ghc7: Set _XOPEN_SOURCE correctly on SunOS.

(jperkin)

x265: Fix overloaded function call.

(jperkin)

Fix for SunOS.

(youri)

Fix startlxde so it picks the session configuration file properly.

(youri)

mit-krb5: Avoid bogus -Wuninitialized warning.

(jperkin)

Simplify.

(joerg)

Make bundles compatible with older hg versions. Bump revision.

(joerg)

doc: Updated lang/nodejs to 10.2.1

(fhajny)

lang/nodejs: Update to 10.2.1.

- http: fix res emit close before user finish
- src: re-integrate headers into node.h
- test: mark test-zlib.zlib-binding.deflate as flaky

(fhajny)

check-shlibs-macho.awk: Implement revision 1.3 correctly.

Skip any lines of otool output that do not start with a tab, ensuring we
only check valid files and ignore e.g. shell scripts.  Older versions of
otool would simply print no output on such files, whereas newer releases
print "is not an object file".

(jperkin)

Updated u-boot-* packages to 2018.05

(jmcneill)

Remove dependencies that are not in tree

(jmcneill)

Update U-Boot to 2018.05.

(jmcneill)

doc/TODO: add some

+ calibre-3.24, gimp-2.10.2, vice-3.2.

(wiz)

doc: Updated chat/weechat to 2.1

(maya)

weechat: update to 2.1

Note that if the perl option is used, weechat segfaults at exit.
Not sure the wide-curses option does anything.
Remove conflicting patches that don't seem necessary.

Highlights:
Option to check license of scripts loaded
Completion for /set and /help commands

(maya)

check-shlibs-macho.awk: Revert revision 1.3.

It completely broke the checks, resulting in broken binary packages
being shipped, e.g. https://github.com/joyent/pkgsrc/issues/104

(jperkin)

+py-fakefs

(bsiegert)

+py-fakefs

(bsiegert)

New package, py-fakefs-3.4.1.

pyfakefs implements a fake file system that mocks the Python file system
modules. Using pyfakefs, your tests operate on a fake file system in
memory without touching the real disk. The software under test requires
no modification to work with pyfakefs.

Part of PR pkg/52941.

(bsiegert)

Updated devel/p5-CPAN-Perl-Releases to 3.58

(wen)

Update to 3.58

Upstream changes:
version 3.58 at 2018-05-21 13:21:57 +0000
-----------------------------------------

  Change: 9c2d1a38ad555ec8f3bf1afacb5da13ccd8387d2
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2018-05-21 14:21:57 +0000

    Updated for v5.28.0-RC1

(wen)

Updated devel/p5-Error to 0.17026

(wen)

Update to 0.17026

Upstream changes:
May 23 2018 <shlomif@shlomifish.org> (Shlomi Fish)

  Error.pm #0.17026
  - Convert to Dist-Zilla.

(wen)

Updated devel/p5-Type-Tiny-XS to 0.014

(wen)

Update to 0.014

Upstream changes:
0.014  2018-05-20

[ Bug Fixes ]
- Bool was letting overloaded blessed objects pass the type constraint. It
  shouldn't.
  Gregory Oschwald++
  <https://github.com/tobyink/p5-type-tiny-xs/issues/5>

0.013  2018-05-15

[ Bug Fixes ]
- Strings like '00' and '000' shouldn't be accepted as PositiveInt.
  Will Storey++
  <https://github.com/tobyink/p5-type-tiny-xs/issues/7>

(wen)

Also install the egg-info file. Bump revision.

Part of PR pkg/52941.

(bsiegert)

doc: Added devel/go-gocode version 20170907

(minskim)

devel/Makefile: Add go-gocode

(minskim)

devel/go-gocode: Import version 20170907

Gocode is a helper tool which is intended to be integrated with your
source code editor, like vim, neovim and emacs. It provides several
advanced capabilities, which currently includes context-sensitive
autocompletion.  It is called daemon, because it uses client/server
architecture for caching purposes. In particular, it makes
autocompletions very fast. Typical autocompletion time with warm cache
is 30ms, which is barely noticeable.

(minskim)

Add a U-Boot meta package.

(jmcneill)

doc: Added math/R-igraph version 1.2.1

(minskim)

math/Makefile: Add R-igraph

(minskim)

math/R-igraph: Import version 1.2.1

Routines for simple graphs and network analysis. It can handle large
graphs very well and provides functions for generating random and
regular graphs, graph visualization, centrality methods and much more.

(minskim)

devel/R-magrittr: Simplify Makefile

Remove redundant variables and set USE_LANGUAGES.

(minskim)

doc: Updated geography/proj to 5.0.1

(gdt)

Update to 5.0.1

Upstream changes: bug fixes

(gdt)

doc: Updated devel/py-sortedcontainers to 2.0.2

(minskim)

devel/py-sortedcontainers: Update to 2.0.2

Version 2 represents a significant update to the source base. The code
has been refactored and modernized to embrace Python 3 semantics while
also using `autodoc` in Sphinx for more maintainable
documentation. The core design and algorithms are all the same.

(minskim)

doc: Added devel/py-toolz version 0.9.0

(minskim)

devel/Makefile: Add py-toolz

(minskim)

devel/py-toolz: Import version 0.9.0

A set of utility functions for iterators, functions, and dictionaries.

Packaged by Kamel Ibn Aziz Derouiche for pkgsrc-wip and updated by me.

