Add email, commandline and clamd options. Enable email by default.
Bump PKGREVISION to 7

(sborrill)

Updated lang/nodejs to 6.6.0

(fhajny)

Update lang/nodejs to 6.6.0.

Notable changes

- crypto: Added crypto.timingSafeEqual().
- events: Made the "max event listeners" memory leak warning more
  accessible.
- promises: Unhandled rejections now emit a process warning after
  the first tick.
- repl: Added auto alignment for .editor mode.
- util: Some functionality has been added to util.inspect():
  - Returning this from a custom inspect function now works.
  - Added support for Symbol-based custom inspection methods.

(fhajny)

link network libs on SunOS

(wiedi)

Recursive PKGREVISION bump for gnutls shlib major bump.

(wiz)

needs openssl and network libs on SunOS

(wiedi)

Remove another obsolete patch.

(wiz)

Remove another obsolete patch.

(wiz)

Revert previous.

(wiz)

Remove two obsolete patches.

(wiz)

Updated devel/p5-Git-Wrapper to 0.047

(mef)

Updated devel/p5-Git-Wrapper to 0.047
-------------------------------------
0.047    2016-09-18 15:30:58-07:00 America/Los_Angeles
      Properly track commits in test (Graham Knop)

(mef)

Updated security/gnutls to 3.5.4

(wiz)

Updated gnutls to 3.5.4.

* Version 3.5.4 (released 2016-09-08)

** libgnutls: Corrected the comparison of the serial size in OCSP response.
  Previously the OCSP certificate check wouldn't verify the serial length
  and could succeed in cases it shouldn't (GNUTLS-SA-2016-3).
  Reported by Stefan Buehler.

** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop.

** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This
  is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0.

** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256
  as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0.

** libgnutls: Added support for internationalized passwords in PKCS#12 files.
  Previous versions would only encrypt or decrypt using passwords from the ASCII
  set.

** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA
  keys. The signature is now written as unsigned integers into the DSASignatureValue
  structure. Previously signed integers could be written depending on what
  the underlying module would produce. Addresses #122.

** gnutls-cli: Fixed starttls regression from 3.5.3.

** API and ABI modifications:
GNUTLS_E_MALFORMED_CIDR: Added
gnutls_x509_cidr_to_rfc5280: Added
gnutls_oid_to_mac: Added

* Version 3.5.3 (released 2016-08-09)

** libgnutls: Added support for TCP fast open (RFC7413), allowing
  to reduce by one round-trip the handshake process. Based on proposal and
  patch by Tim Ruehsen.

** libgnutls: Adopted a simpler with less memory requirements DTLS sliding
  window implementation. Based on Fridolin Pokorny's implementation for
  AF_KTLS.

** libgnutls: Use getrandom where available via the syscall interface.
  This works around an issue of not-using getrandom even if it exists
  since glibc doesn't declare such function.

** libgnutls: Fixed DNS name constraints checking in the case of empty
  intersection of domain names in the chain. Report and fix by Martin Ukrop.

** libgnutls: Fixed name constraints checking in the case of chains
  where the higher level certificates contained different types of
  constraints than the ones present in the lower intermediate CAs.
  Report and fix by Martin Ukrop.

** libgnutls: Dropped support for the EGD random generator.

** libgnutls: Allow the decoding of raw elements (starting with #)
  in RFC4514 DN string decoding.

** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
  ignoring flags if all certificates in the list fit within the
  initially allocated memory. Patch by Tim Kosse.

** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt()
  to return invalid pointers when returned more than a single certificate.
  Report and fix by Stefan S淡rensen.

** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain,
  even when the extra_certs was non-null. Report and fix by Stefan S淡rensen.

** certtool: Added the "add_extension" and "add_critical_extension"
  template options. This allows specifying arbitrary extensions into
  certificates and certificate requests.

** gnutls-cli: Added the --fastopen option.

** API and ABI modifications:
GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added
gnutls_x509_crq_set_extension_by_oid: Added
gnutls_x509_dn_set_str: Added
gnutls_transport_set_fastopen: Added

* Version 3.5.2 (released 2016-07-06)

** libgnutls: Address issue when utilizing the p11-kit trust store
  for certificate verification (GNUTLS-SA-2016-2).

** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
  Guillaume Roguez.

** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
  from SafeNet Network HSM. Reported by Anthony Alba in #108.

** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report
  and fix by Stanislav 貼idek.

** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE
  instructions. Uses Andy Polyakov's assembly code.

** API and ABI modifications:
No changes since last version.

* Version 3.5.1 (released 2016-06-14)

** libgnutls: The SSL 3.0 protocol support can completely be removed
  using a compile time option. The configure option is --disable-ssl3-support.

** libgnutls: The SSL 2.0 client hello support can completely be removed
  using a compile time option. The configure option is --disable-ssl2-support.

** libgnutls: Added support for OCSP Must staple PKIX extension. That is,
  implemented the RFC7633 TLSFeature for OCSP status request extension.
  Feature implemented by Tim Kosse.

** libgnutls: More strict OCSP staple verification. That is, no longer
  ignore invalid or too old OCSP staples. The previous behavior was
  to rely on application use gnutls_ocsp_status_request_is_checked(),
  while the new behavior is to include OCSP verification by default
  and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error.

** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
  purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
  improves interoperability with several old intermediate CA certificates
  carrying these legacy OIDs.

** libgnutls: Re-read the system wide priority file when needed. Patch by
  Daniel P. Berrange.

** libgnutls: Allow for fallback in system-specific initial keywords
  (prefixed with '@'). That allows to specify a keyword such as
  "@KEYWORD1,KEYWORD2" which will use the first available of these
  two keywords. Patch by Daniel P. Berrange.

** libgnutls: The SSLKEYLOGFILE environment variable can be used to log
  session keys. These session keys are compatible with the NSS Key Log
  Format and can be used to decrypt the session for debugging using
  wireshark.

** API and ABI modifications:
GNUTLS_CERT_INVALID_OCSP_STATUS: Added
gnutls_x509_crt_set_crq_extension_by_oid: Added
gnutls_x509_ext_import_tlsfeatures: Added
gnutls_x509_ext_export_tlsfeatures: Added
gnutls_x509_tlsfeatures_add: Added
gnutls_x509_tlsfeatures_init: Added
gnutls_x509_tlsfeatures_deinit: Added
gnutls_x509_tlsfeatures_get: Added
gnutls_x509_crt_get_tlsfeatures: Added
gnutls_x509_crt_set_tlsfeatures: Added
gnutls_x509_crq_get_tlsfeatures: Added
gnutls_x509_crq_set_tlsfeatures: Added
gnutls_ext_get_name: Added

* Version 3.5.0 (released 2016-05-09)

** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA,
  based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html

** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07).
  This curve is disabled by default as it is still on specification status. It
  can be enabled using the priority string modifier +CURVE-X25519.

** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01)
  by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73).

** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable
  RSA and DSA parameter generation from a seed.

** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
  cipher is prioritized after AES-GCM.

** libgnutls: On a rehandshake ensure that the certificate of the peer or
  its username remains the same as in previous handshakes. That is to protect
  applications which do not check user credentials on rehandshakes. The
  threat to address depends on the application protocol. Primarily it
  protects against applications which authenticate the peer initially and
  perform accounting using the session's information, from being misled
  by a rehandshake which switches the peer's identity. Applications can
  disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in
  gnutls_init().

** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate
  parsing errors in the extensions field and treat it as a typical Hello
  message structure. Reported by Hubert Kario (#40).

** libgnutls: Old and unsupported version numbers in client hellos are
  rejected with a "protocol_version" alert message. Reported by Hubert
  Kario (#42).

** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*()
  functions, only on non-resumed sessions. This brings the API in par with
  its usage (#79).

** libgnutls: Follow RFC5280 strictly in name constraints computation. The
  permitted subtrees is intersected with any previous values. Report and
  patch by Daiki Ueno.

** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on
  session resumption. Reported by Hubert Kario (#69).

** libgnutls: Consider the max-record TLS extension even when under DTLS.
  Reported by Peter Dettman (#61).

** libgnutls: Replaced writev() system call with sendmsg().

** libgnutls: Replaced select() system call with poll() on POSIX systems.

** libgnutls: Preload the system priority file on library load. This allows
  applications that chroot() to also use the system priorities.

** libgnutls: Applications are allowed to override the built-in key and
  certificate URLs.

** libgnutls: The gnutls.h header marks constant and pure functions explictly.

** certtool: Added the ability to sign certificates using SHA3.

** certtool: Added the --provable and --verify-allow-broken options.

** gnutls-cli: The --dane option will cause verification failure if gnutls is not
  compiled with DANE support.

** crywrap: The tool was unbundled from gnutls' distribution. It can be found at
  https://github.com/nmav/crywrap

** guile: .go files are now built and installed

** guile: Fix compatibility issue of the test suite with Guile 2.1

** guile: When --with-guile-site-dir is passed, modules are installed in a
  versioned directory, typically $(datadir)/guile/site/2.0

** guile: Tests no longer leave zombie processes behind

** API and ABI modifications:
GNUTLS_FORCE_CLIENT_CERT: Added
GNUTLS_ENABLE_FALSE_START: Added
GNUTLS_INDEFINITE_TIMEOUT: Added
GNUTLS_ALPN_SERVER_PRECEDENCE: Added
GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added
GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added
gnutls_check_version_numeric: Added
gnutls_x509_crt_equals: Added
gnutls_x509_crt_equals2: Added
gnutls_x509_crt_set_subject_alt_othername: Added
gnutls_x509_crt_set_issuer_alt_othername: Added
gnutls_x509_crt_get_signature_oid: Added
gnutls_x509_crt_get_pk_oid: Added
gnutls_x509_crq_set_subject_alt_othername: Added
gnutls_x509_crq_get_pk_oid: Added
gnutls_x509_crq_get_signature_oid: Added
gnutls_x509_crl_get_signature_oid: Added
gnutls_x509_privkey_generate2: Added
gnutls_x509_privkey_get_seed: Added
gnutls_x509_privkey_verify_seed: Added
gnutls_privkey_generate2: Added
gnutls_privkey_get_seed: Added
gnutls_privkey_verify_seed: Added
gnutls_decode_ber_digest_info: Added
gnutls_encode_ber_digest_info: Added
gnutls_dh_params_import_dsa: Added
gnutls_session_get_master_secret: Added

* Version 3.4.3 (released 2015-07-12)

** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
  dates prior to 2050.

** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
  was done only when cryptodev was enabled).

** libgnutls: Removed support for pthread_atfork() as it has undefined
  semantics when used with dlopen(), and may lead to a crash.

** libgnutls: corrected failure when importing plain files
  with gnutls_x509_privkey_import2(), and a password was provided.

** libgnutls: Don't reject certificates if a CA has the URI or IP address
  name constraints, and the end certificate doesn't have an IP address
  name or a URI set.

** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.

** p11tool: Added --list-token-urls option, and print the token module name
  in list-tokens.

** API and ABI modifications:
gnutls_ecc_curve_get_oid: Added
gnutls_digest_get_oid: Added
gnutls_pk_get_oid: Added
gnutls_sign_get_oid: Added
gnutls_ecc_curve_get_id: Added
gnutls_oid_to_digest: Added
gnutls_oid_to_pk: Added
gnutls_oid_to_sign: Added
gnutls_oid_to_ecc_curve: Added
gnutls_pkcs7_get_signature_count: Added

* Version 3.4.2 (released 2015-06-16)

** libgnutls: DTLS blocking API is more robust against infinite blocking,
and will notify of more possible timeouts.

** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
by Manuel Pegourie-Gonnard.

** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
allows to disable SIGPIPE for writes done within gnutls.

** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
of structures. API moved to gnutls/pkcs7.h header.

** certtool: Added options to generate PKCS #7 bundles and signed
structures.

** API and ABI modifications:
gnutls_x509_dn_get_str: Added
gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added
gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added
gnutls_x509_crt_verify_data2: Added
gnutls_pkcs7_get_crt_raw2: Added
gnutls_pkcs7_signature_info_deinit: Added
gnutls_pkcs7_get_signature_info: Added
gnutls_pkcs7_verify_direct: Added
gnutls_pkcs7_verify: Added
gnutls_pkcs7_get_crl_raw2: Added
gnutls_pkcs7_sign: Added
gnutls_pkcs7_attrs_deinit: Added
gnutls_pkcs7_add_attr: Added
gnutls_pkcs7_get_attr: Added
gnutls_pkcs7_print: Added

* Version 3.4.1 (released 2015-05-03)

** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.

** libgnutls: Check for invalid length in the X.509 version field. Without
the check certificates with invalid length would be detected as having an
arbitrary version. Reported by Hanno B旦ck.

** libgnutls: Handle DNS name constraints with a leading dot. Patch by
Fotis Loukos.

** libgnutls: Updated system-keys support for windows to compile in more
versions of mingw. Patch by Tim Kosse.

** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].

** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
by default. That caused issues with non-blocking programs.

** certtool: It can generate SHA256 key IDs.

** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.

** configure: re-enabled the --enable-local-libopts flag

** API and ABI modifications:
gnutls_x509_crt_get_pk_ecc_raw: Added

* Version 3.4.0 (released 2015-04-08)

** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.

** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".

** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.

** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.

** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).

** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".

** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".

** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.

** libgnutls: The priority string EXPORT was completely removed. The string
was already defunc as support for the EXPORT ciphersuites was removed in
GnuTLS 3.2.0.

** libgnutls: Added API to utilize system specific private keys in
"gnutls/system-keys.h". It is currently provided as technology preview
and is restricted to windows CNG keys.

** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
RFC6125 comparison of hostnames. That introduces a dependency on libidn.

** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).

** libgnutls: Depend on nettle 3.1.

** libgnutls: Use getrandom() or getentropy() when available. That
avoids the complexity of file descriptor handling and issues with
applications closing all open file descriptors on startup.

** libgnutls: Use pthread_atfork() to detect fork when available.

** libgnutls: If a key purpose (extended key usage) is specified for verification,
it is applied into intermediate certificates. The verification result
GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.

** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
combination with PKCS #11, or TPM URLs, it will utilize the provided
password as PIN if required. That removes the requirement for the
application to set a callback for PINs in that case.

** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
restricted to the corresponding protocols only, and the VERS-ALL
string is introduced to catch all possible protocols.

** libgnutls: Added helper functions to obtain information on PKCS #8
structures.

** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.

** libgnutls: Added functions to export and set the record state. That
allows for gnutls_record_send() and recv() to be offloaded (to kernel,
hardware or any other subsystem).

** libgnutls: Added the ability to register application specific URL
types, which express certificates and keys using gnutls_register_custom_url().

** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().

** libgnutls: Added gnutls_ext_register() to register custom extensions.
Contributed by Thierry Quemerais.

** libgnutls: Added gnutls_supplemental_register() to register custom
supplemental data handshake messages. Contributed by Thierry Quemerais.

** libgnutls-openssl: it is no longer built by default.

** certtool: Added --p8-info option, which will print PKCS #8 information
even if the password is not available.

** certtool: --key-info option will print PKCS #8 encryption information
when available.

** certtool: Added the --key-id and --fingerprint options.

** certtool: Added the --verify-hostname, --verify-email and --verify-purpose
options to be used in certificate chain verification, to simulate verification
for specific hostname and key purpose (extended key usage).

** certtool: --p12-info option will print PKCS #12 MAC and cipher information
when available.

** certtool: it will print the A-label (ACE) names in addition to UTF-8.

** p11tool: added options --set-id and --set-label.

** gnutls-cli: added options --priority-list and --save-cert.

** guile: Deprecated priority API has been removed. The old priority API,
which had been deprecated for some time, is now gone; use 'set-session-priorities!'
instead.

** guile: Remove RSA parameters and related procedures. This API had been
deprecated.

** guile: Fix compilation on MinGW. Previously only the static version of the
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.

** API and ABI modifications:
gnutls_record_get_state: Added
gnutls_record_set_state: Added
gnutls_aead_cipher_init: Added
gnutls_aead_cipher_decrypt: Added
gnutls_aead_cipher_encrypt: Added
gnutls_aead_cipher_deinit: Added
gnutls_pkcs12_generate_mac2: Added
gnutls_pkcs12_mac_info: Added
gnutls_pkcs12_bag_enc_info: Added
gnutls_pkcs8_info: Added
gnutls_pkcs_schema_get_name: Added
gnutls_pkcs_schema_get_oid: Added
gnutls_pcert_export_x509: Added
gnutls_pcert_export_openpgp: Added
gnutls_pcert_import_x509_list: Added
gnutls_pkcs11_privkey_cpy: Added
gnutls_x509_crq_get_signature_algorithm: Added
gnutls_x509_trust_list_iter_get_ca: Added
gnutls_x509_trust_list_iter_deinit: Added
gnutls_x509_trust_list_get_issuer_by_dn: Added
gnutls_pkcs11_get_raw_issuer_by_dn: Added
gnutls_certificate_get_trust_list: Added
gnutls_privkey_export_x509: Added
gnutls_privkey_export_pkcs11: Added
gnutls_privkey_export_openpgp: Added
gnutls_privkey_import_ext3: Added
gnutls_certificate_get_x509_key: Added
gnutls_certificate_get_x509_crt: Added
gnutls_certificate_get_openpgp_key: Added
gnutls_certificate_get_openpgp_crt: Added
gnutls_record_discard_queued: Added
gnutls_session_ext_master_secret_status: Added
gnutls_priority_string_list: Added
gnutls_dh_params_import_raw2: Added
gnutls_memset: Added
gnutls_memcmp: Added
gnutls_pkcs12_bag_set_privkey: Added
gnutls_ocsp_resp_get_responder_raw_id: Added
gnutls_system_key_iter_deinit: Added
gnutls_system_key_iter_get_info: Added
gnutls_system_key_delete: Added
gnutls_system_key_add_x509: Added
gnutls_system_recv_timeout: Added
gnutls_register_custom_url: Added
gnutls_pkcs11_obj_list_import_url3: Added
gnutls_pkcs11_obj_list_import_url4: Added
gnutls_pkcs11_obj_set_info: Added
gnutls_crypto_register_cipher: Added
gnutls_crypto_register_aead_cipher: Added
gnutls_crypto_register_mac: Added
gnutls_crypto_register_digest: Added
gnutls_ext_register: Added
gnutls_supplemental_register: Added
gnutls_supplemental_recv: Added
gnutls_supplemental_send: Added
gnutls_openpgp_crt_check_email: Added
gnutls_x509_crt_check_email: Added
gnutls_handshake_set_hook_function: Modified
gnutls_pkcs11_privkey_generate3: Added
gnutls_pkcs11_copy_x509_crt2: Added
gnutls_pkcs11_copy_x509_privkey2: Added
gnutls_pkcs11_obj_list_import_url: Removed
gnutls_pkcs11_obj_list_import_url2: Removed
gnutls_certificate_client_set_retrieve_function: Removed
gnutls_certificate_server_set_retrieve_function: Removed
gnutls_certificate_set_rsa_export_params: Removed
gnutls_certificate_type_set_priority: Removed
gnutls_cipher_set_priority: Removed
gnutls_compression_set_priority: Removed
gnutls_kx_set_priority: Removed
gnutls_mac_set_priority: Removed
gnutls_protocol_set_priority: Removed
gnutls_rsa_export_get_modulus_bits: Removed
gnutls_rsa_export_get_pubkey: Removed
gnutls_rsa_params_cpy: Removed
gnutls_rsa_params_deinit: Removed
gnutls_rsa_params_export_pkcs1: Removed
gnutls_rsa_params_export_raw: Removed
gnutls_rsa_params_generate2: Removed
gnutls_rsa_params_import_pkcs1: Removed
gnutls_rsa_params_import_raw: Removed
gnutls_rsa_params_init: Removed
gnutls_sign_callback_get: Removed
gnutls_sign_callback_set: Removed
gnutls_x509_crt_verify_data: Removed
gnutls_x509_crt_verify_hash: Removed
gnutls_pubkey_get_verify_algorithm: Removed
gnutls_x509_crt_get_verify_algorithm: Removed
gnutls_pubkey_verify_hash: Removed
gnutls_pubkey_verify_data: Removed
gnutls_record_set_max_empty_records: Removed

guile:
set-session-cipher-priority!: Removed
set-session-mac-priority!: Removed
set-session-compression-method-priority!: Removed
set-session-kx-priority!: Removed
set-session-protocol-priority!: Removed
set-session-certificate-type-priority!: Removed
set-session-default-priority!: Removed
set-session-default-export-priority!: Removed
make-rsa-parameters: Removed
rsa-parameters?: Removed
set-certificate-credentials-rsa-export-parameters!: Removed
pkcs1-import-rsa-parameters: Removed
pkcs1-export-rsa-parameters: Removed

(wiz)

Updated databases/elasticsearch to 2.4.0

(fhajny)

Update databases/elasticsearch to 2.4.0.

=== Breaking changes

Network::
- Single comma-delimited response header for multiple values

=== Deprecations

Geo::
- Deprecate optimize_bbox on geodistance queries
- Deprecate geohash parameters for geo_point parser

Mapping::
- Add deprecation logging for '_timestamp' and '_ttl'.

Query DSL::
- Deprecate soon-to-be-unsupported queries.

REST::
- Deprecate camelCase usages

Search::
- Deprecate sort option reverse.

