libaom: Update 3.7.0

Changelog:
2023-08-10 v3.7.0
  This release includes new codec interfaces, compression efficiency and
  perceptual improvements, speedup and memory optimizations and many bug fixes.
  This release is ABI compatible with the last release.

  - New Features
    * New codec controls:
      * AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame.
      * AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta
        quantization in all intra mode. The "enable-rate-guide-deltaq" option is
        added for this control.
      * AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate
        distribution used in all intra mode. The "rate-distribution-info" option
        is added for this control.
      * AV1E_GET_LUMA_CDEF_STRENGTH
      * AV1E_SET_BITRATE_ONE_PASS_CBR
    * AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling.
    * aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP.
      The "tune" option is extended to include "vmaf_saliency_map".
    * SVC example encoder svc_encoder_rtc is able to use the rate control
      library.
    * Loopfilter level and CDEF filter level is supported by RTC rate control
      library.
    * New speed (--cpu-used) 11, intended for RTC screen sharing, added for
      faster encoding with ~3% bdrate loss with 16% IC (instruction count)
      speedup compared to speed 10.

  - Compression Efficiency Improvements
    * Improved VoD encoding performance
      * 0.1-0.6% BDrate gains for encoding speeds 2 to 6
      * Rate control accuracy improvement in VBR mode
    * RTC encoding improvements
      * Screen content mode: 10-19% BDrate gains for speeds 6 - 10
      * Temporal layers video mode, for speed 10:
        * 2 temporal layers on low resolutions: 13-15% BDrate gain
        * 3 temporal layers on VGA/HD: 3-4% BDrate gain

  - Perceptual Quality Improvements
    * Fixed multiple block and color artifacts for RTC screen content by
      * Incorporating color into RD cost for IDTX
      * Reducing thresholds for palette mode in non RD mode
      * Allowing more palette mode testing
    * Improved color sensitivity for altref in non-RD mode.
    * Reduced video flickering for temporal layer encoding.

  - Speedup and Memory Optimizations
    * Speed up the VoD encoder
      * 2-5% for encoding speed 2 to 4
      * 9-15% for encoding speed 5 to 6
      * ARM
        * Standard bitdepth
          * speed 5: +31%
          * speed 4: +2%
          * speed 3: +9%
          * speed 2: +157%
        * High bitdepth
          * speed 5: +85%
    * RTC speedups
      * Screen content mode
        * 15% IC speedup for speeds 6-8
        * ARM: 7% for speed 9, 3% for speed 10
      * Temporal layers video mode
        * 7% speedup for 3 temporal layers on VGA/HD, for speed 10
      * Single layer video
        * x86: 2% IC speedup for speeds 7-10
        * ARM: 2-4% speedup across speeds 5-10

  - Other improvements
    * VoD: Major improvements to global motion estimation, now enabled up to
      speed 4
    * RTC
      * Fixes to make lossless coding work.
      * Fixes to make frame dropper (--drop_frames) work for single and temporal
        layers.
      * Improvements to RPS (reference picture selection) recovery frames.
      * Improvements to rate control for temporal layers.
    * libwebm is updated to libwebm-1.0.0.29-9-g1930e3c

  - Bug Fixes
    * aomedia:3261 Assertion failed when encoding av1 with film grain and
      '--monochrome' flag
    * aomedia:3276 ensure all allocations are checked (partial fix)
    * aomedia:3451 The libaom library calls exit()
    * aomedia:3450 enable -Wshadow for C++ sources
    * aomedia:3449 Test Seg Faults After
      b459af3e345be402db052a143fcc5383d4b74cbd
    * aomedia:3416 prune unused symbols / restrict symbol visibility
    * aomedia:3443 Jenkins failure:
      UninstantiatedParameterizedTestSuite<EstimateNoiseTest>
    * aomedia:3434 realtime failures with CONFIG_BITSTREAM_DEBUG=1
    * aomedia:3433 DeltaqModeTest crash w/row_mt=0
    * aomedia:3429 Encoder crash when turn on both ExternalResize and
      g_threads > 2
    * aomedia:3438 Build failure with
      `-DSANITIZE=address -DBUILD_SHARED_LIBS=ON` when using clang.
    * aomedia:3435 Block artifacts when scrolling with AV1 in screen sharing
      scenarios
    * aomedia:3170 vmaf tune presets produce extreme glitches in one scene
    * aomedia:3401 Building shared libaom with MSVC results in a race condition
      with the export library
    * aomedia:3420 Floating point exception in av1_tpl_get_frame_importance()
    * aomedia:3424 heap-buffer-overflow in ScaleFilterCols_16_C() (SIGABRT)
    * aomedia:3417 examples/svc_encoder_rtc.c is using internal macros and
      functions
    * aomedia:3372 SEGV in assign_frame_buffer_p av1_common_int.h
    * aomedia:3130 'cpu-features.h' file not found on Android NDK 22
    * aomedia:3415 Encoder/decoder mismatch for svc_encoder_rtc running
      1 SL 3 TL
    * aomedia:3412 Lossless Mode Fails Loopback Bit Test
    * aomedia:3409 The use of AV1_VAR_OFFS in av1/encoder/var_based_part.c is
      incorrect for high bit depths
    * aomedia:3403 test_libaom fails with error message
      "feenableexcept() failed" on Linux arm
    * aomedia:3370 Random color block at fast motion area
    * aomedia:3393 Assertion failure in av1_convolve_2d_sr_c()
    * aomedia:3392 Strong artifacting for high bit-depth real-time
    * aomedia:3376 aomenc --threads=10 --deltaq-mode=3 crashes after
      "Allintra: multi-threading of calculating differential contrast"
    * aomedia:3380 Crashes and ASan and TSan errors in deltaq-mode=3
      multithreading code
    * chromium:1410766 heap-buffer-overflow in aom_yv12_copy_v_c
    * Cannot set level via AV1E_SET_TARGET_SEQ_LEVEL_IDX
    * Encoding failure due to the use of loop restoration with unintended use of
      lossless mode.
    * Signed integer overflow in scan_past_frames
    * Signed integer overflow in update_a_sep_sym
    * Flickering in AV1 1440p/2160p HDR transcodes
    * Fixed artifacts with screen share at encoder speed 10
    * Fixed prediction setup for IDTX

2023-05-08 v3.6.1
  This release includes several bug fixes. This release is ABI
  compatible with the last release. See
  https://aomedia.googlesource.com/aom/+log/v3.6.0..v3.6.1 for all the
  commits in this release.

