Permalink
Commits on Jul 6, 2011
  1. Pullup tickets 3461, 3462 and 3463

    sbd
    sbd committed Jul 6, 2011
  2. Pullup ticket #3463 - requested by taca

    sbd
    sbd committed Jul 6, 2011
    security update for net/bind96
    
    Revisions pulled up:
    - net/bind96/Makefile                                           1.19
    - net/bind96/distinfo                                           1.12
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Jul  5 14:28:06 UTC 2011
    
       Modified Files:
       	pkgsrc/net/bind96: Makefile distinfo
    
       Log Message:
       Update bind96 package to 9.6.3.1.ESV.4pl3 (9.6-ESV-R4-P3), security release.
    
       The package name was selected as:
    
       - Make sure to greater version from bind-9.6.3.
       - Include "ESV" (Extended Support Version) string.
    
       Since changes from BIND 9.6.3 are too may, please refer changes in detail:
    
       ftp://ftp.isc.org/isc/bind/9.6-ESV-R4/CHANGES
       ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P1/RELEASE-NOTES-BIND-9.6-ESV-R4-P1.html
       ftp://ftp.isc.org/isc/bind/9.6-ESV-R4-P3/RELEASE-NOTES-BIND-9.6-ESV-R4-P3.html
  3. Pullup ticket #3462 - requested by taca

    sbd
    sbd committed Jul 6, 2011
    security update for net/bind97
    
    Revisions pulled up:
    - net/bind97/Makefile                                           1.8
    - net/bind97/distinfo                                           1.8
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Jul  5 13:56:35 UTC 2011
    
       Modified Files:
       	pkgsrc/net/bind97: Makefile distinfo
    
       Log Message:
       Update bind97 package to bind-9.7.3pl3 (9.7.3-P3), security release.
    
       	--- 9.7.3-P3 released ---
    
       3124.	[bug]		Use an rdataset attribute flag to indicate
       			negative-cache records rather than using rrtype 0;
       			this will prevent problems when that rrtype is
       			used in actual DNS packets.  [RT #24777]
    
       	--- 9.7.3-P2 released (withdrawn) ---
    
       3123.	[security]	Change #2912 exposed a latent flaw in
       			dns_rdataset_totext() that could cause named to
       			crash with an assertion failure. [RT #24777]
  4. Pullup ticket #3461 - requested by taca

    sbd
    sbd committed Jul 6, 2011
    security update for net/bind98
    
    Revisions pulled up:
    - net/bind98/Makefile                                           1.4
    - net/bind98/distinfo                                           1.4
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Jul  5 13:35:29 UTC 2011
    
       Modified Files:
       	pkgsrc/net/bind98: Makefile distinfo
    
       Log Message:
       Update bind98 package to 9.8.0pl4 (9.8.0-P4), security release.
    
       Introduction
    
          BIND 9.8.0-P4 is security patch for BIND 9.8.0.
    
          Please see the CHANGES file in the source code release for a complete
          list of all changes.
    
       	--- 9.8.0-P4 released ---
    
       3124.	[bug]		Use an rdataset attribute flag to indicate
       			negative-cache records rather than using rrtype 0;
       			this will prevent problems when that rrtype is
       			used in actual DNS packets.  [RT #24777]
    
       	--- 9.8.0-P3 released (withdrawn) ---
    
       3126.	[security]	Using DNAME record to generate replacements caused
       			RPZ to exit with a assertion failure. [RT #23766]
    
       3125.	[security]	Using wildcard CNAME records as a replacement with
       			RPZ caused named to exit with a assertion failure.
       			[RT #24715]
    
       3123.	[security]	Change #2912 exposed a latent flaw in
       			dns_rdataset_totext() that could cause named to
       			crash with an assertion failure. [RT #24777]
    
       3115.	[bug]		Named could fail to return requested data when
       			following a CNAME that points into the same zone.
       			[RT #2445]
Commits on Jun 18, 2011
  1. Pullup ticket 3458

    sbd
    sbd committed Jun 18, 2011
  2. Pullup ticket #3458 - requested by tez

    sbd
    sbd committed Jun 18, 2011
    sysutils/dbus security update
    
    Revisions pulled up:
    - sysutils/dbus/Makefile                                        1.52
    - sysutils/dbus/distinfo                                        1.37
    - sysutils/dbus/patches/patch-CVE-2011-2200                     1.1
    
    ---
       Module Name:    pkgsrc
       Committed By:   tez
       Date:           Mon Jun 13 22:06:39 UTC 2011
    
       Modified Files:
               pkgsrc/sysutils/dbus: Makefile distinfo
       Added Files:
               pkgsrc/sysutils/dbus/patches: patch-CVE-2011-2200
    
       Log Message:
       Add patch for CVE-2011-2200 (SA44896) from
       http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=6519a1f77c61d753d4c97efd6e15630eb275336e
Commits on Jun 15, 2011
  1. Pullup ticket #3457.

    tron
    tron committed Jun 15, 2011
  2. Pullup ticket #3457 - requested by drochner

    tron
    tron committed Jun 15, 2011
    x11/vte: security patch
    
    Revisions pulled up:
    - x11/vte/Makefile                                              1.85
    - x11/vte/distinfo                                              1.48
    - x11/vte/patches/patch-aj                                      1.3
    
    ---
       Module Name:    pkgsrc
       Committed By:   drochner
       Date:           Fri Jun 10 17:07:16 UTC 2011
    
       Modified Files:
               pkgsrc/x11/vte: Makefile distinfo
       Added Files:
               pkgsrc/x11/vte/patches: patch-aj
    
       Log Message:
       add a patch from Gnome bugzille to fix a bug where the terminal could
       be sent into an endless loop allocating memory by a simple escape sequence
       bump PKGREV
Commits on Jun 14, 2011
  1. Pullup ticket #3456.

