The NetBSD Project

CVS log for pkgsrc/www/drupal6/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / drupal6

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.57, Mon Mar 14 15:09:24 2016 UTC (3 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.56: +1 -1 lines
FILE REMOVED

Remove drupal6, it has been EOL.

Revision 1.55.2.1 / (download) - annotate - [select for diffs], Sun Feb 28 11:23:45 2016 UTC (3 years, 2 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored) next main 1.56 (colored)

Pullup ticket #4937 - requested by taca
www/drupal6: security fix

Revisions pulled up:
- www/drupal6/Makefile                                          1.56
- www/drupal6/distinfo                                          1.38

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Feb 25 15:13:55 UTC 2016

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.38, security release and last Drupal 6 release.

   Drupal 6.38, 2016-02-24 - Final release
   ---------------------------------------
   - Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-001.
   - Previously unreleased documentation fixes.

Revision 1.56 / (download) - annotate - [select for diffs], Thu Feb 25 15:13:55 2016 UTC (3 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)

Update drupal6 to 6.38, security release and last Drupal 6 release.

Drupal 6.38, 2016-02-24 - Final release
---------------------------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-001.
- Previously unreleased documentation fixes.

Revision 1.55 / (download) - annotate - [select for diffs], Sun Dec 13 14:41:32 2015 UTC (3 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)

Prefix PKGNAME with ${PHP_PKG_PREFIX}.

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Thu Sep 3 19:17:22 2015 UTC (3 years, 8 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored) next main 1.54 (colored)

Pullup ticket #4805 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.54
- www/drupal6/distinfo                                          1.36

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Aug 20 15:33:33 UTC 2015

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 package to 6.37 (Drupal 6.37).

   Drupal 6.37, 2015-08-19
   -----------------------
   - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.

Revision 1.54 / (download) - annotate - [select for diffs], Thu Aug 20 15:33:33 2015 UTC (3 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)

Update drupal6 package to 6.37 (Drupal 6.37).

Drupal 6.37, 2015-08-19
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.

Revision 1.53 / (download) - annotate - [select for diffs], Thu Jun 18 11:42:45 2015 UTC (3 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.52: +2 -3 lines
Diff to previous 1.52 (colored)

Update drupal6 to 6.36 (Drupal 6.36).

Drupal 6.36, 2015-06-17
-----------------------
- Fixed security issues (OpenID impersonation). See SA-CORE-2015-002.

Revision 1.52 / (download) - annotate - [select for diffs], Fri Jun 12 10:51:49 2015 UTC (3 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)

Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.

Revision 1.50.2.1 / (download) - annotate - [select for diffs], Wed Apr 1 12:47:41 2015 UTC (4 years, 1 month ago) by hiramatsu
Branch: pkgsrc-2014Q4
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored) next main 1.51 (colored)

Pullup ticket #4644 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                     1.51
- www/drupal6/distinfo                                     1.34

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Thu Mar 19 15:35:56 UTC 2015

   Modified Files:
           pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.35 (Drupal 6.35), security fix release.

   Drupal 6.35, 2015-03-18
   ----------------------
   - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.

Revision 1.51 / (download) - annotate - [select for diffs], Thu Mar 19 15:35:56 2015 UTC (4 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)

Update drupal6 to 6.35 (Drupal 6.35), security fix release.

Drupal 6.35, 2015-03-18
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.

Revision 1.49.2.1 / (download) - annotate - [select for diffs], Tue Nov 25 12:06:39 2014 UTC (4 years, 6 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored) next main 1.50 (colored)

Pullup ticket #4555 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.50
- www/drupal6/distinfo                                          1.33

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Nov 23 16:38:59 UTC 2014

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.34.

   Drupal 6.34, 2014-11-19
   ----------------------
   - Fixed security issues (session hijacking). See SA-CORE-2014-006.

Revision 1.50 / (download) - annotate - [select for diffs], Sun Nov 23 16:38:59 2014 UTC (4 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)

Update drupal6 to 6.34.

Drupal 6.34, 2014-11-19
----------------------
- Fixed security issues (session hijacking). See SA-CORE-2014-006.

Revision 1.47.2.2 / (download) - annotate - [select for diffs], Tue Aug 19 09:22:28 2014 UTC (4 years, 9 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.47.2.1: +1 -1 lines
Diff to previous 1.47.2.1 (colored) to branchpoint 1.47 (colored) next main 1.48 (colored)

Pullup ticket #4477 - requested by taca
www/drupal6; security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.49
- www/drupal6/distinfo                                          1.32

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Aug  8 15:54:21 UTC 2014

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.33.

   Drupal 6.33, 2014-08-06
   ----------------------
   - Fixed security issues (denial of service). See SA-CORE-2014-004.

Revision 1.49 / (download) - annotate - [select for diffs], Fri Aug 8 15:54:21 2014 UTC (4 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

Update drupal6 to 6.33.

Drupal 6.33, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.

Revision 1.47.2.1 / (download) - annotate - [select for diffs], Thu Jul 17 19:22:52 2014 UTC (4 years, 10 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.47: +2 -3 lines
Diff to previous 1.47 (colored)

Pullup ticket #4457 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.48
- www/drupal6/distinfo                                          1.31

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jul 17 03:57:57 UTC 2014

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.32, security fix release.

   Drupal 6.32, 2014-07-16
   ----------------------
   - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.

Revision 1.48 / (download) - annotate - [select for diffs], Thu Jul 17 03:57:57 2014 UTC (4 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.47: +2 -3 lines
Diff to previous 1.47 (colored)

Update drupal6 to 6.32, security fix release.

Drupal 6.32, 2014-07-16
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.

Revision 1.47 / (download) - annotate - [select for diffs], Thu May 29 23:37:57 2014 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base
Branch point for: pkgsrc-2014Q2
Changes since 1.46: +2 -1 lines
Diff to previous 1.46 (colored)

Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.

Revision 1.45.2.1 / (download) - annotate - [select for diffs], Tue Apr 29 08:39:42 2014 UTC (5 years ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored) next main 1.46 (colored)

Pullup ticket #4390 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.46
- www/drupal6/distinfo                                          1.30

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr 26 09:29:03 UTC 2014

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.31.

   Drupal 6.31, 2014-04-16
   ----------------------
   - Fixed security issues (information disclosure). See SA-CORE-2014-002.

Revision 1.46 / (download) - annotate - [select for diffs], Sat Apr 26 09:29:03 2014 UTC (5 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

Update drupal6 to 6.31.

Drupal 6.31, 2014-04-16
----------------------
- Fixed security issues (information disclosure). See SA-CORE-2014-002.

Revision 1.44.2.1 / (download) - annotate - [select for diffs], Tue Feb 4 21:33:04 2014 UTC (5 years, 3 months ago) by tron
Branch: pkgsrc-2013Q4
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored) next main 1.45 (colored)

Pullup ticket #4310 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.45
- www/drupal6/distinfo                                          1.29

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 16 15:54:32 UTC 2014

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.30.

   Drupal 6.30, 2014-01-15
   ----------------------
   - Fixed security issues (multiple vulnerabilities), see SA-CORE-2014-001.

Revision 1.45 / (download) - annotate - [select for diffs], Thu Jan 16 15:54:32 2014 UTC (5 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)

Update drupal6 to 6.30.

Drupal 6.30, 2014-01-15
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2014-001.

Revision 1.43.4.1 / (download) - annotate - [select for diffs], Tue Nov 26 18:53:36 2013 UTC (5 years, 6 months ago) by tron
Branch: pkgsrc-2013Q3
Changes since 1.43: +3 -4 lines
Diff to previous 1.43 (colored) next main 1.44 (colored)

Pullup ticket #4257 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.44
- www/drupal6/distinfo                                          1.28

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov 21 15:13:09 UTC 2013

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 to 6.29 (Drupal 6.29).

   Drupal 6.29, 2013-11-20
   ----------------------
   - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.

Revision 1.44 / (download) - annotate - [select for diffs], Thu Nov 21 15:13:09 2013 UTC (5 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.43: +3 -4 lines
Diff to previous 1.43 (colored)

Update drupal6 to 6.29 (Drupal 6.29).

Drupal 6.29, 2013-11-20
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.

Revision 1.43 / (download) - annotate - [select for diffs], Fri May 31 12:42:32 2013 UTC (5 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q2-base, pkgsrc-2013Q2
Branch point for: pkgsrc-2013Q3
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.

Revision 1.42 / (download) - annotate - [select for diffs], Sat Mar 16 07:21:24 2013 UTC (6 years, 2 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.41: +2 -1 lines
Diff to previous 1.41 (colored)

Bump PKGREVISION from default PHP version change to 5.4.

Revision 1.40.2.1 / (download) - annotate - [select for diffs], Fri Jan 18 16:28:02 2013 UTC (6 years, 4 months ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)

Pullup ticket #4027 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.41
- www/drupal6/distinfo                                          1.27

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Jan 17 03:38:46 UTC 2013

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 package to 6.28.

   Drupal 6.28, 2013-01-16
   ----------------------
   - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-001.

Revision 1.41 / (download) - annotate - [select for diffs], Thu Jan 17 03:38:46 2013 UTC (6 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

Update drupal6 package to 6.28.

Drupal 6.28, 2013-01-16
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-001.

Revision 1.37.4.1 / (download) - annotate - [select for diffs], Fri Dec 21 11:01:33 2012 UTC (6 years, 5 months ago) by tron
Branch: pkgsrc-2012Q3
Changes since 1.37: +5 -4 lines
Diff to previous 1.37 (colored) next main 1.38 (colored)

Pullup ticket #3998 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.38-1.40
- www/drupal6/distinfo                                          1.26
- www/drupal6/patches/patch-includes_path.inc                   1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  3 21:59:10 UTC 2012

   Modified Files:
   	pkgsrc/www/drupal6: Makefile

   Log Message:
   Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Dec 20 12:47:35 UTC 2012

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo
   Added Files:
   	pkgsrc/www/drupal6/patches: patch-includes_path.inc

   Log Message:
   Update drupal6 to 6.27 fixed security problem.

   * Add a possible fix of SA4931, too.

   Drupal 6.27, 2012-12-19
   ----------------------
   - Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004.

Revision 1.40 / (download) - annotate - [select for diffs], Thu Dec 20 12:47:35 2012 UTC (6 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.39: +5 -3 lines
Diff to previous 1.39 (colored)

Update drupal6 to 6.27 fixed security problem.

* Add a possible fix of SA4931, too.

Drupal 6.27, 2012-12-19
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004.

Revision 1.39 / (download) - annotate - [select for diffs], Sun Oct 28 06:30:14 2012 UTC (6 years, 6 months ago) by asau
Branch: MAIN
Changes since 1.38: +1 -3 lines
Diff to previous 1.38 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.38 / (download) - annotate - [select for diffs], Wed Oct 3 21:58:29 2012 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.37: +2 -1 lines
Diff to previous 1.37 (colored)

Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.

Revision 1.37 / (download) - annotate - [select for diffs], Mon Jun 25 09:00:26 2012 UTC (6 years, 11 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Branch point for: pkgsrc-2012Q3
Changes since 1.36: +4 -1 lines
Diff to previous 1.36 (colored)

Add missing INSTALLATION_DIRS.

Revision 1.36 / (download) - annotate - [select for diffs], Sat Jun 16 03:04:23 2012 UTC (6 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.35: +2 -6 lines
Diff to previous 1.35 (colored)

Don't use "5" in PKG_PHP_VERSION.

Revision 1.35 / (download) - annotate - [select for diffs], Thu May 3 07:02:12 2012 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.34: +2 -3 lines
Diff to previous 1.34 (colored)

Update drupal6 package to 6.26.


Drupal 6.26, 2012-05-02
----------------------
- Fixed a small number of bugs.
- Made code documentation improvements.

Revision 1.34 / (download) - annotate - [select for diffs], Wed Mar 14 03:33:51 2012 UTC (7 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.33: +3 -2 lines
Diff to previous 1.33 (colored)

Fix SUBST_SED.conf macro assignment as PR pkg/46187 by Noud de Brouwer.

Bump PKGREVISION.

Revision 1.33 / (download) - annotate - [select for diffs], Fri Mar 2 14:21:46 2012 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)

Update drupal6 package to 6.25.


Drupal 6.25, 2012-02-29
----------------------
- Fixed regressions introduced in Drupal 6.24 only.

Revision 1.32 / (download) - annotate - [select for diffs], Sun Feb 19 16:30:17 2012 UTC (7 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

Update drupal6 package to 6.24.

Drupal 6.24, 2012-02-01
----------------------
- Improved performance of search indexing and user operations by adding indexes.
- Fixed issues with themes getting disabled due to missing locking in
  system_theme_data().
- Fix issue with blocks being disabled on updates in _block_rehash().
- Further improvements to PHP 5.3, PHP 4 and PostgreSQL compatibility.
- Improved code documentation at various places.
- Fixed a variety of other bugs.

Revision 1.29.4.1 / (download) - annotate - [select for diffs], Thu Feb 2 19:32:18 2012 UTC (7 years, 3 months ago) by tron
Branch: pkgsrc-2011Q4
Changes since 1.29: +2 -5 lines
Diff to previous 1.29 (colored) next main 1.30 (colored)

Pullup ticket #3667 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal/Makefile                                           1.49
- www/drupal6/Makefile                                          1.30-1.31
- www/drupal6/distinfo                                          1.22
- www/drupal7/Makefile                                          1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jan 29 22:27:27 UTC 2012

   Modified Files:
   	pkgsrc/www/drupal: Makefile
   	pkgsrc/www/drupal6: Makefile
   	pkgsrc/www/drupal7: Makefile

   Log Message:
   Remove CONFLICTS since these pacakges have the same PKGBASE.

   Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  1 23:54:40 UTC 2012

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 package to 6.23.

   Drupal 6.23, 2012-02-01
   ----------------------
   - Fixed security issues (Cross site scripting), see SA-CORE-2012-001.

Revision 1.31 / (download) - annotate - [select for diffs], Wed Feb 1 23:54:40 2012 UTC (7 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.30: +2 -3 lines
Diff to previous 1.30 (colored)

Update drupal6 package to 6.23.

Drupal 6.23, 2012-02-01
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2012-001.

Revision 1.30 / (download) - annotate - [select for diffs], Sun Jan 29 22:27:27 2012 UTC (7 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.29: +2 -4 lines
Diff to previous 1.29 (colored)

Remove CONFLICTS since these pacakges have the same PKGBASE.

Bump PKGREVISION of www/drupal and www/drupal6 to reflect this change.

Revision 1.29 / (download) - annotate - [select for diffs], Fri Sep 16 05:46:26 2011 UTC (7 years, 8 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Branch point for: pkgsrc-2011Q4
Changes since 1.28: +2 -1 lines
Diff to previous 1.28 (colored)

Bump PKGREVISION from PHP_VERSION_DEFAULT changes.

Revision 1.26.4.1 / (download) - annotate - [select for diffs], Sat May 28 17:51:46 2011 UTC (8 years ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored) next main 1.27 (colored)

Pullup ticket #3442 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile                                          1.27
- www/drupal6/distinfo                                          1.20

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat May 28 11:45:51 UTC 2011

   Modified Files:
   	pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 pacakge to 6.21.

   Drupal 6.21, 2011-05-25
   ----------------------
   - Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
     http://drupal.org/node/1168756

Revision 1.28 / (download) - annotate - [select for diffs], Sat May 28 11:53:55 2011 UTC (8 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

Update drupal6 pacakge to 6.22.

Drupal 6.22, 2011-05-25
----------------------
- Made Drupal 6 work better with IIS and Internet Explorer.
- Fixed .po file imports to work better with custom textgroups.
- Improved code documentation at various places.
- Fixed a variety of other bugs.

Revision 1.27 / (download) - annotate - [select for diffs], Sat May 28 11:45:51 2011 UTC (8 years ago) by taca
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

Update drupal6 pacakge to 6.21.

Drupal 6.21, 2011-05-25
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
  http://drupal.org/node/1168756

Revision 1.26 / (download) - annotate - [select for diffs], Fri Dec 17 00:04:00 2010 UTC (8 years, 5 months ago) by rhaen
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2010Q4-base, pkgsrc-2010Q4
Branch point for: pkgsrc-2011Q1
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

- updated package to 6.20
- update patch provided by V.Seifert

ChangeLog:

- #494462 by z.stolar: modify robots.txt to give search engine crawlers
  permission to index content in /sites/*, such as images uploaded to the
  site #481142 by JohnAlbin, sociotech: theme settings forms were not
  inherited by sub-themes
- #764548 by Dave Reid, sun: backport hiding of hidden modules on the
  modules page, so if projects include hidden modules for testing, those
  will not confuse users #687674 by jefnguo, rdrh555: fix minor code
  documentation typo in menu.inc
- #881540 by bjaspan: make syslog identity configurable on the user
  interface (instead of hardwired to 'drupal') #280930 by pillarsdotnet,
  oadaeh, David_Rothstein: fall back on an empty array if hook_schema is
  not defined for a module
- #956320: clean up documentation for menu_set_active_trail #903016 by
  daniels220: path argument was not documented on the arg() function
- #618280 by daniels220: minor fix to drupal_add_css() documentation to
  have correct path example #926440 by daniels220: document search_form()
  return value properly
- #716348 by grendzy, hefox: document that drupal_get_path(),
  drupal_load() and drupal_get_filename() can be used with 'profile' as
  well #767408 by hunmonk: copy semaphore site creation to
  update_fix_d6_requirements() to solve issues upgrading from any version
  of Drupal 5
- #948520 by jhodgdon, mvc: fix formatting in Schema API documentation
  lists #931304 by subnet_rx, webkenny: backport support for newly popular
  tel: protocol in filter_xss_bad_protocols()
- #937508 by amateescu: document the return value of arg() better #505730
  by alexanderpas, jhodgdon: document return value of
  valid_email_address() better
- #930784 by Jay Matwichuk, daniels220: fix argument name in code
  documentation for db_add_field() #225950 by mgriego, daniels220,
  jhodgdon: improve documentation on theme_image()
- #698248 by andypost: fix notice in cache.inc when $user->cache is not
  defined #872374 by sender: user_load() can take a uid not just an array;
  document that properly
- #942718 by joachim: document where drupal_get_form() arguments end up in
  form arrays #895858 by dstol: fix documentation of possible $item values
  in menu_link_save()
- #379348 by dstol: refine documentation on node_submit() #403034 by
  Andreas Wolf, roderik: node_assign_owner_action() should use
  node_get_types('name', ...) to get the name of the node type
- #829968 by AlexisWilke, andypost: fix drupal_lookup_path() to always
  return FALSE if the source was not found, not just for the 2nd call
  onwards #245990 by David_Rothstein, Pedro Lozano, andypost: do not
  follow any redirections in system_check_http_request() since we only
  need data on whether HTTP requests worked at all
- #366768 by druppi, hass, plach, GiorgosK: do not link to unpublished
  translation nodes, even if user would have access to them (once
  published) #764234 by yan_nick, Zoltan Balogh and myself: backport width
  of user filter labels in admin forms; better fit for some translations
- #971400 by myself, pp: backport change of language source URLs from
  Drupal 7 #809616 by catch, hswong3i: fix notice in menu rebuild
- #973242 by pp: log type name not properly translated in dblog.module
- #147000 by pwolanin, mikeytown2, et. al.: avoid multiple, parallel
  rebuildings of module and theme data
- #969252 by Dave Reid: save hook_help implementation in upload.module for
  admin/settings/uploads #993834 by adamgerbert, nenne: fix documentation
  of return value in do_search
- #991944 by Jacine: theme_locale_admin_manage_screen() doesn't exist
- #841134 by daniels220, jhodgdon: file_save_upload() documentation
  corrections
- #287647 by bjaspan, lilou, mikejoconnor, cafuego, Déja: cast invalid
  hook_schema() results into arrays at all times #917670 by mr.baileys,
  rdrh555: fix documentation for drupal_alter()
- #357785 by arnoldc, gravalsyr, miro_dietiker, plach: retain the tnid
  value for new nodes saved, so the node object reflects the database
- #422218 by salvis, jeremiah.snapp: fix a case in forum module where non
  forum tids might get picked as the forum topic tid
- #488166 by EmanueleQuinto, Damien Tournoud, jhodgdon: search relevance
  calculation fails if last_comment_timestamp is NULL #881132 by HLopes,
  Garrett Albright: CSS files with non-UTF-8 characters broke CSS
  optimization
- #772678 by sun, jpmckinney, Berdir, markus_petrux: no way to specify
  default collation, entirely depended on database configuration (which
  might be inappropriate) #212130 by salvis, boydjd, Steven, grendzy,
  Damien Tournoud: more complete support for unicode entities, to account
  for previously missing entities in decode_entities()
- #307636 by zbricoleur, sreynen, quicksketch: fix file identification bug
  with image file processing on Microsoft IIS Roll back #147000, prevented
  Drupal from being installed.
- #986682 by pkiraly: improve code documentation for db_table_exists() and
  db_column_exists()

Revision 1.25 / (download) - annotate - [select for diffs], Tue Nov 9 05:47:02 2010 UTC (8 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.24: +2 -3 lines
Diff to previous 1.24 (colored)

Update drupal6 package to 6.19.

Drupal 6.19, 2010-08-11
----------------------
- Fixed a variety of small bugs, improved code documentation.

Should be fix PR pkg/44064.

Revision 1.24 / (download) - annotate - [select for diffs], Wed Oct 6 07:52:47 2010 UTC (8 years, 7 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.23: +8 -5 lines
Diff to previous 1.23 (colored)

Change exactly dependency on php for
* PKG_PHP_VERSION=5, not accept lang/php53 package.
* PKG_PHP_VERSION=53, not try to install lang/php5

Revision 1.23 / (download) - annotate - [select for diffs], Thu Sep 30 08:20:24 2010 UTC (8 years, 7 months ago) by obache
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)

No need to buildlink with database libraries.

Bump PKGREVISION to relax dependency on database libraries.

Revision 1.21.2.1 / (download) - annotate - [select for diffs], Thu Aug 12 12:53:45 2010 UTC (8 years, 9 months ago) by tron
Branch: pkgsrc-2010Q2
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)

Pullup ticket #3205 - requested by taca
www/drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile			1.22
- www/drupal6/distinfo			1.17
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Wed Aug 11 21:56:28 UTC 2010

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update drupal6 package to 6.18.

Drupal 6.18, 2010-08-11
----------------------
- Fixed security issues (OpenID authentication bypass, File download access
  bypass, Comment unpublishing bypass, Actions cross site scripting),
  see SA-CORE-2010-002.

Revision 1.22 / (download) - annotate - [select for diffs], Wed Aug 11 21:56:28 2010 UTC (8 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

Update drupal6 package to 6.18.


Drupal 6.18, 2010-08-11
----------------------
- Fixed security issues (OpenID authentication bypass, File download access
  bypass, Comment unpublishing bypass, Actions cross site scripting),
  see SA-CORE-2010-002.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Jun 3 15:42:53 2010 UTC (8 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base
Branch point for: pkgsrc-2010Q2
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Update www/drupal from 6.16 to 6.17.

Drupal 6.17, 2010-06-02
----------------------
- Improved PostgreSQL compatibility
- Better PHP 5.3 and PHP 4 compatibility
- Better browser compatibility of CSS and JS aggregation
- Improved logging for login failures
- Fixed an incompatibility with some contributed modules and the locking system
- Fixed a variety of other bugs.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Mar 15 16:48:53 2010 UTC (9 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.19: +2 -5 lines
Diff to previous 1.19 (colored)

Remove the case of PKG_PHP_VERSION is 4.

No functional change.

Revision 1.18.2.1 / (download) - annotate - [select for diffs], Fri Mar 5 10:52:15 2010 UTC (9 years, 2 months ago) by tron
Branch: pkgsrc-2009Q4
Changes since 1.18: +2 -6 lines
Diff to previous 1.18 (colored) next main 1.19 (colored)

Pullup ticket #3038 - requested by taca
drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile				1.19
- www/drupal6/PLIST				1.6
- www/drupal6/distinfo				1.15
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Mar  4 01:29:58 UTC 2010

Modified Files:
	pkgsrc/www/drupal6: Makefile PLIST distinfo

Log Message:
Update drupal6 package to 6.16.

Drupal 6.16, 2010-03-03
----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
  Locale module cross site scripting, Blocked user session regeneration),
  see SA-CORE-2010-001.
- Better support for updated jQuery versions.
- Reduced resource usage of update.module.
- Fixed several issues relating to support of install profiles and
  distributions.
- Added a locking framework to avoid data corruption on long operations.
- Fixed a variety of other bugs.

Revision 1.19 / (download) - annotate - [select for diffs], Thu Mar 4 01:29:58 2010 UTC (9 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.18: +2 -6 lines
Diff to previous 1.18 (colored)

Update drupal6 package to 6.16.

Drupal 6.16, 2010-03-03
----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
  Locale module cross site scripting, Blocked user session regeneration),
  see SA-CORE-2010-001.
- Better support for updated jQuery versions.
- Reduced resource usage of update.module.
- Fixed several issues relating to support of install profiles and
  distributions.
- Added a locking framework to avoid data corruption on long operations.
- Fixed a variety of other bugs.

Revision 1.17.2.1 / (download) - annotate - [select for diffs], Sat Dec 19 21:26:46 2009 UTC (9 years, 5 months ago) by spz
Branch: pkgsrc-2009Q3
Changes since 1.17: +35 -41 lines
Diff to previous 1.17 (colored) next main 1.18 (colored)

Pullup ticket 2951 - requested by taca
security update

Revisions pulled up:
- pkgsrc/www/drupal6/Makefile		1.18
- pkgsrc/www/drupal6/PLIST		1.5
- pkgsrc/www/drupal6/distinfo		1.14
- pkgsrc/www/drupal6/files/drupal.conf	1.3

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sat Dec 19 09:29:23 UTC 2009

   Modified Files:
           pkgsrc/www/drupal6: Makefile PLIST distinfo
           pkgsrc/www/drupal6/files: drupal.conf

   Log Message:
   Update www/drupal6 package to 6.15, fixing security problem.

   Drupal 6.15, 2009-12-16
   ----------------------
   - Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
   - Fixed a variety of other bugs.

   other pkgsrc changes:

   * Add PKG_DESTDIR_SUPPORT spport.
   * Use REPLACE_INTERPRETER.
   * Change default.settings.php handling to fix PR pkg/42355.


   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/www/drupal6/Makefile
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal6/PLIST
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/drupal6/distinfo
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal6/files/drupal.conf

Revision 1.18 / (download) - annotate - [select for diffs], Sat Dec 19 09:29:22 2009 UTC (9 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base
Branch point for: pkgsrc-2009Q4
Changes since 1.17: +35 -41 lines
Diff to previous 1.17 (colored)

Update www/drupal6 package to 6.15, fixing security problem.

Drupal 6.15, 2009-12-16
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
- Fixed a variety of other bugs.


other pkgsrc changes:

* Add PKG_DESTDIR_SUPPORT spport.
* Use REPLACE_INTERPRETER.
* Change default.settings.php handling to fix PR pkg/42355.

Revision 1.15.2.2 / (download) - annotate - [select for diffs], Fri Oct 2 09:58:32 2009 UTC (9 years, 7 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.15.2.1: +2 -1 lines
Diff to previous 1.15.2.1 (colored) to branchpoint 1.15 (colored) next main 1.16 (colored)

Pullup ticket #2905 - requested by taca
drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile			1.17
- www/drupal6/distinfo			1.13
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Tue Sep 29 13:41:00 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update www/drupal6 package to fix security problem.
pkgsrc change: add LICENSE.

Drupal 6.14, 2009-09-16
----------------------
- Fixed security issues (OpenID association cross site request forgeries,
  OpenID impersonation and File upload), see SA-CORE-2009-008.
- Changed the system modules page to not run all cache rebuilds; use the
  button on the performance settings page to achieve the same effect.
- Added support for PHP 5.3.0 out of the box.
- Fixed a variety of small bugs.

Revision 1.17 / (download) - annotate - [select for diffs], Tue Sep 29 13:41:00 2009 UTC (9 years, 7 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)

Update www/drupal6 package to fix security problem.
pkgsrc change: add LICENSE.


Drupal 6.14, 2009-09-16
----------------------
- Fixed security issues (OpenID association cross site request forgeries,
  OpenID impersonation and File upload), see SA-CORE-2009-008.
- Changed the system modules page to not run all cache rebuilds; use the
  button on the performance settings page to achieve the same effect.
- Added support for PHP 5.3.0 out of the box.
- Fixed a variety of small bugs.

