Version 4.89
------------

1. Allow relative config file names for ".include"

2. A main-section config option "debug_store" to control the checks on
    variable locations during store-reset.  Normally false but can be enabled
    when a memory corrution issue is suspected on a production system.

(adam)

Added devel/py-ipython_genutils version 0.2.0

(minskim)

Add py-ipython_genutils

(minskim)

Import py-ipython_genutils-0.2.0

ipython_genutils is vestigial utilities from IPython.

(minskim)

Fix build with opencv 3.2

(markd)

Updated pkgtools/pkglint to 5.4.19

(rillig)

Updated pkglint to 5.4.19.

Changes since 5.4.18:

* Added generated Go yacc source files to CVS, since starting with Go 1.8
  the yacc tool is no longer part of the core distribution. The dependency
  on yacc would pull in all the Go tools, which are quite a few, and some
  of these do not currently build since they depend on go-crypto. See
  https://mail-index.netbsd.org/tech-pkg/2017/03/17/msg017900.html

(rillig)

Updated lang/llvm to 4.0.0; devel/include-what-you-use to 0.7nb2

(adam)

Fixed building with LLVM 4.0.0

(adam)

LLVM 4.0.0:
The minimum compiler version required for building LLVM has been raised to 4.8 for GCC and 2015 for Visual Studio.
The C API functions LLVMAddFunctionAttr, LLVMGetFunctionAttr, LLVMRemoveFunctionAttr, LLVMAddAttribute, LLVMRemoveAttribute, LLVMGetAttribute, LLVMAddInstrAttribute and LLVMRemoveInstrAttribute have been removed.
The C API enum LLVMAttribute has been deleted.
The definition and uses of LLVM_ATRIBUTE_UNUSED_RESULT in the LLVM source were replaced with LLVM_NODISCARD, which matches the C++17 [[nodiscard]] semantics rather than gcc窶冱 __attribute__((warn_unused_result)).
The Timer related APIs now expect a Name and Description. When upgrading code the previously used names should become descriptions and a short name in the style of a programming language identifier should be added.
LLVM now handles invariant.group across different basic blocks, which makes it possible to devirtualize virtual calls inside loops.
The aggressive dead code elimination phase (窶彗dce窶�) now removes branches which do not effect program behavior. Loops are retained by default since they may be infinite but these can also be removed with LLVM option -adce-remove-loops when the loop body otherwise has no live operations.
The llvm-cov tool can now export coverage data as json. Its html output mode has also improved.

(adam)

Updated multimedia/adobe-flash-player to 25.0.0.127

(tsutsui)

Update adobe-flash-player to 25.0.0.127.

Upstream announcements:

https://helpx.adobe.com/security/products/flash-player/apsb17-07.html

Security updates available for Adobe Flash Player

Release date: March 14, 2017

Vulnerability identifier: APSB17-07

CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000,
CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

Platform: Windows, Macintosh, Linux and Chrome OS

(tsutsui)

Renamed multimedia/adobe-flash-player24 to multimedia/adobe-flash-player

(tsutsui)

Move multimedia/adobe-flash-player24 to multimedia/adobe-flash-player.

(tsutsui)

Re-import multimedia/adobe-flash-player24 as multimedia/adobe-flash-player
for future major version bump with compatibility.

We had multiple adobe-flash-plugin versions in the past because
newer 11.x versions didn't work on older (4.x) NetBSD systems.
However I guess Adobe will not put aggressive changes that require
newer Linux kernel version (i.e. emul.linux.kern.osrelease on NetBSD)
in future periodical major updates, as per their announcements:
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
> Because this change is primarily a security initiative, some features
> (like GPU 3D acceleration and premium video DRM) will not be fully
> implemented.

No objection on pkgsrc-users@:
http://mail-index.netbsd.org/pkgsrc-users/2017/03/14/msg024523.html
Also ok'ed by gdt@ in private mail.

---

NPAPI Adobe Flash player plugin for the Firefox browser.
This package contains a plugin that enables web browsers to render
the Flash format.

The nspluginwrapper option (enabled by default on non Linux platforms)
permits the use of the the Linux x86 and x86_64 flash player in Firefox
browsers on other x86 systems and x86_64 systems.

For NetBSD this package requires NetBSD 6.2 or 7.1 (and later versions)
which include procfs fixes for Linux binaries.

(tsutsui)

Added devel/py-line_profiler version 2.0

(minskim)

Add py-line_profiler

(minskim)

Import py-line_profiler-2.0

line_profiler will profile the time individual lines of code take to
execute. The profiler is implemented in C via Cython in order to reduce
the overhead of profiling. Also included is the script kernprof, which
can be used to conveniently profile Python applications and scripts
either with line_profiler or with the function-level profiling tools in
the Python standard library.

(minskim)

Leave tab stops alone.

(roy)

Add missing DEPENDS on devel/py-rauth.

(darcy)

Note addition of py-rauth 0.7.3.

(darcy)

Add py-rauth package.

A Python library for OAuth 1.0/a, 2.0, and Ofly.

(darcy)

Clear USE_LANGUAGES for py-multipledispatch

(minskim)

cwrappers don't like piping to cpp. Work around this.

(schmonz)

Add support for strip_domain
Fix reading of can_skip_base_prefix setting

Bump PKGREVISION

(sborrill)

Updated devel/bugzilla to 5.0.3

(mef)

Update devel/bugzilla from 2.22.7 to 5.0.3
-------------------------------------
- please note devel/bugzilla3 has now 3.6.8
- Below is a Release note for 5.0.1 to 5.0.3 from:
  https://www.bugzilla.org/releases/5.0.3/release-notes.html
-------------------------------------
Bugzilla 5.0.3 Release Notes
  * Introduction
  * Updates in this 5.0.x Release
    ..
    (original has more sections, but omitted, see above URL for more info)

Introduction

Welcome to Bugzilla 5.0! It has been slightly over two years since we
released Bugzilla 4.4 in May of 2013. This new major release comes with many
new features and improvements to WebServices and performance.

If you're upgrading, make sure to read Notes On Upgrading From a Previous
Version. If you are upgrading from a release before 4.4, make sure to read
the release notes for all the previous versions in between your version and
this one, particularly the Upgrading section of each version's release notes.

Updates in this 5.0.x Release

5.0.3

This release fixes one security issue. See the Security Advisory for details.

This release also contains the following bug fixes:
  * A regression in Bugzilla 5.0.2 caused whine.pl to be unable to send
    emails due to a missing subroutine. (Bug 1235395)
  * The Encode module changed the way it encodes strings, causing email
    addresses in emails sent by Bugzilla to be encoded, preventing emails
    from being correctly delivered to recipients. We now encode email headers
    correctly. (Bug 1246228)
  * Fix additional taint issues with Strawberry Perl. (Bug 987742 and bug
    1089448)
  * When exporting a buglist as a CSV file, fields starting with either "=",
    "+", "-" or "@" are preceded by a space to not trigger formula execution
    in Excel. (Bug 1259881)
  * An extension which allows user-controlled data to be used as a link in
    tabs could trigger XSS if the data is not correctly sanitized. Bugzilla
    no longer relies on the extension to do the sanity check. A vanilla
    installation is not affected as no tab is user-controlled. (Bug 1250114)
    * Extensions can now easily override the favicon used for the Bugzilla
    website. (Bug 1250264)

5.0.2
This release fixes two security issues. See the Security Advisory for
details.

This release also contains the following bug fixes:

  * mod_perl now works correctly with mod_access_compat turned off on Apache
    2.4. To regenerate the .htaccess files, you must first delete all
    existing ones in subdirectories:

    find . -mindepth 2 -name .htaccess -exec rm -f {} \;

    You must then run checksetup.pl again to recreate them with the correct
    syntax. (Bug 1223790)
  * Emails sent by Bugzilla are now correctly encoded as UTF-8. (Bug 714724)
  * Strawberry Perl is now fully supported on Windows. (Bug 1089448 and bug
    987742)
  * The XML-RPC API now works with IIS on Windows. (Bug 708252)
  * Some queries should now be faster on PostgreSQL. (Bug 1184431)

5.0.1
This release fixes one security issue. See the Security Advisory for details.

This release also contains the following bug fixes:

  * Users whose login name is not an email address could not log in on
    installations which use LDAP to authenticate users. (Bug 1179160)

