Remove patch for netbsd curses differences, it was adjusted to change
behaviour to match ncurses, and the functions only exist for netbsd-current

bump pkgrevision

(maya)

Add MESSAGE that you have to remove the kerberos section from the
cupsd config file when you build cups without kerberos support.

Found by pgoyette.

(wiz)

Updated devel/memcached to 1.4.34

(adam)

Changes 1.4.34:
Add -o modern switches to -h
metadump: Fix preventing dumping of class 63
Fix cache_memlimit bug for > 4G values
metadump: ensure buffer is flushed to client before finishing
Number of small fixes/additions to new logging
add logging endpoint for LRU crawler
evicted_active counter for LRU maintainer
stop pushing NULL byte into watcher stream
Scale item hash locks more with more worker threads (minor performance)
Further increase systemd service hardening
Missing necessary header for atomic_inc_64_nv() used in logger.c (solaris)
Fix print format for idle timeout thread
Improve binary sasl security fixes
Fix clang compile error
Widen systemd caps to allow maxconns to increase
Add -X option to disable cachedump/metadump
Don't double free in lru_crawler on closed clients
Fix segfault if metadump client goes away

(adam)

Updated net/py-twisted to 17.1.0nb1

(wiz)

Bump PKGREVISION for py-automat dependency.

(wiz)

Updated graphics/inkscape to 0.92.1

(adam)

Add support for Cython>0.24 using an override mechanism in trunk.

(fhajny)

Inkscape 0.92.1 is a stability and bugfix release.

(adam)

Added devel/py-automat dependency

(adam)

distinfo update missed in previous.

(markd)

Revert probably unintended checksum change.

(wiz)

Remove patch after update (not in distinfo)

(wiz)

+ owl-lisp.

(wiz)

+ radamsa, p5-Net-LDAP-SID

(wiz)

Updated sysutils/pciutils to 3.5.3

(msaitoh)

Update sysutils/pcuutils to 3.5.3.

ChangeLog:
2017-02-15  Martin Mares <mj@ucw.cz>

* Released as 3.5.3.

* When lspci looks for Linux kernel modules, it uses the default
  path to module directory provided by libkmod. Previously,
  it tried to construct the path explicitly, which need not
  work on all systems.

* Improved formatting of memory and I/O ranges behind a bridge.

* PCIe link capabilities now display GEN4 speed (16GT/s).

* PCIe device capabilities now show bits related to atomic operations.
  Thanks to Satanand Burla for a patch.

* As usually, updated pci.ids to the current snapshot of the database.

(msaitoh)

firefox: add some configure bits for DragonflyBSD lost in the passage of
time. PR pkg/51695

(maya)

Needs py-test-runner.

(joerg)

Needs py-setuptools_scm.

(joerg)

Drop check for non-destdir directories that may not exist at this point
of installation.

(joerg)

Updated www/logswan to 1.07

(maya)

logswan: update to 1.07. Add simple smoketest.

Changes since 1.06:
    Harmonize arrays names
    Remove array of months, it's currently unused and will likely remain so
    Simplify internal JSON array and object names
    Use OpenBSD style(9) for function prototypes and declarations
    Revert back to using strtok, at least for now
    Do not use EXIT_SUCCESS and EXIT_FAILURE macros anymore
    Fix implicit function declaration rrror on NetBSD (Thanks Maya Rashish)
    Remove now useless variables initialization and unnecessary includes
    Do not add an extra new line when displaying usage or version

(maya)

Pullup ticket #5212 - requested by he
comms/conserver8: bugfix

Revisions pulled up:
- comms/conserver8/Makefile                                    1.22-1.24
- comms/conserver8/distinfo                                    1.11
- comms/conserver8/options.mk                                  1.5
- comms/conserver8/patches/patch-aa                            1.3
- comms/conserver8/patches/patch-ab                            1.2
- comms/conserver8/patches/patch-conserver_access.c            1.1
- comms/conserver8/patches/patch-conserver_consent.c            1.1

---
  Module Name: pkgsrc
  Committed By: he
  Date: Wed Jan 18 09:54:51 UTC 2017

  Modified Files:
  pkgsrc/comms/conserver8: Makefile distinfo
  pkgsrc/comms/conserver8/patches: patch-aa patch-ab
  Added Files:
  pkgsrc/comms/conserver8/patches: patch-conserver_access.c
      patch-conserver_consent.c

  Log Message:
  Add two patches so that this at least semi-works when the inet6
  option is used:

  * Use correct sockaddr length when doing getnameinfo() for inet6,
    so we avoid an early return with "permanent failure" from getnameinfo()
  * Use temp variables for walking the address lists so that we avoid trying
    freeaddrinfo(NULL) and getting SEGV

  This still isn't fully baked and backward compatible: with the
  inet6 option turned on, on NetBSD the conserver process only opens
  an inet6 server socket and no longer serves an inet socket (a
  Linuxism, I suspect), making it troublesome to interoperate with
  older versions of conserver or installations on hosts without IPv6
  connectivity.

  PKGREVISION bumped.

---
  Module Name: pkgsrc
  Committed By: he
  Date: Fri Feb 10 10:35:06 UTC 2017

  Modified Files:
  pkgsrc/comms/conserver8: Makefile options.mk

  Log Message:
  Don't enable the inet6 option on the various BSDs, since their stack
  require separate inet6 and inet sockets, and conserver as of 8.2.1
  doesn't do that.
  Bump PKGREVISION.

---
  Module Name: pkgsrc
  Committed By: he
  Date: Fri Feb 10 10:38:42 UTC 2017

  Modified Files:
  pkgsrc/comms/conserver8: Makefile

  Log Message:
  Um, need bsd.prefs.mk before testing ${OPSYS}.

(bsiegert)

Updated devel/libevent to 2.1.8

(adam)

Libevent 2.1.8-stable, it contains openssl fixes for resetting fd and using
bufferevent_openssl_filter_new(). vagrant fixes, some build fixes, increased
timeout for some tests (to reduce number of failures due to timing issues),
date in RFC1123 format and running tests in parallel.

(adam)

Libevent 2.1.8-stable, it contains openssl fixes for resetting fd and using
bufferevent_openssl_filter_new(). vagrant fixes, some build fixes, increased
timeout for some tests (to reduce number of failures due to timing issues),
date in RFC1123 format and running tests in parallel.

(adam)

Updated devel/p5-Test-BDD-Cucumber to 0.52

(schmonz)

Update to 0.52. From the changelog:

- Removed File::Slurp @ehuelsmann
- Minor test fixes @ehuelsmann

(schmonz)

+ p5-CPAN-2.16, p5-IO-Socket-SSL-2.045, p5-Specio-0.35, p5-YAML-1.22,
  p5-libwww-6.19.

(wiz)

+ byacc-20170201, calibre-2.79.1, plasma-5.9.2.

(wiz)

Needs py-setuptools_scm.

(joerg)

Updated emulators/simh to 4.0.0.20161218nb1

(maya)

simh: use networking. bump PKGREVISION.
fixes PR pkg/51970

(maya)

Needs openssl.

(joerg)

Add missing header.

(joerg)

Fix error checks. Bump revision.

(joerg)

Add missing py-test-runner dependency.

(joerg)

Fix more fallout from bad recursive bumps.
Please check your diffs!

(joerg)

Disable a couple more warnings for the clang build and merge some
patches from Git to fix another set of issues.

(joerg)

Ignore a couple more warnings when building with clang.

(joerg)

Add missing include.

(joerg)

Add missing includes.

(joerg)

Add missing include.

(joerg)

Not MAKE_JOBS_SAFE.

(joerg)

NetBSD needs libutil for openpty and friends.

(joerg)

Needs libtool.

(joerg)

Deal with zlib fallout.

(joerg)

Provide an actual dtor implementation.

(joerg)

Add missing include.

(joerg)

Fix pthread use.

(joerg)

Pointers are not ordered relative to 0, so compare the elements
as likely intended. Bump revision.

(joerg)

Adjust crude ABI hack.

(joerg)

Fix iconv error handling. Bump revision.

(joerg)

Add missing include.

(joerg)

Add missing include.

(joerg)

Fix Go invocation. Mark as BROKEN because it tries to fetch things from
the net during build.

(joerg)

Try to deal with API changes for the NetBSD port.

(joerg)

glib smart pointers should not be compared to integers.

(joerg)

Add missing includes.

(joerg)

Add missing includes.

(joerg)

Clear PKGREVISION after master package update

(fhajny)

5201

(spz)

Pullup ticket #5201 - requested by wiz
net/tigervnc: security update

Revisions pulled up:
- net/tigervnc/Makefile                                        1.15
- net/tigervnc/distinfo                                        1.11

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: wiz
  Date: Tue Jan 24 08:30:25 UTC 2017

  Modified Files:
  pkgsrc/net/tigervnc: Makefile distinfo

  Log Message:
  Updated tigervnc to 1.7.1.

  This is a security update for TigerVNC 1.7.0 which fixes a memory
  overflow issue via the RRE decoder. A malicious server could possibly
  use this issue to take control of the TigerVNC viewer.

  Users are advised to upgrade as soon as possible.

  To generate a diff of this commit:
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/tigervnc/Makefile
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/tigervnc/distinfo

(spz)

Fix gtk2 packaging
Reported by Riccardo Mottola.

(ryoon)

Fix PLIST for python-2.x. Sort.

(wiz)

Updated sysutils/beats to 5.2.0

(fhajny)

Update sysutils/beats to 5.2.0.

==== Bugfixes

Affecting all Beats

- Fix overwriting explicit empty config sections.

Filebeat

- Fix alignment issue were Filebeat compiled with Go 1.7.4 was crashing
  on 32 bits system.

Metricbeat

- Fix service times-out at startup.
- Kafka module case sensitive host name matching.
- Fix interface conversion panic in couchbase module

Packetbeat

- Fix issue where some Cassandra visualizations were showing data from
  all protocols.

==== Added

Affecting all Beats

- Add support for passing list and dictionary settings via -E flag.
- Support for parsing list and dictionary setting from environment
  variables.
- Added new flags to import_dashboards (-cacert, -cert, -key,
  -insecure).
- The limit for the number of fields is increased via the mapping
  template.
- Updated to Go 1.7.4.
- Added a NOTICE file containing the notices and licenses of the
  dependencies.

