Updated devel/nss to 3.31

(ryoon)

Update to 3.31

Changelog:
New functionality:
==================
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
  status in a thread safe way.

New Functions:
==============
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
  certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
  certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
  URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
  information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.

New Macros:
===========
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
  in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
  in RFC7512.

Notable Changes:
================
* The APIs that set a TLS version range have been changed to trim the requested
  range to the overlap with a systemwide crypto policy, if configured.
  SSL_VersionRangeGetSupported can be used to query the overlap between the
  library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
  failure if the requested version range wasn't fully allowed by the systemwide
  crypto policy. They have been changed to return success, if at least one TLS
  version overlaps between the requested range and the systemwide policy. An
  application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
  query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
  certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
  /dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
  time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.

The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.

(ryoon)

Updated databases/mongo-c-driver to 1.6.3

(fhajny)

Update databases/mongo-c-driver to 1.6.3.

mongo-c-driver 1.6.3
- mongoc_client_pool_t did not apply all TLS options to pooled connections
- SNI wasn't provided when allow_invalid_hostname is set

mongo-c-driver 1.6.2
- This release further improves HP-UX compatibility, especially when building
  with CMake, adds missing Windows SSPI files to the distribution tarball, and
  fixes distribution issues we introduced when porting the documentation from
  Mallard to Sphinx.

mongo-c-driver 1.6.1
- Correct the rules to parse localThresholdMS option from the MongoDB URI.
- Prevent crash in mongoc_cursor_destroy if "query" or "filter" are invalid.
- Include a file, mongoc-cluster-sspi.c, that had been omitted from the
  release archive.
- Fix logic bugs in mongoc_bulk_operation_t validation code.

mongo-c-driver 1.6.0
- Enterprise authentication on Windows now uses the native GSSAPI library;
  Cyrus SASL is no longer required for enterprise auth on Windows.
- BSON documents are more thoroughly validated before insert or update.
- New function mongoc_uri_set_mechanism_properties to replace all the
  authMechanismProperties on an existing URI.
- mongoc_uri_get_mechanism_properties asserts its inputs are not NULL.
- For consistency with other MongoDB drivers, mongoc_collection_save is
  deprecated in favor of mongoc_collection_insert or mongoc_collection_update.
- The driver is now built and continuously tested with MinGW-W64 on Windows.
- Experimental support for HPUX.
- The correct operation ids are now passed to Command Monitoring callbacks.
- Fix a crash if the driver couldn't connect to the server to create an index.
- The documentation is ported from Mallard XML to ReStructured Text, the
  HTML documentation is restyled, and numerous man page syntax errors fixed.
- Getter functions for options in mongoc_find_and_modify_opts_t:
  * mongoc_find_and_modify_opts_get_bypass_document_validation
  * mongoc_find_and_modify_opts_get_fields
  * mongoc_find_and_modify_opts_get_flags
  * mongoc_find_and_modify_opts_get_max_time_ms
  * mongoc_find_and_modify_opts_get_sort
  * mongoc_find_and_modify_opts_get_update
- All public functions now have the __cdecl calling convention on Windows.

mongo-c-driver 1.5.5
- This release fixes bugs parsing the localThresholdMS option from the MongoDB
  URI, and a crash in mongoc_cursor_destroy if "query" or "filter" are
  invalid.

mongo-c-driver 1.5.4
- This release fixes an error in cursor iteration when a readConcern is set.

(fhajny)

Updated devel/libbson to 1.6.3

(fhajny)

Update devel/libbson to 1.6.3.

libbson-1.6.3
- No change since 1.6.2; released to keep pace with libmongoc's
  version.

libbson-1.6.2
- This release further improves HP-UX compatibility, especially when
  building with CMake, and fixes some distribution issues we
  introduced when porting the documentation from Mallard to Sphinx.

Libbson-1.6.1
- This is a bugfix release that resolves GCC 7 compiler warnings,
  improves HP-UX compatibility, and avoids a test failure from
  launching too many threads on 32-bit MIPS.

Libbson-1.6.0
- Use jsonsl instead of libyajl as our JSON parsing library, parse
  JSON more strictly, fix minor parsing bugs.
- Extended JSON documents like '{"$code": "...", "$scope": {}}' are
  now parsed into BSON "code" elements.
- ISO8601 dates now allow years from 0000 to 9999 inclusive. Before,
  years before 1970 were prohibited.
- BSON floats and ints are now distinguished in JSON output.
- The library is now built and continuously tested with MinGW-W64 on
  Windows.
- The documentation is ported from Mallard XML to ReStructured Text,
  the HTML documentation is restyled, and numerous man page syntax
  errors fixed.
- All public functions now have the __cdecl calling convention on
  Windows.

(fhajny)

Note update of graphics/ImageMagick6 to 6.9.8.10.

(he)

Upgrade to ImageMagick6 version 6.9.8-10.

Upstream changes:

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-10, GIT revision 11637:eb6f363:20170610.

2017-06-10  6.9.8-10 Cristy  <quetzlzacatenango@image...>
  * Introduce SetMagickSecurityPolicy() (MagickCore) and
    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
    policy (reference https://github.com/ImageMagick/ImageMagick/issues/407).

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-9, GIT revision 11625:91bb35e:20170602.

2017-06-02  6.9.8-9 Cristy  <quetzlzacatenango@image...>
  * Fix choppy bitmap font rendering (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32071).
  * Add support for 'hex:' property.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-8, GIT revision 11606:8b67333:20170528.

2017-05-28  6.9.8-8 Cristy  <quetzlzacatenango@image...>
  * Transient error validating the JPEG-2000 image format (reference
    https://github.com/ImageMagick/ImageMagick/issues/501).
  * Properly allocate DCM image colormap (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32063).

2017-05-26  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-7, GIT revision 11598:07d1dee:20170526.

2017-05-23  6.9.8-7 Cristy  <quetzlzacatenango@image...>
  * Improper allocation of memory for IM instances without threads (reference
          https://github.com/ImageMagick/ImageMagick/issues/497).
  * Delete corrupt image from list (reference
    https://github.com/ImageMagick/ImageMagick/issues/500).

2017-05-19  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.8-6, GIT revision 11590:7ce2d38:20170519.

2017-05-15  6.9.8-6 Cristy  <quetzlzacatenango@image...>
  * Support various image operators for the compare utility (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=31938).

(he)

Note update of graphics/ImageMagick to 7.0.6.0.

(he)

Updated ImageMagick to 7.0.6.0.

2017-06-10  7.0.6-0 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.6-0, GIT revision 20194:b0c0d00:20170611.

2017-06-10  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * coders/png.c: Accept exIf chunks whose data segment
    erroneously begins with "Exif\0\0".

2017-06-10  7.0.6-0 Cristy  <quetzlzacatenango@image...>
  * Introduce SetMagickSecurityPolicy() (MagickCore) and
    MagickSetSecurityPolicy() (MagickWand) to set the ImageMagick security
    policy (reference https://github.com/ImageMagick/ImageMagick/issues/407).

2017-06-02  7.0.5-10 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 7.0.5-10, GIT revision 20155:38ebc02:20170602.

2017-06-01  7.0.5-10 Glenn Randers-Pehrson <glennrp@image...>
  * Removed experimental PNG zxIF chunk support; the proposal is dead.

2017-06-01  7.0.5-10 Cristy  <quetzlzacatenango@image...>
  * Fix choppy bitmap font rendering (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32071).
  * The +opaque option is not longer a noop (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32081).
  * Add support  for 'hex:' property.

(he)

Match NetBSD-{7,8,9} / x86 for newer ATI driver.

(maya)

Fix build on Darwin and SunOS.

(jperkin)

Updated net/nmap to 7.50

(adam)

Nmap 7.50

o [Windows] Updated the bundled Npcap from 0.78 to 0.91, with several bugfixes
  for WiFi connectivity problems and stability issues. [Daniel Miller, Yang Luo]

o Integrated all of your service/version detection fingerprints submitted from
  September to March (855 of them). The signature count went up 2.9% to 11,418.
  We now detect 1193 protocols from apachemq, bro, and clickhouse to jmon,
  slmp, and zookeeper. Highlights: http://seclists.org/nmap-dev/2017/q2/140

o [NSE] Added 14 NSE scripts from 12 authors, bringing the total up to 566!
  They are all listed at https://nmap.org/nsedoc/, and the summaries are below:

o [Ncat] A series of changes and fixes based on feedback from the Red Hat community:

o [NSE][GH-266][GH-704][GH-238][GH-883] NSE libraries smb and msrpc now use
  fully qualified paths. SMB scripts now work against all modern versions
  of Microsoft Windows. [Paulino Calderon]

o [NSE] smb library's share_get_list now properly uses anonymous connections
  first before falling back authenticating as a known user.

o New service probes and matches for Apache HBase and Hadoop MapReduce.
  [Paulino Calderon]

o Extended Memcached service probe and added match for Apache ZooKeeper.
  [Paulino Calderon]

o [NSE] New script argument "vulns.short" will reduce vulns library script
  output to a single line containing the target name or IP, the vulnerability
  state, and the CVE ID or title of the vulnerability. [Daniel Miller]

o [NSE][GH-862] SNMP scripts will now take a community string provided like
  `--script-args creds.snmp=private`, which previously did not work because it
  was interpreted as a username. [Daniel Miller]

o [NSE] Resolved several issues in the default HTTP redirect rules:
    - [GH-826] A redirect is now cancelled if the original URL contains
      embedded credentials
    - [GH-829] A redirect test is now more careful in determining whether
      a redirect destination is related to the original host
    - [GH-830] A redirect is now more strict in avoiding possible redirect
      loops
  [nnposter]

o [NSE][GH-766] The HTTP Host header will now include the port unless it is
  the default one for a given scheme. [nnposter]

o [NSE] The HTTP response object has a new member, fragment, which contains
  a partially received body (if any) when the overall request fails to
  complete. [nnposter]

o [NSE][GH-866] NSE now allows cookies to have arbitrary attributes, which
  are silently ignored (in accordance with RFC 6265). Unrecognized attributes
  were previously causing HTTP requests with such cookies to fail. [nnposter]

o [NSE][GH-844] NSE now correctly parses a Set-Cookie header that has unquoted
  whitespace in the cookie value (which is allowed per RFC 6265). [nnposter]

o [NSE][GH-731] NSE is now able to process HTTP responses with a Set-Cookie
  header that has an extraneous trailing semicolon. [nnposter]

o [NSE][GH-708] TLS SNI now works correctly for NSE HTTP requests initiated
  with option any_af. As an added benefit, option any_af is now available for
  all connections via comm.lua, not just HTTP requests. [nnposter]

o [NSE][GH-781] There is a new common function, url.get_default_port(),
  to obtain the default port number for a given scheme. [nnposter]

o [NSE][GH-833] Function url.parse() now returns the port part as a number,
  not a string. [nnposter]

o No longer allow ICMP Time Exceeded messages to mark a host as down during
  host discovery. Running traceroute at the same time as Nmap was causing
  interference. [David Fifield]

o [NSE][GH-807] Fixed a JSON library issue that was causing long integers
  to be expressed in the scientific/exponent notation. [nnposter]

o [NSE] Fixed several potential hangs in NSE scripts that used
  receive_buf(pattern), which will not return if the service continues to send
  data that does not match pattern. A new function in match.lua, pattern_limit,
  is introduced to limit the number of bytes consumed while searching for the
  pattern. [Daniel Miller, Jacek Wielemborek]

o [Nsock] Handle any and all socket connect errors the same: raise as an Nsock
  error instead of fatal. This prevents Nmap and Ncat from quitting with
  "Strange error from connect:" [Daniel Miller]

o [NSE] Added several commands to redis-info to extract listening addresses,
  connected clients, active channels, and cluster nodes. [Vasiliy Kulikov]

o [NSE][GH-679][GH-681] Refreshed script http-robtex-reverse-ip, reflecting
  changes at the source site (www.robtex.com). [aDoN]

o [NSE][GH-620][GH-715] Added 8 new http-enum fingerprints for Hadoop
  infrastructure components. [Thomas Debize, Varunram Ganesh]

o [NSE][GH-629] Added two new fingerprints to http-default-accounts
  (APC Management Card, older NetScreen ScreenOS) [Steve Benson, nnposter]

o [NSE][GH-716] Fix for oracle-tns-version which was sending an invalid TNS
  probe due to a string escaping mixup. [Alexandr Savca]

o [NSE][GH-694] ike-version now outputs information about supported attributes
  and unknown vendor ids. Also, a new fingerprint for FortiGate VPNs was
  submitted by Alexis La Goutte. [Daniel Miller]

o [GH-700] Enabled support for TLS SNI on the Windows platform. [nnposter]

o [GH-649] New service probe and match lines for the JMON and RSE services of
  IBM Explorer for z/OS. [Soldier of Fortran]

o Removed a duplicate service probe for Memcached added in 2011 (the original
  probe was added in 2008) and reported as duplicate in 2013 by Pavel Kankovsky.

o New service probe and match line for NoMachine NX Server remote desktop.
  [Justin Cacak]

o [Zenmap] Fixed a recurring installation problem on OS X/macOS where Zenmap
  was installed to /Applications/Applications/Zenmap.app instead of
  /Applications/Zenmap.app.

o [Zenmap][GH-639] Zenmap will no longer crash when no suitable temporary
  directory is found. Patches contributed by [Varunram Ganesh] and [Sai Sundhar]

o [Zenmap][GH-626] Zenmap now properly handles the -v0 (no output) option,
  which was added in Nmap 7.10. Previously, this was treated the same as not
  specifying -v at all. [lymanZerga11]

o [GH-630] Updated or removed some OpenSSL library calls that were deprecated
  in OpenSSL 1.1. [eroen]

o [NSE] Script ssh-hostkey now recognizes and reports Ed25519 keys [nnposter]

o [NSE][GH-627] Fixed script hang in several brute scripts due to the "threads"
  script-arg not being converted to a number. Error message was
  "nselib/brute.lua:1188: attempt to compare number with string" [Arne Beer]

(adam)

Updated www/tidy to 5.4.0

(adam)

5.4.0:
Bug fixes

(adam)

Updated www/curl to 7.54.1

(adam)

