add and enable asterisk10

(jnemeth)

Added comms/asterisk10 version 10.0.0

(jnemeth)

Import Asterisk 10.0.0:

The Asterisk Development Team is proud to announce the release of
Asterisk 10.0.0. This release is available for immediate download
at http://downloads.asterisk.org/pub/telephony/asterisk/

Asterisk 10 is the next major release series of Asterisk. It will
be a Standard support release, similar to Asterisk 1.6.2. For more
information about support time lines for Asterisk releases, see
the Asterisk versions page:

  https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

With the release of the Asterisk 10 branch, the preceding '1.' has
been removed from the version number per the blog post available
at

http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-arrived-at-asterisk-10/

The release of Asterisk 10 would not have been possible without
the support and contributions of the community.

You can find an overview of the work involved with the 10.0.0
release in the summary:

http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary.txt

A short list of available features includes:

* T.38 gateway functionality has been added to res_fax.
* Protocol independent out-of-call messaging support. Text messages not
  associated with an active call can now be routed through the Asterisk
  dialplan. SIP and XMPP are supported so far.
* New highly optimized and customizable ConfBridge application capable
  of mixing audio at sample rates ranging from 8kHz-192kHz
* Addition of video_mode option in confbridge.conf to provide basic video
  conferencing in the ConfBridge() dialplan application.
* Support for defining hints has been added to pbx_lua.
* Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
* Much, much more!

A full list of new features can be found in the CHANGES file.

  http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES

Also, when upgrading a system between major versions, it is imperative
that you read and understand the contents of the UPGRADE.txt file,
which is located at:

  http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt

Thank you for your continued support of Asterisk!


Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(jnemeth)

pullup #3640

(spz)

Pullup ticket #3640 - requested by tron
security update for net/wireshark

Revisions pulled up:
- net/wireshark/Makefile                                        1.73
- net/wireshark/distinfo                                        1.52
- net/wireshark/patches/patch-bd                                deleted

-------------------------------------------------------------------
  Module Name: pkgsrc
  Committed By: tron
  Date: Wed Jan 11 09:48:24 UTC 2012

  Modified Files:
  pkgsrc/net/wireshark: Makefile distinfo
  Removed Files:
  pkgsrc/net/wireshark/patches: patch-bd

  Log Message:
  Update "wireshark" package to version 1.6.5. Changes since 1.6.4:
  - Bug Fixes
    The following vulnerabilities have been fixed.
        o wnpa-sec-2012-01
          Laurent Butti discovered that Wireshark failed to properly
          check record sizes for many packet capture file formats. (Bug
          6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
          Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
        o wnpa-sec-2012-02
          Wireshark could dereference a NULL pointer and crash. (Bug
          6634)
          Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
        o wnpa-sec-2012-03
          The RLC dissector could overflow a buffer. (Bug 6391)
          Versions affected: 1.4.0 to 1.4.10, 1.6.0 to 1.6.4.
      The following bugs have been fixed:
        o "Closing File!" Dialog Hangs. (Bug 3046)
        o Sub-fields of data field should appear in exported PDML as
          children of the data field instead of as siblings to it. (Bug
          3809)
        o Incorrect time differences displayed with time reference set.
          (Bug 5580)
        o Wrong packet type association of SNMP trap after TFTP
          transfer. (Bug 5727)
        o SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
        o Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
        o Wireshark Netflow dissector complains there is no template
          found though the template is exported. (Bug 6325)
        o DCERPC EPM tower UUID must be interpreted always as little
          endian. (Bug 6368)
        o Crash if no recent files. (Bug 6549)
        o IPv6 frame containing routing header with 0 segments left
          calculates wrong UDP checksum. (Bug 6560)
        o IPv4 UDP/TCP Checksum incorrect if routing header present.
          (Bug 6561)
        o Incorrect Parsing of SCPS Capabilities Option introduced in
          response to bug 6194. (Bug 6562)
        o Various crashes after loading NetMon2.x capture file. (Bug
          6578)
        o Fixed compilation of dumpcap on some systems (when
          MUST_DO_SELECT is defined). (Bug 6614)
        o SIGSEGV in SVN 40046. (Bug 6634)
        o Wireshark dissects TCP option 25 as an "April 1" option. (Bug
          6643)
        o ZigBee ZCL Dissector reports invalid status. (Bug 6649)
        o ICMPv6 DNSSL option malformed on padding. (Bug 6660)
        o Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
        o [UDP] - Length Field of Pseudo Header while computing CheckSum
          is not correct. (Bug 6711)
        o pcapio.c: bug in libpcap_write_interface_description_block.
          (Bug 6719)
        o Memory leaks in various dissectors.
        o Bytes highlighted in wrong Byte pane when field selected in
          Details pane.
  - Updated Protocol Support
      BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245
      HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS
      LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP,
      XML ZigBee ZCL
  - New and Updated Capture File Support
      Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network
      Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer,
      Tektronix K12, WildPackets {Airo,Ether}Peek.

  To generate a diff of this commit:
  cvs rdiff -u -r1.72 -r1.73 pkgsrc/net/wireshark/Makefile
  cvs rdiff -u -r1.51 -r1.52 pkgsrc/net/wireshark/distinfo
  cvs rdiff -u -r1.1 -r0 pkgsrc/net/wireshark/patches/patch-bd

(spz)

Suppress Oracle, from B.ICT A.P. deBROUWER Jr. in PR 45838.

(Someone(TM) might want to prepare an Oracle backend package for this,
if it can be done the same way as the Postgres and MySQL ones.)

(dholland)

Remove bwbasic

(ryoon)

Updated lang/bwbasic to 2.50

(ryoon)

Update to 2.50

Based on PR pkg/42846

Changelog:
CHANGES FROM 2.40 to 2.50
  * Bug fixes
  * New compilation procedure for MVS and CMS

CHANGES FROM 2.30 to 2.40
  * Bug fixes from Bill Chatfield
  * Updated documentation
  * Added support for compiling on CMS (another IBM mainframe OS)

CHANGES FROM 2.20pl2 to 2.30
  * Minor bug fixes, cosmetic improvements and portability improvements
  * Added support for compiling on MVS (IBM mainframe)

Tested on NetBSD/i3865.99.59 and 5.1.

(ryoon)

PR 40970: Always include <xorg.cf> for GccAliasingArgs regardless
of server support on the target plattform.  Fixes "GccAliasingArgs"
leftovers in Makefiles generated by imake(1) on m68k and sh3 etc.

OK joerg@

(shattered)

PR pkg/45799

* Use "mount -t nullfs" on FreeBSD, instead of "mount -t null".
* On Linux, for creating /dev/*, use "mount --bind".

Tested on FreeBSD/i386 9.0-RC3 and 9.0-RELEASE, CentOS/i386 6.2, 5.4,
and Gentoo Linux/i386 (Linux kernel 3).

O.K.ed by wiz@

(ryoon)

revert change for PR#45826.
libiconv is not used by bison directly.

(obache)

Updated net/mikutter to 0.0.4.642

(obache)

Update mikutter to 0.0.4.642.

* change behavior for the case that Twitter API response code is 401.

(obache)

updated ruby-gnome2 to 1.1.2.

(obache)

Update ruby-gnome2 to 1.1.2.

== Ruby-GNOME2 1.1.2: 2012-01-15

This is a bug fix release of 1.1.1.

=== Changes

==== Ruby/GLib2

  * Fixes
    * [GitHub#94] install missing header files.
      [Reported by mtasaka]

==== Ruby/Pango

  * Fixes
    * [GitHub#94] install a missing header file.
      [Reported by mtasaka]

==== Ruby/GdkPixbuf2

  * Fixes
    * [GitHub#94] install missing header files.
      [Reported by mtasaka]

=== Thanks

  * mtasaka

== Ruby-GNOME2 1.1.1: 2012-01-14

This is a bug fix release of 1.1.0.

=== Changes

==== Ruby/GLib2

  * Fixes
    * [ruby-list:48587] Re: [ANN] Ruby-GNOME2 1.1.0
      fix wrong parent class for GLib::IOChannelWin32Socket.
      [Reported by ashbb]

==== Ruby/GTK2

  * Fixes
    * Fixed a bug that Gtk::ActionGroup#add_radio_actions always fail.

==== Ruby/GStreamer

  * Improvements
    * [win32] Supported FLAC.

