fix pytest versioned dep.

(adam)

pytest from versioned depends

(adam)

py-test-flake8: updated to 1.0.6

1.0.6
- Fix compatibility with flake8 >= 3.8

(adam)

fix pytest->test

(adam)

pytest from versioned depends

(adam)

pytest from versioned depends

(adam)

py-backcall: pytest from versioned depends

(adam)

py-attrs: pytest from versioned depends

(adam)

py-mutagen: pytest from versioned depends

(adam)

py-atomicwrites: pytest from versioned depends

(adam)

py-redis: pytest from versioned depends

(adam)

py-alembic: pytest from versioned depends

(adam)

py-mysqlclient: pytest from versioned depends

(adam)

py-alembic: pytest from versioned depends

(adam)

py-chardet: not need to include application.mk

(adam)

py-chardet: pytest from versioned depens

(adam)

py-MyHDL: pytest from versioned depens

(adam)

py-werkzeug: remove pytest from depends

(adam)

py-test-runner: pytest from versioned deps.

(adam)

py-lz4: updated to 3.0.2

v3.0.2:
This release removes py3c from the codebase and strips out unused Python 2 support code. No functional changes are included with this release.

v3.0.1:
This release fixes an issue that prevented the OSX wheels from being published to PyPi, and contains no functional changes.

v3.0.0:
This release:
* Drops support for Python 2 (although some dead code remains for future removal)
* Adds streams support thanks to the hard work of @tSed
* Fixes a performance bug with the frame bindings - thanks to @bjonen for the careful report and reproducer
* Adds Python 3.8 support

(adam)

py-wtforms-components: pytest from versioned deps.

(adam)

python: add pytest to versioned_dependencies.mk

(adam)

Updated devel/py-test

(adam)

py-test: updated to 5.4.2

pytest 5.4.2:
Bug Fixes
* Fix crash with captured output when using the capsysbinary fixture.
* Ensure a unittest.IsolatedAsyncioTestCase is actually awaited.
* Fix TerminalRepr instances to be hashable again.
* Fix regression where functions registered with TestCase.addCleanup were not being called on test failures.
* Allow users to still set the deprecated TerminalReporter.writer attribute.
* Revert 窶徼mpdir: clean up indirection via config for factories窶� 6767 as it breaks pytest-xdist.
* Fixed regression: asyncbase.TestCase tests are executed correctly again.
* Fix File.from_constructor so it forwards extra keyword arguments to the constructor.
* Classes with broken __getattribute__ methods are displayed correctly during failures.
* Fix _is_setup_py for files encoded differently than locale.

pytest 5.4.1:
Bug Fixes
* Revert the change introduced by 6330, which required all arguments to @pytest.mark.parametrize to be explicitly defined in the function signature.
The intention of the original change was to remove what was expected to be an unintended/surprising behavior, but it turns out many people relied on it, so the restriction has been reverted.
* Fix crash when plugins return an unknown stats while using the --reportlog option.

pytest 5.4.0:
Breaking Changes
* Matching of -k EXPRESSION to test names is now case-insensitive.
* Plugins specified with -p are now loaded after internal plugins, which results in their hooks being called before the internal ones.
This makes the -p behavior consistent with PYTEST_PLUGINS.
* Removed the long-deprecated pytest_itemstart hook.
This hook has been marked as deprecated and not been even called by pytest for over 10 years now.
* Reversed / fix meaning of 窶�+/-窶� in error diffs. 窶�-窶� means that sth. expected is missing in the result and 窶�+窶� means that there are unexpected extras in the result.
* The cached_result attribute of FixtureDef is now set to None when the result is unavailable, instead of being deleted.
If your plugin performs checks like hasattr(fixturedef, 'cached_result'), for example in a pytest_fixture_post_finalizer hook implementation, replace it with fixturedef.cached_result is not None. If you del the attribute, set it to None instead.

Deprecations
* Option --no-print-logs is deprecated and meant to be removed in a future release. If you use --no-print-logs, please try out --show-capture and provide feedback.
--show-capture command-line option was added in pytest 3.5.0 and allows to specify how to display captured output when tests fail: no, stdout, stderr, log or all (the default).
* Deprecate the unused/broken pytest_collect_directory hook. It was misaligned since the removal of the Directory collector in 2010 and incorrect/unusable as soon as collection was split from test execution.
* Deprecate using direct constructors for Nodes.
Instead they are now constructed via Node.from_parent.
This transitional mechanism enables us to untangle the very intensely entangled Node relationships by enforcing more controlled creation/configuration patterns.
As part of this change, session/config are already disallowed parameters and as we work on the details we might need disallow a few more as well.
Subclasses are expected to use super().from_parent if they intend to expand the creation of Nodes.
* The TerminalReporter.writer attribute has been deprecated and should no longer be used. This was inadvertently exposed as part of the public API of that plugin and ties it too much with py.io.TerminalWriter.

Features
* New 窶田apture=tee-sys option to allow both live printing and capturing of test output.
* Now all arguments to @pytest.mark.parametrize need to be explicitly declared in the function signature or via indirect. Previously it was possible to omit an argument if a fixture with the same name existed, which was just an accident of implementation and was not meant to be a part of the API.
* Changed default for -r to fE, which displays failures and errors in the short test summary. -rN can be used to disable it (the old behavior).
* New options have been added to the junit_logging option: log, out-err, and all.
* Excess warning summaries are now collapsed per file to ensure readable display of warning summaries.

Improvements
* pytest.mark.parametrize accepts integers for ids again, converting it to strings.
* Use 窶忱ellow窶� main color with any XPASSED tests.
* Revert 窶廣 warning is now issued when assertions are made for None窶�.
The warning proved to be less useful than initially expected and had quite a few false positive cases.
* tmpdir_factory.mktemp now fails when given absolute and non-normalized paths.
* The pytest_warning_captured hook now receives a location parameter with the code location that generated the warning.
* pytester: the testdir fixture respects environment settings from the monkeypatch fixture for inner runs.
* --fulltrace is honored with collection errors.
* Make --showlocals work also with --tb=short.
* Add support for matching lines consecutively with LineMatcher窶冱 fnmatch_lines() and re_match_lines().
* Code is now highlighted in tracebacks when pygments is installed.
Users are encouraged to install pygments into their environment and provide feedback, because the plan is to make pygments a regular dependency in the future.
* Import usage error message with invalid -o option.
* pytest.mark.parametrize supports iterators and generators for ids.

Bug Fixes
* Add support for calling pytest.xfail() and pytest.importorskip() with doctests.
* --trace now works with unittests.
* Fixed some warning reports produced by pytest to point to the correct location of the warning in the user窶冱 code.
* Fix --last-failed to collect new tests from files with known failures.
* Report PytestUnknownMarkWarning at the level of the user窶冱 code, not pytest窶冱.
* Fix interaction with --pdb and unittests: do not use unittest窶冱 TestCase.debug().
* Fix summary entries appearing twice when f/F and s/S report chars were used at the same time in the -r command-line option (for example -rFf).
The upper case variants were never documented and the preferred form should be the lower case.
* Fallback to green (instead of yellow) for non-last items without previous passes with colored terminal progress indicator.
* --disable-warnings is honored with -ra and -rA.
* Fix bug in the comparison of request key with cached key in fixture.
A construct if key == cached_key: can fail either because == is explicitly disallowed, or for, e.g., NumPy arrays, where the result of a == b cannot generally be converted to bool. The implemented fix replaces == with is.
* Make capture output streams .write() method return the same return value from original streams.
* Fix EncodedFile.writelines to call the underlying buffer窶冱 writelines method.
* Fix internal crash when faulthandler starts initialized (for example with PYTHONFAULTHANDLER=1 environment variable set) and faulthandler_timeout defined in the configuration file.
* Fix node ids which contain a parametrized empty-string variable.
* Assertion rewriting hooks are (re)stored for the current item, which fixes them being still used after e.g. pytester窶冱 testdir.runpytest etc.
* pytest.exit() is handled when emitted from the pytest_sessionfinish hook. This includes quitting from a debugger.
* When pytest.raises() is used as a function (as opposed to a context manager), a match keyword argument is now passed through to the tested function. Previously it was swallowed and ignored (regression in pytest 5.1.0).
* Do not display empty lines inbetween traceback for unexpected exceptions with doctests.
* The testdir fixture works within doctests now.

Improved Documentation
* Add list of fixtures to start of fixture chapter.
* Expand first sentence on fixtures into a paragraph.
Trivial/Internal Changes
* Remove usage of parser module, deprecated in Python 3.9.

(adam)

py-test4: added version 4.6.10

pytest 4.6.10:

Features
- New ``Config.invocation_args`` attribute containing the unchanged arguments passed to ``pytest.main()``.
  Remark: while this is technically a new feature and according to our `policy <https://docs.pytest.org/en/latest/py27-py34-deprecation.html#what-goes-into-4-6-x-releases>`_ it should not have been backported, we have opened an exception in this particular case because it fixes a serious interaction with ``pytest-xdist``, so it can also be considered a bugfix.

Trivial/Internal Changes
- Remove usage of ``parser`` module, deprecated in Python 3.9.

pytest 4.6.9:

Bug Fixes
- Fix assertion rewriting for egg-based distributions and ``editable`` installs (``pip install --editable``).

pytest 4.6.8:

Features
- JUnit XML now includes a timestamp and hostname in the testsuite tag.

Bug Fixes
- junitxml: Logs for failed test are now passed to junit report in case the test fails during call phase.

Trivial/Internal Changes
- Pin ``colorama`` to ``0.4.1`` only for Python 3.4 so newer Python versions can still receive colorama updates.

pytest 4.6.7:

Bug Fixes
- The XML file produced by ``--junitxml`` now correctly contain a ``<testsuites>`` root element.
-  Properly ignore ``FileNotFoundError`` (``OSError.errno == NOENT`` in Python 2) exceptions when trying to remove old temporary directories,
  for instance when multiple processes try to remove the same directory (common with ``pytest-xdist``
  for example).

(adam)

Updated finance/py-braintree, devel/py-distorm3

(adam)

py-distorm3: updated to 3.4.4

3.4.4:
Update __init__.py
Fixed decompose wrapper bug.

(adam)

py-braintree: updated to 4.1.0

4.1.0
Add DisputeAccepted, DisputeDisputed, and DisputeExpired webhook constants
Add three_d_secure_pass_thru to CreditCard.create, CreditCard.update, PaymentMethod.create, PaymentMethod.update, Customer.create, and Customer.update.
Add Verification validation errors for 3D Secure
Add payment_method_token to CreditCardVerificationSearch
Add recurring_customer_consent and recurring_max_amount to authentication_insight_options for PaymentMethodNonce.create
Add FileIsEmpty error code
Eliminates usage of mutable objects for function parameters.

(adam)

Updated devel/py-guppy3, databases/py-redis

(adam)

py-redis: updated to 3.5.2

3.5.2:
* Tune the locking in ConnectionPool.get_connection so that the lock is
  not held while waiting for the socket to establish and validate the
  TCP connection.

(adam)

py-guppy3: updated to 3.0.10.1

3.0.10:
* Skip modules that don't have __dict__ attributes
* Replace a few instances of ZeroDivisionError with inspect.currentframe()

(adam)

Updated multimedia/libdvdread, sysutils/py-crontab, devel/py-more-itertools, www/py-hstspreload

(adam)

py-hstspreload: updated to 2020.5.16

2020.5.16:
Sync with Chromium repository.

(adam)

py-more-itertools: updated to 8.3.0

8.3.0

* New itertools
    * :func:`zip_equal`

* Changes to existing itertools:
    * :func:`split_at`, :func:`split_before`, :func:`split_after`, and :func:`split_when` all got a ``maxsplit`` paramter
    * :func:`split_at` now accepts a ``keep_separator`` parameter
    * :func:`distinct_permutations` can now generate ``r``-length permutations
    * The :func:`windowed` implementation was improved
    * The :func:`spy` implementation was improved

* Other changes
    * Type stubs are now tested with ``stubtest``
    * Tests now run with ``python -m unittest`` instead of ``python setup.py test``

(adam)

py-crontab: updated to 2.5.0

2.5.0:
Unknown changes

(adam)

libdvdread: updated to 6.1.1

libdvdread (6.1.1)
* Fix the soversion following ABI breakage

(adam)

postgresql10-server: fix PLIST

(adam)

postgresql11-server: fix PLIST

(adam)

postgresql12-client: fix PLIST

(adam)

postgresqlNN: updated to 12.3, 11.8, 10.13, 9.6.18, and 9.5.22

(adam)

postgresqlNN: updated to 12.3, 11.8, 10.13, 9.6.18, and 9.5.22

PostgreSQL 12.3, 11.8, 10.13, 9.6.18, and 9.5.22 Released!

Posted on 2020-05-14 by PostgreSQL Global Development Group
The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 12.3, 11.8, 10.13, 9.6.18, and 9.5.22. This release fixes one security issue found in the PostgreSQL server and over 75 bugs reported over the last three months.

Please plan to update at your earliest convenience.

Security Issues

CVE-2020-10733: Windows installer runs executables from uncontrolled directories.
Versions Affected: 9.5 - 12. The security team does not test unsupported versions, but this issue existed before PostgreSQL 9.5.

The Windows installer for PostgreSQL invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer's administrative rights.

The PostgreSQL project thanks Hou JingYi (@hjy79425575) for reporting this problem.

Bug Fixes and Improvements

This update also fixes over 75 bugs that were reported in the last several months. Some of these issues affect only version 12, but may also affect all supported versions.

Some of these fixes include:

Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input.
Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes.
Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects.
Allow for a partition to be detached when it has inherited ROW triggers.
Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails.
Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression.
Fix performance regression in floating point overflow/underflow detection.
Several fixes for full text search, particularly with phrase searching.
Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause.
Several reporting fixes for the output of VACUUM VERBOSE.
Allow input of type circle to accept the format (x,y),r, which is specified in the documentation.
Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB.
Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived.
Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines.
Several fixes for logical replication and replication slots.
Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting.
Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption.
Ensure that members of the pg_read_all_stats role can read all statistics views.
Fix performance regression in information_schema.triggers view.
Fix memory leak in libpq when using sslmode=verify-full.
Fix crash in psql when attempting to re-establish a failed connection.
Allow tab-completion of the filename argument to \gx command in psql.
Add pg_dump support for ALTER ... DEPENDS ON EXTENSION.
Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end.
Ensure pg_basebackup generates valid tar files.
pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version
Several Windows compatibility fixes
This update also contains tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions.

(adam)

Updated lang/python38, lang/py38-html-docs, devel/py-setuptools, databases/py-multidict, www/py-sanic

(adam)

py-sanic: updated to 20.3.0

20.3.0:
Unknown changes

(adam)

py-multidict: updated to 4.7.6

4.7.6:
Bugfixes
- Fixed an issue with some versions of the ``wheel`` dist
  failing because of being unable to detect the license file.

(adam)

py-setuptools: updated to 44.1.0

v44.1.0
* Set sys.argv[0] in setup script run by build_meta.__legacy__
* Fix for Python 4: replace unsafe six.PY3 with six.PY2
* Fixed a bug in the "setuptools.finalize_distribution_options" hook that lead to ignoring the order attribute of entry points managed by this hook.

(adam)

python38: updated to 3.8.3

Python 3.8.3 final

Core and Builtins
bpo-40527: Fix command line argument parsing: no longer write errors multiple times into stderr.
bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.
bpo-39562: The constant values of future flags in the __future__ module are updated in order to prevent collision with compiler flags. Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with CO_FUTURE_DIVISION.

Library
bpo-40559: Fix possible memory leak in the C implementation of asyncio.Task.
bpo-40355: Improve error reporting in ast.literal_eval() in the presence of malformed ast.Dict nodes instead of silently ignoring any non-conforming elements. Patch by Curtis Bucher.
bpo-40459: platform.win32_ver() now produces correct ptype strings instead of empty strings.
bpo-40398: typing.get_args() now always returns an empty tuple for special generic aliases.

Documentation
bpo-40561: Provide docstrings for webbrowser open functions.
bpo-39435: Fix an incorrect signature for pickle.loads() in the docs

Windows
bpo-40458: Increase reserved stack space to prevent overflow crash on Windows.

C API
bpo-40412: Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing.

(adam)

Updated misc/py-immutables, www/py-w3lib

(adam)

py-w3lib: updated to 1.22.0

1.22.0:
- Python 3.4 is no longer supported
- :func:`w3lib.url.safe_url_string` now supports an optional ``quote_path``
  parameter to disable the percent-encoding of the URL path
- :func:`w3lib.url.add_or_replace_parameter` and
  :func:`w3lib.url.add_or_replace_parameters` no longer remove duplicate
  parameters from the original query string that are not being added or
  replaced
- :func:`w3lib.html.remove_tags` now raises a :exc:`ValueError` exception
  instead of :exc:`AssertionError` when using both the ``which_ones`` and the
  ``keep`` parameters
- Test improvements
- Documentation improvements
- Code cleanup

(adam)

py-immutables: updated to 0.13

v0.13:
Bugfixes
Various improvements w.r.t. type annotations & typing
Fix pure-Python implementation to accept keyword argument

(adam)

Updated textproc/py-toml, net/py-xandikos

(adam)

py-xandikos: updated to 0.2.2

0.2.2:
* Fix use of xandikos.wsgi module in uwsgi.

(adam)

py-toml: updated to 0.10.1

0.10.1:
Update copyright notices

(adam)

Updated security/py-cybox, security/py-stix

(adam)

py-stix: updated to 1.2.0.10

Version 1.2.0.10
- Check add_reference methods to prevent NoneType has no attribute 'append'
- Changes to STIXPackage to prevent the empty <stix:TTPs/> tag from appearing in serialization

Version 1.2.0.9
- TTPs would fail to serialize XML Kill_Chains if no TTP was set
- Added Python 3.8 to test harness

Version 1.2.0.8
- Add xnl:Type to the PersonName element (CIQ)
- Update the allowable values for PersonName and OrganisationName
- Update tests per recent CybOX release

Version 1.2.0.7
- Update package requirements

(adam)

py-cybox: updated to 2.1.0.21

Version 2.1.0.21
- New API Objects Support
- 8 New Objects API Classes
- 12 New Common API Classes
- Observable DefinedEffects
- More tests to cover new or existent objects
- Update documentation and coverage
- Rename module cybox/objects/{win_user_object.py → win_user_account_object.py} for consistency
- Some objects have been revised for TypedFields and/or new properties are now available

Version 2.1.0.20
- Fix parsing if algorithm, compression_mechanism, or encryption_mechanism are not present in Factories
- Factory classes now have a register_extension method decorator to extend API classes for the pack/unpack functionality
- The factory will fallback to the Base class when no mapping is found

Version 2.1.0.19
- Implement the Packaging attribute from Artifacts as a TypedField
- Fix a wrapping problem with one of the helper methods for ipv4 observables

Version 2.1.0.18
- Add missing methods to ListFieldMixin.
- Fix handling of empty Hash values.

(adam)

Updated textproc/fmtlib, math/py-lmfit

(adam)

py-lmfit: updated to 1.0.1

Version 1.0.1 Release Notes
============================

**Version 1.0.1 is the last release that supports Python 3.5**. All newer version will
require 3.6+ so that we can use formatting-strings and rely on dictionaries being ordered.

New features:
- added thermal distribution model and lineshape
- introduced a new argument ``max_nfev`` to uniformly specify the maximum number of function evalutions
  **Please note: all other arguments (e.g., ``maxfev``, ``maxiter``, ...) will no longer be passed to the underlying
  solver. A warning will be emitted stating that one should use ``max_nfev``.**
- the attribute ``call_kws`` was added to the ``MinimizerResult`` class and contains the keyword arguments that are
  supplied to the solver in SciPy.

Bug fixes:
- fixes to the ``load`` and ``__setstate__`` methods of the Parameter class
- fixed failure of ModelResult.dump() due to missing attributes
- ``guess_from_peak`` function now also works correctly with decreasing x-values or when using
  pandas
- the ``Parameter.set()`` method now correctly first updates the boundaries and then the value

Various:
- fixed typo for the use of expressions in the documentation
- removal of PY2-compatibility and unused code and improved test coverage
- removed deprecated ``isParameter`` function and automatic conversion of an ``uncertainties`` object
- inaccurate FWHM calculations were removed from built-in models, others labeled as estimates
- corrected spelling mistake for the Doniach lineshape and model
- removed unsupported/untested code for IPython notebooks in lmfit/ui/*

(adam)

fmtlib: updated to 6.2.1

6.2.1
Fixed ostream support in sprintf
Fixed type detection when using implicit conversion to string_view and ostream operator<< inconsistently

(adam)

Updated textproc/py-deepdiff, devel/py-curtsies

(adam)

py-curtsies: updated to 0.3.1

0.3.1:
Unknown changes

(adam)

py-deepdiff: updated to 4.3.2

v4-3-2: Deprecation Warning Enhancement
v4-3-1: Fixing the issue with exclude_path and hash calculations when dictionaries were inside iterables. https://github.com/seperman/deepdiff/issues/174
v4-3-0: adding exclude_obj_callback
v4-2-0: .json property is finally removed. Fix for Py3.10. Dropping support for EOL Python 3.4. Ignoring private keys when calculating hashes. For example init is not a part of hash calculation anymore. Fix for 166 Problem with comparing lists, with an boolean as element.
v4-0-9: Fixing the bug for hashing custom unhashable objects
v4-0-8: Adding ignore_nan_inequality for float('nan')

(adam)

Updated textproc/py-markovify, devel/py-pygit2

(adam)

py-pygit2: updated to 1.2.1

1.2.1:
- Fix segfault in ``Object.raw_name`` when not reached through a tree
- Internal: Use @ffi.def_extern instead of @ffi.callback
- Internal: callbacks code refactored
- Test suite completely switched to pytest
- New unit tests
- Documentation changes

Deprecations:
- Deprecate ``Repository.create_remote(...)``, use instead
  ``Repository.remotes.create(...)``
- Deprecate ``GIT_CREDTYPE_XXX`` contants, use ``GIT_CREDENTIAL_XXX`` instead.

(adam)

py-markovify: updated to 0.8.0

0.8.0:
Unknown changes

(adam)

Updated misc/py-immutables, math/py-ephem

(adam)

py-ephem: updated to 3.7.7.1

3.7.7.1:
Unknown changes

(adam)

py-immutables: updated to 0.12

v0.12:
Bug Fixes
Fix the mutation API to maintain elements count correctly

(adam)

Updated devel/py-requests-mock, www/py-waitress, www/py-WebTest, databases/py-redis

(adam)

py-redis: updated to 3.5.1

3.5.1:
Fix for HSET argument validation to allow any non-None key.

(adam)

py-WebTest: updated to 2.0.35

2.0.35:
- python3.8 compat
- Remove use of deprecated splittype and splithost

(adam)

py-waitress: updated to 1.4.3

1.4.3 (2020-02-02)
------------------

Security Fixes
~~~~~~~~~~~~~~

- In Waitress version 1.4.2 a new regular expression was added to validate the
  headers that Waitress receives to make sure that it matches RFC7230.
  Unfortunately the regular expression was written in a way that with invalid
  input it leads to catastrophic backtracking which allows for a Denial of
  Service and CPU usage going to a 100%.

  This was reported by Fil Zembowicz to the Pylons Project. Please see
  https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
  for more information.

1.4.2 (2020-01-02)
------------------

Security Fixes
~~~~~~~~~~~~~~

- This is a follow-up to the fix introduced in 1.4.1 to tighten up the way
  Waitress strips whitespace from header values. This makes sure Waitress won't
  accidentally treat non-printable characters as whitespace and lead to a
  potental HTTP request smuggling/splitting security issue.

  Thanks to ZeddYu Lu for the extra test cases.

  Please see the security advisory for more information:
  https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4

  CVE-ID: CVE-2019-16789

Bugfixes
~~~~~~~~

- Updated the regex used to validate header-field content to match the errata
  that was published for RFC7230.

  See: https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4189

1.4.1 (2019-12-24)
------------------

Security Fixes
~~~~~~~~~~~~~~

- Waitress did not properly validate that the HTTP headers it received were
  properly formed, thereby potentially allowing a front-end server to treat a
  request different from Waitress. This could lead to HTTP request
  smuggling/splitting.

  Please see the security advisory for more information:
  https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4

  CVE-ID: CVE-2019-16789

1.4.0 (2019-12-20)
------------------

Bugfixes
~~~~~~~~

- Waitress used to slam the door shut on HTTP pipelined requests without
  setting the ``Connection: close`` header as appropriate in the response. This
  is of course not very friendly. Waitress now explicitly sets the header when
  responding with an internally generated error such as 400 Bad Request or 500
  Internal Server Error to notify the remote client that it will be closing the
  connection after the response is sent.

- Waitress no longer allows any spaces to exist between the header field-name
  and the colon. While waitress did not strip the space and thereby was not
  vulnerable to any potential header field-name confusion, it should have sent
  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273

Security Fixes
~~~~~~~~~~~~~~

- Waitress implemented a "MAY" part of the RFC7230
  (https://tools.ietf.org/html/rfc7230#section-3.5) which states:

      Although the line terminator for the start-line and header fields is
      the sequence CRLF, a recipient MAY recognize a single LF as a line
      terminator and ignore any preceding CR.

  Unfortunately if a front-end server does not parse header fields with an LF
  the same way as it does those with a CRLF it can lead to the front-end and
  the back-end server parsing the same HTTP message in two different ways. This
  can lead to a potential for HTTP request smuggling/splitting whereby Waitress
  may see two requests while the front-end server only sees a single HTTP
  message.

  For more information I can highly recommend the blog post by ZeddYu Lu
  https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/

  Please see the security advisory for more information:
  https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p

  CVE-ID: CVE-2019-16785

- Waitress used to treat LF the same as CRLF in ``Transfer-Encoding: chunked``
  requests, while the maintainer doesn't believe this could lead to a security
  issue, this is no longer supported and all chunks are now validated to be
  properly framed with CRLF as required by RFC7230.

- Waitress now validates that the ``Transfer-Encoding`` header contains only
  transfer codes that it is able to decode. At the moment that includes the
  only valid header value being ``chunked``.

  That means that if the following header is sent:

  ``Transfer-Encoding: gzip, chunked``

  Waitress will send back a 501 Not Implemented with an error message stating
  as such, as while Waitress supports ``chunked`` encoding it does not support
  ``gzip`` and it is unable to pass that to the underlying WSGI environment
  correctly.

  Waitress DOES NOT implement support for ``Transfer-Encoding: identity``
  eventhough ``identity`` was valid in RFC2616, it was removed in RFC7230.
  Please update your clients to remove the ``Transfer-Encoding`` header if the
  only transfer coding is ``identity`` or update your client to use
  ``Transfer-Encoding: chunked`` instead of ``Transfer-Encoding: identity,
  chunked``.

  Please see the security advisory for more information:
  https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p

  CVE-ID: CVE-2019-16786

- While validating the ``Transfer-Encoding`` header, Waitress now properly
  handles line-folded ``Transfer-Encoding`` headers or those that contain
  multiple comma seperated values. This closes a potential issue where a
  front-end server may treat the request as being a chunked request (and thus
  ignoring the Content-Length) and Waitress using the Content-Length as it was
  looking for the single value ``chunked`` and did not support comma seperated
  values.

- Waitress used to explicitly set the Content-Length header to 0 if it was
  unable to parse it as an integer (for example if the Content-Length header
  was sent twice (and thus folded together), or was invalid) thereby allowing
  for a potential request to be split and treated as two requests by HTTP
  pipelining support in Waitress. If Waitress is now unable to parse the
  Content-Length header, a 400 Bad Request is sent back to the client.

  Please see the security advisory for more information:
  https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6

(adam)

py-requests-mock: updated to 1.8.0

1.8.0
* Remove requests 2.3 compatibility code
* Add release notes for reset function
* Add release note for session scoped mock
* Allow passing session as postiional argument
* Create bound method instead of a wrapper
* Added reset\_mock to \_RequestHistoryTracker and Adapter
* doc on session Mockers
* doc on nesting Mockers
* fix README.rst typo
* suggest Mocker for users unfamiliar with adapters
* update examples to mount adapter on 'mock://'
* fix global/session mock interactions and real\_http
* Added installation instructions
* Add release note for nested mocking
* fix redirects and mock nesting
* Mark IOReader object closed when using a stream
* Add the default response reason if not set
* Don't check that proxies are set in test
* Add StackOverflow tag to README
* Mention pytest fixture on the README
* Add background information to pytest doc
* docs: update examples to match Read the Docs
* Expose real\_http as a public property
* fix py27 error
* easier session scoped mock

(adam)

Updated textproc/py-jmespath, www/py-google-api-python-client

(adam)

py-google-api-python-client: updated to 1.8.3

1.8.3:
Bug Fixes
downgrade repetitive logging calls to debug

(adam)

py-jmespath: updated to 0.10.0

0.10.0
Python 2.6 and 3.3 have reached end-of-life and have been deprecated.
Fix race condition when clearing cached parsed expressions.

(adam)

Updated security/py-argon2-cffi, time/py-tzlocal, net/py-onionbalance, devel/py-importlib-resources

(adam)

py-importlib-resources: updated to 1.5.0

v1.5.0
* Traversable is now a Protocol instead of an Abstract Base
  Class (Python 2.7 and Python 3.8+).
* Traversable objects now require a ``.name`` property.

(adam)

py-onionbalance: updated to 0.2.0

0.2.0
Allow migration from Tor to Onionbalance by reading tor private keys directly using the ���key��� directive in the YAML config file. Also update onionbalance-config to support that.
Improve onionbalance-config for v3 onions. Simplify the output directory (and change docs to reflect so) and the wizard suggestions.

