pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/drupal

Module Name:    pkgsrc
Committed By:   adrianp
Date:           Wed Dec 10 23:55:39 UTC 2008

Modified Files:
        pkgsrc/www/drupal: Makefile distinfo

Log Message:
Update to 5.13

This release fixes security vulnerabilities. Sites are urged to upgrade 
immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed 
since the 5.12 release:

* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some 
cached requests.
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without 
cookies previously set; allows web service modules to start a session with the 
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post 
comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in 
sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus 
reducing the risk of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is 
lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN 
metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of 
items to make stuff easier to find.

To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/www/drupal/Makefile
cvs rdiff -r1.25 -r1.26 pkgsrc/www/drupal/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index