Update pkglint to 5.5.9

Changes since 5.5.8:
* Improved support for the "strip" tool, which has a special definition
  and is not directly connected to the STRIP variable.
* Miscellaneous code cleanup and new tests.

(rillig)

*: Recursive bump for poppler update to 0.64.0

(wiz)

doc: Updated print/poppler to 0.64.0

(wiz)

poppler*: update to 0.64.0

Release 0.64.0
        core:
        * Workaround form field text not being drawn on broken files. Bug #103245
        * Add read only setter for form fields
        * Add support for Link Hide action
        * Add support for Next actions in Links
        * Fix parsing of Annot focus out actions
        * Fix PDFDoc::checkHeader() for PDFs smaller than 1 KiB. Bug #105674
        * Add const to several classes and members
        * gfile: Fix build on some platforms
        * Fix issues with on malformed documents. Bug #105972, #105969, #106059, #106061
        * Several small code improvements

        qt5:
        * Allow setting of Form visibility status
        * Allow setting of Form read only status
        * Add support for Link Hide action
        * Add support for Next actions in Links
        * ArthurOutputDev: Implement axialShadedFill
        * ArthurOutputDev: Implement drawImageMask. Bug #105531
        * ArthurOutputDev: Implement Type3 font support

        utils:
        * pdfsig: Add -dump which writes signatures to disk. Bug #104881

        glib:
        * less deprecated calls

        build system:
        * bring back the option to disable GObject introspection
        * Add iconv include dir when compiling
        * Make it possible to build poppler without fontconfig. Default for Android

(wiz)

doc/TODO: add some

+ MesaLib-18.0.2, gimp-2.10, libjpeg-turbo-2.0, mysql-server-8.0,
  wine-devel-3.7.

(wiz)

xfce4-tumbler: PKGREVISION bump for ffmpegthumbnailer bump

(wiz)

doc: Updated multimedia/ffmpegthumbnailer to 2.2.0

(wiz)

ffmpegthumbnailer: update to 2.2.0.

FFmpegThumbnailer 2.2.0
- New option to prefer embedded image metadata over video content (command line argument: -m)
- Fixed 'Resource temporarily unavailable' errors when using ffmpeg < 3.0

FFmpegThumbnailer 2.1.2
- Restored deinterlace functionality using the libavfilter library (additional ffmpeg dependency)
- Additional video mime types added to the thumbnailer file
- Take rotation metadata into account when generating thumbnails

FFmpegThumbnailer 2.1.1
- Buildable agains latest ffmpeg (currently breaks deinterlacing)
- Fallback when smart frame detection fails (thanks to johnnydeez)
- Add MPEG-TS (MTS) support (thanks to marcinn)

FFmpegThumbnailer 2.1.0
- The library is now completely silent on std out and err by default
- A callback can be registered to listen to logging messages
- Fixed cmake installation directories (thanks to Vallimar)
- Fixed dimension calculation for anamorphic streams (Thanks to Richard Zurad)
- Fixed static library filename

FFmpegThumbnailer 2.0.10
- Migrated to github
- Use cmake instead of autotools
- Remove stderr logging

FFmpegThumbnailer 2.0.9
- Fixed gio library loading issue
- Support udp sources (thanks to tchristensen)
- No longer support older ffmpeg versions

(wiz)

doc: Updated www/webkit-gtk to 2.20.1

(wiz)

webkit-gtk: update to 2.20.1.

WebKitGTK+ 2.20.1 released!

    Improve error message when Gigacage cannot allocate virtual memory.
    Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.
    Improve web process memory monitor thresholds.
    Fix a web process crash when the web view is created and destroyed quickly.
    Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials.
    Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.
    Fix several crashes and rendering issues.
    Translation updates: Brazilian Portuguese, Czech.

WebKitGTK+ 2.20.0 released!

