Subject: CVS commit: [pkgsrc-2016Q3] pkgsrc/www/drupal7
From: Benny Siegert
Date: 2016-12-04 16:18:40
Message id: 20161204151840.D3D5EFBA6@cvs.NetBSD.org

Log Message:
Pullup ticket #5164 - requested by taca
www/drupal7: security fix

Revisions pulled up:
- www/drupal7/Makefile                                          1.40-1.42
- www/drupal7/PLIST                                             1.15
- www/drupal7/distinfo                                          1.31-1.32

---
   Module Name:	pkgsrc
   Committed By:	wen
   Date:		Fri Oct 21 14:31:30 UTC 2016

   Modified Files:
   	pkgsrc/www/drupal7: Makefile PLIST distinfo

   Log Message:
   Update to 7.51

   Upstream changes:
   Drupal 7.51, 2016-10-05
   -----------------------
   - The Update module now also checks for updates to a disabled theme that is
    used as an admin theme.
   - Exceptions thrown in dblog_watchdog() are now caught and ignored.
   - Clarified the warning that appears when modules are missing or have moved.
   - Log messages are now XSS filtered on display.
   - Draggable tables now work on touch screen devices.
   - Added a setting for allowing double underscores in CSS identifiers
    (https://www.drupal.org/node/2810369).
   - If a user navigates away from a page while an Ajax request is running they
    will no longer get an error message saying "An Ajax HTTP request terminated
    abnormally".
   - The system_region_list() API function now takes an optional third parameter
    which allows region name translations to be skipped when they are not needed
    (API addition: https://www.drupal.org/node/2810365).
   - Numerous performance improvements.
   - Numerous bug fixes.
   - Numerous API documentation improvements.
   - Additional automated test coverage.

   Drupal 7.50, 2016-07-07
   -----------------------
   - Added a new "administer fields" permission for trusted users, which is
    required in addition to other permissions to use the field UI
    (https://www.drupal.org/node/2483307).
   - Added clickjacking protection to Drupal core by setting the X-Frame-Options
    header to SAMEORIGIN by default (https://www.drupal.org/node/2735873).
   - Added support for full UTF-8 (emojis, Asian symbols, mathematical symbols) on
    MySQL and other database drivers when the site and database are configured to
    allow it (https://www.drupal.org/node/2761183).
   - Improved performance by avoiding a re-scan of directories when a file is
    missing; instead, trigger a PHP warning (minor API change:
    https://www.drupal.org/node/2581445).
   - Made it possible to use any PHP callable in Ajax form callbacks, form API
    form-building functions, and form API wrapper callbacks (API addition:
    https://www.drupal.org/node/2761169).
   - Fixed that following a password reset link while logged in leaves users unable
    to change their password (minor user interface change:
    https://www.drupal.org/node/2759023).
   - Implemented various fixes for automated test failures on PHP 5.4+ and PHP 7.
    Drupal core automated tests now pass in these environments.
   - Improved support for PHP 7 by fixing various problems.
   - Fixed various bugs with PHP 5.5+ imagerotate(), including when incorrect
    color indices are passed in.
   - Fixed a regression introduced in Drupal 7.43 that allowed files uploaded by
    anonymous users to be lost after form validation errors, and that also caused
    regressions with certain contributed modules.
   - Fixed a regression introduced in Drupal 7.36 which caused the default value
    of hidden textarea fields to be ignored.
   - Fixed robots.txt to allow search engines to access CSS, JavaScript and image
    files.
   - Changed wording on the Update Manager settings page to clarify that the
    option to check for disabled module updates also applies to uninstalled
    modules (administrative-facing translatable string change).
   - Changed the help text when editing menu links and configuring URL redirect
    actions so that it does not reference "Drupal" or the drupal.org \ 
website
    (administrative-facing translatable string change).
   - Fixed the locale safety check that is used to ensure that translations are
    safe to allow for tokens in the href/src attributes of translated strings.
   - Fixed that URL generation only works on port 80 when using domain based
    language negotation.
   - Made method="get" forms work inside the administrative overlay. \ 
The fix adds
    a new hidden field to these forms when they appear inside the overlay (minor
    data structure change).
   - Increased maxlength of menu link title input fields in the node form and
    menu link form from 128 to 255 characters.
   - Removed meaningless post-check=0 and pre-check=0 cache control headers from
    Drupal HTTP responses.
   - Added a .editorconfig file to auto-configure editors that support it.
   - Added --directory option to run-tests.sh for easier test discovery of all
    tests within a project.
   - Made run-tests.sh exit with a failure code when there are test fails or
    problems running the script.
   - Fixed that cookies from previous tests are still present when a new test
    starts in DrupalWebTestCase.
   - Improved performance of queries on the {authmap} database table.
   - Fixed handling of missing files and functions inside the registry.
   - Fixed Ajax handling for tableselect form elements that use checkboxes.
   - Fixed a bug which caused ip_address() to return nothing when the client IP
    address and proxy IP address are the same.
   - Added a new option to format_xml_elements() to allow for already encoded
    values.
   - Changed the {history} table's node ID field to be an unsigned integer, to
    match the same field in the {node} table and to prevent errors with very
    large node IDs.
   - Added an explicit page callback to the "admin/people/create" menu \ 
item in the
    User module (minor data structure change). Previously this automatically
    inherited the page callback from the parent "admin/people" menu \ 
item, which
    broke contributed modules that override the "admin/people" page.
   - Numerous small bug fixes.
   - Numerous API documentation improvements.
   - Additional automated test coverage.

---
   Module Name:	pkgsrc
   Committed By:	wen
   Date:		Sat Oct 22 07:44:03 UTC 2016

   Modified Files:
   	pkgsrc/www/drupal7: Makefile

   Log Message:
   Add missing php module.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov 17 14:18:39 UTC 2016

   Modified Files:
   	pkgsrc/www/drupal7: Makefile distinfo

   Log Message:
   Update drupal7 to 7.52 (Drupal 7.52), including security fix.

   Drupal 7.52, 2016-11-16
   -----------------------
   - Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-005.

Files:
RevisionActionfile
1.39.4.1modifypkgsrc/www/drupal7/Makefile
1.14.6.1modifypkgsrc/www/drupal7/PLIST
1.30.4.1modifypkgsrc/www/drupal7/distinfo