CVS commit: pkgsrc/www/drupal6

[Adrian Portelli <adrianp%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adrianp
Date:           Wed Dec 10 23:57:52 UTC 2008

Modified Files:
        pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.7

The seventh maintenance and security release of the Drupal 6 series. Only fixes 
for security vulnerabilities and other bugs have been committed. New features 
are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade 
immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed 
since the 6.6 release:

* - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum 
topic listings.
* - Patch #329019 by dww, sun: fixed PHP warning.
* #315739 by sun: The theme name is in arg(4) on the block admin page, so only 
redirect to theme specific page if that is set.
* - Patch #329646 by Damien Tournoud: properly reset user_access().
* - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated 
CSS to fail.
* #329998 by pwolanin: escape markup looking non-HTML tags in schema 
descriptions
* #258089 by JohnAlbin, Arancaytar, merlinofchaos: themes cannot have a 
preprocess function without a corresponding .tpl.php file
* #255150 by dropcube, tested by catch, asimmonds: content type names were 
double escaped on create content page
* #329660 by pwolanin: node_configure_validate() should be replaced with a 
#submit handler to conform to FormAPI rules
* #299742 by Darren Oh: missing #ahah support on checkboxes
* #193580 follow up by gpk: late but important changelog entry for Drupal 6.0
* #302638 by pwolanin: avoid running several no-op queries while the menu is 
being rebuilt; improves performance
* Rolling back #302638, it caused problems reported in #328110
* #319165 by Alex_Tutubalin: add explicit UTF-8 client encoding setting for 
PostgreSQL
* - Patch #277644 by lilou: documentation improvement.
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be 
consistent with the database.
* - Patch #337454 by earnie: fixed the phpdoc of drupal_render_form().
* - Patch #293370 by swentel et al: make block sorting work when there are more 
than 20 blocks.
* - Patch #325908 by kbahey: removed redundant cache flusing.
* - Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
* - Patch #336115 by Nedjo: better documentation for t().
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is 
lowercased and only valid characters are allowed.
* #280934 follow up by pwolanin: harden the cookie handling in 
sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus 
reducing the risk of session stealing via XSS
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN 
metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of 
items to make stuff easier to find.
* #305653 by snowball43, cdale, Dave Reid, sun: All themes were disabled when 
update.php was run
* #344661 by Dave Reid: fix phpdoc documentation on 
translation_translation_link_alter()
* #333060 by neclimdul, merlinofchaos, dvessel: child themes did not inherit 
patterns correctly, so more specific template files are not detected
* #206138 by pwolanin et al: little documentation fix for node base module name 
handling
* #276111 by pwolanin, meba and myself: disallow possibly dangerous submissions 
in locale translations and imports
* #345167 by JacobSingh, pwolanin, Heine: drupal_http_request() includes an 
extra CRLF, not conformant to HTTP specs

http://drupal.org/node/345462


To generate a diff of this commit:
cvs rdiff -r1.9 -r1.10 pkgsrc/www/drupal6/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/www/drupal6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.