Preserve all of our environment.

(joerg)

Provide library search path for X11 libs.

(joerg)

Don't use -I without argument.

(joerg)

Ignore const cast issues.

(joerg)

Use PREPEND_PATH here in place of explicit PATH manipulation.

(joerg)

Provide path to libreadline explicitly.

(joerg)

Provide library search path explicitly via LDFLAGS.

(joerg)

Updated textproc/p5-XML-RSS to 1.56

(wiz)

Update to 1.56:

1.56    2014-12-04
    - Fix https://rt.cpan.org/Ticket/Display.html?id=100660
        - XML External Entities Exploit, as reported here:
            - http://mikeknoop.com/lxml-xxe-exploit/
        - Security.

(wiz)

Updated databases/p5-DB_File to 1.833

(wiz)

Update to 1.833:

1.833 9 Dec 2014

  * More Silence compiler warnings

  * 1.832 breaks bleadperl C89 build
    RT #100812

1.832 8 Dec 2014

  * Silence compiler warnings

  * C++ change from blead

(wiz)

Updated devel/p5-IO-Compress to 2.067

(wiz)

Update to 2.067:

  2.067 8 Dec 2014

      * RT #100257: IO::Compress::RawDeflate unnecessarily loads IO::Seekable

(wiz)

Updated devel/p5-Compress-Raw-Bzip2 to 2.067

(wiz)

Update to 2.067:

  2.067 8 Dec 2014

      * Silence compiler warnings

(wiz)

Updated devel/p5-Compress-Raw-Zlib to 2.067

(wiz)

Update to 2.067:

  2.067 8 Dec 2014

      * Silence Compiler Warnings

(wiz)

Updated devel/p5-ExtUtils-PkgConfig to 1.15

(wiz)

Update to 1.15:

1.15  Sat Sep 28 22:14:31 PDT 2013
    - Gracefully handle empty fields in pkg-config files.

1.14  Sun Feb  3 17:51:54 PDT 2013
    - Skip tests for pkg-config binary with the '--max-version' switch on
      OpenBSD 5.2, due to a bug in OpenBSD's implemenation of 'pkg-config'
    - Updated Makefile.PL to use a META_MERGE block with WriteMakefile(); this
      block is what MetaCPAN reads when generating page output

(wiz)

Updated databases/p5-DBD-SQLite to 1.46

(wiz)

Update to 1.46:

1.46 2014-12-10
    - Switched to a production version. (ISHIGAKI)

1.45_06 2014-11-26
    - Silenced a compile-time warning (Unescaped left brace
      in regex is deprecated) in PerlData virtual table
      under bleadperl

1.45_05 2014-11-25
    - Updated to SQLite 3.8.7.2
    - Restored regexp support in PerlData virtual table
      by secure reimplementation using closure (DAMI++)

1.45_04 2014-10-28
    *** CHANGES THAT MAY POSSIBLY BREAK YOUR OLD APPLICATIONS ***
    - Changed to apply quotemeta() to parameters while building
      a query for a virtual table using PerlData for security.
      (RIBASUSHI++ and MAUKE++) (DAMI, ISHIGAKI)

1.45_03 2014-10-25
    - Fixed regression of 0 as integer (ISHIGAKI)

1.45_02 2014-10-23
    - Improved int overflow handling under 32bit strawberry perl
      (ISHIGAKI)

1.45_01 2014-10-22
    - Updated to SQLite 3.8.7 (ISHIGAKI)
    - Resolved #76395 (hopefully): int values over 32 bit in length
      produce an error "datatype mismatch" (ISHIGAKI)

(wiz)

Updated devel/p5-Test-Fatal to 0.014

(wiz)

Update to 0.014:

0.014    2014-12-09 18:35:59-05:00 America/New_York
        - avoid assuming that t/todo.t is always called t/todo.t

(wiz)

Fake pkg-config for builtin libevent on NetBSD

(pettai)

Note update of the "phpmyadmin" package to version 4.3.1.

(tron)

Update "phpmyadmin" package to version 4.3.1.

The major changes in version 4.3.* are:
- Smart sorting for int keys
- Confirmation message when dropping user(s)
- Confirm dialog on accidentally leaving a page
- Allow clicking an approximate row count to get a correct one
- Support for editing binary fields in hexadecimal
- MariaDB 10+ multi-master replication support
- Allow saving query charts as images
- Use aliases in SQL export for tables and columns
- Export with table/column name changes
- Dynamic process list
- Drag and Drop SQL import
- Preview SQL instead of executing it
- Run SQL query: Allow rollback for InnoDB tables
- Zeroconf PMA tables support
- Regexp replace
- Avoid session timeout when user is active
- MySQL 5.7.5 compatibility
- Avoid session timeout when user is active
- Multiple-column foreign key relation
- Charts for data in <x-axis, series,="" value=""> format
- Range Search Capability
- Improvements for the table editor (index creation)
- PHP OpenSSL support for cookie encryption/decryption

(tron)

Set LICENSE.

(wiz)

Added devel/tmin version 0.05

(wiz)

+ tmin.

(wiz)

Import tmin-0.05 as devel/tmin.

Tmin is a simple utility meant to make it easy to narrow down
complex test cases produced through fuzzing. It is closely related
to another tool of this type, delta, but meant specifically for
unknown, underspecified, or hard to parse data formats (without
the need to tokenize and re-serialize data), and for easy integration
with external UI automation harnesses.

It also features alphabet normalization to simplify test cases that
could not be shortened.

(wiz)

Pullup ticket #4568.

