Log message:
update xymon + xymonclient to 4.3.28

notable changes: OpenSSL 1.1.0 is now supported, and c-ares has been updated

While touching the package anyhow, it has been taught to pass down hardening
flags, so that the various PKGSRC_USE_ flags now have effect.

Log message:
Follow some redirects.

Log message:
chmod the right files, the .sh are just an identical wrapper now

Log message:
Recursive revbump from fonts/harfbuzz

Log message:
Recursive bump for harfbuzz's new graphite2 dependency.

Log message:
update xymon and xymonclient to the current version, 4.3.27

Upstream relnotes:

Changes for 4.3.27
==================

Fixes for CGI acknowledgements and NK/criticalview web redirects.

Xymon should now properly check for lack of SSLv3 (or v2) support at compile-
time and exclude the openssl options as needed.

Completely empty directories (on Windows) are no longer considered errors.

Changes for 4.3.26
==================

This is mostly a bug fix release for javascript issues on the info and
trends pages, along with the enable / disable CGI. Several browsers had
difficulty with the new CSP rules introduced in 4.3.25.

XYMWEBREFRESH is now used as the default refresh interval for dynamic
status pages and various other xymongen destinations. Non-svcstatus
pages can be overridden by altering the appropriate *_header template
files, but svcstatus refresh interval uses this value. (default: 60s)
Set in xymonserver.cfg(5).

Incoming test names are now restricted to alphanumeric characters, colons
dashes, underscores, and slashes. Slashes and colons may be restricted in
a future release.

Unconfigured (ghost) host names are now restricted to alphanumerics, colons,
commas, periods, dashes, and underscores. It is strongly recommended to use only
valid hostnames and DNS components in servers names.

Files matched multiple times by logfetch in the client config retrieved
from config-local.cfg (such as a file matching multiple globs) will now only
be scanned once and only use the ignore/trigger rules from its first entry.
(Note: A future version of Xymon may combine all matching rules for a file together.)

CLASS groupings in analysis.cfg and alerts.cfg will now reliably work for
hosts with a CLASS override in hosts.cfg. Previous, this class was not used
in favor of the class type sent in on any specific client message.

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
update of xymon and xymonclient from 4.3.17 to 4.3.25

The following security issues are fixed with this update:
* Resolve buffer overflow when handling "config" file requests \ 
(CVE-2016-2054)
* Restrict "config" files to regular files inside the $XYMONHOME/etc/ \ 
directory
  (symlinks disallowed) (CVE-2016-2055). Also, require that the initial filename
  end in '.cfg' by default
* Resolve shell command injection vulnerability in useradm and chpasswd CGIs
  (CVE-2016-2056)
* Tighten permissions on the xymond BFQ used for message submission to restrict
  access to the xymon user and group. It is now 0620. (CVE-2016-2057)
* Restrict javascript execution in current and historical status messages by
  the addition of appropriate Content-Security-Policy headers to prevent XSS
  attacks. (CVE-2016-2058)
* Fix CVE-2015-1430, a buffer overflow in the acknowledge.cgi script.
  Thank you to Mark Felder for noting the impact and Martin Lenko
  for the original patch.
* Mitigate CVE-2014-6271 (bash 'Shell shock' vulnerability) by
  eliminating the shell script CGI wrappers

Please refer to
https://sourceforge.net/projects/xymon/files/Xymon/4.3.25/Changes/download
for further information on fixes and new features.

Log message:
Remove mk/find-prefix.mk usage from the net category.

The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.

Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure.  Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.

Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.

Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.