Path to this page:
Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www
From: Matthias Scheler
Date: 2014-11-25 16:01:15
Message id: 20141125150115.963C698@cvs.netbsd.org
Log Message:
Pullup ticket #4558 - requested by taca
www/contao33: security update
Revisions pulled up:
- www/contao/Makefile.common 1.83,1.85 via patch
- www/contao33/Makefile 1.6
- www/contao33/PLIST 1.7
- www/contao33/distinfo 1.7-1.8
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Nov 2 01:19:55 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao33: PLIST distinfo
Log Message:
Update contao33 to 3.3.6.
Version 3.3.6 (2014-10-31)
--------------------------
### Fixed
Always pass a DC object in the `toggleVisibility` callback (see #7314).
### Fixed
Correctly render the "read more" and article navigation links (see \
#7300).
### Fixed
Fix the markup of the form submit button (see #7396).
### Fixed
Do not generally remove insert tags from page titles (see #7198).
### Fixed
Consider the `useSSL` flag of the root page when generating URLs (see #7390).
### Fixed
Correctly create the template object in `BaseTemplate::insert()` (see #7366).
### Updated
Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see \
#7349).
### Fixed
Fixed the FAQ sorting in the back end (see #7362).
### Fixed
Added the `Widget::__isset()` method (see #7290).
### Fixed
Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).
### Fixed
Correctly shortend HTML strings in `String::substrHtml()` (see #7311).
### Updated
Updated MooTools to version 1.5.1 (see #7267).
### Fixed
Updated swipe.js to version 2.0.1 (see #7307).
### Fixed
Use an `.invisible` class which plays nicely with screen readers (see #7372).
### Fixed
Handle disabled modules in the module loader (see #7380).
### Fixed
Fixed the "link_target" insert tag.
### Fixed
Correctly mark CAPTCHA fields as mandatory (see #7283).
### Updated
Updated the ACE editor to version 1.1.6 (see #7278).
### Fixed
Fix the `Database::list_fields()` method (see #7277).
### Fixed
Correctly assign "col_first" and "col_last" in the image \
gallery (see #7250).
### Fixed
Set the correct path to TCPDF in `system/config/tcpdf.php` (see #7264).
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Nov 24 13:30:49 UTC 2014
Modified Files:
pkgsrc/www/contao: Makefile.common
pkgsrc/www/contao33: Makefile distinfo
Log Message:
Update contao33 to 3.3.7, security release.
Version 3.3.7 (2014-11-24)
--------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
Files: