--- drupal6-6.10.orig/debian/drupal6.prerm +++ drupal6-6.10/debian/drupal6.prerm @@ -0,0 +1,14 @@ +#! /bin/bash +# prerm script for ${package_name} +# + +set -e + +. /usr/share/debconf/confmodule +. /usr/share/dbconfig-common/dpkg/prerm +dbc_go drupal6 $@ + +#DEBHELPER# + +exit 0 + --- drupal6-6.10.orig/debian/examples +++ drupal6-6.10/debian/examples @@ -0,0 +1,2 @@ +sites/default/default.settings.php + --- drupal6-6.10.orig/debian/docs +++ drupal6-6.10/debian/docs @@ -0,0 +1,5 @@ +MAINTAINERS.txt +UPGRADE.txt +INSTALL.mysql.txt +INSTALL.pgsql.txt +scripts --- drupal6-6.10.orig/debian/README.Debian +++ drupal6-6.10/debian/README.Debian @@ -0,0 +1,171 @@ +Drupal for Debian +----------------- + +1. Introduction +2. Manual initial database generation and configuration +3. Database population script +4. Deleting the Drupal database +5. Changes to Apache 2 configuration +6. Securing your portal +7. Upgrading database from previous versions +8. Virtual hosts +9. Additional themes and modules +10. Privacy of session cookies + +A. Customizing themes +B. Links for more support + + +1. Introduction +--------------- +The latest version of Drupal can always be found at +. + +A running database server is needed for this package to work. It +doesn't matter whether the DBMS runs on the same machine as the +web server. MySQL and PostgreSQL servers are supported by this package. + +You can change the DBMS configuration after installation by running +"dpkg-reconfigure drupal" + + +2. Manual initial database generation and configuration +------------------------------------------------------- +This is only necessary if you chose not to automatically create the +database at installation time or if automatic creation failed. + +Directions on how to create a database for you drupal portal can be found +in INSTALL.mysql.txt and INSTALL.pgsql.txt files in /usr/share/doc/drupal6. + + +3. Database population script +----------------------------- +Once a database is set up and configured, drupal needs to create tables and +insert default records into it. + +This can be done running the install.php script on portal web site, e.g. + + http://localhost/drupal6/install.php + + +4. Deleting the Drupal database +------------------------------- +The database may be deleted automatically on purging the package +(debconf prompt the user asking to do it or not). + +If you want to purge the data stored at MySQl database manually you +can use the following command: + +'mysqladmin -p drop drupal6' + +being the user who admin MySQL. + + +5. Changes to Apache 2 configuration +------------------------------------ + +By default, Drupal passes path arguments to itself via its dynamically +generated URLs. This results in URLs that look like +"http://www.example.com/?q=node/83." This can make URLs hard to read and it +prevents some search engines from indexing the pages with these URLs + +You can tell Drupal to use "clean URLs", eliminating the "?q=" in internal +URLs, simply enabling mod_rewrite in apache 2 configuration (a2enmod rewrite). +Please note that you may need to adjust the /etc/drupal/6/htaccess +configuration file to match your site configuration. + + +6. Securing your portal +----------------------- +It is very good security measure to restrict access to admin.php only +to trusted IP's and localhost (you can see an example at +/etc/drupal/6/htaccess) As an added security measure, is a good idea to +set up a ssl-enabled web server in your apache, and allow access to +admin page only to ssl streams. + + +7. Upgrading database from previous versions +-------------------------------------------- +From version 4.7.4 drupal packages will be separated for each major version. +Automatic upgrading the database will not be attempted anymore. + +To upgrade an existing version of drupal, install the new package and manually +configure the database to point to the existing database, then execute the +upstream upgrade script by pointing a web browser to + + + +Then remove the old package. + +WARNING: be sure to _NOT_ remove the old package's database. + + +8. Virtual hosts +---------------- +Drupal supports a setup with multiple virtual hosts. Each virtual host +has its own configuration directory in /etc/drupal/6/sites/_virtualhost_. +At install time the 'default' virtual host is created with the required +settings.php configuration file. + +To create new virtual hosts simply duplicate the default virtual host directory +and adjust the settings.php and dbconfig.php configuration files. + +This package supports running cron scripts on each virtual host, as long as you +define the $base_url variable in the virtual host settings.php configuration +file. + + +9. Additional modules and themes +-------------------------------- + +Drupal looks for modules and themes in the modules/ and themes/ +subdirectories, respectively. However, it would be a bad idea to put +additional modules and themes into those directories because they +might be overwritten on upgrades. Instead, create links to another +directory that won't be touched by dpkg, e.g. in the /usr/local +hierarchy: + + # ln -s /usr/local/share/drupal/modules /usr/share/drupal6/modules/local + # ln -s /usr/local/share/drupal/themes /usr/share/drupal6/themes/local + + +10. Privacy of session cookies +------------------------------ + +Drupal does not set the secure flag for the session cookie in an https +session, which can cause the cookie to be sent in http requests and make +it easier for remote attackers to capture this cookie. + +If you are using drupal on an https connection you can fix this issue +setting the session.cookie_secure PHP properties to on either in the +global PHP configuration file or adding the following line to +/etc/drupal/6/htaccess: + + php_value session.cookie_secure 1 + + +A. Customizing themes +--------------------- +To create or customize a theme for your site, I recommend to start +with an existing theme (as exmaple), copy it to a different location + + # cp -ai /etc/drupal/6/themes/example /etc/drupal/6/themes/Custom + +and modify this new created theme. You can now select your "Custom" +theme in the Preferences menu from the admin interface. + +You should not modify and use an included theme in the package +directly, as your changes could be overwritten next time you upgrade +drupal. + + +B. Links for more support +------------------------- +* http://www.drupal.org/ + - Drupal's project page for those willing to get involved in the + ongoing development + +* http://www.drupal.org/node.php?id=253 + - online installation guidelines + + -- Luigi Gangitano Mon, 11 Aug 2008 12:00:12 +0100 --- drupal6-6.10.orig/debian/rules +++ drupal6-6.10/debian/rules @@ -0,0 +1,59 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +PACKAGE=drupal6 + +include /usr/share/dpatch/dpatch.make + +build: patch + +clean-patched: + dh_testdir + dh_testroot + dh_clean + +clean: clean-patched unpatch + +install:build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs -X.svn -XCVS + dh_install -XCVS -X.svn + # fix permissions + find $(CURDIR)/debian/$(PACKAGE)/usr/share/drupal6 \ + -name '*.png' -o -name '*.jpg' | xargs chmod a-x + chmod +x $(CURDIR)/debian/$(PACKAGE)/usr/share/drupal6/scripts/* + rm $(CURDIR)/debian/$(PACKAGE)/usr/share/drupal6/misc/jquery.js + + install -m640 .htaccess debian/drupal6/etc/drupal/6/htaccess + install -m644 debian/drupal6.lintian debian/drupal6/usr/share/lintian/overrides/drupal6 +# Everything else is handled by dh_install + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs CHANGELOG.txt + dh_installdocs -XCVS -X.svn + dh_installexamples + dh_installdebconf + dh_installcron + dh_link + dh_compress + dh_fixperms + dh_installdeb +ifeq ($(PO2DEBCONF),yes) + po2debconf -e utf8 debian/templates.master > debian/templates +endif + dh_gencontrol -- -V'debconf-depends=debconf (>= $(MINDEBCONFVER))' + dh_md5sums + dh_builddeb + +binary: binary-indep +.PHONY: build clean binary-indep binary install #PHONY_CONFIGURE# --- drupal6-6.10.orig/debian/drupal6.postinst +++ drupal6-6.10/debian/drupal6.postinst @@ -0,0 +1,73 @@ +#!/bin/bash +# postinst script for drupal + +set -e + +dbc_generate_include='php:/etc/drupal/6/sites/default/dbconfig.php' +dbc_generate_include_owner='root:www-data' +dbc_generate_include_perms='640' +dbc_pgsql_createdb_encoding='UTF8' + +. /usr/share/debconf/confmodule +# source dbconfig-common stuff'); +. /usr/share/dbconfig-common/dpkg/postinst +dbc_go drupal6 $@ + +if [ "$DPKG_DEBUG" = "developer" ]; then + set -x +fi + +package_name="drupal6" +datadir="/var/lib/${package_name}" +filesdir="${datadir}/files" +backupdir="${datadir}/backups" +pkgdir="/usr/share/${package_name}" +docdir="/usr/share/doc/${package_name}" +upgradesdir="${docdir}/upgrades" +configdir="/etc/drupal/6" +default_configfile="${configdir}/sites/default/settings.php" +includefile="${configdir}/apache.conf" +cronfile="/etc/cron.d/${package_name}" + +OLDVERSION="$2" + +case "$1" in + configure) + + + webserver=`echo $webserver|sed -e 's/, */ /g'` + + webserver="apache2" + + if [ ! -d /etc/$webserver/conf.d/ ]; then + install -d -m755 /etc/$webserver/conf.d/ + fi + if [ ! -e /etc/$webserver/conf.d/drupal6.conf ]; then + ln -s ${includefile} /etc/$webserver/conf.d/drupal6.conf + restart="$i $restart" + fi + + servers="apache2" + . /usr/share/wwwconfig-common/restart.sh + + # Permissions + dpkg-statoverride --list $filesdir || dpkg-statoverride --add --force --update www-data www-data 0750 $filesdir + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- drupal6-6.10.orig/debian/drupal6.lintian +++ drupal6-6.10/debian/drupal6.lintian @@ -0,0 +1,2 @@ +drupal6: package-contains-upstream-install-documentation usr/share/doc/drupal6/INSTALL.mysql.txt +drupal6: package-contains-upstream-install-documentation usr/share/doc/drupal6/INSTALL.pgsql.txt --- drupal6-6.10.orig/debian/links +++ drupal6-6.10/debian/links @@ -0,0 +1,5 @@ +etc/drupal/6/htaccess usr/share/drupal6/.htaccess +etc/drupal/6/sites usr/share/drupal6/sites +etc/drupal/6/profiles usr/share/drupal6/profiles +var/lib/drupal6/files etc/drupal/6/sites/default/files +usr/share/javascript/jquery/jquery.js usr/share/drupal6/misc/jquery.js --- drupal6-6.10.orig/debian/cron.d +++ drupal6-6.10/debian/cron.d @@ -0,0 +1 @@ +0 * * * * www-data [ -x /usr/share/drupal6/scripts/cron.sh ] && /usr/share/drupal6/scripts/cron.sh --- drupal6-6.10.orig/debian/cron.sh +++ drupal6-6.10/debian/cron.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# $Id: cron.sh 1878 2008-02-12 10:56:45Z luigi $ + +for site in /etc/drupal/6/sites/* ; do + BASE_URL="" + + if [ ! "`basename $site`" = "all" ]; then + for file in $site/baseurl.php $site/settings.php; do + [ -f "$file" ] && BASE_URL=`grep '^$base_url' $file | cut -d"'" -f2` + [ "X$BASE_URL" != "X" ] && break + done + + if [ "X$BASE_URL" = "X" ] ; then + BASE_URL='http://localhost/drupal6' + fi + + curl --silent --compressed --location $BASE_URL/cron.php + fi +done --- drupal6-6.10.orig/debian/drupal6.postrm +++ drupal6-6.10/debian/drupal6.postrm @@ -0,0 +1,92 @@ +#! /bin/bash +# postrm script for ${package_name} +# + +set -e + +if [ -f /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule +fi + +# source dbconfig-common stuff +if [ -f /usr/share/dbconfig-common/dpkg/postrm ]; then + . /usr/share/dbconfig-common/dpkg/postrm + dbc_go drupal6 $@ +fi + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +if [ "$DPKG_DEBUG" = "developer" ]; then + set -x +fi + +package_name="drupal6" +datadir="/var/lib/${package_name}/" +backupdir="${datadir}backups/" +nukedir="/usr/share/${package_name}/" +docdir="/usr/share/doc/${package_name}/" +sqlfile="${docdir}database/database.mysql" +upgradesdir="${docdir}upgrades/" +configdir="/etc/drupal/6/" +configfile="${configdir}conf.php" +includefile="${configdir}apache.conf" +dbconfigfile="${configdir}/sites/default/dbconfig.php" +cronfile="/etc/cron.d/${package_name}" + +webserver="apache2" + +case "$1" in + purge|remove) + + # Un-configure webservers + if [ -L /etc/$webserver/conf.d/drupal6.conf ]; then + rm -f /etc/$webserver/conf.d/drupal6.conf || true + restart="$i $restart" + fi + + servers="apache2" + . /usr/share/wwwconfig-common/restart.sh + + + # Remove configuration files (conf.php, $SITE.php) + rm -f /etc/drupal/sites/default/settings.php + + if [ "$1" = "purge" ]; then + rm -f ${dbconfigfile} + if which ucf >/dev/null 2>&1; then + ucf --purge ${dbconfigfile} + fi + + db_purge || true + + fi + + ;; + + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + --- drupal6-6.10.orig/debian/changelog +++ drupal6-6.10/debian/changelog @@ -0,0 +1,774 @@ +drupal6 (6.10-1ubuntu0.2) jaunty-security; urgency=low + + * debian/patches/22_SA-CORE-2009-009.dpatch: + - SECURITY UPDATE due to multiple vulnerabilities + and weaknesses were discovered in Drupal (LP: #510421) + - CVE-2009-4369 + - CVE-2009-4370 + - CVE-2009-4371 + + -- Artur Rona Mon, 22 Feb 2010 00:12:33 +0100 + +drupal6 (6.10-1ubuntu0.1) jaunty-security; urgency=low + + * debian/patches/18_SA-CORE-2009-005.dpatch: + - Fix cross site scripting, see SA-CORE-2009-005 + - CVE-2009-1576 + * debian/patches/19_SA-CORE-2009-006.dpatch: + - Fix cross site scripting, see SA-CORE-2009-006 + * debian/patches/20_SA-CORE-2009-007.dpatch: + - Fix possible password leakage via URLs. + - CVE-2009-2372 + - CVE-2009-2373 + - CVE-2009-2374 + * debian/patches/21_SA-CORE-2009-008.dpatch: + - Fix security issues (session fixation), + see SA-CORE-2009-008 (LP: #431080) + + -- Artur Rona Sun, 25 Oct 2009 16:19:12 +0100 + +drupal6 (6.10-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release + - This version fixes two Windows-only security issues + (Ref: SA-CORE-2009-003, SA-CORE-2009-004) + Debian is not affected by this vulnerabilites + + -- Luigi Gangitano Sun, 01 Mar 2009 18:26:25 +0100 + +drupal6 (6.9-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release + - Removed security patch integrate upstream + + 12_SA-2008-073 + + 13_SA-CORE-2009-001 + + * debian/cron.sh + - Handle sites/all correctly (Closes: #513522) + + -- Luigi Gangitano Mon, 16 Feb 2009 19:37:31 +0100 + +drupal6 (6.6-3) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * debian/patches/13_SA-CORE-2009-001 + - Added upstream patch fixing multiple vulnerabilities + (Ref: SA-CORE-2009-001, CVE-TBD) + + -- Luigi Gangitano Fri, 16 Jan 2009 01:49:58 +0100 + +drupal6 (6.6-2) unstable; urgency=high + + * debian/patches/12_SA-2008-073 + - Moved NMU changes to dpatch file + + * debian/control + - Added dependency on ${misc:Depends} to make lintian happy + + * debian/drupal6.{postinst,postrm} + - Changed apache configuration link name to drupal6.conf, to avoid + collision with drupal5 (Closes: #509769, #505146) + - Set default Postgres encoding to UTF8 (Closes: #508506) + + * debian/README.Debian + - Fixed link to installation script (Closes: 507914) + + -- Luigi Gangitano Thu, 08 Jan 2009 20:49:51 +0100 + +drupal6 (6.6-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Urgency high because this fixes a security issue + * Include upstream patch for SA-2008-073, to fix a security issue: + The update system is vulnerable to Cross site request forgeries. Malicious + users may cause the superuser (user 1) to execute old updates that may + damage the database. + (Ref: SA-2008-073) (Closes: #508473) + + -- Patrick Schoenfeld Fri, 12 Dec 2008 09:30:28 +0100 + +drupal6 (6.6-1) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * New upstream release + - Fixes two security vulnerabilities + (Ref: SA-2008-067, CVE-TBA) (Closes: #503222) + + * debian/drual6.postrm + - Fixed missing -e option to make lintian happy + + * debian/patches/10_cronjob.dpatch + - Added patch descritpion to make lintian happy + + * debian/control + - Bumped Standard-Version to 3.8.0, no change needed + + * debian/{control,rules,links} + - Added dependency on libjs-jquery and use jquery.js from it + + -- Luigi Gangitano Fri, 24 Oct 2008 23:06:15 +0200 + +drupal6 (6.5-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release + - Removed security patch integrate upstream + + 11-SA-2008-060 + + -- Luigi Gangitano Mon, 20 Oct 2008 23:59:27 +0200 + +drupal6 (6.4-2) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * debian/patches/11-SA-2008-060 + - Added upstream patch fixing several security vulnerabilities + (Ref: SA-2008-060, CVE-TBA) (Closes: #501640) + + * debian/README.Debian + - Added a notice about cookie security and session.cookie_secure + configuration (Ref: CVE-2008-3661) (Closes: #501058) + + -- Luigi Gangitano Fri, 14 Oct 2008 15:47:20 +0200 + +drupal6 (6.4-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release + - Fixes several XSS vulnerabilities + (Ref: SA-2008-047, CVE-TBD) + + -- Luigi Gangitano Fri, 15 Aug 2008 01:35:59 +0200 + +drupal6 (6.3-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release (Closes: 465833) + + * debian/links + - Changed files directory link to match new upstream configuration + + * debian/README.Debian + - Fixed references to database population script and added instructions + to enable apache2 mod_rewrite. + + -- Luigi Gangitano Mon, 11 Aug 2008 19:16:04 +0200 + +drupal6 (6.0-1) UNRELEASED; urgency=low + + [ Luigi Gangitano ] + * New upstream branch 6.0 + + * debian/* + - Rename file and directories from 5 to 6 + - In debian/control switch to Source: drupal6 + + -- Luigi Gangitano Mon, 11 Aug 2008 12:00:12 +0100 + +drupal5 (5.7-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release + - Fixes several non-security related bugs (Closes: #464876) + + * debian/po/hu.po + - Updated Hungarian debconf templates translation (Thanks to Miklos + Lukacs) (Closes: #459378) + + * debian/cron.sh + - Fixed cron script for multisite setup (thanks to Fernando Lucas + Rodriguez) (Closes: #464599) + + * debian/watch + - Removed unused 'uupdate' token + + -- Luigi Gangitano Tue, 12 Feb 2008 11:40:29 +0100 + +drupal5 (5.6-2) unstable; urgency=low + + [ Luigi Gangitano ] + * debian/cron.d + - Fix typo in cron script that makes it running every minutes, set it + to one hour (Closes: #456182) + + -- Luigi Gangitano Sat, 26 Jan 2008 20:51:39 +0100 + +drupal5 (5.6-1) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * New upstream release + - Fixes Cross site request forgery in Aggregator module + (Ref: SA-2008-005, CVE-TBA) + - Fixes Cross site scripting vulnerability with IE6 and user submitted + UTF8 input (Ref: SA-2008-006, CVE-TBA) + + * debian/cron.d + - Run cron script every hour and not every 5 minutes (Closes: #456182) + + * debian/rules + - Removed binary-arch section, moved all actions to binary-indep + + * debian/control + - Swapped httpd | apache2 order to comply with policy + - Bumped Standard-Version to 3.7.3, no change needed + + -- Luigi Gangitano Fri, 11 Jan 2008 15:02:09 +0100 + +drupal5 (5.5-1) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * New upstream release + - Fixes SQL Injection vulnerability in contributed modules + (Ref: DRUPAL-SA-2007-031, CVE-2007-6299) + + * debian/cron.sh + - Added check of BASE_URL in baseurl.php (Closes: #448774) + + -- Luigi Gangitano Fri, 07 Dec 2007 21:29:18 +0100 + +drupal5 (5.3-1) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * New upstream release + - Fixes several security vulnerabilities + + DRUPAL-SA-2007-024 (Ref: CVE-2007-5595) + + DRUPAL-SA-2007-025 (Ref: CVE-2007-5593) + + DRUPAL-SA-2007-026 (Ref: CVE-2007-5596) + + DRUPAL-SA-2007-029 (Ref: CVE-2007-5594) + + DRUPAL-SA-2007-030 (Ref: CVE-2007-5597) + + + -- Luigi Gangitano Sat, 20 Oct 2007 09:52:38 +0200 + +drupal5 (5.2-3) unstable; urgency=low + + * debian/drupal5.install + - Install default robots.txt (Closes: #440291) + + * debian/control + - Changed Recommends to postgresql + + -- Luigi Gangitano Thu, 23 Aug 2007 15:44:15 +0200 + +drupal5 (5.2-2) unstable; urgency=low + + * debian/README.Debian + - Fixed references to configuration directory + + * debian/etc/settings.php + - Apply fixes from upstream version (Closes: #435433) + + -- Luigi Gangitano Fri, 27 Jul 2007 02:12:20 +0200 + +drupal5 (5.2-1) unstable; urgency=high + + [ Luigi Gangitano ] + * Urgency high due to security fixes + + * New upstream release + - Fixes XSS in server variables (Ref: DRUPAL-SA-2007-018, CVE: TBD) + - Fixes XSRF in Forms API (Ref: DRUPAL-SA-2007-017, CVE: TBD) + + * debian/copyright + - Fixed FSF address to make lintian happy + + * debian/control + - Removed dependencies on php4 + - Updated httpd real package dependency to apache2 + - Changed Build-Depend-Indep to Build-Depend (policy 7.6) + + -- Luigi Gangitano Fri, 27 Jul 2007 01:48:04 +0200 + +drupal5 (5.1-3) unstable; urgency=low + + [ Luigi Gangitano ] + * debian/control + - Removed dependencies on 8.1 version of postgresql packages + - Fixed typo in postgresql-server package (Closes: #429229) + + -- Luigi Gangitano Wed, 29 Jun 2007 21:39:33 +0200 + +drupal5 (5.1-2) unstable; urgency=low + + [ Luigi Gangitano ] + - debian/control + * Added Xs-Vcs-{Svn,Browser} tags + + - debian/README.Debian + * Added istructions on Postgres database install and PHP memory limit + (Closes: #427001) + + [ Bart Cornelis (cobaco) ] + - New Norwegian Bokmael translation by Hans Fredrik Nordhaug + + -- Luigi Gangitano Tue, 13 Mar 2007 00:21:14 +0100 + +drupal5 (5.1-1) unstable; urgency=low + + [ Luigi Gangitano ] + * New upstream release (Closes: #409522) + + * debian/{links,drupal5.install,cron.d,etc/apache.conf} + - Applied patch from Karl-Heinz Nirschl fixing paths + + [ Bart Cornelis ] + Translations + * Updated Dutch translation by Bart Cornelis + * Updated Japanese translation by Hideki Yamane + * Updated German translation by Helge Kreutzmann (Closes: #413891) + * Updated Portuguese translation by Miguel Figueiredo (Closes: #413905) + * New Swedisch Translation by Daniel Nylander + * New Tamil translation by Tirumurti Vasudevan (Closes: #413824) + * New Czech translation by Miroslav Kure (Closes: #413798) + * New Russion translation by Yuriy Talakan (Closes: #414063) + * New Basque translation by Piarres Beobide (Closes: #413966) + * New Galician translation by Jacobo Tarrio (Closes: #413764) + + -- Luigi Gangitano Sat, 10 Mar 2007 20:04:24 +0100 + +drupal5 (5.0-1) UNRELEASED; urgency=low + + * (NOT RELEASED YET) New upstream release + + * debian/* + - Rename file and directories from 4.7 to 5 + - In debian/control switch to Source: drupal5 + - Add watch file + + * debian/control + - Removed Suggests on ssl enabled packages + - Removed dependencies on apache and added dependency on httpd | apache + - Added dependency on php4-gd | php5-gd + + * debian/{rules,drupal5.install} + - Removed reference to not-existing directory 'database' + + * debian/patches/10_cronjob.dpatch + - Updated patch to new cron script + + -- Luigi Gangitano Fri, 26 Jan 2007 20:04:24 +0100 + +drupal (4.7.5-2) UNRELEASED; urgency=low + + [ Luigi Gangitano ] + * NOT RELEASED YET + + * debian/control + - Bumped Standards-Version to 3.7.2 (no change needed) + - Removed dependency on postgsql-{client,server}-8.0 which is not in + the archive anymore + + * Translations + - Updated Dutch translations by Bart Cornelis + + -- Bart Cornelis (cobaco) Tue, 23 Jan 2007 11:50:45 +0100 + +drupal (4.7.5-1) unstable; urgency=low + + * New upstream release + - Fixes Denial of Service (DRUPAL-SA-2007-002) + - Fixes CSS Vulnerability (DRUPAL-SA-2007-001) + + -- Luigi Gangitano Sun, 7 Jan 2007 00:33:33 +0100 + +drupal (4.7.4-3) unstable; urgency=low + + * debian/po/fr.po + - Updated French debconf templates translation (Thanks to Thomas Huriaux) + (Closes: #404967) + + * debian/control + - Add php5 dependency (Closes: #405162) + + -- Luigi Gangitano Sun, 7 Jan 2007 00:13:36 +0100 + +drupal (4.7.4-2) unstable; urgency=low + + * debian/control + - Fixed dependency on postgresql-client + - Removed dependency on makepasswd (not needed since we use + dbconfig.common) + - Removed dependency on php4-cli (not needed with new cron script) + - Promote Recommends: php4 to Depends: php4 + + * debian/etc/settings.php + - Fix warning if baseurl.php does not exists + + * debian/copyright + - Fixed copyright information as requested by ftp-master + + -- Luigi Gangitano Tue, 5 Dec 2006 15:37:25 +0100 + +drupal (4.7.4-1) unstable; urgency=low + + * Prepare package for new inclusion in Debian + - Thanks to Karl-Heinz Nirschl for keeping this package in his repository + and allowing me to start from his work + - Change (binary) package name to drupal-4.7 allowing for multiple version + to be installed concurrently, so admins can control upgrade between + releases + - Add dependency on dbconfig-common and switch custom config script to use + functions provided by dbconfig-common (Closes: #366692) + - Removed unused templates + - Added dependency on curl for cron script execution + - Take over removal request (Closes: #375496) + - Update to latest revision (Closes: #307821, #365047, #365709) + + -- Luigi Gangitano Thu, 23 Nov 2006 21:53:19 +0100 + +drupal (4.7.4-0brainlog1) unstable; urgency=low + + * new upstream release because patches do not apply cleanly + * fixes: DRUPAL-SA-2006-024, DRUPAL-SA-2006-025, DRUPAL-SA-2006-026 + + -- Karl-Heinz Nirschl Fri, 20 Oct 2006 19:26:16 +0200 + +drupal (4.7.2-0brainlog4) unstable; urgency=low + + * add security fix DRUPAL-SA-2006-011 + XSS Vulnerability in user module + * move scripts dir to doc + + -- Karl-Heinz Nirschl Thu, 3 Aug 2006 19:46:57 +0200 + +drupal (4.7.2-0brainlog3) unstable; urgency=low + + * fix initial database generation - now checks for mysql version + + -- Karl-Heinz Nirschl Sat, 8 Jul 2006 13:13:12 +0200 + +drupal (4.7.2-0brainlog2) unstable; urgency=low + + * Using a fresh tarball and no .svn files. + * Fix x. permissions. + * Use debian mysql maint password for mysql install + + -- Tzafrir Cohen Fri, 7 Jul 2006 15:59:41 +0300 + +drupal (4.7.2-0brainlog1) unstable; urgency=low + + * new upstream release + * add patch handling to package + - make cron job less verbose + + -- Karl-Heinz Nirschl Fri, 16 Jun 2006 17:13:50 +0200 + +drupal (4.7.1-0brainlog1) unstable; urgency=low + + * new upstream version + + -- Karl-Heinz Nirschl Mon, 29 May 2006 14:01:48 +0200 + +drupal (4.6.5-0brainlog1) unstable; urgency=low + + * update to drupal 4.6.5 (new upstream) + + -- Karl-Heinz Nirschl Mon, 29 May 2006 13:58:55 +0200 + +drupal (4.6.3-0brainlog1) unstable; urgency=low + + * New upstream version (Closes: #307821) + * based on the drupal 4.5.2-4 debian package + * remove the auto update database stuff + * added debconf entry for the base_url + + -- Karl-Heinz Nirschl Thu, 29 Sep 2005 19:10:17 +0200 + +drupal (4.5.2-4) unstable; urgency=low + + * [Miguel Figueiredo ] Added Portuguese translation + (Closes: #301394) + * [Valentina Commissari ] Added Italian translation + (Closes: #301946) + * [Gleydson Mazioli da Silva ] Updated Brazilian + Portuguese translation. + * Fixed typo in package description (Closes: #306997) + + -- Hilko Bengen Thu, 19 May 2005 21:23:27 +0200 + +drupal (4.5.2-3) unstable; urgency=high + + * Fixes "Bypass access via comments" problem mentioned in + http://drupal.org/node/19009. Patch from Gerhard Killesreiter, thanks. + I consider this a critical bug, hence urgency=high. + * [Sergio Talens-Oliag ] Updated Spanish and Catalan + Debconf translations and converted them to UTF-8. + + -- Hilko Bengen Tue, 22 Mar 2005 11:14:36 +0100 + +drupal (4.5.2-2) unstable; urgency=low + + * Changed includes/bootstrap.inc: conf.php (or $site.php) is loaded from + /etc/drupal directly, without the need for any link. + * Removed indentations from sed script which is used to edit the + configuration file. + * Rolled back session.inc to version found in 4.5.1; fixes bug documented + in http://drupal.org/node/15666 + * Added documentation about manual update procedure in README.Debian + and Debconf templates (Closes: #293804) + * Added documentation about adding modules and themes that are not + part of the package. + * NEWS.Debian mentions where to get Marvin and UnConeD themes that used + to be part of the Drupal distribution. + + -- Hilko Bengen Tue, 15 Mar 2005 15:16:26 +0100 + +drupal (4.5.2-1) unstable; urgency=low + + * New upstream version (Closes: #290745; That was fast, wasn't it?) + * Updates Japanese Debconf template, thanks to Hideki Yamane + (Closes: #290439) + * The config file /etc/drupal/conf.php is only generated if it hasn't + existed. It is no longer edited. + + -- Hilko Bengen Sun, 16 Jan 2005 14:49:50 +0100 + +drupal (4.5.1-2) unstable; urgency=low + + * /etc/drupal/conf.php is no longer a conffile (Closes: #289624) + * Should install with mysql-client-4.1 now (Closes: #285733) + + -- Hilko Bengen Wed, 12 Jan 2005 02:16:28 +0100 + +drupal (4.5.1-1) unstable; urgency=low + + * New upstream version (Closes: #277547, #289216, #278345) + * Marvin and UnConeD have been split off into separate packages, as they + are not officially supported by upstream any longer. + * Added Japanese Debconf template (Closes: #288040) + + -- Hilko Bengen Sun, 9 Jan 2005 04:21:03 +0100 + +drupal (4.4.2-2) unstable; urgency=low + + * Bump version dependency to 0.0.37 where better support for PostgreSQL + is included (Closes: 263730) + * Another patch to node.module for DB-independennce (Closes: 258015) + + -- Hilko Bengen Wed, 18 Aug 2004 00:39:58 +0200 + +drupal (4.4.2-1) unstable; urgency=low + + * New upstream bugfix release + - PostgreSQL support fixed in node.module + (Closes: #258015, #258016) + * Fixed sed statement in postinst so it will work with woody's sed. + (Closes: #257529) + * Depends: sharutils (Closes: #258156) + * Cron script checks whether /usr/share/drupal/scripts/cron.sh exists + and is executable (Closes: #251853) + + -- Hilko Bengen Tue, 20 Jul 2004 00:03:06 +0200 + +drupal (4.4.1-3) unstable; urgency=low + + * Included Marvin and Unconed themes from contrib (Closes: #255039) + + -- Hilko Bengen Mon, 28 Jun 2004 14:34:40 +0200 + +drupal (4.4.1-2) unstable; urgency=high + + * Applied admin_node.patch from + against the "Invalid argument supplied for foreach() in + /usr/share/drupal/modules/node.module" error (Closes: #242992) + * Fixed removal of links in webserver directories + * Shut up cron.sh (Closes: #251853) + * Install misc/ directory (images and css) (Closes: #253550) + * Fixed PostgreSQL removal, added some docs (Closes: #253282) + + -- Hilko Bengen Thu, 10 Jun 2004 16:06:47 +0200 + +drupal (4.4.1-1) unstable; urgency=low + + * New upstream version (Closes: #246307) + * Added to cron.d (Closes: #242199) + * Create language in database/database.pgsql (Closes: #242572) + * Fixed dependencies (Closes: #242622): + - Depends on php4-cgi (since it's used by maintainer scripts) + - Recommends: php4 | libapache2-mod-php4 (After all, one _can_ run + Drupal with a PHP-CGI setup + * Fixed generation of links in webserver directories (Closes: #249488) + * Out-of-the-box support for multiple sites (Closes: #246009) + * Put themes directory under /usr/share/drupal. Themes are no longer + handled as conffiles. + * Fixed path to database.mysql in README.Debian (Closes: #246414) + + -- Hilko Bengen Tue, 25 May 2004 10:12:34 +0200 + +drupal (4.3.2-3) unstable; urgency=low + + * Rewrote README.Debian, copying substantial parts from the INSTALL file + (Closes: #240505) + * Re-added a (commented-out) directive for restricting access to + admin.php to htaccess file + + -- Hilko Bengen Sun, 28 Mar 2004 17:38:11 +0200 + +drupal (4.3.2-2) unstable; urgency=low + + * [Bart Cornelis ] Added Dutch debconf translation + (Closes: #232230) + * [Sergio Talens-Oliag ] Added Spanish and Catalan + debconf translations (Closes: #235018 + * [Gleydson Mazioli da Silva ] Added Brazilian + Portugese debconf translation (Closes: #185829) + * [Christian Perrier ] Added French debconf translation + (Closes: #200722) + * Added German debconf translation + + -- Hilko Bengen Tue, 16 Mar 2004 00:43:55 +0100 + +drupal (4.3.2-1) unstable; urgency=low + + * New maintainer (Closes: #227771) + * New upstream release (Closes: #204241, #220066) + - Test shows that kuro5hin RSS feed can be imported just fine + (Closes: #184252) + - The encoding bug in ping.module appears to have been fixed + (Closes: #215643) + * Revamped installation and automatic upgrade procedure + - Update sets password in config.php _and_ database (Closes: #193545) + - It's possible to install the package without performing any database + setup at all (Closes: #201202) + * Fixed /etc/drupal/apache.conf (Closes: #219143) + * Basic PostgreSQL support -- user and database are created + (Closes: #186563) + * Should work with apache2 (Closes: #235912) + + -- Hilko Bengen Thu, 11 Mar 2004 17:30:11 +0100 + +drupal (4.1.0-10) unstable; urgency=low + + * Maintainer field set to QA Group + * New Brazilian Portuguese debconf template translation, provided by + Andre Luis Lopes . Closes: #228109 + + -- Emanuele Rocca Sun, 1 Feb 2004 20:35:04 +0100 + +drupal (4.1.0-9.1) unstable; urgency=low + + * NMU + * French debconf templates translation. Closes: #200722 + * Correction to english templates for (I guess) better english and + formulations. Closes: #186566 + * Brazilian portuguese debconf tempaltes translation. Closes: #185829 + + -- Christian Perrier Tue, 16 Sep 2003 08:55:38 +0200 + +drupal (4.1.0-9) unstable; urgency=low + + * Two corrections in postinst to allow manually setting up the DB + on upgrade. + + -- Hugo Espuny Wed, 19 Mar 2003 22:02:50 +0100 + +drupal (4.1.0-8) unstable; urgency=low + + * Added patch from drupal.org (Closes: #185217) + * Minor typo on apache.conf + * Now htaccess is set up dynamically. + * Example of restricted admin.php is now at htaccess + * Debconf now does not repeat questions after preconfiguring. + + -- Hugo Espuny Wed, 19 Mar 2003 20:09:45 +0100 + +drupal (4.1.0-7) unstable; urgency=high + + * Added securing point to README.Debian + * Alias directive on /etc/drupal/apache.conf now is changed + dynamically according with debconf question. + + -- Hugo Espuny Fri, 14 Mar 2003 20:33:29 +0100 + +drupal (4.1.0-6) unstable; urgency=high + + * Corrected postrm problem whe downgrading to certain versions. + + -- Hugo Espuny Fri, 14 Mar 2003 19:38:15 +0100 + +drupal (4.1.0-5) unstable; urgency=low + + * Corrected mv themes order in rules file. + + -- Hugo Espuny Fri, 14 Mar 2003 19:22:12 +0100 + +drupal (4.1.0-4) unstable; urgency=low + + * Corrected themes moving engine. (Closes: #184752) + * Themes are now configfiles (since 4.1.0-2). I forgot to say... + + -- Hugo Espuny Fri, 14 Mar 2003 17:30:45 +0100 + +drupal (4.1.0-3) unstable; urgency=low + + * Updated to policy version 3.5.9 + + -- Hugo Espuny Fri, 14 Mar 2003 00:28:18 +0100 + +drupal (4.1.0-2) unstable; urgency=low + + * Corrected directive "AllowOverride None" to "AllowOverride All" in + /etc/drupal/apache.conf. (Closes: #184183) + * Corrected directive to in + /etc/drupal/apache.conf. + * Corrected cron file, postinst and templates. Now debconf asks for the + whole URL, not only TCP port. (Closes: #184182) (Closes: #184182) + Thanks to John Goerzen to point me those. + * News feed now works properly. (Closes: #184252) (Closes: #184253) + + -- Hugo Espuny Wed, 12 Mar 2003 18:25:35 +0100 + +drupal (4.1.0-1) unstable; urgency=high + + * New upstream version (Closes: #178506) (Closes: #173107) + * Moved to use po-debconf. + * Fixed README.Debian (Closes: #173103) (Closes: #184111) + + -- Hugo Espuny Fri, 7 Mar 2003 21:09:02 +0100 + +drupal (4.0-4) unstable; urgency=low + + * Corrected a bug on cron.d file. + + -- Hugo Espuny Wed, 11 Dec 2002 22:39:16 +0100 + +drupal (4.0-3) unstable; urgency=low + + * Corrected /etc/cron.d/drupal (thanx to Paul van Tilburg + ). (Closes: #172153) + * Corrected link in README.Debian. (Closes: #169949) + * Changed priority to extra. + * postrm now executes an abort install properly. + * Updated policy standars to 3.5.8 + + -- Hugo Espuny Tue, 10 Dec 2002 00:38:36 +0100 + +drupal (4.0-2) unstable; urgency=low + + * Minor typo correction in templates file. + * Minor bug correction about webserver port in postinst. + * Added versioned dependency on wget to support HTTPS + * Moved update.php to /usr/share/doc/drupal/upgrades + + -- Hugo Espuny Wed, 30 Oct 2002 16:54:06 +0100 + +drupal (4.0-1) unstable; urgency=low + + * New debian package. (Closes: #164676) + * Code taken from phpnuke package. + + -- Hugo Espuny Tue, 29 Oct 2002 21:21:26 +0100 + --- drupal6-6.10.orig/debian/compat +++ drupal6-6.10/debian/compat @@ -0,0 +1 @@ +4 --- drupal6-6.10.orig/debian/drupal6.config +++ drupal6-6.10/debian/drupal6.config @@ -0,0 +1,48 @@ +#!/bin/bash + +# Debconf config script for Drupal + +set -e + + +# Source debconf library +. /usr/share/debconf/confmodule + +if [ -f /usr/share/dbconfig-common/dpkg/config ]; then + # we support mysql and pgsql + dbc_dbtypes="mysql, pgsql" + dbc_dbname=drupal6 + dbc_dbuser=drupal6 + + # source dbconfig-common stuff + . /usr/share/dbconfig-common/dpkg/config --debconf-ok + dbc_go drupal6 $@ +fi + +if [ "$DPKG_DEBUG" = "developer" ]; then + set -x +fi + +################################################## +# Begin installation directories definition block# +################################################## +package_name="drupal6" +datadir="/var/lib/${package_name}" +backupdir="${datadir}/backups/" +docdir="/usr/share/doc/${package_name}" +upgradesdir="${docdir}/upgrades" +configdir="/etc/drupal/6" +configfile="${configdir}/conf.php" +includefile="${configdir}/apache.conf" +################################################ +# End installation directories definition block # +################################################ + +######################################################################## +# The actual configuration + +OLDVERSION="$2" + +db_stop + +exit 0 --- drupal6-6.10.orig/debian/copyright +++ drupal6-6.10/debian/copyright @@ -0,0 +1,44 @@ +This package was debianized by Hugo Espuny on +Sat, 29 Jun 2002 22:13:16 +0200. + +The current Debian Maintainer is Luigi Gangitano + +It was downloaded from http://www.drupal.org + +Upstream authors: Dries Buytaert +James Walker +Moshe Weitzman +Charlie Lowe +Steven Wittens +Károly Négyesi +Gabor Hojtsy +Richard Archer +Matt Westgate +Piotr Krukowiecki +Károly Négyesi +Jeremy Andrews +Károly Négyesi +Hilko Bengen +Gerhard Killesreiter + +Copyright: 2000-2008 Dries Buytaert + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License with + the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL; + if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth + Floor, Boston, MA 02110-1301, USA. + +On Debian systems, the complete text of the GNU General Public +License, version 2, can be found in /usr/share/common-licenses/GPL-2. + +The Debian packaging is (C) 2006-2008, Luigi Gangitano and +is licensed under the GPL, see above. --- drupal6-6.10.orig/debian/watch +++ drupal6-6.10/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://ftp.osuosl.org/pub/drupal/files/projects/drupal-(6[\d\.]