Changes 7.54.1:
curl: show the libcurl release date in --version output

Bugfixes:
CVE-2017-9502: default protocol drive letter buffer overflow
openssl: fix memory leak in servercert
tests: remove the html and PDF versions from the tarball
mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
typecheck-gcc: handle function pointers properly
llist: no longer uses malloc
gnutls: removed some code when --disable-verbose is configured
lib: fix maybe-uninitialized warnings
multi: clarify condition in curl_multi_wait
schannel: Don't treat encrypted partial record as pending data
configure: fix the -ldl check for openssl, add -lpthread check
configure: accept -Og and -Ofast GCC flags
Makefile: avoid use of GNU-specific form of $<
if2ip: fix -Wcast-align warning
configure: stop prepending to LDFLAGS, CPPFLAGS
curl: set a 100K buffer size by default
typecheck-gcc: fix _curl_is_slist_info
nss: do not leak PKCS 11 slot while loading a key
nss: load libnssckbi.so if no other trust is specified
examples: ftpuploadfrommem.c
url: declare get_protocol_family() static
examples/cookie_interface.c: changed to example.com
test1443: test --remote-time
curl: use utimes instead of obsolescent utime when available
url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
curl_rtmp: fix missing-variable-declarations warnings
tests: fixed OOM handling of unit tests to abort test
curl_setup: Ensure no more than one IDN lib is enabled
tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
curl: non-boolean command line args reject --no- prefixes
telnet: Write full buffer instead of byte-by-byte
typecheck-gcc: add missing string options
typecheck-gcc: add support for CURLINFO_SOCKET
opt man pages: they all have examples now
curl_setup_once: use SEND_QUAL_ARG2 for swrite
test557: set a known good numeric locale
schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT
tests/server: make string literals const
runtests: use -R for random order
unit1305: fix compiler warning
curl_slist_append.3: clarify a NULL input creates a new list
tests/server: run checksrc by default in debug-builds
tests: fix -Wcast-qual warnings
runtests.pl: simplify the datacheck read section
curl: remove --environment and tool_writeenv.c
buildconf: fix hang on IRIX
tftp: silence bad-function-cast warning
asyn-thread: fix unused macro warnings
tool_parsecfg: fix -Wcast-qual warning
sendrecv: fix MinGW-w64 warning
test537: use correct variable type
rand: treat fake entropy the same regardless of endianness
curl: generate the --help output
tests: removed redundant --trace-ascii arguments
multi: assign IDs to all timers and make each timer singleton
multi: use a fixed array of timers instead of malloc
mbedtls: Support server renegotiation request
pipeline: fix mistakenly trying to pipeline POSTs
lib510: don't write past the end of the buffer if it's too small
CURLOPT_HTTPPROXYTUNNEL.3: clarify, add example
SecureTransport/DarwinSSL: Implement public key pinning
curl.1: clarify --config
curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLM
darwinssl: Fix exception when processing a client-side certificate
curl.1: mention --oauth2-bearer's argument
mkhelp.pl: do not add current time into curl binary
asiohiper.cpp / evhiperfifo.c: deal with negative timerfunction input
ssh: fix memory leak in disconnect due to timeout
tests: stabilize test 1034
cmake: auto detection of CURL_CA_BUNDLE/CURL_CA_PATH
assert: avoid, use DEBUGASSERT instead
LDAP: using ldap_bind_s on Windows with methods
redirect: store the "would redirect to" URL when max redirs is reached
winbuild: fix the nghttp2 build
examples: fix -Wimplicit-fallthrough warnings
time: fix type conversions and compiler warnings
mbedtls: fix variable shadow warning
test557: fix ubsan runtime error due to int left shift
transfer: init the infilesize from the postfields
docs: clarify NO_PROXY further
build-wolfssl: Sync config with wolfSSL 3.11
curl-compilers.m4: enable -Wshift-sign-overflow for clang
example/externalsocket.c: make it use CLOSESOCKETFUNCTION too
lib574.c: use correct callback proto
lib583: fix compiler warning
curl-compilers.m4: fix compiler_num for clang
typecheck-gcc.h: separate getinfo slist checks from other pointers
typecheck-gcc.h: check CURLINFO_TLS_SSL_PTR and CURLINFO_TLS_SESSION
typecheck-gcc.h: check CURLINFO_CERTINFO
build: provide easy code coverage measuring
test1537: dedicated tests of the URL (un)escape API calls
curl_endian: remove unused functions
test1538: verify the libcurl strerror API calls
MD(4|5): silence cast-align clang warning
dedotdot: fixed output for ".." and "." only input
cyassl: define build macros before including ssl.h
updatemanpages.pl: error out on too old git version
curl_sasl: fix unused-variable warning
x509asn1: fix implicit-fallthrough warning with GCC 7
libtest: fix implicit-fallthrough warnings with GCC 7
BINDINGS: add Ring binding
curl_ntlm_core: pass unsigned char to toupper
test1262: verify ftp download with -z for "if older than this"
test1521: test all curl_easy_setopt options
typecheck-gcc: allow CURLOPT_STDERR to be NULL too
metalink: remove unused printf() argument
file: make speedcheck use current time for checks
configure: fix link with librtmp when specifying path
examples/multi-uv.c: fix deprecated symbol
cmake: Fix inconsistency regarding mbed TLS include directory
setopt: check CURLOPT_ADDRESS_SCOPE option range
gitignore: ignore all vim swap files
urlglob: fix division by zero
libressl: OCSP and intermediate certs workaround no longer needed

(adam)

dtc: invokes flex, add it to USE_TOOLS

>From SmartOS bulk build.

(maya)

Updated cad/gtkwave to 3.3.81

(mef)

Udated cad/gtkwave to 3.3.81
----------------------------
3.3.81  09jun17 Added max_fsdb_trees environment variable.
                Fixed -C option so it is persistent across new tabs.
                Integrated updated GHW reader code.

(mef)

Note update of bearssl to 0.4

(agc)

Update bearssl from version 0.3 to version 0.4

Changes from previous version:

+ New AES and GHASH implementations for POWER8 processors (provides
AES/GCM at more than 2 gigabytes per second!).

+ Improved GHASH implementation with AES-NI opcodes (pclmulqdq).

+ New Poly1305 implementation with 64 -> 128 multiplications,
available on some 64-bit architectures.

+ New "i62" big-integer code with 64 -> 128 multiplications, available
on some 64-bit architectures (RSA is much faster).

+ Some mostly cosmetic patches to support very old systems (BearSSL
now compiles and run on Debian 2.2 "potato" from 2000, with GCC
2.95).

(agc)

Pullup tickets #5471 and #5472.

(bsiegert)

Pullup ticket #5472 - requested by sevan
security/libksba: bugfix

Revisions pulled up:
- security/libksba/Makefile                                    1.34
- security/libksba/distinfo                                    1.22
- security/libksba/patches/patch-src_cms.c                      1.1

---
  Module Name:    pkgsrc
  Committed By:  gdt
  Date:          Tue May 30 22:40:17 UTC 2017

  Modified Files:
          pkgsrc/security/libksba: Makefile distinfo
  Added Files:
          pkgsrc/security/libksba/patches: patch-src_cms.c

  Log Message:
  Add patch to resolve gpgsm S/MIME failures

  S/MIME messages encrypted with gpgsm are sometimes not decodable by
  other implementations.  Discussion on gnupg-devel indicates that gpg
  (via libksba) is incorrectly dropping leading zeros from the encrypted
  session key.  This commit adds a patch by Daiki Ueno from the
  mailinglist that appears to improve interoperability.  Upstream has
  not yet applied it, but also has not said that it is wrong.

(bsiegert)

Updated lang/qore to 0.8.12.10

(nros)

Update qore to version 0.8.12.10.