  * If a mandatory custom field was hidden, it was not possible to create a
    new bug or to edit existing ones. (Bug 1183398 and bug 1196969)

  * A user editing his login name to point to a non-existent email address
    could cause Bugzilla to stop working, causing a denial of service. (Bug
    1194987)
  * Emails generated during a transaction made PostgreSQL stop working. (Bug
    1186700)
  * Bugs containing a comment with a reference to a bug ID larger than 2^31
    could not be displayed anymore using PostgreSQL. (Bug 1191937)
  * The date picker in the "Time Summary" page was broken. (Bug 1181649)
  * If Test::Taint or any other Perl module required to use the JSON-RPC API
    was not installed or was too old, the UI to tag comments was displayed
    anyway, you could tag comments, but tags were not persistent (they were
    lost on page reload). Now the UI to tag comments is not displayed at all
    until the missing Perl modules are installed and up-to-date. (Bug
    1183227)
  * Custom fields of type INTEGER now accept negative integers. (Bug 1198659)
  * On Windows, the checksetup.pl installation script no longer asks for a
    SMTP server. It can be set after the installation is complete. (Bug
    1191255)

(mef)

Note update of net/pear-Net_Socket package to 1.1.0.

(taca)

Update pear-Net_Socket to 1.1.0.

Release date: 2017-03-08 14:32 UTC

Changelog:

* Set minimum PHP version to 5.4.0
* Set minimum PEAR version to 1.10.1

* Bug #18262: Incomplete buffer sent with fwrite after bugfix #14619
* Bug #20113: package.xml does not validate
* Bug #21031: Warning on connection error(stream_socket_client)
* PR #7: Fix for "Maximum execution time of 30 seconds exceeded" error
* PR #8: Make PHP5 compatible

(taca)

Note update of net/pear-Net_IDNA2 package to 0.2.0.

(taca)

Update pear-Net_IDNA2 to 0.2.0.

Release Date: 2017-03-06 15:50 UTC

Changelog:

* Set minimum PHP version to 5.4.0
* Set minimum PEAR version to 1.10.1

* Bug #19375: Add static to the fuction getInstance
* Bug #21123: Signing the source package

(taca)

Note update of mail/pear-Auth_SASL package to 1.1.0.

(taca)

Update pear-Auth_SASL to 1.1.0.

Release date: 2017-03-07 09:43 UTC

Changelog:

* Set minimum PHP version to 5.4.0
* Set minimum PEAR version to 1.10.1

* Request #21033: PHP warning depreciated

(taca)

Note update of php70 and php71 package.

lang/php70 7.0.17
lang/php71 7.1.3

(taca)

Update php71 to 7.1.3.

16 Mar 2017, PHP 7.1.3

- Core:
  . Fixed bug #74157 (Segfault with nested generators). (Laruence)
  . Fixed bug #74164 (PHP hangs when an invalid value is dynamically passed to
    typehinted by-ref arg). (Laruence)
  . Fixed bug #74093 (Maximum execution time of n+2 seconds exceed not written
    in error_log). (Laruence)
  . Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite).
    (Dmitry, Laruence)
  . Fixed bug #74084 (Out of bound read - zend_mm_alloc_small). (Laruence)
  . Fixed bug #73807 (Performance problem with processing large post request).
    (Nikita)
  . Fixed bug #73998 (array_key_exists fails on arrays created by
    get_object_vars). (mhagstrand)
  . Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea)
  . Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled
    build). (ondrej)

- Apache:
  . Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
    (Zheng Shao)

- Date:
  . Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value).
    (Derick)

- FPM:
  . Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
    (Denis Yeldandi)

- Hash:
  . Fixed bug #73127 (gost-crypto hash incorrect if input data contains long
    0xFF sequence). (Grundik)

- GD:
  . Fixed bug #74031 (ReflectionFunction for imagepng is missing last two
    parameters). (finwe)

- Mysqlnd:
  . Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
    (Andrew Nester, Nikita)

- Opcache:
  . Fixed bug #74019 (Segfault with list). (Laruence)

- OpenSSL:
  . Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
    (Anatol)
  . Fixed bug #74099 (Memory leak with openssl_encrypt()). (Andrew Nester)

- Standard:
  . Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).
    (Anatol)
  . Fixed bug #74041 (substr_count with length=0 broken). (Nikita)
  . Fixed bug #73118 (is_callable callable name reports misleading value for
    anonymous classes). (Adam Saponara)
  . Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is
    not available). (Benjamin Robin)

- Streams:
  . Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
    (Laruence)
  . Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
    (Anatol)

(taca)

Update php70 to 7.0.17.

16 Mar 2017 PHP 7.0.17

- Core:
  . Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite).
    (Dmitry, Laruence)
  . Fixed bug #74084 (Out of bound read - zend_mm_alloc_small). (Laruence)
  . Fixed bug #73807 (Performance problem with processing large post request).
    (Nikita)
  . Fixed bug #73998 (array_key_exists fails on arrays created by
    get_object_vars). (mhagstrand)
  . Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea)
  . Fixed bug #74039 (is_infinite(-INF) returns false). (Christian Schmidt)
  . Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled
    build). (ondrej)

- Apache:
  . Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
    (Zheng Shao)

- Date:
  . Fixed bug #72719 (Relative datetime format ignores weekday on sundays
    only). (Derick)
  . Fixed bug #73294 (DateTime wrong when date string is negative). (Derick)
  . Fixed bug #73489 (wrong timestamp when call setTimeZone multi times with
    UTC offset). (xiami, Derick)
  . Fixed bug #73858 (first/last day of' flag is not being reset). (Derick)
  . Fixed bug #73942 ($date->modify('Friday this week') doesn't return a Friday
    if $date is a Sunday). (Derick)
  . Fixed bug #74057 (wrong day when using "this week" in strtotime). (Derick)

- FPM:
  . Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
    (Denis Yeldandi)

- Hash:
  . Fixed bug #73127 (gost-crypto hash incorrect if input data contains long
    0xFF sequence). (Grundik)

- GD:
  . Fixed bug #74031 (ReflectionFunction for imagepng is missing last two
    parameters). (finwe)

- Mysqlnd:
  . Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
    (Andrew Nester, Nikita)

- Opcache:
  . Fixed bug #74152 (if statement says true to a null variable). (Laruence)
  . Fixed bug #74019 (Segfault with list). (Laruence)

- OpenSSL:
  . Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
    (Anatol)

- Standard:
  . Fixed bug #74148 (ReflectionFunction incorrectly reports the number of
    arguments). (Laruence)
  . Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).
    (Anatol)
  . Fixed bug #73118 (is_callable callable name reports misleading value for
    anonymous classes). (Adam Saponara)
  . Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is
    not available). (Benjamin Robin)

- Streams:
  . Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
    (Laruence)
  . Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
    (Anatol)

(taca)

Updated devel/gflags to 2.2.0; graphics/guetzli to 1.0

(adam)

Changes 1.0:
fixed two crashes (29 and 5de9ad8),
made memory requirements more explicit.

(adam)

Changes 2.2.0:
This release adds support for use of the gflags library as external dependency not only in projects using CMake, but also Bazel, or pkg-config. One new minor feature is added in this release: when a command flag argument contains dashes, these are implicitly converted to underscores. This is to allow those used to separate words of the flag name by dashes to do so, while the flag variable names are required to use underscores.

Memory leaks reported by valgrind should be resolved by this release.
This release fixes build errors with MS Visual Studio 2015.

(adam)

Note lang/erlang update to 19.3

(fhajny)

Update lang/erlang* to 19.3.

Some highlights for 19.3:

- crypto, ssh: The implementation of the key exchange algorithms
  diffie-hellman-group-exchange-sha* are optimized, up to a factor of 11
  for the slowest ( = biggest and safest) group size.
- dialyzer: The peak memory consumption is reduced. Analyzing modules
  with binary construction with huge strings is now much faster.
- erts: A received SIGTERM signal to beam will generate a 'stop' message
  to the init process and terminate the Erlang VM nicely. This is
  equivalent to calling init:stop/0.
- kernel: The functions in the 'file' module that take a list of paths
  (e.g. file:path_consult/2) will now continue to search in the path if
  the path contains something that is not a directory.
- public_key: New function pkix_verify_hostname/2,3 Implements
  certificate hostname checking. See the manual and RFC 6125.
- public_key, ssh: The ssh host key fingerprint generation now also
  takes a list of algorithms and returns a list of corresponding
  fingerprints. See public_key:ssh_hostkey_fingerprint/2 and the option
  silently_accept_hosts in ssh:connect.
- ssl: Move PEM cache to a dedicated process, to avoid making the SSL
  manager process a bottleneck. This improves scalability of TLS
  connections.
- stdlib: filename:safe_relative_path/1 to sanitize a relative path has
  been added.

