- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:		157936
Submitted by:	myself
Exp-runs by:	pav
Approved by:	pav

PR:		ports/160942
Submitted by:	Grzegorz Blach <magik@roorback.net> (maintainer)
Approved by:	miwi, wen (mentors implicit)

- Use DIST_SUBDIR since the distfiles are just version numbers.

Here is the (partial) CHANGELOG since 5.59BETA1:

Nmap 5.61TEST1 [2011-09-19]

o The changelog entries below for this test release are not yet
  finished or comprehensive.  We'll update them soon.

o [Ncat] Updated ca-bundle.crt (primarily to remove DigiNotar).

o Fixed compilation on OS X 10.7 Lion. Thanks to Patrik Karlsson and
  Babak Farroki for researching fixes.

o [NSE] Fixed SSL compressor names in ssl-enum-ciphers.nse, and
  removed redundant multiple listings of the NULL compressor.
  [Matt Selsky]

o [NSE] Added cipher strength ratings to ssl-enum-ciphers.nse.
  [Gabriel Lawrence]

o Added Common Platform Enumeration (CPE, http://cpe.mitre.org/)
  output for OS and service versions. These show up in normal output
  with the headings "OS CPE:" and "Service Info:":
    OS CPE: cpe:/o:linux:kernel:2.6.39
    Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
  These also appear in XML output, which additionally has CPE entries
  for service versions. [David, Henri]

o [NSE] Added new default credential list for Oracle and modified the
  oracle-brute script to make use of it. [Patrik]

o [NSE] Added xmpp-info.nse as a replacement for xmpp.nse. This updated version
  brings new features and fixes. [Vasiliy Kulikov]

o Fixed RPC scan for 64-bit architectures by using fixed-size data
  types. [David]

o Relaxed the XML DTD to allow validation of files where the verbosity
  level changed during the scan. [Daniel Miller]

o Made a service confidence of 8 (used when tcpwrapped) and indeed any
  number between 0 and 10 be legal in XML output according to the DTD.
  [Daniel Miller]

o [NSE] Added three scripts that do host discovery on local IPv6
  subnets. Each of them uses a different multicast technique, meaning
  that even very large networks have host discovery done without
  needing to probe every address individually.
  + targets-multicast-ipv6-echo: Sends a multicast echo request, like
    broadcast-ping does for IPv4.
  + targets-multicast-ipv6-invalid-dst: Sends an invalid packet that
    can elicit an ICMPv6 Parameter Problem response.
  + targets-multicast-ipv6-slaac: Sends a phony router advertisement,
    which causes hosts to allocate a temporary address and then send a
    packet to discover if anyone else is using the address.
  [Weilin, David]

o [NSE] Added functions to packet.lua to make it easier to build IPv6
  packets. [Weilin]

o [NSE] Added new script http-vuln-cve2011-3192 which checks whether an instance
  of Apache is vulnerable to a DoS attack exploiting the byterange filter.
  [Duarte Silva].

o [NSE] Fixed authentication problems in the TNS library that would prevent
  authentication from working against Oracle 11.2.0.2.0 XE [Chris Woodbury]

o Removed some restrictions on probe matching that, for example,
  prevented a RST/ACK reply from being recognized in a NULL scan. This
  was found and fixed by Matthew Stickney and Joe McEachern.

o Rearranged some characters classes in service matches to avoid any
  that look like POSIX collating symbols ("[.xyz.]"). John Hutchison
  discovered this error caused by one of the match lines:
    InitMatch: illegal regexp: POSIX collating elements are not supported
  [Daniel Miller]

o [NSE] Added the address-info.nse script, which shows extra information about IP addresses.

o [NSE] Added scripts http-joomla-brute, http-wordpress-brute, http-wp-enum and
  http-awstatstotal-exec. [Paulino]

o [Zenmap] Fixed zenmap deleting ports based on newer scans which did
  not actually scan the port in question. Additionally ncat now only
  updates ports with new information if the new information is the same
  protocol. Not just the same port. [Colin Rice]

o [Ncat] Fixed ncat crashing with --ssl-verify -vvv on windows. [Colin Rice]

o [NSE] Added script http-waf-detect. This script tries to determine
  if an IDS/IPS/WAF is protecting a web server. [Paulino]

o [NSE] Added the bittorrent library and bittorrent-discovery script which
  enables us to discover peers and nodes for a particular torrent file or
  magnet link.

o [NSE] Added basic query support to the Oracle TNS library making it possible
  for scripts to query the database server using SQL. [Patrik]

o [Ncat] Added --append-output option, that when used along with -o and/or -x
  prevents clobbering(truncating) an existing file. [Shinnok]

o [NSE] Added script broadcast-listener that attempts to discover hosts by
  passively listening to the network. It does so by decoding ethernet and IP
  broadcast and multicast messages. [Patrik]

o Fixed a bug that would make Nmap segfault if it failed to open an interface
  using pcap. The bug details and patch are posted here:
  http://seclists.org/nmap-dev/2011/q3/365 [Patrik]

o Ncat SCTP mode supports connection brokering now(--sctp --broker). [Shinnok]

o Nmap now defers options parsing until it has read through all the command line
  arguments. You can now use options like -S with an IPv6 address before
  specifying -6 at the command line, which previously got you an error.
  [Shinnok]

o [NSE] Added the library xmpp.lua and the script xmpp-brute that performs
  brute force password auditing against XMPP (Jabber) servers. [Patrik]

o [NSE] Fixed a bug in the ssh2-enum-algos script that would prevent it from
  displaying any output unless run in debug mode. [Patrik]

o [NSE] Fixed the nsedebug print_hex() function so it does not print an
  empty line if there are no remaining characters, and improved its NSEDoc.
  [Chris Woodbury].

o [NSE] Added the scripts http-axis2-dir-traversal and
  http-litespeed-sourcecode-download that exploits a directory traversal and
  null byte poisoning vulnerabilities in Apache Axis2 and LiteSpeed Web Server
  respectively. [Paulino]

o [Ncat] Ncat now no longer blocks while an ssl handshake is taking place or
  waiting to complete. [Shinnok]

o [NSE] Added the script broadcast-dhcp-discover that sends a DHCP discover
  message to the broadcast address and collects and reports the network
  information received from the DHCP server. [Patrik]

o [NSE] Added the script smtp-brute that performs brute force password
  auditing against SMTP servers. [Patrik]

o [NSE] Updated SMTP library to support authentication using both plain-text
  and the SASL library. [Patrik]

o [NSE] Added the script imap-brute that performs brute force password
  auditing against IMAP servers. [Patrik]

o [NSE] Updated IMAP library to support authentication using both plain-text
  and the SASL library. [Patrik]

o [NSE] Added SASL library created by Djalal Harouni and Patrik Karlsson
  providing common code for "Simple Authentication and Security Layer" to
  services supporting it. The algorithms supported by the library are:
  PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM. [Patrik Karlsson, Djalal Harouni]

o [NSE] Added scripts cvs-brute.nse, cvs-brute-repository.nse and the cvs
  library. The cvs-brute-repository script allows for guessing possible
  repository names needed in order to perform password guessing using the
  cvs-brute.nse script. [Patrik]

o [Zenmap] The Zenmap crash handler now instructs you to mail in crash
  information to nmap-dev. [Colin Rice]

o Added IPv6 Neighbor Discovery ping. This is the IPv6 analog to IPv4
  ARP scan. It is the default ping type for local IPv6 networks.
  [Weilin]

o [NSE] Added smtp-vuln-cve2011-1764 script, which checks if the Exim
  SMTP server is vulnerable to the DKIM Format String vulnerability
  (CVE-2011-1764). [Djalal]

o Added the broadcast-ping script which sends icmp packets to broadcast
  addresses on the selected network interface, or all ethernet interfaces if
  none is selected. It has the option to add the discovered hosts as targets.

o [NSE] Applied patch from Chris Woodbury that adds the following additional
  information to the output of smb-os-discovery:
  + Forest name
  + FQDN
  + NetBIOS computer name
  + NetBIOS domain name

o [Ncat] Ncat now supports IPV6 addresses by default without the -6 flag.
  Additionally ncat listens on both :: and localhost when passed
  -l, or any other listening mode unless a specific listening address is
  supplied.

o [NSE] Split script db2-discover into two scripts, adding a new
  broadcast-db2-discover script. This script attempts to discover DB2
  database servers through broadcast requests. [Patrik Karlsson]

o Fixed broken XML output in the case of timed-out hosts; the
  enclosing host element was missing. The fix was suggested by Rémi
  Mollon.

o [NSE] Added ftp-vuln-cve2010-4221 script, which checks if the ProFTPD
  server is vulnerable to the Telnet IAC stack overflow vulnerability
  (CVE-2010-4221). [Djalal]

o [NSE] Added ftp-vsftpd-backdoor, which detects a backdoor that was introduced
  into vsftpd-2.3.4 source code distributions. [Daniel Miller]

o [NSE] ldap-brute.nse - Multiple changes:
  + Added support for 2008 R2 functional level Active Directory instances
    to ldap-brute.
  + Added detection for valid credentials where the target account was
    expired or limited by time or login host constraints.
  + Added support for specifying a UPN suffix to be appended to usernames
    when brute forcing Microsoft Active Directory accounts.
  + Added support for saving discovered credentials to a CSV file.
  + Now reports valid credentials as they are discovered when the script
    is run with -vv or higher.
	[Tom Sellers]

o [NSE] ldap-search.nse - Added support for saving search results to
  CSV.  This is done by using the ldap.savesearch script argument to
  specify an output filename prefix.  [Tom Sellers]

o [NSE] Updated smb-brute to add detection for valid credentials where the
  target account was expired or limited by time or login host constraints.
  [Tom Sellers]

o [NSE] Updated account status text in brute force password discovery
  scripts in an effort to make the reporting more consistent across
  all scripts.  This will have an impact on any code that parses these
  values.  [Tom Sellers]

- Use CPAN :id subdir macro

Changes:	http://search.cpan.org/dist/URI-Encode/Changes
PR:		ports/160584
Submitted by:	az
Approved by:	maintainer (timeout, 14 days)

Changes:	http://www.lemke-it.com/cego_blog.html
PR:		ports/160944
Submitted by:	Kurt Jaeger <fbsd-ports@opsec.eu> (maintainer)

- Bump PORTREVISION for dependency change
- Update pkg-descr

PR:		ports/160859
Submitted by:	Ruslan Mahmatkhanov <cvs-src@yandex.ru>
Approved by:	khsing <khsing.cn@gmail.com> (maintainer)

to perform parallel builds[1]; add a few mirrors to
tor-devel

Requested by:	h.h. [1]

Changes:	http://search.cpan.org/dist/CSS-Inliner/ChangeLog
PR:		ports/160950
Submitted by:	sunpoet (myself)
Approved by:	Vick Khera <vivek@khera.org> (maintainer)

- Bump PORTREVISION for dependency change

 - Extensive support for VBScript.
 - Various improvements to the calendar common control.
 - A number of XRender fixes and optimizations.
 - Several new functions in the MSVCP runtime.
 - A number of audio fixes.
 - DirectDraw cleanups.
 - Various bug fixes.

- Bump PORTREVISION for dependency change

Protocol::XMLRPC is an XML-RPC protocol implementation. Method parameters types
are guessed just like in JSON, but you can pass explicit type if guessing is
wrong for you. Read more about parameter creation at
Protocol::XMLRPC::ValueFactory.

It differs from other modules because it doesn't provide any mechanism for
making actual HTTP requests. This way it can be used either in async or sync
modes with your favorite http client or a web framework.

WWW: http://search.cpan.org/dist/Protocol-XMLRPC/

URI::Query provides simple URI query string manipulation, allowing you to create
and manipulate URI query strings from GET and POST requests in web applications.
This is primarily useful for creating links where you wish to preserve some
subset of the parameters to the current request, and potentially add or replace
others. Given a query string this is doable with regexes, of course, but making
sure you get the anchoring and escaping right is tedious and error-prone - this
module is simpler.

WWW: http://search.cpan.org/dist/URI-Query/

- Bump PORTREVISION for dependency change

- Set EXPIRATION_DATE to 2011-09-30

PR:		ports/160904
Submitted by:	Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)

cups-libs, gnutls, libgcrypt, libgpg-error, libtasn1.

- Bump PORTREVISION for dependency change

Image::Base is a base class for loading, manipulating and saving images. This
class should not be used directly.

WWW: http://search.cpan.org/dist/Image-Base/

Math::Prime::XS detects and calculates prime numbers by either applying Modulo
operator division, the Sieve of Eratosthenes, a Summation calculation or Trial
division.

WWW: http://search.cpan.org/dist/Math-Prime-XS/

- Bump PORTREVISION for dependency change

- remove stale mastersite
- bump USE_PYTHON to 2.5+
- use databases/py-sqlite3 instead of databases/py-pysqlite2x
- set WITHOUT_PSYCO if python 2.6+ since py-psyco doesn't work with it
- switch from custom do-build and do-install targets to USE_PYDISTUTILS
- add INSTALLS_ICONS, remove INSTALLS_EGGINFO (pydistutils will handle it)
- update WWW
- update pkg-plist
- patch out documentation build

PR:		ports/160072
Submitted by:	Ruslan Mahmatkhanov <cvs-src@yandex.ru>
Approved by:	maintainer timeout (30 days)
Approved by:	bapt (mentor)

Changes:	http://search.cpan.org/dist/Net-SSLeay/Changes

Changes:	http://search.cpan.org/dist/Config-Model/ChangeLog

http://download.oracle.com/otndocs/products/berkeleydb/html/changelog_5_2.html

format and back.

Changes:	http://search.cpan.org/dist/Math-BigInt-Pari/CHANGES

Submitted by:	az

Changes over original shar file at the PR:
. change the maintainer to emulation@ (since it's an infrastructure linux port);
. use the latest version of the package (2.4.2-5.fc10);
. fix pkg-plist.

PR:		ports/159007
Submitted by:	Stas Timokhin <devel@stasyan.com>

. cups-libs;
. gnutls;
. libgcrypt;
. libgpg-error;
. libtasn1.

PR:		ports/159007
Submitted by:	Stas Timokhin <devel@stasyan.com>

components.

Changes over original shar file at the PR:
. change the maintainer to emulation@ (since it's an infrastructure linux port);
. add BRANDELF_FILES;
. fix pkg-plist.

PR:		ports/159007
Submitted by:	Stas Timokhin <devel@stasyan.com>

code used in GnuPG.

Changes over original shar file at the PR:
. change the maintainer to emulation@ (since it's an infrastructure linux port);
. use the latest version of the package (1.4.4-1.fc10);
. use PLIST_FILES, PLIST_DIRSTRY and post-install target instead of pkg-plist.

Notes: the port uses ${PREFIX}/etc/gcrypt directory for configuration files
(i.e. /compat/linux/etc/gcrypt). We usually try to use FreeBSD directories.
But there is no [/usr/local/]/etc/gcrypt directory.
I'm open to ideas on what to do here.

PR:		ports/159007
Submitted by:	Stas Timokhin <devel@stasyan.com>

Changes over original shar file at the PR:
 . change the maintainer to emulation@ (since it's an infrastructure linux port);
 . remove commented out lines;
 . use PLIST_FILES, DOCSDIR_REL and PORTDOCS instead of pkg-plist.

PR:		ports/159007
Submitted by:	Stas Timokhin <devel@stasyan.com>

- Install user-defined c-functions ([1], partial).
- Add reload command to startup script [2]

PR:		ports/156578 [1], ports/156818 [2]
Submitted by:	Anton Yuzhaninov <ayuzhaninov@team.vega.ru> [1],
	  	Anton Yuzhaninov <citrin@citrin.ru> [2]