Fixes for usb and dnssd options, from Robert Swindells.

(wiz)

Added print/cups-filters version 1.0.54

(wiz)

+ cups-filters.

(wiz)

Import cups-filters-1.0.54 as print/cups-filters.

CUPS is a standards-based, open source printing system developed
by Apple Inc. for Mac OS X and other UNIX-like operating systems.
CUPS uses the Internet Printing Protocol ("IPP") and provides System
V and Berkeley command-line interfaces, a web interface, and a C
API to manage printers and print jobs.

This distribution contains backends, filters, and other software
that was once part of the core CUPS distribution but is no longer
maintained by Apple Inc. In addition it contains additional filters
and software developed independently of Apple, especially filters
for the PDF-centric printing workflow introduced by OpenPrinting
and a daemon to browse Bonjour broadcasts of remote CUPS printers
and makes these printers available locally.

>From CUPS 1.6.0 on, this package is required for using printer
drivers with CUPS under Linux. With CUPS 1.5.x and earlier this
package can be used optionally to switch over to PDF-based printing.
In that case some filters are provided by both CUPS and this package.
Then the filters of this package should be used.

(wiz)

Install fofi headers. Bump PKGREVISION.

(wiz)

Chicken 4.9.0 is broken, upstream developers discuss essentially revoking it.

(asau)

Add buildlink3.mk file.

(wiz)

+ libffi-3.1 [wip].

(wiz)

Updated security/kpcli to 2.6

(wiz)

Update to 2.6:

2013-Jun-16 v2.2 - Trap and handle SIGINT (^C presses).
                    Trap and handle SIGTSTP (^Z presses).
                    Trap and handle SIGCONT (continues after ^Z).
                    Stopped printing found dictionary words in pwck.
2013-Jul-01 v2.3 - More readline() and signal handling improvements.
                    Title conflict checks in cli_new()/edit()/mv().
                    Group title conflict checks in rename().
                    cli_new() now accepts optional path&|title param.
                    cli_ls() can now list multiple paths.
                    cli_edit() now shows the "old" values for users
                    to edit, if Term::ReadLine::Gnu is available.
                    cli_edit() now aborts all changes on ^C.
                    cli_saveas() now asks before overwriting a file.
2013-Nov-26 v2.4 - Fixed several "perl -cw" warnings reported on
                    2013-07-09 as SourceForge bug #9.
                    Bug fix for the cl command, but in sub cli_ls().
                    First pass at Strawberry perl/MS Windows support.
                    - Enhanced support for Term::ReadLine::Perl
                    - Added support for Term::ReadLine::Perl5
                    Added display of expire time for show -a.
                    Added -a option to the find command.
                    Used the new magic_file_type() in a few places.
                    Added generatePasswordFromDict() and "w" generation.
                    Added the -v option to the version command.
                    - Added the versions command.
2014-Mar-15 v2.5 - Added length control (gNN) to password generation.
                    Added the copy command (and cp alias).
                    Added the clone command.
                    Added optional modules not installed to version -v.
                    Groups can now also be moved with the mv command.
                    Modified cli_cls() to also work on MS Windows.
                    Suppressed Term::ReadLine::Gnu hint on MS Windows.
                    Suppressed missing termcap warning on MS Windows.
                    Print a min number of *s to not leak passwd length.
                    Removed unneeded use of Term::ReadLine.
                    Quieted "inherited AUTOLOAD for non-method" warns
                    caused by Term::Readline::Gnu on perl 5.14.x.
2014-Jun-06 v2.6 - Added interactive password generation ("i" method).
                    - Thanks to Florian Tham for the idea and patch.
                    Show entry's tags if present (KeePass >= v2.11).
                    - Thanks to Florian Tham for the patch.
                    Add/edit support for tags if a v2 file is opened.
                    Added tags to the searched fields for "find -a".
                    Show string fields (key/val pairs) in v2 files.
                    Add/edit for string fields if a v2 file is opened.
                    Show information about entries' file attachments.
                    2014-03-20 SourceForge feature request #6.
                    New "attach" command to manage file attachments.
                    Added "Recycle Bin" functionality and --no-recycle.
                    For --readonly, don't create a lock file and don't
                    warn if one exists. 2014-03-27 SourceForge bug #11.
                    Added key file generation to saveas and export.
                    2014-04-19 SourceForge bug #13.
                    Added -expired option to the find command.
                    Added "dir" as an alias for "ls"
                    Added some additional info to the stats command.
                    Added more detailed OS info for Linux/Win in vers.
                    Now hides Meta-Info/SYSTEM entries.
                    Fixed bug with SIGTSTP handling (^Z presses).
                    Fixed missing refresh_state_all_paths() in cli_rm.

(wiz)

Updated net/tor to 0.2.4.22

(wiz)

Update to 0.2.4.22, based on the wip version by athaba and myself.
Very many changes since the last stable version in pkgsrc, upgrade!

(wiz)

Updated print/poppler to 0.26.1

(wiz)

Update to 0.26.1 (without a shlib major bump, yay):

Release 0.26.1
        core:
        * Use field value V for radio buttons. Bug #75979
        * Fix extraction of text in some files. Bug #78145
        * Only add annotations of the current page when splitting. Bug #77549

        build system:
        * autoconf: Fix libopenjpeg 1.5 detection on some systems. Bug #78389

        glib:
        * Fix multiple definition of PopplerTextSpan

(wiz)

regen.

(obache)

Add Haiku configureation to configure.
Based on patch created by diger.

(obache)

Rename "iovec" to "iovec_p",  avoid to conflict with "struct iovec" defined in
sys/uio.h.
Fixes build on Haiku with gcc2.

(obache)

Drop settings of LIBSO_LIBS for configure.
Now, configure set LIBSO_LIBS with LIBS, so it is useless passing LIBSO_LIBS to
configure. Overmore, "nsl" and "rt" libraries are exactly checked.

(obache)

Updated www/ap2-wsgi to 4.1.3

(wiz)

Update to 4.1.3:

4.1.3

Known Issues

1. The makefiles for building mod_wsgi on Windows are currently
broken and need updating. As most new changes relate to mod_wsgi
daemon mode, which is not supported under Windows, you should keep
using the last available binary for version 3.X on Windows instead.

Bugs Fixed

1. The setup.py file wasn穰 always detecting the Python library
version suffix properly when setting it up to be linked into the
resulting mod_wsgi.so. This would cause an error message at link
time of:

4.1.2

Bugs Fixed

1. The integration for Django management command was looking for
the wrong name for the admin script to start mod_wsgi express.

2. The code which connected to the mod_wsgi daemon process was
passing an incorrect size into the connect() call for the size of
the address structure. On some Linux systems this would cause an
error similar to:

(22)Invalid argument: mod_wsgi (pid=22944): Unable to connect to
\
    WSGI daemon process 'localhost:8000' on \
    '/tmp/mod_wsgi-localhost:8000:12145/wsgi.22942.0.1.sock'

This issue was only introduced in 4.1.0 and does not affect older
versions.

3. The deadlock detection thread could try and acquire the Python
GIL after the Python interpreter had been destroyed on Python
shutdown resulting in the process crashing. This issue cannot be
completely eliminated, but the deadlock thread will now at least
check whether the flag indicating process shutdown is happening
has been set before trying to acquire the Python GIL

4.1.1

Bugs Fixed

1. Compilation would fail on Apache 2.4 due to a change in the
Apache API to determine the name of the MPM being used.

4.1.0

Bugs Fixed

1. If a UNIX signal received by daemon mode process while still
being initialised to signal that it should be shutdown, the process
could crash rather than shutdown properly due to not registering
the signal pipe prior to registering signal handler.

2. Python doesn穰 initialise codecs in sub interpreters automatically
which in some cases could cause code running in WSGI script to fail
due to lack of encoding for Unicode strings when converting them.
The error message in this case was:

LookupError: no codec search functions registered: can't find
encoding

The 秣scii� encoding is now forcibly loaded when initialising sub
interpreters to get Python to initialise codecs.

3. Fixed reference counting bug under Python 3 in SSL var_lookup()
function which can be used from an auth handler to look up SSL
variables.

4. The WWW-Authenticate headers returned from a WSGI application
when run under daemon mode are now always preserved as is.

Because of previously using an internal routine of Apache, way back
in time the values of multiple WWW-Authenticate headers would be
merged when there was more than one. This would cause an issue with
some browsers.

A workaround was subsequently implemented above the Apache routine
to break apart the merged header to create separate ones again,
however, if the value of a header validly had a �,� in it, this
would cause the header value to be broken apart where it wasn穰
meant to. This could issues with some type of WWW-Authenticate
headers.

Features Removed

1. No longer support the use of mod_python in conjunction with
mod_wsgi. When this is attempted an error is forced and Apache will
not be able to start. An error message is logged in main Apache
error log.

2. No longer support the use of Apache 1.3. Minimum requirement is
now Apache 2.0.

Features Changed

1. Use of kernel sendfile() function by wsgi.file_wrapper is now
off by default. This was originally always on for embedded mode
and completely disabled for daemon mode. Use of this feature can
be enabled for either mode using WSGIEnableSendfile directive,
setting it to On to enable it.

The default is now off because kernel sendfile() is not always able
to work on all file objects. Some instances where it will not work
are described for the Apache EnableSendfile directive.

    http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile

Although Apache has use of sendfile() enabled by default for static
files, they are moving to having it off by default in future version
of Apache. This change is being made because of the problems which
arise and users not knowing how to debug it and solve it.

Thus also erring on side of caution and having it off by default
but allowing more knowledgeable users to enable it where they know
always using file objects which will work with sendfile().

2. The HTTPS variable is no longer set within the WSGI environment.
The authoritative indicator of whether a SSL connection is used is
wsgi.url_scheme and a WSGI compliant application should check for
wsgi.url_scheme. The only reason that HTTPS was supplied at all
was because early Django versions supporting WSGI interface weren穰
correctly using wsgi.url_scheme. Instead they were expecting to
see HTTPS to exist.

This change will cause non conformant WSGI applications to finally
break. This possibly includes some Django versions prior to Django
version 1.0.

Note that you can still set HTTPS in Apache configuration using
the SetEnv or SetEnvIf directive, or via a rewrite rule. In that
case, that will override what wsgi.url_scheme is set to and once
wsgi.url_scheme is set appropriately, the HTTPS variable will be
removed from the set of variables passed through to the WSGI
environment.

3. The wsgi.version variable has been reverted to 1.0 to conform
to the WSGI PEP 3333 specification. It was originally set to 1.1
on expectation that revised specification would use 1.1 but that
didn穰 come to be.

4. The inactivity-timeout option to WSGIDaemonProcess now only
results in the daemon process being restarted after the idle timeout
period where there are no active requests. Previously it would also
interrupt a long running request. See the new request-timeout option
for a way of interrupting long running, potentially blocked requests
and restarting the process.

5. If the home option is used with WSGIDaemonProcess, in addition
to that directory being made the current working directory for the
process, an empty string will be added to the start of the Python
module search path. This causes Python to look in the current
working directory for Python modules when they are being imported.

This behaviour brings things into line with what happens when
running the Python interpreter from the command line. You must
though be using the home option for this to come into play.

Do not that if your application then changes the working directory,
it will start looking in the new current working directory and not
that which is specified by the home option. This again mirrors what
the normal Python command line interpreter does.

New Features

1. Add supplementary-groups option to WSGIDaemonProcess to allow
group membership to be overridden and specified comma separate list
of groups used instead.

2. Add a graceful-timeout option to WSGIDaemonProcess. This option
is applied in a number of circumstances.

When maximum-requests and this option are used together, when
maximum requests is reached, rather than immediately shutdown,
potentially interupting active requests if they don穰 finished with
shutdown timeout, can specify a separate graceful shutdown period.
If the all requests are completed within this time frame then will
shutdown immediately, otherwise normal forced shutdown kicks in.
In some respects this is just allowing a separate shutdown timeout
on cases where requests could be interrupted and could avoid it if
possible.

When cpu-time-limit and this option are used together, when CPU
time limit reached, rather than immediately shutdown, potentially
interupting active requests if they don穰 finished with shutdown
timeout, can specify a separate graceful shutdown period.

3. Add potentially graceful process restart option for daemon
processes when sent a graceful restart signal. Signal is usually
SIGUSR1 but is platform dependent as using same signal as Apache
would use. If the graceful-timeout option had been provided to
WSGIDaemonProcess, then the process will attempt graceful shutdown
first based on the that timeout, otherwise normal shutdown procedure
used as if received a SIGTERM.

4. Add memory-limit option to WSGIDaemonProcess to allow memory
usage of daemon processes to be restricted. This will have no affect
on some platforms as RLIMIT_AS/RLIMIT_DATA with setrlimit() isn穰
always implemented. For example MacOS X and older Linux kernel
versions do not implement this feature. You will need to test
whether this feature works or not before depending on it.

5. Add virtual-memory-limit option to WSGIDaemonProcess to allow
virtual memory usage of daemon processes to be restricted. This
will have no affect on some platforms as RLIMIT_VMEM with setrlimit()
isn穰 always implemented. You will need to test whether this feature
works or not before depending on it.

6. Access, authentication and authorisation hooks now have additional
keys in the environ dictionary for mod_ssl.is_https and
mod_ssl.var_lookup. These equate to callable functions provided by
mod_ssl for determining if the client connection to Apache used
SSL and what the values of variables specified in the SSL certifcates,
server or client, are. These are only available if Apache 2.0 or
later is being used.

7. For Python 2.6 and above, the WSGIDontWriteBytecode directive
can be used at global scope in Apache configuration to disable
writing of all byte code files, ie., .pyc, by the Python interpreter
when it imports Python code files. To disable writing of byte code
files, set directive to On.

Note that this doesn穰 prevent existing byte code files on disk
being used in preference to the corresponding Python code files.
Thus you should first remove .pyc files from web application
directories if relying on this option to ensure that .py file is
always used.

8. Add request-timeout option to WSGIDaemonProcess to allow a
separate timeout to be applied on how long a request is allowed to
run for before the daemon process is automatically restarted to
interrupt the request.

This is to counter the possibility that a request may become blocked
on some backend service, thereby using up available requests threads
and preventing other requests to be handled.

In the case of a single threaded process, then the timeout will
happen at the specified time duration from the start of the request
being handled.

Applying such a timeout in the case of a multithreaded process is
more problematic as doing a restart when a single requests exceeds
the timeout could unduly interfere with with requests which just
commenced.

In the case of a multi threaded process, what is instead done is
to take the total of the current running time of all requests and
divide that by the number of threads handling requests in that
process. When this average time exceeds the time specified, then
the process will be restarted.

This strategy for a multithreaded process means that individual
requests can actually run longer than the specified timeout and a
restart will only be performed when the overall capacity of the
processes appears to be getting consumed by a number of concurrent
long running requests, or when a specific requests has been blocked
for an excessively long time.

The intent of this is to allow the process to still keep handling
requests and only perform a restart when the available capacity of
the process to handle more requests looks to be potentially on the
decline.

9. Add connect-timeout option to WSGIDaemonProcess to allow a
timeout to be specified on how long the Apache child worker processes
should wait on being able to obtain a connection to the mod_wsgi
daemon process.

As UNIX domain sockets are used, connections should always succeed,
however there have been some incidences seen which could only be
explained by the operating system hanging on the initial connect
call without being added to the daemon process socket listener
queue. As such the timeout has been added. The timeout defaults to
15 seconds.

This timeout also now dictates how long the Apache child worker
process will attempt to get a connection to the daemon process when
the connection is refused due to the daemon socket listener queue
being full. Previously how long connection attempts were tried was
based on an internal retry count rather than a configurable timeout.

10. Add socket-timeout option to WSGIDaemonProcess to allow the
timeout on indvidual read/writes on the socket connection between
the Apache child worker and the daemon process to be specified
separately to the Apache Timeout directive.

If this option is not specified, it will default to the value of
the Apache Timeout directive.

11. Add queue-timeout option to WSGIDaemonProcess to allow a request
to be aborted if it never got handed off to a mod_wsgi daemon
process within the specified time. When this occurs a �503 Service
Unavailable� response will be returned.

This is to allow one to control what to do when backlogging of
requests occurs. If the daemon process is overloaded and getting
behind, then it is more than likely that a user will have given up
on the request anyway if they have to wait too long. This option
allows you to specify that a request that was queued up waiting
for too long is discarded, allowing any transient backlog to be
quickly discarded and not simply cause the daemon process to become
even more backlogged.

12. Add listen-backlog option to WSGIDaemonProcess to allow the
daemon process socket listener backlog size to be specified. By
default this limit is 100, although this is actually a hint, as
different operating systems can have different limits on the maximum
value or otherwise treat it in special ways.

13. Add WSGIPythonHashSeed directive to allow Python behaviour
related to initial hash seed to be overridden when the interpreter
supports it.

This is equivalent to setting the PYTHONHASHSEED environment variable
and should be set to either random or a number in the range in
range [0; 4294967295].

14. Implemented a new streamlined way of installing mod_wsgi as a
Python package using a setup.py file or from PyPi. This includes
a mod_wsgi-express script that can then be used to start up
Apache/mod_wsgi with an auto generated configuration on port 8000.

This makes it easy to run up Apache for development without
interfering with the main Apache on the system and without having
to worry about configuring Apache. Command line options can be used
to override behaviour.

Once the mod_wsgi package has been installed into your Python
installation, you can run:

mod_wsgi-express start-server

Then open your browser on the listed URL. This will verify that
everything is working. Enter CTRL-C to exit the server and shut it
down.

You can now point it at a specific WSGI application script file:

mod_wsgi-express start-server wsgi.py

For options run:

mod_wsgi-express start-server --help

If you already have another web server running on port 8000, you
can override the port to be used using the --port option:

mod_wsgi-express start-server wsgi.py --port 8001

15. Implemented a Django application plugin to add a runmodwsgi
command to the Django management command script. This allows the
automatic run up of the new mod_wsgi express script, with it hosting
the Django web site the plugin was added to.

To enable, once the mod_wsgi package has been installed into your
Python installation, add mod_wsgi.server to the INSTALLED_APPS
setting in your Django settings file.

After having run the collectstatic Django management command, you
can then run:

python manage.py runmodwsgi

For options run:

python manage.py runmodwsgi --help

To enable automatic code reloading in a development setting, use
the option:

python manage.py runmodwsgi --reload-on-changes

16. The maximum size that a response header/value can be that is
returned from a WSGI application under daemon mode can now be
configured. The default size has also now been increased from 8192
bytes to 32768 bytes. The name of the option to WSGIDaemonProcess
to set the buffer size used is header-buffer-size.

(wiz)

Updated www/ap2-wsgi to 3.5

(wiz)

Update to 3.5:

Security Issues

    Local privilege escalation when using daemon mode. (CVE-2014-0240)

The issue is believed to affect Linux systems running kernel versions
>= 2.6.0 and < 3.1.0.

The issue affects all versions of mod_wsgi up to and including
version 3.4.

The source of the issue derives from mod_wsgi not correctly handling
Linux specific error codes from setuid(), which differ to what
would be expected to be returned by UNIX systems conforming to the
Open Group UNIX specification for setuid().

http://man7.org/linux/man-pages/man2/setuid.2.html
http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html

This difference in behaviour between Linux and the UNIX specification
was believed to have been removed in version 3.1.0 of the Linux
kernel.

https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/u6cKf4D1D-k

The issue would allow a user, where Apache is initially being
started as the root user and where running code under mod_wsgi
daemon mode as an unprivileged user, to manipulate the number of
processes run by that user to affect the outcome of setuid() when
daemon mode processes are forked and so gain escalated privileges
for the users code.

Due to the nature of the issue, if you provide a service or allow
untrusted users to run Python web applications you do not control
the code for, and do so using daemon mode of mod_wsgi, you should
update mod_wsgi as soon as possible.

Bugs Fixed

1. Python 3 installations can add a suffix to the Python library.
So instead of libpythonX.Y.so it can be libpythonX.Ym.so.

2. When using daemon mode, if an uncaught exception occurred when
handling a request, when response was proxied back via the Apache
child process, an internal value for the HTTP status line was not
cleared correctly. This was resulting in a HTTP status in response
to client of �200 Error� rather than �500 Internal Server Error�.

Note that this only affected the status line and not the actual
HTTP status. The status would still be 500 and the client would
still interpret it as a failed request.

3. Null out Apache scoreboard handle in daemon processes for Apache
2.4 to avoid process crash when lingering close cleanup occurs.

4. Workaround broken MacOS X XCode Toolchain references in Apache
apxs build configuration tool and operating system libtool script.
This means it is no longer necessary to manually go into:

Applications/Xcode.app/Contents/Developer/Toolchains

and manually add symlinks to define the true location of the compiler
tools.

    Restore ability to compile mod_wsgi source code under Apache
    1.3.

6. Fix checks for whether the ITK MPM is used and whether ITK MPM
specific actions should be taken around the ownership of the mod_wsgi
daemon process listener socket.

7. Fix issue where when using Python 3.4, mod_wsgi daemon processes
would actually crash when the processes were being shutdown.

8. Made traditional library linking the default on MacOS X. If
needing framework style linking for the Python framework, then use
the --enable-framework option. The existing --disable-framework
has now been removed given that the default action has been swapped
around.

New Features

1. For Linux 2.4 and later, enable ability of daemon processes to
dump core files when Apache CoreDumpDirectory directive used.

2. Attempt to log whether daemon process exited normally or was
killed off by an unexpected signal.

(wiz)

Updated print/cups to 1.7.3

(wiz)

Update to 1.7.3 based on patch by Leonardo Taccari on pkgsrc-users.
Additionally, remove patch-au since it is now superfluous.

CHANGES IN CUPS V1.7.3

- Added Brazilian Portuguese translation (STR #4409)
- Fixed mapping of OutputBin values such as "Tray1"
  (<rdar://problem/16685606>)
- Several ippGet* functions incorrectly returned -1 instead of 0 on
  error.
- The cupsGetResponse function did not work properly with
  CUPS_HTTP_DEFAULT (<rdar://problem/16762593>)
- The IPP backend did not abort a job when the printer did not validate
  the supplied options (<rdar://problem/16836752>)
- Fixed an authentication race condition in cupsSendRequest (STR #4403)
- The scheduler did not add the "job-hold-until-specified" reason when
  holding a job using the lp command (STR #4405)
- The CUPS headers incorrectly needed libdispatch for blocks support
  (STR #4397)
- The configure script incorrectly added libgcrypt as a GNU TLS
  dependency (STR #4399)
- CUPS did not compile when Avahi or mDNSResponder was not present
  (STR #4402)
- cupsGetDestMediaCount did not work for CUPS_MEDIA_FLAGS DEFAULT
  (STR #4414)
- Auto-typing of PWG Raster files did not work (STR #4417)
- IPP queues using hardcoded credentials would ask for credentials
  (STR #4371)
- Dates in non-UTF-8 locales did not display correctly (STR #4388)
- The RPM spec file now looks for libusb-devel 1.0 or later.
- Fixed the "create-printer-subscription.test" file for IPPTOOL
  (STR #4420)

CHANGES IN CUPS V1.7.2

- Security: The scheduler now blocks URLs containing embedded HTML
  (STR #4356)
- Documentation fixes (STR #3259, STR #4346, STR #4355)
- Fixed the Japanese localization (STR #4385)
- Added a German localization (STR #4363)
- The cupsfilter command incorrectly read the cupsd.conf file; it now
  reads the cups-files.conf file instead.
- Fixed OS X builds with Xcode 5.x (<rdar://problem/15914959>)
- Fixed SSL support on Windows (STR #4358)
- Fixed documentation and naming of Create-Job/Printer-Subscriptions
  operations (STR #4389)
- Phone numbers in fax jobs were not properly filtered for IPP FaxOut
  (<rdar://problem/16351701>)
- Fixed a memory leak in the label printer driver (STR #4393)
- Updated Linux "relro" support (STR #4349)
- cupsEnumDests did not set the "is_default" field (STR #4332)
- cupsDoIORequest could miss the server status, causing failed lpadmin
  and other administrative commands (STR #4386)
- cupsEnumDests didn't always call the callback function (STR #4380)
- "lp -i job-id -H hold" did not work (STR #4401)
- CUPS didn't compile on older platforms (STR #4338)
- Several libcups files did not have the Apple license exception
  notice (STR #4361)
- Fixed a D-BUS threading issue that caused the scheduler to crash
  (STR #4347)
- The scheduler now automatically reconnects to Avahi as needed
  (STR #4370, STR #4373)
- The scheduler did not handle GET requests for the log files properly
  (STR #3265)
- The dnssd backend did not always report all discovered printers using
  Avahi (STR #4365)
- The Zebra printer driver did not properly handle negative "label top"
  values (STR #4354)
- The scheduler did not always update the MakeModel value in
  printers.conf after updating the driver (STR #4264)
- The LPD mini daemon did not support print jobs larger than 2GB
  (STR #4351)
- Fixed a bug in the status reading code when sending a compressed data
  stream to an IPP printer/server (<rdar://problem/16019623>)
- The IPP backend might not include all job attributes in Validate-Job
  operations (<rdar://problem/16025435>)
- Fixed some clang-reported issues (<rdar://problem/15936066>)

CHANGES IN CUPS V1.7.1

- Security: the lppasswd program incorrectly used settings from
  ~/.cups/client.conf (STR #4319)
- Auto debug logging was broken in 1.7.0 (<rdar://problem/15331639>)
- Some gzip'd PPD files could not be used (<rdar://problem/15386424>)
- Cleaned up some job logging in the scheduler
  (<rdar://problem/15332672>)
- ATTR messages could cause string pool memory corruption in the
  scheduler (<rdar://problem/15382819>)
- The RPM spec file did not list the build requirements; this was on
  purpose, but now we are listing the Red Hat package names
  (<rdar://problem/15375760>, STR #4322)
- Printing to a raw queue could result in corrupt output due to
  opportunistic compression (<rdar://problem/15008524>)
- The GNU TLS support code triggered many compiler warnings due to the
  use of old GNU TLS compatibility type names
  (<rdar://problem/15392966>)
- The "make check" test suite did not work on Linux without the
  cups-filters package installed (<rdar://problem/14292998>)
- Japanese PPDs using with the Shift-JIS encoding did not work
  (<rdar://problem/15427759>)
- "tel:" URIs incorrectly had slashes (<rdar://problem/15418463>)
- The libusb-based USB backend incorrectly used write timeouts
  (<rdar://problem/15564888>)
- Shared printers could become inaccessible after a few days on OS X
  (<rdar://problem/15426838>)
- The IPP backend did not wait for a busy printer to become available
  before attempting to print (<rdar://problem/15465667>)
- CUPS did not support "auto-monochrome" or "process-monochrome" for the
  "print-color-mode" option (<rdar://problem/15482520>)
- Using "@IF(name)" in an Allow or Deny rule did not work (STR #4328)
- lpq and lpstat did not list jobs in the correct order when priorities
  were specified (STR #4326)
- The D-BUS notifier did not remove its lockfile (STR #4314)
- CUPS incorrectly used the USER environment variable when the name did
  not match the user ID (STR #4327)

CHANGES IN CUPS V1.7.0

- Updated Japanese localization.
- The lpadmin command did not send the PPD name from the "-m" option
  (<rdar://problem/15264697>)
- Network backends now use the prtMarkerSuppliesClass property to
  determine the direction of supply level values
  (<rdar://problem/14302628>)
- The scheduler did not remove backup PPD files when a printer was
  deleted (<rdar://problem/15065555>)
- The scheduler incorrectly responded to HEAD requests when the web
  interface was disabled (<rdar://problem/15090332>)
- The scheduler did not respond using the hostname specified by the
  client (<rdar://problem/14583574>)
- Fax queues did not work when shared via Bonjour
  (<rdar://problem/14498310>)
- Error messages from the scheduler were not localized using the
  language specified in the client's IPP request
  (<rdar://problem/14128011>)
- Added an Italian localization (<rdar://problem/14481578>)
- Fixed a couple memory leaks in ippfind that were reported by Clang.
- Fixed a compile issue on 64-bit Linux with Clang - need to use the
  -pie option instead of -Wl,-pie now (<rdar://problem/14480938>)
- The ippfind utility reported the wrong port numbers when compiled
  against Avahi (<rdar://problem/14508324>)
- httpGetFd, httpGetFile, httpPutFd, and httpPutFile did not
  automatically reconnect if the server closed the connecion after the
  previous response.
- Fixed a compile error in libcups (<rdar://problem/14467141>)
- The scheduler incorrectly did not pass a FINAL_CONTENT_TYPE
  environment variable to the filters or backend
  (<rdar://problem/14355011>)
- The cups-exec helper program could fail randomly on OS X due to
  sandbox violations when closing excess file descriptors
  (<rdar://problem/14421943>)
- The scheduler incorrectly did not use the kqueue interface on OS X.

CHANGES IN CUPS V1.7rc1

- Printer xxx-default values were not reported by Get-Printer-Attributes
  or lpoptions (<rdar://problem/14401795>)
- Fixed deprecation warnings for many functions on OS X so they are tied
  to the deployment version when building (<rdar://problem/14210079>)
- Fixed a build issue on ARM-based Linux systems - unable to validate
  va_list arguments.
- Added a new ippfind tool for finding IPP printers and other Bonjour
  services (<rdar://problem/13876199>)
- Fixed some issues with conversion of PWG media size names to
  hundredths of millimeters (<rdar://problem/14065748>)
- The IPP backend could crash on OS X when printing to a Kerberized
  printer (<rdar://problem/14040186>)
- The ipptool program now automatically extends timeouts when the
  output buffer is filled (<rdar://problem/14016099>)
- The ipptool program now supports the --help and --version options.
- The ipptool program did not continue past include file errors by
  default (<rdar://problem/13875803>)
- The ipptool program now supports FILE-ID and TEST-ID directives and
  includes their values in its XML output (<rdar://problem/13876038>)
- The ipptool program now supports WITH-HOSTNAME, WITH-RESOURCE, and
  WITH-SCHEME expect predicates to compare the corresponding URI
  components (<rdar://problem/13876091>)

CHANGES IN CUPS V1.7b1

- The configure script now supports a --with-rundir option to change
  the transient run-time state directory from the default to other
  locations like /run/cups (STR #4306)
- The scheduler now supports PPD lookups for classes (STR #4296)
- The cupsfilter program did not set the FINAL_CONTENT_TYPE
  environment variable for filters.
- Added a new "-x" option to the cancel command (STR #4103)
- Made the PWG media handling APIs public (STR #4267)
- Implemented ready media support for the cupsGetDestMediaXxx APIs
  (STR #4289)
- Added new cupsFindDestDefault, cupsFindDestReady, and
  cupsFindDestSupported APIs (STR #4289)
- Added new cupsGetDestMediaByIndex, cupsGetDestMediaCount, and
  cupsGetDestMediaDefault APIs (STR #4289)
- Added new ippGet/SetOctetString APIs for getting and setting an
  octetString value (STR #4289)
- Added new ippCreateRequestedArray API for generating a array of
  attributes from the requested-attributes attribute.
- The ipptool utility now supports compression, conditional tests based
  on the presence of files, and new DEFINE predicates for STATUS.
- Added new IPP APIs for checking values (STR #4167)
- Added new IPP APis for adding and setting formatted strings.
- Added new HTTP APIs to support basic server functionality via libcups.
- The dnssd backend now generates a 1284 device ID as needed (STR #3702)
- CUPS now supports compressing and decompressing streamed data
  (STR #4168)
- CUPS now supports higher-level PIN printing, external accounting
  systems, and "print here" printing environments (STR #4169)
- IRIX is no longer a supported operating system (STR #4092)
- The PPD compiler now supports JCL options properly (STR #4115)
- The web interface now checks whether the web browser has cookies
  enabled and displays a suitable error message (STR #4141)

CHANGES IN CUPS V1.6.4

- Removed some duplicate size definitions for some ISO sizes that were
  causing problems (<rdar://problem/14722721>)
- The IPP backend did not add the "last-document" attribute
  (<rdar://problem/114660379>)
- Added a SyncOnClose directive to cups-files.conf to force cupsd to
  call fsync before closing any configuration/state files it writes
  (<rdar://problem/14523043>)
- Added USB quirk rule for Lexmark E238 (<rdar://problem/14493054>)
- Closed server connections were still not always detected
  (<rdar://problem/14484313>)
- The libusb-based USB backend now loads its list of quirks from files
  in /usr/share/cups/usb instead of using a hardcoded table
  (<rdar://problem/14442769>)
- The scheduler did not properly register ICC color profiles with
  colord (<rdar://problem/14455625>)

CHANGES IN CUPS V1.6.3

- The configure script now prefers Clang over GCC.
- Fixed a compile problem on AIX (STR #4307)
- The default IPP version did not always get set before creating a new
  IPP request message (<rdar://problem/14401718>)
- The lp, lpq, lpr, and lpstat now display an error message advising the
  use of the /version=1.1 ServerName option (<rdar://problem/14290628>)
- Added documentation about the /version=1.1 option to ServerName in
  client.conf (<rdar://problem/14216262>)
- httpStatus(HTTP_ERROR) did not return a useful error message
  (<rdar://problem/14217326>)
- The lp, lpq, lpr, and lpstat commands incorrectly ignored the default
  printer set in the lpoptions file (<rdar://problem/14216472>)
- Fixed a URI encoding issue for hostnames containing the ` (backquote)
  character (<rdar://problem/14243133>)
- Added support for RFC 6874's IPv6 link local address format in URIs
  (<rdar://problem/13979453>)
- The USB backend could crash on libusb-based systems if USB was
  disabled in the BIOS (<rdar://problem/13875729>)
- Fixed a rounding error in the PWG media size mapping code
  (<rdar://problem/13493241>)
- Fixed several ipptool test files that used old STATUS names.
- Kerberos credentials could get truncated when printing to a shared
  printer.
- Printing using "ipps" URIs was not encrypted.
- Insecure ICC profiles prevented installation of user profiles for a
  printer on OS X.
- Added more USB quirks for the libusb-based backend (STR #4311,
  <rdar://problem/13736470>)
- The Russian web interface templates were broken (STR #4310)
- The scheduler no longer tries to do Kerberos authentication over the
  loopback interface.
- The IPP backend could fail to pause a job for authentication
  (STR #4298)
- Fixed a regression on the handling of auth keys on OS X if the
  cups-files.conf was not present or did not contain a SystemAuthKey
  value.
- The scheduler incorrectly did a reverse lookup of the server address
  when HostNameLookups was turned off (STR #4302)
- The scheduler incorrectly computed the final content type value when
  null filters were present.

CHANGES IN CUPS V1.6.2

- Documentation fixes (STR #4229, STR #4239, STR #4234, STR #4248,
  STR #4259)
- Security: All file, directory, user, and group settings are now stored
  in a separate cups-files.conf configuration file that cannot be set
  through the CUPS web interface or APIs (STR #4223)
- Added a Czech localization (STR #4201)
- Added a French localization (STR #4247)
- Added a Russian localization (STR #4228, STR #4285)
- Updated the Catalan localization (STR #4202)
- Local certificate authentication did not guard against an empty
  certification file (STR #4293)
- The scheduler did not reject device URIs with spaces.
- Added USB quirk rule for Epson Stylus Photo 750 (STR #4286)
- The IPP backend could crash if the printer disconnects early
  (STR #4284)
- cupsGetPPD did not work with statically-configured CUPS shared
  queues (STR #4178)
- The scheduler did not support long MIME media types (STR #4270)
- The cupsfilter command did not set the CHARSET environment variable
  for the text filters (STR #4273)
- The lp command did not show errors for unknown "--foo" (STR #4261)
- Bad IPP responses could crash ipptool (STR #4262)
- Updated USB quirk rules for Canon and Xerox printers (STR #4217,
  STR #4263)
- Added USB blacklisting for printers that require a custom backend
  (STR #4218)
- The PPD compiler did not correctly JCL options (STR #4115, STR #4203)
- The ipptool program now supports DEFINE-MATCH and DEFINE-NO-MATCH
  predicates for STATUS directives.
- Fixed a problem with local Kerberos authentication (STR #4140)
- Coverity scan: fixed some minor issues (STR #4242)
- The scheduler did not remove color profiles after deleting a printer
  (STR #4232, STR #4276)
- The CUPS library did not always detect a timed out connection to the
  server which could cause temporary loss of printing from applications
  (STR #4187)
- The ipptool program now supports variable substitution in OPERATION
  and DELAY directives (STR #4175)
- The IPP backend now stops queues when the server configuration
  prevents successful job submission (STR #4125)
- The XML output of ipptool contained empty dictionaries (STR #4136)
- The scheduler did not delete job control backup files (STR #4244)
- cupsGetPPD3 could return a local PPD instead of the correct remote
  PPD.
- The scheduler incorrectly advertised auth-info-required for local
  queues needing local authentication (STR #4205)
- CUPS 1.6 clients using the ServerName directive in client.conf did not
  work with CUPS 1.3.x or older servers (STR #4231, STR #4291)
- The SNMP backend now tries to work around broken printers that use a
  newline to separate key/value pairs.
- The IPP backend did not send a cancel request to printers when a job
  was canceled and the printer did not support Create-Job.
- Fixed EPM packaging files (STR #4199)
- OpenBSD build fix (STR #4195, STR #4196, STR #4197)
- The scheduler could crash when using Avahi (STR #4183, STR #4192,
  STR #4200, STR #4213)
- The IPP backend could get stuck in an endless loop on certain network
  errors (STR #4194)
- 32-bit builds failed on Debian (STR #4133)
- The scheduler no longer accepts or sends job description attributes.
- The IPP backend now works around some conformance issues for broken
  printers (STR #4190)
- cupsBackendReport() now filters out all control characters from the
  reported 1284 device IDs (STR #4124)
- The scheduler no longer allows job-name values that are not valid
  network Unicode strings (STR #4072)
- The web interface did not preserve the order of classes, jobs, or
  printers (STR #4170)
- The network backends now support disabling of SNMP supply level
  queries via the "snmp" URI option (STR #4106)
- The IPP backend did not specify the compression used (STR #4181)
- ipptool did not support octetString values.
- The scheduler did not recognize dnssd: or ipps: URIs as Bonjour shared
  queues (STR #4158)
- Applications could not get the PPD file for statically-configured
  Bonjour-shared print queues (STR #4159)
- The cupsd.conf file included obsolete browsing directives (STR #4157)
- Fixed a USB backend compatibility issue on systems using libusb
  (STR #4155, STR #4191)
- Some Bonjour features were not available on systems with Avahi
  (STR #4156)
- CUPS now includes the port number in the Host: header for HTTP
  requests.
- Fixed REPEAT-MATCH for STATUS and EXPECT - was incorrectly erroring
  out.

CHANGES IN CUPS V1.6.1

- Documentation fix (STR #4149)
- RPM packaging fixes (STR #4129, #4145)
- The Japanese and English web interface headers were swapped
  (STR #4148)

CHANGES IN CUPS V1.6.0

- Document changes (STR #4131)
- Added new Catalan (STR #4107) and Spanish (STR #4137) localizations.

CHANGES IN CUPS V1.6rc1

- Added a new Japanese localization (STR #4122)
- The SNMP backend no longer exits if it is unable to obtain an IPv6
  socket (STR #4109)
- The LPD backend incorrectly used "localhost" in the control file
  instead of the current hostname.

CHANGES IN CUPS V1.6b1

- Documentation updates (STR #3927, STR #3980, STR #4010, STR #4068)
- The scheduler now consolidates all PPD updates from filters at the
  end of the job (STR #4075)
- CUPS now supports color management using colord (STR #3808)
- CUPS now supports Bonjour using Avahi (STR #3066)
- The PreserveJobFiles and PreserveJobHistory directives now support
  specification of a time interval (STR #3143)
- PPD files can now be archived in (gzip'd) tar files to further reduce
  the disk space used by PPD files (STR #3772)
- The network backends now deal with printers that report their levels
  in percent but do not specify a maximum capacity of 100 (STR #3551)
- The network backends now report full/almost-full waste bins in
  printers along with end-of-life for cleaning pads (STR #4017)
- Added a configure option to set the permissions of the installed
  cupsd (STR #3459)
- Added a new WITH-ALL-VALUES directive to ipptool EXPECT predicates
  (STR #3949)
- CUPS now supports a User directive in client.conf and the CUPS_USER
  environment variable for overriding the default username (STR #3114)
- Now set the PJL USERNAME variable as needed (STR #3100)
- Added support for usernames and passwords longer than 32 characters
  (STR #2856)
- Added a new MaxHoldTime directive to automatically cancel jobs that
  have been held indefinitely after a specific number of seconds
  (STR #2291)
- The LPD backend now uses the originating host name when it is not the
  local system (STR #2053)
- CUPS now prefers the suffix "dpcm" when reporting resolution in dots-
  per-centimeter (STR #4006)
- The configure script and build system no longer support building of
  separate 32-bit and 64-bit libraries.
- The "brightness", "columns", "fitplot", "gamma", "hue",
  "natural-scaling", "penwidth", "position", "ppi", "saturation", and
  "scaling" options are not longer supported (STR #4010)
- The "page-bottom", "page-left", "page-right", "page-top",
  "prettyprint", and "wrap" options have been deprecated (STR #4010)
- The scheduler now reports the standard "number-of-documents" attribute
  instead of the CUPS-specific "document-count" attribute in
  job objects.
- Added new destination connection and enumeration functions (STR #3924)
- Added new option, localization, and job submission functions that do
  not depend on PPD files (STR #3925)
- Added a new MaxJobTime directive for cupsd that specifies the maximum
  amount of time allowed for a job to complete before it is canceled.
- The default password callback now supports passwords up to 127
  characters.
- The scheduler now supports a DefaultAuthType of "auto" to
  automatically choose between Basic (username/password) and Negotiate
  (Kerberos) authentication.
- cupsSideChannelSNMPGet/Walk now support OIDs and values up to 64k in
  length.
- CUPS no longer supports automatic remote printers or implicit classes
  via the CUPS, LDAP, or SLP protocols (STR #3922, STR #3923)
- The PPD APIs are now deprecated and will be removed in a future
  version of CUPS (STR #3927)
- The default IPP version for requests is now 2.0 (STR #3929)
- The IPP APIs no longer expose the ipp_t or ipp_attribute_t structures
  and instead provide accessor functions (STR #3928)
- The scheduler will no longer run programs with group write permission.
- The PHP module has been removed (STR #3932)
- The bannertops, commandtoescpx, commandtopclx, imagetops,
  imagetoraster, pdftops, rastertoescpx, rastertopclx, and texttops
  filters have been removed (STR #3930)
- The serial and parallel backends have been removed (STR 3935)

(wiz)

Updated textproc/diffstat to 1.59

(wiz)

Update to 1.59:

2014/06/05 (diffstat 1.59)
+ add -E option to filter escape-sequences, e.g., from colordiff
  (Ubuntu #1304262).

+ merge/adapt improvments to makefile and configure script from
  openembedded.org (forwarded by Ross Burton).
  + remove unused $(libdir) from makefile "installdirs" target
  + amend definition in CF_POPEN_TEST to permit use of autoheader.
  + workaround for gratuitous renaming of AC_ACVERSION in 2.69

+ added "docs" rule to makefile

+ improvements to configure macros:
  + added check for -Wlogical-op to gcc warnings
  + suppress check for defining _XOPEN_SOURCE on Solaris
  + trim an unwanted -no-gcc option for Intel compiler

+ update config.guess, config.sub

2013/10/28 (diffstat 1.58)
+ add COPYING file (request by Dagobert Michelsen).

+ improved portability for cross-compiling, by supplying missing
  getopt function as well as improving checks for popen/pclose
  prototypes.

+ updated configure macros, e.g., for MingW and MSYS fixes.

+ update config.guess, config.sub

(wiz)

+ Mesa-10.1.5, MesaLib-10.1.5, cvs-fast-export-1.11, diffstat-1.59,
  glu-10.1.5, kpcli-2.6, mined-2014.24.

(wiz)

Re-add JCE
Noted by David Sainty, thank you.

(ryoon)

Updated x11/xscope to 1.4.1

(wiz)

Update to 1.4.1:

This version corrects several bugs which caused xscope to incorrectly
decode some protocol replies or events, and fixes a build issue on Solaris.

(wiz)

Updated x11/libICE to 1.0.9

(wiz)

Update to 1.0.9:

This release fixes a number of issues found by static analysis and
compiler warnings, and other minor code cleanups.  On systems with
arc4random() in either libc or libbsd, it will now use that function
for generating authentication cookies.

(wiz)

Update to 3.10

Changelog:
3.10: 2014-04-19
    Finer control over filtering with caC flags.
    New setfield command for tweaking object attributes from lift scripts.

3.9: 2014-04-12
    The attribution-parsing code handles odd characters in names better now.
    The filter command can operate on email addresses as well as names.
    New 'stamp' command to report action stamps of commits.
    New 'count' comment reports selection-set counts.
    New branchify_mapping option for renaming Subversion branches on analysis.

(ryoon)

Updated www/apache-tomcat7 to 7.0.54

(ryoon)

Update to 7.0.54

* Fix CVE-2014-0119

Changelog:
Tomcat 7.0.54 (violetagg)

    Catalina

        fix Fix custom UTF-8 decoder so that a byte of value 0xC1 is always rejected immediately as it is never valid in a UTF-8 byte sequence. Update UTF-8 decoder tests to account for UTF-8 decoding improvements in Java 8. The custom UTF-8 decoder is still required due to bugs in the UTF-8 decoder provided by Java. Java 8's decoder is better than Java 7's but it is still buggy. (markt)
        fix 56027: Add more options for managing FIPS mode in the AprLifecycleListener. (schultz/kkolinko)
        fix 56321: When a WAR is modified, undeploy the web application before deleting any expanded directory as the undeploy process may refer to classes that need to be loaded from the expanded directory. If the expanded directory is deleted first, any attempt to load a new class during undeploy will fail. (markt)
        fix 56339: Avoid an infinite loop if an application calls session.invalidate() from the session destroyed event for that session. (markt)
        update 56365: Simplify file name pattern matching code in StandardJarScanner. Ignore leading and trailing whitespace and empty strings when configuring patterns. Improve documentation. (kkolinko)
        fix 56369: Ensure that removing an MBean notification listener reverts all the operations performed when adding an MBean notification listener. (markt)
        add 56382: Information about finished deployment and its execution time is added to the log files. Patch is provided by Danila Galimov. (violetagg)
        add 56383: Properties for disabling server information and error report are added to the org.apache.catalina.valves.ErrorReportValve. Based on the patch provided by Nick Bunn. (violetagg/kkolinko)
        fix Only create XML parsing objects if required and fix associated potential memory leak in the default Servlet. (markt)
        fix Modify generic exception handling so that StackOverflowError is not treated as a fatal error and can handled and/or logged as required. (markt)
        fix 56409: Avoid StackOverflowError on non-Windows systems if a file named \ is encountered when scanning for TLDs. (markt)
        add 56430: Extend checks for suspicious URL patterns to include patterns of the form *.a.b which are not valid patterns for extension mappings. (markt)
        add Extend XML factory, parser etc. memory leak protection to cover some additional locations where, theoretically, a memory leak could occur. (markt)
        fix Ensure that a TLD parser obtained from the cache has the correct value of blockExternal. (markt)
        fix 56441: Raise the visibility of exceptions thrown when a problem is encountered calling a getter or setter on a component attribute. The logging level is raised from debug to warning. (markt)
        fix 56451: Make resources accessed via a context alias accessible via JNDI in the same way standard resources are available. (markt)
        add 56463: Property for disabling server information is added to the DefaultServlet. Server information is presented in the response sent to the client when directory listings is enabled. (violetagg)
        add Add the org.apache.naming package to the packages requiring code to have the defineClassInPackage permission when running under a security manager. (markt)
        add Add the org.apache.naming.resources package to the packages requiring code to have the accessClassInPackage permission when running under a security manager. (markt)
        fix Make the naming context tokens for containers more robust. Require RuntimePermission when introducing a new token. (markt/kkolinko)
        fix 56472: Allow NamingContextListener to clean up on stop if its start failed. (kkolinko)
        add 56492: Avoid eclipse debugger pausing on uncaught exceptions when tomcat renews its threads. (slaurent)
        fix Minor fixes to ThreadLocalLeakPreventionListener. Do not trigger threads renewal for failed contexts. Do not ignore threadRenewalDelay setting. Improve documentation. (kkolinko)
        fix Correct regression introduced in r797162 that broke authentication of users when using the JAASMemoryLoginModule. (markt)
        fix 56501: HttpServletRequest.getContextPath() should return the undecoded context path used by the user agent. (markt)
        fix 56523: When using SPNEGO authentication, log the exceptions associated with failed user logins at debug level rather than error level. (markt)
        fix 56536: Ensure that HttpSessionBindingListener.valueUnbound() uses the correct class loader when the SingleSignOn valve is used. (markt)

    Coyote

        add 56399: Assert that both Coyote and Catalina request objects have been properly recycled. (kkolinko)
        fix 56416: Correct documentation for default value of socket linger for the AJP and HTTP connectors. (markt)

    Jasper

        fix 56334: Fix a regression in the handling of back-slash escaping introduced by the fix for 55735. (markt/kkolinko)
        fix 56425: Improve method matching for EL expressions. When looking for matching methods, an exact match between parameter types is preferred followed by an assignable match followed by a coercible match. (markt)
        fix Correct the handling of back-slash escaping in the EL parser and no longer require that \$ or \# must be followed by { in order for the back-slash escaping to take effect. (markt)
        fix 56529: Avoid NoSuchElementException while handling attributes with empty string value in custom tags. Patch provided by Hariprasad Manchi. (violetagg)

    Cluster

        fix Remove cluster and replicationValve from cluster manager template. These instance are not necessary to template. (kfujino)
        fix Add support for cross context session replication to org.apache.catalina.ha.session.BackupManager. (kfujino)
        fix Remove the unnecessary cross context check. It does not matter whether the context that is referenced by other context is set to crossContext=true. The context that refers to the different context must be set to crossContext=true. (kfujino)
        code Move to org.apache.catalina.ha.session.ClusterManagerBase common logics of org.apache.catalina.ha.session.BackupManager and org.apache.catalina.ha.session.DeltaManager. (kfujino)
        code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster. In order to add or remove cluster valve to Container, use pipeline instead of IntrospectionUtils. (kfujino)
        fix There is no need to set cluster instance when SimpleTcpCluster.unregisterClusterValve is called. Set null than cluster instance for cleanup. (kfujino)
        code Backport refactoring of AbstractReplicatedMap to implement Map rather than extend ConcurrentHashMap to enable Tomcat 7 to be built with Java 8. (markt)

    WebSocket

        fix 56343: Avoid a NPE if Tomcat's Java WebSocket 1.0 implementation is used with the Java WebSocket 1.0 API JAR from the reference implementation. (markt)
        fix Increase the default maximum size of the executor used by the WebSocket implementation for call backs associated with asynchronous writes from 10 to 200. (markt)
        add Add a warning if the thread group created for WebSocket asynchronous write call backs can not be destroyed when the web application is stopped. (markt)
        fix Ensure that threads created to support WebSocket clients are stopped when no longer required. This will happen automatically for WebSocket client connections initiated by web applications but stand alone clients must call WsWebSocketContainer.destroy(). (markt)
        fix 56449: When creating a new session, add the message handlers to the session before calling Endpoint.onOpen() so the message handlers are in place should the onOpen() method trigger the sending of any messages. (markt)
        fix 56458: Report WebSocket sessions that are created over secure connections as secure rather than as not secure. (markt)
        fix Stop threads used for secure WebSocket client connections when they are no longer required and give them better names for easier debugging while they are running. (markt)

    Web applications

        fix Add Support for copyXML attribute of Host to Host Manager. (kfujino)
        fix Ensure that "name" request parameter is used as a application base of host if "webapps" request parameter is not set when adding host in HostManager Application. (kfujino)
        fix Correct documentation on Windows service options, aligning it with Apache Commons Daemon documentation. (kkolinko)
        update 55215: Improve log4j configuration example. Clarify access logging documentation. Based on patches provided by Brian Burch. (kkolinko)
        update 55383: Backport improved HTML markup for tables and code fragments from Tomcat 8 documentation. (kkolinko)
        fix 56418: Ensure that the Manager web application does not report success for a web application deployment that fails. (slaurent)
        fix Fix target and rel attributes on links in documentation. They were lost during XSLT transformation. (kkolinko)
        update Improve valves documentation. Split valves into groups. (kkolinko)

    Other

        fix Align DisplayName of Tomcat installed by service.bat with one installed by the *.exe installer. Print a warning in case if neither server nor client jvm is found by service.bat. (kkolinko)
        update 56363: Update to version 1.1.30 of Tomcat Native library. (schultz)
        update Update package renamed Apache Commons BCEL to r1593495 to pick up some additional changes for Java 7 support and some code clean up. (markt)
        add In tests: allow to configure directory where JUnit reports and access log are written to. (kkolinko)

(ryoon)

Updated fonts/umefont-ttf to 0.463

(ryoon)

Update to 0.463

Status:
Unadjusted glyph: Unicode 7b27-9398

(ryoon)

Add portals option

(ryoon)

Updated lang/gawk to 4.1.1

(ryoon)

Update to 4.1.1

Changelog:
Changes from 4.1.0 to 4.1.1
---------------------------

1. The "stat" extension now includes a "devbsize" element which indicates
  the units for the "nblocks" element.

2. The extension facility now works on MinGW. Many of the extensions can be
  built and used directly.

3. A number of bugs in the pretty-printing / profiling code have been fixed.

4. Sockets and two-way pipes now work under MinGW.

5. The debugger now lists source code correctly under Cygwin.

6. Configuration and building with the Mac OS X libreadline should work now.

7. The -O option now works again.

8. The --include option, documented since 4.0, now actually works.

9. Infrastructure updated to automake 1.13.4, bison 3.0.2, and
  libtool 2.4.2.418.

10. The configure script now accepts a --disable-extensions option,
    which disables checking for and building the extensions.

11. The VMS port has been considerably improved. In particular config.h
    is now generated by a DCL script. Also, the extension facility works
    and several of the extensions can be built and used. Currently, the
    extension facility only works on Alpha and Itanium.

12. The API now provides functions pointers for malloc(), calloc(),
    realloc() and free(), to insure that the same memory allocation
    functions are always used. This bumps the minor version by one.

13. The printf quote flag now works correctly in locales with a different
    decimal point character but without a thousands separator character.
    If the thousands separator is a string, it will be correctly added
    to decimal numbers.

14. The readfile extension now has an input parser that will read whole
    files as a single record.

15. A number of bugs have been fixed. See the ChangeLog.

(ryoon)

Versioned files should be in the second field. Fixes pkg/48869.

(alnsn)

+grive

(abs)

Updated sun-{jre,jdk}7 to 7.0.60

(ryoon)

Update to 7.0.60

* PLIST.linux-i386 and PLIST.linux-x86_64 are confirmed.

Changelog: http://www.oracle.com/technetwork/java/javase/7u60-relnotes-2200106.html
Java SE Development Kit 7, Update 60 (JDK 7u60)

The full version string for this update release is 1.7.0_60-b19 (where "b" means "build"). The version number is 7u60.
Highlights

This update release contains several enhancements and changes including the following:

  Java Mission Control
  New Features and Changes

IANA Data 2014b

JDK 7u60 contains IANA time zone data version 2014b. For more information, refer to Timezone Data Versions in the JRE Software.

JavaFX

This JDK release includes JavaFX version 2.2.60.
Java Mission Control

This JDK release includes Java Mission Control(JMC) version 5.3. For more information, see JMC 5.3 Release Notes.
New Features and Changes

Java ignores deployment.expiration.check.enabled property for first launch

If you have an older version of Java and expiration check is turned off through deployment.properties file, Java may ignore this property for first launch.

To ensure that expiration check is disabled, use the following Java Web Start command:
javaws -userConfig deployment.expiration.check.enabled false

If this property is changed in the deployment.properties file, open the Java Control Panel before starting an application to ensure that the native cache is synchronized with the file. For more information, see Deployment Configuration File and Properties.
New flags added to Java Management API

The flags MinHeapFreeRatio and MaxHeapFreeRatio have been made manageable. This means they can be changed at runtime using the management API in Java. Support for these flags have also been added to the ParallelGC as part of the adaptive size policy.
Bug Fixes

For a list of bug fixes included in this release, see JDK 7u60 Bug Fixes page.

The following are some of the notable bug fixes in this release:

Area: security-libs/java.security
Synopsis: Realm.getRealmsList returns realms list in wrong order

Java does not support the [capaths] section in krb5.conf correctly if there are more then one intermediate realm between the client realm and the server realm.

See 8012615.

(ryoon)

ASCIIfy for Python 3.x.

(joerg)

Dictionary comprehension is not supported by Python 2.6, avoid.

(joerg)

Python 3.x build needs expat.

(joerg)

Don't use set literal syntax not supported by Python 2.6.

(joerg)

Updated security/py-keyring to 3.8

(wiz)

Update to 3.8:

3.8
---

* Issue #22: Deprecated loading of config from current directory. Support for
  loading the config in this manner will be removed in a future version.
* Issue #131: Keyring now will prefer ``pywin32-ctypes
  <https://pypi.python.org/pypi/pywin32-ctypes>``_ to pywin32 if available.

(wiz)

Updated net/gupnp to 0.20.12

(wiz)

Update to 0.20.12:

0.20.12
=======

Changes since 0.20.11:

- Several documentation fixes.
- Fix warning from clang.
- Prevent a critical if there's no DBus available and a DBus-based context
  manager is used.
- Don't try to use a DBus context manager if we don't have a system bus.
- Use g_return_val_if_fail.
- Fix a small leak of CallbackData in GUPnPServiceProxy.
- Add a gupnp_service_proxy_add_notify_full variant to be nice to
  gobject-introspection.
- Several code cleanups.
- Fix a reference leak in ACL.
- Make "document" property of GUPnPDeviceInfo readable.
- Add gupnp_service_proxy_add_raw_notify which can be used to get the raw
  xmlDoc received through notification.

Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=701446
- https://bugzilla.gnome.org/show_bug.cgi?id=706123
- https://bugzilla.gnome.org/show_bug.cgi?id=706127
- https://bugzilla.gnome.org/show_bug.cgi?id=727709
- https://bugzilla.gnome.org/show_bug.cgi?id=729827
- https://bugzilla.gnome.org/show_bug.cgi?id=730359
- https://bugzilla.gnome.org/show_bug.cgi?id=730690

All contributors to this release:
- Jens Georg <mail@jensge.org>
- Philip Withnall <philip.withnall@collabora.co.uk>

0.20.11
=======

Changes since 0.20.10:

- Disable the Unix context manager on Android.
- Fix Windows compilation.
- Fix a memory leak in Linux context manager.
- Fix libuuid dependencies in pkg-config files.
- Implement a simple ACL infrastructure.

Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=711027
- https://bugzilla.gnome.org/show_bug.cgi?id=723715
- https://bugzilla.gnome.org/show_bug.cgi?id=727539
- https://bugzilla.gnome.org/show_bug.cgi?id=728889

All contributors to this release:
- Philip Withnall <philip.withnall@collabora.co.uk>
- Jens Georg <mail@jensge.org>
- Olivier Cr棚te <olivier.crete@collabora.com>
- Luciana Fujii <luciana.fujii@collabora.com>

(wiz)

Updated x11/xterm to 305

(wiz)

Update to 305:

This release reviewed/improved features reset on "hard reset" and
implemented four SGRs, for completeness. There were several other
minor fixes/improvements.

(wiz)

Updated math/py-mpmath to 0.18

(wen)

Updated math/py-mpmath to 0.18

(wen)

Update to 0.18

Upstream changes:
--0.18--
Released December 31, 2013

Linear algebra:
* added qr() for matrix QR factorization (contributed by Ken Allen)
* added functions eigsy(), eighe(), eig() to compute matrix
  eigenvalues (contributed by Timo Hartmann)
* added functions svd(), svd_r(), svd_c() for singular value
  decomposition of matrices (contributed by Timo Hartmann)
* added calculation of Gaussian quadrature rules for various weight
  functions (contributed by Timo Hartmann)
* improved precision selection in exp_pade() (contributed by
  Mario Pernici)

Special functions:
* fixed ellippi() to return an inf instead of raising an exception
* fixed a crash in zeta() with huge arguments
* added functions for computing Stirling numbers
  (stirling1(), stirling2())
* improved the computation of zeros of zeta at high precision
  (contributed by Juan Arias de Reyna)
* fixed zeta(-x) raising an exception for tiny x
* recognize when lerchphi() can call zeta() or polylog(),
  handling those cases faster

Compatibility:
* fixed gmpy2 compatibility issues (contributed by Case Van Horsen)
* better solutions for python 2/3 compatibility,
  using Benjamin Peterson's six.py
* fixes to allow mpmath to run in non-sage mode when sage is available
* support abstract base classes (contributed by Stefan Krastanov)
* use new-style classes to improve pypy performance

Other:
* added Levin, Sidi-S and Cohen/Villegas/Zagier series
  transformations (contributed by Timo Hartmann)
* added isfinite() utility function
* fixed a problem with bisection root-finding
* fixed several documentation errors
* corrected number of coefficients returned by diffs() with
  method='quad'
* fixed repr(constant) being slow at high precision
* made intervals hashable

(wen)

Updated textproc/kakasi to 2.3.6

(obache)

Update KAKASI to 2.3.6.
(in addtion to backported patches, dropped prototype patch of kakasi_do().
Its committer doesn't know the reason anymore, and implemented part patches
had been merged long time ago with
  "patch-aa and patch-ac patched the same file.  Merge them"
but patch-aa was for lib/libkakasi.c, and patch-ac is for src/kakasi.c.
From no problem reportes, it is considered this patch set is not relevant).

Changes from KAKASI 2.3.5 to 2.3.6

* Check runtime environment for test codes, and skip impossible tests.

* With configure, check compiler supported option.
  (for the issue old gcc cannot accept -Wno-unused-result option)

* Fixed to check iconv availability at configure instead of autconf.

* Fixed and added manual (by Osamu Aoki).

* Fixed a bug to ouput redundant delimiter at wakatigaki if the line
  start with ASCII character.

* Changed unitptr_t from macro to typedef (to avoid the issue that
  come compilers cannot handle such macro)

* Fixed missing iconv related casts.

Changes from KAKASI 2.3.4 to 2.3.5

* Added UTF-8 input/output support (iconv is required)

* Improve handling of japanese long-vowel.

* Fixed bug of do_kakasi(), may return invald memory area.

* Fixed a wrong entriy in kakasidict.

* Fixed bad hepburn romaji table.

* Added use_old_romaji_table variable and -t option.

* Fixed segfault on invalid SS2 sequences.

* Fixes warnings at compile.

* Added a test script.

* Added -S option for mutable separator (with -w or -s option).

* Added -l and -L option for level furigana and hiragana conversion.
  (See doc/README.level for more information)

* Newly added -F option for mutable parentheses around furigana
  (with -JH -f or -L option).

* Added -y option to display all yomi per one Kanji.

* Add endian independent dictionary format support.

* Fixed bad hepburn romaji table.
  (specify -t option fo use  old romaji table)

(obache)

+ chicken-4.9.0, doclifter-2.15, fotoxx-14.06, gcompris-14.05,
  gettext-0.19, gif2png-2.5.9, gnupg2-2.0.23, grep-2.20, irssi-0.8.16
  [pkg/48866], libmicrohttpd-0.9.37, samba-4.1.8, sun-jdk7-7.0.60,
  sun-jre7-7.0.60, tor-0.2.4.22, xterm-305.

(wiz)

Updated emulators/suse131_openssl to 13.1nb8

(obache)

Apply openSUSE-SU-2014:0764-1
openSUSE Security Update: openssl: update to version 1.0.1h

Description:

  The openssl library was updated to version 1.0.1h fixing various security
  issues and bugs:

  Security issues fixed:
  - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
    crafted handshake can force the use of weak keying material in OpenSSL
    SSL/TLS clients and servers.
  - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
    handshake to an OpenSSL DTLS client the code can be made to recurse
    eventually crashing in a DoS attack.
  - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
    overrun attack can be triggered by sending invalid DTLS fragments to an
      OpenSSL DTLS client or server. This is potentially exploitable to run
      arbitrary code on a vulnerable client or server.
  - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
    ciphersuites are subject to a denial of service attack.

Bump PKGREVISION.

(obache)

Updated x11/libXft to 2.3.2

(wiz)

Update to 2.3.2:
This release fixes a build issue with FreeType 2.5.1 & later, and
fixes the prototypes in the man page for XftDrawString8 & XftDrawRect.

(wiz)

Let application restart work on MacOS X < 10.6

MacOS X < 10.6 had an undocumented behavior concerning execve(2)
inside a threaded process. If a process tried to call execve(2) and
had more than one active thread, the kernel returned ENOTSUP. So we
have to either fork(2) or vfork(2) before calling execve(2) to make
sure the caller is single-threaded as otherwise the application fails
to restart itself.

(pho)

Requiring pcre 8.11 is no longer enough.  gregex.c refers symbol
PCRE_INFO_MAXLOOKBEHIND which is introduced in pcre 8.31.

(enami)

Don't build a shared library under Solaris 10.

This should work around PR pkg/48732 until we have a beter solution
e.g. building this package with "libtool".

(tron)

Don't force std::pow into the global namespace. See comment for further
details.

(joerg)

Doesn't work with current QWT, mark as explicitly broken.

(joerg)

Fix Python != 2.7.

(joerg)

Use '=' instead of '==' in configure for portability

(minskim)

Updated multimedia/libogg to 1.3.2

(wiz)

Update to 1.3.2:

Version 1.3.2 (2014 May 27)

* Fix an bug in oggpack_writecopy().

(wiz)

Updated print/latexmk to 439

(wiz)

Update to 439:

>From v. 4.35 to 4.37
  Correct failure that happens when name of current directory
    contains characters with special meaning in regular expression.
  -rules option now works with -pvc
  Add -lualatex option, like -xelatex.
  File specifications in $clean_ext and $clean_full_ext are allowed
    to contain wildcards.
  Warnings are given when rc file is a directory instead of a file.
  Correct bug that if revtex4-1.cls is used, footnotes are set to
    be in the bibliography, and latexmk's aux_dir or out_dir is set,
    then latexmk fails to run bibtex when needed, because the
    relevant bib file is not found.
  Other minor corrections and code improvements.
  Documentation updates and corrections.

>From v. 4.37 to 4.39
  Automatic creation of necessary subdirectories of auxdir when needed
    for writing aux files.
  Add error diagnostics to if_source
  Allow $print_type = 'auto', and make this the default, so that
    when the -p option to latexmk is used to print the file, the
    default is to determine the type of file to be printed, rather
    than always requiring postscript.
  Fix the failures when dealing with directories whose names contained
    certain special characters in them (notably '[', ']' and space).
    [Technical issue: these characters had special meaning when
    previously interpreted as metacharacters in a glob operation.]
    This gives dependency on Perl's File::Glob module, which is a
    standard module in normal installations of Perl.
  When an output directory is a subdirectory of a directory, ensure
    that it is correctly created, if it has to be created.
    Previously, the creation of the output directory when it does not
    exist only worked for one level.
    This gives dependency on Perl's File::Path module with v. >= 2.08,
    which is a standard module in normal installations of Perl.
  In output of dependencies, include pathname of target file(s) in the
    rule.
  In -pvc mode, writing of deps file (caused by the -M and related
    options) is per make not per overall run.

>From v. 4.39 to 4.39 documentation update of 2 Dec 2013
  Correct two errors in documentation and in the file COPYING.

(wiz)