Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 228E3A6482 for ; Mon, 3 Feb 2014 15:23:27 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 8D48814A255; Mon, 3 Feb 2014 15:23:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 68CDE14A24B for ; Mon, 3 Feb 2014 15:23:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id zhCqIUY43ozE for ; Mon, 3 Feb 2014 15:23:22 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id D99C714A244 for ; Mon, 3 Feb 2014 15:23:22 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id CF1E396; Mon, 3 Feb 2014 15:23:22 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Mon, 3 Feb 2014 15:23:22 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/www To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20140203152322.CF1E396@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: taca Date: Mon Feb 3 15:23:22 UTC 2014 Modified Files: pkgsrc/www/contao: Makefile.common pkgsrc/www/contao32: distinfo Log Message: Update contao32 to 3.2.5, including fix for CVE-2014-1860. * pkgsrc change: remove obsolete lines for contao31. Version 3.2.5 (2014-02-03) -------------------------- ### Fixed Correctly load the parent pages in the navigation modules (see #6696). ### Fixed Correctly encode URLs with GET parameters in the syndication links (see #6683). ### Fixed Do not pass POST data to the `deserialize()` function, so it is not vulnerable to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695). ### Fixed Allow any character in passwords, especially the less-than symbol (see #6447). ### Fixed Purge the image cache if a file is being renamed (see #6641). ### Fixed Preserve tags in custom CSS definitions (see #6667). ### Fixed Make the swipe CSS selectors more specific (see #6666). ### Fixed Correctly optimize floating-point numbers in style sheets (see #6674). To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 pkgsrc/www/contao/Makefile.common cvs rdiff -u -r1.5 -r1.6 pkgsrc/www/contao32/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.