py-altgraph: updated to 0.16.1

0.16.1:
Explicitly mark Python 3.7 as supported in wheel metadata.

0.16:
Add LICENSE file

(adam)

py-lz4: updated to 2.1.0

v2.1.0:
Enhance support for block decompression with unknown size of decompressed data

(adam)

Updated devel/py-serpent, textproc/py-vobject

(adam)

py-vobject: updated to 0.9.6.1

0.9.6.1:
Bug fixes.

(adam)

py-serpent: updated to 1.27

release 1.27:
fixed serialization of unicode elements in dicts and sets (this was a regression on Python 2.x)

release 1.26:
support for enum34 backport library for enums in older python versions.

(adam)

Updated textproc/py-sphinx-rtd-theme, textproc/py-sphinx, textproc/py-openpyxl

(adam)

py-openpyxl: updated to 2.5.5

2.5.5:

Bugfixes
Files with Mac epoch are read incorrectly
Cannot copy merged cells
Cannot access ws.active_cell

Pull Requests
Introduce read-support for images

(adam)

py-sphinx: do not depend on py-sphinx-rtd-theme, but the other way around

(adam)

py-sphinx-rtd-theme: updated to 0.4.1

v0.4.1:

Fixes
Line height adjustments for Liberation Mono

Other Changes
Add Sphinx as a dependency

(adam)

Updated devel/py-async_generator, devel/py-pylint

(adam)

py-pylint: updated to 2.1.1

What's New in Pylint 2.1.1?
* fix pylint crash due to misplaced-format-function not correctly handling class attribute.

(adam)

py-async_generator: updated to 1.10

Async_Generator 1.10:

Features
- Add support for PEP 525-style finalization hooks via
  set_asyncgen_hooks() and get_asyncgen_hooks() functions. On
  Python 3.6+, these are aliases for the versions in sys; on
  Python 3.5, they're work-alike implementations. And,
  @async_generator generators now call these hooks at the
  appropriate times.

Fixes
- Package now properly includes license files.

(adam)

Updated textproc/py-lxml, devel/py-uvloop, devel/waf, www/py-selenium

(adam)

py-selenium: updated to 3.14.0

Selenium 3.14.0
* Fix doc of URL-related ExpectedCondition
* Added ExpectedCondition invisibility_of_element
* Swap out httplib for urllib3
* Be consistent with webdriver init kwarg service_log_path

(adam)

waf: updated to 2.0.10

NEW IN WAF 2.0.10
* Add a task semaphore system
* Fix --help when no wscript is supplied
* Fix Fortran processing with generated Fortran files

(adam)

py-uvloop: updated to 0.11.1

v0.11.1:

Bug Fixes
Fix server to shutdown when alive connections exist
Fix a few bugs and crashes in UDP layer
Fix FD leakage if spawning a subprocess fails
Fix libuv process handles leak when uv_spawn() fails

(adam)

py-lxml: updated to 4.2.4

4.2.4:
Features added
* Allow using pkg-config for build configuration.

Bugs fixed
* Crash when moving an element to another document with
  Element.insert().

(adam)

Updated security/py-asn1, security/py-asn1-modules

(adam)

py-asn1-modules: updated to 0.2.2

Revision 0.2.2:
- Copyright notice extended to the year 2018
- Migrated references from SourceForge
- rfc2986 module added

(adam)

py-asn1: updated to 0.4.4

Revision 0.4.4:
- Fixed native encoder type map to include all ASN.1 types
  rather than just ambiguous ones
- Fixed crash in .prettyPrint of Sequence and Set occurring
  at OPTIONAL components

(adam)

Updated emulators/atari800, net/lftp

(adam)

lftp: updated to 4.8.4

Version 4.8.4:
* fixed a security vulnerability with "file:" file names.
* fixed mirror --flat.
* http: extract links from <source> tags.
* fixed upload of zero-length files over ftps.
* fixed assert on "mput -d".
* fixed a core dump.
* avoid multiple backup files of DHT cache.
* translations updated (uk, zh_CN).

(adam)

atari800: updated to 4.0.0

Version 4.0.0:

This release brings four years of hard work of fellow Atari800 developers
on improvements and bugfixes of our favorite Atari emulator.

Ports to Atari ST/TT/Falcon, Android, Raspberry Pi and Sega Dreamcast
have been improved (some of them greatly).

CPU, SIO, ANTIC, GTIA, POKEY and PIA emulation has been corrected.

Atari800 now includes Altirra BIOS so it is now possible to run *some*
programs even without installing the original ROM files.

The total number of changes is so huge that major version bump was necessary.

Contrary to usual NEWS entries here follows a very incomplete list. It might
be updated in later releases. In the meantime please read DOC/ChangeLog
and the commit history in git for complete list of changes.

This release contains breaking changes in color handling. Users updating from
an earlier version should reset their color settings, or else the display
might be unreadable. To reset the color settings, do one of these:
* Select one of the presets available in the menu option "Display settings"->
  "Color preset"; or
* Run atari800 with the -color-preset command-line option, e.g.:
  atari800 -colors-preset standard; or
* Delete the emulator's config file (.atari800.cfg). Caution: you'll lose
  all Atari800 settings!

New features:
-------------
* Support for loading of CAS images with "fsk" chunks - images of
  copy-protected tapes can now be loaded, with SIO patch being disabled.
* Bit3 Full View 80 Column card emulation.
* New cartridge type 68: "Atrax 128 KB cartridge".
  Previously existing cartridge type 17: "Atrax 128 KB cartridge" was based
  on a misconception - real Atrax cartridges have their address and data
  lines intermixed, so type 17 could not be used with actual ROM dumps. So,
  type 17 has been renamed to "Decoded Atrax 128 KB cartridge", and new type
  68 has been added, whcih now can be used for Atrax ROM chip dumps.
* New cartridge types supported:
  - aDawliah 32 KB cartridge
  - aDawliah 64 KB cartridge

* new command line switch "-volume" (for 16bit sound output) that can set
  the output volume of the Atari 800 emulator with value from 0 to 100.

Changes:
--------
* The Sound Settings option "Fragment size" has been renamed to less cryptic
  "Hardware buffer size".
* Total emulator volume is lower now because the output has been shifted
  in order to fix a possible annoying humming sound in silence on some
  receivers (TV sets).

Fixes:
------
* Fixed computation of gamma adjustment - now it is applied to each of the
  three RGB channels separately.
* On systems that support synchronized sound: Fixed the emulator crashing
  when Dual POKEY was enabled while High Fidelity POKEY was turned off.
* Improve screen update routines in the Dreamcast port. They don't use
  DIRTYRECT anymore but are faster than the old routines when the whole
  screen is dirty.

(adam)

Updated graphics/py-blockdiag, devel/py-dash

(adam)

py-dash: updated to 4.7.1

v4.7.1:
New Features
- Modify to_dict to first try to convert using dict() before falling back to using pydash.helpers.iterator().

v4.7.0:
Misc
- Internal code optimizations.

(adam)

py-blockdiag: updated to 1.5.4

1.5.4:
- Fix Python 3.7 compatibility

(adam)

Updated fonts/py-fonttools, devel/py-test-xdist, devel/py-test, devel/py-test-asyncio, devel/py-pluggy, devel/py-test-relaxed

(adam)

py-test-relaxed: updated to 1.1.4

1.1.4:
- :support:- backported Add missing universal wheel indicator in setup
  metadata.

1.1.3:
- :bug:- Fix the @raises helper decorator so it actually raises an
  exception when the requested exception is not raised by the decorated
  function. That's definitely not a confusing sentence.

(adam)

py-test: bump py-pluggy DEPENDS

(adam)

py-pluggy: updated to 0.7.1

pluggy 0.7.1:

Deprecations and Removals
- Deprecate the implprefix kwarg to PluginManager and instead
  expect users to start using explicit HookimplMarker everywhere.

Features
- Add .plugin member to PluginValidationError to access failing plugin during post-mortem.
- Add per implementation warnings support for hookspecs allowing for both
  deprecation and future warnings of legacy and (future) experimental hooks
  respectively.

Bug Fixes
- Fix a bug where _HookCaller.call_historic() would call the proc
  arg even when the default is None resulting in a TypeError.
- Fix problem when handling VersionConflict errors when loading setuptools plugins.

Improved Documentation
- Document how exceptions are handled and how the hook call loop
  terminates immediately on the first error which is then delivered
  to any surrounding wrappers.
- Docs rework including a much better introduction and comprehensive example
  set for new users. A big thanks goes out to @obestwalter for the great work!

Trivial/Internal Changes
- Break up the main monolithic package modules into separate modules by concern
- Automate setuptools wheels building and PyPi upload using TravisCI.
- Reorganize tests more appropriately by modules relating to each
  internal component/feature. This is in an effort to avoid (future)
  duplication and better separation of concerns in the test set.
- Add HookImpl.__repr__() for better debugging.
- Start using towncrier and a custom tox environment to prepare releases!

pluggy 0.7.0 (Unreleased)
* We discovered a deployment issue so this version was never released to PyPI, only the tag exists.

(adam)

py-test-asyncio: updated to 0.9.0

0.9.0:
Python 3.7 support.
Remove event_loop_process_pool fixture and pytest.mark.asyncio_process_pool marker.

(adam)

py-test: updated to 3.7.1

pytest 3.7.1:

Bug Fixes
- Raise immediately if approx() is given an expected value of a type it doesn't understand (e.g. strings, nested dicts, etc.).
- Correctly represent the dimensions of an numpy array when calling repr() on approx().
- Display the absolute path if cache_dir is not relative to the rootdir instead of failing.
- Fix compatibility problem with plugins and the warning code issued by fixture functions when they are called directly.
- Fix infinite recursion in pytest.approx with arrays in numpy<1.13.
- Pin pathlib2 to >=2.2.0 as we require __fspath__ support.
- Fix TypeError when the assertion message is bytes in python 3.

pytest 3.7.0:

Deprecations and Removals
- pytest_namespace has been deprecated.
  See the documentation for pytest_namespace hook for suggestions on how to deal
  with this in plugins which use this functionality.
- Calling a fixture function directly, as opposed to request them in a test function, now issues a RemovedInPytest4Warning. It will be changed into an error in pytest 4.0.
  This is a great source of confusion to new users, which will often call the fixture functions and request them from test functions interchangeably, which breaks the fixture resolution model.

Features
- New package fixture scope: fixtures are finalized when the last test of a *package* finishes. This feature is considered **experimental**, so use it sparingly.
- Node.add_marker now supports an append=True/False parameter to determine whether the mark comes last (default) or first.
- Fixture caplog now has a messages property, providing convenient access to the format-interpolated log messages without the extra data provided by the formatter/handler.
- New --trace option to enter the debugger at the start of a test.
- Introduce pytester.copy_example as helper to do acceptance tests against examples from the project.

Bug Fixes
- Fix a bug where fixtures overridden by direct parameters (for example parametrization) were being instantiated even if they were not being used by a test.
- Fix ApproxNumpy initialisation argument mixup, abs and rel tolerances were flipped causing strange comparsion results.
  Add tests to check abs and rel tolerances for np.array and test for expecting nan with np.array()
- Fix truncated locals output in verbose mode.

Improved Documentation
- Correct the usage documentation of --last-failed-no-failures by adding the missing --last-failed argument in the presented examples, because they are misleading and lead to think that the missing argument is not needed.

Trivial/Internal Changes
- Now a README.md file is created in .pytest_cache to make it clear why the directory exists.

(adam)

py-test-xdist: updated to 1.22.5

pytest-xdist 1.22.5:
Bug Fixes
- Revert change that dropped support for pytest<3.4 and require six.
  This change caused problems in some installations, and was a mistaken
  in the first place as we should not change version requirements
  in bug-fix releases unless they fix an actual bug.

pytest-xdist 1.22.4:
Bug Fixes
- Remove last references to obsolete py.code.
  Remove some unnecessary references to py.builtin.
- Workaround cpu detection on Travis CI.

(adam)

py-fonttools: updated to 3.29.0

3.29.0:
- [feaLib] In the OTL table builder, when the name table is excluded
  from the list of tables to be build, skip compiling featureNames blocks,
  as the records referenced in FeatureParams table don't exist.
- [otBase] Try ExtensionLookup if other offset-overflow methods fail.
- [feaLib] Added support for explicit subtable; break statements in
  PairPos lookups; previously these were ignored.
- [cffLib.specializer] Make sure the stack depth does not exceed maxstack - 1,
  so that a subroutinizer can insert subroutine calls.
- [otTables] Added support for fixing offset overflow errors occurring inside
  MarkBasePos subtables.
- [subset] Write the default output file extension based on --flavor option,
  or the value of TTFont.sfntVersion.
- [unicodedata] Updated Blocks, Scripts and ScriptExtensions for Unicode 11.
- [xmlWriter] Added context manager to XMLWriter class to autoclose file
  descriptor on exit.
- [psCharStrings] Optimize the charstring's bytecode by encoding as integers
  all float values that have no decimal portion.
- [ttFont] Fixed missing import of TTLibError exception.
- [feaLib] Allow any languages other than dflt under DFLT script.

(adam)

Updated devel/py-ipython5, textproc/json-c

(adam)

json-c: updated to 0.13.1

0.13.1:
* Bump the major version of the .so library generated up to 4.0 to avoid
  conflicts because some downstream packagers of json-c had already done
  their own bump to ".so.3" for a much older 0.12 release.
* Add const size_t json_c_object_sizeof()
* Avoid invalid free (and thus a segfault) when ref_count gets < 0
* fix handling of custom double formats that include a ".0"
* Avoid uninitialized variable warnings in json_object_object_foreach
* Issue 396: fix build for certain uClibc based systems.
* Add a top level fuzz directory for fuzzers run by OSS-Fuzz

0.13:
This release, being three and a half years after the 0.12 branch (f84d9c),
  has quite a number of changes included.  The following is a sampling of
  the most significant ones.