(tron)

Pullup ticket #4568 - requested by pettai
net/unbound: security patch

Revisions pulled up:
- net/unbound/Makefile                                          1.32
- net/unbound/distinfo                                          1.24

---
  Module Name: pkgsrc
  Committed By: pettai
  Date: Tue Dec  9 10:11:27 UTC 2014

  Modified Files:
  pkgsrc/net/unbound: Makefile distinfo

  Log Message:
  Add fix for CVE-2014-8602

(tron)

Updated devel/afl to 0.89b

(wiz)

Update to 0.89b:

--------------
Version 0.89b:
--------------

  - Renamed afl-plot.sh to afl-plot, as requested by Padraig Brady.

  - Improved the compatibility of afl-plot with older versions of gnuplot.

  - Added banner information to fuzzer_stats, populated it to afl-plot.

--------------
Version 0.88b:
--------------

  - Added support for plotting, with design and implementation based on a
    prototype design proposed by by Michael Rash. Huge thanks!

  - Added afl-plot.sh, which allows you to, well, generate a nice plot using
    this data.

  - Refactored the code slightly to make more frequent updates to fuzzer_stats
    and to provide more detail about synchronization.

  - Added a fflush(stdout) call for non-tty operation, as requested by
    Joonas Kuorilehto.

  - Added some detail to fuzzer_stats for parity with plot_file.

(wiz)

Pullup ticket #4570.

(tron)

Pullup ticket #4570 - requested by taca
net/bind910: security update

Revisions pulled up:
- net/bind910/Makefile                                          1.2-1.3
- net/bind910/PLIST                                            1.2-1.3
- net/bind910/distinfo                                          1.2-1.3
- net/bind910/patches/patch-bin_tests_system_Makefile.in        1.2
- net/bind910/patches/patch-configure                          1.2
- net/bind910/patches/patch-lib_bind9_Makefile.in              deleted
- net/bind910/patches/patch-lib_dns_Makefile.in                deleted
- net/bind910/patches/patch-lib_dns_rbt.c                      1.2
- net/bind910/patches/patch-lib_isc_Makefile.in                deleted
- net/bind910/patches/patch-lib_isccc_Makefile.in              deleted
- net/bind910/patches/patch-lib_isccfg_Makefile.in              deleted
- net/bind910/patches/patch-lib_lwres_Makefile.in              deleted
- net/bind910/patches/patch-lib_lwres_getaddrinfo.c            1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Tue Oct 14 16:23:19 UTC 2014

  Modified Files:
  pkgsrc/net/bind910: Makefile PLIST distinfo
  pkgsrc/net/bind910/patches: patch-bin_tests_system_Makefile.in
      patch-configure patch-lib_dns_rbt.c patch-lib_lwres_getaddrinfo.c
  Removed Files:
  pkgsrc/net/bind910/patches: patch-lib_bind9_Makefile.in
      patch-lib_dns_Makefile.in patch-lib_isc_Makefile.in
      patch-lib_isccc_Makefile.in patch-lib_isccfg_Makefile.in
      patch-lib_lwres_Makefile.in

  Log Message:
  Update bind910 to 9.10.1.

  Security Fixes

      A query specially crafted to exploit a defect in EDNS option
      processing could cause named to terminate with an assertion
      failure, due to a missing isc_buffer_availablelength() check
      when formatting packet contents for logging. For more information,
      see the security advisory at https://kb.isc.org/article/AA-01166/.
      [CVE-2014-3859] [RT #36078]

      A programming error in the prefetch feature could cause named
      to crash with a "REQUIRE" assertion failure in name.c. For more
      information, see the security advisory at
      https://kb.isc.org/article/AA-01161/. [CVE-2014-3214] [RT #35899]

  New Features

      Support for CAA record types, as described in RFC 6844 "DNS
      Certification Authority Authorization (CAA) Resource Record",
      was added. [RT#36625] [RT #36737]

      Disallow "request-ixfr" from being specified in zone statements
      where it is not valid (it is only valid for slave and redirect
      zones) [RT #36608]

      Support for CDS and CDNSKEY resource record types was added. For
      details see the proposed Informational Internet-Draft "Automating
      DNSSEC Delegation Trust Maintenance" at
      http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
      [RT #36333]

      Added version printing options to various BIND utilities. [RT #26057]
      [RT #10686]

      Optionally allows libseccomp-based (secure computing mode)
      system-call filtering on Linux. This sandboxing mechanism may
      be used to isolate "named" from various system resources. Use
      "configure --enable-seccomp" at build time to enable it.  Thank you
      to Loganaden Velvindron of AFRINIC for the contribution. [RT #35347]

  Feature Changes

      "geoip asnum" ACL elements would not match unless the full
      organization name was specified.  They can now match against the
      AS number alone (e.g., AS1234). [RT #36945]

      Adds RPZ SOA to the additional section of responses to clearly
      indicate the use of RPZ in a manner that is intended to avoid
      causing issues for downstream resolvers and forwarders [RT #36507]

      rndc now gives distinct error messages when an unqualified zone
      name matches multiple views vs. matching no views [RT #36691]

      Improves the accuracy of dig's reported round trip times.  [RT #36611]

      When an SPF record exists in a zone but no equivalent TXT record
      does, a warning will be issued.  The warning for the reverse
      condition is no longer issued. See the check-spf option in the
      documentation for details. [RT #36210]

      Aging of smoothed round-trip time measurements is now limited
      to no more than once per second, to improve accuracy in selecting
      the best name server. [RT #32909]

