Path to this page:
Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www
From: Matthias Scheler
Date: 2014-11-25 15:53:03
Message id: 20141125145303.87D2C98@cvs.netbsd.org
Log Message:
Pullup ticket #4557 - requested by taca
www/contao32: security update
Revisions pulled up:
- www/contao/Makefile.common patch
- www/contao32/PLIST 1.9
- www/contao32/distinfo 1.16-1.17
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 2 01:17:44 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: PLIST distinfo
Log Message:
Update contao32 to 3.2.15.
Version 3.2.15 (2014-10-31)
---------------------------
### Fixed
Always pass a DC object in the `toggleVisibility` callback (see #7314).
### Fixed
Correctly render the "read more" and article navigation links (see \
#7300).
### Fixed
Consider the `useSSL` flag of the root page when generating URLs (see #7390).
### Fixed
Fixed the FAQ sorting in the back end (see #7362).
### Fixed
Added the `Widget::__isset()` method (see #7290).
### Fixed
Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).
### Fixed
Correctly shortend HTML strings in `String::substrHtml()` (see #7311).
### Updated
Updated MooTools to version 1.5.1 (see #7267).
### Fixed
Updated swipe.js to version 2.0.1 (see #7307).
### Fixed
Use an `.invisible` class which plays nicely with screen readers (see #7372).
### Fixed
Handle disabled modules in the module loader (see #7380).
### Fixed
Fixed the "link_target" insert tag.
### Updated
Updated the ACE editor to version 1.1.6 (see #7278).
### Fixed
Fix the `Database::list_fields()` method (see #7277).
### Fixed
Correctly assign "col_first" and "col_last" in the image \
gallery (see #7250).
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 24 13:29:08 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao32: distinfo
Log Message:
Update contao32 to 3.2.16, security release.
Version 3.2.16 (2014-11-24)
---------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
Files: