CVS commit: [pkgsrc-2009Q3] pkgsrc/www/typo3

[Matthias Scheler <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Fri Oct 23 10:17:07 UTC 2009

Modified Files:
        pkgsrc/www/typo3 [pkgsrc-2009Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #2920 - requested by taca
typo3: security update

Revisions pulled up:
- www/typo3/Makefile                    1.16
- www/typo3/PLIST                       1.8
- www/typo3/distinfo                    1.10
---
Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Oct 22 14:53:09 UTC 2009

Modified Files:
        pkgsrc/www/typo3: Makefile PLIST distinfo

Log Message:
Update www/typo3 package to 4.2.10.  It fixes multiple security issues
found in TYPO3 core.

      http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

2009-10-22  Oliver Hader  <oliver%typo3.org@localhost>

        * Release of TYPO3 4.2.10

2009-10-22  Ernesto Baschny <ernst%cron-it.de@localhost>

        * Security Issue #11664: Updated RemoveXSS code to the latest knowledge 
in this area (thanks to Jigal van Hemert)
        * Fixed bug #11586: Potential SQL injection in frontend editing (thanks 
to Oliver Klee)
        * Fixed bug #12309: It was possible to gain access to the Install Tool 
by only knowing the md5 hash of the password.
        * Fixed bug #12310: Encryption key can be recalculated when using 
normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
        * Fixed bug #12090: Filenames should be escaped with escapeshellarg 
before passing them to imagemagick (thanks to Oliver Klee)
        * Fixed bug #12303: XSS vulnerability due to not proper sanitizing in 
function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
        * Fixed bug #12304: Frame inclusion in the backend through 
alt_mod_frameset (thanks to Oliver Klee)
        * Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter 
(thanks to Oliver Klee)
        * Fixed bug #12306: XSS vulnerability in module dispatcher
        * Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver 
Klee)
        * Fixed bug #12308: XSS vulnerability in "DB > Full search" 
functionality
        * Fixed bug #10501: XSS vulnerability in the install tool (thanks to 
Oliver Klee)

2009-10-21  Rupert Germann  <rupi%gmx.li@localhost>

        * Fixed bug #12280: Error Message while creating empty Folders (thanks 
to Daniel Schmitzer)
        * Fixed bug #12300 (Follow-up to 11995): Output compression breaks 
prompt for keyboard input in CLI scripts

2009-10-21  Steffen Kamper  <info%sk-typo3.de@localhost>

        * Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan 
Osipov)

2009-10-15  Rupert Germann  <rupi%gmx.li@localhost>

        * Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db 
in functions which depend on an existing resultset (thanks to Felix Oertel)

2009-10-11  Rupert Germann  <rupi%gmx.li@localhost>

        * Fixed bug #10971: Fatal error in impexp module: Call to a member 
function includeLLFile() on a non-object (thanks to Andre Steiling)

2009-10-10  Rupert Germann  <rupi%gmx.li@localhost>

        * Fixed bug #12129 (follow-up to bug #11986): Translation update broken 
with activated output compression (thanks to Steffen Gebert)

2009-09-29  Oliver Hader  <oliver%typo3.org@localhost>

        * Fixed bug #11433: touch(): Utime failed in install tool (thanks to 
Steffen Gebert)


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.15.2.1 pkgsrc/www/typo3/Makefile
cvs rdiff -u -r1.7 -r1.7.4.1 pkgsrc/www/typo3/PLIST
cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/www/typo3/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.