      DNSSEC keys that have been marked active but have no publication
      date are no longer presumed to be publishable. [RT #35063]

  Bug Fixes

      The Makefile in bin/python was changed to work around a bmake
      bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)

      Corrected bugs in the handling of wildcard records by the DNSSEC
      validator: invalid wildcard expansions could be treated as valid
      if signed, and valid wildcard expansions in NSEC3 opt-out ranges
      had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]

      An assertion failure could occur if a route event arrived while
      shutting down. [RT #36887]

      When resigning, dnssec-signzone was removing all signatures from
      delegation nodes. It now retains DS and (if applicable) NSEC
      signatures.  [RT #36946]

      The AD flag was being set inappopriately on RPZ responses. [RT #36833]

      Updates the URI record type to current draft standard,
      draft-faltstrom-uri-08, and allows the value field to be zero
      length [RT #36642] [RT #36737]

      On some platforms, overhead from DSCP tagging caused a performance
      regression between BIND 9.9 and BIND 9.10.  [RT #36534]

      RRSIG sets that were not loaded in a single transaction at start
      up were not being correctly added to re-signing heaps.  [RT #36302]

      Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]

      Fixed a bug where some updated policy zone contents could be
      ignored due to stale RPZ summary information [RT #35885]

      A race condition could cause a crash in isc_event_free during
      shutdown.  [RT #36720]

      Addresses some problems with unrecoverable lookup failures. [RT #36330]

      Addresses a race condition issue in dispatch. [RT #36731]

      acl elements could be miscounted, causing a crash while loading
      a config [RT #36675]

      Corrects a deadlock between view.c and adb.c. [RT #36341]

      liblwres wasn't properly handling link-local addresses in
      nameserver clauses in resolv.conf. [RT #36039]

      Disable the GCC 4.9 "delete null pointer check" optimizer option,
      and refactor dns_rdataslab_fromrdataset() to separate out the
      handling of an rdataset with no records. This fixes problems
      when using GNU GCC 4.9.0 where its compiler code optimizations
      may cause crashes in BIND. For more information, see the operational
      advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]

      Fixed a bug that could cause repeated resigning of records in
      dynamically signed zones. [RT #35273]

      Fixed a bug that could cause an assertion failure after forwarding
      was disabled. [RT #35979]

      Fixed a bug that caused GeoIP ACLs not to work when referenced
      indirectly via named or nested ACLs. [RT #35879]

      FIxed a bug that could cause problems with cache cleaning when
      SIT was enabled. [RT #35858]

      Fixed a bug that caused SERVFAILs when using RPZ on a system
      configured as a forwarder. [RT #36060]

      Worked around a limitation in Solaris's /dev/poll implementation
      that could cause named to fail to start when configured to use
      more sockets than the system could accomodate. [RT #35878]

      Fixed a bug that could cause an assertion failure when inserting
      and deleting parent and child nodes in a response-policy zone.
      [RT #36272]

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Dec  8 21:59:09 UTC 2014

  Modified Files:
  pkgsrc/net/bind910: Makefile PLIST distinfo

  Log Message:
  Update bind910 to 9.10.1pl1 (BIND 9.10.1-P1).

  --- 9.10.1-P1 released ---

  4006. [security] A flaw in delegation handling could be exploited
  to put named into an infinite loop.  This has
  been addressed by placing limits on the number
  of levels of recursion named will allow (default 7),
  and the number of iterative queries that it will
  send (default 50) before terminating a recursive
  query (CVE-2014-8500).

  The recursion depth limit is configured via the
  "max-recursion-depth" option, and the query limit
  via the "max-recursion-queries" option.  [RT #37580]

  4003. [security] When geoip-directory was reconfigured during
  named run-time, the previously loaded GeoIP
  data could remain, potentially causing wrong
  ACLs to be used or wrong results to be served
  based on geolocation (CVE-2014-8680). [RT #37720]

  4002. [security] Lookups in GeoIP databases that were not
  loaded could cause an assertion failure
  (CVE-2014-8680). [RT #37679]

  4001. [security] The caching of GeoIP lookups did not always
  handle address families correctly, potentially
  resulting in an assertion failure (CVE-2014-8680).
  [RT #37672]

(tron)

-guile16

(gdt)

Set lang/guile16's successor to lang/guile.

This is arguable, but if there's a tool that reads these it would be
nice to give it a test case.

(gdt)

Updated powerdns to 3.4.1

(fhajny)

Update PowerDNS to 3.4.1.

pkgsrc changes:
- SQLite 2.x support no longer exists
- SQLite 3.x support cannot be compiled outside the main package because
  of how symbols are distributed, so making it a compile time option
  for net/powerdns now.

Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog:

  http://doc.powerdns.com/md/changelog/

Upgrade notes:

- PowerDNS 3.4 comes with a mandatory database schema upgrade coming from
  any previous 3.x release.
- PowerDNS 3.1 introduces native SQLite3 support for storing key material for
  DNSSEC in the bindbackend. With this change, support for bind+gsql-setups
  ('hybrid mode') has been dropped.
- PowerDNS 3.0 introduces full DNSSEC support which requires changes
  to database schemas. By default, old non-DNSSEC schema is assumed.

Please see the docs on upgrading for particular steps that need to be taken:

  http://doc.powerdns.com/md/authoritative/upgrading/

(fhajny)

Remove "CC" from CWRAPPERS_ALIASES.cxx.

Motivation: with "USE_CWRAPPERS=yes" on the default case-insensitive
OS X filesystem, linking the wrappers was failing, stopping the
build. For example:

    ===> Creating toolchain wrappers for mess822-0.58nb3
    ln: .../pkgsrc-current/mail/mess822/work/.cwrapper/bin/cc: File exists
    *** Error code 1

    Stop.

