Changes 0.9.1:
Bug fixes.

(adam)

Fix build with newer texinfo (same patch as some newer GCC versions)

From mmoll via github

(maya)

Requires GCC 4.4.

from mmoll via github

(maya)

Omit low GCC_REQD

(maya)

omit low GCC_REQD (3.0)

(maya)

Added www/py-aiohttp version 2.2.3

(adam)

HTTP client/server for asyncio (PEP 3156).

Features:
* Supports both Client and HTTP Server.
* Supports both Server WebSockets and Client WebSockets out-of-the-box.
* Web-server has Middlewares, Signals and pluggable routing.

(adam)

Undef bootstrap hack.

(joerg)

fix paths in patches.

(christos)

Fix building with older compilers

(adam)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Fix dropped characters on landisk (sh4). Now the arrow keys work in the
installer.

(christos)

Updated multimedia/mpv to 0.25.0nb1

(leot)

Add stereo/mono fallback logic for `oss' audio output.

Previously playing files with more audio channels available than the ones
provided by audio device resulted in muted audio. A possible workaround to that
was forcing the `--audio-channels=2' or similar.

Thanks to <mrg> for kindly provided a reliable test (file|case) for that!

While here also get rid of a trailing whitespace in options.mk (spotted by
pkglint!)

Bump PKGREVISION.

(leot)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Fix DISTNAME.

(wiz)

Adopt ARM patches from devel/protobuf; makes firefox work on NetBSD/evbarm

(jmcneill)

Delete webkit24-gtk entry (it's already present as webkit-gtk).

(leot)

Updated multimedia/libass to 0.13.7

(adam)

Release 0.13.7
Fix invalid memory accesses with BorderStyle=4
Fix change detection bug on frame resizes
Fix cache bugs with border size
Reduce precision of border width in font outline caching
Don't treat :;<=>? as hexadecimal digits in color headers
Fix parsing of unusual Alignment values in ASS style definitions
Fix potential truncation in timestamp parsing
Treat negative PlayResX/PlayResY like VSFilter
Fixes to parsing of embedded fonts
Remove arbitrary bitmap limit (fixes issues with subtitle rendering at 4K)
Allow using shadow offset to adjust size of background with BorderStyle=4
Fix TrueType/OpenType font collection handling with the DirectWrite backend

(adam)

+ ImageMagick-7.0.6.1, afl-2.47b, bsdtar-3.3.2, calibre-3.4,
  evince-3.24.0, filezilla-3.26.2, gstreamer1-1.12.2, libarchive-3.3.2,
  libfilezilla-0.10.0, mpg123-1.25.2, ocaml-4.05.0,
  p5-Algorithm-Permute-0.15, p5-Exception-Class-1.43, p5-Image-Info-1.41,
  p5-Module-Runtime-0.015, p5-Mojolicious-7.36, p5-Tie-Cycle-1.225,
  py-decorator-4.1.1, py-setuptools-36.2.0, py-tortoisehg-4.2.2,
  screen-4.6.1, syncthing-0.14.32, vim-8.0.0717, vim-share-8.0.0717,
  webkit24-gtk-2.16.5.

(wiz)

Updated devel/py-decorator to 4.1.1, graphics/py-cairocffi to 0.8.0; Added databases/py-multidict version 3.1.3, www/py-yarl version 0.12.0

(adam)

The module provides handy URL class for url parsing and changing.

(adam)

Multidict is dict-like collection of key-value pairs where key might be
occurred more than once in the container.

HTTP Headers and URL query string require specific data structure: multidict.
It behaves mostly like a regular dict but it may have several values for the
same key and preserves insertion ordering.

(adam)

Version 0.8.0
* Follow semver
* Avoid implicit relative import
* Use utf-8 instead of utf8 in headers
* Keep cairo library loaded until all relevant objects are freed
* Add cairo_quartz_* functions for MacOS
* Use the default ReadTheDocs theme
* Fix implicit casts

(adam)

4.1.1:
Changed the documentation build system to sphinx and uploaded the docs on readthedocs.org.

4.1.0:
Support for Python 3.5 coroutines defined with async def, thanks to Victor-Nicolae Savu who raised the issue of iscoroutinefunction not giving the right answer for coroutines decorated with the decorator module.

(adam)

Add upstream bug report for previous.