  - Bug Fixes
    * aomedia:2871: Guard the support of the 7.x and 8.x levels for AV1
      under the CONFIG_CWG_C013 config flag, and only output the 7.x and
      8.x levels when explicitly requested.
    * aomedia:3382: Choose sb_size by ppi instead of svc.
    * aomedia:3384: Fix fullpel search limits.
    * aomedia:3388: Replace left shift of xq_active by multiplication.
    * aomedia:3389: Fix MV clamping in av1_mv_pred.
    * aomedia:3390: set_ld_layer_depth: cap max_layer_depth to
      MAX_ARF_LAYERS.
    * aomedia:3418: Fix MV clamping in av1_int_pro_motion_estimation.
    * aomedia:3429: Move lpf thread data init to lpf_pipeline_mt_init().
    * b:266719111: Fix undefined behavior in Arm Neon code.
    * b:269840681: nonrd_opt: align scan tables.
    * rtc: Fix is_key_frame setting in variance partition.
    * Build: Fix build with clang-cl and Visual Studio.
    * Build: Fix module definition file for MinGW/MSYS.

2023-02-03 v3.6.0
  This release includes compression efficiency and perceptual quality
  improvements, speedup and memory optimizations, and some new features.
  This release is ABI compatible with the last release.

  - New Features
    * New values 20-27 (corresponding to levels 7.0-7.3 and 8.0-8.3) for
      the encoder control AV1E_SET_TARGET_SEQ_LEVEL_IDX (note that the
      proposal to add the new levels are still in draft status). The
      original special value 24 (keep level stats only for level
      monitoring) is renumbered as 32.
    * New encoder control AV1E_SET_SKIP_POSTPROC_FILTERING to skip the
      application of post-processing filters on reconstructed frame in
      all intra mode.
    * New encoder option "kf-max-pyr-height": Maximum height of pyramid
      structure used for the GOP starting with a key frame (-1 to 5).
    * Make SVC work for screen content.
    * Rate control improvements to reduce frame-size spikes for screen
      content coding.
    * RISC-V architecture support with gcc toolchain.

  - Compression Efficiency Improvements
    * Peak compression efficiency in VOD setting is improved by 1%.
    * 0.7% - 2.2% RTC encoding BDrate gains for real time speed 8 to 10.
    * 15% RTC encoding BDrate gains for screen content speed 10.

  - Perceptual Quality Improvements
    * Resolved a visual quality issue that was reported for high
      resolution clips (2K) for speed 4 and above in VOD use case.
    * Visual quality improvements to screen content coding.
    * Quality improvements to temporal layer RTC coding.

  - Speedup and Memory Optimizations
    * RTC single-thread encoder speedup:
      o ~6% instruction count reduction for speed 5 and 6.
      o ~15% instruction count reduction for speed 7.
      o ~10% instruction count reduction for speed 8 to 10 (>=360p
        resolutions).
    * RTC multi-thread encoder speedup (beyond single-thread speedup):
      o 5-8% encode time reduction for speed 7 to 10.
    * RTC screen-content encoder speedup:
      o 11% instruction count reduction for speed 9 and 10 (>=720p
        resolutions).
    * ~5% reduction in heap memory requirements for RTC, speed 6 to 10.
    * AVIF:
      o 4-5% speedup for speed 9 in still-picture encoding mode.
      o 3-4% heap memory reduction in still-picture encoding mode for
        360p-720p resolutions with multiple threads.

  - Bug Fixes
    * Added a workaround for an AV1 specification bug which makes
      TRANSLATION type global motion models unusable.
    * Fixed AddressSanitizer global-buffer-overflow errors in
      av1/encoder/arm/neon/av1_fwd_txfm2d_neon.c.
    * Fixed AddressSanitizer heap-buffer-overflow error in
      av1_wiener_convolve_add_src_neon().
    * chromium:1393384 Avoid scene detection on spatial resize.
    * aomedia:3308 Remove color artifacts under high motion.
    * aomedia:3310 Avoid out of memory failures with Visual Studio 2017,
      2019, and 2022 for Win32 x86 builds.
    * aomedia:3346 Make SVC work properly for screen content.
    * aomedia:3348 Fix a bug where an uninitialized search_site is used.
    * aomedia:3365 Work around what seems like a Visual Studio 2022
      compiler optimization bug.
    * aomedia:3369 Incorrect PSNR values reported by libaom for 12-bit
      encode.

(ryoon)

doc: Updated net/wget2 to 2.1.0

(ryoon)

wget2: Update to 2.1.0

Changelog:
31.08.2023 Release v2.1.0
  * New option --follow-sitemaps
  * New option --dane (cert validation via DNS)
  * Implement --check-certificate=quiet
  * Support proxies on non-default ports
  * Added CIDR support for no_proxy (IPv4 and IPv6)
  * Improve recursive RSS/Atom processing
  * Improve default cert/bundle paths for Windows
  * Improve Windows and MSVC compatibility
  * Use CONNECT for https_proxy
  * Add decoding numeric XML entities
  * Improve OpenSSL code
  * Improve WolfSSL code
  * Improve the progress bar
  * New function wget_xml_decode_entities_inline()
  * Support compilation of wget.h from C++
  * Handle comments in robots.txt correctly
  * Fix parsing HTMP/XML entities in URLs from HTML/XML
  * Fix use-after-free when updating blacklist entries
  * Don't try setting file timestamps on ttys
  * Fix arguments parsing for --filter-urls
  * Fix removing fragments when converting links
  * Fix duplicate downloads for Link headers with rel=duplicate
  * Fix segmentation fault (NULL dereference when no HTTP header has been received)
  * Change arguments of wget_iri_compare to const
  * Fix memory leak in wget_hashmap_clear()
  * Extend network error messages with hostname and IP address
  * Fix status code for 5xx errors
  * Fix issue in wget_buffer_trim()
  * Improve tests, documentation, building

(ryoon)

py-jupyterlab: needs py-hatch-jupyter-builder; thanks @wiz

(adam)

qhull: add missing pkgconfig override

(nros)

doc: Updated audio/spotify-qt to 3.10nb4

(pin)

audio/spotify-qt: enable Qt6

... and switch to it by default.

(pin)

doc: Updated www/py-sydent to 2.5.6nb3

(wiz)

py-sydent: add some missing dependencies

Self-tests now complete successfully.

Bump PKGREVISION.

(wiz)

py-httpbin: fix spelling of TOOL_DEPENDS, fixing the build

(wiz)

doc: Updated lang/lua54 to 5.4.6nb1

(wiz)

lua54: fix man page name to match executable name

pkg_alternatives creates lua(1) and luac(1), overwriting these files.

Bump PKGREVISION.

(wiz)

py-test-remote-data: add missing tool dependency

(wiz)

x11/qt5ct: reset maintainer

Moved to Qt6.

(pin)

doc: Updated editors/tp-note to 1.21.14

(pin)

editors/tp-note: update to 1.21.14

Fix a minor regression when the title contains only sort-tag characters.

This release fixes a minor regression introduced with Tp-Note v1.21.10: Note
files, created with title fields containing only sort tag characters, need an
'extra_separator' between in the sort-tag and the title in their filename.
Failing this rule caused cyclic filename change when synchronizing the note's
metadata and the filename. Now, an extra-separator is correctly inserted
as before.

(pin)

doc: Updated editors/focuswriter to 1.8.5

(pin)

editors/focuswriter: update to 1.8.5

v1.7.6 was the last vesrion supporting Qt5 and has been around in pkgsrc for
that very reason. Now that Qt6 is stable, bring the package up-to-date.

1.8.5
-----
* FIXED: Unable to paste HTML into web browser.
* Translation updates: Russian, Turkish, Ukrainian.

1.8.4
-----
* FIXED: Did not ignore user input when force processing events.
* FIXED: Did not compile on macOS.
* FIXED: Did not compile on OS/2.
* Disabled typewriter sounds on OS/2.
* Replaced deprecated code.

1.8.3
-----
* FIXED: Did not play sound effect when pressing enter.
* FIXED: Played sound effect when opening files.
* FIXED: Missing version number.
* Translation updates: Dutch.

1.8.2
-----
* FIXED: Could not change language in portable mode.
* FIXED: Crashed during paste from context menu.
* FIXED: First line indent was lost on empty paragraphs.
* Always write RTF as Latin1.
* Replaced ICU with iconv.
* Improved Linux deployment.
* Translation updates: German, Korean, Portuguese (Brazil), Russian, Swedish.

1.8.1
-----
* Always write plain text as UTF-8.
* Always write RTF as codepage 1252.
* Replaced QTextCodec with ICU.
* Translation updates: Estonian, German.

1.8.0
-----
* FIXED: Lines were randomly duplicated in ODT.
* FIXED: Did not read text from lists in ODT.
* FIXED: Formatting was lost when restoring untitled documents from cache.
* FIXED: Loading headings caused document to shift vertically.
* FIXED: Timers did not show countdown in tooltip.
* FIXED: Sometimes could not remove dictionaries.
* Only restore changed files from cache.
* Refactored code.
* Removed XPM icon.
* Switched to Qt 6.
* Updated Unicode symbols database.
* Updated Windows dictionaries.
* Translation updates: Armenian, Bosnian, Czech, Dutch, French, Georgian,
  Italian, Lithuanian, Norwegian Bokm奪l, Norwegian Bokm奪l (Norway), Portuguese,
  Romanian, Swedish, Turkish, Ukrainian.

1.7.6
-----
* FIXED: Did not load locales with underscores.
* FIXED: Compile failure due to missing header.
* Translation updates: Slovenian, Swedish, Turkish.

(pin)

doc: Updated archivers/arqiver to 0.11.0nb4

(pin)

archivers/arqiver: Add Qt6 support

... and switch to it by default.

(pin)

sysutils/fam: fix linking error on Linux for missing standard libraries.

(vins)

devel/libtirpc: further buildlink file revision.

* use INCDIRS to provide a language-agnostic include path.
* fix linking for TI-RPC.

(vins)

doc: Added mail/thunderbird102-l10n version 102.15.0

(hauke)

doc: Added mail/thunderbird102 version 102.15.0

(hauke)

Add mail/thunderbird102{,-l10n} with LTS version 102.15.0 as a
functioning fallback from bleeding edge Thunderbird.

(hauke)

doc: Updated devel/regal to 0.8.0

(leot)

regal: Update to 0.8.0

Changes:
v0.8.0
------
This is the most feature-packed release to date, adding a new output
format, four new rules, and many improvements across the board!

## New GitHub output format

The `regal lint` command now accepts a new `--format` option named
`github`. This is ideal for when Regal is run in CI/CD scenarios using
GitHub Actions. This format will emit annotations for any violation,
which will be visible in the pull request file view.

In addition to this, the GitHub output format will also create a linter
report visible in the "Checks" tab:

This report summarizes the result of linting, with links provided to
the documentation for any violation.

## New rule: use-some-for-output-vars

Using `some` to declare output variables used in iteration (and
elsewhere) has long been considered a best practice. Regal can now
identify places where variables are introduced without `some` and treat
these as errors.

## New rule: prefer-some-in-iteration

Similarly, the new `prefer-some-in-iteration` rule will have Regal warn
when using the "old" style of iteration which could be replaced in
favor of `some ... in`.

## New rule: metasyntactic-variable

Using rule and variable names like "foo", "bar" or "baz" might be
convenient in examples, but rarely has a place in production policy.
The new `metasyntactic-variable` rule will flag any occurences of these
names. The `ignore` directive may of course be used to e.g. allow these
type of variables in tests or other legitimate locations.

## New rule: file-length

Having policy files span several hundred lines of code is often a
signal to consider refactoring the code into smaller units, and to
modularize properly using packages and imports. The new `file-length`
rule by default flags any file with more than 500 lines. This number
can be changed via the rule's configuration.

v0.7.0
------
This release adds a new `custom` category to the built-in rules, which
allows users to easily define the most common organizational
requirements, like naming conventions, by simply editing their Regal
configuration.

## New custom category, and `naming-convention` rule

The custom category of rules allows teams and organizations to define
their own conventions for their Rego projects, without having to write
custom linter policies. Naming conventions are likely the most common
requirement, which is also what the new naming-convention rule helps
solve by allowing users to specify their conventions in the Regal
configuration using regex patterns.

(leot)

doc: Updated devel/conftest to 0.45.0

(leot)

conftest: Update to 0.45.0

Changes:
v0.45.0
-------
* Added support for Azure DevOps output
* Update to OPA 0.56.0

(leot)

doc: Updated devel/opa to 0.56.0

(leot)

opa: Update to 0.56.0

Changes:
v0.56.0
-------
This release contains a mix of new features, bugfixes and a new builtin
function.

### Support for General References in Rule Heads (Experimental)

A new experimental feature in OPA is support for general refs in rule
heads. Where a general ref is a reference with variables at arbitrary
locations.

```rego
package example

import future.keywords

# Converting a flat list of users to a mapping by "role" and then "id".
users_by_role[role][id] := user if {
    some user in data.users
    id := user.id
    role := user.role
}

# Explicit "admin" key override to the above mapping.
users_by_role.admin[id] := user if {
    some user in data.admins
    id := user.id
}

# Leaf entries can be multi-value.
users_by_country[country] contains user.id if {
    some user in data.users
    country := user.country
}
```

General refs are currently not supported by the OPA planner, making
this feature unsupported for Wasm and IR.

Note: this feature is disabled by default, and needs to be enabled by
setting the `EXPERIMENTAL_GENERAL_RULE_REFS` environment variable (once
the feature is complete - supports Wasm and IR - this requirement will
be dropped).

### New Built-In Function: `numbers.range_step`

Similar to the `numbers.range` built-in function, `numbers.range_step`
returns an array of numbers in a given range. The new built-in function
also allows you to control the _step between each entry_.

### Breaking changes

Since its introduction in 0.34.0, the `--exit-zero-on-skipped` option
always made the `opa test` command return an exit code 0. When used, it
now returns the exit code 0 only if no failed tests were found.

Test runs on existing projects using `--exit-zero-on-skipped` will fail
if any failed tests were inhibited by this behavior.

(leot)

Add missing p5-File-Slurp dependency

Bump PKGREVISION

(abs)

doc: Updated www/py-flask-cors to 4.0.0

(kleink)

py-flask-cors: Update to 4.0.0.

## 4.0.0
* Remove support for Python versions older than 3.8 by @WAKayser in https://github.com/corydolphin/flask-cors/pull/330
* Add GHA tooling by @corydolphin in https://github.com/corydolphin/flask-cors/pull/331

## 3.1.01
* Include examples to specify that schema and port must be included in … by @YPCrumble in https://github.com/corydolphin/flask-cors/pull/294
* two small changes to the documentation, based on issue #290 by @bbbart in https://github.com/corydolphin/flask-cors/pull/291
* Fix typo by @sunarch in https://github.com/corydolphin/flask-cors/pull/304
* FIX: typo in CSRF by @sattamjh in https://github.com/corydolphin/flask-cors/pull/315
* Test against recent Python versions by @pylipp in https://github.com/corydolphin/flask-cors/pull/314
* Correct spelling mistakes by @EdwardBetts in https://github.com/corydolphin/flask-cors/pull/311
* 'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in https://github.com/corydolphin/flask-cors/pull/318
* docs: Fix a few typos by @timgates42 in https://github.com/corydolphin/flask-cors/pull/323
* [Docs] Fix typo in configuration documentation by @sachit-shroff in https://github.com/corydolphin/flask-cors/pull/316

(kleink)

doc: Updated sysutils/py-borgbackup to 1.2.6

(wiz)

py-borgbackup: update to 1.2.6.

Pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811)
----------------------------------------------------------

A flaw in the cryptographic authentication scheme in Borg allowed an attacker to
fake archives and potentially indirectly cause backup data loss in the repository.

The attack requires an attacker to be able to

1. insert files (with no additional headers) into backups
2. gain write access to the repository

This vulnerability does not disclose plaintext to the attacker, nor does it
affect the authenticity of existing archives.

Creating plausible fake archives may be feasible for empty or small archives,
but is unlikely for large archives.

The fix enforces checking the TAM authentication tag of archives at critical
places. Borg now considers archives without TAM as garbage or an attack.

We are not aware of others having discovered, disclosed or exploited this vulnerability.

Below, if we speak of borg 1.2.5, we mean a borg version >= 1.2.5 **or** a
borg version that has the relevant security patches for this vulnerability applied
(could be also an older version in that case).

Steps you must take to upgrade a repository:

1. Upgrade all clients using this repository to borg 1.2.6.
  Note: it is not required to upgrade a server, except if the server-side borg
  is also used as a client (and not just for "borg serve").

  Do **not** run ``borg check`` with borg > 1.2.4 before completing the upgrade steps.

2. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg info --debug <repo> 2>&1 | grep TAM | grep -i manifest``.

  a) If you get "TAM-verified manifest", continue with 3.
  b) If you get "Manifest TAM not found and not required", run
      ``borg upgrade --tam --force <repository>`` *on every client*.

3. Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg list --format='{name} {time} tam:{tam}{NL}' <repo>``.
  "tam:verified" means that the archive has a valid TAM authentication.
  "tam:none" is expected as output for archives created by borg <1.0.9.
  "tam:none" is also expected for archives resulting from a borg rename
  or borg recreate operation (see #7791).
  "tam:none" could also come from archives created by an attacker.
  You should verify that "tam:none" archives are authentic and not malicious
  (== have good content, have correct timestamp, can be extracted successfully).
  In case you find crappy/malicious archives, you must delete them before proceeding.
  In low-risk, trusted environments, you may decide on your own risk to skip step 3
  and just trust in everything being OK.

4. If there are no tam:none archives left at this point, you can skip this step.
  Run ``BORG_WORKAROUNDS=ignore_invalid_archive_tam borg upgrade --archives-tam <repo>``.
  This will unconditionally add a correct archive TAM to all archives not having one.
  ``borg check`` would consider TAM-less or invalid-TAM archives as garbage or a potential attack.
  To see that all archives now are "tam:verified" run: ``borg list --format='{name} {time} tam:{tam}{NL}' <repo>``

5. Please note that you should never use BORG_WORKAROUNDS=ignore_invalid_archive_tam
  for normal production operations - it is only needed once to get the archives in a
  repository into a good state. All archives have a valid TAM now.

Vulnerability time line:

* 2023-06-13: Vulnerability discovered during code review by Thomas Waldmann
* 2023-06-13...: Work on fixing the issue, upgrade procedure, docs.
* 2023-06-30: CVE was assigned via Github CNA
* 2023-06-30 .. 2023-08-29: Fixed issue, code review, docs, testing.
* 2023-08-30: Released fixed version 1.2.5 (broken upgrade procedure for some repos)
* 2023-08-31: Released fixed version 1.2.6 (fixes upgrade procedure)

Version 1.2.6 (2023-08-31)
--------------------------

For upgrade and compatibility hints, please also read the section "Upgrade Notes"
above.

Fixes:

- The upgrade procedure docs as published with borg 1.2.5 did not work, if the
  repository had archives resulting from a borg rename or borg recreate operation.

  The updated docs now use BORG_WORKAROUNDS=ignore_invalid_archive_tam at some
  places to avoid that issue, #7791.

  See: fix pre-1.2.5 archives spoofing vulnerability (CVE-2023-36811),
  details and necessary upgrade procedure described above.

Other changes:

- updated 1.2.5 changelog entry: 1.2.5 already has the fix for rename/recreate.
- remove cython restrictions. recommended is to build with cython 0.29.latest,
  because borg 1.2.x uses this since years and it is very stable.
  you can also try to build with cython 3.0.x, there is a good chance that it works.
  as a 3rd option, we also bundle the `*.c` files cython outputs in the release
  pypi package, so you can also just use these and not need cython at all.

(wiz)

doc: Updated www/py-flask-static-digest to 0.4.0

(kleink)

py-flask-static-digest: Update to 0.4.0.

## [0.4.0] - 2023-05-14

- Brotli support added by [Dr. Matthew Swabey](https://github.com/mattaw)
- Remove `FLASK_STATIC_DIGEST_GZIP_FILES` gzip config option
- Add `FLASK_STATIC_DIGEST_COMPRESSION` (defaults to `["gzip"]` and replaces the old gzip config option)

## [0.3.0] - 2022-03-16

- Add support for digesting static files in blueprints and nested blueprints
- Spruce up the code base by using Black for code formatting

(kleink)

CHANGES-2023: revert previous (not an update).

(schmonz)

doc: Updated mail/rspamd to 3.6

(schmonz)

rspamd: find lua, and fix PLIST for non-default PKG_SYSCONFDIR.

(schmonz)

anthy: Don't use old style backquote to unbreak anthy-elisp build.

(msaitoh)

doc: Updated editors/feathernotes to 1.1.0nb5

(pin)

editors/feathernotes: enable Qt6

... and switch to it as default

(pin)

Updated audio/py-mutagen, www/py-aiohttp-socks, devel/py-tox, devel/py-test

(adam)

py-test: updated to 7.4.1

pytest 7.4.1 (2023-09-02)
=========================

Bug Fixes
---------
- Fixed bug where fake intermediate modules generated by ``--import-mode=importlib`` would not include the
  child modules as attributes of the parent modules.
- Fixed error assertion handling in :func:`pytest.approx` when ``None`` is an expected or received value when comparing dictionaries.
- Fixed issue when using ``--import-mode=importlib`` together with ``--doctest-modules`` that caused modules
  to be imported more than once, causing problems with modules that have import side effects.

(adam)

py-tox: updated to 4.11.1

v4.11.1
Allow passing in multiple overrides using the ; character and fix , being used as splitting values

(adam)

py-aiohttp-socks: updated to 0.8.2

v0.8.2
Unknown changes

(adam)

py-mutagen: updated to 1.47.0

1.47.0 - 2023-09-03
-------------------

* ID3: Allow reading TYER tags in the form of "yyyy-mm-dd"
* ID3: Handle negative extended header sizes
* ID3: id3 frames fix bad cast due to str.isdigit
* MP3: Auto-detect MP3 files without ID3 tags
* WAVE: Extensible wave format support
* WAVE, AIFF: Handle truncated IFF files
* MP4: add a check for wrong offsets in mp4 files
* FLAC: Fix cuesheet and seektable saving
* TrueAudio: Read sample rate as unsigned and handle zero sample rate
* docs: Fixed documentation for id3.ID3.save parameter v2_version
* docs: Make extlinks compatible with sphinx 6.0
* docs: Fixed various typos
* Add some more type annotations
* Various minor fixes for issues uncovered by oss-fuzz

(adam)

k3b: remove musicbrainz dependency

musicbrainz has been removed from pkgsrc.

Bump PKGREVISION.

(wiz)

gcc*: include missing header and unbreak build on Linux.

(vins)

editors/featherpad: correct comment

(pin)

doc: Updated graphics/sane-airscan to 0.99.27

(ryoon)

sane-airscan: Update to 0.99.27

* Changelog is not provided in concise form. Changes are mostly bugfix.

(ryoon)

sane-backends: restore some PLIST.foo variables

(wiz)

sane-frontends: Fix PKGVERSION with newer sane-backends

(ryoon)

doc: Updated graphics/sane-backends to 1.2.1

(ryoon)

sane-backends: Update to 1.2.1

Changelog:
## New with 1.2.1 (released 2023-02-05)

### Backends

- `avision`:
    - Minor fix for protocol packet length.
    - Added “basic” support for Avision AD345F. Note that multi-sheet scanning is problematic.
    - Fix for 32-bit limitation on scan line size which caused early abort of scan.
    - Fix for minimum resolution for devices with AV_ASIC_C6.
    - Various small logic errors addressed.

- `canon`: Use the common model name instead of string from the device.
- `canon_lide70`: Some small corrections to option support.
- `canon_pp`: Potential buffer overrun issue addressed.
- `canon-dr`: Added support for lifecycle counters for dr-x10c scanners.
- `epjitsu`: Hang fix for Scansnap S1300i.
- `epsonds`: Added support for Epson XP-2200 Series devices.
- `escl`:
    - Fixes related to support for HP M277dw.
    - Fix for Canon TS-3400 series resolution support.
    - Added support for Epson EcoTank L3160.
    - Fix for segfault crash.
    - Performance and memory use enhancements through the use of memory-mapped I/O.
    - Fix for TIFF file type generation failure.
    - IPv6 detection improvements.
- `fujitsu`:
    - Contrast/brightness fixes for Fujitsu ix500.
    - Support confirmed for Fujitsu fi-7300NX.
    - Support added for ScanSnap ix1400.
    - Added support for ScanPartner SP30.
- `genesys`:
    - Fixes for unit test build errors related to GCC 12.
    - Fix for 32-bit limitation on scan line size which caused early abort. of scan.
    - Build issue fix for OSX.
    - Button support for Canon 8400f scanner corrected.
    - Support added back in for Plustek OpticFilm 7600i: config file entry was missing.
- `kvs40xx`: Compiler warnings fixed.
- `mustek_usb2`: Compiler warnings fixed.
- `pixma`:
    - Fix for Canon TS-3400 series resolution support.
    - Button support for Canon MG5700 series corrected.
    - Added support for Canon imageRUNNER 1018/1022/1023.
    - Added support for Canon PIXMA TS2400 Series.
    - Added support for Canon PIXMA TS2600 Series.
    - Testing confirmed for Canon TS6400 series devices.
    - Testing confirmed for Canon TS3400 series devices.
    - Various devices’ max resolutions fixed.
    - Minor fix for broadcast buffer size error.
- `plustek_pp`: Support removed for deprecated Linux kernel driver build.
- `test`: Fix for 32-bit limitation on scan line size which caused early abort of scan.
- `xerox_mfp`:
    - JPEG support fix for Samsung SCX-4828 FN and similar.
    - JPEG support fix for Samsung SCX-4824 FN and similar.

### Frontends

- `sane-find-scanner`: Alteration to output to indicate that indicated devices are potentially scanners.
- `saned`: Fix for poll.h header file, which caused problems on Alpine Linux.
- `scanimage`:
    - Attempts to set readonly options will give a warning about readonly option set attempt now, instead of the misleading "unknown option" error.
    - Header file build fixes for FreeBSD.
    - Fix for backends presenting NULL attributes in deactivated options.

### Miscellaneous

- Updated translation to Russian, Italian, British English and Ukraine.
- Compiler warnings addressed for a number of backends.
- A number of fixes for the build system:
  - Fix to ignore LDFLAGS environment variable in build.
  - Fix to not build umax_pp tool when disabled.
  - Fix for CLANG compiler warnings.
  - Various small improvements to dependency checking and CI builds.
  - General corrections for backends’ use of mkstemp() function.
  - Added support for autotools’ silent build option.
  - Remove –with-group configure option, since it is no longer used.
  - Autotools fixes for backend library installation.

