Updated devel/p5-Proc-Daemon to 0.14

(bouyer)

Add gmock

(ryoon)

Update to 0.14, OK sketch@
Changes since 0.03:
0.14  Fri Jun 03 2011
- The filename memory is now a part of the object (not a package variable
  any more). This was a bug.
- Since <fork> is not performed on Windows OS as on Linux, I removed the
  <eval> and <warn> from 0.13 and add an INFO to the documentation.
- Updated the documentation.

0.13  Wed Jun 01 2011
- Add ability to define the user identifier for the daemon if you want to
  run it under other user then the parent (request from Holger Gl舖s).
- Add <eval> and <warn> for OS not supporting POSIX::setsid (e.g. Windows).
- Updated the documentation.

0.12  Tue Mai 24 2011
- Init() did not close all filehandles reliably in some cases. Thanks again
  to Rob Brown for reporting.
- Text improvement in the documentation.

0.11  Mon Mai 23 2011
- Init() didn't close all filehandles reliably (see also bug report at
  http://rt.perl.org/rt3/Ticket/Display.html?id=72526). Thanks to Rob Brown
  for reporting and offering a patch.
- Attributes 'dont_close_fh' AND 'dont_close_fd' added so we can define
  file handles and descriptors that must be preserved from the parent into
  the child (daemon).
- Updated the documentation.
- In some environment it is not allowed to open anonymous files. In this
  case now a 'pid_file' must be defined. Thanks to Holger Gl舖s for
  reporting.

0.10  Fri Apr 01 2011
- Improvement how Init() determines whether it was passed a blessed object

0.09  Tue Mar 15 2011
- Fix for a possibly not reseted numbered match variable ($1).
- Typo fix and text improvement in the documentation.

0.08  Sun Mar 13 2011
- The <open> Mode of the daemon file handles STDIN, STDOUT, STDERR can be
  specified now. The default Mode values are the same as before.
- Updated the documentation.

0.07  Thu Feb 17 2011
- Add signal processing to Kill_Daemon().
- Updated the documentation.

0.06  Mon Jan 17 2011
- A lot of documentation was add to the source code.
- Daemon STDIN was fixed to "read" now instead of "write".
- Replaced global filehandles with scalars.
- Add a <die> if <chdir> fails.
- Updated the documentation and add a note to the documentation about the
  behavior of process-group Signals.

0.05  Thu Okt 28 2010
- Fixed a problem when using the old method of calling Proc::Daemon::Init
  without object (reported by Alex Samorukov). The parent process didn't
  exit.
- Fixed a problem with Proc::ProcessTable 0.44: Under some conditions
  'cmndline' retruns with space and/or other characters at the end.
- Update and small fixes in the documentation.

0.04  Sun Okt 24 2010
- Added functions: new(), adjust_settings(), fix_filename(), Status(),
  Kill_Daemon(), get_pid() and get_pid_by_proc_table_attr().
- Init() now returns the PID of the daemon.
- Fork() now allways returns values like Perls built-in 'fork' does.
- Description was rewritten, extended and moved to the new Daemon.pod file.
- Additional test are done at installation.
- $SIG{'HUP'} was set to be valid only 'local' (bug report).
- POSIX::EAGAIN() was added to Fork() (bug report).

(bouyer)

Import gmock-1.6.0 (googlemock) as devel/gmock from wip/gmock

Inspired by jMock, EasyMock, and Hamcrest, and designed with C++'s
specifics in mind, Google C++ Mocking Framework (or Google Mock for
short) is a library for writing and using C++ mock classes. Google Mock:

* lets you create mock classes trivially using simple macros,
* supports a rich set of matchers and actions,
* handles unordered, partially ordered, or completely ordered expectations,
* is extensible by users, and
* works on Linux, Mac OS X, Windows, Windows Mobile, minGW, and Symbian.

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(ryoon)

Updated sysutils/ups-nut to 2.6.1
Updated sysutils/ups-nut-cgi to 2.6.1
Updated sysutils/ups-nut-snmp to 2.6.1
Updated sysutils/ups-nut-usb to 2.6.1
Added sysutils/p5-UPS-Nut version 2.6.1

(bouyer)

Add p5-UPS-Nut

(bouyer)

Initial import of p5-UPS-Nut version 2.6.1:
Perl interface to talk to the NUT upsd network daemon

Status:

Vendor Tag: TNF
Release Tags: pkgsrc_base

(bouyer)

Update ups-nut* from 2.0.5 to 2.6.1. Changes are too large to list here,
see: http://www.networkupstools.org/source/2.6/new-2.6.1.txt

(bouyer)

Add libslang2-2.2.4

(ryoon)

Updated sysutils/flashrom to 0.9.4

(jakllsch)

Update flashrom to 0.9.4.

==New major user-visible features==
* Support for new programmers:
** OpenMoko Neo1973/Neo FreeRunner debug board version 2 or 3, FTDI FT2232-based (r1231)
** Olimex ARM-USB-TINY, ARM-USB-TINY-H, ARM-USB-OCD, and ARM-USB-OCD-H, FTDI FT2232-based (r1331)
** Open Graphics Project development card, OGD1 (r1241)
** Angelbird Wings PCIe SSD/88SX7042 (r1258)
** ITE IT85xx embedded controllers (r1262)
** Intel NIC with parallel flash (r1297)
* Dozens of added flash chips, chipsets, mainboards.
* Improved user interface.
* Reliability fixes for buggy hardware, buggy third party software and corner case spec conformance.
* Improved Dediprog SF100 support.
* Update port of flashrom package to Mac OS X using DirectHW.
* Improved support for protection status printing and chip unlocking.
* Fix and improve libpayload platform support.
* Add support for more than one Super I/O or EC per machine.
* Always read the flash chip before writing, for improved error checking and faster programming.
* Enable write support on NVIDIA MCP6x/MCP7x.
* Added SPI flash emulation capability to the dummy programmer.

==Infrastructural improvements and fixes==
* Shutdown function registration
* Improved error messages
* Correctness fixes
* Various workarounds for broken hardware
* Code cleanups

(jakllsch)

Updated textproc/groonga to 1.2.4

(obache)

Update groonga to 1.2.4.

Release 1.2.4 - 2011/07/29
--------------------------

Improvements
^^^^^^^^^^^^

* Re-supported *BSD. (Reported by OBATA Akio)
* Improved sed related portability. (Suggested by OBATA Akio)
* Re-supported Visual C++ 2008.
* Supported :doc:`commands/check` for hash table.
* Ignored invalid _score in --sortby of :doc:`commands/select`
  for convenience. #1030
* Added document about :doc:`log`.
* Supported ~/.editrc.
* Supported ~/.groonga-history.

Fixes
^^^^^

* Fixed broken libedit support. (Reported by Daiki Ueno)
* Fixed source URL in *.spec (Reported by Daiki Ueno)
* Fixed patricia trie cursor returns wrong records.
* Added missing database lock clear for grn_obj_clear_lock()
  for database.
* Fixed wrong record's column values deletion possible on
  record deletion.

(obache)

add patch from upstream to fix a directory traversal problem which
could allow information disclosure  by servers (CVE-2011-2524, does not
affect client applications)

(drochner)

Updated security/xml-security-c to 1.6.1

(pettai)

Changes since 1.6.0:

* [SANTUARIO-268] - TXFMXPathFilter->evaluateExpr crashes on Windows
* [SANTUARIO-270] - DSIGObject::load method crashes for ds:Object without Id att
ribute
* [SANTUARIO-271] - Bug when signing files with big RSA keys
* [SANTUARIO-272] - Memory bug inside XENCCipherImpl::deSerialise
* [SANTUARIO-274] - Function cleanURIEscapes always throws XSECException, when a
ny escape sequence occurs
* [SANTUARIO-275] - Function isHexDigit doesn't recognize invalid escape sequenc
es.
* [SANTUARIO-276] - Percent-encoded multibyte (UTF-8) sequences unrecognized
* [SANTUARIO-280] - RSA-OAEP handler only allows SHA-1 digests

(pettai)

Updated www/shibboleth-sp to 2.4.3

(pettai)

2.4.3:

Bug:
* [SSPCPP-357] - Library init routines should be idempotent
* [SSPCPP-358] - OpenSUSE 11.4 RPM build can't handle warnings during mod_shib build
* [SSPCPP-363] - Windows Installer loops infinitely if the SP is deinstalled from the Control Panel
* [SSPCPP-368] - Fails to build with g++ 4.6 (missing stddef.h)
* [SSPCPP-370] - SSL_CHECK_SERVERHELLO_TLSEXT
* [SSPCPP-371] - <SSO>SAML2</SSO> does not enable ECP support
* [SSPCPP-372] - Bug in query in ODBC storage service plugin
* [SSPCPP-374] - metagen.sh creates PAOS ACS elements twice
* [SSPCPP-379] - DiscoFeed should return empty feed with no metadata provider
* [SSPCPP-380] - When maxTimeSinceAuthn is used, valid time interval is miscalculated when IdP time is a few seconds ahead of SP time

Improvement:
* [SSPCPP-359] - metagen.sh includes xmlns for NAKEDHOSTS
* [SSPCPP-381] - Option to expire redirects on Apache

New Feature:
* [SSPCPP-364] - Add <mdui> examples into the example metadata shipped with the SP

(pettai)

Note update of the "rtorrent" package to version 0.8.6nb4.

(tron)

Describe "xmlrpc" option.

(tron)

Add optional XMLRPC support which is enabled by default. Based on a
patch Emile iMil Heitor.

