Note remove of meta-pkgs/php55-extensions package.

(taca)

Remove php55-extensions package.  It is start of retire php55.

(taca)

Remove php55-extensions.

(taca)

This package does in fact support python-3.x.

(wiz)

Update comment about why it doesn't support python-3.x.

(wiz)

Remove py-pisa.

Obsoleted by py-xhtml2pdf which is in turn obsoleted by py-weasyprint.

(wiz)

py-reportlab supports python-3.x.

(wiz)

Fix PLIST for python-3.x.

(wiz)

- groonga-6.0.0.
+ h2o-2.0.3.

(taca)

Note update of textproc/groonga package to 6.0.8.

(taca)

Add patch files, too.

(taca)

Update groonga to 6.0.8.

Changes from 4.1.1 to 6.0.8 are too many to write here, please refer:
groonga.org/docs/news.html.

(taca)

Reset maintainer to pkgsrc-users@NetBSD.org

Change requested by Frederic Cambus.

(kamil)

Updated www/trac to 1.0.13

(gdt)

Updated print/py-reportlab to 3.3.0

(richard)

update to reportlab-3.3.0
Prefer py-Pillow over py-imaging (if not installed) permitting better
performance, successful test results and at the same time remove the
python-3 incompatibility.

CHANGES
=======

This is a summary of changes made to the reportlab source code for each release.
Please refer to subversion backlogs (using the release dates) for more details
or for releases which we have not provide a higher level changes list for.
E.g. to retrieve the changes made between release 3.1 and release 3.2, type::

  $ hg log -r adb3f0d

The contributors lists are in no order and apologies to those accidentally not
mentioned. If we missed you, please let us know!

RELEASE 3.3  17/02/2016
-----------------------
    * Canvas & Doctemplate now allow specification of the initial font Name, Size & Leading. Prevously you had to mess with rl_settings to accomplish this.
    * Canvas & Doctemplate now support specification of the crop/art/trim/bleed boxes.
    * Add option to auto generate missing TTF font names. Handy for CJKers with home produced fonts. Also attempt to prevent usage of multiple TTFs with same name.
    * Paragraph styles now have justifyBreaks to control justification of lines broken with <br/>.
    * Paragraph styles now have justifyLastLine=n to control justification of last lines with more than n words (0 means do not).
    * Added EAN-5 and ISBN barcode widgets (contribution by Edward Greve).
    * Bug fix of QrCodeWidget (prompted by https://bitbucket.org/fubu/).
    * Frames now have support for automatic flowables at the top of frame. story support via the class reportlab.platypus.flowables.SetTopFlowables.
    * Added support for Trapped and ModDate PDF info dictionary keys.
    * Bug fix for pie charts with no data (raised by  Michael Spector).
    * New barcodes BarcodeCode128Auto & BarcodeECC200DataMatrix (contributed by Kyle MacFarlane).
    * Improved LinePlot marker handling.
    * PyPy improvements inspired by Marius Gedminas.
    * Bug fix in reportlab.lib.utils.simpleSplit (reported by Chris Buergi <cb@enerweb.ch>).
    * Unwanted escaping in renderSVG fixed (reported by Ruby Yocum).
    * Bug fix in _rl_accel.c (remove excess state and fix refcount breakage reported by Mark De Wit <mark.dewit@iesve.com>).
    * Code128 barcode length optimization inspired by Klaas Feenstra.
    * Paragraph <sup>/<super> & <sub> tags now support rise & size attributes to allow special control over position & font size.
    * Splitting tables now remove unwanted styles in the first part of the split (reported by Lele Gaifax).
    * test changes inspired by https://bitbucket.org/stoneleaf
    * ReportLab now runs all tests under Python 2.7, 3.3, 3.4 & 3.5.

### Contributors:
    * Edward Greve
    * https://bitbucket.org/fubu/
    * Michael Spector
    * Kyle MacFarlane
    * Marius Gedminas
    * Chris Buergi
    * Ruby Yocum
    * Mark de Wit
    * Klaas Feenstra
    * Lele Gaifax
    * https://bitbucket.org/stoneleaf

RELEASE 3.2  01/06/2015
-----------------------

  * Added proportional underlining specific to font sizes, set via the `underlineProportion` attribute of ParagraphStyles.
  * TrueType fonts: added support for cmaps 10 & 13
  * DocTemplate class now supports a boolean `displayDocTitle` argument.
  * TableofContents now supports a formatter argument to allow formatting of the displayed page numbers (eg for appendices etc).
  * Table `repeatRows` can now be a tuple of row numbers to allow incomplete ranges of rows to be repeated.
  * Tables now do pass instance.`spaceBefore` & `spaceAfter` to their split children when split
  * Several strangenesses were fixed in the pdfbase.pdfform module; Multiple usage is now allowed.
  * Error message fixes
  * Various environment fixes for Google Application Environment
  * Resource fixes
  * PDFDoc can now set the `Lang` attribute
  * canvas.drawString and similar now allow the character spacing to be set
  * Index of accented stuff has been improved
  * RTL code was improved
  * fix Propertyset.clone
  * `flowables.py`: fix ImageAndFlowables so it avoids testing negative availableWidth

### Contributors:
  * Steven Jacobs
  * Philip Semanchuk
  * Marius Gedminas
  * masklinn
  * Kale Franz
  * Albertas Agejavas
  • Anders Hammarquist
  * jvanzuela @ bitbucket
  * Glen Lindermann
  * Greg Jones
  * James Bynd
  * fcoelho @ bitbucket

RELEASE 3.1  22/04/2014
-----------------------

If you are running ReportLab 3.0.x, the changes are minor.
  * support for emoji - characters outside the Unicode basic multilingual plane
  * improved pip-based installers will pull in all the needed dependencies; Pillow 2.4 appears to deal with all our issues.

### Contributors
  * Ivan Tchomgue
  * Waldemar Osuch
  * masayuku
  * alexandrel_sgi

RELEASE 3.0  14/02/2014
-----------------------

ReportLab 3.0 now supports Python 2.7, 3.3 and higher.

There has been a substantial internal rewrite to ensure consistent use of unicode strings for
  natural-language text, and of bytes for all file format internals.  The intent
  is to make as few API changes as possible so that there should be little or no
  impact on users and their applications.  Changes are too numerous but can be
  seen on Bitbucket.

### Python 3.x compatibility
  * Python 3.x compatibility.  A single line of code should run on 2.7 and 3.3
  * __init__.py restricts to 2.7 or >=3.3
  * __init__.py allow the import of on optional reportlab.local_rl_mods to allow monkey patching etc.
  * rl_config now imports rl_settings & optionally local_rl_settings
  * ReportLab C extensions now live inside reportlab; _rl_accel is no longer required; All _rl_accel imports now
pass through reportlab.lib.rl_accel
  * xmllib is gone, alongside the paraparser stuff that caused issues in favour of HTMLParser.
  * some obsolete C extensions (sgmlop and pyHnj) are gone
  * Improved support for multi-threaded systems to the _rl_accel extension module.
  * Removed reportlab/lib/ para.py & pycanvas.py;  these would better belong in third party packages,
which can make use of the monkeypatching feature above.

### New features
  * Add ability to output greyscale and 1-bit PIL images without conversion to RGB. (contributed by Matthew Duggan)
  * highlight annotation (contributed by Ben Echols)

### Other
  * numerous very minor fixes, visible through BitBucket.

(richard)

Drop redundant variable settings and improve comments

There were muliple variables set from before the egg/distutils files
were improved years ago, which are now redundant.  Separate
pyversion.mk, application.mk and egg.mk settings.

(This commit has no functional change.)

(gdt)

Updated graphics/ansilove to 3.0.4

Patch sent by Frederic Cambus.

(kamil)

Add link to upstream's non-recommendation of  mysql

(gdt)

Update ansilove to 3.0.4

pkgsrc changes:
- reset maintainer to pkgsrc-users@NetBSD.org
- set new license modified-bsd -> 2-clause-bsd

upstream changes:
- Relicensed under the BSD 2-Clause license
- Input file is now loaded in main, prior to calling format loaders
- Use stat to get input file size instead of custom file size function
- Remove now unused file size function
- Refactoring bits and columns argument value handling

(kamil)

Split options into options.mk

(No functional change - this is just moving option lines to options.mk
and .including them.)

(gdt)

Drop MESSAGE as obsolete

MESSAGE is from 2008 and warns the user about adjusting for a lot of
"recent changes".  Once those comments are removed, what remains is a
reminder to read and follow the upstream documentation, which is not
pkgsrc-specific or worthy of MESSAGE.

Skip PKGREVISION due to upgrade within the last hour.

(gdt)

Rototill comments and rearrange option lines

This commit has no functional changes.

Drop comments about wip/trac, www/ja-trac and eventual merging,
because that's happened.  Adjust explanation of why there is no svn or
git dependency.

Move option declaration near option use, in preparation for
options.mk.

(gdt)

Update to 1.0.13.

Upstream changes: "around a dozen bug fixes and minor enhancements"

(gdt)

Appease xgettext(1) - stop passing unsupported options

xgettext(1) 0.16.1 does not accept --package-version and --package-name

Reported on NetBSD.
Noted by <joerg>

(kamil)

Updated devel/pcre2 to 10.22

(mef)

Updated devel/pcre to 10.22
---------------------------
Version 10.22 29-July-2016
--------------------------
1. ChangeLog has the details of a number of bug fixes.

2. The POSIX wrapper function regcomp() did not used to support back references
and subroutine calls if called with the REG_NOSUB option. It now does.

3. A new function, pcre2_code_copy(), is added, to make a copy of a compiled
pattern.

4. Support for string callouts is added to pcre2grep.

5. Added the PCRE2_NO_JIT option to pcre2_match().

6. The pcre2_get_error_message() function now returns with a negative error
code if the error number it is given is unknown.

7. Several updates have been made to pcre2test and test scripts (see
ChangeLog).

(mef)

+ FiraCode-1.201, ImageMagick-7.0.3.0, dbus-glib-0.108, gtexinfo-6.3,
  harfbuzz-1.3.1, libuuid-2.28.2, mdds-1.2.2, moneyguru-2.10.2,
  notmuch-0.22.2, py-ZopeInterface-4.3.2, py-cffi-1.8.2,
  py-ipaddress-1.0.17, py-postgresql-5.0.1, py-setuptools-27.1.2,
  shared-mime-info-1.7, x264-devel-20160910.

(wiz)

Remove ftp.tex.ac.uk, it does not allow connections.

(wiz)

Updated net/6tunnel to 0.11

(mef)

Updated net/6tunnel 0.11rc2 to 0.11
-----------------------------------
(In following lines from Changelog, marked as | are the same as in 0.11rc2)
0.11 (2013-05-25)

| Changes by Wojtek Kaniewski <wojtekka@toxygen.net>:
| - changed license to GPL version 2. There was no license information before
|  which caused confusion. Code by Tomasz Lipski <lemur@irc.pl> and awayzzz
|  <awayzzz@digibel.org> had to be removed, because their e-mail addresses
|  were dead and googling for them gave no useful information. The missing
|  features have been rewritten from scratch. If any offending code is still
|  here, please let me know. I've done my best, but I haven't used any
    version control 5 years ago,
  - changed e-mail address,
  - ignore IPv4/IPv6 address hints when option -H is present.

| Changes by Ramunas Lukosevicius <lukoramu@parok.lt>
| - fixed source mapping bug,
| - SIGHUP reloads map file.

  Changes by Roland Stigge <stigge@antcom.de>
  - fix an error in the "hints" handling of the host resolver which confused
    local/source and remote hint (AF_INET/AF_INET6).

  Changes by Olaf Rempel <razzor@kopf-tisch.de>
  - correct option -f.

  (note: -H option is added, -r option is converted to -f)
(pkgsrc changes)
- Add LICENSE as gnu-gpl-v2

(mef)

add the patch for XSA-184

(spz)

New package, go-grpc.

The Go implementation of gRPC: A high performance, open source, general RPC
framework that puts mobile and HTTP/2 first. For more information see the gRPC
Quick Start guide at http://grpc.io/docs/.

(bsiegert)

Update go-net to 20160910. Bump BUILDLINK_API_DEPENDS, as the API changed
considerably (particularly in http2), and others may depend on that.

No changelog from upstream, other than the git one, which is too long.

(bsiegert)

New package, go-glog.

Package glog implements logging analogous to the Google-internal
C++ INFO/ERROR/V setup.  It provides functions Info, Warning,
Error, Fatal, plus formatting variants such as Infof. It
also provides V-style logging controlled by the -v and
-vmodule=file=2 flags.

This is an efficient pure Go implementation of leveled logs in the
manner of the open source C++ package
https://github.com/google/glog
(pkgsrc/devel/google-glog)

By binding methods to booleans it is possible to use the log package
without paying the expense of evaluating the arguments to the log.
Through the -vmodule flag, the package also provides fine-grained
control over logging at the file level.

(bsiegert)

New package, go-protobuf.

Protocol Buffers are Google's data interchange format.

This software implements Go bindings for protocol buffers. For information
about protocol buffers themselves, see
https://developers.google.com/protocol-buffers/

(bsiegert)

Add 'db6' to supported bdb versions and finally commit ipctype 'doors'
for SunOS, while fixing a declaration prototype to match the definition.
PR pkg/47436
bump PKGREVISION

(richard)

Disable use of menhir (an ocaml parser generator) because (a) the
configure script is finding only half of it for some incomprehensible
autoconf reason and this doesn't work, and (b) if forced the current
version of menhir rejects the .mly file anyway. Stick to the
pregenerated version of the parser and an included copy of the support
library.

XXX: Why wasn't this buildlinking menhir? It was linking against
XXX: its library.

PKGREVISION -> 8

(dholland)

Fix broken build.

(dholland)

Fix broken build with latest camlp4.

XXX: this package has an abusive do-install rule.

(dholland)

Fix CONF_FILES_PERMS; avoids build failure with "can't shift that many"

(dholland)

Bump PKGREVISION for NOT_PAX_MPROTECT_SAFE

(szptvlfn)

Updated net/syncthing to 0.14.6

(abs)

Updated databases/py-peewee to 2.8.3

(fhajny)

Update databases/py-peewee to 2.8.3.

Bugs fixed and general changes

- #1028 - allow the ensure_join method to accept on and join_type
  parameters. Thanks @paulbooth.
- #1032 - fix bug related to coercing model instances to database
  parameters when the model's primary key is a foreign key.
- #1035 - fix bug introduced in 2.8.2, where I had added some
  logic to try and restrict the base Model class from being
  treated as a "real" Model.
- #1039 - update documentation to clarify that lists or tuples are
  acceptable values when specifying SQLite PRAGMA statements.
- #1041 - PyPy user was unable to install Peewee. (Who in their
  right mind would ever use PyPy?!) Bug was fixed by removing the
  pre-generated C files from the distribution.
- #1043 - fix bug where the speedups C extension was not calling
  the correct model initialization method, resulting in model
  instances returned as results of a query having their dirty flag
  incorrectly set.
- #1048 - similar to #1043, add logic to ensure that fields with
  default values are considered dirty when instantiating the
  model.
- #1049 - update URL to APSW.
- Fixed unreported bug regarding TimestampField with zero values
  reporting the incorrect datetime.

New stuff

- djpeewee extension module now works with Django 1.9.
- TimestampField is now an officially documented field.
- #1050 - use the db_column of a ForeignKeyField for the name of
  the ObjectIdDescriptor, except when the db_column and field name
  are the same, in which case the ID descriptor will be named
  <field_name>_id.

(fhajny)

Updated devel/rebar to 2.6.3

(fhajny)

Update devel/rebar to 2.6.3.

- rebar/610: qc: lift experimental notice
- rebar/611: port_compiler: consistently format default_env/0
- rebar/612: Introduce and use compat random number module
- rebar/614: Add an additional check for the existence of a 'rebar.beam' file
- rebar/615: port_compiler: generate clang compilation db
- rebar/616: port_compiler: clean up compile_each()
- rebar/617: port_compiler: auto-select C++ specific link template

(fhajny)

Updated mail/neomutt to 20160910

(wiz)

Updated neomutt to 20160910.

2016-09-10  Richard Russon  <rich@flatcap.org>
* New Features
  - Colouring Attachments with Regexp
    Guillaume Brogi
  - PGP Encrypt to Self
    Guillaume Brogi
  - Sensible Browser
    Pierre-Elliott B辿cue
  - Reply using X-Original-To: header
    Pierre-Elliott B辿cue
  - Purge Thread
    Darshit Shah
  - Forgotten attachment
    Darshit Shah
  - Add sidebar_ordinary color
* Bug Fixes
  - align the nntp code with mutt
    Fabian Groffen
  - check for new mail while in pager when idle
    Stefan Assmann
  - Allow the user to interrupt slow IO operations
    Antonio Radici
  - keywords: check there are emails to tag
  - fix duplicate saved messages
  - flatten contrib/keybase dir to fix install
  - restore the pager keymapping 'i' to exit
  - proposed fix for clearing labels
  - notmuch: sync vfolder_format to folder_format
* Docs
  - Update List of Features and Authors
* Build
  - fix configure check for fmemopen
  - use fixed version strings
* Upstream
  - Increase date buffer size for $folder_format.
  - Disable ~X when message scoring.
  - Fix pgpring reporting of DSA and Elgamal key lengths.
  - Stub out getdnsdomainname() unless HAVE_GETADDRINFO.
  - Autoconf: always check for getaddrinfo().
  - Add missing sidebar contrib sample files to dist tarball.

(wiz)

Revbump all Go packages after the Go 1.7.1 update.

(bsiegert)

Updated net/syncthing to 0.14.6

This is a minor release recommended for all users.

Resolved issues since v0.14.5:

#3496: In sync percentages no longer go negative for large numbers of deleted files.
#3502: Files that were deleted and then ignored are no longer deleted on other devices that didn't ignore them.
#3525: Configuration is no longer moved away when perfoming an upgrade on a full disk.

(abs)

squashfs 4.3 added, remove from suggested updates

(scole)

gcc45: use a more reasonable specfile for netbsd
fix some build errors I see (using same patches as lang/gcc46)

build still failing at:
unwind-dw2.c:1452:5: error: unknown field 'ptm_ceiling' specified in initializer
unwind-dw2.c:1452:5: warning: missing braces around initializer
unwind-dw2.c:1452:5: warning: (near initialization for 'once_regsizes.pto_mutex.<anonymous>')

(maya)

+ kdevelop-5.0.0, samba-4.5.0, tigervnc-1.7.0, wireshark-2.2.

(wiz)

lang/go update

(bsiegert)

Update go to 1.7.1.

go1.7.1 (released 2016/09/07) includes fixes to the compiler, runtime,
documentation, and the compress/flate, hash/crc32, io, net, net/http,
path/filepath, reflect, and syscall packages. See the Go 1.7.1 milestone on our
issue tracker for details.

(bsiegert)

Note update of databases/ruby-sequel package to 4.38.0.

(taca)

Update ruby-sequel to 4.38.0.

=== 4.38.0 (2016-09-01)

* Support :driver_options option when using the postgres adapter with pg driver (jeremyevans)

* Don't use after commit/rollback database hooks if the model instance methods are not overridden (jeremyevans)

* Add SQL::NumericMethods#coerce, allowing code such as Sequel.expr{1 - x} (jeremyevans)

* Support ** operator for exponentiation on expressions, similar to +, -, *, and / (jeremyevans)

* Add Sequel::SQLTime.date= to set the date used for SQLTime instances (jeremyevans)

(taca)

Add symlink back after fixing videodev.h to include/linux (thanks wiz@)
Also fix typo in SYS_open check and use _XOPEN_SOURCE=500 for SunOS
in order to get prototype for things like snprintf().

(richard)

add pkg-config to USE_TOOLS

(plunky)

add a note about using BOOST_MATH_NO_LONG_DOUBLE_MATH_FUNCTIONS

(plunky)

also depends on freetype2

(plunky)

PR pkg/51058

Add filesystem/squashfs 4.3

Squashfs is a highly compressed read-only filesystem for Linux.
It uses either gzip/xz/lzo/lz4 compression to compress both files, inodes
and directories.  Inodes in the system are very small and all blocks are
packed to minimise data overhead. Block sizes greater than 4K are supported
up to a maximum of 1Mbytes (default block size 128K).

Squashfs is intended for general read-only filesystem use, for archival
use (i.e. in cases where a .tar.gz file may be used), and in constrained
block device/memory systems (e.g. embedded systems) where low overhead is
needed.

This package contains tools to manipulate squashfs archive files.

(scole)

PR pkg/51058

Add filesystem/squashfs 4.3

Squashfs is a highly compressed read-only filesystem for Linux.
It uses either gzip/xz/lzo/lz4 compression to compress both files, inodes
and directories.  Inodes in the system are very small and all blocks are
packed to minimise data overhead. Block sizes greater than 4K are supported
up to a maximum of 1Mbytes (default block size 128K).

Squashfs is intended for general read-only filesystem use, for archival
use (i.e. in cases where a .tar.gz file may be used), and in constrained
block device/memory systems (e.g. embedded systems) where low overhead is
needed.

This package contains tools to manipulate squashfs archive files.

