graphics/opencv: disable stupid extern "C" that broke NetBSD build

For no good reason, perhaps for ancient LAPACK headers, the wrapper header
puts the includes into extern "C". This causes some compilers to complain
because LAPACK headers do C++ stuff if they see a C++ compiler and then
add extern "C" themselves.

(thor)

fsviewer: Fix build by getting WINGs library flags via pkg-config
fsviewers build breaks because it can't find pango/pango.h
The WINGs library has the settings for this in its pkg-config file.
fsviewer uses WINGs so get the settings missing when building
from pkg-config.

(nros)

doc: Updated devel/py-nihtest to 1.3.0

(wiz)

py-nihtest: update to 1.3.0.

# 1.3.0 [2023-12-22]

- Add set-modification-time.
- Fix inline stdin data.
- Improve error handling.
- Require python 3.9.

(wiz)

doc: Updated mail/neomutt to 20231221

(wiz)

neomutt: update to 20231221.

2023-12-21  Richard Russon  \<rich@flatcap.org\>
* Features
  - #4126 - add alias 'tags:'
* Bug Fixes
  - #4115 - create HelpBar after colours
  - #4116 - Fix Batch Sending of Emails
  - #4119 - Fix Header Cache Key Handling
  - #4121 - mutt_oauth2.py: error out if ENCRYPTION_PIPE was not supplied
  - #4124 - config: fix flag overlaps
  - #4125 - compose: restore view-text/pager/mailcap
  - color: fix attr_color_copy()
  - fix :color dump
  - fix leak in completion
  - force mail check on current mailbox after `<imap-fetch-mail>`
  - Allow sending an empty mail
  - mutt_oauth2.py: Use readline to overcome macOS input() restrictions
* Changed Config
  - add $history_format: '%s'
* Translations
  - 100% Czech
  - 100% German
  - 100% Lithuanian
  - 100% Serbian
  - 100% Slovak
  - 100% Turkish
  - 99% Spanish
  - 99% Hungarian
* Coverity defects
  - #4111 Educate Coverity about ARRAYs
  - fix defects
* Build
  - #4098 - build: use fallthrough attribute
  - #4100 - build: split maildir and mh types
  - #4101 - version: drop default features
  - #4108 - strip non-conditionals
  - #4122 - add github action to check for unused functions (xunused)
  - update fedora action
  - coverage: fix build for lcov v2
  - tests: fix error cases
* Code
  - #4097 - config: add DT_ON_STARTUP
  - #4104 - Change mutt_default_save() and addr_hook() to take a buffer
  - #4105 - Use buffer pool in tests
  - #4106 - Switch some buffers to use the buffer pool
  - #4109 - Improve the Progress Bar
  - #4117 - remove MxOps::path_parent() and mutt_path_parent()
  - #4120 - remove unused functions
  - #4131 - move editor test code
  - #4133 - move log_disp_null() into test folder
  - #4137 - move config string name functions into tests
  - add: hook_new()/hook_free()
  - fix more printf-style params
  - rename compare to equal
  - hcache: renaming for clarity

(wiz)

doc: Updated graphics/opencv-contrib-face to 3.4.17

(thor)

doc: Updated graphics/opencv to 3.4.17

(thor)

opencv: version 3.4.17 with proper explicit BLAS (CBLAS + LAPACKE) usage

This does the small bugfix update from 3.4.16 to 3.4.17 and adds proper usage
of BLAS stuff. There was linkage to BLAS before via numpy, but the internal
explicit BLAS-using code was not built, as the CMake machinery did not find it.

This commit drops an actually counterproductive patch and adds pkg-config
calls to find the BLAS-related libraries. Note that vor opencv-contrib-face,
the BLAS choice during its build doesn't really enter the result, apparently,
but the build process does use it and it would not help to confuse matters there.

I am not sure if the buildlink3.mk should also add blas.buildlink3.mk now. It
does not feature numpy right now. Should it?

Next step should be move towards 4.x at least.

Upstream:

December, 2021

OpenCV 3.4.17 has been released. Bug fixes, optimizations and other enhancements
are propagated into OpenCV 4.5.5.

Long-lived OpenCV 3.x release series is here since 2015. We are going to reduce
support of 3.x branch in the future to move forward to OpenCV 5.0.

(thor)

provide archive

(zafer)

doc/TODO: + libdrm-2.4.119, tor-browser-13.0.8.

