Received: from cvs.netbsd.org (cvs.netbsd.org [204.152.190.10]) by mail.netbsd.org (Postfix) with ESMTP id D60F563B11D for ; Fri, 11 Jan 2008 12:37:11 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id C178421507; Fri, 11 Jan 2008 12:37:11 +0000 (UTC) From: Adrian Portelli Subject: CVS commit: pkgsrc/www/drupal To: pkgsrc-changes@NetBSD.org Reply-To: adrianp@netbsd.org Message-Id: <20080111123711.C178421507@cvs.netbsd.org> Date: Fri, 11 Jan 2008 12:37:11 +0000 (UTC) Content-Length: 2814 Lines: 51 Module Name: pkgsrc Committed By: adrianp Date: Fri Jan 11 12:37:11 UTC 2008 Modified Files: pkgsrc/www/drupal: Makefile distinfo Log Message: Update to 5.6 This release fixes security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcement: SA-2008-005 - Drupal core - Cross site request forgery SA-2008-006 - Drupal core - Cross site scripting (UTF8) SA-2008-007 - Drupal core - Cross site scripting (register_globals) In addition to this security vulnerability, the following bugs have been fixed since the 5.5 release: 173858 by Gábor Hojtsy: skip UTF-8 BOM when importing locale files 179164 by Heine: sort modules by name on the module admin page 199640 by webernet: (usability) add option to select no taxonomy term in multiselect forms, not to rely on browser trickery 199084 by chx: better conformance with ISO date formats in our xmlrpc code 173459 by Dave Cohen. Backport of #78487 by FredCK, forngren and bjaspan: document support in url() and l() and proper active class support for . 89218 by Gábor Hojtsy. Properly initialize a counter variable and fix poll editing. 64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query. 200338 by m3avrck and quicksketch: fix transparent GIF resizing 194652 by Heine: specify explicit accept-charset for forms to avoid browser guessing 182410 by greggles: HTTP Basic authentication username and password was parsed in drupal_http_request() but then not used in the request - Patch 201894 by David Rothstein: fixed typo in user output. 180126 by mmoreno, drewish and scor: add realpath() call to file_save_data(), so Windows will create temporary files properly 115689 by chx: new content types should not overwrite old ones. Backport by Pancho. 203727 by Arancaytar. More effectively use hook API. 204855 by webernet. Add missing * in documentation. 168315 by schuyler1d: previous active database name was not consistently returned in db_set_active() - Patch 199955 by saxofaan: file_upload_max_size() returns results in bytes, not in mega bytes. 194579 patch by pwolanin: clear filter cache when allowed HTML tags configuration changes in an input format #166433 by Ralf Stamm. Use correct menu item type for revsion confirm pages. 58806 by fwalch and wicksteedc. Do not override MENU_VISIBLE_IF_HAS_CHILDREN on editing. Partial backport of 112715 to fix 124641. Changes from 5.4 -> 5.5 Fixed missing missing brackets in a query in the user module. Fixed taxonomy feed bug introduced by SA-2007-031 To generate a diff of this commit: cvs rdiff -r1.25 -r1.26 pkgsrc/www/drupal/Makefile cvs rdiff -r1.18 -r1.19 pkgsrc/www/drupal/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.