rpms/drupal/F-8 .cvsignore, 1.7, 1.8 drupal-README.fedora, 1.3, 1.4 drupal.conf, 1.2, 1.3 drupal.spec, 1.13, 1.14 sources, 1.11, 1.12

Jon Ciesla limb at fedoraproject.org
Thu Oct 9 12:20:44 UTC 2008 

Author: limb

Update of /cvs/pkgs/rpms/drupal/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11453

Modified Files:
	.cvsignore drupal-README.fedora drupal.conf drupal.spec 
	sources 
Log Message:
SA-2008-060.



Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/.cvsignore,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- .cvsignore	14 Aug 2008 11:50:50 -0000	1.7
+++ .cvsignore	9 Oct 2008 12:20:14 -0000	1.8
@@ -1 +1 @@
-drupal-5.10.tar.gz
+drupal-5.11.tar.gz


Index: drupal-README.fedora
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal-README.fedora,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- drupal-README.fedora	6 Dec 2007 02:50:57 -0000	1.3
+++ drupal-README.fedora	9 Oct 2008 12:20:14 -0000	1.4
@@ -30,3 +30,12 @@
 should not run into problems, but if any symlinks are changed, they will be
 re-written when the package is upgraded, which could break the site until
 you re-change the symlink.
+
+3. SSL/TLS usage.
+CVE-2008-3661 relates to the security of session cookies and SSL/TLS.
+
+http://int21.de/cve/CVE-2008-3661-drupal.html
+http://www.securityfocus.com/bid/31285
+
+To help mitigate this, uncomment the following line in /etc/httpd/conf.d/drupal.conf:
+#php_flag session.cookie_secure on


Index: drupal.conf
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- drupal.conf	8 Jan 2008 13:02:30 -0000	1.2
+++ drupal.conf	9 Oct 2008 12:20:14 -0000	1.3
@@ -12,4 +12,6 @@
 	#Uncomment the following line for setup
         #Allow from 127.0.0.1
 	AllowOverride All
+	#Uncomment the next line if using with SSL/TLS
+	#php_flag session.cookie_secure on
 </Directory>


Index: drupal.spec
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/drupal.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- drupal.spec	14 Aug 2008 11:50:50 -0000	1.13
+++ drupal.spec	9 Oct 2008 12:20:14 -0000	1.14
@@ -1,6 +1,6 @@
 %define drupaldir %{_datadir}/drupal
 Name: drupal
-Version:  5.10
+Version:  5.11
 Release:  1%{?dist}
 Summary: An open-source content-management platform
 
@@ -71,6 +71,10 @@
 %dir %attr(775,root,apache) %{_localstatedir}/lib/drupal/
 
 %changelog
+* Thu Oct 09 2008 Jon Ciesla <limb at jcomserv.net> - 5.11-1
+- Upgrade to 5.11, SA-2008-060.
+- Added notes to README and drupal.conf re CVE-2008-3661.
+
 * Thu Aug 14 2008 Jon Ciesla <limb at jcomserv.net> - 5.10-1
 - Upgrade to 5.10, SA-2008-047.
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/drupal/F-8/sources,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- sources	14 Aug 2008 11:50:50 -0000	1.11
+++ sources	9 Oct 2008 12:20:14 -0000	1.12
@@ -1 +1 @@
-819a914e97de48d2b2a8ab6955d01215  drupal-5.10.tar.gz
+de0936e4a991d1945129a56afcb6ef59  drupal-5.11.tar.gz

More information about the fedora-extras-commits mailing list