(wiz)

doc: Updated graphics/wallust to 2.8.0

(pin)

graphics/wallust: update to 2.8.0

new minor version: 2.8.0
- automate the creation of wallust.toml (missing word wrapping) [82c2911b11]
- implement color saturation optionally [24afe5754f]
- and avaliable with --saturation cli flag [67f0fde295]
- ensure a readable contrast in between palettes [b9f35899b6]
- colorspaces:
    - labmixed: truly mix colors, instead of the old workaround of only mixing
      luminance, by converting to rgb. [7b015e7cbf]
    - internals:
        - implement gather_cols() [7f4df61f58]
            = gather_cols_lazy() [ed488ca9d7]
        - implement .set_luminance() [18ff9ac6b3]
        - store an additional array of most prominent first [45a0b0260a]
        - hardcode lightest and darkest values intead of calculating them,
          ensuring a constant palette, which probably fixed monochromes
          palettes a bit [c48e5c7460]
- filters:
    - resized: respect aspect ratio [62885455c0e034c3c0765bdecb085b28128344f0}
    - add 16 variation of all other filters schemes [0e3f8ff125]
    - internals: accept Cols instead of raw [u8] [be41968427]
- sort cli flags in alphabetical order [925e59aa72]
- sort subcommand cli flags in alphabetical order [53043d23e5]
- support "this-name" as well as "thisname" either in the config file and the
  command line (e.g. wallust image.png -c labmixed is the same as wallust
  image.png -c lab-mixed) [08f1b0559c]
- --update-current/-u cli flag to only update terminal colors in the current
  session [7f4df61f58]
- add alpha template variable inside wallust.toml [67ede320d7]
- add {alpha_dec} to templates variable, indicates a decimal representation
  for the alpha value [077440c8b1]
- add a debug subcommad [225543f7bb]
- reword a bit descriptions of wallust.toml
- update dependencies

(pin)

yubikey-manager-qt: fix build

(wiz)

update homepage and master site

(zafer)

master site moved to gitlab. oldest version is 0.8.9. needs update.

(zafer)

fetch from backup

(zafer)

update master site

(zafer)

update homepage and master site

(zafer)

geeqie: fix locale files installation when PKGLOCALEDIR is not share

(nros)

giflib-util: Fix manpage installation when custom PKGMANDIR is set

(nros)

doc/TODO: + enigma-1.30.

(wiz)

the previous change broke checksum, fix it

(spz)

biolibc-tools: fix installation of manpages for users of a custom PKGMANDIR

(nros)

repmgr: uses curl

(nros)

doc/TODO: + grub2-2.12.

(wiz)

uhd: remove patch that was removed from distinfo during update

(wiz)

doc: libssh2 terrapin vuln

(wiz)

doc: Updated security/libssh2 to 1.11.0nb2

(wiz)

libssh2: add upstream fix for Terrapin

Bump PKGREVISION.

(wiz)

https

(zafer)

https

(zafer)

https

(zafer)

https

(zafer)

graphics/ImageMagick6: PKG_OPTIONS_VAR shouldn't conflict with graphics/ImageMagick

(charlotte)

editors/xjed: Reset PKGREVISION

(should have happened with update)

Thanks to pin@ for pointing this out.

(gdt)

doc: Updated devel/cargo-modules to 0.13.1

(pin)

devel/cargo-modules: update to 0.13.1

[0.13.1] - 2023-12-20
Changed
- Bumped MSRV from 1.68.2 to 1.70.0
- Updated dependencies:
    - rust-analyzer from 0.0.189 to 0.0.190

(pin)

doc/TODO: + qemu-8.2.

(wiz)

py-progressbar2: also needs wheel to build wheel

(nros)

doc: erlang terrapin vuln

(wiz)

doc: erlang* updated to 26.2.1

(wiz)

Fix build on case sensitive filesystems

No PKGREVISION bump as no change in any built packages

(abs)

erlang*: update to 26.2.1

Contains a Terrapin fix for erlang ssh.

26.2.1

---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------

  OTP-18897    Application(s): ssh

              With this change (being response to CVE-2023-48795),
              ssh can negotiate "strict KEX" OpenSSH extension with
              peers supporting it; also
              'chacha20-poly1305@openssh.com' algorithm becomes a
              less preferred cipher.

              If strict KEX availability cannot be ensured on both
              connection sides, affected encryption modes(CHACHA and
              CBC) can be disabled with standard ssh configuration.
              This will provide protection against vulnerability, but
              at a cost of affecting interoperability. See
              Configuring algorithms in SSH.

---------------------------------------------------------------------
--- OTP-26.2.1 ------------------------------------------------------
---------------------------------------------------------------------

--- Fixed Bugs and Malfunctions ---

  OTP-18903    Application(s): otp

              Updated copyright and license information.

---------------------------------------------------------------------
--- erts-14.2.1 -----------------------------------------------------
---------------------------------------------------------------------

The erts-14.2.1 application can be applied independently of other
applications on a full OTP 26 installation.

--- Fixed Bugs and Malfunctions ---

  OTP-18902    Application(s): erts

              Removed unnecessary PCRE source tar-ball.

26.2

Highlights #

    process_info/2 now supports lookup of values for specific keys in the process dictionary.

Potential incompatibilities: #

    common_test now returns an error when a suite with a badly defined group is executed.

(wiz)

postgresql16-docs: fix installation on solaris

(nros)

doc: dropbear terrapin vuln

(wiz)

doc: Updated security/dropbear to 2022.83nb1

(wiz)

dropbear: update to 2022.83nb1.

Include terrapin fix and bump PKGREVISION to make clear this
is not 2022.83.

2022.83 - 14 November 2022

Features and Changes:
  Note >> for compatibility/configuration changes

- >> Disable DROPBEAR_DSS by default
  It is only 1024 bit and uses sha1, most distros disable it by default already.

- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
  >> RSA with sha1 will be disabled in a future release (rsa keys will continue
  to work OK, with sha256 signatures used instead).

- Add option for requiring both password and pubkey (-t)
  Patch from Jackkal

- Add 'no-touch-required' and 'verify-required' options for sk keys
  Patch from Egor Duda

  - >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
  and DROPBEAR_SK_ED25519 options.

- Add 'permitopen' option for authorized_keys to restrict forwarded ports
  Patch from Tuomas Haikarainen

- >> Added LTM_CFLAGS configure argument to set flags for building
  bundled libtommath. This also restores the previous arguments used
  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
  key generation, which regressed in 2022.82.
  There is a tradeoff with code size, so -Os can be used if required.
  https://github.com/mkj/dropbear/issues/174
  Reported by David Bernard

- Add '-z' flag to disable setting QoS traffic class. This may be necessary
  to work with broken networks or network drivers, exposed after changes to use
  AF21 in 2022.82
  https://github.com/mkj/dropbear/issues/193
  Reported by yuhongwei380, patch from Petr Štetiar

- Allow overriding user shells with COMPAT_USER_SHELLS
  Based on a patch from Matt Robinson

- Improve permission error message
  Patch from k-kurematsu

- >> Remove HMAC_MD5 entirely

Regression fixes from 2022.82:

- Fix X11 build

- Fix build warning

- Fix compilation when disabling pubkey authentication
  Patch from MaxMougg

- Fix MAX_UNAUTH_CLIENTS regression
  Reported by ptpt52

- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
  https://github.com/mkj/dropbear/issues/174
  Suggested by Steffen Jaeckel

- Fix Dropbear plugin support
  https://github.com/mkj/dropbear/issues/194
  Reported by Struan Bartlett

Other fixes:

- Fix long standing incorrect compression size check. Dropbear
  (client or server) would erroneously exit with
  "bad packet, oversized decompressed"
  when receiving a compressed packet of exactly the maximum size.

- Fix missing setsid() removed in 2020.79
  https://github.com/mkj/dropbear/issues/180
  Reported and debugged by m5jt and David Bernard

- Try keyboard-interactive auth before password, in dbclient.
  This was unintentionally changed back in 2013
  https://github.com/mkj/dropbear/pull/190
  Patch from Michele Giacomoli

- Drain the terminal when reading the fingerprint confirmation response
  https://github.com/mkj/dropbear/pull/191
  Patch from Michele Giacomoli

- Fix utx wtmp variable typo. This has been wrong for a long time but
  only recently became a problem when wtmp was detected.
  https://github.com/mkj/dropbear/pull/189
  Patch from Michele Giacomoli

- Improve configure test for hardening options.
  Fixes building on AIX
  https://github.com/mkj/dropbear/issues/158

- Fix debian/dropbear.init newline
  From wulei-student

Infrastructure:

- Test off-by-default compile options

- Set -Wundef to catch typos in #if statements

2022.82 - 1 April 2022

Features and Changes:
  Note >> for compatibility/configuration changes

- Implemented OpenSSH format private key handling for dropbearconvert.
  Keys can be read in OpenSSH format or the old PEM format.
  >> Keys are now written in OpenSSH format rather than PEM.
  ED25519 support is now correct. DSS keys are still PEM format.

- Use SHA256 for key fingerprints

- >> Reworked -v verbose printing, specifying multiple times will increase
  verbosity. -vvvv is equivalent to the old DEBUG_TRACE -v level, it
  can be configured at compile time in localoptions.h (see default_options.h)
  Lower -v options can be used to check connection progress or algorithm
  negotiation.
  Thanks to Hans Harder for the implementation

  localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
  previous DEBUG_TRACE 1.

- Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
  authorized_keys. no-touch-required option isn't allowed yet.
  Thanks to Egor Duda for the implementation

- autoconf output (configure script etc) is now committed to version control.
  >> It isn't necessary to run "autoconf" any more on a checkout.

- sha1 will be omitted from the build if KEX/signing/MAC algorithms don't
  require it. Instead sha256 is used for random number generation.
  See sysoptions.h to see which algorithms require which hashes.

- Set SSH_PUBKEYINFO environment variable based on the authorized_keys
  entry used for auth. The first word of the comment after the key is used
  (must only have characters a-z A-Z 0-9 .,_-+@)
  Patch from Hans Harder, modified by Matt Johnston

- Let dbclient multihop mode be used with '-J'.
  Patch from Hans Harder

- Allow home-directory relative paths ~/path for various settings
  and command line options.
  *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH MOTD_FILENAME
  Thanks to Begley Brothers Inc

  >> The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
  a tilde prefix.