Full release notes:

  http://erlang.org/download/otp_src_19.3.readme

(fhajny)

Updated net/py-lexicon to 2.0.0

(fhajny)

Update net/py-lexicon to 2.0.0.

- Add OTP to test filters
- Remove unnecessary filter from test
- Update DNSimple provider to v2
- Add username/password authentication (with optional 2fa) to
  dnsimplev

(fhajny)

Updated devel/phabricator to 20170316

(roy)

Updated devel/arcanist to 20170225

(roy)

Updated devel/libphutil to 20170304

(roy)

Update phabricator and friends to latest stable branches.
There's been no upadte here for over a year and noting all the changes
there-in would be futile here.

The important change is that Phabricator now works with php-7.1.x.

(roy)

putty: amend patch to use the BSD syntax on BSDs, and the alternate
syntax otherwise -- it has a better chance of working.

(maya)

Updated multimedia/ffmpeg3 to 3.2.4nb2

(maya)

ffmpeg3: bump pkgrevision with no changes because of libvdpau/libva fuckup
(it builds with no options).

(maya)

Updated lang/nodejs to 7.7.3

(fhajny)

Update lang/nodejs to 7.7.3.

- module: The module loading global fallback to the Node executable's
  directory now works correctly on Windows.
- net: Socket.prototype.connect now once again functions without
  a callback.
- url: URL.prototype.origin now properly specified an opaque return
  of 'null' for file:// URLs.

(fhajny)

Updated www/firefox to 52.0nb1

(maya)

Bump pkgrevision with no changes for libvdpau/libva screwup, as this
package built with changed options.

(maya)

revert libvdpau/libva changes, this doesn't work as expected.

(maya)

Not all the world is GNU configure.
Unbreaks mail/notmuch.

(wiz)

Fix MASTER_SITES.

(wiz)

regen

(wiz)

Modify DEPENDS so that any version can be built/checked.  As discussed on
the mailing list with joerg@.

(darcy)

Updated cross/arm-none-eabi-gcc to 6.3.0nb1

(ryoon)

Bump PKGREVISION

Add perl as a tool

(ryoon)

Fix one indentation of a line.

(taca)

Noet addition of misc/ruby-powerbar package version 1.0.18.

(taca)

Add and enable ruby-powerbar.

(taca)

Add ruby-powerbar 1.0.18 which is required by archivers/ruby-minitar-cli.

# PowerBar

This is PowerBar - The last progressbar-library you'll ever need.

## Features

* Detects when stdout is not a terminal and automatically falls back to logging
  * Does not clutter your log-files with ansi-codes!
  * If your CLI-app can run interactively and non-interactively (e.g. cronjob)
    you will automatically get reasonable progress-output in both modes.
  * By default prints to stderr but can call any output-method
    of your choice (e.g. your favorite Logger).

* Fully customizable; all output is template-driven.

* All output is optional. You may set PowerBar to silently collect progress
  information (percentage-done, throughput, ETA, etc.) and then use the
  computed values elsewhere in your app.

* All state can be updated at any time. For example: If you're monitoring a
  multi-part operation then you can change the status-message of a running
  PowerBar to reflect the current state.

(taca)

Updated security/putty to 0.68

(maya)

putty: update to 0.68

PuTTY 0.68, released today, supports elliptic-curve cryptography for host
keys, user authentication keys, and key exchange. Also, for the first time,
it comes in a 64-bit Windows version.

This update may create a build issue for non-BSD due to ancient functions
being different on BSD and SYSV. there's always macros if this fails.

(maya)

Remove alpha.gnu.org from master sites, this has been properly released.

(wiz)

libva, libvdpau: use options correctly.. fixes libvdpau build, pointed out
by paulg

(maya)

Added devel/py-multipledispatch version 0.4.9

(minskim)

Add py-multipledispatch

(minskim)

Import py-multipledispatch-0.4.9 as devel/py-multipledispatch

multipledispatch is an efficient, mostly complete implementation of
multiple dispatch that performs static analysis to avoid conflicts, and
provides optional namespace support.

(minskim)

Updated graphics/opencv to 3.2.0

(prlw1)

Update opencv to 3.2

Many Darwin library handling patches removed because of commit 912592de4ce
  Remove "INSTALL_NAME_DIR lib" target property

Full changelog at

https://github.com/opencv/opencv/wiki/ChangeLog

Highlights:

    * Results from 11 GSoC 2016 projects have been submitted to the
      library, 9 of them have been integrated already, 2 still pending
      (the numbers below are the id's of the Pull Requests in opencv or
      opencv_contrib repository):
          + Ambroise Moreau (Delia Passalacqua) - sinusoidal patterns for
            structured light and phase unwrapping module (711)
          + Alexander Bokov (Maksim Shabunin) - DIS optical flow
            (excellent dense optical flow algorithm that is both
            significantly better and significantly faster than Farneback's
            algorithm - our baseline), and learning-based color constancy
            algorithms implementation (689, 708, 722, 736, 745, 747)
          + Tyan Vladimir (Antonella Cascitelli) - CNN based tracking
            algorithm (GOTURN) (718, 899)
          + Vladislav Samsonov (Ethan Rublee) - PCAFlow and Global Patch
            Collider algorithms implementation (710, 752)
          + Jo o Cartucho (Vincent Rabaud) - Multi-language OpenCV
            Tutorials in Python, C++ and Java (7041)
          + Jiri Horner (Bo Li) - New camera model and parallel processing
            for stitching pipeline (6933)
          + Vitaliy Lyudvichenko (Anatoly Baksheev) - Optimizations and
            improvements of dnn module (707, 750)
          + Iric Wu (Vadim Pisarevsky) - Base64 and JSON support for file
            storage (6697, 6949, 7088). Use names like
            `"myfilestorage.xml?base64"` when writing file storage to
            store big chunks of numerical data in base64-encoded form.
          + Edgar Riba (Manuele Tamburrano, Stefano Fabri) - tiny_dnn
            improvements and integration (720: pending)
          + Yida Wang (Manuele Tamburrano, Stefano Fabri) - Quantization
            and semantic saliency detection with tiny_dnn
          + Anguelos Nicolaou (Lluis Gomez) - Word-spotting CNN based
            algorithm (761: pending)

(prlw1)

fail2ban: fix build on linux and others

having an empty SUBST_SED returns usage and a non-zero exit value and
the build doesn't continue.

(maya)

Note addition of textproc/py-pdfrw.

(darcy)

Add py-pdfrw package, a pure Python library that reads and writes PDFs.

(darcy)

go-{net,crypto,tools}, pkglint.

(bsiegert)

pkglint 5.4.18.

Changes:
- go tool yacc -> goyacc to fix building with Go 1.8 (PR pkg/52081).

(bsiegert)

Note addition of textproc/py-rst2pdf version 0.93.

(darcy)

Add py-rst2pdf package, a tool to create PDFs from text.

(darcy)

Update go-tools to 1.8 release as part of PR pkg/52081.

No changelog from upstream. There is now a "goyacc" tool to replace
"go tool yacc" from the main repo.

(bsiegert)

libva: Similar to libvdpau, add an x11 option to make it easier to disable
libva dependencies for non-X11 users. feel free to suggest alternatives.

PR pkg/52021

(maya)

Update go-crypto to 20170317, part of PR pkg/52081.

No changelog from upstream but there is a new acme package for Let's
Encrypt certificates.

(bsiegert)

libvdpau: add an option 'x11' (default enabled) in available.mk, so non-X11
users can avoid all of Xorg being pulled in for a dependency with ease,
without needing to know about vdpau, for example in the case of ffmpeg3
which shouldn't require X11.

Feel free to propose alternatives.

Clean some commented out bits.

PR pkg/52021

(maya)

Update go-net to 20170308. Part of PR pkg/52081 (a dependency of go-tools).