(scole)

Updated security/vault to 0.6.1

(fhajny)

Update security/vault to 0.6.1.

0.6.1 (August 22, 2016)

DEPRECATIONS/BREAKING CHANGES:

- Once the active node is 0.6.1, standby nodes must also be 0.6.1
  in order to connect to the HA cluster.
- Status codes for sealed/uninitialized Vaults have changed to
  503/501 respectively.
- Root tokens (tokens with the root policy) can no longer be
  created except by another root token or the generate-root
  endpoint.
- Issued certificates from the pki backend against new roles
  created or modified after upgrading will contain a set of
  default key usages.
- The dynamodb physical data store no longer supports HA by
  default.
- The ldap backend no longer searches for memberOf groups as part
  of its normal flow. Instead, the desired group filter must be
  specified.
- app-id is now deprecated with the addition of the new AppRole
  backend.

FEATURES:

- AppRole Authentication Backend: The approle backend is a
  machine-oriented authentication backend that provides a similar
  concept to App-ID while adding many missing features, including a
  pull model that allows for the backend to generate authentication
  credentials rather than requiring operators or other systems to
  push credentials in.
- Request Forwarding: Vault servers can now forward requests to
  each other rather than redirecting clients. This feature is off
  by default in 0.6.1 but will be on by default in the next release.
- Convergent Encryption in Transit: The transit backend now
  supports a convergent encryption mode where the same plaintext
  will produce the same ciphertext.
- Improved LDAP Group Filters: The ldap auth backend now uses
  templates to define group filters, providing the capability to
  support some directories that could not easily be supported before
  (especially specific Active Directory setups with nested groups).
- Key Usage Control in PKI: Issued certificates from roles created
  or modified after upgrading contain a set of default key usages
  for increased compatibility with OpenVPN and some other software.
- Request Retrying in the CLI and Go API: Requests that fail with
  a 5xx error code will now retry after a backoff. The maximum
  total number of retries (including disabling this functionality)
  can be set with an environment variable.
- Service Discovery in vault init: The new -auto option on vault
  init will perform service discovery using Consul.
- MongoDB Secret Backend: Generate dynamic unique MongoDB database
  credentials based on configured roles.
- Circonus Metrics Integration: Vault can now send metrics to
  Circonus.

IMPROVEMENTS:

- audit: Added a unique identifier to each request which will also
  be found in the request portion of the response.
- auth/aws-ec2: Added a new constraint bound_account_id to the
  role
- auth/aws-ec2: Added a new constraint bound_iam_role_arn to the
  role
- auth/aws-ec2: Added ttl field for the role
- auth/ldap, secret/cassandra, physical/consul: Clients with
  tls.Config have the minimum TLS version set to 1.2 by default.
- auth/token: Added endpoint to list accessors
- auth/token: Added disallowed_policies option to token store
  roles
- auth/token: root or sudo tokens can now create periodic tokens
  via auth/token/create; additionally, the same token can now be
  periodic and have an explicit max TTL
- build: Add support for building on Solaris/Illumos
- cli: Output formatting in the presence of warnings in the
  response object
- cli: vault auth command supports a -path option to take in the
  path at which the auth backend is enabled, thereby allowing
  authenticating against different paths using the command options
- cli: vault auth -methods will now display the config settings of
  the mount
- cli: vault read/write/unwrap -field now allows selecting token
  response fields
- cli: vault write -field now allows selecting wrapped response
  fields
- command/status: Version information and cluster details added to
  the output of vault status command
- core: Response wrapping is now enabled for login endpoints
- core: The duration of leadership is now exported via events
  through telemetry
- core: sys/capabilities-self is now accessible as part of the
  default policy
- core: sys/renew is now accessible as part of the default policy
- core: Unseal keys will now be returned in both hex and base64
  forms, and either can be used
- core: Responses from most /sys endpoints now return normal
  api.Secret structs in addition to the values they carried
  before.
- physical/etcd: Support ETCD_ADDR env var for specifying
  addresses
- physical/consul: Allowing additional tags to be added to Consul
  service registration via service_tags option
- secret/aws: Listing of roles is supported now
- secret/cassandra: Add connect_timeout value for Cassandra
  connection configuration
- secret/mssql,mysql,postgresql: Reading of connection settings is
  supported in all the sql backends
- secret/mysql: Added optional maximum idle connections value to
  MySQL connection configuration
- secret/mysql: Use a combination of the role name and token
  display name in generated user names and allow the length to be
  controlled
- secret/{cassandra,mssql,mysql,postgresql}: SQL statements can
  now be passed in via one of four ways: a semicolon-delimited
  string, a base64-delimited string, a serialized JSON string array,
  or a base64-encoded serialized JSON string array
- secret/ssh: Added allowed_roles to vault-ssh-helper's config and
  returning role name as part of response of verify API
- secret/ssh: Added passthrough of command line arguments to ssh
- sys/health: Added version information to the response of health
  status endpoint
- sys/health: Cluster information isbe returned as part of health
  status when Vault is unsealed
- sys/mounts: MountTable data is compressed before serializing to
  accommodate thousands of mounts
- website: The token concepts page has been completely rewritten

BUG FIXES:

- auth/aws-ec2: Added a nil check for stored whitelist identity
  object during renewal
- auth/cert: Fix panic if no client certificate is supplied
- auth/token: Don't report that a non-expiring root token is
  renewable, as attempting to renew it results in an error
- cli: Don't retry a command when a redirection is received
- core: Fix regression causing status codes to be 400 in most
  non-5xx error cases
- core: Fix panic that could occur during a leadership transition
- physical/postgres: Remove use of prepared statements as this
  causes connection multiplexing software to break
- physical/consul: Multiple Vault nodes on the same machine
  leading to check ID collisions were resulting in incorrect
  health check responses
- physical/consul: Fix deregistration of health checks on exit
- secret/postgresql: Check for existence of role before attempting
  deletion
- secret/postgresql: Handle revoking roles that have privileges on
  sequences
- secret/postgresql(,mysql,mssql): Fix incorrect use of database
  over transaction object which could lead to connection
  exhaustion
- secret/pki: Fix parsing CA bundle containing trailing whitespace
- secret/pki: Fix adding email addresses as SANs
- secret/pki: Ensure that CRL values are always UTC, per RFC
- sys/seal-status: Fixed nil Cluster object while checking seal
  status

0.6.0 (June 14th, 2016)

SECURITY:

Although sys/revoke-prefix was intended to revoke prefixes of
secrets (via lease IDs, which incorporate path information) and
auth/token/revoke-prefix was intended to revoke prefixes of tokens
(using the tokens' paths and, since 0.5.2, role information), in
implementation they both behaved exactly the same way since a
single component in Vault is responsible for managing lifetimes of
both, and the type of the tracked lifetime was not being checked.
The end result was that either endpoint could revoke both secret
leases and tokens. We consider this a very minor security issue as
there are a number of mitigating factors: both endpoints require
sudo capability in addition to write capability, preventing
blanket ACL path globs from providing access; both work by using
the prefix to revoke as a part of the endpoint path, allowing them
to be properly ACL'd; and both are intended for emergency
scenarios and users should already not generally have access to
either one. In order to prevent confusion, we have simply removed
auth/token/revoke-prefix in 0.6, and sys/revoke-prefix will be
meant for both leases and tokens instead.

DEPRECATIONS/BREAKING CHANGES:

- auth/token/revoke-prefix has been removed. See the security
  notice for details.
- Vault will now automatically register itself as the vault
  service when using the consul backend and will perform its own
  health checks.
- List operations that do not find any keys now return a 404
  status code rather than an empty response object
- CA certificates issued from the pki backend no longer have
  associated leases, and any CA certs already issued will ignore
  revocation requests from the lease manager.

FEATURES:

- AWS EC2 Auth Backend: Provides a secure introduction mechanism
  for AWS EC2 instances allowing automated retrieval of Vault
  tokens.
- Response Wrapping: Nearly any response within Vault can now be
  wrapped inside a single-use, time-limited token's cubbyhole,
  taking the Cubbyhole Authentication Principles mechanism to its
  logical conclusion.
- Azure Physical Backend: You can now use Azure blob object
  storage as your Vault physical data store
- Swift Physical Backend: You can now use Swift blob object
  storage as your Vault physical data store
- Consul Backend Health Checks: The Consul backend will
  automatically register a vault service and perform its own
  health checking.
- Explicit Maximum Token TTLs: You can now set explicit maximum
  TTLs on tokens that do not honor changes in the system- or
  mount-set values.
- Non-Renewable Tokens: When creating tokens directly through the
  token authentication backend, you can now specify in both token
  store roles and the API whether or not a token should be
  renewable, defaulting to true.
- RabbitMQ Secret Backend: Vault can now generate credentials for
  RabbitMQ. Vhosts and tags can be defined within roles.

IMPROVEMENTS:

- audit: Add the DisplayName value to the copy of the Request
  object embedded in the associated Response, to match the
  original Request object
- audit: Enable auditing of the seal and step-down commands
- backends: Remove most root/sudo paths in favor of normal ACL
  mechanisms.
- command/auth: Restore the previous authenticated token if the
  auth command fails to authenticate the provided token
- command/write: -format and -field can now be used with the write
  command
- core: Add mlock support for FreeBSD, OpenBSD, and Darwin
- core: Don't keep lease timers around when tokens are revoked
- core: If using the disable_cache option, caches for the policy
  store and the transit backend are now disabled as well
- credential/cert: Renewal requests are rejected if the set of
  policies has changed since the token was issued
- credential/cert: Check CRLs for specific non-CA certs configured
  in the backend
- credential/ldap: If groupdn is not configured, skip searching
  LDAP and only return policies for local groups, plus a warning
- credential/ldap: vault list support for users and groups
- credential/ldap: Support for the memberOf attribute for group
  membership searching
- credential/userpass: Add list support for users
- credential/userpass: Remove user configuration paths from
  requiring sudo, in favor of normal ACL mechanisms
- credential/token: Sanitize policies and add default policies in
  appropriate places
- credential/token: Setting the renewable status of a token is now
  possible via vault token-create and the API.
- secret/aws: Use chain credentials to allow environment/EC2
  instance/shared providers
- secret/aws: Support for STS AssumeRole functionality
- secret/consul: Reading consul access configuration supported.
- secret/pki: Added exclude_cn_from_sans field to prevent adding
  the CN to DNS or Email Subject Alternate Names
- secret/pki: Added list support for certificates
- sys/capabilities: Enforce ACL checks for requests that query the
  capabilities of a token on a given path
- sys/health: Status information can now be retrieved with HEAD

BUG FIXES:

- command/read: Fix panic when using -field with a non-string
  value
- command/token-lookup: Fix TTL showing as 0 depending on how a
  token was created.
- command/various: Tell the JSON decoder to not convert all
  numbers to floats; fixes some various places where numbers were
  showing up in scientific notation
- command/server: Prioritized devRootTokenID and devListenAddress
  flags over their respective env vars
- command/ssh: Provided option to disable host key checking.
- core: Properly persist mount-tuned TTLs for auth backends
- core: Don't accidentally crosswire SIGINT to the reload handler
- credential/github: Make organization comparison case-insensitive
  during login
- credential/github: Fix panic when renewing a token created with
  some earlier versions of Vault
- credential/github: The token used to log in via vault auth can
  now be specified in the VAULT_AUTH_GITHUB_TOKEN environment
  variable
- credential/ldap: Fix problem where certain error conditions when
  configuring or opening LDAP connections would cause a panic
  instead of return a useful error message
- credential/token: Fall back to normal parent-token semantics if
  allowed_policies is empty for a role.
- credential/token: Fix issues renewing tokens when using the
  "suffix" capability of token roles
- credential/token: Fix lookup via POST showing the request token
  instead of the desired token
- credential/various: Fix renewal conditions when default policy
  is not contained in the backend config
- physical/s3: Don't panic in certain error cases from bad S3
  responses
- secret/consul: Use non-pooled Consul API client to avoid leaving
  files open
- secret/pki: Don't check whether a certificate is destined to be
  a CA certificate if sign-verbatim endpoint is used

0.5.3 (May 27th, 2016)

SECURITY:

Consul ACL Token Revocation: An issue was reported to us
indicating that generated Consul ACL tokens were not being
properly revoked. Upon investigation, we found that this behavior
was reproducible in a specific scenario: when a generated lease
for a Consul ACL token had been renewed prior to revocation. In
this case, the generated token was not being properly persisted
internally through the renewal function, leading to an error
during revocation due to the missing token. Unfortunately, this
was coded as a user error rather than an internal error, and the
revocation logic was expecting internal errors if revocation
failed. As a result, the revocation logic believed the revocation
to have succeeded when it in fact failed, causing the lease to be
dropped while the token was still valid within Consul. In this
release, the Consul backend properly persists the token through
renewals, and the revocation logic has been changed to consider
any error type to have been a failure to revoke, causing the lease
to persist and attempt to be revoked later.

(fhajny)

Resort to make php selection work.

(joerg)

Fix PKGNAME to include apache version as well.

(wiz)

Updated misc/calibre to 2.67.0

(wiz)

Updated calibre to 2.67.0.

New Features

    Allow creating custom rating columns that support half-stars via Preferences->Add your own columns
    Tag Browser: Add an option in Preferences->Look & Feel->Tag Browser to turn off the display of counts in the Tag Browser
    Tag browser: Show the book counts on the right edge of the Tag Browser
    Cover Browser: Allow any metadata field to be used as the sub-title, not just the rating
    Edit Book: A new tool to sort the rules in a CSS stylesheet. To use it add it to the toolbar for CSS editors
    Edit Book: The Remove Unused CSS tool now has an option to also merge CSS rules that have identical selectors
    Add a tweak in Preferences->Tweaks to exclude some images types from being treated a covers when dropped onto the Book Details panel.

    Closes tickets: 1620198
    Allow reading more image formats as covers (All images will be converted to JPEG when stored).

    Closes tickets: 1619993
    Content server: OPDS feeds: Change the value of <updated> for entries in the acquisition feed to be the last modified date for the book. Also make the size and last modified timestamp available as attributes in the acquisition links. Useful for integration with third party applications.
    Kobo driver: Add support for firmware version 4 available on the new Kobo Aura One

Bug Fixes

    ODT Input: Add support for continued lists.

    Closes tickets: 1620581
    Edit Book: Fix high-dpi rendering of emblems in the File Browser
    Fix regression in previous release that caused wide column icons to be scaled incorrectly
    Metadata download dialog: Fix https links in the download summary not working
    DOCX Output: Handle nested display:table tags with no rows.

    Closes tickets: 1619662
    PDF Output: Fix OpenType fonts with CFF font data not embeddable on windows

Improved news sources

    Ars Technica

(wiz)

Updated mail/neomutt to 20160827nb1

(wiz)

Switch to ncursesw by default for now;
curses on NetBSD has bugs with too many inverse characters.
(or the code base has them but they don't appear with ncurses)

(wiz)

Updated devel/py-hg-git to 0.8.5

(wiz)

Updated py-hg-git to 0.8.5.

init: mark Mercurial 3.7 as supported and prepare for 0.8.5
test-help: fix for Mercurial 3.7
test-renames.t: don't use "seq"
push: better formatting of messages from the server
git_handler: use util method for writing bookmarks
util: add method for writing bookmarks
util: regularize mercurial imports
ignore: add .testtimes to ignored files
version: bump up to 0.8.4
all-version-tests: test Mercurial 3.6.3
git_handler: work around dulwich using unicode for ref names Dulwich treats ref names internally as unicode strings (probably because of Python 3?), which means that at some points it tries to do os.path.join between the repo path and the unicode of the ref name, which fails miserably if we construct the repo with a str and not a unicode. Kludge around this problem. Fixes issue 172. This is a roll-forward of a593069575bb, which should be valid now that th…
hgrepo: ensure all git-origin tags are bytes If we don't do this we might end up with unicodes being written using ui, which then breaks in popbuffer in test-encoding.t. This appears to be an academic concern until we start passing unicode paths to git repos, which we need to do in order to resolve some other problems. Yay.
all-version-tests: wrap to 80 columns and test 3.{5,6}.2
Makefile: respect HGTESTFLAGS environment variable
test-push.t: clean up compat cruft
testutil: clean up compat cruft
test-subrepos.t: clean up compat cruft
gitdirstate: fix up compat comment pathutil isn't in 2.8.
gitrepo: clean up compat cruft
merge
overlay: regularize mercurial imports
gitdirstate: regularize mercurial imports
ssh: regularize mercurial imports
hgrepo: regularize mercurial imports
hg2git: regularize mercurial imports
init: regularize mercurial imports
git_handler: regularize mercurial imports
bookmarks: use bookmarks.recordchange instead of bookmarks.write if available bookmarks.write is deprecated and it was showing warning messages in test-hg-branch.t with the latest test runner from core mercurial. Tested with both hg 2.8 and hg tip.
init: handle AttributeError in addition to ImportError If a module doesn't exist, it yields an ImportError, if an attribtue doesn't exist on a module, it yields an AttributeError
ssh: fix breakage again with dulwich update dulwich 0.12.x changed the way they pass parameters around, so we reformat that to what hg-git expects. This is just plain ridiculous.
push: print messages from the server Some servers, for example, Bitbucket, output helpful messages. This patch reports the output, if any exist, to the user.
init: only activate git ignore logic in reposetup This will massively speed up 'hg status' on repos that are not git based. On my macports repo, status went from Before: 0m0.591s After: 0m0.297s
Backed out changeset a593069575bb This was causing test-encoding.t to fail.
git_handler: work around dulwich using unicode for ref names Dulwich treats ref names internally as unicode strings (probably because of Python 3?), which means that at some points it tries to do os.path.join between the repo path and the unicode of the ref name, which fails miserably if we construct the repo with a str and not a unicode. Kludge around this problem. Fixes issue 172.
readme: document the specific behaviors of hg author translation Particularly the odd ext:(%xx) feature.
manifest: include test and test data Closes issue #154.
determine_wants: deal with refs being None Not clear how this is happening, but this should fix it. Resolves issue #166.

(wiz)

Update HOMEPAGE (sync with py-mercurial)

(dholland)

Fix build problem.

* Make MASTER_SITES empty to avoid fetching 404 site.
* Introduce DIST_SUBDIR reflecting DISTFILE change with the same file name.

(taca)

Readd two forgotten patches.

(joerg)

Add two patches to fix build on NetBSD 7.

(wiz)

Add msgfmt for tools (needed on NetBSD 7).

(wiz)

Override zlib 1.2.5 check in configure, it is not required. Unbreaks
NetBSD 7.0 and earlier.

(joerg)

Updated devel/gmake to 4.1nb2

(joerg)

Revert GNU make to 4.1 due to problems in the new job server code.

(joerg)

add freetype2 bl3 to fix build on Linux even if it is only used for testing
PR pkg/50775

(richard)

Updated multimedia/mkvtoolnix to 9.4.0

(joerg)

Update mkvtoolnix to 9.4.0:
- restrict GUI option to Qt.
- disable compiler optimisation override
- new features:
  - support for Apple ProRes videos in MOV/MP4 files
  - much improves MPEG TS support
  - support WebVTT subtitles
  - output of Big Endian PCM to WAV supported
  - ${TOOL}_OPTIONS can be used for passing additional arguments to
    individual programs via environment
  - support for core-less DTS streams consisting solely of XLL extension
    sub-streams
  - time codes computation for AAC, AC-3, DTS, MP3 and TrueHD packets
    was rewritten
  - support TrueHD tracks inside MPEG TS by keeping (additional) AC-3
    audio track
  - support MPEG-H p2/HEVC video in MP4 container
  - support for AAC in LOAS/LATM multiplex if read from MPEG transport
    streams or raw LOAS/LATM AAC files
  - support for h.265/HEVC from MPEG TS and elementary streams
  - support for teletext subtitles from MPEG TS
  - faster format detection for text subtitle formats
  - support for DTS audio streams in MP4
  - support for VP9 from IVF and WebM files
  - support for Opus
  - support for reading ALAC from CAF and MP4 files
- 5 years of various bug fixes and GUI improvements.

(joerg)

Support SunOS in C99 mode.

(jperkin)

Fix build on SunOS when the default compilation environment is C99+.

(jperkin)

Fix build with Erlang 19.0 (in line with how upstream handles).

(fhajny)

Updated sysutils/xenkernel41 to 4.1.6.1nb20
Updated sysutils/xenkernel42 to 4.2.5nb12
Updated sysutils/xenkernel45 to 4.5.3nb3
Updated sysutils/xenkernel46 to 4.6.3nb1

(bouyer)

Apply upstream patches for:
XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-186: x86: Mishandling of instruction pointer truncation during emulation
XSA-187: x86 HVM: Overflow of sh_ctxt->seg_reg[]
bump PKGREVISION

(bouyer)

Fix build on SunOS when the default compilation environment is C99+.

(jperkin)

Add license and fix Linux build to use SYS_openat syscall when SYS_open
isn't available.

Also, videodev.h is expected in include/linux to build.

Upgrade to more current version next time around.

(richard)

Backport upstream patches for security issues:
XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-187: x86 HVM: Overflow of sh_ctxt->seg_reg[]
bump PKGREVISION

(bouyer)