- LANG environment variable is carried over from the Dropbear server process
  From Maxim Kochetkov

- Add /usr/sbin and /sbin to $PATH when logging in as root.
  Patch from Raphaël Hertzog
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

- Added client option "-o DisableTrivialAuth". It disallows a server immediately
  giving successful authentication (without presenting any password/pubkey prompt).
  This avoids a UI confusion issue where it may appear that the user is accepting
  a SSH agent prompt from their local machine, but are actually accepting a prompt
  sent immediately by the remote server.
  CVE-2021-36369 though the description there is a bit confused. It only applies
  to Dropbear as a client.
  Thanks to Manfred Kaiser from Austrian MilCERT

- Add -q client option to hide remote banner, from Hans Harder

- Add -e option to pass all server environment variables to child processes.
  This should be used with caution.
  Patch from Roland Vollgraf (github #118)

- >> Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
  AF21 "interactive". Previously TOS classes were used, they are not used by
  modern traffic classifiers. Non-tty traffic is left at default priority.

- >> Disable dh-group1 key exchange by default. It has been disabled server
  side by default since 2018.

- >> Removed Twofish cipher

Fixes:

- Fix flushing channel data when pty was allocated (github #85)
  Data wasn't completely transmitted at channel close.
  Reported and initial patch thanks to Yousong Zhou

- Dropbear now re-executes itself rather than just forking for each connection
  (only on Linux). This allows ASLR to randomise address space for each
  connection as a security mitigation. It should not have any visible impact
  - if there are any performance impacts in the wild please report it.

- Check authorized_keys permissions as the user, fixes NFS squash root.
  Patch from Chris Dragan (github #107)

- A missing home directory is now non-fatal, starting in / instead

- Fixed IPv6 [address]:port parsing for dbclient -b
  Reported by Fabio Molinari

- Improve error logging so that they are logged on the server rather than being
  sent to the client over the connection

- Max window size is increased to 10MB, more graceful fallback if it's invalid.

- Fix correctness of Dropbear's handling of global requests.
  Patch from Dirkjan Bussink

- Fix some small bugs found by fuzzers, null pointer dereference crash and leaks
  (post authentication)

- $HOME variable is used before /etc/passwd when expanding paths such as
  ~/.ssh/id_dropbear (for the client). Patch from Matt Robinson

- C89 build fixes from Guillaume Picquet

Infrastructure:

- Improvements to fuzzers. Added post-auth fuzzer, and a mutator that can
  handle the structure of SSH packet streams. Added cifuzz to run on commits
  and pull requests.
  Thanks to OSS-Fuzz for the tools/clusters and reward funding.

- Dropbear source tarballs generated by release.sh are now reproducible from a
  Git or Mercurial checkout, they will be identical on any system. Tested
  on ubuntu and macos.

- Added some integration testing using pytest. Currently this has tests
  for various channel handling edge cases, ASLR fork randomisation,
  dropbearconvert, and SSH_PUBKEYINFO

- Set up github actions. This runs the pytest suite and other checks.
  - build matrix includes c89, dropbearmulti, bundled libtom, macos, DEBUG_TRACE
  - test for configure script regeneration
  - build a tarball for external reproducibility

(wiz)

doc: terrapin for proftpd vuln

(wiz)

doc: Updated net/proftpd to 1.3.8b

(wiz)

proftpd*: update to 1.3.8b

1.3.8b - Released 19-Dec-2023
--------------------------------
- Issue 1735 - Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3
  fails.
- Issue 1756 - Build system fails for specific module names.
- Issue 1760 - mod_sftp is affected by "Terrapin" Prefix Truncation Attacks in
  SSH Specification (CVE-2023-48795).

1.3.8a - Released 08-Oct-2023
--------------------------------
- Issue 1581 - mod_sftp fails to handle SFTP requests to truncate files to
  zero size.
- Issue 1584 - mod_sftp improperly handles SFTP WRITE requests for files opened
  for appending.
- Issue 1568 - Build-time detection of Linux POSIX ACL support broken since
  1.3.8rc2.
- Issue 1590 - Unable to load mod_rewrite as a dynamic module due to
  incomplete/missing library linker flags.
- Issue 1597 - <Class> section is allowed to be in <Global>, but From directive
  is not.
- Issue 1617 - ExtendedLog SSH, SFTP classes not working as expected.
- Issue 1646 - mod_sftp does not handle multiple concurrent open file
  handles/transfers well for logging.
- Issue 1679 - "TLSRequired off" plus Protocols directive causes mod_tls to
  terminate the session abruptly.
- Issue 1689 - mod_tls fails to compile against OpenSSL 3.0.8 due to missing
  ENGINE_METHOD_ flags.
- Issue 1659 - Unknown named connection error when using different SQL backends.
- Issue 1697 - mod_sql is not properly closing all named backend connections on
  session exit.
- Issue 1694 - SSH key exchanges fail unexpectedly with "unable to write X
  bytes of raw data" errors due to small ProFTPD buffer.
- Issue 1678 - High session memory usage caused by SFTP outgoing data buffering.
- Issue 1683 - Out-of-bounds buffer read when handling FTP commands.
- Issue 1712 - SFTP algorithm settings in <Global> section not being used.

