lohit-fonts: replace fedorahosted with pagure

(maya)

liberation-ttf: add non-fedorahosted MASTER_SITES

(maya)

Pullup ticket #5593 - requested by sevan
lang/nodejs4: security update

Revisions pulled up:
- lang/nodejs4/Makefile                                        1.35
- lang/nodejs4/distinfo                                        1.30

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  fhajny
  Date:          Wed Oct 25 13:56:01 UTC 2017

  Modified Files:
          pkgsrc/lang/nodejs4: Makefile distinfo

  Log Message:
  Update lang/nodejs4 to 4.8.5.

  zlib:
  - CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
    error to be raised when a raw deflate stream is initialized with
    windowBits set to 8. On some versions this crashes Node and you cannot
    recover from it, while on some versions it throws an exception.
    Node.js will now gracefully set windowBits to 9 replicating the legacy
    behavior to avoid a DOS vector.

  To generate a diff of this commit:
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/nodejs4/Makefile
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/nodejs4/distinfo

(spz)

Pullup ticket #5613 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php56/Makefile                                          1.15
- lang/php56/distinfo                                          1.43
- lang/php/phpversion.mk                                        patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Oct 27 08:45:06 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php56: Makefile distinfo

  Log Message:
  lang/php56: Update to 5.6.32

  * pkgsrc change: remove post-extract which is not required any more.
  * including securiy fixes.

  26 Sep 2017, PHP 5.6.32

  - Date:
    . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

  - mcrypt:
    . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

  - PCRE:
    . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)

  To generate a diff of this commit:
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php56/Makefile
  cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/php56/distinfo

(spz)

Pullup ticket #5612 - requested by taca
lang/php71: security update

Revisions pulled up:
- lang/php71/Makefile                                          1.13
- lang/php71/Makefile.common                                    1.2
- lang/php71/distinfo                                          1.28-1.29
- lang/php/phpversion.mk                                        patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Oct  1 15:50:06 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php71: distinfo

  Log Message:
  lang/php71: update to 7.1.10

  28 Sep 2017, PHP 7.1.10

  - Core:
    . Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)

  - BCMath:
    . Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
    . Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
    . Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
    . Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)

  - CLI server:
    . Fixed bug #70470 (Built-in server truncates headers spanning over TCP
      packets). (bouk)

  - CURL:
    . Fixed bug #75093 (OpenSSL support not detected). (Remi)

  - GD:
    . Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
    . Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)

  - Gettext:
    . Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)

  - Intl:
    . Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
      class). (tpunt)
    . Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)

  - PDO_OCI:
    . Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
      before PHP-FPM sets it up). (Ingmar Runge)

  - SPL:
    . Fixed bug #75155 (AppendIterator::append() is broken when appending another
      AppendIterator). (Nikita)
    . Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
      (jhdxr)

  - Standard:
    . Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
    . Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)

  To generate a diff of this commit:
  cvs rdiff -u -r1.27 -r1.28 pkgsrc/lang/php71/distinfo

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: jdolecek
  Date: Mon Oct  9 21:43:30 UTC 2017

  Modified Files:
  pkgsrc/lang/php71: Makefile.common

  Log Message:
  seems we actually don't need the EXTRACT_USING=gtar, apparently
  it's been carried over from php 5.x times

  To generate a diff of this commit:
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php71/Makefile.common

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Oct 27 08:47:49 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php71: Makefile distinfo

  Log Message:
  lang/php71: Update to 7.1.11

  * pkgsrc change: remove post-extract which is not required any more.
  * including securiy fixes.

  26 Oct 2017, PHP 7.1.11

  - Core:
    . Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
      (Laruence)
    . Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
    . Fixed bug #75252 (Incorrect token formatting on two parse errors in one
      request). (Nikita)
    . Fixed bug #75220 (Segfault when calling is_callable on parent).
      (andrewnester)
    . Fixed bug #75290 (debug info of Closures of internal functions contain
      garbage argument names). (Andrea)

  - Date:
    . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

  - Apache2Handler:
    . Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in
      apache2handler). (mcarbonneaux)

  - Hash:
    . Fixed bug #75303 (sha3 hangs on bigendian). (Remi)

  - Intl:
    . Fixed bug #75318 (The parameter of UConverter::getAliases() is not
      optional). (cmb)

  - litespeed:
    . Fixed bug #75248 (Binary directory doesn't get created when building
      only litespeed SAPI). (petk)
    . Fixed bug #75251 (Missing program prefix and suffix). (petk)

  - mcrypt:
    . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

  - MySQLi:
    . Fixed bug #75018 (Data corruption when reading fields of bit type). (Anatol)

  - OCI8:
    . Fixed incorrect reference counting. (Dmitry, Tianfang Yang)

  - Opcache
    . Fixed bug #75255 (Request hangs and not finish). (Dmitry)

  - PCRE:
    . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)

  - PDO_mysql:
    . Fixed bug #75177 (Type 'bit' is fetched as unexpected string). (Anatol)

  - SPL:
    . Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
      (J. Jeising, cmb)

  To generate a diff of this commit:
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/php71/Makefile
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/lang/php71/distinfo

(spz)

Pullup ticket #5611 - requested by taca
lang/php70: security update

Revisions pulled up:
- lang/php70/Makefile                                          1.10
- lang/php70/distinfo                                          1.38-1.39
- lang/php/phpversion.mk                                        patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Oct  1 15:48:17 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php70: distinfo

  Log Message:
  lang/php70: update to 7.0.24.

