cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
62,861 Commits 1 Branch 0 Tags
Commit Graph

17 Commits

Author SHA1 Message Date
espie
e50b98837f new depends 2010-11-22 08:36:47 +00:00
stephan
430a168ba4 switch to pkg-readme, ok jasper@ 2010-11-15 12:58:52 +00:00
stephan
ea1ecd2e43 least invasive round of cleanup: 
- install drupal modules/themes as root:daemon rather than www:www
  (only the files/ directory needs to be writeable by 'www').
- don't install 'settings.php' world-readable since it contains the
  DB password. Use 640, owner 'www' instead.
- bump all modules.

tested in production, including upgrade szenarios.
ok sthen@ and landry@, maintainer timeout.
 2010-11-15 09:05:40 +00:00
stephan
6b41a25273 update drupal core to 6.19, addresses SA-CORE-2010-002: 
- OpenID authentication bypass
 - File download access bypass
 - Comment unpublishing bypass
 - Actions cross site scripting

gory details at http://drupal.org/node/880476
no database upgrade required for this update.
 2010-09-14 10:14:33 +00:00
ajacoutot
f7296e021c Remove PKGNAME=${DISTNAME} constructs where possible, as this is the 
default anyway.

ok jasper@
 2010-08-31 08:15:44 +00:00
espie
234aae7770 minor updates. 2010-06-03 16:25:23 +00:00
stephan
f691a20cad security update to 6.16, fixes DRUPAL-SA-CORE-2010-001. 
ok jasper@, "I can vouch for it" @espie
 2010-03-05 09:09:23 +00:00
espie
68d5c7474a DRUPAL-SA-CORE-2009-009 
Vulnerabilities in Contact module, XSS if malicious users can create menus.
 2009-12-18 19:05:57 +00:00
ajacoutot
12028a52f9 Tweak MESSAGE now that /var/www/tmp/ is here by default. 2009-10-01 12:28:34 +00:00
espie
bf080de18c security update (DRUPAL-SA-CORE-2009-008): 
if you use OpenID, or your uploads are badly configured, you have a
security risk.
 2009-09-20 11:56:37 +00:00
espie
2c280a6d53 drop bogus drupal5 substitution, no actual generated plists change 2009-07-27 12:39:36 +00:00
espie
7818816077 tweak SUBST_VARS so that nodeaccess won't match DRUPAL_LOCALE (oops) 
a few PKGNAME bumps needed after regenerating plists, because of DESCR
changes or .orig files from patches.
 2009-07-26 12:20:07 +00:00
espie
08e0d8c39a a few minor tweaks: 
- don't reload rewrite if it's already there, one less warning for httpd
- pinpoint translation errors
- document the painful state of updates from drupal5...
 2009-07-17 09:33:12 +00:00
espie
1834e327c5 update to current versions 2009-07-15 10:33:38 +00:00
sthen
868bef47bd update to 6.12, fixes an xss issue. ok espie@ 2009-05-15 21:21:27 +00:00
espie
043c78e9d7 missed... 2009-04-03 23:27:16 +00:00
espie
7738104118 hate cvs... "core" directory with stuff in it should be okay by default. 
noticed by naddy@
 2009-04-03 23:26:48 +00:00