1.3.8 - Released 04-Dec-2022
--------------------------------
- Issue 1488 - 1.3.8rc4 failing to build mod_sftp with OpenSSL 1.1.0 due to
  X448 check.
- Issue 1494 - 1.3.8rc4 failing to build on Solaris due to missing type
  declarations.
- Issue 1500 - mod_ifsession doesn't change the effect of SFTPMaxChannels.
- Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
  authentication in some configurations.
- Issue 1528 - Disable FSCachePolicy by default.
- Issue 1539 - Avoid logging "session closed" messages unless there is a
  corresponding "session opened" log message, to avoid user confusion.
- Issue 1550 - Implement support for the CSID FTP command.
- Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
  not match publickey algorithm 'ssh-rsa'.
- Issue 1560 - mod_auth_otp improperly allows keyboard-interactive logins for
  users lacking OTP entries.

1.3.8rc4 - Released 23-Jul-2022
--------------------------------
- Issue 1434 - mod_sftp should fail on startup when SFTP and TLS are both
  enabled for a vhost.
- Issue 1440 - DelayTable not properly using documented default value.  This
  is a regression caused by the changes for Bug#4020.
- Issue 1444 - Support customizing SSH ciphers, digests, key exchanges via
  SFTPClientMatch.
- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- Issue 1445 - BanOnEvent BadProtocol triggers segfault.
- Issue 1439 - SFTP "check-file" implementation computes incorrect results.
- Issue 1457 - Implement SFTPHostKeys directive for configuring the SSH host
  key algorithms.
- Issue 1437 - Implement the "curve448-sha512" SSH key exchange algorithm.
- Issue 1472 - Include directive broken when using wildcards for directory
  components.
- Bug 4485 - mod_sftp fails to build using OpenSSL 1.0.x: undefined reference
  to `EVP_MD_CTX_reset'.
- Issue 1476 - Reload after omitting explicit ModulePath value causes fatal
  module load failures.

1.3.8rc3 - Released 23-Apr-2022
--------------------------------
- Issue 1323 - Support SSH hostkey rotation via OpenSSH extensions.
- Issue 1325 - NLST does not behave consistently for relative paths.
- Bug 3759 - Support AES Galois Counter Mode (AES-GCM) in SSH.  Support for
  the "aes128-gcm@openssh.com" and "aes256-gcm@openssh.com" ciphers has been
  added to mod_sftp.
- Issue 1333 - Implement an LDAPConnectTimeout directive, to configure the
  timeout used when connecting to LDAP servers.
- Issue 1330 - Implement OpenSSH "Encrypt-Then-MAC" (ETM) algorithm extensions.
- Issue 1346 - Implement AllowForeignAddress class matching for passive data
  transfers.
- Issue 1353 - Implement support for PCRE2.
- Bug 4466 - ProFTPD won't start with several locales.
- Issue 1367 - Auth sources providing space-bearing user/group names cause
  compliance issues with MLSD/MLST responses.
- Bug 4467 - DeleteAbortedStores removes successfully transferred files
  unexpectedly.
- Issue 1383 - Omit EPRT/EPSV from FEAT response when denied by <Limit>
  configuration.
- Issue 1379 - Support uploading to symlinked files.
- Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
  SOL_SOCKET.
- Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
  data connection.
- Issue 1396 - ProFTPD always uses the same PassivePorts port for first
  transfer.
- Issue 1410 - mod_sftp needs to handle unknown SSH messages in an
  RFC-compliant manner, ignoring rather than disconnecting.
- Issue 1418 - Improve handling of some globally applied configuration
  directives.
- Issue 1369 - Name-based virtual hosts not working as expected after upgrade
  from 1.3.7a to 1.3.7b.

1.3.8rc2 - Released 29-Aug-2021
--------------------------------
- Bug 4401 - mod_sftp crashes when handling aes256-ctr OpenSSH-specific key
  with some old OpenSSL versions.
- Issue 1273 - Improve mod_tls log messages for unsupported older TLS protocol
  requests.
- Issue 1284 - Fix memory disclosure to RADIUS servers by mod_radius.
- Issue 1282 - Properly handle <VirtualHost> sections that use interface/device
  names.
- Bug 4315 - mod_ifsession fails to reset directory config lookup after
  <Directory> section merges.
- Issue 1296 - Support <Limit> configurations for HELP command.
- Issue 1300 - PCRE expressions with capture groups are not being handled
  properly.
- Issue 1307 - AuthUserFile permissions check fails during SIGHUP, causing
  ProFTPD to stop.
- Issue 1286 - Add support for the libidn2 library, over libidn, for e.g.
  mod_rewrite mappings.
- Bug 4443 - Changed the default behavior of mod_tls, such that TLS
  renegotiations on control/data connections are not requested by default.
  TLS renegotiations have a long and sordid history; many SSL/TLS libraries no
  longer implement them, or disable them by default.
- Issue 1319 - mod_auth_otp should honor RequireTableEntry semantics for SFTP
  logins.

