CVS commit: pkgsrc/www/drupal6

[Adrian Portelli <adrianp%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adrianp
Date:           Sat Feb 28 16:11:20 UTC 2009

Modified Files:
        pkgsrc/www/drupal6: Makefile distinfo

Log Message:
This release fixes a security vulnerability. Sites are urged to upgrade 
immediately after reading the security announcement:

    * SA-CORE-2009-003 - Local file inclusion on Windows

In addition to this security vulnerability, the following bugs have been fixed 
since the 6.9 release:

    * - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg 
is available. Drupal.org upgrade blocker.
    * #310863 by bangpound, dboulet, catch, lee20: Locale variable results in 
locale module install, so skip adding empty variable when not needed.
    * #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() 
should set its static variable to NULL instead of unset()-ing it, so it does 
not retain its value
    * #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: 
the link argument is passed by reference to menu_link_save(), so avoid 
overwriting local variables in menu_enable().
    * #62926 by karschsp: increase the free tagging field maximum length to 
1024; the database limits are per-tag.
    * #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active 
class to links in l() and theme_links(), if the language was set and is the 
current language or if the language was not set on the link
    * #365183 by Eaton: node_feed() did not use the same API functions as 
node_view() did, so custom fields were missing from the output
    * #356721 by c960657, Dave Reid: remove static caching of the clean URLs 
setting in url() to help automated tests; the setting is cached through 
variable_get(), which however allows altering of the setting
    * #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive 
invocations of actions_do(), instead of tracking/limiting them all.
    * #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the 
body was turned off to avoid a minor notice.
    * #359918 by Dave Reid: database.inc documents the 'unique key' key, while 
it should be 'unique keys'
    * #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 
'label' tags on checkboxes and radio buttons, even if the 'label' wraps the 
element - accessibility best practice
    * #314286 backport of some of #229129 by assimonds: disbaled checkboxes did 
not receive their values properly from the default value set
    * #243524 by christefano, chx: our phpinfo page was very limited; give all 
info possible instead
    * #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move 
the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks 
on them now that they are always defined
    * #276174 by nbz, John Morahan, slightly modified: do not escape username 
more then once at multiple places in blog.module
    * #310768 by bob_hirnlego, cdale: missing primary table and field 
specification in db_rewrite_sql() when called from taxonomy_overview_terms()
    * #363262 by catch, chx: in Drupal 6, the url_alias table introduced a 
language column, but did not extend its index to that; though queries are 
formed on src and language
    * #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its 
first submission and menu_nodeapi() by reference, so that any modifications of 
the item in the saving process will carry over to other submit handlers; making 
itpossible to write modules extending menu item manipulation
    * - Patch #383318 by mr.baileys: incorrect memory shortage warning when 
memory limit is unlimited.
    * #337162 by midkemia and ainigma32: keep the Drupal 5 menu items 
descriptions when upgrading to Drupal 6
    * - Patch #381438 by drumm: do not use page cache for drupal.sh requests.
    * #109588 by fago, cdale: use the existing user account objects instead of 
arg() checks, as well as fix use of where it should be
    * #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query 
in system_update_6001() since PostreSQL does not support that
    * #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and 
parenthesis appearing in the output for the search index in search_nodeapi()
    * #383724 by Heine, bjaspan: SA-CORE-2009-003


To generate a diff of this commit:
cvs rdiff -r1.12 -r1.13 pkgsrc/www/drupal6/Makefile
cvs rdiff -r1.8 -r1.9 pkgsrc/www/drupal6/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.