openssh-5.5.1

(martti)

Updated security/openssh to 5.5.1

Lots of changes, including

* After a transition period of about 10 years, this release disables
  SSH protocol 1 by default. Clients and servers that need to use the
  legacy protocol must explicitly enable it in ssh_config / sshd_config
  or on the command-line.

* Remove the libsectok/OpenSC-based smartcard code and add support for
  PKCS#11 tokens. This support is automatically enabled on all
  platforms that support dlopen(3) and was inspired by patches written
  by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.

* Add support for certificate authentication of users and hosts using a
  new, minimal OpenSSH certificate format (not X.509). Certificates
  contain a public key, identity information and some validity
  constraints and are signed with a standard SSH public key using
  ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
  or via a TrustedUserCAKeys option in sshd_config(5) (for user
  authentication), or in known_hosts (for host authentication).

  Documentation for certificate support may be found in ssh-keygen(1),
  sshd(8) and ssh(1) and a description of the protocol extensions in
  PROTOCOL.certkeys.

* Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
  stdio on the client to a single port forward on the server. This
  allows, for example, using ssh as a ProxyCommand to route connections
  via intermediate servers. bz#1618

(martti)

postfix

(martti)

Updated mail/postfix-current to 2.8.20100603

* This is the latest development release

(martti)

Postfix stable release 2.7.1 fixes one defect in the XFORWARD
implementation (for SMTP-based content filters), improves robustness,
and has updates for changes in system or library interfaces.

    * Bugfix (introduced Postfix 2.6) in the XFORWARD implementation,
      which sends remote SMTP client attributes through SMTP-based
      content filters. The Postfix SMTP client did not skip "unknown"
      SMTP client attributes, causing a syntax error when sending
      an "unknown" client PORT attribute.

    * Robustness: skip LDAP queries with non-ASCII search strings,
      instead of failing with a database lookup error.

    * Safety: Postfix processes now log a warning when a matchlist
      has a #comment at the end of a line (for example mynetworks
      or relay_domains).

    * Portability: OpenSSL 1.0.0 changes the priority of anonymous
      cyphers.

    * Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
      instead of <nameser8_compat.h>.

    * Portability: Berkeley DB 5.x is now supported.

(martti)

vim-7.2.442

(martti)

Updated vim to 7.2.442

  3000  7.2.412  [ or ] followed by mouse click doesn't work
13552  7.2.413  large file support is incorrect
  2558  7.2.414  CTRK-K <space> <space> does not produce 0xa0 as expected
  2122  7.2.415  Win32: Can't open a remote file when starting Vim
  2757  7.2.416  logtalk.dict is not installed
  2262  7.2.417  if 'shell' has arg with a slash 'shellpipe' is not correct
  3048  7.2.418  Vim sets background or foreground color in a terminal to -1
  1471  7.2.419  memory leak in Motif when clicking on "Search Vim Help"
  2792  7.2.420  ":argedit" does not accept "++enc=utf8" as documented
  2108  7.2.421  when folds are not updated there is no way to force an update
  2174  7.2.422  may get E763 when using spell dictionaries
  4478  7.2.423  crash after assigning s: to variable
  5462  7.2.424  ":colorscheme" without an argument doesn't do anything
  1541  7.2.425  some compilers complain about fourth EX() argument
  2771  7.2.426  commas in 'langmap' are not always handled correctly
  5351  7.2.427  recovery doesn't follow symlinks to find swap file
  1758  7.2.428  setqflist([]) doesn't properly clear the error list
  1900  7.2.429  may get "New file" for file that is not accessible
  4275  7.2.430  ++bad arg is handled wrong, may cause invalid memory access
  2599  7.2.431  ":amenu" moves the cursor when in Insert mode
12967  7.2.432  translated menus make :emenu difficult to use
  5410  7.2.433  can't use cscope with QuickFixCmdPre and QuickFixCmdPost
  2106  7.2.434  (after 7.2.432) compilation fails without multi-lang feature
  4590  7.2.435  (after 7.2.430) crash when using bad_char_idx uninitialized
  4058  7.2.436  reproducible crash in syntax HL
  1605  7.2.437  (after 7.2.407) no line break for "\\\n" in expression of :s
  2045  7.2.438  (after 7.2.427) "vim -r" crashes
  3110  7.2.439  invalid memory access for thesaurus completion and 'infercase'
  5861  7.2.440  crash when deleting a funcref in the function it refers to
  3446  7.2.441  when using ":earlier" undo information may be wrong
  7872  7.2.442  (after 7.2.201) copy/paste with OpenOffice doesn't work

(martti)

Updated p5-Curses-UI-POE, p5-POE-Component-SNMP and p5-URI-Escape-XS.

(martti)

Updated www/p5-URI-Escape-XS to 0.07

Addressed:
#57168: memory leak in uri_escape ?
http://rt.cpan.org/Public/Bug/Display.html?id=57168

(martti)

Updated net/p5-POE-Component-SNMP

1.1002 Fri Dec  4 18:33:23 PST 2009
- Updated for Net::SNMP v6.0.0

- looking more closely at my fail reports, they have another
  problem: Net::SNMP uses a v-string, and it doesn't compare
  properly in the test suite.  Tweaked Makefile.PL.

- Applied cleanup patches from gcola aka acferen__yahoo.com to
  eliminate some harmless but annoying warnings.

- Turns out that using POE::Kernel->method as a global access
  to the kernel is unsupported.  Since I'm already importing
  POE::Kernel, I have $poe_kernel in my namespace already, so
  use that instead.

1.1003
- Cleanups

1.1004 Mon Dec  7 13:17:15 PST 2009
- more cleanups

1.1005 Mon Dec  7 13:30:08 PST 2009
- Apparently my 'eval { use Sub::Identify }' is causing
  hiccups with smoke testing.  Rewritten to 'eval { require Sub::Identify }'

1.1006 Sun Jan 10 20:17:10 PST 2010
- well I'm now blushing because I finally found a bug that was
  reported to me but I was previously unable to reproduce.
  The author of Net::SNMP has released v6.0.0, which doesn't
  compare very well to a "regular" number like 5.0.  This
  broke my 4.x support.  So I have removed it.

(martti)

Updated devel/p5-Curses-UI-POE to 0.03500

* Bug fixes

(martti)

fvwm

(martti)

Updated wm/fvwm-devel to 2.5.30

* Support libpng 1.4.0's slightly newer API.
* Don't lazy match AnyContext when printing out bindings and the contexts
  they apply to with "PrintInfo Bindings".

(martti)

mediawiki

(martti)

Updated www/mediawiki to 1.15.4

This is a security and bugfix release of MediaWiki 1.15.4.

Two security vulnerabilities were discovered.

Kuriaki Takashi discovered an XSS vulnerability in MediaWiki. It
affects Internet Explorer clients only. The issue is presumed to
affect all recent versions of IE, it has been confirmed on IE 6 and 8.

Noncompliant CSS parsing behaviour in Internet Explorer allows
attackers to construct CSS strings which are treated as safe by
previous versions of MediaWiki, but are decoded to unsafe strings by
Internet Explorer. Full details can be found at:
https://bugzilla.wikimedia.org/show_bug.cgi?id=23687

A CSRF vulnerability was discovered in our login interface. Although
regular logins are protected as of 1.15.3, it was discovered that the
account creation and password reset features were not protected from
CSRF. This could lead to unauthorised access to private wikis. See
https://bugzilla.wikimedia.org/show_bug.cgi?id=23371 for details.

These vulnerabilities are serious and all users are advised to
upgrade. Remember that CSRF and XSS vulnerabilities can be used even
against firewall-protected intranet installations, as long as the
attacker can guess the URL.

(martti)

clamav-0.96.1

(martti)

Updated mail/clamav to 0.96.1

* Lots of bug fixes

(martti)

mediawiki

(martti)

Updated www/mediawiki to 1.15.3

This is a security and bugfix release of MediaWiki 1.15.3 and MediaWiki
1.16.0beta2.

MediaWiki was found to be vulnerable to login CSRF. An attacker who
controls a user account on the target wiki can force the victim to log
in as the attacker, via a script on an external website. If the wiki is
configured to allow user scripts, say with "$wgAllowUserJs = true" in
LocalSettings.php, then the attacker can proceed to mount a
phishing-style attack against the victim to obtain their password.

Even without user scripting, this attack is a potential nuisance, and so
all public wikis should be upgraded if possible.

Our fix includes a breaking change to the API login action. Any clients
using it will need to be updated. We apologise for making such a
disruptive change in a minor release, but we feel that security is
paramount.

For more details see https://bugzilla.wikimedia.org/show_bug.cgi?id=23076

(martti)

Fixed PLIST when using the milter option.

(martti)

clamav

(martti)

Updated mail/clamav to 0.96

This release of ClamAV introduces new malware detection mechanisms and other
significant improvements to the scan engine. The key features include:

    - The Bytecode Interpreter: the interpreter built into LibClamAV allows
      the signature writers to create and distribute very complex detection
      routines and remotely enhance the scanner's functionality

    - Heuristic improvements: improve the PE heuristics detection engine by
      adding support of bogus icons and fake PE header information. In a
      nutshell, ClamAV can now detect malware that tries to disguise itself
      as a harmless application by using the most common Windows program icons.

    - Signature Improvements: logical signature improvements to allow more
      detailed matching and referencing groups of signatures. Additionally,
      improvements to wildcard matching on word boundaries and newlines.

    - Support for new archives: 7zip, InstallShield and CPIO. LibClamAV
      can now transparently unpack and inspect their contents.

    - Support for new executable file formats: 64-bit ELF files and OS X
      Universal Binaries with Mach-O files. Additionally, the PE module
      can now decompress and inspect executables packed with UPX 3.0.

    - Support for DazukoFS in clamd

    - Performance improvements: overall performance improvements and memory
      optimizations for a better overall resource utilization experience.

    - Native Windows Support: ClamAV will now build natively under Visual
      Studio. This will allow 3rd Party application developers on Windows
      to easily integrate LibClamAV into their applications.

The complete list of changes is available in the ChangeLog file. For upgrade
notes and tips please see: https://wiki.clamav.net/Main/UpgradeNotes096

(martti)

vim-7.2.411

(martti)

Updated vim to 7.2.411

  1548  7.2.403  (after 7.2.400) compiler warning for pointer type
  1880  7.2.404  pointers for composing characters are not properly initialized
  1636  7.2.405  with small features match is not highlighted for ":s/p/r/c"
  4701  7.2.406  (after 7.2.119) uninit memory read
  1916  7.2.407  when using :s with an expression backslashes are dropped
  2152  7.2.408  ":g/the/s/a/b/" can set '[ and '] marks to an unchanged line
  1814  7.2.409  summary of number of substitutes is incorrect for ":folddo"
  2526  7.2.410  highlighting directories for completion doesn't work properly
  1462  7.2.411  when parsing 'cino' a comma isn't skipped properly

(martti)

vim

(martti)

Updated vim to 7.2.402

  1554  7.2.395  in help CTRL=] on g?g? escapes the ?, causing it to fail
  1554  7.2.396  get E38 errors
  1722  7.2.397  redundant check for w_lines_valid
  4127  7.2.398  when moving windows the cursor ends up in the wrong line
  1784  7.2.399  (extra, after 7.2.388) cannot compile on MingW
12865  7.2.400  (after 7.2.387) Ruby problems with init and empty string
  1982  7.2.401  wildmode list doesn't highlight directory names with a space
  2649  7.2.402  error 705 when re-using funcref variable

(martti)

Reset MAINTAINER.

(martti)

vim

(martti)

Updated vim to 7.2.394

  4898  7.2.392  netbeans hangs reading from a socket at the maximum block size
  9605  7.2.393  Mac: Can't build with different Xcode developer tools dir
  4298  7.2.394  .lzma and .xz files are not supported

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.391

NOTE: 7.2.391 fixes pkg/39375 and pkg/42909

  2051  7.2.386  KDE 3.1 focus hack causes problems for other window managers
  8233  7.2.387  Ruby with MingW still doesn't build all versions
  2486  7.2.388  (extra part of 7.2.387) Ruby with MingW
  4805  7.2.389  synIDattr() cannot return the font
  2302  7.2.390  in some situations the popup menu can be displayed wrong
  3426  7.2.391  internal alloc(0) error when doing "CTRL-V $ c"

(martti)

Some pkglint -Wall fixes.

(martti)

mediawiki

(martti)

Updated www/mediawiki to 1.15.2

Two security issues were discovered:

A CSS validation issue was discovered which allows editors to display
external images in wiki pages. This is a privacy concern on public
wikis, since a malicious user may link to an image on a server they
control, which would allow that attacker to gather IP addresses and
other information from users of the public wiki. All sites running
publicly-editable MediaWiki installations are advised to upgrade. All
versions of MediaWiki (prior to this one) are affected.

A data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to private files using img_auth.php, or
some similar scheme. All versions of MediaWiki since 1.5 are affected.

Deleting thumb.php is a suitable workaround for private wikis which do
not use $wgThumbnailScriptPath or $wgLocalRepo['thumbScriptUrl'].
Alternatively, you can upgrade to MediaWiki 1.15.2 or backport the
patch below to whatever version of MediaWiki you are using.

(martti)

Reset MAINTAINER as I'm using rrdtool-1.2.x (because it has fewer deps).

(martti)

vim

(martti)

Updated vim to 7.2.385

  1623  7.2.368  (after 7.2.361) append line with Ruby interface doesn't work
  1872  7.2.369  error message for :profile is not easy to understand
  4352  7.2.370  (after 7.2.356) a redraw may cause folds to be closed
10029  7.2.371  build problems on Tandem NonStop
  9674  7.2.372  (extra) cross-compiling GvimExt and xxd doesn't work.
  2901  7.2.373  new messages from gcc 4.5 are not in 'errorformat'
  4434  7.2.374  Ruby eval() doesn't understand Vim types
  1794  7.2.375  ml_get errors when using ":bprevious" in a BufEnter autocmd
  1577  7.2.376  ml_get error when using SiSU syntax
  1983  7.2.377  (extra, after 7.2.372) small mistakes in Ming build file
  2832  7.2.378  C function declaration indented too much
  1758  7.2.379  'eventignore' is set to an invalid value inside ":doau"
  3699  7.2.380  (after 7.2.363) Perl builds with 5.10.1 but not with 5.10.0
  6835  7.2.381  no completion for :behave
  1766  7.2.382  close cmdline window when 'bufhide' is "wipe" uses freed mem
  3021  7.2.383  Vim doesn't build cleanly with MSVC 2010
  1849  7.2.384  (extra) Vim doesn't build properly with MSVC 2010
  2147  7.2.385  can't drag status line when in the command line window

(martti)

Note /etc/mailer.conf (pkg/42580).

(martti)

Added EPL.

(martti)

postfix

(martti)

Updated to the latest dev version.

(martti)

Updated mail/postfix to 2.7.0

Postfix stable release 2.7.0 is available. For the past several
releases, the focus has moved towards improving the code and
documentation, and updating the system for changing environments.

- Improved before-queue content filter performance. With
  "smtpd_proxy_options = speed_adjust", the Postfix SMTP server
  receives the entire message before it connects to a before-queue
  content filter. Typically, this allows Postfix to handle the same
  mail load with fewer content filter processes.

- Improved address verification performance. The verify database
  is now persistent by default, and it is automatically cleaned
  periodically, Under overload conditions, the Postfix SMTP server
  no longer waits up to 6 seconds for an address probe to complete.

- Support for reputation management based on the local SMTP client
  IP address. This is typically implemented with "FILTER transportname:"
  actions in access maps or header/body checks, and mail delivery
  transports in master.cf with unique smtp_bind_address values.

- The postscreen daemon (a zombie-blocker in front of Postfix) is
  still too rough for a stable release, and will be made "mature"
  in the Postfix 2.8 development cycle (however you can use Postfix
  2.7 with the Postfix 2.8 postscreen and dnsblog executables and
  master.cf configuration; this code has already proven itself).

No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.

You can find Postfix version 2.7.0 at the mirrors listed at
http://www.postfix.org/

The same code is also available as Postfix snapshot 2.8-20100213.
Updated versions of Postfix version 2.6, 2.5 and perhaps earlier
will be released with the same fixes that were already included
with Postfix versions 2.7 and 2.8.

(martti)

Use the MAINTAINER from the Makefile as the source address for bug reports.
Requested by Joerg Sonnenberger in a private mail.

(martti)

Regenerated some of the patches.

