Updated net/samba4 to 4.3.3

(wiz)

Update samba4 to 4.3.3.

                  =============================
                  Release Notes for Samba 4.3.3
                        December 16, 2015
                  =============================

This is a security release in order to address the following CVEs:

o  CVE-2015-3223 (Denial of service in Samba Active Directory
  server)
o  CVE-2015-5252 (Insufficient symlink verification in smbd)
o  CVE-2015-5299 (Missing access control check in shadow copy
  code)
o  CVE-2015-5296 (Samba client requesting encryption vulnerable
  to downgrade attack)
o  CVE-2015-8467 (Denial of service attack against Windows
  Active Directory server)
o  CVE-2015-5330 (Remote memory read in Samba LDAP server)

Please note that if building against a system libldb, the required
version has been bumped to ldb-1.1.24.  This is needed to ensure
we build against a system ldb library that contains the fixes
for CVE-2015-5330 and CVE-2015-3223.

=======
Details
=======

o  CVE-2015-3223:
  All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
  ldb versions up to 1.1.23 inclusive) are vulnerable to
  a denial of service attack in the samba daemon LDAP server.

  A malicious client can send packets that cause the LDAP server in the
  samba daemon process to become unresponsive, preventing the server
  from servicing any other requests.

  This flaw is not exploitable beyond causing the code to loop expending
  CPU resources.

o  CVE-2015-5252:
  All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to
  a bug in symlink verification, which under certain circumstances could
  allow client access to files outside the exported share path.

  If a Samba share is configured with a path that shares a common path
  prefix with another directory on the file system, the smbd daemon may
  allow the client to follow a symlink pointing to a file or directory
  in that other directory, even if the share parameter "wide links" is
  set to "no" (the default).

o  CVE-2015-5299:
  All versions of Samba from 3.2.0 to 4.3.2 inclusive are vulnerable to
  a missing access control check in the vfs_shadow_copy2 module. When
  looking for the shadow copy directory under the share path the current
  accessing user should have DIRECTORY_LIST access rights in order to
  view the current snapshots.

  This was not being checked in the affected versions of Samba.

o  CVE-2015-5296:
  Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
  signing is negotiated when creating an encrypted client connection to
  a server.

  Without this a man-in-the-middle attack could downgrade the connection
  and connect using the supplied credentials as an unsigned, unencrypted
  connection.

o  CVE-2015-8467:
  Samba, operating as an AD DC, is sometimes operated in a domain with a
  mix of Samba and Windows Active Directory Domain Controllers.

  All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
  an AD DC in the same domain with Windows DCs, could be used to
  override the protection against the MS15-096 / CVE-2015-2535 security
  issue in Windows.

  Prior to MS16-096 it was possible to bypass the quota of machine
  accounts a non-administrative user could create.  Pure Samba domains
  are not impacted, as Samba does not implement the
  SeMachineAccountPrivilege functionality to allow non-administrator
  users to create new computer objects.

o  CVE-2015-5330:
  All versions of Samba from 4.0.0 to 4.3.2 inclusive (resp. all
  ldb versions up to 1.1.23 inclusive) are vulnerable to
  a remote memory read attack in the samba daemon LDAP server.

  A malicious client can send packets that cause the LDAP server in the
  samba daemon process to return heap memory beyond the length of the
  requested value.

  This memory may contain data that the client should not be allowed to
  see, allowing compromise of the server.

  The memory may either be returned to the client in an error string, or
  stored in the database by a suitabily privileged user.  If untrusted
  users can create objects in your database, please confirm that all DN
  and name attributes are reasonable.

Changes since 4.3.2:
--------------------

o  Andrew Bartlett <abartlet@samba.org>
  * BUG 11552: CVE-2015-8467: samdb: Match MS15-096 behaviour for
    userAccountControl.

o  Jeremy Allison <jra@samba.org>
  * BUG 11325: CVE-2015-3223: Fix LDAP \00 search expression attack DoS.
  * BUG 11395: CVE-2015-5252: Fix insufficient symlink verification (file
    access outside the share).
  * BUG 11529: CVE-2015-5299: s3-shadow-copy2: Fix missing access check on
    snapdir.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
  * BUG 11599: CVE-2015-5330: Fix remote read memory exploit in LDB.

o  Stefan Metzmacher <metze@samba.org>
  * BUG 11536: CVE-2015-5296: Add man in the middle protection when forcing
    smb encryption on the client side.

(wiz)

Patches are supposed to have trailing whitespace on otherwise blank lines.
(because the first character of each line is a control field)

(dholland)

Updated textproc/miller to 3.2.2

(wiz)

Update miller to 3.2.2:

Many changes; speed ups, autoconf support, ....