I never noticed this with the old wrappers, but they've also been
failing to link "CC" as an alias to "c++"; it's just that the failure
has been silent and I've never noticed a build failure for lack of
a "CC" wrapper, despite there probably never having been such a
wrapper.

Given that jperkin's SmartOS bulk build with this change produced
results similar to last week's non-cwrappers trunk build, we can
conclude that across platforms, the need for a "CC" wrapper is very
limited and we needn't try (and sometimes fail) to create one by
default.

(schmonz)

Updated x11/keylaunch to 1.3.9

(mef)

Set PATH for postgresql SMF, helps 3rd party software invoked via
modules like PL/Perl.

(fhajny)

(pkgsrc)
- Add LICENSE= gnu-gpl-v2
- Add MASTER_SITES

(upstream)
- Update 1.3.3 to 1.3.9
from debian/changelog
keylaunch (1.3.9) unstable; urgency=low
  * Distclean should clean too. (Closes: #570044)
  * Add missing script. Not automatically done, because of not using automake.

keylaunch (1.3.8) unstable; urgency=low
  * Fix several lintian errors and cleanup aclocal/autoconf stuff.

keylaunch (1.3.7) unstable; urgency=low
  * The keylaunch is not dead release!
  * Keylaunch is using dh_strip. (Closes: #498310)

keylaunch (1.3.6) unstable; urgency=low
  * At first remove all events from the X11 filedescriptor.
    This lead to a broken 1.3.5 version.

keylaunch (1.3.5) unstable; urgency=low
  * Use select instead of using a while loop with usleep.

keylaunch (1.3.4) unstable; urgency=low

  * Since keylaunch uses dh_strip, the install option -s is not needed.
    (Closes: #437252)

(Above all are by:)
-- Stefan Pfetzing <dreamind@dreamind.de>

(mef)

Add explicit dependency to ensure relinking is done in the correct
order.

(joerg)

Sync MOZ_BRANCH in xulrunner31 & xulrunner24 with their matching firefox
Add comment to firefox31 & firefox24 to also update their xulrunner

(abs)

Updated databases/redis to 2.8.18

(fhajny)

Update redis to 2.8.18.

* [FIX] Linenoise updated to be more VT100 compatible. (Salvatore Sanfilippo)
* [FIX] A number of typos fixed inside comments. (Various authors)
* [FIX] redis-cli no longer quits after long timeouts. (Matt Stancliff)
* [FIX] Test framework improved to detect never terminating scripts, cleanup
        instances on crashes. (Salvatore Sanfilippo)
* [FIX] PFCOUNT can be used on slaves now. (Salvatore Sanfilippo)
* [FIX] ZSCAN no longer report very small scores as 0. (Matt Stancliff,
        Michael Grunder, Salvatore Sanfilippo)
* [FIX] Don't show the ASCII logo if syslog is enabled. Redis is now
        an Enterprise Grade product. (Salvatore Sanfilippo)

* [NEW] EXPERIMENTAL: Diskless replication, for more info check the doc at
        http://redis.io/topics/replication. (Salvatore Sanfilippo).
* [NEW] Transparent Huge Pages detection and reporting in logs and
        LATENCY DOCTOR output. (Salvatore Sanfilippo)
* [NEW] Many Lua scripting enhancements: Bitops API, cjson upgrade and tests,
        cmsgpack upgrade. (Matt Stancliff)
* [NEW] Total and instantaneous Network bandwidth tracking in INFO.
* [NEW] DEBUG POPULATE two args form implemented (old form still works).
        The second argument is the key prefix. Default is "key:" (Salvatore
        Sanfilippo)
* [NEW] Check that tcp-backlog is matched by /proc/sys/net/core/somaxconn, and
        warn about it if not. (Salvatore Sanfilippo)

(fhajny)

+ e2fsprogs-1.42.12 [wip]
  felt-3.07 -> [wip]
  fmsx-3.8 -> 4.0

(mef)

sort.

(wiz)

Revert unintended commit.

(wiz)

Describe dblatex-fig.

(wiz)

Add a default-on dblatex-fig option to make transfig dependency optional.
Requested by Mark Meyer on pkgsrc-users.

(wiz)

(CHANGES-2014)
Updated editors/heme to 0.4.2 [mef 2014-12-10]
Updated sysutils/adtool to 1.3.3 [mef 2014-12-10]
Updated security/pinentry to 0.8.4 [mef 2014-12-10]
(TODO)
- adtool-1.3

(mef)

Updated databases/sqlite3 to 3.8.7.4

(adam)

Changes 3.8.7.4:
Bug fix: Add in a mutex that was omitted from the previous release.

(adam)

Update security/pinentry* from 0.8.3 to 0.8.4
The second part of the commit after Makefile.common updated
This is the last version pinentry-{qt,gtk} are available.

(mef)

Update security/pinentry* from 0.8.3 to 0.8.4
Another commit follows for other files.
This is the last version pinentry-{qt,gtk} are available.
-----------------------------------------
2014-09-18  Werner Koch  <wk@gnupg.org>
Release 0.8.4.

Add missing build support files and move them to build-aux.

Use generic autogen.sh script.
* autogen.rc: New.
* autogen.sh: New.  Take from GnuPG.
* Makefile.am (EXTRA_DIST): Add autogen.rc.
(DISTCHECK_CONFIGURE_FLAGS): Disable qt4.

