Update wget to 1.17:

* Changes in Wget 1.17

** Remove FTP passive to active fallback due to privacy concerns.

** Add support for --if-modified-since.

** Add support for metalink through --input-metalink and --metalink-over-http.

** Add support for HSTS through --hsts and --hsts-file.

** Add option to restrict filenames under VMS.

** Add support for --rejected-log which logs to a separate file the reasons why
  URLs are being rejected and some context around it.

** Add support for FTPS.

** Do not download/save file on error when --spider enabled

** Add --convert-file-only option. This option converts only the
  filename part of the URLs, leaving the rest of the URLs untouched.

(wiz)

Add upstream bug report URL.

(wiz)

Updated databases/tdb to 1.3.8

(wiz)

Update tdb to 1.3.8.

Changes not found.

(wiz)

Updated devel/ruby-redmine to 3.1.2

(ryoon)

Updated www/libmicrohttpd to 0.9.46

(wiz)

Update libmicrohttpd to 0.9.46:

Fri Nov  6 22:54:38 CET 2015
Fixing the buffer shrinkage issue, this time with test. -CG
        Releasing libmicrohttpd 0.9.46. -CG

Tue Nov  3 23:24:52 CET 2015
Undoing change from Sun Oct 25 15:29:23 CET 2015
as the original code was counter-intuitive but
correct, and the new code does break pipelining.
Ignore empty lines at the beginning of an HTTP
request (more tolerant implementation). -CG

Sat Oct 31 15:52:52 CET 2015
Releasing libmicrohttpd 0.9.45. -CG

Tue Oct 27 12:08:02 CET 2015
Rework deprecation maros: fix errors with old GCC versions,
improved support for old clang and new GCC. -EG

Sun Oct 25 23:05:32 CET 2015
Return correct header kind in MHD_get_connection_values()
even if a bitmask is used for the "kind" argument. -FC/CG

Sun Oct 25 15:29:23 CET 2015
Fixing transient resource leak affecting long-lived
connections with many keep-alives and HTTP request
pipelining under certain circumstances (which reduced
the receive window).
Fixed assertion failure triggered by a race in
thread-per-connection mode on shutdown in rare
circumstances. -CG

Mon Oct  5 11:53:52 CEST 2015
Deduplicate code between digestauth and connection
parsing logic for URI arguments, shared code moved
to new MHD_parse_arguments_ function in internal.c. -CG

Thu Oct  1 21:22:05 CEST 2015
Releasing libmicrohttpd 0.9.44. -CG

Wed Sep 30 21:05:38 CEST 2015
Various fixes for W32 VS project files. - EG

Fri Sep 25 09:49:10 CEST 2015
Fix digest authentication with URL arguments where
value-less keys are given before the last argument.
Thanks to MA for reporting. -CG

Tue Sep 22 19:17:54 CEST 2015
Do not use shutdown() on listen socket if MHD_USE_PIPE_FOR_SHUTDOWN
is set. -CG

Wed Sep 16 11:06:02 CEST 2015
Releasing libmicrohttpd 0.9.43. -CG

Wed Sep  2 16:50:31 CEST 2015
Call resume_suspended_connections() when the user is running
its own mainloop and calls MHD_run_from_select() to support
resuming connections with external select. -FC

Sun Aug 30 14:53:51 CEST 2015
Correct documentation as to when MHD_USE_EPOLL_LINUX_ONLY
is allowed. -CG

Thu Aug 27 09:38:44 CEST 2015
Reimplement monotonic clock functions for better
support various platforms.
Print more information during configure. -EG

Fri Aug 14 14:13:55 CEST 2015
Export MHD_get_reason_phrase_for() symbol. -CG

Sat Aug  8 12:19:47 CEST 2015
Added checks for overflows and buffer overruns, fixed
possible buffer overrun.
Updated md5 implementation.
Fixed many compiler warning (mostly for VC compiler). -EG

Tue Aug  4 13:50:23 CEST 2015
Fix failure to properly clean up timed out connections
if running in external select mode without listen socket,
which caused busy waiting until new connections arrived.
(Fixes #3924, thanks to slimp for reporting and testcase). -CG

Sun Aug  2 19:08:20 CEST 2015
Ignore close() errors on sockets except for EBADF,
fixes #3926. -CG

Sat Jun 27 22:16:27 CEST 2015
Make sure to decrement connection counter before
calling connection notifier so that
MHD_DAEMON_INFO_CURRENT_CONNECTIONS does not
present stale information (relevant if this is
used for termination detection of a daemon
stopped via MHD_quiesce_daemon()). Thanks to
Markus Doppelbauer for reporting. -CG

Fri Jun 26 23:17:20 CEST 2015
Fix (automatic) handling of HEAD requests with
MHD_create_response_from_callback() and HTTP/1.1
connection keep-alives. Thanks to Cristian Klein
for reporting. -CG

Tue Jun 09 18:30:17 CEST 2015
Add new functions MHD_create_response_from_fd64() and
MHD_create_response_from_fd_at_offset64(). -EG

Thu Jun  4 13:37:05 CEST 2015
Fixing memory leak in digest authentication. -AW

Wed Jun 03 21:23:47 CEST 2015
Add deprecation compiler messages for deprecated functions
and macros. -EG

Fri May 29 12:23:01 CEST 2015
Fixing digest authentication when used in combination
with escaped characters in URLs. -CG/AW

Wed May 13 11:49:09 CEST 2015
Releasing libmicrohttpd 0.9.42. -CG

Wed May 13 11:33:59 CEST 2015
Fix off-by-one in MHD_start_daemon_va() error handling logic
when initialization of threads for thread pool fails for some
reason. -CG/JC

Thu May  7 17:05:46 CEST 2015
Add support for poll() in W32. -EG

Wed May  6 18:07:38 CEST 2015
Fix #3784: actually implement MHD_CONNECTION_INFO_SOCKET_CONTEXT. -asherkin

Thu Apr 30 00:03::49 CEST 2015
Releasing libmicrohttpd 0.9.41. -CG

Thu Apr 30 00:02:33 CEST 2015
Fix issue where resumed connections would not continue
unless other requests are active in certain
event-loop modes. Thanks to Mike Castillo for reporting. -CG

Wed Apr 15 03:16:18 CEST 2015
Fixing issue #3753 (testcase issue). -CG

Wed Apr 15 00:30:34 CEST 2015
Fix looping issue when using MHD_USE_POLL_INTERNALLY
and a client times out. -LB

Sun Apr 12 21:48:50 CEST 2015
Fix looping issue when combining MHD_USE_EPOLL_LINUX_ONLY
with HTTPS and slow clients. -CG

Fri Apr 10 22:02:27 CEST 2015
Fix logic to add "Connection: Close" that was broken in 0.9.38
when adding MHD_RF_HTTP_VERSION_1_0_ONLY. -CG

Fri Apr 10 00:38:40 CEST 2015
Ensure fast termination in MHD_USE_THREAD_PER_CONNECTION
mode on W32 by using signal pipe. -CG

Thu Apr  9 09:01:15 CEST 2015
Fixing issue with undrained signal pipe when using
MHD_USE_SELECT_INTERNALLY and MHD_USE_POLL in combination
with MHD_resume_connection(), causing 100% CPU usage. -DD

Tue Apr  7 00:12:36 CEST 2015
Releasing libmicrohttpd 0.9.40. -CG

Sat Apr  4 18:28:24 CEST 2015
Fix potential deadlock issue in MHD_USE_THREAD_PER_CONNECTION
mode if shutdown is initiated while connections are active. -CG

Sat Apr  4 17:48:13 CEST 2015
Fix issue in thread-pool mode where a MHD_stop_daemon()
might not reach threads that stopped listening because
we hit the maximum number of concurrent connections and
the option MHD_USE_PIPE_FOR_SHUTDOWN was also not used.
Testcase added as well. -CG

Fri Apr  3 12:55:31 CEST 2015
Update HTTPS testcases to avoid SSLv3, as SSLv3 is dead.

Fri Apr  3 12:25:28 CEST 2015
Do not enforce FD_SETSIZE-limit on worker control
pipe when using MHD_USE_EPOLL_LINUX_ONLY (#3751). -MH/CG

Tue Mar 31 10:28:26 CEST 2015
Adding MHD_OPTION_NOTIFY_CONNECTION,
MHD_CONNECTION_NOTIFY_STARTED,
MHD_CONNECTION_NOTIFY_CLOSED and
MHD_CONNECTION_INFO_SOCKET_CONTEXT to allow
applications to trigger operations when TCP
connections start or end, instead of just
exposing HTTP requests starting and ending. -RG/CG

Thu Feb 26 09:55:43 CET 2015
Fixing bug that prevented MHD_OPTION_HTTPS_MEM_DHPARAMS
from working within a MHD_OPTION_ARRAY. -DD

Sun Feb  8 01:24:38 CET 2015
Adding MHD_OPTION_HTTPS_KEY_PASSWORD as proposed by
Andrew Basile. -CG/AB

Wed Feb  4 20:34:22 CET 2015
Fix issue where for HTTP/1.0-clients that set
Connection: Keep-Alive header a response of
indefinite size was generated with chunked encoding. -CG

Sun Jan 18 20:09:06 CET 2015
Fix potential infinite loop on shutdown in multi-threaded mode
under certain conditions. -CG

(wiz)

Update to 3.1.2

Changelog:
3.1.2 (2015-11-14)

    Defect #20992: Parent priority "Independent of subtasks" setting doesn't work
    Defect #20360: Project copy does not copy custom field settings
    Defect #20380: Cannot assign users to projects with IE set to compatibility mode
    Defect #20591: PDF export does not determine picture (.png) height correctly
    Defect #20677: Custom fields with multiple values required by worklow can be blank
    Defect #20811: long pre lines are missing from PDF export of wiki pages
    Defect #21136: Issues API may disclose changeset messages that are not visible
    Defect #21150: Time logging form may disclose subjects of issues that are not visible
    Defect #21155: Deleting invalid wiki page version deletes whole page content
    Defect #20282: Error message when editing a child project without add project/subprojects permissions
    Defect #20730: Fix tokenization of phrases with non-ascii chars
    Defect #21071: find_referenced_issue_by_id fails with RangeError for large numbers
    Patch #21031: Polish translation update for 3.0-stable
    Patch #21105: Japanese wiki_syntax_detailed_textile.html translation for 3.0-stable
    Patch #20785: Polish translation update for 3.1-stable
    Patch #20837: Bulgarian translation
    Patch #20892: Spanish translation for r14637
    Patch #20906: Fix mulitple tab navigation highlighting and content hiding
    Patch #21019: Traditional Chinese translation (to r14689)
    Patch #21076: Move inline CSS to application.css for private checkbox
    Patch #21085: Optimize issue edit description link

(ryoon)

+ calibre-2.44.1.

(wiz)

Updated devel/geany to 1.26

(wiz)

Update geany to 1.26.

Provided by David H. Gutteridge in PR 50451.

Change log:

    General
    * New plugin API (Thomas Martitz, PR#469).
    * Add support for "proxy" plugins (Thomas Martitz, PR#629).

    Bug fixes
    * Fix "Open in New Window" command (Issue#590).
    * Fix spurious "source file has been modified" (Jiř� Techet, Issue#605,
      PR#621).
    * Don't open more than one document for non-existing paths from the CLI
      (https://bugs.launchpad.net/linuxmint/+bug/1482558, PR#646).
    * Fix configuration directory encoding on non-UTF-8 non-Windows systems
      (Dimitar Zhekov, PR#658).

    Interface
    * Use monospace font for the message window by default (Jiř� Techet,
      Issue#435, PR#580).
    * Fix mnemonic conflict in "Use multi-line matching" (Ross Konsolebox,
      Issue#589, PR#647).

    Editor
    * Update Scintilla to version 3.6.1.
    * Fix completion popup height when view is zoomed (Issue#702).
    * Fix Go To End Of Display Line when wrapping is on and EOL are visible
      (Issue#712).
    * Keeping undo history when reloading files is now enabled by default
      (Thomas Martitz, Issue#562, PR#672).
    * "Strip trailing spaces", "Replace tabs" and "Replace spaces" now
      follow the current selection (Pavel Sountsov, PR#394).
    * Respect Smart Home Key setting in Go To Start of Display Line.
    * Check whether the document is newer on disk when the window gets
      focused (Jiř� Techet, PR#533).

    Filetypes
    * Add Cargo build commands for Rust (Wayne Nilsen, PR#557).
    * Add recent Perl keywords (Olivier Duclos, PR#599).
    * Add missing Python 3 keywords and builtins (PR#755).
    * Improvements to the Rust filetype (Pavel Sountsov, PR#613).
    * Add multiline comment to Haskell (Abel Serrano Juste, PR#638).
    * Recognize `.adoc` is as Asciidoc (PR#708, PR#711).
    * Recognize `.mml` and `.mathml` as XML (Devyn Collier Johnson, PR#731).

    Internationalization
    * Updated translations: de, el, es, fr, hu, id, kk, pt, sk, sv, ru
    * Fix internationalization of "Open in New Window" items.

    API
    * New plugin API, `geany_load_module()`, `geany_plugin_register()`,
      `GEANY_PLUGIN_REGISTER()`, `geany_plugin_register_full()`,
      `GEANY_PLUGIN_REGISTER_FULL()` (Thomas Martitz, PR#469).
    * Add support for "proxy" plugins, `geany_plugin_register_proxy()`
      (Thomas Martitz, PR#629).
    * Allow `user_data` parameter and `destroy_notify` callback to
      keybindings with new `keybindings_set_item_full()` and
      `plugin_set_key_group_full()` (Thomas Martitz, PR#376).

    Windows
    * Restore modern design of native file dialogs (Issue#578).

(wiz)

Updated security/libsodium to 1.0.6

(wiz)

Update libsodium to 1.0.6.

Provided by csosstudy in PR 50455.

Version 1.0.6

    Optimized implementations of Blake2 have been added for modern Intel platforms. crypto_generichash() is now faster than MD5 and SHA1 implementations while being far more secure.
    Functions for which the return value should be checked have been tagged with __attribute__ ((warn_unused_result)). This will intentionally break code compiled with -Werror that didn't bother checking critical return values.
    The crypto_sign_edwards25519sha512batch_*() functions have been tagged as deprecated.
    Undocumented symbols that were exported, but were only useful for internal purposes have been removed or made private: sodium_runtime_get_cpu_features(), the implementation-specific crypto_onetimeauth_poly1305_donna() symbols, crypto_onetimeauth_poly1305_set_implementation(), crypto_onetimeauth_poly1305_implementation_name() and crypto_onetimeauth_pick_best_implementation().
    sodium_compare() now works as documented, and compares numbers in little-endian format instead of behaving like memcmp().
    The previous changes should not break actual applications, but to be safe, the library version major was incremented.
    sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have been added.
    The library can now be compiled with the CompCert compiler.

Version 1.0.5

This release only fixes compilation issues on some platforms.

If 1.0.4 compiled and installed fine on your system, upgrading to this version is not required.
There are no functional changes.

    Compilation issues on some platforms were fixed: missing alignment directives were added (required at least on RHEL-6/i386), a workaround for a VRP bug on gcc/armv7 was added, and the library can now be compiled with the SunPro compiler.

    Javascript target: io.js is not supported any more. Use nodejs.

Version 1.0.4

    Support for AES256-GCM has been added. This requires a CPU with the aesni and pclmul extensions, and is accessible via the crypto_aead_aes256gcm_*() functions.
    The Javascript target doesn't use eval() any more, so that the library can be used in Chrome packaged applications.
    QNX and CloudABI are now supported.
    Support for NaCl has finally been added.
    ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has been implemented as crypto_stream_chacha20_ietf(), crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic(). An IETF-compatible version of ChaCha20Poly1305 is available as crypto_aead_chacha20poly1305_ietf_npubbytes(), crypto_aead_chacha20poly1305_ietf_encrypt() and crypto_aead_chacha20poly1305_ietf_decrypt().
    The sodium_increment() helper function has been added, to increment an arbitrary large number (such as a nonce).
    The sodium_compare() helper function has been added, to compare arbitrary large numbers (such as nonces, in order to prevent replay attacks).

Version 1.0.3

    In addition to sodium_bin2hex(), sodium_hex2bin() is now a constant-time function.
    crypto_stream_xsalsa20_ic() has been added.
    crypto_generichash_statebytes(), crypto_auth_*_statebytes() and crypto_hash_*_statebytes() have been added in order to retrieve the size of structures keeping states from foreign languages.
    The JavaScript target doesn't require /dev/urandom or an external randombytes() implementation any more. Other minor Emscripten-related improvements have been made in order to support libsodium.js
    Custom randombytes implementations do not need to provide their own implementation of randombytes_uniform() any more. randombytes_stir() and randombytes_close() can also be NULL pointers if they are not required.
    On Linux, getrandom(2) is being used instead of directly accessing /dev/urandom, if the kernel supports this system call.
    crypto_box_seal() and crypto_box_seal_open() have been added.
    A solutions for Visual Studio 2015 was added.

(wiz)

Pullup tickets #4854, #4855 and #4856.

(bsiegert)

Fix DEPENDS (hi hauke!)

(wiz)

Pullup ticket #4855 - requested by he
archivers/unzip: security fix

Revisions pulled up:
- archivers/unzip/Makefile                                      1.91
- archivers/unzip/distinfo                                      1.29
- archivers/unzip/patches/patch-crypt.c                        1.1
- archivers/unzip/patches/patch-extract.c                      1.3

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Wed Nov 11 12:47:27 UTC 2015

  Modified Files:
  pkgsrc/archivers/unzip: Makefile distinfo
  pkgsrc/archivers/unzip/patches: patch-extract.c
  Added Files:
  pkgsrc/archivers/unzip/patches: patch-crypt.c

  Log Message:
  Add patches to fix CVE-2015-7696, CVE-2015-7697, and an integer underflow.

  From Debian.

  Bump PKGREVISION.

(bsiegert)

Pullup ticket #4854 - requested by sevan
Pullup ticket #4856 - requested by he
graphics/png: security fix

Revisions pulled up:
- graphics/png/Makefile                                        1.179
- graphics/png/distinfo                                        1.124

---
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Thu Nov 12 16:12:19 UTC 2015

  Modified Files:
          pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Update png to 1.6.19:

  Libpng 1.6.19 - November 12, 2015
  Changes since the last public release (1.6.18):
    Updated obsolete information about the simplified API macros in the
      manual pages (Bug report by Arc Riley).
    Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
    Rearranged png.h to put the major sections in the same order as
      in libpng17.
    Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
      PNG_WEIGHT_FACTOR macros.
    Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
      (Bug report by Viktor Szakats).  Several warnings remain and are
      unavoidable, where we test for overflow.
    Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
    Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
    Moved config.h.in~ from the "libpng_autotools_files" list to the
      "libpng_autotools_extra" list in autogen.sh because it was causing a
      false positive for missing files (bug report by Robert C. Seacord).
    Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
      to suppress clang warnings (Bug report by Viktor Szakats).
    Fixed some bad links in the man page.
    Changed "n bit" to "n-bit" in comments.
    Added signed/unsigned 16-bit safety net. This removes the dubious
      0x8000 flag definitions on 16-bit systems. They aren't supported
      yet the defs *probably* work, however it seems much safer to do this
      and be advised if anyone, contrary to advice, is building libpng 1.6
      on a 16-bit system. It also adds back various switch default clauses
      for GCC; GCC errors out if they are not present (with an appropriately
      high level of warnings).
    Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
      Seacord).
    Fixed the recently reported 1's complement security issue by replacing
      the value that is illegal in the PNG spec, in both signed and unsigned
      values, with 0. Illegal unsigned values (anything greater than or equal
      to  0x80000000) can still pass through, but since these are not illegal
      in ANSI-C (unlike 0x80000000 in the signed case) the checking that
      occurs later can catch them (John Bowler).
    Fixed png_save_int_32 when int is not 2's complement (John Bowler).
    Updated libpng16 with all the recent test changes from libpng17,
      including changes to pngvalid.c to ensure that the original,
      distributed, version of contrib/visupng/cexcept.h can be used
      (John Bowler).
    pngvalid contains the correction to the use of SAVE/STORE_
      UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
      tests contain the --strict option to detect warnings and the
      pngvalid-standard test has been corrected so that it does not
      turn on progressive-read. There is a separate test which does
      that. (John Bowler)
    Also made some signed/unsigned fixes.
    Make pngstest error limits version specific. Splitting the machine
      generated error structs out to a file allows the values to be updated
      without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
      slightly different error limits this simplifies maintenance. The
      makepngs.sh script has also been updated to more accurately reflect
      current problems in libpng 1.7 (John Bowler).
    Incorporated new test PNG files into make check.  tests/pngstest-*
      are changed so that the new test files are divided into 8 groups by
      gamma and alpha channel.  These tests have considerably better code
      and pixel-value coverage than contrib/pngsuite; however,coverage is
      still incomplete (John Bowler).
    Removed the '--strict' in 1.6 because of the double-gamma-correction
      warning, updated pngstest-errors.h for the errors detected with the
      new contrib/testspngs PNG test files (John Bowler).
    Worked around rgb-to-gray issues in libpng 1.6.  The previous
      attempts to ignore the errors in the code aren't quite enough to
      deal with the 'channel selection' encoding added to libpng 1.7; abort.
    Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
      macro, therefore the argument list cannot contain preprocessing
      directives.  Make sure pow is a function where this happens. This is
      a minimal safe fix, the issue only arises in non-performance-critical
      code (bug report by Curtis Leach, fix by John Bowler).
    Added sPLT support to pngtest.c
    Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
    Silently truncate over-length PLTE chunk while reading.
    Libpng incorrectly calculated the output rowbytes when the application
      decreased either the number of channels or the bit depth (or both) in
      a user transform.  This was safe; libpng overallocated buffer space
      (potentially by quite a lot; up to 4 times the amount required) but,
      from 1.5.4 on, resulted in a png_error (John Bowler).
    Fixed some inconsequential cut-and-paste typos in
  png_set_cHRM_XYZ_fixed().
    Clarified COPYRIGHT information to state explicitly that versions
      are derived from previous versions.
    Removed much of the long list of previous versions from png.h and
      libpng.3.

(bsiegert)

Updated textproc/grep to 2.22

(ryoon)

Update to 2.22

Changelog:
* Noteworthy changes in release 2.22 (2015-11-01) [stable]

** Improvements

  Performance has improved for patterns containing very long strings,
  reducing preprocessing time for an N-byte regexp from O(N^2) to
  only slightly superlinear for most patterns.  Before, a command like
  the following would take over a minute, but now, it takes less than
  a second:
  : | grep -f <(seq -s '' 99999)

  When building grep, 'configure' now uses PCRE's pkg-config module for
  configuration information, rather than attempting to guess it by hand.

** Bug fixes

  A DFA matcher bug made this command mistakenly print its input line:
    echo axb | grep -E '^x|x$'
  Likewise for this equivalent command:
    echo axb | grep -e '^x' -e 'x$'
  [bug introduced in grep-2.19 ]

  grep no longer reads from uninitialized memory or from beyond the end
  of the heap-allocated input buffer.  This fix addressed CVE-2015-1345.
  [bug introduced in grep-2.19 ]

  With -z, '.' and '[^x]' in a pattern now consistently match newline.
  Previously, they sometimes matched newline, and sometimes did not.
  [bug introduced in grep-2.4]

  When the JIT stack is exhausted, grep -P now grows the stack rather
  than reporting an internal PCRE error.

  'grep -D skip PATTERN FILE' no longer hangs if FILE is a fifo.
  [bug introduced in grep-2.12]

  --exclude and related options are now matched against entire
  command-line arguments, not against command-line components.
  [bug introduced in grep-2.6]

  Fix performance degradation of grep -Fw in unibyte locales.
  [bug introduced in grep-2.19 ]

(ryoon)

Updated security/putty to 0.66

(ryoon)

Update to 0.66

Changelog:
2015-11-07 PuTTY 0.66 released, fixing a SECURITY HOLE

PuTTY 0.66, released today, fixes a security hole in 0.65 and before:
vuln-ech-overflow. It also contains a few other small bug fixes and minor
features.

(ryoon)

Updated devel/nss to 3.21

(ryoon)

Update to 3.21

* Disable gtest option

Changelog:
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.

New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)

New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
  string, module parameters string, NSS specific parameters string, and NSS
  configuration parameter string. The module represented by the module
  structure is not loaded. The difference with SECMOD_CreateModule is the new
  function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
  to the handshake being completed, for use with the callbacks that are invoked
  during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
  for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
  algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
  can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
  library string, module name string, module parameters string, NSS specific
  parameters string, and NSS configuration parameter strings. The returned
  strings must be freed by the caller. The difference with
  NSS_ArgParseModuleSpec is the new function handles NSS configuration
  parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
  module parameters string, NSS specific parameters string, and NSS
  configuration parameter string and returns a module string which the caller
  must free when it is done. The difference with NSS_MkModuleSpec is the new
  function handles NSS configuration parameter strings.

New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
  prior to handshake completion

New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
  ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
  PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
  exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
  DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
  signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
  unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
  master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
  extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
  master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
  TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
  that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
  preliminary information has been set

Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 1
- Friendly Name: Digital Signature Trust Co. Global CA 3
- CN = UTN - DATACorp SGC
- O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2\
005
* The following CA certificate had the Websites trust bit turned off
- OU = Equifax Secure Certificate Authority
* The following CA certificates were Added
- CN = Certification Authority of WoSign G2
- CN = CA WoSign ECC Root
- CN = OISTE WISeKey Global Root GB CA

(ryoon)

Restore i386 distfile. Fix PR pkg/50450

(ryoon)

Updated multimedia/gst-plugins1-libav to 1.6.1

(ryoon)

Update to 1.6.1

Changelog:
This is GStreamer 1.6.1

The GStreamer team is proud to announce the first bugfix release in the stable
1.6 release series of your favourite cross-platform multimedia framework!

This release only contains bugfixes and it is safe to update from 1.6.0. For a
full list of bugfixes see Bugzilla:
  https://bugzilla.gnome.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&limit=0&list_id=73005&order=bug_id&product=GStreamer&resolution=FIXED&target_milestone=1.6.1

See http://gstreamer.freedesktop.org/releases/1.6/ for the latest version of this document.

Major bugfixes

- Crashes in the gst-libav encoders were fixed
- More DASH-IF test streams are working now
- Live DASH, HLS and MS SmoothStreaming streams work more reliable and other
  fixes for the adaptive streaming protocols
- Reverse playback works with scaletempo to keep the audio pitch
- Correct stream-time is reported for negative applied_rate
- SRTP packet validation during decoding does not reject valid packets anymore
- Fixes for audioaggregator and aggregator to start producing output at the
  right time, and e.g. not outputting lots of silence in the beginning
- gst-libav's internal ffmpeg snapshot was updated to 2.8.1
- cerbero has support for Mac OS X 10.11 (El Capitan)
- Various memory leaks were fixed, including major leaks in playbin, playsink
  and decodebin
- Various GObject-Introspection annotation fixes for bindings
- and many, many more: https://bugzilla.gnome.org/buglist.cgi?bug_status=RESOLVED&bug_status=VERIFIED&limit=0&list_id=73005&order=bug_id&product=GStreamer&resolution=FIXED&target_milestone=1.6.1

(ryoon)

Fix build with libvpx-1.5.0 with upstream patch

(ryoon)

Add patch from the GIT repository to fix the build with version 1.5.0
or newer of libvpx.

(tron)

Updated devel/scons to 2.4.1

(adam)

Changes 2.4.1:
- Fix for Bug 2791 - Setup.py fails unnecessarily under Jython.
- Fixed license of SVG titlepage files in the context of Debian
  packaging, such that they allow for commercial use too (2985).
- InstallVersionedLib now available in the DefaultEnvironment context.
- Improves orthogonality of use cases between different Install functions.
- Added new configure check, CheckProg, to check for
  existence of a program.
- Fix for issue 2840 - Fix for two environments specifying same target with different
  actions not throwing hard error. Instead SCons was incorrectly issuing a warning
  and continuing.
- Add support `Microsoft Visual C++ Compiler for Python 2.7'
  Compiler can be obtained at: https://www.microsoft.com/en-us/download/details.aspx?id=44266
- Fixed tigris issue 3011: Glob() excludes didn't work when used with VariantDir(duplicate=0)
- Fix bug 2831 and allow Help() text to be appended to AddOption() help.
- Reimplemented versioning for shared libraries, with the following effects
- Fixed tigris issues 3001, 3006.
- Fixed several other issues not reported to tigris, including:
  issues with versioned libraries in subdirectories with tricky names,
  issues with versioned libraries and variant directories,
  issue with soname not being injected to library when using D linkers,
- Switched to direct symlinks instead of daisy-chained ones -- soname and
  development symlinks point directly to the versioned shared library now),
- New construction variables to allow override default behavior: SONAME,
  SHLIBVERSIONFLAGS, _SHLIBVERSIONFLAGS, SHLIBNOVERSIONSYMLINKS,
  LDMODULEVERSION, LDMODULEVERSIONFLAGS, _LDMODULEVERSIONFLAGS,
  LDMODULENOVERSIONSYMLINKS.
- Changed logic used to configure the versioning machinery from
  platform-centric to linker-oriented.
- The SHLIBVERSION/LDMODULEVERSION variables are no longer validated by
  SCons (more freedom to users).
- InstallVersionedLib() doesn't use SHLIBVERSION anymore.
- Enchanced docs for the library versioning stuff.
- New tests for versioned libraries.
- Library versioning is currently implemented for the following linker
  tools: 'cyglink', 'gnulink', 'sunlink'.
- Fix to swig tool - pick-up 'swig', 'swig3.0' and 'swig2.0' (in order).
- Fix to swig tool - respect env['SWIG'] provided by user.