(wiz)

Updated www/libmicrohttpd to 0.9.48

(wiz)

Update libmicrohttpd to 0.9.48:

Fri Dec 18 15:54:50 CET 2015
Releasing libmicrohttpd 0.9.48. -CG

Tue Dec  15 18:35:55 CET 2015
Improved compatibility with VS2010 and other older
compilers. -EG

Tue Dec  8 21:48:44 CET 2015
Default backlog size for listen socket was changed from
32 to SOMAXCONN, added new option MHD_OPTION_LISTEN_BACKLOG_SIZE
to override default backlog size.
If not all connections can be handled by MHD_select() than
at least some of connections will be processed instead of
failing without any processing.
Fixed redefenition of FD_SETSIZE on W32 so select() will
work with 2000 connections instead of 64.
Better handled redefenition of FD_SETSIZE on all
platforms. -EG

Sat Dec  5 17:30:45 CET 2015
Close sockets more aggressively in multi-threaded
mode (possibly relevant for idle servers). -CG

(wiz)

Add patch comments.

(dholland)

Updated print/cups-filters to 1.5.0

(wiz)

Update cups-filters to 1.5.0:

CHANGES IN V1.5.0

- cups-browsed: Allow use of an alternative configuration file
  via the "-c" command line option.
- cups-browsed: Allow supplying configuration settings via the
          command line using the "-o" command line option.
- cups-browsed: Command line help via the "-h" or "--help"
          command line option.

(wiz)

Updated fonts/Hack-ttf to 2.018

(wiz)

Update Hack-ttf to 2.018:

Version 2.018 (release build)

ttf, otf, webfont builds

Patch for missing glyphs in regular set:

    added U+016C (upper case U breve), regular set - Issue #21
    added U+016D (lower case u breve), regular set - Issue #21

Version 2.017 (release build)

ttf, otf, webfont builds

Changes vs. release v2.015:

    increased vertical position of the tilde (U+007E) to improve alignment with other glyphs - Issue #23
    increased width of the vertical stroke on the dollar symbol (U+0024) - Issue #92
    modified Cyrillic upper case C (U+0421) to differentiate from Latin C - Issues #22 & #29
    modified Cyrillic lower case c (U+0441) to differentiate from Latin c - Issues #22 & #29
    modified upper case theta (U+0398) to differentiate from lower case theta - Issue #36
    added U+0132 (IJ) glyph - Issue #52
    added U+0133 (ij) glyph - Issue #52
    added U+013F (upper case L dot) glyph - Issue #52
    added U+0140 (lower case l dot) glyph - Issue #52
    added U+0162 (upper case T cedilla) glyph - Issue #52
    added U+0163 (lower case t cedilla) glyph - Issue #52
    added U+0138 (kgreenlandic) glyph - Issue #52
    added U+266A (musical note) glyph - Issue #52
    added U+0149 (lower case n apostrophe) - Issue #52
    added U+1EF9 (lower case y tilde) glyph - Issue #102
    added U+1EF8 (upper case Y tilde) glyph - Issue #102
    added U+1EBD (lower case e tilde) glyph - Issue #102
    added U+1EBC (upper case E tilde) glyph - Issue #102
    added U+2116 (numero) glyph - Issues #22 & #114
    added U+01A4 (p hook) glyph - Issue #105
    added U+0108 (upper case C circumflex) - Issue #21
    added U+0109 (lower case c circumflex) - Issue #21
    added U+011C (upper case G circumflex) - Issue #21
    added U+011D (lower case g circumflex) - Issue #21
    added U+0124 (upper case H circumflex) - Issue #21
    added U+0125 (lower case h circumflex) - Issue #21
    added U+0134 (upper case J circumflex) - Issue #21
    added U+0135 (lower case j circumflex) - Issue #21
    added U+015C (upper case S circumflex) - Issue #21
    added U+015D (lower case s circumflex) - Issue #21
    added U+016C (upper case U breve) - Issue #21
    added U+016D (lower case u breve) - Issue #21
    added U+20B7 (spesmilo) - Issue #21
    fixed missing null glyph (U+0000) in regular, italic, bolditalic sets
    removed duplicate CR glyph (U+000D) in all sets - Issue #149
    updated ttfautohint to version 1.4.1 for TrueType (.ttf) build instruction sets

