set NOT_FOR_BULK_PLATFORM

(spz)

Pullup #6848bis: add the change to lang/php/phpversion.mk for PHP83_VERSION
that pullup #6848 was supposed to contain but didn't.

(spz)

as discussed with schmonz@: solfege doesn't build on -10 due to:
pbulk    3199 99.0  0.0  87192  27196 pts/2 Ol+  10:44PM 358:30.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/inverting-intervals help/C/ly/inverting-intervals.ly
pbulk    9966 99.0  0.0  87552  27176 pts/2 Ol+  10:44PM 357:16.89 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-1 help/C/ly/theory-intervals-seconds-1.ly
pbulk  14989 99.0  0.0  87192  27204 pts/2 Ol+  10:44PM 358:51.72 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fourths help/C/ly/theory-intervals-fourths.ly
pbulk  25109 99.0  0.0  87192  27196 pts/2 Ol+  10:44PM 358:11.23 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-seconds-2 help/C/ly/theory-intervals-seconds-2.ly
pbulk  28250 99.0  0.0  87552  27164 pts/2 Ol+  10:44PM 359:00.45 /usr/pkg/bin/lilypond -I ../../C/ly --png -d backend=eps -o help/C/ly/theory-intervals-fifths help/C/ly/theory-intervals-fifths.ly
root    9813  0.0  0.0  20520    2120 pts/3 S+    4:50AM  0:00.00 grep lily

(spz)

#6833

(spz)

Pullup ticket #6833 - requested by bsiegert
sysutils/strace: bugfix

Revisions pulled up:
- sysutils/strace/Makefile                                      1.35

-------------------------------------------------------------------
  Module Name:  pkgsrc
  Committed By:  wiz
  Date:          Thu Jan 11 06:23:44 UTC 2024

  Modified Files:
          pkgsrc/sysutils/strace: Makefile

  Log Message:
  strace: remove incorrect pattern that disallows NetBSD<4

  NetBSD 4 has been desupported for so long, we don't need this any longer.

  Addresses PR 57834 by George Georgalis.

  To generate a diff of this commit:
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/strace/Makefile

(spz)

openssl: fix configure for NetBSD/i386

(spz)

py-rapidfuzz: sort out simd for i386

(spz)

rt5: depend on p5-Data-Page to make the install phase complete

(spz)

calibre: make conversion of books from plain text to epub work

(spz)

the previous change broke checksum, fix it

(spz)

Pullup ticket #6822 - requested by bsiegert
lang/go120: security update
lang/go121: security update
lang/go: metadata update
audio/gospt: revision bump
audio/ymuse: revision bump
chat/coyim: revision bump
chat/gomuks: revision bump
chat/matterircd: revision bump
chat/senpai: revision bump
chat/ssh-chat: revision bump
databases/go-ldap: revision bump
databases/influxdb: revision bump
databases/mongo-tools: revision bump
databases/mysqld_exporter: revision bump
databases/postgres_exporter: revision bump
databases/prometheus: revision bump
databases/promscale: revision bump
databases/sqlc: revision bump
databases/timescaledb-tune: revision bump
devel/asmfmt: revision bump
devel/conftest: revision bump
devel/errcheck: revision bump
devel/fq: revision bump
devel/git-lfs: revision bump
devel/go-ed25519: revision bump
devel/go-gocode: revision bump
devel/go-golang-lru: revision bump
devel/go-gopkgs: revision bump
devel/go-goptlib: revision bump
devel/go-goreturns: revision bump
devel/go-gox: revision bump
devel/go-impl: revision bump
devel/go-logrus: revision bump
devel/go-nbreader: revision bump
devel/go-pty: revision bump
devel/go-review: revision bump
devel/go-siphash: revision bump
devel/go-staticcheck: revision bump
devel/go-swagger: revision bump
devel/go-sys: revision bump
devel/go-tools: revision bump
devel/go-wire: revision bump
devel/go-xerrors: revision bump
devel/golangci-lint: revision bump
devel/golint: revision bump
devel/gomodifytags: revision bump
devel/gopls: revision bump
devel/goredo: revision bump
devel/gotags: revision bump
devel/gotests: revision bump
devel/govulncheck: revision bump
devel/lazygit: revision bump
devel/mob: revision bump
devel/nancy: revision bump
devel/opa: revision bump
devel/packr: revision bump
devel/reftools: revision bump
devel/regal: revision bump
devel/revive: revision bump
devel/shfmt: revision bump
devel/syft: revision bump
editors/micro: revision bump
filesystems/kubo: revision bump
graphics/gif2png: revision bump
lang/joker: revision bump
mail/opensmtpd-filter-rspamd: revision bump
mail/opensmtpd-filter-senderscore: revision bump
mail/postforward: revision bump
misc/exercism: revision bump
net/amazon-ecs-cli: revision bump
net/amfora: revision bump
net/bombadillo: revision bump
net/croc: revision bump
net/czds: revision bump
net/dnscontrol: revision bump
net/dnscrypt-proxy2: revision bump
net/gh: revision bump
net/go-dnstap: revision bump
net/go-net: revision bump
net/go-websocket: revision bump
net/gunison: revision bump
net/gvproxy: revision bump
net/hub: revision bump
net/ipget: revision bump
net/kubectl: revision bump
net/libquic: revision bump
net/mangos: revision bump
net/nats-server: revision bump
net/obfs4proxy: revision bump
net/rclone: revision bump
net/stern: revision bump
net/syncthing: revision bump
net/terraform-provider-archive: revision bump
net/terraform-provider-aws: revision bump
net/terraform-provider-kubernetes: revision bump
net/terraform-provider-local: revision bump
net/terraform-provider-null: revision bump
net/terraform-provider-random: revision bump
net/terraform-provider-template: revision bump
net/terraform-provider-vultr: revision bump
net/terraform: revision bump
net/tut: revision bump
net/vultr-cli: revision bump
pkgtools/pkglint: revision bump
security/2fa: revision bump
security/age: revision bump
security/amass: revision bump
security/authelia: revision bump
security/cfssl: revision bump
security/dnsx: revision bump
security/go-asn1-ber: revision bump
security/go-crypto: revision bump
security/go-getpass: revision bump
security/go-mkcert: revision bump
security/gopass: revision bump
security/httpx: revision bump
security/nuclei: revision bump
security/oauth2c: revision bump
security/osv-scanner: revision bump
security/subfinder: revision bump
security/tlsx: revision bump
security/trufflehog: revision bump
security/vault: revision bump
shells/elvish: revision bump
shells/oh-my-posh: revision bump
sysutils/beats: revision bump
sysutils/consul: revision bump
sysutils/direnv: revision bump
sysutils/fzf: revision bump
sysutils/goreman: revision bump
sysutils/lf: revision bump
sysutils/node_exporter: revision bump
sysutils/packer: revision bump
sysutils/podman: revision bump
sysutils/restic: revision bump
sysutils/vultr: revision bump
textproc/glow: revision bump
textproc/go-kr-text: revision bump
textproc/go-md2man: revision bump
textproc/go-mmark: revision bump
textproc/go-text: revision bump
textproc/miller: revision bump
textproc/sift: revision bump
www/apisprout: revision bump
www/caddy: revision bump
www/gitea: revision bump
www/go-ffuf: revision bump
www/go-minify: revision bump
www/gotosocial: revision bump
www/grafana: revision bump
www/hugo: revision bump
www/jira-cli: revision bump
www/mycorrhiza: revision bump
www/pup: revision bump
www/restish: revision bump
www/shoutrrr: revision bump

Revisions pulled up:
- lang/go/version.mk                                            1.194
- lang/go120/PLIST                                              1.10
- lang/go120/distinfo                                          1.12
- lang/go121/PLIST                                              1.4
- lang/go121/distinfo                                          1.4
- audio/gospt/Makefile                      by patch
- audio/ymuse/Makefile                      by patch
- chat/coyim/Makefile                        by patch
- chat/gomuks/Makefile                      by patch
- chat/matterircd/Makefile                  by patch
- chat/senpai/Makefile                      by patch
- chat/ssh-chat/Makefile                    by patch
- databases/go-ldap/Makefile                by patch
- databases/influxdb/Makefile                by patch
- databases/mongo-tools/Makefile            by patch
- databases/mysqld_exporter/Makefile        by patch
- databases/postgres_exporter/Makefile      by patch
- databases/prometheus/Makefile              by patch
- databases/promscale/Makefile              by patch
- databases/sqlc/Makefile                    by patch
- databases/timescaledb-tune/Makefile        by patch
- devel/asmfmt/Makefile                      by patch
- devel/conftest/Makefile                    by patch
- devel/errcheck/Makefile                    by patch
- devel/fq/Makefile                          by patch
- devel/git-lfs/Makefile                    by patch
- devel/go-ed25519/Makefile                  by patch
- devel/go-gocode/Makefile                  by patch
- devel/go-golang-lru/Makefile              by patch
- devel/go-gopkgs/Makefile                  by patch
- devel/go-goptlib/Makefile                  by patch
- devel/go-goreturns/Makefile                by patch
- devel/go-gox/Makefile                      by patch
- devel/go-impl/Makefile                    by patch
- devel/go-logrus/Makefile                  by patch
- devel/go-nbreader/Makefile                by patch
- devel/go-pty/Makefile                      by patch
- devel/go-review/Makefile                  by patch
- devel/go-siphash/Makefile                  by patch
- devel/go-staticcheck/Makefile              by patch
- devel/go-swagger/Makefile                  by patch
- devel/go-sys/Makefile                      by patch
- devel/go-tools/Makefile                    by patch
- devel/go-wire/Makefile                    by patch
- devel/go-xerrors/Makefile                  by patch
- devel/golangci-lint/Makefile              by patch
- devel/golint/Makefile                      by patch
- devel/gomodifytags/Makefile                by patch
- devel/gopls/Makefile                      by patch
- devel/goredo/Makefile                      by patch
- devel/gotags/Makefile                      by patch
- devel/gotests/Makefile                    by patch
- devel/govulncheck/Makefile                by patch
- devel/lazygit/Makefile                    by patch
- devel/mob/Makefile                        by patch
- devel/nancy/Makefile                      by patch
- devel/opa/Makefile                        by patch
- devel/packr/Makefile                      by patch
- devel/reftools/Makefile                    by patch
- devel/regal/Makefile                      by patch
- devel/revive/Makefile                      by patch
- devel/shfmt/Makefile                      by patch
- devel/syft/Makefile                        by patch
- editors/micro/Makefile                    by patch
- filesystems/kubo/Makefile                  by patch
- graphics/gif2png/Makefile                  by patch
- lang/joker/Makefile                        by patch
- mail/opensmtpd-filter-rspamd/Makefile      by patch
- mail/opensmtpd-filter-senderscore/Makefile by patch
- mail/postforward/Makefile                  by patch
- misc/exercism/Makefile                    by patch
- net/amazon-ecs-cli/Makefile                by patch
- net/amfora/Makefile                        by patch
- net/bombadillo/Makefile                    by patch
- net/croc/Makefile                          by patch
- net/czds/Makefile                          by patch
- net/dnscontrol/Makefile                    by patch
- net/dnscrypt-proxy2/Makefile              by patch
- net/gh/Makefile                            by patch
- net/go-dnstap/Makefile                    by patch
- net/go-net/Makefile                        by patch
- net/go-websocket/Makefile                  by patch
- net/gunison/Makefile                      by patch
- net/gvproxy/Makefile                      by patch
- net/hub/Makefile                          by patch
- net/ipget/Makefile                        by patch
- net/kubectl/Makefile                      by patch
- net/libquic/Makefile                      by patch
- net/mangos/Makefile                        by patch
- net/nats-server/Makefile                  by patch
- net/obfs4proxy/Makefile                    by patch
- net/rclone/Makefile                        by patch
- net/stern/Makefile                        by patch
- net/syncthing/Makefile                    by patch
- net/terraform-provider-archive/Makefile    by patch
- net/terraform-provider-aws/Makefile        by patch
- net/terraform-provider-kubernetes/Makefile by patch
- net/terraform-provider-local/Makefile      by patch
- net/terraform-provider-null/Makefile      by patch
- net/terraform-provider-random/Makefile    by patch
- net/terraform-provider-template/Makefile  by patch
- net/terraform-provider-vultr/Makefile      by patch
- net/terraform/Makefile                    by patch
- net/tut/Makefile                          by patch
- net/vultr-cli/Makefile                    by patch
- pkgtools/pkglint/Makefile                  by patch
- security/2fa/Makefile                      by patch
- security/age/Makefile                      by patch
- security/amass/Makefile                    by patch
- security/authelia/Makefile                by patch
- security/cfssl/Makefile                    by patch
- security/dnsx/Makefile                    by patch
- security/go-asn1-ber/Makefile              by patch
- security/go-crypto/Makefile                by patch
- security/go-getpass/Makefile              by patch
- security/go-mkcert/Makefile                by patch
- security/gopass/Makefile                  by patch
- security/httpx/Makefile                    by patch
- security/nuclei/Makefile                  by patch
- security/oauth2c/Makefile                  by patch
- security/osv-scanner/Makefile              by patch
- security/subfinder/Makefile                by patch
- security/tlsx/Makefile                    by patch
- security/trufflehog/Makefile              by patch
- security/vault/Makefile                    by patch
- shells/elvish/Makefile                    by patch
- shells/oh-my-posh/Makefile                by patch
- sysutils/beats/Makefile                    by patch
- sysutils/consul/Makefile                  by patch
- sysutils/direnv/Makefile                  by patch
- sysutils/fzf/Makefile                      by patch
- sysutils/goreman/Makefile                  by patch
- sysutils/lf/Makefile                      by patch
- sysutils/node_exporter/Makefile            by patch
- sysutils/packer/Makefile                  by patch
- sysutils/podman/Makefile                  by patch
- sysutils/restic/Makefile                  by patch
- sysutils/vultr/Makefile                    by patch
- textproc/glow/Makefile                    by patch
- textproc/go-kr-text/Makefile              by patch
- textproc/go-md2man/Makefile                by patch
- textproc/go-mmark/Makefile                by patch
- textproc/go-text/Makefile                  by patch
- textproc/miller/Makefile                  by patch
- textproc/sift/Makefile                    by patch
- www/apisprout/Makefile                    by patch
- www/caddy/Makefile                        by patch
- www/gitea/Makefile                        by patch
- www/go-ffuf/Makefile                      by patch
- www/go-minify/Makefile                    by patch
- www/gotosocial/Makefile                    by patch
- www/grafana/Makefile                      by patch
- www/hugo/Makefile                          by patch
- www/jira-cli/Makefile                      by patch
- www/mycorrhiza/Makefile                    by patch
- www/pup/Makefile                          by patch
- www/restish/Makefile                      by patch
- www/shoutrrr/Makefile                      by patch

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Fri Nov 10 15:39:34 UTC 2023

  Modified Files:
  pkgsrc/lang/go: version.mk
  pkgsrc/lang/go120: PLIST distinfo
  pkgsrc/lang/go121: PLIST distinfo

  Log Message:
  Update go120 to 1.20.11 and go121 to 1.21.4 (security).

  These minor releases include 2 security fixes following the security policy:

  - path/filepath: recognize \??\ as a Root Local Device path prefix.

    On Windows, a path beginning with \??\ is a Root Local Device path equivalent
    to a path beginning with \\?\. Paths with a \??\ prefix may be used to access
    arbitrary locations on the system. For example, the path \??\c:\x is
    equivalent to the more common path c:\x.

    The filepath package did not recognize paths with a \??\ prefix as special.

    Clean could convert a rooted path such as \a\..\??\b into
    the root local device path \??\b. It will now convert this
    path into .\??\b.

    IsAbs did not report paths beginning with \??\ as absolute.
    It now does so.

    VolumeName now reports the \??\ prefix as a volume name.

    Join(`\`, `??`, `b`) could convert a seemingly innocent
    sequence of path elements into the root local device path
    \??\b. It will now convert this to \.\??\b.

    This is CVE-2023-45283 and https://go.dev/issue/63713.

  - path/filepath: recognize device names with trailing spaces and superscripts

    The IsLocal function did not correctly detect reserved names in some cases:

    reserved names followed by spaces, such as "COM1 ".
    "COM" or "LPT" followed by a superscript 1, 2, or 3.
    IsLocal now correctly reports these names as non-local.

    This is CVE-2023-45284 and https://go.dev/issue/63713.

  To generate a diff of this commit:
  cvs rdiff -u -r1.193 -r1.194 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/PLIST
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go120/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo

(spz)

#6816 #6818 #6819

(spz)

Pullup ticket #6819 - requested by gutteridge
audio/openal-soft: build fix

Revisions pulled up:
- audio/openal-soft/hacks.mk                                    1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Sun Oct 22 00:55:55 UTC 2023

  Added Files:
            pkgsrc/audio/openal-soft: hacks.mk

  Log Message:
  openal-soft: fix builds for aarch64 on NetBSD 9.x

  For aarch64, older NetBSD releases will end up pulling in GCC 10
  because of the C++20 requirement. We apply -mno-outline-atomics as one
  way of getting around linking issues that otherwise occur. (This was
  breaking 492 dependent builds.)

  To generate a diff of this commit:
  cvs rdiff -u -r0 -r1.1 pkgsrc/audio/openal-soft/hacks.mk

(spz)

Pullup ticket #6818 - requested by gutteridge
devel/libatomic; build fix

Revisions pulled up:
- devel/libatomic/hacks.mk                                      1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  gutteridge
  Date:          Tue Oct 17 02:01:43 UTC 2023

  Added Files:
            pkgsrc/devel/libatomic: hacks.mk

  Log Message:
  libatomic: fix aarch64 builds on NetBSD 9.x

  For aarch64, GCC expects a recent version of itself that accepts
  -mno-outline-atomics. Some packages pull in libatomic for aarch64,
  e.g., net/haproxy for __atomic_compare_exchange_16. (haproxy was
  compile tested after applying this fix.)

  To generate a diff of this commit:
  cvs rdiff -u -r0 -r1.1 pkgsrc/devel/libatomic/hacks.mk

(spz)

Pullup ticket #6816 - requested by bsiegert
lang/go121: security update
lang/go: metadata update

Revisions pulled up:
- lang/go/version.mk                                            1.191
- lang/go121/PLIST                                              1.3
- lang/go121/distinfo                                          1.3

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: bsiegert
  Date: Sun Oct 15 09:26:35 UTC 2023

  Modified Files:
  pkgsrc/lang/go: version.mk
  pkgsrc/lang/go121: PLIST distinfo

  Log Message:
  go121: update to 1.21.3 (security)

  1.21.3

  net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

  1.21.2

  cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

  To generate a diff of this commit:
  cvs rdiff -u -r1.190 -r1.191 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go121/PLIST pkgsrc/lang/go121/distinfo

(spz)

6811 6812

(spz)

Pullup ticket #6812 - requested by bsiegert
lang/go120: security update
lang/go: version info update
audio/gospt: RevBump
audio/ymuse: RevBump
chat/coyim: RevBump
chat/gomuks: RevBump
chat/matterircd: RevBump
chat/senpai: RevBump
chat/ssh-chat: RevBump
databases/go-ldap: RevBump
databases/influxdb: RevBump
databases/mongo-tools: RevBump
databases/mysqld_exporter: RevBump
databases/postgres_exporter: RevBump
databases/prometheus: RevBump
databases/promscale: RevBump
databases/sqlc: RevBump
databases/timescaledb-tune: RevBump
devel/asmfmt: RevBump
devel/conftest: RevBump
devel/errcheck: RevBump
devel/fq: RevBump
devel/git-lfs: RevBump
devel/go-ed25519: RevBump
devel/go-gocode: RevBump
devel/go-golang-lru: RevBump
devel/go-gopkgs: RevBump
devel/go-goptlib: RevBump
devel/go-goreturns: RevBump
devel/go-gox: RevBump
devel/go-impl: RevBump
devel/go-logrus: RevBump
devel/go-nbreader: RevBump
devel/go-pty: RevBump
devel/go-review: RevBump
devel/go-siphash: RevBump
devel/go-staticcheck: RevBump
devel/go-swagger: RevBump
devel/go-sys: RevBump
devel/go-tools: RevBump
devel/go-wire: RevBump
devel/go-xerrors: RevBump
devel/golangci-lint: RevBump
devel/golint: RevBump
devel/gomodifytags: RevBump
devel/gopls: RevBump
devel/goredo: RevBump
devel/gotags: RevBump
devel/gotests: RevBump
devel/govulncheck: RevBump
devel/lazygit: RevBump
devel/mob: RevBump
devel/nancy: RevBump
devel/opa: RevBump
devel/packr: RevBump
devel/reftools: RevBump
devel/regal: RevBump
devel/revive: RevBump
devel/shfmt: RevBump
devel/syft: RevBump
editors/micro: RevBump
filesystems/kubo: RevBump
graphics/gif2png: RevBump
lang/joker: RevBump
mail/opensmtpd-filter-rspamd: RevBump
mail/opensmtpd-filter-senderscore: RevBump
mail/postforward: RevBump
meta-pkgs/bulk-test-essential: RevBump
misc/exercism: RevBump
net/amazon-ecs-cli: RevBump
net/amfora: RevBump
net/bombadillo: RevBump
net/croc: RevBump
net/czds: RevBump
net/dnscontrol: RevBump
net/dnscrypt-proxy2: RevBump
net/gh: RevBump
net/go-dnstap: RevBump
net/go-net: RevBump
net/go-websocket: RevBump
net/gunison: RevBump
net/gvproxy: RevBump
net/hub: RevBump
net/ipget: RevBump
net/kubectl: RevBump
net/libquic: RevBump
net/mangos: RevBump
net/nats-server: RevBump
net/obfs4proxy: RevBump
net/rclone: RevBump
net/stern: RevBump
net/syncthing: RevBump
net/terraform-provider-archive: RevBump
net/terraform-provider-aws: RevBump
net/terraform-provider-kubernetes: RevBump
net/terraform-provider-local: RevBump
net/terraform-provider-null: RevBump
net/terraform-provider-random: RevBump
net/terraform-provider-template: RevBump
net/terraform-provider-vultr: RevBump
net/terraform: RevBump
net/tut: RevBump
net/vultr-cli: RevBump
pkgtools/pkglint: RevBump
security/2fa: RevBump
security/age: RevBump
security/amass: RevBump
security/authelia: RevBump
security/cfssl: RevBump
security/dnsx: RevBump
security/go-asn1-ber: RevBump
security/go-crypto: RevBump
security/go-getpass: RevBump
security/go-mkcert: RevBump
security/gopass: RevBump
security/httpx: RevBump
security/nuclei: RevBump
security/oauth2c: RevBump
security/osv-scanner: RevBump
security/subfinder: RevBump
security/tlsx: RevBump
security/trufflehog: RevBump
security/vault: RevBump
shells/elvish: RevBump
shells/oh-my-posh: RevBump
sysutils/beats: RevBump
sysutils/consul: RevBump
sysutils/direnv: RevBump
sysutils/fzf: RevBump
sysutils/goreman: RevBump
sysutils/lf: RevBump
sysutils/node_exporter: RevBump
sysutils/packer: RevBump
sysutils/podman: RevBump
sysutils/restic: RevBump
sysutils/vultr: RevBump
textproc/glow: RevBump
textproc/go-kr-text: RevBump
textproc/go-md2man: RevBump
textproc/go-mmark: RevBump
textproc/go-text: RevBump
textproc/miller: RevBump
textproc/sift: RevBump
www/apisprout: RevBump
www/caddy: RevBump
www/gitea: RevBump
www/go-ffuf: RevBump
www/go-minify: RevBump
www/gotosocial: RevBump
www/grafana: RevBump
www/hugo: RevBump
www/jira-cli: RevBump
www/mycorrhiza: RevBump
www/pup: RevBump
www/restish: RevBump
www/shoutrrr: RevBump

Revisions pulled up:
- lang/go/version.mk                                            1.190,1.192
- lang/go120/PLIST                                              1.9
- lang/go120/distinfo                                          1.10-1.11

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sat Oct  7 18:09:35 UTC 2023

  Modified Files:
          pkgsrc/lang/go: version.mk
          pkgsrc/lang/go120: PLIST distinfo

  Log Message:
  go120: update to 1.20.9 (security).

  cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

  View the release notes for more information:
  https://go.dev/doc/devel/release#go1.20.9

  To generate a diff of this commit:
  cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Sun Oct 15 11:02:08 UTC 2023

  Modified Files:
          pkgsrc/lang/go: version.mk
          pkgsrc/lang/go120: distinfo

  Log Message:
  go120: update to 1.20.10 (security)

  net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

  To generate a diff of this commit:
  cvs rdiff -u -r1.191 -r1.192 pkgsrc/lang/go/version.mk
  cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go120/distinfo

(spz)

Pullup ticket #6811 - requested by bsiegert
textproc/libcue: security patch

Revisions pulled up:
- textproc/libcue/Makefile                                      1.2
- textproc/libcue/distinfo                                      1.4
- textproc/libcue/patches/patch-cd.c                            1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Mon Oct  9 17:35:38 UTC 2023

  Modified Files:
          pkgsrc/textproc/libcue: Makefile distinfo
  Added Files:
          pkgsrc/textproc/libcue/patches: patch-cd.c

  Log Message:
  libcue: add fix for CVE-2023-43641

  Bump PKGREVISION

  To generate a diff of this commit:
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/libcue/Makefile
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libcue/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libcue/patches/patch-cd.c

(spz)

#6776

(spz)

Pullup ticket #6776 - requested by bsiegert
print/ghostscript-agpl: security update

Revisions pulled up:
- print/ghostscript-agpl/Makefile                              1.77
- print/ghostscript-agpl/Makefile.common                        1.30
- print/ghostscript-agpl/distinfo                              1.45

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Mon Jun 26 11:27:25 UTC 2023

  Modified Files:
          pkgsrc/print/ghostscript-agpl: Makefile Makefile.common distinfo

  Log Message:
  ghostscript-agpl: updated to 10.01.2

  Version 10.01.2 (2023-06-21)

  Highlights in this release include:

  We've continued to improve the performance of the PDF interpreter
  written in C and improve it's behaviour in edge and
  out-of-specification cases.
  Our efforts in code hygiene and maintainability continue.
  The usual round of bug fixes, compatibility changes, and incremental
  improvements.
  (9.53.0) We have added the capability to build with the Tesseract OCR
  engine. In such a build, new devices are available
  (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image,
  OCR that image, and output the image "wrapped" up as a PDF file, with
  the OCR generated text information included as "invisible" text (in
  PDF terms, text rendering mode 3).

  To generate a diff of this commit:
  cvs rdiff -u -r1.76 -r1.77 pkgsrc/print/ghostscript-agpl/Makefile
  cvs rdiff -u -r1.29 -r1.30 pkgsrc/print/ghostscript-agpl/Makefile.common
  cvs rdiff -u -r1.44 -r1.45 pkgsrc/print/ghostscript-agpl/distinfo

(spz)

#6761

(spz)

Pullup ticket #6761 - requested by bsiegert
print/cups-base: security fix

Revisions pulled up:
- print/cups-base/Makefile                                      1.57
- print/cups-base/distinfo                                      1.33
- print/cups-base/patches/patch-cups_string.c                  1.1

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Thu Jun  1 11:39:33 UTC 2023

  Modified Files:
          pkgsrc/print/cups-base: Makefile distinfo
  Added Files:
          pkgsrc/print/cups-base/patches: patch-cups_string.c

  Log Message:
  cups-base: fix security problem.

  Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.56 -r1.57 pkgsrc/print/cups-base/Makefile
  cvs rdiff -u -r1.32 -r1.33 pkgsrc/print/cups-base/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/print/cups-base/patches/patch-cups_string.c

(spz)

doc: added net/iana-enterprise-numbers, updated sysutils/ipmitool

(spz)

update ipmitool to version 1.8.19
fixes CVE-2020-5208

upstream changelog:
version 1.8.19 2022-08-31
        * Cast type before the left shift
        * sel: Fix the deasserted thresholds inequality
        * man: Update the text for -C option
        * chassis restart_cause: Add new causes
        * sel: Remove redundant "Reserve SEL"
        * zero initialize the recv structure on the stack
        * zero initialize the recv structure on the stack
        * ci: Add support for MacOS-11
        * ci: Remove ubuntu-16.04 support
        * sdr: Fix modifier unit
        * Fix compile error
        * Refactor bridging level detection to dedicated function
        * Fix double bridge detection in get_max_(req|rsp)_data_size()
        * ipmi_mc: Fix the IPM_DEV_FWREV1_MAJOR_MASK
        * helper: Fix stderr file descriptor
        * Fix codefactor-io / CodeFactor warnings
        * Use /run instead of /var/run
        * oem: Update product IDs for YADRO
        * lan: Add processing of get/set specific CCs
        * lan: Refactor pointer style
        * doc: update lanplus doc to reflect default cipher suite change
        * ekanalyzer: Fix internal use area off-by-one bug
        * ekanalyzer frushow: Fix internal area size calc
        * sel: Fix "power supply inactive" flag offset
        * ci: Add support for Ubuntu 20.04
        * ci: Fix Ubuntu builds
        * Fix compiler warning
        * Fix compiler warning
        * Fix compiler warning
        * ci: Update for GitHub Actions v2.274.2
        * free: Fix implicit function declarations
        * Use "#pragma once" for headers
        * Remove unneeded execution bits from C source files and a header file
        * Convert line endings to LF
        * Fixed compiler warning.
        * RPM support: fixed broken build due to use of headers from kernel
        * imbapi: replace __FUNCTION__ to eleminate compiler warnings
        * lanplus: remove unused variable
        * hpmfwupg: Clean up / refactor
        * fru: Fix crashes on 6-bit ASCII strings
        * oem: Add product ID for YADRO VEGMAN
        * configure.ac: add '--location' for curl to follow location
        * configure.ac: replace '-#' by '--progress-bar' with curl
        * Add version info to debug output
        * doc, ci: Fix an error in package name for Windows
        * doc: Fix a small typo in INSTALL
        * RPM support: updated spec file changelog
        * RPM support: simplified build process
        * RPM support: fixed broken RPM build
        * doc: Update INSTALL with Windows info
        * ci: Add Windows/cygwin config
        * doc: Update INSTALL for new CI
        * ci: Add github workflow, drop travis
        * Fix compatibility with OpenBSD and macOS
        * dist: Fix dependencies and cleanup
        * dist: Add missing ipmi_time.h header to packaging
        * configure: Fix compatibility with non-bash systems
        * Finalize refactoring of string comparisons
        * channel: Refactor set_user_access option processing
        * Refactor string comparisons
        * sel: Fix OEM record definition example
        * sdr: harden against bad records
        * fru: fix memory leak in ipmi_spd_print_fru
        * ipmi_sel_set_time: fix strptime() return check
        * hpm: use portable __max() in hpmfwupg
        * hpmfwupg: move variable definition to .c file
        * sel: time: fix null pointer dereference in set
        * fru, sdr: Fix id_string buffer overflows
        * lanp: Fix buffer overflows in get_lan_param_select
        * channel: Fix buffer overflow
        * session: Fix buffer overflow in ipmi_get_session_info
        * fru: Fix buffer overflow in ipmi_spd_print_fru
        * fru: Fix buffer overflow vulnerabilities
        * configure: Drop requirement for curses et. al libs
        * configure: remove some duplicate code
        * doc: Update INSTALL to fix installation errors
        * ipmi_dcmi: fix typo in nm_policy_options initialization.
        * Docs: Add info on packages to install on Ubuntu 16.04
        * chassis: Refactor to get rid of strncmp()
        * chassis: Refactor main for centralized exiting
        * chassis: bootdev: Refactor more
        * chassis: bootdev: Refactor to reduce nesting
        * chassis: bootdev: Fix help message and its formatting
        * chassis: bootparam/bootdev: Refactor for less magic
        * oem: supermicro: Add product codes from IPMICFG
        * doc: Update man page regarding `user set password`
        * user: Cleanup/refactor ipmi_user_password()
        * user: Improve password length handling
        * user: Alter "set password" usage information
        * intf: Add missing function declarations
        * doc: fix URL in README
        * event: Clean up event sending from a file
        * event: Clean up the event sending code
        * event: Fix event submission via SSIF
        * make: Use DESTDIR to install IANA PEN database
        * lanplus: Fix embedded bridged responses handling
        * Update .gitignore
        * mc: Fix reporting of manufacturers > 64K
        * Add installation of enterprise-numbers database
        * Update documentation in regard to IANA PEN registry
        * Use configurable path to IANA PEN registry
        * Load IANA PEN registry from a file
        * dbus: Replace obsolete INCLUDES with AM_CPPFLAGS
        * oem: name change from Newisys to Viking Enterprise Solutions
        * Fix default interface to behave as it did before
        * man: Add documentation for chassis bootmbox
        * man: Update the chassis bootparam section
        * chassis: Add boot initiator mailbox support
        * chassis: Use command-specific completion code parser
        * Add support for command-specific completion codes
        * Add a helper htoipmi24() function
        * Add a helper args2buf() function
        * man: Cleanup the manpage formatting tags
        * create_pen_list: only print if values are set
        * chassis: Refactor to reduce code duplication
        * sdr: Fix segfault on invalid unit types
        * vendor: Add YADRO TATLIN Storage Controller ID
        * exchange-bmc-os-info: Remove dependency on ipmi.service
        * Add mechanism to configure to set the default interface
        * ci: Update INSTALL to reflect recent changes
        * ci: Set up matrix builds with Travis CI
        * Enable Travis build of D-Bus interface
        * add OpenBMC D-Bus interface
        * Fix "ipmitool pef {status,info}" not printing final newline
        * Remove unused include
        * Fix IPMI DCMI message typo
        * open: swap free() calls for free_n()
        * open: checking received msg id against expectation
        * open: fix whitespace
        * Refactor free_n() function
        * fru: swap free() calls for free_n()
        * fru: Fix write chunk reduction code
        * fru: add macro FRU_AREA macros
        * fru: replace magic return codes with macros
        * fru header: add return error codes specific to fru
        * fru: fix ipmi_fru_picmg_ext_edit as bool
        * fru: use bool with ipmi_fru_oemkontron_edit
        * fru: change ipmi_fru_query_new_value to return bool
        * fru: mark ipmi_fru_query_new_value as static
        * fru: add fru_cc_rq2big helper method for code checks
        * fru: cleanup ipmi_fru_upg_ekeying
        * fru: use ipmi_cc defined maros for return codes
        * fru: drop extraneous parentheses on negative returns
        * fru: delete unused variable matchInstance
        * fru: cleanup ipmi_fru_oemkontron_get
        * fru: fixup array bounds checking
        * hpm: Adhere to centralized exiting
        * hpm: Minor refactoring
        * hpm: Fix resource leak
        * sol: Make interface timeout obey the -N option
        * helper: add free_n method to handle clearing pointers
        * cygwin: imb: Fix build error (wchar_t)
        * lanplus: Fix segfault for truncated dcmi response
        * Move led color static array to source file
        * drop unused static arrays
        * move static objects to source file
        * cleanup all unused-parameter warnings
        * use __UNUSED__ macro instead of gcc specific attribute
        * implement __UNUSED__ macro for marking unused
        * Add .dirstamp to .gitignore
        * fru: Fix processing of unspecified board mfg. date
        * [compiler-warnings-fixes] use correct fall through comment
        * [compiler-warnings-fixes] ipmi_start_daemon: check return values
        * [compiler-warnings-fixes] ipmi_sdr.c: remove unused function parameters
        * lan: Fix processing disabled VLAN
        * Make ipmitool respect system locale settings
        * Fix strftime() non-literal argument warning
        * Refactor timestamp handling
        * doc: Update manpage with new contact info
        * lanplus: Refactoring
        * lanplus: Fix -C option processing
        * lanplus: Auto-select 'best' cipher suite available
        * lanplus: Fix compile with deprecated APIs disabled.
        * doc: Update home page links
        * doc: Update formatting of ipmitool man page
        * sensor: Refactor ipmi_sensor_print_fc_threshold()
        * sensor: Add support for csv output
        * plugins: open: Properly enable event receiver (#35)
        * lan: Refactoring: Remove unused function
        * general: Get rid of some unused parameter warnings
        * mc: guid: Implement encoding autodetection
        * mc: guid: Fix timestamp decoding
        * mc: guid: Add support for non-standard encodings
        * mc: guid: Fix byte ordering to follow IPMI spec
        * Refactoring: optimize pointer checks
        * imb: Refactoring: remove duplicate code
        * Refactoring: get rid of superfluous comparisons
        * Refactoring. Improve code reuse ratio.
        * general: Fix several misspellings
        * mc: Fix compiler warnings
        * general: Add array_byteswap() to helper
        * lanplus: Make byteswapping generic
        * framework: Update .gitignore
        * framework: Switch to C11 standard with GNU extensions
        * framework: ci: Add support for Travis CI
        * oem: Add basic support for Quanta
        * intf: Refactoring. Remove unused sendrsp()
        * dummy: Add default dummy socket
        * mc: Fix manufacturer ID masking
        * Refactoring. Remove useless feature test macros.
        * general: Make byteswapping arch-independent
        * sel: Minor refactoring
        * sdr: Refactor/optimize code. No functional changes.
        * Add an option to display all dates in UTC
        * mc: Code refactor to reduce copy-paste ratio
        * mc: watchdog set: Refactor to reduce complexity
        * mc: watchdog set: Fix intr setting
        * mc: watchdog get: Update to match IPMI 2.0 spec
        * mc: watchdog: Add `set` command
        * framework: Make git ignore cscope.out
        * plugins/open: Fix for interrupted select
        * nm: Fix policy range (#12)
        * Replace user_id masks with a macro (#8)
        * fru: internaluse: Fix segmentation fault (#9)
        * dcmi: Refactor
        * ID:508 - Fix segfaults in dcmi command handlers
        * vendor: Add YADRO VESNIN identification
        * ID:491 - Fetch vendor IDs from IANA
        * ID:472 - Fix The Most recent Addition/Erase date
        * ID:480 - Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup()
        * ID:480 - ipmitool coredumps in EVP_CIPHER_CTX_init
        * Make git revision more descriptive
        * ID:477 - fru: Fix decoding of non-text data in get_fru_area_str()
        * ID:479 - ekanalyzer: fix processing of custom mfg. fields
        * ID:478 - ekanalyzer: Fixed decoding of FRU fields
        * Add some more configure/build/editor byproducts to .gitignore
        * Add git hash and dirty mark to ipmitool version
        * Prevent autoreconf from complaining about missing NEWS
        * Add bootstrap support for Mac
        * ID:474 - Compile fix on nonlinux systems
        * ID:461 - Make compiler happier about changes related to OpenSSL 1.1
        * ID:461 - OpenSSL 1.1 compatibility - "error: storage size of 'ctx' isn't known"

(spz)

the package name better copy the subdir name

(spz)

add a package for the IANA Private Enterprise Numbers (PENs), see RFC 9371

(spz)

pullups 6756, 6757, 6758 and 6759

(spz)

Pullup ticket #6759 - requested by he
security/gnutls: build fix

Revisions pulled up:
- security/gnutls/Makefile                                      1.240

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: he
  Date: Sun May 14 08:11:51 UTC 2023

  Modified Files:
  pkgsrc/security/gnutls: Makefile

  Log Message:
  gnutls: require minimum gcc 6, and indicte use of c++11.

  The in-tree compiler on NetBSD/macppc 8.0 (gcc 5 based)
  fails to build this package, with what now looks like a
  bug in gcc 5.
  Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.239 -r1.240 pkgsrc/security/gnutls/Makefile

(spz)

Pullup ticket #6758 - requested by taca
www/drupal7: security update

Revisions pulled up:
- www/drupal7/Makefile                                          1.79
- www/drupal7/distinfo                                          1.63

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon May  1 14:34:00 UTC 2023

  Modified Files:
  pkgsrc/www/drupal7: Makefile distinfo

  Log Message:
  www/drupal7: update to 7.97

  7.96 (2023-04-19)

  This is a security release of the Drupal 7 series.

  This release fixes security vulnerabilities.  Sites are urged to update
  immediately after reading the notes below and the security announcements:

  * Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

  No other fixes are included.

  7.97 (2023-04-21)

  This is a "hotfix" release to address a PHP 5.x regression caused by
  SA-CORE-2023-005.

  Changes since 7.96:

  * #3355216 by poker10: Fix PHP 5.x regression caused by ::class constant

  To generate a diff of this commit:
  cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/drupal7/Makefile
  cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/drupal7/distinfo

(spz)

Pullup ticket #6757 - requested by dholland
archivers/zstd: build fix

Revisions pulled up:
- archivers/zstd/distinfo                                      1.36
- archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S 1.1

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: dholland
  Date: Sun Apr 30 01:39:20 UTC 2023

  Modified Files:
  pkgsrc/archivers/zstd: distinfo
  Added Files:
  pkgsrc/archivers/zstd/patches:
      patch-lib_decompress_huf__decompress__amd64.S

  Log Message:
  PR 57383 Mike Owens: zstd assembler bug on SPARC

  Put amd64 assembler directives inside the amd64 ifdefs so they don't
  get assembled on other targets.

  To generate a diff of this commit:
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/archivers/zstd/distinfo
  cvs rdiff -u -r0 -r1.1 \
      pkgsrc/archivers/zstd/patches/patch-lib_decompress_huf__decompress__amd64.S

(spz)

Pullup ticket #6756 - requested by taca
devel/git-base: security update
devel/git: version update

Revisions pulled up:
- devel/git-base/Makefile                                      1.104
- devel/git-base/distinfo                                      1.133
- devel/git/Makefile.version                                    1.117

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: adam
  Date: Wed Apr 26 08:44:38 UTC 2023

  Modified Files:
  pkgsrc/devel/git: Makefile.version
  pkgsrc/devel/git-base: Makefile distinfo

  Log Message:
  git: updated to 2.40.1

  Git v2.40.1 Release Notes
  ============
  This release merges up the fix that appears in v2.30.9, v2.31.8,
  v2.32.7, v2.33.8, v2.34.8, v2.35.8, v2.36.6, v2.37.7, v2.38.5
  and v2.39.3 to address the security issues CVE-2023-25652,
  CVE-2023-25815, and CVE-2023-29007; see the release notes for these
  versions for details.

  To generate a diff of this commit:
  cvs rdiff -u -r1.116 -r1.117 pkgsrc/devel/git/Makefile.version
  cvs rdiff -u -r1.103 -r1.104 pkgsrc/devel/git-base/Makefile
  cvs rdiff -u -r1.132 -r1.133 pkgsrc/devel/git-base/distinfo

(spz)

inn has been updated

(spz)

update inn to 2.7.1
adding canlock option kudos micha@

upstream changelog:
Changes in 2.7.1 (2023-04-16)

    * Added a new *groupexactcount* parameter in readers.conf to force nnrpd
      to report the exact number of still existing articles in newsgroups
      instead of an estimated count.  When the estimated number of articles
      is strictly below *groupexactcount* (set to 5 by default), nnrpd now
      recounts them and reports the actual value (articles that have been
      cancelled or overwritten in self-expiring CNFS buffers may otherwise
      still be counted in the estimate).  News clients will then be directly
      aware of empty newsgroups; they would otherwise have tried to retrieve
      possible articles, to finally not show anything to the user.

    * Programs sending mails now include, when appropriate, an
      Auto-Submitted header field in the message headers (either set to
      "auto-generated" or "auto-replied", following the recommendation in
      RFC 3834).  Thanks to Harald Dunkel for this suggestion which will for
      instance help to avoid unnecessary vacation replies.

    * Added a new -a option to innmail to specify additional header fields
      to add in the headers of messages.  This is notably used to internally
      support the addition of the Auto-Submitted header field in outgoing
      mails.

    * Added new ovsqlite-util program to perform some basic consistency
      checks and dump operations on an overview database using the ovsqlite
      method.  More checks and features will be added in future releases.
      You'll need the "DBI" Perl module with the "DBD::SQLite" driver
      installed on your system to use this program.

    * Added TLS support in pullnews for connections to upstream servers
      configured in pullnews.marks, and to the downstream server in the
      existing -s flag.  A port can now also be specified for connections to
      upstream servers (it was already possible for the downstream server
      only).

    * Added a new -L option to pullnews to specify the largest wanted
      article size in bytes.  Articles whose size exceeds that value will no
      longer be downloaded by pullnews.

    * pullnews now detects a socket timeout while downloading articles from
      a remote peer.  The download gracefully stops, and another attempt can
      be automatically made according to the setting given with the -t flag.
      Thanks to Jesse Rehmer for the bug report.

    * Fixed the generation and the handling of storage tokens on wrapped
      CNFS buffers, thanks to bug reports from Kamil Jonca:

      * Duplicate entries were returned by makehistory on fully wrapped
        cyclic buffers (the first article of the cyclic buffer appeared
        twice in the output).

      * The first article of a fully wrapped cyclic buffer was removed too
        soon from history (expire wrongly thought its storage token was no
        longer existing after a wrap).

      * The first article of the previous cycle number of a cyclic buffer
        containing articles from two different cycle numbers was wrongly
        considered by makehistory to belong to the current cycle number.

    * innd no longer dies when a newsfeeds entry has an unexpected trailing
      whitespace.

    * The size of duplicated articles was counted twice in totals, average
      article sizes and graphs by innreport, when parsing innd checkpoints.
      Thanks to Hauke Lampe for the patch to count it only once.

    * Customizing the domain part of Message-IDs generated by nnrpd and the
      server name indicated in Injection-Info header fields is now easier:
      the *domain* parameter in the access blocks of readers.conf can be
      directly used (without needing to set *virtualhost* as it was
      previously the case).

    * If the *domain* parameter is set in inn.conf or in a readers.conf
      access block, and has invalid characters, or if the fully qualified
      domain name (FQDN) of the news server has invalid characters when
      *domain* is unset, a fatal error is now reported at startup.  It is a
      basic configuration error which otherwise leads to the generation of
      invalid article Message-IDs.

    * Improved the speed of article searches with HDR, LAST, NEXT, and XPAT
      commands when there is a (huge) gap in article numbers.  On newsgroups
      with several millions of consecutive missing articles (which is a rare
      situation), these commands could take several seconds to run.

    * Incoming articles in newsgroups that have exceeded the maximum number
      of articles they can contain (2^31-1) are now correctly rejected.  INN
      was otherwise happily accepting them but either numbers returned in
      NNTP responses were not right, or some news clients choked when
      receiving unexpected large article numbers.  (The current version of
      the NNTP protocol only allows article numbers up to 2^31-1.)

    * Fixed the renumbering of reported low water marks for empty newsgroups
      in active after overview expiration, when using the ovsqlite method.
      They were set to 1 for empty newsgroups whereas they were not supposed
      to decrease.  (These reported low water marks regained their expected
      values during the next overview expiration, provided that the
      newsgroup was no longer empty.)

    * The reported high water mark of empty newsgroups is now correctly set
      to one less than the reported low water mark in overview data.
      (Previously, the reported low water mark was set to one more than the
      reported high water mark.)

    * Fixed the output of the "ctlinnd feedinfo ''" command that was
      returning information only for the first site, and the output of the
      "ctlinnd name channel" command that was returning partial information
      for the requested channel.

    * The build of external programs which include inn/storage.h was failing
      because of the unexpected inclusion of config.h in one of the included
      headers.  Also, a few Autoconf results were not correctly made
      available to external programs.  This is now fixed.

    * Fixed the build on systems whose default shell does not completely
      meet the Posix standard.  A few build scripts were run with the
      default shell instead of the one found by Autoconf and afterwards used
      for INN.

    * Use standard daemon(3) C function, when available, to daemonize innd,
      nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific
      function.

Upgrading from 2.6 to 2.7

    The following changes require your full attention because a manual
    intervention may be needed:

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption* as it applies to any kind of encryption layers,
      including TLS and SASL security layers.  Since innupgrade only takes
      care of the change in the file named readers.conf, you will have to
      manually rename that parameter in configuration files for nnrpd with
      an alternate name.

    * The innreport.conf file in *pathetc* has been split into a general
      configuration file (innreport.conf itself) and a display configuration
      file (innreport-display.conf in *pathlib*).  If you made local changes
      in sections other than the *default* section in innreport.conf, and
      wish to keep them, then you need renaming the new
      innreport-display.conf file to another name in *pathlib*, setting this
      local file name in the new *display_conf_file* option in
      innreport.conf, and re-applying your local changes to that local
      display configuration file.

      As a matter of fact, the default display configuration file would
      otherwise be overwritten each time INN is updated.  Bug fixes or
      enhancements are made from time to time to the display configuration
      of innreport, and previously couldn't be automatically be merged in
      innreport.conf on update.  This new separate configuration file to
      parameterize the display will now permit an automatic update (if of
      course you use the default display configuration file).

    * A new inn-secrets.conf configuration file has been added in *pathetc*.
      The intent is that, from now on, new secrets used by INN are added to
      that file, and that all secrets currently stored in several other
      configuration files eventually move to that file.  Make sure it is
      properly created during the upgrade, and not world-readable.  It
      currently only stores the secrets used for the new Cancel-Lock
      functionality.

    * The -C flag given to innd to disable the execution of cancels has been
      deprecated and is no longer taken into account (an error message will
      be present in your logs if innd is started with it).  Instead, a new
      parameter has been added in inn.conf to tune the types of cancels innd
      should process.  If *docancels* is set to "require-auth", which is the
      default if INN has Cancel-Lock support, only articles originally
      protected by the Cancel-Lock authentication mechanism can be withdrawn
      by a valid authenticated cancel article or a valid authenticated
      supersede request.  Withdrawals of articles not originally protected
      by Cancel-Lock will not be executed.  See inn.conf(5) for more details
      about the different values of the new *docancels* parameter, and make
      sure to parameterize it according to your needs.

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  The first was performing an inefficient and
      inexact check (that should be done, if wanted, in the special "ME"
      entry in newsfeeds, or even better, ask your peers not to feed you
      articles with "cyberspam" in the Path header field body); the second
      check performed on the newsgroups present in cancel articles was not
      useful in innd (this check is relevant to posting agents).

      The related lines in inn.conf will be commented by innupgrade during
      the upgrade.

    * The XBATCH command is no longer enabled by default in innd.  You'll
      have to explicitly enable that capability by setting the new *xbatch*
      parameter to true in incoming.conf for the peers sending you such
      compressed batches.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been
      removed.  innupgrade will take care of the changes (inverting the
      boolean values, and commenting the lines with removed parameters).

    * filechan is no longer shipped with INN; it was just a simple version
      of buffchan.  All calls to "filechan" will be changed to "buffchan -u"
      (for its unbuffered mode) in newsfeeds by innupgrade.  If you have
      local scripts running filechan, you will have to manually take care of
      the change.

    * send-nntp is no longer shipped with INN.  If you have local scripts
      running it, you will have to manually adjust them to use nntpsend
      which basically does the same thing, better.  Or, even greater, use
      innfeed if that is possible.

    * Wrappers around old Perl and Python authentication and access hooks,
      pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and
      *nnrppythonauth* parameters in inn.conf, are no longer shipped as
      samples in INN releases.  If not already done, you should either
      replace old hooks with new modern hooks or use the possibilities that
      readers.conf and regular authenticator and resolver programs offer.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.  External programs building or linking
      against them need a manual change.

    If you are upgrading from a version prior to INN 2.6, see also
    "Upgrading from 2.5 to 2.6".

Changes in 2.7.0 (2022-07-10)

    * Upgrading to a major release is a good time to ensure that your
      configuration files, that are usually kept untouched during normal
      updates, are up-to-date: notably control.ctl (with your local changes
      in a separate control.ctl.local file), new better default values in
      inn.conf and innfeed.conf, improvements in innreport.conf (along with
      innreport-display.conf) and innreport.css, fixes in innwatch.ctl,
      updated moderators and nocem.ctl files.

      You may also want to check that the PGP keys used to verify the
      signature of control articles and NoCeM notices are still up-to-date
      and working.  The keys of a few hierarchies and NoCeM issuers have
      recently changed.

    * Bo Lindbergh has implemented a new overview storage method based on
      SQLite, known for its long-term stability and compatibility.  Robust
      and faster at reading ranges of overview data, but somewhat slower at
      writing, this new SQLite-based method is a perfect choice to store
      overview data.

      To select it as your overview method, set the *ovmethod* parameter in
      inn.conf to "ovsqlite".  Details about ovsqlite, the ovsqlite.conf
      configuration file and how to switch to that new modern overview
      storage method can be found in the ovsqlite(5) and makehistory(8) man
      pages.

    * Julien Elie has implemented Cancel-Lock support in innd and nnrpd,
      based on RFC 8315 and libcanlock.  A new inn-secrets.conf
      configuration file has been added in *pathetc* wherein you can set the
      secrets to use for Cancel-Lock.  See the inn-secrets.conf(5) man page
      for more details.

      A new -F flag is recognized by innconfval to indicate the type of file
      to parse (by default, "inn.conf"); just run "innconfval -F
      inn-secrets.conf" to get the values of that new configuration file.
      Another new flag, -f, permits specifying another file name to parse
      than the standard one.

      The *addcanlockuser* parameter has been added in readers.conf to
      deactivate the generation of user-specific hashes when several
      different posters have the same identity in an access group.  This
      parameter also permits setting whether the hash, when generated, is
      based on the username or the (static) IP of the connection.

    * Added a new tool, gencancel, to help the news administrator generate
      authenticated cancel control messages, with the expected admin
      Cancel-Key hashes.  See the gencancel(1) man page for more details.

    * A new *docancels* parameter has been added in inn.conf to define which
      types of cancels innd should process.  The -C flag given to innd is
      deprecated in favour of that new parameter (you'll see in your logs
      the message "innd -C flag has been deprecated and has no effect; use
      docancels in inn.conf" in case you're passing that flag to innd).

    * Andreas Kempe has implemented blacklistd support in nnrpd.  This
      daemon, available notably in FreeBSD and NetBSD, can be used to
      prevent brute force attacks by blocking attackers after a number of
      failed login attempts.  When nnrpd is run with the new -B flag, and
      INN has been configured with the new --with-blacklist option, it will
      report login attempts to the blacklistd daemon for potential blocking.

    * Building INN with TLS support using LibreSSL is now supported (only
      OpenSSL was previously officially supported and tested).

    * Fixed the parsing of *hosts* and *localaddress* parameters in
      readers.conf; exclusion patterns (beginning with "!") have not been
      working since INN 2.5.0.

    * Improved the robustness of innxmit when receiving 500 or 501 response
      codes from peers, indicating they do not understand the NNTP command
      or (wrongly) think there is a syntax error.  Richard Kettlewell added
      a proper handling of these responses, making innxmit dropping the
      refused article instead of keeping sending it over and over (and thus
      receiving each time the same error in response codes).

    * innreport now collects statistics from innxbatch and generates a
      section for them in its reports.

    * The innreport.conf file in *pathetc*, previously containing almost
      2500 lines, has been split into a general configuration file
      (innreport.conf itself, still in *pathetc*, with about 60 lines) and a
      display configuration file (innreport-display.conf, a new separate
      file in *pathlib*).  The name of this display configuration file can
      be parameterized in the new *display_conf_file* option in
      innreport.conf.

    * The -m flag given to mailpost now sets a List-ID header field instead
      of a Mailing-List header field.

    * rc.news, used to start and stop INN daemons, now checks whether it is
      run as the news user.  It will exit if not the case, to ensure not to
      tamper with the ownership of files INN manipulates.

    * filechan has been removed; it was just a simple version of buffchan,
      which should now be used.

    * send-nntp has been removed; it was just a simple version of nntpsend,
      which should now be used (or, even better, innfeed).

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  Besides, inews no longer checks if the From or
      Sender header fields of a cancel or supersede request match the ones
      of the original article being withdrawn.  All of these were either
      inefficient or inexact checks.

    * The *xbatch* parameter has been added in incoming.conf to enable the
      XBATCH command in innd for specific remote peers.  The default is to
      disable the capability.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been
      removed.

    * inews no longer adds a Sender header field nor overwrites an existing
      one in articles it processes if the new -P flag is used.  The Path
      header field, if unset, no longer systematically contains the path
      identity of the local news server (you may want to add it manually
      with the -x flag, if needed).  Finally, inews also no longer adds the
      obsolescent Lines header field.

    * A new -E flag can now be given to inews to silently discard empty
      articles, instead of bailing out with an error.  Another new -m flag
      permits setting the Message-ID instead of letting inews generate one.
      And a third new flag, -Y, forces inews to authenticate to the remote
      news server even if not asked to.

    * signcontrol has been removed as it embeds per-site configuration which
      is overwritten each time INN is updated to a newer version, and it is
      unlikely you ever need it.  Nonetheless, if you need to issue
      PGP-signed control messages, you can still download it from
      <https://ftp.isc.org/pub/pgpcontrol/>.

    * Support in controlchan for obsolete *sendsys*, *senduuname* and
      *version* control messages has been removed.  These control messages,
      long been deprecated, should no longer be sent nor honoured nowadays.
      Besides, the "doifarg" keyword in control.ctl is no longer recognized
      (it was only used for these three kinds of control messages).

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption*, which is a better name as it applies to any kind
      of encryption layers, including TLS and SASL security layers.

    * Fixed the use of a deprecated API in Kerberos V5.  INN now requires
      version 1.6.1 or higher of MIT Kerberos v5 to build.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.

    * All of the applicable bug fixes from the INN 2.6 STABLE series are
      also included in INN 2.7.

(spz)

a requisite to py-qt6, shamelessly copied from py-sip-qt5 with
version adjustments

(spz)

#6745-#6749

(spz)

Pullup ticket #6749 - requested by taca
textproc/ruby-kramdown-rfc2629: dependency fix

Revisions pulled up:
- textproc/ruby-kramdown-rfc2629/Makefile                      1.20

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Apr  1 10:14:21 UTC 2023

  Modified Files:
  pkgsrc/textproc/ruby-kramdown-rfc2629: Makefile

  Log Message:
  textproc/ruby-kramdown-rfc2629: remove reference to json_pure gem

  Remove reference to json_pure gem and add json gem.

  The problem was reporeted by riastradh@ via private e-mail.

  Bump PKGREVISION.

  To generate a diff of this commit:
  cvs rdiff -u -r1.19 -r1.20 pkgsrc/textproc/ruby-kramdown-rfc2629/Makefile

(spz)

Pullup ticket #6748 - requested by taca
lang/ruby32-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.264
- lang/ruby32-base/PLIST                                        1.3
- lang/ruby32-base/distinfo                                    1.4

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Apr  1 09:26:58 UTC 2023

  Modified Files:
  pkgsrc/lang/ruby: rubyversion.mk
  pkgsrc/lang/ruby32-base: PLIST distinfo

  Log Message:
  lang/ruby32: update to 3.2.2

  Ruby 3.2.2 Released Posted by naruse on 30 Mar 2023

  Ruby 3.2.2 has been released.

  This release includes security fixes.  Please check the topics below for
  details.

  * CVE-2023-28755: ReDoS vulnerability in URI
  * CVE-2023-28756: ReDoS vulnerability in Time

  What's Changed

  * Backport [Bug #19158] for Ruby 3.2 by hsbt � Pull Request #7356
  * Bug #19415: Incorrect circularity warning for concurrent requires
  * Bug #19400: YJIT fails to boot on ARM64 systems with 64 KiB pages
  * Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
  * Bug #19444: YJIT String#+@ miscompilations
  * Bug #19445: Segmentation fault with Numeric#step
  * Bug #19439: Marshal.load doesn't load Regexp instance variables
  * Bug #19459: Is length of IO::Buffer#read required or optional?
  * Bug #19464: YJIT miscompiles BasicObject#__send__ to alias methods of send
  * Bug #19468: Ruby 3.2: net/http sets UTF-8 encoding for binary responses
  * Bug #19469: Crash when resizing generic iv list
  * Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
  * Bug #19467: Some linear_time regexp does not match in linear time
  * Bug #19476: Regexp unexpected partial match
  * Bug #19536: Frozen status loss when moving objects
  * Bug #19485: Unexpected behavior in squiggly heredocs
  * Bug #19471: Regexp::compile does not handle :timeout argument
  * Use URI-0.12.1 for Ruby 3.2 by hsbt � Pull Request #7603
  * Merge RubyGems-3.4.10 and Bundler-2.4.10 by hsbt � Pull Request #7479
  * Merge Time-0.2.2 by hsbt � Pull Request #7623

  Note: This list is automatically generated by tool/gen-github-release.rb.
  Because of this, some commits may be missing.

  To generate a diff of this commit:
  cvs rdiff -u -r1.263 -r1.264 pkgsrc/lang/ruby/rubyversion.mk
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/ruby32-base/PLIST
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/ruby32-base/distinfo

(spz)

Pullup ticket #6747 - requested by taca
lang/ruby31-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.263
- lang/ruby31-base/distinfo                                    1.10

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Apr  1 09:17:15 UTC 2023

  Modified Files:
  pkgsrc/lang/ruby: rubyversion.mk
  pkgsrc/lang/ruby31-base: distinfo

  Log Message:
  lang/ruby31: update to 3.1.4

  Ruby 3.1.4 Released Posted by nagachika on 30 Mar 2023

  Ruby 3.1.4 has been released.

  This release includes security fixes.  Please check the topics below for
  details.

  * CVE-2023-28755: ReDoS vulnerability in URI
  * CVE-2023-28756: ReDoS vulnerability in Time

  What's Changed

  * Bug #19187: Ruby 3.1.3 testsuite fails after timezone 2022g update is
    applied
  * Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie
    domains is prefixed with a dot
  * Bug #18629: block args array splatting assigns to higher scope _ var
  * Bug #18765: Wrong description introduced by
    https://github.com/ruby/ruby/pull/4938/files
  * Bug #19189: Ruby 3.1.3/3.2.x can no longer find pkg-config if not present
    at buildtime
  * Bug #19292: Time object's wday, yday, and isdst returns broken value (and
    so does to_a) when kwarg in: 'UTC' was given
  * Bug #19305: TracePoint#parameters segfaults when certain method creation
    pattern is used
  * Bug #19319: Crash in rb_str_casemap
  * Bug #19316: YJIT crash in 3.2.0
  * Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
    environment variable
  * Bug #19320: Crash during compaction while traversing the stack
  * Bug #19389: StringIO gets(..., chomp: true) behaves differently to File/IO.
  * Bug #19284: Integer overflow when using RUBY_GC_HEAP_INIT_SLOTS
    environment variable
  * Bug #19398: Memory leak in WeakMap
  * Bug #19403: Unable to Build Native Gems on Mac with Ruby 3.1.0+
  * Bug #19415: Incorrect circularity warning for concurrent requires
  * Bug #19419: [BUG] try to mark T_NONE object in ibf_dump_mark
  * Bug #19445: Segmentation fault with Numeric#step
  * Bug #19161: Cannot compile 3.0.5 or 3.1.3 on Red Hat Enterprise Linux 7
  * Bug #18989: Backport f229b36087f1b387d77af8f3fa50f9bffd2fd44e to ruby_3_1
  * Bug #18748: Range#cover? returns true for beginless range of different
    type
  * Bug #18827: __ENCODING__ is not set to the source encoding when saving
    script lines
  * Bug #19242: Circular cause by Marshal
  * Bug #19243: Windows: Dir.home returns string in wrong encoding
  * Bug #19115: RubyGems fails to detect OpenSSL in --with-static-linked-ext
    builds
  * Bug #18464: RUBY_INTERNAL_EVENT_NEWOBJ tracepoint causes an interpreter
    crash when combined with Ractors
  * Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
  * Bug #19485: Unexpected behavior in squiggly heredocs

  Note: This list is automatically generated by tool/gen-github-release.rb.
  Because of this, some commits may be missing.

  To generate a diff of this commit:
  cvs rdiff -u -r1.262 -r1.263 pkgsrc/lang/ruby/rubyversion.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/ruby31-base/distinfo

(spz)

Pullup ticket #6746 - requested by taca
lang/ruby30-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.262
- lang/ruby30-base/distinfo                                    1.12

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Apr  1 09:08:51 UTC 2023

  Modified Files:
  pkgsrc/lang/ruby: rubyversion.mk
  pkgsrc/lang/ruby30-base: distinfo

  Log Message:
  lang/ruby30: update to 3.0.6

  Ruby 3.0.6 Released Posted by usa on 30 Mar 2023

  Ruby 3.0.6 has been released.

  This release includes security fixes. Please check the topics below for
  details.

  * CVE-2023-28755: ReDoS vulnerability in URI
  * CVE-2023-28756: ReDoS vulnerability in Time

  This release also includes some bug fixes.  See the GitHub releases for
  further details.

  After this release, we end the normal maintenance phase of Ruby 3.0, and
  Ruby 3.0 enters the security maintenance phase.  This means that we will no
  longer backport any bug fixes to Ruby 3.0 except security fixes.

  The term of the security maintenance phase is scheduled for a year.  Ruby
  3.0 reaches EOL and its official support ends by the end of the security
  maintenance phase.  Therefore, we recommend that you start to plan upgrade
  to Ruby 3.1 or 3.2.

  To generate a diff of this commit:
  cvs rdiff -u -r1.261 -r1.262 pkgsrc/lang/ruby/rubyversion.mk
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby30-base/distinfo

(spz)

Pullup ticket #6745 - requested by taca
lang/ruby27-base: security update

Revisions pulled up:
- lang/ruby/rubyversion.mk                                      1.261
- lang/ruby27-base/distinfo                                    1.12

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Apr  1 08:59:44 UTC 2023

  Modified Files:
  pkgsrc/lang/ruby: rubyversion.mk
  pkgsrc/lang/ruby27-base: distinfo

  Log Message:
  lang/ruby27: update to 2.7.8

  Ruby 2.7.8 Released Posted by usa on 30 Mar 2023

  Ruby 2.7.8 has been released.

  This release includes security fixes. Please check the topics below for
  details.

  * CVE-2023-28755: ReDoS vulnerability in URI
  * CVE-2023-28756: ReDoS vulnerability in Time

  This release also includes some build problem fixes. See the GitHub releases
  for further details.

  After this release, Ruby 2.7 reaches EOL.  In other words, this is expected
  to be the last release of Ruby 2.7 series.  We will not release Ruby 2.7.9
  even if a security vulnerability is found (but could release if a severe
  regression is found).  We recommend all Ruby 2.7 users to start migration to
  Ruby 3.2, 3.1, or 3.0 immediately.

  To generate a diff of this commit:
  cvs rdiff -u -r1.260 -r1.261 pkgsrc/lang/ruby/rubyversion.mk
  cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/ruby27-base/distinfo

(spz)

#6742

(spz)

Pullup ticket #6742 - requested by bsiegert
graphics/openexr: security update

Revisions pulled up:
- graphics/openexr/Makefile                                    1.48
- graphics/openexr/PLIST                                        1.21
- graphics/openexr/distinfo                                    1.46

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  bsiegert
  Date:          Thu Mar 30 16:38:14 UTC 2023

  Modified Files:
          pkgsrc/graphics/openexr: Makefile PLIST distinfo

  Log Message:
  openexr: update to 3.1.6 (security)

  Patch release that address various bug/build issues and optimizations:

  - NEON optimizations for ZIP reading
  - Enable fast Huffman & Huffman zig-zag transform for Arm Neon
  - Support relative and absolute libdir/incluedir in pkg-config generation
  - Fix for reading memory mapped files with DWA compression
  - Enable SSE4 support on Windows
  - Fast huf decoder
  - CMake config for generating docs is now BUILD_DOC

  Also, this release includes a major update and reorganization of the repo
  documentation and the https://openexr.com website.

  In addition, numerous typos and misspellings in comments and doxygen content
  have been fixed via codespell.

  Specific OSS-fuzz issues address:

  - OSS-fuzz 52730 Heap-buffer-overflow in fasthuf_initialize
  - OSS-fuzz 49698 Heap-buffer-overflow in fasthuf_decode
  - OSS-fuzz 47517 Integer-overflow in reconstruct_chunk_table
  - OSS-fuzz 47503 Heap-buffer-overflow in uncompress_b44_impl
  - OSS-fuzz 47483 Heap-buffer-overflow in generic_unpack

  To generate a diff of this commit:
  cvs rdiff -u -r1.47 -r1.48 pkgsrc/graphics/openexr/Makefile
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/openexr/PLIST
  cvs rdiff -u -r1.45 -r1.46 pkgsrc/graphics/openexr/distinfo

(spz)

fix CVE-2022-28506 with a patch from
https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/

(spz)

add the patch for CVE-2022-48303 from the gtar git

(spz)

#6737 addendum

(spz)

Pullup ticket #6737 addendum - requested by gutteridge
textproc/py-libxml2: fix build after pullup #6737

Revisions pulled up:
- textproc/py-libxml2/Makefile by patch

(spz)

Pullups #6729 #6732 #6733 #6734 #6737 #6738 #6739

(spz)

Pullup ticket #6738 - requested by taca
www/ruby-rack: security update

Revisions pulled up:
pkgsrc/www/ruby-rack/Makefile by patch
pkgsrc/www/ruby-rack/distinfo by patch

-------------------------------------------------------------------

  Log Message:
  www/ruby-rack2: update to 2.2.6.2

  2.2.6 (2022-01-17)

  * Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError
    error.  (#2011, @byroot)

  2.2.6.1 (2022-01-17)

  * [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
  * [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
  * [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)

  2.2.6.2 (2022-01-17)

  * [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges

(spz)

Pullup ticket #6734 - requested by taca
databases/ruby-activerecord70: security update
devel/ruby-activejob70: distinfo update
devel/ruby-activemodel70: distinfo update
devel/ruby-activestorage70: distinfo update
devel/ruby-activesupport70: security update
devel/ruby-railties70: distinfo update
mail/ruby-actionmailbox70: distinfo update
mail/ruby-actionmailer70: distinfo update
textproc/ruby-actiontext70: distinfo update
www/ruby-actioncable70: distinfo update
www/ruby-actionpack70: security update
www/ruby-actionview70: distinfo update
www/ruby-rails70: distinfo update

Revisions pulled up:
- databases/ruby-activerecord70/distinfo                        1.9-1.10
- devel/ruby-activejob70/distinfo                              1.9-1.10
- devel/ruby-activemodel70/distinfo                            1.9-1.10
- devel/ruby-activestorage70/distinfo                          1.9-1.10
- devel/ruby-activesupport70/distinfo                          1.9-1.10
- devel/ruby-railties70/distinfo                                1.9-1.10
- lang/ruby/rails.mk                                            1.140,1.142
- mail/ruby-actionmailbox70/distinfo                            1.9-1.10
- mail/ruby-actionmailer70/distinfo                            1.9-1.10
- textproc/ruby-actiontext70/distinfo                          1.9-1.10
- www/ruby-actioncable70/distinfo                              1.9-1.10
- www/ruby-actionpack70/distinfo                                1.9-1.10
- www/ruby-actionview70/distinfo                                1.9-1.10
- www/ruby-rails70/distinfo                                    1.9-1.10

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 19 14:34:27 UTC 2023

  Modified Files:
  pkgsrc/databases/ruby-activerecord70: distinfo
  pkgsrc/devel/ruby-activejob70: distinfo
  pkgsrc/devel/ruby-activemodel70: distinfo
  pkgsrc/devel/ruby-activestorage70: distinfo
  pkgsrc/devel/ruby-activesupport70: distinfo
  pkgsrc/devel/ruby-railties70: distinfo
  pkgsrc/lang/ruby: rails.mk
  pkgsrc/mail/ruby-actionmailbox70: distinfo
  pkgsrc/mail/ruby-actionmailer70: distinfo
  pkgsrc/textproc/ruby-actiontext70: distinfo
  pkgsrc/www/ruby-actioncable70: distinfo
  pkgsrc/www/ruby-actionpack70: Makefile distinfo
  pkgsrc/www/ruby-actionview70: distinfo
  pkgsrc/www/ruby-rails70: distinfo

  Log Message:
  www/ruby-rails70: update to 7.0.4.1

  Rails 7.0.4.1 (2023-01-17)

  devel/ruby-activesupport70

  * Avoid regex backtracking in Inflector.underscore

    [CVE-2023-22796]

  www/ruby-actionpack70

  * Fix sec issue with _url_host_allowed?

    Disallow certain strings from `_url_host_allowed?` to avoid a redirect
    to malicious sites.

    [CVE-2023-22797]

  * Avoid regex backtracking on If-None-Match header

    [CVE-2023-22795]

  * Use string#split instead of regex for domain parts

    [CVE-2023-22792]

  databases/ruby-activerecord70

  * Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.

    This commit makes the sanitization more robust by replacing any
    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not
    be provided user input.

    [CVE-2023-22794]

  * Added integer width check to PostgreSQL::Quoting

    Given a value outside the range for a 64bit signed integer type
    PostgreSQL will treat the column type as numeric. Comparing
    integer values against numeric values can result in a slow
    sequential scan.

    This behavior is configurable via
    ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

    [CVE-2022-44566]

  To generate a diff of this commit:
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/databases/ruby-activerecord70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activejob70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activemodel70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activestorage70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-activesupport70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/ruby-railties70/distinfo
  cvs rdiff -u -r1.139 -r1.140 pkgsrc/lang/ruby/rails.mk
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailbox70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/mail/ruby-actionmailer70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/textproc/ruby-actiontext70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actioncable70/distinfo
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/ruby-actionpack70/Makefile
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionpack70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-actionview70/distinfo
  cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/ruby-rails70/distinfo

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jan 25 13:31:17 UTC 2023

  Modified Files:
  pkgsrc/databases/ruby-activerecord70: distinfo
  pkgsrc/devel/ruby-activejob70: distinfo
  pkgsrc/devel/ruby-activemodel70: distinfo
  pkgsrc/devel/ruby-activestorage70: distinfo
  pkgsrc/devel/ruby-activesupport70: distinfo
  pkgsrc/devel/ruby-railties70: distinfo
  pkgsrc/lang/ruby: rails.mk
  pkgsrc/mail/ruby-actionmailbox70: distinfo
  pkgsrc/mail/ruby-actionmailer70: distinfo
  pkgsrc/textproc/ruby-actiontext70: distinfo
  pkgsrc/www/ruby-actioncable70: distinfo
  pkgsrc/www/ruby-actionpack70: distinfo
  pkgsrc/www/ruby-actionview70: distinfo
  pkgsrc/www/ruby-rails70: distinfo

  Log Message:
  www/ruby-rails70: update to 7.0.4.2

  Rails 7.0.4.2 (2023-01-24)

  *  Fix `domain: :all` for two letter TLD

      This fixes a compatibility issue introduced in our previous security
      release when using `domain: :all` with a two letter but single level top
      level domain domain (like `.ca`, rather than `.co.uk`).

  To generate a diff of this commit:
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/databases/ruby-activerecord70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activejob70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activemodel70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activestorage70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-activesupport70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/devel/ruby-railties70/distinfo
  cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/ruby/rails.mk
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailbox70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/ruby-actionmailer70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/textproc/ruby-actiontext70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actioncable70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionpack70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-actionview70/distinfo
  cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/ruby-rails70/distinfo

(spz)

Pullup ticket #6733 - requested by taca
databases/ruby-activerecord61: security update
devel/ruby-activejob61: distinfo update
devel/ruby-activemodel61: distinfo update
devel/ruby-activestorage61: distinfo update
devel/ruby-activesupport61: security update
devel/ruby-railties61: distinfo update
mail/ruby-actionmailbox61: distinfo update
mail/ruby-actionmailer61: distinfo update
textproc/ruby-actiontext61: sdistinfo update
www/ruby-actioncable61: distinfo update
www/ruby-actionpack61: security update
www/ruby-actionview61: distinfo update
www/ruby-rails61: distinfo update

Revisions pulled up:
- databases/ruby-activerecord61/distinfo                        1.16-1.17
- devel/ruby-activejob61/distinfo                              1.16-1.17
- devel/ruby-activemodel61/distinfo                            1.16-1.17
- devel/ruby-activestorage61/distinfo                          1.16-1.17
- devel/ruby-activesupport61/distinfo                          1.16-1.17
- devel/ruby-railties61/distinfo                                1.16-1.17
- lang/ruby/rails.mk                                            1.139,1.141
- mail/ruby-actionmailbox61/distinfo                            1.16-1.17
- mail/ruby-actionmailer61/distinfo                            1.16-1.17
- textproc/ruby-actiontext61/distinfo                          1.16-1.17
- www/ruby-actioncable61/distinfo                              1.16-1.17
- www/ruby-actionpack61/Makefile                                1.4
- www/ruby-actionpack61/distinfo                                1.16-1.17
- www/ruby-actionview61/distinfo                                1.16-1.17
- www/ruby-rails61/distinfo                                    1.16-1.17

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 19 14:31:11 UTC 2023

  Modified Files:
  pkgsrc/databases/ruby-activerecord61: distinfo
  pkgsrc/devel/ruby-activejob61: distinfo
  pkgsrc/devel/ruby-activemodel61: distinfo
  pkgsrc/devel/ruby-activestorage61: distinfo
  pkgsrc/devel/ruby-activesupport61: distinfo
  pkgsrc/devel/ruby-railties61: distinfo
  pkgsrc/lang/ruby: rails.mk
  pkgsrc/mail/ruby-actionmailbox61: distinfo
  pkgsrc/mail/ruby-actionmailer61: distinfo
  pkgsrc/textproc/ruby-actiontext61: distinfo
  pkgsrc/www/ruby-actioncable61: distinfo
  pkgsrc/www/ruby-actionpack61: Makefile distinfo
  pkgsrc/www/ruby-actionview61: distinfo
  pkgsrc/www/ruby-rails61: distinfo

  Log Message:
  www/ruby-rails61: update to 6.1.7.1

  Rails 6.1.7.1 (2023-01-17)

  devel/ruby-activesupport61

  * Avoid regex backtracking in Inflector.underscore

      [CVE-2023-22796]

  www/ruby-actionpack61

  * Avoid regex backtracking on If-None-Match header

    [CVE-2023-22795]

  * Use string#split instead of regex for domain parts

    [CVE-2023-22792]

  databases/ruby-activerecord61

  * Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.

    This commit makes the sanitization more robust by replacing any
    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not
    be provided user input.

    [CVE-2023-22794]

  * Added integer width check to PostgreSQL::Quoting

    Given a value outside the range for a 64bit signed integer type
    PostgreSQL will treat the column type as numeric. Comparing
    integer values against numeric values can result in a slow
    sequential scan.

    This behavior is configurable via
    ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

    [CVE-2022-44566]

  To generate a diff of this commit:
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/ruby-activerecord61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activejob61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activemodel61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activestorage61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-activesupport61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/devel/ruby-railties61/distinfo
  cvs rdiff -u -r1.138 -r1.139 pkgsrc/lang/ruby/rails.mk
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailbox61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/ruby-actionmailer61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/textproc/ruby-actiontext61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actioncable61/distinfo
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-actionpack61/Makefile
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionpack61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-actionview61/distinfo
  cvs rdiff -u -r1.15 -r1.16 pkgsrc/www/ruby-rails61/distinfo

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jan 25 13:27:10 UTC 2023

  Modified Files:
  pkgsrc/databases/ruby-activerecord61: distinfo
  pkgsrc/devel/ruby-activejob61: distinfo
  pkgsrc/devel/ruby-activemodel61: distinfo
  pkgsrc/devel/ruby-activestorage61: distinfo
  pkgsrc/devel/ruby-activesupport61: distinfo
  pkgsrc/devel/ruby-railties61: distinfo
  pkgsrc/lang/ruby: rails.mk
  pkgsrc/mail/ruby-actionmailbox61: distinfo
  pkgsrc/mail/ruby-actionmailer61: distinfo
  pkgsrc/textproc/ruby-actiontext61: distinfo
  pkgsrc/www/ruby-actioncable61: distinfo
  pkgsrc/www/ruby-actionpack61: distinfo
  pkgsrc/www/ruby-actionview61: distinfo
  pkgsrc/www/ruby-rails61: distinfo

  Log Message:
  www/ruby-rails61: update to 6.1.7.2

  Rails 6.1.7.2 (2023-01-24)

  www/ruby-actionpack61

  *  Fix `domain: :all` for two letter TLD

      This fixes a compatibility issue introduced in our previous security
      release when using `domain: :all` with a two letter but single level top
      level domain domain (like `.ca`, rather than `.co.uk`).

  To generate a diff of this commit:
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/databases/ruby-activerecord61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activejob61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activemodel61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activestorage61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-activesupport61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/devel/ruby-railties61/distinfo
  cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/ruby/rails.mk
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailbox61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/ruby-actionmailer61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/ruby-actiontext61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actioncable61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionpack61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-actionview61/distinfo
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/www/ruby-rails61/distinfo

(spz)

Pullup ticket #6732 - requested by taca
databases/ruby-activerecord60: security update
devel/ruby-activejob60: distinfo update
devel/ruby-activemodel60: distinfo update
devel/ruby-activestorage60: distinfo update
devel/ruby-activesupport60: distinfo update
devel/ruby-railties60: distinfo update
mail/ruby-actionmailbox60: distinfo update
mail/ruby-actionmailer60: distinfo update
textproc/ruby-actiontext60: distinfo update
www/ruby-actioncable60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionpack60: distinfo update
www/ruby-actionview60: distinfo update
www/ruby-rails60: distinfo update

Revisions pulled up:
- databases/ruby-activerecord60/distinfo                        1.21
- devel/ruby-activejob60/distinfo                              1.21
- devel/ruby-activemodel60/distinfo                            1.21
- devel/ruby-activestorage60/distinfo                          1.21
- devel/ruby-activesupport60/distinfo                          1.21
- devel/ruby-railties60/distinfo                                1.21
- lang/ruby/rails.mk                                            1.138
- mail/ruby-actionmailbox60/distinfo                            1.21
- mail/ruby-actionmailer60/distinfo                            1.21
- textproc/ruby-actiontext60/distinfo                          1.21
- www/ruby-actioncable60/distinfo                              1.21
- www/ruby-actionpack60/Makefile                                1.5
- www/ruby-actionpack60/distinfo                                1.21
- www/ruby-actionview60/distinfo                                1.21
- www/ruby-rails60/distinfo                                    1.21

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 19 14:27:26 UTC 2023

  Modified Files:
  pkgsrc/databases/ruby-activerecord60: distinfo
  pkgsrc/devel/ruby-activejob60: distinfo
  pkgsrc/devel/ruby-activemodel60: distinfo
  pkgsrc/devel/ruby-activestorage60: distinfo
  pkgsrc/devel/ruby-activesupport60: distinfo
  pkgsrc/devel/ruby-railties60: distinfo
  pkgsrc/lang/ruby: rails.mk
  pkgsrc/mail/ruby-actionmailbox60: distinfo
  pkgsrc/mail/ruby-actionmailer60: distinfo
  pkgsrc/textproc/ruby-actiontext60: distinfo
  pkgsrc/www/ruby-actioncable60: distinfo
  pkgsrc/www/ruby-actionpack60: Makefile distinfo
  pkgsrc/www/ruby-actionview60: distinfo
  pkgsrc/www/ruby-rails60: distinfo

  Log Message:
  www/ruby-rails60: update to 6.0.6.1

  Only databases/ruby-activerecord61 has updated.

  Rails 6.0.6.1 (2023-01-17)

  * Make `sanitize_as_sql_comment` more strict

    Though this method was likely never meant to take user input, it was
    attempting sanitization. That sanitization could be bypassed with
    carefully crafted input.

    This commit makes the sanitization more robust by replacing any
    occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a
    first pass to remove one surrounding comment to avoid compatibility
    issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not
    be provided user input.

    [CVE-2023-22794]

  To generate a diff of this commit:
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/databases/ruby-activerecord60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activejob60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activemodel60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activestorage60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-activesupport60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/ruby-railties60/distinfo
  cvs rdiff -u -r1.137 -r1.138 pkgsrc/lang/ruby/rails.mk
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailbox60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/mail/ruby-actionmailer60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/textproc/ruby-actiontext60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actioncable60/distinfo
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-actionpack60/Makefile
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionpack60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-actionview60/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/www/ruby-rails60/distinfo

(spz)

Pullup ticket #6729 - requested by taca
devel/ruby-globalid: security update

Revisions pulled up:
- devel/ruby-globalid/Makefile                                  1.14
- devel/ruby-globalid/distinfo                                  1.8

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 19 13:58:19 UTC 2023

  Modified Files:
  pkgsrc/devel/ruby-globalid: Makefile distinfo

  Log Message:
  devel/ruby-globalid: update to 1.0.1

  1.0.1 (2023-01-17)

  Possible ReDoS based DoS vulnerability in GlobalID

  There is a ReDoS based DoS vulnerability in the GlobalID gem.  This
  vulnerability has been assigned the CVE identifier CVE-2023-22799.

  Versions Affected: >= 0.2.1
  Not affected: NOTAFFECTED
  Fixed Versions: 1.0.1

  Impact

  There is a possible DoS vulnerability in the model name parsing section of
  the GlobalID gem.  Carefully crafted input can cause the regular expression
  engine to take an unexpected amount of time.  All users running an affected
  release should either upgrade or use one of the workarounds immediately.

  Releases

  The FIXED releases are available at the normal locations.

  Workarounds

  There are no feasible workarounds for this issue.

  Credits

  Thank you ooooooo_k for reporting this!

  To generate a diff of this commit:
  cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-globalid/Makefile
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/devel/ruby-globalid/distinfo

(spz)

Pullup ticket #6739 - requested by taca
www/apache24: security update

Revisions pulled up:
- www/apache24/Makefile                                        1.115
- www/apache24/PLIST                                            1.36
- www/apache24/distinfo                                        1.54
- www/apache24/patches/patch-configure                          1.3

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: adam
  Date: Fri Jan 20 14:03:16 UTC 2023

  Modified Files:
  pkgsrc/www/apache24: Makefile PLIST distinfo
  pkgsrc/www/apache24/patches: patch-configure

  Log Message:
  apache24: updated to 2.4.55

  Changes with Apache 2.4.55

    *) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
        2.4.55 allows a backend to trigger HTTP response splitting
        (cve.mitre.org)
        Prior to Apache HTTP Server 2.4.55, a malicious backend can
        cause the response headers to be truncated early, resulting in
        some headers being incorporated into the response body. If the
        later headers have any security purpose, they will not be
        interpreted by the client.
        Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)

    *) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
        Possible request smuggling (cve.mitre.org)
        Inconsistent Interpretation of HTTP Requests ('HTTP Request
        Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
        allows an attacker to smuggle requests to the AJP server it
        forwards requests to.  This issue affects Apache HTTP Server
        Apache HTTP Server 2.4 version 2.4.54 and prior versions.
        Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
        at Qi'anxin Group

    *) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
        of zero byte (cve.mitre.org)
        A carefully crafted If: request header can cause a memory read,
        or write of a single zero byte, in a pool (heap) memory location
        beyond the header value sent. This could cause the process to
        crash.
        This issue affects Apache HTTP Server 2.4.54 and earlier.

    *) mod_dav: Open the lock database read-only when possible.

    *) mod_proxy_http2: apply the standard httpd content type handling
        to responses from the backend, as other proxy modules do.

    *) mod_dav: mod_dav overrides dav_fs response on PUT failure.

    *) mod_proxy_hcheck: Honor worker timeout settings.  [Yann Ylavic]

    *) mod_http2: version 2.0.10 of the module, synchronizing changes
        with the gitgub version. This is a partial rewrite of how connections
        and streams are handled.
        - an APR pollset and pipes (where supported) are used to monitor
          the main connection and react to IO for request/response handling.
          This replaces the stuttered timed waits of earlier versions.
        - H2SerializeHeaders directive still exists, but has no longer an effect.
        - Clients that seemingly misbehave still get less resources allocated,
          but ongoing requests are no longer disrupted.
        - Fixed an issue since 1.15.24 that "Server" headers in proxied requests
          were overwritten instead of preserved.
        - A regression in v1.15.24 was fixed that could lead to httpd child
          processes not being terminated on a graceful reload or when reaching
          MaxConnectionsPerChild. When unprocessed h2 requests were queued at
          the time, these could stall.
        - Improved information displayed in 'server-status' for H2 connections when
          Extended Status is enabled. Now one can see the last request that IO
          operations happened on and transferred IO stats are updated as well.
        - When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
          send a GOAWAY frame much too early on new connections, leading to invalid
          protocol state and a client failing the request.
          The module now initializes the HTTP/2 protocol correctly and allows the
          client to submit one request before the shutdown via a GOAWAY frame
          is being announced.
        - :scheme pseudo-header values, not matching the
          connection scheme, are forwarded via absolute uris to the
          http protocol processing to preserve semantics of the request.
          Checks on combinations of pseudo-headers values/absence
          have been added as described in RFC 7540. Fixes #230.
        - A bug that prevented trailers (e.g. HEADER frame at the end) to be
          generated in certain cases was fixed. See #233 where it prevented
          gRPC responses to be properly generated.
        - Request and response header values are automatically stripped of leading
          and trialing space/tab characters. This is equivalent behaviour to what
          Apache httpd's http/1.1 parser does.
          The checks for this in nghttp2 v1.50.0+ are disabled.
        - Extensive testing in production done by Alessandro Bianchi (@alexskynet)
          on the v2.0.x versions for stability. Many thanks!
    *) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
        request ':authority' is known. Improved test case that did not catch that
        the previous 'fix' was incorrect.

    *) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
        using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]

    *) mod_proxy: The AH03408 warning for a forcibly closed backend
        connection is now logged at INFO level.  [Yann Ylavic]

    *) mod_ssl: When dumping the configuration, the existence of
        certificate/key files is no longer tested.  [Joe Orton]

    *) mod_authn_core: Add expression support to AuthName and AuthType.
        [Graham Leggett]

    *) mod_ssl: when a proxy connection had handled a request using SSL, an
        error was logged when "SSLProxyEngine" was only configured in the
        location/proxy section and not the overall server. The connection
        continued to work, the error log was in error.

    *) mod_proxy_hcheck: Re-enable workers in standard ERROR state.

    *) mod_proxy_hcheck: Detect AJP/CPING support correctly.

    *) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]

    *) mod_md: a new directive `MDStoreLocks` can be used on cluster
        setups with a shared file system for `MDStoreDir` to order
        activation of renewed certificates when several cluster nodes are
        restarted at the same time. Store locks are not enabled by default.
        Restored curl_easy cleanup behaviour from v2.4.14 and refactored
        the use of curl_multi for OCSP requests to work with that.
        Fixes <https://github.com/icing/mod_md/issues/293>.

    *) core: Avoid an overflow on large inputs in ap_is_matchexp.

    *) mod_heartmonitor: Allow "HeartbeatMaxServers 0" to use file based
        storage instead of slotmem. Needed after setting
        HeartbeatMaxServers default to the documented value 10 in 2.4.54.

    *) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
        This is a game changer for performances if client use PROPFIND a lot.

  To generate a diff of this commit:
  cvs rdiff -u -r1.114 -r1.115 pkgsrc/www/apache24/Makefile
  cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/apache24/PLIST
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/www/apache24/distinfo
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/apache24/patches/patch-configure

(spz)

Pullup ticket #6737 - requested by taca
textproc/libxml2: security update

Revisions pulled up:
- textproc/libxml2/Makefile                                    1.166-1.167
- textproc/libxml2/Makefile.common                              1.17-1.19
- textproc/libxml2/PLIST                                        1.48
- textproc/libxml2/distinfo                                    1.142-1.143
- textproc/libxml2/patches/patch-Makefile.in                    deleted
- textproc/libxml2/patches/patch-catalog.c                      deleted
- textproc/libxml2/patches/patch-configure                      1.5
- textproc/libxml2/patches/patch-doc_examples_Makefile.in      deleted
- textproc/libxml2/patches/patch-encoding.c                    1.4
- textproc/libxml2/patches/patch-error.c                        1.1
- textproc/libxml2/patches/patch-python_libxml.c                deleted
- textproc/libxml2/patches/patch-python_libxml.py              deleted
- textproc/libxml2/patches/patch-python_libxml2.py              deleted
- textproc/libxml2/patches/patch-python_setup.py                deleted
- textproc/libxml2/patches/patch-xmlcatalog.c                  deleted

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sun Jan 22 10:30:09 UTC 2023

  Modified Files:
  pkgsrc/textproc/libxml2: Makefile Makefile.common PLIST distinfo
  pkgsrc/textproc/libxml2/patches: patch-configure patch-encoding.c
  Removed Files:
  pkgsrc/textproc/libxml2/patches: patch-Makefile.in patch-catalog.c
      patch-doc_examples_Makefile.in patch-python_libxml.c
      patch-python_libxml.py patch-python_libxml2.py
      patch-python_setup.py patch-xmlcatalog.c

  Log Message:
  libxml2: update to 2.10.3.

  NEWS file for libxml2

  v2.10.3: Oct 14 2022

  ### Security

  - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
  - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
  - Fix overflow check in SAX2.c

  ### Portability

  - win32: Fix build with VS2013

  ### Build system

  - cmake: Set SOVERSION

  v2.10.2: Aug 29 2022

  ### Improvements

  - Remove set-but-unused variable in xmlXPathScanName
  - Silence -Warray-bounds warning

  ### Build system

  - build: require automake-1.16.3 or later (Xi Ruoyao)
  - Remove generated files from distribution

  ### Test suite

  - Don't create missing.xml when running testapi

  v2.10.1: Aug 25 2022

  ### Regressions

  - Fix xmlCtxtReadDoc with encoding

  ### Bug fixes

  - Fix HTML parser with threads and --without-legacy

  ### Build system

  - Fix build with Python 3.10
  - cmake: Disable version script on macOS
  - Remove Makefile rule to build testapi.c

  ### Documentation

  - Switch back to HTML output for API documentation
  - Port doc/examples/index.py to Python 3
  - Fix order of exports in libxml2-api.xml
  - Remove libxml2-refs.xml

  v2.10.0: Aug 17 2022

  ### Security

  - [CVE-2022-2309] Reset nsNr in xmlCtxtReset
  - Reserve byte for NUL terminator and report errors consistently in xmlBuf and
    xmlBuffer (David Kilzer)
  - Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
  - Fix integer overflow in xmlBufferDump() (David Kilzer)
  - xmlBufAvail() should return length without including a byte for NUL
    terminator (David Kilzer)
  - Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
    Kilzer)
  - Use xmlNewDocText in xmlXIncludeCopyRange
  - Fix use-after-free bugs when calling xmlTextReaderClose() before
    xmlFreeTextReader() on post-validating parser (David Kilzer)
  - Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
  - fix: xmlXPathParserContext could be double-delete in  OOM case. (jinsub ahn)

  ### Removals and deprecations

  - Disable XPointer location support by default
  - Remove outdated xml2Conf.sh
  - Deprecate module init and cleanup functions
  - Remove obsolete XML Software Autoupdate (XSA) file
  - Remove DOCBparser
  - Remove obsolete Python test framework
  - Remove broken VxWorks support
  - Remove broken Mac OS 9 support
  - Remove broken bakefile support
  - Remove broken Visual Studio 2010 support
  - Remove broken Windows CE support
  - Deprecate IDREF-related functions in valid.h
  - Deprecate legacy functions
  - Disable legacy support by default
  - Deprecate all functions in nanoftp.h
  - Disable FTP support by default
  - Add XML_DEPRECATED macro
  - Remove elfgcchack.h

  ### Regressions

  - Skip incorrectly opened HTML comments
  - Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)

  ### Bug fixes

  - Fix memory leak with invalid XSD
  - Make XPath depth check work with recursive invocations
  - Fix memory leak in xmlLoadEntityContent error path
  - Avoid double-free if malloc fails in inputPush
  - Properly fold whitespace around the QName value when validating an XSD
    schema. (Damjan Jovanovic)
  - Add whitespace folding for some atomic data types that it's missing on.
    (Damjan Jovanovic)
  - Don't add IDs containing unexpanded entity references

  ### Improvements

  - Avoid calling xmlSetTreeDoc
  - Simplify xmlFreeNode
  - Don't reset nsDef when changing node content
  - Fix unintended fall-through in xmlNodeAddContentLen
  - Remove unused xmlBuf functions (David Kilzer)
  - Implement xpath1() XPointer scheme
  - Add configuration flag for XPointer locations support
  - Fix compiler warnings in Python code
  - Mark more static data as `const` (David Kilzer)
  - Make xmlStaticCopyNode non-recursive
  - Clean up encoding switching code
  - Simplify recursive pthread mutex
  - Use non-recursive mutex in dict.c
  - Fix parser progress checks
  - Avoid arithmetic on freed pointers
  - Improve buffer allocation scheme
  - Remove unneeded #includes
  - Add support for some non-standard escapes in regular expressions. (Damjan
    Jovanovic)
  - htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
  - Add let variable tag support (Oliver Diehl)
  - Add value-of tag support (Oliver Diehl)
  - Remove useless call to xmlRelaxNGCleanupTypes
  - Don't include ICU headers in public headers
  - Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
  - Fix unused variable warnings with disabled features
  - Only warn on invalid redeclarations of predefined entities
  - Remove unneeded code in xmlreader.c
  - Rework validation context flags

  ### Portability

  - Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
  - Fix Python tests on macOS
  - Fix xmlCleanupThreads on Windows
  - Fix reinitialization of library on Windows
  - Don't mix declarations and code in runtest.c
  - Use portable python shebangs (David Seifert)
  - Use critical sections as mutex on Windows
  - Don't set HAVE_WIN32_THREADS in win32config.h
  - Use stdint.h with newer MSVC
  - Remove cruft from win32config.h
  - Remove isinf/isnan emulation in win32config.h
  - Always fopen files with "rb"
  - Remove __DJGPP__ checks
  - Remove useless __CYGWIN__ checks

  ### Build system

  - Don't autogenerate doc/examples/Makefile.am
  - cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
  - cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
  - Port genUnicode.py to Python 3
  - Port gentest.py to Python 3
  - cmake: Fix build without thread support
  - cmake: Install documentation in CMAKE_INSTALL_DOCDIR
  - cmake: Remove non needed files in docs dir (Daniel E)
  - configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
    (Christopher Degawa)
  - Move local Autoconf macros into m4 directory
  - Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
  - Update libxml-2.0-uninstalled.pc.in
  - Remove LIBS from XML_PRIVATE_LIBS
  - Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
  - Don't overlink executables
  - cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
  - build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
  - Avoid obsolescent `test -a` constructs (David Seifert)
  - Move AM_MAINTAINER_MODE to AM section
  - configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
  - Streamline documentation installation
  - Don't try to recreate COPYING symlink
  - Detect libm using libtool's macros (David Seifert)
  - configure.ac: disable static libraries by default (David Seifert)
  - python/Makefile.am: nest python docs in $(docdir) (David Seifert)
  - python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
  - Makefile.am: install examples more idiomatically (David Seifert)
  - configure.ac: remove useless AC_SUBST (David Seifert)
  - Respect `--sysconfdir` in source files (David Seifert)
  - Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
  - Only install *.html and *.c example files
  - Remove --with-html-dir option
  - Rework documentation build system
  - Remove old website
  - Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
  - Update genChRanges.py
  - Update build_glob.py
  - Remove ICONV_CONST test
  - Remove obsolete AC_HEADER checks
  - Don't check for standard C89 library functions
  - Don't check for standard C89 headers
  - Remove special configuration for certain maintainers

  ### Test suite, CI

  - Disable network in API tests
  - testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
  - Build Autotools CI tests out of source tree (VPATH)
  - Add --with-minimum build to CI tests
  - Fix warnings when testing --with-minimum build
  - cmake: Run all tests when threads are disabled
  - Also build CI tests with -Werror
  - Move doc/examples tests to new test suite
  - Simplify 'make check' targets
  - Fix schemas and relaxng tests
  - Remove unused result files
  - Allow missing result files in runtest
  - Move regexp tests to runtest
  - Move SVG tests to runtest.c
  - Move testModule to new test suite
  - Move testThreads to new test suite
  - Remove major parts of old test suite
  - Make testchar return an error on failure (Tony Tascioglu)
  - Add CI job for static build
  - python/tests: open() relative to test scripts (David Seifert)
  - Port some test scripts to Python 3

  ### Documentation

  - Improve documentation of tree manipulation API
  - Update xml2-config man page
  - Consolidate man pages
  - Rename xmlcatalog_man.xml
  - Make examples a standalone HTML page
  - Fix documentation in entities.c
  - Add note about optimization flags

  To generate a diff of this commit:
  cvs rdiff -u -r1.165 -r1.166 pkgsrc/textproc/libxml2/Makefile
  cvs rdiff -u -r1.16 -r1.17 pkgsrc/textproc/libxml2/Makefile.common
  cvs rdiff -u -r1.47 -r1.48 pkgsrc/textproc/libxml2/PLIST
  cvs rdiff -u -r1.141 -r1.142 pkgsrc/textproc/libxml2/distinfo
  cvs rdiff -u -r1.2 -r0 pkgsrc/textproc/libxml2/patches/patch-Makefile.in \
      pkgsrc/textproc/libxml2/patches/patch-doc_examples_Makefile.in \
      pkgsrc/textproc/libxml2/patches/patch-python_setup.py
  cvs rdiff -u -r1.1 -r0 pkgsrc/textproc/libxml2/patches/patch-catalog.c \
      pkgsrc/textproc/libxml2/patches/patch-python_libxml.py \
      pkgsrc/textproc/libxml2/patches/patch-python_libxml2.py \
      pkgsrc/textproc/libxml2/patches/patch-xmlcatalog.c
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/textproc/libxml2/patches/patch-configure
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/libxml2/patches/patch-encoding.c
  cvs rdiff -u -r1.4 -r0 pkgsrc/textproc/libxml2/patches/patch-python_libxml.c

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: gutteridge
  Date: Thu Jan 26 01:49:16 UTC 2023

  Modified Files:
  pkgsrc/textproc/libxml2: Makefile.common distinfo
  Added Files:
  pkgsrc/textproc/libxml2/patches: patch-error.c

  Log Message:
  libxml2: Make sure that error messages are valid UTF-8

  Fixes segfaults with itstool, which were breaking various MATE package
  builds. (This is the third time a variant of a patch to fix this same
  issue has been applied here.)

  To generate a diff of this commit:
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/textproc/libxml2/Makefile.common
  cvs rdiff -u -r1.142 -r1.143 pkgsrc/textproc/libxml2/distinfo
  cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxml2/patches/patch-error.c

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: jperkin
  Date: Fri Jan 27 14:49:37 UTC 2023

  Modified Files:
  pkgsrc/textproc/libxml2: Makefile Makefile.common

  Log Message:
  libxml2: Ensure --sysconfdir is passed.

  Fixes widespread breakage of recent update on systems where PKG_SYSCONFDIR
  is not PREFIX/etc so the catalog files could not be found.

  Move PKGREVISION out of Makefile.common and bump.

  To generate a diff of this commit:
  cvs rdiff -u -r1.166 -r1.167 pkgsrc/textproc/libxml2/Makefile
  cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/libxml2/Makefile.common

(spz)

6728, 6735, 6736

(spz)

Pullup ticket #6736 - requested by taca
net/bind918: security update

Revisions pulled up:
- net/bind918/Makefile                                          1.6
- net/bind918/PLIST                                            1.2
- net/bind918/distinfo                                          1.4
- net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh deleted
- net/bind918/patches/patch-lib_isc_siphash.c                  1.2
- net/bind918/patches/patch-lib_isc_time.c                      1.2
- net/bind918/patches/patch-lib_ns_update.c                    1.2

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Feb  8 00:13:44 UTC 2023

  Modified Files:
  pkgsrc/net/bind918: Makefile PLIST distinfo
  pkgsrc/net/bind918/patches: patch-lib_isc_siphash.c
      patch-lib_isc_time.c patch-lib_ns_update.c
  Removed Files:
  pkgsrc/net/bind918/patches:
      patch-bin_tests_system_keyfromlabel_tests.sh

  Log Message:
  net/bind918: update to 9.18.11

  Approved by MAINTAINER (sekiya@).

  --- 9.18.11 released ---

  6067. [security] Fix serve-stale crash when recursive clients soft quota
  is reached. (CVE-2022-3924) [GL #3619]

  6066. [security] Handle RRSIG lookups when serve-stale is active.
  (CVE-2022-3736) [GL #3622]

  6064. [security] An UPDATE message flood could cause named to exhaust all
  available memory. This flaw was addressed by adding a
  new "update-quota" statement that controls the number of
  simultaneous UPDATE messages that can be processed or
  forwarded. The default is 100. A stats counter has been
  added to record events when the update quota is
  exceeded, and the XML and JSON statistics version
  numbers have been updated. (CVE-2022-3094) [GL #3523]

  6062. [func] The DSCP implementation, which has been
  nonfunctional for some time, is now marked as
  obsolete and the implementation has been removed.
  Configuring DSCP values in named.conf has no
  effect, and a warning will be logged that
  the feature should no longer be used. [GL #3773]

  6061. [bug] Fix unexpected "Prohibited" extended DNS error
  on allow-recursion. [GL #3743]

  6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
  by detaching from the zone manager outside of the write
  lock. [GL #3768]

  6059. [bug] In some serve stale scenarios, like when following an
  expired CNAME record, named could return SERVFAIL if the
  previous request wasn't successful. Consider non-stale
  data when in serve-stale mode. [GL #3678]

  6058. [bug] Prevent named from crashing when "rndc delzone"
  attempts to delete a zone added by a catalog zone.
  [GL #3745]

  6053. [bug] Fix an ADB quota management bug in resolver. [GL #3752]

  6051. [bug] Improve thread safety in the dns_dispatch unit.
  [GL #3178] [GL #3636]

  6050. [bug] Changes to the RPZ response-policy min-update-interval
  and add-soa options now take effect as expected when
  named is reconfigured. [GL #3740]

  6049. [bug] Exclude ABD hashtables from the ADB memory
  overmem checks and don't clean ADB names
  and ADB entries used in the last 10 seconds
  (ADB_CACHE_MINIMUM). [GL #3739]

  6048. [bug] Fix a log message error in dns_catz_update_from_db(),
  where serials with values of 2^31 or larger were logged
  incorrectly as negative numbers. [GL #3742]

  6047. [bug] Try the next server instead of trying the same
  server again on an outgoing query timeout.
  [GL #3637]

  6046. [bug] TLS session resumption might lead to handshake
  failures when client certificates are used for
  authentication (Mutual TLS).  This has been fixed.
  [GL #3725]

  6045. [cleanup] The list of supported DNSSEC algorithms changed log
  level from "warning" to "notice" to match named's other
  startup messages. [GL !7217]

  6044. [bug] There was an "RSASHA236" typo in a log message.
  [GL !7206]

  5830. [func] Implement incremental resizing of isc_ht hash tables to
  perform the rehashing gradually. The catalog zone
  implementation has been optimized to work with hundreds
  of thousands of member zones. [GL #3212] [GL #3744]

  To generate a diff of this commit:
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/bind918/Makefile
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/PLIST
  cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/bind918/distinfo
  cvs rdiff -u -r1.1 -r0 \
      pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh
  cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c \
      pkgsrc/net/bind918/patches/patch-lib_isc_time.c \
      pkgsrc/net/bind918/patches/patch-lib_ns_update.c

(spz)

Pullup ticket #6735 - requested by taca
security/sudo: security update

Revisions pulled up:
- security/sudo/Makefile                                        1.194
- security/sudo/distinfo                                        1.126

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Feb  6 14:35:32 UTC 2023

  Modified Files:
  pkgsrc/security/sudo: Makefile distinfo

  Log Message:
  security/sudo: update to 1.9.12p2

  1.9.12.p2 (2023-01-18)

    * Fixed a compilation error on Linux/aarch64.  GitHub issue #197.

    * Fixed a potential crash introduced in the fix for GitHub issue #134.
      If a user's sudoers entry did not have any RunAs user's set,
      running "sudo -U otheruser -l" would dereference a NULL pointer.

    * Fixed a bug introduced in sudo 1.9.12 that could prevent sudo
      from creating a I/O files when the "iolog_file" sudoers setting
      contains six or more Xs.

    * Fixed CVE-2023-22809, a flaw in sudo's -e option (aka sudoedit)
      that coud allow a malicious user with sudoedit privileges to
      edit arbitrary files.

  To generate a diff of this commit:
  cvs rdiff -u -r1.193 -r1.194 pkgsrc/security/sudo/Makefile
  cvs rdiff -u -r1.125 -r1.126 pkgsrc/security/sudo/distinfo

(spz)

Pullup ticket #6728 - requested by taca
net/samba4: security update

Revisions pulled up:
- net/samba4/Makefile                                          1.155,1.157-1.159
- net/samba4/PLIST                                              1.49-1.50
- net/samba4/distinfo                                          1.88-1.89
- net/samba4/options.mk                                        1.18

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: wiz
  Date: Tue Jan  3 15:27:23 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile PLIST distinfo options.mk

  Log Message:
  samba: update to 4.17.4.

  This is the latest stable release of the Samba 4.17 release series.
  It also contains security changes in order to address the following defects:

  o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
                    RC4-HMAC Elevation of Privilege Vulnerability
                    disclosed by Microsoft on Nov 8 2022.

                    A Samba Active Directory DC will issue weak rc4-hmac
                    session keys for use between modern clients and servers
                    despite all modern Kerberos implementations supporting
                    the aes256-cts-hmac-sha1-96 cipher.

                    On Samba Active Directory DCs and members
                    'kerberos encryption types = legacy' would force
                    rc4-hmac as a client even if the server supports
                    aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.

                    https://www.samba.org/samba/security/CVE-2022-37966.html

  o CVE-2022-37967: This is the Samba CVE for the Windows
                    Kerberos Elevation of Privilege Vulnerability
                    disclosed by Microsoft on Nov 8 2022.

                    A service account with the special constrained
                    delegation permission could forge a more powerful
                    ticket than the one it was presented with.

                    https://www.samba.org/samba/security/CVE-2022-37967.html

  o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                    same algorithms as rc4-hmac cryptography in Kerberos,
                    and so must also be assumed to be weak.

                    https://www.samba.org/samba/security/CVE-2022-38023.html

  Note that there are several important behavior changes
  included in this release, which may cause compatibility problems
  interacting with system still expecting the former behavior.
  Please read the advisories of CVE-2022-37966,
  CVE-2022-37967 and CVE-2022-38023 carefully!

  samba-tool got a new 'domain trust modify' subcommand
  -----------------------------------------------------

  This allows "msDS-SupportedEncryptionTypes" to be changed
  on trustedDomain objects. Even against remote DCs (including Windows)
  using the --local-dc-ipaddress= (and other --local-dc-* options).
  See 'samba-tool domain trust modify --help' for further details.

  smb.conf changes
  ----------------

    Parameter Name                              Description            Default
    --------------                              -----------            -------
    allow nt4 crypto                            Deprecated              no
    allow nt4 crypto:COMPUTERACCOUNT            New
    kdc default domain supported enctypes        New (see manpage)
    kdc supported enctypes                      New (see manpage)
    kdc force enable rc4 weak session keys      New                    No
    reject md5 clients                          New Default, Deprecated Yes
    reject md5 servers                          New Default, Deprecated Yes
    server schannel                              Deprecated              Yes
    server schannel require seal                New, Deprecated        Yes
    server schannel require seal:COMPUTERACCOUNT New
    winbind sealed pipes                        Deprecated              Yes

  Changes since 4.17.3
  --------------------

  o  Jeremy Allison <jra@samba.org>
      * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
        same size.

  o  Andrew Bartlett <abartlet@samba.org>
      * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
        user-controlled pointer in FAST.
      * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
      * BUG 15237: CVE-2022-37966.
      * BUG 15258: filter-subunit is inefficient with large numbers of knownfails.

  o  Ralph Boehme <slow@samba.org>
      * BUG 15240: CVE-2022-38023.
      * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.

  o  Stefan Metzmacher <metze@samba.org>
      * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
        Windows.
      * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
        atomically.
      * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
        vulnerability.
      * BUG 15206: libnet: change_password() doesn't work with
        dcerpc_samr_ChangePasswordUser4().
      * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
      * BUG 15230: Memory leak in snprintf replacement functions.
      * BUG 15237: CVE-2022-37966.
      * BUG 15240: CVE-2022-38023.
      * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
        (CVE-2021-20251 regression).

  o  Noel Power <noel.power@suse.com>
      * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
        same size.

  o  Anoop C S <anoopcs@samba.org>
      * BUG 15198: Prevent EBADF errors with vfs_glusterfs.

  o  Andreas Schneider <asn@samba.org>
      * BUG 15237: CVE-2022-37966.
      * BUG 15243: %U for include directive doesn't work for share listing
        (netshareenum).
      * BUG 15257: Stack smashing in net offlinejoin requestodj.

  o  Joseph Sutton <josephsutton@catalyst.net.nz>
      * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
      * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
      * BUG 15231: CVE-2022-37967.
      * BUG 15237: CVE-2022-37966.

  o  Nicolas Williams <nico@twosigma.com>
      * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
        user-controlled pointer in FAST.

  To generate a diff of this commit:
  cvs rdiff -u -r1.154 -r1.155 pkgsrc/net/samba4/Makefile
  cvs rdiff -u -r1.48 -r1.49 pkgsrc/net/samba4/PLIST
  cvs rdiff -u -r1.87 -r1.88 pkgsrc/net/samba4/distinfo
  cvs rdiff -u -r1.17 -r1.18 pkgsrc/net/samba4/options.mk

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tnn
  Date: Tue Jan 10 02:12:40 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: PLIST

  Log Message:
  samba4: fix PLIST error when option ads is off

  To generate a diff of this commit:
  cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/samba4/PLIST

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: hauke
  Date: Thu Jan 19 16:32:54 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile

  Log Message:
  Un-break FreeBSD build - it does not define ENODATA.

  See also this thread
  <kern/2012/04/30/msg013090.html>.">https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.

  To generate a diff of this commit:
  cvs rdiff -u -r1.156 -r1.157 pkgsrc/net/samba4/Makefile

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: wiz
  Date: Mon Jan 23 09:13:52 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile

  Log Message:
  samba4: add upper bound for ldb and remove reference to non-existent file

  To generate a diff of this commit:
  cvs rdiff -u -r1.157 -r1.158 pkgsrc/net/samba4/Makefile

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Jan 28 13:52:03 UTC 2023

  Modified Files:
  pkgsrc/net/samba4: Makefile distinfo

  Log Message:
  net/samba4: update to 4.17.5

                      ===============
                      Release Notes for Samba 4.17.5
                            January 26, 2023
                      ===============

  This is the latest stable release of the Samba 4.17 release series.

  Changes since 4.17.4
  --------------------

  o  Jeremy Allison <jra@samba.org>
      * BUG 14808: smbc_getxattr() return value is incorrect.
      * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
        correctly.
      * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
      * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
        DC when there is only an AAAA record for the DC in DNS.
      * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
      * BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
      * BUG 15283: vfs_virusfilter segfault on access, directory edgecase
        (accessing NULL value).

  o  Samuel Cabrero <scabrero@samba.org>
      * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
        based SChannel on NETLOGON (additional changes).

  o  Volker Lendecke <vl@samba.org>
      * BUG 15243: %U for include directive doesn't work for share listing
        (netshareenum).
      * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
      * BUG 15269: ctdb: use-after-free in run_proc.

  o  Stefan Metzmacher <metze@samba.org>
      * BUG 15243: %U for include directive doesn't work for share listing
        (netshareenum).
      * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
      * BUG 15280: irpc_destructor may crash during shutdown.
      * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.

  o  Andreas Schneider <asn@samba.org>
      * BUG 15268: smbclient segfaults with use after free on an optimized build.

  o  Jones Syue <jonessyue@qnap.com>
      * BUG 15282: smbstatus leaking files in msg.sock and msg.lock.

  o  Andrew Walker <awalker@ixsystems.com>
      * BUG 15164: Leak in wbcCtxPingDc2.
      * BUG 15265: Access based share enum does not work in Samba 4.16+.
      * BUG 15267: Crash during share enumeration.
      * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
        end of returned buffer.

  o  Florian Weimer <fweimer@redhat.com>
      * BUG 15281: Avoid relying on C89 features in a few places.

  To generate a diff of this commit:
  cvs rdiff -u -r1.158 -r1.159 pkgsrc/net/samba4/Makefile
  cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/samba4/distinfo

(spz)

6710, 6724

(spz)

Pullup ticket #6724 - requested by bsiegert
lang/ruby31-base: build fix

Revisions pulled up:
- lang/ruby31-base/Makefile                                    1.8

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: dholland
  Date: Mon Jan 16 06:33:51 UTC 2023

  Modified Files:
  pkgsrc/lang/ruby31-base: Makefile

  Log Message:
  lang/ruby31-base: quote ${CC}; PR 57167

  To generate a diff of this commit:
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/ruby31-base/Makefile

(spz)

Pullup ticket #6710 - requested by bsiegert
security/libksba: security update

Revisions pulled up:
- security/libksba/Makefile                                    1.39
- security/libksba/distinfo                                    1.29

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Wed Dec 28 09:38:22 UTC 2022

  Modified Files:
          pkgsrc/security/libksba: Makefile distinfo

  Log Message:
  libksba: updated to 1.6.3

  Noteworthy changes in version 1.6.3 (2022-12-06)
  ------------------------------------------------
    * Fix another integer overflow in the CRL parser.

  To generate a diff of this commit:
  cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/libksba/Makefile
  cvs rdiff -u -r1.28 -r1.29 pkgsrc/security/libksba/distinfo

(spz)

revert erroneous commit to the pkgsrc-2022Q4 branch as requested by manu@
in admin ticket #265306

(spz)

Updated print/podofo to 0.9.8

(spz)

Update print/podofo to version 0.9.8
Fixes many CVE.

Note upstream pushed their src/ contents to src/podofo so patches
had to move that didn't otherwise change.

upstream changelog:

  PoDoFo 0.9.8 released - last release on current code base

  May 3rd 2022

  The PoDoFo developers are happy to announce the release of PoDoFo 0.9.8.
  This release contains over 25 patches submitted by various contributors
  (see SVN Log for details). We encourage all users to upgrade to this
  release.

  Also, this will be the final release of PoDoFo based on the current
  codebase.
  After the release we plan to introduce two major changes to PoDoFo
  development.

  First of all, we will lock/close the current SVN trunk and switch PoDoFo
  development to a more modern development platform, where we can leverage
  state of the art development features such as Continuous Integration or
  Pull Requests. The mailing list and webpage will stay on SourceForge
  as well as the issue tracker. Still, we will open a new issue tracker
  for the new development environment and gradually migrate open issues.
  We will share more news on this, once the new development environment
  was set up.

  Secondly and most importantly, we will replace the current codebase
  of PoDoFo with the amazing work Francesco Pretto has done with pdfmm.
  pdfmm is based on PoDoFo but with an improved and reworked API based
  on C++17 which we consider more suitable for future development of PoDoFo.
  After rebasing PoDoFo on pdfmm, we plan to release PoDoFo 1.0.0.

  Please note, PoDoFo 1.0.0 will be API incompatible (binary and in
  source code) with PoDoFo 0.9.8. We expect migration steps to be necessary.
  PoDoFo Tools are currently being ported to pdfmm as a showcase for
  the migration.

  PoDoFo 0.9.7 released

  January 9th 2021

  PoDoFo 0.9.7 was released today, after over 2 year of development
  and with the help of many new contributors.

  As there are so many improvements, patches and fixes that made it
  into this release, we are not able to list them, so please stick with
  the svn log.

  This release also includes a release of podofobrowser which was
  ported to Qt5.

(spz)

#6696 + #6705

(spz)

Pullup ticket #6705 - requested by bsiegert
databases/redis: security update

Revisions pulled up:
- databases/redis/Makefile                                      1.74
- databases/redis/distinfo                                      1.67
- databases/redis/patches/patch-src_Makefile                    1.6

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  adam
  Date:          Tue Nov 22 19:11:11 UTC 2022

  Modified Files:
          pkgsrc/databases/redis: Makefile distinfo
          pkgsrc/databases/redis/patches: patch-src_Makefile

  Log Message:
  redis: updated to 7.0.5

  Redis 7.0.5 Released Wed Sep 21 20:00:00 IST 2022
  ========================================

  Upgrade urgency: SECURITY, contains fixes to security issues.

  Security Fixes:
  * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
    state, with a specially crafted COUNT argument, may cause an integer overflow,
    a subsequent heap overflow, and potentially lead to remote code execution.
    The problem affects Redis versions 7.0.0 or newer
    [reported by Xion (SeungHyun Lee) of KAIST GoN].

  Module API changes
  =========

  * Fix RM_Call execution of scripts when used with M/W/S flags to properly
    handle script flags
  * Fix RM_SetAbsExpire and RM_GetAbsExpire API registration

  Bug Fixes
  ====
  * Fix a hang when eviction is combined with lazy-free and
  maxmemory-eviction-tenacity is set to 100
  * Fix a crash when a replica may attempt to set itself as its master
  as a result of a manual failover
  * Fix a bug where a cluster-enabled replica node may permanently set
  its master's hostname to '?'
  * Fix a crash when a Lua script returns a meta-table

  Fixes for issues in previous releases of Redis 7.0
  --------------------------------------------------

  * Fix redis-cli to do DNS lookup before sending CLUSTER MEET
  * Fix crash when a key is lazy expired during cluster key migration
  * Fix AOF rewrite to fsync the old AOF file when a new one is created
  * Fix some crashes involving a list containing entries larger than 1GB
  * Correctly handle scripts with a non-read-only shebang on a cluster replica
  * Fix memory leak when unloading a module
  * Fix bug with scripts ignoring client tracking NOLOOP
  * Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL /
  SWAPDB is used inside MULTI-EXEC
  * Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed
  with read-only key permission
  * Fix missing sections for INFO ALL when also requesting a module info section

  ========================================
  Redis 7.0.4 Released Monday Jul 18 12:00:00 IST 2022
  ========================================

  Upgrade urgency: SECURITY, contains fixes to security issues.

  Security Fixes:
  * (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
    key in a specific state may result with heap overflow, and potentially
    remote code execution. The problem affects Redis versions 7.0.0 or newer.

  ========================================
  Redis 7.0.3 Released Monday Jul 11 12:00:00 IST 2022
  ========================================

  Upgrade urgency: MODERATE, specifically if you're using a previous release of
  Redis 7.0, contains fixes for bugs in previous 7.0 releases.

  Performance and resource utilization improvements
  ========================
  * Optimize zset conversion on large ZRANGESTORE
  * Optimize the performance of sending PING on large clusters
  * Allow for faster restart of Redis in cluster mode

  INFO fields and introspection changes
  ==================
  * Add missing sharded pubsub keychannel count to CLIENT LIST
  * Add missing pubsubshard_channels field in INFO STATS

  Module API changes
  =========

  * Add RM_StringToULongLong and RM_CreateStringFromULongLong
  * Add RM_SetClientNameById and RM_GetClientNameById

  Changes in CLI tools
  ==========

  * Add missing cluster-port support to redis-cli --cluster

  Other General Improvements
  =============

  * Account sharded pubsub channels memory consumption
  * Allow ECHO in loading and stale modes
  * Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
    commands when the node only has some of the keys

  Bug Fixes
  ====
  * TLS: Notify clients on connection shutdown
  * Fsync directory while persisting AOF manifest, RDB file, and config file
  * Script that made modification will not break with unexpected NOREPLICAS error
  * Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
    after a replica reboots
  * Cluster: Fix crash during handshake and cluster shards call

  Fixes for issues in previous releases of Redis 7.0
  --------------------------------------------------

  * TLS: Fix issues with large replies
  * Correctly report the startup warning for vm.overcommit_memory
  * redis-server command line allow passing config name and value in the
  same argument
  * Support --save command line argument with no value for backwards compatibility
  * Fix CLUSTER RESET command regression requiring an argument

  ========================================
  Redis 7.0.2 Released Sunday Jun 12 12:00:00 IST 2022
  ========================================

  Upgrade urgency: MODERATE, specifically if you're using a previous release of
  Redis 7.0, contains fixes for bugs in previous 7.0 releases.

  Bug Fixes
  ====
  * Fixed SET and BITFIELD commands being wrongly marked movablekeys
    Regression in 7.0 possibly resulting in excessive roundtrip from
  cluster clients.
  * Fix crash when /proc/sys/vm/overcommit_memory is inaccessible
    Regression in 7.0.1 resulting in crash on startup on some configurations.

  ========================================
  Redis 7.0.1 Released Wed Jun 8 12:00:00 IST 2022
  ========================================

  Upgrade urgency: MODERATE, specifically if you're using a previous release of
  Redis 7.0, contains some behavior changes for new 7.0 features and important
  fixes for bugs in previous 7.0 releases.

  Improvements
  ======

  * Add warning for suspected slow system clocksource setting
    Add --check-system command line option.
  * Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
    during CLIENT PAUSE WRITE
  * Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO
  * redis-server command line arguments now accept one string with spaces
    for multi-arg configs

  Potentially Breaking Changes
  ==============

  * Omitting a config option value in command line argument no longer works
  * Hide the `may_replicate` flag from the COMMAND command response

  Potentially Breaking Changes for new Redis 7.0 features
  -------------------------------------------------------

  * Protocol: Sharded pubsub publish emits `smessage` instead of `message`
  * CLUSTER SHARDS returns slots as RESP integers, not strings
  * Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes)
  * Scripts that declare the `no-writes` flag are implicitly `allow-oom` too

  Changes in CLI tools
  ==========

  * redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C

  Platform / toolchain support related improvements
  ========================
  * Support tcp-keepalive config interval on MacOs
  * Support RSS metrics on Haiku OS

  INFO fields and introspection changes
  ==================
  * Add isolated network metrics for replication.

  Module API changes
  =========

  * Add two more new checks to RM_Call script mode
  * Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands
  * Add module API RM_MallocUsableSize
  * Add missing REDISMODULE_NOTIFY_NEW
  * Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements
  * Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug
  * Fix bugs in enum configs with overlapping bit flags

  Bug Fixes
  ====
  * FLUSHALL correctly resets rdb_changes_since_last_save INFO field
  * FLUSHDB is now propagated to replicas / AOF, even if the db is empty
  * Replica fail and retry the PSYNC if the master is unresponsive
  * Fix ZRANGESTORE crash when zset_max_listpack_entries is 0

  Fixes for issues in previous releases of Redis 7.0
  --------------------------------------------------

  * CONFIG REWRITE could cause a config change to be dropped for aliased configs
  * CONFIG REWRITE would omit rename-command and include lines
    NOTE: Affected users who used Redis 7.0.0 to rewrite their configuration file
    should review and fix the file.
  * Fix broken protocol after MISCONF (persistence) error
  * Fix --save command line regression
  * Fix possible regression around TLS config changes. re-load files even if the
    file name didn't change.
  * Re-add SENTINEL SLAVES command, missing in redis 7.0
  * BZMPOP gets unblocked by non-key args and returns them
  * Fix possible memory leak in XADD and XTRIM

  ========================================
  Redis 7.0.0 GA  Released Wed Apr 27 12:00:00 IST 2022
  ========================================

  Upgrade urgency: SECURITY, contains fixes to security issues.

  Security Fixes:
  * (CVE-2022-24736) An attacker attempting to load a specially crafted Lua script
    can cause NULL pointer dereference which will result with a crash of the
    redis-server process. This issue affects all versions of Redis.
    [reported by Aviv Yahav].
  * (CVE-2022-24735) By exploiting weaknesses in the Lua script execution
    environment, an attacker with access to Redis can inject Lua code that will
    execute with the (potentially higher) privileges of another Redis user.
    [reported by Aviv Yahav].

  New Features
  ======

  * Keyspace event for new keys

  Command replies that have been extended
  ---------------------------------------

  * COMMAND DOCS shows deprecated_since field in command args
  * COMMAND DOCS shows module name where applicable

  Potentially Breaking Changes
  ==============

  * Replicas panic when they fail writing persistence
  * Prevent cross slot operations in functions and scripts with shebang
  * Rephrased some error responses about invalid commands or args
  * Lua scripts do not have access to the print() function

  Performance and resource utilization improvements
  ========================
  * Speed optimization in streams
  * Speed optimization in command execution pipeline
  * Speed optimization in listpack encoded sorted
  * Speed optimization in latency tracking at INFO (relevant for 7.0 RCs)
  * Speed optimization when there are many replicas (relevant for 7.0 RCs)

  New configuration options
  ============
  * Allow ignoring disk persistence errors on replicas
  * Allow abort with panic when replica fails to execute a command sent
  by the master
  * Allow configuring shutdown flags of SIGTERM and SIGINT
  * Allow attaching an operating system-specific identifier to Redis sockets

  Module API changes
  =========

  * Add argument specifying ACL reason for module log entry
    Breaking API compatibility with 7.0 RCs
  * Add the deprecated_since field in command args of COMMAND DOCS
    Breaking API/ABI compatibility with 7.0 RCs
  * Add module API flag for using enum configs as bit flags
  * Add RM_PublishMessageShard
  * Add RM_MallocSizeString, RM_MallocSizeDict
  * Add RM_TryAlloc

  Bug Fixes
  ====
  * Replica report disk persistence errors in PING
  * Fixes around rejecting commands on replicas and AOF when they must
  be respected
  * Durability fixes for appendfsync=always policy

  Fixes for issues in previous release candidates of Redis 7.0
  ------------------------------------------------------------

  * Fix possible crash on CONFIG REWRITE
  * Fix regression not aborting transaction on errors
  * Fix auto-aof-rewrite-percentage based AOFRW trigger after restart
  * Fix bugs when AOF enabled after startup, in case of failure before
  the first rewrite completes
  * Fix RM_Yield module API bug processing future commands of the current client

  To generate a diff of this commit:
  cvs rdiff -u -r1.73 -r1.74 pkgsrc/databases/redis/Makefile
  cvs rdiff -u -r1.66 -r1.67 pkgsrc/databases/redis/distinfo
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/databases/redis/patches/patch-src_Makefile

(spz)

Pullup ticket #6696 - requested by bsiegert
textproc/expat: security update

Revisions pulled up:
- textproc/expat/Makefile                                      1.54
- textproc/expat/distinfo                                      1.47

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Wed Oct 26 10:37:47 UTC 2022

  Modified Files:
          pkgsrc/textproc/expat: Makefile distinfo

  Log Message:
  expat: update to 2.5.0.

  Release 2.5.0 Tue October 25 2022
          Security fixes:
    #616 #649 #650  CVE-2022-43680 -- Fix heap use-after-free after overeager
                      destruction of a shared DTD in function
                      XML_ExternalEntityParserCreate in out-of-memory situations.
                      Expected impact is denial of service or potentially
                      arbitrary code execution.

          Bug fixes:
          #612 #645  Fix curruption from undefined entities
          #613 #654  Fix case when parsing was suspended while processing nested
                      entities
    #616 #652 #653  Stop leaking opening tag bindings after a closing tag
                      mismatch error where a parser is reset through
                      XML_ParserReset and then reused to parse
              #656  CMake: Fix generation of pkg-config file
              #658  MinGW|CMake: Fix static library name

          Other changes:
              #663  Protect header expat_config.h from multiple inclusion
              #666  examples: Make use of XML_GetBuffer and be more
                      consistent across examples
              #648  Address compiler warnings
          #667 #668  Version info bumped from 9:9:8 to 9:10:8;
                      see https://verbump.de/ for what these numbers do

          Special thanks to:
              Jann Horn
              Mark Brand
              Osyotr
              Rhodri James
                    and
              Google Project Zero

  To generate a diff of this commit:
  cvs rdiff -u -r1.53 -r1.54 pkgsrc/textproc/expat/Makefile
  cvs rdiff -u -r1.46 -r1.47 pkgsrc/textproc/expat/distinfo

(spz)

added net/p5-Net-LibIDN2, updated mail/amavisd-new

(spz)

update package to version 2.12.2

It's the successor to amavisd-new both in sources and in versioning,
but strictly speaking it's now "amavis". I kept the package name to
make it easier to update existing installations.

Upstream release notes:
                                                              October 13, 2021
  amavis-2.12.2 release notes

  BUG FIXES

  - Allow $timestamp_fmt_mysql to be used with the DBD::MariaDB driver.
    Reported by Marcel Evenson.
    Issue: https://gitlab.com/amavis/amavis/issues/79
    MR:    https://gitlab.com/amavis/amavis/merge_requests/78

  - Resolve utf8mb4 problems when using DBD-MariaDB.
    Reported by Marcel Evenson.
    Issue: https://gitlab.com/amavis/amavis/issues/67
    MR:    https://gitlab.com/amavis/amavis/merge_requests/80

  - Set correct originating flag when using milter/AM.PDP without policy banks.
    Reported by Henrik K.
    Issue: https://gitlab.com/amavis/amavis/issues/61
    MR:    https://gitlab.com/amavis/amavis/merge_requests/81

  - Resolve crash on reload with insufficient permissions.
    Amavis now tests whether it is able read and evaluate its
    configuration files with dropped privileges.
    In case it cannot, amavis fails to start and refuses to reload.
    Reported by Michael Orlitzky.
    Suggestions by Ralph Seichter and Michael Orlitzky.
    Issue: https://gitlab.com/amavis/amavis/issues/10
    MR:    https://gitlab.com/amavis/amavis/merge_requests/74
    MR:    https://gitlab.com/amavis/amavis/merge_requests/75

  - Resolve SSL client connection hangups with broken pipe
    Reported by @kolbma.
    Issue: https://gitlab.com/amavis/amavis/issues/73
    MR:    https://gitlab.com/amavis/amavis/merge_requests/71

  ---------------------------------------------------------------------------
                                                            November 13, 2020
  amavis-2.12.1 release notes

  BUG FIXES

  - Generate DKIM record comment line including the 's=' (selector) tag
    instead of an 'i=' (identifier) tag when using "amavisd showkeys".
    Reported by Juan Orti Alcaine.
    Issue: https://gitlab.com/amavis/amavis/issues/63
    MR:    https://gitlab.com/amavis/amavis/merge_requests/41

  - Make sure generated Authentication-Results follow RFC specification.
    MR: https://gitlab.com/amavis/amavis/merge_requests/57

  - Prevent re-encoding of notification templates.
    Fixed by Henrik Krohns and Michael Weiser.
    Issue: https://gitlab.com/amavis/amavis/issues/62
    MR:    https://gitlab.com/amavis/amavis/merge_requests/40

  - Compare inode numbers as strings.
    Reported and implemented by Mark Martinec.
    Issue: https://gitlab.com/amavis/amavis/issues/48
    MR:    https://gitlab.com/amavis/amavis/merge_requests/21

  - Resolve MySQL invalid utf8mb4 clause.
    Reported by Henrik Krohns.
    Issue: https://gitlab.com/amavis/amavis/issues/33
    MR:    https://gitlab.com/amavis/amavis/merge_requests/14

  ---------------------------------------------------------------------------
                                                                July 25, 2019
  amavis-2.12.0 release notes

  This software is renamed from amavisd-new to amavis.

  NEW FEATURES

  - Introduce Rspamd client extension
    With this extension, Amavis can use Rspamd either running on the same
    server or remotely. Connections are made using HTTP/HTTPS depending on
    configuration, the latter requiring a HTTPS-capable proxy (like NGINX or
    Apache) for Rspamd, which does not natively support HTTPS. Basic
    authentication with name/password pairs is also available.
    Implemented by Ralph Seichter.
    MR: https://gitlab.com/amavis/amavis/merge_requests/11

  BUG FIXES

  - Treat "not an OLE file" as a successful result
    Amavis supports calling the ripOLE program to extract embedded objects
    from Microsoft OLE documents. However, not all Microsoft documents
    contain said objects, and the underlying file format changes when they
    do. Since Amavis can't tell the difference, it passes everything to
    ripOLE unconditionally.  Amavis now treats the "not an OLE file" error
    code of ripOLE as a successful result, proceeds normally and scans the
    file as a whole.
    Fixed by Michael Orlitzky.
    MR: https://gitlab.com/amavis/amavis/merge_requests/9

  - Fix unix socket path extraction that has prevented a socket based
    policy bank to be loaded;
    Fixed by Boris Gulay.
    MR: https://gitlab.com/amavis/amavis/merge_requests/2
    MR: https://gitlab.com/amavis/amavis/merge_requests/19

  - Fix DKIM signing for outbound messages.
    Fixed by Ralph Seichter.
    MR: https://gitlab.com/amavis/amavis/merge_requests/1

  - Fix unescaped left brace regex warning in run_av() subroutine.
    Fixed by Ralph Seichter.
    MR:    https://gitlab.com/amavis/amavis/merge_requests/10
    Issue: https://gitlab.com/amavis/amavis/issues/31

  - Mention default value for $myprogram_name in minimal amavisd.conf.
    MR:    https://gitlab.com/amavis/amavis/merge_requests/12
    Issue: https://gitlab.com/amavis/amavis/issues/36

(spz)

new package for the perl library Net::LibIDN2
the package builds, no guarantees otherwise yet

(spz)

pullup #6668

(spz)

Pullup ticket #6668 - requested by khorben
lang/openjdk8: security update
lang/openjdk11: security update

Revisions pulled up:
- lang/openjdk11/Makefile                                      1.45
- lang/openjdk11/distinfo                                      1.35
- lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk deleted
- lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk      deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp deleted
- lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp deleted
- lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc deleted
- lang/openjdk8/Makefile                                        1.111-1.112
- lang/openjdk8/distinfo                                        1.89-1.91
- lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh 1.22
- lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp 1.2-1.3
- lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp deleted
- lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp deleted
- lang/openjdk8/patches/patch-make_common_MakeBase.gmk          deleted

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  ryoon
  Date:          Sun Jul 10 14:47:25 UTC 2022

  Modified Files:
          pkgsrc/lang/openjdk8: Makefile distinfo
          pkgsrc/lang/openjdk8/patches:
              patch-common_autoconf_generated-configure.sh
              patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
  Added Files:
          pkgsrc/lang/openjdk8/patches: patch-make_common_MakeBase.gmk
  Removed Files:
          pkgsrc/lang/openjdk8/patches:
              patch-hotspot_src_share_vm_classfile_symbolTable.cpp
              patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp
              patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp
              patch-hotspot_src_share_vm_memory_metaspace.cpp

  Log Message:
  openjdk8: Update to 1.8.332

  CHangelog:
  Follow OpenJDK 8u332 GA.

  To generate a diff of this commit:
  cvs rdiff -u -r1.110 -r1.111 pkgsrc/lang/openjdk8/Makefile
  cvs rdiff -u -r1.88 -r1.89 pkgsrc/lang/openjdk8/distinfo
  cvs rdiff -u -r1.21 -r1.22 \
      pkgsrc/lang/openjdk8/patches/patch-common_autoconf_generated-configure.sh
  cvs rdiff -u -r1.1 -r1.2 \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
  cvs rdiff -u -r1.1 -r0 \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_classfile_symbolTable.cpp \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_concurrentMarkSweep_compactibleFreeListSpace.cpp \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_gc__implementation_g1_heapRegionSet.hpp \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_share_vm_memory_metaspace.cpp
  cvs rdiff -u -r0 -r1.3 \
      pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tnn
  Date:          Sun Jul 17 03:03:41 UTC 2022

  Modified Files:
          pkgsrc/lang/openjdk8: distinfo
          pkgsrc/lang/openjdk8/patches:
              patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp
  Added Files:
          pkgsrc/lang/openjdk8/patches:
              patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp

  Log Message:
  openjdk8: fix NetBSD/evbarm-aarch64 build; PAC is only supported on Linux

  To generate a diff of this commit:
  cvs rdiff -u -r1.89 -r1.90 pkgsrc/lang/openjdk8/distinfo
  cvs rdiff -u -r0 -r1.1 \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
  cvs rdiff -u -r1.2 -r1.3 \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_os__cpu_bsd__aarch64_vm_os__bsd__aarch64.cpp

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  tnn
  Date:          Mon Aug 15 12:23:06 UTC 2022

  Modified Files:
          pkgsrc/lang/openjdk11: Makefile distinfo
          pkgsrc/lang/openjdk8: Makefile distinfo
  Removed Files:
          pkgsrc/lang/openjdk11/patches: patch-make_common_NativeCompilation.gmk
              patch-make_lib_Awt2dLibraries.gmk
              patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp
              patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp
              patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp
              patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
              patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
          pkgsrc/lang/openjdk8/patches:
              patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
              patch-make_common_MakeBase.gmk

  Log Message:
  openjdk*: Security & bugfix update for the long term support branches

  Upstream kindly merged many of the NetBSD-specific patches. Thanks! <3

  To generate a diff of this commit:
  cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/openjdk11/Makefile
  cvs rdiff -u -r1.34 -r1.35 pkgsrc/lang/openjdk11/distinfo
  cvs rdiff -u -r1.1 -r0 \
      pkgsrc/lang/openjdk11/patches/patch-make_common_NativeCompilation.gmk \
      pkgsrc/lang/openjdk11/patches/patch-make_lib_Awt2dLibraries.gmk \
      pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRAssembler__arm.cpp \
      pkgsrc/lang/openjdk11/patches/patch-src_hotspot_cpu_arm_c1__LIRGenerator__arm.cpp \
      pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__arm_vm__version__bsd__arm__32.cpp \
      pkgsrc/lang/openjdk11/patches/patch-src_hotspot_os__cpu_bsd__zero_os__bsd__zero.cpp
  cvs rdiff -u -r1.2 -r0 \
      pkgsrc/lang/openjdk11/patches/patch-src_java.desktop_share_native_libfontmanager_harfbuzz_hb-blob.cc
  cvs rdiff -u -r1.111 -r1.112 pkgsrc/lang/openjdk8/Makefile
  cvs rdiff -u -r1.90 -r1.91 pkgsrc/lang/openjdk8/distinfo
  cvs rdiff -u -r1.1 -r0 \
      pkgsrc/lang/openjdk8/patches/patch-hotspot_src_cpu_aarch64_vm_pauth__aarch64.hpp
  cvs rdiff -u -r1.3 -r0 \
      pkgsrc/lang/openjdk8/patches/patch-make_common_MakeBase.gmk

(spz)

pullups #6664 #6669

(spz)

Pullup tickets #6664 #6669 - requested by taca
net/samba4: security update
databases/ldb: dependency update

Update net/samba4 to 4.15.9 from samba-4.15.6 by patch,
since HEAD is on a later minor.
Update databases/ldb to 2.4.4 from 2.4.2 because samba-4.15.9 requires it.

(spz)

pullups #6660 #6661 #6662 #6663 #6665 #6666 #6667

(spz)

Pullup ticket #6663 - requested by taca
www/drupal9: security update

Revisions pulled up:
- www/drupal9/Makefile                                          1.5
- www/drupal9/PLIST                                            1.3
- www/drupal9/distinfo                                          1.3

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Jul 31 14:26:59 UTC 2022

  Modified Files:
  pkgsrc/www/drupal9: Makefile PLIST distinfo

  Log Message:
  www/drupal9: update to 9.3.20

  9.3.20 (2022-07-28)

  This is a patch (bugfix) release of Drupal 9 and is ready for use on
  production sites.  Learn more about Drupal 9.

  * Drupal core uses the third-party Diactoros library as its PSR-7
    implementation. Diactoros has issued a security advisory:

  * CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
    Attack

  Drupal core is unlikely to be vulnerable.  This bugfix release updates the
  version of Diactoros used in drupal/core-recommended to a secure version as
  a precaution.

  9.3.19 (2022-07-20)

  This is a security release of the Drupal 9 series.

  This release fixes security vulnerabilities.  Sites are urged to update
  immediately after reading the notes below and the security announcement:

  * Drupal core - Moderately critical - Information Disclosure -
    SA-CORE-2022-012

  * Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

  * Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014

  * Drupal core - Moderately critical - Multiple vulnerabilities -
    SA-CORE-2022-015

  No other changes are included.

  To generate a diff of this commit:
  cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal9/Makefile
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal9/PLIST pkgsrc/www/drupal9/distinfo

(spz)

Pullup ticket #6662 - requested by taca
www/drupal7: security update

Revisions pulled up:
- www/drupal7/Makefile                                          1.77
- www/drupal7/PLIST                                            1.31
- www/drupal7/distinfo                                          1.61

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sun Jul 31 14:23:22 UTC 2022

  Modified Files:
  pkgsrc/www/drupal7: Makefile PLIST distinfo

  Log Message:
  www/drupal7: update to 7.91

  7.91 (2022-07-20)

  Maintenance and security release of the Drupal 7 series.

  This release fixes security vulnerabilities.  Sites are urged to update
  immediately after reading the notes below and the security announcement:

  * Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012

  No other changes are included.

  To generate a diff of this commit:
  cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/drupal7/Makefile
  cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/drupal7/PLIST
  cvs rdiff -u -r1.60 -r1.61 pkgsrc/www/drupal7/distinfo

(spz)

Pullup ticket #6661 - requested by taca
time/ruby-tzinfo1: security update

Revisions pulled up:
- time/ruby-tzinfo1/Makefile                                    1.6
- time/ruby-tzinfo1/PLIST                                      1.3
- time/ruby-tzinfo1/distinfo                                    1.8

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: taca
  Date: Sat Jul 30 14:20:42 UTC 2022

  Modified Files:
  pkgsrc/time/ruby-tzinfo1: Makefile PLIST distinfo

  Log Message:
  time/ruby-tzinfo1: update to 1.2.10

  1.2.10 (2022-07-19)

  * Fixed a relative path traversal bug that could cause arbitrary files to be
    loaded with require when used with RubyDataSource.  Please refer to
    GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.

  * Ignore the SECURITY file from Arch Linux's tzdata package. #134.

  To generate a diff of this commit:
  cvs rdiff -u -r1.5 -r1.6 pkgsrc/time/ruby-tzinfo1/Makefile
  cvs rdiff -u -r1.2 -r1.3 pkgsrc/time/ruby-tzinfo1/PLIST
  cvs rdiff -u -r1.7 -r1.8 pkgsrc/time/ruby-tzinfo1/distinfo

(spz)

Pullup ticket #6667 - requested by khorben
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                    1.283
- security/openssl/distinfo                                    1.161

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Mon Jul 11 23:03:51 UTC 2022

  Modified Files:
          pkgsrc/security/openssl: Makefile distinfo

  Log Message:
  openssl: update to 1.1.1q.

    Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]

        o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
          (CVE-2022-2097)

  To generate a diff of this commit:
  cvs rdiff -u -r1.282 -r1.283 pkgsrc/security/openssl/Makefile
  cvs rdiff -u -r1.160 -r1.161 pkgsrc/security/openssl/distinfo

(spz)

Pullup ticket #6666 - requested by khorben
net/unbound: security update

Revisions pulled up:
- net/unbound/Makefile                                          1.93,1.92
- net/unbound/distinfo                                          1.71,1.70

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  he
  Date:          Mon Aug  1 12:38:46 UTC 2022

  Modified Files:
          pkgsrc/net/unbound: Makefile distinfo

  Log Message:
  Update net/unbound to version 1.16.2.

  Pkgsrc changes:
    * none, other than checksums.

  Upstream changes:

  Features
  - Merge #718: Introduce infra-cache-max-rtt option to config max
    retransmit timeout.

  Bug Fixes
  - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
  - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
    one loop pass'.
  - Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
    outbound tcp sockets.
  - Fix verbose EDE error printout.
  - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
  - For windows crosscompile, fix setting the IPV6_MTU socket option
    equivalent (IPV6_USER_MTU); allows cross compiling with latest
    cross-compiler versions.
  - Merge PR 714: Avoid treat normal hosts as unresponsive servers.
    And fixup the lock code.
  - iana portlist update.
  - Update documentation for 'outbound-msg-retry:'.
  - Tests for ghost domain fixes.

  To generate a diff of this commit:
  cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
  cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  he
  Date:          Mon Jul 11 15:02:05 UTC 2022

  Modified Files:
          pkgsrc/net/unbound: Makefile distinfo

  Log Message:
  Update net/unbound to version 1.16.1.

  Pkgsrc changes:
    * none, other than checksums.

  Upstream changes:

  Features
  - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
    sent; introduces 'num.query.udpout' to the 'unbound-control stats'
    command.

  Bug Fixes
  - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
  - Fix for edns client subnet to respect not looking in its cache when
    instructed to do so (e.g., prefetch).
  - Merge PR #688: Rpz url notify issue.
  - Note in the unbound.conf text that NOTIFY is allowed from the url:
    addresses for auth and rpz zones.
  - Remove unused LDNS function check for GOST Engine unloading.
  - Fix for loading locally stored zones that have lines with blanks or
    blanks and comments.
  - Fix #663: use after free issue with edns options.
  - Clarify -v flag manpage entry (#705)
  - Fix test program dohclient close to use portability routine.
  - Show the output of the exact .rpl run that failed with 'make test'.
  - Fix for cached 0 TTL records to not trigger prefetching when
    serve-expired-client-timeout is set.
  - Add debug option to the mini_tdir.sh test code.
  - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
  - Allow fallback to the parent side when MAX_TARGET_NX is reached.
    This will also allow MAX_TARGET_NX more NXDOMAINs.
  - iana portlist update.
  - Fix detection of libz on windows compile with static option.
  - Fix compile warning for windows compile.
  - Merge PR #706: NXNS fallback.
  - From #706: Cached NXDOMAIN does not increase the target nx
    responses.
  - From #706: Don't generate parent side queries if we already
    have the lame records in cache.
  - From #706: When a lame address is the best choice, don't try to
    generate target queries when the missing targets are all lame.
  - Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
    mode on openssl3.
  - Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
  - For #660: formatting, less verbose logging, add EDE information.
  - Fix for correct openssl error when adding windows CA certificates to
    the openssl trust store.
  - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
  - Reintroduce documentation and more EDE support for
    val_sigcrypt.c::dnskeyset_verify_rrset_sig.
  - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
    one loop pass'.
  - Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
    outbound tcp sockets.

  To generate a diff of this commit:
  cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
  cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo

(spz)

Pullup ticket #6665 - requested by khorben
net/rsync: security update

Revisions pulled up:
- net/rsync/Makefile                                            1.122,1.121
- net/rsync/distinfo                                            1.56

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Mon Aug 22 11:11:49 UTC 2022

  Modified Files:
          pkgsrc/net/rsync: Makefile distinfo

  Log Message:
  rsync: update to 3.2.5.

  # NEWS for rsync 3.2.5 (14 Aug 2022)

  ## Changes in this version:

  ### SECURITY FIXES:

  - Added some file-list safety checking that helps to ensure that a rogue
    sending rsync can't add unrequested top-level names and/or include recursive
    names that should have been excluded by the sender.  These extra safety
    checks only require the receiver rsync to be updated.  When dealing with an
    untrusted sending host, it is safest to copy into a dedicated destination
    directory for the remote content (i.e. don't copy into a destination
    directory that contains files that aren't from the remote host unless you
    trust the remote host). Fixes CVE-2022-29154.

    - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).

  ### BUG FIXES:

  - Fixed the handling of filenames specified with backslash-quoted wildcards
    when the default remote-arg-escaping is enabled.

  - Fixed the configure check for signed char that was causing a host that
    defaults to unsigned characters to generate bogus rolling checksums. This
    made rsync send mostly literal data for a copy instead of finding matching
    data in the receiver's basis file (for a file that contains high-bit
    characters).

  - Lots of manpage improvements, including an attempt to better describe how
    include/exclude filters work.

  - If rsync is compiled with an xxhash 0.8 library and then moved to a system
    with a dynamically linked xxhash 0.7 library, we now detect this and disable
    the XX3 hashes (since these routines didn't stabilize until 0.8).

  ### ENHANCEMENTS:

  - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
    extra file-list safety checking (should that be required).

  ### PACKAGING RELATED:

  - A note to those wanting to patch older rsync versions: the changes in this
    release requires the quoted argument change from 3.2.4. Then, you'll want
    every single code change from 3.2.5 since there is no fluff in this release.

  - The build date that goes into the manpages is now based on the developer's
    release date, not on the build's local-timezone interpretation of the date.

  ### DEVELOPER RELATED:

  - Configure now defaults GETGROUPS_T to gid_t when cross compiling.

  - Configure now looks for the bsd/string.h include file in order to fix the
    build on a host that has strlcpy() in the main libc but not defined in the
    main string.h file.