Changelog from release notes:

New Features since Qore 0.8.12.4:
* added the SalesforceRestClient module for communicating with
  Salesforce.com using the REST APIs
* module SqlUtil
    -has support for native default values in tables
    (issue 1428)
    -has support for Oracle named types (eg. spatial types) for
    Schema.qm and SchemaReverse.qm. (issue 1465)

Bug Fixes since Qore 0.8.12.4:
* module fixes:
    -FixedLengthUtil: fixes and improvements to errors and
    exceptions (issue 1828)
    -HttpServerUtil: eliminated excess logging of all HTTP
    chunks sent and received (issue 1832)
    -PgsqlSqlUtil: fixed a bug in setting a comment for a
    table column (issue 1886)
    -SqlUtil: fixed a bug in the offset query hash argument
    in SQL operation methods (issue 1880), fixed a bug
    that prohibited only columns from the main query to be
    selected when joins are used (issue 1909)
    -TableMapper: fixed a bug in flush messages in the
    InboundTableMapper class (issue 1849)
* fixed a bug that could cause spurious parse-time exceptions
  to be thrown when matching call variants with multiple
  return types for the same callable object (issue 1928)
* fixed the process return code in the output reference in
  backquote() on Unix/Linux platforms (issue 1884)
* fixed a bug where connections were not immediately released
  back to the DatasourcePool in case of an SQLSTATEMENT-ERROR
  exception (issue 1836)
* eliminated a spurious exception in the SQLStatement class in
  case of a DatasourcePool timeout (issue 1832)
* fixed a crash when the incorrect type was passed to a
  parameter declared *reference (issue 1815)
* fixed a crash when the Qore library exits caused by an error
  in handling module dependencies with injected modules
  (issue 1805)
* fixed segfault crashes caused by calling object methods with
  null pointers (issue 1791)
* added internal API support to make it easier for DBI drivers
  to handle lost connections and to allow DBI drivers that must
  close all open handles before a connection is closed
  (such as the oracle driver); due to this change, SQLStatement
  objects based on a DatasourcePool are closed automatically
  whenever the datasource is returned to the pool (issue 1250)
* implemented new parse options to revert the effect of parse
  options that affect code safety (issue 1895):
    -%correct-list-parsing
    -%correct-logic-precedence
    -%correct-int-assignments
    -%correct-operators
    -%loose-args
* fixed parse locations of strings and regexes (issue 1905)
* fixed a memory leak where references participate in recursive
  references (issue 1774)
* fixed a build issue with clang++ (issue 1768)
* fixed a memory leak in the Queue copy constructor when the
  Queue was used in other objects (such as an event queue,
  etc; issue 1749)
* Mapper module fixes:
    -fixed bugs handling the allow_dot and allow_output_dot
    options (issue 1690)
    -fixed TableMapper bugs introduced in Qore 0.8.12.7
    (issue 1754)
* fixed a memory leak in %try-module error handling (issue 1690)
* fixed a bug in trunc_str() when the string has an invalid
  multi-byte character at the end of the string and the string
  is exactly the byte width requested (issue 1693)
* fixed a bug where ReadOnlyFile::getchar() did not respect
  character semantics as documented (issue 1574)
* OracleSqlUtil module fixes:
    -fixed a bug in character_semantics for standalone column
    (issue 1688)
* Mapper module fixes:
    -fixed a bug in handling "list mode" data such as submitted by
    InboundTableMapper::queueData() (issue 1736, bug introduced
    in Qore 0.8.12.7 with the fix for issue 1626)
* SqlUtil module fixes:
    -fixed schema alignment skipping column with name "driver"
    (issue 1684)
    -fixed sqlutil schema management: functional indexes are
    rejected without () in name (issue 1610)
* TableMapper module fixes:
    -fixed a bug in handling "list mode" data with optimized
    inserts (issue 1736, bug introduced in Qore 0.8.12.7 with
    the fix for issue 1626)
* WebSocketClient module fixes:
    -added timeout values to Socket and HTTPClient calls
    (issue 1725)
* WebSocketHandler module fixes:
    -added timeout values to Socket calls (issue 1725)
* WebSocketUtil module fixes:
    -added timeout values to Socket calls (issue 1725)
* fixed a bug where a type conversion error in an lvalue
  assignment could generate a confusing unrelated runtime
  exception (issue 1697)
* fixed a bug where invalid characters in the port
  specification in a URL were ignored (issue 1728)
* fixed a bug with SSL socket communication the remote closing
  the connection during a send operation could cause the
  current thread to go into an infinite loop consuming
  100% CPU (issue 1729)
* fixed a bug in the HashListIterator class iterating hashes
  with a mix of lists and single values such as used by bulk
  DML binds; now the single values will appear as the current
  value for all list elements as per the original design
  instead of throwing a runtime exception (issue 1738)
* fixed bug in internal string generation with size_t arguments
  that could cause invalid data to be output or crashes on
  32-bit platforms (issue 1640)
* fixed a runtime memory leak and invalid runtime behavior with
  undetected recursive lvalue references (issue 1617)
* improved prompt collection performance with large graphs of
  objects by eliminating additional unnecessary graph scans,
  resulting in further large performance improvements in the
  garbage collector (issue 1363)
* improved InboundTableMapper::queueData() performance
  (in the TableMapper module) when used with data in hash of
  lists format to use bulk DML in input and output without
  internal data conversions (issue 1626)
* OracleSqlUtil module fixes:
    -worked around ORA-22165 from op_in() caused by Oracle's
    limit on number of collection elements (issue 1660)
    -fixed a bug in the force option (i.e. cascade) for
    dropping types (issue 1683)
    -improved %try-module error reporting and documentation
    (issue 1648)
* fixed a bug in Qore::parse_url() parsing single-character
  hostnames (issue 1524)
* fixed a bug where PO_LOCKDOWN was not set when parsing init
  and del attributes in user module headers (issue 1535)
* fixed a bug parsing exception catch block parameter errors
  (in debug builds only; issue 1558)
* fixed a bug dereferencing binary values with the [] operator;
  the behavior now corresponds to the documentation (issue 1566)
* fixed a bug that would result in a crash if a method were
  declared both static and abstract (issue 1590)
* fixed performance issues with the Mapper module (and by
  extension the TableMapper module) for mappers with many
  identity (i.e. 1:1) and constant mappings (issue 1620)
* fixed a bug in the BulkInsertOperation class in the
  BulkSqlUtil module where inserts would fail or silently
  insert invalid data in the second or later blocks when
  constant hashes were used (issue 1625)
* Mime module:
    -added support for URL form-encoded messages (issue 1436)
* RestClient module:
    -added support for URL form-encoded messages (issue 1436)
    -added support for the "rawxml" message body encoding
    (issue 1437)
* fixed handling of invalid compressed data in the following
  functions (issue 1432):
    -Qore::gunzip_to_binary()
    -Qore::gunzip_to_string()
    -Qore::uncompress_to_binary()
    -Qore::uncompress_to_string()
* fixed @inf@ on Windows (issue 1442):
* fixed Qore::parse_url() with single-character usernames
  (issue 1455)
* corrected the error message with SSL reads when the server
  closes the connection prematurely (issue 1488)
* fixed the Host header in HTTP requests to not include the port
  if the port is the default port for the scheme because it
  causes some servers to reject the request (issue 1489)

(nros)

Pullup ticket #5471 - requested by sevan
fonts/fontconfig: bugfix

Revisions pulled up:
- fonts/fontconfig/Makefile                                    1.98
- fonts/fontconfig/distinfo                                    1.56
- fonts/fontconfig/patches/patch-src_fccache.c                  1.1

---
  Module Name:    pkgsrc
  Committed By:  jperkin
  Date:          Tue May 30 16:53:14 UTC 2017

  Modified Files:
          pkgsrc/fonts/fontconfig: Makefile distinfo
  Added Files:
          pkgsrc/fonts/fontconfig/patches: patch-src_fccache.c

  Log Message:
  Apply upstream patch for https://bugs.freedesktop.org/show_bug.cgi?id=97546
  which fixes cache generation on OSX.  Raised in joyent/pkgsrc#506.

  Bump PKGREVISION.

(bsiegert)

Pullup tickets #5475 to #5477.