Since the 0.12 release, 250 issues and pull requests have been closed.
See issues_closed_for_0.13.md for a complete list.

Deprecated and removed features:
--------------------------------
* All internal use of bits.h has been eliminated.  The file will be removed.
        Do not use: hexdigit(), error_ptr(), error_descrition() and it_error()
* lh_abort() is deprecated.  It will be removed.

Behavior changes:
-----------------
* Tighten the number parsing algorithm to raise errors instead of truncating
    the results.  For example 12.3.4 or 2015-01-15, which now return null.
        See commit 99d8fc

* Use size_t for array length and size.  Platforms where sizeof(size_t) != sizeof(int) may not be backwards compatible
        See commits 45c56b, 92e9a5 and others.

* Check for failue when allocating memory, returning NULL and errno=ENOMEM.
        See commit 2149a04.

* Change json_object_object_add() return type from void to int, and will return -1 on failures, instead of exiting. (Note: this is not an ABI change)

New features:
-------------
* We're aiming to follow RFC 7159 now.

* Add a couple of additional option to json_object_to_json_string_ext:
        JSON_C_TO_STRING_PRETTY_TAB
        JSON_C_TO_STRING_NOSLASHESCAPE

* Add a json_object_object_add_ex() function to allow for performance
        improvements when certain constraints are known to be true.

* Make serialization format of doubles configurable, in two different ways:
        Call json_object_set_serializer with json_object_double_to_json_string and a custom
        format on each double object, or
        Call json_c_set_serialization_double_format() to set a global or thread-wide format.

* Add utility function for comparing json_objects - json_object_equal()

* Add a way to copy entire object trees: json_object_deep_copy()
* Add json_object_set_<type> function to modify the value of existing json_object's
without the need to recreate them.  Also add a json_object_int_inc function to
adjust an int's value.
* Add support for JSON pointer, RFC 6901.  See json_pointer.h
* Add a json_util_get_last_err() function to retrieve the string describing the
cause of errors, instead of printing to stderr.
* Add perllike hash function for strings, and json_global_set_string_hash() 8f8d03d
* Add a json_c_visit() function to provide a way to iterate over a tree of json-c objects.

Notable bug fixes and other improvements:
-----------------------------------------
* Make reference increment and decrement atomic to allow passing json objects between threads.
* Fix json_object_object_foreach to avoid uninitialized variable warnings.
* Improve performance by removing unneeded data items from hashtable code and reducing duplicate hash computation.
* Improve performance by storing small strings inside json_object
* Improve performance of json_object_to_json_string by removing variadic printf. commit 9ff0f49
* Issue 371: fix parsing of "-Infinity", and avoid needlessly copying the input when doing so.
* Fix stack buffer overflow in json_object_double_to_json_string_format() - commit 2c2deb87
* Fix various potential null ptr deref and int32 overflows
* Issue 332: fix a long-standing bug in array_list_put_idx() where it would attempt to free previously free'd entries due to not checking the current array length.
* Issue 195: use uselocale() instead of setlocale() in json_tokener to behave better in threaded environments.
* Issue 275: fix out of bounds read when handling unicode surrogate pairs.
* Ensure doubles that happen to be a whole number are emitted with ".0" - commit ca7a19
* for Visual Studio, use a snprintf/vsnprintf wrapper that ensures the string is terminated.
* Fix double to int cast overflow in json_object_get_int64.
* Clamp double to int32 when narrowing in json_object_get_int.
* Use strtoll() to parse ints - instead of sscanf
* Miscellaneous smaller changes, including removing unused variables, fixing warning
about uninitialized variables adding const qualifiers, reformatting code, etc...

(adam)

py-ipython5: updated to 5.8.0

IPython 5.8.0
* Update inspecting function/methods for future-proofing.

(adam)

Updated finance/py-braintree, www/py-beautifulsoup4, devel/py-test-flake8, www/py-MechanicalSoup

(adam)

py-MechanicalSoup: updated to 0.10.0

Version 0.10

Main changes:
Added StatefulBrowser.refresh() to reload the current page with the same request.
StatefulBrowser.follow_link, StatefulBrowser.submit_selected() and the new StatefulBrowser.download_link now sets the Referer: HTTP header to the page from which the link is followed.
Added method StatefulBrowser.download_link, which will download the contents of a link to a file without changing the state of the browser.
The selector argument of Browser.select_form can now be a bs4.element.Tag in addition to a CSS selector.
Browser.submit and StatefulBrowser.submit_selected accept a larger number of keyword arguments. Arguments are forwarded to requests.Session.request.

Internal changes:
StatefulBrowser.choose_submit will now ignore input elements that are missing a name-attribute instead of raising a KeyError.
Private methods Browser._build_request and Browser._prepare_request have been replaced by a single method Browser._request.

(adam)

py-test-flake8: updated to 1.0.2

1.0.2
- Test on Python 3.7
- Escape a regex tring with r""

(adam)

py-beautifulsoup4: updated to 4.6.1

4.6.1:

* Stop data loss when encountering an empty numeric entity, and
  possibly in other cases.

* Preserve XML namespaces introduced inside an XML document, not just
  the ones introduced at the top level.

* Added a new formatter, "html5", which represents void elements
  as "<element>" rather than "<element/>".

* Fixed a problem where the html.parser tree builder interpreted
  a string like "&foo " as the character entity "&foo;"

* Correctly handle invalid HTML numeric character entities
  which reference code points that are not Unicode code points. Note
  that this is only fixed when Beautiful Soup is used with the
  html.parser parser -- html5lib already worked and I couldn't fix it
  with lxml.

* Improved the warning given when no parser is specified.

* When markup contains duplicate elements, a select() call that
  includes multiple match clauses will match all relevant
  elements.

* Fixed code that was causing deprecation warnings in recent Python 3
  versions.

* Fixed a Windows crash in diagnose() when checking whether a long
  markup string is a filename.

* Stopped HTMLParser from raising an exception in very rare cases of
  bad markup.

* Fixed a bug where find_all() was not working when asked to find a
  tag with a namespaced name in an XML document that was parsed as
  HTML.

* You can get finer control over formatting by subclassing
  bs4.element.Formatter and passing a Formatter instance into (e.g.)
  encode().

* You can pass a dictionary of `attrs` into
  BeautifulSoup.new_tag. This makes it possible to create a tag with
  an attribute like 'name' that would otherwise be masked by another
  argument of new_tag.

* Clarified the deprecation warning when accessing tag.fooTag, to cover
  the possibility that you might really have been looking for a tag
  called 'fooTag'.

(adam)

py-braintree: updated to 3.47.0

3.47.0
Add processor respone code and processor response text to authorization adjustments subfield in transaction response.
Add support for Samsung Pay

(adam)

py-pylint: updated to 2.1.0

What's New in Pylint 2.1?

  * trailing-comma-tuple gets emitted for yield statements as well.

  * Get only the arguments of the scope function for redefined-argument-from-local

  * Add a check misplaced-format-function which is emitted if format function is used on
    non str object.

  * chain.from_iterable no longer emits dict-{}-not-iterating when dealing with dict values and keys

  * Demote the try-except-raise message from an error to a warning (E0705 -> W0706)

  * Correctly handle the new name of the Python implementation of the abc module.

    * Modules with __getattr__ are exempted by default from no-member

      There's no easy way to figure out if a module has a particular member when
      the said module uses __getattr__, which is a new addition to Python 3.7.
      Instead we assume the safe thing to do, in the same way we do for classes,
      and skip those modules from checking.

    * Fix a false positive invalid name message when method or attribute name is longer then 30 characters.

    * Include the type of the next branch in no-else-return

    * Fix inconsistent behaviour for bad-continuation on first line of file

    * Fix not being able to disable certain messages on the last line through
      the global disable option

    * Don't emit useless-return when we have a single statement that is the return itself

      We still want to be explicit when a function is supposed to return
      an optional value; even though pass could still work, it's not explicit
      enough and the function might look like it's missing an implementation.

  * Fix false-positive undefined-variable for self referential class name in lamdbas

    * Don't crash when pylint is unable to infer the value of an argument to next()

    * Don't emit not-an-iterable when dealing with async iterators.

      But do emit it when using the usual iteration protocol against
      async iterators.

  * Can specify a default docstring type for when the check cannot guess the type

(adam)

py-astroid: updated to 2.0.2

What's New in astroid 2.0.2?
  * Stop repeat inference attempt causing a RuntimeError in Python3.7

  *  infer_call_result can raise InferenceError so make sure to handle that for the call sites
      where it is used

    infer_call_result started recently to raise InferenceError for objects for which it
    could not find any returns. Previously it was silently raising a StopIteration,
    which was especially leaking when calling builtin methods.
    Since it is after all an inference method, it is expected that it
    could raise an InferenceError rather than returning nothing.

(adam)

Updated databases/redis, graphics/png, graphics/pngcrush

(adam)

pngcrush: updated to 1.8.13

Version 1.8.13 (built with libpng-1.6.32 and zlib-1.2.11)
  Add "exit(0)" after processing "-version" argument, to avoid
    displaying the Usage information
  Fix problem with MacOS prior to Sierra; it uses CLOCK_MONOTONIC
    for some other purpose

Version 1.8.12 (built with libpng-1.6.31 and zlib-1.2.11)
  Added POWERPC-VSX support.
  Report whether using optimizations.
  Added filter_method 6 (same as filter 5 with -speed).
  Added "methods" 149-176 (that use filter_method 6).
  Changed default verbosity from 1 (normal) to 0 (quiet). Use "-v" to get
    the previous default behavior and "-v -v" to get the previous "verbose"
    behavior. The "-s" (silent) and "-q" (quiet) options behave as before.

(adam)

png: updated to 1.6.35

Version 1.6.35:
* Replaced the remaining uses of png_size_t with size_t (Cosmin)
* Fixed the calculation of row_factor in png_check_chunk_length
* Added missing parentheses to a macro definition

(adam)

redis: updated to 4.0.10

Redis 4.0.10 fixes a number of important issues:

* Important security issues related to the Lua scripting engine.
  Please check https://github.com/antirez/redis/issues/5017
  for more information.

* A bug with SCAN, SSCAN, HSCAN and ZSCAN, that may not return all the elements.
  We also add a regression test that can trigger the issue often when present, and
  may in theory be able to find unrelated regressions.

* A PSYNC2 bug is fixed: Redis should not expire keys when saving RDB files
  because otherwise it is no longer possible to use such RDB file as a base
  for partial resynchronization. It no longer represents the right state.

* Compatibility of AOF with RDB preamble when the RDB checksum is disabled.

* Sentinel bug that in some cases prevented Sentinel to detect that the master
  was down immediately. A delay was added to the detection.

* Other minor issues.

(adam)

Updated www/py-django, devel/py-ipython

(adam)

py-ipython: updated to 6.5.0

IPython 6.5.0

Miscellaneous bug fixes and compatibility with Python 3.7.

* Autocompletion fix for modules with out __init__.py
* update the %pastebin magic to use dpaste.com instead of GitHub Gist
  which now requires authentication
* Fix crash with multiprocessing

(adam)

py-django: updated to 1.11.5

1.11.5:
Fix CVE-2018-14574: Open redirect possibility in CommonMiddleware

If the CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.

CommonMiddleware now escapes leading slashes to prevent redirects to other domains.

(adam)

Updated www/py-WebOb, www/py-WebTest

(adam)

py-WebTest: updated to 2.0.30

2.0.30:
- Add Email class for input fields with type "email".
- Documentation bearer token and JWT authorization

(adam)

py-WebOb: updated to 1.8.2

1.8.2:
Bugfix
- SameSite may now be passed as str or bytes to Response.set_cookie and
  cookies.make_cookie. This was an oversight as all other arguments would be
  correctly coerced before being serialized.

(adam)

Updated games/wesnoth

(adam)

wesnoth: updated to 1.14.4

Version 1.14.4
* Security Fixes
  * Fixed Lua being able to escape sandboxing via load/loadstring (CVE-2018-1999023).
* Add-ons server
  * Made it so plain-text .po catalogues in add-ons are detected and added to
    the list of translations for them.
* Campaigns
  * Dead Water:
    * In 'Tirigaz', take the situation into account of orcs being killed either
      first or by undead.
  * Delfador's Memoirs:
    * Fix hero units costing upkeep
  * Eastern Invasion:
    * Fixed missing prisoners and loss of recallable units in 'Captured'.
  * Northern Rebirth:
    * Level 0 units are not available anymore after scenario 5
  * Secrets of the Ancients:
    * Adjust gender of enemies to better match story in S11 & 21
    * Simplify dialog to fix possible confusion in S16
    * Have nagas be able to recruit in S21
  * The South Guard:
    * S4: undead leader won't leave the castle anymore
    * S5: the untypical situation that one can defeat the lich before finding
      Urza Afalas is now handled
  * Under the Burning Suns:
    * S11: added custom graphics for the citadel.
    * S12: clarified the alien bodies' weaknesses.
    * Various visual improvements.
* Editor
  * Fixed saving a map as a scenario not enabling scenario editor tools.
* Graphics
  * New attack animation for the Peasant.
  * Tweaked the Ruffian's attack animation timing.
* Language and i18n
  * Updated translations: British English, Bulgarian, Chinese (Simplified),
    Chinese (Traditional), Czech, French, German, Hungarian, Japanese,
    Scottish Gaelic, Slovak, Spanish
* Lua API
  * Upgrade to Lua 5.3.5.
* Multiplayer server
  * Fixed lobby and whisper messages not having a maximum length.
* User interface
  * Improved the layout of the Statistics dialog.
  * Allow changing dropdown menu selections with the scrollwheel.
  * Fixed lobby chat box scrolling to top on a new message if it isn't at the
    bottom
  * Fixed the unit preview pane not showing the default race icon when detailing
    a single unit's stats.
  * Sort units secondarily by XP in the unit list dialog.
  * Whiteboard related bugfixes
* WML engine
  * Fixed errors about WESNOTH_VERSION not being defined when trying to load
    add-ons that have preprocessor errors.
* Miscellaneous and bug fixes
  * Added an advanced preference to enable experimental PRNG combat.
  * Campfires use illumination instead of a different ToD.
  * Linux builds now enable security hardening by default.
  * Fixed MP admins being unable to observe private games.
  * Fixed MP faction, leader, and leader gender changes persisting even if the
    selection dialog is dismissed.
  * Fixed an issue with positioned sound sources ignoring the volume set in
    Preferences after going off the audible radius and back.
  * Fixed wmllint choking on gzipped binary files (e.g. gzipped tarballs).
  * Fixed wmllint crashing on nonexistent paths provided in the command line.
  * Slight changes to the objectives dialogue
  * Greatly improved touch control support.
  * Fixed wmlindent crashing on nonexistent paths provided in the command line

(adam)

SDL2_mixer: removed unused PKGCONFIG_OVERRIDE lines

(adam)

Updated audio/pulseaudio, print/cups-filters

(adam)

cups-filters: updated to 1.20.4

CHANGES IN V1.20.4
- README: Added link to Issue Tracker on GitHub.
- gstoraster: Removed unneeded "if"s.
- cups-browsed: When checking whether there is already a local
  print queue with the same URI as the one of the discovered
  printer, consider also as equal URI if the URIs only differ
  by use of IPP or IPPS and/or use of HTTPS port 443 instead
  of IPP port 631.
- cups-browsed: Also upgrade from ipp: to ipps: when the ipps:
  URI is on HTTPS port 443 instead of IPP port 631. This is
  common on IPP network printers.
- pdftopdf: Removed support for hardware-implemented reversing
  of page order in PostScript printers. It was once not
  correctly implemented in cups-filters and second, such
  printers are extremely rare, and on Gutenprint PPDs with
  pseudo OutputOrder option hardware reversing was even
  wrongly assumed.
- pdftopdf: Accept option "output-order=normal/reverse" for
  reversing page order and also "page-delivery=
  same-order/reverse-order".
- libcupsfilters: Let the PPD generator add "*PageStackOrder
  ..."  lines to the choices of the "OutputBin" option, to
  mark which output bins need the pages printed in reverse
  order.
- libcupsfilters: Let the PPD generator correctly create a
  "*DefaultOutputOrder: ..."  entry, depending on whether the
  paper is put out face-up or face-down in the default output
  bin.
- libcupsfilters: Fixed human-readable name of the OutputBin
  option in the PPD generator.
- pdftoopvp: Silence compiler warning.
- cups-browsed: If the user modifies/overwrites a print queue
  created by cups-browsed, it will now not only be
  automatically released from the control of cups-browsed, but
  we also create a replacement for our generated local queue
  under a new name.
- cups-browsed: Make URIS for using the implicitclass backend
  correctly working also with queue names containing an '@'
  character.
- braille: Strengthen error checking.
- braille: Index: Replace bogus characters with space.
- braille: Add print and braille page number options.
- braille: Index: Use standard duplex cups option.
- cups-browsed: Moved auto-generation of PPD file for IPP
  network printers from create_remote_printer_entry()
  function to update_cups_queues(). This allows re-creating
  accidentally removed or overwritten local queues without
  losing the PPD file.
- braille: Add option to pick hyphenation rule according to
  current locale and make it the default for second
  translation table.
- braille: Remove generated defs on "make clean".
- braille: Turn non-breakable spaces to spaces.
- braille: Fix character encoding when extracting text. When
  extracing text from a zip file or a pdf, the resulting text
  is always utf-8 independently of the original locale, so we
  need to force that.
- braille: Warn when no text translation was selected in case
  the user didn't notice.
- braille: Fix spurious spacing after last Form-Feed

(adam)

pulseaudio: updated to 12.2

PulseAudio 12.2
The previous release tarball contained a broken configure script, this release
fixes the tarball. There are no changes in the source, except for this NEWS
file update.

PulseAudio 12.1
A bug fix release.
* Fixed crash when switching to A2DP bluetooth profile
* Fixed plugin search path in module-ladspa-sink
* Fixed file permissions for the pipes created by module-pipe-sink and
  module-pipe-source

(adam)

Added devel/py-hamcrest; Updated net/py-twisted

(adam)

py-twisted: updated to 18.7.0

Twisted 18.7.0:

Features
--------
- Cancelling a Deferred returned by twisted.internet.defer.inlineCallbacks now cancels the Deferred it is waiting on.
- twisted.application.internet.ClientService now accepts a function to initialize or validate a connection before it is returned by the whenConnected method as the prepareConnection argument.
- Traceback generated for twisted.internet.defer.inlineCallbacks now includes the full stack of inlineCallbacks generators between catcher and raiser (before it only contained raiser's stack).
- Add optional cwd argument to twisted.runner.procmon.ProcMon.addProcess
- twisted.python.failure.Failure tracebacks generated by coroutines scheduled with twisted.internet.defer.ensureDeferred - i.e. any Deferred-awaiting coroutine - now contain fewer extraneous frames from the trampoline implementation, and correctly indicate the source of exceptions raised in other call stacks - i.e. the function that raised the exception.  In other words: if you 'await' a function that raises an exception, you'll be able to see where the error came from.

Bugfixes
--------
- On UNIX-like platforms, Twisted attempts to recover from EMFILE when accepting connections on TCP and UNIX ports by shedding incoming clients.
- The documentation of IReactorTime.getDelayedCalls() has been corrected to indicate that the method returns a list, not a tuple.
- "python -m twisted web --help" now refers to "--listen" instead of the non-existing "--http"
- twisted.python.htmlizer.TokenPrinter now explicitly works on bytestrings.
- twisted.enterprise.adbapi.ConnectionPool.runWithConnection and runInteraction now use the reactor that is passed to ConnectionPool's constructor.

Improved Documentation
----------------------
- The Twisted Coding Standard now contains examples of how to mark up a feature as added in the next Twisted release.

Deprecations and Removals
-------------------------
- Deprecate direct introspection of ProcMon's processes: processes should not be directly accessed or pickled.
- twisted.internet.address.IPv4Address._bwHack and twisted.internet.address.UNIXAddress._bwHack, as well as the parameters to the constructors, deprecated since Twisted 11.0, have been removed.

(adam)

py-hamcrest: added version 1.9.0

PyHamcrest is a framework for writing matcher objects, allowing you to
declaratively define "match" rules. There are a number of situations where
matchers are invaluable, such as UI validation, or data filtering, but it is in
the area of writing flexible tests that matchers are most commonly used.

When writing tests it is sometimes difficult to get the balance right between
overspecifying the test (and making it brittle to changes), and not specifying
enough (making the test less valuable since it continues to pass even when the
thing being tested is broken). Having a tool that allows you to pick out
precisely the aspect under test and describe the values it should have, to a
controlled level of precision, helps greatly in writing tests that are "just
right." Such tests fail when the behavior of the aspect under test deviates
from the expected behavior, yet continue to pass when minor, unrelated changes
to the behaviour are made.

(adam)

Updated devel/py-archinfo, devel/py-requests-mock

(adam)

py-requests-mock: updated to 1.5.2

1.5.2:
Prelude
Fix py.test plugin with py.test < 3.0

Bug Fixes
Fixed a bug relating to how the pytest version was being discovered that meant new versions of pytest were being treated as old versions and would receive bad configuration.
The py.test plugin was broken when using py.test < 3.0. The version of py.test that ships in EPEL is only 2.7 so we need to make sure we support at least that version.

1.5.1:
New Features
The stream parameter is recorded when the request is sent and available in request history in the same was as parameters like verify or timeout.

(adam)

py-archinfo: updated to 7.8.7.1

7.8.7.1:
Unknown changes.

(adam)

Updated devel/py-test-testmon, devel/py-test-timeout, devel/py-test-xdist

(adam)

py-test-xdist: updated to 1.22.3

pytest-xdist 1.22.3:

Bug Fixes
Fix issue of virtualized or containerized environments not reporting the number of CPUs correctly.

Trivial Changes
Make all classes subclass from object and fix super() call in LoadFileScheduling.

(adam)

py-test-timeout: updated to 1.3.1

1.3.1:
Fix deprecation warning on Python 3.6.
Create a valid tag for the release. Somehow this didn't happen for 1.3.0, that tag points to a non-existing commit.

(adam)

py-test-testmon: updated to 0.9.13

0.9.13:
Encourage bug reporting in the README.

(adam)

Updated databases/py-sqlalchemy, databases/py-alembic

(adam)

py-alembic: updated to 1.0.0

1.0.0:
[feature] [general] For Alembic 1.0, Python 2.6 / 3.3 support is being dropped, allowing a fixed setup.py to be built as well as universal wheels. Pull request courtesy Hugo.

[feature] [general] With the 1.0 release, Alembic窶冱 minimum SQLAlchemy support version moves to 0.9.0, previously 0.7.9.

[bug] [batch] Fixed issue in batch where dropping a primary key column, then adding it back under the same name but without the primary_key flag, would not remove it from the existing PrimaryKeyConstraint. If a new PrimaryKeyConstraint is added, it is used as-is, as was the case before.

(adam)

py-sqlalchemy: updated to 1.2.10

1.2.10:
[orm] [bug] Fixed bug in Bundle construct where placing two columns of the same name would be de-duplicated, when the Bundle were used as part of the rendered SQL, such as in the ORDER BY or GROUP BY of the statement.

[orm] [bug] Fixed regression in 1.2.9 due to 4287 where using a Load option in conjunction with a string wildcard would result in a TypeError.

[sql] [bug] Fixed bug where a Sequence would be dropped explicitly before any Table that refers to it, which breaks in the case when the sequence is also involved in a server-side default for that table, when using MetaData.drop_all(). The step which processes sequences to be dropped via non server-side column default functions is now invoked after the table itself is dropped.

(adam)

www/py-django-cors-headers, www/py-django-extensions

(adam)

py-django-extensions: updated to 2.1.0

2.1.0:
Fix: travis

2.0.9:
Improvement: use README as project description on PyPI

2.0.8:
Please stop using ForeignKeyAutocompleteAdmin edition :-)
Fix: special markers in runserver_plus.rst
Fix: shell_plus, refactor reading pythonrc file outside of exec(compile(...))
Fix: reset_db, fix default utf8 support
Fix: autoslugfield, Fix autoslug generation when existing model is copied
Improvement: Cleanup management commands options after argparse migration 916
Improvement: sqldiff, add more tests
Improvement: sqldiff, add DurationField and SearchVectorField
Improvement: shell_plus, add more tests
Improvement: shell_plus, backport macos fix for tab completion
Improvement: clear_cache, add --all option
Improvement: pipchecker, treat dev versions as unstable
Deprecation: ForeignKeyAutocompleteAdmin, Django 2.0 has similar capabilities, which are much better supported.

(adam)

py-django-cors-headers: updated to 2.4.0

2.4.0:
Always add 'Origin' to the 'Vary' header for responses to enabled URL's, to prevent caching of responses intended for one origin being served for another.

(adam)

Updated devel/py-astroid, devel/py-pylint

(adam)

py-pylint: updated to 2.0.1

2.0.1:
Don't crash when pylint is unable to infer the value of an argument to next()

(adam)

py-astroid: updated to 2.0.1

2.0.1:
Released to clear an old wheel package on PyPI

(adam)

Updated sysutils/dtc, security/py-asyncssh

(adam)

py-asyncssh: updated to 1.13.3

1.13.3:
Added support for setting the Unicode error handling strategy in conjunction with setting an encoding when creating new SSH sessions, streams, and processes. This strategy can also be set when specifying a session encoding in create_server(), and when providing an encoding in the get_comment() and set_comment() functions on private/public keys and certificates.
Changed handling of Unicode in channels to use incrmeental codec, similar to what was previously done in process redirection.
Added Python 3.7 to the list of classifiers in setup.py, now that it has been released.
Updated Travis CI configuration to add Python 3.7 builds, and moved Linux builds on never versions of Python up to xenial.
Added missing coroutine decorator in test_channel.

(adam)

dtc: updated to 1.4.7

1.4.7:
Bug fixes.

(adam)

Updated databases/py-peewee, devel/py-dash

(adam)

py-dash: updated to 4.6.1

v4.6.1:
Misc
- Support Python 3.7.

(adam)

py-peewee: updated to 3.6.4

3.6.4:
Take a whole new approach, following what simplejson does. Allow the
build_ext command class to fail, and retry without extensions in the event we
run into issues building extensions.

3.6.3:
Add check in setup.py to determine if a C compiler is available before
building C extensions.

3.6.2:
Use ctypes.util.find_library to determine if libsqlite3 is installed.
Should fix problems people are encountering installing when SQLite3 is not
available.

3.6.1:
Fixed issue with setup script.

