Updated devel/afl to 2.12b

(wiz)

Updated afl to 2.12b.

--------------
Version 2.12b:
--------------

  - Fixed a minor issue in afl-tmin that can make alphabet minimization less
    efficient during passes > 1. Spotted by Daniel Binderman.

(wiz)

Updated x11/xcb-util-cursor to 0.1.3

(wiz)

Updated xcb-util-cursor to 0.1.3.

I just released version 0.1.3 of xcb-util-cursor:

- Add a --with-cursorpath option to configure

(wiz)

Packages that link against libcurl built with http2 option set fail to
link against nghttp2 library, evidently due to missing entries in the
buildlink3.mk.

>From Aleksey Arens in PR 51131.

(wiz)

Fix typo.

(wiz)

Pullup ticket #4989 - requested by joerg
graphics/skencil: build fix

Revisions pulled up:
- graphics/skencil/Makefile                                    1.35
- graphics/skencil/distinfo                                    1.7
- graphics/skencil/patches/patch-ab                            1.4
- graphics/skencil/patches/patch-ad                            1.2

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:59:27 UTC 2016

  Modified Files:
  pkgsrc/graphics/skencil: Makefile distinfo
  pkgsrc/graphics/skencil/patches: patch-ab patch-ad

  Log Message:
  Fix rpath for X11 libraries. Bump revision.

(bsiegert)

Pullup ticket #4988 - requested by joerg
graphics/gdchart: build fix

Revisions pulled up:
- graphics/gdchart/Makefile                                    1.39
- graphics/gdchart/distinfo                                    1.13
- graphics/gdchart/patches/patch-ac                            1.9

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:58:49 UTC 2016

  Modified Files:
  pkgsrc/graphics/gdchart: Makefile distinfo
  pkgsrc/graphics/gdchart/patches: patch-ac

  Log Message:
  Fix rpath for X libraries.

(bsiegert)

Fix typo in the date for ffmpeg2 2.8.7nb1 update. Thanks to Mike Stebih!

(leot)

Pullup ticket #4986 - requested by joerg
games/xevil: build fix

Revisions pulled up:
- games/xevil/distinfo                                          1.11
- games/xevil/patches/patch-ah                                  1.3
- games/xevil/patches/patch-ai                                  1.3
- games/xevil/patches/patch-ao                                  1.4

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:57:54 UTC 2016

  Modified Files:
  pkgsrc/games/xevil: distinfo
  pkgsrc/games/xevil/patches: patch-ah patch-ai patch-ao

  Log Message:
  Ensure intptr_t is defined in various places.

(bsiegert)

Pullup ticket #4987 - requested by joerg
games/darktable: build fix

Revisions pulled up:
- graphics/darktable/Makefile                                  1.62

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:58:25 UTC 2016

  Modified Files:
  pkgsrc/graphics/darktable: Makefile

  Log Message:
  Allow use of deprecated interfaces.

(bsiegert)

Pullup ticket #4985 - requested by joerg
games/wormz: build fix

Revisions pulled up:
- games/wormz/Makefile                                          1.26

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:57:17 UTC 2016

  Modified Files:
  pkgsrc/games/wormz: Makefile

  Log Message:
  Not MAKE_JOBS_SAFE.

(bsiegert)

Pullup ticket #4984 - requested by joerg
games/flightgear: build fix

Revisions pulled up:
- games/flightgear/distinfo                                    1.7
- games/flightgear/patches/patch-src_Canvas_ShivaVG_src_shDefs.h 1.1

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:56:57 UTC 2016

  Modified Files:
  pkgsrc/games/flightgear: distinfo
  Added Files:
  pkgsrc/games/flightgear/patches: patch-src_Canvas_ShivaVG_src_shDefs.h

  Log Message:
  Disable legacy request as it actually breaks with semi-modern Mesa
  version.

(bsiegert)

Pullup ticket #4983 - requested by joerg
devel/anjuta: build fix

Revisions pulled up:
- devel/anjuta/Makefile                                        1.125
- devel/anjuta/distinfo                                        1.28
- devel/anjuta/patches/patch-plugins_build-basic-autotools_build.c 1.3
- devel/anjuta/patches/patch-plugins_cvs-plugin_cvs-callbacks.c 1.1
- devel/anjuta/patches/patch-plugins_cvs-plugin_cvs-execute.c  1.1

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:55:21 UTC 2016

  Modified Files:
  pkgsrc/devel/anjuta: Makefile distinfo
  pkgsrc/devel/anjuta/patches:
      patch-plugins_build-basic-autotools_build.c
  Added Files:
  pkgsrc/devel/anjuta/patches: patch-plugins_cvs-plugin_cvs-callbacks.c
      patch-plugins_cvs-plugin_cvs-execute.c

  Log Message:
  Drop extra format string arguments. Disable zero length format string
  warning from GCC.

(bsiegert)

Pullup ticket #4982 - requested by joerg
devel/xulrunner10: build fix

Revisions pulled up:
- devel/xulrunner10/distinfo                                    1.20
- devel/xulrunner10/patches/patch-config_system-headers        1.1

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:54:34 UTC 2016

  Modified Files:
  pkgsrc/devel/xulrunner10: distinfo
  Added Files:
  pkgsrc/devel/xulrunner10/patches: patch-config_system-headers

  Log Message:
  Wrap tttables as seen on netbsd-7.

(bsiegert)

Pullup tickets #4979, #4980, #4981 and #5013.

(bsiegert)

Pullup ticket #5013 - requested by taca
security/openssl: security fix

Revisions pulled up:
- security/openssl/Makefile                                    1.223
- security/openssl/PLIST.common                                1.29
- security/openssl/distinfo                                    1.122

---
  Module Name: pkgsrc
  Committed By: jperkin
  Date: Tue May  3 14:51:17 UTC 2016

  Modified Files:
  pkgsrc/security/openssl: Makefile PLIST.common distinfo

  Log Message:
  Update security/openssl to version 1.0.2h.

  Changes between 1.0.2g and 1.0.2h [3 May 2016]

  *) Prevent padding oracle in AES-NI CBC MAC check

    A MITM attacker can use a padding oracle attack to decrypt traffic
    when the connection uses an AES CBC cipher and the server support
    AES-NI.

    This issue was introduced as part of the fix for Lucky 13 padding
    attack (CVE-2013-0169). The padding check was rewritten to be in
    constant time by making sure that always the same bytes are read and
    compared against either the MAC or padding bytes. But it no longer
    checked that there was enough data to have both the MAC and padding
    bytes.

    This issue was reported by Juraj Somorovsky using TLS-Attacker.
    (CVE-2016-2107)
    [Kurt Roeckx]

  *) Fix EVP_EncodeUpdate overflow

    An overflow can occur in the EVP_EncodeUpdate() function which is used for
    Base64 encoding of binary data. If an attacker is able to supply very large
    amounts of input data then a length check can overflow resulting in a heap
    corruption.

    Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
    the PEM_write_bio* family of functions. These are mainly used within the
    OpenSSL command line applications, so any application which processes data
    from an untrusted source and outputs it as a PEM file should be considered
    vulnerable to this issue. User applications that call these APIs directly
    with large amounts of untrusted data may also be vulnerable.

    This issue was reported by Guido Vranken.
    (CVE-2016-2105)
    [Matt Caswell]

  *) Fix EVP_EncryptUpdate overflow

    An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
    is able to supply very large amounts of input data after a previous call to
    EVP_EncryptUpdate() with a partial block then a length check can overflow
    resulting in a heap corruption. Following an analysis of all OpenSSL
    internal usage of the EVP_EncryptUpdate() function all usage is one of two
    forms. The first form is where the EVP_EncryptUpdate() call is known to be
    the first called function after an EVP_EncryptInit(), and therefore that
    specific call must be safe. The second form is where the length passed to
    EVP_EncryptUpdate() can be seen from the code to be some small value and
    therefore there is no possibility of an overflow. Since all instances are
    one of these two forms, it is believed that there can be no overflows in
    internal code due to this problem. It should be noted that
    EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
    Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
    of these calls have also been analysed too and it is believed there are no
    instances in internal usage where an overflow could occur.

    This issue was reported by Guido Vranken.
    (CVE-2016-2106)
    [Matt Caswell]

  *) Prevent ASN.1 BIO excessive memory allocation

    When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
    a short invalid encoding can casuse allocation of large amounts of memory
    potentially consuming excessive resources or exhausting memory.

    Any application parsing untrusted data through d2i BIO functions is
    affected. The memory based functions such as d2i_X509() are *not* affected.
    Since the memory based functions are used by the TLS library, TLS
    applications are not affected.

    This issue was reported by Brian Carpenter.
    (CVE-2016-2109)
    [Stephen Henson]

  *) EBCDIC overread

    ASN1 Strings that are over 1024 bytes can cause an overread in applications
    using the X509_NAME_oneline() function on EBCDIC systems. This could result
    in arbitrary stack data being returned in the buffer.

    This issue was reported by Guido Vranken.
    (CVE-2016-2176)
    [Matt Caswell]

  *) Modify behavior of ALPN to invoke callback after SNI/servername
    callback, such that updates to the SSL_CTX affect ALPN.
    [Todd Short]

  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
    default.
    [Kurt Roeckx]

  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
    methods are enabled and ssl2 is disabled the methods return NULL.
    [Kurt Roeckx]

(bsiegert)

Pullup ticket #4981 - requested by joerg
devel/xulrunner192: build fix

Revisions pulled up:
- devel/xulrunner192/distinfo                                  1.22
- devel/xulrunner192/patches/patch-config_system-headers        1.1
- devel/xulrunner192/patches/patch-nsprpub_config_make-system-wrappers.pl deleted

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:54:16 UTC 2016

  Modified Files:
  pkgsrc/devel/xulrunner192: distinfo
  Added Files:
  pkgsrc/devel/xulrunner192/patches: patch-config_system-headers
  Removed Files:
  pkgsrc/devel/xulrunner192/patches:
      patch-nsprpub_config_make-system-wrappers.pl

  Log Message:
  Drop old system wrapper script hack. Adjust wrapper list to include
  tttable as seen on netbsd-7.

(bsiegert)

Pullup ticket #4980 - requested by joerg
devel/elftoolchain: build fix

Revisions pulled up:
- devel/elftoolchain/Makefile                                  1.11

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:52:44 UTC 2016

  Modified Files:
  pkgsrc/devel/elftoolchain: Makefile

  Log Message:
  Disable various noisy warnings for GCC too. Adjust clang handling to
  also work directly with bootstrap-mk-files.

(bsiegert)

Updated graphics/feh to 2.15.3

(szptvlfn)

Update to 2.15.3

ChangeLog:
  http://git.finalrewind.org/feh/plain/ChangeLog

Thu, 28 Apr 2016 11:41:04 +0200

* Release v2.15.3
    * Rescale image when resizing a window and --scale-down or --geometry is
      active. This largely fixes the --scale-down issues introduced in
      2.15. However, note that --scale-down still introduces a fixed window
      size which will not be updated when changing images (as was the case in
      feh < 2.15). This may or may not be fixed in the future.

(szptvlfn)

bind910 was reverted to 9.10.3pl4.

(taca)

Make bind910 downgrade to 9.10.3pl4 keeping soe options and MASTERSITE
change since ISC mark 9.10.4 as "deprecated".

See https://lists.isc.org/pipermail/bind-users/2016-May/096851.html.

(taca)

Provide O_CLOEXEC compat define.

(jperkin)

Restore print-PLIST @pkgdir functionality.  This was lost in the @dirrm
cleanup as the implicit print action was removed.

(jperkin)

Updated graphics/ImageMagick to 7.0.1.3

(adam)

Changes 7.0.1.3:
* Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
* Replace show delegate title with image filename rather than label.
* Fix GetNextToken() off by one error.
* Remove support for internal ephemeral coder.

(adam)

Pullup ticket #4979 - requested by joerg
audio/ibniz: build fix

Revisions pulled up:
- audio/ibniz/Makefile                                          1.3
- audio/ibniz/distinfo                                          1.3
- audio/ibniz/patches/patch-Makefile                            1.1

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:48:57 UTC 2016

  Modified Files:
  pkgsrc/audio/ibniz: Makefile distinfo
  Added Files:
  pkgsrc/audio/ibniz/patches: patch-Makefile

  Log Message:
  Needs X11BASE/lib in rpath. Bump revision.

(bsiegert)

Add ULL suffixes as required.  Fixes 32-bit builds.

(jperkin)

Needs xgettext.

(jperkin)

Updated net/syncthing to 0.12.23

(abs)

Updated net/syncthing to 0.12.23

This is a security release to fix three vulnerabilities all related
to the possibility of the automatic upgrade response being intercepted
by a man-in-the-middle. In one case, a downgrade could be enforced
by the attacker; in another, a denial of service could be created
by serving a malformed package archive; in the third, an XSS attack
could be performed against the local web UI. These were all reported
by Sebastian Py.

- lib/upgrade: Enforce limits on download archives (fixes #3045) (calmh)
- lib/upgrade: Auto upgrade signature should cover version & arch (fixes #3044) (calmh)
- gui: Backport angular and angular-translate updates from master (calmh)

(abs)

+ gnu-pw-mgr-2.0.

(wiz)

CVE-2015-8863 heap-based buffer overflow (via upstream)

(tnn)

Stop using the native texi2html on SunOS.  It's not fully compatible
with what packages such as multimedia/ffmpeg2 expect, and as so few
packages have texi2html in USE_TOOLS it may be causing more problems
that it is worth to save a few dependencies.  PR#51113.

(jperkin)

Updated www/ikiwiki to 3.20160509

(schmonz)

Update to 3.20160509. From the changelog:

  [ Amitai Schlair ]
  * img: ignore the case of the extension when detecting image format,
    fixing the regression that *.JPG etc. would not be displayed
    since 3.20160506

  [ Simon McVittie ]
  * img: parse img_allowed_formats case-insensitively, as was done in
    3.20141016.3
  * inline: restore backwards compat for show=-1 syntax, which
    worked before 3.20160121
  * Remove a spurious changelog entry from 3.20160506 (the relevant
    change was already in 3.20150614)
  * Add CVE-2016-4561 reference to 3.20160506 changelog
  * Set high urgency to get the CVE-2016-4561 fix and CVE-2016-3714
    mitigation into testing

-- Simon McVittie <smcv@debian.org>  Mon, 09 May 2016 21:57:09 +0100

(schmonz)

Updated www/awstats to 7.5

(adam)

Changes 7.5:
- Compatibility with Perl 5.22
- Support detection of Edge browser with detail of version.
- Update robots database
- Add eot/woff/woff2 to mime.pm as fonts
- Add .svgz to image list
- Exclude groups.google from search engines
- Add %time5 tag to support log format with iso time with timezone.
- Add option DynamicDNSLookup to make DNS lookup during output instead
  of during log analysis processing.
- Increase default value for MaxRowsInHTMLOutput

(adam)

Updated misc/tmux to 2.2

(fhajny)

Update misc/tmux to 2.2.
Use release tarballs instead of tagged archives, simplifies
patching and rids us of automake dep.

CHANGES FROM 2.1 to 2.2 10 April 2016

Incompatible Changes
====================

* The format strings which referenced time have been removed.
  Instead:

  #{t:window_activity}

can be used.

* Support for TMPDIR has been removed.  Use TMUX_TMPDIR instead.
  UTF8 detection how happens automatically if the client supports
  it, hence the:

  mouse-utf8
  utf8

  options has been removed.

* The:

  mouse_utf8_flag

  format string has been removed.

* The -I option to show-messages has been removed.  See:

  #{t:start_time}

  format option instead.

Normal Changes
==============

* Panes are unzoomed with selectp -LRUD
* New formats added:

  #{scroll_position}
  #{socket_path}
  #{=10:...} -- limit to N characters (from the start)
  #{=-10:...} -- limit to N characters (from the end)
  #{t:...} -- used to format time-based formats
  #{b:...} -- used to ascertain basename from string
  #{d:...} -- used to ascertain dirname from string
  #{s:...} -- used to perform substitutions on a string

* Job output is run via the format system, so formats work again
* If display-time is set to 0, then the indicators wait for a key
  to be pressed.
* list-keys and list-commands can be run without starting the tmux
  server.
* kill-session learns -C to clear all alerts in all windows of the
  session.
* Support for hooks (internal for now), but hooks for the
  following have been implemented:

  alert-bell
  alert-silence
  alert-activity
  client-attached
  client-detached
  client-resized
  pane-died
  pane-exited

* RGB (24bit) colour support.  The 'Tc' flag must be set in the
  external TERM entry (using terminal-overrides or a custom terminfo entry).

(fhajny)

Updated net/scapy to 2.3.2

(adam)

Changes 2.3.2:
Bug-fix release.

(adam)

Fix for lack of RTF_LLINFO.

(adam)

Add build dependency on fontforge.

(markd)

Updated net/dhcpcd to 6.11.0

(roy)

Import dhcpcd-6.11.0 with the following changes:
  *  pidfile directory is now created correctly at startup.
  *  bootp "leases" are now stored so dhcpcd can dump them.
  *  ARP state is keep open so we can detect duplicates
    (currently this is only logged, no action is taken).
  *  --lastleastextend allows dhcpcd to extend a DHCP lease once
    it has expired. The lease is dropped if any other node
    claims the address.
  *  Delegated Prefix reject routes will be correctly bound to the
    loopback interface. If a delegated address uses the whole prefix,
    then the reject route is removed. If this address is removed, the
    reject route is restored.
  *  dhcp code has been reworked around a classic BOOTP structure
    instead of a fixed size DHCP structure based on a max MTU of 1500.
    Each reference to it also has a size so we know it's length.
    Adding an option to a message is now guarded via easy macros.
    Option concatenation buffer is no longer a fixed size.
  *  many more changes so that dhcpcd passes all current Coverity tests.

(roy)

Updated devel/scons to 2.5.0; devel/git to 2.8.2

(adam)

Version 2.8.2

Fixes since v2.8.1
------------------
* The embedded args argv-array in the child process is used to build
  the command line to run pack-objects instead of using a separate
  array of strings.

* Bunch of tests on "git clone" has been renumbered for better
  organization.

* The tests that involve running httpd leaked the system-wide
  configuration in /etc/gitconfig to the tested environment.

* "index-pack --keep=<msg>" was broken since v2.1.0 timeframe.

* "git config --get-urlmatch", unlike other variants of the "git
  config --get" family, did not signal error with its exit status
  when there was no matching configuration.

* The "--local-env-vars" and "--resolve-git-dir" options of "git
  rev-parse" failed to work outside a repository when the command's
  option parsing was rewritten in 1.8.5 era.

* Fetching of history by naming a commit object name directly didn't
  work across remote-curl transport.

* A small memory leak in an error codepath has been plugged in xdiff
  code.

* strbuf_getwholeline() did not NUL-terminate the buffer on certain
  corner cases in its error codepath.

* The startup_info data, which records if we are working inside a
  repository (among other things), are now uniformly available to Git
  subcommand implementations, and Git avoids attempting to touch
  references when we are not in a repository.

* "git mergetool" did not work well with conflicts that both sides
  deleted.

* "git send-email" had trouble parsing alias file in mailrc format
  when lines in it had trailing whitespaces on them.

* When "git merge --squash" stopped due to conflict, the concluding
  "git commit" failed to read in the SQUASH_MSG that shows the log
  messages from all the squashed commits.

* "git merge FETCH_HEAD" dereferenced NULL pointer when merging
  nothing into an unborn history (which is arguably unusual usage,
  which perhaps was the reason why nobody noticed it).

* Build updates for MSVC.

* "git diff -M" used to work better when two originally identical
  files A and B got renamed to X/A and X/B by pairing A to X/A and B
  to X/B, but this was broken in the 2.0 timeframe.

* "git send-pack --all <there>" was broken when its command line
  option parsing was written in the 2.6 timeframe.

* When running "git blame $path" with unnormalized data in the index
  for the path, the data in the working tree was blamed, even though
  "git add" would not have changed what is already in the index, due
  to "safe crlf" that disables the line-end conversion.  It has been
  corrected.

(adam)

RELEASE 2.5.0 - Mon, 09 Apr 2016 11:27:42 -0700
- Removed a lot of compatibility methods and workarounds
  for Python versions < 2.7, in order to prepare the work
  towards a combined 2.7/3.x version.
  Also fixed the default arguments for the print_tree and
  render_tree methods.
- Added support for cross-language dependency scanning;
  SCons now respects scanner keys for implicit dependencies.
  - Notes for SCons users with heterogeneous systems.
    - May find new (previously missed) dependencies.
    - May cause rebuild after upgrade due to dependency changes.
    - May find new dependency errors (EG. cycles).
      - Discovered in some of the SCons QT tests.
- Resolved missing cross-language dependencies for
  SWIG bindings
- Corrected typo in User Guide for Scanner keyword.
- Install builder interacts with scanner found in SCANNERS differently.
  - Previous: Install builder recursively scanned implicit dependencies
    for scanners from SCANNER, but not for built-in (default) scanners.
  - Current: Install builder will not scan for implicit dependencies via
    either scanner source. This optimizes some Install builder behavior
    and brings orthogonality to Install builder scanning behavior.
- Add better messaging when two environments have
  different actions for the same target
- Fix issue only with MSVC and Always build where targets
  marked AlwaysBuild wouldn't make it into CHANGED_SOURCES
  and thus yield an empty compile command line.
- Fix posix platform escaping logic to properly handle paths
  with parens in them "()".
- Intel Compiler 2016 (Linux/Mac) update for tool directories.
- Fix for issue 2494: Added string support for Chmod function.
- change cache to use 2 character subdirectories, rather than one character,
  so as not to give huge directories for large caches, a situation which
  causes issues for NFS.
  For existing caches, you will need to run the scons-configure-cache.py
  script to update them to the new format. You will get a warning every time
  you build until you co this.
- Fix a bunch of unit tests on windows

(adam)

pbulk-0.61: don't create category symlinks in the default package sync
implementation.

(joerg)

Stop creating category symlinks in ${PACKAGES}, but keep All/ for now.

(joerg)

Note update of www/squid3 package to 3.5.19.

(taca)

Update squid3 to 3.5.19, 3.5.18 contains security fix.

Changes to squid-3.5.19 (09 May 2016):

- Regression Bug 4515: interception proxy hangs

Changes to squid-3.5.18 (06 May 2016):

- Bug 4510: stale comment about 32KB limit on shared memory cache entries
- Bug 4509: EUI compile error on NetBSD
- Bug 4501: HTTP/1.1: normalize Host header
- Bug 4498: URL-unescape the login-info after extraction from URI
- Bug 4455: SegFault from ESIInclude::Start
- Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
- Fix TLS/SSL server handshake alert handling

(taca)

Remove non-responding mirror.

(wiz)

Remove belnet mirror, gives 404.

(wiz)

add the oracle ones, and fix the sun ones

(christos)

Added archivers/bmap-tools version 3.2

(jakllsch)

+bmap-tools

(jakllsch)

Add bmap-tools-3.2 as archivers/bmap-tools

Bmaptool is a generic tool for creating the block map (bmap) for
a file and copying files using the block map. The idea is that
large files, like raw system image files, can be copied or flashed
a lot faster and more reliably with bmaptool than with traditional
tools, like "dd" or "cp".

(jakllsch)

update from 72 -> 92

(christos)

update the sun7 jdk to the latest.

(christos)

72 -> 80, security fixes

(christos)

Pullup requests up to #4978.

(bsiegert)

Pullup ticket #4978 - requested by joerg
time/fet: build fix

Revisions pulled up:
- time/fet/Makefile                                            1.14
- time/fet/distinfo                                            1.7
- time/fet/patches/patch-src_src.pro                            1.1

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:46:14 UTC 2016

  Modified Files:
  pkgsrc/time/fet: distinfo
  Added Files:
  pkgsrc/time/fet/patches: patch-src_src.pro

  Log Message:
  Add X11 rpath to qmake configuration.

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 09:46:37 UTC 2016

  Modified Files:
  pkgsrc/time/fet: Makefile

  Log Message:
  Bump revision for rpath fix.

(bsiegert)

Pullup ticket #4977 - requested by joerg
www/aws-demos: build fix

Revisions pulled up:
- www/aws-demos/Makefile                                        1.16
- www/aws/buildlink3.mk                                        1.2

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Sat May  7 03:49:21 UTC 2016

  Modified Files:
  pkgsrc/www/aws: buildlink3.mk
  pkgsrc/www/aws-demos: Makefile

  Log Message:
  Use build option framework to not randomly vomit on the console.

(bsiegert)

Add support for CFLAGS and LDFLAGS

This fixes the build with PKGSRC_MKPIE.

(khorben)

Updated converters/p5-Sereal-Decoder to 3.014

(wen)

Update to 3.014

Upstream changes:
3.014 Dec  7 2015
  * Fix builds under 5.8.9

3.012 Dec  6 2015
  * Yet another release related to broken META files.
    ExtUtils::MakeMaker and CPAN::Meta need to be up to date
    or the META files miss stuff.

3.011 Dec  6 2015
  * No significant changes. Doc typo fixes, and build tweaks.

3.010 Dec  1 2015
  * Build fixes.

3.009 Nov 30 2015
  * Re-relase 3.008 with updated META files.

3.008 Nov 27 2015
  * FIX: Win32 build issues.

3.007 Nov 26 2015
  * Build fixes for boxes without any Sereal installed (it seems
    to be common on certain types of smokers, and not on others).
  * [ENCODER]: new sort orders added.
  * Fix incremental parsing of utf8 strings. See
    https://rt.cpan.org/Public/Bug/Display.html?id=93892
  * Encoder fixes.

3.006 Nov 14 2015
  * [DECODER] fix segfaults from heavily corrupted data. Guards
    against various pathological cases which could cause segfaults
    fixed. Thanks to Damian Gryski and "fuzzing sereal with afl"
    for finding these cases.
  * [ENCODER] Various subtle fixes to how we choose whether to serialize
    the string or numeric version of a value, in particular to
    ensure that "00" always round trips as "00", and related issues.
    Note this fix has correctness and performance consequences. In
    some cases values that used to serialized as integers (arguably
    incorrectly) will be serialized as strings instead, and some code
    maybe be slower to serialize.
    NOTE: Some issues related to this subject are not fixable without
    a protocol change. In particular this change may affect the behavior
    of code that uses binary logical operators on values serialized
    with Perl.
    Thanks to Zefram, Tom, and others for help with this issue.
  * Fixups for cast warnings under -Wint-to-ptr builds by using
    using PTR2INT and INT2PTR for casting our objects.
  * Win32 fixes
  * Build improvements
  * Changes to how we generate constants

(wen)

Updated converters/p5-Sereal-Encoder to 3.014

(wen)

Update to 3.014

Upstream changes:
3.014 Dec  7 2015
  * Fix builds under 5.8.9

3.012 Dec  6 2015
  * Yet another release related to broken META files.
    ExtUtils::MakeMaker and CPAN::Meta need to be up to date
    or the META files miss stuff.

3.011 Dec  6 2015
  * No significant changes. Doc typo fixes, and build tweaks.

3.010 Dec  1 2015
  * Build fixes.

3.009 Nov 30 2015
  * Re-relase 3.008 with updated META files.

3.008 Nov 27 2015
  * FIX: Make sure that reserializing a data structure created
    using alias_varint_under does not produce a corrupted dataset.
    Thanks to Iskra for the report.
  * FIX: Precedence issue related to sort keys options. Thanks
    to Petr P穩sa� <ppisar@redhat.com> for the report and fix.
  * FIX: Win32 build issues, thanks to bulk88 for help.

3.007 Nov 26 2015
  * FIX: sorting should now work with tied hashes, and
    be in general faster.
  * CHANGED: Sort order for sort_keys=1 is now defined to be
    "in order by length of bytes, then by byte order of the
    underlying string, then by utd8ness, with non-utf8 first".
    This sort order was chosen because it requires the least
    operations to perform in the most cases, has a bounded number
    of cases where we would have to create any temporary SV's or
    to do operations that require us to introspect codepoints in
    utf8 strings. IOW purely performance. Note that so long
    as you compare data created with the same sort_keys setting
    you will ALWAYS get the same order *in process*, regardless
    of what you choose. Backwards compatible support for  the
    old order is available via sort_keys=3.

    ADDED: sort_keys=2 to provide "perl cmp order"
          (Its just there because it is easy to do, not for any
            good reason.)
    ADDED: sort_keys=3 to provide "rev perl cmp order"

    Legacy sort order was equivalent to sort_keys=3, use this
    option *ONLY* if you are extremely sensitive to changes in the
    sorted order (or "canonical form").

  * [DECODER] Build fixes for boxes without any Sereal installed (it seems
    to be common on certain types of smokers, and not on others).
  * Fix issues with serializing blessed scalars where we see the
    blessed scalar before we see the reference to it.
  * Handle PVLV undefs
  * Build fixes for 5.8.9
  * Doc patches
  * Optimizations

3.006 Nov 14 2015
  * [DECODER] fix segfaults from heavily corrupted data. Guards
    against various pathological cases which could cause segfaults
    fixed. Thanks to Damian Gryski and "fuzzing sereal with afl"
    for finding these cases.
  * [ENCODER] Various subtle fixes to how we choose whether to serialize
    the string or numeric version of a value, in particular to
    ensure that "00" always round trips as "00", and related issues.
    Note this fix has correctness and performance consequences. In
    some cases values that used to serialized as integers (arguably
    incorrectly) will be serialized as strings instead, and some code
    maybe be slower to serialize.
    NOTE: Some issues related to this subject are not fixable without
    a protocol change. In particular this change may affect the behavior
    of code that uses binary logical operators on values serialized
    with Perl.
    Thanks to Zefram, Tom, and others for help with this issue.
  * Fixups for cast warnings under -Wint-to-ptr builds by using
    using PTR2INT and INT2PTR for casting our objects.
  * Win32 fixes
  * Build improvements
  * Changes to how we generate constants

(wen)

Pullup ticket #4976 - requested by joerg
chat/ktp-contact-runner: build fix
chat/ktp-filetransfer-handler: build fix
chat/ktp-kded-integration-module: build fix
chat/ktp-send-file: build fix

Revisions pulled up:
- chat/ktp-contact-runner/Makefile                              1.4
- chat/ktp-filetransfer-handler/Makefile                        1.4
- chat/ktp-kded-integration-module/Makefile                    1.4
- chat/ktp-send-file/Makefile                                  1.4

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Fri May  6 11:49:08 UTC 2016

  Modified Files:
  pkgsrc/chat/ktp-contact-runner: Makefile
  pkgsrc/chat/ktp-filetransfer-handler: Makefile
  pkgsrc/chat/ktp-kded-integration-module: Makefile
  pkgsrc/chat/ktp-send-file: Makefile

  Log Message:
  Requires msgfmt to build.

