Up to [cvs.NetBSD.org] / pkgsrc / www / drupal
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Remove drulal, old drupal version 5 based pacakge. Plese use drupal6 or drupal7 for now.
Pullup ticket #3667 - requested by taca www/drupal6: security update Revisions pulled up: - www/drupal/Makefile 1.49 - www/drupal6/Makefile 1.30-1.31 - www/drupal6/distinfo 1.22 - www/drupal7/Makefile 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Jan 29 22:27:27 UTC 2012 Modified Files: pkgsrc/www/drupal: Makefile pkgsrc/www/drupal6: Makefile pkgsrc/www/drupal7: Makefile Log Message: Remove CONFLICTS since these pacakges have the same PKGBASE. Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change. --- Module Name: pkgsrc Committed By: taca Date: Wed Feb 1 23:54:40 UTC 2012 Modified Files: pkgsrc/www/drupal6: Makefile distinfo Log Message: Update drupal6 package to 6.23. Drupal 6.23, 2012-02-01 ---------------------- - Fixed security issues (Cross site scripting), see SA-CORE-2012-001.
Remove CONFLICTS since these pacakges have the same PKGBASE. Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change.
Bump PKGREVISION from PHP_VERSION_DEFAULT changes.
Change exactly dependency on php for * PKG_PHP_VERSION=5, not accept lang/php53 package. * PKG_PHP_VERSION=53, not try to install lang/php5
No need to buildlink with database library. Bump PKGREVISION to relax dependency on db library.
Remove the case of PKG_PHP_VERSION is 4. No functional change.
Pullup ticket #3037 - requested taca drupal: security update Revisions pulled up: - www/drupal/Makefile 1.44 - www/drupal/distinfo 1.34 --- Module Name: pkgsrc Committed By: taca Date: Thu Mar 4 01:29:39 UTC 2010 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update drupal package to 5.22. Drupal 5.22, 2010-03-03 ----------------------- - Fixed security issues (Open redirection, Locale module cross site scripting, Blocked user session regeneration), see SA-CORE-2010-001.
Update drupal package to 5.22. Drupal 5.22, 2010-03-03 ----------------------- - Fixed security issues (Open redirection, Locale module cross site scripting, Blocked user session regeneration), see SA-CORE-2010-001.
Pullup ticket 2950 - requested by taca security update Revisions pulled up: - pkgsrc/www/drupal/Makefile most of the diff 1.42-1.43 - pkgsrc/www/drupal/PLIST 1.9 - pkgsrc/www/drupal/distinfo 1.33 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Sat Dec 19 09:20:23 UTC 2009 Modified Files: pkgsrc/www/drupal: Makefile PLIST distinfo Log Message: Update www/drupal package to 5.21, fixing security problem. Drupal 5.21, 2009-12-16 ----------------------- - Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. - Fixed a variety of small bugs. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 pkgsrc/www/drupal/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/drupal/PLIST cvs rdiff -u -r1.32 -r1.33 pkgsrc/www/drupal/distinfo
Update www/drupal package to 5.21, fixing security problem. Drupal 5.21, 2009-12-16 ----------------------- - Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. - Fixed a variety of small bugs.
PKG_DESTDIR_SUPPORT
Pullup ticket #2904 - requested by taca drupal: security update Revisions pulled up: - www/drupal/Makefile 1.41 - www/drupal/distinfo 1.32 --- Module Name: pkgsrc Committed By: taca Date: Tue Sep 29 13:39:58 UTC 2009 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update www/drupal package to 5.20 to fix security problem. pkgsrc change: add LICENSE. Drupal 5.20, 2009-09-16 ----------------------- - Avoid security problems resulting from writing Drupal 6-style menu declarations. - Fixed security issues (session fixation), see SA-CORE-2009-008. - Fixed a variety of small bugs.
Update www/drupal package to 5.20 to fix security problem. pkgsrc change: add LICENSE. Drupal 5.20, 2009-09-16 ----------------------- - Avoid security problems resulting from writing Drupal 6-style menu declarations. - Fixed security issues (session fixation), see SA-CORE-2009-008. - Fixed a variety of small bugs.
Pullup ticket #2819 - requested by adrianp drupal: security update Revisions pulled up: - www/drupal/Makefile 1.40 - www/drupal/distinfo 1.31 --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jul 16 18:11:07 UTC 2009 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-007 Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 5.18 release: * #212285 by wrwrwr: hr should be treated as a block level tag. Backport by alexanderpas. * #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-007 Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 5.18 release: * #212285 by wrwrwr: hr should be treated as a block level tag. Backport by alexanderpas. * #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
Pullup ticket #2769 - requested by adrianp drupal: security update Revisions pulled up: - www/drupal/Makefile 1.38-1.39 - www/drupal/distinfo 1.29-1.30 --- Module Name: pkgsrc Committed By: adrianp Date: Fri May 1 19:49:42 UTC 2009 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 5.17 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-005 Drupal core - Cross site scripting In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release: * #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg. * #335741 by electricmonk. Do not recurse over non-objects. * #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node. * 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia. * #112887 by ged3000. Adding Newfoundland DST * #401494 by andypost. Correctly clear menu cache. * #396224 by pwolanin: Further harden template file name discovery * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation. * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility. --- Module Name: pkgsrc Committed By: adrianp Date: Thu May 14 19:37:02 UTC 2009 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: 5.18 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-006 Drupal core - Cross site scripting In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release: * #396224 partial rollback of SA-CORE-2009-003 security hardening. * #396224 adding missing documentation comment update. By dvessel and pwolanin. * #267305 by brianV. Remove ?>. * #305544 by jsenich. Add missing clear-block to admin by modules. * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient.
5.18 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-006 Drupal core - Cross site scripting In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release: * #396224 partial rollback of SA-CORE-2009-003 security hardening. * #396224 adding missing documentation comment update. By dvessel and pwolanin. * #267305 by brianV. Remove ?>. * #305544 by jsenich. Add missing clear-block to admin by modules. * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient.
Update to 5.17 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-005 Drupal core - Cross site scripting In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release: * #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg. * #335741 by electricmonk. Do not recurse over non-objects. * #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node. * 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia. * #112887 by ged3000. Adding Newfoundland DST * #401494 by andypost. Correctly clear menu cache. * #396224 by pwolanin: Further harden template file name discovery * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation. * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-004 Drupal core - Local file inclusion on Windows In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release: * #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url() * #360038 by sun. Documentation improvement. * #179244 by tangent: line break filter operates on object element. * #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
The following bug has been fixed since the 5.13 release: * Rolling back #280934. PHP 4 incompatibility. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-CORE-2009-001 Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 5.14 release: * #348269 by Darren Oh. Add missing * in the expand_password_confirm() comment. * #202688. Backport from 6.x. * #103528 by gpk, hass & salvis. Provide a useful message when the color picker is disabled due to the download method. * #350708 by dww. Backport t() documentation improvements from D6. * #157353 by Freso and tangent. Remove a needless dash from RSS feed title. * #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas * #252921 by k4ml. Use correct placeholder. * #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text * - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database. * #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
Update to 5.13 This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-073 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed since the 5.12 release: * #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some cached requests. * #278821 by teezee. More isset() checking. * #293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication. * #123556 by maartenvg and dvdweide. Do not show empty user info categories. * #294450 by blakehall. Match up DB and form max length. * More code style removing trivial differences with 6.x. * #195161 by mcarbone with some modifications: only show 'login to post comments' if logging in actually lets you post comments. Backport by salvis. * - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc. * #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS * #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed. * #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal * #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find. http://drupal.org/node/345467
