Updated databases/py-peewee, www/py-flask-jwt-extended

(adam)

py-flask-jwt-extended: updated to 3.21.0

3.21.0
Require flask 1.0 or greater
Move docs to pallets-sphinx-themes
Add a new JWT_DECODE_ISSUER option for use with other JWT providers
Gracefully handle errors for malformed tokens

(adam)

py-peewee: updated to 3.10.0

3.10.0

Add a helper to playhouse.mysql_ext for creating Match full-text search expressions.
Added date-part properties to TimestampField for accessing the year, month, day, etc., within a SQL expression.
Added to_timestamp() helper for DateField and DateTimeField that produces an expression returning a unix timestamp.
Add autoconnect parameter to Database classes. This parameter defaults to True and is compatible with previous versions of Peewee, in which executing a query on a closed database would open a connection automatically. To make it easier to catch inconsistent use of the database connection, this behavior can now be disabled by specifying autoconnect=False, making an explicit call to Database.connect() needed before executing a query.
Added database-agnostic interface for obtaining a random value.
Allow isolation_level to be specified when initializing a Postgres db.
Allow hybrid properties to be used on model aliases.
Support aggregates with FILTER predicates on the latest Sqlite.

Changes
-------
More aggressively slot row values into the appropriate field when building objects from the database cursor (rather than using whatever cursor.description tells us, which is buggy in older Sqlite).
Be more permissive in what we accept in the insert_many() and insert() methods.
When implicitly joining a model with multiple foreign-keys, choose the foreign-key whose name matches that of the related model. Previously, this would have raised a ValueError stating that multiple FKs existed.
Improved date truncation logic for Sqlite and MySQL to make more compatible with Postgres' date_trunc() behavior. Previously, truncating a datetime to month resolution would return '2019-08' for example. As of 3.10.0, the Sqlite and MySQL date_trunc implementation returns a full datetime, e.g. '2019-08-01 00:00:00'.
Apply slightly different logic for casting JSON values with Postgres. Previously, Peewee just wrapped the value in the psycopg2 Json() helper. In this version, Peewee now dumps the json to a string and applies an explicit cast to the underlying JSON data-type (e.g. json or jsonb).

Bug fixes
---------
Save hooks can now be called for models without a primary key.
Fixed bug in the conversion of Python values to JSON when using Postgres.
Fix for differentiating empty values from NULL values in model_to_dict.
Fixed a bug referencing primary-key values that required some kind of conversion (e.g., a UUID).
Add small jitter to the pool connection timestamp to avoid issues when multiple connections are checked-out at the same exact time.

(adam)

Updated sysutils/py-xattr

(adam)

py-xattr: updated to 0.9.6

Version 0.9.6:
* Fix release build by including *.[ch] in Manifest.in

Version 0.9.4:
* Extract inline C code for syntax highlighting and easier maintenance
* Fix Travis build
* Always include sys/types.h (musl compatibility)

Version 0.9.3:
* Do not attempt to use surrogateescape unless it is available

Version 0.9.2:
* Fix BSD issue w/ lsattr and long attrs
* Remove unreachable code

Version 0.9.1:
* Allow (Python 2) long for fd
* Fix Python 3 bytes handling in xattr.tool
* Use cffi 1.X features to build native module for faster import
  https://github.com/xattr/xattr/pull/47
* NOTE: Version 0.9.0 is the same, was momentarily uploaded with
  incomplete CHANGES.txt

Version 0.8.0:
* Use os.fsencode where available to better handle filesystem quirks related
  to surrogates
* Options bugfix and compatibility module for pyxattr API

Version 0.7.9:
* Added xattr/tests/*.py to MANIFEST.in

Version 0.7.8:
* Added MANIFEST.in to ensure that the .txt files are included

Version 0.7.7:
* Fixed FreeBSD build

(adam)

Updated textproc/py-pygments, devel/py-ipython

(adam)

py-ipython: updated to 7.7.0

IPython 7.7.0 contain multiple bug fixes and documentation updates; Here are a
few of the outstanding issue fixed:

  - Fix a bug introduced in 7.6 where the ``%matplotlib`` magic would fail on
    previously acceptable arguments
  - Fix the manage location on freebsd
  - Fix error message about aliases after ``%reset`` call in ipykernel
  - Fix Duplication completions in emacs

We are planning to adopt `NEP29 <https://github.com/numpy/numpy/pull/14086>`_
(still currently in draft) which may make this minor version of IPython the
last one to support Python 3.5 and will make the code base more aggressive
toward removing compatibility with older versions of Python.

GitHub now support to give only "Triage" permissions to users; if you'd like to
help close stale issues and labels issues please reach to us with your GitHub
Username and we'll add you to the triage team. It is a great way to start
contributing and a path toward getting commit rights.

(adam)

py-pygments: updated to 2.4.2

Version 2.4.2
- Fix encoding error when guessing lexer with given ``encoding`` option

Version 2.4.1
- Updated lexers:
  * Coq
  * MSDOS Session
  * NASM
  * Objective-C
  * Prolog
  * TypeScript
- Support CSS variables in stylesheets
- Fix F# lexer name
- Fix ``TerminalFormatter`` using bold for bright text

Version 2.4.0
- Added lexers:
  * Augeas
  * BBC Basic
  * Boa
  * Charm++ CI
  * DASM16
  * FloScript
  * FreeFem++
  * Hspec
  * Pony
  * SGF
  * Slash
  * Slurm
  * Tera Term Language
  * TOML
  * Unicon
  * VBScript

- Updated lexers:
  * Apache2
  * Cypher
  * LLVM
  * Makefiles
  * PHP
  * Rust
  * SQL
  * Stan
  * Stata
  * Terraform
  * YAML

- Add solarized style
- Add support for Markdown reference-style links
- Add license information to generated HTML/CSS files
- Change ANSI color names
- Fix catastrophic backtracking in the bash lexer
- Fix documentation failing to build using Sphinx 2.0
- Fix incorrect links in the Lisp and R lexer documentation
- Fix rare unicode errors on Python 2.7
- Fix lexers popping from an empty stack
- TypoScript uses ``.typoscript`` now
- Updated Trove classifiers and ``pip`` requirements

(adam)

Updated devel/py-pip, devel/py-mako, security/py-gssapi, security/py-asyncssh

(adam)

py-asyncssh: updated to 1.17.1

Release 1.17.1:
Improved construction of file paths in SFTP to better handle native Windows source paths containing backslashes or drive letters.
Improved SFTP parallel I/O for large reads and file copies to better handle the case where a read returns less data than what was requested when not at the end of the file, allowing AsyncSSH to get back the right result even if the requested block size is larger than the SFTP server can handle.
Fixed an issue where the requested SFTP block_size wasn窶冲 used in the get, copy, mget, and mcopy functions if it was larger than the default size of 16 KB.
Fixed a problem where the list of client keys provided in an SSHClientConnectionOptions object wasn窶冲 always preserved properly across the opening of multiple SSH connections.
Changed SSH agent client code to avoid printing a warning on Windows when unable to connect to the SSH agent using the default path. A warning will be printed if the agent_path or SSH_AUTH_SOCK is explicitly set, but AsyncSSH will remain quiet if no agent path is set and no SSH agent is running.
Made AsyncSSH tolerant of unexpected authentication success/failure messages sent after authentication completes. AsyncSSH previously treated this as a protocol error and dropped the connection, while most other SSH implementations ignored these messages and allowed the connection to continue.
Made AsyncSSH tolerant of SFTP status responses which are missing error message and language tag fields, improving interoperability with servers that omit these fields. When missing, AsyncSSH treats these fields as if they were set to empty strings.

(adam)

py-gssapi: updated to 1.6.0

1.6.0:
Unknown changes

(adam)

py-mako: updated to 1.1.0

1.1.0

changed

[changed] [setup]
Removed the 窶徘ython setup.py test窶� feature in favor of a straight run of 窶徼ox窶�. Per Pypa / pytest developers, 窶徭etup.py窶� commands are in general headed towards deprecation in favor of tox. The tox.ini script has been updated such that running 窶徼ox窶� with no arguments will perform a single run of the test suite against the default installed Python interpreter.

[changed] [installer] [py3k]
Mako 1.1 now supports Python versions:
- 2.7
- 3.4 and higher

This includes that setup.py no longer includes any conditionals, allowing for a pure Python wheel build, however this is not necessarily part of the Pypi release process as of yet. The test suite also raises for Python deprecation warnings.

bug

[bug] [py3k] [windows]
Replaced usage of time.clock() on windows as well as time.time() elsewhere for microsecond timestamps with timeit.default_timer(), as time.clock() is being removed in Python 3.8. Pull request courtesy Christoph Reiter.

[bug] [py3k]
Replaced usage of inspect.getfullargspec() with the vendored version used by SQLAlchemy, Alembic to avoid future deprecation warnings. Also cleans up an additional version of the same function that窶冱 apparently been floating around for some time.

(adam)

py-pip: updated to 19.2.1

19.2.1:

Bug Fixes
- Fix a NoneType AttributeError when evaluating hashes and no hashes
  are provided.

19.2:

Deprecations and Removals
- Drop support for EOL Python 3.4.
- Improve deprecation messages to include the version in which the functionality will be removed.

Features
- Credentials will now be loaded using keyring when installed.
- Fully support using --trusted-host inside requirements files.
- Update timestamps in pip's --log file to include milliseconds.
- Respect whether a file has been marked as "yanked" from a simple repository
  (see PEP 592 <https://www.python.org/dev/peps/pep-0592/>__ for details).
- When choosing candidates to install, prefer candidates with a hash matching
  one of the user-provided hashes.
- Improve the error message when METADATA or PKG-INFO is None when
  accessing metadata.
- Add a new command pip debug that can display e.g. the list of compatible
  tags for the current Python.
- Display hint on installing with --pre when search results include pre-release versions.
- Report to Warehouse that pip is running under CI if the PIP_IS_CI environment variable is set.
- Allow --python-version to be passed as a dotted version string (e.g.
  3.7 or 3.7.3).
- Log the final filename and SHA256 of a .whl file when done building a
  wheel.
- Include the wheel's tags in the log message explanation when a candidate
  wheel link is found incompatible.
- Add a --path argument to pip freeze to support --target
  installations.
- Add a --path argument to pip list to support --target
  installations.

Bug Fixes
- Set sys.argv[0] to the underlying setup.py when invoking setup.py
  via the setuptools shim so setuptools doesn't think the path is -c.
- Update pip download to respect the given --python-version when checking
  "Requires-Python".
- Respect --global-option and --install-option when installing from
  a version control url (e.g. git).
- Make the "ascii" progress bar really be "ascii" and not Unicode.
- Fail elegantly when trying to set an incorrectly formatted key in config.
- Prevent DistutilsOptionError when prefix is indicated in the global environment and --target is used.
- Fix pip install to respect --ignore-requires-python when evaluating
  links.
- Fix a debug log message when freezing an editable, non-version controlled
  requirement.
- Extend to Subversion 1.8+ the behavior of calling Subversion in
  interactive mode when pip is run interactively.
- Prevent pip install <url> from permitting directory traversal if e.g.
  a malicious server sends a Content-Disposition header with a filename
  containing ../ or ..\\.
- Hide passwords in output when using --find-links.
- Include more details in the log message if pip freeze can't generate a
  requirement string for a particular distribution.
- Add the line number and file location to the error message when reading an
  invalid requirements file in certain situations.
- Prefer os.confstr to ctypes when extracting glibc version info.
- Improve error message printed when an invalid editable requirement is provided.
- Improve error message formatting when a command errors out in a subprocess.

Vendored Libraries
- Upgrade certifi to 2019.6.16
- Upgrade distlib to 0.2.9.post0
- Upgrade msgpack to 0.6.1
- Upgrade requests to 2.22.0
- Upgrade urllib3 to 1.25.3
- Patch vendored html5lib, to prefer using collections.abc where possible.

Improved Documentation
- Document how Python 2.7 support will be maintained.
- Upgrade Sphinx version used to build documentation.
- Fix generation of subcommand manpages.
- Mention that pip can install from git refs.
- Replace a failing example of pip installs with extras with a working one.

(adam)

Updated graphics/freetype2, devel/py-xdis

(adam)

py-xdis: updated to 4.0.3

4.0.3:
Support 3.8.0beta2; Code38 type with posonlyargcount field
Add Python versions 3.4.10, 3.7.4 and 3.6.9
script no longer works to install pydisasm; entry_points still works
Add pypy 3.6 opcode formatting for MAKE_FUNCTION and EXTENDED_ARG
Add format_CALL_function and use it or pypy36
Start using "blacken" to reformat Python files

(adam)

freetype2: updated to 2.10.1

FreeType 2.10.1
A new maintenance release, fixing bytecode hinting of OpenType variation fonts and cmap processing of PCF fonts, among other things.

(adam)

Updated lang/nodejs, lang/npm

(adam)

npm: updated to 6.10.2

v6.10.2:

tl;dr - Fixes several issues with the cache when npm is run as sudo on Unix systems.

TESTING
check test cache for root-owned files
run sudo tests on Travis-CI
set --no-esm tap flag
add script to run tests and leave fixtures for inspection and debugging

BUGFIXES
add a util for writing arbitrary files to cache This prevents metrics timing and debug logs from becoming root-owned.
infer cache owner from parent dir in correct-mkdir util
ensure correct owner on cached all-packages metadata
report server error on failure
Fix npm ci with file: dependencies.

(adam)

nodejs: updated to 10.16.1

Version 10.16.1 'Dubnium' (LTS)

Notable changes
deps: upgrade openssl sources to 1.1.1c
stream: do not unconditionally call \_read() on resume()
worker: fix nullptr deref after MessagePort deser failure

(adam)

Updated www/py-google-api-python-clientm, databases/openldap, databases/ldb, net/samba4

(adam)

samba4: updated to 4.10.6

Changes 4.10.6:
* BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts.
* BUG 13964: smbd does not correctly parse arguments passed to dfree and
  quota scripts.
* BUG 13965: samba-tool dns: use bytes for inet_ntop.
* BUG 13828: samba-tool domain provision: Fix --interactive module in
  python3.
* BUG 13893: ldb_kv: Skip @ records early in a search full scan.
* BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth"
  connection.
* BUG 14002: python/ntacls: Use correct "state directory" smb.conf option
  instead of "state dir".
* BUG 13840: registry: Add a missing include.
* BUG 13944: Fix SMB guest authentication.
* BUG 13958: AppleDouble conversion breaks Resourceforks.
* BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread().
* BUG 13987: s3:mdssvc: Fix flex compilation error.
* BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly:
* BUG 13799: dsdb:samdb: schemainfo update with relax control.
* BUG 13964: s3:util: Move static file_pload() function to lib/util.
* BUG 13957: smbd: Fix a panic.
* BUG 12478: ldap server: Generate correct referral schemes.
* BUG 13941: s4 dsdb/repl_meta_data: fix use after free in
  dsdb_audit_add_ldb_value.
* BUG 13942: s4 dsdb: Fix use after free in
  samldb_rename_search_base_callback.
* BUG 12204: dsdb/repl: we need to replicate the whole schema before we can
  apply it.
* BUG 12478: ldb: Release ldb 1.5.5
* BUG 13713: Schema replication fails if link crosses chunk boundary
  backwards.
* BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips
  the schemaInfo update provision.
* BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown]
  SID [(NULL SID)] ..."
* BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in
  order to get the ACL.
* BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte
  boundary.
* BUG 13939: Using Kerberos credentials to print using spoolss doesn't work.
* BUG 13998: wafsamba: Use native waf timer.
* BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check.

