Pullup ticket #4055 - requested by taca
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                    1.172
- security/openssl/distinfo                                    1.91

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Tue Feb  5 15:54:31 UTC 2013

  Modified Files:
  pkgsrc/security/openssl: Makefile distinfo

  Log Message:
  Update openssl to 0.9.8y.

    Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

    *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time=
  .=

        This addresses the flaw in CBC record processing discovered by
        Nadhem Alfardan and Kenny Paterson. Details of this attack can be =
  found
        at: http://www.isg.rhul.ac.uk/tls/

        Thanks go to Nadhem Alfardan and Kenny Paterson of the Information=

        Security Group at Royal Holloway, University of London
        (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley an=
  d
        Emilia K=E4sper for the initial patch.
        (CVE-2013-0169)
        [Emilia K=E4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve H=
  enson]

    *) Return an error when checking OCSP signatures when key is NULL.
        This fixes a DoS attack. (CVE-2013-0166)
        [Steve Henson]

    *) Call OCSP Stapling callback after ciphersuite has been chosen, so
        the right response is stapled. Also change SSL_get_certificate()
        so it returns the certificate actually sent.
        See http://rt.openssl.org/Ticket/Display.html?id=3D2836.
        (This is a backport)
        [Rob Stradling <rob.stradling@comodo.com>]

    *) Fix possible deadlock when decoding public keys.
        [Steve Henson]

(tron)

Fix NetBSD/amd64 build.

(jperkin)

add patch from upstream to fix SASL buffer overflow vulnerability
(CVE-2013-0249), bump PKGREV

(drochner)

Updated security/openssl to 1.0.1dnb2

(jperkin)

Apply upstream patch to fix data corruption.

Bump PKGREVISION.

(jperkin)

Note update of mail/roundcube package to 0.8.5.

(taca)

Update roundcube to 0.8.5.

CHANGELOG Roundcube Webmail
===========================

- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
- Fix unwanted horizontal scrollbar in message preview header (#1488866)
- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored
  (#1488844)
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
- Fix absolute positioning in HTML messages (#1488819)
- Fix keybord events on messages list in opera browser (#1488823)
- Fix cache (in)validation after setting \Deleted flag
- Fix selection of collapsed thread rows (#1488772)
- Fix wrapping of quoted text with format=flowed (#1488177)

(taca)

Note update of www/ruby-rack package to 1.4.5.

(taca)

Update ruby-rack to 1.4.5.

* February 7th, Thirty fifth public release 1.4.5
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
  * Fix CVE-2013-0262, symlink path traversal in Rack::File

(taca)

Note update of www/ruby-rack12 package to 1.2.8 and www/ruby-rack13
package to 1.3.10.

(taca)

Update ruby-rack13 to 1.3.10.

February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

(taca)

Update ruby-rack12 to 1.2.8.

* February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie

(taca)

gcc-core-4.0.3.tar.gz is not available from ftp://gcc.gnu.org.
use .bz2 from MASTER_SITE_GNU instead (and some simplify).

(obache)

When using destdir, the clean stage isn't privileged.

(wiz)

Move parentheses to the end of paragraph to improve readability.

(asau)

Split Darwin version information into separate paragraph
for consistency with notes on other operating systems.

Someone should mention which (recent!) MacOS versions are
supported and/or tested.

(asau)

Fix build problem probably caused  by OpenSSL update.

(tron)

Updated mail/msmtp to 1.4.30

(ryoon)

Update to 1.4.30.

Changelog:
Version 1.4.30:
- Fix a bug in msmtp_read_addresses() that was introduced in version 1.4.29 by
  fixing a problem in the wrong way.

(ryoon)

Add xulrunner/firefox 18.0.2

(ryoon)

Update to 18.0.2.

* Include patch for FreeBSD from Jan Beich (patch-bf).

Changelog:
FIXED
18.0.2: Fix JavaScript related stability issues

(ryoon)

Remove workaround for ftp user agent

(morr)

FTPUSERAGENT is a environment variable for ftp(1), not a make variable.
No need to pass here.

related to PR 47525.

(obache)

+ ruby-gnome2-gtk3 ruby-gnome2-gtksourceview3

(obache)

+ ruby-gnome2-gdk3

(obache)

+ruby-gnome2-gobject-introspection

(obache)

Note update ruby-gnome2 to 1.2.1.

(obache)

Update ruby-gnome2 to 1.2.1.
(and add gtk3, gdk3, gtksourceview3 and gobject-introspection binding).
based on PR 47529.

== Ruby-GNOME2 1.2.1: 2013-01-30

GTK+ 3 support on Mac OS X release!

=== Changes

==== Ruby/GLib2

  * Improvements
    * Supported custom sudo prompt on auto native package install.
      [GitHub:126] [Suggested by Yorick Peterse]
    * Started to support JRuby. (It is not completed yet.)
      [GitHub:125] [Reported by vpereira]
    * Accepted unsigned long int size GType.
    * Removed DL support.
    * Don't call deprecated g_type_init() for GLib >= 2.35.1.

==== Ruby/GTK2

  * Fixes
    * Fixed a memory leak related Gtk::TreeIter.
      [GitHub:128] [Patch by Toshiaki Asai]

==== Ruby/GTK3

  * Fixes
    * Fixed a memory leak related Gtk::TreeIter.
      [GitHub:128] [Patch by Toshiaki Asai]
    * Fixed a crash bug caused by symbol conflict with Ruby/GDK3 on
      Mac OS X.
      [GitHub:127] [Reported by Sergio Campama] [Helped by Watson]

==== Ruby/GDK3

  * Improvements
    * [windows] Bundled Greybird theme.
      [Suggested by Regis d'Aubarede]

==== Ruby/GooCanvas

  * Improvements
    * Added Goo::Canvas#get_items_at [GitHub:124] [Patch by David Maciejak]

==== Ruby/WebKitGTK

  * Added

==== Ruby/GtkSourceView3

  * Improvements
    * Supported Windows.

=== Thanks

  * David Maciejak
  * Yorick Peterse
  * vpereira
  * Toshiaki Asai
  * Sergio Campama
  * Watson
  * Regis d'Aubarede

== Ruby-GNOME2 1.2.0: 2013-01-24

GTK+ 3 support release!

=== Changes

==== All

  * Added ruby-gtk3 package. Here is a list:
    * Ruby/GLib2
    * Ruby/ATK
    * Ruby/Pango
    * Ruby/GdkPixbuf2
    * Ruby/GDK3
    * Ruby/GTK3

==== Ruby/GLib2

  * Improvements
    * Supported custom VALUE <-> GBoxed conversion
    * Supported VALUE <-> GBoxed conversion by RVAL2GOBJ
    * Added GLib::Source::REMOVE
    * Added GLib::Source::CONTINUE
    * Added rbgobj_make_boxed_raw()
    * Added GLib::Value for internal use
    * [windows] Updated to the latest GLib: 2.28.8-1 -> 2.34.3
  * Changes
    * Removed deprecated GLib::Win32.get_package_installation_directory
    * Removed deprecated GLib::Win32.get_package_installation_subdirectory
    * Added user_data to RGConvertTable callbacks
    * rbgobj_convert_define() copies passed RGConvertTable
    * Removed deprecated G_DEF_FUNDAMENTAL. Use RG_DEF_CONVERSION instead

==== Ruby/GIO2

  * Improvements
    * Installed headers

==== Ruby/ATK

  * Improvements
    * [windows] Updated to the latest ATK: 1.32.0 -> 2.6.0

==== Ruby/Pango

  * Improvements
    * [windows] Updated to the latest Pango: 1.28.3 -> 1.32.6

==== Ruby/GdkPixbuf2

  * Improvements
    * [windows] Updated to the latest gdk-pixbuf: 2.24.0 -> 2.26.5

==== Ruby/GTK2

  * Improvements
    * Removed needless not copy flag from Allocation
    * [windows] Updated to the latest GTK+ 2: 2.24.8 -> 2.24.14

==== Ruby/GDK3

  * Improvements
    * [windows] Supported: 3.6.4

==== Ruby/GTK3

  * Improvements
    * Removed needless not copy flag from Allocation
    * [windows] Supported: 3.6.4

