Updated www/ruby-unicorn to 5.3.0

(wen)

Update to 5.3.0

Upstream changes:
unicorn 5.3.0 / 2017-04-01 08:03 UTC

A couple of portability fixes from Dylan Thacker-Smith and
Jeremy Evans since 5.3.0.pre1 over a week ago, but this looks
ready for a stable release, today.

When I started this over 8 years ago, I wondered if this would
just end up being an April Fools' joke.  Guess not.  I guess I
somehow tricked people into using a terribly marketed web server
that cannot talk directly to untrusted clients :x  Anyways,
unicorn won't be able to handle slow clients 8 years from now,
either, or 80 years from now.  And I vow never to learn to use
new-fangled things like epoll, kqueue, or threads :P

Anyways, this is a largish release with several new features,
and no backwards incompatibilities.

Simon Eskildsen contributed heavily using TCP_INFO under Linux
to implement the (now 5 year old) check_client_connection feature:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-check_client_connection
  https://bogomips.org/unicorn-public/?q=s:check_client_connection&d:..20170401&x=t

This also led to FreeBSD and OpenBSD portability improvements in
one of our dependencies, raindrops:

  https://bogomips.org/raindrops-public/20170323024829.GA5190@dcvr/T/#u

Jeremy Evans contributed several new features.  First he
implemented after_worker_exit to aid debugging:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-after_worker_exit
  https://bogomips.org/unicorn-public/?q=s:after_worker_exit&d:..20170401&x=t#t

And then security-related features to isolate workers.  Workers
may now chroot to drop access to the master filesystem, and the
new after_worker_ready configuration hook now exists to aid with
chroot support in workers:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-after_worker_ready
  https://bogomips.org/unicorn/Unicorn/Worker.html#method-i-user
  https://bogomips.org/unicorn-public/?q=s:after_worker_ready&d:..20170401&x=t#t
  https://bogomips.org/unicorn-public/?q=s:chroot&d:..20170401&x=t#t

Additionally, workers may run in a completely different VM space
(nullifying preload_app and any CoW savings) with the new
worker_exec option:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-worker_exec
  https://bogomips.org/unicorn-public/?q=s:worker_exec&d:..20170401&x=t#t

There are also several improvements to FreeBSD and OpenBSD
support with the addition of these features.

shortlog of changes since v5.2.0 (2016-10-31):

Dylan Thacker-Smith (1):
      Check for Socket::TCP_INFO constant before trying to get TCP_INFO

Eric Wong (30):
      drop rb_str_set_len compatibility replacement
      TUNING: document THP caveat for Linux users
      tee_input: simplify condition for IO#write
      remove response_start_sent
      http_request: freeze constant strings passed IO#write
      Revert "remove response_start_sent"
      t/t0012-reload-empty-config.sh: access ivars directly if needed
      t0011-active-unix-socket.sh: fix race condition in test
      new test for check_client_connection
      revert signature change to HttpServer#process_client
      support "struct tcp_info" on non-Linux and Ruby 2.2+
      unicorn_http: reduce rb_global_variable calls
      oob_gc: rely on opt_aref_with optimization on Ruby 2.2+
      http_request: reduce insn size for check_client_connection
      freebsd: avoid EINVAL when setting accept filter
      test-lib: expr(1) portability fix
      tests: keep disabled tests defined
      test_exec: SO_KEEPALIVE value only needs to be true
      doc: fix links to raindrops project
      http_request: support proposed Raindrops::TCP states on non-Linux
      ISSUES: expand on mail archive info + subscription disclaimer
      test_ccc: use a pipe to synchronize test
      doc: remove private email support address
      input: update documentation and hide internals.
      http_server: initialize @pid ivar
      gemspec: remove olddoc from build dependency
      doc: add version annotations for new features
      unicorn 5.3.0.pre1
      doc: note after_worker_exit is also 5.3.0+
      test_exec: SO_KEEPALIVE value only needs to be true (take #2)

Jeremy Evans (7):
      Add after_worker_exit configuration option
      Fix code example in after_worker_exit documentation
      Add support for chroot to Worker#user
      Add after_worker_ready configuration option
      Add worker_exec configuration option
      Don't pass a block for fork when forking workers
      Check for SocketError on first ccc attempt

Simon Eskildsen (1):
      check_client_connection: use tcp state on linux

unicorn 5.3.0.pre1 / 2017-03-24 00:25 UTC

A largish release with several new features.

Simon Eskildsen contributed heavily using TCP_INFO under Linux
to implement the (now 5 year old) check_client_connection feature:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-check_client_connection
  https://bogomips.org/unicorn-public/?q=s:check_client_connection&d:..20170324&x=t

This also led to FreeBSD and OpenBSD portability improvements in
one of our dependencies, raindrops:

  https://bogomips.org/raindrops-public/20170323024829.GA5190@dcvr/T/#u

Jeremy Evans contributed several new features.  First he
implemented after_worker_exit to aid debugging:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-after_worker_exit
  https://bogomips.org/unicorn-public/?q=s:after_worker_exit&d:..20170324&x=t#t

And then security-related features to isolate workers.  Workers
may now chroot to drop access to the master filesystem, and the
new after_worker_ready configuration hook now exists to aid with
chroot support in workers:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-after_worker_ready
  https://bogomips.org/unicorn/Unicorn/Worker.html#method-i-user
  https://bogomips.org/unicorn-public/?q=s:after_worker_ready&d:..20170324&x=t#t
  https://bogomips.org/unicorn-public/?q=s:chroot&d:..20170324&x=t#t

Additionally, workers may run in a completely different VM space
(nullifying preload_app and any CoW savings) with the new
worker_exec option:

  https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-worker_exec
  https://bogomips.org/unicorn-public/?q=s:worker_exec&d:..20170324&x=t#t

There are also several improvements to FreeBSD and OpenBSD
support with the addition of these features.