(martti)

vim

(martti)

Updated vim to 7.2.367

  1899  7.2.321  histadd() and "*" fail to add entry to empty history
  1517  7.2.322  wrong indenting in virtual replace for CTRL-Y and a short line
  2424  7.2.323  (extra) balloon evaluation crashes on Win64
  1901  7.2.324  a negative column argument in setpos() may cause a crash
  1616  7.2.325  stray "w" in the startup vimrc file makes edited file empty
  1790  7.2.326  Win32: $HOME doesn't work when %HOMEPATH% is not defined
  7899  7.2.327  unused functions in Workshop
  1453  7.2.328  has("win64") does not return 1 on 64 bit MS-Windows version
  1390  7.2.329  cursor pos wrong after "g_" in Visual mode and excl. selection
45468  7.2.330  tables for Unicode case operators are outdated
  1385  7.2.331  can't interrupt "echo list" for a very long list
  3492  7.2.332  crash if spell correcting triggers autocmd to reload a buffer
10075  7.2.333  warnings from static code analysis
  9095  7.2.334  postponing keys in Netbeans interface does not work properly
  2802  7.2.335  the CTRL-] command escapes too many characters
26204  7.2.336  MzScheme interface can't evaluate an expression
  3828  7.2.337  ":compiler" doesn't function properly in a function
  3535  7.2.338  (after 7.2.300) part of FD_CLOEXEC change is missing
  1977  7.2.339  (after 7.2.269) part of --startuptime patch is missing
  1587  7.2.340  gcc warning for condition that can never be true
  2072  7.2.341  popup menu wraps to next line if wide character doesn't fit
  2507  7.2.342  popup menu wrong in 'rightleft' mode with multi-byte chars
  1370  7.2.343  (after 7.2.338) can't compile on Win32
  1728  7.2.344  (after 7.2.338) can't compile on some systems
  1324  7.2.345  tab line is not updated when the value of 'bt' is changed
  2895  7.2.346  repeating a command with @: causes mapping to be applied twice
  3784  7.2.347  crash when executing <expr> mapping redefines that mapping
  7230  7.2.348  (after 7.2.330) Unicode double width table is outdated
  1714  7.2.349  CTRL-W gf puts the new tab in the wrong place
  2766  7.2.350  Win32: When changing font window may jump to another screen
  2195  7.2.351  (after 7.2.347) compilation fails with some compilers
  1825  7.2.352  Win64: Vim doesn't work when cross-compiled with MingW libs
  4764  7.2.353  no command line completion for ":profile"
  2270  7.2.354  Japanese single-width double-byte chars not handled correctly
  2663  7.2.355  popup menu in wrong position when 'number' is set
  2166  7.2.356  not all folds are closed when 'foldmethod' is changed
  1565  7.2.357  CR displayed wrong when changing 'fileformat' from/to "mac"
  2384  7.2.358  compiler warnings on VMS
  1805  7.2.359  crash when using the Netbeans join command
  2839  7.2.360  Ruby on MS-Windows: can't use sockets
23442  7.2.361  Ruby 1.9 is not supported
  2964  7.2.362  (extra, after 7.2.352) Win64 cross-compile problems
  2521  7.2.363  Perl 5.10 dynamic loading doesn't work
  2958  7.2.364  (extra) can't build gvimext.dll on Win 7 x64 using MinGW
  2390  7.2.365  (extra) MS-Windows with MingW: "File->Save As" does not work
  3802  7.2.366  CTRL-B doesn't go back to the first line of the buffer
  3236  7.2.367  "xxd -r -p" doesn't work as documented

(martti)

openssh

(martti)

Updated OpenSSH to 5.3.1 (pkg/42635 by Fredrik Pettai)

This is a bugfix release, no new features have been added.

Changes since OpenSSH 5.2
=========================

General Bugfixes:

* Do not limit home directory paths to 256 characters. bz#1615

* Several minor documentation and correctness fixes.

Portable OpenSSH Bugfixes:

* This release removes for support for very old versions of Cygwin and
  for Windows 95/98/ME

* Move the deletion of PAM credentials on logout to after the session
  close. bz#1534

* Make PrintLastLog work on AIX. bz#1595

* Avoid compile errors on FreeBSD from conflicts in glob.h. bz#1634

* Delay dropping of root privileges on AIX so chroot and pam_open_session
  work correctly. bz#1249 and bz#1567

* Increase client IO buffer on Cygwin to 64K, realising a significant
  performance improvement.

* Roll back bz#1241 (better handling for expired passwords on Tru64).
  The change broke password logins on some configurations.

* Accept ENOSYS as a fallback error when attempting atomic
  rename(). bz#1535

* Fix passing of variables to recursive make(1) invocations on Solaris.
  bz#1505

* Skip the tcgetattr call on the pty master on Solaris, since it never
  succeeds and can hang if large amounts of data is sent to the slave
  (eg a copy-paste). bz#1528

* Fix detection of krb5-config. bz#1639

* Fix test for server-assigned remote forwarding port for non-root users.
  bz#1578

* Fix detection of libresolv on OSX 10.6.

(martti)

jalbum

(martti)

Updated www/jalbum to 8.5.3

List of changes unknown.

(martti)

vim

(martti)

Updated vim to 7.2.320

  3370  7.2.316  may get multiple _FORTIFY_SOURCE arguments
  5249  7.2.317  memory leak when adding a highlight group resulting in E669
  2637  7.2.318  wrong locale value breaks floating point numbers for gvim
  1846  7.2.319  Motif: accessing freed memory when cancelling font dialog
  6269  7.2.320  unused function in Mzscheme interface

(martti)

postfix

(martti)

Updated to the latest development release.

(martti)

Added support for DESTDIR.

(martti)

Fix problems detected in my Slackware installation.

http://mail-index.netbsd.org/pkgsrc-users/2009/09/09/msg010660.html
http://mail-index.netbsd.org/pkgsrc-users/2009/09/09/msg010664.html

(martti)

Added short upgrade instructions.

(martti)

vim

(martti)

Updated vim to 7.2.315

  1831  7.2.304  compiler warning for bad pointer cast
  2727  7.2.305  recursively redrawing causes a memory leak
  1541  7.2.306  shellescape("10%%", 1) only escapes first %
  4869  7.2.307  crash with a very long syntax match statement
  5504  7.2.308  submatch() in "\=" of ":s" command returns empty string
  1533  7.2.309  (after 7.2.308) warning for missing function prototype
  1874  7.2.310  ftdetect plugin using ":setf" doesn't work with # comment
  1408  7.2.311  can't compile with FreeMiNT
  9769  7.2.312  iconv() returns invalid char sequence when conversion fails
  3744  7.2.313  command line completion doesn't work after "%:h" and similar
  1620  7.2.314  small build broken after 7.2.313
  4605  7.2.315  Python libs can't be found on 64 bit system

(martti)

vim-7.2.302

(martti)

Updated vim to 7.2.302

  1931  7.2.285  (after 7.2.169) CTRL-U in Insert mode also deletes indent
  7058  7.2.286  (after 7.2.269) --startuptime argument is not consistent
  1733  7.2.287  warning from gcc 3.4 about uninitialized variable
  1680  7.2.288  Python 2.6 pyconfig.h redefines macros
  3979  7.2.289  checking wrong struct member
  5344  7.2.290  not freeing memory from ":lmap", ":xmap" and ":menutranslate"
  1498  7.2.291  reading uninitialised memory in arabic mode
  1518  7.2.292  block right-shift wrong with multibyte encoding and 'list' set
  1954  7.2.293  when setting 'comments' option it may be used in a wrong way
  8992  7.2.294  when using TEMPDIRS dir name could get too long
  4053  7.2.295  in map() on a List the index is not known, set v:key to index
  1809  7.2.296  (after 7.2.286) help message about startuptime is wrong
  1846  7.2.297  reading freed memory when writing ":reg" output to a register
  1608  7.2.298  ":vimgrep" crashes with an autocommand that sets w: variable
  1733  7.2.299  crash when comment middle is longer than start
  5886  7.2.300  file descriptors not closed when executing external command
14601  7.2.301  formatting is wrong when 'tw' is set to a small value
  4941  7.2.302  (extra, after 7.2.301) extra part of the 7.2.301 tests
  2073  7.2.303  (after 7.2.294) can't build on MS-Windows

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.284

  2274  7.2.268  crash when using Python to set cursor beyond end of line
  7128  7.2.269  add --startuptime so that slow startup can be analysed
  2281  7.2.270  ":@c" does not execute everything if the c register has a CR
  2649  7.2.271  Motif GUI: Using freed memory when making a choice
  2582  7.2.272  "_.svz" is not recognized as a swap file
  3404  7.2.273  crash when redirirecting to unknown array
  3749  7.2.274  syntax folding doesn't work properly when adding a comment
  2717  7.2.275  warning for unused argument and comparing signed and unsigned
  1875  7.2.276  crash when setting 'isprint' to a small bullet
  1937  7.2.277  CTRL-Y in a diff'ed window may move cursor outside of window
  2312  7.2.278  using magic number in the folding code
  3413  7.2.279  invalid memory read with visual mode "r"
  6656  7.2.280  a redraw in a custom statusline with %! may cause a crash
  2241  7.2.281  'cursorcolumn' highlighting is wrong in diff mode
  1584  7.2.282  a fold can't be closed
  2030  7.2.283  GTK: changing font doesn't keep the window maximized
  1572  7.2.284  two windows on a buffer + folding: display error after change

(martti)

rrdtool

(martti)

Updated databases/rrdtool to 1.3.9

* bug fixes

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.267

  2634  7.2.263  GTK2: Vim window in wrong position using the -geom argument
  5161  7.2.264  GTK2: When Vim window maximized, set 'columns' doesn't work
  1892  7.2.265  with ":silent broken" inside try/catch silency may persist
  6560  7.2.266  in an expression abbreviation the typed character is unknown
  1461  7.2.267  crash for narrow window and double-width character

(martti)

clamav

(martti)

Updated mail/clamav to 0.95.3

* bug fixes

(martti)

fvwm

(martti)

Fvwm 2.5.28

* New features:

  - New differentiated options for SnapAttraction when snapping
    against screen edges:
      "None", "ScreenWindows", "ScreenIcons", "ScreenAll"
  - New option to the BugOpts command: TransliterateUtf8.

* Bug fixes:

  - Fixed non-visible Qt windows after a Qt deferred map (e.g.
    Skype profile windows).
  - Fixed the use of the X-resource "fvwmstyle".
  - Fixed segmentation fault in FvwmEvent when parsing an
    undefined event name, or an undefined environment variable
    to the RPlayHost option.
  - Fixed the events startup, shutdown and unknown in FvwmEvent.
  - Fvwm now retains utf8 window names when the WM_NAME changes,
    and the utf8 name converted to the default charset match
    the old WM_NAME.
  - Fixed the options RPlayVolume and RPlayPriority in FvwmEvent.
  - Fixed SnapAttraction: Option SameType/Icons/Windows did
    falsely not affect conditions of option "Screen" and option
    "SameType" snapped falsely icons and windows together.
  - Fixed a problem where modules would get incorrect stacking
    information if many windows were restacked at the same time.
  - Fixed BugOpts parsing of more than one option at a time and
    restoring of default value for the last option
    in the command line when omitted.
  - 64 bit fix for setting EWMH _NET_WM_ICON property on windows.

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.262

  1870  7.2.255  (after 7.2.242) cursor column may be wrong after :set
  1783  7.2.256  GTK font dialog doesn't have a default when 'guifont' not set
  2092  7.2.257  GTK 2.17: lots of assertion error messages
  1989  7.2.258  v:beval_col and b:beval_text are wrong in UTF-8 text
  5393  7.2.259  exists() doesn't work properly for an empty aucmd group
  5431  7.2.260  (extra part of 7.2.259)
  2515  7.2.261  E38 may appear when deleting folded lines
  5652  7.2.262  string passed to user cmd custom completion can be too long

(martti)

s/USE_JAVA/USE_JAVA2/

(martti)

jalbum

(martti)

Update www/jalbum to 8.4

Lost of updates and fixes.

(martti)

vim

(martti)

Updated vim to 7.2.259

  1848  7.2.246  Cscope home page link is wrong
  2561  7.2.247  Mzscheme interface minor problem
  4408  7.2.248  (extra) Win32: Mzscheme interface building minor problems
  1555  7.2.249  script that checks .po files can't handle '%' in plural forms
  1693  7.2.250  (extra) possible buffer overflow in GvimExt
  2802  7.2.251  compiler adds invalid memory bounds check
  1495  7.2.252  when 'enc' is multi-byte 'iskeyword' can't contain chars > 128
  4223  7.2.253  netbeans interface: getLength always uses current buffer
  1654  7.2.254  compiler warning for assigning size_t to int
  1870  7.2.255  (after 7.2.242) cursor column may be wrong after :set
  1783  7.2.256  GTK font dialog doesn't have a default when 'guifont' not set
  2092  7.2.257  GTK 2.17: lots of assertion error messages
  1989  7.2.258  v:beval_col and b:beval_text are wrong in UTF-8 text
  5393  7.2.259  exists() doesn't work properly for an empty aucmd group

(martti)

Added postconf (pkg/42015)

(martti)

postfix

(martti)

Updated mail/postfix-current to 2.7.20090828

The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release).  These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.

Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and
2.7-20090807-nonprod.  These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.

Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:

- The Postfix Milter client got out of step with a Milter application
  after the application sent a "quarantine" request at end-of-message
  time. The Milter application would still be in the end-of-message
  state, while Postfix would already be working on the next SMTP
  event, typically, QUIT or MAIL FROM. In the latter case, Milter
  responses for the previously-received email message would be
  applied towards the next MAIL FROM transaction.  This problem was
  diagnosed with help from Alban Deniz.

Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:

- The Postfix SMTP server would abort with an "unexpected lookup
  table" error when an SMTPD policy server was mis-configured in a
  particular way.

(martti)

Updated mail/postfix to 2.6.5

The stable release Postfix 2.6.5 addresses the defects described
below (some already addressed with the not-announced Postfix 2.6.3
release).  These defects are also addressed in the legacy releases
that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.

Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and
2.7-20090807-nonprod.  These contain a DNS workaround that causes
more trouble than it prevents. It is removed until further notice.

Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:

- The Postfix Milter client got out of step with a Milter application
  after the application sent a "quarantine" request at end-of-message
  time. The Milter application would still be in the end-of-message
  state, while Postfix would already be working on the next SMTP
  event, typically, QUIT or MAIL FROM. In the latter case, Milter
  responses for the previously-received email message would be
  applied towards the next MAIL FROM transaction.  This problem was
  diagnosed with help from Alban Deniz.

Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:

- The Postfix SMTP server would abort with an "unexpected lookup
  table" error when an SMTPD policy server was mis-configured in a
  particular way.

(martti)

mediawiki

(martti)

Updated www/mediawiki to 1.15.1

Please read

http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_15_0/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2009-July/000087.html

for details.

Note: Version 1.13.5 did NOT have the XSS vulnerability...

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.245

  2052  7.2.219  (extra) Photon GUI is outdated
  2958  7.2.220  (after 7.2.215) BufEnter "cd" autocommand causes problems
  7103  7.2.221  X cut_buffer0 text may be used in the wrong encoding
  1816  7.2.222  ":mksession" doesn't work properly with 'acd' set
  5132  7.2.223  a script run with ":silent" cannot give any messages
  2542  7.2.224  crash when using 'completefunc'
  2874  7.2.225  when using ":normal" a saved character may be executed
  7470  7.2.226  ml_get error after deleting the last line
  1574  7.2.227  when using ":cd" in a script there is no way to track this
14946  7.2.228  cscope is limited to 8 connections
  1595  7.2.229  warning for shadowed variable
  2442  7.2.230  a few old lint-style ARGUSED comments
  1473  7.2.231  warning for unreacheable code in Perl interface
  2704  7.2.232  cannot debug problems with being in a wrong directory
  2901  7.2.233  extra part of 7.2.232
  3831  7.2.234  it is not possible to ignore file names without a suffix
  2696  7.2.235  Using CTRL-O z= in Insert mode has a delay before redrawing
  2809  7.2.236  Mac: Compiling with Ruby doesn't always work
  1965  7.2.237  crash on exit when window icon not set
  3941  7.2.238  leaking memory when setting term to "builtin_dumb"
  4151  7.2.239  using :diffpatch twice may cause a crash
  2078  7.2.240  crash when using GUI find/replace dialog repeatedly
  5174  7.2.241  problems with using ":bufdo" and "doautoall" or ":vimgrep"
  2505  7.2.242  setting 'lazyredraw' causes the cursor column to be recomputed
  1918  7.2.243  memory leak when using :vimgrep and resizing
  4757  7.2.244  insufficient info for a conversion error from utf-8 to latin1
  5093  7.2.245  wrong conversion when writing Unicode encoded files

(martti)

squirrelmail-locales and vim

(martti)

Updated editors/vim-share to 7.2.218

  1530  7.2.197  warning for uninitialized values of typebuf
  2006  7.2.198  buffer used for termcap entry may be too small
  1894  7.2.199  strange character in comment
10318  7.2.200  reading past string end when using menu bar or resizing window
14460  7.2.201  cannot copy/paste HTML to/from Firefox via the clipboard
  1846  7.2.202  BufWipeout autocmd that edits another buffer causes problems
40481  7.2.203  using current window to work on hidden buffer has side effects
  4407  7.2.204  (extra) Win32: Can't build with Visual Studio 2010 beta 1
  2852  7.2.205  (extra) Win32: No support for High DPI awarenes
  1485  7.2.206  Win32: Can't build netbeans interface with Visual Studio 2010
  2237  7.2.207  using freed memory when ":redrawstatus" works recursively
  2569  7.2.208  "set novice" gives an error message, it should be ignored
  2532  7.2.209  for xxd setmode() is undefined on Cygwin
  1896  7.2.210  warning for file changed outside of vim even after :checktime
  1639  7.2.211  memory leak when expanding a series of file names
  1727  7.2.212  (extra) warnings for redefining SIG macros
  1521  7.2.213  warning for using vsprintf()
  1983  7.2.214  crash with complete function for user command
  8298  7.2.215  ml_get error when using ":vimgrep"
  4822  7.2.216  two error messages have the same number E812
  2020  7.2.217  running tests with valgrind doesn't work as advertised
  1448  7.2.218  cannot build GTK with hangul_input feature

(martti)

Updated mail/squirrelmail-locales to 1.4.18

* Lots of language updates

(martti)

clamav

(martti)

pkglint -Wall

(martti)

Updated mail/clamav to 0.95.2

* Lots of bug fixes (see the ChangeLog for details)

(martti)

fvwm

(martti)

Updated wm/fvwm-devel to 2.5.27

* destdir support
* bug fixes

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.196

  8242  7.2.185  some more compiler warnings when using gcc -Wextra
  7260  7.2.186  some more compiler warnings when using gcc -Wextra
  3334  7.2.187  (after 7.2.186) doesn't compile with older tcl versions
  8531  7.2.188  crash with specific use of function calls
  2889  7.2.189  possible hang for deleting auto-indent
  4827  7.2.190  the register executed by @@ isn't stored in viminfo
106448  7.2.191  Mzscheme interface doesn't work on Ubuntu
  4206  7.2.192  (after 7.2.188) still a crash in the garbage collector
  1545  7.2.193  warning for uninitialized values in struct
  1345  7.2.194  (extra) MSVC: rem commands are echoed
  2229  7.2.195  leaking memory for the command Vim was started with
  3466  7.2.196  remove support for splint, it doesn't work well

(martti)

postfix

(martti)

Updated mail/postfix to 2.6.2

Postfix stable release 2.6.2 fixes one defect in SASL support.
This does not affect Postfix versions 2.5 and earlier.

With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND
smtp_sasl_auth_enable=yes, the SMTP server logged warnings for
reject_*_sender_login_mismatch, instead of enforcing them.

You can find Postfix version 2.6.2 at the mirrors listed at
http://www.postfix.org/

The same fix is also available in Postfix snapshot 2.7-20090528.
Postfix versions 2.5 and earlier are not affected.

(martti)

Updated mail/postfix-current to 2.7.20090528

Postfix stable release 2.6.2 fixes one defect in SASL support.
This does not affect Postfix versions 2.5 and earlier.

With plaintext SMTP sessions AND smtpd_tls_auth_only=yes AND
smtp_sasl_auth_enable=yes, the SMTP server logged warnings for
reject_*_sender_login_mismatch, instead of enforcing them.

You can find Postfix version 2.6.2 at the mirrors listed at

Postfix stable release 2.6.2 fixes one defect in SASL support.
This does not affect Postfix versions 2.5 and earlier.

(martti)

vim and rrdtool

(martti)

Updated databases/rrdtool to 1.3.8

- python bindings memory handling fix by Anders Hammarquist
  (deb bug #529291)

- fix getopt_long integration on Solaris. Depending on the phase of
  the moon this bug had caused rrdtool to crash reliably as soon as
  it read its arguments. Especially when used in language bindings.
  Thanks to Ihsan Dogan for helping with the debugging.

- rrd_restore used casting a bit to liberally this caused it to fail
  horribly on 64bit platforms. Patch based in input provided by
  poster of rrd bug #218.

- make ruby bindings compile with newer ruby versions. #217 patch
  provided by rrd trac user

- Generate an error message when using RRDp with graph - this can
  not work reliably. (Debian Bug#251701) patch by Sebastian Harl

(martti)

Updated editors/vim-share to 7.2.184

15646  7.2.149  read uninit memory when using return value that wasn't set
35686  7.2.150  (extra) VisVim doesn't support tabs
  1533  7.2.151  ":hist a" doesn't work like ":hist all" as the docs suggest
  2963  7.2.152  "silent echo x" inside ":redir" leaves cursor halfway the line
  2908  7.2.153  memory leak for ":recover empty_dir/"
  2390  7.2.154  (after 7.2.132) can still do ":cd" in SwapExists autocmd
  1249  7.2.155  memory leak in ":function /pat"
  5543  7.2.156  no completion for :scscope and :lcscope commands
  4299  7.2.157  illegal memory access when searching in path
  2177  7.2.158  warnings from VisualC compiler
  2478  7.2.159  when $x_includes ends up being "NONE" configure fails
  1353  7.2.160  search pattern not freed on exit when 'rightleft' set
  5400  7.2.161  folds messed up in other tab page
  2363  7.2.162  the quickfix window may get the wrong filetype
  1754  7.2.163  the command line window may get folding
  4089  7.2.164  when 'showbreak' is set wrong Visual block size reported
  1794  7.2.165  FuncUndefined autocmd event argument is expanded like filename
10538  7.2.166  no completion for ":sign" command
54715  7.2.167  splint doesn't work well for checking the code (part 1)
  2936  7.2.168  if no ctags program found, "make tags" executes first C file
35841  7.2.169  fix more splint warnings, define colnr_T to be int
  4481  7.2.170  using b_dev while it was not set
  2261  7.2.171  (after 7.2.169) compiler warnings
  1883  7.2.172  (extra) compiler warning
17875  7.2.173  use gcc instead of lint to check for unused function arguments
42277  7.2.174  too many warnings from gcc -Wextra
  1455  7.2.175  compiler warning in OpenBSD
  5956  7.2.176  exceptions for splint are not useful
57904  7.2.177  more warnings from gcc -Wextra
  3898  7.2.178  using negative value for device number might not always work
  2944  7.2.179  using negative value for device number might not always work
198701  7.2.180  some more compiler warnings when using gcc -Wextra
49635  7.2.181  some more compiler warnings when using gcc -Wextra
  2128  7.2.182  compilation fails for Motif, gvim with GTK crashes on startup
52709  7.2.183  configure problem for sys/sysctl.h on OpenBSD
84846  7.2.184  some more compiler warnings when using gcc -Wextra

(martti)

Fixed PLIST issues.

(martti)

Updated

(martti)

squirrelmail

(martti)

Updated squirrelmail to 1.4.19

The security fix to map_yp_alias in 1.4.18 turned out to be incomplete. We
also expierenced some regressions in the updated filter plugin. Both are
addressed in this new release 1.4.19 which contains a few other small fixes
aswell.

If you do not use map_yp_alias or the filters plugin there's no urgent need to
upgrade now if you already installed 1.4.18. If you are still on an older
release than 1.4.18 (or use the mentioned functionality) we do urge you to
upgrade as soon as possible as 1.4.18 and 1.4.19 combined fix some important
security issues. Those using the development branch (1.5.x) should install a
recent SVN snapshot.

(martti)

postfix

(martti)

Updated mail/postfix to 2.6.1

Postfix stable release 2.6.1 fixes one defect in Milter support.
This does not affect Postfix versions 2.5 and earlier.

- Queue file corruption under very specific conditions: (smtpd_milters
  or non_smtpd_milters) enabled, AND delay_warning_time enabled,
  AND mail delivery delays, AND short envelope sender addresses
  (e.g., sendmail command-line submissions with bare usernames as
  the sender, but not bounce messages).

  The queue file would be corrupted when the delay_warning_time
  record was marked as "done" after sending the "your mail is
  delayed" notice.  The defect was introduced with Postfix 2.3, but
  it could not cause corruption before the change dated 20090427.

(martti)

Updated mail/postfix-current to 2.7.20090519

20090513

Code cleanups: better parsing of Postfix daemon "-o"
command-line options, with better error handling.  Files:
master/*server.c.

20090518

Documentation: missing dummy entries for lmtp_mumble_checks.
File: proto/postconf.proto.

20090519

Bugfix (introduced: Postfix 2.3, but did not cause trouble
until 20090427).  Queue file corruption with (smtpd_milters
or non_smtpd_milters) enabled, AND with delay_warning_time
enabled, AND with short envelope sender addresses (e.g.,
local submissions with bare usernames, but not bounces).
The queue file would be corrupted when the delay_warning_time
record was marked as "done" after sending the "your mail
is delayed" notice.  File: qmgr/qmgr_message.c.

(martti)

postfix

(martti)

Added sbin/postmulti to PLIST. PKGREVISION++

(martti)

squirrelmail-1.4.18

(martti)

Updated mail/squirrelmail to 1.4.18

The SquirrelMail Team is pleased to announce the release of
SquirrelMail version 1.4.18.  The most notable changes for this
version are several security fixes, including a couple XSS exploits, a
session fixation issue, and an obscure but dangerous server-side code
execution hole.  However, this version also includes three new
languages and more than a few enhancements to things such as the
filters plugin, the address book system and other things under the
hood.  For more complete details, see the ReleaseNotes and ChangeLog
files included in this release (they have moved to the doc/
directory).  We advise all users of SquirrelMail software to upgrade.

(martti)

Added CPL version 1.0

(martti)

postfix

(martti)

Updated mail/postfix-current to 2.7.20090511

This same as 2.6.0...

(martti)

Updated mail/postfix to 2.6.0

- Multi-instance support introduces a new postmulti(1) command to
  create/add/remove/etc. additional Postfix instances. The familiar
  "postfix start" etc.  commands now automatically start multiple
  Postfix instances.  The good news: nothing changes when you use
  only one Postfix instance. See MULTI_INSTANCE_README for details.

- Multi-instance support required that some files be moved from
  the non-shared $config_directory to the shared $daemon_directory.
  The affected files are postfix-script, postfix-files and post-install.

- TLS (SSL) support was updated for elliptic curve encryption. This
  requires OpenSSL version 0.9.9 or later. The SMTP client no longer
  uses the SSLv2 protocol by default. See TLS_README for details.

- The Milter client now supports all Sendmail 8.14 Milter requests,
  including requests for rejected recipient addresses, and requests
  to replace the envelope sender address. See MILTER_README for
  details.

- Postfix no longer adds (Resent-) From:, Date:, Message-ID: or To:
  headers to email messages with "remote" origins (these are origins
  that don't match $local_header_rewrite_clients). Adding such
  headers breaks DKIM signatures that explicitly cover non-present
  headers.  For compatibility with existing logfile processing
  software, Postfix will log ``message-id=<>'' for email messages
  that have no Message-Id header.

- Stress-adaptive behavior is now enabled by default. This allows
  the Postfix SMTP server to temporarily reduce time limits and
  error-count limits under conditions of overload, such as a malware
  attack or backscatter flood. See STRESS_README for details.

No functionality has been removed, but it is a good idea to review
the RELEASE_NOTES file for the usual minor incompatibilities or
limitations.

(martti)

Updated mail/postfix to 2.5.7

- (low) The installation/upgrade procedure did not automatically
  create the data_directory.

- (medium) In the "new queue manager", the _destination_rate_delay
  code needed to postpone the job scheduler updates after delivery
  completion, otherwise the scheduler could loop on blocked jobs.

- (low) The queue manager used <transport>_concurrency_failed_cohort_limit
  instead of <transport>_destination_concurrency_failed_cohort_limit
  as documented.

- (low) The SMTP client disabled MIME parsing despite non-empty
  settings for smtp_header_checks, smtp_mime_header_checks,
  smtp_nested_header_checks, or smtp_body_checks.

- (medium) The postsuper command re-enabled the SIGHUP signal when
  it was set to "ignore". This could result in random "Postfix
  integrity check failed" errors at boot time (POSIX SIGHUP death),
  causing Postfix not to start automatically.

(martti)

ejabberd

(martti)

pkglint -Wall

(martti)

Updated chat/ejabberd to 2.0.5

* Fix two problems introduced in ejabberd 2.0.4: subscription request produced
  many authorization requests with some clients and transports; and
  subscription requests were not stored for later delivery when receiver was
  offline.
* Fix warning in expat_erl.c about implicit declaration of x_fix_buff
* HTTP-Bind (BOSH): Fix a missing stream:error in the returned
  remote-stream-error stanza

(martti)

Added LICENSE.

(martti)

Added LICENSE=gnu-gpl-v2

(martti)

Activated LICENSE=...

(martti)

Added PKG_DESTDIR_SUPPORT=user-destdir

(martti)

clamav

(martti)

PKGREVISION++ after the unrar fixes...

(martti)

Regenerated.

(martti)

Activated LICENSE

(martti)

clamav

(martti)

Updated mail/clamav to 0.95.1

Lots of bug fixes, see http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
for details.

(martti)

rrdtool

(martti)

Updated databases/rrdtool to 1.3.7

The new release contains some rather influential changes.

* Holt-Winters rrds should see a drastic speedup.
* Front-ends relying on output from graph --lazy will work again
* updatev does not segfault on 32 bit platforms anymore.
* rrd_dump produces correct output with german locales.

(martti)

xenconsole

(martti)

Removed xenconsole from pkgsrc.

(martti)

clamsmtp

(martti)

Updated mail/clamsmtp to 1.10

- Make the XFOWARD HELO available as a environment variable in scripts.
- Send an RSET to the server after filter fails an email.

(martti)

ejabberd

(martti)

Updated chat/ejabberd to 2.0.4

This version is a maintenance release containing 20 bugfixes and improvements.

http://secunia.com/advisories/34340/

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.148

  1496  7.2.102  (after 7.2.100) BOM at start of Vim script not removed
  5153  7.2.103  tab page line isn't always updated, e.g. when 'bomb' is set
  1523  7.2.104  after ":saveas foo" the tab label isn't updated right away
  2159  7.2.105  modeline setting for 'foldmethod' overrules diff options
  3422  7.2.106  endless loop for "]s" in HTML when there are no misspellings
  1825  7.2.107  After a GUI dialog ":echo" messages are deleted
  1622  7.2.108  (after 7.2.105) can't compile without the diff feature
11901  7.2.109  'langmap' does not work for multi-byte characters
  1407  7.2.110  compiler warning for unused variable
  2724  7.2.111  selection unclear for Visual block mode with 'cursorcolumn'
  1509  7.2.112  cursor invisible in first col in Visual mode if 'number' set
  2700  7.2.113  crash when using submatch() in substitute()
  2531  7.2.114  using wrong printf format: %d instead of %ld
  2716  7.2.115  some debugging code is never used
  1619  7.2.116  not all memory is freed when EXITFREE is defined
  2592  7.2.117  location list incorrectly labelled "Quickfix List"
  2068  7.2.118  <PageUp> at the more prompt only does half a page
  1550  7.2.119  status line is redrawn too often
  8305  7.2.120  location list is copied and then deleted when opening window
  4993  7.2.121  can't stop output of "!grep a *.c" in gvim with CTRL-C
  2472  7.2.122  invalid mem access if VimResized autocmd changes screen size
  1568  7.2.123  ":map" output continues after typing 'q' at more prompt
  3127  7.2.124  ":tselect" output continues after typing 'q' at more prompt
  3936  7.2.125  leaking memory when reading XPM bitmap for a sign
  4326  7.2.126  when EXITFREE is defined signs and keymaps are not freed
  1708  7.2.127  get another more prompt after typing 'q'
  1537  7.2.128  (after 7.2.055) ":lcd" causes invalid session file
  2229  7.2.129  opening command window from input() uses the search history
12852  7.2.130  Vim may haing until CTRL-C is typed when using CTRL-Z
  2612  7.2.131  using wrong cursor highlighting after clearing 'keymap'
  7823  7.2.132  accessing freed memory when changing dir in SwapExists autocmd
  1665  7.2.133  ":diffoff!" changes settings in windows not in diff mode
  2314  7.2.134  compiler warnings for discarding "const" from pointer
  1991  7.2.135  memory leak when redefining user command with complete arg
  1326  7.2.136  (after 7.2.132) ":cd" still possible in SwapExists autocmd
11328  7.2.137  wrong left shift of blockwise selection in tab when 've' set
  5428  7.2.138  extra part of 7.2.137
  2229  7.2.139  crash when 'virtualedit' is "all"
  1974  7.2.140  diff highlighting missing if Visual area starts at cursor pos
  6622  7.2.141  fixing bold spill redraws too many characters
  1753  7.2.142  Motif and Athena balloons don't use tooltip colors
  6830  7.2.143  no command line completion for ":cscope" command
  2304  7.2.144  colorscheme is reloaded when 't_Co' is set to the same value
  3379  7.2.145  white space in ":cscope find" is not ignored
  3394  7.2.146  v:warningmsg isn't used for all warnings
  1548  7.2.147  cursor in wrong position after Tab for small version
  4275  7.2.148  highlighting a character after the line doesn't always work

(martti)

mediawiki-1.13.5

(martti)

Updated www/mediawiki to 1.13.5

This is a maintenance release which corrects some bugs in the installer,
introduced during the hasty security release of 1.13.4. It is not
necessary to upgrade if you do not intend on using the installer.

(martti)

mediawiki

(martti)

Updated www/mediawiki to 1.13.4

A number of cross-site scripting (XSS) security vulnerabilities were
discovered in the web-based installer (config/index.php). These
vulnerabilities all require a live installer -- once the installer has been
used to install a wiki, it is deactivated.

Note that cross-site scripting vulnerabilities can be used to attack any
website in the same cookie domain. So if you have an uninstalled copy of
MediaWiki on the same site as an active web service, MediaWiki could be used
to attack the active service.  If you are hosting an old copy of MediaWiki
that you have never installed, we advise you to remove it from the web.

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.102

17606  7.2.070  crash when a function returns a:000
  2353  7.2.071  (extra) Win32: Handling netbeans events may cause a crash
  1786  7.2.072  (extra) compiler warning in Sniff code
  4121  7.2.073  ":set <xHome>" has the same output as ":set <Home>"
  1832  7.2.074  (extra, after 7.2.073) extra part of 7.2.073
  2218  7.2.075  (after 7.2.058) unclear comment about making a diff
  2666  7.2.076  rename(from, to) deletes file if names refer to the same file
  4745  7.2.077  (after 7.2.076) rename() fails if names differ only in case
  3298  7.2.078  problems with deleting folds
  6947  7.2.079  "killed" netbeans events are not handled correctly
  9942  7.2.080  accessing wrong memory with completion and composing char
  1728  7.2.081  compiler warning for float overflow on VAX
  2134  7.2.082  if 'ff' is "mac" then "ga" on a ^J shows 0x0d instead of 0x0a
  1733  7.2.083  ":tag" doesn't return to the right tag entry in the tag stack
  4331  7.2.084  Python: vim.eval() is wrong for recursive structures
  1862  7.2.085  ":set <M-b>=<Esc>b" does not work when 'encoding' is utf-8
  3045  7.2.086  using ":diffget 1" in buffer 1 corrupts the text
  1570  7.2.087  adding URL to 'path' doesn't work to edit a file
  2895  7.2.088  (extra) Win32: Using the clipboard sometimes fails
  2473  7.2.089  (extra) Win32: crash when using Ultramon buttons
  3286  7.2.090  user command containing 0x80 does not work properly
  2113  7.2.091  ":cs help" output is not aligned for some languages
  4538  7.2.092  some error messages are not translated
  7287  7.2.093  (extra) dialogs can't always handle multi-byte text
  3430  7.2.094  compiler warning for signed/unsigned compare, typos
  1902  7.2.095  using "r" and then CTRL-C Visual highlighting is not removed
  1464  7.2.096  after ":number" "Press Enter" msg may be on the wrong screen
  1692  7.2.097  "!xterm&" doesn't work when 'shell' is "bash"
  1864  7.2.098  warning for signed/unsigned pointer
  3498  7.2.099  unnecessary redraw when changing GUI options in terminal
  3846  7.2.100  missing first three bytes on sourced FIFO
  1362  7.2.101  (extra) MSVC version not recognized
  1496  7.2.102  (after 7.2.100) BOM at start of Vim script not removed

(martti)

ejabberd

(martti)

Updated chat/ejabberd to 2.0.3

* Do not ask certificate for client (c2s)
* Check digest-uri in SASL digest authentication
* Use send timeout to avoid locking on gen_tcp:send
* Fix ejabberd reconnection to database
* HTTP-Bind: handle wrong order of packets
* MUC: Improved traffic regulation management
* PubSub: Several bugfixes and improvements for best coverage of XEP-0060 v1.12
* Shared Roster Groups: push immediately membership changes
* Rotate also sasl.log on "reopen-log" command

(martti)

rrdtool

(martti)

Updated databases/rrdtool12

* rrd_graph: fix TICK for negative numbers
* rrd_cgi: fix segfault in error reporting routine

(martti)

Updated databases/rrdtool to 1.3.6

* rrd_graph: fix TICK for negative numbers
* rrd_cgi: fix segfault in error reporting routine

(martti)

qgtkstyle

(martti)

Changed version number to 0.0beta868

pkglint -Wall

(martti)

postfix

(martti)

Updated mail/postfix-current to 20081205

This is the latest development snapshot.

(martti)

Updated mail/postfix to 2.5.6

- Postfix 2.5: the SMTP server did not ask for a client certificate
  with "smtpd_tls_req_ccert = yes". Reported by Rob Foehl.

- Postfix 2.5, 2.4 and 2.3: avoid reduced TCP performance when
  reusing an SMTP connection with a larger than 4096-byte TCP MSS
  value. In practice, this could happen only with loopback (localhost)
  connections.

(martti)

rrdtool

(martti)

Updated databases/rrdtool12 to 1.2.29

Features:

- a second axis can now be displayed in rrd_graph. look for
  documentation on second-axis. feature was sponsored by VoltWerk.

Bugfixes:

- rrd_fetch: is more careful when seeking. it should not try to seek
  outside the file anymore.

- rrd_graph: CDEF:x= raises an error now and does not segfault

- rrd_graph: --font TITLE:12: problem fixed (affecting cacti)

- rrd_graph: make VDEF work with SHIFT (bug #177)

- rrd_xport: make it work when exporting datasources without
            uniform step size.

- rrd_tool:  rely on function return values and not on errno.  (bug #176)

(martti)

Updated databases/rrdtool to 1.3.5

Features:

- a second axis can now be displayed in rrd_graph. look for
  documentation on second-axis. feature was sponsored by VoltWerk.

- win32 port of the source. see WIN32-BUILD-TIPS.txt for details.
  contributed by exitgames

Bugfixes:

- rrd_fetch: is more careful when seeking. it should not try to seek
  outside the file anymore.

- rrd_restore: works on platforms where "NaN" is not represented as
  "NaN" works now (HPUX)

- rrd_graph: label ordering in --full-size is correct now.

- ruby bindings: fix for last method

- perl bindings: fix for build on MacOSX

- rrd_update: make sure time stamp of rrd files get updated even on
  platforms with broken MS_ASYNC implementations (osx and old linux)

- rrd_graph: CDEF:x= raises an error now and does not segfault

- Solaris isfinite portability improved

- rrd_graph: --font TITLE:12: problem fixed (affecting cacti)

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.69

  8484  7.2.050  compiler warnings for not using return value of fwrite()
15179  7.2.051  can't avoid 'wig' and 'suffixes' for glob() and globpath()
  2611  7.2.052  synIDattr() doesn't support "sp" for special color
  1754  7.2.053  crash when using WorkShop command ":ws foo"
  2006  7.2.054  compilation warnings for fprintf format
34319  7.2.055  various compiler warnings with strict checking
  1635  7.2.056  (after 7.2.050) tests 58 and 59 fail
  3210  7.2.057  (after 7.2.056) trying to put size_t in int variable
  2338  7.2.058  can't add a feature name in the :version output
  1847  7.2.059  diff is not always displayed properly
34772  7.2.060  spell checking doesn't work well for compound words
  1886  7.2.061  creating funcref requires loading the autoload script first
  1657  7.2.062  "[Scratch]" is not translated
  3558  7.2.063  warning for NULL argument of Perl_sys_init3()
  1942  7.2.064  repeating "~" on a Visual block doesn't always update screen
  5149  7.2.065  GTK GUI: cursor disappears doing ":vsp" when maximized
  2759  7.2.066  not easy to check if 'encoding' is a multi-byte encoding
  1683  7.2.067  can't load sesison extra file when it contains special chars
  2598  7.2.068  error when Emacs tags file line is too long
  1726  7.2.069  (after 7.2.060) compiler warning for putting size_t in int

(martti)

Updated www/mediawiki to 1.13.3

This is a security release of MediaWiki 1.13.3. Some of the security issues
affect *all* versions of MediaWiki except the versions released today, so
all site administrators are encouraged to upgrade.

http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html

(martti)

squirrelmail

(martti)

Updated mail/squirrelmail to 1.4.17

The SquirrelMail team is happy to announce the release of version 1.4.17.  The
most notable change is a security fix that prevents certain specially-crafted
hyperlinks within messages from executing cross-site scripting attacks.  For
other details, see the ReleaseNotes file included in this release.  We advise
all users of SquirrelMail software to upgrade.

(martti)

p5-Term-Size

(martti)

Updated devel/p5-Term-Size to 0.207

* Bug fixes

(martti)

Fixed a typo.

(martti)

clamav

(martti)

Updated mail/clamav to 0.94.2

Lots of bug fixes, including

* clamd: LogFileUnlock was not working correctly (bb#1304)
* freshclam/manager.c: add support for http proxy in SubmitDetectionStats
  (bb#1284)
* unit_tests/valgrind.supp: add more valgrind suppressions (bb#1283,#1286,#1294)
* libclamav/readdb.c: fix handling of malformed ldb sigs (bb#1292)
* freshclam/manager.c: improve reporting of server failures (bb#777)
* clamscan/manager.c: fix double-slash when scanning the root dir (bb#1263)
* libclamav/nsis: improve lateny (bb#1180)
* libclamunrar/unrar.c: avoid rar_malloc warnings on damaged files (bb #1290)
* libclamav/htmlnorm.c: fix memory leak (bb #1291)

(martti)

Set myself as the maintainer.

(martti)

mediawiki

(martti)

mediawiki

(martti)

MediaWiki is free server-based software which is licensed under the GNU
General Public License (GPL). It's designed to be run on a large server
farm for a website that gets millions of hits per day. MediaWiki is an
extremely powerful, scalable software and a feature-rich wiki implementation,
that uses PHP to process and display data stored in its MySQL database.

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(martti)

Updated vim and proftpd

(martti)

Updated net/proftpd to 1.3.2rc3

* Bug fixes

(martti)

Updated editors/vim-share to 7.2.49

22993  7.2.041  diff messed up when editing a diff buffer in another tab page
  4987  7.2.042  restoring view in autocmd sometimes doesn't work completely
  2550  7.2.043  VMS: Too many chars escaped in filename and shell commands
  5639  7.2.044  crash because of gcc 4 being over protective for strcpy()
  2056  7.2.045  the Python interface has an empty entry in sys.path
  1704  7.2.046  wrong check for filling buffer with encoding
  2470  7.2.047  using -nb while it is not supported makes other side hang
  4758  7.2.048  v:count and v:prevcount are not set correctly
32552  7.2.049  (extra) Win32: the clipboard doesn't support UTF-16

(martti)

Added support for user-destdir

(martti)

vim-7.2.40

(martti)

Updated vim-share to 7.2.40

  2438  7.2.038  overlapping arguments to memcpy()
  1378  7.2.039  accessing freed memory on exit when EXITFREE is defined
  1836  7.2.040  ":e ++ff=dos foo" gets "unix" 'ff' when CR before NL missing

(martti)

vim

(martti)

Updated editors/vim-share to 7.2.35

  2969  7.2.026  (after 7.2.010) 'K' uses the rest of the line
  3235  7.2.027  can use cscope commands in the sandbox, might not be safe
  1466  7.2.028  confusing error message for missing ()
  1291  7.2.029  no completion for ":doautoall" like for ":doautocmd"
  1546  7.2.030  (after 7.2.027) can't compile, ex_oldfiles undefined
39400  7.2.031  file names from viminfo are not available to the user
  1583  7.2.032  (after 7.2.031) can't compile with EXITFREE defined
  2270  7.2.033  using "ucs-2le" for two-byte BOM, but text might be "utf-16le"
  2372  7.2.034  memory leak in spell info when deleting a buffer
  3522  7.2.035  mismatches between library and Vim alloc/free functions
  7545  7.2.036  (extra) mismatches for library and Vim alloc/free functions
  1576  7.2.037  double free with GTK 1 and compiled with EXITFREE

(martti)

ejabberd-2.0.2

(martti)

Updated chat/ejabberd to 2.0.2 (patch received from Fabrice Colliot)

* Bug fixes

* Patch #389 (https://support.process-one.net/browse/EJAB-389) applied
  instead of the old pkgsrc patch. You MUST modify your ejabberd.cfg!

(martti)

ap22-authnz-external and ap22-authn-sasl

(martti)

Added ap22-authn-sasl

(martti)

This module provides the mod_auth_basic authentication front-end a way to
authenticate users by checking credentials via the Cyrus SASL library.
This may be interesting for setups where other daemons (e.g. for SMTP, IMAP
or LDAP) already running at a machine use SASL to authenticate users. The
module is also useful to authenticate users against databases that use shadow
passwords. You do not need to elevate Apache HTTPD's access rights to
superuser privileges.

Status:

Vendor Tag: TNF
Release Tags: pkgsrc-base

(martti)

Updated www/ap22-authnz-external to 3.2.1

* Added AuthExternalContext directive, which defines a string that will be
  passed to the authenticator in the CONTEXT environment variable.  This can
  be set from the .htaccess file or the <Directory> block to give slightly
  different behavior from the same authenticator in different directories.
  Thanks to Olivier Thauvin <nanardon at mandriva dot org> for this patch.
* Rewrite external authenticator launching code to use Apache's cross-OS
  process/thread library instead of directly calling Unix functions.
  Theoretically this should get us much closer to being usable on non-
  Unix platforms.
* Support alternate syntax for configuration, using DefineAuthExternal and
  DefineAuthGroup commands.
* More detailed error logging.
* Much cleanup of documentation.

(martti)

clamav

(martti)

Updated mail/clamav to 0.94.1

* Bug fixes

(martti)

Use the correct patch set for postfix-2.6-xxxxxxxx.

(martti)

Added note about SQLite patch.

(martti)

postfix-current

(martti)

Updated mail/postfix-current to 2.6.20081012

* Bug fixes.
* Added support for SQLite (pkg/39745)

(martti)

Added support for SQLite (pkg/39745 by S辿bastien BOCAHU.

No existing binary packages are affected so I didn't bump the revision...

(martti)

sqlite3

(martti)

Updated databases/sqlite3 to 3.6.4

* Add option support for LIMIT and ORDER BY clauses on DELETE and UPDATE
  statements. Only works if SQLite is compiled with
  SQLITE_ENABLE_UPDATE_DELETE_LIMIT.
* Added the sqlite3_stmt_status() interface for performance monitoring.
* Add the INDEXED BY clause.
* The LOCKING_STYLE extension is now enabled by default on Mac OS-X
* Added the TRUNCATE option to PRAGMA journal_mode
* Performance enhancements to tree balancing logic in the B-Tree layer.
* Added the source code and documentation for the genfkey program for
  automatically generating triggers to enforce foreign key constraints.
* Added the SQLITE_OMIT_TRUNCATE_OPTIMIZATION compile-time option.
* The SQL language documentation is converted to use syntax diagrams
  instead of BNF.
* Other minor bug fixes

(martti)

Fix pkg/33191 (affects only SunOS 5.8 so I didn't bump� revision).

(martti)

bogofilter

(martti)

Updated mail/bogofilter to 1.1.7

* Lots of bug fixes and improvements since 1.0.3

(martti)