sudo

(maya)

sudo: update to 1.8.20p1.
Fixes CVE-2017-1000367, local privilege escalation on linux.

What's new in Sudo 1.8.20p1

* Fixed "make check" when using OpenSSL or GNU crypt.
  Bug #787.

* Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
  when the process name contains spaces.  Since the user has control
  over the command name, this could potentially be used by a user
  with sudo access to overwrite an arbitrary file on systems with
  SELinux enabled.  Also stop performing a breadth-first traversal
  of /dev when looking for the device; only a hard-coded list of
  directories are checked,

What's new in Sudo 1.8.20

* Added support for SASL_MECH in ldap.conf. Bug #764

* Added support for digest matching when the command is a glob-style
  pattern or a directory. Previously, only explicit path matches
  supported digest checks.

* New "fdexec" Defaults option to control whether a command
  is executed by path or by open file descriptor.

* The embedded copy of zlib has been upgraded to version 1.2.11.

* Fixed a bug that prevented sudoers include files with a relative
  path starting with the letter 'i' from being opened.  Bug #776.

* Added support for command timeouts in sudoers.  The command will
  be terminated if the timeout expires.

* The SELinux role and type are now displayed in the "sudo -l"
  output for the LDAP and SSSD backends, just as they are in the
  sudoers backend.

* A new command line option, -T, can be used to specify a command
  timeout as long as the user-specified timeout is not longer than
  the timeout specified in sudoers.  This option may only be
  used when the "user_command_timeouts" flag is enabled in sudoers.

* Added NOTBEFORE and NOTAFTER command options to the sudoers
  backend similar to what is already available in the LDAP backend.

* Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
  crypt instead of the SHA2 implementation bundled with sudo.

* Fixed a compilation error on systems without the stdbool.h header
  file.  Bug #778.

* Fixed a compilation error in the standalone Kerberos V authentication
  module.  Bug #777.

* Added the iolog_flush flag to sudoers which causes I/O log data
  to be written immediately to disk instead of being buffered.

* I/O log files are now created with group ID 0 by default unless
  the "iolog_user" or "iolog_group" options are set in sudoers.

* It is now possible to store I/O log files on an NFS-mounted
  file system where uid 0 is remapped to an unprivileged user.
  The "iolog_user" option must be set to a non-root user and the
  top-level I/O log directory must exist and be owned by that user.

* Added the restricted_env_file setting to sudoers which is similar
  to env_file but its contents are subject to the same restrictions
  as variables in the invoking user's environment.

* Fixed a use after free bug in the SSSD backend when the fqdn
  sudoOption is enabled and no hostname value is present in
  /etc/sssd/sssd.conf.

* Fixed a typo that resulted in a compilation error on systems
  where the killpg() function is not found by configure.

* Fixed a compilation error with the included version of zlib
  when sudo was built outside the source tree.

* Fixed the exit value of sudo when the command is terminated by
  a signal other than SIGINT.  This was broken in sudo 1.8.15 by
  the fix for Bug #722.  Bug #784.

* Fixed a regression introduced in sudo 1.8.18 where the "lecture"
  option could not be used in a positive boolean context, only
  a negative one.

* Fixed an issue where sudo would consume stdin if it was not
  connected to a tty even if log_input is not enabled in sudoers.
  Bug #786.

* Clarify in the sudoers manual that the #includedir directive
  diverts control to the files in the specified directory and,
  when parsing of those files is complete, returns control to the
  original file.  Bug #775.

What's new in Sudo 1.8.19p2

* Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
  or network is used in a host-based Defaults entry.  Bug #766

* Added a missing check for the ignore_iolog_errors flag when
  the sudoers plugin generates the I/O log file path name.

* Fixed a typo in sudo's vsyslog() replacement that resulted in
  garbage being logged to syslog.

What's new in Sudo 1.8.19p1

* Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
  syslog priority and facility being used.

What's new in Sudo 1.8.19

* New "syslog_maxlen" Defaults option to control the maximum size of
  syslog messages generated by sudo.

* Sudo has been run against PVS-Studio and any issues that were
  not false positives have been addressed.

* I/O log files are now created with the same group ID as the
  parent directory and not the invoking user's group ID.

* I/O log permissions and ownership are now configurable via the
  "iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
  variables.

* Fixed configuration of the sudoers I/O log plugin debug subsystem.
  Previously, I/O log information was not being written to the
  sudoers debug log.

* Fixed a bug in visudo that broke editing of files in an include
  dir that have a syntax error.  Normally, visudo does not edit
  those files, but if a syntax error is detected in one, the user
  should get a chance to fix it.

* Warnings about unknown or unparsable sudoers Defaults entries now
  include the file and line number of the problem.

* Visudo will now use the file and line number information about an
  unknown or unparsable Defaults entry to go directly to the file
  with the problem.

* Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
  entry would prevent other sudoHost entries following it from matching.

* Warnings from visudo about a cycle in an Alias entry now include the
  file and line number of the problem.

* In strict mode, visudo will now use the file and line number
  information about a cycle in an Alias entry to go directly to the
  file with the problem.

* The sudo_noexec.so file is now linked with -ldl on systems that
  require it for the wordexp() wrapper.

* Fixed linking of sudo_noexec.so on macOS systems where it must be
  a dynamic library and not a module.

* Sudo's "make check" now includes a test for sudo_noexec.so
  working.

* The sudo front-end now passes the user's umask to the plugin.
  Previously the plugin had to determine this itself.

* Sudoreplay can now display the stdin and ttyin streams when they
  are explicitly added to the filter list.

* Fixed a bug introduced in sudo 1.8.17 where the "all" setting
  for verifypw and listpw was not being honored.  Bug #762.

* The syslog priority (syslog_goodpri and syslog_badpri) can now
  be negated or set to "none" to disable logging of successful or
  unsuccessful sudo attempts via syslog.

What's new in Sudo 1.8.18p1

* When sudo_noexec.so is used, the WRDE_NOCMD flag is now added
  if the wordexp() function is called.  This prevents commands
  from being run via wordexp() without disabling it entirely.

* On Linux systems, sudo_noexec.so now uses a seccomp filter to
  disable execute access if the kernel supports seccomp.  This is
  more robust than the traditional method of using stub functions
  that return an error.

What's new in Sudo 1.8.18

* The sudoers locale is now set before parsing the sudoers file.
  If sudoers_locale is set in sudoers, it is applied before
  evaluating other Defaults entries.  Previously, sudoers_locale
  was used when evaluating sudoers but not during the inital parse.
  Bug #748.

* A missing or otherwise invalid #includedir is now ignored instead
  of causing a parse error.

* During "make install", backup files are only used on HP-UX where
  it is not possible to unlink a shared object that is in use.
  This works around a bug in ldconfig on Linux which could create
  links to the backup shared library file instead of the current
  one.

