Updated textproc/icu

(adam)

revbump after icu update

(adam)

textproc/icu: updated to 61.1

61.1:
Common Changes
* CLDR 33:
  - Two additional locales (Odia, Assamese) were brought up to Modern coverage level.
  - 4 new transforms: fa-fa_FONIPA, ha-ha_NE, nv-nv_FONIPA, vec-vec_FONIPA.
  - New currency code MRU for Mauritania.
  - Arabic native vs. ASCII digits.
  - Data additions & bug fixes.
* Many small API additions, improvements, and bug fixes.

ICU4C Specific Changes
* Added Google double-conversion library for formatting doubles. This is the library used in V8 and a number of other projects for converting doubles to decimals. To avoid name collisions, the library is linked internally under the ICU namespace as icu::double_conversion. Our copy of double_conversion is not intended for public usage.
* Re-wrote U8_NEXT macros to eliminate all library function calls.

(adam)

Corrected the last entry (cheers to wiz :))

(adam)

git-base: fixed PERLLIBDIR; removed unused SUBST

(adam)

Updated devel/py-pexpect, math/py-lmfit, www/py-django-admin-rangefilter; Added math/py-asteval

(adam)

py-django-admin-rangefilter: updated to 0.3.4

0.3.4:
Update setup.py for new pypi

0.3.3:
Bug fix

(adam)

py-lmfit: updated to 0.9.9

Version 0.9.9:
Lmfit now uses the asteval (https://github.com/newville/asteval) package
instead of distributing its own copy. The minimum required asteval version
is 0.9.12, which is available on PyPi. If you see import errors related to
asteval, please make sure that you actually have the latest version installed.

(adam)

py-asteval: added version 0.9.12

ASTEVAL is a safe(ish) evaluator of Python expressions and statements, using
Python's ast module. The idea is to provide a simple, safe, and robust
miniature mathematical language that can handle user-input. The emphasis here
is on mathematical expressions, and so many functions from numpy are imported
and used if available.

(adam)

py-pexpect: updated to 4.5.0

Version 4.5
* :class:~.spawn and :class:~.fdspawn now have a use_poll parameter.
  If this is True, they will use :func:select.poll instead of :func:select.select.
  poll() allows file descriptors above 1024, but it must be explicitly
  enabled due to compatibility concerns
* The :meth:.pxssh.login method has several new and changed options:
  * The option password_regex allows changing
    the password prompt regex, for servers that include password: in a banner
    before reaching a prompt
  * :meth:~.pxssh.login now allows for setting up SSH tunnels to be requested once
    logged in to the remote server. This option is ssh_tunnels
    The structure should be like this::
          {
            'local': ['2424:localhost:22'],  # Local SSH tunnels
            'remote': ['2525:localhost:22'],  # Remote SSH tunnels
            'dynamic': [8888],                # Dynamic/SOCKS tunnels
          }
  * The option spawn_local_ssh=False allows subsequent logins from the
    remote session and treats the session as if it was local
  * Setting sync_original_prompt=False will prevent changing the prompt to
    something unique, in case the remote server is sensitive to new lines at login
  * If ssh_key=True is passed, the SSH client forces forwarding the authentication
    agent to the remote server instead of providing a key

(adam)

Updated www/py-asgiref, www/py-channels, www/py-aiohttp

(adam)

py-aiohttp: updated to 3.1.3

3.1.3:
Fix cancellation broadcast during DNS resolve

(adam)

py-channels: updated to 2.1.0

2.1.0:
* Async HTTP Consumers and WebSocket Consumers both gained new functionality
  (groups, subprotocols, and an async HTTP variant)
* URLRouters now allow nesting
* Async login and logout functions for sessions
* Expiry and groups in the in-memory channel layer
* Improved Live Server test case
* More powerful OriginValidator
* Other small changes and fixes in the full release notes.

(adam)

py-asgiref: updated to 2.3.0

2.3.0:
* ApplicationCommunicator now has a receive_nothing() test available

(adam)

Updated devel/py-xopen, security/py-gssapi

(adam)

py-gssapi: updated to 1.5.0

v1.5.0: Jordan
Features
Added build support for mingw32
Implement gss_set_cred_option() and gss_set_sec_context_option()

Bugfixes
Handle GSS_NO_OID_SET when creating sets

(adam)

py-xopen: updated to 0.3.3

0.3.3:
Fix: No sys.stdin.buffer for Python 2

(adam)

Updated audio/mpg123, archivers/unrar, www/py-flask-admin, time/py-tzdata

(adam)

py-tzdata: updated to 2018.4

2018.4:
Unknown changes.

(adam)

py-flask-admin: updated to 1.5.1

1.5.1
Dropped Python 2.6 support
Fixed SQLAlchemy >= 1.2 compatibility
Fixed Pewee 3.0 compatibility
Fixed max year for a combo date inline editor
Lots of small bug fixes

(adam)

unrar: updated to 5.6.2

5.6.2:
Unknown changes

(adam)

mpg123: updated to 1.25.10

There briefly was a 1.25.9 release which was superseeded by 1.25.10 before a public announcement. Both amount to these fixes:
libout123: Fix error messages beginning from OUT123_ARG_ERROR (bug 261).
mpg123: Fix --icy-interval handling to work with stream from stdin. (curl | mpg123 --icy-interval=n -)
libmpg123: Fix another invalid read and segfault on damaged (fuzzed) files with part2_3_length == 0 (set maxband=1, pulled from upcoming 1.26.0).

(adam)

Updated sysutils/salt, sysutils/salt-docs

(adam)

salt: updated to 2018.3.0

2018.3.0:
LOTS OF DOCKER IMPROVEMENTS
FULL API SUPPORT FOR NETWORK MANAGEMENT
CUSTOM SUBNETS
NETWORK CONFIGURATION IN DOCKER_CONTAINER.RUNNING() STATES
USE SALTSSH MINIONS LIKE REGULAR MASTER-MINIONS
EXCEPTIONS RAISED FOR AUTHENTICATION/AUTHORIZATION ERRORS
COMPARISON OPERATORS IN PACKAGE INSTALLATION
MASTER TOPS CHANGES
SEVERAL JINJA FILTERS RENAMED
RETURN CODES FOR RUNNER/WHEEL FUNCTIONS
VARIABLE UPDATE INTERVALS FOR FILESERVER BACKENDS
LDAP VIA EXTERNAL AUTHENTICATION CHANGES
STORMPATH EXTERNAL AUTHENTICATION REMOVED
NEW (PROXY) MINION CONFIGURATION OPTIONS
ENVIRONMENT CONFIG OPTION RENAMED TO SALTENV
LOCK_SALTENV CONFIG OPTION ADDED
FAILED MINIONS FOR STATE/FUNCTION ORCHESTRATION JOBS ADDED TO CHANGES DICTIONARY
NEW GRAINS
SALT MINION AUTO-DISCOVERY

(adam)

Updated www/py-pylint-django, finance/py-braintree

(adam)

py-braintree: updated to 3.44.0

3.44.0
Add Dispute error ValidEvidenceRequiredToFinalize

(adam)

py-pylint-django: updated to 0.10.1

0.10.1:
CHANGELOG formatting issue

0.10.0:
Remove the compatibility layer for older astroid versions
Make flake8 happy.
Fix: compatibility with Python < 3.6 caused by ModuleNotFoundError not available on older versions of Python
Show README and CHANGELOG on PyPI.
Fix explicit unicode check with python_2_unicode_compatible base models
Suppress not-an-iterable message for 'objects'.
Teach pylint_django that objects.all() is subscriptable.
Suppress invalid-name for wsgi.application.
Add test for WSGIRequest.context.
Register transforms for FileField.
New checker pylint_django.checkers.db_performance. Enables checking of migrations and reports when there's an AddField operation with a default value which may slow down applying migrations on large tables. This may also lead to production tables being locked while migrations are being applied.
Suppress no-member for factory.SubFactory objects. Useful when model factories use factory.SubFactory() for foreign key relations.

(adam)

Updated devel/py-cython, textproc/py-text-unidecode, devel/py-faker, security/py-cryptodome

(adam)

py-cryptodome: updated to 3.6.0

3.6.0:
New features
Introduced export_key and deprecated exportKey for DSA and RSA key objects.
Ciphers and hash functions accept memoryview objects in input.
Added support for SHA-512/224 and SHA-512/256.

Resolved issues
Reintroduced Crypto.__version__ variable as in PyCrypto.
Fixed compilation problem with MinGW.

(adam)

py-faker: updated to 0.8.13

0.8.13:
Add no_NO bank provider.
Add ipv4_network_class, ipv4_private, ipv4_public providers.
Add address_class and private arguments to ipv4 provider.
Add currency, currency_name, cryptocurrency, cryptocurrency_code and cryptocurrency_name to currency provider.
Add automotive provider for de_DE.
Fix edgecases for Finnish ssn provider.
Add job provider for pt_BR.
Add unix_device and unix_partition to file provider.
Add random_lowercase_letter and random_uppercase_letter to the base provider.
Clarify CLI help.

(adam)

py-text-unidecode: updated to 1.2

1.2:
Bug fixes.

(adam)

py-cython: updated to 0.28.2

0.28.2 (2018-04-13)
Features added
abs() is faster for Python long objects.
The C++11 methods front() and end() were added to the declaration of libcpp.string.
The C++11 methods reserve() and bucket_count() are declared for libcpp.unordered_map.

Bugs fixed
The copy of a read-only memoryview was considered read-only as well, whereas a common reason to copy a read-only view is to make it writable. The result of the copying is now a writable buffer by default.
The switch statement generation failed to apply recursively to the body of converted if-statements.
NULL was sometimes rejected as exception return value when the returned type is a fused pointer type.
Fixed compatibility with PyPy 5.11.

Other changes
The NumPy tutorial was rewritten to use memoryviews instead of the older buffer declaration syntax.

(adam)

Added www/py-wstools; Updated net/py-soappy

(adam)

py-soappy: updated to 0.12.22

0.12.22:
- proper usage of config property inside objects.
- dump user defined types with handler functions (can be used to override dump
  of built-in types).

0.12.21:
- Dispatching custom objects, slots supported.

0.12.20:
- better version handling
- display summary on pypi
- non disclosed intermediate release to polish pypi output

(adam)

py-wstools: added version 0.4.8

WSDL parsing services package for Web Services for Python

(adam)

Updated databases/sqlite3, devel/lemon

(adam)

sqlite: updated to 3.23.1

SQLite Release 3.23.1:
Fix two problems in the new LEFT JOIN strength reduction optimization.
Fix misbehavior of the FTS5 xBestIndex method.
Fix a harmless reference to an uninitialized virtual machine register.
Fix the CLI so that it builds with -DSQLITE_UNTESTABLE
Fix the eval.c extension so that it works with PRAGMA empty_result_callbacks=ON.
Fix the generate_series virtual table so that it correctly returns no rows if any of its constraints are NULL.
Performance enhancements in the parser.

(adam)

Updated www/nginx-devel, security/libgpg-error, security/gnupg2

(adam)

gnupg2: updated to 2.2.6

Noteworthy changes in version 2.2.6:
* gpg,gpgsm: New option --request-origin to pretend requests coming
  from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
  released lock.
* gpg: Emit FAILURE status lines in almost all cases.
* gpg: Implement --dry-run for --passwd to make checking a key's
  passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
  signatures.
* gpg: Better user interaction in --card-edit for the factory-reset
  sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
  explicit "key-attr" sub-command.
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup.
* scd: Fix some issues with PC/SC on Windows.
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer.
* agent: Use separate passphrase caches depending on the request
  origin.
* ssh: Support signature flags.
* dirmngr: Handle failures related to missing IPv6 support
  gracefully.
* Fix corner cases related to specified home directory with
  drive letter on Windows.
* Allow the use of UNC directory names as homedir.

(adam)

libgpg-error: updated to 1.29

Noteworthy changes in version 1.29:
* The yat2m tool is during cross-compile now also installed on the
  host platform.
* New option parser and associated functions similar to the one used
  by GnuPG.
* New Base-64 encoder.
* Fixes regression in 1.28 for arm64 and w64 builds.
* Interface changes relative to the 1.28 release:
gpgrt_argparse                  New.
gpgrt_usage                    New.
gpgrt_strusage                  New.
gpgrt_set_strusage              New.
gpgrt_set_usage_outfnc          New.
gpgrt_set_fixed_string_mapper  New.
GPGRT_ENABLE_ARGPARSE_MACROS    New macro.
gpgrt_b64enc_start              New.
gpgrt_b64enc_write              New.
gpgrt_b64enc_finish            New.

(adam)

nginx-devel: updated to 1.13.12

Changes with nginx 1.13.12:
*) Bugfix: connections with gRPC backends might be closed unexpectedly
  when returning a large response.

Changes with nginx 1.13.11:
*) Feature: the "proxy_protocol" parameter of the "listen" directive now
  supports the PROXY protocol version 2.
*) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on
  Linux.
*) Bugfix: in the "http_404", "http_500", etc. parameters of the
  "proxy_next_upstream" directive.

(adam)

nginx: updated optional modules: luajit, encrypted-session, headers-more, push, rtmp

(adam)

Updated devel/py-jaraco_util, devel/py-deprecation, devel/py-test-mock,  net/py-responses

(adam)

py-responses: updated to 0.9.0

0.9.0
- Support for Python 3.7
- Support streaming responses for BaseResponse
- Support custom patch targets for mock
- Fix unicode support for passthru urls
- Fix support for unicode in domain names and tlds

(adam)

py-test-mock: updated to 1.9.0

1.9.0
Add support for the recently added assert_called_once method in Python 3.6 and mock-2.0.

(adam)

py-deprecation: updated to 2.0.1

2.0.1:
Bug fixes.

(adam)

py-jaraco_util: updated to 11.0

11.0
* Removed deprecated modules and functions.

(adam)

Updated devel/git to 2.17.0

(adam)

git: updated to 2.17.0

Git 2.17:

UI, Workflows & Features
* "diff" family of commands learned "--find-object=<object-id>" option
  to limit the findings to changes that involve the named object.
* "git format-patch" learned to give 72-cols to diffstat, which is
  consistent with other line length limits the subcommand uses for
  its output meant for e-mails.
* The log from "git daemon" can be redirected with a new option; one
  relevant use case is to send the log to standard error (instead of
  syslog) when running it from inetd.
* "git rebase" learned to take "--allow-empty-message" option.
* "git am" has learned the "--quit" option, in addition to the
  existing "--abort" option; having the pair mirrors a few other
  commands like "rebase" and "cherry-pick".
* "git worktree add" learned to run the post-checkout hook, just like
  "git clone" runs it upon the initial checkout.
* "git tag" learned an explicit "--edit" option that allows the
  message given via "-m" and "-F" to be further edited.
* "git fetch --prune-tags" may be used as a handy short-hand for
  getting rid of stale tags that are locally held.
* The new "--show-current-patch" option gives an end-user facing way
  to get the diff being applied when "git rebase" (and "git am")
  stops with a conflict.
* "git add -p" used to offer "/" (look for a matching hunk) as a
  choice, even there was only one hunk, which has been corrected.
  Also the single-key help is now given only for keys that are
  enabled (e.g. help for '/' won't be shown when there is only one
  hunk).
* Since Git 1.7.9, "git merge" defaulted to --no-ff (i.e. even when
  the side branch being merged is a descendant of the current commit,
  create a merge commit instead of fast-forwarding) when merging a
  tag object.  This was appropriate default for integrators who pull
  signed tags from their downstream contributors, but caused an
  unnecessary merges when used by downstream contributors who
  habitually "catch up" their topic branches with tagged releases
  from the upstream.  Update "git merge" to default to --no-ff only
  when merging a tag object that does *not* sit at its usual place in
  refs/tags/ hierarchy, and allow fast-forwarding otherwise, to
  mitigate the problem.
* "git status" can spend a lot of cycles to compute the relation
  between the current branch and its upstream, which can now be
  disabled with "--no-ahead-behind" option.
* "git diff" and friends learned funcname patterns for Go language
  source files.
* "git send-email" learned "--reply-to=<address>" option.
* Funcname pattern used for C# now recognizes "async" keyword.
* In a way similar to how "git tag" learned to honor the pager
  setting only in the list mode, "git config" learned to ignore the
  pager setting when it is used for setting values (i.e. when the
  purpose of the operation is not to "show").

Performance, Internal Implementation, Development Support etc.
* More perf tests for threaded grep
* "perf" test output can be sent to codespeed server.
* The build procedure for perl/ part has been greatly simplified by
  weaning ourselves off of MakeMaker.
* Perl 5.8 or greater has been required since Git 1.7.4 released in
  2010, but we continued to assume some core modules may not exist and
  used a conditional "eval { require <<module>> }"; we no longer do
  this.  Some platforms (Fedora/RedHat/CentOS, for example) ship Perl
  without all core modules by default (e.g. Digest::MD5, File::Temp,
  File::Spec, Net::Domain, Net::SMTP).  Users on such platforms may
  need to install these additional modules.
* As a convenience, we install copies of Perl modules we require which
  are not part of the core Perl distribution (e.g. Error and
  Mail::Address).  Users and packagers whose operating system provides
  these modules can set NO_PERL_CPAN_FALLBACKS to avoid installing the
  bundled modules.
* In preparation for implementing narrow/partial clone, the machinery
  for checking object connectivity used by gc and fsck has been
  taught that a missing object is OK when it is referenced by a
  packfile specially marked as coming from trusted repository that
  promises to make them available on-demand and lazily.
* The machinery to clone & fetch, which in turn involves packing and
  unpacking objects, has been told how to omit certain objects using
  the filtering mechanism introduced by another topic.  It now knows
  to mark the resulting pack as a promisor pack to tolerate missing
  objects, laying foundation for "narrow" clones.
* The first step to getting rid of mru API and using the
  doubly-linked list API directly instead.
* Retire mru API as it does not give enough abstraction over
  underlying list API to be worth it.
* Rewrite two more "git submodule" subcommands in C.
* The tracing machinery learned to report tweaking of environment
  variables as well.
* Update Coccinelle rules to catch and optimize strbuf_addf(&buf, "%s", str)
* Prevent "clang-format" from breaking line after function return type.
* The sequencer infrastructure is shared across "git cherry-pick",
  "git rebase -i", etc., and has always spawned "git commit" when it
  needs to create a commit.  It has been taught to do so internally,
  when able, by reusing the codepath "git commit" itself uses, which
  gives performance boost for a few tens of percents in some sample
  scenarios.
* Push the submodule version of collision-detecting SHA-1 hash
  implementation a bit harder on builders.
* Avoid mmapping small files while using packed refs (especially ones
  with zero size, which would cause later munmap() to fail).
* Conversion from uchar[20] to struct object_id continues.
* More tests for wildmatch functions.
* The code to binary search starting from a fan-out table (which is
  how the packfile is indexed with object names) has been refactored
  into a reusable helper.
* We now avoid using identifiers that clash with C++ keywords.  Even
  though it is not a goal to compile Git with C++ compilers, changes
  like this help use of code analysis tools that targets C++ on our
  codebase.
* The executable is now built in 'script' phase in Travis CI integration,
  to follow the established practice, rather than during 'before_script'
  phase.  This allows the CI categorize the failures better ('failed'
  is project's fault, 'errored' is build environment's).
* Writing out the index file when the only thing that changed in it
  is the untracked cache information is often wasteful, and this has
  been optimized out.
* Various pieces of Perl code we have have been cleaned up.
* Internal API clean-up to allow write_locked_index() optionally skip
  writing the in-core index when it is not modified.

(adam)

Updated www/py-cheroot, devel/py-codestyle

(adam)

py-codestyle: updated to 2.4.0

2.4.0 (2018-04-10)
New checks:
Add W504 warning for checking that a break doesn���t happen after a binary operator. This check is ignored by default.
Add W605 warning for invalid escape sequences in string literals.
Add W606 warning for ���async��� and ���await��� reserved keywords being introduced in Python 3.7.
Add E252 error for missing whitespace around equal sign in type annotated function arguments with defaults values.

Changes:
An internal bisect search has replaced a linear search in order to improve efficiency.
pycodestyle now uses PyPI trove classifiers in order to document supported python versions on PyPI.
���setup.cfg��� ���[wheel]��� section has been renamed to ���[bdist_wheel]���, as the former is legacy.
pycodestyle now handles very long lines much more efficiently for python 3.2+.
You can now write ���pycodestyle.StyleGuide(verbose=True)��� instead of ���pycodestyle.StyleGuide(verbose=True, paths=[���-v���])��� in order to achieve verbosity.
The distribution of pycodestyle now includes the license text in order to comply with open source licenses which require this.
���maximum_line_length��� now ignores shebang (���#!���) lines.
Add configuration option for the allowed number of blank lines. It is implemented as a top level dictionary which can be easily overwritten.

Bugs:
Prevent a ���DeprecationWarning���, and a ���SyntaxError��� in future python, caused by an invalid escape sequence.
Correctly report E501 when the first line of a docstring is too long.
Support variable annotation when variable start by a keyword, such as class variable type annotations in python 3.6.
pycodestyle internals have been changed in order to allow ���python3 -m cProfile��� to report correct metrics.
Fix a spelling mistake in the description of E722.
���pycodestyle ���diff��� now does not break if your ���gitconfig��� enables ���mnemonicprefix���.

(adam)

py-cheroot: updated to 6.2.1

v6.2.1:
:pr:83: Fix regression, caused by inverted check for Windows OS.
Add more URLs to distribution metadata

v6.2.0:
:pr:37: Implement PEERCRED lookup over UNIX-socket HTTP connection.
Discover connected process' PID/UID/GID
Respect server switches: peercreds_enabled and peercreds_resolve_enabled
get_peer_creds and resolve_peer_creds methods on connection
peer_pid, peer_uid, peer_gid, peer_user and peer_group properties on connection
X_REMOTE_PID, X_REMOTE_UID, X_REMOTE_GID, X_REMOTE_USER (REMOTE_USER) and X_REMOTE_GROUP WSGI environment variables when enabled and supported
Per-connection caching to reduce lookup cost

(adam)

Updated time/py-pytz to 2018.4

(adam)

py-pytz: updated to 2018.4

2018.4:
Bug fixes.

(adam)

Updated www/py-cheroot, www/py-bleach

(adam)

py-bleach: updated to 2.1.3

Version 2.1.3:

**Security fixes**
* Attributes that have URI values weren't properly sanitized if the
  values contained character entities. Using character entities, it
  was possible to construct a URI value with a scheme that was not
  allowed that would slide through unsanitized.

  This security issue was introduced in Bleach 2.1. Anyone using
  Bleach 2.1 is highly encouraged to upgrade.

**Bug fixes**
* Fixed some other edge cases for attribute URI value sanitizing and
  improved testing of this code.

(adam)

py-cheroot: updated to 6.1.2

v6.1.2
- :issue:81: Fix regression introduced by :pr:80.
  * Restore :py:attr:storing bound socket
    <cheroot.server.HTTPServer.bind_addr> in Windows broken by use of
    :py:obj:socket.AF_UNIX

v6.1.1
- :pr:80: Fix regression introduced by :commit:68a5769.
  * Get back support for :py:obj:socket.AF_UNIX in stored bound address in
    :py:attr:cheroot.server.HTTPServer.bind_addr

(adam)

Updated www/py-h11, fonts/py-fonttools

(adam)

py-fonttools: updated to 3.25.0

3.25.0:
[varLib] Improved support-resolution algorithm. Previously, the on-axis masters would always cut the space. They don窶冲 anymore. That窶冱 more consistent, and fixes the main issue Erik showed at TYPO Labs 2017. Any varfont built that had an unusual master configuration will change when rebuilt
[varLib.models] Added a main() entry point, that takes positions and prints model results.
[varLib.plot] Added new module to plot a designspace窶冱 VariationModel. Requires matplotlib.
[varLib.mutator] Added -o option to specify output file path
[otTables] Fixed IndexError while pruning of HVAR pre-write
[varLib.models] Convert delta array to floats if values overflows signed short integer

(adam)

py-h11: updated to 0.8.0

v0.8.0:

Backwards incompatible changes:
h11 now performs stricter validation on outgoing header names and header values: illegal characters are now rejected (example: you can't put a newline into an HTTP header), and header values with leading/trailing whitespace are also rejected (previously h11 would silently discard the whitespace). All these checks were already performed on incoming headers; this just extends that to outgoing headers.
New features:
New method :meth:Connection.send_failed, to notify a :class:Connection object when data returned from :meth:Connection.send was not sent.

Bug fixes:
Make sure that when computing the framing headers for HEAD responses, we produce the same results as we would for the corresponding GET.
Error out if a request has multiple Host: headers.
Send the Host: header first, as recommended by RFC 7230.
The Expect: header is case-insensitive, so use case-insensitive matching when looking for 100-continue.

Other changes:
Better error messages in several cases.
Provide correct error_status_hint in exception raised when encountering an invalid Transfer-Encoding header.
For better compatibility with broken servers, h11 now tolerates responses where the reason phrase is missing (not just empty).
Various optimizations and documentation improvements.

(adam)

Updated devel/py-dulwich, net/py-xandikos

(adam)

py-xandikos: updated to 0.0.9

0.0.9:
Bug fixes.

(adam)

py-dulwich: updated to 0.19.2

0.19.2:
BUG FIXES
* Fix deprecated Index.iterblobs method.

0.19.1:
IMPROVEMENTS
* Add 'dulwich.mailmap' file for reading mailmap files.
* Dulwich no longer depends on urllib3[secure]. Instead,
  "dulwich[https]" can be used to pull in the necessary
  dependencies for HTTPS support.
* Support the `http.sslVerify` and `http.sslCAInfo`
  configuration options.
* Factor out `dulwich.client.parse_rsync_url` function.
* Fix repeat HTTP requests using the same smart HTTP client.
* New 'client.PLinkSSHVendor' for creating connections using PuTTY's plink.exe.
* Only pass in `key_filename` and `password` to SSHVendor
  implementations if those parameters are set.
  (This helps with older SSHVendor implementations)

API CHANGES
* Index.iterblobs has been renamed to Index.iterobjects.

(adam)

Updated audio/py-last, textproc/py-jellyfish, archivers/py-zstandard, devel/py-pyutil

(adam)

py-pyutil: updated to 3.1.0

3.1.0:
Bug fixes.

(adam)

py-zstandard: updated to 0.9.0

0.9.0:

Backwards Compatibility Notes

CFFI 1.11 or newer is now required (previous requirement was 1.8).
The primary module is now zstandard. Please change imports of zstd and zstd_cffi to import zstandard. See the README for more. Support for importing the old names will be dropped in the next release.
ZstdCompressor.read_from() and ZstdDecompressor.read_from() have been renamed to read_to_iter(). read_from() is aliased to the new name and will be deleted in a future release.
Support for Python 2.6 has been removed.
Support for Python 3.3 has been removed.
The selectivity argument to train_dictionary() has been removed, as the feature disappeared from zstd 1.3.
Support for legacy dictionaries has been removed. Cover dictionaries are now the default. train_cover_dictionary() has effectively been renamed to train_dictionary().
The allow_empty argument from ZstdCompressor.compress() has been deleted and the method now allows empty inputs to be compressed by default.
estimate_compression_context_size() has been removed. Use CompressionParameters.estimated_compression_context_size() instead.
get_compression_parameters() has been removed. Use CompressionParameters.from_level() instead.
The arguments to CompressionParameters.__init__() have changed. If you were using positional arguments before, the positions now map to different arguments. It is recommended to use keyword arguments to construct CompressionParameters instances.
TARGETLENGTH_MAX constant has been removed (it disappeared from zstandard 1.3.4).
ZstdCompressor.write_to() and ZstdDecompressor.write_to() have been renamed to ZstdCompressor.stream_writer() and ZstdDecompressor.stream_writer(), respectively. The old names are still aliased, but will be removed in the next major release.
Content sizes are written into frame headers by default (ZstdCompressor(write_content_size=True) is now the default).
CompressionParameters has been renamed to ZstdCompressionParameters for consistency with other types. The old name is an alias and will be removed in the next major release.

Bug Fixes

Fixed memory leak in ZstdCompressor.copy_stream().
Fixed memory leak in ZstdDecompressor.copy_stream().
Fixed memory leak of ZSTD_DDict instances in CFFI's ZstdDecompressor.

New Features

Bundlded zstandard library upgraded from 1.1.3 to 1.3.4. This delivers various bug fixes and performance improvements. It also gives us access to newer features.
Support for negative compression levels.
Support for long distance matching (facilitates compression ratios that approach LZMA).
Supporting for reading empty zstandard frames (with an embedded content size of 0).
Support for writing and partial support for reading zstandard frames without a magic header.
New stream_reader() API that exposes the io.RawIOBase interface (allows you to .read() from a file-like object).
Several minor features, bug fixes, and performance enhancements.
Wheels for Linux and macOS are now provided with releases.

Changes

Functions accepting bytes data now use the buffer protocol and can accept more types (like memoryview and bytearray).
Add #includes so compilation on OS X and BSDs works.
New ZstdDecompressor.stream_reader() API to obtain a read-only i/o stream of decompressed data for a source.
New ZstdCompressor.stream_reader() API to obtain a read-only i/o stream of compressed data for a source.
Renamed ZstdDecompressor.read_from() to ZstdDecompressor.read_to_iter(). The old name is still available.
Renamed ZstdCompressor.read_from() to ZstdCompressor.read_to_iter(). read_from() is still available at its old location.
Introduce the zstandard module to import and re-export the C or CFFI backend as appropriate. Behavior can be controlled via the PYTHON_ZSTANDARD_IMPORT_POLICY environment variable. See README for usage info.
Vendored version of zstd upgraded to 1.3.4.
Added module constants CONTENTSIZE_UNKNOWN and CONTENTSIZE_ERROR.
Add STRATEGY_BTULTRA compression strategy constant.
Switch from deprecated ZSTD_getDecompressedSize() to ZSTD_getFrameContentSize() replacement.
ZstdCompressor.compress() can now compress empty inputs without requiring special handling.
ZstdCompressor and ZstdDecompressor now have a memory_size() method for determining the current memory utilization of the underlying zstd primitive.
train_dictionary() has new arguments and functionality for trying multiple variations of COVER parameters and selecting the best one.
Added module constants LDM_MINMATCH_MIN, LDM_MINMATCH_MAX, and LDM_BUCKETSIZELOG_MAX.
Converted all consumers to the zstandard new advanced API, which uses ZSTD_compress_generic()
CompressionParameters.__init__ now accepts several more arguments, including support for long distance matching.
ZstdCompressionDict.__init__ now accepts a dict_type argument that controls how the dictionary should be interpreted. This can be used to force the use of content-only dictionaries or to require the presence of the dictionary magic header.
ZstdCompressionDict.precompute_compress() can be used to precompute the compression dictionary so it can efficiently be used with multiple ZstdCompressor instances.
Digested dictionaries are now stored in ZstdCompressionDict instances, created automatically on first use, and automatically reused by all ZstdDecompressor instances bound to that dictionary.
All meaningful functions now accept keyword arguments.
ZstdDecompressor.decompressobj() now accepts a write_size argument to control how much work to perform on every decompressor invocation.
ZstdCompressor.write_to() now exposes a tell(), which exposes the total number of bytes written so far.
ZstdDecompressor.stream_reader() now supports seek() when moving forward in the stream.
Removed TARGETLENGTH_MAX constant.
Added frame_header_size(data) function.
Added frame_content_size(data) function.
Consumers of ZSTD_decompress* have been switched to the new advanced decompression API.
ZstdCompressor and ZstdCompressionParams can now be constructed with negative compression levels.
ZstdDecompressor now accepts a max_window_size argument to limit the amount of memory required for decompression operations.
FORMAT_ZSTD1 and FORMAT_ZSTD1_MAGICLESS constants to be used with the format compression parameter to control whether the frame magic header is written.
ZstdDecompressor now accepts a format argument to control the expected frame format.
ZstdCompressor now has a frame_progression() method to return information about the current compression operation.
Error messages in CFFI no longer have b'' literals.
Compiler warnings and underlying overflow issues on 32-bit platforms have been fixed.
Builds in CI now build with compiler warnings as errors. This should hopefully fix new compiler warnings from being introduced.
Make ZstdCompressor(write_content_size=True) and CompressionParameters(write_content_size=True) the default.
CompressionParameters has been renamed to ZstdCompressionParameters.

(adam)

py-jellyfish: updated to 0.6.0

0.6.0:
fix quite a few bugs & differences between C/Py implementations
add wagner-fischer testdata
uppercase soundex result
better error handling in nysiis, soundex, and jaro

(adam)

py-last: updated to 2.2.0

2.2.0:
Bug fixes.

(adam)

Updated textproc/py-openpyxl, devel/py-bcolz

(adam)

py-bcolz: updated to 1.2.0

1.2.0:
This is a minor release that essentially updates internal C-Blosc sources to 1.14.2. This is important for forward compatibility reasons. Because of this an update is highly recommended.
Also, support for Python 2.6 and 3.4 has been dropped.

(adam)

py-openpyxl: updated to 2.5.2

2.5.2:
Bugfixes
* High memory use when reading text-heavy files.
* Copying merged cells copies references.
* Cannot set comment size.
* Exception when trying to save workbooks with no views.
* Cannot delete last row or column.
* Cannot read Drawings containing embedded images.

(adam)

Updated devel/py-test-mock, www/py-django-cmsplugin_gallery

(adam)

py-django-cmsplugin_gallery: updated to 1.0.1

1.0.1:
Bug fixes.

(adam)

py-test-mock: updated to 1.8.0

1.8.0
Add aliases for NonCallableMock and create_autospec to mocker.

(adam)

Updated www/py-djangorestframework; Added www/py-drf-nested-routers

(adam)

py-drf-nested-routers: added version 0.90.2

This package provides routers and fields to create nested resources in the
Django Rest Framework. Nested resources are needed for full REST URL structure,
if one resource lives inside another.

(adam)

py-djangorestframework: updated to 3.8.2

Version 3.8.2:
Fix read_only + default unique_together validation.
authtoken.views import coreapi from rest_framework.compat, not directly.
Docs: Add missing argument 'detail' to Route

(adam)

fuse-ntfs-3g: added missing commit

(adam)

Updated devel/py-ipython, www/py-notebook

(adam)

py-notebook: updated to 5.4.1

5.4.1
A security release to fix CVE-2018-8768.

5.4.0
Fix creating files and folders after navigating directories in the dashboard
Enable printing notebooks in colour, removing the CSS that made everything black and white
Limit the completion options displayed in the notebook to 1000, to avoid performance issues with very long lists
Accessibility improvements in tree.html
Added alt-text to the kernel logo image in the notebook UI
Added a test on Travis CI to flag if symlinks are accidentally introduced in the future. This should prevent the issue that necessitated :ref:release-5.3.1
Use lowercase letters for random IDs generated in our Javascript
Removed duplicate code setting TextCell.notebook

(adam)

py-ipython: updated to 6.3.1

IPython 6.3.1

This is a bugfix release to switch the default completions back to IPython's own completion machinery. We discovered some problems with the completions from Jedi, including completing column names on pandas data frames.

You can switch the completions source with the config option :configtrait:Completer.use_jedi.

(adam)

py-Send2Trash: updated HOMEPAGE

(adam)

Updated devel/py-astroid, net/py-dnsdiag

(adam)

py-dnsdiag: updated to 1.6.4

1.6.4:
General improvements and bug fix release

(adam)

py-pylint: require newer py-astroid

(adam)

py-astroid: updated to 1.6.3

1.6.3:
Bug fixes.

(adam)

Updated devel/py-pylint, textproc/py-sphinx-rtd-theme

(adam)

py-sphinx-rtd-theme: updated to 0.3.0

0.3.0 Release

New Features
-------------
* Add html language attribute
* Allow setting 'rel' and 'title' attributes for stylesheets
* Add option to style external links
* Add github, gitlab, bitbucket page arguments option
* Add pygments support
* Add setuptools entry point allowing to use ``sphinx_rtd_theme`` as
  Sphinx ``html_theme`` directly.
* Add language to the JS output variable

Fixes
-----
* Fix some HTML warnings and errors
* Fix many styling issues
* Fix many sidebar glitches
* Fix line number spacing to align with the code lines
* Hide Edit links on auto created pages
* Include missing font files with the theme

Other Changes
--------------
* Significant improvement of our documentation
* Compress our Javascript files
* Updated dependencies

(adam)

py-pylint: updated to 1.8.4

pylint-1.8.4:
Fix lint errors

(adam)

Updated devel/ccache, www/py-aiohttp

(adam)

py-aiohttp: updated to 3.1.2

3.1.2:
Make LineTooLong exception more detailed about actual data size
Call on_chunk_sent when write_eof takes as a param the last chunk

(adam)

ccached: updated to 3.4.2

ccache 3.4.2

Bug fixes:

The cleanup algorithm has been fixed to not misbehave when files are removed by another process while the cleanup process is running. Previously, too many files could be removed from the cache if multiple cleanup processes were triggered at the same time, in extreme cases trimming the cache to a much smaller size than the configured limits.

Correctly hash preprocessed headers located in a “.gch directory”. Previously, ccache would not pick up changes to such precompiled headers, risking false positive cache hits.

Fixed build failure when using the bundled zlib sources.

ccache 3.3.5 added a workaround for not triggering Clang errors when a precompiled header’s dependency has an updated timestamp (but identical content). That workaround is now only applied when the compiler is Clang.

Made it possible to perform out-of-source builds in dev mode again.

(adam)

py-pyelftools: enable all Python versions; enable tests; use ALTERNATIVES

(adam)

py-pysha3: Python 3.6 is supported as well; clean-ups

(adam)

Updated devel/py-jupyter_client, devel/py-hypothesis

(adam)

py-hypothesis: updated to 3.55.0

3.55.0:
This release includes several improvements to the handling of the :obj:~hypothesis.settings.database setting.

The :obj:~hypothesis.settings.database_file setting was a historical artefact, and you should just use :obj:~hypothesis.settings.database directly.
The :envvar:HYPOTHESIS_DATABASE_FILE environment variable is deprecated, in favor of :meth:~hypothesis.settings.load_profile and the :obj:~hypothesis.settings.database setting.
If you have not configured the example database at all and the default location is not usable (due to e.g. permissions issues), Hypothesis will fall back to an in-memory database. This is not persisted between sessions, but means that the defaults work on read-only filesystems.

3.54.0:
This release improves the :func:~hypotheses.strategies.complex_numbers strategy, which now supports min_magnitude and max_magnitude arguments, along with allow_nan and allow_infinity like for :func:~hypotheses.strategies.floats.

3.53.0:
This release removes support for Django 1.8, which reached end of life on 2018-04-01.

(adam)

py-jupyter_client: updated to 5.2.3

5.2.3:
- Fix hang on close in :class:.ThreadedKernelClient (used in QtConsole)
  when using tornado with asyncio
- Fix errors when using deprecated :attr:.KernelManager.kernel_cmd

(adam)

python: allow :test in PYTHON_VERSIONED_DEPENDENCIES

(adam)

Updated devel/py-wheel, archivers/py-lz4

(adam)

py-lz4: updated to 1.1.0

1.1.0:
This release removes the deprecated functions which were marked as remove in 1.0, but nonetheless remained:
lz4.lz4version()
LZ4FrameCompressor.finalize()
As a side effect, we noo longer have a dependency on the deprecation package.

(adam)

py-wheel: updated to 0.31.0

0.31.0
- Fixed displaying of errors on Python 3
- Fixed single digit versions in wheel files not being properly recognized
- Fixed wrong character encodings being used (instead of UTF-8) to read and
  write RECORD (this sometimes crashed bdist_wheel too)
- Enabled Zip64 support in wheels by default
- Metadata-Version is now 2.1
- Dropped DESCRIPTION.rst and metadata.json from the list of generated files
- Dropped support for the non-standard, undocumented provides-extra and
  requires-dist keywords in setup.cfg metadata
- Deprecated all wheel signing and signature verification commands
- Removed the (already defunct) tool extras from setup.py

(adam)

Updated www/py-djangorestframework, finance/py-braintree, www/py-cfscrape

(adam)

py-cfscrape: updated to 1.9.5

1.9.5 - Parse updated IUAM Javascript challenge

(adam)

py-braintree: updated to 3.43.0

3.43.0
Add oauth_access_revocation to WebhookNotifications
Add support for customer_id, disbursement_date and history_event_effective_date in DisputeSearch
Remove sepa_mandate_type and sepa_mandate_acceptance_location params from ClientToken
Add support for VCR compelling evidence dispute representment

(adam)

py-djangorestframework: updated to 3.8.1

Version 3.8.1:
Use old url_name behavior in route decorators
For list_route and detail_route maintain the old behavior of url_name,
basing it on the url_path instead of the function name.

Version 3.8:
Breaking Change: Alter read_only plus default behaviour.
Correct allow_null behaviour when required=False
Refactor dynamic route generation and improve viewset action introspectibility.
Fix formatting of the 3.7.4 release note
Docs: Update DRF Writable Nested Serializers references
Docs: Fixed typo in auth URLs example.
Improve composite field child errors
Disable HTML inputs for dict/list fields
Fix typo in HostNameVersioning doc
Use rsplit to get module and classname for imports
Formalize URLPatternsTestCase
Add exception translation test
Test staticfiles
Add drf-yasg to documentation and schema 3rd party packages
Remove unused compat._resolve_model()
Drop compat workaround for unsupported Python 3.2
Prefer iter(dict) over iter(dict.keys())
Pass python_requires argument to setuptools
Remove unused links from docs
Prefer https protocol for links in docs when available
Add HStoreField, postgres fields tests
Always fully qualify ValidationError in docs
Remove unreachable code from ManualSchema
Allowed customising API documentation code samples
Updated docs to use pip show
Load 'static' instead of 'staticfiles' in templates
Fixed a typo in fields docs
Refer to "NamespaceVersioning" instead of "NamespacedVersioning" in the documentation
ErrorDetail: add __eq__/__ne__ and __repr__
Replace background-attachment: fixed in docs
Make 404 & 403 responses consistent with exceptions.APIException output
Small fix to API documentation: schemas
Fix schema generation for PrimaryKeyRelatedField
Represent serializer DictField as an Object in schema
Added docs example reimplementing ObtainAuthToken
Add schema to the ObtainAuthToken view
Fix request formdata handling
Fix authtoken views imports
Update pytest, isort
Fixed active timezone handling for non ISO8601 datetimes.
Made TemplateHTMLRenderer render IntegerField inputs when value is 0.
Corrected endpoint in tutorial instructions
Add Django Rest Framework Role Filters to Third party packages
Use single copy of static assets. Update jQuery
Changes ternary conditionals to be PEP308 compliant
Added links to 'A Todo List API with React' and 'Blog API' tutorials
Fix comment typo in ModelSerializer
Add admin to installed apps to avoid test failures.
Fixed schema for UUIDField in SimpleMetadata.
Corrected docs on router include with namespaces.
Test using model objects for dotted source default
Allow traversing nullable related fields
Added: Tutorial: Django REST with React (Django 2.0)
Add LimitOffsetPagination.get_count to allow method override
Don't show hidden fields in metadata
Enable OrderingFilter to handle an empty tuple (or list) for the 'ordering' field.
Added generic 500 and 400 JSON error handlers.

(adam)

Updated x11/gtk3, emulators/fuse-emulator

(adam)

fuse-emulator: updated to 1.5.2

1.5.2:
Emulate ROM bug loading zero length blocks when using tape traps
Fix the format of double-sided +3 disks
Spectrum reset is accelerated when phantom typist is enabled and a file is loaded from the menu
Add options UI for phantom typist
GTK+ 3 UI: Memory browser dialog allows to go to specific offset

1.5.1:
Prevent crash when we try to disassemble an instruction with many DD or FD prefixes
Fix crash when setting debugger variables
Prevent crash when we try to profile an instruction with many DD or FD prefixes
GTK+ UI: Improve behaviour of default button on dialogs
GTK+ and win32 UIs: Support hex numbers in load/save binary and pokefinder dialogs
SDL UI: Allow to select the video mode used in full-screen

(adam)

gtk3: updated to 3.22.29

Changes in GTK+ 3.22.29

* Wayland
- add an input method based on the text protocol

* File chooser
- Stop activating without double-click

* Bugs fixed:
  GtkInfoBar not shown after calling gtk_widget_show
  Better deprecation information for GtkStatusIcon
  gdkscreen-x11: Don't try to calculate a refresh rate for RandR 1.3...
  GtkListBoxRow signal poorly documented

* Translation updates

(adam)

Updated devel/py-buildbot

(adam)

py-buildbot: updated to 1.1.0

Buildbot 1.1.0:

Deprecations and Removals:
Removed ramlfication as a dependency to build the docs and run the tests.

Bug fixes:
Fixed buildrequests API doesn窶冲 provide properties data
Fix missing owner on builder build table
Include hipchat as reporter.
Fix encoding issues of commands with Windows workers
Fixed Relax builder name length restriction
Fix the configuration order so that services can actually use secrets
Partially fix Builder page should show the worker information

Features:
Added the defaultProperties parameter to builders.
When a build step has a log called 窶徭ummary窶� (case-insensitive), the Build Summary page will sort that log first in the list of logs, and automatically expand it.

Buildbot 1.0.0:

Despite the major version bump, Buildbot 1.0.0 does not have major difference with the 0.9 series. 1.0.0 is rather the mark of API stability. Developers do not foresee a major API break in the next few years like we had for 0.8 to 0.9.

Starting with 1.0.0, Buildbot will follow semver versioning methodology.

Bug fixes:
Cloning Git repository with submodules now works with Git < 1.7.6 instead of failing due to the use of the unsupported --force option.
GitHub hook now properly creates a change in case of new tag or new branch. GitHub changes will have the category set to tag when a tag was pushed to easily distinguish from a branch push.
Fixed issue with Master.expireMasters not always honoring its forceHouseKeeping parameter.
Fixed issue with steps not correctly ending in CANCELLED status when interrupted.
Fix maximum recursion limit issue when transferring large files with LocalWorker (issue:3014).
Added an argument to P4Source that allows users to provide a callable to convert Perforce branch and revision to a valid revlink URL. Perforce supplies a p4web server for resolving urls into change lists.
Fixed issue with buildbot_pkg` not hanging on yarn step on windows
Fix issue with workers notify_on_missing not able to be configurable as a single string instead of list of string
Fixed Builder page should display worker name instead of id

Features:
Add capability to override the default UI settings
All Reporters have been adapted to be able to use Secret. SVNPoller has been adapted to be able to use Secret.
Implement support for Bitbucket Cloud webhook plugin in BitbucketCloudEventHandler
The owners property now includes people associated with the changes of the build
The repo source step now syncs with the --force-sync flag which allows the sync to proceed when a source repo in the manifest has changed.
Add support for compressing the repo source step cache tarball with pigz, a parallel gzip compressor.

(adam)

Bumped devel/py-setuptools_trial, devel/py-txgithub

(adam)

py-txgithub: use ALTERNATIVES; bump revision

(adam)

py-setuptools_trial: avoid conflict between Python versions; fix DEPENDS; bump revision

(adam)

Updated databases/sqlite3, devel/lemon

(adam)

sqlite3: updated to 3.23.0

SQLite Release 3.23.0:

Add the sqlite3_serialize() and sqlite3_deserialize() interfaces when the SQLITE_ENABLE_DESERIALIZE compile-time option is used.
Recognize TRUE and FALSE as constants. (For compatibility, if there exist columns named "true" or "false", then the identifiers refer to the columns rather than Boolean constants.)
Support operators IS TRUE, IS FALSE, IS NOT TRUE, and IS NOT FALSE.
Added the SQLITE_DBSTATUS_CACHE_SPILL option to sqlite3_db_status() for reporting the number of cache spills that have occurred.
The "alternate-form-2" flag ("!") on the built-in printf implementation now causes string substitutions to measure the width and precision in characters instead of bytes.
If the xColumn method in a virtual table implementation returns an error message using sqlite3_result_error() then give that error message preference over internally-generated messages.
Added the -A command-line option to the CLI to make it easier to manage SQLite Archive files.
Add support for INSERT OR REPLACE, INSERT OR IGNORE, and UPDATE OR REPLACE in the Zipfile virtual table.
Enhance the sqlite3changeset_apply() interface so that it is hardened against attacks from deliberately corrupted changeset objects.
Added the sqlite3_normalize() extension function.

Query optimizer enhancements:
Improve the omit-left-join optimization so that it works in cases where the right-hand table is UNIQUE but not necessarily NOT NULL.
Improve the push-down optimization so that it works for many LEFT JOINs.
Add the LEFT JOIN strength reduction optimization that converts a LEFT JOIN into an ordinary JOIN if there exist terms in the WHERE clause that would prevent the extra all-NULL row of the LEFT JOIN from appearing in the output set.
Avoid unnecessary writes to the sqlite_sequence table when an AUTOINCREMENT table is updated with an rowid that is less than the maximum.

Bug fixes:
Fix the parser to accept valid row value syntax.
Fix the query planner so that it takes into account dependencies in the arguments to table-valued functions in subexpressions in the WHERE clause.
Fix incorrect result with complex OR-connected WHERE and STAT4.
Fix potential corruption in indexes on expressions due to automatic datatype conversions.
Assertion fault in FTS4.
Incorrect result on the less-than operator in row values.
Always interpret non-zero floating-point values as TRUE, even if the integer part is zero.
Fix an issue in the fsdir(PATH) table-valued function to the fileio.c extension, that caused a segfault if the fsdir() table was used as the inner table of a join.
Issue an error rather instead of an assertion-fault or null-pointer dereference when the sqlite_master table is corrupted so that the sqlite_sequence table root page is really a btree-index page.
Fix the ANALYZE command so that it computes statistics on tables whose names begin with "sqlite".

Additional fixes for issues detected by OSSFuzz:
Fix a possible infinite loop on VACUUM for corrupt database files.
Disallow parameters in the WITH clause of triggers and views.
Fix a potential memory leak in row value processing.
Improve the performance of the replace() SQL function for cases where there are many substitutions on megabyte-sized strings, in an attempt to avoid OSSFuzz timeouts during testing.
Provide an appropriate error message when the sqlite_master table contains a CREATE TABLE AS statement. Formerly this caused either an assertion fault or null pointer dereference. Problem found by OSSFuzz on the GDAL project.
Incorrect assert() statement removed.
Fix a problem with using the LIKE optimization on an INTEGER PRIMARY KEY.

(adam)

Updated devel/py-construct, net/py-botocore, net/py-boto3, net/py-awscli

(adam)

py-awscli: updated to 1.4.69

1.14.69
api-change:es: Update es command to latest version
api-change:apigateway: Update apigateway command to latest version
api-change:cloudfront: Update cloudfront command to latest version

1.14.68
api-change:connect: Update connect command to latest version
api-change:acm: Update acm command to latest version

1.14.67
api-change:ssm: Update ssm command to latest version
api-change:cloudformation: Update cloudformation command to latest version
api-change:alexaforbusiness: Update alexaforbusiness command to latest version
api-change:greengrass: Update greengrass command to latest version

1.14.66
api-change:sts: Update sts command to latest version
api-change:iam: Update iam command to latest version
api-change:mturk: Update mturk command to latest version

1.14.65
api-change:acm: Update acm command to latest version

1.14.64
api-change:dynamodb: Update dynamodb command to latest version

1.14.63
api-change:rds: Update rds command to latest version

(adam)

py-boto3: updated to 1.6.22

1.6.22
api-change:cloudfront: [botocore] Update cloudfront client to latest version
api-change:apigateway: [botocore] Update apigateway client to latest version
api-change:es: [botocore] Update es client to latest version

1.6.21
api-change:connect: [botocore] Update connect client to latest version
api-change:acm: [botocore] Update acm client to latest version

1.6.20
api-change:greengrass: [botocore] Update greengrass client to latest version
api-change:cloudformation: [botocore] Update cloudformation client to latest version
api-change:ssm: [botocore] Update ssm client to latest version
api-change:alexaforbusiness: [botocore] Update alexaforbusiness client to latest version

1.6.19
api-change:mturk: [botocore] Update mturk client to latest version
api-change:sts: [botocore] Update sts client to latest version
api-change:iam: [botocore] Update iam client to latest version

1.6.18
api-change:acm: [botocore] Update acm client to latest version

(adam)

py-botocore: updated to 1.9.22

1.9.22
api-change:cloudfront: Update cloudfront client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:es: Update es client to latest version

1.9.21
api-change:connect: Update connect client to latest version
api-change:acm: Update acm client to latest version

1.9.20
api-change:greengrass: Update greengrass client to latest version
api-change:cloudformation: Update cloudformation client to latest version
api-change:ssm: Update ssm client to latest version
api-change:alexaforbusiness: Update alexaforbusiness client to latest version

1.9.19
api-change:mturk: Update mturk client to latest version
api-change:sts: Update sts client to latest version
api-change:iam: Update iam client to latest version

1.9.18
api-change:acm: Update acm client to latest version

(adam)

py-construct: updated to 2.9.43

2.9.43:
Bug fixes.

(adam)

py-Tk: Darwin does not need libX11

(adam)

Updated www/py-autobahn, www/py-httptools

(adam)

py-httptools: updated to 0.0.11

v0.0.11:
* Add should_upgrade() method

(adam)

py-autobahn: updated to 18.3.1

18.3.1
fix: endpoint configuration error messages
fix: various improvements to the new components API (including retries)
fix: pass unregisterProducer through to twisted to complement WebSocketAdapterProtocol.registerProducer

(adam)

Updated devel/libuv, net/nmap

(adam)

nmap: updated to 7.70

7.70:
We're excited to make our first Nmap release of 2018--version 7.70!  It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate.

(adam)

libuv: updated to 1.20.0

1.20.0:
* unix,spawn: respect user stdio flags for new pipe
* Revert "Revert "unix,tcp: avoid marking server sockets connected""
* req: revisions to uv_req_t handling
* win: remove unnecessary initialization
* win: update uv_os_homedir() to use uv_os_getenv()
* test: fix tcp_oob test flakiness
* posix: fix uv__pollfds_del() for invalidated fd's
* doc: README: add note on installing gyp
* unix: refactor uv_os_homedir to use uv_os_getenv
* unix: fix several instances of lost errno
* win,tty: update several TODO comments
* unix: add UV_FS_COPYFILE_FICLONE support
* test: fix connect_unspecified
* unix,win: add UV_FS_COPYFILE_FICLONE_FORCE support
* win: use long directory name for handle->dirw
* build: build with -D_FILE_OFFSET_BITS=64 again
* win, fs: fix uv_fs_unlink for +R -A files
* win, fs: use FILE_WRITE_ATTRIBUTES when opening files
* unix: use __PASE__ on IBM i platforms
* test,freebsd: fix flaky poll tests
* test: increase connection timeout to 1 second
* win,tcp: handle canceled connect with ECANCELED

(adam)

Updated time/py-icalendar, net/py-xandikos

(adam)

py-xandikos: updated to 0.0.7

0.0.7:
Bug fixes.

(adam)

py-icalendar: updated to 4.0.1

4.0.1:
Added rudimentary command line interface.
Readme, setup and travis updates.

4.0.0:
Breaking changes: Drop support for Python 2.6 and 3.3.

(adam)

Added devel/py-backcall; Updated devel/py-ipython, devel/py-ipython5

(adam)

py-ipython5: updated to 5.6.0

IPython 5.6
In Python 3.6 and above, dictionaries preserve the order items were added to them. On these versions, IPython will display dictionaries in their native order, rather than sorting by the keys
ProgressBar can now be used as an iterator
The shell object gains a check_complete() method, to allow a smoother transition to new input processing machinery planned for IPython 7
IPython should start faster, as it no longer looks for all available pygments styles on startup

(adam)

py-ipython: updated to 6.3.0

IPython 6.3 contains all the bug fixes and features in IPython 5.6. In addition:

A new display class IPython.display.Code can be used to display syntax highlighted code in a notebook
The %%html magic now takes a --isolated option to put the content in an iframe
The code to find completions using the Jedi library has had various adjustments. This is still a work in progress, but we hope this version has fewer annoyances
The post event callbacks are now always called, even when the execution failed (for example because of a SyntaxError).
The execution info and result objects are now made available in the corresponding pre or post *_run_cell event callbacks in a backward compatible manner
Performance with very long code cells (hundreds of lines) is greatly improved

(adam)

py-backcall: added version 0.1.0

Specifications for callback functions passed in to an API

If your code lets other people supply callback functions, it's important to
specify the function signature you expect, and check that functions support
that. Adding extra parameters later would break other peoples code unless
you're careful.

backcall provides a way of specifying the callback signature using a prototype
function.

(adam)

py-oauthlib: changed LICENSE to modified-bsd

(adam)

Updated devel/py-path.py, security/py-oauthlib

(adam)

py-oauthlib: updated to 2.0.7

2.0.7:
Moved oauthlib into new organization on GitHub.
Include license file in the generated wheel package.
When deploying a release to PyPI, include the wheel distribution.
Check access token in self.token dict.
Added bottle-oauthlib to docs.
Update repository location in Travis.
Updated docs for organization change.
Replace G+ with Gitter.
Update requirements.
Add shields for Python versions, license and RTD.
Fix ReadTheDocs build
Fixed "make" command to test upstream with local oauthlib.
Replace IRC notification with Gitter Hook.
Added Github Releases deploy provider.

(adam)

py-path.py: updated to 11.0.1

11.0.1:
Fixed test failures on BSD.
Refreshed package metadata.

(adam)

Updated graphics/py-Pillow, print/py-weasyprint

(adam)

py-weasyprint: updated to 0.42.3

v0.42.3:
Bug fixes:
* Fix floating-point number error to fix floating box layout
* Don't optimize resume_at when splitting lines with trailing spaces
* Fix table layout with no overflow
* Fix inline box breaking function
* Split replaced_min_content_width and replaced_max_content_width
* Respect text direction and don't translate rtl columns twice
* Get only first line's width of inline children to get linebox width

(adam)

py-Pillow: updated to 5.1.0

5.1.0:
Close fp before return in ImagingSavePPM
Added documentation for ICNS append_images
Docs: Move intro text below its header
CI: Rename appveyor.yml as .appveyor.yml
Fix TypeError for JPEG2000 parser feed
Certain corrupted jpegs can result in no data read
Add support for BLP file format
Simplify version checks
Fix "invalid escape sequence" warning on Python 3.6+
Allow append_images to set .icns scaled images
Support appending to existing PDFs
Fix and improve efficient saving of ICNS on macOS
Build: Enable pip cache in AppVeyor build
Trim trailing whitespace
Docs: Correct reference to Image.new method
Rearrange ImageFilter classes into alphabetical order
Test: Remove duplicate line
Build: Update AppVeyor PyPy version
Tiff: Open 8 bit Tiffs with 5 or 6 channels, discarding extra channels
Readme: Added Twitter badge
Removed __main__ code from ImageCms
Test: Changed assert statements to unittest calls
Depends: Update libimagequant to 2.11.10, raqm to 0.5.0, freetype to 2.9
Remove _imaging.crc32 in favor of builtin Python crc32 implementation
Move Tk directory to src directory
Enable pip cache in Travis CI
Remove unused and duplicate imports
Docs: Changed documentation references to 2.x to 2.7
Fix memory leak when opening webp files
Setup: Fix "TypeError: 'NoneType' object is not iterable" for PPC and CRUX
Setup: Add libdirs for ppc64le and armv7l

(adam)

Updated www/py-django2, www/py-django

(adam)

py-django: updated to 1.11.12

Django 1.11.12:
Bugfixes:
Fixed a regression in Django 1.11.8 where combining two annotated values_list() querysets with union(), difference(), or intersection() crashed due to mismatching columns.
Fixed a regression in Django 1.11 where an empty choice could be initially selected for the SelectMultiple and CheckboxSelectMultiple widgets

(adam)

py-django2: updated to 2.0.4

Django 2.0.4:
Bugfixes:
Fixed a crash when filtering with an Exists() annotation of a queryset containing a single field.
Fixed admin autocomplete widget窶冱 translations for zh-hans and zh-hant languages.
Corrected admin窶冱 autocomplete widget to add a space after custom classes.
Fixed PasswordResetConfirmView crash when using a user model with a UUIDField primary key and the reset URL contains an encoded primary key value that decodes to an invalid UUID.
Fixed a regression in Django 1.11.8 where combining two annotated values_list() querysets with union(), difference(), or intersection() crashed due to mismatching columns.
Fixed a regression in Django 1.11 where an empty choice could be initially selected for the SelectMultiple and CheckboxSelectMultiple widgets.
Fixed a regression in Django 2.0 where OpenLayersWidget deserialization ignored the widget map窶冱 SRID and assumed 4326

(adam)

Updated devel/py-packaging, math/py-scipy

(adam)

py-scipy: updated to 1.0.1

SciPy 1.0.1 is a bug-fix release with no new features compared to 1.0.0.
Probably the most important change is a fix for an incompatibility between
SciPy 1.0.0 and numpy.f2py in the NumPy master branch.

(adam)

py-packaging: updated to 17.1

17.1:
Fix utils.canonicalize_version when supplying non PEP 440 versions.

17.0:
Drop support for python 2.6, 3.2, and 3.3.
Define minimal pyparsing version to 2.0.2.
Add epoch, release, pre, dev, and post attributes to Version and LegacyVersion.
Add Version().is_devrelease and LegacyVersion().is_devrelease to make it easy to determine if a release is a development release.
Add utils.canonicalize_version to canonicalize version strings or Version instances

(adam)

Updated devel/cmake, misc/stellarium, multimedia/mkvtoolnix

(adam)

mkvtoolnix: updated to 22.0.0

Version 22.0.0 "At The End Of The World"

New features and enhancements
* mkvmerge, MKVToolNix GUI multiplexer: AC-3, DTS, TrueHD: added an option for
  removing/minimizing the dialog normalization gain for all supported types of
  the mentioned codecs.
* mkvmerge: AV1: added support for reading AV1 video from IVF, WebM and
  Matroska files.
* mkvmerge: FLAC: mkvmerge can now ignore ID3 tags in FLAC files which would
  otherwise prevent mkvmerge from detecting the file type.
* mkvinfo: the size and positions of frames within "SimpleBlock" and
  "BlockGroup" elements are now shown the same way they're shown for other
  elements (by adding the `-v -v` and `-z` options).
* MKVToolNix GUI: multiplexer: added options for deriving the track languages
  from the file name by searching for ISO 639-1/639-2 language codes or
  language names enclosed in non-word, non-space characters (e.g. "…[ger]…"
  for German or "…+en+…" for English).
* MKVToolNix GUI: info tool: implemented reading all elements in the file
  after the first cluster. Only top-level elements are shown; child elements
  are only loaded on demand.
* MKVToolNix GUI: info tool: added a context menu with the option to show a
  hex dump of the element with the bytes making up the EBML ID and the size
  portion highlighted in different colors. In-depth highlighting is done for
  the data in `SimpleBlock` and `Block` elements.
* MKVToolNix GUI: chapter editor: added an option to remove all end timestamps
  to the "additional modifications" dialog.

Bug fixes
* mkvmerge: MP4 reader: fixed reading the ESDS audio header atom if it is
  located inside a "wave" atom inside the "stsd" atom.
* mkvmerge: MP4 reader: AAC audio tracks signalling eight channels in the
  track headers but only seven in the codec-specific configuration will be
  treated as having eight channels.
* mkvmerge: MPEG TS reader: fixed wrong handling of the continuity counter for
  TS packets that signal that TS payload is present but where the adaptation
  field spans the whole TS packet.
* mkvmerge: the 'document type version' and 'document type read version'
  header fields are now set depending on which elements are actually written,
  not on which features are active (e.g. if a `SimpleBlock` is never written,
  then the 'read version' won't be set to 2 anymore).
* mkvmerge: the 'document type version' header field is now set to 4 correctly
  if any of the version 4 Matroska elements is written.
* mkvinfo: summary mode: the file positions reported for frames in
  `BlockGroup` elements did not take the bytes used for information such as
  timestamp, track number flags or lace sizes into account. They were
  therefore too low.
* mkvpropedit, MKVToolNix GUI header editor: the 'document type version' and
  'document type read version' header fields are now updated if elements
  written by the changes require higher version numbers.
* mkvpropedit, MKVToolNix GUI header editor: mandatory elements can now be
  deleted if there's a default value for them in the specifications.
* source code: fixed a compilation error on FreeBSD with clang++ 5.0.

Build system changes
* A compilation database (in the form of a file `compile_commands.json`) can
  be built automatically if the variable `BUILD_COMPILATION_DATABASE` is set
  to `yes` (e.g. as `rake BUILD_COMPILATION_DATABASE=yes`).

(adam)

stellarium: updated to 0.18.0

The major changes of this version:
* Added support Hierarchical Progressive Surveys [HiPS] (Hello visualization of
  multiwavelength universe in the Stellarium)
* Updated and extended AstroCalc tool
* Added support a Hickson Compact Group collection
* Updated code and data

(adam)

cmake: updated to 3.11.0

Some of the more significant changes in CMake 3.11 are:

The Makefile Generators and the “Ninja” generator learned to add
compiler launcher tools along with the compiler for the “Fortran”
language (“C”, “CXX”, and “CUDA” were supported previously). See the
“CMAKE_<LANG>_COMPILER_LAUNCHER” variable and
“<LANG>_COMPILER_LAUNCHER” target property for details.

Visual Studio Generators learned to support the “COMPILE_LANGUAGE”
“generator expression” in target-wide “COMPILE_DEFINITIONS”,
“INCLUDE_DIRECTORIES”, “COMPILE_OPTIONS”, and “file(GENERATE)”. See
generator expression documentation for caveats.

The “Xcode” Generator learned to support the “COMPILE_LANGUAGE”
“generator expression” in target-wide “COMPILE_DEFINITIONS” and
“INCLUDE_DIRECTORIES”. It previously supported only
“COMPILE_OPTIONS” and “file(GENERATE)”. See generator expression
documentation for caveats.

“add_library()” and “add_executable()” commands can now be called
without any sources and will not complain as long as sources are
added later via the “target_sources()” command.

The “target_compile_definitions()” command learned to set the
“INTERFACE_COMPILE_DEFINITIONS” property on Imported Targets.

The “target_compile_features()” command learned to set the
“INTERFACE_COMPILE_FEATURES” property on Imported Targets.

The “target_compile_options()” command learned to set the
“INTERFACE_COMPILE_OPTIONS” property on Imported Targets.

The “target_include_directories()” command learned to set the
“INTERFACE_INCLUDE_DIRECTORIES” property on Imported Targets.

The “target_sources()” command learned to set the
“INTERFACE_SOURCES” property on Imported Targets.

The “target_link_libraries()” command learned to set the
“INTERFACE_LINK_LIBRARIES” property on Imported Targets.

The “COMPILE_DEFINITIONS” source file property learned to support
“generator expressions”.

A “COMPILE_OPTIONS” source file property was added to manage list
of options to pass to the compiler.

When using “AUTOMOC” or “AUTOUIC”, CMake now starts multiple
parallel “moc” or “uic” processes to reduce the build time. A new
“CMAKE_AUTOGEN_PARALLEL” variable and “AUTOGEN_PARALLEL” target
property may be set to specify the number of parallel “moc” or “uic”
processes to start. The default is derived from the number of CPUs
on the host.

(adam)

Updated databases/openldap

(adam)

openldap: updated to 2.4.46

OpenLDAP 2.4.46 Release (2018/03/22)
Fixed libldap connection delete callbacks when TLS fails to start
Fixed libldap to not reuse tls_session if TLS hostname check fails
Fixed libldap cross-compiling with OpenSSL 1.1
Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method
Fixed libldap MozNSS CA certificate hash matching
Fixed libldap MozNSS with PEM certs when also using an NSS cert db
Fixed libldap MozNSS initialization
Fixed libldap GnuTLS with GNUTLS_E_AGAIN
Fixed libldap memory leak with cancel operations
Fixed slapd Eventlog registry key creation on 64-bit Windows
Fixed slapd to maintain SSF across SASL binds
Fixed slapd syncrepl deadlock when updating cookie
Fixed slapd syncrepl callback to always be last in the stack
Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens
Fixed slapd CSN queue processing
Fixed slapd-ldap TLS connection timeout with high latency connections
Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set
Fixed slapd-mdb with an optimization for long lived read transactions
Fixed slapd-meta assert when olcDbRewrite is modified
Fixed slapd-sock with LDAP_MOD_INCREMENT operations
Fixed slapo-accesslog cleanup to only occur on failed operations
Fixed slapo-dds entryTTL to actually decrease as per RFC 2589
Fixed slapo-syncprov memory leak with delete operations
Fixed slapo-syncprov to not clear pending operation when checkpointing
Fixed slapo-syncprov to correctly record contextCSN values in the accesslog
Fixed slapo-syncprov not to log checkpoints to accesslog db
Fixed slapo-syncprov to process changes from this SID on REFRESH
Fixed slapo-syncprov session log parsing to not block other operations
Build Environment
Fixed Windows build with newer MINGW version
Fixed compiler warnings and removed unused variables
Contrib
Fixed ldapc++ Control structure
Documentation
Delete stub manpage for back-ldbm
Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism
Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only
Fixed slapd-config(5) typo for olcTLSCipherSuite
Fixed slapo-syncprov(5) indexing requirements

(adam)

Updated devel/py-autopep8, time/py-dateutil

(adam)

py-dateutil: updated to 2.7.2

Version 2.7.2:

Bugfixes
- Fixed an issue with the setup script running in non-UTF-8 environment.

(adam)

py-autopep8: updated to 1.3.5

v1.3.5:
oad config value from flake8 section
fix bugs
support Python version: 2.7+ or 3.4+

(adam)

Updated security/py-cryptography, security/py-cryptography_vectors

(adam)

py-cryptography py-cryptography_vectors: updated to 2.2.2

2.2.2:
Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0h.

(adam)

Updated filesystems/libntfs, filesystems/fuse-ntfs-3g, sysutils/ntfsprogs

(adam)

filesystems/libntfs filesystems/libntfs sysutils/ntfsprogs: updated to 2017.3.23

STABLE Version 2017.3.2:
Delegated processing of special reparse points to external plugins
Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
Enabled fallback to read-only mount when the volume is hibernated
Made a full check for whether an extended attribute is allowed
Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap)
Enabled encoding broken UTF-16 into broken UTF-8
Autoconfigured selecting <sys/sysmacros.h> vs <sys/mkdev>
Allowed using the full library API on systems without extended attributes support
Fixed DISABLE_PLUGINS as the condition for not using plugins
Corrected validation of multi sector transfer protected records
Denied creating/removing files from $Extend
Returned the size of locale encoded target as the size of symlinks

(adam)

Updated databases/py-sqlalchemy, databases/py-sqlalchemy-utils

(adam)

py-sqlalchemy-utils: updated to 0.33.1

0.33.1:
Fixed EncryptedType for Oracle padding attack

(adam)

py-sqlalchemy: 1.2.6

Release 1.2.6 includes a variety of fixes including a connection-pool related issue which could cause a connection to be added to the pool without all of the "connect" event handlers being called.

(adam)

Updated www/py-aiohttp, www/py-httplib2

(adam)

py-httplib2: updated to 0.11.3

0.11.3
  No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis.

0.11.2
  proxy: py3 NameError basestring

0.11.1
  Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info

0.11.0
  Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5

  python3 proxy support

  If no_proxy environment value ends with comma then proxy is not used

  fix UnicodeDecodeError using socks5 proxy

  Respect NO_PROXY env var in proxy_info_from_url

  NO_PROXY=bar was matching foobar (suffix without dot delimiter)
  New behavior matches curl/wget:
  - no_proxy=foo.bar will only skip proxy for exact hostname match
  - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card

  Bugfix for Content-Encoding: deflate

(adam)

py-aiohttp: updated to 3.1.1

3.1.1:
Support asynchronous iterators (and asynchronous generators as well) in both client and server API as request / response BODY payloads.

(adam)

Updated graphics/jpegoptim, archivers/zstd

(adam)

zstd: updated to 1.3.4

The v1.3.4 release of Zstandard is focused on performance, and offers nice speed boost in most scenarios.

(adam)

jpegoptim: updated to 1.4.5

v1.4.5:
fix --overwrite option,
better error reporting for -d option,
fix memcmp() potentially reading past end of buffer,
some minor fixes

(adam)

py-Pillow: disabled mp_compile hack; it has problems with native parallel building

(adam)

py-tablib: Python 3 compatibility fixes

(adam)

qt5-{my|p}sql: sync with qt5-5.10.1

(adam)

py-pytables: fixed building

PYSETUPINSTALLARGS must not use PYSETUPBUILDARGS
It's an egg package
Depend on blosc.

(adam)

Removed duplicated PYSETUPINSTALLARGS

(adam)

Added missing patch

(adam)

Updated lang/python36

(adam)

python36: updated to 3.6.5

Python 3.6.5:

Security
* Minimal fix to prevent buffer overrun in os.symlink on Windows
* Regexes in difflib and poplib were vulnerable to catastrophic backtracking. These regexes formed potential DOS vectors (REDOS). They have been refactored. This resolves CVE-2018-1060 and CVE-2018-1061.

Core and Builtins
* Fixed jumping out of 窶忤ith窶� block by setting f_lineno.
* Prevent jumps from 窶腕eturn窶� and 窶脇xception窶� trace events.
* Update Valgrind suppression list to account for the rename of Py_ADDRESS_IN_RANG to address_in_range.
* Pdb and other debuggers dependent on bdb.py will correctly step over (next command) native coroutines.
* Improve suggestion when the Python 2 form of print statement is either present on the same line as the header of a compound statement or else terminated by a semi-colon instead of a newline.
* Fix possible crashing in builtin Unicode decoders caused by write out-of- bound errors when using customized decode error handlers.
* Improved frozenset() hash to create more distinct hash values when faced with datasets containing many similar values.
* The __debug__ constant is now optimized out at compile time. This fixes also bpo-22091.
* sys.flags.hash_randomization is now properly set to 0 when hash randomization is turned off by PYTHONHASHSEED=0.
* The optimizer is now protected from spending much time doing complex calculations and consuming much memory for creating large constants in constant folding.
* repr() on a dict containing its own values() or items() no longer raises RecursionError; OrderedDict similarly. Instead, use ..., as for other recursive structures.
* Leading whitespace is now correctly ignored when generating suggestions for converting Py2 print statements to Py3 builtin print function calls.
* The repr of deeply nested dict now raises a RecursionError instead of crashing due to a stack overflow.

Library
* lib2to3 now properly supports trailing commas after *args and **kwargs in function signatures.
* Avoid failing in multiprocessing.Process if the standard streams are closed or None at exit.
* Skip sending/receiving data after SSL transport closing.
* Fix ctypes pass-by-value for structs on 64-bit Cygwin/MinGW.
* Fix inspect.signature() for single-parameter partialmethods.
* Expose several missing constants in zlib and fix corresponding documentation.
* Fixed tarfile.itn handling of out-of-bounds float values.
* The ssl module now detects missing NPN support in LibreSSL.
* dbm.open() now encodes filename with the filesystem encoding rather than default encoding.
* In os.dup2, don窶冲 check every call whether the dup3 syscall exists or not.
* Rewrite confusing message from setup.py upload from 窶廸o dist file created in earlier command窶� to the more helpful 窶廴ust create and upload files in one command窶�.
* In tkinter, after_cancel(None) now raises a ValueError instead of canceling the first scheduled function.
* Make sure sys.argv remains as a list when running trace.
* Fixed asyncio.Condition issue which silently ignored cancellation after notifying and cancelling a conditional lock.
* Fixed refleaks of __init__() methods in various modules. (Contributed by Oren Milman)
* Fixed guessing quote and delimiter in csv.Sniffer.sniff() when only the last field is quoted.
* socket: Remove TCP_FASTOPEN, TCP_KEEPCNT flags on older version Windows during run-time.
* Fix a rare but potential pre-exec child process deadlock in subprocess on POSIX systems when marking file descriptors inheritable on exec in the child process. This bug appears to have been introduced in 3.4.
* The ctypes module used to depend on indirect linking for dlopen. The shared extension is now explicitly linked against libdl on platforms with dl.
* Fixed asyncio.Lock() safety issue which allowed acquiring and locking the same lock multiple times, without it being free.
* Do not include name field in SMTP envelope from address.
* Fix email address header parsing error when the username is an empty quoted string.
* distutils窶� upload command no longer corrupts tar files ending with a CR byte, and no longer tries to convert CR to CRLF in any of the upload text fields.
* uuid.uuid1 no longer raises an exception if a 64-bit hardware address is encountered.
* Fix the error handling in Aifc_read.initfp() when the SSND chunk is not found.
* On FreeBSD and Solaris, os.strerror() now always decode the byte string from the current locale encoding, rather than using ASCII/surrogateescape in some cases.
* The nis module is now compatible with new libnsl and headers location.
* Improve ABCMeta._dump_registry() output readability
* glibc has removed Sun RPC. Use replacement libtirpc headers and library in nis module.
* Ensure that truncate() preserves the file position (as reported by tell()) after writes longer than the buffer size.
* Don窶冲 unsubscribe signals in asyncio UNIX event loop on interpreter shutdown.
* The SSL module no longer sends IP addresses in SNI TLS extension on platforms with OpenSSL 1.0.2+ or inet_pton.
* urllib.parse.urlsplit() does not convert zone-id (scope) to lower case for scoped IPv6 addresses in hostnames now.
* Fix bdist_wininst of distutils for CRT v142: it binary compatible with CRT v140.
* A single empty field is now always quoted when written into a CSV file. This allows to distinguish an empty row from a row consisting of a single empty field.
* Raise NotImplementedError instead of SystemError on platforms where chmod(..., follow_symlinks=False) is not supported.
* The getnode() ip getter now uses 窶亙p link窶� instead of 窶亙p link list窶�.
* Ensure TCP_NODELAY is set on Linux. Tests by Victor Stinner.
* The locale.localeconv() function now sets temporarily the LC_CTYPE locale to the LC_NUMERIC locale to decode decimal_point and thousands_sep byte strings if they are non-ASCII or longer than 1 byte, and the LC_NUMERIC locale is different than the LC_CTYPE locale. This temporary change affects other threads.
Same change for the str.format() method when formatting a number (int, float, float and subclasses) with the n type (ex: '{:n}'.format(1234)).
* Importing native path module (posixpath, ntpath) now works even if the os module still is not imported.

(adam)

Fixed MASTER_SITES URL

(adam)

py-model_mommy: added missing files to PLIST

(adam)

Updated www/apache24

(adam)

ap-uwsgi: added CONFLICT with apache24>=2.4.30 as mod_proxy_uwsgi is built-in

(adam)

apache24: updated to 2.4.33

Changes with Apache 2.4.33

  *) core: Fix request timeout logging and possible crash for error_log hooks.

  *) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
    where children processes need to attach them instead since they are owned
    by the parent process already.

  *) ab: try all destination socket addresses returned by
    apr_sockaddr_info_get instead of failing on first one when not available.
    Needed for instance if localhost resolves to both ::1 and 127.0.0.1
    e.g. if both are in /etc/hosts.

  *) ab: Use only one connection to determine working destination socket
    address.

  *) ab: LibreSSL doesn't have or require Windows applink.c.

  *) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
    apr-util's bcrypt implementation doesn't tolerate EBCDIC.

  *) htpasswd/htdbm: report the right limit when get_password() overflows.

  *) htpasswd: Don't fail in -v mode if password file is unwritable.

  *) htpasswd: don't point to (unused) stack memory on output
    to make static analysers happy.

Changes with Apache 2.4.32

  *) mod_access_compat: Fail if a comment is found in an Allow or Deny
    directive.

  *) mod_authz_host: Ignore comments after "Require host", logging a
    warning, or logging an error if the line is otherwise empty.

  *) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
    Y2K38 bug.

  *) mod_ssl: Support SSL DN raw variable extraction without conversion
    to UTF-8, using _RAW suffix on variable names.

  *) ab: Fix https:// connection failures (regression in 2.4.30); fix
    crash generating CSV output for large -n.

Changes with Apache 2.4.31

  *) mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait
    parameters.

  *) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
    improper merging of the cache lock in vhost config.

  *) mpm_event: Do lingering close in worker(s).

  *) mpm_queue: Put fdqueue code in common for MPMs event and worker.

Changes with Apache 2.4.30

  *) SECURITY: CVE-2017-15710 (cve.mitre.org)
    Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled

  *) CVE-2018-1283 (cve.mitre.org)
    mod_session: CGI-like applications that intend to read from mod_session's
    'SessionEnv ON' could be fooled into reading user-supplied data instead.

  *) SECURITY: CVE-2018-1303 (cve.mitre.org)
    mod_cache_socache: Fix request headers parsing to avoid a possible crash
    with specially crafted input data.

  *) CVE-2018-1301 (cve.mitre.org)
    core: Possible crash with excessively long HTTP request headers.
    Impractical to exploit with a production build and production LogLevel.

  *) mod_authnz_ldap: Fix language long names detection as short name.

  *) mod_proxy: Worker schemes and hostnames which are too large are no
    longer fatal errors; it is logged and the truncated values are stored.

  *) CVE-2017-15715 (cve.mitre.org)
    core: Configure the regular expression engine to match '$' to the end of
    the input string only, excluding matching the end of any embedded
    newline characters. Behavior can be changed with new directive
    'RegexDefaultOptions'.

  *) SECURITY: CVE-2018-1312 (cve.mitre.org)
    mod_auth_digest: Fix generation of nonce values to prevent replay
    attacks across servers using a common Digest domain. This change
    may cause problems if used with round robin load balancers.

  *) mod_proxy: Allow setting options to globally defined balancer from
    ProxyPass used in VirtualHost. Balancers are now merged using the new
    merge_balancers method which merges the balancers options.

  *) logresolve: Fix incorrect behavior or segfault if -c flag is used
    Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823259

  *) mod_remoteip: Add support for PROXY protocol (code donated by Cloudzilla).
    Add ability for PROXY protocol processing to be optional to donated code.
    See also: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt

  *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
    allowing per backend TLS configuration.

  *) mod_proxy_uwsgi: Add in UWSGI proxy (sub)module.

  *) mod_proxy_balancer,mod_slotmem_shm: Rework SHM reuse/deletion to not
    depend on the number of restarts (non-Unix systems) and preserve shared
  *) CVE-2018-1302 (cve.mitre.org)
    mod_http2: Potential crash w/ mod_http2.

    names as much as possible on configuration changes for SHMs and persisted
    files.

  *) mod_http2: obsolete code removed, no more events on beam pool destruction,
    discourage content encoders on http2-status response (where they do not work).

  *) mpm_event: Let the listener thread do its maintenance job on resources
    shortage.

  *) mpm_event: Wakeup the listener to re-enable listening sockets.

  *) mod_ssl: The SSLCompression directive will now give an error if used
    with an OpenSSL build which does not support any compression methods.

  *) mpm_event,worker: Mask signals for threads created by modules in child
    init, so that they don't receive (implicitely) the ones meant for the MPM.

  *) mod_md: new experimental, module for managing domains across virtual hosts,
    implementing the Let's Encrypt ACMEv1 protocol to signup and renew
    certificates. Please read the modules documentation for further instructions
    on how to use it.

  *) mod_proxy_html: skip documents shorter than 4 bytes

  *) core, mpm_event: Avoid a small memory leak of the scoreboard handle, for
    the lifetime of the connection, each time it is processed by MPM event.

  *) mpm_event: Update scoreboard status for KeepAlive state.

  *) mod_ldap: Fix a case where a full LDAP cache would continually fail to
    purge old entries and log AH01323.

  *) mpm_event: close connections not reported as handled by any module to
    avoid losing track of them and leaking scoreboard entries.

  *) core: A signal received while stopping could have crashed the main
    process.

  *) mod_ssl: support for mod_md added.

  *) mod_proxy_html: process parsed comments immediately.
    Fixes bug (seen in the wild when used with IBM's HTTPD bundle)
    where parsed comments may be lost.

  *) mod_proxy_html: introduce doctype for HTML 5

  *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
    HTML/XHTML.

  *) mpm_event: avoid a very unlikely race condition between the listener and
    the workers when the latter fails to add a connection to the pollset.

  *) core: silently ignore a not existent file path when IncludeOptional
    is used.

  *) mod_macro: fix usability of globally defined macros in .htaccess files.

  *) mod_rewrite, core: add the Vary header when a condition evaluates to true
    and the related RewriteRule is used in a Directory context
    (triggering an internal redirect).

  *) ab: Make the TLS layer aware that the underlying socket is nonblocking,
    and use/handle POLLOUT where needed to avoid busy IOs and recover write
    errors when appropriate.

  *) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous
    read was incomplete (the SSL case can cause the next poll() to timeout
    since data are buffered already).

  *) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain
    information retrievals on null bucket beams where it makes sense.

(adam)

Updated www/py-django-admin-rangefilter

(adam)

py-django-admin-rangefilter: updated to 0.3.2

0.3.2:
- Compatibility Django 2.0

(adam)

Use parallel building for Python 3.5+ packages

(adam)

Updated devel/py-setuptools_scm

(adam)

py-setuptools_scm: updated to 1.17.0

v1.17.0:
fix regression in git support - use a function to ensure it works in egg isntalled mode
actually fail if file finding fails in order to see broken setups instead of generating broken dists

v1.16.2:
fix regression in handling git export ignores

v1.16.1
fix regression in support for old setuptools versions

v1.16.0
drop support for eol python versions
fix missuse in surogate-escape api
add the node-and-timestamp local version sheme
respect git export ignores
avoid shlex.split on windows
fix #218 - better handling of mercurial edge-cases with tag commits being considered as the tagged commit
fix #223 - remove the dependency on the interal SetupttoolsVersion as it was removed after long-standing deprecation

(adam)

Updated devel/py-quixote, www/py-scgi

(adam)

py-scgi: updated to 1.15

1.15:
Improve comments.

Close unwanted file descriptors.

In scgi_server.py, spawn_child() is called at startup to start the
first child and also from delegate_request() when more children are
needed. In the latter case, the parameter 'conn' is passed to
spawn_child() so that the newly-created child knows to close the
file descriptor it has inherited but doesn't need.

The bug is that in the latter case the new child also inherits
various other file descriptors which are not similarly closed,
namely the Unix sockets to its elder siblings, and the TCP listener
socket.

Improve Apache 2 mod_scgi error messages.

If the connection is aborted while sending the response, log an
error but don't generate an internal server error. This can happen
if the client closes the connection before the entire response has
been read. There's nothing the server can do about it.

When an error occurs while reading the response headers, don't
log an error since ap_scan_script_header_err_brigade() has already
done so.

(adam)

py-quixote: updated to 2.9.1

v2.9.1
    Add itervalues() and iteritems() methods to SessionManager.

    Allow unicode strings passed to redirect().

    Fix handling of __future__ import statements in PTL.

v2.9
    There was a packaging error for 2.8.  It included files not intended
    to be released which broke the 'ptl' package.  This release repairs
    that error and includes a small change to random session tokens.

    Use 128-bit random tokens for session keys and form tokens.

    Our previous 64-bit values should still be more than secure
    for web applications but recommended best practice is currently
    128-bit.  We use URL-safe base64 encoding so the length of
    the tokens is only a bit longer.

    Use base64 instead of hex encoding for util.randbytes()

v2.8
    Don't set duplicate ID attributes on radio inputs.

    ptl_import recompiles ptl files

    Since stat.st_mtime is a float in linux, _load_pyc will almost always
    recompile the ptl files.  Here's a patch to make the logic follow
    compile.c in python.

(adam)

Updated net/youtube-dl, devel/py-setuptools, devel/py-pip, devel/py-virtualenv, devel/git

(adam)

git: updated to 2.16.3

Git v2.16.3 Release Notes

* "git status" after moving a path in the working tree (hence making
  it appear "removed") and then adding with the -N option (hence
  making that appear "added") detected it as a rename, but did not
  report the  old and new pathnames correctly.

* "git commit --fixup" did not allow "-m<message>" option to be used
  at the same time; allow it to annotate resulting commit with more
  text.

* When resetting the working tree files recursively, the working tree
  of submodules are now also reset to match.

* Fix for a commented-out code to adjust it to a rather old API change
  around object ID.

* When there are too many changed paths, "git diff" showed a warning
  message but in the middle of a line.

* The http tracing code, often used to debug connection issues,
  learned to redact potentially sensitive information from its output
  so that it can be more safely sharable.

* Crash fix for a corner case where an error codepath tried to unlock
  what it did not acquire lock on.

* The split-index mode had a few corner case bugs fixed.

* Assorted fixes to "git daemon".

* Completion of "git merge -s<strategy>" (in contrib/) did not work
  well in non-C locale.

* Workaround for segfault with more recent versions of SVN.

* Recently introduced leaks in fsck have been plugged.

* Travis CI integration now builds the executable in 'script' phase
  to follow the established practice, rather than during
  'before_script' phase.  This allows the CI categorize the failures
  better ('failed' is project's fault, 'errored' is build
  environment's).

(adam)

py-virtualenv: updated to 15.2.0

15.2.0:
Upgrade setuptools to 39.0.1.
Upgrade pip to 9.0.3.
Upgrade wheel to 0.30.0.

(adam)

py-pip: updated to 9.0.3

9.0.3:
Fix an error where the vendored requests was not correctly containing itself to only the internal vendored prefix.
Restore compatability with 2.6.

(adam)

py-setuptools: updated to 39.0.1

v39.0.1
Restore Unicode handling for Maintainer fields in metadata.

v39.0.0:
Setuptools now vendors its own direct dependencies, no longer relying on the dependencies as vendored by pkg_resources.
Removed long-deprecated support for iteration on Version objects as returned by pkg_resources.parse_version. Removed the SetuptoolsVersion and SetuptoolsLegacyVersion names as well. They should not have been used, but if they were, replace with Version and LegacyVersion from packaging.version.

v38.7.0:
Add support for maintainer in PKG-INFO.

(adam)

youtube-dl: updated to 2018.03.20

youtube-dl 2018.03.20:

Core
[extractor/common] Improve thumbnail extraction for HTML5 entries
Generalize XML manifest processing code and improve XSPF parsing
[extractor/common] Add _download_xml_handle
[extractor/common] Add support for relative URIs in _parse_xspf

Extractors
[7plus] Extract series metadata
[9now] Bypass geo restriction
[cbs] Skip unavailable assets
[canalc2] Add support for HTML5 videos
[ceskatelevize] Add support for iframe embeds
[prosiebensat1] Add support for galileo.tv
[generic] Add support for xfileshare embeds
[bilibili] Switch to v2 playurl API
[bilibili] Fix and improve extraction
[heise] Improve extraction
[instagram] Fix user videos extraction

(adam)

Do not depend on setuptools-git.

(adam)

Added py-test-fixture-config, py-test-shutil, py-test-virtualenv

(adam)

Added py-test-fixture-config, py-test-shutil, py-test-virtualenv

(adam)

py-test-shutil: added version 1.3.0

This library is a goodie-bag of Unix shell and environment management tools for
automated tests. A summary of the available functions is below, look at the
source for the full listing.

(adam)