Update libgcrypt to 1.7.3

Changelog:

2016-08-17  Werner Koch  <wk@gnupg.org>

Release 1.7.3.
* configure.ac: Set LT version to C21/A1/R3.

random: Hash continuous areas in the csprng pool.
* random/random-csprng.c (mix_pool): Store the first hash at the end
of the pool.

random: Improve the diagram showing the random mixing.
* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

2016-07-19  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

crc-intel-pclmul: split assembly block to ease register pressure.
* cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
assembly block handling 4 byte input into multiple blocks.

rijndael-aesni: split assembly block to ease register pressure.
* cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
constraint for passing 'bige_addb' to assembly block; split
first inline assembly block into two parts.

2016-07-14  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

Add ARMv8/AArch32 Crypto Extension implementation of AES.
* cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
'rijndael-armv-aarch32-ce.S'.
* cipher/rijndael-armv8-aarch32-ce.S: New.
* cipher/rijndael-armv8-ce.c: New.
* cipher/rijndael-internal.h (USE_ARM_CE): New.
(RIJNDAEL_context_s): Add 'use_arm_ce'.
* cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
(_gcry_aes_armv8_ce_prepare_decryption)
(_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
(_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
(_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
(_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
(_gcry_aes_armv8_ce_ocb_auth): New.
(do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
setup for ARM CE.
(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
ARM CE support.
* configure.ac: Add 'rijndael-armv8-ce.lo' and
'rijndael-armv8-aarch32-ce.lo'.

Add ARMv8/AArch32 Crypto Extension implementation of GCM.
* cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
* cipher/cipher-gcm-armv8-aarch32-ce.S: New.
* cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
(_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
(ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
(setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
HWF_ARM_PULL HW feature flag is enabled.
* cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.

Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
* cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
* cipher/sha256-armv8-aarch32-ce.S: New.
* cipher/sha256.c (USE_ARM_CE): New.
(sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
[USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
(SHA256_CONTEXT): Add 'use_arm_ce'.
* configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.

Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
* cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
* cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
missing size.
* cipher/sha1-armv8-aarch32-ce.S: New.
* cipher/sha1.c (USE_ARM_CE): New.
(sha1_init): Check features for HWF_ARM_SHA1.
[USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
it.
* cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
* configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.

Add HW feature check for ARMv8 AArch64 and crypto extensions.
* configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
module on 64-bit ARM.
(armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
(gcry_cv_inline_asm_aarch64_neon)
(gcry_cv_gcc_inline_asm_aarch64_crypto): New.
* src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
(HWF_ARM_PMULL): New.
* src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
(feature_map_s): New.
[__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
(HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
[__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
(HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
(get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
'unsigned long'.
(detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
(detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
(_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
* src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
and 'arm-pmull'.

(maya)

Updated security/gnupg to 1.4.21

(maya)

Update gnupg to 1.4.21

Changelog:
2016-08-17  Werner Koch  <wk@gnupg.org>

Release 1.4.21.

gpg: Add dummy option --with-subkey-fingerprint.
* g10/gpg.c (opts): Add dummy option.

build: Create a swdb file during "make distcheck".
* Makefile.am (distcheck-hook): New.

2016-08-17  Ineiev  <ineiev@gnu.org>

po: Update Russian translation.

2016-08-17  Werner Koch  <wk@gnupg.org>

random: Hash continuous areas in the csprng pool.
* cipher/random.c (mix_pool): Store the first hash at the end of the
pool.

cipher: Improve readability by using a macro.
* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

2016-08-09  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

gpg: Avoid publishing the GnuPG version by default.
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

2016-08-04  Daniel Kahn Gillmor  <dkg@fifthhorseman.net>

Clean up "allow to"
* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
  "allow to" with clearer text

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Fix spelling: "occured" should be "occurred"
* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
  util/regcomp.c, util/regex_internal.c: correct the spelling of
  "occured" to "occurred"

2016-08-04  NIIBE Yutaka  <gniibe@fsij.org>

g10: Fix checking key for signature validation.
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

2016-08-03  Justus Winter  <justus@g10code.com>

Partially revert "g10: Fix another race condition for trustdb access."
This amends db246f8b which accidentally included the compiled
translation files.

2016-07-09  NIIBE Yutaka  <gniibe@fsij.org>

gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

2016-07-06  NIIBE Yutaka  <gniibe@fsij.org>

g10: Fix keysize with --expert.
* g10/keygen.c (ask_keysize): It's 768 only for DSA.

2016-06-28  NIIBE Yutaka  <gniibe@fsij.org>

g10: Fix --list-packets.
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.

2016-06-15  Niibe Yutaka  <gniibe@fsij.org>

g10: Fix another race condition for trustdb access.
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.

2016-02-12  NIIBE Yutaka  <gniibe@fsij.org>

g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
the directory and create it if none before calling take_write_lock.

2016-02-01  Werner Koch  <wk@gnupg.org>

Fix possible sign extension problem with newer compilers.
* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
* cipher/blowfish.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
* cipher/camellia.c (CAMELLIA_RR8): Ditto.
* cipher/cast5.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
(do_cast_setkey): Ditto.
* cipher/twofish.c (INPACK): Ditto.
* util/iobuf.c (block_filter): Ditto.

2016-01-26  NIIBE Yutaka  <gniibe@fsij.org>

g10: Fix iobuf API of filter function for alignment.
* include/iobuf.h (struct iobuf_struct): Remove DESC.
* util/iobuf.c (iobuf_desc): New.
(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
(file_filter, sock_filter, block_filter): Fill the description.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
g10/progress.c, g10/textfilter.c: Likewise.

2016-01-15  Werner Koch  <wk@gnupg.org>

Fix possible AIX problem with sysconf in rndunix.
* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
(start_gatherer): Detect misbehaving sysconf.

2016-01-13  NIIBE Yutaka  <gniibe@fsij.org>

Fix to support git worktree.
* Makefile.am: Use -e for testing .git.

2015-12-21  NIIBE Yutaka  <gniibe@fsij.org>

po: Update Japanese translation.

(maya)

wpa_gui: better explanation in MESSAGE, don't suggest the unsafe option

(maya)

wpa_gui: add forgotten patch.

(maya)

wpa_gui: take maintainership, add MESSAGE explaining requirements to usage

(maya)

Updated net/wpa_gui to 2.5

(maya)

Update to wpa_gui v2.5

Changelog:
2015-09-27 - v2.5
        * fixed P2P validation of SSID element length before copying it
          [security/2015-1/]">http://w1.fi/security/2015-1/] (CVE-2015-1863)
        * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
          [security/2015-2/]">http://w1.fi/security/2015-2/] (CVE-2015-4141)
        * fixed WMM Action frame parser (AP mode)
          [security/2015-3/]">http://w1.fi/security/2015-3/] (CVE-2015-4142)
        * fixed EAP-pwd peer missing payload length validation
          [security/2015-4/]">http://w1.fi/security/2015-4/]
          (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
        * fixed validation of WPS and P2P NFC NDEF record payload length
          [security/2015-5/]">http://w1.fi/security/2015-5/]
        * nl80211:
          - added VHT configuration for IBSS
          - fixed vendor command handling to check OUI properly
          - allow driver-based roaming to change ESS
        * added AVG_BEACON_RSSI to SIGNAL_POLL output
        * wpa_cli: added tab completion for number of commands
        * removed unmaintained and not yet completed SChannel/CryptoAPI support
        * modified Extended Capabilities element use in Probe Request frames to
          include all cases if any of the values are non-zero
        * added support for dynamically creating/removing a virtual interface
          with interface_add/interface_remove
        * added support for hashed password (NtHash) in EAP-pwd peer
        * added support for memory-only PSK/passphrase (mem_only_psk=1 and
          CTRL-REQ/RSP-PSK_PASSPHRASE)
        * P2P
          - optimize scan frequencies list when re-joining a persistent group
          - fixed number of sequences with nl80211 P2P Device interface
          - added operating class 125 for P2P use cases (this allows 5 GHz
            channels 161 and 169 to be used if they are enabled in the current
            regulatory domain)
          - number of fixes to P2PS functionality
          - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
          - extended support for preferred channel listing
        * D-Bus:
          - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
          - fixed PresenceRequest to use group interface
          - added new signals: FindStopped, WPS pbc-overlap,
            GroupFormationFailure, WPS timeout, InvitationReceived
          - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
          - added manufacturer info
        * added EAP-EKE peer support for deriving Session-Id
        * added wps_priority configuration parameter to set the default priority
          for all network profiles added by WPS
        * added support to request a scan with specific SSIDs with the SCAN
          command (optional "ssid <hexdump>" arguments)
        * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
        * fixed SAE group selection in an error case
        * modified SAE routines to be more robust and PWE generation to be
          stronger against timing attacks
        * added support for Brainpool Elliptic Curves with SAE
        * added support for CCMP-256 and GCMP-256 as group ciphers with FT
        * fixed BSS selection based on estimated throughput
        * added option to disable TLSv1.0 with OpenSSL
          (phase1="tls_disable_tlsv1_0=1")
        * added Fast Session Transfer (FST) module
        * fixed OpenSSL PKCS#12 extra certificate handling
        * fixed key derivation for Suite B 192-bit AKM (this breaks
          compatibility with the earlier version)
        * added RSN IE to Mesh Peering Open/Confirm frames
        * number of small fixes

2015-03-15 - v2.4
        * allow OpenSSL cipher configuration to be set for internal EAP server
          (openssl_ciphers parameter)
        * fixed number of small issues based on hwsim test case failures and
          static analyzer reports
        * P2P:
          - add new=<0/1> flag to P2P-DEVICE-FOUND events
          - add passive channels in invitation response from P2P Client
          - enable nl80211 P2P_DEVICE support by default
          - fix regresssion in disallow_freq preventing search on social
            channels
          - fix regressions in P2P SD query processing
          - try to re-invite with social operating channel if no common channels
            in invitation
          - allow cross connection on parent interface (this fixes number of
            use cases with nl80211)
          - add support for P2P services (P2PS)
          - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
            be configured
        * increase postponing of EAPOL-Start by one second with AP/GO that
          supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
          of identity frames)
        * add support for PMKSA caching with SAE
        * add support for control mesh BSS (IEEE 802.11s) operations
        * fixed number of issues with D-Bus P2P commands
        * fixed regression in ap_scan=2 special case for WPS
        * fixed macsec_validate configuration
        * add a workaround for incorrectly behaving APs that try to use
          EAPOL-Key descriptor version 3 when the station supports PMF even if
          PMF is not enabled on the AP
        * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
          of disabling these can be configured to work around issues with broken
          servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
        * add support for Suite B (128-bit and 192-bit level) key management and
          cipher suites
        * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
        * improved BSS Transition Management processing
        * add support for neighbor report
        * add support for link measurement
        * fixed expiration of BSS entry with all-zeros BSSID
        * add optional LAST_ID=x argument to LIST_NETWORK to allow all
          configured networks to be listed even with huge number of network
          profiles
        * add support for EAP Re-Authentication Protocol (ERP)
        * fixed EAP-IKEv2 fragmentation reassembly
        * improved PKCS#11 configuration for OpenSSL
        * set stdout to be line-buffered
        * add TDLS channel switch configuration
        * add support for MAC address randomization in scans with nl80211
        * enable HT for IBSS if supported by the driver
        * add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
        * add support for domain_suffix_match with GnuTLS
        * add OCSP stapling client support with GnuTLS
        * include peer certificate in EAP events even without a separate probe
          operation; old behavior can be restored with cert_in_cb=0
        * add peer ceritficate alt subject name to EAP events
          (CTRL-EVENT-EAP-PEER-ALT)
        * add domain_match network profile parameter (similar to
          domain_suffix_match, but full match is required)
        * enable AP/GO mode HT Tx STBC automatically based on driver support
        * add ANQP-QUERY-DONE event to provide information on ANQP parsing
          status
        * allow passive scanning to be forced with passive_scan=1
        * add a workaround for Linux packet socket behavior when interface is in
          bridge
        * increase 5 GHz band preference in BSS selection (estimate SNR, if info
          not available from driver; estimate maximum throughput based on common
          HT/VHT/specific TX rate support)
        * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
          implement Interworking network selection behavior in upper layers
          software components
        * add optional reassoc_same_bss_optim=1 (disabled by default)
          optimization to avoid unnecessary Authentication frame exchange
        * extend TDLS frame padding workaround to cover all packets
        * allow wpa_supplicant to recover nl80211 functionality if the cfg80211
          module gets removed and reloaded without restarting wpa_supplicant
        * allow hostapd DFS implementation to be used in wpa_supplicant AP mode

2014-10-09 - v2.3
        * fixed number of minor issues identified in static analyzer warnings
        * fixed wfd_dev_info to be more careful and not read beyond the buffer
          when parsing invalid information for P2P-DEVICE-FOUND
        * extended P2P and GAS query operations to support drivers that have
          maximum remain-on-channel time below 1000 ms (500 ms is the current
          minimum supported value)
        * added p2p_search_delay parameter to make the default p2p_find delay
          configurable
        * improved P2P operating channel selection for various multi-channel
          concurrency cases
        * fixed some TDLS failure cases to clean up driver state
        * fixed dynamic interface addition cases with nl80211 to avoid adding
          ifindex values to incorrect interface to skip foreign interface events
          properly
        * added TDLS workaround for some APs that may add extra data to the
          end of a short frame
        * fixed EAP-AKA' message parser with multiple AT_KDF attributes
        * added configuration option (p2p_passphrase_len) to allow longer
          passphrases to be generated for P2P groups
        * fixed IBSS channel configuration in some corner cases
        * improved HT/VHT/QoS parameter setup for TDLS
        * modified D-Bus interface for P2P peers/groups
        * started to use constant time comparison for various password and hash
          values to reduce possibility of any externally measurable timing
          differences
        * extended explicit clearing of freed memory and expired keys to avoid
          keeping private data in memory longer than necessary
        * added optional scan_id parameter to the SCAN command to allow manual
          scan requests for active scans for specific configured SSIDs
        * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
        * added option to set Hotspot 2.0 Rel 2 update_identifier in network
          configuration to support external configuration
        * modified Android PNO functionality to send Probe Request frames only
          for hidden SSIDs (based on scan_ssid=1)
        * added generic mechanism for adding vendor elements into frames at
          runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
        * added fields to show unrecognized vendor elements in P2P_PEER
        * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
          MS-CHAP2-Success is required to be present regardless of
          eap_workaround configuration
        * modified EAP fast session resumption to allow results to be used only
          with the same network block that generated them
        * extended freq_list configuration to apply for sched_scan as well as
          normal scan
        * modified WPS to merge mixed-WPA/WPA2 credentials from a single session
        * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
          removed from a bridge
        * fixed number of small P2P issues to make negotiations more robust in
          corner cases
        * added experimental support for using temporary, random local MAC
          address (mac_addr and preassoc_mac_addr parameters); this is disabled
          by default (i.e., previous behavior of using permanent address is
          maintained if configuration is not changed)
        * added D-Bus interface for setting/clearing WFD IEs
        * fixed TDLS AID configuration for VHT
        * modified -m<conf> configuration file to be used only for the P2P
          non-netdev management device and do not load this for the default
          station interface or load the station interface configuration for
          the P2P management interface
        * fixed external MAC address changes while wpa_supplicant is running
        * started to enable HT (if supported by the driver) for IBSS
        * fixed wpa_cli action script execution to use more robust mechanism
          (CVE-2014-3686)

2014-06-04 - v2.2
        * added DFS indicator to get_capability freq
        * added/fixed nl80211 functionality
          - BSSID/frequency hint for driver-based BSS selection
          - fix tearing down WDS STA interfaces
          - support vendor specific driver command
            (VENDOR <vendor id> <sub command id> [<hex formatted data>])
          - GO interface teardown optimization
          - allow beacon interval to be configured for IBSS
          - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
        * removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
          interface commands (the more generic NFC_REPORT_HANDOVER is now used)
        * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
          this fixes password with include UTF-8 characters that use
          three-byte encoding EAP methods that use NtPasswordHash
        * fixed couple of sequencies where radio work items could get stuck,
          e.g., when rfkill blocking happens during scanning or when
          scan-for-auth workaround is used
        * P2P enhancements/fixes
          - enable enable U-APSD on GO automatically if the driver indicates
            support for this
          - fixed some service discovery cases with broadcast queries not being
            sent to all stations
          - fixed Probe Request frame triggering invitation to trigger only a
            single invitation instance even if multiple Probe Request frames are
            received
          - fixed a potential NULL pointer dereference crash when processing an
            invalid Invitation Request frame
          - add optional configuration file for the P2P_DEVICE parameters
          - optimize scan for GO during persistent group invocation
          - fix possible segmentation fault when PBC overlap is detected while
            using a separate P2P group interface
          - improve GO Negotiation robustness by allowing GO Negotiation
            Confirmation to be retransmitted
          - do use freed memory on device found event when P2P NFC
        * added phase1 network parameter options for disabling TLS v1.1 and v1.2
          to allow workarounds with misbehaving AAA servers
          (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
        * added support for OCSP stapling to validate AAA server certificate
          during TLS exchange
        * Interworking/Hotspot 2.0 enhancements
          - prefer the last added network in Interworking connection to make the
            behavior more consistent with likely user expectation
          - roaming partner configuration (roaming_partner within a cred block)
          - support Hotspot 2.0 Release 2
            * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
            * "hs20_icon_request <BSSID> <icon filename>" to request icon files
            * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider
              search (all suitable APs in scan results)
            * OSEN network for online signup connection
            * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
            * max_bss_load cred parameter
            * req_conn_capab cred parameter
            * sp_priority cred parameter
            * ocsp cred parameter
            * slow down automatic connection attempts on EAP failure to meet
              required behavior (no more than 10 retries within a 10-minute
              interval)
            * sample implementation of online signup client (both SPP and
              OMA-DM protocols) (hs20/client/*)
          - fixed GAS indication for additional comeback delay with status
            code 95
          - extend ANQP_GET to accept Hotspot 2.0 subtypes
            ANQP_GET <addr> <info id>[,<info id>]...
            [,hs20:<subtype>][...,hs20:<subtype>]
          - add control interface events CRED-ADDED <id>,
            CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
          - add "GET_CRED <id> <field>" command
          - enable FT for the connection automatically if the AP advertises
            support for this
          - fix a case where auto_interworking=1 could end up stopping scanning
        * fixed TDLS interoperability issues with supported operating class in
          some deployed stations
        * internal TLS implementation enhancements/fixes
          - add SHA256-based cipher suites
          - add DHE-RSA cipher suites
          - fix X.509 validation of PKCS#1 signature to check for extra data
        * fixed PTK derivation for CCMP-256 and GCMP-256
        * added "reattach" command for fast reassociate-back-to-same-BSS
        * allow PMF to be enabled for AP mode operation with the ieee80211w
          parameter
        * added "get_capability tdls" command
        * added option to set config blobs through control interface with
          "SET blob <name> <hexdump>"
        * D-Bus interface extensions/fixes
          - make p2p_no_group_iface configurable
          - declare ServiceDiscoveryRequest method properly
          - export peer's device address as a property
          - make reassociate command behave like the control interface one,
            i.e., to allow connection from disconnected state
        * added optional "freq=<channel ranges>" parameter to SET pno
        * added optional "freq=<channel ranges>" parameter to SELECT_NETWORK
        * fixed OBSS scan result processing for 20/40 MHz co-ex report
        * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
          whenever CONFIG_WPS=y is set
        * fixed regression in parsing of WNM Sleep Mode exit key data
        * fixed potential segmentation fault and memory leaks in WNM neighbor
          report processing
        * EAP-pwd fixes
          - fragmentation of PWD-Confirm-Resp
          - fix memory leak when fragmentation is used
          - fix possible segmentation fault on EAP method deinit if an invalid
            group is negotiated
        * added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
          available only with the macsec_qca driver wrapper)
        * fixed EAP-SIM counter-too-small message
        * added 'dup_network <id_s> <id_d> <name>' command; this can be used to
          clone the psk field without having toextract it from wpa_supplicant
        * fixed GSM authentication on USIM
        * added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y)
        * fixed some concurrent virtual interface cases with dedicated P2P
          management interface to not catch events from removed interface (this
          could result in the management interface getting disabled)
        * fixed a memory leak in SAE random number generation
        * fixed off-by-one bounds checking in printf_encode()
          - this could result in some control interface ATTACH command cases
            terminating wpa_supplicant
        * fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
        * various bug fixes

2014-02-04 - v2.1
        * added support for simultaneous authentication of equals (SAE) for
          stronger password-based authentication with WPA2-Personal
        * improved P2P negotiation and group formation robustness
          - avoid unnecessary Dialog Token value changes during retries
          - avoid more concurrent scanning cases during full group formation
            sequence
          - do not use potentially obsolete scan result data from driver
            cache for peer discovery/updates
          - avoid undesired re-starting of GO negotiation based on Probe
            Request frames
          - increase GO Negotiation and Invitation timeouts to address busy
            environments and peers that take long time to react to messages,
            e.g., due to power saving
          - P2P Device interface type
        * improved P2P channel selection (use more peer information and allow
          more local options)
        * added support for optional per-device PSK assignment by P2P GO
          (wpa_cli p2p_set per_sta_psk <0/1>)
        * added P2P_REMOVE_CLIENT for removing a client from P2P groups
          (including persistent groups); this can be used to securely remove
          a client from a group if per-device PSKs are used
        * added more configuration flexibility for allowed P2P GO/client
          channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1)
        * added nl80211 functionality
          - VHT configuration for nl80211
          - MFP (IEEE 802.11w) information for nl80211 command API
          - support split wiphy dump
          - FT (IEEE 802.11r) with driver-based SME
          - use advertised number of supported concurrent channels
          - QoS Mapping configuration
        * improved TDLS negotiation robustness
        * added more TDLS peer parameters to be configured to the driver
        * optimized connection time by allowing recently received scan results
          to be used instead of having to run through a new scan
        * fixed ctrl_iface BSS command iteration with RANGE argument and no
          exact matches; also fixed argument parsing for some cases with
          multiple arguments
        * added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan
          without executing roaming/network re-selection on scan results
        * added Session-Id derivation for EAP peer methods
        * added fully automated regression testing with mac80211_hwsim
        * changed configuration parser to reject invalid integer values
        * allow AP/Enrollee to be specified with BSSID instead of UUID for
          WPS ER operations
        * disable network block temporarily on repeated connection failures
        * changed the default driver interface from wext to nl80211 if both are
          included in the build
        * remove duplicate networks if WPS provisioning is run multiple times
        * remove duplicate networks when Interworking network selection uses the
          same network
        * added global freq_list configuration to allow scan frequencies to be
          limited for all cases instead of just for a specific network block
        * added support for BSS Transition Management
        * added option to use "IFNAME=<ifname> " prefix to use the global
          control interface connection to perform per-interface commands;
          similarly, allow global control interface to be used as a monitor
          interface to receive events from all interfaces
        * fixed OKC-based PMKSA cache entry clearing
        * fixed TKIP group key configuration with FT
        * added support for using OCSP stapling to validate server certificate
          (ocsp=1 as optional and ocsp=2 as mandatory)
        * added EAP-EKE peer
        * added peer restart detection for IBSS RSN
        * added domain_suffix_match (and domain_suffix_match2 for Phase 2
          EAP-TLS) to specify additional constraint for the server certificate
          domain name
        * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
          and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
          interface)
        * added global bgscan configuration option as a default for all network
          blocks that do not specify their own bgscan parameters
        * added D-Bus methods for TDLS
        * added more control to scan requests
          - "SCAN freq=<freq list>" can be used to specify which channels are
            scanned (comma-separated frequency ranges in MHz)
          - "SCAN passive=1" can be used to request a passive scan (no Probe
            Request frames are sent)
          - "SCAN use_id" can be used to request a scan id to be returned and
            included in event messages related to this specific scan operation
          - "SCAN only_new=1" can be used to request the driver/cfg80211 to
            report only BSS entries that have been updated during this scan
            round
          - these optional arguments to the SCAN command can be combined with
            each other
        * modified behavior on externally triggered scans
          - avoid concurrent operations requiring full control of the radio when
            an externally triggered scan is detected
          - do not use results for internal roaming decision
        * added a new cred block parameter 'temporary' to allow credential
          blocks to be stored separately even if wpa_supplicant configuration
          file is used to maintain other network information
        * added "radio work" framework to schedule exclusive radio operations
          for off-channel functionality
          - reduce issues with concurrent operations that try to control which
            channel is used
          - allow external programs to request exclusive radio control in a way
            that avoids conflicts with wpa_supplicant
        * added support for using Protected Dual of Public Action frames for
          GAS/ANQP exchanges when associated with PMF
        * added support for WPS+NFC updates and P2P+NFC
          - improved protocol for WPS
          - P2P group formation/join based on NFC connection handover
          - new IPv4 address assignment for P2P groups (ip_addr_* configuration
            parameters on the GO) to replace DHCP
          - option to fetch and report alternative carrier records for external
            NFC operations
        * various bug fixes

(maya)

Updated misc/byobu to 5.111

(maya)

Update byobu to 5.111

Changelog:

byobu (5.111-0ubuntu1) yakkety; urgency=medium

  [ Dustin Kirkland ]
  * usr/lib/byobu/battery:
    - battery color when black-on-red is hard to read; change to
      white on red.
    - test 256 colors with vim (:runtime syntax/colortest.vim) and
      http://www.robmeerman.co.uk/_media/unix/256colors2.pl
      + seem to be working okay here

  [ Jeffery To ]
  * usr/bin/byobu.in, usr/share/byobu/profiles/tmux:
    - use screen-256color if possible, for both screen and tmux
    - allow the user to override our term choices, by setting
      BYOBU_TERM, BYOBU_DEFAULT_TERM and/or BYOBU_COLOR_TERM

-- Dustin Kirkland <kirkland@ubuntu.com>  Tue, 09 Aug 2016 15:23:17 -0500

byobu (5.110-0ubuntu1) yakkety; urgency=medium

  [ Dustin Kirkland ]
  * usr/lib/byobu/logo:
    - added a logo for AlpineLinux, which has published an apk for Byobu
  * usr/share/byobu/status/status, usr/share/byobu/status/statusrc:
  - default to showing disk space
  - fix DISTRO to BYOBU_DISTRO in template
  * debian/control: LP: #1596364
    - add |xterm to suggests
  * usr/bin/purge-old-kernels: LP: #1595977
    - modify the kernel purge algorithm slightly to better handle efi
      and virtual kernels
  * usr/bin/purge-old-kernels: LP: #1532153
    - run autoremove afterwards, to clean up anything else
  * usr/lib/byobu/include/select-session.py: LP: #1583590
    - fix default window selection by just hitting enter
  * usr/share/man/man1/byobu.1:
    - add some whitespace in the manpage

  [ ironstorm ]
  * usr/lib/byobu/cpu_temp: LP: #1587139
    - add cpu temp support for rpi1, rpi2, and rpi3

-- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 29 Jul 2016 12:29:04 -0500

byobu (5.109-0ubuntu1) yakkety; urgency=medium

  [ Dustin Kirkland ]
  * usr/lib/byobu/include/icons, usr/lib/byobu/reboot_required,
    usr/lib/byobu/updates_available:
    - add an checkbox icon
    - fix formatting again
  * usr/share/byobu/desktop/byobu.desktop.old,
    usr/share/byobu/desktop/Makefile.am:
    - deprecated

  [ Grant Likely ]
  * usr/lib/byobu/include/select-session.py:
    - Add support for tmux grouped sessions
    - select-session.py: Pass command name in argument list

-- Dustin Kirkland <kirkland@ubuntu.com>  Tue, 05 Jul 2016 10:47:22 -0500

byobu (5.108-0ubuntu1) yakkety; urgency=medium

  [ Dustin Kirkland ]
  * usr/lib/byobu/updates_available:
    - remove trailing whitespace
  * usr/lib/byobu/battery:
    - only use POWER_SUPPLY_CAPACITY if neither POWER_SUPPLY_ENERGY_NOW nor
      POWER_SUPPLY_CHARGE_NOW are available; important for summing
      multiple batteries

  [ Kevin Mark and Dustin Kirkland ]
  * usr/lib/byobu/uptime:
    - fix uptime status on MacOS

-- Dustin Kirkland <kirkland@ubuntu.com>  Tue, 31 May 2016 10:03:12 -0500

byobu (5.107-0ubuntu1) yakkety; urgency=medium

  * usr/bin/manifest:
    - remove http, breaks pastebinit
  * usr/bin/manifest:
    - fix manifest url
  * usr/bin/wifi-status:
    - use tmux target pane

-- Dustin Kirkland <kirkland@ubuntu.com>  Mon, 09 May 2016 18:26:20 -0500

byobu (5.106-0ubuntu1) xenial; urgency=medium

  * usr/lib/byobu/include/tmux-send-command-to-all-panes:
    - fix breakage on sending command to all panes

-- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 14 Apr 2016 11:21:49 -0500

byobu (5.105-0ubuntu1) xenial; urgency=medium

  [ Dustin Kirkland ]
  * usr/share/man/man1/byobu.1:
    - update examples
  * debian/control:
    - pastebinit needs to be in the recommends
  * usr/lib/byobu/swap, usr/share/man/man1/byobu.1:
    - switch swap to black on green, white on green
      was unreadable
  * usr/bin/byobu-ctrl-a.in:
    - silence stderr
  * usr/share/byobu/profiles/bashrc:
    - fix color comment
  * usr/bin/byobu-janitor.in:
    - no longer default to enabling ec2 status, LP: #1564320
    - institute better timeouts for metadata wgets, LP: #1564320
  * usr/bin/byobu-select-session.in: LP: #1555446
    - exec the select-session command, to keep from having an sh
      hanging around
  * Applications/Byobu.app/Contents/MacOS/Byobu, AUTHORS,
    debian/copyright, debian/source_byobu.py, etc/profile.d/Z97-
    byobu.sh.in, experimental/byobu-classroom, po/bg.po, po/sv.po,
    usr/bin/byobu-config.in, usr/bin/byobu-ctrl-a.in, usr/bin/byobu-
    disable.in, usr/bin/byobu-disable-prompt.in, usr/bin/byobu-
    enable.in, usr/bin/byobu-enable-prompt.in, usr/bin/byobu-export.in,
    usr/bin/byobu.in, usr/bin/byobu-janitor.in, usr/bin/byobu-
    keybindings, usr/bin/byobu-launcher.in, usr/bin/byobu-launcher-
    install.in, usr/bin/byobu-launcher-uninstall.in, usr/bin/byobu-
    launch.in, usr/bin/byobu-layout.in, usr/bin/byobu-prompt.in,
    usr/bin/byobu-quiet.in, usr/bin/byobu-reconnect-sockets.in,
    usr/bin/byobu-select-backend.in, usr/bin/byobu-select-profile.in,
    usr/bin/byobu-select-session.in, usr/bin/byobu-shell.in,
    usr/bin/byobu-silent.in, usr/bin/byobu-status-detail.in,
    usr/bin/byobu-status.in, usr/bin/manifest, usr/lib/byobu/apport,
    usr/lib/byobu/arch, usr/lib/byobu/battery, usr/lib/byobu/color,
    usr/lib/byobu/cpu_count, usr/lib/byobu/cpu_freq,
    usr/lib/byobu/cpu_temp, usr/lib/byobu/custom, usr/lib/byobu/date,
    usr/lib/byobu/disk, usr/lib/byobu/disk_io, usr/lib/byobu/distro,
    usr/lib/byobu/ec2_cost, usr/lib/byobu/entropy,
    usr/lib/byobu/fan_speed, usr/lib/byobu/hostname,
    usr/lib/byobu/include/colors, usr/lib/byobu/include/common,
    usr/lib/byobu/include/config.py.in, usr/lib/byobu/include/constants,
    usr/lib/byobu/include/cycle-status, usr/lib/byobu/include/dirs.in,
    usr/lib/byobu/include/icons, usr/lib/byobu/include/mondrian,
    usr/lib/byobu/include/notify_osd, usr/lib/byobu/include/select-
    session.py, usr/lib/byobu/include/shutil, usr/lib/byobu/include/tmux-
    detach-all-but-current-client, usr/lib/byobu/include/tmux-send-
    command-to-all-panes, usr/lib/byobu/include/tmux-send-command-to-all-
    windows, usr/lib/byobu/include/toggle-utf8.in,
    usr/lib/byobu/ip_address, usr/lib/byobu/load_average,
    usr/lib/byobu/logo, usr/lib/byobu/mail, usr/lib/byobu/memory,
    usr/lib/byobu/menu, usr/lib/byobu/network, usr/lib/byobu/notify_osd,
    usr/lib/byobu/processes, usr/lib/byobu/raid,
    usr/lib/byobu/reboot_required, usr/lib/byobu/release,
    usr/lib/byobu/services, usr/lib/byobu/session, usr/lib/byobu/swap,
    usr/lib/byobu/time, usr/lib/byobu/time_utc, usr/lib/byobu/trash,
    usr/lib/byobu/updates_available, usr/lib/byobu/uptime,
    usr/lib/byobu/users, usr/lib/byobu/whoami,
    usr/lib/byobu/wifi_quality, usr/share/byobu/keybindings/f-
    keys.screen, usr/share/byobu/keybindings/f-keys.screen.disable,
    usr/share/byobu/keybindings/f-keys.tmux,
    usr/share/byobu/keybindings/f-keys.tmux.disable,
    usr/share/byobu/profiles/bashrc, usr/share/byobu/profiles/byoburc,
    usr/share/byobu/profiles/classroom, usr/share/byobu/profiles/common,
    usr/share/byobu/profiles/NONE, usr/share/byobu/profiles/screenrc,
    usr/share/byobu/profiles/tmux, usr/share/byobu/profiles/tmuxrc,
    usr/share/byobu/status/status, usr/share/byobu/status/statusrc,
    usr/share/byobu/tests/byobu-time-notifications.in, usr/share/dbus-
    1/services/us.kirkland.terminals.byobu.service,
    usr/share/man/man1/byobu-export.1:
    - update byobu.co email addresses to byobu.org
  * CONTRIBUTING:
    - added a contributing file