==== Ruby/GObjectIntrospection

  * Improvements
    * Supported over loaded method
    * Supported over loaded constructor
    * Supported GBoxed object
    * Supported char *
    * Supported GInterface
    * Supported CallableInfo
    * Supported may be null
    * Supported union object
    * Supported not GBoxed struct
    * Supported out parameter
    * Supported C array
    * Added "?" suffix to predicate method name
    * Supported SourceFunc callback
    * Supported GValue
    * Added GObjectIntrospection::Loader.register_boxed_class_converter
    * Supported inout parameter
    * Supported binary data array
  * Changes
    * ArgInfo#[] -> ArgInfo#get_arg

==== Ruby/CairoGObject

  * Added

==== Ruby/Clutter

  * Added

==== Ruby/ClutterGtk

  * Added

== Ruby-GNOME2 1.1.9: 2012-12-29

This is a experimental GObjectIntrospection support release.

=== Changes

==== Ruby/GLib2

  * Improvements
    * Renamed G_DEF_CLASS4 to G_DEF_CLASS_WITH_PARENT.
      G_DEF_CLASS4 is still usable but it is deprecated.

==== Ruby/GObjectIntrospection

  * Added. It is still experimental.

== Ruby-GNOME2 1.1.8: 2012-12-19

This is a bug fix release for Ruby 2.0.0.

=== Changes

==== All

  * Fixes
    * Fixed a bug that *.so isn't installed with Ruby 2.0.0.

== Ruby-GNOME2 1.1.7: 2012-12-10

This is a package for Windows fix release.

=== Changes

==== Ruby/GTK2

  * Fixes
    * Bundled GTK+ 2.24.8-1 instead of GTK+ 2.24.10-1.
      [Reported by Mahoro Shimura]

=== Thanks

  * Mahoro Shimura

== Ruby-GNOME2 1.1.6: 2012-12-02

This is Ruby 2.0.0 support release!

=== Changes

==== All

  * Fixes
    * Fixed install error on Ruby 2.0.0.
      [ruby-gnome2-devel-en] Recent Ruby: 'depend' files must be changed
      [Reported by Carlo E. Prelz]

==== Ruby/GLib2

  * Improvements
    * Improved portability a bit. '$,' is used instead of rb_output_fs.
      [GktHub:#117] [Reported by Marvin G端lker]

==== Ruby/GIO2

  * Fixes
    * Fixed a crash bug on i386. [Reported by TAKATSU Tomonari]

==== Ruby/GTK2

  * Improvements
    * Added Gtk::TreeModel#iter_root. [GitHub:121] [Patch by dmaciejak]
    * Added Gtk::TreeModel#iter_next. [GitHub:121] [Patch by dmaciejak]

==== Ruby/GdkPixbuf2

  * Fixes
    * Fixed build errors with old gdk-pixbuf.

==== Ruby/Poppler

  * Improvements
    * Added missing required Poppler version.
      [Suggested by Grant Schoep]
      [ruby-gnome2-devel-en] poppler, build fails, incorrect
      required_pkg_config_package?

  * Fixes
    * Fixed a wrong package name on Red Hat and Fedora.
      [Reported by Grant Schoep]
      [ruby-gnome2-devel-en] poppler, build fails, incorrect
      required_pkg_config_package?

  * Changes
    * Disabled auto Poppler install for Homebrew. It requires
      --with-glib option but auto install with --with-glib option
      isn't supported yet.

==== Ruby/GooCanvas

  * Improvements
    * Added Goo::Canvas#update. [GitHub:119] [Patch by dmaciejak]
    * Added Goo::Canvas#request_update. [GitHub:119] [Patch by dmaciejak]
    * Added Goo::Canvas#convert_from_pixels. [GitHub:123] [Patch by dmaciejak]
    * Added Goo::Canvas#convert_to_pixels. [GitHub:123] [Patch by dmaciejak]
    * Added Goo::Canvas#get_item_at. [GitHub:123] [Patch by dmaciejak]
    * Added Goo::Canvas#bounds. [GitHub:123] [Patch by dmaciejak]

==== Ruby/GStreamer

  * Improvements
    * Don't pass -h and --help to GStreamer.
      [GitHub:#118] [Reported by dmaciejak]

=== Thanks

  * TAKATSU Tomonari
  * dmaciejak
  * Grant Schoep
  * Carlo E. Prelz
  * Marvin G端lker

(obache)

Revert API depends change, not needed.
Ok jperkin.

(wiz)

Updated graphics/jhead to 2.97

(wiz)

Update to 2.97:

Jul 9 2012:
Make it compile clean with visual studio 10

Jul 28 2012:
Various cleanups from debian folks.

Oct 19 2012:
Add feature to show quality of jpeg, (by Andy Spiegel)

Dec 27 2012:
Fix crash on some corrupt files bug, clarify time adjustment syntax in help

(wiz)

Updated audio/libaudiofile to 0.3.5

(wiz)

Update to 0.3.5:

Changes for Audio File Library version 0.3.5:

* Implement IMA ADPCM encoding and decoding for AIFF-C, CAF, and WAVE files.
* Implement Microsoft ADPCM encoding for WAVE files.
* Fix calculation of IRCAM frame size.
* Record marker comments in WAVE files.
* Improve validation of compressed audio formats.
* Add support for building without documentation.

(wiz)

Reduce minium required OpenSSL version to 1.0.1c (instead of 1.0.1d) which
is what NetBSD 6.0* ships with.

The minimum ABI version was incorrect anyway and a result of an unnecessary
revision bump of the "openssl" package.

(tron)

+ abcm2ps-7.4.0, highlight-3.13, ktorrent-4.3.1, libaudiofile-0.3.5,
  miniupnpd-1.8, opera-12.14, tea-34.0.1, webmin-1.620.

(wiz)

Updated comms/asterisk18 to 1.8.20.1

(jnemeth)

Update to Asterisk 1.8.20.1:  this is a minor bugfix release

----- 1.8.20.1

The Asterisk Development Team has announced the release of Asterisk 1.8.20.1.

The release of Asterisk 1.8.20.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix astcanary startup problem due to wrong pid value from before
      daemon call

* --- Update init.d scripts to handle stderr; readd splash screen for
      remote consoles

* --- Reset RTP timestamp; sequence number on SSRC change

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.1

Thank you for your continued support of Asterisk!

----- 1.8.20.0

The Asterisk Development Team has announced the release of Asterisk 1.8.20.0.

The release of Asterisk 1.8.20.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- app_meetme: Fix channels lingering when hung up under certain
      conditions

* --- Fix stuck DTMF when bridge is broken.

* --- Improve Code Readability And Fix Setting natdetected Flag

* --- Fix extension matching with the '-' char.

* --- Fix call files when astspooldir is relative.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.0

Thank you for your continued support of Asterisk!

(jnemeth)

Oops, forgot to commit this file for updating of contao211 to 2.11.9.

(taca)

PKGREVISION bumps for the security/openssl 1.0.1d update.

(jperkin)

Note security/openssl update to 1.0.1d.

XXX: commit-changes-entry cannot handle multiple TODO matches.

(jperkin)

Update OpenSSL to 1.0.1d.  Changes are far too numerous to list, the main one being
that we can now take advantage of AES-NI support in modern processors to significantly
increase performance.

Miscellaneous pkgsrc changes:

- Remove unnecessary warning message on Solaris.
- Fix RPATH for libgost.so.
- MD2 support is optional, enabled by default for compatability.

(jperkin)

Updated net/trafshow to 5.2.3nb2

(jperkin)

Avoid socket buffering on Solaris, a blank screen is not all that useful.

Bump PKGREVISION.

(jperkin)

Updated net/tcpdump to 4.3.0

(jperkin)

Update net/tcpdump to 4.3.0.  Changes since 4.1.1:

  Summary for 4.3.0 tcpdump release
        fixes for forces: SPARSE data (per RFC 5810)
        some more test cases added
        updates to documentation on -l, -U and -w flags.
        Fix printing of BGP optional headers.
        Tried to include DLT_PFSYNC support, failed due to headers required.
        added TIPC support.
        Fix LLDP Network Policy bit definitions.
        fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
        SIGUSR1 can be used rather than SIGINFO for stats
        permit -n flag to affect print-ip for protocol numbers
        ND_OPT_ADVINTERVAL is in milliseconds, not seconds
        Teach PPPoE parser about RFC 4638

