Path to this page:
Subject: CVS commit: [pkgsrc-2007Q4] pkgsrc/www/drupal
From: Geert Hendrickx
Date: 2008-01-15 10:03:07
Message id: 20080115090308.08EE421507@cvs.netbsd.org
Log Message:
Pullup ticket 2268 - requested by adrianp
security update for drupal
- pkgsrc/www/drupal/Makefile 1.26
- pkgsrc/www/drupal/distinfo 1.19
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jan 11 12:37:11 UTC 2008
Modified Files:
pkgsrc/www/drupal: Makefile distinfo
Log Message:
Update to 5.6
This release fixes security vulnerabilities. Sites are urged to upgrade \
immediately. For more details, please see the security announcement:
SA-2008-005 - Drupal core - Cross site request forgery
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
SA-2008-007 - Drupal core - Cross site scripting (register_globals)
In addition to this security vulnerability, the following bugs have been \
fixed since the 5.5 release:
173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
179164 by Heine: sort modules by name on the module admin page
199640 by webernet: (usability) add option to select no taxonomy term in \
multiselect forms, not to rely on browser trickery
199084 by chx: better conformance with ISO date formats in our xmlrpc code
173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: \
document support in url() and l() and proper active class support for .
89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll \
editing.
64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue \
since it is a count() query.
200338 by m3avrck and quicksketch: fix transparent GIF resizing
194652 by Heine: specify explicit accept-charset for forms to avoid browser \
guessing
182410 by greggles: HTTP Basic authentication username and password was \
parsed in drupal_http_request() but then not used in the request
- Patch 201894 by David Rothstein: fixed typo in user output.
180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), \
so Windows will create temporary files properly
115689 by chx: new content types should not overwrite old ones. Backport by \
Pancho.
203727 by Arancaytar. More effectively use hook API.
204855 by webernet. Add missing * in documentation.
168315 by schuyler1d: previous active database name was not consistently \
returned in db_set_active()
- Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, \
not in mega bytes.
194579 patch by pwolanin: clear filter cache when allowed HTML tags \
configuration changes in an input format
#166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages.
58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN \
on editing.
Partial backport of 112715 to fix 124641.
Changes from 5.4 -> 5.5
Fixed missing missing brackets in a query in the user module.
Fixed taxonomy feed bug introduced by SA-2007-031
Files: