Add fix for CVS-2014-4975 as ruby200-base and ruby21-base.

Bump PKGREVISION.

(taca)

Note update of lang/php55 package to 5.5.17 and lang/php54 package
to 5.4.33.

(taca)

Update to php54 to 5.4.33, aprroved by wiz@.

18 Sep 2014, PHP 5.4.33

- Core:
  . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
  . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
  . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)

- OpenSSL:
  . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
    (Daniel Lowrey)

- Date:
  . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)

- FPM:
  . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)

- GD:
  . Made fontFetch's path parser thread-safe. (Sara)

- Wddx:
  . Fixed bug #67873 (Segfaults in php_wddx_serialize_var). (Anatol, Remi)

- Zlib:
  . Fixed bug #67724 (chained zlib filters silently fail with large amounts of
    data). (Mike)
  . Fixed bug #67865 (internal corruption phar error). (Mike)

(taca)

Update php55 to 5.5.17, approved by wiz@.

18 Sep 2014, PHP 5.5.17

- Core:
  . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
  . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
  . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
  . Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)

- COM:
  . Fixed bug #41577 (DOTNET is successful once per server run)
    (Aidas Kasparas)

- FPM:
  . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)

- OpenSSL:
  . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
    (Daniel Lowrey)
  . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3)
    (Daniel Lowrey)

- SPL:
  . Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException
    wrong message). (tim_siebels_aurich at yahoo dot de)

- Date:
  . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)
  . Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10).
    (Derick)
  . Fixed bug #67109 (First uppercase letter breaks date string parsing).
    (Derick)

- GD
  . Made fontFetch's path parser thread-safe. (Sara).

- MySQLi:
  . Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)

- Zlib:
  . Fixed bug #67724 (chained zlib filters silently fail with large amounts of
    data). (Mike)
  . Fixed bug #67865 (internal corruption phar error). Mike

(taca)

Note update of misc/ruby-bundler package to 1.7.3.

(taca)

Update ruby-bundler to 1.7.3, including security fix for CVE-2013-0334.

## 1.7.3 (2014-09-14)

Bugfixes:

  - `extconf.rb` is now generated with the right path for `create_makefile` (@andremedeiros)
  - Fix various Ruby warnings (@piotrsanarki, @indirect)

## 1.7.2 (2014-08-23)

Bugfixes:

  - Revert gem source sorting in lock files (@indirect)

## 1.7.1 (2014-08-20)

Bugfixes:

  - Install gems from one source needed by gems in another source (@indirect)
  - Install the same gem versions even after some are installed (@tmoore)
  - Download specs only when installing from servers (@indirect)

## 1.7.0 (2014-08-13)

Security:

  - Fix for CVE-2013-0334, installing gems from an unexpected source (@tmoore)

Features:

  - Gemfile `source` calls now take a block containing gems from that source (@tmoore)
  - added the `:source` option to `gem` to specify a source (@tmoore)

Bugfixes:

  - warn on ambiguous gems available from more than one source (@tmoore)

## 1.6.5 (2014-07-23)

Bugfixes:

  - require openssl explicitly to fix rare HTTPS request failures (@indirect, #3107)

## 1.6.4 (2014-07-17)

Bugfixes:

  - fix undefined constant error when can't find gem during binstubs (#3095, @jetaggart)
  - work when installed git gems are not writable (#3092, @pmahoney)
  - don't store configured source credentials in Gemfile.lock (#3045, @lhz)
  - don't include config source credentials in the lockfile (Lars Haugseth)
  - use threads for jobs on Rubinius (@YorickPeterse)
  - skip dependencies from other platforms (@mvz)
  - work when Rubygems was built without SSL (@andremedeiros)

## 1.6.3 (2014-06-16)

Bugfixes:

  - fix regression when resolving many conflicts (#2994, @Who828)
  - use local gemspec for builtin gems during install --local (#3041, @Who828)
  - don't warn about sudo when installing on Windows (#2984, @indirect)
  - shell escape `bundle open` arguments (@indirect)

## 1.6.2 (2014-04-13)

Bugfixes:

  - fix an exception when using builtin gems (#2915, #2963, @gnufied)
  - cache gems that are built in to the running ruby (#2975, @indirect)
  - re-allow deploying cached git gems without git installed (#2968, @aughr)
  - keep standalone working even with builtin gems (@indirect)
  - don't update vendor/cache in deployment mode (#2921, @indirect)

Features:

  - warn informatively when `bundle install` is run as root (#2936, @1337807)

## 1.6.1 (2014-04-02)

Bugfixes:

  - update C extensions when git gem versions change (#2948, @dylanahsmith)

Features:

  - add support for C extensions in sudo mode on Rubygems 2.2

## 1.6.0 (2014-03-28)

Bugfixes:

  - many Gemfiles that caused incorrect errors now resolve correctly (@Who828)
  - redirects across hosts now work on rubies without OpenSSL (#2686, @grddev)
  - gemspecs now handle filenames with newlines (#2634, @jasonmp85)
  - support escaped characters in usernames and passwords (@punkie)
  - no more exception on `update GEM` without lock file (@simi)
  - allow long config values (#2823, @kgrz)
  - cache successfully even locked to gems shipped with Ruby (#2869, @aughr)
  - respect NO_PROXY even if a proxy is configured (#2878, @stlay)
  - only retry git commands that hit the network (#2899, @timmoore)
  - fix NameError regression when OpenSSL is not available (#2898, @timmoore)
  - handle exception installing when build_info owned by root (@Who828)
  - skip HTTP redirects from rubygems.org, huge speed boost (@Who828)

Features:

  - resolver rewritten to avoid recursion (@Who828)
  - add `git_source` for custom options like :github and :gist (@strzalek)
  - HTTP auth may now be stored in `bundle config` (@smashwilson)
  - some complex Gemfiles are resolved up to 10x faster (@Who828)
  - add support for IRB alternatives such as Pry and Ripl (@joallard, @postmodern)
  - highlight installed or updated gems (#2722, #2741, @yaotti, @simi)
  - display the `post_install_message` for gems installed via :git (@phallstrom)
  - `bundle outdated --strict` now only reports allowed updates (@davidblondeau)
  - `bundle show --verbose` Add gem summary to the output (@lardcanoe)
  - `bundle gem GEM --ext` now generates a skeleton for a C extension (@superdealloc)
  - Avoid using threequals operator where possible (@as-cii)

Documentation:

  - Add missing switches for bundle-install(1) and bundle-update(1) (@as-cii)

(taca)

Note update of www/php-ja-wordpress package to 3.9.2.

(taca)

Update php-ja-wordpress to 3.9.2, latest stable release of 3.9, which
should fix security problems as wordpress 3.9.2.

(taca)

Note update of www/php-concrete5 package to 5.6.3.2.

(taca)

Update to 5.6.3.2, latest release of 5.6, which should be fixed security
problem of 5.6.1.2.

Changes are too many and please refer these release notes.

http://www.concrete5.org/documentation/background/version_history/5-6-2-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-2-1-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-1-release-notes/
http://www.concrete5.org/documentation/background/version_history/5-6-3-2/

(taca)

Note update of www/fengoffice package to 2.7.1.1.

(taca)

Update fengoffice to 2.7.1.1.

Changes from 2.6.1 is too many, please refer <http://sourceforge.net/projects/opengoo/files/fengoffice/fengoffice_2.7.0/> in detail.

And this release contains security fix, XSS.

(taca)

Clarify description of RUBY_NOVERSION, RUBY_PKGPREFIX and RUBY_SUFFIX.

(taca)

Note update of www/contao33 package to 3.3.5.

(taca)

Update contao33 to 3.3.5.

Version 3.3.5 (2014-08-27)
--------------------------

### Fixed
Do not output an empty `label` tag (see #7249).

### Fixed
Allow floating point numbers in "number" input fields (see #7257).

### Fixed
Do not adjust the start time of past events (see #7121).

### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).

### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).

### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).

### Fixed
Correctly validate the page number of the versions menu (see #7235).

### Fixed
Handle underscores in the Google+ vanity name (see #7241).

### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).

### Fixed
Fix two issues with the extension repository theme.

(taca)

Note update of www/contao32 package to 3.2.14.

(taca)

Update contao32 to 3.2.14.

Version 3.2.14 (2014-08-27)
---------------------------

### Fixed
Allow floating point numbers in "number" input fields (see #7257).

### Fixed
Do not adjust the start time of past events (see #7121).

### Fixed
Reset the image margins if it exceeds the maximum image size (see #7245).

### Fixed
Reset `$blnPreventSaving` when a model is cloned (see #7243).

### Fixed
Do not reload after storing `CURRENT_ID` in the session (see #7240).

### Fixed
Correctly validate the page number of the versions menu (see #7235).

### Fixed
Handle underscores in the Google+ vanity name (see #7241).

### Fixed
Correctly handle the `rem` unit when importing style sheets (see #7220).

### Fixed
Fix two issues with the extension repository theme.

(taca)

Fix build on NetBSD 7.*.

(taca)

Note update of lang/ruby200-base pacakge to 2.0.0p481nb1
and lang/ruby21-base package to 2.1.2nb1.

(taca)

Add fix for CVS-2014-4975.

Bump PKGREVISION.

(taca)

Add fix for CVS-2014-4975.

Bump PKGREVISION.

(taca)

Note update of lang/ruby193-base package to 1.9.3p547.

(taca)

Upadte ruby193-base to 1.9.3p547 (Ruby 1.9.3 patchlevel 547).
Almost no functional change to existing packages.

Wed May 14 17:35:32 2014  NAKAMURA Usaku  <usa@ruby-lang.org>

* common.mk: need to quote $BASERUBY because it may includes options.
  this change is only for release management, not bug fix.
  [Backport #9837] [ruby-dev:48218]

Mon Mar 31 15:38:07 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>

* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
  error reasons with old OpenSSL, and insert a colon iff formatted
  message is not empty.

(taca)

Note update of time/ruby-tzinfo package to 0.3.41.

(taca)

Update ruby-tzinfo to 0.3.41.

== Version 0.3.41 (tzdata v2014f) - 8-Aug-2014

* Updated to tzdata version 2014f
  (http://mm.icann.org/pipermail/tz-announce/2014-August/000023.html).

(taca)

Note update of lang/php55 package to 5.5.16.

(taca)

Update php55 to 5.5.16 (PHP 5.5.16).

21 Aug 2014, PHP 5.5.16

- COM:
  . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

- Fileinfo:
  . Fixed bug #67705 (extensive backtracking in rule regular expression).
    (CVE-2014-3538) (Remi)
  . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

- FPM:
  . Fixed bug #67635 (php links to systemd libraries without using pkg-config).
    (pacho@gentoo.org, Remi)

- GD:
  . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
    (CVE-2014-2497) (Remi)
  . Fixed bug #67730 (Null byte injection possible with imagexxx functions).
    (CVE-2014-5120) (Ryan Mauger)

- Milter:
  . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)

- OpenSSL:
  . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

- readline:
  . Fixed bug #55496 (Interactive mode doesn't force a newline before the
    prompt). (Bob, Johannes)
  . Fixed bug #67496 (Save command history when exiting interactive shell
    with control-c). (Dmitry Saprykin, Johannes)

- Sessions:
  . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).

- Core:
  . Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
  . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)

- ODBC:
  . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
    char fields). (Keyur)

(taca)

Note update of lang/php54 package to 5.4.32.

(taca)

Update php54 to 5.4.32 (PHP 5.4.32).

07 Aug 2014, PHP 5.4.32

- Core:
  . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)

- COM:
  . Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas)

- Fileinfo:
  . Fixed bug #67705 (extensive backtracking in rule regular expression).
    (CVE-2014-3538) (Remi)
  . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

- GD:
  . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
    (CVE-2014-2497) (Remi)
  . Fixed bug #67730 (Null byte injection possible with imagexxx functions).
    (CVE-2014-5120) (Ryan Mauger)

- Milter:
  . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)

- OpenSSL:
  . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

- Readline:
  . Fixed bug #55496 (Interactive mode doesn't force a newline before the
    prompt). (Bob, Johannes)
  . Fixed bug #67496 (Save command history when exiting interactive shell
    with control-c). (Dmitry Saprykin, Johannes)

- Sessions:
  . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).

- SPL:
  . Fixed bug #67539 (ArrayIterator use-after-free due to object change during
    sorting). (research at insighti dot org, Laruence)
  . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)

- Core:
  . Fixed bug #67693 (incorrect push to the empty array) (Tjerk)

- ODBC:
  . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
    char fields). (Keyur)

- Zlib:
  . Fixed bug #67724 (chained zlib filters silently fail with large amounts of
    data). (Mike)

(taca)

Pass CONFIGURE_ARGS to _RUBYGEM_OPTIONS with "--build-args".

(taca)

Note update of lang/pear package to 1.9.5nb1.

(taca)

Bump PKGREVISION by Updating bundled Archive_Tar pear to 1.33.12.

Release date: 2014-08-04 15:40 UTC
Release state: stable

Changelog:

* Fix Bug #19964: Memory leaking in Archive_Tar [mrook]
* Fix Bug #20246: Broken with php 5.5.9 [mrook]
* Fix Bug #20275: "pax_global_header" looks like a regular file [mrook]
* Implement Feature #19827: pass filename to _addFile function - downstream patch [mrook]
* Implement Feature #20132: Add custom mode/uid/gid to addString() [mrook]

(taca)

Note update of lang/php53 package to 5.3.29.

(taca)

Update php53 to 5.3.29, final PHP 5.3 release.

14 Aug 2014, PHP 5.3.29

- Core:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  . Fixed bug #67249 (printf out-of-bounds read). (Stas)
  . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (Remi) (CVE-2014-3981)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion) (CVE-2014-3515). (Stefan Esser)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- COM:
  . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

- Date:
  . Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
    (Remi)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- Exif:
  . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
    check). (CVE-2014-0207)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
    (CVE-2014-0238)
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting
    in performance degradation). (CVE-2014-0237)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_check_record()).
    (CVE-2014-4049). (Sara)

- OpenSSL:
  . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

- Session:
  . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).

(taca)

* Pass RUBY_VER to MAKEFLAGS to fix build problem via dependency.
* Add RUBY21_PATCHLEVEL with commented out.

(taca)

Do not include automatically generated files to fix build problem.

(taca)

+ amavisd-new-2.9.1.

(taca)

Note update of Drupal packages:

www/drupal7 7.31
www/drupal6 6.33

(taca)

Update drupal6 to 6.33.

Drupal 6.33, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.

(taca)

Update drupal7 to 7.31.

Drupal 7.31, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.

Drupal 7.30, 2014-07-24
-----------------------
- Fixed a regression introduced in Drupal 7.29 that caused files or images
  attached to taxonomy terms to be deleted when the taxonomy term was edited
  and resaved (and other related bugs with contributed and custom modules).
- Added a warning on the permissions page to recommend restricting access to
  the "View site reports" permission to trusted administrators. See
  DRUPAL-PSA-2014-002.
- Numerous API documentation improvements.
- Additional automated test coverage.

(taca)

Note update of www/contao32 and contao33 pacakges.

www/contao32 3.2.13
www/contao33 3.3.4

(taca)

Update contao33 to 3.3.4.  Latvian language files are added.

Version 3.3.4 (2014-07-29)
--------------------------

### Fixed
Restore permission to delete root pages for admin users (see #7135).

### Fixed
Pass the file IDs instead of their UUIDs to the file picker (see #7139).

### Fixed
Correctly handle double quotes in comments (see #7102).

### Fixed
Ignore hidden files when building the internal cache (see #7098).

### Fixed
Correctly pass the insert ID of the undo record (see #6234).

### Fixed
Update the vendor libraries (fixes various issues).

(taca)

Update contao32 to 3.2.13.  Latvian languages is added.

Version 3.2.13 (2014-07-29)
---------------------------

### Fixed
Use `DOMDocument::loadXML()` instead of `DOMDocument::load()` (see 7192).

### Fixed
Specify the font size in `rem` for modern browsers (see #7209).

### Fixed
Make sure the default language file is loaded in the DCA extractor (see #7202).

### Fixed
Do not add unpublished FAQs to the XML sitemap (see #7210).

### Fixed
Preserve new lines when replacing simple tokens (see #7178).

### Fixed
Always prevent saving if `PageModel::loadDetails()` is executed (see #7199).

### Fixed
Use `===` to compare password hashes (see #7175).

### Fixed
Correctly mark GET parameters as used (see #7185).

### Fixed
Correctly apply the "disabled" attribute to input unit fields (see #7147).

### Fixed
Correctly check the permission to edit multiple files (see #7157).

### Fixed
Correctly handle other MySQL character sets (see #7140).

### Fixed
Correctly recognize Opera Mobile in the `Environment` class (see #5869).

### Fixed
Fix the grid offset for articles (see #7166).

### Fixed
Restore the basic entities in the source editor (see #7170).

### Fixed
Correctly build the breadcrumb trail in the style sheets module (see #7132).

### Fixed
Do not associate the "use SSL" option with sitemaps only (see #7163).

### Fixed
URL encode the pipe character in the Google web font URL (see #7120).

### Fixed
Handle double quotes in the title attribute of the `<link>` element (see #7124).

### Fixed
Use the `save_callback` when generating multiple aliases (see #7114).

### Update
Update SwiftMailer to version 5.2.1 (see #7110).

### Fixed
Correctly handle double quotes in comments (see #7102).

### Fixed
Ignore hidden files when building the internal cache (see #7098).

### Fixed
Correctly pass the insert ID of the undo record (see #6234).

(taca)

Note update of lang/php55 package to 5.5.15 and lang/php54 package
to 5.4.31.

(taca)

Update php54 to 5.4.31.

24 Jul 2014, PHP 5.4.31

- Core:
  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
    code). (Adam)
  . Fixed bug #67436 (Autoloader isn't called if two method definitions don't
    match). (Bob)
  . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
    (Ferenc)
  . Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
    2012). (Christian Wenz)

- CLI server:
  . Implemented FR #67429 (CLI server is missing some new HTTP response codes).
    (Adam)
  . Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
    (Adam)

- FPM:
  . Fixed bug #67530 (error_log=syslog ignored). (Remi)
  . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)

- Intl:
  . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
    (Stas)

- pgsql:
  . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
    which affected builds against libpq < 7.3. (Adam)

- Phar:
  . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)

- Streams:
  . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)

(taca)

Update php55 to 5.5.15.

24 Jul 2014, PHP 5.5.15

- Core:
  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
    code). (Adam)
  . Fixed bug #67436 (Autoloader isn't called if two method definitions don't
    match). (Bob)
  . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
    (Ferenc)
  . Fixed bug #67497 (eval with parse error causes segmentation fault in
    generator). (Nikita)
  . Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
    2012). (Christian Wenz)

- CLI server:
  . Implemented FR #67429 (CLI server is missing some new HTTP response codes).
    (Adam)
  . Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
    (Adam)

- FPM:
  . Fixed bug #67530 (error_log=syslog ignored). (Remi)
  . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)

- Intl:
  . Fixed bug #66921 (Wrong argument type hint for function
    intltz_from_date_time_zone). (Stas)
  . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
    (Stas)

- OPCache:
  . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
    happen) (Dmitry, Laruence)

- pgsql:
  . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
    which affected builds against libpq < 7.3. (Adam)

- Phar:
  . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)

- SPL:
  . Fixed bug #67539 (ArrayIterator use-after-free due to object change during
    sorting). (research at insighti dot org, Laruence)
  . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)

- Streams:
  . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)

(taca)

Note update of www/geeklog package to 2.1.0.

(taca)

Update geeklog to 2.1.0.

- Integrated Caching Template Library original developed by Joe Mucchiello [Tom]
- Support for themes to specify a default theme. Default themes template and css
  files will be used unless they are included in the new theme directory [Tom]
- Added configruable caching support for blocks (regular and gldefault),
  staticpages and articles [Tom]
- Speed increases by caching topic tree structure [Tom]
- What's Related article block now includes all Topics. Can set length of titles
  [Tom]
- Articles now list what Topics they are filed under. [Tom]
- New related_topics autotag. It displays all topics an item belongs too. [Tom]
- New related_items autotag. It displays all other related items based on what
  topics the defined item belongs too [Tom]
- Updated Command & Control layout. Plugins can now organized into groups. [Tom]
- New OAuth login methods supported (Google, Microsoft, Yahoo). OAuth supported
  now includes 1.0, 1.0a, and 2.0 (depends on what the provider supports) [Tom]
- Javascript and css can now be loaded in a specified order. [Tom]
- Numerous fixes for multi-language support [Tom]
- Added CKEditor 4.3.2 as the default advanced editor for Geeklog [Dengen]
- New article render which fixes entities etc... from showing up where they
  shouldn't [Dengen]
- New Advanced Editor System that allows developers to easily to add new
  javascript editors [Dengen]
- Article, Staticpages Poll and Topic IDs can now be 128 characters long [Tom]
- User Login page now can be accessed directly without first displaying a login
  error message [Tom]
- Fixed deadlock issues with the session table [Tom]
- Updated Hebrew language files, provided by LWC
- jQuery can now be included in the header [Tom]
- Updated to jQuery 1.10.2 and jQuery UI to 1.10.3 [Tom]
- Added a Filemanager [Kenji ITO]
- Added timepicker jQuery control [Dengen]

(taca)

Note update of www/typo3_45 package to 4.5.35 and www/typo3_61
package to 6.1.10.

(taca)

Update typo3_61 to 6.1.10, it is not security release but normal maintenance
release.

2014-07-08  17950cc                  [RELEASE] Release of TYPO3 6.1.10 (TYPO3 Release Team)
2014-07-08  b1c86f2  #48939,#49055  [BUGFIX] Movements pollute colPos value of content elements (Nicole Cordes)
2014-07-07  10b853d  #48943,#31637  [BUGFIX] TCA: handle select renderMode=tree with minitems=1 AND maxitems=1 (Alexander Bigga)
2014-07-07  a33b537  #58463          [BUGFIX] Set internalUploadMap on upload in ExtendedFileUtility (Marc Bastian Heinrichs)
2014-07-07  316ba85  #59664          [BUGFIX] Wrong image reference handling during flexform copying (Alexey Gafiulov)
2014-07-06  3e4879b  #59642          [BUGFIX] Suggest wizard doesn't work in page flexforms (Bernhard Kraft)
2014-07-06  900b11b  #51189          [BUGFIX] Remove non-needed URL parameter for standard search (Tomita Militaru)
2014-07-02  5adc991  #59813          [BUGFIX] Fix usergroup condition in user TSconfig (Markus Klein)
2014-07-02  d6ee5a6  #31757          [BUGFIX] Create workspace label placeholder that matches field conditions (Sascha Egerer)
2014-06-29  656dd15  #59979          [BUGFIX] Fix unit tests after latest PHP changes (Helmut Hummel)
2014-06-29  0a3ec65                  [TASK] Improve travis notifications to channels (Helmut Hummel)
2014-06-29  5e0c3de  #59978          [TASK] Reset phpunit to 3.7 version (Anja Leichsenring)
2014-06-28  16cd7eb  #59392          [BUGFIX] Gifbuilder: Fix image-mask-functionality (Stefan Neufeind)
2014-06-28  af3380f  #58763          [TASK] Add a function for clearing the rootline caches (Oliver Klee)
2014-06-22  6269258  #58728          Revert "[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler" (Helmut Hummel)
2014-06-21  20734be  #59773          [BUGFIX] Remove misspelled setting rootlevel for sys_file_collection (Marc Bastian Heinrichs)
2014-06-21  d4c9e04  #59344          [BUGFIX] Fix empty globalString LIT condition comparison (Marc Bastian Heinrichs)
2014-06-20  b81d415  #49036          [BUGFIX] Treat link handler links as internal URLs (Alexander Stehlik)
2014-06-20  50d36b8  #30244          [BUGFIX] Followup to "system locale when indexing" (Markus Klein)
2014-06-20  b029113  #30244          [BUGFIX] Use system locale when indexing external documents (Jigal van Hemert)
2014-06-19  7f4cc74  #59423          [BUGFIX] Pass field name variable to flexform DS utility (Claus Due)
2014-06-13  5dba6de  #56823          [BUGFIX] Extensionmanager does not show error messages on update failure (Philipp Gampe)
2014-06-13  15ffdb2  #59458          [BUGFIX] Erroneous date sorting in File List (Francois Suter)
2014-06-12  43e5e4c  #25188          [BUGFIX] sys_news on login with twice hsc (Alexander Opitz)
2014-06-06  ce83838  #59324          [BUGFIX] Fix command description (Mathias Brodala)
2014-06-06  0f9bd66  #37467          [BUGFIX] getIndpEnv('TYPO3_SSL') fails to detect reverseProxyIp (Jan-Erik Revsbech)
2014-06-05  b211478  #59364          [BUGFIX] Illegal string offset 'uid' in TypoScriptFrontendController (Robert Vock)
2014-06-05  66bf424  #59277          [BUGFIX] Warning in SearchController (Christian Zenker)
2014-06-04  2c8a428  #59343          [BUGFIX] Fix frontend unit tests if executed standalone (Helmut Hummel)
2014-06-03  cd81ccb  #59185          [BUGFIX] DataHandler::log() must not return NULL (Markus Klein)
2014-06-03  9576c32  #59302          [BUGFIX] Fix wrong JS function name in RTE (Markus Klein)
2014-06-03  d7919b0  #59034          [BUGFIX] Fix double ? in eID url for encryption key (Markus Klein)
2014-05-29  34f254b  #58910          [BUGFIX] Flexform element title is cropped to hardcoded length (Sebastian Michaelsen)
2014-05-29  9164025  #59087          [BUGFIX] Fix redirect to install tool in new installations (Markus Klein)
2014-05-28  3e6e8ec  #57063          [BUGFIX] Parent language is not applied to new child records (David Greiner)
2014-05-26  e0be125  #59059          [BUGFIX] New content elements are always stored on pid 0 (Nicole Cordes)
2014-05-23  003c662  #52272          [BUGFIX] Alternative implementations for view helpers do not work (Marc Bastian Heinrichs)
2014-05-22  94f1e32  #58936          [BUGFIX] Wrong HTML in locallang_csh_pages.xlf (Markus Klein)
2014-05-22  f954a79  #39035          [BUGFIX] TCA tree fail to load with IRRE (Xavier Perseguers)
2014-05-22  b908b7d  #56986          [BUGFIX] Fix description of userHomePath and groupHomePath (Marc Bastian Heinrichs)
2014-05-22  f0ac518  #57809          [BUGFIX] Properly check existence of array item (Markus Klein)
2014-05-22  203c1eb  #16472          [BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler (Alexander Opitz)
2014-05-22  420b5c8  #59022          [BUGFIX] Fix failing unit tests for HTTP host check in CLI mode (Helmut Hummel)

(taca)

Update typo3_45 to 4.5.35, it is not security release but normal maintenance
release.

2014-07-08  6ca633d                  [RELEASE] Release of TYPO3 4.5.35 (TYPO3 Release Team)
2014-07-08  ebdd15e  #48939,#49055  [BUGFIX] Movements pollute colPos value of content elements (Nicole Cordes)
2014-06-29  021526a                  [TASK] Improve travis notifications to channels (Helmut Hummel)
2014-06-29  4f13b3a  #59838          [TASK] Update Travis CI notification settings (Michael Stucki)
2014-06-23  64a43ca  #59825          [BUGFIX] AbstractBackendViewHelper uses namespaces (Markus Klein)
2014-06-05  05bbf37  #59059          [BUGFIX] New content elements are always stored on pid 0 (Markus Klein)
2014-06-03  4fbb250  #59034          [BUGFIX] Fix double ? in eID url for encryption key (Markus Klein)
2014-05-23  418e313  #58936          [BUGFIX] Wrong HTML in locallang_csh_pages.xlf (Markus Klein)
2014-05-23  81e31f1  #58484          [BUGFIX] SoftReferenceIndex support for more values in class attribute (Marc Bastian Heinrichs)

(taca)

Note update of lang/pear package to 1.9.5.

(taca)

Update pear to 1.9.5 along with pear XML_Util to 1.2.3.

PEAR-1.9.5

The new version - three years after the last stable 1.9.4 and 2 weeks after
the preview - is a bugfix only release. 13 bugs have been fixed. Among them
are the following:

* #18466: Modifying paths during installation broken on Windows
* #20203: PEAR channels on github user pages do not work
* #20283: Report correct php.ini directive on xdebug installation (and every
  other zend_extension)

Our plan is to work on a new version 1.10 that is E_STRICT and E_DEPRECATED
clean and ships a couple of new features.

XML_Util-1.2.3

* Bug #20293 Broken installation for 1.2.2

Changes to 1.2.2 is not available.

(taca)

Note update of net/bind99 package to 9.9.5pl1nb1.

(taca)

Explicitly specify KRB5BASE with --with-gssapi option and incudes
mk/krb5.buildlink3.mk.

It prevent link libcrypt twice with PREFER_PKGSRC=openssl.

Fix was provided Chuck Silvers via private e-mail about two weeks ago and
I've confirmed the problem.

Bump PKGREVISION.

(taca)

Note update of www/drupal6 and www/drupal7 packages.

www/drupal7 7.29
www/drupal6 6.32

(taca)

Update drupal6 to 6.32, security fix release.

Drupal 6.32, 2014-07-16
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.

(taca)

Update drupal7 to 7.29, security fix release.

Drupal 7.29, 2014-07-16
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.

(taca)

Note update of mail/p5-Email-Address package to 1.905.

(taca)

Update p5-Email-Address to 1.905.

1.905    2014-06-17 22:55:00-04:00 America/New_York
        - additional change to avoid slowdown; this addresses CVE-2014-0477
          change provided by Bastian Blank <waldi@debian.org>

1.904    2014-06-14 00:21:21-04:00 America/New_York (TRIAL RELEASE)
        - avoid being fooled by an addr-like string in the phrase
        - avoid a slowdown by avoiding backtracking into the phrase

1.903    2014-04-17 21:02:14-04:00 America/New_York
        - correctly parenthesize false comment "0" (sigh)

1.902    2014-04-17 10:45:11-04:00 America/New_York
        - when formatting an address where phrase is empty but comment is not,
          do not include "" for the phrase; just omit it
        - when formatting and address where comment lacks enclosing parens, add
          them

(taca)

Note update of time/ruby-tzinfo package to 0.3.40.

(taca)

Update ruby-tzinfo to 0.3.40.

== Version 0.3.40 (tzdata v2014e) - 10-Jul-2014

* Updated to tzdata version 2014e
  (http://mm.icann.org/pipermail/tz-announce/2014-June/000022.html).

(taca)

Note update of lang/php54 package to 5.4.30nb1.

(taca)

Add fix for CVE-2014-4698 and CVE-2014-4670.

Bump PKGREVISION.

(taca)

Note update of lang/php55 package to 5.5.14nb1.

(taca)

Add fix for CVE-2014-4698 and CVE-2014-4670.

Bump PKGREVISION.

(taca)

Fix broken patch file in previous commit.

No PKGREVISION bump since it was broken.

(taca)

Note update of emacs23 related packages:

editors/emacs23 23.4nb27
editors/emacs23-nox11 23.4nb3

(taca)

Bump PKGREVISION with some changes to emacs23.

(taca)

* Add fix for CVE-2014-3421, CVE-2014-3422 and CVE-2014-3424 as emacs24.
* Add comments to some of patch files.

Bump PKGREVISION.

(taca)

Note update of editors/emacs24-nox11 package to 24.3nb1.

(taca)

Bump PKGREVISION with adding security patches to emacs24.

(taca)

Note update of Ruby on Rails packages to 3.2.19.

devel/ruby-activesupport32
devel/ruby-activemodel32
databases/ruby-activerecord32
www/ruby-activeresource32
www/ruby-actionpack32
mail/ruby-actionmailer32
devel/ruby-railties32
www/ruby-rails32

(taca)

Update ruby-rails32 to 3.2.19.

This is meta package like ruby gem.

(taca)

Update ruby-railties32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

* No changes.

(taca)

Update ruby-actionmailer32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

* No changes.

(taca)

Update ruby-actionpack32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

*  Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
    `options[:raise]`.

    This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.

    *Shota Fukumori (sora_h)*

(taca)

Update ruby-activeresource32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

* No changes.

(taca)

Update ruby-activerecord32 to 3.2.19, security fix.

## Rails 3.2.19 (Jul 2, 2014) ##

*  Fix SQL Injection Vulnerability in 'bitstring' quoting.

    Fixes CVE-2014-3482.

    *Rafael Mendonça França*

(taca)

Update ruby-activemodel32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

* No changes.

(taca)

Update ruby-activesupport32 to 3.2.19.

## Rails 3.2.19 (Jul 2, 2014) ##

*  Make sure Active Support configurations are applied correctly.

    Before this change configuration set using `config.active_support`
    would not be set.

    *Rafael Mendon巽a Fran巽a*

(taca)

Start update of Ruby on Rails to 3.2.19.

(taca)

Forgot to commit distinfo.

(taca)

Note update of www/php-sugarcrm package to 6.5.17.

(taca)

Update php-sugarcrm to 6.5.17, security release.

Quote from http://www.providentcrm.com/news/sugarcrm-6-5-17-patch-list/.

1. Module scanner now blocks two additional functions:
  simplexml_load_file and simplexml_load_string
2. JS Security Fix in Emails --  changing AJAX call from GET to POST.
3. XML Handling -- Additional error handling and libxml_disable_entity_loader
  is now set to true.
4. Users module -- Additional checking on un-authorised access to other users
  profile, plus Bugfix for password field.

(taca)

Note update of www/contao33 package to 3.3.3nb1.

(taca)

INSTALL was missing from this package when I first imported it to pkgsrc.

Bump PKGREVISION.

(taca)

Note update of editors/emacs24 package to 24.3nb14.

(taca)

Add fix for CVE-2014-3421, CVE-2014-3422 and CVE-2014-3424.

Bump PKGREVISION.

(taca)

Note update of lang/php55 package to 5.5.14.

(taca)

Update php55 to 5.5.14 which includes several security fixes.

26 Jun 2014, PHP 5.5.14

- Core:
  . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
  . Fixed bug #66622 (Closures do not correctly capture the late bound class
    (static::) in some cases). (Levi Morrison)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (CVE-2014-3981) (Remi)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- CLI server:
  . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- Date:
  . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    (Adam)
  . Fixed regression in fix for bug #67118 (constructor can't be called twice).
    (Remi)

- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
    (CVE-2014-0207)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
    (CVE-2014-4049). (Sara)

- OPCache:
  . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)

- OpenSSL:
  . Fixed bug #65698 (certificates validity parsing does not work past 2050).
    (Paul Oehler)
  . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
    (Paul Oehler)

- PDO-ODBC:
  . Fixed bug #50444 (PDO-ODBC changes for 64-bit).

- SOAP:
  . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)

- SPL:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion). (CVE-2014-3515) (Stefan Esser)

  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)

(taca)

Note update of lang/php54 package to 5.4.30.

(taca)

Update php54 to 5.4.30 which includes several security fixes.

26 Jun 2014, PHP 5.4.30

- Core:
  . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
  . Fixed bug #66622 (Closures do not correctly capture the late bound class
    (static::) in some cases). (Levi Morrison)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (CVE-2014-3981) (Remi)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- CLI server:
  . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- Date:
  . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    (Adam)
  . Fixed regression in fix for bug #67118 (constructor can't be called twice).
    (Remi)

- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
    check). (CVE-2014-0207)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
    (CVE-2014-4049). (Sara)

- OpenSSL:
  . Fixed bug #65698 (certificates validity parsing does not work past 2050).
    (Paul Oehler)
  . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
    (Paul Oehler)

- SOAP:
  . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)

- SPL:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion) (CVE-2014-3515). (Stefan Esser)

(taca)

Note update of net/samba package to 3.6.24.

(taca)

Update samba to 3.6.24, security release.

                  ==============================
                  Release Notes for Samba 3.6.24
                          June 23, 2014
                  ==============================

This is a security release in order to address
CVE-2014-0244 (Denial of service - CPU loop) and
CVE-2014-3493 (Denial of service - Server crash/memory corruption).

o  CVE-2014-0244:
  All current released versions of Samba are vulnerable to a denial of
  service on the nmbd NetBIOS name services daemon. A malformed packet
  can cause the nmbd server to loop the CPU and prevent any further
  NetBIOS name service.

  This flaw is not exploitable beyond causing the code to loop expending
  CPU resources.

o  CVE-2014-3493:
  All current released versions of Samba are affected by a denial of service
  crash involving overwriting memory on an authenticated connection to the
  smbd file server.

(taca)

Remove Makefile.example which is not used by anywhere.

(taca)

Note update of www/contao32 package to 3.2.12.

(taca)

Update contao32 to 3.2.12.  (Now it is leaf package.)

* Finnish translation is added and Latvian translation is removed.
* Example website (Music Academy) is removed from core distribution.
  It is still available on Contao Extension Repository.

Version 3.2.12 (2014-06-18)
---------------------------

### Fixed
Replace insert tags in external redirect targets (see #6765).

### Fixed
Also apply the font settings to the ACE element (see #7103).

### Fixed
Show the placeholder image in the "edit file" dialog if the original image
exceeds the maximum dimensions supported by the GD library (see #7032).

### Fixed
Preserve whitespace before `<textarea>` tags when minifying code (see #7087).

### Fixed
Restore the PHP 5.3 compatibility of the listing module (see #7078).

### Fixed
Do not offer to drop tables or fields if the safe mode is active (see #7085).

### Fixed
Correctly detect binary fields during theme export (see #7079).

(taca)

Note remove of www/contao32-example package.

(taca)

Remove contao32-example since new release dose not contain example website
data any more.  Approved by gdt@.

(taca)

Delete contao32-example.

(taca)

Note update of www/contao33 package to 3.3.3.

(taca)

Update conto33 to 3.3.3.  Finnish translation is added, too.

Version 3.3.3 (2014-06-18)
--------------------------

### Fixed
Convert insert tags before assigning the page title to the template (see #7097).

### Fixed
Correctly render images in TinyMCE in the newsletter module (see #7089).

(taca)

Note update of databases/ruby-sequel package to 4.11.0.

(taca)

Update ruby-sequel to 4.11.0.
Changes from 4.8.0 is too many to write here, please refer there files:

${GEM_LIBDIR}/doc/release_notes/4.9.0.txt
${GEM_LIBDIR}/doc/release_notes/4.10.0.txt
${GEM_LIBDIR}/doc/release_notes/4.11.0.txt

(taca)

Note update of net/bind99 package to 9.9.5pl1.

(taca)

Update bind99 to 9.9.5pl1 (BIND 9.9.5-P1).

3859. [bug] Don't call qsort with a null pointer. [RT #35968]

3858. [bug] Disable GCC 4.9 "delete null pointer check".
[RT #35968]

3742. [port] linux: libcap support: declare curval at start of
block. [RT #35387]

--- 9.9.5-W1 released ---

3724. [bug] win32: Fixed a bug that prevented dig and
host from exiting properly after completing
a UDP query. [RT #35288]

(taca)

Note update of www/contao33 package to 3.3.2.

(taca)

Update contao33 to 3.3.2.

Version 3.3.2 (2014-06-04)
--------------------------

### Fixed
Add the media query to the style sheets in debug mode (see #7070).

### Fixed
Disable the debug mode in the extension creator (see #7068).

### Fixed
Convert image source insert tags in the back end preview (see #7065).

### Fixed
Render all root nodes in the page and file picker (see #6844).

### Fixed
Add the "scssphp-compass" library to support Compass functions.

### Fixed
Support adding multiple TinyMCE instances to the same page (see #7061).

(taca)

Note update of www/contao32 package to 3.2.11.

(taca)

Update contao32 to 3.2.11.

Version 3.2.11 (2014-06-04)
---------------------------

### Fixed
Make `$this->locationLabel` available in the event list (see #7030).

### Fixed
Correctly set the root page title (see #7023).

### Fixed
Only show the sort hint if there is more than one element (see #6935).

### Fixed
Try to raise the PHP limits upon file synchronization (see #7035).

(taca)

Fix broken PLIST.

(taca)

- roundcube-1.0.0.

(taca)

Note update of mail/roundcube package to 1.0.1.

(taca)

Update roundcube to 1.0.1.
Add dependency to net/pear-Net_Sieve.

Please refer UPGRADING from older relase, especially configuration
files are changed.

Please refer CHANGELOG for detail.

(taca)

Note update of devel/SOPE and www/SOGo package to 2.2.5.

(taca)

Update SOGo to 2.2.5.

2.2.5 (2014-06-05)
------------------

Enhancements
- new meta tag to tell IE to use the highest mode available
- updated Dutch, Finnish, German, and Polish translations

Bug fixes
- avoid crashing when we forward an email with no Subject header
- we no longer try to include attachments when replying to a mail
- fixed ActiveSync repetitive events issues with "Weekly" and "Monthly" ones
- fixed ActiveSync text/plain parts re-encoding issues for Outlook

2.2.4 (2014-05-29)
------------------

New features
- new print option in Calendar module
- now able to save unknown recipient emails to address book on send (#1496)

Enhancements
- Sieve folder encoding is now configurable (#2622)
- SOGo version is now displayed in preferences window (#2612)
- report Sieve error when saving preferences (#1046)
- added the SOGoMaximumSyncWindowSize system default to overwrite the
  maximum number of items returned during an ActiveSync sync operation
- updated datepicker
- addressbooks properties are now accessible from a popup window
- extended events and tasks searches
- updated Czech, French, Hungarian, Polish, Russian, Slovak, Spanish (Argentina), and Spanish (Spain) translations
- added more sycned contact properties when using ActiveSync (#2775)
- now possible to configure the default subscribed resource name using SOGoSubscriptionFolderFormat
- now handle server-side folder updates using ActiveSync (#2688)
- updated CKEditor to version 4.4.1

Bug fixes
- fixed saved HTML content of draft when attaching a file
- fixed text nodes of HTML content handler by encoding HTML entities
- fixed iCal7 delegation issue with the "inbox" folder (#2489)
- fixed birth date validity checks (#1636)
- fixed URL handling (#2616)
- improved folder rename operations using ActiveSync (#2700)
- fixed SmartReply/Forward when ReplaceMime was omitted (#2680)
- fixed wrong generation of weekly repetitive events with ActiveSync (#2654)
- fixed incorrect XML data conversion with ActiveSync (#2695)
- fixed display of events having a category with HTML entities (#2703)
- fixed display of images in CSS background (#2437)
- fixed limitation of Sieve script size (#2745)
- fixed sync-token generation when no change was returned (#2492)
- fixed the IMAP copy/move operation between subfolders in different accounts
- fixed synchronization of seen/unseen status of msgs in Webmail (#2715)
- fixed focus of popup windows open through a contextual menu with Firefox on Windows 7
- fixed missing characters in shared folder names over ActiveSync (#2709)
- fixed reply and forward mail templates for Brazilian Portuguese (#2738)
- fixed newline in signature when forwarding a message as attachment in HTML mode (#2787)
- fixed restoration of options (priority & return receipt) when editing a draft (#193)
- fixed update of participation status via CalDAV (#2786)

2.2.3 (2014-04-03)
------------------

Enhancements
- updated Dutch, Hungarian, Russian and Spanish (Argentina) translations
- initial support for ActiveSync event reminders support (#2681)
- updated CKEditor to version 4.3.4

Bug fixes
- fixed possible exception when retrieving the default event reminder value on 64bit architectures (#2678)
- fixed calling unescapeHTML on null variables to avoid JavaScript exceptions in Contacts module
- fixed detection of IMAP flags support on the client side (#2664)
- fixed the ActiveSync issue marking all mails as read when downloading them
- fixed ActiveSync's move operations not working for multiple selections (#2691)
- fixed email validation regexp to allow gTLDs
- improved all-day events support for ActiveSync (#2686)

2.2.2 (2014-03-21)
------------------

Enhancements
- updated French, Finnish, German and Spanish (Spain) translations
- added sanitization support for Outlook/ActiveSync to circumvent Outlook bugs (#2667)
- updated CKEditor to version 4.3.3
- updated jQuery File Upload to version 9.5.7

Bug fixes
- fixed possible exception when retrieving the default event reminder value on 64bit architectures (#2647, #2648)
- disable file paste support in mail editor (#2641)
- fixed copying/moving messages to a mail folder begining with a digit (#2658)
- fixed unseen count for folders beginning with a digit and used in Sieve filters (#2652)
- fixed decoding of HTML entities in reminder alerts (#2659)
- fixed check for resource conflict when creating an event in the resource's calendar (#2541)
- fixed construction of mail folders tree
- fixed parsing of ORG attribute in cards (#2662)
- disabled ActiveSync provisioning for now (#2663)
- fixed messages move in Outlook which would create duplicates (#2650)
- fixed translations for OtherUsersFolderName and SharedFoldersName folders (#2657)
- fixed handling of accentuated characters when filtering contacts (#2656)
- fixed classification icon of events (#2651)
- fixed ActiveSync's SendMail with client version <= 12.1 (#2669)

(taca)

Update SOPE to 2.2.5, required by SOGo 2.2.5.

Changes are too many to write here.

(taca)

Note update of www/fengoffice package to 2.6.1.

(taca)

Update fengoffice to 2.6.1.

Changes from 2.5.1 are too many to write here, please refer
readme.txt file.

(taca)

Clean up contao211 related lines.

(taca)

Remove "used by www/contao211-example/Makefile".

(taca)

Remove contao211 since Contao 2.11 is EOL.

(taca)

Remove contao211-example since Contao 2.11 is EOL.

(taca)

Remove contao211-translations since Contao 2.11 is EOL.

(taca)

Delete contao311 related entries.

(taca)

Use PKG_OPTIONS.${PHP_PKG_PREFIX} as PKG_OPTIONS_VAR in order to consistent
PKG_OPTIONS amaong packages which use lang/php/Makefile.php.

(taca)

Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.

29 May 2014, PHP 5.4.29

- COM:
  . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)

- Core:
  . Fixed bug #65701 (copy() doesn't work when destination filename is created
    by tempnam()). (Boro Sitnikovski)
  . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
  . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
    zend_exceptions.c). (Bob)
  . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  . Fixed bug #67249 (printf out-of-bounds read). (Stas)
  . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

- Date:
  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
    (CVE-2014-0238)
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation). (CVE-2014-0237)

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)

(taca)

Note update of lang/php55 package to 5.5.13.

(taca)

Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.

29 May 2014, PHP 5.5.13

- CLI server:
  . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)

- COM:
  . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)

- Core:
  . Fixed bug #65701 (copy() doesn't work when destination filename is created
    by tempnam()). (Boro Sitnikovski)
  . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
  . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
    zend_exceptions.c). (Bob)
  . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  . Fixed bug #67249 (printf out-of-bounds read). (Stas)
  . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

- Curl:
  . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)

- Date:
  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)

(taca)

Remove contao33-example related lines.

(taca)

Note update of www/contao33 package to 3.3.1 and remove of
www/contao33-example package.

(taca)

Remove contao33-example package since example data was removed from
Contao 3.3.1 distribution and it moved to Contao's extension repository.

(taca)

Remove contao33-example.

(taca)

Update contao33 package to 3.3.1.
Though there is no description in CHANGELOG.md, data for an example web site
(Music Academy) was removed from the distribution.

Version 3.3.1 (2014-05-30)
--------------------------

### Fixed
Grant access to static files inside the `vendor` folder.

### Fixed
Do not make the `FormRadioButton` options an array (see #7060).

### Fixed
Support adding ACE and TinyMCE in subpalettes (see #7056).

### Fixed
Only use the DropZone uploader where Ajax uploads can be processed (see #7046).

### Fixed
Make the viewport field 255 characters long (see #7050).

### Fixed
Restore the "submit_container" class in the `FormSubmit` widget (see #7055).

### Fixed
Correctly generate the CSS classes of the `FormSelectMenu` widget (see #7045).

### Fixed
Use a more precise UUID detection in the `FilesModel` class (see #7054).

### Fixed
Use `pack()` instead of `hex2bin()` to be compatible with PHP 5.3 (see #7010).

(taca)

Oops, extra changes again.

(taca)

Revert accidently updated CT33_VERSION for now.

(taca)

Add "# used by" lines.

(taca)

Note update of Contao Open Source CMS packages.

www/contao211 2.11.17nb2
www/contao32 3.2.10nb2
www/contao33 3.3.0nb1

(taca)

Add dependency to php-zlib since it is needed by core's funcitonality.

Bump PKGREVISION.

(taca)

Add dependency to php-zlib since it is needed by core's funcitonality.

Bump PKGREVISION.

(taca)

Add dependency to php-zlib since it is needed by core's funcitonality.

Bump PKGREVISION.

(taca)

Note addition of Contao 3.3 related packages:

        www/contao33 3.3.0
        www/contao33-example 3.3.0

(taca)

Add and enable contao33 and contao33-example.

(taca)

Add contao33-example pakcage version 3.3.0.

This is an example web site for www/contao33, Contao Open Source CMS.

(taca)

Add www/contao33 package version 3.3.0.

Contao 3.3 is new stable release of Contao Open Source CMS.

Some new features from Contao 3.2:

* Added a markdown content element.
* Added the insert tag flags "urlencode" and "rawurlencode".
* Add a flexible back end theme.
* Add DropZone-based file uploader.
* Add permissions to import and export themes.
* Allow to override the default templates of module, content element
  and form firld.
* Add version control for editable files.
* Add template inheritance and template insertion.
* Make the title tag configurable in the page layout.
* Mark the beginning and end of each template in debug mode.
* Add support of SCSS/LESS files as external style sheets to page layout.
* Make the file system synchronization available on the command line.

(taca)

Note update of www/contao211 package to 2.11.17nb1 and www/contao32
package to 3.2.10nb1.

(taca)

Explicitly set DISTNAME for now.

(taca)

* Twweak minimum php's version althogh it has no effect with pkgsrc
  in these days.
* Depends on shells/bash package and drop note about bash from MESSAGE.

Bump PKGREVISION.

(taca)

Explicitly set DISTNAME for now.

(taca)

* Twweak minimum php's version althogh it has no effect with pkgsrc
  in these days.
* DEINSTALL: check existence of plugins/tcpdf/cache directory.

Bump PKGREVISION.

(taca)

Changes for supporing Contao 3.3.

* Add CT33_VERSION.
* Conditional CT_MASTER_SITE, CT_MASTER_SITE and so on.

(taca)

Note update of www/typo3_61 package to 6.1.9.

(taca)

Update typo3_61 to 6.1.9 (TYPO3 6.1.9), contains several security fixes.

2014-05-22  2bb8360                  [RELEASE] Release of TYPO3 6.1.9 (TYPO3 Release Team)
2014-05-22  6fafbf7  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22  2994a1c  #54111,#54113  [SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
2014-05-22  12741ad  #48695          [SECURITY] XSS in new content element wizard (Marcus Krause)
2014-05-22  7595ad4  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22  6965806  #57576          [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
2014-05-22  54e4691  #48693          [SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
2014-05-22  b6826ff  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22  32efb1b  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-21  6a91a90  #54917          [BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
2014-05-15  3ee99e9  #58842          [BUGFIX] Wrong system requirements link (Markus Klein)
2014-05-14  f86e016  #58529          [BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
2014-05-08  fb8370d  #58187          [BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
2014-05-08  3abc703  #58373          [BUGFIX] Default image title in RTE contains the file name (Stanislas Rolland)
2014-05-05  db90a26  #45183          [BUGFIX] Wrong result on empty string globalString condition (Marc Bastian Heinrichs)
2014-05-04  d422bf6  #58504          [BUGFIX] saltedpasswords: Check rsaauth loading (Nicole Cordes)
2014-05-04  05ef8fe  #58484          [BUGFIX] SoftReferenceIndex support for more values in class attribute (Marc Bastian Heinrichs)
2014-05-02  a49ddfd  #58418          [BUGFIX] Retrieving extension fails with some PHP versions (Sascha Wilking)
2014-04-29  0150f9c  #58166          [BUGFIX] Wrong comment in ActionMenuViewHelper (Markus Klein)
2014-04-25  8cf4f78  #58180          [BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
2014-04-16  a4f013a                  [TASK] Set TYPO3 version to 6.1.9-dev (TYPO3 Release Team)

2014-04-16  d94f80d                  [RELEASE] Release of TYPO3 6.1.8 (TYPO3 Release Team)
2014-04-16  68763fa  #57957          [BUGFIX] DBAL sql_fetch_* must return boolean or array (Jigal van Hemert)
2014-04-16  65896ee  #24925,#24871  [BUGFIX] Followup: Mandatory for Selectbox with TCA not possible (Stefan Neufeind)
2014-04-15  8e8b020  #24925,#24871  [BUGFIX] Mandatory for Selectbox with TCA not possible (Benjamin Mack)
2014-04-15  d124103  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15  6139c97  #56991          [BUGFIX] Fix refindex for FlexForm fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15  1dbfe75  #56353,#56352  [BUGFIX] Fields of type group file are not properly indexed (Marc Bastian Heinrichs)
2014-04-15  b22b39d  #57010          [BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-15  5dd53b1  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-12  a60b6dc  #47694          [BUGFIX] Follow up foreign_match_fields not fully supported (Marc Bastian Heinrichs)
2014-04-12  b93d9b4  #50378          [BUGFIX] sql_free_result does not work with all allowed types (Wouter Wolters)
2014-04-07  a896350  #57690          [BUGFIX] User settings do not obey setup.override (Markus Klein)
2014-04-05  21f0d12  #55683          [BUGFIX] ClickMenu: Visibility-options only if fields allowed (Stefan Neufeind)
2014-04-04  2b3dd27  #57656          [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04  1329a96  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-04-01  6ae6b40  #57518          [BUGFIX] Make Extbase EnvironmentService a Singleton (Marc Bastian Heinrichs)
2014-03-31  03ec17a  #57296          [BUGFIX] Test typeof TBE_EDITOR for object not function (Alexander Opitz)
2014-03-26  2b5c50e  #54394          [BUGFIX] Exception if thumbnail does not exist (Markus Klein)
2014-03-24  cbdd065  #57238          [BUGFIX] Typo in Extbase localization file (Xavier Perseguers)
2014-03-23  fc5b7b2  #57179          [BUGFIX] Module Menu throws PHP warning for top level menu items (Benjamin Mack)
2014-03-23  9b36936  #57202          [BUGFIX] Parsetime: config.debug should override LocalConfiguration (Stefan Neufeind)
2014-03-19  819218a  #55340          [BUGFIX] Several typos in Page Browsing ViewHelper (Benjamin Rau)
2014-03-19  f8233c1  #56205          [BUGFIX] Cannot use contain with multivalued static enumeration column (Xavier Perseguers)
2014-03-14  d5160a9  #56150          [BUGFIX] RootlineUtility does not consider disablefield (Christian Reiter)
2014-03-13  2a80fcd  #56855          [BUGFIX] Extbase tries to overlay pages_language_overlay records (Stanislas Rolland)
2014-03-13  2ee3509  #56720          [BUGFIX] Alignment of button "add a new element at this place" (Patrick Broens)
2014-03-13  bed1054  #56830          [BUGFIX] Show thumbnails in list module (Markus Klein)
2014-03-13  3800d8b  #56084          [BUGFIX] Followup: Ajax handler TYPO3_tcefile::process is broken (Frans Saris)
2014-03-12  d405041  #23864          [BUGFIX] Correctly validate New Content Element entries (Ludwig Rafelsberger)
2014-03-10  06e5ad9  #52386          [BUGFIX] Allow record insert on rootlevel (Benjamin Serfhos)
2014-03-08  2df9cb9  #43885          [BUGFIX] Temporary DB tree mount notice missing in ElementBrowser (Lorenz Ulrich)
2014-03-07  472a2f2  #55457          [BUGFIX] RTE on first new IRRE record keeps loading in IE (Stanislas Rolland)
2014-03-07  e61b2cf  #23552          [BUGFIX] Default size for group-type fields (Christian Plattner)
2014-03-05  f8c9a77  #46185          [BUGFIX] IdentityProperties were not set (Stefan Froemken)
2014-03-05  e7cf550  #11771          [BUGFIX] Catch all errors while starting installer (Alexander Opitz)
2014-03-03  28d25c9  #56262          [BUGFIX] Double escape of title in indexed search (Markus Klein)
2014-02-28  ded338b  #56378          [BUGFIX] Do not log with severity 1320177676 (Christian Weiske)
2014-02-28  8f0ce1c  #56421          [BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser (Christian Weiske)
2014-02-28  342686b  #41413          [BUGFIX] URL-encoded title in link wizard (Helmut Hummel)
2014-02-27  5ce3128  #55966          [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25  a5d8893  #56184          [BUGFIX] Paginator in TER list not using ajax (Jigal van Hemert)
2014-02-25  b4a8235  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-24  5da89e2  #56242          [BUGFIX] Fix JS concat if first file is forced on top (Benjamin Kott)
2014-02-21  c47d8c5  #54724          [BUGFIX] Use count on storage after initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21  6512f65  #49499          [BUGFIX] Fix possible language handling issue (Markus Klein)
2014-02-20  b09e7f9  #39048          [BUGFIX] Rendering inline TCEforms without AJAX is broken (Alexander Jahn)
2014-02-20  c9ae284  #53116,#56019  [BUGFIX] concatenateJs/Css does not consider forceOnTop (Markus Klein)
2014-02-20  b8eeb55  #56135          [BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() (Markus Klein)
2014-02-19  bd607e2  #55286          [BUGFIX] Suppress EXIF warnings indexing images (Felix Althaus)
2014-02-19  45f944c  #56067          [BUGFIX] Various static calls to non-static functions (Markus Klein)
2014-02-19  d2ef187  #56057          [BUGFIX] Add missing htmlspecialchars for thumbnail URL (Wouter Wolters)
2014-02-18  b7169bb  #52955          [BUGFIX] Show labels of additional doktypes in new page drag area (Caspar Stuebs)
2014-02-18  7af5ad6  #54304          [BUGFIX] Missing encoding in flexforms IRRE javascript (Alexey Gafiulov)
2014-02-17  48eab76  #52527          [BUGFIX] addToAllTCAtypes() doesn't add new field (Tomita Militaru)
2014-02-17  6344793  #56037          [BUGFIX] Fix clipboard thumbnail rendering (Frans Saris)
2014-02-17  dc0ec8a  #55998          [BUGFIX] Usage of undefined variables in ShortcutToolbarItem (Tim Lochmueller)
2014-02-17  52c294b  #55362          [BUGFIX] CommandController is not executed at same time (Tom Ruether)
2014-02-11  c9ffade  #49440          [BUGFIX] Missing label felogin_forgotHash (Karol Lamparski)
2014-02-11  edbef68  #53028          [BUGFIX] cache_clearAtMidnight conflicts with content start/endtime (Dmitry Dulepov)
2014-02-10  474380f                  [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09  e36633a  #53768,#28745  [BUGFIX] Allow to render the same TS object twice (Markus Klein)
2014-02-09  9971136  #55821          [BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09  101be25  #18797          [BUGFIX] "New page" wizard discloses existence of pages outside DB mount (Nicole Cordes)
2014-02-09  5f6d783  #53564          [TASK] Add possibility creating accessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08  cead255  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Wouter Wolters)
2014-02-08  98c8e0a  #55698          [BUGFIX] Fix "action" labels in BE log (Thorsten Kahler)
2014-02-07  9e79487  #55611          [TASK] Move cursor::pointer to complete header area in IRRE (Georg Ringer)
2014-02-06  79d2bac  #54131          [BUGFIX] Followup to #54131 (Frans Saris)
2014-02-06  ad267f8  #55713          [BUGFIX] Missing namespace in ContentObjectRenderer (Markus Klein)
2014-02-05  27c1f61  #54112          [BUGFIX] Set missing markers to empty string (Bernhard Kraft)
2014-02-04  4d7947a  #55434          [BUGFIX] Various PHP Warnings with invalid credentials (Xavier Perseguers)
2014-02-03  1263413  #54467          [BUGFIX] TSFE->altPageTitle can not be set in extensions (Markus Klein)
2014-02-03  a070a5c  #54371          [BUGFIX] Add stdWrap on value property of TEXT (Markus Klein)
2014-02-03  85b3fed  #52048          [BUGFIX] Locker throws exception if semaphore can not be acquired (Markus Klein)
2014-02-02  af8f6eb  #54289          [BUGFIX] PropertyMapper does not work with class aliasses (Frans Saris)
2014-01-31  9596d4d  #54131          [BUGFIX] getLabelsFromItemsList() retuns no value when no item found (Frans Saris)
2014-01-30  3dcc61d  #55475          [BUGFIX] Regression in DataHandler (Wouter Wolters)
2014-01-30  a5e884f  #55458          [BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
2014-01-30  084b5a9  #41450          [BUGFIX] Handle empty tags in language pack index files (Alexander Stehlik)
2014-01-29  b81c5d5  #55407          [BUGFIX] ClickMenu does not show destination-foldername (Stefan Neufeind)
2014-01-28  d6803b7  #55350          [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-27  91b1db0  #55377          [TASK] Change repository url for introduction package (Philipp Gampe)
2014-01-27  1af64b0  #55366          [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-24  3cefa40  #53964          [BUGFIX] Better description of [BE][unzip_path]/[BE][diff_path] (Markus Klein)
2014-01-24  041780f  #55093          [BUGFIX] Simulate time in TYPO3 admin panel broken (Peter Niederlag)
2014-01-23  8f55af7  #53201          [BUGFIX] sys_category table not listed in allowed excludefields (Tomita Militaru)
2014-01-23  eec8579  #53665          [BUGFIX] Removing single category item not possible (Francois Suter)
2014-01-23  57b70f7  #54849          [BUGFIX] CLI context cannot write to backend log (Oliver Hader)
2014-01-22  b865ad9  #55246          [BUGFIX] Class 'TYPO3\CMS\Recordlist\Browser\GeneralUtility' not found (Oliver Hader)
2014-01-21  c96321d  #37539          [BUGFIX] Static method cannot be abstract (Xavier Perseguers)
2014-01-21  ae54769  #54884          [BUGFIX] RootlineUtility does not consider foreign_sorting (Markus Klein)
2014-01-16  0965b22  #53712          [BUGFIX] Create valid file reference index data (Alexander Stehlik)
2014-01-16  b7ce3ef  #50266          [BUGFIX] File browser fails on inexistent expandFolder (Mario Rimann)
2014-01-15  429e13d  #34631          [BUGFIX] Show correct record title for be_groups and be_users (Markus Klein)
2014-01-15  5b23142  #54995          [BUGFIX] PHP warnings in ElementBrowser (Markus Klein)
2014-01-14  0ac8948  #54959          [TASK] Speedup typolink root-line handling (Steffen Ritter)
2014-01-14  714fca7  #53826          [BUGFIX] Folder tree in popup throws JS error (Aske Ertmann)
2014-01-14  f68832a  #53352          [BUGFIX] Add defaultTypoScript to hierachyInfo (Peter Niederlag)
2014-01-13  22d3be1  #51805          [BUGFIX] Template dropdown doesn't refresh template title after save (Torben Hansen)
2014-01-11  72f5d5a  #54909          [BUGFIX] Add missing logger names (Steffen M端ller)
2014-01-09  2620cb5  #53975          [BUGFIX] Allow empty values in start/stop filter of belog (Steffen M端ller)
2014-01-09  c99a07a  #53862          [BUGFIX] isValidUrl() idna converts whole URI (Michiel Roos)
2014-01-09  4e3e3dc  #52554          [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-09  f378b40  #31797          [BUGFIX] Properly escape the ImageMagick frame selector (Georg Ringer)
2014-01-09  7d3eb35  #24877,#6708    [BUGFIX] Only create one keypair in rsaauth (Tom Ruether)
2014-01-09  a31b325  #38767          [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08  03d6320  #47694          [BUGFIX] foreign_match_fields not fully supported (Stefan Froemken)
2014-01-08  e959451  #53727          [BUGFIX] Form Wizard saving destroys Radio Buttons (Markus Klein)
2014-01-08  42a3eb3  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Claus Due)
2014-01-07  272f80c  #54807          [BUGFIX] PageBrowsing ViewHelper defines unused method argument (Benjamin Rau)
2014-01-07  e09b381  #54808          [BUGFIX] Repository uses wrong property to calc current result page (Benjamin Rau)
2014-01-04  81a30e8  #53662          [BUGFIX] Allow NULL values in INSERT queries (Alexander Stehlik)
2014-01-04  67ac84c  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2013-12-23  9283d4b  #54115          [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception (Claus Due)
2013-12-21  8379b1a  #54531          [BUGFIX] Fix message for install tool warning (Cynthia Mattingly)
2013-12-18  a95ab93  #54369          [TASK] Fix travis builds (Markus Klein)
2013-12-18  2a4d603  #51752          [BUGFIX] ArrayIterator::seek() warning in ElementBrowser (Markus Klein)
2013-12-18  e4590fe  #52059          [BUGFIX] felogin: Unknown modifier in regular expression (Wouter Wolters)
2013-12-18  e8978f9  #47648          [BUGFIX] Remove ElementBrowser::isReadOnlyFolder (Markus Klein)
2013-12-13  be7505a  #54027          [BUGFIX] No double htmlspecialchars for filemount select (Alexander Stehlik)
2013-12-12  41fe22d  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)

(taca)

Note update of www/typo3_60 package to 6.0.14.

(taca)

Update typo3_60 to 6.0.14 (TYPO3 6.0.14), contains several security fixes.

2014-05-22  d1d252f                  [RELEASE] Release of TYPO3 6.0.14 (TYPO3 Release Team)
2014-05-22  37273fb  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22  edd27ad  #54111,#54113  [SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
2014-05-22  00f00b1  #48695          [SECURITY] XSS in new content element wizard (Marcus Krause)
2014-05-22  6b7f3a8  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22  5935348  #57576          [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
2014-05-22  dda1739  #48693          [SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
2014-05-22  5e00a13  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22  0f29e1f  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-21  e50f6a6  #54917          [BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
2014-05-15  53c830f  #53079          [BUGFIX] FlashMessageService not available in TYPO3 6.0 (Oliver Hader)
2014-05-14  459c34d  #58529          [BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
2014-04-25  bd704d5  #58180          [BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
2014-04-16  d1fc88d                  [TASK] Set TYPO3 version to 6.0.14-dev (TYPO3 Release Team)

2014-04-16  be80735                  [RELEASE] Release of TYPO3 6.0.13 (TYPO3 Release Team)
2014-04-15  d9e6546  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15  48f974e  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-15  9d1c880  #56991          [BUGFIX] Fix refindex for FlexForm fields type group file_reference (Marc Bastian Heinrichs)
2014-04-15  75f6b1b  #56353,#56352  [BUGFIX] Fields of type group file are not properly indexed (Marc Bastian Heinrichs)
2014-04-15  4e64a39  #57010          [BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference (Marc Bastian Heinrichs)
2014-04-04  72be9f3  #57656          [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04  de4e047  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-03-31  03646f1  #57296          [BUGFIX] Test typeof TBE_EDITOR for object not function (Alexander Opitz)
2014-03-24  87d3d40  #57238          [BUGFIX] Typo in Extbase localization file (Xavier Perseguers)
2014-03-13  be10ede  #56855          [BUGFIX] Extbase tries to overlay pages_language_overlay records (Stanislas Rolland)
2014-03-08  15b15c0  #43885          [BUGFIX] Temporary DB tree mount notice missing in ElementBrowser (Lorenz Ulrich)
2014-03-05  99025c1  #46185          [BUGFIX] IdentityProperties were not set (Stefan Froemken)
2014-03-03  69c103b  #56262          [BUGFIX] Double escape of title in indexed search (Markus Klein)
2014-02-28  cf83948  #56378          [BUGFIX] Do not log with severity 1320177676 (Christian Weiske)
2014-02-28  432a7bd  #56421          [BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser (Christian Weiske)
2014-02-28  1474e2c  #41413          [BUGFIX] URL-encoded title in link wizard (Helmut Hummel)
2014-02-27  ab4ef14  #55966          [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25  95cb16e  #56184          [BUGFIX] Paginator in TER list not using ajax (Jigal van Hemert)
2014-02-25  8c2179f  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-21  9ebf4bb  #54724          [BUGFIX] Use count on storage after initialization of LazyObjectStorage (Marc Bastian Heinrichs)
2014-02-21  4b44141  #49499          [BUGFIX] Fix possible language handling issue (Markus Klein)
2014-02-20  568b9bf  #56135          [BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() (Markus Klein)
2014-02-19  40d97d5  #56067          [BUGFIX] Various static calls to non-static functions (Markus Klein)
2014-02-18  e428692  #54304          [BUGFIX] Missing encoding in flexforms IRRE javascript (Alexey Gafiulov)
2014-02-17  a335bcf  #52527          [BUGFIX] addToAllTCAtypes() doesn't add new field (Tomita Militaru)
2014-02-17  88fd2df  #55998          [BUGFIX] Usage of undefined variables in ShortcutToolbarItem (Tim Lochmueller)
2014-02-11  e2ebdfd  #53028          [BUGFIX] cache_clearAtMidnight conflicts with content start/endtime (Dmitry Dulepov)
2014-02-10  e73b549                  [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09  d2881f5  #53768,#28745  [BUGFIX] Allow to render the same TS object twice (Markus Klein)
2014-02-09  228fbc5  #55821          [BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* (Christian Kuhn)
2014-02-09  d9bf811  #18797          [BUGFIX] "New page" wizard discloses existence of pages outside DB mount (Nicole Cordes)
2014-02-09  2a233ef  #53564          [TASK] Add possibility creating accessible mock for abstract classes (Marc Bastian Heinrichs)
2014-02-08  33a058b  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Wouter Wolters)
2014-02-06  0fe2509  #55713          [BUGFIX] Missing namespace in ContentObjectRenderer (Markus Klein)
2014-02-05  0004322  #54112          [BUGFIX] Set missing markers to empty string (Bernhard Kraft)
2014-02-03  8623b17  #54371          [BUGFIX] Add stdWrap on value property of TEXT (Markus Klein)
2014-02-03  e5a844d  #52048          [BUGFIX] Locker throws exception if semaphore can not be acquired (Markus Klein)
2014-01-30  dc271e4  #55475          [BUGFIX] Regression in DataHandler (Wouter Wolters)
2014-01-30  460da13  #41450          [BUGFIX] Handle empty tags in language pack index files (Alexander Stehlik)
2014-01-29  3a84755  #55407          [BUGFIX] ClickMenu does not show destination-foldername (Stefan Neufeind)
2014-01-28  e5df843  #55350          [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-27  3b2cb07  #55366,#55377  [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-24  72db639  #55093          [BUGFIX] Simulate time in TYPO3 admin panel broken (Peter Niederlag)
2014-01-23  68057cf  #54849          [BUGFIX] CLI context cannot write to backend log (Oliver Hader)
2014-01-16  c4703db  #53712          [BUGFIX] Create valid file reference index data (Alexander Stehlik)
2014-01-16  42cd027  #50266          [BUGFIX] File browser fails on inexistent expandFolder (Mario Rimann)
2014-01-15  f76c7ea  #34631          [BUGFIX] Show correct record title for be_groups and be_users (Markus Klein)
2014-01-14  f3d324d  #53826          [BUGFIX] Folder tree in popup throws JS error (Aske Ertmann)
2014-01-14  df52d4a  #53352          [BUGFIX] Add defaultTypoScript to hierachyInfo (Peter Niederlag)
2014-01-09  d0c4276  #53862          [BUGFIX] isValidUrl() idna converts whole URI (Michiel Roos)
2014-01-09  9f330b7  #52554          [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-09  ffc3f2b  #24877,#6708    [BUGFIX] Only create one keypair in rsaauth (Tom Ruether)
2014-01-09  583a51b  #38767          [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08  74be2df  #38766          [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel)
2014-01-08  d1e2110  #53727          [BUGFIX] Form Wizard saving destroys Radio Buttons (Markus Klein)
2014-01-08  96ff927  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Claus Due)
2014-01-04  2c40d1b  #53662          [BUGFIX] Allow NULL values in INSERT queries (Alexander Stehlik)
2014-01-04  dd187dd  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2013-12-23  c2211f5  #54115          [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception (Claus Due)
2013-12-18  6be4de6  #54369          [TASK] Fix travis builds (Markus Klein)
2013-12-18  e6bfc6e  #51752          [BUGFIX] ArrayIterator::seek() warning in ElementBrowser (Markus Klein)
2013-12-18  1294fe7  #52059          [BUGFIX] felogin: Unknown modifier in regular expression (Wouter Wolters)
2013-12-18  4f8c872  #47648          [BUGFIX] Remove ElementBrowser::isReadOnlyFolder (Markus Klein)
2013-12-13  78b00f3  #54027          [BUGFIX] No double htmlspecialchars for filemount select (Alexander Stehlik)
2013-12-12  28ca149  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)

(taca)

Note update of www/typo3_47 package to 4.7.19.

(taca)

Update to typo3_47 to 4.7.19 (TYPO3 4.7.19), contains several securify fixes.

2014-05-22  4ebc6ca                  [RELEASE] Release of TYPO3 4.7.19 (TYPO3 Release Team)
2014-05-22  07eba3e  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22  ec33beb  #54111,#54113  [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22  fb096e3  #48695          [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22  1389da5  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22  65fc32f  #57576          [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22  7bec5c8  #48693          [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22  b907b64  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22  c39bca9  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-04-16  53b74d7                  [TASK] Set TYPO3 version to 4.7.19-dev (TYPO3 Release Team)

2014-04-16  26f503d                  [RELEASE] Release of TYPO3 4.7.18 (TYPO3 Release Team)
2014-04-15  f329f76  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15  9a2f402  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04  d470aa5  #57656          [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04  be342b4  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-25  4dfb4d3  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-10  0345de6                  [TASK] Execute lint in parallel (Helmut Hummel)
2014-02-09  df8e21b  #55811          [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08  84d2050  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-27  a42059c  #55366,#55377  [TASK] Change phpunit repository url for travis (Philipp Gampe)
2014-01-17  3d40e0a  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16  394e421  #54748          [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09  66bb350  #38767          [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
2014-01-08  f3b8711  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-18  53a6a36  #54369          [TASK] Fix travis builds (Markus Klein)
2013-12-12  019d6b7  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)

(taca)

Note update of www/typo3_45 package to 4.5.34.

(taca)

Update typo3_45 to 4.5.34 (TYPO4 4.5.34), contains several security fixes.

2014-05-22  2ee368c                  [RELEASE] Release of TYPO3 4.5.34 (TYPO3 Release Team)
2014-05-22  55d5f38  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
2014-05-22  efb098b  #54111,#54113  [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
2014-05-22  94011a3  #48695          [SECURITY] XSS in new content element wizard (Markus Klein)
2014-05-22  b62651b  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
2014-05-22  a98ae3c  #57576          [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
2014-05-22  4f7258c  #48693          [SECURITY] Encode URL for use in JavaScript (Markus Klein)
2014-05-22  742ad49  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
2014-05-22  9bd7776  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
2014-05-08  6ffdcee  #58187          [BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
2014-04-16  5d6a16e                  [TASK] Set TYPO3 version to 4.5.34-dev (TYPO3 Release Team)

2014-04-16  5bd6b52                  [RELEASE] Release of TYPO3 4.5.33 (TYPO3 Release Team)
2014-04-15  aebc244  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
2014-04-15  51a3897  #57934          [BUGFIX] Use validEmail() instead of deprecated checkEmail() (Stefan Neufeind)
2014-04-15  fcdaec0  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
2014-04-04  4316e98  #57656          [TASK] Integrate default README.txt (Oliver Hader)
2014-04-04  9d36515  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
2014-02-27  e34a90b  #55966          [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
2014-02-25  5c4554b  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
2014-02-09  7d6a8cc  #55811          [BUGFIX] Namespace usage in test (Christian Kuhn)
2014-02-08  44d7cfc  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
2014-01-30  138b13a  #55458          [BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
2014-01-28  b867b04  #55350          [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
2014-01-17  ab6256f                  Revert "[TASK] Optimize speed for instantiating class with arguments" (Ernesto Baschny)
2014-01-17  2526bdd  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
2014-01-16  102307f  #54748          [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
2014-01-09  e6643e1  #52554          [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
2014-01-08  765882e  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
2013-12-12  d3e9494  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)

(taca)

Fix build two build problems.

* Didn't pass the portability check, noted by joerg@.
* Some PLIST problem.

No bump revision since the package was broken.

(taca)

Note update of security/openssh package to 6.6.1nb1.

(taca)

Update patch to stop error message with rc.d script.
It was noted by Ken'ichi Fukamachi via PR pkg/48825.

Bump PKGREVISION.

(taca)

Note update of www/contao32 package to 3.2.10.

(taca)

Update contao32 to 3.2.10.

Version 3.2.10 (2014-05-21)
---------------------------

### Fixed
Correctly urlencode folder names in the file manager (see #6925).

### Update
Update MooTools to version 1.5.0 (see #6924).

### Fixed
Allow for up to 13 characters in `Validator::isEmail()` (see #6950).

### Fixed
Only fall back to the default option if there is no POST data (see #6899).

### Fixed
Do not override the event start time in `Events::addEvent()` (see #6701).

### Fixed
Correctly detect binary fields during theme import (see #6852).

### Fixed
Do not urldecode twice in `DC_Folder` (see #6840).

### Fixed
Standardize the fallback behavior of the downloads/gallery element (see #6662).

### Fixed
Correctly hide duplicated elements in the module wizard (see #6826).

### Fixed
Fix the mediabox "imgBackground" option (see #6866).

### Fixed
Strip double quotes in the options wizard (see #6919).

### Fixed
Strip the insert tag flags before passing the tag name to the hooks (see #6860).

### Fixed
Catch Swift exceptions when sending form data via e-mail (see #6941).

### Update
Update the back end date picker to version 2.2.0.

### Update
Update ACE to version 1.1.3.

### Fixed
Check for reserved article aliases before validating the alias name (see #6978).

### Fixed
Store the UUID of uploaded files in the session (see #6986).

### Fixed
Only assume a moved file or folder for new resources (see #6907).

### Fixed
Correctly strip the file extension in the `File` class (see #6968).

### Fixed
Remove the menu when `Swipe.kill()` is executed (see #6861).

### Fixed
Consider the protocol when embedding YouTube videos (see #6900).

(taca)

Note update of mail/pear-Mail_Mime package to 1.8.9.

(taca)

Update pear-Mail_Mime to 1.8.9.

* Fixed Bug #20273: Incorrect handling of HTAB in encodeHeader() [alec]
* Fixed Bug #20226: Mail_mimePart::encodeHeader does not encode ISO-2022-JP
  string [alec]
* Fixed Bug #20222: Broken Compatybility with PHP4 [alec]

(taca)

Note update of lang/ruby21 and lang/ruby21-base package to 2.1.2.

(taca)

Update ruby21 to 2.1.2.

Quote from release announce:

This release contains a fix for a regression of Hash#reject in Ruby 2.1.1,
support for build with Readline-6.3 (see Bug #9578), an updated bundled
version of libyaml with psych, and some bug fixes.

For details, please refer ChangeLog.

(taca)

Note update of lang/ruby200 and lang/ruby200-base to 2.0.0p481
(Ruby 2.0.0-p481).

(taca)

Update ruby200 to Ruby 2.0.0-p481.

Including many bug fixes:

* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))

For detail, please refer ChangeLog.

(taca)

Add some "used by" lines.

(taca)

Instead of comparing _RUBY_VERSION_REQD to "211", compare "18" or "193".

(taca)

Update distinfo after reverting patch files by joerg@.

