---
- branch: MAIN
  date: Fri May  1 19:49:42 UTC 2009
  files:
  - new: '1.38'
    old: '1.37'
    path: pkgsrc/www/drupal/Makefile
    pathrev: pkgsrc/www/drupal/Makefile@1.38
    type: modified
  - new: '1.29'
    old: '1.28'
    path: pkgsrc/www/drupal/distinfo
    pathrev: pkgsrc/www/drupal/distinfo@1.29
    type: modified
  id: 20090501T194942Z.7c4cc21d0d014c588c7b5d1c4e2c1e8c9f9cc783
  log: |
    Update to 5.17

    This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

    * SA-CORE-2009-005 Drupal core - Cross site scripting

    In addition to this security vulnerability, the following bugs have been fixed since the 5.15 release:

    * #150851 by pwolanin and chx: different radio buttons in the same set should have different HTML id values (XHTML validity fix). Backport #367689 by gollyg.
    * #335741 by electricmonk. Do not recurse over non-objects.
    * #287725 by mantyla. Sort by mid to avoid inconsistencies when multiple menu items exist for a node.
    * 174940 by gpk: avoid calling up the full Drupal bootstrap for nonexistent favicon.ico. Backport by matt@antinomia.
    * #112887 by ged3000. Adding Newfoundland DST
    * #401494 by andypost. Correctly clear menu cache.
    * #396224 by pwolanin: Further harden template file name discovery
    * #395086 by Freso: call trim() before truncate_utf8() in comment module for better quality truncation.
    * #197864 by vito_swat, alpritt, Murz, catch: Use hook_term_path() in forum module instead of hook_link_alter(); simplfies code, improves performance and compatibility.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/drupal'
  unixtime: '1241207382'
  user: adrianp