Bug 203977 - [MAINTAINER] www/drupal7: Update Drupal 7.40 to 7.41 (Fix security vulnerabilities)
Summary: [MAINTAINER] www/drupal7: Update Drupal 7.40 to 7.41 (Fix security vulnerabil...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: patch-ready, security
Depends on:
Blocks:
 
Reported: 2015-10-23 09:42 UTC by Simon Wright
Modified: 2015-10-24 04:17 UTC (History)
5 users (show)

See Also:
junovitch: merge-quarterly+


Attachments
Patch to update Drupal 7.40 to 7.41 (897 bytes, patch)
2015-10-23 09:42 UTC, Simon Wright
koobs: maintainer-approval+
Details | Diff
Output from portlint -A (20.94 KB, text/plain)
2015-10-23 21:41 UTC, Simon Wright
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Wright 2015-10-23 09:42:34 UTC
Created attachment 162383 [details]
Patch to update Drupal 7.40 to 7.41

Updates Drupal 7.40 to 7.41.

https://www.drupal.org/drupal-7.41-release-notes

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:

    Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004

No other fixes are included.

No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
Known issues:

None.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2015-10-23 11:57:33 UTC
Reset merge quarterly. Set merge quarterly to + when committed, else set to - to reject (not needed, not approved)
Comment 2 Simon Wright 2015-10-23 21:41:27 UTC
Created attachment 162403 [details]
Output from portlint -A

Warnings noted  for .info files do not apply because drupal .info files are static text file for defining and configuring a theme.
Comment 3 commit-hook freebsd_committer 2015-10-24 03:56:03 UTC
A commit references this bug:

Author: junovitch
Date: Sat Oct 24 03:55:26 UTC 2015
New revision: 400101
URL: https://svnweb.freebsd.org/changeset/ports/400101

Log:
  Document redirect vulnerability in the drupal7 overlay module

  PR:		203977
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer 2015-10-24 03:58:06 UTC
A commit references this bug:

Author: junovitch
Date: Sat Oct 24 03:57:08 UTC 2015
New revision: 400102
URL: https://svnweb.freebsd.org/changeset/ports/400102

Log:
  www/drupal7: security update 7.40 -> 7.41 [1]

  - While here also add NO_ARCH

  PR:		203977
  Submitted by:	Simon Wright <simon.wright@gmx.net> (maintainer) [1]
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html
  MFH:		2015Q4
  X-MFH-With:	r399526

Changes:
  head/www/drupal7/Makefile
  head/www/drupal7/distinfo
Comment 5 commit-hook freebsd_committer 2015-10-24 04:05:10 UTC
A commit references this bug:

Author: junovitch
Date: Sat Oct 24 04:04:13 UTC 2015
New revision: 400103
URL: https://svnweb.freebsd.org/changeset/ports/400103

Log:
  MFH: r399526, r400102

  r399526
  Update to 7.40.

  PR:		ports/203829
  Submitted by:	Simon Wright (maintainer)

  r400102
  www/drupal7: security update 7.40 -> 7.41 [1]

  - While here also add NO_ARCH

  PR:		203977
  Submitted by:	Simon Wright <simon.wright@gmx.net> (maintainer) [1]
  Security:	CVE-2015-7943
  Security:	https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html

  Approved by:	ports-secteam (delphij)

Changes:
_U  branches/2015Q4/
  branches/2015Q4/www/drupal7/Makefile
  branches/2015Q4/www/drupal7/distinfo
  branches/2015Q4/www/drupal7/pkg-plist
Comment 6 Jason Unovitch freebsd_committer 2015-10-24 04:17:09 UTC
Thanks again for your prompt work Simon!  The update was committed and the PR as now closed.

Also set merge-quarterly+ again.  Koobs, based on the context, much as the maintainer set maintainer-approval+ to show he approved the change I applied Xin setting merge-quarterly+ as the change is approved for MFH (following an obvious review and QA).