Heartbeat

- First release, containing monitors for ICMP, TCP, and HTTP.

Filebeat

- Add enabled config option to prospectors.
- Add target option for decoded_json_field.

Metricbeat

- Kafka module broker matching enhancements.
- Add a couchbase module with metricsets for node, cluster and bucket.
- Export number of cores for CPU module.
- Experimental Prometheus module.
- Add system socket module that reports all TCP sockets.
- Kafka consumer groups metricset.

Winlogbeat

- Reduced amount of memory allocated while reading event log records.

(fhajny)

Updated databases/py-elasticsearch to 5.2.0

(fhajny)

Update databases/py-elasticsearch to 5.2.0.

5.2.0 (2017-02-12)
- The client now automatically sends Content-Type http header set
  to application/json. If you are explicitly passing in other
  encoding than json you need to set the header manually.

5.1.0 (2017-01-11)
- Fixed sniffing

(fhajny)

Updated databases/elasticsearch to 5.2.0

(fhajny)

Update databases/elasticsearch to 5.2.0.

=== Breaking changes

Core::
- Add system call filter bootstrap check

=== Breaking Java changes

Allocation::
- Cluster Explain API uses the allocation process to explain shard
  allocation decisions

Cluster::
- Remove PROTO-based custom cluster state components

Ingest::
- Change type of ingest doc meta-data field 'TIMESTAMP' to `Date`

Internal::
- Consolidate the last easy parser construction
- Introduce XContentParser#namedObject

Plugins::
- Plugins: Replace Rest filters with RestHandler wrapper

Query DSL::
- Resolve index names in indices_boost

Search::
- Cluster search shards improvements: expose ShardId, adjust visibility
  of some members

=== Deprecations

Java API::
- Deprecate and remove "minimumNumberShouldMatch" in BoolQueryBuilder

Shadow Replicas::
- Add a deprecation notice to shadow replicas

=== New features

Analysis::
- Synonym Graph Support (LUCENE-6664)

Ingest::
- introduce KV Processor in Ingest Node

Mapping::
- Add the ability to set a normalizer on keyword fields.
- Add RangeFieldMapper for numeric and date range types

=== Enhancements

Aggregations::
- `value_type` is useful regardless of scripting.
- Support for partitioning set of terms

Allocation::
- Adds setting level to allocation decider explanations
- Improves allocation decider decision explanation messages
- Prepares allocator decision objects for use with the allocation
  explain API

Analysis::
- Expose FlattenGraphTokenFilter

CRUD::
- Use correct block levels for TRA subclasses

Cluster::
- Keep NodeConnectionsService in sync with current nodes in the cluster
  state
- Add a generic way of checking version before serializing custom
  cluster object
- Add validation for supported index version on node join, restore,
  upgrade & open index
- Let ClusterStateObserver only hold onto state that's needed for change
  detection
- Remove mutable status field from cluster state

Core::
- Rename bootstrap.seccomp to bootstrap.system_call_filter
- Cleanup random stats serialization code
- Avoid corruption when deserializing booleans
- Reduce memory pressure when sending large terms queries.

Discovery::
- Simplify Unicast Zen Ping
- Prefer joining node with conflicting transport address when becoming
  master

Ingest::
- add `ignore_missing` flag to ingest plugins
- Added ability to remove pipelines via wildcards (#22149)
- Enables the ability to inject serialized json fields into root of
  document
- compile ScriptProcessor inline scripts when creating ingest pipelines

Internal::
- Remove some more usages of ParseFieldMatcher
- Remove some more usages of ParseFieldMatcher
- Remove some ParseFieldMatcher usages
- Add infrastructure to manage network connections outside of
  Transport/TransportService
- Replace strict parsing mode with response headers assertions
- Start using `ObjectParser` for aggs.
- Don't output null source node in RecoveryFailedException
- ClusterService should expose "applied" cluster states (i.e., remove
  ClusterStateStatus)

Java High Level REST Client::
- Add fromxcontent methods to index response
- Add fromXContent() methods for ReplicationResponse
- Add parsing method for ElasticsearchException
- Add fromXContent method to GetResponse

Java REST Client::
- Warn log deprecation warnings received from server

Logging::
- Log deleting indices at info level
- Log failure to connect to node at info instead of debug

Mapping::
- Atomic mapping updates across types
- Only update DocumentMapper if field type changes
- Better error message when `_parent` isn't an object

Network::
- Disable the Netty recycler
- Tell Netty not to be unsafe in transport client
- Introduce a low level protocol handshake
- Detach handshake from connect to node
- Reduce number of connections per node depending on the nodes role
- Add a connect timeout to the ConnectionProfile to allow per node
  connect timeouts
- Grant Netty permission to read system somaxconn
- Remove connectToNodeLight and replace it with a connection profile

Packaging::
- Improve the out-of-the-box experience

Plugin Discovery EC2::
- Add support for ca-central-1 region to EC2 and S3 plugins
- Support for eu-west-2 (London) cloud-aws plugin
- Add us-east-2 AWS region
- Add setting to set read timeout for EC2 discovery and S3 repository
  plugins