2014-08-12  Werner Koch  <wk@gnupg.org>
common: Fix compiler warning.
* pinentry/pinentry.c (pinentry_utf8_to_local): Use cast for iconv arg.
(pinentry_local_to_utf8): Ditto.

New pinentry-tty version for dumb terminals.
* Makefile.am: Add pinentry-tty.
* NEWS: Add news about pinentry-tty.
* README: Update.
* configure.ac: Add support for this pinentry.
* tty/Makefile.am: New.
* tty/pinentry-tty.c: New.

2014-08-06  Andre Heinecke  <aheinecke@intevation.de>
Check for MOC also if pinentry-qt is disabled.
  * configure.ac: Call QT_PATH_MOC if pinentry_qt4 is not no.

Add fallbacks for SetForegroundWindow.
    If that foreground window fails pinentry-qt now tries to
    attach to the current foreground process and then tries
    to set the foreground window again. If that fails it also
    calls ShowWindow as a last resort.

    * qt4/pinentrydialog.cpp (raiseWindow): Add fallbacks in
    case SetForegroundWindow fails.

Use raiseWindow also for confirm dialogs.
    This should fix the case that the dialog opened
    in the foreground but a warning / confirm dialog
    opened in the background.

    * qt4/pinentryconfirm.cpp, qt4/pinentryconfirm.h (showEvent):
    New overwrite base class method to call raiseWindow.
    * NEWS: Mention this.

2014-07-30  Andre Heinecke  <aheinecke@intevation.de>
Set some accessibility information.
    * qt4/main.cpp (qt_cmd_handler): Build buttons with accessibile
    Description.
    * qt4/pinentrydialog.cpp (setDescription, setError, setOkText)
    (setCancelText, setQualityBar): Set an accessible description.
    * qt4/pinentryconfirm.cpp (PinentryConfirm): Set message
    box contents also as accessible values.
    * NEWS: Mention it and the copy/paste change from last year.

2013-07-15  Andre Heinecke  <aheinecke@intevation.de>
Lower paste length limit to 300.
    This should be more then enough and avoids possible problems
    with libassuan cmd line lenght or percent escaping etc.

    * qt4/qsecurelineedit.cpp (insert): Lower paste limit

Limit paste length to 1023 characters.
    * qt4/qsecurelineedit.cpp (insert): Check for a maximum
    length before allocation the secmem string.

Fix contextmenu support for pasting.
    MOC ignores preprocessor definitions so we can not conditionally
    declare SLOTS. So we now move the ifdefs in the definition and
    always declare the SLOTS.

    * qt4/qsecurelinedit.cpp (cut, copy, paste): Do nothing if
    QT_NO_CLIPBOARD is defined.
    * qt4/qsecurelinedit.h: Always declare cut, copy and paste slots

Remove check for RTL extensions.
    Our code does nothing RTL specific there anyway. And the
    qt_use_rtl_extensions symbol has been removed.

    * qt4/qsecurelinedit.cpp: Remove check for RTL extensions.

2013-07-12  Werner Koch  <wk@gnupg.org>
Fix for commit fb38be9 to allow for "make distcheck".
* qt4/Makefile.am: Make correct use of BUILT_SOURCES.

2013-05-29  Andre Heinecke  <aheinecke@intevation.de>
Add pinentry-qt4-clipboard option.
    Enabling this option will make it possible to paste a
    passphrase into pinentry-qt4. This defeats the secmem
    mechanism but drastically increases usability for some
    users.

    * configure.ac: New option pinentry-qt4-clipboard.
    * qt4/qsecurelineedit.cpp, qt4/qsecurelineedit.h: Activate
    clipboard and context menu if PINENTRY_QT4_CLIPBOARD is defined.

Remove qt4 moc files and add moc to buildsystem.
    This is neccessary to conditionally enable signals/slots
    at build time.

    * qt4/Makefile.am: Moc files automatically.
    * qt4/pinentryconfirm.moc, qt4/pinentrydialog.moc,
    qsecurelineedit.moc: Removed.

(mef)

Updated www/squid3 to 3.4.10

(adam)

Changes 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug 4148: external_acl_type header format does not accept the new libformat syntax
* Bug 4033: Rebuild corrupted ssl_db/size file
* Bug 3902: Docs: external_acl_type cache hash key
* Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match

(adam)

(pkgsrc)
- patch-aa is now included, removed.
- Add LICENSE= gnu-gpl-v2
- Add CONF_FILES related ${MV} at target post-install:
(Upstream)
- Update 1.2  to 1.3.3
  15/9/2009 1.3.3 release
  15/9/2009 added GPL license header to source files
  15/9/2009 --as-needed fix, patched src/tools/Makefile.am from Gentoo bug #128678
  8/6/2009 1.3.2 release
  8/6/2009 hide passwords from ps
  4/2/2009 1.3.1 release
  4/2/2009 removed reference to list option in man page and usage
  4/2/2009 updated libtool
  13/5/2005 disable ldap referrals to work better with win2k3 sp1
  30/8/2004 optarg null pointer fixes (Hilko Bengen)
  30/8/2004 delete password from memory (Stephan M将舁ler)

(mef)

Pullup ticket #4569.

(tron)

Pullup ticket #4569 - requested by taca
net/bind99: security update

Revisions pulled up:
- net/bind99/Makefile                                          1.39-1.40
- net/bind99/PLIST                                              1.8-1.9
- net/bind99/distinfo                                          1.25-1.26
- net/bind99/patches/patch-bin_tests_system_Makefile.in        1.5
- net/bind99/patches/patch-configure                            1.9
- net/bind99/patches/patch-lib_bind9_Makefile.in                deleted
- net/bind99/patches/patch-lib_dns_Makefile.in                  deleted
- net/bind99/patches/patch-lib_isc_Makefile.in                  deleted
- net/bind99/patches/patch-lib_isccc_Makefile.in                deleted
- net/bind99/patches/patch-lib_isccfg_Makefile.in              deleted
- net/bind99/patches/patch-lib_lwres_Makefile.in                deleted
- net/bind99/patches/patch-lib_lwres_getaddrinfo.c              1.2
- net/bind99/patches/patch-lib_lwres_getnameinfo.c              1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Tue Oct 14 16:21:02 UTC 2014

  Modified Files:
  pkgsrc/net/bind99: Makefile PLIST distinfo
  pkgsrc/net/bind99/patches: patch-bin_tests_system_Makefile.in
      patch-configure patch-lib_lwres_getaddrinfo.c
      patch-lib_lwres_getnameinfo.c
  Removed Files:
  pkgsrc/net/bind99/patches: patch-lib_bind9_Makefile.in
      patch-lib_dns_Makefile.in patch-lib_isc_Makefile.in
      patch-lib_isccc_Makefile.in patch-lib_isccfg_Makefile.in
      patch-lib_lwres_Makefile.in

  Log Message:
  Update bind99 to 9.9.6.

  New Features

      Support for CAA record types, as described in RFC 6844 "DNS
      Certification Authority Authorization (CAA) Resource Record",
      was added. [RT#36625] [RT #36737]

      Disallow "request-ixfr" from being specified in zone statements
      where it is not valid (it is only valid for slave and redirect
      zones) [RT #36608]

      Support for CDS and CDNSKEY resource record types was added. For
      details see the proposed Informational Internet-Draft "Automating
      DNSSEC Delegation Trust Maintenance" at
      http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
      [RT #36333]

      Added version printing options to various BIND utilities. [RT #26057]
      [RT #10686]

      On Windows, enable the Python tools "dnssec-coverage" and
      "dnssec-checkds". [RT #34355]

      Added a "no-case-compress" ACL, which causes named to use
      case-insensitive compression (disabling change #3645) for specified
      clients. (This is useful when dealing with broken client
      implementations that use case-sensitive name comparisons, rejecting
      responses that fail to match the capitalization of the query
      that was sent.) [RT #35300]

  Feature Changes

      Adds RPZ SOA to the additional section of responses to clearly
      indicate the use of RPZ in a manner that is intended to avoid
      causing issues for downstream resolvers and forwarders [RT #36507]

      rndc now gives distinct error messages when an unqualified zone
      name matches multiple views vs. matching no views [RT #36691]

      Improves the accuracy of dig's reported round trip times.  [RT #36611]

      The Windows installer now places files in the Program Files area
      rather than system services. [RT #35361]

      When an SPF record exists in a zone but no equivalent TXT record
      does, a warning will be issued.  The warning for the reverse
      condition is no longer issued. See the check-spf option in the
      documentation for details. [RT #36210]

      "named" will now log explicitly when using rndc.key to configure
      command channel. [RT #35316]

      The default setting for the -U option (setting the number of UDP
      listeners per interface) has been adjusted to improve performance.
      [RT #35417]

      Aging of smoothed round-trip time measurements is now limited
      to no more than once per second, to improve accuracy in selecting
      the best name server. [RT #32909]

      DNSSEC keys that have been marked active but have no publication
      date are no longer presumed to be publishable. [RT #35063]

  Bug Fixes

      The Makefile in bin/python was changed to work around a bmake
      bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)

      Corrected bugs in the handling of wildcard records by the DNSSEC
      validator: invalid wildcard expansions could be treated as valid
      if signed, and valid wildcard expansions in NSEC3 opt-out ranges
      had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]

      When resigning, dnssec-signzone was removing all signatures from
      delegation nodes. It now retains DS and (if applicable) NSEC
      signatures.  [RT #36946]

      The AD flag was being set inappopriately on RPZ responses. [RT #36833]

      Updates the URI record type to current draft standard,
      draft-faltstrom-uri-08, and allows the value field to be zero
      length [RT #36642] [RT #36737]

      RRSIG sets that were not loaded in a single transaction at start
      up were not being correctly added to re-signing heaps.  [RT #36302]

      Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]

      A race condition could cause a crash in isc_event_free during
      shutdown.  [RT #36720]

      Addresses a race condition issue in dispatch. [RT #36731]

      acl elements could be miscounted, causing a crash while loading
      a config [RT #36675]

      Corrects a deadlock between view.c and adb.c. [RT #36341]

      liblwres wasn't properly handling link-local addresses in
      nameserver clauses in resolv.conf. [RT #36039]

      Buffers in isc_print_vsnprintf were not properly initialized
      leading to potential overflows when printing out quad values.
      [RT #36505]

      Don't call qsort() with a null pointer, and disable the GCC 4.9
      "delete null pointer check" optimizer option. This fixes problems
      when using GNU GCC 4.9.0 where its compiler code optimizations
      may cause crashes in BIND. For more information, see the operational
      advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]

      Fixed a bug that could cause repeated resigning of records in
      dynamically signed zones. [RT #35273]

      Fixed a bug that could cause an assertion failure after forwarding
      was disabled. [RT #35979]

      Fixed a bug that caused SERVFAILs when using RPZ on a system
      configured as a forwarder. [RT #36060]

      Worked around a limitation in Solaris's /dev/poll implementation
      that could cause named to fail to start when configured to use
      more sockets than the system could accomodate. [RT #35878]

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Dec  8 21:58:18 UTC 2014

  Modified Files:
  pkgsrc/net/bind99: Makefile PLIST distinfo

  Log Message:
  Update bind99 to 9.9.6p1 (BIND 9.9.6-P1).

  --- 9.9.6-P1 released ---

  4006. [security] A flaw in delegation handling could be exploited
  to put named into an infinite loop.  This has
  been addressed by placing limits on the number
  of levels of recursion named will allow (default 7),
  and the number of iterative queries that it will
  send (default 50) before terminating a recursive
  query (CVE-2014-8500).

  The recursion depth limit is configured via the
  "max-recursion-depth" option, and the query limit
  via the "max-recursion-queries" option.  [RT #37580]

(tron)

Updated graphics/libsixel to 1.4.2

(obache)

Update libsixel to 1.4.2.

portability fixes.

(obache)

Updated multimedia/adobe-flash-plugin11 to 11.2.202.425

(obache)

Update adobe-flash-pluguin11 to 11.2.202.425 for APSB14-27.

(obache)

(pkgsrc)  Add LICENSE= gnu-gpl-v2
(upstream) Update 0.4 to 0.42, no upstream ChangeLog found.

(mef)

Updated mbone/rtptools to 1.20
Updated misc/mirmon to 2.10

(mef)

sys161

(dholland)

Update to 1.99.10. Upstream change:
  Add workaround for OpenBSD's srand/srandom breakage.

(dholland)

Update 2.08 to 2.10
mirmon 2.10 -- 15 augustus 2014
  o Probe only one site-url with "mirmon -get url site-url".
----------------------------------------------------------------------
mirmon 2.9 -- 13 augustus 2013
  o Added a LICENSE file, requested by fedora packagers.

(mef)

Update 1.18 to 1.20
1.20 (October 2013)
    Nick Birch (Nick.Birch@s-and-t.com): rtpsend -l (loop) flag does
    not work. Modified to rewind input file on feof if loop was
    set. Fails if length of line is greater than 2048
    characters. Increased to 4096 (sufficient for typical

    rtpdump: Put space after ext_data=<hex extension data> so that it
    can be parsed by rtpsend. parse_header doesn't comprehend the
    possible extension header. As a consequence any extension header
    data is also dumped twice. Once in the ext_data report and then a
    second time in the data report. Modify parse_header to return hlen
    that comprehends the extension header if present.

    The format for reporting contributing sources does not match the
    format accepted by rtpsend (i.e., reports "csrc[n] = xxxx" rather
    than "csrc[n]=0xxxxx"). Fixed. Note: the documentation is less
    than clear on the csrc syntax accepted by rtpsend.

1.19 (August 2010)
    Krzysztof Burghardt (krzysztof@burghardt.pl): "Wireshark
    implemented "rtpdump" file format in a bit different way, so
    cooperation beetwen those program is a bit problematic.
    Moreover rtptools compiled on i386 and amd64 have different size
    of file header (size of long in timeval is different)."

(mef)

Updated misc/cstream to 3.1.1
Updated misc/dvtm to 0.13

(mef)

Update 0.9 to 0.13
  From the web page: http://www.brain-dump.org/projects/dvtm/
dvtm-0.13 released (15.11.2014)
------------------------------
  Changes include:
* rewritten copy mode as an external process

  Upon MOD+e dvtm pipes the whole screen buffer content to $EDITOR.
  Whatever the editor writes to stdout will be stored in an internal
  dvtm register for later pasting with MOD+p.

  This only works if your editor of choice is usable as a filter i.e:

    echo Hello World | $EDITOR - | cat

  An alternative editor to use can be set with the environment variable
  $DVTM_EDITOR. Instructions for the intended usage together with vis
  can be found at:

    http://lists.suckless.org/dev/1411/23973.html

* tagging concept working the same as in dwm. Current key bindings are
  as follows:

      Mod-F[1..n]
      Mod-v-[1..n]
              View all windows with nth tag.

      Mod-0 View all windows with any tag.

      Mod-v-Tab
              Toggles to the previously selected tags.

      Mod-V-[1..n]
              Add/remove all windows with nth tag to/from the view.

      Mod-t-[1..n]
              Apply nth tag to focused window.

      Mod-T-[1..n]
              Add/remove nth tag to/from focused window.

  The default configuration sets up five different tags (1-5).

* rudimentarily sanitize $SHELL such that SHELL=dvtm dvtm is no longer
  a fork bomb.
* more flexible key binding configuration including the possibility
  to specify key bindings involving 3 subsequent symbols.
* unified drawing of minimized windows always on the last screen line.
  Previously the arrangement of those minimized windows was done by the
  individual layouts.
* use of pselect(2) instead of select(2) in order to fix a race condition.
* cleanups and comments for the terminal emulation code (vt.[ch]).
  This is also in preparation for eventual use in vis.
  Support for italic attributes and terminfo entries ({r,s}itm).
  Recognize '\033];title\007' as title changing sequence.
* build system (i.e config.mk) should now respect $TERMINFO and $PREFIX
  if set. By default _POSIX_C_SOURCE=200809L and _XOPEN_SOURCE=700 is
  used, if you get compile errors change them to match whatever your
  system needs to expose the required interfaces.
* Solaris and AIX support (with some tweaks to config.mk)
All in all a lot of code was changed, comments, patches and a thorough
review is always welcome!

As a kind of social experiment I also pushed a mirror of the repository
to github:
https://github.com/martanne/dvtm

dvtm-0.12 released (05.07.2014)
------------------------------
  Changes include:
* fixes to the redraw logic
* new copymode key bindings CTRL+u (page-up), CTRL+d (page-down), CTRL+c (quit)
* a new layout included in the source tarball but not enabled by default:
  vstack where all windows have the full screen width
* cleanups to the build system and manual page

The tagging branch[1] has also been rebased. Special thanks to Mark Edgar
for his patches.
dvtm-0.11 released (08.03.2014)
------------------------------
  Changes since the 0.10 release include:
* keybindings can be defined without any modifier key as result
  config.def.h was reindented. Sorry for the resulting merge
  conflicts.
* scroll up and down is now also bound to Shift-Page{Up,Down}
* the window border is no longer drawn if there exists only 1 window.
  This means when you start dvtm without any command you will just
  get a normal shell prompt without any decoration. This might be
  useful for people who use a terminal without builtin scrollback
  buffer support.
* MOD+Tab switches to the previously focused window
* Upon terminal resize the whole screen is completely redrawn. This
  fixes an issue with the optimized redraw logic introduced in the
  last release when attaching to an existing session with dtach or
  abduco.
* the lock functionality (MOD-X) has been removed, use a session
  management tool like abduco to detach from your controlling
  terminal and logout properly using the existing system mechanism.

dvtm-0.10 released (28.12.2013)
------------------------------
  This is mostly a bugfix release with
* improved redraw logic to reduce cursor flickering
* better non blocking input handling
* a couple of fixes to dvtm.info terminfo description (kbs, rs1)
* various other fixes (fd leakage, misuse of strncpy, handling of I/O errors)
as there were changes to dvtm.info make sure to install the new version.
Furthermore I've rebased the tagging branch, which provides the same tagging
facilities that we know and love from dwm, on top of master:

(mef)

(pkgsrc)
- Add LICENSE= x11
(upstream)
- Update cstream 2.7.5 to 3.1.1
3.1.1:
-----
  -n <nbytes_to_stream> was not clear to use numbers > 2 GB.  I didn't
  notice since it worked fine if you used suffixes "K/M/G" as long as
  the number was < 2 G.  Sorry about that.

3.1.0:
------
  O_DIRECT supported for input.

3.0.0:
------
  IPV6 support for IPV6 day 2011.

  The IPV6 support shouldn't break anything after hostname lookup
  succeeds.  Issues might be building on older platforms if I screwed up
  the autoconf mechanism to not compile it in.

  Having said that, assorted little code cleanups are in this release,
  too.  They shouldn't break anything but non-IPV6 things were touched.

Aftermath for 2.7.4 - 2.7.6:
----------------------------
  ATTENTION:
  I'm afraid that support for the '-B <size_of_buffer>' was clobbered in
  2.7.4 or whereabouts.  This one allowed you do have a reader do
  multiple reads before the writer could write or vice versa.

  Change reverted in 2.7.6.

  2.7.4 and 2.7.5 do not have working -B.

2.8.0:
------
  Support platforms that do not have open(2) with O_DIRECT.
  Such as MacOS X.

2.7.6:
------
  Revert 2.7.3 which broke -B

(mef)

Convert security/pinentry* to using Makefile.common style.
No any changes on built binary. Proposed at:
  http://mail-index.netbsd.org/pkgsrc-users/2014/12/08/msg020735.html
Thank you.

(mef)

Relax the version constraint to accept the latest ruby-mini_portile.

(schmonz)

Updated misc/ruby-mini_portile to 0.6.1

(schmonz)

Update to 0.6.1. From the changelog:

* Enhancements:
  * Expand path to logfile to easier debugging on failures.
    Pull #33 [marvin2k]

* Enhancements:
  * Add default cert store and custom certs from `SSL_CERT_FILE` if present.
    This increases compatibility with Ruby 1.8.7.

* Bugfixes:
  * Specify Accept-Encoding to make sure a raw file content is downloaded.
    Pull #30. [knu]

* Internal:
  * Improve examples and use them as test harness.

(schmonz)

-guile16

(gdt)

Remove guile16.

Guile has had multiple versions in pkgsrc because of compatibility
problems, starting with 1.4.  Currently, 1.8 is the stable version and
2.0 the new version in pkgsrc, even though in the regular world 1.8 is
old and 2.0 is stable.  As far as I know, no one uses guile 1.6 any
more, and it has no depending packages in pkgsrc (tex2page was the
last one).

(gdt)

-tex2page

(gdt)

Remove tex2page.

The current version is ancient, and doesn't work with guile 1.8.
While there is upstream activity, there are no release tarballs or
even tags in git.  A request to upstream asking for release tarballs
timed out.  I don't have any reason to think anyone is using this
package.

(gdt)

Pass down ABI flags for cwrappers too.

(joerg)

Ignore warnings about implicit pointer-to-true casts.

(joerg)

Updated net/dhcpcd to 6.6.5

(roy)

Import dhcpcd-6.6.5 with the following changes:

  *  Allow STOPPED to be processed by dhcpcd-run-hooks(8)
  *  Don't attempt to match IFT to ARP types directly
  *  If neither dig nor host are present, fallback to getent(1)
  *  If IFF_UP is not set when we get a carrier up event, poll for it
    instead of giving up
  *  Failure to bind to the DHCP port on the wildcard address when
    it's in-use is not an error

(roy)

Update HOMEPAGE.

(ryoon)

Updated cross/atasm to 1.06

(mef)

Fix RCS ID.

(joerg)