Navigation:
Browse pkgsrc
(this page) 2009-10-22 16:53:09 by Takahiro Kambe | Files touched by this commit (3) |  |
Log message:
Update www/typo3 package to 4.2.10. It fixes multiple security issues
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this \
area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to \
Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only \
knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal \
mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before \
passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function \
t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset \
(thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks \
to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" \
functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to \
Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for \
keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in \
functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function \
includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with \
activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
|
| 2009-09-29 15:36:58 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: Update www/typo3 package to 4.2.9. It is bug fix release and this is a leaf package. 2009-09-28 Ingmar Schlecht <ingmar@typo3.org> * Release of TYPO3 4.2.9 2009-09-20 Francois Suter <francois@typo3.org> * Fixed bug #11995: Prompt for keyboard input does not get displayed in CLI scripts * Fixed bug #11224: Special menu directory only renders 1st level if \ special.value is a mount point (Thanks to Xavier Perseguers) 2009-09-19 Rupert Germann <rupi@gmx.li> * Fixed bug #11986: dynamic update of translation status im EM is broken 2009-09-17 Rupert Germann <rupi@gmx.li> * Fixed bug #9270: Editors can´t undelete records in history (thanks to \ Christian Hernmarck) 2009-09-15 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #11915: htmlArea RTE: superfluous span tags in content after \ server-based cleaning on paste operation * Updated htmlArea RTE version to 1.7.12 (branch TYPO3_4-2) * Follow-up to bug #11946: htmlArea RTE: reference was made to context menu \ item after context menu was closed 2009-09-13 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #11847: htmlArea RTE displays empty editing area in Opera 10 * Fixed bug #11946: htmlArea RTE: table properties editing dialogue windows \ loose focus after opening in IE8 2009-09-01 Oliver Hader <oliver@typo3.org> * Fixed bug #11845: Typo in a CLI error mesage: suue -> sure (thanks to \ Oliver Klee) 2009-08-26 Michael Stucki <michael@typo3.org> * Fixed bug #11731: ENABLE_INSTALL_TOOL file check in yellow box does not check \ the file age (thanks to Moreno Feltscher) 2009-08-19 Michael Stucki <michael@typo3.org> * Fixed bug #11716: Install Tool always sets \ TYPO3_CONF_VARS[FE][disableNoCacheParameter] upon save 2009-08-14 Michael Stucki <michael@typo3.org> * Fixed bug #8968: DBAL incompatible SQL in "impexp" extension \ (thanks to Marc Bastian Heinrichs) 2009-08-12 Michael Stucki <michael@typo3.org> * Follow-up to bug #11513: Shorten one ident field which is known to be too \ long (solved the issue on those setups where the DB is not updated) * Fixed bug #11513: cache_hash table could not be filled because information \ field (ident) was too short (thanks to Ingo Schmitt) 2009-08-02 Oliver Hader <oliver@typo3.org> * Fixed bug #10769: Wrong encoded email header (thanks to Ivan Kartolo) 2009-07-20 Ingo Renner <ingo@typo3.org> * Fixed bug: #11006: Tooltip for page path in Page/List module is missing \ (thanks to Steffen Gebert) 2009-07-19 Oliver Hader <oliver@typo3.org> * Fixed bug #6875: IRRE - Sorting of child records is inverted on moving parent \ record to different page (thanks to Nabil Saleh) 2009-07-09 Martin Kutschker <masi@typo3.org> * Fixed bug: same error message is used twice for different errors 2009-07-08 Oliver Hader <oliver@typo3.org> * Fixed bug #11412: Using typolinkLinkAccessRestrictedPages does not take \ different domain names into account |
| 2009-07-06 17:15:44 by Takahiro Kambe | Files touched by this commit (3) | |
Log message: Update typo3 package to 4.2.8. (This is a leaf package.) From release announce. ----------------------------------------------------------------------- Dear TYPO3 users, we are announcing the release of the following TYPO3 updates: - TYPO3 4.2.8 - TYPO3 4.1.12 - TYPO3 4.0.13 All versions are maintenance releases and contain only bugfixes and minor security improvements (no critical fixes of vulnerabilities). Notice: Due to a bug which was reported to us short after the release of TYPO3 versions 4.1.11 and 4.2.7, we stopped the release of the announcement and prepared new versions that fix this (minor) issue. TYPO3 4.0.13 which was already released yesterday was not affected by this bug. For details about the release, visit the following websites: http://wiki.typo3.org/TYPO3_4.2.8 http://wiki.typo3.org/TYPO3_4.1.12 http://wiki.typo3.org/TYPO3_4.0.13 |
| 2009-06-15 00:58:11 by Joerg Sonnenberger | Files touched by this commit (129) |
Log message: Remove @dirrm related logic. |
| 2009-06-15 00:00:42 by Joerg Sonnenberger | Files touched by this commit (316) |
Log message: Convert @exec/@unexec to @pkgdir or drop it. |
| 2009-02-10 10:35:40 by Takahiro Kambe | Files touched by this commit (2) |
Log message: Update www/typo3 package to 4.2.6. Quote from release announce is here and see ChangeLog for detail. All versions are maintenance releases and contain bugfixes and security fixes. IMPORTANT: These versions include an important security fix to the TYPO3 core. A security announcement has just been released: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/ |
| 2009-01-25 06:00:14 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update www/typo3 package to 4.2.5. All versions are maintenance releases and contain only bugfixes. IMPORTANT: These versions contain important fixes of regressions from the earlier versions released 20 January 2009, but they do not contain additional security fixes. ChangeLog: 2009-01-24 Ingmar Schlecht <ingmar@typo3.org> * Release of TYPO3 4.2.5 2009-01-24 Ingmar Schlecht <ingmar@typo3.org> * Fixed bug #10205: DB session record is only created when user is \ authenticated (thanks also to Michael Stucki) 2009-01-20 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9345: Bug: CSV export includes _CLIPBOARD_ in header row (thanks \ to Christian Kuhn) |
| 2009-01-21 14:10:05 by Takahiro Kambe | Files touched by this commit (4) | |
Log message:
Update www/typo3 package to 4.2.4.
This update contains security fixes and please refer ChangeLog file
for full changes.
1. System extension Install tool (install)
Insecure Randomness
2. Authentication library
Broken Authentication and Session Management
3. System extension Indexed Search Engine (indexed_search)
Cross-Site Scripting, Remote Command Execution
4. System extension ADOdb (adodb)
Cross-Site Scripting
5. Workspace module
Cross-Site Scripting
After update, you will need to create a new encryption key.
(1) Upgrade to the new TYPO3 version.
(2) Clear the configuration cache
(3) Open the install tool and choose menu 1 ("Basic Configuration").
(4) Scroll to the bottom of the page and click on the button
"Generate random key".
(5) Submit the form by clicking on "Update localconf.php".
(6) Clear the configuration and page cache again.
|
| 2008-11-20 16:50:56 by Takahiro Kambe | Files touched by this commit (1) |
Log message: Remove my poor debugging aid. No change with package itself. |
| 2008-11-13 14:28:37 by Takahiro Kambe | Files touched by this commit (2) |
Log message: Update TYPO3 package to 4.2.3. Initially it was simply bug fix release and please refer the URL for full changes: http://wiki.typo3.org/TYPO3_4.2.3. And now, it found out that two Cross Site Scripting (XSS) problem was fixed by this release. Regarding the issue in backend module "file": TYPO3 Security Bulletin TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core <http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/> Regarding the issue in system extension "felogin": TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core <http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/> |
New packages: