doc: Added security/uacme version 1.7.5

(hauke)

Add security/uacme package.

Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).

The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
popular one) and an applicant to automate the process of verification
and certificate issuance.  The protocol also provides facilities for
other certificate management functions, such as certificate revocation.

(hauke)

Comment the augmented build system patch.

(hauke)

Keep the build system from installing to PKG_SYSCONFDIR.

My local setting is a non-standard /etc/pkg, which was probably
shielded by the pkgsrc framework, hiding the problem.

(hauke)

Support rc.d script reload command.

(hauke)

Fix patch, and add comment.

(hauke)

Sync --daemon-rrd doc string with the actual default value.

(hauke)

doc: Updated www/hiawatha to 11.5

(hauke)

Update www/hiawatha to v11.5

Given a version jump of *two* orders of magnitude, changes are too
many to enumerate.

This package integrates some of the ideas in ktnb@'s wip/hiawatha, in
particular statically linking the included mbedtls.

See the discussion at
<pkg/2024/03/23/msg029036.html>">http://mail-index.netbsd.org/tech-pkg/2024/03/23/msg029036.html> --
built-in letsencrypt with its php dependency is an option.

Also: Upstream is not going away, but just changing its domain name.

(hauke)

doc: Updated net/netatalk22 to 2.3.2

(hauke)

Update net/netatalk22 to v2.3.2

From upstream's changelog:

New Features

A Dockerfile and container entry script have been added which allows
you to run Netatalk 2 containerized. AppleTalk networking is supported
if the host OS has an AppleTalk network stack. Either build a Docker
image yourself from the code, or pull a pre-built image from Docker Hub.

A macOS style launchd configuration file and netatalkd helper script
has been added. Build it by configuring the build system with the
--enable-macos parameter. Using these allows you to bypass recent
limitations in macOS Sonoma that prevents forking daemons to run.

Netatalk-F�s pap is now able to print to an ImageWriter II or LQ-A
connected to the LocalTalk network, with papstatus providing more
status information for this line of Apple printers.

What's Changed

    [2.3] Create Dockerfile and entry point by @rdmark in
    https://github.com/Netatalk/netatalk/pull/704
    [2.3] Remove binary logo images from revision control by @rdmark
    in https://github.com/Netatalk/netatalk/pull/717
    [2.3] Docker: Unprivileged build; expose ports and volume by
    @rdmark in https://github.com/Netatalk/netatalk/pull/714
    [2.3] Docker: Check for mandatory env variables; more
    configurability by @rdmark in
    https://github.com/Netatalk/netatalk/pull/721
    [2.3] atalkd: Bail out when attempting to -seed a single interface
    by @rdmark in https://github.com/Netatalk/netatalk/pull/720
    [2.3] pap,papstatus: changes to allow Imagewriters to print, and
    nicer status messages by @nutzman in
    https://github.com/Netatalk/netatalk/pull/722
    [2.3] docs: Correct descriptions for afpd -D and -T options by
    @rdmark in https://github.com/Netatalk/netatalk/pull/727
    [2.3] Clean up residual CVS commit headers by @rdmark in
    https://github.com/Netatalk/netatalk/pull/734
    [2.3] docs: Improve man page summaries by @rdmark in
    https://github.com/Netatalk/netatalk/pull/733
    [2.3] docs: Print netatalk version as subtitle, and header on each
    html page by @rdmark in
    https://github.com/Netatalk/netatalk/pull/741
    [2.3] docs: manual XML source improvements, backported from main
    by @rdmark in https://github.com/Netatalk/netatalk/pull/753
    [2.3] Create init scripts for macOS by @rdmark in
    https://github.com/Netatalk/netatalk/pull/757
    [2.3] Detect system docbook stylesheets at configure time by
    @rdmark in https://github.com/Netatalk/netatalk/pull/763
    [2.3] docker: Check for atalkd interface before starting atalkd
    daemons by @rdmark in
    https://github.com/Netatalk/netatalk/pull/769
    [2.3] Rename launchd plist to io.netatalk* and sort file names by
    @rdmark in https://github.com/Netatalk/netatalk/pull/765

(hauke)

doc: Updated devel/py-hg-git to 1.1.1

(hauke)

Update devel/py-hg-git to v1.1.1

For changes see
<https://foss.heptapod.net/mercurial/hg-git/-/releases>, upstream's
changelist does not lend itself to easy copying.

(hauke)

Re-add conditional PLIST entries that got lost by not building with
all options on

Add substitutions for PLIST generation

(hauke)

Re-add conditional PLIST entries that got lost by not building with
all options on

Add substitutions for PLIST generation

(hauke)

Add net/softether v5.02.5181

SoftEther VPN is an open-source multi-protocol VPN server and client.

(hauke)

doc: Updated x11/nx-libs to 3.5.99.26.0x2go1

(hauke)

Update x11/nx-libs to v3.5.99.26-0x2go1

From upstream's changelog:

2023-06-02 20:35:10 +0200 X2Go Release Manager (d12a42c8e)

        * release 3.5.99.26 (HEAD -> build-3.5.99.26, tag:
          redist-server/3.5.99.26, tag: redist-client/3.5.99.26,
          tag: 3.5.99.26-0x2go1, origin/build-3.5.99.26)

2021-04-05 08:44:00 +0200 ponce (8cb6a6e7e)

        * fix building with binutils >= 2.36.

2023-02-23 15:28:20 +0100 Mihai Moldovan (6afb58713)

        * nx-libs.spec: only depend upon pathfix.py for Fedora 27+ and RHEL
          7+.

2023-02-23 14:29:38 +0100 Mihai Moldovan (70293a83b)

        * nx-libs.spec: fix TIRPC usage on *SuSE 15.3+.

2023-02-23 13:17:55 +0100 Mihai Moldovan (b5c1d5fce)

        * debian/rules: fix version detection on testing and unstable.

2021-09-11 20:45:16 +0000 Mike Gabriel (fa7628310)

        * debian/rules: Define -DUseTIRPC=1 for nx-X11 build on Debian and
          Ubuntu versions that already have libtirpc.

2023-02-23 13:17:35 +0100 Mihai Moldovan (e49bd144d)

        * nx-libs.spec: add BR: upon pathfix.py.

2023-02-23 12:19:14 +0100 Mihai Moldovan (be0ce0226)

        * nx-libs.spec: fix nxdialog hashbang selection, especially on *SuSE.

(hauke)

doc: Updated x11/x2go-client to 4.1.2.3

(hauke)

Update x11/x2go-client to v4.1.2.3

While here, make the package buildable against qt4 and qt5, defaulting
to the latter.

From upstream's changelog:

x2goclient (4.1.2.3-0x2go1) unstable; urgency=medium

  [ Oleksandr Shneyder ]
  * New upstream version (4.1.2.3):
    - Load alternative image resources from specified folder.
    - Set correct aspect ratio for x2go and ON logos.
    - Download alternative resource files from http server.
    - Support for PNG background images.
    - Display state of broker connection in status bar.
    - Client can synchronize sessions with broker. Broker need to send
      syncinterval value in the client config section.
    - Set min width of session status label.
    - set clipboard mode of x2gokdriveclient in cmd line option.
    - Fix maximizing client window in thinclient mode with Qt5 (bullseye).
    - Add mime type application/x-x2go. X2Go Client can now automatically open
      session files with .x2go extension.
    - X2Go Client will send it's version to the broker when sending client
      event.
    - Don't close X2Go Client if settings dialog is called before broker auth.
    - X2Go Client will send it's OS name to the broker when sending client
      event.
    - Don't exit if connection to HTTP broker is failed when sync sessions.
    - Support for HTTP(S) urls in the session icons when using http broker.
    - Fix loading session icon to system tray when using broker.
    - Add --debug argument to x2gokdriveclient in debug mode.
    - Setting debug filter rules for QT>=5.2
    - Implement different view modes for sessions explorer:
      Favorite sessions, running sessions, all sessions.
    - Improve view modes in broker mode.
    - Set toolTip with detailed information for session button.
    - Show session path in session button in Favorite and Running views.
    - Improve synchronisation in broker mode.
    - Fix loading HTTP icon in pass dialog in broker mode.
    - Replace QFont::Thin with 0 to keep compatibility with Qt4.
    - Add special ACL for exported directories in Windows client.
    - Support for rootless X2GoKdrive sessions.
    - Fixed build with Qt5 on Windows.
    - Do not show empty folders in session explorer.
    - Support for OPENSSH PRIVATE KEY format sent from broker.
    - Do not show client in broker mode if startet in "hidden" mode.
    - Enable/Disable session view buttons inside of sessions explorer.
    - Add splash screen option when starting in hidden mode.
    - replace <HOME> with user's home dir in exports directories,
      when exporting session default directories.
    - create default export directory if not exists.
    - send to broker xdmcpserver in command option when starting xdmcp session.
    - improve processing stderr from nxproxy.
    - support for recent cygwin binaries and nxproxy 3.5.99.x
      all cygwin binaries and DLLs should be moved into the
      INSTDIR/bin directory by Windows installer.
    - for x2gokdrive sessions, when auto kbd layout is chosen,
      x2goclient will try to set the same kbd layout on server as on the
      client.
    - add "noresize" setting, which makes the proxy window not resizable
      for user.
    - on Windows SSHD will only listen 127.0.0.1 to avoid FW warnings.
    - on Windows check the location of cgwin binaries in <APPDIR> and
      in <APPDIR>/bin.

  [ Ryan Schmidt ]
  * New upstream version (4.1.2.3):
    - x2goclient.pro: use the right C++ standard library on OS X/macOS.

  [ Melroy van den Berg ]
  * New upstream version (4.1.2.3):
    - src/sshmasterconnection.c: send EOF before closing channel.
    - src/sshmasterconnection.c: return false if login check remote command
      execution failed.
    - src/sshmasterconnection.c: refactor some of the channel loop and fix
      channel/session closes.
    - src/sshmasterconnection.c: fix 'when not' password auth. Avoids double
      error messages.
    - src/sshmasterconnection.c: correct retval check.
    - src/sshmasterconnection.c: explicitly mark function parameters as unused.
    - .gitignore: ignore Visual Studio temporary files. Fixes: #1469.

  [ Mihai Moldovan ]
  * New upstream version (4.1.2.3):
    - src/sshmasterconnection.{c,h}: fix builds, new function should have been
      registered and not static, but private.
    - .gitignore: add debian/control, since it's now auto-generated.
    - Makefile: support version switching through a QT_VERSION variable -
      might be overridden via environment variables or the make call.
    - x2goclient.spec: add version switching support. Use Qt 5 for FC31+, RHEL
      8 and *SuSE 15.3+.
    - x2goclient.spec: don't try to prepend %{_qt4_bindir} if the macro is not
      defined.
    - Makefile: allow passing down variables that are safe to pass via the
      environment.
    - x2goclient.spec: fix condition with maybe-undefined macro.
    - x2goclient.spec: typo fix in vendor macro.
    - x2goclient.spec: expand %{_qt4_bindir} to integer if it's set, instead
      of using it as a string in the condition (which then leads to parsing
      error).
    - x2goclient.spec: rework Qt5 dependencies. Use a common set of
      PkgConfig()-based dependencies for the Qt 5 libraries themselves and
      only make the linguist tools (lrelease) conditional.
    - Makefile: make controllable variables default-if-not-set to allow
      overriding via the environment.
    - Makefile: invoke make as $(MAKE) to keep original invocation.
    - x2goclient.spec: fix missing %endif in Qt-4-BuildRequires section.
    - x2goclient.spec: use %{_qt5_bindir} macro analogous to the Qt 4 variant.
    - x2goclient.spec: correctly quote PATH overrides.
    - x2goclient.spec: fix syntax error in Qt 5 PATH override.
    - x2goclient.spec: add BuildRequires on Qt5X11Extras.
    - x2goclient.spec: also use/handle %{_libqt5_bindir}, as used by *SuSE.
    - x2goclient.spec: add BuildRequires on Qt5Network. OpenSuSE Tumbleweed
      split the pkgconfig files up into individual packages, while older
      versions ship all of them in libqt5-qtbase-devel. The former does not
      automatically use that package any longer and hence will not pull in all
      library packages automatically. That's not a bad change, since it forces
      us to spell out the dependencies correctly.
    - src/onmainwindow.cpp: add Cancel standard shortcut to cancel button in
      login window. Change requested by Max-Planck-Institut f端r Kolloid- und
      Grenzfl辰chenforschung Potsdam.
    - src/onmainwindow.cpp: consolidate Resume button enabling state in
      ONMainWindow::initSelectSessDlg ().
    - src/onmainwindow.{cpp,h}: add notice explaining how to resume running
      sessions. Change requested by Max-Planck-Institut f端r Kolloid- und
      Grenzfl辰chenforschung Potsdam.
    - src/onmainwindow.cpp: add Cancel standard shortcut to cancel button in
      session selection view.
    - src/onmainwindow.cpp: set word wrapping on running label.
    - src/onmainwindow.cpp: increase height of session selection dialog in
      mini mode.
    - src/onmainwindow.cpp: increase fixed height of session selection dialog
      in normal mode and also set as minimum height.
    - src/onmainwindow.cpp: unbreak on Qt 4 by emulating QKeySequence::Cancel.
    - src/onmainwindow.cpp: unbreak more and make sure that the code actually
      works on older systems. A very important part of the magic is using the
      old Qt4 SIGNAL/SLOT syntax and making sure to drop parameters on both
      sides, so that the default slot parameter is used, which animates the
      button for 150 ms.
    - src/onmainwindow.cpp: fix session creation date/time display. The data
      returned by the server was changed to an ISO-date-formatted one in 2011,
      but that change was not carried over to the client. We've had silly
      dates for more than 10 years and nobody noticed. Go figure.
    - src/onmainwindow.cpp: convert server-reported time to human readable
      time in Qt's standard format in session list view.
    - handle_mxe.sh: rework, make most variables lowercase, change spacing,
      use proper if-else blocks, do not use special bash features for string
      comparison etc.
    - macbuild.sh: qmake never supported -config, it was always
      CONFIG(+)='something'.
    - config_linux_static.sh: also switch from -config to CONFIG+='...'.
    - {handle_mxe.sh,x2goclient.pro}: make mxe selectable via CONFIG option
      and prepare selector in x2goclient.pro.
    - x2goclient.pro: also select on win32 and not just win32-*, fix
      whitespace.
    - x2gohelper/Makefile.mxe: more quoting.
    - Windows: Update PuTTY from 0.73 to 0.78.
    - debian/preprocessor.pl: typo fixes only.
    - misc: pre-release copyright update.
    - man/man1/x2goclient.1: pre-release date update.
  * debian/control:
    + Move to debian/control.in.
  * debian/control.in:
    + Switch to priority: optional. "extra" has been deprecated long ago.
      Pulled from Mike's changes.
    + Drop x2goplugin{,-{provider,dbg}}. It's been dead long enough.
    + Add Qt version switching support.
    + Add build-dependency upon lsb-release. Should be always part of a
      dependency of essential or base packages, but make sure we have it.
    + Add build-dependency upon libencode-locale-perl, needed for our
      preprocessor Perl script.
    + Add build-dependency upon m4, needed by our preprocessing shell script.
  * debian/copyright:
    + Switch Upstream-Contact to myself. Pulled from Mike's changes.
    + Add new license "GPL-2+~OpenSSL" for the modified GPL 2+ license
      including the OpenSSL exception and use that where appropriate. Pulled
      from Mike's changes.
    + Move GPL-3 definition out-of-line. Pulled from Mike's changes.
    + Update notices.
  * debian/rules:
    + Preprocess files with an ".in" suffix in the "debian" directory. Mostly
      adapted from the firefox package.
    + Add Qt 4/5 switching, based upon the base system definition. Mostly
      adapted from x2gomatebindings.
    + Force re-generation of debian/control in clean rule.
    + Add force variables to bypass autodetection via lsb-release. This will
      be used by our buildscripts.
    + Do not force re-generation of debian/control in clean rule. Its executed
      non-chrooted by sbuild before building the source package, so forcing
      will overwrite the file our buildscripts generated with something not
      matching the target system.
    + Assign default values to the FORCE_{VENDOR,RELEASE_VER} variables - thus
      allowing passed-in values through the environment.
    + Utilize new version switching in main Makefile by overriding the
      QT_VERSION make variable.
    + Fix version detection on testing and unstable. lsb_release -r currently
      only outputs n/a on these suites, so fall back to a rather fragile
      detection via apt-cache policy instead.
    + Fix version detection on testing and unstable V2. Remove a= tag.
  * debian/:
    + New file "watch". We won't need this per se (since we're upstream and
      there cannot be a newer version of the Debian package without releasing
      it first), but it might make downstream's life easier. Or not, depending
      on whether it's kept up-to-date correctly or not. Pulled from Mike's
      changes.
    + New file "upstream/metadata". Same reasoning as for "watch". Pulled from
      Mike's changes.
    + New file "preprocessor.pl". Simple text file preprocessor supporting
      basic condition logic.
    + New file "proprocess.sh". Used to apply replacement tokens and run our
      new preprocessor.

  [ Mike Gabriel ]
  * New upstream version (4.1.2.3):
    - Makefile: Install x-x2go.xml MIME database source file for .x2go file
      extension.
  * debian/x2gocient.install:
    + Install x-x2go.xml into bin:pkg x2goclient.
  * x2goclient.spec:
    + Install x-x2go.xml into bin:pkg and run update-mime-database during
      postinst.

  [ Ulrich Sibiller ]
  * New upstream version (4.1.2.3):
    - desktop/x2goclient.desktop: drop Maemo support.
    - res/img/icons: drop Maemo support, remove hildon subdirectory.
    - res/img/svg: drop Maemo support, remove bg_hildon.svg.
    - res/resources.qrc: drop Maemo support, remove bg_hildon.svg entry.
    - src/{{InteractionDialog,configdialog,connectionwidget,
            editconnectiondialog,folderbutton,mediawidget,ongetpass,
            onmainwindow,printprocess,printwidget,sessionbutton,
            sessionmanagedialog,sessionwidget,settingswidget,
            sharewidget}.cpp,x2goclientconfig.h}: drop Maemo support.
    - /: drop Maemo support, remove x2goclient.pro.maemo.
    - /: add README.mxe, describing MXE builds.
    - /: add handle_mxe.sh, MXE control script.
    - x2goclient.pro: use different parameters for MXE builds.
    - x2gohelper/x2gohelper.cpp: use lower-case header files.
    - x2gohelper/: add Makefile.mxe.

-- X2Go Release Manager <git-admin@x2go.org>  Wed, 28 Jun 2023 22:00:51 +0200

(hauke)

doc: Updated www/php-glpi to 10.0.12

(hauke)

Update www/php-glpi to v10.0.12

From upstream's changelog:

[10.0.12]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - moderate] Reflected XSS in reports pages (CVE-2024-23645)
    [SECURITY - moderate] LDAP Injection during authentication (CVE-2023-51446)

Also, here is a short list of main changes done in this version:

    [FIX] Regression with entity selector missing cache invalidation
    [FIX] Better handling of connection issues during LDAP synchronization
    [PERF] The entity selector get significant reduction of load time
    in some cases

[10.0.11]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - moderate] Authenticated SQL Injection (CVE-2023-43813)
    [SECURITY - high] SQL injection through inventory agent request
    (CVE-2023-46727)
    [SECURITY - high] Remote code execution from LDAP server
    configuration form on PHP 7.4 (CVE-2023-46726)

On this last point, we wanted to recall the 7.4 version of PHP is very
outdated and not supported anymore by the developers!  You should
upgrade on a recent version, at least 8.2 (8.0 will be outdated at the
end of the year and 8.1 will be only with security fixes).

Also, here is a short list of main changes done in this version:

    [UX] Enhance pending reasons display
    [FIX] various LDAP fixes (timeout, location import,
    deletion/restoration scenarios)
    [FIX] several inventory fixes (unmanaged assets reconciliation,
    rules for phones, rules logs for discovery, Cisco stacks, removal
    of remote management)
    [FIX] several performance enhancements (defer entity tree loading,
    strong enhancement on actors loading, all assets query execution
    time, web cron removal, dual ajax call for tab loading)
    [TASK] highlights of security requirements on install/update
    page. Some options like PHP versions, web folder setup are
    suggested with a strong visual.

[10.0.10]
You will find below security issues fixed in this bugfixes version:

    [SECURITY - Critical] Unallowed PHP script execution (CVE-2023-42802).
    [SECURITY - High] Account takeover via SQL Injection in UI layout
    preferences (CVE-2023-41320).
    [SECURITY - High] Account takeover via Kanban feature (CVE-2023-41326).
    [SECURITY - High] Account takeover through API (CVE-2023-41324).
    [SECURITY - High] File deletion through document upload process
    (CVE-2023-42462).
    [SECURITY - Moderate] Sensitive fields enumeration through API
    (CVE-2023-41321).
    [SECURITY - Moderate] Privilege Escalation from technician to
    super-admin (CVE-2023-41322).
    [SECURITY - Moderate] Users login enumeration by unauthenticated
    user (CVE-2023-41323).
    [SECURITY - Moderate] Phishing through a login page malicious URL
    (CVE-2023-41888).
    [SECURITY - Moderate] SQL injection in ITIL actors (CVE-2023-42461).

Also, here is a short list of main changes done in this version:

    [FEATURE] PHP 8.3 and MySQL 8.1 support.
    [FEATURE] Enable usage of images in rich text of
    followups/tasks/solution templates.
    [PERFORMANCES] Improve ticket timeline rendering performances.
    [FIX] Fix issues with usage of LDAP bind options.
    [FIX] Fix some issues on SLA/OLA escalation levels computation.
    [FIX] Fix some issues on search on numeric and dates fields.
    Several minor fixes

[10.0.9]
You will find below the security issu fixed in this bugfixes version:

    [SECURITY - Moderate] SQL injection in dashboard administration
    (CVE-2023-37278).

Following the last releases of 10.0.8, a few annoying issues has been detected:

    Update script uses a SQL function incompatible with MySQL 5.7 (#15141)
    Private follow-ups and tasks are invisible to users with
    appropriate rights (#15128)
    Several minor fixes

[10.0.8]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - High] SQL injection via inventory agent request (CVE-2023-35924).
    [SECURITY - High] SQL injection through Computer Virtual Machine
    information (CVE-2023-36808).
    [SECURITY - High] Unauthorized access to Dashboard data (CVE-2023-35939).
    [SECURITY - High] Unauthenticated access to Dashboard data (CVE-2023-35940).
    [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-34244).
    [SECURITY - Moderate] Unauthorized access to knowledge base items
    (CVE-2023-34107).
    [SECURITY - Moderate] Unauthorized access to user data (CVE-2023-34106).

Also, here is a short list of main changes done in this version:

    [FEATURE] Improve mail grouping (#14296)
    [FEATURE] Add deleted status in item's header (#14382)
    [FEATURE] Add option to control the display of dropdowns labels (#14472)
    [FEATURE] Permits to check DB schema from GLPI versions >= 0.80 (#14666)
    [FIX] Improve performance of plugins init (#14511)
    [FIX] Improve performance of kanban views (#14525, #14599, #14764)
    [FIX] Ldap issues with PHP versions >= 8.1 (#14561)
    [FIX] SLA waiting time duration (#14937)
    [FIX] Notification encoding for MS Outlook (#14959)
    A lot of fixes in native inventory

[10.0.7]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - High] SQL injection and Stored XSS via inventory agent
    request (CVE-2023-28849).
    [SECURITY - High] Account takeover by authenticated user (CVE-2023-28632).
    [SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838).
    [SECURITY - Moderate] Stored XSS through dashboard administration
    (CVE-2023-28852).
    [SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636).
    [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639).
    [SECURITY - Moderate] Privilege Escalation from technician to
    super-admin (CVE-2023-28634).
    [SECURITY - Low] Blind Server-Side Request Forgery (SSRF) in RSS
    feeds (CVE-2023-28633).

Also, here is a short list of main changes done in this version:

    [SECURITY] Optional GLPI router to be able to use a safer web
    server root directory.
    [FEATURE] Support of SMTP OAuth authentication.
    [FEATURE] Improved inventory file upload feature.
    [FIX] Many fixes and improvements on native inventory.
    [FIX] Some bugs on PHP 8.2.
    [FIX] Caching issues on entities.
    [FIX] Boolean FullText operator not working on knowledge base search.
    [FIX] Unexpected search results when using negative condition on
    ticket actors.
    [FIX] Issues with LDAP filters/DN.
    [FIX] Unexpected results when searching on knowledge base categories.

[10.0.6]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - High] Unauthorized access to inventory files (CVE-2023-22500)
    [SECURITY - Moderate] XSS on browse views (CVE-2023-22722)
    [SECURITY - Moderate] XSS on external links (CVE-2023-22725)
    [SECURITY - Moderate] XSS in RSS Description Link (CVE-2023-22724)
    [SECURITY - Moderate] Unauthorized access to data export (CVE-2023-23610)
    [SECURITY - Low] Stored XSS inside Standard Interface Help Link
    href attribute (CVE-2022-41941)

Also, here is a short list of main changes done in this version:

    [FEATURE] Unmanaged devices can be handled like a real asset.
    [FEATURE] Handle more actions for stale inventory agents.
    [FEATURE] Added new dictionnary rules for OS.
    [CHANGED] Removed glpi: prefix on console commands.
    [FIX] PHP 8.2 support.
    [FIX] Many fixes and improvements on native inventory.
    [FIX] Reservation display on self-service profile.
    [FIX] Mail collector issues with emails sent from Outlook.
    [FIX] Dashboard issues on "All" tab.
    [FIX] Ticket input is restored when submitted form is not complete.
    [FIX] Notification was not sent when ticket status was set to "pending".

[10.0.5]
Following the last releases of 10.0.4 and 9.5.10, an annoying issue
has been detected in one of the security fixes provided.  The user is
logged out when he tries to switch to another entity.

[10.0.4]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)
    [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)
    [SECURITY - Low] Stored XSS in entity name (CVE-2022-39373)
    [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)
    [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)
    [SECURITY - Moderate] User's session persist after permanently
    deleting his account (CVE-2022-39234)
    [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)
    [SECURITY - Moderate] XSS in external links (CVE-2022-39277)
    [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)
    [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)
    [SECURITY - High] Stored XSS through asset inventory (CVE-2022-39371)

Also, here is a short list of main changes done in this version:

    [FIX] Increase significantly dashboards performance
    [FIX] Several bugs on images pasting
    [FIX] Fixed and improved inventory locks management
    [FIX] Display of printer cartridges
    [FIX] Display and hide actors tooltips in tickets
    [FIX] Improve display of headers above forms
    [FIX] Move breakpoints on responsive displays
    [SECURITY] Inventory API is now disabled by default
    [FEATURE] Dedicated rights has been added for inventory

[10.0.3]
You will find below the list of security issues fixed in this bugfixes version:

    [SECURITY] XSS through registration API (CVE-2022-35945)
    [SECURITY] Leak of sensitive information through login page error
    (CVE-2022-31143)
    [SECURITY] Stored XSS through global search (CVE-2022-31187)
    [SECURITY] [critical] Command injection using a third-party
    library script (CVE-2022-35914)
    [SECURITY] SQL injection through plugin controller (CVE-2022-35946)
    [SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947)
    [SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds
    and planning (CVE-2022-36112)

Also, here is a short list of main changes done in this version:

    [FEATURE] More precise rights checks on inventory (#12610)
    [FEATURE] Display of last inventoried value for locked fields (#12602)
    [FEATURE] Permit to use rules to add computers as virtual machines (#12572)
    [SECURITY] Delegate session cookies security to sysadmin (#12302)
    [FIX] Prevent collector failure on invalid mail header (#12232)
    [FIX] Many fixes on network inventory

(hauke)

doc: Updated net/netatalk3 to 3.1.18

(hauke)

Update net/netatalk3 to v3.1.18

Includes a patch for security issue CVE-2022-22995.

What's Changed

    FIX: CVE-2022-22995: Harden create_appledesktop_folder(), GitHub #480
    FIX: Correct syntax for libwrap check in tcp-wrappers.m4, GitHub #500
    FIX: Correct syntax for libiconv check in iconv.m4, GitHub #491
    FIX: quota is not supported on macOS, GitHub #492
    FIX: dtrace is not supported on FreeBSD aarch64, GitHub #498

3.1.17 - What's Changed

    FIX: CVE-2023-42464: Validate data type in dalloc_value_for_key(), GitHub #486
    FIX: Declare a variable before using it in a loop, which was
    throwing off the default compiler on RHEL7, GitHub #481
    UPD: Distribute tarballs with xz compression by default, instead
    of gzip, GitHub #478
    UPD: Add AUTHOR sections to all man pages with a reference to
    CONTRIBUTORS, and standardize headers and footers, GitHub #462

3.1.16 - What's Changed

    FIX: libatalk: Fix CVE-2022-23121, CVE-2022-23123 regression
        Added guard check before access ad_entry(), GitHub #357
        Allow zero length entry, for AppleDouble specification, GitHub #368
        Remove special handling for COMMENT entries, GitHub #236
        The assertion for invalid entires is still enabled, so please
        report any future "Invalid metadata EA" errors!
    FIX: build system: Fix autoconf warnings and modernize bootstrap
        and configure.ac, GitHub #331
    FIX: build system: Correct syntax in libevent search macro,
        summary macro and netatalk executable makefile, GitHub #342
    FIX: build system: Fix native libiconv detection on macOS, GitHub
        #343
    FIX: build system: Use non-interactive PAM session when available,
        GitHub #361
    FIX: build system: Fix detection of Berkeley DB installed in
        multiarch location, GitHub #380
    FIX: build system: Fix support for cross-compilation with
        mysql_config and dtrace, GitHub #384
    FIX: build system: Support building quota against libtirpc, GitHub
        #385
    FIX: build system: Fix variable substitution in configure summary,
        GitHub #443
    UPD: build system: Remove ABI checks and the
        --enable-developer option, GitHub #262
    FIX: initscript: Improvements to Debian SysV init script
        Source init-functions, GitHub #386
        Add a Description and Short-Description, GitHub #428
    FIX: docs: Clarify localstate dir configurability in manual, GitHub #401
    UPD: docs: Make BerkeleyDB 5.3.x the recommended version, GitHub #8
    FIX: docs: Update SourceForge URLs to fix CSS styles and download links
    FIX: docs: Remove obsoleted bug reporting sections, GitHub #455
    FIX: Sundry typo fixes in user visible strings and docs, GitHub
        #381, GitHub #382
    UPD: Rename asip-status.pl as asip-status to make naming
        implementation-agnostic, GitHub #379
    UPD: Remove redundant uid.c|h files in etc/afpd
    UPD: Don't build and distribute deprecated cnid2_create tool, GitHub #412
    UPD: Remove deprecated megatron code and man page, GitHub #456
    UPD: Remove deprecated uniconv code and man page, GitHub #457
    UPD: Improvements to the GitHub CI workflow

(hauke)

doc: Updated net/netatalk22 to 2.3.1

(hauke)

Update net/netatalk22 to v2.3.1

New features

The following compile time option has been added:

    --with-docbook - Used to generate man and html pages from XML
    sources, the latter which are now included in the tarball.

Breaking changes

The following obsoleted features have been removed:

    Kerberos IV UAM - Version IV backwards compatibility headers were
    removed from Kerberos V 1.11 in 2012

    AppleDouble adouble:osx - The AD format that Mac OS X 10.3 used,
    but was removed in subsequent versions

    AppleDouble adouble:sfm - Microsoft's Services For Macintosh
    compatibility mode that required a long-gone hacked version of
    Samba

atalkd

The RTMP broadcast quirks mode that was introduced in v2.3.0 has been
replaced with an automatic activation when atalkd is configured with a
single interface and the -router flag.

Therefore, the now-unneeded -q command line option has been removed.
What's Changed

    [2.3] Fix Zeroconf support on *BSD platforms by @rdmark in
    https://github.com/Netatalk/netatalk/pull/647
    [2.3] Add NetBSD, Solaris, Fedora build workflows by @rdmark in
    https://github.com/Netatalk/netatalk/pull/642
    [2.3] Use correct BSD make syntax in initscripts Makefile by
    @rdmark in https://github.com/Netatalk/netatalk/pull/644
    [2.3] Remove long-outdated README and VERSION files, superseded by
    man pages by @rdmark in
    https://github.com/Netatalk/netatalk/pull/641
    [2.3] Two small memory handling patches ported from
    netatalk-classic by @rdmark in
    https://github.com/Netatalk/netatalk/pull/645
    [2.3] macusers: Fallback output when full name not available by
    @rdmark in https://github.com/Netatalk/netatalk/pull/652
    [2.3] papd: Update cups_print_job() to use CUPS destination API by
    @NJRoadfan in https://github.com/Netatalk/netatalk/pull/651
    [2.3] papd: Update cups_autoadd_printers() to use current API
    call. by @NJRoadfan in
    https://github.com/Netatalk/netatalk/pull/655
    [2.3] workflow: Compile on Debian with cracklib, ldap, quota by
    @rdmark in https://github.com/Netatalk/netatalk/pull/653
    [2.3] Use GitHub actions v4 for workflow jobs by @rdmark in
    https://github.com/Netatalk/netatalk/pull/662
    [2.3] manual: Link to custom download and wiki mirrors in navbar
    by @rdmark in https://github.com/Netatalk/netatalk/pull/671
    [2.3] papd - More cleanup and moderization of print_cups.c by
    @NJRoadfan in https://github.com/Netatalk/netatalk/pull/672
    [2.3] papd - Use cups_get_language() function by @NJRoadfan in
    https://github.com/Netatalk/netatalk/pull/674
    [2.3] papd: Use cupsGetOptions() to get printer URI by @NJRoadfan
    in https://github.com/Netatalk/netatalk/pull/678
    [2.3] atalkd: Fix for RTMP broadcast bug. by @NJRoadfan in
    https://github.com/Netatalk/netatalk/pull/680
    [2.3] Workflow: Bump SonarScanner to v2 by @rdmark in
    https://github.com/Netatalk/netatalk/pull/685
    [2.3] libatalk: Appease Fedora gcc incompatible pointer error by
    @rdmark in https://github.com/Netatalk/netatalk/pull/683
    [2.3] afpd: Remove support for AppleDouble osx and sfm by @rdmark
    in https://github.com/Netatalk/netatalk/pull/673
    [2.3] Remove obsoleted Kerberos v4 UAM by @rdmark in
    https://github.com/Netatalk/netatalk/pull/686
    [2.3] Generate man pages through build system by @rdmark in
    https://github.com/Netatalk/netatalk/pull/690
    [2.3] Cleanup of obsolete gitignore filters by @rdmark in
    https://github.com/Netatalk/netatalk/pull/693
    [2.3] manual: Update URLs to internal resources by @rdmark in
    https://github.com/Netatalk/netatalk/pull/695
    [2.3] papd: Refactor and cleanup cups_get_printer_ppd() by
    @NJRoadfan in https://github.com/Netatalk/netatalk/pull/700
    [2.3] papd: update cups_get_printer_status() by @NJRoadfan in
    https://github.com/Netatalk/netatalk/pull/696
    [2.3] manual: Remove obsoleted html-upload target, and update css
    URL by @rdmark in https://github.com/Netatalk/netatalk/pull/701

(hauke)

Have the rc.d script respect PKG_SYSCONFDIR (what a concept!)

(hauke)

Add PREFIX/{,s}bin to PATH

Not having an /etc/ld.so.conf is not an error (on some platforms)

(hauke)

doc: Updated net/netatalk22 to 2.3.0

(hauke)

Update net/netatalk22 to v2.3.0

For convenience, we'll stick with the package name 'netatalk22', since
gratuitous renames are a pain for package_rolling-replace(8) users.

In hindsight, something like 'netatalk-ddp' would have been more
descriptive.

From upstream's changelog:

New features

The following compile time options have been added:

    --disable-install-privileged (skips actions that require root access)
    --with-systemd-prefix

Breaking changes

As of Netatalk 2.3.0, the Database Daemon dbd CNID backend is the only
one provided for use in production environments. The last CNID backend
is still available for testing and read-only volumes.

The DHX UAM is now disabled by default, to avoid errors stemming from
OpenSSL v3.0 removal of 128 bit modulus size support. See #358 for
more details on how to make DHX work on your system, and on using
alternative UAMs for authenticating with older clients.

The following features have been removed.

    Concurrent Database (cdb) CNID backend
    Trivial Database (tdb) CNID backend
    Volume mount preexec and postexec commands
    Dropbox / dropkludge
    Force UID/GID
    Andrew File System (AFS)

Compatibility macros for the following long-obsoleted operating
systems have been removed.

    SunOS
    IRIX
    AIX
    Ultrix
    HPUX
    Tru64,
    GNU/kFreeBSD
    UnixWare

afpd

The following runtime options have been removed:

    nodebug (afpd.conf)
    nostat
    preexec
    postexec
    root_preexec
    root_postexec
    preexec_close
    root_preexec_close
    dropbox
    dropkludge

The following compile time options have been removed:

    --enable-debug
    --enable-debug1
    --enable-afs
    --enable-force-uidgid
    --enable-dropkludge
    --with-cnid-tdb-backend
    --with-cnid-cdb-backend
    --with-webmin

Renamed:

    asip-status.pl has been renamed to asip-status

atalkd

Netatalk versions 2.2.7 through 2.2.10 had the non-standard behavior
of not rebroadcasting routing information originating from other
subnets. This made certain Asant� or Dayna LocalTalk hardware bridges
able to coexist with netatalk, with the drawback that subnets behind
other routers aren't visible to the netatalk clients.

Netatalk 2.3.0 restores the correct behavior as per the AppleTalk
specification. If you want to emulate the previous non-standard
behavior, you can start atalkd with the newly introduced -q parameter.

What's Changed

    [2.2] Run distcheck target in Ubuntu job by @rdmark in #395
    [2.2] Add Documentation tags to systemd templates by @rdmark in #394
    [2.2] Support building against libtirpc as separate from glibc
          by @rdmark in #387
    [2.2] Fix detection of Berkeley DB installed in multiarch location
          by @rdmark in #391
    [2.2] Configurable systemd prefix by @rdmark in #417
    [2.2] autoconf: Option to skip privileged hooks for make install
          by @rdmark in #419
    Flip the check for tm->tm_gmtoff to appease FreeBSD by @rdmark in #416
    [2.2] Rename asip-status.pl to asip-status by @rdmark in #397
    [2.2] Fix user visible typos and improve English grammar by @rdmark in #399
    [2.2] autoconf: put UAM libraries in $libdir by @rdmark in #420
    [2.2] Correct install hook for static config files by @rdmark in #421
    [2.2] Create man page for cnid2_create tool by @rdmark in #411
    [2.2] Do not install at.h when glibc header is present by @rdmark in #414
    [2.2] autoconf: Fold a2boot and timelord under the appletalk conditional
          by @rdmark in #424
    [2.2] Write a Description and Short-Description for the Debian init script
          by @rdmark in #437
    [2.2] Document binheader, nadheader, and showpap in man pages
          by @rdmark in #438
    [2.2] Improve readability of manual README by @rdmark in #440
    [2.2] Recommend BerkeleyDB 5.3 by @rdmark in #447
    [2.2] Update URL for css stylesheet in manual pages by @rdmark in #445
    [2.2] workflow: Flesh out pull_request trigger and remove ignored paths
          by @rdmark in #453
    [2.2] Use absolute XSL stylesheet path and source VERSION for manual pages
          by @rdmark in #459
    [2.2] Remove obsoleted bug reporting sections by @rdmark in #466
    [2.2] manpages: Fix typos, improve layout in afpd.conf man page
          by @rdmark in #472
    Revert "[2.2] Update atalkd.service to be consistent with other init
    scripts." by @rdmark in #473
    [2.2] Default to xz compression for tarballs by @rdmark in #483
    [2.2] Remove vestiges of a Webmin install target by @rdmark in #517
    [2.2] Name the default home dir shared volume; clean up template
          by @rdmark in #519
    [2.2] Remove redundant id properties in man page by @rdmark in #520
    [2.3] Port 2.x fork code quality improvements by @rdmark in #521
    [2.2] Rearrange the dummy file system paths for the tests by @rdmark in #522
    [2.3] Don't seteuid() if process is already running as that uid.
          by @rdmark in #532
    [2.3] Enable, sort, and flesh out file type translation by @rdmark in #534
    [2.3] Remove dangerous afprun module from codebase by @dgsga in #531
    [2.3] Remove experimental Dropbox Kludge feature by @rdmark in #539
    [2.3] Remove redundant AUTHORS file by @rdmark in #537
    [2.3] Remove the "Force UID/GID" feature by @rdmark in #541
    [2.3] Add long-forgotten patch to make papd safer. by @rdmark in #527
    [2.3] Remove nostat option by @rdmark in #542
    [2.3] Minor cleanup of man pages by @rdmark in #544
    [2.3] Validate size of ace_count in FPSetACL request by @rdmark in #551
    [2.3] Run apt-get update before installing packages by @rdmark in #558
    [2.3] Fixes for clean compilation on OpenIndiana by @rdmark in #564
    Revert Asante and Dayna GS/OS Fix. by @NJRoadfan in #596
    Add README for the v2.3 branch by @rdmark in #588
    [2.3] Document the correct default log level for afpd by @rdmark in #589
    [2.3] Standardize man page heading case by @rdmark in #590
    [2.3] Deprecate AFS (Andrew File System) support by @rdmark in #591
    atalkd: Introduce 3rd party bridge quirks mode by @rdmark in #597
    [2.3] uams: Link PGP UAM with CRYPT_LIBS by @rdmark in #607
    [2.3] Build Kerberos V and PGP UAMs in CI workflow by @rdmark in #613
    [2.3] Improve logger_test, while re-enabling the syslog tests
          by @rdmark in #616
    [2.3] Enable only DHX2 UAM by default by @rdmark in #619
    [2.3] Switch from compile-time debug to run-time debug where applicable
          by @rdmark in #618
    [2.3] Remove cdb and tdb CNID backends by @rdmark in #611
    [2.3] Use portable fcntl() instead of flock() by @rdmark in #626
    [2.3] afpd: Use correct username length in afp_changepw by @rdmark in #630
    [2.3] Clean up residual svn commit headers by @rdmark in #631
    [2.3] Minor cleanup of residual afprun code by @rdmark in #632
    Preparing for stable release 2.3.0 by @rdmark in #633

(hauke)

Clarify why there are two versions of Netatalk.

(hauke)

Update checksums after adding patch comments.
Wrap long line in Makefile.

No functional changes.

(hauke)

doc: Updated security/vaultwarden to 1.30.1

(hauke)

Update security/vaultwarden to v1.30.1

Thanks go to the FreeBSD security/vaultwarden maintainer - I still
don't know how to update the package without their dependency list...

The openssl lib update patch is also from there.

From upstream's changelog:

    Fix missing alpine tag during buildx bake by @BlackDex in #4043
    Disable autofill-v2 by @BlackDex in #4056
    Add Protected Actions Check by @BlackDex in #4067
    Update crates by @BlackDex in #4074

    Added passkey support, allowing the browser extensions to store
    and use your passkeys, make sure the extension is updated to
    version 2023.10.0 or newer for passkey support.
    Updated web vault to 2023.10.0.
    Fixed crashes in ARMv6 devices
    Fixed crashes when trying to create/edit a cipher in the mobile applications.

    Update Rust and Crates by @BlackDex in #3808
    update web-vault to v2023.8.2 by @stefan0xC in #3821
    Fix Login With Device without MasterPassword by @BlackDex in #3831
    Update GitHub Workflow by @BlackDex in #3910
    Fix arm builds by @BlackDex in #3911
    Fix typos by @tuhanayim in #3959
    csp: rename anonaddy.com to addy.io by @stefan0xC in #3950
    filter handlebars logs by @stefan0xC in #3859
    Remove unnecessary variable clone by @mvalois in #3981
    README.md: Fix grammar nit by @AndreasHGK in #3965
    Fix small issues by @BlackDex in #3964
    Adds LastActive on /admin/users API route by @mvalois in #3951
    Reopen log file on SIGHUP by @tobiasmboelz in #3909
    Fix External ID not set during DC Sync by @BlackDex in #3804
    New config option disable email change by @admav in #3986
    2FA Confirmation Code Email subject line change to fix triggering
    Google spam blocker by @aureateflux in #3572
    Implement cipher key encryption by @dani-garcia in #3990
    Container building changes by @BlackDex in #3958
    Fix issue with MariaDB/MySQL migrations by @BlackDex in #3994
    feat: Working passkeys storage by @GeekCornerGH in #4025
    ci: add trivy workflow by @mightyBroccoli in #3997
    Fix importing Bitwarden exports by @BlackDex in #4030

    Fix .env.template file by @BlackDex in #3734
    Fix UserOrg status during LDAP Import by @BlackDex in #3740
    Update images to Bookworm and PQ15 and Rust v1.71 by @BlackDex in #3573
    Implement "login with device" by @quexten in #3592
    chore: Bump web vault to v2023.7.1 and bump Rust by @GeekCornerGH in #3769
    Optimized Favicon downloading by @BlackDex in #3751
    add UserDecryptionOptions to login response by @stefan0xC in #3813
    add new secretsmanager plan for web-v2023.8.x by @stefan0xC in #3797
    Allow Authorization header for Web Sockets by @BlackDex in #3806
    Update admin interface by @BlackDex in #3730

    Fix Org API Key generation on PosgreSQL by @BlackDex in #3678
    feat: Add support for forwardemail by @GeekCornerGH in #3686
    Fix some external_id issues by @BlackDex in #3690
    Remove debug code during attachment download by @BlackDex in #3704

    WebSocket notifications now work via the default HTTP port. No
    need for WEBSOCKET_ENABLED and a separate port anymore.
    The proxy examples still need to be updated for this. Support for
    the old websockets port 3012 will remain for the time being.
    Mobile Client push notification support, see #3304 thanks @GeekCornerGH!
    Web-Vault updated to v2023.5.0 (v2023.5.1 does not add any improvements for us)
    The latest Bitwarden Directory Connector can be used now (v2022.11.0)
    Storing passkeys is supported, though the clients are not yet
    released. So, it might be we need to make some changes once they
    are released.
    See: #3593, thanks @GeekCornerGH!

(hauke)

Unbreak on php-8, from
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263759>

(hauke)

doc: Added mail/thunderbird102-l10n version 102.15.0

(hauke)

doc: Added mail/thunderbird102 version 102.15.0

(hauke)

Add mail/thunderbird102{,-l10n} with LTS version 102.15.0 as a
functioning fallback from bleeding edge Thunderbird.

(hauke)

doc: Updated net/netatalk22 to 2.2.10

(hauke)

net/netatalk22 -- update to v2.2.10

Upstream's changelog:

workflow: add libcups2-dev dependency by @rdmark in #335
Correct doc README by @rdmark in #326
Fix all warnings on running bootstrap by @dgsga in #346
bootstrap: Add checks for required packages by @rdmark in #338
Enable compilation on macOS hosts v2 by @dgsga in #349
macros: Use the AC_LANG_SOURCE macro, issue #347 by @rdmark in #351
Remove redundant documentation in conf files; improve man pages, #333 by @rdmark in #334
Use non-interactive PAM session when available by @rdmark in #367
papd: Future-proof CUPS API usage by @rdmark in #373
Update atalkd.service to be consistent with other init scripts. by @rdmark in #372
Adopt downstream Debian patches by @rdmark in #370
Restore tarball distribution of doc/ (GitHub#374) by @rdmark in #375
Regenerate man pages from xml sources by @rdmark in #376

(hauke)

Rework the www/viewvc package some:

Put the preferences under PKG_SYSCONFDIR
Pre-set pkgsrc-dependend viewvc.conf entries
Lose the MESSAGE, it was pointless
Install the docs

(hauke)

Use PKG_SYSCONFDIR instead of PREFIX/etc

Construct the comment in the spirot of the example

(hauke)

doc: Updated www/viewvc to 1.2.3

(hauke)

Update www/viewcvs to v1.2.3

Upstream's changelog:

Version 1.2.3 (released 04-Jan-2023)

  * security fix: escape revision view copy paths (#311) [CVE-2023-22464]

Version 1.2.2 (released 03-Jan-2023)

  * security fix: escape revision view changed paths (#311) [CVE-2023-22456]
  * standalone.py defaults to UTF-8 output now, too
  * fix viewvc-install error handling bug
  * fix a problem on CVS checkout files with rcsparse (#272)

(hauke)

Add faster serial connection rates from <termios.h>, if supported, to
keep up with newer hardware.

(hauke)

Add LIBIMAGEQUANT_TYPE to switch between rust and C version of
graphics/libimagequant

(hauke)

Hook up the graphics/libimagequant{,-c}�alternative mechanism,
modelled after graphics/librsvg{,-c}.

(hauke)

doc: Added graphics/libimagequant-c version 2.18.0

(hauke)

Add graphics/libimagequant-c v2.18.0

Follow the example of graphics/librsvg{,-c} and re-add the last C
version of imagequant-turned-rust, for the sake of platforms which
cannot reasonably build or run rusted tools for lack of support or
resources.

See also the
<https://mail-index.netbsd.org/pkgsrc-users/2023/06/02/msg037421.html>
thread.

(hauke)

doc: Updated security/vaultwarden to 1.28.1

(hauke)

Update security/vaultwarden to v1.28.1

Note the license change from gnu-gpl-v3 to gnu-agpl-v3.

There is at this time no update to the current 1.29.0, because

o upstream is pulling in a non-release crate from github during build, again, and

o pkgsrc has no workable way to create an updated
  "cargo-depends.mk". The make CARGO_ARGS="build --release" build
  described in the pkgsrc guide 21.4.4 does not work, and I ended up
  cribbing the cargo list from the FreeBSD package (thanks, guys!).

Upstream's change list:

1.28.1
What's Changed

    Decode knowndevice X-Request-Email as base64url with no padding by @jjlin in #3376
    Fix abort on password reset mail error by @BlackDex in #3390
    support /users/<uuid>/invite/resend admin api by @nikolaevn in #3397
    always return KdfMemory and KdfParallelism by @stefan0xC in #3398
    Fix sending out multiple websocket notifications by @BlackDex in #3405
    Revert setcap, update rust and crates by @BlackDex in #3403

1.28.0
Major changes

    The project has changed license to the AGPLv3. If you're hosting a
    Vaultwarden instance, you now have a requirement to distribute the
    Vaultwarden source code to your users if they request it. The
    source code, and any changes you have made, need to be under the
    same AGPLv3 license. If you simply use our code without
    modifications, just pointing them to this repository is enough.

    Added support for Argon2 key derivation on the clients. To enable
    it for your account, make sure all your clients are using version
    v2023.2.0 or greater, then go to account settings > security >
    keys, and change the algorithm from PBKDF2 to Argon2id.

    Added support for Argon2 key derivation for the admin page
    token. To update your admin token to use it, check the wiki
    New alternative registries for the docker images are available (In BETA for now):
        Github Container Registry: https://ghcr.io/dani-garcia/vaultwarden
        Quay: https://quay.io/vaultwarden/server

What's Changed

    Remove patched multer-rs by @manofthepeace in #2968
    Removed unsafe-inline JS from CSP and other fixes by @BlackDex in #3058
    Validate YUBICO_SERVER string (#3003) by @BlackDex in #3059
    Log message to stderr if LOG_FILE is not writable by @pjsier in #3061
    Update WebSocket Notifications by @BlackDex in #3076
    Optimize config loading messages by @BlackDex in #3092
    Percent-encode org_name in links by @am97 in #3093
    Fix failing large note imports by @BlackDex in #3087
    Change text/plain API responses to application/json by @jjlin in #3124
    Remove shrink-to-fit=no from viewport-meta-tag by @redwerkz in #3126
    Update dependencies and MSRV by @BlackDex in #3128
    Resolve uninlined_format_args clippy warnings by @BlackDex in #3065
    Update Rust to v1.66.1 to patch CVE by @BlackDex in #3136
    Fix remaining inline format by @BlackDex in #3130
    Use more modern meta tag for charset encoding by @redwerkz in #3131
    fix (2fa.directory): Allow api.2fa.directory, and remove 2fa.directory by @GeekCornerGH in #3132
    Optimize CipherSyncData for very large vaults by @BlackDex in #3133
    Add avatar color support by @BlackDex in #3134
    Add MFA icon to org member overview by @BlackDex in #3135
    Minor refactoring concering user.setpassword by @sirux88 in #3139
    Validate note sizes on key-rotation. by @BlackDex in #3157
    Update KDF Configuration and processing by @BlackDex in #3163
    Remove arm32v6-specific tag by @jjlin in #3164
    Re-License Vaultwarden to AGPLv3 by @BlackDex in #2561
    Admin password reset by @sirux88 in #3116
    "Spell-Jacking" mitigation ~ prevent sensitive data leak \u2026 by @dlehammer in #3145
    Allow listening on privileged ports (below 1024) as non-root by @jjlin in #3170
    don't nullify key when editing emergency access by @stefan0xC in #3215
    Fix trailing slash not getting removed from domain by @BlockListed in #3228
    Generate distinct log messages for regex vs. IP blacklisting. by @kpfleming in #3231
    allow editing/unhiding by group by @farodin91 in #3108
    Fix Javascript issue on non sqlite databases by @BlackDex in #3167
    add argon2 kdf fields by @tessus in #3210
    add support for system mta though sendmail by @soruh in #3147
    Updated Rust and crates by @BlackDex in #3234
    docs: add build status badge in readme by @R3DRUN3 in #3245
    Validate all needed fields for client API login by @BlackDex in #3251
    Fix Organization delete when groups are configured by @BlackDex in #3252
    Fix Collection Read Only access for groups by @Misterbabou in #3254
    Make the admin session lifetime adjustable by @mittler-works in #3262
    Add function to fetch user by email address by @mittler-works in #3263
    Fix vault item display in org vault view by @jjlin in #3277
    Add confirmation for removing 2FA and deauthing sessions in admin panel by @JCBird1012 in #3282
    Some Admin Interface updates by @BlackDex in #3288
    Fix the web-vault v2023.2.0 API calls by @BlackDex in #3281
    Fix confirmation for removing 2FA and deauthing sessions in admin panel by @dpinse in #3290
    Admin token Argon2 hashing support by @BlackDex in #3289
    Add HEAD routes to avoid spurious error messages by @jjlin in #3307
    Fix web-vault Member UI show/edit/save by @BlackDex in #3315
    Upd Crates, Rust, MSRV, GHA and remove Backtrace by @BlackDex in #3310
    Add support for /api/devices/knowndevice with HTTP header params by @jjlin in #3329
    Update Rust, MSRV and Crates by @BlackDex in #3348
    Merge ClientIp with Headers. by @BlackDex in #3332
    add endpoints to bulk delete collections/groups by @stefan0xC in #3354
    Add support for Quay.io and GHCR.io as registries by @BlackDex in #3363
    Some small fixes and updates by @BlackDex in #3366
    Update web vault to v2023.3.0 by @dani-garcia

1.27.0
New features

    Event logs for organizations

    With this feature enabled, actions occurring inside an organization
    will be recorded in a log, viewable by organization admins and
    owners. Check the official documentation to learn more:
    https://bitwarden.com/help/event-logs/ (Note that the Public API is
    not yet implemented, so the events are only viewable in the Web Vault)

    To enable this feature, set ORG_EVENTS_ENABLED=true. By default all
    events will be stored indefinitely, if you want to limit that, you can
    use the EVENTS_DAYS_RETAIN option. You can also tune the cleanup
    schedule with EVENT_CLEANUP_SCHEDULE.  Group support (beta)

    Enables the creation and use of groups inside an organization. At the
    moment this is in beta because there are some known issues
    (#2989). Still, the more this feature is tested, the faster we will be
    able to stabilize it.

    To enable this feature, set ORG_GROUPS_ENABLED=true, make sure to make
    proper backups of your instance before hand.

What's Changed

    Group support | applied .diff by @MFijak in #2846
    Add Organizational event logging feature by @BlackDex in #2868
    Updated web vault to 2022.12.0 by @dani-garcia
    Update diesel to 2.0.2 by @dani-garcia in #2724
    Limit Cipher Note encrypted string size by @BlackDex in #2945
    fix invitations of new users when mail is disabled by @stefan0xC in #2773
    attach images in email by @stefan0xC in #2784
    allow registration without invite link by @stefan0xC in #2799
    Fix master password hint update not working. by @BlackDex in #2834
    Sync global_domains.json by @jjlin in #2840
    verify email on registration by invite by @stefan0xC in #2804
    Take ROCKET_ADDRESS into account in the Docker healthcheck by @jjlin in #2844
    Update github workflows by @BlackDex in #2852
    feat: Bump web-vault to v2022.10.1 by @GeekCornerGH in #2859
    Update Rust version, deps and workflow by @BlackDex in #2888
    Add /devices/knowndevice endpoint by @BlackDex in #2893
    fix: removed a double space by @GeekCornerGH in #2894
    Support Org Export for v2022.11 clients by @BlackDex in #2899
    Use constant size generic parameter for random bytes generation by @samueltardieu in #2910
    Update config comment to reflect rfc8314. by @skid9000 in #2911
    Set "Bypass admin page security" as read-only by @BlackDex in #2918
    Fully remove DuckDuckGo email service. by @BlackDex in #2919
    Added missing register endpoint to identity by @BlackDex in #2920
    Prevent DNS leak when icon regex is configured by @BlackDex in #2921
    Update settings description by @karbobc in #2928
    allow managers to set groups of a collection by @stefan0xC in #2933
    Update Vaultwarden Logo's by @BlackDex in #2940
    check if sqlite folder exists by @stefan0xC in #2873
    redirect to admin login page when forward fails by @stefan0xC in #2886
    Cleanups and Fixes for Emergency Access by @BlackDex in #2936
    Update dependencies for Rust and Admin interface. by @BlackDex in #2941
    Fix admin repost warning. by @BlackDex in #2953
    Add dev-only query logging support by @BlackDex in #2954
    Fix managers and groups link by @BlackDex in #2947
    use a custom 404 page by @stefan0xC in #2948
    Increase privacy of masked config by @BlackDex in #2963
    Improve comments by @tessus in #2969
    use black favicon for /admin by @tessus in #2970
    Remove ctrlc crate and some updates by @BlackDex in #2971
    Fix org export (again) by @BlackDex in #2973
    Revert collection queries back to left_join by @BlackDex in #2976
    Fix recover-2fa not working. by @BlackDex in #2994
    Disable groups by default and Some optimizations by @BlackDex in #2995
    Fix a panic during Yubikey register/login by @BlackDex in #3006

(hauke)

doc: Updated sysutils/tsm8 to 8.1.19.0

(hauke)

Update sysutils/tsm8 to v8.1.19

This is a patch release; upstream does not provide a change log.

The 'maintenance' file path turned out to have a newer version than
the 'patches' path, so go with that.

Since upstream's ftp server has become useless, return to default
fetch client.

(hauke)

doc: Updated devel/pycharm-bin to 2022.1.4

(hauke)

Update devel/pycharm-bin to 2022.1.4

Newer versions are built with a java version newer than what we ship,
leading to binary incompatibility.

This version breaks with java 17, see
<https://intellij-support.jetbrains.com/hc/en-us/community/posts/5961640280210-Can-t-start-IntelliJ-Idea-Error-LinkageError-occurred-while-loading-main-class-com-intellij-idea-Main>,
and unfortunately the pkgsrc USE_JAVA2 is "version N or newer", which
does not help here.

Changes are too numerous to list, see
<https://youtrack.jetbrains.com/articles/PY-A-233537986/PyCharm-2022.1.4-221.6008.17-build-Release-Notes> etc.
("Neue Schraube! Ganz neue Schraube!")

(hauke)

This Pycharm version is a bit long in the tooth, and breaks on Java
17, limit the version range.

Remove deprecated VM option.

(hauke)

doc: Updated sysutils/tsm8 to 8.1.19.0

(hauke)

doc: Updated sysutils/tsm8 to 8.1.17.2

(hauke)

Update sysutils/tsm8 to v8.1.17.2

This is a bugfix release; upstream does not provide a changelog.

Comment out the ftp master site, since their ftpd mandates
ftp-over-ssl, which our commandline ftp clients do not support.

Drop a few PLIST substitutions as unused.

(hauke)

Set default extractor to bsdtar.

On OmniOS at least the default extractor will silently truncate long
paths from the distfile, causing PLIST breakage.

(hauke)

Fix the man page install path, which should unbreak the packages for
non-standard PKGMANDIR.

(hauke)

vis(3): Avoid nonportable MIN in portable code.

Adopt upstream's resolution, to be dropped with the next
update. (Thanks, riastradh@)

(hauke)

Unbreak build on OmniOS, which #defines MIN() in an uncommon
place.

This should really be picked up by autoconf.

(hauke)

Fix an old typo -- if an underscore in place of a dash has ever
worked, it does not any more.

(hauke)

Carry forward the SunOS sound setup from editors/xemacs (21.4).

I cannot test this right now, but it should at least unbreak the build
on SunOS.

(hauke)

doc: Added sysutils/and version 1.2.2

(hauke)

Add the Auto Nice Daemon as sysutils/and

The auto nice daemon will renice or even kill jobs according to a
priority database, after they take up too much CPU time.

(hauke)

Teach package the wonders of PKG_SYSCONFDIR and friends, unbreaking it
for a non-default PKG_SYSCONFBASE

We do not at this point install pam files automatically.
And PKG_SYSCONFBASE/pam.d is not being looked at, so don't
bother installing anything there.

(hauke)

Remove net/mrtg conflict, it has been fixed.

(hauke)

Ignore the enclosed Pod-Parser in favour of textproc/p5-Pod-Parser,
avoiding pointless conflicts with p5 packages

See also <https://github.com/oetiker/mrtg/issues/105>

While here, rename the patches.

(hauke)

The 21.5 requirement of makeinfo 4.12 seems arbitrary - the
NetBSD-enclosed makeinfo 4.8 appears to work just fine.

Plus, simply not setting MAKEINFO will leave us without .info files.

(hauke)

doc: Updated editors/xemacs-current to 21.5.35

(hauke)

editors/xemacs-current{,-nox11}: Update to 21.5.35

Changes in XEmacs 21.5.35 ?kohlrabi?

Major Features, Bugfixes, and Backward Incompatible Changes

-- New: Ben Wing's unicode-internal support -- Ben Wing
-- Improve: Reduce needless byte-char conversion, C code -- Aidan Kehoe
-- Improve: Add support for OpenSSL bignum implementation -- Jaakko Salomaa
-- Improve: #'format and friends now much more featured -- Aidan Kehoe
-- Improve: Removed unexec, incremental garbage collector, support for non-system malloc(), support for Win 95/98/ME -- Aidan Kehoe
-- Fix: Convert assert on menubar syntax errors to log warning and skip the menu -- Jerry James

User-Visible Bug Fixes and Improvements

-- Fix: Remove a reference to 'efs-ftp-path from #'file-remote-p -- Mike Sperber
-- Improve: Allow :visible in menu specs; document -- Jerry James
-- Improve: Allow a string the LHS of a syntax-alist entry in `font-lock-defaults' to be a string (sync to GNU Emacs) -- Mike Sperber
-- Improve: Make #'byte-compile-if suppress spurious warnings from `(if (fboundp ...' or `(if (boundp ...' constructs (port of Dave Love patch to Emacs) -- Mike Sperber
-- Improve: Silence warnings about throws out of #'post-command-hook' -- Mike Sperber
-- New: Support bignums with MPIR -- Jerry James
-- Improve: Help buffer behaviour synced with GNU -- Mats Lidell
-- Improve: Better behaviour with deletion of text and saved window points.

Build Infrastructure and Source Tree

-- Fix: Change several Mule-specific constructs to generic ones in core Lisp (paragraphs.el); fixes --without-mule build from tarballs -- Stephen Turnbull
-- Fix: Fix Windows portability issues -- Vin Shelton, Jerry James, Mats Lidell
-- Fix: Reverse sense of #if for insert-data-in-exec build -- Jerry James
-- Fix: Silence syntax warnings -- Jerry James
-- Improve: Update autoconf helpers to latest upstream version -- Jerry James
-- Improve: Use more recent makeinfo(1) if available -- Jerry James
-- Improve: GTK 3.X support when available -- Jeff Sparkes
-- New: TLS support -- Jerry James
-- Improve: Disable ASLR on any system where that is necessary for XEmacs binary -- Aidan Kehoe, Mike Sperber, Marcus Crestani
-- Improve: Use pkg-info if available to determine linked libraries for ncurses -- Aidan Kehoe, Mats Lidell
-- Improve: Run autoupdate on configure.ac, heed its advice -- Aidan Kehoe
-- Improve: Fix broken linker -R flag detection, pkg-config problems, -f* flags inappropriate when linking -- Jaakko Salomaa
-- Improve: Fix PostgreSQL header detection -- Jaakko Salomaa
-- Fix: --with-infopath handling, configure.ac -- Jaakko Salomaa
-- Fix: Canna version detection -- Jaakko Salomaa

Documentation

-- Improve: Bignum documentation -- Jerry James
-- Improve: Port texi files to Texinfo 5, fix style -- Jerry James
-- Improve: Document #'digit-char-p, #'digit-char, #'parse-integer -- Aidan Kehoe
-- Improve: Add notes about pixel_to_glyph_transation and related code -- Mike Kupfer
-- Improve: Document char-code-limit -- Aidan Kehoe
-- New: Describe the arbitrary-base syntax for rationals -- Aidan Kehoe
-- Improve: Details of extent properties vs string properties -- Stephen Turnbull
-- New: Document extent support in #'format, document #'format-into -- Aidan Kehoe
-- Improve: Move generalised support for duplicable extents to Old Future work -- Aidan Kehoe
-- New: Document the new flags and modifiers, #'format -- Aidan Kehoe
-- New: Document shadowing of lambda list arguments, #'symbol-macrolet. Document the new SHADOW argument for each symbol macro specified. -- Aidan Kehoe
-- New: Document #'string-match-p, #'looking-at-p. -- Aidan Kehoe
-- New: Document that (shift a) is supported as keystroke syntax -- Aidan Kehoe
-- Improve: Remove duplicated info, widget.texi. -- Aidan Kehoe, FKtPp, Steven Mitchell
-- New: Update documentation of #'generate-new-buffer-name -- Aidan Kehoe
-- Improve: Face property documentation -- Stephen Turnbull
-- Improve: Remove mention of non-system malloc() implementations -- Aidan Kehoe
-- Improve: Document algorithmic complexity consideration with #'marker-position -- Aidan Kehoe
-- Improve: Re-encode texi as UTF-8 when appropriate -- Aidan Kehoe
-- New: Document named non-shy groups, limits on interval qualifiers -- Aidan Kehoe
-- New: Document workarounds to avoid compile-time evaluation of (require ...) forms -- Aidan Kehoe
-- New: Document MARKERP argument to #'extent-{start,end}-position -- Aidan Kehoe
-- New: Document underlying implementation of the match data, associated performance and correctness considerations -- Aidan Kehoe
-- New: Document search-error-on-bad-match-data -- Aidan Kehoe
-- New: Document redisplay no longer entered recursively -- Aidan Kehoe
-- New: Document changes to unique stream identifiers -- Aidan Kehoe
-- New: Document changes to profiling implementation -- Aidan Kehoe
-- New: Document removal of support for Windows 95/98/ME systems -- Aidan Kehoe
-- Improve: Remove details of the implementation of the incremental garbage collector; document experience with it and its removal -- Aidan Kehoe
-- Improve: Update the documentation of the dumping process -- Aidan Kehoe
-- Improve: Adjust documentation of the garbage collector to put KKCC in the forefront. -- Aidan Kehoe
-- Improve: Documentation of no need for POSIX-compatible #'looking-at-p, #'string-match-p -- Aidan Kehoe
-- New: Document the OpenSSL bignum driver -- Jaakko Salomaa
-- New: Document the ?z integer length modifier -- Aidan Kehoe
-- Improve: Move display table extensions to Old Future work -- Aidan Kehoe
-- New: Document the -no-configured-paths command line flag -- Jaakko Salomaa
-- Fix: Build error, navigation problems, internals.texi -- Henry Thompson
-- Improve: Deprecate #'string-equal -- Aidan Kehoe
-- Fix: Buggy ASCII art, internals.texi -- Aidan Kehoe, Mats Lidell
-- Improve: Remove deprecated @refill from manual -- Aidan Kehoe

