Catch up with mozilla-rootcerts package

A recent rototill of mozilla-rootcerts removed the notion of /etc/ssl.
Remove that notion here so this builds again.

Add comment questioning setting PREFIX to /etc when pkgsrc openssl is
used, now that /etc/ssl is no longer used.

(gdt)

After much prodding by joerg (thanks!), add a build dependency on go -
needed for compilation

(agc)

Fix Perl 5.26 issue.

(joerg)

Don't care about potentially unaligned access to packed structures.

(joerg)

Fix build with Perl 5.26.

(joerg)

+ Mesa-17.1.3, automake-15.1, calibre-3.0, opus-1.2,
  phoronix-test-suite-7.2.0, rspamd-1.6.0, rust-1.18, shotwell-0.27,
  valgrind-3.13, vim-8.0.0646, wine-devel-2.10, xfce4-settings-4.13.1.

(wiz)

Updated net/djbdns to 1.05nb11

(schmonz)

Note update of www/drupal7 package to 7.56.

(taca)

Update drupal7 to 7.56.

Drupal 7.56, 2017-06-21
-----------------------
- Fixed security issues (access bypass). See SA-CORE-2017-003.

(taca)

Updated devel/phabricator to 20170316

(youri)

Update phabricator to last git commit.

(youri)

Updated devel/arcanist to 20170225

(youri)

Needs pkg-config, at least for some build options.

(schmonz)

Update arcanist to last git commit.

(youri)

Updated devel/libphutil to 20170620

(youri)

Update libphutil to last git commit.

(youri)

Use latest root servers from https://www.iana.org/domains/root/servers.
Bump PKGREVISION.

(schmonz)

Updated print/cups-filters to 1.14.0nb2

(wiz)

Add cups-browsed start up script, from Edgar Fuß.

Bump PKGREVISION.

(wiz)

-texlive, -luatex

(markd)

Add some more tex packages

(markd)

add tex-{continue,cutwin,hang,hanging,leading,mfirstuc,thmtools}

(markd)

add tex-apa6

(markd)

add tex-biblatex-apa

(markd)

Add tex-{apa6,biblatex-apa,continue,cutwin,hang,hanging,leading,mfirstuc,thmtools}{,-doc}

(markd)

Add buildlink3.mk since it installs libraries usable by third parties.
Requested by Aleksej Lebedev on pkgsrc-users.

(nros)

Add tex-apa6{,-doc} 2.31
  Format documents in APA style (6th edition)
Add tex-biblatex-apa{,-doc} 7.4
  BibLaTeX citation and reference style for APA
Add tex-continue{,-doc} 0.1
  Prints 'continuation' marks on recto pages of multipage documents
Add tex-cutwin{,-doc} 0.1
  Cut a window in a paragraph, typeset material in it
Add tex-hang{,-doc} 2.1
  Environments for hanging paragraphs and list items
Add tex-hanging{,-doc} 1.2b
  Hanging paragraphs
Add tex-leading{,-doc} 0.3
  Define leading with a length
Add tex-mfirstuc{,-doc} 2.04
  Uppercase the first letter of a word
Add tex-thmtools{,-doc} 66
  Extensions to theorem environments

(markd)

this is a leftover from the previous version, thanks leot@ for noticing !

(nils)

Remove obsolete patches, thanks leot@!

(youri)

update texlive collections

(markd)

Remove old texlive collections.

(markd)

Add texlive-collection-{humanities,mathscience,plaingeneric}
Remove texlive-collection-{generic*,htmlxml,langafrican,langindic}
Remove texlive-collection-{mathextra,omega,plainextra,science}

(markd)

Cleanup, thanks @leot for the heads up!

(youri)

Cleanup, thanks leot@ for the heads up!

(youri)

Update texlive collections to 2017 versions

(markd)

Updated net/py-tldextract to 2.1.0

(adam)

2.1.0:
Add fqdn convenience property
Add ipv4 convenience property

(adam)

Updated devel/py-requests-file to 1.4.2

(adam)

1.4.2:
Set the response URL to the request URL

(adam)

Work with perl 5.26.  Bump PKGREVISION

(markd)

Deal with perl 5.26.  Bump PKGREVISION

(markd)

Remove lua buildlink, mistakenly included in previous.

(schmonz)

note update of comms/asterisk14 to 14.5.0

(jnemeth)

Added security/ruby-sshkey version 1.9.0

(minskim)

Add ruby-sshkey

(minskim)

Import ruby-sshkey-1.9.0 as security/ruby-sshkey

This generates private/public SSH keypairs using pure Ruby.

(minskim)

Add comment about multiple install locations

This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.

(gdt)

Note update of meta-pkgs/bulk-large package to 20160621.

(taca)

Update to 20160621.

* Fix dependency to ruby-rails32.
* Add dependency to ruby-rails42.

(taca)

Note addition of textproc/ruby-temple package version 0.8.0.

(taca)

Add and enable ruby-temple.

(taca)

Add ruby-temple package version 0.8.0 required by new ruby-haml.

Temple is an abstraction and a framework for compiling templates to pure Ruby.
It's all about making it easier to experiment, implement and optimize template
languages.  If you're interested in implementing your own template language,
or anything else related to the internals of a template engine: You've come to
the right place.

Have a look around, and if you're still wondering: Ask on the mailing list and
we'll try to do our best.  In fact, it doesn't have to be related to Temple at
all.  As long as it has something to do with template languages, we're
interested: <http://groups.google.com/group/guardians-of-the-temple>.

(taca)

Use gsed when building GCC.

This is a somewhat blind commit. I've long had issues on various platforms
with libgcc getting misconfigured (on netbsd/mips,arm,powerpc), for example
build failures see:
port-mips/2017/06/21/msg000832.html">http://mail-index.netbsd.org/port-mips/2017/06/21/msg000832.html

testing GCC 7.1 with netbsd/mips64el I got a lot further using it, but
still didn't complete the build. It took hours to reach this failure,
so I'd rather blindly commit the same change in the hopes it might help
other architectures.

(maya)

Updated www/lighttpd to 1.4.45nb2

(schmonz)

Add webdav, remove qmail-run-ofmipd.

(schmonz)

Add "webdav" option for fuller-featured WebDAV server support.

(schmonz)

Updated net/openvpn to 2.4.3. Added py-asgiref, py-daphne, py-channels

(adam)

Added py-asgiref, py-daphne, py-channels

(adam)

Channels loads into Django as a pluggable app to bring WebSocket, long-poll
HTTP, task offloading and other asynchrony support to your code, using familiar
Django design patterns and a flexible underlying framework that lets you not
only customize behaviours but also write support for your own protocols and
needs.

(adam)

Daphne is a HTTP, HTTP2 and WebSocket protocol server for ASGI, and developed
to power Django Channels.

It supports automatic negotiation of protocols; there's no need for URL
prefixing to determine WebSocket endpoints versus HTTP endpoints.

(adam)

Contains various reference ASGI implementations, including:
* A base channel layer, asgiref.base_layer
* An in-memory channel layer, asgiref.inmemory
* WSGI-to-ASGI and ASGI-to-WSGI adapters, in asgiref.wsgi

(adam)

OpenVPN 2.4.3
Ignore auth-nocache for auth-user-pass if auth-token is pushed
crypto: Enable SHA256 fingerprint checking in --verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke --disable-crypto builds
OpenSSL: don't use direct access to the internal of X509
OpenSSL: don't use direct access to the internal of EVP_PKEY
OpenSSL: don't use direct access to the internal of RSA
OpenSSL: don't use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don't use direct access to the internal of EVP_MD_CTX
OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don't use direct access to the internal of HMAC_CTX
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for --plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option 'connection'
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Make openvpn-plugin.h self-contained again.
Pass correct buffer size to GetModuleFileNameW()
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long --tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for --x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict --x509-alt-username extension types
Fix potential double-free in --x509-alt-username (CVE-2017-7521)
Fix gateway detection with OpenBSD routing domains

(adam)

Pullup tickets #5478 to #5490.

(bsiegert)

Pullup ticket #5485 - requested by sevan
lang/basic256: bugfix

Revisions pulled up:
- lang/basic256/distinfo                                        1.7
- lang/basic256/patches/patch-Interpreter.cpp                  1.3

---
  Module Name:    pkgsrc
  Committed By:  joerg
  Date:          Sat Jun 17 19:42:58 UTC 2017

  Modified Files:
          pkgsrc/lang/basic256: distinfo
          pkgsrc/lang/basic256/patches: patch-Interpreter.cpp

  Log Message:
  Fix portability.

