Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/www
From: Matthias Scheler
Date: 2014-11-25 16:01:15
Message id: 20141125150115.963C698@cvs.netbsd.org

Log Message:
Pullup ticket #4558 - requested by taca
www/contao33: security update

Revisions pulled up:
- www/contao/Makefile.common                            1.83,1.85 via patch
- www/contao33/Makefile                                 1.6
- www/contao33/PLIST                                    1.7
- www/contao33/distinfo                                 1.7-1.8

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Nov  2 01:19:55 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao33: PLIST distinfo

   Log Message:
   Update contao33 to 3.3.6.

   Version 3.3.6 (2014-10-31)
   --------------------------

   ### Fixed
   Always pass a DC object in the `toggleVisibility` callback (see #7314).

   ### Fixed
   Correctly render the "read more" and article navigation links (see \ 
#7300).

   ### Fixed
   Fix the markup of the form submit button (see #7396).

   ### Fixed
   Do not generally remove insert tags from page titles (see #7198).

   ### Fixed
   Consider the `useSSL` flag of the root page when generating URLs (see #7390).

   ### Fixed
   Correctly create the template object in `BaseTemplate::insert()` (see #7366).

   ### Updated
   Updated TinyMCE to version 4.1.6 and added the "lists" plugin (see \ 
#7349).

   ### Fixed
   Fixed the FAQ sorting in the back end (see #7362).

   ### Fixed
   Added the `Widget::__isset()` method (see #7290).

   ### Fixed
   Correctly handle dynamic parent tables in the `DC_Table` driver (see #7335).

   ### Fixed
   Correctly shortend HTML strings in `String::substrHtml()` (see #7311).

   ### Updated
   Updated MooTools to version 1.5.1 (see #7267).

   ### Fixed
   Updated swipe.js to version 2.0.1 (see #7307).

   ### Fixed
   Use an `.invisible` class which plays nicely with screen readers (see #7372).

   ### Fixed
   Handle disabled modules in the module loader (see #7380).

   ### Fixed
   Fixed the "link_target" insert tag.

   ### Fixed
   Correctly mark CAPTCHA fields as mandatory (see #7283).

   ### Updated
   Updated the ACE editor to version 1.1.6 (see #7278).

   ### Fixed
   Fix the `Database::list_fields()` method (see #7277).

   ### Fixed
   Correctly assign "col_first" and "col_last" in the image \ 
gallery (see #7250).

   ### Fixed
   Set the correct path to TCPDF in `system/config/tcpdf.php` (see #7264).

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Nov 24 13:30:49 UTC 2014

   Modified Files:
   	pkgsrc/www/contao: Makefile.common
   	pkgsrc/www/contao33: Makefile distinfo

   Log Message:
   Update contao33 to 3.3.7, security release.

   Version 3.3.7 (2014-11-24)
   --------------------------

   ### Fixed
   Fixed a potential directory traversal vulnerability.

   ### Fixed
   Fixed a severe XSS vulnerability. In this context, the insert tag flags
   `base64_encode` and `base64_decode` have been removed.

   ### Fixed
   Handle nested insert tags in strip_insert_tags().

   ### Fixed
   Correctly store the model in Dbafs::addResource() (see #7440).

   ### Fixed
   Send the request token when toggling the visibility of an element (see #7406).

   ### Fixed
   Always apply the IE security fix in the Environment class (see #7453).

   ### Fixed
   Correctly handle archives being part of multiple RSS feeds (see #7398).

   ### Fixed
   Correctly handle `0` in utf8_convert_encoding() (see #7403).

   ### Fixed
   Send a 301 redirect to forward to the language root page (see #7420).

Files:
RevisionActionfile
1.5.2.1modifypkgsrc/www/contao33/Makefile
1.6.2.1modifypkgsrc/www/contao33/PLIST
1.6.2.1modifypkgsrc/www/contao33/distinfo