Updated textproc/mdoclint to 1.43

(wiz)

Recognize libpthread_dbg.

(wiz)

nginx: don't hard code pkgsrc paths, they're just defaults.

PR pkg/51593: nginx configure error the HTTP rewrite module requires the PCRE library

(maya)

Updated www/nghttp2 to 1.16.1

(adam)

Changes 1.16.1:

We fixed the bug that nghttp2 HPACK decoder may decode wrong integer because of undefined behaviour.

We fixed the bug in nghttpx that may make nghttpx crash if final response after non-final response from origin server is forwarded to HTTP/1.1 client.

(adam)

fix int types on SunOS

(wiedi)

+ woboq_codebrowser

(joerg)

Last entry should have been an Add.

(joerg)

Updated devel/woboq_codebrowser to 2.0.1

(joerg)

Add woboq_codebrowser-2.0.1:

Woboq Code Browser is a clang-based code analysis tool. It provides a
post-processing tool for C/C++ code to create static web sites with a
wide range of information:
- place of declaration and use for symbols, including type of use,
- hyperlinking between calls/definitions, uses/declarations,
- macro expansions,
- intelligent identifier search,
- inheritance diagrams
and much more.

(joerg)

devel/florist: Update MASTER_SITES

The dragonlace mirror hasn't worked in years, but nobody reported it
down.  Maybe nobody uses florist?

(marino)

ensure we link libiconv on SunOS

(wiedi)

add include so INT_MAX is found on SunOS

(wiedi)

link network libs on SunOS

(wiedi)

also needs openssl for HTTPS connections in NSURL

(wiedi)

Replicate tnn's uuid change from postgresql95 for postgresql96.
Fix postgresql96-contrib/PLIST. Bump PKGREVISION.

(fhajny)

Add a couple patches to omit installing the documentation for
rgb2ycbcr and thumbnail, since these binaries are no longer being
installed.

Bump PKGREVISION.

(he)

Limit databases/postgresql-pgbench to PostgreSQL<9.5.

(fhajny)

Restore explicit CPU selection based on MACHINE_ARCH, needing e.g. on
SmartOS.

(joerg)

Added textproc/p5-XML-Compile-SOAP12 version 3.04

(wiz)

Add 5 new perl packages.

(wiz)

Import p5-XML-Compile-SOAP12-3.04 as textproc/p5-XML-Compile-SOAP12.

This perl module handles the SOAP protocol version 1.2.

(wiz)

Added textproc/p5-XML-Compile-SOAP version 3.20

(wiz)

Import p5-XML-Compile-SOAP-3.20 as textproc/p5-XML-Compile-SOAP.

This perl module handles the SOAP protocol. The first implementation
is SOAP1.1, which is still most often used. The SOAP1.2 definition
is provided via the separate distribution XML::Compile::SOAP12.

(wiz)

Added textproc/p5-XML-Compile-Cache version 1.05

(wiz)

Import p5-XML-Compile-Cache-1.05 as textproc/p5-XML-Compile-Cache.

Cache compiled XML translators for p5-XML-Compile.

(wiz)

Added textproc/p5-XML-Compile version 1.54

(wiz)

Import p5-XML-Compile-1.54 as textproc/p5-XML-Compile.

Many (professional) applications process XML messages based on a
formal specification, expressed in XML Schemas. XML::Compile
translates between XML and Perl with the help of such schemas. Your
Perl program only handles a tree of nested HASHes and ARRAYs, and
does not need to understand namespaces and other general XML and
schema nastiness.

(wiz)

Added textproc/p5-XML-Compile-Tester version 0.90

(wiz)

Import p5-XML-Compile-Tester-0.90 as textproc/p5-XML-Compile-Tester.

The XML::Compile module suite has extensive regression testing.
Probably, you want to do regression testing as well. This module
provide functions which simplify writing tests for XML::Compile
related distributions.

(wiz)

Updated x11/slock to 1.4

(leot)

Update x11/slock to slock-1.4

Changes:
1.4
---
- fix CVE-2016-6866
- add proper priviledge dropping
- use explicit_bzero from OpenBSD to clear password from memory
- major code audit and rewrite of some parts (thanks, Laslo!)

Approved by <reed>

(leot)

+ p5-IO-Socket-SSL-2.039, p5-Params-ValidationCompiler-0.19,
  p5-Time-HiRes-1.9741.