(minskim)

Pullup ticket #5760 - requested by spz
lang/python27: security fix

Revisions pulled up:
- lang/python27/PLIST.common                                    1.19
- lang/python27/dist.mk                                        1.15
- lang/python27/distinfo                                        1.68
- lang/python27/patches/patch-ah                                1.9
- lang/python27/patches/patch-al                                1.18

---
  Module Name: pkgsrc
  Committed By: spz
  Date: Sat May 19 06:54:55 UTC 2018

  Modified Files:
  pkgsrc/lang/python27: PLIST.common dist.mk distinfo
  pkgsrc/lang/python27/patches: patch-ah patch-al

  Log Message:
  update python27 by one teeny, fixing 3 vulnerabilities.

  Upstream changelog, slightly reordered:

  Security
  --------

  - bpo-31530: Fixed crashes when iterating over a file on multiple threads.
    This resolves CVE-2018-1000030.

  - bpo-32997: A regex in fpformat was vulnerable to catastrophic
    backtracking. This regex was a potential DOS vector (REDOS). Based on
    typical uses of fpformat the risk seems low. The regex has been refactored
    and is now safe. Patch by Jamie Davis.

  - bpo-32981: Regexes in difflib and poplib were vulnerable to catastrophic
    backtracking. These regexes formed potential DOS vectors (REDOS). They
    have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch
    by Jamie Davis.

  - bpo-31339: Rewrite time.asctime() and time.ctime(). Backport and adapt the
    _asctime() function from the master branch to not depend on the
    implementation of asctime() and ctime() from the external C library. This
    change fixes a bug when Python is run using the musl C library.

  - bpo-30730: Prevent environment variables injection in subprocess on
    Windows.  Prevent passing other environment variables and command
    arguments.

  - bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple
    security vulnerabilities including: CVE-2017-9233 (External entity
    infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
    CVE-2016-0718 (Fix regression bugs from 2.2.0's fix to CVE-2016-0718) and
    CVE-2012-0876 (Counter hash flooding with SipHash). Note: the
    CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn't
    impact Python, since Python already gets entropy from the OS to set the
    expat secret using ``XML_SetHashSalt()``.

  - bpo-30500: Fix urllib.splithost() to correctly parse fragments. For
    example, ``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the
    ``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an
    authentification (``login@host``).

  - bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of
    CVE-2016-0718 and CVE-2016-4472. See
    https://sourceforge.net/p/expat/bugs/537/ for more information.

  Core and Builtins
  -----------------

  - bpo-33374: Tweak the definition of PyGC_Head, so compilers do not believe
    it is always 16-byte aligned on x86. This prevents crashes with more
    aggressive optimizations present in GCC 8.

  - bpo-33026: Fixed jumping out of "with" block by setting f_lineno.

  - bpo-17288: Prevent jumps from 'return' and 'exception' trace events.

  - bpo-18533: ``repr()`` on a dict containing its own ``viewvalues()`` or
    ``viewitems()`` no longer raises ``RuntimeError``.  Instead, use ``...``,
    as for other recursive structures.  Patch by Ben North.

  - bpo-10544: Yield expressions are now deprecated in comprehensions and
    generator expressions when checking Python 3 compatibility. They are still
    permitted in the definition of the outermost iterable, as that is
    evaluated directly in the enclosing scope.

  - bpo-32137: The repr of deeply nested dict now raises a RecursionError
    instead of crashing due to a stack overflow.

  - bpo-20047: Bytearray methods partition() and rpartition() now accept only
    bytes-like objects as separator, as documented.  In particular they now
    raise TypeError rather of returning a bogus result when an integer is
    passed as a separator.

  - bpo-31733: Add a new PYTHONSHOWREFCOUNT environment variable. In debug
    mode, Python now only print the total reference count if
    PYTHONSHOWREFCOUNT is set.

  - bpo-31692: Add a new PYTHONSHOWALLOCCOUNT environment variable. When
    Python is compiled with COUNT_ALLOCS, PYTHONSHOWALLOCCOUNT now has to be
    set to dump allocation counts into stderr on shutdown. Moreover,
    allocations statistics are now dumped into stderr rather than stdout.

  - bpo-31478: Prevent unwanted behavior in `_random.Random.seed()` in case
    the argument has a bad ``__abs__()`` method. Patch by Oren Milman.

  - bpo-31490: Fix an assertion failure in `ctypes` class definition, in case
    the class has an attribute whose name is specified in ``_anonymous_`` but
    not in ``_fields_``. Patch by Oren Milman.

  - bpo-31411: Raise a TypeError instead of SystemError in case
    warnings.onceregistry is not a dictionary. Patch by Oren Milman.

  - bpo-31343: Include sys/sysmacros.h for major(), minor(), and makedev().
    GNU C libray plans to remove the functions from sys/types.h.

  - bpo-31311: Fix a crash in the ``__setstate__()`` method of
    `ctypes._CData`, in case of a bad ``__dict__``. Patch by Oren Milman.

  - bpo-31243: Fix a crash in some methods of `io.TextIOWrapper`, when the
    decoder's state is invalid. Patch by Oren Milman.

  - bpo-31095: Fix potential crash during GC caused by ``tp_dealloc`` which
    doesn't call ``PyObject_GC_UnTrack()``.

  - bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape. Patch
    by Jay Bosamiya.

  - bpo-27945: Fixed various segfaults with dict when input collections are
    mutated during searching, inserting or comparing.  Based on patches by
    Duane Griffin and Tim Mitchell.

  - bpo-25794: Fixed type.__setattr__() and type.__delattr__() for non-
    interned or unicode attribute names.  Based on patch by Eryk Sun.

  - bpo-29935: Fixed error messages in the index() method of tuple and list
    when pass indices of wrong type.