  [ Mark King ]
  * usr/lib/byobu/battery:
    - Use `POWER_SUPPLY_CAPACITY` for battery if available

-- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 07 Apr 2016 18:50:55 -0500

byobu (5.104-0ubuntu1) xenial; urgency=medium

  * debian/control:
    - suggest pastebinit, drop w3m

-- Dustin Kirkland <kirkland@ubuntu.com>  Sun, 28 Feb 2016 23:46:22 -0600

byobu (5.103-0ubuntu1) xenial; urgency=medium

  * usr/bin/Makefile.am, usr/bin/manifest, usr/bin/tmpfsffs,
    usr/share/man/man1/Makefile.am, usr/share/man/man1/manifest.1:
    - added the manifest command
  * debian/control, usr/bin/Makefile.am, usr/bin/purge-old-kernels,
    usr/share/man/man1/Makefile.am, usr/share/man/man1/purge-old-
    kernels.1:
    - move purge-old-kernels over from bikeshed into byobu
  * usr/lib/byobu/include/select-session.py: LP: #1550687
    - make sure input/eval is compatible with both python2 and 3
  * usr/share/byobu/keybindings/f-keys.screen,
    usr/share/byobu/keybindings/f-keys.tmux: LP: #1543903
    - use $EDITOR rather than 'view'
  * usr/lib/byobu/include/icons, usr/lib/byobu/reboot_required,
    usr/share/man/man1/byobu.1:
    - add an indicator for an unattended upgrade in progress

-- Dustin Kirkland <kirkland@ubuntu.com>  Sun, 28 Feb 2016 23:24:31 -0600

byobu (5.102-0ubuntu1) xenial; urgency=medium

  [ Dustin Kirkland ]
  * usr/share/byobu/keybindings/mouse.tmux.disable,
    usr/share/byobu/keybindings/mouse.tmux.enable: LP: #1514377
    - use tmux 2.1's new 'mouse' option, add some comments,
      support old and new
  * configure.ac, debian/control, NEWS, README, usr/lib/byobu/rcs_cost,
    usr/share/appdata/byobu.appdata.xml, usr/share/man/man1/byobu.1,
    usr/share/man/man1/byobu-config.1, usr/share/man/man1/byobu-ctrl-
    a.1, usr/share/man/man1/byobu-enable.1, usr/share/man/man1/byobu-
    janitor.1, usr/share/man/man1/byobu-keybindings.1,
    usr/share/man/man1/byobu-launcher.1, usr/share/man/man1/byobu-
    launcher-install.1, usr/share/man/man1/byobu-launcher-uninstall.1,
    usr/share/man/man1/byobu-layout.1, usr/share/man/man1/byobu-
    prompt.1, usr/share/man/man1/byobu-quiet.1, usr/share/man/man1/byobu-
    reconnect-sockets.1, usr/share/man/man1/byobu-screen.1,
    usr/share/man/man1/byobu-select-backend.1, usr/share/man/man1/byobu-
    select-profile.1, usr/share/man/man1/byobu-select-session.1,
    usr/share/man/man1/byobu-shell.1, usr/share/man/man1/byobu-silent.1,
    usr/share/man/man1/byobu-status.1, usr/share/man/man1/byobu-status-
    detail.1, usr/share/man/man1/byobu-tmux.1, usr/share/man/man1/byobu-
    ugraph.1, usr/share/man/man1/byobu-ulevel.1:
    - replace http://byobu.co links to newly registered http://byobu.org

  [ Jeffrey To ]
  * usr/share/byobu/keybindings/tmux-screen-keys.conf:
    - This adds '-c "#{pane_current_path}"' to new-window/split-window calls
      in tmux-screen-keys.conf, matching similar calls in f-keys.tmux.

-- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 04 Feb 2016 16:29:44 -0600

byobu (5.101-0ubuntu1) xenial; urgency=medium

  * usr/lib/byobu/arch:
    - need a trailing whitespace
  * README: LP: #1526844
    - add a note about installing coreutils
  * usr/bin/byobu-shell.in: LP: #1500109
    - respect ~/.hushlogin file

-- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 14 Jan 2016 08:55:21 +0200

(maya)

Updated devel/ocaml-ppx_deriving to 4.0

(jaapb)

Updated package to latest version, 4.0. Changes include:

  Show, eq, ord, map, iter, fold: add support for Result.result.
  Ppx_deriving.Arg: use Result.result instead of polymorphic variants.
  Ppx_deriving.sanitize: parameterize over an opened module.
  Add support for [@@deriving] in module type declarations.
  Add support for loading findlib packages instead of just files in ppx_deriving_main.
  Treat types explicitly qualified with Pervasives also as builtin.
  Compatibility with statically linked ppx drivers.

(jaapb)

Added ocaml-result to SUBDIRs

(jaapb)

Added devel/ocaml-result version 1.2

(jaapb)

Created a new package, devel/ocaml-result. This is a compatibility library
so that packages can remain compatible with OCaml <= 4.03 while using the
Result type.

(jaapb)

Updated devel/py-hgnested to 0.8

(richard)

update to hgnested-0.8

CHANGES:

Version 0.8 - 2016-08-10
* Add support for mercurial 3.8 and 3.9
* Drop support for mercurial 3.5
* Add support for mercurial 3.6

Version 0.7 - 2015-08-26
* Improve performance by skipping .hg directories
* Add support for tortoisehg
* Add nshare command
* Drop support for mercurial 2.8

(richard)

Updated time/py-dateutil to 2.5.3

(richard)

Updated databases/ocaml-sqlite3 to 4.0.5

(jaapb)

Updated package to latest version, 4.0.5. Changes include:

Changed default configuration setting for loadable extensions
on Mac OS X.  Due to frequent installation issues the default
setting is now to turn off loadable extensions on that platform.
You will have to explicitly turn them on if you need them.

Fixed a bug finalizing user-defined functions for a database.

More build process improvements for Homebrew users.

Improved build process for Homebrew users.

Major API change that is compatible with major release series 2:
It is now possible to return errors from user-defined SQL-functions
by simply raising (arbitrary) exceptions.  This somewhat
tricky internal change eliminates the need for Data.ERROR and
reestablishes compatibility with major release series 2.
Sorry for the churn, but the more elegant solution was not
quite obvious!

Added user function error handling (major API change).

Fixed a build problem due to Oasis/ocamlbuild inconsistency.

Fixed a callback locking bug when encountering rows containing
unexpected NULLs.

(jaapb)

update to python-dateutil-2.5.3

NEWS:
Version 2.5.3
-------------
- Updated zoneinfo to 2016d
- Fixed parser bug where unambiguous datetimes fail to parse when dayfirst is
  set to true. (gh issue #233, pr #234)
- Bug in zoneinfo file on platforms such as Google App Engine which do not
  do not allow importing of subprocess.check_call was reported and fixed by
  @savraj (gh issue #239, gh pr #240)
- Fixed incorrect version in documentation (gh issue #235, pr #243)

Version 2.5.2
-------------
- Updated zoneinfo to 2016c
- Fixed parser bug where yearfirst and dayfirst parameters were not being
  respected when no separator was present. (gh issue #81 and #217, pr #229)

Version 2.5.1
-------------
- Updated zoneinfo to 2016b
- Changed MANIFEST.in to explicitly include test suite in source distributions,
  with help from @koobs (gh issue #193, pr #194, #201, #221)
- Explicitly set all line-endings to LF, except for the NEWS file, on a
  per-repository basis (gh pr #218)
- Fixed an issue with improper caching behavior in rruleset objects (gh issue
  #104, pr #207)
- Changed to an explicit error when rrulestr strings contain a missing BYDAY
  (gh issue #162, pr #211)
- tzfile now correctly handles files containing leapcnt (although the leapcnt
  information is not actually used). Contributed by @hjoukl (gh issue #146, pr
  #147)
- Fixed recursive import issue with tz module (gh pr #204)
- Added compatibility between tzwin objects and datetime.time objects (gh issue
  #216, gh pr #219)
- Refactored monolithic test suite by module (gh issue #61, pr #200 and #206)
- Improved test coverage in the relativedelta module (gh pr #215)
- Adjusted documentation to reflect possibly counter-intuitive properties of
  RFC-5545-compliant rrules, and other documentation improvements in the rrule
  module (gh issue #105, gh issue #149 - pointer to the solution by @phep,
  pr #213).

Version 2.5.0
-------------
- Updated zoneinfo to 2016a
- zoneinfo_metadata file version increased to 2.0 - the updated updatezinfo.py
  script will work with older zoneinfo_metadata.json files, but new metadata
  files will not work with older updatezinfo.py versions. Additionally, we have
  started hosting our own mirror of the Olson databases on a github pages
  site (https://dateutil.github.io/tzdata/) (gh pr #183)
- dateutil zoneinfo tarballs now contain the full zoneinfo_metadata file used
  to generate them. (gh issue #27, gh pr #85)
- relativedelta can now be safely subclassed without derived objects reverting
  to base relativedelta objects as a result of arithmetic operations.
  (lp:1010199, gh issue #44, pr #49)
- relativedelta 'weeks' parameter can now be set and retrieved as a property of
  relativedelta instances. (lp: 727525, gh issue #45, pr #49)
- relativedelta now explicitly supports fractional relative weeks, days, hours,
  minutes and seconds. Fractional values in absolute parameters (year, day, etc)
  are now deprecated. (gh issue #40, pr #190)
- relativedelta objects previously did not use microseconds to determine of two
  relativedelta objects were equal. This oversight has been corrected.
  Contributed by @elprans (gh pr #113)
- rrule now has an xafter() method for retrieving multiple recurrences after a
  specified date. (gh pr #38)
- str(rrule) now returns an RFC2445-compliant rrule string, contributed by
  @schinckel and @armicron (lp:1406305, gh issue #47, prs #50, #62 and #160)
- rrule performance under certain conditions has been significantly improved
  thanks to a patch contributed by @dekoza, based on an article by Brian Beck
  (@exogen) (gh pr #136)
- The use of both the 'until' and 'count' parameters is now deprecated as
  inconsistent with RFC2445 (gh pr #62, #185)
- Parsing an empty string will now raise a ValueError, rather than returning the
  datetime passed to the 'default' parameter. (gh issue #78, pr #187)
- tzwinlocal objects now have a meaningful repr() and str() implementation
  (gh issue #148, prs #184 and #186)
- Added equality logic for tzwin and tzwinlocal objects. (gh issue #151,
  pr #180, #184)
- Added some flexibility in subclassing timelex, and switched the default
  behavior over to using string methods rather than comparing against a fixed
  list. (gh pr #122, #139)
- An issue causing tzstr() to crash on Python 2.x was fixed. (lp: 1331576,
  gh issue #51, pr #55)
- An issue with string encoding causing exceptions under certain circumstances
  when tzname() is called was fixed. (gh issue #60, #74, pr #75)
- Parser issue where calling parse() on dates with no day specified when the
  day of the month in the default datetime (which is "today" if unspecified) is
  greater than the number of days in the parsed month was fixed (this issue
  tended to crop up between the 29th and 31st of the month, for obvious reasons)
  (canonical gh issue #25, pr #30, #191)
- Fixed parser issue causing fuzzy_with_tokens to raise an unexpected exception
  in certain circumstances. Contributed by @MichaelAquilina (gh pr #91)
- Fixed parser issue where years > 100 AD were incorrectly parsed. Contributed
  by @Bachmann1234 (gh pr #130)
- Fixed parser issue where commas were not a valid separator between seconds
  and microseconds, preventing parsing of ISO 8601 dates. Contributed by
  @ryanss (gh issue #28, pr #106)
- Fixed issue with tzwin encoding in locales with non-Latin alphabets
  (gh issue #92, pr #98)
- Fixed an issue where tzwin was not being properly imported on Windows.
  Contributed by @labrys. (gh pr #134)
- Fixed a problem causing issues importing zoneinfo in certain circumstances.
  Issue and solution contributed by @alexxv (gh issue #97, pr #99)
- Fixed an issue where dateutil timezones were not compatible with basic time
  objects. One of many, many timezone related issues contributed and tested by
  @labrys. (gh issue #132, pr #181)
- Fixed issue where tzwinlocal had an invalid utcoffset. (gh issue #135,
  pr #141, #142)
- Fixed issue with tzwin and tzwinlocal where DST transitions were incorrectly
  parsed from the registry. (gh issue #143, pr #178)
- updatezinfo.py no longer suppresses certain OSErrors. Contributed by @bjamesv
  (gh pr #164)
- An issue that arose when timezone locale changes during runtime has been
  fixed by @carlosxl and @mjschultz (gh issue #100, prs #107, #109)
- Python 3.5 was added to the supported platforms in the metadata (@tacaswell
  gh pr #159) and the test suites (@moreati gh pr #117).
- An issue with tox failing without unittest2 installed in Python 2.6 was fixed
  by @moreati (gh pr #115)
- Several deprecated functions were replaced in the tests by @moreati
  (gh pr #116)
- Improved the logic in Travis and Appveyor to alleviate issues where builds
  were failing due to connection issues when downloading the IANA timezone
  files. In addition to adding our own mirror for the files (gh pr #183), the
  download is now retried a number of times (with a delay) (gh pr #177)
- Many failing doctests were fixed by @moreati. (gh pr #120)
- Many fixes to the documentation (gh pr #103, gh pr #87 from @radarhere,
  gh pr #154 from @gpoesia, gh pr #156 from @awsum, gh pr #168 from @ja8zyjits)
- Added a code coverage tool to the CI to help improve the library. (gh pr #182)
- We now have a mailing list - dateutil@python.org, graciously hosted by
  Python.org.

Version 2.4.2
-------------
- Updated zoneinfo to 2015b.
- Fixed issue with parsing of tzstr on Python 2.7.x; tzstr will now be decoded
  if not a unicode type. gh #51 (lp:1331576), gh pr #55.
- Fix a parser issue where AM and PM tokens were showing up in fuzzy date
  stamps, triggering inappropriate errors. gh #56 (lp: 1428895), gh pr #63.
- Missing function "setcachesize" removed from zoneinfo __all__ list by @ryanss,
  fixing an issue with wildcard imports of dateutil.zoneinfo. (gh pr #66).
- (PyPi only) Fix an issue with source distributions not including the test
  suite.

Version 2.4.1
-------------

- Added explicit check for valid hours if AM/PM is specified in parser.
  (gh pr #22, issue #21)
- Fix bug in rrule introduced in 2.4.0 where byweekday parameter was not
  handled properly. (gh pr #35, issue #34)
- Fix error where parser allowed some invalid dates, overwriting existing hours
  with the last 2-digit number in the string. (gh pr #32, issue #31)
- Fix and add test for Python 2.x compatibility with boolean checking of
  relativedelta objects. Implemented by @nimasmi (gh pr #43) and C辿dric Krier
  (lp: 1035038)
- Replaced parse() calls with explicit datetime objects in unit tests unrelated
  to parser. (gh pr #36)
- Changed private _byxxx from sets to sorted tuples and fixed one currently
  unreachable bug in _construct_byset. (gh pr #54)
- Additional documentation for parser (gh pr #29, #33, #41) and rrule.
- Formatting fixes to documentation of rrule and README.rst.
- Updated zoneinfo to 2015a.

(richard)

fix function prototype to match body in order to avoid:

>xfce-taskmanager-linux.c:33:6: error: conflicting types for 'get_task_details'
> void get_task_details(pid_t pid,struct task *task)
>      ^
>In file included from xfce-taskmanager-linux.c:30:0:
>xfce-taskmanager-linux.h:41:6: note: previous declaration of 'get_task_details' was here
> void get_task_details(gint pid,struct task *task);
>      ^

(richard)

Updated textproc/py-relatorio to 0.6.3

(richard)

update to relatorio-0.6.3

CHANGES:
0.6.3 - 20160629
* Update calcext:value-type with the same guessed type
* Register MarkupTemplate for 'markup' mimetype instead of 'xml'

(richard)

Updated x11/mlterm to 3.7.2

(tsutsui)

Update mlterm to 3.7.2.

XXX: mlterm-con is not handled yet

Changes noted in doc/en/ReleaseNote:

ver 3.7.2
* Add mlterm-con which is a console version of mlterm (like GNU Screen) and which
  works on various terminal emulators. (see doc/en/README.console)
* Add "console_encoding" / --ckm option which specifies a character encoding of
  the console where mlterm-con works.
* Add "default_cell_size" / --csz option for mlterm-con.
* Add "console_sixel_colors" / --csc option for mlterm-con.
* Add "primary_da" / --da1 and "secondary_da" / --da2 options.
* Support DECRQSS partially.
* Support wheel mouse on MacOSX/Cocoa. (Thanks to @nyarla)
  (Merge a patch at http://the.nyarla.net/entry/2016/06/03/195013)
* Bug fixes:
  Fix misalignment of the position of characters in drawing them with the use
  of complementary loaded fonts on cairo.

(tsutsui)

Updated databases/mongo-c-driver to 1.4.0

(fhajny)

Update databases/mongo-c-driver to 1.4.0.

- The driver can now use the native TLS and crypto functions
  included in Mac OS X and Windows.
- The driver implements the MongoDB Command Monitoring Spec.
- New functions mongoc_client_set_error_api and
  mongoc_client_pool_set_error_api
  allow applications to distinguish client and server errors.
- Unacknowledged writes (writes whose mongoc_write_concern_t "w"
  value is zero) now reply with an empty document instead of one
  with nInserted: 0, nUpdated: 0, and so on.
- Public API For Higher-Level Drivers
- New connection string option "localThresholdMS".
- zSeries, POWER8, and ARM 64-bit platform support.
- Performance enhancements, reduce allocation and copying in
  command code.
- All man page names now begin with "mongoc_" to avoid install
  conflicts.
- New function mongoc_gridfs_file_set_id.

(fhajny)

Updated devel/libbson to 1.4.0

(fhajny)

Update devel/libbson to 1.4.0.

- bson_reader_reset seeks to the beginning of a BSON buffer.
- bson_steal efficiently transfers contents from one bson_t to
  another.
- Fix Windows compile error with BSON_EXTRA_ALIGN disabled.
- Potential buffer overrun in bson_strndup.
- bson_oid_to_string optimization for MS Visual Studio
- bson_oid_is_valid accepts uppercase hex characters.
- bson_json_reader_read aborted on some invalid Extended JSON
  documents.
- All man page names now begin with "bson_" to avoid install
  conflicts.
- Error messages sometimes truncated at 63 chars.

(fhajny)

Updated misc/p5-Business-ISBN to 3.002

(wen)

Update to 3.002

Upstream changes:
3.002 2016-08-10T09:30:21Z
* Bump to stable versions

3.001_01 2016-08-06T08:14:59Z
* Remove xisbn stuff璽��it's due to be turned off.
* Bump the major version for the API change

2.011_01 2016-07-29T20:50:01Z
* Remove the URI prereq

(wen)

add missing run-time dependency on py-cycler with revbump.

(richard)

add py-cycler to graphics/Makefile

(richard)

added graphics/py-cycler-0.10.0

(richard)

add cycler-0.10.0
A composable cycle class used for constructing style-cycles.

Feature release for cycler. This release includes a number of new
features:

    Cycler objecst learned to generate an itertools.cycle by calling them,
        a-la a generator.
    Cycler objects learned to change the name of a key via the new
        .change_key(old_key, new_key) method.
    Cycler objects learned how to compare each other and determine if they
        are equal or not (==).
    Cycler objects learned how to join another Cycler to be concatenated
        into a single longer Cycler via concat method of function. A.concat(B)
        or concat(A, B).
    The cycler factory function learned to construct a complex Cycler from
        iterables provided as keyword arguments.
    Cycler objects learn do show their insides with the by_key method which
        returns a dictionary of lists (instead of an iterable of dictionaries).

(richard)

Updated graphics/py-dot to 1.2.2

(richard)

update to pydot-1.2.2

# `pydot` changelog

## 1.2.0 (2016-07-01)

- Python 3 compatibility
- bumped dependency to `pyparsing >= 2.1.4`
- tests running on Travis CI
- tests require `chardet`
- detect character encoding for most test files
  using the package `chardet`

API:

- on all operating systems, search GraphViz
  executables in environment `$PATH`,
  using `subprocess.Popen`.
  No paths hard-coded due to security and privacy issues.

- add option to pass GraphViz executable name
  or absolute path as `prog` to `pydot.Dot.write_*` methods.
  This provides an alternative to
  adding GraphViz to the `$PATH`.

- the functions:
    - `pydot.graph_from_dot_data`
    - `pydot.graph_from_dot_file`
    - `dot_parser.parse_dot_data`
  changed to always return a `list` of graphs,
  instead of behaving differently for singletons.

- require that the user explicitly give an encoding to
  the function `pydot.graph_from_dot_file`,
  with default encoding same as `io.open`.

- decode to unicode at program boundaries, and
  treat binary images as bytes,
  for more compatibility with python 3.
  Use `io.open`, instead of the built-in `open`.

- rm function `pydot.set_graphviz_executables`

- rm attribute `pydot.Dot.progs`

## 1.1.0 (2016-05-23)

- compatibility with `pyparsing >= 1.5.7`

API:

- `pydot.Graph.to_string`: hide `subgraph` keyword only if so requested
- produce `warnings.warn` if `pydot.dot_parser` fails to import,
  instead of `print`

## 1.0.29 (2016-05-16)

- Maintenance release that keeps the same API
- pin `pyparsing == 1.5.7`
- update version number in source code
- update `setup.py`

(richard)

Updated devel/py-pyparsing to 2.1.8

(richard)

update to pyparsing-2.1.8

==========
Change Log
==========

Version 2.1.8 -
------------------------------
- Fixed issue in the optimization to _trim_arity, when the full
  stacktrace is retrieved to determine if a TypeError is raised in
  pyparsing or in the caller's parse action. Code was traversing
  the full stacktrace, and potentially encountering UnicodeDecodeError.

- Fixed bug in ParserElement.inlineLiteralsUsing, causing infinite
  loop with Suppress.

- Fixed bug in Each, when merging named results from multiple
  expressions in a ZeroOrMore or OneOrMore. Also fixed bug when
  ZeroOrMore expressions were erroneously treated as required
  expressions in an Each expression.

- Added a few more inline doc examples.

- Improved use of runTests in several example scripts.

Version 2.1.7 -
------------------------------
- Fixed regression reported by Andrea Censi (surfaced in PyContracts
  tests) when using ParseSyntaxExceptions (raised when using operator '-')
  with packrat parsing.

- Minor fix to oneOf, to accept all iterables, not just space-delimited
  strings and lists. (If you have a list or set of strings, it is
  not necessary to concat them using ' '.join to pass them to oneOf,
  oneOf will accept the list or set or generator directly.)

Version 2.1.6 -
------------------------------
- *Major packrat upgrade*, inspired by patch provided by Tal Einat -
  many, many, thanks to Tal for working on this! Tal's tests show
  faster parsing performance (2X in some tests), *and* memory reduction
  from 3GB down to ~100MB! Requires no changes to existing code using
  packratting. (Uses OrderedDict, available in Python 2.7 and later.
  For Python 2.6 users, will attempt to import from ordereddict
  backport. If not present, will implement pure-Python Fifo dict.)

- Minor API change - to better distinguish between the flexible
  numeric types defined in pyparsing_common, I've changed "numeric"
  (which parsed numbers of different types and returned int for ints,
  float for floats, etc.) and "number" (which parsed numbers of int
  or float type, and returned all floats) to "number" and "fnumber"
  respectively. I hope the "f" prefix of "fnumber" will be a better
  indicator of its internal conversion of parsed values to floats,
  while the generic "number" is similar to the flexible number syntax
  in other languages. Also fixed a bug in pyparsing_common.numeric
  (now renamed to pyparsing_common.number), integers were parsed and
  returned as floats instead of being retained as ints.

- Fixed bug in upcaseTokens and downcaseTokens introduced in 2.1.5,
  when the parse action was used in conjunction with results names.
  Reported by Steven Arcangeli from the dql project, thanks for your
  patience, Steven!

- Major change to docs! After seeing some comments on reddit about
  general issue with docs of Python modules, and thinking that I'm a
  little overdue in doing some doc tuneup on pyparsing, I decided to
  following the suggestions of the redditor and add more inline examples
  to the pyparsing reference documentation. I hope this addition
  will clarify some of the more common questions people have, especially
  when first starting with pyparsing/Python.

- Deprecated ParseResults.asXML. I've never been too happy with this
  method, and it usually forces some unnatural code in the parsers in
  order to get decent tag names. The amount of guesswork that asXML
  has to do to try to match names with values should have been a red
  flag from day one. If you are using asXML, you will need to implement
  your own ParseResults->XML serialization. Or consider migrating to
  a more current format such as JSON (which is very easy to do:
  results_as_json = json.dumps(parse_result.asDict()) Hopefully, when
  I remove this code in a future version, I'll also be able to simplify
  some of the craziness in ParseResults, which IIRC was only there to try
  to make asXML work.

- Updated traceParseAction parse action decorator to show the repr
  of the input and output tokens, instead of the str format, since
  str has been simplified to just show the token list content.

  (The change to ParseResults.__str__ occurred in pyparsing 2.0.4, but
  it seems that didn't make it into the release notes - sorry! Too
  many users, especially beginners, were confused by the
  "([token_list], {names_dict})" str format for ParseResults, thinking
  they were getting a tuple containing a list and a dict. The full form
  can be seen if using repr().)

  For tracing tokens in and out of parse actions, the more complete
  repr form provides important information when debugging parse actions.

Verison 2.1.5 - June, 2016
------------------------------
- Added ParserElement.split() generator method, similar to re.split().
  Includes optional arguments maxsplit (to limit the number of splits),
  and includeSeparators (to include the separating matched text in the
  returned output, default=False).

- Added a new parse action construction helper tokenMap, which will
  apply a function and optional arguments to each element in a
  ParseResults. So this parse action:

      def lowercase_all(tokens):
          return [str(t).lower() for t in tokens]
      OneOrMore(Word(alphas)).setParseAction(lowercase_all)

  can now be written:

      OneOrMore(Word(alphas)).setParseAction(tokenMap(str.lower))

  Also simplifies writing conversion parse actions like:

      integer = Word(nums).setParseAction(lambda t: int(t[0]))

  to just:

      integer = Word(nums).setParseAction(tokenMap(int))

  If additional arguments are necessary, they can be included in the
  call to tokenMap, as in:

      hex_integer = Word(hexnums).setParseAction(tokenMap(int, 16))

- Added more expressions to pyparsing_common:
  . IPv4 and IPv6 addresses (including long, short, and mixed forms
    of IPv6)
  . MAC address
  . ISO8601 date and date time strings (with named fields for year, month, etc.)
  . UUID (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  . hex integer (returned as int)
  . fraction (integer '/' integer, returned as float)
  . mixed integer (integer '-' fraction, or just fraction, returned as float)
  . stripHTMLTags (parse action to remove tags from HTML source)
  . parse action helpers convertToDate and convertToDatetime to do custom parse
    time conversions of parsed ISO8601 strings

- runTests now returns a two-tuple: success if all tests succeed,
  and an output list of each test and its output lines.

- Added failureTests argument (default=False) to runTests, so that
  tests can be run that are expected failures, and runTests' success
  value will return True only if all tests *fail* as expected. Also,
  parseAll now defaults to True.

- New example numerics.py, shows samples of parsing integer and real
  numbers using locale-dependent formats:

    4.294.967.295,000
    4 294 967 295,000
    4,294,967,295.000

Version 2.1.4 - May, 2016
------------------------------
- Split out the '==' behavior in ParserElement, now implemented
  as the ParserElement.matches() method. Using '==' for string test
  purposes will be removed in a future release.

- Expanded capabilities of runTests(). Will now accept embedded
  comments (default is Python style, leading '#' character, but
  customizable). Comments will be emitted along with the tests and
  test output. Useful during test development, to create a test string
  consisting only of test case description comments separated by
  blank lines, and then fill in the test cases. Will also highlight
  ParseFatalExceptions with "(FATAL)".

- Added a 'pyparsing_common' class containing common/helpful little
  expressions such as integer, float, identifier, etc. I used this
  class as a sort of embedded namespace, to contain these helpers
  without further adding to pyparsing's namespace bloat.

- Minor enhancement to traceParseAction decorator, to retain the
  parse action's name for the trace output.

- Added optional 'fatal' keyword arg to addCondition, to indicate that
  a condition failure should halt parsing immediately.

Version 2.1.3 - May, 2016
------------------------------
- _trim_arity fix in 2.1.2 was very version-dependent on Py 3.5.0.
  Now works for Python 2.x, 3.3, 3.4, 3.5.0, and 3.5.1 (and hopefully
  beyond).

Version 2.1.2 - May, 2016
------------------------------
- Fixed bug in _trim_arity when pyparsing code is included in a
  PyInstaller, reported by maluwa.

- Fixed catastrophic regex backtracking in implementation of the
  quoted string expressions (dblQuotedString, sglQuotedString, and
  quotedString). Reported on the pyparsing wiki by webpentest,
  good catch! (Also tuned up some other expressions susceptible to the
  same backtracking problem, such as cStyleComment, cppStyleComment,
  etc.)

Version 2.1.1 - March, 2016
---------------------------
- Added support for assigning to ParseResults using slices.

- Fixed bug in ParseResults.toDict(), in which dict values were always
  converted to dicts, even if they were just unkeyed lists of tokens.
  Reported on SO by Gerald Thibault, thanks Gerald!

- Fixed bug in SkipTo when using failOn, reported by robyschek, thanks!

- Fixed bug in Each introduced in 2.1.0, reported by AND patch and
  unit test submitted by robyschek, well done!

- Removed use of functools.partial in replaceWith, as this creates
  an ambiguous signature for the generated parse action, which fails in
  PyPy. Reported by Evan Hubinger, thanks Evan!

- Added default behavior to QuotedString to convert embedded '\t', '\n',
  etc. characters to their whitespace counterparts. Found during Q&A
  exchange on SO with Maxim.

(richard)

Updated www/p5-HTTP-Tiny to 0.064

(wen)

Update to 0.064

Upstream changes:
0.064    2016-08-16 21:37:51-04:00 America/New_York

    - No changes from 0.063-TRIAL

0.063    2016-08-08 12:18:03-04:00 America/New_York (TRIAL RELEASE)

    [FIXED]

    - Fixed chunked transfer encoding, which previously omitted a trailing
      CRLF.

0.061    2016-08-05 12:10:19-04:00 America/New_York (TRIAL RELEASE)

    [FIXED]

    - Avoid overwriting 'If-Modified-Since' header in mirror() if
      the header already exists in something other than lower-case.

    [TESTS]

    - Normalize CRLF when reading test data files in t\150-post_form.t
      on Win32

0.059    2016-07-29 16:10:32-04:00 America/New_York (TRIAL RELEASE)

    [FIXED]

    - Timeout can now be set as a constructor argument again.

    - CVE-2016-1238: avoid loading optional modules from
      @INC path with `.` at the end.

    [TESTS]

    - Updated tests for a future perl which may omit `.` from
      the list of directories in @INC by default.

(wen)

Updated net/wpa_supplicant to 2.5

(maya)

Update wpa_supplicant to v2.5

Changelog:
2015-09-27 - v2.5
* fixed P2P validation of SSID element length before copying it
  [security/2015-1/]">http://w1.fi/security/2015-1/] (CVE-2015-1863)
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
  [security/2015-2/]">http://w1.fi/security/2015-2/] (CVE-2015-4141)
* fixed WMM Action frame parser (AP mode)
  [security/2015-3/]">http://w1.fi/security/2015-3/] (CVE-2015-4142)
* fixed EAP-pwd peer missing payload length validation
  [security/2015-4/]">http://w1.fi/security/2015-4/]
  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
* fixed validation of WPS and P2P NFC NDEF record payload length
  [security/2015-5/]">http://w1.fi/security/2015-5/]
* nl80211:
  - added VHT configuration for IBSS
  - fixed vendor command handling to check OUI properly
  - allow driver-based roaming to change ESS
* added AVG_BEACON_RSSI to SIGNAL_POLL output
* wpa_cli: added tab completion for number of commands
* removed unmaintained and not yet completed SChannel/CryptoAPI support
* modified Extended Capabilities element use in Probe Request frames to
  include all cases if any of the values are non-zero
* added support for dynamically creating/removing a virtual interface
  with interface_add/interface_remove
* added support for hashed password (NtHash) in EAP-pwd peer
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
  CTRL-REQ/RSP-PSK_PASSPHRASE)
* P2P
  - optimize scan frequencies list when re-joining a persistent group
  - fixed number of sequences with nl80211 P2P Device interface
  - added operating class 125 for P2P use cases (this allows 5 GHz
    channels 161 and 169 to be used if they are enabled in the current
    regulatory domain)
  - number of fixes to P2PS functionality
  - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
  - extended support for preferred channel listing
* D-Bus:
  - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
  - fixed PresenceRequest to use group interface
  - added new signals: FindStopped, WPS pbc-overlap,
    GroupFormationFailure, WPS timeout, InvitationReceived
  - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
  - added manufacturer info
* added EAP-EKE peer support for deriving Session-Id
* added wps_priority configuration parameter to set the default priority
  for all network profiles added by WPS
* added support to request a scan with specific SSIDs with the SCAN
  command (optional "ssid <hexdump>" arguments)
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
* fixed SAE group selection in an error case
* modified SAE routines to be more robust and PWE generation to be
  stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
* fixed BSS selection based on estimated throughput
* added option to disable TLSv1.0 with OpenSSL
  (phase1="tls_disable_tlsv1_0=1")
* added Fast Session Transfer (FST) module
* fixed OpenSSL PKCS#12 extra certificate handling
* fixed key derivation for Suite B 192-bit AKM (this breaks
  compatibility with the earlier version)
* added RSN IE to Mesh Peering Open/Confirm frames
* number of small fixes

2015-03-15 - v2.4
* allow OpenSSL cipher configuration to be set for internal EAP server
  (openssl_ciphers parameter)
* fixed number of small issues based on hwsim test case failures and
  static analyzer reports
* P2P:
  - add new=<0/1> flag to P2P-DEVICE-FOUND events
  - add passive channels in invitation response from P2P Client
  - enable nl80211 P2P_DEVICE support by default
  - fix regresssion in disallow_freq preventing search on social
    channels
  - fix regressions in P2P SD query processing
  - try to re-invite with social operating channel if no common channels
    in invitation
  - allow cross connection on parent interface (this fixes number of
    use cases with nl80211)
  - add support for P2P services (P2PS)
  - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
    be configured
* increase postponing of EAPOL-Start by one second with AP/GO that
  supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
  of identity frames)
* add support for PMKSA caching with SAE
* add support for control mesh BSS (IEEE 802.11s) operations
* fixed number of issues with D-Bus P2P commands
* fixed regression in ap_scan=2 special case for WPS
* fixed macsec_validate configuration
* add a workaround for incorrectly behaving APs that try to use
  EAPOL-Key descriptor version 3 when the station supports PMF even if
  PMF is not enabled on the AP
* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
  of disabling these can be configured to work around issues with broken
  servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
* add support for Suite B (128-bit and 192-bit level) key management and
  cipher suites
* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
* improved BSS Transition Management processing
* add support for neighbor report
* add support for link measurement
* fixed expiration of BSS entry with all-zeros BSSID
* add optional LAST_ID=x argument to LIST_NETWORK to allow all
  configured networks to be listed even with huge number of network
  profiles
* add support for EAP Re-Authentication Protocol (ERP)
* fixed EAP-IKEv2 fragmentation reassembly
* improved PKCS#11 configuration for OpenSSL
* set stdout to be line-buffered
* add TDLS channel switch configuration
* add support for MAC address randomization in scans with nl80211
* enable HT for IBSS if supported by the driver
* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
* add support for domain_suffix_match with GnuTLS
* add OCSP stapling client support with GnuTLS
* include peer certificate in EAP events even without a separate probe
  operation; old behavior can be restored with cert_in_cb=0
* add peer ceritficate alt subject name to EAP events
  (CTRL-EVENT-EAP-PEER-ALT)
* add domain_match network profile parameter (similar to
  domain_suffix_match, but full match is required)
* enable AP/GO mode HT Tx STBC automatically based on driver support
* add ANQP-QUERY-DONE event to provide information on ANQP parsing
  status
* allow passive scanning to be forced with passive_scan=1
* add a workaround for Linux packet socket behavior when interface is in
  bridge
* increase 5 GHz band preference in BSS selection (estimate SNR, if info
  not available from driver; estimate maximum throughput based on common
  HT/VHT/specific TX rate support)
* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
  implement Interworking network selection behavior in upper layers
  software components
* add optional reassoc_same_bss_optim=1 (disabled by default)
  optimization to avoid unnecessary Authentication frame exchange
* extend TDLS frame padding workaround to cover all packets
* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
  module gets removed and reloaded without restarting wpa_supplicant
* allow hostapd DFS implementation to be used in wpa_supplicant AP mode

2014-10-09 - v2.3
* fixed number of minor issues identified in static analyzer warnings
* fixed wfd_dev_info to be more careful and not read beyond the buffer
  when parsing invalid information for P2P-DEVICE-FOUND
* extended P2P and GAS query operations to support drivers that have
  maximum remain-on-channel time below 1000 ms (500 ms is the current
  minimum supported value)
* added p2p_search_delay parameter to make the default p2p_find delay
  configurable
* improved P2P operating channel selection for various multi-channel
  concurrency cases
* fixed some TDLS failure cases to clean up driver state
* fixed dynamic interface addition cases with nl80211 to avoid adding
  ifindex values to incorrect interface to skip foreign interface events
  properly
* added TDLS workaround for some APs that may add extra data to the
  end of a short frame
* fixed EAP-AKA' message parser with multiple AT_KDF attributes
* added configuration option (p2p_passphrase_len) to allow longer
  passphrases to be generated for P2P groups
* fixed IBSS channel configuration in some corner cases
* improved HT/VHT/QoS parameter setup for TDLS
* modified D-Bus interface for P2P peers/groups
* started to use constant time comparison for various password and hash
  values to reduce possibility of any externally measurable timing
  differences
* extended explicit clearing of freed memory and expired keys to avoid
  keeping private data in memory longer than necessary
* added optional scan_id parameter to the SCAN command to allow manual
  scan requests for active scans for specific configured SSIDs
* fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
* added option to set Hotspot 2.0 Rel 2 update_identifier in network
  configuration to support external configuration
* modified Android PNO functionality to send Probe Request frames only
  for hidden SSIDs (based on scan_ssid=1)
* added generic mechanism for adding vendor elements into frames at
  runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
* added fields to show unrecognized vendor elements in P2P_PEER
* removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
  MS-CHAP2-Success is required to be present regardless of
  eap_workaround configuration
* modified EAP fast session resumption to allow results to be used only
  with the same network block that generated them
* extended freq_list configuration to apply for sched_scan as well as
  normal scan
* modified WPS to merge mixed-WPA/WPA2 credentials from a single session
* fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
  removed from a bridge
* fixed number of small P2P issues to make negotiations more robust in
  corner cases
* added experimental support for using temporary, random local MAC
  address (mac_addr and preassoc_mac_addr parameters); this is disabled
  by default (i.e., previous behavior of using permanent address is
  maintained if configuration is not changed)
* added D-Bus interface for setting/clearing WFD IEs
* fixed TDLS AID configuration for VHT
* modified -m<conf> configuration file to be used only for the P2P
  non-netdev management device and do not load this for the default
  station interface or load the station interface configuration for
  the P2P management interface
* fixed external MAC address changes while wpa_supplicant is running
* started to enable HT (if supported by the driver) for IBSS
* fixed wpa_cli action script execution to use more robust mechanism
  (CVE-2014-3686)