  28 Sep 2017 PHP 7.0.24

  - Core:
    . Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)

  - BCMath:
    . Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
    . Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
    . Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
    . Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)

  - CLI server:
    . Fixed bug #70470 (Built-in server truncates headers spanning over TCP
      packets). (bouk)

  - CURL:
    . Fixed bug #75093 (OpenSSL support not detected). (Remi)

  - GD:
    . Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
    . Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)

  - Gettext:
    . Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)

  - Intl:
    . Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
      class). (tpunt)
    .�Fixed�bug�#75193�(segfault�in�collator_convert_object_to_string).�(Remi)

  - PDO_OCI:
    . Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
      before PHP-FPM sets it up). (Ingmar Runge)

  - SPL:
    . Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
      (jhdxr)

  - Standard:
    . Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)

  To generate a diff of this commit:
  cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php70/distinfo

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Oct 27 08:46:49 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php70: Makefile distinfo

  Log Message:
  lang/php70: Update to 7.0.25

  * pkgsrc change: remove post-extract which is not required any more.
  * including securiy fixes.

  26 Oct 2017 PHP 7.0.25

  - Core:
    . Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
      (Laruence)
    . Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
    . Fixed bug #75252 (Incorrect token formatting on two parse errors in one
      request). (Nikita)
    . Fixed bug #75220 (Segfault when calling is_callable on parent).
      (andrewnester)
    . Fixed bug #75290 (debug info of Closures of internal functions contain
      garbage argument names). (Andrea)

  - Apache2Handler:
    . Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in
      apache2handler). (mcarbonneaux)

  - Date:
    . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

  - Intl:
    . Fixed bug #75318 (The parameter of UConverter::getAliases() is not
      optional). (cmb)

  - mcrypt:
    . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

  - OCI8:
    . Fixed incorrect reference counting. (Dmitry, Tianfang Yang)

  - PCRE:
    . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)

  - litespeed:
    . Fixed bug #75248 (Binary directory doesn't get created when building
      only litespeed SAPI). (petk)
    . Fixed bug #75251 (Missing program prefix and suffix). (petk)

  - SPL:
    . Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
      (J. Jeising, cmb)

  To generate a diff of this commit:
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/php70/Makefile
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php70/distinfo

(spz)

Pullup ticket #5610 - requested by taca
devel/ruby-redmine: build fix
meta-pkgs/ruby-redmine-plugins: build fix
meta-pkgs/ruby-redmine-themes: build fix

Revisions pulled up:
- devel/ruby-redmine/Makefile                                  1.24
- meta-pkgs/ruby-redmine-plugins/Makefile                      1.5
- meta-pkgs/ruby-redmine-plugins/Makefile.common                1.3
- meta-pkgs/ruby-redmine-themes/Makefile                        1.6
- meta-pkgs/ruby-redmine-themes/Makefile.common                1.4

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Sep 29 13:13:26 UTC 2017

  Modified Files:
  pkgsrc/devel/ruby-redmine: Makefile

  Log Message:
  devel/ruby-redmine: Fix usage ofRUBY_VERSIONS_ACCEPTED

  Define RUBY_VERSIONS_ACCEPTED before including rubyversion.mk.
  Should be fix pbulk problem.

  To generate a diff of this commit:
  cvs rdiff -u -r1.23 -r1.24 pkgsrc/devel/ruby-redmine/Makefile

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Sep 30 15:48:42 UTC 2017

  Modified Files:
  pkgsrc/meta-pkgs/ruby-redmine-plugins: Makefile Makefile.common
  pkgsrc/meta-pkgs/ruby-redmine-themes: Makefile Makefile.common

  Log Message:
  meta-pkgs/ruby-redmine-*: Restrict ruby's version

  Restrict ruby-redmine depending pacakges to ruby22 only.

  To generate a diff of this commit:
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/meta-pkgs/ruby-redmine-plugins/Makefile
  cvs rdiff -u -r1.2 -r1.3 \
      pkgsrc/meta-pkgs/ruby-redmine-plugins/Makefile.common
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/meta-pkgs/ruby-redmine-themes/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/meta-pkgs/ruby-redmine-themes/Makefile.common

(spz)

Improved index generation for "make help".

The index is sorted alphabetically and mentioned in a plain "make help"
call.

(rillig)

Pullup ticket #5604 - requested by sevan
net/nmap: build fix for nmap with Lua option

Revisions pulled up:
- net/nmap/Makefile                                            1.137
- net/nmap/options.mk                                          1.19

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  leot
  Date:          Thu Oct 19 21:43:25 UTC 2017

  Modified Files:
          pkgsrc/net/nmap: Makefile options.mk

  Log Message:
  nmap: set LUA_VERSIONS_ACCEPTED to avoid using internal Lua provided by nmap

  Without that change the nmap configure script checks for `lua_isyield'
  symbol (appeared on Lua 5.3), and for LUA_VERSION_DEFAULT != 53
  (pkgsrc by default set LUA_VERSION_DEFAULT to 52) it will just
  silently use its internal version.

  Set LUA_VERSIONS_ACCEPTED to 53 to avoid that.

  Fix PR pkg/52624 reported by Patrick Mackey.

  Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.136 -r1.137 pkgsrc/net/nmap/Makefile
  cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/nmap/options.mk

(spz)

doc: Updated databases/ruby-tiny_tds to 2.1.0

(taca)

databases/ruby-tiny_tds: update to 2.1.0

## 2.1.0

* Support RubyInstaller2 for Windows. Fixes #365.
* Support the FREETDS_DIR environment variable. Fixes #371.
* Rename binstubs to tsql-ttds and defncopy-ttds
* Support separate timeout values per connection Fixes #348.
* Allow client proc to capture INFO messages. Fixes #352.
* Use official HTTP mirrors instead of FTP. Fixes #384.

(taca)

Pullup ticket #5599 - requested by sevan
bootstrap/bootstrap: build fix

Revisions pulled up:
- bootstrap/bootstrap                                          1.244

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sun Oct 22 19:29:20 UTC 2017

  Modified Files:
          pkgsrc/bootstrap: bootstrap

  Log Message:
  Set cwrappers in bootstrap mk.conf too.

  When bootstrap is run with --cwrappers=no (or yes, for that matter),
  the value is written into mk.conf at the end of the bootstrap but not
  used _during_ the bootstrap itself. Thus, when bootstrapping on Linux
  with no builtin diffutils, cwrappers ends up indirectly depending on
  itself, and there is no way around that. This commit fixes this.

  To generate a diff of this commit:
  cvs rdiff -u -r1.243 -r1.244 pkgsrc/bootstrap/bootstrap

(spz)

doc: Updated databases/ruby-sequel to 5.2.0

(taca)

databases/ruby-sequel: update to 5.2.0

=== 5.2.0 (2017-10-27)

* Fix type conversion for smallint unsigned and integer unsigned types on
  jdbc/mysql (jeremyevans) (#1443)

* Add pg_extended_date_support extension, for handling infinite and BC
  dates/timestamps (jeremyevans)

* Do not ignore existing @dataset instance variable when subclassing
  Sequel::Model (bjmllr) (#1435)

=== 5.1.0 (2017-10-01)

* Make jdbc/h2 and jdbc/hsqldb adapters respect :foreign_key_constraint_name
  option when adding new foreign key column (jeremyevans)

* Do not issue unnecessary query for macaddr type oid when loading the pg_inet
  extension (jeltz) (#1423)

* Make alter_table add_foreign_key with a column symbol reversible when using
  the :foreign_key_constraint_name option (jeremyevans) (#1422)

* Do not raise an error if calling Model.freeze on a frozen model
  (jeremyevans) (#1421)

* Make Database#copy_into in the jdbc/postgresql adapter handle multi-byte
  strings (ckoenig) (#1416)

* Remove deprecated Model use_after_commit_rollback class and instance methods
  (jeremyevans)

* Remove deprecated Model.allowed_columns method in the base model support
  (jeremyevans)

* Remove deprecated Model.plugin_module_defined? private method (jeremyevans)

* Remove deprecated support for Model#_before_validation private method
  (jeremyevans)

(taca)

doc: Updated databases/ruby-hiera to 3.4.2

(taca)

databases/ruby-hiera: update to 3.4.2

* Reference actual config version in error message.

(taca)

doc: Updated time/ruby-tzinfo-data to 1.2017.3

(taca)

time/ruby-tzinfo-data: update to 1.2017.3

* Based on version 2017c of the IANA Time Zone Database
  (https://mm.icann.org/pipermail/tz-announce/2017-October/000047.html).

(taca)

doc: Updated time/ruby-tzinfo to 1.2.4

(taca)

time/ruby-tzinfo: Update to 1.2.4

* Ignore the leapseconds file that is included in zoneinfo directories
  installed with version 2017c and later of the Time Zone Database.

(taca)

Pullup ticket #5601 - requested by sevan
audio/lame: security update

Revisions pulled up:
- audio/lame/Makefile                                          1.80
- audio/lame/distinfo                                          1.29
- audio/lame/patches/patch-ab                                  1.11
- audio/lame/patches/patch-configure                            deleted
- audio/lame/patches/patch-configure.in                        deleted
- audio/lame/patches/patch-frontend_get__audio.c                deleted
- audio/lame/patches/patch-libmp3lame_lame.c                    deleted
- audio/lame/patches/patch-libmp3lame_util.c                    deleted

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Sat Oct 21 22:51:00 UTC 2017

  Modified Files:
          pkgsrc/audio/lame: Makefile distinfo
          pkgsrc/audio/lame/patches: patch-ab
  Removed Files:
          pkgsrc/audio/lame/patches: patch-configure patch-configure.in
              patch-frontend_get__audio.c patch-libmp3lame_lame.c
              patch-libmp3lame_util.c

  Log Message:
  lame: update to 3.100.

  Many bug fixes and security fixes.

  To generate a diff of this commit:
  cvs rdiff -u -r1.79 -r1.80 pkgsrc/audio/lame/Makefile
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/audio/lame/distinfo
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/audio/lame/patches/patch-ab
  cvs rdiff -u -r1.3 -r0 pkgsrc/audio/lame/patches/patch-configure
  cvs rdiff -u -r1.1 -r0 pkgsrc/audio/lame/patches/patch-configure.in \
      pkgsrc/audio/lame/patches/patch-frontend_get__audio.c \
      pkgsrc/audio/lame/patches/patch-libmp3lame_lame.c \
      pkgsrc/audio/lame/patches/patch-libmp3lame_util.c

(spz)

doc: Updated www/apache-tomcat8 to 8.0.47

(fhajny)

Update www/apache-tomcat8 to 8.0.47.

Notable changes:

- A fix for CVE-2017-12617.
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

  https://tomcat.apache.org/tomcat-8.0-doc/changelog.html

(fhajny)

doc: Updated www/apache-tomcat7 to 7.0.82

(fhajny)

Update www/apache-tomcat7 to 7.0.82.

Notable changes:

- A fix for CVE-2017-12617.
- Update the packaged version of the Tomcat Native Library to 1.2.14

Full changelog:

  https://tomcat.apache.org/tomcat-7.0-doc/changelog.html

(fhajny)

textproc/*libxml2: Move patches and distinfo files under the main package
since the distfile is just one anyway.

(fhajny)

Updated devel/py-astor, devel/py-Pyro, devel/py-flake8-import-order

(adam)

py-flake8-import-order: updated to 0.14.2

0.14.2:
Bug fix, ensure the plugin is invoked by flake8.

(adam)

py-Pyro: updated to 4.63

Pyro 4.63
- fixed bug in autoproxy logic where it registered the wrong type if daemon.register() was called with
  a class instead of an object (internal register_type_replacement method)
- added check in @expose method to validate the order of decorators on a method (@expose should come last,
  after @classmethod or @staticmethod).
- added resource tracking feature (see 'Automatically freeing resources when client connection gets closed' in the Tips & Tricks chapter)
- the warning about a class not exposing anything now actually tells you the correct class

(adam)

py-astor: updated to 0.6

0.6:

New features
* New astor.rtrip command-line tool to test round-tripping of Python source to AST and back to source. (Contributed by Patrick Maupin.)
* New pretty printer outputs much better looking code:
  . Remove parentheses where not necessary
  . Use triple-quoted strings where it makes sense
  . Add placeholder for function to do nice line wrapping on output
* Additional Python 3.5 support: - Additional unpacking generalizations (PEP 448)
  .  Async and await (PEP 492)
* Added Python 3.6 feature support:
  . f-strings (PEP 498)
  . async comprehensions (PEP 530)
  . variable annotations (PEP 526)
* Code cleanup, including renaming for PEP8 and deprecation of old names. See :ref:`deprecations` for more information.

Bug fixes
* Don't put trailing comma-spaces in dictionaries. astor will now create {'three': 3} instead of {'three': 3, }.
* Fixed several bugs in code generation.

(adam)

nginx: Fix patch-auto_lib_pcre_conf checksum.

(jperkin)

py-maya: Fix build with python27.

(jperkin)

py-libxml2: Update checksum.

(jperkin)

Updated security/py-ntlm-auth, security/py-requests-ntlm

(adam)

py-requests-ntlm: updated to 1.1.0

1.1.0:
Correct behaviour when parsing a UPN passed in as the username
Enhanced the CBT hashes when using a certificate that has a hash algorithm that is greater than sha256

(adam)

py-ntlm-auth: updated to 1.0.6

Changes 1.0.6:
* More changes to packaging to better handle copyright and licensing

(adam)

fix runtime abort when building with recent clang

(dbj)

Updated www/p5-HTML-Mason to 1.58

(wen)

Update to 1.58

Upstream changes:
1.58    2017-10-29

    - Redid the release because of some dzil issues. 1.57 might be a little
      wonky.

1.57    2017-10-29

    [ BUG FIXES ]

    - Fix test failures under 5.26.0+ due to "." no longer being in @INC. PR
      By Kent Fredric. GH #6. Fixed RT #121443.

(wen)

Updated textproc/p5-XML-LibXML to 2.0132

(wen)

Update to 2.0132

Upstream changes:
2.0132  2017-10-28
    - Revert setNamespace() enhancements that broke some dependent tests:
        - commit df9fdc6659cb2e4e9bc896e58c02dfd79b430fbb
        - add t/48_rt123379_setNamespace.t .
        - Thanks to Alexander Bluhm and Slaven Rezic for the reports and
        the test.

2.0131  2017-10-24
    - Re-include the missing *.pod documents.
        - https://rt.cpan.org/Ticket/Display.html?id=123362
        - Thanks to Stephen for the report.
        - Add t/pod-files-presence.t to test for it in the future.
    - Merge https://github.com/shlomif/perl-XML-LibXML/pull/8
        - Fix bug in Node::replaceChild()
        - Thanks to @Mipu94 .

(wen)

Updated time/py-pytz, databases/sqlite3, devel/py-dulwich

(adam)

py-dulwich: updated to 0.18.5

0.18.5:
BUG FIXES
* Fix cwd for hooks.
* Fix setting of origin in config when non-standard origin is passed into
  ``Repo.clone``.
* Prevent setting SSH arguments from SSH URLs when using SSH through a
  subprocess. Note that Dulwich doesn't support cloning submodules.
  (CVE 2017-1000117)

IMPROVEMENTS
* Silently ignored directories in ``Repo.stage``.

API CHANGES
* GitFile now raises ``FileLocked`` when encountering a lock
  rather than OSError(EEXIST).

(adam)

sqlite3: updated to 3.21.0

Release 3.21.0:

Take advantage of the atomic-write capabilities in the F2FS filesystem when available, for greatly reduced transaction overhead. This currently requires the SQLITE_ENABLE_BATCH_ATOMIC_WRITE compile-time option.
Allow ATTACH and DETACH commands to work inside of a transaction.
Allow WITHOUT ROWID virtual tables to be writable if the PRIMARY KEY contains exactly one column.
The "fsync()" that occurs after the header is written in a WAL reset now uses the sync settings for checkpoints. This means it will use a "fullfsync" on macs if PRAGMA checkpoint_fullfsync set on.
The sqlite3_sourceid() function tries to detect if the source code has been modified from what is checked into version control and if there are modifications, the last four characters of the version hash are shown as "alt1" or "alt2". The objective is to detect accidental and/or careless edits. A forger can subvert this feature.
Improved de-quoting of column names for CREATE TABLE AS statements with an aggregate query on the right-hand side.
Fewer "stat()" system calls issued by the unix VFS.
Enhanced the LIKE optimization so that it works with an ESCAPE clause.
Enhanced PRAGMA integrity_check and PRAGMA quick_check to detect obscure row corruption that they were formerly missing. Also update both pragmas so that they return error text rather than SQLITE_CORRUPT when encountering corruption in records.
The query planner now prefers to implement FROM-clause subqueries using co-routines rather using the query flattener optimization. Support for the use of co-routines for subqueries may no longer be disabled.
Pass information about !=, IS, IS NOT, NOT NULL, and IS NULL constraints into the xBestIndex method of virtual tables.
Enhanced the CSV virtual table so that it accepts the last row of input if the final new-line character is missing.
Remove the rarely-used "scratch" memory allocator. Replace it with the SQLITE_CONFIG_SMALL_MALLOC configuration setting that gives SQLite a hint that large memory allocations should be avoided when possible.
Added the swarm virtual table to the existing union virtual table extension.
Added the sqlite_dbpage virtual table for providing direct access to pages of the database file. The source code is built into the amalgamation and is activated using the -DSQLITE_ENABLE_DBPAGE_VTAB compile-time option.
Add a new type of fts5vocab virtual table - "instance" - that provides direct access to an FTS5 full-text index at the lowest possible level.
Remove a call to rand_s() in the Windows VFS since it was causing problems in Firefox on some older laptops.
The src/shell.c source code to the command-line shell is no longer under version control. That file is now generated as part of the build process.
Miscellaneous microoptimizations reduce CPU usage by about 2.1%.
Bug fixes

(adam)

py-pytz: updated to 2017.3

2017.3:
This release contains rare code changes, allowing use of an environment variable to override the database location, and ability to load pickles stored with Python2 to be loaded under Python3.

(adam)

Added security/py-asyncssh; Updated fonts/py-fonttools

(adam)

py-fonttools: updated to 3.18.0

3.18.0 (released 2017-10-30)
[feaLib] Fixed writing back nested glyph classes.
[TupleVariation] Reactivated shared points logic, bugfixes.
[AAT] Implemented morx ligature subtables.
[reverseContourPen] Keep duplicate lineTo following a moveTo.
[varLib.mutator] Suport instantiation of GPOS, GDEF and MVAR.
[sstruct] Fixed issue with unicode_literals and struct module in old versions of python 2.7

(adam)

py-asyncssh: added version 1.11.0

AsyncSSH is a Python package which provides an asynchronous client and server
implementation of the SSHv2 protocol on top of the Python 3.4+ asyncio
framework.

(adam)

py-gssapi: enable all Python versions; fixed PLIST for different KRB5_TYPE

(adam)

doc/TODO: - objfw-0.90.2, done

(wiz)

doc/TODO: add some

+ calibre-3.10.0, gdbus-codegen-2.54.2, glib-networking-2.54.1,
  glib2-2.54.2, harfbuzz-1.6.3, libsoup-2.60.2, objfw-0.90.2
  [pkg/52645], pango-1.40.13, physfs-3.0.1, py-gobject3-3.26.1,
  py-gobject3-common-3.26.1, py-test-httpbin-0.3.0, vim-8.0.1236,
  vim-share-8.0.1236, waf-2.0.2, webkit-gtk-2.18.2, x264-devel-20171028.

(wiz)

doc: Updated net/gst-rtsp-server to 1.12.3

(prlw1)

Update gst-rtsp-server to 1.12.3

## GStreamer RTSP server

- The RTSP server now also supports Digest authentication in addition to Basic
  authentication.
- The `GstRTSPClient` class has gained a `pre-*-request` signal and virtual
  method for each client request type, emitted in the beginning of each rtsp
  request. These signals or virtual methods let the application validate the
  requests, configure the media/stream in a certain way and also generate error
  status codes in case of an error or a bad request.

(prlw1)

doc: Updated graphics/ImageMagick6 to 6.9.9.20

(fhajny)

Update graphics/ImageMagick6 to 6.9.9.20.

6.9.9.20
- Return expected results for a percent 0 -chop option argument
- Tweaks to OpenMP support within ImageMagick.

6.9.9.19
- Correct handling of GIF transparency

6.9.9.18
- Resetting the magick_list_initialized boolean when needed

6.9.9.17
- Fix broken build

6.9.9.16
- Fixed numerous memory leaks
- Support URW-base35 fonts.

6.9.9.15
- Fixed numerous memory leaks

6.9.9.14
- Fixed numerous memory leaks
- Stop poential leaks in the JNG decoder
- Maximum valid hour is 23, not 24, in the PNG tIME chunk, and maximum
  valid minute is 59, not 60.

