Use the curses framework.

(roy)

Use the curses framework.

(roy)

Use the curses framework.

(roy)

Use the curses framework.

(roy)

Use the curses framework.

(roy)

Use the curses framework.

(roy)

Use the curses framework.

(roy)

Move to the curses framework.

(roy)

smirk builds fine with NetBSD curses.
However, it now needs patches to include stdarg.h in a few places...

(roy)

Typo

(roy)

Use curses framework, may fix PR pkg/47472.

(roy)

Remove custom linkage, termcap should provide enough.

(roy)

Support python-3.6.

(wiz)

Move to the curses framework.

(roy)

Move to the curses framework.

(roy)

Move to the curses framework.

(roy)

Updated chat/ejabberd to 16.12

(fhajny)

Update chat/ejabberd to 16.12.

API / integration
- New API permissions framework

Commands
- Add configurable weight for ejabberd commands
- add_rosteritem: Support several groups separated by ;
- create_rooms_file: Fix reading room jids from file
- delete_old_messages: Fix command for SQL backends
- send_message: Don't duplicate the message
- Remove obsolete remove_node command (use leave_cluster)
- Fix reload_config
- Cleanup mod_admin_extra, add few functions
- Expose unregister API command

Core XMPP
- New BOSH module
- Use fxml_gen XML generator
- Use our new stand-alone XMPP library instead of jlib.erl
- Don't let MAM messages go into offline storage
- Add xdata generator for XMPP data form
- Get rid of excessive (io)list_to_binary/1 calls

HTTP
- Add authentication support to mod_http_fileserver
- ejabberd_http: Handle missing POST data gracefully
- Use inets instead of lhttpc in http_p1
- Add http_p1.erl, rest.erl, and oauth2 ReST backend for OAuth2 tokens

MUC
- Create room on configuration request as per XEP-0045, 10.1.3
- Ensure that presence_broadcast room option is stored
- Fix conference disco#items when running multiple virtual hosts
- Fix Result Set Management (RSM) for conference disco#items
- Introduce muc_invite hook
- Make the constant MAX_ROOMS_DISCOITEMS configurable
- mod_carboncopy: Don't copy MUC private messages

MUC/Sub
- Store the flag "Allow Subscription" room option in database
- When getting list of subscribed rooms, also check temporary ones
- Add password support in muc_subscribe
- When unsubscribes, check if room should get closed

Pubsub
- Enforce pubsub node removal
- Relational databases support
- Append ; to privacy_list_data exporting lines
- Improve relational database import

Build
- Make build system compatible with rebar3
- Produce ejabberd.service and fix for systemd usage
- Cleanup ext_mod and fix compilation path
- Fix compilation of external module with new xmpp lib

(fhajny)

Move to curses framework.

(roy)

Added net/erlang-xmpp version 1.1.4

(fhajny)

Import erlang-xmpp-1.1.14 as net/erlang-xmpp.

Fast Expat based Erlang XML parsing and manipulation library, with
a strong focus on XML stream parsing from network.

(fhajny)

Updated net/erlang-esip to 1.0.10

(fhajny)

Update net/erlang-esip to 1.0.10.

Version 1.0.10
- Use stun 1.0.9
- Use fast_tls 1.0.9

Version 1.0.9
- Use p1_utils 1.0.6
- Make sure esip_codec isn't compiled to native code
- Update fast_tls and stun

(fhajny)

Updated net/erlang-stun to 1.0.9

(fhajny)

Update net/erlang-stun to 1.0.9.

Version 1.0.9
- Use fast_tls 1.0.9

Version 1.0.8
- Use p1_utils 1.0.6
- Update Fast TLS

(fhajny)

Updated security/erlang-fast_tls to 1.0.9

(fhajny)

Update security/erlang-fast_tls to 1.0.9.

Version 1.0.9
- Fix problem with compilation agains libressl
- Make tests use localy build c library instead of system one

Version 1.0.8
- Use p1_utils 1.0.6
- Make it possible to decode certificate to OTP format
- Make sure p1_sha isn't compiled to native code

(fhajny)

Updated devel/erlang-cache_tab to 1.0.5

(fhajny)

Update devel/erlang-cache_tab to 1.0.5.

- Use p1_utils v1.0.6

(fhajny)

Updated converters/erlang-iconv to 1.0.3

(fhajny)

Update converters/erlang-iconv to 1.0.3.

- Use p1_utils 1.0.6
- Make sure iconv isn't compiled to native code

(fhajny)

Updated databases/erlang-p1_pgsql to 1.1.1

(fhajny)

Update databases/erlang-p1_pgsql to 1.1.1.

- adding timeout to pgsql:squery
- Decode int4 and int8 as signed integers
- Better error handling in pgsql:squery

(fhajny)

Updated databases/erlang-p1_mysql to 1.0.2

(fhajny)

Update databases/erlang-p1_mysql to 1.0.2.

- accepting query as iodata() on p1_mysql_conn:squery/4 function

(fhajny)

Updated textproc/erlang-stringprep to 1.0.7

(fhajny)

Updated textproc/erlang-fast_yaml to 1.0.7

(fhajny)

Update textproc/erlang-stringprep to 1.0.7.

- Use p1_utils 1.0.6
- Fix tests
- Make sure stringprep isn't compiled to native code

(fhajny)

Update textproc/erlang-fast_yaml.

- Use p1_utils 1.0.6
- Make sure fast_yaml isn't compiled to native code

(fhajny)

chrony does not use curses.

(roy)

Pass --without-lz4 to libarchive bootstrap, avoids issues on Gentoo where
the native lz4 is found.

(jperkin)

Include a non-versioned symlink to work for includes. PKGREVISION++

(fhajny)

Move to the curses framework.

(roy)

Allow dhex to use system curses.

(roy)

Allow python-3.6.

(wiz)

Fix license.

(wiz)

- Correction to gdbm option, merge duplicated lines

(mef)

Updated www/lighttpd to 1.4.44

(mef)

Updated www/lighttpd to 1.4.44
------------------------------
- 1.4.44
  * [mod_scgi] fix segfault (fixes #2762)
  * [mod_authn_gssapi] fix memory leak
  * [config] warn if mod_authn_ldap,mysql not listed
  * [mod_magnet] fix magnet_cgi_set() set of env vars (fixes #2763)
  * [mod_cgi] FreeBSD 9.3/MacOSX does not have pipe2() (fixes #2765)
  * [mod_extforward] fix crash on invalid IP (fixes #2766)
  * [mod_fastcgi] fix segfault if all backends down (fixes #2768)
  * [mod_cgi] fix out of sockets error for POST to CGI (fixes #2771)
  * [mod_auth] compile fix for Mac OS X XCode (fixes #2772)
  * [mod_authn_gssapi] better resource cleanup
  * [core] compile fix for Mac OS X 10.6 (old) (fixes #2773)
  * fix race in dynamic handler configs (reentrancy) (fixes #2774)
  * [mod_authn_mysql] close mysql_conn in cleanup
  * [mod_webdav] compile fix when locking not enabled
  * load mod_auth & mod_authn_file in sample/test.conf
  * comment out auth.backend.ldap.* in tests/*.conf
  * [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
  * RAND_pseudo_bytes() is deprecated in openssl 1.1.0
  * openssl 1.1.0 init and cleanup
  * [mod_cgi] remove direct calls to network_backend*
  * [build] build network_*.c into lighttpd executable
  * suggest inclusion of mod_geoip... before mod_ssi.
  * set systemd settings similar to lighttpd2
  * [doc] remove reference to Linux rt-signals
  * [mod_authn_gssapi] fix missing error ret, coverity
  * [core] rename li_rand() to li_rand_pseudo_bytes()
  * remove #include "stream.h" where not used
  * [mod_cml] include lua headers before base.h
  * [core] combine duplicated connection reset code
  * [mod_ssi] produce content in subrequest hook
  * [core] remove srv->entropy[]
  * [core] defer li_rand_init() until first use
  * [core] permit connection-level state in modules
  * [mod_dirlisting] render dirlisting as HTML (fixes #2767)
  * [mod_proxy] replace HTTP Host sent to backend (fixes #2770)
  * [mod_ssi] basic recursive SSI include virtual (fixes #536)
  * [mod_ssi] implement, ignore <!--#comment ... -->
  * [core] consolidate duplicated read-to-close code
  * [core] fix segfault when parsing a bad config file
  * [core] support Transfer-Encoding: chunked req body (fixes #2156)
  * [autobuild] set NO_RDYNAMIC=yes for midipix
  * [mod_proxy] proxy.balance = "sticky" option (fixes #2117)
  * [mod_secdownload] warn if SHA used w/o SSL crypto
  * [build] compile fixes for AIX
  * [build] check for pipe2() at configure time
  * [mod_evhost] fix an incorrect error trace
  * [tests] mark tests/docroot/www/*.pl scripts a+x
  * [mod_cgi] fall back to pipe() if pipe2() fails
  * fix SCons fullstatic build with glibc pthreads
  * [TLS] openssl 1.1.0 makes SSL_OP_NO_SSLv2 no-op
(pkgsrc changes)
- Add Selection on PLIST depending on options

(mef)

Let bg-installer follow the .so symlinks. Fixes install on at least NetBSD.

(schmonz)

Use "${MV} || ${TRUE}" and "${RM} -f" consistently in post-install targets.

(jperkin)

Do not attempt to detect ISA, it conflicts with wrappers.  Fixes SunOS.

(jperkin)

Updated textproc/erlang-fast_xml to 1.1.18

(fhajny)

Update textproc/erlang-fast_xml to 1.1.18.

Version 1.1.18
- Use p1_utils 1.0.6
- fix xref with otp 17

Version 1.1.17
- Add 'undefined' type to some record fields type specs

Version 1.1.16
- Improve XML generator

(fhajny)

Updated misc/erlang-p1_utils to 1.0.6

(fhajny)

Update misc/erlang-p1_utils to 1.0.6.

- Add p1_http

(fhajny)

Updated databases/elasticsearch to 5.1.1

(fhajny)

Update databases/elasticsearch to 5.1.1.

== 5.1.1 Release Notes

=== Breaking changes

Aliases::
- Validate alias names the same as index names

REST::
- Remove lenient stats parsing 5.x

=== Breaking Java changes

Discovery::
- Remove pluggability of ElectMasterService

Exceptions::
- Remove `IndexTemplateAlreadyExistsException` and
  `IndexShardAlreadyExistsException`
- Replace IndexAlreadyExistsException with
  ResourceAlreadyExistsException
- Backport: Replace IndexAlreadyExistsException with
  ResourceAlreadyExistsException

Internal::
- Pass executor name to request interceptor to support async intercept
  calls

Network::
- Unguice Transport and friends

Plugins::
- Plugins: Remove support for onModule

=== Deprecations

Analysis::
- Deprecating request parameters of _analyze API in 5.x

CRUD::
- Deprecate VersionType.FORCE

Core::
- Add deprecation logging for users that explicitly opt in for the
  `default` fs type.

Mapping::
- Deprecate `timestamp` and `ttl` on index requests.

Query DSL::
- Add deprecation logging for lenient boolean queries
- Add deprecation logging message for 'fuzzy' query

Search::
- Deprecate ignored type parameter in search_shards api

Settings::
- Add deprecation logging for the case that store throttling is used.

=== New features

Analysis::
- Expose Lucenes Ukrainian analyzer

CAT API::
- Provides a cat api endpoint for templates.

Query DSL::
- Add "all fields" execution mode to simple_query_string query
- Add support for `quote_field_suffix` to `simple_query_string`.
- Add "all field" execution mode to query_string query

Reindex API::
- Add automatic parallelization support to reindex and friends

=== Enhancements

Aggregations::
- Rescorer should be applied in the TopHits aggregation

Allocation::
- Balance step in BalancedShardsAllocator for a single shard
- Process more expensive allocation deciders last
- Separates decision making from decision application in
  BalancedShardsAllocator
- Split allocator decision making from decision application

Analysis::
- Remove AnalysisService and reduce it to a simple name to analyzer
  mapping

CAT API::
- Adding built-in sorting capability to _cat apis.
- Add health status parameter to cat indices API

Cache::
- Do not cache term queries.
- Parse alias filters on the coordinating node

Cluster::
- Cache successful shard deletion checks

Core::
- Reduce memory pressure when sending large terms queries.
- Install a security manager on startup
- Log node ID on startup
- Ensure source filtering automatons are only compiled once
- Improve scheduling fairness when batching cluster state changes with
  equal priority
- Do not log full bootstrap checks exception

Exceptions::
- Add BWC layer for Exceptions

Geo::
- Optimize geo-distance sorting.

Ingest::
- add `ignore_missing` option to SplitProcessor

Internal::
- Rename ClusterState#lookupPrototypeSafe to `lookupPrototype` and
  remove "unsafe" unused variant
- ShardActiveResponseHandler shouldn't hold to an entire cluster state
- Remove unused ClusterService dependency from SearchPhaseController
- Remove special case in case no action filters are registered
- Use TimveValue instead of long for CacheBuilder methods
- Remove SearchContext#current and all it's threadlocals

Java REST Client::
- Provide error message when rest request path is null

Logging::
- Log failure to connect to node at info instead of debug
- Truncate log messages from the end
- Logging shutdown hack
- Disable console logging

Mapping::
- Create the QueryShardContext lazily in DocumentMapperParser.

Network::
- Grant Netty permission to read system somaxconn
- Lazy resolve unicast hosts
- Fix handler name on message not fully read
- Handle rejected pings on shutdown gracefully

Packaging::
- Add empty plugins dir for archive distributions
- Make explicit missing settings for Windows service
- Change permissions on config files

Plugin Lang Painless::
- Add Debug.explain to painless
- Implement the ?: operator in painless
- In painless suggest a long constant if int won't do
- Support decimal constants with trailing [dD] in painless
- Implement reading from null safe dereferences
- Painless negative offsets

Plugin Repository S3::
- Make the default S3 buffer size depend on the available memory.

Plugins::
- Clarify that plugins can be closed
- Plugins: Convert custom discovery to pull based plugin
- Removing plugin that isn't installed shouldn't trigger usage
  information
- Remove pluggability of ZenPing
- Make UnicastHostsProvider extension pull based

Query DSL::
- Using ObjectParser in MatchAllQueryBuilder and IdsQueryBuilder
- Expose splitOnWhitespace in `Query String Query`
- Throw error if query element doesn't end with END_OBJECT
- Remove `lowercase_expanded_terms` and `locale` from query-parser
  options.

Reindex API::
- Make reindex-from-remote ignore unknown fields

Scripting::
- Wrap VerifyError in ScriptException
- Support binary field type in script values
- Mustache: Add
- Expose `ctx._now` in update scripts

Search::
- Add indices and filter information to search shards api output
- remove pointless catch exception in TransportSearchAction
- Optimize query with types filter in the URL (t/t/_search)
- Makes search action cancelable by task management API

Search Templates::
- Add profile and explain parameters to template API

Snapshot/Restore::
- Abort snapshots on a node that leaves the cluster

Stats::
- Remove load average leniency
- Strengthen handling of unavailable cgroup stats
- Add basic cgroup CPU metrics

Task Manager::
- Add search task descriptions

Tribe Node::
- Add support for merging custom meta data in tribe node

=== Bug fixes

Aggregations::
- Rewrite Queries/Filter in FilterAggregationBuilder and ensure client
  usage marks query as non-cachable
- Percentiles bucket fails for 100th percentile
- Thread safety for scripted significance heuristics

Allocation::
- Allow master to assign primary shard to node that has shard store
  locked during shard state fetching

Analysis::
- Can load non-PreBuiltTokenFilter in Analyze API

CAT API::
- Consume `full_id` request parameter early

Cache::
- Fix the request cache keys to not hold references to the
  SearchContext.

Circuit Breakers::
- ClusterState publishing shouldn't trigger circuit breakers

Cluster::
- Remove cluster update task when task times out

Core::
- Add a StreamInput#readArraySize method that ensures sane array sizes
- Use a buffer to do character to byte conversion in
  StreamOutput#writeString
- Fix ShardInfo#toString
- Protect BytesStreamOutput against overflows of the current number of
  written bytes.
- Return target index name even if _rollover conditions are not met
- .es_temp_file remains after system crash, causing it not to start
  again

Dates::
- Fix time zone rounding edge case for DST overlaps

Engine::
- Die with dignity on the Lucene layer
- Fix `InternalEngine#isThrottled` to not always return `false`.
- Retrying replication requests on replica doesn't call `onRetry`

Highlighting::
- Fix FiltersFunctionScoreQuery highlighting
- Fix highlighting on a stored keyword field

Index APIs::
- Validate the `_rollover` target index name early to also fail if
  dry_run=true

Index Templates::
- Fix integer overflows when dealing with templates.

Ingest::
- fix trace_match behavior for when there is only one grok pattern
- Stored scripts and ingest node configurations should be included into
  a snapshot

Inner Hits::
- Skip adding a parent field to nested documents.

Internal::
- Rethrow ExecutionException from the loader to concurrent callers of
  Cache#computeIfAbsent
- Restore thread's original context before returning to the ThreadPool
- Fix NPE in SearchContext.toString()
- Source filtering should treat dots in field names as sub objects.

Java API::
- Transport client: Fix remove address to actually work
- Add a HostFailureListener to notify client code if a node got
  disconnected
- Fix InternalSearchHit#hasSource to return the proper boolean value
- Null checked for source when calling sourceRef
- ClusterAdminClient.prepareDeletePipeline method should accept pipeline
  id to delete

Java REST Client::
- Rest client: don't reuse the same HttpAsyncResponseConsumer across
  multiple retries

Logging::
- Do not prematurely shutdown Log4j
- Assert status logger does not warn on Log4j usage
- Fix logger names for Netty

Mapping::
- Fail to index fields with dots in field names when one of the
  intermediate objects is nested.
- Uncommitted mapping updates should not efect existing indices

Network::
- DiscoveryNode and TransportAddress should preserve host information
- Die with dignity on the network layer
- Prevent double release in TcpTransport if send listener throws an
  exception

Packaging::
- Set vm.max_map_count on systemd package install
- Export ES_JVM_OPTIONS for SysV init
- Debian: configure start-stop-daemon to not go into background
- Generate POM files with non-wildcard excludes

Plugin Lang Painless::
- Test fix for def equals in Painless
- Fix a VerifyError bug in Painless
- Fix Lambdas in Painless to be Able to Use Top-Level Variables Such as
  params and doc

Plugin Mapper Attachment::
- NPE is raised when defining a non existing type within attachments
  type

Query DSL::
- Fixes date range query using epoch with timezone
- Allow overriding all-field leniency when `lenient` option is specified
- Max score should be updated when a rescorer is used

REST::
- Strict level parsing for indices stats
- The routing query string param is supported by mget but was missing
  from the rest spec
- fix thread_pool_patterns path variable definition
- ensure the XContentBuilder is always closed in RestBuilderListener
- XContentBuilder: Avoid building self-referencing objects

Reindex API::
- Ignore IllegalArgumentException with assertVersionSerializable
- Bump reindex-from-remote's buffer to 200mb
- Fix reindex-from-remote for parent/child from <2.0

Search::
- Fix match_phrase_prefix on boosted fields
- Respect default search timeout
- Remove LateParsingQuery to prevent timestamp access after context is
  frozen

Search Templates::
- SearchTemplateRequest to implement CompositeIndicesRequest

Settings::
- Handle spaces in `action.auto_create_index` gracefully
- Fix settings diff generation for affix and group settings
- Don't reset non-dynamic settings unless explicitly requested

Snapshot/Restore::
- Fixes shard level snapshot metadata loading when index-N file is
  missing
- Ensures cleanup of temporary index-* generational blobs during
  snapshotting
- Fixes get snapshot duplicates when asking for _all
- Keep snapshot restore state and routing table in sync (5.x backport)

Task Manager::
- Task cancellation command should wait for all child nodes to receive
  cancellation request before returning

Tribe Node::
- Add socket permissions for tribe nodes

=== Upgrades

Core::
- Upgrade to lucene-6.3.0.

Dates::
- Update Joda Time to version 2.9.5

Logging::
- Upgrade Log4j 2 to version 2.7

Network::
- Upgrade to Netty 4.1.6

Plugin Ingest Attachment::
- Update to Tika 1.14

== 5.0.2 Release Notes

=== Enhancements

Core::
- Install a security manager on startup

Exceptions::
- Add BWC layer for Exceptions

Logging::
- Truncate log messages from the end

Scripting::
- Wrap VerifyError in ScriptException

Snapshot/Restore::
- Abort snapshots on a node that leaves the cluster

=== Bug fixes

Allocation::
- Allow master to assign primary shard to node that has shard store
  locked during shard state fetching

Cluster::
- Remove cluster update task when task times out

Core::
- Add a StreamInput#readArraySize method that ensures sane array sizes
- Use a buffer to do character to byte conversion in
  StreamOutput#writeString

Engine::
- Die with dignity on the Lucene layer
- Fix `InternalEngine#isThrottled` to not always return `false`.

Index Templates::
- Fix integer overflows when dealing with templates.

Ingest::
- fix trace_match behavior for when there is only one grok pattern

Internal::
- Rethrow ExecutionException from the loader to concurrent callers of
  Cache#computeIfAbsent
- Fixes potential NullPointerException on shard closing

Java API::
- Transport client: Fix remove address to actually work
- Add a HostFailureListener to notify client code if a node got
  disconnected

Logging::
- Do not prematurely shutdown Log4j

Network::
- Die with dignity on the network layer

Plugin Lang Painless::
- Fix a VerifyError bug in Painless
- Fix Lambdas in Painless to be Able to Use Top-Level Variables Such as
  params and doc

Search::
- Respect default search timeout

Settings::
- Don't reset non-dynamic settings unless explicitly requested

Tribe Node::
- Add socket permissions for tribe nodes

(fhajny)

Update HOMEPAGE

(ryoon)

Updated lang/erlang* to 19.2

(fhajny)

Update lang/erlang{,-doc,-man} to 19.2.

Erlang/OTP 19.2 is the second service release for the 19 major release.
The service release contains mostly bug fixes and characteristics
improvements.

Some highlights for 19.2

* STDLIB: The new behaviour gen_statem has been improved with 3 new
  features: the possibility to use old style non-proxy timeouts
  for gen_statem:call/2,3, state entry code, and state
  timeouts. These are backwards compatible. Minor code and
  documentation improvements has been performed including a
  borderline semantics correction of timeout zero handling.

* SSL: Experimental version of DTLS. It is runnable but not complete
  and cannot be considered reliable for production usage. To use
  DTLS add the option {protocol, dtls} to ssl:connect and ssl:listen.

* SSH: Extended the option silently_accept_hosts for ssh:connect to
  make it possible for the client to check the SSH host key
  fingerprint string. Se the reference manual for SSH.

* ~40 contributions since the previous service release OTP 19.1

You can find the README and the full listing of changes for this
service release at

http://www.erlang.org/download/otp_src_19.2.readme

(fhajny)

Updated security/vault to 0.6.4

(fhajny)

Update security/vault to 0.6.4

SECURITY:

- default Policy Privilege Escalation: If a parent token did not have
  the default policy attached to its token, it could still create
  children with the default policy. This is no longer allowed (unless
  the parent has sudo capability for the creation path). In most cases
  this is low severity since the access grants in the default policy are
  meant to be access grants that are acceptable for all tokens to have.
- Leases Not Expired When Limited Use Token Runs Out of Uses: When
  using limited-use tokens to create leased secrets, if the
  limited-use token was revoked due to running out of uses (rather than
  due to TTL expiration or explicit revocation) it would fail to revoke
  the leased secrets. These secrets would still be revoked when their
  TTL expired, limiting the severity of this issue. An endpoint has been
  added (auth/token/tidy) that can perform housekeeping tasks on the
  token store; one of its tasks can detect this situation and revoke the
  associated leases.

FEATURES:

- Policy UI (Enterprise): Vault Enterprise UI now supports viewing,
  creating, and editing policies.

IMPROVEMENTS:

- http: Vault now sets a no-store cache control header to make it more
  secure in setups that are not end-to-end encrypted

BUG FIXES:

- auth/ldap: Don't panic if dialing returns an error and starttls is
  enabled; instead, return the error
- ui (Enterprise): Submitting an unseal key now properly resets the
  form so a browser refresh isn't required to continue.

0.6.3 (December 6, 2016)

DEPRECATIONS/CHANGES:

- Request size limitation: A maximum request size of 32MB is imposed
  to prevent a denial of service attack with arbitrarily large
  requests
- LDAP denies passwordless binds by default: In new LDAP mounts, or
  when existing LDAP mounts are rewritten, passwordless binds will be
  denied by default. The new deny_null_bind parameter can be set to
  false to allow these.
- Any audit backend activated satisfies conditions: Previously, when a
  new Vault node was taking over service in an HA cluster, all audit
  backends were required to be loaded successfully to take over active
  duty. This behavior now matches the behavior of the audit logging
  system itself: at least one audit backend must successfully be loaded.
  The server log contains an error when this occurs. This helps keep a
  Vault HA cluster working when there is a misconfiguration on a standby
  node.

FEATURES:

- Web UI (Enterprise): Vault Enterprise now contains a built-in web UI
  that offers access to a number of features, including
  init/unsealing/sealing, authentication via userpass or LDAP, and K/V
  reading/writing. The capability set of the UI will be expanding
  rapidly in further releases. To enable it, set ui = true in the top
  level of Vault's configuration file and point a web browser at your
  Vault address.
- Google Cloud Storage Physical Backend: You can now use GCS for
  storing Vault data

IMPROVEMENTS:

- auth/github: Policies can now be assigned to users as well as to
  teams
- cli: Set the number of retries on 500 down to 0 by default (no
  retrying). It can be very confusing to users when there is a pause
  while the retries happen if they haven't explicitly set it. With
  request forwarding the need for this is lessened anyways.
- core: Response wrapping is now allowed to be specified by backend
  responses (requires backends gaining support)
- physical/consul: When announcing service, use the scheme of the
  Vault server rather than the Consul client
- secret/consul: Added listing functionality to roles
- secret/postgresql: Added revocation_sql parameter on the role
  endpoint to enable customization of user revocation SQL statements
- secret/transit: Add listing of keys

BUG FIXES:

- api/unwrap, command/unwrap: Increase compatibility of unwrap command
  with Vault 0.6.1 and older
- api/unwrap, command/unwrap: Fix error when no client token exists
- auth/approle: Creating the index for the role_id properly
- auth/aws-ec2: Handle the case of multiple upgrade attempts when
  setting the instance-profile ARN
- auth/ldap: Avoid leaking connections on login
- command/path-help: Use the actual error generated by Vault rather
  than always using 500 when there is a path help error
- command/ssh: Use temporary file for identity and ensure its deletion
  before the command returns
- cli: Fix error printing values with -field if the values contained
  formatting directives
- command/server: Don't say mlock is supported on OSX when it isn't.
- core: Fix bug where a failure to come up as active node (e.g. if an
  audit backend failed) could lead to deadlock
- physical/mysql: Fix potential crash during setup due to a query
  failure
- secret/consul: Fix panic on user error

(fhajny)

Updated sysutils/consul to 0.7.2

(fhajny)

Update sysutils/consul to 0.7.2

FEATURES:

- Keyring API: A new /v1/operator/keyring HTTP endpoint was added that
  allows for performing operations such as list, install, use, and
  remove on the encryption keys in the gossip keyring.
- Monitor API: A new /v1/agent/monitor HTTP endpoint was added to allow
  for viewing streaming log output from the agent, similar to the consul
  monitor command.
- Reload API: A new /v1/agent/reload HTTP endpoint was added for
  triggering a reload of the agent's configuration.
- Leave API: A new /v1/agent/leave HTTP endpoint was added for causing
  an agent to gracefully shutdown and leave the cluster (previously,
  only force-leave was present in the HTTP API).
- Bind Address Templates (beta): Consul agents now allow
  go-sockaddr/template syntax to be used for any bind address
  configuration (advertise_addr, bind_addr, client_addr, and others).
- Complete ACL Coverage (beta): Consul 0.8 will feature complete ACL
  coverage for all of Consul.

IMPROVEMENTS:

- agent: Defaults to ?pretty JSON for HTTP API requests when in -dev
  mode.
- agent: Updated Circonus metrics library and added new Circonus
  configration options for Consul for customizing check display name and
  tags.
- agent: Added a checksum to UDP gossip messages to guard against packet
  corruption.
- agent: Check whether a snapshot needs to be taken more often (every 5
  seconds instead of 2 minutes) to keep the raft file smaller and to
  avoid doing huge truncations when writing lots of entries very quickly.
- agent: Allow gossiping to suspected/recently dead nodes.
- agent: Changed the gossip suspicion timeout to grow smoothly as the
  number of nodes grows.
- agent: Added a deprecation notice for Atlas features to the CLI and
  docs.
- agent: Give a better error message when the given data-dir is not a
  directory.

