Subject: CVS commit: [pkgsrc-2009Q1] pkgsrc/www/drupal
From: Matthias Scheler
Date: 2009-05-15 13:30:51
Message id: 20090515113051.EE618175D0@cvs.netbsd.org

Log Message:
Pullup ticket #2769 - requested by adrianp
drupal: security update

Revisions pulled up:
- www/drupal/Makefile		1.38-1.39
- www/drupal/distinfo		1.29-1.30
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Fri May  1 19:49:42 UTC 2009

Modified Files:
	pkgsrc/www/drupal: Makefile distinfo

Log Message:
Update to 5.17

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately after reading the security announcement:

* SA-CORE-2009-005 Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 5.15 release:

* #150851 by pwolanin and chx: different radio buttons in the same set should \ 
have different HTML id values (XHTML validity fix). Backport #367689 by gollyg.
* #335741 by electricmonk. Do not recurse over non-objects.
* #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu \ 
items exist for a node.
* 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent \ 
favicon.ico. Backport by matt@antinomia.
* #112887 by ged3000. Adding Newfoundland DST
* #401494 by andypost. Correctly clear menu cache.
* #396224 by pwolanin: Further harden template file name discovery
* #395086 by Freso: call trim() before truncate_utf8() in comment module for \ 
better quality truncation.
* #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum \ 
module instead of hook_link_alter(); simplfies code, improves performance and \ 
compatibility.
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu May 14 19:37:02 UTC 2009

Modified Files:
	pkgsrc/www/drupal: Makefile distinfo

Log Message:
5.18

This release fixes security vulnerabilities. Sites are urged to upgrade \ 
immediately after reading the security announcement:

* SA-CORE-2009-006 Drupal core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed \ 
since the 5.15 release:

* #396224 partial rollback of SA-CORE-2009-003 security hardening.
* #396224 adding missing documentation comment update. By dvessel and pwolanin.
* #267305 by brianV. Remove ?>.
* #305544 by jsenich. Add missing clear-block to admin by modules.
* #330084 by c960657: Remove unnecessary duplication of the From header value in \ 
Reply-to; standards indicate setting the From header should be sufficient.

Files:
RevisionActionfile
1.37.2.1modifypkgsrc/www/drupal/Makefile
1.28.2.1modifypkgsrc/www/drupal/distinfo