(adam)

ldb: updated to 1.5.5

1.5.5:
Unknown changes

(adam)

openldap: updated to 2.4.48

OpenLDAP 2.4.48
Added libldap OpenSSL Elliptic Curve support
Added libldap Expose OpenLDAP specific interfaces via openldap.h
Added slapd-monitor support for slapd-mdb
Fixed liblber leaks
Fixed liblber with partial flush
Fixed libldap ASYNC TLS so it works
Fixed libldap ASYNC connections with Solaris 10
Fixed libldap with SASL_NOCANON=on and ldapi connections
Fixed libldap to be able to unset syncrepl TLS options
Fixed libldap race condition in ldap_int_initialize
Fixed libldap return code in ldap_create_assertion_control_value
Fixed libldap to correctly disable IPv6 when configured to do so
Fixed libldap to correctly close TLS connection
Fixed libldap_r handling of deprecated OpenSSL function
Fixed liblunicode case correspondance
Fixed slapd with an idletimeout of less than four seconds
Fixed slapd config parser variable for Windows64
Fixed slapd syncrepl fallback handling with delta-syncrepl
Fixed slapd telephoneNumberNormalize, cert DN validation
Fixed slapd syncrepl for relax with delta-syncrepl
Fixed slapd to restrict rootDN proxyauthz to its own databases
Fixed slapd to initialize SASL SSF per connection
Fixed slapo-accesslog with SLAP_MOD_SOFT modifications
Fixed slapd-ldap starttls connections timeout behavior
Fixed slapd-ldap segfault when entry result doesn't match filter
Fixed slapd-meta conversion from slapd.conf to cn=config
Fixed slapd-meta assertion when network interface goes down
Fixed slapd-mdb fix bitshift integer overflow
Fixed slapd-mdb index cleanup with cn=config
Fixed slapd-mdb to improve performance with alias deref
Fixed slapo-accesslog possible assert with exops
Fixed slapo-chain to correctly reject multiple chaining URIs
Fixed slapo-chain conversion from slapd.conf to cn=config
Fixed slapo-memberof conversion from slapd.conf to cn=config
Fixed slapo-memberof for group name change to itself
Fixed slapo-ppolicy behavior when pwdInHistory is changed
Fixed slapo-rwm to not free original filter
Fixed slapo-syncprov contextCSN generation
Build Environment
Fixed slapd to only link to BDB libraries with static build
Fixed libldap implicit declaration with LDAP_CONNECTIONLESS
Fixed libldap double inclusion of limits.h in cyrus.c
Documentation
General - Fixed minor typos
admin24 - Miscellaneous updates promoting mdb and fixing examples
slapd.access(5) - Note MDB is the primary backend
slapd.backends(5) - Note MDB is the recommended backend
slapd-ldap(5) - Document starttls parameter
Contrib
Added slapo-lastbind capability to forward authTimestamp updates

(adam)

py-google-api-python-client: updated to 1.7.10

Version 1.7.10

Bugfix release

Implementation Changes
- Decode service to utf-8
- Use print() function in both Python2 and Python 3
- Make http.MediaFileUpload close its file descriptor
- Never make 'body' required

Documentation
- Add compatability check badges to README
- Regenerate docs
- Create index file for dynamically generated docs
- Add docs folder with guides from developers.google.com

Internal / Testing Changes
- Fix http.py, lint errors, unit test
- tox.ini: Look for Python syntax errors and undefined names

(adam)

Updated time/py-arrow, security/py-asn1, security/py-asn1-modules

(adam)

py-asn1-modules: updated to 0.2.6

Revision 0.2.6:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
  in CMS
- Added RFC6019 providing BinaryTime - an alternate format
  for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
  Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
  MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection with CMS
- Added RFC2634 providing Enhanced Security Services for S/MIME
- Added RFC5915 providing Elliptic Curve Private Key
- Added RFC5940 providing CMS Revocation Information Choices
- Added RFC7296 providing IKEv2 Certificate Bundle
- Added RFC8619 providing HKDF Algorithm Identifiers
- Added RFC7191 providing CMS Key Package Receipt and Error Content
  Types
- Added openType support for ORAddress Extension Attributes and
  Algorithm Identifiers in the RFC5280 module
- Added RFC5035 providing Update to Enhanced Security Services for
  S/MIME
- Added openType support for CMS Content Types and CMS Attributes
  in the RFC5652 module
- Added openType support to RFC 2986 by importing definitions from
  the RFC 5280 module so that the same maps are used.
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
  RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
  RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
  and RFC 8520
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
  and `SetOf` objects via `subtypeConstraint` attribute to be applied
  via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
  objects as `subtypeConstraint`, the former is only verified on
  de/serialization i.e. when the [constructed] object at hand is fully
  populated, while the latter is applied to [scalar] types at the moment
  of instantiation.

(adam)

py-asn1: updated to 0.4.6

Revision 0.4.6:
- Added previously missing SET OF ANY construct encoding/decoding support.
- Added omitEmptyOptionals option which is respected by Sequence
  and Set encoders. When omitEmptyOptionals is set to True, empty
  initialized optional components are not encoded. Default is False.
- New elements to SequenceOf/SetOf objects can now be added at any
  position - the requirement for the new elements to reside at the end
  of the existing ones (i.e. s[len(s)] = 123) is removed.
- List-like slicing support added to SequenceOf/SetOf objects.
- Removed default initializer from SequenceOf/SetOf types to ensure
  consistent behaviour with the rest of ASN.1 types. Before this change,
  SequenceOf/SetOf instances immediately become value objects behaving
  like an empty list. With this change, SequenceOf/SetOf objects
  remain schema objects unless a component is added or .clear() is
  called.
  This change can potentially cause incompatibilities with existing
  pyasn1 objects which assume SequenceOf/SetOf instances are value
  objects right upon instantiation.
  The behaviour of Sequence/Set types depends on the componentType
  initializer: if on componentType is given, the behaviour is the
  same as SequenceOf/SetOf have. IF componentType is given, but
  neither optional nor defaulted components are present, the created
  instance remains schema object, If, however, either optional or
  defaulted component isi present, the created instance immediately
  becomes a value object.
- Added .reset() method to all constructed types to turn value object
  into a schema object.
- Added PyAsn1UnicodeDecodeError/PyAsn1UnicodeDecodeError exceptions
  to help the caller treating unicode errors happening internally
  to pyasn1 at the upper layers.
- Added support for subseconds CER/DER encoding edge cases in
  GeneralizedTime codec.
- Fixed 3-digit fractional seconds value CER/DER encoding of
  GeneralizedTime.
- Fixed AnyDecoder to accept possible TagMap as asn1Spec
  to make dumping raw value operational

(adam)

py-arrow: updated to 0.14.4

0.14.4
- [FIX] Fixed a regression in 0.14.3 that prevented a tzinfo argument of type string to be passed to the get() function. Functionality such as arrow.get("2019072807", "YYYYMMDDHH", tzinfo="UTC") should work as normal again.
- [CHANGE] Moved backports.functools_lru_cache dependency from extra_requires to install_requires for Python 2.7 installs to fix

0.14.3
- [NEW] Added full support for Python 3.8.
- [CHANGE] Added warnings for upcoming factory.get() parsing changes in 0.15.0. Please see https://github.com/crsmithdev/arrow/issues/612 for full details.
- [FIX] Extensive refactor and update of documentation.
- [FIX] factory.get() can now construct from kwargs.
- [FIX] Added meridians to Spanish Locale.

(adam)

Updated textproc/py-lxml, time/py-pytz

(adam)

py-pytz: updated to 2019.2

2019.2:
Unknown changes

(adam)

py-lxml: updated to 4.4.0

4.4.0:

Features added
--------------
* Element.clear() accepts a new keyword argument keep_tail=True to
  clear everything but the tail text.  This is helpful in some document-style
  use cases.

* When creating attributes or namespaces from a dict in Python 3.6+, lxml now
  preserves the original insertion order of that dict, instead of always sorting
  the items by name.  A similar change was made for ElementTree in CPython 3.8.
  See https://bugs.python.org/issue34160

* Integer elements in lxml.objectify implement the __index__() special method.

* Read-only elements in XSLT were missing the nsmap property.
  Original patch by Jan Pazdziora.

* ElementInclude can now restrict the maximum inclusion depth via a max_depth
  argument to prevent content explosion.  It is limited to 6 by default.

* The target object of the XMLParser can have start_ns() and end_ns()
  callback methods to listen to namespace declarations.

* The TreeBuilder has new arguments comment_factory and pi_factory to
  pass factories for creating comments and processing instructions, as well as
  flag arguments insert_comments and insert_pis to discard them from the
  tree when set to false.

* A C14N 2.0 <https://www.w3.org/TR/xml-c14n2/>_ implementation was added as
  etree.canonicalize(), a corresponding C14NWriterTarget class, and
  a c14n2 serialisation method.

Bugs fixed
----------
* When writing to file paths that contain the URL escape character '%', the file
  path could wrongly be mangled by URL unescaping and thus write to a different
  file or directory.  Code that writes to file paths that are provided by untrusted
  sources, but that must work with previous versions of lxml, should best either
  reject paths that contain '%' characters, or otherwise make sure that the path
  does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.

* Assigning to Element child slices with negative step could insert the slice at
  the wrong position, starting too far on the left.

* Assigning to Element child slices with overly large step size could take very
  long, regardless of the length of the actual slice.

* Assigning to Element child slices of the wrong size could sometimes fail to
  raise a ValueError (like a list assignment would) and instead assign outside
  of the original slice bounds or leave parts of it unreplaced.

* The comment and pi events in iterwalk() were never triggered, and
  instead, comments and processing instructions in the tree were reported as
  start elements.  Also, when walking an ElementTree (as opposed to its root
  element), comments and PIs outside of the root element are now reported.

* The RelaxNG compact syntax support was broken with recent versions
  of rnc2rng.

* The HTML elements source and track were added to the list
  of empty tags in lxml.html.defs.

* Registering a prefix other than "xml" for the XML namespace is now rejected.

* Failing to write XSLT output to a file could raise a misleading exception.
  It now raises IOError.

Other changes
-------------
* Support for Python 3.4 was removed.

* When using Element.find*() with prefix-namespace mappings, the empty string
  is now accepted to define a default namespace, in addition to the previously
  supported None prefix.  Empty strings are more convenient since they keep
  all prefix keys in a namespace dict strings, which simplifies sorting etc.

* The ElementTree.write_c14n() method has been deprecated in favour of the
  long preferred ElementTree.write(f, method="c14n").  It will be removed
  in a future release.

(adam)

Updated archivers/zstd, devel/cmake

(adam)

cmake: updated to 3.15.1

Changes made since CMake 3.15.0:
* CTest: Generate Done.xml before calculating its hash
* VS: Place intermediate files in the "ASM List Location" next to objects
* MSVC: Document behavior when MSVC_RUNTIME_LIBRARY is not set
* Clang: For MSVC ABI do not use modes older than C++14
* Tests: Revert "require C++14 for the Tutorial"
* Makefile: Fix regression in dependencies on relative includes
* Help: Add 3.15.1 release notes
* IRSL: Fix typo in v143 toolset version check
* IRSL: Fix discovery of VS 2019 v141 toolset redistributables
* FindPython: ensure interpreter is founded when cross-compiling
* Fix allocation in CROSSCOMPILING_EMULATOR evaluation
* FindMPI: Updated to use INTERFACE_LINK_OPTIONS
* FindMPI: make sure computed link flags are not de-duplicated
* Support per-language library link flags
* Swift: Add library search paths for dependencies
* Swift: add rules for static linking
* Swift: support multithreaded compilation
* Swift: support SONAME on ELFish targets

(adam)

zstd: updated to 1.4.2

Zstandard v1.4.2

Legacy Decompression Fix

This release is a small one, that corrects an issue discovered in the previous release. Zstandard v1.4.1 included a bug in decompressing v0.5 legacy frames, which is fixed in v1.4.2.

Detailed Changes

bug: Fix bug in zstd-0.5 decoder
bug: Fix seekable decompression in-memory API
bug: Close minor memory leak in CLI
misc: Validate blocks are smaller than size limit
misc: Restructure source files

(adam)

Updated www/py-django-extensions, www/py-beautifulsoup4, devel/py-mako, net/py-grpcio-tools

(adam)

py-grpcio-tools: updated to 1.22.0

Match grpc.

(adam)

py-mako: updated to 1.0.14

1.0.14

[feature] [template]

The n filter is now supported in the <%page> tag. This allows a template to omit the default expression filters throughout a whole template, for those cases where a template-wide filter needs to have default filtering disabled. Pull request courtesy Martin von Gagern.

[bug] [exceptions]

Fixed issue where the correct file URI would not be shown in the template-formatted exception traceback if the template filename were not known. Additionally fixes an issue where stale filenames would be displayed if a stack trace alternated between different templates. Pull request courtesy Martin von Gagern.

(adam)

py-beautifulsoup4: updated to 4.8.0

4.8.0:

This release focuses on making it easier to customize Beautiful Soup's
input mechanism (the TreeBuilder) and output mechanism (the Formatter).

* You can customize the TreeBuilder object by passing keyword
  arguments into the BeautifulSoup constructor. Those keyword
  arguments will be passed along into the TreeBuilder constructor.

  The main reason to do this right now is to change how which
  attributes are treated as multi-valued attributes (the way 'class'
  is treated by default). You can do this with the
  'multi_valued_attributes' argument.

* The role of Formatter objects has been greatly expanded. The Formatter
  class now controls the following:

  - The function to call to perform entity substitution. (This was
    previously Formatter's only job.)
  - Which tags should be treated as containing CDATA and have their
    contents exempt from entity substitution.
  - The order in which a tag's attributes are output.
  - Whether or not to put a '/' inside a void element, e.g. '<br/>' vs '<br>'

  All preexisting code should work as before.

* Added a new method to the API, Tag.smooth(), which consolidates
  multiple adjacent NavigableString elements.

* &apos; (which is valid in XML, XHTML, and HTML 5, but not HTML 4) is always
  recognized as a named entity and converted to a single quote.

(adam)

py-django-extensions: updated to 2.2.1

2.2.1
Changes:
Fix: tests, support for newer versions of pytest
Fix: tests, disable test with drf dependency for older python versions

2.2.0
Changes:
Fix: removing wrongly released text_tags template
Fix: graph_models, support for Python <3.6
Improvement: ForeignKeySearchInput, wrap media files in static()
Improvement: UniqField, added tests
Improvement: dumpscript, fix orm_item_locator to use dateutil
Improvement: graph_models, added argument to change arrow_shape

(adam)

Updated devel/cmake

(adam)

cmake: updated to 3.15.0

3.15.0:

New Features
============

Generators
----------

* The "Xcode" generator now supports per-target schemes. See the
  "CMAKE_XCODE_GENERATE_SCHEME" variable and "XCODE_GENERATE_SCHEME"
  target property.

* The "Green Hills MULTI" generator has been updated:

  * It now supports the "add_custom_command()" and
    "add_custom_target()" commands.

  * It is now available on Linux.

Languages
---------

* Preliminary support for the "Swift" language was added to the
  "Ninja" generator:

  * Use the "SWIFTC" environment variable to specify a compiler.

  * The "Swift_DEPENDENCIES_FILE" target property and
    "Swift_DEPENDENCIES_FILE" source file property were added to
    customize dependency files.

  * The "Swift_MODULE_NAME" target property was added to customize
    the Swift module name.

  * The "Swift_DIAGNOSTICS_FILE" source property was added to
    indicate where to write the serialised Swift diagnostics.

  The Swift support is experimental, not considered stable, and may
  change in future releases of CMake.

Compilers
---------

* The "Clang" compiler variant on Windows that targets the MSVC ABI
  but has a GNU-like command line is now supported.

* Support for the Clang-based ARM compiler was added with compiler
  id "ARMClang".

* Support was added for the IAR compiler architectures Renesas RX,
  RL78, RH850 and Texas Instruments MSP430.

* Support was added for the IAR compilers built for Linux (IAR
  BuildLx).

Command-Line
------------

* The "CMAKE_GENERATOR" environment variable was added to specify a
  default generator to use when "cmake(1)" is run without a "-G"
  option.  Additionally, environment variables
  "CMAKE_GENERATOR_PLATFORM", "CMAKE_GENERATOR_TOOLSET", and
  "CMAKE_GENERATOR_INSTANCE" were created to configure the generator.

* The "cmake(1)" "--build" tool "--target" parameter gained support
  for multiple targets, e.g. "cmake --build . --target Library1
  Library2". It now also has a short form "-t" alias, e.g. "cmake
  --build . -t Library1 Library2".

* The "cmake(1)" command gained a new "--install" option. This may
  be used after building a project to run installation without using
  the generated build system or the native build tool.

* The "cmake(1)" command learned a new CLI option "--loglevel".

* The "cmake(1)" "-E remove_directory" command-line tool learned to
  support removing multiple directories.

* The "cmake(1)" "-E tar" tool has been improved:

  * It now continues adding files to an archive even if some of the
    files are not readable.  This behavior is more consistent with the
    classic "tar" tool.

  * It now parses all flags, and if an invalid flag was provided, a
    warning is issued.

  * It now displays an error if no action flag was specified, along
    with a list of possible actions: "t" (list), "c" (create) or "x"
    (extract).

  * It now supports extracting ("-x") or listing ("-t") only
    specific files or directories.

  * It now supports Zstandard compression with a "--zstd" option.
    Zstandard was designed to give a compression ratio comparable to
    that of the DEFLATE (zip) algorithm, but faster, especially for
    decompression.

Commands
--------

* The "add_custom_command()" and "add_custom_target()" commands
  gained a new "JOB_POOL" option that works with the "Ninja" generator
  to set the pool variable on the build statement.

* The "add_library()" command "ALIAS" option learned to support
  import libraries of the "UNKNOWN" type.

* The "cmake_parse_arguments()" command gained an additional
  "_KEYWORDS_MISSING_VALUES" output variable to report keyword
  arguments that were given by the caller with no values.

* The "execute_process()" command gained a "COMMAND_ECHO" option and
  supporting "CMAKE_EXECUTE_PROCESS_COMMAND_ECHO" variable to enable
  echoing of the command-line string before execution.

* The "file(INSTALL)" command learned a new argument,
  "FOLLOW_SYMLINK_CHAIN", which can be used to recursively resolve and
  install symlinks.

* "list()" learned new sub-commands: "PREPEND", "POP_FRONT" and
  "POP_BACK".

* The "message()" command learned new types: "NOTICE", "VERBOSE",
  "DEBUG" and "TRACE".

* The "string()" learned a new sub-command "REPEAT".

Variables
---------

* The "CMAKE_CROSSCOMPILING_EMULATOR" variable and corresponding
  "CROSSCOMPILING_EMULATOR" target property learned to support
  arguments to the emulator.

* The "CMAKE_FIND_PACKAGE_PREFER_CONFIG" variable was added to tell
  "find_package()" calls to look for a package configuration file
  first even if a find module is available.

* The "CMAKE_FRAMEWORK" variable was added to initialize the
  "FRAMEWORK" property on all targets.

* The "CMAKE_VS_JUST_MY_CODE_DEBUGGING" variable and
  "VS_JUST_MY_CODE_DEBUGGING" target property were added to enable the
  Just My Code feature of the Visual Studio Debugger when compiling
  with MSVC cl 19.05 and higher.

* The "CMAKE_MSVC_RUNTIME_LIBRARY" variable and
  "MSVC_RUNTIME_LIBRARY" target property were introduced to select the
  runtime library used by compilers targeting the MSVC ABI. See policy
  "CMP0091".

* The "CMAKE_PROJECT_INCLUDE" and "CMAKE_PROJECT_INCLUDE_BEFORE"
  variables were added to allow injection of custom code at the sites
  of "project()" calls without knowing the project name a priori.

Properties
----------

* The "ADDITIONAL_CLEAN_FILES" target property and
  "ADDITIONAL_CLEAN_FILES" directory property were added. They allow
  to register additional files that should be removed during the clean
  stage.

* The "PUBLIC_HEADER" and "PRIVATE_HEADER" properties may now be set
  on Interface Libraries. The headers specified by those properties
  can be installed using the "install(TARGETS)" command by passing the
  "PUBLIC_HEADER" and "PRIVATE_HEADER" arguments respectively.

* The "VS_PACKAGE_REFERENCES" target property was added to tell
  Visual Studio Generators to add references to "nuget" packages.

* The "VS_PROJECT_IMPORT" target property was added to allow managed
  Visual Studio project files to import external ".props" files.

* The "VS_NO_SOLUTION_DEPLOY" target property was added to tell
  Visual Studio Generators whether to deploy an artifact to the WinCE
  or Windows Phone target device.

Modules
-------

* The "FindBoost" module was reworked to expose a more consistent
  user experience between its ���Config��� and ���Module��� modes and with
  other find modules in general.

  * A new imported target "Boost::headers" is now defined (same as
    "Boost::boost").

  * New output variables "Boost_VERSION_MACRO",
    "Boost_VERSION_MAJOR", "Boost_VERSION_MINOR",
    "Boost_VERSION_PATCH", and "Boost_VERSION_COUNT" were added.

  * The "QUIET" argument passed to "find_package()" is no longer
    ignored in config mode.  Note that the CMake package shipped with
    Boost "1.70.0" ignores the "QUIET" argument passed to
    "find_package()".  This is fixed in the next Boost release.

  * The input switch "Boost_DETAILED_FAILURE_MSG" was removed.

  * "Boost_VERSION" now reports the version in "x.y.z" format in
    module mode.  See policy "CMP0093".

* The "FindCups" module now provides imported targets.

* The "FindEnvModules" module was added to use Lua- and TCL-based
  environment modules in CTest Scripts.

* The "FindGLEW" module now provides an interface more consistent
  with what upstream GLEW provides in its own CMake package files.

* The "FindPkgConfig" now populates "INTERFACE_LINK_OPTIONS"
  property of imported targets with other (non-library) linker flags.

* The "FindPostgreSQL" module learned to find debug and release
  variants separately.

* Modules "FindPython3", "FindPython2" and "FindPython" gained
  additional lookup strategies and controls, and a new default. See
  policy "CMP0094".

* Modules "FindPython", "FindPython2" and "FindPython3" gain a new
  target (respectively "Python::Module", "Python2::Module" and
  "Python3::Module") which can be used to develop Python modules.

* Modules "FindPython3", "FindPython2" and "FindPython" gain
  capability to control how virtual environments are handled.

* The "UseSWIG" module learned to manage alternate library names by
  passing "-interface      " for "python" language or
  "-dllimport      " for "CSharp" language to the "SWIG"
  compiler.

Generator Expressions
---------------------

* The "generator expressions" "C_COMPILER_ID", "CXX_COMPILER_ID",
  "CUDA_COMPILER_ID", "Fortran_COMPILER_ID", "COMPILE_LANGUAGE",
  "COMPILE_LANG_AND_ID", and "PLATFORM_ID" learned to support matching
  one value from a comma-separated list.

CTest
-----

* The "ctest_submit()" command learned a new option: "BUILD_ID".
  This can be used to store the ID assigned to this build by CDash to
  a variable.

* The "ctest_update()" command learned to honor a new variable:
  "CTEST_UPDATE_VERSION_OVERRIDE". This can be used to specify the
  current version of your source tree rather than using the update
  command to discover the current version that is checked out.

CPack
-----

* The "CPack IFW Generator" gained a new
  "CPACK_IFW_PACKAGE_STYLE_SHEET" variable to customize the installer
  stylesheet.

Deprecated and Removed Features
===============================

* The "cmake-server(7)" mode has been deprecated and will be removed
  from a future version of CMake.  Please port clients to use the
  "cmake-file-api(7)" instead.

* The "ADDITIONAL_MAKE_CLEAN_FILES" directory property is now
  deprecated.  Use the "ADDITIONAL_CLEAN_FILES" directory property
  instead.

* The variable "CMAKE_AUTOMOC_RELAXED_MODE" is considered
  deprecated. Support still exists but will be removed in future
  versions.

* The "export(PACKAGE)" command now does nothing unless enabled via
  "CMAKE_EXPORT_PACKAGE_REGISTRY". See policy "CMP0090".

* The "Xcode" generator now requires at least Xcode 5.

* An explicit deprecation diagnostic was added for policy "CMP0066"
  ("CMP0065" and below were already deprecated). The "cmake-
  policies(7)" manual explains that the OLD behaviors of all policies
  are deprecated and that projects should port to the NEW behaviors.

Other Changes
=============

* CMake learned how to compile C++14 with the IBM AIX XL compiler
  and the SunPro compiler and to compile C++20 with the AppleClang
  compiler.

* With MSVC-like compilers the value of "CMAKE__FLAGS" no
  longer contains warning flags like "/W3" by default. See policy
  "CMP0092".

* IBM Clang-based XL compilers that define "__ibmxl__" now use the
  compiler id "XLClang" instead of "XL".  See policy "CMP0089".

* The "file(REMOVE)" and "file(REMOVE_RECURSE)" commands were
  changed to ignore empty arguments with a warning instead of treating
  them as a relative path and removing the contents of the current
  directory.

(adam)

Updated devel/py-virtualenv, time/py-pendulum

(adam)

py-pendulum: updated to 2.0.5

2.0.5:

Fixed
* Fixed ISO week dates not being parsed properly in from_format().
* Fixed loading of some timezones with empty posix spec.
* Fixed deprecation warnings.

Locales
* Added RU locale.

(adam)

py-virtualenv: updated to 16.6.2

v16.6.2:

Bugfixes
- Extend the LICESNE search paths list by lib64/pythonX.Y to support Linux
  vendors who install their Python to /usr/lib64/pythonX.Y (Gentoo, Fedora,
  openSUSE, RHEL and others)

(adam)

Updated net/wireshark, multimedia/libvpx

(adam)

libvpx: updated to 1.8.1

v1.8.1 "Orpington Duck"
  This release collects incremental improvements to many aspects of the library.

  - Upgrading:
    VP8E_SET_CPUUSED now accepts values up to 9 for vp9.
    VPX_CTRL_VP9E_SET_MAX_INTER_BITRATE_PCT had a spelling fix (was VP8E).
    The --sdk-path option has been removed. If you were using it to build for
      Android please read build/make/Android.mk for alternatives.
    All PPC optimizations have been disabled:
      https://bugs.chromium.org/p/webm/issues/detail?id=1522.

  - Enhancements:
    Various changes to improve encoder rate control, quality and speed
      for practically every use case.

  - Bug fixes:
    vp9-rtc: Fix color artifacts for speed >= 8.

(adam)

wireshark: updated to 3.0.3

Wireshark 3.0.3 Release Notes

What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

What’s New

    • The Windows installers now ship with Qt 5.12.4. They previously
      shipped with Qt 5.12.3.

    • The Windows installers now ship with Npcap 0.996. They previously
      shipped with Npcap 0.995.

    • The macOS installer now ships with Qt 5.12.4. It previously
      shipped with Qt 5.12.1.

  Bug Fixes

  The following vulnerabilities have been fixed:

    • wnpa-sec-2019-20[1] ASN.1 BER and related dissectors crash. Bug
      15870[2]. CVE-2019-13619[3].

  The following bugs have been fixed:

    • "ninja install" installs help/faq.py instead of help/faq.txt. Bug
      15543[4].

    • In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match
      the filter "eth.dst". Bug 15731[5].

    • Developer’s Guide section 3.9 "Contribute your changes" should
      incorporate or link "Writing a good commit message" from the
      Wiki. Bug 15752[6].

    • RSL dissector bugs in presence of optional IEs. Bug 15789[7].

    • The "Media Attribute Value" field is missed in rtcp SDP
      dissection (packet-sdp.c). Bug 15791[8].

    • BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug
      15807[9].

    • Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are
      swapped. Bug 15821[10].

    • tshark: Display filter error message references "-d" when it
      should reference "-Y". Bug 15825[11].