=== Thanks

  * ashbb

(obache)

bump API version to 1.1.0, switched to jpeg8 compatible API/ABI.

(obache)

Updated comms/asterisk18 to 1.8.8.1

(jnemeth)

Update to Asterisk 1.8.8.1.

share/doc/asterisk/AST.{txt,pdf} has been replaced with
share/doc/asterisk/Asterisk_Admin_Guide.  You will need a browser
to read the latter.

----- Asterisk 1.8.8.1 -----

The release of Asterisk 1.8.8.1 resolves a regression introduced
in Asterisk 1.8.8.0 reported by the community, and would have not
been possible without your participation.  Thank you!

The following is the issue resolved in this release:

* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop

  Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local
  bridge loop causes the loop to exit prematurely.  This causes a
  variety of negative side effects, which may include having Music
  On Hold failing during a SIP Hold.

For a full description of the changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.1

Thank you for your continued support of Asterisk!

----- Asterisk 1.8.8.0 -----

The release of Asterisk 1.8.8.0 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

The following is a sample of the issues resolved in this release:

* Updated SIP 484 handling; added Incomplete control frame
  When a SIP phone uses the dial application and receives a 484
  Address Incomplete response, if overlapped dialing is enabled
  for SIP, then the 484 Address Incomplete is forwarded back to
  the SIP phone and the HANGUPCAUSE channel variable is set to
  28. Previously, the Incomplete application dialplan logic was
  automatically triggered; now, explicit dialplan usage of the
  application is required.

* Prevent IAX2 from getting IPv6 addresses via DNS
  IAX2 does not support IPv6 and getting such addresses from DNS
  can cause error messages on the remote end involving bad IPv4
  address casts in the presence of IPv6/IPv4 tunnels.

* Fix bad RTP media bridges in directmedia calls on peers separated by
  multiple Asterisk nodes.

* Fix crashes in ast_rtcp_write()

* Fix for incorrect voicemail duration in external notifications.
  This patch fixes an issue where the voicemail duration was being
  reported with a duration significantly less than the actual
  sound file duration.

* Prevent segfault if call arrives before Asterisk is fully booted.

* Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
    http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

* Fix locking order in app_queue.c which caused deadlocks

* Fix regression in configure script for libpri capability checks

* Prevent BLF subscriptions from causing deadlocks.

* Fix deadlock if peer is destroyed while sending MWI notice.

* Fix issue with setting defaultenabled on categories that are already
  enabled by default.

* Don't crash on INFO automon request with no channel
    AST-2011-014. When automon was enabled in features.conf, it
    was possible to crash Asterisk by sending an INFO request if
    no channel had been created yet.

* Fixed crash from orphaned MWI subscriptions in chan_sip
  This patch resolves the issue where MWI subscriptions are orphaned
  by subsequent SIP SUBSCRIBE messages.

* Default to nat=yes; warn when nat in general and peer differ
    AST-2011-013. It is possible to enumerate SIP usernames when
    the general and user/peer nat settings differ in whether to
    respond to the port a request is sent from or the port listed
    for responses in the Via header.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0

Thank you for your continued support of Asterisk!

(jnemeth)

- depend upon two more packages no longer part of perl 5.14 base,
  p5-Class-ISA and p5-Data-Compare
- bump the p5-Audio-Scan acceptable version to what pkgsrc now has
- bump pkgrev as the depends have changed

(mrg)

USE_TOOLS+=perl (failed in today's solaris build)

(dholland)

Note update of mail/roundcube package to 0.7.1.

(taca)

angband-x11

(dholland)

Update roundcube package to 0.7.1.

* Handle config file of plugins, too.
* Roundcube use GNU GPL3 now.
* take maintainer ship.

Detail changes are too may, please refer CHANGELOG file
(http://trac.roundcube.net/browser/tags/roundcubemail/v0.7.1/CHANGELOG)
and old changes
(http://lists.roundcube.net/mail-archive/announce/2011-08/0000002.html).

(taca)

set USE_GAMESGROUP

(dholland)

Remove aria2

(ryoon)

Updated net/aria2 to 1.14.1

(ryoon)

Update to 1.14.1

Chngelog:
Changes
-------

* Supported network-path reference in HTTP redirect.

* Updated bash_completion.

* aria2 now doesn't assume download has completed just because file
  size matched. The only exception is zero-length file.  If server
  tells that file is zero-length and --checksum option is given,
  aria2 now correctly checks its checksum. There is one known issue:
  If downloaded file is zero-length file and .aria2 file exists, it
  will not be deleted on successful verification, because .aria2 file
  is not loaded.

* Fixed the bug that --checksum is not working. SFBUG#3466888

* Fixed compile error without libnettle, libgcrypt and openssl.
  SFBUG#3466463

* Fixed the bug that log file is not created if there is warning
  before log file is opened.

(ryoon)

Remove zsh-current

(ryoon)

Updated shells/zsh-current to 4.3.15

(ryoon)

Update to 4.3.15

Changelog:
* Bugfixes.
* Many improvements especially functions and completion.

Tested on NetBSD/i386 5.99.59 and 5.1.

(ryoon)

Remove java-lang-spec

(ryoon)

Updated lang/java-lang-spec to 3.0

(ryoon)

Update to 3.0

Update to "The Java Language Specification, Third Edition" HTML book.

* Update MASTER_SITES.

(ryoon)

Fixes build with openssl<1.0.0.
taken from upstream:
  http://qt.gitorious.org/qt/qt/commit/4db91cbd6147e40f543342f22c05b7baddc52e5a

resolve PR#45832.

(obache)

Updated comms/asterisk16 to 1.6.2.22

(jnemeth)

Update to Asterisk 1.6.2.22:

The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:

* The sample file listed *two* values for the 'nat' option as being the default.
  Only 'yes' is the default.

* The warning about having differing 'nat' settings confusingly referred to both
  peers and users.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22

Thank you for your continued support of Asterisk!

(jnemeth)

gsed related clean up.
* Stop to treat NetBSD's sed as GNU sed, not full compatible.
  * Then, no need to reset TOOLS_PLATFORM.gsed for NetBSD if USE_TOOLS+=gsed and
    real GNU sed is required.
  * In addition, convert simple USE_TOOLS+=gsed to conditionally, without NetBSD.
* convert {BUILD_,}DEPENDS+=gsed to USE_TOOLS, all tools from gsed are real gsed.

(obache)

Force real gsed only on NetBSD.

(hans)

Force real gsed only on NetBSD.

(hans)

Force real gsed only on NetBSD.

(hans)

Force real gsed only on NetBSD.

(hans)

USE_TOOLS=unzip
Require flex>=2.5.35 by FLEX_REQD. Tested on NetBSD/i386 5.1.

(hans)

Force gsed only on NetBSD.

(hans)

USE_TOOLS bash and unzip

(hans)

USE_TOOLS=unzip instead of DEPENDS/BUILD_DEPENDS.

(hans)

USE_TOOLS instead of DEPENDS for gtar and unzip. Unset
TOOLS_PLATFORM.unzip on NetBSD to force unzip from pkgsrc.

(hans)

Use native zip etc. if available.

(hans)

Convert to USE_TOOLS=zip.

(hans)

Support zip and related utilities as host tools.

(hans)

Convert the remaining few packages that explicitly set DEPENDS or
BUILD_DEPENDS on bison to USE_TOOLS=bison. The minimum bison version
required in mk/tools/bison.mk is good enough for all of them.

(hans)

Add bison.mk, derived from flex.mk, to allow setting a minimum bison
version required.

(hans)

Updated biology/gromacs to 4.5.5

(asau)

Update to Gromacs 4.5.5

Notable changes in Gromacs 4.5.5:

  * Improved pdb2gmx -chainsep option and reintroduced the -merge option.
  * Fixed mdrun file appending truncating files to 0 bytes when
    continuation runs stopped before writing new output.
  * Fixed COM pulling with multiple constraints checking the
    convergence of one constraint instead of all.
  * Fixed some dihedrals in sugars in Gromos53a5/6 working on the wrong atoms.
  * AmberGS force field is now based on Amber94 instead of Amber96.
  * Moved hydrogens in Charmm27 protein termini to separate
    charge groups and added ACE and CT3 residue types.
  * Many small fixes which avoid termination with fatal errors
    or crashes in mdrun and tools.
  * Many small updates to the manual pages of programs.

(asau)

Since this is thought to be a plug-in replacement for pkgsrc/jpeg,
it should provide the jpeg-8 API/ABI rather than the -6b one.
So switch to 1.1.0 with the jpeg8 "configure" option.
Tested to be binary compatible on i386, at least for simple
image viewers.
being here, add "test" target

(drochner)

Note update of devel/bison

(morr)

Add missing converters/libiconv buildlink, fixes PR 45826.

Bump PKGREVISION

(morr)

Updated x11/kterm to 6.2.0nb19

(ryoon)

Bump PKGREVISION.

* Update termios patch.
* Restore wheel mouse scroll support.
* Remove personal setting; patch-KTerm.ad.

(ryoon)

Pullup tickets #3646, #3647, #3648, #3649, #3650 and #3651.

(tron)

Pullup ticket #3651 - requested by taca
net/isc-dhcp4: security update

Revisions pulled up:
- net/isc-dhcp4/Makefile.common                                1.14
- net/isc-dhcp4/distinfo                                        1.10

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Fri Jan 13 13:42:09 UTC 2012

  Modified Files:
  pkgsrc/net/isc-dhcp4: Makefile.common distinfo

  Log Message:
  Update isc-dhcp4 package to 4.2.3p2. (ISC DHCP 4.2.3-P2).
  Alwo update isc-dhclient4, isc-dhcpd4 and isc-dhcrelay4.

  Changes since 4.2.3-P1

  ! Modify the DDNS handling code.  In a previous patch we added logging
    code to the DDNS handling.  This code included a bug that caused it
    to attempt to dereference a NULL pointer and eventually segfault.
    While reviewing the code as we addressed this problem, we determined
    that some of the updates to the lease structures would not work as
    planned since the structures being updated were in the process of
    being freed: these updates were removed.  In addition we removed an
    incorrect call to the DDNS removal function that could cause a failure
    during the removal of DDNS information from the DNS server.
    Thanks to Jasper Jongmans for reporting this issue.
    [ISC-Bugs #27078]
    CVE: CVE-2011-4868

(tron)

Pullup ticket #3650 - requested by ghen
net/powerdns: security update
net/powerdns-ldap: security update
net/powerdns-mysql: security update
net/powerdns-pgsql: security update
net/powerdns-sqlite: security update

Revisions pulled up:
- net/powerdns-ldap/Makefile                                    1.7
- net/powerdns-mysql/Makefile                                  1.7
- net/powerdns-pgsql/Makefile                                  1.9
- net/powerdns/Makefile.common                                  1.6
- net/powerdns/distinfo                                        1.9
- net/powerdns/patches/patch-aa                                1.3
- net/powerdns/patches/patch-ac                                deleted
- net/powerdns/patches/patch-ad                                deleted
- net/powerdns/patches/patch-ae                                deleted
- net/powerdns/patches/patch-af                                deleted
- net/powerdns/patches/patch-ag                                deleted
- net/powerdns/patches/patch-ah                                deleted
- net/powerdns/patches/patch-pdns_misc.hh                      deleted

---
  Module Name: pkgsrc
  Committed By: ghen
  Date: Fri Jan 13 12:12:49 UTC 2012

  Modified Files:
  pkgsrc/net/powerdns: Makefile.common distinfo
  pkgsrc/net/powerdns-ldap: Makefile
  pkgsrc/net/powerdns-mysql: Makefile
  pkgsrc/net/powerdns-pgsql: Makefile
  pkgsrc/net/powerdns/patches: patch-aa
  Removed Files:
  pkgsrc/net/powerdns/patches: patch-ac patch-ad patch-ae patch-af
      patch-ag patch-ah patch-pdns_misc.hh

  Log Message:
  Upgrade to PowerDNS 2.9.22.5, including a fix for CVE-2012-0206.

(tron)

Note update of ISC DHCP4 related packages to 4.2.3p2.

net/isc-dhcp4
net/isc-dhclient4
net/isc-dhcpd4
net/isc-dhcrelay4

(taca)

Update isc-dhcp4 package to 4.2.3p2. (ISC DHCP 4.2.3-P2).
Alwo update isc-dhclient4, isc-dhcpd4 and isc-dhcrelay4.

Changes since 4.2.3-P1

! Modify the DDNS handling code.  In a previous patch we added logging
  code to the DDNS handling.  This code included a bug that caused it
  to attempt to dereference a NULL pointer and eventually segfault.
  While reviewing the code as we addressed this problem, we determined
  that some of the updates to the lease structures would not work as
  planned since the structures being updated were in the process of
  being freed: these updates were removed.  In addition we removed an
  incorrect call to the DDNS removal function that could cause a failure
  during the removal of DDNS information from the DNS server.
  Thanks to Jasper Jongmans for reporting this issue.
  [ISC-Bugs #27078]
  CVE: CVE-2011-4868

(taca)

Pullup ticket #3649 - requested by obache
www/mediawiki: security update

Revisions pulled up:
- www/mediawiki/Makefile                                        1.18
- www/mediawiki/PLIST                                          1.7
- www/mediawiki/distinfo                                        1.11

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Fri Jan 13 11:27:17 UTC 2012

  Modified Files:
  pkgsrc/www/mediawiki: Makefile PLIST distinfo

  Log Message:
  Update mediawiki to 1.17.2.

  == MediaWiki 1.17.2 ==
  2012-01-11

  This a maintenance and security release of the MediaWiki 1.17 branch.

  === Security changes ===
  * (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.

  === Changes since 1.17.1 ===
  * (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.

  == MediaWiki 1.17.1 ==

  2011-11-24

  This a maintenance and security release of the MediaWiki 1.17 branch.

  === Security changes ===
  * (bug 32276) Skins were generating output using the internal page title which
      would allow anonymous users to determine wheter a page exists, potentially
      leaking private data. In fact, the curid and oldid request parameters would
      allow page titles to be enumerated even when they are not guessable.
  * (bug 32616) action=ajax requests were dispatched to the relevant internal
      functions without any read permission checks being done. This could lead to
      data leakage on private wikis.

(tron)

Pullup ticket #3648 - requested by drochner
textproc/libxml2: security patch

Revisions pulled up:
- textproc/libxml2/Makefile                                    1.111
- textproc/libxml2/distinfo                                    1.85
- textproc/libxml2/patches/patch-al                            1.2

---
  Module Name: pkgsrc
  Committed By: drochner
  Date: Thu Jan 12 11:25:10 UTC 2012

  Modified Files:
  pkgsrc/textproc/libxml2: Makefile distinfo
  pkgsrc/textproc/libxml2/patches: patch-al

  Log Message:
  add 2 patches from upstream:
  -fix buffer overflow on entity references with long name (CVE-2011-3919)
  -fix error handling on realloc() failure
  bump PKGREV

(tron)

mention recent updates/additions

(drochner)

Pullup ticket #3647 - requested by gdt
filesystems/tahoe-lafs: security update

Revisions pulled up:
- filesystems/tahoe-lafs/Makefile                              1.10
- filesystems/tahoe-lafs/distinfo                              1.7
- filesystems/tahoe-lafs/patches/patch-aa                      1.2

---
  Module Name: pkgsrc
  Committed By: gdt
  Date: Fri Jan 13 01:14:56 UTC 2012

  Modified Files:
  pkgsrc/filesystems/tahoe-lafs: Makefile distinfo
  pkgsrc/filesystems/tahoe-lafs/patches: patch-aa

  Log Message:
  Update to 1.9.1 (security fix):

  Release 1.9.1 (2012-01-12)
  --------------------------

  Security-related Bugfix
  '''''''''''''''''''''''

  - Fix flaw that would allow servers to cause undetected corruption when
    retrieving the contents of mutable files (both SDMF and MDMF). (`#1654`_)

  .. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654

(tron)

Note removal of lang/py-html-docs

(obache)

Remove py-html-docs from pkgsrc.
This package is a ancient package before support multi python version variants.
We can use py*-html-docs packages for each variants as it is now.

(obache)

Updated net/powerdns-* to 2.9.22.5.

(ghen)

Upgrade to PowerDNS 2.9.22.5, including a fix for CVE-2012-0206.