Version 2.016 (testing build)

    increased vertical position of the tilde (U+007E) to improve alignment with other glyphs - Issue #23
    increased width of the vertical stroke on the dollar symbol (U+0024) - Issue #92
    modified Cyrillic upper case C (U+0421) to differentiate from Latin C - Issues #22 & #29
    modified Cyrillic lower case c (U+0441) to differentiate from Latin c - Issues #22 & #29
    modified upper case theta (U+0398) to differentiate from lower case theta - Issue #36
    added U+1EF9 (lower case y tilde) glyph - Issue #102
    added U+1EF8 (upper case Y tilde) glyph - Issue #102
    added U+1EBD (lower case e tilde) glyph - Issue #102
    added U+1EBC (upper case E tilde) glyph - Issue #102
    added U+2116 (numero) glyph - Issues #22 & #114
    added U+01A4 (p hook) glyph - Issue #105
    added U+0108 (upper case C circumflex) - Issue #21
    added U+0109 (lower case c circumflex) - Issue #21
    added U+011C (upper case G circumflex) - Issue #21
    added U+011D (lower case g circumflex) - Issue #21
    added U+0124 (upper case H circumflex) - Issue #21
    added U+0125 (lower case h circumflex) - Issue #21
    added U+0134 (upper case J circumflex) - Issue #21
    added U+0135 (lower case j circumflex) - Issue #21
    added U+015C (upper case S circumflex) - Issue #21
    added U+015D (lower case s circumflex) - Issue #21
    added U+016C (upper case U breve) - Issue #21
    added U+016D (lower case u breve) - Issue #21
    added U+20B7 (spesmilo) - Issue #21
    updated ttfautohint to version 1.4 for TrueType (.ttf) build instruction sets

(wiz)

p5-Math-Pari updated.

(wiz)

Fix previous.

(wiz)

Updated nih/p5-Math-Pari to 2.010808

(wiz)

Update p5-Math-Pari to 2.010808:

2.01080606a
  cygwin's tar generated 0-permissions for the distribution (no auto-workaround...).
  Document workarounds for isprime() with version 2.1.7 (in the BUGS section).

2.01080607
  Correct the documention about fraction of witnesses from >=0.25 to >=0.75.
  Define HAS_STAT and HAS_OPENDIR basing on $Config{i_sysstat} and $Config{i_dirent}.
  Correct spelling errors in POD and comments in Pari.pm (thanks to dsteinbrunner!).
  On AIX, do merge_822 separately in subdirectories (exceeds command line length otherwise).
  On >=2.3.0, reset had-newline-on-output to 1 at startup.  (Saves one spurious NL)
  New patch: diff_2.3.5_stderr_clobber
  New test: 01_no_extra_newlines.t
  Allow download not only via FTP, but also through HTTP.
  In presence of PERL5_CPAN_IS_RUNNING, assume that NO ANSWER on prompt is agreement.
(It looks like cygwin and MSWin32 automated-testing environment do not have
AUTOMATED_TESTING and PERL_MM_USE_DEFAULT set...)
  Do not auto-download on 64-bit builds of MSWin32.

2.010807
  Too long version name was a misprint.
  Pay attention to PERL_EXTUTILS_AUTOINSTALL when interpreting empty answers to prompt (probably an overkill).
    (disable this abomination by PERL_MATHPARI_TRUST_MANUAL)
    (to see why this may be needed: http://www.cpantesters.org/cpan/report/a5d65ec6-6bf3-1014-87a8-67ba45601f20)
  Report bytes in the answer for prompt.
  Separate into separate subroutines inspecting versions available for download from the actual download.
  Change the logic of fallback Net::FTP --> LWP: before, if Net::FTP fails in retrieving the directory listing;
    now: if this happens, or if it fails to retrieve the file (how can it happen?! see http://www.cpantesters.org/cpan/report/e7f9d5a7-6bfa-1014-9d0f-1948c9c86cae)
  __wrap_PARI_macro: new function (not exported)
  parse_as_gp: new function (exported by default)
  More verbose error message for "Cannot load a Pari macro".

2.010808
  A night of sleep fixed problems of parse_of_gp with the operator \ and empty lines.
    (test suite updated)
  Actually, mingw was not ready for HAVE_OPENDIR.
  Store which patches were applied in $dir/.perl.patches.
  Report which patches were not applied.
  Export patches_for() from BuildPari.
  pari_tgz build option was broken (by LWP-after-NFTP support code � which, apparently, did not help with timeouts).
  Ignore 0-size "downloaded" files.

(wiz)

Fix build by removing a redundant return statement. From Malte Dehling in
PR pkg/49637.

(bsiegert)

Add a patch for CVS-2014-2980: Tools/gdomap.c in gdomap in GNUstep Base 1.24.6
and earlier, when run in daemon mode, does not properly handle the file
descriptor for the logger, which allows remote attackers to cause a denial of
service (abort) via an invalid request.

Bump pkgrevision.

(bsiegert)

Updated x11/libdrm to 2.4.66

(wiz)

Update libdrm to 2.4.66:

libdrm 2.4.66 release, mainly for new nouveau API.

lots of other changes in here as well though.

Ben Skeggs (14):
      nouveau: import and install a selection of nvif headers from the kernel
      nouveau: move more abi16-specific logic into abi16.c
      nouveau: move object functions up, to avoid future foward decls
      nouveau: make it possible to init object in pre-allocated memory
      nouveau: add interface to call an object's methods
      nouveau: add interfaces to query information about supported classes
      nouveau: introduce object to represent the kernel client
      nouveau: stack legacy nouveau_device on top of nouveau_drm
      nouveau: make use of nouveau_drm::fd instead of nouveau_device::fd
      nouveau: remove nouveau_object_find()
      nouveau: add new interface to create a nouveau_device
      nouveau: add support for newer kernel interfaces
      nouveau: clean up nouveau.h, noting deprecated members/functions
      Bump version for release

Ben Widawsky (2):
      intel: Add SKL GT4 PCI IDs
      intel: Cleanup SKL PCI ID definitions.

Chih-Wei Huang (1):
      intel: add the missing <strings.h> include

Dave Airlie (1):
      drm: add virtgpu_drm.h

Emil Velikov (17):
      automake: set --enable-valgrind during make distcheck
      xf86drmMode: smoke-test the atomic API
      tests/drmdevice: add new 'test'
      xf86drm: flex platform specifics into drmParsePciBusInfo
      xf86drm: move platform details to drmParsePciDeviceInfo()
      xf86drm: move the final linux specific bits out of drmGetDevices
      xf86drm: rename drmSameDevice to drmCompareBusInfo
      util_math: add MAX3 macro
      xf86drm: rework drmGetDevices()
      xf86drm: move ifdef __linux__ guards where needed
      xf86drm: warn on missing drmGetMinorNameForFD implementation
      xf86drm: split out drmProcessPciDevice and drmFoldDuplicatedDevices
      xf86drm: add drm{Get,Free}Device
      tests/drmdevice: add drm{Get,Free}Device() example
      Fix SunOS/NetBSD atomic macro
      xf86drm: remove makedev() hack/workaround
      configure.ac: test for the same atomic function as the one we use

Felix Janda (1):
      xf86drm: include <limits.h> for PATH_MAX

Jammy Zhou (1):
      amdgpu: fix overflow for timeout calculation

Jonathan Gray (1):
      configure.ac: rework compiler builtin atomic tests

Kristian Høgsberg Kristensen (3):
      intel: Update i915_drm.h
      Add tests/drmdevice to .gitignore
      intel: Add drm_intel_bo_set_softpin_offset to intel-symbol-check

Matt Roper (3):
      xf86drm: Fix error handling for drmGetDevices()
      xf86drm: Fix error handling for drmGetDevice()
      xf86drm: Handle unrecognized subsystems safely in drmGetDevice[s]()

Michał Winiarski (2):
      intel: Add support for softpin
      intel: Restore formatting of offsets in debug statements

Michel Dänzer (2):
      Fix void pointer arithmetic in drmProcessPciDevice
      radeon: Handle surface offsets exceeding 32 bits correctly

Michel Thierry (2):
      intel: 48b ppgtt support (EXEC_OBJECT_SUPPORTS_48B_ADDRESS flag)
      intel: add drm_intel_bo_use_48b_address_range to symbol-check test

Rob Clark (3):
      freedreno: don't reuse exported buffers
      freedreno: drop exported dmabuf fd tracking
      freedreno: debug msg cleanup

Stefan Agner (1):
      tests: remove missleading comments

Thierry Reding (10):
      tests: Split helpers into library
      tests: Move name tables to libutil
      proptest: Add Android support
      tests: Add libkms-test library
      tests: kms: Implement CRTC stealing test
      tests: kms: Implement universal planes test
      tests: Add helper to open a device/module
      modetest: Use util_open()
      proptest: Use util_open()
      vbltest: Use util_open()

Tobias Jakobi (18):
      exynos/fimg2d: fix empty buffer handling in g2d_flush()
      exynos/fimg2d: simplify base address submission in g2d_scale_and_blend()
      exynos/fimg2d: add g2d_check_space()
      exynos/fimg2d: add g2d_validate_xyz() functions
      exynos/fimg2d: remove default case from g2d_get_blend_op()
      exynos/fimg2d: remove superfluous initialization of g2d_point_val
      exynos/fimg2d: make g2d_add_cmd() less heavy
      exynos/fimg2d: add message prefix
      exynos/fimg2d: remove g2d_context from public header
      exynos: Introduce exynos_handle_event()
      tests/exynos: add fimg2d performance analysis
      exynos/fimg2d: add g2d_config_event
      tests/exynos: add fimg2d event test
      tests/exynos: use XRGB8888 for framebuffer
      exynos: fimg2d: add g2d_set_direction
      exynos/fimg2d: add g2d_move
      tests/exynos: add test for g2d_move
      exynos: bump version number