    • Open "protocol" preferences …<U+200B> does not work for protocol in
      subtree. Bug 15836[12].

    • Problems with sshdump "Error by extcap pipe: sh: sudo: command
      not found". Bug 15845[13].

    • editcap won’t change encapsulation type when writing pcap format.
      Bug 15873[14].

    • ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in
      the 3.0.2. Bug 15887[15].

  New and Updated Features

  There are no new features in this release.

  New Protocol Support

  There are no new protocols in this release.

  Updated Protocol Support

  AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet,
  ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL,
  SDP, SMB, TNEF, and Wi-SUN

  New and Updated Capture File Support

  Ascend

  New and Updated Capture Interfaces support

  There is no new or updated capture file support in this release.

(adam)

Updated devel/waf, lang/py-parso

(adam)

py-parso: updated to 0.5.1

0.5.1:
- Fix: Some unicode identifiers were not correctly tokenized
- Fix: Line continuations in f-strings are now working

(adam)

waf: updated to 2.0.18

NEW IN WAF 2.0.18
-----------------
* Fix a deadlock with cython and subst tasks
* Fix rpath processing so that it no longer breaks dependency chains
* Fix fast_partial.py failures on configuration tests
* Fix duplicate -fno-strict-aliasing flags in Python compilation flags detection
* Fix annoying PIE errors in demos/asm/
* Improve configuration tests cache accuracy
* Improve extras/fast_partial.py compatibility
* Improve extras/doxygen.py outdir parameter settings
* Add a dependency scanner for assembly files (Gas/Yasm)
* Add executable arguments for configuration tests / execute=True
* Add a QtTest example to demos/qt5/
* Add a cross-compilation option to extras/objcopy.py

(adam)

exiv2: fix buildling on Darwin

(adam)

Updated security/py-acme, security/py-certbot

(adam)

py-certbot: updated to 0.36.0

0.36.0:

Added
-----
Turn off session tickets for nginx plugin by default
Added missing error types from RFC8555 to acme

Changed
-------
Support for Ubuntu 14.04 Trusty has been removed.
Update the 'manage your account' help to be more generic.
The error message when Certbot's Apache plugin is unable to modify your Apache configuration has been improved.
Certbot's config_changes subcommand has been deprecated and will be removed in a future release.
certbot config_changes no longer accepts a --num parameter.
The functions certbot.plugins.common.Installer.view_config_changes and certbot.reverter.Reverter.view_config_changes have been deprecated and will be removed in a future release.

Fixed
-----
Replace some unnecessary platform-specific line separation.

(adam)

Updated www/py-flask, archivers/py-zipp

(adam)

py-zipp: updated to 0.5.2

v0.5.2
Parent of a directory now actually returns the parent.

(adam)

py-flask: updated to 1.1.1

Version 1.1.1

The flask.json_available flag was added back for compatibility with some extensions. It will raise a deprecation warning when used, and will be removed in version 2.0.0.

Version 1.1.0

Bump minimum Werkzeug version to >= 0.15.
Drop support for Python 3.4.
Error handlers for InternalServerError or 500 will always be passed an instance of InternalServerError. If they are invoked due to an unhandled exception, that original exception is now available as e.original_exception rather than being passed directly to the handler. The same is true if the handler is for the base HTTPException. This makes error handler behavior more consistent.
Flask.finalize_request() is called for all unhandled exceptions even if there is no 500 error handler.
Flask.logger takes the same name as Flask.name (the value passed as Flask(import_name). This reverts 1.0窶冱 behavior of always logging to "flask.app", in order to support multiple apps in the same process. A warning will be shown if old configuration is detected that needs to be moved.
flask.RequestContext.copy() includes the current session object in the request context copy. This prevents session pointing to an out-of-date object.
Using built-in RequestContext, unprintable Unicode characters in Host header will result in a HTTP 400 response and not HTTP 500 as previously.
send_file() supports PathLike objects as described in PEP 0519, to support pathlib in Python 3.
send_file() supports BytesIO partial content.
open_resource() accepts the 窶徨t窶� file mode. This still does the same thing as 窶徨窶�.
The MethodView.methods attribute set in a base class is used by subclasses.
Flask.jinja_options is a dict instead of an ImmutableDict to allow easier configuration. Changes must still be made before creating the environment.
Flask窶冱 JSONMixin for the request and response wrappers was moved into Werkzeug. Use Werkzeug窶冱 version with Flask-specific support. This bumps the Werkzeug dependency to >= 0.15.
The flask command entry point is simplified to take advantage of Werkzeug 0.15窶冱 better reloader support. This bumps the Werkzeug dependency to >= 0.15.
Support static_url_path that ends with a forward slash.
Support empty static_folder without requiring setting an empty static_url_path as well.
jsonify() supports dataclasses.dataclass objects.
Allow customizing the Flask.url_map_class used for routing.
The development server port can be set to 0, which tells the OS to pick an available port.
The return value from cli.load_dotenv() is more consistent with the documentation. It will return False if python-dotenv is not installed, or if the given path isn窶冲 a file.
Signaling support has a stub for the connect_via method when the Blinker library is not installed.
Add an --extra-files option to the flask run CLI command to specify extra files that will trigger the reloader on change.
Allow returning a dictionary from a view function. Similar to how returning a string will produce a text/html response, returning a dict will call jsonify to produce a application/json response.
Blueprints have a cli Click group like app.cli. CLI commands registered with a blueprint will be available as a group under the flask command..
When using the test client as a context manager (with client:), all preserved request contexts are popped when the block exits, ensuring nested contexts are cleaned up correctly.
Show a better error message when the view return type is not supported.
flask.testing.make_test_environ_builder() has been deprecated in favour of a new class flask.testing.EnvironBuilder.
The flask run command no longer fails if Python is not built with SSL support. Using the --cert option will show an appropriate error message.
URL matching now occurs after the request context is pushed, rather than when it窶冱 created. This allows custom URL converters to access the app and request contexts, such as to query a database for an id.

(adam)

Updated devel/yarn, textproc/py-deepdiff

(adam)

py-deepdiff: updated to 4.0.7

4.0.7:
Hashing of the number 1 vs. True

(adam)

yarn: updated to 1.17.3

1.17.3
Enforces https for the Yarn and npm registries.

1.17.2
Adds support for reading yarnPath from v2-produced .yarnrc.yml files.

1.17.0
Adds prereleases flags and prerelease identifier to yarn version.
Fixes audits when used with yarn add & yarn upgrade
Adds support for the --offline flag to yarn global add
Yarn will tolerate Yaml at parse time. Full support isn't ready yet and will only come at the next major.
Fixes a bug when using the link: protocol with a folder that doesn't contain a package.json

(adam)

Updated devel/protobuf, devel/py-protobuf

(adam)

py-protobuf: updated to 3.9.0

Protocol Buffers v3.9.0

Python

Change implementation of Name() for enums that allow aliases in proto2 in Python
to be in line with claims in C++ implementation (to return first value).
Explicitly say what field cannot be set when the new value fails a type check.
Duplicate register in descriptor pool will raise errors
Add slots to all well_known_types classes, custom attributes are not allowed anymore.
text_format only present 8 valid digits for float fields by default

(adam)

protobuf: updated to 3.9.0

Protocol Buffers v3.9.0

C++

Optimize and simplify implementation of RepeatedPtrFieldBase
Don't create unnecessary unknown field sets.
Remove branch from accessors to repeated field element array.
Added delimited parse and serialize util.
Reduce size by not emitting constants for fieldnumbers
Fix a bug when comparing finite and infinite field values with explicit tolerances.
TextFormat::Parser should use a custom Finder to look up extensions by number if one is provided.
Add MessageLite::Utf8DebugString() to make MessageLite more compatible with Message.
Fail fast for better performance in DescriptorPool::FindExtensionByNumber() if descriptor has no defined extensions.
Adding the file name to help debug colliding extensions
Added FieldDescriptor::PrintableNameForExtension() and DescriptorPool::FindExtensionByPrintableName().
The latter will replace Reflection::FindKnownExtensionByName().
Replace NULL with nullptr
Created a new Add method in repeated field that allows adding a range of elements all at once.
Enabled enum name-to-value mapping functions for C++ lite
Avoid dynamic initialization in descriptor.proto generated code
Move stream functions to MessageLite from Message.
Move all zero_copy_stream functionality to io_lite.
Do not create array of matched fields for simple repeated fields
Enabling silent mode by default to reduce make compilation noise.

(adam)

Updated databases/py-orderedmultidict, sysutils/py-crontab, devel/py-meson, time/py-aniso8601

(adam)

py-aniso8601: updated to 7.0.0

Changes 7.0.0
Handle all fractional components as an integer number of microseconds, eliminating rounding issues

(adam)

py-meson: updated to 0.51.1

0.51.1:
Unknown changes

(adam)

py-crontab: updated to 2.3.8

Version 2.3.8
- Updated RADME and special time setting fixes.
- Attempt a fix of issue 27 (no test suite test)
- Merge branch 'master' into 'master'
- update README.rst file
- Fix 48, specials can't be changed to another time.
- Bump version for pypi update
- Fix 41 dead link to github
- Ignore mypy_cache
- Fix 39 - Tab next to username will parse correctly
- Merge remote-tracking branch 'flotus/patch-1'
- Improve explaination about using the write function
- fixed environment

(adam)

py-orderedmultidict: updated to 1.0.1

1.0.1:
Unknown changes

(adam)

Updated databases/repmgr

(adam)

repmgr: updated to 4.4.0

4.4.0:
repmgr client enhancements
--------------------------

repmgr standby clone: prevent a standby from being cloned from a witness server (PostgreSQL 9.6 and later only).

repmgr witness register: prevent a witness server from being registered on the replication cluster primary server (PostgreSQL 9.6 and later only).

Registering a witness on the primary node would defeat the purpose of having a witness server, which is intended to remain running even if the cluster's primary goes down.

repmgr standby follow: note that an active, reachable cluster primary is required for this command; and provide a more helpful error message if no reachable primary could be found.

repmgr: when executing repmgr standby switchover, if --siblings-follow is not supplied, list all nodes which repmgr considers to be siblings (this will include the witness server, if in use), and which will remain attached to the old primary.

repmgr: when executing repmgr standby switchover, ignore nodes which are unreachable and marked as inactive. Previously it would abort if any node was unreachable, as that means it was unable to check if repmgrd is running.

However if the node has been marked as inactive in the repmgr metadata, it's reasonable to assume the node is no longer part of the replication cluster and does not need to be checked.

repmgr standby switchover and repmgr standby promote: when executing with the --dry-run option, continue checks as far as possible even if errors are encountered.

repmgr standby promote: add --siblings-follow (similar to repmgr standby switchover).

repmgr daemon status: make output similar to that of repmgr cluster show for consistency and to make it easier to identify nodes not in the expected state.

repmgr cluster show: display each node's timeline ID (PostgreSQL 9.6 and later only).

repmgr cluster show and repmgr daemon status: show the upstream node name as reported by each individual node - this helps visualise situations where the cluster is in an unexpected state, and provide a better idea of the actual cluster state.

For example, if a cluster has divided somehow and a set of nodes are following a new primary, when running either of these commands, repmgr will now show the name of the primary those nodes are actually following, rather than the now outdated node name recorded on the other side of the "split". A warning will also be issued about the unexpected situation.

repmgr cluster show and repmgr daemon status: check if a node is attached to its advertised upstream node, and issue a warning if the node is not attached.

repmgrd enhancements
--------------------

On the primary node, repmgrd is now able to monitor standby connections and, if the number of nodes connected falls below a certain (configurable) value, execute a custom script.

This provides an additional method for fencing an isolated primary node, and/or taking other action if one or more standys become disconnected.

See section Monitoring standby disconnections on the primary node for more details.

In a failover situation, repmgrd nodes on the standbys of the failed primary are now able confirm among themselves that none can still see the primary before continuing with the failover.

The repmgr.conf option primary_visibility_consensus must be set to true to enable this functionality.

See section Primary visibility consensus for more details.

Bug fixes
---------
Ensure BDR2-specific functionality cannot be used on BDR3 and later.

The BDR support present in repmgr is for specific BDR2 use cases.

repmgr: when executing repmgr standby clone in --dry-run mode, ensure provision of the --force option does not result in an existing data directory being modified in any way.

repmgr: when executing repmgr primary register with the --force option, if another primary record exists but the associated node is unreachable (or running as a standby), set that node's record to inactive to enable the current node to be registered as a primary.

repmgr: when executing repmgr standby clone with the --upstream-conninfo, ensure that application_name is set correctly in primary_conninfo.

repmgr: when executing repmgr standby switchover, don't abort if one or more nodes are not reachable and they are marked as inactive.

repmgr: canonicalize the data directory path when parsing the configuration file, so the provided path matches the path PostgreSQL reports as its data directory. Otherwise, if e.g. the data directory is configured with a trailing slash, repmgr node check --data-directory-config will return a spurious error.

repmgrd: fix memory leak which occurs while the monitored PostgreSQL node is not running.

Other
-----
The repmgr documentation has been converted to DocBook XML format, as currently used by the main PostgreSQL project. This means it can now be built against any PostgreSQL version from 9.5 (previously it was not possible to build the documentation against PostgreSQL 10 or later), and makes it easier to provide the documentation in other formats such as PDF.

(adam)

Updated databases/sqlite3 and friends

(adam)

sqlite3: updated to 3.29.0

SQLite Release 3.29.0:
Added the SQLITE_DBCONFIG_DQS_DML and SQLITE_DBCONFIG_DQS_DDL actions to sqlite3_db_config() for activating and deactivating the double-quoted string literal misfeature. Both default to "on" for legacy compatibility, but developers are encouraged to turn them "off", perhaps using the -DSQLITE_DQS=0 compile-time option.
-DSQLITE_DQS=0 is now a recommended compile-time option.

Improvements to the query planner:
Improved optimization of AND and OR operators when one or the other operand is a constant.
Enhancements to the LIKE optimization for cases when the left-hand side column has numeric affinity.
Added the "sqlite_dbdata" virtual table for extracting raw low-level content from an SQLite database, even a database that is corrupt.

