Bug 203977

Summary:

[MAINTAINER] www/drupal7: Update Drupal 7.40 to 7.41 (Fix security vulnerabilities)

Product:

Ports & Packages

Reporter:

Simon Wright <simon.wright>

Component:

Individual Port(s)

Assignee:

Jason Unovitch <junovitch>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

delphij, junovitch, koobs, ports-secteam, wen

Priority:

---

Keywords:

patch-ready, security

Version:

Latest

Flags:

junovitch: merge-quarterly+

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Patch to update Drupal 7.40 to 7.41	koobs: maintainer-approval+
Output from portlint -A	none

Description Simon Wright 2015-10-23 09:42:34 UTC

Created attachment 162383 [details]
Patch to update Drupal 7.40 to 7.41

Updates Drupal 7.40 to 7.41.

https://www.drupal.org/drupal-7.41-release-notes

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

    Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
Known issues:

None.

Comment 1 Kubilay Kocak freebsd_committer

2015-10-23 11:57:33 UTC

Reset merge quarterly. Set merge quarterly to + when committed, else set to - to reject (not needed, not approved)

Comment 2 Simon Wright 2015-10-23 21:41:27 UTC

Created attachment 162403 [details]
Output from portlint -A

Warnings noted  for .info files do not apply because drupal .info files are static text file for defining and configuring a theme.

Comment 3 commit-hook freebsd_committer

2015-10-24 03:56:03 UTC

A commit references this bug:

Author: junovitch
Date: Sat Oct 24 03:55:26 UTC 2015
New revision: 400101
URL: https://svnweb.freebsd.org/changeset/ports/400101

Log:
  Document redirect vulnerability in the drupal7 overlay module

  PR:		203977
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 4 commit-hook freebsd_committer

2015-10-24 03:58:06 UTC

A commit references this bug:

Author: junovitch
Date: Sat Oct 24 03:57:08 UTC 2015
New revision: 400102
URL: https://svnweb.freebsd.org/changeset/ports/400102

Log:
  www/drupal7: security update 7.40 -> 7.41 [1]

  - While here also add NO_ARCH

  PR:		203977
  Submitted by:	Simon Wright <simon.wright@gmx.net> (maintainer) [1]
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html
  MFH:		2015Q4
  X-MFH-With:	r399526

Changes:
  head/www/drupal7/Makefile
  head/www/drupal7/distinfo

Comment 5 commit-hook freebsd_committer

2015-10-24 04:05:10 UTC

A commit references this bug:

Author: junovitch
Date: Sat Oct 24 04:04:13 UTC 2015
New revision: 400103
URL: https://svnweb.freebsd.org/changeset/ports/400103

Log:
  MFH: r399526, r400102

  r399526
  Update to 7.40.

  PR:		ports/203829
  Submitted by:	Simon Wright (maintainer)

  r400102
  www/drupal7: security update 7.40 -> 7.41 [1]

  - While here also add NO_ARCH

  PR:		203977
  Submitted by:	Simon Wright <simon.wright@gmx.net> (maintainer) [1]
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2015Q4/
  branches/2015Q4/www/drupal7/Makefile
  branches/2015Q4/www/drupal7/distinfo
  branches/2015Q4/www/drupal7/pkg-plist

Comment 6 Jason Unovitch freebsd_committer

2015-10-24 04:17:09 UTC

Thanks again for your prompt work Simon!  The update was committed and the PR as now closed.

Also set merge-quarterly+ again.  Koobs, based on the context, much as the maintainer set maintainer-approval+ to show he approved the change I applied Xin setting merge-quarterly+ as the change is approved for MFH (following an obvious review and QA).