[pkgsrc/pkgsrc-2009Q1]: pkgsrc/www/drupal Pullup ticket #2769 - requested by ...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c79e3605c13e
branches:  pkgsrc-2009Q1
changeset: 556822:c79e3605c13e
user:      tron <tron%pkgsrc.org@localhost>
date:      Fri May 15 11:30:51 2009 +0000

description:
Pullup ticket #2769 - requested by adrianp
drupal: security update

Revisions pulled up:
- www/drupal/Makefile           1.38-1.39
- www/drupal/distinfo           1.29-1.30
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Fri May  1 19:49:42 UTC 2009

Modified Files:
        pkgsrc/www/drupal: Makefile distinfo

Log Message:
Update to 5.17

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

* SA-CORE-2009-005 Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:

* #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg.
* #335741 by electricmonk. Do not recurse over non-objects.
* #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node.
* 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia.
* #112887 by ged3000. Adding Newfoundland DST
* #401494 by andypost. Correctly clear menu cache.
* #396224 by pwolanin: Further harden template file name discovery
* #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Thu May 14 19:37:02 UTC 2009

Modified Files:
        pkgsrc/www/drupal: Makefile distinfo

Log Message:
5.18

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

* SA-CORE-2009-006 Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:

* #396224 partial rollback of SA-CORE-2009-003 security hardening.
* #396224 adding missing documentation comment update. By dvessel and pwolanin.
* #267305 by brianV. Remove ?>.
* #305544 by jsenich. Add missing clear-block to admin by modules.
* #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient.

diffstat:

 www/drupal/Makefile |  4 ++--
 www/drupal/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (25 lines):

diff -r c5ea120a1af6 -r c79e3605c13e www/drupal/Makefile
--- a/www/drupal/Makefile       Fri May 15 10:43:35 2009 +0000
+++ b/www/drupal/Makefile       Fri May 15 11:30:51 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.37 2009/02/28 16:10:23 adrianp Exp $
+# $NetBSD: Makefile,v 1.37.2.1 2009/05/15 11:30:51 tron Exp $
 
-DISTNAME=      drupal-5.16
+DISTNAME=      drupal-5.18
 CATEGORIES=    www
 MASTER_SITES=  http://drupal.org/files/projects/
 
diff -r c5ea120a1af6 -r c79e3605c13e www/drupal/distinfo
--- a/www/drupal/distinfo       Fri May 15 10:43:35 2009 +0000
+++ b/www/drupal/distinfo       Fri May 15 11:30:51 2009 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.28 2009/02/28 16:10:23 adrianp Exp $
+$NetBSD: distinfo,v 1.28.2.1 2009/05/15 11:30:51 tron Exp $
 
-SHA1 (drupal-5.16.tar.gz) = 3dd95ece9570e5a889b9869a50608797b2976b19
-RMD160 (drupal-5.16.tar.gz) = e79aa1fa15f5822dc32790d3f0f86ed4c9f6a8b0
-Size (drupal-5.16.tar.gz) = 766247 bytes
+SHA1 (drupal-5.18.tar.gz) = 54d0d77759bd6a9335c1701f233c5cc8aa2cae5f
+RMD160 (drupal-5.18.tar.gz) = b5d3a8fc6b42623415ced73fe6c34fdd84241693
+Size (drupal-5.18.tar.gz) = 766788 bytes