Enhancements to the CLI:
Add the ".recover" command which tries to recover as much content as possible from a corrupt database file.
Add the ".filectrl" command useful for testing.
Add the long-standing ".testctrl" command to the ".help" menu.
Added the ".dbconfig" command

(adam)

Updated net/ndpi, net/ntopng

(adam)

ntopng: updated to 3.8

3.8 Stable

New features
* Remote assistance to temporarily grant encrypted ntopng access to remote
parties
* Custom URLs and IP addresses mappings to traffic categories
* Continuous traffic recording
* User activities logging
* Extended chart metrics

Improvements
* Alerts
* Improved InfluxDB support
* Handles slow and aborted queries
* Uses authentication
* Adds RADIUS and HTTP authenticators
* Options to allow users login via RADIUS and HTTP
* Lua 5.3 support
* Improved performance
* Better memory management
* Native support for 64-bit integers
* Native support for bitwise operations
* Adds the new libmaxminddb geolocation library
* Storage utilization indicators
* Global storage indicator to show the disk used by each interface
* Per-interface storage indicator to show the disk used to store timeseries and flows
* Support for Sonicwall PEN field names
* Option to disable LDAP referrals
* Requests and configures Keepalive support for ZMQ sockets
* Three-way-handshake detection
* Adds SNMP mac addresses to the search function

nEdge
* Implement nEdge policies test page
* Implement device presets
* DNS

Fixes
* Fixes missing flows dump on shutdown
* HTTP dissection fixes
* SNMP
* Properly handles endianness over ZMQ

(adam)

ndpi: updated to 2.8

2.8 Stable

New Supported Protocols and Services
* Added Modbus over TCP dissector

Improvements
* Wireshark Lua plugin compatibility with Wireshark 3
* Improved MDNS dissection
* Improved HTTP response code handling
* Full dissection of HTTP responses

Fixes
* Fixed false positive mining detection
* Fixed invalid TCP DNS dissection
* Releasing buffers upon realloc failures
* ndpiReader: Prevents references after free
* Endianness fixes
* Fixed IPv6 HTTP traffic dissection
* Fixed H.323 detection

Other
* Disabled ookla statistics which need to be improved
* Support for custom protocol files of arbitrary length
* Update radius.c to RFC2865

(adam)

Remove CXXFLAGS/LINKFLAGS hack

(adam)

Updated multimedia/x265, security/gnupg2

(adam)

gnupg2: updated to 2.2.17

Noteworthy changes in version 2.2.17:
* gpg: Ignore all key-signatures received from keyservers.  This
  change is required to mitigate a DoS due to keys flooded with
  faked key-signatures.  The old behaviour can be achieved by adding
    keyserver-options no-self-sigs-only,no-import-clean
  to your gpg.conf.
* gpg: If an imported keyblocks is too large to be stored in the
  keybox (pubring.kbx) do not error out but fallback to an import
  using the options "self-sigs-only,import-clean".
* gpg: New command --locate-external-key which can be used to
  refresh keys from the Web Key Directory or via other methods
  configured with --auto-key-locate.
* gpg: New import option "self-sigs-only".
* gpg: In --auto-key-retrieve prefer WKD over keyservers.
* dirmngr: Support the "openpgpkey" subdomain feature from
  draft-koch-openpgp-webkey-service-07.
* dirmngr: Add an exception for the "openpgpkey" subdomain to the
  CSRF protection.
* dirmngr: Fix endless loop due to http errors 503 and 504.
* dirmngr: Fix TLS bug during redirection of HKP requests.
* gpgconf: Fix a race condition when killing components.

(adam)

x265: updated to 3.1.1

Version 3.1

New features
* x265 can invoke SVT-HEVC library for encoding through --svt.
* x265 can now accept interlaced inputs directly (no need to separate fields), and sends it to the encoder with proper fps and frame-size through --field.
* --fades can detect and handle fade-in regions. This option will force I-slice and initialize RC history for the brightest frame after fade-in.

API changes
* A new flag to signal MasterDisplayParams and maxCll/Fall separately

Encoder enhancements
* Improved the performance of inter-refine level 1 by skipping the evaluation of smaller CUs when the current block is decided as ���skip��� by the save mode.
* New AVX2 primitives to improve the performance of encodes that enable --ssim-rd.
* Improved performance in medium preset with negligible loss in quality.

Bug fixes
* Bug fixes for zones.
* Fixed wrap-around from MV structure overflow occurred around 8K pixels or over.
* Fixed issues in configuring cbQpOffset and crQpOffset for 444 input
* Fixed cutree offset computation in 2nd pass encodes.

Known issues
* AVX512 main12 asm disabling.
* Inconsistent output with 2-pass due to cutree offset sharing.

(adam)

py-dbfread: better Makefile

(adam)

Updated devel/py-flake8, graphics/py-graphviz

(adam)

py-graphviz: updated to 0.11.1

Version 0.11.1
Include stderr in str() of raised subprocess.CalledProcessError.

(adam)

py-flake8: updated to 3.7.8

3.7.8:
Bugs Fixed
- Fix handling of Application.parse_preliminary_options_and_args when
  argv is an empty list
- Fix crash when a file parses but fails to tokenize
- Log the full traceback on plugin exceptions
- Fix # noqa: ... comments with multi-letter codes

(adam)

Updated lang/python37, lang/py37-html-docs

(adam)

python37: updated to 3.7.4

Python 3.7.4 final

Core and Builtins
bpo-37500: Due to unintended side effects, revert the change introduced by bpo-1875 in 3.7.4rc1 to check for syntax errors in dead conditional code blocks.
Documentation
bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John Shipman, New Mexico Tech, with a link to the archive.org copy.

Python 3.7.4 release candidate 2

Security
bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’.

Core and Builtins
bpo-24214: Improved support of the surrogatepass error handler in the UTF-8 and UTF-16 incremental decoders.

Library
bpo-37440: http.client now enables TLS 1.3 post-handshake authentication for default context or if a cert_file is passed to HTTPSConnection.
bpo-37437: Update vendorized expat version to 2.2.7.
bpo-37428: SSLContext.post_handshake_auth = True no longer sets SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the option is documented as ignored for clients, OpenSSL implicitly enables cert chain validation when the flag is set.
bpo-32627: Fix compile error when _uuid headers conflicting included.

Windows
bpo-37369: Fixes path for sys.executable when running from the Microsoft Store.
bpo-35360: Update Windows builds to use SQLite 3.28.0.

macOS
bpo-34602: Avoid test suite failures on macOS by no longer calling resource.setrlimit to increase the process stack size limit at runtime. The runtime change is no longer needed since the interpreter is being built with a larger default stack size.

(adam)

Updated multimedia/ffmpeg4, databases/mongodb3

(adam)

mongodb3: ..and remove unused patch

(adam)

mongodb3: updated to 3.4.21

3.4.21:
Issues fixed:
SERVER-39820: Add the client IP address to the successful authentication log message
SERVER-41213: Unique background index builds may produce inconsistent keys
SERVER-37765: Platform Support: Remove Ubuntu 14.04
SERVER-37774: Platform Support: Remove Enterprise Ubuntu 16.04 PPCLE
WT-4615: Sync backup file before returning backup cursor

3.4.20:
Issues fixed:
SERVER-39166: $graphLookup should force a pipeline to split in sharded cluster
SERVER-39723: Change listIndexes command behavior to show in-progress index builds
TOOLS-2158: mongodump failing on Windows with 窶彳rror opening system CA store: Access is denied.窶�

3.4.19:
Issues fixed:
SERVER-18985: setParameter should log at level 0
SERVER-22766: Dynamic oplog sizing for WiredTiger nodes
SERVER-33469: Make syslog log lines consistent with mongod log lines
SERVER-37132: Negation of $in with regex can incorrectly plan from the cache, leading to missing query results
SERVER-37182: Different values when referencing whole object vs. a field of that object after $arrayToObject
SERVER-37616: Implement tuneable batch size for the rangedeleter

3.4.18:
Issues fixed:
SERVER-25175: listIndexes shouldn窶冲 include in-progress background indexes
SERVER-35418: Allow specifying CAs for incoming and outgoing connections separately.
SERVER-36944: applyOps does not permit unknown field names when creating a v:1 index.
SERVER-37058: Update with numeric field names inside an array can cause validation to fail.

3.4.17:
Issues fixed:
SERVER-33857 Missing log redaction due to confusion with Command::redactForLogging().
SERVER-34846 Covered index with collated field returns incorrect result when collation not involved in match or sort.
SERVER-36010 Change log messages for Windows stacktraces to use error() or severe() rather than log().
SERVER-34558: Add SSL_version to client metadata logging.

3.4.16:
Issues fixed:
SERVER-32999: Platform Support: Remove Debian 7 builds.
SERVER-29301: Upgrade MozJS to ESR 45.9.0
SERVER-5461: Add syncSourceHost field to replSetGetStatus output.

3.4.15:
Issues fixed:
SERVER-31535: Platform Support: remove Ubuntu 12.04 builds.
SERVER-32923: Platform Support: remove SLES11 builds.
SERVER-20056: Log a startup warning if wiredTigerCacheSizeGB is > 80% of RAM.
SERVER-28981: Sharding balancer prefers shards in a specific order when moving chunks.

3.4.14:
Issues fixed:
SERVER-28151: Authentication database should be synced first during an initial sync.
SERVER-32886: Unnecessary sleeps during chunk migration.
SERVER-32933: Allow mongod to start when unable to reach LDAP server.

3.4.13:
Issues fixed:
SERVER-33238: Prevent WiredTiger read ticket count from going negative.

3.4.12:
Issues fixed:
SERVER-31437: Fix parsing of mongo host/db connect string.
SERVER-32875: Don窶冲 stall ftdc due to running out of tickets.
SERVER-33089: Unable to start queryable mongod because it failed to regenerate index for admin.system.users.

3.4.11:
Issues fixed:
SERVER-19605: Oplog timeout should be configurable.
SERVER-19919: Chunks that exceed 250000 docs but are under half chunk size get marked as jumbo.
SERVER-29293: Recipient shard fails to abort migration on stepdown.
SERVER-32001: unindexing a key in a partial unique index may cause server crash

3.4.10:
Issues fixed:
SERVER-15723: Avoid G_X lock for rename_collection within database
SERVER-31049: View with collation doesn窶冲 work as expected in sharded cluster
SERVER-29287: Upgrade pcre to 8.41
SERVER-31204: Calling shardCollection after enableSharding may fail if executed against different mongos

3.4.9:
Issues fixed:
SERVER-20392: Sharding an existing small collection results in large number of chunks
SERVER-30189: Reduce calls to allocator for large $in expressions
SERVER-30487: RangeDeleter holds WT transaction open while waiting for majority
SERVER-30636: Range deleter assert failed because of replication lag

3.4.7:
Issues fixed:
SERVER-29282: BSON Document Size can be exceeded when grouping inserts on SECONDARY nodes
SERVER-29568: Enable configuration of OpenSSL cipher suite via setParameter
SERVER-29817: Optimize incremental update performance of ChunkManager and CollectionMetadata

3.4.6:
Issues fixed:
SERVER-27347: Only close idle cached cursors on the WiredTiger ident that is busy.
SERVER-29618: $geoWithin in aggregation pipeline after $lookup and $unwind returns incorrect results.
WT-3362: Cursor opens should never block for the duration of a checkpoint.

3.4.5:
Issues fixed:
SERVER-28952: Multikey indexes should not be eligible for DISTINCT_SCAN if distinct key is an array component.
SERVER-28427: GlobalLock with timeout can still block indefinitely.
SERVER-29018 mongos can segfault in getMore on views with find batchSize of 0.

(adam)

ffmpeg4: updated to 4.1.4

version 4.1.4:
avcodec/ilbcdec: Simplify use of unsigned and fix more undefined overflows
avcodec/golomb: Correct the doxy about get_ue_golomb() and errors
avformat/utils: Check timebase before use in estimate_timings()
avcodec/hq_hqa: Use ff_set_dimensions()
avcodec/rv10: Fix integer overflow in aspect ratio compare
avcodec/4xm: Fix signed integer overflows in idct()
avcodec/qdm2: Check checksum_size for 0
avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop
avcodec/qdm2: Do not read out of array in fix_coding_method_array()
avcodec/svq3: Use ff_set_dimension()
avcodec/iff: Check ham vs bpp
avcodec/ffwavesynth: use uint32_t to compute difference, it is enough
avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case
avcodec/ffwavesynth: Fix backward lcg_seek()
avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()
avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()
avcodec/alac: Check lpc_quant
avcodec/dxv: Initialize tex_funct to NULL
avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP
avcodec/alsdec: Fix integer overflow with buffer number
avcodec/alsdec: Fixes signed integer overflow in LSB addition
avcodec/alsdec: Check opt_order / sb_length in ra_block handling
avcodec/alsdec: Fix integer overflow with shifting samples
avcodec/alsdec: Fix undefined behavior in decode_rice()
avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()
avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight
avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns
avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check
avformat/aviobuf: Delay buffer downsizing until asserts are met
avcodec/fitsdec: Check data_min/max
avcodec/m101: Fix off be 2 error
avcodec/qdm2: Move fft_order check up
avcodec/libvorbisdec: Check extradata size
avformat/vqf: Check header_size
avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
avcodec/atrac9dec: Check that the reused block has succeeded initilization
avcodec/utils: Check bits_per_coded_sample
avcodec/videodsp_template: Fix overflow of addition
avcodec/alsdec: Fix invalid shift in multiply()
avcodec/ffwavesynth: Check ts_end - ts_start for overflow
avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c
avcodec/tta: Fix undefined shift
avcodec/qdmc: Fix integer overflows in PRNG
avcodec/bintext: Check font height
avcodec/binkdsp: Fix integer overflows in idct
avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()
avcodec/motionpixels: Check for vlc error in mp_get_vlc()
avcodec/loco: Limit lossy parameter so it is sane and does not overflow
avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed
avcodec/xpmdec: Do not use context dimensions as temporary variables
avcodec/fitsdec: Fix division by 0 in size check
avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()
avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()
avcodec/iff: finetune the palette size check in the mask case
avcodec/iff: Fix mask_buf / mask_palbuf leak
avformat/icodec: Free ico->images on error paths
avformat/wsddec: Fix undefined shift
avcodec/fmvc: Check if header fields are available before allocating the image
avcodec/bink: Reorder operations in init to avoid memleak on error
avformat/wtvdec: Avoid (32bit signed) sectors
avcodec/bitstream: Check for more conflicting codes in build_table()
avcodec/bitstream: Check for integer code truncation in build_table()
avformat/sbgdec: Fixes integer overflow in str_to_time() with hours
avformat/vpk: Check offset for validity
avformat/vpk: Fix integer overflow in samples_per_block computation
avcodec/mjpegdec: Check for non ls PAL8
avcodec/interplayvideo: check decoding_map_size with video_data_size
avcodec/h264_parse: Use 64bit for expectedpoc and expected_delta_per_poc_cycle
avcodec/mss4: Check input size against skip bits
avcodec/dxv: Check op_offset in dxv_decompress_cocg()
avcodec/diracdec: Fix integer overflow in global_mv()
avcodec/vmnc: Check available space against chunks before reget_buffer()
avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure)
avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()
avcodec/aacdec_template: Merge 3 #ifs related to noise handling
avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify
avformat/mp3enc: Avoid SEEK_END as it is unsupported
avcodec/truemotion2: Fix several integer overflows in tm2_update_block()
avformat/webm_chunk: Specify expected argument length of get_chunk_filename()
avformat/webm_chunk: Check header filename length
avcodec/cpia: Check input size also against linesizes and EOL
swscale/tests/swscale: Lengthen pixfmt name buffer to 21 bytes
libswcale: Fix possible string overflow in test.
avcodec/hq_hqa: Check available space before reading slice offsets
lavf/webm_chunk: Respect buffer size
avcodec/fits: Check bitpix
avcodec/jvdec: Use ff_get_buffer() when the content is not reused
avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()
avcodec/gdv: Check input palette size before rescale()
avcodec/jpeg2000: Check stepsize before using it
avcodec/aacdec_fixed: Fix undefined shift in noise_scale()
avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
avformat/mov: Skip stsd adjustment without chunks
avformat/aadec: Check for scanf() failure
avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside
avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()
avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation
avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()
movsub_bsf: Fix mov2textsub regression
lavc/libaomenc: Add a maximum constraint of 64 encoder threads.
avformat/aacdec: fix demuxing of small frames
avcodec/cuviddec: improve progressive frame detection
avformat/matroskaenc: fix leak on error
avformat/av1: Initialize padding in ff_isom_write_av1c
avcodec/cbs_av1: fix parsing spatial_id

(adam)

Updated devel/py-typing, devel/py-typing-extensions

(adam)

py-typing-extensions: updated to 3.7.4

3.7.4:
Match with Python 3.7.4

(adam)

py-typing: updated to 3.7.4

3.7.4:
Match with Python 3.7.4.

