doc: Updated net/erlang-xmpp to 1.1.20

(fhajny)

net/erlang-xmpp: Update to 1.1.20.

- Updating fast_xml to version 1.1.29.
- Updating p1_utils to version 1.0.11.
- Updating stringprep to version 1.0.11.
- Fix compilation with rebar3
- Add new namespace from XEP-0398
- Update for changes in fast_xml
- Make mk_text() append original text

(fhajny)

doc: Updated textproc/erlang-stringprep to 1.0.11

(fhajny)

textproc/erlang-stringprep: Update to 1.0.11.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3
- Update FSF address

(fhajny)

doc: Updated databases/erlang-p1_pgsql to 1.1.5

(fhajny)

databases/erlang-p1_pgsql: Update to 1.1.5.

- Fix compilation with rebar3

(fhajny)

doc: Updated databases/erlang-p1_mysql to 1.0.5

(fhajny)

databases/erlang-p1_mysql: Update to 1.0.5.

- Fix compilation with rebar3

(fhajny)

doc: Updated lang/erlang-luerl to 0.3

(fhajny)

lang/erlang-luerl: Update to 0.3.

- Change table field name for dictionary to d, t is confusing.
- Add a rudimentary debug module with few functions.

(fhajny)

doc: Updated converters/erlang-iconv to 1.0.7

(fhajny)

converters/erlang-iconv: Update to 1.0.7.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3

(fhajny)

doc: Updated textproc/erlang-fast_yaml to 1.0.13

(fhajny)

textproc/fast_yaml: Update to 1.0.13.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3

(fhajny)

doc: Updated textproc/erlang-fast_xml to 1.1.29

(fhajny)

textproc/erlang-fast_xml: Update to 1.1.29.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3
- Get rid of $_xmls label

(fhajny)

devel/erlang-ezlib: Update to 1.0.4.

- Fix compilation with rebar3.

(fhajny)

doc: Updated security/erlang-fast_tls to 1.0.21

(fhajny)

security/erlang-fast_tls: Update to 1.0.21.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3

(fhajny)

doc: Updated graphics/erlang-eimp to 1.0.3

(fhajny)

graphics/erlang-eimp: Update to 1.0.3.

- Improved GD library detection
- Introduce rate limit
- Fix detection of rebar3

(fhajny)

doc: Updated pkgtools/pkglint to 5.5.7

(rillig)

fonts/fontconfig: Requires devel/gettext-lib. Bump PKGREVISION, may result in a PLIST change.

(fhajny)

Fix ssl option functionality with OpenSSL 1.1.0

(ryoon)

doc: Updated net/bind99 to 9.9.12

(taca)

net/bind99: update to 9.9.12

New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of
BIND are now available.

Release notes can be found with the releases or in the ISC Knowledge Base:

9.9.12:  https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html
9.10.7:  https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html
9.11.3:  https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html
9.12.1:  https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html

Users who are migrating an existing BIND configuration to these new
versions should take special note of two changes in the behavior
of the "update-policy" statement which slightly change the behavior
of two update-policy options.

The first such change is discussed in greater length in the BIND
Operational Notification issued today:

https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly

The second change to update-policy behavior concerns this change:

  "update-policy rules that otherwise ignore the name field now
  require that it be set to "." to ensure that any type list present
  is properly interpreted. Previously, if the name field was omitted
  from the rule declaration but a type list was present, it wouldn't
  be interpreted as expected."

which is a correction to an ambiguous case that was previously allowed,
but which was capable of causing unexpected results when accidentally
applied.  The new requirement eliminates is intended to eliminate the
confusion, which previously caused some operators to misapply security
policies.  However, due to the new requirement, named configuration
files that relied on the previous behavior will no longer be accepted.

These changes should not affect most operators, even those using
"update-policy" to define Dynamic DNS permissions, but we would like
to draw your attention to them so that operators are informed about
the new behaviors.

(taca)

doc: Updated net/bind910 to 9.10.7

(taca)

net/bind910: update to 9.10.7

New maintenance releases in the 9.9, 9.10, 9.11, and 9.12 branches of
BIND are now available.

Release notes can be found with the releases or in the ISC Knowledge Base:

9.9.12:  https://kb.isc.org/article/AA-01596/0/9.9.12-Notes.html
9.10.7:  https://kb.isc.org/article/AA-01595/0/9.10.7-Notes.html
9.11.3:  https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html
9.12.1:  https://kb.isc.org/article/AA-01598/0/9.12.1-Notes.html

Users who are migrating an existing BIND configuration to these new
versions should take special note of two changes in the behavior
of the "update-policy" statement which slightly change the behavior
of two update-policy options.

The first such change is discussed in greater length in the BIND
Operational Notification issued today:

https://kb.isc.org/article/AA-01599/update-policy-local-was-named-misleadingly

The second change to update-policy behavior concerns this change:

  "update-policy rules that otherwise ignore the name field now
  require that it be set to "." to ensure that any type list present
  is properly interpreted. Previously, if the name field was omitted
  from the rule declaration but a type list was present, it wouldn't
  be interpreted as expected."

which is a correction to an ambiguous case that was previously allowed,
but which was capable of causing unexpected results when accidentally
applied.  The new requirement eliminates is intended to eliminate the
confusion, which previously caused some operators to misapply security
policies.  However, due to the new requirement, named configuration
files that relied on the previous behavior will no longer be accepted.

These changes should not affect most operators, even those using
"update-policy" to define Dynamic DNS permissions, but we would like
to draw your attention to them so that operators are informed about
the new behaviors.

(taca)

Update pkglint to 5.5.7

Changes since 5.5.6:

* When pkglint warns about files that are accidentally executable, it
  offers to fix the file permissions.

* Warn about ${HOMEPAGE:=repository/}, since the := modifier should
  only be used with MASTER_SITES.

* When the distinfo file is missing, suggest setting NO_CHECKSUM.

* Several refactorings.

(rillig)

doc: Updated security/erlang-epam to 1.0.4

(fhajny)

security/erlang-epam: Update to 1.0.4.

- Fix compilation with rebar3

(fhajny)

doc: Updated devel/erlang-cache_tab to 1.0.13

(fhajny)

devel/erlang-cache_tab: Update to 1.0.13.

- Updating p1_utils to version 1.0.11.
- Fix compilation with rebar3

(fhajny)

doc: Updated misc/erlang-p1_utils to 1.0.11

(fhajny)

misc/erlang-p1_utils: Update to 1.0.11.

- Fix compilation with rebar3

(fhajny)

doc: Updated mail/rspamd to 1.7.2

(fhajny)

Update mail/rspamd to 1.7.2.

- [Feature] Store emails in Clickhouse
- [Feature] Support single quotes in config
- [Feature] Use templates when publishing CH schema
- [Feature] Improve Docker image
- [Fix] Add rounding when printing a lot of FP variables
- [Fix] Allow to disable certain actions by assigning null to them
- [Fix] Disable results caching
- [Fix] Fix disabling of squeezed symbols
- [Fix] Fix scan time set
- [Fix] Rework logic of actions setting
- [Fix] Try to fix various Lua stack issues
- [WebUI] Add link tag for favicon.ico
- [WebUI] Display hostname:port/path in the page title

(fhajny)

All files should be compiled. Bump revision.

(joerg)

Updated devel/py-setuptools_scm

(adam)

py-setuptools_scm: updated to 1.17.0

v1.17.0:
fix regression in git support - use a function to ensure it works in egg isntalled mode
actually fail if file finding fails in order to see broken setups instead of generating broken dists

v1.16.2:
fix regression in handling git export ignores

v1.16.1
fix regression in support for old setuptools versions

v1.16.0
drop support for eol python versions
fix missuse in surogate-escape api
add the node-and-timestamp local version sheme
respect git export ignores
avoid shlex.split on windows
fix #218 - better handling of mercurial edge-cases with tag commits being considered as the tagged commit
fix #223 - remove the dependency on the interal SetupttoolsVersion as it was removed after long-standing deprecation

(adam)

build fixes for NetBSD

(spz)

doc: Updated net/gallery-dl to 1.3.2

(leot)

gallery-dl: Update net/gallery-dl to 1.3.2

Changes:
1.3.2
-----
* Added extractors for `artstation` albums, challenges and search results
* Improved URL and metadata extraction for `hitomi`and `nhentai`
* Fixed page transitions for `danbooru` API results (#82)

(leot)

Updated devel/py-quixote, www/py-scgi

(adam)

py-scgi: updated to 1.15

1.15:
Improve comments.

Close unwanted file descriptors.

In scgi_server.py, spawn_child() is called at startup to start the
first child and also from delegate_request() when more children are
needed. In the latter case, the parameter 'conn' is passed to
spawn_child() so that the newly-created child knows to close the
file descriptor it has inherited but doesn't need.

The bug is that in the latter case the new child also inherits
various other file descriptors which are not similarly closed,
namely the Unix sockets to its elder siblings, and the TCP listener
socket.

Improve Apache 2 mod_scgi error messages.

If the connection is aborted while sending the response, log an
error but don't generate an internal server error. This can happen
if the client closes the connection before the entire response has
been read. There's nothing the server can do about it.

When an error occurs while reading the response headers, don't
log an error since ap_scan_script_header_err_brigade() has already
done so.

(adam)

py-quixote: updated to 2.9.1

v2.9.1
    Add itervalues() and iteritems() methods to SessionManager.

    Allow unicode strings passed to redirect().

    Fix handling of __future__ import statements in PTL.

v2.9
    There was a packaging error for 2.8.  It included files not intended
    to be released which broke the 'ptl' package.  This release repairs
    that error and includes a small change to random session tokens.

    Use 128-bit random tokens for session keys and form tokens.

    Our previous 64-bit values should still be more than secure
    for web applications but recommended best practice is currently
    128-bit.  We use URL-safe base64 encoding so the length of
    the tokens is only a bit longer.

    Use base64 instead of hex encoding for util.randbytes()

v2.8
    Don't set duplicate ID attributes on radio inputs.

    ptl_import recompiles ptl files

    Since stat.st_mtime is a float in linux, _load_pyc will almost always
    recompile the ptl files.  Here's a patch to make the logic follow
    compile.c in python.

(adam)

Updated net/youtube-dl, devel/py-setuptools, devel/py-pip, devel/py-virtualenv, devel/git

(adam)

git: updated to 2.16.3

Git v2.16.3 Release Notes

* "git status" after moving a path in the working tree (hence making
  it appear "removed") and then adding with the -N option (hence
  making that appear "added") detected it as a rename, but did not
  report the  old and new pathnames correctly.

* "git commit --fixup" did not allow "-m<message>" option to be used
  at the same time; allow it to annotate resulting commit with more
  text.

* When resetting the working tree files recursively, the working tree
  of submodules are now also reset to match.

* Fix for a commented-out code to adjust it to a rather old API change
  around object ID.

* When there are too many changed paths, "git diff" showed a warning
  message but in the middle of a line.

* The http tracing code, often used to debug connection issues,
  learned to redact potentially sensitive information from its output
  so that it can be more safely sharable.

* Crash fix for a corner case where an error codepath tried to unlock
  what it did not acquire lock on.

* The split-index mode had a few corner case bugs fixed.

* Assorted fixes to "git daemon".

* Completion of "git merge -s<strategy>" (in contrib/) did not work
  well in non-C locale.

* Workaround for segfault with more recent versions of SVN.

* Recently introduced leaks in fsck have been plugged.

* Travis CI integration now builds the executable in 'script' phase
  to follow the established practice, rather than during
  'before_script' phase.  This allows the CI categorize the failures
  better ('failed' is project's fault, 'errored' is build
  environment's).

(adam)

py-virtualenv: updated to 15.2.0

15.2.0:
Upgrade setuptools to 39.0.1.
Upgrade pip to 9.0.3.
Upgrade wheel to 0.30.0.

(adam)

py-pip: updated to 9.0.3

9.0.3:
Fix an error where the vendored requests was not correctly containing itself to only the internal vendored prefix.
Restore compatability with 2.6.

(adam)

py-setuptools: updated to 39.0.1

v39.0.1
Restore Unicode handling for Maintainer fields in metadata.

v39.0.0:
Setuptools now vendors its own direct dependencies, no longer relying on the dependencies as vendored by pkg_resources.
Removed long-deprecated support for iteration on Version objects as returned by pkg_resources.parse_version. Removed the SetuptoolsVersion and SetuptoolsLegacyVersion names as well. They should not have been used, but if they were, replace with Version and LegacyVersion from packaging.version.

v38.7.0:
Add support for maintainer in PKG-INFO.

(adam)

youtube-dl: updated to 2018.03.20

youtube-dl 2018.03.20:

Core
[extractor/common] Improve thumbnail extraction for HTML5 entries
Generalize XML manifest processing code and improve XSPF parsing
[extractor/common] Add _download_xml_handle
[extractor/common] Add support for relative URIs in _parse_xspf

Extractors
[7plus] Extract series metadata
[9now] Bypass geo restriction
[cbs] Skip unavailable assets
[canalc2] Add support for HTML5 videos
[ceskatelevize] Add support for iframe embeds
[prosiebensat1] Add support for galileo.tv
[generic] Add support for xfileshare embeds
[bilibili] Switch to v2 playurl API
[bilibili] Fix and improve extraction
[heise] Improve extraction
[instagram] Fix user videos extraction

(adam)

Do not depend on setuptools-git.

(adam)

libxml2: remove unused patch

(wiz)

hexchat: add new patch to distinfo

(wiz)

doc: Updated x11/xtrap to 1.0.3

(wiz)

xtrap: update to 1.0.3.

Alan Coopersmith (8):
    Add README with pointers to mailing lists, bugzilla, & git
    Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONS
    Assume signal handlers return void, as C89 requires
    config: replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS
    This is not a GNU project, so declare it foreign.
    configure: Drop AM_MAINTAINER_MODE
    autogen.sh: Honor NOCONFIGURE=1
    config: Remove unnecessary calls from configure.ac

Eric S. Raymond (1):
    Bug 9522 - Markup problems on the xtrap.1x page

Gaetan Nadon (1):
    config: update AC_PREREQ statement to 2.60

James Cloos (3):
    Rename .cvsignore to .gitignore
    Add *~ to .gitignore to skip patch/emacs droppings
    Replace static ChangeLog with dist-hook to generate from git log

Matt Turner (4):
    Makefile: Use _DEFAULT_SOURCE instead of _BSD_SOURCE
    configure: Depend on libXt
    Fix pointer-to-int-cast errors
    xtrap 1.0.3

Paulo Cesar Pereira de Andrade (2):
    Ansification and compile warning fixes.
    Janitor: Add matching prototypes to callback functions.

Thomas Zimmermann (1):
    Bug 24530: Add $(AM_CFLAGS) to xtrap*_CFLAGS

(wiz)

Added py-test-fixture-config, py-test-shutil, py-test-virtualenv

(adam)

Added py-test-fixture-config, py-test-shutil, py-test-virtualenv

(adam)

py-test-shutil: added version 1.3.0

This library is a goodie-bag of Unix shell and environment management tools for
automated tests. A summary of the available functions is below, look at the
source for the full listing.

(adam)

py-test-virtualenv: added version 1.3.0

Create a Python virtual environment in your test that cleans up on teardown.
The fixture has utility methods to install packages and list what's installed.

(adam)

py-test-fixture-config: added version 1.3.0

Simple configuration objects for Py.test fixtures. Allows you to skip tests
when their required config variables aren't set.

(adam)

py-contextlib2: cleanups

(adam)

Move py-test-runner dependency into the !py27 case as build dependency.
Contrary to the name, setuptools whines and wants to RCE the system if
it isn't installed.

(joerg)

Unbreak build on NetBSD by ensuring that uintptr_t is not a macro.

(joerg)

Updated multimedia/libdvdcss

(adam)

libdvdcss: updated to 1.4.2

Changes 1.4.2:
* Fix buffer overflow when region mask is 0x0
* Fix invalid free on Open

(adam)

doc: Added math/R-forecast version 8.2

(minskim)

math/Makefile: Add R-forecast

(minskim)

math/R-forecast: Import version 8.2

Methods and tools for displaying and analysing univariate time series
forecasts including exponential smoothing via state space models and
automatic ARIMA modelling.

(minskim)

doc: Updated devel/transifex-client to 0.13.1

(taca)

devel/transifex-client: update to 0.13.1

0.12.2 2016/08/10

* Better proxy support

0.12.3 2017/01/31

* XLIFF and tokens support

0.12.4 2017/02/07

* Fixes to XLIFF support

0.12.5 2017/11/02

* Support for Basic Authentication when using the client behind a proxy
* Support for sourceastranslation and onlyreviewed modes when pulling files
* Return non-zero exit codes on errors
* $ tx --version now includes information about the Python version and
  architecture you're running
* Some updates and minor fixes in logging/error messages

0.13.0 2018/01/08

* Rename set command to config while maintaining backwards compatibility.
* --auto-local, --auto-remote options have become mapping and mapping-remote
  subcommands. Backwards compatibility has been maintained and the options
  (and subcommands) are supported both when using tx set and tx config
  commands.
* Introduce mapping-bulk subcommand to tx config command. mapping-bulk is
  similar to mapping but configures a whole directory of files and not a
  single file.
* Support branch specific push / pull using the --branch option.
* Add interactive wizard for tx config command. Interactive wizard is
  triggered by default after tx init if --skipsetup option is not passed and
  by the tx config if called without any options or subcommands.

0.13.1 2018/02/09

* Fix some python 3 compatibility issues
* Fix CI for python 3
* Add Python 3.6 in the supported versions

Note: For windows executables for more python version see:
https://ci.appveyor.com/project/transifex/transifex-client/build/1.0.445.

(taca)

doc: Updated security/py-certbot to 0.22.2

(fhajny)

security/py-certbot: Update to 0.22.2.

0.22.2
- A type error introduced in 0.22.1 that would occur during challenge
  cleanup when a Certbot plugin raises an exception while trying to
  complete the challenge was fixed.

0.22.1
- The ACME server used with Certbot's --dry-run and --staging flags is
  now Let's Encrypt's ACMEv2 staging server which allows people to
  also test ACMEv2 features with these flags.
- The HTTP Content-Type header is now set to the correct value during
  certificate revocation with new versions of the ACME protocol.
- When using Certbot with Let's Encrypt's ACMEv2 server, it would add
  a blank line to the top of chain.pem and between the certificates in
  fullchain.pem for each lineage. These blank lines have been removed.
- Resolved a bug that caused Certbot's --allow-subset-of-names flag
  not to work.
- Fixed a regression in acme.client.Client that caused the class to
  not work when it was initialized without a ClientNetwork which is
  done by some of the other projects using our ACME library.

(fhajny)

doc: Updated www/ruby-loofah to 2.2.2

(taca)

www/ruby-loofah: update to 2.2.2

## 2.2.2 / 2018-03-22

Make public `Loofah::HTML5::Scrub.force_correct_attribute_escaping!`,
which was previously a private method. This is so that downstream gems
(like rails-html-sanitizer) can use this logic directly for their own
attribute scrubbers should they need to address CVE-2018-8048.

(taca)

doc: Updated sysutils/puppet to 5.5.0

(taca)

sysutils/puppet: update to 5.5.0

Puppet 5.5.0
Released March 20, 2018.