34 changes since 5.2.0 (2016-10-31):

Eric Wong (27):
      drop rb_str_set_len compatibility replacement
      TUNING: document THP caveat for Linux users
      tee_input: simplify condition for IO#write
      remove response_start_sent
      http_request: freeze constant strings passed IO#write
      Revert "remove response_start_sent"
      t/t0012-reload-empty-config.sh: access ivars directly if needed
      t0011-active-unix-socket.sh: fix race condition in test
      new test for check_client_connection
      revert signature change to HttpServer#process_client
      support "struct tcp_info" on non-Linux and Ruby 2.2+
      unicorn_http: reduce rb_global_variable calls
      oob_gc: rely on opt_aref_with optimization on Ruby 2.2+
      http_request: reduce insn size for check_client_connection
      freebsd: avoid EINVAL when setting accept filter
      test-lib: expr(1) portability fix
      tests: keep disabled tests defined
      test_exec: SO_KEEPALIVE value only needs to be true
      doc: fix links to raindrops project
      http_request: support proposed Raindrops::TCP states on non-Linux
      ISSUES: expand on mail archive info + subscription disclaimer
      test_ccc: use a pipe to synchronize test
      doc: remove private email support address
      input: update documentation and hide internals.
      http_server: initialize @pid ivar
      gemspec: remove olddoc from build dependency
      doc: add version annotations for new features

Jeremy Evans (6):
      Add after_worker_exit configuration option
      Fix code example in after_worker_exit documentation
      Add support for chroot to Worker#user
      Add after_worker_ready configuration option
      Add worker_exec configuration option
      Don't pass a block for fork when forking workers

Simon Eskildsen (1):
      check_client_connection: use tcp state on linux

(wen)

Updated devel/p5-Clone to 0.39
Updated devel/p5-Devel-CheckLib to 1.10
Updated devel/p5-App-cpanminus to 1.7043
Updated devel/p5-B-Hooks-Parser to 0.19
Updated devel/p5-Module-Install to 1.18
Updated devel/p5-Module-Build to 0.42220
Updated devel/p5-Log-Any to 1.04.9
Updated devel/p5-Devel-Declare to 0.006019
Updated devel/p5-POE-Component-Pluggable to 1.28

(mef)

Updated devel/p5-POE-Component-Pluggable to 1.28
------------------------------------------------
version 1.28 at 2017-02-20 13:37:38 +0000
    Convert dist to Dist::Zilla

(mef)

Updated devel/p5-Clone to 0.39
------------------------------
0.39 2017-04-07 13:06:00  garu
  - use explicit '.' in tests since it may not be in @INC
    anymore in newer perls (fixes RT120648) (PLICEASE, SIMCOP)

(mef)

Updated devel/p5-Devel-CheckLib to 1.10
---------------------------------------
1.10    2017-04-08      Remove link options from @ldflags.
                        Use Mock::Config.

(mef)

Updated devel/p5-App-cpanminus to 1.7043
----------------------------------------
1.7043  2017-04-02 20:56:06 PDT
  [Improvements]
      - Set PERL_USE_UNSAFE_INC for 5.26+ (haarg) #521
      - Strictly match module NAME in Bundle

(mef)

Updated devel/p5-B-Hooks-Parser to 0.19
---------------------------------------
0.19    2017-04-04 19:35:08Z
  - re-release 1.18 as stable (fixes compile issues on recent blead releases)

0.18    2016-08-30 00:24:10Z (TRIAL RELEASE)
  - avoid use of sub_inwhat (RT#116685; see also RT#102918 and perl RT#123865)

(mef)

Updated devel/p5-Module-Install to 1.18
---------------------------------------
1.18  2017-04-04
  - fix tests to no longer rely on . being in @INC (Graham Ollis, PR#58)

(mef)

Updated devel/p5-Module-Build to 0.42220
----------------------------------------
0.4222 - Thu Mar 30 15:40:10 CEST 2017
  - Released 0.42_21 as 0.4222

0.42_21 - Wed Mar 22 19:04:02 CET 2017
  - Include relative path for do in Build/Makefile.PL will function
    without . in @INC [Todd Rinaldo]
  - Remove use deprecate [Graham Knop]
0.42

(mef)

Updated devel/p5-Log-Any from 1.04.5 to 1.04.9
----------------------------------------------
1.049    2017-03-28 16:02:10-05:00 America/Chicago
    [Fixed]
    - Fixed failing tests on Windows because of path separator
      interpolation. Thanks @nanis [Github #56]

    - Added explicit core dependency on Sys::Syslog in case of Perls
      with non-standard core libraries. Thanks @nanis [Github #57]

1.048    2017-03-27 15:16:12-05:00 America/Chicago
    - No changes since 1.047 trial release

1.047    2017-03-22 20:22:47-05:00 America/Chicago (TRIAL RELEASE)
    [Fixed]
    - Fixed backwards-compatibility with users using the Unix::Syslog
      macros in Log::Any::Adapter::Syslog. This requires that the user
      have Unix::Syslog installed (which Log::Any does not explicitly
      depend on).

    - Log level aliases are now case-insensitive to match the regular
      log levels. Prior to this, "WARNING", "Warning", and "warning"
      would all work, but "WARN", and "Warn" would not, only "warn".
      Thanks to @0x62ash for reporting this issue. [Github #55]

    - Invalid log levels for the File, Stderr, and Stdout adapters now
      result in a warning, and the default level of "trace" is used.
      Previously, no warning would be issued and no logs would be
      generated. Thanks to @0x62ash for reporting this issue. [Github
      #55]

1.046    2017-01-11 21:22:57-06:00 America/Chicago (TRIAL RELEASE)
    [Added]
    - The Syslog adapter is now part of the core distribution, since it
      relies only on core Perl modules.

(mef)

Updated devel/p5-Devel-Declare to 0.006019
------------------------------------------
0.006019 - 2017-03-28
  - added deprecated flag to metadata. No deprecation warning is given at
    runtime... for now...
  - added "WARNING" section in pod, advising the deprecated status of this
    module

(mef)

+ BUILD_DEPENDS+= p5-Email-MIME-RFC2047-[0-9]*, for make test

(mef)

Added mail/p5-Email-MIME-RFC2047 version 0.95

(mef)

Import Email-MIME-RFC2047-0.95 as mail/p5-Email-MIME-RFC2047.

This module encodes non-ASCII text for MIME email message headers
according to RFC 2047.

(mef)

Updated www/mediawiki to 1.18.1

(wen)

Update to 1.18.1

Upstream changes:
MediaWiki 1.28.1
Changes since 1.28.0

    $wgRunJobsAsync is now false by default (T142751). This change only affects wikis with $wgJobRunRate > 0.
    Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki has more than one database server setup.
    (T152717) Better escaping for PHP mail() command
    (T154670) A missing method causing the MySQL installer to fatal in rare circumstances was restored.
    (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
    (T158766) Avoid SQL error on MSSQL when using selectRowCount()
    (T145635) Fix too long index error when installing with MSSQL
    (T156184) $wgRawHtml will no longer apply to internationalization messages.
    (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is installed.
    (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 installs.
    (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow redirect to interwiki links.
    (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when $wgAdvancedSearchHighlighting is true.
    (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep their values out of the logs.
    (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a CSRF token.
    (T156184) SECURITY: Escape content model/format url parameter in message.
    (T151735) SECURITY: SVG filter evasion using default attribute values in DTD declaration.
    (T161453) SECURITY: LocalisationCache will no longer use the temporary directory in it's fallback chain when trying to work out where to write the cache.
    (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion syntax's link parameter.

(wen)

+ eagle-8.1.0

(mef)

Updated cad/gtkwave to 3.3.80

(mef)

Updated cad/gtkwave to 3.3.80
-----------------------------
3.3.80  17mar17 Added "/View/Mouseover Copies To Clipboard" menu option to
                allow copying values into the clipboard so they can be pasted
                into text editors, etc.

(mef)

Updated cad/qcad to 3.16.7.0

(mef)

Updated cad/qcad to 3.16.7.0
----------------------------
3.16.7 (2017/03/21)
    Bug fixes:
        FS#1560 - Main menu not selectable (Ubuntu 16.04, Unity)
        FS#1561 - Edit > Drawing Preferences: menu missing (macOS, French locale)

(mef)

Updated devel/py-txaio to 2.6.2; www/py-autobahn to 0.18.1

(adam)

Changes 0.18.1:
Bug fixes.

(adam)

Changes 2.6.2:
Bug fixes.

(adam)

Updated security/py-asn1-modules to 0.0.8

(adam)

Revision 0.0.8
- Wheel distribution format now supported
- Fix to misspelled rfc2459.id_at_sutname variable
- Fix to misspelled rfc2459.NameConstraints component tag ID
- Fix to misspelled rfc2459.GeneralSubtree component default status

(adam)

Updated www/py-urllib3 to 1.20

(adam)

Changes 1.20:
Added support for waiting for I/O using selectors other than select, improving urllib3窶冱 behaviour with large numbers of concurrent connections. (Pull 1001)
Updated the date for the system clock check. (Issue 1005)
ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue 1032)
Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull 1063)
Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue 1044)
Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull 1039)
Fix some bugs that occur when modules incautiously patch the queue module. (Pull 1061)
Prevent retries from occuring on read timeouts for which the request method was not in the method whitelist. (Issue 1059)
Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don窶冲 need it. (Pull 1076)
Add support for IPv6 literals with zone identifiers. (Pull 1013)
Added support for socks5h:// and socks4a:// schemes when working with SOCKS proxies, and controlled remote DNS appropriately. (Issue 1035)

(adam)

pullups 5246, 5250, 5251 (=5239) and 5253

(spz)

Pullup ticket #5252 - requested by joerg
www/py-django: security update

Revisions pulled up:
- www/py-django/Makefile                                      patch
- www/py-django/distinfo                                      patch

(spz)

Removed misc/ruby-descendants_tracker

(tsutsui)

Remove ruby-descendants_tracker package.

The upstream github has not been updated for three years and
the only user net/ruby-twitter gem no longer requires this one.
Ok by @taca.

(tsutsui)

Pullup ticket #5251 - requested by bsiegert
devel/golint: build fix

Revisions pulled up:
- devel/golint/Makefile                                        1.7
- devel/golint/PLIST                                            1.2
- devel/golint/distinfo                                        1.2

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Tue Apr  4 16:16:20 UTC 2017

  Modified Files:
  pkgsrc/devel/golint: Makefile PLIST distinfo

  Log Message:
  Update golint to 20170228.

  Fix build with go-tools-1.8. The previous version of the package depended
  on a Go package that was removed from go-tools a year ago:

  https://groups.google.com/forum/#!topic/golang-announce/qu_rAphYdxY

  To generate a diff of this commit:
  cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/golint/Makefile
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/golint/PLIST \
      pkgsrc/devel/golint/distinfo

(spz)

Update HOMEPAGE.

(schmonz)

Remove dependency on sysutils/checkpassword. In the default install it's
used only for qmail-pop3d, which is likely not being used much anymore.
Other installs might need a different implementation of checkpassword
anyhow. And this implementation is not (yet?) in the public domain, so
it's blocking us from publishing binary packages of qmail.

Unless (until?) sysutils/checkpassword becomes "public-domain", it
remains under "djb-nonlicense". If you continue to need it, since you've
already accepted the nonlicense, simply install it directly.

I believe this package and all its remaining dependencies are now in
DEFAULT_ACCEPTABLE_LICENSES. Bump PKGREVISION.

(schmonz)

dbus is optional in gajim.

(riastradh)

Pullup ticket #5250 - requested by bsiegert
net/rabbitmq: security update

Revisions pulled up:
- net/rabbitmq/Makefile                                        1.29
- net/rabbitmq/distinfo                                        1.33

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: fhajny
  Date: Thu Mar 30 15:19:04 UTC 2017

  Modified Files:
  pkgsrc/net/rabbitmq: Makefile distinfo

  Log Message:
  Update net/rabbitmq to 3.6.9.

  Management and Management Agent Plugins
  - Security Vulnerability Patches
    - CVE-2017-4965: XSS vulnerabilities in management UI
    - CVE-2017-4966: authentication details are stored in browser-local
      storage without expiration
    - CVE-2017-4967: XSS vulnerabilities in management UI
  - Bug Fixes
    - Certain TCP and TLS listener configuration settings could break
      JSON serialisation of GET /api/overview responses.

  Federation Plugin
  - More numerical types are now handled for the "hops" property.

  .NET Client
  - Calling ExchangeBind more than once with the same arguments threw an
    exception.

  To generate a diff of this commit:
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/net/rabbitmq/Makefile
  cvs rdiff -u -r1.32 -r1.33 pkgsrc/net/rabbitmq/distinfo

(spz)

When DJB_RESTRICTED=YES (true by default in djbware.mk), LICENSE=djb-nonlicense.

(schmonz)

Pullup ticket #5246 - requested by sevan
sysutils/collectd: security update

Revisions pulled up:
- sysutils/collectd/Makefile                                    1.21
- sysutils/collectd/distinfo                                    1.35
- sysutils/collectd/patches/patch-src_network.c                1.5

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  fhajny
  Date:          Thu Apr  6 09:12:02 UTC 2017

  Modified Files:
          pkgsrc/sysutils/collectd: Makefile distinfo
  Added Files:
          pkgsrc/sysutils/collectd/patches: patch-src_network.c

  Log Message:
  Backport fix for CVE-2017-7401. Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/sysutils/collectd/Makefile
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/collectd/distinfo
  cvs rdiff -u -r0 -r1.5 pkgsrc/sysutils/collectd/patches/patch-src_network.c

(spz)

Updated cad/klayout to 0.24.10

(mef)

(mef)

Remove variables that have default values.

(wiz)

+ ng-spice-26

(mef)

Updated cad/py-gds to 1.1.2

(mef)

Updated cad/py-gds to 1.1.2
---------------------------
### Version 1.1.2 (Mar 19, 2017)
* Update clipper library to 6.4.2 to fix bugs introduced in the last update.
* License change to Boost Software License v1.0.

(pkgsrc changes)
- LICENSE converted to boost-license as noted above

(mef)

adding patch for XSA-212 from upstream
(http://xenbits.xen.org/xsa/advisory-212.html)

(spz)

add patch for XSA-212 from upstream
(http://xenbits.xen.org/xsa/advisory-212.html)

(spz)

Updated security/py-asn1 to 0.2.3; www/py-uwsgi to 2.0.15

(adam)

uWSGI 2.0.15
Maintenance release

Issues
Unfortunately there are still 2 unfixed long standing bugs in this release:
* suwsgi protocol behind nginx does not work reliably when a request body is sent by the client (https://github.com/unbit/uwsgi/issues/1490). As we cannot reproduce it in uWSGI itself, we will start checking in the nginx module too
* There are reports of the 窶徂oly窶� wsgi env allocator crashing on specific conditions, this release includes a bunch of workarounds but they could not be enough

Changes
* workaround for the holy allocator for avoiding crashes with newrelic (see Issues notes)
* avoid time overflow in request logs during (even minimal) clock skew
* fixed python logger with python3
* fixed catch-exceptions with python3
* backported 窶彭on窶冲 clone $env->{窶湾sgix.io窶凩 on 窶榔SGI cancel窶吮��
* added support for authentication in the redis logger
* added the spinningfifo action hook to the core
* fixed compilation with php 7.1
* correctly returns error code 22 in lazy_apps + master_mode
* fixed compilation for OpenSSL 1.1
* Add a 窶都kip-atexit-teardown option to skip perl/python teardown
* fixed static file serving over https-socket

(adam)

add patch for XSA-212 from upstream
(http://xenbits.xen.org/xsa/advisory-212.html)

(spz)

Revision 0.2.3, released 25-02-2017
-----------------------------------
- Improved SEQUENCE/SET/CHOICE decoding performance by maintaining a single shared
  NamedType object for all instances of SEQUENCE/SET object.
- Improved INTEGER encoding/decoding by switching to Python's built-in
  integer serialization functions.
- Improved BitString performance by rebasing it onto Python int type and leveraging
  fast Integer serialization functions.
- BitString type usability improved in many ways: for example bitshifting and
  numeric operation on BitString is now possible.
- Minor ObjectIdentifier type performance optimization.
- ASN.1 character types refactored to keep unicode contents internally
  (rather than serialized octet stream) and duck-type it directly.
- ASN.1 OctetString initialized from a Python object performs bytes()
  on it when running on Python 3 (used to do str() which is probably
  less logical).
- Missing support for NoValue.__sizeof__ added.
- Added checks to make sure SEQUENCE/SET components being assigned
  match the prototypes.
- Setter methods for constructed types consistently accept matchTags
  and matchConstraints flags to control the strictness of inner
  components compatibility verification. Previously, these checks
  were tied to verifyConstraints flag, now they are all independent.
- General documentation improvements here and there.
- Fix to __reversed__() magic to make it returning an iterator.
- Test suite simplified and unified.
- The __all__ variable added to most of the Python modules.
- The "test" directory renamed into "tests" not to collide with
  the "test" module.

(adam)

Updated net/samba4 to 4.6.2

(ryoon)

Update to 4.6.2

* Use internal heimdal

Changelog:
Changes since 4.6.1:
--------------------

o  Jeremy Allison <jra@samba.org>
  * BUG 12721: Fix regression with "follow symlinks = no".

Changes since 4.6.0:
--------------------

o  Jeremy Allison <jra@samba.org>
  * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
    directory.

o  Ralph Boehme <slow@samba.org>
  * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share
    directory.

CHANGES SINCE 4.6.0rc4
======================

o  Jeremy Allison <jra@samba.org>
  * BUG 12592: Fix several issues found by covscan.
  * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
    queue is drained.

o  Ralph Boehme <slow@samba.org>
  * BUG 12427: vfs_fruit doesn't work with fruit:metadata=stream.
  * BUG 12526: vfs_fruit: Only veto AppleDouble files if "fruit:resource" is
    set to "file".
  * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.

o  Volker Lendecke <vl@samba.org>
  * BUG 12612: Re-enable token groups fallback.

o  Stefan Metzmacher <metze@samba.org>
  * BUG 9048: Samba4 ldap error codes.
  * BUG 12557: gensec:spnego: Add debug message for the failed principal.
  * BUG 12605: s3:winbindd: Fix endless forest trust scan.
  * BUG 12612: winbindd: Find the domain based on the sid within
    wb_lookupusergroups_send().

o  Andreas Schneider <asn@samba.org>
  * BUG 12557: s3:librpc: Handle gss_min in gse_get_client_auth_token()
    correctly.
  * BUG 12582: idmap_hash: Add a deprecation message, improve the idmap_hash
    manpage.
  * BUG 12592: Fix several issues found by covscan.

o  Martin Schwenke <martin@meltin.net>
  * BUG 12592: ctdb-logging: CID 1396883 Dereference null return value
    (NULL_RETURNS).

CHANGES SINCE 4.6.0rc3
======================

o  Jeremy Allison <jra@samba.org>
  * BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType".
  * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.

o  Ralph Boehme <slow@samba.org>
  * BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.
  * BUG 12536: s3/smbd: Check for invalid access_mask
    smbd_calculate_access_mask().
  * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.

o  Amitay Isaacs <amitay@gmail.com>
  * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
  * BUG 12595: build: Fix generation of CTDB manpages while creating tarball.

o  Bryan Mason <bmason@redhat.com>
  * BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if
    AUTH_INFO_REQUIRED is not set or is not "negotiate".

o  Stefan Metzmacher <metze@samba.org>
  * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
    against trusted domains.
  * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
    trust password.
  * BUG 12585: librpc/rpc: fix regression in
    NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
  * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
    netr_LogonSamLogonEx.
  * BUG 12587: winbindd child segfaults on connect to an NT4 domain.
  * BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK
    with a valid tree connect.
  * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
    while it shouldn't.
  * BUG 12601: Backport pytalloc_GenericObject_reference() related changes to
    4.6.

o  Garming Sam <garming@catalyst.net.nz>
  * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
    alive.

o  Andreas Schneider <asn@samba.org>
  * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().

o  Martin Schwenke <martin@meltin.net>
  * BUG 12589: CTDB statd-callout does not cause grace period when
    CTDB_NFS_CALLOUT="".
  * BUG 12595: ctdb-build: Fix RPM build.

CHANGES SINCE 4.6.0rc2
======================

o  Jeremy Allison <jra@samba.org>
  * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
  * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
    the same path as streams_xattr_recheck().
  * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.

o  Andrew Bartlett <abartlet@samba.org>
  * BUG 12543: samba-tool: Correct handling of default value for use_ntvfs and
    use_xattrs.
  * BUG 12573: Samba < 4.7 does not know about compatibleFeatures and
    requiredFeatures.
  * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
    rename.

o  Ralph Boehme <slow@samba.org>
  * BUG 12184: s3/rpc_server: Shared rpc modules loading.
  * BUG 12520: Ensure global "smb encrypt = off" is effective.
  * BUG 12524: s3/rpc_server: Move rpc_modules.c to its own subsystem.
  * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
    readdirattr.

o  Volker Lendecke <vl@samba.org>
  * BUG 12551: smbd: Fix "map acl inherit" = yes.

o  Stefan Metzmacher <metze@samba.org>
  * BUG 12398: Replication with DRSUAPI_DRS_CRITICAL_ONLY and
    DRSUAPI_DRS_GET_ANC results in WERR_DS_DRA_MISSING_PARENT S
  * BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
    2.???" negprot.

o  John Mulligan <jmulligan@nasuni.com>
  * BUG 12542: docs: Improve description of "unix_primary_group" parameter in
    idmap_ad manpage.

o  Andreas Schneider <asn@samba.org>
  * BUG 12552: waf: Do not install the unit test binary for krb5samba.

o  Amitay Isaacs <amitay@gmail.com>
  * BUG 12547: ctdb-build: Install CTDB tests correctly from toplevel.
  * BUG 12549: ctdb-common: ioctl(.. FIONREAD ..) returns an int value.

o  Garming Sam <garming@catalyst.net.nz>
  * BUG 12577: 'samba-tool dbcheck' gives errors on one-way links after a
    rename.

o  Uri Simchoni <uri@samba.org>
  * BUG 12529: waf: Backport finding of pkg-config.

CHANGES SINCE 4.6.0rc1
======================

o  Amitay Isaacs <amitay@gmail.com>
  * BUG 12469: CTDB lock helper getting stuck trying to lock a record.
  * BUG 12500: ctdb-common: Fix a bug in packet reading code for generic socket
    I/O.
  * BUG 12510: sock_daemon_test 4 crashes with SEGV.
  * BUG 12513: ctdb-daemon: Remove stale eventd socket.

o  Bj旦rn Jacke <bj@sernet.de>
  * BUG 12535: vfs_default: Unlock the right file in copy chunk.

o  Volker Lendecke <vl@samba.org>
  * BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
  * BUG 12538: Backport winbind fixes.

o  Stefan Metzmacher <metze@samba.org>
  * BUG 12501: s3:winbindd: talloc_steal the extra_data in
    winbindd_list_users_recv().

o  Martin Schwenke <martin@meltin.net>
  * BUG 12511: ctdb-takeover: Handle case where there are no RELEASE_IPs to
    send.
  * BUG 12512: ctdb-scripts: Fix remaining uses of "ctdb gratiousarp".
  * BUG 12516: ctdb-scripts: /etc/iproute2/rt_tables gets populated with multiple
    'default' entries.

(ryoon)

Updated net/mikutter to 3.5.7

(tsutsui)

Update mikutter to 3.5.7.

Upstream changes:

mikutter 3.5.7

* support Ayanoniwa's icecream image (thanks @ahiru3net)
* associations against (undefined) was not invoked (thanks @moguno)
* custom Model :modified key which included MessageMixin was ignored
  (thanks @moguno)

(tsutsui)

Updated print/cups to 2.2.3; devel/py-wheel to 0.29.0

(adam)

Changes 0.29.0:
Fix compression type of files in archive

(adam)

CHANGES IN CUPS V2.2.3
- The IPP backend could get into an infinite loop for certain errors,
  causing a hung queue (<rdar://problem/28008717>)
- The scheduler could pause responding to client requests in order to
  save state changes to disk (<rdar://problem/28690656>)
- Added support for PPD finishing keywords (Issue 4960, Issue 4961,
  Issue 4962)
- The IPP backend did not send a media-col attribute for just the source
  or type (Issue 4963)
- IPP Everywhere print queues did not always support all print qualities
  supported by the printer (Issue 4953)
- IPP Everywhere print queues did not always support all media types
  supported by the printer (Issue 4953)
- The IPP Everywhere PPD generator did not return useful error messages
  (Issue 4954)
- The IPP Everywhere finishings support did not work correctly with
  common UI or command-line options (Issue 4976)
- Fixed an error handling issue for the network backends (Issue 4979)
- The default cupsd.conf file did not work on systems compiled without
  Kerberos support (Issue 4947)
- The "reprint job" option was not available for some canceled jobs
  (Issue 4915)
- Updated the job listing in the web interface (Issue 4978)
- Fixed some localization issues on macOS

(adam)

Bump PKGREVISION for previous

(pgoyette)

xpipeman fails to update the scores file with ASLR enabled.

XXX does this require a rev bump?

(pgoyette)

Updated misc/libreoffice to 5.3.2.2

(ryoon)

Update to 5.3.2.2

Changelog:
5.3.2.2
Bugs fixed compared to 5.3.2 rc1):

    tdf#80731 revert "Closing parenthesis is now detected" [Katarina Behrens]
    tdf#103591 convert bmps to png [Caol叩n McNamara]
    tdf#104447 sw: make lcl_DebugMarks output more readable, pos. at the start [Michael Stahl]
    tdf#105463 convert bmps to png [Caol叩n McNamara]
    tdf#105843 restore Application Start and Stop events [Jean-Baptiste Faure]
    tdf#106529 revert "Closing parenthesis is now detected" [Katarina Behrens]