pullup ticket #2567 - requested by adrianp drupal: update package for security fixes revisions pulled up: pkgsrc/www/drupal/Makefile 1.33, 1.34 pkgsrc/www/drupal/distinfo 1.24, 1.25 Module Name: pkgsrc Committed By: adrianp Date: Sun Oct 12 00:32:31 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: This release fixes security vulnerabilities. Sites are urged to upgrade +immediately after reading the security announcement: * SA-2008-060 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed +in the 5.11 release: * - Patch 265899 by mfb: uri_brief mail token did not support https URLs. * - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by +non-SSL cookie. * 296096 by Damien Tournoud. Fix 5.10 Postgres install & update. * - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in +numeric order, not in definition order. * 181831 by Rob Loach. Backport of #130630 by chx: provide an id on the form +item wrapper div. * 283026 by Damien Tournoud. Make user_authenticate from external source (for +existing users) work with no server part. * 298535 by mkalkbrenner. Correct HTTP status code for failed connection. * 108717 by add1sun and neclimdul. Code style. * - Patch 230932 by ryanlath: file_scan_directory() didn't scan the directory +called '0'. Backport by cridenour. * follow up to 280621 by lilou: the object tag was disallowed in a previous +version in filter_xss_admin(), so disallow param as well, which is only +meaningful inside an object tag * 208270 reported by Dries, patch by jvandyk: it was not possible to clear the +XML-RPC error cache, making it impossible to do multiple queries in one +request. Add xmlrpc_clear_error() and slightly modify xmlrpc_error() to fix. * - Patch 308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc. * 67895 patch by goba, tested by JirkaRybka and blackdog: move poll votes with +poll options, when an option is removed, instead of dropping all old votes, +solving an old data loss bug. Backport by dww. * 312730 by Damien Tournoud. hook_requirements('install') should work for +modules that don't reside in the main './modules' folder. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: adrianp Date: Thu Oct 23 21:33:21 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 5.12 The twelfth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-067 - Drupal core - Multiple vulnerabilities
Update to 5.12 The twelfth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-067 - Drupal core - Multiple vulnerabilities
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-060 - Drupal core - Multiple vulnerabilities In addition to this security vulnerability, the following bugs have been fixed in the 5.11 release: * - Patch 265899 by mfb: uri_brief mail token did not support https URLs. * - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie. * 296096 by Damien Tournoud. Fix 5.10 Postgres install & update. * - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order. * 181831 by Rob Loach. Backport of #130630 by chx: provide an id on the form item wrapper div. * 283026 by Damien Tournoud. Make user_authenticate from external source (for existing users) work with no server part. * 298535 by mkalkbrenner. Correct HTTP status code for failed connection. * 108717 by add1sun and neclimdul. Code style. * - Patch 230932 by ryanlath: file_scan_directory() didn't scan the directory called '0'. Backport by cridenour. * follow up to 280621 by lilou: the object tag was disallowed in a previous version in filter_xss_admin(), so disallow param as well, which is only meaningful inside an object tag * 208270 reported by Dries, patch by jvandyk: it was not possible to clear the XML-RPC error cache, making it impossible to do multiple queries in one request. Add xmlrpc_clear_error() and slightly modify xmlrpc_error() to fix. * - Patch 308549 by lyrincz, Dave Reid: fixed broken link in PHPdoc. * 67895 patch by goba, tested by JirkaRybka and blackdog: move poll votes with poll options, when an option is removed, instead of dropping all old votes, solving an old data loss bug. Backport by dww. * 312730 by Damien Tournoud. hook_requirements('install') should work for modules that don't reside in the main './modules' folder.
pullup ticket #2487 - requested by taca drupal: update package for security fixes revisions pulled up: pkgsrc/www/drupal/Makefile 1.32 pkgsrc/www/drupal/PLIST 1.7 pkgsrc/www/drupal/distinfo 1.23 Module Name: pkgsrc Committed By: taca Date: Fri Aug 15 15:54:08 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile PLIST distinfo Log Message: Update drupal package to 5.10. Drupal 5.10, 2008-08-13 ----------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site scripting, Arbitrary file uploads via BlogAPI and Cross site request forgery), see SA-2008-047
Update drupal package to 5.10. Drupal 5.10, 2008-08-13 ----------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site scripting, Arbitrary file uploads via BlogAPI and Cross site request forgery), see SA-2008-047
pullup ticket #2469 - requested by adrianp drupal: update for security fix revisions pulled up: pkgsrc/www/drupal/Makefile 1.31 pkgsrc/www/drupal/distinfo 1.22 Module Name: pkgsrc Committed By: adrianp Date: Thu Jul 31 19:09:53 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-046 - Drupal core - Session fixation In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release: * #281042 by schuyler1d. Render blocks before CSS and JS header generation. * #232433 by Damien Tournoud. Use non-localized date for RSS. * #281494 by beeradb. Code style. * #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0. * #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility. * #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions * #280934. Make sure session is always regenerated.
This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement: * SA-2008-046 - Drupal core - Session fixation In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release: * #281042 by schuyler1d. Render blocks before CSS and JS header generation. * #232433 by Damien Tournoud. Use non-localized date for RSS. * #281494 by beeradb. Code style. * #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0. * #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility. * #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions * #280934. Make sure session is always regenerated.
Update to 5.8 All the details of the changes can be found here: http://drupal.org/node/280586 The main reason for this update is to fix a known security issue: http://drupal.org/node/280571
Second round of explicit pax dependencies. As reminded by tnn@, many packages used to use ${PAX}. Use the common way of directly calling pax, it is created as tool after all.
Add CONFLICTS for upcoming drupal 6 import
Drupal 5.7 * 208700 by pwolanin. Fix bad backport of #194579. Modified to use Form API. * 118569 by bevan: document how should one set RewriteBase, if under a VirtualDocumentRoot. Backport by Bart Jansens. * Patch 115606 by Junyor, thesaint_02: added support for PHP 5.2's 'recoverable fatal errors'. * 209409 by Heine, webernet, dww: more accurate register globals value checking
Pullup ticket 2268 - requested by adrianp security update for drupal - pkgsrc/www/drupal/Makefile 1.26 - pkgsrc/www/drupal/distinfo 1.19 Module Name: pkgsrc Committed By: adrianp Date: Fri Jan 11 12:37:11 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 5.6 This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement: SA-2008-005 - Drupal core - Cross site request forgery SA-2008-006 - Drupal core - Cross site scripting (UTF8) SA-2008-007 - Drupal core - Cross site scripting (register_globals) In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release: 173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files 179164 by Heine: sort modules by name on the module admin page 199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery 199084 by chx: better conformance with ISO date formats in our xmlrpc code 173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for . 89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing. 64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query. 200338 by m3avrck and quicksketch: fix transparent GIF resizing 194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing 182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request - Patch 201894 by David Rothstein: fixed typo in user output. 180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly 115689 by chx: new content types should not overwrite old ones. Backport by Pancho. 203727 by Arancaytar. More effectively use hook API. 204855 by webernet. Add missing * in documentation. 168315 by schuyler1d: previous active database name was not consistently returned in db_set_active() - Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes. 194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format #166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages. 58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing. Partial backport of 112715 to fix 124641. Changes from 5.4 -> 5.5 Fixed missing missing brackets in a query in the user module. Fixed taxonomy feed bug introduced by SA-2007-031
Update to 5.6 This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement: SA-2008-005 - Drupal core - Cross site request forgery SA-2008-006 - Drupal core - Cross site scripting (UTF8) SA-2008-007 - Drupal core - Cross site scripting (register_globals) In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release: 173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files 179164 by Heine: sort modules by name on the module admin page 199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery 199084 by chx: better conformance with ISO date formats in our xmlrpc code 173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for . 89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing. 64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query. 200338 by m3avrck and quicksketch: fix transparent GIF resizing 194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing 182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request - Patch 201894 by David Rothstein: fixed typo in user output. 180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly 115689 by chx: new content types should not overwrite old ones. Backport by Pancho. 203727 by Arancaytar. More effectively use hook API. 204855 by webernet. Add missing * in documentation. 168315 by schuyler1d: previous active database name was not consistently returned in db_set_active() - Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes. 194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format #166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages. 58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing. Partial backport of 112715 to fix 124641. Changes from 5.4 -> 5.5 Fixed missing missing brackets in a query in the user module. Fixed taxonomy feed bug introduced by SA-2007-031
Pullup ticket 2240 - requested by adrianp security update for drupal - pkgsrc/www/drupal/Makefile 1.25 - pkgsrc/www/drupal/distinfo 1.18 Module Name: pkgsrc Committed By: adrianp Date: Wed Dec 5 23:16:19 UTC 2007 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: This release fixes a security vulnerability. Sites are urged to upgrade immediately. For more details, please see the security announcement: * SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release: * 178478 by scor: typo in text displyed when the DB is installed but not accessible * Patch 122759 by Robrecht: fixed broken query in upgrade path. * 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited * Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level. * 184668 by hazexp, Remove unnecessary ';' * Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql(). * 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module * 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered. * 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in * Patch 168829 by Neil Drumm: fixed link in documentation. * 165924 by odious. Use accurate count query for user list. * 187601 by Bart Jansens. Use correct HTTP status codes for redirects. * 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected * 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
This release fixes a security vulnerability. Sites are urged to upgrade immediately. For more details, please see the security announcement: * SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release: * 178478 by scor: typo in text displyed when the DB is installed but not accessible * Patch 122759 by Robrecht: fixed broken query in upgrade path. * 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited * Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level. * 184668 by hazexp, Remove unnecessary ';' * Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql(). * 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module * 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered. * 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in * Patch 168829 by Neil Drumm: fixed link in documentation. * 165924 by odious. Use accurate count query for user list. * 187601 by Bart Jansens. Use correct HTTP status codes for redirects. * 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected * 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
Pullup ticket 2203 - requested by adrianp security update for drupal - pkgsrc/www/drupal/Makefile 1.24 - pkgsrc/www/drupal/distinfo 1.17 Module Name: pkgsrc Committed By: adrianp Date: Thu Oct 18 13:01:36 UTC 2007 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 5.3 Fix a number of security issues: SA-2007-024 - Drupal Core - HTTP response splitting SA-2007-025 - Drupal Core - Arbitrary code execution via installer. SA-2007-026 - Drupal Core - Cross site scripting via uploads SA-2007-029 - Drupal Core - User deletion cross site request forgery SA-2007-030 - Drupal Core - API handling of unpublished comment Bugs: Redirect to home page after user registration requiring admin approval. More correct wording since some modules will actually work despite warning. variable search_cron_limit was not removed on search uninstall Append to instead of overwrite #suffix. hide administration pages links on module help pages if there are no admin links for the module See http://drupal.org/node/184395 for all the details
Update to 5.3 Fix a number of security issues: SA-2007-024 - Drupal Core - HTTP response splitting SA-2007-025 - Drupal Core - Arbitrary code execution via installer. SA-2007-026 - Drupal Core - Cross site scripting via uploads SA-2007-029 - Drupal Core - User deletion cross site request forgery SA-2007-030 - Drupal Core - API handling of unpublished comment Bugs: Redirect to home page after user registration requiring admin approval. More correct wording since some modules will actually work despite warning. variable search_cron_limit was not removed on search uninstall Append to instead of overwrite #suffix. hide administration pages links on module help pages if there are no admin links for the module See http://drupal.org/node/184395 for all the details
Update to 5.2 Fix two security issues: http://drupal.org/node/162360 http://drupal.org/node/162361
Make it easier to build and install packages "unprivileged", where the owner of all installed files is a non-root user. This change affects most packages that require special users or groups by making them use the specified unprivileged user and group instead. (1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to unprivileged.mk. These two variables are lists of other bmake variables that define package-specific users and groups. Packages that have user-settable variables for users and groups, e.g. apache and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP}, etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER} and ${UNPRIVILEGED_GROUP}. (2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Don't forget to install robots.txt as well
Update to 5.1 Drupal 5.1, 2007-01-29 ---------------------- - fixed security issue (code execution), see SA-2007-005 - fixed a variety of small bugs. Drupal 5.0, 2007-01-15 ------------------------ - completely retooled the administration page * /admin now contains an administration page which may be themed * reorganised administration menu items by task and by module * added a status report page with detailed PHP/MySQL/Drupal information - added web-based installer which can: * check installation and run-time requirements * automatically generate the database configuration file * install pre-made 'install profiles' or distributions * import the database structure with automatic table prefixing * be localized - added new default Garland theme - added color module to change some themes' color schemes - included the jQuery JavaScript library 1.0.4 and converted all core JavaScript to use it - introduced the ability to alter mail sent from system - module system: * added .info files for module meta-data * added support for module dependencies * improved module installation screen * moved core modules to their own directories * added support for module uninstalling - added support for different cache backends - added support for a generic "sites/all" directory. - usability: * added support for auto-complete forms (AJAX) to user profiles. * made it possible to instantly assign roles to newly created user accounts. * improved configurability of the contact forms. * reorganized the settings pages. * made it easy to investigate popular search terms. * added a 'select all' checkbox and a range select feature to administration tables. * simplified the 'break' tag to split teasers from body. * use proper capitalization for titles, menu items and operations. - integrated urlfilter.module into filter.module - block system: * extended the block visibility settings with a role specific setting. * made it possible to customize all block titles. - poll module: * optionally allow people to inspect all votes. * optionally allow people to cancel their vote. - distributed authentication: * added default server option. - added default robots.txt to control crawlers. - database API: * added db_table_exists(). - blogapi module: * 'blogapi new' and 'blogapi edit' nodeapi operations. - user module: * added hook_profile_alter(). * e-mail verification is made optional. * added mass editing and filtering on admin/user/user. - PHP Template engine: * add the ability to look for a series of suggested templates. * look for page templates based upon the path. * look for block templates based upon the region, module, and delta. - content system: * made it easier for node access modules to work well with each other. * added configurable content types. * changed node rendering to work with structured arrays. - performance: * improved session handling: reduces database overhead. * improved access checking: reduces database overhead. * made it possible to do memcached based session management. * omit sidebars when serving a '404 - Page not found': saves CPU cycles and bandwidth. * added an 'aggressive' caching policy. * added a CSS aggregator and compressor (up to 40% faster page loads). - removed the archive module. - upgrade system: * created space for update branches. - forms API: * made it possible to programmatically submit forms. * improved api for multistep forms. - theme system: * split up and removed drupal.css. * added nested lists generation. * added a self-clearing block class.
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
Pullup ticket 2011 - requested by adrianp security update for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.18 - pkgsrc/www/drupal/distinfo 1.14 Module Name: pkgsrc Committed By: adrianp Date: Wed Jan 31 21:54:19 UTC 2007 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Drupal 4.7.6, 2007-01-29 ------------------------ - fixed security issue (code execution), see SA-2007-005
Drupal 4.7.6, 2007-01-29 ------------------------ - fixed security issue (code execution), see SA-2007-005
Pullup ticket 1979 - requested by adrianp security update for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.17 - pkgsrc/www/drupal/distinfo 1.13 Module Name: pkgsrc Committed By: adrianp Date: Sat Jan 6 15:40:54 UTC 2007 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 4.7.5 Only updates to address two new security issues: http://drupal.org/files/sa-2007-001/advisory.txt http://drupal.org/files/sa-2007-002/advisory.txt
Update to 4.7.5 Only updates to address two new security issues: http://drupal.org/files/sa-2007-001/advisory.txt http://drupal.org/files/sa-2007-002/advisory.txt
Pullup ticket 1874 - requested by adrianp security update for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.16 - pkgsrc/www/drupal/distinfo 1.12 Module Name: pkgsrc Committed By: adrianp Date: Fri Oct 20 22:19:54 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 4.7.4 Make pkglint happy * Fix problems reported using the bug tracking system * Fixes for three security issues: http://drupal.org/files/sa-2006-024/advisory.txt http://drupal.org/files/sa-2006-025/advisory.txt http://drupal.org/files/sa-2006-026/advisory.txt
Update to 4.7.4 Make pkglint happy * Fix problems reported using the bug tracking system * Fixes for three security issues: http://drupal.org/files/sa-2006-024/advisory.txt http://drupal.org/files/sa-2006-025/advisory.txt http://drupal.org/files/sa-2006-026/advisory.txt
Pullup ticket 1777 - requested by adrianp security update for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.15 - pkgsrc/www/drupal/distinfo 1.11 Module Name: pkgsrc Committed By: adrianp Date: Sat Aug 5 12:44:02 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 4.7.3 Only change appears to be a fix for an XSS bug
Update to 4.7.3 Only change appears to be a fix for an XSS bug
Pullup ticket 1749 - requested by adrianp functionality fix for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.14 - pkgsrc/www/drupal/files/drupal.conf 1.3 Module Name: pkgsrc Committed By: adrianp Date: Sun Jul 23 12:03:45 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile pkgsrc/www/drupal/files: drupal.conf Log Message: Add in an AllowOverride directive so that drupal access to a directory is controlled properly Fix by Takahiro Kambe in private mail. Bump to nb1.
