Navigation:
Browse pkgsrc
(this page)
www drupal6
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2009-05-15 13:36:43 by Matthias Scheler | Files touched by this commit (2) |  |
Log message:
Pullup ticket #2770 - requested by adrianp
drupal6: security update
- www/drupal6/Makefile 1.14-1.15
- www/drupal6/distinfo 1.10-1.11
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri May 1 19:50:35 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log message:
Update to 6.11
This release fixes a security vulnerability. Sites are urged to upgrade \
immediately after reading the security announcement:
* SA-CORE-2009-005 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed \
since the 6.10 release:
* #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; \
resulted in issue in logic not code flow
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum \
module instead of hook_link_alter(); simplfies code, improves performance and \
compatibility.
* #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML \
markup in update.php output
* #372914 by chx, pwolanin, webchick: Menu link title localization was \
broken when a non-t callback was used
* #395086 by Freso: call trim() before truncate_utf8() in comment module for \
better quality truncation.
* #404244 by cwgordon7: minor code style fix in openid_help().
* #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice \
and did not pass a3 to the action when the action type was other then node
* #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was \
separated by one blank line, thus disconnecting it for the API docs parser
* #408962 by brianV: improve phpdoc documentation for \
menu_tree_collect_node_links() and menu_tree_check_access().
* #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask \
for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
* #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, \
akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set \
by drupal_not_found() or drupal_access_denied() so that we can properly redirect \
from those pages.
* #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ \
location.hash).offset() does not alway return an object, which breaks all \
JavaScript on the page, so check for the return value before using it.
* #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch \
API compatible with drupal_execute(), so things like creating a CCK type or \
adding fields to it (by submitting forms programatically) are possible in update \
functions
* #365996 by sammys: the correct full name for the timestamp field in \
postgresql is timestamp without time zone; improve compatibility with PostgreSQL \
/ schema module
* #279233 by Aren Cambre, jbomb: Message printed when email is not being \
possible to send was informal and had a grammar problem.
* - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
* - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
* - Patch #228477 by anuradha: corrected Sinhala language.
* - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() \
validators.
* #382096 by Arancaytar: clean up #maxlength use in the installer; remove \
arbitrary 45 character limits, put reasonable limits in place where it makes \
sense
* #330084 by c960657: Remove unnecessary duplication of the From header \
value in Reply-to; standards indicate setting the From header should be \
sufficient
* #385602 by Damien Tournoud, desbeers: log messages were not remembered on \
node preview
* #437120 by mfb: avoid double escaping of taxonomy term names in feed links \
and channel titles
* #437930 by soxofaan: remove unnecessary tabindex attribute from login \
form; makes altering harder
* #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was \
matching on prefixes of node paths instead of the node paths themselves (and \
possible subtabs)
* #401304 by Darren Oh: make conditional in statistics_link() more explicit \
to catch node related invocations
* #363262 follow up by Dave Reid: fix phpdoc comments on update functions to \
properly mark update functions added after 6.0 was released
* #317775 by Starminder, pwolanin: do not store the menu router table \
serialized in cache, since it cases more performance problems then it solves
* #282852 by Arancaytar, will_in_wi: remove negative margin on .node in \
Garland, so nodes do no overlap the messages area on the page
* #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table \
cache_flush variables to avoid not flushing all but the first table when \
multiple tables are cleared
* #445600 by Rob Loach: allow for as few as 1 required word in submission of \
a node of a content type if the admin wants to set so
* #343415 by Damien Tournoud: the form cache is not automatically cleared on \
submit if the page cache is activated
* Rolling back #343415 given disputes around its change in Drupal 7.
* #229660 by Dave Reid: use theme('username', ...) to display usernames on \
the user contact page
* #447700 by dww: Earl Miles is not update.module maintainer anymore
* #431148 by pwolanin, dww: Make it easier to visually distinguish security \
updates on Updates report
* #396224 by pwolanin: Further harden template file name discovery
* #220592 by dww and pwolanin: Always use the database for caching in update \
module, so that drupal.org project data persists. Improves both local and \
drupal.org site performance.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu May 14 19:38:02 UTC 2009
Modified Files:
pkgsrc/www/drupal6: Makefile distinfo
Log message:
6.12
The twelfth maintenance and security release of the Drupal 6 series. Only fixes \
for security vulnerabilities and other bugs have been committed. New features \
are only being added to the forthcoming Drupal 7.0 release.
This release fixes security vulnerabilities. Sites are urged to upgrade \
immediately after reading the security announcement:
* SA-CORE-2009-006 - Drupal core - Cross site scripting
In addition to this security vulnerability, the following bugs have been fixed \
since the 6.11 release:
* #353328 by catch, BrianV: When a new commment is added, the redirection path \
should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate \
over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 \
pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the \
update status cache, just like the modules admin form does.
|
New packages: