——————————————————————————–
Fedora Update Notification
FEDORA-2014-15522
2014-11-22 11:34:05
——————————————————————————–
Name : drupal7
Product : Fedora 19
Version : 7.34
Release : 1.fc19
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
——————————————————————————–
Update Information:
Drupal 7.34, 2014-11-19
———————–
– Fixed security issues (multiple vulnerabilities). See [SA-CORE-2014-006](https://www.drupal.org/SA-CORE-2014-006).
Drupal 7.33, 2014-11-07
———————–
– Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
– Added a “Did you mean?” feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
– Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
– Added a “block_cache_bypass_node_grants” variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
– Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
– Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
– Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field’s data when the field configuration was edited.
– Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
– Prevented the Bartik theme from lower-casing the “Permalink” link on comments, for improved multilingual support (minor UI change).
– Added a “preferred_menu_links” tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
– Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
– Removed the Field module’s field_modules_uninstalled() function, since it did not do anything when it was invoked.
– Added a “theme_hook_original” variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page’s HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the “theme_debug” variable to TRUE (API addition).
– Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
– Security improvement: Made the database API’s orderBy() method sanitize the sort direction (“ASC” or “DESC”) for queries built with db_select(), so that calling code does not have to.
– Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
– Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
– Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
– Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
– Renamed the “Search result” view mode to “Search result highlighting input” to better reflect how it is used (UI change).
– Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).
– Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits.
– Numerous small bug fixes.
– Numerous API documentation improvements.
– Additional automated test coverage.
——————————————————————————–
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher@gmail.com> – 7.34-1
– 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa@gmail.com> – 7.33-1
– Update to upstream 7.33 maintenance release with numerous bug fixes
* Wed Oct 15 2014 Jared Smith <jsmith@fedoraproject.org> – 7.32-1
– Update to upstream 7.32 security release for SA-CORE-2014-005
* Thu Aug 7 2014 Jared Smith <jsmith@fedoraproject.org> – 7.31-1
– Update to upstream 7.31 release for SA-CORE-2014-004
* Mon Jul 28 2014 Paul W. Frields <stickster@gmail.com> – 7.30-1
– 7.30
* Wed Jul 16 2014 Paul W. Frields <stickster@gmail.com> – 7.29-1
– 7.29, SA-CORE-2014-003
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 7.28-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 8 2014 Jon Ciesla <limburgher@gmail.com> – 7.28-1
– 7.28, BZ 1095618.
* Thu Apr 17 2014 Jon Ciesla <limburgher@gmail.com> – 7.27-1
– 7.27, BZ 1088847.
* Mon Mar 10 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-3
– Revised prior changes.
* Mon Mar 10 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-2
– Update RPM macros location, BZ 1074272. Should work
– on all branches.
* Wed Jan 15 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-1
– 7.26, SA-CORE-2014-001.
* Fri Jan 3 2014 Jon Ciesla <limburgher@gmail.com> – 7.25-1
– 7.25, BZ 1048114.
* Thu Nov 21 2013 Peter Borsa <peter.borsa@gmail.com> – 7.24-1
– Update to upstream 7.24 release for security fixes
– Upstream changelog for this release is available at https://drupal.org/drupal-7.24-release-notes
* Sat Aug 10 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-3
– Fix indentation in drupal7.prov.rpm-lt-4-9-compat file.
* Sat Aug 10 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-2
– EL5 prov Python fix, BZ 995734.
* Thu Aug 8 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-1
– Update to upstream 7.23 release for bug fixes
– Upstream changelog for this release is available at https://drupal.org/drupal-7.23-release-notes
* Tue Jul 30 2013 Jon Ciesla <limburgher@gmail.com> – 7.22-8
– Add crontabs requires, BZ 989021.
* Wed Jul 10 2013 Jon Ciesla <limburgher@gmail.com> – 7.22-7
– Typo and EL5 FHS fixes, BZ 979827.
* Tue Jun 18 2013 Jon Ciesla <limburgher@gmail.com> – 7.22-6
– Add AllowOverride All to drupal7.conf, BZ 905912.
* Mon Jun 3 2013 Jon Ciesla <limburgher@gmail.com> – 7.22-5
– Add auto-requires, BZ 969593.