This is a feature and bug-fix release of Puppet.

Please refer release note for full changes:
<https://puppet.com/docs/puppet/5.5/release_notes.html>.

(taca)

doc: Updated net/ruby-netaddr to 2.0.3

(taca)

net/ruby-netaddr: update to 2.0.3

2.0.2 (2018/01/27)

* add to_net()

2.0.3 (2018/03/23)

* add contains()
* add long()
* Remove unused `newNet` local variable to stop warning

(taca)

doc: Updated devel/ruby-native-package-installer to 1.0.6

(taca)

devel/ruby-native-package-installer: update to 1.0.6

## 1.0.6 - 2017-12-05

### Improvements

  * Added meta character support in package name.
    [GitHub#8][Reported by Mamoru TASAKA]

### Fixes

  * Removed needless ArchLinux fallback from PLD Linux.
    [GitHub#7][Reported by Elan Ruusam辰e]

### Thanks

  * Elan Ruusam辰e

  * Mamoru TASAKA

## 1.0.5 - 2017-11-11

### Improvements

  * Removed needless Packnga development dependency.
    [GitHub#4][Patch by HIGUCHI Daisuke]

  * Added PLD Linux support.
    [GitHub#6][Patch by Elan Ruusam辰e]

### Fixes

  * Fixed a bug that `:redhat` package isn't used for Fedora platform.
    [GitHub#5][Patch by HIGUCHI Daisuke]

### Thanks

  * HIGUCHI Daisuke

  * Elan Ruusam辰e

(taca)

doc: Updated www/ruby-rails-html-sanitizer to 1.0.4

(taca)

www/ruby-rails-html-sanitizer: update to 1.0.4

1.0.4 (2018/03/22)

* Fix CVE-2018-3741. (FIx a possible XSS vulnerability)

(taca)

doc: Updated sysutils/ruby-childprocess to 0.9.0

(taca)

sysutils/ruby-childprocess: update to 0.9.0

### Version 0.9.0 / 2018-03-10

* Added support for DragonFly BSD.

(taca)

doc: Updated security/ruby-rex-socket to 0.1.12

(taca)

security/ruby-rex-socket: update to 0.1.12

0.1.12 (2018/03/21)

* Land #9, improve SSL certificate generation
* fix is_mac_addr to validate if something is _only_ a mac address
* Improve SSL certificate generation

0.1.11 (2018/02/09)

* Land #8, factor out SSL bits
* Address Brent's comment - drop @@loaded_openssl
* Implement a certificate provider pattern in Socket
* Extract and mixin cert ops from server module

(taca)

doc: Updated devel/ruby-mocha to 1.4.0

(taca)

devel/ruby-mocha: update to 1.4.0

1.4.0 (2018/03/20)

* Fix deprecation warning for assert_nil in ClassMethodTest (#308 & #309)
* Display file and line number in deprecation warning - thanks to @chrisarcand
  (#310, #312 & #313)
* Rename mocha/mini_test.rb to mocha/minitest.rb - thanks to @grosser (#320 &
  #322)
* Fix warning when delegating to mock in Ruby 2.4 - thanks to @tjvc (#321 &
  #323)
* Updates to Travis CI configuration (73af600..9732726 & 0426e5e)

(taca)

doc: Updated devel/ruby-mixlib-config to 2.2.6

(taca)

Updated archivers/py-zstandard

(adam)

devel/ruby-mixlib-config: update to 2.2.6

2.2.6 (2018-03-22)

* Adding support for reading from TOML files #55 (tyler-ball)

(taca)

doc: Updated devel/ruby-byebug to 10.0.1

(taca)

devel/ruby-byebug: update to 10.0.1

## 10.0.1 - 2018-03-21

### Fixed

* Error when using byebug with `debase` gem (#443, @tzmfreedom)

(taca)

py-zstandard: updated to 0.8.2

0.8.2:
Fixed memory leak in ZstdCompressor.copy_stream()
Fixed memory leak in ZstdDecompressor.copy_stream()

(adam)

doc: Updated databases/ruby-mysql2 to 0.5.0

(taca)

databases/ruby-mysql2: update to 0.5.0

0.5.0 2018/3/21

Breaking Changes

* Ruby 2.0 or higher required. Ruby 1.8.7 and Ruby 1.9.3 are not supported.
* MySQL 5.5 or higher required. MySQL 5.0 and 5.1 are not supported.

