Permalink
Commits on Jun 25, 2014
  1. Pullup tickets #4436 and #4437.

    tron
    tron committed Jun 25, 2014
  2. Pullup ticket #4437 - requested by obache

    tron
    tron committed Jun 25, 2014
    emulators/suse131_libdbus: security update
    
    Revisions pulled up:
    - emulators/suse131_libdbus/Makefile                            1.3
    - emulators/suse131_libdbus/distinfo                            1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sat Jun 21 13:52:49 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_libdbus: Makefile distinfo
    
       Log Message:
       Apply openSUSE Security Update: dbus-1: Fixed possible DoS
       Announcement ID:    openSUSE-SU-2014:0821-1
    
       Description:
    
          dbus-1 was updated to fix a possible DoS (CVE-2014-3477).
    
       Bump PKGREVISION.
  3. Pullup ticket #4436 - requested by obache

    tron
    tron committed Jun 25, 2014
    emulators/suse131_mozilla-nspr: security update
    
    Revisions pulled up:
    - emulators/suse131_mozilla-nspr/Makefile                       1.2-1.3
    - emulators/suse131_mozilla-nspr/distinfo                       1.2-1.3
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri Apr  4 10:02:24 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_mozilla-nspr: Makefile distinfo
    
       Log Message:
       Update suse131_mozilla-nspr RPM to 4.10.4-8.1 from openSUSE-SU-2014:0448-1.
    
          Changes in mozilla-nspr:
          - update to version 4.10.4
          * bmo#767759: Add support for new x32 abi
          * bmo#844784: Thread data race in PR_EnterMonitor
          * bmo#939786: data race
          nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root
          * bmo#958796: Users of _beginthreadex that set a custom
          stack size may not be getting the behavior they want
          * bmo#963033: AArch64 support update for NSPR
          * bmo#969061:	Incorrect end-of-list test when iterating
          over a PRCList in prcountr.c and prtrace.c
          * bmo#971152: IPv6 detection on linux depends on
          availability of /proc/net/if_inet6
    
          - update to version 4.10.3
          * bmo#749849: ensure we'll free the thread-specific data
          key.
          * bmo#941461: don't compile android with unaligned memory
          access.
          * bmo#932398: Add PR_SyncMemMap, a portable version of
          msync/FlushViewOfFile.
          * bmo#952621: Fix a thread-unsafe access to lock->owner
          in PR_Lock.
          * bmo#957458: Fix several bugs in the lock rank checking
          code.
          * bmo#936320: Use an alternative test for IPv6 support on
          Linux to avoid opening a socket.
    
       Bump PKGREVISION.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Sat Jun 21 13:35:54 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_mozilla-nspr: Makefile distinfo
    
       Log Message:
       Apply openSUSE Security Update: MozillaFirefox, mozilla-nspr:
       Update fixes nine security issues
    
       Announcement ID:    openSUSE-SU-2014:0819-1
    
       Description:
          mozilla-nspr was updated to version 4.10.6 to fix one security issue:
          * OOB write with sprintf and console functions (CVE-2014-1545)
    
       Bump PKGREVISION.
Commits on Jun 15, 2014
  1. pullup #4435

    spz
    spz committed Jun 15, 2014
  2. Pullup ticket #4435 - requested by tron

    spz
    spz committed Jun 15, 2014
    net/wireshark: security update
    
    Revisions pulled up:
    - net/wireshark/Makefile                                        1.123
    - net/wireshark/distinfo                                        1.75
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	tron
       Date:		Sat Jun 14 09:17:51 UTC 2014
    
       Modified Files:
       	pkgsrc/net/wireshark: Makefile distinfo
    
       Log Message:
       Update "wireshark" package to version 1.10.8. Changes since 1.10.7:
       - The following vulnerabilities have been fixed.
           * wnpa-sec-2014-07
             The frame metadissector could crash. (Bug 9999, Bug 10030)
             Versions affected: 1.10.0 to 1.10.7
             CVE-2014-4020
       = The following bugs have been fixed:
           * VoIP flow graph crash upon opening. (Bug 9179)
           * Tshark with "-F pcap" still generates a pcapng file. (Bug 9991)
           * IPv6 Next Header 0x3d recognized as SHIM6. (Bug 9995)
           * Failed to export pdml on large pcap. (Bug 10081)
           * TCAP: set a fence on info column after calling sub
             dissector (Bug 10091)
           * Dissector bug in JSON protocol. (Bug 10115)
           * GSM RLC MAC: do not skip too many lines of the CSN_DESCR
             when the field is missing (Bug 10120)
           * Wireshark PEEKREMOTE incorrectly decoding QoS data packets
             from Cisco Sniffer APs. (Bug 10139)
           * IEEE 802.11: fix dissection of HT Capabilities (Bug 10166)
       - Updated Protocol Support
         CIP, EtherNet/IP, GSM RLC MAC, IEEE 802.11, IPv6, and TCAP
       - New and Updated Capture File Support
         pcap-ng, and PEEKREMOTE
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.122 -r1.123 pkgsrc/net/wireshark/Makefile
       cvs rdiff -u -r1.74 -r1.75 pkgsrc/net/wireshark/distinfo
  3. Pullup ticket #4432.

    tron
    tron committed Jun 15, 2014
  4. Pullup ticket #4432 - requested by obache

    tron
    tron committed Jun 15, 2014
    emulators/suse131_openssl: security update
    
    Revisions pulled up:
    - emulators/suse131_openssl/Makefile                            1.9
    - emulators/suse131_openssl/distinfo                            1.9
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri Jun  6 09:53:29 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_openssl: Makefile distinfo
    
       Log Message:
       Apply openSUSE-SU-2014:0764-1
       openSUSE Security Update: openssl: update to version 1.0.1h
    
       Description:
    
          The openssl library was updated to version 1.0.1h fixing various security
          issues and bugs:
    
          Security issues fixed:
          - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
            crafted handshake can force the use of weak keying material in OpenSSL
            SSL/TLS clients and servers.
          - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
            handshake to an OpenSSL DTLS client the code can be made to recurse
            eventually crashing in a DoS attack.
          - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
            overrun attack can be triggered by sending invalid DTLS fragments to an
             OpenSSL DTLS client or server. This is potentially exploitable to run
             arbitrary code on a vulnerable client or server.
          - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
            ciphersuites are subject to a denial of service attack.
    
       Bump PKGREVISION.
Commits on Jun 12, 2014
  1. Pullup ticket #4433.

    tron
    tron committed Jun 12, 2014
  2. Pullup ticket #4433 - requested by obache

    tron
    tron committed Jun 12, 2014
    multimedia/adobe-flash-plugin11: security update
    
    Revisions pulled up:
    - multimedia/adobe-flash-plugin11/Makefile                      1.30
    - multimedia/adobe-flash-plugin11/distinfo                      1.28
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Wed Jun 11 01:56:57 UTC 2014
    
       Modified Files:
       	pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo
    
       Log Message:
       Update adobe-flash-plugin11 to 11.2.202.378 for APSB14-16.
Commits on Jun 5, 2014
  1. Pullup ticket #4431.

    tron
    tron committed Jun 5, 2014
  2. Pullup ticket #4431 - requested by wiz

    tron
    tron committed Jun 5, 2014
    security/openssl: security update
    
    Revisions pulled up:
    - security/openssl/Makefile                                     1.193
    - security/openssl/builtin.mk                                   1.42
    - security/openssl/distinfo                                     1.106-1.107
    - security/openssl/patches/patch-Configure                      1.2
    - security/openssl/patches/patch-Makefile.org                   1.2
    - security/openssl/patches/patch-Makefile.shared                1.2
    - security/openssl/patches/patch-apps_Makefile                  1.2
    - security/openssl/patches/patch-config                         1.2
    - security/openssl/patches/patch-crypto_bn_bn__prime.pl         1.2
    - security/openssl/patches/patch-crypto_des_Makefile            1.1
    - security/openssl/patches/patch-crypto_dso_dso__dlfcn.c        1.2
    - security/openssl/patches/patch-doc_apps_cms.pod               deleted
    - security/openssl/patches/patch-doc_apps_smine.pod             deleted
    - security/openssl/patches/patch-doc_ssl_SSL__COMP__add__compression__method.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__add__session.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__load__verify__locations.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__client__CA__list.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__session__id__context.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__set__ssl__version.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__accept.pod        deleted
    - security/openssl/patches/patch-doc_ssl_SSL__clear.pod         deleted
    - security/openssl/patches/patch-doc_ssl_SSL__connect.pod       deleted
    - security/openssl/patches/patch-doc_ssl_SSL__do__handshake.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__read.pod          deleted
    - security/openssl/patches/patch-doc_ssl_SSL__session__reused.pod deleted
    - security/openssl/patches/patch-doc_ssl_SSL__set__fd.pod       deleted
    - security/openssl/patches/patch-doc_ssl_SSL__set__session.pod  deleted
    - security/openssl/patches/patch-doc_ssl_SSL__shutdown.pod      deleted
    - security/openssl/patches/patch-doc_ssl_SSL__write.pod         deleted
    - security/openssl/patches/patch-engines_ccgost_Makefile        1.2
    - security/openssl/patches/patch-tools_Makefile                 1.2
    
    ---
       Module Name:	pkgsrc
       Committed By:	rodent
       Date:		Tue May 13 02:23:11 UTC 2014
    