  - bpo-28598: Support __rmod__ for subclasses of str being called before
    str.__mod__. Patch by Martijn Pieters.

  - bpo-29602: Fix incorrect handling of signed zeros in complex constructor
    for complex subclasses and for inputs having a __complex__ method. Patch
    by Serhiy Storchaka.

  - bpo-29347: Fixed possibly dereferencing undefined pointers when creating
    weakref objects.

  - bpo-14376: Allow sys.exit to accept longs as well as ints. Patch by Gareth
    Rees.

  - bpo-29028: Fixed possible use-after-free bugs in the subscription of the
    buffer object with custom index object.

  - bpo-29145: Fix overflow checks in string, bytearray and unicode. Patch by
    jan matejek and Xiang Zhang.

  - bpo-28932: Do not include <sys/random.h> if it does not exist.

  Library
  -------

  - bpo-33096: Allow ttk.Treeview.insert to insert iid that has a false
    boolean value. Note iid=0 and iid=False would be same. Patch by Garvit
    Khatri.

  - bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.

  - bpo-30622: The ssl module now detects missing NPN support in LibreSSL.

  - bpo-21060: Rewrite confusing message from setup.py upload from "No dist
    file created in earlier command" to the more helpful "Must create and
    upload files in one command".

  - bpo-30157: Fixed guessing quote and delimiter in csv.Sniffer.sniff() when
    only the last field is quoted.  Patch by Jake Davis.

  - bpo-32647: The ctypes module used to depend on indirect linking for
    dlopen. The shared extension is now explicitly linked against libdl on
    platforms with dl.

  - bpo-32304: distutils' upload command no longer corrupts tar files ending
    with a CR byte, and no longer tries to convert CR to CRLF in any of the
    upload text fields.

  - bpo-31848: Fix the error handling in Aifc_read.initfp() when the SSND
    chunk is not found. Patch by Zackery Spytz.

  - bpo-32521: The nis module is now compatible with new libnsl and headers
    location.

  - bpo-32539: Fix ``OSError`` for ``os.listdir`` with deep paths (starting
    with ``\\?\``) on windows.  Patch by Anthony Sottile.

  - bpo-32521: glibc has removed Sun RPC. Use replacement libtirpc headers and
    library in nis module.

  - bpo-18035: ``telnetlib``: ``select.error`` doesn't have an ``errno``
    attribute. Patch by Segev Finer.

  - bpo-32185: The SSL module no longer sends IP addresses in SNI TLS
    extension on platforms with OpenSSL 1.0.2+ or inet_pton.

  - bpo-32186: Creating io.FileIO() and builtin file() objects now release the
    GIL when checking the file descriptor. io.FileIO.readall(),
    io.FileIO.read(), and file.read() now release the GIL when getting the
    file size.  Fixed hang of all threads with inaccessible NFS server.  Patch
    by Nir Soffer.

  - bpo-32110: ``codecs.StreamReader.read(n)`` now returns not more than *n*
    characters/bytes for non-negative *n*. This makes it compatible with
    ``read()`` methods of other file-like objects.

  - bpo-21149: Silence a `'NoneType' object is not callable` in
    `_removeHandlerRef` error that could happen when a logging Handler is
    destroyed as part of cyclic garbage collection during process shutdown.

  - bpo-31764: Prevent a crash in ``sqlite3.Cursor.close()`` in case the
    ``Cursor`` object is uninitialized. Patch by Oren Milman.

  - bpo-31955: Fix CCompiler.set_executable() of distutils to handle properly
    Unicode strings.

  - bpo-9678: Fixed determining the MAC address in the uuid module:

    * Using ifconfig on NetBSD and OpenBSD.
    * Using arp on Linux, FreeBSD, NetBSD and OpenBSD.

    Based on patch by Takayuki Shimizukawa.

  - bpo-30057: Fix potential missed signal in signal.signal().

  - bpo-31927: Fixed reading arbitrary data when parse a AF_BLUETOOTH address
    on NetBSD and DragonFly BSD.

  - bpo-27666: Fixed stack corruption in curses.box() and curses.ungetmouse()
    when the size of types chtype or mmask_t is less than the size of C long.
    curses.box() now accepts characters as arguments.  Based on patch by Steve
    Fink.

  - bpo-25720: Fix the method for checking pad state of curses WINDOW. Patch
    by Masayuki Yamamoto.

  - bpo-31893: Fixed the layout of the kqueue_event structure on OpenBSD and
    NetBSD. Fixed the comparison of the kqueue_event objects.

  - bpo-31891: Fixed building the curses module on NetBSD.

  - bpo-30058: Fixed buffer overflow in select.kqueue.control().

  - bpo-31770: Prevent a crash when calling the ``__init__()`` method of a
    ``sqlite3.Cursor`` object more than once. Patch by Oren Milman.

  - bpo-31728: Prevent crashes in `_elementtree` due to unsafe cleanup of
    `Element.text` and `Element.tail`. Patch by Oren Milman.

  - bpo-31752: Fix possible crash in timedelta constructor called with custom
    integers.

  - bpo-31681: Fix pkgutil.get_data to avoid leaking open files.

  - bpo-31675: Fixed memory leaks in Tkinter's methods splitlist() and split()
    when pass a string larger than 2 GiB.

  - bpo-30806: Fix the string representation of a netrc object.

  - bpo-30347: Stop crashes when concurrently iterate over itertools.groupby()
    iterators.

  - bpo-25732: `functools.total_ordering()` now implements the `__ne__`
    method.