    New API to retrieve and delete cookies with WebKitCookieManager.
    New web process API to detect when form is submitted via JavaScript.
    Several improvements and fixes in the touch/gestures support.
    Support for the ���system��� CSS font family.
    Complex text rendering improvements and fixes.
    Added a low power mode.
    More complete and spec compliant WebDriver implementation.

(wiz)

net/py-grpcio-tools: Add missing patch file

This should have been included in the import.

(minskim)

doc: Updated sysutils/p5-File-Copy-Recursive to 0.44

(schmonz)

Update to 0.44. From the changelog:

- Issue #18: fix t/05.legacy-pathmk_unc.t for recent updates (thanks zdm)
- pull request #16 - strip down list of prerequisites to modules that are safe to use high on
  the CPAN river (thanks karenetheridge)

(schmonz)

doc: Updated emulators/PC6001VX to 2.33.0

(tsutsui)

PC6001VX: update to 2.33.0.

pkgsrc changes:
* png files for README.html are no longer installed (embedded into the htlm)

Upstream changelog:

2.33.0 2018/04/28

* Support FFMpeg4.0.
* Changed Video Capture bitrate to YouTube recommended value.
  (video:4Mbps,audio:128Kbps)
* Embedded images to README.html. So doc folder is no longer distributed
  with Windows binary.

(tsutsui)

doc: Added fonts/woff2 version 1.0.2

(wiz)

fonts/Makefile: + woff2

(wiz)

fonts/woff2: import woff2-1.0.2

This is a library for handling web fonts in the Web Open Font Format
(WOFF), version 2.0.

(wiz)

devel/gmake: Apply patch to support GLIBC glob interface v2

http://git.savannah.gnu.org/cgit/make.git/commit/?id=48c8a116

(minskim)

doc: Updated inputmethod/ibus and ibus-python to 1.5.18

(tsutsui)

ibus, ibus-python: update to 1.5.18.

pkgsrc changes:
- explicitly specify USE_TOOLS+=gmsgfmt to handle msgfmt --desktop
- pull an upstream change to fix a configure bug in 1.5.18
- use a new unicode character database

Upstream changes (from https://github.com/ibus/ibus/releases):

1.5.18

* tools: Do not change keymaps with 'use-system-keyboard-layout' c360818
* src: Fix GVariant leaks (Carlos Garnacho) 1cbe867
* src: Added some error handlings from a code review f5e0752
* src: Add libgobject.so to LDADD for Debian libtool (Danny) a28fa74
* src: Reintroduce the hex mode keybind with an environment variable
  (Aaron Muir Hamilton) 88b9a93
* ui/gtk3: Translate input method name in ibus (Peng Wu) 0ab0dd3
* Added DBus filtering against malware bfe57d2
* Implement Unicode choice on Emojier e17c998 4cfd5ad d1ebb3d fc54b0c afe60c1
* Implement ibus-extension-gtk3 for the global keybinding fb07f64 c57b7c3
* Disable panel extension for 'gdm' and 'liveuser' user 7ccbd21 ece320b
* ui/gtk3: Set title string in gnome-shell 56c67b1
* Add ISSUE_TEMPLATE ff611a4 9f2699c
* Updated translations 366963d 73b420f

(tsutsui)

doc: Added net/py-grpcio-tools version 1.11.0

(minskim)

net/Makefile: Add py-grpcio-tools

(minskim)

net/py-grpcio-tools: Import version 1.11.0

grpcio-tools is a package for gRPC Python tools.

(minskim)

doc: Added net/py-grpcio version 1.11.0

(minskim)

Add py-grpcio

(minskim)

net/py-grpcio: Import version 1.11.0

grpcio is a Python package for gRPC.

Packaged by Kethzer Docteur for pkgsrc-wip and updated by me.

