www/contao35: update to 3.5.35

Version 3.5.35 (2018-04-18)
---------------------------

### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).

CVE-2018-10125

With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log.  The attacker themselves
does not have to be logged in.

The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.

www/contao35/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.38 2018/03/06 16:25:38 taca Exp $
+# $NetBSD: Makefile,v 1.39 2018/04/23 14:00:17 taca Exp $
 #
 
 DISTNAME=	contao-${CT_PKGVER}
@@ -20,7 +20,7 @@ DEPENDS+=	${PHP_PKG_PREFIX}-soap>=5.4.0:../../net/php-soap
 DEPENDS+=	${PHP_PKG_PREFIX}-curl>=5.4.0:../../www/php-curl
 DEPENDS+=	${PHP_PKG_PREFIX}-zlib>=5.4.0:../../archivers/php-zlib
 
-CT_VERSION=	3.5.34
+CT_VERSION=	3.5.35
 USE_TOOLS=	bash:run pax
 NO_BUILD=	yes
 FILESDIR?=	${.CURDIR}/files

www/contao35/distinfo

@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.30 2018/03/06 16:25:38 taca Exp $
+$NetBSD: distinfo,v 1.31 2018/04/23 14:00:17 taca Exp $
 
-SHA1 (contao-3.5.34.tar.gz) = 3f44d54b499b2e3539f2a41ca8cbfd01e1de1ef9
-RMD160 (contao-3.5.34.tar.gz) = f59840bdbf74f2eb1e6a1682375a85ea95371962
-SHA512 (contao-3.5.34.tar.gz) = c31f207157ae4db9d4a202584450989980afa20011a3779dff89004122e59d294ed11c664fc1a7b8701d6d22b5b1714a49f255220c525d5f4b40e4bad76c5b48
-Size (contao-3.5.34.tar.gz) = 11203406 bytes
+SHA1 (contao-3.5.35.tar.gz) = 398499e9e817e3f207a445135c654b7802e02a54
+RMD160 (contao-3.5.35.tar.gz) = 44ce17190a219f85740a490a8599e2edb5db9111
+SHA512 (contao-3.5.35.tar.gz) = 8131e0aaf2d54c51c624206ffd14fba8b3a46621eab93d19bc499cb041a6827f907e94a4d39fd13dfb63500e5c5e3187c267c63d8d993ca1308856b82e4297f8
+Size (contao-3.5.35.tar.gz) = 11203496 bytes