pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/drupal This release fixes security vulnerabilities...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a2888fce77dc
branches:  trunk
changeset: 548213:a2888fce77dc
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sun Oct 12 00:32:31 2008 +0000

description:
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-2008-060 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed in the 5.11 release:

* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* 296096 by Damien Tournoud. Fix 5.10 Postgres install & update.
* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* 181831 by Rob Loach. Backport of #130630 by chx: provide an id on the form item wrapper div.
* 283026 by Damien Tournoud. Make user_authenticate from external source (for existing users) work with no server part.
* 298535 by mkalkbrenner. Correct HTTP status code for failed connection.
* 108717 by add1sun and neclimdul. Code style.
* - Patch 230932 by ryanlath: file_scan_directory() didn't scan the directory called '0'. Backport by cridenour.
* follow up to 280621 by lilou: the object tag was disallowed in a previous version in filter_xss_admin(), so disallow param as well, which is only meaningful inside an object tag
* 208270 reported by Dries, patch by jvandyk: it was not possible to clear the XML-RPC error cache, making it impossible to do multiple queries in one request. Add xmlrpc_clear_error() and slightly 
modify xmlrpc_error() to fix.
* - Patch 308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc.
* 67895 patch by goba, tested by JirkaRybka and blackdog: move poll votes with poll options, when an option is removed, instead of dropping all old votes, solving an old data loss bug. Backport by 
dww.
* 312730 by Damien Tournoud. hook_requirements('install') should work for modules that don't reside in the main './modules' folder.

diffstat:

 www/drupal/Makefile |  4 ++--
 www/drupal/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (25 lines):

diff -r 21e1be047fd3 -r a2888fce77dc www/drupal/Makefile
--- a/www/drupal/Makefile       Sat Oct 11 22:34:48 2008 +0000
+++ b/www/drupal/Makefile       Sun Oct 12 00:32:31 2008 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2008/08/15 15:54:08 taca Exp $
+# $NetBSD: Makefile,v 1.33 2008/10/12 00:32:31 adrianp Exp $
 
-DISTNAME=      drupal-5.10
+DISTNAME=      drupal-5.11
 CATEGORIES=    www
 MASTER_SITES=  http://drupal.org/files/projects/
 
diff -r 21e1be047fd3 -r a2888fce77dc www/drupal/distinfo
--- a/www/drupal/distinfo       Sat Oct 11 22:34:48 2008 +0000
+++ b/www/drupal/distinfo       Sun Oct 12 00:32:31 2008 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.23 2008/08/15 15:54:08 taca Exp $
+$NetBSD: distinfo,v 1.24 2008/10/12 00:32:31 adrianp Exp $
 
-SHA1 (drupal-5.10.tar.gz) = 0c722d75608e25039ffee448a450721aba1de64a
-RMD160 (drupal-5.10.tar.gz) = d424e59aad91e7e6a95c101b0bdc98c19ae3a686
-Size (drupal-5.10.tar.gz) = 762496 bytes
+SHA1 (drupal-5.11.tar.gz) = 79eada127a061052a922ba95d6daaf19bc8e81e5
+RMD160 (drupal-5.11.tar.gz) = ca90143c58927001d38b6dd96750d1b7acce9aab
+Size (drupal-5.11.tar.gz) = 764279 bytes



Home | Main Index | Thread Index | Old Index