Tom St Denis (4):
      amdgpu: Unlock mutex if base_required is invalid
      amdgpu:  Fix use-after-free bug in vamgr_deinit
      amdgpu: Cleanly handle ENOMEM on result in amdgpu_bo_list_create()
      amdgpu:  Make amdgpu_cs_calculate_timeout() return something sensible on error

Tvrtko Ursulin (1):
      libdrm: Use userspace compatible type in fourcc_mod_code macro

(wiz)

Forgot to bump revision, prodded by wiz@.

(bsiegert)

Add a missing REPLACE_BASH. Patch from Kamel Derouiche in PR pkg/50598.

(bsiegert)

Updated devel/fossil to 1.34

(nros)

Convert sift to buildlink3.

(wiz)

Add buildlink3.mk file for go-crypto.

(wiz)

Go buildlink changes

(bsiegert)

Add buildlink file here, too

(bsiegert)

Real buildlink support for Go, hacked with wiz@.

Go packages now define a set of files to buildlink in their buildlink3.mk.
go-packages.mk no longer looks in ${PREFIX}/gopkg during the build. This
should also fix the spurious issues with rebuilds of .a files during bulk
builds of Go packages.

(bsiegert)

regen

(sevan)

Updated pkgtools/createbuildlink to 3.17

(wiz)

Updated lang/nodejs to 5.3.0

(fhajny)

Update lang/nodejs to 5.3.0.

- buffer: Buffer.prototype.includes() has been added to keep parity
  with TypedArrays.
- domains: Fix handling of uncaught exceptions.
- https: Added support for disabling session caching.
- repl: Allow third party modules to be imported using require().
  This corrects a regression from 5.2.0.
- deps: Upgrade libuv to 1.8.0.

(fhajny)

Updated textproc/libodfgen to 0.1.5

(wiz)

Updated lang/nodejs4 to 4.2.4

(fhajny)

Updated archivers/p7zip to 15.09

(adam)

typo

(dholland)

What's new after p7zip 9.38.1 :

  - 7-Zip now can extract ext2 and multivolume VMDK images.
  - 7-Zip now can extract ext3 and ext4 (Linux file system) images.
  - support of cygwin 64 bits
  - support of cygwin 64 bits with asm
  - cygwin : fix in GetRamSize()
  - cross building added :
makefile.linux_cross_aarch64
makefile.linux_cross_arm
makefile.linux_cross_ppc
makefile.linux_cross_ppc64
makefile.linux_cross_ppc64le
makefile.linux_cross_s390x  (7za and 7zr pass tests, 7z does not pass tests)

  - 7-Zip now can extract GPT images and single file QCOW2, VMDK, VDI images.
  - 7-Zip now can extract solid WIM archives with LZMS compression.
  - 7-Zip now can extract RAR5 archives.
  - 7-Zip now doesn't sort files by type while adding to solid 7z archive.
      new -mqs switch to sort files by type while adding to solid 7z archive.
  - 7-Zip now can create 7z, xz and zip archives with 1536 MB dictionary for LZMA/LZMA2.
  - 7-Zip now can extract .zipx (WinZip) archives that use xz compression.

(adam)

Add patch comment.

(dholland)

Document --binary-macpkg.

XXX: there should be a man page for the bootstrap script, or something.
XXX: AFAICT there is no one place its arguments are documented...

(dholland)

pkglint; add patch comments.

(dholland)

GMT, twice.

(dholland)

Rework (and simplify) docs installation to avoid share/doc/html.
Mostly silences pkglint.

Bump PKGREVISION again (to 6).

(dholland)

Add dependency on dconf so settings can be saved - issue reported by Jan Danielsson and fix from wiz@

(abs)

Update fossil to version 1.34.

Remove readline dependency fossil now uses the linenoise library
(embedded src).
Install manpage, license and linenoise license.

Changelog:
* Make the fossil clean command undoable for files less than 10MiB.
* Update internal Unicode character tables, used in regular expression
  handling, from version 7.0 to 8.0.
* Add the new amend command which is used to modify tags of a "check-in".
* Fix bug in import command, handling version 3 of the svndump format for
  subversion.
* Add the all cache command.
* TH1 enhancements:
    Add minimal [lsearch] command. Only exact case-sensitive matching is
    supported.
    Add the [glob_match], [markdown], [dir], and [encode64] commands.
    Add the [tclIsSafe] and [tclMakeSafe] commands to the Tcl integration
    subsystem.
    Add 'double', 'integer', and 'list' classes to the [string is] command.
* Add the --undo option to the diff command.
* Build-in Antirez's "linenoise" command-line editing library
  for use with the fossil sql command on Unix platforms.
* Add stash cat as an alias for the stash show command.
* Automatically pull before fossil merge when auto-sync is enabled.
* Fix --hard option to fossil mv and fossil rm to enable them to work properly
  with certain relative paths.
* Change the mimetype for ".n" and ".man" files to text/plain.
* Display improvements in the fossil bisect chart command.
* Updated the built-in SQLite to version 3.9.1 and activated JSON1 and
  FTS5 support (both currently unused within Fossil).

(nros)

Fix CVE-2015-6749 in vorbis-tools: Buffer overflow in the aiff_open function in
oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to
cause a denial of service (crash) via a crafted AIFF file.

Bump pkgrevision.

(bsiegert)

Update pcre2 to 10.20. Fix CVE-2015-8381.

Version 10.20 30-June-2015
--------------------------

1. Callouts with string arguments have been added.

2. Assertion code generator in JIT has been optimized.

3. The invalid pattern (?(?C) has a missing assertion condition at the end. The
pcre2_compile() function read past the end of the input before diagnosing an
error. This bug was discovered by the LLVM fuzzer.

4. Implemented pcre2_callout_enumerate().

5. Fix JIT compilation of conditional blocks whose assertion is converted to
(*FAIL). E.g: /(?(?!))/.

6. The pattern /(?(?!)^)/ caused references to random memory. This bug was
discovered by the LLVM fuzzer.

7. The assertion (?!) is optimized to (*FAIL). This was not handled correctly
when this assertion was used as a condition, for example (?(?!)a|b). In
pcre2_match() it worked by luck; in pcre2_dfa_match() it gave an incorrect
error about an unsupported item.

8. For some types of pattern, for example /Z*(|d*){216}/, the auto-
possessification code could take exponential time to complete. A recursion
depth limit of 1000 has been imposed to limit the resources used by this
optimization. This infelicity was discovered by the LLVM fuzzer.

9. A pattern such as /(*UTF)[\S\V\H]/, which contains a negated special class
such as \S in non-UCP mode, explicit wide characters (> 255) can be ignored
because \S ensures they are all in the class. The code for doing this was
interacting badly with the code for computing the amount of space needed to
compile the pattern, leading to a buffer overflow. This bug was discovered by
the LLVM fuzzer.

10. A pattern such as /((?2)+)((?1))/ which has mutual recursion nested inside
other kinds of group caused stack overflow at compile time. This bug was
discovered by the LLVM fuzzer.

11. A pattern such as /(?1)(?#?'){8}(a)/ which had a parenthesized comment
between a subroutine call and its quantifier was incorrectly compiled, leading
to buffer overflow or other errors. This bug was discovered by the LLVM fuzzer.

12. The illegal pattern /(?(?<E>.*!.*)?)/ was not being diagnosed as missing an
assertion after (?(. The code was failing to check the character after (?(?<
for the ! or = that would indicate a lookbehind assertion. This bug was
discovered by the LLVM fuzzer.

13. A pattern such as /X((?2)()*+){2}+/ which has a possessive quantifier with
a fixed maximum following a group that contains a subroutine reference was
incorrectly compiled and could trigger buffer overflow. This bug was discovered
by the LLVM fuzzer.

14. Negative relative recursive references such as (?-7) to non-existent
subpatterns were not being diagnosed and could lead to unpredictable behaviour.
This bug was discovered by the LLVM fuzzer.

15. The bug fixed in 14 was due to an integer variable that was unsigned when
it should have been signed. Some other "int" variables, having been checked,
have either been changed to uint32_t or commented as "must be signed".

16. A mutual recursion within a lookbehind assertion such as (?<=((?2))((?1)))
caused a stack overflow instead of the diagnosis of a non-fixed length
lookbehind assertion. This bug was discovered by the LLVM fuzzer.

17. The use of \K in a positive lookbehind assertion in a non-anchored pattern
(e.g. /(?<=\Ka)/) could make pcre2grep loop.

18. There was a similar problem to 17 in pcre2test for global matches, though
the code there did catch the loop.

19. If a greedy quantified \X was preceded by \C in UTF mode (e.g. \C\X*),
and a subsequent item in the pattern caused a non-match, backtracking over the
repeated \X did not stop, but carried on past the start of the subject, causing
reference to random memory and/or a segfault. There were also some other cases
where backtracking after \C could crash. This set of bugs was discovered by the
LLVM fuzzer.