2014-06-04 - v2.2
* added DFS indicator to get_capability freq
* added/fixed nl80211 functionality
  - BSSID/frequency hint for driver-based BSS selection
  - fix tearing down WDS STA interfaces
  - support vendor specific driver command
    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
  - GO interface teardown optimization
  - allow beacon interval to be configured for IBSS
  - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
* removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
  interface commands (the more generic NFC_REPORT_HANDOVER is now used)
* fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
  this fixes password with include UTF-8 characters that use
  three-byte encoding EAP methods that use NtPasswordHash
* fixed couple of sequencies where radio work items could get stuck,
  e.g., when rfkill blocking happens during scanning or when
  scan-for-auth workaround is used
* P2P enhancements/fixes
  - enable enable U-APSD on GO automatically if the driver indicates
    support for this
  - fixed some service discovery cases with broadcast queries not being
    sent to all stations
  - fixed Probe Request frame triggering invitation to trigger only a
    single invitation instance even if multiple Probe Request frames are
    received
  - fixed a potential NULL pointer dereference crash when processing an
    invalid Invitation Request frame
  - add optional configuration file for the P2P_DEVICE parameters
  - optimize scan for GO during persistent group invocation
  - fix possible segmentation fault when PBC overlap is detected while
    using a separate P2P group interface
  - improve GO Negotiation robustness by allowing GO Negotiation
    Confirmation to be retransmitted
  - do use freed memory on device found event when P2P NFC
* added phase1 network parameter options for disabling TLS v1.1 and v1.2
  to allow workarounds with misbehaving AAA servers
  (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
* added support for OCSP stapling to validate AAA server certificate
  during TLS exchange
* Interworking/Hotspot 2.0 enhancements
  - prefer the last added network in Interworking connection to make the
    behavior more consistent with likely user expectation
  - roaming partner configuration (roaming_partner within a cred block)
  - support Hotspot 2.0 Release 2
    * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
    * "hs20_icon_request <BSSID> <icon filename>" to request icon files
    * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider
      search (all suitable APs in scan results)
    * OSEN network for online signup connection
    * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
    * max_bss_load cred parameter
    * req_conn_capab cred parameter
    * sp_priority cred parameter
    * ocsp cred parameter
    * slow down automatic connection attempts on EAP failure to meet
      required behavior (no more than 10 retries within a 10-minute
      interval)
    * sample implementation of online signup client (both SPP and
      OMA-DM protocols) (hs20/client/*)
  - fixed GAS indication for additional comeback delay with status
    code 95
  - extend ANQP_GET to accept Hotspot 2.0 subtypes
    ANQP_GET <addr> <info id>[,<info id>]...
    [,hs20:<subtype>][...,hs20:<subtype>]
  - add control interface events CRED-ADDED <id>,
    CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
  - add "GET_CRED <id> <field>" command
  - enable FT for the connection automatically if the AP advertises
    support for this
  - fix a case where auto_interworking=1 could end up stopping scanning
* fixed TDLS interoperability issues with supported operating class in
  some deployed stations
* internal TLS implementation enhancements/fixes
  - add SHA256-based cipher suites
  - add DHE-RSA cipher suites
  - fix X.509 validation of PKCS#1 signature to check for extra data
* fixed PTK derivation for CCMP-256 and GCMP-256
* added "reattach" command for fast reassociate-back-to-same-BSS
* allow PMF to be enabled for AP mode operation with the ieee80211w
  parameter
* added "get_capability tdls" command
* added option to set config blobs through control interface with
  "SET blob <name> <hexdump>"
* D-Bus interface extensions/fixes
  - make p2p_no_group_iface configurable
  - declare ServiceDiscoveryRequest method properly
  - export peer's device address as a property
  - make reassociate command behave like the control interface one,
    i.e., to allow connection from disconnected state
* added optional "freq=<channel ranges>" parameter to SET pno
* added optional "freq=<channel ranges>" parameter to SELECT_NETWORK
* fixed OBSS scan result processing for 20/40 MHz co-ex report
* remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
  whenever CONFIG_WPS=y is set
* fixed regression in parsing of WNM Sleep Mode exit key data
* fixed potential segmentation fault and memory leaks in WNM neighbor
  report processing
* EAP-pwd fixes
  - fragmentation of PWD-Confirm-Resp
  - fix memory leak when fragmentation is used
  - fix possible segmentation fault on EAP method deinit if an invalid
    group is negotiated
* added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
  available only with the macsec_qca driver wrapper)
* fixed EAP-SIM counter-too-small message
* added 'dup_network <id_s> <id_d> <name>' command; this can be used to
  clone the psk field without having toextract it from wpa_supplicant
* fixed GSM authentication on USIM
* added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y)
* fixed some concurrent virtual interface cases with dedicated P2P
  management interface to not catch events from removed interface (this
  could result in the management interface getting disabled)
* fixed a memory leak in SAE random number generation
* fixed off-by-one bounds checking in printf_encode()
  - this could result in some control interface ATTACH command cases
    terminating wpa_supplicant
* fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
* various bug fixes

2014-02-04 - v2.1
* added support for simultaneous authentication of equals (SAE) for
  stronger password-based authentication with WPA2-Personal
* improved P2P negotiation and group formation robustness
  - avoid unnecessary Dialog Token value changes during retries
  - avoid more concurrent scanning cases during full group formation
    sequence
  - do not use potentially obsolete scan result data from driver
    cache for peer discovery/updates
  - avoid undesired re-starting of GO negotiation based on Probe
    Request frames
  - increase GO Negotiation and Invitation timeouts to address busy
    environments and peers that take long time to react to messages,
    e.g., due to power saving
  - P2P Device interface type
* improved P2P channel selection (use more peer information and allow
  more local options)
* added support for optional per-device PSK assignment by P2P GO
  (wpa_cli p2p_set per_sta_psk <0/1>)
* added P2P_REMOVE_CLIENT for removing a client from P2P groups
  (including persistent groups); this can be used to securely remove
  a client from a group if per-device PSKs are used
* added more configuration flexibility for allowed P2P GO/client
  channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1)
* added nl80211 functionality
  - VHT configuration for nl80211
  - MFP (IEEE 802.11w) information for nl80211 command API
  - support split wiphy dump
  - FT (IEEE 802.11r) with driver-based SME
  - use advertised number of supported concurrent channels
  - QoS Mapping configuration
* improved TDLS negotiation robustness
* added more TDLS peer parameters to be configured to the driver
* optimized connection time by allowing recently received scan results
  to be used instead of having to run through a new scan
* fixed ctrl_iface BSS command iteration with RANGE argument and no
  exact matches; also fixed argument parsing for some cases with
  multiple arguments
* added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan
  without executing roaming/network re-selection on scan results
* added Session-Id derivation for EAP peer methods
* added fully automated regression testing with mac80211_hwsim
* changed configuration parser to reject invalid integer values
* allow AP/Enrollee to be specified with BSSID instead of UUID for
  WPS ER operations
* disable network block temporarily on repeated connection failures
* changed the default driver interface from wext to nl80211 if both are
  included in the build
* remove duplicate networks if WPS provisioning is run multiple times
* remove duplicate networks when Interworking network selection uses the
  same network
* added global freq_list configuration to allow scan frequencies to be
  limited for all cases instead of just for a specific network block
* added support for BSS Transition Management
* added option to use "IFNAME=<ifname> " prefix to use the global
  control interface connection to perform per-interface commands;
  similarly, allow global control interface to be used as a monitor
  interface to receive events from all interfaces
* fixed OKC-based PMKSA cache entry clearing
* fixed TKIP group key configuration with FT
* added support for using OCSP stapling to validate server certificate
  (ocsp=1 as optional and ocsp=2 as mandatory)
* added EAP-EKE peer
* added peer restart detection for IBSS RSN
* added domain_suffix_match (and domain_suffix_match2 for Phase 2
  EAP-TLS) to specify additional constraint for the server certificate
  domain name
* added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
  and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
  interface)
* added global bgscan configuration option as a default for all network
  blocks that do not specify their own bgscan parameters
* added D-Bus methods for TDLS
* added more control to scan requests
  - "SCAN freq=<freq list>" can be used to specify which channels are
    scanned (comma-separated frequency ranges in MHz)
  - "SCAN passive=1" can be used to request a passive scan (no Probe
    Request frames are sent)
  - "SCAN use_id" can be used to request a scan id to be returned and
    included in event messages related to this specific scan operation
  - "SCAN only_new=1" can be used to request the driver/cfg80211 to
    report only BSS entries that have been updated during this scan
    round
  - these optional arguments to the SCAN command can be combined with
    each other
* modified behavior on externally triggered scans
  - avoid concurrent operations requiring full control of the radio when
    an externally triggered scan is detected
  - do not use results for internal roaming decision
* added a new cred block parameter 'temporary' to allow credential
  blocks to be stored separately even if wpa_supplicant configuration
  file is used to maintain other network information
* added "radio work" framework to schedule exclusive radio operations
  for off-channel functionality
  - reduce issues with concurrent operations that try to control which
    channel is used
  - allow external programs to request exclusive radio control in a way
    that avoids conflicts with wpa_supplicant
* added support for using Protected Dual of Public Action frames for
  GAS/ANQP exchanges when associated with PMF
* added support for WPS+NFC updates and P2P+NFC
  - improved protocol for WPS
  - P2P group formation/join based on NFC connection handover
  - new IPv4 address assignment for P2P groups (ip_addr_* configuration
    parameters on the GO) to replace DHCP
  - option to fetch and report alternative carrier records for external
    NFC operations
* various bug fixes

(maya)

Added www/py-feedgen version 0.3.2

(minskim)

Add py-feedgen

(minskim)

Import py-feedgen-0.3.2 as www/py-feedgen

Feedgen is a Python module that can be used to generate web feeds in
both ATOM and RSS format.  It has support for extensions.  Included is
for example an extension to produce Podcasts.

(minskim)

Recursive revbump from multimedia/libvpx uppdate

(ryoon)

Updated multimedia/libvpx to 1.6.0

(ryoon)

Update to 1.6.0

Changelog:
2016-07-20 v1.6.0 "Khaki Campbell Duck"
  This release improves upon the VP9 encoder and speeds up the encoding and
  decoding processes.

  - Upgrading:
    This release is ABI incompatible with 1.5.0 due to a new 'color_range' enum
    in vpx_image and some minor changes to the VP8_COMP structure.

    The default key frame interval for VP9 has changed from 128 to 9999.

  - Enhancement:
    A core focus has been performance for low end Intel processors. SSSE3
    instructions such as 'pshufb' have been avoided and instructions have been
    reordered to better accommodate the more constrained pipelines.

    As a result, devices based on Celeron processors have seen substantial
    decoding improvements. From Indian Runner Duck to Javan Whistling Duck,
    decoding speed improved between 10 and 30%. Between Javan Whistling Duck
    and Khaki Campbell Duck, it improved another 10 to 15%.

    While Celeron benefited most, Core-i5 also improved 5% and 10% between the
    respective releases.

    Realtime performance for WebRTC for both speed and quality has received a
    lot of attention.

  - Bug Fixes:
    A number of fuzzing issues, found variously by Mozilla, Chromium and others,
    have been fixed and we strongly recommend updating.

(ryoon)

drop obsolete EXTRACT_USING=bsdtar; the package uses github distribution

(tnn)

Updated net/synergy to 1.8.2

(tnn)

Update to synergy-1.8.2.

v1.8.2-stable
=============
Bug #3044 - Unable to drag-select in MS Office
Bug #4768 - Copy paste causes 'server is dead' error on switching
Bug #4792 - Server logging crashes when switching with clipboard data
Bug #2975 - Middle click does not close Chrome tab on Mac client
Bug #5087 - Linux client fails to start due to invalid cursor size
Bug #5471 - Serial key textbox on activation screen overflows on Mac
Bug #4836 - Stop button resets to Start when settings dialog canceled
Enhancement #5277 - Auto restart service when synwinhk.dll fails on Windows
Enhancement #4913 - Future-proof GUI login by using newer auth URL
Enhancement #4922 - Add --enable-crypto argument to help text
Enhancement #5299 - High resolution App icon on Mac
Enhancement #4894 - Improve grammar in connection notification dialog

v1.8.0-beta
=============
Enhancement #4696 - Include 'ns' plugin in installers (instead of wizard download)
Enhancement #4715 - Activation dialog which also accepts a serial key
Enhancement #5020 - Recommend using serial key when online activation fails
Enhancement #4893 - Show detailed version info on GUI about screen
Enhancement #4327 - GUI setting to disable drag and drop feature
Enhancement #4793 - Additional logging to output OpenSSL version
Enhancement #4932 - Notify activation system when wizard finishes
Enhancement #4716 - Allow software to be time limited with serial key

(tnn)

Updated net/dhcpcd to 6.11.3

(roy)