(adam)

Updated math/liblinear to 2.1; net/nmap to 7.00

(adam)

Changes 7.00:
* Major Nmap Scripting Engine (NSE) Expansion
* Mature IPv6 support
* Infrastructure Upgrades
* Faster Scans
* SSL/TLS scanning solution of choice
* Ncat Enhanced
* Extreme Portability

(adam)

Avoid ambigious class references.

(joerg)

Changes 2.1:
Unknown

(adam)

Fix PLIST on systems other than NetBSD 7.0.

(joerg)

Directory and file name of spamreport don't agree, so introduce a new
variable and use that to get the correct installation.

(joerg)

Mark a few more variables as volatile to prevent clobbering by setjmp.
Found due to crashes with very recent clang. Bump revision.

(joerg)

Unbreak build due to differences in the SCTP implementation.

(joerg)

Regenerate patch to fix context.

(joerg)

Don't link against libcompat, since ftime hasn't been used for a while.
Fixes build of dynamic library. Bump revision.

(joerg)

We need HTML/Entities.pm, provided by www/p5-HTML-Parser, for menu
text. The build log even says so,

(hauke)

The dba/update-davical-database script needs two more perl modules.

(hauke)

Make sure scripts use Bash, fixes the plugins script.
Clean up and work around the silly coreutils (readlink) dependency.
Bump PKGREVISION.

(fhajny)

Updated devel/ruby-parslet to 1.6.0

(jperkin)

Update devel/ruby-parslet to 1.6.0.

pkgsrc changes:

  - Add OVERRIDE_GEMSPEC for blankslate, it requires ~> 2.0 whereas we provide
    blankslate 3.1.3.  Testing with ruby-jekyll (the primary driver for this
    update) suggests it works ok.

upstream changes:

  + EXPERIMENTAL: Parslet accelerators permit replacing parts of your parser
    with optimized atoms using pattern matching. Look at
    examples/optimized_erb.rb or the introduction to the feature in
    qed/accelerators.md.

  + infix_expression permits to declare an infix expression parser (think
    calculator) directly. This will solve many of the problems we have
    more elegantly.

  + Rspec 3 syntax, though hideous, should now work.

  - Drops 1.8.7 compatibility.

  ! A performance anomaly when parsing multibyte characters has been detected
    and fixed with the help of Zach Moazeni (@zmoazeni).

  ! A few small bug fixes and optimisations have been introduced. API should
    remain unchanged.

(jperkin)

Updated net/mDNSResponder to 258.14nb2

(jperkin)

Fix the HAVE_BROKEN_RECVDSTADDR patch which was masking a call to memset().

Noted by Edgar Fuß in private mail.  Bump PKGREVISION.

(jperkin)

PR pkg/47404
wrapper should convert '--rpath' to '-rpath', fixing pysvn as well as
many other packages inadvertently using double-dash form of rpath.

(richard)

Make it work without Internet access.

Transform DocBook XSLT URLs to point to local copies coming from textproc/docbook-xsl.
This package should use XML Catalog, but doesn't for some unclear reason.

(asau)

Pullup ticket #4853.

(bsiegert)

Pullup ticket #4853 - requested by he
devel/nss: security fix

Revisions pulled up:
- devel/nss/Makefile                                            1.103
- devel/nss/distinfo                                            1.52

---
  Module Name: pkgsrc
  Committed By: ryoon
  Date: Tue Nov  3 16:55:07 UTC 2015

  Modified Files:
  pkgsrc/devel/nss: Makefile distinfo

  Log Message:
  Update to 3.20.1

  Changelog:
  The following security-relevant bugs have been resolved in NSS 3.20.1.
  Users are encouraged to upgrade immediately.

  * Bug 1192028 (CVE-2015-7181) and
    Bug 1202868 (CVE-2015-7182):
    Several issues existed within the ASN.1 decoder used by NSS for handling
    streaming BER data. While the majority of NSS uses a separate, unaffected
    DER decoder, several public routines also accept BER data, and thus are
    affected. An attacker that successfully exploited these issues can overflow
    the heap and may be able to obtain remote code execution.

(bsiegert)

"docbook-xsl" is an indirect dependency, xmlto depends on it.

(asau)

+ auctex-11.89, wget-1.17.

(wiz)

Set PY_PATCHLIST so PLIST is substituted properly.

This is necessary when one only includes extension.mk and not
distutils.mk or egg.mk.

(wiz)

Allow building on OS X without X11

(adam)

Renamed graphics/py-pygraphviz to graphics/py-graphviz [wiz 2015-11-19]

(wiz)

Replace python bl3.mk inclusions with plain depends.

(wiz)

Finish move from py-pygraphviz to py-graphviz.

(wiz)

Re-import py-graphviz-1.3.1 as graphics/py-graphviz.

Was previously in py-pygraphviz.

Fixes PKGNAME to match pkgsrc conventions.
While here, fix build by adding pkg-config tool and minor cleanup.

PyGraphviz is a Python interface to the Graphviz graph layout
and visualization package. With PyGraphviz you can create,
edit, read, write, and draw graphs using Python to access the
Graphviz graph data structure and layout algorithms. PyGraphviz
is independent from NetworkX but provides a similar programming
interface.

(wiz)

fix HOMEPAGE

(jmcneill)

Fix audio device detection for NetBSD.