(tron)

Updated security/opensaml to 2.4.3

(pettai)

Update fixes CVE-2011-2516
(See http://shibboleth.internet2.edu/secadv/secadv_20110706.txt for details)

(pettai)

Updated textproc/xmltooling to 1.4.2

(pettai)

1.4.2:

Bug:
    * [CPPXT-71] - Shorthand File CredentialResolver config fails to support use attribute
    * [CPPXT-73] - make distclean not removing pkgconfig files
    * [CPPXT-75] - sending SOAP 1.1 Fault to Shib Native SP ECP handler
    * [CPPXT-77] - Library init routines should be idempotent

(pettai)

Minor Makefile tweak

(pettai)

Note PKGREVISION bump of ttf2pk.

(minskim)

Sync ttf2pk with TeX Live 2011.

Changes:
      * parse.c, ttfenc.c: Bug fix. Increase buffer size for increased
        code/glyph range.

(minskim)

Remove INADYN [pkg/34502]
PR is closed.

(ryoon)

forgot to remove the stale PLIST
(whether GERNERATE_PLIST is better here is another question)

(drochner)

Note PKGREVISION bump of tex-metapost.

(minskim)

Do not generate an mpost format for mfplain, which is now a part of
web2c.  Noted by tron@.

(minskim)

Note update of tex-kpathsea{,-doc}.

(minskim)

Update tex-kpathsea-doc to 2011.

Changes:
- Documentation update for TeX Live 2011.

(minskim)

Update tex-kpathsea to 2011.  No functional change.

(minskim)

Updated databases/py-ldap to 2.4.3

(adam)

Changes 2.4.3:
Lib/
* Mostly corrected/updated __doc__ strings
Doc/
* Corrected rst files
* Added missing modules, functions, classes, methods, parameters etc.
  at least as auto-generated doc

Changes 2.4.2:
Logging:
* pprint.pformat() is now used when writing method/function
  arguments to the trace log
ldap.schema.subentry:
* SubSchema.__init__() now has new key-word argument check_uniqueness
  which enables checking whether OIDs are unique in the subschema subentry
* Code-cleaning: consequent use of method SubSchema.getoid() instead of
  accessing SubSchema.name2oid directly.
* SubSchema.getoid() and SubSchema.getoid() now have key-word argument
  raise_keyerror=0 and raise KeyError with appropriate description.

(adam)

Updated databases/mysql55 to 5.5.15

(adam)

Changes 5.5.15:
* The undocumented --all option for perror is deprecated and will be removed in
  MySQL 5.6.
Bugs Fixed:
* InnoDB Storage Engine: A failed CREATE INDEX operation for an InnoDB table
  could result in some memory being allocated and not freed. This memory leak
  could affect tables created with the ROW_FORMAT=DYNAMIC and
  ROW_FORMAT=COMPRESSED settings.
* Partitioning: Auto-increment columns of partitioned tables were checked even
  when they were not being written to. In debug builds, this could lead to a
  crash of the server.
* Partitioning: The UNIX_TIMESTAMP() function was not treated as a monotonic
  function for purposes of partition pruning.
* Replication: If a LOAD DATA INFILE statement窶排eplicated using statement-based
  replication窶杷eatured a SET clause, the name-value pairs were regenerated
  using a method (Item::print()) intended primarily for generating output for
  statements such as EXPLAIN EXTENDED, and which cannot be relied on to return
  valid SQL. This could in certain cases lead to a crash on the slave.
* To fix this problem, we now name each value in its original, user-supplied
  form, and use that to create LOAD DATA INFILE statements for statement-based
  replication.
* Previously, an inappropriate error message was produced if a multiple-table
  update for an InnoDB table with a clustered primary key would update a table
  through multiple aliases, and perform an update that may physically move the
  row in at least one of these aliases. Now the error message is: Primary
  key/partition key update is not allowed since the table is updated both as
  'tbl_name1' and 'tbl_name2'
* ALTER TABLE {MODIFY|CHANGE} ... FIRST did nothing except rename columns if
  the old and new versions of the table had exactly the same structure with
  respect to column data types. As a result, the mapping of column name to
  column data was incorrect. The same thing happened for ALTER TABLE DROP
  COLUMN, ADD COLUMN statements intended to produce a new version of table with
  exactly the same structure as the old version.
* Incorrect handling of metadata locking for FLUSH TABLES WITH READ LOCK for
  statements requiring prelocking caused two problems:
* Execution of any data-changing statement that required prelocking (that is,
  involved a stored function or trigger) as part of transaction slowed down
  somewhat all subsequent statements in the transaction. Performance in a
  transaction that periodically involved such statements gradually degraded
  over time.

(adam)

Fix PLIST on Darwin-11.*-x86_64.

(minskim)

Note update of tex-texlive-scripts.

(minskim)

Note update of ps2eps.

(minskim)

Update ps2eps to 1.68.