0.1.9
Initial support for v3 onions!

(adam)

py-tzlocal: updated to 2.1

2.1:
- No changes.

2.1b1:
- The is_dst flag is wrong for Europe/Dublin on some Unix releases.
  I changed to another way of determining if DST is in effect or not.
- Added support for Python 3.7 and 3.8. Dropped 3.5 although it still works.

(adam)

py-argon2-cffi: updated to 20.1.0

20.1.0:
It is now possible to manually override the detection of SSE2 using the ARGON2_CFFI_USE_SSE2 environment variable.

(adam)

libsoup: needs c99

(adam)

Updated net/py-aiormq, net/py-zmq

(adam)

py-zmq: updated to 19.0.1

19.0.1
- Fix TypeError during garbage collection
- Fix compilation with some C++ compilers
- Fixes in tests and examples

(adam)

py-aiormq: updated to 3.2.2

3.2.2:
Unknown changes

(adam)

Updated devel/py-llvmlite, math/py-numba

(adam)

py-numba: updated to 0.49.1

Version 0.49.1:

This is a bugfix release for 0.49.0, it fixes some residual issues with SSA form, a critical bug in the branch pruning logic and a number of other smaller issues:

* Fixed Threading Implementation Typos
* Fixes Remove references to cffi_support from docs and examples
* Fix invalid type in resolve for comparison expr in parfors.
* Fix erroneous rewrite of predicate to bit const on prune.
* Fixes SSA local def scan based on invalid equality assumption.
* Fixes naming error in array_exprs
* Fix. Incorrect race variable detection due to SSA naming.
* Make literal_unroll function work as a freevar.
* Unset the memory manager after EMM Plugin tests
* Fix some SSA issues
* Pin to sphinx=2.4.4 to avoid problem with C declaration
* Fix unifying undefined first class function types issue
* Update example in 5m guide WRT SSA type stability.
* Restore numba.types as public API

(adam)

py-llvmlite: include prefs

(adam)

py-llvmlite: updated to 0.32.1

v0.32.1:
Trove classifiers may be out of date.
Add FAQ entry on LLVM version support.
Adds override for LLVM version check, re-formats docs.

(adam)

Updated devel/py-pebble, net/py-botocore, net/py-boto3, net/py-awscli

(adam)

py-awscli: updated to 1.18.57

1.18.57
api-change:ec2: Update ec2 command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version
api-change:kendra: Update kendra command to latest version

1.18.56
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:guardduty: Update guardduty command to latest version

1.18.55
api-change:ssm: Update ssm command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:logs: Update logs command to latest version
api-change:codebuild: Update codebuild command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:lightsail: Update lightsail command to latest version
api-change:route53: Update route53 command to latest version

1.18.54
api-change:codestar-connections: Update codestar-connections command to latest version
api-change:comprehendmedical: Update comprehendmedical command to latest version

1.18.53
api-change:ec2: Update ec2 command to latest version
api-change:ssm: Update ssm command to latest version
api-change:support: Update support command to latest version

1.18.52
api-change:s3control: Update s3control command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:apigateway: Update apigateway command to latest version

1.18.51
api-change:ssm: Update ssm command to latest version
api-change:efs: Update efs command to latest version

1.18.50
api-change:iot: Update iot command to latest version
api-change:lambda: Update lambda command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:schemas: Update schemas command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version

(adam)

py-boto3: updated to 1.13.7

1.13.7
api-change:kendra: [botocore] Update kendra client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codeguru-reviewer: [botocore] Update codeguru-reviewer client to latest version

1.13.6
api-change:sagemaker: [botocore] Update sagemaker client to latest version
api-change:guardduty: [botocore] Update guardduty client to latest version
api-change:resourcegroupstaggingapi: [botocore] Update resourcegroupstaggingapi client to latest version

1.13.5
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:codebuild: [botocore] Update codebuild client to latest version
api-change:lightsail: [botocore] Update lightsail client to latest version
api-change:route53: [botocore] Update route53 client to latest version
api-change:appconfig: [botocore] Update appconfig client to latest version
api-change:logs: [botocore] Update logs client to latest version

1.13.4
api-change:codestar-connections: [botocore] Update codestar-connections client to latest version
api-change:comprehendmedical: [botocore] Update comprehendmedical client to latest version

1.13.3
api-change:support: [botocore] Update support client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version

1.13.2
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:ec2: [botocore] Update ec2 client to latest version
api-change:s3control: [botocore] Update s3control client to latest version

1.13.1
api-change:efs: [botocore] Update efs client to latest version
api-change:ssm: [botocore] Update ssm client to latest version

1.13.0
api-change:schemas: [botocore] Update schemas client to latest version
api-change:iot: [botocore] Update iot client to latest version
api-change:lambda: [botocore] Update lambda client to latest version
api-change:storagegateway: [botocore] Update storagegateway client to latest version
api-change:iotevents: [botocore] Update iotevents client to latest version
feature:Exceptions: [botocore] Added support for parsing modeled exception fields.
api-change:mediaconvert: [botocore] Update mediaconvert client to latest version

(adam)

py-botocore: updated to 1.16.7

1.16.7
api-change:kendra: Update kendra client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer client to latest version

1.16.6
api-change:sagemaker: Update sagemaker client to latest version
api-change:guardduty: Update guardduty client to latest version
api-change:resourcegroupstaggingapi: Update resourcegroupstaggingapi client to latest version

1.16.5
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:codebuild: Update codebuild client to latest version
api-change:lightsail: Update lightsail client to latest version
api-change:route53: Update route53 client to latest version
api-change:appconfig: Update appconfig client to latest version
api-change:logs: Update logs client to latest version

1.16.4
api-change:codestar-connections: Update codestar-connections client to latest version
api-change:comprehendmedical: Update comprehendmedical client to latest version

1.16.3
api-change:support: Update support client to latest version
api-change:ssm: Update ssm client to latest version
api-change:ec2: Update ec2 client to latest version

1.16.2
api-change:apigateway: Update apigateway client to latest version
api-change:ec2: Update ec2 client to latest version
api-change:s3control: Update s3control client to latest version

1.16.1
api-change:efs: Update efs client to latest version
api-change:ssm: Update ssm client to latest version

1.16.0
api-change:schemas: Update schemas client to latest version
api-change:iot: Update iot client to latest version
api-change:lambda: Update lambda client to latest version
api-change:storagegateway: Update storagegateway client to latest version
api-change:iotevents: Update iotevents client to latest version
feature:Exceptions: Added support for parsing modeled exception fields.
api-change:mediaconvert: Update mediaconvert client to latest version

(adam)

py-pebble: updated to 4.5.3

release 4.5.3
Fixes:
- rework versioning logic

(adam)

Updated finance/py-stripe, textproc/py-markdown2, security/py-google-auth, www/py-django3

(adam)

py-django3: updated to 3.0.6

3.0.6:
Fixed a regression in Django 3.0 that caused a crash when filtering a Subquery() annotation of a queryset containing a single related field against a SimpleLazyObject.

(adam)

py-google-auth: updated to 1.14.3

1.14.3:
Bug Fixes
catch exceptions.RefreshError

(adam)

py-markdown2: updated to 2.3.9

python-markdown2 2.3.9
- Added header support for wiki tables
- Reset _toc when convert is run
- XSS fix
- XSS fix

(adam)

py-stripe: updated to 2.48.0

2.48.0:
Add support for the `LineItem` resource and APIs

(adam)

Updated devel/py-codestyle, devel/py-flake8

(adam)

py-flake8: updated to 3.8.1

3.8.1:
Bugs Fixed
- Fix ``--output-file``

3.8.0:
Bugs Fixed
- Fix logical checks which report positions out of bounds
- Fix ``--exclude=.*`` accidentally matching ``.`` and ``..``

Deprecations
- Add deprecation message for vcs hooks

3.8.0a2:
Bugs Fixed
- Fix ``type="str"`` optparse options

3.8.0a1:

New Dependency Information
- Remove dependency on ``entrypoints`` and add dependency on
  ``importlib-metadata`` (only for ``python<3.8``)
- Pyflakes has been updated to >= 2.2.0, < 2.3.0
- pycodestyle has been updated to >= 2.6.0a1, < 2.7.0

Features
- Add ``--extend-exclude`` option to add to ``--exclude`` without overwriting
- Move argument parsing from ``optparse`` to ``argparse``
- Group plugin options in ``--help``
- Remove parsing of ``verbose`` from configuration files as it was not
  consistently applied
- Remove parsing of ``output_file`` from configuration files as it was not
  consistently applied
- Resolve configuration files relative to ``cwd`` instead of common prefix of
  passed filenames.  You may need to change ``flake8 subproject`` to
  ``cd subproject && flake8 .``
- Officially support python3.8
- ``--disable-noqa`` now also disables ``# flake8: noqa``
- Ensure that a missing file produces a ``E902`` error
- ``# noqa`` comments now apply to all of the lines in an explicit ``\``
  continuation or in a line continued by a multi-line string

Bugs Fixed
- Fix ``--exclude=./t.py`` to only match ``t.py`` at the top level
- Fix ``--show-source`` when a file is indented with tabs
- Fix crash when ``--max-line-length`` is given a non-integer
- Prevent flip-flopping of ``indent_char`` causing extra ``E101`` errors
- Only enable multiprocessing when the method is ``fork`` fixing issues
  on macos with python3.8+
- ``noqa`` is now only handled by flake8 fixing specific-noqa.  Plugins
  requesting this parameter will always receive ``False``
- Fix duplicate loading of plugins when invoked via ``python -m flake8``
- Fix early exit when ``--exit-zero`` and ``--diff`` are provided and the diff
  is empty
- Consistently split lines when ``\f`` is present when reading from stdin

Deprecations
- ``python setup.py flake8`` (setuptools integration) is now deprecated and
  will be removed in a future version
- ``type='string'`` (optparse) types are deprecated, use
  ``type=callable`` (argparse) instead.  Support for ``type='string'`` will
  be removed in a future version
- ``%default`` in plugin option help text is deprecated, use ``%(default)s``
  instead.  Support for ``%default`` will be removed in a future version
- optparse-style ``action='callback'`` setting for options is deprecated, use
  argparse action classes instead.  This will be removed in a future version

(adam)

py-codestyle: updated to 2.6.0

2.6.0:

Changes:
* E306: fix detection inside ``async def``.
* E301: fix regression disallowing decorated one-liners.
* E714: fix false positive with chained ``is not``.

2.6.0a1:

New checks:
* E225: require whitespace around ``and`` ``in`` ``is`` and ``or``.

Changes:
* E117: fix indentation using tabs by treating as 8-space indents.
* E721: fix false positive with names containg ``istype``.
* E741: allow ``l`` as a named argument in a function call.
* E302: fix false-negative with decorated functions.
* W504: ellipsis (``...``) is no longer treated as a binary operator.
* E402: allow ``with``, ``if``, ``elif``, ``else`` to guard imports.
* Add support for assignment expressions ``:=`` (PEP 572).
* Add support for positional-only arguments ``/`` (PEP 570).
* Add support for python 3.8.
* Add support for matrix multiplication operator ``@`` (PEP 465).
* Support visual indent for continuation lines for ``with`` / ``assert`` /
  ``raise``.
* E302: allow two blank lines after a block of one-liners.
* E302: allow two-and-fewer newlines at the top of the file.

(adam)

Updated finance/libofx; Removed textproc/libxml++1

(adam)

libxml++1: removed; successor textproc/libxml++

(adam)

libofx: updated to 0.9.15

LibOFX 0.9.15:
- Fix segfault on uninitialized iconv
- Make file format less stringent
- Minor fixes in the build system

LibOFX 0.9.14:
- Fix proprietary tags striping eating the content of the previous tag if
  proprietary tag is in the middle of the line
- Don't output invalid line numbers on the console before SGML processing starts

LibOFX 0.9.13:
- Fix potential heap overflow
- Fix crash on some malformed ofx files
- Fix crash in ofxconnect on missing command line arguments
- Fix for daylight savings time handling
- Easier compile on macos:  obey LIBTOOLIZE env variable, and fallback to glibtoolize
- Fix compile on win32 (mingw-w64)
- Performance an reliability fixes in header parsing
- Strip CATEGORY tag added by Chase bank

LibOFX 0.9.12:
- Fix a buffer overflow on unexpected tag names.

LibOFX 0.9.11:
- Add support for client uid, from KDE bug 366326

(adam)

gnucash: fix building - add missing include

(adam)

py-sanic: fix for newer httpx

(adam)

Updated textproc/jansson, sysutils/py-magic

(adam)

py-magic: updated to 0.4.18

Changes in 0.4.18

- Make bindings for magic_[set|get]param optional, and throw NotImplementedError
if they are used but not supported.  Only call setparam() in the constructor if
it's supported. This prevents breakage on CentOS7 which uses an old version of
libmagic.

- Add tests for CentOS 7 & 8

Changes in 0.4.16 and 0.4.17

- add MAGIC_MIME_TYPE constant, use that in preference to MAGIC_MIME internally.
This sets up for a breaking change in a future major version bump where
MAGIC_MIME will change to mathch magic.h.
- add magic.version() function to return library version
- add setparam/getparam to control internal behavior
- increase internal limits with setparam to prevent spurious error on some jpeg files
- various setup.py improvements to declare modern python support
- support MSYS2 magic dlls
- fix warning about using 'is' on an int in python 3.8
- include tests in source distribution

- many test improvements:
-- tox runner support
-- remove deprecated test_suite field from setup.py
-- docker tests that cover all LTS ubuntu versions
-- add test for snapp file identification

- doc improvements
-- document dependency install process for debian
-- various typos
-- document test running process

(adam)

jansson: updated to 2.13.1

Version 2.13.1
* Build:
  - Include `jansson_version_str()` and `jansson_version_cmp()` in
    shared library.
  - Include `scripts/` in tarball.

(adam)

Updated lang/npm, lang/nodejs, lang/nodejs12

(adam)

nodejs12: updated to 12.16.3

Version 12.16.3 'Erbium' (LTS), @targos

Notable Changes

Dependencies:
Updated OpenSSL to 1.1.1g
Updated c-ares to 1.16.0
Updated experimental uvwasi to 0.0.6

ESM (experimental):
Additional warnings are no longer printed for modules that use conditional exports or package name self resolution

(adam)

nodejs: updated to 14.2.0

Version 14.2.0 (Current)

Notable Changes
* Track function calls with assert.CallTracker (experimental)
* Console groupIndentation option

(adam)

npm: updated to 6.14.5

6.14.5:
BUG FIXES
fix: relativize file links when inflating shrinkwrap
fix: npm init help output

(adam)

Updated net/py-lexicon, security/py-acme, security/py-certbot*

(adam)

py-acme/py-certbot*: updated to 1.4.0

1.4.0:

Added

* Turn off session tickets for apache plugin by default when appropriate.
* Added serial number of certificate to the output of `certbot certificates`
* Expose two new environment variables in the authenticator and cleanup scripts used by
  the `manual` plugin: `CERTBOT_REMAINING_CHALLENGES` is equal to the number of challenges
  remaining after the current challenge, `CERTBOT_ALL_DOMAINS` is a comma-separated list
  of all domains challenged for the current certificate.
* Added TLS-ALPN-01 challenge support in the `acme` library. Support of this
  challenge in the Certbot client is planned to be added in a future release.
* Added minimal proxy support for OCSP verification.
* On Windows, hooks are now executed in a Powershell shell instead of a CMD shell,
  allowing both `*.ps1` and `*.bat` as valid scripts for Certbot.

Changed

* Reorganized error message when a user entered an invalid email address.
* Stop asking interactively if the user would like to add a redirect.
* `mock` dependency is now conditional on Python 2 in all of our packages.
* Deprecate certbot-auto on Gentoo, macOS, and FreeBSD.

Fixed

* When using an RFC 8555 compliant endpoint, the `acme` library no longer sends the
  `resource` field in any requests or the `type` field when responding to challenges.
* Fix nginx plugin crash when non-ASCII configuration file is being read (instead,
  the user will be warned that UTF-8 must be used).
* Fix hanging OCSP queries during revocation checking - added a 10 second timeout.
* Standalone servers now have a default socket timeout of 30 seconds, fixing
  cases where an idle connection can cause the standalone plugin to hang.
* Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line
  endings. This should fix interoperability with Buypass' services.

More details about these changes can be found on our GitHub repo.

(adam)

py-lexicon: updated to 3.3.22

v3.3.22
Additional security to prevent unexpected DNS change
prevent merge issues
make the pylint happy
some more pylint fixes
Fix lint
Finish the new implementation
Fix lint

v3.3.21
With apologies to the linter
Update and fix tests
Fix lint

v3.3.20
Fix lint error
Adding a new hetzner provider compatible with dns.hetzner.com

(adam)

py-demjson: fix building with Python 2.7; clean-up

(adam)

Updated www/libsass, textproc/jansson

(adam)

jansson: updated to 2.13

Version 2.13

* New Features:
  - Add `jansson_version_str()` and `jansson_version_cmp()` for runtime
    version checking
  - Add `json_object_update_new()`, `json_object_update_existing_new()`
    and `json_object_update_missing_new()` functions
  - Add `json_object_update_recursive()`

* Build:
  - Add ``-Wno-format-truncation`` to suppress format truncation warnings

* Bug fixes:
  - Remove ``strtod`` macro definition for MinGW
  - Add infinite loop check in `json_deep_copy()`
  - Add ``pipe`` macro definition for MinGW
  - Enhance ``JANSSON_ATTRS`` macro to support earlier C standard(C89)
  - Update version detection for sphinx-build

* Documentation:
  - Fix typos
  - Document that call the custom free function to free the return value
    of `json_dumps()` if you have a custom malloc/free
  - Add vcpkg installation instructions
  - Document that non-blocking file descriptor is not supported on

(adam)

libsass: updated to 3.6.4

3.6.4:
Fix parenthesization for selector schema and real parents
Add deprecation warning for global variable creation
Ensure correct output order of compound selectors
Handle loaded source code as shared objects
New custom memory allocator - disabled for now
Add back C-API getters for plugin paths
Fix abspath handling on windows without directory
Fix various edge case crashes
Fix segfault on directive ruleset
Fix heap-buffer-overflow in lexer
Fix stack-overflow in parser
Fix memory leak in parser
Fix memory leak in evaluation
Fix memory handling edge case
Fix some null pointer access crashes
Preparations for ongoing refactoring

(adam)

Updated devel/pangomm, x11/gtkmm3

(adam)

gtkmm3: updated to 3.24.2

3.24.2 (stable):

Gdk:
* Window::create_similar_surface(): Fix a memory leak.
* Suppress warnings from deprecated GTimeVal in
    PixbufAnimation::get_iter()
    PixbufAnimationIter::advance()

Gtk:
* Fix memory leaks in
    IconTheme::list_icons()
    IconView::get_selected_icons()
    RecentManager::get_items()

Documentation:
* Gtk::Builder: Describe how to use it together with Glib::Property.

Demos:
* Fix the source code listing.

(adam)

pangomm: updated to 2.42.1

2.42.1 (stable):

* Coverage: Ignore deprecations of pango functions
  (so it can be used with the latest versions of pango)
* Layout::get_lines(): Fix ownership of the GSList
* pango/src/color.hg: Fix call to _CLASS_BOXEDTYPE_STATIC

Build:
* tools/gen_scripts: Update for non-source-dir builds
* Add support for building pangomm with Meson
* meson.build: Check if .git is a directory or file
* NMake Makefiles: Allow builds from a GIT checkout
* The fixed call to _CLASS_BOXEDTYPE_STATIC in color.hg
  is necessary in order to use glibmm 2.64.0 or later,
  combined with maintainer-mode in pangomm.

(adam)

Updated devel/py-pebble, net/py-zeroconf

(adam)

py-zeroconf: updated to 0.26.1

0.26.1:
Fixed a performance regression introduced in 0.26.0

(adam)

py-pebble: updated to 4.5.2

4.5.2:
Fixes:
- silence spurious error message when stopping ProcessPool.

(adam)

Updated databases/mysql57-client, databases/mysql57-server

(adam)

mysql57: updated to 5.7.30

Changes in MySQL 5.7.30:

JSON Notes

The rapidjson library included with MySQL has been upgraded to the GitHub snapshot of 16 January 2020. A fix for a compiler error encountered when building from the snapshot on Mac OS X has been added.

Packaging Notes

Binary packages that include curl rather than linking to the system curl library have been upgraded to use curl 7.69.0.

The bundled libedit library was upgraded to version 3.1.

Bugs Fixed

InnoDB: The row_upd_clust_rec_by_insert function, which marks a clustered index record as deleted and inserts an updated version of the record into the clustered index, passed an incorrect n_ext value (the total number of external fields) to lower level functions, causing an assertion failure.

InnoDB: An operation performed with the innodb_buffer_pool_evict debug variable set to uncompressed caused an assertion failure.

InnoDB: An add column operation caused an assertion failure. The failure was due to a dangling pointer.

InnoDB: Updating certain InnoDB system variables that take string values raised invalid read errors during Valgrind testing.

InnoDB: An insert statement on a table with a spatial index raised a record type mismatch assertion due to a tuple corruption.

InnoDB: A function that calculates undo log record size could calculate an incorrect length value in the case of a corrupted undo log record, resulting in a malloc failure. Assertion code was added to detect incorrect calculations.

Replication: While an SQL statement was in the process of being rewritten for the binary log so that sensitive information did not appear in plain text, if a SHOW PROCESSLIST statement was used to inspect the query, the query could become corrupted when it was written to the binary log, causing replication to stop. The process of rewriting the query is now kept private, and the query thread is updated only when rewriting is complete.

Replication: When a GRANT or REVOKE statement is only partially executed, an incident event is logged in the binary log, which makes the replication slave's applier thread stop so that the slave can be reconciled manually with the master. Previously, if a failed GRANT or REVOKE statement was the first statement executed in the session, no GTID was applied to the incident event (because the cache manager did not yet exist for the session), causing an error on the replication slave. Also, no incident event was logged in the situation where a GRANT statement created a user but then failed because the privileges had been specified incorrectly, again causing an error on the replication slave. Both these issues have now been fixed.

Replication: When a replication slave has a generated column that the master does not have in that table, with a secondary index on the generated column, the generated expression should be evaluated and the value stored by the storage engine in the secondary index. When row-based binary logging is in use, the replication slave assigns default values to any fields that are not in the master's definition of the table. In the case of a generated column, which does not have a default value, the slave was previously assigning a null or a zero value to the column. This value was then stored by the storage engine in the secondary index, causing both the table and the index to become corrupted. To fix this issue, generated columns in a table on a replication slave are now re-evaluated before the values are sent to the storage engine.

Replication: In the event of an unplanned disconnection of a replication slave from the master, the reference to the master's dump thread might not be removed from the list of registered slaves, in which case statements that accessed the list of slaves would fail. The issue has now been fixed.

Replication: With the settings binlog_format=MIXED, tx_isolation=READ-COMMITTED, and binlog_row_image=FULL, an INSERT ... SELECT query involving a transactional storage engine omitted any columns with a null value from the row image written to the binary log. This happened because when processing INSERT ... SELECT statements, the columns were marked for inserts before the binary logging format was selected. The issue has now been fixed.

The -libs-compat RPM package is now built with system zlib to avoid problems with unrestricted export of symbols in libmysqlclient.so.18.

The Event Scheduler had a memory leak.

Under certain circumstances, a memcached command could result in reading an uninitialized memory buffer, causing a failure.

Using ALTER USER to reset an account MAX_USER_CONNECTIONS value did not take effect until all current account connections terminated, if there were any.

A materialized subquery including a condition in which a column value was used as input to a nondeterministic function produced incorrect results.

CONCAT() and CONCAT_WS() could produce incorrect results in rare cases due to incorrect substring handling.

Scheduling of events could be disturbed by removing events.

Client programs could load authentication plugins from outside the plugin library.

The server did not handle correctly a UNION in which one of the queries contained a subquery that used ORDER BY.

A query with a WHERE clause whose predicate contained a numeric value in scientific notation was not handled correctly.

In addition, attempting to insert a particular integer specified as a string caused a server exit when the string-to-integer conversion was not successful.

Previously, mysqlpump read the [mysql_dump] and [client] groups from option files. mysqlpump now additionally reads the [mysqlpump] group. The [mysql_dump] group is still accepted but is deprecated.

A multi-table UPDATE statement which updated a table joined to a derived table that joined two other tables was not optimized properly as it had been in MySQL 5.6, instead being treated as if STRAIGHT_JOIN had been used with the subquery creating the derived table.

(adam)

Updated time/py-arrow, time/py-icalendar, net/py-xandikos, security/py-google-auth

(adam)

py-google-auth: updated to 1.14.2

1.14.2:
Bug Fixes
support string type response.data

(adam)

py-xandikos: updated to 0.2.1

0.2.1:
* Add missing dependencies in setup.py.
* Fix syntax errors in xandikos/store/vdir.py.
  (Unused, but breaks bytecompilation).

(adam)

py-icalendar: updated to 4.0.6

4.0.6:
Bug fixes:
- Use ``vText`` as default type, when convert recurrence definition to ical string.

(adam)

py-arrow: updated to 0.15.6

0.15.6:

- [NEW] Added support for parsing and formatting `ISO 8601 week dates <https://en.wikipedia.org/wiki/ISO_week_date>`_ via a new token ``W``, for example:

.. code-block:: python

    >>> arrow.get("2013-W29-6", "W")
    <Arrow [2013-07-20T00:00:00+00:00]>
    >>> utc=arrow.utcnow()
    >>> utc
    <Arrow [2020-01-23T18:37:55.417624+00:00]>
    >>> utc.format("W")
    '2020-W04-4'

- [NEW] Formatting with ``x`` token (microseconds) is now possible, for example:

.. code-block:: python

    >>> dt = arrow.utcnow()
    >>> dt.format("x")
    '1585669870688329'
    >>> dt.format("X")
    '1585669870'

- [NEW] Added ``humanize`` week granularity translation for German, Italian, Polish & Taiwanese locales.
- [FIX] Consolidated and simplified German locales.
- [INTERNAL] Moved testing suite from nosetest/Chai to pytest/pytest-mock.
- [INTERNAL] Converted xunit-style setup and teardown functions in tests to pytest fixtures.
- [INTERNAL] Setup Github Actions for CI alongside Travis.
- [INTERNAL] Help support Arrow's future development by donating to the project on `Open Collective <https://opencollective.com/arrow>`_.

(adam)

editline: remove useless patch

(adam)

revbump after boost update

(adam)

Updated boost to 1.73.0

(adam)

boost: updated to 1.73.0

1.73.0:

Known Issues
------------
These are patches from library authors which were found too late to be fixed in the release. Be careful as they have not been through the normal testing process.

New Libraries
-------------
Nowide:
Standard library functions with UTF-8 API on Windows, from Artyom Beilis.

StaticString:
A dynamically resizable string of characters with compile-time fixed capacity and contiguous embedded storage, from Vinnie Falco and Krystian Stasiowski