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Fri Jul 17 13:35:28 2009 UTC (9 years, 10 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)

Pullup ticket #2817 - requested by adrianp
drupal6: security update

Revisions pulled up:
- www/drupal6/Makefile			1.16
- www/drupal6/distinfo			1.12
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu Jul 16 18:11:53 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.12 release:

    * - Patch #463450 by wulff: fixed documentation glitch.
    * #193577 by Rob Loach, Damien Tournoud, andypost: JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
    * #454992 by sun, bengtan: _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
    * #452704 by andypost, catch: Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.
    * #468732 by andypost: cache_clear_all() mentioned cache_flush_delay incorrectly; it should say we use cache_lifetime
    * #460420 by wulff, andypost: drupal_set_title() in forum_overview() is not needed; menu already sets the title and is localized
    * #398902 by Nick Urban, alexanderpas, kscheirer: password equality checking was not using strict type checking; we should assume these are strings and compared character to character
    * #479216 by jhedstrom: fix grammar in forum module messages
    * #445748 by Dave Reid, dww: Fix module support for disabled module update status checking and do not track usage in that case.
    * #465190 by Heine: The Anonymous name is a plain text setting, so it should be escaped properly for output.
    * #246096 by Sutharsan, Pedro Lozano, mr.baileys, andypost: Actions set to run on cron were not actually triggered.
    * #226479 by gpk, BrianV, catch: We should always show the node access rebuild button. The check on when to show it was fragile, so the button might not have been there when actually needed.
    * #482646 by Dave Reid: For proper HTTP query simpletesting, we should pass on the instance identifier (database prefix).
    * #197266 by ufku, lilou, Dave Reid, c960657, drewish: Save a query by only calling file_space_used() when a limit is provided.
    * #408876 by Pasqualle, JamesAn: The 'serialize' Schema API property was used but not documented.
    * #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
    * #373225 by jpulles, Josh Waihi: When changing columns, PostgreSQL needs explicit type casting to ensure that values are kept properly.
    * #236657 by hctom, swentel: In system_clear_cache_submit(), the function arguments were swapped (but it did not affect how it actually worked).
    * #243253 by Benjamin Melan=C3=A7on, dww: Update status should not attempt to request update data until a limit is reached. Fixed Drupal instances when drupal.org is down and gets less load on Drupal.org if data is not found.
    * #339466 by patryk, c960657, alexanderpas: Remove url() wrapping from remote links and link in a more user friendly OpenID provider list.
    * #461938 by grendzy, JamesAn: Use filter_xss_admin() on site name and site slogan, just like footer message and mission
    * #455172 by budda, RoboPhred, andypost: Fix drupal_mail() documentation, so that it encourages to set the body of the email as an array (like core does).
    * #329797 by berenddeboer, redndahead, danielb: The tablesort code did not account for possibly nested tables; only match immediate descendats, so elements of nested tables are not matched.
    * #352121 by valthebald, Damien Tournoud, mr.baileys: The safe string check on translations should only be applied to the default textgroup. Strings in other textgroups such as blocks and menu items are displayed via escaping and filtering, and might contain arbitrary HTML.

Revision 1.16 / (download) - annotate - [select for diffs], Thu Jul 16 18:11:53 2009 UTC (9 years, 10 months ago) by adrianp
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.12 release:

    * - Patch #463450 by wulff: fixed documentation glitch.
    * #193577 by Rob Loach, Damien Tournoud, andypost: JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
    * #454992 by sun, bengtan: _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
    * #452704 by andypost, catch: Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.
    * #468732 by andypost: cache_clear_all() mentioned cache_flush_delay incorrectly; it should say we use cache_lifetime
    * #460420 by wulff, andypost: drupal_set_title() in forum_overview() is not needed; menu already sets the title and is localized
    * #398902 by Nick Urban, alexanderpas, kscheirer: password equality checking was not using strict type checking; we should assume these are strings and compared character to character
    * #479216 by jhedstrom: fix grammar in forum module messages
    * #445748 by Dave Reid, dww: Fix module support for disabled module update status checking and do not track usage in that case.
    * #465190 by Heine: The Anonymous name is a plain text setting, so it should be escaped properly for output.
    * #246096 by Sutharsan, Pedro Lozano, mr.baileys, andypost: Actions set to run on cron were not actually triggered.
    * #226479 by gpk, BrianV, catch: We should always show the node access rebuild button. The check on when to show it was fragile, so the button might not have been there when actually needed.
    * #482646 by Dave Reid: For proper HTTP query simpletesting, we should pass on the instance identifier (database prefix).
    * #197266 by ufku, lilou, Dave Reid, c960657, drewish: Save a query by only calling file_space_used() when a limit is provided.
    * #408876 by Pasqualle, JamesAn: The 'serialize' Schema API property was used but not documented.
    * #145733 by kepten, brianV: The session.use_cookies PHP setting is required by Drupal, but it can be turned off, so try to ensure it is turned on at all times.
    * #373225 by jpulles, Josh Waihi: When changing columns, PostgreSQL needs explicit type casting to ensure that values are kept properly.
    * #236657 by hctom, swentel: In system_clear_cache_submit(), the function arguments were swapped (but it did not affect how it actually worked).
    * #243253 by Benjamin Melançon, dww: Update status should not attempt to request update data until a limit is reached. Fixed Drupal instances when drupal.org is down and gets less load on Drupal.org if data is not found.
    * #339466 by patryk, c960657, alexanderpas: Remove url() wrapping from remote links and link in a more user friendly OpenID provider list.
    * #461938 by grendzy, JamesAn: Use filter_xss_admin() on site name and site slogan, just like footer message and mission
    * #455172 by budda, RoboPhred, andypost: Fix drupal_mail() documentation, so that it encourages to set the body of the email as an array (like core does).
    * #329797 by berenddeboer, redndahead, danielb: The tablesort code did not account for possibly nested tables; only match immediate descendats, so elements of nested tables are not matched.
    * #352121 by valthebald, Damien Tournoud, mr.baileys: The safe string check on translations should only be applied to the default textgroup. Strings in other textgroups such as blocks and menu items are displayed via escaping and filtering, and might contain arbitrary HTML.

Revision 1.13.2.1 / (download) - annotate - [select for diffs], Fri May 15 11:36:43 2009 UTC (10 years ago) by tron
Branch: pkgsrc-2009Q1
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)

Pullup ticket #2770 - requested by adrianp
drupal6: security update

- www/drupal6/Makefile				1.14-1.15
- www/drupal6/distinfo				1.10-1.11
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Fri May  1 19:50:35 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.11

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:

    * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
    * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
    * #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
    * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
    * #404244 by cwgordon7: minor code style fix in openid_help().
    * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node
    * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser
    * #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access().
    * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
    * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or drupal_access_denied() so that we can properly redirect from those pages.
    * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value before using it.
    * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms programatically) are possible in update functions
    * #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module
    * #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem.
    * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
    * - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
    * - Patch #228477 by anuradha: corrected Sinhala language.
    * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators.
    * #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense
    * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient
    * #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview
    * #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles
    * #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder
    * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs)
    * #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations
    * #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released
    * #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves
    * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page
    * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared
    * #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so
    * #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated
    * Rolling back #343415 given disputes around its change in Drupal 7.
    * #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page
    * #447700 by dww: Earl Miles is not update.module maintainer anymore
    * #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report
    * #396224 by pwolanin: Further harden template file name discovery
    * #220592 by dww and pwolanin: Always use the database for caching in update module, so that drupal.org project data persists. Improves both local and drupal.org site performance.
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu May 14 19:38:02 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
6.12

The twelfth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-006 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.11 release:

* #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does.

Revision 1.15 / (download) - annotate - [select for diffs], Thu May 14 19:38:02 2009 UTC (10 years ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

6.12

The twelfth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-006 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.11 release:

* #353328 by catch, BrianV: When a new commment is added, the redirection path should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the update status cache, just like the modules admin form does.