  - bpo-31351: python -m ensurepip now exits with non-zero exit code if pip
    bootstrapping has failed.

  - bpo-31544: The C accelerator module of ElementTree ignored exceptions
    raised when looking up TreeBuilder target methods in XMLParser().

  - bpo-31455: The C accelerator module of ElementTree ignored exceptions
    raised when looking up TreeBuilder target methods in XMLParser().

  - bpo-25404: SSLContext.load_dh_params() now supports non-ASCII path.

  - bpo-28958: ssl.SSLContext() now uses OpenSSL error information when a
    context cannot be instantiated.

  - bpo-27448: Work around a `gc.disable()` race condition in the `subprocess`
    module that could leave garbage collection disabled when multiple threads
    are spawning subprocesses at once.  Users are *strongly encouraged* to use
    the `subprocess32` module from PyPI on Python 2.7 instead, it is much more
    reliable.

  - bpo-31170: expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of
    partial characters for UTF-8 input (libexpat bug 115):
    https://github.com/libexpat/libexpat/issues/115

  - bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3.

  - bpo-31334: Fix ``poll.poll([timeout])`` in the ``select`` module for
    arbitrary negative timeouts on all OSes where it can only be a non-
    negative integer or -1. Patch by Riccardo Coccioli.

  - bpo-10746: Fix ctypes producing wrong PEP 3118 type codes for integer
    types.

  - bpo-30102: The ssl and hashlib modules now call
    OPENSSL_add_all_algorithms_noconf() on OpenSSL < 1.1.0. The function
    detects CPU features and enables optimizations on some CPU architectures
    such as POWER8. Patch is based on research from Gustavo Serra Scalet.

  - bpo-30502: Fix handling of long oids in ssl.  Based on patch by Christian
    Heimes.

  - bpo-25684: Change ``ttk.OptionMenu`` radiobuttons to be unique across
    instances of ``OptionMenu``.

  - bpo-29169: Update zlib to 1.2.11.

  - bpo-30746: Prohibited the '=' character in environment variable names in
    ``os.putenv()`` and ``os.spawn*()``.

  - bpo-28994: The traceback no longer displayed for SystemExit raised in a
    callback registered by atexit.

  - bpo-30418: On Windows, subprocess.Popen.communicate() now also ignore
    EINVAL on stdin.write() if the child process is still running but closed
    the pipe.

  - bpo-30378: Fix the problem that logging.handlers.SysLogHandler cannot
    handle IPv6 addresses.

  - bpo-29960: Preserve generator state when _random.Random.setstate() raises
    an exception. Patch by Bryan Olson.

  - bpo-30310: tkFont now supports unicode options (e.g. font family).

  - bpo-30414: multiprocessing.Queue._feed background running thread do not
    break from main loop on exception.

  - bpo-30003: Fix handling escape characters in HZ codec.  Based on patch by
    Ma Lin.

  - bpo-30375: Warnings emitted when compile a regular expression now always
    point to the line in the user code.  Previously they could point into
    inners of the re module if emitted from inside of groups or conditionals.

  - bpo-30363: Running Python with the -3 option now warns about regular
    expression syntax that is invalid or has different semantic in Python 3 or
    will change the behavior in future Python versions.

  - bpo-30365: Running Python with the -3 option now emits deprecation
    warnings for getchildren() and getiterator() methods of the Element class
    in the xml.etree.cElementTree module and when pass the html argument to
    xml.etree.ElementTree.XMLParser().

  - bpo-30365: Fixed a deprecation warning about the doctype() method of the
    xml.etree.ElementTree.XMLParser class.  Now it is emitted only when define
    the doctype() method in the subclass of XMLParser.

  - bpo-30329: imaplib now catchs the Windows socket WSAEINVAL error (code
    10022) on shutdown(SHUT_RDWR): An invalid operation was attempted. This
    error occurs sometimes on SSL connections.

  - bpo-30342: Fix sysconfig.is_python_build() if Python is built with Visual
    Studio 2008 (VS 9.0).

  - bpo-29990: Fix range checking in GB18030 decoder.  Original patch by Ma
    Lin.

  - bpo-30243: Removed the __init__ methods of _json's scanner and encoder.
    Misusing them could cause memory leaks or crashes.  Now scanner and
    encoder objects are completely initialized in the __new__ methods.

  - bpo-26293: Change resulted because of zipfile breakage. (See also:
    bpo-29094)

  - bpo-30070: Fixed leaks and crashes in errors handling in the parser
    module.

  - bpo-30061: Fixed crashes in IOBase methods next() and readlines() when
    readline() or next() respectively return non-sizeable object. Fixed
    possible other errors caused by not checking results of PyObject_Size(),
    PySequence_Size(), or PyMapping_Size().

  - bpo-30011: Fixed race condition in HTMLParser.unescape().

  - bpo-30068: _io._IOBase.readlines will check if it's closed first when hint
    is present.

  - bpo-27863: Fixed multiple crashes in ElementTree caused by race conditions
    and wrong types.

  - bpo-29942: Fix a crash in itertools.chain.from_iterable when encountering
    long runs of empty iterables.

  - bpo-29861: Release references to tasks, their arguments and their results
    as soon as they are finished in multiprocessing.Pool.

  - bpo-27880: Fixed integer overflow in cPickle when pickle large strings or
    too many objects.

  - bpo-29110: Fix file object leak in aifc.open() when file is given as a
    filesystem path and is not in valid AIFF format. Original patch by Anthony
    Zhang.

  - bpo-29354: Fixed inspect.getargs() for parameters which are cell
    variables.

