Non-maintainer commit: Version bumps for security bugs 307811, 300199, 238571.

(Portage version: 2.2_rc63/cvs/Linux x86_64)

4 files changed, 41 insertions, 6 deletions

diff --git a/www-apps/drupal/ChangeLog b/www-apps/drupal/ChangeLog
index 5ab5dd7974b6..71b9716f05a8 100644
--- a/www-apps/drupal/ChangeLog
+++ b/www-apps/drupal/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for www-apps/drupal
-# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/ChangeLog,v 1.62 2009/12/18 20:16:07 alexxy Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/ChangeLog,v 1.63 2010/03/05 13:03:22 a3li Exp $
+
+*drupal-6.16 (05 Mar 2010)
+*drupal-5.22 (05 Mar 2010)
+
+  05 Mar 2010; Alex Legler <a3li@gentoo.org> -drupal-5.21.ebuild,
+  +drupal-5.22.ebuild, -drupal-6.15.ebuild, +drupal-6.16.ebuild,
+  files/postinstall-en.txt:
+  Non-maintainer commit: Version bumps for security bugs 307811, 300199,
+  238571.
 
 *drupal-6.15 (18 Dec 2009)
 *drupal-5.21 (18 Dec 2009)
diff --git a/www-apps/drupal/drupal-5.21.ebuild b/www-apps/drupal/drupal-5.22.ebuild
index 4693e1a93756..9e6d99c96460 100644
--- a/www-apps/drupal/drupal-5.21.ebuild
+++ b/www-apps/drupal/drupal-5.22.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2009 Gentoo Foundation
+# Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/drupal-5.21.ebuild,v 1.1 2009/12/18 20:16:07 alexxy Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/drupal-5.22.ebuild,v 1.1 2010/03/05 13:03:22 a3li Exp $
 
 inherit webapp eutils depend.php
 
@@ -49,3 +49,11 @@ src_install() {
 
 	webapp_src_install
 }
+
+pkg_postinst() {
+	ewarn
+	ewarn "SECURITY NOTICE"
+	ewarn "If you plan on using SSL on your Drupal site, please consult the postinstall information:"
+	ewarn "\t# webapp-config --show-postinst ${PN} ${PV}"
+	ewarn
+}
diff --git a/www-apps/drupal/drupal-6.15.ebuild b/www-apps/drupal/drupal-6.16.ebuild
index 68f5d459043d..76928b1ed431 100644
--- a/www-apps/drupal/drupal-6.15.ebuild
+++ b/www-apps/drupal/drupal-6.16.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2009 Gentoo Foundation
+# Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/drupal-6.15.ebuild,v 1.1 2009/12/18 20:16:07 alexxy Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/drupal/drupal-6.16.ebuild,v 1.1 2010/03/05 13:03:22 a3li Exp $
 
 inherit webapp eutils depend.php
 
@@ -54,3 +54,12 @@ src_install() {
 
 	webapp_src_install
 }
+
+pkg_postinst() {
+	ewarn
+	ewarn "SECURITY NOTICE"
+	ewarn "If you plan on using SSL on your Drupal site, please consult the postinstall information:"
+	ewarn "\t# webapp-config --show-postinst ${PN} ${PV}"
+	ewarn
+}
+
diff --git a/www-apps/drupal/files/postinstall-en.txt b/www-apps/drupal/files/postinstall-en.txt
index 54ff3320f14b..95ac8287a64e 100644
--- a/www-apps/drupal/files/postinstall-en.txt
+++ b/www-apps/drupal/files/postinstall-en.txt
@@ -13,4 +13,13 @@ http://${VHOST_HOSTNAME}/${VHOST_APPDIR}
 
 and provide the credential required for the database access.
 
+SECURITY NOTICE: If you use SSL on your Drupal installation, you
+should enable the PHP configuration option `session.cookie-secure'
+to make it harder for attackers to sniff session cookies.
+
+References:
+CVE-2008-3661
+http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-secure
+http://drupal.org/node/315703
+
 After that you can start to use drupal.