(wiz)

Updated net/syncthing to 0.14.12

(wiz)

Updated syncthing to 0.14.12.

This is a minor release recommended for all users.

Resolved issues:

    #3737: A data race in the code that caused test failures, and possibly other inconsitencies, has been resolved.
    #3241: Links in warning messages are now clickable in the GUI.
    #3711: Files are now synced to disk before committed to database, to avoid possible inconsistencies if a power failure occurs during syncing.
    #3724: Log entries now mention folder by label in addition to the ID.

In addition:

    The default folder now has the folder ID "default" again, simplifying initial setup.
    Retries for misconfigured relay setups are slowed down somewhat to be kinder on our relay pool infrastructure.

(wiz)

Updated sysutils/xentools46 to 4.6.3nb2
Updated sysutils/xenkernel46 to 4.6.3nb2
Updated sysutils/xentools45 to 4.5.5nb1
Updated sysutils/xenkernel45 to 4.5.5nb1
Updated sysutils/xentools42 to 4.2.5nb19
Updated sysutils/xenkernel42 to 4.2.5nb13
Updated sysutils/xentools41 to 4.1.6.1nb17
Updated sysutils/xenkernel41 to 4.1.6.1nb21

(bouyer)

Backport upstream patches, fixing today's XSA 191, 192, 193, 195, 197, 198.
Bump PKGREVISIONs

(bouyer)

Backport upstream patches, fixing today's XSA 191, 192, 195, 196, 197, 198.
Bump PKGREVISIONs

(bouyer)

Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198.
Bump PKGREVISIONs

(bouyer)

Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198.
Bump PKGREVISIONs

(bouyer)

Remove obsolete configure argument.

(wiz)

Remove integrated patch.

(wiz)

Updated graphics/tiff to 4.0.7

(wiz)

Updated tiff to 4.0.7.

MAJOR CHANGES:

  • The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr
    are completely removed from the distribution. These tools were written in
    the late 1980s and early 1990s for test and demonstration purposes. In some
    cases the tools were never updated to support updates to the file format,
    or the file formats are now rarely used. In all cases these tools increased
    the libtiff security and maintenance exposure beyond the value offered by
    the tool.

CHANGES IN LIBTIFF:

  • libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference NULL
    pointer when values of tags with TIFF_SETGET_C16_ASCII /
    TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://
    bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by
    previous fix done on 2016-11-11 for CVE-2016-9297). Reported by Henri Salo.
    Assigned as CVE-2016-9448
  • libtiff/tif_aux.c: fix crash in TIFFVGetFieldDefaulted() when requesting
    Predictor tag and that the zip/lzw codec is not configured. Fixes http://
    bugzilla.maptools.org/show_bug.cgi?id=2591
  • libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that values of
    tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are null
    terminated, to avoid potential read outside buffer in _TIFFPrintField().
    Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2590
  • libtiff/tif_dirread.c: reject images with OJPEG compression that have no
    TileOffsets/StripOffsets tag, when OJPEG compression is disabled. Prevent
    null pointer dereference in TIFFReadRawStrip1() and other functions that
    expect td_stripbytecount to be non NULL. Fixes http://bugzilla.maptools.org
    /show_bug.cgi?id=2585
  • libtiff/tif_strip.c: make TIFFNumberOfStrips() return the td->td_nstrips
    value when it is non-zero, instead of recomputing it. This is needed in
    TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outsize of
    array in tiffsplit (or other utilities using TIFFNumberOfStrips()). Fixes
    http://bugzilla.maptools.org/show_bug.cgi?id=2587 (CVE-2016-9273)
  • libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime
    checks to avoid assertions in debug mode, or buffer overflows in release
    mode. Can happen when dealing with unusual tile size like YCbCr with
    subsampling. Reported as MSVR 35105 by Axel Souchet & Vishal Chauhan from
    the MSRC Vulnerabilities & Mitigations
  • libtiff/tif_dir.c: discard values of SMinSampleValue and SMaxSampleValue
    when they have been read and the value of SamplesPerPixel is changed
    afterwards (like when reading a OJPEG compressed image with a missing
    SamplesPerPixel tag, and whose photometric is RGB or YCbCr, forcing
    SamplesPerPixel being 3). Otherwise when rewriting the directory (for
    example with tiffset, we will expect 3 values whereas the array had been
    allocated with just one), thus causing a out of bound read access. Fixes
    http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127,
    duplicate: CVE-2016-3658)
  • libtiff/tif_dirwrite.c: avoid null pointer dereference on td_stripoffset
    when writing directory, if FIELD_STRIPOFFSETS was artificially set for a
    hack case in OJPEG case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id
    =2500 (CVE-2014-8127, duplicate: CVE-2016-3658)
  • libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to read floating
    point images.
  • libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
    requirements of floating point predictor (3). Fixes CVE-2016-3622 "Divide
    By Zero in the tiff2rgba tool."
  • libtiff/tif_pixarlog.c: fix out-of-bounds write vulnerabilities in heap
    allocated buffers. Reported as MSVR 35094. Discovered by Axel Souchet and
    Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
  • libtiff/tif_write.c: fix issue in error code path of TIFFFlushData1() that
    didn't reset the tif_rawcc and tif_rawcp members. I'm not completely sure
    if that could happen in practice outside of the odd behaviour of
    t2p_seekproc() of tiff2pdf). The report points that a better fix could be
    to check the return value of TIFFFlushData1() in places where it isn't done
    currently, but it seems this patch is enough. Reported as MSVR 35095.
    Discovered by Axel Souchet & Vishal Chauhan & Suha Can from the MSRC
    Vulnerabilities & Mitigations team.
  • libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode if more
    input samples are provided than expected by PixarLogSetupEncode. Idea based
    on libtiff-CVE-2016-3990.patch from libtiff-4.0.3-25.el7_2.src.rpm by
    Nikola Forro, but with different and simpler check. (bugzilla #2544)
  • libtiff/tif_read.c: Fix out-of-bounds read on memory-mapped files in
    TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond
    tmsize_t max value (reported by Mathias Svensson)
  • libtiff/tif_read.c: make TIFFReadEncodedStrip() and TIFFReadEncodedTile()
    directly use user provided buffer when no compression (and other
    conditions) to save a memcpy()
  • libtiff/tif_write.c: make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile
    () directly use user provided buffer when no compression to save a memcpy
    ().
  • libtiff/tif_luv.c: validate that for COMPRESSION_SGILOG and
    PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid potential
    invalid memory write on corrupted/unexpected images when using the
    TIFFRGBAImageBegin() interface (reported by Clay Wood)
  • libtiff/tif_pixarlog.c: fix potential buffer write overrun in
    PixarLogDecode() on corrupted/unexpected images (reported by Mathias
    Svensson) (CVE-2016-5875)
  • libtiff/libtiff.def: Added _TIFFMultiply32 and _TIFFMultiply64 to
    libtiff.def
  • libtiff/tif_config.vc.h (HAVE_SNPRINTF): Add a '1' to the HAVE_SNPRINTF
    definition.
  • libtiff/tif_config.vc.h (HAVE_SNPRINTF): Applied patch by Edward Lam to
    define HAVE_SNPRINTF for Visual Studio 2015.
  • libtiff/tif_dirread.c: when compiled with DEFER_STRILE_LOAD, fix
    regression, introduced on 2014-12-23, when reading a one-strip file without
    a StripByteCounts tag. GDAL #6490
  • libtiff/*: upstream typo fixes (mostly contributed by Kurt Schwehr) coming
    from GDAL internal libtiff
  • libtiff/tif_fax3.h: make Param member of TIFFFaxTabEnt structure a uint16
    to reduce size of the binary.
  • libtiff/tif_read.c, tif_dirread.c: fix indentation issues raised by GCC 6
    -Wmisleading-indentation
  • libtiff/tif_pixarlog.c: avoid zlib error messages to pass a NULL string to
    %s formatter, which is undefined behaviour in sprintf().
  • libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
    triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif (bugzilla #
    2508)
  • libtiff/tif_luv.c: fix potential out-of-bound writes in decode functions in
    non debug builds by replacing assert()s by regular if checks (bugzilla #
    2522). Fix potential out-of-bound reads in case of short input data.
  • libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage interface
    in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV /
    CIELab. Add explicit call to TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix
    CVE-2015-8665 reported by limingxing and CVE-2015-8683 reported by zzf of
    Alibaba.
  • libtiff/tif_dirread.c: workaround false positive warning of Clang Static
    Analyzer about null pointer dereference in TIFFCheckDirOffset().
  • libtiff/tif_fax3.c: remove dead assignment in Fax3PutEOLgdal(). Found by
    Clang Static Analyzer
  • libtiff/tif_dirwrite.c: fix truncation to 32 bit of file offsets in
    TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory
    offsets on a even offset (affects BigTIFF). This was a regression of the
    changeset of 2015-10-19.
  • libtiff/tif_write.c: TIFFWriteEncodedStrip() and TIFFWriteEncodedTile()
    should return -1 in case of failure of tif_encodestrip() as documented
  • libtiff/tif_dumpmode.c: DumpModeEncode() should return 0 in case of failure
    so that the above mentionned functions detect the error.
  • libtiff/*.c: fix MSVC warnings related to cast shortening and assignment
    within conditional expression
  • libtiff/*.c: fix clang -Wshorten-64-to-32 warnings
  • libtiff/tif_dirread.c: prevent reading ColorMap or TransferFunction if
    BitsPerPixel > 24, so as to avoid huge memory allocation and file read
    attempts
  • libtiff/tif_dirread.c: remove duplicated assignment (reported by Clang
    static analyzer)
  • libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_compress.c, libtiff/
    tif_jpeg_12.c: suppress warnings about 'no previous declaration/prototype'
  • libtiff/tiffiop.h, libtiff/tif_dirwrite.c: suffix constants by U to fix
    'warning: negative integer implicitly converted to unsigned type' warning
    (part of -Wconversion)
  • libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_getimage.c, libtiff/
    tif_print.c: fix -Wshadow warnings (only in libtiff/)

CHANGES IN THE TOOLS:

  • tools/Makefile.am: The libtiff tools bmp2tiff, gif2tiff, ras2tiff,
    sgi2tiff, sgisv, and ycbcr are completely removed from the distribution.
    The libtiff tools rgb2ycbcr and thumbnail are only built in the build tree
    for testing. Old files are put in new 'archive' subdirectory of the source
    repository, but not in distribution archives. These changes are made in
    order to lessen the maintenance burden.
  • tools/tiff2pdf.c: avoid undefined behaviour related to overlapping of
    source and destination buffer in memcpy() call in t2p_sample_rgbaa_to_rgb()
    Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2577
  • tools/tiff2pdf.c: fix potential integer overflows on 32 bit builds in
    t2p_read_tiff_size() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=
    2576
  • tools/fax2tiff.c: fix segfault when specifying -r without argument. Patch
    by Yuriy M. Kaminskiy. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=
    2572
  • tools/tiffinfo.c: fix out-of-bound read on some tiled images. (http://
    bugzilla.maptools.org/show_bug.cgi?id=2517)
  • tools/tiffcrop.c: fix multiple uint32 overflows in
    writeBufferToSeparateStrips(), writeBufferToContigTiles() and
    writeBufferToSeparateTiles() that could cause heap buffer overflows.
    Reported by Henri Salo from Nixu Corporation. Fixes http://
    bugzilla.maptools.org/show_bug.cgi?id=2592
  • tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes in
    readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet &
    Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
  • tools/tiff2pdf.c: fix write buffer overflow of 2 bytes on JPEG compressed
    images. Reported by Tyler Bohan of Cisco Talos as TALOS-CAN-0187 /
    CVE-2016-5652. Also prevents writing 2 extra uninitialized bytes to the
    file stream.
  • tools/tiffcp.c: fix out-of-bounds write on tiled images with odd tile width
    vs image width. Reported as MSVR 35103 by Axel Souchet and Vishal Chauhan
    from the MSRC Vulnerabilities & Mitigations team.
  • tools/tiff2pdf.c: fix read -largely- outsize of buffer in
    t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG
    compressed image with TIFFTAG_JPEGTABLES length being one. Reported as MSVR
    35101 by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
    Mitigations team.
  • tools/tiffcp.c: fix read of undefined variable in case of missing required
    tags. Found on test case of MSVR 35100.
  • tools/tiffcrop.c: fix read of undefined buffer in
    readContigStripsIntoBuffer() due to uint16 overflow. Probably not a
    security issue but I can be wrong. Reported as MSVR 35100 by Axel Souchet
    from the MSRC Vulnerabilities & Mitigations team.
  • tools/tiffcrop.c: fix various out-of-bounds write vulnerabilities in heap
    or stack allocated buffers. Reported as MSVR 35093, MSVR 35096 and MSVR
    35097. Discovered by Axel Souchet and Vishal Chauhan from the MSRC
    Vulnerabilities & Mitigations team.
  • tools/tiff2pdf.c: fix out-of-bounds write vulnerabilities in heap allocate
    buffer in t2p_process_jpeg_strip(). Reported as MSVR 35098. Discovered by
    Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities & Mitigations
    team.
  • tools/tiff2bw.c: fix weight computation that could result of color value
    overflow (no security implication). Fix bugzilla #2550. Patch by Frank
    Freudenberg.
  • tools/rgb2ycbcr.c: validate values of -v and -h parameters to avoid
    potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
  • tools/tiffcrop.c: Fix out-of-bounds write in loadImage(). From patch
    libtiff-CVE-2016-3991.patch from libtiff-4.0.3-25.el7_2.src.rpm by Nikola
    Forro (bugzilla #2543)
  • tools/tiff2rgba.c: Fix integer overflow in size of allocated buffer, when
    -b mode is enabled, that could result in out-of-bounds write. Based
    initially on patch tiff-CVE-2016-3945.patch from
    libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for invalid
    tests that rejected valid files. (bugzilla #2545)
  • tools/tiffcrop.c: Avoid access outside of stack allocated array on a tiled
    separate TIFF with more than 8 samples per pixel. Reported by Kaixiang
    Zhang of the Cloud Security Team, Qihoo 360 (CVE-2016-5321 / CVE-2016-5323
    , bugzilla #2558 / #2559)
  • tools/tiffdump.c: fix a few misaligned 64-bit reads warned by -fsanitize
  • tools/tiffdump.c (ReadDirectory): Remove uint32 cast to _TIFFmalloc()
    argument which resulted in Coverity report. Added more mutiplication
    overflow checks.

(wiz)

Updated www/w3m to 0.5.3.0.20161120

(wiz)

Updated w3m to 0.5.3.0.20161120.

Debian's w3m 0.5.3+git20161120

* bug fixes
- fix multiple flaws with malformed text
  (stack overflow, buffer overflow, null deref, out of memory)
- fix stack overflow with nested table and textarea [CVE-2016-9439]
- fix suspend (^Z) behavior

(wiz)

+ mupdf-1.10 (assign to myself and point out that ATM we should not update it
because the new 1.10 API will breaks zathura-pdf-mupdf)

(leot)

Updated multimedia/mpv to 0.22.0

(leot)

Update multimedia/mpv to mpv-0.22.0

Changes:
Release 0.22.0
==============
Features
--------
Added
~~~~~
- audio/out: add AudioUnit output driver for iOS
- demux_mkv: parse Matroska colorimetry metadata
- filter_kernels: add ability to taper kernels/windows, add tukey window
- osc: add seekbarstyle=knob (#2365)
- video/out: add tct as modern caca alternative for true-color and 256-color terminals
- video: add --hwdec=vdpau-copy mode

Deprecated
~~~~~~~~~~
- vf_vdpaurb: deprecated in favor of --hwdec=vdpau-copy

Options and Commands
--------------------
Added
~~~~~
- --opengl-early-flush=auto
- --scale-taper, --scale-wtaper
- --scale-wblur
- macOS: --hidpi-window-scale (#3716)
- osc: add script message handlers for chapter/track/playlists

Fixes and Minor Enhancements
----------------------------
- Apply --autofit-larger after --autofit-smaller (#3753)
- Set subtitle track title to indicate hearing/visual impaired tracks
- ao_alsa: disable chmap API use for mono/stereo (#2905, #3045)
- build: add required failure message for libavfilter check (#3692)
- build: fix compilation with mingw-w64/Clang (#3800)
- build: make VideoToolbox available on iOS
- command: fix reset-on-next-file=all and tv-freq option (#3708)
- command: if window-scale can't be set properly, set it as option (#3724)
- demux_mkv: don't recursively resolve timeline for opened reference files
- demux_mkv: fix ordered chapter sources with ordered editions
- opengl: compile against iOS OpenGLES implementation
- options: handle legacy no-* sub-options
- osc: add alpha animation to tooltip (fix lingering tooltip)
- osc: change default deadzonesize to 0.5
- osc: don't wrap the title
- osc: fix crash after reaching a certain position in limited lists (#3691)
- osc: fix crash with no chapters
- osc: fix crashes when dragging seekbar across file changes (#3210)
- osc: fix displaying only half of the entries when at the end of a list
- osc: fix missing chapter ticks with seekbarstyle=bar
- osc: slimbox: fix clipping with seekbarstyle=bar (#3737)
- osc: top/bottombar: also scale when min-width is reached to match box/slimbox behavior
- osc: top/bottombar: dynamically size timecodes according to timems
- osc: top/bottombar: rescale layout to same size with scale=1
- osc: top/bottombar: scale title if too large like box
- player: consistently initialize screensaver state with --force-window
- player: enable no-video subtitle display on coverart too
- player: make --start-time work with --rebase-start-time=no
- player: make sure non-video subtitle rendering is reset if video resumes (#3770)
- player: removing last playlist entry while looping should not stop (#3808)
- player: show subtitles on VO if --force-window is used (#3684)
- player: speed up audio/video re-sync when there is a huge delay
- vdpau: fix hwdec uninit (#3788)
- vo_opengl: blend against background color for --alpha=blend
- vo_opengl: context_rpi: fix stdatomic usage (#3699)
- vo_opengl: fix --blend-subtitles handling (#3773)
- vo_opengl: fix redrawing with hardware decoding (#3773)
- vo_opengl: partially re-enable glFlush() calls (#3670)
- ytdl_hook: sort chapters by time

(leot)

Added benchmarks/google-benchmark version 1.1.0

(minskim)

Add google-benchmark

(minskim)

Import google-benchmark-1.1.0

It is a library to support the benchmarking of functions, similar to
unit-tests.

(minskim)

pkgtools/pkg: Upgrade version 1.9.99.3 => 1.99.4

- Add progress when fetching (number of files to fetch)
- Improved messages about locked packages
- Return 1 when a user rejects the proposed plan
- When dealing with configuration files '@config' never overwrites
  untracked files
- Warn everyone about deprecation of @dirrm and @exec
- Deduplicate metadata loading code
- pkg register now understands context aware messages

(marino)

Enable py-lexicon and py-tldextract

(fhajny)

Added net/py-lexicon version 1.1.18

(fhajny)

Import net/py-lexicon 1.1.18.

Lexicon provides a way to manipulate DNS records on multiple DNS
providers in a standardized way. Lexicon has a CLI but it can
also be used as a python library.

(fhajny)

Added net/py-tldextract version 2.0.2

(fhajny)

Import net/py-tldextract 2.0.2.

tldextract accurately separates the gTLD or ccTLD (generic or
country code top-level domain) from the registered domain and
subdomains of a URL.

