Log Message:
Pullup ticket #2770 - requested by adrianp
drupal6: security update

- www/drupal6/Makefile				1.14-1.15
- www/drupal6/distinfo				1.10-1.11
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Fri May  1 19:50:35 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
Update to 6.11

This release fixes a security vulnerability. Sites are urged to upgrade \ 
immediately after reading the security announcement:

    * SA-CORE-2009-005 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 6.10 release:

    * #376408 follow up by pwolanin: search_nodeapi() lacked break in switch; \ 
resulted in issue in logic not code flow
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum \ 
module instead of hook_link_alter(); simplfies code, improves performance and \ 
compatibility.
    * #314314 by bastos, Dave Reid, mr.baileys, Pasqualle: fix invalid XHTML \ 
markup in update.php output
    * #372914 by chx, pwolanin, webchick: Menu link title localization was \ 
broken when a non-t callback was used
    * #395086 by Freso: call trim() before truncate_utf8() in comment module for \ 
better quality truncation.
    * #404244 by cwgordon7: minor code style fix in openid_help().
    * #357031 by hinfox, dereine, aaronbauman: trigger_nodeapi() passed a4 twice \ 
and did not pass a3 to the action when the action type was other then node
    * #141965 by jeffschuler: taxonomy_term_path() and its phpdoc block was \ 
separated by one blank line, thus disconnecting it for the API docs parser
    * #408962 by brianV: improve phpdoc documentation for \ 
menu_tree_collect_node_links() and menu_tree_check_access().
    * #290561 by mustafau, AlexisWilke: aggregator_save_category() should ask \ 
for the last insert ID in 'aggregator_category', not 'aggregator' when saving.
    * #292565 by lyricnz, Damien Tournoud, Jody Lynn, kleinmp, John Morahan, \ 
akalsey: Make forms work on 404 and 403 pages. Remove any fake destination set \ 
by drupal_not_found() or drupal_access_denied() so that we can properly redirect \ 
from those pages.
    * #325810 by darren.ferguson, miglius: in tableheader.js $('td'+ \ 
location.hash).offset() does not alway return an object, which breaks all \ 
JavaScript on the page, so check for the return value before using it.
    * #297972 by wilson98, scor, Steven Jones, yched, heyrocker: make the batch \ 
API compatible with drupal_execute(), so things like creating a CCK type or \ 
adding fields to it (by submitting forms programatically) are possible in update \ 
functions
    * #365996 by sammys: the correct full name for the timestamp field in \ 
postgresql is timestamp without time zone; improve compatibility with PostgreSQL \ 
/ schema module
    * #279233 by Aren Cambre, jbomb: Message printed when email is not being \ 
possible to send was informal and had a grammar problem.
    * - Patch #316515 by jmburnz, momendo: fixed position of OpenID logo.
    * - Patch #372414 by JohnAlbin: don't output empty div when no comment exist.
    * - Patch #228477 by anuradha: corrected Sinhala language.
    * - Patch #286374 by jhodgdon: fixed documentation of file_save_upload() \ 
validators.
    * #382096 by Arancaytar: clean up #maxlength use in the installer; remove \ 
arbitrary 45 character limits, put reasonable limits in place where it makes \ 
sense
    * #330084 by c960657: Remove unnecessary duplication of the From header \ 
value in Reply-to; standards indicate setting the From header should be \ 
sufficient
    * #385602 by Damien Tournoud, desbeers: log messages were not remembered on \ 
node preview
    * #437120 by mfb: avoid double escaping of taxonomy term names in feed links \ 
and channel titles
    * #437930 by soxofaan: remove unnecessary tabindex attribute from login \ 
form; makes altering harder
    * #160226 by kymmx, karschsp, Dave Reid, Berdir: statistics module was \ 
matching on prefixes of node paths instead of the node paths themselves (and \ 
possible subtabs)
    * #401304 by Darren Oh: make conditional in statistics_link() more explicit \ 
to catch node related invocations
    * #363262 follow up by Dave Reid: fix phpdoc comments on update functions to \ 
properly mark update functions added after 6.0 was released
    * #317775 by Starminder, pwolanin: do not store the menu router table \ 
serialized in cache, since it cases more performance problems then it solves
    * #282852 by Arancaytar, will_in_wi: remove negative margin on .node in \ 
Garland, so nodes do no overlap the messages area on the page
    * #227228 by ilmaestro, gpk, ball.in.th, catch, andypost: use per-table \ 
cache_flush variables to avoid not flushing all but the first table when \ 
multiple tables are cleared
    * #445600 by Rob Loach: allow for as few as 1 required word in submission of \ 
a node of a content type if the admin wants to set so
    * #343415 by Damien Tournoud: the form cache is not automatically cleared on \ 
submit if the page cache is activated
    * Rolling back #343415 given disputes around its change in Drupal 7.
    * #229660 by Dave Reid: use theme('username', ...) to display usernames on \ 
the user contact page
    * #447700 by dww: Earl Miles is not update.module maintainer anymore
    * #431148 by pwolanin, dww: Make it easier to visually distinguish security \ 
updates on Updates report
    * #396224 by pwolanin: Further harden template file name discovery
    * #220592 by dww and pwolanin: Always use the database for caching in update \ 
module, so that drupal.org project data persists. Improves both local and \ 
drupal.org site performance.
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu May 14 19:38:02 UTC 2009

Modified Files:
	pkgsrc/www/drupal6: Makefile distinfo

Log Message:
6.12

The twelfth maintenance and security release of the Drupal 6 series. Only fixes \ 
for security vulnerabilities and other bugs have been committed. New features \ 
are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately after reading the security announcement:

    * SA-CORE-2009-006 - Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 6.11 release:

* #353328 by catch, BrianV: When a new commment is added, the redirection path \ 
should point to page, where the new comment is.
* #239945 by Xano, JeremyFrench, Damien Tournoud, andypost: Should not iterate \ 
over the children in taxonomy_get_tree() anymore if we reached max_depth.
* #292565 by grendzy, John Morahan, Jody Linn: remove path munging on 403/404 \ 
pages, which caused problems for login redirects
* #448268 by dww: Make sure that submitting the themes admin form clears out the \ 
update status cache, just like the modules admin form does.