Updated www/apache-tomcat7 to 7.0.78

(ryoon)

Update to 7.0.78

Changelog:
Tomcat 7.0.78 (violetagg)

    General

        add Allow to exclude JUnit test classes using the build property test.exclude and document the property in BUILDING.txt. (rjung)

    Catalina

        fix Review those places where Tomcat re-encodes a URI or URI component and ensure that that correct encoding (path differs from query string) is applied and that the encoding is applied consistently. (markt)
        fix Use a more reliable mechanism for the DefaultServlet when determining if the current request is for custom error page or not. (markt)
        fix Ensure that when the Default or WebDAV servlets process an error dispatch that the error resource is processed via the doGet() method irrespective of the method used for the original request that triggered the error. (markt)
        fix If a static custom error page is specified that does not exist or cannot be read, ensure that the intended error status is returned rather than a 404. (markt)
        fix When the WebDAV servlet is configured and an error dispatch is made to a custom error page located below WEB-INF, ensure that the target error page is displayed rather than a 404 response. (markt)
        add 61047: Add MIME mapping for woff2 fonts in the default web.xml. Patch provided by Justin Williamson. (violetagg)
        fix Correct the logic that selects the encoding to use to decode the query string in the SSIServletExternalResolver so that the useBodyEncodingForURI attribute of the Connector is correctly taken into account. (markt)
        fix 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
        fix Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)

    Jasper

        fix 60925: Improve the handling of access to properties defined by interfaces when a BeanELResolver is used under a SecurityManager. (markt)

    WebSocket

        fix 61003: Ensure the flags for reading/writing in o.a.t.websocket.AsyncChannelWrapperSecure are correctly reset even if some exceptions occurred during processing. (markt/violetagg)

    Web applications

        add Document the property test.excludePerformance in BUILDING.txt. (rjung)
        add Add documents for maxIdleTime attribute to Channel Receiver docs. (kfujino)

    jdbc-pool

        code Refactor the creating a constructor for a proxy class to reduce duplicate code. (kfujino)
        fix In StatementFacade, the method call on the statements that have been closed throw SQLException rather than NullPointerException. (kfujino)

    Other

        fix Correct comments about Java 8 in Jre8Compat. Patch provided by fibbers via Github. (violetagg)
        fix 60932: Correctly escape single quotes when used in i18n messages. Based on a patch by Michael Osipov. (markt)

(ryoon)

Update print/hplip to 3.17.4.

(schnoebe)

adjust english usage

(dholland)

Update to 3.17.4:

Release Notes

HPLIP 3.17.4 - This release has the following changes:
Added Support for the Following New Printers:
  - HP LaserJet Managed Flow MFP E77822z  Printer
  - HP LaserJet Managed MFP E77822dn Printer
  - HP LaserJet Managed Flow MFP E77825z  Printer
  - HP LaserJet Managed MFP E77825dn Printer
  - HP LaserJet Managed Flow MFP E77830z  Printer
  - HP LaserJet Managed MFP E77830dn Printer
  - HP LaserJet Managed Flow MFP E87640z  Printer
  - HP LaserJet Managed MFP E87640dn Printer
  - HP LaserJet Managed Flow MFP E87650z  Printer
  - HP LaserJet Managed MFP E87650dn Printer
  - HP LaserJet Managed Flow MFP E87660z  Printer
  - HP LaserJet Managed MFP E87660dn Printer
  - HP LaserJet Managed Flow MFP E82540z  Printer
  - HP LaserJet Managed MFP E82540dn Printer
  - HP LaserJet Managed Flow MFP E82550z  Printer
  - HP LaserJet Managed MFP E82550dn Printer
  - HP LaserJet Managed Flow MFP E82560z  Printer
  - HP LaserJet Managed MFP E82560dn Printer
  - HP LaserJet Managed Flow MFP E72525z  Printer
  - HP LaserJet Managed MFP E72525dn Printer
  - HP LaserJet Managed Flow MFP E72530z  Printer
  - HP LaserJet Managed MFP E72530dn Printer
  - HP LaserJet Managed Flow MFP E72535z  Printer
  - HP LaserJet Managed MFP E72535dn Printer
  - HP LaserJet Pro  M203d                Printer
  - HP LaserJet Pro  MFP M130a            Printer
  - HP LaserJet Pro  MFP M130nw          Printer
  - HP LaserJet Pro  MFP M130fn          Printer
  - HP LaserJet Pro  MFP M130fw          Printer
  - HP LaserJet Pro  MFP M227d            Printer
  - HP LaserJet Pro  MFP M227fdn          Printer
  - HP LaserJet Ultra MFP M230 sdn        Printer

Added support for the following new Distro's:
  - Debian 8.7
  - Linux Mint 18.1

Launchpad fixes:
  1656348 - cups Filter Failed with HP Laserjet
  1649550 - HP OfficeJet Pro 7740:no tray choice
  1648954 - Encapsulator.cpp send 10000 bytes of 0X00 to the Printer
    before real PCL commands
  1521134 - hpps has no error handling

Known Issues:
  1. Page orientation not changing for post script documents from evince.
  2. Edge to Edge Not supported
  3. Fax check box is enable for M227d device even it does not support

(schnoebe)

Updated www/drupal7 to 7.54

(adam)

drupal 7.54
Maintenance release of the Drupal 7 series. Includes a variety of improvements and bug fixes (no major, non-backwards-compatible new functionality).

(adam)

Updated www/moodle to 3.3

(wen)

Update to 3.3

Upstream changes:
Major features
Highlights

    MDL-55611 - New Course overview dashboard block featuring timeline of events
    MDL-58220 - Make use of OAuth 2 services to allow users to authenticate with Google G-Suite or Microsoft Office accounts and manage files from associated drives
    MDL-39913 - New Assignment setting for restricting submission file types
    MDL-4782 - "Stealth mode" for resources/activities in a course - not displayed on the course page but available for students
    MDL-40759 - New Font Awesome icon font for all icons in Moodle

For teachers

    MDL-58138 - Activity completion settings for setting activity completion defaults and bulk editing of completion requirements
    MDL-48771 - Quiz activity: Option to delete multiple questions
    MDL-53814 - Quiz activity: Question type icons are displayed in the quiz manual grading overview
    MDL-55459 - Assignment activity: Annotated PDF comments are collapsible
    MDL-23919 - Database activity: The setting "Required entries" is now an activity completion condition
    MDL-57769 - Topic and weeks course formats: After a course is created, sections can be added and removed only from the course page (it is no longer possible to have "orphaned" activities)
    MDL-46929, MDL-57456, MDL-57457 - Forum posts, glossary entries and book chapters may be tagged
    MDL-56251 - For courses in weekly format, a new course setting allows for the course end date to be calculated automatically
    MDL-47354 - Allow the page size in the Single view report to be configurable

Backup and restore

    MDL-34859 - Add site defaults for all restore settings, improve UI around "Overwrite course configuration" select
    MDL-40838 - Allow to restore non-default enrollment methods without restoring users
    MDL-57769 - When restoring/importing big courses in Weeks and Topics formats into small existing courses ajust the number of sections automatically

For administrators

Please read carefully: Possible issues that may affect you in Moodle 3.3

    MDL-46375 - Support for storing files not on the local drive (there are no open-source solutions at the moment, developer's help is required to implement custom cloud storage)
    MDL-55528, MDL-58280 - New document converter plugin type allows alternatives to unoconv, such as the Google Drive converter
    MDL-55980 - Run individual scheduled tasks from web interface
    MDL-57896 - CLI wrapper for get_config() and set_config() methods
    MDL-57789 - Use Cache-Control: immutable when serving files
    MDL-37765 - New capability to bypass access restrictions, separated from capability to view hidden activities
    MDL-57913 - Convert external database authentication synchronisation to scheduled task

Plugins removal and deprecation

    The repository Skydrive is deprecated; please migrate to the newer OneDrive repository
    The Dashboard block Course overview is replaced with a new block Course overview which is a different plugin. If you want to use the old block, you need to download and install it from https://moodle.org/plugins/block_course_overview

Mobile app support

    MDL-57410 - Allow admins to add new external links to pages in the main menu of the Mobile app
    MDL-57408 - Add new settings for allowing renaming strings in the Mobile app
    MDL-49423 - Add new settings for disabling Mobile app functionalities
    MDL-57759 - Allow offline attempts via the Mobile app in the lesson module
    MDL-57162 - Support Native App install banners for Android as well as iOS for the mobile app

Other improvements

    MDL-33483 - Google Docs repository: Save Doc files in different formats to RTF
    MDL-42266 - Improve the list of maximum file size options for file uploads
    MDL-51853 - Calendar subscriptions from imported files should be editable
    MDL-41729 - Add ability to change passwords for users using Shibboleth
    MDL-57572, MDL-57570, MDL-57355 - Redis and static caches performance improvements if igbinary library is installed
    MDL-56808 - SCORM module: Performance improvements when running SCORM 1.2 packages
    MDL-57686 - Add support for PDO databases in external database authentication
    MDL-57638 - RSS Block: RSS feeds are more heavily cached and correctly respect skip values

For developers

    MDL-55528 - New plugin type 'fileconverter' for file conversions, unoconv is now a plugin that can be replaced with scalable commercial solutions (see File Converters)
    MDL-40759 - Font Awesome icon font is used for all icons in Moodle (see Moodle icons)
    MDL-46375 - Support for storing files not on the local drive is implemented by allowing to override functionality of file_storage and stored_file classes (see File System API)
    MDL-12689 - Convert all authentication plugins to use settings.php (see upgrade.txt)
    MDL-53978 - Add extra plugin callbacks for every major stage of page render (see commit)
    MDL-58138 - Course modules may provide additional callbacks to participate in bulk editing of activities completion rules in a course
    MDL-58220 - Better office integration
    MDL-45584 - Multiple caches can be instantiated with the same definition but with different identifiers
    MDL-57769 - Course formats: Attribute 'numsections' was removed from topics and weeks, other course formats may want to implement similar changes
    MDL-55956 - Priority field for the calendar events allowing to specify the priority of overrides
    MDL-58566 - New methods for retrieving calendar events
    MDL-55941 - New element to select first name of first/last names is implemented in tablelib or can be used by developers elsewhere (template)
    MDL-56519 - Lint behat .feature files
    MDL-57273 - New classes (core\persistent, core\form\persistent, core\external\exporter, \core\external\persistent_exporter) used to represent a data-model and export that data in a standard format for webservices (previously was used in competencies) (see Persistent form, Persistent, Exporter)
    MDL-57490 - Removed several legacy JS functions from javascript-static.js
    MDL-57690 - mcore YUI rollup is no longer included on every single Moodle page (see [forum post])

(wen)

Match PLIST with do-install. Bump revision.

(joerg)

Updated net/fping to 4.0; sysutils/salt to 2016.11.5

(adam)

Salt 2016.11.5:

Due to the critical nature of issue 41230 we have decided to patch the 2016.11.5 packages with P.R.41244. This issue affects all calls to a salt-minion if there is an ipv6 nameserver set on the minion's host. The patched packages on repo.saltstack.com will divert from the v2016.11.5 tag and pypi packages due to the additional PR applied to the packages.

Bug fixes.

(adam)

Changes 4.0:

Incompatible Changes
- fping and fping6 unification
- Option -n, not the same as -d anymore
- Discarding of late packets
- No restrictions by default
- Default interval (-i) changed from 25ms to 10ms

New features
- Unified 'fping' and 'fping6' into one binary
- Long option names for all options
- IPv6 enabled by default
- New option -4 to force IPv4
- New option -6 to force IPv6
- Keep original name if a hostname is given with -n/--name
- Option -d/--rdns now always does a rdns-lookup, even for names, as '-n' was doing until now
- Enforce -t timeout on reply packets, by discarding late packets
- Auto-adjust timeout for -c/-C/-l mode to value of -p

Bugfixes and other changes
- -i/-p restrictions disabled by default (enable with --enable-safe-limits)
- Default interval -i changed from 25ms to 10ms
- Fix compatibility issue with GNU Hurd
- A C99 compiler is now required
- Option parsing with optparse (https://github.com/skeeto/optparse)
- New changelog file format

(adam)

2.4.6 and NetrBSD-5 are ancient history by now (hopefully)

(spz)

update to 2.6.1. Excerpt from NEWS:

Upgrading from 2.5 to 2.6

The following changes require your full attention because a manual intervention may be needed:

    The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be.

    The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.

    If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs.

    The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5.

    The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb.

    The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available.

    $HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change.

    Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password.

    A manual review of authenticated feeds should then be done so as to ensure that they are properly working.

    The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field.

    The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file.

    The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default).

    The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters).

    The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf.

Changes in 2.6.1

    nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.

    Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.

    The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.

    The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.

    rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.

    Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.

    Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time.

    Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.

    OpenSSL 1.1.0 support has been added to INN.

    When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.

    When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.

    nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.

    Update from GNU Libtool 2.4.2 to 2.4.6.

    Other minor bug fixes and documentation improvements.
Changes in 2.6.0

    The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details.

    The Lines: header is no longer generated by nnrpd at injection time.

    The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf.

    The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header.

    A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false.

    A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.

    Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages.

    The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time.

    nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd.

    The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user).

    Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue.

    Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed.

    DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support.

    When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0).

    If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure.

    Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled.

    The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions.

    Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0.

    The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes.

    Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery.

    Other minor bug fixes and documentation improvements.

(spz)

Updated devel/py-hypothesis to 3.9.0; www/py-parsel to 1.2.0; devel/py-attrs to 17.1.0; devel/py-automat to 0.6.0; www/py-scrapy to 1.4.0

(adam)

Scrapy 1.4 does not bring that many breathtaking new features
but quite a few handy improvements nonetheless.

Scrapy now supports anonymous FTP sessions with customizable user and
password via the new :setting:`FTP_USER` and :setting:`FTP_PASSWORD` settings.
And if you're using Twisted version 17.1.0 or above, FTP is now available
with Python 3.

There's a new :meth:`response.follow <scrapy.http.TextResponse.follow>` method
for creating requests; **it is now a recommended way to create Requests
in Scrapy spiders**. This method makes it easier to write correct
spiders; ``response.follow`` has several advantages over creating
``scrapy.Request`` objects directly:

* it handles relative URLs;
* it works properly with non-ascii URLs on non-UTF8 pages;
* in addition to absolute and relative URLs it supports Selectors;
  for ``<a>`` elements it can also extract their href values.

(adam)

Changes 0.6.0:
Bug fixes.

(adam)

Changes 17.1.0:
Backward-incompatible changes:
* attrs will set the __hash__() method to None by default now. The way hashes were handled before was in conflict with Python窶冱 specification. This may break some software although this breakage is most likely just surfacing of latent bugs. You can always make attrs create the __hash__() method using @attr.s(hash=True).
* Correspondingly, attr.ib窶�s hash argument is None by default too and mirrors the cmp argument as it should.

Deprecations:
* attr.assoc() is now deprecated in favor of attr.evolve() and will stop working in 2018.

Changes:
Fix default hashing behavior. Now hash mirrors the value of cmp and classes are unhashable by default.
Added attr.evolve() that, given an instance of an attrs class and field changes as keyword arguments, will instantiate a copy of the given instance with the changes applied. evolve() replaces assoc(), which is now deprecated. evolve() is significantly faster than assoc(), and requires the class have an initializer that can take the field values as keyword arguments (like attrs itself can generate).
FrozenInstanceError is now raised when trying to delete an attribute from a frozen class.
Frozen-ness of classes is now inherited.
__attrs_post_init__() is now run if validation is disabled.
Added attr.validators.in_(options) that, given the allowed options, checks whether the attribute value is in it. This can be used to check constants, enums, mappings, etc.
Added attr.validators.and_() that composes multiple validators into one.
For convenience, the validator argument of @attr.s now can take a list of validators that are wrapped using and_().
Accordingly, attr.validators.optional() now can take a list of validators too.
Validators can now be defined conveniently inline by using the attribute as a decorator. Check out the examples to see it in action!
attr.Factory() now has a takes_self argument that makes the initializer to pass the partially initialized instance into the factory. In other words you can define attribute defaults based on other attributes.
Default factories can now also be defined inline using decorators. They are always passed the partially initialized instance.
Conversion can now be made optional using attr.converters.optional().
attr.make_class() now accepts the keyword argument bases which allows for subclassing.
Metaclasses are now preserved with slots=True.

(adam)

Changes 1.2.0:
* Add :meth:`~parsel.selector.SelectorList.get` and :meth:`~parsel.selector.SelectorList.getall`
  methods as aliases for :meth:`~parsel.selector.SelectorList.extract_first`
  and :meth:`~parsel.selector.SelectorList.extract` respectively
* Add default value parameter to :meth:`~parsel.selector.SelectorList.re_first` method
* Add :meth:`~parsel.selector.Selector.re_first` method to :class:`parsel.selector.Selector` class
* Bug fix: detect ``None`` result from lxml parsing and fallback with an empty document
* Rearrange XML/HTML examples in the selectors usage docs

(adam)

3.9.0 - 2017-05-19
This is feature release, expanding the capabilities of the decimals strategy.
* The new (optional) places argument allows you to generate decimals with a certain number of places (e.g. cents, thousandths, satoshis).
* If allow_infinity is None, setting min_bound no longer excludes positive infinity and setting max_value no longer excludes negative infinity.
* All of NaN, -Nan, sNaN, and -sNaN may now be drawn if allow_nan is True, or if allow_nan is None and min_value or max_value is None.
* min_value and max_value may be given as decimal strings, e.g. "1.234".

(adam)

Updated net/ucspi-ssl to 0.99

(schmonz)

Update to 0.99 (new upstream). From the changelog:

Included ucspi-ssl-0.70_ucspitls-0.6.patch (STARTTLS support)
originally designed and provided by Scott Gifford (FEH).

Added Certchain support for sslserver and sslclient (FEH).

Integration and added man-pages (FEH).

Synced with ucspi-tcp6-0.95.

Fixed integration bug in ssl_very.c.
Included patches from Peter Conrad.

Bug fix in sslserver. Several small
corrections.

Fix for large X509 serial numbers on x86 (tx. Peter Conrad).
SAN DNSname has precedence over CN in subject.
Re-edited man pages and rts tests.

Added IPv6 support (tx. to Felix von Leitner and Brandon Turner).
UI: Changed sslserver client cert call from '-i/-I' to '-z/-Z'
for compatibility reasons.
Added '-4/-6' support for client scripts.

Added output environment variables TCP6* for sslserver.
sslperl, sslhandle, and sslprint are not IPv6 ready yet.

Added IPv6 capabilities to sslhandle, sslprint, sslperl.
Changed verification of X.509 certs.
Removed obsolete socket_4 calls in sslserver.

Streamlined code with ucspi-tcp6-1.00.
Supplied new certs with customized SAN.
Make rts working (at least some how).

Added support for personalized client certs.
New option '-m' in sslserver, complementing '-z'.
CCAFILE='-' disables client cert request.

Added verbose log output for SSL connection informations.

Fixed wrongly nested CONNECT error code for sslclient.c
producing wrong warning messages while connecting to
an IPv4 address.
Added call of '-ldl' in ssl.lib.

Mitigation of SSL connection hanging during
coincident change of daylight-saving settings.

Fixed bug in sslserver's dnsip lookup in case of paranoid settings
and additonal existance of IPv6 AAAA records for incoming IPv4 connection.

Serveral fixes from 'troy@' included to cope with compiler errors and
to solve a bug in function getbitasaddress in ip4_bit.c (= ucspi-tcp6-1.02).
Reordered conf-* variables in main dir to allow easier generation of
packages (i.e. RPM). Fixed script to identify different HW architecture
and OS. This version works in 32 bit mode on Raspian Linux / RasPi 7.

Added ECDH capabilites (tx to Frank Bergmann for the patches).

Added compatibility with LibreSSL.
Fixed missing negative return call treatment from 'poll' (tx Frank Bergmann).
Tentative 'emake' fix for Gentoo build.

Added OpenSSL 1.1 tweaks -- works under Debian (9) 'Stretch'.

(schmonz)

Updated sysutils/etckeeper to 1.18.5.1

(schmonz)

Update to 1.18.5.1. From the changelog:

* New upstream release:
  * merged Makefile patch
  * update standards version, no change
* Remove pre-compiled .pyc for bzr plugin from Debian package,
  and add python:Depends to Depends so that dh_python2 will install
  maintainer script snippets. Unfortunately, this adds a completely
  unnecessary dependency on python, which etckeeper does not need in
  normal operation.
* Make etckeeper commit store metadata changes. The pre-commit
  hook has always (and continues) to do that, but pre-commit is only
  run when there are changes to tommit. This makes metadata-only
  changes get committed.
* Move systemd files to /lib/systemd; /usr/lib/systemd is not used
  on Debian.
* Optimised find for special and hard linked files.
  Thanks, Rike-Benjamin Schuppner.
* Adjust when Pacman 5 calls etckeeper hooks.
  Thanks, Tilman Blumenbach and Christian Hesse.
* Only run Pacman hooks when files in /etc have changed.
  Thanks, Christian Hesse.
* Added systemd timer that can run etckeeper 10 minutes after boot, and also
  daily. It's not enabled by default, partly because of overlap with the
  cron job.
  Thanks, Christian Hesse.
* Added support for pacmatic, contributed by nicolaichuk.
* bzr: make sure EMAIL is defined
  Thanks, Serge E. Hallyn
* Fix Makefile version patterns to ignore non-native version number
  (Antoine Beaupr辿)
* Support ~/.config/git/config when determining the author name and email.
  Thanks, Richard Savio
* Added support for Arch's pacman package manager version 5.
  Thanks, Tilman Blumenbach.
* Set HOME if it's not set, as is the case when using ubuntu's
  update-manager.
* Move bash completion out of etc and into usr.
* Prepare upload to Debian unstable
* Fix Makefile version patterns to ignore non-native version number
* Fix lintian warnings:
  * remove .pyc files on build
  * install bash completions in standard location
  * ignore missing debian/config file, we ask only on purge on purpose
  * ignore full path for /usr/bin/etckeeper, we use it to stash it for
    later
* Update to standards 3.9.6, no change
* Remove obsolete XS-Python-Version field
* Run debconf-updatepo, outdating a bunch of translations
* Use getent utility instead of perl. (Elan Ruusam辰e)
* Initial FreeBSD support with pkgng plugin. (William Johansson)
* Fix README.md symlink in package (Sebastian Schmidt, Antoine Beaupr辿,
  closes: #791566)
* Fix typo of GIT_COMMITTER_EMAIL.
* Update git URL in control file.
* Send yum pre-commit output to /dev/null
  Thanks, Andrew Colin Kissa
* Set LANG=C internally when doing some operations that have
  been reported to fail in other locales.
* Fix name of DNF plugin.
* Add --version
  Thanks Andreas Wansner.
* New website, http://etckeeper.branchable.com/
* Add build-depends on dh-python.
* Added support for Fedora's DNF highlevel package manager.
  Thanks, Peter Listiak and Petr Spacek.
* Add architecture info to dpkg list-installed. Closes: #768145
* Orphaned the Debian package.

(schmonz)

Align previous patch with upstream trunk. Functionally, fix remains the same.

(fhajny)

update openvpn to 2.3.15
fixes DoSses: CVE-2017-7478 CVE-2017-7479
fixes PR pkg/52044

relevant excerpt of ChangeLog:
OpenVPN Change Log
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>

2017.05.11 -- Version 2.3.15
David Sommerseth (5):
      dev-tools: Added script for updating copyright years in files
      Update copyrights
      docs: Further improve --reneg-bytes and SWEET32 information
      git: Merge .gitignore files into a single file
      Make --cipher/--auth none more explicit on the risks

Gert Doering (1):
      Document --proto udp6, tcp6, etc.

Julien Muchembled (1):
      Fix implicit declarations when HAVE_OPENSSL_ENGINE is unset

Steffan Karger (6):
      Add missing includes in error.h
      cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
      Document that OpenVPN 2.3 does not check the CRL signature
      Introduce and use secure_memzero() to erase secrets
      Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
      Don't assert out on receiving too-large control packets (CVE-2017-7478)

2016.12.06 -- Version 2.3.14
Christian Hesse (1):
      update year in copyright message

David Sommerseth (1):
      Document the --auth-token option

Gert Doering (2):
      Repair topology subnet on FreeBSD 11
      Repair topology subnet on OpenBSD

Lev Stipakov (1):
      Drop recursively routed packets

Selva Nair (4):
      Support --block-outside-dns on multiple tunnels
      When parsing '--setenv opt xx ..' make sure a third parameter is present
      Map restart signals from event loop to SIGTERM during exit-notification wait
      Correctly state the default dhcp server address in man page

Steffan Karger (1):
      Clean up format_hex_ex()

2016.11.02 -- Version 2.3.13
Arne Schwabe (2):
      Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
      Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer

David Sommerseth (4):
      t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
      t_client.sh: Add support for Kerberos/ksu
      t_client.sh: Improve detection if the OpenVPN process did start during tests
      t_client.sh: Add prepare/cleanup possibilties for each test case

Gert Doering (5):
      Do not abort t_client run if OpenVPN instance does not start.
      Fix t_client runs on OpenSolaris
      make t_client robust against sudoers misconfiguration
      add POSTINIT_CMD_suf to t_client.sh and sample config
      Fix --multihome for IPv6 on 64bit BSD systems.

Ilya Shipitsin (1):
      skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto

Lev Stipakov (2):
      Exclude peer-id from pulled options digest
      Fix compilation in pedantic mode

Samuli Sepp辰nen (1):
      Automatically cache expected IPs for t_client.sh on the first run

Steffan Karger (6):
      Fix unittests for out-of-source builds
      Make gnu89 support explicit
      cleanup: remove code duplication in msg_test()
      Update cipher-related man page text
      Limit --reneg-bytes to 64MB when using small block ciphers
      Add a revoked cert to the sample keys

2016.08.23 -- Version 2.3.12
Arne Schwabe (2):
      Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
      Move ASSERT so external-key with OpenSSL works again

David Sommerseth (3):
      Only build and run cmocka unit tests if its submodule is initialized
      Another fix related to unit test framework
      Remove NOP function and callers

Dorian Harmans (1):
      Add CHACHA20-POLY1305 ciphersuite IANA name translations.

Ivo Manca (1):
      Plug memory leak in mbedTLS backend

Jeffrey Cutter (1):
      Update contrib/pull-resolv-conf/client.up for no DOMAIN

Jens Neuhalfen (2):
      Add unit testing support via cmocka
      Add a test for auth-pam searchandreplace

Josh Cepek (1):
      Push an IPv6 CIDR mask used by the server, not the pool's size

Leon Klingele (1):
      Add link to bug tracker

Samuli Sepp辰nen (2):
      Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
      Clarify the fact that build instructions in README are for release tarballs

Selva Nair (4):
      Make error non-fatal while deleting address using netsh
      Make block-outside-dns work with persist-tun
      Ignore SIGUSR1/SIGHUP during exit notification
      Promptly close the netcmd_semaphore handle after use

Steffan Karger (4):
      Fix polarssl / mbedtls builds
      Don't limit max incoming message size based on c2->frame
      Fix '--cipher none --cipher' crash
      Discourage using 64-bit block ciphers

(spz)

Remove left-behind Linux libs, fixes at least Darwin.

(fhajny)

Fix installation on Darwin.

(fhajny)

Expand terminfo handling to depending packages. Fixes lang/clang.

(joerg)

Drop redundant dependency patterns. The normal reduction logic doesn't
work for glob expressions, so multiple generic patterns would not be
reduced.

(joerg)

Fix missing include.

(joerg)

Add missing dependency on py-pdr. Bump revision.

(joerg)

Fix null pointer deref in xml generator. Bump revision.

(joerg)

Note update of security/py-paramiko to 1.18.2.

(he)

Upgrade py-paramiko from 1.15.3 to 1.18.2.

Pkgsrc changes:
Adapt PLIST.

Upstream changes:

1.18.2 2017-02-20
  [Bug] #895: Fix a bug in server-mode concerning multiple interactive
    auth steps (which were incorrectly responded to). Thanks to Dennis
    Kaarsemaker for catch & patch.
  [Bug] #713: (via #714 and #889) Don't pass initialization vectors
    to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
    versions throw an exception otherwise (older ones simply ignored
    this parameter altogether). Thanks to @jmh045000 for report &
    patches.
  [Bug] #44: (via #891) SSHClient now gives its internal Transport
    a handle on itself, preventing garbage collection of the client
    until the session is closed. Without this, some code which returns
    stream or transport objects without the client that generated
    them, would result in premature session closure when the client
    was GCd. Credit: @w31rd0 for original report, Omer Anson for the
    patch.
  [Bug] #862: (via #863) Avoid test suite exceptions on platforms
    lacking errno.ETIME (which seems to be some FreeBSD and some
    Windows environments.) Thanks to Sofian Brabez.
  [Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
    cause TypeError under Python 3. Thanks to Francisco Couzo for
    the report.
  [Support] #866: (also #838) Remove an old test-related file we
    don't support, and add PyPy to Travis-CI config. Thanks to
    Pierce Lopez for the final patch and Pedro Rodrigues for an
    earlier edition.

1.18.1 2016-12-12
  [Bug] #859: (via #860) A tweak to the original patch implementing
    #398 was not fully applied, causing calls to invoke_shell to
    fail with AttributeError. This has been fixed. Patch credit:
    Kirk Byers.

1.18.0 2016-12-09
  [Feature] #398: Add an environment dict argument to
    Client.exec_command (plus the lower level Channel.update_environment
    and Channel.set_environment_variable methods) which implements
    the env SSH message type. This means the remote shell environment
    can be set without the use of VARNAME=value shell tricks,
    provided the server's AcceptEnv lists the variables you need
    to set. Thanks to Philip Lorenz for the pull request.
  [Feature] #780: (also #779, and may help users affected by
    #520) Add an optional timeout parameter to Transport.start_client
    (and feed it the value of the configured connection timeout
    when used within SSHClient.) This helps prevent situations
    where network connectivity isn't timing out, but the remote
    server is otherwise unable to service the connection in a timely
    manner. Credit to @sanseihappa.
  [Support] #819: Document how lacking gmp headers at install
    time can cause a significant performance hit if you build
    PyCrypto from source. (Most system-distributed packages already
    have this enabled.)
  [Support] #854: Fix incorrect docstring/param-list for
    Transport.auth_gssapi_keyex so it matches the real signature.
    Caught by @Score_Under.
  [Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
  [Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.

For pre-1.18.0 changes, see
  http://www.paramiko.org/changelog.html

(he)

Bump PKGREVISION for cups15 -> cups change.

(prlw1)

Switch all cups15 packages to use cups.

(prlw1)

+ tex-qtree

(joerg)

Added print/tex-qtree version 3.1b

(joerg)

Add tex-qtree-3.1b:

The package offers support for drawing tree diagrams, and is especially
suitable for linguistics use. It allows trees to be specified in a simple
bracket notation, automatically calculates branch sizes, and supports
both DVI/PostScript and PDF output by use of pict2e facilities.

(joerg)

fix directory name

(szptvlfn)

Updated textproc/jo to 1.1

(fhajny)

Update textproc/jo to 1.1.

- NEW: type coercion (#55)
- FIX: quotes in quotes and double quotes at begin of string (#47)
- FIX: catch null value in assignmen (#46)
- NEW: support for key:=file.json for reading object values from a file (#43)
- NEW: PPA contributed by Ross Duggan in #32
- FIX: "null" is now handled like we handle "true" and "false"; disable with -B
- NEW: more tests in the test suite

(fhajny)

Updated security/crypto++ to 5.6.5; devel/nasm to 2.13.01

(adam)

Version 2.13.01

Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats.

Fix the address in the list file for an instruction containing a TIMES directive.

Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP.

Fix breakage on some uses of the DZ pseudo-op.

(adam)

Crypto++ 5.6.5

The 5.6.5 release was mostly a maintenance release. The release included two CVE fixes.

The first, CVE-2016-7420, was a procedural finding due to external build systems failing to define NDEBUG for release builds. The gap was the project's failure to tell users to define NDEBUG. The second, CVE-2016-7544, was a potential memory corruption on Windows platforms when using Microsoft compilers due to use of _malloca and _freea.

Due to CVE-2016-7420 and the possibility for an unwanted assert to egress data, users and distros are encouraged to recompile the library and all dependent programs.

(adam)

Updated sysutils/etckeeper to 1.15

(schmonz)

Update to 1.15. From the changelog:

  * Recommend cron-daemon, rather than cron, as etckeeper only needs
    cron.daily functionality. Closes: #762721
  * Handle failure to commit in post-install, pre-install by showing a
    warning, rather than propigating the error to apt.
    This avoids breaking the apt run when eg, git is misconfigured and
    cannot commit.
    pre-install already did this when it was able to use debconf to display a
    message, but now debconf is not used, and it always behaves this way.
    Closes: #760011
  * Ignore check-mk-agent-logwatch's FHS violating
    /etc/check_mk/logwatch.state. Closes: #753903
  * Only allow [-a-z_] in etckeeper commands to avoid any possible directory
    traversal etc issues.
  * update-ignore, uninit: Fix parsing of ignore files containing '\'
  * Portability fixes. Thanks, Harald Dunkel.
  * Add support for pushing to multiple remote repositories.
    Thanks, Rouben.
  * Fix handling of git ignores like dir/*
    Thanks, Pim van den Berg
  * Fix too broad matching of .gitignored files.
    Closes: #732339
  * Remove lvm/backup from default ignores, because lvm
    documentation recommends backing that up, for use by
    vgcfgrestore.
  * Fix exporting of some git variables. Closes: #728583
  * Fix git update-ignore syntax. Closes: #721873
  * Avoid listing .gitignored files in .etckeeper file. Closes: #607665
    Thanks, Zdenek Crha
  * Fix hilarious typo hardcoding my name. Closes: #718425
  * Guard git config calls. Closes: #717957
  * Quote user and group names, in case one contains a space.
  * Added support for the pacman package manager.
    (Thanks, Tiago St端rmer Daitx)
  * Use user.name and user.email from the .gitconfig file belonging to the
    user who sued or sudoed to root, in preference to making up values for
    that user.
  * cron.daily: Fix typo in stale lockfile handling code.
    Closes: #717908
  * Deal with unix^wlinux portability nonsense.

(schmonz)

Updated devel/libatomic_ops to 7.4.6

(adam)

== [7.4.6] 2017-05-18 ==

* Add assertion that double-wide CAS target is aligned (msftc/x86[_64])
* Add configure --enable-gcov option (enable code coverage analysis)
* Code refactoring of gcc/powerpc.h to avoid code duplication
* Eliminate 'cast to long from void*' compiler warning in test_atomic
* Eliminate 'implicit declaration of close' warning in 'strict ANSI' mode
* Eliminate 'missing braces around initializer' gcc warning (hppa)
* Eliminate 'printf format specifies type void*' GCC pedantic warnings
* Eliminate 'value shift followed by expansion' false code defect warning
* Enable limited testing in Makefile.msft without Cygwin
* Fix (delete) comment for AO_and_full (x86)
* Fix block_all_signals compilation in 'strict ANSI' mode
* Fix missing .exe for test filenames in Makefile (MinGW)
* Fix missing printed value names (test_stack)
* Implement fetch-CAS for s390[x] (gcc)
* Move libraries version info to the beginning of Makefile.am
* Refine documentation in Makefile.msft how to run all tests (MS VC)
* Refine README about library downloading
* Rename doc/README.txt to doc/README_details.txt
* Support AIX/ppc (gcc)
* Support CFLAGS_EXTRA to pass extra user-defined compiler flags (make)
* Support n32 ABI for mips64
* Update shared libraries version info for 7.4.6+ (to 1:4:0)
* Use 'inline code' format for commands in README.md
* Use LLD and SCD instructions on mips64
* Workaround 'resource leak' false positives in AO_malloc, add_elements
* Workaround 'uninitialized memory use' MemorySanitizer warning (test_atomic)
Also, includes 7.2h changes

(adam)

Updated devel/gperftools to 2.5; net/py-boto to 2.46.1; textproc/py-sphinx to 1.6.1. Added textproc/py-sphinxcontrib-websupport version 1.0.1

(adam)

Release 1.6.1 (released May 16, 2017)
=====================================

Dependencies
------------

1.6b1

* (updated) latex output is tested with Ubuntu trusty's texlive packages (Feb.
  2014) and earlier tex installations may not be fully compliant, particularly
  regarding Unicode engines xelatex and lualatex
* (added) latexmk is required for ``make latexpdf`` on Unix-like platforms

Incompatible changes
--------------------

1.6b1

* 1061, 2336, 3235: Now generation of autosummary doesn't contain imported
  members by default. Thanks to Luc Saffre.
* LaTeX ``\includegraphics`` command isn't overloaded: only ``\sphinxincludegraphics``
  has the custom code to fit image to available width if oversized.
* The subclasses of ``sphinx.domains.Index`` should override ``generate()``
  method.  The default implementation raises NotImplementedError
* LaTeX positioned long tables horizontally centered, and short ones
  flushed left (no text flow around table.) The position now defaults to center in
  both cases, and it will obey Docutils 0.13 ``:align:`` option (refs 3415, 3377)
* option directive also allows all punctuations for the option name (refs: 3366)
* 3413: if :rst:dir:`literalinclude`'s ``:start-after:`` is used, make ``:lines:``
  relative (refs 3412)
* ``literalinclude`` directive does not allow the combination of ``:diff:``
  option and other options (refs: 3416)
* LuaLaTeX engine uses ``fontspec`` like XeLaTeX. It is advised ``latex_engine
  = 'lualatex'`` be used only on up-to-date TeX installs (refs 3070, 3466)
* :confval:`latex_keep_old_macro_names` default value has been changed from
  ``True`` to ``False``. This means that some LaTeX macros for styling are
  by default defined only with ``\sphinx..`` prefixed names. (refs: 3429)
* Footer "Continued on next page" of LaTeX longtable's now not framed (refs: 3497)
* 3529: The arguments of ``BuildEnvironment.__init__`` is changed
* 3082: Use latexmk for pdf (and dvi) targets (Unix-like platforms only)
* 3558: Emit warnings if footnotes and citations are not referenced.  The
  warnings can be suppressed by ``suppress_warnings``.
* latex made available (non documented) colour macros from a file distributed
  with pdftex engine for Plain TeX. This is removed in order to provide better
  support for multiple TeX engines. Only interface from ``color`` or
  ``xcolor`` packages should be used by extensions of Sphinx latex writer.

(adam)

sphinxcontrib-webuspport provides a Python API to easily integrate Sphinx
documentation into your Web application.

(adam)

Pullup tickets #5412, #5413 and #5429.

(bsiegert)

Pullup tickets #5412 and #5413 - requested by sevan
lang/opendjk8: build fix for FreeBSD

Revisions pulled up:
- lang/openjdk8/Makefile                                        1.49
- lang/openjdk8/distinfo                                        1.47
- lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh 1.12
- lang/openjdk8/patches/patch-jdk_make_lib_Awt2dLibraries.gmk  1.3
- lang/openjdk8/patches/patch-jdk_make_lib_CoreLibraries.gmk    1.3
- lang/openjdk8/patches/patch-jdk_make_lib_ServiceabilityLibraries.gmk 1.1
- mk/java-vm.mk                                                1.109

---
  Module Name:    pkgsrc
  Committed By:  ryoon
  Date:          Wed May 10 13:59:57 UTC 2017

  Modified Files:
          pkgsrc/lang/openjdk8/patches:
              patch-common_autoconf_generated-configure.sh

  Log Message:
  Ignore alsa on FreeBSD too

---
  Module Name:    pkgsrc
  Committed By:  ryoon
  Date:          Wed May 10 14:01:58 UTC 2017

  Modified Files:
          pkgsrc/lang/openjdk8: Makefile distinfo
          pkgsrc/lang/openjdk8/patches: patch-jdk_make_lib_Awt2dLibraries.gmk
              patch-jdk_make_lib_CoreLibraries.gmk
  Added Files:
          pkgsrc/lang/openjdk8/patches:
              patch-jdk_make_lib_ServiceabilityLibraries.gmk

  Log Message:
  Fix build with converters/libiconv and update distinfo for previous

---
  Module Name:    pkgsrc
  Committed By:  ryoon
  Date:          Wed May 10 14:04:31 UTC 2017

  Modified Files:
          pkgsrc/mk: java-vm.mk

  Log Message:
  lang/openjdk8 works under FreeBSD/amd64 10.3

(bsiegert)

Added net/daq version 2.0.6

(nils)

Add and enable net/daq.

(nils)

Initial import of daq, version 2.0.6, into pkgsrc.

Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The
DAQ replaces direct calls to libpcap functions with an abstraction layer that
facilitates operation on a variety of hardware and software interfaces without
requiring changes to Snort. It is possible to select the DAQ type and mode
when invoking Snort to perform pcap readback or inline operation, etc.  The
DAQ library may be useful for other packet processing applications and the
modular nature allows you to build new modules for other platforms.

(nils)

Pullup ticket #5429 - requested by kim
net/wget: security fix

Revisions pulled up:
- net/wget/Makefile                                            1.135
- net/wget/distinfo                                            1.54

---
  Module Name:    pkgsrc
  Committed By:  kim
  Date:          Mon May 15 05:10:09 UTC 2017

  Modified Files:
          pkgsrc/net/wget: Makefile distinfo

  Log Message:
  Add a patch for CVE-2017-6508 from upstream.

(bsiegert)

Changes 2.46.1:
Fixes a bug where a recently added module was not added to setup.py.

(adam)

Changes 2.5:

Here are major changes since 2.4:

* we've moved to github!

* Bryan Chan has contributed s390x support

* stacktrace capturing via libgcc's _Unwind_Backtrace was implemented
  (for architectures with missing or broken libunwind).

* "emergency malloc" was implemented. Which unbreaks recursive calls
  to malloc/free from stacktrace capturing functions (such us glib'c
  backtrace() or libunwind on arm). It is enabled by
  --enable-emergency-malloc configure flag or by default on arm when
  --enable-stacktrace-via-backtrace is given. It is another fix for a
  number common issues people had on platforms with missing or broken
  libunwind.

* C++14 sized-deallocation is now supported (on gcc 5 and recent
  clangs). It is off by default and can be enabled at configure time
  via --enable-sized-delete. On GNU/Linux it can also be enabled at
  run-time by either TCMALLOC_ENABLE_SIZED_DELETE environment variable
  or by defining tcmalloc_sized_delete_enabled function which should
  return 1 to enable it.

* we've lowered default value of transfer batch size to 512. Previous
  value (bumped up in 2.1) was too high and caused performance
  regression for some users. 512 should still give us performance
  boost for workloads that need higher transfer batch size while not
  penalizing other workloads too much.

* Brian Silverman's patch finally stopped arming profiling timer
  unless profiling is started.

* Andrew Morrow has contributed support for obtaining cache size of the
  current thread and softer idling (for use in MongoDB).

* we've implemented few minor performance improvements, particularly
  on malloc fast-path.

(adam)

Updated databases/redis to 3.2.9

(fhajny)

Update databases/redis to 3.2.9.

Just minor bugfixes, see release notes:

https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES

(fhajny)

Added sysutils/rsyslog-kafka version 8.27.0

(fhajny)

Import sysutils/rsyslog-kafka 8.27.0.

This package contains the Apache Kafka input/output modules.

