Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www
From: Matthias Scheler
Date: 2014-11-25 15:53:03
Message id: 20141125145303.87D2C98@cvs.netbsd.org

Log Message:
Pullup ticket #4557 - requested by taca
www/contao32: security update

Revisions pulled up:
- www/contao/Makefile.common                                    patch
- www/contao32/PLIST                                            1.9
- www/contao32/distinfo                                         1.16-1.17

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Nov  2 01:17:44 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao32: PLIST distinfo

   Log Message:
   Update contao32 to 3.2.15.

   Version 3.2.15 (2014-10-31)
   ---------------------------

   ### Fixed
   Always pass a DC object in the `toggleVisibility` callback (see #7314).

   ### Fixed
   Correctly render the "read more" and article navigation links (see \ 
#7300).

   ### Fixed
   Consider the `useSSL` flag of the root page when generating URLs (see #7390).

   ### Fixed
   Fixed the FAQ sorting in the back end (see #7362).

   ### Fixed
   Added the `Widget::__isset()` method (see #7290).

   ### Fixed
   Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).

   ### Fixed
   Correctly shortend HTML strings in `String::substrHtml()` (see #7311).

   ### Updated
   Updated MooTools to version 1.5.1 (see #7267).

   ### Fixed
   Updated swipe.js to version 2.0.1 (see #7307).

   ### Fixed
   Use an `.invisible` class which plays nicely with screen readers (see #7372).

   ### Fixed
   Handle disabled modules in the module loader (see #7380).

   ### Fixed
   Fixed the "link_target" insert tag.

   ### Updated
   Updated the ACE editor to version 1.1.6 (see #7278).

   ### Fixed
   Fix the `Database::list_fields()` method (see #7277).

   ### Fixed
   Correctly assign "col_first" and "col_last" in the image \ 
gallery (see #7250).

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Nov 24 13:29:08 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao32: distinfo

   Log Message:
   Update contao32 to 3.2.16, security release.

   Version 3.2.16 (2014-11-24)
   ---------------------------

   ### Fixed
   Fixed a potential directory traversal vulnerability.

   ### Fixed
   Fixed a severe XSS vulnerability. In this context, the insert tag flags
   `base64_encode` and `base64_decode` have been removed.

   ### Fixed
   Handle nested insert tags in strip_insert_tags().

   ### Fixed
   Correctly store the model in Dbafs::addResource() (see #7440).

   ### Fixed
   Send the request token when toggling the visibility of an element (see #7406).

   ### Fixed
   Always apply the IE security fix in the Environment class (see #7453).

   ### Fixed
   Correctly handle archives being part of multiple RSS feeds (see #7398).

   ### Fixed
   Correctly handle `0` in utf8_convert_encoding() (see #7403).

   ### Fixed
   Send a 301 redirect to forward to the language root page (see #7420).

Files:
RevisionActionfile
1.8.2.1modifypkgsrc/www/contao32/PLIST
1.15.2.1modifypkgsrc/www/contao32/distinfo