This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:
* SA-CORE-2009-003 - Local file inclusion on Windows In addition to this security vulnerability, the following bugs have been fixed since the 6.9 release: * - Patch #298722 by pwolanin: _menu_translate returns FALSE before to_arg is available. Drupal.org upgrade blocker. * #310863 by bangpound, dboulet, catch, lee20: Locale variable results in locale module install, so skip adding empty variable when not needed. * #275796 by Gribnif, Damien Tournoud, Dave Reid, vaish: module_list() should set its static variable to NULL instead of unset()-ing it, so it does not retain its value * #328110 by marcingy, swentel, Damien Tournoud, pwolanin, David_Rothstein: the link argument is passed by reference to menu_link_save(), so avoid overwriting local variables in menu_enable(). * #62926 by karschsp: increase the free tagging field maximum length to 1024; the database limits are per-tag. * #220559 by eMPee584, Desbeers, Damien Tournoud: only ever add the active class to links in l() and theme_links(), if the language was set and is the current language or if the language was not set on the link * #365183 by Eaton: node_feed() did not use the same API functions as node_view() did, so custom fields were missing from the output * #356721 by c960657, Dave Reid: remove static caching of the clean URLs setting in url() to help automated tests; the setting is cached through variable_get(), which however allows altering of the setting * #290282 by kratib, jvandyk, ainigma32: Only track/limit the recursive invocations of actions_do(), instead of tracking/limiting them all. * #320395 by qutoz, swentel: Set node format to 0 in node_submit() if the body was turned off to avoid a minor notice. * #359918 by Dave Reid: database.inc documents the 'unique key' key, while it should be 'unique keys' * #152098 by hunthunthunt, mgifford, Dave Reid: add 'for' attribute to 'label' tags on checkboxes and radio buttons, even if the 'label' wraps the element - accessibility best practice * #314286 backport of some of #229129 by assimonds: disbaled checkboxes did not receive their values properly from the default value set * #243524 by christefano, chx: our phpinfo page was very limited; give all info possible instead * #203323 by JirkaRybka, robertgarrigos, lilou, thePanz, c960657, sun: move the LANGUAGE_* constants to bootstrap.inc and remove several defined() checks on them now that they are always defined * #276174 by nbz, John Morahan, slightly modified: do not escape username more then once at multiple places in blog.module * #310768 by bob_hirnlego, cdale: missing primary table and field specification in db_rewrite_sql() when called from taxonomy_overview_terms() * #363262 by catch, chx: in Drupal 6, the url_alias table introduced a language column, but did not extend its index to that; though queries are formed on src and language * #326210 by AlexisWilke, grendzy, jhedstrom: Take the menu item in its first submission and menu_nodeapi() by reference, so that any modifications of the item in the saving process will carry over to other submit handlers; making itpossible to write modules extending menu item manipulation * - Patch #383318 by mr.baileys: incorrect memory shortage warning when memory limit is unlimited. * #337162 by midkemia and ainigma32: keep the Drupal 5 menu items descriptions when upgrading to Drupal 6 * - Patch #381438 by drumm: do not use page cache for drupal.sh requests. * #109588 by fago, cdale: use the existing user account objects instead of arg() checks, as well as fix use of where it should be * #296082 by jandd, stefanor, nigel: avoid table aliasing in UPDATE query in system_update_6001() since PostreSQL does not support that * #376408 by ajevans85, pwolanin: Prevent an empty anchor tag and parenthesis appearing in the output for the search index in search_nodeapi() * #383724 by Heine, bjaspan: SA-CORE-2009-003
This commit is contained in:
parent
72e221ba28
commit
2e05b4d6e7
2 changed files with 6 additions and 7 deletions
|
@ -1,7 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.12 2009/02/16 20:55:54 adrianp Exp $
|
||||
# $NetBSD: Makefile,v 1.13 2009/02/28 16:11:20 adrianp Exp $
|
||||
|
||||
DISTNAME= drupal-6.9
|
||||
PKGREVISION= 1
|
||||
DISTNAME= drupal-6.10
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://drupal.org/files/projects/
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
$NetBSD: distinfo,v 1.8 2009/01/15 20:09:44 adrianp Exp $
|
||||
$NetBSD: distinfo,v 1.9 2009/02/28 16:11:20 adrianp Exp $
|
||||
|
||||
SHA1 (drupal-6.9.tar.gz) = d9eb531bcb2a4d500dc9e989b0afe702653d7e84
|
||||
RMD160 (drupal-6.9.tar.gz) = 9e8e181fb406f2ae5d6ce1f62c6ef37ff714598f
|
||||
Size (drupal-6.9.tar.gz) = 1075558 bytes
|
||||
SHA1 (drupal-6.10.tar.gz) = fcdaa4f1eb10678a11e888c70aeeb0b9c84da6c6
|
||||
RMD160 (drupal-6.10.tar.gz) = 5ebc65ceea59633fd0cd348d3bf420edf9b4c8ff
|
||||
Size (drupal-6.10.tar.gz) = 1076404 bytes
|
||||
|
|
Loading…
Reference in a new issue