Skip to content
Commits on Dec 29, 2013
  1. Pullup ticket #4278.

    tron committed Dec 29, 2013
  2. Pullup ticket #4278 - requested by pettai

    security/py-denyhosts: security patch
    
    Revisions pulled up:
    - security/py-denyhosts/Makefile                                1.9
    - security/py-denyhosts/distinfo                                1.4-1.5
    - security/py-denyhosts/patches/patch-af                        1.2
    
    ---
       Module Name:    pkgsrc
       Committed By:   pettai
       Date:           Thu Dec 26 23:30:41 UTC 2013
    
       Modified Files:
               pkgsrc/security/py-denyhosts: Makefile distinfo
               pkgsrc/security/py-denyhosts/patches: patch-af
    
       Log Message:
       Fix for CVE-2013-6890
    
    ---
       Module Name:    pkgsrc
       Committed By:   pettai
       Date:           Sun Dec 29 20:27:55 UTC 2013
    
       Modified Files:
               pkgsrc/security/py-denyhosts: distinfo
    
       Log Message:
       Fixed broken checksum
    tron committed Dec 29, 2013
Commits on Dec 20, 2013
  1. pullups 4276 and 4277

    spz committed Dec 20, 2013
  2. Pullup ticket #4277 - requested by is

    graphics/gd: build fix for e.g. arm
    
    Revisions pulled up:
    - graphics/gd/distinfo                                          1.34-1.35
    - graphics/gd/patches/patch-src_gd__bmp.c                       1.1-1.2
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Mon Nov 11 20:38:16 UTC 2013
    
       Modified Files:
       	pkgsrc/graphics/gd: distinfo
       Added Files:
       	pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c
    
       Log Message:
       Don't use ceill(); it isn't needed here and causes problems. See PR 48334.
    
       Technically this change should bump PKGREVISION (as it changes the
       binary package ever so slightly for platforms where the ceill() didn't
       cause a build failure) but I'm going to let it slide.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.33 -r1.34 pkgsrc/graphics/gd/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	dholland
       Date:		Mon Nov 11 21:34:40 UTC 2013
    
       Modified Files:
       	pkgsrc/graphics/gd: distinfo
       	pkgsrc/graphics/gd/patches: patch-src_gd__bmp.c
    
       Log Message:
       Add upstream report URL per PR 48334.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.34 -r1.35 pkgsrc/graphics/gd/distinfo
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/gd/patches/patch-src_gd__bmp.c
    spz committed Dec 20, 2013
  3. Pullup ticket #4276 - requested by tron

    net/wireshark: security update
    
    Revisions pulled up:
    - net/wireshark/DESCR                                           1.4
    - net/wireshark/Makefile                                        1.112
    - net/wireshark/distinfo                                        1.71
    - net/wireshark/patches/patch-aa                                1.13
    - net/wireshark/patches/patch-ab                                1.4
    - net/wireshark/patches/patch-ac                                1.2
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Wed Dec 18 11:52:26 UTC 2013
    
       Modified Files:
       	pkgsrc/net/wireshark: DESCR Makefile distinfo
       	pkgsrc/net/wireshark/patches: patch-aa patch-ab patch-ac
    
       Log Message:
       Update "wireshark" package to version 1.10.4. Changes since version 1.10.3:
       - Bug Fixes
          The following vulnerabilities have been fixed.
            * wnpa-sec-2013-66
              The SIP dissector could go into an infinite loop.
              Discovered by Alain Botti. (Bug 9388)
              Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
              CVE-2013-7112
            * wnpa-sec-2013-67
              The BSSGP dissector could crash. Discovered by Laurent
              Butti. (Bug 9488)
              Versions affected: 1.10.0 to 1.10.3
              CVE-2013-7113
            * wnpa-sec-2013-68
              The NTLMSSP v2 dissector could crash. Discovered by Garming
              Sam.
              Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
              CVE-2013-7114
          The following bugs have been fixed:
            * "On-the-wire" packet lengths are limited to 65535 bytes.
              (Bug 8808, ws-buglink:9390)
            * Tx MCS set is not interpreted properly in WLAN beacon
              frame. (Bug 8894)
            * VoIP Graph Analysis window - some calls are black. (Bug
              8966)
            * Wireshark fails to decode single-line, multiple Contact:
              URIs in SIP responses. (Bug 9031)
            * epan/follow.c - Incorrect "bytes missing in capture file"
              in "check_fragments" due to an unsigned int wraparound?.
              (Bug 9112)
            * gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus
              result. (Bug 9382)
            * Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
            * Timestamp decoded for Gigamon trailer is not padded
              correctly. (Bug 9433)
            * SEL Fast Message Bug-fix for Signed 16-bit Integer Fast
              Meter Messages. (Bug 9435)
            * DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug
              9442)
            * GSM SMS User Data header fill bits are wrong when using a 7
              bits ASCII / IA5 encoding. (Bug 9478)
            * WCDMA RLC dissector cannot assemble PDUs with SNs skipped
              and wrap-arounded. (Bug 9505)
            * DTLS: fix buffer overflow in mac check. (Bug 9512)
            *  Correct data length in SCSI_DATA_IN packets (within
              iSCSI). (Bug 9521)
            * GSM SMS UDH EMS control expects 4 octets instead of 3 with
              OPTIONAL 4th. (Bug 9550)
            * Fix "decode as ..." for packet-time.c. (Bug 9563)
       - Updated Protocol Support
         ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS,
         IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/DESCR
       cvs rdiff -u -r1.111 -r1.112 pkgsrc/net/wireshark/Makefile
       cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/wireshark/distinfo
       cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/wireshark/patches/patch-aa
       cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/wireshark/patches/patch-ab
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/wireshark/patches/patch-ac
    spz committed Dec 20, 2013
Commits on Dec 18, 2013
  1. Pullup ticket #4275.

    tron committed Dec 18, 2013
  2. Pullup ticket #4275 - requested by taca

    devel/ruby-i18n: security update
    
    Revisions pulled up:
    - devel/ruby-i18n/Makefile                                      1.9
    - devel/ruby-i18n/PLIST                                         1.5
    - devel/ruby-i18n/distinfo                                      1.8
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Dec 16 09:21:34 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/ruby-i18n: Makefile PLIST distinfo
    
       Log Message:
       Update ruby-i18n to 0.6.9.  This is security fix.
    
       * Add I18n::exists? method.
       * Add I18n.locale_available? method.
       * Delete unused files.
       * I18n::MissingTranslation exception escapes key names for its
         html_message, fixing CVE-2013-4492.
       * Use CGI.escapeHTML instead of CGI.escape_html for Ruby 1.8.7.
       * Fix an issue with setting I18n.config.enforce_available_locales.
    tron committed Dec 18, 2013
Commits on Dec 17, 2013
  1. Pullup ticket #4274.

    tron committed Dec 17, 2013
  2. Pullup ticket #4274 - requested by taca

    www/typo3_45: security update
    
    Revisions pulled up:
    - www/typo3_45/Makefile                                         1.28-1.29
    - www/typo3_45/PLIST                                            1.13
    - www/typo3_45/distinfo                                         1.23-1.24
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:41:07 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_45: Makefile distinfo
    
       Log Message:
       Update typo345 to 4.5.31 (TYPO3 4.5.31).
    
       2013-11-26  434ce71                  [RELEASE] Release of TYPO3 4.5.31 (TYPO3 Release Team)
       2013-11-19  396534e  #53758          [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos)
       2013-11-19  3f2ed1d  #53750          [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos)
       2013-11-15  428baac  #17493          [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind)
       2013-11-11  6755f40  #37948          [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar)
       2013-11-11  082facd  #31998          [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind)
       2013-11-09  c581f33  #29179          [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind)
       2013-11-09  7b08aa9  #53195          [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind)
       2013-11-04  d372f5f  #38055          [BUGFIX] Remove declare(encoding=) (Josef Florian Glatz)
       2013-10-28  5ae438c  #53075          [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny)
       2013-10-22  b5d6e9f  #50881          [TASK] Added missing core autoloaded files (Ernesto Baschny)
       2013-10-13  5b072ff  #52759          [BUGFIX] Object passed to date() (Philipp Gampe)
       2013-10-12  6371e46  #52104          [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes)
       2013-10-12  78871e2  #37611          [BUGFIX] Select available page when changing WS (Thorsten Kahler)
       2013-10-11  ce02c01  #36573          [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring)
       2013-10-11  d114ddb  #37065          [BUGFIX] Don't show duplicates in workspace preview (Timo Webler)
       2013-10-06  3289c39  #52045          [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein)
       2013-09-27  cd1e12b  #52091,#51684   [BUGFIX] Check for string before using strlen (Markus Klein)
       2013-09-26  c8d2033  #34886          [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer)
       2013-09-18  ef6dc06                  [BUGFIX] Fix cropping of transparent gifs with im6. (Felix Bu$(Q+m(Bnemann)
       2013-09-12  70ce540  #51803          [TASK] Use a 401 header if login is not successful (Georg Ringer)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Dec 10 15:18:33 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_45: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_45 package to 4.5.32 (TYPO3 4.5.32).
    
       - Fix multiple vulnerabilities in TYPO3 CMS:
       	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
       - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous
         commit.
    
       2013-12-10  1956962                  [RELEASE] Release of TYPO3 4.5.32 (TYPO3 Release Team)
       2013-12-10  60576d1  #31206          [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
       2013-12-10  77dc1c4  #42772          [SECURITY] XSS in colorpicker wizard (Anja Leichsenring)
       2013-12-10  52d3bff  #45043          [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
       2013-12-10  cae8739  #20811          [SECURITY] XSS vulnerability in extension manager (Marcus Krause)
       2013-12-10  ba92f0a  #41714          [SECURITY] Information Disclosure in Wizards (Anja Leichsenring)
       2013-12-10  63ff910  #54099          [SECURITY] Fix open redirection in openid extension (Anja Leichsenring)
       2013-12-10  c4d1336  #48187          [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter)
       2013-12-10  5342284  #36768          [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
       2013-12-10  b360a1a  #54074          [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
       2013-12-10  78ee538  #54073          [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause)
       2013-12-08  5aa4ab2  #54282          [BUGFIX] Fix failing test (Anja Leichsenring)
       2013-12-08  6add221  #54280          [BUGFIX] Fix failing test (Anja Leichsenring)
       2013-12-02  0c3fa95  #54124          [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
       2013-12-02  d353ab0  #54120          Revert "[BUGFIX] Object passed to date()" (Markus Klein)
       2013-11-29  309e93a  #42651          [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
       2013-11-26  1d95cad  #25157,#45550   [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
    tron committed Dec 17, 2013
Commits on Dec 16, 2013
  1. Pullup ticket #4273 - requested by taca

    net/samba: security update
    
    Revisions pulled up:
    - net/samba/Makefile                                            1.241
    - net/samba/distinfo                                            1.96
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Mon Dec  9 10:44:22 UTC 2013
    
       Modified Files:
       	pkgsrc/net/samba: Makefile distinfo
    
       Log Message:
       Update samba to 3.6.22; Security fix for CVE-2012-6150.
    
       Changes since 3.6.21:
       ---------------------
    
       o   Jeremy Allison <jra@samba.org>
           * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
    
       o   Stefan Metzmacher <metze@samba.org>
           * BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field.
    
       o   Noel Power <noel.power@suse.com>
           * BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't
             member of *any* require_membership_of specified groups.
    
       Changes since 3.6.20:
       ---------------------
    
       o   Jeremy Allison <jra@samba.org>
           * BUG 10139: Valid utf8 filenames cause "invalid conversion error"
             messages.
           * BUG 10167: s3-smb2 server: smb2 breaks "smb encryption = mandatory".
           * BUG 10187: Missing talloc_free can leak stackframe in error path.
           * BUG 10247: xattr: Fix listing EAs on *BSD for non-root users.
    
       o   Korobkin <korobkin+samba@gmail.com>
           * BUG 10118: Raise debug level for being unable to open a printer.
    
       o   Volker Lendecke <vl@samba.org>
           * BUG 10195: nsswitch: Fix short writes in winbind_write_sock.
    
       o   Arvid Requate <requate@univention.de>
           * BUG 10267: Fix Windows 8 printing via local printer drivers.
    
       o   Andreas Schneider <asn@cryptomilk.org>
           * BUG 10194: Make offline logon cache updating for cross child domain
             group membership.
    tron committed Dec 16, 2013
  2. Pullup ticket #4272 - requested by taca

    www/typo3_61: security update
    
    Revisions pulled up:
    - www/typo3_61/Makefile                                         1.2-1.3
    - www/typo3_61/PLIST                                            1.2
    - www/typo3_61/distinfo                                         1.2-1.3
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:45:04 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_61: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_61 to 6.1.6 (TYPO3 6.1.6).
    
       2013-11-26  3f69433                  [RELEASE] Release of TYPO3 6.1.6 (TYPO3 Release Team)
       2013-11-26  3eda399  #53918          [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos)
       2013-11-24  93ed8d2  #51650          [BUGFIX] TS: Allow "0" as strPad.padWith (Lars Peipmann)
       2013-11-24  aed6051  #15958          [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft)
       2013-11-21  7042298  #53802          [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris)
       2013-11-21  b78c694  #53844          [BUGFIX] Fix regression in ResourceCompressor (Markus Klein)
       2013-11-20  3d3de05  #53243          [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru)
       2013-11-20  6c5d53d  #53458          [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra)
       2013-11-20  52b751e                  Revert "[BUGFIX] Page module: Allow to paste in empty columns" (Markus Klein)
       2013-11-20  dbcaf93  #44002,#35980,  [BUGFIX] Page module: Allow to paste in empty columns (Bernhard Kraft)
       2013-11-19  023014c  #38766          [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel)
       2013-11-19  9d97a70  #53773          [BUGFIX] Fix JS error in lang module (Markus Klein)
       2013-11-19  170f084  #53750          [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos)
       2013-11-19  abcd5e9  #34544          [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger)
       2013-11-19  ba82fac  #51998          [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel)
       2013-11-19  571c8c9  #53746          [TASK] Optimization in AbstractViewHelper (Wouter Wolters)
       2013-11-18  33b0d1b  #53707          [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes)
       2013-11-18  fbd9379  #53711          [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein)
       2013-11-18  fa87ad9  #53014          [BUGFIX] Check for query failures in admin methods (Thomas Maroschik)
       2013-11-15  7223b78                  Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel)
       2013-11-14  62f7e87  #45724          [BUGFIX] FILES.folder does not work (Stefan Froemken)
       2013-11-14  c65640d  #51234          [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe)
       2013-11-14  35a95b0  #17493          [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind)
       2013-11-13  fd66dfc  #25157,#45550   [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer)
       2013-11-13  0641f4f  #51918          [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader)
       2013-11-12  9aa1fa2  #52926          [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn)
       2013-11-12  fa77640  #53115          [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind)
       2013-11-12  259c64d  #22136          [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz)
       2013-11-12  ffd8480  #52934          [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind)
       2013-11-12  c3b0ebc  #53399          [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru)
       2013-11-12  dcdb7bb  #52904          [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer)
       2013-11-12  cf50919  #53538          [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind)
       2013-11-11  fbb19b4  #52727          [TASK] Hard-coded labels in file collections (Tomita Militaru)
       2013-11-11  3dd29c3  #37948          [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar)
       2013-11-11  a3153a3  #52488          [BUGFIX] Call to FlashMessageQueue::addMessage() method in extbase (Markus Klein)
       2013-11-11  b61f34f  #53423          [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind)
       2013-11-10  093d7ac  #52173          [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny)
       2013-11-09  7015242  #53477          [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter)
       2013-11-09  827bf21  #47040          [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken)
       2013-11-09  0b03e72  #53195          [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind)
       2013-11-08  6f1625f  #29179          [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru)
       2013-10-23  d34bde3  #31572          [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche)
       2013-10-18  840a3a6  #35073          [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer)
       2013-10-17  775a077  #52931          [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind)
       2013-10-17  0382419  #52570          [TASK] Tests for Persistence\Generic\Backend::getIdentifierByObject (Stefan Neufeind)
       2013-10-17  b78dc4e  #50548          [BUGFIX] Getting the identifier for a lazy object fails (Marc Bastian Heinrichs)
       2013-10-16  2f1fb3f  #52529          [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle)
       2013-10-16  b218036  #52823          [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik)
       2013-10-16  88cc508                  [BUGFIX] Follow-Up: Fatal error due to missing use statement (Sascha Egerer)
       2013-10-15  1761850  #52845          [BUGFIX] Moving folders fails (Oliver Hader)
       2013-10-15  be9b7c7  #50802          [BUGFIX] Only load folder contents if folder is initialised (Frans Saris)
       2013-10-15  ce693d8  #52824          [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader)
       2013-10-15  8be996a  #51707          [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken)
       2013-10-15  992e4ef  #52771          [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert)
       2013-10-14  50942c2  #52773          [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes)
       2013-10-13  2889f13  #52759          [BUGFIX] Object passed to date() (Xavier Perseguers)
       2013-10-12  f4f2756  #52731          [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn)
       2013-10-12  d68c114  #52728          [BUGFIX] Use BackendUtility use statement (Anja Leichsenring)
       2013-10-12  33d4415  #52104          [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes)
       2013-10-12  e3d02ef  #52715          [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind)
       2013-10-11  a3f8dfe  #52708          [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler)
       2013-10-11  9b4462b  #50912          [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader)
       2013-10-11  d910b2b  #51051          [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader)
       2013-10-11  1483967  #37611          [BUGFIX] Select available page when changing WS (Thorsten Kahler)
       2013-10-11  f4e1b0e  #52636          [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler)
       2013-10-11  ed4e368  #17551          [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer)
       2013-10-11  6f47aa5  #36573          [BUGFIX] Add workspace overlay for fetched records. (Timo Webler)
       2013-10-11  d6b57e8  #37209          [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler)
       2013-10-11  fcad15e  #52530          [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer)
       2013-10-11  3ac3429  #37065          [BUGFIX] Don't show duplicates in workspace preview (Timo Webler)
       2013-10-10  394d12e  #52178          [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers)
       2013-10-07  8f1afaf  #49538          [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer)
       2013-10-07  98625ae  #52546          [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe)
       2013-10-05  dc5b2f1  #52469          [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos)
       2013-09-30  6b2512a  #43540          [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov)
       2013-09-28  3a3edf1  #48809,#51730,  [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog)
       2013-09-28  9535891  #51329          [BUGFIX] Initialize extension name in command requests (Alexander Stehlik)
       2013-09-27  06723a0  #52045          [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein)
       2013-09-27  219c381  #51588          [BUGFIX] Clear cached menu by tag (Zbigniew Jacko)
       2013-09-27  b41847a  #50437          [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick)
       2013-09-26  6bdc8ad  #52091,#51684   [BUGFIX] Check for string before using strlen (Kilian Hann)
       2013-09-26  9be6739  #52266          [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken)
       2013-09-26  d3bf620  #50913          [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier)
       2013-09-26  993dd5d  #52316          [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn)
       2013-09-26  bb94fe0  #52305          [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn)
       2013-09-26  52ff400  #52295          [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn)
       2013-09-25  f0fe1c4  #52226          [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers)
       2013-09-25  db5fb24  #51116          [BUGFIX] Increase performance of exports for caches (Markus Klein)
       2013-09-25  28ee210  #52243          [BUGFIX] Remove duplicate exception code (Fabien Udriot)
       2013-09-24  3f53e6b  #52173          [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny)
       2013-09-24  1d17a21  #52201          [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters)
       2013-09-23  ae9b606  #44825          [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel)
       2013-09-20  7d08d29  #48912          [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes)
       2013-09-20  e0600ed  #52056          [BUGFIX] Wrong exception on renaming folder (Francois Suter)
       2013-09-19  9423c2c  #49328          [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik)
       2013-09-17  fd534b6  #45859          [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader)
       2013-09-17  ce68bcd  #19045          [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind)
       2013-09-17  fb5bbbf  #50907          [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny)
       2013-09-13  0fe373b  #51981          [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein)
       2013-09-12  b0c54dc  #51803          [TASK] Use a 401 header if login is not successful (Georg Ringer)
       2013-09-12  7169032  #47744          [BUGFIX] Replace SHOW DATABASE by query to schema (Alexander Opitz)
       2013-09-12  ddf74b0  #51891          [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Dec 10 15:22:20 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_61: Makefile distinfo
    
       Log Message:
       Update typo3_61 package to 6.1.7 (TYPO3 6.1.7).
    
       - Fix multiple vulnerabilities in TYPO3 CMS:
       	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
    
       2013-12-10  afbadea                  [RELEASE] Release of TYPO3 6.1.7 (TYPO3 Release Team)
       2013-12-10  7481971  #31206          [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
       2013-12-10  cb8db28  #42772          [SECURITY] XSS in colorpicker wizard (Marcus Krause)
       2013-12-10  2d29894  #45043          [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
       2013-12-10  dca9c88  #48691          [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs)
       2013-12-10  450e5d3  #41714          [SECURITY] Information Disclosure in Wizards (Helmut Hummel)
       2013-12-10  7e7f9e3  #54099          [SECURITY] Fix open redirection in openid extension (Helmut Hummel)
       2013-12-10  ad11945  #36768          [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
       2013-12-10  18e0491  #47086          [SECURITY] XSS in beuser VH (Anja Leichsenring)
       2013-12-10  cbbeefd  #54074          [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
       2013-12-10  163947a  #54073          [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter)
       2013-12-02  d21a628  #54124          [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
       2013-12-02  e538020  #54117          [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind)
       2013-11-29  3a66a0e  #42651          [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
    tron committed Dec 16, 2013
  3. Pullup ticket #4271 - requested by taca

    www/typo3_60: security update
    
    Revisions pulled up:
    - www/typo3_60/MESSAGE                                          1.1
    - www/typo3_60/Makefile                                         1.6-1.7
    - www/typo3_60/PLIST                                            1.6
    - www/typo3_60/distinfo                                         1.6-1.7
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:44:04 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_60: Makefile PLIST distinfo
       Added Files:
       	pkgsrc/www/typo3_60: MESSAGE
    
       Log Message:
       Update typo60 to 6.0.11 (TYPO3 6.0.11).  Also add MESSAGE file.
    
