Detach emulators/qemu0

(kamil)

Cleanup comments after qemu-0 removal

(kamil)

Drop emulators/qemu0 support

qemu0 is going to be removed from pkgsrc.

Bump PKGREVISION to 1

(kamil)

Updated archivers/zstd to 1.1.0

(wiz)

Updated zstd to 1.1.0.

v1.1.0
New : contrib/pzstd, parallel version of zstd, by Nick Terrell
added : NetBSD install target (#338)
Improved : speed for batches of small files
Improved : speed of zlib wrapper, by Przemyslaw Skibinski
Changed : libzstd on Windows supports legacy formats, by Christophe Chevalier
Fixed : CLI -d output to stdout by default when input is stdin (#322)
Fixed : CLI correctly detects console on Mac OS-X
Fixed : CLI supports recursive mode `-r` on Mac OS-X
Fixed : Legacy decoders use unified error codes, reported by benrg (#341), fixed by Przemyslaw Skibinski
Fixed : compatibility with OpenBSD, reported by Juan Francisco Cantero Hurtado (#319)
Fixed : compatibility with Hurd, by Przemyslaw Skibinski (#365)
Fixed : zstd-pgo, reported by octoploid (#329)

(wiz)

Fix path in patches/patch-linux-user_signal.c

(kamil)

Updated devel/py-usb to 1.0.0

(mef)

Updated devel/py-usb 0.42 to 1.0.0
----------------------------------
  - ChangeLog unknown
(pkgsrc changes)
  - Githubify

(mef)

Update HOMEPAGE

(mef)

Updated www/p5-Mojolicious to 7.08

(wen)

Update to 7.08

Upstream changes:
7.08  2016-09-23
  - Added -i and -o options to get command.
  - Updated jQuery to version 3.1.1.
  - Improved accuracy of finished_ok test in Test::Mojo.
  - Fixed state transition bug in Mojo::Transaction::HTTP that caused message
    bodies to be included in responses to HEAD requests.

7.07  2016-09-20
  - Fixed bug in Mojo::UserAgent::Transactor where 303 redirects would not be
    followed correctly with GET requests. (jberger)

(wen)

Updated www/p5-Plack to 1.0042

(wen)

Update to 1.0042
Update DEPENDS

Upstream changes:
1.0042  2016-09-28 22:37:33 PDT
    [BUG FIXES]
        - Revert: Allow passing an already-open listen socket to HTTP::Server::PSGI #550

1.0041  2016-09-25 14:24:07 PDT
    [BUG FIXES]
        - Fix ConditionalGET middleware in case both Last-Modified and ETag exist. #569
        - Handle Cookie values with quotes correctly (alh, kazeburo) #564, #567

    [IMPROVEMENTS]
        - Several documentation fixes and error message improvements #556, #557, #558, #559

1.0040  2016-04-01 09:57:06 PDT
    [INCOMPATIBLE CHANGES]
        - Fixes a mistake in the value of %D and %T in Accesslog::Timed middleware.
          This is due to a bug in Apache::LogFormat::Compiler that sets a wrong value
          for these fields. This bug has been fixed and now it emits what the documentation
          has always said, in the same way as how Apache's log format works.

          However, this is a BREAKING CHANGE if you are using '%D' or '%T' in your log
          formats, and you'll likely need to swap them if you need the same values as
          previously. Read https://github.com/plack/Plack/issues/549 for more details.
          (astj) #549, #551

    [IMPROVEMENTS]
        - Remove the use of HTTP::Body in favor of HTTP::Entity::Parser (kazeburo) #538
        - Increase the buffer size to 1MB for requests already buffered by the PSGI server
        - Allow passing an already-open listen socket to HTTP::Server::PSGI (ilmari) #550

    [BUG FIXES]
        - Lint middleware now allows blessed code refs as a PSGI app (smcmurray) #542
        - Fix log4perl tests to pass when running in parallel (rsimoes) #545

(wen)

protobuf: extend workaround on long size to all 32bit platforms.
use 32bit atomic in 32bit platforms.

add comment from identical firefox patch.

tested 32bit netbsd/i386 (chroot), netbsd/mips.

fixes netbsd/mips build.

(maya)

Updated www/p5-Cookie-Baker to 0.07

(wen)

Update to 0.07

Upstream changes:
0.07 2016-09-21T01:35:56Z

  - Allow quoted cookie values, as per RFC 6265. #8

(wen)

Updated security/libressl to 2.5.0

(wiz)

Updated libressl to 2.5.0.

2.5.0 - New APIs, bug fixes and improvements

* libtls now supports ALPN and SNI

* libtls adds a new callback interface for integrating custom IO
  functions. Thanks to Tobias Pape.