  To generate a diff of this commit:
  cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/rsync/Makefile
  cvs rdiff -u -r1.55 -r1.56 pkgsrc/net/rsync/distinfo

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  wiz
  Date:          Sat Jul 23 06:55:30 UTC 2022

  Modified Files:
          pkgsrc/net/rsync: Makefile

  Log Message:
  rsync: remove reference to non-existent file

  To generate a diff of this commit:
  cvs rdiff -u -r1.120 -r1.121 pkgsrc/net/rsync/Makefile

(spz)

Pullup ticket #6660 - requested by khorben
editors/vim-gtk2: security update
editors/vim-gtk3: security update
editors/vim-motif: security update
editors/vim-share: security update
editors/vim-xaw: security update

Revisions pulled up:
- editors/vim-gtk2/Makefile                                    1.97
- editors/vim-gtk3/Makefile                                    1.24
- editors/vim-motif/Makefile                                    1.42
- editors/vim-share/PLIST                                      1.61
- editors/vim-share/distinfo                                    1.199
- editors/vim-share/version.mk                                  1.138
- editors/vim-xaw/Makefile                                      1.65

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  khorben
  Date:          Wed Jul 27 15:13:11 UTC 2022

  Modified Files:
          pkgsrc/editors/vim-gtk2: Makefile
          pkgsrc/editors/vim-gtk3: Makefile
          pkgsrc/editors/vim-motif: Makefile
          pkgsrc/editors/vim-share: PLIST distinfo version.mk
          pkgsrc/editors/vim-xaw: Makefile

  Log Message:
  vim: update to 8.2.5172

  On behalf of morr@ "please go ahead"

  This includes security fixes. (more pending)

  Tested on NetBSD/amd64.

  XXX pull-up to pkgsrc-2022Q2

  Changes:
  8.2.4722  ending recording with mapping records too much
  8.2.4723  the ModeChanged autocmd event is inefficient
  8.2.4724  current instance of last search pattern not easily spotted
  8.2.4725  unused variable in tiny build
  8.2.4726  cannot use expand() to get the script name
  8.2.4727  unused code
  8.2.4728  no test that v:event cannot be modified
  8.2.4729  HEEx and Surface templates do not need a separate filetype
  8.2.4730  MS-Windows GUI: cannot use CTRL-/
  8.2.4731  the changelist index is not remembered per buffer
  8.2.4732  duplicate code to free fuzzy matches
  8.2.4733  HEEx and Surface do need a separate filetype
  8.2.4734  getcharpos() may change a mark position
  8.2.4735  quickfix tests can be a bit hard to read
  8.2.4736  build problem for Cygwin with Motif
  8.2.4737  // in JavaScript string recognized as comment
  8.2.4738  Esc on commandline executes command instead of abandoning it
  8.2.4739  accessing freed memory after WinScrolled autocmd event
  8.2.4740  when expand() fails there is no error message
  8.2.4741  startup test fails
  8.2.4742  there is no way to start logging very early in startup
  8.2.4743  clang 14 is available on CI
  8.2.4744  a terminal window can't use the bell
  8.2.4745  using wrong flag for using bell in the terminal
  8.2.4746  supercollider filetype not recognized
  8.2.4747  no filetype override for .sys files
  8.2.4748  cannot use an imported function in a mapping
  8.2.4749  &lt;script&gt; is not expanded in autocmd context
  8.2.4750  small pieces of dead code
  8.2.4751  mapping &lt;SID&gt;name.Func does not work for autoload script
  8.2.4752  wrong 'statusline' value can cause illegal memory access
  8.2.4753  error from setting an option is silently ignored
  8.2.4754  using cached values after unsetting some environment variables
  8.2.4755  cannot use &lt;SID&gt;FuncRef in completion spec
  8.2.4756  build error without the +eval feature
  8.2.4757  list of libraries to suppress lsan errors is outdated
  8.2.4758  when using an LSP channel want to get the message ID
  8.2.4759  CurSearch highlight does not work for multi-line match
  8.2.4760  using matchfuzzy() on a long list can take a while
  8.2.4761  documentation for using LSP messages is incomplete
  8.2.4762  using freed memory using synstack() and synID() in WinEnter
  8.2.4763  using invalid pointer with "V:" in Ex mode
  8.2.4764  CI uses an older gcc version
  8.2.4765  function matchfuzzy() sorts too many items
  8.2.4766  KRL files using "deffct" not recognized
  8.2.4767  openscad files are not recognized
  8.2.4768  CI: codecov upload sometimes does not work
  8.2.4769  build warning with UCRT
  8.2.4770  cannot easily mix expression and heredoc
  8.2.4771  Coverity warns for not checking return value
  8.2.4772  old Coverity warning for not checking ftell() return value
  8.2.4773  build failure without the +eval feature
  8.2.4774  crash when using a number for lambda name
  8.2.4775  SpellBad highlighting does not work in Konsole
  8.2.4776  GTK: 'lines' and 'columns' may change during startup
  8.2.4777  screendump tests fail because of a redraw
  8.2.4778  pacman files use dosini filetype
  8.2.4779  lsan suppression is too version specific
  8.2.4780  parsing an LSP message fails when it is split
  8.2.4781  Maxima files are not recognized
  8.2.4782  accessing freed memory
  8.2.4783  Coverity warns for leaking memory
  8.2.4784  lamba test with timer is flaky
  8.2.4785  Visual mode not stopped if win_gotoid() goes to other buffer
  8.2.4786  test for win_gotoid() in Visual mode fails on Mac
  8.2.4787  prop_find() does not find the right property
  8.2.4788  large payload for LSP message not tested
  8.2.4789  cursor pos wrong when using :redraw while editing the cmdline
  8.2.4790  lilypond filetype not recognized
  8.2.4791  events triggered in different order when reusing buffer
  8.2.4792  indent operator creates an undo entry for every line
  8.2.4793  recognizing Maxima filetype even though it might be another
  8.2.4794  compiler warning for not initialized variable
  8.2.4795  'cursorbind' scrolling depends on whether 'cursorline' is set
  8.2.4796  file left behind after running cursorline tests
  8.2.4797  getwininfo() may get oudated values
  8.2.4798  t_8u option was reset even when set by the user
  8.2.4799  popup does not use correct topline
  8.2.4800  missing test update for adjusted t_8u behavior
  8.2.4801  fix for cursorbind fix not fully tested
  8.2.4802  test is not cleaned up
  8.2.4803  WinScrolled not always triggered when scrolling with mouse
  8.2.4804  expression in heredoc doesn't work for compiled function
  8.2.4805  CurSearch used for all matches in current line
  8.2.4806  a mapping using &lt;LeftDrag&gt; does not start Select mode
  8.2.4807  processing key eveints in Win32 GUI is not ideal
  8.2.4808  unused item in engine struct
  8.2.4809  various things not properly tested
  8.2.4810  missing changes in one file
  8.2.4811  Win32 GUI: caps lock doesn't work
  8.2.4812  unused struct item
  8.2.4813  pasting text while indent folding may mess up folds
  8.2.4814  possible to leave a popup window with win_gotoid()
  8.2.4815  cannot build with older GTK version
  8.2.4816  still using older codecov app in some places of CI
  8.2.4817  Win32 GUI: modifiers are not always used
  8.2.4818  no test for what 8.2.4806 fixes
  8.2.4819  unmapping simplified keys also deletes other mapping
  8.2.4820  not simple programmatic way to find a specific mapping
  8.2.4821  crash when imported autoload script was deleted
  8.2.4822  setting ufunc to NULL twice
  8.2.4823  concat more than 2 strings in :def function is inefficient
  8.2.4824  expression is evaluated multiple times
  8.2.4825  can only get a list of mappings
  8.2.4826  .cshtml files are not recognized
  8.2.4827  typo in variable name
  8.2.4828  fix for unmapping simplified key not fully tested
  8.2.4829  a key may be simplified to NUL
  8.2.4830  possible endless loop if there is unused typahead
  8.2.4831  crash when using maparg() and unmapping simplified keys
  8.2.4832  passing zero instead of NULL to a pointer argument
  8.2.4833  failure of mapping not checked for
  8.2.4834  Vim9: some lines not covered by tests
  8.2.4835  Vim9: some lines not covered by tests
  8.2.4836  Vim9: some lines not covered by tests
  8.2.4837  modifiers not simplified when timed out
  8.2.4838  checking for absolute path is not trivial
  8.2.4839  compiler warning for unused argument
  8.2.4840  heredoc expression evaluated even when skipping
  8.2.4841  empty string considered an error for expand()
  8.2.4842  expand("%:p") is not empty when there is no buffer name
  8.2.4843  treating CTRL + ALT as AltGr is not backwards compatible
  8.2.4844  &lt;C-S-I&gt; is simplified to &lt;S-Tab&gt;
  8.2.4845  duplicate code
  8.2.4846  termcodes test fails
  8.2.4847  crash when using uninitialized function pointer
  8.2.4848  local completion with mappings and simplification not working
  8.2.4849  Gleam filetype not detected
  8.2.4850  mksession mixes up "tabpages" and "curdir" arguments
  8.2.4851  compiler warning for uninitialized variable
  8.2.4852  ANSI color index to RGB value not correct
  8.2.4853  CI with FreeBSD is a bit outdated
  8.2.4854  array size does not match usage
  8.2.4855  robot files are not recognized
  8.2.4856  MinGW compiler complains about unknown escape sequence
  8.2.4857  Yaml indent for multiline is wrong
  8.2.4858  K_SPECIAL may be escaped twice
  8.2.4859  wget2 files are not recognized
  8.2.4860  MS-Windows: always uses current directory for executables
  8.2.4861  it is not easy to restore saved mappings
  8.2.4862  Vim9: test may fail when run with valgrind
  8.2.4863  accessing freed memory in test without the +channel feature
  8.2.4864  Vim9: script test fails
  8.2.4865  :startinsert right after :stopinsert may not work
  8.2.4866  duplicate code in "get" functions
  8.2.4867  listing of mapping with K_SPECIAL is wrong
  8.2.4868  when closing help window autocmds triggered for wrong window
  8.2.4869  expression in command block does not look after NL
  8.2.4870  Vim9: expression in :substitute is not compiled
  8.2.4871  Vim9: in :def function no error for misplaced range
  8.2.4872  Vim9: no error for using an expression only
  8.2.4873  Vim9: using "else" differs from using "endif/if !cond"
  8.2.4874  Win32 GUI: horizontal scroll wheel not handled properly
  8.2.4875  MS-Windows: some .exe files are not recognized
  8.2.4876  MS-Windows: Shift-BS results in strange char in powershell
  8.2.4877  MS-Windows: Wrongly using Normal colors for termguicolors
  8.2.4878  valgrind warning for using uninitialized variable
  8.2.4879  screendump test may fail when using valgrind
  8.2.4880  Vim9: misplaced elseif causes invalid memory access
  8.2.4881  "P" in Visual mode still changes some registers
  8.2.4882  cannot make 'breakindent' use a specific column
  8.2.4883  string interpolation only works in heredoc
  8.2.4884  test fails without the job/channel feature
  8.2.4885  test fails with the job/channel feature
  8.2.4886  Vim9: redir in skipped block seen as assignment
  8.2.4887  channel log does not show invoking a timer callback
  8.2.4888  line number of lambda ignores line continuation
  8.2.4889  CI only tests with FreeBSD 12
  8.2.4890  inconsistent capitalization in error messages
  8.2.4891  Vim help presentation could be better
  8.2.4892  test failures because of changed error messages
  8.2.4893  distributed import files are not installed
  8.2.4894  MS-Windows: not using italics
  8.2.4895  buffer overflow with invalid command with composing chars
  8.2.4896  expression in command block does not look after NL
  8.2.4897  comment inside an expression in lambda ignores the rest
  8.2.4898  Coverity complains about pointer usage
  8.2.4899  with latin1 encoding CTRL-W might go before the cmdline
  8.2.4900  Vim9 expression test fails without the job feature
  8.2.4901  NULL pointer access when using invalid pattern
  8.2.4902  mouse wheel scrolling is inconsistent
  8.2.4903  cannot get the current cmdline completion type and position
  8.2.4904  codecov includes MS-Windows install files
  8.2.4905  codecov includes MS-Windows install header file
  8.2.4906  MS-Windows: cannot use transparent background
  8.2.4907  some users do not want a line comment always inserted
  8.2.4908  no text formatting for // comment after a statement
  8.2.4909  MODE_ enum entries names are too generic
  8.2.4910  imperfect coding
  8.2.4911  the mode #defines are not clearly named
  8.2.4912  using execute() to define a lambda doesn't work
  8.2.4913  popup_hide() does not always have effect
  8.2.4914  string interpolation in :def function may fail
  8.2.4915  sometimes the cursor is in the wrong position
  8.2.4916  mouse in Insert mode test fails
  8.2.4917  fuzzy expansion of option names is not right
  8.2.4918  conceal character from matchadd() displayed too many times
  8.2.4919  can add invalid bytes with :spellgood
  8.2.4920  MS-Windows GUI: unused variables
  8.2.4921  spell test fails because of new illegal byte check
  8.2.4922  mouse test fails on MS-Windows
  8.2.4923  test checks for terminal feature unnecessarily
  8.2.4924  maparg() may return a string that cannot be reused
  8.2.4925  trailing backslash may cause reading past end of line
  8.2.4926  #ifdef for crypt feature around too many lines
  8.2.4927  return type of remove() incorrect when using three arguments
  8.2.4928  various white space and cosmetic mistakes
  8.2.4929  off-by-one error in in statusline item
  8.2.4930  interpolated string expression requires escaping
  8.2.4931  Crash with sequence of Perl commands
  8.2.4932  not easy to filter the output of maplist()
  8.2.4933  a few more capitalization mistakes in error messages
  8.2.4934  string interpolation fails when not evaluating
  8.2.4935  with 'foldmethod' "indent" some lines not included in fold
  8.2.4936  MS-Windows: mouse coordinates for scroll event are wrong
  8.2.4937  no test for what 8.2.4931 fixes
  8.2.4938  crash when matching buffer with invalid pattern
  8.2.4939  matchfuzzypos() with "matchseq" does not have all positions
  8.2.4940  some code is never used
  8.2.4941  '[ and '] marks may be wrong after undo
  8.2.4942  error when setting 'filetype' in help file again
  8.2.4943  changing 'switchbuf' may have no effect
  8.2.4944  text properties are wrong after "cc"
  8.2.4945  inconsistent use of white space
  8.2.4946  Vim9: some code not covered by tests
  8.2.4947  text properties not adjusted when accepting spell suggestion
  8.2.4948  cannot use Perl heredoc in nested :def function
  8.2.4949  Vim9: some code not covered by tests
  8.2.4950  text properties position wrong after shifting text
  8.2.4951  smart indenting done when not enabled
  8.2.4952  GUI test will fail if color scheme changes
  8.2.4953  with 'si' inserting '}' after completion goes wrong
  8.2.4954  inserting line breaks text property spanning two lines
  8.2.4955  text property in wrong position after auto-indent
  8.2.4956  reading past end of line with "gf" in Visual block mode
  8.2.4957  text properties in a wrong position after a block change
  8.2.4958  a couple conditions are always true
  8.2.4959  using NULL regexp program
  8.2.4960  text properties that cross lines not updated for deleted line
  8.2.4961  build error with a certain combination of features
  8.2.4962  files show up in git status
  8.2.4963  expanding path with "/**" may overrun end of buffer
  8.2.4964  MS-Windows GUI: mouse event test is flaky
  8.2.4965  GUI: testing mouse move event depends on screen cell size
  8.2.4966  MS-Windows GUI: mouse event test gets extra event
  8.2.4967  MS-Windows GUI: mouse event test sometimes fails
  8.2.4968  reading past end of the line when C-indenting
  8.2.4969  changing text in Visual mode may cause invalid memory access
  8.2.4970  "eval 123" gives an error, "eval 'abc'" does not
  8.2.4971  Vim9: interpolated string seen as range
  8.2.4972  Vim9: compilation fails when using dict member when skipping
  8.2.4973  Vim9: type error for list unpack mentions argument
  8.2.4974  ":so" command may read after end of buffer
  8.2.4975  recursive command line loop may cause a crash
  8.2.4976  Coverity complains about not restoring a saved value
  8.2.4977  memory access error when substitute expression changes window
  8.2.4978  no error if engine selection atom is not at the start
  8.2.4979  accessing freed memory when line is flushed
  8.2.4980  when 'shortmess' contains 'A' loading session may still warn
  8.2.4981  it is not possible to manipulate autocommands
  8.2.4982  colors in terminal window are not 100% correct
  8.2.4983  colors test fails in the GUI
  8.2.4984  dragging statusline fails for window with winbar
  8.2.4985  PVS warns for possible array underrun
  8.2.4986  some github actions are outdated
  8.2.4987  after deletion a small fold may be closable
  8.2.4988  textprop in wrong position when replacing multi-byte chars
  8.2.4989  cannot specify a function name for :defcompile
  8.2.4990  memory leak when :defcompile fails
  8.2.4991  no test for hwat patch 8.1.0535 fixes
  8.2.4992  compiler warning for possibly uninitialized variable
  8.2.4993  smart/C/lisp indenting is optional
  8.2.4994  tests are using legacy functions
  8.2.4995  still a compiler warning for possibly uninitialized variable
  8.2.4996  setbufline() may change Visual selection
  8.2.4997  Python: changing hidden buffer can cause display mess up
  8.2.4998  Vim9: crash when using multiple funcref()
  8.2.4999  filetype test table is not properly sorted
  8.2.5000  no patch for documentation updates
  8.2.5001  checking translations affects the search pattern history
  8.2.5002  deletebufline() may change Visual selection
  8.2.5003  cannot do bitwise shifts
  8.2.5004  right shift on negative number does not work as documented
  8.2.5005  compiler warning for uninitialized variable
  8.2.5006  asan warns for undefined behavior
  8.2.5007  spell suggestion may use uninitialized memory
  8.2.5008  when 'formatoptions' contains "/" wrongly wrapping comment
  8.2.5009  fold may not be closeable after appending
  8.2.5010  the terminal debugger uses various global variables
  8.2.5011  Replacing an autocommand requires several lines
  8.2.5012  cannot select one character inside ()
  8.2.5013  after text formatting cursor may be in an invalid position
  8.2.5014  byte offsets are wrong when using text properties
  8.2.5015  Hoon and Moonscript files are not recognized
  8.2.5016  access before start of text with a put command
  8.2.5017  gcc 12.1 warns for uninitialized variable
  8.2.5018  Vim9: some code is not covered by tests
  8.2.5019  cannot get the first screen column of a character
  8.2.5020  using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'
  8.2.5021  build fails with normal features and +terminal
  8.2.5022  'completefunc'/'omnifunc' error does not end completion
  8.2.5023  substitute overwrites allocated buffer
  8.2.5024  using freed memory with "]d"
  8.2.5025  Vim9: a few lines not covered by tests
  8.2.5026  Vim9: a few lines not covered by tests
  8.2.5027  error for missing :endif when an exception was thrown
  8.2.5028  syntax regexp matching can be slow
  8.2.5029  "textlock" is always zero
  8.2.5030  autocmd_add() can only handle one event and pattern
  8.2.5031  cannot easily run the benchmarks
  8.2.5032  Python 3 test fails without the GUI
  8.2.5033  build error with +eval but without +quickfix
  8.2.5034  there is no way to get the byte index from a virtual column
  8.2.5035  when splitting a window the changelist position moves
  8.2.5036  using two counters for timeout check in NFA engine
  8.2.5037  cursor position may be invalid after "0;" range
  8.2.5038  a finished terminal in a popup window does not show scrollbar
  8.2.5039  confusing error if first argument of popup_create() is wrong
  8.2.5040  scrollbar thumb in scrolled popup not visible
  8.2.5041  cannot close a terminal popup with "NONE" job
  8.2.5042  scrollbar thumb in tall scrolled popup not visible
  8.2.5043  can open a cmdline window from a substitute expression
  8.2.5044  command line test fails
  8.2.5045  can escape a terminal popup window when the job is finished
  8.2.5046  vim_regsub() can overwrite the destination
  8.2.5047  CurSearch highlight is often wrong
  8.2.5048  when using XIM the gui test may fail
  8.2.5049  insufficient tests for autocommands
  8.2.5050  using freed memory when searching for pattern in path
  8.2.5051  check for autocmd_add() event argument is confusing
  8.2.5052  CI checkout step title is a bit cryptic
  8.2.5053  cannot have a comment halfway an expression in a block
  8.2.5054  no good filetype for conf files similar to dosini
  8.2.5055  statusline is not updated when terminal title changes
  8.2.5056  the channel log only contains some of the raw terminal output
  8.2.5057  using gettimeofday() for timeout is very inefficient
  8.2.5058  input() does not handle composing characters properly
  8.2.5059  autoconf 2.71 produces many obsolete warnings
  8.2.5060  running configure fails
  8.2.5061  C89 requires signal handlers to return void
  8.2.5062  Coverity warns for dead code
  8.2.5063  error for a command may go over the end of IObuff
  8.2.5064  no test for what 8.1.0052 fixes
  8.2.5065  wrong return type for main() in tee.c
  8.2.5066  can specify multispace listchars only for whole line
  8.2.5067  timer_create is not available on every Mac system
  8.2.5068  gcc 12.1 warning when building tee
  8.2.5069  various warnings from clang on MS-Windows
  8.2.5070  unnecessary code
  8.2.5071  with some Mac OS version clockid_t is redefined
  8.2.5072  using uninitialized value and freed memory in spell command
  8.2.5073  clang on MS-Windows produces warnings
  8.2.5074  spell test fails on MS-Windows
  8.2.5075  clang gives an out of bounds warning
  8.2.5076  unnecessary code
  8.2.5077  various warnings from clang on MS-Windows
  8.2.5078  substitute test has a one second delay
  8.2.5079  DirChanged autocommand may use freed memory
  8.2.5080  when indenting gets out of hand it is hard to stop
  8.2.5081  autocmd test fails on MS-Windows
  8.2.5082  retab test fails
  8.2.5083  autocmd test still fails on MS-Windows
  8.2.5084  when the GUI shows a dialog tests get stuck
  8.2.5085  gcc gives warning for signed/unsigned difference
  8.2.5086  CI runs on Windows 2019
  8.2.5087  cannot build with clang on MS-Windows
  8.2.5088  value of cmod_verbose is a bit complicated to use
  8.2.5089  some functions return a different value on failure
  8.2.5090  MS-Windows: vim.def is no longer used
  8.2.5091  terminal test fails with some shell commands
  8.2.5092  using "'&lt;,'&gt;" in Ex mode may compare unrelated pointers
  8.2.5093  error message for unknown command may have the command twice
  8.2.5094  MS-Windows GUI: empty command may cause a dialog
  8.2.5095  terminal test still fails with some shell commands
  8.2.5096  terminal test still fails with some shell commands
  8.2.5097  using uninitialized memory when using 'listchars'
  8.2.5098  spelldump test sometimes hangs
  8.2.5099  some terminal tests are not retried
  8.2.5100  memory usage tests are not retried
  8.2.5101  MS-Windows with MinGW: $CC may be "cc" instead of "gcc"
  8.2.5102  interrupt not caught in test
  8.2.5103  build fails with small features
  8.2.5104  test hangs on MS-Windows
  8.2.5105  test still hangs on MS-Windows
  8.2.5106  default cmdwin mappings are re-mappable
  8.2.5107  some callers of rettv_list_alloc() check for not OK
  8.2.5108  retab test disabled because it hangs on MS-Windows
  8.2.5109  mode not updated after CTRL-O CTRL-C in Insert mode
  8.2.5110  icon filetype not recognized from the first line
  8.2.5111  no test for --gui-dialog-file
  8.2.5112  gui test hangs on MS-Windows
  8.2.5113  timer becomes invalid after fork/exec, :gui gives errors
  8.2.5114  time limit on searchpair() does not work properly
  8.2.5115  search timeout is overrun with some patterns
  8.2.5116  "limit" option of matchfuzzy() not always respected
  8.2.5117  crash when calling a Lua callback from a :def function
  8.2.5118  MS-Windows: sending a message to another Vim may hang
  8.2.5119  CI uses cache v2
  8.2.5120  searching for quotes may go over the end of the line
  8.2.5121  interrupt test sometimes fails
  8.2.5122  lisp indenting my run over the end of the line
  8.2.5123  using invalid index when looking for spell suggestions
  8.2.5124  when syntax timeout test fails it does not show the time
  8.2.5125  MS-Windows: warnings from MinGW compiler
  8.2.5126  substitute may overrun destination buffer
  8.2.5127  using assert_true() does not show value on failure
  8.2.5128  syntax disabled when using synID() in searchpair() skip expr
  8.2.5129  timeout handling is not optimal
  8.2.5130  edit test for mode message fails when using valgrind
  8.2.5131  timeout implementation is not optimal
  8.2.5132  :mkview test doesn't test much
  8.2.5133  MacOS: build fails
  8.2.5134  function has confusing name
  8.2.5135  running configure gives warnings for main() return type
  8.2.5136  debugger test fails when run with valgrind
  8.2.5137  cannot build without the +channel feature
  8.2.5138  various small issues
  8.2.5139  TIME_WITH_SYS_TIME is no longer supported by autoconf
  8.2.5140  seachpair timeout test is flaky
  8.2.5141  using "volatile int" in a signal handler might be wrong
  8.2.5142  startup test fails if there is a status bar
  8.2.5143  some tests fail when using valgrind
  8.2.5144  with 'lazyredraw' set completion menu may be wrong
  8.2.5145  exit test causes spurious valgrind reports
  8.2.5146  memory leak when substitute expression nests
  8.2.5147  flaky test always fails on retry
  8.2.5148  invalid memory access when using expression on command line
  8.2.5149  cannot build without the +eval feature
  8.2.5150  read past the end of the first line with ":0;'{"
  8.2.5151  reading beyond the end of the line with lisp indenting
  8.2.5152  search() gets stuck with "c" and skip evaluates to true
  8.2.5153  "make uninstall" does not remove colors/lists
  8.2.5154  still mentioning version8, some cosmetic issues
  8.2.5155  in diff mode windows may get out of sync
  8.2.5156  search timeout test often fails with FreeBSD
  8.2.5157  MS-Windows GUI: CTRL-key combinations do not always work
  8.2.5158  TSTP and INT signal tests are not run with valgrind
  8.2.5159  fix for CTRL-key combinations causes problems
  8.2.5160  accessing invalid memory after changing terminal size
  8.2.5161  might still access invalid memory
  8.2.5162  reading before the start of the line with BS in Replace mode
  8.2.5163  crash when deleting buffers in diff mode
  8.2.5164  invalid memory access after diff buffer manipulations
  8.2.5165  import test fails because 'diffexpr' isn't reset
  8.2.5166  test for DiffUpdated fails
  8.2.5167  get(Fn, 'name') on funcref returns special byte code
  8.2.5168  cannot build with Python 3.11
  8.2.5169  nested :source may use NULL pointer
  8.2.5170  tiny issues
  8.2.5171  dependencies and proto files are outdated
  8.2.5172  "make menu" still uses legacy script

  To generate a diff of this commit:
  cvs rdiff -u -r1.96 -r1.97 pkgsrc/editors/vim-gtk2/Makefile
  cvs rdiff -u -r1.23 -r1.24 pkgsrc/editors/vim-gtk3/Makefile
  cvs rdiff -u -r1.41 -r1.42 pkgsrc/editors/vim-motif/Makefile
  cvs rdiff -u -r1.60 -r1.61 pkgsrc/editors/vim-share/PLIST
  cvs rdiff -u -r1.198 -r1.199 pkgsrc/editors/vim-share/distinfo
  cvs rdiff -u -r1.137 -r1.138 pkgsrc/editors/vim-share/version.mk
  cvs rdiff -u -r1.64 -r1.65 pkgsrc/editors/vim-xaw/Makefile

(spz)

pullups #6649 #6657 #6658 #6659

(spz)

Pullup ticket #6659 - requested by khorben
chat/libpurple: security update
chat/finch: security update
chat/pidgin: security update
chat/pidgin-sametime: security update
chat/pidgin-silc: security update

Revisions pulled up:
- chat/finch/Makefile                                          1.87
- chat/libpurple/Makefile                                      1.117
- chat/libpurple/Makefile.common                                1.56
- chat/libpurple/distinfo                                      1.56
- chat/pidgin-sametime/Makefile                                1.67
- chat/pidgin-silc/Makefile                                    1.70
- chat/pidgin/Makefile                                          1.97
- chat/pidgin/PLIST                                            1.27

-------------------------------------------------------------------
  Module Name:    pkgsrc
  Committed By:  khorben
  Date:          Wed Jul 20 02:14:13 UTC 2022

  Modified Files:
          pkgsrc/chat/finch: Makefile
          pkgsrc/chat/libpurple: Makefile Makefile.common distinfo
          pkgsrc/chat/pidgin: Makefile PLIST
          pkgsrc/chat/pidgin-sametime: Makefile
          pkgsrc/chat/pidgin-silc: Makefile

  Log Message:
  libpurple, finch, pidgin: update to 2.14.10

  This notably fixes security issues (CVE-2012-1257, CVE-2022-26491).

  Tested on NetBSD/amd64.

  XXX pull-up to the pkgsrc-2022Q2 branch

  The complete changelog for the new versions is reproduced here:

  version 2.14.10 (06/02/2022):
    General:
    * Audit and correct the COPYRIGHT file. (RR 1425) (Richard Laager)
    * Fix a spelling error in a debug message for proxies. (RR 1426) (Richard
      Laager)
    * Install some emojis already in the theme but not being installed.
      (RR 1428) (Richard Laager)
    * Drop the QQ smileys as we don't ship QQ anymore. (PIDGIN-14385) (RR 1429)
      (Richard Laager)
    * Modernize the desktop file. (RR 1433) (Richard Laager)
    * Modernize the appdata file. (RR 1431) (Richard Laager)
    * Make privacy settings persist. (PIDGIN-17137) (RR 1463) (Belgin ��tirbu)

    Pidgin:
    * Fix a use after free that was introduced in 2.14.9. (RR 1488) (ivanhoe)

    IRC:
    * Fix a crash if the server sends a short form JOIN message. (PIDGIN-17375)
      (RR 1484) (Belgin ��tirbu)

    XMPP:
    * Fix a regression from 2.14.9 where XMPP accounts state would get lost
      after failing to connect. (PIDGIN-17621) (RR 1455) (Belgin ��tirbu)
    * Fix a crash when requesting your own info in an XMPP conference. (RR 1465)
      (Belgin ��tirbu)
    * Fix hang when completing a file transfer over XMPP. (RR 1466) (Belgin
      ��tirbu)
    * Fix updating custom smileys. (PIDGIN-17153) (RR 1477) (Belgin ��tirbu)
    * Fix unblocking users. (PIDGIN-16414) (RR 1479) (Belgin ��tirbu)
    * Fix a crash when cancelling a file transfer. (PIDGIN-17189) (RR 1485)
      (Belgin ��tirbu)

  version 2.14.9 (04/28/2022):
    Security:
    * Remove _xmppconnect support. (RR 1357) (CVE-2022-26491) (Gary Kramlich)

    libpurple:
    * Fix a GLib CRITICAL message with typing time outs. (RR 1123) (Mohammed
      Sadiq)
    * Fix an issue where the unit tests for purple_str_to_time would fail.
      (GENTOO-819774) (RR 1238) (Gary Kramlich)

    Pidgin:
    * Fix a memory leak in pidgin_conversations_set_tab_colors. (RR 1244)
      (ivanhoe)
    * Fixed the majority of the infinite resizing issues in the input box.
      (PIDGIN-16753, PIDGIN-16999, PIDGIN-17287, PIDGIN-17413, PIDGIN-17430,
      PIDGIN-17568, PIDGIN-17602) (RR 1342) (Belgin ��tirbu)
    * Add transient-buddy back which is used to show some context menus and
      other things. (PIDGIN-17523) (RR 1381) (Belgin ��tirbu)

    Windows:
    * Fix the download of dictionaries in the Windows installer. (PIDGIN-14618,
      PIDGIN-15648, PIDGIN-15540, PIDGIN-14612, PIDGIN-14893) (RR 1303) (Gary
      Kramlich)

    Translations:
    * Fix a typo in the German translations. (PIDGIN-17575) (RR 1242) (ivanhoe)
    * Synced all of the translations with Transifex.

    IRC:
    * Fix IRC file transfers on Windows. (PIDGIN-17175) (RR 1382) (Belgin
      ��tirbu)
    * Fix file transfers failing at 99% on IRC. (PIDGIN-15893) (RR 1385) (Belgin
      ��tirbu)
    * Default realname and ident name in IRC to the username (nickname) of the
      account. (PIDGIN-17610) (RR 1386) (Belgin ��tirbu)
    * Add an advanced account option to IRC accounts for explicitly setting the
      SASL login name. (PIDGIN-15451) (RR 1388) (Belgin ��tirbu)
    * Added a rate limiter that should make it impossible to excess flood.
      (RR 1391) (Gary Kramlich)

    SIMPLE:
    * Fix an issue with the CSeq numbers in SIMPLE. (PIDGIN-9675) (RR 1379)
      (dohmniq)

    XMPP:
    * Fix XMPP attention messages being sent to incorrect JIDs. (PIDGIN-14714)
      (RR 1387) (itsnotabigtruck, Belgin ��tirbu)

  To generate a diff of this commit:
  cvs rdiff -u -r1.86 -r1.87 pkgsrc/chat/finch/Makefile
  cvs rdiff -u -r1.116 -r1.117 pkgsrc/chat/libpurple/Makefile
  cvs rdiff -u -r1.55 -r1.56 pkgsrc/chat/libpurple/Makefile.common \
      pkgsrc/chat/libpurple/distinfo
  cvs rdiff -u -r1.96 -r1.97 pkgsrc/chat/pidgin/Makefile
  cvs rdiff -u -r1.26 -r1.27 pkgsrc/chat/pidgin/PLIST
  cvs rdiff -u -r1.66 -r1.67 pkgsrc/chat/pidgin-sametime/Makefile
  cvs rdiff -u -r1.69 -r1.70 pkgsrc/chat/pidgin-silc/Makefile

(spz)

Pullup ticket #6658 - requested by nia
www/firefox91: security update
www/firefox91-l10n: dependency update

Revisions pulled up:
- www/firefox91-l10n/Makefile                                  1.13
- www/firefox91-l10n/distinfo                                  1.15
- www/firefox91/Makefile                                        1.22
- www/firefox91/distinfo                                        1.15

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: nia
  Date: Fri Jul 22 08:16:40 UTC 2022

  Modified Files:
  pkgsrc/www/firefox91: Makefile distinfo
  pkgsrc/www/firefox91-l10n: Makefile distinfo

  Log Message:
  firefox91: update to 91.11.0

                    Mozilla Foundation Security Advisory 2022-25

  Security Vulnerabilities fixed in Firefox ESR 91.11

      #CVE-2022-34479: A popup window could be resized in a way to overlay the
      address bar with web content

      #CVE-2022-34470: Use-after-free in nsSHistory

      #CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
      via retargeted javascript: URI

      #CVE-2022-34481: Potential integer overflow in ReplaceElementsAt

      #CVE-2022-31744: CSP bypass enabling stylesheet injection

      #CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
      blocked

      #CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
      prompt

      #CVE-2022-2200: Undesired attributes could be set as part of prototype
      pollution

      #CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
      91.11

  To generate a diff of this commit:
  cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
  cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
  cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo

(spz)

Pullup ticket #6657 - requested by taca
devel/git: security update
devel/git-base: security update
devel/git-docs: security update
www/gitweb: security update

Revisions pulled up:
- devel/git-base/Makefile                                      1.97
- devel/git-base/distinfo                                      1.120-1.121
- devel/git-docs/Makefile                                      1.21
- devel/git/Makefile.version                                    1.106-1.107
- www/gitweb/Makefile                                          1.45

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: adam
  Date: Wed Jul  6 11:54:00 UTC 2022

  Modified Files:
  pkgsrc/devel/git: Makefile.version
  pkgsrc/devel/git-base: Makefile distinfo
  pkgsrc/devel/git-docs: Makefile
  pkgsrc/www/gitweb: Makefile

  Log Message:
  git: updated to 2.37.0

  Git v2.37 Release Notes
  ===========
  UI, Workflows & Features

    * "vimdiff[123]" mergetool drivers have been reimplemented with a
      more generic layout mechanism.

    * "git -v" and "git -h" are now understood as "git --version" and
      "git --help".

    * The temporary files fed to external diff command are now generated
      inside a new temporary directory under the same basename.

    * "git log --since=X" will stop traversal upon seeing a commit that
      is older than X, but there may be commits behind it that is younger
      than X when the commit was created with a faulty clock.  A new
      option is added to keep digging without stopping, and instead
      filter out commits with timestamp older than X.

    * "git -c branch.autosetupmerge=simple branch $A $B" will set the $B
      as $A's upstream only when $A and $B shares the same name, and "git
      -c push.default=simple" on branch $A would push to update the
      branch $A at the remote $B came from.  Also more places use the
      sole remote, if exists, before defaulting to 'origin'.

    * A new doc has been added that lists tips for tools to work with
      Git's codebase.

    * "git remote -v" now shows the list-objects-filter used during
      fetching from the remote, if available.

    * With the new http.curloptResolve configuration, the CURLOPT_RESOLVE
      mechanism that allows cURL based applications to use pre-resolved
      IP addresses for the requests is exposed to the scripts.

    * "git add -i" was rewritten in C some time ago and has been in
      testing; the reimplementation is now exposed to general public by
      default.

    * Deprecate non-cone mode of the sparse-checkout feature.

    * Introduce a filesystem-dependent mechanism to optimize the way the
      bits for many loose object files are ensured to hit the disk
      platter.

    * The "do not remove the directory the user started Git in" logic,
      when Git cannot tell where that directory is, is disabled.  Earlier
      we refused to run in such a case.

    * A mechanism to pack unreachable objects into a "cruft pack",
      instead of ejecting them into loose form to be reclaimed later, has
      been introduced.

    * Update the doctype written in gitweb output to xhtml5.

    * The "transfer.credentialsInURL" configuration variable controls what
      happens when a URL with embedded login credential is used on either
      "fetch" or "push". Credentials are currently only detected in
      `remote.<name>.url` config, not `remote.<name>.pushurl`.

    * "git revert" learns "--reference" option to use more human-readable
      reference to the commit it reverts in the message template it
      prepares for the user.

    * Various error messages that talk about the removal of
      "--preserve-merges" in "rebase" have been strengthened, and "rebase
      --abort" learned to get out of a state that was left by an earlier
      use of the option.

  Performance, Internal Implementation, Development Support etc.

    * The performance of the "untracked cache" feature has been improved
      when "--untracked-files=<mode>" and "status.showUntrackedFiles"
      are combined.

    * "git stash" works better with sparse index entries.

    * "git show :<path>" learned to work better with the sparse-index
      feature.

    * Introduce and apply coccinelle rule to discourage an explicit
      comparison between a pointer and NULL, and applies the clean-up to
      the maintenance track.

    * Preliminary code refactoring around transport and bundle code.

    * "sparse-checkout" learns to work better with the sparse-index
      feature.

    * A workflow change for translators are being proposed.  git.pot is
      no longer version controlled and it is local responsibility of
      translators to generate it.

    * Plug the memory leaks from the trickiest API of all, the revision
      walker.

    * Rename .env_array member to .env in the child_process structure.

    * The fsmonitor--daemon handles even more corner cases when
      watching filesystem events.

    * A new bug() and BUG_if_bug() API is introduced to make it easier to
      uniformly log "detect multiple bugs and abort in the end" pattern.

  Fixes since v2.36
  -----------------

    * "git submodule update" without pathspec should silently skip an
      uninitialized submodule, but it started to become noisy by mistake.
      (merge 4f1ccef87c gc/submodule-update-part2 later to maint).

    * "diff-tree --stdin" has been broken for about a year, but 2.36
      release broke it even worse by breaking running the command with
      <pathspec>, which in turn broke "gitk" and got noticed.  This has
      been corrected by aligning its behaviour to that of "log".
      (merge f8781bfda3 jc/diff-tree-stdin-fix later to maint).

    * Regression fix for 2.36 where "git name-rev" started to sometimes
      reference strings after they are freed.
      (merge 45a14f578e rs/name-rev-fix-free-after-use later to maint).

    * "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
      when showing the second and subsequent commits, which has been
      corrected.
      (merge 5cdb38458e jc/show-pathspec-fix later to maint).

    * "git fast-export -- <pathspec>" lost the pathspec when showing the
      second and subsequent commits, which has been corrected.
      (merge d1c25272f5 rs/fast-export-pathspec-fix later to maint).

    * "git format-patch <args> -- <pathspec>" lost the pathspec when
      showing the second and subsequent commits, which has been
      corrected.
      (merge 91f8f7e46f rs/format-patch-pathspec-fix later to maint).

    * "git clone --origin X" leaked piece of memory that held value read
      from the clone.defaultRemoteName configuration variable, which has
      been plugged.
      (merge 6dfadc8981 jc/clone-remote-name-leak-fix later to maint).

    * Get rid of a bogus and over-eager coccinelle rule.
      (merge 08bdd3a185 jc/cocci-xstrdup-or-null-fix later to maint).

    * The path taken by "git multi-pack-index" command from the end user
      was compared with path internally prepared by the tool without first
      normalizing, which lead to duplicated paths not being noticed,
      which has been corrected.
      (merge 11f9e8de3d ds/midx-normalize-pathname-before-comparison later to maint).

    * Correct choices of C compilers used in various CI jobs.
      (merge 3506cae04f ab/cc-package-fixes later to maint).

    * Various cleanups to "git p4".
      (merge 4ff0108d9e jh/p4-various-fixups later to maint).

    * The progress meter of "git blame" was showing incorrect numbers
      when processing only parts of the file.
      (merge e5f5d7d42e ea/progress-partial-blame later to maint).

    * "git rebase --keep-base <upstream> <branch-to-rebase>" computed the
      commit to rebase onto incorrectly, which has been corrected.
      (merge 9e5ebe9668 ah/rebase-keep-base-fix later to maint).

    * Fix a leak of FILE * in an error codepath.
      (merge c0befa0c03 kt/commit-graph-plug-fp-leak-on-error later to maint).

    * Avoid problems from interaction between malloc_check and address
      sanitizer.
      (merge 067109a5e7 pw/test-malloc-with-sanitize-address later to maint).

    * The commit summary shown after making a commit is matched to what
      is given in "git status" not to use the break-rewrite heuristics.
      (merge 84792322ed rs/commit-summary-wo-break-rewrite later to maint).

    * Update a few end-user facing messages around EOL conversion.
      (merge c970d30c2c ah/convert-warning-message later to maint).

    * Trace2 documentation updates.
      (merge a6c80c313c js/trace2-doc-fixes later to maint).

    * Build procedure fixup.
      (merge 1fbfd96f50 mg/detect-compiler-in-c-locale later to maint).

    * "git pull" without "--recurse-submodules=<arg>" made
      submodule.recurse take precedence over fetch.recurseSubmodules by
      mistake, which has been corrected.
      (merge 5819417365 gc/pull-recurse-submodules later to maint).

    * "git bisect" was too silent before it is ready to start computing
      the actual bisection, which has been corrected.
      (merge f11046e6de cd/bisect-messages-from-pre-flight-states later to maint).

    * macOS CI jobs have been occasionally flaky due to tentative version
      skew between perforce and the homebrew packager.  Instead of
      failing the whole CI job, just let it skip the p4 tests when this
      happens.
      (merge f15e00b463 cb/ci-make-p4-optional later to maint).

    * A bit of test framework fixes with a few fixes to issues found by
      valgrind.
      (merge 7c898554d7 ab/valgrind-fixes later to maint).

    * "git archive --add-file=<path>" picked up the raw permission bits
      from the path and propagated to zip output in some cases, without
      normalization, which has been corrected (tar output did not have
      this issue).
      (merge 6a61661967 jc/archive-add-file-normalize-mode later to maint).

    * "make coverage-report" without first running "make coverage" did
      not produce any meaningful result, which has been corrected.
      (merge 96ddfecc5b ep/coverage-report-wants-test-to-have-run later to maint).

    * The "--current" option of "git show-branch" should have been made
      incompatible with the "--reflog" mode, but this was not enforced,
      which has been corrected.
      (merge 41c64ae0e7 jc/show-branch-g-current later to maint).

    * "git fetch" unnecessarily failed when an unexpected optional
      section appeared in the output, which has been corrected.
      (merge 7709acf7be jt/fetch-peek-optional-section later to maint).

    * The way "git fetch" without "--update-head-ok" ensures that HEAD in
      no worktree points at any ref being updated was too wasteful, which
      has been optimized a bit.
      (merge f7400da800 os/fetch-check-not-current-branch later to maint).

    * "git fetch --recurse-submodules" from multiple remotes (either from
      a remote group, or "--all") used to make one extra "git fetch" in
      the submodules, which has been corrected.
      (merge 0353c68818 jc/avoid-redundant-submodule-fetch later to maint).

    * With a recent update to refuse access to repositories of other
      people by default, "sudo make install" and "sudo git describe"
      stopped working, which has been corrected.
      (merge 6b11e3d52e cb/path-owner-check-with-sudo-plus later to maint).

    * The tests that ensured merges stop when interfering local changes
      are present did not make sure that local changes are preserved; now
      they do.
      (merge 4b317450ce jc/t6424-failing-merge-preserve-local-changes later to maint).

    * Some real problems noticed by gcc 12 have been fixed, while false
      positives have been worked around.

    * Update the version of FreeBSD image used in Cirrus CI.
      (merge c58bebd4c6 pb/use-freebsd-12.3-in-cirrus-ci later to maint).

    * The multi-pack-index code did not protect the packfile it is going
      to depend on from getting removed while in use, which has been
      corrected.
      (merge 4090511e40 tb/midx-race-in-pack-objects later to maint).

    * Teach "git repack --geometric" work better with "--keep-pack" and
      avoid corrupting the repository when packsize limit is used.
      (merge 66731ff921 tb/geom-repack-with-keep-and-max later to maint).

    * The documentation on the interaction between "--add-file" and
      "--prefix" options of "git archive" has been improved.
      (merge a75910602a rs/document-archive-prefix later to maint).

    * A git subcommand like "git add -p" spawns a separate git process
      while relaying its command line arguments.  A pathspec with only
      negative elements was mistakenly passed with an empty string, which
      has been corrected.
      (merge b02fdbc80a jc/all-negative-pathspec later to maint).

    * With a more targeted workaround in http.c in another topic, we may
      be able to lift this blanket "GCC12 dangling-pointer warning is
      broken and unsalvageable" workaround.
      (merge 419141e495 cb/buggy-gcc-12-workaround later to maint).

    * A misconfigured 'branch..remote' led to a bug in configuration
      parsing.
      (merge f1dfbd9ee0 gc/zero-length-branch-config-fix later to maint).

    * "git -c diff.submodule=log range-diff" did not show anything for
      submodules that changed in the ranges being compared, and
      "git -c diff.submodule=diff range-diff" did not work correctly.
      Fix this by including the "--submodule=short" output
      unconditionally to be compared.

    * In Git 2.36 we revamped the way how hooks are invoked.  One change
      that is end-user visible is that the output of a hook is no longer
      directly connected to the standard output of "git" that spawns the
      hook, which was noticed post release.  This is getting corrected.
      (merge a082345372 ab/hooks-regression-fix later to maint).

    * Updating the graft information invalidates the list of parents of
      in-core commit objects that used to be in the graft file.

    * "git show-ref --heads" (and "--tags") still iterated over all the
      refs only to discard refs outside the specified area, which has
      been corrected.
      (merge c0c9d35e27 tb/show-ref-optim later to maint).

    * Remove redundant copying (with index v3 and older) or possible
      over-reading beyond end of mmapped memory (with index v4) has been
      corrected.
      (merge 6d858341d2 zh/read-cache-copy-name-entry-fix later to maint).

    * Sample watchman interface hook sometimes failed to produce
      correctly formatted JSON message, which has been corrected.
      (merge 134047b500 sn/fsmonitor-missing-clock later to maint).

    * Use-after-free (with another forget-to-free) fix.
      (merge 323822c72b ab/remote-free-fix later to maint).

    * Remove a coccinelle rule that is no longer relevant.
      (merge b1299de4a1 jc/cocci-cleanup later to maint).

    * Other code cleanup, docfix, build fix, etc.
      (merge e6b2582da3 cm/reftable-0-length-memset later to maint).
      (merge 0b75e5bf22 ab/misc-cleanup later to maint).
      (merge 52e1ab8a76 ea/rebase-code-simplify later to maint).
      (merge 756d15923b sg/safe-directory-tests-and-docs later to maint).
      (merge d097a23bfa ds/do-not-call-bug-on-bad-refs later to maint).
      (merge c36c27e75c rs/t7812-pcre2-ws-bug-test later to maint).
      (merge 1da312742d gf/unused-includes later to maint).
      (merge 465b30a92d pb/submodule-recurse-mode-enum later to maint).
      (merge 82b28c4ed8 km/t3501-use-test-helpers later to maint).
      (merge 72315e431b sa/t1011-use-helpers later to maint).
      (merge 95b3002201 cg/vscode-with-gdb later to maint).
      (merge fbe5f6b804 tk/p4-utf8-bom later to maint).
      (merge 17f273ffba tk/p4-with-explicity-sync later to maint).
      (merge 944db25c60 kf/p4-multiple-remotes later to maint).
      (merge b014cee8de jc/update-ozlabs-url later to maint).
      (merge 4ec5008062 pb/ggg-in-mfc-doc later to maint).
      (merge af845a604d tb/receive-pack-code-cleanup later to maint).
      (merge 2acf4cf001 js/ci-gcc-12-fixes later to maint).
      (merge 05e280c0a6 jc/http-clear-finished-pointer later to maint).
      (merge 8c49d704ef fh/transport-push-leakfix later to maint).
      (merge 1d232d38bd tl/ls-tree-oid-only later to maint).
      (merge db7961e6a6 gc/document-config-worktree-scope later to maint).
      (merge ce18a30bb7 fs/ssh-default-key-command-doc later to maint).

  To generate a diff of this commit:
  cvs rdiff -u -r1.105 -r1.106 pkgsrc/devel/git/Makefile.version
  cvs rdiff -u -r1.96 -r1.97 pkgsrc/devel/git-base/Makefile
  cvs rdiff -u -r1.119 -r1.120 pkgsrc/devel/git-base/distinfo
  cvs rdiff -u -r1.20 -r1.21 pkgsrc/devel/git-docs/Makefile
  cvs rdiff -u -r1.44 -r1.45 pkgsrc/www/gitweb/Makefile

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: adam
  Date: Thu Jul 14 10:55:37 UTC 2022

  Modified Files:
  pkgsrc/devel/git: Makefile.version
  pkgsrc/devel/git-base: distinfo

  Log Message:
  git: updated to 2.37.1

  Git 2.37.1 Release Notes
  ============

  This release merges up the fixes that appear in v2.30.5, v2.31.4,
  v2.32.3, v2.33.4, v2.34.4, v2.35.4, and v2.36.2 to address the
  security issue CVE-2022-29187; see the release notes for these
  versions for details.

  Fixes since Git 2.37
  --------------------

    * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
      correctly record a removed file to the index, which is an old
      regression but has become widely known because the C version has
      become the default in the latest release.

    * Fix for CVS-2022-29187.

  To generate a diff of this commit:
  cvs rdiff -u -r1.106 -r1.107 pkgsrc/devel/git/Makefile.version
  cvs rdiff -u -r1.120 -r1.121 pkgsrc/devel/git-base/distinfo

(spz)