       2013-11-26  5e5f1d2                  [RELEASE] Release of TYPO3 6.0.11 (TYPO3 Release Team)
       2013-11-26  762cb0a  #53918          [BUGFIX] t3skin calls addIconSprite for each lang (Michiel Roos)
       2013-11-24  96944c0  #15958          [BUGFIX] Reload list module on clickmenu action (Bernhard Kraft)
       2013-11-21  9e2a0a1  #53802          [BUGFIX] Fix moving/copying files and folders between storages (Frans Saris)
       2013-11-21  487903a  #53844          [BUGFIX] Fix regression in ResourceCompressor (Markus Klein)
       2013-11-20  aed68c8  #53243          [BUGFIX] Filemtime / Filesize trigger warning (Tomita Militaru)
       2013-11-20  2857828  #53458          [BUGFIX] Fluid paginate widget wrong number of links (Klaas Johan Kooistra)
       2013-11-19  3d6f5be  #53773          [BUGFIX] Fix JS error in lang module (Markus Klein)
       2013-11-19  ea58bd5  #53750          [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos)
       2013-11-19  055e6a5  #34544          [BUGFIX] fix javascript error "TBE_EDITOR not defined" in sys_action (Ralf Hettinger)
       2013-11-19  6c6582a  #51998          [BUGFIX] ExtDirect StateProvider should store all settings (Johannes Feustel)
       2013-11-19  9a5858d  #53746          [TASK] Optimization in AbstractViewHelper (Wouter Wolters)
       2013-11-18  464a804  #53707          [BUGFIX] Rename hook in VariableFrontend.php (Nicole Cordes)
       2013-11-18  ad98c0a  #53711          [BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc (Markus Klein)
       2013-11-15  d33b4eb                  Revert "[BUGFIX] EM: Fetch list as html, not as json" (Helmut Hummel)
       2013-11-14  ecd873f  #45724          [BUGFIX] FILES.folder does not work (Stefan Froemken)
       2013-11-14  2fef8ad  #51234          [BUGFIX] Move beuser property mappings to global scope (Philipp Gampe)
       2013-11-14  c9c7551  #17493          [BUGFIX] Fix broken edit icons on cType HTML (Stefan Neufeind)
       2013-11-13  c372d65  #25157,#45550   [BUGFIX] Distinguish unassigend columns and colPos 0 (Georg Ringer)
       2013-11-13  e6b77d8  #51918          [BUGFIX] Native date and datetime values do not consider timezone (Oliver Hader)
       2013-11-12  0e4f15a  #52926          [BUGFIX] Compressor resolves dots in filenames correctly (Christian Kuhn)
       2013-11-12  6163c42  #53115          [BUGFIX] T3editor: Make errors/exceptions show correctly (Stefan Neufeind)
       2013-11-12  4435311  #22136          [BUGFIX] Fix menu popup for all IE versions (Alexander Opitz)
       2013-11-12  53a5a1a  #52934          [BUGFIX] dataTables: Avoid sending cookie-data too often (Stefan Neufeind)
       2013-11-12  94c4d70  #53399          [BUGFIX] Wrong usage-text for cli_dispatch (Tomita Militaru)
       2013-11-12  f113773  #52904          [BUGFIX] Evaluator in JS fails with namespaces (Stefan Aebischer)
       2013-11-12  9678fc6  #53538          [BUGFIX] Make be.buttons.icon-ViewHelper extensible (Stefan Neufeind)
       2013-11-11  e9bc5e1  #52727          [TASK] Hard-coded labels in file collections (Tomita Militaru)
       2013-11-11  bc9a847  #37948          [BUGFIX] Correctly append additionalTreelistUpdateFields (Bart Dubelaar)
       2013-11-11  a8f0d86  #53423          [BUGFIX] EM: Fetch list as html, not as json (Stefan Neufeind)
       2013-11-11  6f4ae27  #48809,#51730,  [BUGFIX] Fix wrong handling of php and TYPO3 dependencies (Susanne Moog)
       2013-11-10  907d5b1  #52173          [BUGFIX] Correct storage selection (follow-up) (Ernesto Baschny)
       2013-11-09  b7a6f48  #53477          [TASK] Fix superfluous strlen() on constant strings (Steffen Ritter)
       2013-11-09  58f1fa5  #47040          [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Froemken)
       2013-11-09  cb14179  #53195          [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind)
       2013-11-08  c3773a4  #29179          [BUGFIX] Escape title, extension, description of scheduler tasks (Tomita Militaru)
       2013-10-23  648018e  #31572          [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche)
       2013-10-18  8c21be4  #35073          [BUGFIX] Enable BE search for multiple mountpoints (Georg Ringer)
       2013-10-17  fe876a8  #52931          [TASK] Exclude central Modernizr from concatenation (Stefan Neufeind)
       2013-10-16  04e4a4b  #52529          [BUGFIX] Suppress empty tag names in output of array2xml (Markus Hoelzle)
       2013-10-16  ac2b59e  #52823          [BUGFIX] Preserve vendor name in refering request (Thomas Maroschik)
       2013-10-15  693b575  #52845          [BUGFIX] Moving folders fails (Oliver Hader)
       2013-10-15  85d0653  #50802          [BUGFIX] Only load folder contents if folder is initialised (Frans Saris)
       2013-10-15  38958f0  #52824          [BUGFIX] Superfluous usage of ObjectManagerException (Oliver Hader)
       2013-10-15  4ba140a  #51707          [FEATURE] Add getValidators to AbstractCompositeValidator (Stefan Froemken)
       2013-10-15  1156074  #52771          [BUGFIX] Use callback in preg_replace in RemoveXSS (Jigal van Hemert)
       2013-10-14  c577f9e  #52773          [BUGFIX] Detect unix-styled absolute paths on Windows systems (Nicole Cordes)
       2013-10-13  6cc1f7a  #52759          [BUGFIX] Object passed to date() (Xavier Perseguers)
       2013-10-12  f272d54  #52731          [TASK] Use 6.1 branch in travis-integration for travis (Christian Kuhn)
       2013-10-12  6cbf164  #52728          [BUGFIX] Use BackendUtility use statement (Anja Leichsenring)
       2013-10-12  13c6602  #52104          [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes)
       2013-10-12  23b8d11  #52715          [BUGFIX] Prevent empty newline below scheduler-task-name (Stefan Neufeind)
       2013-10-11  a909546  #52708          [BUGFIX] DataMapFactory::resolveTableName must remove leading backslashes (Alexander Schnitzler)
       2013-10-11  5faa4da  #50912          [BUGFIX] BackendUtility::viewOnClick() called with non-integer (Oliver Hader)
       2013-10-11  13c5bf9  #51051          [BUGFIX] Clear_cache() must not consider page ids lower than 0 (Oliver Hader)
       2013-10-11  17fe304  #37611          [BUGFIX] Select available page when changing WS (Thorsten Kahler)
       2013-10-11  e30b70b  #52636          [BUGFIX] Copy records to target page before origin page is deleted (Timo Webler)
       2013-10-11  db7d3e5  #17551          [BUGFIX] Create workspace placeholder with processed field content (Sascha Egerer)
       2013-10-11  660e030  #36573          [BUGFIX] Add workspace overlay for fetched records. (Timo Webler)
       2013-10-11  7c837df  #37209          [BUGFIX] WS preview shows pages changes from all WS (Thorsten Kahler)
       2013-10-11  5aeddac  #52530          [BUGFIX] Delete modified record in WS just deletes WS version (Sascha Egerer)
       2013-10-11  f561b99  #37065          [BUGFIX] Don't show duplicates in workspace preview (Timo Webler)
       2013-10-10  b4b0b0e  #52178          [BUGFIX] Cannot upload an extension as zip (Xavier Perseguers)
       2013-10-07  31e44bd  #46845          [BUGFIX] Fix namespace in FileMountRepositoryTest (Marc Bastian Heinrichs)
       2013-10-07  a7da230  #49538          [BUGFIX] Fields of type file_reference are not properly indexed (Martin Borer)
       2013-10-07  388c02d  #52546          [BUGFIX] Missing closing tag in ElementBrowser (Philipp Gampe)
       2013-10-06  30d93b4  #50756          [FEATURE] Backport ClassNamingUtility (Stefan Neufeind)
       2013-10-05  d6a8e68  #52469          [TASK] Use instanceof comparison instead of string comparison (Benjamin Serfhos)
       2013-09-30  8e1ea88  #43540          [BUGFIX] TS is fetched from cache incorrectly sometimes (Dmitry Dulepov)
       2013-09-28  a2532bb  #51329          [BUGFIX] Initialize extension name in command requests (Alexander Stehlik)
       2013-09-28  7144eb5  #52346          [BUGFIX] Incomplete backup in AbstractUserAuthenticationTest (Christian Kuhn)
       2013-09-27  9c200ea  #52091,#51684   [BUGFIX] Check for string before using strlen (Kilian Hann)
       2013-09-27  128d147  #52045          [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein)
       2013-09-27  9fa9f15  #51588          [BUGFIX] Clear cached menu by tag (Zbigniew Jacko)
       2013-09-27  30af6a5  #50437          [BUGFIX] Fix jumpToUrl()-Usage in Element Browser (Benjamin Pick)
       2013-09-26  77c69e7  #52266          [BUGFIX] groupFor-VH does not work with @lazy (Stefan Froemken)
       2013-09-26  3f0cc99  #50913          [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier)
       2013-09-26  919541b  #52316          [BUGFIX] Fatal in DefaultConfiguration (Christian Kuhn)
       2013-09-26  0deefa0  #52305          [BUGFIX] Configure main extbase caches for unlimited entry lifetime (Christian Kuhn)
       2013-09-26  d00db27  #52295          [TASK] Use SimpleFileBackend for t3lib_l10n cache (Christian Kuhn)
       2013-09-25  d01851c  #52226          [BUGFIX] EM does not link to docs.typo3.org (Xavier Perseguers)
       2013-09-25  68bb292  #51116          [BUGFIX] Increase performance of exports for caches (Markus Klein)
       2013-09-25  3f8cd14  #52243          [BUGFIX] Remove duplicate exception code (Fabien Udriot)
       2013-09-24  7151ce0  #52173          [BUGFIX] Correct storage selection (common prefixes) (Ernesto Baschny)
       2013-09-24  0a80fb6  #52201          [BUGFIX] Fix broken Unit-test for #44825 (Wouter Wolters)
       2013-09-23  be4627f  #44825          [BUGFIX] Fix page.headerData + USER_INT (Helmut Hummel)
       2013-09-20  580a576  #48912          [BUGFIX] Increase length of identifier field in sys_file (Nicole Cordes)
       2013-09-20  cb6bf25  #52056          [BUGFIX] Wrong exception on renaming folder (Francois Suter)
       2013-09-19  cdba66b  #49328          [BUGFIX] Fix PHP warning when writing to Backend user log (Alexander Stehlik)
       2013-09-17  23e6007  #45859          [BUGFIX] Faulty expand/collapse behavior in Element Browser (Oliver Hader)
       2013-09-17  c79315a  #19045          [BUGFIX] Fix cropping of transparent gifs with im6. (Stefan Neufeind)
       2013-09-17  aa4ab27  #50907          [BUGFIX] Form Wizard: Adds mouse pointer to docheader icons (Ernesto Baschny)
       2013-09-13  22ee660  #51981          [BUGFIX] Also consider JPEG files for IM/GM (Markus Klein)
       2013-09-12  40cb0a4  #51803          [TASK] Use a 401 header if login is not successful (Georg Ringer)
       2013-09-12  903046f  #51891          [BUGFIX] Call to undefined method setTemplateFile (Wouter Wolters)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Dec 10 15:21:30 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_60: Makefile distinfo
    
       Log Message:
       Update typo3_60 package to 6.0.12 (TYPO3 6.0.12).
    
       - Fix multiple vulnerabilities in TYPO3 CMS:
       	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
    
       2013-12-10  55ea17b                  [RELEASE] Release of TYPO3 6.0.12 (TYPO3 Release Team)
       2013-12-10  c703d1d  #31206          [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
       2013-12-10  0f1e28b  #42772          [SECURITY] XSS in colorpicker wizard (Marcus Krause)
       2013-12-10  1cbe889  #45043          [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
       2013-12-10  79f6850  #48691          [SECURITY] XSS in backend user adminstration (Marc Bastian Heinrichs)
       2013-12-10  b22cbce  #41714          [SECURITY] Information Disclosure in Wizards (Helmut Hummel)
       2013-12-10  e4134ae  #54099          [SECURITY] Fix open redirection in openid extension (Helmut Hummel)
       2013-12-10  2fb0277  #48187          [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Anja Leichsenring)
       2013-12-10  bd6095f  #36768          [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
       2013-12-10  872cf3d  #47086          [SECURITY] XSS in beuser VH (Anja Leichsenring)
       2013-12-10  cb55c53  #54074          [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
       2013-12-10  578cc80  #54073          [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Steffen Ritter)
       2013-12-02  9757d0c  #54124          [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
       2013-12-02  5bf7430  #54117          [BUGFIX] Add missing namespacing for calling GeneralUtility (Stefan Neufeind)
       2013-11-29  30e1f41  #42651          [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
    tron committed Dec 16, 2013
  4. Pullup ticket #4270 - requested by taca

    www/typo3_47: security update
    
    Revisions pulled up:
    - www/typo3_47/MESSAGE                                          1.1
    - www/typo3_47/Makefile                                         1.19-1.20
    - www/typo3_47/PLIST                                            1.10
    - www/typo3_47/distinfo                                         1.14-1.15
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:42:21 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_47: Makefile distinfo
       Added Files:
       	pkgsrc/www/typo3_47: MESSAGE
    
       Log Message:
       Update typo347 to 4.7.16 (TYPO3 4.7.16).
    
       2013-11-26  95a730f                  [RELEASE] Release of TYPO3 4.7.16 (TYPO3 Release Team)
       2013-11-19  5975854  #53758          [BUGFIX] Table cache_imagesizes is defined twice (Michiel Roos)
       2013-11-19  7d0a241  #53750          [BUGFIX] Scheduler extension sql file is invalid (Michiel Roos)
       2013-11-11  90f4945  #31998          [BUGFIX] Faulty check for missing SMTP port (Stefan Neufeind)
       2013-11-11  f328884  #47040          [BUGFIX] Enable treeConfig overriding by Page TSconfig (Stefan Neufeind)
       2013-11-09  2c82f33  #29179          [BUGFIX] Escape title, extension, description of scheduler tasks (Stefan Neufeind)
       2013-11-09  d683693  #53195          [BUGFIX] T3editor: Honour fileDenyPattern on saving included TS (Stefan Neufeind)
       2013-10-28  37c4f0b  #53075          [BUGFIX] Cannot auto-load SC_* classes (Ernesto Baschny)
       2013-10-23  ceba809  #31572          [BUGFIX] Exception using cObject FORM in TypoScript (Andreas Bouche)
       2013-10-23  f8f155e  #43540          [BUGFIX] TS is fetched from cache incorrectly sometimes (Jigal van Hemert)
       2013-10-22  2ce69d2  #50881          [TASK] Added missing core autoloaded files (Ernesto Baschny)
       2013-10-13  d361b29  #52759          [BUGFIX] Object passed to date() (Philipp Gampe)
       2013-10-12  3699866  #52104          [BUGFIX] Wrong calculation of maximum value for checkbox fields (Nicole Cordes)
       2013-10-11  073dd57  #36573          [BUGFIX] Add workspace overlay for fetched records. (Anja Leichsenring)
       2013-10-06  f26f2f1  #52045          [BUGFIX] EmConfUtility accesses non-arrays (Markus Klein)
       2013-09-27  fda9783  #52091,#51684   [BUGFIX] Check for string before using strlen (Markus Klein)
       2013-09-26  9673d7e  #50913          [BUGFIX] Fix PHP warning trigged in getAuthInfoArray() (Christian Finkemeier)
       2013-09-26  e06f05a  #34886          [BUGFIX] CF FileBackend unlimited lifetime support (Dominique Feyer)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Dec 10 15:20:03 UTC 2013
    
       Modified Files:
       	pkgsrc/www/typo3_47: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_47 package to 4.7.17 (TYPO3 4.7.17).
    
       - Fix multiple vulnerabilities in TYPO3 CMS:
       	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
       - Enable PHP_VERSIONS_ACCEPTED which was accidently commented out by previous
         commit.
    
       2013-12-10  9e378dd                  [RELEASE] Release of TYPO3 4.7.17 (TYPO3 Release Team)
       2013-12-10  efa9e0b  #45043          [SECURITY] Prevent editor controlled hmac content (Franz G. Jahn)
       2013-12-10  d207548  #42772          [SECURITY] XSS in colorpicker wizard (Anja Leichsenring)
       2013-12-10  92712d6  #31206          [SECURITY] XSS in header link of all content elements (Anja Leichsenring)
       2013-12-10  573f720  #20811          [SECURITY] XSS vulnerability in extension manager (Marcus Krause)
       2013-12-10  b7eac59  #41714          [SECURITY] Information Disclosure in Wizards (Anja Leichsenring)
       2013-12-10  319a06c  #54099          [SECURITY] Fix open redirection in openid extension (Anja Leichsenring)
       2013-12-10  834afa5  #48187          [SECURITY] feuser_adminLib.inc allows to set arbitrary fields (Steffen Ritter)
       2013-12-10  aa08f14  #36768          [SECURITY] XSS in be_layout wizard (Anja Leichsenring)
       2013-12-10  f3b5a6a  #54074          [SECURITY] Remove possible XSS from ActionController Error output (Anja Leichsenring)
       2013-12-10  0bc4fc4  #54073          [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard (Marcus Krause)
       2013-12-02  c400e94  #54124          [BUGFIX] ClientUtility does not detect Internet Explorer 11 (Stefan Neufeind)
       2013-12-02  124a913  #54120          Revert "[BUGFIX] Object passed to date()" (Markus Klein)
       2013-12-01  3f2e971                  Revert "[BUGFIX] Distinguish unassigend columns and colPos 0" (Steffen Ritter)
       2013-11-29  a7dbbbf  #42651          [BUGFIX] ext:adodb Restrict connection wizard to admins (Christian Kuhn)
       2013-11-26  542bd7d  #25157,#45550   [BUGFIX] Distinguish unassigend columns and colPos 0 (Philipp Gampe)
    tron committed Dec 16, 2013
  5. Pullup ticket #4269 - requested by taca

    lang/php53: security update
    lang/php54: security update
    lang/php55: security update
    
    Revisions pulled up:
    - lang/php/phpversion.mk                                        1.46-1.52
    - lang/php53/Makefile                                           1.44-1.45
    - lang/php53/Makefile.php                                       1.38
    - lang/php53/distinfo                                           1.69-1.70
    - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1
    - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1
    - lang/php53/patches/patch-ext_openssl_openssl.c                deleted
    - lang/php54/Makefile                                           1.15-1.16
    - lang/php54/distinfo                                           1.28-1.31
    - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1
    - lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1
    - lang/php55/Makefile                                           1.6-1.7
    - lang/php55/PLIST                                              1.2
    - lang/php55/distinfo                                           1.7-1.12
    - lang/php55/patches/patch-configure                            1.3
    - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c 1.1
    - lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re 1.1
    - lang/php55/patches/patch-ext_opcache_config.m4                1.1
    - lang/php55/patches/patch-ext_sockets_sockaddr__conv.c         1.1
    - lang/php55/patches/patch-sockaddr__conv.c                     deleted
    - net/php-sockets/Makefile                                      1.12
    
    ---
       Module Name:	pkgsrc
       Committed By:	joerg
       Date:		Tue Oct 15 14:43:51 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php55: distinfo
       Added Files:
       	pkgsrc/lang/php55/patches: patch-sockaddr__conv.c
    
       Log Message:
       Add patch that would fix the build of net/php-sockets for PHP 5.5, if I
       knew how to get it applied.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue Oct 15 15:46:37 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php55: distinfo
       	pkgsrc/net/php-sockets: Makefile
       Added Files:
       	pkgsrc/lang/php55/patches: patch-ext_sockets_sockaddr__conv.c
       Removed Files:
       	pkgsrc/lang/php55/patches: patch-sockaddr__conv.c
    
       Log Message:
       Fix php-socket with php55.
    
       - Use USE_PHP_EXT_PATCHES in net/php-sockets.
       - Make AI_V4MAPPED noop if platform dosen't have it.
    
       It is poor assumption that AI_V4MAPPED is always defined and V4 mapped
       address is always available.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Oct 18 12:25:12 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: distinfo
    
       Log Message:
       Update php54 to 5.4.21 (PHP 5.4.21).
    
       17 Oct 2013, PHP 5.4.21
    
       - Core:
         . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
    
       - CLI server:
         . Fixed bug #65633 (built-in server treat some http headers as
           case-sensitive). (Adam)
    
       - Datetime:
         . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
           message). (Boro Sitnikovski)
    
       - DBA extension:
         . Fixed bug #65708 (dba functions cast $key param to string in-place,
           bypassing copy on write). (Adam)
    
       - Filter:
         . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
         . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
           (Syra)
    
       - IMAP:
         . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
           imap). (ryotakatsuki at gmail dot com)
    
       - Standard:
         . Fixed bug #61548 (content-type must appear at the end of headers for 201
           Location to work in http). (Mike)
    
       - Build system:
         . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
           gzencode())). (Mike)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Oct 18 15:49:08 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: distinfo
       	pkgsrc/lang/php55/patches: patch-configure
       Added Files:
       	pkgsrc/lang/php55/patches: patch-ext_opcache_config.m4
    
       Log Message:
       Update php55 to 5.5.5.
    
       17 Oct 2013, PHP 5.5.5
    
       - Core:
         . Fixed bug #64979 (Wrong behavior of static variables in closure generators).
           (Nikita)
         . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita)
         . Fixed bug #65821 (By-ref foreach on property access of string offset
           segfaults). (Nikita)
    
       - CLI server:
         . Fixed bug #65633 (built-in server treat some http headers as
           case-sensitive). (Adam)
         . Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
           encoding). (Felipe)
         . Added application/pdf to PHP CLI Web Server mime types (Chris Jones)
    
       - Datetime:
         . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error
           message). (Boro Sitnikovski)
         . Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
           (Boro Sitnikovski)
         . Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
           (Boro Sitnikovski)
    
       - DBA extension:
         . Fixed bug #65708 (dba functions cast $key param to string in-place,
           bypassing copy on write). (Adam)
    
       - Filter:
         . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn)
         . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
           (Syra)
    
       - FTP:
         . Fixed bug #65667 (ftp_nb_continue produces segfault). (Philip Hofstetter)
    
       - GD
         . Ensure that the defined interpolation method is used with the generic
           scaling methods. (Pierre)
    
       - IMAP:
         . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling
           imap). (ryotakatsuki at gmail dot com)
    
       - OPcache:
         . Added support for GNU Hurd. (Svante Signell)
         . Added function opcache_compile_file() to load PHP scripts into cache
           without execution. (Julien)
         . Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
           (Dmitry)
         . Fixed bug #65665 (Exception not properly caught when opcache enabled).
           (Laruence)
         . Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry)
         . Fixed issue #135 (segfault in interned strings if initial memory is too
           low). (Julien)
    
       - Sockets:
         . Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
           (Mike)
    
       - SPL:
         . Fix bug #64782 (SplFileObject constructor make $context optional / give it
           a default value). (Nikita)
    
       - Standard:
         . Fixed bug #61548 (content-type must appear at the end of headers for 201
           Location to work in http). (Mike)
    
       - XMLReader:
         . Fixed bug #51936 (Crash with clone XMLReader). (Mike)
         . Fixed bug #64230 (XMLReader does not suppress errors). (Mike)
    
       - Build system:
         . Fixed bug #51076 (race condition in shtool's mkdir -p implementation).
           (Mike, Raphael Geissert)
         . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing
           gzencode())). (Mike)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Nov 15 16:33:14 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: PLIST distinfo
    
       Log Message:
       Update php55 package to 5.5.6.
    
       14 Nov 2013, PHP 5.5.6
    
       - Core:
         . Fixed bug #65947 (basename is no more working after fgetcsv in certain
           situation). (Laruence)
         . Improved performance of array_merge() and func_get_args() by eliminating
           useless copying. (Dmitry)
         . Fixed bug #65939 (Space before ";" breaks php.ini parsing).
           (brainstorm at nopcode dot org)
         . Fixed bug #65911 (scope resolution operator - strange behavior with $this).
           (Bob Weinand)
         . Fixed bug #65936 (dangling context pointer causes crash). (Tony)
    
       - FPM:
         . Changed default listen() backlog to 65535. (Tony)
    
       - MySQLi:
         . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
    
       - OPcache
         . Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris)
         . Fixed issue #115 (path issue when using phar). (Dmitry)
         . Fixed issue #149 (Phar mount points not working with OPcache enabled).
         (Dmitry)
    
       - ODBC
         . Fixed bug #65950 (Field name truncation if the field name is bigger than
           32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo)
    
       - PDO:
         . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement
           throws an exception). (Laruence)
         . Fixed bug 65946 (sql_parser permanently converts values bound to strings)
    
       - Standard:
         . Fixed bug #64760 (var_export() does not use full precision for floating-point
           numbers) (Yasuo)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat Nov 16 09:45:26 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: distinfo
    
       Log Message:
       Update php54 to 5.4.22.
    
       Version 5.4.22
       14-Nov-2013
    
       * Core:
    
           - Fixed bug #65911 (scope resolution operator - strange behavior with
             $this).
    
       CLI server:
    
           - Fixed bug #65818 (Segfault with built-in webserver and chunked transfer
             encoding).
    
       * Exif:
    
           - Fixed crash on unknown encoding.
    
       * FTP:
    
           - Fixed bug #65667 (ftp_nb_continue produces segfault).
    
       * ODBC:
    
           - Fixed bug #65950 (Field name truncation if the field name is bigger than
             32 characters).
    
       * Sockets:
    
           - Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
    
       * Standard:
    
           - Fixed bug #64760 (var_export() does not use full precision for
             floating-point numbers).
    
       * XMLReader:
    
           - Fixed bug #51936 (Crash with clone XMLReader).
           - Fixed bug #64230 (XMLReader does not suppress errors).
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:16:40 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile distinfo
       Added Files:
       	pkgsrc/lang/php53/patches: patch-ext_date_lib_parse__iso__intervals.c
       	    patch-ext_date_lib_parse__iso__intervals.re
    
       Log Message:
       Add fix for CVE-2013-6712, ext/date DoS vulnerability.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:17:15 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php54: Makefile distinfo
       Added Files:
       	pkgsrc/lang/php54/patches: patch-ext_date_lib_parse__iso__intervals.c
       	    patch-ext_date_lib_parse__iso__intervals.re
    
       Log Message:
       Add fix for CVE-2013-6712, ext/date DoS vulnerability.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Dec  5 16:17:48 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php55: Makefile distinfo
       Added Files:
       	pkgsrc/lang/php55/patches: patch-ext_date_lib_parse__iso__intervals.c
       	    patch-ext_date_lib_parse__iso__intervals.re
    
       Log Message:
       Add fix for CVE-2013-6712, ext/date DoS vulnerability.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Dec 13 15:30:35 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php53: Makefile Makefile.php distinfo
       Removed Files:
       	pkgsrc/lang/php53/patches: patch-ext_openssl_openssl.c
    
       Log Message:
       Update php53 to 5.3.28 (PHP 5.3.28).
    
       12 Dec 2013, PHP 5.3.28
    
       - Openssl:
         . Fixed handling null bytes in subjectAltName (CVE-2013-4073).
           (Christian Heimes)
         . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
           (Stefan Esser).
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Dec 13 15:32:21 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: Makefile distinfo
    
       Log Message:
       Update php54 to 5.4.23 (PHP 5.4.23).
    
       28 Nov 2013, PHP 5.4.23
    
       - Core:
         . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
           string). (Laruence)
         . Fixed bug #65947 (basename is no more working after fgetcsv in certain
           situation). (Laruence)
    
       - JSON
         . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and
           case-sensitivity incorrectly"). (Andrea Faulds)
    
       - MySQLi:
         . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
    
       - mysqlnd:
         . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param
           with 'i'). (Andrey)
         . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES
           after failed query). (Andrey)
    
       - OpenSSL:
         . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
           (Stefan Esser).
    
       - PDO
         . Fixed bug 65946 (sql_parser permanently converts values bound to strings)
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Dec 13 15:33:22 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: Makefile distinfo
    
       Log Message:
       Update php55 to 5.5.7 (PHP 5.5.7).
    
       12 Dec 2013, PHP 5.5.7
    
       - CLI server:
         . Added some MIME types to the CLI web server (Chris Jones)
         . Implemented FR #65917 (getallheaders() is not supported by the built-in web
           server) - also implements apache_response_headers() (Andrea Faulds)
    
       - Core:
         . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
           string). (Laruence)
    
       - OPCache
         . Fixed bug #66176 (Invalid constant substitution). (Dmitry)
         . Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
         . Fixed bug #65559 (Opcache: cache not cleared if changes occur while
           running). (Dmitry)
    
       - OpenSSL:
         . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
           (Stefan Esser).
    
       - readline
         . Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
    tron committed Dec 16, 2013
  6. Pullup ticket #4267 - requested by taca

    textproc/icu: security patch
    
    Revisions pulled up:
    - textproc/icu/Makefile                                  patch
    - textproc/icu/distinfo                                  patch
    - textproc/icu/patches/patch-i18n_csrucode.cpp           patch
    
    ---
    Apply patch to fix the security vulnerability reported in CVE-2013-2924.
    tron committed Dec 16, 2013
Commits on Dec 11, 2013
  1. Pullup ticket #4268.

    tron committed Dec 11, 2013
  2. Pullup ticket #4268 - requested by obache

    multimedia/adobe-flash-plugin11: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin11/Makefile                      1.21
    - multimedia/adobe-flash-plugin11/distinfo                      1.20
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Wed Dec 11 10:40:42 UTC 2013
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
    
       Log Message:
       Update adobe-flash-plugin11 to 11.2.202.332 for APSB13-28.
    tron committed Dec 11, 2013
Commits on Dec 9, 2013
  1. Pullup ticket #4266.

    tron committed Dec 9, 2013
  2. Pullup ticket #4266 - requested by taca

    databases/ruby-activerecord32: security update
    devel/ruby-activemodel32: security update
    devel/ruby-activesupport32: security update
    devel/ruby-railties32: security update
    mail/ruby-actionmailer32: security update
    www/ruby-actionpack32: security update
    www/ruby-activeresource32: security update
    www/ruby-rails32: security update
    
    Revisions pulled up:
    - databases/ruby-activerecord32/distinfo                        1.14
    - devel/ruby-activemodel32/distinfo                             1.14
    - devel/ruby-activesupport32/distinfo                           1.14
    - devel/ruby-railties32/distinfo                                1.14
    - lang/ruby/rails.mk                                            1.46
    - mail/ruby-actionmailer32/distinfo                             1.14
    - www/ruby-actionpack32/distinfo                                1.14
    - www/ruby-activeresource32/distinfo                            1.14
    - www/ruby-rails32/distinfo                                     1.14
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:41:48 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rails.mk
    
       Log Message:
       Start update of Ruby on Rails 3.2.16.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:42:52 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/ruby-activesupport32: distinfo
    
       Log Message:
       Update ruby-activesupport32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:43:29 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/ruby-activemodel32: distinfo
    
       Log Message:
       Update ruby-activemodel32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:44:05 UTC 2013
    
       Modified Files:
       	pkgsrc/databases/ruby-activerecord32: distinfo
    
       Log Message:
       ruby-activerecord32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:44:42 UTC 2013
    
       Modified Files:
       	pkgsrc/www/ruby-activeresource32: distinfo
    
       Log Message:
       Update ruby-activeresource32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:45:38 UTC 2013
    
       Modified Files:
       	pkgsrc/www/ruby-actionpack32: distinfo
    
       Log Message:
       Update ruby-actionpack32 to 3.2.16, security update.
    
       * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
       * Stop using i18n's built in HTML error handling.  Fixes: CVE-2013-4491
       * Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
       * Only use valid mime type symbols as cache keys CVE-2013-6414
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:46:15 UTC 2013
    
       Modified Files:
       	pkgsrc/mail/ruby-actionmailer32: distinfo
    
       Log Message:
       Update ruby-actionmailer32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:46:48 UTC 2013
    
       Modified Files:
       	pkgsrc/devel/ruby-railties32: distinfo
    
       Log Message:
       Update ruby-railties32 to 3.2.16.
       Only version number has updated.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Dec  4 15:47:17 UTC 2013
    
       Modified Files:
       	pkgsrc/www/ruby-rails32: distinfo
    
       Log Message:
       Update ruby-rails32 to 3.2.16.
       Only version number has updated.
    tron committed Dec 9, 2013
Commits on Dec 8, 2013
  1. Pullup tickets #4264 and #4265.

    tron committed Dec 8, 2013
  2. Pullup tickets #4264 and #4265.

    tron committed Dec 8, 2013
  3. Pullup ticket #4265 - requested by taca

    mail/dovecot2: security update
    
    Revisions pulled up:
    - mail/dovecot2/Makefile                                1.51,1.53 via patch
    - mail/dovecot2/PLIST                                   1.28-1.29
    - mail/dovecot2/distinfo                                1.39-1.40
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Tue Oct  8 13:52:47 UTC 2013
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile PLIST distinfo
    
       Log Message:
       Changes 2.2.6:
       * acl: If public/shared namespace has a shared subscriptions file for
         all users, don't list subscription entries that are not visible to
         the user accessing it.
       + doveadm: Added "auth lookup" command for doing passdb lookup.
       + login_log_format_elements: Added %{orig_user}, %{orig_username}
         and %{orig_domain} expanding to the username exactly as sent by
         the client (before any changes auth process made).
       + Added ssl_prefer_server_ciphers setting.
       + auth_verbose_passwords: Log the password also for unknown users.
       + Linux: Added optional support for SO_REUSEPORT with
         inet_listener { reuse_port=yes }
       - director: v2.2.5 changes caused "SYNC lost" errors
       - dsync: Many fixes and error handling improvements
       - doveadm -A: Don't waste CPU by doing a separate config lookup
         for each user
       - Long-running ssl-params process no longer prevents Dovecot restart
       - mbox: Fixed mailbox_list_index=yes to work correctly
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Wed Nov  6 14:20:58 UTC 2013
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile PLIST distinfo
    
       Log Message:
       Changes 2.2.7:
       * Some usage of passdb checkpassword could have been exploitable by
         local users. You may need to modify your setup to keep it working.
         See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
       + auth: Added ability to truncate values logged by
         auth_verbose_passwords (see 10-logging.conf comment)
       + mdbox: Added "mdbox_deleted" storage, which can be used to access
         messages with refcount=0. For example: doveadm import
         mdbox_deleted:~/mdbox "" mailbox inbox subject oops
       + ssl-params: Added ssl_dh_parameters_length setting.
       - master process was doing a hostname.domain lookup for each created
         process, which may have caused a lot of unnecessary DNS lookups.
       - dsync: Syncing over 100 messages at once caused problems in some
         situations, causing messages to get new UIDs.
       - fts-solr: Different Solr hosts for different users didn't work.
    tron committed Dec 8, 2013
  4. Pullup ticket #4264 - requested by taca

    net/samba: security update
    
    Revisions pulled up:
    - net/samba/Makefile                                            1.239-1.240
    - net/samba/distinfo                                            1.94-1.95
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Wed Oct  9 14:46:35 UTC 2013
    
       Modified Files:
       	pkgsrc/net/samba: Makefile distinfo
    
       Log Message:
       Update samba to 3.6.19.
    
       Changes since 3.6.18:
       ---------------------
    
       o   Jeremy Allison <jra@samba.org>
           * BUG 5917: Make Samba work on site with Read Only Domain Controlle=
       r.
    
       o   Christian Ambach <ambi@samba.org>
           * BUG 8955: NetrServerPasswordSet2 timeout is too short.
    
       o   G=FCnther Deschner <gd@samba.org>
           * BUG 9899: Fix fallback to ncacn_np in cm_connect_lsat().
           * BUG 9615: Fix fallback to ncacn_np in cm_connect_lsat().
           * BUG 10127: Fix 'smbstatus' as non-root user.
    
       o   Volker Lendecke <vl@samba.org>
           * BUG 8955: Give machine password changes 10 minutes of time.
           * BUG 10106: Honour output buffer length set by the client for SMB2=
        GetInfo
             requests.
           * BUG 10114: Handle Dropbox (write-only-directory) case correctly i=
       n
             pathname lookup.
    
       o   Karolin Seeger <kseeger@samba.org>
           * BUG 10076: Fix variable list in man vfs_crossrename.
    
       o   Andreas Schneider <asn@samba.org>
           * BUG 9994: s3-winbind: Do not delete an existing valid credential =
       cache.
           * BUG 10073: 'net ads join': Fix segmentation fault in
             create_local_private_krb5_conf_for_domain.
    
       o   Richard Sharpe <realrichardsharpe@gmail.com>
           * BUG 10097: MacOSX 10.9 will not follow path-based DFS referrals h=
       anded
             out by Samba.
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Tue Nov 12 11:30:01 UTC 2013
    
       Modified Files:
       	pkgsrc/net/samba: Makefile distinfo
    
       Log Message:
       Changes 3.6.20:
       These are security releases in order to address CVE-2013-4475 (ACLs are=
        not checked on opening an alternate data stream on a file or directory=
       ) and CVE-2013-4476 (Private key in key.pem world readable).
    tron committed Dec 8, 2013
Commits on Dec 5, 2013
  1. Pullup ticket #4263

    schnoebe committed Dec 5, 2013
  2. pullup to pkgsrc-2013Q3, resolves ticket #4263

    Updated to nginx 1.5.7
    
    Changes with nginx 1.5.7                                         19 Nov 2013
    
        *) Security: a character following an unescaped space in a request line
           was handled incorrectly (CVE-2013-4547); the bug had appeared in
           0.8.41.
           Thanks to Ivan Fratric of the Google Security Team.
    
        *) Change: a logging level of auth_basic errors about no user/password
           provided has been lowered from "error" to "info".
    
        *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
           "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
    
        *) Feature: the "ssl_session_ticket_key" directive.
           Thanks to Piotr Sikora.
    
        *) Bugfix: the directive "add_header Cache-Control ''" added a
           "Cache-Control" response header line with an empty value.
    
        *) Bugfix: the "satisfy any" directive might return 403 error instead of
           401 if auth_request and auth_basic directives were used.
           Thanks to Jan Marc Hoffmann.
    
        *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
           directive were ignored for listen sockets created during binary
           upgrade.
           Thanks to Piotr Sikora.
    
        *) Bugfix: some data received from a backend with unbufferred proxy
           might not be sent to a client immediately if "gzip" or "gunzip"
           directives were used.
           Thanks to Yichun Zhang.
    
        *) Bugfix: in error handling in ngx_http_gunzip_filter_module.
    
        *) Bugfix: responses might hang if the ngx_http_spdy_module was used
           with the "auth_request" directive.
    
        *) Bugfix: memory leak in nginx/Windows.
    
    
    Changes with nginx 1.5.6                                         01 Oct 2013
    
        *) Feature: the "fastcgi_buffering" directive.
    
        *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
           directives.
           Thanks to Piotr Sikora.
    
        *) Feature: optimization of SSL handshakes when using long certificate
           chains.
    
        *) Feature: the mail proxy supports SMTP pipelining.
    
        *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
           password encryption method.
           Thanks to Markus Linnala.
    
        *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
           be used to process a request if locations were given using characters
           in different cases.
    
        *) Bugfix: automatic redirect with appended trailing slash for proxied
           locations might not work.
    
        *) Bugfix: in the mail proxy server.
    
        *) Bugfix: in the ngx_http_spdy_module.
    
    
    Changes with nginx 1.5.5                                         17 Sep 2013
    
        *) Change: now nginx assumes HTTP/1.0 by default if it is not able to
           detect protocol reliably.
    
        *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
    
        *) Feature: now nginx uses EPOLLRDHUP events to detect premature
           connection close by clients if the "epoll" method is used.
    
        *) Bugfix: in the "valid_referers" directive if the "server_names"
           parameter was used.
    
        *) Bugfix: the $request_time variable did not work in nginx/Windows.
    
        *) Bugfix: in the "image_filter" directive.
           Thanks to Lanshun Zhou.
    
        *) Bugfix: OpenSSL 1.0.1f compatibility.
           Thanks to Piotr Sikora.
    
    
    Changes with nginx 1.5.4                                         27 Aug 2013
    
        *) Change: the "js" extension MIME type has been changed to
           "application/javascript"; default value of the "charset_types"
           directive was changed accordingly.
    
        *) Change: now the "image_filter" directive with the "size" parameter
           returns responses with the "application/json" MIME type.
    
        *) Feature: the ngx_http_auth_request_module.
    
        *) Bugfix: a segmentation fault might occur on start or during
           reconfiguration if the "try_files" directive was used with an empty
           parameter.
    
        *) Bugfix: memory leak if relative paths were specified using variables
           in the "root" or "auth_basic_user_file" directives.
    