Lisp API

-- Fix: Add optional ID-FORMAT to #'file-attributes (GNU compatibility); add tests -- Mats Lidell, Vin Shelton
-- Fix: Make #'apply-partially more intelligent about constructing compiled functions when making closures; add tests -- Aidan Kehoe
-- Improve: Add optional WHEN and DOCSTRING arguments to #'define-obsolete-function-alias, #'define-compatible-function-alias, #'define-obsolete-variable-alias, #'define-compatible-variable-alias (GNU compatibility) -- Stephen Turnbull, Mike Sperber, Jeff Sparkes
-- New: Add #'font-lock-extend-region-functions' from GNU Emacs, use it -- Mike Sperber
-- New: Add #'write-sequence, API from Common Lisp. -- Aidan Kehoe
-- Improve: Allow optional `docstring' argument to #'define-function, as in GNU Emacs. -- Mike Sperber
-- Fix: #'next-command-event: Only snooze displaying keystrokes if PROMPT is nil -- Aidan Kehoe
-- Fix: #'message and friends: Preserve extent information in prompts. -- Aidan Kehoe.
-- Fix: #'x-store-cutbuffer-internal: No longer crash when passed a non-string STRING argument. -- Aidan Kehoe
-- Fix: #'encode-time: Correct the sign used when calculating the time zone strong. -- Marcus Crestani.
-- New: #'open-network-stream-internal, #'tls-negotiate: Add support for TLS to streams.
-- New: Expose #'parse-integer to Lisp -- Aidan Kehoe
-- Fix: #'event-matches-key-specifier-p: Check keysym and modifiers when on a TTY. -- Aidan Kehoe
-- New: Add support for GNU's help-event-list. -- Aidan Kehoe
-- New: no-character-typed error, used in #'self-insert-command -- Aidan Kehoe
-- New: char-code-limit available -- Aidan Kehoe
-- Fix: #'accept-process-output: Restore the current buffer even on non-local exit -- Aidan Kehoe
-- Fix: #'getenv: Escape quotation marks correctly when interactively showing a variable's value -- Aidan Kehoe
-- New: Add #'clear-string, API From GNU. -- Aidan Kehoe
-- Fix: #'string-to-number: Canonicalise ratios in this function -- Aidan Kehoe
-- Fix: #'logand, #'logior, #'rem, #'lsh: Make errors less misleading -- Aidan Kehoe
-- Improve: #'line-number: Implement using the C implementation of src/line-number.c, improving performance. -- Aidan Kehoe
-- Fix: #'load-internal: Error correctly with a zero-length file name, rather than giving a bus error. -- Aidan Kehoe
-- Fix: #'print and friends: Avoid crashes when STREAM can cause string data relocation. -- Aidan Kehoe
-- Fix: string property lists: Avoid silent corruption of a fixnum stored in a string's property list. -- Aidan Kehoe
-- Fix: #'reduce: avoid a crash with a cons sequence, :from-end nil, and a zero-length range. -- Aidan Kehoe
-- Improve: Move #'concatenate to C, improve the implementation and algorthmic complexity of #'concat. -- Aidan Kehoe
-- New: Provide Common Lisp's #'make-string-output-stream, exposing the existing C resizing_buffer lstream type, and preserving extent information for this. -- Aidan Kehoe
-- Improve: Do not accept non-fixnum number arguments with %c, #'format. -- Aidan Kehoe
-- Improve: Use our integer to string conversion code within #'format, #'number-to-string.
-- Improve: Preserve extent information within #'format.
-- New: Add digit-fixnum-ascii, a version of digit-fixnum-map supporting only the ASCII digits; use this internally. -- Aidan Kehoe
-- Improve: Don't echo mouse wheel events. -- Aidan Kehoe.
-- Improve: Add support for pad characters, h, l, hh, ll modifiers, unsigned modifiers, #'format. -- Aidan Kehoe
-- New: Provide #'format-into, writing the output into a stream. -- Aidan Kehoe
-- Fix: #'substitute-command-keys, preserve extent information -- Aidan Kehoe
-- Fix: Avoid problems in #'mapcon when FUNCTION returns nil. -- Aidan Kehoe
-- Improve: Implement obarray as a proper Lisp hash table. -- Aidan Kehoe
-- Fix: #'normalize-menu-text, avoid corruption of result. -- Aidan Kehoe
-- Improve: Sync the #'run-hook family of functions from GNU. -- Aidan Kehoe
-- New: #'run-hook-wrapped, API imported from GNU. -- Aidan Kehoe
-- Improve: Accept (shift a) as equivalent to (A) when parsing keysyms. -- Aidan Kehoe
-- Fix: Error with (aref STRING (length STRING)) -- Aidan Kehoe
-- New: Add #'with-hash-table-iterator, API from Common Lisp. -- Aidan Kehoe
-- Improve: Increase default gc-cons-threshold to 32 megabytes from 2 megabytes. -- Aidan Kehoe
-- Improve: Sync API for #'generate-new-buffer-name. -- Aidan Kehoe
-- Improve: Standardise the behaviour of #'% within XEmacs, don't rely on quirks of underlying C implementation. -- Aidan Kehoe
-- Improve: Standardise on Lisp characters as the keysym objects across all supported platforms. -- Aidan Kehoe
-- Improve: Return two values in #'user-name-completion, no need for #'user-name-completion-1. -- Aidan Kehoe
-- New: Support named non-shy ("explicitly numbered") groups in regular expressions. -- Aidan Kehoe
-- New: Take up to #xFFFF repetitions when using \{N,M\} regexp repetition syntax -- Aidan Kehoe
-- New: Extend display table handling to take arbitrary format strings. -- Aidan Kehoe
-- Improve: Restrict MINWIDTH, PRECISION field ranges in format strings to #xFFFF. -- Aidan Kehoe
-- Improve: Add a -no-configured-paths option, most useful when building -- Jaakko Salomaa
-- Improve: Deprecate #'string-equal, move it to obsolete.el -- Aidan Kehoe
-- Improve: Add a Latin-script Azeri language environment -- Aidan Kehoe
-- Improve: Avoid errors with misc-user events and isearch-pre-command-hook -- Aidan Kehoe
-- Improve: Warn about non-string, non-integer args to #'gensym -- Aidan Kehoe
-- Improve: Give better backtraces on error at startup -- Aidan Kehoe
-- Improve: Deal better with unparseable Fc font names. -- Stephen Turnbull
-- New: Sync mode-require-final-newline from GNU -- Aidan Kehoe
-- New: Add #'write-string, #'write-line -- Aidan Kehoe
-- Improve: Blinking of parentheses when demonstrating matching parentheses -- Aidan Kehoe
-- New: Respect function-key-map in #'read-char, #'read-char-exclusive, error if no character typed. -- Aidan Kehoe
-- Improve: Remove metadata marking #'keymapp as side-effect free. -- Aidan Kehoe
-- New: #'synthesize-unicode-codepoint, bind it to (control shift u) as specified by ISO 14755. -- Aidan Kehoe
-- Improve: Do not insert timestamps in .elc comments, making builds reproducible. -- Jerry James.
-- New: Transport layer security (TLS) support -- Jerry James
-- Improve: `noerror' optional argument to #'line-move -- Michael Sperber.
-- Improve: Handling of case sensitivity in interactive regular expression search -- Aidan Kehoe
-- Improve: Remove unused code for Mule TTY support. -- Aidan Kehoe
-- New: #'max-char function for GNU compatibility. -- Aidan Kehoe
-- Improve: Avoid using the regexp support for very simple searches. -- Aidan Kehoe
-- Fix: Avoid over-eager deletion of frams, gnuclient -- Aidan Kehoe
-- Improve: Less garbage with the message stack. -- Aidan Kehoe
-- Fix: Give clearer errors with #'check-type and non-setf'able PLACEs -- Aidan Kehoe
-- New: #'logcount, function from Common Lisp. -- Aidan Kehoe
-- Improve: Mark #'integer-length, #'logcount as side-effect free. Avoid allocating memory with #'integer-length -- Aidan Kehoe
-- Improve: Respect load-ignore-out-of-date-elc-files, call #'substitute-in-file-name #'load. -- Aidan Kehoe
-- Improve: Sync functionality from GNU, mwheel.el -- Aidan Kehoe
-- Improve: Avoid use of #'vassoc in core code, move it to packages -- Aidan Kehoe
-- Improve: Warn if interactive spec encountered where arglist expected, bytecomp.el -- Aidan Kehoe
-- Improve: Abbrev tables are now vectors, not hash tables. -- Aidan Kehoe
-- Improve: Add compatibility implementation of traditional emacs obarray, now we use hash tables. -- Aidan Kehoe
-- New: help.el, add support for detecting the current Lisp function if we are in the context of a C file. -- Aidan Kehoe
-- Fix: Shadow symbol macros when the corresponding symbols are encountered in lambda argument lists -- Aidan Kehoe
-- Improve: Rename #'font-menu-change-face to #'font-menu-maybe-change-face, fix a bug in it. -- Aidan Kehoe
-- Improve: FORM does not need to be a cons, #'assert -- Aidan Kehoe
-- New: Merge GNU's :height custom-face-attribute. -- Aidan Kehoe
-- Fix: auto-save-unescape-name, correct the hex parsing -- Aidan Kehoe
-- Improve: Replace calls to #'string-match with calls to #'string-match-p if appropriate. -- Aidan Kehoe
-- Improve: Remove keyboard-type, never used. -- Aidan Kehoe
-- Improve: Case tables generated from UnicodeData.txt -- Aidan Kehoe
-- Improve: Make compose.el available on non-X11 platforms. -- Aidan Kehoe
-- Improve: Allow a numeric offset as the APPEND argument to #'write-region. -- Aidan Kehoe
-- Fix: Make #'key-or-mouse-event-p, #'timeout-or-eval-event-p, #'char-or-event-p available. -- Aidan Kehoe
-- New: Import coding-system-history. Adjust #'read-coding-system to use it and to adjust PROMPT based on default-coding-system. -- Aidan Kehoe
-- New: Import pcase.el from GNU. -- Aidan Kehoe

Internal API and Implementation

-- Fix: Canonicalize some ratios -- Jerry James
-- Fix: Change integer arithmetic to fixnums in check_valid_xbm_inline; adjust test to changed error -- Jerry James
-- Fix: Initialization of bignums from long longs -- Jerry James
-- Fix: Replace AC_FUNC_FSEEKO with HAVE_FSEEKO in config.h.in -- Jerry James
-- Improve: Add mp-specific allocation functions -- Jerry James
-- Improve: Prepare for large file support -- Jerry James
-- Improve: Reimplement #'process-synchronize-point as a label in #'call-process-internal -- Aidan Kehoe
-- Improve: Support for statically linked modules -- Jerry James
-- Improve: Use make_fixnum instead of make_integer where size is known to fit in many places -- Jerry James
-- Improve: Lazy conversion of markers when comparing values in the same buffer, giving performance improvements e.g. with large VM buffers -- Aidan Kehoe
-- Improve: Use skip_ascii() in the no-conversion coding system, speeding up writes of large buffers -- Aidan Kehoe
-- Improve: Pass character count information to the buffer insertion code from the no-conversion and Unicode coding systems, speeding up reads of large files -- Aidan Kehoe
-- Improve: Increase the C buffer size used in #'copy-file, #'insert-file-contents-internal, speeding up these operations -- Aidan Kehoe
-- Improve: Add error handling to the coding conversion code -- Jerry James
-- Improve: Quiet compiler warnings with clang, g++, Visual Studio -- Aidan Kehoe, Vin Shelton, Jerry James.
-- Improve: Be more careful dealing with C's isupper() when calculating the inverse table for Vdigit_fixnum_map -- Aidan Kehoe, Vin Shelton.
-- Improve: Work exclusively in byte positions, extent.c -- Aidan Kehoe
-- Improve: Only provide our max_align_t if the current compiler does not. -- Jerry James
-- Improve: Speed of get_char_table () on builds without optimization -- Aidan Kehoe
-- Improve: print_symbol(), read_atom(): Speed these up significantly, add support for non-ASCII digits -- Aidan Kehoe
-- Fix: Avoid problems with GMP and non-finite C doubles. -- Aidan Kehoe
-- Fix: #'truncate: Avoid bugs with bignums and double_to_integer() -- Aidan Kehoe
-- Improve: encode_unicode_char (): Use U+FFFD unconditionally when we have no information on the Unicode mapping of a character. -- Aidan Kehoe
-- Fix: x_IO_error_handler(): Check for a real error in this, avoiding a crash on OS X. -- Stephen Turnbull
-- Improve: #'save-current-buffer: Docstring changes. -- Stephen Turnbull
-- Fix: Regular expression searching within relocating Lisp buffers. -- Aidan Kehoe.
-- Improve: Create less garbage when reading symbols, lread.c -- Aidan Kehoe
-- Improve: No need for NARGS argument to write_fmt_string_lisp() -- Aidan Kehoe
-- Improve: Give the compiler a chance to do strlen at compile time, write_ascstring () -- Aidan Kehoe
-- Improve: Differentiate between char->byte and byte->char conversion and between external->internal, internal->external conversion when profiling. -- Aidan Kehoe
-- Change: Rename emacs_v?sprintf_malloc* functions to emacs_v?asprintf, analagous to their usual Unix equivalents. -- Aidan Kehoe
-- Improve: Make general functions available to convert between C integers of a specific type and Lisp integers, including bignums. Use this. -- Aidan Kehoe
-- Improve: Move various simple, non-loop hotspot, functions from data.c to subr.el -- Aidan Kehoe
-- Fix: Our integer to string code was buggy with LONG_MIN, fix that. -- Aidan Kehoe
-- New: Merge the unicode-internal branch, providing an ISO10646-compatibile internal format to Mule builds -- Ben Wing
-- Improve: Write to the normal stdio object, stderr_out(), stdout_out(). -- Aidan Kehoe
-- Improve: Drop extensive needless Ibyte -> Ichar conversion, redisplay. -- Aidan Kehoe.
-- Improve: Use make_uninit_vector(), make_uninit_string() in Freverse -- Aidan Kehoe
-- Improve: Implement #'looking-at-p, #'string-match-p in C. -- Aidan Kehoe
-- Improve: Circularity checking with unread-command-events. -- Aidan Kehoe
-- Improve: Circularity and well-formedness checking for external lists, Lisp primitives. -- Aidan Kehoe
-- Fix: Respect SIGNALP in PRIVATE_UNVERIFIED_LIST_LOOP_7(), avoiding problems with circular lists. -- Aidan Kehoe
-- Fix: Correct regexp interval handling code. -- Aidan Kehoe, Stephen Turnbull
-- Fix: Error within read1() if a #@INTEGER docstring comment has an unreasonably large integer. -- Aidan Kehoe, Hao Sun.
-- Fix: Error when passed values that would overflow, Fmake_vector(), Fmake_string(), Fmake_bit_vector(). -- Aidan Kehoe
-- Fix: Avoid stack overflow with recursive specifiers, print_specifier (). -- Aidan Kehoe, Raymond Toy
-- Fix: Avoid tying up XEmacs with error messages when specifier instantiator fails. -- Aidan Kehoe
-- Fix: Take a size_t argument, xemacs_c_alloca, check for overflow. -- Aidan Kehoe
-- Improve: Remove gmalloc.c, which is unmaintained, always use system malloc. -- Aidan Kehoe
-- Improve: Remove use of Eistring malloc buffers, write directly to Lisp streams instead. -- Aidan Kehoe
-- Improve: Use the Lisp hash table infrastructure for the X GC cache, improve algorithm. -- Aidan Kehoe
-- Improve: Fix some leaks in the GTK code. -- Aidan Kehoe
-- Improve: Avoid clobbering documentation for compiled function aliases -- Aidan Kehoe
-- Improve: Use an explicit weak list object for the syntax table, specifier, and weak hash table, avoiding duplicating implementation. -- Aidan Kehoe
-- Improve: Move the weak box implementation to Lisp. -- Aidan Kehoe
-- Improve: Only convert markers to integers when needed to compare them. -- Aidan Kehoe
-- Improve: Reduce unnecessary byte-char conversion costs with markers. -- Aidan Kehoe
-- Improve: Adjust the line numbering code to track buffer byte positions, which is cheaper. -- Aidan Kehoe
-- Improve: Reduce needless byte-char conversion in redisplay -- Aidan Kehoe
-- Improve: Save window points as zero-length extents, not C integers -- Aidan Kehoe
-- Improve: Pay attention to wraparound in buffer modification ticks. -- Aidan Kehoe
-- Improve: Rename byte_marker_position to marker_byte_position for GNU compatibility. -- Aidan Kehoe
-- Fix: Correct type description of dynarr lengths -- Aidan Kehoe
-- Fix: Don't choke on an ill-formed or circular Vprocess_environment -- Aidan Kehoe
-- New: Make qxeGetWindowLongPtr and related functions available to the NT code. -- Aidan Kehoe
-- Improve: Rename DONT_EXTERN_INLINE_HEADER_FUNCTIONS to FORCE_INLINE_FUNCTION_DEFINITION. -- Aidan Kehoe
-- New: Make write_external_fmt_string_va () availab, allowing a coding system to be specified for string arguments. -- Aidan Kehoe
-- Improve: Use the existing Lisp list infrastructure with struct expose_ignore. -- Aidan Kehoe
-- Improve: Use the existing Lisp list infrastructure with timeouts. -- Aidan Kehoe
-- Fix: Prevent update_syntax_cache(), Fextent_at() from accessing buffer positions outside the accessible region -- Alan Mackenzie
-- Fix: Make Fscan_sexps() respect syntax table properties, terminating quotes -- Alan Mackenzie
-- New: Flag GB_ALLOW_NIL to indicate to return point for buffer positions, get_buffer_pos_{char,byte} -- Aidan Kehoe
-- New: set_marker_byte_position_restricted(), reduce need to convert to character positions. -- Aidan Kehoe
-- Improve: Use Bytebpos values in the line-start cache -- Aidan Kehoe
-- Improve: Make vertical scrollbars function in terms of lines, not buffer positions, with small buffers -- Aidan Kehoe
-- New: Provide a GET_STRSIGNAL() macro, on the model of GET_STRERROR() -- Aidan Kehoe
-- Improve: Get XEmacs building and runnning on 64 bit Cygwin. -- Aidan Kehoe
-- New: get_buffer_pos_both (), reduce needless byte->char conversion with (goto-char MARKER) -- Aidan Kehoe
-- Improve: Mark generated modeline strings as such, respect this when signalling that extents have changed. -- Aidan Kehoe
-- New: Move match subexpression information to being implemented as extents, giving better warnings and more consistent behaviour with #'replace-match. -- Aidan Kehoe
-- Improve: Remove needless byte-char conversion from search.c -- Aidan Kehoe
-- Improve: Rename string ascii_begin field to ascii_end -- Aidan Kehoe
-- Improve: Move window_end_pos[] to being an array of markers. -- Aidan Kehoe
-- Fix: Avoid recursive entry to redisplay, Fwindow_end(). -- Aidan Kehoe
-- Fix: Never return an invalid buffer position, #'event-point, #'event-modeline-position -- Aidan Kehoe
-- Improve: Remove redisplay_text_width_string(), equivalent to redisplay_window_text_width_string(). -- Aidan Kehoe
-- Improve: Drop caching of GCs under GTK. -- Aidan Kehoe
-- Improve: No need for a hash table mapping marshaller types to functions, ui-gtk.c -- Aidan Kehoe
-- Improve: Use weak lists for the window point and saved_window_start caches -- Aidan Kehoe
-- Improve: Use a weak list for the USID to process mapping -- Aidan Kehoe
-- Improve: Move the main profiling hash table to being a Lisp hash table -- Aidan Kehoe
-- Improve: Implement the mswindows_read_link () cache as a normal Lisp hash table. -- Aidan Kehoe
-- Improve: Remove hash.c, hash.h, no longer used. -- Aidan Kehoe
-- Improve: Correct a bug in ALIST_LOOP_4() -- Aidan Kehoe
-- Improve: Remove support for running as a non-Unicode program under Win32. -- Aidan Kehoe
-- Improve: Remove support for the incremental garbage collector, improving stability, speed, memory usage, and mantainability. -- Aidan Kehoe
-- Improve: Remove support for unexec, improving maintainability. -- Aidan Kehoe
-- Improve: Remove support for the old mark algorithm, KKCC is stable and performant -- Aidan Kehoe
-- Improve: Remove support for systems without job control, mkdir or rmdir, imprve maintainability. -- Aidan Kehoe
-- Improve: Don't modify the compiled pattern in re_match_2_internal, avoiding re-entrancy problems. -- Aidan Kehoe
-- Improve: Represent internal register numbers with two bytes rather than one in compiled regular expressions. -- Aidan Kehoe
-- Improve: Move implementation of long-deprecated #'following-char, #'preceding-char to Lisp. -- Aidan Kehoe
-- Improve: Provide access to the OpenSSL bignum implementation, which doesn't have the reliability concerns of GMP -- Jaakko Salomaa
-- Improve: Better error handling with OpenSSL, TLS -- Jaakko Salomaa
-- Fix: Use the z integer length modifier in C code when printing EMACS_INT -- Aidan Kehoe
-- Improve: Implement total_data_usage() in terms of BSD libkvm. -- Aidan Kehoe
-- Improve: Provide formatted printing that doesn't error to the C code. -- Aidan Kehoe
-- Improve: Never return a negative value to Lisp when hashing. -- Aidan Kehoe
-- Improve: Load the Unicode conversion tables as Lisp structures. -- Jaakko Salomaa
-- Improve: Avoid a blinking TTY cursor -- Jaakko Salomaa
-- Fix: Avoid infinite loop in next_previous_single_property_change () -- Jaakko Salomaa.
-- Fix: Avoid calling Fextent_object () on non-live extents, #'delete-window, #'set-window-buffer -- Aidan Kehoe, Henry Thompson
-- Improve: Have the syntax cache, indentation code work in byte positions. -- Aidan Kehoe
-- Improve: Avoid needles byte-char conversion, process.c -- Aidan Kehoe
-- Fix: Avoid crashes with invalid characters in generated modeline strings and error-checking builds. -- Aidan Kehoe
-- Fix: Avoid the AMD64 red zone confusing find_stack_direction (), alloca.c -- Aidan Kehoe
-- Improve: Changes to bring XEmacs closer to building and running on 64-bit Visual Studio. -- Aidan Kehoe
-- Improve: Reduce memory allocation, use of the regexp engine, gnuserv.el -- Aidan Kehoe
-- Improve: Print the stderr of make-docfile to the terminal instead of silently discarding it. -- Aidan Kehoe
-- Improve: Handle vectors better in backquote.el -- Aidan Kehoe
-- Improve: Use #'string-match-p, #'looking-at-p if match data not used -- Aidan Kehoe
-- Improve: Implement #'eval-when in the byte compiler. -- Aidan Kehoe
-- Improve: Remove alist.el from core code. -- Aidan Kehoe
-- Improve: Minimise calls to #'marker-position in the core Lisp code -- Aidan Kehoe
-- Improve: Use #'apply-partially to create closures with lambdas and lexical variables. -- Aidan Kehoe
-- Fix: Save any existing non-default mode-popup-menu correctly, #'easy-menu-remove -- Aidan Kehoe
-- Improve: Generate digit.el from UnicodeData.txt -- Aidan Kehoe
-- Fix: Deal with byte offsets generated by makeinfo(1), info.el -- Aidan Kehoe
-- Improve: Avoid calls to #'following-char, #'preceding-char in core code -- Aidan Kehoe
-- Improve: Avoid lock files when generating finder-inf.el, make parallel builds more likely to work -- Aidan Kehoe, Mats Lidell
-- Improve: Clean up startup path debugging code -- Jaakko Salomaa
-- Improve: Abstract out the list of things to be saved and restored in #'search-push-state -- Aidan Kehoe
-- Fix: Avoid silent wrapping of fill-column, #'do-auto-fill, #'fill-region-as-paragraph. -- Aidan Kehoe
-- Fix: Don't error with anonymous functions, #'display-call-tree. -- Aidan Kehoe