    tron
    tron committed Jun 14, 2011
  2. Pullup ticket #3456 - requested by wiz

    tron
    tron committed Jun 14, 2011
    graphics/tiff: security update
    
    Revisions pulled up:
    - graphics/tiff/Makefile                                        1.101
    - graphics/tiff/distinfo                                        1.52
    - graphics/tiff/patches/patch-CVE-2011-1167                     deleted
    - graphics/tiff/patches/patch-SA43593                           deleted
    - graphics/tiff/patches/patch-aa                                deleted
    - graphics/tiff/patches/patch-ab                                deleted
    - graphics/tiff/patches/patch-ac                                deleted
    - graphics/tiff/patches/patch-ad                                deleted
    - graphics/tiff/patches/patch-ae                                deleted
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Tue Apr 12 08:57:57 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/tiff: Makefile distinfo
       Removed Files:
       	pkgsrc/graphics/tiff/patches: patch-CVE-2011-1167 patch-SA43593
       	    patch-aa patch-ab patch-ac patch-ad patch-ae
    
       Log Message:
       Update to 3.9.5:
       Many bugs and security issues are resolved in this stable release.
Commits on Jun 13, 2011
  1. Pullup ticket 3454

    sbd
    sbd committed Jun 13, 2011
  2. Pullup ticket #3454 - requested by tron

    sbd
    sbd committed Jun 13, 2011
    mail/fetchmail security update
    
    Revisions pulled up:
    - mail/fetchmail/Makefile                                       1.176
    - mail/fetchmail/distinfo                                       1.44
    - mail/fetchmail/patches/patch-aa                               removed
    - mail/fetchmailconf/Makefile                                   1.80
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu Jun  9 11:52:34 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/fetchmail: Makefile distinfo
       	pkgsrc/mail/fetchmailconf: Makefile
       Removed Files:
       	pkgsrc/mail/fetchmail/patches: patch-aa
    
       Log Message:
       Update fetchmail to 6.3.20.
       Requested by PR#45030.
    
       fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):
    
       # SECURITY BUG FIXES
       * CVE-2011-1947:
         STARTTLS: Fetchmail runs the IMAP STARTTLS or POP3 STLS negotiation with the
         set timeout (default five minutes) now. This was reported missing, with
         observed fetchmail freezes beyond a week, by Thomas Jarosch.
            SSL-wrapped connections were unaffected by this timeout, so users of older
         versions can force ssl-wrapped connections -- if supported by the server --
         with the --ssl command line or ssl rcfile option.
         See fetchmail-SA-2011-01.txt for further details.
    
       # BUG FIXES
       * IMAP: Do not search for UNSEEN messages in ranges. Usually, there are very few
         new messages and most of the range searches result in nothing. Instead, split
         the long response to make the IMAP driver think that there are multiple lines
         of response. (Sunil Shetye)
       * Do not print "skipping message" for old messages even in verbose mode. If
         there are too many old messages, the logs just get filled without any real
         activity. (Sunil Shetye) (suggested by Yunfan Jiang)
       * Build: fetchmail now always uses its own MD5 implementation rather than trying
         to find a system library with matched header. The library and header variants
         found on systems are too diverse, and the code size saving is not worth any
         more wasted user or programmer time.
    
       # CHANGES
       * Call strlen() only once when removing CRLF from a line. (Sunil Shetye)
       * fetchmail sets Internet domain sockets to "keepalive" mode now. Note that
         there is no portable way to configure actual timeouts for this mode, and some
         systems only support a system-wide timeout setting. fetchmail does not
         attempt to tune the time spans of keepalive mode.
    
       # TRANSLATION UPDATES
         [cs]    Chech (Petr Pisar)
         [nl]    Dutch (Erwin Poeze)
         [fr]    French (Fr�d�ric Marchal)
         [de]    German (Matthias Andree)
         [ja]    Japanese (Takeshi Hamasaki)
         [pl]    Polish (Jakub Bogusz)
         [sk]    Slovak (Marcel Telka)
    
       # KNOWN BUGS AND WORKAROUNDS
         (this section floats upwards through the NEWS file so it stays with the
         current release information - however, it was stuck with 6.3.8 for a while)
       * fetchmail does not handle messages without Message-ID header well
         (See sourceforge.net bug #780933)
       * BSMTP is mostly untested and errors can cause corrupt output.
       * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
         64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit
         fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code,
         so compiling 32-bit SPARC code should not cause any difficulties.
       * fetchmail does not track pending deletes over crashes.
       * the command line interface is sometimes a bit stubborn, for instance,
         fetchmail -s doesn't work with a daemon running.
       * Linux systems may return duplicates of an IP address in some circumstances if
         no or no global IPv6 addresses are configured.
         (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
       * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
         messages. This will not be fixed, because the maintainer has no Kerberos 5
         server to test against. Use GSSAPI.
    
       fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):
    
       # ERRATUM NOTICE ISSUED
       * fetchmail 6.3.18 contains several bug fixes that were considered sufficiently
         grave to warrant the issue of an erratum notice, fetchmail-EN-2010-03.txt.
    
       # BUG FIXES
       * When specifying multiple local multidrop lists, do not lose wildcard flag.
         (Affects "user foo is bar baz * is joe here")
       * In multidrop configurations, an asterisk can now appear anywhere in the list
         of local users, not just at the end.
       * In multidrop mode, header parsing is now more verbose in -vv mode, so that it
         becomes possible to see which header is used.
       * Make --antispam work from command line (these used to work in rcfiles).
         Reported by Kees Bakker, BerliOS Bug #17599. (Sunil Shetye)
       * Smoke test XHTML 1.1 validation, and if it fails, skip validating HTML
         documents.  Skip validating Mailbox-Names-UTF7.html. Several systems have
         broken XHTML 1.1 DTD installations that jeopardize the build.
         Reported by Mihail Nechkin against FreeBSD port.
         Workaround for 6.3.18: build in a separate directory, i. e:
         mkdir build && cd build && ../configure --options-go-here
       * Send a NOOP only after a failed STARTTLS in IMAP. (Sunil Shetye)
       * Demote GSSAPI verbose/debug syslog to INFO severity. Requested by Carlos E. R.
         and Derek Simkowiak via the fetchmail-users@ mailing list.
       * Do STARTTLS/STLS negotiation in IMAP/POP3 if it is mandatory even if the
         server capabilities do not show support for upgradation to TLS.
         To use this, configure --sslproto tls1. (Sunil Shetye)
       * IMAP: Understand empty strings as FETCH response, seen on Yahoo. Reported by
         Yasin Malli to fetchmail-users@ 2010-12-10.
         Note that fetchmail continues to expect literals as FETCH response for now.
    
       # DOCUMENTATION
       * The manual page now links to IANA for GSSAPI service names.
    
       # TRANSLATION UPDATES
         [cs]    Czech (Petr Pisar)
         [fr]    French (Fr�d�ric Marchal)
         [de]    German
         [it]    Italian (Vincenzo Campanella)
         [pl]    Polish (Jakub Bogusz)
    
       fetchmail-6.3.18 (released 2010-10-09, 25936 LoC):
    
       # SECURITY IMPROVEMENTS TO DEFANG X.509 CERTIFICATE ABUSE
       * Fetchmail now only accepts wildcard certificate common names and subject
         alternative names if they start with "*.". Previous versions would accept
         wildcards even if no period followed immediately.
       * Fetchmail now disallows wildcards in certificates to match domain literals
         (such as 10.9.8.7), or wildcards in domain literals ("*.168.23.23").
         The test is overly picky and triggers if the pattern (after skipping the
         initial wildcard "*") or domain consists solely of digits and dots, and thus
         matches more than needed.
       * Fetchmail now disallows wildcarding top-level domains.
    
       # CRITICAL BUG FIXES AND REGRESSION FIXES
       * Fetchmail 6.3.15, 6.3.16, and 6.3.17 would pick up libmd5 to obtain MD5*
         functions, as an effect of an undocumented Solaris MD5 fix.
         This caused all MD5-related functions to malfunction if, for instance,
         libmd5.so was installed on other operating systems as part of libwww on
         machines where long isn't 32-bits, i. e. usually on 64-bit computers.
         Fixes Gentoo Bug #319283, reported, including libwww hint, by Karl Hakimian.
         Side effect: fetchmail will now use -lmd on Solaris rather than -lmd5.
       * Fetchmail 6.3.17 warned about insecure SSL/TLS connections even if a matching
         --sslfingerprint was specified. This is an omission from an SSL usability
         change made in 6.3.17.
         Fixes Debian Bug#580796 reported by Roland Stigge.
       * Fetchmail will now apply timeouts to the authentication stage.
         This stage encompasses STARTTLS/STLS negotiation in IMAP/POP3.
         Reported missing by Thomas Jarosch.
       * Fetchmail now cancels GSSAPI authentication properly when encountering GSS
         errors, such as no or unsuitable credentials.
         It now sends an asterisk on a line by its own, as required in SASL.
           This fixes protocol synchronization issues that cause Authentication
         failures, often observed with kerberized MS Exchange servers.
         Fixes Debian Bug #568455 reported by Patrick Rynhart, and Alan Murrell, to the
         fetchmail-users list. Fix verified by Thomas Voigtmann and Patrick Rynhart.
    
       # BUG FIXES
       * Fetchmail will no longer print connection attempts and errors for one host
         in "silent" and "normal" logging modes, unless all connections fail. This
         should reduce irritation around refused-connection logging if services are
         only on an IPv4 socket if the host also supports IPv6. Often observed as
         connections refused to ::1/25 when the subsequent connection to 127.0.0.1/25
         then - silently - succeeds.  Fetchmail, unless in verbose mode, will collect
         all connect errors and only report them if all of them fail.
       * Fetchmail will not try GSSAPI authentication automatically, unless it has GSS
         credentials. However, if GSSAPI authentication is requested explicitly,
         fetchmail will always try it.
       * Fetchmail now parses response to "FETCH n:m RFC822.SIZE" and "FETCH n
         RFC822.HEADER" in a more flexible manner. (Sunil Shetye)
       * The manual page clearly states that --principal is for Kerberos 4 only, not
         for Kerberos 5 or GSSAPI. Found by Thomas Voigtmann.
    
       # CHANGES
       * When encountering incorrect headers, fetchmail will refer to the bad-header
         option in the manpage.
         Fixes BerliOS Bug #17272, change suggested by Bj�rn Voigt.
       * Fetchmail now decodes and reports GSSAPI status codes upon errors.
       * Fetchmail now autoprobes NTLM also for POP3.
       * The Fetchmail FAQ has a new item #R15 on authentication failures.
    
       # INTERNAL CHANGES
       * The common NTLM authentication code was factored out from pop3.c and imap.c.
    
       # TRANSLATION UPDATES
         [zh_CN] Chinese/simplified (Ji Zheng-Yu)
         [cs]    Czech (Petr Pisar)
         [nl]    Dutch (Erwin Poeze)
         [fr]    French (Fr�d�ric Marchal)
         [de]    German
         [it]    Italian (Vincenzo Campanella)
         [ja]    Japanese (Takeshi Hamasaki)
         [pl]    Polish (Jakub Bogusz)
         [sk]    Slovak (Marcel Telka)
Commits on Jun 12, 2011
  1. Pullup ticket #3455.

    tron
    tron committed Jun 12, 2011
  2. Pullup ticket #3455 - requested by taca

    tron
    tron committed Jun 12, 2011
    devel/java-subversion: security update
    devel/p5-subversion: security update
    devel/py-subversion: security update
    devel/subversion: security update
    devel/subversion-base: security update
    www/ap2-subversion: security update
    