New Features

* Expose mysql_set_server_option to turn multiple statements on and off (#943)
* Accept query options on Statement#execute (#912)
* Support connect attributes and the program_name attribute (#760)
* Make server_status variable available (#755)

Bug Fixes

* Fix wrong value of type YEAR on big endian environment (#921)
* MySQL 8.0.3 Release Candidate removes MYSQL_SECURE_AUTH (#891)
* Suppress Fixnum and Bignum warnings on Ruby 2.4 (#907)

Changes

* Resolve warnings for my_bool vs. bool types (#916, #919)
* Call BigDecimal(num) instead of BigDecimal.new(num) (#925, #928)
* GitHub is HTTPS by default (#922)
* Misc Cleanups (#918)
* More specific exception classes (#260, #404, #870, 911)
* Update RuboCop to 0.50.x (#752)
* Prefix more C functions with rb_mysql_ (#910)
* Fix compat with RubyInstaller-2.4 on Windows (#875)

(taca)

Updated www/apache-tomcat85 to 8.5.29

(ryoon)

Update to 8.5.29

Changelog:
Tomcat 8.5.29 (markt)
Catalina
    Fix: Minor optimization when calling class transformers. (rjung)
    Fix: Prevent Tomcat from applying gzip compression to content that is already compressed with brotli compression. Based on a patch provided by burka. (markt)
    Fix: 62090: Null container names are not allowed. (remm)
    Fix: 62104: Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified). (remm)
    Fix: 62117: Improve error message in catalina.sh when calling kill -0 <pid> fails. Based on a suggestion from Mark Morschhaeuser. (markt)
    Fix: 62118: Correctly create a JNDI ServiceRef using the specified interface rather than the concrete type. Based on a suggestion by Ángel Álvarez Páscua. (markt)
    Fix: Fix for RequestDumperFilter log attribute. Patch provided by Kirill Romanov via Github. (violetagg)
    Fix: 62123: Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web application stop. (markt)
    Fix: Correct a regression in the fix for 60276 that meant that compression was applied to all MIME types. Patch provided by Stefan Knoblich. (markt)

Coyote
    Fix: Add minor HPACK fixes, based on fixes by Stuart Douglas. (remm)
    Fix: 61751: Follow up fix so that OpenSSL engine returns underflow when unwrapping if no bytes were produced and the input is empty. (remm)
    Fix: Minor OpenSSL engine cleanups. (remm)
    Fix: NIO SSL handshake should throw an exception on overflow status, like NIO2 SSL. (remm)

Web applications
    Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
    Add: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when the Manager application generates a plain text response. Based on a suggestion from Muthukumar Marikani. (markt)

Other
    Update the build script so MD5 hashes are no longer generated for releases as per the change in the ASF distribution policy. (markt)

2018-02-11 Tomcat 8.5.28 (markt)
Catalina
    Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
    Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
    Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
    Fix: Avoid duplicate load attempts if one has been made already. (remm)
    Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
    Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
    Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
    Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)

Coyote
    Fix: 61751: Fix truncated request input streams when using NIO2 with TLS. (markt)
    Fix: 62023: Log error reporting multiple SSLHostConfig elements when using the APR Connector instead of crashing Tomcat. (csutherl)
    Fix: 62032: Fix NullPointerException when certificateFile is not defined on an SSLHostConfig and unify the behavior when a certificateFile is defined but the file does not exist for both JKS and PEM file types. (csutherl)

WebSocket
    Fix: 62024: When closing a connection with an abnormal close, close the socket immediately rather than waiting for a close message from the client that may never arrive. (markt)

