Log message:
Pullup ticket 2240 - requested by adrianp
security update for drupal

- pkgsrc/www/drupal/Makefile				1.25
- pkgsrc/www/drupal/distinfo				1.18

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Wed Dec  5 23:16:19 UTC 2007

   Modified Files:
	   pkgsrc/www/drupal: Makefile distinfo

   Log message:
   This release fixes a security vulnerability. Sites are urged to upgrade
   immediately. For more details, please see the security announcement:

   * SA-2007-031 - Drupal core - SQL Injection possible when certain
   contributed modules are enabled

   In addition to this security vulnerability, the following bugs have been
   fixed since the 5.2 release:

   * 178478 by scor: typo in text displyed when the DB is installed but not
   accessible
   * Patch 122759 by Robrecht: fixed broken query in upgrade path.
   * 55277 by catch and JirkaRybka: when flat comment view is used, order
   comments by cid (ie. original submission order) instead of timestamp
   (ie. last editing time order) to avoid comments jumping around when
   being edited
   * Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap()
   not booting to the proper level.
   * 184668 by hazexp, Remove unnecessary ';'
   * Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
   * 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft
   carried over in comment module
   * 154388 (backport of 172262) by JirkaRybka. Better globals handling in
   install system, so the choosen profile and language are remembered.
   * 171117 by JirkaRybka: set access time for admin created or edited
   accounts so they are exempt from the spam protection we have for
   accounts never logged in
   * Patch 168829 by Neil Drumm: fixed link in documentation.
   * 165924 by odious. Use accurate count query for user list.
   * 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
   * 180109 by JirkaRybka: overcome browser quirk to detect when no
   taxonomy term was selected
   * 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.

Log message:
Pullup ticket 2203 - requested by adrianp
security update for drupal

- pkgsrc/www/drupal/Makefile				1.24
- pkgsrc/www/drupal/distinfo				1.17

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Thu Oct 18 13:01:36 UTC 2007

   Modified Files:
	   pkgsrc/www/drupal: Makefile distinfo

   Log message:
   Update to 5.3

   Fix a number of security issues:
   SA-2007-024 - Drupal Core - HTTP response splitting
   SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
   SA-2007-026 - Drupal Core - Cross site scripting via uploads
   SA-2007-029 - Drupal Core - User deletion cross site request forgery
   SA-2007-030 - Drupal Core - API handling of unpublished comment

   Bugs:
   Redirect to home page after user registration requiring admin approval.
   More correct wording since some modules will actually work despite warning.
   variable search_cron_limit was not removed on search uninstall
   Append to instead of overwrite #suffix.
   hide administration pages links on module help pages if there are no
   admin links for the module

   See http://drupal.org/node/184395 for all the details