    Revisions pulled up:
    - devel/java-subversion/Makefile                                1.11 via patch
    - devel/p5-subversion/Makefile                                  1.51 via patch
    - devel/py-subversion/Makefile                                  1.40 via patch
    - devel/ruby-subversion/Makefile                                1.31 via patch
    - devel/subversion-base/Makefile                                1.72 via patch
    - devel/subversion/Makefile                                     1.44 via patch
    - devel/subversion/Makefile.version                             1.58
    - devel/subversion/distinfo                                     1.79
    - www/ap2-subversion/Makefile                                   1.44 via patch
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Jun  3 13:26:50 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/java-subversion: Makefile
       	pkgsrc/devel/p5-subversion: Makefile
       	pkgsrc/devel/py-subversion: Makefile
       	pkgsrc/devel/ruby-subversion: Makefile
       	pkgsrc/devel/subversion: Makefile Makefile.version distinfo
       	pkgsrc/devel/subversion-base: Makefile
       	pkgsrc/www/ap2-subversion: Makefile
    
       Log Message:
       Update subversion pacakges to 1.6.17.
    
       Version 1.6.17
       (01 Jun 2011, from /branches/1.6.x)
       http://svn.apache.org/repos/asf/subversion/tags/1.6.17
    
         User-visible changes:
           * improve checkout speed on Windows (issue #3719)
           * make 'blame -g' more efficient on with large mergeinfo (r1094692)
           * avoid some invalid handle exceptions on Windows (r1095654)
           * preserve log message with a non-zero editor exit (r1072084)
           * fix FSFS cache performance on 64-bit platforms (r1103665)
           * make svn cleanup tolerate obstructed directories (r1091881)
           * fix deadlock in multithreaded servers serving FSFS repositories (r1104093)
           * detect very occasional corruption and abort commit (issue #3845)
           * fixed: file externals cause non-inheritable mergeinfo (issue #3843)
           * fixed: file externals cause mixed-revision working copies (issue #3816)
           * fix crash in mod_dav_svn with GETs of baselined resources (r1104126)
                   See CVE-2011-1752, and descriptive advisory at
                   http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
           * fixed: write-through proxy could direcly commit to slave (r917523)
           * detect a particular corruption condition in FSFS (r1100213)
           * improve error message when clients refer to unkown revisions (r939000)
           * bugfixes and optimizations to the DAV mirroring code (r878607)
           * fixed: locked and deleted file causes tree conflict (issue #3525)
           * fixed: update touches locked file with svn:keywords property (issue #3471)
           * fix svnsync handling of directory copyfrom (issue #3641)
           * fix 'log -g' excessive duplicate output (issue #3650)
           * fix svnsync copyfrom handling bug with BDB (r1036429)
           * server-side validation of svn:mergeinfo syntax during commit (issue #3895)
           * fix remotely triggerable mod_dav_svn DoS
                   See CVE-2011-1783, and descriptive advisory at
                   http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
           * fix potential leak of authz-protected file contents
                   See CVE-2011-1921, and descriptive advisory at
                   http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
    
         Developer-visible changes:
           * fix reporting FS-level post-commit processing errors (r1104098)
           * fix JVM recognition on OS X Snow Leopard (10.6) (r1028084)
           * allow building on Windows with recent Expat (r1074572)
Commits on Jun 11, 2011
  1. Pullup tickets 3450, 3451 and 3453

    sbd
    sbd committed Jun 11, 2011
  2. Pullup ticket #3453 - requested by tron

    sbd
    sbd committed Jun 11, 2011
    devel/automake14 security update
    
    Revisions pulled up:
    - devel/automake14/Makefile                                     1.19
    - devel/automake14/distinfo                                     1.5
    - devel/automake14/patches/patch-ab                             1.4
    - devel/automake14/patches/patch-ac                             1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Fri Jun 10 09:43:41 UTC 2011
    
       Modified Files:
       	pkgsrc/devel/automake14: Makefile distinfo
       	pkgsrc/devel/automake14/patches: patch-ab
       Added Files:
       	pkgsrc/devel/automake14/patches: patch-ac
    
       Log Message:
       Add fix for the vulnerability reported in CVE-2009-4029 taken from the
       automake GIT repository.
  3. Pullup ticket #3451 - requested by tron

    sbd
    sbd committed Jun 11, 2011
    textproc/libxml2 security update
    
    Revisions pulled up:
    - textproc/libxml2/Makefile                                     1.109
    - textproc/libxml2/distinfo                                     1.83
    - textproc/libxml2/patches/patch-ak                             1.2
    - textproc/libxml2/patches/patch-al                             1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	drochner
       Date:		Mon Jun  6 12:09:01 UTC 2011
    
       Modified Files:
       	pkgsrc/textproc/libxml2: Makefile distinfo
       	pkgsrc/textproc/libxml2/patches: patch-ak
       Added Files:
       	pkgsrc/textproc/libxml2/patches: patch-al
    
       Log Message:
       addmore patches from upstream:
       -fix more potential problems on reallocation failures (CVE-2011-1944)
       -Fix memory corruption
       also replace an error handling which doesn't recover from
       integer overflow
       bump PKGREV
  4. Pullup ticket #3450 - requested by tron

    sbd
    sbd committed Jun 11, 2011
    mail/dovecot2 security update
    
    Revisions pulled up:
    - mail/dovecot2/Makefile                                        1.9,1.11
    - mail/dovecot2/PLIST                                           1.6-1.7
    - mail/dovecot2/buildlink3.mk                                   1.4
    - mail/dovecot2/distinfo                                        1.9-1.10
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Fri Apr 15 13:34:28 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile PLIST distinfo
    
       Log Message:
       Changes 2.0.12:
       * doveadm: Added "move" command for moving mails between mailboxes.
       * virtual: Added support for "+mailbox" entries that clear \Recent
         flag from messages (default is to preserve them).
       * dbox: Fixes to handling external attachments
       * dsync: More fixes to avoid hanging with remote syncs
       * dsync: Many other syncing/correctness fixes
       * doveconf: v2.0.10 and v2.0.11 didn't output plugin {} section right
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Fri May 13 07:36:39 UTC 2011
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile PLIST buildlink3.mk distinfo
    
       Log Message:
       Changes 2.0.13:
       * Added "doveadm index" command to add unindexed messages into
         index/cache. If full text search is enabled, it also adds unindexed
         messages to the fts database.
       * added "doveadm director dump" command.
       * pop3: Added support for showing messages in "POP3 order", which can
         be different from IMAP message order. This can be useful for
         migrations from other servers. Implemented it for Maildir as 'O'
         field in dovecot-uidlist.
       * doveconf: Fixed a wrong "subsection has ssl=yes" warning.
       * mdbox purge: Fixed wrong warning about corrupted extrefs.
       * sdbox: INBOX GUID changed when INBOX was autocreated, leading to
         trouble with dsync.
       * script-login binary wasn't actually dropping privileges to the
         user/group/chroot specified by its service settings.
       * Fixed potential crashes and other problems when parsing header names
         that contained NUL characters.
Commits on Jun 9, 2011
  1. Pullup ticket #3452.

    tron
    tron committed Jun 9, 2011
  2. Pullup ticket #3452 - requested by obache

    tron
    tron committed Jun 9, 2011
    lang/sun-jdk6: security update
    lang/sun-jre6: security update
    
    Revisions pulled up:
    - lang/sun-jdk6/Makefile                                        1.22
    - lang/sun-jdk6/PLIST                                           1.12
    - lang/sun-jdk6/distinfo                                        1.13
    - lang/sun-jdk6/files/common                                    1.3
    - lang/sun-jre6/Makefile                                        1.29
    - lang/sun-jre6/PLIST.linux-i386                                1.22
    - lang/sun-jre6/distinfo                                        1.16
    - lang/sun-jre6/sfiles-i386.mk                                  1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Thu Jun  9 09:08:18 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/sun-jdk6: Makefile PLIST distinfo
       	pkgsrc/lang/sun-jdk6/files: common
       	pkgsrc/lang/sun-jre6: Makefile PLIST.linux-i386 distinfo sfiles-i386.mk
    
       Log Message:
       Update sun-{jre,jdk}6 to 6.0.26, aka 6u26.
    
       Java SE 6 Update 26
       * Olson Data 2011g
       * Bug fixes
          This release contains fixes for security vulnerabilities. For more
          information, please see Oracle Java SE Critical Patch Update advisory:
          http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
    
       Java SE 6 Update 25
       * Olson Data 2011b
       * Java Hotspot VM 20
       * Performance Improvement to BigDecimal
       * Performance Improvement to java.util.logging.LogRecord
       * Bug Fixes
Commits on Jun 8, 2011
  1. Pullup ticket 3449

    sbd
    sbd committed Jun 8, 2011
  2. Pullup ticket #3449 - requested by wiz

    sbd
    sbd committed Jun 8, 2011
    graphics/png security update.
    
    Revisions pulled up:
    - graphics/png/Makefile                                         1.132-1.137
    - graphics/png/distinfo                                         1.78-1.84
    - graphics/png/patches/patch-pngconf.h                          0
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Tue Apr  5 12:47:56 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
       Removed Files:
       	pkgsrc/graphics/png/patches: patch-pngconf.h
    
       Log Message:
       Update to 1.5.2:
    
       Version 1.5.2beta01 [February 13, 2011]
         More -Wshadow fixes for older gcc compilers.  Older gcc versions apparently
           check formal parameters names in function declarations (as well as
           definitions) to see if they match a name in the global namespace.
         Revised PNG_EXPORTA macro to not use an empty parameter, to accommodate the
           old VisualC++ preprocessor.
         Turned on interlace handling in png_read_png().
         Fixed gcc pendantic warnings.
         Handle longjmp in Cygwin.
         Fixed png_get_current_row_number() in the interlaced case.
         Cleaned up ALPHA flags and transformations.
         Implemented expansion to 16 bits.
    
       Version 1.5.2beta02 [February 19, 2011]
         Fixed mistake in the descriptions of user read_transform and write_transform
           function prototypes in the manual.  The row_info struct is png_row_infop.
         Reverted png_get_current_row_number() to previous (1.5.2beta01) behavior.
         Corrected png_get_current_row_number documentation
         Fixed the read/write row callback documentation.
           This documents the current behavior, where the callback is called after
           every row with information pertaining to the next row.
    
       Version 1.5.2beta03 [March 3, 2011]
         Fixed scripts/makefile.vcwin32
         Updated contrib/pngsuite/README to add the word "modify".
         Define PNG_ALLOCATED to blank when _MSC_VER<1300.
    
       Version 1.5.2rc01 [March 19, 2011]
         Define remaining attributes to blank when MSC_VER<1300.
         ifdef out mask arrays in pngread.c when interlacing is not supported.
    
       Version 1.5.2rc02 [March 22, 2011]
         Added a hint to try CPP=/bin/cpp if "cpp -E" fails in scripts/pnglibconf.mak
           and in contrib/pngminim/*/makefile, eg., on SunOS 5.10, and removed "strip"
           from the makefiles.
         Fixed a bug (present since libpng-1.0.7) that makes png_handle_sPLT() fail
           to compile when PNG_NO_POINTER_INDEXING is defined (Chubanov Kirill)
    
       Version 1.5.2rc03 [March 24, 2011]
         Don't include standard header files in png.h while building the symbol table,
           to avoid cpp failure on SunOS (introduced PNG_BUILDING_SYMBOL_TABLE macro).
    
       Version 1.5.2 [March 31, 2011]
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Tue May  3 09:07:35 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Update to 1.5.3beta04 to fix a regression reported on tech-pkg (see beta03,
       last entry).
    
       Version 1.5.3beta01 [April 1, 2011]
         Re-initialize the zlib compressor before compressing non-IDAT chunks.
         Added API functions to set parameters for zlib compression of non-IDAT
           chunks.
    