(jmcneill)

Updated www/moodle to 3.0

(wen)

Update to 3.0

Upstream changes:
Major features
Highlights

    MDL-29801 - Allow users to delete personal messages
    MDL-27177 - Allow students to see each other's contact details in full profile without global permission if they are able to see each other's course profile
    MDL-46455 - Backup/restore functionality with new logging system
    MDL-46878 - Reset Dashboard for all users after changing the default Dashboard

Quiz

    MDL-47494 - New question types from the UK Open University - Select missing words, Drag and drop into text, Drag and drop onto image and Drag and drop markers
    MDL-38214 - New Cloze subquestion types with shuffling of answers - MCS, MCVS, MCHS
    MDL-50217 - Question types sorted with common ones at the top
    MDL-29771 - Interactive behaviour should show number of tries left in the Try again state

Forum

    MDL-49682 - Make forum email template editable
    MDL-46321 - Uninformative error when moving forum without first selecting destination
    MDL-50993 - Timed discussions are now displayed to students in a logical order
    MDL-50430 - Number of subscribers specified in forum subscriber list

Assignment

    MDL-49176 - Assignment marking guide 'flattens' instructions for markers and students
    MDL-49515 - Upgrade FPDI library in assignfeedback_editpdf to 1.5.4 to fix problems with PDF annotator on some files
    MDL-50283 - Improve Rubric interface to include the ability to duplicate rows

Other activity modules

    MDL-49028 - Wiki: Option to delete pages during course reset
    MDL-40836 - File resource: New file resource setting option to display upload/modified date
    MDL-26501 - Glossary: Do not allow to browse by author if author is never displayed
    MDL-50673 - Workshop: display all participants on "Submission phase" page in a table
    MDL-50664 - Database activity: add setting to disallow managing of own entries after approval
    MDL-50658 - LTI: Add support for LTI Memberships service
    MDL-49581 - Lesson: Remove high scores list feature
    MDL-49882 - Lesson: Essay questions are not imported into the lesson Module
    MDL-50720 - Database activity: Highlight database entries that are not yet approved.

User interface and usability improvements

    MDL-51051 - Rename 'Categories and items' to 'Gradebook setup' and add link
    MDL-51250 - Show default section name when editing section details with default checkbox being checked
    MDL-49984 - Add visual blocks outlines to My profile page to help separate information
    MDL-48947 - Collect all course section editing buttons under one "Edit" dropdown
    MDL-51087 - Use client-side validation in the signup form
    MDL-50113 - Improve display of long user and course names in Messaging
    MDL-50919 - Simplify the Manage tags page, allow to quickly change name, flag and official status of the tags
    MDL-51013 - Navbar button should appear for smaller screens only when the custom menu or language menu is not empty
    MDL-51260 - Use the new autocomplete form field for tags
    MDL-51296 - Add title to page when adding blog post
    MDL-38763 - Permission override UI should use JS confirmation
    MDL-29763 - Add description to Portfolio settings page

Atto editor

    MDL-45515 - New table editing features in Atto editor
    MDL-49732 - Keyboard interaction for hyperlink in Atto (Ctrl+K)
    MDL-50936 - More Atto editor Maths equation buttons (sum, sqrt, int, etc.)
    MDL-50142 - Text editor preferences help pop-up

Enrolments

    MDL-30674 - Set guest access key from enrolment methods page
    MDL-30157 - Allow users to start manual enrolments right now
    MDL-49746 - Allow to sort enrolled users page by last course access
    MDL-48074 - Group filter in enrolments list should have option "not in any group"

Administration

    MDL-49329 - Multiple improvements in the plugins installation/update system including ability to install several plugins at the same time
    MDL-49280 - New configuration setting to allow duplicate email addresses
    MDL-51330 - Show scheduled tasks component in the cron log
    MDL-51261 - Upgrade key - mechanism to protect anonymous web access to upgrade screens
    MDL-50602 - New settings in Automated backup setup for deleting older backups and keeping a minimum number of backups
    MDL-48438 - Add real name to email about login failures
    MDL-30960 - New option in email settings to specify SSL or TLS (SMTPSecure property of PHPMailer)
    MDL-46623, MDL-51824 - CAS and LDAP: Replace CLI script to synchronise users with a scheduled tasks
    MDL-39319 - Allow administrator to uninstall several languages in one single action
    MDL-50155 - Move and rename "Common activities settings" link to be under "Manage activities" for consistency
    MDL-50631 - Display Moodle ASCII logo in CLI installer
    MDL-46167 - New option for CLI installation: skip database
    MDL-50572 - Disable YouTube repository by default since it requires setting up
    MDL-51739 - Lock theme selector UI when $CFG->theme is hardcoded in config.php
    MDL-51478 - Enable Mobile services by default for sites with https
    MDL-19748 - Do not allow to edit tags in the default authenticated user role
    MDL-46398 - Make HTML5 video the default player for capable videos

Other improvements

    MDL-51132 - Introduce course tagging as a replacement for user-course-tagging in the "Tags" block. See upgrade documentation
    MDL-41042 - Course contacts shown in course listings no longer lag by an hour
    MDL-44273 - Back-off strategy for RSS feeds
    MDL-45981 - CAS Auth Config needs way to specify that curl should use SSLv3.
    MDL-49891 - Add description meta to frontpage
    MDL-25451 - Go straight to "Permissions" from block context menu instead of "Assign roles" if they are not available
    MDL-50647 - Add 'not in group' section to group overview page
    MDL-50956 - Allow main menu block to be displayed "throughout the entire site"
    MDL-28954 - Allow images and embedded files in the cohort descriptions
    MDL-50371 - Use $CFG->gradepointdefault for new manual gradeitems and grade categories

Security issues

There are no new security issues since the Moodle 2.9.3 release on 9 November 2015.
For developers

    MDL-46455 - Events must define fields mappings in order to be correctly restored (documentation)
    MDL-50125 - Allow all plugins to inject links in the preferences page (documentation)
    MDL-51247 - Revive / refresh / rebuild the autocomplete mform element.
    MDL-50839 - Allow themes to set User menu avatar size (documentation)
    MDL-48494 - Make $plugin->component required for all plugins
    MDL-43896 - Drop support for $module in version.php files for Moodle 3.0
    MDL-50645 - Cache the list of available callbacks per plugin
    MDL-33564 - rss_error() should return a proper HTTP response code
    MDL-37864 - New method to add help icons to the sortable table headers (documentation)
    MDL-51737 - Add ability to detect MS Edge in our browser sniffing code
    MDL-51213 - external_format_text should be safe to call from web or webservice (documentation)
    MDL-51413 - Add an additional return field in get_forums_by_courses in order to specify if the current user can create discussions
    MDL-51217 - Using recaptcha is not possible outside auth_email plugin.
    MDL-51107 - Add a callback to inject nodes in the category settings navigation (documentation)
    MDL-50891 - is_web_crawler should be moved to useragent class
    MDL-50453 - Replace reserved word usage from \core\progress\null (PHP7)
    MDL-50009 - Prevent scheduled tasks from leaving unfinished db transactions
    MDL-49821 - Some Web Services miss checks for guest and deleted users
    MDL-50926 - Upgrade to phpunit 4.x
    MDL-50491 - New format_text option to exclude particular filters
    MDL-50783 - Allow some ajax external functions to be called without a session
    MDL-50150 - Add "Blocks" feature to JS and PHP mustache engines (documentation)

