu Oct 18 14:32:43 UTC 2018

  Modified Files:
          pkgsrc/lang/chicken: Makefile

  Log Message:
  chicken: Set INSTALL_PROGRAM, fixes install on SunOS.

  To generate a diff of this commit:
  cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile

(spz)

Pullup ticket #5849 - requested by bsiegert
devel/ncurses: security patch
devel/ncursesw: security patch

Revisions pulled up:
- devel/ncurses/Makefile                                        1.100
- devel/ncurses/distinfo                                        1.35
- devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c      1.3
- devel/ncursesw/Makefile                                      1.17

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  leot
  Date:          Thu Oct 18 19:42:50 UTC 2018

  Modified Files:
          pkgsrc/devel/ncurses: Makefile distinfo
          pkgsrc/devel/ncursesw: Makefile
  Added Files:
          pkgsrc/devel/ncurses/patches: patch-ncurses_tinfo_parse__entry.c

  Log Message:
  ncurses{,w}: Backport patch for CVE-2018-10754

  Patch provided by Attila F端l旦p via NetBSD/pkgsrc#34, thanks!

  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.99 -r1.100 pkgsrc/devel/ncurses/Makefile
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/devel/ncurses/distinfo
  cvs rdiff -u -r0 -r1.3 \
      pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ncursesw/Makefile

(spz)

Pullup ticket #5848 - requested by bsiegert
devel/libgit2: security update

Revisions pulled up:
- devel/libgit2/Makefile                                        1.29
- devel/libgit2/distinfo                                        1.14

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  taca
  Date:          Thu Oct 18 14:43:01 UTC 2018

  Modified Files:
          pkgsrc/devel/libgit2: Makefile distinfo

  Log Message:
  devel/libgit2: update to 0.27.5

  libgit2 0.27.5 (2018/10/5)

  This is a security release fixing the following list of issues:

  * Submodule URLs and paths with a leading "-" are now ignored.  This is due to
    the recently discovered CVE-2018-17456, which can lead to arbitrary code
    execution in upstream git.  While libgit2 itself is not vulnerable, it can
    be used to inject options in an implementation which performs a recursive
    clone by executing an external command.

  * When running repack while doing repo writes, packfile_load__cb() could see
    some temporary files in the directory that were bigger than the usual, and
    makes memcmp overflow on the p->pack_name string.  This issue was reported
    and fixed by bisho.

  * The configuration file parser used unbounded recursion to parse multiline
    variables, which could lead to a stack overflow.  The issue was reported by
    the oss-fuzz project, issue 10048 and fixed by Nelson Elhage.

  * The fix to the unbounded recursion introduced a memory leak in the config
    parser.  While this leak was never in a public release, the oss-fuzz project
    reported this as issue 10127.  The fix was implemented by Nelson Elhage and
    Patrick Steinhardt.

  * When parsing "ok" packets received via the smart protocol, our parsing code
    did not correctly verify the bounds of the packets, which could result in a
    heap-buffer overflow.  The issue was reported by the oss-fuzz project, issue
    9749 and fixed by Patrick Steinhardt.

  * The parsing code for the smart protocol has been tightened in general,
    fixing heap-buffer overflows when parsing the packet type as well as for
    "ACK" and "unpack" packets.  The issue was discovered and fixed by Patrick
    Steinhardt.

  * Fixed potential integer overflows on platforms with 16 bit integers when
    parsing packets for the smart protocol.  The issue was discovered and fixed
    by Patrick Steinhardt.

  * Fixed potential NULL pointer dereference when parsing configuration files
    which have "include.path" or "includeIf..path" statements without a value.

  To generate a diff of this commit:
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/devel/libgit2/Makefile
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/libgit2/distinfo

(spz)

Pullup ticket #5847 - requested by bsiegert
devel/patch: security patches

Revisions pulled up:
- devel/patch/Makefile                                          1.45
- devel/patch/distinfo                                          1.13
- devel/patch/patches/patch-src_pch.c                          1.1
- devel/patch/patches/patch-tests_Makefile.in                  1.1
- devel/patch/patches/patch-tests_ed-style                      1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  leot
  Date:          Thu Oct 18 19:26:16 UTC 2018

  Modified Files:
          pkgsrc/devel/patch: Makefile distinfo
  Added Files:
          pkgsrc/devel/patch/patches: patch-src_pch.c patch-tests_Makefile.in
              patch-tests_ed-style

  Log Message:
  patch: Backport patches for several security fixes

  pkgsrc changes:
    - Remove custom and no longer needed do-patch target, it was fixed upstream
    - Minor cosmetic improvements pointed out by pkglint

  Changes:
    - Backport patches for CVE-2018-6951, CVE-2018-6952 and CVE-2018-1000156

  Patch provided by Attila F端l旦p via NetBSD/pkgsrc#33, thanks!

  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.44 -r1.45 pkgsrc/devel/patch/Makefile
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/devel/patch/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/devel/patch/patches/patch-src_pch.c \
      pkgsrc/devel/patch/patches/patch-tests_Makefile.in \
      pkgsrc/devel/patch/patches/patch-tests_ed-style

(spz)

Pullup ticket #5846 - requested by bsiegert
mail/spamassassin: security update

Revisions pulled up:
- mail/spamassassin/Makefile                                    1.132
- mail/spamassassin/distinfo                                    1.72
- mail/spamassassin/patches/patch-Makefile.PL                  1.3
- mail/spamassassin/patches/patch-ae                            1.14
- mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm deleted
- mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm deleted
- mail/spamassassin/patches/patch-sa-compile                    deleted
- mail/spamassassin/patches/patch-spamc_libspamc.c              1.2

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Thu Oct 18 19:54:32 UTC 2018

  Modified Files:
          pkgsrc/mail/spamassassin: Makefile distinfo
          pkgsrc/mail/spamassassin/patches: patch-Makefile.PL patch-ae
              patch-spamc_libspamc.c
  Removed Files:
          pkgsrc/mail/spamassassin/patches:
              patch-lib_Mail_SpamAssassin_DnsResolver.pm
              patch-lib_Mail_SpamAssassin_PerMsgStatus.pm patch-sa-compile

  Log Message:
  Update spamassassin to 3.4.2.

  From Attila Fueloep in pull request NetBSD/pkgsrc#32.

  Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
  past three and 1/2 years.  As we release 3.4.2, we are preparing 4.0.0 which
  will move us into a full UTF-8 environment.  We expect one final 3.4.3
  release.

  As with any release there are a number of functional patches, improvements as
  well as security reasons to upgrade to 3.4.2.  In this case we have over 3
  years of issues being resolved at once.  And we are laying thr groundwork for
  version 4.0 which is is designed to more natively handle UTF-8.

  However, there is one specific pressing reason to upgrade.  Specifically, we
  will stop producing SHA-1 signatures for rule updates.  This means that while
  we produce rule updates with the focus on them working for any release from
  v3.3.2 forward, they will start failing SHA-1 validation for sa-update.

  *** If you do not update to 3.4.2, you will be stuck at the last ruleset
      with SHA-1 signatures in the near future. ***

  Full release notes at
  http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.2.txt.

  To generate a diff of this commit:
  cvs rdiff -u -r1.131 -r1.132 pkgsrc/mail/spamassassin/Makefile
  cvs rdiff -u -r1.71 -r1.72 pkgsrc/mail/spamassassin/distinfo
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/mail/spamassassin/patches/patch-Makefile.PL
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/spamassassin/patches/patch-ae
  cvs rdiff -u -r1.5 -r0 \
      pkgsrc/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_DnsResolver.pm
  cvs rdiff -u -r1.3 -r0 \
      pkgsrc/mail/spamassassin/patches/patch-lib_Mail_SpamAssassin_PerMsgStatus.pm
  cvs rdiff -u -r1.1 -r0 pkgsrc/mail/spamassassin/patches/patch-sa-compile
  cvs rdiff -u -r1.1 -r1.2 \
      pkgsrc/mail/spamassassin/patches/patch-spamc_libspamc.c

(spz)

Updated misc/py-anita to 1.46

(gson)

misc/py-anita: update to 1.46

Changes from 1.45:

Add support for NetBSD/evbarm-aarch64 targets.

Add support for NetBSD/sparc64 targets, from Utkarsh Anand.

The run_tests() method now halts the VM, to ensure that the
scratch disk containing ATF test results is flushed by the
guest before being read by the host.

(gson)

Updated net/p5-Net-DNS to 1.18

(wen)

Update to 1.18

Upstream changes:
1.18 Sep 21, 2018

        Documentation revised to remove ambigous use of "answer" which
        has been used to refer to both the answer section of a packet
        and the entire reply packet received from a nameserver.

Fix rt.cpan.org #127018

        Net::DNS::ZoneFile->parse() fails if include directory specified.

Fix rt.cpan.org #127012

        DNS resolution broken when options ndots used in /etc/resolv.conf

(wen)

Updated net/p5-Net-IPv6Addr to 0.96

(wen)

Update to 0.96
Update DEPENDS

Upstream changes:
0.96 2018-10-06
        * Requirement on Math::BigInt changed to add version

0.95 2018-10-06
        * "from_bigint" method added
        * Documentation updated to reflect the current RFCs
        * Tests of "to_bigint", rfc compliance; fix broken string test
        * Any valid ipv6 value can now be output as mixed ipv6 and ipv4

0.94 2018-10-06    Ben Bullock <bkb@cpan.org>
        * Pod error fixed
        * EXPORTS_OK corrected

0.93 2018-10-05    Ben Bullock <bkb@cpan.org>
        * Remove README and use generated one
        * Fix bad links in documentation

0.92 2018-10-05    Ben Bullock <bkb@cpan.org>
        * Documentation expanded with working examples
        * UTF-8 in Makefile.PL marked
        * to_* routines exported on demand
        * Repetition in error messages removed

(wen)

Updated math/p5-Math-BigInt to 1.999815

(wen)

Update to 1.999815

Upstream changes:
1.999815 2018-10-19

* Move bitwise operators signed and, signed or, and signed xor from
  lib/Math/BigInt/CalcEmu.pm into lib/Math/BigInt/Lib.pm. The file
  lib/Math/BigInt/CalcEmu.pm is no longer needed and thus removed.

1.999814 2018-10-01

* Add to_base() and from_base() to Math::BigInt and corresponding library
  methods _to_base() and _from_base() to Math::BigInt::Lib. This was inspired
  by CPAN RT #122681.

* Fix Makefile.PL to reflect that Test::More is only needed for testing, not
  for building.

* In the documentation for each of the to_(bin|hex|oct|bytes) methods, add a
  reference to the corresponding from_(bin|hex|oct|bytes) method.

(wen)

Updated net/p5-Net-Libdnet to 0.99

(wen)

Update to 0.99

Upstream changes:
0.99 Tue 18 Sep 17:03:16 CEST 2018
  - bugfix: applied https://rt.cpan.org/Public/Bug/Display.html?id=126967

(wen)

Updated net/p5-Socket6 to 0.29

(wen)

Update to 0.29

Upstream changes:
2018-09-30  Hajimu UMEMOTO  <ume@mahoroba.org>

        * Socket6.pm: Bump version number to 0.29.

        * Socket6.xs: Updates the tests for handling the correct headers
        on NetBSD and DragonFly BSD.