3.6.0:
* Support for Python 3.7, including bugfixes related to new StopIteration
  handling inside of generators.
* Support for specifying ROWS or RANGE window frame types.
* Add APIs for user-defined window functions if using [pysqlite3](https://github.com/coleifer/pysqlite3)
  and sqlite 3.25.0 or newer.
* TimestampField now uses 64-bit integer data-type for storage.
* Added support to pwiz and playhouse.reflection to enable generating
  models from VIEWs.
* Added lower-level database API for introspecting VIEWs.
* Revamped continuous integration setup for better coverage, including 3.7 and
  3.8-dev.
* Allow building C extensions even if Cython is not installed, by distributing
  pre-generated C source files.
* Switch to using setuptools for packaging.

(adam)

Updated databases/py-apsw, www/py-flask

(adam)

py-flask: updated to 1.0.2

Version 1.0.2:
Fix more backwards compatibility issues with merging slashes between a blueprint prefix and route.
Fix error with flask routes command when there are no routes.

Version 1.0.1:
Fix registering partials (with no __name__) as view functions.
Don't treat lists returned from view functions the same as tuples. Only tuples are interpreted as response data.
Extra slashes between a blueprint's url_prefix and a route URL are merged. This fixes some backwards compatibility issues with the change in 1.0.
Only trap BadRequestKeyError errors in debug mode, not all BadRequest errors. This allows abort(400) to continue working as expected.
The FLASK_SKIP_DOTENV environment variable can be set to 1 to skip automatically loading dotenv files.

Version 1.0:
Python 2.6 and 3.3 are no longer supported.
Bump minimum dependency versions to the latest stable versions: Werkzeug >= 0.14, Jinja >= 2.10, itsdangerous >= 0.24, Click >= 5.1.
Skip :meth:app.run <Flask.run> when a Flask application is run from the command line. This avoids some behavior that was confusing to debug.
Change the default for :data:JSONIFY_PRETTYPRINT_REGULAR to False. :func:~json.jsonify returns a compact format by default, and an indented format in debug mode.
:meth:Flask.__init__ <Flask> accepts the host_matching argument and sets it on :attr:~Flask.url_map.
:meth:Flask.__init__ <Flask> accepts the static_host argument and passes it as the host argument when defining the static route.
:func:send_file supports Unicode in attachment_filename.
Pass _scheme argument from :func:url_for to :meth:~Flask.handle_url_build_error.
:meth:~Flask.add_url_rule accepts the provide_automatic_options argument to disable adding the OPTIONS method.
:class:~views.MethodView subclasses inherit method handlers from base classes.
Errors caused while opening the session at the beginning of the request are handled by the app's error handlers.
Blueprints gained :attr:~Blueprint.json_encoder and :attr:~Blueprint.json_decoder attributes to override the app's encoder and decoder.
:meth:Flask.make_response raises TypeError instead of ValueError for bad response types. The error messages have been improved to describe why the type is invalid.
Add routes CLI command to output routes registered on the application.
Show warning when session cookie domain is a bare hostname or an IP address, as these may not behave properly in some browsers, such as Chrome.
Allow IP address as exact session cookie domain.
SESSION_COOKIE_DOMAIN is set if it is detected through SERVER_NAME.
Auto-detect zero-argument app factory called create_app or make_app from FLASK_APP.
Factory functions are not required to take a script_info parameter to work with the flask command. If they take a single parameter or a parameter named script_info, the :class:~cli.ScriptInfo object will be passed.
FLASK_APP can be set to an app factory, with arguments if needed, for example FLASK_APP=myproject.app:create_app('dev').
FLASK_APP can point to local packages that are not installed in editable mode, although pip install -e is still preferred.
The :class:~views.View class attribute :attr:~views.View.provide_automatic_options is set in :meth:~views.View.as_view, to be detected by :meth:~Flask.add_url_rule.
Error handling will try handlers registered for blueprint, code, app, code, blueprint, exception, app, exception.
Cookie is added to the response's Vary header if the session is accessed at all during the request (and not deleted).
:meth:~Flask.test_request_context accepts subdomain and url_scheme arguments for use when building the base URL.
Set :data:APPLICATION_ROOT to '/' by default. This was already the implicit default when it was set to None.
:data:TRAP_BAD_REQUEST_ERRORS is enabled by default in debug mode. BadRequestKeyError has a message with the bad key in debug mode instead of the generic bad request message.
Allow registering new tags with :class:~json.tag.TaggedJSONSerializer to support storing other types in the session cookie.
Only open the session if the request has not been pushed onto the context stack yet. This allows :func:~stream_with_context generators to access the same session that the containing view uses.
Add json keyword argument for the test client request methods. This will dump the given object as JSON and set the appropriate content type.
Extract JSON handling to a mixin applied to both the :class:Request and :class:Response classes. This adds the :meth:~Response.is_json and :meth:~Response.get_json methods to the response to make testing JSON response much easier.
Removed error handler caching because it caused unexpected results for some exception inheritance hierarchies. Register handlers explicitly for each exception if you want to avoid traversing the MRO.
Fix incorrect JSON encoding of aware, non-UTC datetimes.
Template auto reloading will honor debug mode even even if :attr:~Flask.jinja_env was already accessed.
The following old deprecated code was removed.
flask.ext - import extensions directly by their name instead of through the flask.ext namespace. For example, import flask.ext.sqlalchemy becomes import flask_sqlalchemy.
Flask.init_jinja_globals - extend :meth:Flask.create_jinja_environment instead.
Flask.error_handlers - tracked by :attr:Flask.error_handler_spec, use :meth:Flask.errorhandler to register handlers.
Flask.request_globals_class - use :attr:Flask.app_ctx_globals_class instead.
Flask.static_path - use :attr:Flask.static_url_path instead.
Request.module - use :attr:Request.blueprint instead.
The :attr:Request.json property is no longer deprecated.
Support passing a :class:~werkzeug.test.EnvironBuilder or dict to :meth:test_client.open <werkzeug.test.Client.open>.
The flask command and :meth:Flask.run will load environment variables from .env and .flaskenv files if python-dotenv is installed.
When passing a full URL to the test client, the scheme in the URL is used instead of :data:PREFERRED_URL_SCHEME.
:attr:Flask.logger has been simplified. LOGGER_NAME and LOGGER_HANDLER_POLICY config was removed. The logger is always named flask.app. The level is only set on first access, it doesn't check :attr:Flask.debug each time. Only one format is used, not different ones depending on :attr:Flask.debug. No handlers are removed, and a handler is only added if no handlers are already configured.
Blueprint view function names may not contain dots.
Fix a ValueError caused by invalid Range requests in some cases.
The development server uses threads by default.
Loading config files with silent=True will ignore :data:~errno.ENOTDIR errors.
Pass --cert and --key options to flask run to run the development server over HTTPS.
Added :data:SESSION_COOKIE_SAMESITE to control the SameSite attribute on the session cookie.
Added :meth:~flask.Flask.test_cli_runner to create a Click runner that can invoke Flask CLI commands for testing.
Subdomain matching is disabled by default and setting :data:SERVER_NAME does not implicitly enable it. It can be enabled by passing subdomain_matching=True to the Flask constructor.
A single trailing slash is stripped from the blueprint url_prefix when it is registered with the app.
:meth:Request.get_json doesn't cache the result if parsing fails when silent is true.
:func:Request.get_json no longer accepts arbitrary encodings. Incoming JSON should be encoded using UTF-8 per RFC 8259, but Flask will autodetect UTF-8, -16, or -32.
Added :data:MAX_COOKIE_SIZE and :attr:Response.max_cookie_size to control when Werkzeug warns about large cookies that browsers may ignore.
Updated documentation theme to make docs look better in small windows.
Rewrote the tutorial docs and example project to take a more structured approach to help new users avoid common pitfalls.

(adam)

py-apsw: updated to 3.24.0

3.24.0-r1
Added constants:
* SQLITE_DBCONFIG_RESET_DATABASE, and support for it in Connection.config()
* SQLITE_LOCKED_VTAB, and SQLITE_CORRUPT_SEQUENCE extended result codes
Added keywords and updated the shell to use it.

(adam)

asciidoc: removed unused REPLACE_PYTHON line

(adam)

Updated audio/fdk-aac

(adam)

fdk-aac: updated to 0.1.6

0.1.6
- Lots of minor assorted crash/fuzz fixes, mostly for the decoder but
  also some for the encoder

(adam)

Updated security/py-cryptography_vectors, security/py-cryptography

(adam)

py-cryptography[_vectors]: updated to 2.3

2.3:

SECURITY ISSUE: :meth:~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the min_tag_length provided to the :class:~cryptography.hazmat.primitives.ciphers.modes.GCM constructor. CVE-2018-10903
Added support for Python 3.7.
Added :meth:~cryptography.fernet.Fernet.extract_timestamp to get the authenticated timestamp of a :doc:Fernet </fernet> token.
Support for Python 2.7.x without hmac.compare_digest has been deprecated. We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next cryptography release.
Fixed multiple issues preventing cryptography from compiling against LibreSSL 2.7.x.
Added :class:~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number for quick serial number searches in CRLs.
The :class:~cryptography.x509.RelativeDistinguishedName class now preserves the order of attributes. Duplicate attributes now raise an error instead of silently discarding duplicates.
:func:~cryptography.hazmat.primitives.keywrap.aes_key_unwrap and :func:~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding now raise :class:~cryptography.hazmat.primitives.keywrap.InvalidUnwrap if the wrapped key is an invalid length, instead of ValueError.

(adam)

Updated textproc/py-sphinx, devel/py-pylint-plugin-utils

(adam)

py-pylint-plugin-utils: updated to 0.4

0.4:
Bug fixes.

(adam)

py-sphinx: 1.7.6

Release 1.7.6:

Bugs fixed
* LaTeX \sphinxupquote{} breaks in Russian
* sphinx.testing uses deprecated pytest API; Node.get_marker(name)
* crashed when recommonmark.AutoStrictify is enabled
* latex: crashed with docutils package provided by Debian/Ubuntu
* latex: a label for table is vanished if table does not have a caption
* crashed with numbered toctree
* C, render empty argument lists for macros.
* C++, fix lookup of full template specializations with no template arguments.
* C++, fix assertion on missing references in global scope when using
  intersphinx. Thanks to Alan M. Carroll.
* autodoc: crashed by Form Feed Character
* autodoc: loses the first staticmethod parameter for old styled classes
* quickstart: Typing Ctrl-U clears the whole of line
* html: "relations" sidebar is not shown by default
* latex: curly braces in index entries are not handled correctly
* epub: Wrong internal href fragment links
* apidoc: Interface of sphinx.apidoc:main() has changed
* PDF builds of French projects have issues with XeTeX
* napoleon raises RuntimeError with python 3.7
* sphinx-build: Interface of sphinx:main() has changed
* sphinx-build: sphinx.cmd.build.main() refers sys.argv instead of given
  argument
* autosummary: warning is emitted when the first line of docstring ends
  with literal notation
* autosummary: warnings of autosummary indicates wrong location
* autodoc: crashed on inspecting dict like object which does not support
  sorting
* autodoc: Enum argument missing if it shares value with another
* py domain: rtype field could not handle "None" as a type
* LaTeX: indexing of terms containing @, !, or " fails
* html: crashes if copying static files are failed
* autodoc: Fix formatting type annotations for tuples with more than two
  arguments
* i18n: crashed by auto-symbol footnote references
* autosummary: module summary has been broken when it starts with heading

(adam)

Updated www/apache24, math/py-numexpr

(adam)

py-numexpr: updated to 2.6.6

Changes from 2.6.5 to 2.6.6:
Fix to the thread barrier that occassionally suffered from spurious wakeups on MacOSX.

(adam)

apache24: updated to 2.4.34

Apache 2.4.34
*) SECURITY: CVE-2018-8011 (cve.mitre.org)
  mod_md: DoS via Coredumps on specially crafted requests
*) SECURITY: CVE-2018-1333 (cve.mitre.org)
  mod_http2: DoS for HTTP/2 connections by specially crafted requests
*) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
  document translations.
*) event: avoid possible race conditions with modules on the child pool.
*) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
  ProxyPassReverseCookiePath directive could fail to update correctly
  'domain=' or 'path=' in the 'Set-Cookie' header.
*) mod_ratelimit: fix behavior when proxing content.
*) core: Re-allow '_' (underscore) in hostnames.
*) mod_authz_core: If several parameters are used in a AuthzProviderAlias
  directive, if these parameters are not enclosed in quotation mark, only
  the first one is handled. The other ones are silently ignored.
  Add a message to warn about such a spurious configuration.
*) mod_md: improvements and bugfixes
  - MDNotifyCmd now takes additional parameter that are passed on to the called command.
  - ACME challenges have better checks for interference with other modules
  - ACME challenges are only handled for domains managed by the module, allowing
    other ACME clients to operate for other domains in the server.
  - better libressl integration
*) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
*) logging: Some early logging-related startup messages could be lost
  when using syslog for the global ErrorLog.
*) mod_cache: Handle case of an invalid Expires header value RFC compliant
  like the case of an Expires time in the past: allow to overwrite the
  non-caching decision using CacheStoreExpired and respect Cache-Control
  "max-age" and "s-maxage".
*) mod_xml2enc: Fix forwarding of error metadata/responses.
*) mod_proxy_http: Fix response header thrown away after the previous one
  was considered too large and truncated.
*) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
  of functions to consume the end of line when the buffer is exhausted.
*) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
  allow maximum HTTP response header size to be increased past 8192
  bytes.
*) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
  of a certificate chain.
*) http: Fix small memory leak per request when handling persistent
  connections.
*) mod_proxy_html: Fix variable interpolation and memory allocation failure
  in ProxyHTMLURLMap.
*) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
*) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
  zero out what had been initialized as the connection-level port.
*) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
*) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
  Hot spare members are used as drop-in replacements for unusable workers
  in the same load balancer set. This differs from hot standbys which are
  only used when all workers in a set are unusable.
*) suexec: Add --enable-suexec-capabilites support on Linux, to use
  setuid/setgid capability bits rather than a setuid root binary.
*) suexec: Add support for logging to syslog as an alternative to
  logging to a file; use --without-suexec-logfile --with-suexec-syslog.
*) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
  which broke some rare but previously-working configs.
*) core, log: improve sanity checks for the ErrorLog's syslog config, and
  explicitly allow only lowercase 'syslog' settings.
*) mod_http2: accurate reporting of h2 data input/output per request via
  mod_logio. Fixes an issue where output sizes where counted n-times on
  reused slave connections.
*) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
*) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
*) mod_proxy: Do not restrict the maximum pool size for backend connections
  any longer by the maximum number of threads per process and use a better
  default if mod_http2 is loaded.
*) mod_slotmem_shm: Add generation number to shm filename to fix races
  with graceful restarts.
*) core: Preserve the original HTTP request method in the '%<m' LogFormat
  when an path-based ErrorDocument is used.
*) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
  HTTP/2 requests.
*) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
  regression introduced in 2.4.30.
*) mod_md: Fix compilation with OpenSSL before version 1.0.2.
*) mod_dumpio: do nothing below log level TRACE7.
*) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
*) core: On ECBDIC platforms, some errors related to oversized headers
  may be misreported or be logged as ASCII escapes.
*) mod_ssl: Fix cmake-based build.
*) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
  section containers.

(adam)

Updated multimedia/ffmpeg3, multimedia/ffmpeg4

(adam)

ffmpeg3: updated to 3.4.4

version 3.4.4:
- avcodec/dvdsub_parser: Allocate input padding
- avcodec/dvdsub_parser: Init output buf/size
- avcodec/dirac_dwt_template: Fix signedness regression in interleave()
- avformat/movenc: Write version 2 of audio atom if channels is not known
- swresample/arm: rename labels to fix xcode build error
- avcodec/imgconvert: fix possible null pointer dereference

(adam)

ffmpeg4: updated to 4.0.2

version 4.0.2:
- avcodec/dvdsub_parser: Allocate input padding
- avcodec/dvdsub_parser: Init output buf/size
- avcodec/dirac_dwt_template: Fix signedness regression in interleave()
- avformat/mov: Simplify last element computation in mov_estimate_video_delay()
- avformat/mov: Break out of inner loop early in mov_estimate_video_delay()
- avformat/mov: Eliminate variable buf_size from mov_estimate_video_delay()
- avformat/mov: remove modulo operations from mov_estimate_video_delay()
- avformat/movenc: Write version 2 of audio atom if channels is not known
- swresample/arm: rename labels to fix xcode build error
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avcodec/vp8_parser: Do not leave data/size uninitialized
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
- avformat/asfdec_o: Check size_bmp more fully
- avformat/mxfdec: Fix av_log context
- avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/ac3dec: Check channel_map index
- avcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as indicator of studio profile
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/shorten: Fix undefined integer overflow
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avformat/movenc: Use mov->fc consistently for av_log()
- avcodec/mpeg4videodec: Check read profile before setting it
- avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
- avcodec/ac3_parser: Check init_get_bits8() for failure
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avcodec/dpx: Check elements in 12bps planar path
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/h264_parser: Reduce needed history for parsing mb index
- avcodec/magicyuv: Check bits left in flags&1 branch
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- ffmpeg: fix -stream_loop with multiple inputs
- ffmpeg: factorize input thread creation and destruction
- avformat/mpegts: parse large PMTs with multiple tables
- Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full"
- avcodec/videotoolboxenc: fix invalid session on iOS
- avcodec/videotoolboxenc: split initialization
- avcodec/videotoolboxenc: fix mutex/cond leak in error path

(adam)

Renamed graphics/py-graphviz to graphics/py-pygraphviz; Added graphics/py-graphviz

(adam)

py-graphviz: added version 0.8.4

(adam)

renamed py-graphviz to py-pygraphviz

(adam)

Updated devel/py-astroid, devel/py-pylint

(adam)

py-pylint: updated to 2.0.0

Pylint 2.0:
* trailing-comma-tuple can be emitted for return statements as well.
* Fix a false positive inconsistent-return-statements message when exception is raised
  inside an else statement.
* ImportFrom nodes correctly use the full name for the import sorting checks.
* [].extend and similar builtin operations don't emit dict-*-not-iterating with the Python 3 porting checker
* Add a check consider-using-dict-comprehension which is emitted if for dict initialization
  the old style with list comprehensions is used.
* Add a check consider-using-set-comprehension which is emitted if for set initialization
  the old style with list comprehensions is used.
* logging-not-lazy is emitted whenever pylint infers that a string is built with addition
* Add a check chained-comparison which is emitted if a boolean operation can be simplified
  by chaining some of its operations.
  e.g "a < b and b < c", can be simplified as "a < b < c".
* Add a check consider-using-in for comparisons of a variable against
  multiple values with "==" and "or"s instead of checking if the variable
  is contained "in" a tuple of those values.
* in is considered iterating context for some of the Python 3 porting checkers
* Add --ignore-none flag to control if pylint should warn about no-member where the owner is None
* Fix a false positive related to too-many-arguments and bounded __get__ methods
* mcs as the first parameter of metaclass's __new__ method was replaced by cls
* assignment-from-no-return considers methods as well.
* Support typing.TYPE_CHECKING for *unused-import* errors
* Inferred classes at a function level no longer emit invalid-name
  when they don't respect the variable regular expression
* Added basic support for postponed evaluation of function annotations.
* Fix a bug with missing-kwoa and variadics parameters
* simplifiable-if-statement takes in account only when assigning to same targets
* Make len-as-condition test more cases, such as len() < 1 or len <= 0'
* Fix false-positive line-too-long message emission for
  commented line at the end of a module
* Fix false-positive bad-continuation for with statements
* Don't warn about stop-iteration-return when using next() over itertools.count
* Add a check consider-using-get for unidiomatic usage of value/default-retrieval
  for a key from a dictionary
* invalid-slice-index is not emitted when the slice is used as index for a complex object.
  We only use a handful of known objects (list, set and friends) to figure out if
  we should emit invalid-slice-index when the slice is used to subscript an object.
* Don't emit unused-import anymore for typing imports used in type comments.
* Add a new check 'useless-import-alias'.
* Add comparison-with-callable to warn for comparison with bare callable, without calling it.
* Don't warn for missing-type-doc and/or missing-return-type-doc, if type
  annotations exist on the function signature for a parameter and/or return type.
* Add --exit-zero option for continuous integration scripts to more
  easily call Pylint in environments that abort when a program returns a
  non-zero (error) status code.
* Warn if the first argument of an instance/ class method gets assigned
* New check comparison-with-itself to check comparison between same value.
* Add a new warning, 'logging-fstring-interpolation', emitted when f-string
  is used within logging function calls.
* Don't show 'useless-super-delegation' if the subclass method has different type annotations.
* Add unhashable-dict-key check.
* Don't warn that a global variable is unused if it is defined by an import
* Skip wildcard import check for __init__.py.
* The Python 3 porting mode can now run with Python 3 as well.
* too-few-public-methods is not emitted for dataclasses.
* New verbose mode option, enabled with --verbose command line flag, to
  display of extra non-checker-related output. It is disabled by default.
* undefined-loop-variable takes in consideration non-empty iterred objects before emitting
* Add support for numpydoc optional return value names.
* singleton-comparison accounts for negative checks
* Add a check consider-using-in for comparisons of a variable against
  multiple values with "==" and "or"s instead of checking if the variable
  is contained "in" a tuple of those values.
* defaultdict and subclasses of dict are now handled for dict-iter-* checks
* logging-format-interpolation also emits when f-strings are used instead of % syntax.
* Don't trigger misplaced-bare-raise when the raise is in a finally clause
* Add a new check, possibly-unused-variable.
  This is similar to unused-variable, the only difference is that it is
  emitted when we detect a locals() call in the scope of the unused variable.
  The locals() call could potentially use the said variable, by consuming
  all values that are present up to the point of the call. This new check
  allows to disable this error when the user intentionally uses locals()
  to consume everything.
* no-else-return accounts for multiple cases
  The check was a bit overrestrictive because we were checking for
  return nodes in the .orelse node. At that point though the if statement
  can be refactored to not have the orelse. This improves the detection of
  other cases, for instance it now detects TryExcept nodes that are part of
  the .else branch.
* Added two new checks, invalid-envvar-value and invalid-envvar-default.
  The former is trigger whenever pylint detects that environment variable manipulation
  functions uses a different type than strings, while the latter is emitted whenever
  the said functions are using a default variable of different type than expected.
* Add a check consider-using-join for concatenation of strings using str.join(sequence)
* Add a check consider-swap-variables for swapping variables with tuple unpacking
* Add new checker try-except-raise that warns the user if an except handler block
  has a raise statement as its first operator. The warning is shown when there is
  a bare raise statement, effectively re-raising the exception that was caught or the
  type of the exception being raised is the same as the one being handled.
* Don't crash on invalid strings when checking for logging-format-interpolation
* Exempt __doc__ from triggering a redefined-builtin
  __doc__ can be used to specify a docstring for a module without
  passing it as a first-statement string.
* Fix false positive bad-whitespace from function arguments with default
  values and annotations
* Fix stop-iteration-return false positive when next builtin has a
  default value in a generator
* Fix emission of false positive no-member message for class with  "private" attributes whose name is mangled.
* Fixed a crash which occurred when Uninferable wasn't properly handled in stop-iteration-return
* Use the proper node to get the name for redefined functions
* Don't crash when encountering bare raises while checking inconsistent returns
* Fix a false positive inconsistent-return-statements message when if statement is inside try/except.
* Fix a false positive inconsistent-return-statements message when while loop are used.
* Correct column number for whitespace conventions.
  Previously the column was stuck at 0
* Fix unused-argument false positives with overshadowed variable in
  dictionary comprehension.
* Fix false positive inconsistent-return-statements message when never
  returning functions are used (i.e sys.exit for example).
* Fix error when checking if function is exception, as in bad-exception-context.
* Fix false positive inconsistent-return-statements message when a
  function is defined under an if statement.
* New useless-return message when function or method ends with a "return" or
  "return None" statement and this is the only return statement in the body.
* Fix false positive inconsistent-return-statements message by
  avoiding useless exception inference if the exception is not handled.
* Fix bad thread instantiation check when target function is provided in args.
* Fixed false positive when a numpy Attributes section follows a Parameters
  section
* Fix incorrect file path when file absolute path contains multiple path_strip_prefix strings.
* Fix false positive undefined-variable for lambda argument in class definitions
* Add of a new checker that warns the user if some messages are enabled or disabled
  by id instead of symbol.
* Suppress false-positive not-callable messages from certain
  staticmethod descriptors
* Fix indentation handling with tabs
* Fix false-positive bad-continuation error
* Fix false positive unused-variable in lambda default arguments
* Updated the default report format to include paths that can be clicked on in some terminals (e.g. iTerm).
* Fix inline def behavior with too-many-statements checker
* Fix KeyError raised when using docparams and NotImplementedError is documented.
* Fix 'method-hidden' raised when assigning to a property or data descriptor.
* Fix emitting useless-super-delegation when changing the default value of keyword arguments.
* Expand ignored-argument-names include starred arguments and keyword arguments
* Fix false-postive undefined-variable in nested lambda
* Fix false-positive bad-whitespace message for typing annoatations
with ellipses in them

(adam)

py-astroid: updated to 2.0

astroid 2.0:
* String representation of nodes takes in account precedence and associativity rules of operators.
* Fix loading files with modutils.load_from_module when
  the path that contains it in sys.path is a symlink and
  the file is contained in a symlinked folder.
* Reworking of the numpy brain dealing with numerictypes
  (use of inspect module to determine the class hierarchy of
  numpy.core.numerictypes module)
* Added inference support for starred nodes in for loops
* Support unpacking for dicts in assignments
* Add support for inferring functools.partial
* Inference support for dict.fromkeys
* int() builtin is inferred as returning integers.
* str() builtin is inferred as returning strings.
* DescriptorBoundMethod has the correct number of arguments defined.
* Improvement of the numpy numeric types definition.
* Subclasses of *property* are now interpreted as properties
* AsStringRegexpPredicate has been removed.
  Use transform predicates instead of it.
* Switched to using typed_ast for getting access to type comments
  As a side effect of this change, some nodes gained a new type_annotation attribute,
  which, if the type comments were correctly parsed, should contain a node object
  with the corresponding objects from the type comment.
* typing.X[...] and typing.NewType are inferred as classes instead of instances.
* Module.__path__ is now a list
  It used to be a string containing the path, but it doesn't reflect the situation
  on Python, where it is actually a list.
* Fix a bug with namespace package's __path__ attribute.
* Added brain tips for random.sample
* Add brain tip for issubclass builtin
* Fix submodule imports from six
* Fix missing __module__ and __qualname__ from class definition locals
* Fix a crash when __annotations__ access a parent's __init__ that does not have arguments
* Fix multiple objects sharing the same InferenceContext.path causing uninferable results
* Fix improper modification of col_offset, lineno upon inference of builtin functions
* Subprocess.Popen brain now knows of the args member
* add move_to_end method to collections.OrderedDict brain
* Include new hashlib classes added in python 3.6
* Fix RecursionError for augmented assign
* Add missing attrs special attribute
* Inference now understands the 'isinstance' builtin
* Stop duplicate nodes with the same key values
  from appearing in dictionaries from dictionary unpacking.
* Fix contextlib.contextmanager inference for nested context managers
* Implement inference for len builtin
* Add qname method to Super object preventing potential errors in upstream
  pylint
* Stop astroid from getting stuck in an infinite loop if a function shares
its name with its decorator
* Fix issue with inherited __call__ improperly inferencing self
* Fix __call__ precedence for classes with custom metaclasses
* Limit the maximum amount of interable result in an NodeNG.infer() call to
100 by default for performance issues with variables with large amounts of
possible values.
The max inferable value can be tuned by setting the max_inferable_values flag on
astroid.MANAGER.

(adam)

Updated devel/py-automat, security/libgpg-error

(adam)

libgpg-error: updated to 1.32

version 1.32:
* Fixes a problem with gpgrt_fflush and gpgrt_fopencookie.
* Fixes a problem with the C11 header stdnoreturn.h.
* The yat2m tool can now also be build on Windows.
* Updates translations for Spanish, Russian and Ukrainian.

(adam)

py-automat: updated to 0.7.0

0.7.0:
Unknown changes.

(adam)

py-characteristic: updated HOMEPAGE, added USE_LANGUAGES

(adam)

Updated mail/dovecot2, mail/dovecot2-pigeonhole

(adam)

dovecot2-pigeonhole: updated to 0.5.2

v0.5.2:
+ Implement plugin for the a vendor-defined IMAP capability called
  "FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering
  in IMAP. More information can be found in
  doc/plugins/imap_filter_sieve.txt.
- The Sieve addess test caused an assertion panic for invalid addresses
  with UTF-8 codepoints in the localpart. Fixed by properly detecting
  invalid addresses with UTF-8 codepoints in the localpart and skipping
  these like other invalid addresses while iterating addresses for the
  address test.
- Make the length of the subject header for the vacation response
  configurable and enforce the limit in UTF-8 codepoints rather than
  bytes. The subject header for a vacation response was statically
  truncated to 256 bytes, which is too limited for multi-byte UTF-8
  characters.
- Sieve editheader extension: Fix assertion panic occurring when it is
  used to manipulate a message header with a very large header field.
- Properly abort execution of the sieve_discard script upon error.
  Before, the LDA Sieve plugin attempted to execute the sieve_discard
  script when an error occurs. This can lead to the message being lost.
- Fix the interaction between quota and the sieve_discard script. When
  quota was used together with a sieve_discard script, the message
  delivery did not bounce when the quota was exceeded.

(adam)

dovecot2: updated to 2.3.2.1

v2.3.2 still had a few unexpected bugs:
- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
  sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/
* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
  opening /proc/self/io. This may still cause security problems if the
  process is ptrace()d at the same time. Instead, open it while still
  running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
  doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
  $HasAttachment or $HasNoAttachment flags for matching mails. See
  doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
+ lmtp proxy: Support outgoing SSL/TLS connections
+ lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
+ submission: Add support for rawlog_dir
+ submission: Add submission_client_workarounds setting.
+ lua auth: Add password_verify() function and additional fields in
  auth request.
- doveadm-server: TCP connections are hanging when there is a lot of
  network output. This especially caused hangs in dsync-replication.
- Using multiple type=shared mdbox namespaces crashed
- mail_fsync setting was ignored. It was always set to "optimized".
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during
  handshake.
- SSL/TLS servers: Don't send extraneous certificates to client when
  alt certs are used.
- lda, lmtp: Return-Path header without '<' may have assert-crashed.
- lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
- lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hardcoded to 40 MB.
  Exceeding it caused the connection to get dropped during transfer.
- lmtp: Fix potential crash when delivery fails at DATA stage
- lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
- SMTP client may have assert-crashed when sending mail
- IMAP COMPRESS: Send "end of compression" marker when disconnecting.
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
- Snippet generation for HTML mails didn't ignore &entities inside
  blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after
  reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it wasn't
  indexed.
- Obsolete dovecot.index.cache offsets were sometimes used. Trying to
  fetch a field that was just added to cache file may not have always
  found it.

(adam)

Updated devel/py-dash, net/py-ncclient

(adam)

py-ncclient: updated to 0.6.0

0.6.0:
Re-enabled Python 3.7 by changing "async" to "async_mode" in several locations

(adam)

py-dash: updated to 4.6.0

v4.6.0:
Improve performance of the following functions for large datasets:
duplicates
sorted_uniq
sorted_uniq_by
union
union_by
union_with
uniq
uniq_by
uniq_with
xor
xor_by
xor_with

(adam)

Updated devel/talloc, www/py-idna_ssl

(adam)

py-idna_ssl: updated to 1.1.0

v1.1.0:
Merge pull request 11 from aio-libs/pyup-update-pytest-3.6.2-to-3.6.3
Update pytest to 3.6.3

(adam)

talloc: updated to 2.1.14

2.1.14:
Bug fixes.

(adam)

Updated multimedia/ffmpeg3, databases/py-bsddb3

(adam)

py-bsddb3: updated to 6.2.6

6.2.6:
* Correctly detect Berkeley DB when installed via Homebrew on Mac OS X.
* Python 3.6 and 3.7 are explicitly supported.

(adam)

ffmpeg3: updated to 3.4.3

version 3.4.3:
- avformat/movenc: Check input sample count
- avcodec/mjpegdec: Check for odd progressive RGB
- avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id
- avcodec/vp8_parser: Do not leave data/size uninitialized
- avformat/mms: Add missing chunksize check
- avformat/pva: Check for EOF before retrying in read_part_of_packet()
- avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
- avformat/asfdec_o: Check size_bmp more fully
- avcodec/indeo4: Check for end of bitstream in decode_mb_info()
- avcodec/shorten: Fix undefined addition in shorten_decode_frame()
- avcodec/shorten: Fix undefined integer overflow
- avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
- avcodec/jpeg2000dec: Check that there are enough bytes for all tiles
- avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
- avcodec/escape124: Fix spelling errors in comment
- avcodec/ra144: Fix integer overflow in ff_eval_refl()
- avcodec/cscd: Check output buffer size for lzo.
- avcodec/escape124: Check buf_size against num_superblocks
- avcodec/h264_parser: Reduce needed history for parsing mb index
- avcodec/magicyuv: Check bits left in flags&1 branch
- avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- lavf/http.c: Free allocated client URLContext in case of error.
- avcodec/dsicinvideo: Fail if there is only a small fraction of the data available that comprises a full frame
- avcodec/dsicinvideo: Propagate errors from cin_decode_rle()
- avcodec/dfa: Check dimension against maximum
- avcodec/cinepak: Skip empty frames
- avcodec/cinepak: move some checks prior to frame allocation
- swresample/arm: remove unintentional relocation.
- doc/APIchanges: Fix typos in hashes
- avformat/utils: Check cur_dts in update_initial_timestamps() more
- avcodec/utils: Enforce minimum width also for VP5/6
- avcodec/truemotion2: Propagate out of bounds error from GET_TOK()
- avformat/utils: Fix integer overflow in end time calculation in update_stream_timings()
- avcodec/mjpegdec: Check input buffer size.
- avcodec/h264_slice: Fix integer overflow with last_poc
- avformat/mov: Fix extradata memleak
- lavc/libopusdec: Allow avcodec_open2 to call .close
- avcodec/movtextdec: Check style_start/end
- avcodec/aacsbr_fixed: Fix integer overflow in sbr_hf_assemble()
- libavcodec/rv34: error out earlier on missing references
- swresample/swresample: Fix for seg fault in swr_convert_internal() -> sum2_float during dithering.
- avcodec/aacdec_fixed: Fix integer overflow in apply_independent_coupling_fixed()
- avcodec/cscd: Error out when LZ* decompression fails
- avcodec/imgconvert: Fix loss mask bug in avcodec_find_best_pix_fmt_of_list()
- avfilter/vf_signature: use av_strlcpy()
- avcodec/utvideodec: Set pro flag based on fourcc
- avcodec/wmalosslessdec: Fix null pointer dereference in decode_frame()
- avcodec/tableprint_vlc: Fix build failure with --enable-hardcoded-tables
- avformat/mov: Move +1 in check to avoid hypothetical overflow in add_ctts_entry()
- avcodec/get_bits: Make sure the input bitstream with padding can be addressed
- avformat/mov: Check STSC and remove invalid entries
- avcodec/nuv: rtjpeg with dimensions less than 16 would result in no decoded pixels thus reject it
- avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg
- avcodec/wmalosslessdec: Reset num_saved_bits on error path
- avformat/mov: Fix integer overflows related to sample_duration
- avformat/img2dec: fix infinite loop
- avformat/oggparsedaala: Do not adjust AV_NOPTS_VALUE
- avformat/oggparseogm: Check lb against psize
- avformat/oggparseogm: Fix undefined shift in ogm_packet()
- avformat/avidec: Fix integer overflow in cum_len check
- avformat/oggparsetheora: Do not adjust AV_NOPTS_VALUE
- avformat/utils: Fix integer overflow of fps_first/last_dts
- avformat/oggdec: Fix metadata memleak on multiple headers
- libavformat/oggparsevorbis: Fix memleak on multiple headers
- avformat/mov: Fix integer overflow in mov_get_stsc_samples()
- avcodec/truemotion2rt: Check input buffer size
- avcodec/g2meet: Check tile dimensions with av_image_check_size2()
- avcodec/exr: fix invalid shift in unpack_14()
- avcodec/bintext: sanity check dimensions
- avcodec/utvideodec: Check subsample factors
- avcodec/smc: Check input packet size
- avcodec/cavsdec: Check alpha/beta offset
- avcodec/diracdec: Fix integer overflow in mv computation
- avcodec/h264_parse: Clear invalid chroma weights in ff_h264_pred_weight_table()
- avcodec/aacdec_templat: Fix integer overflow in apply_ltp()
- avcodec/jpeg2000dwt: Fix integer overflows in sr_1d53()
- avcodec/diracdec: Use int64 in global mv to prevent overflow
- avcodec/dxtory: Remove code that corrupts dimensions
- avcodec/dirac_dwt_template: Fix Integer overflow in horizontal_compose_dd137i()
- avcodec/hevcdec: Check luma/chroma_log2_weight_denom
- avcodec/jpeg2000dec: Use av_image_check_size2()
- avcodec/vp8: Check for bitstream end before vp7_fade_frame()
- avcodec/exr: Check remaining bits in last get code loop
- avutil/common: Fix integer overflow in av_clip_uint8_c() and av_clip_uint16_c()
- avdevice/decklink_dec: Fix ;;
- avcodec/h264_cabac: Tighten allowed coeff_abs range
- avcodec/h264_cavlc: Set valid qscale value in ff_h264_decode_mb_cavlc()
- avdevice/iec61883: free the private context at the end
- avdevice/iec61883: return reference counted packets
- configure: add nvcc to CMDLINE_SET
- avcodec/mpeg4_unpack_bframes: make sure the packet is writable when data needs to be changed
- avcodec/mp3_header_decompress: don't free the user provided packet on error
- avcodec/extract_extradata: zero initalize the padding bytes in all allocated buffers
- avformat/hvcc: zero initialize the nal buffers past the last written byte
- swresample/rematrix: fix update of channel matrix if input or output layout is undefined
- avformat/matroskadec: ignore CodecPrivate if the stream is VP9

(adam)

Updated net/zeromq, net/py-zmq

(adam)

py-zmq: updated to 17.1.0

17.1.0:
- Bump bundled libzmq to 4.2.5
- Improve tornado 5.0 compatibility
  (use :meth:~tornado.ioloop.IOLoop.current instead of :meth:~tornado.ioloop.IOLoop.instance
  to get default loops in :class:.ZMQStream and :class:.IOLoopAuthenticator)
- Add support for :func:.curve_public
- Remove delayed import of json in send/recv_json
- Add :meth:.Authenticator.configure_curve_callback
- Various build fixes
- sdist sources generated with Cython 0.28.3
- Stop building wheels for Python 3.4, start building wheels for Python 3.7

(adam)

zeromq: updated to 4.2.5

0MQ version 4.2.5 stable:
* Fixed 3018 - fix backward-incompatible change in the NULL auth
                mechanism that slipped in 4.2.3 and made connections
                with a ZAP domain set on a socket but without a working
                ZAP handler fail. See ZMQ_ZAP_ENFORCE_DOMAIN and RFC27.
* Fixed 3016 - clarify in zmq_close manpage that the operation will
                complete asynchronously.
* Fixed 3012 - fix CMake build problem when using LIBZMQ_WERROR and a
                compiler other than GCC.

0MQ version 4.2.4 stable:
* New DRAFT (see NEWS for 4.2.0) socket options:
  - ZMQ_LOOPBACK_FASTPATH to enable faster TCP loopback on Windows
  - ZMQ_METADATA to set application-specific metadata on a socket
  See doc/zmq_setsockopt.txt and doc/zmq_getsockopt.txt for details.
* New DRAFT (see NEWS for 4.2.0) context options:
  - ZMQ_ZERO_COPY_RECV to disable zero-copy receive to save memory
    at the expense of slower performance
  See doc/zmq_ctx_set.txt and doc/zmq_ctx_get.txt for details.
* New DRAFT API zmq_stopwatch_intermediate which returns the time
  elapsed without stopping the stopwatch.
* TIPC: support addressing TIPC Port Identity addresses.
* Added CMake option to disable tests: BUILD_TESTS
* Added CMake and autotools make targets to support clang-formatter:
  make clang-format, clang-format-check and clang-format-diff to
  help developers make sure their code conforms to the style guidelines
* For distributors: a new test framework has been added, which
  includes a copy of the Unity source code. This source code library is
  distributed under the MIT license and thus is compatible with
  libzmq's LGPL3.
* Fixed 2867 - add ZeroMQConfig.cmake.in to distributable tarball
* Fixed 2868 - fix OpenBSD build
* Fixed 2870 - fix VC++ 11.0 (VS2012) build
* Fixed 2879 - prevent duplicate connections on PUB sockets
* Fixed 2872 - fix CMake tests on Windows
* Fixed 2895 - fix assert on Windows with POLL
* Fixed 2920 - fix Windows build with Intel compiler
* Fixed 2930 - use std::atomic when available with VC++ and VS2015
* Fixed 2910 - fix race condition with ZMQ_LINGER socket option
* Fixed 2927 - add support for ZMQ_XPUB_NODROP on ZMQ_RADIO
* Fixed 2820 - further clarify ZMQ_XPUB_VERBOSE(R) documentation.
* Fixed 2911 - ZMQ_DISH over UDP triggers errno_assert() after hitting
                watermark
* Fixed 2942 - ZMQ_PUB crash when due to high volume of subscribe and
                unsubscribe messages, an unmatched unsubscribe message is
                received in certain conditions
* Fixed 2946 - fix Windows CMake build when BUILD_SHARED is off
* Fixed 2960 - fix build with GCC 8
* Fixed 2967 - fix race condition on thread safe sockets due to pthread
                condvar timeouts on OSX
* Fixed 2977 - fix TIPC build-time availability check to be more relaxed
* Fixed 2966 - add support for WindRiver VxWorks 6.x
* Fixed 2963 - fix some PVS Studio static analysis warnings
* Fixed 2983 - fix MinGW cross-compilation
* Fixed 2991 - fix mutex assert at shutdown when the zmq context is part
                of a class declared as a global static

(adam)

Updated lang/gawk

(adam)

gawk: updated to 4.2.1

Changes from 4.2.0 to 4.2.1
---------------------------

1. Support for OS/2 has been brought up to date.  This support was
  accidentally omitted from the initial 4.2 release, for which
  we apologize.

2. The manual received a number of updates to make it format better
  for PDF.

3. A new configure option, --enable-versioned-dir, causes the directory
  holding extensions to include the API version in its name.

4. extension/configure.ac has been improved considerably.

5. In MPFR mode, When ROUNDMODE changes, string values for numerically
  type values will be redone.

6. The various 'inplace' tests now pass on modern BSD systems.

7. A number of bugs, some of them quite significant, have been fixed.
  See the ChangeLog for details.

Changes from 4.1.4 to 4.2.0
---------------------------

1. If not in POSIX mode, changes to ENVIRON are reflected into
  gawk's environment, affecting any programs run by system()
  or for piped redirections. This can also affect built-in routines, such
  as mktime(), which is typically influenced by the TZ environment variable.

2. The series of numbers returned by rand() should now be "more
  random" than previously.  Gawk's rand() remains repeatable; you will
  get the same series of numbers each time you call rand() repeatedly,
  but this will be a different series than previously.

3. Multiple changes related to the pretty printer:

  * The --pretty-print option no longer runs the program too.

  * Pretty printing now preserves comments and places them into the
    pretty-printed file.

  * Pretty-printing now uses the original text of constant numeric values
    for pretty-printing and profiling.

  * Pretty-printing now preserves parenthesized expressions as they
    were in the source file. This solves several niggling corner cases
    with such things.

4. The igawk script and igawk.1 man page are no longer installed by
  `make install'.  They have been obsolete since gawk 4.0.0.

5. Gawk can now be built with CMake.  This is an alternative build
  system for those who may want it; gawk is not going to switch off
  use of the autotools anytime soon, if ever.

6. Gawk now processes a maximum of two hexadecimal digits in \x
  escape sequences inside strings.

7. Setting PROCINFO["redirection", "NONFATAL"] to true makes I/O
  errors for "redirection" not fatal, setting ERRNO. Setting
  PROCINFO["NONFATAL"] makes all I/O nonfatal. See the manual.

8. MirBSD is no longer supported.

9. `make install' now installs shell startup files
  $sysconfdir/profile.d/gawk.{csh,sh} containing shell functions to
  manipulate the AWKPATH and AWKLIBPATH environment variables.  On a Fedora
  system, these files belong in /etc/profile.d, but the appropriate location
  may be different on other platforms.

10. Gawk now supports retryable I/O via PROCINFO[input-file, "RETRY"]; see
    the manual.

11. The C API has undergone changes that break binary compatibility with
    the previous version. Thus the API version is now at 2.0.  YOU WILL
    NEED TO RECOMPILE YOUR EXTENSIONS to work with this version of gawk.
    Source code compatibility remains intact, although you will get
    compiler warnings if you do not revise your extensions. We strongly
    recommend that you do so.  Fortunately, the changes are fairly minor
    and straightforward.

    See the manual for the new features.

12. Revisions in the POSIX standard remove the special case for POSIX
    mode when FS = " " where newline was not a field separator. The code
    and doc have been updated.

13. Gawk now supports strongly typed regexp constants. Such constants
    look like @/.../.  You can assign them to variables, pass them to
    functions, use them in ~, !~ and the case part of a switch statement.
    More details are provided in the manual.

14. The new typeof() function can be used to indicate if a variable or
    array element is an array, regexp, string or number.

15. As promised when 4.1 was released, the old extension mechanism,
    using the `extension' function, is now gone.

16. Support for GNU/Linux on Alpha systems has been removed.

17. Optimizations are now enabled by default. Use the new -s/--no-optimize
    option(s) to disable them.  Pretty-printing and profiling automatically
    disable optimizations so that the output program is the same as the
    original input program.

18. Gawk now uses fwrite_unlocked if it's available. This yields a 7% - 18%
    improvement in raw output speed (gawk '{ print }' on a large file).

19. Passing negative operands to any of the bitwise functions now
    produces a fatal error.

20. Programs that toggle IGNORECASE a lot should now be noticeably faster.

21. The mktime function now accepts an optional second argument. If this
    argument is present and is non-zero or non-null, the time will be converted
    from UTC instead of from the local timezone.

22. The FIELDWIDTHS parsing syntax has been enhanced to allow specifying
    how many characters to skip before a field starts. It also allows
    specifying '*' as the last character to mean "the rest of the record".
    Field splitting with FIELDWIDTHS now sets NF correctly.  The documentation
    for FIELDWIDTHS in the manual has been considerably reorganized and
    improved as well.

23. The PROCINFO["argv"] array records all of gawk's command line arguments
    as gawk received them (the values of the C level argv array).

24. The DJGPP port has been revived and now has an official maintainer.

25. The manual has been translated into Italian!  The translation is
    included in the distribution.

(adam)

Updated multimedia/mkvtoolnix, misc/stellarium

(adam)

stellarium: updated to 0.18.1

0.18.1:
The major changes of this version:
- Improvements and fixes for Hierarchical Progressive Surveys [HiPS] support
- Updated code of plugins
- Updated code and data
- Updated GPS handling
- Added rise, transit and set times for celestial objects
- Added dithering support

(adam)

mkvtoolnix: updated to 25.0.0

Version 25.0.0 "Prog Noir" 2018-07-12

New features and enhancements
* mkvmerge: SRT/ASS/SSA text subtitles: for files for which no encoding has
  been specified, mkvmerge will try UTF-8 first before falling back to the
  system's default encoding.
* mkvmerge: SRT/ASS/SSA/WebVTT text subtitles: a warning is now emitted if
  invalid 8-bit characters are encountered outside valid multi-byte UTF-8
  sequences.
* mkvmerge: Matroska & MPEG transport stream readers: the encoding of text
  subtitles read from Matroska files can now be changed with the
  `--sub-charset` parameter.
* Linux: starting with release 25 an AppImage will be provided which should
  run on any Linux distribution released around the time of CentOS 7/Ubuntu
  14.04 or later.
* macOS: translations: updated the `build.sh` script to build `libiconv` and a
  complete `gettext`. Together with an additional fix to how translation files
  are located, MKVToolNix can now use all interface languages on macOS,
  too.

Bug fixes
* mkvmerge: AVC/h.264: fixed file identification failing for certain
  elementary streams due to internal buffers not being cleared properly.
* mkvmerge: HEVC/h.265: fixed file identification failing for certain
  elementary streams due to internal buffers not being cleared properly.
* mkvmerge: MLP code: fixed various issues preventing MLP from being parsed
  correctly.
* mkvmerge: TrueHD/MLP packetizer; dialog volume normalization removal isn't
  attempted if the track is an MLP track as the operation is only supported
  for TrueHD, not MLP.
* mkvmerge: MPEG TS reader: when reading MPLS mkvmerge will now compare the
  MPLS's start and end timestamps against the transport stream's PTS instead
  of its DTS. Otherwise the first key frame of a video track might be dropped
  if it isn't the first in presentation order.
* mkvmerge: JSON identification: mkvmerge will ensure that all strings passed
  to the JSON output modules are valid UTF-8 encoded strings by replacing
  invalid bytes with placeholder characters. This avoids the JSON library
  throwing an exception and mkvmerge aborting on such data.
* mkvmerge: audio packetizers: mkvmerge will now keep discard padding values
  if they're present for packets read from Matroska files.
* mkvmerge: Ogg Opus reader: packet timestamps aren't calculated by summing up
  the duration of all packets starting with timestamp 0 anymore. Instead the
  algorithm is based on the Ogg page's granule position and which packet
  number is currently timestamped (special handling for the first and last
  packets in the stream).

  * This fixes the first timestamp if the first Ogg packet's granule position
    is larger than the number of samples in the first packet (= if the first
    sample's timestamp is bigger than 0). mkvmerge will keep those offsets now
    and inserts "discard padding" only where it's actually needed.
  * It also improves handling of invalid files where the first Ogg packet's
    granule position is smaller than the number of samples in the first packet
    (= the first sample's timestamp is smaller than 0). mkvmerge will now
    shift all timestamps up to 0 in such a case instead of inserting "discard
    padding" elements all over the place.
  * mkvmerge will no longer insert "discard padding" elements if the
    difference between a) the calculated number of samples in the packet
    according to the granule position and b) the actual number of samples as
    calculated from the bitstream is one sample or less and if the packet
    isn't the last one in the stream. This circumvents certain rounding
    errors.
  * The timestamp of the first packet after a gap in the middle of the stream
    is now calculated based on the Ogg page the packet belongs to, and not
    based on the timestamps before the gap.

* mkvmerge: complete rewrite of the progress handling. It's now based upon the
  total size of all source files and the current position within them instead
  of the number of frames/blocks to be processed. This simplifies calculation
  when appending files and fixes rare cases of when progress report was
  obvious wrong (e.g. stuck at 0% right until the end).
* MKVToolNix GUI: header editor: non-mandatory elements couldn't be removed
  anymore due to a regression while fixing 2320. They can now be removed
  again.

(adam)

py-pylint-django: mark as incompatible with Python 2.7

(adam)

py-pylint-celery: mark as incompatible with Python 2.7

(adam)

py-pylint-common: mark as incompatible with Python 2.7

(adam)

Updated games/rocksndiamonds, games/mirrormagic

(adam)

mirrormagic: updated to 3.0.0

3.0.0:
There are not many new features and changes to the game itself, as the main goal of this release is to keep the game playable on modern systems, and there is finally also support for Mac and Android systems. This was all done by integrating the classic Mirror Magic game engine into the game Rocks窶冢窶僖iamonds as a new custom game engine, therefore using R窶冢窶僖 as the new technical platform for this and any future release.

(adam)

rocksndiamonds: updated to 4.1.0.0

4.1.0.0:
added various additional customization options to create your own games
added showing/hiding game element sections in the level editor depending on the selected game engine
added doing ���redo��� by pressing ���undo��� button with Ctrl or Shift key in the level editor
added new automatically saved config file for the selected zoom tile size in the level editor
moved level property ���initial wind direction��� to balloon elements in editor
fixed various bugs (and probably added some new ones)

(adam)

Updated net/tor

(adam)

tor: updated to 0.3.3.8

Changes in version 0.3.3.8:
  Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including
  fixes for a memory leak affecting directory authorities.

  o Major bugfixes (directory authority, backport from 0.3.4.3-alpha):
    - Stop leaking memory on directory authorities when planning to
      vote. This bug was crashing authorities by exhausting their
      memory. Fixes bug 26435; bugfix on 0.3.3.6.

  o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha):
    - Make sure that failing tests in Rust will actually cause the build
      to fail: previously, they were ignored. Fixes bug 26258; bugfix
      on 0.3.3.4-alpha.

  o Minor features (compilation, backport from 0.3.4.4-rc):
    - When building Tor, prefer to use Python 3 over Python 2, and more
      recent (contemplated) versions over older ones. Closes
      ticket 26372.

  o Minor features (geoip):
    - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
      Country database. Closes ticket 26674.

  o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
    - Add several checks to detect whether Tor relays are uploading
      their descriptors without specifying why they regenerated them.
      Diagnostic for ticket 25686.

  o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha):
    - Don't count path selection failures as circuit build failures.
      This change should eliminate cases where Tor blames its guard or
      the network for situations like insufficient microdescriptors
      and/or overly restrictive torrc settings. Fixes bug 25705; bugfix
      on 0.3.3.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
    - Fix a compilation warning on some versions of GCC when building
      code that calls routerinfo_get_my_routerinfo() twice, assuming
      that the second call will succeed if the first one did. Fixes bug
      26269; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (control port, backport from 0.3.4.4-rc):
    - Handle the HSADDRESS= argument to the HSPOST command properly.
      (Previously, this argument was misparsed and thus ignored.) Fixes
      bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran".

  o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
    - Fix a number of small memory leaks identified by coverity. Fixes
      bug 26467; bugfix on numerous Tor versions.

  o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
    - Relays now correctly block attempts to re-extend to the previous
      relay by Ed25519 identity. Previously they would warn in this
      case, but not actually reject the attempt. Fixes bug 26158; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha):
    - When shutting down, Tor now clears all the flags in the control.c
      module. This should prevent a bug where authentication cookies are
      not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
    - When running the hs_ntor_ref.py test, make sure only to pass
      strings (rather than "bytes" objects) to the Python subprocess
      module. Python 3 on Windows seems to require this. Fixes bug
      26535; bugfix on 0.3.1.1-alpha.
    - When running the ntor_ref.py test, make sure only to pass strings
      (rather than "bytes" objects) to the Python subprocess module.
      Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
      on 0.2.5.5-alpha.

(adam)

Updated devel/py-faker

(adam)

py-faker: updated to 0.8.17

0.8.17:
Add ein, itin and refactored ssn Provider for en_US.
Add job provier for zh_CN.
Add date_of_birth provider.
Add alpha-3 representation option for country-code provider.

(adam)

Updated devel/py-pylint-plugin-utils, devel/py-ruamel-yaml

(adam)

py-ruamel-yaml: updated to 0.15.43

0.15.43:
merge PR33: Python2.7 on Windows is narrow, but has no sysconfig.get_config_var('Py_UNICODE_SIZE').
register_class() now returns class

(adam)

py-pylint-plugin-utils: updated to 0.3

0.3:
Ditching Py2 due to pylint having done the same

(adam)

Updated print/py-reportlab, textproc/py-alabaster

(adam)

py-alabaster: updated to 0.7.11

0.7.11:
[Feature]: Add badge_branch option allowing configurability of which specific Git branch the Travis, Codecov, etc buttons default to.
[Feature]: Add optional next and previous links at the top and bottom of page content. Use theme option show_relbars to enable these.
[Bug] 73: Clean up some problematic font issues.
[Support]: Add setuptools-level entrypoint for improved theme distribution compatibility.
[Support]: Miscellaneous project maintenance updates such as adding to Travis CI and enforcing the use of flake8.

(adam)

py-reportlab: updated to 3.5.0

3.5.0:
Unknown changes

(adam)

Updated math/py-lmfit, devel/py-ordered-set, www/py-cheroot, www/py-cherrypy

(adam)

py-cherrypy: updated to 16.0.3:

v16.0.3
* Pinned the tempora dependency against
  version 1.13 to avoid pulling in namespace packages.

(adam)

py-cheroot: updated to 16.0.3

16.0.3:
Fix bug with returning empty result in cheroot.ssl.builtin.BuiltinSSLAdapter.wrap

(adam)

py-ordered-set: updated to 3.0.1

3.0.1:
Bug fixes.

(adam)

py-lmfit: updated to 0.9.11

0.9.11:
make exception explicit

0.9.10:
add AMPGO and basin-hopping global optimization methods.
aborting a fit from the objective function now raises AbortFitException
fit statistics are more uniformly calculated.
the uncertainties package is now an external dependency, and an out-dated copy is no longer kept in lmfit.
more exceptions when import matplotlib are now tolerated.
many documentation fixes.

(adam)

Updated devel/libdatrie, www/curl

(adam)

curl: updated to 7.61.0

Curl and libcurl 7.61.0

This release includes the following changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url

This release includes the following bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "version 1"
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding 2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "p12" as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "taking" a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation

(adam)

libdatrie: updated to 0.2.12

0.2.12:
- More C90 (ANSI C) compliance.
- Prevent some compiling conflicts with other sources.
- Fix miscellaneous compiler warnings.
- Prevent trimming on extremely long dictionary path names.

(adam)

Updated databases/py-asyncpg

(adam)

py-asyncpg: updated to 0.17.0

asyncpg v0.17.0:

Improvements
Official support for Python 3.7.

Bug Fixes
Fix garbage collection of connections and emit a ResourceWarning
if an unclosed connection is garbage collected.

Raise a clear error if there's a race in pool intialization.

Channel names in Connection.add_listener() and
Connection.remove_listener() are now quoted properly.

Fixed endianness detection on *BSD systems.

Fixed handling of large type OIDs.

(adam)

Updated devel/distcc, security/py-cryptodome

(adam)

py-cryptodome: updated to 3.6.4

3.6.4:
New features
* Build Python 3.7 wheels on Linux, Windows and Mac.

Resolved issues
* Rename _cpuid module to make upgrades more robust.
* More meaningful exceptions in case of mismatch in IV length (CBC/OFB/CFB modes).
* Fix compilation issues on Solaris 10/11.

(adam)

distcc: updated to 3.3

3.3 - Charlie the unicorn
* Use masquerade as compiler white-list.
* New --allow-private (the default) which allows non-global
* IP and IPv6 addresses.
* Cross-compilation support.
* Fix parsing of IPv6 addresses.
* Python 3, not python 2.
* Can build without python (and without pump mode or tests).
For those upgrading: you must run update-distcc-symlinks on every server machine, and add manually (see MASQUERADING of distcc(1)) those compilers it does not detect.

(adam)

Updated devel/libuv, devel/waf

(adam)

waf: updated to 2.0.9

NEW IN WAF 2.0.9
* Add dependencies on scriptlet outputs
* Made options optional for cython waftool
* Improve doxygen error handling

(adam)

libuv: updated to 1.22.0

Version 1.22.0:
* unix: remove checksparse.sh
* win: fix mingw build error
* win: fix -Wunused-function warnings in thread.c
* unix,win: merge timers implementation
* win: fix pointer type in pipe.c
* win: fixing build for older MSVC compilers
* zos: clear poll events on every iteration
* zos: write-protect message queue
* zos: use correct pointer type in strnlen
* unix,win: merge handle flags
* doc: update Imran Iqbal's GitHub handle
* src: add new error apis to prevent memory leaks
* test: make test-condvar call uv_cond_wait
* fs: change position of uv_fs_lchown

(adam)

Updated www/libsass, devel/py-rply

(adam)

py-rply: updated to 0.7.6

0.7.6:
Bug fixes

(adam)

libsass: updated to 3.5.4

3.5.4:
Revert sass2scss@v1.1.2 update

3.5.3:
Community
Add nim-sass to implementations list
Add Haskell bindings to implementations list
Add SharpScss and LibSassHost bindings to implementations list
Update node-sass link in implementations list
Update Unicode doc after forcing UTF8/plain ASCII
Update compatibility section of the read me

Features
Update sass2scss@v1.1.2
Emit transparent colours as rgba(0, 0, 0, 0)
Add a sass_option_push_import_extension C-API

Fixes
Fix output/error for modulo zero operation
Fix automake build if sassc is missing
Fix handling of colours in @at directives
Fix edge case converting achromatic colors to HSL
Fix evaluation of arithmetic inside interpolation
Fix handling of @important in custom properties
Fix duplicate definition of out_of_memory macro
Fix merging of nested media queries with negation
Fix regression in parsing selector with trailing escaped colon
Fix segfault on empty custom properties

3.5.2:
Features
Implement more detailed backtraces

Fixes
Fix parsing of block comments to ignore css string rules
Fix win UNC path handling for dot and dotdot directories

3.5.1:
Community
Add sass.cr to implementations list

Fixes
Fix compiler warnings
Fix double free when run in concurrent processes
Fix units sometimes being dropped in math operations
Fix missing error for mixins defined within mixins

(adam)

Updated time/py-icalendar, time/py-jdcal

(adam)

py-jdcal: updated to 1.4

1.4:
Universal wheel distribution.
Test to compare gcal2jd with astropy._erfa.cal2jd.
Add more Python versions on Travis.

(adam)

py-icalendar: updated to 4.0.2

4.0.2:
Update all pypi.python.org URLs to pypi.org

(adam)

Updated audio/py-discogs-client, math/py-pandas

(adam)

py-pandas: updated to 0.23.3

0.23.3:
This is a minor bug-fix release in the 0.23.x series and includes a fix for the source distribution on Python 3.7. We recommend that all users upgrade to this version.

(adam)

py-discogs-client: updated to 2.2.1

2.2.1:
Unknown changes

2.2.0:
Add API User Token

(adam)

Updated databases/py-apsw, audio/py-beets

(adam)

py-beets: updated to 1.4.7

1.4.7:

This new release includes lots of new features in the importer and the
metadata source backends that it uses.
We've changed how the beets importer handles non-audio tracks listed in
metadata sources like MusicBrainz:

* The importer now ignores non-audio tracks (namely, data and video tracks)
  listed in MusicBrainz. Also, a new option, :ref:ignore_video_tracks, lets
  you return to the old behavior and include these video tracks.
* A new importer option, :ref:ignored_media, can let you skip certain media
  formats.

There are other subtle improvements to metadata handling in the importer:
* In the MusicBrainz backend, beets now imports the
  musicbrainz_releasetrackid field. This is a first step toward
* A new importer configuration option, :ref:artist_credit, will tell beets
  to prefer the artist credit over the artist when autotagging.

And there are even more new features:
* :doc:/plugins/replaygain: The beet replaygain command now has
  --force, --write and --nowrite options.
* A new importer configuration option, :ref:incremental_skip_later, lets you
  avoid recording skipped directories to the list of "processed" directories
  in :ref:incremental mode. This way, you can revisit them later with
  another import.
* :doc:/plugins/fetchart: The configuration options now support
  finer-grained control via the sources option. You can now specify the
  search order for different *matching strategies* within different backends.
* :doc:/plugins/web: A new cors_supports_credentials configuration
  option lets in-browser clients communicate with the server even when it is
  protected by an authorization mechanism (a proxy with HTTP authentication
  enabled, for example).
* A new :doc:/plugins/sonosupdate plugin automatically notifies Sonos
  controllers to update the music library when the beets library changes.
* :doc:/plugins/discogs: The plugin now stores master release IDs into
  mb_releasegroupid. It also "simulates" track IDs using the release ID
  and the track list position.
* :doc:/plugins/discogs: Fetch the original year from master releases.

There are lots and lots of fixes

(adam)

py-apsw: updated to 3.23.1

3.23.1:
Added constants:
SQLITE_DBSTATUS_CACHE_SPILL, SQLITE_FCNTL_LOCK_TIMEOUT

(adam)

Updated net/py-gevent, devel/py-dulwich

(adam)

py-dulwich: updated to 0.19.5

0.19.5:
IMPROVEMENTS
Add porcelain.describe.

BUG FIXES
Fix regression in dulwich.porcelain.clone that prevented cloning of remote repositories.
Don���t leave around empty parent directories for removed refs.

0.19.4:
IMPROVEMENTS
Add porcelain.ls_files.
Add Index.items.

BUG FIXES
Avoid unicode characters (e.g. the digraph 蝶 in my surname) in setup.cfg, since setuptools doesn���t deal well with them.

(adam)

py-gevent: updated to 1.3.4

1.3.4:
Be more careful about issuing MonkeyPatchWarning for ssl imports. Now, we only issue it if we detect the one specific condition that is known to lead to RecursionError. This may produce false negatives, but should reduce or eliminate false positives.
Based on measurements and discussion in issue 1233, adjust the way gevent.pywsgi generates HTTP chunks. This is intended to reduce network overhead, especially for smaller chunk sizes.
Additional slight performance improvements in gevent.pywsgi.

1.3.3:
gevent.sleep() updates the loop窶冱 notion of the current time before sleeping so that sleep duration corresponds more closely to elapsed (wall clock) time. gevent.Timeout does the same.
Fix an UnboundLocalError in SSL servers when wrapping a socket throws an error.

1.3.2.post0:
Fix a packaging error in manylinux binary wheels that prevented some imports from working.

1.3.2:
Allow weak refeneces to gevent.queue.Queue.

1.3.1:
Allow weak references to gevent.event.Event.
Fix embedded uses of gevent.Greenlet.spawn(), especially under uwsgi.
Fix gevent.os.nb_write() and gevent.os.nb_read() not always closing the IO event they opened in the event of an exception. This would be a problem especially for libuv.

1.3.0:
Python 3.7 passes the automated memory leak checks.
Update autoconf窶冱 config.guess and config.sub to the latest versions for c-ares and libev.
gevent.local.local subclasses that mix-in ABCs can be instantiated.

(adam)

Updated devel/py-cached-property, net/py-portend

(adam)

py-portend: updated to 2.3

2.3
Package refresh.

(adam)

py-cached-property: updated to 1.4.3

1.4.3:
* Catch SyntaxError from asyncio import on older versions of Python

(adam)

Updated devel/py-apipkg, devel/py-flake8-import-order

(adam)

py-flake8-import-order: updated to 0.18

0.18:
Add new Python 3.7 modules to the stdlib list, and support 3.7.

(adam)

py-apipkg: updated to 1.5

1.5:
- switch to setuptools_scm
- move to github
- fix up python compat matrix
- avoid dict iteration (fixes issue on python3)

(adam)