(bsiegert)

Pullup ticket #5490 - requested by maya
lang/g95: build fix

Revisions pulled up:
- lang/g95/Makefile                                            1.28
- lang/g95/distinfo                                            1.29-1.30
- lang/g95/patches/patch-gcc_config.gcc                        1.5
- lang/g95/patches/patch-gcc_config_mips_netbsd.h              1.1
- lang/g95/patches/patch-gcc_config_rs600_netbsd.h              1.1

---
  Module Name: pkgsrc
  Committed By: maya
  Date: Wed Jun 21 01:12:56 UTC 2017

  Modified Files:
  pkgsrc/lang/g95: Makefile distinfo
  Added Files:
  pkgsrc/lang/g95/patches: patch-gcc_config_rs600_netbsd.h

  Log Message:
  g95: don't try to link against a non-existent file on netbsd/powerpc.
  untested but obvious change. currently showing up as a build failure of
  math/blas as it attempts to link with crtsavres which is a linux file.

  Bump PKGREVISION as the build succeeds.

---
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Wed Jun 21 11:36:20 UTC 2017

  Modified Files:
          pkgsrc/lang/g95: distinfo
          pkgsrc/lang/g95/patches: patch-gcc_config.gcc
  Added Files:
          pkgsrc/lang/g95/patches: patch-gcc_config_mips_netbsd.h

  Log Message:
  g95: Fix netbsd/mips64 builds

  NetBSD switched to n32 ABI for mips64el in NetBSD 6, and the build is
  failing due to the default ABI mismatch between linker and newly built
  compiler.

  Default to n32 and backport n32 size definitions from newer GCC.

  Small chance of a functional change for o32 builds (which should work), ride
  previous PKGREVISION bump for it.

(bsiegert)

Pullup ticket #5487 - requested by sevan
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.68-1.69
- www/wordpress/PLIST                                          1.34
- www/wordpress/distinfo                                        1.54-1.55

---
  Module Name:    pkgsrc
  Committed By:  jklos
  Date:          Tue May 30 07:20:15 UTC 2017

  Modified Files:
          pkgsrc/www/wordpress: Makefile distinfo

  Log Message:
  Security update 4.7.5. Bugs fixed:

  Insufficient redirect validation in the HTTP class. Reported by Ronni
  Skansing.
  Improper handling of post meta data values in the XML-RPC API. Reported by
  Sam Thomas.
  Lack of capability checks for post meta data in the XML-RPC API. Reported
  by Ben Bidner of the WordPress Security Team.
  A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
  filesystem credentials dialog. Reported by Yorick Koster.
  A cross-site scripting (XSS) vulnerability was discovered when attempting
  to upload very large files. Reported by Ronni Skansing.
  A cross-site scripting (XSS) vulnerability was discovered related to the
  Customizer. Reported by Weston Ruter of the WordPress Security Team.

---
  Module Name:    pkgsrc
  Committed By:  morr
  Date:          Sun Jun 18 18:01:42 UTC 2017

  Modified Files:
          pkgsrc/www/wordpress: Makefile PLIST distinfo

  Log Message:
  Update to newest version 4.8.

  For changes, check https://codex.wordpress.org/Version_4.8.

(bsiegert)

Pullup ticket #5489 - requested by sevan
net/transmission: build fix for Dragonfly

Revisions pulled up:
- net/transmission/distinfo                                    1.10-1.11
- net/transmission/patches/patch-libtransmission_platform-quota.c 1.4-1.5

---
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Mon Jun 19 13:21:35 UTC 2017

  Modified Files:
          pkgsrc/net/transmission: distinfo
  Added Files:
          pkgsrc/net/transmission/patches:
  patch-libtransmission_platform-quota.c

  Log Message:
  Apply patch that reportedly fixes the build on DragonflyBSD

  >From Aleksej Lebedev (From dragonfly dports) in pkgsrc-users

---
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Mon Jun 19 13:33:46 UTC 2017

  Modified Files:
          pkgsrc/net/transmission: distinfo
          pkgsrc/net/transmission/patches:
  patch-libtransmission_platform-quota.c

  Log Message:
  Add last missing hunk for dflybsd build, missed in previous commit.

(bsiegert)

Pullup ticket #5488 - requested by sevan
security/mozilla-rootcerts: build fix

Revisions pulled up:
- security/mozilla-rootcerts/Makefile                          1.27-1.29
- security/mozilla-rootcerts/files/mozilla-rootcerts.sh        1.14-1.18

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Mon Jun 19 00:10:21 UTC 2017

  Modified Files:
          pkgsrc/security/mozilla-rootcerts: Makefile
          pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh

  Log Message:
  Substitute path to openssl more thoroughly

  This package can depend on builtin openssl or pkgsrc openssl.
  However, it had paths from the base system hardcoded.  Be more
  thorough about using builtin vs pkgsrc paths.  This is a minimal
  change to use builtin/pkgsrc paths; future commits will note latent
  issues uncovered in the process.

  Based on a report to pkgsrc-users by J. Lewis Muir.

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Mon Jun 19 00:20:15 UTC 2017

  Modified Files:
          pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh

  Log Message:
  Add comments questioning many things

  Describe issues with touching the config file and the spurious
  directory check surrounding ca-certificates.crt.

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Mon Jun 19 00:32:38 UTC 2017

  Modified Files:
          pkgsrc/security/mozilla-rootcerts: Makefile
          pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh

  Log Message:
  Rationalize directory handling around ca-certificates.crt

  Now, ca-certificates.crt is always in the main certs dir, because we
  have been careful about builtin vs pkgsrc paths.  So the directory
  must exist (because it was checked earlier).  Instead, check for the
  ca-certificates.crt file existing.  Add more questioning comments.

  Based on a patch by J. Lewis Muir.

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Mon Jun 19 00:37:48 UTC 2017

  Modified Files:
          pkgsrc/security/mozilla-rootcerts: Makefile
          pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh

  Log Message:
  Revert touching of openssl config file

  Earlier, code was added to "touch $conffile" to work around openssl
  issuing a warning if openssl.conf was not present.  This is
  problematic because if the warning is appropriate, 1) we have no way
  of knowing that an empty config file is correct and 2) we should not
  silence it.  If the warning is buggy, then openssl and/or the base
  system should be fixed.  Further, this code changes the modification
  date of the config file on every run, even when there is a valid
  config file.

  (There was no discussion prior, three objections and no concurrences,
  and no response, so reverting seems ok.)

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Mon Jun 19 00:39:53 UTC 2017

  Modified Files:
          pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh

  Log Message:
  Adjust comments around ca-certificates.crt

  (Ride earlier PKGREVISION.)

(bsiegert)

Added www/py-hyperlink version 17.2.1; Updated net/py-twisted, devel/py-txaio, www/py-autobahn

(adam)

17.6.1
new: allow components to pass WebSocket/RawSocket options
fix: register/subscribe decorators support different URI syntax from what session.register and session.subscribe support
new: allow for standard Crossbar a.c..d style pattern URIs to be used with Pattern
new: dynamic authorizer example
new: configurable log level in ApplicationRunner.run for asyncio
fix: forward reason of hard dropping WebSocket connection in wasNotCleanReason

(adam)

2.8.0:
fix: asyncio - remove the hacks for "simulating" chained futures (no longer works - cpy36 has native code for future)
new: run CI on Python 3.5 and 3.6

(adam)

Pullup ticket #5483 - requested by sevan
net/ndpi: SunOS build fix

Revisions pulled up:
- net/ndpi/Makefile                                            1.3
- net/ndpi/distinfo                                            1.3
- net/ndpi/patches/patch-src_include_ndpi__includes.h          1.1

---
  Module Name:    pkgsrc
  Committed By:  fhajny
  Date:          Thu Jun 15 10:06:39 UTC 2017

  Modified Files:
          pkgsrc/net/ndpi: Makefile distinfo
  Added Files:
          pkgsrc/net/ndpi/patches: patch-src_include_ndpi__includes.h

  Log Message:
  Fix ndpi build on SunOS.

(bsiegert)

Pullup ticket #5486 - requested by sevan
textproc/expat: security fix

Revisions pulled up:
- textproc/expat/Makefile                                      1.34
- textproc/expat/distinfo                                      1.27
- textproc/expat/patches/patch-configure                        1.1
- textproc/expat/patches/patch-configure.ac                    1.1

---
  Module Name:    pkgsrc
  Committed By:  spz
  Date:          Sun Jun 18 06:01:33 UTC 2017

  Modified Files:
          pkgsrc/textproc/expat: Makefile distinfo
  Added Files:
          pkgsrc/textproc/expat/patches: patch-configure patch-configure.ac

  Log Message:
  update of expat from 2.2.0 to 2.2.1 (mostly security fixes and cleanup)

  Security issues fixed:
  CVE-2017-9233, CVE-2016-9063, improve fix for CVE-2016-5300

  fixed regression from fix to CVE-2016-0718

  Cleanup: Drop AmigaOS 4.x, Borland C++ Builder, OpenVMS, Open Watcom,
  Visual Studio 6.0 and Pre-X Mac OS support

(bsiegert)

Twisted 17.5.0:

Bugfixes:

spawnProcess no longer opens an unwanted console on Windows
The transition to the hyperlink package adds IPv6 support to twisted.python.url.URL. This is now deprecated and new code should use hyperlink directly
twisted.logger now buffers only 200 events by default (reduced from 65536) while waiting for observers to be configured.
The transition of twisted.python.url to using the hyperlink package enables a URL.click() with no arguments (or 0-length string argument) to resolve dot segments in the path.
twisted.protocols.finger now works on Python 3.
TLS-related tests now pass when run with OpenSSL 1.1.0. This makes tests pass again on macOS and Windows, as cryptography 1.8 and later include OpenSSL 1.1.0.
UNIX socket endpoints now process all messages from recvmsg's ancillary data via twisted.internet.unix.Server.doRead/twisted.internet.unix.Client.doRead, while discarding and logging ones that don't contain file descriptors.
twisted.internet.endpoints.HostnameEndpoint and twisted.web.client.Agent work again with reactors that do not provide IReactorPluggableNameResolver. This undoes the changes that broke downstream users such as treq.testing. Note that passing reactors that do not provide IReactorPluggableNameResolver to either is deprecated.
A Python 3 Perspective Broker server which receives a remote call with keyword arguments from a Python 2 client will now decode any keys which are binary to strings instead of crashing. This fixes interoperability between Python 2 Buildbot clients and Python 3 Buildbot servers.
twisted.internet._threadedselect now works on both Python 2 and 3.
twisted.internet.interfaces.IResolverSimple implementers will now always be passed bytes, properly IDNA encoded if required, on Python 2. On Python 3, they will now be passed correctly IDNA-encoded Unicode forms of the domain, taking advantage of the idna library from PyPI if possible. This is to avoid Python's standard library (which has an out of date idna module) from mis- encoding domain names when non-ASCII Unicode is passed to it.

(adam)

The humble, but powerful, URL runs everything around us. Chances are you've
used several just to read this text.

Hyperlink is a featureful, pure-Python implementation of the URL, with
an emphasis on correctness.

(adam)

Pullup ticket #5484 - requested by sevan
multimedia/adobe-flash-player: security fix

Revisions pulled up:
- multimedia/adobe-flash-player/Makefile                        1.5
- multimedia/adobe-flash-player/distinfo                        1.5

---
  Module Name:    pkgsrc
  Committed By:  tsutsui
  Date:          Fri Jun 16 16:53:55 UTC 2017

  Modified Files:
          pkgsrc/multimedia/adobe-flash-player: Makefile distinfo

  Log Message:
  Update adobe-flash-player to 26.0.0.131.

  Upstream announcemnt:

  26.0.0.131:

    https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html

  June 16, 2017

  Flash Player

  * Buttons can't be clicked in some AS2 content (FP-4198473)

  ---

  26.0.0.126:

    https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

  Adobe Security Bulletin

  Security updates available for Flash Player | APSB17-17

  Summary

  Adobe has released security updates for Adobe Flash Player for Windows,
    Macintosh, Linux and Chrome OS. These updates address critical
  vulnerabilities that could potentially allow an attacker to take
  control of the affected system.

  (CVE numbers are now in HTML table as details so not copy-n-paste'd to
    commit log)

(bsiegert)

Pullup ticket #5482 - requested by sevan
devel/gmp: build fix

Revisions pulled up:
- devel/gmp/distinfo                                            1.53-1.54
- devel/gmp/patches/patch-ab                                    deleted
- devel/gmp/patches/patch-acinclude.m4                          1.1

---
  Module Name:    pkgsrc
  Committed By:  msaitoh
  Date:          Thu Jun 15 04:11:50 UTC 2017

  Modified Files:
          pkgsrc/devel/gmp: distinfo
  Added Files:
          pkgsrc/devel/gmp/patches: patch-acinclude.m4
  Removed Files:
          pkgsrc/devel/gmp/patches: patch-ab

  Log Message:
    Fix PR pkg/51788(fails in configure phase). Use calloc() instead of
  malloc().
  This bug was observed with "ln -s J /etc/malloc.conf"

---
  Module Name:    pkgsrc
  Committed By:  msaitoh
  Date:          Thu Jun 15 04:12:32 UTC 2017

  Modified Files:
          pkgsrc/devel/gmp: distinfo

  Log Message:
  Fix distinfo.

(bsiegert)

Pullup ticket #5481 - requested by sevan
net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.122
- net/tor/distinfo                                              1.82

---
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Wed Jun 14 16:16:04 UTC 2017

  Modified Files:
          pkgsrc/net/tor: Makefile distinfo

  Log Message:
  Updated tor to 0.3.0.8.

  Changes in version 0.3.0.8 - 2017-06-08
    Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
    remotely crash a hidden service with an assertion failure. Anyone
    running a hidden service should upgrade to this version, or to some
    other version with fixes for TROVE-2017-004 and TROVE-2017-005.

    Tor 0.3.0.8 also includes fixes for several key management bugs
    that sometimes made relays unreliable, as well as several other
    bugfixes described below.

    o Major bugfixes (hidden service, relay, security, backport
      from 0.3.1.3-alpha):
      - Fix a remotely triggerable assertion failure when a hidden service
        handles a malformed BEGIN cell. Fixes bug 22493, tracked as
        TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
      - Fix a remotely triggerable assertion failure caused by receiving a
        BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
        22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
        on 0.2.2.1-alpha.

    o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
      - When performing the v3 link handshake on a TLS connection, report
        that we have the x509 certificate that we actually used on that
        connection, even if we have changed certificates since that
        connection was first opened. Previously, we would claim to have
        used our most recent x509 link certificate, which would sometimes
        make the link handshake fail. Fixes one case of bug 22460; bugfix
        on 0.2.3.6-alpha.

    o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
      - Regenerate link and authentication certificates whenever the key
        that signs them changes; also, regenerate link certificates
        whenever the signed key changes. Previously, these processes were
        only weakly coupled, and we relays could (for minutes to hours)
        wind up with an inconsistent set of keys and certificates, which
        other relays would not accept. Fixes two cases of bug 22460;
        bugfix on 0.3.0.1-alpha.
      - When sending an Ed25519 signing->link certificate in a CERTS cell,
        send the certificate that matches the x509 certificate that we
        used on the TLS connection. Previously, there was a race condition
        if the TLS context rotated after we began the TLS handshake but
        before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
        on 0.3.0.1-alpha.

    o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
      - Stop rejecting v3 hidden service descriptors because their size
        did not match an old padding rule. Fixes bug 22447; bugfix on
        tor-0.3.0.1-alpha.

    o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
      - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
        December 2016 (of which ~126 were still functional) with a list of
        151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
        2017. Resolves ticket 21564.

    o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
      - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
        bug 22252; bugfix on 0.2.9.3-alpha.

    o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
      - Avoid undefined behavior when parsing IPv6 entries from the geoip6
        file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

    o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
      - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
        months, and regenerate it when it is within one month of expiring.
        Previously, we had generated this certificate at startup with a
        ten-year lifetime, but that could lead to weird behavior when Tor
        was started with a grossly inaccurate clock. Mitigates bug 22466;
        mitigation on 0.3.0.1-alpha.

    o Minor bugfixes (memory leak, directory authority, backport from
      0.3.1.2-alpha):
      - When directory authorities reject a router descriptor due to
        keypinning, free the router descriptor rather than leaking the
        memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

(bsiegert)

Pullup ticket #5480 - requested by sevan
net/hping3: build fix

Revisions pulled up:
- net/hping3/Makefile                                          1.8
- net/hping3/distinfo                                          1.5
- net/hping3/options.mk                                        1.2
- net/hping3/patches/patch-aa                                  1.2
- net/hping3/patches/patch-ab                                  1.3
- net/hping3/patches/patch-ac                                  1.3
- net/hping3/patches/patch-ars.c                                1.1
- net/hping3/patches/patch-ars.h                                1.1
- net/hping3/patches/patch-gethostname.c                        1.1
- net/hping3/patches/patch-libpcap__stuff.c                    1.1
- net/hping3/patches/patch-sbignum.c                            1.1
- net/hping3/patches/patch-sendip.c                            1.1

---
  Module Name:    pkgsrc
  Committed By:  jperkin
  Date:          Wed Jun 14 12:17:30 UTC 2017

  Modified Files:
          pkgsrc/net/hping3: Makefile distinfo options.mk
          pkgsrc/net/hping3/patches: patch-aa patch-ab patch-ac
  Added Files:
          pkgsrc/net/hping3/patches: patch-ars.c patch-ars.h
  patch-gethostname.c
              patch-libpcap__stuff.c patch-sbignum.c patch-sendip.c

  Log Message:
  Various patches and cleanups to fix build on Darwin and SunOS.