6.9.9.13
- Use signed integer arithmetic to calculate timezone corrections

(fhajny)

doc: Updated graphics/ImageMagick to 7.0.7.8

(fhajny)

Update graphics/ImageMagick to 7.0.7.8

- Return expected results for a percent 0 -chop option argument
- Tweaks to OpenMP support within ImageMagick.

(fhajny)

graphics/ImageMagick*: Replace (optional) dependency on jasper, removed
by upstream in as early as 6.8, and replace with openjpeg - for the
purposes of JPEG 2000 (JP2) support. Bump PKGREVISION.

(fhajny)

doc: Updated textproc/libxml2 to 2.9.6

(fhajny)

Update textproc/libxml2 to 2.9.6.

Update Portability:
- Change preprocessor OS tests to __linux__

Bug Fixes:
- Fix XPath stack frame logic
- Report undefined XPath variable error message
- Fix regression with librsvg
- Handle more invalid entity values in recovery mode
- Fix structured validation errors
- Fix memory leak in LZMA decompressor
- Set memory limit for LZMA decompression
- Handle illegal entity values in recovery mode
- Fix debug dump of streaming XPath expressions
- Fix memory leak in nanoftp
- Fix memory leaks in SAX1 parser

(fhajny)

doc: Updated pkgtools/pkg_install to 20171030

(jperkin)

pkg_install: Bump version to 20171030 for netpgpverify fixes.

(jperkin)

R: Add missing zoneinfo file from previous update.

(jperkin)

fish: Unbreak build on non-NetBSD.

(jperkin)

databases/elasticsearch: PKG_JAVA_HOME needs quoting on at least Darwin

(fhajny)

fish: Requires libtool.

(jperkin)

Updated graphics/libimagequant, textproc/py-openpyxl

(adam)

py-openpyxl: updated to 2.4.9

2.4.9 (2017-10-19)
Bugfixes
* 809 Incomplete documentation of copy_worksheet method
* 811 Scoped definedNames not removed when worksheet is deleted
* 824 Raise an exception if a chart is used in multiple sheets
* 842 Non-ASCII table column headings cause an exception in Python 2
* 846 Conditional formats not supported in write-only mode
* 849 Conditional formats with no sqref cause an exception
* 859 Headers that start with a number conflict with font size
* 902 TableStyleElements don窶冲 always have a condtional format
* 908 Read-only mode sometimes returns too many cells
Pull requests
* 179 Cells kept in a set
* 180 Support for Workbook protection
* 182 Read support for page breaks
* 183 Improve documentation of copy_worksheet method
* 198 Fix

(adam)

libimagequant: updated to 2.11.0

version 2.11
- new liq_image_set_background() for high-quality remapping of GIF frames
- new liq_image_set_importance_map() for controlling which parts of the image get more palette colors

(adam)

doc: Updated lang/duktape to 2.2.0

(leot)

duktape: Update lang/duktape to 2.2.0

Sync duktape to libduktape-2.2.0 update.

Reviewed and thanks to <agc>!

(leot)

doc: Updated lang/libduktape to 2.2.0

(leot)

libduktape: Update lang/libduktape to 2.1

Reviewed and thanks to <agc>!

Changes:
=========================
Duktape 2.1 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):

* Performance, footprint, and portability improvements.
* API additions for more convenient handling of optional arguments:
  duk_opt_xxx() and duk_get_xxx_default().
* Allow duk_push_heapptr() for objects which have become unreachable and
  are pending finalization.  In such a case a duk_push_heapptr() cancels
  the pending finalizer call and automatically rescues the object.
* ES2015 additions like String.prototype.{startsWith,endsWith,includes}()
  and HTML comment syntax.  Non-standard shebang ("#!...") comment support.
* Finalizer handling rework for reference counting and mark-and-sweep to fix
  a few "side effect" bugs.  Also improved torture test coverage for ensuring
  side effects are handled correctly in Duktape internals.
* DUK_VERSION is now visible to duk_config.h so it's possible for duk_config.h
  to support multiple Duktape versions.  For example, some config options may be
  disabled prior to a certain patch level.

Upgrading from Duktape 2.0
==========================
No action (other than recompiling) should be needed for most users to upgrade
from Duktape v2.0.x.  Note the following:

* The Duktape thread used for finalizer calls is now always the initial thread
  (heap_thread), for both reference counting and mark-and-sweep triggered
  finalization.  This should be taken into account in finalizer functions;
  in particular, if there are multiple global environments, finalizers will
  execute in the first global environment created for the heap.
  Prior to 2.1 the finalizer thread could also be heap_thread but usually the
  current thread would be used.

=========================
Duktape 2.0 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):
* New tools/configure.py frontend tool replaces genconfig.py for configuring
  and preparing Duktape sources for build.
* Buffer handling has been simplified: Duktape.Buffer has been removed and is
  replaced by Uint8Array, plain buffers now behave like Uint8Array objects.
  Node.js Buffer behavior aligned with more recent Node.js Buffer API.
* Implement more ES2015 and ES2016 functionality, and align some ES5.1
  semantics with ES2015/ES2016.  Implement WHATWG Encoding API with
  TextEncoder() and TextDecoder() bindings.
* Some incompatible API changes, and several API additions.  API and config
  changes to avoid I/O dependencies (such as printf() and fopen()) in core
  Duktape code to simplify porting.
* More configuration flexibility in dropping Duktape specific functionality
  from build, e.g. coroutines and finalization.
* Disabled Ecmascript bindings are no longer present (instead of being present
  but throwing a TypeError).
* Built-in functionality moved to optional extras: print/alert bindings,
  logging, and module loader.  New optional extras include a Node.js-like
  module loader and a 'console' binding.
* Bug fixes, performance and footprint improvements.

