Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id B733D63B121
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed, 10 Dec 2008 23:56:35 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0)
	id 1CD8563B1AB; Wed, 10 Dec 2008 23:55:46 +0000 (UTC)
Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe25:eab4])
	by mail.netbsd.org (Postfix) with ESMTP id 498A563B1A8
	for <pkgsrc-changes@NetBSD.org>; Wed, 10 Dec 2008 23:55:39 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id 35799175D0; Wed, 10 Dec 2008 23:55:39 +0000 (UTC)
From: Adrian Portelli <adrianp@netbsd.org>
Subject: CVS commit: pkgsrc/www/drupal
To: pkgsrc-changes@NetBSD.org
Reply-To: adrianp@netbsd.org
Message-Id: <20081210235539.35799175D0@cvs.netbsd.org>
Date: Wed, 10 Dec 2008 23:55:39 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes
Precedence: list


Module Name:	pkgsrc
Committed By:	adrianp
Date:		Wed Dec 10 23:55:39 UTC 2008

Modified Files:
	pkgsrc/www/drupal: Makefile distinfo

Log Message:
Update to 5.13

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

* SA-2008-073 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 5.12 release:

* #318102 by Damien Tournoud and Dave Reid: hook_exit() not invoked for some cached requests.
* #278821 by teezee. More isset() checking.
* #293612 by egfrith, Bart Jansens: let user_authenticate() be called without cookies previously set; allows web service modules to start a session with the authentication.
* #123556 by maartenvg and dvdweide. Do not show empty user info categories.
* #294450 by blakehall. Match up DB and form max length.
* More code style removing trivial differences with 6.x.
* #195161 by mcarbone with some modifications: only show 'login to post comments' if logging in actually lets you post comments. Backport by salvis.
* - Patch #342988 by ultimateboy: fixed order of attributes in PHPdoc.
* #280934 follow up by pwolanin: harden the cookie handling in sess_regenerate() by setting our session cookie to be an HTTP only cookie, thus reducing the risk of session stealing via XSS
* #324875 by pwolanin: improve HTTP_HOST checking, ensuring that the host is lowercased and only valid characters are allowed.
* #28776 by Uwe Hermann, Morbus Iff, jvandyk: Protect *.test files and SVN metafiles from being exposed under Drupal
* #299582 by hass: Remove outdated items from robots.txt and fix ordering of items to make stuff easier to find.

http://drupal.org/node/345467


To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 pkgsrc/www/drupal/Makefile
cvs rdiff -r1.25 -r1.26 pkgsrc/www/drupal/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.