        Submitted by:  Sevan Janiyan <venture37 [...] geeklan.co.uk>

(wen)

Updated sysutils/p5-File-Remove to 1.58

(wen)

Update to 1.58

Upstream changes:
1.58    2018-10-04 - Shlomi Fish
    - Added [MetaJSON] to dist.ini, so releases include a META.json

(wen)

Updated textproc/p5-Net-IDN-Encode to 2.500

(wen)

Update to 2.500

Upstream changes:
2.500 2018-10-06
        - update to Unicode 10.0.0
        - Net::IDN::UTS46: remove workarounds for pre-9.0.0 test vectors; the
          module now more closely follows the written spec
        - Net::IDN::UTS46: fix validation for some non-valid characters
        - Net::IDN::UTS46: for perl 5.8.x/5.10.x, include workaround for bidi
          validation where some labels would incorrectly be marked as invalid
          [B1] because of a bug in perl's Unicode implementation
        - Net::IDN::Punycode: fix for warnings under perl ≤ 5.8.7 (EXPERIMENTAL)

(wen)

Updated textproc/p5-XML-Feed to 0.55

(wen)

Update to 0.55

Upstream changes, please visit:
https://metacpan.org/changes/distribution/XML-Feed

(wen)

Updated textproc/p5-XML-XPath to 1.44

(wen)

Update to 1.44

Upstream changes:
1.44  2018-10-11 MANWAR
      - Added new test for axis descendant.

1.43  2018-10-10 MANWAR
      - Fix memory leak in XML::XPath::Parser (PR #6), Thanks @niner.

(wen)

Updated time/p5-Test-Time to 0.07

(wen)

Update to 0.07

Upstream changes:
0.07 2018-09-27T03:37:54Z
        Fix unimport/import issue (by dakkar)

(wen)

Updated time/p5-Time-Warp to 0.54

(wen)

Update to 0.54

Upstream changes:
0.54  2018.10.08 MANWAR
      - Merged PR #4 (Pod Spelling), thanks @gregoa.

(wen)

Updated www/p5-Catalyst-Runtime to 5.90120

(wen)

Update to 5.90120

Upstream changes:
5.90120 - 2018-10-19
  - avoid problematic test using sysread() on :utf8 filehandles on dev perl
    versions where this is fatal (starting with 5.29.4). see RT#125843.

5.90119 - 2018-09-24
  - fix test for changes in MooseX::Getopt 0.73 (RT#127050)

(wen)

Updated www/p5-CGI-Simple to 1.21

(wen)

Update to 1.21

Upstream changes:
1.21  2018-10-06 MANWAR
      - Patched issue RT# 67061 (handle warning uninitialsed value).

1.20  2018-10-05 MANWAR
      - Merge pull request #4 from jjatria/302-found, changing the
        name of 302 statuses from Moved to Found.

1.19  2018-10-04 MANWAR
      - Merged pull request #3 from jjatria/max-age, which sets max-age
        attribute correctly from constructor.

1.18  2018-10-03 MANWAR
      - Merged pull request #2 from jjatria/samesite, adding
        SameSite support to Cookie handling.

1.17  2018-10-02 MANWAR
      - Merged pull request #7 from asb-capfan/master, should fix
        CPAN Testers fail report on some windows box.

(wen)

Updated www/p5-Cookie-Baker to 0.10

(wen)

Update to 0.10

Upstream changes:
0.10 2018-09-21T07:40:25Z

  - Add samesite https://github.com/kazeburo/Cookie-Baker/pull/13
  - Documentation cleanup

(wen)

Updated www/p5-libwww to 6.36

(wen)

Update to 6.36

Upstream changes:
6.36      2018-10-10 02:20:58Z
    - fix broken link https://metacpan.org/pod/LWP::Simple by fixing pod
      header (thanks for the report, traumschule!)

(wen)

Updated www/p5-HTTP-Tinyish to 0.15

(wen)

Update to 0.15

Upstream changes:
0.15  2018-09-22 13:40:30 PDT
        - in LWP adapter, check if Mozilla::CA is installed as well #15

(wen)

Updated www/p5-Dancer to 1.3500

(wen)

Update to 1.3500
Update DEPENDS

Upstream changes:
1.3500    2018-10-12 21:31:46+01:00 Europe/London
Promoting previous trial releases to stable.

1.3403    2018-10-11 23:41:11+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- request->address now respects behind_proxy - if behind_proxy is set,
  then request->address looks at HTTP_X_FORWARDED_FOR, so you get the
  user's IP, not the proxy. (PR-1199, bigpresh)
- restore ability to use load_settings_from_yaml() without passing
  YAML parser class (PR-1198, snakpak)
- Fixing some spurious cpantesters test failures by subclassing HTTP::Tiny
  in our tests and disabling proxying for 127.0.0.1 - otherwise smokers
  with HTTP proxy env vars set fail tests (PR-1197, bigpresh)
- Tidied POD for Tutorial (PR-1196, manwar)

1.3402    2018-10-10 11:42:07+01:00 Europe/London (TRIAL RELEASE)

1.3401    2018-10-01 12:49:53+01:00 Europe/London (TRIAL RELEASE)

[ENHANCEMENTS]
- Avoid test failures on perls without '.' in @INC
- censor cookie_key in dumps (PR-1193, thefatphil)
- spelling fixes in POD from Debian Perl Group, PR-1191

(wen)

doc: Updated shells/bash-completion to 2.8

(leot)

bash-completion: Update shells/bash-completion to 2.8

Patch provided by Attila F端l旦p via netbsd/pkgsrc#36, thanks!

pkgsrc changes:
- Update MASTER_SITES and HOMEPAGE

Changes:
Unfortunately the changelog is very long. Only new/removed completions/helpers
are documented here (since 2.1):

The following completions were added:
- 2to3, 7z, 7za, _cal, _chfn, _chsh, _dmesg, _eject, _hexdump,
  _hwclock, _ionice, _look, _mock, _modules, _newgrp, _nmcli, _renice,
  _repomanage, _reptyr, _rfkill, _rtcwake, _runuser, _su, _svn,
  _svnadmin, _svnlook, _udevadm, _write, _yum, aclocal-1.10,
  aclocal-1.12, aclocal-1.13, aclocal-1.14, aclocal-1.15, adb,
  appdata-validate, aptitude-curses, automake-1.10, automake-1.12,
  automake-1.13, automake-1.14, automake-1.15, bind, bts, ccze,
  checksec, createuser, deja-dup, dropuser, ebtables, f77, f95,
  flake8, freebsd-update, g95, geoiplookup, geoiplookup6, getconf,
  gfortran, gm, gnokii, hostname, jpegoptim, jshint, lsscsi, lsusb,
  lz4, lz4c, micropython, mr, nproc, oggdec, optipng, pdftotext,
  perltidy, pngfix, portsnap, pv, py.test, py.test-2, py.test-3,
  pycodestyle, pyflakes, pylint-2, pylint-3, pypy, pypy3, pyvenv,
  pyvenv-3.4, pyvenv-3.5, qemu-kvm, qemu-system-i386, qemu-system-x86_64,
  radvdump, sidedoor, ssh-keygen, synclient, timeout, tipc, tox,
  xdg-mime, xdg-settings, zopfli, zopflipng, python,

The following completions were removed:
- cal, chsh, dmesg, eject, hexdump, hwclock, ionice, look, newgrp,
  nmcli, renice, reptyr, rfkill, rtcwake, su,

The following helpers were added:
- python

(leot)

hunspell update

(bsiegert)

Rename analyze, munch and unmunch tools.

These names are way too generic to go into bin/, and folks on the mailing
list agreed. Now they have a "hunspell-" prefix.

Bump revision.

(bsiegert)

security/ruby-bcrypt_pbkdf: Add u_int*_t compat.

(jperkin)

beats: Create a go tool pointing to the appropriate version.

This should be moved to the go infrastructure if it turns out there are more
packages that call "go" directly in their build.

(jperkin)

doc: Updated devel/glib2 to 2.56.2nb3

(leot)

glib2: Fix GCredentials support for NetBSD

The GCredentials support for NetBSD missed a
G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED define and remove
commented out G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED.

Due that the client sent credentials but the server was not able
to receive them.

Regarding possible G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
support probably logic for LOCAL_CREDS should be added but on NetBSD
before 8.0 sc_pid field is not present making that probably not
suitable to use as GCredentials mechanism (since 8.0 this will
probably work).

Bump PKGREVISION

Discussed with <prlw1>, thanks!

(leot)

Always give full interpreter path to cmake.

This was previously Darwin-only but I ran into the same situation when
building finance/gnucash on NetBSD. /usr/pkg/bin/python happened to be
2.7, but it was used instead of python3.7, leading to a build failure.
This commit fixes that.

(bsiegert)

doc: Updated sysutils/riemann-client to 1.10.3

(jperkin)

riemann-client: Update to 1.10.3.

riemann-c-client 1.10.3

Dependencies on the generated protobuf C sources have been fixed in the Makefile.
A few harmless compile-time warnings have been silenced.
Fixed a few typos in riemann-client(1).

riemann-c-client 1.10.2

A number of formatting issues in the API docs have been fixed.

riemann-c-client 1.10.1

The library compiles on OSX/Darwin again, after fixing a symbol aliasing issue.
Reported by @ilovezfs.

riemann-c-client 1.10.0

Added support for micro-second timestamps (available since Riemann 0.2.13),
implemented by Mathieu Corbin, @mcorbin.  Miscellaneous changes

The parts of the test suite that require a running Riemann server are now
disabled by default, and require setting the RCC_NETWORK_TESTS environment
variable to a non-zero value, before running the test suite.

Fixes an issue on systems that had something else listening on the port, or a
Riemann with a different config than the one the test suite expected.

Reported by Dave Cottlehuber, @dch.

(jperkin)

ruby-metasploit-payloads: SSP skip bundled Android libs.

(jperkin)

py-selenium: Skip Linux shared libraries for SSP checks too.

(jperkin)

doc: Updated wm/i3 to 4.15

(jperkin)

i3: Update to 4.15 and fix build on SunOS.

┌────────────────────────────┐
│ Changes in i3 v4.15        │
└────────────────────────────┘

  • build: AnyEvent::I3 moved to the i3 repository, so that its main consumer,
    the i3 testsuite, can use new features immediately (such as the tick event,
    in this case).
  • docs/hacking-howto: promote “using git / sending patches” and “how to
    build?” sections
  • docs/i3bar-protocol: document that pango markup only works with pango fonts
  • docs/ipc: document focus, nodes, floating_nodes
  • docs/ipc: urgent: complete the list of container types
  • docs/ipc: document how to detect i3’s byte order in memory-safe languages
  • docs/ipc: document the GET_CONFIG request
  • docs/userguide: fix formatting issue
  • docs/userguide: explain why Mod4 is usually preferred as a modifier
  • docs/userguide: use more idiomatic english (full-size, so-called)
  • docs/userguide: switch from removed goto command to focus
  • docs/userguide: mention <criteria> in focus
  • docs/userguide: remove outdated 2013 last-modified date
  • dump-asy: add prerequisite checks
  • dump-asy: fix warnings about empty container names
  • i3-dump-log: enable shmlog on demand
  • i3-sensible-terminal: add “kitty”, “guake”, “tilda”
  • i3-sensible-editor: add “gvim”
  • i3bar: add --release flag for bindsym in bar blocks
  • i3bar: add relative coordinates in JSON for click events
  • ipc: rename COMMAND to RUN_COMMAND for consistency
  • ipc: implement tick event for less flaky tests
  • ipc: add error reply to “focus <window_mode>”
  • ipc: send success response for nop
  • default config: add $mod+r to toggle resize mode
  • default config: use variables for workspace names to avoid repetition
  • introduce “assign <criteria> [→] [workspace] [number] <workspace>”
  • introduce “assign <criteria> [→] output left|right|up|down|primary|<output>”
  • introduce a “focus_wrapping” option (subsumes “force_focus_wrapping”)
  • introduce percentage point resizing for floating containers:
    “resize set <width> [px | ppt] <height> [px | ppt]”
  • introduce “resize set <width> ppt <height> ppt” for tiling windows
  • rename “new_window” and “new_float” to “default_border” and
    “default_floating_border” (the old names keep working)
  • output names (e.g. “DP2”) can now be used as synonyms for monitor names
    (e.g. “Dell UP2414Q”).
  • the “swap” command now works with fullscreen windows
  • raise floating windows to top when they are focused programmatically
  • _NET_ACTIVE_WINDOW: invalidate focus to force SetInputFocus call
  • make focus handling consistent when changing focus between outputs
  • round non-integer Xft.dpi values
  • tiling resize: remove minimum size

┌────────────────────────────┐
│ Bugfixes                  │
└────────────────────────────┘

  • i3bar: fix various memory leaks
  • i3bar: fix crash when no status_command is provided
  • fix uninitialized variables in init_dpi_end, tree_restore
  • fix incorrectly set up signal handling
  • fix “swap” debug log message
  • fix crash when specifying invalid con_id for “swap”
  • fix crash upon restart with window marks
  • fix crash when config file does not end in a newline
  • fix crash in append_layout
  • fix crash in layout toggle command
  • fix crash when switching monitors
  • fix use-after-free in randr_init error path
  • fix move accidentally moving windows across outputs
  • fix crash when floating window is tiled while being resized
  • fix out-of-bounds memory read
  • fix memory leak when config conversion fails
  • fix layout toggle split, which didn’t work until enabling tabbed/stack mode
    once
  • move XCB event handling into xcb_prepare_cb
  • avert endless loop on unexpected EOF in ipc messages
  • perform proper cleanup for signals with Term action
  • don’t match containers in the scratchpad with criteria
  • fix “workspace show” related issues
  • fix config file conversion with long variable names
  • fix config file conversion memory initialization
  • prevent access of freed workspace in _workspace_show
  • disable fullscreen when required when programmatically focusing windows
  • free last_motion_notify
  • don’t raise floating windows when focused because of focus_follows_mouse
  • correctly set EWMH atoms when closing a workspace
  • don’t raise floating windows when workspace is shown
  • keep focus order when encapsulating workspaces
  • validate layout files before loading

┌────────────────────────────┐
│ Changes in i3 v4.14.1      │
└────────────────────────────┘

  • docs/hacking-howto: promote contributing-related sections
  • docs/ipc: tree reply: document focus, nodes and floating_nodes
  • docs/ipc: urgent: complete the list of container types
  • docs/ipc: document how to detect i3’s byte order in memory-safe languages
  • docs/ipc: document the (existing since v4.14) GET_CONFIG request
  • docs/userguide: document that i3 can accept RandR output names
  • include AnyEvent-I3 in dist tarballs
  • append_layout: validate JSON before loading
  • move: fix erratic behavior with single container child jumping outputs
  • ipc: rename COMMAND to RUN_COMMAND for consistency
  • replace http:// with https:// where applicable

┌────────────────────────────┐
│ Bugfixes                  │
└────────────────────────────┘

  • fix various memory errors
  • fix output and tray_output related issues with RandR 1.5
  • avoid use of uninitialized in init_dpi_end
  • properly initialize sigaction struct
  • swap: invert condition to log debug message in correct situation
  • swap: fix crash on invalid container id
  • fix a crash when restarting with marks
  • i3bar: fix a memory leak
  • test workers: re-seed random number generator after fork
  • tests: run environment-modifying 533-randr15.t at the very end
  • tests: unflake t/257-keypress-group1-fallback.t
  • tests: unflake t/263-edge-borders.t
  • tests: unflake tests by not starting i3bar
  • fix a crash with configfiles which do not end in a newline.
  • append_layout: free incomplete containers when JSON parsing fails
  • layout toggle: fix crash with invalid parameters
  • outputs: avert crash by fixing focus when creating output containers
  • correctly raise floating videos to the top when switching between windows
    programmatically
  • fix crash when a floating window is tiled while being resized via mouse

┌────────────────────────────┐
│ Changes in i3 v4.14        │
└────────────────────────────┘

  • build: link libiconv explicitly for systems which need it
  • build: move AnyEvent-I3 into the i3 repository
  • docs/hacking-howto: add compilation instructions
  • docs/ipc: add missing cases to the workspace event
  • docs/ipc: document the “primary” field of the OUTPUTS reply
  • docs/ipc: replace Go IPC library with a maintained one
  • docs/ipc: add link to the ocaml-i3ipc library
  • docs/ipc: fix invalid trailing commas in JSON examples
  • docs/layout-saving: add section about troubleshooting window titles
  • docs/testsuite: update for the move to autotools
  • docs/userguide: clarify the move command syntax
  • docs/userguide: correct “Esc” to “Escape”
  • docs/userguide: clarify focus_follows_mouse behavior
  • docs/userguide: expand on combining “workspace number” with a name
  • docs/userguide: mention the magic v4 config marker
  • man/i3.man: correct configuration lookup order
  • i3bar, i3-config-wizard, i3-nagbar: use the Xft.dpi setting (see 4.13 notes)
  • i3bar: restart bar status command on reload if it changed
  • i3bar: treat left/right scrolling like up/down scrolling
  • i3bar: accept “primary” in the “output” configuration directive
  • i3-input: do not set input focus, grabbing the keyboard suffices
  • i3-msg: return an exit code when missing the -t argument
  • i3-sensible-editor: correct “mc-edit” to “mcedit”
  • i3-sensible-terminal: add lilyterm, tilix, terminix, konsole
  • respect SYSCONFDIR when looking for the default xdg directory
  • use RandR 1.5 to query screens, supporting the TILE property commonly used
    by multi-stream transport (MST) monitors, such as first-gen 4K monitors, or
    current 5K and 8K monitors
  • respect minimum size hints for floating windows
  • support the _NET_MOVERESIZE_WINDOW client message (for e.g. wmctrl)
  • validate binding modes are not defined more than once
  • only react to the last ExposeEvent in a series of events
  • add the shutdown IPC event (upon “restart” or “exit”)
  • treat left/right scrolling like up/down scrolling (on window titles)
  • make the “layout toggle” command optionally take a sequence of layouts
  • introduce --exclude-titlebar flag for mouse bindings
  • introduce the “swap” command
  • support the primary output in the “focus” and “move” commands
  • compare keybinding modifiers for equality, not subset
  • introduce the GET_CONFIG ipc request (i3-msg -t get_config)
  • start i3-nagbar when encountering invalid set statements
  • focus windows upon ConfigureWindow requests with stack-mode=Above

┌────────────────────────────┐
│ Bugfixes                  │
└────────────────────────────┘

  • i3bar: correct the color codes used for statusline errors
  • i3bar: avoid freeze after VisibilityNotify
  • i3-dmenu-desktop: fix quoted command names
  • i3-dmenu-desktop: avoid adding items multiple times
  • fix various X11 resource leaks, memory leaks and memory errors
  • fix IPC success reply for the workspace command
  • report errors during logfile creation
  • fix the signal handler being blank
  • display marks and the title even if the title is empty (for title_format)
  • fix changing workspace layout from stacked/tabbed for empty workspaces
  • add numlock fallback to “bindcode” where necessary
  • fix a crash on restart when using marks
  • fix renaming workspaces when the new name starts with “to”
  • respect dont_warp flag when moving containers

(jperkin)