(wen)

Updated www/p5-Mojolicious to 6.32

(wen)

Update to 6.32

Upstream changes:
6.32  2015-11-18
  - Deprecated Mojolicious::Routes::Pattern::format_regex.
  - Added support for new HTTP status code.
  - Improved router performance.
  - Improved Mojo::DOM::CSS performance slightly. (jamadam)
  - Fixed a few case-sensitivity and An+B notation bugs in Mojo::DOM::CSS.
    (jamadam)

6.31  2015-11-13
  - Improved documentation browser CSS.
  - Fixed handling of invalid URLs in Mojo::UserAgent::CookieJar.
  - Fixed a few small selector bugs in Mojo::DOM::CSS.
  - Fixed a few small formatting bugs in Mojolicious::Plugin::PODRenderer.

6.30  2015-11-11
  - Fixed bug in Mojolicious::Renderer where layouts could not be used with
    template inheritance. (nic, sri)

(wen)

Fix build with python34.

Spotted by: joerg@(Thanks !)

(wen)

Fix build on el capitan

(wiedi)

Improve CPU / memory / system information on NetBSD.

(jmcneill)

Ensure building 32-bit on 64-bit is supported when using cwrappers too.

(jperkin)

Build graphics/py-pygraphviz as a Python egg

This also fixes the PLIST; thanks wiz@ for the hint!

(khorben)

Updated devel/hs-haskell-src-exts to 1.17.0

(szptvlfn)

Update to 1.17.0

CHANGELOG:
1.16.0.1 --> 1.17.0
===================

AST changes:

* Replaced VarA with AppA in Asst (#168).
* Promoted list/tuple members changed from Promoted to Type (#162).
* Update PatBind, Match, and Alt from containing Binds to Maybe Binds to
  distinguish between empty where clauses and where clauses with no
  binds (#244).
* Add RoleAnnotDecl and Role to support Role annotations (#215).
* Move NameSpace field from EVar/IVar to EAbs/IAbs.

Other changes:

* Add standalone parsers for ImportDecl.
* Fix pretty-printer bugs for HaRP (#160).
* Insert parentheses when pretty-printing non-atomic bang types (#169).
* Un-reverse confusion of left and right arrow (#175).
* Prettyprint option pragmas like 1.15 (#172).
* Conditionally insert lines when pretty-printing declarations (#171).
* Distinguish deriving (Show) from deriving Show (#189).
* Allow parsing of unicode subscript and superscript functions (#173).
* Pretty print unboxed tuples with spaces (#193).
* Improve performance when parsing long extension lists (#200).
* Properly pretty print constructor and class operators (#204).
* Read Haskell source files as UTF-8 (#223).
* Fix ExplicitNamespaces parsing (#216).
* PolyKinds implies KindSignatures (#220).
* Preserve location information for infix binds (#205).
* Preserve positional information in checkPattern (#231).
* Maintain correct line numbers when parsing multiline GHC_OPTIONS (#218).
* Correctly parse "*" with TypeOperators (#81).
* Export the "pretty" method (#222).
* Add javascript calling convention for foreign imports (#236).
* Add non-greedy parsers for module heads (#191).
* Add a flag to disable arity checking when parsing (#260).
* Parse "-" in type signatures (#206).
* Add support for type wildcards and expression holes (#252).
* Add support for Pattern Synonyms (#197).
* Bump the happy lower bound (#250).
* Make test suite pass on GHC 7.12 (#224).
* Support linking Haddock comments to AST nodes (#213).
* Parse multiline LANGUAGE pragmas (#217).
* Parse trailing where (#25).
* Parse modules starting with pragmas and indented
  "module" keyword (#122).
* Use pretty-show to get human readable test outputs.
* Respect fixity declarations inside where/let/class in
  `applyFixities` (#212).
* Correctly parse the combination of view patterns and bang patterns. (#276)

(szptvlfn)

Restore SHA512 checksum

(wiz)

Pass pkglint.

(christos)

Register dependency on devel/py-setuptools

The PLIST appears to be wrong though.

(khorben)

Restore the bits of CHANGES-2015 I accidentally deleted.

(markd)

Re-generate the PLIST

It looks more correct to me, but I know next to nothing about Python and
even less about Python in pkgsrc, so I cannot tell.

Heads up from joerg@, not in a very useful way but thanks anyway.

(khorben)

Updated devel/py-tortoisehg to 3.6nb1

(nros)

Fix py-tortoisehg.
tortoisehg had a change that made it overwrite config.py on install.
due to this change behavior: patch setup-py instead of providing a config.py.
Bump PKGREVISION.

(nros)

Note update of lang/ruby-execjs package to 2.6.0nb1.

(taca)

Since ruby-execjs require JavaScript engine at runtime, add dependency to
nodejs.

Bump PKGREVISION.

(taca)

Note update of textproc/ruby-toml package to 0.1.2nb1.

(taca)

Allow ruby-toml to depend on ruby-parslet 1.6 and later.

Bump PKGREVISION.

(taca)

Note update of textproc/ruby-nokogiri package to 1.6.6.3.

(taca)

Update ruby-nokogiri to 1.6.6.3.

pkgsrc change: Add pkg_alternatives support.

=== 1.6.6.3 / 2015-11-16

This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

* CVE-2015-1819
* CVE-2015-7941_1
* CVE-2015-7941_2
* CVE-2015-7942
* CVE-2015-7942-2
* CVE-2015-8035
* CVE-2015-7995

See #1374 for details.

(taca)

Recursive revbump from multimedia/libvpx

(ryoon)

Remove duplicate PKGREVISION

(ryoon)