(minskim)

doc: Added textproc/unicode-character-database version 10.0.0

(tsutsui)

textproc/Makefile: + unicode-character-database

(tsutsui)

textproc/unicode-character-database: import unicode-character-database-10.0.0

The Unicode Character Database (UCD) consists of a number of data files
listing Unicode character properties and related data. It also includes
data files containing test data for conformance to several important
Unicode algorithms. Full documentation for the UCD can be found in
Unicode Standard Annex #44, Unicode Character Database.
http://www.unicode.org/reports/tr44/

These data files are required by the latest ibus-1.5.18.

(tsutsui)

doc: Updated textproc/cldr-emoji-annotation to 33.0.0.1

(tsutsui)

cldr-emoji-annotation: update to 33.0.0.1.

pkgsrc changes:

- use gmake to handle upstream configure.ac changes

Upstream announcement:
http://cldr.unicode.org/index/downloads/cldr-33

Unicode CLDR 33 provides an update to the key building blocks for
software supporting the world's languages. This data is used by all
major software systems for their software internationalization and
localization, adapting software to the conventions of different
languages for such common software tasks.

This release had a limited submission phase. The focus was on
improvements to emoji keywords and to the Odia and Assamese locales,
addition of typographic names data, and improvements to the structure
for specifying keyboard layouts.

(tsutsui)

mk/tools/create.mk: revert filtering duplicate tool names

The "split" program is not managed by the tools framework. It just has a
wrapper that is placed into the same directory. This is confusing since
intuitively, "split" is a tool like many others.

The "duplicate script for target" warning from Make is therefore correct,
albeit obscure.

Currently, neither the pkgsrc infrastructure nor pkglint check for
allowed tool names.

(rillig)

Add biology/ncbi-blast+

(bacon)

Add ncbi-blast+

(bacon)

biology/ncbi-blast+: import ncbi-blast+-2.7.1

The Basic Local Alignment Search Tool (BLAST) finds regions of local similarity
between sequences. The program compares nucleotide or protein sequences to
sequence databases and calculates the statistical significance of matches.
BLAST can be used to infer functional and evolutionary relationships between
sequences as well as help identify members of gene families.

OK wiz@

(bacon)

mk/tools/create.mk: sort tools before creating the wrapper targets

The TOOLS_CREATE variable is only ever appended to, without checking for
duplicates. In some rare cases, this produces warnings about
doubly-defined make targets. An example is adding USE_TOOLS+=strip to
pkgtools/pkglint:

".../mk/tools/create.mk" line 149: warning:
    duplicate script for target ".../work/.tools/bin/strip" ignored

The above line number 149 is zero-based, which in reality means the
duplicate definition is in line 150.

(rillig)

Mention last batch of pullup tickets

(bsiegert)

Pullup ticket #5738 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.77
- www/wordpress/distinfo                                        1.62

---
  Module Name:    pkgsrc
  Committed By:  morr
  Date:          Mon Apr 16 10:22:10 UTC 2018

  Modified Files:
          pkgsrc/www/wordpress: Makefile distinfo

  Log Message:
  Update to version 4.9.5.

  This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.

  WordPress versions 4.9.4 and earlier are affected by three security issues.

  More changes at https://codex.wordpress.org/Version_4.9.5.

(bsiegert)

doc: Updated net/grpc to 1.11.0

(minskim)

net/grpc: Update to 1.11.0

Notable changes since 1.7.2:
- Requires protobuf>=3.5.0
- Exec_ctx has been made a thread_local, and is no longer to be passed
  as a function parameter.
- LB policies request re-resolution without shutting down
- On server, include receiving HTTP/2 settings in handshake timeout
- C++ headers are moved from include/grpc++ to include/grpcpp. Headers
  in include/grpc++ are deprecated
- Experimental gRPC-C++ Cocoapods podspec
- Several features of core have been removed from the surface or GPR
  API: grpc_alarm, gpr_join_host_port, gpr_cmdline, gpr_subprocess,
  gpr_tls, gpr_avl, and gpr_thd
- Add core underpinnings for TLS session ticket support
- Experimental support for configurable retries

(minskim)

doc: Updated x11/gtk3 to 3.22.30

(wiz)

gtk3+: update to 3.22.30.

Overview of Changes in GTK+ 3.22.30
===================================

* gtk-demo has a new 'Widgetbowl' demo

* The wayland backend now supports the stable xdg-shell protocol

* Bugs fixed:
  #28 Adwaita: Selection mode styling flickers
  #83 Completion popup on non-default GdkDisplay freezes GtkFileChooserDialog
  #88 GtkSpinButton: Buttons aren't de/sensitised as they were in GTK+ 3
#114 All Wayland apps crash when focused (gtk_gesture_multi_press_end→...
#129 Segfault in `wl_proxy_marshal()`
#132 GtkTextView auto-scrolling to insert mark upon focus changes due to...
#141 GtkEntry: add a way to set the font to monospace
#146 GtkExpander arrow is not dimmed when the Expander is not :sensitive
#156 Transfer annotation for gtk_gl_area_new is incorrect
#157 Crashes in gdkdisplay-wayland when clicking any button/menu item
#163 Unable to explicitly set GtkModelButton role
705509 notebook popup window on tabs shows underscores
745128 Search is useless for translated app names
748784 GtkProgressBar text cannot be superimposed on the progress bar
791939 Add xdg-shell (stable) support
792632 Emoji Chooser: section buttons have no tooltips
793062 Crash under gdk_wayland_window_attach_image()

(wiz)

doc: Updated misc/calibre to 3.22.1

(wiz)

calibre: update to 3.22.1.

- version: 3.22.1
  date: 2018-04-19

  new features:
    - title: "Edit book: Add a tool to upgrade books from EPUB 2 to EPUB 3 (Tools->Upgrade book internals)"
      description: "Automatically upgrades metadata, converts the NCX table of contents and adds required manifest annotations"
      type: major

    - title: "Add support for the FBZ format (zipped FB2)"

    - title: "Kindle driver: Change the height of generated thumbnails to 500px, needed for the Oasis 2017"

    - title: "Edit book: When bulk renaming files add an option to rename by the order in which the files appear in the book."

    - title: "Polishing: Recognize titlepages that are marked as covers in the EPUB 3 landmarks section"

    - title: "Edit Book: Automatically updated the modified timestamp in the OPF when saving EPUB 3 books."

    - title: "Remove the ISBNDB metadata plugin as ISBNDB no longer allows free lookups."

  bug fixes:
    - title: "EPUB 3 metadata: If the book defines more than one author sort value for an author use the first instead of the last"

    - title: "Check Book: Dont warn for nav document not in spine in EPUB 3 books"

    - title: "Linux installer: Fix umask question not working with the recommended install command because stdin is a pipe"

    - title: "Browser viewer: Show an error message when trying to use the Sync function without being logged in"

    - title: "When setting cover from a PDF file and the user clicks cancel, do not delete the existing cover"

(wiz)

doc: Updated lang/vala to 0.40.4

(wiz)

vala: update to 0.40.4.

Vala 0.40.4
===========
* Various improvements and bug fixes:
  - girparser: Add support for NoAccessorMethod metadata

* Bindings:
  - glib-2.0: Mark str parameter of Variant.take_string() as owned
  - gstreamer: Update from 1.15+ git master
  - gtk+-*.0: Set NoAccessorMethod on Gtk.Radio*.group properties
    (Regression in gtk+-3.0)
  - gtk+-4.0: Update to 3.93.0+fc6018f1
  - json-glib-1.0: Mark return-type of gvariant_deserialize*() as nullable
  - webkit2gtk-4.0: Update to 2.20.1

(wiz)

doc: Updated security/py-certifi to 2018.4.16

(wiz)

py-certifi: update to 2018.4.16.

No changelog found, assuming update to latest mozilla certs.

