Add support for compiling with stack-smashing protection

This is enabled with PKGSRC_USE_SSP in mk.conf(5), as documented there.
Most NetBSD platforms are supported (when compiling with gcc).

After consensus on tech-pkg@.

(khorben)

Fix a couple new-to-5.0.8 issues with command completion.
- non-GNU du wouldn't complete filenames (taken from upstream)
- sort completion threw a syntax error on NetBSD (reported upstream)

Bump PKGREVISION to 1.

(snj)

+ cmake-3.3.0, dbus-1.8.20, gama-1.16, libvisio-0.1.3, meld-3.14.0,
  mosh-1.2.5, png-1.6.18, py-mock-1.3.0, py-setproctitle-1.1.9,
  talloc-2.1.3, tidy-4.9.30, x264-devel-20150725.

(wiz)

Update HOMEPAGE.

(wiz)

Pullup tickest #4775, #4781 and #4782.

(tron)

Pullup ticket #4782 - requested by bsiegert
net/socat: security update

Revisions pulled up:
- net/socat/Makefile                                            1.35
- net/socat/distinfo                                            1.21
- net/socat/patches/patch-configure                            deleted
- net/socat/patches/patch-mytypes.h                            1.3

---
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sat Jul 25 14:43:23 UTC 2015

  Modified Files:
          pkgsrc/net/socat: Makefile distinfo
          pkgsrc/net/socat/patches: patch-mytypes.h
  Removed Files:
          pkgsrc/net/socat/patches: patch-configure

  Log Message:
  Update socat to 1.7.3.0. From Ben Gergely in PR pkg/49996.

  ####################### V 1.7.3.0:

  security:
          (CVE Id pending)
          Fixed problems with signal handling caused by use of not async signal
          safe functions in signal handlers that could freeze socat, allowing
          denial of service attacks.
          Many changes in signal handling and the diagnostic messages system were
          applied to make the code async signal safe but still provide detailled
          logging from signal handlers:
          Coded function vsnprintf_r() as async signal safe incomplete substitute
          of libc vsnprintf()
          Coded function snprinterr() to replace %m in strings with a system error
          message
          Instead of gettimeofday() use clock_gettime() when available
          Pass Diagnostic messages from signal handler per unix socket to the main
          program flow
          Use sigaction() instead of signal() for better control
          Turn off nested signal handler invocations
          Thanks to Peter Lobsinger for reporting and explaining this issue.

          Red Hat issue 1019975: add TLS host name checks
          OpenSSL client checks if the server certificates names in
          extensions/subjectAltName/DNS or in subject/commonName match the name
          used to connect or the value of the openssl-commonname option.
          Test: OPENSSL_CN_CLIENT_SECURITY

          OpenSSL server checks if the client certificates names in
          extensions/subjectAltNames/DNS or subject/commonName match the value of
          the openssl-commonname option when it is used.
          Test: OPENSSL_CN_SERVER_SECURITY

          Red Hat issue 1019964: socat now uses the system certificate store with
          OPENSSL when neither options cafile nor capath are used

          Red Hat issue 1019972: needs to specify OpenSSL cipher suites
          Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
          prevent downgrade attacks

  new features:
          OpenSSL addresses set couple of environment variables from values in
          peer certificate, e.g.:
          SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
          SOCAT_OPENSSL_X509_COMMONNAME,
          SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
          Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*

          Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
          Tests: OPENSSL_METHOD_*

          Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
          by Andrey Arapov.

          Added a new option termios-rawer for ptys.
          Thanks to Christian Vogelgsang for pointing me to this requirement

  corrections:
          Bind with ABSTRACT commands used non-abstract namespace (Linux).
          Test: ABSTRACT_BIND
          Thanks to Denis Shatov for reporting this bug.

          Fixed return value of nestlex()

          Option ignoreeof on the right address hung.
          Test: IGNOREEOF_REV
          Thanks to Franz Fasching for reporting this bug.

          Address SYSTEM, when terminating, shut down its parent addresses,
          e.g. an SSL connection which the parent assumed to still be active.
          Test: SYSTEM_SHUTDOWN

          Passive (listening or receiving) addresses with empty port field bound
          to a random port instead of terminating with error.
          Test: TCP4_NOPORT

          configure with some combination of disable options produced config
          files that failed to compile due to missing IPPROTO_TCP.
          Thanks to Thierry Fournier for report and patch.

          fixed a few minor bugs with OpenSSL in configure and with messages

          Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
          is required. Thanks to Zhigang Wang for reporting and sending a patch.

          Christophe Leroy provided a patch that fixes memory leaks reported by
          valgrind

          Help for filan -L was bad, is now corrected to:
          "follow symbolic links instead of showing their properties"

          Address options fdin and fdout were silently ignored when not applicable
          due to -u or -U option. Now these combinations are caught as errors.
          Test: FDOUT_ERROR
          Issue reported by Hendrik.

          Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
          over option raw which is now obsolote. On SysV systems this call is
          simulated by appropriate setting.
          Thanks to Youfu Zhang for reporting issue with option raw.

  porting:
          Socat included <sys/poll.h> instead of POSIX <poll.h>
          Thanks to John Spencer for reporting this issue.

          Version 1.7.2.4 changed the check for gcc in configure.ac; this
          broke cross compiling. The particular check gets reverted.
          Thanks to Ross Burton and Danomi Manchego for reporting this issue.

          Debian Bug#764251: Set the build timestamp to a deterministic time:
          support external BUILD_DATE env var to allow to build reproducable
          binaries

          Joachim Fenkes provided an new adapted spec file.

          Type bool and macros Min and Max are defined by socat which led to
          compile errors when they were already provided by build framework.
          Thanks to Liyu Liu for providing a patch.

          David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
          support and appropriate files in Config/

          Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
          on Illumos

          Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
          _POSIX_PTHREAD_SEMANTICS; and minor changes

          Red Hat issue 1182005: socat 1.7.2.4 build failure missing
          linux/errqueue.h
          Socat failed to compile on on PPC due to new requirements for
          including <linux/errqueue.h> and a weakness in the conditional code.
          Thanks to Michel Normand for reporting this issue.

  doc:
          In the man page the PTY example was badly formatted. Thanks to
          J.F.Sebastian for sending a patch.