Changes:
- quoted translate command string
- quote of tmpfname for coping with spaces in filenames
- added -a option
- changed handling of hiresBB (now rounded to hiresprecision, by default 0.5pt)
- added %%BeginData %%EndData as indicators for Binary Section
- added new option -b (treat as binary) to prevent filtering CR/LF stuff
- fixed help/usage formatting output

(minskim)

Updated math/fftw{f} to 3.3

(adam)

Match version with math/fftw.

(adam)

implement "LDS Rn,MACL".

(mrg)

Changes 3.3:
* Compiling OpenMP support (--enable-openmp) now installs a fftw3_omp library,
  instead of fftw3_threads, so that OpenMP and POSIX threads (--enable-threads)
  libraries can be built and installed at the same time.
* Various minor compilation fixes, corrections of manual typos, and
  improvements to the benchmark test program.
* Add support for the AVX extensions to x86 and x86-64. The AVX code works with
  16-byte alignment (as opposed to 32-byte alignment), so there is no ABI
  change compared to FFTW 3.2.2.
* Added Fortran 2003 interface, which should be usable on most modern Fortran
  compilers (e.g. gfortran) and provides type-checked access to the the C FFTW
  interface. (The legacy Fortran-77 interface is still included also.)
* Added MPI distributed-memory transforms. Compared to 3.3alpha, the major
  changes in the MPI transforms are:
* Fixed some deadlock and crashing bugs.
* Added Fortran 2003 interface.
* Added new-array execute functions for MPI plans.
* Eliminated use of large MPI tags, since Cray MPI requires tags < 224.
* Expanded documentation.
* make check now runs MPI tests
* Some ABI changes — not binary-compatible with 3.3alpha MPI.
* Add support for quad-precision __float128 in gcc 4.6 or later (on x86.
  x86-64, and Itanium). The new routines use the fftwq_ prefix.
* Temporarily removed MIPS paired-single support due to lack of available
  hardware for testing. We hope to add it back before the final FFTW 3.3
  release; meanwhile, users who want this functionality should continue using
  FFTW 3.2.x.
* Removed support for the Cell Broadband Engine. Cell users should use FFTW
  3.2.x.
* New convenience functions fftw_alloc_real and fftw_alloc_complex to use
  fftw_malloc for real and complex arrays without typecasts or sizeof.

(adam)

Update tex-texlive-scripts to 2011.

Changes:
- Fix check-interpreter warnings.

(minskim)

Note update of kpathsea and related packages.

(minskim)

Make ps2pkm build with kpathsea-6.0.1.

(minskim)

Make xdvik build with kpathsea-6.0.1.

(minskim)

Update xetex to 0.9997.5.

Changes:
        * xetex.ch (pack_buffered_name): Adapt to modified ../tex.ch.
        (read_font_info): Cast print_c_string() arg to string.
        * xetex.ch: Reformulate to not depend on eTeX_version_string.
        * XeTeXFontInst.h: Fix prototype for xmalloc().
        * XeTeXFontMgr_FC.cpp, XeTeX_ext.c: Move (nested) extern
        declaration of gFreeTypeLibrary from here ...
        * XeTeX_ext.h: ... to here.
        * XeTeXOTLayoutEngine.{cpp,h}: Drop support for ICU < 4.2.

(minskim)

Update luatex to 0.70.1.

Changes:
- luatex now uses the standard synctex files.
- The default form margin is now zero (was 1bp before).
- New function node.currentattr() queries the current active attribute list.
- Lua font loading; ignore unknown enumeration keys in MathConstants.
- JPEG 2000 image support.
- Bug fixes.

(minskim)

Update web2c to 2011.

Changes:
* Doc changes and bug fixes.
* New commands: eptex, inimf, initex, and mfplain.

(minskim)

Update ptexenc to 1.2.0.

Changes:
        * ptexenc.c, ptexenc/ptexenc.h: Export toUCS().
        * ptexenc/unicode.h: Export UCStoUTF8().
        * ptexenc.c: Change version string "ptetex" => "ptexenc".
        * Makefile.am: Install ptexenc/unicode.h.

(minskim)

Update kpathsea to 6.0.1.

Changes:
* Trailing comments and whitespace omitted from config values.
* Add .tlu to type lua suffixes, and .dfont to truetype suffixes.
* Prefix program_invocation{,_short}_name with kpse_.
* Finally remove kpse_set_progname (deprecated since 1998).

(minskim)

Pullup tickets 3480 & 3481

(sbd)

Pullup ticket #3481 - requested by tez
textproc/groff security/portablity update

Revisions pulled up:
- textproc/groff/Makefile                                      1.59
- textproc/groff/distinfo                                      1.16
- textproc/groff/patches/patch-contrib_pdfmark_pdfroff.sh      1.2

---
  Module Name:  pkgsrc
  Committed By:  tez
  Date:          Wed Jul 27 16:33:25 UTC 2011
  Modified Files:
        pkgsrc/textproc/groff: Makefile distinfo
        pkgsrc/textproc/groff/patches: patch-contrib_pdfmark_pdfroff.sh
  Log Message:
  Adjust pdfroff security patch to not use '-p' option to mktemp which is
  missing on some platforms.  fixes PR#45181

(sbd)

Pullup ticket #3480 - requested by obache
security/clamav security update

Revisions pulled up:
- security/clamav/Makefile                                      1.4
- security/clamav/distinfo                                      1.4

---
  Module Name: pkgsrc
  Committed By: adam
  Date: Mon Jul 25 22:59:12 UTC 2011

  Modified Files:
  pkgsrc/security/clamav: Makefile distinfo

  Log Message:
  Changes 0.97.2
  ClamAV 0.97.2 fixes problems with the bytecode engine, Safebrowsing detection,
  hash matcher, and other minor issues. Please see the ChangeLog file for
  details.

(sbd)

Change MASTER_SITES to the new distribution point

(pettai)

Change MASTER_SITES to the new distribution point

(pettai)

Change MASTER_SITES to the new distribution point

(pettai)

Change MASTER_SITES to the new distribution point

(pettai)

drop ownership, some whitelist pkglint

(abs)

Updated databases/couchdb to 1.1.0.

Also fixed INSTALL_PROGRAM patch to not break install-sh.

Changes since 1.0.1
============================================================================

HTTP Interface:

* Native SSL support.
* Added support for HTTP range requests for attachments.
* Added built-in filters for '_changes': '_doc_ids' and '_design'.
* Added configuration option for TCP_NODELAY aka "Nagle".
* Allow POSTing arguments to '_changes'.
* Allow 'keys' parameter for GET requests to views.
* Allow wildcards in vhosts definitions.
* More granular ETag support for views.
* More flexible URL rewriter.
* Added support for recognizing "Q values" and media parameters in
  HTTP Accept headers.
* Validate doc ids that come from a PUT to a URL.

Externals:

* Added OS Process module to manage daemons outside of CouchDB.
* Added HTTP Proxy handler for more scalable externals.

Replicator:

* Added '_replicator' database to manage replications.
* Fixed issues when an endpoint is a remote database accessible via SSL.
* Added support for continuous by-doc-IDs replication.
* Fix issue where revision info was omitted when replicating attachments.
* Integrity of attachment replication is now verified by MD5.

Storage System:

* Multiple micro-optimizations when reading data.

View Server:

* Added CommonJS support to map functions.
* Added 'stale=update_after' query option that triggers a view update after
  returning a 'stale=ok' response.
* Warn about empty result caused by 'startkey' and 'endkey' limiting.
* Built-in reduce function '_sum' now accepts lists of integers as input.
* Added view query aliases start_key, end_key, start_key_doc_id and
  end_key_doc_id.

Futon:

* Added a "change password"-feature to Futon.

URL Rewriter & Vhosts:

* Fix for variable substituion

(fhajny)

Adjust pdfroff security patch to not use '-p' option to mktemp which is
missing on some platforms.  fixes PR#45181

(tez)

Fix build on (RH)EL 5 and 6, and possibly others.

Don't assume something if HAVE_NBTOOL_CONFIG_H is not defined, in
pkgsrc case we HAVE_CONFIG_H to sort things out.

(seb)

rrdtool prefers to render graphs with the DejaVu font, so depend on it.
Bump PKGREVISION.

(tnn)

Updated x11/mlterm to 3.0.6

(ryoon)

Update to 3.0.6

Changelog:
ver 3.0.6
* Support cairo for text rendering. (Experimental)
  (See doc/en/README.cairo in detail.)
* Support searching text in terminal screen. (Add "mlsearch.sh" tool.)
* "CSI < r", "CSI < s" and "CSI < t" sequences are supported.
* Improve cursor movement in bi-direction text.
* Improve compatibility of libvte. (Gtkterm2, evilvte and sakura work.)
* Ignore all spaces at the end of lines in selecting text regardless of their
  fg/bg colors.
* Support unicode indic characters (using ISCII fonts though). (Experimental)
* Other bug fixes:
  Fix a mistake which disabled configuration in $prefix/etc/mlterm in libvte.

(ryoon)

Updated games/scummvm to 1.3.1

(adam)

Changes 1.3.1:
General:
* Improved audio device detection and fallback.
  There should be no more silent errors due to invalid audio devices.
  Instead ScummVM should pick up a suitable alternative device.
Mohawk:
* Added detection entries for more variants of some Living Books games.
Tinsel:
* Fixed a regression that made Discworld uncompletable.
SAGA:
* Fixed a regression in Inherit the Earth's dragon walk code which
  was causing crashes there.
* Fixed a regression causing various crashes in I Have No Mouth and
  I Must Scream.
SCI:
* Added detection entries for some Macintosh game versions.
* Audio settings are now stored correctly for the CD version of EcoQuest 1.
SCUMM:
* Fixed graphics bug in FM-TOWNS versions of games on ARM devices
  (Android, iPhone, etc.).

(adam)

Add emulators/ski in the Makefile

(cherry)

Complete import of wip/ski

(cherry)

import wip/ski

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(cherry)

Complete move of emulators/ski -> emulators/ski-bin

(cherry)

copy compat_linux(8) binary package to appropriately named directory

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(cherry)

Pullup tickets 3478 & 3479

(sbd)

Pullup ticket #3479 - requested by taca
net/samba33 security update.

Revisions pulled up:
- net/samba33/Makefile                                          1.15
- net/samba33/distinfo                                          1.7
- net/samba33/patches/patch-af                                  1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jul 27 00:53:37 UTC 2011

  Modified Files:
  pkgsrc/net/samba33: Makefile distinfo
  pkgsrc/net/samba33/patches: patch-af

  Log Message:
  Update samba33 package to 3.3.16; security fix for swat.

                      ==============================
                      Release Notes for Samba 3.3.16
            July 26, 2011
                      ==============================

  This is a security release in order to address
  CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
  CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

  o  CVE-2011-2522:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site request forgery.

  o  CVE-2011-2694:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site scripting
      vulnerability.

  Please note that SWAT must be enabled in order for these
  vulnerabilities to be exploitable. By default, SWAT
  is *not* enabled on a Samba install.

  Changes since 3.3.15
  --------------------

  o  Kai Blin <kai@samba.org>
      * BUG 8289: SWAT contains a cross-site scripting vulnerability.
      * BUG 8290: CSRF vulnerability in SWAT.

(sbd)

Pullup ticket #3478 - requested by taca
net/samba35 security update.

Revisions pulled up:
- net/samba35/Makefile                                          1.8
- net/samba35/distinfo                                          1.5

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Wed Jul 27 00:52:20 UTC 2011

  Modified Files:
  pkgsrc/net/samba35: Makefile distinfo

  Log Message:
  Update samba35 pacakge to 3.5.10; security fix for swat.

                      ==============================
                      Release Notes for Samba 3.5.10
    July 26, 2011
                      ==============================

  This is a security release in order to address
  CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
  CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

  o  CVE-2011-2522:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site request forgery.

  o  CVE-2011-2694:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site scripting
      vulnerability.

  Please note that SWAT must be enabled in order for these
  vulnerabilities to be exploitable. By default, SWAT
  is *not* enabled on a Samba install.

  Changes since 3.5.9:
  --------------------

  o  Kai Blin <kai@samba.org>
      * BUG 8289: SWAT contains a cross-site scripting vulnerability.
      * BUG 8290: CSRF vulnerability in SWAT.

(sbd)

Note update of mail/postfix package to 2.8.4.

(taca)

Update postfix package to 2.8.4.

Postfix stable release 2.8.4 is available. This contains fixes and
workarounds that were already included with the Postfix 2.9
experimental release. Where applicable these fixes will also be
made available for the legacy releases Postfix 2.5..2.7.

    * Performance: a high load of DSN success notification requests
      could slow down the queue manager. Solution: make the trace
      client asynchronous, just like the bounce and defer clients.

    * The local(8) delivery agent ignored table lookup errors in
      mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps
      and (while bouncing mail to alias) alias owner lookup.

    * Workaround: dbl.spamhaus.org rejects lookups with "No IP
      queries" even if the name has an alphanumerical prefix. We
      play safe, and skip both RHSBL and RHSWL queries for names
      ending in a numerical suffix.

    * The "sendmail -t" command reported "protocol error" instead
      of "file too large", "no space left on device" etc.

    * The Postfix Milter client reported a temporary error instead
      of "file too large" in three cases.

    * Linux kernel version 3 support. Linus Torvalds has reset the
      counters for reasons not related to changes in code.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

(taca)

Delete patch that is not needed

(pettai)

Updated security/dnssec-tools to 1.10

(pettai)

1.10:
- New Features:
    - New Apps:    (see the validator/apps directory for details)
                    - dnssec-check: check dnssec support from your ISP
                    - dnssec-nodes: graphically displays a DNS
                      hierarchy, color coded by each node's DNSSEC status
                    - dnssec-system-tray: displays pop-up
                      notifications when a libval-enabled application
                      triggers a DNSSEC error
                    - lookup: a graphical DNS lookup utility that
                      displays the results in a hierarchical tree and
                      color codes the window according to DNSSEC status

    - libval:      - Added support for building on Windows.
                    - added support for falling back to recursion when
                      the caching name server does not appear to
                      support DNSSEC. This also works as a mechanism
                      to work around poisoned or misbehaving cache.
                    - Significant improvements to the the asynchronous support.
    - lsdnssec:    - Improvements to lsdnssec to display different
                      output depending on whether a zone is a
                      stand-alone zone or under control of rollerd.
    - nagios:      - Plugins for the nagios monitoring system which
                      enable monitoring of zone rollerover states.
    - firefox:      - Improved patches that work with the most recent firefox

Plus many more minor features and bug fixes

1.9:
- New Features:
    - lsdnssec:    - Added a new flag (-p) to show only zones in a
                      particular rollerd phase.
                    - fixed bugs to align timing output with rollerd.
    - rollerd:      - Added a -logtz flag for logging timezones
                    - fixed bugs related to the -alwayssign flag.
                    - zonesigner's path is taken from the config file.
    - rollctl:      - Added -rollall and -rollzone options.
    - zonesigner:  - Assumes keys need to be generated for new zones
                      (Assumes -genkeys option was given if a keyrec file
                      can't be found.)
                    - Exits with unique exit codes if a failure occurs.
                      ("zonesigner -xc CODE" can lookup a description for it.")
                    - Added the -phase option so rollover options could be
                      more easily specified.
    - lights:      - A simple GUI to check the status of rollover states
    - blinkenlights:- Added hide/show commands for rollrec names and zone
                      names, for split-zone support
    - cleankrf:    - Fixed deletion of obsolete set keyrecs.
    - GUI commands: - Fixed how the Exit command works so they don't coredump.

    - libsres
      & libval:    - New beta support for issuing asynchronous requests.
                      This can speed up queries by up to 4 times if used.
                      (see example code in validator/apps/validator_selftest.c)
                    - NSEC3, DLV and IPv6 are enabled by default.
                    - improved logging and logging-callback support.
    - drawvalmap    - Can output PNG files now

- Packaging:
                    - Our download page now allows you to download
                      the C validator libraries independently of the
                      full DNNSEC-Tools tool-suite.

- Many bugs were also fixed in the 240+ changes.

(pettai)

Updated net/lftp to 4.3.1

(pettai)

Version 4.3.1 - 2011-06-28

* fixed a coredump in torrent on linux with a ppp interface.
* translation updated (ru).

Version 4.3.0 - 2011-06-17

* new command `attach' to control a backgrounded lftp.
* automatically fill torrent:ipv6 setting.
* slightly improved torrent status display.
* fixed reconnect interval (it was sometimes uninitialized).
* several fixes for the case of cmd:parallel>1

(pettai)

Updated mail/mimedefang to 2.72

(pettai)

Here are the most important changes in MIMEDefang 2.72:

* In mimedefang.c, truncate overlong responses from the multiplexor. Also sanitize replies so "\r" doesn't get fed to smfi_setmlreply.
* If a slave process replies with a very long reply, have the multiplexor consume (and discard) the excess input so the multiplexor-to-slave protocol does not become de-synchronized.
* When mimedefang becomes a daemon, have it wait for a "go/no-go" message from the child before exiting. This should eliminate race conditions whereby the MTA starts before the milter socket is present.
* Avoid run-time errors from Unix::Syslog on some platforms.

(pettai)

Updated net/unbound to 1.4.12

(pettai)

1.4.12:

Bug Fixes:

* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
  fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated

1.4.11:

Features:

* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number registered with IANA, 8953.

Bug Fixes:

* Fix Makefile for U in environment, since wrong U is more common than deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
  --enable-allsymbols option links all binaries to libunbound and reduces install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
  Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain is dnssec secure. This avoids backwards incompatibility because those old servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.

(pettai)

Try to fix build problem with recent kerberos5 header?

The problem was noted by Paul Goyette on pkgsrc-users@.

(taca)

Updated net/ldns to 1.6.10

(pettai)

1.6.10
* New example tool added: ldns-gen-zone.
* bugfix #359: Serial-arithmetic for the inception and expiration
  fields of a RRSIG and correctly converting them to broken-out time
  information.
* bugfix #364: Slight performance increase of ldns-verifyzone.
* bugfix #367: Fix to allow glue records with the same name as the
  delegation.
* Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and*
  glue when the zone is opt-out.
* bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations,
  ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
* pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
  performance)
* Better handling of reference variables in ldns_rr_new_frm_fp_l from
  pyldns, with a very nice generator function by Bedrich Kosata.
* Decoupling of the rdfs in rrs in the python wrappers to enable
  the python garbage collector by Bedrich Kosata.
* bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
  build time and when used.
* bugfix #383: Fix detection of empty nonterminals of multiple labels.
* Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
  names (in stead of just the ones that contain glue only) and all
  occluded records on the delegation points (in stead of just the glue).
* Clarify the operation of ldns_dnssec_mark_glue and the usage of
  ldns_dnssec_node_next_nonglue functions in the documentation.
* Added function ldns_dnssec_mark_and_get_glue as an real fast
  alternative for ldns_zone_glue_rr_list.
* Fix parse buffer overflow for max length domain names.
* Fix Makefile for U in environment, since wrong U is more common than
  deansification necessity.

(pettai)

Updated security/opendnssec to 1.3.0

(pettai)

OpenDNSSEC 1.3.0

* Include simple-dnskey-mailer-plugin in dist.
* Enforcer: Change message about KSK retirement to make it less confusing.

Bugfixes:
* ods-control: If the Enforcer did not close down, you entered an infinite loop.
* Signer Engine: Fix log message typos.
* Signer Engine: Fix crash where ods-signer update
* Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.
* Zonefetcher: Sometimes invalid 'Address already in use' occurred.
* Bugfix #247: Fixes bug introduced by bugfix #242.

OpenDNSSEC 1.3.0rc3

* Do not distribute trang.

Bugfixes:
* Fix test for java executable and others.
* Auditor: Fix delegation checks.
* Bugfix #242: Race condition when receiving multiple NOTIFIES for a zone.
* ods-kaspcheck: Do not expect resalt in NSEC policy.
* Signer Engine: Ifdef a header file.
* Signer Engine: The default working directory was not specified.
* Signer Engine: Handle stdout console output throttling that would
  truncate daemon output intermittently.

OpenDNSSEC 1.3.0.rc2

* Match the names of the signer pidfile and enforcer pidfile.
* Include check for resign < resalt in ods-kaspcheck.

Bugfixes:
* Bugfix #231: Fix MySQL version check.
* ods-ksmutil: Update now sends a HUP to the enforcerd.
* Signer Engine: Fix assertion failure if zone was just added.
* Signer Engine: Don't hsm_close() on setup error.
* Signer Engine: Fix race condition bug when doing a single run.
* Signer Engine: In case of failure, also mark zone processed (single run).
* Signer Engine: Don't leak backup file descriptor.
* signconf.rnc now allows NSEC3 Iterations of 0

OpenDNSSEC 1.3.0rc1

* <SkipPublicKey/> is enabled for SoftHSM in the default configuration.
  It improves the performance by only using the private key objects.
* Document the <RolloverNotification> tag in conf.xml.

Bugfixes:
* Bugfix #221: Segmentation Fault on schedule.c:232
* Enforcer: 'make check' now works.
* Enforcer: Fixed some memory leaks in the tests.
* Signer Engine: Coverity report fixes some leaks and thread issues.
* Signer Engine: Now logs to the correct facility again.

OpenDNSSEC 1.3.0b1

* Support for signing the root. Use the zone name "."
* Enforcer: Stop import of policy if it is not consistent.
* ods-signer: The queue command will now also show what tasks the workers
  are working on.
* Signer Engine: Just warn if occluded zone data was found, don't stop signing p
rocess.
* Signer Engine: Simpler serial maintenance, reduces the number of conflicts.
  Less chance to hit a 'cannot update: serial too small' error message.
* Signer Engine: Simpler NSEC(3) maintenance.
* Signer Engine: Temperate the number of backup files.
* Signer Engine: Set number of <SignerThreads> in conf.xml to
  get peak performance from HSMs that can handle multiple threads.

Bugfixes:
* Bugreport #139: ods-auditor fails on root zone.
* Bugreport #198: Zone updates ignored?
* Replace tab with white-space when writing to syslog.
* Signer Engine: Do not block update command while signing.

(pettai)

Note update of net/samba33 and net/samba35 packages:

net/samba35 3.5.10
net/samba33 3.3.16

(taca)

Update samba33 package to 3.3.16; security fix for swat.

                  ==============================
                  Release Notes for Samba 3.3.16
          July 26, 2011
                  ==============================

This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

o  CVE-2011-2522:
  The Samba Web Administration Tool (SWAT) in Samba versions
  3.0.x to 3.5.9 are affected by a cross-site request forgery.

o  CVE-2011-2694:
  The Samba Web Administration Tool (SWAT) in Samba versions
  3.0.x to 3.5.9 are affected by a cross-site scripting
  vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.

Changes since 3.3.15
--------------------

o  Kai Blin <kai@samba.org>
    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
    * BUG 8290: CSRF vulnerability in SWAT.

(taca)

Update samba35 pacakge to 3.5.10; security fix for swat.

                  ==============================
                  Release Notes for Samba 3.5.10
  July 26, 2011
                  ==============================

This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

o  CVE-2011-2522:
  The Samba Web Administration Tool (SWAT) in Samba versions
  3.0.x to 3.5.9 are affected by a cross-site request forgery.

o  CVE-2011-2694:
  The Samba Web Administration Tool (SWAT) in Samba versions
  3.0.x to 3.5.9 are affected by a cross-site scripting
  vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.

Changes since 3.5.9:
--------------------

o  Kai Blin <kai@samba.org>
    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
    * BUG 8290: CSRF vulnerability in SWAT.

(taca)