(wiz)

doc: Updated graphics/py-cairo to 1.17.0

(wiz)

py-cairo: update to 1.17.0.

1.17.0 - 2018-04-15
-------------------

* :class:`cairo.Surface` and :class:`cairo.Device` can now be used as context
  managers. :bug:`103`
* Fix a leak when a cairo error was raised.
* Fix a leak when a mapped surface was GCed instead of unmapped.
* Make it possible to use the C API with Python 3 outside of the compilation
  unit doing the import by defining ``PYCAIRO_NO_IMPORT``. :bug:`110`
* Implement PEP 561 (added a py.typed marker)

(wiz)

doc: Updated graphics/libwebp to 1.0.0

(wiz)

libwebp: update to 1.0.0.

- 4/2/2018: version 1.0.0
  This is a binary compatible release.
  * lossy encoder improvements to avoid chroma shifts in various circumstances
    (issues #308, #340)
  * big-endian fixes for decode, RGBA import and WebPPictureDistortion
  Tool updates:
    gifwebp, anim_diff - default duration behavior (<= 10ms) changed to match
                        web browsers, transcoding tools (issue #379)
    img2webp, webpmux - allow options to be passed in via a file (issue #355)

(wiz)

mk: Describe tiff option.

(wiz)

doc: Updated net/libsoup to 2.62.1

(wiz)

libsoup: update to 2.62.1.

Changes in libsoup from 2.62.0 to 2.62.1:

* Fix digest authentication with encoded URIs
  [#794208, Claudio Saavedra]
* Avoid unaligned memory accesses in WebSocket implementation
  [#794421, Rolf Eike Beer]
* Use base domain to decide if cookies are third-party
  [#792130, Michael Catanzaro]
* Fix crash under soup_socket_new()
  [#762138, Milan Crha]

(wiz)

doc: Updated devel/libgsf to 1.14.43

(wiz)

Update GLPI to v9.2.3

From the release announcement:

* Hide closed tasks on central,
* Quick search in saved searches panel,
* Fix image in FAQ for anonymous users,
* Possibility to add an analytics javascript,
* Various fixes on components,
* And many more!

The full changelog is available here for more details:
https://github.com/glpi-project/glpi/milestone/24?closed=1

(hauke)

libgsf: update to 1.14.43.

libgsf 1.14.43

Morten:
* Handle modtime for memory mapped files.

Corentin No�l and Rico Tzschichholz:
* Introspection fixes.

(wiz)

doc: Updated textproc/gsed to 4.5

(wiz)

gsed: update to 4.5.

* Noteworthy changes in release 4.5 (2018-03-31) [stable]

** Bug fixes

  sed now fails when matching very long input lines (>2GB).
  Before, sed would silently ignore the regex without indicating an
  error. [Bug present at least since sed-3.02]

  sed no longer rejects comments and closing braces after y/// commands.
  [Bug existed at least since sed-3.02]

  sed -E --posix no longer ignores special meaning of '+','?','|' .
  [Bug introduced in the original implementation of --posix option in
  v4.1a-5-gba68fb4]

  sed -i now creates selinux context based on the context of the symlink
  instead of the symlink target. [Bug present since at least sed-4.2]
  sed -i --follow-symlinks remains unchanged.

  sed now treats the sequence '\x5c' (ASCII 92, backslash) as literal
  backslash character, not as an escape prefix character.
  [Bug present since sed-3.02.80]
  Old behavior:
    $ echo z | sed -E 's/(z)/\x5c1/' # identical to 's/(z)/\1/'
    z
  New behavior:
    $ echo z | sed -E 's/(z)/\x5c1/'
    \1

(wiz)

doc: Updated sysutils/liblognorm to 2.0.5

(fhajny)

sysutils/liblognorm: Update to 2.0.5.