Updated Libraries
-----------------
Align:
* Update aligned_alloc to support older mingw32.
Any:
* Speedup compilation by not including <algorithm>.
* Maintenance work, including CI hardening.
Asio:
* Fixed compatibility with C++20 concept syntax.
* Marked the POSIX descriptor classes' move constructors as noexcept.
* Added the ssl::host_name_verification class, which is a drop-in replacement for ssl::rfc2818_verification. The ssl::rfc2818_verification class has been marked as deprecated. As a consequence of this change, SSL support now depends on functions that were introduced in OpenSSL 1.0.2.
* Added an ssl::context constructor to take ownership of a native handle.
* Changed C++ language version detection with gcc to use __cplusplus macro.
* Fixed a work counting issue in the asynchronous resolve operation for endpoints.
* Fixed the strand<> converting constructors and assignment operators.
* Ensured that resolvers are restarted correctly after a fork.
* Fixed compatibility with the current NetBSD release.
* Removed spurious handler requirement checks in some async_read overloads.
* Changed the ssl::context class to propagate non-EOF errors from the add_certificate_authority function.
* Fixed a Windows-specific thread_pool destructor hang that occurred when the pool had an associated I/O object.
* Changed the select reactor to recreate the "self pipe trick" sockets on error. This addresses an issue on some versions of Windows, where these sockets are discconected after a system sleep.
* Fixed a compile error in the buffered streams due to the lack of reference collapsing in C++98.
* Changed the priority_scheduler example to demonstrate calls to shutdown() and destroy().
* Removed some unnecessary null pointer checks.
* Changed Windows platform detection to recognise TV titles as Windows apps.
* Added some emscripten compatibility patches.
* Fixed a compile error in the use_awaitable_t::as_default_on function.
* Changed all uses of the boost.bind placeholders to use the boost::placeholders namespace.
* Fixed a potential compile error in the async_compose implementation due to incorrect overload selection.
* Suppressed some non-virtual destructor warnings.
* Various documentation fixes and improvements.
Assert:
* Added source_location.
Atomic:
* Implemented C++20 atomic_ref. See docs and especially the caveats section.
* Implemented atomic_flag::test operation, which was introduced in C++20.
* atomic<T> should now take into account alignment requirements of T, which makes a difference if those requirements are higher than that of the internal storage of atomic.
* Added static asserts enforcing the requirements on the value type T used with atomic and atomic_ref. This should prohibit invalid types from being used as atomics.
* Improved internal lock pool implementation. The pool is larger, and lock selection accounts for atomic object alignment, which should reduce the potential of thread contention.
* Fixed incorrect x86 code generated for bit_test_and_* operations on 8 and 16-bit arguments. Other architectures are not affected.
* Fixed a possible unaligned memory access in compare_exchange_* operations, if alignment requirements of value_type are less than that of the internal storage of atomic.
* boost/atomic/atomic.hpp no longer includes boost/atomic/atomic_flag.hpp and boost/atomic/fences.hpp and only defines the boost::atomic class template and related typedefs. Include the other headers explicitly or use boost/atomic.hpp to include all parts of Boost.Atomic.
* The atomic<T>::storage() accessor and associated atomic<T>::storage_type type are deprecated. Instead, users are advised to use atomic<T>::value() and atomic<T>::value_type, respectively. Users can define BOOST_ATOMIC_SILENCE_STORAGE_DEPRECATION to disable deprecation warnings for the time of transition. The deprecated pieces will be removed in a future release.
* Removed support for BOOST_ATOMIC_DETAIL_HIGHLIGHT_OP_AND_TEST. This macro was used as a helper for transition to the updated returned values of *_and_test operations in Boost.Atomic 1.67, which was released 2 years before 1.73.
Beast:
* This is a maintenance update.
* Nested mutable_data_type in Beast dynamic buffers is deprecated.
* We'd love to know how you or your company use Beast, consider adding an entry to the Companies and Individuals Using Beast list.
* See the full Release Notes for a complete list of changes.
Context:
* IBM Z: Fix fcontext routines
* mips64/n64: .align 3
* Use OSPLAT MIPS32/MIPS64 to set different ABI
* Fix non-PIC in RISC-V assembly
Conversion:
* Added boost::polymorphic_downcast for references (thanks to Julien Delacroix for the patch).
* Significant docs update.
date_time:
* Support constexpr in c++14 and above
* Make date_time all inline. Users no longer need to link the library for any functions. Library remains for build compatibility.
* Deprecate support for legacy io and USE_DATE_TIME_PRE_1_33_FACET_IO macro
* Misc documentation updates and bugfixes.
DLL:
* Fixes and tests for demangling in boost::dll::smart_library
* Make UB sanitizers happy with boost::dll::load_mode::type
* Ceased dependence on MPL improving compile times
* Clang and ICC on Windows fixes and CI support for those platforms
* Maintenance work, including CI hardening and tests improving.
Dynamic Bitset:
* Fixed a portability issue in the definition of the maximum block limit.
Flyweight:
* Maintenance work.
Geometry:
* Improvements
  - Missing input combinations in intersection() and introduction of tupled-output.
  - Added d3::point_xyz geometry model (thanks to Digvijay Janartha).
* Solved issues
  - Incorrect definition of EPSG:3785.
* Bugfixes
  - R-tree exception-safety improvement.
  - Andoyer inverse formula fixed for close points.
  - Fixed dangling reference in distance algorithm.
* Deprecation
  - Support for C++03 has been deprecated and Geometry will require C++14 from Boost 1.75 onwards.
GIL:
* Added move constructor and move assignment operator to image class
* New member function size() in any_image_view class
* Replace Boost.Test with Boost.LightweightTest as the only test framework used in GIL. This also restructured the test/extension/io/ sub-tree and targets in related Jamfile-s.
* Removed remaining uses of Boost.MPL
* Renamed all macros using BOOST_GIL_ prefix
* Renamed all CMake configuration options using BOOST_GIL_ prefix
* Removed extension/dynamic_image/reduce.hpp as unused and possibly unfinished. An implementation attempt of techniques described in the paper Efficient Run-Time Dispatching in Generic Programming with Minimal Code Bloat by Lubomir Bourdev, Jaakko Jarvi.
* Removed direct dependency on Boost.MPL, Boost.System and Boost.Test.
* Started removing public macros for compile-time configuration of I/O extension tests, i.e. BOOST_GIL_IO_TEST_ALLOW_READING_IMAGES and BOOST_GIL_IO_TEST_ALLOW_WRITING_IMAGES. Instead, if a test target is built, it builds all its test cases unconditionally.
* Avoid longjmp interaction during destruction of I/O extension objects.
* Fixed missing alignment default value in constructor of image class.
* Fixed segmentation fault when reading corrupted PNG file.
* Fixed illegal initialization of return values in the old IOv1 interface of I/O extension.
Histogram:
* Added crop command to reduce algorithm
* slice command in reduce now works on category axis
* Added count accumulator, can be used to add arbitrary metadata to each cell
* sum algorithm gained a new argument to optionally sum only over inner bins
* Several fixes for bugs in corner cases
* Enhanced documentation
icl:
* Remove references to date_time compiled library.
* Fix forward decl lower and upper less equal.
* Misc bugfixes.
IO:
* Made all the IOS state saver classes non-copyable. (Glen Fernandes)
* Correctly handle error upon first read from the input stream when reading a quoted string. (Glen Fernandes)
* Implemented ostream_joiner for delimiter based joining. (Glen Fernandes)
* Relocated ostream_string from the Utility library to the IO library as ostream_put.
* Correctly handle stream width and fill in quoted output. (Glen Fernandes)
* Optimize quoted output to write directly to the stream buffer. (Glen Fernandes)
* Glen Fernandes became the maintainer of the IO library.
LexicalCast:
* Maintenance work, including CI hardening and better workarounds for broken standard libraries
Log:
* Default sink used in trivial logging, when no sinks are registered in the logging core, now automatically flushes output after each log record
* core::flush now performs a flush on the default sink used for trivial logging, when no sinks are registered.
* Added a workaround for some syslog API implementations (e.g. glibc), which do not save the application identification string in openlog call. Such implementations could access already freed memory on each syslog call, resulting in undefined behavior.
* Fixed that log file rotation on a specific day of month (e.g. rotation_at_time_point(boost::gregorian::greg_day(1))) could be silently ignored and not happen.
* Fixed that text_file_backend::rotate_file could throw if there were no log records written yet and target file name pattern was set.
* Ported various components of the library to std::allocator_traits to improve compatibility with C++20 allocators.
* Fixed compilation errors when building in MSYS2 Cygwin environment.
Math:
IMPORTANT: C++03 support is now deprecated and will be removed from March 2021.
* Added Cubic Hermite Interpolation.
* Added Modified Akima Interpolation.
* Added PCHIP Interpolation.
* Added Quintic Hermite Interpolation.
* Added entropy to numerous distributions.
* Allow trivial quadrature case where the two end points are equal, and in addition allow bounds to be interchanged.
* Fix exp_sinh quadrature to work with complex types over a non-native range.
* Fix miscellaneous compiler warnings in factorial.hpp.
* Use std::chrono rather than boost::chrono in timed pFq calculations.
* Remove much of the old boost::mpl dependencies to improve constexpr support.
Mp11:
* Added mp_unique_if (contributed by Kris Jusiak)
* Added mp_flatten
* Added mp_rotate_left, mp_rotate_right (contributed by Duncan Barber)
* Added mp_compose
* Added mp_power_set
* Added mp_partial_sum
* Added mp_iterate
Multi-index Containers:
* multi_index_container is now AllocatorAware.
* Swapping of internal KeyFromValue, Compare, Hash and Pred objects now selects the appropriate swap function between std::swap and ADL candidates, in accordance with standard specifications in [swappable.requirements]
* Provided some internal copy constructors and assignment operators whose default implicit definition is deprecated in C++11 onwards ([depr.impldec]), which was warned about on some compilers.
Multiprecision:
* IMPORTANT: Mark C++03 support as deprecated and due for removal in 2021.
* Big update to cpp_int adds faster Karatsuba and Coomba multiplication routines.
* Fix conversion of gmp_rational to long double and __float128
* Fix up libtommath support to function with the latest libtom releases.
* Fix up some incompatibilities with the latest Intel C++ compiler.
* Fix up constexpr arithmetic support for latest MSVC release.
Outcome:
* Performance of Outcome-based code compiled by clang has been greatly improved. The previous implementation of Outcome's status bitfield confused clang's optimiser, which caused low quality codegen. Unlike most codegen issues, this was noticeably in empirical benchmarks of real world code, as was shown by P1886 Error speed benchmarking.
* The safe part of the better_optimisation Outcome v2.2.0 future branch was merged to Outcome v2.1.3 which includes a new status bitfield implementation. This appears to not confuse clang's optimiser, and clang 9 produces code which routinely beats GCC 9's code for various canned use cases.
* Installability is now CI tested per commit. Due to installability of standalone Outcome (e.g. make install) breaking itself rather more frequently than is ideal, installability is now tested on CI per commit.
* Newer Concepts implementing compilers were unhappy with the early check for destructibility of T and E, so removed template constraints, falling back to static assert which runs later in the type instantiation sequence.
* A false positive undefined behaviour sanitiser failure in some use cases of Experimental Outcome was worked around to avoid the failure message.
PolyCollection:
* Suppressed a potential redundant move warning in boost::poly_collection::for_each.
* Fixed a bug by which elements were copied rather than moved in allocator-extended move construction and move assigment between collections with non-propagating, unequal allocators.
* Allocator-extended move construction no longer decays to allocator-extended copy construction for the legacy version of libstdc++-v3 shipped with GCC 4.8 (which can also be used by Clang).
Stacktrace:
* Added documentation on distribution of PDBs
* Fixed msvc-9 build
* Maintenance work, including test fixes fixing typos CI improvements and hardening, inspect tool fixes.
Test:
* Boost.test v3.13 see the Changes log for more details.
* New feature: It is now possible to combine tolerance indication, user message and collection comparison modifier in a single BOOST_TEST expression. See change logs for more details.
ThrowException:
* Added an overload of throw_exception that takes a boost::source_location object.
* NOTE: Projects using BOOST_THROW_EXCEPTION with exceptions disabled will need to add a definition of this new overload.
TTI:
* Added introspection of function templates for more recent C++ compilers versions from gcc and vc++. as well as all versions of clang. Older versions of vc++ before 14.0 and gcc prior to 4.8 may fail.
* Added specific introspection for elements of struct/class, enum, and union types, which can be used for more fine-grained introspection than the general 'type' introspection.
TypeIndex:
* Maintenance work, including CI integration with inspect tool.
Utility:
* The ostream_string facility has moved from the Utility library to the IO library as ostream_put.
Variant:
* Removed unused includes
* Fixed zero-as-null-pointer-constat warnings
* Maintenance work, including typo fixes.
Variant2:
* Added support for std::hash, boost::hash.
* variant<T...> is now trivial when all types in T... are trivial. This improves performance by enabling it to be passed to, and returned from, functions in registers.
WinAPI:
* Headers in boost/detail/winapi are deprecated and will be removed in a future release.
* Boost.WinAPI headers no longer include winerror.h. Include boost/winapi/error_codes.hpp to get Windows error codes.

(adam)

Updated devel/py-astroid, devel/py-pylint

(adam)

py-pylint: updated to 2.5.2

What's New in Pylint 2.5.2?
* ``pylint.Run`` accepts ``do_exit`` as a deprecated parameter

What's New in Pylint 2.5.1?
* Fix a crash in `method-hidden` lookup for unknown base classes
* Revert pylint.Run's `exit` parameter to ``do_exit``
  This has been inadvertently changed several releases ago to ``do_exit``.
* ``no-value-for-parameter`` variadic detection has improved for assign statements
* Allow package files to be properly discovered with multiple jobs
* Allow linting directories without `__init__.py` which was a regression in 2.5.

What's New in Pylint 2.5.0?
* Fix a false negative for ``undefined-variable`` when using class attribute in comprehension.
* Fix a false positive for ``undefined-variable`` when using class attribute in decorator or as type hint.
* Remove HTML quoting of messages in JSON output.
* Adjust the `invalid-name` rule to work with non-ASCII identifiers and add the `non-ascii-name` rule.
* Positional-only arguments are taken in account for ``useless-super-delegation``
* ``unidiomatic-typecheck`` is no longer emitted for ``in`` and ``not in`` operators
* Positional-only argument annotations are taken in account for ``unused-import``
* Add a command to list available extensions.
* Allow used variables to be properly consumed when different checks are enabled / disabled
* Fix dangerous-default-value rule to account for keyword argument defaults
* Fix a false positive of ``self-assigning-variable`` on tuple unpacking.
* ``no-self-use`` is no longer emitted for typing stubs.
* Fix a false positive for ``undefined-variable`` when ``__class__`` is used
* Emit ``invalid-name`` for variables defined in loops at module level.
* Add a check for cases where the second argument to `isinstance` is not a type.
* Add 'notes-rgx' option, to be used for fixme check.
* ``function-redefined`` exempts function redefined on a condition.
* ``typing.overload`` functions are exempted from docstring checks
* Emit ``invalid-overridden-method`` for improper async def overrides.
* Do not allow ``python -m pylint ...`` to import user code
  ``python -m pylint ...`` adds the current working directory as the first element
  of ``sys.path``. This opens up a potential security hole where ``pylint`` will import
  user level code as long as that code resides in modules having the same name as stdlib
  or pylint's own modules.
* Add `dummy-variables-rgx` option for `_redeclared-assigned-name` check.
* Fixed graph creation for relative paths
* Add a check for asserts on string literals.
* `not in` is considered iterating context for some of the Python 3 porting checkers.
* A new check `inconsistent-quotes` was added.
* Add a check for non string assignment to __name__ attribute.
* `__pow__`, `__imatmul__`, `__trunc__`, `__floor__`, and `__ceil__` are recognized as special method names.
* Added errors for protocol functions when invalid return types are detected.
  E0304 (invalid-bool-returned): __bool__ did not return a bool
  E0305 (invalid-index-returned): __index__ did not return an integer
  E0306 (invalid-repr-returned): __repr__ did not return a string
  E0307 (invalid-str-returned): __str__ did not return a string
  E0308 (invalid-bytes-returned): __bytes__ did not return a string
  E0309 (invalid-hash-returned): __hash__ did not return an integer
  E0310 (invalid-length-hint-returned): __length_hint__ did not return a non-negative integer
  E0311 (invalid-format-returned): __format__ did not return a string
  E0312 (invalid-getnewargs-returned): __getnewargs__ did not return a tuple
  E0313 (invalid-getnewargs-ex-returned): __getnewargs_ex__ did not return a tuple of the form (tuple, dict)
* ``missing-*-docstring`` can look for ``__doc__`` assignments.
* ``undefined-variable`` can now find undefined loop iterables
* ``safe_infer`` can infer a value as long as all the paths share the same type.
* Add a --fail-under <score> flag, also configurable in a .pylintrc file. If the final score is more than the specified score, it's considered a success and pylint exits with exitcode 0. Otherwise, it's considered a failure and pylint exits with its current exitcode based on the messages issued.
* Don't emit ``line-too-long`` for multilines when `disable=line-too-long` comment stands at their end
* Fixed an ``AttributeError`` caused by improper handling of ``dataclasses`` inference in ``pyreverse``
* Do not exempt bare except from ``undefined-variable`` and similar checks
  If a node was wrapped in a ``TryExcept``, ``pylint`` was taking a hint
  from the except handler when deciding to emit or not a message.
  We were treating bare except as a fully fledged ignore but only
  the corresponding exceptions should be handled that way (e.g. ``NameError`` or ``ImportError``)
* No longer emit ``assignment-from-no-return`` when a function only raises an exception
* Allow import aliases to exempt ``import-error`` when used in type annotations.
* ``Ellipsis` is exempted from ``multiple-statements`` for function overloads.
* No longer emit ``invalid-name`` for non-constants found at module level.
  Pylint was taking the following statement from PEP-8 too far, considering
  all module level variables as constants, which is not what the statement is saying:
  `Constants are usually defined on a module level and written in
  all capital letters with underscores separating words.`
* Allow ``implicit-str-concat-in-sequence`` to be emitted for string juxtaposition
* ``implicit-str-concat-in-sequence`` was renamed ``implicit-str-concat``
* The ``json`` reporter no longer bypasses ``redirect_stdout``.
* Move ``NoFileError``, ``OutputLine``, ``FunctionalTestReporter``,
  ``FunctionalTestFile``, ``LintModuleTest`` and related methods from
  ``test_functional.py`` to ``pylint.testutils`` to help testing for 3rd
  party pylint plugins.
* Can read config from a setup.cfg or pyproject.toml file.
* Fix exception-escape false positive with generators
* ``inspect.getargvalues`` is no longer marked as deprecated.
* A new check ``f-string-without-interpolation`` was added
* Flag mutable ``collections.*`` utilities as dangerous defaults
* ``docparams`` extension supports multiple types in raises sections.
  Multiple types can also be separated by commas in all valid sections.
* Allow parallel linting when run under Prospector
* Fixed false positives of ``method-hidden`` when a subclass defines the method that is being hidden.
* Python 3 porting mode is 30-50% faster on most codebases
* Python 3 porting mode no longer swallows syntax errors
* Pass the actual PyLinter object to sub processes to allow using custom
  PyLinter classes.
  PyLinter object (and all its members except reporter) needs to support
  pickling so the PyLinter object can be passed to worker processes.
* Clean up setup.py
  Make pytest-runner a requirement only if running tests, similar to McCabe.
  Clean up the setup.py file, resolving a number of warnings around it.
* Handle SyntaxError in files passed via ``--from-stdin`` option
  Pylint no longer outputs a traceback, if a file, read from stdin,
  contains a syntaxerror.
* Fix uppercase style to disallow 3+ uppercase followed by lowercase.
* Fixed ``undefined-variable`` and ``unused-import`` false positives
  when using a metaclass via an attribute.
* Emit ``unused-argument`` for functions that partially uses their argument list before raising an exception.
* Fixed ``broad_try_clause`` extension to check try/finally statements and to
  check for nested statements (e.g., inside of an ``if`` statement).
* Recognize classes explicitly inheriting from ``abc.ABC`` or having an
  ``abc.ABCMeta`` metaclass as abstract. This makes them not trigger W0223.
* Fix overzealous `arguments-differ` when overridden function uses variadics
  No message is emitted if the overriding function provides positional or
  keyword variadics in its signature that can feasibly accept and pass on
  all parameters given by the overridden function.
* Multiple types of string formatting are allowed in logging functions.
  The `logging-fstring-interpolation` message has been brought back to allow
  multiple types of string formatting to be used.

(adam)

py-astroid: updated to 2.4.1

What's New in astroid 2.4.1?
* Handle the case where the raw builder fails to retrieve the ``__all__`` attribute
* Restructure the AST parsing heuristic to always pick the same module
* Changed setup.py to work with [distlib](https://pypi.org/project/distlib)
* Do not crash with SyntaxError when parsing namedtuples with invalid label
* Protect against ``infer_call_result`` failing with `InferenceError` in `Super.getattr()`

What's New in astroid 2.4.0?
* Expose a ast_from_string method in AstroidManager, which will accept
  source code as a string and return the corresponding astroid object
* ``BoundMethod.implicit_parameters`` returns a proper value for ``__new__``
* Allow slots added dynamically to a class to still be inferred
* Allow `FunctionDef.getattr` to look into both instance attrs and special attributes
* Infer qualified ``classmethod`` as a classmethod.
* Prevent a recursion error to happen when inferring the declared metaclass of a class
* Raise ``AttributeInferenceError`` when ``getattr()`` receives an empty name
* Prevent a recursion error for self reference variables and `type()` calls.
* Do not infer the first argument of a staticmethod in a metaclass as the class itself
* ``NodeNG.bool_value()`` gained an optional ``context`` parameter
  We need to pass an inference context downstream when inferring the boolean
  value of a node in order to prevent recursion errors and double inference.
  This fix prevents a recursion error with dask library.
* Pass a context argument to ``astroid.Arguments`` to prevent recursion errors
* Better inference of class and static methods decorated with custom methods
* Reverse the order of decorators for `infer_subscript`
  `path_wrapper` needs to come first, followed by `raise_if_nothing_inferred`,
  otherwise we won't handle `StopIteration` correctly.
* Prevent a recursion error when inferring self-referential variables without definition
* Numpy `datetime64.astype` return value is inferred as a `ndarray`.
* Skip non ``Assign`` and ``AnnAssign`` nodes from enum reinterpretation
* Numpy ``ndarray`` attributes ``imag`` and ``real`` are now inferred as ``ndarray``.
* Added a call to ``register_transform`` for all functions of the ``brain_numpy_core_multiarray``
  module in case the current node is an instance of ``astroid.Name``
* Use the parent of the node when inferring aug assign nodes instead of the statement
* Added some functions to the ``brain_numpy_core_umath`` module
* Added some functions of the ``numpy.core.multiarray`` module
* All the ``numpy ufunc`` functions derived now from a common class that
  implements the specific ``reduce``, ``accumulate``, ``reduceat``,
        ``outer`` and ``at`` methods.
* ``nodes.Const.itered`` returns a list of ``Const`` nodes, not strings
* The ``shape`` attribute of a ``numpy ndarray`` is now a ``ndarray``
* Don't ignore special methods when inspecting gi classes
* Added transform for ``scipy.gaussian``
* Add suport for inferring properties.
* Added a brain for ``responses``
* Allow inferring positional only arguments.
* Retry parsing a module that has invalid type comments
  It is possible for a module to use comments that might be interpreted
  as type comments by the `ast` library. We do not want to completely crash on those
  invalid type comments.
* Scope the inference to the current bound node when inferring instances of classes
  When inferring instances of classes from arguments, such as ``self``
  in a bound method, we could use as a hint the context's ``boundnode``,
  which indicates the instance from which the inference originated.
  As an example, a subclass that uses a parent's method which returns
  ``self``, will override the ``self`` to point to it instead of pointing
  to the parent class.
* Add support for inferring exception instances in all contexts
  We were able to infer exception instances as ``ExceptionInstance``
  only for a handful of cases, but not all. ``ExceptionInstance`` has
  support for better inference of `.args` and other exception related
  attributes that normal instances do not have.
  This additional support should remove certain false positives related
  to ``.args`` and other exception attributes in ``pylint``.
* Add more supported parameters to ``subprocess.check_output``
* Infer args unpacking of ``self``
  Certain stdlib modules use ``*args`` to encapsulate
  the ``self`` parameter, which results in uninferable
  instances given we rely on the presence of the ``self``
  argument to figure out the instance where we should be
  setting attributes.
* Clean up setup.py
  Make pytest-runner a requirement only if running tests, similar to what was
  done with McCabe.
  Clean up the setup.py file, resolving a handful of minor warnings with it.
* Handle StopIteration error in infer_int.
* Can access per argument type comments for positional only and keyword only arguments.
  The comments are accessed through through the new
  ``Arguments.type_comment_posonlyargs`` and
  ``Arguments.type_comment_kwonlyargs`` attributes respectively.
* Relax upper bound on `wrapt`
* Properly analyze CFFI compiled extensions.

(adam)

Updated comms/srtp, comms/asterisk14

(adam)

asterisk14: updated to 14.7.8

asterisk 14.7.8:

* AST-2018-009: Fix crash processing websocket HTTP Upgrade requests

  The HTTP request processing in res_http_websocket allocates additional
  space on the stack for various headers received during an Upgrade request.
  An attacker could send a specially crafted request that causes this code
  to overflow the stack, resulting in a crash.

  * No longer allocate memory from the stack in a loop to parse the header
  values.  NOTE: There is a slight API change when using the passed in
  strings as is.  We now require the passed in strings to no longer have
  leading or trailing whitespace.  This isn't a problem as the only callers
  have already done this before passing the strings to the affected
  function.

asterisk 14.7.7:

* AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses.

  When endpoint specific ACL rules block a SIP request they respond with a
  403 forbidden.  However, if an endpoint is not identified then a 401
  unauthorized response is sent.  This vulnerability just discloses which
  requests hit a defined endpoint.  The ACL rules cannot be bypassed to gain
  access to the disclosed endpoints.

  * Made endpoint specific ACL rules now respond with a 401 unauthorized
  which is the same as if an endpoint were not identified.  The fix is
  accomplished by replacing the found endpoint with the artificial endpoint
  which always fails authentication.

asterisk 14.7.6:

* AST-2018-003: Crash with an invalid SDP fmtp attribute

  pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
  Because of this Asterisk would crash if given an SDP with an invalid fmtp
  attribute.

  When retrieving the format this patch now makes sure the fmtp attribute is
  available. If not available it now returns an error status.

* AST-2018-002: Crash with an invalid SDP media format description

  pjproject's media format parsing algorithm failed to catch invalid values.
  Because of this Asterisk would crash if given an SDP with a invalid media
  format description.

  When parsing the media format description this patch now properly parses the
  value and returns an error status if it can't successfully parse/convert the
  value.

* AST-2018-005: res_pjsip_transport_management:  Move to core

  Since res_pjsip_transport_management provides several attack
  mitigation features, its functionality moved to res_pjsip and
  this module has been removed.  This way the features will always
  be available if res_pjsip is loaded.

* AST-2018-005: Fix tdata leaks when calling pjsip_endpt_send_response(2)

  pjsip_distributor:
    authenticate() creates a tdata and uses it to send a challenge or
    failure response.  When pjsip_endpt_send_response2() succeeds, it
    automatically decrements the tdata ref count but when it fails, it
    doesn't.  Since we weren't checking for a return status, we weren't
    decrementing the count ourselves on error and were therefore leaking
    tdatas.

  res_pjsip_session:
    session_reinvite_on_rx_request wasn't decrementing the ref count
    if an error happened while sending a 491 response.
    pre_session_setup wasn't decrementing the ref count if
    while sending an error after a pjsip_inv_verify_request failure.

  res_pjsip:
    ast_sip_send_response wasn't decrementing the ref count on error.

* AST-2018-005: Add a check for NULL tdata in ast_sip_failover_request

  It was discovered that there are some corner cases where a pjsip tsx
  might have no last_tx so calling ast_sip_failover_request with
  a NULL last_tx as its tdata would cause a crash.

* AST-2018-004: Restrict the number of Accept headers in a SUBSCRIBE.

  When receiving a SUBSCRIBE request the Accept headers from it are
  stored locally. This operation has a fixed limit of 32 Accept headers
  but this limit was not enforced. As a result it was possible for
  memory outside of the allocated space to get written to resulting
  in a crash.

  This change enforces the limit so only 32 Accept headers are
  processed.

(adam)

srtp: updated to 2.3.0

libsrtp 2.3.0
Major changes in this release are a fuzzer for libsrtp, NSS as optional crypto back end and cmake support for building. For more details and a complete list of changes please see the CHANGES file.

libsrtp 2.2.0
First release in the 2.2 series.

The major change with this release is that the all the code has been reformatted to be consistent and this consistency can be enforced with the include .clang-format file. This resulted in a lot of none functional changes but was considered worth it to simplify maintenance in the future. There are numerous other minor fixes, see the CHANGES file for more details.

libsrtp 2.1.0
First release in the 2.1 series.

libsrtp 2.0.0
Initial libsrtp 2.0 release.

(adam)

par2: update Github repo

(adam)

Updated www/py-aiohttp-socks, multimedia/py-m3u8, sysutils/py-sh, devel/py-dotenv

(adam)

py-dotenv: updated to 0.13.0

0.13.0:
Add support for a Bash-like default value in variable expansion

(adam)

py-sh: updated to 1.13.1

1.13.1:
* regression fix if `_fg=False`

1.13.0:
* minor Travis CI fixes
* bugfix for boolean long options not respecting `_long_prefix`
* fix deprecation warning on Python 3.6 regexes
* `_pass_fds` and `_close_fds` special kwargs for controlling file descriptor inheritance in child.
* more efficiently closing inherited fds
* bugfix where passing invalid dictionary to `_env` will cause a mysterious child 255 exit code.
* bugfix where `_in` using 0 or `sys.stdin` wasn't behaving like a TTY, if it was in fact a TTY.
* bugfix where `help(sh)` raised an exception
* bugfix fixing broken interactive ssh tutorial from docs
* change to automatic tty merging into a single pty if `_tty_in=True` and `_tty_out=True`
* introducing `_unify_ttys`, default False, which allows explicit tty merging into single pty
* contrib command for `ssh` connections requiring passwords
* performance fix for polling output too fast when using `_iter`
* execution contexts can now be used in python shell
* bugfix `ErrorReturnCode` instances can now be pickled
* bugfix passing empty string or `None` for `_in` hanged
* bugfix where passing a filename or file-like object to `_out` wasn't using os.dup2
* regression make `_fg` work with `_cwd` again
* an invalid `_cwd` now raises a `ForkException` not an `OSError`.
* AIX support
* added a `timeout=None` param to `RunningCommand.wait()`

(adam)

py-m3u8: updated to 0.6.0

0.6.0:
Order DATERANGE x-s predictably
EXT-X-GAP support
Added ability for extra parameters to be passed to Key class
Add DATERANGE tag support
Add support for EXT-X-PRELOAD-HINT

(adam)

py-aiohttp-socks: updated to 0.3.9

0.3.9:
Change the default value of the family parameter to AF_UNSPEC

(adam)

Updated net/py-xandikos, math/py-numpy

(adam)

py-numpy: updated to 1.18.4

1.18.4:
BLD: add i686 for 1.18 builds
BUG: random: ``Generator.integers(2**32)`` always returned 0.
BLD: fix path to libgfortran on macOS
REV: Reverts side-effect changes to casting
BLD: put openblas library in local directory on windows
DOC: Change import error "howto" to link to new troubleshooting...

(adam)

py-xandikos: updated to 0.2.0

0.2.0:
* Fix <calendar-data> subelement filtering.
* Skip non-calendar files for calendar-query operations.
* Switch to using aiohttp rather than uWSGI.
* Query component's SUMMARY in ICalendarFile.describe().
* Add /metrics support.
* Drop support for Python 3.4, add support for 3.8.

(adam)

Updated devel/py-test-xdist, devel/py-Pyro, devel/py-pbr

(adam)

py-pbr: updated to 5.4.5

5.4.5:
* Switch to Ussuri jobs

(adam)

py-Pyro: updated to 4.80

4.80:
fix possible race condition when creating instances with instancemode "single"

(adam)

py-test-xdist: updated to 1.32.0

pytest-xdist 1.32.0

Deprecations and Removals
- Drop support for EOL Python 3.4.

Features
- Add `testrun_uid` fixture. This is a shared value that uniquely identifies a test run among all workers.
  This also adds a `PYTEST_XDIST_TESTRUNUID` environment variable that is accessible within a test as well as a command line option `--testrunuid` to manually set the value from outside.

(adam)

Updated devel/py-ipython, misc/py-tqdm

(adam)

py-tqdm: updated to 4.46.0

4.46.0:
bump version, merge branch 'devel'

(adam)

py-ipython: updated to 7.14.0

IPython 7.14
============

IPython  7.14 is a minor release that fix a couple of bugs and prepare
compatibility with new or future versions of some libraries.

Important changes:
------------------
- Fix compatibility with Sphinx 3+
- Remove deprecated matplotlib parameter usage, compatibility with matplotlib
  3.3+

Misc Changes
------------
- set ``.py`` extension when editing current buffer in vi/emacs.
- support for unicode identifiers in ``?``/``??``
- add extra options to the ``Video`` Rich objects
- add pretty-printing to ``SimpleNamespace``

Pending deprecated imports
--------------------------
Many object present in ``IPython.core.display`` are there for internal use only,
and should  already been imported from ``IPython.display`` by users and external
libraries. Trying to import those from ``IPython.core.display`` is still possible
but will trigger a
deprecation warning in later versions of IPython and will become errors in the
future.

This will simplify compatibility with other Python kernels (like Xeus-Python),
and simplify code base.

(adam)

redis: add TEST_DEPENDS

(adam)

Updated databases/redis, multimedia/mkvtoolnix

(adam)

mkvtoolnix: updated to 46.0.0

Version 46.0.0 "No Deeper Escape"

New features and enhancements

* mkvmerge: when splitting, the placeholder `%c` can be used in the
  destination file name. It'll be replaced by the name of the first chapter in
  the file.
* mkvmerge: when reading MPLS playlists mkvmerge will include a tag named
  `SOURCE_ID` in the track's statistics tags that conveys the fact that the
  source was a Blu-ray and what the track's ID was in the source
  container. When reading Matroska file existing `SOURCE_ID` tags will be
  kept. The format used is the same format MakeMKV uses.
* mkvmerge: for audio-only files mkvmerge will now write a cue entry every
  500ms instead of every 2s.
* MKVToolNix GUI: job actions: split up the option "execute when the job
  finishes successfully or with warnings" into two separate options: "…when
  finishes successfully" and "…when exits with warnings".

Bug fixes

* mkvmerge: Matroska reader: when regenerating UIDs for chapters mkvmerge will
  now fix referencing tag chapter UID targets to have the same values.
* mkvmerge: MP4 reader: fixed a crash that could potentially happen while
  trying to identify H.265/HEVC tracks.
* mkvmerge: MP4 reader: when reading H.265/HEVC tracks without a frame offset
  table (`ctts` atom) present, mkvmerge did not parse the `hevcC` structure
  correctly in certain cases, causing no video frames to be output at all or
  the output not being playable.
* mkvmerge: MPLS handling/MPEG TS reader: timestamp restrictions as given in
  an MPLS file were only honored for the first play item, not for subsequent
  play items. For those play items the whole referenced file was always
  copied.
* mkvmerge: MPLS handling/MPEG TS reader: under certain circumstances mkvmerge
  copied one frame too many before switching to the next play item.
* mkvmerge: for audio-only files cues will only be created for I frames
  (important for e.g. TrueHD where decoding can only start on a sync
  frame).
* MKVToolNix GUI: fixed a crash that happened when closing the preferences
  after having closed at least one multiplexer tab.
* MKVToolNix GUI: macOS: changed the default of the "elide tab header labels"
  feature introduced in v45 from "no" to "yes" to mirror how versions before
  v45 behaved on macOS.

(adam)

redis: updated to 6.0.1

Redis 6.0.1
===========

Upgrade urgency HIGH: This release fixes a crash when builiding against
                      Libc malloc.

Here we revert 8110ba888, an optimization that causes a crash due to a
bug in the code. It does not happen with the default allocator because of
differences between Jemalloc and libc malloc, so this escaped all our
testing but was reported by a user. We'll add back the original optimization
that was reverted here later, after checking what happens: it is not a
critical optimization.

Redis 6.0.0 GA
==============

Upgrade urgency CRITICAL: many bugs fixed compared to the last release
                          candidate. Better to upgrade if you see things
                          affecting your environment in the changelog.

Hi all, finally we have Redis 6.0.0 GA! Enjoy this new Redis release.
Most of the documentation was updated today so that you can likely
find what you are looking for about the new features at redis.io.
This is the list of what changed compared to the previoius release candidate:

* XCLAIM AOF/replicas propagation fixed.
* Client side caching: new NOLOOP option to avoid getting notified about
  changes performed by ourselves.
* ACL GENPASS now uses HMAC-SHA256 and have an optional "bits" argument.
  It means you can use it as a general purpose "secure random strings"
  primitive!
* Cluster "SLOTS" subcommand memory optimization.
* The LCS command is now a subcommand of STRALGO.
* Meaningful offset for replicas as well. More successful partial
  resynchronizations.
* Optimize memory usage of deferred replies.
* Faster CRC64 algorithm for faster RDB loading.
* XINFO STREAM FULL, a new subcommand to get the whole stream state.
* CLIENT KILL USER <username>.
* MIGRATE AUTH2 option, for ACL style authentication support.
* Other random bugfixes.

(adam)

Updated devel/py-flake8, archivers/xz

(adam)

xz: updated to 5.2.5

5.2.5:
* liblzma:

    - Fixed several C99/C11 conformance bugs. Now the code is clean
      under gcc/clang -fsanitize=undefined. Some of these changes
      might have a negative effect on performance with old GCC
      versions or compilers other than GCC and Clang. The configure
      option --enable-unsafe-type-punning can be used to (mostly)
      restore the old behavior but it shouldn't normally be used.

    - Improved API documentation of lzma_properties_decode().

    - Added a very minor encoder speed optimization.

* xz:

    - Fixed a crash in "xz -dcfv not_an_xz_file". All four options
      were required to trigger it. The crash occurred in the
      progress indicator code when xz was in passthru mode where
      xz works like "cat".

    - Fixed an integer overflow with 32-bit off_t. It could happen
      when decompressing a file that has a long run of zero bytes
      which xz would try to write as a sparse file. Since the build
      system enables large file support by default, off_t is
      normally 64-bit even on 32-bit systems.

    - Fixes for --flush-timeout:
        * Fix semi-busy-waiting.
        * Avoid unneeded flushes when no new input has arrived
          since the previous flush was completed.

    - Added a special case for 32-bit xz: If --memlimit-compress is
      used to specify a limit that exceeds 4020 MiB, the limit will
      be set to 4020 MiB. The values "0" and "max" aren't affected
      by this and neither is decompression. This hack can be
      helpful when a 32-bit xz has access to 4 GiB address space
      but the specified memlimit exceeds 4 GiB. This can happen
      e.g. with some scripts.

    - Capsicum sandbox is now enabled by default where available
      (FreeBSD >= 10). The sandbox debug messages (xz -vv) were
      removed since they seemed to be more annoying than useful.

    - DOS build now requires DJGPP 2.05 instead of 2.04beta.
      A workaround for a locale problem with DJGPP 2.05 was added.

* xzgrep and other scripts:

    - Added a configure option --enable-path-for-scripts=PREFIX.
      It is disabled by default except on Solaris where the default
      is /usr/xpg4/bin. See INSTALL for details.

    - Added a workaround for a POSIX shell detection problem on
      Solaris.

* Build systems:

    - Added preliminary build instructions for z/OS. See INSTALL
      section 1.2.9.

    - Experimental CMake support was added. It should work to build
      static liblzma on a few operating systems. It may or may not
      work to build shared liblzma. On some platforms it can build
      xz and xzdec too but those are only for testing. See the
      comment in the beginning of CMakeLists.txt for details.

    - Visual Studio project files were updated.
      WindowsTargetPlatformVersion was removed from VS2017 files
      and set to "10.0" in the added VS2019 files. In the future
      the VS project files will be removed when CMake support is
      good enough.

    - New #defines in config.h: HAVE___BUILTIN_ASSUME_ALIGNED,
      HAVE___BUILTIN_BSWAPXX, and TUKLIB_USE_UNSAFE_TYPE_PUNNING.

    - autogen.sh has a new optional dependency on po4a and a new
      option --no-po4a to skip that step. This matters only if one
      wants to remake the build files. po4a is used to update the
      translated man pages but as long as the man pages haven't
      been modified, there's nothing to update and one can use
      --no-po4a to avoid the dependency on po4a.

* Translations:

    - XZ Utils translations are now handled by the Translation
      Project: https://translationproject.org/domain/xz.html

    - All man pages are now included in German too.

    - New xz translations: Brazilian Portuguese, Finnish,
      Hungarian, Chinese (simplified), Chinese (traditional),
      and Danish (partial translation)

    - Updated xz translations: French, German, Italian, and Polish

    - Unfortunately a few new xz translations weren't included due
      to technical problems like too long lines in --help output or
      misaligned column headings in tables. In the future, many of
      these strings will be split and e.g. the table column
      alignment will be handled in software. This should make the
      strings easier to translate.

(adam)

py-flake8: allow newer pyflakes

(adam)

Updated mail/py-email_validator, devel/py-pyelftools

(adam)

py-pyelftools: updated to 0.26

Version 0.26:
- Call relocation for ARM v3
- More complete architecture coverage for ENUM_E_MACHINE
- Support for .debug_pubtypes and .debug_pubnames sections
- Support for DWARF v4 location lists
- Decode strings in dynamic string tables
- Improve symbol table handling in dynamic segments
- Improved handling of location information
- Avoid deprecation warnings in Python 3.7+
- Add DWARF v5 OPs
- Handle many new translation forms and constants
- Lazy DIE parsing to speed up partial parsing of DWARF info

Version 0.25:
- Make parsing of SH_TYPE and PT_TYPE fields dependent on the machine
  (e_machine header field), making it possible to support conflicting type
  enums between different machines
- Add parsing and readelf dumping for .eh_frame
- Support compressed sections
- Better support for parsing core dumps
- More comprehensive handling of ARM relocations
- Convert all ascii encoding to utf-8 encoding
- Don't attempt to hex/string dump SHT_NOBITS sections in readelf
- Test with Python 3.6
- Minor bugfixes
- Cleanup: Use argparse instead of optparse
- Make readelf comparison tests run in parallel using multiprocessing; cuts
  testing time 3-5x
- Improvements in MIPS flags handling

(adam)

py-email_validator: updated to 1.1.0

1.1.0:
Unknown changes

(adam)

py-pybind11: more flexible buildlink3.mk

(adam)

Updated emulators/qemu

(adam)

qemu: updated to 5.0.0

5.0.0:
Incompatible changes
The bluetooth code has been removed without replacement. It was quite neglected over the years and likely not usable anymore. You can passthrough a dedicated USB bluetooth dongle to guests on most machines instead if you still need bluetooth in your guest.
The pc-0.12, pc-0.13, pc-0.14, pc-0.15 machines have been removed. Newer versions of the machine type should be used instead.
The "prep" ppc machine has been removed. The "40p" machine should be used now instead.
The "-virtfs_synth" option has been removed. You can use "-fsdev synth" together with "-device virtio-9p-..." instead.
The "-accel" and "-machine accel=" options are now incompatible with each other.
The deprecated "[hub_id name]" parameter tuple of 'hostfwd_add' / 'hostfwd_remove' has been removed. Use a "netdev_id" instead.

New deprecated options and features
The "-tb-size N" option has been deprecated. It is replaced by "-accel tcg,tb-size=N".
The virtio-blk SCSI passthrough feature (" -device virtio-blk,scsi=on") is deprecated. Use virtio-scsi instead.
The "r4k" mips machine has been deprecated. The "malta" machine should be used nowadays instead.
Support for using an AArch32 host system to run KVM guests has been deprecated (because the Linux kernel has dropped its support for this) and will be removed in a future version of QEMU. AArch32 guests on an AArch64 host are still supported.

Arm
Support for using an AArch32 host system to run KVM guests is now deprecated (because the Linux kernel has dropped its support for this) and will be removed in a future version of QEMU. AArch32 guests on an AArch64 host are still supported.
Emulation of the following architecture features is now implemented:
- ARMv8.1-VHE
- ARMv8.1-VMID16
- ARMv8.1-PAN
- ARMv8.1-PMU
- ARMv8.2-UAO
- ARMv8.2-DCPoP
- ARMv8.2-ATS1E1
- ARMv8.2-TTCNP
- ARMv8.3-RCPC
- ARMv8.3-CCIDX
- ARMv8.4-PMU
- ARMv8.4-RCPC
The Cortex-M7 CPU is now supported
New board: tacoma-bmc
New board: Netduino Plus 2
New board: Orangepi PC (orangepi-pc)
QEMU now correctly implements trapping of more EL1 system register accesses to EL2 (eg HCR_EL2 TID1, TID2 bits, HSTR_EL2)
The no-op system registers required for a "trivial Jazelle" implementation have been added
The DC CVAP and DC CVADP instructions are now supported
Support for blocking semiconsole SYS_READC
the i.MX RNGC device is now supported
the watchdog device is now implemented on the i.MX6 boards
The Cortex-R5 and -R5f CPUs now provide a PMU
The Exynos4210 SoC model now correctly handles DMA to/from the UARTs
The Aspeed AST2600 SoC model now includes the eMMC controller
Under KVM, we now by default stop and restart the guest generic timer counter when the VM is stopped and started so the guest OS doesn't see surprising time jumps. (This can be disabled with the kvm-no-adjvtime property.)
The Aspeed AST2400, AST2500, AST2600 SoCs now support the EHCI controller
The z2 and mainstone boards now permit booting with just a kernel image and no flash image file
The Allwinner SoC model now wires up the USB ports
The integratorcp board now wires up the audio codec controller
The versal board now implements the ADMA DMA controllers
TPM is now supported
The iMX25 now wires up the eSDHC controllers and the USB controllers
The iMX6 machines wire up the USB controllers
the gdbstub now supports SVE registers
virtio-iommu is now supported with machvirt (DT boot only)

HPPA
Artist graphics emulation added.
PS2 keyboard and mouse added to LASI chip.
Accept LDCW to addresses not aligned mod 16.

MIPS
Support for R4000 machine is announced to be deprecated, and will be removed from code base in QEMU 5.2.
Amended support for MemoryMapID CP0 register.
Amended support for WatchHi CP0 register.
Added support for GINVT instruction.

OpenRISC
Fixed a bug that prevented the DZF bit of the FPCSR being set.

PowerPC
pseries machine type
- No longer require a reconfiguration reboot for a guest selecting XIVE interrupt controller when ic-mode=dual
- Now consumes less host resources when running a KVM guest with XIVE (with a recent enough host kernel). This allows running more concurrent guests with KVM accelerated XIVE.
- New 'kernel-addr' property to control the load address for -kernel
- NVDIMMs with file backend now supported
- If a guest panics with the ibm,os-term RTAS call, the error message it supplies is now reported
- Added firmware assisted NMI (FWNMI) support
- SLOF updated to work with iommu_platform=on for virtio devices
- Better handling of devices hotplugged early in boot (before the ibm,client-architecture-support call)
powernv machine type
- Numerous improvements to the model
- Can now run KVM guests under a TCG emulated powernv machine
- Basic POWER10 support
Removed num-chips machine property, use -smp sockets=NN instead
Deprecated the compat= property on CPUs (it's been obsolete for a while with a pseries specific machine property)
Fixed a longstanding bug if using big-endian ABIv2 binaries with linux-user
Implemented new forms of the slbia instruction present in POWER9

RISC-V
The virt and sifive_u boards now have syscon device tree nodes, which allows the generic syscon drivers in Linux to control power/reboot.
The GDB stub now allows for D on rv32 and non-D on rv64.
The virt board now contains a Goldfish RTC.
Experimental support for version 0.5 of the draft hypervisor extension has been added.

s390
Adpater interrupt suppression is now available when running with KVM (previously disabled due to migration issues); support under tcg has already been available since 2.10
- enable by specifying the cpu feature "ais=on"
QEMU now warns when it fixes up odd memory sizes for compatibility on compat machines
- Only done on compat machines to avoid breaking incoming migrations. If you can, fix up the memory size on old machines or switch to a machine type >= 5.0, which supports 1M increments
- The automatic fixup may be removed in a future version.

(adam)

Updated databases/py-redis, www/py-bleach

(adam)

py-bleach: updated to 3.1.5

Version 3.1.5:
Bug fixes
* replace missing ``setuptools`` dependency with ``packaging``.

(adam)

py-redis: updated to 3.5.0

3.5.0:
* Removed exception trapping from __del__ methods. redis-py objects that
  hold various resources implement __del__ cleanup methods to release
  those resources when the object goes out of scope. This provides a
  fallback for when these objects aren't explicitly closed by user code.
  Prior to this change any errors encountered in closing these resources
  would be hidden from the user.
* Expanded support for connection strings specifying a username connecting
  to pre-v6 servers.
* Optimized Lock's blocking_timeout and sleep. If the lock cannot be
  acquired and the sleep value would cause the loop to sleep beyond
  blocking_timeout, fail immediately.
* Added support for passing Python memoryviews to Redis command args that
  expect strings or bytes. The memoryview instance is sent directly to
  the socket such that there are zero copies made of the underlying data
  during command packing.
* HSET command now can accept multiple pairs. HMSET has been marked as
  deprecated now.
* Don't manually DISCARD when encountering an ExecAbortError.
* Reset the watched state of pipelines after calling exec. This saves
  a roundtrip to the server by not having to call UNWATCH within
  Pipeline.reset().
* Added the KEEPTTL option for the SET command.
* Added the MEMORY STATS command.
* Lock.extend() now has a new option, `replace_ttl`. When False (the
  default), Lock.extend() adds the `additional_time` to the lock's existing
  TTL. When replace_ttl=True, the lock's existing TTL is replaced with
  the value of `additional_time`.
* Add testing and support for PyPy.

(adam)

Updated www/py-uvicorn, lang/nodejs

(adam)

nodejs: updated to 14.1.0

Version 14.1.0

Notable Changes

deps: upgrade openssl sources to 1.1.1g
doc: add juanarbol as collaborator
http: doc deprecate abort and improve docs
module: do not warn when accessing __esModule of unfinished exports
n-api: detect deadlocks in thread-safe function
src: deprecate embedder APIs with replacements
stream:
* don't emit end after close
* don't wait for close on legacy streams
* pipeline should only destroy un-finished streams
vm: add importModuleDynamically option to compileFunction

Version 14.0.0 (Current)

Notable Changes

ECMAScript Modules - Experimental Warning Removal
New V8 ArrayBuffer API
cli, report: move --report-on-fatalerror to stable
deps: upgrade to libuv 1.37.0
fs: add fs/promises alias module

(adam)

py-uvicorn: updated to 0.11.5

0.11.5
Revert "Watch all files, not just .py" due to unexpected side effects.
Revert "Pass through gunicorn timeout config." due to unexpected side effects.

(adam)

Updated finance/py-stripe, net/py-botocore, net/py-boto3, net/py-awscli

(adam)

py-awscli: updated to 1.18.49

1.18.49
api-change:transcribe: Update transcribe command to latest version
api-change:servicediscovery: Update servicediscovery command to latest version
api-change:waf-regional: Update waf-regional command to latest version
api-change:iotsitewise: Update iotsitewise command to latest version
api-change:waf: Update waf command to latest version

1.18.48
api-change:ecr: Update ecr command to latest version
api-change:route53: Update route53 command to latest version
api-change:ssm: Update ssm command to latest version
api-change:medialive: Update medialive command to latest version
api-change:kinesisvideo: Update kinesisvideo command to latest version
api-change:kinesis-video-archived-media: Update kinesis-video-archived-media command to latest version

1.18.47
api-change:accessanalyzer: Update accessanalyzer command to latest version
bugfix:cloudformation: Fixed an issue with cloudformation package where virtual style S3 URLs were incorrectly validated for a stack resource's template URL.
api-change:sagemaker: Update sagemaker command to latest version
api-change:dataexchange: Update dataexchange command to latest version
api-change:dms: Update dms command to latest version

1.18.46
api-change:dlm: Update dlm command to latest version
api-change:iot: Update iot command to latest version
api-change:elastic-inference: Update elastic-inference command to latest version

1.18.45
api-change:pinpoint: Update pinpoint command to latest version
api-change:rds: Update rds command to latest version
api-change:ram: Update ram command to latest version
api-change:application-autoscaling: Update application-autoscaling command to latest version
api-change:mediapackage-vod: Update mediapackage-vod command to latest version
api-change:firehose: Update firehose command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:transfer: Update transfer command to latest version

1.18.44
api-change:fms: Update fms command to latest version
api-change:es: Update es command to latest version
api-change:redshift: Update redshift command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version

1.18.43
api-change:guardduty: Update guardduty command to latest version
api-change:emr: Update emr command to latest version
api-change:route53domains: Update route53domains command to latest version
api-change:ce: Update ce command to latest version

1.18.42
api-change:ce: Update ce command to latest version
api-change:apigatewayv2: Update apigatewayv2 command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:glue: Update glue command to latest version
api-change:synthetics: Update synthetics command to latest version

1.18.41
api-change:frauddetector: Update frauddetector command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version

1.18.40
api-change:snowball: Update snowball command to latest version
api-change:sagemaker-a2i-runtime: Update sagemaker-a2i-runtime command to latest version
api-change:rds: Update rds command to latest version
api-change:mgh: Update mgh command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
api-change:lambda: Update lambda command to latest version
api-change:imagebuilder: Update imagebuilder command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:glue: Update glue command to latest version
api-change:mediatailor: Update mediatailor command to latest version
api-change:securityhub: Update securityhub command to latest version

1.18.39
api-change:cloudformation: Update cloudformation command to latest version
api-change:mediaconvert: Update mediaconvert command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:chime: Update chime command to latest version
api-change:codeguruprofiler: Update codeguruprofiler command to latest version
api-change:ecs: Update ecs command to latest version
api-change:migrationhub-config: Update migrationhub-config command to latest version

1.18.38
api-change:apigateway: Update apigateway command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version
api-change:codeguru-reviewer: Update codeguru-reviewer command to latest version

1.18.37
api-change:transcribe: Update transcribe command to latest version
api-change:iam: Update iam command to latest version
api-change:chime: Update chime command to latest version
api-change:elasticbeanstalk: Update elasticbeanstalk command to latest version

1.18.36
api-change:personalize-runtime: Update personalize-runtime command to latest version
api-change:robomaker: Update robomaker command to latest version

1.18.35
api-change:cloudwatch: Update cloudwatch command to latest version
api-change:redshift: Update redshift command to latest version
api-change:gamelift: Update gamelift command to latest version
api-change:rds: Update rds command to latest version
api-change:medialive: Update medialive command to latest version

1.18.34
api-change:iot: Update iot command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version

1.18.33
api-change:rekognition: Update rekognition command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version
api-change:elastic-inference: Update elastic-inference command to latest version
api-change:pinpoint: Update pinpoint command to latest version
api-change:detective: Update detective command to latest version
api-change:mediastore: Update mediastore command to latest version
api-change:wafv2: Update wafv2 command to latest version
api-change:glue: Update glue command to latest version
api-change:fms: Update fms command to latest version
api-change:organizations: Update organizations command to latest version
api-change:storagegateway: Update storagegateway command to latest version
api-change:lambda: Update lambda command to latest version

1.18.32
api-change:accessanalyzer: Update accessanalyzer command to latest version

1.18.31
api-change:globalaccelerator: Update globalaccelerator command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version
api-change:kendra: Update kendra command to latest version

1.18.30
api-change:fsx: Update fsx command to latest version
api-change:sagemaker: Update sagemaker command to latest version
api-change:securityhub: Update securityhub command to latest version

1.18.29
enhancement:shorthand: The CLI now no longer allows a key to be spcified twice in a shorthand parameter. For example foo=bar,foo=baz would previously be accepted, with only baz being set, and foo=bar silently being ignored. Now an error will be raised pointing out the issue, and suggesting a fix.
api-change:application-insights: Update application-insights command to latest version
api-change:detective: Update detective command to latest version
api-change:managedblockchain: Update managedblockchain command to latest version
api-change:es: Update es command to latest version
api-change:xray: Update xray command to latest version
api-change:ce: Update ce command to latest version

1.18.28
api-change:rds-data: Update rds-data command to latest version
api-change:eks: Update eks command to latest version
api-change:organizations: Update organizations command to latest version
api-change:athena: Update athena command to latest version

1.18.27
api-change:route53: Update route53 command to latest version
api-change:eks: Update eks command to latest version
api-change:apigatewayv2: Update apigatewayv2 command to latest version

1.18.26
api-change:servicecatalog: Update servicecatalog command to latest version

1.18.25
api-change:outposts: Update outposts command to latest version
api-change:acm: Update acm command to latest version

1.18.24
api-change:personalize: Update personalize command to latest version
api-change:rds: Update rds command to latest version
api-change:mediaconnect: Update mediaconnect command to latest version

1.18.23
api-change:mediaconvert: Update mediaconvert command to latest version

1.18.22
api-change:cognito-idp: Update cognito-idp command to latest version
api-change:elasticache: Update elasticache command to latest version
api-change:s3control: Update s3control command to latest version
api-change:ecs: Update ecs command to latest version
api-change:ssm: Update ssm command to latest version

1.18.21
api-change:appconfig: Update appconfig command to latest version

1.18.20
api-change:ec2: Update ec2 command to latest version
api-change:apigatewayv2: Update apigatewayv2 command to latest version
api-change:lex-models: Update lex-models command to latest version
api-change:iot: Update iot command to latest version
api-change:securityhub: Update securityhub command to latest version

1.18.19
api-change:efs: Update efs command to latest version
api-change:redshift: Update redshift command to latest version

1.18.18
api-change:marketplacecommerceanalytics: Update marketplacecommerceanalytics command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:serverlessrepo: Update serverlessrepo command to latest version

1.18.17
api-change:medialive: Update medialive command to latest version
api-change:dms: Update dms command to latest version
api-change:ec2: Update ec2 command to latest version

1.18.16
api-change:appmesh: Update appmesh command to latest version
api-change:signer: Update signer command to latest version
api-change:robomaker: Update robomaker command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:guardduty: Update guardduty command to latest version

1.18.15
api-change:ec2: Update ec2 command to latest version
api-change:opsworkscm: Update opsworkscm command to latest version
api-change:eks: Update eks command to latest version
api-change:guardduty: Update guardduty command to latest version

1.18.14
api-change:pinpoint: Update pinpoint command to latest version

1.18.13
enhancement:PyYAML: Increased the uppber bound on the PyYAML dependency to 5.3.
api-change:ec2: Update ec2 command to latest version

1.18.12
api-change:cloudwatch: Update cloudwatch command to latest version
api-change:comprehendmedical: Update comprehendmedical command to latest version

1.18.11
api-change:config: Update config command to latest version

1.18.10
api-change:quicksight: Update quicksight command to latest version
api-change:appmesh: Update appmesh command to latest version
api-change:elbv2: Update elbv2 command to latest version
api-change:accessanalyzer: Update accessanalyzer command to latest version
api-change:glue: Update glue command to latest version
api-change:codeguruprofiler: Update codeguruprofiler command to latest version
api-change:sagemaker-a2i-runtime: Update sagemaker-a2i-runtime command to latest version
api-change:workdocs: Update workdocs command to latest version
api-change:config: Update config command to latest version

1.18.9
api-change:lightsail: Update lightsail command to latest version
api-change:globalaccelerator: Update globalaccelerator command to latest version

1.18.8
api-change:securityhub: Update securityhub command to latest version
api-change:transcribe: Update transcribe command to latest version
bugfix:codecommit: Fix codecommit credential-helper input parsing to allow a trailing newline.
api-change:ec2: Update ec2 command to latest version
api-change:sagemaker: Update sagemaker command to latest version

1.18.7
api-change:kafka: Update kafka command to latest version
api-change:secretsmanager: Update secretsmanager command to latest version
api-change:stepfunctions: Update stepfunctions command to latest version
api-change:outposts: Update outposts command to latest version

1.18.6
api-change:events: Update events command to latest version
api-change:iotevents: Update iotevents command to latest version
api-change:fsx: Update fsx command to latest version
api-change:snowball: Update snowball command to latest version
api-change:docdb: Update docdb command to latest version

1.18.5
api-change:redshift: Update redshift command to latest version
api-change:wafv2: Update wafv2 command to latest version
api-change:imagebuilder: Update imagebuilder command to latest version

1.18.4
api-change:pinpoint: Update pinpoint command to latest version
api-change:appconfig: Update appconfig command to latest version
api-change:savingsplans: Update savingsplans command to latest version

1.18.3
api-change:autoscaling: Update autoscaling command to latest version
api-change:lambda: Update lambda command to latest version
api-change:servicecatalog: Update servicecatalog command to latest version

(adam)