Update ruby-bundler package to 1.0.15.

## 1.0.15 (June 9, 2011)

Features:

  - Improved Rubygems integration, removed many deprecation notices

Bugfixes:

  - Escape URL arguments to git correctly on Windows (1.0.14 regression)

## 1.0.14 (May 27, 2011)

Features:

  - Rubinius platform :rbx (@rkbodenner)
  - Include gem rake tasks with "require 'bundler/gem_tasks" (@indirect)
  - Include user name and email from git config in new gemspec (@ognevsky)

Bugfixes:

  - Set file permissions after checking out git repos (@tissak)
  - Remove deprecated call to Gem::SourceIndex#all_gems (@mpj)
  - Require the version file in new gemspecs (@rubiii)
  - Allow relative paths from the Gemfile in gems with no gemspec (@mbirk)
  - Install gems that contain 'bundler', e.g. guard-bundler (@hone)
  - Display installed path correctly on Windows (@tadman)
  - Escape quotes in git URIs (@mheffner)
  - Improve Rake 0.9 support (@quix)
  - Handle certain directories already existing (@raggi)
  - Escape filenames containing regex characters (@indirect)

## 1.0.13 (May 4, 2011)

Features:

  - Compatibility with Rubygems master (soon to be v1.8) (@evanphx)
  - Informative error when --path points to a broken symlink
  - Support Rake 0.9 and greater (@e2)
  - Output full errors for non-TTYs e.g. pow (@josh)

Bugfixes:

  - Allow spaces in gem path names for gem tasks (@rslifka)
  - Have cap run bundle install from release_path (@martinjagusch)
  - Quote git refspec so zsh doesn't expand it (@goneflyin)

## 1.0.12 (April 8, 2011)

Features:

  - Add --no-deployment option to `install` for disabling it on dev machines
  - Better error message when git fails and cache is present (@parndt)
  - Honor :bundle_cmd in cap `rake` command (@voidlock, @cgriego)

Bugfixes:

  - Compatibility with Rubygems 1.7 and Rails 2.3 and vendored gems (@evanphx)
  - Fix changing gem order in lock (@gucki)
  - Remove color escape sequences when displaying man pages (@bgreenlee)
  - Fix creating GEM_HOME on both JRuby 1.5 and 1.6 (@nickseiger)
  - Fix gems without a gemspec and directories in bin/ (@epall)
  - Fix --no-prune option for `bundle install` (@cmeiklejohn)

## 1.0.11 (April 1, 2011)

Features:

  - Compatibility with Rubygems 1.6 and 1.7
  - Better error messages when a git command fails

Bugfixes:

  - Don't always update gemspec gems (@carllerche)
  - Remove ivar warnings (@jackdempsey)
  - Fix occasional git failures in zsh (@jonah-carbonfive)
  - Consistent lock for gems with double deps like Cap (@akahn)

## 1.0.10 (February 1, 2011)

Bugfixes:

  - Fix a regression loading YAML gemspecs from :git and :path gems
  - Requires, namespaces, etc. to work with changes in Rubygems 1.5

(taca)

Update ruby-arel package to 2.0.10, latest 2.0.x series.

== 2.0.10 / 2011/05/14

* Bug Fixes

  * Fix thread safety issue in ToSql visitor.  Thanks Damon McCormick and
    Cameron Walters!

(taca)

recursive bump from icu shlib major bump.

(obache)

Note update of the "sqlite3" package to version 3.7.6.3.

(tron)

Bump the revision number so it matches the version number required by
the buildlink file.

(tron)

add a patch from Gnome bugzille to fix a bug where the terminal could
be sent into an endless loop allocating memory by a simple escape sequence
bump PKGREV

(drochner)

add a hint for gnupg2 users (as claws-mail with the s/mime plugin)

(drochner)

Updated www/nginx to 1.0.4

(joerg)

Exactly pass OpenSP header and library locations to configure.
PR#45033.

(obache)

remove bpf_dump() definition from sf-gencode.h.
Its signature is changed at libpcap-1.0, not DragonFly specific,
and it should be defined by include of pcap.h, no need to define here.

fixes PR#45035.

(obache)

Update to nginx-1.0.4 on the release branch. Many bug fixes, improvements
for dealing with many clients under load, support for in-unmodified-since
and a shiny new manual page.

(joerg)

Fix interpreter path

(joerg)

Add missing version number to PKGNAME.

(obache)

fixes PKGNAME.

(obache)

Note update of the "automake14" package to version 1.4.6nb1.

(tron)

Add fix for the vulnerability reported in CVE-2009-4029 taken from the
automake GIT repository.

(tron)

recursive bump from textproc/icu shlib major bump.

(obache)

needs libsoup24>=2.34, noticed ny obache

(drochner)

update to 2.34.2
This switches to the new release branch.

