CVS commit: pkgsrc/www/drupal6

[Adrian Portelli <adrianp%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adrianp
Date:           Fri May  1 19:50:35 UTC 2009

Modified Files:
        pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.11

This release fixes a security vulnerability. Sites are urged to upgrade 
immediately after reading the security announcement:

    * SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed 
since the 6.10 release:

    * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; 
resulted in issue in logic not code flow
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum 
module instead of hook_link_alter(); simplfies code, improves performance and 
compatibility.
    * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML 
markup in update.php output
    * #372914 by chx, pwolanin, webchick: Menu link title localization was 
broken when a non-t callback was used
    * #395086 by Freso: call trim() before truncate_utf8() in comment module 
for better quality truncation.
    * #404244 by cwgordon7: minor code style fix in openid_help().
    * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 
twice and did not pass a3 to the action when the action type was other then node
    * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was 
separated by one blank line, thus disconnecting it for the API docs parser
    * #408962 by brianV: improve phpdoc documentation for 
menu_tree_collect_node_links() and menu_tree_check_access().
    * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask 
for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
    * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, 
akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set 
by drupal_not_found() or drupal_access_denied() so that we can properly 
redirect from those pages.
    * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ 
location.hash).offset() does not alway return an object, which breaks all 
JavaScript on the page, so check for the return value before using it.
    * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch 
API compatible with drupal_execute(), so things like creating a CCK type or 
adding fields to it (by submitting forms programatically) are possible in 
update functions
    * #365996 by sammys: the correct full name for the timestamp field in 
postgresql is timestamp without time zone; improve compatibility with 
PostgreSQL / schema module
    * #279233 by Aren Cambre, jbomb: Message printed when email is not being 
possible to send was informal and had a grammar problem.
    * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
    * - Patch #372414 by JohnAlbin: don't output empty div when no comment 
exist.
    * - Patch #228477 by anuradha: corrected Sinhala language.
    * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() 
validators.
    * #382096 by Arancaytar: clean up #maxlength use in the installer; remove 
arbitrary 45 character limits, put reasonable limits in place where it makes 
sense
    * #330084 by c960657: Remove unnecessary duplication of the From header 
value in Reply-to; standards indicate setting the From header should be 
sufficient
    * #385602 by Damien Tournoud, desbeers: log messages were not remembered on 
node preview
    * #437120 by mfb: avoid double escaping of taxonomy term names in feed 
links and channel titles
    * #437930 by soxofaan: remove unnecessary tabindex attribute from login 
form; makes altering harder
    * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was 
matching on prefixes of node paths instead of the node paths themselves (and 
possible subtabs)
    * #401304 by Darren Oh: make conditional in statistics_link() more explicit 
to catch node related invocations
    * #363262 follow up by Dave Reid: fix phpdoc comments on update functions 
to properly mark update functions added after 6.0 was released
    * #317775 by Starminder, pwolanin: do not store the menu router table 
serialized in cache, since it cases more performance problems then it solves
    * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in 
Garland, so nodes do no overlap the messages area on the page
    * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table 
cache_flush variables to avoid not flushing all but the first table when 
multiple tables are cleared
    * #445600 by Rob Loach: allow for as few as 1 required word in submission 
of a node of a content type if the admin wants to set so
    * #343415 by Damien Tournoud: the form cache is not automatically cleared 
on submit if the page cache is activated
    * Rolling back #343415 given disputes around its change in Drupal 7.
    * #229660 by Dave Reid: use theme('username', ...) to display usernames on 
the user contact page
    * #447700 by dww: Earl Miles is not update.module maintainer anymore
    * #431148 by pwolanin, dww: Make it easier to visually distinguish security 
updates on Updates report
    * #396224 by pwolanin: Further harden template file name discovery
    * #220592 by dww and pwolanin: Always use the database for caching in 
update module, so that drupal.org project data persists. Improves both local 
and drupal.org site performance.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/drupal6/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/drupal6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.