20. The function for finding the minimum length of a matching string could take
a very long time if mutual recursion was present many times in a pattern, for
example, /((?2){73}(?2))((?1))/. A better mutual recursion detection method has
been implemented. This infelicity was discovered by the LLVM fuzzer.

21. Implemented PCRE2_NEVER_BACKSLASH_C.

22. The feature for string replication in pcre2test could read from freed
memory if the replication required a buffer to be extended, and it was not
working properly in 16-bit and 32-bit modes. This issue was discovered by a
fuzzer: see http://lcamtuf.coredump.cx/afl/.

23. Added the PCRE2_ALT_CIRCUMFLEX option.

24. Adjust the treatment of \8 and \9 to be the same as the current Perl
behaviour.

25. Static linking against the PCRE2 library using the pkg-config module was
failing on missing pthread symbols.

26. If a group that contained a recursive back reference also contained a
forward reference subroutine call followed by a non-forward-reference
subroutine call, for example /.((?2)(?R)\1)()/, pcre2_compile() failed to
compile correct code, leading to undefined behaviour or an internally detected
error. This bug was discovered by the LLVM fuzzer.

27. Quantification of certain items (e.g. atomic back references) could cause
incorrect code to be compiled when recursive forward references were involved.
For example, in this pattern: /(?1)()((((((\1++))\x85)+)|))/. This bug was
discovered by the LLVM fuzzer.

28. A repeated conditional group whose condition was a reference by name caused
a buffer overflow if there was more than one group with the given name. This
bug was discovered by the LLVM fuzzer.

29. A recursive back reference by name within a group that had the same name as
another group caused a buffer overflow. For example: /(?J)(?'d'(?'d'\g{d}))/.
This bug was discovered by the LLVM fuzzer.

30. A forward reference by name to a group whose number is the same as the
current group, for example in this pattern: /(?|(\k'Pm')|(?'Pm'))/, caused a
buffer overflow at compile time. This bug was discovered by the LLVM fuzzer.

31. Fix -fsanitize=undefined warnings for left shifts of 1 by 31 (it treats 1
as an int; fixed by writing it as 1u).

32. Fix pcre2grep compile when -std=c99 is used with gcc, though it still gives
a warning for "fileno" unless -std=gnu99 us used.

33. A lookbehind assertion within a set of mutually recursive subpatterns could
provoke a buffer overflow. This bug was discovered by the LLVM fuzzer.

34. Give an error for an empty subpattern name such as (?'').

35. Make pcre2test give an error if a pattern that follows #forbud_utf contains
\P, \p, or \X.

36. The way named subpatterns are handled has been refactored. There is now a
pre-pass over the regex which does nothing other than identify named
subpatterns and count the total captures. This means that information about
named patterns is known before the rest of the compile. In particular, it means
that forward references can be checked as they are encountered. Previously, the
code for handling forward references was contorted and led to several errors in
computing the memory requirements for some patterns, leading to buffer
overflows.

37. There was no check for integer overflow in subroutine calls such as (?123).

38. The table entry for \l in EBCDIC environments was incorrect, leading to its
being treated as a literal 'l' instead of causing an error.

39. If a non-capturing group containing a conditional group that could match
an empty string was repeated, it was not identified as matching an empty string
itself. For example: /^(?:(?(1)x|)+)+$()/.

40. In an EBCDIC environment, pcretest was mishandling the escape sequences
\a and \e in test subject lines.

41. In an EBCDIC environment, \a in a pattern was converted to the ASCII
instead of the EBCDIC value.

42. The handling of \c in an EBCDIC environment has been revised so that it is
now compatible with the specification in Perl's perlebcdic page.

43. Single character repetition in JIT has been improved. 20-30% speedup
was achieved on certain patterns.

44. The EBCDIC character 0x41 is a non-breaking space, equivalent to 0xa0 in
ASCII/Unicode. This has now been added to the list of characters that are
recognized as white space in EBCDIC.

45. When PCRE2 was compiled without Unicode support, the use of \p and \P gave
an error (correctly) when used outside a class, but did not give an error
within a class.

46. \h within a class was incorrectly compiled in EBCDIC environments.

47. JIT should return with error when the compiled pattern requires
more stack space than the maximum.

48. Fixed a memory leak in pcre2grep when a locale is set.

(bsiegert)

Fix build on NetBSD-7/i386. From Stefan Schaeckeler in PR pkg/50391.

(bsiegert)

scamper and lsof updates.