The release has API incompatible changes, see upgrading notes below.

Upgrading from Duktape 1.x
==========================
There are API incompatible changes in this release.  Whenever possible the
incompatible changes cause a compilation error (or warning) so that fixing
call sites should be straightforward.  Below are instructions on how to
migrate from 1.x to 2.0.0.  There are also bug fixes and other minor
behavioral changes which may affect some applications, see ``RELEASES.rst``
for details.

There are backwards compatible providers for some removed/modified API calls
in ``extras/duk-v1-compat``.

Known issues
============
* Some non-compliant behavior for array indices near 2G or 4G elements.
* RegExp parser is strict and won't accept some real world RegExps which
  are technically not compliant with Ecmascript E5/E5.1 specification
  but allowed in ES2015 Annex B.
* Final mantissa bit rounding issues in the internal number-to-string
  conversion.

=========================
Duktape 1.6 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):

* Add duk_suspend() and duk_resume() API calls, backported from Duktape 2.0.

Upgrading from Duktape 1.5.x
============================
No action (other than recompiling) should be needed for most users to upgrade
from Duktape v1.5.x.

Known issues
============
This release has the following known issues worth noting:
* Non-compliant behavior for array indices near 2G or 4G elements.
* RegExp parser is strict and won't accept some real world RegExps which
  are technically not compliant with Ecmascript E5/E5.1 specification.
* Final mantissa bit rounding issues in the internal number-to-string
  conversion.
* On FreeBSD 10.x (at least 10.1 and 10.2): Clang with ``-m32`` generates
  incorrect code for union assignments needed by Duktape's 8-byte packed
  value encoding (see
  https://github.com/svaarala/duktape/blob/master/misc/clang_aliasing.c).
  The issue can be detected by defining ``DUK_OPT_SELF_TESTS``.  A workaround
  is to avoid packed types in this case by defining ``DUK_OPT_NO_PACKED_TVAL``.

(leot)

Use ${WRKDIR}/tmp for temporary files instead of $(mktemp -d)

This is more portable.

As suggested by joerg@.

(khorben)

Updated fonts/ttf-tlwg to 0.6.4

(scole)

Update Fonts-TLWG to 0.6.4

0.6.4 (2017-10-03) : The "TeXnical Boost" release
=====
- Use package versioning based on Git snapshot.
- Fix LaTeX familydefault upon switching between scripts.
  (Thanks Abhabongse Janthong for the pull request.)
- Add LaTeX option for font scaling.
  (Thanks Abhabongse Janthong for another pull request.)

(scole)

libidn2: Fix installation if gtk-doc package is already installed

By default libidn2 is configured with `--disable-gtk-doc'. However,
despite that, it will checks several `gtkdoc-*' tools anyway, ending
in a failure during the installation phase because only a couple
of them are available.

Add a kludge via CONFIGURE_ENV to avoid picking up gtkdoc-* tools.

Pointed out by <scole> via PR pkg/52667.

(leot)

objfw-0.90.2.

(bsiegert)

Update ObjFW to 0.90.2, from Jonathan Schleifer in PR pkg/52645.

ObjFW 0.90.1 -> ObjFW 0.90.2, 23.10.2017
* Fix shadowed variables which caused many bugs (e.g. using the wrong object)
* Many, many nullability fixes
* OFTCPSocket: Fix exception not being retained for async connect
* OFThread: Fix setting the name on the wrong thread
* OFMutableSet: Fix missing override for -[copy]
* configure: Fix posix_spawnp check
* Xcode project: Set the correct version for the bridge
* Better check for iOS
* tests: Fix testing the wrong OFKernelEventObserver

ObjFW 0.90 -> ObjFW 0.90.1, 20.08.2017
* OFData: Fix -[description]
* OFFileManager: Set errno to 0 before readdir()
* OFDate: Add -[localMinute]
* OFTarArchiveEntry: Fix prefix handling for ustar
* OFZIPArchive: Fix uncompressed + data descriptor
* OFArray: Fix MessagePack encoding
* of_asprintf: Don't require set up OFLocalization
* OFGZIPStream: Add missing documentation
* Fix a linker warning on OpenBSD/SPARC64
* Remove the OFFile b modes from MorphOS
  (they were already removed for all other OSes)

(bsiegert)

doc: Updated net/youtube-dl to 20171029

(leot)

youtube-dl: Update net/youtube-dl to 20171029

Changes:
version 2017.10.29

Core
* [extractor/common] Prefix format id for audio only HLS formats
+ [utils] Add support for zero years and months in parse_duration

Extractors
* [egghead] Fix extraction (#14388)
+ [fxnetworks] Extract series metadata (#14603)
+ [younow] Add support for younow.com (#9255, #9432, #12436)
* [dctptv] Fix extraction (#14599)
* [youtube] Restrict embed regex (#14600)
* [vimeo] Restrict iframe embed regex (#14600)
* [soundgasm] Improve extraction (#14588)
- [myvideo] Remove extractor (#8557)
+ [nbc] Add support for classic-tv videos (#14575)
+ [vrtnu] Add support for cookies authentication and simplify (#11873)
+ [canvas] Add support for vrt.be/vrtnu (#11873)
* [twitch:clips] Fix title extraction (#14566)
+ [ndtv] Add support for sub-sites (#14534)
* [dramafever] Fix login error message extraction
+ [nick] Add support for more nickelodeon sites (no, dk, se, ch, fr, es, pt,
  ro, hu) (#14553)

(leot)

Updated www/firefox to 56.0.2nb1

(ryoon)

Make clang and rust as build dependencies. Fix PR pkg/52668
Bump PKGREVISION

(ryoon)

Remove compatibility mappings for options retired in 2017Q2.

