pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2009Q1]: pkgsrc/www/drupal6 Pullup ticket #2770 - requested by...
details: https://anonhg.NetBSD.org/pkgsrc/rev/46c8a9510514
branches: pkgsrc-2009Q1
changeset: 556823:46c8a9510514
user: tron <tron%pkgsrc.org@localhost>
date: Fri May 15 11:36:43 2009 +0000
description:
Pullup ticket #2770 - requested by adrianp
drupal6: security update
- www/drupal6/Makefile 1.14-1.15
- www/drupal6/distinfo 1.10-1.11
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 1 19:50:35 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
Update to 6.11
This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-005 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:
* #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
* #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
* #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
* #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
* #404244 by cwgordon7: minor code style fix in openid_help().
* #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node
* #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser
* #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access().
* #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
* #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or
drupal_access_denied() so that we can properly redirect from those pages.
* #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value
before using it.
* #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms
programatically) are possible in update functions
* #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module
* #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem.
* - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
* - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
* - Patch #228477 by anuradha: corrected Sinhala language.
* - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators.
* #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense
* #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient
* #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview
* #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles
* #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder
* #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs)
* #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations
* #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released
* #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves
* #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page
* #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared
* #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so
* #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated
* Rolling back #343415 given disputes around its change in Drupal 7.
* #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page
* #447700 by dww: Earl Miles is not update.module maintainer anymore
* #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report
* #396224 by pwolanin: Further harden template file name discovery
* #220592 by dww and pwolanin: Always use the database for caching in update module, so that drupal.org project data persists. Improves both local and drupal.org site performance.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu May 14 19:38:02 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log Message:
6.12
The twelfth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming
Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-006 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed since the 6.11 release:
* #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does.
diffstat:
www/drupal6/Makefile | 4 ++--
www/drupal6/distinfo | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diffs (25 lines):
diff -r c79e3605c13e -r 46c8a9510514 www/drupal6/Makefile
--- a/www/drupal6/Makefile Fri May 15 11:30:51 2009 +0000
+++ b/www/drupal6/Makefile Fri May 15 11:36:43 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.13 2009/02/28 16:11:20 adrianp Exp $
+# $NetBSD: Makefile,v 1.13.2.1 2009/05/15 11:36:43 tron Exp $
-DISTNAME= drupal-6.10
+DISTNAME= drupal-6.12
CATEGORIES= www
MASTER_SITES= http://drupal.org/files/projects/
diff -r c79e3605c13e -r 46c8a9510514 www/drupal6/distinfo
--- a/www/drupal6/distinfo Fri May 15 11:30:51 2009 +0000
+++ b/www/drupal6/distinfo Fri May 15 11:36:43 2009 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.9 2009/02/28 16:11:20 adrianp Exp $
+$NetBSD: distinfo,v 1.9.2.1 2009/05/15 11:36:43 tron Exp $
-SHA1 (drupal-6.10.tar.gz) = fcdaa4f1eb10678a11e888c70aeeb0b9c84da6c6
-RMD160 (drupal-6.10.tar.gz) = 5ebc65ceea59633fd0cd348d3bf420edf9b4c8ff
-Size (drupal-6.10.tar.gz) = 1076404 bytes
+SHA1 (drupal-6.12.tar.gz) = f012175e3a342c088059f4424db9f877b292fe89
+RMD160 (drupal-6.12.tar.gz) = 0b30b2d87278fbd9892d107b12f1f63b1e9d2d72
+Size (drupal-6.12.tar.gz) = 1079251 bytes
Home |
Main Index |
Thread Index |
Old Index