       Modified Files:
       	pkgsrc/security/openssl: distinfo
       	pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
       	    patch-Makefile.shared patch-apps_Makefile patch-config
       	    patch-crypto_bn_bn__prime.pl patch-crypto_dso_dso__dlfcn.c
       	    patch-doc_apps_cms.pod patch-doc_apps_smine.pod
       	    patch-doc_ssl_SSL__COMP__add__compression__method.pod
       	    patch-doc_ssl_SSL__CTX__add__session.pod
       	    patch-doc_ssl_SSL__CTX__load__verify__locations.pod
       	    patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
       	    patch-doc_ssl_SSL__CTX__set__session__id__context.pod
       	    patch-doc_ssl_SSL__CTX__set__ssl__version.pod
       	    patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
       	    patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
       	    patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
       	    patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
       	    patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
       	    patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
       	    patch-engines_ccgost_Makefile patch-tools_Makefile
       Added Files:
       	pkgsrc/security/openssl/patches: patch-crypto_des_Makefile
    
       Log Message:
       Fix build on OpenBSD/sparc64. Defuzz patches (sorry if this is annoying).
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Thu Jun  5 12:16:06 UTC 2014
    
       Modified Files:
       	pkgsrc/security/openssl: Makefile builtin.mk distinfo
       Removed Files:
       	pkgsrc/security/openssl/patches: patch-doc_apps_cms.pod
       	    patch-doc_apps_smine.pod
       	    patch-doc_ssl_SSL__COMP__add__compression__method.pod
       	    patch-doc_ssl_SSL__CTX__add__session.pod
       	    patch-doc_ssl_SSL__CTX__load__verify__locations.pod
       	    patch-doc_ssl_SSL__CTX__set__client__CA__list.pod
       	    patch-doc_ssl_SSL__CTX__set__session__id__context.pod
       	    patch-doc_ssl_SSL__CTX__set__ssl__version.pod
       	    patch-doc_ssl_SSL__CTX__use__psk__identity__hint.pod
       	    patch-doc_ssl_SSL__accept.pod patch-doc_ssl_SSL__clear.pod
       	    patch-doc_ssl_SSL__connect.pod patch-doc_ssl_SSL__do__handshake.pod
       	    patch-doc_ssl_SSL__read.pod patch-doc_ssl_SSL__session__reused.pod
       	    patch-doc_ssl_SSL__set__fd.pod patch-doc_ssl_SSL__set__session.pod
       	    patch-doc_ssl_SSL__shutdown.pod patch-doc_ssl_SSL__write.pod
    
       Log Message:
       Update to 1.0.1h:
    
         Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
    
             o Fix for CVE-2014-0224
             o Fix for CVE-2014-0221
             o Fix for CVE-2014-0195
             o Fix for CVE-2014-3470
             o Fix for CVE-2010-5298
Commits on Jun 4, 2014
  1. security/gnutls: security update

    schnoebe
    schnoebe committed Jun 4, 2014
  2. Pullup ticket #4430 - requested by tron

    schnoebe
    schnoebe committed Jun 4, 2014
    security/gnutls: security update
    
    Revisions pulled up:
    - security/gnutls/Makefile                                      1.146
    - security/gnutls/distinfo                                      1.106
    
    ---
       Module Name:	pkgsrc
       Committed By:	wiz
       Date:		Fri May 30 13:20:23 UTC 2014
    
       Modified Files:
       	pkgsrc/security/gnutls: Makefile distinfo
    
       Log Message:
       Update to 3.2.15:
    
       * Version 3.2.15 (released 2014-05-30)
    
       ** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
       Issue reported by Joonas Kuorilehto of Codenomicon.
    
       ** libgnutls: Several memory leaks caused by error conditions were
       fixed. The leaks were identified using valgrind and the Codenomicon
       TLS test suite.
    
       ** libgnutls: Increased the maximum certificate size buffer
       in the PKCS #11 subsystem.
    
       ** libgnutls: Check the return code of getpwuid_r() instead of relying
       on the result value. That avoids issue in certain systems, when using
       tofu authentication and the home path cannot be determined. Issue reported
       by Viktor Dukhovni.
    
       ** gnutls-cli: if dane is requested but not PKIX verification, then
       only do verify the end certificate.
    
       ** ocsptool: Include path in ocsp request. This resolves #108582
       (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
    
       ** API and ABI modifications:
       No changes since last version.
    
       * Version 3.2.14 (released 2014-05-06)
    
       ** libgnutls: Fixed issue with the check of incoming data when two
       different recv and send pointers have been specified. Reported and
       investigated by JMRecio.
    
       ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
       result to illegal memory access if a server hint was provided.
    
       ** libgnutls: Fixed client memory leak in the PSK key exchange, if a
       server hint was provided.
    
       ** libgnutls: Several small bug fixes identified using valgrind and
       the Codenomicon TLS test suite.
    
       ** libgnutls: Several small bug fixes found by coverity.
    
       ** libgnutls-dane: Accept a certificate using DANE if there is at least one
       entry that matches the certificate. Patch by simon [at] arlott.org.
    
       ** configure: Added --with-nettle-mini option, which allows linking
       with a libnettle that contains gmp.
    
       ** certtool: The ECDSA keys generated by default use the SECP256R1 curve
       which is supported more widely than the previously used SECP224R1.
    
       ** API and ABI modifications:
       No changes since last version.
    
       * Version 3.2.13 (released 2014-04-07)
    
       ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
       if there are no base64 data. Report and patch by Ramkumar Chinchani.
    
       ** libgnutls: gnutls_record_send is now safe to be called under DTLS when
       in corked mode.
    
       ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
       only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
       these algorithms.
    
       ** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
       Wildcards are only accepted when there are more than two domain components
       after the wildcard. This drops support for the permissive RFC2818 wildcards
       and adds more conservative support based on the suggestions in RFC6125. Suggested
       by Jeffrey Walton.
    
       ** certtool: When no password is provided to export a PKCS #8 keys, do
       not encrypt by default. This reverts to the certtool behavior of gnutls
       3.0. The previous behavior of encrypting using an empty password can be
       replicating using the new parameter --empty-password.
    
       ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
       the --provider option is given.
    
       ** API and ABI modifications:
       No changes since last version.
Commits on Jun 2, 2014
  1. Pullup tickets #4427, #4428 and #4429.

    tron
    tron committed Jun 2, 2014
  2. Pullup ticket #4429 - requested by taca

    tron
    tron committed Jun 2, 2014
    lang/php53: match option handling of "php54" and "php55"
    
    Revisions pulled up:
    - lang/php53/Makefile.php                                       1.39
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat May 31 04:30:30 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php53: Makefile.php
    
       Log Message:
       Use PKG_OPTIONS.${PHP_PKG_PREFIX} as PKG_OPTIONS_VAR in order to consistent
       PKG_OPTIONS amaong packages which use lang/php/Makefile.php.
  3. Pullup ticket #4428 - requested by taca

    tron
    tron committed Jun 2, 2014
    lang/php54: security update
    
    Revisions pulled up:
    - lang/php/phpversion.mk                                        1.64
    - lang/php54/Makefile.php                                       1.8
    - lang/php54/distinfo                                           1.40
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat May 31 04:28:57 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: Makefile.php distinfo
    
       Log Message:
       Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.
    
       29 May 2014, PHP 5.4.29
    
       - COM:
         . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
    
       - Core:
         . Fixed bug #65701 (copy() doesn't work when destination filename is created
           by tempnam()). (Boro Sitnikovski)
         . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
         . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
           zend_exceptions.c). (Bob)
         . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
         . Fixed bug #67249 (printf out-of-bounds read). (Stas)
         . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
         . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
    
       - Date:
         . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
         . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
         . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
    
       - DOM:
         . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
           not only the subset). (Anatol)
    
        - Fileinfo:
          . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
          . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
            (CVE-2014-0238)
          . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
            performance degradation). (CVE-2014-0237)
    
       - FPM:
         . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
           (Julio Pintos)
    
       - Phar:
         . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
           in its name). (PR #588)
  4. Pullup ticket #4427 - requested by taca

    tron
    tron committed Jun 2, 2014
    lang/php55: security update
    
    Revisions pulled up:
    - lang/php/phpversion.mk                                        1.63
    - lang/php55/Makefile.php                                       1.3
    - lang/php55/distinfo                                           1.22
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat May 31 04:26:40 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: Makefile.php distinfo
    
       Log Message:
       Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.
    
       29 May 2014, PHP 5.5.13
    
       - CLI server:
         . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
    
       - COM:
         . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
    
       - Core:
         . Fixed bug #65701 (copy() doesn't work when destination filename is created
           by tempnam()). (Boro Sitnikovski)
         . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
         . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
           zend_exceptions.c). (Bob)
         . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
         . Fixed bug #67249 (printf out-of-bounds read). (Stas)
         . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
         . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
    
       - Curl:
         . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
    
       - Date:
         . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
         . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
         . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
    
       - DOM:
         . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
           not only the subset). (Anatol)
    
       - Fileinfo:
         . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
         . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
         . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
           performance degradation) (CVE-2014-0237).
    
       - FPM:
         . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
           (Julio Pintos)
    
       - GD:
         . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
    
       - PCRE:
         . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
           from the upstream). (Anatol)
    
       - Phar:
         . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
           in its name). (PR #588)
Commits on Jun 1, 2014
  1. tickets 4422 and 4426

    spz
    spz committed Jun 1, 2014
  2. Pullup ticket #4426 - requested by wen

    spz
    spz committed Jun 1, 2014
    www/mediawiki: security update
    
    Revisions pulled up:
    - www/mediawiki/Makefile                                        1.41
    - www/mediawiki/distinfo                                        1.29
    
    -------------------------------------------------------------------
       Module Name:    pkgsrc
       Committed By:   wen
       Date:           Sun Jun  1 08:24:32 UTC 2014
    
       Modified Files:
               pkgsrc/www/mediawiki: Makefile distinfo
    
       Log Message:
       Update to 1.22.7
    
       Upstream changes:
       1.22.7
    
       == Security ==
       * (bug 65501) SECURITY: Don't parse usernames as wikitext on
         Special:PasswordReset.
    
       == Bugfixes in 1.22.7 ==
       * (bug 36356) Add space between two feed links.
       * (bug 63269) Email notifications were not correctly handling the
         [[MediaWiki:Helppage]] message being set to a full URL. This is a regression
         from the 1.22.5 point release, which made the default value for it a URL.
         If you customized [[MediaWiki:Enotif body]] (the text of email notifications),
         you'll need to edit it locally to include the URL via the new variable
         $HELPPAGE instead of the parser functions fullurl and canonicalurl; otherwise
         you don't have to do anything.
       * Add missing uploadstash.us_props for PostgreSQL.
       * (bug 56047) Fixed stream wrapper in PhpHttpRequest.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.40 -r1.41 pkgsrc/www/mediawiki/Makefile
       cvs rdiff -u -r1.28 -r1.29 pkgsrc/www/mediawiki/distinfo
  3. Pullup ticket #4422 - requested by taca

    spz
    spz committed Jun 1, 2014
    graphics/php-gd: version bump
    lang/php: version bump
    lang/php53: security update
    lang/php54: security update
    lang/php55: security update
    
    Revisions pulled up:
    - graphics/php-gd/Makefile                                      1.36
    - lang/php/phpversion.mk                                        1.59-1.62
    - lang/php53/distinfo                                           1.73
    - lang/php53/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
    - lang/php54/Makefile                                           1.21
    - lang/php54/Makefile.php                                       1.7
    - lang/php54/distinfo                                           1.37-1.39
    - lang/php54/patches/patch-configure                            1.7
    - lang/php54/patches/patch-ext_fileinfo_data__file.c            deleted
    - lang/php54/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
    - lang/php54/patches/patch-php.ini-development                  1.3
    - lang/php54/patches/patch-php.ini-production                   1.3
    - lang/php55/Makefile                                           1.12
    - lang/php55/distinfo                                           1.18-1.21
    - lang/php55/patches/patch-configure                            1.6
    - lang/php55/patches/patch-ext_fileinfo_data__file.c            deleted
    - lang/php55/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
    - lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c      1.2
    - lang/php55/patches/patch-php.ini-development                  1.4
    - lang/php55/patches/patch-php.ini-production                   1.4
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri Apr  4 03:05:00 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: Makefile distinfo
       	pkgsrc/lang/php55/patches: patch-php.ini-development
       	    patch-php.ini-production
       Removed Files:
       	pkgsrc/lang/php55/patches: patch-ext_fileinfo_data__file.c
    
       Log Message:
       Update php55 to 5.5.11.
       CVE-2013-7345 is already fixed in 5.5.10nb2.
    
       03 Apr 2014, PHP 5.5.11
    
       - Core:
         . Allow zero length comparison in substr_compare() (Tjerk)
         . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
    
       - SPL:
         . Added feature #65545 (SplFileObject::fread()) (Tjerk)
    
       - cURL:
         . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
         . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
           (Adam)
    
       - FPM:
         . Added clear_env configuration directive to disable clearenv() call.
         (Github PR# 598, Paul Annesley)
    
       - Fileinfo:
         . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
           expression). (CVE-2013-7345) (Remi)
    
       - GD:
         . Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
         . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
         . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
         . Fixed bug #66890 (imagescale segfault). (Remi)
         . Fixed bug #66893 (imagescale ignore method argument). (Remi)
    
       - Hash:
         . hash_pbkdf2() now works correctly if the $length argument is not specified.
           (Nikita)
    
       - Intl:
         . Fixed bug #66873 (A reproductible crash in UConverter when given invalid
           encoding) (Stas)
    
       - Mail:
         . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
    
       - MySQLi:
         . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
         (Remi)
    
       - OPCache
         . Added function opcache_is_script_cached(). (Danack)
         . Added information about interned strings usage. (Terry, Julien, Dmitry)
    
       - Openssl:
         . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
    
       - GMP
         . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
    
       - SQLite:
         . Updated bundled libsqlite to 3.8.3.1 (Anatol)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/php/phpversion.mk
       cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php55/Makefile
       cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php55/distinfo
       cvs rdiff -u -r1.1 -r0 \
           pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
       cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php55/patches/patch-php.ini-development \
           pkgsrc/lang/php55/patches/patch-php.ini-production
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Sat Apr  5 03:43:40 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: Makefile Makefile.php distinfo
       	pkgsrc/lang/php54/patches: patch-php.ini-development
       	    patch-php.ini-production
       Removed Files:
       	pkgsrc/lang/php54/patches: patch-ext_fileinfo_data__file.c
    
       Log Message:
       Update php54 to 5.4.27.  CVE-2013-7345 is already fixed in 5.4.26nb2.
    
       03 Apr 2014, PHP 5.4.27
    
       - Core:
         . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
    
       - Fileinfo:
         . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
           expression). (CVE-2013-7345) (Remi)
    
       - FPM:
         . Added clear_env configuration directive to disable clearenv() call.
         (Github PR# 598, Paul Annesley)
    
       - GMP
         . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)
    
       - Mail:
         . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
    
       - MySQLi:
         . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
         (Remi)
    
       - Openssl:
         . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
       cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
       cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
       cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
       cvs rdiff -u -r1.1 -r0 \
           pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
       cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-development \
           pkgsrc/lang/php54/patches/patch-php.ini-production
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	jperkin
       Date:		Mon Apr 14 10:17:19 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php55: distinfo
       Added Files:
       	pkgsrc/lang/php55/patches: patch-ext_sqlite3_libsqlite_sqlite3.c
    
       Log Message:
       Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment
       from the PHP build.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/php55/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Thu May  1 15:52:33 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php55: distinfo
       	pkgsrc/lang/php55/patches: patch-configure
       	    patch-ext_sqlite3_libsqlite_sqlite3.c
    
       Log Message:
       Update php55 to 5.5.12.
    
       01 May 2014, PHP 5.5.12
       - Core:
         . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
         . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
           UNIX sockets). (Mike)
         . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
         . Fixed bug #66736 (fpassthru broken). (Mike)
         . Fixed bug #67024 (getimagesize should recognize BMP files with negative
           height). (Gabor Buella)
         . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
    
       - cURL:
         . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
           (Freek Lijten)
    
       - Date:
         . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
           supplied). (Boro Sitnikovski)
    
       - Embed:
         . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
    
       - Fileinfo:
         . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
           (Remi)
    
       - FPM:
         . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
         . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
    
       - JSON:
         . Fixed bug #66021 (Blank line inside empty array/object when
           JSON_PRETTY_PRINT is set). (Kevin Israel)
    
       - LDAP:
         . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
    
       - mysqli:
         . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
           (extra comma) and third parameters (lack of escaping). (Andrey)
    
       - OpenSSL:
         . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
         . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
    
       - SimpleXML:
         . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
           (Anatol)
    
       - SQLite:
         . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
    
       - XSL:
         . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
           when loaded with "file://"). (Anatol)
    
       - Apache2 Handler SAPI:
         . Fixed Apache log issue caused by APR's lack of support for %zu
           (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
           (Jeff Trawick)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.60 -r1.61 pkgsrc/lang/php/phpversion.mk
       cvs rdiff -u -r1.19 -r1.20 pkgsrc/lang/php55/distinfo
       cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php55/patches/patch-configure
       cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Fri May  2 13:04:12 UTC 2014
    
       Modified Files:
       	pkgsrc/lang/php: phpversion.mk
       	pkgsrc/lang/php54: distinfo
       	pkgsrc/lang/php54/patches: patch-configure
    
       Log Message:
       Update php54 to 5.4.28.
    
       01 May 2014, PHP 5.4.28
    
       - Core:
         . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
         . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
           UNIX sockets). (Mike)
         . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
           (Jann Horn, Stas)
         . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
         . Fixed bug #66736 (fpassthru broken). (Mike)
         . Fixed bug #67024 (getimagesize should recognize BMP files with negative
           height). (Gabor Buella)
    
       - cURL:
         . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
           (Freek Lijten)
    
       - Date:
         . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
           supplied). (Boro Sitnikovski)
    
       - Embed:
         . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
    
       - Fileinfo:
         . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
           (Remi)
    
       - FPM:
         . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
         . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
           default configuration) (CVE-2014-0185). (Stas)
    
       - JSON:
         . Fixed bug #66021 (Blank line inside empty array/object when
           JSON_PRETTY_PRINT is set). (Kevin Israel)
    
       - LDAP:
         . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
    
       - OpenSSL:
         . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
         . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
    
       - SimpleXML:
         . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
           (Anatol)
    
       - XSL:
         . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
           when loaded with "file://"). (Anatol)
    
       - Apache2 Handler SAPI:
         . Fixed Apache log issue caused by APR's lack of support for %zu
           (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
           (Jeff Trawick)
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.61 -r1.62 pkgsrc/lang/php/phpversion.mk
       cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php54/distinfo
       cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/patches/patch-configure
    
    -------------------------------------------------------------------
       Module Name:	pkgsrc
       Committed By:	he
       Date:		Sun May 11 11:20:48 UTC 2014
    
       Modified Files:
       	pkgsrc/graphics/php-gd: Makefile
       	pkgsrc/lang/php53: distinfo
       	pkgsrc/lang/php54: distinfo
       	pkgsrc/lang/php55: distinfo
       Added Files:
       	pkgsrc/lang/php53/patches: patch-ext_gd_libgd_gdxpm.c
       	pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
       	pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
    
       Log Message:
       Apply a patch to fix CVE-2014-2497, taken from
       https://bugs.php.net/patch-display.php?bug_id=66901
       Bump PKGREVISION for php-gd correspondingly.
    
    
       To generate a diff of this commit:
       cvs rdiff -u -r1.35 -r1.36 pkgsrc/graphics/php-gd/Makefile
       cvs rdiff -u -r1.72 -r1.73 pkgsrc/lang/php53/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
       cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php54/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
       cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php55/distinfo
       cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
Commits on May 28, 2014
  1. Pullup ticket #4423 - requested by taca

    tron
    tron committed May 28, 2014
    www/p5-LWP-Protocol-https: security patch
    
    Apply patch to fix CVE-2014-3230.
  2. Pullup ticket #4425 - requested by taca

    tron
    tron committed May 28, 2014
    mail/dovecot2-pigeonhole: keep in step with mail/dovecot2
    
    Revisions pulled up:
    - mail/dovecot2-pigeonhole/Makefile                             1.18
    - mail/dovecot2-pigeonhole/PLIST                                1.6
    - mail/dovecot2-pigeonhole/distinfo                             1.12
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Wed May 14 06:10:36 UTC 2014
    
       Modified Files:
       	pkgsrc/mail/dovecot2-pigeonhole: Makefile PLIST distinfo
    
       Log Message:
       Changes 0.4.3:
    
       * Editheader extension: Made control characters allowed for editheader,
         except NUL. Before, this would cause a runtime error.
       + Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
         match the new draft "duplicate" extension.
       - Fixed sieve_result_global_log_error to log only as i_info in
         administrator log (syslog) if executed from multiscript context.
       - Sieve redirect extension: Adjusted loop detection to show leniency to
         resent messages.
       - Sieve include extension: Fixed problem with handling of duplicate
         includes with different parameters :once or :optional.
       - Sieve spamtest/virustest extensions: Tests were erroneously performed
         against the original message. When used together with extprograms
         filter to add the spam headers, the changes were not being used by
         the spamtest and virustest extensions.
       - Deprecated Sieve notify extension: Fixed segfault problems in message
         string substitution.
       - ManageSieve: Fixed active link verification to handle redundant path
         slashes correctly.
       - Sieve vacation extension:
         - Fixed interaction of sieve_vacation_dont_check_recipient with
           sieve_vacation_send_from_recipient setting.
         - Fixed log message for discarded response.
       - Sieve extprograms plugin:
         - Forgot to disable the alarm() timeouts set for script execution.
         - Fixed fd leak and handling of output shutdown.
         - Fixed 'Bad filedescriptor' error occurring when disconnecting
           script client.
         - Made sure that programs are never forked with root privileges.
  3. Pullup ticket #4424 - requested by taca

    tron
    tron committed May 28, 2014
    mail/dovecot2: security update
    
    Revisions pulled up:
    - mail/dovecot2/Makefile                                        1.61-1.62
    - mail/dovecot2/PLIST                                           1.35
    - mail/dovecot2/distinfo                                        1.46
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Wed Apr  9 07:27:19 UTC 2014
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile
    
       Log Message:
       recursive bump from icu shlib major bump.
    
    ---
       Module Name:	pkgsrc
       Committed By:	adam
       Date:		Wed May 14 06:09:53 UTC 2014
    
       Modified Files:
       	pkgsrc/mail/dovecot2: Makefile PLIST distinfo
    
       Log Message:
       Changes 2.2.13:
       * Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS
         handshake was started but wasn't finished, the login process
         attempted to eventually forcibly disconnect the client, but failed
         to do it correctly. This could have left the connections hanging
         arond for a long time. (Affected Dovecot v1.1+)
    
       + mdbox: Added mdbox_purge_preserve_alt setting to keep the file
         within alt storage during purge. (Should become enforced in v2.3.0?)
       + fts: Added support for parsing attachments via Apache Tika. Enable
         with: plugin { fts_tika = http://tikahost:9998/tika/ }
       + virtual plugin: Delay opening backend mailboxes until it's necessary.
         This requires mailbox_list_index=yes to work. (Currently IMAP IDLE
         command still causes all backend mailboxes to be opened.)
       + mail_never_cache_fields=* means now to disable all caching. This may
         be a useful optimization as doveadm/dsync parameter for some admin
         tasks which shouldn't really update the cache file.
       + IMAP: Return SPECIAL-USE flags always for LSUB command.
       - pop3 server was still crashing in v2.2.12 with some settings
       - maildir: Various fixes and improvements to handling compressed mails,
         especially when they have broken/missing S=sizes in filenames.
       - fts-lucene, fts-solr: Fixed crash on search when the index contained
         duplicate entries.
       - Many fixes and performance improvements to dsync and replication
       - director was somewhat broken when there were exactly two directors
         in the ring. It caused errors about "weak users" getting stuck.
       - mail_attachment_dir: Attachments with the last base64-encoded line
         longer than the rest wasn't handled correctly.
       - IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
       - acl: Global ACL file handling was broken when multiple entries
         matched the mailbox name. (Only the first entry was used.)
  4. Pullup ticket #4421 - requested by taca

    tron
    tron committed May 28, 2014
    www/typo3_61: security update
    
    Revisions pulled up:
    - www/typo3_61/Makefile                                         1.5
    - www/typo3_61/PLIST                                            1.3
    - www/typo3_61/distinfo                                         1.4
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue May 27 13:52:14 UTC 2014
    
       Modified Files:
       	pkgsrc/www/typo3_61: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_61 to 6.1.9 (TYPO3 6.1.9), contains several security fixes=
       .=
    
    
       2014-05-22  2bb8360                  [RELEASE] Release of TYPO3 6.1.9 (=
       TYPO3 Release Team)
       2014-05-22  6fafbf7  #30377          [SECURITY] Add trusted HTTP_HOST c=
       onfiguration (Helmut Hummel)
       2014-05-22  2994a1c  #54111,#54113   [SECURITY] XSS in (old) extension =
       manager information function (Nicole Cordes)
       2014-05-22  12741ad  #48695          [SECURITY] XSS in new content elem=
       ent wizard (Marcus Krause)
       2014-05-22  7595ad4  #54109          [SECURITY] XSS in template tools o=
       n root page (Marc Bastian Heinrichs)
       2014-05-22  6965806  #57576          [SECURITY] XSS in Backend Layout W=
       izard (Helmut Hummel)
       2014-05-22  54e4691  #48693          [SECURITY] Encode URL for use in J=
       avaScript (Jigal van Hemert)
       2014-05-22  b6826ff  #56458          [SECURITY] Fix insecure unserializ=
       e in colorpicker (Helmut Hummel)
       2014-05-22  32efb1b  #54526          [SECURITY] Remove charts.swf to ge=
       t rid of XSS vulnerability (Helmut Hummel)
       2014-05-21  6a91a90  #54917          [BUGFIX] Indexer tries to insert N=
       ULL into DB (Markus Klein)
       2014-05-15  3ee99e9  #58842          [BUGFIX] Wrong system requirements=
        link (Markus Klein)
       2014-05-14  f86e016  #58529          [BUGFIX] DependencyUtility does co=
       unt() on an integer (Markus Klein)
       2014-05-08  fb8370d  #58187          [BUGFIX] Solve stackoverflow in pr=
       ototype in IE8 (Jigal van Hemert)
       2014-05-08  3abc703  #58373          [BUGFIX] Default image title in RT=
       E contains the file name (Stanislas Rolland)
       2014-05-05  db90a26  #45183          [BUGFIX] Wrong result on empty str=
       ing globalString condition (Marc Bastian Heinrichs)
       2014-05-04  d422bf6  #58504          [BUGFIX] saltedpasswords: Check rs=
       aauth loading (Nicole Cordes)
       2014-05-04  05ef8fe  #58484          [BUGFIX] SoftReferenceIndex suppor=
       t for more values in class attribute (Marc Bastian Heinrichs)
       2014-05-02  a49ddfd  #58418          [BUGFIX] Retrieving extension fail=
       s with some PHP versions (Sascha Wilking)
       2014-04-29  0150f9c  #58166          [BUGFIX] Wrong comment in ActionMe=
       nuViewHelper (Markus Klein)
       2014-04-25  8cf4f78  #58180          [BUGFIX] Database query error for =
       non-workspaces tables (Oliver Hader)
       2014-04-16  a4f013a                  [TASK] Set TYPO3 version to 6.1.9-=
       dev (TYPO3 Release Team)
    
       2014-04-16  d94f80d                  [RELEASE] Release of TYPO3 6.1.8 (=
       TYPO3 Release Team)
       2014-04-16  68763fa  #57957          [BUGFIX] DBAL sql_fetch_* must ret=
       urn boolean or array (Jigal van Hemert)
       2014-04-16  65896ee  #24925,#24871   [BUGFIX] Followup: Mandatory for S=
       electbox with TCA not possible (Stefan Neufeind)
       2014-04-15  8e8b020  #24925,#24871   [BUGFIX] Mandatory for Selectbox w=
       ith TCA not possible (Benjamin Mack)
       2014-04-15  d124103  #56580          [BUGFIX] SoftReferenceIndex typoli=
       nk lacks support for title attributes (Marc Bastian Heinrichs)
       2014-04-15  6139c97  #56991          [BUGFIX] Fix refindex for FlexForm=
        fields type group file_reference (Marc Bastian Heinrichs)
       2014-04-15  1dbfe75  #56353,#56352   [BUGFIX] Fields of type group file=
        are not properly indexed (Marc Bastian Heinrichs)
       2014-04-15  b22b39d  #57010          [BUGFIX] Add SoftIndex parser typo=
       link to link in sys_file_reference (Marc Bastian Heinrichs)
       2014-04-15  5dd53b1  #51768          [TASK] Updates prototype and scrip=
       taculous, fixing IE9+ issues (Ernesto Baschny)
       2014-04-12  a60b6dc  #47694          [BUGFIX] Follow up foreign_match_f=
       ields not fully supported (Marc Bastian Heinrichs)
       2014-04-12  b93d9b4  #50378          [BUGFIX] sql_free_result does not =
       work with all allowed types (Wouter Wolters)
       2014-04-07  a896350  #57690          [BUGFIX] User settings do not obey=
        setup.override (Markus Klein)
       2014-04-05  21f0d12  #55683          [BUGFIX] ClickMenu: Visibility-opt=
       ions only if fields allowed (Stefan Neufeind)
       2014-04-04  2b3dd27  #57656          [TASK] Integrate default README.tx=
       t (Oliver Hader)
       2014-04-04  1329a96  #57603          [SECURITY] Prevent XSS in schedule=
       r form (Nicole Cordes)
       2014-04-01  6ae6b40  #57518          [BUGFIX] Make Extbase EnvironmentS=
       ervice a Singleton (Marc Bastian Heinrichs)
       2014-03-31  03ec17a  #57296          [BUGFIX] Test typeof TBE_EDITOR fo=
       r object not function (Alexander Opitz)
       2014-03-26  2b5c50e  #54394          [BUGFIX] Exception if thumbnail do=
       es not exist (Markus Klein)
       2014-03-24  cbdd065  #57238          [BUGFIX] Typo in Extbase localizat=
       ion file (Xavier Perseguers)
       2014-03-23  fc5b7b2  #57179          [BUGFIX] Module Menu throws PHP wa=
       rning for top level menu items (Benjamin Mack)
       2014-03-23  9b36936  #57202          [BUGFIX] Parsetime: config.debug s=
       hould override LocalConfiguration (Stefan Neufeind)
       2014-03-19  819218a  #55340          [BUGFIX] Several typos in Page Bro=
       wsing ViewHelper (Benjamin Rau)
       2014-03-19  f8233c1  #56205          [BUGFIX] Cannot use contain with m=
       ultivalued static enumeration column (Xavier Perseguers)
       2014-03-14  d5160a9  #56150          [BUGFIX] RootlineUtility does not =
       consider disablefield (Christian Reiter)
       2014-03-13  2a80fcd  #56855          [BUGFIX] Extbase tries to overlay =
       pages_language_overlay records (Stanislas Rolland)
       2014-03-13  2ee3509  #56720          [BUGFIX] Alignment of button "add =
       a new element at this place" (Patrick Broens)
       2014-03-13  bed1054  #56830          [BUGFIX] Show thumbnails in list m=
       odule (Markus Klein)
       2014-03-13  3800d8b  #56084          [BUGFIX] Followup: Ajax handler TY=
       PO3_tcefile::process is broken (Frans Saris)
       2014-03-12  d405041  #23864          [BUGFIX] Correctly validate New Co=
       ntent Element entries (Ludwig Rafelsberger)
       2014-03-10  06e5ad9  #52386          [BUGFIX] Allow record insert on ro=
       otlevel (Benjamin Serfhos)
       2014-03-08  2df9cb9  #43885          [BUGFIX] Temporary DB tree mount n=
       otice missing in ElementBrowser (Lorenz Ulrich)
       2014-03-07  472a2f2  #55457          [BUGFIX] RTE on first new IRRE rec=
       ord keeps loading in IE (Stanislas Rolland)
       2014-03-07  e61b2cf  #23552          [BUGFIX] Default size for group-ty=
       pe fields (Christian Plattner)
       2014-03-05  f8c9a77  #46185          [BUGFIX] IdentityProperties were n=
       ot set (Stefan Froemken)
       2014-03-05  e7cf550  #11771          [BUGFIX] Catch all errors while st=
       arting installer (Alexander Opitz)
       2014-03-03  28d25c9  #56262          [BUGFIX] Double escape of title in=
        indexed search (Markus Klein)
       2014-02-28  ded338b  #56378          [BUGFIX] Do not log with severity =
       1320177676 (Christian Weiske)
       2014-02-28  8f0ce1c  #56421          [BUGFIX] @return for TYPO3\CMS\Sv\=
       AuthenticationService::authUser (Christian Weiske)
       2014-02-28  342686b  #41413          [BUGFIX] URL-encoded title in link=
        wizard (Helmut Hummel)
       2014-02-27  5ce3128  #55966          [BUGFIX] Revert "[TASK] Use a 401 =
       header if login is not successful" (Markus Klein)
       2014-02-25  a5d8893  #56184          [BUGFIX] Paginator in TER list not=
        using ajax (Jigal van Hemert)
       2014-02-25  b4a8235  #23984          [BUGFIX] felogin reset password li=
       nks not clickable (Jigal van Hemert)
       2014-02-24  5da89e2  #56242          [BUGFIX] Fix JS concat if first fi=
       le is forced on top (Benjamin Kott)
       2014-02-21  c47d8c5  #54724          [BUGFIX] Use count on storage afte=
       r initialization of LazyObjectStorage (Marc Bastian Heinrichs)
       2014-02-21  6512f65  #49499          [BUGFIX] Fix possible language han=
       dling issue (Markus Klein)
       2014-02-20  b09e7f9  #39048          [BUGFIX] Rendering inline TCEforms=
        without AJAX is broken (Alexander Jahn)
       2014-02-20  c9ae284  #53116,#56019   [BUGFIX] concatenateJs/Css does no=
       t consider forceOnTop (Markus Klein)
       2014-02-20  b8eeb55  #56135          [BUGFIX] DatabaseConnection::listQ=
       uery wrong usage of strpos() (Markus Klein)
       2014-02-19  bd607e2  #55286          [BUGFIX] Suppress EXIF warnings in=
       dexing images (Felix Althaus)
       2014-02-19  45f944c  #56067          [BUGFIX] Various static calls to n=
       on-static functions (Markus Klein)
       2014-02-19  d2ef187  #56057          [BUGFIX] Add missing htmlspecialch=
       ars for thumbnail URL (Wouter Wolters)
       2014-02-18  b7169bb  #52955          [BUGFIX] Show labels of additional=
        doktypes in new page drag area (Caspar Stuebs)
       2014-02-18  7af5ad6  #54304          [BUGFIX] Missing encoding in flexf=
       orms IRRE javascript (Alexey Gafiulov)
       2014-02-17  48eab76  #52527          [BUGFIX] addToAllTCAtypes() doesn'=
       t add new field (Tomita Militaru)
       2014-02-17  6344793  #56037          [BUGFIX] Fix clipboard thumbnail r=
       endering (Frans Saris)
       2014-02-17  dc0ec8a  #55998          [BUGFIX] Usage of undefined variab=
       les in ShortcutToolbarItem (Tim Lochmueller)
       2014-02-17  52c294b  #55362          [BUGFIX] CommandController is not =
       executed at same time (Tom Ruether)
       2014-02-11  c9ffade  #49440          [BUGFIX] Missing label felogin_for=
       gotHash (Karol Lamparski)
       2014-02-11  edbef68  #53028          [BUGFIX] cache_clearAtMidnight con=
       flicts with content start/endtime (Dmitry Dulepov)
       2014-02-10  474380f                  [TASK] Execute lint in parallel (H=
       elmut Hummel)
       2014-02-09  e36633a  #53768,#28745   [BUGFIX] Allow to render the same =
       TS object twice (Markus Klein)
       2014-02-09  9971136  #55821          [BUGFIX] Tests: Remove unstable Ge=
       neralUtilityTest::getUrl* (Christian Kuhn)
       2014-02-09  101be25  #18797          [BUGFIX] "New page" wizard disclos=
       es existence of pages outside DB mount (Nicole Cordes)
       2014-02-09  5f6d783  #53564          [TASK] Add possibility creating ac=
       cessible mock for abstract classes (Marc Bastian Heinrichs)
       2014-02-08  cead255  #16491          [BUGFIX] CSV-Download not working =
       in IE and HTTPS backend (Wouter Wolters)
       2014-02-08  98c8e0a  #55698          [BUGFIX] Fix "action" labels in BE=
        log (Thorsten Kahler)
       2014-02-07  9e79487  #55611          [TASK] Move cursor::pointer to com=
       plete header area in IRRE (Georg Ringer)
       2014-02-06  79d2bac  #54131          [BUGFIX] Followup to #54131 (Frans=
        Saris)
       2014-02-06  ad267f8  #55713          [BUGFIX] Missing namespace in Cont=
       entObjectRenderer (Markus Klein)
       2014-02-05  27c1f61  #54112          [BUGFIX] Set missing markers to em=
       pty string (Bernhard Kraft)
       2014-02-04  4d7947a  #55434          [BUGFIX] Various PHP Warnings with=
        invalid credentials (Xavier Perseguers)
       2014-02-03  1263413  #54467          [BUGFIX] TSFE->altPageTitle can no=
       t be set in extensions (Markus Klein)
       2014-02-03  a070a5c  #54371          [BUGFIX] Add stdWrap on value prop=
       erty of TEXT (Markus Klein)
       2014-02-03  85b3fed  #52048          [BUGFIX] Locker throws exception i=
       f semaphore can not be acquired (Markus Klein)
       2014-02-02  af8f6eb  #54289          [BUGFIX] PropertyMapper does not w=
       ork with class aliasses (Frans Saris)
       2014-01-31  9596d4d  #54131          [BUGFIX] getLabelsFromItemsList() =
       retuns no value when no item found (Frans Saris)
       2014-01-30  3dcc61d  #55475          [BUGFIX] Regression in DataHandler=
        (Wouter Wolters)
       2014-01-30  a5e884f  #55458          [BUGFIX] DocumentTemplate class in=
       serts inDocStyles twice (Stefan Neufeind)
       2014-01-30  084b5a9  #41450          [BUGFIX] Handle empty tags in lang=
       uage pack index files (Alexander Stehlik)
       2014-01-29  b81c5d5  #55407          [BUGFIX] ClickMenu does not show d=
       estination-foldername (Stefan Neufeind)
       2014-01-28  d6803b7  #55350          [BUGFIX] Invalid constant in the d=
       omain redirect function (Tim Lochmueller)
       2014-01-27  91b1db0  #55377          [TASK] Change repository url for i=
       ntroduction package (Philipp Gampe)
       2014-01-27  1af64b0  #55366          [TASK] Change phpunit repository u=
       rl for travis (Philipp Gampe)
       2014-01-24  3cefa40  #53964          [BUGFIX] Better description of [BE=
       ][unzip_path]/[BE][diff_path] (Markus Klein)
       2014-01-24  041780f  #55093          [BUGFIX] Simulate time in TYPO3 ad=
       min panel broken (Peter Niederlag)
       2014-01-23  8f55af7  #53201          [BUGFIX] sys_category table not li=
       sted in allowed excludefields (Tomita Militaru)
       2014-01-23  eec8579  #53665          [BUGFIX] Removing single category =
       item not possible (Francois Suter)
       2014-01-23  57b70f7  #54849          [BUGFIX] CLI context cannot write =
       to backend log (Oliver Hader)
       2014-01-22  b865ad9  #55246          [BUGFIX] Class 'TYPO3\CMS\Recordli=
       st\Browser\GeneralUtility' not found (Oliver Hader)
       2014-01-21  c96321d  #37539          [BUGFIX] Static method cannot be a=
       bstract (Xavier Perseguers)
       2014-01-21  ae54769  #54884          [BUGFIX] RootlineUtility does not =
       consider foreign_sorting (Markus Klein)
       2014-01-16  0965b22  #53712          [BUGFIX] Create valid file referen=
       ce index data (Alexander Stehlik)
       2014-01-16  b7ce3ef  #50266          [BUGFIX] File browser fails on ine=
       xistent expandFolder (Mario Rimann)
       2014-01-15  429e13d  #34631          [BUGFIX] Show correct record title=
        for be_groups and be_users (Markus Klein)
       2014-01-15  5b23142  #54995          [BUGFIX] PHP warnings in ElementBr=
       owser (Markus Klein)
       2014-01-14  0ac8948  #54959          [TASK] Speedup typolink root-line =
       handling (Steffen Ritter)
       2014-01-14  714fca7  #53826          [BUGFIX] Folder tree in popup thro=
       ws JS error (Aske Ertmann)
       2014-01-14  f68832a  #53352          [BUGFIX] Add defaultTypoScript to =
       hierachyInfo (Peter Niederlag)
       2014-01-13  22d3be1  #51805          [BUGFIX] Template dropdown doesn't=
        refresh template title after save (Torben Hansen)
       2014-01-11  72f5d5a  #54909          [BUGFIX] Add missing logger names =
       (Steffen M=FCller)
       2014-01-09  2620cb5  #53975          [BUGFIX] Allow empty values in sta=
       rt/stop filter of belog (Steffen M=FCller)
       2014-01-09  c99a07a  #53862          [BUGFIX] isValidUrl() idna convert=
       s whole URI (Michiel Roos)
       2014-01-09  4e3e3dc  #52554          [TASK] Change list view delete ico=
       n if record is deleted in WS (Sascha Egerer)
       2014-01-09  f378b40  #31797          [BUGFIX] Properly escape the Image=
       Magick frame selector (Georg Ringer)
       2014-01-09  7d3eb35  #24877,#6708    [BUGFIX] Only create one keypair i=
       n rsaauth (Tom Ruether)
       2014-01-09  a31b325  #38767          [BUGFIX] use search word(s) for or=
       dering search results (again) (Ralf Hettinger)
       2014-01-08  03d6320  #47694          [BUGFIX] foreign_match_fields not =
       fully supported (Stefan Froemken)
       2014-01-08  e959451  #53727          [BUGFIX] Form Wizard saving destro=
       ys Radio Buttons (Markus Klein)
       2014-01-08  42a3eb3  #52133          [BUGFIX] Display relations' titles=
        when TCA label field is type inline (Claus Due)
       2014-01-07  272f80c  #54807          [BUGFIX] PageBrowsing ViewHelper d=
       efines unused method argument (Benjamin Rau)
       2014-01-07  e09b381  #54808          [BUGFIX] Repository uses wrong pro=
       perty to calc current result page (Benjamin Rau)
       2014-01-04  81a30e8  #53662          [BUGFIX] Allow NULL values in INSE=
       RT queries (Alexander Stehlik)
       2014-01-04  67ac84c  #53682          [TASK] Optimize speed for instanti=
       ating class with arguments (Helmut Hummel)
       2013-12-23  9283d4b  #54115          [BUGFIX] ClassAliasMap, Tx_ VH nam=
       espace and closing tag throws Exception (Claus Due)
       2013-12-21  8379b1a  #54531          [BUGFIX] Fix message for install t=
       ool warning (Cynthia Mattingly)
       2013-12-18  a95ab93  #54369          [TASK] Fix travis builds (Markus K=
       lein)
       2013-12-18  2a4d603  #51752          [BUGFIX] ArrayIterator::seek() war=
       ning in ElementBrowser (Markus Klein)
       2013-12-18  e4590fe  #52059          [BUGFIX] felogin: Unknown modifier=
        in regular expression (Wouter Wolters)
       2013-12-18  e8978f9  #47648          [BUGFIX] Remove ElementBrowser::is=
       ReadOnlyFolder (Markus Klein)
       2013-12-13  be7505a  #54027          [BUGFIX] No double htmlspecialchar=
       s for filemount select (Alexander Stehlik)
       2013-12-12  41fe22d  #53818          [BUGFIX] Cleanly unset cookies on =
       login in cookie-check (Stefan Neufeind)
  5. Pullup ticket #4420 - requested by taca

    tron
    tron committed May 28, 2014
    www/typo3_60: security update
    
    Revisions pulled up:
    - www/typo3_60/Makefile                                         1.8
    - www/typo3_60/PLIST                                            1.7
    - www/typo3_60/distinfo                                         1.8
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue May 27 13:50:48 UTC 2014
    
       Modified Files:
       	pkgsrc/www/typo3_60: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_60 to 6.0.14 (TYPO3 6.0.14), contains several security fixes.
    
       2014-05-22  d1d252f                  [RELEASE] Release of TYPO3 6.0.14 (TYPO3 Release Team)
       2014-05-22  37273fb  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
       2014-05-22  edd27ad  #54111,#54113   [SECURITY] XSS in (old) extension manager information function (Nicole Cordes)
       2014-05-22  00f00b1  #48695          [SECURITY] XSS in new content element wizard (Marcus Krause)
       2014-05-22  6b7f3a8  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
       2014-05-22  5935348  #57576          [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)
       2014-05-22  dda1739  #48693          [SECURITY] Encode URL for use in JavaScript (Jigal van Hemert)
       2014-05-22  5e00a13  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
       2014-05-22  0f29e1f  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
       2014-05-21  e50f6a6  #54917          [BUGFIX] Indexer tries to insert NULL into DB (Markus Klein)
       2014-05-15  53c830f  #53079          [BUGFIX] FlashMessageService not available in TYPO3 6.0 (Oliver Hader)
       2014-05-14  459c34d  #58529          [BUGFIX] DependencyUtility does count() on an integer (Markus Klein)
       2014-04-25  bd704d5  #58180          [BUGFIX] Database query error for non-workspaces tables (Oliver Hader)
       2014-04-16  d1fc88d                  [TASK] Set TYPO3 version to 6.0.14-dev (TYPO3 Release Team)
    
       2014-04-16  be80735                  [RELEASE] Release of TYPO3 6.0.13 (TYPO3 Release Team)
       2014-04-15  d9e6546  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
       2014-04-15  48f974e  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
       2014-04-15  9d1c880  #56991          [BUGFIX] Fix refindex for FlexForm fields type group file_reference (Marc Bastian Heinrichs)
       2014-04-15  75f6b1b  #56353,#56352   [BUGFIX] Fields of type group file are not properly indexed (Marc Bastian Heinrichs)
       2014-04-15  4e64a39  #57010          [BUGFIX] Add SoftIndex parser typolink to link in sys_file_reference (Marc Bastian Heinrichs)
       2014-04-04  72be9f3  #57656          [TASK] Integrate default README.txt (Oliver Hader)
       2014-04-04  de4e047  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
       2014-03-31  03646f1  #57296          [BUGFIX] Test typeof TBE_EDITOR for object not function (Alexander Opitz)
       2014-03-24  87d3d40  #57238          [BUGFIX] Typo in Extbase localization file (Xavier Perseguers)
       2014-03-13  be10ede  #56855          [BUGFIX] Extbase tries to overlay pages_language_overlay records (Stanislas Rolland)
       2014-03-08  15b15c0  #43885          [BUGFIX] Temporary DB tree mount notice missing in ElementBrowser (Lorenz Ulrich)
       2014-03-05  99025c1  #46185          [BUGFIX] IdentityProperties were not set (Stefan Froemken)
       2014-03-03  69c103b  #56262          [BUGFIX] Double escape of title in indexed search (Markus Klein)
       2014-02-28  cf83948  #56378          [BUGFIX] Do not log with severity 1320177676 (Christian Weiske)
       2014-02-28  432a7bd  #56421          [BUGFIX] @return for TYPO3\CMS\Sv\AuthenticationService::authUser (Christian Weiske)
       2014-02-28  1474e2c  #41413          [BUGFIX] URL-encoded title in link wizard (Helmut Hummel)
       2014-02-27  ab4ef14  #55966          [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
       2014-02-25  95cb16e  #56184          [BUGFIX] Paginator in TER list not using ajax (Jigal van Hemert)
       2014-02-25  8c2179f  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
       2014-02-21  9ebf4bb  #54724          [BUGFIX] Use count on storage after initialization of LazyObjectStorage (Marc Bastian Heinrichs)
       2014-02-21  4b44141  #49499          [BUGFIX] Fix possible language handling issue (Markus Klein)
       2014-02-20  568b9bf  #56135          [BUGFIX] DatabaseConnection::listQuery wrong usage of strpos() (Markus Klein)
       2014-02-19  40d97d5  #56067          [BUGFIX] Various static calls to non-static functions (Markus Klein)
       2014-02-18  e428692  #54304          [BUGFIX] Missing encoding in flexforms IRRE javascript (Alexey Gafiulov)
       2014-02-17  a335bcf  #52527          [BUGFIX] addToAllTCAtypes() doesn't add new field (Tomita Militaru)
       2014-02-17  88fd2df  #55998          [BUGFIX] Usage of undefined variables in ShortcutToolbarItem (Tim Lochmueller)
       2014-02-11  e2ebdfd  #53028          [BUGFIX] cache_clearAtMidnight conflicts with content start/endtime (Dmitry Dulepov)
       2014-02-10  e73b549                  [TASK] Execute lint in parallel (Helmut Hummel)
       2014-02-09  d2881f5  #53768,#28745   [BUGFIX] Allow to render the same TS object twice (Markus Klein)
       2014-02-09  228fbc5  #55821          [BUGFIX] Tests: Remove unstable GeneralUtilityTest::getUrl* (Christian Kuhn)
       2014-02-09  d9bf811  #18797          [BUGFIX] "New page" wizard discloses existence of pages outside DB mount (Nicole Cordes)
       2014-02-09  2a233ef  #53564          [TASK] Add possibility creating accessible mock for abstract classes (Marc Bastian Heinrichs)
       2014-02-08  33a058b  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Wouter Wolters)
       2014-02-06  0fe2509  #55713          [BUGFIX] Missing namespace in ContentObjectRenderer (Markus Klein)
       2014-02-05  0004322  #54112          [BUGFIX] Set missing markers to empty string (Bernhard Kraft)
       2014-02-03  8623b17  #54371          [BUGFIX] Add stdWrap on value property of TEXT (Markus Klein)
       2014-02-03  e5a844d  #52048          [BUGFIX] Locker throws exception if semaphore can not be acquired (Markus Klein)
       2014-01-30  dc271e4  #55475          [BUGFIX] Regression in DataHandler (Wouter Wolters)
       2014-01-30  460da13  #41450          [BUGFIX] Handle empty tags in language pack index files (Alexander Stehlik)
       2014-01-29  3a84755  #55407          [BUGFIX] ClickMenu does not show destination-foldername (Stefan Neufeind)
       2014-01-28  e5df843  #55350          [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
       2014-01-27  3b2cb07  #55366,#55377   [TASK] Change phpunit repository url for travis (Philipp Gampe)
       2014-01-24  72db639  #55093          [BUGFIX] Simulate time in TYPO3 admin panel broken (Peter Niederlag)
       2014-01-23  68057cf  #54849          [BUGFIX] CLI context cannot write to backend log (Oliver Hader)
       2014-01-16  c4703db  #53712          [BUGFIX] Create valid file reference index data (Alexander Stehlik)
       2014-01-16  42cd027  #50266          [BUGFIX] File browser fails on inexistent expandFolder (Mario Rimann)
       2014-01-15  f76c7ea  #34631          [BUGFIX] Show correct record title for be_groups and be_users (Markus Klein)
       2014-01-14  f3d324d  #53826          [BUGFIX] Folder tree in popup throws JS error (Aske Ertmann)
       2014-01-14  df52d4a  #53352          [BUGFIX] Add defaultTypoScript to hierachyInfo (Peter Niederlag)
       2014-01-09  d0c4276  #53862          [BUGFIX] isValidUrl() idna converts whole URI (Michiel Roos)
       2014-01-09  9f330b7  #52554          [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
       2014-01-09  ffc3f2b  #24877,#6708    [BUGFIX] Only create one keypair in rsaauth (Tom Ruether)
       2014-01-09  583a51b  #38767          [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
       2014-01-08  74be2df  #38766          [BUGFIX] l10n_mode for "pages" table and group fields. (Johannes Feustel)
       2014-01-08  d1e2110  #53727          [BUGFIX] Form Wizard saving destroys Radio Buttons (Markus Klein)
       2014-01-08  96ff927  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Claus Due)
       2014-01-04  2c40d1b  #53662          [BUGFIX] Allow NULL values in INSERT queries (Alexander Stehlik)
       2014-01-04  dd187dd  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
       2013-12-23  c2211f5  #54115          [BUGFIX] ClassAliasMap, Tx_ VH namespace and closing tag throws Exception (Claus Due)
       2013-12-18  6be4de6  #54369          [TASK] Fix travis builds (Markus Klein)
       2013-12-18  e6bfc6e  #51752          [BUGFIX] ArrayIterator::seek() warning in ElementBrowser (Markus Klein)
       2013-12-18  1294fe7  #52059          [BUGFIX] felogin: Unknown modifier in regular expression (Wouter Wolters)
       2013-12-18  4f8c872  #47648          [BUGFIX] Remove ElementBrowser::isReadOnlyFolder (Markus Klein)
       2013-12-13  78b00f3  #54027          [BUGFIX] No double htmlspecialchars for filemount select (Alexander Stehlik)
       2013-12-12  28ca149  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
  6. Pullup ticket #4419 - requested by taca

    tron
    tron committed May 28, 2014
    www/typo3_47: security update
    
    Revisions pulled up:
    - www/typo3_47/Makefile                                         1.21
    - www/typo3_47/PLIST                                            1.11
    - www/typo3_47/distinfo                                         1.16
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue May 27 13:49:11 UTC 2014
    
       Modified Files:
       	pkgsrc/www/typo3_47: Makefile PLIST distinfo
    
       Log Message:
       Update to typo3_47 to 4.7.19 (TYPO3 4.7.19), contains several securify fixes.
    
       2014-05-22  4ebc6ca                  [RELEASE] Release of TYPO3 4.7.19 (TYPO3 Release Team)
       2014-05-22  07eba3e  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
       2014-05-22  ec33beb  #54111,#54113   [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
       2014-05-22  fb096e3  #48695          [SECURITY] XSS in new content element wizard (Markus Klein)
       2014-05-22  1389da5  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
       2014-05-22  65fc32f  #57576          [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
       2014-05-22  7bec5c8  #48693          [SECURITY] Encode URL for use in JavaScript (Markus Klein)
       2014-05-22  b907b64  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
       2014-05-22  c39bca9  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
       2014-04-16  53b74d7                  [TASK] Set TYPO3 version to 4.7.19-dev (TYPO3 Release Team)
    
       2014-04-16  26f503d                  [RELEASE] Release of TYPO3 4.7.18 (TYPO3 Release Team)
       2014-04-15  f329f76  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
       2014-04-15  9a2f402  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
       2014-04-04  d470aa5  #57656          [TASK] Integrate default README.txt (Oliver Hader)
       2014-04-04  be342b4  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
       2014-02-25  4dfb4d3  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
       2014-02-10  0345de6                  [TASK] Execute lint in parallel (Helmut Hummel)
       2014-02-09  df8e21b  #55811          [BUGFIX] Namespace usage in test (Christian Kuhn)
       2014-02-08  84d2050  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
       2014-01-27  a42059c  #55366,#55377   [TASK] Change phpunit repository url for travis (Philipp Gampe)
       2014-01-17  3d40e0a  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
       2014-01-16  394e421  #54748          [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
       2014-01-09  66bb350  #38767          [BUGFIX] use search word(s) for ordering search results (again) (Ralf Hettinger)
       2014-01-08  f3b8711  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
       2013-12-18  53a6a36  #54369          [TASK] Fix travis builds (Markus Klein)
       2013-12-12  019d6b7  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
  7. Pullup ticket #4418 - requested by taca

    tron
    tron committed May 28, 2014
    www/typo3_45: security update
    
    Revisions pulled up:
    - www/typo3_45/Makefile                                         1.30
    - www/typo3_45/PLIST                                            1.14
    - www/typo3_45/distinfo                                         1.25
    
    ---
       Module Name:	pkgsrc
       Committed By:	taca
       Date:		Tue May 27 13:47:25 UTC 2014
    
       Modified Files:
       	pkgsrc/www/typo3_45: Makefile PLIST distinfo
    
       Log Message:
       Update typo3_45 to 4.5.34 (TYPO4 4.5.34), contains several security fixes.
    
       2014-05-22  2ee368c                  [RELEASE] Release of TYPO3 4.5.34 (TYPO3 Release Team)
       2014-05-22  55d5f38  #30377          [SECURITY] Add trusted HTTP_HOST configuration (Helmut Hummel)
       2014-05-22  efb098b  #54111,#54113   [SECURITY] XSS in (old) extension manager information function (Marc Bastian Heinrichs)
       2014-05-22  94011a3  #48695          [SECURITY] XSS in new content element wizard (Markus Klein)
       2014-05-22  b62651b  #54109          [SECURITY] XSS in template tools on root page (Marc Bastian Heinrichs)
       2014-05-22  a98ae3c  #57576          [SECURITY] XSS in Backend Layout Wizard (Nicole Cordes)
       2014-05-22  4f7258c  #48693          [SECURITY] Encode URL for use in JavaScript (Markus Klein)
       2014-05-22  742ad49  #56458          [SECURITY] Fix insecure unserialize in colorpicker (Helmut Hummel)
       2014-05-22  9bd7776  #54526          [SECURITY] Remove charts.swf to get rid of XSS vulnerability (Helmut Hummel)
       2014-05-08  6ffdcee  #58187          [BUGFIX] Solve stackoverflow in prototype in IE8 (Jigal van Hemert)
       2014-04-16  5d6a16e                  [TASK] Set TYPO3 version to 4.5.34-dev (TYPO3 Release Team)
    
       2014-04-16  5bd6b52                  [RELEASE] Release of TYPO3 4.5.33 (TYPO3 Release Team)
       2014-04-15  aebc244  #51768          [TASK] Updates prototype and scriptaculous, fixing IE9+ issues (Ernesto Baschny)
       2014-04-15  51a3897  #57934          [BUGFIX] Use validEmail() instead of deprecated checkEmail() (Stefan Neufeind)
       2014-04-15  fcdaec0  #56580          [BUGFIX] SoftReferenceIndex typolink lacks support for title attributes (Marc Bastian Heinrichs)
       2014-04-04  4316e98  #57656          [TASK] Integrate default README.txt (Oliver Hader)
       2014-04-04  9d36515  #57603          [SECURITY] Prevent XSS in scheduler form (Nicole Cordes)
       2014-02-27  e34a90b  #55966          [BUGFIX] Revert "[TASK] Use a 401 header if login is not successful" (Markus Klein)
       2014-02-25  5c4554b  #23984          [BUGFIX] felogin reset password links not clickable (Jigal van Hemert)
       2014-02-09  7d6a8cc  #55811          [BUGFIX] Namespace usage in test (Christian Kuhn)
       2014-02-08  44d7cfc  #16491          [BUGFIX] CSV-Download not working in IE and HTTPS backend (Christian Kuhn)
       2014-01-30  138b13a  #55458          [BUGFIX] DocumentTemplate class inserts inDocStyles twice (Stefan Neufeind)
       2014-01-28  b867b04  #55350          [BUGFIX] Invalid constant in the domain redirect function (Tim Lochmueller)
       2014-01-17  ab6256f                  Revert "[TASK] Optimize speed for instantiating class with arguments" (Ernesto Baschny)
       2014-01-17  2526bdd  #53682          [TASK] Optimize speed for instantiating class with arguments (Helmut Hummel)
       2014-01-16  102307f  #54748          [BUGFIX] Fix PHP fatal error in be.tableList view helper (Marc Bastian Heinrichs)
       2014-01-09  e6643e1  #52554          [TASK] Change list view delete icon if record is deleted in WS (Sascha Egerer)
       2014-01-08  765882e  #52133          [BUGFIX] Display relations' titles when TCA label field is type inline (Stefan Froemken)
       2013-12-12  d3e9494  #53818          [BUGFIX] Cleanly unset cookies on login in cookie-check (Stefan Neufeind)
  8. Pullup ticket #4417 - requested by obache

    tron
    tron committed May 28, 2014
    emulators/suse131_x11: security update
    
    Revisions pulled up:
    - emulators/suse131_x11/Makefile                                1.6-1.7
    - emulators/suse131_x11/distinfo                                1.6
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri May 23 13:18:56 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_x11: Makefile distinfo
    
       Log Message:
       Apply openSUSE Security Update: openSUSE-SU-2014:0711-1
       libXfont: Fixed multiple vulnerabilities
    
          An update that fixes three vulnerabilities is now available.
    
       Description:
    
          libxfont was updated to fix multiple vulnerabilities:
          - Integer overflow of allocations in font metadata file parsing
            (CVE-2014-0209).
          - Unvalidated length fields when parsing xfs protocol replies
            (CVE-2014-0210).
          - Integer overflows calculating memory needs for xfs replies
            (CVE-2014-0211).
    
          These vulnerabilities could be used by a local, authenticated user to
          raise privileges
          or by a remote attacker with control of the font server to execute code
           with the privileges of the X server.
    
    ---
       Module Name:	pkgsrc
       Committed By:	obache
       Date:		Fri May 23 13:20:50 UTC 2014
    
       Modified Files:
       	pkgsrc/emulators/suse131_x11: Makefile
    
       Log Message:
       Bump PKGREVISION to refrect libXfont rpm update.
Commits on May 22, 2014
  1. Pullup ticket #4416.

    tron
    tron committed May 22, 2014
  2. Pullup ticket #4416 - requested by he

    tron
    tron committed May 22, 2014
    graphics/gimp: security patch
    
    Revisions pulled up:
    - graphics/gimp/Makefile                                        1.243 via patch
    - graphics/gimp/distinfo                                        1.81-1.82
    - graphics/gimp/patches/patch-plug-ins_common_file-xwd.c        1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	he
       Date:		Wed May 21 13:50:22 UTC 2014
    
       Modified Files:
       	pkgsrc/graphics/gimp: Makefile distinfo
       Added Files:
       	pkgsrc/graphics/gimp/patches: patch-plug-ins_common_file-xwd.c
    
       Log Message:
       Sanity check colormap size (CVE-2013-1913), valid range is 0 .. 256.
       Sanity check # of colors and map entries (CVE-2013-1978)
    
       From
         https://git.gnome.org/browse/gimp/patch/?id=32ae0f83e5748299641cceaabe3f80f1b3afd03e
       and
         https://git.gnome.org/browse/gimp/patch/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4
    
       Bump PKGREVISION to 2.
    
    ---
       Module Name:	pkgsrc
       Committed By:	he
       Date:		Thu May 22 12:02:19 UTC 2014
    
       Modified Files:
       	pkgsrc/graphics/gimp: distinfo
    
       Log Message:
       Uh-oh, forgot to update distinfo with new patch checksum.
  3. Pullup ticket #4415.

    tron
    tron committed May 22, 2014
  4. Pullup ticket #4415 - requested by wen

    tron
    tron committed May 22, 2014
    www/moodle: security update
    
    Revisions pulled up:
    - www/moodle/Makefile                                           1.27
    - www/moodle/distinfo                                           1.19
    
    ---
       Module Name:    pkgsrc
       Committed By:   wen
       Date:           Thu May 22 00:58:07 UTC 2014
    
       Modified Files:
               pkgsrc/www/moodle: Makefile distinfo
    
       Log Message:
       Update to 2.5.6
    
       Upstream changes:
       Moodle 2.5.6 release notes
       Release date: 12 May, 2014
    
       Here is the full list of fixed issues in 2.5.6.
    
       Functional changes
       MDL-43985 - Checkbox added to control sending of feedback when grading
       Assignment (backport of MDL-33600)
       Security issues
       MSA-14-0014 Cross-site request forgery possible in Assignment
       MSA-14-0015 Web service token expiry issue for MoodleMobile
       MSA-14-0016 Anonymous student identity revealed in Assignment
       MSA-14-0017 File access issue in HTML block
       MSA-14-0019 Reflected XSS in URL downloader repository
       Fixes and improvements
       MDL-45119 - When student opens assignment feedback PDF no error
       messages are shown
       MDL-41551 - Block drag-drop fixed for Clean theme on My Home page
       MDL-44936 - CSS chunking is now more reliable on IE
       MDL-45154 - Warnings and errors in user profile page fixed
       MDL-43721 - Poor performance on Assignment grading page fixed
Commits on May 21, 2014
  1. Pullup ticket #4414.

    tron
    tron committed May 21, 2014
  2. Pullup ticket #4414 - requested by he

    tron
    tron committed May 21, 2014
    textproc/libxml2: security patch
    
    Revisions pulled up:
    - textproc/libxml2/Makefile                                     1.129
    - textproc/libxml2/distinfo                                     1.103
    - textproc/libxml2/patches/patch-parser.c                       1.1
    
    ---
       Module Name:	pkgsrc
       Committed By:	spz
       Date:		Sat May 10 22:45:42 UTC 2014
    
       Modified Files:
       	pkgsrc/textproc/libxml2: Makefile distinfo
       Added Files:
       	pkgsrc/textproc/libxml2/patches: patch-parser.c
    
       Log Message:
       add a patch for CVE-2014-0191 aka http://secunia.com/advisories/58018/
       from https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df