| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
pkgsrc/www/typo3 security fix
Revisions pulled up:
- pkgsrc/www/typo3/Makefile 1.27
- pkgsrc/www/typo3/PLIST 1.16
- pkgsrc/www/typo3/distinfo 1.20
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu Dec 16 15:35:34 UTC 2010
Modified Files:
pkgsrc/www/typo3: Makefile PLIST distinfo
Log Message:
Update typo3 package to 4.4.5.
Quote from http://wiki.typo3.org/wiki/TYPO3_4.4.5, prease refer the
page for more detail.
Due to several security issues found in the TYPO3 Core, there was a combined
release of TYPO3 4.2.16, 4.3.9 and 4.4.5.
Find more details in the security bulletin:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/
|
|
Dear TYPO3 community,
The TYPO3 core team has just released TYPO3 versions 4.2.15,
4.3.7 and 4.4.4, which are now ready for you to download. All versions
are maintenance releases and contain bugfixes and security fixes.
IMPORTANT:
These versions include important security fixes to the TYPO3 core. A
security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
|
|
This release is a bugfix release only.
Please refer Changelog in http://wiki.typo3.org/wiki/TYPO3_4.4.3 in detail.
|
|
2010-08-06 Benjamin Mack <benni@typo3.org>
* Release of TYPO3 4.4.2
2010-08-05 Stanislas Rolland <typo3@sjbr.ca>
* Fixed bug #15355: htmlArea RTE: Using the advanded frontend editing,
the editor is not loaded in the text tab
2010-08-05 Steffen Kamper <steffen@typo3.org>
* Fixed bug #12646: Click on icon does not open/close sections
2010-08-05 Steffen Gebert <steffen@steffen-gebert.de>
* Fixed bug #14773: Styling issue when selecting position of new
created page
2010-08-05 Oliver Hader <oliver@typo3.org>
* Fixed bug #15343: dbClientCompress crashes with pconnect
* Fixed bug #15280: felogin redirect doesn't work anymore after
update to latest releases (4.2x - 4.4.x) (thanks to Helmut Hummel)
* Fixed bug #15282: It is impossible to set links to files any more
with the link wizard
* Fixed bug #15336: sys_actions shows wrong error if an "Record List"
action is not propertly configured (thanks to Stefan Galinski)
2010-08-03 Susanne Moog <typo3@susanne-moog.de>
* Fixed bug #15313: Link to deprecation logfile doesn't work in
installations inside a subdirectory (thanks to Stefan Galinski)
2010-08-03 Oliver Hader <oliver@typo3.org>
* Fixed bug #15265: InstallTool-login not possible after Update to
4.4.1 due to session_start() in extensions (thanks to Ernesto
Baschny and Helmut Hummel)
2010-08-02 Oliver Hader <oliver@typo3.org>
* Fixed bug #15289: Element-Browser page tree has HSC'ed <span> elements
2010-08-01 Oliver Hader <oliver@typo3.org>
* Fixed bug #15321: Unused variable $warningItems in tx_install
(thanks to Markus Klein)
2010-08-01 Susanne Moog <typo3@susanne-moog.de>
* Fixed bug #15292: Fatal error in DB browser because of wrong sprite
API usage (thanks to Alexandre Gravel-Raymond)
2010-07-30 Steffen Kamper <steffen@typo3.org>
* Follow-up to bug #15188: Remove default greyed out effect for CEs
(Thanks to Steffen Gebert)
* Fixed bug #15295: Page treeFilter not re-applied after branch
toggling (Thanks to Felix Kopp)
2010-07-29 Dmitry Dulepov <dmitry@typo3.org>
* Fixed bug #13427: t3lib_div::cleanOutputBuffers() might loop forever
(thanks to Stephan Seitz and Steffen Gebert)
|
|
Due to several security issues found in the TYPO3 Core, there was a
combined release of TYPO3 4.1.14, 4.2.14, 4.3.4 and 4.4.1.
Find more details in the security bulletin:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/
For full change please refer:
http://wiki.typo3.org/index.php/TYPO3_4.4.1#Changelog
|
|
o The New Introduction Package
o Fresh and Improved Backend
o Easier Installation than Ever
o Revised and Faster Rich Text Editor
And more, please refer release note.
http://typo3.org/download/release-notes/typo3-44/
|
|
I coudn't access release note with the URL in release announce but
I could with http://wiki.typo3.org/index.php/TYPO3_4.3.3 at this
moment.
Quote from release announce:
TYPO3 version 4.3.3 is ready for download. It is a maintenance release
of version 4.3 and therefore contains only bugfixes and security fixes.
IMPORTANT: This version includes an important security fix
to the TYPO3 core. A security announcement has just been
released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/
For details about the release, see:
http://wiki.typo3.org/TYPO3_4.3.3
|
|
and no need to specify PHP_VERSIONS_ACCEPTED explicitly now.
No functional change.
|
|
ChangeLog file.
Also switch DESTDIR support to user-destdir.
the TYPO3 core team has just released the TYPO3 versions 4.3.2 and
4.2.12, which are now ready for you to download. All versions are
maintenance releases and contain bugfixes and security fixes.
IMPORTANT:
These versions include important security fixes to the TYPO3 core. A
security announcement has just been released:
https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/
For details about the release, see:
http://wiki.typo3.org/index.php/TYPO3_4.3.2
http://wiki.typo3.org/index.php/TYPO3_4.2.12
|
|
he TYPO3 core team has just released TYPO3 version 4.3.1, which is now
ready for you to download. It is a maintenance release of the current
stable branch 4.3 and contains bugfixes and security fixes.
IMPORTANT: This version includes important security fixes to the TYPO3
core. A security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
For details about the release, see:
http://wiki.typo3.org/index.php/TYPO3_4.3.1
|
|
Please refer the release note:
https://typo3.org/download/release-notes/typo3-43/
|
|
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
|
|
It is bug fix release and this is a leaf package.
2009-09-28 Ingmar Schlecht <ingmar@typo3.org>
* Release of TYPO3 4.2.9
2009-09-20 Francois Suter <francois@typo3.org>
* Fixed bug #11995: Prompt for keyboard input does not get displayed in CLI scripts
* Fixed bug #11224: Special menu directory only renders 1st level if special.value is a mount point (Thanks to Xavier Perseguers)
2009-09-19 Rupert Germann <rupi@gmx.li>
* Fixed bug #11986: dynamic update of translation status im EM is broken
2009-09-17 Rupert Germann <rupi@gmx.li>
* Fixed bug #9270: Editors canĀ“t undelete records in history (thanks to Christian Hernmarck)
2009-09-15 Stanislas Rolland <typo3@sjbr.ca>
* Fixed bug #11915: htmlArea RTE: superfluous span tags in content after server-based cleaning on paste operation
* Updated htmlArea RTE version to 1.7.12 (branch TYPO3_4-2)
* Follow-up to bug #11946: htmlArea RTE: reference was made to context menu item after context menu was closed
2009-09-13 Stanislas Rolland <typo3@sjbr.ca>
* Fixed bug #11847: htmlArea RTE displays empty editing area in Opera 10
* Fixed bug #11946: htmlArea RTE: table properties editing dialogue windows loose focus after opening in IE8
2009-09-01 Oliver Hader <oliver@typo3.org>
* Fixed bug #11845: Typo in a CLI error mesage: suue -> sure (thanks to Oliver Klee)
2009-08-26 Michael Stucki <michael@typo3.org>
* Fixed bug #11731: ENABLE_INSTALL_TOOL file check in yellow box does not check the file age (thanks to Moreno Feltscher)
2009-08-19 Michael Stucki <michael@typo3.org>
* Fixed bug #11716: Install Tool always sets TYPO3_CONF_VARS[FE][disableNoCacheParameter] upon save
2009-08-14 Michael Stucki <michael@typo3.org>
* Fixed bug #8968: DBAL incompatible SQL in "impexp" extension (thanks to Marc Bastian Heinrichs)
2009-08-12 Michael Stucki <michael@typo3.org>
* Follow-up to bug #11513: Shorten one ident field which is known to be too long (solved the issue on those setups where the DB is not updated)
* Fixed bug #11513: cache_hash table could not be filled because information field (ident) was too short (thanks to Ingo Schmitt)
2009-08-02 Oliver Hader <oliver@typo3.org>
* Fixed bug #10769: Wrong encoded email header (thanks to Ivan Kartolo)
2009-07-20 Ingo Renner <ingo@typo3.org>
* Fixed bug: #11006: Tooltip for page path in Page/List module is missing (thanks to Steffen Gebert)
2009-07-19 Oliver Hader <oliver@typo3.org>
* Fixed bug #6875: IRRE - Sorting of child records is inverted on moving parent record to different page (thanks to Nabil Saleh)
2009-07-09 Martin Kutschker <masi@typo3.org>
* Fixed bug: same error message is used twice for different errors
2009-07-08 Oliver Hader <oliver@typo3.org>
* Fixed bug #11412: Using typolinkLinkAccessRestrictedPages does not take different domain names into account
|
|
From release announce.
-----------------------------------------------------------------------
Dear TYPO3 users,
we are announcing the release of the following TYPO3 updates:
- TYPO3 4.2.8
- TYPO3 4.1.12
- TYPO3 4.0.13
All versions are maintenance releases and contain only bugfixes
and minor security improvements (no critical fixes of vulnerabilities).
Notice: Due to a bug which was reported to us short after the release of
TYPO3 versions 4.1.11 and 4.2.7, we stopped the release of the
announcement and prepared new versions that fix this (minor) issue.
TYPO3 4.0.13 which was already released yesterday was not affected by
this bug.
For details about the release, visit the following websites:
http://wiki.typo3.org/TYPO3_4.2.8
http://wiki.typo3.org/TYPO3_4.1.12
http://wiki.typo3.org/TYPO3_4.0.13
|
|
|
|
|
|
Quote from release announce is here and see ChangeLog for detail.
All versions are maintenance releases and contain bugfixes
and security fixes.
IMPORTANT: These versions include an important security fix
to the TYPO3 core. A security announcement has just been
released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
|
|
All versions are maintenance releases and contain only bugfixes.
IMPORTANT: These versions contain important fixes of regressions from
the earlier versions released 20 January 2009, but they do not contain
additional security fixes.
ChangeLog:
2009-01-24 Ingmar Schlecht <ingmar@typo3.org>
* Release of TYPO3 4.2.5
2009-01-24 Ingmar Schlecht <ingmar@typo3.org>
* Fixed bug #10205: DB session record is only created when user is authenticated (thanks also to Michael Stucki)
2009-01-20 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #9345: Bug: CSV export includes _CLIPBOARD_ in header row (thanks to Christian Kuhn)
|
|
This update contains security fixes and please refer ChangeLog file
for full changes.
1. System extension Install tool (install)
Insecure Randomness
2. Authentication library
Broken Authentication and Session Management
3. System extension Indexed Search Engine (indexed_search)
Cross-Site Scripting, Remote Command Execution
4. System extension ADOdb (adodb)
Cross-Site Scripting
5. Workspace module
Cross-Site Scripting
After update, you will need to create a new encryption key.
(1) Upgrade to the new TYPO3 version.
(2) Clear the configuration cache
(3) Open the install tool and choose menu 1 ("Basic Configuration").
(4) Scroll to the bottom of the page and click on the button
"Generate random key".
(5) Submit the form by clicking on "Update localconf.php".
(6) Clear the configuration and page cache again.
|
|
|
|
Initially it was simply bug fix release and please refer the URL for
full changes: http://wiki.typo3.org/TYPO3_4.2.3.
And now, it found out that two Cross Site Scripting (XSS) problem was
fixed by this release.
Regarding the issue in backend module "file": TYPO3 Security Bulletin
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/>
Regarding the issue in system extension "felogin": TYPO3 Security
Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/>
|
|
* News
This release is a bugfix release.
Full ChangeLog is too large to write here please refer:
http://wiki.typo3.org/index.php/TYPO3_4.2.2
|
|
Suggested by Volkmar Seifert on pkgsrc-users@.
Bump PKGREVISION.
|
|
* Enable DESTDIR support.
* Fix installing a none-existing file.
* Tweak default path for optional programs; GraphicMagick or ImageMagick.
* Remove files/directories at uninstall suitably.
Bump PKGREVISION.
|
|
* Allow depends on php-pgsql.
* Handle ${TYPO3DIR}/${SITEDIR}/typo3conf/localconf.php as configuration
file with CONF_FILES_PERMS.
* Install README file, very simple guide for set up.
Bump PKGREVISION.
|
|
* Proper replace command interpreter.
|
|
|
|
TYPO3 is a free Open Source content management system for enterprise
purposes on the web and in intranets. It offers full flexibility and
extendability while featuring an accomplished set of ready-made
interfaces, functions and modules.
|
