Bug 210317 - www/drupal7: Update to 7.44 (Security fixes)
Summary: www/drupal7: Update to 7.44 (Security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jason Unovitch
URL: https://api.drupal.org/api/drupal/CHA...
Keywords: easy, patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2016-06-16 11:07 UTC by VK
Modified: 2016-07-16 01:08 UTC (History)
2 users (show)

See Also:
junovitch: merge-quarterly+

Attachments
Update Drupal 7 to 7.44 (883 bytes, patch)
2016-06-16 11:07 UTC, VK 		vlad-fbsd: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-06-16 11:07:47 UTC 
Created attachment 171479 [details]
Update Drupal 7 to 7.44

Update Drupal to 7.44. Includes security fixes:

* https://www.drupal.org/SA-CORE-2016-002

Build tests:

+ portlint OK
+ poudriere build ok, 10.3-p5 amd64

Request MFH as 7.43 -> 7.44 includes only the security fix:

* https://github.com/drupal/drupal/commits/7.44
* https://github.com/drupal/drupal/commit/0e38d9407d03143276147b9d3f1a2dae8826c99c
Comment 1 VK freebsd_triage 2016-06-16 11:08:20 UTC 
The port has no maintainer, implicit approval.
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-06-17 01:13:03 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Jun 17 01:12:31 UTC 2016
New revision: 416988
URL: https://svnweb.freebsd.org/changeset/ports/416988

Log:
  Document Drupal vulnerabilities

  PR:		210317
  Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	https://www.drupal.org/SA-CORE-2016-002
  Security:	https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-06-17 01:34:06 UTC 
A commit references this bug:

Author: junovitch
Date: Fri Jun 17 01:33:15 UTC 2016
New revision: 416990
URL: https://svnweb.freebsd.org/changeset/ports/416990

Log:
  MFH: r416328 r416557 (partial, leave out USES=mysql conversion) r416989

  www/drupal7: update 7.43 -> 7.44 [1]

  - Reset maintainer by his own request [2]
  - Fix license
  - Pet portlint

  PR:		210317 [1]
  PR:		209998 [2]
  Approved by:	ports-secteam (with hat)
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com> [1]
  Submitted by:	simon.wright@gmx.net (maintainer) [2]
  Security:	https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/www/drupal7/Makefile
  branches/2016Q2/www/drupal7/distinfo
  branches/2016Q2/www/drupal7/pkg-plist
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2016-06-17 01:35:42 UTC 
Commited in ports/head with r416989 (https://svnweb.FreeBSD.org/changeset/ports/416989).  However I did PR; instead of PR: and it didn't automatically notify bugzilla.

MFH completed with the option helper/USES=mysql conversion left out since we don't support USES=mysql in 2016Q2.

Vladimir, thank you for the report and the patch!
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-07-16 01:08:59 UTC 
A commit references this bug:

Author: junovitch
Date: Sat Jul 16 01:08:07 UTC 2016
New revision: 418615
URL: https://svnweb.freebsd.org/changeset/ports/418615

Log:
  Update Drupal SA-CORE-2016-002 with the assigned CVEs

  PR:		210317
  Security:	CVE-2016-6211
  Security:	CVE-2016-6212
  Security:	https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml