doc/TODO: add some

+ MesaLib-23.3.0, enchant2-2.6.3, grpc-1.60.0, jasper-4.1.1,
  khard-0.19.1, libcares-1.23.0, liblangtag-0.6.7, mupdf-1.23.7,
  nickle-2.95, poppler-23.12.0, py-bitstring-4.1.4, py-borgbackup-1.2.7,
  py-click-aliases-1.0.4, py-cyclonedx-python-lib-5.2.0,
  py-fonttools-4.46.0, py-google-api-python-client-2.109.0,
  py-google-auth-2.24.0, py-importlib-metadata-6.9.0,
  py-license-expression-30.2.0, py-maturin-1.4.0, py-olefile-0.47,
  py-pillow_heif-0.14.0, py-pygls-1.2.1, py-serializable-0.16.0,
  py-virtualenv-20.25.0, tree-sitter-css-0.20.0.

(wiz)

mk: add another path for builtin pkg-config files, for RHEL derivatives

(tnn)

Note update of security/opendnssec2 to 2.1.13.

(he)

security/opendnssec2: update to version 2.1.13.

Pkgsrc changes:
* Checksums, reset PKGREVISION.

Upstream changes:

OpenDNSSEC 2.1.13 - 2023-06-26

* Emit warning when using ods-kaspcheck for RFC 5155
* Fix concurrent usage of command line.
* When using "keep" soa numbering policy mode and the input zone isn't
  available, change from exponential back-off to retry upon next resign
  interval and only emit a warning, unless this occurs a second time.

(he)

openjdk21: add missing PLIST bits for x11 and debug options

(tnn)

Fix crash on BSD when concurrency > 1

Add check for getaddrinfo() for non __GLIBC__ systems, rather than
falling back to mixing gethostbyname() with threads

OK'd by $MAINTAINER, bump PKGREVISION

(abs)

openjdk21: add PKG_OPTION for bundled zlib and suggest on NetBSD <10

jlink(1) produces corrupt binaries when compiled against system
zlib-1.2.10 as found on NetBSD 9. System zlib-1.2.13 works OK.

TODO revbump after bootstrap regen

(tnn)

doc: Updated sysutils/dua-cli to 2.21.0

(pin)

sysutils/dua-cli: update to 2.21.0

2.21.0 (2023-12-06)
New Features
- With a single path provided as root, pretend it's the current working dir
  This makes it seem like the user started the directory walk directly in the
  given directory, which is more intuitive than the previous approach only
  showed the given directory as top-level directory.

  Note that this change only affects invocations like dua <dir> or dua i <dir>.

- press m to sort by modification date, ascending and descending.

Bug Fixes
- slightly faster (0.5ms) startup times of the binary on MacOS and maybe Linux.

(pin)

Pullup ticket #6822 - requested by bsiegert
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump

Revisions pulled up:
- lang/go/version.mk                                            1.194
- lang/go120/PLIST                                              1.10
- lang/go120/distinfo                                          1.12
- lang/go121/PLIST                                              1.4
- lang/go121/distinfo                                          1.4
- audio/gospt/Makefile                      by patch
- audio/ymuse/Makefile                      by patch
- chat/coyim/Makefile                        by patch
- chat/gomuks/Makefile                      by patch
- chat/matterircd/Makefile                  by patch
- chat/senpai/Makefile                      by patch
- chat/ssh-chat/Makefile                    by patch
- databases/go-ldap/Makefile                by patch
- databases/influxdb/Makefile                by patch
- databases/mongo-tools/Makefile            by patch
- databases/mysqld_exporter/Makefile        by patch
- databases/postgres_exporter/Makefile      by patch
- databases/prometheus/Makefile              by patch
- databases/promscale/Makefile              by patch
- databases/sqlc/Makefile                    by patch
- databases/timescaledb-tune/Makefile        by patch
- devel/asmfmt/Makefile                      by patch
- devel/conftest/Makefile                    by patch
- devel/errcheck/Makefile                    by patch
- devel/fq/Makefile                          by patch
- devel/git-lfs/Makefile                    by patch
- devel/go-ed25519/Makefile                  by patch
- devel/go-gocode/Makefile                  by patch
- devel/go-golang-lru/Makefile              by patch
- devel/go-gopkgs/Makefile                  by patch
- devel/go-goptlib/Makefile                  by patch
- devel/go-goreturns/Makefile                by patch
- devel/go-gox/Makefile                      by patch
- devel/go-impl/Makefile                    by patch
- devel/go-logrus/Makefile                  by patch
- devel/go-nbreader/Makefile                by patch
- devel/go-pty/Makefile                      by patch
- devel/go-review/Makefile                  by patch
- devel/go-siphash/Makefile                  by patch
- devel/go-staticcheck/Makefile              by patch
- devel/go-swagger/Makefile                  by patch
- devel/go-sys/Makefile                      by patch
- devel/go-tools/Makefile                    by patch
- devel/go-wire/Makefile                    by patch
- devel/go-xerrors/Makefile                  by patch
- devel/golangci-lint/Makefile              by patch
- devel/golint/Makefile                      by patch
- devel/gomodifytags/Makefile                by patch
- devel/gopls/Makefile                      by patch
- devel/goredo/Makefile                      by patch
- devel/gotags/Makefile                      by patch
- devel/gotests/Makefile                    by patch
- devel/govulncheck/Makefile                by patch
- devel/lazygit/Makefile                    by patch
- devel/mob/Makefile                        by patch
- devel/nancy/Makefile                      by patch
- devel/opa/Makefile                        by patch
- devel/packr/Makefile                      by patch
- devel/reftools/Makefile                    by patch
- devel/regal/Makefile                      by patch
- devel/revive/Makefile                      by patch
- devel/shfmt/Makefile                      by patch
- devel/syft/Makefile                        by patch
- editors/micro/Makefile                    by patch
- filesystems/kubo/Makefile                  by patch
- graphics/gif2png/Makefile                  by patch
- lang/joker/Makefile                        by patch
- mail/opensmtpd-filter-rspamd/Makefile      by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile                  by patch
- misc/exercism/Makefile                    by patch
- net/amazon-ecs-cli/Makefile                by patch
- net/amfora/Makefile                        by patch
- net/bombadillo/Makefile                    by patch
- net/croc/Makefile                          by patch
- net/czds/Makefile                          by patch
- net/dnscontrol/Makefile                    by patch
- net/dnscrypt-proxy2/Makefile              by patch
- net/gh/Makefile                            by patch
- net/go-dnstap/Makefile                    by patch
- net/go-net/Makefile                        by patch
- net/go-websocket/Makefile                  by patch
- net/gunison/Makefile                      by patch
- net/gvproxy/Makefile                      by patch
- net/hub/Makefile                          by patch
- net/ipget/Makefile                        by patch
- net/kubectl/Makefile                      by patch
- net/libquic/Makefile                      by patch
- net/mangos/Makefile                        by patch
- net/nats-server/Makefile                  by patch
- net/obfs4proxy/Makefile                    by patch
- net/rclone/Makefile                        by patch
- net/stern/Makefile                        by patch
- net/syncthing/Makefile                    by patch
- net/terraform-provider-archive/Makefile    by patch
- net/terraform-provider-aws/Makefile        by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile      by patch
- net/terraform-provider-null/Makefile      by patch
- net/terraform-provider-random/Makefile    by patch
- net/terraform-provider-template/Makefile  by patch
- net/terraform-provider-vultr/Makefile      by patch
- net/terraform/Makefile                    by patch
- net/tut/Makefile                          by patch
- net/vultr-cli/Makefile                    by patch
- pkgtools/pkglint/Makefile                  by patch
- security/2fa/Makefile                      by patch
- security/age/Makefile                      by patch
- security/amass/Makefile                    by patch
- security/authelia/Makefile                by patch
- security/cfssl/Makefile                    by patch
- security/dnsx/Makefile                    by patch
- security/go-asn1-ber/Makefile              by patch
- security/go-crypto/Makefile                by patch
- security/go-getpass/Makefile              by patch
- security/go-mkcert/Makefile                by patch
- security/gopass/Makefile                  by patch
- security/httpx/Makefile                    by patch
- security/nuclei/Makefile                  by patch
- security/oauth2c/Makefile                  by patch
- security/osv-scanner/Makefile              by patch
- security/subfinder/Makefile                by patch
- security/tlsx/Makefile                    by patch
- security/trufflehog/Makefile              by patch
- security/vault/Makefile                    by patch
- shells/elvish/Makefile                    by patch
- shells/oh-my-posh/Makefile                by patch
- sysutils/beats/Makefile                    by patch
- sysutils/consul/Makefile                  by patch
- sysutils/direnv/Makefile                  by patch
- sysutils/fzf/Makefile                      by patch
- sysutils/goreman/Makefile                  by patch
- sysutils/lf/Makefile                      by patch
- sysutils/node_exporter/Makefile            by patch
- sysutils/packer/Makefile                  by patch
- sysutils/podman/Makefile                  by patch
- sysutils/restic/Makefile                  by patch
- sysutils/vultr/Makefile                    by patch
- textproc/glow/Makefile                    by patch
- textproc/go-kr-text/Makefile              by patch
- textproc/go-md2man/Makefile                by patch
- textproc/go-mmark/Makefile                by patch
- textproc/go-text/Makefile                  by patch
- textproc/miller/Makefile                  by patch
- textproc/sift/Makefile                    by patch
- www/apisprout/Makefile                    by patch
- www/caddy/Makefile                        by patch
- www/gitea/Makefile                        by patch
- www/go-ffuf/Makefile                      by patch
- www/go-minify/Makefile                    by patch
- www/gotosocial/Makefile                    by patch
- www/grafana/Makefile                      by patch
- www/hugo/Makefile                          by patch
- www/jira-cli/Makefile                      by patch
- www/mycorrhiza/Makefile                    by patch
- www/pup/Makefile                          by patch
- www/restish/Makefile                      by patch
- www/shoutrrr/Makefile                      by patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Fri Nov 10 15:39:34 UTC 2023

  Modified Files:
  pkgsrc/lang/go: version.mk
  pkgsrc/lang/go120: PLIST distinfo
  pkgsrc/lang/go121: PLIST distinfo

  Log Message:
  Update go120 to 1.20.11 and go121 to 1.21.4 (security).

  These minor releases include 2 security fixes following the security policy:

  - path/filepath: recognize \??\ as a Root Local Device path prefix.

    On Windows, a path beginning with \??\ is a Root Local Device path equivalent
    to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
    arbitrary locations on the system. For example, the path \??\c:\x is
    equivalent to the more common path c:\x.

    The filepath package did not recognize paths with a \??\ prefix as special.

    Clean could convert a rooted path such as \a\..\??\b into
    the root local device path \??\b. It will now convert this
    path into .\??\b.

    IsAbs did not report paths beginning with \??\ as absolute.
    It now does so.

    VolumeName now reports the \??\ prefix as a volume name.

    Join(`\`, `??`, `b`) could convert a seemingly innocent
    sequence of path elements into the root local device path
    \??\b. It will now convert this to \.\??\b.

    This is CVE-2023-45283 and https://go.dev/issue/63713.

  - path/filepath: recognize device names with trailing spaces and superscripts

    The IsLocal function did not correctly detect reserved names in some cases:

    reserved names followed by spaces, such as "COM1 ".
    "COM" or "LPT" followed by a superscript 1, 2, or 3.
    IsLocal now correctly reports these names as non-local.

    This is CVE-2023-45284 and https://go.dev/issue/63713.

  To generate a diff of this commit:
  cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo

(spz)

apache moved to a cdn and stopped using its download mirrors. see https://www.apache.org/mirrors. clean-up.

(zafer)

remove defunct mirror

(zafer)

doc: Added games/chess-tui version 1.0.1

(pin)

Add chess-tui

(pin)

games/chess-tui: import package

Chess TUI implementation in rust.

(pin)

doc: Updated graphics/oculante to 0.8.2

(pin)

graphics/oculante: update t0 0.8.2

0.8.2 (2023-12-04)
��š Bug Fixes
- Mac universal binary fixes, enable heif on Apple silicon (5f234fd9)

(pin)

doc: Updated shells/oh-my-posh to 19.2.0

(pin)

shells/oh-my-posh: update to 19.2.0

Features
- template: add readFile (5493ddb), closes #4518

(pin)

doc/TODO: + curl-8.5.0.

(wiz)

doc: more vulns for curl, webkit-gtk, go

(wiz)

doc: Updated x11/libdrm to 2.4.118nb1

(wiz)

libdrm: install man pages

Requested by Thierry LARONDE in PR 57755.

Bump PKGREVISION.

(wiz)

doc: Updated cad/klayout to 0.28.13

(mef)

(cad/klayout) Updated to 0.28.13

0.28.13          (2023-11-20):
* Bugfix: %GITHUB%/issues/1534 Layout::dup does not copy properties
* Bugfix: %GITHUB%/issues/1533 KLayout crashing with two consecutive calls of the same LayoutView::show_layout command
* Bugfix: %GITHUB%/issues/1532 DRC checks give incorrect results in deep mode with magnified instances
* Enhancement: %GITHUB%/issues/1527 Marker Database Browser: add context menu to Info widget
* Bugfix: %GITHUB%/issues/1522 Changing ruler/annotation from script weirdly interferes with pya.Application.commit_config
* Enhancement: %GITHUB%/issues/1514 Package manager: Support for Git-hosted packages
* Bugfix: %GITHUB%/issues/1512 "get_image" of LayoutView should also work on inactive views
* Bugfix: %GITHUB%/issues/1511 Typo
* Enhancement: %GITHUB%/issues/1510 Cross hair cursor
* Bugfix: %GITHUB%/issues/1503 Import LEF/DEF - LEF files given in list are ignored for DEF import
* Bugfix: %GITHUB%/issues/1499 strm2oas: support LAYER <layername> TYPE OVERLAP ; for L-shaped abstracts
* Bugfix: %GITHUB%/issues/1486 Invalid error "Some macros are configured to run automatically" when changing reader options
* Bugfix: %GITHUB%/issues/1485 Incorrectly set output cell name if using DRC::cell
* Bugfix: %GITHUB%/issues/1482 Strict mode oasis should write the S_CELL_OFFSET into the CELLNAME table
* Bugfix: %GITHUB%/issues/885 Must-connect checks in LVS
* Bugfix: -without-qt builds did not include DRC or LVS
* Enhancement: Added Layout#error_layer
* Enhancement: Option -k for copying log to a file
* Enhancement: Editor option to control snapping to grid while moving
  This controls whether objects are snapped to grid (on) or moved in grid
  increments (off)

(mef)

www/php-apcu: Actually add patch

(gdt)

www/php-apcu: Patch more printf specifiers caught on earmv7hf-el

  - Cast time_t to intmax_t.
  - Upstream zend actually defines PRI macros for zend_long; use them.
  - Include upstream bug report URL.

(gdt)

doc: Updated shells/oksh to 7.4

(gdt)

shells/oksh: Update oksh to 7.4

- Remove broken special handling of test -t
- consistently escape control characters when displaying file name
  completions, even when there are multiple matches
- added kefir compiler support

(gdt)

pkgtools/mksandbox - update to version 1.11

+ Don't allow mounting of already mounted sandboxes, or unmounting of
unmounted sandboxes.

+ Also, add an extra "ismounted" case label to be able to tell if a
sandbox is mounted. A df(1) invocation should continue to work just
as well :)

No objections on tech-pkg@

Addresses the first part of PR pkg/51992 from Paul Goyette

(agc)

shared-mime-info update

(markd)

shared-mime-info: update to 2.4

shared-mime-info 2.4 (2023-11-12)

* Restore mimetype name for *.bz2 and *.tar.bz2
* Improve detection of application/mac-binhex40
* Add application/x-msdownload and subtypes
* Add Windows app store types
* Give Windows Installer packages the package icon
* Lower priority for text/x-mpsub's magic, so it doesn't match pcb-drillFile.drl
* Add application/x-powershell
* Add application/wasm
* Change comment of text/x-mpsub
* Change comment of text/x-mpl2
* Add text/x-component
* Give higher priority to the more specific image/apng magic
* Recognize *.jfif as image/jpeg
* Add application/its+xml
* Add text/x-vb
* Add text/x-basic
* Add new group "chemical" in update-mime-database
* Add mimetype for Protein Data Bank (pdb) files
* Remove too generic magic from application/x-pak
* Add application/json5
* Add text/vbscript.encode
* Add text/jscript.encode
* Add text/jscript as synonym of text/javascript
* Fix backwards relationship between text/javascript and application/ecmascript
* Add application/vnd.cups-ppd
* Add application/x-ms-shortcut
* Give application/x-mswinurl the link icon
Build:
* Fix missing sentinel warning with clang
* Fix false positive fdatasync detection on darwin
* Fix string literal concatenation

shared-mime-info 2.3 (2023-10-07)

* Make update-mime-database compatible with MSVC (by porting it to C++)
* Remove "##" magic for matlab files
* Add application/x-ms-pdb
* Identify .pdb files without a signature match as application/vnd.palm
* text/vnd.familysearch.gedcom: use IANA registered type
* application/vnd.dbf: use IANA registered type
* application/vnd.dart: use IANA registered type
* application/yaml: use IANA registered type
* Update application/sieve.
* Updated to latest xdgmime
* Add subclass information for .ppt and .xls
* Add application/x-bzip3
* Add application/x-bzip for bzip2's deprecated predecessor bzip
* Rename application/x-bzip to application/x-bzip2
* add tiled map editor map and tileset files
* Add image/apng
* Lengthen image/png magic
* Add JPEG XR mime type
* Add Gerber and Excellon drill files
* Bump magic priority for application/ovf
* Fix description for audio/x-xi
* Add Portable Font Resource application/font-tdpfr.
* Add mimetype application/x-lmdb
* Add definition and test file for StuffIt X archives.
* spec: Clarify that namespaceURI can be empty
* Add application/vnd.ms-officetheme
* Add mime type for Typst files
* Add text/x-nim and text/x-nimscript
* Don't install man page on Windows
* Improve matching for message/rfc822
* Add mimetype for Blueprint source code
* buildsystem - add options for building tests and translations
* Give application/x-raw-floppy-disk-image the floppy media icon
* Give generic optical disk images the optical media icon
* Make application/vnd.squashfs a subclass of application/vnd.efi.img
* Prefer application/vnd.efi.img over application/x-raw-disk-image
* Prefer application/vnd.efi.iso over application/x-cd-image
* Avoid meson errors when 'build-tools' is set to false
* Add DOS/Windows batch file type
* Add application/vnd.microsoft.windows.thumbnail-cache
* Add application/x-fishscript and application/x-nuscript
* Add perf data file type
* use Sentence case for mime type descriptions
* Revert "use Title Case for mime type description"
* Add todo.txt mime type
* Prefer video/vnd.avi over video/x-msvideo
* Prefer audio/vnd.wave over audio/x-wav
* Add mimetype for ERIS link files
* Add mimetype for CBOR
* Add support for newer AAXC Audible Audiobook format
* ci: Use ci-templates to build image
* Add Modrinth modpack
* Add application/x-zpaq
* CI: Use dnf5 instead of dnf
* use Title Case for mime type description
* Add mimetype for Quite OK Image Format (QOI)
* ci: Use detached pipelines
* Add OpenVPN profile
* Prefer application/java-archive to application/x-java-archive
* icons for 3d model formats
* Make application/pgp-* not inherit from text/plain
* Add text/julia for Julia source code
* application/javascript: Rename to text/javascript
* Change descriptions to say LibreOffice rather than OpenOffice
* Add TAK audio mime type
* video/vnd.youtube.yt: add magic
* video/vnd.youtube.yt: use IANA registered type
* text/markdown: add x-office-document generic-icon
* Add two new languages
* audio/x-wav: Add missing sub-class relationship with application/x-riff
* Add mimetype for Flattened Devicetree (binary)
* Add mimetype for Devicetree source code

(markd)

Revbump all Go packages after go121 update

(bsiegert)

doc: Updated lang/perl5 to 5.38.2

(wiz)

perl: update to 5.38.2.