  - bpo-29335: Fix subprocess.Popen.wait() when the child process has exited
    to a stopped instead of terminated state (ex: when under ptrace).

  - bpo-29219: Fixed infinite recursion in the repr of uninitialized
    ctypes.CDLL instances.

  - bpo-29082: Fixed loading libraries in ctypes by unicode names on Windows.
    Original patch by Chi Hsuan Yen.

  - bpo-29188: Support glibc 2.24 on Linux: don't use getentropy() function
    but read from /dev/urandom to get random bytes, for example in
    os.urandom(). On Linux, getentropy() is implemented which getrandom() is
    blocking mode, whereas os.urandom() should not block.

  - bpo-29142: In urllib, suffixes in no_proxy environment variable with
    leading dots could match related hostnames again (e.g. .b.c matches
    a.b.c). Patch by Milan Oberkirch.

  - bpo-13051: Fixed recursion errors in large or resized
    curses.textpad.Textbox.  Based on patch by Tycho Andersen.

  - bpo-9770: curses.ascii predicates now work correctly with negative
    integers.

  - bpo-28427: old keys should not remove new values from WeakValueDictionary
    when collecting from another thread.

  - bpo-28998: More APIs now support longs as well as ints.

  - bpo-28923: Remove editor artifacts from Tix.py, including encoding not
    recognized by codecs.lookup.

  - bpo-29019: Fix dict.fromkeys(x) overallocates when x is sparce dict.
    Original patch by Rasmus Villemoes.

  - bpo-19542: Fix bugs in WeakValueDictionary.setdefault() and
    WeakValueDictionary.pop() when a GC collection happens in another thread.

  - bpo-28925: cPickle now correctly propagates errors when unpickle instances
    of old-style classes.

  Documentation
  -------------

  - bpo-27212: Modify documentation for the :func:`islice` recipe to consume
    initial values up to the start index.

  - bpo-32800: Update link to w3c doc for xml default namespaces.

  - bpo-17799: Explain real behaviour of sys.settrace and sys.setprofile and
    their C-API counterparts regarding which type of events are received in
    each function. Patch by Pablo Galindo Salgado.

  - bpo-8243: Add a note about curses.addch and curses.addstr exception
    behavior when writing outside a window, or pad.

  - bpo-21649: Add RFC 7525 and Mozilla server side TLS links to SSL
    documentation.

  - bpo-30176: Add missing attribute related constants in curses
    documentation.

  - bpo-28929: Link the documentation to its source file on GitHub.

  - bpo-26355: Add canonical header link on each page to corresponding major
    version of the documentation. Patch by Matthias Bussonnier.

  - bpo-12067: Rewrite Comparisons section in the Expressions chapter of the
    language reference. Some of the details of comparing mixed types were
    incorrect or ambiguous. Added default behaviour and consistency
    suggestions for user- defined classes. Based on patch from Andy Maier.

  Tests
  -----

  - bpo-31719: Fix test_regrtest.test_crashed() on s390x. Add a new
    _testcapi._read_null() function to crash Python in a reliable way on
    s390x. On s390x, ctypes.string_at(0) returns an empty string rather than
    crashing.

  - bpo-31518: Debian Unstable has disabled TLS 1.0 and 1.1 for
    SSLv23_METHOD(). Change TLS/SSL protocol of some tests to PROTOCOL_TLS or
    PROTOCOL_TLSv1_2 to make them pass on Debian.

  - bpo-25674: Remove sha256.tbs-internet.com ssl test

  - bpo-11790: Fix sporadic failures in
    test_multiprocessing.WithProcessesTestCondition.

  - bpo-30236: Backported test.regrtest options -m/--match and -G/--failfast
    from Python 3.

  - bpo-30223: To unify running tests in Python 2.7 and Python 3, the test
    package can be run as a script.  This is equivalent to running the
    test.regrtest module as a script.

  - bpo-30207: To simplify backports from Python 3, the test.test_support
    module was converted into a package and renamed to test.support.  The
    test.script_helper module was moved into the test.support package. Names
    test.test_support and test.script_helper are left as aliases to
    test.support and test.support.script_helper.

  - bpo-30197: Enhanced function swap_attr() in the test.test_support module.
    It now works when delete replaced attribute inside the with statement.
    The old value of the attribute (or None if it doesn't exist) now will be
    assigned to the target of the "as" clause, if there is one. Also
    backported function swap_item().

  - bpo-28087: Skip test_asyncore and test_eintr poll failures on macOS. Skip
    some tests of select.poll when running on macOS due to unresolved issues
    with the underlying system poll function on some macOS versions.

  - bpo-15083: Convert ElementTree doctests to unittests.

  Build
  -----

  - bpo-33163: Upgrade pip to 9.0.3 and setuptools to v39.0.1.

  - bpo-32616: Disable computed gotos by default for clang < 5.0. It caused
    significant performance regression.

  - bpo-32635: Fix segfault of the crypt module when libxcrypt is provided
    instead of libcrypt at the system.

  - bpo-31934: Abort the build when building out of a not clean source tree.

  - bpo-31474: Fix -Wint-in-bool-context warnings in PyMem_MALLOC and
    PyMem_REALLOC macros

  - bpo-29243: Prevent unnecessary rebuilding of Python during ``make test``,
    ``make install`` and some other make targets when configured with
    ``--enable- optimizations``.

  - bpo-23404: Don't regenerate generated files based on file modification
    time anymore: the action is now explicit. Replace ``make touch`` with
    ``make regen-all``.

  - bpo-27593: sys.version and the platform module python_build(),
    python_branch(), and python_revision() functions now use git information
    rather than hg when building from a repo.

  - bpo-29643: Fix ``--enable-optimization`` configure option didn't work.

  - bpo-29572: Update Windows build and OS X installers to use OpenSSL 1.0.2k.

  - bpo-28768: Fix implicit declaration of function _setmode. Patch by
    Masayuki Yamamoto

  Windows
  -------

  - bpo-33184: Update Windows build to use OpenSSL 1.0.2o.

  - bpo-32903: Fix a memory leak in os.chdir() on Windows if the current
    directory is set to a UNC path.

  - bpo-30855: Bump Tcl/Tk to 8.5.19.

  - bpo-30450: Pull build dependencies from GitHub rather than svn.python.org.

  macOS
  -----

  - bpo-32726: Provide an additional, more modern macOS installer variant that
    supports macOS 10.9+ systems in 64-bit mode only. Upgrade the supplied
    third-party libraries to OpenSSL 1.0.2n and SQLite 3.22.0. The 10.9+
    installer now supplies its own private copy of Tcl/Tk 8.6.8.

  - bpo-24414: Default macOS deployment target is now set by ``configure`` to
    the build system's OS version (as is done by Python 3), not ``10.4``;
    override with, for example, ``./configure MACOSX_DEPLOYMENT_TARGET=10.4``.

  - bpo-17128: All 2.7 macOS installer variants now supply their own version
    of ``OpenSSL 1.0.2``; the Apple-supplied SSL libraries and root
    certificates are not longer used.  The ``Installer Certificate`` command
    in ``/Applications/Python 2.7`` may be used to download and install a
    default set of root certificates from the third-party ``certifi`` package.

  - bpo-11485: python.org macOS Pythons no longer supply a default SDK value
    (e.g. ``-isysroot /``) or specific compiler version default (e.g.
    ``gcc-4.2``) when building extension modules.  Use ``CC``, ``SDKROOT``,
    and ``DEVELOPER_DIR`` environment variables to override compilers or to
    use an SDK.  See Apple's ``xcrun`` man page for more info.

  - bpo-33184: Update macOS installer build to use OpenSSL 1.0.2o.

  Tools/Demos
  -----------

  - bpo-31920: Fixed handling directories as arguments in the ``pygettext``
    script. Based on patch by Oleg Krasnikov.

  - bpo-30109: Fixed Tools/scripts/reindent.py for non-ASCII files. It now
    processes files as binary streams. This also fixes "make reindent".

  - bpo-24960: 2to3 and lib2to3 can now read pickled grammar files using
    pkgutil.get_data() rather than probing the filesystem. This lets 2to3 and
    lib2to3 work when run from a zipfile.

  C API
  -----

  - bpo-20891: Fix PyGILState_Ensure(). When PyGILState_Ensure() is called in
    a non-Python thread before PyEval_InitThreads(), only call
    PyEval_InitThreads() after calling PyThreadState_New() to fix a crash.

  - bpo-31626: When Python is built in debug mode, the memory debug hooks now
    fail with a fatal error if realloc() fails to shrink a memory block,
    because the debug hook just erased freed bytes without keeping a copy of
    them.

(bsiegert)

doc: Updated lang/npm to 6.1.0

(fhajny)

Update lang/npm to 6.1.0.

- NEW FEATURE: npm audit fix
- OTHER NEW audit FEATURES
  - Add support for npm audit --json to print the report in JSON
    format.
  - Include number of audited packages in npm install summary output.
  - Overhaul audit install and detail output format.
- NEW FEATURE: GIT DEPS AND npm init <pkg>!
- FIX WRITE AFTER END ERROR
- DETECT CHANGES IN GIT SPECIFIERS
- OTHER BUGFIXES
  - When requesting the update of a direct dependency that was also a
    transitive dependency to a version incompatible with the
    transitive requirement and you had a lock-file but did not have a
    node_modules folder then npm would fail to provide a new copy of the
    transitive dependency, resulting in an invalid lock-file that could
    not self heal.
  - Cleanup output of npm ci summary report.
  - Node.js now has a test that scans for things that look like
    conflict markers in source code. This was triggering false
    positives on a fixture in a test of npm's ability to heal lockfiles
    with conflicts in them.
  - Make the new npm view work when the license field is an object
    instead of a string.
  - Add support for environments (like Docker) where the expected
    binary for opening external URLs is not available.
  - Fix a spurious colon in the new update notifier message and add
    support for the npm canary.
  - Infer a version range when a package.json has a dist-tag instead
    of a version range in one of its dependency specs. Previously,
    this would cause dependencies to be flagged as invalid.
  - Make sure scoped bundled deps are shown in the new publish
    preview, too.
  - Stop dropping size from metadata on npm cache verify.
  - Fix nested command aliases.
  - Make sure different versions of the Path env var on Windows all
    get node_modules/.bin prepended when running lifecycle scripts.

(fhajny)

Build fix from upstream: https://dev.entrouvert.org/issues/18771
    replace use of <xmlsec/soap.h> which is deprecated

(manu)

Updated devel/py-more-itertools, security/py-asn1

(adam)

py-asn1: updated to 0.4.3

0.4.3:
Copyright notice extended to the year 2018
Fixed GeneralizedTime.asDateTime to perform milliseconds conversion correctly

(adam)

py-more-itertools: updated to 4.2.0

4.2.0:
* New itertools:
    * :func:map_reduce
    * :func:prepend

* Improvements to existing itertools:
    * :func:bucket now complies with PEP 479

* Other changes:
  * Python 3.7 is now supported
  * Python 3.3 is no longer supported
  * The test suite no longer requires third-party modules to run
  * The API docs now include links to source code

(adam)

py-atomicwrites: fix CATEGORIES; updated HOMEPAGE; use TEST_DEPENDS

(adam)

Updated textproc/py-JWT, www/py-asgiref

(adam)

py-asgiref: updated to 2.3.2

2.3.2:
* Packaging fix to allow old async_timeout dependencies (2.0 as well as 3.0)

2.3.1:
* WSGI-to-ASGI adapter now works with empty bodies in responses
* Update async-timeout dependency

(adam)

py-JWT: updated to 1.6.4

v1.6.4:
Reverse an unintentional breaking API change to .decode()

(adam)

doc: Updated lang/nodejs to 10.2.0

(fhajny)

lang/nodejs: Update to 10.2.0.

- addons:
  - Fixed a memory leak for users of `AsyncResource` and N-API.
- assert:
  - The `error` parameter of `assert.throws()` can be an object
    containing regular expressions now.
- crypto:
  - The `authTagLength` option has been made more flexible.
- esm:
  - Builtin modules (e.g. `fs`) now provide named exports in ES6
    modules.
- http:
  - Handling of `close` and `aborted` events has been made more
    consistent.
- module:
  - add --preserve-symlinks-main
- timers:
  - `timeout.refresh()` has been added to the public API.
- Embedder support:
  - Functions for creating V8 `Isolate` and `Context` objects with
    Node.js-specific behaviour have been added to the API.
  - Node.js `Environment`s clean up resources before exiting now.
  - Support for multi-threaded embedding has been improved.

(fhajny)

mk/compiler/gcc.mk: move _GCC_LDFLAGS setting for relro.

At the previous location it was overridden if a gcc from pkgsrc was used.

Problem found by bacon@

(wiz)

sort

(jnemeth)

doc: Updated textproc/hunspell to 1.3.3nb6

(wiz)

hunspell: for wide character support, use ncursesw.

The configure script checks for the library name and accepts only ncursesw.

Bump PKGREVISION.

(wiz)

Updated www/py-raven

(adam)

py-raven: updated to 6.8.0

6.8.0:
[Core] Fixed DSNs without secrets not sending events.
[Core] Added lazy import for pkg_resources
[Core] Added NamedTuple Serializer
[Sanic] Fixed sanic integration dependencies
[Django] Fixed sql hook bug

(adam)

gst-plugins1-pulse: reset revision after gstreamer1 update

(adam)

Updated multimedia/gstreamer1

(adam)

gst-plugins1-libav: updated to 1.14.1

Follow gstreamer1 update.

(adam)

py-gstreamer1: updated to 1.14.1

Follow gstreamer1 update.

(adam)

gstreamer1: updated to 1.14.1

1.14.1
Noteworthy bugfixes in 1.14.1
-  GstPad: Fix race condition causing the same probe to be called
    multiple times
-  Fix occasional deadlocks on windows when outputting debug logging
-  Fix debug levels being applied in the wrong order
-  GIR annotation fixes for bindings
-  audiomixer, audioaggregator: fix some negotiation issues
-  gst-play-1.0: fix leaving stdin in non-blocking mode after exit
-  flvmux: wait for caps on all input pads before writing header even
    if source is live
-  flvmux: don't wake up the muxer unless there is data, fixes busy
    looping if there's no input data
-  flvmux: fix major leak of input buffers
-  rtspsrc, rtsp-server: revert to RTSP RFC handling of
    sendonly/recvonly attributes
-  rtpvrawpay: fix payloading with very large mtu sizes where
    everything fits into a single RTP packet
-  v4l2: Fix hard-coded enabled v4l2 probe on Linux/ARM
-  v4l2: Disable DMABuf for emulated formats when using libv4l2
-  v4l2: Always set colorimetry in S_FMT
-  asfdemux: Set stream-format field for H264 streams and handle H.264
    in bytestream format
-  x265enc: Fix tagging of keyframes on output buffers
-  ladspa: Fix critical during plugin load on Windows
-  decklink: Fix COM initialisation on Windows
-  h264parse: fix re-use across pipeline stop/restart
-  mpegtsmux: fix force-keyframe event handling and PCR/PMT changes
    that would confuse some players with generated HLS streams
-  adaptivedemux: Support period change in live playlist
-  rfbsrc: Fix support for applevncserver and support NULL pool in
    decide_allocation
-  jpegparse: Fix APP1 marker segment parsing
-  h265parse: Make caps writable before modifying them, fixes criticals
-  fakevideosink: request an extra buffer if enable-last-sample is
    enabled
-  wasapisrc: Don't provide a clock based on WASAPI's clock
-  wasapi: Only use audioclient3 when low-latency, as it might
    otherwise glitch with slow CPUs or VMs
-  wasapi: Don't derive device period from latency time, should make it
    more robust against glitches
-  audiolatency: Fix wave detection in buffers and avoid bogus pts
    values while starting
-  msdk: fix plugin load on implementations with only HW support
-  msdk: dec: set framerate to the driver only if provided, not in 0/1
    case
-  msdk: Don't set extended coding options for JPEG encode
-  rtponviftimestamp: fix state change function init/reset causing
    races/crashes on shutdown
-  decklink: fix initialization failure in windows binary
-  ladspa: Fix critical warnings during plugin load on Windows and fix
    dependencies in meson build
-  gl: fix cross-compilation error with viv-fb
-  qmlglsink: make work with eglfs_kms
-  rtspclientsink: Don't deadlock in preroll on early close
-  rtspclientsink: Fix client ports for the RTCP backchannel
-  rtsp-server: Fix session timeout when streaming data to client over
    TCP
-  vaapiencode: h264: find best profile in those available, fixing
    negotiation errors
-  vaapi: remove custom GstGL context handling, use GstGL instead.
    Fixes GL Context sharing with WebkitGtk on wayland
-  gst-editing-services: various fixes
-  gst-python: bump pygobject req to 3.8; fix
    GstPad.set_query_function(); dist autogen.sh and configure.ac in
    tarball
-  g-i: pick up GstVideo-1.0.gir from local build directory in GstGL
    build
-  g-i: update constant values for bindings
-  avoid duplicate symbols in plugins across modules in static builds
-  ... and many, many more!