        *) Bugfix: the "valid_referers" directive incorrectly executed regular
           expressions if a "Referer" header started with "https://".
           Thanks to Liangbin Li.
    
        *) Bugfix: responses might hang if subrequests were used and an SSL
           handshake error happened during subrequest processing.
           Thanks to Aviram Cohen.
    
        *) Bugfix: in the ngx_http_autoindex_module.
    
        *) Bugfix: in the ngx_http_spdy_module.
    schnoebe committed Dec 5, 2013
  3. pull-up to pkgsrc-2013Q3, ticket #4264

    Updated to nginx 1.4.4
    
    Changes with nginx 1.4.4                                         19 Nov 2013
    
        *) Security: a character following an unescaped space in a request line
           was handled incorrectly (CVE-2013-4547); the bug had appeared in
           0.8.41.
           Thanks to Ivan Fratric of the Google Security Team.
    
    
    Changes with nginx 1.4.3                                         08 Oct 2013
    
        *) Bugfix: a segmentation fault might occur in a worker process if the
           ngx_http_spdy_module was used with the "client_body_in_file_only"
           directive.
    
        *) Bugfix: a segmentation fault might occur on start or during
           reconfiguration if the "try_files" directive was used with an empty
           parameter.
    
        *) Bugfix: the $request_time variable did not work in nginx/Windows.
    
        *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
           password encryption method.
           Thanks to Markus Linnala.
    
        *) Bugfix: in the ngx_http_autoindex_module.
    
        *) Bugfix: in the mail proxy server.
    schnoebe committed Dec 5, 2013
  4. Pullup ticket #4262.

    tron committed Dec 5, 2013
  5. Pullup ticket #4262 - requested by taca

    security/openssh: security update
    
    Revisions pulled up:
    - security/openssh/Makefile                                     1.214
    - security/openssh/distinfo                                     1.85
    - security/openssh/options.mk                                   1.26
    - security/openssh/patches/patch-Makefile.in                    1.2
    - security/openssh/patches/patch-auth.c                         1.2
    - security/openssh/patches/patch-auth1.c                        1.2
    - security/openssh/patches/patch-auth2.c                        1.2
    - security/openssh/patches/patch-config.h.in                    1.2
    - security/openssh/patches/patch-configure                      1.2
    - security/openssh/patches/patch-configure.ac                   1.2
    - security/openssh/patches/patch-includes.h                     1.2
    - security/openssh/patches/patch-scp.c                          1.2
    - security/openssh/patches/patch-session.c                      1.2
    - security/openssh/patches/patch-sftp-common.c                  1.1
    - security/openssh/patches/patch-ssh.c                          1.2
    - security/openssh/patches/patch-sshd.c                         1.2
    - security/openssh/patches/patch-uidswap.c                      1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Dec  1 06:11:41 UTC 2013
    
       Modified Files:
       	pkgsrc/security/openssh: Makefile distinfo options.mk
       	pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth.c
       	    patch-auth1.c patch-auth2.c patch-config.h.in patch-configure
       	    patch-configure.ac patch-includes.h patch-scp.c patch-session.c
       	    patch-ssh.c patch-sshd.c patch-uidswap.c
       Added Files:
       	pkgsrc/security/openssh/patches: patch-sftp-common.c
    
       Log Message:
       Update openssh to 6.4.1 (OpenSSH 6.4p1).
    
       Changes since OpenSSH 6.3
       =========================
    
       This release fixes a security bug:
    
        * sshd(8): fix a memory corruption problem triggered during rekeying
          when an AES-GCM cipher is selected. Full details of the vulnerability
          are available at: http://www.openssh.com/txt/gcmrekey.adv
    
       Changes since OpenSSH 6.2 is too many to write here, please refer
       the release note: http://www.openssh.com/txt/release-6.3.
    tron committed Dec 5, 2013
Commits on Dec 1, 2013
  1. Pullup tickets #4259, #4260 and #4261.

    tron committed Dec 1, 2013
  2. Pullup ticket #4261 - requested by taca

    lang/ruby200-base: security update
    
    Revisions pulled up:
    - lang/ruby/rubyversion.mk                                      1.106
    - lang/ruby200-base/Makefile                                    1.5
    - lang/ruby200-base/PLIST                                       1.2
    - lang/ruby200-base/distinfo                                    1.7
    - lang/ruby200-base/patches/patch-configure                     1.4
    - lang/ruby200-base/patches/patch-ext_tk_extconf.rb             deleted
    - lang/ruby200-base/patches/patch-lib_rubygems.rb               1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_commands_setup__command.rb 1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_config__file.rb  1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_dependency__installer.rb 1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_ext_ext__conf__builder.rb deleted
    - lang/ruby200-base/patches/patch-lib_rubygems_installer.rb     1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_specification.rb 1.2
    - lang/ruby200-base/patches/patch-lib_rubygems_version.rb       deleted
    - lang/ruby200-base/patches/patch-man_ri.1                      1.2
    - lang/ruby200-base/patches/patch-tool_rbinstall.rb             1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Nov 24 14:22:03 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
       	pkgsrc/lang/ruby200-base: Makefile PLIST distinfo
       	pkgsrc/lang/ruby200-base/patches: patch-configure patch-lib_rubygems.rb
       	    patch-lib_rubygems_commands_setup__command.rb
       	    patch-lib_rubygems_config__file.rb
       	    patch-lib_rubygems_dependency__installer.rb
       	    patch-lib_rubygems_installer.rb patch-lib_rubygems_specification.rb
       	    patch-man_ri.1 patch-tool_rbinstall.rb
       Removed Files:
       	pkgsrc/lang/ruby200-base/patches: patch-ext_tk_extconf.rb
       	    patch-lib_rubygems_ext_ext__conf__builder.rb
       	    patch-lib_rubygems_version.rb
    
       Log Message:
       Update ruby200-base, ruby200 and ruby-mode package to 2.00-p353.
    
       Ruby 2.0.0-p353 is released
    
       Now Ruby 2.0.0-p353 is released.
    
       This release includes a security fix about floating point parsing.
    
           Heap Overflow in Floating Point Parsing (CVE-2013-4164)
    
       And some bugfixes are also included. See tickets and ChangeLog for details.
    tron committed Dec 1, 2013
  3. Pullup ticket #4260 - requested by taca

    lang/ruby193-base: security update
    
    Revisions pulled up:
    - lang/ruby/rubyversion.mk                                      1.105
    - lang/ruby193-base/Makefile                                    1.36
    - lang/ruby193-base/distinfo                                    1.28 via patch
    - lang/ruby193-base/patches/patch-configure                     1.11
    - lang/ruby193-base/patches/patch-configure.in                  1.10
    - lang/ruby193-base/patches/patch-ext_tk_extconf.rb             deleted
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Nov 24 14:17:19 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: rubyversion.mk
       	pkgsrc/lang/ruby193-base: Makefile distinfo
       	pkgsrc/lang/ruby193-base/patches: patch-configure patch-configure.in
       Removed Files:
       	pkgsrc/lang/ruby193-base/patches: patch-ext_tk_extconf.rb
    
       Log Message:
       Update ruby193-base (and related packages to 1.9.3-p484).
    
       Ruby 1.9.3-p484 is released
    
       Now Ruby 1.9.3-p484 is released.
    
       This release includes a security fix about ruby interpreter core:
    
           Heap Overflow in Floating Point Parsing (CVE-2013-4164)
    
       And some bugfixes are also included. See tickets and ChangeLog for details.
    tron committed Dec 1, 2013
  4. Pullup ticket #4259 - requested by taca

    databases/ruby-dm-serializer: dependency fix
    databases/ruby-dm-types/Makefile: dependency fix
    net/ruby-tw/Makefile: dependency fix
    
    Revisions pulled up:
    - databases/ruby-dm-serializer/Makefile                         1.7
    - databases/ruby-dm-types/Makefile                              1.10
    - lang/ruby/json.mk                                             1.3
    - net/ruby-tw/Makefile                                          1.7
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Nov 24 14:05:08 UTC 2013
    
       Modified Files:
       	pkgsrc/lang/ruby: json.mk
    
       Log Message:
       Correct versions of json as bundled with Ruby.
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sun Nov 24 14:07:50 UTC 2013
    
       Modified Files:
       	pkgsrc/databases/ruby-dm-serializer: Makefile
       	pkgsrc/databases/ruby-dm-types: Makefile
       	pkgsrc/net/ruby-tw: Makefile
    
       Log Message:
       Bump PKGREVISION for json version handling change.
    tron committed Dec 1, 2013
Commits on Nov 26, 2013
  1. Pullup tickets #4257 and #4258.

    tron committed Nov 26, 2013
  2. Pullup ticket #4258 - requested by taca

    www/drupal7: security update
    
    Revisions pulled up:
    - www/drupal7/Makefile                                          1.22
    - www/drupal7/distinfo                                          1.15
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu Nov 21 15:14:11 UTC 2013
    
       Modified Files:
       	pkgsrc/www/drupal7: Makefile distinfo
    
       Log Message:
       Update drupal7 to 7.24 (Drupal 7.24).
    
       Drupal 7.24, 2013-11-20
       ----------------------
       - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
    tron committed Nov 26, 2013
Something went wrong with that request. Please try again.