This document describes differences between the 5.38.0 release and the 5.38.2
release.  B<Please note:> This document ignores Perl 5.38.1, a broken release
which existed for a couple of days only.

Security

This release fixes the following security issues.

CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property

This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.

A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.

CVE-2023-47039 - Perl for Windows binary hijacking vulnerability

This vulnerability was reported to the Intel Product Security Incident
Response Team (PSIRT) by GitHub user ycdxsb
L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
reported it to the Perl security team.

Perl for Windows relies on the system path environment variable to
find the shell (C<cmd.exe>). When running an executable which uses
Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
within the operating system. However, due to path search order issues,
Perl initially looks for cmd.exe in the current working directory.

An attacker with limited privileges can exploit this behavior by
placing C<cmd.exe> in locations with weak permissions, such as
C<C:\ProgramData>. By doing so, when an administrator attempts to use
this executable from these compromised locations, arbitrary code can
be executed.

(wiz)

doc: Updated lang/go121 to 1.21.5

(bsiegert)

go121: update to 1.21.5 (security)

This minor release includes 3 security fixes following the security policy:

- net/http: limit chunked data overhead

  A malicious HTTP sender can use chunk extensions to cause a receiver reading
  from a request or response body to read many more bytes from the network than
  are in the body.

  A malicious HTTP client can further exploit this to cause a server to
  automatically read a large amount of data (up to about 1GiB) when a handler
  fails to read the entire body of a request.

  Chunk extensions are a little-used HTTP feature which permit including
  additional metadata in a request or response body sent using the chunked
  encoding. The net/http chunked encoding reader discards this metadata. A
  sender can exploit this by inserting a large metadata segment with each byte
  transferred. The chunk reader now produces an error if the ratio of real body
  to encoded bytes grows too small.

  Thanks to Bartek Nowotarski for reporting this issue.
  This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.

- cmd/go: go get may unexpectedly fallback to insecure git

  Using go get to fetch a module with the ".git" suffix may unexpectedly
  fallback to the insecure "git://" protocol if the module is unavailable via
  the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not
  set for said module. This only affects users who are not using the module
  proxy and are fetching modules directly (i.e. GOPROXY=off).

  Thanks to David Leadbeater for reporting this issue.
  This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.

- path/filepath: retain trailing \ when cleaning paths like \\?\c:\

  Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume
  name in Windows paths starting with \\?\, resulting in
  filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other
  effects). The previous behavior has been restored.

  This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.

(bsiegert)

doc: Updated lang/go120 to 1.20.12

(bsiegert)

go120: update to 1.20.12 (security)

This minor release includes 3 security fixes following the security policy:

- net/http: limit chunked data overhead

  A malicious HTTP sender can use chunk extensions to cause a receiver reading
  from a request or response body to read many more bytes from the network than
  are in the body.

  A malicious HTTP client can further exploit this to cause a server to
  automatically read a large amount of data (up to about 1GiB) when a handler
  fails to read the entire body of a request.

  Chunk extensions are a little-used HTTP feature which permit including
  additional metadata in a request or response body sent using the chunked
  encoding. The net/http chunked encoding reader discards this metadata. A
  sender can exploit this by inserting a large metadata segment with each byte
  transferred. The chunk reader now produces an error if the ratio of real body
  to encoded bytes grows too small.

  Thanks to Bartek Nowotarski for reporting this issue.
  This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.

- cmd/go: go get may unexpectedly fallback to insecure git

  Using go get to fetch a module with the ".git" suffix may unexpectedly
  fallback to the insecure "git://" protocol if the module is unavailable via
  the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not
  set for said module. This only affects users who are not using the module
  proxy and are fetching modules directly (i.e. GOPROXY=off).

  Thanks to David Leadbeater for reporting this issue.
  This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.

- path/filepath: retain trailing \ when cleaning paths like \\?\c:\

  Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume
  name in Windows paths starting with \\?\, resulting in
  filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other
  effects). The previous behavior has been restored.

  This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.

(bsiegert)

Updated multimedia/mkvtoolnix, security/easy-rsa

(adam)

easy-rsa: updated to 3.1.7

3.1.7 (2023-10-13)

Rewrite vars-auto-detect, adhere to EasyRSA-Advanced.md
Under the hood, this is a considerable change but there are no user
noticable differences. With the exception of:
Caveat: The default '$PWD/pki/vars' file is forbidden to change either
EASYRSA or EASYRSA_PKI, which are both implied by default.
EasyRSA-Advanced.md: Correct vars-auto-detect hierarchy
Commit: ecd6506
EASYRSA/vars is moved to a higher priority than a default PKI.
vars-auto-detect no longer searches 'easyrsa' program directory.
gen-crl: preserve existing crl.pem ownership+mode
New command: make-vars - Print vars.example (here-doc) to stdout
show-expire: Calculate cert. expire seconds from DB date
Update OpenSSL to 3.1.2

(adam)

mkvtoolnix: updated to 81.0

Version 81.0 "Milliontown" 2023-12-02

New features and enhancements

* mkvmerge: MPEG transport stream reader: HEVC/H.265: added support for
reading single-layer Dolby Vision from Annex B type bitstream read from MPEG
transport streams.
* mkvmerge: MPEG transport stream reader, HEVC/H.265 elementary stream reader:
added support for reading dual-layer Dolby Vision with both the base &
enhancement layers in the same track from Annex B type bitstreams in MPEG
transport files & elementary stream files.
* mkvmerge: MPEG transport stream reader: HEVC/H.265: implemented combining
dual-layer Dolby Vision with base & enhancement layers in different
tracks.
* MKVToolNix GUI: multiplexer: added a new option in the preferences for
always enabling 'forced' subtitle tracks. A subtitle track is considered to
be 'forced' if: the corresponding property is set in the source file; the
track's name contains the word 'forced' (in English); deriving the 'forced
display' flag from file names is active & the file name matches the
corresponding pattern. The option is disabled by default.
* MKVToolNix GUI: multiplexer: the functionality for detecting file name
sequences when adding files can now recognize the patterns used by GoPro's
cameras for chaptered video files.
* xyzvc_dump: the end position of the current NALU will be output in
non-portable format as well.
* xyzvc_dump: HEVC: the tool will now also output the inner NALU type of Dolby
Vision NALUs (`unspec62` and `unspec63`).

Bug fixes

* mkvmerge: when the user requests processing be stopped after the video ends
`mkvmerge` will now take appending files into account properly. It won't
stop processing unconditionally after the first file ends anymore.
* mkvmerge: AV1 handling in readers: the readers will now provide the pixel
dimensions to the AV1 packetizer as early as possible, just like for other
video packetizers. That way the pixel dimensions are available for
calculating the display dimensions when command-line options such as
`--aspect-ratio` & `--aspect-ratio-factor` are used. Before the change the
calculation was done based on initial pixel dimension values of 0x0,
resulting in display dimensions of 0x0, too.
* mkvmerge: HEVC/H.265 packetizer: when reading & appending HEVC/H.265 from
Matroska, MP4/MOV or FLV files the first frame of all the appended files was
sometimes dropped, resulting in broken video at the point where video is
appended.
* mkvmerge: MPEG transport stream reader: when reading MPEG transport streams
from Blu-rays the four-byte long `TP_extra_header` structure in front of the
transport packets are now skipped properly. Before the fix a stray byte with
value of `0x47` inside that `TP_extra_header` structure could have thrown
off the detection of where the transport packets start, leading to mkvmerge
dropping a few audio and/or video frames at the start of the file.
* mkvextract: AAC extractor: when an invalid program config element in the
GA-specific config element is encountered, the program config element will
be disregarded, which avoids mkvextract aborting with an exception.
* xyzvc_dump: fixed the tool aborting with an exception when the last NALU in
an Annex B type file was shorter than four bytes.

Other changes

* AVC & HEVC dumper development tool: the tool has been renamed from
`xvc_dump` to `xyzvc_dump` as `xvc` is an abbreviation for an existing video
codec (Extreme Video Coding), and the tool has nothing to do with that
codec.

(adam)

Updated net/py-zmq, devel/py-test-runner

(adam)

py-test-runner: updated to 6.0.1

v6.0.1

* Updated Trove classifier to indicate this project is inactive.

(adam)

py-zmq: updated to 25.1.2

25.1.2

- Fix builds with some recent compilers and bundled libzmq
- Fix builds with upcoming Cython 3.1

(adam)

Updated sysutils/ansible-core, textproc/utf8-cpp

(adam)

utf8-cpp: updated to 4.0.3

Release 4.0.3

A minor release that fixes an issue with CMakeLists.txt

(adam)

ansible-core: updated to 2.16.1

v2.16.1
=======

Breaking Changes / Porting Guide
--------------------------------

- assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.

Security Fixes
--------------

- templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)

Bugfixes
--------

- Fix issue where an ``include_tasks`` handler in a role was not able to locate a file in ``tasks/`` when ``tasks_from`` was used as a role entry point and ``main.yml`` was not present (https://github.com/ansible/ansible/issues/82241)
- Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
- Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
- ansible-pull now will expand relative paths for the ``-d|--directory`` option is now expanded before use.
- ansible-pull will now correctly handle become and connection password file options for ansible-playbook.
- flush_handlers - properly handle a handler failure in a nested block when ``force_handlers`` is set (http://github.com/ansible/ansible/issues/81532)
- module no_log will no longer affect top level booleans, for example ``no_log_module_parameter='a'`` will no longer hide ``changed=False`` as a 'no log value' (matches 'a').
- role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
- wait_for should not handle 'non mmapable files' again.

(adam)

Updated devel/py-freezegun, devel/py-test-asyncio

(adam)

py-test-asyncio: updated to 0.23.2

0.23.2 (2023-12-04)
===================
- Fixes a bug that caused an internal pytest error when collecting .txt files

0.23.1 (2023-12-03)
===================
- Fixes a bug that caused an internal pytest error when using module-level skips

0.23.0 (2023-12-03)
===================
This release is backwards-compatible with v0.21.
Changes are non-breaking, unless you upgrade from v0.22.

- BREAKING: The *asyncio_event_loop* mark has been removed. Event loops with class, module, package, and session scopes can be requested via the *scope* keyword argument to the _asyncio_ mark.
- Introduces the *event_loop_policy* fixture which allows testing with non-default or multiple event loops
- Introduces ``pytest_asyncio.is_async_test`` which returns whether a test item is managed by pytest-asyncio
- Removes and *pytest-trio,* *mypy,* and *flaky* from the test dependencies

0.22.0 (2023-10-31)
===================
This release has been yanked from PyPI due to fundamental issues with the _asyncio_event_loop_ mark.

- Class-scoped and module-scoped event loops can be requested
  via the _asyncio_event_loop_ mark.
- Deprecate redefinition of the `event_loop` fixture.
  Users requiring a class-scoped or module-scoped asyncio event loop for their tests
  should mark the corresponding class or module with `asyncio_event_loop`.
- Test items based on asynchronous generators always exit with *xfail* status and emit a warning during the collection phase. This behavior is consistent with synchronous yield tests.
- Remove support for Python 3.7
- Declare support for Python 3.12

(adam)

py-freezegun: updated to 1.3.1

1.3.1

Increase version number

(adam)

doc: Added mail/smtp-delay version 0.20

(schmonz)

Add and enable smtp-delay.

(schmonz)

Add smtp-delay: Introduce SMTP banner delays for qmail

This little number can be used to introduce smtp banner delays for
qmail. When run between tcpserver and rblsmtpd, it'll do a reverse
lookup of the connecting IP, compare that PTR to a regex, and then apply
long banner delays if there was no PTR or if the PTR matches the
"dialup" regex. The program depends on the fact that tcpserver will set
TCPREMOTEIP, and will take advantage of TCPREMOTEHOST if it's set. If
the client tries to pipeline (ram SMTP commands down our throat before
we show them an SMTP banner), RBLSMTPD is set, notifying rblsmtpd to
refuse their mail.

(schmonz)

greetdelay: use archive.org'd HOMEPAGE.

(schmonz)

doc: Added chat/twitch-tui version 2.6.1

(schmonz)

Add and enable twitch-tui.

(schmonz)

Add twitch-tui: Twitch chat in the terminal

Twitch chat in the terminal. Feature list:

- Read/send/search messages
- Switch channels
- Create and toggle filters
- Command, channel, and mention suggestions
- Customize functionality and looks to your liking using a config file

(schmonz)

doc: pkg-vulnerabilities: samba4, py-cryptography, perl

(wiz)

musicpd: Make mpd.sh working with pkgtools/rc.subr in unprivileged

(triaxx)

doc/TODO: add some, remove some updated ones

+ blas-3.12.0, faad2-2.11.1, gettext-lib-0.22.4, khard-0.19.0,
  libheif-1.17.5, liblangtag-0.6.5, libusb-compat-0.1.8, llvm-17.0.6
  [wip], meson-1.3.0, mpv-0.37.0, mujs-1.3.4, py-fonttools-4.45.1,
  py-gi-docgen-2023.3, py-mercurial-6.6, scons4-4.6.0, unrar-7.0.4.
- akonadi-16.08.1, blender-lts-3.3, kdenlive-23.04, kdevelop-5.6,
  konversation-1.7.7, llvm-17.0.5 [wip], mdd-20201207, p5-Pod-POM-Web-1.24,
  parley-20.12.3, sbcl-2.3.5.

(wiz)

Note update of security/opendnssec2 to 2.1.12nb7.

(he)

security/opendnssec2: Work around a concurrency error + two cosmetic fixes.

* Adopt the suggested patch from
  https://issues.opendnssec.org/browse/SUPPORT-278
  for what looks like a concurrency error in interfacing
  to the HSM module.
* Give correct upper-case/lower-case hint if command
  is not configured in the error message.
* Be a bit more verbose about which zone isn't found if
  indeed it isn't found.

Bump PKGREVISION.

(he)

doc: Updated sysutils/broot to 1.30.0

(pin)

sysutils/broot: update to 1.30.0

v1.30.0 - 2023-12-03
- :trash internal - I'd like feedback on this one - Fix #799
- solve symlinks on :panel_right to display the dest path and the dest
  filesystem - Fix #804
- :panel_right on a directory now removes the filter
- more '~' expansion in verb arguments

(pin)

Updated x11/py-qt6, misc/py-platformdirs

(adam)

py-platformdirs: updated to 4.1.0

4.1.0

Update changelog for 4.0.0
docs: fix Linux user_log_dir example in README
Drop support for EOL Python 3.7

(adam)

py-qt6: updatd to 6.6.1

PyQt v6.6.1 has been released. This is a minor bug-fix release.

(adam)

doc: Updated net/get_iplayer to 3.34

(prlw1)

Update get_iplayer to 3.34

Many bug fixes, for instance:

Fixed a bug that produced audio-only downloads for some programmes
when FHD quality was requested but no 1080p video was available.

Full list at:
https://github.com/get-iplayer/get_iplayer/wiki/release330to339#release334

(prlw1)

Updated www/py-django, devel/py-bitarray

(adam)

py-bitarray: updated to 2.8.4

2.8.4 (2023-12-04):

simplify copy_n() (remove special cases)
add word shift example C program, and simplify shift_r8()
improve documentation and testing
add roadmap

(adam)

py-django: updated to 4.2.8

Django 4.2.8 fixes several bugs in 4.2.7 and adds compatibility with Python 3.12.

Bugfixes

Fixed a regression in Django 4.2 that caused makemigrations --check to stop displaying pending migrations
Fixed a regression in Django 4.2 that caused a crash of QuerySet.aggregate() with aggregates referencing other aggregates or window functions through conditional expressions
Fixed a regression in Django 4.2 that caused a crash when annotating a QuerySet with a Window expressions composed of a partition_by clause mixing field types and aggregation expressions
Fixed a regression in Django 4.2 where the admin窶冱 change list page had misaligned pagination links and inputs when using list_editable
Fixed a regression in Django 4.2 where checkboxes in the admin would be centered on narrower screen widths
Fixed a regression in Django 4.2 that caused a crash of querysets with aggregations on MariaDB when the ONLY_FULL_GROUP_BY SQL mode was enabled
Fixed a regression in Django 4.2 where the admin窶冱 read-only password widget and some help texts were incorrectly aligned at tablet widths
Fixed a regression in Django 4.2 that caused a migration crash on SQLite when altering unsupported Meta.db_table_comment

(adam)

graphics/lcms2: Update to 2.16

Upstream NEWS:

  New: import .CUBE files as RGB device links
  New: Read/Write MHC2 tags for Windows GPU access
  New: Support for UTF8 on multi-localized Unicode functions
  New: Support for OkLab color space, built-in and formatter.
  Improved: floating point transforms float -> integers are now
    honored as float
  Improved: MSYS2, mingw is now supported
  Improved: preferred CMM, platform and creator now survive profile
    edition.
  Fixed: tificc now can deal with Lab TIFF
  Fixed: code can now be compiled by a C++17 compiler, "register"
    keywork use is detected at compile time.
  Fixed: Reverted PostScript creation that corrupted some interpreters.
  Bug fixing & security enhancements

(gdt)

print/cups-drivers-Magicolor5440DL: Set LICENSE and warn about non-maintenance

(The upstream version is 16 years old.)

(gdt)

graphic/lcms*: Explain versions and maintenance status

(gdt)

gmime3: libgpg-error is not a build-only dependency.

Fixes indirect library checks.

(jperkin)

protobuf-c: Restore section removed in last update.

Without this the build fails with "google/protobuf/descriptor.proto: File not
found.".  It's unclear how this could work for some and not others.

(jperkin)

doc: Updated meta-pkgs/mate to 1.26.1nb5

(gutteridge)

mate: bump for mate-panel 1.26.4.

(gutteridge)

ocaml-dune: SunOS build fix.

(jperkin)

doc: Updated x11/mate-panel to 1.26.4

(gutteridge)

mate-panel: update to 1.26.4

### mate-panel 1.26.4

  * update translations
  * wnck-pager: Fix workspace switcher aspect ratio
  * libmate-panel-applet: Fix build with gettext 0.22
  * status-notifier: Show AttentionIcon when Status is NeedsAttention
  * status-notifier: fix typo
  * notification-area: stop warning on removal

(gutteridge)

clean-up defunct mirrors

(zafer)

remove defunct mirror

(zafer)

c-icap: Export pcre option correctly.

(jperkin)

py-matplotlib: Add missing part of previous fix.

(jperkin)

xindy: Work around clisp ignoring buildlink.

(jperkin)

Updated lang/nodejs, devel/py-freezegun

(adam)

py-freezegun: updated to 1.3.0

1.3.0

* Fixed `asyncio` support to avoid `await asyncio.sleep(1)` hanging forever.
* Added support for Python 3.12

(adam)

nodejs: updated to 21.3.0

Version 21.3.0 (Current)

New --disable-warning flag
Update Root Certificates to NSS 3.95
Fast fs.writeFileSync with UTF-8 Strings

(adam)

doc: Updated graphics/oculante to 0.8.1

(pin)

graphics/oculante: update to 0.8.1

0.8.1 (2023-12-03)
�洙ｲ Bug Fixes
- restore accent color on startup (5fa1c778)

笨ｨ Features
- Zoom multiplier and min size (ecec7bf2)
- Allow configuring magnification filter (a513a083)
- File change detection (03a955f9)
- Support QOI format (bd32ac32)
- Add HEIF/HEIC decoding (79ee4f95)
- support rgb16 avif (6194c639)
- Add Hald CLUT support (51a88fe4)

�沚� Chore
- update avif (f3b35f43)
- update zune-png (ca615efc)
- update deps (cb299669)
- update self_update (319ccd6a)
- update dependencies (1e4038ec)
- update to notan 0.11 (c228b398)

(pin)