grafana/Makefile: revert rev 1.6-1.7

Actual problem was that EXTRACT_SUFX must be set earlier for intended
Makefile variable expansion.
It used to be set but got lost in the 4.6.2 update commit.

(tnn)

grafana: fix build

XXX I'm positive this worked before

(tnn)

doc/TODO: add some

+ ImageMagick-7.0.7.21, geeqie-1.4, gmime3-3.0.5, gnumeric112-1.12.38,
  goffice0.10-0.10.38, gtk-doc-1.27, gtksourceview3-3.24.6,
  libfilezilla-0.11.2, libmspub-0.1.3, librsvg-2.40.20, musicpd-0.20.15,
  py-Unidecode-1.0.22, py-borg-1.1.4, py-numpy-1.14.0,
  py-setuptools-38.4.0, unixodbc-2.3.5, vala-0.38.4, vim-8.0.1428,
  vim-share-8.0.1428.

(wiz)

doc/CHANGES-2018: mention {py-,}bdb-xml removal

(wiz)

{py-,}bdb-xml: remove packages

Last release from 2011, build broken, not used by anything in pkgsrc.

(wiz)

Pullup ticket #5677 - requested by taca
converters/php-iconv: reset PKGREVISION
databases/php-pdo_sqlite: reset PKGREVISION
textproc/php-intl: reset PKGREVISION
textproc/php-json: reset PKGREVISION

Revisions pulled up:
- converters/php-iconv/Makefile                                1.13
- databases/php-pdo_sqlite/Makefile                            1.29
- textproc/php-intl/Makefile                                    1.34
- textproc/php-json/Makefile                                    1.6

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan  5 03:14:52 UTC 2018

  Modified Files:
  pkgsrc/converters/php-iconv: Makefile
  pkgsrc/databases/php-pdo_sqlite: Makefile
  pkgsrc/textproc/php-intl: Makefile
  pkgsrc/textproc/php-json: Makefile

  Log Message:
  lang/php: reset PKGREVISION

  Reset PKGREVISION with updating of all lang/php* packages.

(bsiegert)

Pullup ticket #5676 - requested by taca
lang/php72: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.201
- lang/php72/distinfo                                          1.11

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan  5 03:12:12 UTC 2018

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php72: distinfo

  Log Message:
  lang/php72: update to 7.2.1

  04 Jan 2018, PHP 7.2.1

  - Core:
    . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
    . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
      (Anatol)
    . Fixed bug #75525 (Access Violation in vcruntime140.dll). (Anatol)
    . Fixed bug #74862 (Unable to clone instance when private __clone defined).
      (Daniel Ciochiu)
    . Fixed bug #75074 (php-process crash when is_file() is used with strings
      longer 260 chars). (Anatol)

  - CLI server:
    . Fixed bug #73830 (Directory does not exist). (Anatol)

  - FPM:
    . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
      requests). (Remi)

  - GD:
    . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
      (Christoph)

  - Opcache:
    . Fixed bug #75608 ("Narrowing occurred during type inference" error).
      (Laruence, Dmitry)
    . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
      (Dmitry)
    . Fixed bug #75570 ("Narrowing occurred during type inference" error).
      (Dmitry)
    . Fixed bug #75556 (Invalid opcode 138/1/1). (Laruence)

  - PCRE:
    . Fixed bug #74183 (preg_last_error not returning error code after error).
      (Andrew Nester)

  - Phar:
    . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

  - Standard:
    . Fixed bug #75511 (fread not free unused buffer). (Laruence)
    . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
      (Remi)
    . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
      segment fault). (Nikita)
    . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
      that getrandom() is missing). (sarciszewski)
    . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
      (John Stevenson)
    . Fixed bug #75574 (putenv does not work properly if parameter contains
      non-ASCII unicode character). (Anatol)

  - Zip:
    . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

(bsiegert)

Pullup ticket #5675 - requested by taca
lang/php71: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.200
- lang/php71/distinfo                                          1.31

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan  5 03:11:13 UTC 2018

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php71: distinfo

  Log Message:
  lang/php71: update to 7.1.13

  04 Jan 2018, PHP 7.1.13

  - Core:
    . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
    . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
      (Anatol)
    . Fixed bug #74862 (Unable to clone instance when private __clone defined).
      (Daniel Ciochiu)
    . Fixed bug #75074 (php-process crash when is_file() is used with strings
      longer 260 chars). (Anatol)

  - CLI Server:
    . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
      script). (SammyK)
    . Fixed bug #73830 (Directory does not exist). (Anatol)

  - FPM:
    . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
      requests). (Remi)

  - GD:
    . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
      (Christoph)

  - Opcache:
    . Fixed bug #75608 ("Narrowing occurred during type inference" error).
      (Laruence, Dmitry)
    . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
      (Dmitry)
    . Fixed bug #75570 ("Narrowing occurred during type inference" error).
      (Dmitry)

  - PCRE:
    . Fixed bug #74183 (preg_last_error not returning error code after error).
      (Andrew Nester)

  - Phar:
    . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

  - Standard:
    . Fixed bug #75511 (fread not free unused buffer). (Laruence)
    . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
      (Remi)
    . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
      segment fault). (Nikita)
    . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
      that getrandom() is missing). (sarciszewski)
    . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
      (John Stevenson)
    . Fixed bug #75574 (putenv does not work properly if parameter contains
      non-ASCII unicode character). (Anatol)

  - Zip:
    . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

(bsiegert)

Pullup ticket #5674 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.199
- lang/php70/distinfo                                          1.41

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan  5 03:09:59 UTC 2018

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php70: distinfo

  Log Message:
  lang/php70: update to 7.0.27

  04 Jan 2018 PHP 7.0.27

  - CLI Server:
    . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
      script). (SammyK)

  - Core:
    . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
      (Anatol)
    . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)

  - FPM:
    . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
      requests). (Remi)

  - GD:
    . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)

  - Opcache:
    . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
      (Dmitry)

  - PCRE:
    . Fixed bug #74183 (preg_last_error not returning error code after error).
      (Andrew Nester)

  - Phar:
    . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)

  - Standard:
    . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
      segment fault). (Nikita)
    . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
      that getrandom() is missing). (sarciszewski)

  - Zip:
    . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

(bsiegert)

Pullup ticket #5673 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.198
- lang/php56/distinfo                                          1.44

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan  5 03:08:36 UTC 2018

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php56: distinfo

  Log Message:
  lang/php56: update to 5.6.33

  04 Jan 2017, PHP 5.6.33

  - GD:
    . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)

  - Phar:
    . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)

(bsiegert)

doc: Updated pkgtools/pkglint to 5.4.26

(rillig)

Updated pkglint to 5.4.26.

Changes since 5.4.25:

* When autofixing a patch, fix the corresponding distinfo file as well.

* Properly parse ${VARNAME:[\#]};
  the # was interpreted as a comment before.

* Don't add unnecessary :Q to PKG_OPTIONS and related variables.

* Don't warn about missing manual pages. While Debian and other
  distributions do this work, pkgsrc keeps the packages as original as
  possible.

* Autofix redundant ".gz" for manual pages in PLISTs.

(rillig)

amanda-server: Sort PLIST

(rillig)

doc: Updated www/privoxy to 3.0.26

(leot)

privoxy: Update www/privoxy to 3.0.26

pkgsrc changes:
- Add user.filter to CONF_FILES_PERMS, it is used by default in the privoxy
  config and if not present privoxy will refuse to start.

Changes:
*** Version 3.0.26 stable ***

- Bug fixes:
  - Fixed crashes with "listen-addr :8118" (SF Bug #902).
    The regression was introduced in 3.0.25 beta and reported
    by Marvin Renich in Debian bug #834941.

- General improvements:
  - Log when privoxy is toggled on or off via cgi interface.
  - Highlight the "Info: Now toggled " on/off log message
    in the Windows log viewer.
  - Highlight the loading actions/filter file log message
    in the Windows log viewer.
  - Mention client-specific tags on the toggle page as a
    potentionally more appropriate alternative.

- Documentation improvements:
  - Update download section on the homepage.
    The downloads are available from the website now.
  - Add sponsor FAQ.
  - Remove obsolete reference to mailing lists hosted at SourceForge.
  - Update the "Before the Release" section of the developer manual.

- Infrastructure improvements:
  - Add perl script to generate an RSS feed for the packages
    Submitted by "Unknown".

- Build system improvements:
  - strptime.h: fix a compiler warning about ambiguous else.
  - configure.in: Check for Docbook goo on the BSDs as well.
  - GNUMakefile.in: Let the dok-user target remove temporary files.

*** Version 3.0.25 beta ***

- Bug fixes:
  - Always use the current toggle state for new requests.
    Previously new requests on reused connections inherited
    the toggle state from the previous request even though
    the toggle state could have changed.
    Reported by Robert Klemme.
  - Fixed two buffer-overflows in the (deprecated) static
    pcre code. These bugs are not considered security issues
    as the input is trusted.
    Found with afl-fuzz and ASAN.

- General improvements:
  - Added support for client-specific tags which allow Privoxy
    admins to pre-define tags that are set for all requests from
    clients that previously opted in through the CGI interface.
    They are useful in multi-user setups where admins may
    want to allow users to disable certain actions and filters
    for themselves without affecting others.
    In single-user setups they are useful to allow more fine-grained
    toggling. For example to disable request blocking while still
    crunching cookies, or to disable experimental filters only.
    This is an experimental feature, the syntax and behaviour may
    change in future versions.
    Sponsored by Robert Klemme.
  - Dynamic filters and taggers now support a $listen-address variable
    which contains the address the request came in on.
    For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
    Original patch contributed by pursievro.
  - Add client-header-tagger 'listen-address'.
  - Include the listen-address in the log message when logging new requests.
    Patch contributed by pursievro.
  - Turn invalid max-client-connections values into fatal errors.
  - The show-status page now shows whether or not dates before 1970
    and after 2038 are expected to be handled properly.
    This is mainly useful for Privoxy-Regression-Test but could
    also come handy when dealing with time-related support requests.
  - On Mac OS X the thread id in log messages are more likely to
    be unique now.
  - When complaining about missing filters, the filter type is logged
    as well.
  - A couple of harmless coverity warnings were silenced
    (CID #161202, CID #161203, CID #161211).

- Action file improvements:
  - Filtering is disabled for Range requests to let download resumption
    and Windows updates work with the default configuration.
  - Unblock ".ardmediathek.de/".
    Reported by ThTomate in #932.

- Documentation improvements:
  - Add FAQ entry for crashes caused by memory limits.
  - Remove obsolete FAQ entry about a bug in PHP 4.2.3.
  - Mention the new mailing lists were appropriate.
    As the archives have not been migrated, continue to
    mention the archives at SF in the contacting section
    for now.
  - Note that the templates should be adjusted if Privoxy is
    running as intercepting proxy without getting all requests.
  - A bunch of links were converted to https://.
  - Rephrase onion service paragraph to make it more obvious
    that Tor is involved and that the whole website (and not
    just the homepage) is available as onion service.
  - Streamline the "More information" section on the homepage further
    by additionally ditching the link to the 'See also' section
    of the user manual. The section contains mostly links that are
    directly reachable from the homepage already and the rest is
    not significant enough to get a link from the homepage.
  - Change the add-header{} example to set the DNT header
    and use a complete section to make copy and pasting
    more convenient.
    Add a comment to make it obvious that adding the
    header is not recommended for obvious reasons.
    Using the DNT header as example was suggested by
    Leo Wzukw.
  - Streamline the support-and-service template
    Instead of linking to the various support trackers
    (whose URLs hopefully change soon), link to the
    contact section of the user manual to increase the
    chances that users actually read it.
  - Add a FAQ entry for tainted sockets.
  - More sections in the documentation have stable URLs now.
  - FAQ: Explain why 'ping config.privoxy.org' is not expected
    to reach a local Privoxy installation.
  - Note that donations done through Zwiebelfreunde e.V. currently
    can't be checked automatically.
  - Updated section regarding starting Privoxy under OS X.
  - Use dedicated start instructions for FreeBSD and ElectroBSD.
  - Removed release instructions for AIX. They haven't been working
    for years and unsurprisingly nobody seems to care.
  - Removed obsolete reference to the solaris-dist target.
  - Updated the release instructions for FreeBSD.
  - Removed unfinished release instructions for Amiga OS and HP-UX 11.
  - Added a pointer to the Cygwin Time Machine for getting the last release of
    Cygwin version 1.5 to use for building Privoxy on Windows.
  - Various typos have been fixed.

- Infrastructure improvements:
  - The website is no longer hosted at SourceForge and
    can be reached through https now.
  - The mailing lists at SourceForge have been deprecated,
    you can subscribe to the new ones at: https://lists.privoxy.org/
  - Migrating the remaining services from SourceForge is
    work in progress (TODO list item #53).

- Build system improvements:
  - Add configure argument to optimistically redefine FD_SETSIZE
    with the intent to change the maximum number of client
    connections Privoxy can handle. Only works with some libcs.
    Sponsored by Robert Klemme.
  - Let the tarball-dist target skip files in ".git".
  - Let the tarball-dist target work in cwds other than current.
  - Make the 'clean' target faster when run from a git repository.
  - Include tools in the generic distribution.
  - Let the gen-dist target work in cwds other than current.
  - Sort find output that is used for distribution tarballs
    to get reproducible results.
  - Don't add '-src' to the name of the tar ball generated by the
    gen-dist target. The package isn't a source distribution but a
    binary package.
    While at it, use a variable for the name to reduce the chances
    that the various references get out of sync and fix the gen-upload
    target which was looking in the wrong directory.
  - Add regression-tests.action to the files that are distributed.
  - The gen-dist target which was broken since 2002 (r1.92) has been fixed.
  - Remove genclspec.sh which has been obsolete since 2009.
  - Remove obsolete reference to Redhat spec file.
  - Remove the obsolete announce target which has been commented out years ago.
  - Let rsync skip files if the checksums match.

- Privoxy-Regression-Test:
  - Add a "Default level offset" directive which can be used to
    change the default level by a given value.
    This directive affects all tests located after it until the end
    of the file or a another "Default level offset" directive is reached.
    The purpose of this directive is to make it more convenient to skip
    similar tests in a given file without having to remove or disable
    the tests completely.
  - Let test level 17 depend on FEATURE_64_BIT_TIME_T
    instead of FEATURE_PTHREAD which has no direct connection
    to the time_t size.
  - Fix indentation in perldoc examples.
  - Don't overlook directives in the first line of the action file.
  - Bump version to 0.7.
  - Fix detection of the Privoxy version now that https://
    is used for the website.

*** Version 3.0.24 stable ***

- Security fixes (denial of service):
  - Prevent invalid reads in case of corrupt chunk-encoded content.
    CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
  - Remove empty Host headers in client requests.
    Previously they would result in invalid reads. CVE-2016-1983.
    Bug discovered with afl-fuzz and AddressSanitizer.

