<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pkgsrc/www/drupal, branch pkgsrc_2008Q2</title>
<subtitle>[no description]</subtitle>
<id>https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2</id>
<link rel='self' href='https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2'/>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/'/>
<updated>2008-08-16T12:19:24Z</updated>
<entry>
<title>pullup ticket #2487 - requested by taca</title>
<updated>2008-08-16T12:19:24Z</updated>
<author>
<name>rtr</name>
<email>rtr</email>
</author>
<published>2008-08-16T12:19:24Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=72c575b1cb2a1eb4ebcf5e6728daf98b5b38b7e3'/>
<id>urn:sha1:72c575b1cb2a1eb4ebcf5e6728daf98b5b38b7e3</id>
<content type='text'>
drupal: update package for security fixes

revisions pulled up:
pkgsrc/www/drupal/Makefile	1.32
pkgsrc/www/drupal/PLIST		1.7
pkgsrc/www/drupal/distinfo	1.23

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Aug 15 15:54:08 UTC 2008

   Modified Files:
           pkgsrc/www/drupal: Makefile PLIST distinfo

   Log Message:
   Update drupal package to 5.10.

   Drupal 5.10, 2008-08-13
   -----------------------
   - fixed a variety of small bugs.
   - fixed security issues, (Cross site scripting, Arbitrary file uploads via
     BlogAPI and Cross site request forgery), see SA-2008-047
</content>
</entry>
<entry>
<title>pullup ticket #2469 - requested by adrianp</title>
<updated>2008-08-01T11:18:45Z</updated>
<author>
<name>rtr</name>
<email>rtr</email>
</author>
<published>2008-08-01T11:18:45Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=83b5c0823019d71919690b56bf885e86d7bb778c'/>
<id>urn:sha1:83b5c0823019d71919690b56bf885e86d7bb778c</id>
<content type='text'>
drupal: update for security fix

revisions pulled up:
pkgsrc/www/drupal/Makefile	1.31
pkgsrc/www/drupal/distinfo	1.22

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Thu Jul 31 19:09:53 UTC 2008

   Modified Files:
   	pkgsrc/www/drupal: Makefile distinfo

   Log Message:
   This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

       * SA-2008-046 - Drupal core - Session fixation

   In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release:

       * #281042 by schuyler1d. Render blocks before CSS and JS header generation.
       * #232433 by Damien Tournoud. Use non-localized date for RSS.
       * #281494 by beeradb. Code style.
       * #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0.
       * #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility.
       * #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
       * #280934. Make sure session is always regenerated.
</content>
</entry>
<entry>
<title>Update to 5.8</title>
<updated>2008-07-10T21:11:02Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2008-07-10T21:11:02Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=e4d3905014c86d0dc6bbcbe43840c42c0adcd0db'/>
<id>urn:sha1:e4d3905014c86d0dc6bbcbe43840c42c0adcd0db</id>
<content type='text'>
All the details of the changes can be found here: http://drupal.org/node/280586
The main reason for this update is to fix a known security issue:
http://drupal.org/node/280571
</content>
</entry>
<entry>
<title>Second round of explicit pax dependencies. As reminded by tnn@,</title>
<updated>2008-05-26T02:13:14Z</updated>
<author>
<name>joerg</name>
<email>joerg</email>
</author>
<published>2008-05-26T02:13:14Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=2374ca422f2eb8b46ed600c7bb21740b2865d899'/>
<id>urn:sha1:2374ca422f2eb8b46ed600c7bb21740b2865d899</id>
<content type='text'>
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
</content>
</entry>
<entry>
<title>Add CONFLICTS for upcoming drupal 6 import</title>
<updated>2008-04-06T10:12:35Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2008-04-06T10:12:35Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=31ea9c73ee4023bece167f82f6b27546edecb7f9'/>
<id>urn:sha1:31ea9c73ee4023bece167f82f6b27546edecb7f9</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Drupal 5.7</title>
<updated>2008-03-05T21:35:40Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2008-03-05T21:35:40Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=0ef72be7a9b0a2af86cbb5c017c595404c5e10d3'/>
<id>urn:sha1:0ef72be7a9b0a2af86cbb5c017c595404c5e10d3</id>
<content type='text'>
* 208700 by pwolanin. Fix bad backport of #194579. Modified to use Form API.
* 118569 by bevan: document how should one set RewriteBase, if under a VirtualDocumentRoot. Backport by Bart Jansens.
* Patch 115606 by Junyor, thesaint_02: added support for PHP 5.2's 'recoverable fatal errors'.
* 209409 by Heine, webernet, dww: more accurate register globals value checking
</content>
</entry>
<entry>
<title>Update to 5.6</title>
<updated>2008-01-11T12:37:11Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2008-01-11T12:37:11Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=605d4fdb61513c74a5a01e7108208a355fa07701'/>
<id>urn:sha1:605d4fdb61513c74a5a01e7108208a355fa07701</id>
<content type='text'>
This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement:
SA-2008-005 - Drupal core - Cross site request forgery
SA-2008-006 - Drupal core - Cross site scripting (UTF8)
SA-2008-007 - Drupal core - Cross site scripting (register_globals)

In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release:
173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files
179164 by Heine: sort modules by name on the module admin page
199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery
199084 by chx: better conformance with ISO date formats in our xmlrpc code
173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for .
89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing.
64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query.
200338 by m3avrck and quicksketch: fix transparent GIF resizing
194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing
182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request
- Patch 201894 by David Rothstein: fixed typo in user output.
180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly
115689 by chx: new content types should not overwrite old ones. Backport by Pancho.
203727 by Arancaytar. More effectively use hook API.
204855 by webernet. Add missing * in documentation.
168315 by schuyler1d: previous active database name was not consistently returned in db_set_active()
- Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes.
194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format
#166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages.
58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing.
Partial backport of 112715 to fix 124641.

Changes from 5.4 -&gt; 5.5
Fixed missing missing brackets in a query in the user module.
Fixed taxonomy feed bug introduced by SA-2007-031
</content>
</entry>
<entry>
<title>This release fixes a security vulnerability. Sites are urged to upgrade immediately. For more details, please see the security announcement:</title>
<updated>2007-12-05T23:16:19Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2007-12-05T23:16:19Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=c56848478009d971a7e0c9362608af73a043f224'/>
<id>urn:sha1:c56848478009d971a7e0c9362608af73a043f224</id>
<content type='text'>
* SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

In addition to this security vulnerability, the following bugs have been fixed since the 5.2 release:

* 178478 by scor: typo in text displyed when the DB is installed but not accessible
* Patch 122759 by Robrecht: fixed broken query in upgrade path.
* 55277 by catch and JirkaRybka: when flat comment view is used, order comments by cid (ie. original submission order) instead of timestamp (ie. last editing time order) to avoid comments jumping around when being edited
* Patch 181063 by chx and bjaspan: fixed problem with drupal_bootstrap() not booting to the proper level.
* 184668 by hazexp, Remove unnecessary ';'
* Patch 182728 by Darren Oh: improved PHPdoc of db_rewrite_sql().
* 93425 by bjaspan: remove pre-Drupal 4.6 era destination handling cruft carried over in comment module
* 154388 (backport of 172262) by JirkaRybka. Better globals handling in install system, so the choosen profile and language are remembered.
* 171117 by JirkaRybka: set access time for admin created or edited accounts so they are exempt from the spam protection we have for accounts never logged in
* Patch 168829 by Neil Drumm: fixed link in documentation.
* 165924 by odious. Use accurate count query for user list.
* 187601 by Bart Jansens. Use correct HTTP status codes for redirects.
* 180109 by JirkaRybka: overcome browser quirk to detect when no taxonomy term was selected
* 134984 by mikesmullin. Fix x2 coordinate for rendering gradients.
</content>
</entry>
<entry>
<title>Update to 5.3</title>
<updated>2007-10-18T13:01:35Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2007-10-18T13:01:35Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=a5628173bf9e7bee91a2ef2b8935cc028edffcb1'/>
<id>urn:sha1:a5628173bf9e7bee91a2ef2b8935cc028edffcb1</id>
<content type='text'>
Fix a number of security issues:
SA-2007-024 - Drupal Core - HTTP response splitting
SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
SA-2007-026 - Drupal Core - Cross site scripting via uploads
SA-2007-029 - Drupal Core - User deletion cross site request forgery
SA-2007-030 - Drupal Core - API handling of unpublished comment

Bugs:
Redirect to home page after user registration requiring admin approval.
More correct wording since some modules will actually work despite warning.
variable search_cron_limit was not removed on search uninstall
Append to instead of overwrite #suffix.
hide administration pages links on module help pages if there are no admin links for the module

See http://drupal.org/node/184395 for all the details
</content>
</entry>
<entry>
<title>Update to 5.2</title>
<updated>2007-07-27T21:44:32Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2007-07-27T21:44:32Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=c58bf218050781d89a927ac343cfbcdc68c22a38'/>
<id>urn:sha1:c58bf218050781d89a927ac343cfbcdc68c22a38</id>
<content type='text'>
Fix two security issues:
	http://drupal.org/node/162360
	http://drupal.org/node/162361
</content>
</entry>
</feed>