Revision 1.14 / (download) - annotate - [select for diffs], Fri May 1 19:50:35 2009 UTC (10 years ago) by adrianp
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Update to 6.11

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.10 release:

    * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; resulted in issue in logic not code flow
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
    * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML markup in update.php output
    * #372914 by chx, pwolanin, webchick: Menu link title localization was broken when a non-t callback was used
    * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
    * #404244 by cwgordon7: minor code style fix in openid_help().
    * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice and did not pass a3 to the action when the action type was other then node
    * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was separated by one blank line, thus disconnecting it for the API docs parser
    * #408962 by brianV: improve phpdoc documentation for menu_tree_collect_node_links() and menu_tree_check_access().
    * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
    * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set by drupal_not_found() or drupal_access_denied() so that we can properly redirect from those pages.
    * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ location.hash).offset() does not alway return an object, which breaks all JavaScript on the page, so check for the return value before using it.
    * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch API compatible with drupal_execute(), so things like creating a CCK type or adding fields to it (by submitting forms programatically) are possible in update functions
    * #365996 by sammys: the correct full name for the timestamp field in postgresql is timestamp without time zone; improve compatibility with PostgreSQL / schema module
    * #279233 by Aren Cambre, jbomb: Message printed when email is not being possible to send was informal and had a grammar problem.
    * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
    * - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
    * - Patch #228477 by anuradha: corrected Sinhala language.
    * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() validators.
    * #382096 by Arancaytar: clean up #maxlength use in the installer; remove arbitrary 45 character limits, put reasonable limits in place where it makes sense
    * #330084 by c960657: Remove unnecessary duplication of the From header value in Reply-to; standards indicate setting the From header should be sufficient
    * #385602 by Damien Tournoud, desbeers: log messages were not remembered on node preview
    * #437120 by mfb: avoid double escaping of taxonomy term names in feed links and channel titles
    * #437930 by soxofaan: remove unnecessary tabindex attribute from login form; makes altering harder
    * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was matching on prefixes of node paths instead of the node paths themselves (and possible subtabs)
    * #401304 by Darren Oh: make conditional in statistics_link() more explicit to catch node related invocations
    * #363262 follow up by Dave Reid: fix phpdoc comments on update functions to properly mark update functions added after 6.0 was released
    * #317775 by Starminder, pwolanin: do not store the menu router table serialized in cache, since it cases more performance problems then it solves
    * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in Garland, so nodes do no overlap the messages area on the page
    * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table cache_flush variables to avoid not flushing all but the first table when multiple tables are cleared
    * #445600 by Rob Loach: allow for as few as 1 required word in submission of a node of a content type if the admin wants to set so
    * #343415 by Damien Tournoud: the form cache is not automatically cleared on submit if the page cache is activated
    * Rolling back #343415 given disputes around its change in Drupal 7.
    * #229660 by Dave Reid: use theme('username', ...) to display usernames on the user contact page
    * #447700 by dww: Earl Miles is not update.module maintainer anymore
    * #431148 by pwolanin, dww: Make it easier to visually distinguish security updates on Updates report
    * #396224 by pwolanin: Further harden template file name discovery
    * #220592 by dww and pwolanin: Always use the database for caching in update module, so that drupal.org project data persists. Improves both local and drupal.org site performance.

Revision 1.13 / (download) - annotate - [select for diffs], Sat Feb 28 16:11:20 2009 UTC (10 years, 2 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base
Branch point for: pkgsrc-2009Q1
Changes since 1.12: +2 -3 lines
Diff to previous 1.12 (colored)

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-003 - Local file inclusion on Windows

In addition to this security vulnerability, the following bugs have been fixed since the 6.9 release:

    * - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker.
    * #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed.
    * #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value
    * #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable().
    * #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag.
    * #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link
    * #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output
    * #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting
    * #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all.
    * #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice.
    * #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys'
    * #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice
    * #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set
    * #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead
    * #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined
    * #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module
    * #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms()
    * #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language
    * #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation
    * - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited.
    * #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6
    * - Patch #381438 by drumm: do not use page cache for drupal.sh requests.
    * #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be
    * #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that
    * #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi()
    * #383724 by Heine, bjaspan: SA-CORE-2009-003

Revision 1.12 / (download) - annotate - [select for diffs], Mon Feb 16 20:55:54 2009 UTC (10 years, 3 months ago) by adrianp
Branch: MAIN
Changes since 1.11: +5 -2 lines
Diff to previous 1.11 (colored)

settings.php not default.settings.php is the correct CONF_FILE
Update drupal.conf based on .htaccess supplied with tarball
PKGREVISION++

Revision 1.10.2.1 / (download) - annotate - [select for diffs], Sun Jan 18 11:43:05 2009 UTC (10 years, 4 months ago) by rtr
Branch: pkgsrc-2008Q4
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)

pullup ticket #2637 - requested by martti
drupal6: update package for fixes

revisions pulled up:
pkgsrc/www/drupal6/Makefile	1.11
pkgsrc/www/drupal6/distinfo	1.8

   Module Name:    pkgsrc
   Committed By:   adrianp
   Date:           Thu Jan 15 20:09:44 UTC 2009

   Modified Files:
           pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   The following bug has been fixed since the 6.7 release:
   * Rolling back #280934. PHP 4 incompatibility.

   This release fixes security vulnerabilities. Sites are urged to upgrade
   immediately after reading the security announcement:

   * SA-CORE-2009-001- Drupal core - Multiple vulnerabilities

   In addition to this security vulnerability, the following bugs have been
   fixed since the 6.8 release:

   * - Patch #331708 by chx: poll_choice_js uses FAPI2.
   * - Patch #350708 by dww: t() documentation clean-up.
   * #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a
   HTTP request seems to fail. Looking for the local page caused problems for
   people with interactive authentication, redirects, hosting added JavaScript
   code, and so on.
   * - Patch #262920 by ainigma32: language selection for domain should look
   at HTTP_HOST not SERVER_NAME.
   * - Patch #353886 by killes: too many arguments to SQL query in locale import.
   * - Rollback of #325908.
   * #347228 by kajetan: user was redirected to admin/build/translate instead
   of admin/build/translate/import
   * #332123 by webchick, lilou, andypost: backport of removal of t() around
   schema desciptions
   * #257009 by bjaspan, Freso, Darren Oh: check to not create global
   constraints twice in PostgreSQL (for example, when the testing framework is
   running)
   * #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session
   if the user is the current global user
   * #308526 by chx: Also reset actions_list() cache on actions_synchronize()
   * #323474 by gpk, Dave Reid, catch: hook_boot() was not called on
   non-cached pages when agreesive caching was on
   * #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
   * #328977 by Dave Reid, hgmichna: comment_controls() form function lacks
   first form_state parameter, so passed values are incorrectly used
   * #323386 by mariuss: The selection type in profile module expects items
   each on their own line and should not break items on commas
   * #347485 by cdale: only add upload submit handler if the upload form is added
   * #344052 by salvis: remove unused $update_node variable from node module
   * #356782 by quicksketch: remove unused unset($edit) from
   _form_builder_handle_input_element()
   * #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
   * #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem
   when HTTP_HOST is not transmitted
   * #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move
   back to an internal URL check for HTTP request checking and make the
   request checking less intrusive on what requests can be accomplished

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 15 20:09:44 2009 UTC (10 years, 4 months ago) by adrianp
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

The following bug has been fixed since the 6.7 release:
* Rolling back #280934. PHP 4 incompatibility.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

* SA-CORE-2009-001- Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.8 release:

* - Patch #331708 by chx: poll_choice_js uses FAPI2.
* - Patch #350708 by dww: t() documentation clean-up.
* #245990 by Dave Reid, chx, dww: Look for the www.example.com page when a HTTP request seems to fail. Looking for the local page caused problems for people with interactive authentication, redirects, hosting added JavaScript code, and so on.
* - Patch #262920 by ainigma32: language selection for domain should look at HTTP_HOST not SERVER_NAME.
* - Patch #353886 by killes: too many arguments to SQL query in locale import.
* - Rollback of #325908.
* #347228 by kajetan: user was redirected to admin/build/translate instead of admin/build/translate/import
* #332123 by webchick, lilou, andypost: backport of removal of t() around schema desciptions
* #257009 by bjaspan, Freso, Darren Oh: check to not create global constraints twice in PostgreSQL (for example, when the testing framework is running)
* #169937 by Heine, drumm, alexanderpas, Darren Oh: only regenerate session if the user is the current global user
* #308526 by chx: Also reset actions_list() cache on actions_synchronize()
* #323474 by gpk, Dave Reid, catch: hook_boot() was not called on non-cached pages when agreesive caching was on
* #61108 by Uwe Hermann: update LICENSE.txt with latest version of GPL2 text
* #328977 by Dave Reid, hgmichna: comment_controls() form function lacks first form_state parameter, so passed values are incorrectly used
* #323386 by mariuss: The selection type in profile module expects items each on their own line and should not break items on commas
* #347485 by cdale: only add upload submit handler if the upload form is added
* #344052 by salvis: remove unused $update_node variable from node module
* #356782 by quicksketch: remove unused unset($edit) from _form_builder_handle_input_element()
* #124492 by m3avrck, mfer: more accurate checking for valid URLs in valid_url()
* #346285 by grendzy, Damien Tournoud, thekevinday et al: fixed problem when HTTP_HOST is not transmitted
* #245990 follow up by Damien Tournoud, David_Rothstein, pwolanin: Move back to an internal URL check for HTTP request checking and make the request checking less intrusive on what requests can be accomplished

Revision 1.10 / (download) - annotate - [select for diffs], Wed Dec 10 23:57:52 2008 UTC (10 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base
Branch point for: pkgsrc-2008Q4
Changes since 1.9: +2 -3 lines
Diff to previous 1.9 (colored)

Update to 6.7

The seventh maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.6 release:

* - Patch #324118 by winterheart: fixed invalid XHTML being generated for forum topic listings.
* - Patch #329019 by dww, sun: fixed PHP warning.
* #315739 by sun: The theme name is in arg(4) on the block admin page, so only redirect to theme specific page if that is set.
* - Patch #329646 by Damien Tournoud: properly reset user_access().
* - Patch #255293 by Gribnif, maartenvg: incorrect regex causes some aggregated CSS to fail.
* #329998 by pwolanin: escape markup looking non-HTML tags in schema descriptions
* #258089 by JohnAlbin, Arancaytar, merlinofchaos: themes cannot have a preprocess function without a corresponding .tpl.php file
* #255150 by dropcube, tested by catch, asimmonds: content type names were double escaped on create content page
* #329660 by pwolanin: node_configure_validate() should be replaced with a #submit handler to conform to FormAPI rules
* #299742 by Darren Oh: missing #ahah support on checkboxes
* #193580 follow up by gpk: late but important changelog entry for Drupal 6.0
* #302638 by pwolanin: avoid running several no-op queries while the menu is being rebuilt; improves performance
* Rolling back #302638, it caused problems reported in #328110
* #319165 by Alex_Tutubalin: add explicit UTF-8 client encoding setting for PostgreSQL
* - Patch #277644 by lilou: documentation improvement.
* - Patch #335385 by Dave Reid: fixed maxlength of path alias fields to be consistent with the database.
* - Patch #337454 by earnie: fixed the phpdoc of drupal_render_form().
* - Patch #293370 by swentel et al: make block sorting work when there are more than 20 blocks.
* - Patch #325908 by kbahey: removed redundant cache flusing.
* - Patch #281131 by Damien Tournoud: document the missing quote in .htaccess.
* - Patch #336115 by Nedjo: better documentation for t().
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.
* #305653 by snowball43, cdale, Dave Reid, sun: All themes were disabled when update.php was run
* #344661 by Dave Reid: fix phpdoc documentation on translation_translation_link_alter()
* #333060 by neclimdul, merlinofchaos, dvessel: child themes did not inherit patterns correctly, so more specific template files are not detected
* #206138 by pwolanin et al: little documentation fix for node base module name handling
* #276111 by pwolanin, meba and myself: disallow possibly dangerous submissions in locale translations and imports
* #345167 by JacobSingh, pwolanin, Heine: drupal_http_request() includes an extra CRLF, not conformant to HTTP specs

http://drupal.org/node/345462

Revision 1.6.4.1 / (download) - annotate - [select for diffs], Tue Nov 4 22:16:02 2008 UTC (10 years, 6 months ago) by tron
Branch: pkgsrc-2008Q3
Changes since 1.6: +11 -12 lines
Diff to previous 1.6 (colored) next main 1.7 (colored)

Pullup ticket #2571 - requested by adrianp
drupal6: security update

www/drupal6/Makefile				1.7-1.9
www/drupal6/PLIST				1.2
www/drupal6/distinfo				1.5-1.6
www/drupal6/options.mk				1.2
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sun Oct 12 00:34:40 UTC 2008

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-2008-060 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.4 release:

* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* - Patch 221230 by Heine: convert requirement error on update to requirement warning.
* - Patch 252430 by quicksketch: allow base theme prefix in preprocessor function names to correct expected behavior.
* - Patch 245322 by mfb: fixed breadcrumb behavior.
* - Patch 287949 by Freso, Damien Tournoud: keep language icons in consistent order across nodes.
* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 272952 by NancyDru and chx: fixed documentation issue.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* - Patch 243063 by GoofyX: fixed typo in context-sensitve help.
* - Patch 295152 by dww, Damien Tournoud, et al: fixed version comparison.
* - Patch 278759 by douggreen, fletchgqc: improved code comment.
* - Patch 276018 by mfb: extend the lifetime of temporary files.
* - Patch 228576 by sun: too ambiguous stylesheet in dblog.css when form_altering the watchdog table.
* - Patch 285309 by pwolanin: menu_name in hook_menu is ignored on updates.
* - Patch 261859 by rse, Damien Tournoud: make the trigger module work on PostgreSQL.
* - Patch 305436 by Damien Tournoud, lelutin: fixed unclosed <li> tag in the context-sensitive help.

Any many more.  See http://drupal.org/node/318701 for all the details
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu Oct 23 21:37:23 UTC 2008

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.6

The sixth maintenance and security release of the Drupal 6 series. Only
fixes for security vulnerabilities and other bugs have been committed. New
features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:

* SA-2008-067 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been
fixed since the 6.5 release:

- Patch #315656 by Damien Tournoud: fixed bug in drupal_lookup_path('wipe').
#318102 by Dave Reid: hook_exit() was not invoked for some cached requests.
#277206 by Damien Tournoud, lilou, fp: untranslatable string in the installer
- Patch #324080 by winterheart: missing </td>-tag.

See http://drupal.org/node/324832 for all the details
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Fri Oct 24 18:52:32 UTC 2008

Modified Files:
	pkgsrc/www/drupal6: Makefile PLIST options.mk

Log Message:
Fix PLIST issues when using binary packages - spotted by martti@
After some feedback from Roy Marples set up the package so it's easier
 to get drupal to run under other web servers than apache.  As the
 default web server, apache will remain.  Users can disable it using
 the options.mk framework.
Rename APACHE_* variables to WWW_* and set some sane defaults.