(ghen)

Pullup ticket #3646 - requested by joerg
lang/php: build for PHP extensions

Revisions pulled up:
- lang/php/ext.mk                                              1.24

---
  Module Name: pkgsrc
  Committed By: joerg
  Date: Thu Jan 12 18:25:50 UTC 2012

  Modified Files:
  pkgsrc/lang/php: ext.mk

  Log Message:
  Catch up with PHP 5.3 base.

(tron)

remove unnecessary patches

(drochner)

Update mediawiki TODO entry.

(obache)

remove a redundant entry.

(obache)

Updated www/mediawiki to 1.17.2

(obache)

Update mediawiki to 1.17.2.

== MediaWiki 1.17.2 ==
2012-01-11

This a maintenance and security release of the MediaWiki 1.17 branch.

=== Security changes ===
* (bug 33117) prop=revisions allows deleted text to be exposed through cache pollution.

=== Changes since 1.17.1 ===
* (bug 32709) Private Wiki users were always taken to Special:Badtitle on login.

== MediaWiki 1.17.1 ==

2011-11-24

This a maintenance and security release of the MediaWiki 1.17 branch.

=== Security changes ===
* (bug 32276) Skins were generating output using the internal page title which
  would allow anonymous users to determine wheter a page exists, potentially
  leaking private data. In fact, the curid and oldid request parameters would
  allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal
  functions without any read permission checks being done. This could lead to
  data leakage on private wikis.

(obache)

Recursive bump from audio/libaudiofile, x11/qt4-libs and x11/qt4-tools ABI bump.

(obache)

need to buildlink with openssl for QtNetwork.

(obache)

Updated filesystems/tahoe-lafs to 1.9.1

(gdt)

Update to 1.9.1 (security fix):

Release 1.9.1 (2012-01-12)
--------------------------

Security-related Bugfix
'''''''''''''''''''''''

- Fix flaw that would allow servers to cause undetected corruption when
  retrieving the contents of mutable files (both SDMF and MDMF). (`#1654`_)

.. _`#1654`: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654

(gdt)

Updated x11/qt4 to 4.8.0

(adam)

Changes 4.8.0:
Featuring Qt Platform Abstraction, threaded OpenGL support, multithreaded HTTP
and optimized file system access.

(adam)

Changes 4.8.0:
Featuring Qt Platform Abstraction, threaded OpenGL support, multithreaded HTTP
and optimized file system access.

(adam)

This package's licence is NOT a "modified BSD" in a common sense.
Reset LICENSE, bump package revision.

(asau)

Fix build on SunOS.

(hans)

Updated security/oath-toolkit to 1.10.5

(pettai)

Version 1.10.5

* Build fixes from Linus Nordberg and Arno Hautala.
* Update gnulib files.

(pettai)

Updated www/ap2-authn-otp to 1.1.4

(pettai)

Version 1.1.4:

    - Always allow stale time-based offsets to re-synchronize (issue #14)
    - Added "OTPAuthMaxOTPFailure" to lock accounts after repeated wrong OTP's

(pettai)

Update entry for ticket #3641.

(tron)

Pullup ticket #3641 - requested by taca
databases/php-mssql: security update
meta-pkgs/php53-extensions: security update

Revisions pulled up:
- lang/php53/distinfo                                          1.30
- lang/php53/patches/patch-php__mssql.h                        deleted
- meta-pkgs/php53-extensions/Makefile                          1.5

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 12 12:58:47 UTC 2012

  Modified Files:
  pkgsrc/lang/php53: distinfo
  Removed Files:
  pkgsrc/lang/php53/patches: patch-php__mssql.h

  Log Message:
  Fix build problem of databases/php-mssql.

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Jan 12 16:59:54 UTC 2012

  Modified Files:
  pkgsrc/meta-pkgs/php53-extensions: Makefile

  Log Message:
  Fix build problem along with update of php53; overhaul.

  * Don't specify upper limit version to depend.  Since PHP extensions are
    prefixed with PHP_PKG_PREFIX, it is no need to specify.
  * Relax lower limit version to depend for php extensions which aren't
    bundled in PHP 5.3.9 distribution file; reflecting recent change of
    lang/php/ext.mk

  To be safer, bump PKGREVISION.

(tron)