CVS commit: [pkgsrc-2007Q4] pkgsrc/www/drupal

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2007Q4] pkgsrc/www/drupal
From: Geert Hendrickx <ghen%netbsd.org@localhost>
Date: Tue, 15 Jan 2008 09:03:07 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   ghen
Date:           Tue Jan 15 09:03:07 UTC 2008

Modified Files:
        pkgsrc/www/drupal [pkgsrc-2007Q4]: Makefile distinfo

Log Message:
Pullup ticket 2268 - requested by adrianp
security update for drupal

- pkgsrc/www/drupal/Makefile                            1.26
- pkgsrc/www/drupal/distinfo                            1.19

   Module Name: pkgsrc
   Committed By:        adrianp
   Date:                Fri Jan 11 12:37:11 UTC 2008

   Modified Files:
           pkgsrc/www/drupal: Makefile distinfo

   Log Message:
   Update to 5.6

   This release fixes security vulnerabilities. Sites are urged to upgrade 
immediately. For more details, please see the security announcement:
   SA-2008-005 - Drupal core - Cross site request forgery
   SA-2008-006 - Drupal core - Cross site scripting (UTF8)
   SA-2008-007 - Drupal core - Cross site scripting (register_globals)

   In addition to this security vulnerability, the following bugs have been 
fixed since the 5.5 release:
   173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
   179164 by Heine: sort modules by name on the module admin page
   199640 by webernet: (usability) add option to select no taxonomy term in 
multiselect forms, not to rely on browser trickery
   199084 by chx: better conformance with ISO date formats in our xmlrpc code
   173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: 
document support in url() and l() and proper active class support for .
   89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll 
editing.
   64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue 
since it is a count() query.
   200338 by m3avrck and quicksketch: fix transparent GIF resizing
   194652 by Heine: specify explicit accept-charset for forms to avoid browser 
guessing
   182410 by greggles: HTTP Basic authentication username and password was 
parsed in drupal_http_request() but then not used in the request
   - Patch 201894 by David Rothstein: fixed typo in user output.
   180126 by mmoreno, drewish and scor: add realpath() call to 
file_save_data(), so Windows will create temporary files properly
   115689 by chx: new content types should not overwrite old ones. Backport by 
Pancho.
   203727 by Arancaytar. More effectively use hook API.
   204855 by webernet. Add missing * in documentation.
   168315 by schuyler1d: previous active database name was not consistently 
returned in db_set_active()
   - Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, 
not in mega bytes.
   194579 patch by pwolanin: clear filter cache when allowed HTML tags 
configuration changes in an input format
   #166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages.
   58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN 
on editing.
   Partial backport of 112715 to fix 124641.

   Changes from 5.4 -> 5.5
   Fixed missing missing brackets in a query in the user module.
   Fixed taxonomy feed bug introduced by SA-2007-031


To generate a diff of this commit:
cvs rdiff -r1.25 -r1.25.2.1 pkgsrc/www/drupal/Makefile
cvs rdiff -r1.18 -r1.18.2.1 pkgsrc/www/drupal/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2007Q4] pkgsrc/time/kronolith
Next by Date: CVS commit: [pkgsrc-2007Q4] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2007Q4] pkgsrc/time/kronolith
Next by Thread: CVS commit: [pkgsrc-2007Q4] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index