- Bug fixes:
  - When using socks5t, send the request body optimistically as well.
    Previously the request body wasn't guaranteed to be sent at all
    and the error message incorrectly blamed the server.
    Fixes #1686 reported by Peter M�ller and G4JC.
  - Fixed buffer scaling in execute_external_filter() that could lead
    to crashes. Submitted by Yang Xia in #892.
  - Fixed crashes when executing external filters on platforms like
    Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
  - Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
    Previously the port wasn't removed from the host and in case of
    'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
    to resolve "example.org:80" instead of example.org.
    Reported by Pak Chan on ijbswa-users@.
  - Check requests more carefully before serving them forcefully
    when blocks aren't enforced. Privoxy always adds the force token
    at the beginning of the path, but would previously accept it anywhere
    in the request line. This could result in requests being served that
    should be blocked. For example in case of pages that were loaded with
    force and contained JavaScript to create additionally requests that
    embed the origin URL (thus inheriting the force prefix).
    The bug is not considered a security issue and the fix does not make
    it harder for remote sites to intentionally circumvent blocks if
    Privoxy isn't configured to enforce them.
    Fixes #1695 reported by Korda.
  - Normalize the request line in intercepted requests to make rewriting
    the destination more convenient. Previously rewrites for intercepted
    requests were expected to fail unless $hostport was being used, but
    they failed "the wrong way" and would result in an out-of-memory
    message (vanilla host patterns) or a crash (extended host patterns).
    Reported by "Guybrush Threepwood" in #1694.
  - Enable socket lingering for the correct socket.
    Previously it was repeatedly enabled for the listen socket
    instead of for the accepted socket. The bug was found by
    code inspection and did not cause any (reported) issues.
  - Detect and reject parameters for parameter-less actions.
    Previously they were silently ignored.
  - Fixed invalid reads in internal and outdated pcre code.
    Found with afl-fuzz and AddressSanitizer.
  - Prevent invalid read when loading invalid action files.
    Found with afl-fuzz and AddressSanitizer.
  - Windows build: Use the correct function to close the event handle.
    It's unclear if this bug had a negative impact on Privoxy's behaviour.
    Reported by Jarry Xu in #891.
  - In case of invalid forward-socks5(t) directives, use the
    correct directive name in the error messages. Previously they
    referred to forward-socks4t failures.
    Reported by Joel Verhagen in #889.

- General improvements:
  - Set NO_DELAY flag for the accepting socket. This significantly reduces
    the latency if the operating system is not configured to set the flag
    by default. Reported by Johan Sintorn in #894.
  - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
  - Introduce the new forwarding type 'forward-webserver'.
    Currently it is only supported by the forward-override{} action and
    there's no config directive with the same name. The forwarding type
    is similar to 'forward', but the request line only contains the path
    instead of the complete URL.
  - The CGI editor no longer treats 'standard.action' special.
    Nowadays the official "standards" are part of default.action
    and there's no obvious reason to disallow editing them through
    the cgi editor anyway (if the user decided that the lack of
    authentication isn't an issue in her environment).
  - Improved error messages when rejecting intercepted requests
    with unknown destination.
  - A couple of log messages now include the number of active threads.
  - Removed non-standard Proxy-Agent headers in HTTP snipplets
    to make testing more convenient.
  - Include the error code for pcre errors Privoxy does not recognize.
  - Config directives with numerical arguments are checked more carefully.
  - Privoxy's malloc() wrapper has been changed to prevent zero-size
    allocations which should only occur as the result of bugs.
  - Various cosmetic changes.

- Action file improvements:
  - Unblock ".deutschlandradiokultur.de/".
    Reported by u302320 in #924.
  - Add two fast-redirect exceptions for "yandex.ru".
  - Disable filter{banners-by-size} for ".plasmaservice.de/".
  - Unblock "klikki.fi/adv/".
  - Block requests for "resources.infolinks.com/".
    Reported by "Black Rider" on ijbswa-users@.
  - Block a bunch of criteo domains.
    Reported by Black Rider.
  - Block "abs.proxistore.com/abe/".
    Reported by Black Rider.
  - Disable filter{banners-by-size} for ".black-mosquito.org/".
  - Disable fast-redirects for "disqus.com/".

- Documentation improvements:
  - FAQ: Explicitly point fingers at ASUS as an example of a
    company that has been reported to force malware based on
    Privoxy upon its customers.
  - Correctly document the action type for a bunch of "multi-value"
    actions that were incorrectly documented to be "parameterized".
    Reported by Gregory Seidman on ijbswa-users@.
  - Fixed the documented type of the forward-override{} action
    which is obviously 'parameterized'.

- Website improvements:
  - Users who don't trust binaries served by SourceForge
    can get them from a mirror. Migrating away from SourceForge
    is planned for 2016 (TODO list item #53).
  - The website is now available as onion service
    (http://jvauzb4sb3bwlsnc.onion/).

(leot)

py-borgbackup-1.1.4

(bsiegert)

Update borgbackup to 1.1.4.

