Subject: CVS commit: [pkgsrc-2013Q4] pkgsrc/www
From: Matthias Scheler
Date: 2014-02-04 23:36:08
Message id: 20140204223608.AC24E96@cvs.netbsd.org

Log Message:
Pullup ticket #4312 - requested by taca
www/contao211: security update
www/contao32: security update

Revisions pulled up:
- www/contao/Makefile.common                                    1.54-1.57
- www/contao211/distinfo                                        1.19
- www/contao32/PLIST                                            1.4
- www/contao32/distinfo                                         1.5-1.6

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jan 21 16:20:09 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao32: PLIST distinfo

   Log Message:
   Update contao32 to 3.2.4.

   Version 3.2.4 (2014-01-20)
   --------------------------

   ### Fixed
   Updated the Russian translation of the TinyMCE "typolinks" plugins \ 
(see #6224).

   ### Fixed
   Do not create multiple stylect layers upon Ajax changes.

   ### Fixed
   Some DCAs were missing the "rem" unit (see #6634).

   ### Fixed
   Correctly trim the SQL statements in the `Database` class (see #6623).

   ### Fixed
   Fix some broken back end icons (see #6214).

   ### Fixed
   Show a hint in the news archive menu if there are no items (see #5888).

   ### Fixed
   Prevent the back end tool tips from exceeding the screen width (see #6639).

   ### Fixed
   Support the Google+ vanity name in addition to the numeric ID (see #6454).

   ### Fixed
   Correctly detect Android tablets in the `Environment` class (see #5869).

   ### Fixed
   Correctly resolve the module dependencies (see #6606).

   ### Fixed
   Correctly unset the PHP session cookie depending on its parameters.

   ### Fixed
   Fixed the XHTML variant of the comments form (see #5675).

   ### Fixed
   Correctly assign articles to columns (see #6595).

   ### Fixed
   Correctly merge the CSS classes in the `Hybrid` class (see #6601).

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan 27 18:41:15 UTC 2014

   Modified Files:
   	pkgsrc/audio/chromaprint: Makefile
   	pkgsrc/converters/py-simplejson: Makefile
   	pkgsrc/cross/nios2: Makefile.common
   	pkgsrc/databases/ocaml-sqlite3: Makefile
   	pkgsrc/devel/bzr: Makefile
   	pkgsrc/devel/delta: Makefile
   	pkgsrc/devel/gearmand: Makefile
   	pkgsrc/devel/gitolite: Makefile
   	pkgsrc/devel/javacc: Makefile
   	pkgsrc/devel/jq: Makefile
   	pkgsrc/devel/libdbusmenu-qt: Makefile
   	pkgsrc/devel/liblangtag: Makefile
   	pkgsrc/devel/lua-gi: Makefile
   	pkgsrc/devel/lua-lrexlib: Makefile.common
   	pkgsrc/devel/lua-posix: Makefile
   	pkgsrc/devel/magit: Makefile
   	pkgsrc/devel/opengrok: Makefile
   	pkgsrc/devel/py-greenlet: Makefile
   	pkgsrc/devel/py-pip: Makefile
   	pkgsrc/devel/py-virtualenv: Makefile
   	pkgsrc/devel/sparse: Makefile
   	pkgsrc/filesystems/cloudfuse: Makefile
   	pkgsrc/filesystems/fs-utils: Makefile
   	pkgsrc/filesystems/tahoe-lafs: Makefile
   	pkgsrc/fonts/kanjistrokeorders-ttf: Makefile
   	pkgsrc/fonts/liberation-ttf: Makefile
   	pkgsrc/fonts/ricty-ttf: Makefile
   	pkgsrc/games/wargames: Makefile
   	pkgsrc/graphics/camlimages: Makefile
   	pkgsrc/graphics/openimageio: Makefile
   	pkgsrc/graphics/py-matplotlib-tk: Makefile
   	pkgsrc/mail/imapfilter: Makefile
   	pkgsrc/mail/imapsync: Makefile
   	pkgsrc/math/cgal: Makefile
   	pkgsrc/math/eigen2: Makefile
   	pkgsrc/math/eigen3: Makefile
   	pkgsrc/math/fityk: Makefile
   	pkgsrc/misc/libcarddav: Makefile
   	pkgsrc/misc/libreoffice: Makefile
   	pkgsrc/multimedia/transcode: Makefile
   	pkgsrc/net/dnscheck: Makefile
   	pkgsrc/net/fpdns: Makefile
   	pkgsrc/net/get-flash-videos: Makefile
   	pkgsrc/net/knot: Makefile
   	pkgsrc/net/lua-socket: Makefile
   	pkgsrc/net/netcat-openbsd: Makefile
   	pkgsrc/net/py-amqp: Makefile
   	pkgsrc/net/rabbitmq-c: Makefile
   	pkgsrc/net/ruby-stompserver: Makefile
   	pkgsrc/net/tor: Makefile
   	pkgsrc/pkgtools/pkgin: Makefile
   	pkgsrc/print/qpdfview: Makefile
   	pkgsrc/security/libssh: Makefile
   	pkgsrc/security/lua-sec: Makefile
   	pkgsrc/security/pkcs11-helper: Makefile
   	pkgsrc/security/py-ecdsa: Makefile
   	pkgsrc/security/py-paramiko: Makefile
   	pkgsrc/sysutils/dc-tools: Makefile
   	pkgsrc/sysutils/fabric: Makefile
   	pkgsrc/sysutils/k4dirstat: Makefile
   	pkgsrc/sysutils/logrotate: Makefile
   	pkgsrc/sysutils/salt: Makefile
   	pkgsrc/textproc/xmlto: Makefile
   	pkgsrc/time/ical: Makefile
   	pkgsrc/wm/pekwm: Makefile
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao211-translations: Makefile
   	pkgsrc/www/php-tt-rss: Makefile
   	pkgsrc/www/py-flask-bootstrap: Makefile
   	pkgsrc/www/py-flask-wtf: Makefile
   	pkgsrc/www/py-http-parser: Makefile
   	pkgsrc/x11/appmenu-qt: Makefile
   	pkgsrc/x11/elementary-icon-theme: Makefile
   	pkgsrc/x11/razor-qt: Makefile

   Log Message:
   Do not set FETCH_USING, should not be set in a package Makefile.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Feb  3 15:20:39 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao211: distinfo

   Log Message:
   Update contao211 package to 2.11.14, fix for CVE-2014-1860.

   Version 2.11.14 (2014-02-03)
   ----------------------------

   ### Fixed
   Do not pass POST data to the `deserialize()` function, so it is not vulnerable
   to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Feb  3 15:23:22 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao32: distinfo

   Log Message:
   Update contao32 to 3.2.5, including fix for CVE-2014-1860.

   * pkgsrc change: remove obsolete lines for contao31.

   Version 3.2.5 (2014-02-03)
   --------------------------

   ### Fixed
   Correctly load the parent pages in the navigation modules (see #6696).

   ### Fixed
   Correctly encode URLs with GET parameters in the syndication links (see #6683).

   ### Fixed
   Do not pass POST data to the `deserialize()` function, so it is not vulnerable
   to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).

   ### Fixed
   Allow any character in passwords, especially the less-than symbol (see #6447).

   ### Fixed
   Purge the image cache if a file is being renamed (see #6641).

   ### Fixed
   Preserve tags in custom CSS definitions (see #6667).

   ### Fixed
   Make the swipe CSS selectors more specific (see #6666).

   ### Fixed
   Correctly optimize floating-point numbers in style sheets (see #6674).

Files:
RevisionActionfile
1.18.2.1modifypkgsrc/www/contao211/distinfo
1.3.2.1modifypkgsrc/www/contao32/PLIST
1.4.2.1modifypkgsrc/www/contao32/distinfo