(fhajny)

Update sysutils/rsyslog to 8.27.0

Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
  * optionally emit an error message if incoming messages are truncated
  * optionally emit connection tracking message (on connection create and
    close)
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * improve octect-counted mode detection: if the octet count is larger
    then the set frame size (or overly large in general), it is now
    assumed that octet-stuffing mode is used. This probably solves a
    number of issues seen in real deployments.
- imtcp enhancements:
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
  for configured non-existing file.
- imfile: in inotify mode, add error message if configured file cannot
  be found
- imfile: add parameter "fileNotFoundError" to optinally disable
  "file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
- omkafka: add "origin" field to stats output
- imuxsock: rate-limiting also uses process name
  both for the actual limit procesing as well as warning messages emitted
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
- build now works on solaris again
- imfile: fix cross-platform build issue
- bugfix core: segfault when no parser could parse message
- bugfix core: rate-limit internal messages when going to external log system
- bugfix core: when obtaining local hostname, a NULL pointer could be
  accessed.
- bugfix core: on shutdown, stderr was written to, even if alrady closed
- bugfix core: perform MainqObj destruction only when not NULL already
- bugfix core: memory leak when internal messages not processed internally
- bugfix imptcp: potential overflow in octet count computation
  when a very large octet count was specified, the counter could overflow

(fhajny)

Updated devel/ocaml-js-build-tools to 113.33.04nb3

(jperkin)

Bump PKGREVISION for SunOS md5sum fix.

(jperkin)

Use native digest command for md5 generation on SunOS.

(jperkin)

update URL

(szptvlfn)

Consolidate setting of SSP flags now that multiple compilers support it.

(jperkin)

Note update of security/gnutls to 3.5.12.

(he)

Update to GnuTLS 3.5.12.

Pkgsrc changes:
Adapt PLIST.

Upstream changes:

* Version 3.5.12 (released 2017-05-11)

** libgnutls: enabled TCP Fast open for MacOSX. Patch by Tim Ruehsen.

** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses
  against DNS fields of certificate (CN or DNSname). The previous behavior
  was to tolerate some misconfigured servers, but that was non-standard
  and skipped any IP constraints present in higher level certificates.

** libgnutls: when converting to IDNA2008, fallback to IDNA2003
  (i.e., transitional encoding) if the domain cannot be converted.
  That provides maximum compatibility with browsers like firefox
  that perform the same conversion.

** libgnutls: fix issue in RSA-PSK client callback which resulted
  in no username being sent to the peer. Patch by Nicolas Dufresne.

** libgnutls: fix regression causing stapled extensions in trust modules not
  to be considered.

** certtool: introduced the email_protection_key option.  This
  option was introduced in documentation for certtool without an
  implementation of it.  It is a shortcut for option 'key_purpose_oid
  = 1.3.6.1.5.5.7.3.4'.

** certtool: made printing of key ID and key PIN consistent between
  certificates, public keys, and private keys. That is the private
  key printing now uses the same format as the rest.

** gnutls-cli: introduced the --sni-hostname option. This allows overriding the
  hostname advertised to the peer.

** API and ABI modifications:
No changes since last version.

* Version 3.5.11 (released 2017-04-07)

** gnutls.pc: do not include libtool options into Libs.private.

** libgnutls: Fixed issue when rehandshaking without a client certificate in
  a session which initially used one. Reported by Frantisek Sumsal.

** libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP
  certificate parsing. Issues found using oss-fuzz project and were fixed
  by Alex Gaynor:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824

** libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access.
  That allows PKCS#11 operations such as signing to be performed with the
  same object from multiple threads.

** libgnutls: Added support for MacOSX key chain for obtaining
  trust store's root CA certificates. That is,
  gnutls_x509_trust_list_add_system_trust() and
  gnutls_certificate_set_x509_system_trust() will load the certificates
  from the key chain. That also means that we no longer check for a
  default trust store file in configure when building on MacOSX (unless
  explicitly asked to).  Patch by David Caldwell.

** libgnutls: when disabling OpenPGP authentication, the resulting library
  is ABI compatible (with openpgp related functions being stubs that fail
  on invocation).

** API and ABI modifications:
No changes since last version.

* Version 3.5.10 (released 2017-03-06)

** gnutls.pc: do not include libidn2 in Requires.private. The
  libidn2 versions available do not include libidn2.pc, thus the
  inclusion was causing pkg-config issues. Instead we include
  -lidn2 in Libs.private when compile against libidn2.

** libgnutls: optimized access to subject alternative names (SANs)
  in parsed certificates. The previous implementation assumed a
  small number of SANs in a certificate, with repeated calls to
  ASN.1 decoding of the extension without any intermediate caching.
  That caused delays in certificates with a long list of names in
  functions such as gnutls_x509_crt_check_hostname().  With the
  current code, the SANs are parsed once on certificate import.
  Resolves gitlab issue #165.

** libgnutls: Addressed integer overflow resulting to invalid memory
  write in OpenPGP certificate parsing. Issue found using oss-fuzz
  project:  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
  [GNUTLS-SA-2017-3A]

** libgnutls: Addressed read of 1 byte past the end of buffer in OpenPGP
  certificate parsing. Issue found using oss-fuzz project:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

** libgnutls: Addressed crashes in OpenPGP certificate parsing, related
  to private key parser. No longer allow OpenPGP certificates (public keys)
  to contain private key sub-packets. Issue found using oss-fuzz project:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 [GNUTLS-SA-2017-3B]

** libgnutls: Addressed large allocation in OpenPGP certificate parsing, that
  could lead in out-of-memory condition. Issue found using oss-fuzz project,
  and was fixed by Alex Gaynor:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 [GNUTLS-SA-2017-3C]

** libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
  when printing certificate information.

** libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify()
  flags can be set from the gnutls_certificate_verify_flags enumeration.
  This allows the functions to pass the same flags available for certificates
  to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or
  GNUTLS_VERIFY_ALLOW_BROKEN).

** libgnutls: gnutls_store_commitment() can accept flag
  GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate
  in applications which use SHA1 for example, after SHA1 is deprecated.

** certtool: No longer ignore the 'add_critical_extension' template option if
  the 'add_extension' option is not present.

** gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the
  starttls-proto command. Patch by Robert Scheck.

** API and ABI modifications:
No changes since last version.

(he)

Use pkgsrc install scripts. Fixes installation on SunOS. Enable test target.

(fhajny)

Updated devel/py-filechunkio to 1.8

(adam)

Changes 1.8:
Bug fixes

(adam)

Register support for SSP on FreeBSD and clang (on x86 architectures)

Support for SSP (Stack-Smashing Protection) is optional so this should not
affect default builds.

Tested on FreeBSD/amd64 (10.3-RELEASE-p11)

(khorben)

Hm, this got overlooked in previous:
Fix for CVE-2017-8362, ref.
https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

(he)