Settings::
- Deprecate bootstrap.mlockall
- Deprecate camelCase settings magic

Snapshot/Restore::
- Adds deprecation notices on removed BlobContainer methods

=== New features

Geo::
- Add CONTAINS relation to geo_shape query

Plugin Cloud AWS::
- Add support for path_style_access

Reindex API::
- Backport: Reindex's throttling

=== Enhancements

Circuit Breakers::
- Limit request size

Cluster::
- Batch process node left and node failure 2.x

Core::
- Improve performance of applyDeletedShards
- Sliced lock contention 2.x
- Kill thread local leak
- Remove hostname from NetworkAddress.format (2.x)

Dates::
- Improve TimeUnitRounding for edge cases and DST transitions

Internal::
- Turn RestChannel into an interface
- Require executor name when calling scheduleWithFixedDelay
- Implement available for all StreamInput classes

Java API::
- Add created flag to IndexingOperationListener#postIndex

Logging::
- Add shardId and node name in search slow log

Mapping::
- Mappings: Allow to force dots in field names

Network::
- Exclude admin / diagnostic requests from HTTP request limiting
- Netty request/response tracer should wait for send
- Exclude specific transport actions from request size limit check
- Provide better error message when an incompatible node connects
  to a node

Packaging::
- Increase default max open files to 65536
- Allow configuring Windows service name, description and user

Parent/Child::
- Allow adding additional child types that point to an existing
  parent type

Query DSL::
- Fixed QueryParsingException in multi match query

REST::
- CORS handling triggered whether User-Agent is a browser or not

Reindex API::
- Switch default batch size for reindex to 1000

Scripting::
-  Mustache: Add util functions to render JSON and join array
  values
- Compile each Groovy script in its own classloader

=== Bug fixes

Aggregations::
- Fix potential AssertionError with include/exclude on terms
  aggregations.
- Pass resolved extended bounds to unmapped histogram aggregator
- Fix "key_as_string" for date histogram and
  epoch_millis/epoch_second format with time zone
- Fix TimeUnitRounding for hour, minute and second units
- Adds serialisation of sigma to extended_stats_bucket pipeline
  aggregation
- ExtendedStatsAggregator should also pass sigma to emtpy aggs.
- Prevents exception being raised when ordering by an aggregation
  which wasn't collected
- Setting 'other' bucket on empty aggregation

Allocation::
- Rebalancing policy shouldn't prevent hard allocation decisions

Analysis::
- Add 'Character.MODIFIER_SYMBOL' to the list of symbol
  categories.

Bulk::
- Copy headers and context to individual requests inside a bulk

CAT API::
- Fix merge stats rendering in RestIndicesAction
- Expand wildcards to closed indices in '/_cat/indices'
- Fix column aliases in '_cat/indices', '_cat/nodes' and
  '_cat/shards' APIs

CRUD::
- Prevent TransportReplicationAction to route request based on
  stale local routing table

Cluster::
- Fix block checks when no indices are specified
- Cluster stats: fix memory available that is always set to 0

Core::
- Throw exception if using a closed transport client
- Fix misplaced cast when parsing seconds
- Don't try to compute completion stats on a reader after we
  already closed it

Dates::
- Make sure TimeIntervalRounding is monotonic for increasing dates
- Fix invalid rounding value for TimeIntervalRounding close to DST
  transitions
- Fix problem with TimeIntervalRounding on DST end

Highlighting::
- Plain highlighter should ignore parent/child queries
- Let fast vector highlighter also extract terms from the nested
  query's inner query.
- Skip all geo point queries in plain highlighter
- Exclude all but string fields from highlighting if wildcards are
  used

Indexed Scripts/Templates::
- Don't ignore custom sharding settings in create index request
  for '.scripts' index

Internal::
- Fix filtering of node ids for TransportNodesAction

Logging::
- Add missing index name to search slow log.

Mapping::
- Mapping updates on objects should propagate 'include_an_all'.
- Mappings: Fix detection of metadata fields in documents
- Fix not_analyzed string fields to error when
  position_increment_gap is set
- Automatically created indices should honor
  'index.mapper.dynamic'.
- Process dynamic templates in order.
- Fix cross type mapping updates for 'boolean' fields.
- Fail if an object is added after a field with the same name.

Packaging::
- RESTART_ON_UPGRADE incorrectly named ES_RESTART_ON_UPGRADE in
  sysconfig

Percolator::
- Set the SC and QPC type always to '.percolator' in percolate api
- Fixed NPE when percolator filter option is "empty".

Plugin Analysis Kuromoji::
- Prebuild Japanese Stop Words Token Filter

Plugin Cloud AWS::
- Support specific key/secret for EC2
- Add missing permission for S3 repository

Plugin Cloud Azure::
-  Make discovery-azure work again on 2.4 branch
- Fix remove of azure files

Plugin Cloud GCE::
- Fix NPE when GCE region is empty

Query DSL::
- Make parsing of bool queries stricter
- Fix NullPointerException in SimpleQueryParser when analyzing
  text produces a null query
- Apply the default operator on analyzed wildcard in
  simple_query_string builder
- Apply the default operator on analyzed wildcard in query_string
  builder

REST::
- Do not decode path when sending error
- CORS should permit same origin requests
- Allow CORS requests to work with HTTP compression enabled
- Fixes reading of CORS pre-flight headers and methods
- Fix OOM in AbstractXContentParser

Recovery::
- Backports Notify GatewayRecoveryListener on failure

Reindex API::
- Make reindex and lang-javascript compatible

Search::
- AllTermQuery must implement equals/hashCode.
- Add ref-counting to SearchContext to prevent accessing already
  closed readers
- Fix '_only_nodes' preferences
- Speed up named queries.

Snapshot/Restore::
- Handle 'indices=["_all"]' when restoring a snapshot
- On restore, selecting concrete indices can select wrong index

Stats::
- Fix sync flush total shards statistics

Translog::
- Translog can delete valid .ckp file when views are closed after
  the translog
- Call ensureOpen on Translog#newView() to prevent
  IllegalStateException

=== Upgrades

Core::
- Update jackson to version 2.8.1 (on 2.4 branch)
- Upgrade lucene to 5.5.2

Dates::
- Upgrade joda-time to 2.9.4

Internal::
- Update Jackson 2.6.2 -> 2.6.6 (latest and final 2.6 patch)

Network::
- Upgrade to netty 3.10.6.Final

Plugin Cloud AWS::
- Update aws sdk to 1.10.69 and add throttle_retries repository
  setting

(fhajny)

Note removal of pkg_tarup for destdir-mode replace

(gdt)

Omit pkg_tarup during replace in destdir mode

In destdir mode (the default), make replace creates the replacement
binary package without modifying the installed system, and then
installs it via pkg_add -u.  Thus, the new package is known to have
built and packaged ok before the system is changed, and the risk of
trouble is low; thus the benefit of tarring up the installed package
is very low, especially since the newly-tarred-up package is removed
by "make clean".  Using pkg_tarup costs cycles to run and more
importantly causes users to have to install it since it is not an
automatic dependency.

In addition, binary packages are now kept by default when building, so
the old version should be accessible in case of trouble.

This commit does not change the non-destdir case.  Almost no one uses
that method, and the relative benefit of tarup is much higher.

(gdt)

wants libmagic

(wiedi)

Updated databases/py-cassandra-driver to 3.7.0

(fhajny)

Update databases/py-cassandra-driver to 3.7.0.

Features
- Add v5 protocol failure map
- Don't return from initial connect on first error
- Indicate failed column when deserialization fails
- Let Cluster.refresh_nodes force a token map rebuild
- Refresh UDTs after "keyspace updated" event with v1/v2 protocol
- EC2 Address Resolver
- Speculative query retries
- Expose paging state in API
- Don't mark host down while one connection is active
- Query request size information
- Avoid quadratic ring processing with invalid replication factors
- Improve Connection/Pool creation concurrency on startup
- Add beta version native protocol flag
- cqlengine: Connections: support of multiple keyspaces and
  sessions

Bug Fixes
- Race when adding a pool while setting keyspace
- Update results_metadata when prepared statement is reprepared
- CQL Export for Thrift Tables
- cqlengine: default value not applied to UserDefinedType
- cqlengine: columns are no longer hashable
- cqlengine: remove clustering keys from where clause when
  deleting only static columns

(fhajny)

Updated devel/p5-PAR to 1.011
Updated devel/p5-glib2 to 1.322

(mef)

Updated devel/p5-glib2 to 1.322
-------------------------------
Overview of changes in Glib 1.322 (stable)
============================================
* Win32: only export the GVariant conversion symbols when available
∗ Glib.exports: updated copyright date

(mef)

Updated devel/p5-PAR to 1.011
-----------------------------
1.011  2016-09-18
- Move to GitHub. Thanks, OpenFoundry, for years of service.
- Suppress warning "Use of uninitialized value in do "file" ..."
- Put a description of its purpose into the canary file
- Remove all traces of Internals::PAR::CLEARSTACK
- Remove all references to http://par.perl.org/, doesn't exist anymore

(mef)

Improve HOMEPAGE.

(wiz)

p5-Return-Value-1.666005 is already done

(mef)

Updated devel/cppcheck to 1.75

(wiz)

Updated cppcheck to 1.75.

pkgsrc change: switch from qt4 to qt5 for GUI option.

Cppcheck-1.75 has been released

General changes:
- Replaced internal preprocessor by the brand-new preprocessor 'simplecpp'
- Improved Windows installer: Install a copy of the license instead of asking to accept it
- The Windows x64 binaries are now compiled with profile guided optimization, resulting in a speedup of 11%
- Improved manual, especially the chapter about Libraries
- Improved CWE mapping
- --append is deprecated and will be removed in 1.80

New checks:
- Detect passed by value for non-const variables and print message only if type size justifies optimization

Checking improvements:
- Implemented support for trailing return types (C++11)
- Improved support for digit separators (C++14)
- Improved support for enum types in buffer overflow checking
- Better handling of volatile variables when checking for redundant assignments
- Properly support integer suffixes i64 and ui64
- Support function arguments with default value in Libraries
- Always set file0 attribute of error messages to identify the source file cppcheck was checking

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Cppcheck-1.74 has been released

General changes:
- Improved CWE mapping of messages
- Git pre-commit hook checks only added or modified files

Checking improvements:
- Replaced simplification of enums by keeping and parsing them in the SymbolDatabase
- Added support to Library for specifying the parameter used by allocating/deallocating functions
- Improved support for integers defined in Libraries
- Improved accuracy of ValueType analysis
- Improved accuracy of VarID assignment, especially when dealing with structs and unions
- Improved performance of VarID assignment, checking for struct member usage, buffer overrun checking and several simplifications
- Added support for lots functions to windows.cfg and posix.cfg
- Better support for operator overloads
- Detect buffer overflows when %c is used with a width
- Improved checking for sizeof() taken of wrong type
- Support char literals when checking for conditions being always true or false
- Reimplemented check for usage of boolean results used in bitwise operations based on ValueType
- Improved checking for c_str() usage

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Cppcheck-1.73 has been released

General changes:
- CWE mapping of messages
- Translated manual to Japanese language

Removed checks:
- Checks for variables hiding enums or typedefs have been removed

New checks:

Checking improvements:
- Improved ValueType a lot, use it in more checks
- Improved VarId support for template constructors, namespaces and references as class members
- Improved libraries, especially gnu.cfg, posix.cfg and windows.cfg
- Improved simplification of enums and templates
- Better distinguishing between possible and known null pointer dereferenciations
- Assume integers to be signed by default
- better support for cplusplus macro in preprocessor
- Preprocessor directives for addons
- New tools: times-vs.py, reduce.py

GUI:
- Detect Geany and QtCreator
- Make statistics dialog shown when checking is finished optional

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Cppcheck-1.72 has been released.

General changes:
- Added platform files to customize characteristics of different target platforms
- Added setting to configure the default sign of integral variables and bit size of type 'char'
- Added option -E (only preprocess the code)
- Option --dump now outputs data for each configurations, not only the last one
- Several qmake project files have been removed

Removed checks:
- Check for unnecessary forward declaration has been removed

New checks:
- Warn about shifting negative values
- Detect statements with undefined execution order (pre-C++11 code)
- Added a generic check to discourage usage of specific functions, replacing CheckNonReentrantFunctions and CheckObsoleteFunctions

Checking improvements:
- Several improvmenets to ValueFlow analysis
- Improved ValueType handling, refactored several checks to make use of it
- Improved memory leak checking
- Improved Container specification in Library files, rewrote some checks based on it
- Improved handling of character literals
- Improved checking for non-interlocked accesses
- Properly support <cstdint> types in namespace std
- Added some validation mechamisms to avoid crashs

GUI:
- Improved Library editor
- Support "Enter" key in results tree
- Properly detect editors on 64-Bit Windows
- Added Japanese translation
- Allow opening project file without extra parameter from command line

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Cppcheck-1.71 has been released

General changes:
- The deprecated options --suppressions and --exitcode-suppressions have been removed
- .hh and .hxx files are now treated as C++ files
- Improved documentation (readmes and manuals)
- Internal errors (for example syntax error) are now suppressable

Removed checks:
- Check for unnecessary qualification has been removed

Checking improvements:
- Support range-based for-loops (C++11)
- Better support for C++11 style initialization
- Better support for lambdas (C++11)
- Support digit separators (C++14)
- Added determination of the type of an expression (ValueType)
- Support case ranges (GCC extension)
- Improved AST generation and added validation
- Improved value flow analysis
- Improved checking for unitialized arrays
- Improved VarId assignment for member variables
- Rewrote checking of char variables
- Known variable simplification has been removed partially in favour of value flow analysis

GUI:
- Added library editor
- Improved display of inconclusive messages
- Added option to enforce parsing as C or C++ code
- Show file that included a header in details view
- Added "Recheck all files" button, "Recheck files " renamed to "Rechecked modified files"

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

Cppcheck-1.70 has been released

General changes:
- New version of .cfg file format, adding support for namespaces and declaring several functions at once
- Support building x64 installer for Windows; Both x64 and x86 builds are now provided
- Warn about deprecated options --suppressions and --exitcode-suppressions. They will be removed in future
- Added debugging option --debug-normal, which prints out debug output before second stage simplification

New checks:
- Warn about modifying string literals
- Detect declaration of variable length arrays with negative size
- Warn about implicit type conversion from int to long
- Warn about redundant code in conditions like (y || (!y && z))
- Detect conditions with known result
- Race condition: non-interlocked access after InterlockedDecrement()
- Detect unused 'goto' labels

Removed checks:
- Do no longer warn about a bug in scanf implementation of ancient glibc versions
- Multifile analysis (added in 1.69) has been removed because it did not work
- Removed ExecutionPath checker, which has been superseeded by ValueFlow analysis

Improvements:
- Support hexadecimal floating point numbers (C99)
- Support [[deprecated]] (C++14)
- Improved handling of sizeof()
- Improved handling of reserved keywords
- Better handling of C declaration specifiers; support complex/_Complex (C99)
- Better handling of ternary operator in ValueFlow analysis
- Lots of improvements to .cfg files, especially std.cfg, which now supports namespace std
- Improved performance and memory usage of Preprocessor
- Improved performance of matchcompiler
- Reduced Disk IO when ignoring paths
- Removed several obsolete simplifications
- Added python addons: naming.py, threadsafety.py and cert.py

GUI:
- Support printing
- Added item "Open containing folder" to context menu

Additionally, lots of false positives and bugs have been fixed and several existing checks have been improved.

(wiz)

Updated devel/p5-XSLoader to 0.24

(mef)

Updated devel/p5-XSLoader to 0.24
---------------------------------
0.24 - 2016-09-01 - SAPER

  [Distribution]
  - fixed the way the module's version is detected in order to correctly
    generate META.* files

0.23 - 2016-08-31 - SAPER

  [Makefile.PL updated from perl blead 9e9fbcaf153d3c9eb897b5cab54a102632df4c78]
  - 2016-08-05 note a possible pitfall
  - 2016-08-05 add "provides" metadata for XSLoader (RT#138836)

0.22 - 2016-07-05 - SAPER

  [Code updated from perl blead a651dcdf6a9151150dcf0fb6b18849d3e39b0811]
  - 2016-07-04 Fix XSLoader to recognize drive letters
  - 2016-07-03 Don窶冲 let XSLoader load relative paths

  [Code updated from perl 5.24.0]
  - 2015-11-10 use dl_find_symbol 3rd optional argument
  - 2015-11-02 remove XSLoader and DynaLoader OS specific code on NA OSes

  [Distribution]
  - Converted the Changes file to CPAN::Changes::Spec format.

0.20 - 2016-05-05 - SAPER

  [Code updated from perl 5.22.1]
  - 2014-12-06 0.20 Don't test for bootstrap file twice
  - 2014-10-31 0.19 Amend the mod2fname generation to detect more cases
  - 2014-10-03 0.18 Allow XSLoader to load modules from a different namespace
  - 2014-01-03 0.17 DynaLoader: Introduce d_libname_unique for Android

  [Distribution]
  - Fixed a stupid mistake in Makefile.PL

(mef)

Updated devel/p5-Tree-Simple-VisitorFactory to 0.15
Updated devel/p5-Tie-Cycle to 1.221

(mef)

Updated devel/p5-Tie-Cycle 1.21 to 1.221
-----------------------------------
1.221 2016-02-02T21:17:53Z
        * Freshen distro

(mef)

Updated devel/p5-Tree-Simple-VisitorFactory to 0.15
---------------------------------------------------
0.15  2016-05-04T08;15:00
      - Correct physical address of Free Software Foundation in LICENSE file. See RT#114149.
        Thanx to Petr Pisar.

(mef)

Updated devel/p5-Test-Version to 2.05
Updated devel/p5-Test-Simple to 1.302056

(mef)

Updated devel/p5-Test-Simple 1.302052 to 1.302056
----------------------------------------
1.302056  2016-09-12 09:03:49-07:00 America/Los_Angeles
    - Minor typo fix
    - No logic chnges since last trial

1.302055  2016-08-30 12:13:32-07:00 America/Los_Angeles (TRIAL RELEASE)
    - Fix special case of ok line ending in \
    - Improve a test that captures STDERR/STDOUT (Thanks HAARG)

1.302054  2016-08-20 16:21:44-07:00 America/Los_Angeles (TRIAL RELEASE)
    - Allow '#' and '\n' in ok names

1.302053  2016-08-17 21:22:55-07:00 America/Los_Angeles (TRIAL RELEASE)
    - Fix skip_all in require in intercept (#696)
    - Documentation of what is better in Test2 (#663)
    - Document Test::Builder::Tester plan limitations
    - Document limitations in is_deeply (#595)
    - Better documentation of done_testing purpose (#151)
    - Make ctx->send_event detect termination events (#707)

(mef)

Updated devel/p5-Test-Version to 2.05
-------------------------------------
2.05      2016-09-17
  - Bump requirement for newer version of Module::Metadata (again)
    Required for ignore_unindexable

(mef)

Updated textproc/yaml-cpp to 0.5.3

(fhajny)

Update textproc/yaml-cpp to 0.5.3.

This will be the last release that uses Boost; futures releases
will require C++11 instead.

No release notes, only bugfixes since 0.5.1. See full commit logs:

https://github.com/jbeder/yaml-cpp/compare/release-0.5.1...release-0.5.2
https://github.com/jbeder/yaml-cpp/compare/release-0.5.2...release-0.5.3

(fhajny)

Updated devel/p5-Module-ScanDeps to 1.22

(mef)

Updated devel/p5-Module-ScanDeps to 1.22
----------------------------------------
1.22  2016-09-17
- Fix RT#117887: Not parsing new release of Net::DNS::Resolver
  add %Preload rule for Net/DNS/Resolver.pm

(mef)

Updated devel/p5-File-Find-Rule-Permissions to 2.01

(mef)

Updated devel/p5-File-Find-Rule-Permissions to 2.01
---------------------------------------------------
  2.01    2016-09-17      Fix a bug affecting perl 5.24

(mef)

Updated net/tigervnc to 1.7.0nb1

(wiz)

Switch to xorg-server-1.18.4.
Bump PKGREVISION.

(wiz)

Updated security/hitch to 1.4.0

(fhajny)

Update security/hitch to 1.4.0.

hitch-1.4.0 (2016-09-12)

- Fix a bug in the OCSP request code where it broke if the OCSP
  responder required a Host header. (#113)
- Add support for ECC certificates (#116).

hitch-1.4.0-beta1 (2016-08-26)

- NPN/ALPN support for negotiating a protocol in the SSL handshake.
  This lets you use Hitch for terminating TLS in front of an HTTP/2
  capable backend. For ALPN, OpenSSL 1.0.2 is needed, while NPN
  requires OpenSSL 1.0.1.
- Expanded PROXY protocol support for communicating an ALPN/NPN
  negotiated protocol to the backend. Hitch will now include the
  ALPN/NPN protocol that was selected during the handshake as part
  of the PROXYv2 header.

(fhajny)

Updated devel/snappy to 1.1.3

(fhajny)

Update devel/snappy to 1.1.3.

Snappy v1.1.3, July 6th 2015:

This is the first release to be done from GitHub, which means that
some minor things like the ChangeLog format has changed (git log
format instead of svn log).

  * Add support for Uncompress() from a Source to a Sink.

  * Various minor changes to improve MSVC support; in particular,
    the unit tests now compile and run under MSVC.

Snappy v1.1.2, February 28th 2014:

This is a maintenance release with no changes to the actual
library
source code.

  * Stop distributing benchmark data files that have unclear
    or unsuitable licensing.

  * Add support for padding chunks in the framing format.

(fhajny)

Updated ham/codec2 to 0.5.1

(mef)

-- Installing: /export/WRKOBJDIR/ham/codec2/work/.destdir/usr/pkg/bin/fec_enc
-- Installing: /export/WRKOBJDIR/ham/codec2/work/.destdir/usr/pkg/bin/fec_dec
=> Automatic manual page handling
=> Generating post-install file lists
Update ham/codec2 to 0.5.1
--------------------------
- ChangeLog unknown.

(mef)

Updated parallel/pdsh to 2.31

(fhajny)

Update parallel/pdsh to 2.31.

* Changes in pdsh-2.31 (2013-11-07)
===================================
-- Fix issue 56: slurm: Allow mixed use of -P, -w and -j options.
-- Fix issue 59: pdsh very slow when using a few thousand hosts
    and genders.
-- testsuite: Expanded tests for genders module (Pythagoras
    Watson)

* Changes in pdsh-2.30 (2013-03-02)
===================================
-- Fix issue 55: genders -X option removes more hosts than
    expected.
    (This was a generic fix for hostname matching, so it probably
      affected -x and other options as well.)
-- testsuite: Add test for issue 55.

(fhajny)

Updated net/tigervnc to 1.7.0

(wiz)

Updated tigervnc to 1.7.0.

Still using xorg-server-1.17.2 for now.

The proper release of TigerVNC 1.7.0 is now available. Lots of
changes have been made since the last release, but the highlights
are:

    Multi-threaded decoder in the FLTK viewer
    Windows Vista/2008 is now the minimum requirement
    Improved SSH integration in the Java viewer
    Fine grained lock down of Xvnc parameters
    Compatibility with Xorg 1.18
    Lots of packaging fixes
    Better compatibility with Vino, both in the FLTK and Java viewer

(wiz)

Do not overwrite LDFLAGS, fixes build on at least SunOS.

(fhajny)

Updated ham/fldigi to 3.23.14

(mef)

Updated ham/fldigi to 3.23.14
------------------------------
=Version 3.23.14=
2016-09-17  David Freese  <iam_w1hkj at w1hkj.com>

        9e6e34a: Documentation update
        6c5ad4b: PSK IMD Emulator
        e6980a6: Wave file
        ff2265b: trx inhibit
        0fc2f5e: Log Reports
        01bd367: N3FJP application interface
        ccbd5e8: Field Day
        4fc8b12: UTF8 file access
        c6e1f29: logbook merge
        570d3bf: Initialize Macros
        d9d12f4: NOAA wx access
        0552fc6: Revert "logbook read"

(mef)

Updated emulators/dosbox to 0.74nb7

(jperkin)

Pass --disable-dynrec on Darwin, fixes PR#51483.  Bump PKGREVISION.

(jperkin)

Updated devel/p5-String-Util to 1.26

(mef)

Updated devel/p5-String-Util to 1.25
------------------------------------
- ChangeLog unknown

(pkgsrc changes)
- Add following line for make test
  BUILD_DEPENDS+= p5-Test-Toolbox-[0-9]*:../../devel/p5-Test-Toolbox

(mef)

Updated shells/bash to 4.4

(wiz)

Updated bash to 4.4.

This is a terse description of the new features added to bash-4.4 since
the release of bash-4.3.  As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.

1.  New Features in Bash

a.  There is now a settable configuration #define that will cause the shell
    to exit if the shell is running setuid without the -p option and setuid
    to the real uid fails.

b.  Command and process substitutions now turn off the `-v' option when
    executing, as other shells seem to do.

c.  The default value for the `checkhash' shell option may now be set at
    compile time with a #define.

d.  The `mapfile' builtin now has a -d option to use an arbitrary character
    as the record delimiter, and a -t option  to strip the delimiter as
    supplied with -d.

e.  The maximum number of nested recursive calls to `eval' is now settable in
    config-top.h; the default is no limit.

f.  The `-p' option to declare and similar builtins will display attributes for
    named variables even when those variables have not been assigned values
    (which are technically unset).

g.  The maximum number of nested recursive calls to `source' is now settable
    in config-top.h; the default is no limit.

h.  All builtin commands recognize the `--help' option and print a usage
    summary.

i.  Bash does not allow function names containing `/' and `=' to be exported.

j.  The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.

k.  The shell now allows `time ; othercommand' to time null commands.

l.  There is a new `--enable-function-import' configuration option to allow
    importing shell functions from the environment; import is enabled by
    default.

m.  `printf -v var ""' will now set `var' to the empty string, as if `var=""'
    had been executed.

n.  GLOBIGNORE, the pattern substitution word expansion, and programmable
    completion match filtering now honor the value of the `nocasematch' option.

o.  There is a new ${parameter@spec} family of operators to transform the
    value of `parameter'.

p.  Bash no longer attempts to perform compound assignment if a variable on the
    rhs of an assignment statement argument to `declare' has the form of a
    compound assignment (e.g., w='(word)' ; declare foo=$w); compound
    assignments are accepted if the variable was already declared as an array,
    but with a warning.

q.  The declare builtin no longer displays array variables using the compound
    assignment syntax with quotes; that will generate warnings when re-used as
    input, and isn't necessary.

r.  Executing the rhs of && and || will no longer cause the shell to fork if
    it's not necessary.

s.  The `local' builtin takes a new argument: `-', which will cause it to save
    and the single-letter shell options and restore their previous values at
    function return.

t.  `complete' and `compgen' have a new `-o nosort' option, which forces
    readline to not sort the completion matches.

u.  Bash now allows waiting for the most recent process substitution, since it
    appears as $!.

v.  The `unset' builtin now unsets a scalar variable if it is subscripted with
    a `0', analogous to the ${var[0]} expansion.

w.  `set -i' is no longer valid, as in other shells.

x.  BASH_SUBSHELL is now updated for process substitution and group commands
    in pipelines, and is available with the same value when running any exit
    trap.

y.  Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
    not bash is being run in a GNU Emacs shell window.

z.  Bash now treats SIGINT received when running a non-builtin command in a
    loop the way it has traditionally treated running a builtin command:
    running any trap handler and breaking out of the loop.

aa. New variable: EXECIGNORE; a colon-separate list of patterns that will
    cause matching filenames to be ignored when searching for commands.

bb. Aliases whose value ends in a shell metacharacter now expand in a way to
    allow them to be `pasted' to the next token, which can potentially change
    the meaning of a command (e.g., turning `&' into `&&').

cc. `make install' now installs the example loadable builtins and a set of
    bash headers to use when developing new loadable builtins.

dd. `enable -f' now attempts to call functions named BUILTIN_builtin_load when
    loading BUILTIN, and BUILTIN_builtin_unload when deleting it.  This allows
    loadable builtins to run initialization and cleanup code.

ee. There is a new BASH_LOADABLES_PATH variable containing a list of directories
    where the `enable -f' command looks for shared objects containing loadable
    builtins.

ff. The `complete_fullquote' option to `shopt' changes filename completion to
    quote all shell metacharacters in filenames and directory names.

gg. The `kill' builtin now has a `-L' option, equivalent to `-l', for
    compatibility with Linux standalone versions of kill.

hh. BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
    environment.

ii. inherit_errexit: a new `shopt' option that, when set, causes command
    substitutions to inherit the -e option.  By default, those subshells disable
    -e.  It's enabled as part of turning on posix mode.

jj. New prompt string: PS0.  Expanded and displayed by interactive shells after
    reading a complete command but before executing it.

kk. Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to
    SIG_DFL when the shell is started, so they are set to SIG_DFL in child
    processes.

ll. Posix-mode shells now allow double quotes to quote the history expansion
    character.

mm. OLDPWD can be inherited from the environment if it names a directory.

nn. Shells running as root no longer inherit PS4 from the environment, closing
    a security hole involving PS4 expansion performing command substitution.

oo. If executing an implicit `cd' when the `autocd' option is set, bash will
    now invoke a function named `cd' if one exists before executing the `cd'
    builtin.

pp. Value conversions (arithmetic expansions, case modification, etc.) now
    happen when assigning elements of an array using compound assignment.

qq. There is a new option settable in config-top.h that makes multiple
    directory arguments to `cd' a fatal error.

rr. Bash now uses mktemp() when creating internal temporary files; it produces
    a warning at build time on many Linux systems.

2.  New Features in Readline

a.  The history truncation code now uses the same error recovery mechansim as
    the history writing code, and restores the old version of the history file
    on error.  The error recovery mechanism handles symlinked history files.

b.  There is a new bindable variable, `enable-bracketed-paste', which enables
    support for a terminal's bracketed paste mode.

c.  The editing mode indicators can now be strings and are user-settable
    (new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
    variables).  Mode strings can contain invisible character sequences.
    Setting mode strings to null strings restores the defaults.

d.  Prompt expansion adds the mode string to the last line of a multi-line
    prompt (one with embedded newlines).

e.  There is a new bindable variable, `colored-completion-prefix', which, if
    set, causes the common prefix of a set of possible completions to be
    displayed in color.

f.  There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
    mode yank-pop.

g.  The redisplay code underwent several efficiency improvements for multibyte
    locales.

h.  The insert-char function attempts to batch-insert all pending typeahead
    that maps to self-insert, as long as it is coming from the terminal.

i.  rl_callback_sigcleanup: a new application function that can clean up and
    unset any state set by readline's callback mode.  Intended to be used
    after a signal.

j.  If an incremental search string has its last character removed with DEL, the
    resulting empty search string no longer matches the previous line.

k.  If readline reads a history file that begins with `#' (or the value of
    the history comment character) and has enabled history timestamps, the
    history entries are assumed to be delimited by timestamps.  This allows
    multi-line history entries.

l.  Readline now throws an error if it parses a key binding without a
    terminating `:' or whitespace.

m.  The default binding for ^W in vi mode now uses word boundaries specified
    by Posix (vi-unix-word-rubout is bindable command name).

n.  rl_clear_visible_line: new application-callable function; clears all
    screen lines occupied by the current visible readline line.

o.  rl_tty_set_echoing: application-callable function that controls whether
    or not readline thinks it is echoing terminal output.

p.  Handle >| and strings of digits preceding and following redirection
    specifications as single tokens when tokenizing the line for history
    expansion.

q.  Fixed a bug with displaying completions when the prefix display length
    is greater than the length of the completions to be displayed.

r.  The :p history modifier now applies to the entire line, so any expansion
    specifying :p causes the line to be printed instead of expanded.

s.  New application-callable function: rl_pending_signal(): returns the signal
    number of any signal readline has caught but not yet handled.

t.  New application-settable variable: rl_persistent_signal_handlers: if set
    to a non-zero value, readline will enable the readline-6.2 signal handler
    behavior in callback mode: handlers are installed when
    rl_callback_handler_install is called and removed removed when a complete
    line has been read.

(wiz)

Updated devel/readline to 7.0

(wiz)

Updated readline to 7.0.

This is a terse description of the new features added to readline-7.0 since
the release of readline-6.3.

New Features in Readline

a.  The history truncation code now uses the same error recovery mechansim as
    the history writing code, and restores the old version of the history file
    on error.  The error recovery mechanism handles symlinked history files.

b.  There is a new bindable variable, `enable-bracketed-paste', which enables
    support for a terminal's bracketed paste mode.

c.  The editing mode indicators can now be strings and are user-settable
    (new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
    variables).  Mode strings can contain invisible character sequences.
    Setting mode strings to null strings restores the defaults.

d.  Prompt expansion adds the mode string to the last line of a multi-line
    prompt (one with embedded newlines).

e.  There is a new bindable variable, `colored-completion-prefix', which, if
    set, causes the common prefix of a set of possible completions to be
    displayed in color.

f.  There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
    mode yank-pop.

g.  The redisplay code underwent several efficiency improvements for multibyte
    locales.

h.  The insert-char function attempts to batch-insert all pending typeahead
    that maps to self-insert, as long as it is coming from the terminal.

i.  rl_callback_sigcleanup: a new application function that can clean up and
    unset any state set by readline's callback mode.  Intended to be used
    after a signal.

j.  If an incremental search string has its last character removed with DEL, the
    resulting empty search string no longer matches the previous line.

k.  If readline reads a history file that begins with `#' (or the value of
    the history comment character) and has enabled history timestamps, the history
    entries are assumed to be delimited by timestamps.  This allows multi-line
    history entries.

l.  Readline now throws an error if it parses a key binding without a terminating
    `:' or whitespace.

(wiz)

Added devel/p5-Test-Toolbox version 0.4

(mef)

Import p5-Test-Toolbox-0.4 as devel/p5-Test-Toolbox.

Test::Toolbox provides (as you might guess) tools for automated
testing. Test::Toolbox is much like some other testing modules, such as
Test::More and Test::Simple. Test::Toolbox provides a different flavor of
tests which may or may not actually be to your preference.

The tools in Test::Toolbox have a standard format. Commands start with (the
command (of course), followed by the test name. Then there is usually the
value being tested, or values being compared, then other options. So, for
example, this command checks compares two values:

  rtcomp 'test name', $val, $other_val;

In some cases it's preferable to flip the logic of the test, so that, for
example, two values should not be the same. In that case, you can add the
should option:

  rtcomp 'test name', $val, $other_val, should=>0;

All test commands require a test name as the first param.

(mef)

Remove unnecessary REPLACE_PYTHON lines and patch.
Add perl to run-time depends, at least one subcommand uses it.
(should perhaps be replaced, it's just for stat())
Fix path to REPLACE_PERL files.
Add rsync to BUILD_DEPENDS, it's needed for some tests.

(wiz)

Added archivers/lz4json version 0.0.20160401

(wiz)

+ lz4json.

(wiz)

Import lz4json-0.0.20160401 as archivers/lz4json.

A little utility to unpack lz4json files as generated by Firefox's
bookmark backups.  This is a different format from what the normal
lz4 utility expects.

(wiz)

Updated lang/oracle-jre8 to 8.0.102
Updated lang/oracle-jdk8 to 8.0.102

(ryoon)