——————————————————————————–
References:
[ 1 ] Bug #1166254 – CVE-2014-9016 drupal7: Denial of service in password hashing API (SA-CORE-2014-006)
https://bugzilla.redhat.com/show_bug.cgi?id=1166254
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update drupal7’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-15528
2014-11-22 11:34:23
——————————————————————————–
Name : drupal7
Product : Fedora 20
Version : 7.34
Release : 1.fc20
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
——————————————————————————–
Update Information:
Drupal 7.34, 2014-11-19
———————–
– Fixed security issues (multiple vulnerabilities). See [SA-CORE-2014-006](https://www.drupal.org/SA-CORE-2014-006).
Drupal 7.33, 2014-11-07
———————–
– Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions).
– Added a “Did you mean?” feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group.
– Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format.
– Added a “block_cache_bypass_node_grants” variable to allow sites which have node access modules enabled to use the block cache if desired (API addition).
– Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist.
– Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved.
– Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field’s data when the field configuration was edited.
– Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change).
– Prevented the Bartik theme from lower-casing the “Permalink” link on comments, for improved multilingual support (minor UI change).
– Added a “preferred_menu_links” tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter.
– Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table).
– Removed the Field module’s field_modules_uninstalled() function, since it did not do anything when it was invoked.
– Added a “theme_hook_original” variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page’s HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the “theme_debug” variable to TRUE (API addition).
– Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141).
– Security improvement: Made the database API’s orderBy() method sanitize the sort direction (“ASC” or “DESC”) for queries built with db_select(), so that calling code does not have to.
– Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change).
– Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change).
– Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6.
– Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request.
– Renamed the “Search result” view mode to “Search result highlighting input” to better reflect how it is used (UI change).
– Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries).
– Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits.
– Numerous small bug fixes.
– Numerous API documentation improvements.
– Additional automated test coverage.
——————————————————————————–
ChangeLog:
* Thu Nov 20 2014 Jon Ciesla <limburgher@gmail.com> – 7.34-1
– 7.34, DRUPAL-SA-CORE-2014-006.
* Tue Nov 11 2014 Peter Borsa <peter.borsa@gmail.com> – 7.33-1
– Update to upstream 7.33 maintenance release with numerous bug fixes
* Wed Oct 15 2014 Jared Smith <jsmith@fedoraproject.org> – 7.32-1
– Update to upstream 7.32 security release for SA-CORE-2014-005
* Thu Aug 7 2014 Jared Smith <jsmith@fedoraproject.org> – 7.31-1
– Update to upstream 7.31 release for SA-CORE-2014-004
* Mon Jul 28 2014 Paul W. Frields <stickster@gmail.com> – 7.30-1
– 7.30
* Wed Jul 16 2014 Paul W. Frields <stickster@gmail.com> – 7.29-1
– 7.29, SA-CORE-2014-003
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 7.28-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 8 2014 Jon Ciesla <limburgher@gmail.com> – 7.28-1
– 7.28, BZ 1095618.
* Thu Apr 17 2014 Jon Ciesla <limburgher@gmail.com> – 7.27-1
– 7.27, BZ 1088847.
* Mon Mar 10 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-3
– Revised prior changes.
* Mon Mar 10 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-2
– Update RPM macros location, BZ 1074272. Should work
– on all branches.
* Wed Jan 15 2014 Jon Ciesla <limburgher@gmail.com> – 7.26-1
– 7.26, SA-CORE-2014-001.
* Fri Jan 3 2014 Jon Ciesla <limburgher@gmail.com> – 7.25-1
– 7.25, BZ 1048114.
* Thu Nov 21 2013 Peter Borsa <peter.borsa@gmail.com> – 7.24-1
– Update to upstream 7.24 release for security fixes
– Upstream changelog for this release is available at https://drupal.org/drupal-7.24-release-notes
* Sat Aug 10 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-3
– Fix indentation in drupal7.prov.rpm-lt-4-9-compat file.
* Sat Aug 10 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-2
– EL5 prov Python fix, BZ 995734.
* Thu Aug 8 2013 Peter Borsa <peter.borsa@gmail.com> – 7.23-1
– Update to upstream 7.23 release for bug fixes
– Upstream changelog for this release is available at https://drupal.org/drupal-7.23-release-notes
——————————————————————————–
References:
[ 1 ] Bug #1166254 – CVE-2014-9016 drupal7: Denial of service in password hashing API (SA-CORE-2014-006)
https://bugzilla.redhat.com/show_bug.cgi?id=1166254
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update drupal7’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce