pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2009Q1] pkgsrc/www/drupal6



Module Name:    pkgsrc
Committed By:   tron
Date:           Fri May 15 11:36:43 UTC 2009

Modified Files:
        pkgsrc/www/drupal6 [pkgsrc-2009Q1]: Makefile distinfo

Log Message:
Pullup ticket #2770 - requested by adrianp
drupal6: security update

- www/drupal6/Makefile                          1.14-1.15
- www/drupal6/distinfo                          1.10-1.11
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Fri May  1 19:50:35 UTC 2009

Modified Files:
        pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.11

This release fixes a security vulnerability. Sites are urged to upgrade 
immediately after reading the security announcement:

    * SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed 
since the 6.10 release:

    * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; 
resulted in issue in logic not code flow
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum 
module instead of hook_link_alter(); simplfies code, improves performance and 
compatibility.
    * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML 
markup in update.php output
    * #372914 by chx, pwolanin, webchick: Menu link title localization was 
broken when a non-t callback was used
    * #395086 by Freso: call trim() before truncate_utf8() in comment module 
for better quality truncation.
    * #404244 by cwgordon7: minor code style fix in openid_help().
    * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 
twice and did not pass a3 to the action when the action type was other then node
    * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was 
separated by one blank line, thus disconnecting it for the API docs parser
    * #408962 by brianV: improve phpdoc documentation for 
menu_tree_collect_node_links() and menu_tree_check_access().
    * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask 
for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
    * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, 
akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set 
by drupal_not_found() or drupal_access_denied() so that we can properly 
redirect from those pages.
    * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ 
location.hash).offset() does not alway return an object, which breaks all 
JavaScript on the page, so check for the return value before using it.
    * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch 
API compatible with drupal_execute(), so things like creating a CCK type or 
adding fields to it (by submitting forms programatically) are possible in 
update functions
    * #365996 by sammys: the correct full name for the timestamp field in 
postgresql is timestamp without time zone; improve compatibility with 
PostgreSQL / schema module
    * #279233 by Aren Cambre, jbomb: Message printed when email is not being 
possible to send was informal and had a grammar problem.
    * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
    * - Patch #372414 by JohnAlbin: don't output empty div when no comment 
exist.
    * - Patch #228477 by anuradha: corrected Sinhala language.
    * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() 
validators.
    * #382096 by Arancaytar: clean up #maxlength use in the installer; remove 
arbitrary 45 character limits, put reasonable limits in place where it makes 
sense
    * #330084 by c960657: Remove unnecessary duplication of the From header 
value in Reply-to; standards indicate setting the From header should be 
sufficient
    * #385602 by Damien Tournoud, desbeers: log messages were not remembered on 
node preview
    * #437120 by mfb: avoid double escaping of taxonomy term names in feed 
links and channel titles
    * #437930 by soxofaan: remove unnecessary tabindex attribute from login 
form; makes altering harder
    * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was 
matching on prefixes of node paths instead of the node paths themselves (and 
possible subtabs)
    * #401304 by Darren Oh: make conditional in statistics_link() more explicit 
to catch node related invocations
    * #363262 follow up by Dave Reid: fix phpdoc comments on update functions 
to properly mark update functions added after 6.0 was released
    * #317775 by Starminder, pwolanin: do not store the menu router table 
serialized in cache, since it cases more performance problems then it solves
    * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in 
Garland, so nodes do no overlap the messages area on the page
    * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table 
cache_flush variables to avoid not flushing all but the first table when 
multiple tables are cleared
    * #445600 by Rob Loach: allow for as few as 1 required word in submission 
of a node of a content type if the admin wants to set so
    * #343415 by Damien Tournoud: the form cache is not automatically cleared 
on submit if the page cache is activated
    * Rolling back #343415 given disputes around its change in Drupal 7.
    * #229660 by Dave Reid: use theme('username', ...) to display usernames on 
the user contact page
    * #447700 by dww: Earl Miles is not update.module maintainer anymore
    * #431148 by pwolanin, dww: Make it easier to visually distinguish security 
updates on Updates report
    * #396224 by pwolanin: Further harden template file name discovery
    * #220592 by dww and pwolanin: Always use the database for caching in 
update module, so that drupal.org project data persists. Improves both local 
and drupal.org site performance.
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Thu May 14 19:38:02 UTC 2009

Modified Files:
        pkgsrc/www/drupal6: Makefile distinfo

Log Message:
6.12

The twelfth maintenance and security release of the Drupal 6 series. Only fixes 
for security vulnerabilities and other bugs have been committed. New features 
are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade 
immediately after reading the security announcement:

    * SA-CORE-2009-006 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed 
since the 6.11 release:

* #353328 by catch, BrianV: When a new commment is added, the redirection path 
should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate 
over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 
pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out 
the update status cache, just like the modules admin form does.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.13.2.1 pkgsrc/www/drupal6/Makefile
cvs rdiff -u -r1.9 -r1.9.2.1 pkgsrc/www/drupal6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.



Home | Main Index | Thread Index | Old Index