          Added missing CVE ids to security issues in CHANGES

  testing:
          Do not distribute testcert.conf with socat source but generate it
          (and new testcert6.conf) during test.sh run.

  ####################### V 1.7.2.4:

  corrections:
          LISTEN based addresses applied some address options, e.g. so-keepalive,
          to the listening file descriptor instead of the connected file
          descriptor
          Thanks to Ulises Alonso for reporting this bug

          make failed after configure with non gcc compiler due to missing
          include. Thanks to Horacio Mijail for reporting this problem

          configure checked for --disable-rawsocket but printed
          --disable-genericsocket in the help text. Thanks to Ben Gardiner for
          reporting and patching this bug

          In xioshutdown() a wrong branch was chosen after RECVFROM type
  addresses.
          Probably no impact.
          Thanks to David Binderman for reproting this issue.

          procan could not cleanly format ulimit values longer than 16 decimal
          digits. Thanks to Frank Dana for providing a patch that increases field
          width to 24 digits.

          OPENSSL-CONNECT with bind option failed on some systems,
  eg.FreeBSD, with
          "Invalid argument"
          Thanks to Emile den Tex for reporting this bug.

          Changed some variable definitions to make gcc -O2 aliasing checker happy
          Thanks to Ilya Gordeev for reporting these warnings

          On big endian platforms with type long >32bit the range option applied a
          bad base address. Thanks to hejia hejia for reporting and
  fixing this bug.

          Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

          Red Hat issue 1022063: out-of-range shifts on net mask bits

          Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

          Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
          uses

          Red Hat issue 1021958: fixed a bug with faulty buffer/data length
          calculation in xio-ascii.c:_xiodump()

          Red Hat issue 1021972: fixed a missing NUL termination in return string
          of sysutils.c:sockaddr_info() for the AF_UNIX case

          fixed some typos and minor issues, including:
          Red Hat issue 1021967: formatting error in manual page

          UNIX-LISTEN with fork option did not remove the socket file system entry
          when exiting. Other file system based passive address types had similar
          issues or failed to apply options umask, user e.a.
          Thanks to Lorenzo Monti for pointing me to this issue

  porting:
          Red Hat issue 1020203: configure checks fail with some compilers.
          Use case: clang

          Performed changes for Fedora release 19

          Adapted, improved test.sh script

          Red Hat issue 1021429: getgroupent fails with large number of groups;
          use getgrouplist() when available instead of sequence of calls to
          getgrent()

          Red Hat issue 1021948: snprintf API change;
          Implemented xio_snprintf() function as wrapper that tries to emulate C99
          behaviour on old glibc systems, and adapted all affected calls
          appropriately

          Mike Frysinger provided a patch that supports long long for time_t,
          socklen_t and a few other libc types.

          Artem Mygaiev extended Cedril Priscals Android build script
  with pty code

          The check for fips.h required stddef.h
          Thanks to Matt Hilt for reporting this issue and sending a patch

          Check for linux/errqueue.h failed on some systems due to lack of
          linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.

          autoconf now prefers configure.ac over configure.in
          Thanks to Michael Vastola for sending a patch.

          type of struct cmsghdr.cmsg is system dependend, determine it with
          configure; some more print format corrections

  docu:
          libwrap always logs to syslog

          added actual text version of GPLv2

(tron)

Pullup ticket #4781 - requested by bsiegert
net/gcloud-golang-metadata: build fix

Revisions pulled up:
- net/gcloud-golang-metadata/Makefile                          1.2

---
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sat Jul 25 14:23:58 UTC 2015

  Modified Files:
          pkgsrc/net/gcloud-golang-metadata: Makefile

  Log Message:
  Fix build on NetBSD, PR pkg/49909.

  It turns out that [^a]* matches all files not beginning with a on Darwin
  and all files beginning with a on NetBSD. Work around this by crafting
  a for loop with a case expression.

(tron)

Pullup ticket #4775 - requested by sevan
graphics/libwmf: security patch

Revisions pulled up:
- graphics/libwmf/Makefile                                      1.77
- graphics/libwmf/distinfo                                      1.20
- graphics/libwmf/patches/patch-aa                              1.8
- graphics/libwmf/patches/patch-src_extra_gd_gd.c              1.1
- graphics/libwmf/patches/patch-src_extra_gd_gd_gd.c            1.1
- graphics/libwmf/patches/patch-src_extra_gd_gd_png.c          1.1
- graphics/libwmf/patches/patch-src_extra_gd_gdft.c            1.1
- graphics/libwmf/patches/patch-src_extra_gd_gdhelpers.c        1.1
- graphics/libwmf/patches/patch-src_extra_gd_gdhelpers.h        1.1
- graphics/libwmf/patches/patch-src_ipa_ipa.h                  1.1
- graphics/libwmf/patches/patch-src_player_meta.h              1.1

---
  Module Name:    pkgsrc
  Committed By:  sevan
  Date:          Fri Jul 17 12:33:47 UTC 2015

  Modified Files:
          pkgsrc/graphics/libwmf: Makefile distinfo
          pkgsrc/graphics/libwmf/patches: patch-aa
  Added Files:
          pkgsrc/graphics/libwmf/patches: patch-src_extra_gd_gd.c
              patch-src_extra_gd_gd_gd.c patch-src_extra_gd_gd_png.c
              patch-src_extra_gd_gdft.c patch-src_extra_gd_gdhelpers.c
              patch-src_extra_gd_gdhelpers.h patch-src_ipa_ipa.h
              patch-src_player_meta.h

  Log Message:
  Patch the following CVEs
  CVE-2004-0941
  CVE-2007-0455
  CVE-2007-2756
  CVE-2007-3472
  CVE-2007-3473
  CVE-2007-3477
  CVE-2009-3546
  CVE-2015-0848
  CVE-2015-4588
  CVE-2015-4695
  CVE-2015-4696

  Obtained from:
  CentOS libwmf RPM git
  Debian Bug 784205
  Debian Bug 784192
  Red Hat Bug 1227243
  via Jason Unovitch in FreeBSD bug 201513

  Reviewed by bsiegert@

(tron)

Updated devel/p5-Moo to 2.000002

(wiz)

Update to 2.000002:

2.000002 - 2015-07-24
  - BUILDARGS will now always be called on object creation, even if no
    attributes exist
  - fix required attributes with spaces or other odd characters in init_arg
  - fix (is => 'lazy', required => 1, init_arg => undef), which previously
    didn't think it provided a builder
  - under 'no Moo::sification', prevent automatic Moose metaclass inflation
    from ->meta calls
  - don't load Moo::Role for a ->does check if no roles could exist
  - make global destruction test more robust from outside interference
  - fix false default values satisfying required attributes
  - Fix Moose attribute delegation to a Moo class via a wildcard
  - work around case where Sub::Util is loadable but doesn't provide
    Sub::Util::set_subname
  - skip thread tests on perl 5.8.4 and below where threads are extremely
    unreliable
  - Allow stub methods (e.g. sub foo;) to be overwritten by accessors or other
    generated methods. (RT#103804)

(wiz)

Updated www/p5-URI to 1.69

(wiz)

Update to 1.69:

2015-07-25  Karen Etheridge <ether@cpan.org>

  Release 1.69

  Karen Etheridge:
    - add $VERSIONs for all modules that lack them

  Olaf Alders:
    - add missing documentation for URI::sftp
    - Clarify use of query_param() method

(wiz)

Not compatible with Lua 5.3.

(alnsn)

Revbump because of security/libssh2 update.

(nros)

Revbump because of security/libssh2 update.

(nros)

Revbump because of security/libssh2 update.

(nros)

Revbump because of security/libssh2 update.

(nros)

Revbump because of security/libssh2 update.

(nros)

Note update of www/contao35 package to 3.5.2.

(taca)

Update contao35 to 3.5.2.

* Add Serbian language files.

Version 3.5.2 (2015-07-24)
--------------------------

### Fixed
Revert some of the PhpStorm code inspector changes (see #7937).

Version 3.5.1 (2015-07-24)
--------------------------

### Fixed
Add a `StringUtil` class to restore PHP 7 compatibility (see contao/core-bundle#309).

### Fixed
Fix the `Validator::isEmail()` method (see contao/core-bundle#313).

### Fixed
Strip tags before auto-generating aliases (see #7857).

### Fixed
Correctly encode the URLs in the popup file manager (see #7929).

### Fixed
Check for the comments module when compiling the news meta fields (see #7901).

### Fixed
Also sort the newsletter channels alphabetically in the front end (see #7864).

### Fixed
Disable responsive images in the back end preview (see #7875).

### Fixed
Overwrite the request string when generating news/event feeds (see #7756).

### Fixed
Store the static URLs with the cached file (see #7914).

### Fixed
Correctly check the subfolders in the `hasAccess()` method (see #7920).

### Fixed
Updated the countries list (see #7918).

### Fixed
Respect the `notSortable` flag in the parent (see #7902).

### Fixed
Round the maximum upload size to an integer value (see #7880).

### Fixed
Make the markup minification less aggressive (see #7734).

### Fixed
Filter the indices in `Database::getFieldNames()` (see #7869).

### Fixed
Back-ported two fixes from the upstream versions.

(taca)

Updated security/libssh2 to 1.6.0

(nros)

Updated libssh2 to version 1.6.0.

Changelog:

Changes:

    Added libssh2_userauth_publickey_frommemory()

Bug fixes:

    wait_socket: wrong use of difftime()
    userauth: Fixed prompt text no longer being copied to the prompts struct
    mingw build: allow to pass custom CFLAGS
    Let mansyntax.sh work regardless of where it is called from
    Init HMAC_CTX before using it
    direct_tcpip: Fixed channel write
    WinCNG: fixed backend breakage
    OpenSSL: caused by introducing libssh2_hmac_ctx_init
    userauth.c: fix possible dereferences of a null pointer
    wincng: Added explicit clear memory feature to WinCNG backend
    openssl.c: fix possible segfault in case EVP_DigestInit fails
    wincng: fix return code of libssh2_md5_init()
    kex: do not ignore failure of libssh2_sha1_init()
    scp: fix that scp_send may transmit not initialised memory
    scp.c: improved command length calculation
    nonblocking examples: fix warning about unused tvdiff on Mac OS X
    configure: make clear-memory default but WARN if backend unsupported
    OpenSSL: Enable use of OpenSSL that doesn't have DSA
    OpenSSL: Use correct no-blowfish #define
    kex: fix libgcrypt memory leaks of bignum
    libssh2_channel_open: more detailed error message
    wincng: fixed memleak in (block) cipher destructor

(nros)

add fix for CVE-2015-5522 and CVE-2015-5523 from
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f9
40d

(spz)

Simplify MESSAGE.NetBSD by removing {start,stop,reload}_cmd, which are
unnecessary to set. From Edgar Fuss in PR pkg/50049.

Bump revision.

(bsiegert)

Pullup ticket #4759 - requested by morr
net/haproxy: security fix

Revisions pulled up:
- net/haproxy/Makefile                                          1.21
- net/haproxy/distinfo                                          1.16
- net/haproxy/patches/patch-standard_h                          deleted

---
  Module Name: pkgsrc
  Committed By: morr
  Date: Sat Jul  4 13:13:53 UTC 2015

  Modified Files:
  pkgsrc/net/haproxy: Makefile distinfo
  Removed Files:
  pkgsrc/net/haproxy/patches: patch-standard_h

  Log Message:
  Security update to newest version.

  Changes:

  Released version 1.5.14 with the following main changes :
    - BUILD/MINOR: tools: rename popcount to my_popcountl
    - BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data

  Released version 1.5.13 with the following main changes :
    - BUG/MINOR: check: fix tcpcheck error message
    - CLEANUP: deinit: remove codes for cleaning p->block_rules
    - DOC: Update doc about weight, act and bck fields in the statistics
    - MINOR: ssl: add a destructor to free allocated SSL ressources
    - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
    - MEDIUM: ssl: replace standards DH groups with custom ones
    - BUG/MINOR: debug: display (null) in place of "meth"
    - BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
    - BUG/MEDIUM: cfgparse: segfault when userlist is misused
    - BUG/MEDIUM: stats: properly initialize the scope before dumping stats
    - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
    - CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
    - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
    - CLEANUP: checks: simplify the loop processing of tcp-checks
    - BUG/MAJOR: checks: always check for end of list before proceeding
    - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
    - BUG/MEDIUM: peers: apply a random reconnection timeout
    - BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
    - MEDIUM: init: don't stop proxies in parent process when exiting
    - MINOR: peers: store the pointer to the signal handler
    - MEDIUM: peers: unregister peers that were never started
    - MEDIUM: config: propagate the table's process list to the peers sections
    - MEDIUM: init: stop any peers section not bound to the correct process
    - MEDIUM: config: validate that peers sections are bound to exactly one process
    - MAJOR: peers: allow peers section to be used with nbproc > 1
    - DOC: relax the peers restriction to single-process
    - CLEANUP: config: fix misleading information in error message.
    - MINOR: config: report the number of processes using a peers section in the error case
    - BUG/MEDIUM: config: properly compute the default number of processes for a proxy

  pkgsrc changes:
  Thanks to "rename popcount to my_popcountl" one of patches can be removed.

(bsiegert)

Updated graphics/elementary-xfce-icon-theme to 0.6

(youri)

Update to 0.6:

- No changeset available, adds a few icons.

(youri)

Change dependencies to use new dict application. Bump.

(youri)

Update references.

(youri)

+ xfce4-dict
- xfce4-dict-plugin

(youri)

Added textproc/xfce4-dict version 0.7.1

(youri)

Remove dead plugin.

(youri)

Import xfce4-dict-0.7.1 as textproc/xfce4-dict.

This program allows you to search different kinds of dictionary services for
words or phrases and shows you the result. Currently you can query a Dict
server(RFC 2229), any online dictionary service by opening a web browser or
search for words using the aspell/ispell program.

(youri)

Updated geography/R-countrycode to 0.18

(mef)

Update 0.17 to 0.18
Version 0.18 (2014-12-17)
-------------------------
* Nils Enevoldsen did wonderful work refactoring most of the regex in the dictionary.
* Nils also added a bunch of tests. Thanks!
* Added Tokelau

(mef)

Updated archivers/lzip to 1.17
Updated archivers/lziprecover to 1.17

(mef)

Update 1.16 to 1.17
-------------------
2015-05-28  Antonio Diaz Diaz  <antonio@gnu.org>

* Version 1.17 released.
* New block selection algorithm makes merge up to 100 times faster.
* repair.cc: Repair time has been reduced by 15%.
* Added new option '-y, --debug-delay'.
* Added new option '-z, --debug-repair'.
* Makefile.in: Added new targets 'install*-compress'.
* testsuite/unzcrash.cc: Moved to top directory.
* lziprecover.texi: Added chapter 'File names'.

(mef)

Update 1.16 to 1.17
-------------------
2015-07-12  Antonio Diaz Diaz  <antonio@gnu.org>
* Version 1.17 released.
* Reorganization of the compression code.
* lzip.texi: Added chapter 'Quality assurance'.
* Makefile.in: Added new targets 'install*-compress'.

(mef)

add missing py-six DEPENDS

(richard)

Bump PKGREVISION for hs-unordered-containers-0.2.5.1

(szptvlfn)

Updated devel/hs-unordered-containers to 0.2.5.1

(szptvlfn)

Update to 0.2.5.1

Changes from
https://github.com/tibbe/unordered-containers/blob/master/CHANGES.md
## 0.2.5.1 (2014-10-11)

* Support base-4.8

(szptvlfn)

-gtk-systrace
-systrace-policies

(dholland)

Removed security/gtk-systrace too.

(dholland)

More systrace

(dholland)

Removed security/systrace-policies.

(dholland)

g/c another systrace leftover.

(dholland)

ed and sign updates

(bsiegert)

Update sign to 1.0.7. From Ben Gergely via mail to pkgsrc-users.

* fixed 'test' (-t) mode (kudos to Kai for noticing)
* fixed a bug in error message formatting when the original
  file extension cannot be guessed (--verify mode)
* fixed a bug in key fingerprint formatting routine
* added missing buffer range check in buf_parse_bignum()

(bsiegert)

Update ed to 1.12. From Ben Gergely in mail to pkgsrc-users.

        * main_loop.c (exec_command): Return ERR if 'system' can't
          create a shell process.
        * main_loop.c (main_loop): Flush stdout/stderr before reading a
          new command.
        * buffer.c (put_sbuf_line): Added size parameter.
        * ed.1: Man page is now generated with 'help2man'.
        * ed.1: All command-line options are now documented in the man page.
        * Restored copyright notices of Andrew L. Moore. It seems Andrew
          granted some permissions but never assigned copyright to the FSF.
        * buffer.c (append_lines): Fixed 'a', 'c' and 'i' commands.
          (When used in a global command list, the commands following
          them in the list were ignored).
        * main_loop.c (exec_command): Fixed 'e' command.
          (It quitted when invoked a second time with a modified buffer).
        * main.c: Added new option '--restricted'.
        * 'red' has been converted to a script invoking 'ed --restricted'.
        * Description of ed in the manual has been changed.
        * testsuite: Modified some tests and removed obsolete posix tests.
        * main_loop.c: 'ibufp' variable made local to main_loop.
        * Defined type bool to make clear which functions and variables
          are Boolean.
        * Added 'const' to all pointer declarations accepting it.
        * regex.c (replace_matching_text): Make se_max an enum.
        * signal.c: Include termios.h
        * Converted C99 style comments '//' to C89 style comments '/* */'.
        * ed.texinfo: Fixed an erratum.
        * Changed copyright holder from Andrew, Antonio to the FSF.
        * buffer.c, main_loop.c: Undo now restores the modified status.
        * regex.c (search_and_replace): Fixed a race condition with user
          interrupt.
        * signal.c: Added functions resize_line_buffer and
          resize_undo_buffer to definitively fix the aliasing warnings.
        * Some minor corrections have been made to the manual.
        * carg_parser.c (ap_resize_buffer): An aliasing related segfault
          that only occurs when overoptimizing with GCC on some
          architectures (alpha, sparc) has been (hopefully) fixed.
        * signal.c (resize_buffer): Likewise.
        * configure: Locale has been fixed to 'C'.
        * Makefile.in: Man page is now installed by default.
        * 'make install-info' should now work on Debian and OS X.
        * ed.texinfo: License updated to GFDL version 1.3 or later.

(bsiegert)

Updated www/trac to 1.0.8

(gdt)

Update to 1.0.8.

Upstream changes are almost entirely miscellaneous bugfixes and
performance improvements.

Details at http://trac.edgewall.org/wiki/TracDev/ReleaseNotes/1.0

(gdt)

Updated graphics/cogl to 1.20.0

(prlw1)

Find native X libGL.so.2 as well as modular X libGL.so.1.

While here, update to cogl to 1.20.0

Cogl 1.20.0                                                        2015-03-23

  List of changes since Cogl 1.18.2

  Support for "quad buffer" based stereo rendering
  Support for Mir window system
  A number of updates for the Wayland support
  Improved vblank sync when using glXWaitForMSC

Many thanks to:

  Marco Trevisan (Trevino)
  Owen W. Taylor
  Robert Bragg
  Rui Matos
  Adel Gadllah
  Chris Wilson
  Necdet Yuel
  Sebastian Rasmussen
  Seong-ho Cho
  Ting-Wei Lan

(prlw1)

Use details about variants when applicable instead of common names, this means
that the illumos variants such as SmartOS & OmniOS will be labelled accordingly
rather than being lumped in under the SunOS 5.11 banner.

This was put together with the help of Joerg @ pkgsrcCon 2015

Reviewed by joerg@ bsiegert@

(sevan)

Introduce $LOWER_VARIANT_VERSION, this is used to store version info for variant
Operating Systems.
For SmartOS, store the result from running uname -v & trimming the joyent_
prefix.
For OmniOS, store the result from processing /etc/release with awk(1)

Reviewed by joerg@ bsiegert@

(sevan)

socat update, PR pkg/49996.

(bsiegert)

Update socat to 1.7.3.0. From Ben Gergely in PR pkg/49996.

####################### V 1.7.3.0:

security:
(CVE Id pending)
Fixed problems with signal handling caused by use of not async signal
safe functions in signal handlers that could freeze socat, allowing
denial of service attacks.
Many changes in signal handling and the diagnostic messages system were
applied to make the code async signal safe but still provide detailled
logging from signal handlers:
Coded function vsnprintf_r() as async signal safe incomplete substitute
of libc vsnprintf()
Coded function snprinterr() to replace %m in strings with a system error
message
Instead of gettimeofday() use clock_gettime() when available
Pass Diagnostic messages from signal handler per unix socket to the main
program flow
Use sigaction() instead of signal() for better control
Turn off nested signal handler invocations
Thanks to Peter Lobsinger for reporting and explaining this issue.

Red Hat issue 1019975: add TLS host name checks
OpenSSL client checks if the server certificates names in
extensions/subjectAltName/DNS or in subject/commonName match the name
used to connect or the value of the openssl-commonname option.
Test: OPENSSL_CN_CLIENT_SECURITY

OpenSSL server checks if the client certificates names in
extensions/subjectAltNames/DNS or subject/commonName match the value of
the openssl-commonname option when it is used.
Test: OPENSSL_CN_SERVER_SECURITY

Red Hat issue 1019964: socat now uses the system certificate store with
OPENSSL when neither options cafile nor capath are used

Red Hat issue 1019972: needs to specify OpenSSL cipher suites
Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
prevent downgrade attacks

new features:
OpenSSL addresses set couple of environment variables from values in
peer certificate, e.g.:
SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
SOCAT_OPENSSL_X509_COMMONNAME,
SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*

Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
Tests: OPENSSL_METHOD_*

Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
by Andrey Arapov.

Added a new option termios-rawer for ptys.
Thanks to Christian Vogelgsang for pointing me to this requirement

corrections:
Bind with ABSTRACT commands used non-abstract namespace (Linux).
Test: ABSTRACT_BIND
Thanks to Denis Shatov for reporting this bug.

Fixed return value of nestlex()

Option ignoreeof on the right address hung.
Test: IGNOREEOF_REV
Thanks to Franz Fasching for reporting this bug.

Address SYSTEM, when terminating, shut down its parent addresses,
e.g. an SSL connection which the parent assumed to still be active.
Test: SYSTEM_SHUTDOWN

Passive (listening or receiving) addresses with empty port field bound
to a random port instead of terminating with error.
Test: TCP4_NOPORT

configure with some combination of disable options produced config
files that failed to compile due to missing IPPROTO_TCP.
Thanks to Thierry Fournier for report and patch.

fixed a few minor bugs with OpenSSL in configure and with messages

Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
is required. Thanks to Zhigang Wang for reporting and sending a patch.

Christophe Leroy provided a patch that fixes memory leaks reported by
valgrind

Help for filan -L was bad, is now corrected to:
"follow symbolic links instead of showing their properties"

Address options fdin and fdout were silently ignored when not applicable
due to -u or -U option. Now these combinations are caught as errors.
Test: FDOUT_ERROR
Issue reported by Hendrik.

Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
over option raw which is now obsolote. On SysV systems this call is
simulated by appropriate setting.
Thanks to Youfu Zhang for reporting issue with option raw.

porting:
Socat included <sys/poll.h> instead of POSIX <poll.h>
Thanks to John Spencer for reporting this issue.

Version 1.7.2.4 changed the check for gcc in configure.ac; this
broke cross compiling. The particular check gets reverted.
Thanks to Ross Burton and Danomi Manchego for reporting this issue.

Debian Bug#764251: Set the build timestamp to a deterministic time:
support external BUILD_DATE env var to allow to build reproducable
binaries

Joachim Fenkes provided an new adapted spec file.

Type bool and macros Min and Max are defined by socat which led to
compile errors when they were already provided by build framework.
Thanks to Liyu Liu for providing a patch.

David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
support and appropriate files in Config/

Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
on Illumos

Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
_POSIX_PTHREAD_SEMANTICS; and minor changes

Red Hat issue 1182005: socat 1.7.2.4 build failure missing
linux/errqueue.h
Socat failed to compile on on PPC due to new requirements for
including <linux/errqueue.h> and a weakness in the conditional code.
Thanks to Michel Normand for reporting this issue.

doc:
In the man page the PTY example was badly formatted. Thanks to
J.F.Sebastian for sending a patch.

Added missing CVE ids to security issues in CHANGES

testing:
Do not distribute testcert.conf with socat source but generate it
(and new testcert6.conf) during test.sh run.

####################### V 1.7.2.4:

corrections:
LISTEN based addresses applied some address options, e.g. so-keepalive,
to the listening file descriptor instead of the connected file
descriptor
Thanks to Ulises Alonso for reporting this bug

make failed after configure with non gcc compiler due to missing
include. Thanks to Horacio Mijail for reporting this problem

configure checked for --disable-rawsocket but printed
--disable-genericsocket in the help text. Thanks to Ben Gardiner for
reporting and patching this bug

In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
Probably no impact.
Thanks to David Binderman for reproting this issue.

procan could not cleanly format ulimit values longer than 16 decimal
digits. Thanks to Frank Dana for providing a patch that increases field
width to 24 digits.

OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
"Invalid argument"
Thanks to Emile den Tex for reporting this bug.

Changed some variable definitions to make gcc -O2 aliasing checker happy
Thanks to Ilya Gordeev for reporting these warnings

On big endian platforms with type long >32bit the range option applied a
bad base address. Thanks to hejia hejia for reporting and fixing this bug.

Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

Red Hat issue 1022063: out-of-range shifts on net mask bits

Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
uses

Red Hat issue 1021958: fixed a bug with faulty buffer/data length
calculation in xio-ascii.c:_xiodump()

Red Hat issue 1021972: fixed a missing NUL termination in return string
of sysutils.c:sockaddr_info() for the AF_UNIX case

fixed some typos and minor issues, including:
Red Hat issue 1021967: formatting error in manual page

UNIX-LISTEN with fork option did not remove the socket file system entry
when exiting. Other file system based passive address types had similar
issues or failed to apply options umask, user e.a.
Thanks to Lorenzo Monti for pointing me to this issue

porting:
Red Hat issue 1020203: configure checks fail with some compilers.
Use case: clang

Performed changes for Fedora release 19

Adapted, improved test.sh script

Red Hat issue 1021429: getgroupent fails with large number of groups;
use getgrouplist() when available instead of sequence of calls to
getgrent()

Red Hat issue 1021948: snprintf API change;
Implemented xio_snprintf() function as wrapper that tries to emulate C99
behaviour on old glibc systems, and adapted all affected calls
appropriately

Mike Frysinger provided a patch that supports long long for time_t,
socklen_t and a few other libc types.

Artem Mygaiev extended Cedril Priscals Android build script with pty code

The check for fips.h required stddef.h
Thanks to Matt Hilt for reporting this issue and sending a patch

Check for linux/errqueue.h failed on some systems due to lack of
linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.

autoconf now prefers configure.ac over configure.in
Thanks to Michael Vastola for sending a patch.

type of struct cmsghdr.cmsg is system dependend, determine it with
configure; some more print format corrections

docu:
libwrap always logs to syslog

added actual text version of GPLv2

(bsiegert)

Use correct /proc file name on Dragonfly. From David Shao in PR pkg/50088.
Bump revision.

(bsiegert)

Fix build on NetBSD, PR pkg/49909.

It turns out that [^a]* matches all files not beginning with a on Darwin
and all files beginning with a on NetBSD. Work around this by crafting
a for loop with a case expression.

(bsiegert)

Mark p5-Text-Table and p5-Parse-Dia-SQL additions, PR pkg/50054 and
PR pkg/50055.

(bsiegert)

Add package for Parse::Dia::SQL. From David Gutteridge in PR pkg/50055.

Parse::Dia::SQL converts Dia class diagrams into SQL. Various SQL
dialects are supported.

(bsiegert)

Add a package for Text::Table. From David Gutteridge in PR pkg/50054.

Text::Table can be used to render plaintext/ASCII-art/Unicode-art
tables.

(bsiegert)

Add cpu_sup for netbsd also

(abs)

Updated devel/xulrunner31 to 31.8.0

(ryoon)

Update to 31.8.0

* Sync with firefox31.

(ryoon)

Updated devel/p5-CHI to 0.60
Updated devel/p5-B-Hooks-Parser to 0.13
Updated devel/p5-CPAN-FindDependencies to 2.44
Updated devel/p5-CPAN-Meta to 2.150005
Updated devel/p5-CPAN-Meta-Check to 0.012
Updated devel/p5-CPAN-Perl-Releases to 2.28
Updated devel/p5-CPANPLUS to 0.9154

(mef)

(pkgsrc)
- Add following line for 'make test'
  +BUILD_DEPENDS+=        p5-Package-Constants-[0-9]*:../../devel/p5-Package-Constants
(upstream)
- Update 0.9152 to 0.9154
----------------------
0.9154      Sat Jul  4 10:39:23 BST 2015
* Fixed an issue with @INC mangling in CPANPLUS process
* POD fixes courtesy of Alexey Molchanov

(mef)

Add two lines for 'make test to complete'
  +# for make test
  +BUILD_DEPENDS+=        p5-Log-Message-Simple-[0-9]*:../../devel/p5-Log-Message-Simple
  +BUILD_DEPENDS+=        p5-Log-Message-[0-9]*:../../devel/p5-Log-Message

(mef)

Update 2.18 to 2.28
-------------------
version 2.28 at 2015-07-20 20:29:55 +0000
    Updated for v5.23.1

version 2.26 at 2015-06-30 10:37:30 +0000
    Anything greater than v5.21.5 comes with a .xz

version 2.24 at 2015-06-21 10:46:48 +0000
    Updated for v5.23.0

version 2.22 at 2015-06-01 18:19:11 +0000
    Updated for v5.22.0
    Made the version number .22 in salutation

(mef)

udate to 0.012
--------------
0.012    2015-06-18 23:20:54+02:00 Europe/Amsterdam
          Drop dependency on Exporter 5.57

(mef)

Update 2.150001 to 2.150005
---------------------------
2.150005  2015-06-09 19:08:44-06:00 America/Denver
  [TESTING]
  - Changed some test data from UTF-8 to ASCII

2.150004  2015-05-19 11:25:53-04:00 America/New_York (TRIAL RELEASE)
  [DOCUMENTED]
  - Noted explicitly that historical META spec files are licensed under
      the same terms as Perl

  [TESTING]
  - Added test for 'x_deprecated' field in "provides"

  [META]
  - declared extra developer prereq

2.150003  2015-04-21 19:41:15-04:00 America/New_York (TRIAL RELEASE)
  [CHANGED]
  - Serialized CPAN::Meta objects now include a x_serialization_backend
      entry

2.150002  2015-04-19 01:00:10+02:00 Europe/Berlin (TRIAL RELEASE)
  [CHANGED]
  - Metadata merging now does deep hash merging as long as keys
      don't conflict

(mef)

(pkgsrc)
- Add following dependency for make test
    +# for make test
    +BUILD_DEPENDS+=        p5-Test-Pod-Coverage-[0-9]*:../../devel/p5-Test-Pod-Coverage
    +# for Types::Standard
    +BUILD_DEPENDS+=        p5-Type-Tiny-[0-9]*:../../devel/p5-Type-Tiny
    +BUILD_DEPENDS+=        p5-Moo-[0-9]*:../../devel/p5-Moo
(upstream)
- Update 2.43 to 2.44
2.44    2015-07-21      No functional changes, just fixing tests which
                          broke with modern dependencies on old perl

(mef)

(pkgsrc)
- Add Following line
  +# for make test
  +BUILD_DEPENDS+=        p5-Test-Exception-[0-9]*:../../devel/p5-Test-Exception
(upstream)
- Update 0.12 to 0.13
-------------------
0.13    2015-06-06 20:54:32Z
  - switch tooling off of Module::Install

(mef)

(pkgsrc)
- Convert DEPENDS from p5-JSON to p5-JSON-MaybeXS, see below and check
  by 'make test' if you have question, thanks.
(upstream)
- Update 0.59 to 0.60
-----------------
0.60  Jun 7, 2015
* Fixes
  - Switch JSON backends from JSON.pm to JSON::MaybeXS - https://github.com/jonswar/perl-chi/pull/20 (Karen Etheridge)

(mef)

Bump PKGREVISION for Xpoll.h moves.

(markd)

move X11/Xpoll.h include earlier than sys/select.h to avoid missing
out on setting FD_SETSIZE early enough. Fixes PR misc/50073

(markd)

Regen distinfo for previous 2 commits.

(ryoon)

Fix libxul.so link with freetype2 from recent NetBSD current's native Xorg.

(ryoon)

Should fix devel/xulrunner31 symlink, bin/xulrunner31.

(ryoon)

Updated lang/gcc5 to 5.2.0
Updated lang/gcc5-libs to 5.2.0nb1

(ryoon)

Update to 5.2.0

Changelog:
GCC 5.2

  This is the [42]list of problem reports (PRs) from GCC's bug tracking
  system that are known to be fixed in the 5.2 release. This list might
  not be complete (that is, it is possible that some PRs that have been
  fixed are not listed here).

Target Specific Changes

  IA-32/x86-64

    * Support for new AMD instructions monitorx and mwaitx has been
      added. This includes new intrinsic and built-in support. It is
      enabled through option -mmwaitx. The instructions monitorx and
      mwaitx implement the same functionality as the old monitor and
      mwait instructions. In addition mwaitx adds a configurable timer.
      The timer value is received as third argument and stored in
      register %ebx.

    For questions related to the use of GCC, please consult these web
    pages and the [43]GCC manuals. If that fails, the
    [44]gcc-help@gcc.gnu.org mailing list might help. Comments on these
    web pages and the development of GCC are welcome on our developer
    list at [45]gcc@gcc.gnu.org. All of [46]our lists have public
    archives.

  Copyright (C) [47]Free Software Foundation, Inc. Verbatim copying and
  distribution of this entire article is permitted in any medium,
  provided this notice is preserved.

  These pages are [48]maintained by the GCC team. Last modified
  2015-07-16[49].

References

  42. https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=5.2.0
  43. https://gcc.gnu.org/onlinedocs/
  44. mailto:gcc-help@gcc.gnu.org
  45. mailto:gcc@gcc.gnu.org
  46. https://gcc.gnu.org/lists.html
  47. http://www.fsf.org/
  48. https://gcc.gnu.org/about.html
  49. http://validator.w3.org/check/referer

(ryoon)

Updated net/lftp to 4.6.3a

(ryoon)

Update to 4.6.3a

* Update MASTER_SITES.

Changelog:
Version 4.6.3 - 2015-06-17

* new mirror setting mirror:overwrite and options --overwrite/--no-overwrite.
* new mirror option --upload-older.
* new mirror option --recursion={always,never,missing,newer}.
* try to download zero sized files as they may be non-empty.
* torrent: new options --only-new, --only-incomplete.
* torrent: fixed endless loop in FD deallocation.
* fixed a memleak when parsing a directory listing with special files.
* fixed one byte buffer overflow in cls.
* fixed cmd:fail-exit description in the man page.
* fixed large stack usage when parsing fish directory listings.

Version 4.6.2 - 2015-04-16

* new command "edit" instead of the edit alias.
* new setting ssl:priority for disabling selected protocols.
* new settings fish:auto-confirm and sftp:auto-confirm.
* new setting file:use-lock to lock local files before accessing.
* ftp: fixed disconnecting on timeout (broken in 4.6.0).
* http: enclose ipv6 address in brackets in URLs and Host header.
* fixed mirror for http protocol with redirections.
* fixed `bookmark edit' to use correct XDG path if XDG is used.
* fixed a wildcard certificate validation vulnerability (CVE-2014-0139).
* fixed proxy authentication for CONNECT method.
* fixed exit code of `help' command.
* fixed sftp to show file names with slashes.
* fixed pget status display when all chunks are done except the first one.
* Ukrainian translation updated (Yuri Chornoivan).
* Russian translation updated.