(wiz)

LDFLAGS_DEFAULT, not LDFLAGS.

(wiz)

Honor LDFLAGS on NetBSD. Fixes RELRO build.

Every OPSYS has its own case for this. Please fix your
favorite operating system similarly.

(wiz)

Last group of pullup tickets

(bsiegert)

Pullup ticket #5515 - requested by maya
print/evince3: security fix

Revisions pulled up:
- print/evince3/Makefile                                        1.62
- print/evince3/distinfo                                        1.13
- print/evince3/patches/patch-backend_comics_comics-document.c  1.1
- print/evince3/patches/patch-configure                        1.1
- print/evince3/patches/patch-configure.ac                      1.1

---
  Module Name: pkgsrc
  Committed By: maya
  Date: Fri Jul 14 05:31:21 UTC 2017

  Modified Files:
  pkgsrc/print/evince3: Makefile distinfo
  Added Files:
  pkgsrc/print/evince3/patches: patch-backend_comics_comics-document.c
      patch-configure patch-configure.ac

  Log Message:
  Patch CVE-2017-1000083

  From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
  From: Bastien Nocera <hadess@hadess.net>
  Date: Thu, 6 Jul 2017 20:02:00 +0200
  Subject: [PATCH] comics: Remove support for tar and tar-like commands

  When handling tar files, or using a command with tar-compatible syntax,
  to open comic-book archives, both the archive name (the name of the
  comics file) and the filename (the name of a page within the archive)
  are quoted to not be interpreted by the shell.

  But the filename is completely with the attacker's control and can start
  with "--" which leads to tar interpreting it as a command line flag.

  This can be exploited by creating a CBT file (a tar archive with the
  .cbt suffix) with an embedded file named something like this:
  "--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"

  CBT files are infinitely rare (CBZ is usually used for DRM-free
  commercial releases, CBR for those from more dubious provenance), so
  removing support is the easiest way to avoid the bug triggering. All
  this code was rewritten in the development release for GNOME 3.26 to not
  shell out to any command, closing off this particular attack vector.

  This also removes the ability to use libarchive's bsdtar-compatible
  binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
  are already supported by unzip and 7zip respectively. libarchive's RAR
  support is limited, so unrar is a requirement anyway.

  Discovered by Felix Wilhelm from the Google Security Team.

  https://bugzilla.gnome.org/show_bug.cgi?id=784630

  Bump PKGREVISION

(bsiegert)

Updated print/mupdf to 1.11nb2

(leot)

Do not possibly (re)initialize LDFLAGS and pass it also to AR_CMD.
This fixes RELRO build.

Bump PKGREVISION

(leot)

Pullup ticket #5510 - requested by maya
chat/irssi: security fix

Revisions pulled up:
- chat/irssi-icb/distinfo                                      1.30
- chat/irssi-xmpp/distinfo                                      1.12
- chat/irssi/Makefile.common                                    1.24
- chat/irssi/distinfo                                          1.43

---
  Module Name: pkgsrc
  Committed By: maya
  Date: Fri Jul  7 12:33:43 UTC 2017

  Modified Files:
  pkgsrc/chat/irssi: Makefile.common distinfo

  Log Message:
  irssi: update to 1.0.4. security fix.

  v1.0.4 2017-07-07  The Irssi team <staff@irssi.org>
  - Fix null pointer dereference when parsing invalid timestamp (GL#10,
    GL!15). Reported by Brian 'geeknik' Carpenter.
  - Fix use-after-free condition when removing nicks from the internal
    nicklist (GL#11, GL!16). Reported by Brian 'geeknik' Carpenter.
  - Fix incorrect string comparison in DCC file names (#714).
  - Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'"
    (#716, #722).
  - Fix a bug when using \n to separate lines with expand_escapes (#723).
  - Retain screen output on improper exit, to better see any error
    messages (#287, #721).
  - Minor help update (#729).

---
  Module Name: pkgsrc
  Committed By: maya
  Date: Fri Jul  7 12:35:37 UTC 2017

  Modified Files:
  pkgsrc/chat/irssi-icb: distinfo

  Log Message:
  Catch up with irssi version update

---
  Module Name: pkgsrc
  Committed By: maya
  Date: Fri Jul  7 12:35:59 UTC 2017

  Modified Files:
  pkgsrc/chat/irssi-xmpp: distinfo

  Log Message:
  catch up with irssi update.

(bsiegert)

Pullup ticket #5514 - requested by taca
www/contao44: security fix

Revisions pulled up:
- www/contao44/Makefile                                        1.2
- www/contao44/PLIST                                            1.2
- www/contao44/distinfo                                        1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jul 12 14:52:02 UTC 2017

  Modified Files:
  pkgsrc/www/contao44: Makefile PLIST distinfo

  Log Message:
  Update contao44 to 4.4.1.

  ### 4.4.1 (2017-07-12)

    * Prevent arbitrary PHP file inclusions in the back end (see CVE-2017-10993).
    * Correctly handle subpalettes in "edit multiple" mode (see #946).
    * Correctly show the DCA picker in the site structure (see #906).
    * Correctly update the style sheets if a format definition is
      enabled/disabled (see #893).
    * Always show the "show from" and "show until" fields (see #908).
    * Correctly set the "overwriteMeta" field during the database update (see
      contao/core-bundle#888).

(bsiegert)

Pullup ticket #5513 - requested by taca
www/contao35: security fix

Revisions pulled up:
- www/contao35/Makefile                                        1.31
- www/contao35/distinfo                                        1.24

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jul 12 14:42:55 UTC 2017

  Modified Files:
  pkgsrc/www/contao35: Makefile distinfo

  Log Message:
  Update contao35 to 3.5.28.

  Version 3.5.28 (2017-07-12)
  ---------------------------

  ### Fixed
  Prevent arbitrary PHP file inclusions in the back end (see CVE-2017-10993).

  ### Fixed
  Improve the accessibility of the CAPTCHA widget (see #8709).

  ### Fixed
  Fixed the iOS scrolling bug in the simple modal script (see #8708).

  ### Fixed
  Correctly cache the unique keys in the SQL cache (see #8712).

(bsiegert)

Pullup ticket #5512 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                          1.70
- net/bind99/distinfo                                          1.48

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Jul  8 04:30:33 UTC 2017

  Modified Files:
  pkgsrc/net/bind99: Makefile distinfo

  Log Message:
  Update bind99 to 9.9.10pl3 (BIND 9.9.10-P3).

  --- 9.9.10-P3 released ---

  4647. [bug] Change 4643 broke verification of TSIG signed TCP
  message sequences where not all the messages contain
  TSIG records.  These may be used in AXFR and IXFR
  responses. [RT #45509]

(bsiegert)

Pullup ticket #5511 - requested by taca
net/bind910: security fix

Revisions pulled up:
- net/bind910/Makefile                                          1.36
- net/bind910/distinfo                                          1.27

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Jul  8 04:29:00 UTC 2017

  Modified Files:
  pkgsrc/net/bind910: Makefile distinfo

  Log Message:
  Update bind910 to 9.10.5pl3 (BIND 9.10.5-P3).

  --- 9.10.5-P3 released ---

  4647. [bug] Change 4643 broke verification of TSIG signed TCP
  message sequences where not all the messages contain
  TSIG records.  These may be used in AXFR and IXFR
  responses. [RT #45509]

(bsiegert)

Pass LDFLAGS to build. Fixes RELRO build.

(wiz)

Updated mail/getmail to 5.1

(schmonz)

Update to 5.1. From the changelog:

- bugfix: if password_command parameter was used with a non-existent program,
  getmail would error out during the handling of that condition and not report
  the problem correctly.

(schmonz)

Updated mail/getmail to 5.0

(schmonz)

Update to 5.0. From the changelog:

- new release numbering scheme; previous version numbers were just getting
  too high.
- catch and ignore/exit cleanly after reset connection in IMAP IDLE mode.
  Thanks:  Stephan Schulz.
- allow specifying an expected SSL certificate hostname, for when the
  server's certificate does not match the domain name used to connect to
  it.  Thanks:  "Andre".
- fix error message not actually giving the header field name incorrectly
  specified as containing the envelope recipient address.  Thanks:  Hardy
  Braunsdorf.
- add new password_command configuration parameter for retrievers, allowing
  getmail to retrieve the account password from any arbitrary external
  command.  Suggestion:  "ng0".

(schmonz)

Pullup ticket #5509 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.184
- lang/php56/Makefile                                          1.14
- lang/php56/distinfo                                          1.42

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jul  7 03:13:48 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php56: Makefile distinfo

  Log Message:
  Update php56 to 5.6.31.

  06 Jul 2017, PHP 5.6.31

  - Core:
    . Fixed bug #73807 (Performance problem with processing post request over
      2000000 chars). (Nikita)
    . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
      unserialize). (Nikita)
    . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
      (Stas)
    . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
      php_parse_date()). (Derick)

  - GD:
    . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

  - mbstring:
    . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
      CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

  - OpenSSL:
    . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
      (Stas)

  - PCRE:
    . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
      (Stas)

  - WDDX:
      . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)

(bsiegert)

amath update

(bsiegert)

Update amath to 1.8.2. From Carsten Larsen in PR pkg/52407.

- Improved endianness detection
- MIPS support

(bsiegert)

Pullup ticket #5508 - requested by taca
lang/php71: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.183
- lang/php71/distinfo                                          1.23

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jul  7 03:12:23 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php71: distinfo

  Log Message:
  Update php71 to 7.1.7.

  06 Jul 2017, PHP 7.1.7

  - Core:
    . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
      parsed). (Manuel Mausz)
    . Fixed bug #74658 (Undefined constants in array properties result in broken
      properties). (Laruence)
    . Fixed misparsing of abstract unix domain socket names. (Sara)
    . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
      (Stas)
    . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
      zval_get_type). (Nikita)
    . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
      unserialize). (Nikita)
    . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
      php_parse_date()). (Derick)

  - Date:
    . Fixed bug #74639 (implement clone for DatePeriod and DateInterval).
      (andrewnester)

  - DOM:
    . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)

  - GD:
    . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

  - Intl:
    . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
    . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
      collator_get_sort_key). (Tyson Andre, Remi)

  - Mbstring:
    . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
      CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

  - OCI8:
    . Add TAF callback (PR #2459). (KoenigsKind)

  - Opcache:
    . Fixed bug #74663 (Segfault with opcache.memory_protect and
      validate_timestamp). (Laruence)
    . Revert opcache.enable_cli to default disabled. (Nikita)

  - OpenSSL:
    . Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in
      content). (Anatol)
    . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
      (Stas)

  - PDO_OCI:
    . Support Instant Client 12.2 in --with-pdo-oci configure option.
      (Tianfang Yang)

  - Reflection:
    . Fixed bug #74673 (Segfault when cast Reflection object to string with
      undefined constant). (Laruence)

  - SPL:
    . Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
      (jhdxr)

  - FTP:
    . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)

  - PHAR:
    . Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)

  - SOAP
    . Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
      (Dmitry)

  - Streams:
    . Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)

(bsiegert)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Fix pkglint warnings.

(wiz)

Pullup ticket #5507 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.182
- lang/php70/distinfo                                          1.35

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jul  6 13:32:02 UTC 2017

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php70: distinfo

  Log Message:
  Update php70 to 7.0.21.

  06 Jul 2017 PHP 7.0.21

  - Core:
    . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
      parsed). (Manuel Mausz)
    . Fixed bug #74658 (Undefined constants in array properties result in broken
      properties). (Laruence)
    . Fixed misparsing of abstract unix domain socket names. (Sara)
    . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
      zval_get_type). (Nikita)
    . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
      unserialize). (Nikita)
    . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
      (Stas)
    . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
      php_parse_date()). (Derick)

  - DOM:
    . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)

  - GD:
    . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

  - Intl:
    . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
    . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
      collator_get_sort_key). (Tyson Andre, Remi)
    . Fixed bug #73634 (grapheme_strpos illegal memory access). (Stas)

  - Mbstring:
    . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
      CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

  - OCI8:
    . Add TAF callback (PR #2459). (KoenigsKind)

  - Opcache:
    . Fixed bug #74663 (Segfault with opcache.memory_protect and
      validate_timestamp). (Laruence)

  - OpenSSL:
    . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
      (Stas)

  - PCRE:
    . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
      (Stas)

  - PDO_OCI:
    . Support Instant Client 12.2 in --with-pdo-oci configure option.
      (Tianfang Yang)

  - Reflection:
    . Fixed bug #74673 (Segfault when cast Reflection object to string with
      undefined constant). (Laruence)

  - SPL:
    . Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
      (jhdxr)