(bsiegert)

Update lsof to 4.88. From David H. Gutteridge in PR pkg/50487.

Reduced to 50 the number of open file descriptors lsof
attempts to close while trying to protect itself from a
file descriptor exec() attack.  This limits the overhead
lsof incurs on systems that have large file descriptor
limits, yet provides sufficient open descriptors for the
library functions lsof calls.

Updated for changes in FreeBSD 10 with advice from Eygene
Ryabinkin <rea@freebsd.org>.  Taught Configure to recognize
FreeBSD 8.4.

Herein am noting that lsof for Solaris 10 or 11 is no longer
supported.  I no longer have test systems.  Some support is
still available from Casper Dik <Casper.Dik@oracle.com> and a
Solaris 11 patch he provided is included in this revision.

Initialized local variables in the Linux process_id() function.
Jia He <jiakernel@gmail.com> reported the problem.

Added support for FreeBSD 11.

Updated FreeBSD ZFS Configure stanza to supply a dummy
opt_kdtrace.h when needed.

Added tmpfs file system support for FreeBSD.

Since a test system is no longer available, dropped the
claim of FreeBSD 4.9 support.

Added the +|-E options for Linux.  -E displays endpoint info;
+E displays endpoint info and endpopint files.  Masatake YAMATO
<yamato@redhat.com> requested this support and suggested code
to implement it.

Fixed a Linux bug handling processes whose command includes a
non-printing character, particularly a NEWLINE character, and
clarified printing of single '\\' characters in command and
file names.  Stephane Chazelas <stephane.chazelas@gmail.com>
reported the problem.

Added support for Linux RDMA and CRYPTO protocal names and UNIX
socket type with code from Masatake YAMATO <yamato@redhat.com>.

Fixed field output to insure that the field descriptor field is
always selected, since it identifies the file set.  The bug was
reported by Gary Plewa <gary.m.plewa-1@lowes.com>.

(bsiegert)

Since DISTINFO_FILE is defined in lang/ruby/Makefile.common, no need to
define it here.

(taca)

Drop libXp; bump PKGREVISION.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

pkglint

(dholland)

Sort.

(dholland)

Sort and remove duplicates.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Sort.

(dholland)

Drop checksum for nonexistent patch.

(dholland)

Drop checksum for nonexistent patch.

(dholland)

Drop checksum for nonexistent patch.

(dholland)

Updated multimedia/adobe-flash-plugin11 to 11.2.202.559

(tsutsui)

Update adobe-flash-plugin11 to 11.2.202.559.

Upstream announcement:

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Adobe Security Bulletin

Security updates available for Adobe Flash Player

Release date: December 28, 2015

Vulnerability identifier: APSB16-01

CVE number: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635,
CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641,
CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646,
CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651

Platform: All Platforms

(tsutsui)

pkglint.

(dholland)

Use canonical relative path.

(dholland)

pkglint

(dholland)

Whitespace.

(dholland)

pkglint, and (ahem) fix previous.

(dholland)

Use canonical relative paths.

(dholland)

pkglint

(dholland)

Add patch comments.

(dholland)

Fix missing/broken rcsids.

(dholland)

Fix broken rcsid.

(dholland)

pkglint

(dholland)

Add missing cvs tag.

(dholland)

Sort.

(dholland)

note addition of math/pcg

(agc)

Add pcg version 0.94 to the packages collection

The PCG family of Random Number Generators combines properties not
previously seen together in the same generation scheme:

+ It's really easy to use, and yet its very flexible and offers
powerful features (including some that allow you to perform silly
party tricks).

+ It's very fast, and can occupy very little space.

+ It has small code size.

+ It's performance in statistical tests is excellent (see the PCG
paper for full details).

+ It's much less predictable and thus more secure than most generators.

+ It's open source software, with a permissive license (the Apache license).

(agc)

Removed leading whitespace in variable assignment (found by pkglint)

(rillig)

hylafax

(dholland)

Modernize rc scripts, for PR 18681. Add hfaxd.sh, faxq.sh; remove
hylafax.sh.

(dholland)

Add LICENSE.

(leot)

Updated audio/mp3diags to 1.2.02

(adam)

Changes 1.2.02:
- integrated changes from 1.3.01:
- fixed incorrect message occurring some times when start after a crash
- better logging and retries for write errors
- added offset to the output created via the command line
- fixed crash caused by saving very small images
- build fix
- disabled Discogs integration

(adam)

Updated converters/librevenge to 0.0.3nb1

(ryoon)

Restore -lboost_system to librevenge's pc file. Bump PKGREVISION
This fixes converters/libabw build at least.

(ryoon)

Added graphics/wm-icons version 0.4.0

(tsutsui)