Add libstaroffice

(ryoon)

Import libstaroffice-0.0.2 as converters/libstaroffice.

The purpose of libstaroffice is to build a filter for old StarOffice's
documents(.sdc, .sdw, ...) based on librevenge.

(ryoon)

Added converters/libzmf version 0.0.1

(ryoon)

Add libzmf

(ryoon)

Import libzmf-0.0.1 as converters/libzmf.

libzmf is a library that parses the file format of Zoner Callisto/Draw
documents. Currently it only understands documents created by Zoner
Draw version 4 and 5.

(ryoon)

Fix textproc/p5-String-Expand entry

(ryoon)

Updated lang/openjdk8 to 1.8.121

(ryoon)

Update to 1.8.121

Changelog:
http://www.oracle.com/technetwork/java/javase/8u121-relnotes-3315208.html

core-libs/javax.naming
Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:

    com.sun.jndi.rmi.object.trustURLCodebase
    com.sun.jndi.cosnaming.object.trustURLCodebase

JDK-8158997 (not public)

security-libs/java.security
jarsigner -verbose -verify should print the algorithms used to sign the jar
The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when "jarsigner -verify -verbose filename.jar" is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property, jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example:

- Signed by "CN=weak_signer"
  Digest algorithm: MD2 (weak)
  Signature algorithm: MD2withRSA (weak), 512-bit key (weak)
Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
  Timestamp digest algorithm: SHA-256
  Timestamp signature algorithm: SHA256withRSA, 2048-bit key

See JDK-8163304

New Features

core-libs/java.io:serialization
Serialization Filter Configuration
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the "jdk.serialFilter" patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the 'java.io.serialization' logger, if enabled.
See JDK-8155760

core-libs/java.rmi
RMI Better constraint checking
RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness.
RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service.
Additional filter patterns can be configured using either a system property or a security property. The "sun.rmi.registry.registryFilter" and "sun.rmi.transport.dgcFilter" property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.
JDK-8156802 (not public)

security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions

*New certpath constraint: jdkCA*
In the java.security file, an additional constraint named "jdkCA" is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

Example: To apply this constraint to SHA-1 certificates, include the following: SHA1 jdkCA
See JDK-8140422

Changes

tools/javadoc(tool)
New --allow-script-in-comments option for javadoc
The javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments is specified.

With the --allow-script-in-comments option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.
JDK-8138725 (not public)

security-libs/javax.xml.crypto
Increase the minimum key length to 1024 for XML Signatures
The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.

The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.

If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled."
JDK-8140353 (not public)

docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.
DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the "jdk.certpath.disabledAlgorithms" security property. Applications can update this restriction in the security property ("jdk.certpath.disabledAlgorithms") and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
JDK-8139565 (not public)

security-libs
More checks added to DER encoding parsing code
More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed inparsing. Note that signatures generated using JDK default providers are not affected by this change.
JDK-8168714 (not public)

core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance
Class loaders created by the java.net.URLClasslasses from a list of given URLs. If the calling code does not have access to one or more of the URLs and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a Sege can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
JDK-8151934 (not public)

core-libs/java.util.logging
A new configurable property in logging.properties java.util.logging.FileHandler.maxLocks
A new "java.util.logging.FileHandler.maxLocks" configurable property is added to java.util.logging.FileHandler.

This new logging property can be defined in the logging configuration file and makes it possible to configure the maximum number of concurrent log file locks a FileHandler can handle. The default value is 100.

In a highly concurrent environment where multiple (more than 101) standalone client applications are using the JDK Logging API with FileHandler simultaneously, it may happen that the default limit of 100 is reached, resulting in a failure to acquire FileHandler file locks and causing an IO Exception to be thrown. In such a case, the new logging property can be used to increase the maximum number of locks before deploying the application.

If not overridden, the default value of maxLocks (100) remains unchanged. See java.util.logging.LogManager and java.util.logging.FileHandler API documentation for more details.
See JDK-8153955

Bug Fixes

The following are some of the notable bug fixes included in this release:

client-libs/javax.swing
Trackpad scrolling of text on OS X 10.12 Sierra is very fast
The MouseWheelEvent.getWheelRotation() method returned rounded native NSEvent deltaX/Y events on Mac OS X. The latest macOS Sierra 10.12 produces very small NSEvent deltaX/Y values so rounding and summing them leads to the huge value returned from the MouseWheelEvent.getWheelRotation(). The JDK-8166591 fix accumulates NSEvent deltaX/Y and the MouseWheelEvent.getWheelRotation() method returns non-zero values only when the accumulated value exceeds a threshold and zero value. This is compliant with the MouseWheelEvent.getWheelRotation() specification (https://docs.oracle.com/javase/8/docs/api/java/awt/event/MouseWheelEvent.html#getWheelRotation):

"Returns the number of "clicks" the mouse wheel was rotated, as an integer. A partial rotation may occur if the mouse supports a high-resolution wheel. In this case, the method returns zero until a full "click" has been accumulated."

For the precise wheel rotation values, use the MouseWheelEvent.getPreciseWheelRotation() method instead.
See JDK-8166591

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 8u121 Bug Fixes page.

Known Issues

deploy/packager
javapackager and fx:deploy bundle the whole JDK instead of JRE
There is a known bug in the Java Packager for Mac where the entire JDK may be bundled with the application bundle resulting in an unusually large bundle. The work around is to use the bundler option -Bruntime option. For example: -Bruntime=JavaAppletPlugin.plugin sets where the JavaAppletPlugin.plugin for the desired JRE to bundle is located in the current directory.
See JDK-8166835

install/install
Java Installation will fail for non-admin users with UAC off
The Java installation on Windows will fail without warning or prompting, for non-admin users with User Access Control (UAC) disabled. The installer will leave a directory, jds<number>.tmp, in the %TEMP% directory.
JDK-8161460 (not public)

(ryoon)

Describe gstreamer-ptp-suid. requested by wiz.

(maya)

rename ptp-suid option to gstreamer-ptp-suid

requested by wiz

(maya)

gstreamer plugins update

(maya)

zeromq: fix build on NetBSD. it has SOCK_CLOEXEC, but no accept4.
it's expected to use paccept instead. do this.

tests 75/78 passing

(maya)

Fix build with clang and libedit.

(roy)

Updated -> Added

(hauke)

Updated textproc/p5-String-Expand to 0.04

(hauke)

gst-plugins1-libav: update to 1.10.3

(maya)

Add p5-String-Expand

This module implements utility functions for expanding embedded
variables in a string. Variable references are embedded in strings in
a similar form to the Bourne shell, namely, in the form $NAME or
${NAME}. In the former case, the NAME must consist of a capital letter
or underscore, and may be followed by zero or more capital letters,
digits or underscores. In the latter case, the name can consist of any
characters, but will be terminated by the first close brace character
'}'.

(hauke)

gst-plugins1-good: update to 1.10.3

(maya)

gst-plugins1-ugly: update to 1.10.3

(maya)

gst-plugins1-bad: update to 1.10.3

(maya)

gst-plugins1-base: update to 1.10.3

(maya)

Updated devel/py-mercurial to 4.1

(wiz)

Updated py-mercurial to 4.1.

This is a regularly-scheduled quarterly feature release.

1.1. commands

    commands: config option to control bundle compression level
    crecord: add an experimental option for space key to move cursor down
    crecord: rewrite status line text (BC)
    diff: add experimental support for more git-diff extended diff features
    graft: support grafting changes to new file in renamed directory (issue5436)
    help: show help for disabled extensions (issue5228)
    help: update help for 'hg update' which was misleading (issue5427)
    merge: fix crash on criss cross merge with dir move and delete (issue5020)
    summary: add evolution "troubles" information to summary output
    summary: use the same labels as log command in "parent: " line
    templates: display evolution "troubles" in command line style

1.2. core

    changelog: keep track of file end in appender (issue5444)
    dispatch: stop supporting non-use of @command (API)
    hook: do not redirect stdout/err/in to ui while running in-process hooks (BC)
    httppeer: advertise and support application/mercurial-0.2
    localrepo: experimental support for non-zlib revlog compression
    manifest: add bundlemanifestlog support
    manifest: add unionmanifestlog support
    manifest: make revlog verification optional
    patch: add experimental config knob for displaying the index header
    patch: add similarity config knob in experimental section
    patch: add label for coloring the index extended header
    patch: add label for coloring the similarity extended header
    profiling: make statprof the default profiler (BC)
    profiling: use vendored statprof and upstream enhancements (BC)
    revlog: REVIDX_EXTSTORED flag
    revlog: add clone method
    revlog: ensure that flags do not overflow 2 bytes
    revlog: flag processor
    revlog: inline start() and end() for perf reasons
    revlog: make compressed size comparisons consistent
    revlog: merge hash checking subfunctions
    revlog: move decompress() from module to revlog class (API)
    revlog: optimize _chunkraw when startrev==endrev
    revlog: pass revlog flags to addrevision
    revlog: reorder index accessors to match data structure order
    revlog: use compression engine API for compression
    revlog: use compression engine APIs for decompression
    revset: add regular expression support to 'desc'
    revset: make children() not look at p2 if null (issue5439)
    run-tests: forward Python USER_BASE from site (issue5425)
    server: move cmdutil.service() to new module (API)
    templatekw: force noprefix=False to insure diffstat consistency (issue4755)
    ui: check EOF of getpass() response read from command-server channel
    ui: do not translate empty configsource() to 'none' (API)
    ui: factor out ui.load() to create a ui without loading configs (API)
    util: compression APIs to support revlog compression and decompression
    util: declare wire protocol support of compression engines
    wireproto: advertise supported media types and compression formats
    wireproto: only advertise HTTP-specific capabilities to HTTP peers (BC)
    wireproto: perform chunking and compression at protocol layer (API)

1.3. extensions

    convert: add config option to control storing original revision
    convert: add config option to copy extra keys from Git commits
    convert: config option for git rename limit
    convert: config option to control Git committer actions
    rebase: calculate ancestors for --base separately (issue5420)
    rebase: check for conflicts before continuing
    rebase: fail-fast the pull if working dir is not clean (BC)
    shelve: allow multiple shelves with --patch and --stat
    shelve: choose a legal shelve name when no name is passed (issue5112)
    shelve: make --keep option survive user intervention (issue5431)
    shelve: make unshelve not crash when there are missing files (issue4176)

1.4. hgweb

    hgweb: link to raw-file on annotation page (BC)
    hgweb: make log streams compatible with command server
    hgweb: restore ascending iteration on revs in filelog web command
    hgweb: support Content Security Policy

1.5. chg

    chg: send type information via S channel (BC)
    chg: support long socket path
    chgserver: make S channel support pager request
    chgserver: override runcommand

1.6. Behavior Changes

    chg: send type information via S channel (BC)
    crecord: rewrite status line text (BC)
    hgweb: link to raw-file on annotation page (BC)
    hook: do not redirect stdout/err/in to ui while running in-process hooks (BC)
    profiling: make statprof the default profiler (BC)
    profiling: use vendored statprof and upstream enhancements (BC)
    rebase: fail-fast the pull if working dir is not clean (BC)
    wireproto: only advertise HTTP-specific capabilities to HTTP peers (BC)

1.7. Internal API Changes

    bookmarks: make bookmarks.comparebookmarks accept binary nodes (API)
    bookmarks: rename 'compare()' to 'comparebookmarks()' (API)
    revlog: move decompress() from module to revlog class (API)
    server: move cmdutil.service() to new module (API)
    ui: do not translate empty configsource() to 'none' (API)
    ui: factor out ui.load() to create a ui without loading configs (API)
    util: remove compressors dict (API)
    util: remove decompressors dict (API)
    wireproto: perform chunking and compression at protocol layer (API)
    dispatch: stop supporting non-use of @command (API)

(wiz)

Updated sysutils/e2fsprogs to 1.43.4

(mef)

Updated sysutils/e2fsprogs to 1.43.4
-------------------------------------
    (from RELEASE-NOTE, some 170 lines, sorry)
-----------------------------------------
E2fsprogs 1.43.4 (January 31, 2017)
===================================

Fix e2fsck to require that the system.data extended attribute is
always present even for files smaller than 60 bytes, to be consistent
with the kernel.

Fix a bug which was causing mke2fs -d and fuse2fs to improperly handle
Posix ACL's.

Fix a bug which could cause mke2fs -d to fail if there is an
zero-length file in source directory tree.

Clarify the default for the "proceed?" question printed by mke2fs and
tune2fs.  (Addresses Debian Bug: #852727)

Debugfs will now display project quota information.

Debugfs's do_set_xattr now uses C strings to parse extended attribute
values, and will print the extended attributes using either C strings
or hex bytes when using debugfs's do_get_xattr command.  It will now
allow developers to see the contents of the system.data extended
attribute.

Fix a bug in mke2fs where I/O errors weren't getting properly reported
to the user.

Fix multiblock writes in the unaligned Direct I/O fallback code.
(Which is rarely needed on Linux systems, but which is required on
Freebsd systems.)

Make sure the default mke2fs.conf file includes the uninit_bg feature
flag.  (Which was accidentally dropped in v1.43).

Fix a bug in resize2fs when operating on very large file systems which
have a block size different from the VM page size.

If the reported device size is absurdly large, mke2fs will now report
an error instead looping forever or crashing.

Fix various Coverity warnings and other memory leaks in fuse2fs and
extended attribute manipulation functions.

Replace a test file but which had a "non-commercial use-only"
copyright permission file with a newer version from the Cyrus imapd
package which now has a 4-clause BSD license, which was making some
lawyers nervous, even though the test file in question was only used
in lib/et's regression testing and was never included in any compiled
binary.  (Addresses Debian Bug: #840733)

Stop installing mkfs.ext4dev and fsck.ext4dev

Update Chinese, Czech, Polish, Serbian, and Spanish translations and
add the Finnish and Malay translation.  (Addresses-Debian-Bug: #774379)

Update various man pages (Addresses-Debian-Bug: #852726)

Programming notes
-----------------

Fix more FreeBSD-11 compatibility bugs, including some unmasked by
FreeBSD 11-rc2.

Fix the Mac build.

Fix build failure on RHEL 5.x systems caused by an old version of
libmagic.

Fix a number of bugs reported by ASAN that can cause some (mostly
harmless) memory dereferences beyond allocated memory.

E2fsprogs 1.43.3 (September 4, 2016)
====================================

Fix e2fsck's handling of timestamps on 32-bit systems.

E2fsck will now check, and if necessary repair the extra isize fields
in the inode and superblock.

Fix crashes on architectures such as sparc64 that are sensitive to
unaligned pointer derferences in the journal recovery code when
journal checksums are enabled.

Programming notes
-----------------

Support reproducible builds by not capturing the build directory into
the mk_cmds and compile_et scripts.  Also fix debian build rules to
ensure build reproducibility.

Fix debian build rules to ensure build reproducibility and to avoid
hiding the linker flags for e2fsck.static so the build hardening log
scanner can properly audit the build.

Fix compatibility with FreeBSD's pmake and teach the configure script
to force the creation of pmake-compatible Makefiles if the
FORCE_NATIVE_MAKE environment variable is set to a non-empty value.

E2fsprogs 1.43.2 (September 1, 2016)
====================================

Fix resize2fs so it will not crash if there is an extended attribute
block but it doesn't need to migate any blocks during an off-line
resize

Fix a crash when mke2fs or debugfs tries to copy in a directory
hierarchy containing an empty directory

Mke2fs will now use a larger journal by default for filesystems
greater than 128 GB.  (1GB instead of 128 MB.)

Fix an alignment bug in e2fsck which caused sparc64 architectures to
crash when replaying the journal on file systems with a 64-bit block
number.

Clarify the message printed by tune2fs message when the user needs to
run e2fsck so it's clear that the -f flag to e2fsck is needed to
force a full e2fsck scan.  (Addresses Debian Bug: #828022)

Fix a bug in e2fsck caused by a power failure during e2fsck's journal
replay could leave the file system in a state where if the file system
is mounted without doing a full e2fsck scan, the file system could get
corrupted

Fix the logic in e2fsck which decides when to repair legacy negative
timestamp encodings.

Add a command to debugfs to copy the inode structure from one inode to
another.

Fix a typo in debugfs's stat command when printing out the dtime field
on file systems with an extended timestamp.

Fix big endian bugs in the e2undo program.  (Addresses Red Hat Bug
#1344636)

Debugfs's logdump can now properly handle journals larger than 2GB.

Avoid installing the man page for fuse2fs if it has not been built.

Update the Catalan, Chinese, Danish, Dutch, French, German, Polish,
Swedish, Ukrainian translations and added new translations for
Hugarian and Serbian.

Programming notes
-----------------

Fix portability problems in fuse2fs.  Previously it wouldn't build on
systems with older glibc versions where clock_gettime() is only
available in the librt library, and if libintl is not bundled into the
C library.

Remove complicated logic which caused a static code analyzer to flag a
false positive.  (A static code analyzer also found a valid bug in
deciding when to repair a legacy negative timestamp encoding, so
eliminating false positives is important.)

Fixed a bug where the ext2fs library cloud provoke when a
extfs2_zero_blocks() is used (via fallocation, initializing a file
system, uninitialized uninitialized inode table blocks) after a
different file system which also used ext2fs_zero_blocks().

Enable the unix_io manager in the ext2fs library so it can accept the
use of a file descriptor.  This is helpful in cases where the file
descriptor comes from temporary file created using O_TMPFILE, or
passed in from a unix domain socket.

Fix a Windows64 portability bug.

(mef)

Updated sysutils/salt to 2016.11.2

(sborrill)

Update sysutils/salt to 2016.11.2.  As usual, the changelogs are far too long
to be useful, but are available here:

https://docs.saltstack.com/en/latest/topics/releases/2016.11.0.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html

Thanks to Morgan @ Precedence Technologies.

(sborrill)

Pullup ticket #5204

(bsiegert)

Pullup ticket #5204 - requested by sevan
www/apache2: security fix

Revisions pulled up:
- www/apache22/Makefile                                        1.111
- www/apache22/distinfo                                        1.66
- www/apache22/patches/patch-include_ap_mmn.h                  deleted
- www/apache22/patches/patch-modules_proxy_mod_proxy.c          deleted
- www/apache22/patches/patch-modules_proxy_mod_proxy.h          deleted
- www/apache22/patches/patch-modules_proxy_proxy_util.c        deleted
- www/apache22/patches/patch-server_util__script.c              deleted

---
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Mon Jan 16 14:34:42 UTC 2017

  Modified Files:
          pkgsrc/www/apache22: Makefile distinfo
  Removed Files:
          pkgsrc/www/apache22/patches: patch-include_ap_mmn.h
              patch-modules_proxy_mod_proxy.c patch-modules_proxy_mod_proxy.h
              patch-modules_proxy_proxy_util.c patch-server_util__script.c

  Log Message:
  Changes with Apache 2.2.32

    *) SECURITY: CVE-2016-8743 (cve.mitre.org)
        Enforce HTTP request grammar corresponding to RFC7230 for request lines
        and request headers, to prevent response splitting and cache pollution by
        malicious clients or downstream proxies.

    *) Validate HTTP response header grammar defined by RFC7230, resulting
        in a 500 error in the event that invalid response header contents are
        detected when serving the response, to avoid response splitting and cache
        pollution by malicious clients, upstream servers or faulty modules.

    *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.

    *) core: Avoid a possible truncation of the faulty header included in the
        HTML response when LimitRequestFieldSize is reached.

    *) core: Enforce LimitRequestFieldSize after multiple headers with the same
        name have been merged.

    *) core: Drop Content-Length header and message-body from HTTP 204 responses.

    *) core: Permit unencoded ';' characters to appear in proxy requests and
        Location: response headers. Corresponds to modern browser behavior.

    *) core: ap_rgetline_core now pulls from r->proto_input_filters.

    *) core: Correctly parse an IPv6 literal host specification in an absolute
        URL in the request line.

    *) core: New directive RegisterHttpMethod for registering non-standard
        HTTP methods.

    *) core: Limit to ten the number of tolerated empty lines between request.

    *) core: reject NULLs in request line or request headers.

    *) mod_proxy: Use the correct server name for SNI in case the backend
        SSL connection itself is established via a proxy server.

    *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
        directives.

    *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3.

    *) mod_proxy: Correctly consider error response codes by the backend when
        processing failonstatus.

    *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
        had to be issued because the remote closed the previous/reusable one
        during idle (keep-alive) time.

    *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.

    *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to
        use a different scoreboard slot then the original one.

    *) mod_proxy: Fix a race condition that caused a failed worker to be retried
        before the retry period is over.

    *) mod_proxy: don't recyle backend announced "Connection: close" connections
        to avoid reusing it should the close be effective after some new request
        is ready to be sent.

    *) mod_mem_cache: Fix concurrent removal of stale entries which could lead
        to a crash.

    *) mime.types: add common extension "m4a" for MPEG 4 Audio.

    *) mod_substitute: Allow to configure the patterns merge order with the new
        SubstituteInheritBefore on|off directive.

    *) mod_mem_cache: Don't cache incomplete responses when the client
        connection is aborted before the body is fully read.

    *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
        failures under Visual Studio 2015 and other mismatched MSVCRT flavors.

    *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.

(bsiegert)

vowpal_wabbit: add zlib to dependencies

(cheusov)

Updated www/py-pelican to 3.7.1nb1

(nils)

Updated www/pelican to 3.7.1nb1.
Pkgsrc changes :
- dependency to www/py-feedgenerator updated to 1.9 (otherwise, pelican
  does not work) ;
- tabs alignement to make pkglint happy.

(nils)

Updated security/mozilla-rootcerts to 1.0.20170121

(maya)

mozilla-rootcerts: update to 052b90b5414f (commit at 2017-01-21)
mozilla-rootcerts-openssl: catch up

closest thing to a changelog:
diff -u certdata-20160610.txt certdata-20170121.txt | grep '# '

-# Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
-# Trust for Certificate "Equifax Secure CA"
-# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Serial Number: 903804111 (0x35def4cf)
-# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
-# Not Valid Before: Sat Aug 22 16:41:51 1998
-# Not Valid After : Wed Aug 22 16:41:51 2018
-# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
-# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
# Serial Number: 1407252 (0x157914)
-# Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority"
-# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
-# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
-# Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
-# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
-# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon May 18 00:00:00 1998
-# Not Valid After : Tue Aug 01 23:59:59 2028
-# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
-# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
# Certificate "GlobalSign Root CA"
# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
-# Certificate "Equifax Secure Global eBusiness CA"
+# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
# Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Trust for Certificate "Equifax Secure Global eBusiness CA"
-# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 1 (0x1)
-# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
-# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
-# Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Trust for Certificate "Equifax Secure eBusiness CA 1"
-# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Serial Number: 4 (0x4)
-# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
-# Not Valid Before: Mon Jun 21 04:00:00 1999
-# Not Valid After : Sun Jun 21 04:00:00 2020
-# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
-# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
-# Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:38:31 2000
-# Not Valid After : Sat May 30 10:38:31 2020
-# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
-# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-# Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
-# Trust for Certificate "RSA Security 2048 v3"
-# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
-# Not Valid Before: Thu Feb 22 20:39:23 2001
-# Not Valid After : Sun Feb 22 20:39:23 2026
-# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
-# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
# Certificate "GeoTrust Global CA"
# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
-# Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
-# Trust for Certificate "IGC/A"
-# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Serial Number:39:11:45:10:94
-# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
-# Not Valid Before: Fri Dec 13 14:29:23 2002
-# Not Valid After : Sat Oct 17 14:29:22 2020
-# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
-# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
# Distrust "Distrusted AC DG Tresor SSL"
# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
# Serial Number: 204199 (0x31da7)
-# Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
-# Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
-# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
-# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
-# Not Valid Before: Wed Jun 22 00:00:00 2005
-# Not Valid After : Fri Jun 21 23:59:59 2030
-# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
-# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
# Certificate "Microsec e-Szigno Root CA"
# Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
-# Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Trust for Certificate "Buypass Class 2 CA 1"
-# Issuer: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Serial Number: 1 (0x1)
-# Subject: CN=Buypass Class 2 CA 1,O=Buypass AS-983163327,C=NO
-# Not Valid Before: Fri Oct 13 10:25:09 2006
-# Not Valid After : Thu Oct 13 10:25:09 2016
-# Fingerprint (MD5): B8:08:9A:F0:03:CC:1B:0D:C8:6C:0B:76:A1:75:64:23
-# Fingerprint (SHA1): A0:A1:AB:90:C9:FC:84:7B:3B:12:61:E8:97:7D:5F:D3:22:61:D3:CC
-# Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
-# Trust for Certificate "EBG Elektronik Sertifika Hizmet Saglayicisi"
-# Issuer: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Serial Number:4c:af:73:42:1c:8e:74:02
-# Subject: C=TR,O=EBG Bili..im Teknolojileri ve Hizmetleri A....,CN=EBG Elektronik Sertifika Hizmet Sa..lay..c..s..
-# Not Valid Before: Thu Aug 17 00:21:09 2006
-# Not Valid After : Sun Aug 14 00:31:09 2016
-# Fingerprint (MD5): 2C:20:26:9D:CB:1A:4A:00:85:B5:B7:5A:AE:C2:01:37
-# Fingerprint (SHA1): 8C:96:BA:EB:DD:2B:07:07:48:EE:30:32:66:A0:F3:98:6E:7C:AE:58
# Certificate "certSIGN ROOT CA"
# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
-# Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
-# Trust for Certificate "Juur-SK"
-# Issuer: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Serial Number: 999181308 (0x3b8e4bfc)
-# Subject: CN=Juur-SK,O=AS Sertifitseerimiskeskus,C=EE,E=pki@sk.ee
-# Not Valid Before: Thu Aug 30 14:23:01 2001
-# Not Valid After : Fri Aug 26 14:23:01 2016
-# Fingerprint (MD5): AA:8E:5D:D9:F8:DB:0A:58:B7:8D:26:87:6C:82:35:55
-# Fingerprint (SHA1): 40:9D:4B:D9:17:B5:5C:27:B6:9B:64:CB:98:22:44:0D:CD:09:B8:89
# Certificate "Hongkong Post Root CA 1"
# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Certificate "Verisign Class 1 Public Primary Certification Authority"
+# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
+# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:c2:7e:43:04:4e:47:3f:19
+# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Jun 16 11:30:18 2009
+# Not Valid After : Sun Dec 30 11:30:18 2029
+# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
+# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority"
-# Issuer: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Serial Number:3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
-# Subject: OU=Class 1 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
-# Not Valid Before: Mon Jan 29 00:00:00 1996
-# Not Valid After : Wed Aug 02 23:59:59 2028
-# Fingerprint (MD5): 86:AC:DE:2B:C5:6D:C3:D9:8C:28:88:D3:8D:16:13:1E
-# Fingerprint (SHA1): CE:6A:64:A3:09:E4:2F:BB:D9:85:1C:45:3E:64:09:EA:E8:7D:60:F1
-# Certificate "Microsec e-Szigno Root CA 2009"
-# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Serial Number:00:c2:7e:43:04:4e:47:3f:19
-# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
-# Not Valid Before: Tue Jun 16 11:30:18 2009
-# Not Valid After : Sun Dec 30 11:30:18 2029
-# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
-# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
-# Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
-# Trust for Certificate "Root CA Generalitat Valenciana"
-# Issuer: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Serial Number: 994436456 (0x3b45e568)
-# Subject: CN=Root CA Generalitat Valenciana,OU=PKIGVA,O=Generalitat Valenciana,C=ES
-# Not Valid Before: Fri Jul 06 16:22:47 2001
-# Not Valid After : Thu Jul 01 15:22:47 2021
-# Fingerprint (MD5): 2C:8C:17:5E:B1:54:AB:93:17:B5:36:5A:DB:D1:C6:F2
-# Fingerprint (SHA1): A0:73:E5:C5:BD:43:61:0D:86:4C:21:13:0A:85:58:57:CC:9C:EA:46
# Certificate "TWCA Root Certification Authority"
# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Certificate "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Trust for "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+# Certificate "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Trust for "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+# Certificate "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Trust for "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+# Certificate "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Trust for "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+# Certificate "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Trust for "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+# Certificate "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Trust for "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+# Certificate "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Trust for "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B

(maya)

Updated www/py-feedgenerator to 1.9

(nils)

Updated www/py-feedgenerator to 1.9.
No upstream changelog available.
New homepage for the project (on GitHub).

(nils)

Updated x11/xdg-user-dirs to 0.15nb2

(leot)

${PKG_SYSCONFDIR} could not exist, add it to MAKE_DIRS to fix PR pkg/51940
reported by Paul Goyette.

Bump PKGREVISION

(leot)

Updated x11/libxklavier to 5.4nb2

(wiz)

Remove gobject-introspection bl3.mk, introspection is disabled.

Bump PKGREVISION.

Noted by John D. Baker on tech-pkg.

(wiz)

Updated devel/p5-Pegex to 0.63

(wen)

Update to 0.63

Upstream changes:
0.63 Sat Jan 14 09:31:43 PST 2017
- Fixed colors on older perls. TINITA++
- Changed on/off to always/never. TINITA++

0.62 Fri Jan 13 22:37:55 PST 2017
- Debug color and indent options added by TINITA++
- Recursion controls. Apply PR/46 by @pdl++ (refactored)
- Support Perl regex look-behind assertions

(wen)

Updated devel/p5-MooseX-Types to 0.49

(wen)

Update to 0.49

Upstream changes:
0.49      2016-12-23 00:12:12Z
        - made the exported is_Foo and to_Foo subs much faster, especially for
          type constraints which can be inlined. (Dave Rolsky)

(wen)

Updated devel/p5-MooseX-Types-Common to 0.001014

(wen)

Update to 0.001014

Upstream changes:
0.001014  2017-01-19 02:29:46Z
  - provide inlined version of NumericCode (Gregory Oschwald, GitHub PR#4)

(wen)

Updated devel/p5-Moose to 2.2004

(wen)

Update to 2.2004

Upstream changes:
2.2004  2017-01-31

  [BUG FIXES]

  - When an attribute was specified as 'rw' and you also provided an accessor
    name matching the attribute and there was an explicit writer, Moose would
    try to make an additional reader access with the same name as the
    attribute. Then Moose would warn about overwriting an accessor with a
    reader. This is related to the bugs reported in RT #120040.

2.2003  2017-01-30

  [BUG FIXES]

  - Moose could die when attempting to warn about overwriting an attribute's
    access method in some cases (since version 2.1902) (RT #120040)

2.2002  2017-01-30

  [BUG FIXES]

  - Creating a Moose subclass of a Moo class with an attribute with a
    delegation would cause a warning (since version 2.1902).

(wen)

Updated x11/st-term to 0.7nb1

(leot)

Adjust config.def.h to use the default monospace font (similarly to x11/dmenu
and wm/dwm)

Bump PKGREVISION

(leot)

Updated www/py-pelican to 3.7.1

(nils)

Updated www/pelican to 3.7.1

Upstream changes :

3.6.3 to 3.7.0 :
Atom feeds output <content> in addition to <summary>
Atom feeds use <published> for the original publication date and
<updated> for modifications
Simplify Atom feed ID generation and support URL fragments
Produce category feeds with category-specific titles
RSS feeds now default to summary instead of full content —
set RSS_FEED_SUMMARY_ONLY = False to revert to previous behavior
Replace MD_EXTENSIONS with MARKDOWN setting
Replace JINJA_EXTENSIONS with more-robust JINJA_ENVIRONMENT setting
Improve summary truncation logic to handle special characters and tags that
span multiple lines, using HTML parser instead of regular expressions
Include summary when looking for intra-site link substitutions
Link to authors and index via {author}name and {index} syntax
Override widget names via LINKS_WIDGET_NAME and SOCIAL_WIDGET_NAME
Add INDEX_SAVE_AS option to override default index.html value
Remove PAGES context variable for themes in favor of pages
SLUG_SUBSTITUTIONS now accepts 3-tuple elements, allowing URL slugs to
contain non-alphanumeric characters
Tag and category slugs can be controlled with greater precision using the
TAG_SUBSTITUTIONS and CATEGORY_SUBSTITUTIONS settings
Author slugs can be controlled with greater precision using the
AUTHOR_SUBSTITUTIONS setting
DEFAULT_DATE can be defined as a string
Use mtime instead of ctime when DEFAULT_DATE = 'fs'
Add --fatal=errors|warnings option for use with continuous integration
When using generator-level caching, ensure previously-cached files are
processed instead of just new files
Add Python and Pelican version information to debug output
Improve compatibility with Python 3.5
Comply with and enforce PEP8 guidelines
Replace tables in settings documentation with data:: directives

3.7.0 to 3.7.1 :
Fix locale issues in Quickstart script
Specify encoding for README and CHANGELOG in setup.py

Pkgsrc changes :
removed import of pelican in docs generation, which prevented building
the package

(nils)

Add missing Python 3 PLIST entries

(fhajny)

Updated x11/xf86-video-ati to 7.8.0nb1

(wiz)

Updated xf86-video-ati to 7.8.0nb1:

Add patch from PR 50067 by David Shao, which comes from FreeBSD
ports/Dragonfly overlay, to improve the situation on FreeBSD and
Dragonfly.

(wiz)

Updated x11/xkeyboard-config to 2.20

(wiz)

Updated xkeyboard-config to 2.20.

Emil Velikov (1):
      autogen.sh: use quoted string variables

Michal Suchanek (1):
      ctrl: add missing modifier_map

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (3):
      Drop AM_MAINTAINER_MODE
      autogen.sh: honor NOCONFIGURE=1
      autogen.sh: use exec instead of waiting for configure to finish

Sergey Udaltsov (13):
      Add missing Arabic diacritics to Arabic layouts
      Restored original RALT behavior for German
      Rulemak layout (Colemak based Russian phonetic layout)
      fixed credits
      Add Elfdalian layout
      Fixed al(plisi)
      Added ruble to rulemak
      Changed AltGr+t to Turkish Lira (instead of trademark)
      prerelease 2.19.99 for translations
      Added Lira to Turkish F layout as well
      Updated translations, prerelease
      Erroneous patch applied for modifiers
      Release 2.20

Stefan Tauner (2):
      symbols/de: use rightsinglequotemark on BKSL in all variants
      symbols/de: Fix whitespace after adding rightsinglequotemark

(wiz)

Updated net/libpcap to 1.8.1

(maya)

libpcap: update to 1.8.1

Tuesday, Oct. 25, 2016 mcr@sandelman.ca
  Summary for 1.8.1 libpcap release
    Add a target in Makefile.in for Exuberant Ctags use: 'extags'.
    Rename configure.in to configure.ac: autoconf 2.59
    Clean up the name-to-DLT mapping table.
    Add some newer DLT_ values: IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
    Clarify what the return values are for both success and failure.
    Many changes to build on windows
    Check for the "break the loop" condition in the inner loop for TPACKET_V3.
    Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue #493.
    Filter out duplicate looped back CAN frames.
    Fix the handling of loopback filters for IPv6 packets.
    Add a link-layer header type for RDS (IEC 62106) groups.
    Use different intermediate folders for x86 and x64 builds on Windows.
    On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
    Removes the need for the "host-endian" link-layer header type.
    Compile with '-Wused-but-marked-unused' in devel mode if supported
    Have separate DLTs for big-endian and host-endian SocketCAN headers.
    Reflect version.h being renamed to pcap_version.h.
    Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
    Properly check for sock_recv() errors.
    Re-impose some of Winsock's limitations on sock_recv().
    Replace sprintf() with pcap_snprintf().
    Fix signature of pcap_stats_ex_remote().
    Initial cmake support for remote packet capture.
    Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
    Clean up {DAG, Septel, Myricom SNF}-only builds.
    Do UTF-16-to-ASCII conversion into the right place.
    pcap_create_interface() needs the interface name on Linux.
    Clean up hardware time stamp support: the "any" device does not support any time stamp types.
    Add support for capturing on FreeBSD usbusN interfaces.
    Add a LINKTYPE/DLT_ value for FreeBSD USB.
    Go back to using PCAP_API on Windows.
    CMake support
    Add TurboCap support from WinPcap.
    Recognize 802.1ad nested VLAN tag in vlan filter.

Thursday Sep. 3, 2015 guy@alum.mit.edu
  Summary for 1.7.5 libpcap release
Man page cleanups.
Add some allocation failure checks.
Fix a number of Linux/ucLinux configure/build issues.
Fix some memory leaks.
Recognize 802.1ad nested VLAN tag in vlan filter.
Fix building Bluetooth Linux Monitor support with BlueZ 5.1+

(maya)

Updated x11/xauth to 1.0.10

(wiz)

Updated xauth to 1.0.10.

Alan Coopersmith (2):
      include POSIX-standard limits.h for PATH_MAX instead of sys/syslimits.h
      autogen.sh: Honor NOCONFIGURE=1

Dr. Tilmann Bubeck (2):
      Clarified RELEASING in README
      Fix for xauth failing on ENOSPC (= disk full)

Emil Velikov (1):
      autogen.sh: use quoted string variables

Jeremy Huddleston Sequoia (1):
      Update DISPLAY parsing to work with new launchd paths in Yosemite

Jon TURNEY (1):
      Fix !HAVE_STRLCPY case

Matt Turner (2):
      Build xauth before running tests.
      xauth 1.0.10

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (2):
      autogen.sh: stop using maintainer mode
      autogen.sh: use exec instead of waiting for configure to finish

S�ren Sandmann Pedersen (1):
      usage(): Print summary for the -n option

(wiz)

Updated devel/xorg-util-macros to 1.19.1

(wiz)

Updated xorg-util-macros to 1.19.1.

Alan Coopersmith (1):
      XORG_MANPAGE_SECTIONS: limit SysV man page sections to Solaris 2.0-11

Andreas Boll (1):
      Fix XORG_WITH_XMLTO to work with xmlto >= 0.0.27

Emil Velikov (1):
      autogen.sh: use quoted string variables

Matt Turner (1):
      Version bump: 1.19.1

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (1):
      autogen.sh: use exec instead of waiting for configure to finish

(wiz)

Updated x11/xconsole to 1.0.7

(wiz)

Updated xconsole to 1.0.7.

Alan Coopersmith (3):
      configure: Drop AM_MAINTAINER_MODE
      autogen.sh: Honor NOCONFIGURE=1
      config: add AC_USE_SYSTEM_EXTENSIONS

Emil Velikov (1):
      autogen.sh: use quoted string variables

Matt Turner (1):
      xconsole 1.0.7

Mihail Konev (1):
      autogen: add default patch prefix

Peter Hutterer (1):
      autogen.sh: use exec instead of waiting for configure to finish

(wiz)

Updated x11/libdrm to 2.4.75

(wiz)

Alex Xie (4):
      amdgpu: Provide more specific error message if non-privileged user runs amdgpu_test
      amdgpu: verify the tested device
      amdgpu: A new option to choose which device to run most tests
      amdgpu: A new option to run tests on render node

Chad Versace (2):
      Bump version for 2.4.75 release
      Bump version for 2.4.75 release

Chris Wilson (5):
      Import uapi/i915_drm.h from v4.10-rc5-950-g152d5750dda9
      intel: Allow the client to control implicit synchronisation
      intel: Support passing of explicit fencing from execbuf
      intel: Clear execobject flags before preserving object in reuse cache
      intel: Export a function to re-enable implicit synchronisation

Dave Airlie (2):
      Revert "Bump version for 2.4.75 release"
      intel: fix make distcheck

Dongwon Kim (1):
      intel: update global_name before HASH_ADD

Emil Velikov (16):
      xf86drm: use maj/min in drmParsePciDeviceInfo()
      xf86drm: add plumbing to not retrieve PCI device revision
      xf86drm: parse the separate sysfs files for vendor... info
      xf86drm: introduce drmGetDevice[s]2
      tests/drmdevice: use drmGetDevice[s]2
      tests: remove useless legacy tests
      kms: remove commented out libudev code
      configure: remove libudev checks
      tests: automake: reorder makefile contents
      autogen.sh: set format.subjectPrefix and sendemail.to if needed
      android: remove LOCAL_MODULE_TAGS := optional tag
      android: introduce Android.common.mk to reduce boilerplate
      android: add HAVE_VISIBILITY to Android.common.mk
      android: add note about command line defines and config.h
      android: silence ~550 warnings
      tests/nouveau: automake: fold C and CPP flags

Fabio Estevam (1):
      README: Fix grammar

Grazvydas Ignotas (1):
      xf86drm: fix sign-compare warning

Jonathan Gray (8):
      xf86drm: implement drmGetMinorNameForFD for non-sysfs
      xf86drm: implement drmParseSubsystemType for OpenBSD
      xf86drm: implement drmParsePciDeviceInfo for OpenBSD
      xf86drm: implement drmParsePciBusInfo for OpenBSD
      xf86drm: implement an OpenBSD specific drmGetDevice2
      xf86drm: adjust device node path for minor base
      xf86drm: add a non-sysfs version of drmGetDeviceNameFromFd2
      xf86drm: don't fatal on per device error in drmGetDevice[s]2

Neil Armstrong (1):
      tests/util: Add support for meson module

Seung-Woo Kim (1):
      libkms/exynos: fix memory leak in error path

Taro Yamada (1):
      xf86drm: fix null termination of string buffer

Thierry Reding (10):
      xf86drm: Fix indentation
      Add .editorconfig
      xf86drmMode.h: Use consistent padding
      xf86drmMode.h: Add DisplayPort MST and DPI encoders/connectors
      xf86drm: Fix type-punned pointer build warning
      xf86drm: Factor out drmDeviceAlloc()
      xf86drm: Add USB support
      xf86drm: Add platform and host1x bus support
      tests/drmdevice: Add USB, platform and host1x support
      xf86drm: Reuse sysfs_uevent_get()

Tomasz Figa (1):
      tests: Use -pthread in CFLAGS instead of -lpthread

Ville Syrj辰l辰 (1):
      modetest: Allow the user to specify the plane ID

(wiz)

Updated security/fail2ban to 0.9.6

(nils)

Updated security/fail2ban to 0.9.6.