(drochner)

Support gcc-4.5 and gcc-4.6. Some testing by J旦rn Clausen.

(wiz)

mono & mono-xsp updated to 2.10.2

(kefren)

Update to xsp-2.10.2, part of mono-2.10.2

(kefren)

Update to mono-2.10.2, a bugfix release on 2.10 branch. Full bugfixes list
at http://www.mono-project.com/Release_Notes_Mono_2.10.2

(kefren)

Add a note to be careful for updating this package.

(taca)

Add a note to be careful for updating this package.

(taca)

Updated security/ruby-roauth to 0.0.7

(obache)

Update ruby-roauth to 0.0.7.

bug fixes.

(obache)

Disable openexr, so it doesn't break the build when it's installed
and cmake finds it, but buildlink3 hides it. Reported by Aymeric.

XXX: should be made an option instead

(wiz)

Pullup ticket #3452.

(tron)

Pullup ticket #3452 - requested by obache
lang/sun-jdk6: security update
lang/sun-jre6: security update

Revisions pulled up:
- lang/sun-jdk6/Makefile                                        1.22
- lang/sun-jdk6/PLIST                                          1.12
- lang/sun-jdk6/distinfo                                        1.13
- lang/sun-jdk6/files/common                                    1.3
- lang/sun-jre6/Makefile                                        1.29
- lang/sun-jre6/PLIST.linux-i386                                1.22
- lang/sun-jre6/distinfo                                        1.16
- lang/sun-jre6/sfiles-i386.mk                                  1.5

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Thu Jun  9 09:08:18 UTC 2011

  Modified Files:
  pkgsrc/lang/sun-jdk6: Makefile PLIST distinfo
  pkgsrc/lang/sun-jdk6/files: common
  pkgsrc/lang/sun-jre6: Makefile PLIST.linux-i386 distinfo sfiles-i386.mk

  Log Message:
  Update sun-{jre,jdk}6 to 6.0.26, aka 6u26.

  Java SE 6 Update 26
  * Olson Data 2011g
  * Bug fixes
      This release contains fixes for security vulnerabilities. For more
      information, please see Oracle Java SE Critical Patch Update advisory:
      http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

  Java SE 6 Update 25
  * Olson Data 2011b
  * Java Hotspot VM 20
  * Performance Improvement to BigDecimal
  * Performance Improvement to java.util.logging.LogRecord
  * Bug Fixes

(tron)

mention updates

(drochner)

update to 1.0.16
changes: improvements to gameplay (tetromino sequence)

(drochner)

update to 2.6.3
changes:
-added level selection dialog
-fixes
-translation update

(drochner)

update to 1.3.3
changes:
-UI improvements
-bugfixes

(drochner)

update to 0.9.12
changes:
-added IPv6 support
-more statistics, can be exported as XML
-minor feature additions
-bugfixes

(drochner)

update to 4.4.15
changes: bugfixes

(drochner)

sync w/ base pkg

(drochner)

update to 23.3
Emacs 23.3 is primarily a bugfix release.  Also included are a number of
enhancements to VC and Rmail, and a new indentation library, smie.el.
For details, see the file etc/NEWS.

(drochner)

Update SIEVE_VERSION to 0.1.19
Update MANAGESIEVE_VERSION to 0.11.13, for dovecot-1.2.17.
rest part of PR#44970.

Sieve:
v0.1.19 19-05-2011 Stephan Bosch <stephan@rename-it.nl>

- Enotify extension: fixed inappropriate return type in mailto URI parse
  function, also fixing ARM compiler warning.
- Vacation extension: fixed handling of sendmail errors. It produced an
  additional confusing success message in case of error.
- Removed header MIME-decoding to fix erroneous address parsing. Applies to
  address test and vacation command.

ManageSieve:
v0.11.13:
- ManageSieve: fixed bug in UTF-8 checking of string values.

(obache)

Updated games/onscripter to 20110528

(obache)

Update onscripter to 20110528.
PR#45025 by ISIHARA Takanori.

some bug fixes.

(obache)

reset PKGREV for base pkg update

(drochner)

update to 5.14
changes:
-Optionally enabled full-scene OpenGL antialiasing. Set the resource
*multiSample to true if doing so doesn't kill performance with
your video hardware.
-New version of glhanoi.
-Image-loading hacks that display the file name now also display the
sub-directory (xscreensaver-getimage now returns relative paths
under imageDirectory).
-Passwords that contain UTF-8 non-Latin1 chars are now typeable.
-Added ``Quick Power-off in Blank Only Mode'' option.
-BSOD GLaDOS.
+bugfixes

(drochner)

update to 4.12.3
This is a minor bug fix release.

(drochner)

update to 3.2.6
changes:
-import speed improvements
-bugfixes
-translation updates

(drochner)

Updated mail/fetchmailconf to 6.3.20

(obache)

Updated mail/fetchmail to 6.3.20

(obache)

Update fetchmail to 6.3.20.
Requested by PR#45030.

fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):

# SECURITY BUG FIXES
* CVE-2011-1947:
  STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
  set timeout (default five minutes) now. This was reported missing, with
  observed fetchmail freezes beyond a week, by Thomas Jarosch.
    SSL-wrapped connections were unaffected by this timeout, so users of older
  versions can force ssl-wrapped connections -- if supported by the server --
  with the --ssl command line or ssl rcfile option.
  See fetchmail-SA-2011-01.txt for further details.

# BUG FIXES
* IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
  new messages and most of the range searches result in nothing. Instead, split
  the long response to make the IMAP driver think that there are multiple lines
  of response. (Sunil Shetye)
* Do not print "skipping message" for old messages even in verbose mode. If
  there are too many old messages, the logs just get filled without any real
  activity. (Sunil Shetye) (suggested by Yunfan Jiang)
* Build: fetchmail now always uses its own MD5 implementation rather than trying
  to find a system library with matched header. The library and header variants
  found on systems are too diverse, and the code size saving is not worth any
  more wasted user or programmer time.

# CHANGES
* Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
* fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
  there is no portable way to configure actual timeouts for this mode, and some
  systems only support a system-wide timeout setting. fetchmail does not
  attempt to tune the time spans of keepalive mode.

# TRANSLATION UPDATES
  [cs]    Chech (Petr Pisar)
  [nl]    Dutch (Erwin Poeze)
  [fr]    French (Fr辿d辿ric Marchal)
  [de]    German (Matthias Andree)
  [ja]    Japanese (Takeshi Hamasaki)
  [pl]    Polish (Jakub Bogusz)
  [sk]    Slovak (Marcel Telka)

# KNOWN BUGS AND WORKAROUNDS
  (this section floats upwards through the NEWS file so it stays with the
  current release information - however, it was stuck with 6.3.8 for a while)
* fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
  so compiling 32-bit SPARC code should not cause any difficulties.
* fetchmail does not track pending deletes over crashes.
* the command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.

fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):

# ERRATUM NOTICE ISSUED
* fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
  grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.

# BUG FIXES
* When specifying multiple local multidrop lists, do not lose wildcard flag.
  (Affects "user foo is bar baz * is joe here")
* In multidrop configurations, an asterisk can now appear anywhere in the list
  of local users, not just at the end.
* In multidrop mode, header parsing is now more verbose in -vv mode, so that it
  becomes possible to see which header is used.
* Make --antispam work from command line (these used to work in rcfiles).
  Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
* Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
  documents.  Skip validating Mailbox-Names-UTF7.html. Several systems have
  broken XHTML 1.1 DTD installations that jeopardize the build.
  Reported by Mihail Nechkin against FreeBSD port.
  Workaround for 6.3.18: build in a separate directory, i. e:
  mkdir build && cd build && ../configure --options-go-here
* Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
* Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
  and Derek Simkowiak via the fetchmail-users@ mailing list.
* Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
  server capabilities do not show support for upgradation to TLS.
  To use this, configure --sslproto tls1. (Sunil Shetye)
* IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
  Yasin Malli to fetchmail-users@ 2010-12-10.
  Note that fetchmail continues to expect literals as FETCH response for now.

# DOCUMENTATION
* The manual page now links to IANA for GSSAPI service names.

# TRANSLATION UPDATES
  [cs]    Czech (Petr Pisar)
  [fr]    French (Fr辿d辿ric Marchal)
  [de]    German
  [it]    Italian (Vincenzo Campanella)
  [pl]    Polish (Jakub Bogusz)

fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):

# SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
* Fetchmail now only accepts wildcard certificate common names and subject
  alternative names if they start with "*.". Previous versions would accept
  wildcards even if no period followed immediately.
* Fetchmail now disallows wildcards in certificates to match domain literals
  (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
  The test is overly picky and triggers if the pattern (after skipping the
  initial wildcard "*") or domain consists solely of digits and dots, and thus
  matches more than needed.
* Fetchmail now disallows wildcarding top-level domains.

# CRITICAL BUG FIXES AND REGRESSION FIXES
* Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
  functions, as an effect of an undocumented Solaris MD5 fix.
  This caused all MD5-related functions to malfunction if, for instance,
  libmd5.so was installed on other operating systems as part of libwww on
  machines where long isn't 32-bits, i. e. usually on 64-bit computers.
  Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
  Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
* Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
  --sslfingerprint was specified. This is an omission from an SSL usability
  change made in 6.3.17.
  Fixes Debian Bug#580796 reported by Roland Stigge.
* Fetchmail will now apply timeouts to the authentication stage.
  This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
  Reported missing by Thomas Jarosch.
* Fetchmail now cancels GSSAPI authentication properly when encountering GSS
  errors, such as no or unsuitable credentials.
  It now sends an asterisk on a line by its own, as required in SASL.
    This fixes protocol synchronization issues that cause Authentication
  failures, often observed with kerberized MS Exchange servers.
  Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
  fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.

# BUG FIXES
* Fetchmail will no longer print connection attempts and errors for one host
  in "silent" and "normal" logging modes, unless all connections fail. This
  should reduce irritation around refused-connection logging if services are
  only on an IPv4 socket if the host also supports IPv6. Often observed as
  connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
  then - silently - succeeds.  Fetchmail, unless in verbose mode, will collect
  all connect errors and only report them if all of them fail.
* Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
  credentials. However, if GSSAPI authentication is requested explicitly,
  fetchmail will always try it.
* Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
  RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
* The manual page clearly states that --principal is for Kerberos 4 only, not
  for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.

# CHANGES
* When encountering incorrect headers, fetchmail will refer to the bad-header
  option in the manpage.
  Fixes BerliOS Bug #17272, change suggested by Bj旦rn Voigt.
* Fetchmail now decodes and reports GSSAPI status codes upon errors.
* Fetchmail now autoprobes NTLM also for POP3.
* The Fetchmail FAQ has a new item #R15 on authentication failures.

# INTERNAL CHANGES
* The common NTLM authentication code was factored out from pop3.c and imap.c.

# TRANSLATION UPDATES
  [zh_CN] Chinese/simplified (Ji Zheng-Yu)
  [cs]    Czech (Petr Pisar)
  [nl]    Dutch (Erwin Poeze)
  [fr]    French (Fr辿d辿ric Marchal)
  [de]    German
  [it]    Italian (Vincenzo Campanella)
  [ja]    Japanese (Takeshi Hamasaki)
  [pl]    Polish (Jakub Bogusz)
  [sk]    Slovak (Marcel Telka)

(obache)

update to 2.12a
changes: bugfixes, minor feature improvements

(drochner)

update to 3.3.22
changes: speed improvement, bugfixes, UI improvements

(drochner)

Updated net/quvi to 0.2.16

(wiz)

Update to 0.2.16:

0.2.16  Sat May 21 2011  Toni Gundogdu

Changes: quvi
    - Rename '-s,--no-shortened' -> '-r,--no-resolve'
    - Add support for reading input from files

Changes: API
    - Add "Network interface" (quvi_net_*, QUVI_NET_*, quvi/net.h)
        - Add examples/callback_libsoup.c
    - Make LUA errors more informative (e.g. fname, func, etc.)
    - Add "Linked list interface" (quvi_llst_*, quvi/llst.h)
    - Add quvi_supported_ident (#44)
        - Add quvi_supported_ident_close
        - Add quvi_ident_getprop
    - Deprecate remaining symbols that use 'video' and 'link' in names
    - Rename (&depr.) QUVISTATUS_SHORTENED -> QUVISTATUS_RESOLVE
    - Rename (&depr.) QUVIOPT_NOSHORTENED -> QUVIOPT_NORESOLVE
    - Deprecate QUVIINFO_HTTPCODE, QUVIPROP_HTTPCODE

Changes: Webscripts
    - Pass _quvi_media_t to quvi object functions in LUA reg. index
    - collegehumor.lua: Add 'best' ('hq') format
    - LUA: Add resolve function to quvi object
    - Add bikeradar.lua (#50)
    - Add guardian.lua (#51)
    - Add more NSFW scripts
    - Add blip.lua (#39)

Changes: Build system
    - Add --with-soup (see INSTALL)

Changes: Documentation
    - INSTALL: Remove list of (obsolete) env. variables
    - Add doc/WebsiteScriptGuideLines
    - API: Reorganize "Modules"

Bugfixes: Webscripts
    - collegehumor.lua:51: server response code 404 (#35)
    - vimeo.lua:62: no match: hd button (#48)
    - liveleak.lua:48: no match: config (#47)

(wiz)

update to 3.0.11
changes:
-Modernize custom paper size dialog look
-Add an app chooser to the gtk-demo 'Pickers' example
-bugfixes
-translation updates

(drochner)

update to 2.28.8
changes:
-bugfixes
-translation updates

(drochner)

update to 0.12.1
changes: Many bug fixes and binding updates

(drochner)

bump PKGREV for webkit-gtk shlib change

(drochner)

update to 0.3.6
changes: speed improvements, bugfixes

(drochner)

update to 1.4.1
this switches to the new stable branch
(shlib major changed -> PKGREV bumps needed)

(drochner)

Updated comms/asterisk16 to 1.6.2.18

(jnemeth)

Updated comms/asterisk18 to 1.8.4.2

(jnemeth)

Upgrade to 1.8.4.2.  This fixes several security issues including:
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, AST-2011-006,
and AST-2011-007.

pkgsrc changes:
- add patch for autosupport script; == -> =
- patch configure to not unconditionally set PBX_LAUNCHD=1
  - this allows res_timing_kqueue.so to build

This last change brings a timing source to NetBSD which allows IAX
trunking and allows the bridging modules to work, a rather major
piece that was missing.  Note that I haven't extensively tested
it.  But, have at it...

===========================================================================
1.8.4.2:

The Asterisk Development Team has announced the release of Asterisk
version 1.8.4.2, which is a security release for Asterisk 1.8.

The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing
which can lead to a remotely exploitable crash:

    Remote Crash Vulnerability in SIP channel driver (AST-2011-007)

The issue and resolution is described in the AST-2011-007 security
advisory.

For more information about the details of this vulnerability, please
read the security advisory AST-2011-007, which was released at the same
time as this announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.2

Security advisory AST-2011-007 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-007.pdf

===========================================================================
1.8.4.1:

The Asterisk Development Team has announced the release of Asterisk 1.8.4.1.

The release of Asterisk 1.8.4.1 resolves several issues reported by the
community. Without your help this release would not have been possible.
Thank you!

Below is a list of issues resolved in this release:

* Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)

* Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
  This issue was found and reported by the Asterisk test suite.

* Resolve potential crash when using SIP TLS support.

* Improve reliability when using SIP TLS.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1

===========================================================================
1.8.4:

The Asterisk Development Team has announced the release of Asterisk 1.8.4.

The release of Asterisk 1.8.4 resolves several issues reported by the community.
Without your help this release would not have been possible. Thank you!

Below is a sample of the issues resolved in this release:

* Use SSLv23_client_method instead of old SSLv2 only.

* Resolve crash in ast_mutex_init()

* Resolution of several DTMF based attended transfer issues.

  NOTE: Be sure to read the ChangeLog for more information about these changes.

* Resolve deadlocks related to device states in chan_sip

* Resolve an issue with the Asterisk manager interface leaking memory when
  disabled.

* Support greetingsfolder as documented in voicemail.conf.sample.

* Fix channel redirect out of MeetMe() and other issues with channel softhangup

* Fix voicemail sequencing for file based storage.

* Set hangup cause in local_hangup so the proper return code of 486 instead of
  503 when using Local channels when the far sides returns a busy. Also affects
  CCSS in Asterisk 1.8+.

* Fix issues with verbose messages not being output to the console.

* Fix Deadlock with attended transfer of SIP call

Includes changes per AST-2011-005 and AST-2011-006
For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4

Information about the security releases are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.8.3.3:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.8.3.2:

he Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.

** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
    contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.2

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.8.3.1:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.1

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.8.3:

The Asterisk Development Team has announced the release of Asterisk 1.8.3.

The release of Asterisk 1.8.3 resolves several issues reported by the community
and would have not been possible without your participation. Thank you!

The following is a sample of the issues resolved in this release:

* Resolve duplicated data in the AstDB when using DIALGROUP()

* Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses.

* Reworking parsing of mwi => lines to resolve a segfault. Also add a set of
  unit tests for the function that does the parsing.

* When using cdr_pgsql the billsec field was not populated correctly on
  unanswered calls.

* Resolve memory leak in iCalendar and Exchange calendaring modules.

* This version of Asterisk includes the new Compiler Flags option
  BETTER_BACKTRACES which uses libbfd to search for better symbol information
  within both the Asterisk binary, as well as loaded modules, to assist when
  using inline backtraces to track down problems.

* Resolve issue where no Music On Hold may be triggered when using
  res_timing_dahdi.

* Resolve a memory leak when the Asterisk Manager Interface is disabled.

* Reimplemented fax session reservation to reverse the ABI breakage introduced
  in r297486.

* Fix regression that changed behavior of queues when ringing a queue member.

* Resolve deadlock involving REFER.

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3

===========================================================================
1.8.2.4:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.4

Security advisory AST-2011-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

(jnemeth)

Updated lang/sun-jdk6 to 6.0.26

(obache)

Updated lang/sun-jre6 to 6.0.26

(obache)

Update sun-{jre,jdk}6 to 6.0.26, aka 6u26.

Java SE 6 Update 26
* Olson Data 2011g
* Bug fixes
  This release contains fixes for security vulnerabilities. For more
  information, please see Oracle Java SE Critical Patch Update advisory:
  http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

Java SE 6 Update 25
* Olson Data 2011b
* Java Hotspot VM 20
* Performance Improvement to BigDecimal
* Performance Improvement to java.util.logging.LogRecord
* Bug Fixes

(obache)

Updated mail/rss2email to 2.71

(schmonz)

Update to 2.71. From the changelog:

* Potentially safer method for writing feeds.dat on UNIX
* Handle via links with no title attribute
* Handle attributes more cleanly with OVERRIDE_EMAIL and DEFAULT_EMAIL

(schmonz)

Updated textproc/py-html2text to 3.02

(schmonz)

Update to 3.02. From the changelog:

3.02:
* Use optparse for parsing and checking arguments
* Encode all output as UTF-8
* Accept optional encoding for local file or URL
* Use chardet for guessing local file character sets
* Fix double-newlines inside code blocks

3.01:
* Fix bug with unknown entities

3.0:
* Add forward compatibility with Python3

2.40:
* Update from sgmllib to HTMLParser so that valid XHTML doesn't fail

(schmonz)

sort

(jnemeth)

add and enable php-redis

(jnemeth)

Updated www/ikiwiki to 3.20110608

(schmonz)

Update to 3.20110608. From the changelog:

  * ikiwiki-mass-rebuild: Fix tty hijacking vulnerability by using su.
    (Once su's related bug #628843 is fixed.) Thanks, Ludwig Nussel.
    (CVE-2011-1408)
  * search: Update search page when page.tmpl or searchquery.tmpl are locally
    modified.

(schmonz)

Updated net/ucspi-tcp to 0.88nb3

(schmonz)

Add inet6 option using fefe's patch. Fix indentation and quell pkglint.

(schmonz)

Instead of a separate PLIST file for inet6, use PLIST_VARS.

(schmonz)

Updated net/djbdns to 1.05nb10

(schmonz)

Update ipv6 patch. Closes PR pkg/44469 by James A. T. Rice. While
here, fix indentation broken in previous and quell pkglint.

(schmonz)

+ dar-2.4.0, eric4-4.4.15, eric5-5.1.3, fotoxx-11.06, glib2-2.28.8,
  gnome-packagekit-3.0.3, gnutls-2.12.6, gtk3-3.0.11, horde-4.0.5,
  imp-5.0.5, inputproto-2.0.2, john-1.7.7jumbo5, libXi-1.4.3,
  libfolks-0.5.2, libssh-0.5.0, mu-0.9.6, openttd-1.1.1, pidgin-2.8,
  py-cups-1.9.56, raptor-2.0.3, turba-3.0.3, vala-0.12.1,
  worker-2.17.13.

(wiz)

Note update of databases/ruby-dbi package to 0.4.5nb1.

(taca)

Restrict dependency to devel/ruby-deprecated.  It is known not to work
with ruby-deprecated>=3.0.

Bump PKGREVISION.

(taca)

Note update of devel/ruby-polyglot package to 0.3.1nb1.

(taca)

No need to depends on devel/hoe.

Bump PKGREVISION.

(taca)

onscripter-20110528 [pkg/45025]

(obache)

Updated audio/sptk to 3.4.1

(obache)

Update sptk to 3.4.1.
In addition to PR#45024 by ISIHARA Takanori,
* also update refrence manual and examples PDF document files.
* exactly depend on csh, some installed scripts are csh script.

Version 3.4.1:
* add 'idct' command.
* remove all input/output data type except float from 'frame', 'snr', 'us16',
  and 'uscd' command.
* add input/output data type to many commands.
* show number of byte for all input/output data type in 'x2x' command.
* rename 'pcap' command to 'pcas' command.
* add new constant (octave and cent) to 'sopr' command.
* bug fixes.

(obache)

Updated audio/sonata to 1.6.2.1

(obache)

Update sonata to 1.6.2.1.
In addition to PR#45023 by ISIHARA Takanori,
* LICENSE=gnu-gpl-v3
* register egg
* convert some buildlink to simple DEPENDS, because no contents to buildlink.
* drop dependency on py-elementtree, it's py24 way.
* honor PKGMANDIR.

v1.6.2.1 - September 21, 2009
        + Library artwork caching/displaying improvements
        + Lyricwiki screen scraping workaround
        + Replace Amazon.com cover art fetching with Rhapsody.com
        + Bug: Fix library sorting when adding, e.g., albums to playlist
        + Bug: Fix window positioning weirdness when unwithdrawing from systray
        + Bug: Fix album being labeled various artists when a duplicate exists
        + Bug: Fix album tracks in the info tab being out of order sometimes
        + Bug: Show songs with a missing date in info album listing
        + Bug: Library icons change after adding stream to playlist
        + Bug: Cpu spike, tooltips missing in library search results with gtk 2.16.2

(obache)

Import php-redis-2.1.3 as databases/php-redis.

The phpredis extension provides an API for communicating with the Redis
key-value store. It is released under the PHP License, version 3.01.
This code has been developed and maintained by Owlient from
November 2009 to March 2011.

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(fhajny)

Updated databases/php-redis to 5.3.6.2.1.3

(fhajny)

Pullup ticket 3449

(sbd)

Pullup ticket #3449 - requested by wiz
graphics/png security update.

Revisions pulled up:
- graphics/png/Makefile                                        1.132-1.137
- graphics/png/distinfo                                        1.78-1.84
- graphics/png/patches/patch-pngconf.h                          0

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Tue Apr  5 12:47:56 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo
  Removed Files:
  pkgsrc/graphics/png/patches: patch-pngconf.h

  Log Message:
  Update to 1.5.2:

  Version 1.5.2beta01 [February 13, 2011]
    More -Wshadow fixes for older gcc compilers.  Older gcc versions apparently
      check formal parameters names in function declarations (as well as
      definitions) to see if they match a name in the global namespace.
    Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
      old VisualC++ preprocessor.
    Turned on interlace handling in png_read_png().
    Fixed gcc pendantic warnings.
    Handle longjmp in Cygwin.
    Fixed png_get_current_row_number() in the interlaced case.
    Cleaned up ALPHA flags and transformations.
    Implemented expansion to 16 bits.

  Version 1.5.2beta02 [February 19, 2011]
    Fixed mistake in the descriptions of user read_transform and write_transform
      function prototypes in the manual.  The row_info struct is png_row_infop.
    Reverted png_get_current_row_number() to previous (1.5.2beta01) behavior.
    Corrected png_get_current_row_number documentation
    Fixed the read/write row callback documentation.
      This documents the current behavior, where the callback is called after
      every row with information pertaining to the next row.

  Version 1.5.2beta03 [March 3, 2011]
    Fixed scripts/makefile.vcwin32
    Updated contrib/pngsuite/README to add the word "modify".
    Define PNG_ALLOCATED to blank when _MSC_VER<1300.

  Version 1.5.2rc01 [March 19, 2011]
    Define remaining attributes to blank when MSC_VER<1300.
    ifdef out mask arrays in pngread.c when interlacing is not supported.

  Version 1.5.2rc02 [March 22, 2011]
    Added a hint to try CPP=/bin/cpp if "cpp -E" fails in scripts/pnglibconf.mak
      and in contrib/pngminim/*/makefile, eg., on SunOS 5.10, and removed "strip"
      from the makefiles.
    Fixed a bug (present since libpng-1.0.7) that makes png_handle_sPLT() fail
      to compile when PNG_NO_POINTER_INDEXING is defined (Chubanov Kirill)

  Version 1.5.2rc03 [March 24, 2011]
    Don't include standard header files in png.h while building the symbol table,
      to avoid cpp failure on SunOS (introduced PNG_BUILDING_SYMBOL_TABLE macro).

  Version 1.5.2 [March 31, 2011]

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Tue May  3 09:07:35 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Update to 1.5.3beta04 to fix a regression reported on tech-pkg (see beta03,
  last entry).

  Version 1.5.3beta01 [April 1, 2011]
    Re-initialize the zlib compressor before compressing non-IDAT chunks.
    Added API functions to set parameters for zlib compression of non-IDAT
      chunks.

  Version 1.5.3beta02 [April 3, 2011]
    Updated scripts/symbols.def with new API functions.
    Only compile the new zlib re-initializing code when text or iCCP is
      supported, using PNG_WRITE_COMPRESSED_TEXT_SUPPORTED macro.
    Improved the optimization of the zlib CMF byte (see libpng-1.2.6beta03).
    Optimize the zlib CMF byte in non-IDAT compressed chunks

  Version 1.5.3beta03 [April 16, 2011]
    Fixed gcc -ansi -pedantic compile. A strict ANSI system does not have
      snprintf, and the "__STRICT_ANSI__" detects that condition more reliably
      than __STDC__ (John Bowler).
    Removed the PNG_PTR_NORETURN attribute because it too dangerous. It tells
      the compiler that a user supplied callback (the error handler) does not
      return, yet there is no guarantee in practice that the application code
      will correctly implement the error handler because the compiler only
      issues a warning if there is a mistake (John Bowler).
    Removed the no-longer-used PNG_DEPSTRUCT macro.
    Updated the zlib version to 1.2.5 in the VStudio project.
    Fixed 64-bit builds where png_uint_32 is smaller than png_size_t in
      pngwutil.c (John Bowler).
    Fixed bug with stripping the filler or alpha channel when writing, that
      was introduced in libpng-1.5.2beta01 (bug report by Andrew Church).

  Version 1.5.3beta04 [April 27, 2011]
    Updated pngtest.png with the new zlib CMF optimization.
    Cleaned up conditional compilation code and of background/gamma handling
      Internal changes only except a new option to avoid compiling the
      png_build_grayscale_palette API (which is not used at all internally.)
      The main change is to move the transform tests (READ_TRANSFORMS,
      WRITE_TRANSFORMS) up one level to the caller of the APIs.  This avoids
      calls to spurious functions if all transforms are disabled and slightly
      simplifies those functions.  Pngvalid modified to handle this.
      A minor change is to stop the strip_16 and expand_16 interfaces from
      disabling each other; this allows the future alpha premultiplication
      code to use 16-bit intermediate values while still producing 8-bit output.
      png_do_background and png_do_gamma have been simplified to take a single
      pointer to the png_struct rather than pointers to every item required
      from the png_struct. This makes no practical difference to the internal
      code.
    A serious bug in the pngvalid internal routine 'standard_display_init' has
      been fixed - this failed to initialize the red channel and accidentally
      initialized the alpha channel twice.
    Changed png_struct jmp_buf member name from png_jmpbuf to tmp_jmpbuf to
      avoid a clash with the png_jmpbuf macro on some platforms.

---
  Module Name: pkgsrc
  Committed By: adam
  Date: Fri May  6 07:19:23 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Changes 1.5.3beta05:
  * Added the "_POSIX_SOURCE" feature test macro to ensure libpng sees the
    correct API. _POSIX_SOURCE is defined in pngpriv.h, pngtest.c and
    pngvalid.c to ensure that POSIX conformant systems disable non-POSIX APIs.
  * Removed png_snprintf and added formatted warning messages.  This change adds
    internal APIs to allow png_warning messages to have parameters without
    requiring the host OS to implement snprintf.  As a side effect the
    dependency of the tIME-supporting RFC1132 code on stdio is removed and
    PNG_NO_WARNINGS does actually work now.
  * Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
    optimization configureable.
  * IDAT compression failed if preceded by a compressed text chunk (bug
    introduced in libpng-1.5.3beta01-02).  This was because the attempt to
    reset the zlib stream in png_write_IDAT happened after the first IDAT
    chunk had been deflated - much too late.  In this change internal
    functions were added to claim/release the z_stream and, hopefully, make
    the code more robust.  Also deflateEnd checking is added - previously
    libpng would ignore an error at the end of the stream.

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Sun May  8 06:02:43 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Switch to use default EXTRACT_SUFX for distfile, .tar.gz is the only long term
  provided archive for libpng beta release.

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sun May  8 09:09:20 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Update to 1.5.3beta06:
  Version 1.5.3beta06 [May 8, 2011]
    Removed the -D_ALL_SOURCE from definitions for AIX in CMakeLists.txt
    Implemented premultiplied alpha support: png_set_alpha_mode API

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Sun May  8 09:11:08 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: distinfo

  Log Message:
  regen for targz change

---
  Module Name: pkgsrc
  Committed By: wiz
  Date: Wed Jun  8 06:58:59 UTC 2011

  Modified Files:
  pkgsrc/graphics/png: Makefile distinfo

  Log Message:
  Update to 1.5.3rc02 for a security fix.

  Version 1.5.3beta07 [May 11, 2011]
    Added expand_16 support to the high level interface.
    Added named value and 'flag' gamma support to png_set_gamma.  Made a minor
      change from the previous (unreleased) ABI/API to hide the exact value used
      for Macs - it's not a good idea to embed this in the ABI!
    Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
      from pngpriv.h to png.h because they must be visible to applications
      that call png_set_unknown_chunks().
    Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
      before IDAT.

  Version 1.5.3beta08 [May 16, 2011]
    Improved "pngvalid --speed" to exclude more of pngvalid from the time.
    Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
    The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
      parameters are supplied by the caller), while in the absence of cHRM
      sRGB/Rec 709 values are still used.
    The bKGD chunk no longer overwrites the background value set by
      png_set_background(), allowing the latter to be used before the file
      header is read. It never performed any useful function to override
      the default anyway.
    Added memory overwrite and palette image checks to pngvalid.c
      Previously palette image code was poorly checked. Since the transformation
      code has a special palette path in most cases this was a severe weakness.
    Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
      expanding an indexed image, always expand to RGBA if transparency is
      present.

  Version 1.5.3beta09 [May 17, 2011]
    Reversed earlier 1.5.3 change of transformation order; move png_expand_16
      back where it was.  The change doesn't work because it requires 16-bit
      gamma tables when the code only generates 8-bit ones.  This fails
      silently; the libpng code just doesn't do any gamma correction.  Moving
      the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
      these are clearly better than none!

  Version 1.5.3beta10 [May 20, 2011]

    png_set_background() and png_expand_16() did not work together correctly.
      This problem is present in 1.5.2; if png_set_background is called with
      need_expand false and the matching 16 bit color libpng erroneously just
      treats it as an 8-bit color because of where png_do_expand_16 is in the
      transform list.  This simple fix reduces the supplied colour to 8-bits,
      so it gets smashed, but this is better than the current behavior.
    Added tests for expand16, more fixes for palette image tests to pngvalid.
      Corrects the code for palette image tests and disables attempts to
      validate palette colors.

  Version 1.5.3rc01 [June 3, 2011]
    No changes.

  Version 1.5.3rc02 [June 7, 2011]
    Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
      report by Frank Busse, related to CVE-2004-0421).

(sbd)