Revision 1.9 / (download) - annotate - [select for diffs], Fri Oct 24 18:52:31 2008 UTC (10 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.8: +10 -11 lines
Diff to previous 1.8 (colored)

Fix PLIST issues when using binary packages - spotted by martti@
After some feedback from Roy Marples set up the package so it's easier
 to get drupal to run under other web servers than apache.  As the
 default web server, apache will remain.  Users can disable it using
 the options.mk framework.
Rename APACHE_* variables to WWW_* and set some sane defaults.

Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 23 21:37:23 2008 UTC (10 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Update to 6.6

The sixth maintenance and security release of the Drupal 6 series. Only
fixes for security vulnerabilities and other bugs have been committed. New
features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:

* SA-2008-067 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been
fixed since the 6.5 release:

- Patch #315656 by Damien Tournoud: fixed bug in drupal_lookup_path('wipe').
#318102 by Dave Reid: hook_exit() was not invoked for some cached requests.
#277206 by Damien Tournoud, lilou, fp: untranslatable string in the installer
- Patch #324080 by winterheart: missing </td>-tag.

See http://drupal.org/node/324832 for all the details

Revision 1.7 / (download) - annotate - [select for diffs], Sun Oct 12 00:34:40 2008 UTC (10 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-2008-060 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.4 release:

* - Patch 246143 by bjaspan, Damien Tournoud: make sure updates are run in numeric order, not in definition order.
* - Patch 221230 by Heine: convert requirement error on update to requirement warning.
* - Patch 252430 by quicksketch: allow base theme prefix in preprocessor function names to correct expected behavior.
* - Patch 245322 by mfb: fixed breadcrumb behavior.
* - Patch 287949 by Freso, Damien Tournoud: keep language icons in consistent order across nodes.
* - Patch 265899 by mfb: uri_brief mail token did not support https URLs.
* - Patch 272952 by NancyDru and chx: fixed documentation issue.
* - Patch 170310 by mfb, JohnAlbin: avoid SSL cookie getting over-written by non-SSL cookie.
* - Patch 243063 by GoofyX: fixed typo in context-sensitve help.
* - Patch 295152 by dww, Damien Tournoud, et al: fixed version comparison.
* - Patch 278759 by douggreen, fletchgqc: improved code comment.
* - Patch 276018 by mfb: extend the lifetime of temporary files.
* - Patch 228576 by sun: too ambiguous stylesheet in dblog.css when form_altering the watchdog table.
* - Patch 285309 by pwolanin: menu_name in hook_menu is ignored on updates.
* - Patch 261859 by rse, Damien Tournoud: make the trigger module work on PostgreSQL.
* - Patch 305436 by Damien Tournoud, lelutin: fixed unclosed <li> tag in the context-sensitive help.

Any many more.  See http://drupal.org/node/318701 for all the details

Revision 1.5.4.1 / (download) - annotate - [select for diffs], Sat Aug 16 12:28:51 2008 UTC (10 years, 9 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)

pullup ticket #2488 - requested by taca
drupal6: update for security fixes

revisions pulled up:
pkgsrc/www/drupal6/Makefile	1.6
pkgsrc/www/drupal6/distinfo	1.4

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Aug 15 15:54:30 UTC 2008

   Modified Files:
           pkgsrc/www/drupal6: Makefile distinfo

   Log Message:
   Update drupal6 package to 6.4.

   Drupal 6.4, 2008-08-13
   ----------------------
   - Fixed a security issue (Cross site scripting, Arbitrary file uploads via
     BlogAPI, Cross site request forgeries and Various Upload module
     vulnerabilities), see SA-2008-047.
   - Improved error messages during installation.
   - Fixed a bug that prevented AHAH handlers to be attached to radios widgets.
   - Fixed a variety of small bugs.

Revision 1.6 / (download) - annotate - [select for diffs], Fri Aug 15 15:54:30 2008 UTC (10 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2008Q3
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update drupal6 package to 6.4.

Drupal 6.4, 2008-08-13
----------------------
- Fixed a security issue (Cross site scripting, Arbitrary file uploads via
  BlogAPI, Cross site request forgeries and Various Upload module
  vulnerabilities), see SA-2008-047.
- Improved error messages during installation.
- Fixed a bug that prevented AHAH handlers to be attached to radios widgets.
- Fixed a variety of small bugs.

Revision 1.5 / (download) - annotate - [select for diffs], Thu Jul 10 21:12:39 2008 UTC (10 years, 10 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Update to 6.3

All the details of the changes can be found here: http://drupal.org/node/280583
The main reason for this update is to fix a known security issue:
http://drupal.org/node/280571

Revision 1.4 / (download) - annotate - [select for diffs], Mon May 26 02:13:25 2008 UTC (11 years ago) by joerg
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)

Second round of explicit pax dependencies. As reminded by tnn@,
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.

Revision 1.3 / (download) - annotate - [select for diffs], Wed Apr 9 22:02:11 2008 UTC (11 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update to 6.2

This release fixes security vulnerabilities and also changes APIs. Sites are urged to upgrade immediately after reading the security announcement:

* SA-2008-026 - Drupal core - Drupal core - Access bypass

In addition to this security vulnerability, the following bugs have been fixed since the 6.0 release:

* #228120 by jvandyk: typo in documentation in comment.tpl.php
* #226480 by gpk: fix wording on when node access rebuild button is displayed in node_configure()
* #229817 by mcarrera: l() attributes were not properly specified in theme.inc's theme_username()
* #234403 by alienbrain: PHP.net documents we should use CRLF in mail headers, so do that
* #226555 by jvandyk, Rok Zlender: fix notice level error in xmlrpc.inc
* #204415 by chx: actually use 'administer content types' permission for node type editing instead of 'administer nodes'
* #234699 by hass: theme_link() did not mark frontpage links active properly
* #237717 by hass: missing t() in system_clear_cache_submit()
* #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
* #226728 by chx: (performance) temporary cache table entries were not flushed, causing cache_menu and cache_form to grow big
* #231587 by pwolanin, killes: (performance) use two level cache in menus, instead of storing very large amounts of data multiple times
* #239196 by jvandyk and myself: missing status check on nodes in search indexing counter
* rolling back #234403 by Bevan and damz: we should keep using LF in mail headers, without CR, CRLF causes problems
* #238564 by scor: two missing t() calls in update.module
* #241629 by solotandem: dblog module left one more row in, when cleaning up in cron
* #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed

Revision 1.2 / (download) - annotate - [select for diffs], Sun Apr 6 10:19:12 2008 UTC (11 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.1: +1 -4 lines
Diff to previous 1.1 (colored)

Remove some commented lines from the Makefile - no functional change

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Apr 6 10:15:27 2008 UTC (11 years, 1 month ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Drupal 6.x branch:

Drupal is software that allows an individual or a community of users to easily
publish, manage and organize a great variety of content on a website. Tens of
thousands of people and organizations have used Drupal to set up scores of
different kinds of web sites, including

* community web portals and discussion sites
* corporate web sites/intranet portals
* personal web sites
* aficionado sites
* e-commerce applications
* resource directories

Drupal includes features to enable:

* content management systems
* blogs
* collaborative authoring environments
* forums
* newsletters
* picture galleries
* file uploads and download

Revision 1.1 / (download) - annotate - [select for diffs], Sun Apr 6 10:15:27 2008 UTC (11 years, 1 month ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>