BUG FIXES:

- agent: Fixed a panic when SIGPIPE signal was received.
- api: Added missing Raft index fields to CatalogService structure.
- api: Added missing notes field to AgentServiceCheck structure.
- api: Changed type of AgentServiceCheck.TLSSkipVerify from string to
  bool.
- api: Added new HealthChecks.AggregatedStatus() method that makes it
  easy get an overall health status from a list of checks.
- api: Changed type of KVTxnOp.Verb from string to KVOp.
- cli: Fixed an issue with the consul kv put command where a negative
  value would be interpreted as an argument to read from standard input.
- ui: Fixed an issue where extra commas would be shown around service
  tags.
- ui: Customized Bootstrap config to avoid missing font file references.
- ui: Removed "Deregister" button as removing nodes from the catalog
  isn't a common operation and leads to lots of user confusion.

(fhajny)

Updated textproc/py-xlsxwriter to 0.9.6

(fhajny)

Update textproc/py-xlsxwriter to 0.9.6.

Release 0.9.6 - Dec 26 2016
---------------------------

* Fix for table with data but without a header.

* Add a warning when the number of series in a chart exceeds Excel's limit
  of 255.

Release 0.9.5 - Dec 24 2016
---------------------------

* Fix for missing `remove_timezone` option in Chart class.

Release 0.9.4 - Dec 2 2016
--------------------------

* Added user definable removal of timezones in datetimes. See the
  :func:`Workbook` constructor option ``remove_timezone`` and :ref:`Timezone
  Handling in XlsxWriter <timezone_handling>`.

* Fix duplicate header warning in :func:`add_table` when there is only one
  user defined header.

* Fix for `center_across` property in :func:`add_format`.

(fhajny)

Updated databases/redis to 3.2.6

(fhajny)

Update databases/redis to 3.2.6.

This release mainly fixes three bugs:

1. A bug with BITFIELD that may cause the bitmap corruption when setting offsets
  larger than the current string size.

2. A GEORADIUS bug that may happen when using very large radius lengths, in
  the range of 10000km or alike, due to wrong bounding box calculation.

3. A bug with Redis Cluster which crashes when reading a nodes configuration
  file with zero bytes at the end, which sometimes happens with certain ext4
  configurations after a system crash.

(fhajny)

Updated net/syncthing to 0.14.18

(wiz)

Updated syncthing to 0.14.18.

This is a hotfix release to fix connectivity issues between 0.14.17 and previous Syncthing releases.

Resolved issues:

    #3855: Connections to older Syncthing versions are no longer closed due to unmarshalling message: proto: wrong wireType = 2 for field BlockIndexes.

(wiz)

Bump DIST_SUBDIR to v3: Use checksums of manually (firefox) downloaded
distfile. This is the same as before my previous commit, but into a versioned
subdirectory.

Automatic fetch from sourceforge will probably fail (I get three different
checksums for different tries), but I've also uploaded this to ftp.NetBSD.org,
so the failover fetches will work, eventually.

(Keep MASTER_SITES for updates.)

(wiz)

Updated net/openconnect to 7.08

(khorben)

Update openconnect to version 7.08

Changelog:

    Add SHA256 support for server cert hashes.
    Enable DHE ciphers for Cisco DTLS.
    Increase initial oNCP configuration buffer size.
    Reopen CONIN$ when stdin is redirected on Windows.
    Improve support for point-to-point routing on Windows.
    Check for non-resumed DTLS sessions which may indicate a MiTM attack.
    Add TUNIDX environment variable on Windows.
    Fix compatibility with Pulse Secure 8.2R5.
    Fix IPv6 support in Solaris.
    Support DTLS automatic negotiation.
    Support --key-password for GnuTLS PKCS#11 PIN.
    Support automatic DTLS MTU detection with OpenSSL.
    Drop support for combined GnuTLS/OpenSSL build.
    Update OpenSSL to allow TLSv1.2, improve compatibility options.
    Remove --no-cert-check option. It was being (mis)used.
    Fix OpenSSL support for PKCS#11 EC keys without public key.
    Support for final OpenSSL 1.1 release.
    Fix polling/retry on "tun" socket when buffers full.
    Fix AnyConnect server-side MTU setting.
    Fix ESP replay detection.
    Allow build with LibreSSL (for fetishists only; do not use this as DTLS is broken).
    Add certificate torture test suite.
    Support PKCS#11 PIN via pin-value= and --key-password for OpenSSL.
    Fix integer overflow issues with ESP packet replay detection.
    Add --pass-tos option as in OpenVPN.
    Support r担le selection form in Juniper VPN.
    Support DER-format certificates, add certificate format torture tests.
    For OpenSSL >= 1.0.2, fix certificate validation when only an intermediate CA is specified with the --cafile option.
    Support Juniper "Pre Sign-in Message".

(khorben)

Updated mail/thunderbird-l10n to 45.6.0

(ryoon)

Update to 45.6.0

* Sync with thunderbird-45.6.0

(ryoon)

Updated mail/thunderbird to 45.6.0

(ryoon)

Update to 45.6.0

Changelog:
    Fixed The system integration dialog was shown every time when starting Thunderbird
    Fixed Various security fixes

Security vulnerabilities fixed in Thunderbird 45.6
#CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
#CVE-2016-9895: CSP bypass using marquee tag
#CVE-2016-9897: Memory corruption in libGLES
#CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
#CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
#CVE-2016-9904: Cross-origin information leak in shared atoms
#CVE-2016-9905: Crash in EnumerateSubDocuments
#CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6

(ryoon)

Fix typo:  s/shc/such/

(pgoyette)

Update curses patch from prior python35 patch.

(roy)

Build py-cursespanel with support for NetBSD curses.

(roy)

se ncurses is_keypad function rather than directly looking at the
WINDOW structure.
Include <term.h> when needed and rename lines and columns vars to avoid
conflicts.
Builds and works with NetBSD-8 curses, so use mk/curses.buildlink3.mk
and test for getsyx(3) in curses rather than indescriminately linking
to ncurses.

(roy)

+ jdbc-mysql51

(joerg)

Updated databases/sqlite3 to 3.16.0

(adam)

SQLite Release 3.16.0 On 2017-01-02

Uses 9% fewer CPU cycles. (See the CPU performance measurement report for details on how the this performance increase was computed.)
Added experimental support for PRAGMA functions.
Added the SQLITE_DBCONFIG_NO_CKPT_ON_CLOSE option to sqlite3_db_config().
Enhance the date and time functions so that the 'unixepoch' modifier works for the full span of supported dates.
Changed the default configuration of the lookaside memory allocator from 500 slots of 128 bytes each into 125 slots of 512 bytes each.
Enhanced "WHERE x NOT NULL" partial indexes so that they are usable if the "x" column appears in a LIKE or GLOB operator.
Enhanced sqlite3_interrupt() so that it interrupts checkpoint operations that are in process.
Enhanced the LIKE and GLOB matching algorithm to be faster for cases when the pattern contains multiple wildcards.
Added the SQLITE_FCNTL_WIN32_GET_HANDLE file control opcode.
Added ".mode quote" to the command-line shell.
Added ".lint fkey-indexes" to the command-line shell.
Added the .imposter dot-command to the command-line shell.
Added the remember(V,PTR) SQL function as a loadable extension.
Rename the SQLITE_OMIT_BUILTIN_TEST compile-time option to SQLITE_UNTESTABLE to better reflect the implications of using it.

Bug Fixes:
Fix a long-standing bug in the query planner that caused incorrect results on a LEFT JOIN where the left-hand table is a subquery and the join constraint is a bare column name coming from the left-hand subquery. Ticket 2df0107b.
Correctly handle the integer literal -0x8000000000000000 in the query planner.

(adam)

Updated devel/xulrunner45 to 45.6.0

(ryoon)

Update to 45.6.0

* Sync with firefox45-45.6.0

(ryoon)

Updated www/firefox45-l10n to 45.6.0

(ryoon)

Update to 45.6.0

* Sync with firefox45-45.6.0

(ryoon)

Updated www/firefox45 to 45.6.0

(ryoon)

Update to 45.6.0

Chagnelog:
Security vulnerabilities fixed in Firefox ESR 45.6
#CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
#CVE-2016-9895: CSP bypass using marquee tag
#CVE-2016-9897: Memory corruption in libGLES
#CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
#CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
#CVE-2016-9904: Cross-origin information leak in shared atoms
#CVE-2016-9905: Crash in EnumerateSubDocuments
#CVE-2016-9901: Data from Pocket server improperly sanitized before execution
#CVE-2016-9902: Pocket extension does not validate the origin of events
#CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

(ryoon)

Pullup tickets #5176 and #5177.

(bsiegert)

Pullup ticket #5177 - requested by dholland
editors/emacs: build fix

PR pkg/51757.

Revisions pulled up:
- editors/emacs/Makefile.common                                1.41

---
  Module Name: pkgsrc
  Committed By: tron
  Date: Sun Jan  1 02:06:46 UTC 2017

  Modified Files:
  pkgsrc/editors/emacs: Makefile.common

  Log Message:
  Use the package "editors/emacs25" and not "editors/emacs-snapshot" for
  the new default "emacs25".

(bsiegert)

Pullup ticket #5176 - requested by gdt
lang/llvm: build fix

Revisions pulled up:
- lang/llvm/Makefile                                            1.11

---
  Module Name: pkgsrc
  Committed By: gdt
  Date: Mon Jan  2 00:03:42 UTC 2017

  Modified Files:
  pkgsrc/lang/llvm: Makefile

  Log Message:
  On i386, use -march=i586 for 64-bit CAS

  This matches tnn's change to lang/libLLVM.  No PKGREVISION; no change
  on !i386 and on i386 this did not build before.

(bsiegert)

Fix build on NetBSD, Linux, Solaris: when linking bg-installer, remove
-lbg-cli and restore -static. Add LICENSE while here.

(schmonz)