       Version 1.5.3beta02 [April 3, 2011]
         Updated scripts/symbols.def with new API functions.
         Only compile the new zlib re-initializing code when text or iCCP is
           supported, using PNG_WRITE_COMPRESSED_TEXT_SUPPORTED macro.
         Improved the optimization of the zlib CMF byte (see libpng-1.2.6beta03).
         Optimize the zlib CMF byte in non-IDAT compressed chunks
    
       Version 1.5.3beta03 [April 16, 2011]
         Fixed gcc -ansi -pedantic compile. A strict ANSI system does not have
           snprintf, and the "__STRICT_ANSI__" detects that condition more reliably
           than __STDC__ (John Bowler).
         Removed the PNG_PTR_NORETURN attribute because it too dangerous. It tells
           the compiler that a user supplied callback (the error handler) does not
           return, yet there is no guarantee in practice that the application code
           will correctly implement the error handler because the compiler only
           issues a warning if there is a mistake (John Bowler).
         Removed the no-longer-used PNG_DEPSTRUCT macro.
         Updated the zlib version to 1.2.5 in the VStudio project.
         Fixed 64-bit builds where png_uint_32 is smaller than png_size_t in
           pngwutil.c (John Bowler).
         Fixed bug with stripping the filler or alpha channel when writing, that
           was introduced in libpng-1.5.2beta01 (bug report by Andrew Church).
    
       Version 1.5.3beta04 [April 27, 2011]
         Updated pngtest.png with the new zlib CMF optimization.
         Cleaned up conditional compilation code and of background/gamma handling
           Internal changes only except a new option to avoid compiling the
           png_build_grayscale_palette API (which is not used at all internally.)
           The main change is to move the transform tests (READ_TRANSFORMS,
           WRITE_TRANSFORMS) up one level to the caller of the APIs.  This avoids
           calls to spurious functions if all transforms are disabled and slightly
           simplifies those functions.  Pngvalid modified to handle this.
           A minor change is to stop the strip_16 and expand_16 interfaces from
           disabling each other; this allows the future alpha premultiplication
           code to use 16-bit intermediate values while still producing 8-bit output.
           png_do_background and png_do_gamma have been simplified to take a single
           pointer to the png_struct rather than pointers to every item required
           from the png_struct. This makes no practical difference to the internal
           code.
         A serious bug in the pngvalid internal routine 'standard_display_init' has
           been fixed - this failed to initialize the red channel and accidentally
           initialized the alpha channel twice.
         Changed png_struct jmp_buf member name from png_jmpbuf to tmp_jmpbuf to
           avoid a clash with the png_jmpbuf macro on some platforms.
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Fri May  6 07:19:23 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Changes 1.5.3beta05:
       * Added the "_POSIX_SOURCE" feature test macro to ensure libpng sees the
         correct API. _POSIX_SOURCE is defined in pngpriv.h, pngtest.c and
         pngvalid.c to ensure that POSIX conformant systems disable non-POSIX APIs.
       * Removed png_snprintf and added formatted warning messages.  This change adds
         internal APIs to allow png_warning messages to have parameters without
         requiring the host OS to implement snprintf.  As a side effect the
         dependency of the tIME-supporting RFC1132 code on stdio is removed and
         PNG_NO_WARNINGS does actually work now.
       * Added PNG_WRITE_OPTIMIZE_CMF_SUPPORTED macro to make the zlib "CMF" byte
         optimization configureable.
       * IDAT compression failed if preceded by a compressed text chunk (bug
         introduced in libpng-1.5.3beta01-02).  This was because the attempt to
         reset the zlib stream in png_write_IDAT happened after the first IDAT
         chunk had been deflated - much too late.  In this change internal
         functions were added to claim/release the z_stream and, hopefully, make
         the code more robust.  Also deflateEnd checking is added - previously
         libpng would ignore an error at the end of the stream.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sun May  8 06:02:43 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Switch to use default EXTRACT_SUFX for distfile, .tar.gz is the only long term
       provided archive for libpng beta release.
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sun May  8 09:09:20 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Update to 1.5.3beta06:
       Version 1.5.3beta06 [May 8, 2011]
         Removed the -D_ALL_SOURCE from definitions for AIX in CMakeLists.txt
         Implemented premultiplied alpha support: png_set_alpha_mode API
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Sun May  8 09:11:08 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: distinfo
    
       Log Message:
       regen for targz change
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Wed Jun  8 06:58:59 UTC 2011
    
       Modified Files:
       	pkgsrc/graphics/png: Makefile distinfo
    
       Log Message:
       Update to 1.5.3rc02 for a security fix.
    
       Version 1.5.3beta07 [May 11, 2011]
         Added expand_16 support to the high level interface.
         Added named value and 'flag' gamma support to png_set_gamma.  Made a minor
           change from the previous (unreleased) ABI/API to hide the exact value used
           for Macs - it's not a good idea to embed this in the ABI!
         Moved macro definitions for PNG_HAVE_IHDR, PNG_HAVE_PLTE, and PNG_AFTER_IDAT
           from pngpriv.h to png.h because they must be visible to applications
           that call png_set_unknown_chunks().
         Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
           before IDAT.
    
       Version 1.5.3beta08 [May 16, 2011]
         Improved "pngvalid --speed" to exclude more of pngvalid from the time.
         Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt
         The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative
           parameters are supplied by the caller), while in the absence of cHRM
           sRGB/Rec 709 values are still used.
         The bKGD chunk no longer overwrites the background value set by
           png_set_background(), allowing the latter to be used before the file
           header is read. It never performed any useful function to override
           the default anyway.
         Added memory overwrite and palette image checks to pngvalid.c
           Previously palette image code was poorly checked. Since the transformation
           code has a special palette path in most cases this was a severe weakness.
         Minor cleanup and some extra checking in pngrutil.c and pngrtran.c. When
           expanding an indexed image, always expand to RGBA if transparency is
           present.
    
       Version 1.5.3beta09 [May 17, 2011]
         Reversed earlier 1.5.3 change of transformation order; move png_expand_16
           back where it was.  The change doesn't work because it requires 16-bit
           gamma tables when the code only generates 8-bit ones.  This fails
           silently; the libpng code just doesn't do any gamma correction.  Moving
           the tests back leaves the old, inaccurate, 8-bit gamma calculations, but
           these are clearly better than none!
    
       Version 1.5.3beta10 [May 20, 2011]
    
         png_set_background() and png_expand_16() did not work together correctly.
           This problem is present in 1.5.2; if png_set_background is called with
           need_expand false and the matching 16 bit color libpng erroneously just
           treats it as an 8-bit color because of where png_do_expand_16 is in the
           transform list.  This simple fix reduces the supplied colour to 8-bits,
           so it gets smashed, but this is better than the current behavior.
         Added tests for expand16, more fixes for palette image tests to pngvalid.
           Corrects the code for palette image tests and disables attempts to
           validate palette colors.
    
       Version 1.5.3rc01 [June 3, 2011]
         No changes.
    
       Version 1.5.3rc02 [June 7, 2011]
         Fixed 1-byte uninitialized memory reference in png_format_buffer() (Bug
           report by Frank Busse, related to CVE-2004-0421).
Commits on Jun 6, 2011
  1. Pullup ticket #3448.

    tron
    tron committed Jun 6, 2011
  2. Pullup ticket #3448 - requested by schnoebe

    tron
    tron committed Jun 6, 2011
    textproc/lua-expat: security update
    chat/prosody: security update
    
    Revisions pulled up:
    - chat/prosody/Makefile                                         1.3 via patch
    - chat/prosody/PLIST                                            1.2
    - chat/prosody/distinfo                                         1.2
    - chat/prosody/patches/patch-aa                                 1.2
    - chat/prosody/patches/patch-ab                                 1.2
    - chat/prosody/patches/patch-ac                                 deleted
    - chat/prosody/patches/patch-ad                                 1.2
    - textproc/lua-expat/Makefile                                   1.16
    - textproc/lua-expat/distinfo                                   1.5
    
    ---
       Module Name:	pkgsrc
       Committed By:	schnoebe
       Date:		Sat Jun  4 23:13:40 UTC 2011
    
       Modified Files:
       	pkgsrc/textproc/lua-expat: Makefile distinfo
    
       Log Message:
       Update textproc/lua-expat to 1.2.0.
    
       Required for updating chat/prosody to 0.8.1, which helps handle the
       "billion laughs" exploits on XML parsers and XMPP servers.
    
       Change log as recorded in the README:
    
       Version 1.2.0 [02/Jun/2011]
    
               * support for the StartDoctypeDecl handler
       	* add parser:stop() to abort parsing inside a callback
    
    ---
       Module Name:	pkgsrc
       Committed By:	schnoebe
       Date:		Mon Jun  6 14:41:48 UTC 2011
    
       Modified Files:
       	pkgsrc/chat/prosody: Makefile PLIST distinfo
       	pkgsrc/chat/prosody/patches: patch-aa patch-ab patch-ad
       Removed Files:
       	pkgsrc/chat/prosody/patches: patch-ac
    
       Log Message:
       Update to prosody 0.8.1.
    
       A security and bug fix release.  The security aspect is to mitigate the
       "billion laughs" denial-of-service attack against XML parsers and XMPP
       servers.
    
       Other changes:
    
       - Reject XML DTDs, comments and processing instructions, preventing
         the "billion laughs" attack
       - Switch to MEDIUMTEXT in the schema for MySQL to avoid truncating
         large data (such as large avatars)
         Prosody automatically upgrades the table in-place if possible, see:
         http://prosody.im/doc/mysql
       - Fix for endless loop when parsing certain invalid JSON
       - Fix PostgreSQL compatibility in prosody-migrator
       - Fix timestamp parsing for DST (affecting MUC scrollback retrieval)
       - mod_legacyauth now correctly disabled for unencrypted connections by default
       - Components properly inherit SSL settings and certificates from their
         'parent' hosts
       - Prevent startup with no VirtualHost entries in the config file
Commits on Jun 4, 2011
  1. Pullup ticket 3447

    sbd
    sbd committed Jun 4, 2011
  2. Pullup ticket #3447 - requested by tez

    sbd
    sbd committed Jun 4, 2011
    security/openssl security fix
    
    Revisions pulled up:
    - security/openssl/Makefile                                     1.156
    - security/openssl/distinfo                                     1.81
    - security/openssl/patches/patch-crypto_ecdsa_ecs__ossl.c       1.1
    
    ---
       Module Name:    pkgsrc
       Committed By:   tez
       Date:           Tue May 31 17:18:42 UTC 2011
    
       Modified Files:
               pkgsrc/security/openssl: Makefile distinfo
       Added Files:
               pkgsrc/security/openssl/patches: patch-crypto_ecdsa_ecs__ossl.c
    
       Log Message:
       Add protection against ECDSA timing attacks as mentioned in the paper
       by Billy Bob Brumley and Nicola Tuveri, see:
         http://eprint.iacr.org/2011/232.pdf
       [Billy Bob Brumley and Nicola Tuveri]
    
       (patch confirmed in upstream cvs)
Commits on Jun 2, 2011
  1. Pullup ticket 3444

    sbd
    sbd committed Jun 2, 2011
  2. Pullup ticket #3444 - requested by tron

    sbd
    sbd committed Jun 2, 2011
    net/wireshark security update
    
    Revisions pulled up:
    - net/wireshark/Makefile                                        1.64
    - net/wireshark/distinfo                                        1.45
    
    ---
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Wed Jun  1 07:21:53 UTC 2011
    