* libtls now handles 4 cipher suite groups:
    "secure" (TLSv1.2+AEAD+PFS)
    "compat" (HIGH:!aNULL)
    "legacy" (HIGH:MEDIUM:!aNULL)
    "insecure" (ALL:!aNULL:!eNULL)

    This allows for flexibility and finer grained control, rather than
    having two extremes (an issue raised by Marko Kreen some time ago).

* Tightened error handling for tls_config_set_ciphers().

* libtls now always loads CA, key and certificate files at the time the
  configuration function is called. This simplifies code and results in
  a single memory based code path being used to provide data to libssl.

* Add support for OCSP intermediate certificates.

* Added functions used by stunnel and exim from BoringSSL - this
  brings in X509_check_host, X509_check_email, X509_check_ip, and
  X509_check_ip_asc.

* Added initial support for iOS, thanks to Jacob Berkman.

* Improved behavior of arc4random on Windows when using memory leak
  analysis software.

* Correctly handle an EOF that occurs prior to the TLS handshake
  completing. Reported by Vasily Kolobkov, based on a diff from Marko
  Kreen.

* Limit the support of the "backward compatible" ssl2 handshake to
  only be used if TLS 1.0 is enabled.

* Fix incorrect results in certain cases on 64-bit systems when
  BN_mod_word() can return incorrect results. BN_mod_word() now can
  return an error condition. Thanks to Brian Smith.

* Added constant-time updates to address CVE-2016-0702

* Fixed undefined behavior in BN_GF2m_mod_arr()

* Removed unused Cryptographic Message Support (CMS)

* More conversions of long long idioms to time_t

* Improved compatibility by avoiding printing NULL strings with
  printf.

* Reverted change that cleans up the EVP cipher context in
  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
  previous behaviour.

* Avoid unbounded memory growth in libssl, which can be triggered by a
  TLS client repeatedly renegotiating and sending OCSP Status Request
  TLS extensions.

* Avoid falling back to a weak digest for (EC)DH when using SNI with
  libssl.

2.4.2 - Bug fixes and improvements

* Fixed loading default certificate locations with openssl s_client.

* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
  RFC6960. Also added fixes for OCSP to work with intermediate
  certificates provided in responses.

* Improved behavior of arc4random on Windows to not appear to leak
  memory in debug tools, reduced privileges of allocated memory.

* Fixed incorrect results from BN_mod_word() when the modulus is too
  large, thanks to Brian Smith from BoringSSL.

* Correctly handle an EOF prior to completing the TLS handshake in
  libtls.

* Improved libtls ceritificate loading and cipher string validation.

* Updated libtls cipher group suites into four categories:
    "secure"  (TLSv1.2+AEAD+PFS)
    "compat"  (HIGH:!aNULL)
    "legacy"  (HIGH:MEDIUM:!aNULL)
    "insecure" (ALL:!aNULL:!eNULL)
  This allows for flexibility and finer grained control, rather than
  having two extremes.

* Limited support for 'backward compatible' SSLv2 handshake packets to
  when TLS 1.0 is enabled, providing more restricted compatibility
  with TLS 1.0 clients.

* openssl(1) and other documentation improvements.

* Removed flags for disabling constant-time operations.
  This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
  all of these operations unconditionally constant-time.

2.4.1 - Security fix

* Correct a problem that prevents the DSA signing algorithm from
  running in constant time even if the flag BN_FLG_CONSTTIME is set.
  This issue was reported by Cesar Pereida (Aalto University), Billy
  Brumley (Tampere University of Technology), and Yuval Yarom (The
  University of Adelaide and NICTA). The fix was developed by Cesar
  Pereida.

2.4.0 - Build improvements, new features

* Many improvements to the CMake build infrastructure, including
  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
  Inoguchi for this work.

* Added missing error handling around bn_wexpand() calls.

* Added explicit_bzero calls for freed ASN.1 objects.

* Fixed X509_*set_object functions to return 0 on allocation failure.

* Implemented the IETF ChaCha20-Poly1305 cipher suites.

* Changed default EVP_aead_chacha20_poly1305() implementation to the
  IETF version, which is now the default.

* Fixed password prompts from openssl(1) to properly handle ^C.

* Reworked error handling in libtls so that configuration errors are
  visible.

* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.

* Manpage fixes and updates

(wiz)

Updated mail/neomutt to 20161003

(wiz)

Updated neomutt to 20161003.

2016-10-03  Richard Russon  <rich@flatcap.org>
* Build
  - Fix install and dist targets

(wiz)

Use curses instead of terminfo, pure terminfo seems to have been
dropped in configure in 2.3. Bump PKGREVISION for safety.

(fhajny)

Updated www/nginx-devel to 1.11.4

(fhajny)

Update www/nginx-devel to 1.11.4.

Changes with nginx 1.11.4                                        13 Sep 2016

- Feature: the $upstream_bytes_received variable.
- Feature: the $bytes_received, $session_time, $protocol, $status,
      $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received,
      $upstream_connect_time, $upstream_first_byte_time, and
      $upstream_session_time variables in the stream module.
- Feature: the ngx_stream_log_module.
- Feature: the "proxy_protocol" parameter of the "listen" directive,
      the $proxy_protocol_addr and $proxy_protocol_port variables in the
      stream module.
- Feature: the ngx_stream_realip_module.
- Bugfix: nginx could not be built with the stream module and the
      ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had
      appeared in 1.11.3.
- Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the
      bug had appeared in 1.11.2.
- Bugfix: in the "ranges" parameter of the "geo" directive.
- Bugfix: an incorrect response might be returned when using the "aio
      threads" and "sendfile" directives; the bug had appeared in 1.9.13.

Changes with nginx 1.11.3                                        26 Jul 2016

- Change: now the "accept_mutex" directive is turned off by default.
- Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
- Feature: the ngx_stream_geo_module.
- Feature: the ngx_stream_geoip_module.
- Feature: the ngx_stream_split_clients_module.
- Feature: variables support in the "proxy_pass" and "proxy_ssl_name"
      directives in the stream module.
- Bugfix: socket leak when using HTTP/2.
- Bugfix: in configure tests.
      Thanks to Piotr Sikora.

Changes with nginx 1.11.2                                        05 Jul 2016

- Change: now nginx always uses internal MD5 and SHA1 implementations;
      the --with-md5 and --with-sha1 configure options were canceled.
- Feature: variables support in the stream module.
- Feature: the ngx_stream_map_module.
- Feature: the ngx_stream_return_module.
- Feature: a port can be specified in the "proxy_bind", "fastcgi_bind",
      "memcached_bind", "scgi_bind", and "uwsgi_bind" directives.
- Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option
      when available.
- Bugfix: a segmentation fault might occur in a worker process when
      using HTTP/2 and the "proxy_request_buffering" directive.
- Bugfix: the "Content-Length" request header line was always added to
      requests passed to backends, including requests without body, when
      using HTTP/2.
- Bugfix: "http request count is zero" alerts might appear in logs when
      using HTTP/2.
- Bugfix: unnecessary buffering might occur when using the "sub_filter"
      directive; the issue had appeared in 1.9.4.

(fhajny)

Use INSTALLATION_DIRS.

(wiz)

Updated math/ltm to 1.0

(wiz)

Updated ltm to 1.0.

Feb 5th, 2016
v1.0
      -- Bump to 1.0
      -- Dirkjan Bussink provided a faster version of mp_expt_d()
      -- Moritz Lenz contributed a fix to mp_mod()
          and provided mp_get_long() and mp_set_long()
      -- Fixed bugs in mp_read_radix(), mp_radix_size
          Thanks to shameister, Gerhard R,
      -- Christopher Brown provided mp_export() and mp_import()
      -- Improvements in the code of mp_init_copy()
          Thanks to ramkumarkoppu,
      -- lomereiter provided mp_balance_mul()
      -- Alexander Bostr旦m from the heimdal project contributed patches to
          mp_prime_next_prime() and mp_invmod() and added a mp_isneg() macro
      -- Fix build issues for Linux x32 ABI
      -- Added mp_get_long_long() and mp_set_long_long()
      -- Carlin provided a patch to use arc4random() instead of rand()
          on platforms where it is supported
      -- Karel Miko provided mp_sqrtmod_prime()

(wiz)

Remove entries which are (no longer?) installed on NetBSD/i386 or NetBSD/amd64.

(he)

Don't invade the implementation namespace.
There's no guarantee that __errno is free for own use.
(On NetBSD it isn't!)

(he)

Fix problem introduced by myself in the previous commit.

(he)

Not compatible with Lua 5.3.

(alnsn)

Updated x11/libdrm to 2.4.71

(wiz)

Updated libdrm to 2.4.71.

    Daniel Kurtz (1):
      modetest: add mediatek to module list

    Eric Anholt (1):
      Simplify the RELEASING steps based on current release.sh.

    Flora Cui (1):
      amdgpu: expose the AMDGPU_GEM_CREATE_VRAM_CLEARED flag

    Kristian H. Kristensen (1):
      Add drmModeAddFB2WithModifiers() which takes format modifiers

    Leo Liu (1):
      tests/amdgpu: update vce encRefPic addr mode to tiled

    Marek Ol邸叩k (3):
      radeon: sync radeon_drm.h with the kernel
      amdgpu: sync amdgpu_drm.h with the kernel
      amdgpu: fix valgrind warnings caused by amdgpu_query_firmware_version

    Michel D辰nzer (1):
      intel: Add new symbols to intel-symbol-check

    Rob Clark (2):
      list: fix an issue with android build using clang
      Bump version for release