(taca)

Note update of Ruby on Rails 3.2.18 related packages.

devel/ruby-activesupport32
devel/ruby-activemodel32
databases/ruby-activerecord32
www/ruby-activeresource32
www/ruby-actionpack32
mail/ruby-actionmailer32
devel/ruby-railties32
www/ruby-rails32

(taca)

Update www/ruby-rails32 to 3.2.18.

No change except version number.

(taca)

Update devel/ruby-railties32 to 3.2.18.

No change except version number.

(taca)

Update mail/ruby-actionmailer32 to 3.2.18.

No change except version number.

(taca)

Update www/ruby-actionpack32 to 3.2.18.

## Rails 3.2.18 (May 6, 2014) ##

*  Only accept actions without File::SEPARATOR in the name.

    This will avoid directory traversal in implicit render.

    Fixes: CVE-2014-0130

    *Rafael Mendonça França*

(taca)

Update www/ruby-activeresource32 to 3.2.18.

No change except version number.

(taca)

Update databases/ruby-activerecord32 to 3.2.18.

No change except version number.

(taca)

Update devel/ruby-activemodel32 to 3.2.18.

No change except version number.

(taca)

Update devel/ruby-activesupport32 to 3.2.18.

No change except version number.

(taca)

Start update of Ruby on Rails to 3.2.18.

(taca)

Note update of www/drupal7 package to 7.28.

(taca)

Update drupal7 to 7.28.

Drupal 7.28, 2014-05-08
-----------------------
- Fixed a regression introduced in Drupal 7.27 that caused JavaScript to break
  on older browsers (such as Internet Explorer 8 and earlier) when Ajax was
  used.
- Increased the timeout used by the Update Manager module when it fetches data
  from drupal.org (from 5 seconds to 30 seconds), to work around a problem
  which causes incomplete information about security updates to be presented to
  site administrators. This fix may lead to a performance slowdown on the
  Update Manager administration pages, when installing Drupal distributions,
  and (for sites that use the automated cron feature) on occasional page loads
  by site visitors.
- Fixed the behavior of the token system's "[node:summary]" token when the body
  field does not have a manual summary.
- Changed the behavior of db_query_temporary() so that it works on SELECT
  queries even when they have leading comments/whitespace. A side effect of
  this fix is that db_query_temporary() will now fail with an error if it is
  ever used on non-SELECT queries.
- Added a "node_admin_filter" tag to the database query used to build the list
  of nodes on the content administration page, to make it easier to alter.
- Made the cron queue system log any exceptions that are thrown while an item
  in the queue is being processed, rather than stopping the entire PHP request.
- Improved screen reader support by adding an aria-live HTML attribute to file
  upload fields when there is an error uploading the file (minor markup
  change).
- Made the pager on the Tracker module listing pages show the same number of
  items as other pagers throughout Drupal core (minor UI change).
- Fixed a bug which caused caches not to be properly cleared when a file entity
  was saved or deleted.
- Added several missing countries to the default list returned by
  country_get_list() (string change).
- Replaced the term "weight" with "influence" in the content ranking settings
  for search, and added help text for administrators (string change).
- Fixed untranslatable text strings in the administrative interface for the
  "Crop" effect provided by the Image module (minor string change).
- Fixed a bug in the Taxonomy module update function introduced in Drupal 7.26
  that caused memory and CPU problems on sites with very large numbers of
  unpublished nodes.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.

(taca)

Note update of mail/sylpheed package to 3.4.1.

(taca)

Update sylpheed to 3.4.1.

* 3.4.1 (stable)

    * Fixed Bug #193: Lose mails when mailbox is inaccessible.

* 3.4.0 (stable)
* 3.4.0rc (release candidate)

    * SSL wildcard certificate is also validated now (#167).
    * The compile error with OpenSSL disabled was fixed.

* 3.4.0beta8 (development)

    * Mac OS X support was improved.
    * SSL certificate hostname is validated now (#167).
    * The Japanese manual was modified so that IE correctly detect its
      character encoding.
    * The rightmost column of folder view and summary view became easier to
      resize.
    * Appropriate columns of folder view, summary view, etc. are
      auto-expanded by window resize when using GTK+ 2.14 or later.
    * The initial setup dialog is now resizabe.
    * PGP encrypt-to-self feature was added.
    * The display period of notification window became configurable.

* 3.4.0beta7 (development)

    * Win32: the tray icon is recreated when explorer.exe crashes now.
    * The bug that 'File - Folder - Move folder...' menu didn't work was
      fixed.
    * The bug that MIME nest level restriction was not working was fixed.
    * Many defects discovered by Coverity Scan were fixed:
      - FILE handle resource leaks
      - memory leaks
      - possible buffer overrun
      - strict error checks
      - correct null pointer checks

* 3.4.0beta6 (development)

    * Icon theme feature was added.
    * HTML mail is distinguished from other messages with attachments now.
    * 'Last 30 days' was added to the quick search menu.
    * Attached images are rotated based on Exif orientation tag.
    * Config.guess and config.sub included in the tarball were updated to the
      latest version.

* 3.4.0beta5 (development)

    * Basque translation was added.
    * Escaped special characters in HTML links are now properly unescaped
      (#120).
    * IMAP: parsing of folder names that contain brackets was fixed.
    * Config.guess and config.sub included in the tarball were updated.
    * The order of templates became stable.

* 3.4.0beta4 (development)

    * The feature to save message as plain text was added.
    * Printing now prints all texts in messages, not only the first one.
    * The HTML parser now supports <blockquote> tag.
    * An option to prefer HTML part in multipart/alternative was added
      (default: off).
    * Compose window is raised when the external editor exits.
    * Bugfixes of HTML display were made.

* 3.4.0beta3 (development)

    * Rebuilding of folder tree which was broken at 3.4.0beta1 was fixed
      (#103).
    * The bug that double-quote (") and backslash (\) in
      folder/username/password were not escaped and could not be used on IMAP4
      was fixed.
    * Quotation of forwarded messages is enabled for template now.
    * When marking a message as junk and moving it to a junk folder, proper
      junk folder is selected instead of default one.
    * When applying a template for a new message, current date is inserted
      with '%d'.

* 3.4.0beta2 (development)

    * New message notification window was added.
    * An option to the junk filter setting was added:
      'Do not classify message as junk if sender is in the address book'.
    * Some non-standard Date header patterns are handled now.
    * Win32: start menu shortcuts are translated.

* 3.4.0beta1 (development)

    * Safe mode (which does not load plug-ins) was added (--safe-mode).
    * The existence of destination folders are checked when creating a filter
      rule.
    * The recursion level is restricted up to 64 when scanning local mailbox
      (prevents infinite loop with symlink. Note: Linux automatically limits
      the symlink loop up to 40)
    * The labels used in POP3 remote mailbox dialog was modified.
    * POP3: do not disconnect immediately but send QUIT command on normal
      POP3 errors (prevents deleted messages appear again).
    * IMAP: "INBOX" folder became case insensitive as specified in RFC 3501.
    * IMAP: server name for cache directory is escaped now
      (fixes cache creation when using IPv6 address for server name on Windows).
    * Win32: socket timeout setting now works on Windows.

(taca)

Note update of mail/postfix package to 2.11.1.

(taca)

Update postfix to 2.11.1.

Bugfixes (fixed in Postfix 2.11 and Postfix 2.12):

  * With connection caching enabled (the default), recipients could
    be given to the wrong mail server. The root cause was an incorrect
    predicate. Due to this, the Postfix SMTP client could under
    rare conditions save and restore plaintext connections that
    should not be cached, under a fixed lookup key that did not
    distinguish by destination.  Problem reported by Sahil Tandon.

  * Enforce TLS when TLSA records exist, but all are unusable.

  * Don't leak memory when TLSA records exist, but all are unusable.

Workarounds:

  * Prepend "-I. -I../../include" to the compiler command-line
    options, to avoid name clashes with non-Postfix header files.

Documentation cleanup:

  * Corrected postconf(1) manpage for missing version attribution
    and incorrect "author" formatting.

  * The documentation for Postfix > 2.8 TLS activity logging was
    incorrect. Loglevel 0 produces no logging. Instead, information
    is logged only with loglevel 1 or higher.

Logging cleanup:

  * The TLS client logged that an "Untrusted" TLS connection was
    established instead of "Anonymous".

  * For consistency, TLS policy lookup errors are now logged as
    warnings.

(taca)

Note update of lang/php54 package to 5.4.28.

(taca)

Update php54 to 5.4.28.

01 May 2014, PHP 5.4.28

- Core:
  . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
    UNIX sockets). (Mike)
  . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
    (Jann Horn, Stas)
  . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  . Fixed bug #66736 (fpassthru broken). (Mike)
  . Fixed bug #67024 (getimagesize should recognize BMP files with negative
    height). (Gabor Buella)

- cURL:
  . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
    (Freek Lijten)

- Date:
  . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
    supplied). (Boro Sitnikovski)

- Embed:
  . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)

- Fileinfo:
  . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
    (Remi)

- FPM:
  . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
    default configuration) (CVE-2014-0185). (Stas)

- JSON:
  . Fixed bug #66021 (Blank line inside empty array/object when
    JSON_PRETTY_PRINT is set). (Kevin Israel)

- LDAP:
  . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

- OpenSSL:
  . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
  . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

- SimpleXML:
  . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
    (Anatol)

- XSL:
  . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
    when loaded with "file://"). (Anatol)

- Apache2 Handler SAPI:
  . Fixed Apache log issue caused by APR's lack of support for %zu
    (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
    (Jeff Trawick)

(taca)

Note update of lang/php55 package to 5.5.12.

(taca)

Update php55 to 5.5.12.

01 May 2014, PHP 5.5.12
- Core:
  . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
    UNIX sockets). (Mike)
  . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  . Fixed bug #66736 (fpassthru broken). (Mike)
  . Fixed bug #67024 (getimagesize should recognize BMP files with negative
    height). (Gabor Buella)
  . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)

- cURL:
  . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
    (Freek Lijten)

- Date:
  . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
    supplied). (Boro Sitnikovski)

- Embed:
  . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).

- Fileinfo:
  . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
    (Remi)

- FPM:
  . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)

- JSON:
  . Fixed bug #66021 (Blank line inside empty array/object when
    JSON_PRETTY_PRINT is set). (Kevin Israel)

- LDAP:
  . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

- mysqli:
  . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
    (extra comma) and third parameters (lack of escaping). (Andrey)

- OpenSSL:
  . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
  . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

- SimpleXML:
  . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
    (Anatol)

- SQLite:
  . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)

- XSL:
  . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
    when loaded with "file://"). (Anatol)

- Apache2 Handler SAPI:
  . Fixed Apache log issue caused by APR's lack of support for %zu
    (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
    (Jeff Trawick)

(taca)

Fix broken print-PLIST with gem based packages.

(taca)

Note update of mail/mew package to 6.6.

(taca)

Update mew to 6.6.

      <Differences between Mew 6.6 and Mew 6.5>

* Better image supports.
* The body encoded with Base64/Quoted-Printable is decoded.
* Catching up to the latest GnuPG.
* Support of ISO-2022-JP-3 was removed in favor of UTF-8.
* The speed to move the cursor in Summary mode got much faster.
* Supporting stunnel 5.

(taca)

Ruby 1.8.7 (and prior release) support was dropped since
nokogiri 1.6.0.rc1.

No PKGREVISION bump since build already failed with ruby18.

(taca)

* Fix PLIST due to broken print-PLIST target.
* Avoid to patch gemspec but use OVERRIDE_GEMSPEC.

(taca)

Fix PLIST.  Currently, print-PLIST of ruby packages are slightly broken.

(taca)