* Fixed a bug introduced in 1.8.17 where sudoers entries with long
  commands lines could be truncated, preventing a match.  Bug #752.

* The fqdn, runas_default and sudoers_locale Defaults settings are
  now applied before any other Defaults settings since they can
  change how other Defaults settings are parsed.

* On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
  flag is set, sudoedit now checks whether the file is a symbolic link
  before opening it as well as after the open.  Bug #753.

* Sudo will now only resolve a user's group IDs to group names
  when sudoers includes group-based permissions.  Group lookups
  can be expensive on some systems where the group database is
  not local.

* If the file system holding the sudo log file is full, allow
  the command to run unless the new ignore_logfile_errors Defaults
  option is disabled.  Bug #751.

* The ignore_audit_errors and ignore_iolog_errors Defaults options
  have been added to control sudo's behavior when it is unable to
  write to the audit and I/O logs.

* Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
  was not being restored when sudo directly executes the command.

* Fixed a bug where "sudo -l command" would indicate that a command
  was runnable even when denied by sudoers when using the LDAP or
  SSSD backends.

* The match_group_by_gid Defaults option has been added to allow
  sites where group name resolution is slow and where sudoers only
  contains a small number of groups to match groups by group ID
  instead of by group name.

* Fixed a bug on Linux where a 32-bit sudo binary could fail with
  an "unable to allocate memory" error when run on a 64-bit system.
  Bug #755

* When parsing ldap.conf, sudo will now only treat a '#' character
  as the start of a comment when it is at the beginning of the
  line.

* Fixed a potential crash when auditing is enabled and the audit
  function fails with an error.  Bug #756

* Norwegian Nynorsk translation for sudo from translationproject.org.

* Fixed a typo that broke short host name matching when the fqdn
  flag is enabled in sudoers.  Bug #757

* Negated sudoHost attributes are now supported by the LDAP and
  SSSD backends.

* Fixed matching entries in the LDAP and SSSD backends when a
  RunAsGroup is specified but no RunAsUser is present.

* Fixed "sudo -l" output in the LDAP and SSSD backends when a
  RunAsGroup is specified but no RunAsUser is present.

(maya)

Note remove of devel/ruby-rake package.

(taca)

Remove ruby-rake since all ruby2*-base pacakge have it.

(taca)

Delete ruby-rake to build.

(taca)

Remove use of USE_RAKE.

(taca)

* Move descriptive comments to one place.
* Remove USE_RAKE support since RAKE is always defined and pass to MAKE_ENV.

(taca)

* Add description for RAKE.
* Remove RUBY_VERSION_FULL.
* Remove patchlevel information.

(taca)

Replace more remaining RUBY_VERSION_FULL to RUBY_VERSION.

(taca)

* Replace RUBY_VERSION_FULL with RUBY_VERSION since there is no
  RUBY_VERSION_FULL contains Ruby's patchlevel.
* Add comment to RUBY_VERSIONS_ACCEPTED that ruby-tk is not bundled by
  Ruby 2.4 and later.

(taca)

* Replace RUBY_VERSION_FULL with RUBY_VERSION since there is no
  RUBY_VERSION_FULL contains Ruby's patchlevel.
* Remove ruby18 specific code.

(taca)

* Replace RUBY_VERSION_FULL with RUBY_VERSION since there is no
  RUBY_VERSION_FULL contains Ruby's patchlevel.
* Prepare for Ruby 2.4.

(taca)

Replace RUBY_VERSION_FULL with RUBY_VERSION since there is no
RUBY_VERSION_FULL contains Ruby's patchlevel.

(taca)

* Always define RAKE since all ruby2*-base package have it.
* Pass RAKE to MAKE_ENV.

(taca)

Note update of www/termtter pavkage to 2.2.1nb3.

(taca)

Stop using RUBY_JSON_{REQD,TYPE} since all ruby2*-base pacakges contain
required version of json extension.

Instead, override json_pure to json in gemspec.

Bump PKGREVISION.

(taca)

Note update of net/mikutter package to 3.5.7nb1.

(taca)

Stop using RUBY_JSON_{REQD,TYPE} since all ruby2*-base pacakges contain
required version of json extension.

Instead, override json_pure to json in gemspec.

Bump PKGREVISION.

(taca)

Stop using RUBY_JSON_{REQD,TYPE} since all ruby2*-base pacakges contain
required version of json extension.

(taca)

Updated security/py-certbot to 0.14.2

(fhajny)

Update security/py-certbot to 0.14.2.

0.14.2
- Certbot 0.14.0 included a bug where Certbot would create a temporary
  log file (usually in /tmp) if the program exited during argument parsing.

0.14.1
- Certbot now works with configargparse 0.12.0.
- Issues with the Apache plugin and Augeas 1.7+ have been resolved.
- A problem where the Nginx plugin would fail to install certificates on
  systems that had the plugin's SSL/TLS options file from 7+ months ago
  has been fixed.

(fhajny)

On macOS, do not generate debugging symbols; they use lots of disk space, and most of them get stripped off during installation.

(adam)

Remove obsolete conditional; now each ruby2*-base has rubygems 2.2.2
and later.

(taca)

* Drop setting RUBY_VERSIONS_ACCEPTED since it is now default value.

(taca)

* Remove code for ruby18.
* Drop setting RUBY_VERSIONS_ACCEPTED since it is now default value.

(taca)

python36: bump PKGREVISION for socketcan support on netbsd

(maya)

Add support for NetBSD's socketcan implementation.
Tested with the example from
http://www.bencz.com/hacks/2016/07/10/python-and-socketcan/
Needs <netcan/can.h> rev 1.3 or newer.

(bouyer)

Remove unnecessary chunk.

(wiz)

Add support for NetBSD's socketcan implementation.
Tested with the example from
http://www.bencz.com/hacks/2016/07/10/python-and-socketcan/
Needs <netcan/can.h> rev 1.3 or newer.

(bouyer)

Remove ap-auth-mellon in preparation of its removal, I should have
noticed that we have ap2-auth-mellon, so I'm updating that instead.

(he)

Remove patch that does not do what it intends to do.

No comment from maintainer.

(wiz)

Minor clean-up

(adam)

Security update 4.7.5. Bugs fixed:

Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.

(jklos)

Updated mail/mess822 to 0.58nb6

(schmonz)

Remove "mess822-qmailqueue" option.

(schmonz)

Remove "mess822-qmailqueue" option, as the QMAILQUEUE patch is part
of the SMTP AUTH patch. Enable "sasl" option by default. Bump PKGREVISION.

(schmonz)

Fix broken build by adding missing directory permissions.

(jlam)

Note update of lang/python36 to 3.6.1nb1.

(he)

Fix a build issue observed on NetBSD/macppc, in that alloca() is left
as an unresolved undefined symbol, causing the install to fail due to
PLIST issues.  Change from -std=c99 to -std=gnu99 to work around this
problem, based on hint from joerg@.
Bump PKGREVISION.

(he)

Updated lang/LuaJIT2 to 2.0.5.

(alnsn)

Update LuaJIT2 to 2.0.5.

LuaJIT 2.0.5 -- 2017-05-01

    * Add workaround for MSVC 2015 stdio changes.
    * Limit mcode alloc probing, depending on the available pool size.
    * Fix overly restrictive range calculation in mcode allocation.
    * Fix out-of-scope goto handling in parser.
    * Remove internal __mode = "K" and replace with safe check.
    * Add "proto" field to jit.util.funcinfo().
    * Fix GC step size calculation.
    * Initialize uv->immutable for upvalues of loaded chunks.
    * Fix for cdata vs. non-cdata arithmetics/comparisons.
    * Drop leftover regs in 'for' iterator assignment, too.
    * Fix PHI remarking in SINK pass.
    * Don't try to record outermost pcall() return to lower frame.
    * Add guard for obscure aliasing between open upvalues and SSA slots.
    * Remove assumption that lj_math_random_step() doesn't clobber FPRs.
    * Fix handling of non-numeric strings in arithmetic coercions.
    * Fix recording of select(n, ...) with off-trace varargs
    * Fix install for cross-builds.
    * Don't allocate unused 2nd result register in JIT compiler backend.
    * Drop marks from replayed instructions when sinking.
    * Fix unsinking check.
    * Properly handle OOM in trace_save().
    * Limit number of arguments given to io.lines() and fp:lines().
    * Fix narrowing of TOBIT.
    * OSX: Fix build with recent XCode.
    * x86/x64: Don't spill an explicit REF_BASE in the IR.
    * x86/x64: Fix instruction length decoder.
    * x86/x64: Search for exit jumps with instruction length decoder.
    * ARM: Fix BLX encoding for Thumb interworking calls.
    * MIPS: Don't use RID_GP as a scratch register.
    * MIPS: Fix emitted code for U32 to float conversion.
    * MIPS: Backport workaround for compact unwind tables.
    * MIPS: Fix cross-endian jit.bcsave.
    * MIPS: Fix BC_ISNEXT fallback path.
    * MIPS: Fix use of ffgccheck delay slots in interpreter.
    * FFI: Fix FOLD rules for int64_t comparisons.
    * FFI: Fix SPLIT pass for CONV i64.u64.
    * FFI: Fix ipairs() recording.
    * FFI: Don't propagate qualifiers into subtypes of complex.

(alnsn)

Updated graphics/py-matplotlib to 2.0.2

(adam)

Critical bug fixes in 2.0.2:
- fixed Qt4 support
- fixed LogFormatter
- fixed hatched artists in legends
- fixed segfault with large images

(adam)

Updated comms/asterisk13 to 13.15.1

(jnemeth)

Add fixes for AST-2017-002, AST-2017-003, and AST-2017-004.  Note
that the first two don't affect pkgsrc as we are using chan_sip
not PJSIP.  The last only affects users of SCCP, which is Cisco's
proprietary protocol.

----- AST-2017-002

A remote crash can be triggered by sending a SIP packet to
Asterisk with a specially crafted CSeq header and a Via
header with no branch parameter. The issue is that the
PJSIP RFC 2543 transaction key generation algorithm does
not allocate a large enough buffer. By overrunning the
buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.

This issue is in PJSIP, and so the issue can be fixed
without performing an upgrade of Asterisk at all. However,
we are releasing a new version of Asterisk with the bundled
PJProject updated to include the fix.

If you are running Asterisk with chan_sip, this issue does
not affect you.

----- AST-2017-003

The multi-part body parser in PJSIP contains a logical
error that can make certain multi-part body parts attempt
to read memory from outside the allowed boundaries. A
specially-crafted packet can trigger these invalid reads
and potentially induce a crash.

The issue is within the PJSIP project and not in Asterisk.
Therefore, the problem can be fixed without upgrading
Asterisk. However, we will be releasing a new version of
Asterisk where the bundled version of PJSIP has been
updated to have the bug patched.

If you are using Asterisk with chan_sip, this issue does
not affect you.

----- AST-2017-004

A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with chan_skinny enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesn't detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The partial
data message logging in that tight loop causes Asterisk to
exhaust all available memory.

(jnemeth)

must ... do ... more ... tickets ...

(bsiegert)

Pullup ticket #5434 - requested by sevan
databases/postgresql92: security fix
databases/postgresql93: security fix
databases/postgresql94: security fix
databases/postgresql95: security fix
databases/postgresql96: security fix

Revisions pulled up:
- databases/postgresql92-docs/PLIST                            1.21
- databases/postgresql92-server/PLIST                          1.13
- databases/postgresql92/Makefile.common                        1.28
- databases/postgresql92/distinfo                              1.23
- databases/postgresql93-docs/PLIST                            1.18
- databases/postgresql93-server/PLIST                          1.11
- databases/postgresql93/Makefile.common                        1.24
- databases/postgresql93/distinfo                              1.23
- databases/postgresql94-client/PLIST                          1.3
- databases/postgresql94-docs/PLIST                            1.13
- databases/postgresql94-server/PLIST                          1.8
- databases/postgresql94/Makefile.common                        1.16
- databases/postgresql94/distinfo                              1.15
- databases/postgresql95-client/PLIST                          1.4
- databases/postgresql95-docs/PLIST                            1.7
- databases/postgresql95-server/PLIST                          1.6
- databases/postgresql95/Makefile.common                        1.9
- databases/postgresql95/distinfo                              1.8
- databases/postgresql96-client/PLIST                          1.2
- databases/postgresql96-docs/PLIST                            1.3
- databases/postgresql96-server/PLIST                          1.3
- databases/postgresql96/Makefile.common                        1.3
- databases/postgresql96/distinfo                              1.4

---
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Fri May 12 19:37:55 UTC 2017

  Modified Files:
          pkgsrc/databases/postgresql92: Makefile.common distinfo
          pkgsrc/databases/postgresql92-docs: PLIST
          pkgsrc/databases/postgresql92-server: PLIST
          pkgsrc/databases/postgresql93: Makefile.common distinfo
          pkgsrc/databases/postgresql93-docs: PLIST
          pkgsrc/databases/postgresql93-server: PLIST
          pkgsrc/databases/postgresql94: Makefile.common distinfo
          pkgsrc/databases/postgresql94-client: PLIST
          pkgsrc/databases/postgresql94-docs: PLIST
          pkgsrc/databases/postgresql94-server: PLIST
          pkgsrc/databases/postgresql95: Makefile.common distinfo
          pkgsrc/databases/postgresql95-client: PLIST
          pkgsrc/databases/postgresql95-docs: PLIST
          pkgsrc/databases/postgresql95-server: PLIST
          pkgsrc/databases/postgresql96: Makefile.common distinfo
          pkgsrc/databases/postgresql96-client: PLIST
          pkgsrc/databases/postgresql96-docs: PLIST
          pkgsrc/databases/postgresql96-server: PLIST

  Log Message:
  The PostgreSQL Global Development Group has released an update to all
  supported versions of our database system, including 9.6.3, 9.5.7,
  9.4.12, 9.3.17, and 9.2.21. This release fixes three security
  issues. It also patches a number of other bugs reported over the last
  three months. Users who use the PGREQUIRESSL environment variable to
  control connections, and users who rely on security
  isolation between database users when using foreign servers, should
  update as soon as possible. Other users should plan to update at the
  next convenient downtime.

(bsiegert)

Fix ownership of ${VARBASE}/cache/sysupgrade.

Fix case where OWN_DIRS_PERMS obviously was intended instead of OWN_DIRS.
Also use ${REAL_ROOT_USER}:${REAL_ROOT_GROUP} instead of hardcoding
root:wheel.

Bump PKGREVISION for fixes that changed binary package.

(jlam)

Pullup ticket #5452 - requested by sevan
net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.121
- net/tor/distinfo                                              1.81

---
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Wed May 17 07:13:37 UTC 2017

  Modified Files:
          pkgsrc/net/tor: Makefile distinfo

  Log Message:
  Changes in version 0.3.0.7 - 2017-05-15
    Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
    of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
    exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
    clients are not affected.

    o Major bugfixes (hidden service directory, security):
      - Fix an assertion failure in the hidden service directory code,
        which could be used by an attacker to remotely cause a Tor relay
        process to exit. Relays running earlier versions of Tor 0.3.0.x
        should upgrade. This security issue is tracked as TROVE-2017-002.
        Fixes bug 22246; bugfix on 0.3.0.1-alpha.

    o Minor features:
      - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
        Country database.

    o Minor features (future-proofing):
      - Tor no longer refuses to download microdescriptors or descriptors
        if they are listed as "published in the future". This change will
        eventually allow us to stop listing meaningful "published" dates
        in microdescriptor consensuses, and thereby allow us to reduce the
        resources required to download consensus diffs by over 50%.
        Implements part of ticket 21642; implements part of proposal 275.

    o Minor bugfixes (Linux seccomp2 sandbox):
      - The getpid() system call is now permitted under the Linux seccomp2
        sandbox, to avoid crashing with versions of OpenSSL (and other
        libraries) that attempt to learn the process's PID by using the
        syscall rather than the VDSO code. Fixes bug 21943; bugfix
        on 0.2.5.1-alpha.

(bsiegert)

Pullup ticket #5457 - requested by sevan
security/crypto++: security fix

Revisions pulled up:
- security/crypto++/Makefile                                    1.21
- security/crypto++/PLIST                                      1.7
- security/crypto++/buildlink3.mk                              1.13
- security/crypto++/distinfo                                    1.12
- security/crypto++/patches/patch-GNUmakefile                  1.1
- security/crypto++/patches/patch-aa                            deleted
- security/crypto++/patches/patch-config.h                      deleted

---
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Thu May 18 21:20:23 UTC 2017

  Modified Files:
          pkgsrc/security/crypto++: Makefile PLIST buildlink3.mk distinfo
  Added Files:
          pkgsrc/security/crypto++/patches: patch-GNUmakefile
  Removed Files:
          pkgsrc/security/crypto++/patches: patch-aa patch-config.h

  Log Message:
  Crypto++ 5.6.5

  The 5.6.5 release was mostly a maintenance release. The release included
  two CVE fixes.

  The first, CVE-2016-7420, was a procedural finding due to external build
  systems failing to define NDEBUG for release builds. The gap was the
  project's failure to tell users to define NDEBUG. The
  second, CVE-2016-7544, was a potential memory corruption on Windows
  platforms when using Microsoft compilers due to use of _malloca and _freea.

  Due to CVE-2016-7420 and the possibility for an unwanted assert to
  egress data, users and distros are encouraged to recompile the library
  and all dependent programs.

(bsiegert)

Pullup ticket #5463 - requested by sevan
textproc/libxslt: security fix

Revisions pulled up:
- textproc/libxslt/Makefile                                    1.105
- textproc/libxslt/distinfo                                    1.60
- textproc/libxslt/patches/patch-CVE-2017-5029                  1.1

---
  Module Name:    pkgsrc
  Committed By:  tez
  Date:          Tue May 23 23:37:01 UTC 2017

  Modified Files:
          pkgsrc/textproc/libxslt: Makefile distinfo
  Added Files:
          pkgsrc/textproc/libxslt/patches: patch-CVE-2017-5029

  Log Message:
  Add patch for CVE-2017-5029

(bsiegert)

Pullup ticket #5468 - requested by sevan
security/dropbear: security fix

Revisions pulled up:
- security/dropbear/Makefile                                    1.32
- security/dropbear/distinfo                                    1.24
- security/dropbear/patches/patch-aa                            1.11
- security/dropbear/patches/patch-ab                            1.9
- security/dropbear/patches/patch-configure                    1.1

---
  Module Name:    pkgsrc
  Committed By:  snj
  Date:          Tue May 16 21:54:21 UTC 2017

  Modified Files:
          pkgsrc/security/dropbear: Makefile distinfo
          pkgsrc/security/dropbear/patches: patch-aa patch-ab
  Added Files:
          pkgsrc/security/dropbear/patches: patch-configure

  Log Message:
  update dropbear to 2016.74.  changes:

  2016.74 - 21 July 2016

  - Security: Message printout was vulnerable to format string injection.

    If specific usernames including "%" symbols can be created on a system
    (validated by getpwnam()) then an attacker could run arbitrary code as
  root
    when connecting to Dropbear server.

    A dbclient user who can control username or host arguments could
  potentially
    run arbitrary code as the dbclient user. This could be a problem if
  scripts
    or webpages pass untrusted input to the dbclient program.
    CVE-2016-7406
    https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb

  - Security: dropbearconvert import of OpenSSH keys could run arbitrary
  code as
    the local dropbearconvert user when parsing malicious key files
    CVE-2016-7407
    https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e

  - Security: dbclient could run arbitrary code as the local dbclient user if
    particular -m or -c arguments are provided. This could be an issue where
    dbclient is used in scripts.
    CVE-2016-7408
    https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6

  - Security: dbclient or dropbear server could expose process memory to the
    running user if compiled with DEBUG_TRACE and running with -v
    CVE-2016-7409
    https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04

    The security issues were reported by an anonymous researcher working with
    Beyond Security's SecuriTeam Secure Disclosure
  www.beyondsecurity.com/ssd.html

  - Fix port forwarding failure when connecting to domains that have both
    IPv4 and IPv6 addresses. The bug was introduced in 2015.68

  - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang
  Hui P
    for the patch

  2016.73 - 18 March 2016

  - Support syslog in dbclient, option -o usesyslog=yes. Patch from
  Konstantin Tokarev

  - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev

  - Option to exit when a TCP forward fails, patch from Konstantin Tokarev

  - New "-o" option parsing from Konstantin Tokarev. This allows handling
  some extra options
    in the style of OpenSSH, though implementing all OpenSSH options is
  not planned.

  - Fix crash when fallback initshells() is used, reported by Michael
  Nowak and Mike Tzou

  - Allow specifying commands eg "dropbearmulti dbclient ..." instead of
  symlinks

  - Various cleanups for issues found by a lint tool, patch from Francois
  Perrad

  - Fix tab indent consistency, patch from Francois Perrad

  - Fix issues found by cppcheck, reported by Mike Tzou

  - Use system memset_s() or explicit_bzero() if available to clear
  memory. Also make
    libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).

  - Prevent scp failing when the local user doesn't exist. Based on patch
  from Michael Witten.

  - Improved Travis CI test running, thanks to Mike Tzou

  - Improve some code that was flagged by Coverity and Fortify Static Code
  Analyzer

  2016.72 - 9 March 2016

  - Validate X11 forwarding input. Could allow bypass of authorized_keys
  command= restrictions,
    found by github.com/tintinweb. Thanks for Damien Miller for a patch.
  CVE-2016-3116
    https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff

  2015.71 - 3 December 2015

  - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69

  - Fix crash on exit when -p address:port is used, broke in 2015.68,
  thanks to
    Frank Stollenwerk for reporting and investigation

  - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from
  Konstantin Tokarev

  - Fix bad configure script test which didn't work with dash shell, patch
  from Juergen Daubert,
    broke in 2015.70

  - Fix server race condition that could cause sessions to hang on exit,
    https://github.com/robotframework/SSHLibrary/issues/128

  2015.70 - 26 November 2015

  - Fix server password authentication on Linux, broke in 2015.69

  2015.69 - 25 November 2015

  - Fix crash when forwarded TCP connections fail to connect (bug
  introduced in 2015.68)

  - Avoid hang on session close when multiple sessions are started,
  affects Qt Creator
    Patch from Andrzej Szombierski

  - Reduce per-channel memory consumption in common case, increase default
    channel limit from 100 to 1000 which should improve SOCKS forwarding
  for modern
    webpages

  - Handle multiple command line arguments in a single flag, thanks to
  Guilhem Moulin

  - Manpage improvements from Guilhem Moulin

  - Build fixes for Android from Mike Frysinger

  - Don't display the MOTD when an explicit command is run from Guilhem Moulin

  - Check curve25519 shared secret isn't zero

  2015.68 - Saturday 8 August 2015

  - Reduce local data copying for improved efficiency. Measured 30%
    increase in throughput for connections to localhost

  - Forwarded TCP ports connect asynchronously and try all available addresses
    (IPv4, IPv6, round robin DNS)

  - Fix all compile warnings, many patches from Gaël Portay
    Note that configure with -Werror may not be successful on some
  platforms (OS X)
    and some configuration options may still result in unused variable
    warnings.

  - Use TCP Fast Open on Linux if available. Saves a round trip at connection
    to hosts that have previously been connected.
    Needs a recent Linux kernel and possibly "sysctl -w
  net.ipv4.tcp_fastopen=3"
    Client side is disabled by default pending further compatibility testing
    with networks and systems.

  - Increase maximum command length to 9000 bytes

  - Free memory before exiting, patch from Thorsten Horstmann. Useful for
    Dropbear ports to embedded systems and for checking memory leaks
    with valgrind. Only partially implemented for dbclient.
    This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h

  - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home
  directory unless
    there is a leading slash (~ isn't treated specially)

  - Fix small ECC memory leaks

  - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
    Matta Consulting. Odds of bad values are around 2**-512 -- improbable.

  - Twofish-ctr cipher is supported though disabled by default

  - Fix pre-authentication timeout when waiting for client SSH-2.0 banner,
  thanks
    to CL Ouyang

  - Fix null pointer crash with restrictions in authorized_keys without a
  command, patch from
    Guilhem Moulin

  - Ensure authentication timeout is handled while reading the initial banner,
    thanks to CL Ouyang for finding it.

  - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz

  2015.67 - Wednesday 28 January 2015

  - Call fsync() after generating private keys to ensure they aren't lost if a
    reboot occurs. Thanks to Peter Korsgaard

  - Disable non-delayed zlib compression by default on the server. Can be
    enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB

  - Default client key path ~/.ssh/id_dropbear

  - Prefer stronger algorithms by default, from Fedor Brunner.
    AES256 over 3DES
    Diffie-hellman group14 over group1

  - Add option to disable CBC ciphers.

  - Disable twofish in default options.h

  - Enable sha2 HMAC algorithms by default, the code was already required
    for ECC key exchange. sha1 is the first preference still for performance.

  - Fix installing dropbear.8 in a separate build directory, from Like Ma

  - Allow configure to succeed if libtomcrypt/libtommath are missing, from
  Elan Ruusamäe

  - Don't crash if ssh-agent provides an unknown type of key. From Catalin
  Patulea

  - Minor bug fixes, a few issues found by Coverity scan

  2014.66 - Thursday 23 October 2014

  - Use the same keepalive handling behaviour as OpenSSH. This will work
  better
    with some SSH implementations that have different behaviour with unknown
    message types.

  - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
    keepalive message

  - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere

  - Fix wtmp which broke since 2013.62, patch from Whoopie

  2014.65 - Friday 8 August 2014

  - Fix 2014.64 regression, server session hang on exit with scp (and probably
    others), thanks to NiLuJe for tracking it down

  - Fix 2014.64 regression, clock_gettime() error handling which broke on
  older
    Linux kernels, reported by NiLuJe

  - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN
  which
    wasn't caught

  - Avoid error message when trying to set QoS on proxycommand or multihop
  pipes

  - Use /usr/bin/xauth, thanks to Mike Frysinger

  - Don't exit the client if the local user entry can't be found, thanks
  to iquaba

  2014.64 - Sunday 27 July 2014

  - Fix compiling with ECDSA and DSS disabled

  - Don't exit abruptly if too many outgoing packets are queued for
  writev(). Patch
    thanks to Ronny Meeus

  - The -K keepalive option now behaves more like OpenSSH's
  "ServerAliveInterval".
    If no response is received after 3 keepalives then the session is
  terminated. This
    will close connections faster than waiting for a TCP timeout.