Upstream changelog :
* Misleading add resp. enable of (already available) jail in database, that
  induced a subsequent error: last position of log file will be never retrieved (gh-795)
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
  (e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
  uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python version (also
  using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
    - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
      replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
    - Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
    - Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
    - Fixed error within apache-fakegooglebot, that will be called
      with wrong python version (gh-1506)
* `filter.d/assp.conf`
    - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
    - Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
    - Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
    - removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
    - recognized "Failed publickey for" (gh-1477);
    - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
    - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
    - optional port part after host (see gh-1533, gh-1581)

* New Actions:
    - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
    - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
      (gh-1586, gh-1606 and gh-1607)

* DateTemplate regexp extended with the word-end boundary, additionally to
  word-start boundary
* Introduces new command "fail2ban-python", as automatically created symlink to
  python executable, where fail2ban currently installed (resp. its modules are located):
    - allows to use the same version, fail2ban currently running, e.g. in
      external scripts just via replace python with fail2ban-python:
      ```diff
      -#!/usr/bin/env python
      +#!/usr/bin/env fail2ban-python
      ```
    - always the same pickle protocol
    - the same (and also guaranteed available) fail2ban modules
    - simplified stand-alone install, resp. stand-alone installation possibility
      via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
  Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
  are test covered now
* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
  examples:
    - `backend = systemd[journalpath=/run/log/journal/machine-1]`
    - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
    - `backend = systemd[journalflags=2]`

(nils)

Updated net/tcpdump to 4.9.0

(maya)

tcpdump: update to 4.9.0

fixes the most crazy number of buffer overflow CVEs in printing
functions (41 of them).

changelog
Wednesday January 18, 2017 devel.fx.lebail@orange.fr
  Summary for 4.9.0 tcpdump release
    General updates:
    Improve separation frontend/backend (tcpdump/libnetdissect)
    Don't require IPv6 library support in order to support IPv6 addresses
    Introduce data types to use for integral values in packet structures
    Fix display of timestamps with -tt, -ttt and -ttttt options
    Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
        (More information in the log with CVE-2016-* and CVE-2017-*)
    Change the way protocols print link-layer addresses (Fix heap overflows
        in CALM-FAST and GeoNetworking printers)
    Pass correct caplen value to ether_print() and some other functions
    Fix lookup_nsap() to match what isonsap_string() expects
    Clean up relative time stamp printing (Fix an array overflow)
    Fix some alignment issues with GCC on Solaris 10 SPARC
    Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
    Add a fn_printztn() which returns the number of bytes processed
    Add nd_init() and nd_cleanup() functions. Improve libsmi support
    Add CONTRIBUTING file
    Add a summary comment in all printers
    Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
    Fix some leaks found by Valgrind/Memcheck
    Fix a bunch of de-constifications
    Squelch some Coverity warnings and some compiler warnings
    Update Coverity and Travis-CI setup
    Update Visual Studio files

    Frontend:
    Fix capsicum support to work with zerocopy buffers in bpf
    Try opening interfaces by name first, then by name-as-index
    Work around pcap_create() failures fetching time stamp type lists
    Fix a segmentation fault with 'tcpdump -J'
    Improve addrtostr6() bounds checking
    Add exit_tcpdump() function
    Don't drop CAP_SYS_CHROOT before chrooting
    Fixes issue where statistics not reported when -G and -W options used

    New printers supporting:
    Generic Protocol Extension for VXLAN (VXLAN-GPE)
    Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
    Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
    Marvell Extended Distributed Switch Architecture header (MEDSA)
    Network Service Header (NSH)
    REdis Serialization Protocol (RESP)

    Updated printers:
    802.11: Beginnings of 11ac radiotap support
    802.11: Check the Protected bit for management frames
    802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
    802.11: Fix the radiotap printer to handle the special bits correctly
    802.11: If we have the MCS field, it's 11n
    802.11: Only print unknown frame type or subtype messages once
    802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
    802.11: Source and destination addresses were backwards
    AH: Add a bounds check
    AH: Report to our caller that dissection failed if a bounds check fails
    AP1394: Print src > dst, not dst > src
    ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
    ATALK: Add bounds and length checks (Fix heap overflows)
    ATM: Add some bounds checks (Fix a heap overflow)
    ATM: Fix an incorrect bounds check
    BFD: Update specification from draft to RFC 5880
    BFD: Update to print optional authentication field
    BGP: Add decoding of ADD-PATH capability
    BGP: Add support for the AIGP attribute (RFC7311)
    BGP: Print LARGE_COMMUNITY Path Attribute
    BGP: Update BGP numbers from IANA; Print minor values for FSM notification
    BOOTP: Add a bounds check
    Babel: Add decoder for source-specific extension
    CDP: Filter out non-printable characters
    CFM: Fixes to match the IEEE standard, additional bounds and length checks
    CSLIP: Add more bounds checks (Fix a heap overflow)
    ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
    DHCP: Fix MUDURL and TZ options
    DHCPv6: Process MUDURL and TZ options
    DHCPv6: Update Status Codes with RFCs/IANA names
    DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
    DTP: Improve packet integrity checks
    EGP: Fix bounds checks
    ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
    ESP: Handle OpenSSL 1.1.x
    Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
    Ethernet: Print the Length/Type field as length when needed
    FDDI: Fix -e output for FDDI
    FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
    GRE: Add some bounds checks (Fix heap overflows)
    Geneve: Fix error message with invalid option length; Update list option classes
    HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
    ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
    ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
    IGMP: Add a length check
    IP: Add a bounds check (Fix a heap overflow)
    IP: Check before fetching the protocol version (Fix a heap overflow)
    IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
    IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
    IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
    IPoFC: Fix -e output (IP-over-Fibre Channel)
    IPv6: Don't overwrite the destination IPv6 address for routing headers
    IPv6: Fix header printing
    IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
    ISAKMP: Clean up parsing of IKEv2 Security Associations
    ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
    ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
    ISOCLNS/IS-IS: Filter out non-printable characters
    ISOCLNS/IS-IS: Fix segmentation faults
    ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
    ISOCLNS: Add some bounds checks
    Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
    LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
    LLC: Add a bounds check (Fix a heap overflow)
    LLC: Clean up printing of LLC packets
    LLC: Fix the printing of RFC 948-style IP packets
    LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
    LLDP: Implement IANA OUI and LLDP MUD option
    MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
    MPLS: "length" is now the *remaining* packet length
    MPLS: Add bounds and length checks (Fix a heap overflow)
    NFS: Add a test that makes unaligned accesses
    NFS: Don't assume the ONC RPC header is nicely aligned
    NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
    NFS: Don't run past the end of an NFSv3 file handle
    OLSR: Add a test to cover a HNA sgw case
    OLSR: Fix 'Advertised networks' count
    OLSR: Fix printing of smart-gateway HNAs in IPv4
    OSPF: Add a bounds check for the Hello packet options
    OSPF: Do more bounds checking
    OSPF: Fix a segmentation fault
    OSPF: Fix printing 'ospf_topology_values' default
    OTV: Add missing bounds checks
    PGM: Print the formatted IP address, not the raw binary address, as a string
    PIM: Add some bounds checking (Fix a heap overflow)
    PIMv2: Fix checksumming of Register messages
    PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
    PPP: Add some bounds checks (Fix a heap overflow)
    PPP: Report invalid PAP AACK/ANAK packets
    Q.933: Add a missing bounds check
    RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
    RADIUS: Filter out non-printable characters
    RADIUS: Translate UDP/1700 as RADIUS
    RESP: Do better checking of RESP packets
    RPKI-RTR: Add a return value check for "fn_printn" call
    RPKI-RTR: Remove printing when truncated condition already detected
    RPL: Fix 'Consistency Check' control code
    RPL: Fix suboption print
    RSVP: An INTEGRITY object in a submessage covers only the submessage
    RSVP: Fix an infinite loop; Add bounds and length checks
    RSVP: Fix some if statements missing brackets
    RSVP: Have signature_verify() do the copying and clearing
    RTCP: Add some bounds checks
    RTP: Add some bounds checks, fix two segmentation faults
    SCTP: Do more bounds checking
    SFLOW: Fix bounds checking
    SLOW: Fix bugs, add checks
    SMB: Before fetching the flags2 field, make sure we have it
    SMB: Do bounds checks on NBNS resource types and resource data lengths
    SNMP: Clean up the "have libsmi but no modules loaded" case
    SNMP: Clean up the object abbreviation list and fix the code to match them
    SNMP: Do bounds checks when printing character and octet strings
    SNMP: Improve ASN.1 bounds checks
    SNMP: More bounds and length checks
    STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
    STP: Filter out non-printable characters
    TCP: Add bounds and length checks for packets with TCP option 20
    TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
    TCP: Fix two bounds checks (Fix heap overflows)
    TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
    TCP: Put TCP-AO option decoding right
    TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
    Telnet: Add some bounds checks
    TokenRing: Fix -e output
    UDLD: Fix an infinite loop
    UDP: Add a bounds check (Fix a heap overflow)
    UDP: Check against the packet length first
    UDP: Don't do the DDP-over-UDP heuristic check up front
    VAT: Add some bounds checks
    VTP: Add a test on Mgmt Domain Name length
    VTP: Add bounds checks and filter out non-printable characters
    VXLAN: Add a bound check and a test case
    ZeroMQ: Fix an infinite loop

Tuesday October 25, 2016 mcr@sandelman.ca
  Summary for 4.8.1 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
        Use PRIx64 to print a 64-bit number in hex.
        Printer for HNCP (RFCs 7787 and 7788).
        dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
        RSVP: Add bounds and length checks
        OSPF: Do more bounds checking
        Handle OpenSSL 1.1.x.
        Initial support for the REdis Serialization Protocol known as RESP.
        Add printing function for Generic Protocol Extension for VXLAN
            draft-ietf-nvo3-vxlan-gpe-01
        Network Service Header: draft-ietf-sfc-nsh-01
        Don't recompile the filter if the new file has the same DLT.
        Pass an adjusted struct pcap_pkthdr to the sub-printer.
        Add three test cases for already fixed CVEs
          CVE-2014-8767: OLSR
          CVE-2014-8768: Geonet
          CVE-2014-8769: AODV
        Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
        Use the new debugging routines in libpcap.
        Harmonize TCP source or destination ports tests with UDP ones
        Introduce data types to use for integral values in packet structures.
        RSVP: Fix an infinite loop
        Support of Type 3 and Type 4 LISP packets.
        Don't require IPv6 library support in order to support IPv6 addresses.
        Many many changes to support libnetdissect usage.
        Add a test that makes unaligned accesses: GitHub issue #478.
        add a DNSSEC test case: GH #445 and GH #467.
        BGP: add decoding of ADD-PATH capability
        fixes to LLC header printing, and RFC948-style IP packets ----------------------------------------------------------------------

(maya)

Updated security/libressl to 2.5.1

(wiz)

Updated libressl to 2.5.1.

2.5.1 - Bug and security fixes, new features, documentation updates

* X509_cmp_time() now passes a malformed GeneralizedTime field as an
  error. Reported by Theofilos Petsios.

* Detect zero-length encrypted session data early, instead of when
  malloc(0) fails or the HMAC check fails. Noted independently by
  jsing@ and Kurt Cancemi.

* Check for and handle failure of HMAC_{Update,Final} or
  EVP_DecryptUpdate().

* Massive update and normalization of manpages, conversion to
  mandoc format. Many pages were rewritten for clarity and accuracy.
  Portable doc links are up-to-date with a new conversion tool.

* Curve25519 Key Exchange support.

* Support for alternate chains for certificate verification.

* Code cleanups, CBS conversions, further unification of DTLS/SSL
  handshake code, further ASN1 macro expansion and removal.

* Private symbol are now hidden in libssl and libcryto.

* Friendly certificate verification error messages in libtls, peer
  verification is now always enabled.

* Added OCSP stapling support to libtls and netcat.

* Added ocspcheck utility to validate a certificate against its OCSP
  responder and save the reply for stapling

* Enhanced regression tests and error handling for libtls.

* Added explicit constant and non-constant time BN functions,
  defaulting to constant time wherever possible.

* Moved many leaked implementation details in public structs behind
  opaque pointers.

* Added ticket support to libtls.

* Added support for setting the supported EC curves via
  SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
  SSL{_CTX}_set1_curves{_list} names. This also changes the default
  list of curves to be X25519, P-256 and P-384. All other curves must
          be manually enabled.

* Added -groups option to openssl(1) s_client for specifying the curves
          to be used in a colon-separated list.

* Merged client/server version negotiation code paths into one,
  reducing much duplicate code.

* Removed error function codes from libssl and libcrypto.

* Fixed an issue where a truncated packet could crash via an OOB read.

* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
  client-initiated renegotiation. This is the default for libtls
  servers.

* Avoid a side-channel cache-timing attack that can leak the ECDSA
  private keys when signing. This is due to BN_mod_inverse() being
  used without the constant time flag being set. Reported by Cesar
  Pereida Garcia and Billy Brumley (Tampere University of Technology).
  The fix was developed by Cesar Pereida Garcia.

* iOS and MacOS compatibility updates from Simone Basso and Jacob
  Berkman.

(wiz)