1.3.8rc1 - Released 13-Jun-2021
--------------------------------
- Issue 1063 - FTPS data transfers using TLSv1.3 might segfault when session
  tickets cannot be decrypted.
- Issue 1070 - Implement support for Redis 6.x AUTH semantics.
- Issue 1068 - Define an OpenSSL API version compatibility macro, currently
  set to OpenSSL 1.0.0 and later.
- Bug 4405 - Memory use-after-free in mod_sftp causes unexpected
  login/authentication issues.
- Bug 4402 - Inappropriate handling of aborted FTP data transfers causes issues
  for some FTP clients.
- Issue 1084 - Implement support for configuring TLSv1.3 ciphersuites.
- Issue 1086 - Update TLSRenegotiate to work properly for TLSv1.3 sessions.
- Issue 1079 - prxs fails to detect module-specific configure/Makefile,
  leading to unexpected module load errors.
- Issue 1074 - TLS SNI connections to name-based VirtualHosts with
  TLSCertificateChainFile fail unexpectedly.
- Issue 1089 - Deprecate the MultilineRFC2228 directive.
- Issue 1067 - Generate new DH parameters for mod_tls, mod_sftp for 1.3.8.
- Issue 1101 - Update TLS minimum supported DH parameter size to 2048.
- Issue 811 - Support adding custom key/values to RedisLogOnCommand.
- Issue 1106 - TLS SNI can cause mod_quotatab to crash due to null pointer
  dereferences.
- Issue 1076 - TLS client-initiated renegotiations are supported unexpectedly.
- Issue 1105 - Improper handling of multiple IP addresses, ServerAliases in
  <VirtualHost> sections.
- Issue 1048 - Support using weak TLS certificates via the new AllowWeakSecurity
  TLSOption.
- Issue 1149 - mod_quotatab_sql failing due to SQL syntax errors.  This is a
  regression caused by Issue #392.
- Issue 1061 - Freeing uninitialized memory causes SFTP issues with ed25519
  keys.
- Issue 1111 - "Corrupted MAC on input" errors using SFTP umac-64@openssh.com
  digest.
- Issue 1171 - PassivePort randomization is broken due to SO_REUSEPORT option.
- Issue 1072 - Support configurable certificate settings in Redis SSL/TLS
  connections.
- Issue 369 - Provide function for obtaining memory pool information as e.g.
  JSON.
- Issue 1134 - AuthUserFile-based logins, directory listings are very slow due
  to unbuffered reads.
- Issue 1193 - Improper checking for reused TLS session for data transfers
  using OpenSSL 1.1.1.
- Issue 1168 - Improve error handling of OpenSSH host keys converted to PEM
  format.
- Issue 1179 - TLSRSACertificateKeyFile sanity checks fail unexpectedly for
  passphrase-protected keys.
- Issue 1174 - ftptop segfaults when using libncursesw on Gentoo.
- Issue 1204 - Once TLSTimeoutHandshake is reached, internal "timed out" flag
  never reset.
- Issue 1133 - Support include files in mod_wrap2 allow/deny tables.
- Issue 1200 - Disconnect SFTP clients that request unsupportable protocol
  versions.
- Issue 1207 - On Gentoo, "./configure --disable-ncurses" fails to link ftptop,
  due to "undefined reference to symbol 'stdscr'" error.
- Issue 1212 - mod_sql_mysql needs to quote table names due to reserved MySQL
  keywords.
- Issue 1175 - Unable to set per-user TLSOptions using mod_ifsession.
- Issue 754 - Some mod_snmp counters were not being incremented properly.
- Issue 548 - `make install` target should install only, not recompile any code.
- Bug 4428 - <VirtualHost> name resolution does not include all associated
  IPv6 records.
- Issue 1230 - Stack overflow due to unlimited recursion possible when parsing
  JSON text.
- Issue 1232 - Unable to use %{env:FTPS} in a SQLNamedQuery.  The fix is to now
  use %{note:FTPS} instead.
- Issue 1170 - Implement support for user/host combination bans in mod_ban.
- Issue 1246 - mod_sftp_sql crashes (sigsegv) on NULL key.
- Issue 1237 - ftpasswd should default to SHA256, not MD5.
- Issue 490 - Support syntax checks on AuthUserFiles, AuthGroupFiles on startup.

(wiz)

doc: Added security/terrapin-scanner version 1.0.3

(schmonz)

Add and enable terrapin-scanner.

(schmonz)

Add terrapin-scanner: Scan SSH servers and clients for Terrapin vulnerability

The Terrapin Vulnerability Scanner is a small utility program written in
Go, which can be used to determine the vulnerability of an SSH client or
server against the Terrapin Attack. The vulnerability scanner requires a
single connection with the peer to gather all supported algorithms.
However, it does not perform a fully fledged SSH key exchange, will
never attempt authentication on a server, and does not perform the
attack in practice. Instead, vulnerability is determined by checking the
supported algorithms and support for known countermeasures (strict key
exchange). This may falsely claim vulnerability in case the peer
supports countermeasures unknown to this tool.

(schmonz)

fcitx5-gtk: Fix linking with libxkbcommon on non-wayland platforms
fcitx5-gtk:s configure step claims that libxkbcommon is optional
but it always links to XKBCommon::XKBCommon. libxbcommon is pulled
in via buildlink3.mk from gtk3 on wayland platforms. On non-wayland
platforms it is not pulled in causing build breakage. Include
libxkbcommons buildlink3.mk in the Makefile to make sure it is
available unconditionally.
No revbump is done in this commit since it is a build fix, all
built packages are already linked to libxkbcommon.

(nros)

fcitx: fix build on illumos, illumos has endian.h just like linux

(nros)

leptonica: fix build for packages that use liptonica with gcc 12 and C++ on Solaris

(nros)

doc: Updated sysutils/xcp to 0.16.0

(pin)

sysutils/xcp: update to 0.16.0

- Add reflink support for filesystems that support it (XFS, Btrfs, bcachefs).
- Add CI for FreeBSD (thanks to @yurivict for bug reports and suggestions).
- The parblock driver now works with MacOS.
- Test cleanup and optimisation of stress tests.

(pin)

mk/bsd.pkg.mk: started freeze for pkgsrc-2023Q4 branch [gdt 2023-12-20]

(gdt)

doc: Updated editors/xjed to 0.99.19nb1

(gdt)

editors/xjed: Update to 0.99.19

Upstream does not seem to publish any changes, and does not even have tags.

Update prepared in wip by Kevin Bloom.
Committed after two weeks with no response from $MAINTAINER.

(gdt)

doc: Updated editors/jed to 0.99.19

(gdt)

editors/jed: Update to 0.99.19

Upstream does not seem to publish any changes, and does not even have tags.

Update prepared in wip by Kevin Bloom.
Committed after two weeks with no response from $MAINTAINER.

(gdt)

py-progressbar2: uses setuptools as build engine for wheel

(nros)

use https

(zafer)

use https

(zafer)

use https

(zafer)

use https

(zafer)

use https

(zafer)

use https

(zafer)

update homepage

(zafer)

update homepage. fetch from backup.

(zafer)

https

(zafer)

provide archive

(zafer)

update homepage. provide archive.

(zafer)

update homepage

(zafer)

provide archive

(zafer)

doc: Updated wm/marswm to 0.5.3

(pin)

wm/marswm: update to 0.5.3

- Adding mars-help to quickstart guide
- Adding mars-help example
- Adding Canvas::dimensions()
- Fix error messages being printed to stdout

(pin)

doc: Updated shells/oh-my-posh to 19.3.0

(pin)

shells/oh-my-posh: update to 19.3.0

Features
- node: match lts versions (db32446), closes #4555

(pin)

x11/qt5-qttools: really make llvm dependency go away with explicit switch

This adds the explicit switch to qmake to avoid pulling in llvm even from
the environment by accident. It only changes the result for people who
tried disabling the suggested llvm option but hat interference.

(thor)

update homepage and master site

(zafer)

update homepage and master site

(zafer)

update homepage and master site

(zafer)

update master site and homepage

(zafer)

x11/qt5-qtmultimedia: fix backend choices (esp. deactivate openal)

This enables and disables audio backends explicitly via QMAKE_ARGS and
includes a patch from FreeBSD that adds the missing knob vor openal.

(thor)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

update master site

(zafer)

doc: Updated math/armadillo to 12.6.7

(thor)

math/armadillo: C++ linear algebra library

longer form:

Armadillo is a high quality linear algebra library (matrix maths) for the
C++ language, aiming towards a good balance between speed and ease of use

Provides high-level syntax and functionality deliberately similar
to Matlab

Useful for algorithm development directly in C++, or quick conversion
of research code into production environments

Provides efficient classes for vectors, matrices and cubes; dense and
sparse matrices are supported

Integer, floating point and complex numbers are supported

A sophisticated expression evaluator (based on template meta-programming)
automatically combines several operations to increase speed and efficiency

Dynamic evaluation automatically chooses optimal code paths based on
detected matrix structures

Various matrix decompositions (eigen, SVD, QR, etc) are provided
through integration with LAPACK, or one of its high performance drop-in
replacements (eg. MKL or OpenBLAS)

Can automatically use OpenMP multi-threading (parallelisation) to speed
up computationally expensive operations

Distributed under the permissive Apache 2.0 license, useful for both
open-source and proprietary (closed-source) software

Can be used for machine learning, pattern recognition, computer vision,
signal processing, bioinformatics, statistics, finance, etc

(thor)

doc: Updated devel/p5-Perl-Critic to 1.152

(mef)

(devel/p5-Perl-Critic) Updated 1.150 to 1.152

1.152 Mon Oct 16 10:32:04 PM CDT 2023

    Now requires PPI 1.177.

    [Fixes]
    Fix a test failure for Subroutines::RequireArgUnpacking. Thanks, Christian
    Walde. (GH #1048)

    Fixed a test failure in t/06_violation.t on Perl 5.39.1 or above. Thanks,
    Yves Orton. (GH #1037)

(mef)

update master site

(zafer)

math/superlu: fix buildlink to runtime dep for shared lib change

(thor)

doc: Updated devel/p5-Parse-PMFile to 0.44

(mef)

(devel/p5-Parse-PMFile) Updated 0.42 to 0.44

0.44 2023/04/27
  - Allow to parse class|role NAME VERSION

0.43 2020/12/12
  - Avoid instantiating `Safe` compartment if operating in "unsafe" mode.
    (GH#12; bleargh45++)

(mef)

doc: Updated devel/p5-PAR-Packer to 1.059

(mef)

(devel/p5-PAR-Packer) Updated 1.052 to 1.059

1.059  2023-07-20

- correctly propagate the exit value of a packed executable

  Get the exit value from perl_destruct() instead of perl_run().
  These may be different, e.g. if the value of $? is set in an END block.

- clean up tests a bit
- set up GitHub CI and add cpanfile (for CI only)
- check more return codes in myldr/*.c

1.058  2023-06-12

- patch DynaLoader.pm to make intercepting DynaLoader::bootstrap work again
  for Perl >= 5.35 on Windows (see #74)

  $do_expand was changed in perl 5.36 from an (implicit) "local" variable
  to "my". This breaks how PAR::Heavy intercepts calls to
  DynaLoader::bootstrap: monkey-patching DynaLoader::bootstrap,
  DynaLoader::dl_findfile and DynaLoader::bootstrap while setting
  "local $DynaLoader::do_expand = 1".

- reorganize modules etc used in tests
- add test to run an XS module from a .par file
- add a test for loading XS "glue" DLLs

- remove unused code for packed DLLs ("pp --link ...")
  - nobody packs (non-XS) DLLs as embedded "FILE"s
  - nobody uses a $Config{version) sub directory when packing DLLs below
    "shlib/" in the zip

1.057  2022-11-29

- use a different method to mark executable built from "pp --clean ..."

  - scripts/par.pl: don't patch the string "__PASS_PAR_CLEAN__              \0" in the
    "boot" section of the executable and ...
  - myldr/boot.c: ... stop looking for the patched string
  - scripts/par.pl: add "\0CLEAN" in lieu of "\0CACHE" (and drop the 40-byte
    cache name below that) in the "trailer" section when generating a packed
    executable when META.yml indicates "--clean" was specified)
  - myldr/mktmpdir.c: allow "\0CLEAN" as an alternative to "\0CACHE"
    and set PAR_CLEAN=1 in that case
  - myldr/mktmpdir.c: implement find_par_magic() akin the one in script/par.pl

- better CLT detection in MacOS (#70) [plk <Philip@kime.org.uk>]

- use Getopt::ArgvFile with resolveEnvVars=1
  suggested by Johan Vromans (@sciurius on GitHub)

1.056  2022-09-05

- Fix #66: patch myldr/boot for "pp --clean ..." without side effects

  - make sure myldr/boot contains exactly one string of the form
    "__PASS_PAR_CLEAN__              \0" so that there are no
    duplicates that may get split on chunk boundaries
    (myldr/boot_embedded_files.c)
  - simplify patching of this string (in $loader) to
    "__PASS_PAR_CLEAN__=1            \0" in script/par.pl
  - add a test for #66 (check for ephemeral vs persistent cache directory)

- Revert "Fixes #62: rs6000_71 (AIX) "An offset in the .loader section header is too large.""

  PAR_CLEAN is set too late: at this point PAR_TEMP has already
  been set (and populated) to a persistent cache directory
  (/tmp/par-USER/cache-SHA1) instead of an ephemeral one (/tmp/par-USER/temp-PID).

- Some code cleanup
  - replace some magic numbers with constants
  - use string interpolation (instead of concatenation)
  - clean up some convoluted C code

1.055  2022-07-03

- Fix #62: rs6000_71 (AIX) "An offset in the .loader section header is too large."

  Communicate pp option "--clean" to the generated executable in a
  different way. Previously this was done by patching "__ENV_PAR_..." strings
  **in the executable being built** and interpreting these strings in
  par.pl **at runtime**. Though hacky, this seemingly worked on any OS
  (without rendering the executable invalid).
  But the only information ever passed was the value of PAR_CLEAN and this was
  gleaned at build time from the value of JSONPath $par.clean from META.yml
  in the zip (set by pp by option "--clean").
  Instead read and interpret "META.yml" in par.pl **at runtime**.

- Fix: merge PR #58 from Philip@kime.org.uk:

  Adding support for running MacOS Universal binaries created via 'lipo'
  from already pp'ed and signed thin binaries

- Make writing stuff more robust: check return value of print()
  and close() in some places.

1.054  2022-01-27

- Temporarily disable t/90-gh41.t (system("\\\\?\\some-absolute-path") fails)

1.053  2022-01-25

- Fix: merge PR #56 from from Philip Kime <Philip@kime.org.uk>:
  Updating OSX codesign fix util with fix for automatically added ad-hoc signatures on OSX 12+

- Fix: merge PR #42 from Andrew-Kulpa/master:
  Get exe size from file handle instead of path

- Fix: prevent TABs in literal makefile fragments from being expanded

- Cleanups:
  - par_findprog(): pass a copy of argument `path卒 to strtok()
  - simplify searching for PAR magic
  - consolidate die()s
  - add a test for GitHub #41
  - add error message when exec'ing the custom perl fails in myldr/boot
  - untangle %require_list and %ModuleCache

(mef)