  - Rework TCP priority setting. New settings are
          if (connecting || ptys || x11) tos = LOWDELAY
          else if (tcp_forwards) tos = 0
          else tos = BULK
    Thanks to Catalin Patulea for the suggestion.

  - Improve handling of many concurrent new TCP forwarded connections,
  should now
    be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for
  reporting
    and investigating it.

  - Make sure that exit messages from the client are printed, regression
  in 2013.57

  - Use monotonic clock where available, timeouts won't be affected by
  system time
    changes

  - Add -V for version

  2014.63 - Wednesday 19 February 2014

  - Fix ~. to terminate a client interactive session after waking a laptop
    from sleep.

  - Changed port separator syntax again, now using host^port. This is because
    IPv6 link-local addresses use %. Reported by Gui Iribarren

  - Avoid constantly relinking dropbearmulti target, fix "make install"
    for multi target, thanks to Mike Frysinger

  - Avoid getting stuck in a loop writing huge key files, reported by Bruno
    Thomsen

  - Don't link dropbearkey or dropbearconvert to libz or libutil,
    thanks to Nicolas Boos

  - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos

  - Avoid crash on exit due to cleaned up keys before last packets are sent,
    debugged by Ronald Wahl

  - Fix a race condition in rekeying where Dropbear would exit if it
  received a
    still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
    This is a longstanding bug but is triggered more easily since 2013.57

  - Fix README for ecdsa keys, from Catalin Patulea

  - Ensure that generated RSA keys are always exactly the length
    requested. Previously Dropbear always generated N+16 or N+15 bit keys.
    Thanks to Unit 193

  - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip
  if the
    first public key succeeds. Still not enabled by default, needs more
    compatibility testing with other implementations.

  - Fix for port 0 forwarding in the client and port forwarding with
  Apache MINA SSHD.

  - Fix for bad system linux/pkt-sched.h header file with older Linux
  kernels, from Steve Dover

  - Fix signal handlers so that errno is saved, thanks to Erik Ahl�n for a
  patch
    and Mark Wickham for independently spotting the same problem.

(bsiegert)

boost: correct wrong OS logic about ctype.h macros.

It is freebsd and dragonflybsd that use macros.
ride previous pkgrevision bump

(maya)

Updated textproc/py-sphinx to 1.6.2; sysutils/py-psutil to 5.2.2

(adam)

Changes 5.2.2:

Bug fixes
1000: fixed some setup.py warnings.
1002: [SunOS] remove C macro which will not be available on new Solaris versions. (patch by Danek Duvall)
1004: [Linux] Process.io_counters() may raise ValueError.
1006: [Linux] cpu_freq() may return None on some Linux versions does not support the function; now the function is not declared instead.
1009: [Linux] sensors_temperatures() may raise OSError.
1010: [Linux] virtual_memory() may raise ValueError on Ubuntu 14.04.

(adam)

Release 1.6.2:

Incompatible changes
* 3789: Do not require typing module for python>=3.5

Bugs fixed
* 3754: HTML builder crashes if HTML theme appends own stylesheets
* 3756: epub: Entity 窶藁dash窶� not defined
* 3758: Sphinx crashed if logs are emitted in conf.py
* 3755: incorrectly warns about dedent with literalinclude
* 3742: RTD PDF builds of Sphinx own docs are missing an index entry in the bookmarks and table of contents. This is rtfd/readthedocs.org-2857 issue, a workaround is obtained using some extra LaTeX code in Sphinx窶冱 own conf.py
* 3770: Build fails when a 窶彡ode-block窶� has the option emphasize-lines and the number indicated is higher than the number of lines
* 3774: Incremental HTML building broken when using citations
* 3772: 窶�str object窶� has no attribute 窶惑ilename窶�
* 3763: got epubcheck validations error if epub_cover is set
* 3779: 窶露mportError窶� in sphinx.ext.autodoc due to broken 窶�sys.meta_path窶�. Thanks to Tatiana Tereshchenko.
* 3796: env.resolve_references() crashes when non-document node given
* 3803: Sphinx crashes with invalid PO files
* 3791: PDF 窶彡ontinued on next page窶� for long tables isn窶冲 internationalized
* 3788: smartquotes emits warnings for unsupported languages
* 3807: latex Makefile for make latexpdf is only for unixen
* 3781: double hyphens in option directive are compiled as endashes
* 3817: latex builder raises AttributeError

(adam)

Remove mongodb

(ryoon)

Updated databases/mongodb to 3.4.4

(ryoon)

Update to 3.4.4

* Disable PaX MPROTECT for bin/mongo

Changelog:
3.4.4 – Apr 21, 2017

Issues fixed:

    SERVER-18794: Add an aggregation operator $objectToArray to convert an object to an array of key, value pairs.
    SERVER-23310: Add an aggregation operator $arrayToObject to convert an array of pairs to an object.
    SERVER-22611: ChunkManager refresh can occasionally cause a full reload.
    3.4.4 Changelog
    All JIRA issues closed in 3.4.4

3.4.3 – Mar 28, 2017

Issues fixed:

    SERVER-27863: Reschedule firing of early alarms in NetworkInterfaceASIO to avoid mongos crash.
    SERVER-28017: $ne should respect collection’s default collation.
    SERVER-27700: Improve WiredTiger performance on secondary when cache is full.
    3.4.3 Changelog
    All JIRA issues closed in 3.4.3

3.4.2 – Feb 1, 2017

Issues fixed:

    SERVER-27125: Arbiters in pv1 should vote no in elections if they can see a healthy primary of equal or greater priority to the candidate.
    SERVER-27584 Add support for filter to listDatabases
    WT-2670 Inefficient I/O when read full DB (poor readahead)
    3.4.2 Changelog
    All JIRA issues closed in 3.4.2

3.4.1 – Dec 20, 2016

Issues fixed:

    SERVER-27124: Disallow readConcern: majority reads on replica set protocolVersion 0 (pv0).
    SERVER-27201: $graphLookup triggers null pointer dereference.
    SERVER-27207: Find operation with a sort on a view via mongos may incorrectly return empty result set.
    SERVER-27213: Two $match pipeline stages can combine incorrectly to produce incorrect results.
    3.4.1 Changelog
    All JIRA issues closed in 3.4.1

(ryoon)

Updated devel/boost-headers to 1.64.0nb1
Updated devel/boost-libs to 1.64.0nb1

(ryoon)

Bump PKGREVISION from enabling log1p and expm1 under NetBSD

(ryoon)

Updated chat/jabberd2 to 2.6.0

(gdt)

Update to 2.6.0

This is a bugfix release.  Upstream NEWS:

- Better SASL error messages

(gdt)

Comment out py-test-httpbin build dependency, it depends on py-requests
via py-flask and py-werkzeug.

(wiz)

Note update of graphics/tiff to 4.0.8.

(he)

Update tiff to version 4.0.8.

Pkgsrc changes:
* Adapt PLIST, remove patches for now-integrated bugfixes.

As the release announcement says:

  All of the changes are bug and security fixes.

Upstream changes:

CHANGES IN LIBTIFF:
* libtiff/tif_getimage.c, libtiff/tif_open.c: add parenthesis to
  fix cppcheck clarifyCalculation warnings * libtiff/tif_predict.c,
  libtiff/tif_print.c: fix printf unsigned vs signed formatting
  (cppcheck invalidPrintfArgType_uint warnings)
* libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
  TIFFReadEncodedStrip() that caused an integer division by zero.
  Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2596
* libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
  overflow on generation of PixarLog / LUV compressed files, with
  ColorMap, TransferFunction attached and nasty plays with
  bitspersample. The fix for LUV has not been tested, but suffers
  from the same kind of issue of PixarLog. Reported by Agostino
  Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips()
  done for http://bugzilla.maptools.org/show_bug.cgi?id=2587 /
  CVE-2016-9273 since the above change is a better fix that makes
  it unnecessary.
* libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip()
  to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
  rowsperstrip), instead of a logic based on the total size of
  data. Which is faulty is the total size of data is not sufficient
  to fill the whole image, and thus results in reading outside of
  the StripByCounts/StripOffsets arrays when using TIFFReadScanline().
  Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2608.
* libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of
  failure in OJPEGPreDecode(). This will avoid a divide by zero,
  and potential other issues. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2611
* libtiff/tif_write.c: fix misleading indentation as warned by GCC.
* libtiff/tif_fax3.h: revert change done on 2016-01-09 that made
  Param member of TIFFFaxTabEnt structure a uint16 to reduce size
  of the binary. It happens that the Hylafax software uses the
  tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable,
  TIFFFaxBlackTable), although they are not in a public libtiff
  header. Raised by Lee Howard. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2636
* libtiff/tiffio.h, libtiff/tif_getimage.c: add TIFFReadRGBAStripExt()
  and TIFFReadRGBATileExt() variants of the functions without ext,
  with an extra argument to control the stop_on_error behaviour.
* libtiff/tif_getimage.c: fix potential memory leaks in error code
  path of TIFFRGBAImageBegin(). Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2627
* libtiff/tif_jpeg.c: increase libjpeg max memory usable to 10 MB
  instead of libjpeg 1MB default. This helps when creating files
  with "big" tile, without using libjpeg temporary files. Related
  to https://trac.osgeo.org/gdal/ticket/6757
* libtiff/tif_jpeg.c: avoid integer division by zero in
  JPEGSetupEncode() when horizontal or vertical sampling is set
  to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653
* libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedRational,
  replace assertion by runtime check to error out if passed value
  is strictly negative. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2535
* libtiff/tif_dirread.c: avoid division by floating point 0 in
  TIFFReadDirEntryCheckedRational() and
  TIFFReadDirEntryCheckedSrational(), and return 0 in that case
  (instead of infinity as before presumably) Apparently some
  sanitizers do not like those divisions by zero. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2644
* libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement
  various clampings of double to other data types to avoid undefined
  behaviour if the output range isn't big enough to hold the input
  value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
  http://bugzilla.maptools.org/show_bug.cgi?id=2642
  http://bugzilla.maptools.org/show_bug.cgi?id=2646
  http://bugzilla.maptools.org/show_bug.cgi?id=2647
* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode()
  to avoid undefined behaviour caused by invalid shift exponent.
  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
* libtiff/tif_read.c: avoid potential undefined behaviour on signed
  integer addition in TIFFReadRawStrip1() in isMapped() case.
  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
* libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile
  to avoid UndefinedBehaviorSanitizer warning. Patch by Nicol叩s
  Pe単a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to
  zero initialize tif_rawdata. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2651
* libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()
* libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c: return 0 in Encode
  functions instead of -1 when TIFFFlushData1() fails. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2130
* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesQTable,
  OJPEGReadHeaderInfoSecTablesDcTable and
  OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by
  Nicol叩s Pe単a. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
* libtiff/tif_jpeg.c: only run JPEGFixupTagsSubsampling() if the
  YCbCrSubsampling tag is not explicitly present. This helps a
  bit to reduce the I/O amount when the tag is present (especially
  on cloud hosted files).
* libtiff/tif_lzw.c: in LZWPostEncode(), increase, if necessary,
  the code bit-width after flushing the remaining code and before
  emitting the EOI code. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=1982
* libtiff/tif_pixarlog.c: fix memory leak in error code path of
  PixarLogSetupDecode(). Patch by Nicol叩s Pe単a. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2665
* libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c: fix GCC 7
  -Wimplicit-fallthrough warnings.
* libtiff/tif_dirread.c: fix memory leak in non DEFER_STRILE_LOAD
  mode (ie default) when there is both a StripOffsets and TileOffsets
  tag, or a StripByteCounts and TileByteCounts Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2689
* libtiff/tif_ojpeg.c: fix potential memory leak in
  OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable
  and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicol叩s Pe単a.
  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670
* libtiff/tif_fax3.c: avoid crash in Fax3Close() on empty file.
  Patch by Alan Coopersmith + complement by myself. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2673
* libtiff/tif_read.c: TIFFFillStrip(): add limitation to the number
  of bytes read in case td_stripbytecount[strip] is bigger than
  reasonable, so as to avoid excessive memory allocation.
* libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c: fix memory
  leak when the underlying codec (ZIP, PixarLog) succeeds its
  setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz
  (locally run, on GDAL)
* libtiff/tif_read.c: TIFFFillStrip() and TIFFFillTile(): avoid
  excessive memory allocation in case of shorten files. Only
  effective on 64 bit builds and non-mapped cases. Credit to
  OSS-Fuzz (locally run, on GDAL)
* libtiff/tif_read.c: TIFFFillStripPartial() / TIFFSeek(), avoid
  potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT
  mode. Should especially occur on 32 bit platforms.
* libtiff/tif_read.c: TIFFFillStripPartial(): avoid excessive
  memory allocation in case of shorten files. Only effective on
  64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL)
* libtiff/tif_read.c: update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT
  mode with tif_rawdataloaded when calling TIFFStartStrip() or
  TIFFFillStripPartial(). This avoids reading beyond tif_rawdata
  when bytecount > tif_rawdatasize. Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545.
  Credit to OSS-Fuzz
* libtiff/tif_color.c: avoid potential int32 overflow in
  TIFFYCbCrToRGBInit() Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit
  to OSS-Fuzz
* libtiff/tif_pixarlog.c, tif_luv.c: avoid potential int32 overflows
  in multiply_ms() and add_ms(). Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit
  to OSS-Fuzz
* libtiff/tif_packbits.c: fix out-of-buffer read in PackBitsDecode()
  Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563
  Credit to OSS-Fuzz
* libtiff/tif_luv.c: LogL16InitState(): avoid excessive memory
  allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz
  (locally run, on GDAL)
* libtiff/tif_lzw.c: update dec_bitsleft at beginning of LZWDecode(),
  and update tif_rawcc at end of LZWDecode(). This is needed to
  properly work with the latest chnges in tif_read.c in
  CHUNKY_STRIP_READ_SUPPORT mode.
* libtiff/tif_pixarlog.c: PixarLogDecode(): resync tif_rawcp with
  next_in and tif_rawcc with avail_in at beginning and end of
  function, similarly to what is done in LZWDecode(). Likely needed
  so that it works properly with latest chnges in tif_read.c in
  CHUNKY_STRIP_READ_SUPPORT mode. But untested...
* libtiff/tif_getimage.c: initYCbCrConversion(): add basic validation
  of luma and refBlackWhite coefficients (just check they are not
  NaN for now), to avoid potential float to int overflows. Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit
  to OSS Fuzz
* libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
  double to float. Credit to Google Autofuzz project
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
  not zero to avoid division by zero. Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
  to OSS Fuzz
* libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of
  double to float. Credit to Google Autofuzz project
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is
  not zero to avoid division by zero. Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit
  to OSS Fuzz
* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation
  for refBlackWhite coefficients values. To avoid invalid float->int32
  conversion. Fixes
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit
  to OSS Fuzz

CHANGES IN THE TOOLS:
* tools/fax2tiff.c (main): Applied patch by J旦rg Ahrens to fix
  passing client data for Win32 builds using tif_win32.c
  (USE_WIN32_FILEIO defined) for file I/O. Patch was provided via
  email on November 20, 2016.
* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
  can cause various issues, such as buffer overflows in the library.
  Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2598
* tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
  mode so that the output buffer is correctly incremented to avoid
  write outside bounds. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2620
* tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
  readSeparateStripsIntoBuffer() to avoid read outside of heap
  allocated buffer. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2621
* tools/tiffcrop.c: fix integer division by zero when BitsPerSample
  is missing. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2619
* tools/tiffinfo.c: fix null pointer dereference in -r mode when
  the image has no StripByteCount tag. Reported by Agostino Sarubbo.
  Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
  tag is missing. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2597
* tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
  called, limit the return number of inks to SamplesPerPixel, so
  that code that parses ink names doesn't go past the end of the
  buffer. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2599
* tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
  tag is missing. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2607
* tools/tiffcp.c: fix uint32 underflow/overflow that can cause
  heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2610
* tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
  check. Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2605
* tools/tiff2ps.c: fix 2 heap-based buffer overflows (in PSDataBW
  and PSDataColorContig). Reported by Agostino Sarubbo. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2633 and
  http://bugzilla.maptools.org/show_bug.cgi?id=2634.
* tools/tiff2pdf.c: prevent heap-based buffer overflow in -j mode
  on a paletted image. Note: this fix errors out before the overflow
  happens. There could probably be a better fix. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2635
* tools/tiff2pdf.c: fix wrong usage of memcpy() that can trigger
  unspecified behaviour. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2638
* tools/tiff2pdf.c: avoid potential invalid memory read in
  t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
* tools/tiff2pdf.c: avoid potential heap-based overflow in
  t2p_readwrite_pdf_image_tile(). Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2640
* tools/tiffcrop.c: remove extraneous TIFFClose() in error code
  path, that caused double free. Related to
  http://bugzilla.maptools.org/show_bug.cgi?id=2535
* tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
  cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
  overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656
  and http://bugzilla.maptools.org/show_bug.cgi?id=2657
* tools/raw2tiff.c: avoid integer division by zero. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2631
* tools/tiff2ps.c: call TIFFClose() in error code paths.
* tools/fax2tiff.c: emit appropriate message if the input file is
  empty. Patch by Alan Coopersmith. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2672
* tools/tiff2bw.c: close TIFF handle in error code path. Fixes
  http://bugzilla.maptools.org/show_bug.cgi?id=2677

(he)

This uses libtool.

Fixes PR 52261.

(wiz)

Comment out py-requests test dependency to fix cyclic dependency
with py-requests-2.16.x.

(wiz)

Updated net/rabbitmq to 3.6.10

(fhajny)

Updated net/rabbitmq to 3.6.10

Bug Fixes
- rabbitmqctl wait exited with the status code of 0 when node stopped
  because it could not contact any cluster peers to [re-]join.
- rabbitmqctl forget_cluster_node used in offline mode could result in
  promotion of a node that's no longer a cluster member.
- Queue master locator could not be set using optional queue arguments
  (x-arguments).
- CLI tool (e.g. rabbitmqctl) man pages were not rendered correctly.

Enhancements
- Disk space monitor will periodically retry (every 2 minutes by
  default, up to 10 times) before going into disabled state as
  external tools used to monitor available disk space can fail or
  produce unexpected output temporarily.
- Memory relative free disk space limits now support integer values as
  well as floats.

Management and Management Agent Plugins
- TLS-related settings in HTTP API listeners could break JSON
  serialisation for the GET /api/overview endpoint.
- Non-numerical values for numerical stats are now handled safety by
  stats aggregation.
- Stats are no longer emitted for connections that are not considered
  to be in the fully initialised state.
- POST requests now instruct clients to close TCP connections.
- In some popular browsers (Chrome, Internet Explorer) a POST request
  followed by an immediate GET request would result in a 400 response.
  Other browsers do no exhibit this behaviour.
- I/O average time per operation graph didn't match legend.
- Sample retention policies are now validated more strictly to avoid
  configurations that are not supported and will lead to exceptions.
- Certain stats for connections were not initialised as numerical
  values, which resulted in log noise.
- UI operation for binding deletion did not respect optional (extra)
  binding arguments.
- Current virtual host is pre-selected on the "Add/update policy"
  form.

MQTT Plugin
- A non-initialized connection (e.g. one that failed early because
  client-provided payload wasn't a valid MQTT payload) produced a
  crash report log entry during termination.

LDAP Plugin
- Stale connection purging in LDAP connection pool could fail with a
  badmatch.

Trust Store Plugin
- Certificate change detection algorithm no longer uses stat(2) on
  certificate directory because of its limitations that could lead to
  undetected changes in certain scenarios.

Web STOMP Plugin
- The plugin failed to start after being stopped and re-enabled.
- Server-initiated consumer cancellation failed with an exception.

Management Visualiser Plugin
- The plugin wasn't compatible with recent 3.6.x releases.

(fhajny)

Updated devel/libatomic_ops to 7.6.0

(wiz)