From 36f5f2918839e50085c89966d982bb0aefd8a664 Mon Sep 17 00:00:00 2001 From: bsiegert Date: Sun, 4 Dec 2016 15:18:40 +0000 Subject: Pullup ticket #5164 - requested by taca www/drupal7: security fix Revisions pulled up: - www/drupal7/Makefile 1.40-1.42 - www/drupal7/PLIST 1.15 - www/drupal7/distinfo 1.31-1.32 --- Module Name: pkgsrc Committed By: wen Date: Fri Oct 21 14:31:30 UTC 2016 Modified Files: pkgsrc/www/drupal7: Makefile PLIST distinfo Log Message: Update to 7.51 Upstream changes: Drupal 7.51, 2016-10-05 ----------------------- - The Update module now also checks for updates to a disabled theme that is used as an admin theme. - Exceptions thrown in dblog_watchdog() are now caught and ignored. - Clarified the warning that appears when modules are missing or have moved. - Log messages are now XSS filtered on display. - Draggable tables now work on touch screen devices. - Added a setting for allowing double underscores in CSS identifiers (https://www.drupal.org/node/2810369). - If a user navigates away from a page while an Ajax request is running they will no longer get an error message saying "An Ajax HTTP request terminated abnormally". - The system_region_list() API function now takes an optional third parameter which allows region name translations to be skipped when they are not needed (API addition: https://www.drupal.org/node/2810365). - Numerous performance improvements. - Numerous bug fixes. - Numerous API documentation improvements. - Additional automated test coverage. Drupal 7.50, 2016-07-07 ----------------------- - Added a new "administer fields" permission for trusted users, which is required in addition to other permissions to use the field UI (https://www.drupal.org/node/2483307). - Added clickjacking protection to Drupal core by setting the X-Frame-Options header to SAMEORIGIN by default (https://www.drupal.org/node/2735873). - Added support for full UTF-8 (emojis, Asian symbols, mathematical symbols) on MySQL and other database drivers when the site and database are configured to allow it (https://www.drupal.org/node/2761183). - Improved performance by avoiding a re-scan of directories when a file is missing; instead, trigger a PHP warning (minor API change: https://www.drupal.org/node/2581445). - Made it possible to use any PHP callable in Ajax form callbacks, form API form-building functions, and form API wrapper callbacks (API addition: https://www.drupal.org/node/2761169). - Fixed that following a password reset link while logged in leaves users unable to change their password (minor user interface change: https://www.drupal.org/node/2759023). - Implemented various fixes for automated test failures on PHP 5.4+ and PHP 7. Drupal core automated tests now pass in these environments. - Improved support for PHP 7 by fixing various problems. - Fixed various bugs with PHP 5.5+ imagerotate(), including when incorrect color indices are passed in. - Fixed a regression introduced in Drupal 7.43 that allowed files uploaded by anonymous users to be lost after form validation errors, and that also caused regressions with certain contributed modules. - Fixed a regression introduced in Drupal 7.36 which caused the default value of hidden textarea fields to be ignored. - Fixed robots.txt to allow search engines to access CSS, JavaScript and image files. - Changed wording on the Update Manager settings page to clarify that the option to check for disabled module updates also applies to uninstalled modules (administrative-facing translatable string change). - Changed the help text when editing menu links and configuring URL redirect actions so that it does not reference "Drupal" or the drupal.org website (administrative-facing translatable string change). - Fixed the locale safety check that is used to ensure that translations are safe to allow for tokens in the href/src attributes of translated strings. - Fixed that URL generation only works on port 80 when using domain based language negotation. - Made method="get" forms work inside the administrative overlay. The fix adds a new hidden field to these forms when they appear inside the overlay (minor data structure change). - Increased maxlength of menu link title input fields in the node form and menu link form from 128 to 255 characters. - Removed meaningless post-check=0 and pre-check=0 cache control headers from Drupal HTTP responses. - Added a .editorconfig file to auto-configure editors that support it. - Added --directory option to run-tests.sh for easier test discovery of all tests within a project. - Made run-tests.sh exit with a failure code when there are test fails or problems running the script. - Fixed that cookies from previous tests are still present when a new test starts in DrupalWebTestCase. - Improved performance of queries on the {authmap} database table. - Fixed handling of missing files and functions inside the registry. - Fixed Ajax handling for tableselect form elements that use checkboxes. - Fixed a bug which caused ip_address() to return nothing when the client IP address and proxy IP address are the same. - Added a new option to format_xml_elements() to allow for already encoded values. - Changed the {history} table's node ID field to be an unsigned integer, to match the same field in the {node} table and to prevent errors with very large node IDs. - Added an explicit page callback to the "admin/people/create" menu item in the User module (minor data structure change). Previously this automatically inherited the page callback from the parent "admin/people" menu item, which broke contributed modules that override the "admin/people" page. - Numerous small bug fixes. - Numerous API documentation improvements. - Additional automated test coverage. --- Module Name: pkgsrc Committed By: wen Date: Sat Oct 22 07:44:03 UTC 2016 Modified Files: pkgsrc/www/drupal7: Makefile Log Message: Add missing php module. --- Module Name: pkgsrc Committed By: taca Date: Thu Nov 17 14:18:39 UTC 2016 Modified Files: pkgsrc/www/drupal7: Makefile distinfo Log Message: Update drupal7 to 7.52 (Drupal 7.52), including security fix. Drupal 7.52, 2016-11-16 ----------------------- - Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-005. --- www/drupal7/Makefile | 9 +++++---- www/drupal7/PLIST | 7 ++++++- www/drupal7/distinfo | 10 +++++----- 3 files changed, 16 insertions(+), 10 deletions(-) (limited to 'www') diff --git a/www/drupal7/Makefile b/www/drupal7/Makefile index 881ccf5347d..9f3e81806bf 100644 --- a/www/drupal7/Makefile +++ b/www/drupal7/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.39 2016/06/16 23:20:16 taca Exp $ +# $NetBSD: Makefile,v 1.39.4.1 2016/12/04 15:18:40 bsiegert Exp $ -DISTNAME= drupal-7.44 +DISTNAME= drupal-7.52 PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME} CATEGORIES= www MASTER_SITES= http://ftp.drupal.org/files/projects/ @@ -10,8 +10,9 @@ HOMEPAGE= http://drupal.org/ COMMENT= Open source content management system LICENSE= gnu-gpl-v2 -DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.2.5:../../graphics/php-gd -DEPENDS+= ${PHP_PKG_PREFIX}-json>=5.2.5:../../textproc/php-json +DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.4.0:../../graphics/php-gd +DEPENDS+= ${PHP_PKG_PREFIX}-json>=5.4.0:../../textproc/php-json +DEPENDS+= ${PHP_PKG_PREFIX}-dom>=5.4.0:../../textproc/php-dom NO_BUILD= YES DRUPAL= share/drupal diff --git a/www/drupal7/PLIST b/www/drupal7/PLIST index 52b1f23574b..b82b1970fb4 100644 --- a/www/drupal7/PLIST +++ b/www/drupal7/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.14 2016/02/25 15:15:57 taca Exp $ +@comment $NetBSD: PLIST,v 1.14.6.1 2016/12/04 15:18:40 bsiegert Exp $ share/doc/drupal/CHANGELOG.txt share/doc/drupal/COPYRIGHT.txt share/doc/drupal/INSTALL.mysql.txt @@ -603,6 +603,7 @@ share/drupal/modules/simpletest/files/html-1.txt share/drupal/modules/simpletest/files/html-2.html share/drupal/modules/simpletest/files/image-1.png share/drupal/modules/simpletest/files/image-2.jpg +share/drupal/modules/simpletest/files/image-test-no-transparency.gif share/drupal/modules/simpletest/files/image-test-transparent-out-of-range.gif share/drupal/modules/simpletest/files/image-test.gif share/drupal/modules/simpletest/files/image-test.jpg @@ -742,6 +743,7 @@ share/drupal/modules/simpletest/tests/system_incompatible_module_version_test.mo share/drupal/modules/simpletest/tests/system_project_namespace_test.info share/drupal/modules/simpletest/tests/system_project_namespace_test.module share/drupal/modules/simpletest/tests/system_test.info +share/drupal/modules/simpletest/tests/system_test.install share/drupal/modules/simpletest/tests/system_test.module share/drupal/modules/simpletest/tests/tablesort.test share/drupal/modules/simpletest/tests/taxonomy_test.info @@ -917,6 +919,7 @@ share/drupal/modules/update/tests/drupal.0.xml share/drupal/modules/update/tests/drupal.1.xml share/drupal/modules/update/tests/drupal.2-sec.xml share/drupal/modules/update/tests/drupal.dev.xml +share/drupal/modules/update/tests/themes/update_test_admintheme/update_test_admintheme.info share/drupal/modules/update/tests/themes/update_test_basetheme/update_test_basetheme.info share/drupal/modules/update/tests/themes/update_test_subtheme/update_test_subtheme.info share/drupal/modules/update/tests/update_test.info @@ -1092,3 +1095,5 @@ share/drupal/update.php share/drupal/xmlrpc.php share/examples/drupal/default.settings.php share/examples/drupal/drupal.conf +@pkgdir share/drupal/sites +@pkgdir share/drupal/files diff --git a/www/drupal7/distinfo b/www/drupal7/distinfo index 555f7aac151..ea8c6832fe6 100644 --- a/www/drupal7/distinfo +++ b/www/drupal7/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.30 2016/06/16 23:20:16 taca Exp $ +$NetBSD: distinfo,v 1.30.4.1 2016/12/04 15:18:40 bsiegert Exp $ -SHA1 (drupal-7.44.tar.gz) = efeb199a01b785ec4362b4c9488981ef5fc49b61 -RMD160 (drupal-7.44.tar.gz) = 0e9c095d4c255937293e816a214fbc0cd034bc21 -SHA512 (drupal-7.44.tar.gz) = 67d358c85259b7722824f214be177c40819c7e0c06c8ec7511b7f87ecff1ab6622af62fc5769b62682e0e67f718743afa6b0a9e4c55e2348a1b408eeb566c3e9 -Size (drupal-7.44.tar.gz) = 3265819 bytes +SHA1 (drupal-7.52.tar.gz) = fceb7a2891e870eae1a027d7f06028aa24dc58b2 +RMD160 (drupal-7.52.tar.gz) = c58b7c789e5853842d260065e2fb27cf4809dcf9 +SHA512 (drupal-7.52.tar.gz) = 4fd2721b87d7e160ccf202894c5ec11e836796be6dce3fbfe187eea826175822677c26079a3dae4567e0615e8f376a88c07a8979b619bb4ac1096c8ea5c8f802 +Size (drupal-7.52.tar.gz) = 3289714 bytes -- cgit v1.2.3