- bugfix: es_str2cstr leak in string-to v1 parser
- make "make check" "succeed" on solaris 10
- some mostly cosmetic fixes detected by Coverity Scan

(fhajny)

doc: Updated security/vault to 0.10.1

(fhajny)

security/vault: Update to 0.10.1.

DEPRECATIONS/CHANGES:

- `vault kv` and Vault versions: In 0.10.1 some issues with `vault kv` against
  v1 K/V engine mounts are fixed. However, using 0.10.1 for both the server
  and CLI versions is required.
- Mount information visibility: Users that have access to any path within a
  mount can now see information about that mount, such as its type and
  options, via some API calls.
- Identity and Local Mounts: Local mounts would allow creating Identity
  entities but these would not be able to be used successfully (even locally)
  in replicated scenarios. We have now disallowed entities and groups from
  being created for local mounts in the first place.

FEATURES:

- X-Forwarded-For support: `X-Forwarded-For` headers can now be used to set the
  client IP seen by Vault. See the TCP listener configuration
  page for details.
- CIDR IP Binding for Tokens: Tokens now support being bound to specific
  CIDR(s) for usage. Currently this is implemented in Token Roles; usage can be
  expanded to other authentication backends over time.
- `vault kv patch` command: A new `kv patch` helper command that allows
  modifying only some values in existing data at a K/V path, but uses
  check-and-set to ensure that this modification happens safely.
- AppRole Local Secret IDs: Roles can now be configured to generate secret IDs
  local to the cluster. This enables performance secondaries to generate and
  consume secret IDs without contacting the primary.
- AES-GCM Support for PKCS#11 [BETA] (Enterprise): For supporting HSMs,
  AES-GCM can now be used in lieu of AES-CBC/HMAC-SHA256. This has currently
  only been fully tested on AWS CloudHSM.
- Auto Unseal/Seal Wrap Key Rotation Support (Enterprise): Auto Unseal
  mechanisms, including PKCS#11 HSMs, now support rotation of encryption keys,
  and migration between key and encryption types, such as from AES-CBC to
  AES-GCM, can be performed at the same time (where supported).

IMPROVEMENTS:

- auth/approle: Support for cluster local secret IDs. This enables secondaries
  to generate secret IDs without contacting the primary
- auth/token: Add to the token lookup response, the policies inherited due to
  identity associations
- auth/token: Add CIDR binding to token roles
- cli: Add `vault kv patch`
- core: Add X-Forwarded-For support
- core: Add token CIDR-binding support
- identity: Add the ability to disable an entity. Disabling an entity does not
  revoke associated tokens, but while the entity is disabled they cannot be
  used.
- physical/consul: Allow tuning of session TTL and lock wait time
- replication: Dynamically adjust WAL cleanup over a period of time based on
  the rate of writes committed
- secret/ssh: Update dynamic key install script to use shell locking to avoid
  concurrent modifications
- ui: Access to `sys/mounts` is no longer needed to use the UI - the list of
  engines will show you the ones you implicitly have access to (because you have
  access to to secrets in those engines)

BUG FIXES:

- cli: Fix `vault kv` backwards compatibility with KV v1 engine mounts
- identity: Persist entity memberships in external identity groups across
  mounts
- identity: Fix error preventing authentication using local mounts on
  performance secondary replication clusters
- replication: Fix issue causing secondaries to not connect properly to a
  pre-0.10 primary until the primary was upgraded
- secret/gcp: Fix panic on rollback when a roleset wasn't created properly
- secret/gcp: Fix panic on renewal
- ui: Fix IE11 form submissions in a few parts of the application
- ui: Fix IE file saving on policy pages and init screens
- ui: Fixed an issue where the AWS secret backend would show the wrong menu
- ui: Fixed an issue where policies with commas would not render in the
  interface properly
- ui: Corrected the saving of mount tune ttls for auth methods
- ui: Credentials generation no longer checks capabilities before making
  api calls. This should fix needing "update" capabilites to read IAM
  credentials in the AWS secrets engine

(fhajny)

doc: Updated databases/py-peewee to 3.3.1

(fhajny)

databases/py-peewee: Update to 3.3.1.