5.3.2.1
Bugs fixed compared to 5.3.1 final (rc2):

    i#92948 sw: WW8 import: fix table in Apo in header [Michael Stahl]
    i#101009 sw: compare document: tweak special handling of EndOfContent [Michael Stahl]
    rhbz#1431476 Impress: Moving slides copies instead of moving [Caol叩n McNamara]
    rhbz#1431540 crash in SwDBManager::releaseRevokeListener [Caol叩n McNamara]
    tdf#54443 list only matching JREs [Samuel Mehrbrodt]
    tdf#71409 revert my fix for to hopefully fix . [Kohei Yoshida]
    tdf#77111 sw: fix page number offset on table dialog "Text Flow" [Michael Stahl]
    tdf#90407 export Text AutoFit to .pptx [Tor Lillqvist]
    tdf#91306 cui,sw: fix page number offset on paragraph dialog "Text Flow" [Michael Stahl]
    tdf#94435 RTF import: \ltrpar should not override \qc from style [Miklos Vajna]
    tdf#95206 print preview: page numbering starts with 1 (not 0) [Katarina Behrens]
    tdf#95612 print preview: page numbering starts with 1 (not 0) [Katarina Behrens]
    tdf#96275 RTF import: handle bitmap shapes inside tables [Miklos Vajna]
    tdf#96685 gtk findfocus return only if focused [Justin Luth]
    tdf#97731 allow status bar to adapt to its own preferred size [Caol叩n McNamara]
    tdf#99120 doc/docx: make unit test for round-tripable [Justin Luth]
    tdf#99908 ensure non-empty unique gradient names [Katarina Behrens]
    tdf#100903 gtk findfocus return only if focused [Justin Luth]
    tdf#100986 force using GDI when needed [Khaled Hosny]
    tdf#101178 sw: DOCX export: fix crash [Michael Stahl]
    tdf#101904 fix Date deleting in SCalc [Jean-Sebastien Bevilacqua]
    tdf#102777 broadcast SC_TAB_INSERTED when inserting scenario [Eike Rathke]
    tdf#103830 form field names not update in python macro [Noel Grandin]
    tdf#103831 force using GDI when needed [Khaled Hosny]
    tdf#103931 DOCX import: fix lost section break [Miklos Vajna]
    tdf#104026 the range should be updated after the references, [Markus Mohrhard]
    tdf#104081 RTF import: handle \htmautsp [Miklos Vajna]
    tdf#104117 set template parameter sal_Int64 for random [Toma転 Vajngerl]
    tdf#104222 put expensive debug code behind #if again [Mat炭邸 Kukan]
    tdf#104287 RTF import: handle bitmap shapes inside tables [Miklos Vajna]
    tdf#104381 revert my fix for to hopefully fix . [Kohei Yoshida]
    tdf#104482 force updating progress bar on safe [Jan-Marek Glogowski]
    tdf#105256 gtk findfocus return only if focused [Justin Luth]
    tdf#105486 fix conditional format import from XLSB, [Markus Mohrhard]
    tdf#105544 don't forget to set the managed flag, [Markus Mohrhard]
    tdf#105656 only delete path if less than 2 points [Regina Henschel]
    tdf#105729 RTF import: \ltrpar should not override \qc from style [Miklos Vajna]
    tdf#105854 retain popover if it has the same pos, size and settings [Caol叩n McNamara]
    tdf#106001 treat CharScaleWidth outliers as 100 in DOCX import [Aron Budea]
    tdf#106099 tweak to restore old behaviour [Caol叩n McNamara]
    tdf#106116 "Previous Marker" changes selection only when needed [Takeshi Abe]
    tdf#106123 store and restore the PaM around the menu Execute [Caol叩n McNamara]
    tdf#106190 following Treat blank after fraction bar [Laurent Balland-Poirier]
    tdf#106217 wrong size and position of a shape inside chart [Tam叩s Zolnai]
    tdf#106218 sw: compare document: tweak special handling of EndOfContent [Michael Stahl]
    tdf#106261 throw away old node map for table [Caol叩n McNamara]
    tdf#106271 cannot disable Menubar under Unity [Samuel Mehrbrodt]
    tdf#106283 registry settings are not read properly on Windows [Tam叩s Zolnai]
    tdf#106304 fix newline and empty paragraph font size issues in .pptx export [Tor Lillqvist]
    tdf#106456 don't try to use invalid ranges in external ref code [Markus Mohrhard]
    tdf#106459 3D reference can't be handled as vector reference [Eike Rathke]
    tdf#106462 old value and new value were swapped [Lionel Elie Mamane]
    tdf#106466 use graphite2 shaper first [Khaled Hosny]
    tdf#106557 don't crash on missing line spacing argument [Caol叩n McNamara]

(ryoon)

Updated emulators/qemu to 2.8.1

(ryoon)

Update to 2.8.1

Changelog:
Not available

(ryoon)

Updated emulators/simh to 4.0.0.20170406

(ryoon)

Update to 4.0.0.20140406

* Use SDL2 instead of SDL
* Build and install BESM-6 simulator

Changelog:
* Add MDS-225 simulator

(ryoon)

Updated sysutils/libpciaccess to 0.13.5

(wiz)

This release includes musl build fixes, improvements to the Solaris backend
and allows parsing separate sysfs files rather than reading the config file
on newer kernels.

Adam Jackson (1):
      chmod a-x README.cygwin

Chuck Tuffli (1):
      libpciaccess: Fix incorrect format specification

Emil Velikov (7):
      autogen.sh: pass --force to autoreconf, quote string variables
      linux sysfs: retrieve vendor, device... info via separate sysfs files
      autogen.sh: use quoted string variables
      Revert "linux_sysfs: include <limits.h> for PATH_MAX"
      configure.ac: remove AC_CONFIG_SRCDIR macro
      configure.ac: set AC_CONFIG_AUX_DIR
      libpciaccess 0.13.5

Felix Janda (2):
      linux_sysfs.c: Include <limits.h> for PATH_MAX
      linux_sysfs: include <limits.h> for PATH_MAX

Henry Zhao (2):
      probe should not hold pci nexus drivers open
      use cached devinfo snapshots, remove unnecessary di_init()

Julien Cristau (1):
      Include config.h before anything else in *.c

Keith Busch (1):
      Ignore 32-bit domains

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (1):
      autogen.sh: use exec instead of waiting for configure to finish

Thomas Klausner (1):
      Fix quoting issue.

arsharma (2):
      vgaarb: add a the trailing NULL character on read(vgaarb_fd)
      device-name: handle calloc failure in insert()

(wiz)

Updated x11/libdrm to 2.4.77

(wiz)

Bernd Kuhls (1):
      tests/etnaviv: link against libdrm

Christian Gmeiner (1):
      etnaviv: remove struct etna_specs

Emil Velikov (2):
      amdgpu: add amdgpu_bo_va_op_raw to the symbol check
      configure.ac: bring back pthread-stubs check

Erik Faye-Lund (1):
      tegra: update symbol-check

Junwei Zhang (1):
      amdgpu: add REPLACE and CLEAR checking for VA op (v2)

Marek Ol邸叩k (1):
      configure.ac: bump the version to 2.4.77

Nicolai H辰hnle (3):
      amdgpu: add amdgpu_bo_va_op_raw
      headers: sync amdgpu_drm.h from airlied/drm-next
      headers: the uint*_t vs. __u* discrepancy in amdgpu_drm is fixed

Rob Herring (2):
      Android: fix building of modetest and proptest
      Android: disable pointer-arith and enum-conversion

Seung-Woo Kim (5):
      exynos: fix type-punned pointer build warning
      exynos/fimg2d: remove unused-function build warning
      tests/exynos: remove unused-function build warning
      tests/exynos: fix invalid code of error path in g2d test
      xf86drm: remove memory leaks in drmGetBusid/drmGetReservedContextList

(wiz)

Updated devel/py-appdirs to 1.4.3; devel/py-pyparsing to 2.2.0; net/py-Socks to 1.6.7; security/py-certifi to 2017.1.23

(adam)

Changes 2017.1.23:
Unknown

(adam)

Changes 1.6.7:
Bug fixes.

(adam)

Version 2.2.0 - March, 2017
---------------------------
- Bumped minor version number to reflect compatibility issues with
  OneOrMore and ZeroOrMore bugfixes in 2.1.10. (2.1.10 fixed a bug
  that was introduced in 2.1.4, but the fix could break code
  written against 2.1.4 - 2.1.9.)

- Updated setup.py to address recursive import problems now
  that pyparsing is part of 'packaging' (used by setuptools).

- Fixed KeyError issue reported by Yann Bizeul when using packrat
  parsing in the Graphite time series database, thanks Yann!

- Fixed incorrect usages of '\' in literals.

- Minor internal change when using '-' operator, to be compatible
  with ParserElement.streamline() method.

- Expanded infixNotation to accept a list or tuple of parse actions
  to attach to an operation.

- New unit test added for dill support for storing pyparsing parsers.
  Ordinary Python pickle can be used to pickle pyparsing parsers as
  long as they do not use any parse actions. The 'dill' module is an
  extension to pickle which *does* support pickling of attached
  parse actions.

(adam)

appdirs 1.4.3
Python 3.6 invalid escape sequence deprecation fixes
Fix for Python 3.6 support

(adam)

Updated security/p5-Net-SSH to 2.09.01

(mef)

Updated security/p5-Net-SSH to 2.09.01
--------------------------------------
2.09 2016.10.26
    - Fix creation of keys in ecdsa, ed25519 key classes
    - Update eg/pssh-keygen to create ecdsa, ed25519 keys
    - Handle hostkeys-00@openssh.com global requests
    - Add support for 'CheckHostIP' and 'UpdateHostKeys' config options
    - Refactor handling of '+' syntax in options
    - Key fingerprints now output sha256-base64 by default.
      (md5 can be specified with FingerprintHash config option)
    - Add id_ed25519, id_ecdsa to default identity files
    - Documentation updates in Perl.pm to reflect new functionality in 2.XX

2.08 2016.10.14
    - Use sha512 instead of md5 in Net::SSH::Perl::Cipher->new_from_key_str()
      to provide ChachaPoly with enough key material
      Tests in t/05-cipher.t should now pass on all platforms [ CPAN bug #114077 ]
    - Add AES128_CBC to cipher tests
    - Info on using features not enabled by default added to README

2.07 2016.10.13

    - Fix blowfish compilation on SunOS [CPAN bug #116323]
    - Fix bug in Packet [CPAN bug #118335]
    - Add support for '+' syntax in MACs option
    - Remove hmac-sha1 from default MACs. It can re-enabled
      by passing the option: 'MACs +hmac-sha1'

2.06 2016.10.04

    - Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups
      from OpenSSH 7.3 (draft-ietf-curdle-ssh-kex-sha2-03)
    - Kex defaults now updated to draft-ietf-curdle-ssh-kex-sha2-03
      recommendations (diffie-hellman-group-exchange-sha1 removed)
      It can re-enabled by passing the option:
      'KexAlgorithms +diffie-hellman-group-exchange-sha1'

2.05 2016.10.03

    - Add support for '+' syntax in Ciphers, KexAlgorithms, HostKeyAlgorithms
      options as in OpenSSH

2.04 2016.05.11

    - Add ECDSA key support
    - Improve extract_public() in Key.pm inspired by
      https://github.com/renormalist/Net-SSH-Perl/pull/12
      but implement comment with backwards compat with RSA/DSA datafellows
    - Fix XS from being loaded more than once (warnings from Net::SFTP)

2.03 2016.05.06

    - Fixes so that "make test" passes

2.02 2016.05.04

    - Use CryptX to further reduce module depedencies
      This eliminates the need for:
        Math::Pari
        Crypt::DH
        Crypt::RSA
        Crypt::DSA
        Crypt::DES
        Crypt::Blowfish
        MIME::Base64
    - Add support for rsa-sha2-512,rsa-sha2-256 signing with RSA keys
    - Implement HashKnownHosts, KexAlgorithms, MACs config directives
    - Add XS code for Chacha20, BSD Blowfish, Ed25519 routines
    - Properly handle and create known_hosts entries when port is specified
    - Remove obsolete ciphers, MACs, Kex from default list to duplicate
      upcoming OpenSSH behavior
    - Bug fixes

2.01 2016.02.19

    - Use CryptX to reduce module depedencies
      This eliminates the need for:
        BSD::arc4random
        Digest::MD5
        Digest::SHA
        Digest::HMAC_MD5
        Crypt::OpenSSL::AES

2.00 2015.12.07

    - Add Chacha20-Poly1305 cipher support for best security
      (Requires Crypt::OpenSSH::ChachaPoly, see README)
    - Add AES Cipher support in CTR mode (CBC mode supported in Ed25519
      keys only)
    - Add Group Exchange (RFC4523) Diffie-Hellman Key Exchange
    - Add Curve25519 (curve25519-sha256@libssh.org) Key Exchange support
      (Requires Crypt::Curve25519)
    - Add hmac-sha2-256,hmac-sha2-512 MAC support
    - Add hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
      Encrypt-then-MAC (ETM) MAC support
    - Use BSD::arc4random for encrypted packet padding
    - Add support for Ed25519 ssh/host keys (Requires Crypt::Ed25519)
      Encrypted Ed25519 key support requires Crypt::OpenBSD::Blowfish
      (See README for info)
    - Default ciphers order is now chacha,aes,3des,blowfish,arcfour
    - Default KEX order is now Curve25519, DHGEXSHA256, DHGEXSHA1, DH14, DH1
    - Default MAC order is now hmac-sha2-512-etm@openssh.com,
      hmac-sha2-256-etm@openssh.com, sha2-512, sha2-256, sha1, md5
    - SSH Keys can now be in DOS format (no need to remove CR/LF)
    - SOCKS proxy support via sub class Net::SSH:Perl::Proxy
    - Now does not abort due to OpenSSH 6.8+ server
      SSH2_MSG_GLOBAL_REQUEST messages for host key rotation

(pkgsrc changes)
    - Adjust DEPENDS base upon above note (p5-CryptX related)

(mef)

Import p5-CryptX-0.047 as security/p5-CryptX.

Cryptography in CryptX is based on https://github.com/libtom/libtomcrypt

(mef)

Updated sysutils/rsyslog to 8.26.0

(fhajny)

Update sysutils/rsyslog* to 8.26.0.

- enable internal error messages at all times
- core: added logging name of source of rate-limited messages
- omfwd: omfwd: add support for network namespaces
- imrelp: honor input name if provided when submitting to impstats
- imptcp: add ability to set owner/group/access perms for uds
- mmnormalize: add ability to load a rulebase from action() parameter
- pmrfc3164 improvements
  - permit to ignore leading space in MSG
  - permit to use at-sign in host names
  - permit to require tag to end in colon
- add new global parameter "umask"
- core: make use of -T command line option more secure
- omfile: add error if both file and dynafile are set
- bugfix: build problem on MacOS (not a supported platform)
- regression fix: in 8.25, str2num() returned error on empty string
- bugfix omsnmp: improper handling of new-style configuration
  parameters
- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal
  messages
- bugfix imfile: wrong files were monitored when using multiple imfile
  inputs
- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail
  segfaults
- bugfix: immark emitted error messages with text "imuxsock"
- bugfix tcpflood: build failed if RELP was disabled
- fix gcc6 compiler warnings
- the output module array passing interface has been removed

(fhajny)

Updated sysutils/liblognorm to 2.0.3

(fhajny)

Update sysutils/liblognorm to 2.0.3.

Version 2.0.3, 2017-03-22

- add ability to load rulebase from a string
- bugfix: string parser did not correctly parse word at end of line
- bugfix: literal parser does not always store value if name is specified

Version 2.0.2, 2016-11-15

- bugfix: no error was emitted on invalid "annotate" line
- "annnotate": permit inline comments
- fix a problem with cross-compilation
- bugfix: abort in literal path compaction when useing "alternative" parser
- bugfix: lognormalizer could loop
- fix misleading compiler warning
- testbench: add test for "annotate" functionality

(fhajny)

Updated security/py-certbot to 0.13.0

(fhajny)

Update security/py-certbot and security/py-acme to 0.13.0.

0.13.0 - 2017-04-06

Added
- --debug-challenges pauses Certbot after setting up challenges for
  debugging.
- The Nginx parser can handle all valid directives in configuration
  files.
- Nginx ciphersuites changed to Mozilla Intermediate.
- certbot-auto --no-bootstrap won't install OS dependencies.

Fixed
- --register-unsafely-without-email respects --quiet.
- Hyphenated renewalparams are now saved in renewal config files.
- --dry-run no longer persists keys and csrs.
- No longer hangs when trying to start Nginx in Arch Linux.
- Apache rewrite rules no longer double-encode characters.

0.12.0 - 2017-03-02

Added
- Allow non-camelcase Apache VirtualHost names
- Allow more log messages to be silenced

Fixed
- Fix a regression around using --cert-name when getting new
  certificates

(fhajny)

Updated sysutils/consul to 0.8.0

(fhajny)

Update sysutils/consul to 0.8.0

BREAKING CHANGES:

- Command-Line Interface RPC Deprecation: The RPC client interface has
  been removed.
- Version 8 ACLs Are Now Opt-Out: The acl_enforce_version_8
  configuration now defaults to true to enable full version 8 ACL
  support by default.
- Remote Exec Is Now Opt-In: The default for disable_remote_exec was
  changed to "true", so now operators need to opt-in to having agents
  support running commands remotely via consul exec.
- Raft Protocol Compatibility: When upgrading to Consul 0.8.0 from a
  version lower than 0.7.0, users will need to set the -raft-protocol
  option to 1 in order to maintain backwards compatibility with the old
  servers during the upgrade.

FEATURES:

- Autopilot: A set of features has been added to allow for automatic
  operator-friendly management of Consul servers.
- Dead Server Cleanup: Dead servers will periodically be cleaned up and
  removed from the Raft peer set
- Server Health Checking: An internal health check has been added to
  track the stability of servers.
- New Server Stabilization: When a new server is added to the cluster,
  there will be a waiting period where it must be healthy and stable for
  a certain amount of time before being promoted to a full, voting member.
- Advanced Redundancy: (Consul Enterprise) A new -non-voting-server
  option flag has been added for Consul servers to configure a server
  that does not participate in the Raft quorum.
- Upgrade Orchestration: (Consul Enterprise) Autopilot will
  automatically orchestrate an upgrade strategy for Consul servers
- Network Areas: (Consul Enterprise) A new capability has been added
  which allows operators to define network areas that join together two
  Consul datacenters.
- WAN Soft Fail: Request routing between servers in the WAN is now more
  robust by treating Serf failures as advisory but not final.
- WAN Join Flooding: A new routine was added that looks for Consul
  servers in the LAN and makes sure that they are joined into the WAN as
  well.
- Validate command: To provide consistency across our products, the
  configtest command has been deprecated and replaced with the validate
  command

IMPROVEMENTS:

- agent: Fixed a missing case where gossip would stop flowing to dead
  nodes for a short while.
- agent: Changed agent to seed Go's random number generator.
- agent: Serf snapshots no longer have the executable bit set on the
  file.
- agent: Consul is now built with Go 1.8.
- agent: Updated aws-sdk-go version (used for EC2 auto join) for Go 1.8
  compatibility.
- agent: User-supplied node IDs are now normalized to lower-case.
- agent: Added checks to enforce uniqueness of agent node IDs at cluster
  join time and when registering with the catalog.
- cli: Standardized handling of CLI options for connecting to the Consul
  agent.
- cli: Updated go-cleanhttp library for better HTTP connection handling
  between CLI commands and the Consul agent
- cli: The operator raft subcommand has had its two modes split into the
  list-peers and remove-peer subcommands.
- cli: Added an -id flag to the operator raft remove-peer command to
  allow removing a peer by ID.
- dns: Allows the .service tag to be optional in RFC 2782 lookups.
- server: Changed the internal EnsureRegistration RPC endpoint to
  prevent registering checks that aren't associated with the top-level
  node being registered.

BUG FIXES:

- agent: Fixed an issue with consul watch not working when http was
  listening on a unix socket.
- agent: Fixed an issue where checks and services could not sync
  deregister operations back to the catalog when version 8 ACL support
  is enabled.
- agent: Fixed an issue where agents could use the ACL token registered
  with a service when registering checks for the same service that were
  registered with a different ACL token.
- cli: Fixed consul kv commands not reading the CONSUL_HTTP_TOKEN
  environment variable.
- cli: Fixed an issue where prefixing an address with a protocol (such
  as 'http://' or 'https://') in -http-addr or CONSUL_HTTP_ADDR would
  give an error.
- cli: Fixed an issue where error messages would get printed to stdout
  instead of stderr.
- server: Fixed an issue with version 8 ACLs where servers couldn't
  deregister nodes from the catalog during reconciliation.
- server: Fixed an issue where servers could temporarily roll back
  changes to a node's metadata or tagged addresses when making updates
  to the node's health checks.
- server: Fixed an issue where the service name consul was not subject
  to service ACL policies with version 8 ACLs enabled.

(fhajny)

Updated net/py-lexicon to 2.0.6

(fhajny)

Update net/py-lexicon to 2.0.6.

- Removed unnecessary import of pprint

(fhajny)

Updated lang/nodejs6 to 6.10.2

(fhajny)

Update lang/nodejs6 to 6.10.2.

- crypto: fix memory leak if certificate is revoked
- upgrade zlib to 1.2.11
- backport V8 fixes for spread syntax regression causing segfaults
- repl: Revert commit that broke REPL display on Windows

(fhajny)