py-nbconvert: update to 5.3.1

5.3.1
MANIFEST.in updated to include LICENSE and scripts/ when creating sdist.

(adam)

py-nbformat: update to 4.4.0

4.4.0:
- Explicitly state that metadata fields can be ignored.
- Introduce official jupyter namespace inside metadata (``metadata.jupyter``).
- Introduce ``source_hidden`` and ``outputs_hidden`` as official front-end
  metadata fields to indicate hiding source and outputs areas. **NB**: These
  fields should not be used to hide elements in exported formats.
- Fix ending the redundant storage of signatures in the signature database.
- :func:`nbformat.validate` can be set to not raise a ValidationError if
  additional properties are included.
- Fix for errors with connecting and backing up the signature database.
- Dict-like objects added to NotebookNode attributes are now transformed to be
  NotebookNode objects; transformation also works for `.update()`.

(adam)

Make ipython versioned dependency

(adam)

Removed ipython from BUILD_DEPENDS: it is needed for testing, but will cause circular dependencies

(adam)

doc: Added security/ruby-nexpose version 7.1.1

(minskim)

security/Makefile: Add ruby-nexpose

(minskim)

security/ruby-nexpose: Import version 7.1.1

nexpose is the official gem package for the Ruby Nexpose API client
library.

(minskim)

py-entrypoints: update to 0.2.3

0.2.3:
Bug fixes

(adam)

Enable erlang-eimp

(fhajny)

doc: Added graphics/erlang-eimp version 1.0.1

(fhajny)

Add eimp 1.0.1 as graphics/erlang-eimp.

eimp is an Erlang/Elixir application for manipulating graphic
images using external C libraries. It supports WebP, JPEG, PNG
and GIF.

(fhajny)

doc: Updated chat/ejabberd to 17.09

(fhajny)

Update chat/ejabberd to 17.09.

Admin
- Harden ejabberdctl
- Fix ejabberdctl quoting when using iex
- Call earlier deps configure scripts during compilation
- Fix iexdebug and iexlive commands
- Quote $PEER in ping command to avoid hostnames containing "-" being
  interpreted as arithmetic
- Docker: Sync containers from rroemhild and add instructions in
  README
- Use eimp instead of ImageMagick calls for thumbnails creation
- Add forgotten caching options to the validator
- Fix 'make install' to work with new output from rebar list-deps
- Rewrite muc_register_nick and muc_unregister_nick to be DB
  independent
- WebAdmin: Fix deletion of multiple offline messages

Encryption
- Add support for XEP-0368 in outgoing s2s: SRV records for XMPP over
  TLS
- Deprecate s2s_use_starttls: required_trusted
- Don't attempt to access(2) a certificate file
- Let 'domain_certfile' take higher precedence instead of s2s_certfile
  or c2s_certfile

Databases
- mysql.sql: Use multi-column index on username/ID
- Use forked repo of Riak Erlang client to support OTP20

Modules
- mod_avatar: New module with support for legacy and modern clients
- mod_block_strangers: Introduce option 'allow_transports'
- mod_block_strangers: Block messages from strangers before
  mod_mam/mod_offline processing
- mod_http_upload: Don't ignore 'custom_headers'
- mod_muc: Improve presence-error and unavailable of multi-session
  occupants
- mod_multicast: Fix start and reading of configured limits
- mod_mam: Simplify check for anon MUC JID filtering
- mod_mam: Refuse filtering anon MUC queries by JID
- mod_privacy: Explicitly match against
- mod_register: Introduce 'redirect_url' option
- mod_stream_mgmt: Delete 'c2s_init' hook
- mod_vcard_xupdate: Also replace vcard-x-update in direct presences

PubSub
- Fix get_items/get_item calls
- Add correct order when requesting all items
- Implement '6.5.7 Requesting the Most Recent Items'
- Fix RSM support on SQL
- Add RSM support on mnesia
- Fix node_options: default options only apply on first plugin
- Broadcast updated node configuration
- Enforce controls on publish and delete items

Miscelanea
- Preserve correct order of deserialized XML elements
- Suppress push notifications for online clients
- Extract strings and prepare translation files works again

(fhajny)

doc: Updated net/erlang-xmpp to 1.1.15

(fhajny)

Update net/erlang-xmpp to 1.1.15

- Updating fast_xml to version 1.1.24.
- Updating p1_utils to version 1.0.10.
- Updating stringprep to version 1.0.10.
- Compatibility with R19.3+
- XEP-0084 (User Avatar) support

(fhajny)

doc: Updated net/erlang-esip to 1.0.16

(fhajny)

Update net/erlang-esip to 1.0.16.

- Updating stun to version 1.0.15.
- Updating fast_tls to version 1.0.16.
- Updating p1_utils to version 1.0.10.
- Compatibility with R20

(fhajny)

doc: Updated net/erlang-stun to 1.0.15

(fhajny)

Update net/erlang-stun to 1.0.15

- Updating fast_tls to version 1.0.16.
- Updating p1_utils to version 1.0.10.

(fhajny)

doc: Updated databases/erlang-p1_pgsql to 1.1.4

(fhajny)

Update databases/erlang-p1_pgsql to 1.1.4

- Update coverall script

(fhajny)

doc: Updated databases/erlang-p1_mysql to 1.0.4

(fhajny)

Update databases/erlang-p1_mysql to 1.0.4

- Update coverall script

(fhajny)

doc: Updated converters/erlang-iconv to 1.0.6

(fhajny)

Update converters/erlang-iconv to 1.0.6

- Updating p1_utils to version 1.0.10.
- Fix possible overflow of inleft

(fhajny)

doc: Updated textproc/erlang-fast_yaml to 1.0.11

(fhajny)

Update textproc/erlang-fast_yaml to 1.0.11

- Updating p1_utils to version 1.0.10.
- Improved error formatting

(fhajny)

doc: Updated textproc/erlang-fast_xml to 1.1.24

(fhajny)

Update textproc/erlang-fast_xml to 1.1.24

- Updating p1_utils to version 1.0.10.
- Make XML generator work on R19.3+

(fhajny)

doc: Updated security/erlang-fast_tls to 1.0.16

(fhajny)

Update security/erlang-fast_tls to 1.0.16.

- Updating p1_utils to version 1.0.10.
- Fix couple memory leaks
- Make ECDH work on openssl < 1.0.2
- Add SNI and ALPN support for client connections

(fhajny)

doc: Updated textproc/erlang-stringprep to 1.0.10

(fhajny)

Update textproc/erlang-stringprep to 1.0.10

- Updating p1_utils to version 1.0.10.

(fhajny)

lang/erlang: Fix incorrect internal consistency failure
for binary matching code. Bump PKGREVISION.

(fhajny)

doc: Updated net/mikutter to 3.5.12

(tsutsui)

mikutter: update to 3.5.12.

Upstream changes:

- support an error response when the account is locked (thanks @sushi514)
- add an environment variable MIKUTTER_CONFROOT
- sweep legacy code

(tsutsui)

doc: Updated devel/erlang-cache_tab to 1.0.11

(fhajny)

Update devel/erlang-cache_tab to 1.0.11.

- Updating p1_utils to version 1.0.10.

(fhajny)

doc: Updated misc/erlang-p1_utils to 1.0.10

(fhajny)

Update misc/erlang-p1_utils to 1.0.10.

- Fix problem with edoc.

(fhajny)

doc: Updated multimedia/adobe-flash-player to 27.0.0.170

(tsutsui)

adobe-flash-player: update to 27.0.0.170.

Upstream announcement:

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Adobe Security Bulletin

Summary

Adobe has released a security update for Adobe Flash Player for Windows,
Macintosh, Linux and Chrome OS. This update addresses a critical type
confusion vulnerability that could lead to code execution.

Adobe is aware of a report that an exploit for CVE-2017-11292 exists
in the wild, and is being used in limited, targeted attacks against
users running Windows.

(tsutsui)

doc: Updated textproc/libfastjson to 0.99.7

(fhajny)

Update textproc/libfastjson to 0.99.7

- Added option for case-insensitive comparisons
- Removed userdata and custom-serialization functions

(fhajny)

doc: Updated sysutils/consul to 1.0.0

(fhajny)

Update sysutils/consul to 1.0.0

SECURITY:

- Fixed an XSS issue with Consul's built-in web UI where node names
  were not being properly escaped.

BREAKING CHANGES:

- Raft Protocol Now Defaults to 3
- Config Files Require an Extension
- Deprecated Options Have Been Removed
- `statsite_prefix` Renamed to `metrics_prefix`
- `advertise_addrs` Removed
- Escaping Behavior Changed for go-discover Configs
- HTTP Verbs are Enforced in Many HTTP APIs
- Unauthorized KV Requests Return 403
- Config Section of Agent Self Endpoint has Changed
- Deprecated `configtest` Command Removed
- Undocumented Flags in `validate` Command Removed
- Metric Names Updated
- Checks Validated On Agent Startup

FEATURES:

- Support for HCL Config Files
- Support for Binding to Multiple Addresses
- Support for RFC1434 DNS TXT records
- Support for Running Subproccesses Directly Without a Shell
- Sentinel Integration

IMPROVEMENTS:

- agent: Added support to detect public IPv4 and IPv6 addresses on
  AWS.
- agent: Improved /v1/operator/raft/configuration endpoint which
  allows Consul to avoid an extra agent RPC call for the `consul
  operator raft list-peers` command.
- agent: Improved ACL system for the KV store to support list
  permissions. This behavior can be opted in. For more information,
  see the ACL Guide].
- agent: Updates miekg/dns library to later version to pick up bug
  fixes and improvements.
- agent: Added automatic retries to the RPC path, and a brief RPC
  drain time when servers leave. These changes make Consul more robust
  during graceful leaves of Consul servers, such as during upgrades, and
  help shield applications from "no leader" errors. These are configured
  with new `performance` options.
- agent: Added a new `discard_check_output` agent-level configuration
  option that can be used to trade off write load to the Consul
  servers vs. visibility of health check output. This is reloadable so
  it can be toggled without fully restarting the agent.
- api: Updated the API client to ride out network errors when
  monitoring locks and semaphores.
- build: Updated Go toolchain to version 1.9.1.
- cli: `consul lock` and `consul watch` commands will forward `TERM`
  and `KILL` signals to their child subprocess.
- cli: Added support for autocompletion].
- server: Updated BoltDB to final version 1.3.1.
- server: Improved dead member reap algorithm to fix edge cases where
  servers could get left behind.

BUG FIXES:

- agent: Fixed an issue where disabling both the http and https
  interfaces would cause a watch-related error on agent startup, even
  when no watches were defined.
- agent: Added an additional step to kill health check scripts that
  timeout on all platforms except Windows, and added a wait so that
  it's not possible to run multiple instances of the same health check
  script at the same time.
- cli: If the `consul operator raft list-peers` command encounters an
  error it will now exit with a non-zero exit code.
- cli: CLI commands will now show help for all of their arguments.
- server: Fixed an issue where the leader server could get into a
  state where it was no longer performing the periodic leader loop
  duties and unable to serve consistent reads after a barrier timeout
  error.

Full (unabridged) changelog:

  https://github.com/hashicorp/consul/blob/v1.0.0/CHANGELOG.md

(fhajny)

Added textproc/py-diff-match-patch, textproc/py-text-unidecode; Updated devel/py-faker

(adam)

py-faker: update to 0.8.6

0.8.6:
Replace unidecode dependency in favor of text-unidecode. Faker now requires text-unidecode.

(adam)

text-unidecode is the most basic port of the Text::Unidecode Perl library.

(adam)

The Diff Match and Patch libraries offer robust algorithms to perform the
operations required for synchronizing plain text.

Diff: Compare two blocks of plain text and efficiently return a list of
differences.

Match: Given a search string, find its best fuzzy match in a block of plain
text. Weighted for both accuracy and location.

Patch: Apply a list of patches onto plain text. Use best-effort to apply patch
even when the underlying text doesn't match.

(adam)

doc: Updated sysutils/beats to 5.6.3

(fhajny)

Update sysutils/beats to 5.6.3.

No changes - sync version with databases/elasticsearch.

(fhajny)

doc: Updated databases/elasticsearch to 5.6.3

(fhajny)

Update databases/elasticsearch to 5.6.3.

=== Enhancements

Network::
* Add additional low-level logging handler
* Unwrap exception causes when checking if  dying

=== Bug fixes

Aggregations::
* Fix IndexOutOfBoundsException in histograms for NaN doubles

Core::
* MetaData Builder doesn't properly prevent an alias with the same
* name as an index

Packaging::
* Fix default paths for Windows service

Plugin Repository Azure::
* Use Azure upload method instead of our own implementation

Search::
* Fix serialization errors when cross cluster search goes to a single
* shard

(fhajny)

doc/CHANGES-2017: revert previous

(wiz)

Put back PKGREVISION=1. It was there on purpose, to make it clear that
there are extra (security) patches and it's not the stock 4.6.6 or 4.8.2

(bouyer)

doc/CHANGES-2017: fix xen* versions.

(wiz)

xen*[46]*: reset PKGREVISION after update

(wiz)

Updated sysutils/xenkernel46 to 4.6.6nb1
Updated sysutils/xentools46 to 4.6.6nb1
Updated sysutils/xenstoretools to 4.6.6

(bouyer)

Update xen*46 to 4.6.6, including fixes up to XSA244.
changes since Xen 4.6.5: mostly bug fixes, including security fixes
for XSA206, XSA211 to XSA244.
PKGREVISION set to 1 to account for the fact that it's not a stock Xen 4.6.6.

Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg

(bouyer)

gstreamer*: follow redirect

(wiz)

doc: Updated net/glib-networking to 2.54.0

(wiz)

glib-networking: update to 2.54.0.

2.54.0
======
  * New/updated translations: Basque, Belarusian, Brazilian
    Portuguese, Bulgarian, Catalan, Chinese (Taiwan), Danish, Danish,
    Dutch, French, Galician, Hungarian, Italian, Korean, Latvian,
    Lithuanian, Malayalam, Nepali, Polish, Serbian, Slovak, Swedish,
    Turkish

2.53.90
=======
  * gnutls: Stop using %LATEST_RECORD_VERSION in priority string,
    since that gives better compatibility with current gnutls /
    current real world. [#782218, Michael Catanzaro]

  * gnutls: Provide a better error message when a TLS alert is
    received. [#782218, Michael Catanzaro]

  * New/updated translations: Croatian, Czech, Esperanto, Friulian,
    German, Indonesian, Italian, Kazakh, Slovenian, Spanish

(wiz)

doc: Updated www/p5-Mojolicious to 7.47

(wiz)

p5-Mojolicious: update to 7.47.

7.47  2017-10-05
  - Added multipart content generator to Mojo::UserAgent::Transactor.
  - Fixed a bug in Mojo::File where parts of a path could get accidentally
    upgraded from bytes to characters.

(wiz)

doc: Updated security/p5-CryptX to 0.054

(wiz)

p5-CryptX: update to 0.054.

0.054  2017-10-12
        - fix Crypt::PK::DSA verify
        - libtomcrypt updated to 1.18 (+ some extra patches)
        - documentation fixes

(wiz)

Modified file so that opam automatically uses findlib

(jaapb)

doc: Updated net/p5-Geo-IP to 1.51

(wiz)

p5-Geo-IP: update to 1.51.

1.51    2017-10-11

- Added the following missing methods for IPv6 lookups to the pure Perl
  implementation: name_by_addr_v6, name_by_name_v6, org_by_addr_v6, and
  org_by_name_v6. Reported by Earl Killian. GitHub #28.

(wiz)

doc: Updated devel/p5-UNIVERSAL-isa to 1.20171012

(wiz)

p5-UNIVERSAL-isa: update to 1.20171012.

1.20171012  2017-10-12 05:35:40Z
    - original isa sub is now available in original_isa() (Graham Knop, PR#1)

(wiz)

doc: Updated devel/p5-Test-Simple to 1.302101

(wiz)

p5-Test-Simple: update to 1.302101.

1.302101  2017-10-12 07:43:16-07:00 America/Los_Angeles

    - Bump Test::Builder::IO::Scalar version for core

(wiz)

doc: Updated devel/p5-List-MoreUtils to 0.426

(wiz)

doc: Updated devel/p5-Term-Table to 0.012

(wiz)

p5-Term-Table: update to 0.012.

0.012    2017-10-11 08:54:52-07:00 America/Los_Angeles

    - Bump minimum Test2::Tools::Tiny version

(wiz)

doc: Updated devel/p5-Log-Report to 1.22

(wiz)

p5-Log-Report: update to 1.22.

version 1.22: Thu 12 Oct 12:18:54 CEST 2017

Improvements:
- try() also collects DEBUG info when one of the dispatches wants it.
- document that ::Translator::POT does not require charset anymore.
- support __p, __px, etc from Locale::TextDomain

(wiz)

doc/CHANGES-2017: Fix two entries

(wiz)

doc: Updated devel/p5-String-Print to 0.92nb1

(wiz)

p5-String-Print: Add missing dependencies.

Bump PKGREVISION

(wiz)

p5-List-MoreUtils: update to 0.426.

0.426 2017-10-12
    - release 0.425_002 without further changes

0.425_002 2017-10-05
    - re-introduce Config::AutoConf
      (https://rt.cpan.org/Ticket/Display.html?id=122875#txn-1745984)
      for final satisfying RT#122875
    - bump required version of List::MoreUtils::XS to 0.426, if XS is available

0.425_001 2017-09-27
    - fix broken arrayify prototype
    - revert removal of old List::MoreUtils::XS parts

(wiz)

tcl-cgi: replace dead homepage

(wiz)

Updated sysutils/xenkernel48 version 4.8.2nb1
Updated sysutils/xentools48 version 4.8.2nb1

(bouyer)

Update xentools48 and xenkernel48 to 4.8.2, and apply security patches up
to XSA244. Keep PKGREVISION to 1 to account for the fact that it's
not a stock Xen 4.8.2.

Note that, unlike upstream, pv-linear-pt defaults to true, so that
NetBSD PV guests (including dom0) will continue to boot without changes
to boot.cfg

(bouyer)

py-diffoscope: needs python-3.5 or newer

(wiz)

doc: Updated textproc/gtkspell to 2.0.16nb25

(wiz)

gtkspell: fix build

Latest gtk-doc does not provide gtkdoc-mktmpl. Use documentation
that is coming with the package instead of rebuilding it.

Set LICENSE.

Bump PKGREVISION.

(wiz)

ocaml: revert part of powerpc patches

Do not overwrite cc linker options (probably committed unintentionally).
Refixes RELRO build.

(wiz)

ocaml: fix indentation in some patches

(wiz)

Added www/py-django-import-export, www/py-django-admin-sortable2, www/py-django-admin-rangefilter

(adam)

Add the filter by a custom date / datetime range on the admin UI.

(adam)

A replacement for django-admin-sortable using an unintrusive approach.

This plugin is a generic drag-and-drop ordering module for sorting objects in
the List, the Stacked- and the Tabular-Inlines Views in the Django Admin
interface.

This module offers simple mixin classes which enrich the functionality of any
existing class derived from admin.ModelAdmin, admin.StackedInline or
admin.TabularInline.

Thus it makes it very easy to integrate with existing models and their model
admin interfaces. Existing models can inherit from models.Model or any other
class derived thereof. No special base class is required.

(adam)

django-import-export is a Django application and library for importing
and exporting data with included admin integration.

Features:
* support multiple formats (Excel, CSV, JSON, ...  and everything else that
  tablib support)
* admin integration for importing
* preview import changes
* admin integration for exporting
* export data respecting admin filters

(adam)

Updated www/py-djangorestframework

(adam)

py-djangorestframework: update to 3.7.1

Version 3.7.1
Fix Interactive documentation always uses false for boolean fields in requests
Improve compatibility with Django 2.0 alpha.
Improved handling of schema naming collisions
Added additional docs and tests around providing a default value for dotted source fields

(adam)

#5578

(spz)

Pullup ticket #5578 - requested by maya
net/wpa_supplicant: security patch

Revisions pulled up:
- net/wpa_supplicant/Makefile                                  1.18
- net/wpa_supplicant/distinfo                                  1.10
- net/wpa_supplicant/patches/patch-src_ap_ieee802__11.c        1.1
- net/wpa_supplicant/patches/patch-src_ap_wpa__auth.c          1.1
- net/wpa_supplicant/patches/patch-src_ap_wpa__auth.h          1.1
- net/wpa_supplicant/patches/patch-src_ap_wpa__auth__ft.c      1.1
- net/wpa_supplicant/patches/patch-src_ap_wpa__auth__i.h        1.1
- net/wpa_supplicant/patches/patch-src_common_wpa__common.h    1.1
- net/wpa_supplicant/patches/patch-src_rsn__supp_tdls.c        1.1
- net/wpa_supplicant/patches/patch-src_rsn__supp_wpa.c          1.1
- net/wpa_supplicant/patches/patch-src_rsn__supp_wpa__ft.c      1.1
- net/wpa_supplicant/patches/patch-src_rsn__supp_wpa__i.h      1.1
- net/wpa_supplicant/patches/patch-wpa__supplicant_wnm__sta.c  1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Mon Oct 16 10:26:21 UTC 2017

  Modified Files:
          pkgsrc/net/wpa_supplicant: Makefile distinfo
  Added Files:
          pkgsrc/net/wpa_supplicant/patches: patch-src_ap_ieee802__11.c
              patch-src_ap_wpa__auth.c patch-src_ap_wpa__auth.h
              patch-src_ap_wpa__auth__ft.c patch-src_ap_wpa__auth__i.h
              patch-src_common_wpa__common.h patch-src_rsn__supp_tdls.c
              patch-src_rsn__supp_wpa.c patch-src_rsn__supp_wpa__ft.c
              patch-src_rsn__supp_wpa__i.h patch-wpa__supplicant_wnm__sta.c

  Log Message:
  wpa_supplicant: apply upstream patch for security advisory

  Patches from Juoni Malinen and Mathy Vanhoef.

  Fixes:
  - CVE-2017-13077
  - CVE-2017-13078
  - CVE-2017-13079
  - CVE-2017-13080
  - CVE-2017-13081
  - CVE-2017-13082
  - CVE-2017-13086
  - CVE-2017-13087
  - CVE-2017-13088

  Tested by leot, thanks!

  Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake

  Do not reinstall TK to the driver during Reassociation Response frame
  processing if the first attempt of setting the TK succeeded. This avoids
  issues related to clearing the TX/RX PN that could result in reusing
  same PN values for transmitted frames (e.g., due to CCM nonce reuse and
  also hitting replay protection on the receiver) and accepting replayed
  frames on RX side.

  This issue was introduced by the commit
  0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
  authenticator') which allowed wpa_ft_install_ptk() to be called multiple
  times with the same PTK. While the second configuration attempt is
  needed with some drivers, it must be done only if the first attempt
  failed.

  Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key

  Track the current GTK and IGTK that is in use and when receiving a
  (possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
  not install the given key if it is already in use. This prevents an
  attacker from trying to trick the client into resetting or lowering the
  sequence counter associated to the group key.

  Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
    Mode cases

  This extends the protection to track last configured GTK/IGTK value
  separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
  corner case where these two different mechanisms may get used when the
  GTK/IGTK has changed and tracking a single value is not sufficient to
  detect a possible key reconfiguration.

  Subject: [PATCH 4/8] Prevent installation of an all-zero TK

  Properly track whether a PTK has already been installed to the driver
  and the TK part cleared from memory. This prevents an attacker from
  trying to trick the client into installing an all-zero TK.

  This fixes the earlier fix in commit
  ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
  driver in EAPOL-Key 3/4 retry case') which did not take into account
  possibility of an extra message 1/4 showing up between retries of
  message 3/4.

  Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce

  The Authenticator state machine path for PTK rekeying ended up bypassing
  the AUTHENTICATION2 state where a new ANonce is generated when going
  directly to the PTKSTART state since there is no need to try to
  determine the PMK again in such a case. This is far from ideal since the
  new PTK would depend on a new nonce only from the supplicant.

  Fix this by generating a new ANonce when moving to the PTKSTART state
  for the purpose of starting new 4-way handshake to rekey PTK.

  Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration

  Do not try to reconfigure the same TPK-TK to the driver after it has
  been successfully configured. This is an explicit check to avoid issues
  related to resetting the TX/RX packet number. There was already a check
  for this for TPK M2 (retries of that message are ignored completely), so
  that behavior does not get modified.

  For TPK M3, the TPK-TK could have been reconfigured, but that was
  followed by immediate teardown of the link due to an issue in updating
  the STA entry. Furthermore, for TDLS with any real security (i.e.,
  ignoring open/WEP), the TPK message exchange is protected on the AP path
  and simple replay attacks are not feasible.

  As an additional corner case, make sure the local nonce gets updated if
  the peer uses a very unlikely "random nonce" of all zeros.

  Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
    request

  Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
  Mode Response if WNM-Sleep Mode has not been used') started ignoring the
  response when no WNM-Sleep Mode Request had been used during the
  association. This can be made tighter by clearing the used flag when
  successfully processing a response. This adds an additional layer of
  protection against unexpected retransmissions of the response frame.

  Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames

  The driver is expected to not report a second association event without
  the station having explicitly request a new association. As such, this
  case should not be reachable. However, since reconfiguring the same
  pairwise or group keys to the driver could result in nonce reuse issues,
  be extra careful here and do an additional state check to avoid this
  even if the local driver ends up somehow accepting an unexpected
  Reassociation Response frame.

  To generate a diff of this commit:
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/wpa_supplicant/Makefile
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/wpa_supplicant/distinfo
  cvs rdiff -u -r0 -r1.1 \
      pkgsrc/net/wpa_supplicant/patches/patch-src_ap_ieee802__11.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_ap_wpa__auth.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_ap_wpa__auth.h \
      pkgsrc/net/wpa_supplicant/patches/patch-src_ap_wpa__auth__ft.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_ap_wpa__auth__i.h \
      pkgsrc/net/wpa_supplicant/patches/patch-src_common_wpa__common.h \
      pkgsrc/net/wpa_supplicant/patches/patch-src_rsn__supp_tdls.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_rsn__supp_wpa.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_rsn__supp_wpa__ft.c \
      pkgsrc/net/wpa_supplicant/patches/patch-src_rsn__supp_wpa__i.h \
      pkgsrc/net/wpa_supplicant/patches/patch-wpa__supplicant_wnm__sta.c

(spz)

Fix webrtc build on recent NetBSD current
From rjs@. Thank you.

WebRTC connection works.
However video capture does not work.

(ryoon)

Some files are moved. Fix build

(ryoon)

apache24: Extend SunOS workaround to GCC 6.x.

(jperkin)

libgnomeui: Extend SunOS workaround to GCC 6.x.

(jperkin)

Updated devel/py-hypothesis

(adam)

py-hypothesis: update to 3.33.0

3.33.0:
This release supports strategy inference for more field types in Django models() - you can now omit an argument for Date, Time, Duration, Slug, IP Address, and UUID fields.

Strategy generation for fields with grouped choices now selects choices from each group, instead of selecting from the group names.

(adam)

Added ipython

(adam)

Updated devel/py-ipython; Added devel/py-ipython5

(adam)