(bsiegert)

Pullup ticket #5479 - requested by sevan
net/dnstracer: build fix

Revisions pulled up:
- net/dnstracer/Makefile                                        1.18
- net/dnstracer/distinfo                                        1.8
- net/dnstracer/patches/patch-Makefile                          1.1

---
  Module Name:    pkgsrc
  Committed By:  jperkin
  Date:          Wed Jun 14 09:30:20 UTC 2017

  Modified Files:
          pkgsrc/net/dnstracer: Makefile distinfo
  Added Files:
          pkgsrc/net/dnstracer/patches: patch-Makefile

  Log Message:
  Fix build on Darwin and SunOS.

(bsiegert)

Pullup ticket #5478 - requested by sevan
textproc/libxml2: security fix

Revisions pulled up:
- textproc/libxml2/Makefile                                    1.144
- textproc/libxml2/distinfo                                    1.115
- textproc/libxml2/patches/patch-valid.c                        1.1

---
  Module Name:    pkgsrc
  Committed By:  maya
  Date:          Sun Jun 11 04:40:53 UTC 2017

  Modified Files:
          pkgsrc/textproc/libxml2: Makefile distinfo
  Added Files:
          pkgsrc/textproc/libxml2/patches: patch-valid.c

  Log Message:
  libxml2: Apply upstream patch for CVE-2017-5969.
  (Minor issue, only a denial-of-service when using recover mode)

  bump PKGREVISION

(bsiegert)

PLIST.Darwin is not needed any more

(adam)

openvpn 2.4.3, please, as it fixes a number of critical security issues.

(maya)

Find -ljpeg on Linux (and probably others).

(schmonz)

Bump revision due to change of PKGPATH of depending rails components' packages.

(taca)

Note update of www/squidGuard package to 1.4nb13.

(taca)

Apply content of squidGuard-1.4-patch-20150201 via patches.

Bump PKGREVISION.

(taca)

Note update of mail/squirrelmail package to 1.4.23pre14688.

(taca)

Update squirrelmail to 1.4.23pre14688.

Note: CVE-2017-7692 is already fixed by 1.4.23pre14605nb1.

- compose_send hook now has $draft flag in hook arguments
- Fixed insufficient sendmail command argument escaping (thanks
  to Mitchel Sahertian, Beyond Security/Dawid Golunski and Filippo
  Cavallarin for bringing this to our attention). [CVE-2017-7692]
- Upgraded preferences for the delete_move_next plugin.  Automatic
  user preference updates are included, but note that if your
  installation is new, or all user prefs have been converted from
  "on"/"off" to 0/1 then you can add the following to SquirrelMail's
  config/config_local.php to avoid convertign legacy values over and over:
      $do_not_convert_delete_move_next_legacy_preferences = TRUE;
- Added ability to control the display of the "Check Spelling"
  button provided by the squirrelspell plugin, which allows
  administrators to offer this plugin but keep it out of the way
  for users who do not want it. Put sqspell_show_button=0 in
  default preferences if it should be hidden by default

(taca)

Note remove of devel/ruby-dotenv package.

(taca)

Remove ruby-dotenv package.  it was required by ruby-celluloid but it dose
not any more.

(taca)

Delete ruby-dotenv.

(taca)

Fix test conditional in pre-configure rule.

(taca)

Note update of www/thin package to 1.7.1.

(taca)

Update thin to 1.7.1.

== 1.7.1 Muffin Mode
* Ruby 2.4 support (Fixnum deprecation) [nimish-mehta]
* Allow ERB templates in config files [markets]

(taca)

Note update of www/ruby-capybara package to 2.14.3.

(taca)

Update ruby-capybara to 2.14.3.

# Version 2.14.3

Release date: 2017-06-15

### Fixed

* Minitest assertions now raise the correct error type - Issue #1879
  [Thomas Walpole]
* Improve flexibility of detecting Chrome headless mode [Thomas Walpole]

(taca)