Testing and Debugging

-- New: Add tests for #'file-attributes -- Mats Lidell
-- Improve: Use print_circle within debug_print() -- Jerry James.
-- New: Test fixnum_to_string with LONG_MIN -- Aidan Kehoe
-- Improve: Process tests -- Stephen Turnbull
-- New: Test require-final-newline, mode-require-final-newline -- Mats Lidell
-- Improve: Only test fontconfig if the font-mgr feature is available -- Aidan Kehoe
-- New: Test #'write-sequence, #'write-string, #'write-line -- Aidan Kehoe
-- New: Test propagation of extent information -- Aidan Kehoe
-- New: Test #'parse-integer, #'digit-char, #'digit-char-p -- Aidan Kehoe
-- New: Test #'substitute -- Aidan Kehoe
-- Improve: Test read and print handling of symbols that look like numbers. -- Aidan Kehoe
-- New: Test character with no Unicode mapping represented as REPLACEMENT CHARACTER, UTF-8 -- Aidan Kehoe
-- New: Test #'integer-length, #'logcount -- Aidan Kehoe
-- New: Superficial tests #'load, #'load-internal -- Aidan Kehoe
-- New: Test #'equalp compiler macro -- Aidan Kehoe
-- New: Check Lisp printer handles relocation of string data OK -- Aidan Kehoe
-- New: Test for insufficient GCPRO in sublis () -- Aidan Kehoe
-- New: Check bug with #'reduce fixed -- Aidan Kehoe
-- New: Test #'make-string-output-stream, #'get-output-stream-string -- Aidan Kehoe
-- New: Test #'format and friends -- Aidan Kehoe, Uwe Bonnes, Aneurin Price, Mike McCormack
-- New: Check no crash with #'decode-time if localtime() returns nil -- Aidan Kehoe
-- New: Check bug in #'mapcon fixed -- Aidan Kehoe
-- New: Check no crash on large number of symbols in an obarray -- Aidan Kehoe
-- New: Test #'normalize-menu-text, #'compare-menu-text -- Aidan Kehoe
-- New: Test #'lexical-let, #'lexical-let* -- Aidan Kehoe
-- New: Test #'string-match-p, #'looking-at-p -- Aidan Kehoe
-- New: Check bug in regexps with backreferences fixed. -- Aidan Kehoe
-- New: Test #'run-hooks and friends -- Aidan Kehoe
-- New: Test #'safe-length -- Aidan Kehoe
-- New: Check special operators GCPRO correctly -- Aidan Kehoe
-- New: Check bugs fixed with intervals in regexps -- Aidan Kehoe
-- New: Test #'auto-save-escape-name, #'auto-save-unescape-name -- Aidan Kehoe
-- New: Test restrictions on ZONE argument to #'encode-time -- Aidan Kehoe
-- New: Test limits on the size of array types -- Aidan Kehoe
-- New: Test the SHADOW argument to #'symbol-macrolet -- Aidan Kehoe
-- New: Check (int-char most-negative-fixnum) gives nil -- Aidan Kehoe
-- New: Check (user-login-name 4294967296) no longer gives "root" -- Aidan Kehoe-- New: Test simple predicates recently moved to subr.el from data.c; test #'ignore -- Aidan Kehoe
-- Improve: Update checking for search algorithm used to take uppercase Unicode sharp s into account -- Aidan Kehoe
-- New: Check ?\x00 not accepted as a converter character, #'format -- Aidan Kehoe
-- New: Test #'max, #'min, #'< and friends with fixnums and markers -- Aidan Kehoe
-- New: Check #'read doesn't get confused with a marker STREAM and a multibyte buffer.  -- Aidan Kehoe
-- New: Test #'car, #'cdr -- Aidan Kehoe
-- New: Test case-insensitive packages (obarrays) -- Aidan Kehoe
-- New: Test named non-shy groups -- Aidan Kehoe
-- New: Test limits of regexp ranges -- Aidan Kehoe
-- New: Check for a bug fixed in #'save-window-start -- Aidan Kehoe
-- New: Check error appropriately with (format "%c" ...), non char-or-char-int-p arguments -- Aidan Kehoe
-- Improve: Tests for #'replace-regexp-in-string -- Aidan Kehoe
-- Improve: Test #'replace-match when stored match data has its start and end positions reversed -- Aidan Kehoe
-- Improve: Naming of bug-hash-table, reproduce-crashes.el -- Aidan Kehoe
-- New: Test bug fixed with display of line numbers in modeline -- Aidan Kehoe
-- New: Check that #'zerop errors with character or marker arguments -- Aidan Kehoe
-- New: Test #'split-char, #'make-char -- Aidan Kehoe
-- New: Test overflow detected with integer parsing code, Lisp reader -- Aidan Kehoe
-- New: Check more than 255 shy groups supported -- Aidan Kehoe
-- New: Test the OpenSSL bignum driver -- Jaakko Salomaa
-- New: Test :error-behavior keyword argument to #'format-into -- Aidan Kehoe
-- New: Test #'apply-partial with lambdas with &rest arguments -- Jaakko Salomaa
-- New: Test get_string_{pos,range}_byte () -- Aidan Kehoe
-- Improve: Call #'test-chars even on unicode-internal builds -- Aidan Kehoe
-- New: Test for a bug in #'byte-optimize-zerop -- Aidan Kehoe

(hauke)

doc: Updated net/netatalk3 to 3.1.15

(hauke)

Update net/netatalk3 to 3.1.15

What's Changed

FIX: CVE-2022-43634
FIX: CVE-2022-45188
NEW: Support for macOS hosts, Intel and Apple silicon, GitHub#281
FIX: configure.ac: update deprecated autoconf syntax
UPD: configure.ac: Support linking with system shared libraries
Introduces the --with-talloc option
FIX: macros: largefile-check macro for largefile (clang 16)
UPD: macros: Update pthread macro to the latest from gnu.org
FIX: initscripts: Modernize Systemd service file.
FIX: libatalk/conf: include sys/file.h for LOCK_EX
FIX: libatalk: Change log level for realpath() error, SF bug#666
FIX: libatalk: Change log level for real_name error, SF bug#596
FIX: libatalk: The my_bool type is deprecated as of MySQL 8.0.1, GitHub#129
UPD: libatalk: allow afpd to read read-protected afp.conf, SF bug#546
UPD: libatalk: Make the "valid users" option work in the Homes
section, SF bug#449
UPD: libatalk: Check that FPDisconnectOldSession is successful, SF bug#634
UPD: libatalk: Bring iniparser library codebase in line with current version 4.1
FIX: afpd: Provide MNTTYPE_NFS on OmniOS to make quota work, GitHub#117
FIX: afpd: Avoid triggering realpath() lookups with empty path, GitHub#277
FIX: spotlight: Spotlight searches can cause afpd to segfault, GitHub#56
UPD: spotlight: add support for tracker3, SF patch#147
FIX: macusers: Fix output for long usernames
FIX: macusers: account for usernames with non-word characters
FIX: macusers: Support NetBSD
FIX: Fix all function declarations without a prototype
FIX: Fix C99 compliance issues
FIX: Fix gcc10 compiler warnings
UPD: Remove acsiidocs sources and release notes script
FIX: manpages: afp.conf: Parameters are not quoted, SF bug#617
FIX: manpages: afp.conf: Document $u in home name, GitHub#123
FIX: manpages: afp.conf: Document the usage of guest user, GitHub#298
FIX: Document how the mysql cnid backend is configured, GitHub#69
FIX: Fix user-visible typos in log output and man pages.
FIX: Fix spelling, syntax, and dead URLs in html manual.
NEW: Create README.md
NEW: Set up GitHub workflow and static analysis with Sonarcloud

(hauke)

'with-current-buffer' takes a buffer; upstream says so, too.

Give it one, since at least XEmacs insists.

(hauke)

When installing files that are in PLIST, grep for for the correct lisp
path for XEmacs.

(hauke)

qpdf will default to gnutls even after the cmake mechanics explicitly
noted there isn't any.

Tell it NOT TO.

(hauke)

doc: Updated net/netatalk22 to 2.2.9

(hauke)

update net/netatalk22 to v2.2.9

Upstream's changelist:

[2.2] fix CVE-2022-45188 by @rdmark in #254
[2.2] papd: Fix incorrect type in printer status check by @smagoun in #320
[2.2] Improvements to the macusers script by @rdmark in #263
[2.2] man pages: create an a2boot man page by @rdmark in #235
[2.2] Improve systemd service dependencies, improving stability at
      boot on wifi only hosts by @rdmark in #233
[2.2] Update manual to match current behavior and correct typos by
      @rdmark in #230 #234 #257
[2.2] Remove release notes code since it's no longer used by @rdmark
      in #256
Create Github workflow that builds, tests, and runs static analysis by
@rdmark in #255 #290 #314

(hauke)

qt6-qtserialport was added, not updated

(hauke)

doc: Updated x11/qt6-qtserialport to 6.4.1

(hauke)

Add the Qt6 version of the qtserialport module.

(hauke)

While gnuplot does not use libXaw, it does use one of the package's
dependencies(xorgproto), which nowe ends up missing in an x11-only build.

Let me guess - the change wasn't build-tested?

(hauke)

Drop a few dead XEmacs master site mirrors.

(hauke)

doc: Updated editors/xemacs-packages to 1.19

(hauke)

Update editors/xemacs-packages

The elisp packages updated are

auctex-1.58-pkg.tar.gz
bbdb-1.35-pkg.tar.gz
calendar-1.42-pkg.tar.gz
debug-1.21-pkg.tar.gz
ecb-1.26-pkg.tar.gz
ede-1.07-pkg.tar.gz
edit-utils-2.59-pkg.tar.gz
eieio-1.10-pkg.tar.gz
eshell-1.21-pkg.tar.gz
eudc-1.44-pkg.tar.gz
general-docs-1.11-pkg.tar.gz
gnus-2.06-pkg.tar.gz
hm--html-menus-1.27-pkg.tar.gz
leim-1.39-pkg.tar.gz
mail-lib-1.85-pkg.tar.gz
mmm-mode-1.09-pkg.tar.gz
prog-modes-2.34-pkg.tar.gz
psgml-1.50-pkg.tar.gz
text-modes-2.06-pkg.tar.gz
time-1.18-pkg.tar.gz
tramp-1.58-pkg.tar.gz
w3-1.42-pkg.tar.gz
xemacs-base-2.47-pkg.tar.gz
xwem-1.27-pkg.tar.gz

(hauke)

Restore conditional PLIST entries.

(hauke)

Remove comment -- upstream has dropped support for openssl 1.0 APIs.

No functional changes.

(hauke)

doc: Updated net/netatalk22 to 2.2.8

(hauke)

Update net/netatalk22 to v2.2.8.

Changes in 2.2.8
================
* NEW: asip-status.pl: IPv6 support; show GSS-UAM SPNEGO blob;
      improved layout of output. (3.1 backport)
* NEW: apple_dump: support for EA meta data. (3.1 backport)
* NEW: Import netatalk-doc into the main repo, and overhaul
      scripts, man pages and html manual sources.
* UPD: Display the Netatalk Daemon icon with the '-icon' afpd.conf
      option for all platforms. GH #214
* UPD: Remove OpenSSL 1.0 backwards compatibility header.
      Please use OpenSSL 1.1 or later.
* UPD: configure: Enable DDP, timelord, and a2boot by default. GH #215
* UPD: configure: Disable Quota by default. GH #198
* FIX: afpd: Create tmp files in /tmp rather than / and clean up
      after use. Regression in 2.2.7. GH #188
* FIX: Provide MNTTYPE_NFS for Solaris descendents to enable
      compiling with Quota. GH #117
* FIX: afpd: reading from file may fail. SF Bug #619 (3.1 backport)
* FIX: timelord: Fall back to timezone when tm_gmtoff is unavailable.
      Makes it work on Solaris descendents. GH #194
* FIX: fix largefile-check macro for largefile with clang 16.
* FIX: Typo fixes in user facing strings.

(hauke)

doc: Updated emulators/tcl-hp-15c to 4.5.00.6308

(hauke)

Update emulators/tcl-hp-15c to v4.5.00

From upstream's changelog:

Version 4.5.00, Build 6308

    Bug fixes

        When stepping into an error with SST in Run mode, the display
        did not show "Error #"
        DM15: Reading and writing worked only when option "Ask for
        each operation" was activated.
        When writing the stack to the DM15, an application error could
        occur under certain conditions.
        When writing to the DM15, Complex mode was deactivated for
        devices with firmware version V.23 and higher.
        macOS: The program menu did not open at the mouse position,
        when clicking GTO with the right mouse button.

    Changes

        NEW: Preferences setting to save the last screen position
        More Preferences settings are accessible directly from the
        main menu bar.
        Program description dialogue:
            A Search and Replace window is available for the program
            description.
            The preference setting "Show resources in tabs" was moved
            to the "Preferences" dialogue.
            The "Search/Replace" and the "Resource" window can be
            switched on and off.
            The toolbar buttons in edit mode can now show icons as an
            alternative to the tag text.
            A context menu (right mouse click) for HTML tagging was
            added.
            New submenu for Superscript/subscript Unicode characters
            in the 'Symbols' menu.
            The 'Symbols' menu is now available as context menu in the
            entry fields for labels, storage registers and flags.
            Improved rendering of lists in preview mode
            The renderer now uses the parameter 'start' of an <ol>
            tag. This is needed in lists with labels, storage
            registers or flags that do not start at 1.
            When reloading a description, the user is asked whether to discard any changes
        macOS: The native macOS "USB to UART" driver, introduces with
        Big Sur, is now supported.
        Improved layout and behaviour of the Mnemonic Converter.
        In PRGM mode programs can now be pasted directly from the
        clipboard into the Simulator.

        New short-cuts
? : [g] F?, query the status of a flag.
        ctrl-F2 : Menu bar on/off on Windows and Linux. On macOS the
        menu bar is always on.

        Executables are packed with tclkits based on Tcl/Tk 8.6.12 for
        all operating systems.

    Known issues
        macOS

            When minimising the description dialogue, it becomes
            immediately maximised again
            Artifacts along the top and bottom edge of the simulator
            keys for some font sets
            Some users got errors when they installed the HP-15C
            Simulator Font. It is recommended to deinstall all
            versions of the font before installing it again.

        Linux, macOS:
            The behaviour described on page 144 of the Owner's
            Handbook when a letter key is 'held down for longer than
            about 3 seconds', works on all systems when you use the
            mouse. When you use the keyboard, it works on Windows, but
            not on macOS and Linux.

Version 4.4.00, Build 6211

    Bug fixes
        SOLVE failed in some cases, when "Strict HP-15 behaviour" was
        enabled.

    Changes
        Memory and history file:
            Starting with this version, only ".mme" (matrix memory)
            memory files are loaded. Older memory files with the
            extension ".mem" are ignored, even if no ".mme" file is
            found.
            Linux and macOS: The memory and the history file are now
            in a (hidden) subdirectory ~/.HP-15C. Existing files are
            moved to the new location.
            The file names of the memory file, HP-15C.mme and the
            recent file history, HP-15C.hst, are now the same on all
            systems.

        Program description dialogue:

            The "Symbols" menu now inserts Unicode characters by
            default instead of HTML Entities (except for &lt; and
            &gt;). This can be deactivated in the Preferences.
            The <img> is now also rendered. Supported graphic formats
            are PNG and GIF.
            New Preferences setting to automatically open the dialogue
            after loading a program.
            Improved preview for nested lists.
            Additional keyboard short-cuts (see section "Programs |
            Program Documentation" in the HTML help).

        HTML export:
            Preformatted text, i.e. <pre>\u2026</pre>, has a light
            grey background.
            Most keys have the same width, except some with long
            labels such as MATRIX. Previously the width was defined by
            the label.
            Optimised layout for Labels and Storage Register
            descriptions

        Preferences: New option to show descriptions in the storage
        register menus.
        DM15 support: New entry in the DM15 menu to read the system
        information, e.g. firmware type, version etc.
        Program labels where the description starts with a "#" are not
        in the GSB menu. This allows it to hide subprograms.
        Updated all URLs from "http" to "https" when supported by the
        web site.
        Harmonised titels of all windows, message boxes and dialogue
        boxes.
        Added a "Keyboard Usage" table to the "Keyboard" section in
        the documentation.
        Windows 11 support added.
        New short-cuts

? : [g] F?, query tthe status of a flag.
A : Computes the absolute value of the number in the X-register.
shift-D : Converts the number in the X-register from radians to degrees.
shift-F : Computes the decimal fraction of the number in the X-register.
shift-M : Converts the number in the X-register from a decimal hours into an hours-minutes-seconds-decimal seconds format.
shift-H : Converts the number in the X-register from hours-minutes-seconds-decimal seconds format into decimal hours.
shift-R : Converts the number in the X-register from degrees to radians.

    Known issues
        macOS
            When minimising the description dialogue, it becomes
            immediately maximised again
            Artifacts along the top and bottom edge of the simulator
            keys for some font sets
            Some users got errors when they installed the HP-15C
            Simulator Font. It is recommended to deinstall all
            versions of the font before installing it again.

        Linux, macOS:

        The behaviour described on page 144 of the Owner's Handbook
        when a letter key is 'held down for longer than about 3
        seconds', works on all systems when you use the mouse. When
        you use the keyboard, it works on Windows, but not on macOS
        and Linux.

Version 4.3.00, Build 6111

    Bug fixes
        Improved interrupt handling while running a program
            Only mouse clicks on a simulator key will interrupt a
            program. Previously any mouse click interrupted a program.

            The program now stops immediately and more
            reliable. Previously, especially when the program uses
            SOLVE or [integral]xy, it could take a few seconds, or you
            even had to press or click multiple times, to actually
            stop the program.

        When both SOLVE and [integral]xy were used in a program,
            the display did not flash "running" but showed it permanently
            the return stack could overflow resulting in "Error 5"
            interrupting the program could result in an invalid return
            stack. Resulting in "Error 5" with the next GSB command

        Program description dialogue:
            When inserting a new tag or after undo, the new or
            restored text was not highlighted
            When inserting a tag or a symbol into unchanged
            documentation, the change status was not set.
            In specific multi display configurations, reloading the
            dialogue could result in an application error

        When opening a faulty program file, the error message was incorrect
        Linux: On screens with high DPI values, the simulator display
        and the function labels were misaligned
        Linux: On systems with extreme scaling, no valid font set was
        found

    Changes
        Program description dialogue:
            Links in the description can now be clicked
            <pre> is now used instead of <code> for formatted code,
            e.g. formulas
            Short-cuts for HTML tags <sup> and <sub> added
            Enhanced and optimised "Symbols" menu
            Switching between "Show resources in tabs" and list mode
            does not change the size of the dialogue (unless it is to
            small for list mode)
            Dialogues to warn about unsaved changes are more consistent

        Depending on the functions used in an HP-15C program,
        execution time has been reduced by 30% to 70%
        Windows: The font sets for normal and high DPI values have
        been merged.
        Linux package support: The environment variable HP15Cdocdir
        can be used to install the simulator documentation separate
        from the program binary file.
        Mnemonic Converter: The Unicode 'Latin Letter Small Capital
        \u1d07' is accepted as exponent character , e.g. 1\u1d077, to
        support Free42 output conversion.
        The oldest supported Tcl version is now 8.6.6 (was: 8.5.12)

    Known issues
        macOS Big Sur:
        The following issues are incompatibilities between the Tcl/Tk
        runtime and macOS Big Sur. Earlier versions of macOS are not
        affected.
            Active buttons on dialogues have white text on white
            background, the active button text turns black if you
            change the focus back to the main window
            When minimising the description dialogue, it becomes
            immediately maximised again
            Fonts in the menus are a bit blurry on some systems
            Artifacts along the top and bottom edge of the simulator
            keys on some displays (>24 inch?)

        Linux, macOS:
        The behaviour described on page 144 of the Owner's Handbook
        when a letter key is 'held down for longer than about 3
        seconds', works on all systems when you use the mouse. When
        you use the keyboard, it works on Windows, but not on
        MacOS X and Linux.

        macOS:
            Some users got errors when they installed the new HP-15C
            Simulator Font version under macOS El Capitan and
            newer. The macOS Sierra font validation program reports no
            warnings or errors. It is recommended to deinstall any
            older version of the font before installing the new
            version. Despite the errors, the font can be installed and
            used.
            The "Emoji and Symbols" menu does not work. This is a
            known Tcl/Tk bug.

Version 4.2.00, Build 6026

    Bug fixes
        SOLVE could fail, when the two initial estimates were
        identical.
        STO or RCL followed by g (i), to set or get the value of a
        matrix element, did not work.
        x<-> failed when the X-register contained a matrix
        descriptor.
        In ENG 0 display format, numbers with 3 digits in the mantissa
        were displayed with only 2 digits.
        Writing the LU form of a matrix of dimension n to the DM15
        failed, when the number of permutations was smaller then n-1.
        When the display was blinking due to an overflow, the blinking
        was erroneously stopped by switching the PRGM mode on/off.

    Changes
        Program description dialogue:
            New preferences setting: "Automatic preview". Important
            note: The setting is 'On' by default.
            If set to 'On' and the "Usage" field of the program
            description contains HTML tags or entities, the program
            description dialogue opens in preview mode.
            The HTML tag buttons layout was optimised. The effect is
            most visible under macOS.
            Short-cuts are now defined for the supported HTML tags and
            the HP-15C specific css classes
            The labels for the tag buttons for bold and italic are now
            in the language of the UI.
            New menu to add HTML Entities, i.e. Greek letters,
            mathematical symbols and arrows.
            Improved rendering of the HP-15C specific css classes in
            preview mode.
            HTML Entities, e.g. "&pi;", are now rendered using the
            corresponding Unicode character, e.g. pi.
            The initial width of the dialogue is now always appx. 40% of the screen.
            The initial height on large screens has been increased.
            When switching "Show resources in tabs" on or off, only
            this section is redrawn and not the whole window.
            Resources are now always shown in at least two columns if
            more then one of each type is used in a program.
            The "Author Information" is now inserted into an empty
            "Usage" field, when the program description dialogue is
            openend.

        Reading and writing files:
            With the HTML export, "Keys in black and white" now also
            affect the program description and not only the program
            listing.
            With the HTML export and "Structure in English" activated,
            the decimal point is now always a dot and the thousands
            seperator a comma. Previously the current display settings
            where used.
            When opening program files, key sequences with a decimal
            point, e.g. STO . 3, can now be formatted as { 45 ,3 } or
            { 45 .3 } in addition to { 45 48 3 }. The additional
            format is more common in the Web.

        New short-cut

[N] : Computes the integer of the number in the X-register, i.e. makes it a natural number.
Alt-F3 : Show GSB menu.

        The documentation was reviewed and standardised with regard to
        spelling, grammar and presentation.
        Only 64-bit executables are provided from now on. For 32-bit
        operating systems the source code version can be used, if
        Tcl/Tk is available on that system.
        Only macOS 10.15 and newer versions are supported from now
        on. The executables may run on older versions, but this has
        not been tested.
        Executables are now packed with tclkits based on Tcl/Tk 8.6.10
        for all operating systems.
        In the 'About' dialogue, the Tcl/Tk shell program and the
        Tcl/Tk version are now only shown in the source code version.

    Known issues
        Linux, macOS:
        The behaviour described on page 144 of the Owner's Handbook
        when a letter key is 'held down for longer than about 3
        seconds', works on all systems when you use the mouse. When
        you use the keyboard, it works on Windows, but not on
        MacOS X and Linux.
        macOS:
            Some users got errors when they installed the new HP-15C
            Simulator Font version under macOS El Capitan and
            newer. The macOS Sierra font validation program reports no
            warnings or errors. It is recommended to deinstall any
            older version of the font before installing the new
            version. Despite the errors, the font can be installed and
            used.
            The "Emoji and Symbols" menu does not work. This is a
            known Tcl/Tk bug.

Version 4.1.00, Build 5914

    Bug fixes
        It was possible to close the simuator with an invalid number
        in the X register. The memory file had to be deleted, before
        the Simulator would start again.
        Source code version: The simulator could be started only from
        the directory with the source code.
        The Mnemonic Converter created invalid Key Codes for STO and
        RCL in USER mode.
        On some Linux systems with 4k displays the area around the
        display could be corrupted.

    Changes
        NEW: A "Recent programs" history is now available as a submenu
        to the context or ON popup menu and in the "Files" menu of the
        main menu bar.
        Like the real HP-15C, the Simulator now uses the Romberg
        method for numerical integration. Previous versions used the
        Simpson method and the implementation - over 15 years old -
        failed for some integrals.
        Improved layout of the backside, especially for larger font sets.
        Revised and improved program description dialogue:
            The "Highlight tags" check box has been moved from the
            Program Description dialogue to the Preferences dialogue.
            The preview mode now supports the HTML tags "<sup>" and "<sub>".
            When an HTML tag range is highlighted, e.g. "<bold>some
            text</bold>", clicking the corresponding tag-button now
            removes the tag.
            The blank part of indented text did not have the correct
            background colour.
            The last position on the screen is stored. The position is
            discarded when the program is closed.

        Executables are now packed with tclkits based on Tcl/Tk 8.6.9
        for Windows and Linux, 8.6.8 for macOS HighSierra and 8.6.7
        macOS prior to macOS HighSierra.

    Known issues
        Linux, macOS:
        The behaviour described on page 144 of the Owner's Handbook
        when a letter key is 'held down for longer than about 3
        seconds', works on all systems when you use the mouse. When
        you use the keyboard, it works on Windows, but not on
        MacOS X and Linux.
        macOS:
            Some users got errors when they installed the new HP-15C
            Simulator Font version under macOS El Capitan and
            newer. The macOS Sierra font validation program reports no
            warnings or errors. It is recommended to deinstall any
            older version of the font before installing the new
            version. Despite the errors, the font can be installed and
            used.
            A user reported that the Simulator does not run on
            MacOS X 10.6 "Snow Leopard". It seems that at
            least MacOS X 10.7 "Lion" is needed.
            The "Emoji and Symbols" menu does not work. This is a
            known Tcl/Tk bug.

(hauke)

doc: Updated security/vaultwarden to 1.27.0

(hauke)

Upgrade security/vaultwarden to v1.27

From upstream's excuse for a changelog:

1.27.0 Latest

New features

Event logs for organizations

With this feature enabled, actions occurring inside an organization
will be recorded in a log, viewable by organization admins and
owners. Check the official documentation to learn more:
https://bitwarden.com/help/event-logs/ (Note that the Public API is
not yet implemented, so the events are only viewable in the Web Vault)

To enable this feature, set ORG_EVENTS_ENABLED=true. By default all
events will be stored indefinitely, if you want to limit that, you can
use the EVENTS_DAYS_RETAIN option. You can also tune the cleanup
schedule with EVENT_CLEANUP_SCHEDULE.  Group support (beta)

Enables the creation and use of groups inside an organization. At the
moment this is in beta because there are some known issues
(#2989). Still, the more this feature is tested, the faster we will be
able to stabilize it.

To enable this feature, set ORG_GROUPS_ENABLED=true, make sure to make
proper backups of your instance before hand.

What's Changed
    Group support | applied .diff by @MFijak in #2846
    Add Organizational event logging feature by @BlackDex in #2868
    Updated web vault to 2022.12.0 by @dani-garcia
    Update diesel to 2.0.2 by @dani-garcia in #2724
    Limit Cipher Note encrypted string size by @BlackDex in #2945
    fix invitations of new users when mail is disabled by @stefan0xC in #2773
    attach images in email by @stefan0xC in #2784
    allow registration without invite link by @stefan0xC in #2799
    Fix master password hint update not working. by @BlackDex in #2834
    Sync global_domains.json by @jjlin in #2840
    verify email on registration by invite by @stefan0xC in #2804
    Take ROCKET_ADDRESS into account in the Docker healthcheck by @jjlin in #2844
    Update github workflows by @BlackDex in #2852
    feat: Bump web-vault to v2022.10.1 by @GeekCornerGH in #2859
    Update Rust version, deps and workflow by @BlackDex in #2888
    Add /devices/knowndevice endpoint by @BlackDex in #2893
    fix: removed a double space by @GeekCornerGH in #2894
    Support Org Export for v2022.11 clients by @BlackDex in #2899
    Use constant size generic parameter for random bytes generation
by @samueltardieu in #2910
    Update config comment to reflect rfc8314. by @skid9000 in #2911
    Set "Bypass admin page security" as read-only by @BlackDex in #2918
    Fully remove DuckDuckGo email service. by @BlackDex in #2919
    Added missing register endpoint to identity by @BlackDex in #2920
    Prevent DNS leak when icon regex is configured by @BlackDex in #2921
    Update settings description by @karbobc in #2928
    allow managers to set groups of a collection by @stefan0xC in #2933
    Update Vaultwarden Logo's by @BlackDex in #2940
    check if sqlite folder exists by @stefan0xC in #2873
    redirect to admin login page when forward fails by @stefan0xC in #2886
    Cleanups and Fixes for Emergency Access by @BlackDex in #2936
    Update dependencies for Rust and Admin interface. by @BlackDex in #2941
    Fix admin repost warning. by @BlackDex in #2953
    Add dev-only query logging support by @BlackDex in #2954
    Fix managers and groups link by @BlackDex in #2947
    use a custom 404 page by @stefan0xC in #2948
    Increase privacy of masked config by @BlackDex in #2963
    Improve comments by @tessus in #2969
    use black favicon for /admin by @tessus in #2970
    Remove ctrlc crate and some updates by @BlackDex in #2971
    Fix org export (again) by @BlackDex in #2973
    Revert collection queries back to left_join by @BlackDex in #2976
    Fix recover-2fa not working. by @BlackDex in #2994
    Disable groups by default and Some optimizations by @BlackDex in #2995
    Fix a panic during Yubikey register/login by @BlackDex in #3006

1.26.0
What's Changed

    Updated web vault to v2022.10.0
    Fix uploads from mobile clients (and dep updates) by @BlackDex in #2675
    Update deps and Alpine image by @BlackDex in #2665
    Add support for send v2 API endpoints by @BlackDex in #2756
    External Links | Optimize behavior by @Fvbor in #2693
    Add Org user revoke feature by @BlackDex in #2698
    Change the handling of login errors. by @BlackDex in #2729
    Added support for web-vault v2022.9 by @BlackDex in #2732
    add not_found catcher for 404 errors by @stefan0xC in #2768
    Fix issue 2737, unable to create org by @BlackDex in #2738
    Rename/Fix revoke/restore endpoints by @BlackDex in #2739
    Update CSP for DuckDuckGo email forwarding by @jjlin in #2812
    check if data folder is a writable directory by @stefan0xC in #2811
    Update build workflow by @BlackDex in #2744
    fix: tooltip typo by @djbrownbear in #2746
    Update libraries and Rust version by @BlackDex in #2758
    Fix organization vault export by @BlackDex in #2765
    allow the removal of non-confirmed owners by @stefan0xC in #2772
    v2022.9.2 expects a json response while registering by @stefan0xC in #2803
    make invitation expiration time configurable by @stefan0xC in #2805
    return more descriptive JWT validation messages by @stefan0xC in #2806
    Add CreationDate to cipher response JSON by @jjlin in #2813
    fix link of license badge by @stefan0xC in #2816

Thanks to pin@ for the workaround to patch a release crate.

(hauke)

Unlink temp file after using it to check for EA support.
Fixes GitHub issue #188

Patch from upstream

(hauke)

Un-break FreeBSD build - it does not define ENODATA.

See also this thread
<kern/2012/04/30/msg013090.html>.">https://mail-index.netbsd.org/tech-kern/2012/04/30/msg013090.html>.

(hauke)

doc: Updated net/netatalk3 to 3.1.14

(hauke)

Update net/netatalk3 to v3.1.14

From the upstream ChangeLog:

    FIX: fix build with libressl >= 2.7.0
    NEW: Added Ignore Directories Feature
    UPD: Generate Unicode source code based on the latest https://www.unicode.org/Public/UNIDATA/UnicodeData.txt
    FIX: Protect against removing AFP metadata xattr
    FIX: avoid setting adouble entries on symlinks
    FIX: add handling for cases where ad_entry() returns NULL
    FIX: Fix setting of LD_LIBRARY_FLAGS ($shlibpath_var).
    FIX: Fedora migrating away from IO::Socket::INET6 to IO::Socket::IP
    FIX: afpd: check return values from setXXid() functions
    FIX: afpd: drop groups in become_user_permanently()
    FIX: Fix use after free in get_tm_used()
    FIX: Fix sign extension problem in bsd_attr_list()
    FIX: Fix garbage read in bsd_attr_list
    FIX: make afpstats python 3 compatible
    UPD: docs: manual: Remove wrong TCP-over-TCP info; minor copy editing
    FIX: configure.ac: fix macro ordering for CentOS 6
    FIX: configure.ac: fix typo Reviewed-by: Ralph Boehme slow@samba.org
    FIX: configure.ac: remove some trailing whitespace Reviewed-by: Ralph Boehme slow@samba.org
    FIX: configure.ac: fix deprecated macro invocation Reviewed-by: Ralph Boehme slow@samba.org
    FIX: configure.ac: replace obsolete macro Reviewed-by: Ralph Boehme slow@samba.org
    FIX: libatalk/dsi/Makefile.am: fix deprecation warning
    FIX: Store AutoMake helper script in build-aux/
    FIX: configure.ac: define a dir for macros
    FIX: configure.ac: AM_CONFIG_HEADER is deprecated
    FIX: autotools: Fix another deprecation warning
    FIX: libgcrypt typo in configuration error message
    UPD: Various CI improvements
    FIX: libatalk/conf: re-generation of afp_voluuid.conf
    UPD: libatalk/conf: code cleanup and add locking to get_vol_uuid()
    UPD: add documentation for the lv_flags_t
    FIX: No need to check for attropen on Solaris #44

GC unused PLIST options.

(hauke)

doc: Updated net/netatalk22 to 2.2.7

(hauke)

Update net/netatalk22 to v2.2.7.

From the upstream ChangeLog:

[2.2] Fix 'multiple definition' compile time errors by @rdmark in #136
[2.2] Remove bitrotted code by @rdmark in #139
[2.2] Fixes for the OpenSSL 1.1 API; add OpenSSL 1.0 backwards compat by @rdmark in #142
[2.2] Install afp_ldap.conf based on LDAP support, not availability of ACLs. by @rdmark in #143
[2.2] Resolve gcc 10 compile time warnings on Linux by @rdmark in #165
[2.2] Downstream patches for NetBSD compatibility by @rdmark in #148
[2.2] Make timelord work on non-big-endian systems; ability to sync localtime by @rdmark in #151
[2.2] Resolve papd compile time errors due to deprecated CUPS calls by @rdmark in #152
[2.2] Resolve automake warnings running bootstrap by @rdmark in #153
[2.2] Handle special FIRSTNET behavior on NetBSD by @rdmark in #154
[2.2] papd patches for compatibility with older Apple LaserWriter drivers on Mac and GS/OS by @rdmark in #156
[2.2] Allow non-unicode volume to be scanned by the repair tool. by @rdmark in #158
[2.2] Update init script templates to start/stop a2boot daemon. by @rdmark in #160
[2.2] Backport Netatalk 3 patches by @rdmark in #161
[2.2] papd: Send replies to client when printing to prompt more data by @rdmark in #162
[2.2] afpd: Add option to disable afp session tickles by @rdmark in #163
[2.2] Update for Unicode 14 by @rdmark in #164
[2.2] Made the AsanteTalk bridge consistently start up in AppleTalk Phase 2
(hauke)

doc: Updated sysutils/tsm8 to 8.1.15.2

(hauke)

Update sysutils/tsm8 to 8.1.15.2

This is a teeny patch release; upstream does not provide a proper changelog.

Default to retrieving the distfile via https, since ftp transfers
result in corrupted files for some.

(hauke)

Fix tyop

pkglint

(hauke)

When building without any mdns support on NetBSD (at least), configure
will still find the base mdnssd, and build and install ippfind
support. This will lead to a PLIST error -- as far as pkgsrc is
concerned, we did not enable it.

Tell configure explicitly to not add mdns support when we don't want any.

While here, group mdnssd and avahi as optional and mutually exclusive.

(hauke)

doc: Updated sysutils/tsm8 to 8.1.15.0

(hauke)

sysutils/tsm8: Update from 8.1.13 to 8.1.15

This is a bugfix release; upstream does not provide a changelog.

(hauke)

Add the libcrypt1 library, for the sake of sysutils/tsm8.

(hauke)

doc: Updated devel/php-libawl to 0.63

(hauke)

Update devel/php-libawl to 0.63, in lockstep with davical 1.1.11

(hauke)

doc: Updated www/davical to 1.1.11

(hauke)

Update www/davical to 1.1.11

From https://wiki.davical.org/index.php?title=Release_Notes/1.1.11:

=== Bug Fixes ===
* Tasks show up in Free/Busy (#257)
* php compatibility: Creating principal fails on 8.1 (#271)
* PHP 8 deprecations: htmlspecialchars in always.php (#266)
* PHP 8: "Exception [0] array_flip(): Argument #1 ($array) must be of
  type array, null given" at principal-edit.php (#260)
* Exception in inc/iSchedule.php, Argument #1 must be of type
  Countable|array (#252)
* Users with passwords containing a quotation mark cannot login (#259)
* Create new users, impossible... (#250)
* Wrong FreeBusy duration when the DTSTART of the event is the same as
  the DTEND (#247)
* Remove deprecated get_magic_quotes* function call from setup.php (234)
* "Login failure" when password contains HTML special characters (#229)

=== Other Changes ===
* Changes to Gitlab CI, unit and regression tests

(hauke)

Newer PHP versions (8.1 here) want global variables imported to
functions explicitly.

The patch fixes
<https://gitlab.com/davical-project/davical/-/issues/271>.

(hauke)

Correct tyop, re-word sentence.

(hauke)

doc: Updated x11/nx-libs to 3.5.99.26

(hauke)

x11/nx-libs: Update to 3.5.99.26

Minor bugfixes
distfile is on github now

(hauke)

doc: Updated sysutils/p5-Unburden-Home-Dir to 0.4.2

(hauke)

sysutils/p5-Unburden-Home-Dir: Update to 0.4.2

Various minor bug fixes, and github related changes.

(hauke)

doc: Added security/vaultwarden version 1.25.2

(hauke)

Vaultwarden is a Bitwarden server API implementation written in Rust,
compatible with upstream Bitwarden password manager clients.

It is well-suited for self-hosted deployment, where running the
official resource-heavy service might not be ideal.

(hauke)

doc: Updated www/php-glpi to 10.0.2

(hauke)

Upgrade www/php-glpi from 9.4.6 to 10.0.2

This is a major update, providing fixes to multiple security
vulnerabilities, compatibility with current PHP and MySQL/Mariadb
versions. An extensive changelog is at
<https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md>.

(hauke)

Unbreak by adapting to upstream's Language Policing, where necessary:

master -> primary, slave -> secondary

(hauke)

doc: Updated mail/milter-greylist to 4.6.4

(hauke)

Update mail/milter-greylist to v4.6.4.

This unbreaks the build, and should probably be pulled up.

(hauke)

Use older register names on MacOS X 10.4 "Tiger", taken from MacPorts

(hauke)

Restore a SYSCONFDIR path substitution that had gone lost, probably as
a result of running mkpatches after 'make configure'.

(hauke)

doc: Updated net/netatalk3 to 3.1.13

(hauke)

net/netatalk3 update to 3.1.13

Security update - from upstream's release nites:

Changes in 3.1.13
~~~~~~~~~~~~~~~~~
* FIX: CVE-2021-31439
* FIX: CVE-2022-23121
* FIX: CVE-2022-23123
* FIX: CVE-2022-23122
* FIX: CVE-2022-23125
* FIX: CVE-2022-23124
* FIX: CVE-2022-0194
* FIX: afpd: make a variable declaration a definition
* UPD: Remove bundled libevent

(hauke)

Roll back the previous commit.

The default tar extractor silently skipped the missing file

./src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/iso_schematron_skeleton_for_xslt1.xsl

and after switching to gtar as extractor the package builds correctly.

(hauke)

For reasons unknown, the Solarish build (OmniOSCE here) installs one
file less than the others. Tweak the PLIST generation to make it so.

(hauke)

doc: Updated sysutils/tsm8 to 8.1.13.0

(hauke)

Update sysutils/tsm8 to v8.1.13

This is a bugfix release; upstream does not really provide a changelist.

While here, deal with fallout from introducing yet another global
*_SUPPORTED variable.

(hauke)

Unbreak oracle-j*8 packages -- "Contains pre-built binaries", so no PIE support.

(hauke)

Ignore 'linsysfs' filesystem on FreeBSD

(hauke)

Unlike netatalk 2.x, the 3.x afpd writes its pid to a non-configurable
and non-canonical place.

Makes 'service netatalk status' actually work.

(hauke)

Add suse*_locale dependency, since dsmc is complaining about it.

(hauke)

Apply upstream's patch to <https://github.com/lldpd/lldpd/issues/489>
"bridge0 is a bridge too big. Please, report the problem"

(hauke)

doc: Updated net/lldpd to 1.0.13

(hauke)

Update net/lldpd to v1.0.13

This is a bugfix release; upstream lists changes at
<https://github.com/lldpd/lldpd/releases>

(hauke)

doc: Updated sysutils/p5-Unburden-Home-Dir to 0.4.1.3

(hauke)

Update Unburden-Home-Dir to v0.4.1.3

Bugfix release

(hauke)

Substitute the patform's audio device in config file.

(hauke)

Substitute pkgsrc paths in alsa.conf

(hauke)

doc: Updated x11/gtkdatabox to 1.0.0

(hauke)

Update gtkdatabox to v1.0.0

>From the changelog:

2021:
- Clean-up code for GTK3 and release it.
- Added new function to set the background color of databox:
  gtk_databox_set_bg_color().
- Added GtkDoc documentation option: ./configure --enable-gtk-doc.
- Removed libglade support, as it's not maintained anymore and
  depends on GTK2.

(hauke)

Make sure we build this python 2 compatible package against, well,
python 2.

(hauke)

Un-break by making sure a py27 compatible py-pygments version gets
installed; py-docutils, which depends on it, is happy with that.

(hauke)

Put the '--tag=CC' where it belongs. It didn't help that the package
only breaks when built from pkg_rolling-replace, but not with a 'make
package'.

(hauke)

Unbreak libtool invocation, and wrap long lines.

(hauke)

For the sake of MKPIE, we need to .include Makefile.common before
options.mk.

Since Makefile.common now does not see the x11 option, we have to move
all x11 related commands into options.mk. Within options, move
.includes to the end for consistency.

(hauke)

doc: Updated devel/py-pysvn to 1.9.15

(hauke)

Update pysvn to v1.9.15.

Upstream does not provide a CHangeLog, but it's been six years.

(hauke)

Providing functions missing from xemacs 21.4 (stable) with a
conditional defun will be less intrusive, and shorten the patch.

(hauke)

On 21.4, line-move only takes one argument.
Patch lisp/xemacs-base/simple-more.el to accomodate.

(hauke)

X11 option change undone, as requested by wiz@

(hauke)

Registering the fonts via FONTS_DIRS.ttf incurs a dependency on
mkfontdir, which means X11.

Since there are legitimate uses for fonts on sans-X machines
(rrdtool), control the dependency with a (default) x11 option.

(hauke)

Fix sttutter in comment.

(hauke)

The pkgsrc framework has become more strict, and registering fonts for
installation per FONTS_DIRS.x11 will mandate an X11 dependency.

At this point, only the x-symbol package is concerned. Since it needs
to be able to cope with a non-graphical console anyway, we install it
unconditionally, skip the PLIST dance, and just depend the font
registration on X11 availabiluty.

(hauke)

On Arch Linux, at least, mod_md will be built (and cause a PLIST
error) unless explicitly disabled.

(hauke)

Disallow for-pay distribution, e.g. on CDROMs (does anybody do that
these days?)

(hauke)

doc: Added math/smath-studio version 0.99.7822

(hauke)

Add SMath Studio as math/smath-studio.

While the license allows to re-distribute the source tarball
unchanged, an automatic download fails, so it will have to be
downloaded in a browser.

From the upstream description:

SMath Studio is a tiny, powerful, free mathematical program with
WYSIWYG editor and complete units of measurements support.

It provides numerous computing features and rich user interface
translated into about 40 different languages. The application also
contains an integrated mathematical reference book.

It can be easily extended based on your needs. A built-in Extensions
Manager tool allows to get access to hundreds official and third-party
resources of the following types: usage examples, plug-ins, SMath
Viewer based applications, snippets, interface translations,
interactive books, handbooks and tutorials.

(hauke)

Darwin (Mac OS X 10.13 here) needs iconv linked in for utf8 support.

(hauke)

doc: Updated sysutils/tsm8 to 8.1.12.0

(hauke)

sysutils/tsm8 -- TSM client update to v8.1.12

pkgsrc changes: cli client tested with FreeBSD 13

Upstream changes:

V8.1.12

Security Bulletin: Stack-based Buffer Overflow vulnerabilities in IBM
Spectrum Protect Back-up Archive Client and IBM Spectrum Protect for
Space Management (CVE-2021-29672, CVE-2021-20546)
https://www.ibm.com/support/pages/node/6445497

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum
Protect Backup-Archive Client NetApp Services (CVE-2020-1971,
CVE-2021-23840, CVE-2021-23841)
https://www.ibm.com/support/pages/node/6445489

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM
Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space
Management, and IBM Spectrum Protect for Virtual Environments
(CVE-2020-27221, CVE-2020-14782)
https://www.ibm.com/support/pages/node/6445483

To find the fixed APARs in this version, see: IBM Spectrum Protect
Backup-Archive Client 8.1.12 APARs and 8.1.12.x APARs
https://www.ibm.com/support/pages/node/6429561

(hauke)

Set SUSE_PREFER explicitly for recent FreeBSD releases.

Otherwise, we end up with 10.0, which does not support FreeBSD, even
in the presence of newer suse_ packages installed -- so much for *_PREFER.

(hauke)

Add FreeBSD-{i386,x86_64} to supported platforms.

(hauke)

Add freebsd-{i386,x86_64} to _EMUL_PREFER.

No preference, no emulation...

(hauke)

Unbreak FreeBSD build - it has extended attributes, too.

(hauke)

Re-enable building databases/ldb without ldap support.

(hauke)

Install afp_ldap.conf based on LDAP support, not availability of ACLs.

Have the CNID_DB repair tool warn about unsupported file-system
encoding, but not error out.

Correct some pkglint fallout.

(hauke)

Use gtar instead of the base tar(1) in the xemacs* top-level Makefile
because of a problem with NetBSD-current libarchive-as-tar, see bin/56080.

Note this depencency is not a burden, since xemacs-packages requires
gtar, anyway.

(hauke)

doc: Updated devel/py-hg-git to 0.10.0

(hauke)

Update package to 0.10, fixing an "AttributeError: 'bytes' object has
no attribute 'encode'" during 'hg clone'.

From upstream's changelog:

hg-git 0.10.0 (2020-02-01)
The 0.10.x series will be the last one supporting Python 2.7 and
Python 3.5. Future feature releases will only support Python 3.6 and
later and Mercurial 5.2 or later.
Enhancements:

Add support for proper HTTP authentication, using either
~/.git-credentials or just as with any other Mercurial remote
repository. Previously, the only place to specify credentials was in
the URL.
Add --git option to hg tag for creating lightweight Git tags.
Always show Git tags and remotes in hg log, even if marked as
obsolete.
Support {gitnode} keyword in templates for incoming changes.
Support HTTP authentication using either the Mercurial
configuration, git-credentials or a user prompt.
Support accessing Git repositories using file:// URIs.
Optimise writing the map between Mercurial and Git commits.
Add debuggitdir command that prints the path to the cached Git
repository.

Bug fixes:

Fix pulling changes that build on obsoleted changesets.
Fix using git-cleanup from a shared repository.
Fix scp-style �URIs� on Windows.
Fix hg status crashing when using .gitignore and a directory
is not readable.
Fix support for .gitignore from shared repositories and when
using a Mercurial built with Rust extensions.
Add brotli to list of modules ignored by Mercurial's
demandimport, so urllib3 can detect its absence on Python 2.7.
Fix the git protocol on Python 3.
Address a deprecation in Dulwich 0.20.6 when pushing to Git.
Fix configuration path sub-options such as remote:pushurl.
Fix pushing to Git when invalid references exist by disregarding
them.
Always save the commit map after an import.
Add support for using Python 3 on Windows.
Mark gimport, gexport and gclear as advanced as they are
either complicated to understand or dangerous.
Handle backslashes in .gitignore correctly on Windows.
Fix path auditing on Windows, so that e.g. .hg and .git
trigger the appropriate behaviour.

Other changes:

More robust tests and CI infrastructure.
Drop support for Mercurial 4.3.
Updated documentation.

(hauke)

Fix buildlink path.

(hauke)

Fix buildlink path.

(hauke)