---
- branch: MAIN
  date: Mon Feb  3 15:23:22 UTC 2014
  files:
  - new: '1.57'
    old: '1.56'
    path: pkgsrc/www/contao/Makefile.common
    pathrev: pkgsrc/www/contao/Makefile.common@1.57
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/www/contao32/distinfo
    pathrev: pkgsrc/www/contao32/distinfo@1.6
    type: modified
  id: 20140203T152322Z.0dc3881570fe62b749ef37e876674b5a72fed806
  log: |
    Update contao32 to 3.2.5, including fix for CVE-2014-1860.

    * pkgsrc change: remove obsolete lines for contao31.

    Version 3.2.5 (2014-02-03)
    --------------------------

    ### Fixed
    Correctly load the parent pages in the navigation modules (see #6696).

    ### Fixed
    Correctly encode URLs with GET parameters in the syndication links (see #6683).

    ### Fixed
    Do not pass POST data to the `deserialize()` function, so it is not vulnerable
    to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).

    ### Fixed
    Allow any character in passwords, especially the less-than symbol (see #6447).

    ### Fixed
    Purge the image cache if a file is being renamed (see #6641).

    ### Fixed
    Preserve tags in custom CSS definitions (see #6667).

    ### Fixed
    Make the swipe CSS selectors more specific (see #6666).

    ### Fixed
    Correctly optimize floating-point numbers in style sheets (see #6674).
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www'
  unixtime: '1391441002'
  user: taca