       Modified Files:
       	pkgsrc/net/wireshark: Makefile distinfo
    
       Log Message:
       Update "wireshark" package to version 1.4.7. Changes since version 1.4.6:
       - Bug Fixes
         The following vulnerabilities have been fixed. See the security
         advisory for details and a workaround.
         o Large/infinite loop in the DICOM dissector. (Bug 5876)
           Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
         o Huzaifa Sidhpurwala of the Red Hat Security Response Team
           discovered that a corrupted Diameter dictionary file could
           crash Wireshark.
           Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
         o Huzaifa Sidhpurwala of the Red Hat Security Response Team
           discovered that a corrupted snoop file could crash Wireshark.
           (Bug 5912)
           Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
          o David Maciejak of Fortinet's FortiGuard Labs discovered that
            malformed compressed capture data could crash Wireshark. (Bug
            5908)
            Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
          o Huzaifa Sidhpurwala of the Red Hat Security Response Team
            discovered that a corrupted Visual Networks file could crash
            Wireshark. (Bug 5934)
            Versions affected: 1.2.0 to 1.2.16 and 1.4.0 to 1.4.6.
       - The following bugs have been fixed:
         o AIM dissector has some endian issues. (Bug 5464)
         o Telephony?MTP3?MSUS doesn't display window. (Bug 5605)
         o Support for MS NetMon 3.x traces containing raw IPv6 ("Type
           7") packets. (Bug 5817)
         o Service Indicator in M3UA protocol data. (Bug 5834)
         o IEC60870-5-104 protocol, incorrect decoding of timestamp type
           CP56Time2a. (Bug 5889)
         o DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF
           _FDCTR_32NF _FDCTR_16NF. (Bug 5920)
         o 3GPP QoS: Traffic class is not decoded properly. (Bug 5928)
         o Wireshark crashes when creating ProtoField.framenum in Lua.
           (Bug 5930)
         o Fix a wrong mask to extract FMID from DECT packets dissector.
           (Bug 5947)
         o Incorrect DHCPv6 remote identifier option parsing. (Bug 5962)
       - Updated Protocol Support
         DICOM, IEC104, M3UA, TCP,
       - New and Updated Capture File Support
         Network Monitor.
Commits on May 31, 2011
  1. Pullup ticket 3443

    sbd
    sbd committed May 31, 2011
  2. Pullup ticket #3443 - requested by taca

    sbd
    sbd committed May 31, 2011
    lang/ruby18-base security update
    
    Revisions pulled up:
    - lang/ruby18-base/Makefile                                     1.60-1.61
    - lang/ruby18-base/distinfo                                     1.49
    - lang/ruby18-base/patches/patch-ext_bigdecimal_bigdecimal.c    1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun May 29 01:36:24 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/ruby18-base: Makefile
       Added Files:
       	pkgsrc/lang/ruby18-base/patches: patch-ext_bigdecimal_bigdecimal.c
    
       Log Message:
       Add a patch for CVE-2011-0188 from repository as ruby19-base.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon May 30 04:21:38 UTC 2011
    
       Modified Files:
       	pkgsrc/lang/ruby18-base: Makefile distinfo
    
       Log Message:
       It seems that I forgot update distinfo file.
    
       Since it cause creating binary package which isn't up to date,
       bump PKGREVISION, again.
Commits on May 28, 2011
  1. Pullup ticket #3442.

    tron
    tron committed May 28, 2011
  2. Pullup ticket #3442 - requested by taca

    tron
    tron committed May 28, 2011
    www/drupal6: security update
    
    Revisions pulled up:
    - www/drupal6/Makefile                                          1.27
    - www/drupal6/distinfo                                          1.20
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat May 28 11:45:51 UTC 2011
    
       Modified Files:
       	pkgsrc/www/drupal6: Makefile distinfo
    
       Log Message:
       Update drupal6 pacakge to 6.21.
    
       Drupal 6.21, 2011-05-25
       ----------------------
       - Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
         http://drupal.org/node/1168756
Commits on May 27, 2011
  1. Pullup tickets 3439, 3440 and 3441

    sbd
    sbd committed May 27, 2011
  2. Pullup ticket #3441 - requested by morr

    sbd
    sbd committed May 27, 2011
    www/wordpress security update
    
    Revisions pulled up:
    - www/wordpress/Makefile                                        1.19
    - www/wordpress/distinfo                                        1.15
    
    ---
       Module Name:	pkgsrc
       Committed By:	morr
       Date:		Thu May 26 22:59:38 UTC 2011
    
       Modified Files:
       	pkgsrc/www/wordpress: Makefile distinfo
    
       Log Message:
       Security update to 3.1.3.
    
       * Various security hardening by Alexander Concha.
       * Taxonomy query hardening by John Lamansky.
       * Prevent sniffing out user names of non-authors by using canonical
         redirects. Props Ver�nica Valeros.
       * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
         Microsoft, and Microsoft Vulnerability Research.
       * Improves file upload security on hosts with dangerous security
         settings.
       * Cleans up old WordPress import files if the import does not finish.
       * Introduce "clickjacking" protection in modern browsers on admin and
         login pages.
  3. Pullup ticket #3440 - requested by taca

    sbd
    sbd committed May 27, 2011
    net/bind97 security update
    
    Revisions pulled up:
    - net/bind97/Makefile                                           1.7
    - net/bind97/distinfo                                           1.7
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri May 27 06:46:26 UTC 2011
    
       Modified Files:
       	pkgsrc/net/bind97: Makefile distinfo
    
       Log Message:
       Update bind97 package to 9.7.3pl1 (9.7.3-P1).
    
       	--- 9.7.3-P1 released ---
    
       3121.   [security]      An authoritative name server sending a negative
                               response containing a very large RRset could
                               trigger an off-by-one error in the ncache code
                               and crash named. [RT #24650]
    
       3120.	[bug]		Named could fail to validate zones listed in a DLV
       			that validated insecure without using DLV and had
       			DS records in the parent zone. [RT #24631]