  Summary for 4.2.1 tcpdump release
        Only build the Babel printer if IPv6 is enabled.
        Support Babel on port 6696 as well as 6697.
        Include ppi.h in release tarball.
        Include all the test files in the release tarball, and don't
        "include" test files that no longer exist.
        Don't assume we have <rpc/rpc.h> - check for it.
        Support "-T carp" as a way of dissecting IP protocol 112 as CARP
        rather than VRRP.
        Support Hilscher NetAnalyzer link-layer header format.
        Constify some pointers and fix compiler warnings.
        Get rid of never-true test.
        Fix an unintended fall-through in a case statement in the ARP
        printer.
        Fix several cases where sizeof(sizeof(XXX)) was used when just
        sizeof(XXX) was intended.
        Make stricter sanity checks in the ES-IS printer.
        Get rid of some GCCisms that caused builds to fai with compilers
        that don't support them.
        Fix typo in man page.
        Added length checks to Babel printer.

  Summary for 4.2.+
        merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov
          at gmail dot com>
        updates to forces for new port numbers
        Use "-H", not "-h", for the 802.11s option. (-h always help)
        Better ICMPv6 checksum handling.
        add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12
        get rid of uuencoded pcap test files, git can do binary.
        sFlow changes for 64-bit counters.
        fixes for PPI packet header handling and printing.
        Add DCB Exchange protocol (DCBX) version 1.01.
        Babel dissector, from Juliusz Chroboczek and Gr辿goire Henry.
        improvements to radiotap for rate values > 127.
        Many improvements to ForCES decode, including fix SCTP TML port
        updated RPL type code to RPL-17 draft
        Improve printout of DHCPv6 options.
        added support and test case for QinQ (802.1q VLAN) packets
        Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.
        Build fixes for Sparc and other machines with alignment restrictions.
        Merged changes from Debian package.
        PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options.
        Build fixes for OSX (Snow Leopard and others)
        Add support for IEEE 802.15.4 packets

  Summary for 4.1.2 tcpdump release
        If -U is specified, flush the file after creating it, so it's
          not zero-length
        Fix TCP flags output description, and some typoes, in the man
          page
        Add a -h flag, and only attempt to recognize 802.11s mesh
          headers if it's set
        When printing the link-layer type list, send *all* output to
          stderr
        Include the CFLAGS setting when configure was run in the
          compiler flags

(jperkin)

PKGREVISION bumps for net/libpcap update.

(jperkin)

Updated net/libpcap to 1.3.0

(jperkin)

Update libpcap to 1.3.0.  Main pkgsrc change is support for Solaris 11/illumos.

Summary for 1.3.0 libpcap release
        Handle DLT_PFSYNC in {FreeBSD, other *BSD+Mac OS X, other}.
        Linux: Don't fail if netfilter isn't enabled in the kernel.
        Add new link-layer type for NFC Forum LLCP.
        Put the CANUSB stuff into EXTRA_DIST, so it shows up in the release tarball.
        Add LINKTYPE_NG40/DLT_NG40.
        Add DLT_MPEG_2_TS/LINKTYPE_MPEG_2_TS for MPEG-2 transport streams.
        [PATCH] Fix AIX-3.5 crash with read failure during stress
        AIX fixes.
        Introduce --disable-shared configure option.
        Added initial support for canusb devices.
        Include the pcap(3PCAP) additions as 1.2.1 changes.
        many updates to documentation: pcap.3pcap.in
        Improve 'inbound'/'outbound' capture filters under Linux.
        Note the cleanup of handling of new DLT_/LINKTYPE_ values.
        On Lion, don't build for PPC.
        For mac80211 devices we need to clean up monitor mode on exit.

Summary for 1.2.1 libpcap release
        Update README file.
        Fix typoes in README.linux file.
        Clean up some compiler warnings.
        Fix Linux compile problems and tests for ethtool.h.
        Treat Debian/kFreeBSD and GNU/Hurd as systems with GNU
        toolchains.
        Support 802.1 QinQ as a form of VLAN in filters.
        Treat "carp" as equivalent to "vrrp" in filters.
        Fix code generated for "ip6 protochain".
        Add some new link-layer header types.
        Support capturing NetFilter log messages on Linux.
        Clean up some error messages.
        Turn off monitor mode on exit for mac80211 interfaces on Linux.
        Fix problems turning monitor mode on for non-mac80211 interfaces
        on Linux.
        Properly fail if /sys/class/net or /proc/net/dev exist but can't
        be opened.
        Fail if pcap_activate() is called on an already-activated
        pcap_t, and add a test program for that.
        Fix filtering in pcap-ng files.
        Don't build for PowerPC on Mac OS X Lion.
        Simplify handling of new DLT_/LINKTYPE_ values.
        Expand pcap(3PCAP) man page.

Summary for 1.2 libpcap release
        All of the changes listed below for 1.1.1 and 1.1.2.
        Changes to error handling for pcap_findalldevs().
        Fix the calculation of the frame size in memory-mapped captures.
        Add a link-layer header type for STANAG 5066 D_PDUs.
        Add a link-layer type for a variant of 3GPP TS 27.010.
        Noted real nature of LINKTYPE_ARCNET.
        Add a link-layer type for DVB-CI.
        Fix configure-script discovery of VLAN acceleration support.
        see http://netoptimizer.blogspot.com/2010/09/tcpdump-vs-vlan-tags.html
        Linux, HP-UX, AIX, NetBSD and OpenBSD compilation/conflict fixes.
        Protect against including AIX 5.x's <net/bpf.h> having been included.
        Add DLT_DBUS, for raw D-Bus messages.
        Treat either EPERM or EACCES as "no soup for you".
        Changes to permissions on DLPI systems.
        Add DLT_IEEE802_15_4_NOFCS for 802.15.4 interfaces.

(jperkin)

Remove unneccessary firefox line.

(ryoon)

Note update ot devel/ruby-railties, devel/ruby-railties31 and
devel/ruby-railties32 packages:

devel/ruby-railties 3.0.20nb1
devel/ruby-railties31 3.1.10nb1
devel/ruby-railties32 3.2.11nb1

(taca)

Allow depending to more newer version of ruby-thor package.

Bump PKGREVISION.

(taca)

Allow depending to more newer version of ruby-thor package.

Bump PKGREVISION.

(taca)

Allow depending to more newer version of ruby-thor package.

Bump PKGREVISION.

(taca)

Note update of www/contao211 package to 2.11.9.

(taca)

Update contao211 to 2.11.9.
This relase contains fix for CVE-2012-6112(TinyMCE), too.

Version 2.11.9 (2013-02-05)
---------------------------

### Fixed
Support numeric front end dates in the form generator (see #5238).

### Fixed
Support whitespace characters when parsing simple tokens (see #5323).

### Fixed
Allow to run multiple TinyMCE instances with different configurations on the
same page (thanks to Andreas Schempp) (see #4453).

### Fixed
Correctly trigger the "saveNewPassword" hook (see #5247).

### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).

### Fixed
Do not group standalone lightbox elements on HTML5 pages (see #3742).

### Fixed
Anonymize IP addresses in `Form::processFormData()` (see #5255).

### Fixed
Replaced the 1200 pixel limit when resizing images with the values defined in
the system settings (see #5268).

### Fixed
Make sure there is an array in `Controller::generateMargin()` (see #5217).

### Fixed
More robust input validation in the back end filter menu and no more absolute
paths in error messages printed to the screen (thanks to aulmn) (see #4971).

### Fixed
Unset non-existing fields when restoring versions (see #5219).

(taca)

Note update of devel/ruby-rdoc package to 3.12.1.

(taca)

Update ruby-rdoc to 3.12.1.

=== 3.12.1 / 2013-02-05

* Bug fixes
  * Fixed an XSS exploit in darkfish.js.  This could lead to cookie disclosure
    to third parties.  See CVE-2013-0256[rdoc-ref:CVE-2013-0256.rdoc] for full
    details including a patch you can apply to generated RDoc documentation.
  * Ensured that rd parser files are generated before checking the manifest.

(taca)

Note update of Ruby 1.9.3-p385 related pacakges:

lang/ruby193-base 1.9.3p385
databases/ruby-gdbm 1.9.3p385nb2
devel/ruby-curses 1.9.3p385
devel/ruby-fiddle 1.9.3p385
devel/ruby-readline 1.9.3p385nb2
x11/ruby-tk 1.9.3p385nb1
lang/ruby193 1.9.3p385
devel/ruby-mode 1.9.3p385

(taca)

Update ruby193 pacakges to 1.9.3p385.

This release includes a security fix about bundled RDoc.
Full changes are too may to write here, please refer ChangeLog.

(taca)

Recommend "Command Line Tools for Xcode" as mentioned in
<URL:http://kennethreitz.org/experiments/xcode-gcc-and-homebrew>.

(schmonz)

+ mysql-5.5.30.

(taca)

Fix LDFLAGS parsing bug on SunOS (upstream PR submitted).

(fhajny)

Disable man pages by default.

(wiz)

Updated mail/sendmail-cidrexpand to 8.14.6

(jnemeth)

- reset PKGREVISION for update to sendmail 8.14.6
- appease pkglint

(jnemeth)

Updated mail/sendmail-qtool to 8.14.6

(jnemeth)

- reset PKGREVISION for update to sendmail 8.14.6
- appease pkglint

(jnemeth)

Updated mail/libmilter to 8.14.6

(jnemeth)

Updated mail/sendmail to 8.14.6

(jnemeth)

Updated www/libmicrohttpd to 0.9.25

(wiz)

Update to 0.9.25:

Fri Feb  1 10:19:44 CET 2013
Handle case where POST data contains "key=" without value
at the end and is not new-line terminated by invoking the
callback with the "key" during MHD_destroy_post_processor (#2733). -CG

Wed Jan 30 13:09:30 CET 2013
Adding more 'const' to allow keeping of reason phrases in ROM.
(see mailinglist). -CG/MV

Tue Jan 29 21:27:56 CET 2013
Make code work with PlibC 0.1.7 (which removed plibc_init_utf8).
Only relevant for W32. Fixes #2734. -CG

Sat Jan 26 21:26:48 CET 2013
Fixing regression introduced Jan 6 (test on data_size instead
of total_size. -CG

Fri Jan 11 23:21:55 CET 2013
Also return MHD_YES from MHD_destroy_post_processor if
we did not get '\r\n' in the upload. -CG

Sun Jan  6 21:10:13 CET 2013
Enable use of "MHD_create_response_from_callback" with
body size of zero. -CG

(wiz)

Update to sendmail 8.14.6:  this is a general bug fix release.
- will look at making recently requested changes in a subsequent commit

8.14.6/8.14.6 2012/12/23
Fix a regression introduced in 8.14.5: if a server offers
two AUTH lines, the MTA would not read them after
STARTTLS has been used and hence SMTP AUTH for
the client side would fail.  Problem noted by Lena.
Do not cache hostnames internally in a non case sensitive way
as that may cause addresses to change from lower case
to upper case or vice versa. These header modifications
can cause problems with milters that rely on receiving
headers in the same way as they are being sent out such
as a DKIM signing milter.
If MaxQueueChildren is set then it was possible that new queue
runners could not be started anymore because an
internal counter was subject to a race condition.
If a milter decreases the timeout it waits for a communication
with the MTA, the MTA might experience a write() timeout.
In some situations, the resulting error might have been
ignored.  Problem noted by Werner Wiethege.
Note: decreasing the communication timeout in a milter
should not be done without considering the potential
problems.
smfi_setsymlist() now properly sets the list of macros for
the milter which invoked it, instead of a global
list for all milters.  Problem reported by
David Shrimpton of the University of Queensland.
If Timeout.resolver.retrans is set to a value larger than 20,
then resolver.retry was temporarily set to 0 for
gethostbyaddr() lookups. Now it is set to 1 instead.
Patch from Peter.
If sendmail could not lock the statistics file due to a system
error, and sendmail later sends a DSN for a mail that
triggered such an error, then sendmail tried to access
memory that was freed before (causing a crash on some
systems).  Problem reported by Ryan Stone.
Do not log negative values for size= nor pri= to avoid confusing
log parsers, instead limit the values to LONG_MAX.
Account for an API change in newer versions of Cyrus-SASL.
Patch from Hajimu UMEMOTO from FreeBSD.
Do not try to resolve link-local addresses for IPv4 (just as it
is done for IPv6).  Patch from John Beck of Oracle.
Improve logging of client and server STARTTLS connection failures
that may be due to incompatible cipher lists by including
the reason for the failure in a single log line.  Suggested
by James Carey of Boeing.
Portability:
Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8).
Add support for SunOS 5.12 (aka Solaris 12). Patch from
John Beck of Oracle.

(jnemeth)

pull in the patch for the ASF demuxer security flaw from vlc2, the
code is almost identical
bump PKGREV
thanks to Daniel Horecki for the hint

(drochner)

add patch from upstream to fix insuficcient validation of UTF-8 strings
which is considered a security problem
bump PKGREV for the affected header, didn't check yet where this
header is compiled into
(boost-1.53 is out, just added the patch for a possible pullup)

(drochner)

stellarium update

(drochner)

update to 0.12.0
from the announcement:
This release brings some interesting new features:
- New rendering engine (Now you can see shadows on planets surfaces).
- New key-binding engine (Now all key-bindings can be edited).
- Improvements to scripting engine.
- Improvements to DSO
- Improvements to search tool
- Improved accuracy for archaeo-astronomical events
There have also been a large number of bug fixes and GUI improvements.
We are strongly recommended resetting all Stellarium settings
if you upgrade your previous installation!

(drochner)

+ mysql-5.1.68, mysql-5.6.10, samba-4.0.3.

(taca)

Note update of mail/postfix package to 2.8.14.

(taca)

Update postfix to 2.8.14.

  * The postconf(1) master.cf options parser didn't support "clusters"
    of daemon command-line option letters.

  * The local(8) delivery agent dereferenced a null pointer while
    delivering to null command (for example, "|" in a .forward
    file). Reported by Gilles Chehade.

  * A memory leak fix for tls_misc.c was documented but not included.

(taca)

Note update of security/openssl package to 0.9.8y.

(taca)

Update openssl to 0.9.8y.

Changes between 0.9.8x and 0.9.8y [5 Feb 2013]

  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.

    This addresses the flaw in CBC record processing discovered by
    Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
    at: http://www.isg.rhul.ac.uk/tls/

    Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
    Security Group at Royal Holloway, University of London
    (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
    Emilia K辰sper for the initial patch.
    (CVE-2013-0169)
    [Emilia K辰sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]

  *) Return an error when checking OCSP signatures when key is NULL.
    This fixes a DoS attack. (CVE-2013-0166)
    [Steve Henson]

  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
    the right response is stapled. Also change SSL_get_certificate()
    so it returns the certificate actually sent.
    See http://rt.openssl.org/Ticket/Display.html?id=2836.
    (This is a backport)
    [Rob Stradling <rob.stradling@comodo.com>]

  *) Fix possible deadlock when decoding public keys.
    [Steve Henson]

(taca)

Updated x11/libdrm to 2.4.42

(wiz)

Update to 2.4.42:

Alex Deucher (2):
      radeon: add OLAND family
      radeon: add OLAND pci ids

David Herrmann (1):
      man: fix manpage build instructions

Jesse Barnes (1):
      intel: add more VLV PCI IDs

Maarten Lankhorst (3):
      nouveau: use @PACKAGE_VERSION@ in libdrm_nouveau.pc
      libdrm: remove DISTCHECK_CONFIGURE_FLAGS
      configure.ac: bump version to 2.4.42 for release

Michel D辰nzer (1):
      radeon: Fix 1D tiling layout on SI.

Thierry Reding (1):
      man: Fix typo and use $() for make expressions

(wiz)

Updated net/mikutter to 0.2.1.1127

(obache)

Update mikutter to 0.2.1.1127.
* reduce memory usage with Ruby Gtk2 1.2.1 and later.
* fix image preview from some sites.

(obache)

Add revbump of xulrunner/firefox.

(ryoon)

Ensure the correct DTrace ABI is used.  Fixes Solaris 32-bit build.

(jperkin)

Updated print/kpathsea to 6.1.0nb1

(wiz)

Include correct header for putenv to avoid
warning: reference to compatibility putenv(); include <stdlib.h> for correct reference

Addresses PR 47534 by David A. Holland.

(wiz)

Mention samba30 and samba33 removals.

(wiz)

Remove samba30 and samba33, as stated by Aleksej Saushev on Jul 7, 2012.

(wiz)

Fixed building on Darwin; pkglint cosmetics

(adam)

this mornings updates.

(markd)

Update to 0.93

Changes unknown but 3 years of development since previous stable version.

(markd)