(schmonz)

Fix building without IPv6 and packaging without SSL.

(schmonz)

pullups 5586 5587 5588 5589

(spz)

Pullup ticket #5589 - requested by tez
net/wget: security patch

Revisions pulled up:
- net/wget/Makefile                                            1.136
- net/wget/distinfo                                            1.55
- net/wget/patches/patch-CVE-2017-13089                        1.1
- net/wget/patches/patch-CVE-2017-13090                        1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tez
  Date:          Thu Oct 26 15:01:39 UTC 2017

  Modified Files:
          pkgsrc/net/wget: Makefile distinfo
  Added Files:
          pkgsrc/net/wget/patches: patch-CVE-2017-13089 patch-CVE-2017-13090

  Log Message:
  wget: patches for CVE-2017-13089 and CVE-2017-13090

  To generate a diff of this commit:
  cvs rdiff -u -r1.135 -r1.136 pkgsrc/net/wget/Makefile
  cvs rdiff -u -r1.54 -r1.55 pkgsrc/net/wget/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/net/wget/patches/patch-CVE-2017-13089 \
      pkgsrc/net/wget/patches/patch-CVE-2017-13090

(spz)

Pullup ticket #5588 - requested by maya
shells/fish: build fix

Revisions pulled up:
- shells/fish/Makefile                                          1.12
- shells/fish/distinfo                                          1.9
- shells/fish/patches/patch-configure.ac                        1.1
- shells/fish/patches/patch-src_fallback.cpp                    1.1
- shells/fish/patches/patch-src_fallback.h                      1.1
- shells/fish/patches/patch-src_output.cpp                      1.1
- shells/fish/patches/patch-src_output.h                        1.1
- shells/fish/patches/patch-src_screen.cpp                      1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Tue Oct 24 03:51:41 UTC 2017

  Modified Files:
          pkgsrc/shells/fish: Makefile distinfo
  Added Files:
          pkgsrc/shells/fish/patches: patch-configure.ac patch-src_fallback.cpp
              patch-src_fallback.h patch-src_output.cpp patch-src_output.h
              patch-src_screen.cpp

  Log Message:
  fish: add patches from pkgsrc-wip reported to fix build with clang
  force ncurses because auto-completion is broken with netbsd curses.

  bump pkgrevision

  To generate a diff of this commit:
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/shells/fish/Makefile
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/shells/fish/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/shells/fish/patches/patch-configure.ac \
      pkgsrc/shells/fish/patches/patch-src_fallback.cpp \
      pkgsrc/shells/fish/patches/patch-src_fallback.h \
      pkgsrc/shells/fish/patches/patch-src_output.cpp \
      pkgsrc/shells/fish/patches/patch-src_output.h \
      pkgsrc/shells/fish/patches/patch-src_screen.cpp

(spz)

Pullup ticket #5587 - requested by maya
chat/irssi: security update
chat/irssi-icb: security update
chat/irssi-xmpp: security update

Revisions pulled up:
- chat/irssi-icb/distinfo                                      1.31
- chat/irssi-xmpp/distinfo                                      1.13
- chat/irssi/Makefile.common                                    1.25
- chat/irssi/distinfo                                          1.44

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: maya
  Date: Mon Oct 23 15:08:24 UTC 2017

  Modified Files:
  pkgsrc/chat/irssi: Makefile.common distinfo
  pkgsrc/chat/irssi-icb: distinfo
  pkgsrc/chat/irssi-xmpp: distinfo

  Log Message:
  irssi: update to 1.0.5

  - Fix missing -sasl_method '' in /NETWORK (#718, #719).
  - Fix incorrect restoration of term state when hitting SUSP
            inside screen (#737, #733).
  - Fix out of bounds read when compressing colour
            sequences. Found by Hanno B?ck (GL#12, GL!18).
  - Fix use after free condition during a race condition when
            waiting on channel sync during a rejoin (GL#13, GL!19).
  - Fix null pointer dereference when parsing certain malformed
            CTCP DCC messages (GL#14, GL!20).
  - Fix crash due to null pointer dereference when failing to
            split messages due to overlong nick or target (GL#15, GL!21).
  - Fix out of bounds read when trying to skip a safe channel ID
            without verifying that the ID is long enough (GL#16, GL!22).
  - Fix return of random memory when inet_ntop failed (#769).
  - Minor statusbar help update. By Robert Bisewski (#758,
            #763).

  Security advisory: https://irssi.org/security/irssi_sa_2017_10.txt

  To generate a diff of this commit:
  cvs rdiff -u -r1.24 -r1.25 pkgsrc/chat/irssi/Makefile.common
  cvs rdiff -u -r1.43 -r1.44 pkgsrc/chat/irssi/distinfo
  cvs rdiff -u -r1.30 -r1.31 pkgsrc/chat/irssi-icb/distinfo
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/chat/irssi-xmpp/distinfo

(spz)