Log message:
*: bump for openssl 3

Log message:
libexosip: fix libosip dependency

Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Log message:
net: Remove SHA1 hashes for distfiles

Log message:
libexosip: Update to 5.1.0

eXosip2 (5.1.0) - 2020-01-16
	* new API:
	Generate random string: (low entropy, only hexa)
	int eXosip_hexa_generate_random(char *val, int val_size);
	Generate random string: (high entropy when compiled with openssl)
	int eXosip_byte_generate_random(char *val, int val_size)

	* provide more entropy with eXosip_byte_generate_random (with openssl when \ 
available).
	* fix TLS security issue reported by Alexander Traud regarding hostname \ 
validation when using NAPTR/SRV.
	* add support for epoll (detected by configured) // becomes the default on \ 
linux platforms with autotools
	* fix bug #56839: The cnonce should not be static -this is identified as replay \ 
attack by some services-.
	* fix tcp and tls connection failure detection (accelerate error detection and \ 
recovery)
	* fix: fixed a crash with DTLS

eXosip2 (5.1.0) - 2019-03-27
	* minor API update:
	  API parameter change: eXosip_call_build_ack/eXosip_call_send_ack API to use \ 
tid instead of did as parameter.

	* new API: add an API to insert one extra header in BYE:
	  int eXosip_call_terminate_with_header(struct eXosip_t *excontext, int cid, \ 
int did, const char *header_name, const char *header_value);
	  void eXosip_dnsutils_release(struct osip_naptr *naptr_record); required after \ 
usage of eXosip_dnsutils_naptr.

	* new OPTION:
	EXOSIP_OPT_SET_SESSIONTIMERS_FORCE option to force session timer to be used \ 
when remote side does not support it.

	* structure change:
	new param in eXosip_tls_credentials_t for pinning: \ 
"public_key_pinned". A file with the expected public key of server.
	If you use \ 
eXosip_tls_ctx_t/eXosip_tls_credentials_t/EXOSIP_OPT_SET_TLS_CERTIFICATES_INFO, \ 
you need to recompile.

	* fix processing response out of transaction. (avoid incorrect logs and extra work)
	* fix https://savannah.nongnu.org/bugs/?54628 where ACK was only retransmitted \ 
for initial outgoing INVITE.
	  fix: retransmit ACK for both initial INVITE and re-INVITE.
	  fix: retransmit ACK for 2xx from forking (with a BYE) even if call does not exist.
	  ACK for "old transaction" within the established dialog won't be \ 
retransmitted because the parameter only hold the latest ACK.
	* fix bug report: https://savannah.nongnu.org/bugs/index.php?54624
	  another patch to fix more issue related to cseq & PRACK.
	  The newer code better handle forking use-case with PRACK.
	  The newer code better handle several 1xx from same user.
	* fix bug report: https://savannah.nongnu.org/bugs/index.php?54624 cseq wasn't \ 
increasing after a PRACK.
	* improve portability code, detection of headers, windows compilation \ 
detection, sockaddr_storage was not correctly defined.
	* fix udp layer: set ipbuf before using it.
	* fix: allow socket descriptor to be 0 (posix requirement).
	* fix: compile with any openssl version.
	* allow compilation with OPENSSL_NO_DH, OPENSSL_NO_RSA, OPENSSL_NO_ECDH and/or \ 
OPENSSL_NO_DEPRECATED.
	* remove old windows specific RSA obsolete code.
	* add in eXtl_tls.c some explanations on usage of TLS with eXosip2. READ THEM.
	* improve reliability for naptr/srv lookup (but still a short time).
	* fix/improve _eXosip_mark_registration_expired: it was working correctly only \ 
if registration had previously failed.
	* fix: attach call/dialog to CANCEL transaction (so \ 
EXOSIP_CALL_MESSAGE_ANSWERED will be received instead of \ 
EXOSIP_MESSAGE_ANSWERED).
	* windows: fix DnsQuery to use UTF8 even if compiled without UNICODE (not \ 
applicable if you use c-ares).
	* windows: add ENUM capability and improve NAPTR/SRV record (not applicable if \ 
you use c-ares).
	* windows: you should use c-ares AND you should compile with UNICODE. (much better).
	* add ability to define a dnsserver when doing NAPTR and SRV record (c-ares only).
	* format of domain string for "eXosip_dnsutils_naptr" is \ 
"domain.com!+AUS|IP_DNSSERVER".
	* fix for on android, DNS are not available any more (restricted access) \ 
(c-ares only).
	* add support ENUM and regex for res_query API (not applicable if you use c-ares).
	* sync with newer osip: use newer osip_naptr & osip_srv_record structures \ 
to hold ENUM sip result and
	  improvements to retreive (and release) it via eXosip_dnsutils_naptr and \ 
eXosip_dnsutils_release APIs.
	* TLS improvments: simplify client and server config, add ECDH cipher suite if \ 
missing,
	  password for private key is optional, add support for public key pinning.
	* improve to report EXOSIP_CALL_NOANSWER upon transport error for INVITE for \ 
faster detection.
	* fix possible memory leak for X509 server certificate.
	* fix crash if dialog has been already closed between 200ok and a received BYE.
	* improve windows pipe replacement (use a free allocated port automatically).
	* fix to optimize detection of TCP or TLS establishement, fix to optimize \ 
sending REGISTER after establishement.
	* patch for call transfer to keep dialog after BYE, in order to be able to \ 
handle incoming/outgoing NOTIFY within calls after BYE.
	* handle incoming UPDATE from alternative dialogs in early dialog mode.
	* fix to reject any NOTIFY without established dialog coming later than 64 \ 
seconds after initial SUBSCRIBE.
	* After a NAPTR query, some DNS server returns SUCCESS without NAPTR answers. \ 
In such use-case, fallback to manual SRV records.
	* add SOCK_CLOEXEC option to sockets // add missing SO_KEEPALIVE options on TLS \ 
socket.
	* EXOSIP_OPT_ENABLE_IPV6 now support 0(ipv4 only), 1(ipv6 only) and 2(ipv4 OR ipv6).
	  With option 2, choice is made based on DNS and the stack can fallback between \ 
IPv4 and IPv6.
	* fix possible memory leak when using wrong tid for \ 
eXosip_insubscription_send_answer.
	* fix possible memory leak upon allocation error.
	* fix leak upon syntax error in parameters provided for PUBLISH.
	* fix leak upon syntax error in parameters provided for REGISTER.
	* increase size of proto_ifs for IPv6 local address.
	* RFC 2617 erratum: Errata ID: 1649 (minor issue).
	* _exosip_isipv4addr: fix checking IPv4 address (minor issue).
	* other minor updates.

eXosip2 (5.0.0)
	* major API update: add a new parameter to eXosip_call_build_prack in order to \ 
create the PRACK
	for this specific response and not for the latest.
	* major API update: removal of eX_refer.h API. REFER are now handled with \ 
subscriptions APIs.
	eXosip_refer_build_request removed
	eXosip_refer_send_request removed
	* major API update: subscription now handle both SUBSCRIBE and REFER with the \ 
same APIs:
	eXosip_subscription_build_initial_refer ADDED
	eXosip_subscribe_build_initial_request renamed \ 
eXosip_subscription_build_initial_subscribe
	eXosip_subscribe_send_initial_request renamed \ 
eXosip_subscription_send_initial_request
	eXosip_subscribe_build_refresh_request renamed \ 
eXosip_subscription_build_refresh_request
	eXosip_subscribe_send_refresh_request renamed \ 
eXosip_subscription_send_refresh_request
	eXosip_subscribe_remove renamed eXosip_subscription_remove
	EXOSIP_IN_SUBSCRIPTION_* and EXOSIP_SUBSCRIPTION_* events may now relate to \ 
REFER subscription.
	* major API change: eXosip_automatic_refresh is obsolete and has been removed.
	only use eXosip_automatic_action instead
	* API update:
	eXosip_options_send_request returns a positive transaction id (tid) on success.
	eXosip_publish returns a positive transaction id (tid) on success.
	note: eXosip_message_send_request was already returing the transaction id (tid) \ 
on success.
	* new API options:
	EXOSIP_OPT_REMOVE_PREROUTESET: to keep Route Set
	EXOSIP_OPT_SET_SIP_INSTANCE: define +sip.instance parameter in Contact headers
	EXOSIP_OPT_ENABLE_USE_EPHEMERAL_PORT: option to use/not use ephemeral port in \ 
Contact.
	EXOSIP_OPT_ENABLE_REUSE_TCP_PORT: option to reuse port.
	EXOSIP_OPT_AUTO_MASQUERADE_CONTACT: option to enable automatic masquerading for \ 
Contact headers.
	EXOSIP_OPT_UDP_LEARN_PORT: obsolete and will be removed in the future.
	EXOSIP_OPT_SET_DEFAULT_CONTACT_DISPLAYNAME: define a display name to be added \ 
in Contact headers
	* new API options: (high load traffic use-case: DO NOT USE FOR COMMON USAGE)
	EXOSIP_OPT_SET_MAX_MESSAGE_TO_READ: set the number of message to read at once \ 
for each network processing.
	EXOSIP_OPT_SET_MAX_READ_TIMEOUT: set the period in nano seconds during we read \ 
for sip message.
	EXOSIP_OPT_GET_STATISTICS: retreive numerous statistics.
	* rewrite/update autotools and ./configure options
	  --enable-pthread=[autodetect|force]
	    autodetect POSIX threads or force -DHAVE_PTHREAD [default=autodetect]
	  --enable-semaphore=[autodetect|semaphore|sysv]
	    select your prefered semaphore [default=autodetect].

	* fix selection of Contact header for 3xx (default to a tel/sip/sips one with \ 
any transport)
	* keep to call context enough time to handle redirection.
	* fix race condition for processing SRV results (not likely to happen)
	* fix bug when reading sip message longuer than 8000 over UDP and TLS.
	* improve eXosip_add_authentication_info to avoid duplicate credentials
	* if a SUBSCRIBE is rejected, the context will be released automatically
	* add failover after a DNS failure.
	* fallback to SRV even if we receive a NOTFOUND reply for NAPTR.
	* fix route set with strict router.
	* rename usage of -DHAVE_CARES_H into -DHAVE_ARES_H real name of header.
	* remove warnings mainly related to socket API \ 
(getnameinfo/bind/accept/recv/connect/sendto)
	* rewrite all loop using iterator to improve performance (useful for high load \ 
traffic)
	* rewrite Via and Contact management: both will now contains the IP of the real \ 
network interface
	  instead of the default one.
	* improve NAPTR failover, more reliable // add failover for 503 answer
	* improve interval to force REGISTER refresh upon network error and failover.
	* improve TCP socket management
	* add a callback to simplify/optimize/accelerate usage of wakelocks in android \ 
application using exosip2.
	* improve TLS, add TLSv1.1, TLSv1.2, disable weak cipher (FREAK) and enable \ 
ECDHE cipher.
	* add support for SNI tls extension (openssl 1.0.2)
	* add try/except on windows to catch possible missing qwave (windows server)
	* implement a timeout (32 seconds) for establishing a TCP and TLS connection.
	* if a connection is failing, report the failure asap.
	* fix memory leak in eXosip_call_get_referto
	* remove extra connect on socket for TCP and TLS (not allowed for tcp stream)
	* fix to correctly discard INVITE retransmission with same branch received \ 
after original INVITE was replied
	* add WSACleanup for each WSAStartup call (windows)
	* do not include contact in BYE and CANCEL
	* fix to use sips when appropriate (in Contact)
	* fix to avoid handling negative content-length
	* do not start naptr for incoming transactions.
	* fix bug when rseq is empty but exist
	* add support for QOS on windows.
	* improve connection handling/failure detection, keep alive options, in TLS, \ 
TCP, UDP.
	* update static IDs (cid/did/rid/pid) to use range from 0 to INT_MAX to avoid \ 
possible collision
	* other minor updates.

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
Bump PKGREVISION for security/openssl ABI bump.