(adam)

Updated graphics/tesseract, textproc/jsoncpp

(adam)

jsoncpp: ...and the patch

(adam)

jsoncpp: updated to 1.9.0

1.9.0:
It's been ~2 years since the last release, so this has quite a few changes. Some highlights:
Build optimizations and updates. Now needs at least Meson 0.50.0, bot support for VS 2013 dropped in favor of VS 2017
Lots of bug fixes
Lots of enhancements
Lots of cleanup

(adam)

tesseract: updated to 4.1.0

4.1.0 Release
Added new renders Alto, LSTMBox, WordStrBox.
Added character boxes in hOCR output.
Added python training scripts (experimental) as alternative shell scripts.
Better support AVX / AVX2 / SSE.
Disable OpenMP support by default.
Fix for bounding box problem.
Implemented support for whitelist/blacklist in LSTM engine.
Improved cmake configuration.
Code modernization and improvements.
A lot of bug fixes...

(adam)

Updated net/iperf3, time/py-tzdata

(adam)

py-tzdata: updated to 2019.2

2019.2:
Unknown changes

(adam)

iperf3: updated to 3.7

3.7:
iperf 3.6 adds the --bidir flag for bidirectional tests, includes some minor enhancements, and fixes a number of bugs. More details can be found in the release notes.
Note: Documentation for the --bidir flag was inadvertently omitted from the manual page. This will be fixed in a future release.

3.6:
iperf 3.6 adds the --extra-data and --repeating-payload options and fixes some minor bugs.

3.5:
iperf 3.5 fixes a bug that could over-count data transfers (and hence measured bitrate).

3.4:
iperf 3.4 fixes a number of minor bugs and adds a few enhancements.

3.3:
New minor release of iperf 3.3, fixing a number of minor bugs.

3.2:
New minor release of iperf 3.2, with new features, bugfixes, and enhancements.

(adam)

Updated www/py-asgiref, www/py-pylint-django, devel/py-cython, www/py-autobahn

(adam)

py-autobahn: updated to 19.7.1

19.7.1
fix: implement client side payload exceed max size; improve max size exceeded handling
fix: detect when our transport is "already" closed at connect time
fix: XBR examples

(adam)

py-cython: updated to 0.29.12

0.29.12:
Bugs fixed
* Fix compile error in CPython 3.8b2 regarding the PyCode_New() signature.
* Fix a C compiler warning about a missing int downcast.
* Fix reported error positions of undefined builtins and constants.
* A 32 bit issue in the Pythran support was resolved.

(adam)

py-pylint-django: updated to 2.0.10

Version 2.0.10:
- Suppress no-member for ManyToManyField.
- Fix UnboundLocalError with ForeignKey(to=).

(adam)

py-asgiref: updated to 3.1.4

3.1.4:
* Fixed an incompatibility with Python 3.5 introduced in the last release.

(adam)

Updated devel/py-meson, security/py-oauthlib, devel/py-ipython, www/py-soupsieve, devel/py-logilab-common, www/py-asgiref

(adam)

py-asgiref: updated to 3.1.3

3.1.3:
* async_timeout has been removed as a dependency, so there are now no required
  dependencies.
* The WSGI adapter now sets REMOTE_ADDR from the ASGI client.

(adam)

py-logilab-common: updated to 1.4.2

1.4.2:
Bug fixes

(adam)

py-soupsieve: updated to 1.9.2

1.9.2
- **FIX**: Shortcut last descendant calculation if possible for performance.
- **FIX**: Fix issue where `Doctype` strings can be mistaken for a normal text node in some cases.
- **FIX**: A top level tag is not a `:root` tag if it has sibling text nodes or tag nodes. This is an issue that mostly manifests when using `html.parser` as the parser will allow multiple root nodes.

(adam)

py-ipython: updated to 7.6.1

IPython 7.6.1 contain a critical bugfix in the %timeit magic, which would
crash on some inputs as a side effect of :ghpull:11716.

(adam)

py-oauthlib: updated to 3.0.2

3.0.2:
* Fixed space encoding in base string URI used in the signature base string.
* Fixed OIDC /token response which wrongly returned "&state=None"
* Doc: The value `state` must not be stored by the AS, only returned in /authorize response.
* Fixed OIDC "nonce" checks: raise errors when it's mandatory

(adam)

py-meson: updated to 0.51.0

0.51.0:
(C) Preprocessor flag handling
Sanity checking compilers with user flags
New sourceset module
n_debug=if-release and buildtype=plain means no asserts
target_type in build_targets accepts the value 'shared_module'
New modules kwarg for python.find_installation
Support for the Intel Compiler on Windows (ICL)
Added basic support for the Xtensa CPU toolchain
Dependency objects now have a get_variable method
CMake prefix path overrides
Tests that should fail but did not are now errors
New target keyword argument: link_language
New module to parse kconfig output files
Add new meson subprojects foreach command
Added c17 and c18 as c_std values for recent GCC and Clang Versions
gpgme dependency now supports gpgme-config
Can link against custom targets
Removed the deprecated --target-files API
Generators have a new depends keyword argument
Specifying options per mer machine
subproject.get_variable() now accepts a fallback argument
Add keyword static to find_library
Fortran include statements recursively parsed
CMake subprojects
Multipe cross files can be specified

(adam)

freeradius2: fix configuration files installation - demoCA/cacert.pem is not needed, but certs/Makefile is; bump revision

(adam)

iftop: update HOMEPAGE, add LICENSE

(adam)

cantata: fix build on Darwin

(adam)

Updated databases/py-pymysql, graphics/py-piexif

(adam)

py-piexif: updated to 1.1.3

1.1.3:
Fix failure to decode a minimal 1 x 1 pixel JPEG

(adam)

py-pymysql: updated to 0.9.3

0.9.3
* cryptography dependency is optional now.
* Fix old_password (used before MySQL 4.1) support.
* Deprecate old_password.
* Stop sending ``sys.argv[0]`` for connection attribute "program_name".
* Close connection when unknown error is happened.
* Deprecate context manager API of Connection object.

(adam)

Updated www/py-flask-jwt-extended, textproc/py-regex

(adam)

py-regex: updated to 2019.06.08

2019.06.08:
Unknown changes

(adam)

py-flask-jwt-extended: updated to 3.20.0

3.20.0:
Look for JWTs in the same order that they are defined in JWT_TOKEN_LOCATION.

(adam)

Updated net/freeradius2

(adam)

freeradius2: updated to 2.2.10

Version 2.2.10:
BUG FIXES
Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html
FR-GV-207 Avoid zero-length malloc() in data2vp().
FR-GV-206 correct decoding of option 60.
FR-GV-205 check for "too long" WiMAX options.
FR-GV-204 free VP if decoding fails, so we don't leak memory.
FR-GV-203 fix memory leak when using decode_tlv().
FR-GV-202 check for "too long" attributes.
FR-GV-201 check input/output length in make_secret().
FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
Disable in-memory TLS session caches due to OpenSSL API issues.
Allow issuer_cert to be empty.
Look for extensions using correct index.
Fix types.
Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
Allow OCSP responder URL to be later in the packet
Catch empty subject and non-existent issuer cert in OCSP
Allow non-FIPS for MD5

(adam)

Updated lang/py-uncompyle6, fonts/py-fonttools

(adam)

py-fonttools: updated to 3.43.0

3.43.1 (released 2019-06-19)
- [subset] Fixed regression when passing --flavor=woff2 option with an input font
  that was already compressed as WOFF 1.0

3.43.0 (released 2019-06-18)
- [woff2] Added support for compressing/decompressing WOFF2 fonts with non-transformed
  glyf and loca tables, as well as with transformed hmtx table.
  Removed Snippets/woff2_compress.py and Snippets/woff2_decompress.py scripts,
  and replaced them with a new console entry point fonttools ttLib.woff2
  that provides two sub-commands compress and decompress.
- [varLib.cff] Fixed bug when merging CFF2 PrivateDicts. The PrivateDict
  data from the first region font was incorrecty used for all subsequent fonts.
  The bug would only affect variable CFF2 fonts with hinting
  Also, fixed a merging bug when VF masters have no blends or marking glyphs
- [loggingTools] Removed unused backport of LastResortLogger class.
- [subset] Gracefully handle partial MATH table
- [featureVars] Avoid duplicate references to rvrn feature record in
  DefaultLangSys tables when calling addFeatureVariations on a font that
  does not already have a GSUB table (aa8a5bc6).
- [varLib] Fixed merging of class-based kerning. Before, the process could introduce
  rogue kerning values and variations for random classes against class zero (everything
  not otherwise classed).
- [varLib] Fixed merging GPOS tables from master fonts with different number of
  SinglePos subtables
- [unicodedata] Updated Blocks, Scripts and ScriptExtensions to Unicode 12.1.

3.42.0 (released 2019-05-28)
- [OS/2] Fixed sign of fsType: it should be uint16, not int16
- [subset] Skip out-of-range class values in mark attachment
- [fontBuilder] Add an empty DSIG table with setupDummyDSIG method
- [varLib.merger] Fixed bug whereby GDEF.GlyphClassDef were being dropped
  when generating instance via varLib.mutator
- [varLib] Added command-line options -v and -q to configure logging
- [subset] Update font extents in head table
- [subset] Make --retain-gids truncate empty glyphs after the last non-empty glyph
- [requirements] Updated unicodedata2 backport for Unicode 12.0.

3.41.2 (released 2019-05-13)
- [cffLib] Fixed issue when importing a CFF2 variable font from XML, whereby
  the VarStore state was not propagated to PrivateDict
- [varLib] Don't drop post glyph names when building CFF2 variable font

3.41.1 (released 2019-05-13)
- [designspaceLib] Added loadSourceFonts method to load source fonts using
  custom opener function
- [head] Round font bounding box coordinates to integers to fix compile error
  if CFF font has float coordinates
- [feaLib] Don't write None in ast.ValueRecord.asFea()
- [subset] Fixed issue AssertionError when using --desubroutinize option
- [graphite] Fixed bug in Silf table's decompile method unmasked by
  previous typo fix
  decompile method

(adam)

py-uncompyle6: updated to 3.3.5

3.3.5:
Handle annotation args in Python 3.x
Fix vararg and function signatures in 3.x
Some 3.x < 3.6 while (1)/if fixes — others remain
Start reinstating else if -> elif
LOAD_CONST -> LOAD_CODE where appropriate
option --weak-verify is now --syntax-verify
code cleanups, start using black to reformat text

(adam)

Updated net/freeradius

(adam)

freeradius: updated to 3.0.19

3.0.19:
FEATURE IMPROVEMENTS
Update dictionary.cisco.
Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially Patch from Nathan Ward.
Re-added "show client config" command to radmin.
Cleaned up mods-available/sql example so that it is easier to understand.
Added pfSense dictionary.
Update dictionary.h3c
Update elasticsearch/logstash config for v6.7.0.
EAP-PWD security fixes from Mathy Vanhoef. See http://freeradius.org/security/.

BUG FIXES
Update dynamic_client module and server core so that the functionality works. This has been broken since at least v2.
Fix crash in sqlippool due to escaping changes Patch from Nathan Ward.
Fix systemd notify, watchdog and unit files
Fix erroneous length check in EAP-FAST.
Update documentation to remove old "ignore_null" configuration.
Fix default POD port. Should be 3799.
Correctly encode vendor-specific "encrypted" attributes

3.0.18:
FEATURE IMPROVEMENTS
cleanup_delay can now be 30 seconds. This helps with proxies that have packet loss.
Do-Not-Respond policies can now be set in the "post-auth" section.
Encode / Decode ADSL Forum DHCP options.
Fix module ordering issues. e.g. when "sqlippool" needs "sql". See the "instantiate" section of radiusd.conf.
Add Big Switch dictionary.
Add sql_session_start policy (raddb/policy.d/accounting) This minimizes race conditions when using Simultaneous-Use Patch from Philippe Wooding.
For rlm_perl, all variables are now tainted by default. See raddb/mods-available/perl, and the "perl_flags" configuration item. This change should only affect people who are using variables in insecure ways.
Allow "sqlcounter" module to be listed in "post-auth".
Add support for IPv6 attributes in SQL.
The server is better at handling fail-over for outbound RadSec and TCP connections.
The server is now more aggressive about retrying failed outbound RadSec and TCP connections.
Add TLS-Session-Version and TLS-Session-Cipher-Suite to the "session_state" list.
Add expansion for Radsec connections. "%{listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes.
Add notes on running "ldapsearch" using the parameters from the LDAP module.
"ipaddr" attributes can now be cast to "integer" type attributes in an "update" section.
Move main thread queue to using atomic queues. This should help with contention in high load scenarios.
Add "recv_buff" setting to listeners. For more details, see sites-available/default.
The sqlippool module can now use attributes other than "Pool-Name" to assign IP pools. The "Pool-Name" attribute is still the default.
The "unpack" expansion can now unpack substrings. See mods-available/unpack for documentation and examples.
The preprocess module now does "ciscvo_vsa_hack" for Eltex-AVPair. Vendors SHOULD NOT USE THAT KIND OF ATTRIBUTE.
Allow for <instance>-LDAP-UserDN. See mods-available/ldap for more information.
Add sanitizing of control list for moonshot.
Update rlm_sql_mysql to be compatible with MySQL 8 Fixes https://bugs.launchpad.net/bugs/1795310.
Allow logging of only Access-Accept or Access-Reject messages See radiusd.conf, "auth_accept" and "auth_reject".
Removed Connect-Rate comparison. It was unused and broken.
Add dictionary.infinera.
RPMs can now change raddb location with rpmbuild parameter --define '_sysconfdir /etc'.
OpenDirectory module now points to Apple documentation for help with build and configuration.
Use OpenSSL HMAC functions instead of local ones.
Some SQL modules can now use "auto_escape" to escape unsafe strings See mods-config/sql/main/mysql/queries.conf.
Add wispr2date conversion in mods-available/date.
Implement dictionary-based handling in rlm_python.
Add support for SKIP LOCKED in sqlippool. This can improve performance by an order of magnitude or more. See raddb/mods-config/sql/ippool/*/queries.conf
Updated Debian packages to allow for libssl1.1
Allow PSK and certificates at the same time Except for TLS 1.3 which does not support that.
Update Debian packages for newer releases
Update docker scripts.
Add crypt xlat.
MySQL connections can now skip verifying the server certificate.
Add better mechanism to detect MariaDB (Old MySQL).
Add RFC 7532 "bang path" support for realms
Update dictionary.ukerna documentation.
Add support for systemd service and watchdogs
Check for openss/rand.h, and allow building without OpenSSL engine.
The default PosgtreSQL queries now use "ON CONFLICT" to better deal with issues. This requires PostgreSQL 9.5 or later. Please use a recent version of PostgreSQL, or edit the default queries to remove "ON CONFLICT".

BUG FIXES
The session-state list is no longer cleaned in the inner-tunnel. This lets the outer Access-Reject section access session-state.
Fix typo in lock initialization for TLS sockets Found by Sergio NNX.
Add check for crash when home server down
Add username key for postauth table.
Better libpcap checks, when the header files or libraries are missing.
Allow building with old versions of OpenSSL
Allow non-FreeRADIUS State attributes to be used with the "session-state" list. i.e. State length != 16.
Be more aggressive about cleaning up zombie children when running in debug mode.
Use LTDL_DEEPBIND, which fixes issues with Oracle libraries exporting LDAP API functions.
unlock files when asked to unlock them.
return error instead of asserting in map code.
Don't write 0 bytes to SSL.
Remove "expiry_time IS NULL" from allocate_update query.
Various dictionary cleanups and consistency checks
rlm_python has stronger thread locking to prevent reported issues. Performance may be affected.
Don't allow Message-Authenticator to overflow past the end of a large packet.
Fix crash in sqlippool when SQL server goes away
Typos in man pages. Patch from Nikolai Kondrashov
Check for correct OpenSSL version in vulnerability list. Patch from Christian Hesse.
Fix crash with CoA packets/
Fix crash in rlm_exec with CoA.
Print errors while parsing the log config, and don't quit when deprecated log settings are found.
Fix DHCP encoder xlat so that it can be used with a list of attributes. It previously only encoded the first member of the list, and now encodes all members.
The "expr" module now skips more whitespace.
Remove internal FreeRADIUS-Response-Delay attributes from attr_filter Access-Reject.
Don't send junk to redis when maximum args reached.
Small updates to IPv6 for accounting schema
Fix OpenDirectory integration in rlm_mschap.
Fix slow memory leak with dynamic clients.
Don't artificially truncate debug output for long strings.
Fix memory leak in EAP-PWD.
Fix crash in "hints" file with Fall-Through = yes.
Fix crash / timer issues with many CoA packets.
Fix attr_filter so that it does not treat vendor attributes of number 26 as Vendor-Specific.
Fix reconnect correctly in rlm_sql_mysql.
Fix rlm_cache to properly use Cache-TTL < 0
Fix rare occurance of bad xlat expansion.
Check for rare race condition when a proxy reply arrives too late.

(adam)

Updated databases/freetds, net/libpcap

(adam)

libpcap: updated to 1.9.0

Summary for 1.9.0 libpcap release
  Added testing system to libpcap, independent of tcpdump
  Changes to how pcap_t is activated
  Adding support for Large stream buffers on Endace DAG cards
  Changes to BSD 3-clause license to 2-clause licence
  Additions to TCP header parsing, per RFC3168
  Add CMake build process (extensive number of changes)
  Assign a value for OpenBSD DLT_OPENFLOW.
  Support setting non-blocking mode before activating.
  Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
  Added RPCAPD support when --enable-remote (default no)
  Add the rpcap daemon source and build instructions.
  Put back the greasy "save the capture filter string so we can tweak it"
      hack, that keeps libpcap from capturing rpcap traffic.
  Fixes for captures on MacOS, utun0
  fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
  Add a linktype for IBM SDLC frames containing SNA PDUs.
  pcap_compile() in 1.8.0 and later is newly thread-safe.
  bound snaplen for linux tpacket_v2 to ~64k
  Make VLAN filter handle both metadata and inline tags
  D-Bus captures can now be up to 128MB in size
  Added LORATAP DLT value
  Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
  probe_devices() fixes not to overrun buffer for name of device
  Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
  RDMA sniffing support for pcap
  Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
  fixes for reading /etc/ethers
  Make it possible to build on Windows without packet.dll.
  Add tests for large file support on UN*X.
  Solaris fixes to work with 2.8.6
  configuration test now looks for header files, not capture devices present
  Fix to work with Berkeley YACC.
  fixes for DragonBSD compilation of pcap-netmap.c
  Clean up the ether_hostton() stuff.
  Add an option to disable Linux memory-mapped capture support.
  Add DAG API support checks.
  Add Septel, Myricom SNF, and Riverbed TurboCap checks.
  Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
  Add a check for hardware time stamping on Linux.
  Don't bother supporting pre-2005 Visual Studio.
  Increased minimum autoconf version requirement to 2.64
  Add DLT value 273 for XRA-31 sniffer
  Clean up handing of signal interrupts in pcap_read_nocb_remote().
  Use the XPG 4.2 versions of the networking APIs in Solaris.
  Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
  Explicitly warn that negative packet buffer timeouts should not be used.
  rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
  Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
  Add DISPLAYPORT AUX link type
  Remove the sunos4 kernel modules and all references to them.
  Add more interface flags to pcap_findalldevs().

(adam)

freetds: updated to 1.00.112

1.00.112:
Bug fixes

(adam)

py-seqdiag: added ALTERNATIVES

(adam)

Updated security/gpgme, www/py-waitress

(adam)

py-waitress: updated to 1.3.0

1.3.0:

Deprecations

- The send_bytes adjustment now defaults to 1 and is deprecated
  pending removal in a future release.

Features

- Add a new outbuf_high_watermark adjustment which is used to apply
  backpressure on the app_iter to avoid letting it spin faster than data
  can be written to the socket. This stabilizes responses that iterate quickly
  with a lot of data.

- Stop early and close the app_iter when attempting to write to a closed
  socket due to a client disconnect. This should notify a long-lived streaming
  response when a client hangs up.

- Adjust the flush to output SO_SNDBUF bytes instead of whatever was
  set in the send_bytes adjustment. send_bytes now only controls how
  much waitress will buffer internally before flushing to the kernel, whereas
  previously it used to also throttle how much data was sent to the kernel.
  This change enables a streaming app_iter containing small chunks to
  still be flushed efficiently.

Bugfixes

- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
  no longer set the version to the string value "None". See

- When a client closes a socket unexpectedly there was potential for memory
  leaks in which data was written to the buffers after they were closed,
  causing them to reopen.

- Fix the queue depth warnings to only show when all threads are busy.

- Trigger the app_iter to close as part of shutdown. This will only be
  noticeable for users of the internal server api. In more typical operations
  the server will die before benefiting from these changes.

- Fix a bug in which a streaming app_iter may never cleanup data that has
  already been sent. This would cause buffers in waitress to grow without
  bounds. These buffers now properly rotate and release their data.

- Fix a bug in which non-seekable subclasses of io.IOBase would trigger
  an exception when passed to the wsgi.file_wrapper callback.

(adam)

gpgme: updated to 1.13.1

Noteworthy changes in version 1.13.1:
* cpp: gpgme_set_global_flag is now wrapped.
* w32: Improved handling of unicode install paths.
* w32: The gpgme_io_spawn error message is now only shown once.
* Fixed a crash introduced in 1.13.0 when working with S/MIME.
* w32: Fixed format string errors introduced in 1.13.0 that could
  cause crashes.
* w32: Fixed an error in the new diagnostic gpgsm support introduced
  in 1.13.0 that caused crashes in low fd scenarios.
* python: Fixed a DecryptionError Exception.
* python: No longer raises BadSignatures from decrypt(verify=True).

(adam)

Updated textproc/py-jsonpickle, databases/py-sqlalchemy, databases/py-sqlalchemy-utils, devel/py-mako, databases/py-alembic, lang/py-parso

(adam)

py-parso: updated to 0.5.0

0.5.0:
- **Breaking Change** comp_for is now called sync_comp_for for all Python
  versions to be compatible with the Python 3.8 Grammar
- Added .pyi stubs for a lot of the parso API
- Small FileIO changes

(adam)

py-alembic: updated to 1.0.11

version: 1.0.11

SQLite server default reflection will ensure parenthesis are surrounding a
column default expression that is detected as being a non-constant
expression, such as a datetime() default, to accommodate for the
requirement that SQL expressions have to be parenthesized when being sent
as DDL.  Parenthesis are not added to constant expressions to allow for
maximum cross-compatibility with other dialects and existing test suites
(such as Alembic's), which necessarily entails scanning the expression to
eliminate for constant numeric and string values. The logic is added to the
two "reflection->DDL round trip" paths which are currently autogenerate and
batch migration.  Within autogenerate, the logic is on the rendering side,
whereas in batch the logic is installed as a column reflection hook.

Improved SQLite server default comparison to accommodate for a text()
construct that added parenthesis directly vs. a construct that relied
upon the SQLAlchemy SQLite dialect to render the parenthesis, as well
as improved support for various forms of constant expressions such as
values that are quoted vs. non-quoted.

Fixed bug where the "literal_binds" flag was not being set when
autogenerate would create a server default value, meaning server default
comparisons would fail for functions that contained literal values.

Added support for MySQL "DROP CHECK", which is added as of MySQL 8.0.16,
separate from MariaDB's "DROP CONSTRAINT" for CHECK constraints.  The MySQL
Alembic implementation now checks for "MariaDB" in server_version_info to
decide which one to use.

Fixed issue where MySQL databases need to use CHANGE COLUMN when altering a
server default of CURRENT_TIMESTAMP, NOW() and probably other functions
that are only usable with DATETIME/TIMESTAMP columns.  While MariaDB
supports both CHANGE and ALTER COLUMN in this case, MySQL databases only
support CHANGE.  So the new logic is that if the server default change is
against a DateTime-oriented column, the CHANGE format is used
unconditionally, as in the vast majority of cases the server default is to
be CURRENT_TIMESTAMP which may also be potentially bundled with an "ON
UPDATE CURRENT_TIMESTAMP" directive, which SQLAlchemy does not currently
support as a distinct field.  The fix addiionally improves the server
default comparison logic when the "ON UPDATE" clause is present and
there are parenthesis to be adjusted for as is the case on some MariaDB
versions.

Warnings emitted by Alembic now include a default stack level of 2, and in
some cases it's set to 3, in order to help warnings indicate more closely
where they are originating from.  Pull request courtesy Ash Berlin-Taylor.

Replaced the Python compatbility routines for getargspec() with a fully
vendored version based on getfullargspec() from Python 3.3.
Originally, Python was emitting deprecation warnings for this function in
Python 3.8 alphas.  While this change was reverted, it was observed that
Python 3 implementations for getfullargspec() are an order of magnitude
slower as of the 3.4 series where it was rewritten against Signature.
While Python plans to improve upon this situation, SQLAlchemy projects for
now are using a simple replacement to avoid any future issues.

(adam)

py-mako: updated to 1.0.13

version: 1.0.13
Improved the line-number tracking for source lines inside of Python  <%
... %> blocks, such that text- and HTML-formatted exception traces such
as that of  :func:.html_error_template now report the correct source line
inside the block, rather than the first line of the block itself.
Exceptions in <%! ... %> blocks which get raised while loading the
module are still not reported correctly, as these are handled before the
Mako code is generated.

(adam)

py-sqlalchemy-utils: updated to 0.34.0

0.34.0:
- Removed array_agg compilation which was never a good idea and collided with the latest version of SA.
- Removed deprecation warnings

(adam)

py-sqlalchemy: updated to 1.3.5

1.3.5

orm

[orm] [bug]
Fixed a series of related bugs regarding joined table inheritance more than two levels deep, in conjunction with modification to primary key values, where those primary key columns are also linked together in a foreign key relationship as is typical for joined table inheritance. The intermediary table in a three-level inheritance hierachy will now get its UPDATE if only the primary key value has changed and passive_updates=False (e.g. foreign key constraints not being enforced), whereas before it would be skipped; similarly, with passive_updates=True (e.g. ON UPDATE CASCADE in effect), the third-level table will not receive an UPDATE statement as was the case earlier which would fail since CASCADE already modified it. In a related issue, a relationship linked to a three-level inheritance hierarchy on the primary key of an intermediary table of a joined-inheritance hierarchy will also correctly have its foreign key column updated when the parent object窶冱 primary key is modif
ied, even if that parent object is a subclass of the linked parent class, whereas before these classes would not be counted.

[orm] [bug]
Fixed bug where the Mapper.all_orm_descriptors accessor would return an entry for the Mapper itself under the declarative __mapper___ key, when this is not a descriptor. The .is_attribute flag that窶冱 present on all InspectionAttr objects is now consulted, which has also been modified to be True for an association proxy, as it was erroneously set to False for this object.

[orm] [bug]
Fixed regression in Query.join() where the aliased=True flag would not properly apply clause adaptation to filter criteria, if a previous join were made to the same entity. This is because the adapters were placed in the wrong order. The order has been reversed so that the adapter for the most recent aliased=True call takes precedence as was the case in 1.2 and earlier. This broke the 窶彳lementtree窶� examples among other things.

[orm] [bug] [py3k]
Replaced the Python compatbility routines for getfullargspec() with a fully vendored version from Python 3.3. Originally, Python was emitting deprecation warnings for this function in Python 3.8 alphas. While this change was reverted, it was observed that Python 3 implementations for getfullargspec() are an order of magnitude slower as of the 3.4 series where it was rewritten against Signature. While Python plans to improve upon this situation, SQLAlchemy projects for now are using a simple replacement to avoid any future issues.

[orm] [bug]
Reworked the attribute mechanics used by AliasedClass to no longer rely upon calling __getattribute__ on the MRO of the wrapped class, and to instead resolve the attribute normally on the wrapped class using getattr(), and then unwrap/adapt that. This allows a greater range of attribute styles on the mapped class including special __getattr__() schemes; but it also makes the code simpler and more resilient in general.

sql

[sql] [bug]
Fixed a series of quoting issues which all stemmed from the concept of the literal_column() construct, which when being 窶徘roxied窶� through a subquery to be referred towards by a label that matches its text, the label would not have quoting rules applied to it, even if the string in the Label were set up as a quoted_name construct. Not applying quoting to the text of the Label is a bug because this text is strictly a SQL identifier name and not a SQL expression, and the string should not have quotes embedded into it already unlike the literal_column() which it may be applied towards. The existing behavior of a non-labeled literal_column() being propagated as is on the outside of a subquery is maintained in order to help with manual quoting schemes, although it窶冱 not clear if valid SQL can be generated for such a construct in any case.

postgresql

[postgresql] [bug]
Fixed bug where PostgreSQL dialect could not correctly reflect an ENUM datatype that has no members, returning a list with None for the get_enums() call and raising a TypeError when reflecting a column which has such a datatype. The inspection now returns an empty list.

[postgresql] [usecase]
Added support for column sorting flags when reflecting indexes for PostgreSQL, including ASC, DESC, NULLSFIRST, NULLSLAST. Also adds this facility to the reflection system in general which can be applied to other dialects in future releases. Pull request courtesy Eli Collins.

mysql

[mysql] [bug]
Fixed bug where MySQL ON DUPLICATE KEY UPDATE would not accommodate setting a column to the value NULL.

(adam)

py-jsonpickle: updated to 1.2

Version 1.2:

* Simplified JSON representation for __reduce__ values.

* Improved Pandas support with new handlers for more Pandas data types.

* Prevent stack overflows caused by bugs in user-defined __getstate__
  functions which cause infinite recursion.

* Improved support for objects that contain dicts with Integer keys.
  Previously, jsonpickle could not restore objects that contained
  dicts with integer keys and provided getstate only.
  These objects are now handled robustly.

* Support for encoding binary data in base85_ instead of base64 has been
  added on Python 3. Base85 produces payloads about 10% smaller than base64,
  albeit at the cost of lower throughput.  For performance and backwards
  compatibility with Python 2 the pickler uses base64 by default, but it can
  be configured to use base85 with the new use_base85 argument.

* Dynamic SQLAlchemy tables in SQLAlchemy >= 1.3 are now supported.

(adam)

Updated net/grpc, net/py-grpcio, lang/python36

(adam)

python36: updated to 3.6.9

Python 3.6.9 final

Library

bpo-37437: Update vendorized expat version to 2.2.7.
macOS
bpo-34602: Avoid test suite failures on macOS by no longer calling resource.setrlimit to increase the process stack size limit at runtime. The runtime change is no longer needed since the interpreter is being built with a larger default stack size.

Python 3.6.9 release candidate 1

Security
bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request.
bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit().
bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised.
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header.
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
bpo-35121: Don窶冲 send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by Karthikeyan Singaravelan.

Library
bpo-35643: Fixed a SyntaxWarning: invalid escape sequence in Modules/_sha3/cleanup.py. Patch by Mickaﾃｫl Schoentgen.
bpo-35121: Don窶冲 set cookie for a request when the request path is a prefix match of the cookie窶冱 path attribute but doesn窶冲 end with 窶�/窶�. Patch by Karthikeyan Singaravelan.

Documentation
bpo-35605: Fix documentation build for sphinx<1.6. Patch by Anthony Sottile.
bpo-35564: Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0

Tests
bpo-36816: Update Lib/test/selfsigned_pythontestdotnet.pem to match self-signed.pythontest.net窶冱 new TLS certificate.
bpo-35925: Skip specific nntplib and ssl networking tests when they would otherwise fail due to a modern OS or distro with a default OpenSSL policy of rejecting connections to servers with weak certificates or disabling TLS below TLSv1.2.
bpo-27313: Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.
bpo-32947: test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1.

macOS
bpo-34602: Avoid failures setting macOS stack resource limit with resource.setrlimit. This reverts an earlier fix for bpo-18075 which forced a non-default stack size when building the interpreter executable on macOS.

(adam)

py-grpcio: updated to 1.22.0

Release v1.22.0

Python
Add Debug Example.
Add Python 3.8 test.
Clean up Python Channel.del logic.
Surface exception from metadata credentials plugin methods.
Add python deprecation notices.
Unsubscribe all connectivity callbacks on Channel.close.

(adam)

grpc: updated to 1.22.0

Release v1.22.0

Core
building upb as part of cmake build is not necessary (for v1.22.x).
Convert TraceFlags in the hot path to DebugTraceFlags.
Fix a bug where POST_RECV_MESSAGE was not being triggered.
Adjust the order of IOMgr timer initialization and comment of grpc_timer::heap_index.

C++
use bazel wrapper for "bazel" invocations in grpc workspace.
Add method to validate service config json.
Update comment on ssl hostname override.
Rename root certificate bundle in gRPC-C++ pod.

(adam)

Updated www/py-mod_wsgi, www/py-bottle, www/py-grappelli_safe, www/py-cherrypy

(adam)

py-cherrypy: updated to 18.1.2

v18.1.2
Restore a native WSGI-less HTTP server support.
Reduce log level for non-error events in win32.py

(adam)

py-grappelli_safe: updated to 0.5.2

0.5.2:
Bug fixes

(adam)

py-bottle: updated to 0.12.17

0.12.17:
Bug fixes.

(adam)

py-mod_wsgi: updated to 4.6.7

Version 4.6.7:

Bugs Fixed
Fix Windows build errors due to Python 3.7+ not providing empty function stubs for PyOS_AfterFork_Child() and PyOS_AfterFork_Parent().

Version 4.6.6:

Bugs Fixed
Fix compilation failures when using Python 3.8.

Features Changed
When running mod_wsgi-express it will do a search for the location of bash and sh when defining the shell to use for the generated apachectl. The shell used can be overridden using --shell-executable option. This is to get around issue with FreeBSD not having /bin/bash.

New Features
The Apache request ID is accessible in request events as request_id.
The per request data dictionary accessible using mod_wsgi.request_data() is now also accessible in events as request_data.

(adam)

Updated textproc/py-validators, lang/py-mypy

(adam)

py-mypy: updated to 0.711

0.711:
The following two issues in mypy 0.710 were fixed:
Revert typeshed (���Define functools.partial as overloaded function instead of its own class���). This caused too many false positive errors in real-world code.
Fix MYPYC_BLACKLIST on Windows. This broke running dmypy on Windows.

(adam)

py-validators: updated to 0.13.0

0.13.0:
- Added new validator: es_doi, es_nif, es_cif, es_nie

(adam)

Updated graphics/py-Pillow, graphics/py-matplotlib

(adam)

py-matplotlib: updated to 3.1.1

v3.1.1:
The first bug-fix release of the 3.1 series
Locator.nonsingular return order API change
Lots of backports of various bug fixes.

(adam)

py-Pillow: updated to 6.1.0

6.1.0:
- Deprecate Image.__del__
- Tiff: Add support for JPEG quality
- Respect the PKG_CONFIG environment variable when building
- Use explicit memcpy() to avoid unaligned memory accesses
- Improve encoding of TIFF tags
- Update Py_UNICODE to Py_UCS4
- Consider I;16 pixel size when drawing
- Add TIFFTAG_SAMPLEFORMAT to blocklist
- Create GIF deltas from background colour of GIF frames if disposal mode is 2
- Added ImageSequence all_frames
- Use unsigned int to store TIFF IFD offsets
- Include CPPFLAGS when searching for libraries
- Updated TIFF tile descriptors to match current decoding functionality
- Added an `image.entropy()` method (second revision)
- Pass the correct types to PyArg_ParseTuple
- Fixed crash when loading non-font bytes
- Fix SPARC memory alignment issues in Pack/Unpack functions
- Added CMYK;16B and CMYK;16N unpackers
- Fixed bugs in calculating text size
- Add __main__.py to output basic format and support information
- Added variation font support
- Do not down-convert if image is LA when showing with PNG format
- Improve handling of PSD frames
- Improved ICO and ICNS loading
- Changed Preview application path so that it is no longer static
- Corrected ttb text positioning
- Handle unexpected ICO image sizes
- Fixed bits value for RGB;16N unpackers
- Travis CI: Add Fedora 30, remove Fedora 28
- Added reading of CMYK;16L TIFF images
- Fixed dimensions of 1-bit PDFs
- Fixed opening mmap image through Path on Windows
- Fixed ImageDraw arc gaps
- Expand GIF to include frames with extents outside the image size
- Fixed ImageTk getimage
- Fixed bug in decoding large images
- Fixed reading APP13 marker without Photoshop data
- Added option to include layered windows in ImageGrab.grab on Windows
- Detect libimagequant when installed by pacman on MingW
- Fixed raqm layout bug
- Fixed loading font with non-Unicode path on Windows
- Travis CI: Upgrade PyPy from 6.0.0 to 7.1.1
- Depends: Updated openjpeg to 2.3.1
- Fix numpy bool bug

(adam)

Updated devel/libuv, ham/uhd

(adam)

uhd: updated to 3.14.1.0

003.014.001.000
N320: Terminate the DAC when not transmitting
E320: Add support for rev E
E320: Added .gitignore for FPGA build products
X300: Add DPDK support
X300: add capability to flash NI-2974 FPGA
X300: Broke two critical timing paths in FPGA
X300: fixed udp WSA buffer size assignment issue
E310: Fix DRAM_TEST target build
B200: Add bootloader for FX3 (fix for B2xx failing to enumerate)
TwinRX: Expose charge pump current for LO2
TwinRX: Add low spur mode for LO2
TwinRX: increase rev c lo1 charge pump default value
TwinRX: Fix tick rate
Device3: Constraint send/recv_frame_size based on down/upstream MTU
Device3: Fix MTU and default frame sizes
RFNoC: Search all nodes for tick rates
RFNoC: Change default address for the reg readbacks
uhd_image_builder: Let the OOT module point to folders not named "rfnoc"
uhd_image_builder: Add --auto-inst-src
MPMD: Fix spurious reclaim call after unclaim
MPMD: Release resources on destruction
MPM: Add SW/HW compat
liberio: Release context holder on destruction of last liberio xport
transport: fixed a pre-mature buffer reset
nirio: Fix typo in nirio_zero_copy
GPSD: fix API for 'gps_read'
AD9361: Fix return values for tune and set_clock_rate
DUC/DDC: Fix phase reset and accumulation
cores: Use NSDMI consistently in ?x_dsp_core_3000.*
Logging: fix deadlock issue on Windows machines
Logging: Fix ANSI colour codes
Utils: Add X300/X310 reset utility
Docs: Improved Windows-related build instructions
Docs: Add link to README for building custom filesystems for N3xx
sim: Fixing the port number in use for connection
tools: Fix for proj creation in ip_utils for tcl-based IP
tests: Fix mock_ctrl_iface for 32-bit MSVC

(adam)

libuv: updated to 1.30.1

Version 1.30.1
* doc: fix incorrect versionchanged
* test: allow UV_ECONNRESET in tcp_try_write_error
* unix: add uv_get_constrained_memory() cygwin stub
* build: fix android cmake build
* unix: squelch -Wcast-function-type warning
* build: fix compile error with uClibc

(adam)

Updated www/py-google-api-python-client, devel/py-cython, net/py-zmq

(adam)

py-zmq: updated to 18.0.2

18.0.2
- Compatibility with Python 3.8 prerelease by regenerating Cython sources
  with Cython 0.29.10.
- Fix language_level=2 in Cython sources, for compatibility with Cython 0.30
- Show missing path for ENOENT errors on ipc connections.

(adam)

py-cython: updated to 0.29.11

0.29.11:

Bugs fixed

* Fix compile error in CPython 3.8b2.

* Invalid C code generated for lambda functions in cdef methods.

* Support slice handling in newer Pythran versions.

* A reference leak in power-of-2 calculation was fixed.

* The search order for include files was changed. Previously it was
  include_directories, Cython/Includes, sys.path. Now it is
  include_directories, sys.path, Cython/Includes. This was done to
  allow third-party *.pxd files to override the ones in Cython.
  Original patch by Matti Picus.

* Setting language_level=2 in a file did not work if language_level=3
  was enabled globally before.

(adam)

py-google-api-python-client: depend on py-google-auth; re-enable Python 2.7; use TEST_DEPENDS

(adam)

Added security/py-google-auth, security/py-google-auth-httplib2, security/py-google-auth-oauthlib

(adam)

py-google-auth-oauthlib: added version 0.4.0

This library provides oauthlib integration with google-auth.

(adam)

py-google-auth-httplib2: added version 0.0.3

This library provides an httplib2 transport for google-auth.

(adam)

py-google-auth: added version 1.6.3

This library simplifies using Google various server-to-server
authentication mechanisms to access Google APIs

(adam)

Updated devel/py-cachetools, textproc/py-Unidecode

(adam)

py-Unidecode: updated to 1.1.1

unidecode 1.1.1
* Fix tests failing on PyPy 7.1.1

(adam)

py-cachetools: updated to 3.1.1

v3.1.1:
- Document how to use shared caches with @cachedmethod.
- Fix pickling/unpickling of cache keys

(adam)

Updated devel/py-pathlib2, www/py-google-apitools

(adam)

py-google-apitools: updated to 0.5.30

0.5.30:
Unknown changes.

(adam)

py-pathlib2: updated to 2.3.4

Version 2.3.4
- Do not raise windows error when calling resolve on a non-existing
  path in Python 2.7, to match behaviour on Python 3.x
- Use the new collections.abc when possible
- Sync with upstream pathlib

(adam)

Updated www/py-landslide, security/py-paramiko

(adam)