No changelog from upstream other than "git log".

(bsiegert)

As this package doesn't install anything into "bin" we don't need to
create that directory.

(tron)

Fix build under Mac OS X when XQuartz is used instead of modular X11.

(tron)

mysql57-server: fix compilation on NetBSD. fix -fpermissive error.

netbsd xdrproc_t takes 2 arguments, most others are variadic, os x is 3.
ifdef __NetBSD__ to match the signature.

PR pkg/52062

(maya)

Updated graphics/png to 1.6.29

(wiz)

Updated png to 1.6.29.

Version 1.6.29beta01 [January 12, 2017]
  Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna).
  Moved SSE2 optimization code into the main libpng source directory.
    Configure libpng with "configure --enable-intel-sse" or compile
    libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
  Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt).

Version 1.6.29beta02 [February 22, 2017]
  Avoid conditional directives that break statements in pngrutil.c (Romero
    Malaquias)
  The contrib/examples/pngtopng.c recovery code was in the wrong "if"
    branches; the comments were correct.
  Added code for PowerPC VSX optimisation (Vadim Barkov).

Version 1.6.29beta03 [March 1, 2017]
  Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
  Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c
    because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1.
  Suppress clang warnings about implicit sign changes in png.c

Version 1.6.29 [March 16, 2017]
  No changes.

(wiz)

Add upstream bug report URL.

(wiz)

Updated devel/npth to 1.3

(wiz)

Updated npth to 1.3.

Note: this now needs "-pthread" on NetBSD; please check if it's needed
on your OPSYS too.

Noteworthy changes in version 1.3 (2016-11-22)
----------------------------------------------

* Bypass npth_protect/npth_unprotect iff the library has not yet been
  initialized.

* Fix problems on macOS and AIX

* Improve detection of clock_gettime

(wiz)

Updated www/p5-libwww to 6.24

(wiz)

Updated p5-libwww to 6.24.

6.24      2017-03-14
    - Document clone methods inability to clone cookie jars (RT #13542)
    - It is now possible to set the proxy and no_proxy attributes from the
      constructor of LWP::UserAgent. (GH #124)

(wiz)

Updated multimedia/gst123 to 0.3.4

(wiz)

Updated gst123 to 0.3.4.

Overview of changes in gst123-0.3.4:

* Option parsing bug for "-@, --list" fixed.
* Avoid annoying redundant tag updates.
* Support video subtitles [Ahmed El-Mahmoudy].
* Use A/a keys to set video opacity [Ahmed El-Mahmoudy].
* Work around kwin window manager policy "focus stealing prevention".
* Fix image filetype detection bug.
* Fix Issue 14: Use sync bus handler to set window xid.
* Fix Issue 13: In some cases playing videos leads to g_criticals().
* Added "-f, --fullscreen" option to start playback in fullscreen mode.
* Added "--volume" option to set initial playback volume.
* Ignore symlinks when crawling directories.
* Various bugfixes.

(wiz)

gstreamer1 and plugins -> 1.10.4

(wiz)

Missed one of the plugin packages -- update to 1.10.4 like the rest.

(wiz)

Reset PKGREVISION after update.

(wiz)

Reset PKGREVISION after update.

(wiz)

Update gstreamer1 and its plugins to 1.10.4.

### 1.10.4

The third 1.10 bug-fix release (1.10.4) was released on 23 February 2017.
This release only contains bugfixes and it should be safe to update from 1.10.x.

#### Major bugfixes in 1.10.4

- Various fixes for crashes, assertions, deadlocks and memory leaks on fuzzed
  input files and in other situations (CVE-2017-5847, CVE-2017-5848)
- More regression fixes for souphttpsrc redirection tracking
- Regression fix for gmodule on 32 bit Android, which was introduced as part
  of the 64 bit Android fix in 1.10.3 and broke the androidmedia plugin
- Various bugfixes for regressions and other problems in the V4L2 plugin
- Fix for 5.1, 6.1 and 7.1 channel layouts for Vorbis
- Fixes for timestamp generation of Android video encoder element
- gst-libav was updated to ffmpeg 3.2.4, fixing a couple of CVEs
- ... and many, many more!

(wiz)