    Ronie Salgado (1):
      amdgpu: add SI support

    St辿phane Marchesin (1):
      modetest: Also print the pixel clock

    The etnaviv authors (2):
      libdrm: add etnaviv drm support
      libdrm: add etnaviv tests

    Yang Rong (1):
      intel: Export pooled EU and min no. of eus in a pool.

    satsahu (1):
      modetest: Adding amdgpu to module list

(wiz)

spidermonkey17: fix mips build.
linker was emitting bogus warnings about the code not being PIC.

still fails under netbsd/mips because it (mostly) hard-codes a page size of 4K

(maya)

Updated devel/man-pages to 4.05nb1

(kamil)

The conflict of devel/man-pages with lang/cint has been resolved

The lang/cint package renamed its man-page to cint_security.2.

Bump PKGREVISION to 1.

(kamil)

Note update of vim packages

(morr)

Update PLIST

(morr)

Update package to 8.0.0021.

Patches:
8.0.0001  intro screen still mentions version7
8.0.0002  the netrw plugin does not work
8.0.0003  getwinvar() returns wrong Value of boolean and number options
8.0.0004  error messagge of function() with wrong argument says NULL
8.0.0005  netbeans test fails with Python 3
8.0.0006  ":lb" is interpreted as ":lbottom" instead of ":lbuffer"
8.0.0007  Vim 7.4 is still mentioned in a few places
8.0.0008  popup complete test is disabled
8.0.0009  unnecessary workaround for AppVeyor
8.0.0010  crash when editing file that starts with crypt header
8.0.0011  on OSX Test_pipe_through_sort_all() sometimes fails
8.0.0012  typos in comments
8.0.0013  (after 8.0.0011) missing comma in list
8.0.0014  crypt tests are old style
8.0.0015  can't tell which part of a channel has "buffered" status
8.0.0016  (after 8.0.0015) build fails
8.0.0017  cannot get the number of current quickfix or location list
8.0.0018  when using ":sleep" channel input is not handled
8.0.0019  test_command_count is old style
8.0.0020  the regexp engines are not reentrant
8.0.0021  GUI: cursor may be drawn on second half of double byte char

pkgsrc changes:
- switch to github to provide tarballs
- some minor changes

(morr)

Updated net/syncthing to 0.14.7

(abs)

+ libressl-2.5, nmap-7.30, postgresql-9.6.0, rust-1.12, supertux-0.5,
  wine-devel-1.9.20.

(wiz)

Updated devel/p5-Scalar-List-Utils to 1.46

(wiz)

Updated p5-Scalar-List-Utils to 1.46.

1.46 -- 2016/09/28 23:17:07
[CHANGES]
* Remember to add unpairs and uniq to SYNOPSIS
* Document the behaviour of uniqnum() on NaN

[BUGFIXES]
* C89 fixes
* Various internal bugfixes backported from perl core

(wiz)

Updated time/p5-DateTime-TimeZone to 2.05

(wiz)

Updated p5-DateTime-TimeZone to 2.05.

2.05    2016-09-28

- This release is based on version 2016g of the Olson database. This release
  includes contemporary changes for Turkey.

(wiz)

Updated multimedia/x265 to 2.1; multimedia/ffmpeg2 to 2.8.8; multimedia/ffmpeg3 to 3.1.4

(adam)

Updated devel/liblangtag to 0.6.2

(wiz)

Updated liblangtag to 0.6.2.

0.6.1 -> 0.6.2
=================
Akira TAGOH (1):
      Update libtool version

David Tardon (2):
      use standard function
      fix leak in test

(wiz)

version 2.8.8
- avformat/movenc: Check packet in mov_write_single_packet() too
- avformat/movenc: Factor check_pkt() out
- avformat/utils: fix timebase error in avformat_seek_file()
- avcodec/g726: Add missing ADDB output mask
- avcodec/avpacket: clear side_data_elems
- avcodec/ccaption_dec: Use simple array instead of AVBuffer
- swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
- swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
- avformat/avidec: Fix infinite loop in avi_read_nikon()
- cmdutils: fix implicit declaration of SetDllDirectory function
- cmdutils: check for SetDllDirectory() availability
- avcodec/aacenc: Tighter input checks
- libavcodec/wmalosslessdec: Check the remaining bits
- avcodec/diracdec: Check numx/y
- avcodec/indeo2: check ctab
- avformat/swfdec: Fix inflate() error code check
- avcodec/h264: Put context_count check back
- cmdutils: remove the current working directory from the DLL search path on win32
- avcodec/raw: Fix decoding of ilacetest.mov
- avcodec/ffv1enc: Fix assertion failure with non zero bits per sample
- avformat/oggdec: Fix integer overflow with invalid pts
- ffplay: Fix invalid array index
- avcodec/vp9_parser: Check the input frame sizes for being consistent
- libavformat/rtpdec_asf: zero initialize the AVIOContext struct
- libavutil/opt: Small bugfix in example.
- libx264: Increase x264 opts character limit to 4096
- avformat/mov: Check sample size
- avformat/format: Fix registering a format more than once and related races
- avcodec/flac_parser: Raise threshold for detecting invalid data
- avfilter/vf_telecine: Make frame writable before writing into it
- avcodec/mpc8: Correct end truncation
- avcodec/mpegvideo: Do not clear the parse context during init
- MAINTAINERs cleanup (remove myself from things i de facto dont maintain)
- avcodec/h264: Fix off by 1 context count
- avcodec/alsdec: Check r to prevent out of array read
- avcodec/alsdec: fix max bits in ltp prefix code
- avcodec/utils: check skip_samples signedness
- avformat/mpegts: Do not trust BSSD descriptor, it is sometimes not an S302M stream
- avcodec/bmp_parser: Check fsize
- avcodec/bmp_parser: reset state
- avcodec/bmp_parser: Fix remaining size
- avcodec/bmp_parser: Fix frame_start_found in cross frame cases
- avfilter/af_amix: dont fail if there are no samples in output_frame()
- avformat/allformats: Making av_register_all() thread-safe.
- avcodec/mpegvideo: Deallocate last/next picture earlier
- avcodec/bmp_parser: Fix state
- avformat/oggparseopus: Fix Undefined behavior in oggparseopus.c and libavformat/utils.c
- doc/developer.texi: Add a code of conduct
- avformat/avidec: Detect index with too short entries
- avformat/utils: Check negative bps before shifting in ff_get_pcm_codec_id()
- avformat/utils: Do not compute the bitrate from duration == 0
- ffmpeg: Check that r_frame_rate is set before attempting to use it
- swresample/rematrix: Use clipping s16 rematrixing if overflows are possible
- swresample/rematrix: Use error diffusion to avoid error in the DC component of the matrix
- libavformat/oggdec: Free stream private when header parsing fails.
- avformat/utils: Check bps before using it in a shift in ff_get_pcm_codec_id()
- avformat/oggparseopus: Check that granule pos is within the supported range
- avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg
- avformat/options_table: Add missing identifier for very strict compliance
- librtmp: Avoid an infiniloop setting connection arguments
- avformat/oggparsevp8: fix pts calculation on pages ending with an invisible frame

(adam)

Updated math/mpfr to 3.1.5

(wiz)

Updated mpfr to 3.1.5.

Changes from version 3.1.4 to version 3.1.5:
- C++11 compatibility.
- Bug fixes (see <http://www.mpfr.org/mpfr-3.1.4/#fixed> and ChangeLog file).
- More tests.

(wiz)

Updated devel/meld to 3.16.3

(wiz)

Updated meld to 3.16.3.

2016-09-26 meld 3.16.3
======================

  Fixes:

  * Fix bad scroll syncing and inability to move between comparison chunks in
    file comparisons (Vasily Galkin)
  * Improve version control view behaviour when opening missing paths (Vasily
    Galkin)
  * Fix saving of text created in blank comparison (Vasily Galkin)
  * GTK+ 3.22 compatibility fixes for saving window size (Kai Willadsen)
  * Fix formatted patches missing newlines in certain cases (Kai Willadsen)
  * Silence GTK+ warning logging if not running in uninstalled (i.e.,
    development) mode (Kai Willadsen)
  * Update AppData (Kai Willadsen)

  Translations:

  * Anders Jonsson (sv)
  * Balázs Meskó (hu)
  * Daniel Mustieles (es)
  * Marek Černocký (cs)
  * Mario Blättermann (de)
  * Piotr Drąg (pl)
  * Rafael Fontenelle (pt_BR)
  * Tiago Santos (pt)
  * Мирослав Николић (sr, sr@latin)

(wiz)

Updated fonts/harfbuzz to 1.3.2

(wiz)

Updated harfbuzz to 1.3.2.

Overview of changes leading to 1.3.2
Wednesday, September 27, 2016
====================================

- Fix build of hb-coretext on older OS X versions.

(wiz)

Changes 2.1:
Unknown

(adam)

Updated security/nettle to 3.3

(wiz)

Updated nettle to 3.3.

NEWS for the Nettle 3.3 release

This release fixes a couple of bugs, and improves resistance
to side-channel attacks on RSA and DSA private key operations.

Changes in behavoir:

* Invalid private RSA keys, with an even modulo, are now
  rejected by rsa_private_key_prepare. (Earlier versions
  allowed such keys, even if results of using them were bogus).

  Nettle applications are required to call
  rsa_private_key_prepare and check the return value, before
  using any other RSA private key functions; failing to do so
  may result in crashes for invalid private keys. As a
  workaround for versions of Gnutls which don't use
  rsa_private_key_prepare, additional checks for even moduli
  are added to the rsa_*_tr functions which are used by all
  recent versions of Gnutls.

* Ignore bit 255 of the x coordinate of the input point to
  curve25519_mul, as required by RFC 7748. To differentiate at
  compile time, curve25519.h defines the constant
  NETTLE_CURVE25519_RFC7748.

Security:

* RSA and DSA now use side-channel silent modular
  exponentiation, to defend against attacks on the private key
  from evil processes sharing the same processor cache. This
  attack scenario is of particular relevance when running an
  HTTPS server on a virtual machine, where you don't know who
  you share the cache hardware with.

  (Private key operations on elliptic curves were already
  side-channel silent).

Bug fixes:

* Fix sexp-conv crashes on invalid input. Reported by Hanno
  B旦ck.

* Fix out-of-bounds read in des_weak_p. Fixed by Nikos
  Mavrogiannopoulos.

* Fix a couple of formally undefined shift operations,
  reported by Nikos Mavrogiannopoulos.

* Fix compilation with c89. Reported by Henrik Grubbstr旦m.

New features:

* New function memeql_sec, for side-channel silent comparison
  of two memory areas.

Miscellaneous:

* Building the public key support of nettle now requires GMP
  version 5.0 or later (unless --enable-mini-gmp is used).

* Filenames of windows DLL libraries now include major number
  only. So the dll names change at the same time as the
  corresponding soname on ELF platforms. Fixed by Nikos
  Mavrogiannopoulos.

* Eliminate most pointer-signedness warnings. In the process,
  the strings representing expression type for sexp_interator
  functions were changed from const uint8_t * to const char *.
  These functions are undocumented, and it doesn't change the
  ABI on any platform I'm aware of.

The shared library names are libnettle.so.6.3 and
libhogweed.so.4.3, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.

(wiz)

Updated www/neon to 0.30.2

(wiz)

Updated neon to 0.30.2.

Changes in release 0.30.2:
* Add support for OpenSSL 1.1.x (Kurt Roeckx).
* Fix PKCS#11 support under GnuTLS 3.x.
- PKCS#11 API no longer supported with GnuTLS 2.x

(wiz)

Remove some dead code, python-3.3 is no more.

(wiz)

version 3.1.4:
- avformat/avidec: Check nb_streams in read_gab2_sub()
- avformat/avidec: Remove ancient assert
- avfilter/vf_colorspace: fix range for output colorspace option
- lavc/mediacodecdec_h264: fix SODB escaping
- avcodec/nvenc: fix const options for hevc gpu setting
- avformat/avidec: Fix memleak with dv in avi
- lavc/movtextdec.c: Avoid infinite loop on invalid data.
- avcodec/ansi: Check dimensions
- avcodec/cavsdsp: use av_clip_uint8() for idct
- avformat/movenc: Check packet in mov_write_single_packet() too
- avformat/movenc: Factor check_pkt() out
- avformat/utils: fix timebase error in avformat_seek_file()
- avcodec/g726: Add missing ADDB output mask
- avcodec/avpacket: clear side_data_elems
- avformat/movenc: Check first DTS similar to dts difference
- avcodec/ccaption_dec: Use simple array instead of AVBuffer
- avcodec/svq3: Reintroduce slice_type
- avformat/mov: Fix potential integer overflow in mov_read_keys
- swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
- swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
- avformat/avidec: Fix infinite loop in avi_read_nikon()
- lavf/utils: Avoid an overflow for huge negative durations.
- avformat/hls: Fix handling of EXT-X-BYTERANGE streams over 2GB
- lavc/avpacket: Fix undefined behaviour, do not pass a null pointer to memcpy().
- lavc/mjpegdec: Do not skip reading quantization tables.
- cmdutils: fix implicit declaration of SetDllDirectory function

(adam)

Updated security/py-cryptography to 1.5.2

(wiz)

Updated py-cryptography to 1.5.2.

1.5.2 - 2016-09-26
~~~~~~~~~~~~~~~~~~

* Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.

(wiz)

Updated devel/py-setuptools to 28.1.0

(wiz)

Updated py-setuptools to 28.1.0.

v28.1.0
-------

* #803: Bump certifi to 2016.9.26.

v28.0.0
-------

* #733: Do not search excluded directories for packages.
  This introduced a backwards incompatible change in ``find_packages()``
  so that ``find_packages(exclude=['foo']) == []``, excluding subpackages of ``foo``.
  Previously, ``find_packages(exclude=['foo']) == ['foo.bar']``,
  even though the parent ``foo`` package was excluded.

* #795: Bump certifi.

* #719: Suppress decoding errors and instead log a warning
  when metadata cannot be decoded.

v27.3.1
-------

* #790: In MSVC monkeypatching, explicitly patch each
  function by name in the target module instead of inferring
  the module from the function's ``__module__``. Improves
  compatibility with other packages that might have previously
  patched distutils functions (i.e. NumPy).

v27.3.0
-------

* #794: In test command, add installed eggs to PYTHONPATH
  when invoking tests so that subprocesses will also have the
  dependencies available. Fixes `tox 330
  <https://github.com/tox-dev/tox/issues/330>`_.

* #795: Update vendored pyparsing 2.1.9.

(wiz)

Updated time/py-vdirsyncer to 0.13.1

(wiz)

Updated py-vdirsyncer to 0.13.1.

Version 0.13.1
==============

*released on 30 September 2016*

- Fix a bug that would completely break collection discovery.

Version 0.13.0
==============

*released on 29 September 2016*

- Python 2 is no longer supported at all. See :gh:`219`.
- Config sections are now checked for duplicate names. This also means that you
  cannot have a storage section ``[storage foo]`` and a pair ``[pair foo]`` in
  your config, they have to have different names. This is done such that
  console output is always unambigous. See :gh:`459`.
- Custom commands can now be used for conflict resolution during sync. See
  :gh:`127`.
- :storage:`http` now completely ignores UIDs. This avoids a lot of unnecessary
  down- and uploads.

(wiz)

Updated x11/xterm to 326

(wiz)

Updated xterm to 326.

Patch #326 - 2016/09/25

    updated appdata file (report by Richard Hughes).
    improve discussion of the different terminal emulations provided by xterm in the manual page.
    add examples of setting the icon title with/without the window title in the manual (Debian #833984).
    correct a limit-check when using a numeric value for extended Booleans e.g., *fullscreen:3 rather than a name such as *fullscreen:never.
    add action allow-bold-fonts
    improved formatting fixes for manual page, using script to find mismatches in spelling of resources, actions and menu entries.
    improve documentation of logging resources.
    fix a special case of flickering cursor by adding GraphicsExpose to the list of event types that should not trigger making the mouse cursor visible (patch by Joe Peterson).
    correct initialization of line-drawing in VT52-mode, overlooked in changes for patch #297 (report/patch by Ben Wiley Sittler).
    minor clarification of form-feed versus line-feed in ctlseqs.ms (suggested by David Kemper).
    amend fix for Debian #738794 to restore a check for missing characters which are not combining characters. Also fill in a corresponding special case for TrueType fonts (Debian #827905).

(wiz)

Updated security/openssl to 1.0.2jnb1

(wiz)

Remove incorrect comment and resulting weird license.

idea and mdc2 patents expired, so enable them by default.
rc5 looks like it might be expired as well, but I didn't find
anything relevant on that topic, so I left it alone.

Bump PKGREVISION.

(wiz)

Allow sissl-1.1 per default

See
https://opensource.org/licenses/sisslpl

(wiz)

Call sun-iss sissl-1.1 to match OSI.

(wiz)

Rename sun-iss to sissl-1.1 to match OSI name.
Remove sun-iss-license, same license, but OSI is fine with it, so no
"-license" needed.

(wiz)

Add Sun Industry Standards Source License (used by sge)

(wiz)

License added, remove comment that it's missing.

(wiz)

Add fromto license.

(wiz)

dd sleepycat license.

(wiz)

Add ppunpack license.

(wiz)

Clarify LICENSE a bit.

(wiz)

Add aladdin-license for bg5pdf.

(wiz)

Add pdflib license.

pdftotext output of PDF included in package, whitespace-edited and
page numbers and ^L removed.

(wiz)

ibm-public-license-1.0 -> ipl-1.0

(wiz)

Try listing all relevant licenses.

(wiz)

Add ipl-1.0 (IBM Public License). OSI approved.

https://opensource.org/licenses/IPL-1.0

(wiz)

Updated net/syncthing to 0.14.7

v0.14.7

This is a minor release recommended for all users.

Improvements in this release include faster (i.e., less CPU intensive)
hashing on some Intel and ARM64 CPU:s, a more refined dark theme,
CORS headers in the API, and an updated set of default discovery
servers.

Resolved issues since v0.14.6:

    #3596: Deadlock no longer occurs on device removal

(abs)

idea patent has expired, so set LICENSE to something more useful.

(wiz)

Add licenses for pgp2 and pgp5.

(wiz)

Remove email from the author that describes the package's license.

The LICENSE tag is correct.

(wiz)

Use pkgsrc-standard spelling for LICENSE.

(wiz)

lowercase license name

(spz)

may be one of our unparseable license culprits

(spz)

fix obvious typo in LICENSE

(spz)

spidermonkey17: don't reject MIPS ABIs that aren't n32.
switch the use of nops (most likely used to eliminate hazards too) to
ehb/ssnop. nop doesn't eliminate hazards on a superscalar MIPS CPU.

probably helps the report of vague problems on loongson2f.

(maya)

g95: now that I understand why -mips1 is chosen here, clarify it in the
comment for the patch.

note: the choice of o32 for this package is questionable, and defaulting
to n32 on gcc/config.gcc instead is probably the right thing, this package
won't run on platforms that use o32, and the n32 linker can't handle the
o32 objects apparently - it dies with "not enough GOT space for local GOT
entries" (PR toolchain/51521).

defaulting to n32 will allow deleting this patch, but I won't make the
transition because I can't get further in the build and hit a compile
assertion about MTYPE not matching CEXT (double float in my case), similar
to GCC bug #20633.

(maya)

nss: replace USE_NSS_64 with _LP64 builtin.

fixes build for 32bit when passing USE_64 (which is questionable)...

in pkgsrc we declare all mips64* platforms as 64bit, and use USE_64.
However, netbsd/mips64 is using a 32bit ABI, so it is akin to passing
USE_64=1 for 32bit.

perhaps not declaring it a 64bit platform is correct, but this package
is one of the only few using this logic, and it's unfeasible to have
correct logic for 32bit/64bit.

this package has considerably more logic for USE_64 than for USE_NSS_64,
so to avoid inadvertent damage to other platforms, retain the USE_64=1
logic.

feel free to object to this option in the discussion on tech-pkg.

(maya)

Updated devel/py-mercurial to 3.9.2

(wiz)

Updated py-mercurial to 3.9.2.

This is a regularly-scheduled bugfix release.

    annotate: correct output in some merge cases (issue5360)
    crecord: properly handle files with No newline at eof (issue5268)
    grep: rewrite help to better document current (confusing) behavior

(wiz)

Updated devel/asio to 1.10.8

(prlw1)

Update asio to 1.10.8

Asio 1.10.8

* Added compatibility with OpenSSL 1.1.0.

* Fixed out-of-bounds iterator use in `asio::connect()` when the
  `connect_condition` returns an end iterator.

* Added a workaround for a move detection problem on MSVC 2015 Update 2.

* Changed a workaround that was previously added for broken Windows firewalls
  to only bind to 127.0.0.1 if `getsockname` reports 0.0.0.0.

* Added call to `SSL_COMP_free_compression_methods` to fix two memory leaks
  reported at shutdown, for OpenSSL versions >= 1.0.2 and < 1.1.0.

* Fixed `use_future` compile error encountered on some standard library
  implementations, by changing `std::allocator<void>` use to a non-void
  template parameter.

* Enabled use of native `getaddrinfo` by default on Apple OSes, rather than
  emulation in terms of `getipnodebyname`.

Asio 1.10.7

* Added support for Windows 8.1 Store apps.

* Fixed macro multiple definition error on Microsoft Visual Studio 2015.

* Changed Asio's SSL wrapper to respect OpenSSL's `OPENSSL_NO_SSL3` feature
  test `#define`.

* Changed Asio's SSL wrapper to use OpenSSL's new `SSL_CTX_clear_chain_certs`
  function, if available.

* Suppressed a clang 3.6+ warning about unused typedefs.

* Regenerated certificates used by SSL examples.

* Fixed buffer sizes passed to `strncat` in the `getaddrinfo` emulation and in
  the SSL wrapper's password handling.

* Changed Windows backend to use non-macro `CreateEventW` rather than
  `CreateEvent`.

(prlw1)

x264-devel: if we don't pass the assembly test, e.g. if we don't
pass optimizing flags (like default netbsd setup), just act as if
we passed --disable-asm, as opposed to passing it for netbsd/arm.

- now other operating systems that don't optimize won't fail here.
- if someone does pass optimization, he benefits from it
- I don't have to define another case in the Makefile for MIPS

(maya)

Ensure upper limit in mysql{56,57}-client respective bl3.

(fhajny)

+ ffmpeg2-2.8.8, ffmpeg3-3.1.4, harfbuzz-1.3.2, liblangtag-0.6.2,
  meld-3.16.3, mpfr-3.1.5, neon-0.30.2, nettle-3.3,
  p5-DateTime-TimeZone-2.05, p5-Module-Signature-0.81,
  p5-Scalar-List-Utils-1.46, py-cryptography-1.5.2, py-foolscap-0.12.4,
  py-hypothesis-3.5.2, py-mercurial-3.9.2, py-radare2-0.10.6,
  py-setuptools-28.1.0, py-test-3.0.3, py-vdirsyncer-0.13.1,
  radare2-0.10.6, x264-devel-20161001, xterm-326.

(wiz)

Updated finance/moneyguru to 2.10.2

(wiz)

Updated moneyguru to 2.10.2.

2.10.2 (2016-08-28)

    Fix crash when opening panels on some versions of PyQt. [qt] #456
    Fix misalignment of bold figures in networth/profit sheets. [cocoa] #459

(wiz)