## New with 1.1.1 (released 2022-01-18)

### Backends

- `epson2`: Fixed support for many scanners that don't support focus command.
- `epson2`: Improve reliability of long scans.
- `epsonds`: Implemented support for the following Epson scanners:
  - DS-1610
  - DS-1630
  - DS-1660W
  - DS-310
  - DS-320
  - DS-360W
  - DS-410
  - DS-530
  - DS-530II
  - DS-531
  - DS-535
  - DS-535H
  - DS-535II
  - DS-570W
  - DS-570WII
  - DS-571W
  - DS-575W
  - DS-575WII
  - DS-70
  - DS-80W
  - ES-200
  - ES-300W
  - ES-300WR
  - ES-400
  - ES-400II
  - ES-50
  - ES-500W
  - ES-500WII
  - ES-500WR
  - ES-55R
  - ES-580W
  - ES-60W
  - ES-60WB
  - ES-60WW
  - ES-65WR
  - ET-2700 Series
  - ET-2710 Series
  - ET-2810 Series
  - ET-M2140 Series
  - ET-M3140 Series
  - EW-052A Series
  - FF-680W
  - L3150 Series
  - L3200 Series
  - L3210 Series
  - L3250 Series
  - L4150 Series
  - M2140 Series
  - M3140 Series
  - RR-60
  - RR-600W
  - RR-70W
  - XP-2100 Series
  - XP-2150 Series
- `epson2`: Marked XP-452 455 series as supported in documentation.
- `escl`: Fixed scanning problems on certain scanners due to incorrect URL being used
  (https://gitlab.com/sane-project/backends/-/issues/479)
- `escl`: Fixed support for different resolutions when using JPEG format.
- `escl`: Fixed handling of ipp-usb redirects to localhost which previously caused certain scanners
  to be always reported as busy.
- `escl`: Added support for Brother DCP-J772DW and Epson ET-2750 scanners.
- `escl`: Marked the following scanners as supported in documentation:
  - Canon PIXMA G4511
  - Canon PIXMA TR4550 Series
  - Canon PIXMA TR4551 Series
  - Epson ET-6100
- `escl`: Implemented support for disabling PDF output on scanners where it's broken
  (https://gitlab.com/sane-project/backends/-/issues/510)
- `escl`: Implemented support for Canon PIXME TR4520 and TR7500 scanners.
- `genesys`: Improved scan quality on Canon LiDE 35/40/50/60 by using brighter LED illumination.
- `genesys`: Fixed control of contrast and brigthness on certain scanners
  (https://gitlab.com/sane-project/backends/-/issues/271).
- `genesys`: Fixed crashes when handling slightly unexpected conditions
  (https://gitlab.com/sane-project/backends/-/issues/464).
- `genesys`: Fixed support for Plustek Opticfilm 7200 v2 scanner.
- `genesys`: Fixed button support on HP ScanJet G4010.
- `genesys`: Fixed compilation on gcc-4.8.
- `genesys`: Fixed incorrect LED exposure calculation leading to wrong color balance on certain
  resolutions on gl841 scanners
- `genesys`: Improved gray scan quality on Canon LiDE 110, 120, 210, 220
  (https://gitlab.com/sane-project/backends/-/issues/106,
  https://gitlab.com/sane-project/backends/-/issues/52).
- `genesys`: Fixed issue of motor becoming stuck at certain resolutions on Canon LiDE 50
  and possibly other gl841 scanners (https://gitlab.com/sane-project/backends/-/issues/357)
- `genesys`: Fixed periodic black lines in gray scans on Canon LiDE 80.
- `genesys`: Removed support for broken 75 and 100 dpi hardware resolutions to fix preview
  scans (https://gitlab.com/sane-project/backends/-/issues/383). These resolutions did
  not have any benefit compared to next smallest 150 dpi resolution.
- `genesys`: Add support for running in embedded environments that don't support threads.
- `genesys`: Fixed gray scans to use white color for illumination instead of red on
  Canon LiDE 35/40/50/60 and potentially other gl841 scanners. Old behavior can
  be restored via the color filter setting to select specific color component for
  the gray scan.
- `genesys`: The genesys backend is now distributed under GPL v2 or later license.
  Previously there existed an exception that allowed additional uses of the backend.
- `gt68xx`: Fixed several memory issues that can potentially lead to crashes or increased memory use.
- `hp4200`: Fixed crash when using HP ScanJet 4200C
  (https://gitlab.com/sane-project/backends/-/issues/454).
- `microtek`: Fixed support for embedded platforms using `uclibc`.
- `pieusb`: Implemented support for Reflecta RPS 10M scanner.
- `pieusb`: Fixed support for automatically advancing slides on DigitDia 4000.
- `pixma`: Fixed compliation with `NDEBUG` macro defined.
- `pixma`: Marked Canon PIXMA G4511 as supported in documentation
- `scangearmp2`: Mark GX6000, GX7000, TS5400 and MX455 series as supported.
- `sm3600-scanutil`: Fixed support for embedded platforms using `uclibc`.

### Frontends

- Improved documentation of `scanimage` concerning options provided by backends.
- `scanimage`: Improved help to specify which options are advanced.
- `scanimage`: Implemented support for PDF output format.

### Miscellaneous

- Added translation to Simplified Chinese.

(ryoon)

doc: Updated www/firefox-l10n to 117.0

(ryoon)

firefox-l10n: Update to 117.0

* Sync with www/firefox-117.0.

(ryoon)

doc: Updated www/firefox to 117.0

(ryoon)

firefox: Update to 117.0

Changelog:
New
  * Support for credit card autofill has been extended to users running Firefox
    in the IT, ES, AT, BE, and PL locales.

  * macOS users can now control the tabability of controls and links via
    about:preferences.
    Screenshot of new macOS tabability option in about:preferences

  * To avoid undesirable outcomes on sites which specify their own behavior
    when pressing shift+right-click, Firefox now has a
    dom.event.contextmenu.shift_suppresses_event preference to prevent the
    context menu from appearing.

Fixed
  * YouTube video lists now scroll correctly when navigating with a screen
    reader.

  * Various security fixes.

Changed
  * Firefox no longer shows its own screen sharing indicator on Wayland desktop
    environments. The system default sharing indicator will be used instead.

Enterprise
  * You can find information about policy updates and enterprise specific bug
    fixes in the Firefox for Enterprise 117 Release Notes.

Developer
  * Developer Information
  * Web compatibility inspection has been enhanced with our new CSS
    compatibility tooltip in the Developer Tools Inspector. An icon is now
    displayed next to properties that could lead to web compatibility issues.
    When hovered, the tooltip indicates which browsers are not supported and
    displays a link to the MDN page for the property so the user can learn more
    about it.
    Screenshot showing CSS compatibility icon for a property shown in the
    Inspector

  * console.clear() no longer clears the Console output if the "Enable
    persistent logs" option is enabled.

Web Platform
  * Support for improved CSS nesting is now enabled by default.

  * Firefox now supports RTCRtpScriptTransform.

  * ReadableStream.from is now supported, allowing creation of a ReadableStream
    from an (async) iterable.

  * Firefox now supports the math-style and math-depth CSS properties and the
    font-size: math value.

Security fixes:
#CVE-2023-4573: Memory corruption in IPC CanvasTranslator
#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an
Out of Memory Exception
#CVE-2023-4579: Persisted search terms were formatted as URLs
#CVE-2023-4580: Push notifications saved to disk unencrypted
#CVE-2023-4581: XLL file extensions were downloadable without warnings
#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
#CVE-2023-4583: Browsing Context potentially not cleared when closing Private
Window
#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and
Thunderbird 115.2

(ryoon)

keepassxc: add comment about lack of qt6 support

(wiz)

doc: Updated editors/featherpad to 1.4.1nb1

(pin)

editors/featherpad: enable Qt6

... and switch to it by default.
Thanks to wiz@ for a quick review.

(pin)

opensmtpd-filter-dnsbl: require _GNU_SOURCE for strcasestr() on Linux.

(vins)

doc: Updated www/py-hyperkitty to 1.3.7nb1

(wiz)

py-hyperkitty: remove sassc dependency

It is not a build or run-time requirement, despite what the .spec file
says.

Bump PKGREVISION.

(wiz)

opensmtpd-filter-dkimsign: enable backward-compatibility for OpenBSD funcs on Linux.

Required for glibc < 2.24, which lacks reallocarray() and
explicit_bzero().

(vins)

libopensmtpd: enable backward-compatibility for OpenBSD funcs on Linux.

Required for glibc < 2.24, as it lacks reallocarray() and
explicit_bzero().

(vins)

gnome-shell: does not use sassc when building from tarballs

(Since some 40.x alpha release.)

Remove TOOL_DEPENDS on sassc.

(wiz)

mame: Couple of little fixes for NetBSD

(nia)

doc: Updated www/cobalt to 0.19.0

(wiz)

cobalt: update to 0.19.0.

Update provided by pin@, thanks!

pkgsrc:
- Switch off sass feature by default due to libsass and sass-rs deprecation
see, https://github.com/cobalt-org/cobalt.rs/issues/1050 and
https://github.com/cobalt-org/cobalt.rs/pull/1090

[0.19.0] - 2023-06-06
Compatibility
- Removed support for vimwiki (parser/renderer was unmaintained)
- MSRV is now 1.70.0

[0.18.5] - 2023-06-02
- No ChangeLog provided

[0.18.4] -2023-04-20
- No ChangeLog provided

(wiz)

gupnp: Needs -lsocket on SunOS

(nia)

x11/qt6ct: fix PLIST and unbreak build.

(vins)

nuspell: Use USE_CXX_FEATURES. Fixes build on NetBSD 9.

(nia)

xosview2: still requires c++17 in USE_LANGUAGES.

(vins)

libtirpc: s/CFLAGS/CPPFLAGS in buildlink file.

(vins)

zola: remove unused libsass dependency

SASS support was switched to a rust crate.

Bump PKGREVISION.

(wiz)

libmusicbrainz: remove

This was the old v3 version of the API, the newer (but still obsolete)
v5 version is in audio/libmusizbrainz5.

(wiz)

kscd: remove

dead upstream, no kde5 version

(wiz)

kde4: remove kscd from meta package

(wiz)

doc: Updated shells/oh-my-posh to 18.7.0

(pin)

shells/oh-my-posh: update to 18.7.0

v18.7.0
Features
- helm: add segment (43aca8e)

v18.6.4
Bug Fixes
- git: correctly identify conflicted files (8f8dd04)

(pin)

Updated devel/py-ipykernel, www/py-aiohttp-socks

(adam)

py-aiohttp-socks: updated to 0.8.1

v0.8.1

Fix issue 27

(adam)

py-ipykernel: updated to 6.25.2

6.25.2

Bugs fixed

- Make iostream shutdown more robust
- Don't call QApplication.setQuitOnLastWindowClosed(False).
- Avoid starting IOPub background thread after it's been stopped

(adam)

doc: Updated meta-pkgs/xfce4-extras to 4.18.1

(gutteridge)

doc: Updated meta-pkgs/xfce4 to 4.18.1

(gutteridge)

xfce4 & xfce4-extras: call these 4.18.1 now

(gutteridge)

xfce4-icon-theme: drop unnecessary use of XFCE4_VERSION (NFC)

(gutteridge)

doc: Updated sysutils/xfce4-appfinder to 4.18.1

(gutteridge)

xfce4-appfinder: update to 4.18.1

Change log:

4.18.1 (2023-08-22)
======
- Add style class to selected app icon (!42)
- Restore command icons in Commands history (!33)
- Update preferences window to match default settings (!35)

(gutteridge)

gnome-mplayer: remove default-off libmusicbrainz option

This used the old v3 of libmusicbrainz.

(wiz)