(bsiegert)

Pullup ticket #5476 - requested by khorben
www/firefox45: security fix

Revisions pulled up:
- www/firefox45-l10n/Makefile                                  1.10
- www/firefox45-l10n/distinfo                                  1.11
- www/firefox45/Makefile                                        1.25-1.27
- www/firefox45/distinfo                                        1.14
- www/firefox45/mozilla-common.mk                              1.7

---
  Module Name: pkgsrc
  Committed By: ryoon
  Date: Wed May 10 14:13:26 UTC 2017

  Modified Files:
  pkgsrc/www/firefox45: Makefile distinfo

  Log Message:
  Update to 45.9.0

  Changelog:
  Security fixes:
    #CVE-2017-5433: Use-after-free in SMIL animation functions
    #CVE-2017-5435: Use-after-free during transaction processing in the editor
    #CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
    #CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
    #CVE-2017-5459: Buffer overflow in WebGL
    #CVE-2017-5434: Use-after-free during focus handling
    #CVE-2017-5432: Use-after-free in text input selection
    #CVE-2017-5460: Use-after-free in frame selection
    #CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
    #CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
    #CVE-2017-5440: Use-after-free in txExecutionState destructor during
  XSLT processing
    #CVE-2017-5441: Use-after-free with selection during scroll events
    #CVE-2017-5442: Use-after-free during style changes
    #CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
    #CVE-2017-5443: Out-of-bounds write during BinHex decoding
    #CVE-2017-5444: Buffer overflow while parsing
  application/http-index-format content
    #CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
  with incorrect data
    #CVE-2017-5447: Out-of-bounds read during glyph processing
    #CVE-2017-5465: Out-of-bounds read in ConvolvePixel
    #CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
    #CVE-2016-10196: Vulnerabilities in Libevent library
    #CVE-2017-5469: Potential Buffer overflow in flex-generated code
    #CVE-2017-5445: Uninitialized values used while parsing
  application/http-index-format content
    #CVE-2017-5462: DRBG flaw in NSS
    #CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
  45.9, and Firefox ESR 52.1

---
  Module Name: pkgsrc
  Committed By: ryoon
  Date: Wed May 10 14:14:41 UTC 2017

  Modified Files:
  pkgsrc/www/firefox45-l10n: Makefile distinfo

  Log Message:
  Update to 45.9.0

  * Sync with firefox45-45.9.0

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Fri May 12 20:21:27 UTC 2017

  Modified Files:
  pkgsrc/www/firefox45: Makefile

  Log Message:
  Register more binaries as not safe for PaX mprotect

  This also reflects the current situation in www/firefox.

  Bumps PKGREVISION.

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Sat May 13 02:34:30 UTC 2017

  Modified Files:
  pkgsrc/www/firefox45: Makefile mozilla-common.mk

  Log Message:
  Add dependency to multimedia/ffmpeg3

  This fixes audio and H.264 support. From ryoon@ originally, on 46.0nb1 at
  the time.

  "commit" maya@

(bsiegert)

bring back geos buildlink as it is still required

(wiedi)

Pullup ticket #5477 - requested by sevan
security/sudo: security fix

Revisions pulled up:
- security/sudo/Makefile                                        1.155
- security/sudo/distinfo                                        1.92

---
  Module Name:    pkgsrc
  Committed By:  spz
  Date:          Wed Jun  7 05:41:53 UTC 2017

  Modified Files:
          pkgsrc/security/sudo: Makefile distinfo

  Log Message:
  update to version 1.8.20p2

  upstream changelog:
  2017-05-31  Todd C. Miller  <Todd.Miller%courtesan.com@localhost>

          * NEWS, configure, configure.ac:
          Sudo 1.8.20p2
          [47836f4c9834]

          * src/ttyname.c:
          A command name may also contain newline characters so read
          /proc/self/stat until EOF. It is not legal for /proc/self/stat to
          contain embedded NUL bytes so treat the file as corrupt if we see
          any. With help from Qualys.

          This is not exploitable due to the /dev traversal changes in sudo
          1.8.20p1 (thanks Solar!).
          [15a46f4007dd]

  2017-05-30  Todd C. Miller  <Todd.Miller%courtesan.com@localhost>

          * src/ttyname.c:
          Use /proc/self consistently on Linux. As far as I know, only AIX
          doesn't support /proc/self.
          [6f3d9816541b]

(bsiegert)

Pullup ticket #5475 - requested by khorben
security/py-yara: security fix
security/yara: security fix

Revisions pulled up:
- security/py-yara/Makefile                                    1.5
- security/py-yara/PLIST                                        1.2
- security/py-yara/distinfo                                    1.5-1.7
- security/yara/Makefile                                        1.3
- security/yara/Makefile.common                                1.5-1.8
- security/yara/PLIST                                          1.3
- security/yara/distinfo                                        1.6-1.8

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Mon May 15 15:27:31 UTC 2017

  Modified Files:
  pkgsrc/security/py-yara: Makefile PLIST distinfo
  pkgsrc/security/yara: Makefile Makefile.common PLIST distinfo

  Log Message:
  Update security/{,py-yara} to version 3.5.0

  The release notes mention:

      * Match length operator
  (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
      * Performance improvements
      * Less memory consumption while scanning processes
      * Exception handling when scanning memory blocks
      * Negative integers in meta fields
      * Added the --stack-size command-argument
      * Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE
  module
      * Functions rich_signature.toolid and rich_signature.version added to
  PE module
      * Lots of bug fixes

  The Python bindings are now released from a different tree, with the same
  versioning apparently though.

  "welcome to update" pettai@

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Mon May 15 15:34:12 UTC 2017

  Modified Files:
  pkgsrc/security/yara: Makefile.common

  Log Message:
  Set myself as the maintainer

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Wed Jun  7 20:11:42 UTC 2017

  Modified Files:
  pkgsrc/security/py-yara: distinfo
  pkgsrc/security/yara: Makefile.common distinfo

  Log Message:
  Package yara 3.6.0

  In the release notes:
    * .NET module (Wesley Shields)
    * New features for ELF module (Jacob Baines)
    * Fix endianness issues (Hilko Bengen)
    * Function yr_compiler_add_fd added to libyara
    * MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
    * Added --fail-on-warnings command-line option
    * Multiple bug fixes

---
  Module Name: pkgsrc
  Committed By: khorben
  Date: Wed Jun  7 20:27:37 UTC 2017

  Modified Files:
  pkgsrc/security/py-yara: distinfo
  pkgsrc/security/yara: Makefile.common distinfo

  Log Message:
  Package yara 3.6.1

  In the release notes:

    * BUGFIX: Stack overflow caused by uncontrolled recursiveness
  (CVE-2017-9304)
    * BUGFIX: pe.overlay.size was undefined if the PE didn't have an
  overlay. Now it's set to 0 in those cases.
    * BUGFIX: Fix initalization issue that could cause a crash if rules
  compiled with a 32bit yarac is used with a 64bit yara.

(bsiegert)

Don't print noise if CCPATH is undefined.

(joerg)

Updated www/sassc to 3.4.5

(adam)

This is the SassC for LibSass 3.4.5.
Check out LibSass release notes for more information.

(adam)

Updated print/cups-filters to 1.14.0nb1

(wiz)

Look for cups socket in correct place.

>From Edgar Fuß in PR 52296.

Bump PKGREVISION.

(wiz)

Updated devel/p5-PPI to 1.224

(mef)

Updated www/libsass to 3.4.5

(fhajny)

Update www/libsass to 3.4.5.

Features
- Implement trailing commas in parameters and arguments
- Implement unary slash expressions

Fixes
- Fix Attribute Selector equal compare operator
- Fix segfault for varargs with non-string keys
- Fix Element Selector compare operators
- Fix compiler issue with spec regression on NetBSD 6.1
- Fix some segfaults caused by the parser being too forgiving
- Fix segfault with invalid map keys
- Fix null pointer dereference in css_error
- Fix bug when parsing selector schemas
- Fix null pointer dereference in parse_selector_schema
- Fix segfault when extending pseudo selectors failed
- Fix parser for urls looking like ruleset selectors
- Error for trailing rulesets comma
- Improve selector and binominal look ahead
- Improve hex escape handling in interpolation
- Fix wrong parsing of calc functions as number units
- Skip comment evaluation for compressed output
- Improve parent selector handling in selector schema
- Improve parameter vararg and keyword handling
- Hotfix to avoid invalid nested :not selectors
- Fix a few minor memory leaks

(fhajny)

Updated devel/p5-PPI to 1.224
-----------------------------
1.224 Sun 14 May 2017
        Summary:
        - updating an out-of-date meta.yml caused by Module::Install

1.222 Sun 14 May 2017
        Summary:
        - unit tests for many parts, both passing and TODO
        - many documentation fixes
        - add ->version method to PPI::Statement::Package (WOLFSAGE)
        - remove unused PPI::Document->new timeout feature
        - do not expect '.' in @INC (PLICEASE)
        - many parsing fixes
        - various fixes to the behaviors of methods
        - removal of problematic dependencies

        Details:
        - Remove undocumented, non-working 'timeout' attribute to
          Document->new, including HAVE_ALARM and
          PPI::Exception::ParserTimeout.  (GitHub #140) (MOREGAN)
        - first cut of a travis configuration
        - do hex number matching with [[:xdigit:]]
        - some readability improvements on the code of HereDoc.pm
        - recognize heredoc even if they have no newline at the end (AUBERTG)
        - parse left side of => as bareword even if it looks like a keyword or
          op (MOREGAN)
        - remove source code escapes in the output of QuoteLike::Words->literal
          (MOREGAN)
        - removal of Test::NoWarnings
        - less uses of List::MoreUtils in favor of List::Util
        - expand $'x to $::main::x in Symbol->canonical as with $::x
          (MOREGAN)
        - fixed parsing of large numbers in Number::Exp on Solaris 80 (JMASLAK)
        - make remove_child actually return undef on failure to find child to
          remove
        - higher accuracy when deciding whether certain characters are operators
          or variable type casts (*&% etc.) (MOREGAN)
        - parse x as the first element of code as a word, not an operator
          (MOREGAN)
        - recognize the implied end of a package statement that includes a block
          (MOREGAN)
        - parse package names that look like operators as strings, not ops
          (MOREGAN)
        - parse package names that look like v10 as strings, not versions
          (MOREGAN)
        - parse things like v49use as a single bareword, not v-string + keyword
          (MOREGAN)
        - parse x64 as a word, not x operator + number (MOREGAN)
        - parse 1.eq 1 as float + op, not concatenation
        - parse subroutine attributes correctly (MOREGAN)

(mef)

PR pkg/52294: circular perl dependencies

Cyclic dependency for package:
p5-MetaCPAN-Client-2.016000
p5-Type-Tiny-1.002001
p5-Moose-2.2004nb1
p5-Test-DependentModules-0.26nb2
p5-MetaCPAN-Client-2.016000

p5-Test-DependentModules is only needed to run the p5-Moose tests, so comment
out the dependency.

(maya)

inn is at 2.6.1
it needs work, but not regarding its version at present

(spz)

Updated security/vault to 0.7.3

(fhajny)

Update security/vault to 0.7.3.

## 0.7.3 (June 7th, 2017)

SECURITY:

- Cert auth backend now checks validity of individual certificates
- App-ID path salting was skipped in 0.7.1/0.7.2

DEPRECATIONS/CHANGES:

- Step-Down is Forwarded

FEATURES:

- ed25519 Signing/Verification in Transit with Key Derivation
- Key Version Specification for Encryption in Transit
- Replication Primary Discovery (Enterprise)

IMPROVEMENTS:

- api/health: Add Sys().Health()
- audit: Add auth information to requests that error out
- command/auth: Add `-no-store` option that prevents the auth command
  from storing the returned token into the configured token helper
- core/forwarding: Request forwarding now heartbeats to prevent unused
  connections from being terminated by firewalls or proxies
- plugins/databases: Add MongoDB as an internal database plugin
- storage/dynamodb: Add a method for checking the existence of
  children, speeding up deletion operations in the DynamoDB storage backend
- storage/mysql: Add max_parallel parameter to MySQL backend
- secret/databases: Support listing connections
- secret/databases: Support custom renewal statements in Postgres
  database plugin
- secret/databases: Use the role name as part of generated credentials
- ui (Enterprise): Transit key and secret browsing UI handle large
  lists better
- ui (Enterprise): root tokens are no longer persisted
- ui (Enterprise): support for mounting Database and TOTP secret
  backends

BUG FIXES:

- auth/app-id: Fix regression causing loading of salts to be skipped
- auth/aws: Improve EC2 describe instances performance
- auth/aws: Fix lookup of some instance profile ARNs
- auth/aws: Resolve ARNs to internal AWS IDs which makes lookup at
  various points (e.g. renewal time) more robust
- auth/aws: Properly honor configured period when using IAM
  authentication
- auth/aws: Check that a bound IAM principal is not empty (in the
  current state of the role) before requiring it match the previously
  authenticated client
- auth/cert: Fix panic on renewal
- auth/cert: Certificate verification for non-CA certs
- core/acl: Prevent race condition when compiling ACLs in some
  scenarios
- secret/database: Increase wrapping token TTL; in a loaded scenario
  it could be too short
- secret/generic: Allow integers to be set as the value of `ttl` field
  as the documentation claims is supported
- secret/ssh: Added host key callback to ssh client config
- storage/s3: Avoid a panic when some bad data is returned
- storage/dynamodb: Fix list functions working improperly on Windows
- storage/file: Don't leak file descriptors in some error cases
- storage/swift: Fix pre-v3 project/tenant name reading

(fhajny)

Updated sysutils/consul to 0.8.4

(fhajny)

## 0.8.4 (June 9, 2017)

FEATURES:
- agent: Added a method for transitioning to gossip encryption on an
  existing cluster
- agent: Added a method for transitioning to TLS on an existing cluster
- agent: Added support for RetryJoin on Azure
- agent: (Consul Enterprise) Added AWS server side encryption support
  for S3 snapshots using the snapshot agent.

IMPROVEMENTS:
- agent: Added a check which prevents advertising or setting a service
  to a zero address (`0.0.0.0`, `[::]`, `::`).
- agent: Allow binding to any public IPv6 address with `::`
- agent: Removed SCADA-related code for Atlas and deprecated all
  Atlas-related configuration options.
- agent: Added support for custom check id and name when registering
  checks along with a service.
- agent: Updated go-sockaddr library to add support for new helper
  functions in bind address templates (`GetPrivateIPs`, `GetPublicIPs`),
  new math functions, and to pick up fixes for issues with detecting
  addresses on multi-homed hosts.
- agent: Watches now reset their index back to zero after an error, or
  if the index goes backwards, which allows watches to recover after a
  server restart with fresh state.
- agent: HTTP health checks now upport custom method and headers.
- agent: Increased the graceful leave timeout from 5 to 15 seconds.
- agent: Added additional logging when the agent handles signals and
  when it exits.
- build: Added support for linux/arm64 binaries.
- build: Consul now builds with Go 1.8.3.
- ui: Added a sticky scroll to the KV side panel so the KV edit box
  always stays in place.

BUG FIXES:
- agent: Added defensive code to prevent agents from infecting the
  network coordinates with `NaN` or `Inf` values, and added code to
  clean up in environments where this has happened.
- api: Added code to always read from the body of a request so that
  connections will always be returned to the pool.
- build: Added a vendor fix to allow compilation on Illumos.
- cli: Fixed an issue where `consul exec` would return a 0 exit code,
  even when there were nodes that didn't respond.

(fhajny)

Updated databases/percona-toolkit to 3.0.3

(fhajny)

Update databases/percona-toolkit to 3.0.3

v3.0.3
- Sandbox won't start correctly if autocommit=0 in my.cnf
- pt-online-schema-change should imply --no-drop-new-table
- Fixed pt-mext not working with not empty Rsa_public_key
- pt-stalk ps include memory usage outputs
- Recognize comments in ALTER
- pt-online-schema change eats data on adding a unique index. Added
  --[no]use-insert-ignore
- Make DSNs params able to be repeatable
- Made OptionParser to accept repeatable DSNs
- Collect MySQL variables
- Add --skip-check-slave-lag to pt-table-checksum
- Added --skip-check-slave-lag to pt-osc
- Added support for slave status in pt-stalk

v3.0.2
- pt-mongodb tools add support for SSL connections
- pt-mongodb-summary Cannot get security settings when connected to a
  mongod instance
- pt-mongodb-query-digest Change the default sort order to -count
  (descending)
- pt-mysql-summary password doesn't support '&' and '#' symbols
- Update Makefile for mongodb tools
- Collect information about locks and transactions using P_S (Thanks
  Agustin Gallego)
- pt-stalk top CPU usage is useless
- Fix pt-mongodb-query-digest query ID (Thanks Kamil Dziedzic)
- pt-online-schema-change makes duplicate rows in _t_new for UPDATE t
  set pk=0 where pk=1
- Fixed PT tests
- pt-table-checksum ignores slave-user and slave-password
- pt-table-checksum fails if a database is dropped while the tool is
  running

v3.0
- Improved fix (protocol parser fix): error when parsing tcpdump
  capture with pt-query-digest
- pt-osc: Fails with duplicate key in table for self-referencing
  (Thanks Amiel Marqeta)
- pt-summary exists with an error (Thanks Marcelo Altmann)
- pt-mongodb-summary
- pt-mongodb-query-digest

v2.2.20
- pt-slave-restart fails on MariaDB 10.0.13 (gtid_mode confusion)
- pt-show-grants fails against MariaDB10+
- pt-query-digest numbers in table or column names converted to
  question marks (--preserve-embedded-numbers)
- pt-online-schema-change misses data.  Fixed sort order for ENUM
  fields
- pt-online-schema-change doesn't apply underscores to foreign keys
  individually
- pt-upgrade fails with SELECT INTO
- pt-slave-restart --config does not recognize = as separator
- Added pause to NibbleIterator
- --data-dir parameter in order to create the table on a different
  partition
- with pt-table-checksum automatically exclude checking schemas named
  percona, percona_schema
- pt-online-schema-change Added --remove-data-dir feature
- Fixed several typos in the doc (Thanks Dario Minnucci)
- Add Transparent huge pages info to pt-summary
- Add Memory management library to pt-mysql-summary

(fhajny)

ruby200 had already retired.

(taca)

Add fix for Ruby 2.4 and later.

(taca)

Forgot to add ALTERNATIVES files.

(taca)

Note update of textproc/ruby-json and textproc/ruby-json-pure package
to 2.1.0.

(taca)

Update ruby-json and ruby-json-pure to 2.1.0.

## 2017-04-18 (2.1.0)
* Allow passing of `decimal_class` option to specify a class as which to parse
  JSON float numbers.
## 2017-03-23 (2.0.4)
* Raise exception for incomplete unicode surrogates/character escape
  sequences. This problem was reported by Daniel Gollahon (dgollahon).
* Fix arbitrary heap exposure problem. This problem was reported by Ahmad
  Sherif (ahmadsherif).

## 2017-01-12 (2.0.3)
* Set `required_ruby_version` to 1.9
* Some small fixes

## 2016-07-26 (2.0.2)
  * Specify `required_ruby_version` for json\_pure.
  * Fix issue #295 failure when parsing frozen strings.

## 2016-07-01 (2.0.1)
  * Fix problem when requiring json\_pure and Parser constant was defined top
    level.
  * Add `RB_GC_GUARD` to avoid possible GC problem via Pete Johns.
  * Store `current_nesting` on stack by Aaron Patterson.

## 2015-09-11 (2.0.0)
  * Now complies to newest JSON RFC 7159.
  * Implements compatibiliy to ruby 2.4 integer unification.
  * Drops support for old rubies whose life has ended, that is rubies < 2.0.
    Also see https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
  * There were still some mentions of dual GPL licensing in the source, but JSON
    has just the Ruby license that itself includes an explicit dual-licensing
    clause that allows covered software to be distributed under the terms of
    the Simplified BSD License instead for all ruby versions >= 1.9.3. This is
    however a GPL compatible license according to the Free Software Foundation.
    I changed these mentions to be consistent with the Ruby license setting in
    the gemspec files which were already correct now.

(taca)

Whilst the version of find in Darwin 8 & prior is insufficient for installing Python modules,
there are further issues with circular dependencies which need to be resolved
before the change to using find from coreutils can be made.
Revert previous change for now.

(sevan)

Note update of security/ruby-net-ssh-gateway package to 2.0.0.

(taca)

Update ruby-net-ssh-gateway to 2.0.0.

=== 2.0.0 / 26 Jan 2017

* Update net-ssh dependency to 4.0.0 which requires Ruby version >= 2.0 [delano]

=== 1.3.0 / 26 Jan 2017

* Fix for loop_wait option on initialization [mfazekas, tpitale]
* Use bundler and remove remove jeweler [tpitale]
* Use minitest instead of test/unit [tpitale]
* Added Travis CI config [tpitale]

(taca)

Note update of security/ruby-net-ssh package to 4.1.0.

(taca)

Update ruby-net-ssh to 4.1.0.

=== 4.1.0
=== 4.1.0.rc1

* ProxyJump support [Ryan McGeary, #500]
* Fix agent detection on Windows [Christian Koehler, #495]

=== 4.1.0.beta1

* Fix nil error when libsodium is not there [chapmajs ,#488]
* SSH certificate support for client auth [David Bartley, #485]

=== 4.0.1
=== 4.0.1.rc2

* ENV["HOME"] might be empty so filter non expandable paths [Matt Casper, #351]

=== 4.0.1.rc1

* support of rbnacl 4.0 and better error message [#479]
* support include in config files [Kimura Masayuki, #475]
* fixed issue with ruby 2.2 or older on windows [#472]

=== 4.0.0
=== 4.0.0.rc3

* parse `+` character in config files [Christoph Lupprich, #470, #314]

=== 4.0.0.rc2

* Fixed OpenSSL 2.0/Ruby 2.4.0 warnings [Mikl坦s Fazekas, #468]
* Added ssh-ed25519 to KnownHosts:SUPPORTED_TYPE [detatka-kuzlatka-otevrete, Mikl坦s Fazekas, #459]
* Allow nil for :passhrase and passing in nil option is now a depreaction warning [Mikl坦s Fazekas, #465]

=== 4.0.0.rc1

* Allow :password to be nil for capistrano v2 compatibility [Will Bryant, #357]
* In next_packet if prefer consuming buffer before filling it again if we have enough data [Mikl坦s Fazekas, #454]

=== 4.0.0.beta4

* Added exitstatus method to exec's return [Mikl坦s Fazekas, #452]
* Don't raise from exec if server closes transport just after channel close [Mikl坦s Fazekas, #450]
* Removed java_pageant, as jruby should be using regular pagent impl [Mikl坦s Fazekas, ]
* Use SSH_AUTH_SOCK if possible on windows (cygwin) [Mikl坦s Fazekas, Martin D端rst, #365, #361]
* HTTPS proxy support [Marcus Ilgner, #432]
* Supports ruby 2.4.0.dev new exception type from OpenSSL::PKey.read

=== 4.0.0.beta3

* Fix Net::SSH::Disconnect exceptions when channels are closed cleanly [Miklos Fazekas, #421, #422]

=== 4.0.0.beta2

* Fix raiseUnlessLoaded undefined ERROR issue [Miklos Fazekas, #418]

=== 4.0.0.beta1

* Fix pageant [elconas, #235]
* Relaxed rbnacl,rbnacl-selenium contstraints ang give better errors about them [Miklos Fazekas, #398]
* Fix UTF-8 encoding issues [Ethan J. Brown, #407]

=== 4.0.0.alpha4

* Experimental event loop abstraction [Miklos Fazekas]
* RbNacl dependency is optional [Miklos Fazekas]
* agent_socket_factory option [Alon Goldboim]
* client sends KEXINIT, it doesn't have to wait for server [Miklos Fazekas]
* better error message when option is nil [Kane Morgan]
* prompting can be customized [Miklos Fazekas]

=== 4.0.0.alpha3

* added max_select_wait_time [Eugene Kenny]

=== 4.0.0.alpha2

* when transport closes we're cleaning up channels [Miklos Fazekas]

=== 4.0.0.alpha1

* ed25519 key support [Miklos Fazekas]
* removed camellia [Miklos Fazekas]

=== 3.1.0
=== 3.1.0.rc1

* fix Secure#verify [Jean Boussier]
* use the smallest of don't spend longer time than keepalive if it's configured [Eugene Kenny]

=== 3.1.0.beta3

* forward/on_open_failed should stop listning closed socket otherwise it locks #269 [Miklos Fazekas,Scott McGillivray]
* fix incorrect pattern handling in config files #310 [Miklos Fazekas]

=== 3.1.0.beta2

* trying to execute something on a not yet opend channel throws nicer messag [Miklos Fazekas]
* calling close on a not opened channel marks the channel for close [Miklos Fazekas]
* read keepalive configuration from ssh config files [Miklos Fazekas]
* send client version on hadshake before waiting for server to reduce handshake time [Miklos Fazekas]
* allow custom Net::SSH::KnownHosts implementations [Jean Boussier]
* memoize known host so we only search it once per session [Jean Boussier, Miklos Fazekas]

=== 3.0.2
=== 3.0.2.rc1

* fixed rare WaitWritable error with proxy commands [Miklos Fazkas, Andre Meij]]
* if Net::SSH.start user is nil and config has no entry we default to Etc.getlogin
* Bugfix: CHANNEL_CLOSE was sent before draining ouput buffer #280 [Christopher F. Auston]

=== 3.0.1
=== 3.0.1.rc1

* Breaking change from 2.* series: exec! without block now returns empty string instread of nil if command has no output [https://github.com/net-ssh/net-ssh/pull/273]
* Support remote_user as %r in proxy commands [Dominic Scheirlinck]
* Raise Net::SSH::ConnectionTimeout from connection timeout [Carl Hoerberg]

=== 3.0.0.rc1

* SemVer: Major version change because of dropping of ruby 1.9

(taca)

Note update of devel/ruby-stomp package to 1.4.4.

(taca)

Update ruby-stomp to 1.4.4.

## 1.4.4 20170611

* Merge fix for issue 141.
* Fix broken MatReconnectAttempts
* Attempt to detect mismatched SSL port and params.
* Issue 139, add ssl checks to receive timeout logic.
* Eliminate assert_nothing_raised from tests.
* Add Artemis suport to standard test bed.
* Run JRuby tests more easily.

(taca)

Note update of devel/ruby-shoulda-context package to 1.2.2.

(taca)

Update ruby-shoulda-context to 1.2.2.

* Added factoid about test method names needed to run a single test method
* described_type: no ancestor lookup for constants that don't exist
* Add `require "test/unit"` to README
  The need to require `Test::Unit` in the standard library can be
  non-obvious: #47
* Uses class eval to not lose context
* Refactor to make hound happy

(taca)

Note update of databases/ruby-hiera package to 3.3.1.

(taca)

Update ruby-hiera to 3.3.1.

Changes are too many to write here, please refer changes in GitHub.
<https://github.com/puppetlabs/hiera/compare/1.3.4...3.3.1>.

(taca)

Note update of sysutils/puppet package to 4.10.1.

(taca)

Update puppet to 4.10.1.

Changes from 3.8.7 to 4.10.1 are too many to write here, please refer
<https://docs.puppet.com/puppet/latest/release_notes.html> and its links.

(taca)

Note update of sysutils/ruby-chef-config and sysutils/ruby-chef to 13.1.31.

(taca)

Update ruby-chef and ruby-chef-config to 13.1.31.

* pkgsrc change: ruby-chef support ruby23 only.

Changes from previous version are too many to write here.  Please refer
<https://github.com/chef/chef/blob/6b9ebb11c68d2a03a78644ffc2134941c46a15ed/CHANGELOG.md> in detail.

(taca)

Note update of sysutils/ruby-chef-zero package to 13.0.0.

(taca)

Update ruby-chef-zero to 13.0.0.

* pkgsrc change: support ruby23 only.

Changes from 3.2.1 is too many to write here, please refer
<https://github.com/chef/chef-zero/blob/master/CHANGELOG.md>.

(taca)

Note update of lang/pear package to 1.10.4nb1.

(taca)

Update included Archive_Tar pear package to 1.4.3.

Archive_Tar 1.4.3 2017-06-11 13:32 UTC

Changelog:

* Fix Bug #21218: Cannot use result of built-in function in write context in
  PHP 7.2.0alpha1 [mrook]

Bump PKGREVISION.

(taca)

Updated devel/p5-Glib-Object-Introspection to 0.043
Updated devel/p5-IO-Pager to 0.39
Updated devel/p5-IPC-Cmd to 0.98
Updated devel/p5-Inline-C to 0.78
Updated devel/p5-List-SomeUtils to 0.54
Updated devel/p5-List-SomeUtils-XS to 0.53
Updated devel/p5-Log-Dispatch-FileRotate to 1.26
Updated devel/p5-Type-Tiny to 1.002001
Updated devel/p5-MetaCPAN-Client to 2.016000

(mef)

Updated devel/p5-MetaCPAN-Client to 2.016
-----------------------------------------
2.016000    7.6.17
            * Support CSV field list in 'all' requests (Mickey, GH#87)

2.015000    14.5.17
            * Added 'main_module' field to the Release object (Mickey)
                * Updated doc (Matthew Horsfall, GH#85)

2.014000    12.5.17
            * Fixed single-value case for expected arrayref (Mickey, GH#84)
                * Added support for new release/contributors endpoint (Mickey)

2.013001    12.5.17
            * Updated endpoint name following API change (Mickey)

2.013000    9.5.17
            * Added support for new 'packages' type (Mickey)

2.012000    27.4.17
            * Fixed 'email' field handling in Author objects (Mickey, GH#83)

(mef)

Updated devel/p5-Type-Tiny to 1.002001
--------------------------------------
1.002001        2017-06-08
[ Test Suite ]
  - Skip t/30-integration/Moose/native-attribute-traits.t on older Moose
    because Test::Moose is broken.

[ Packaging ]
  - Ref::Util::XS 0.100 should be recommended, not 0.200 (which doesn't
    exist yet).
    Fixes RT#121981.
      <https://rt.cpan.org/Ticket/Display.html?id=121981>

(mef)

Updated devel/p5-Log-Dispatch-FileRotate to 1.26
------------------------------------------------
1.26 Tue May 09 2017
    - add SEE ALSO reference to Log::Dispath::File::Stamped (Thanks Karen
      Etheridge)

(mef)

devel/p5-List-SomeUtils to 0.54
-------------------------------
0.54    2017-06-01
  - Moved issue tracking to GitHub.

(mef)