Fixes:

- check: data corruption fix: fix for borg check --repair malfunction, #3444.
  See the more detailled notes close to the top of this document.
- delete: also delete security dir when deleting a repo, #3427
- prune: fix building the "borg prune" man page, #3398
- init: use given --storage-quota for local repo, #3470
- init: properly quote repo path in output
- fix startup delay with dns-only own fqdn resolving, #3471

New features:

- added zstd compression. try it!
- added placeholder {reverse-fqdn} for fqdn in reverse notation
- added BORG_BASE_DIR environment variable, #3338

Other changes:

- list help topics when invalid topic is requested
- fix lz4 deprecation warning, requires lz4 >= 1.7.0 (r129)
- add parens for C preprocessor macro argument usages (did not cause malfunction)
- exclude broken pytest 3.3.0 release
- updated fish/bash completions
- init: more clear exception messages for borg create, #3465
- docs:

  - add auto-generated docs for borg config
  - don't generate HTML docs page for borgfs, #3404
  - docs update for lz4 b2 zstd changes
  - add zstd to compression help, readme, docs
  - update requirements and install docs about bundled lz4 and zstd
- refactored build of the compress and crypto.low_level extensions, #3415:

  - move some lib/build related code to setup_{zstd,lz4,b2}.py
  - bundle lz4 1.8.0 (requirement: >= 1.7.0 / r129)
  - bundle zstd 1.3.2 (requirement: >= 1.3.0)
  - blake2 was already bundled
  - rename BORG_LZ4_PREFIX env var to BORG_LIBLZ4_PREFIX for better consistency:
    we also have BORG_LIBB2_PREFIX and BORG_LIBZSTD_PREFIX now.
  - add prefer_system_lib* = True settings to setup.py - by default the build
    will prefer a shared library over the bundled code, if library and headers
    can be found and meet the minimum requirements.

Pre-1.1.4 potential data corruption issue
-----------------------------------------

A data corruption bug was discovered in borg check --repair, see issue #3444.

This is a 1.1.x regression, releases < 1.1 (e.g. 1.0.x) are not affected.

To avoid data loss, you must not run borg check --repair using an unfixed version
of borg 1.1.x. The first official release that has the fix is 1.1.4.

Package maintainers may have applied the fix to updated packages of 1.1.x (x<4)
though, see the package maintainer's package changelog to make sure.

If you never had missing item metadata chunks, the bug has not affected you
even if you did run borg check --repair with an unfixed version.

When borg check --repair tried to repair corrupt archives that miss item metadata
chunks, the resync to valid metadata in still present item metadata chunks
malfunctioned. This was due to a broken validator that considered all (even valid)
item metadata as invalid. As they were considered invalid, borg discarded them.
Practically, that means the affected files, directories or other fs objects were
discarded from the archive.

Due to the malfunction, the process was extremely slow, but if you let it
complete, borg would have created a "repaired" archive that has lost a lot of items.
If you interrupted borg check --repair because it was so strangely slow (killing
borg somehow, e.g. Ctrl-C) the transaction was rolled back and no corruption occurred.

The log message indicating the precondition for the bug triggering looks like:

    item metadata chunk missing [chunk: 001056_bdee87d...a3e50d]

If you never had that in your borg check --repair runs, you're not affected.

But if you're unsure or you actually have seen that, better check your archives.
By just using "borg list repo::archive" you can see if all expected filesystem
items are listed.

(bsiegert)

doc: Updated devel/ruby-diva to 0.3.1

(tsutsui)

ruby-diva: update to 0.3.1.

Upstream changes:
- support export/import of models with time field in ISO 8601 format strings

(tsutsui)

doc/TODO: Add a comment to the mpv-0.28 entry and assign it to myself

mpv-0.28 at the moment needs a not-yet-released ffmpeg3 (ffmpeg3>3.4)
so for the moment it's better to stick with mpv-0.27 to avoid to pick up mpv
fork of ffmpeg3.

(leot)

doc/TODO: Adjust webkit-gtk-2.18.4 entry

webkit-gtk in pkgsrc-wip was updated to 2.18.4, unify the two webkit-gtk
entries.

(leot)

Fix indentation in buildlink3.mk files.

The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.

There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.

(rillig)

doc: Updated print/zathura-pdf-mupdf to 0.3.2

(leot)

zathura-pdf-mupdf: Update print/zathura-pdf-mupdf to 0.3.2

pkgsrc changes:
- Remove patches/patch-image.c, patches/patch-index.c, patches/patch-page.c,
  patches/patch-plugin.h, patches/patch-render.c, patches/patch-select.c,
  patches/patch-utils.c . They were all applied upstream and no more needed.

Changes:
0.3.2
-----
* Compatible with mupdf 1.12
* Adapt to new plugin interface

(leot)

doc: Updated print/zathura-pdf-poppler to 0.2.8

(leot)

zathura-pdf-poppler: Update print/zathura-pdf-poppler to 0.2.8

Changes:
0.2.8
-----
* Adapt to new plugin interface

(leot)

doc: Updated print/zathura-ps to 0.2.5

(leot)

zathura-ps: Update print/zathura-ps to 0.2.5

Changes:
0.2.5
-----
* Adapt to new plugin interface

(leot)

doc: Updated graphics/zathura-djvu to 0.2.7

(leot)

zathura-djvu: Update graphics/zathura-djvu to 0.2.7

Changes:
0.2.7
-----
* Adapt to new plugin interface

(leot)

doc: Updated graphics/zathura-cb to 0.1.7

(leot)

zathura-cb: Update graphics/zathura-cb to 0.1.7

pkgsrc changes:
- Inject LIBARCHIVE_{INC,LIB} via MAKE_FLAGS.
  When builtin libarchive is used, `libarchive.pc' is not always available
  (e.g. on NetBSD).

