Package Changelog: typo3
apt-listchanges: Reading changelogs... apt-listchanges: Changelogs --------------------------- typo3-src (4.2.18~20110208svn-1) unstable; urgency=low * debian/typo3-src-4.2.links: - change link from /usr/share/javascript/prototype/prototype-1.6.0.js to /usr/share/javascript/prototype/prototype-1.6.js (fix debian lenny->squeeze upgrade) -- Juergen TretthahnTue, 08 Feb 2011 14:58:45 +0100 typo3-src (4.2.17~20101228svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #16760: RTE transformation removes all span tags on save after upgrade TYPO3 4.2.16 - Fixed bug #16825: Fatal error in lang.php (thanks to Georg Ringer) -- Juergen Tretthahn Tue, 28 Dec 2010 12:15:23 +0100 typo3-src (4.2.17~20101216svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Updating version number to 4.2.17-dev after release of 4.2.16 - Release of TYPO3 4.2.16 - Fixed bug #16593: It is possible to bypass 'verifyFilenameAgainstDenyPattern' - Fixed bug #16362: Directory traversal attack in em_unzip - Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack) - Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert) - Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES - Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca) - Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack) -- Juergen Tretthahn Thu, 16 Dec 2010 19:09:32 +0100 typo3-src (4.2.15+20101113svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #15456: Changes made by ColorPicker Wizard are not saved (Thanks to Tobias Hoevelborn) - Fixed bug #15503: Improve t3lib_userAuth::getCookie() (Thanks to Michael Bürgi) -- Juergen Tretthahn Sat, 13 Nov 2010 01:59:38 +0100 typo3-src (4.2.15+20101020svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #1318: 'removeTag' does not remove closing tags - Fixed bug #12376: typo3temp got filled with thousands of javascript_* files (Thanks to Georg Ringer) -- Juergen Tretthahn Wed, 20 Oct 2010 18:14:40 +0200 typo3-src (4.2.15+20101008svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Updating version number to 4.2.16-dev after release of 4.2.15 - Release of TYPO3 4.2.15 - Fixed bug #15898: It is (still) possible to download arbitrary files through the jumpurl feature (thanks to Helmut Hummel and Marcus Krause) - Fixed bug #15733: Admin Panel is susceptible to XSS (thanks to Helmut Hummel) - Fixed bug #15729: Sysext setup's user simulation is susceptible to XSS (thanks to Marcus Krause) - Fixed bug #15728: Extension Manager allows to download arbitrary files beyond PATH_site or rootpath (thanks to Marcus Krause) - Fixed bug #15461: RemoveXSS exposes XSS vulnerability for double encoded characters (thanks to Marcus Krause) - Fixed bug #13650: Information disclosure in sys_actions (DB mount, usergroups) (thanks to Georg Ringer) - Fixed bug #5983: Undefined variable is used in t3lib_BEfunc::exec_foreign_table_where_query - Fixed bug #15653: Only show upload comments that are newer than installed version in update function of EM - Fixed bug #8260: Update Wizard in install tool force temp-configuration files and load configuration twice - Fixed bug #3908: DisplayCond => VERSION:IS:false always returns true (Thanks to Daniel Poetzinger) - Cleaned up ChangeLog - Fixed bug #3819: t3lib_div::getIndpEnv('TYPO3_DOCUMENT_ROOT') delivers wrong value in Backend - Updating version number to 4.2.15-dev after release of 4.2.14 - Release of TYPO3 4.2.14 - Fixed bug #15282: It is impossible to set links to files any more with the link wizard - Fixed bug #15280: felogin redirect doesn't work anymore after update to latest releases (4.2x - 4.4.x) - Fixed bug #15265: InstallTool-login not possible after Update to 4.4.1 due to session_start() in extensions - Fixed bug #15289: Element-Browser page tree has HSC'ed elements - Updating version number to 4.2.14-dev after release of 4.2.13 - Release of TYPO3 4.2.13 - Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer and Marcus Krause) - Fixed bug #12294: Unchecked URL-Redirect parameter in Front-End logon (thanks to Steffen Kamper and Helmut Hummel) - Fixed bug #14114: Core mailform is open to spam abuse (thanks to Lars Houmark) - Fixed bug #14412: Field value added to foreign_table_where by replacing Xavier Perseguers) - Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann) - Fixed bug #1985: XSS vulnerability in wizard classes - Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny) - Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel) - Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack) - Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer) - Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel) - Fixed bug #12736: XSS in setup module (thanks to Georg Ringer) - Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny) - Fixed bug #14215: XSS in beuser (thanks to Georg Ringer) - Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer) - Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer) - Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer) - Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer) - Fixed bug #13961: XSS in impexp (thanks to Georg Ringer) - Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer) - Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig) - Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer) - Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers) - Fixed bug #14978: XSS in file tree (thanks to Georg Ringer) - Fixed bug #15179: Tree depth retrieval inconsistently limited to 20 levels int3lib_pageSelect - Fixed bug #8893: eval timesec sets seconds to zero (Thanks to Ralf Hettinger and Andy Grunwald) - Updated htmlArea RTE version to 1.7.16 - Fixed bug #14464: htmlArea RTE: Type of block accumulation if the block is manually selected in Safari - Fixed bug #5117: typolink: cHash corrupted due to linkVars -- Juergen Tretthahn Fri, 08 Oct 2010 14:00:59 +0200 typo3-src (4.2.12+20100602svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #13934: Side-effect of substr in t3lib_cs (thanks to Rens Admiraal) - Fixed bug #14388: TypoScript templates containing a "$1" become corrupted - Fixed bug #12923: Javascript error in tmenu_layers.php & gmenu_layers.php (Thanks to Klaus Goessl) - Fixed bug #14175: belog not shown / error when actions: error is selected (thanks to Philipp Thiele) - Fixed bug #14337: "The install tool is locked" doesn't send no-cache headers (thanks to Steffen Gebert) - Fixed bug #5003: prefixRelPath() incorrectly changes links to anchors (Thanks to Jigal van Hemert) - Fixed bug #13495: Workspace tiled Preview shows same version of Page - Fixed bug #12470: PHP-5.3 error: function define_syslog_variables() is deprecated (Thanks to Rupert Germann) - Fixed bug #14276: tceforms: Title of a record does not use API call to limit the character - Fixed bug #14026: Main module does not load different navFrames in submodules in dependency of navFrameScriptParam - Fixed bug #14207: Duplicate submodule URL in JavaScript - Cleanup: Fixed ChangeLog - Fixed Changelog - Fixed bug #14027: Tweak: Add "tiff" to imagefile_ext array -- Juergen Tretthahn Wed, 02 Jun 2010 03:33:50 +0200 typo3-src (4.2.12+20100412svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #14005: Moving a page with IRRE records misplaces IRRE records - Fixed bug #13959: Security precaution for extensions which use their own autoloader. Note: This is the same fix which has been committed to TYPO3 4.3 where it is marked as a security fix. However, versions prior to TYPO3 4.3 do not ship with an autoloader, so they are not affected by this problem unless an extension provides its own autoloader. - Updated htmlArea RTE version to 1.7.15 -- Juergen Tretthahn Mon, 12 Apr 2010 18:19:55 +0200 typo3-src (4.2.12+20100406svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #14003: "Check for extension updates" does not always find latest version -- Juergen Tretthahn Tue, 06 Apr 2010 14:15:42 +0200 typo3-src (4.2.12+20100330svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #1436: Meta tag output in indexed search result breaks layout - Fixed bug #12375: typo3temp got filled with thousands of EXTERNAL_URL* files - Fixed bug #11696: External files with Umlauts/special chars in filename are not indexed -- Juergen Tretthahn Tue, 30 Mar 2010 13:20:50 +0200 typo3-src (4.2.12+20100326svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Follow-up to #13554: Make the code in line with follow-up to #13739 - Follow-up to #13739: Make the clickmenu work again and also for the case when "Substitute Mount Point" is not set -- Juergen Tretthahn Fri, 26 Mar 2010 17:29:56 +0100 typo3-src (4.2.12+20100325svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #13901: GIFBULDER generates same picture twice (in typo3temp/GB) (thanks to Vladimir Podkovanov) -- Juergen Tretthahn Thu, 25 Mar 2010 16:38:16 +0100 typo3-src (4.2.12+20100319svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Follow-up to bug #13739: CGL false=>FALSE - Fixed bug #13739: "Show" clickmenu in page tree does not work for mount pages -- Juergen Tretthahn Fri, 19 Mar 2010 11:51:41 +0100 typo3-src (4.2.12+20100316svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Follow-up to #1104: fix 'required' validation for IRRE records -- Juergen Tretthahn Tue, 16 Mar 2010 11:10:15 +0100 typo3-src (4.2.12+20100315svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #13283: Thumbnail generation broken for PDF files -- Juergen Tretthahn Mon, 15 Mar 2010 15:56:40 +0100 typo3-src (4.2.12+20100312svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #9218: htmlArea RTE: "Remove format" messes up some inline formats -- Juergen Tretthahn Fri, 12 Mar 2010 11:12:24 +0100 typo3-src (4.2.12+20100308svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #1104: Setting file fields in TCA to "required" makes it impossible to save the record - Fixed bug #13057: htmlArea RTE sometimes deletes contents - Fixed bug #13554: Web>View on mount pages via backend (thanks to Georg Ringer) -- Juergen Tretthahn Mon, 08 Mar 2010 11:00:09 +0100 typo3-src (4.2.12+20100227svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #8191: IRRE - Storing data crashes somehow with MM tables - Follow-up to #13470: split() is deprecated, using t3lib_div::trimExplode instead - Follow-up to bug #13470: duplicated function getCookie commited by mistake - Fixed bug #13470: Session/Login not working in IE8 across subdomains - Fixed bug #13258: Make TYPO3 v4.2 work again with PHP 5.1 (was broke since the case since 4.2.11) - Fixed bug #13637: [EM] Upload to TER is broken - Updating version number to 4.2.13-dev after release of 4.2.12 - Release of TYPO3 4.2.12 - Fixed bug #12630: XSS in filelist module - Fixed bug #13558: XSS in t3lib_querygenerator - Fixed bug #12634: XSS in the access module - Fixed bug #12628: XSS in sysext sys_action - Fixed bug #11620: XSS vulnerability in task center module - Fixed bug #11621: XSS vulnerabilities in workspace module - Fixed bug #13249: XSS in TS Object Browser - Fixed bug #11617: XSS in template module - Fixed bug #13042: XSS in index.php - Fixed bug #13394: Information disclosure in sysext:sys_actions - Fixed bug #12958: Catchable fatal error in indexed_search - Fixed bug #13406: thumbs.php: Thumbnails for images with transparent background look ugly (Thanks to Andreas Wolf and Steffen Ritter) - Backported changeset 6927 from trunk: Fixed bug #12220 -- Juergen Tretthahn Sat, 27 Feb 2010 16:30:16 +0100 typo3-src (4.2.11+20100203svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Backported changeset 6833 from trunk: Fixed bug #13388 0013388: Missing : in locallangs (DB & File mounts) - Backported changeset 6787 from trunk: Fixed bug #12553 0012553: Text "A simple table with up to 8 columns." is wrong, there are really more than 8 cols possible -- Juergen Tretthahn Wed, 03 Feb 2010 13:56:04 +0100 typo3-src (4.2.11+20100121svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed #11089: Fixing the built-in shopping basket (Thanks to Mathias Schreiber) - Backported changeset 6783 from trunk: Fixed bug #13255 - Cleanup: Fixed ChangeLog - Updating version number to 4.2.12-dev after release of 4.2.11 - Release of TYPO3 4.2.11 - Fixed bug #11968: Sporadic random Backend Logoffs / Add X-UA-Compatible flag (Thanks to Steffen Gebert) - Fixed bug #12507: (Un)Install icon points to wrong extension in Opera (Thanks to Steffen Gebert) - Updated htmlArea RTE version to 1.7.14 - Updated RTE htmlArea version to 1.7.14 -- Juergen Tretthahn Thu, 21 Jan 2010 13:25:23 +0100 typo3-src (4.2.11~20100105svn-2) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12341: Image generation broken with PHPs safe_mode activated and GraphicsMagick (Thanks to Marcus Krause, Helmut Hummel and Bernhard Kraft) -- Juergen Tretthahn Tue, 05 Jan 2010 15:29:18 +0100 typo3-src (4.2.11~20100105svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12506: JSMENU does not respect mount point overlays (Thanks to Joerg Wagner) -- Juergen Tretthahn Tue, 05 Jan 2010 12:27:17 +0100 typo3-src (4.2.11~20100104svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #5260: Function linkWrapFile() in file class.file_list.inc uses wrong PATH prefix - Fixed bug #12505: JSMENU's showActive is broken (Thanks to Joerg Wagner) - Fixed bug #13064: Deprecated function spliti for PHP5.3 -- Juergen Tretthahn Mon, 04 Jan 2010 12:10:02 +0100 typo3-src (4.2.11~20091214svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12072: Permanent login checkbox is not shown as expected - Fixed bug #13021: Mistyping prevents the CSV-export of the _PATH_field in List-View (thanks to Mathias Gisch) - Fixed bug #12782: htmlArea RTE: Editing a link title or target with Firefox 3 sometimes simply unlinks the link -- Juergen Tretthahn Mon, 14 Dec 2009 12:20:18 +0100 typo3-src (4.2.11~20091201svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12467: TYPO3 Inline User Manual is broken -- Package Maintainer Name Tue, 01 Dec 2009 13:15:04 +0100 typo3-src (4.2.11~20091125svn-2) unstable; urgency=low * new version (import upstream changes) * Includes: - Follow-up to bugfix #12581: Use FILTER_FLAG_SCHEME_REQUIRED constant in t3lib_div::isValidUrl() -- Juergen Tretthahn Wed, 25 Nov 2009 16:13:43 +0100 typo3-src (4.2.11~20091125svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12581: Pagetree frame shows HTTP 404 error -- Juergen Tretthahn Wed, 25 Nov 2009 12:19:10 +0100 typo3-src (4.2.11~20091123svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12500: Object does not support method calls - PHP 5.3 - Fixed bug #12684: htmlArea RTE: Repeated character / backspacing is slow in Firefox -- Juergen Tretthahn Mon, 23 Nov 2009 14:50:20 +0100 typo3-src (4.2.11~20091120svn-2) unstable; urgency=low * new version (import upstream changes) -- Juergen Tretthahn Fri, 20 Nov 2009 12:04:07 +0100 typo3-src (4.2.11~20091120svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #12677: htmlArea RTE: Incorrect cursor position after backspace/delete in Firefox -- Juergen Tretthahn Fri, 20 Nov 2009 11:53:22 +0100 typo3-src (4.2.11~20091118svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: -Fixed bug #11937: Do not show E_DEPRECATED messages on productive systems -Fixed bug #12622: htmlArea RTE: Incorrect behaviour of last item of list in gecko browsers -Updated htmlArea RTE version to 1.7.13 -Fixed bug #11362: htmlArea RTE: Cursor may not be put in list elements newly created in front of links -Fixed bug #12421: htmlArea RTE: Paste is erratic in Opera 10 when server-based cleaning is enabled -Fixed bug #12597: htmlArea RTE: cursor position is not restored by undo/redo operations in Opera -Follow-up to bugfix #12324: Renamed sanitizeBackEndUrl() to sanitizeLocalUrl() in t3lib_div -Fixed bug #12324: Page tree will not be shown in the TYPO3 backend -Fixed bug #12568: htmlArea RTE: Text pasted by Safari is wrapped in span or font tags -Fixed bug #12566: htmlArea RTE: Selecting element from status bar does not work in Safari -Fixed bug #12115: htmlArea RTE "Create link" button doesn't become clickable when using keyboard to select text in Safari/Chrome -Fixed bug #12534: htmlArea RTE: list creation looses text in Safari -Follow-up to #11847: htmlArea RTE displays empty editing area in Opera 10 -Fixed bug #12481: AllowClipboard Helper Firefox extension does not work with FF 3.5 -- Juergen Tretthahn Wed, 18 Nov 2009 11:28:55 +0100 typo3-src (4.2.11~20091105svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11876 and #12342: stripSlashesOnArray creates references where you want copies (in some PHP versions). Affects usage of _GP (e.g. in the Install Tool and some frontend extensions). - Fixed bug #9513: t3editor bad line numbering - Fixed bug #12331: htmlArea RTE plugins may not be loaded for multiple RTEs - Fixed bug #12371: Warning issued on first load of install tool with open_basedir set - Fixed bug #9795: Default values have no labels in the multiple select control inside the flexform -- Juergen Tretthahn Thu, 05 Nov 2009 13:42:09 +0100 typo3-src (4.2.11~20091023svn-1) unstable; urgency=low * new version (import upstream changes) -- Juergen Tretthahn Fri, 23 Oct 2009 18:14:52 +0200 typo3-src (4.2.9+20091001svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11433: touch(): Utime failed in install tool -- Juergen Tretthahn Thu, 01 Oct 2009 14:50:45 +0200 typo3-src (4.2.8+20090924svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11224: Special menu directory only renders 1st level if special.value is a mount point - Fixed bug #11995: Prompt for keyboard input does not get displayed in CLI scripts - Fixed bug #11986: dynamic update of translation status im EM is broken - Fixed bug #9270: Editors can´t undelete records in history (thanks to Christian Hernmarck) - Follow-up to bug #11946: htmlArea RTE: reference was made to context menu item after context menu was closed - Fixed bug #11915: htmlArea RTE: superfluous span tags in content after server-based cleaning on paste operation - Fixed bug #11946: htmlArea RTE: table properties editing dialogue windows loose focus after opening in IE8 - Fixed bug #11847: htmlArea RTE displays empty editing area in Opera 10 - Fixed bug #11845: Typo in a CLI error mesage: suue -> sure - reverted changes from rev 5834 - Fixed bug #11803: sysext opendocs is shy (thanks to Steffen Gebert) -- Juergen Tretthahn Thu, 24 Sep 2009 12:03:55 +0200 typo3-src (4.2.8+20090827svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11731: ENABLE_INSTALL_TOOL file check in yellow box does not check the file age (thanks to Moreno Feltscher) -- Juergen Tretthahn Thu, 27 Aug 2009 14:30:45 +0200 typo3-src (4.2.8+20090819svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11716: Install Tool always sets TYPO3_CONF_VARS[FE][disableNoCacheParameter] upon save -- Juergen Tretthahn Wed, 19 Aug 2009 19:17:35 +0200 typo3-src (4.2.8+20090818svn-1) unstable; urgency=low * now really import the changes mentioned in version 4.2.8+20090812svn-1 -- Juergen Tretthahn Tue, 18 Aug 2009 21:09:52 +0200 typo3-src (4.2.8+20090812svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11513: cache_hash table could not be filled because information field (ident) was too short (thanks to Ingo Schmitt) - Follow-up to bug #11513: Shorten one ident field which is known to be too long (solved the issue on those setups where the DB is not updated) -- Juergen Tretthahn Wed, 12 Aug 2009 13:27:02 +0200 typo3-src (4.2.8+20090804svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #10769: Wrong encoded email header -- Juergen Tretthahn Tue, 04 Aug 2009 17:25:44 +0200 typo3-src (4.2.8+20090723svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug: #11006: Tooltip for page path in Page/List module is missing - Fixed bug #6875: IRRE - Sorting of child records is inverted on moving parent record to different page -- Juergen Tretthahn Thu, 23 Jul 2009 12:52:23 +0200 typo3-src (4.2.8+20090714svn-1) unstable; urgency=low * new version (import upstream changes) * Includes: - Fixed bug #11412: Using typolinkLinkAccessRestrictedPages does not take different domain names into account - same error message is used twice for different errors -- Juergen Tretthahn Tue, 14 Jul 2009 16:39:53 +0200 typo3-src (4.2.8+20090704svn-1) unstable; urgency=low * New upstream release. * This package was downloaded from the TYPO3_4-2 branch of typo3 svn repository * debian/rules: - remove RELEASE_NOTES.txt and README.txt from dh_installdocs -- Juergen Tretthahn Sat, 04 Jul 2009 03:22:59 +0200 typo3-src (4.2.6-1) unstable; urgency=high * New upstream release. - fixes TYPO3 Security Bulletin TYPO3-SA-2009-002: Information disclosure and XSS vulnerabilities in TYPO3 (Closes: 514713) -- Christian Welzel Mon, 10 Feb 2009 12:00:00 +0100 typo3-src (4.2.5-1) unstable; urgency=medium * New upstream release. - fixes a serious bug in session handling with not logged in FE-Users. -- Christian Welzel Mon, 26 Jan 2009 20:00:00 +0100 typo3-src (4.2.4-1) unstable; urgency=high * New upstream release. - fixes TYPO3 Security Bulletin TYPO3-SA-2009-001: Multiple vulnerabilities in TYPO3 Core (Closes: 512608) * Updated package description. * Updated copyright file to list the license of two icons. -- Christian Welzel Thu, 22 Jan 2009 12:00:00 +0100 typo3-src (4.2.3-1) unstable; urgency=high * New upstream release. - fixes XSS vulnerability in Typo3 backendmodul "fileadmin" (Closes: 505324) - fixes XSS vulnerability in Typo3 sysext "felogin" (Closes: 505325) - fixes the passwords are not changeable bug in the backend (Closes: 505326) * added dependency on libjs-scriptaculous -- Christian Welzel Tue, 11 Nov 2008 20:00:00 +0100 typo3-src (4.2.2-1) unstable; urgency=low * New upstream release. -- Christian Welzel Wed, 25 Jun 2008 20:00:00 +0100 typo3-src (4.2.1-3) unstable; urgency=low * Fixed versioned dependency on libjs-prototype -- Christian Welzel Wed, 25 Jun 2008 20:00:00 +0100 typo3-src (4.2.1-2) unstable; urgency=low * Moved libjs-prototype from Recommends-field do Depends-field. -- Christian Welzel Sun, 22 Jun 2008 11:00:00 +0100 typo3-src (4.2.1-1) unstable; urgency=low * New upstream release. - Support for php4 has been dropped. * cleaned typo3.README.Debian and typo3-src-4.2.README.Debian * some fixes to debian/rules * Depend on libjs-prototype for prototype.js (Closes: 475282) * Raised stardards version to 3.8.0 -- Christian Welzel Fri, 20 Jun 2008 22:00:00 +0100 typo3-src (4.1.7-1) unstable; urgency=high [ Christian Welzel ] * New upstream release - fixes TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core (Closes: #485814) [ Holger Levsen ] * Change recommends from gs to ghostscript. * Remove obsolete overrides for linda, which is obsolete itself. * Fix spelling error in description. -- Christian Welzel Wed, 11 Jun 2008 15:00:00 +0100 typo3-src (4.1.6-1) unstable; urgency=low * New upstream release. * Dependency changed from ttf-bitstream-vera to ttf-dejavu (Closes: 461294) -- Christian Welzel Sun, 09 Mar 2008 10:00:00 +0100 typo3-src (4.1.5-1) unstable; urgency=medium * New upstream release (Closes: 454265). -- Christian Welzel Fri, 14 Dec 2007 20:00:00 +0100 typo3-src (4.1.4-1) unstable; urgency=low * New upstream release. - Fixes a low-severity SQL injection in the modfunc2 of indexed_search * t3lib/fonts/readme.txt is now patched by dpatch. * nimbus.sfd.gz added to debian diff (perl encoded). * copying of linda overides slightly changed. * added watch file. * unreleased. -- Christian Welzel Thu, 13 Dec 2007 21:00:00 +0100 typo3-src (4.1.2+debian-1) unstable; urgency=low * New upstream release. - Several improvements to avoid security issues by 3rd party extensions. * Added linda overrides. * Fixed some whitespaces in t3lib/fonts/readme.txt. -- Christian Welzel Wed, 18 Jul 2007 14:00:00 +0100 typo3-src (4.1.1+debian-1) unstable; urgency=low * New upstream release. - Fixes problem with rtehtmlarea and Mozilla Firefox 2.0.0.3 -- Christian Welzel Wed, 04 Apr 2007 14:00:00 +0100 typo3-src (4.1.0+debian-1) unstable; urgency=low * New upstream release. -- Christian Welzel Tue, 20 Mar 2007 09:00:00 +0100 typo3-src (4.0.5+debian-1) unstable; urgency=low * New upstream release. - Fixes "TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection" * Removed t3lib_div-PHP52.dpatch (now integrated by upstream) * Fixed typo and added note to typo3.README.Debian (Closes: 405577) -- Christian Welzel Thu, 22 Feb 2007 21:00:00 +0100 typo3-src (4.0.4+debian-2) unstable; urgency=low * Added t3lib_div-PHP52.dpatch to fix crash of PHP 5.2.0 -- Christian Welzel Fri, 22 Dec 2006 12:00:00 +0100 typo3-src (4.0.4+debian-1) unstable; urgency=high * New upstream release. - Fixed security problem in rtehtmlarea extension. (Closes: 403906) -- Christian Welzel Sat, 20 Dec 2006 23:35:41 +0100 typo3-src (4.0.3+debian-1) unstable; urgency=low * New upstream release. * added some comments on memory usage and further help to README.Debian. (Closes: 403114) * Changed ownership of /usr/share/typo3/typo3_src-4.0 to root:www-data. * Dropped depend on imagemagick. Use graphicsmagick (better results). -- Christian Welzel Sat, 16 Dec 2006 23:05:41 +0100 typo3-src (4.0.2+debian-1) unstable; urgency=low * Depend on ttf-bitstream-vera for vera.ttf (Closes: 374141) * Repackaged source.tgz to include source and license of nimbus.ttf. (Closes: 374137) * Removed the creation of "latest"-link; typo3-dummy has hardcoded sourcedir. -- Christian Welzel Mon, 24 Nov 2006 12:37:00 +0200 typo3-src (4.0.2-3) unstable; urgency=low * Do not depend on gs. This violate the policy. Recommend it. * Removed suggestion of typo3-site-installer. * Changed recommendation of mysql-server-4.1 to mysql-server. * Changed recommendation of graphicsmagick-im-compat | imagemagick to graphicsmagick | graphicsmagick-imagemagick-compat | imagemagick -- Christian Welzel Mon, 23 Nov 2006 19:37:00 +0200 typo3-src (4.0.2-2) unstable; urgency=low * Do not depend on php-mysql. Recommendation is enough. * moved phpX-cgi to Depends as another alternative (Typo3 and PHP in fcgid) * added phpX-xcache to Recommends -- Christian Welzel Mon, 21 Oct 2006 19:37:00 +0200 typo3-src (4.0.2-1) unstable; urgency=low * New maintainer (Closes: #388766). * New upstream release (Closes: #341709): - fixed by upstream: Remote command execution, arbitrary file viewing [CVE-2006-0327] (Closes: #364351). - fixed by upstream: Mail forms can be used to send spam (Closes: #364350). * removed recommendation of eaccelerator (Closes: #377821). * removed dep on non existing ooo_extract (Closes: #310776). * added alternative dep on php-cgi (Closes: #311277). * added alternative dep on php5 (Closes: #366533). -- Christian Welzel Mon, 18 Sep 2006 12:37:00 +0200 typo3-src (3.7.0-8) unstable; urgency=low * debian/control: depend on MySQL > 4.0.18 to allow the usage of the versioning extension -- Christian Leutloff Wed, 11 May 2005 18:07:56 +0200 typo3-src (3.7.0-7) unstable; urgency=low * debian/typo3.README.Debian: started new section with common pitfalls -- Christian Leutloff Mon, 9 May 2005 09:56:37 +0200 typo3-src (3.7.0-7) unstable; urgency=low * debian/control: modified dependencies according to Michael Stucki * debian/typo3.README.Debian: mention packages source for eaccelerator and graphicsmagick -- Christian Leutloff Fri, 6 May 2005 14:57:06 +0200 typo3-src (3.7.0-6) unstable; urgency=low * debian/typo3-src-3.7.prerm: can not remove the symlink maintained by this package * debian/typo3-src-3.7.postinst: reworked * debian/typo3-src-3.7.README.Debian: updated to version 3.7 -- Christian Leutloff Wed, 4 May 2005 21:48:04 +0200 typo3-src (3.7.0-5) unstable; urgency=low * debian/control: added dependency to libapache2-mod-php4 | libapache-mod-php4 (thanks to Thomas Barth) * typo3.README.Debian: clarified some points -- Christian Leutloff Wed, 4 May 2005 16:25:52 +0200 typo3-src (3.7.0-4) unstable; urgency=low * control: added depned on postfix as an alternative to exim * added TODO file * typo3.README.Debian: concentrated now all the TYPO3 specific remarks in this single file and added references in the READMEs of the other packages * renamed packages from typo3-db-dummy to typo3-dummy -- Christian Leutloff Wed, 4 May 2005 07:45:12 +0200 typo3-src (3.7.0-3) unstable; urgency=low * typo3.README.Debian: more improvements through doing a step by step validation -- Christian Leutloff Fri, 22 Apr 2005 18:40:27 +0200 typo3-src (3.7.0-2) unstable; urgency=low * polish package documention in typo3 -- Christian Leutloff Mon, 11 Apr 2005 19:18:00 +0200 typo3-src (3.7.0-1) unstable; urgency=low * un-do package split because the way choosen was to simple -- Christian Leutloff Tue, 23 Nov 2004 21:13:46 +0100 typo3-src (3.7.0-0.2) experimental; urgency=low * Add dependency on libgd2-xpm (>= 2.0.28-2), as mentioned by renedustmann@maxx2.de in news:typo3.install.debian on 13.08.2004 to be a working combination. * add provides typo3-frontend/typo3-backend -- Christian Leutloff Thu, 4 Nov 2004 10:51:32 +0100 typo3-src (3.7.0-0.1) experimental; urgency=low * NMU, working towards inclusion into the Debian main archive * update to new upstream version * updated to Standards 3.6.1 * packaging reworked: split package in frontend and backend to allow installation of frontend only servers (as mentioned in the Typo3-Book) * packaging reworked: Undoing the "Move everything from /usr/share/typo3 to /var/lib/typo3 This solves all problems we had with symlinks. However, I think it is not really FHS-conform, so I'm still not happy with that." from 3.5.0-3 to be FHS and Debian conform. * manage "lastest" symlink in postinst and prerm * change package priority from extra to optional -- Christian Leutloff Wed, 3 Nov 2004 19:43:08 +0100 typo3-src (3.5.0-7) experimental; urgency=low * typo3-site-installer: complete rewrite * typo3-site-installer: added 2 more options (-a, -g) * the source of TYPO3 now belongs to root.root (was root.www-data) * example localconf.php: now using the im_noFramePrepended option * typo3-site-installer: manpage update * typo3-base now depends on apache or httpd (provided by apache-ssl, etc.) -- Michael Stucki Mon, 20 Oct 2003 23:00:24 +0200 typo3-src (3.5.0-6) experimental; urgency=low * removed dependency for apache and php4 in typo3-base * typo3-site-installer: one more bugfix in sed command -- Michael Stucki Tue, 16 Sep 2003 01:07:37 +0200 typo3-src (3.5.0-5) experimental; urgency=low * typo3-site-installer: Added README.Debian / removed obsolete documentation * Added a manpage for typo3-site-installer (thanks to Edelhard Becker) * typo3-site-installer.sh was renamed to typo3-site-installer * typo3-site-installer: accepts abolute paths now * typo3-site-installer: compatibility bugfix in sed command -- Michael Stucki Mon, 16 Jun 2003 18:11:53 +0100 typo3-src (3.5.0-4) experimental; urgency=low * Fixes in typo3-base preinst script * typo3-site-installer does no more need to download a dummysite archive -- Michael Stucki Thu, 5 Jun 2003 17:42:08 +0100 typo3-src (3.5.0-3) experimental; urgency=low * Added a localconf.php example * Added a new package "typo3-site-installer" that contains a little install helper * Added a new package "typo3-env" which depends on all needed components. "typo3-base" only recommends them, since you could still run your server without them. However it's easier to to an 'apt-get install typo3-env' since apt wouldn't worry about the recommendations else. * Fix wrong PHP short tags: '' => ' Thu, 5 Jun 2003 02:07:28 +0100 typo3-src (3.5.0-2) experimental; urgency=low * Change ownership of /var/lib/typo3 to www-data (webserver could not write global extensions before) * Fix problem with some missing files by adding symlinks in /var/lib/typo3/ (this is only a workaround, I am not happy with this solution...) -- Michael Stucki Wed, 26 Mar 2003 15:40:44 +0100 typo3-src (3.5.0-1) experimental; urgency=low * New upstream release * Move /var/cache/typo3 to /var/lib/typo3 (this was wrong, since extensions are not really cache files...) -- Michael Stucki Sat, 22 Feb 2003 17:16:24 +0100 typo3-src (3.5b5-5) experimental; urgency=low * Alter contents of debian/executables * Update TODO notes * Move typo3/ext to /var/cache/typo3/ /ext (keep read-only for now) * t3lib/config_default.php: Change 'TTFdpi' from 72 to 96 -- Michael Stucki Tue, 11 Feb 2003 13:39:04 +0100 typo3-src (3.5b5-4) experimental; urgency=low * Update TODO notes * Move typo3/temp to /var/cache/typo3/ /temp * Do some code cleanup in debian/rules -- Michael Stucki Thu, 6 Feb 2003 19:57:37 +0100 typo3-src (3.5b5-3) experimental; urgency=low * Fix some dependencies -- Michael Stucki Thu, 6 Feb 2003 05:39:51 +0100 typo3-src (3.5b5-2) experimental; urgency=low * Add a note in README.Debian about how to use this package at all * Fix Lintian complains: Small changes in copyright file * Add recommendation for php4-cgi (used by some direct_mail scripts) * Fix Lintian complains: Change ownership of /typo3/temp from root to www-data; remove write permission for group * Fix permissions for executable scripts * Add symlink that points to latest source installation -- Michael Stucki Sat, 1 Feb 2003 05:14:52 +0100 typo3-src (3.5b5-1) experimental; urgency=low * Initial Release. -- Michael Stucki Fri, 31 Jan 2003 12:31:54 +0100