  - Standard:
    . Fixed bug #74708 (Invalid Reflection signatures for random_bytes and
      random_int). (Tyson Andre, Remi)
    . Fixed bug #73648 (Heap buffer overflow in substr). (Stas)

  - FTP:
    . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)

  - PHAR:
    . Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)

  - SOAP
    . Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
      (Dmitry)

  - Streams:
    . Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)

(bsiegert)

Pullup ticket #5506 - requested by he
net/exabgp: NetBSD build fix

Revisions pulled up:
- net/exabgp/Makefile                                          1.21
- net/exabgp/distinfo                                          1.13
- net/exabgp/patches/patch-lib_exabgp_application_healthcheck.py 1.1

---
  Module Name: pkgsrc
  Committed By: he
  Date: Tue Jul  4 12:35:12 UTC 2017

  Modified Files:
  pkgsrc/net/exabgp: Makefile distinfo
  Added Files:
  pkgsrc/net/exabgp/patches: patch-lib_exabgp_application_healthcheck.py

  Log Message:
  Patch the healthcheck.py script in its proper place.
  Provide a default syslog target of /var/run/log for NetBSD, so
  that the healthcheck.py script can run on NetBSD.
  Bump PKGREVISION.

(bsiegert)

Pullup ticket #5505 - requested by joerg
devel/libbson: build fix

Revisions pulled up:
- devel/libbson/distinfo                                        1.24
- devel/libbson/patches/patch-configure                        1.3

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Mon Jul  3 18:11:27 UTC 2017

  Modified Files:
  pkgsrc/devel/libbson: distinfo
  Added Files:
  pkgsrc/devel/libbson/patches: patch-configure

  Log Message:
  Fix nonsense shell syntax. From Robert Elz.

(bsiegert)

Pullup ticket #5504 - requested by maya
math/octave: build fix

Revisions pulled up:
- math/octave/Makefile                                          1.152
- math/octave/PLIST                                            1.30

---
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Mon Jul  3 13:40:00 UTC 2017

  Modified Files:
          pkgsrc/math/octave: Makefile PLIST

  Log Message:
  Get rid of charset.alias. it creates conflicts with other packages (gdb
  being one example), and the logic for building it is conditional, causing
  PLIST mismatches for GLIBC users.

  Reported by Jason Bacon in pkgsrc-users.
  Bump PKGREVISION

(bsiegert)

Fix LDFLAGS handling. Fixes RELRO build.

Funny how LDFLAGS passed to ld(1) doesn't work.

(wiz)

Fix PLIST for python-2.x and python-3.x on NetBSD.

Neither installs ${PYSITELIB}/gevent/libev/_corecffi.abi3.so, so remove
it from PLIST, might need more magic for that.

(wiz)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Shorten.

(wiz)

Do not prescribe what should be in CFLAGS/CPPFLAGS.

While here, remove patch that does nothing since autoreconf is used.

(wiz)

Honor (CFLAGS and) LDFLAGS. Fixes RELRO build.

(wiz)

Updated net/youtube-dl to 20170715

(adam)

youtube-dl 2017.07.15

Core
[YoutubeDL] Don't expand environment variables in meta fields

Extractors
[spiegeltv] Delegate extraction to nexx extractor
[nexx] Add support for nexx.cloud
[generic] Fix rutube embeds extraction
[karrierevideos] Fix title extraction
[youtube] Don't capture YouTube Red ad for creator meta field
[slideshare] Fix extraction
[5tv] Add another video URL pattern
[drtv] Make HLS and HDS extraction non fatal
[ted] Fix subtitles extraction
[vine] Make sure the title won't be empty
[twitter] Support HLS streams in vmap URLs
[periscope] Support pscp.tv URLs in embedded frames
[twitter] Extract mp4 urls via mobile API
[niconico] Fix authentication error handling
[giantbomb] Extract m3u8 formats
[vlive:playlist] Add support for playlists

(adam)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Honor LDFLAGS. Fixes RELRO build.

(wiz)

Pass LDFLAGS to build. Fixes RELRO.

(wiz)

Added needed dependency on ocaml-oasis

(jaapb)

Updated devel/ocaml-yojson to 1.3.3nb1

(jaapb)

Updated package to install ydump if warranted

(jaapb)

Updated multimedia/adobe-flash-player to 26.0.0.137

(tsutsui)

Update adobe-flash-player to 26.0.0.137.

Upstream announcemnt:

https://helpx.adobe.com/security/products/flash-player/apsb17-21.html

Adobe Security Bulletin
Security updates available for Flash Player | APSB17-21

(tsutsui)

Updated games/ruby-squib to 0.13.3

(wiz)

Updated ruby23-squib to 0.13.3.

## v0.13.3 / 2017-07-15

Bugs:
* Fix `undefined method [] for nil:NilClass` error on `svg` (was a regression error in librsvg that we worked around.)
* Bump dependencies to latest stable versions. Pango et al. to 3.1.7 and Cairo to 1.15.9. This fixes some compatibility issues.

(wiz)

Updated sysutils/tarsnap to 1.0.38

(wiz)

Updated tarsnap to 1.0.38.

Tarsnap 1.0.38 is now available.  This version brings several new features
compared to tarsnap 1.0.37:

* Tarsnap now supports OpenSSL 1.1.

* tarsnap accepts an --iso-dates option, which causes times to be printed in
YYYY-MM-DD HH:MM:SS format rather than the traditional unix "ls -l" style.

* tarsnap accepts a --force-resources option to proceed with decryption of a
passphrase-encrypted key file even if it is anticipated to use an excessive
amount of memory or CPU time.  (This may be useful if tarsnap inaccurately
estimates the amount of memory your system has available.)

* tarsnap accepts an --archive-names <file> option, which reads a list of
archive names to operate on when operating in -d and --print-stats modes.
(This should make some scripts simpler; no more need to construct a command
line which has '-f' inserted before each archive name.)

Potentially (but unlikely) breaking changes in this code compared to tarsnap
1.0.37:

* tarsnap now applies the --humanize-numbers option to the "progress" output
printed by SIGINFO / SIGUSR1.  If you have scripts which send signals to
tarsnap and parse its output, they may need to be updated.

* tarsnap -v now prints 'Deleting archive "foo"' even if only one archive is
being deleted.  If you have scripts which parse the output of tarsnap -v,
they may need to be updated.

* tarsnap now prints a warning if you pass '--configfile /nosuchfile'.  If you
have scripts which rely on being able to specify nonexistent configuration
files and not get any warnings from tarsnap, they may need to be updated.
(Also, if you were doing that, I *really* want to know why.)

There are also two changes which most users should not encounter:

* tarsnap now has an --initialize-cachedir mode; this is intended for use by
the GUI.  (The cache directory will be initialized automatically in normal
usage of the tarsnap command-line utility.)

* tarsnap's configure script takes a --with-conf-no-sample option which
results in the sample tarsnap configuration file being installed as
"tarsnap.conf" rather than "tarsnap.conf.sample".  This is intended for use in
some packaging systems which have mechanisms for managing configuration files,
and should probably not be used by hand (since it will overwrite your existing
tarsnap.conf).

(wiz)

Pass LDFLAGS when building using bjam. Fixes RELRO for at least boost-libs.

(wiz)

Pass CFLAGS and LDFLAGS to compiler. Fixes RELRO build.

(wiz)

Updated devel/snappy to 1.1.6

(adam)

Snappy v1.1.6:

This is a re-release of v1.1.5 with proper SONAME / SOVERSION values.

Snappy v1.1.5:

This release has broken SONAME / SOVERSION values. Users of snappy as a shared
library should avoid 1.1.5 and use 1.1.6 instead. SONAME / SOVERSION errors will
manifest as the dynamic library loader complaining that it cannot find snappy's
shared library file (libsnappy.so / libsnappy.dylib), or that the library it
found does not have the required version. 1.1.6 has the same code as 1.1.5, but
carries build configuration fixes for the issues above.

  * Add CMake build support. The autoconf build support is now deprecated, and
    will be removed in the next release.

  * Add AppVeyor configuration, for Windows CI coverage.

  * Small performance improvement on little-endian PowerPC.

  * Small performance improvement on LLVM with position-independent executables.

  * Fix a few issues with various build environments.