Plugin Ingest GeoIp::
- Cache results of geoip lookups

Plugin Lang Painless::
- Improve painless's ScriptException generation

Plugins::
- Pass ThreadContext to transport interceptors to allow header
  modification
- Provide helpful error message if a plugin exists
- Add shutdown hook for closing CLI commands
- Allow plugins to install bootstrap checks

Query DSL::
- Un-deprecate fuzzy query
- support numeric bounds with decimal parts for long/integer/short/byte
  datatypes

Reindex API::
- Reindex: Better error message for pipeline in wrong place
- Timeout improvements for rest client and reindex

Scripting::
- Wrap VerifyError in ScriptException
- Log ScriptException's xcontent if file script compilation fails

Search::
- Move SearchTransportService and SearchPhaseController creation outside
  of TransportSearchAction constructor
- Don't carry ShardRouting around when not needed in
  AbstractSearchAsyncAction
- ShardSearchRequest to take ShardId constructor argument rather than
  the whole ShardRouting
- Use index uuid as key in the alias filter map rather than the index
  name

Settings::
- Speed up filter and prefix settings operations

Snapshot/Restore::
- Fixes retrieval of the latest snapshot index blob
- Synchronize snapshot deletions on the cluster state

Stats::
- Include unindexed field in FieldStats response

Task Manager::
- Improve the error message if task and node isn't found
- Add descriptions to create snapshot and restore snapshot tasks.
- Add proper descriptions to reindex, update-by-query and
  delete-by-query tasks.

=== Bug fixes

Aggregations::
- Fix scaled_float numeric type in aggregations
- Allow terms aggregations on pure boolean scripts.
- Fix numeric terms aggregations with includes/excludes and
  minDocCount=0
- Fix `missing` on aggs on `boolean` fields.
- IP range masks exclude the maximum address of the range.
- Fix `other_bucket` on the `filters` agg to be enabled if a key is set.

Allocation::
- Cannot force allocate primary to a node where the shard already exists
- Promote shadow replica to primary when initializing primary fails
- Trim in-sync allocations set only when it grows

Analysis::
- AsciiFoldingFilter's multi-term component should never preserve the
  original token.
- Pre-built analysis factories do not implement MultiTermAware
  correctly.

CRUD::
- Reject external versioning and explicit version numbers on create

Cluster::
- IndicesService handles all exceptions during index deletion

Core::
- Streamline foreign stored context restore and allow to perserve
  response headers
- Support negative numbers in readVLong

Discovery::
- Close InputStream when receiving cluster state in
  PublishClusterStateAction
- Do not reply to pings from another cluster

Engine::
- Close and flush refresh listeners on shard close

Exceptions::
- Fixing shard recovery error message to report the number of docs
  correctly for each node

Highlighting::
- Fix FiltersFunctionScoreQuery highlighting

Index APIs::
- Ensure shrunk indices carry over version information from its source

Ingest::
- fix index out of bounds error in KV Processor
- Fixes GrokProcessor's ignorance of named-captures with same name.

Inner Hits::
- Inner hits and ignore unmapped

Internal::
- Index creation and setting update may not return deprecation logging

Java API::
- Don't output empty ext object in SearchSourceBuilder#toXContent

Java REST Client::
- Don't use null charset in RequestLogger

Mapping::
- The `_all` default mapper is not completely configured.
- Fix MapperService.allEnabled().
- Dynamic `date` fields should use the `format` that was used to detect
  it is a date.
- Sub-fields should not accept `include_in_all` parameter
- Mappings: Fix get mapping when no indexes exist to not fail in
  response generation

Nested Docs::
- Fix bug in query builder rewrite that ignores the ignore_unmapped
  option

Network::
- Pass `forceExecution` flag to transport interceptor
- Ensure new connections won't be opened if transport is closed or
  closing
- Prevent open channel leaks if handshake times out or is interrupted
- Execute low level handshake in #openConnection
- Properly configure Netty 3 ClientBootstrap when using custom
  connection profile
- Handle connection close / reset events gracefully during handshake
- Do not lose host information when pinging
- DiscoveryNode and TransportAddress should preserve host information

Packaging::
- Another fix for handling of paths on Windows
- Fix handling of spaces in Windows paths
- Add option to skip kernel parameters on install

Percolator::
- Fix NPE in percolator's 'now' range check for percolator queries with
  range queries

Plugin Analysis Stempel::
- Fix thread safety of Stempel's token filter factory

Plugin Lang Painless::
- Whitelist some ScriptDocValues in painless
- Update Painless Loop Counter to be Higher
- Fix some issues with painless's strings
- Test fix for def equals in Painless
- Fix a VerifyError bug in Painless

Plugin Mapper Attachment::
- NPE is raised when defining a non existing type within attachments
  type

Plugin Repository Azure::
- Fixes default chunk size for Azure repositories
- readonly on azure repository must be taken into account

Query DSL::
- Fix script score function that combines `_score` and weight

REST::
- Adds percent-encoding for Location headers

Recovery::
- Fix primary relocation for shadow replicas
- Don't close store under CancellableThreads
- Use a fresh recovery id when retrying recoveries
- Allow flush/force_merge/upgrade on shard marked as relocated

Reindex API::
- Fix reindex from remote clearing scroll
- Fix source filtering in reindex-from-remote
- Remove content type detection from reindex-from-remote
- Don't close rest client from its callback
- Keep context during reindex's retries

Scripting::
- Expose `ip` fields as strings in scripts.

Search::
- Improve concurrency of ShardCoreKeyMap.
- Make `-0` compare less than `+0` consistently.
- Fix boost_mode propagation when the function score query builder is
  rewritten
- FiltersAggregationBuilder: rewriting filter queries, the same way as
  in FilterAggregationBuilder
- Fix cross_fields type on multi_match query with synonyms

Search Templates::
- SearchTemplateRequest to implement CompositeIndicesRequest

Settings::
- Handle spaces in `action.auto_create_index` gracefully
- Fix settings diff generation for affix and group settings

Snapshot/Restore::
- Gracefully handles pre 2.x compressed snapshots
- URLRepository should throw NoSuchFileException to correctly adhere to
  readBlob contract
- Fixes shard level snapshot metadata loading when index-N file is
  missing

Stats::
- Implement stats for geo_point and geo_shape field
- Use reader for doc stats
- Avoid NPE in NodeService#stats if HTTP is disabled
- Add support for "include_segment_file_sizes" in indices stats REST
  handler

Term Vectors::
- Fix `_termvectors` with preference to not hit NPE
- Return correct term statistics when a field is not found in a shard

=== Regressions

Core::
- Source filtering: only accept array items if the previous include
  pattern matches

Logging::
- Restores the original default format of search slow log

Search::
- Handle specialized term queries in MappedFieldType.extractTerm(Query)

=== Upgrades

Core::
- Upgrade to Lucene 6.4.0
- Update Jackson to 2.8.6
- Upgrade to lucene-6.4.0-snapshot-084f7a0.
- Upgrade to lucene-6.4.0-snapshot-ec38570

(fhajny)

Updated databases/redis to 3.2.8

(fhajny)

Update databases/redis to 3.2.8.

================================================================================
Redis 3.2.8    Released Sun Feb 12 16:11:18 CET 2017
================================================================================

Two important bug fixes, the first of one is critical:

1. Apparently Jemalloc 4.4.0 may contain a deadlock under particular
  conditions. See https://github.com/antirez/redis/issues/3799.
  We reverted back to the previously used Jemalloc versions and plan
  to upgrade Jemalloc again after having more info about the
  cause of the bug.

2. MIGRATE could crash the server after a socket error. See for reference:
  https://github.com/antirez/redis/issues/3796.

================================================================================
Redis 3.2.7    Released Tue Jan 31 16:21:41 CET 2017
================================================================================

Main bugs fixes and improvements in this release:

1. MIGRATE could incorrectly move keys between Redis Cluster nodes by turning
  keys with an expire set into persisting keys. This bug was introduced with
  the multiple-keys migration recently. It is now fixed. Only applies to
  Redis Cluster users that use the resharding features of Redis Cluster.

2. As Redis 4.0 beta and the unstable branch already did (for some months at
  this point), Redis 3.2.7 also aliases the Host: and POST commands to QUIT
  avoiding to process the remaining pipeline if there are pending commands.
  This is a security protection against a "Cross Scripting" attack, that
  usually involves trying to feed Redis with HTTP in order to execute commands.
  Example: a developer is running a local copy of Redis for development
  purposes. She also runs a web browser in the same computer. The web browser
  could send an HTTP request to http://127.0.0.1:6379 in order to access the
  Redis instance, since a specially crafted HTTP requesta may also be partially
  valid Redis protocol. However if POST and Host: break the connection, this
  problem should be avoided. IMPORTANT: It is important to realize that it
  is not impossible that another way will be found to talk with a localhost
  Redis using a Cross Protocol attack not involving sending POST or Host: so
  this is only a layer of protection but not a definitive fix for this class
  of issues.

3. A ziplist bug that could cause data corruption, could crash the server and
  MAY ALSO HAVE SECURITY IMPLICATIONS was fixed. The bug looks complex to
  exploit, but attacks always get worse, never better (cit). The bug is very
  very hard to catch in practice, it required manual analysis of the ziplist
  code in order to be found. However it is also possible that rarely it
  happened in the wild. Upgrading is required if you use LINSERT and other
  in-the-middle list manipulation commands.

4. We upgraded to Jemalloc 4.4.0 since the version we used to ship with Redis
  was an early 4.0 release of Jemalloc. This version may have several
  improvements including the ability to better reclaim/use the memory of
  system.

(fhajny)

Updated sysutils/consul to 0.7.4

(fhajny)

Update sysutils/consul to 0.7.4.

- agent: Integrated gopsutil library to use built in host UUID as node ID,
  if available, instead of a randomly generated UUID. This makes it easier
  for other applications on the same host to generate the same node ID
  without coordinating with Consul.
- agent: Added a configuration option, tls_min_version, for setting the
  minimum allowed TLS version used for the HTTP API and RPC.
- agent: Added a relay-factor option to keyring operations to allow nodes
  to relay their response through N randomly-chosen other nodes in the
  cluster.
- build: Consul is now built with Go 1.7.5.
- dns: Add ability to lookup Consul agents by either their Node ID or Node
  Name through the node interface (e.g. DNS (node-id|node-name).node.consul).
- dns: Fixed an issue where SRV lookups for services on a node registered
  with non-IP addresses were missing the CNAME record in the additional
  section of the response.

(fhajny)

Update python 3.x status after py-twisted now supports 3.x.

(wiz)

Updated net/py-lexicon to 1.2.4

(fhajny)

Update net/py-lexicon to 1.2.4.

lexicon 1.2.4
- Partially revert removing gandi and transip support.

lexicon 1.2.3
- Add functionality for handling delegated subdomains

(fhajny)

Add missing dependency on py-automat.
Update python-3.x status.
Bump PKGREVISION.

(wiz)

Update HOMEPAGE.

(wiz)

Updated www/nginx-devel to 1.11.9

(fhajny)

Update www/nginx-devel to 1.11.9.

Changes with nginx 1.11.9                                        24 Jan 2017

    *) Bugfix: nginx might hog CPU when using the stream module; the bug had
      appeared in 1.11.5.

    *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
      even if it was not enabled in the configuration.

    *) Bugfix: a segmentation fault might occur in a worker process if the
      "ssl_verify_client" directive of the stream module was used.

    *) Bugfix: the "ssl_verify_client" directive of the stream module might
      not work.

    *) Bugfix: closing keepalive connections due to no free worker
      connections might be too aggressive.
      Thanks to Joel Cunningham.

    *) Bugfix: an incorrect response might be returned when using the
      "sendfile" directive on FreeBSD and macOS; the bug had appeared in
      1.7.8.

    *) Bugfix: a truncated response might be stored in cache when using the
      "aio_write" directive.

    *) Bugfix: a socket leak might occur when using the "aio_write"
      directive.

Changes with nginx 1.11.8                                        27 Dec 2016

    *) Feature: the "absolute_redirect" directive.

    *) Feature: the "escape" parameter of the "log_format" directive.

    *) Feature: client SSL certificates verification in the stream module.

    *) Feature: the "ssl_session_ticket_key" directive supports AES256
      encryption of TLS session tickets when used with 80-byte keys.

    *) Feature: vim-commentary support in vim scripts.
      Thanks to Armin Grodon.

    *) Bugfix: recursion when evaluating variables was not limited.

    *) Bugfix: in the ngx_stream_ssl_preread_module.

    *) Bugfix: if a server in an upstream in the stream module failed, it
      was considered alive only when a test connection sent to it after
      fail_timeout was closed; now a successfully established connection is
      enough.

    *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio.

    *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0.

Changes with nginx 1.11.7                                        13 Dec 2016

    *) Change: now in case of a client certificate verification error the
      $ssl_client_verify variable contains a string with the failure
      reason, for example, "FAILED:certificate has expired".

    *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
      $ssl_client_v_end, and $ssl_client_v_remain variables.

    *) Feature: the "volatile" parameter of the "map" directive.

    *) Bugfix: dependencies specified for a module were ignored while
      building dynamic modules.

    *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
      directives client request body might be corrupted; the bug had
      appeared in 1.11.0.

    *) Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2; the bug had appeared in 1.11.3.

    *) Bugfix: in the ngx_http_mp4_module.
      Thanks to Congcong Hu.

    *) Bugfix: in the ngx_http_perl_module.

Changes with nginx 1.11.6                                        15 Nov 2016

    *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
      has been changed to follow RFC 2253 (RFC 4514); values in the old
      format are available in the $ssl_client_s_dn_legacy and
      $ssl_client_i_dn_legacy variables.

    *) Change: when storing temporary files in a cache directory they will
      be stored in the same subdirectories as corresponding cache files
      instead of a separate subdirectory for temporary files.

    *) Feature: EXTERNAL authentication mechanism support in mail proxy.
      Thanks to Robert Norris.

    *) Feature: WebP support in the ngx_http_image_filter_module.

    *) Feature: variables support in the "proxy_method" directive.
      Thanks to Dmitry Lazurkin.

    *) Feature: the "http2_max_requests" directive in the
      ngx_http_v2_module.

    *) Feature: the "proxy_cache_max_range_offset",
      "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and
      "uwsgi_cache_max_range_offset" directives.

    *) Bugfix: graceful shutdown of old worker processes might require
      infinite time when using HTTP/2.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: "ignore long locked inactive cache entry" alerts might appear
      in logs when proxying WebSocket connections with caching enabled.

    *) Bugfix: nginx did not write anything to log and returned a response
      with code 502 instead of 504 when a timeout occurred during an SSL
      handshake to a backend.

Changes with nginx 1.11.5                                        11 Oct 2016

    *) Change: the --with-ipv6 configure option was removed, now IPv6
      support is configured automatically.

    *) Change: now if there are no available servers in an upstream, nginx
      will not reset number of failures of all servers as it previously
      did, but will wait for fail_timeout to expire.

    *) Feature: the ngx_stream_ssl_preread_module.

    *) Feature: the "server" directive in the "upstream" context supports
      the "max_conns" parameter.

    *) Feature: the --with-compat configure option.

    *) Feature: "manager_files", "manager_threshold", and "manager_sleep"
      parameters of the "proxy_cache_path", "fastcgi_cache_path",
      "scgi_cache_path", and "uwsgi_cache_path" directives.

    *) Bugfix: flags passed by the --with-ld-opt configure option were not
      used while building perl module.

    *) Bugfix: in the "add_after_body" directive when used with the
      "sub_filter" directive.

    *) Bugfix: in the $realip_remote_addr variable.

    *) Bugfix: the "dav_access", "proxy_store_access",
      "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access"
      directives ignored permissions specified for user.

    *) Bugfix: unix domain listen sockets might not be inherited during
      binary upgrade on Linux.

    *) Bugfix: nginx returned the 400 response on requests with the "-"
      character in the HTTP method.

(fhajny)

Updated www/nginx to 1.10.3

(fhajny)

Update www/nginx to 1.10.3.

Changes with nginx 1.10.3                                        31 Jan 2017

    *) Bugfix: in the "add_after_body" directive when used with the
      "sub_filter" directive.

    *) Bugfix: unix domain listen sockets might not be inherited during
      binary upgrade on Linux.

    *) Bugfix: graceful shutdown of old worker processes might require
      infinite time when using HTTP/2.

    *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
      directives client request body might be corrupted; the bug had
      appeared in 1.10.2.

    *) Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2; the bug had appeared in 1.10.2.

    *) Bugfix: an incorrect response might be returned when using the
      "sendfile" directive on FreeBSD and macOS; the bug had appeared in
      1.7.8.

    *) Bugfix: a truncated response might be stored in cache when using the
      "aio_write" directive.

    *) Bugfix: a socket leak might occur when using the "aio_write"
      directive.

Changes with nginx 1.10.2                                        18 Oct 2016

    *) Change: the "421 Misdirected Request" response now used when
      rejecting requests to a virtual server different from one negotiated
      during an SSL handshake; this improves interoperability with some
      HTTP/2 clients when using client certificates.

    *) Change: HTTP/2 clients can now start sending request body
      immediately; the "http2_body_preread_size" directive controls size of
      the buffer used before nginx will start reading client request body.

    *) Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2 and the "proxy_request_buffering" directive.

    *) Bugfix: the "Content-Length" request header line was always added to
      requests passed to backends, including requests without body, when
      using HTTP/2.

    *) Bugfix: "http request count is zero" alerts might appear in logs when
      using HTTP/2.

    *) Bugfix: unnecessary buffering might occur when using the "sub_filter"
      directive; the issue had appeared in 1.9.4.

    *) Bugfix: socket leak when using HTTP/2.

    *) Bugfix: an incorrect response might be returned when using the "aio
      threads" and "sendfile" directives; the bug had appeared in 1.9.13.

    *) Workaround: OpenSSL 1.1.0 compatibility.

(fhajny)

Patch Nginx eventport support to fix a situation where Nginx can stop servicing events when port_getn() returns a timeout.

(fhajny)

updates to texworks and py-cxfreeze

(markd)

Update to py-cxfreeze 5.0.1

Version 5.0.1 (January 2017)
* Added support for Python 3.6.
* Corrected hooks for the pythoncom and pywintypes modules.
* Use realpath() to get the absolute path of the executable; this resolves
  symbolic links and ensures that changing the path before all imports are
  complete does not result in the executable being unable to find modules.

Version 5.0 (November 2016)
* Added support for Python 3.5.
* Switched from using C compiled frozen modules which embed part of the
  standard library to using the default named zip file and library file
  locations. This eliminates the need to recompile cx_Freeze for each new
  Python version as no parts of the standard library are included in the
  installation now. This also implies that appending a zip file to the
  executable is no longer supported since the standard name and location
  are used.
* Removed unnecessary options and parameters from cx_Freeze.
* Added support for Win32Service base with Python 3.x.
* Add __version__ as an alias to version.
* Updated hooks for PyQt, h5py.
* Reallow including modules with non-identifier names.
* Fix 窶殿dd-to-path writing to the per-user instead of system environment
* Do not import excluded submodules.
* Add pyzmq hook
* Add copyright and trademarks to version information
* Fix compilation on Ubuntu
* Set defaults in class directly, rather than as defaults in the function
  signature.
* Added support for storing packages in the file system instead of in the
  zip file. There are a number of packages that assume that they are found
  in the file system and if found in a zip file instead produce strange
  errors.
* Significantly simplified startup code.
* Added logging statements for improved debugging.
* Updated samples to handle recent updates to packages.
* Avoid infinite loop for deferred imports which are cycles of one another.

Version 4.3.4 (December 2014)
* Rebuilt for Python 3.4.2. Dropped support for Python versions less than 2.6.
* Correct stale comment.
* Fix processing path specs from config when targets are not explicit.
* Tweaks to improve compiling with MSVC 10 (2010) on Windows.
* Added support for using the 窶電eep and 窶途esource-rules options when code
  signing through cx_Freeze on OS X.
* Catch error if GetDependentFiles() is called on a non-library
* Added FAQ entry on single file executables
* Only look one level deep for implicit relative imports
* Removed statement that was filtering out the ntpath module.

Version 4.3.3 (May 2014)
* Added support for release version of 3.4
* Added support for code signing in bdist_mac
* Added custom Info.plist and Framework suport to bdist_mac
* Added support for resolving dependencies on OS X where paths are relative
* Added hook for QtWebKit module
* Added support for finding packages inside zip files
* Ensure that syntax errors in code do not prevent freezing from taking
  place but simply ignore those modules
* Init scripts now use code that works in both Python 2 and 3
* Simplify service sample
* Fix documentation for bdist_dmg
* All options that accept multiple values are split on commas as documented

Version 4.3.2 (October 2013)
* Added support for Python 3.4.
* Added hooks for PyQt4, PyQt5 and PySide to handle their plugins.
* Added support for creating a shortcut/alias to the Applications directory
  within distributed DMG files for OS X.
* Improve missing modules output.
* Avoid polluting the extension module namespace when using the bootstrap
  module to load the extension.
* Added support for using setuptools and pip if such tools are available.
* Added first tests; nose and mock are required to run them.
* Remove 窶澱undle-iconfile in favor of 窶妬confile as a more generic method of
  including the icon for bdist_mac.
* Documentation improved and FAQ added.
* Converted samples to follow PEP 8.

Version 4.3.1 (November 2012)
* Added support for the final release of Python 3.3.
* Added support for copying the MSVC runtime DLLs and manifest if desired
  by using the 窶妬nclude-msvcr switch.
* Clarified the documentation on the 窶途eplace-paths option.

Version 4.3 (July 2012)
* Added options to build Mac OS X application bundles and DMG packages
  using bdist_mac and bdist_dmg distutils commands.
* The documentation is now using Sphinx, and is available on ReadTheDocs.org.
* Added support for Python 3.3 which uses a different compiled file format
  than earlier versions of Python.
* Added support for Windows services which start automatically and which are
  capable of monitoring changes in sessions such as lock and unlock.
* New cxfreeze-quickstart wizard to create a basic setup.py file. Initially
  written by Thomas Kluyver.
* Included files under their original name can now be passed to include_files
  as a tuple with an empty second element.
* File inclusions/exclusions can now be specified using a full path, or a
  shared library name with a version number suffix.

(markd)

Update texworks to 0.6.1

Release 0.6.1 (TL'16) [May 2016]
        * Fix "Jump to Source" from PDF context menu
        * Fix fine-sync'ing close to PDF line boundaries
        * Fix loading of Qt-global translations
        * Fix pixel-alignment after zoomFitWindow in continuous mode
        * Fix handling of changing scroll bar visibilities in zoomFitWidth and
          zoomFitWindow
        * Allow horizontal scrolling by Shift+MouseWheel
        * Update translations

Release 0.6.0 (TL'16) [April 2016]
        * Complete redesign of the PDF previewer using QtPDF by Charlie Sharpsteen
        * Fast and responsive preview even at very high magnifications
        * New page modes: continuous scrolling and two-column layout
        * Text selection/copying from the PDF
        * Go back to previous view after clicking on a link using Alt+left arrow

        * Fix disappearing spellcheck underline with some fonts/font sizes in Qt 5
        * Update the width of the line number display when changing the editor font
        * Show a note in the "About Scripts" dialog for disabled script languages
        * Explicitly add a "Quit TeXworks" menu item to the global menubar on
          Mac OS X

        * Make Qt5 the default framework for building TeXworks
        * Use Travis CI for continuous integration tests and builds for Windows and
          Mac OS X
        * Add support for Lua 5.3

Release 0.4.6 (TL'15) [April 2015]
        * Implement character-level synchronization by using text searching to
          assist SyncTeX
        * Lift hardwrap line length limitation and implement (hard) unwrap
        * Always show console output tab while typesetting to show progress
        * Improve the handling of UTF-8 byte order marks
        * Improve the log parsing script
        * Improve the handling of script errors

        * Work around a race condition that causes lines to become invisible,
          subsequently leading to a crash
        * Fix incorrectly accumulating indent
        * Fix SyncTeX initialization with non-ASCII filenames
        * Fix selection of whole lines and when selecting right-to-left
        * Fix hangs and crashes when using "Fit to ..." in the PDF view
        * Fix a crash when running an invalid system command from scripts
        * Fix encoding issues when reading environment variables
        * Fix scrolling when searching for multi-line strings
        * Fix auto-completion when working with RTL languages
        * Improve the handling of Retina displays in Mac OS X
        * Fix a crash when opening PDF files from the Windows Explorer
        * Provide texworks.appdata.xml for *nix platforms

        * Fix compilation with Qt 5
        * Improve the CMake build system
        * Add support for Lua 5.2
        * Move development from Google Code to GitHub

(markd)

Test for freetype needs pkg-config

(markd)

Updated devel/nasm to 2.12.02

(adam)