(fhajny)

Enable py-requests-file

(fhajny)

Added devel/py-requests-file version 1.4.1

(fhajny)

Import devel/py-requests-file 1.4.1.

Requests-File is a transport adapter for use with the Requests
Python library to allow local filesystem access via file:// URLs.

(fhajny)

Pullup ticket #5157.

(bsiegert)

Pullup ticket #5157 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php56/distinfo                                          1.36

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Nov 12 15:34:00 UTC 2016

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php56: distinfo

  Log Message:
  Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual).

  10 Nov 2016, PHP 5.6.28

  - Core:
    . Fixed bug #73337 (try/catch not working with two exceptions inside a same
      operation). (Dmitry)

  - Bz2:
    . Fixed bug #73356 (crash in bzcompress function). (Stas)

  -GD:
    . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
    . Fixed bug #73272 (imagescale() is not affected by, but affects
      imagesetinterpolation()). (cmb)
    . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
    . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
    . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
      (cmb)
    . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)

  - Imap:
    . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
      (Anatol)

  - SPL:
    . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)

  - SOAP:
    . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)

  - SQLite3:
    . Fixed bug #73333 (2147483647 is fetched as string). (cmb)

  - Standard:
    . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
    . Fixed bug #73188 (use after free in userspace streams). (Sara)

  - Wddx:
    . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
      with PDORow). (Stas)

(bsiegert)

postgresql95-contrib: Drop uuid-ossp dependency on BSD.
(Use --with-uuid=bsd as per documentation section F.43.2)

Also probably fix the UUID extension on Solaris and Linux, but untested.

(tnn)

Fix typo.

(wiz)

Build bin/vmhgfs-fuse and bin/vmware-vmblock-fuse

Please note that you need -CURRENT to actually use these filesystems. They still build on older systems but fail to run.

(pho)

fuse.h requires that _NETBSD_SOURCE is defined

(pho)

Restrict a few very memory hungry files to -O1.

(joerg)

One more change for the Clang 3.9 API.

(joerg)

Since noone has cared about fixing this for the ImageMagick API changes,
use the old version.

(joerg)

If KERN_PROC_PATHNAME doesn't exist, fallback to /proc.

(joerg)

Slots have no ordering, at least with modern versions of libsigc++.
As such, don't use std::set as container.

(joerg)

Fix ctype.h use

(joerg)

Fix patch to boost libraries and hackaround for the surprising error
messages.

(joerg)

Updated net/youtube-dl to 20161118

(leot)

Update net/youtube-dl to youtube-dl-20161118

Changes:
2016.11.18
----------
Extractors
* [youtube:live] Relax _VALID_URL (#11164)
* [openload] Fix extraction (#10408, #11122)
* [vlive] Prefer locale over language for subtitles id (#11203)

(leot)

Updated multimedia/mkvtoolnix to 9.5.0

(joerg)

Update to mkvtoolnix 9.5.0:
- bugfixes

(joerg)

Update compressed mbox patch.

(joerg)

Updated multimedia/py-m3u8 to 0.3.0

(joerg)

Update to m3u8-0.3.0:
- Support for per-segment key handling

(joerg)

Create a maintainable form of the patch.

(joerg)

Use github page instead of non-working HOMEPAGE.

(wiz)

Updated archivers/p5-Archive-Tar to 2.18

(wiz)

Updated p5-Archive-Tar to 2.18.

>From Kai-Uwe Eckhardt in PR 51639.

2.18  07/11/2016 (JHI)
- Capture also the STDERR when checking tar exe

2.16  01/11/2016 (JHI && CBERRY)
- Make roundtrip tar exe finding robust for crappy tars

2.14  20/10/2016
- Fix roundtrip test when tar executable is absent

2.12  16/10/2016 (KHW && JKEENAN)
- Fix pod in bin/ptar
- Distinguish between archives with/without directory entries

(wiz)

Updated x11/p5-Wx to 0.9928

(wiz)

Updated p5-Wx to 0.9928.

>From Kai-Uwe Eckhardt in PR 51638.

Revision history for Perl extension Wx.

0.9928 Sun Dec 20 2015
    - Fix memory leak in Wx::Timer

0.9927 Thu Mar 26 2015
    - Fix broken wxWidgets 2.8 builds

0.9926 Tue Mar 10 2015
    - pause indexing fix

0.9925 Tue Mar 10 2015
    - pause indexing fix

0.9924 Tue Mar 10 2015
    - added wxTimer::StartOnce
    - some missing wxGrid constants added
    - fixed Wx::AUI events broken since wxWidgets 2.9.5
    - rt96136 - added GetContentScaleFactor to Wx::DC && Wx::Window
    - rt99038 - MACOSX_DEPLOYMENT_TARGET comparison fixed in Wx build
    - wxMenuItem::SetBitmap available on OSX
    - added some missing TextEntry methods to wxComboBox
    - rt102269 - fix option handling

0.9923 Mon Mar 31 2014
    - added wxWindow::InitDialog
    - updated wxComboBox::GetSelection
    - build wxWidgets 3.0.0
    - added wxComboBox::Popup() wxComboBox::Dismiss() ( Eric Colson )

0.9922 Wed May 01 2013
    - added wxCommandLinkButton
    - updates to ID creation methods
    - rt#84633
    - added wxUIActionSimulator
    - wxFindReplaceDialog new return a hash type object
    - wxProgressDialog updates
    - IPC classes object deletion updates
    - wxString conversion UTF-8 only in Unicode builds
    - typemap template missing some specs since 0.9917

0.9921 Sun Apr 14 2013
    - Fix 2.9.4 handling of wxConnection::Execute

0.9919 Sat Apr 13 2013
    - Makefile checks for supported Wx version
    - Fixed wxUSE_DATAVIEWCTRL constant ( rt#84566 )
    - wrapped wxRegionIterator
    - wrapped IPC - wxConnection / wxServer / wxClient

0.9918 Wed Apr 03 2013
    - Added missing GetItemFont / SetItemFont for Wx::ListCtrl
    - Fixed wxFontEnumerator GetEncodings / GetFacenames
                              ( thanks to Marton Papp )
    - Wrapped wxFontEnumerator callbacks

0.9917 Mon Feb 11 2013
    - Stopped wxWidgets >= 2.9.0 from setting locale to current user locale
      ( thanks to Tarek Unger )

(wiz)

Make PKGNAME more future-safe.

(wiz)

Added fonts/go-ttf version 20161118

(wiz)

+ go-ttf

(wiz)

Import go-ttf-20161118 as fonts/go-ttf.

A family of high-quality WGL4 TrueType fonts, created by the Bigelow
& Holmes type foundry specifically for the Go project.

The font family, called Go (naturally), includes proportional- and
fixed-width faces in normal, bold, and italic renderings. The fonts
have been tested for technical uses, particularly programming. Go
source code looks particularly good when displayed in Go fonts, as
its name implies, with things like punctuation characters easily
distinguishable and operators lined up and placed consistently.

(wiz)

Note that mail/dovecot is 1.2, which is obsolete.

(gdt)

Updated www/netsurf to 3.6

(leot)

Update www/netsurf to netsurf-3.6.

Changes:
3.6
---
NetSurf 3.6 is primarily a bugfix release. It contains several
fixes and clean-ups to front end code, as well as supercookie
blocking, and certificate chain handling improvements. We recommend
all users upgrade to NetSurf 3.6.

(leot)

libthrift 0.7.0 dose not support PHP 7.0 and later.

(taca)

Updated devel/cmph to 2.0.

(alnsn)

Update devel/cmph to version 2.0.

Prompted by beta.repology.org.

News for version 2.0

  Cleaned up most warnings for the c code.

  Experimental C++ interface (--enable-cxxmph) implementing the
  BDZ algorithm in a convenient interface, which serves as the
  basis for drop-in replacements for std::unordered_map,
  sparsehash::sparse_hash_map and sparsehash::dense_hash_map.
  Potentially faster lookup time at the expense of insertion time.
  See cxxmpph/mph_map.h and cxxmph/mph_index.h for details.

(alnsn)

Updated math/R-XML to 3.98-1.5.

(alnsn)

Update math/R-XML to 3.98-1.5.

Prompted by beta.repology.org.

Changes for minor updates 3.98-1.2 to 3.98-1.5 are unknown.

(alnsn)

Updated textproc/LDoc to 1.4.5.

(alnsn)

Update textproc/LDoc to 1.4.5.

Promted by beta.repology.org.

(alnsn)

Fix pattern.

(wiz)

Updated devel/lua-penlight to 1.4.1.

(alnsn)

Update devel/lua-penlight to version 1.4.1.

Prompted by beta.repology.org.

## 1.4.1

### Changes

  - All functions that return instances of `pl.List`, `pl.Map` and
    `pl.Set` now require corresponding modules, so that their methods
    always work right away.

### Fixes

  - Fixed `dir.getallfiles` returning an empty array when called
    without `pattern` argument.

## 1.4.0

### Changes

### Fixes

  - `pl.path` covers edge cases better (e.g 'path.normpath` was broken)
  - `p.dir` shell patterns fixed
  - `os.tmpname` broken on modern Windows/MSVC14
  - (likewise for `utils.executeex` which depends on it)
  - `pretty.write` more robust and does not lose floating-point precision;
    saves and restores debug hooks when loading.
  - `pl.lexer` fixes: `cpp` lexer now filters space by default
  - `tablex.sortv` no longer assumes that the values are all unique
  - `stringx.center` is now consistent with Python; `stringx.rfind` and
  `string.quote_string` fixed.
  - `data.write` had a problem with default delimiter, properly
    returns error now.
  - `pl.Set` `+` and `-` now have correct semantics

### Features

  - `pl.tablex` has `union` and `merge` convenience functions
  - `pl.lapp` understands '--' meaning end of parsed arguments
  - `utils.quote_arg` quotes command arguments for `os.execute`,
    correctly handling all special characters.
  - `utils.writefile` has optional `is_bin` argument
  - 'pl.lexer' supports line numbers with string argument
  - `stringx.endswith` may be passed an array of possible suffixes.
  - `data.read` - in CSV mode, assume empty fields are numerical zero

(alnsn)

Added devel/py-incremental version 16.10.1

(wiz)

+ py-incremental

(wiz)