- Fixed long-standing bug in 3.x regarding using column aliases with
  queries that utilize the ModelCursorWrapper (typically queries with
  one or more joins).
- Fix typo in model metadata code, thanks @klen.
- Add examples of using recursive CTEs to docs.

(fhajny)

Updated lang/perl5, databases/p5-gdbm

(adam)

perl5: updated to 5.26.2

5.26.2:

Security
[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written.
[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count.
Assertion failure in Perl__core_swash_init (utf8.c)
Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed.

Updated Modules and Pragmata
Module::CoreList has been upgraded from version 5.20170922_26 to 5.20180414_26.
PerlIO::via has been upgraded from version 0.16 to 0.17.
Term::ReadLine has been upgraded from version 1.16 to 1.17.
Unicode::UCD has been upgraded from version 0.68 to 0.69.

Selected Bug Fixes
The readpipe() built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime.
Fixed a use after free bug in pp_list introduced in Perl 5.27.1.
Parsing a sub definition could cause a use after free if the sub keyword was followed by whitespace including newlines (and comments).
The tokenizer now correctly adjusts a parse pointer when skipping whitespace in an ${identifier} construct.
Accesses to ${^LAST_FH} no longer assert after using any of a variety of I/O operations on a non-glob.
sort now performs correct reference counting when aliasing $a and $b, thus avoiding premature destruction and leakage of scalars if they are re-aliased during execution of the sort comparator.
Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled.
Fixed a duplicate symbol failure with -flto -mieee-fp builds. pp.c defined _LIB_VERSION which -lieee already defines.
A NULL pointer dereference in the S_regmatch() function has been fixed.
Failures while compiling code within other constructs, such as with string interpolation and the right part of s///e now cause compilation to abort earlier.

(adam)

Updated textproc/py-natsort, www/py-raven

(adam)

py-raven: updated to 6.7.0

6.7.0:
[Sanic] Added support for sanic.
[Core] Disabled dill logger by default
[Core] Added SENTRY_NAME, SENTRY_ENVIRONMENT and SENTRY_RELEASE environment variables
[Core] DSN secret is now optional
[Core] Added fix for cases with exceptions in repr
[core] Fixed bug with mutating record.data

(adam)

py-natsort: updated to 5.3.0

5.3.0:
Fix bug in assessing fastnumbers version at import-time.
Add ability to consider unicode-decimal numbers as numbers.

(adam)

Updated databases/py-sqlalchemy, databases/py-sqlalchemy-utils

(adam)

py-sqlalchemy-utils: updated to 0.33.2

0.33.2:
Added support for universal wheels.
Fixed usage of template0 and template1 with postgres database functions.

(adam)

py-sqlalchemy: updated to 1.2.7

SQLAlchemy release 1.2.7:
Release 1.2.7 includes some dialect-specific fixes as well as a small number of SQL and ORM related fixes.

(adam)

Updated net/openvpn, security/py-m2crypto

(adam)

py-m2crypto: updated to 0.30.0

0.30.0:
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
  any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
  new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
  python as a system package, so they are usually more likely to upgrade
  anyway.

(adam)

openvpn: 2.4.6

OpenVPN 2.4.6
management: Warn if TCP port is used without password

Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

manpage: improve description of --status and --status-version

Make return code external tls key match docs

Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation

Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Check for more data in control channel

(adam)

multimedia/Makefile: add vlc2

(wiz)

devel/cmake: -lcrypto should appear later in the command

This fixes PR pkg/53117.