Version 4.6.1 - 2014-12-29

* new mirror option --scan-all-first.
* mirror --Remove-source-files now removes files already present at the target.
* added a workaround for FUSE with HadoopFS I/O error during rename(2).
* fixed du to round file size up to block size.
* fixed compilation with libressl.
* fixed OPTS MLST, removed trailing semicolon.
* fixed put to sftp with special files (like /dev/stdin).
* fixed ftp to copy SID properly with GnuTLS (Tim Kosse).
* fixed mirror to follow redirections to files (Tomas Hozza).

Version 4.6.0 - 2014-10-13

* new torrent --share option.
* new setting mirror:require-source.
* new settings xfer:use-temp-file and xfer:temp-file-name.
* ftp: wait for QUIT reply before closing control socket.

Version 4.5.6 - 2014-10-13

* display valid IDN in URLs without percent encoding.
* ftp: shutdown SSL connection before closing control socket.
* ftp: avoid duplication of PROT command.
* fixed debug -o to append to the log file.
* fixed compilation without SSL.
* http: don't uncompress files ending with .gz, .Z or .tgz
* http: fixed inflation of some files.
* minor fixes in torrent protocol.

Version 4.5.5 - 2014-09-04

* added support for internationalized domain names.
* added lftp --norc option.
* added mirror "Finished" message.
* added ftp:catch-size setting.
* fixed net:max-retries setting.
* fixed byte counters in mirror status.
* fixed a segfault in ftps.
* fixed a spurious error message in fxp and ftp.

Version 4.5.4 - 2014-08-07

* new setting mirror:sort-by (name, size, date).
* torrent: reduced cpu and memory usage.
* fixed occasional "BUG:deadlock" message.
* fixed a segfault when a directory contains duplicate file names.
* fixed a memory leak in torrent.
* fixed byte counters in mirror --depth-first.
* fixed timeout checks in FISH.
* translations updated (pl).

Version 4.5.3 - 2014-07-06

* new setting ftp:site.
* don't uncompress http body when Contrent-Type is compressed.
* check source address of DHT replies.
* discard disconnected torrent peers only after a timeout.

Version 4.5.2 - 2014-06-11

* fixed a coredump on startup when compiled with certain gcc versions.
* mkdir -q option for quiet operation.
* glob --exist and --not-exist options.
* improved torrent status, show piece availability statistics.
* remove unconnectable torrent peers on trackerless torrents.

Version 4.5.1 - 2014-06-02

* show piece availabilty in torrent status.
* fixed a coredump in ftp when data connection fails.
* fixed default values of some settings.
* fixed http redirection handling.
* fixed compilation with gcc-4.8.3.

Version 4.5.0 - 2014-05-23

* optimized cpu usage for 10Gb/s transfers by using better data structures
  and algorithms.
* new open option --env-password to take password from LFTP_PASSWORD
  environment variable.
* new `exit parent' subcommand.
* new settings http:accept-encoding, http:decode.
* new setting xfer:max-log-size to limit transfer log size.
* show last disconnect cause for a few seconds in the session status.
* improved mirror status to display real-time aggregated byte count and rate.
* save torrent matadata on disk and load if available when needed.
* improved torrent DHT search.
* fixed exit behavior to flush buffered commands.
* fixed transfer rate reporting for mirror --parallel.

Version 4.4.16 - 2014-05-07

* fixed mirror --loop to re-check base directory contents.
* fixed sftp and fish authentication by password with FreeBSD server.
* fixed directory index parsing for some http servers.
* fixed find command output to avoid extra slash for plain files.
* fixed several bugs which could cause segfault.

Version 4.4.15 - 2014-01-21

* new setting pget:min-chunk-size.
* improved DHT search by preferring responded nodes.
* allow UTC timezone in http timestamps.
* fixed WebDAV rmdir operation.
* fixed torrent hang on shutdown when a tracker is unresposive.
* fixed adding too many slashes to URLs in http.

Version 4.4.14 - 2013-12-13

* fixed HEAD/PROPFIND handling in http.
* a minor memory leak fixed.

Version 4.4.13 - 2013-11-26

* fixed a bug in file size checking code.

Version 4.4.12 - 2013-11-26

* new option -l (--ls) for find command.
* improve workaround for single NL replies from an FTP server.
* Ukrainian translation updated (Yuri Chornoivan).
* fixed spinning in "get" when no remote session is open.
* don't pre-fetch file information in "get" when not needed.
* fixed handling of 400/501 http codes for PROPFIND to switch to HEAD.
* fixed a crash after cls.
* added file size decrease checking.
* used a newer libtool for ppc64le platform.

Version 4.4.11 - 2013-11-11

* fixed a slow down in mirror from http (thanks to OGAWA Hirofumi).
* fixed a coredump in sftp when accessing an inexistent file.

Version 4.4.10 - 2013-10-11

* mirror new option --file/-f to mirror a single file.
* mirror new option -O for get/put similarity.
* WebDAV fixes and improvements.
* new setting ftp:use-utf8 to disable utf-8 activation.
* fixed handling of incorrect encoding of file names.
* fixed compilation without libiconv.
* fixed occasional hang in mirror.
* kill ssh when terminating fish or sftp connection.

Version 4.4.9 - 2013-08-23

* implemented support for mirror -L in sftp.
* pass all 3 std file descriptors when attaching to lftp instance.
* ftp: added a workaround for incorrectly formatted multiline replies.
* sftp: added a workaround for RouterOS v6.
* fixed mirror --no-empty-dirs to skip directories with no included files.
* fixed segfault when there is no TERM environment variable.
* fixed torrent for meta-info files with % in their names.
* fixed compilation when IPV6_V6ONLY if not defined.
* fixed compilation with older zlib.
* fixed FD_CLOEXEC flag on cwd and transfer_log.
* fixed MLSD parsing for semicolons in file names.
* new translation: Ukrainian (thanks to Yuri Chornoivan).
* man page updated.

Version 4.4.8 - 2013-05-29

* add support for redirections in torrent metainfo fetching.
* add support for gzip Content-Encoding in http.
* fixed an endless loop in mirror from sftp.

Version 4.4.7 - 2013-05-23

* translations update (pl, cs).
* fixed "get -c" looping in some cases.
* fixed translations encoding (pl, it, es, pt_BR).
* fixed occasional file corruption and garbage logging in Fish protocol.

(ryoon)

Updated security/stunnel to 5.20

(ryoon)