Sponsored by:	Miles AS

Sponsored by:	Miles AS

PR:		254363
Reported by:	fault.seg@laposte.net

PR:		254526
Security:	https://s.apache.org/ng9u9
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946

According to https://s.apache.org/ng9u9, 3.4.5 fixes CVE-2020-1946.
The announce text:

Apache SpamAssassin 3.4.5 was recently released [1], and fixes an issue
of security note where malicious rule configuration (.cf) files can be
configured to run system commands.

In Apache SpamAssassin before 3.4.5, exploits can be injected in a number
of scenarios. In addition to upgrading to SA 3.4.5, users should only use
update channels or 3rd party .cf files from trusted places.

Apache SpamAssassin would like to thank Damian Lukowski at credativ for
ethically reporting this issue.

This issue has been assigned CVE id CVE-2020-1946 [2]

To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the https://spamassassin.apache.org/ web site.

Apache SpamAssassin Security Team

[1]: https://s.apache.org/ng9u9

[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946

PR:		254526
Submitted by:	cy
Reported by:	cy
Approved by:	maintainer (zeising)
MFH:		2021Q1
Security:	https://s.apache.org/ng9u9
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946

Changes can be viewed here:
https://developers.yubico.com/yubikey-manager-qt/Release_Notes.html

Submitted by:	Daniel Shafer <daniel@shafer.cc> (maintainer)
Differential Revision:	https://reviews.freebsd.org/D29348

Changes can be viewed here:
https://developers.yubico.com/yubikey-manager/Release_Notes.html

Submitted by:	 Daniel Shafer <daniel % shafer.cc> (maintainer)
Differential Revision:	 https://reviews.freebsd.org/D29349

Changes:	https://gitlab.com/wg1/jpeg-xl/-/tags/v0.3.5
Changes:	https://gitlab.com/wg1/jpeg-xl/-/compare/v0.3.4...v0.3.5

Add "orient" subcommand
A few other fixes and enhancements

Reported by:    portscout

Reported by:	portscout

www/py-django-jsonfield: This port has been deleted. Upstream has renamed the port and either www/py-jsonfield or www/py-jsonfield2 should be used.

Changes: https://github.com/mar10/wsgidav/blob/v3.1.0/CHANGELOG.md

Changes: https://django-statici18n.readthedocs.io/en/latest/changelog.html

Changes: https://django-constance.readthedocs.io/en/latest/changes.html

Changes: https://github.com/ui/django-post_office/blob/v3.5.3/CHANGELOG.md

Changes:	https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.25
Reported by:	GitHub (watch releases)

 - Do not convert Windows line endings when reading the input file

 - Catch UnicodeDecideError when reading file

 - Fix incorrectly parsed prefix with mapping keys

 - Use original line endings

Reported by:	portscout

/wrkdirs/usr/ports/net-p2p/monero-cli/work/monero-0.17.1.9/external/randomx/src/intrin_portable.h:189:18: error: C++ requires a type specifier for all declarations
typedef __vector uint8_t __m128i;

- Add rc.d script

Requires using two patches previously made for powerpc64.

Changes: https://github.com/oracle/oci-python-sdk/releases/tag/v2.34.0

PR:		254519
Submitted by:	Alessandro Sagratini <ale_sagra AT hotmail DOT com> (maintainer)

Changes:	https://github.com/KhronosGroup/Vulkan-Tools/compare/v1.2.172...v1.2.173
Reported by:	portscout

Changes:	https://github.com/KhronosGroup/Vulkan-Loader/compare/v1.2.172...v1.2.173
Reported by:	portscout

Changes:	https://github.com/KhronosGroup/Vulkan-Headers/compare/v1.2.172...v1.2.173
Reported by:	portscout, Repology

Changes: https://github.com/wazuh/wazuh/releases/tag/v4.1.3

PR:		254522
Submitted by:	Michael Muenz <m.muenz AT gmail DOT com> (maintainer)

Changelog:
https://github.com/chardet/chardet/releases/tag/4.0.0

Remove patch merged upstream.

Changelog since 11.6.2:

https://github.com/jbarlow83/OCRmyPDF/blob/v11.7.3/docs/release_notes.rst

Changelog since 2.6.0:

https://github.com/pikepdf/pikepdf/blob/v2.9.1/docs/release_notes.rst

Changelog:

* Add helper-function: "as_text_list()", improve performance of ".delete()"
* Fix "__int__()" and "__index__()" on "IPv4Obj()" and "IPv6Obj()"

Changelog:
https://eyed3.readthedocs.io/en/latest/history.html#v0-9-4-2020-03-21-the-devil-made-me-do-it

Also add patch that removes direct invocation of pip command to install
dependencies.

This new port is required for audio/py-eyed3 update.

The rpi-firmware package provides firmware files under /usr/local/share.
To be used they must be copied to the boot FAT partition.

Reviewed by:	manu
Approved by:	manu
Sponsored by:	The FreeBSD Foundation

For ports optionally dependending on Python 2.7, just mark those options
as expired. Remove konquerer from the x11/kde-baseapps metaport and bump
its PORTREVISION.

Submitted by:	rene
Reviewed by:	portmgr, adridg, ehaupt, lme, madpilot, pizzamig, se, sunpoet, yuri
Approved by:	portmgr
Differential Revision:	https://reviews.freebsd.org/D28665