(minskim)

doc: Updated lang/php70 to 7.0.30

(taca)

lang/php70: update to 7.0.30

26 Apr 2018 PHP 7.0.30

- Exif:
  . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
  (Stas)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- LDAP:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

29 Mar 2018 PHP 7.0.29

- FPM:
  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
    access controls). (Jakub Zelenka)

(taca)

doc: Updated lang/php72 to 7.2.5

(taca)

lang/php72: Reset PKGREVISION

(taca)

doc: Updated lang/php71 to 7.1.17

(taca)

lang/php72: update to 7.2.5

26 Apr 2018, PHP 7.2.5

- Core:
  . Fixed bug #75722 (Convert valgrind detection to configure option).
    (Michael Heimpold)

- Date:
  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

- Exif:
  . Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
    (Stas)

- FPM:
  . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
    too long). (Jacob Hipps)
  . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

- GD:
  . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
    (cmb)

- intl:
  . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- ldap:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- mbstring:
  . Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
    (chrullrich, cmb)

- ODBC:
  . Fixed bug #76088 (ODBC functions are not available by default on Windows).
    (cmb)

- Opcache:
  . Fixed bug #76094 (Access violation when using opcache). (Laruence)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

- phpdbg:
  . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

- SPL:
  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
    (carusogabriel)

- standard:
  . Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

(taca)

lang/php: update php71 to 7.1.17

Oops, should be commited with previous one.

(taca)

lang/php71: update to 7.1.17

26 Apr 2018, PHP 7.1.17

- Date:
  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

- Exif:
  . Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
    (Stas)

- FPM:
  . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
    too long). (Jacob Hipps)
  . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

- GD:
  . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
    (cmb)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- intl:
  . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

- ldap:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- mbstring:
  . Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
    (chrullrich, cmb)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

- phpdbg:
  . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

- SPL:
  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
    (carusogabriel)

- standard:
  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

(taca)

doc: Updated devel/p5-Capture-Tiny to 0.48

(wiz)

p5-Capture-Tiny: update to 0.48.

0.48      2018-04-22 09:01:08+02:00 Europe/Oslo

  - No changes from 0.47-TRIAL

0.47      2017-07-26 10:34:24-04:00 America/New_York (TRIAL RELEASE)

  [Fixed]

  - Appends PID to random file names for tee signalling to avoid
    random name collision when used in multiple forked children.

(wiz)

doc: Updated devel/p5-B-Hooks-EndOfScope to 0.24

(wiz)

p5-B-Hooks-EndOfScope: update to 0.24.

0.24      2018-04-21 14:11:08Z
  - no changes since last trial release

0.23      2018-03-17 23:33:09Z (TRIAL RELEASE)
  - improve use of constants in compile-time perl version checks

0.22      2018-03-17 19:31:37Z (TRIAL RELEASE)
  - Fix memory corruption on perls 5.8.0 - 5.8.3

(wiz)

doc: Updated devel/p5-Async-Interrupt to 1.24

(wiz)

p5-Async-Interrupt: update to 1.24.

1.24 Tue Apr 17 21:24:11 CEST 2018
- actually rewnew was missing, not wrongly documented. silly.

1.23 Tue Apr 17 21:18:24 CEST 2018
- ->renew is actually called ->post_fork, fix documentation.
        - use stability canary.

(wiz)

doc: Updated devel/p5-App-cpanminus to 1.7044

(wiz)

p5-App-cpanminus: update to 1.7044.

1.7044  2018-04-19 13:54:29 CEST
  [Improvements]
      - Support zip files with comments (skaji) #560
      - Use metacpan download_url API (haarg) #522

(wiz)

doc: Updated devel/p5-Alien-Build to 1.41

(wiz)

p5-Alien-Build: update to 1.41.

1.41      2018-04-24 06:19:18 -0400
  - before and after directives in alienfile triggers requirement on Alien::Build 1.40

1.40_01  2018-04-12 09:21:05 -0400
  - Add before and after directives to alienfile syntax

(wiz)

Updated textproc/py-phonenumbers, finance/py-braintree

(adam)