(adam)

Updated converters/py-cairosvg to 2.0.3, graphics/py-pygal to 2.4.0

(adam)

2.4.0
Generalized fix solidgauge squares algorithm
Fix secondary series ���stroke_style��� property
Fix wrong label colors when there are more series than colors
Show y guides in horizontal chart
Fix nomenclature of Taiwan
Better None values handling in logarithmic charts

(adam)

Version 2.0.3:
* Add ``python_requires`` in ``setup.py``

Version 2.0.2:
* Handle ``text-align`` in textPath tags
* Test with Python 3.6

Version 2.0.1:
* Don't crash on relative refs with no input URL

Version 2.0.0:
* Drop Python 2 support
* Drop pycairo support
* Rely on cairocffi, lxml, cssselect, pillow and tinycss
* Fix markers
* Fix URL/id handling
* Use bounding boxes for gradients
* Split deployment and development tests
* Add a scale option
* Add a parent size option
* Test with Travis

(adam)

4.2.15 - hotfix release
IMPORTANT NOTE: This will be the last release with Python 2.6 support, subsequent releases will be 2.7+ only
- Fixed certain one line imports not being successfully wrapped

(adam)

Added graphics/py-seaborn version 0.8; Updated graphics/py-dot to 1.2.3

(adam)

1.2.3:
- support Python 2.6
- several corrections
- quote empty strings to avoid graphviz errors

(adam)

Seaborn is a library for making attractive and informative statistical graphics
in Python. It is built on top of matplotlib and tightly integrated with the
PyData stack, including support for numpy and pandas data structures and
statistical routines from scipy and statsmodels.

Some of the features that seaborn offers are
* Several built-in themes that improve on the default matplotlib aesthetics
* Tools for choosing color palettes to make beautiful plots that reveal
  patterns in your data
* Functions for visualizing univariate and bivariate distributions or for
  comparing them between subsets of data
* Tools that fit and visualize linear regression models for different kinds
  of independent and dependent variables
* Functions that visualize matrices of data and use clustering algorithms to
  discover structure in those matrices
* A function to plot statistical timeseries data with flexible estimation and
  representation of uncertainty around the estimate
* High-level abstractions for structuring grids of plots that let you easily
  build complex visualizations

(adam)

Remove chatzilla option

* chatzilla is not shipped with seamonkey anymore

(ryoon)

When a compiler complains about a missing prototype for a libc
function, just inserting one for what you think the interface might be
is probably not a good idea. (Same patch as for netatalk22, btw.)

(hauke)

Merge Ocaml compatibility fix from newer Unison.

(joerg)

Not MAKE_JOBS safe, mark as such.

(joerg)

Deal with libtre without tre.h.

(joerg)

Add missing header.

(joerg)

Needs -lcompat on NetBSD, but also include the right header.

(joerg)

Collect patches for xapian in a common subdirectory. Put distinfo for
modules into a separate file as well. Don't hard-code -lstdc++ for
broken ancient OpenBSD versions of GCC. Sync p5-Xapian PLIST with
reality.

(joerg)

Fix unused function to at least compile on NetBSD. Fix C99 inline use.

(joerg)

Renamed databases/py-redis-py to databases/py-redis

(adam)

Renamed databases/py-redis-py to databases/py-redis; Updated databases/py-redis to 2.10.5

(adam)

PkgSrc:
renamed py-redis-py to py-redis

2.10.5
    * Allow URL encoded parameters in Redis URLs. Characters like a "/" can
      now be URL encoded and redis-py will correctly decode them.
    * Added support for the WAIT command.
    * Better shutdown support for the PubSub Worker Thread. It now properly
      cleans up the connection, unsubscribes from any channels and patterns
      previously subscribed to and consumes any waiting messages on the socket.
    * Added the ability to sleep for a brief period in the event of a
      WatchError occuring.
    * Fixed a bug with pipeline error reporting when dealing with characters
      in error messages that could not be encoded to the connection's
      character set.
    * Fixed a bug in Sentinel connections that would inadvertantly connect
      to the master when the connection pool resets.
    * Better timeout support in Pubsub get_message.
    * Fixed a bug with the HiredisParser that would cause the parser to
      get stuck in an endless loop if a specific number of bytes were
      delivered from the socket. This fix also increases performance of
      parsing large responses from the Redis server.
    * Added support for ZREVRANGEBYLEX.
    * ConnectionErrors are now raised if Redis refuses a connection due to
      the maxclients limit being exceeded.
    * max_connections can now be set when instantiating client instances.

(adam)

Added net/py-geventhttpclient version 1.3.1; Updated devel/py-dulwich to 0.17.3, time/py-icalendar to 3.11.5, net/py-xandikos to 0.0.6

(adam)