rpms/drupal/F-8 .cvsignore, 1.7, 1.8 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.13, 1.14 sources, 1.11, 1.12
Jon Ciesla
limb at fedoraproject.org
Thu Oct 9 12:20:44 UTC 2008
- Previous message (by thread): rpms/drupal/devel .cvsignore, 1.13, 1.14 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.16, 1.17 sources, 1.13, 1.14
- Next message (by thread): rpms/drupal/F-9 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.16, 1.17 sources, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: limb
Update of /cvs/pkgs/rpms/drupal/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11453
Modified Files:
.cvsignore drupal-README.fedora drupal.conf drupal.spec
sources
Log Message:
SA-2008-060.
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/.cvsignore,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- .cvsignore 14 Aug 2008 11:50:50 -0000 1.7
+++ .cvsignore 9 Oct 2008 12:20:14 -0000 1.8
@@ -1 +1 @@
-drupal-5.10.tar.gz
+drupal-5.11.tar.gz
Index: drupal-README.fedora
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal-README.fedora,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- drupal-README.fedora 6 Dec 2007 02:50:57 -0000 1.3
+++ drupal-README.fedora 9 Oct 2008 12:20:14 -0000 1.4
@@ -30,3 +30,12 @@
should not run into problems, but if any symlinks are changed, they will be
re-written when the package is upgraded, which could break the site until
you re-change the symlink.
+
+3. SSL/TLS usage.
+CVE-2008-3661 relates to the security of session cookies and SSL/TLS.
+
+http://int21.de/cve/CVE-2008-3661-drupal.html
+http://www.securityfocus.com/bid/31285
+
+To help mitigate this, uncomment the following line in /etc/httpd/conf.d/drupal.conf:
+#php_flag session.cookie_secure on
Index: drupal.conf
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- drupal.conf 8 Jan 2008 13:02:30 -0000 1.2
+++ drupal.conf 9 Oct 2008 12:20:14 -0000 1.3
@@ -12,4 +12,6 @@
#Uncomment the following line for setup
#Allow from 127.0.0.1
AllowOverride All
+ #Uncomment the next line if using with SSL/TLS
+ #php_flag session.cookie_secure on
</Directory>
Index: drupal.spec
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- drupal.spec 14 Aug 2008 11:50:50 -0000 1.13
+++ drupal.spec 9 Oct 2008 12:20:14 -0000 1.14
@@ -1,6 +1,6 @@
%define drupaldir %{_datadir}/drupal
Name: drupal
-Version: 5.10
+Version: 5.11
Release: 1%{?dist}
Summary: An open-source content-management platform
@@ -71,6 +71,10 @@
%dir %attr(775,root,apache) %{_localstatedir}/lib/drupal/
%changelog
+* Thu Oct 09 2008 Jon Ciesla <limb at jcomserv.net> - 5.11-1
+- Upgrade to 5.11, SA-2008-060.
+- Added notes to README and drupal.conf re CVE-2008-3661.
+
* Thu Aug 14 2008 Jon Ciesla <limb at jcomserv.net> - 5.10-1
- Upgrade to 5.10, SA-2008-047.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/sources,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- sources 14 Aug 2008 11:50:50 -0000 1.11
+++ sources 9 Oct 2008 12:20:14 -0000 1.12
@@ -1 +1 @@
-819a914e97de48d2b2a8ab6955d01215 drupal-5.10.tar.gz
+de0936e4a991d1945129a56afcb6ef59 drupal-5.11.tar.gz
- Previous message (by thread): rpms/drupal/devel .cvsignore, 1.13, 1.14 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.16, 1.17 sources, 1.13, 1.14
- Next message (by thread): rpms/drupal/F-9 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.16, 1.17 sources, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list