(bsiegert)

Pullup ticket #4974 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.135
- lang/php70/distinfo                                          1.9
- lang/php70/patches/patch-configure                            1.3
- lang/php70/patches/patch-ext_opcache_config.m4                deleted
- lang/php70/patches/patch-ext_standard_php__dns.h              1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon May  2 13:09:49 UTC 2016

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php70: distinfo
  pkgsrc/lang/php70/patches: patch-configure
      patch-ext_standard_php__dns.h
  Removed Files:
  pkgsrc/lang/php70/patches: patch-ext_opcache_config.m4

  Log Message:
  Update php70 to 7.0.6.

  pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
  pkgsrc-users@.

  28 Apr 2016 PHP 7.0.6

  - Core:
    . Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1'
      failed). (Laruence)
    . Fixed bug #71922 (Crash on assert(new class{})). (Nikita)
    . Fixed bug #71914 (Reference is lost in "switch"). (Laruence)
    . Fixed bug #71871 (Interfaces allow final and abstract functions). (Nikita)
    . Fixed Bug #71859 (zend_objects_store_call_destructors operates on realloced
      memory, crashing). (Laruence)
    . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
    . Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/
      php_url_encode). (Stas)
    . Fixed bug #71731 (Null coalescing operator and ArrayAccess). (Nikita)
    . Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname). (krakjoe)
    . Fixed bug #71428 (inheritance and allow_null). (krakjoe)
    . Fixed bug #71414 (Inheritance, traits and interfaces). (krakjoe)
    . Fixed bug #71359 (Null coalescing operator and magic). (krakjoe)
    . Fixed bug #71334 (Cannot access array keys while uksort()). (Nikita)
    . Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method).
      (Nikita)
    . Fixed bug #69537 (__debugInfo with empty string for key gives error).
      (krakjoe)
    . Fixed bug #62059 (ArrayObject and isset are not friends). (Nikita)
    . Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally).
      (Nikita)

  - BCmath:
    . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
      _one_ definition). (Stas)

  - Curl:
    . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
      (Michael Sierks)

  - Date:
    . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)

  - EXIF:
    . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)

  - GD:
    . Fixed bug #71912 (libgd: signedness vulnerability). (Stas)

  - Intl:
    . Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via
      constructor). (Anatol)
    . Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE). (Anatol)
    . Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar
      methods). (Daniel Persson)
    . Fixed bug #68893 (Stackoverflow in datefmt_create). (Anatol)
    . Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale
      is empty). (Anatol)
    . Fixed bug #70484 (selectordinal doesn't work with named parameters).
      (Anatol)
    . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
      offset). (Stas)

  - ODBC:
    . Fixed bug #63171 (Script hangs after max_execution_time). (Remi)

  - Opcache:
    . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
      (Laruence)

  - PDO:
    . Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
      (Daniel kalaspuffar, Julien)
    . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)

  - PDO_DBlib:
    . Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
      (Adam Baratz)
    . Add DBLIB-specific attributes for controlling timeouts. (Adam Baratz)

  - PDO_pgsql:
    . Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
      (Joseph Bylund)

  - Postgres:
    . Fixed bug #71820 (pg_fetch_object binds parameters before call
      constructor). (Anatol)
    . Fixed bug #71998 (Function pg_insert does not insert when column
      type = inet). (Anatol)

  - SOAP:
    . Fixed bug #71986 (Nested foreach assign-by-reference creates broken
      variables). (Laruence)

  - SPL:
    . Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't
      access properties in PHP). (Nikita)
    . Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet). (Stas)
    . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
      offsetExists()). (Nikita)
    . Fixed bug #52339 (SPL autoloader breaks class_exists()). (Nikita)

  - Standard:
    . Fixed bug #71995 (Returning the same var twice from __sleep() produces
      broken serialized data). (Laruence)
    . Fixed bug #71940 (Unserialize crushes on restore object reference).
      (Laruence)
    . Fixed bug #71969 (str_replace returns an incorrect resulting array after
      a foreach by reference). (Laruence)
    . Fixed bug #71891 (header_register_callback() and
      register_shutdown_function()). (Laruence)
    . Fixed bug #71884 (Null pointer deref (segfault) in
      stream_context_get_default). (Laruence)
    . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
    . Fixed bug #71837 (Wrong arrays behaviour). (Laruence)
    . Fixed bug #71827 (substr_replace bug, string length). (krakjoe)
    . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
      _REENTRANT is not defined). (Nikita)
    . Fixed bug #72116 (array_fill optimization breaks implementation). (Bob)

  - XML:
    . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)

  - Zip:
    . Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (Stas)

(bsiegert)

Added devel/py-cycler version 0.10.0

(wen)

Add py-cycler

(wen)

Import cycler-0.10.0 as devel/py-cycler.

Composable style cycles.

(wen)

Pullup ticket #4973 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.134
- lang/php56/distinfo                                          1.26
- lang/php56/patches/patch-configure                            1.3
- lang/php56/patches/patch-ext_opcache_config.m4                deleted
- lang/php56/patches/patch-ext_standard_php__dns.h              1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon May  2 13:08:00 UTC 2016

  Modified Files:
  pkgsrc/lang/php: phpversion.mk
  pkgsrc/lang/php56: distinfo
  pkgsrc/lang/php56/patches: patch-configure
      patch-ext_standard_php__dns.h
  Removed Files:
  pkgsrc/lang/php56/patches: patch-ext_opcache_config.m4

  Log Message:
  Update php56 to 5.6.21.

  pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
  pkgsrc-users@.

  28 Apr 2016, PHP 5.6.21

  - Core:
    . Fixed bug #69537 (__debugInfo with empty string for key gives error).
      (krakjoe)
    . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)

  - BCmath:
    . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
      _one_ definition). (Stas)

  - Curl:
    . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
      (Michael Sierks)

  - Date:
    . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)

  - EXIF:
    . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)

  - GD:
    . Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
    . Fixed bug #71912 (libgd: signedness vulnerability). (Stas)

  - Intl:
    . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
      offset). (Stas)

  - OCI8:
    . Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
      allowed for this column). (Chris Jones)

  - ODBC:
    . Fixed bug #63171 (Script hangs after max_execution_time). (Remi)

  - Opcache:
    . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
      (Laruence)

  - PDO:
    . Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
      (Daniel Kalaspuffar, Julien)
    . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)

  - Postgres:
    . Fixed bug #71820 (pg_fetch_object binds parameters before call
      constructor). (Anatol)

  - SPL:
    . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
      offsetExists()). (Nikita)

  - Standard:
    . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
    . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
      _REENTRANT is not defined). (Nikita)

  - XML:
    . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)

(bsiegert)

Added libkactivities4 grantlee-qt5 and oxygen-fonts

(markd)

Add oxygen-fonts

(markd)

Add oxygen-icons 5.4.3

Oxygen Font is a project to design a desktop/gui font for integrated
use with the KDE desktop.

The basic concept for Oxygen Font is to design a clear, legible, sans
serif font which would be rendered with Freetype on Linux-based
devices. In addition a bold weight, plus regular and bold italics, and
a monospace version will be made.

(markd)

Updated sysutils/smartmontools to 6.5

(nonaka)

Updated smartmontools to 6.5.

Date 2016-05-07
Summary: smartmontools release 6.5
-----------------------------------------------------------
- Experimental support for NVMe devices on FreeBSD, Linux and Windows.
- smartctl '-i', '-c', '-H' and '-l error': NVMe support.
- smartctl '-l nvmelog': New option for NVMe.
- smartd.conf '-H', '-l error' and '-W': NVMe support.
- Optional NVMe device scanning support on Linux and Windows.
- configure option '--with-nvme-devicescan' to include NVMe in
  default device scanning result.
- Device scanning now allows to specify multiple '-d TYPE' options.
- ATA: Added new POWER MODE values introduced in ATA ACS-2.
- ATA: SCT commands are no longer issued if ATA Security is locked.
- SCSI: LB provisioning improvements.
- SCSI: Fixed GLTSD bit set/cleared info messages.
- SCSI: Solid State media log page is no longer checked for tapes.
- SCSI: Improved handling when no tape cartridge in drive.
- SCSI: Workaround for buggy Seagate firmware.
- SAT: Improved heuristics to detect bogus sense data from SAT layer.
- smartd: Fixed crash on missing argument to '-s' directive.
- update-smart-drivedb: Now uses HTTPS for download by default.
- update-smart-drivedb: New options to select URL and download tool.
- update-smart-drivedb: New download tool 'svn'.
- configure option '--without-update-smart-drivedb' to disable
  update-smart-drivedb script.
- configure options '--disable-drivedb', '--enable-savestates',
  '--enable-attributelog' and '--with-docdir' are no longer supported.
- autoconf < 2.60 and automake < 1.10 are no longer supported.
- Drive database file now also includes the DEFAULT setting
  for each attribute.
- HDD, SSD and USB additions to drive database.
- Darwin: New support files for package installer.
  New makefile target 'install-darwin' builds DMG image.
- Solaris: Auto detection of SATA devices behind SAT layer.
- Solaris SPARC: Legacy ATA support disabled by default.
  New configure option '--with-solaris-sparc-ata' enables it.
  File os_solaris_ata.s is no longer included in source tarball.
- Windows: Auto detection of USB devices specified by drive letter.
- Windows: Device scanning does no longer ignore unknown USB devices.
- Windows: Prevent drive spin up by '-n standby' check.
- Windows: New application manifests indicating Win 10 support.
- Windows smartd: '-m [sys]msgbox' is no longer supported.
- Windows installer: Defaults to 64-bit version on 64-bit Windows.
- Various code changes suggested by Clang Static Analyser and Cppcheck.

(nonaka)

Add grantlee-qt5

(markd)

Add grantlee-qt5 5.1.0

String template engine in QT5 based on Django template system

(markd)

Install includes so they don't conflict with qt5 versions.

(markd)

Remove dependency on kde-workspace4

(markd)

Remove dependency on kde-workspace4

(markd)

s/kactivities/libkactivities4/

(markd)

s/kactivities/libkactivities4/

(markd)

s/kactivities/libkactivities4/

(markd)