Changes:
0.1.7
-----
* Adapt to new plugin interface

(leot)

doc: Updated print/zathura to 0.3.8

(leot)

zathura: Update print/zathura to 0.3.8

Changes:
0.3.8
-----
* Fix memory leaks
* Rework plugin initialization
* Various fixes and improvements
* Updated translations

(leot)

doc: Updated graphics/girara to 0.2.8

(leot)

girara: Update graphics/girara to 0.2.8

pkgsrc changes:
- Bump BUILDLINK_API_DEPENDS.girara due to API and ABI changes and delete
  BUILDLINK_ABI_DEPENDS.girara that is no more needed.

Changes:
0.2.8
-----
* Adopt CSS to newer GTK+ 3 releases
* Remove obsolete features
* Various fixes and improvments
* Update translations

(leot)

nano had been updated to 2.9.2

(wen)

Updated math/R-sp to 1.2.6

(wen)

Update to 1.2.6

No upstream changelog found.

(wen)

Updated editors/nano to 2.9.2

(wen)

Update to 2.9.2

Upstream changes:
2018 January 2

GNU nano 2.9.2 "Pussy Riot" correctly displays the Modified
state when undoing/redoing (also when the file was saved
somewhere midway), improves the undoing of an automatic
linefeed at EOF, fixes a build issue on the BSDs, shows
the cursor again when compiled with --withslang, renames
the option 'justifytrim' to 'trimblanks' because it will
now snip trailing whitespace also while you are typing
(and hard-wrapping is enabled), continues pushing words
to the next line much longer (when hard-wrapping), makes
and  indent and unindent a marked region,
allows unindenting when not all lines are indented, lets a
region marked with Shift persist when indenting/unindenting
or commenting/uncommenting it, and in those cases excludes
the last line of the region when it is not visibly marked
(which makes for a more intuitive behavior).

(wen)

Added missing LICENSE declaration.

(rillig)

Improved documentation for "make help".

(rillig)

Fixed typo in OS_VERSION checks.

This doesn't influence anything since NetBSD-4.90 has never been released.
Still it produced a pkglint warning.

(rillig)

Updated cad/gerbv to 2.6.2

(wen)

Update to 2.6.2

Upstream changes:
Release Notes for gerbv-2.6.2
========================================================================
This is a minor patch release on top of gerbv-2.6.1.  The change
is to property create the tarball with the build framework so that
the automake/autoconf/etc generated files are included.

========================================================================
Release Notes for gerbv-2.6.0
========================================================================
The following is a summary of the changes which went into gerbv-2.6.0.
For a complete list of changes, refer to ChangeLog.  This release
is primarily a bug fix release.

(wen)

Improved documentation for "make help".

The check for target(help) prevents a warning when "make help" is run from
a category directory.

(rillig)

Update url2pkg-2.29: Fix generation of Perl packages.

The WriteMakefile subroutine was not exported properly.

(rillig)

Updated textproc/p5-Text-Xslate to 3.5.5

(wen)

Update to 3.5.5

Upstream changes:
v3.5.5 2018-01-05T02:53:17Z
    - Ensure that test cleans up after itself (jkeenan #190)

(wen)

Updated devel/p5-Tree-Simple to 1.33

(wen)

Update to 1.33

Upstream changes:
1.33  2018-01-06T16:57:00
- Fix traverse() so it does not assume user functions and traverse() itself return a defined
value. This stops undef warnings when the return value is tested for error propagation.
Thanx to Jason Tibbitts for reporting this.
- Add t/00.versions.* to display the version #s of all pre-reqs.

(wen)

doc: Updated pkgtools/pkglint to 5.4.25

(rillig)

Updated pkglint to 5.4.25.

Changes since 5.4.24:

* More specific warning for "exitcode with pipe shell commands"
* Don't warn that the echo in "echo | sed" could fail
* Allow packages to define custom make targets
* Don't warn about a misplaced LICENSE when a package doesn't define it
* Skip .git directories
* Reduce number of hicolor-icon-theme error messages in PLIST files
* Remove MKCRYPTO, USE_CRYPTO, CRYPTO variable definitions

(rillig)

pullups 5671 5672

(spz)

Pullup ticket #5672 - requested by dholland
lang/micropython: build fix

Revisions pulled up:
- lang/micropython/distinfo                                    1.7
- lang/micropython/patches/patch-py_nlrx64.c                    1.1

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: dholland
  Date: Mon Jan  1 00:47:42 UTC 2018

  Modified Files:
  pkgsrc/lang/micropython: distinfo
  Added Files:
  pkgsrc/lang/micropython/patches: patch-py_nlrx64.c

  Log Message:
  Remove illegal cpp abuse that fails the clang build.

  To generate a diff of this commit:
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/micropython/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/lang/micropython/patches/patch-py_nlrx64.c

(spz)

Pullup ticket #5671 - requested by snj
net/rsync: security patch

Revisions pulled up:
- net/rsync/Makefile                                            1.106
- net/rsync/distinfo                                            1.46
- net/rsync/patches/patch-receiver.c                            1.1
- net/rsync/patches/patch-rsync.c                              1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  snj
  Date:          Sun Dec 31 20:55:43 UTC 2017

  Modified Files:
          pkgsrc/net/rsync: Makefile distinfo
  Added Files:
          pkgsrc/net/rsync/patches: patch-receiver.c patch-rsync.c

  Log Message:
  net/rsync: Fix CVE-2017-17433 and CVE-2017-17434.

  Bump PKGREVISION to 2.

  To generate a diff of this commit:
  cvs rdiff -u -r1.105 -r1.106 pkgsrc/net/rsync/Makefile
  cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/rsync/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/net/rsync/patches/patch-receiver.c \
      pkgsrc/net/rsync/patches/patch-rsync.c

(spz)

Bumps from fixes last weekend that I forgot to commit at the time.

(dholland)

doc: Updated devel/php-xdebug-devel to 2.6.0beta1

(jdolecek)

Update php-xdebug-devel to 2.6.0beta1

Changes:

Added features:

Fixed bug #1059: Add filter capabilities to tracing, stack traces, and code coverage.
Fixed bug #1437: Add X-Profile-File-Name header when a profile file has been generated.

Improvements:

Fixed bug #1493: Run test suite in AppVeyor for Windows CI.
Fixed bug #1498: Use new ZEND_EXTENSION API in config.w32 build scripts. (Kalle)

Fixed bugs:

Fixed bug #702: Check whether variables tracing also works with =&.
Fixed bug #1501: Xdebug var dump tries casting properties.
Fixed bug #1502: SEND_REF lines are not marked as covered.

(jdolecek)

Updated graphics/cairo, graphics/cairo-gobject

(adam)

cairo: updated to 1.14.12

Release 1.14.12:
Another bugfix release rolling up backported fixes for the past half year.

Features
--------
None

API Changes
-----------
None

Dependency Changes
------------------
None

Performance Optimizations
-------------------------
None

Bug Fixes
---------
* Fix assertion hit with PDFs using Type 4 fonts rendered with user
  fonts, due to error when destroying glyph page.
* Fix build error with util/font-view
* Fix handling of truetype fonts with excessively long font names
* Fix falling back to system font with PDFs using certain embedded
  fonts, due to truncated font names.
* Fix sigabrt printing documents with fonts lacking the mandatory .nodef
  glyph.
* Fix undefined-behavior with integer math.
* Fix various warnings and typos

(adam)

Updated sysutils/dtc

(adam)

dtc: updated to 1.4.6

1.4.6:
Bug fixes.

(adam)

Updated math/py-pandas, sysutils/salt-docs

(adam)

salt-docs: updated to 2017.7.2 (sync with sysutils/salt)

(adam)

py-pandas: updated to 0.22.0

v0.22.0:

This is a major release from 0.21.1 and includes a single, API-breaking change. We recommend that all users upgrade to this version after carefully reading the release note.

The only changes are:
* The sum of an empty or all-NA Series is now 0
* The product of an empty or all-NA Series is now 1
* We窶况e added a min_count parameter to .sum() and .prod() controlling the minimum number of valid values for the result to be valid. If fewer than min_count non-NA values are present, the result is NA. The default is 0. To return NaN, the 0.21 behavior, use min_count=1.

(adam)

Updated textproc/py-markdown, devel/py-test, textproc/py-pyaml

(adam)

py-pyaml: updated to 17.12.1

17.12.1:
Bug fixes.

(adam)

py-test: updated to 3.3.2

Pytest 3.3.2:

Bug Fixes
- pytester: ignore files used to obtain current user metadata in the fd leak
  detector.
- Fix **memory leak** where objects returned by fixtures were never destructed
  by the garbage collector.
- Fix conversion of pyargs to filename to not convert symlinks and not use
  deprecated features on Python 3.
- PYTEST_DONT_REWRITE is now checked for plugins too rather than only for
  test modules.

Improved Documentation
- Add clarifying note about behavior of multiple parametrized arguments

Trivial/Internal Changes
- Code cleanup.
- Clean up code by replacing imports and references of _ast to ast.

(adam)

py-markdown: updated to 2.6.11

Released version 2.6.11 (a bug-fix release).
Added a new BACKLINK-TITLE option to the footnote extension so that non-English users can provide a custom title to back links.

(adam)

doc: Updated lang/nodejs8 to 8.9.4

(fhajny)

Update lang/nodejs8 to 8.9.4.

- deps: upgrade npm to 5.6.0
- build: configure can now be run from any directory

(fhajny)

Updated time/p5-Time-HiRes to 1.9752

(wen)

Update to 1.9752

Upstream changes:
1.9752 [2018-01-04]
- fix an error in the error message of utimensat() not available:
  it said futimens() not available
- add --force alias for Makefile.PL --configure

(wen)

Updated print/py-weasyprint, time/py-arrow; Added devel/py-chai

(adam)

py-arrow: updated to 0.12.0

0.12.0
- [FIX] Compatibility fix for Python 2.x

0.11.0
- [FIX] Fix grammar of ArabicLocale
- [NEW] Add Nepali Locale
- [FIX] Fix month name + rename AustriaLocale -> AustrianLocale
- [FIX] Fix typo in Basque Locale
- [FIX] Fix grammar in PortugueseBrazilian locale
- [FIX] Remove pip --user-mirrors flag
- [NEW] Add Indonesian Locale

(adam)

py-chai: added version 1.1.2

Chai provides a very easy to use api for mocking, stubbing and spying your
python objects, patterned after the Mocha library for Ruby.

(adam)

py-weasyprint: updated to 0.42

Version 0.42
New features:
* Support relative file URIs when using CLI.

Bug fixes:
* Fix slow performance for pre-formatted boxes with a lot of children.
* Don't crash when rendering some tables.
* Fix rendering of floats in inlines.
* Split lines carefully.
* Fix root when frozen with Pyinstaller.
* Handle SVGs containing images embedded as data URIs.
* Fix border-radius rendering problem with some PDF readers.
* Fix pipenv support.
* Smartly handle replaced boxes with percentage width in auto-width parents.
* Don't ignore CSS @page rules that are imported by an @import rule.

(adam)

Updated www/py-yarl, www/py-flask-testing

(adam)

py-flask-testing: updated to 0.7.1

0.7.1:
Reverts the request context changes from 0.7.0. This change broke backwards compatibility so it will be moved to a major version release instead.

0.7.0:
Changes the way request contexts are managed. Let窶冱 Flask be responsible for the context, which fixes some subtle bugs.

(adam)

py-yarl: updated to 0.17.0

0.17.0:
Bug fixes.

(adam)

Improved license detection for the guess-license target.

Before, the first file that looked like a license file was considered.
The others were completely ignored. This led to a wrong license for
cross/arm-none-eabi-gcc. To prevent these cases in the future, the license
is only guessed if there is exactly one file with a typical license name.

This approach is still naive, but at least a little more precise. Replacing
the guess-license with a determine-licenses is much more complicated
though, since each source code file may have its own license declared, and
handling all these special cases leads to very complex license expressions
(like "gnu-gpl-v3 for all files, except for special.c, which is apache-2.0
or mit). This is very hard to do correctly.

(rillig)

doc: note update of lang/php* pacakges

lang/php56 5.6.33
lang/php70 7.0.27
lang/php71 7.1.13
lang/php72 7.2.1

(taca)

lang/php: reset PKGREVISION

Reset PKGREVISION with updating of all lang/php* packages.

(taca)

lang/php72: update to 7.2.1

04 Jan 2018, PHP 7.2.1

- Core:
  . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
  . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    (Anatol)
  . Fixed bug #75525 (Access Violation in vcruntime140.dll). (Anatol)
  . Fixed bug #74862 (Unable to clone instance when private __clone defined).
    (Daniel Ciochiu)
  . Fixed bug #75074 (php-process crash when is_file() is used with strings
    longer 260 chars). (Anatol)

- CLI server:
  . Fixed bug #73830 (Directory does not exist). (Anatol)

- FPM:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
    requests). (Remi)

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
    (Christoph)

- Opcache:
  . Fixed bug #75608 ("Narrowing occurred during type inference" error).
    (Laruence, Dmitry)
  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    (Dmitry)
  . Fixed bug #75570 ("Narrowing occurred during type inference" error).
    (Dmitry)
  . Fixed bug #75556 (Invalid opcode 138/1/1). (Laruence)

- PCRE:
  . Fixed bug #74183 (preg_last_error not returning error code after error).
    (Andrew Nester)

- Phar:
  . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

- Standard:
  . Fixed bug #75511 (fread not free unused buffer). (Laruence)
  . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
    (Remi)
  . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
    segment fault). (Nikita)
  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
    that getrandom() is missing). (sarciszewski)
  . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    (John Stevenson)
  . Fixed bug #75574 (putenv does not work properly if parameter contains
    non-ASCII unicode character). (Anatol)

- Zip:
  . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

(taca)

lang/php71: update to 7.1.13

04 Jan 2018, PHP 7.1.13

- Core:
  . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
  . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    (Anatol)
  . Fixed bug #74862 (Unable to clone instance when private __clone defined).
    (Daniel Ciochiu)
  . Fixed bug #75074 (php-process crash when is_file() is used with strings
    longer 260 chars). (Anatol)

- CLI Server:
  . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
    script). (SammyK)
  . Fixed bug #73830 (Directory does not exist). (Anatol)

- FPM:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
    requests). (Remi)

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
    (Christoph)

- Opcache:
  . Fixed bug #75608 ("Narrowing occurred during type inference" error).
    (Laruence, Dmitry)
  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    (Dmitry)
  . Fixed bug #75570 ("Narrowing occurred during type inference" error).
    (Dmitry)

- PCRE:
  . Fixed bug #74183 (preg_last_error not returning error code after error).
    (Andrew Nester)

- Phar:
  . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

- Standard:
  . Fixed bug #75511 (fread not free unused buffer). (Laruence)
  . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
    (Remi)
  . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
    segment fault). (Nikita)
  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
    that getrandom() is missing). (sarciszewski)
  . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    (John Stevenson)
  . Fixed bug #75574 (putenv does not work properly if parameter contains
    non-ASCII unicode character). (Anatol)

- Zip:
  . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

(taca)