(adam)

bitlbee: Delete (duplicate) OWN_DIRS for ${VARBASE}/run/bitlbee (NFCI)

${VARBASE}/run/bitlbee is already handled via OWN_DIRS_PERMS so the OWN_DIRS is
not strictly needed.

Pointed out by pkgtasks (and _USE_NEW_PKGINSTALL=yes).

(leot)

bitlbee: Always create the ${pidfile} directory and improve rc.d script

- At least on NetBSD every files on /var/run are removed at every
  boot by mountcritlocal rc.d script. Add a bitlbee_precmd() function
  to always check that a directory for the ${pidfile} exists and
  create it if needed.
- Check if /etc/rc.subr exists before source-ing it.
- Introduce BITLBEE_USER and BITLBEE_GROUP variables and reuse them to avoid
  hardcoding `bitlbee' and `nobody' (NFCI)

Discussed with and suggestions from <tonio>, thanks!

(leot)

Updated audio/libdca

(adam)

libdca: updated to 0.0.6

libdca-0.0.6:
New release with mostly build system bugfixes.

(adam)

doc: Updated devel/py-flakes to 1.6.0nb1

(minskim)

devel/py-flakes: Add ALTERNATIVES

(minskim)

libexecinfo: fix invalid homepage.

(triaxx)

Describe some of the security mitigation flags and their impact

(maya)

py-test-httpbin: updated HOMEPAGE; removed unused DEPENDS

(adam)

fetchmail: fix name of one license

(wiz)

grub2: remove violent hack necessary to build grub 2.00.

Grub 2.02 no longer uses nested functions and doesn't need a RWX stack, so
no paxctl +m is necessary (on some platforms). Hurray!

(maya)

doc: Updated net/powerdns-recursor to 4.1.3

(fhajny)

net/powerdns-recursor: Update to 4.1.3.

Improvements
- Add a subtree option to the API cache flush endpoint.
- Use a separate, non-blocking pipe to distribute queries.
- Move carbon/webserver/control/stats handling to a separate thread.
- Add _raw versions for QName / ComboAddresses to the FFI API.
- Update copyright years to 2018
- Fix a warning on botan >= 2.5.0.

Bug Fixes
- Count a lookup into an internal auth zone as a cache miss.
- Don窶冲 increase the DNSSEC validations counters when running with
  process-no-validate.
- Respect the AXFR timeout while connecting to the RPZ server.
- Increase MTasker stacksize to avoid crash in exception unwinding
- Use the SyncRes time in our unit tests when checking cache validity
- Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT.
- Delay the loading of RPZ zones until the parsing is done, fixing a
  race condition.
- Reorder includes to avoid boost L conflict.

(fhajny)

mk: Fix GCC PKGPATH matches.

(jperkin)

py-requests: use TEST_DEPENDS; added "python" to CATEGORIES

(adam)

Updated textproc/py-JWT, security/py-OpenSSL

(adam)

py-OpenSSL: updated to 18.0.0

18.0.0:
Backward-incompatible changes:
- The minimum cryptography version is now 2.2.1.
- Support for Python 2.6 has been dropped.

Changes:
- Added Connection.get_certificate to retrieve the local certificate.
- OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default.
- Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.

(adam)

py-JWT: updated to 1.6.3

v1.6.3
Changed
- All exceptions inherit from PyJWTError

Added
- Add type hints

Docs
- Added section to usage docs for jwt.get_unverified_header()
- Update legacy instructions for using pycrypto

(adam)

Updated www/py-cheroot, www/py-cherrypy

(adam)

py-cherrypy: updated to 15.0.0

v15.0.0
* :issue:1708: Removed components from webtest that were
  removed in the refactoring of cheroot.test.webtest for
  cheroot 6.1.0.

(adam)

py-cheroot: updated to 6.3.1

v6.3.1
- :cp-issue:1618: Ignore OpenSSL's 1.0+ Error 0 under Python 2 while
  wrapping a socket.

v6.3.0
- :pr:87: Add cheroot command and runpy launcher to
  launch a WSGI app from the command-line.

(adam)

Added devel/py-test-testmon, devel/py-dash

(adam)

py-dash: added version 4.5.0

The kitchen sink of Python utility libraries for doing "stuff" in a functional
way. Based on the Lo-Dash Javascript library.

(adam)

py-test-testmon: added version 0.9.11

This is a py.test plug-in which automatically selects and re-executes only
tests affected by recent changes.

(adam)

mk: Add USE_PKGSRC_GCC_RUNTIME gcc7-libs support.

(jperkin)

Added SUPERSEDES to devel/ocaml-ppxlib, revbump

This package replaces several other ocaml PPX-related packages; this is
now formally stated with a SUPERSEDES variable.

(jaapb)

gcc7: Fix LINK_LIBGCC_SPEC patch.

(jperkin)

doc: Updated sysutils/grub2 to 2.02

(triaxx)