Webapps
    Fix: 62049: Fix missing class from manager 404 JSP error page. (remm)

jdbc-pool
    Add: Enhance the JMX support for jdbc-pool in order to expose PooledConnection and JdbcInterceptors. (kfujino)
    Add: Add MBean for PooledConnection. (kfujino)
    Add: 62011: Add MBean for StatementCache. (kfujino)
    Add: Expose the cache size for each connection via JMX in StatementCache. (kfujino)
    Add: Add MBean for ResetAbandonedTimer. (kfujino)

Other
    Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)

(ryoon)

Updated www/apache-tomcat8 to 8.0.50

(ryoon)

Update to 8.0.50

Changelog:
Tomcat 8.0.50 (violetagg)

Catalina
    Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
    Fix: Avoid duplicate load attempts if one has been made already. (remm)
    Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
    Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
    Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
    Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
    Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
    Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
    Fix: Minor optimization when calling class tranformers. (rjung)

Web applications
    Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)

Other
    Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)

(ryoon)

Updated www/apache-tomcat7 to 7.0.85

(ryoon)

Updated net/dnsmasq, devel/talloc

(adam)

talloc: updated to 2.1.12

2.1.12:
Bug fixes.

(adam)

Update to 7.0.85

Changelog:
Tomcat 7.0.85 (violetagg)

    Catalina
        fix Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
        fix Avoid duplicate load attempts if one has been made already. (remm)
        fix Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
        fix 58143: Fix calling classloading transformers broken in 7.0.70 by the fix for 59619. This was observed when using Spring weaving. (rjung)
        fix 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
        fix 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
        fix 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
        fix When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
        fix Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
        fix Minor optimization when calling class tranformers. (rjung)

    Web applications
        add 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)

    Other
        update Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)

(ryoon)

dnsmasq: updated to 2.79

version 2.79
Fix parsing of CNAME arguments, which are confused by extra spaces.
Thanks to Diego Aguirre for spotting the bug.

Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
upstream servers to an interface, rather than SO_BINDTODEVICE.
Thanks to Beniamino Galvani for the patch.

Always return a SERVFAIL answer to DNS queries without the
recursion desired bit set, UNLESS acting as an authoritative
DNS server. This avoids a potential route to cache snooping.

Add support for Ed25519 signatures in DNSSEC validation.

No longer support RSA/MD5 signatures in DNSSEC validation,
since these are not secure. This behaviour is mandated in
RFC-6944.

Fix incorrect error exit code from dhcp_release6 utility.
Thanks Gaudenz Steinlin for the bug report.

Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
time validation when --dnssec-no-timecheck is in use.
Note that this is an incompatible change from earlier releases.

Allow more than one --bridge-interface option to refer to an
interface, so that we can use
--bridge-interface=int1,alias1
--bridge-interface=int1,alias2
as an alternative to
--bridge-interface=int1,alias1,alias2
Thanks to Neil Jerram for work on this.

Fix for DNSSEC with wildcard-derived NSEC records.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence.
Thanks to Ralph Dolmans for finding this, and co-ordinating
the vulnerability tracking and fix release.
CVE-2017-15107 applies.

Remove special handling of A-for-A DNS queries. These
are no longer a significant problem in the global DNS.
http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf
Thanks to Mattias Hellstr旦m for the initial patch.

Fix failure to delete dynamically created dhcp options
from files in -dhcp-optsdir directories. Thanks to
Lindgren Fredrik for the bug report.

Add to --synth-domain the ability to create names using
sequential numbers, as well as encodings of IP addresses.
For instance,
--synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-*
creates 21 domain names of the form
internal-4.thekelleys.org.uk over the address range given, with
internal-0.thekelleys.org.uk being 192.168.0.50 and
internal-20.thekelleys.org.uk being 192.168.0.70
Thanks to Andy Hawkins for the suggestion.

Tidy up Crypto code, removing workarounds for ancient
versions of libnettle. We now require libnettle 3.

(adam)