Add in an AllowOverride directive so that drupal access to a directory is controlled properly Fix by Takahiro Kambe in private mail. Bump to nb1.
Pullup ticket 1685 - requested by adrianp security update for drupal Patch provided by the submitter. Updated to version 4.6.8. Drupal 4.6.8, 2006-06-01 ------------------------ - fixed critical upload issue, see SA-2006-007 - fixed taxonomy XSS issue, see SA-2006-008
Update to 4.7.2 - fixed critical upload issue, see SA-2006-007 - fixed taxonomy XSS issue, see SA-2006-008 - fixed a variety of small bugs.
Rename all PHP 4 packages to php4-*, all PHP 5 packages to php5-*, all PEAR packages to php?-pear-* and all Apache packages to ap13-* or ap2-* respectively. Add new variables to simplify the Makefile handling. Add CONFLICTS on the old names. Reset revisions of bumped packages. ap-php will now depend on the default Apache and PHP version. All programs using it have an implicit option of the Apache version as well. OK from jlam@ and adrianp@.
Pullup ticket 1672 - requested by adrianp security update for drupal Revisions pulled up: - pkgsrc/www/drupal/Makefile 1.8, 1.9, 1.10 - pkgsrc/www/drupal/distinfo 1.8 - pkgsrc/www/drupal/PLIST 1.2, 1.3 Module Name: pkgsrc Committed By: adrianp Date: Fri May 26 16:56:19 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Drupal 4.6.7, 2006-05-24 ------------------------ - fixed critical SQL issue, see SA-2006-005 --- Module Name: pkgsrc Committed By: adrianp Date: Fri May 26 17:14:35 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile PLIST Log Message: Add missing .htaccess file. Thanks to taca@ for spotting this. Fix pkglint warnings --- Module Name: pkgsrc Committed By: adrianp Date: Sat May 27 15:52:54 UTC 2006 Modified Files: pkgsrc/www/drupal: Makefile PLIST Log Message: Fix an issue with binary packages pointed out by salo@ Bump PKGREVISION
Update to the 4.7.x branch of drupal For a full list of changes see: http://drupal.org/drupal-4.7.0 In short: - Updated Documentation for All Modules - Auto-complete Fields(AJAX) - Added Mass Comment Operations - Easier to Make Menu Items - RSS Feed Settings - Better Search Index - New Forms API
Fix an issue with binary packages pointed out by salo@ Bump PKGREVISION
Add missing .htaccess file. Thanks to taca@ for spotting this. Fix pkglint warnings
Drupal 4.6.7, 2006-05-24 ------------------------ - fixed critical SQL issue, see SA-2006-005
USE_PKGINSTALL isn't needed here to make these packagse use the pkginstall framework. In the case of libtool-base, avoid using FILES_SUBST_SED where it isn't needed.
Update to 4.6.6 fixed bugs, including 4 security vulnerabilities. 1. http://drupal.org/sa-2006-001/advisory.txt 2. http://drupal.org/sa-2006-002/advisory.txt 3. http://drupal.org/sa-2006-003/advisory.txt 4. http://drupal.org/sa-2006-004/advisory.txt For further details see: http://drupal.org/project/cvs/3060/?branch=DRUPAL-4-6
Recursive revision bump / recommended bump for gettext ABI change.
Bump BUILDLINK_RECOMMENDED of textproc/expat to 2.0.0 because of the shlib major bump. PKGREVISION++ for the dependencies.
Bump PKGREVISION due to mysql.buildlink3.mk changes (default mysql pkg has been changed to 5.x). Reminded by wiz... thanks.
drupal.org seem to be repacking the tarball nightly which is causing the checksums to change. Update to the latest checksum and bump to nb1.
Initial import of Drupal v4.6.5. Drupal is software that allows an individual or a community of users to easily publish, manage and organize a great variety of content on a website. Tens of thousands of people and organizations have used Drupal to set up scores of different kinds of web sites, including * community web portals and discussion sites * corporate web sites/intranet portals * personal web sites * aficionado sites * e-commerce applications * resource directories Drupal includes features to enable: * content management systems * blogs * collaborative authoring environments * forums * newsletters * picture galleries * file uploads and download
Initial revision