+)\.tar\.gz --- drupal6-6.10.orig/debian/control +++ drupal6-6.10/debian/control @@ -0,0 +1,24 @@ +Source: drupal6 +Section: web +Priority: extra +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Luigi Gangitano +Build-Depends: debhelper (>= 4), dpatch +Homepage: http://www.drupal.org/ +Standards-Version: 3.8.0 +Xs-Vcs-Svn: svn://alioth.debian.org/svn/pkg-drupal/branches/drupal6 +Xs-Vcs-Browser: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6 + +Package: drupal6 +Architecture: all +Depends: ${misc:Depends}, apache2 | httpd, php5, php5-mysql | php5-pgsql, php5-gd, exim4 | mail-transport-agent, wwwconfig-common (>= 0.0.37), mysql-client | virtual-mysql-client | postgresql-client, dbconfig-common, curl, libjs-jquery +Recommends: mysql-server | postgresql +Description: a fully-featured content management framework + Drupal is a dynamic web site platform which allows an individual or + community of users to publish, manage and organize a variety of + content, Drupal integrates many popular features of content + management systems, weblogs, collaborative tools and discussion-based + community software into one easy-to-use package. + . + This package contains version 6 of Drupal. + --- drupal6-6.10.orig/debian/dirs +++ drupal6-6.10/debian/dirs @@ -0,0 +1,5 @@ +etc/drupal/6/sites/default +var/lib/drupal6/files +var/lib/drupal6/backups +usr/share/doc/drupal6 +usr/share/lintian/overrides --- drupal6-6.10.orig/debian/drupal6.install +++ drupal6-6.10/debian/drupal6.install @@ -0,0 +1,10 @@ +*.php usr/share/drupal6 +includes usr/share/drupal6 +misc usr/share/drupal6 +modules usr/share/drupal6 +themes usr/share/drupal6 +robots.txt usr/share/drupal6 +profiles etc/drupal/6 +debian/etc/apache.conf etc/drupal/6 +debian/etc/settings.php etc/drupal/6/sites/default +debian/cron.sh usr/share/drupal6/scripts --- drupal6-6.10.orig/debian/etc/settings.php +++ drupal6-6.10/debian/etc/settings.php @@ -0,0 +1,170 @@ + 'main_', + * 'users' => 'shared_', + * 'sessions' => 'shared_', + * 'role' => 'shared_', + * 'authmap' => 'shared_', + * 'sequences' => 'shared_', + * ); + * + * Database URL format: + * $db_url = 'mysql://username:password@localhost/databasename'; + * $db_url = 'mysqli://username:password@localhost/databasename'; + * $db_url = 'pgsql://username:password@localhost/databasename'; + */ +require_once('dbconfig.php'); +if (!isset($dbserver) || empty($dbserver)) + $dbserver='localhost'; +$db_url = "$dbtype://$dbuser:$dbpass@$dbserver/$dbname"; +$db_prefix = ''; + +/** + * Base URL (optional). + * + * If you are experiencing issues with different site domains, + * uncomment the Base URL statement below (remove the leading hash sign) + * and fill in the URL to your Drupal installation. + * + * You might also want to force users to use a given domain. + * See the .htaccess file for more information. + * + * Examples: + * $base_url = 'http://www.example.com'; + * $base_url = 'http://www.example.com:8888'; + * $base_url = 'http://www.example.com/drupal'; + * $base_url = 'https://www.example.com:8888/drupal'; + * + * It is not allowed to have a trailing slash; Drupal will add it + * for you. + */ +# $base_url = 'http://www.example.com'; // NO trailing slash! +if (file_exists('baseurl.php')) + include_once('baseurl.php'); + +/** + * PHP settings: + * + * To see what PHP settings are possible, including whether they can + * be set at runtime (ie., when ini_set() occurs), read the PHP + * documentation at http://www.php.net/manual/en/ini.php#ini.list + * and take a look at the .htaccess file to see which non-runtime + * settings are used there. Settings defined here should not be + * duplicated there so as to avoid conflict issues. + */ +ini_set('arg_separator.output', '&'); +ini_set('magic_quotes_runtime', 0); +ini_set('magic_quotes_sybase', 0); +ini_set('session.cache_expire', 200000); +ini_set('session.cache_limiter', 'none'); +ini_set('session.cookie_lifetime', 2000000); +ini_set('session.gc_maxlifetime', 200000); +ini_set('session.save_handler', 'user'); +ini_set('session.use_only_cookies', 1); +ini_set('session.use_trans_sid', 0); +ini_set('url_rewriter.tags', ''); + +/** + * Drupal automatically generates a unique session cookie name for each site + * based on on its full domain name. If you have multiple domains pointing at + * the same Drupal site, you can either redirect them all to a single domain + * (see comment in .htaccess), or uncomment the line below and specify their + * shared base domain. Doing so assures that users remain logged in as they + * cross between your various domains. + */ +# $cookie_domain = 'example.com'; + +/** + * Variable overrides: + * + * To override specific entries in the 'variable' table for this site, + * set them here. You usually don't need to use this feature. This is + * useful in a configuration file for a vhost or directory, rather than + * the default settings.php. Any configuration setting from the 'variable' + * table can be given a new value. + * + * Remove the leading hash signs to enable. + */ +# $conf = array( +# 'site_name' => 'My Drupal site', +# 'theme_default' => 'minnelli', +# 'anonymous' => 'Visitor', +# ); + --- drupal6-6.10.orig/debian/etc/apache.conf +++ drupal6-6.10/debian/etc/apache.conf @@ -0,0 +1,8 @@ +Alias /drupal6 /usr/share/drupal6 + + + Options +FollowSymLinks + AllowOverride All + order allow,deny + allow from all + --- drupal6-6.10.orig/debian/patches/00list +++ drupal6-6.10/debian/patches/00list @@ -0,0 +1,6 @@ +10_cronjob +18_SA-CORE-2009-005 +19_SA-CORE-2009-006 +20_SA-CORE-2009-007 +21_SA-CORE-2009-008 +22_SA-CORE-2009-009 --- drupal6-6.10.orig/debian/patches/22_SA-CORE-2009-009.dpatch +++ drupal6-6.10/debian/patches/22_SA-CORE-2009-009.dpatch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 22_SA-CORE-2009-009.dpatch by Artur Rona +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix a critical security vulnerability. +## +## Ubuntu: https://bugs.launchpad.net/bugs/510421 +## Upstream: http://drupal.org/node/661586 +## Patch: http://drupal.org/files/sa-core-2009-009/SA-CORE-2009-009-6.14.patch + +@DPATCH@ + +diff -pruN -x '*~' drupal-6.10.orig/modules/contact/contact.admin.inc drupal-6.10/modules/contact/contact.admin.inc +--- drupal-6.10.orig/modules/contact/contact.admin.inc 2007-11-09 08:55:13.000000000 +0100 ++++ drupal-6.10/modules/contact/contact.admin.inc 2010-02-21 23:11:37.000000000 +0100 +@@ -13,7 +13,7 @@ function contact_admin_categories() { + $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category'); + $rows = array(); + while ($category = db_fetch_object($result)) { +- $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); ++ $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); + } + $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2)); + +diff -pruN -x '*~' drupal-6.10.orig/modules/menu/menu.admin.inc drupal-6.10/modules/menu/menu.admin.inc +--- drupal-6.10.orig/modules/menu/menu.admin.inc 2009-02-25 14:15:40.000000000 +0100 ++++ drupal-6.10/modules/menu/menu.admin.inc 2010-02-21 23:12:42.000000000 +0100 +@@ -15,6 +15,7 @@ function menu_overview_page() { + while ($menu = db_fetch_array($result)) { + $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name']; + $menu['localized_options'] = array(); ++ $menu['description'] = filter_xss_admin($menu['description']); + $content[] = $menu; + } + return theme('admin_block_content', $content); --- drupal6-6.10.orig/debian/patches/20_SA-CORE-2009-007.dpatch +++ drupal6-6.10/debian/patches/20_SA-CORE-2009-007.dpatch @@ -0,0 +1,190 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20_SA-CORE-2009-007.dpatch by Artur Rona +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix a critical security vulnerability. +## +## Ubuntu: https://bugs.launchpad.net/bugs/431080 +## Upstream: http://drupal.org/node/507572 +## Patch: http://drupal.org/files/sa-core-2009-007/SA-CORE-2009-007-6.12.patch + +@DPATCH@ + +diff -pruN -x '*~' drupal-6.10.orig/includes/pager.inc drupal-6.10/includes/pager.inc +--- drupal-6.10.orig/includes/pager.inc 2007-12-06 10:58:30.000000000 +0100 ++++ drupal-6.10/includes/pager.inc 2009-10-25 02:40:44.000000000 +0200 +@@ -85,7 +85,7 @@ function pager_query($query, $limit = 10 + function pager_get_querystring() { + static $string = NULL; + if (!isset($string)) { +- $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE))); ++ $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE))); + } + return $string; + } +diff -pruN -x '*~' drupal-6.10.orig/includes/tablesort.inc drupal-6.10/includes/tablesort.inc +--- drupal-6.10.orig/includes/tablesort.inc 2008-01-04 10:31:48.000000000 +0100 ++++ drupal-6.10/includes/tablesort.inc 2009-10-25 02:42:08.000000000 +0200 +@@ -136,7 +136,7 @@ function tablesort_cell($cell, $header, + * except for those pertaining to table sorting. + */ + function tablesort_get_querystring() { +- return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE))); ++ return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE))); + } + + /** +diff -pruN -x '*~' drupal-6.10.orig/modules/comment/comment.module drupal-6.10/modules/comment/comment.module +--- drupal-6.10.orig/modules/comment/comment.module 2009-01-06 18:34:54.000000000 +0100 ++++ drupal-6.10/modules/comment/comment.module 2009-10-25 02:54:29.000000000 +0200 +@@ -936,7 +936,7 @@ function comment_render($node, $cid = 0) + + if ($cid && is_numeric($cid)) { + // Single comment view. +- $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d'; ++ $query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d'; + $query_args = array($cid); + if (!user_access('administer comments')) { + $query .= ' AND c.status = %d'; +@@ -957,7 +957,7 @@ function comment_render($node, $cid = 0) + else { + // Multiple comment view + $query_count = 'SELECT COUNT(*) FROM {comments} c WHERE c.nid = %d'; +- $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d'; ++ $query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d'; + + $query_args = array($nid); + if (!user_access('administer comments')) { +@@ -1466,7 +1466,7 @@ function comment_form_add_preview($form, + $output = ''; + + if ($edit['pid']) { +- $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED)); ++ $comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED)); + $comment = drupal_unpack($comment); + $comment->name = $comment->uid ? $comment->registered_name : $comment->name; + $output .= theme('comment_view', $comment, $node); +diff -pruN -x '*~' drupal-6.10.orig/modules/comment/comment.pages.inc drupal-6.10/modules/comment/comment.pages.inc +--- drupal-6.10.orig/modules/comment/comment.pages.inc 2008-02-07 19:53:38.000000000 +0100 ++++ drupal-6.10/modules/comment/comment.pages.inc 2009-10-25 02:46:09.000000000 +0200 +@@ -70,7 +70,7 @@ function comment_reply($node, $pid = NUL + // $pid indicates that this is a reply to a comment. + if ($pid) { + // load the comment whose cid = $pid +- if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) { ++ if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) { + // If that comment exists, make sure that the current comment and the parent comment both + // belong to the same parent node. + if ($comment->nid != $node->nid) { +diff -pruN -x '*~' drupal-6.10.orig/modules/forum/forum.pages.inc drupal-6.10/modules/forum/forum.pages.inc +--- drupal-6.10.orig/modules/forum/forum.pages.inc 2007-07-26 08:48:03.000000000 +0200 ++++ drupal-6.10/modules/forum/forum.pages.inc 2009-10-25 02:47:06.000000000 +0200 +@@ -10,6 +10,11 @@ + * Menu callback; prints a forum listing. + */ + function forum_page($tid = 0) { ++ if (!is_numeric($tid)) { ++ return MENU_NOT_FOUND; ++ } ++ $tid = (int)$tid; ++ + $topics = ''; + $forum_per_page = variable_get('forum_per_page', 25); + $sortby = variable_get('forum_order', 1); +diff -pruN -x '*~' drupal-6.10.orig/modules/system/system.install drupal-6.10/modules/system/system.install +--- drupal-6.10.orig/modules/system/system.install 2009-02-25 15:02:46.000000000 +0100 ++++ drupal-6.10/modules/system/system.install 2009-10-25 02:48:48.000000000 +0200 +@@ -2548,6 +2548,39 @@ function system_update_6049() { + } + + /** +++ * Create a signature_format column. +++ */ ++function system_update_6051() { ++ $ret = array(); ++ ++ if (!db_column_exists('users', 'signature_format')) { ++ ++ // Set future input formats to FILTER_FORMAT_DEFAULT to ensure a safe default ++ // when incompatible modules insert into the users table. An actual format ++ // will be assigned when users save their signature. ++ ++ $schema = array( ++ 'type' => 'int', ++ 'size' => 'small', ++ 'not null' => TRUE, ++ 'default' => FILTER_FORMAT_DEFAULT, ++ 'description' => 'The {filter_formats}.format of the signature.', ++ ); ++ ++ db_add_field($ret, 'users', 'signature_format', $schema); ++ ++ // Set the format of existing signatures to the current default input format. ++ if ($current_default_filter = variable_get('filter_default_format', 0)) { ++ $ret[] = update_sql("UPDATE {users} SET signature_format = ". $current_default_filter); ++ } ++ ++ drupal_set_message("User signatures no longer inherit comment input formats. Each user's signature now has its own associated format that can be selected on the user's account page. Existing signatures have been set to your site's default input format."); ++ } ++ ++ return $ret; ++} ++ ++/** + * @} End of "defgroup updates-5.x-to-6.x" + * The next series of updates should start at 7000. + */ +diff -pruN -x '*~' drupal-6.10.orig/modules/user/user.install drupal-6.10/modules/user/user.install +--- drupal-6.10.orig/modules/user/user.install 2009-01-06 16:46:38.000000000 +0100 ++++ drupal-6.10/modules/user/user.install 2009-10-25 02:15:53.000000000 +0100 +@@ -191,6 +191,13 @@ function user_schema() { + 'default' => '', + 'description' => "User's signature.", + ), ++ 'signature_format' => array( ++ 'type' => 'int', ++ 'size' => 'small', ++ 'not null' => TRUE, ++ 'default' => 0, ++ 'description' => 'The {filter_formats}.format of the signature.', ++ ), + 'created' => array( + 'type' => 'int', + 'not null' => TRUE, +diff -pruN -x '*~' drupal-6.10.orig/modules/user/user.module drupal-6.10/modules/user/user.module +--- drupal-6.10.orig/modules/user/user.module 2009-02-25 14:57:04.000000000 +0100 ++++ drupal-6.10/modules/user/user.module 2009-10-25 02:52:24.000000000 +0200 +@@ -532,7 +532,7 @@ function user_fields() { + } + else { + // Make sure we return the default fields at least. +- $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data'); ++ $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'signature_format', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data'); + } + } + +@@ -1521,6 +1521,15 @@ function user_edit_form(&$form_state, $u + '#default_value' => $edit['signature'], + '#description' => t('Your signature will be publicly displayed at the end of your comments.'), + ); ++ ++ // Prevent a "validation error" message when the user attempts to save with a default value they ++ // do not have access to. ++ if (!filter_access($edit['signature_format']) && empty($_POST)) { ++ drupal_set_message(t("The signature input format has been set to a format you don't have access to. It will be changed to a format you have access to when you save this page.")); ++ $edit['signature_format'] = FILTER_FORMAT_DEFAULT; ++ } ++ ++ $form['signature_settings']['signature_format'] = filter_form($edit['signature_format'], NULL, array('signature_format')); + } + + // Picture/avatar: +@@ -2033,7 +2042,7 @@ function user_comment(&$comment, $op) { + // Validate signature. + if ($op == 'view') { + if (variable_get('user_signatures', 0) && !empty($comment->signature)) { +- $comment->signature = check_markup($comment->signature, $comment->format); ++ $comment->signature = check_markup($comment->signature, $comment->signature_format, FALSE); + } + else { + $comment->signature = ''; --- drupal6-6.10.orig/debian/patches/10_cronjob.dpatch +++ drupal6-6.10/debian/patches/10_cronjob.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_cronjob.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disable reporting to system log every cron run + +@DPATCH@ +diff -urNad drupal6~/includes/common.inc drupal6/includes/common.inc +--- drupal6~/includes/common.inc 2008-02-18 12:32:44.000000000 +0100 ++++ drupal6/includes/common.inc 2008-02-18 12:37:09.000000000 +0100 +@@ -2540,7 +2540,7 @@ + + // Record cron time + variable_set('cron_last', time()); +- watchdog('cron', 'Cron run completed.', array(), WATCHDOG_NOTICE); ++ #watchdog('cron', 'Cron run completed.', array(), WATCHDOG_NOTICE); + + // Release cron semaphore + variable_del('cron_semaphore'); --- drupal6-6.10.orig/debian/patches/21_SA-CORE-2009-008.dpatch +++ drupal6-6.10/debian/patches/21_SA-CORE-2009-008.dpatch @@ -0,0 +1,80 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 21_SA-CORE-2009-008.dpatch by Artur Rona +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix a critical security vulnerability. +## +## Ubuntu: https://bugs.launchpad.net/bugs/431080 +## Upstream: http://drupal.org/node/579482 +## Patch: http://drupal.org/files/sa-core-2009-008/SA-CORE-2009-008-6.13.patch + +@DPATCH@ + +diff -pruN -x '*~' drupal-6.10.orig/includes/file.inc drupal-6.10/includes/file.inc +--- drupal-6.10.orig/includes/file.inc 2008-10-20 11:42:31.000000000 +0200 ++++ drupal-6.10/includes/file.inc 2009-10-25 02:17:44.000000000 +0200 +@@ -529,13 +529,6 @@ function file_save_upload($source, $vali + $file->filepath = $_FILES['files']['tmp_name'][$source]; + $file->filemime = file_get_mimetype($file->filename); + +- // Rename potentially executable files, to help prevent exploits. +- if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { +- $file->filemime = 'text/plain'; +- $file->filepath .= '.txt'; +- $file->filename .= '.txt'; +- } +- + // If the destination is not provided, or is not writable, then use the + // temporary directory. + if (empty($dest) || file_check_path($dest) === FALSE) { +@@ -553,6 +546,17 @@ function file_save_upload($source, $vali + $errors = array_merge($errors, call_user_func_array($function, $args)); + } + ++ // Rename potentially executable files, to help prevent exploits. ++ if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { ++ $file->filemime = 'text/plain'; ++ $file->filepath .= '.txt'; ++ $file->filename .= '.txt'; ++ // As the file may be named example.php.txt, we need to munge again to ++ // convert to example.php_.txt, then create the correct destination. ++ $file->filename = file_munge_filename($file->filename, $extensions); ++ $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), $replace); ++ } ++ + // Check for validation errors. + if (!empty($errors)) { + $message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename)); +diff -pruN -x '*~' drupal-6.10.orig/modules/openid/openid.module drupal-6.10/modules/openid/openid.module +--- drupal-6.10.orig/modules/openid/openid.module 2009-01-14 22:36:16.000000000 +0100 ++++ drupal-6.10/modules/openid/openid.module 2009-10-25 02:18:23.000000000 +0200 +@@ -193,8 +193,8 @@ function openid_begin($claimed_id, $retu + } + + if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) { +- $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; +- } ++ $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; ++ } + $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); + + if ($services[0]['version'] == 2) { +diff -pruN -x '*~' drupal-6.10.orig/modules/openid/openid.pages.inc drupal-6.10/modules/openid/openid.pages.inc +--- drupal-6.10.orig/modules/openid/openid.pages.inc 2008-07-09 23:48:28.000000000 +0200 ++++ drupal-6.10/modules/openid/openid.pages.inc 2009-10-25 02:22:04.000000000 +0200 +@@ -73,10 +73,11 @@ function openid_user_add_validate($form, + if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) { + form_set_error('openid_identifier', t('That OpenID is already in use on this site.')); + } +- else { +- $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); +- openid_begin($form_state['values']['openid_identifier'], $return_to); +- } ++} ++ ++function openid_user_add_submit($form, &$form_state) { ++ $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); ++ openid_begin($form_state['values']['openid_identifier'], $return_to); + } + + /** --- drupal6-6.10.orig/debian/patches/18_SA-CORE-2009-005.dpatch +++ drupal6-6.10/debian/patches/18_SA-CORE-2009-005.dpatch @@ -0,0 +1,149 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 18_SA-CORE-2009-005.dpatch by Artur Rona +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Cross site scripting. +## +## Ubuntu: https://bugs.launchpad.net/bugs/431080 +## Upstream: http://drupal.org/node/449078 +## Patch: http://drupal.org/files/sa-core-2009-005/SA-CORE-2009-005-6.10.patch + +@DPATCH@ + +diff -pruN -x '*~' drupal-6.10.orig/includes/bootstrap.inc drupal-6.10/includes/bootstrap.inc +--- drupal-6.10.orig/includes/bootstrap.inc 2009-02-25 14:49:54.000000000 +0100 ++++ drupal-6.10/includes/bootstrap.inc 2009-10-25 01:15:52.000000000 +0200 +@@ -791,6 +791,8 @@ function request_uri() { + $uri = $_SERVER['SCRIPT_NAME']; + } + } ++ // Prevent multiple slashes to avoid cross site requests via the FAPI. ++ $uri = '/'. ltrim($uri, '/'); + + return $uri; + } +diff -pruN -x '*~' drupal-6.10.orig/includes/common.inc drupal-6.10/includes/common.inc +--- drupal-6.10.orig/includes/common.inc 2009-02-25 22:02:36.000000000 +0100 ++++ drupal-6.10/includes/common.inc 2009-10-25 01:06:37.000000000 +0200 +@@ -152,6 +152,15 @@ function drupal_get_headers() { + } + + /** ++ * Make any final alterations to the rendered xhtml. ++ */ ++function drupal_final_markup($content) { ++ // Make sure that the charset is always specified as the first element of the ++ // head region to prevent encoding-based attacks. ++ return preg_replace('/]*>/i', "\$0\n", $content, 1); ++} ++ ++/** + * Add a feed URL for the current page. + * + * @param $url +diff -pruN -x '*~' drupal-6.10.orig/includes/theme.inc drupal-6.10/includes/theme.inc +--- drupal-6.10.orig/includes/theme.inc 2009-02-25 22:02:16.000000000 +0100 ++++ drupal-6.10/includes/theme.inc 2009-10-25 01:07:36.000000000 +0200 +@@ -687,6 +687,10 @@ function theme() { + } + // restore path_to_theme() + $theme_path = $temp; ++ // Add final markup to the full page. ++ if ($hook == 'page') { ++ $output = drupal_final_markup($output); ++ } + return $output; + } + +diff -pruN -x '*~' drupal-6.10.orig/modules/system/maintenance-page.tpl.php drupal-6.10/modules/system/maintenance-page.tpl.php +--- drupal-6.10.orig/modules/system/maintenance-page.tpl.php 2008-01-24 10:42:51.000000000 +0100 ++++ drupal-6.10/modules/system/maintenance-page.tpl.php 2009-10-25 01:08:26.000000000 +0200 +@@ -19,8 +19,8 @@ + + + +- <?php print $head_title; ?> + ++ <?php print $head_title; ?> + + + +diff -pruN -x '*~' drupal-6.10.orig/modules/system/page.tpl.php drupal-6.10/modules/system/page.tpl.php +--- drupal-6.10.orig/modules/system/page.tpl.php 2008-01-24 10:42:51.000000000 +0100 ++++ drupal-6.10/modules/system/page.tpl.php 2009-10-25 01:09:03.000000000 +0200 +@@ -80,8 +80,8 @@ + + + +- <?php print $head_title; ?> + ++ <?php print $head_title; ?> + + + +diff -pruN -x '*~' drupal-6.10.orig/themes/bluemarine/page.tpl.php drupal-6.10/themes/bluemarine/page.tpl.php +--- drupal-6.10.orig/themes/bluemarine/page.tpl.php 2008-01-24 10:42:52.000000000 +0100 ++++ drupal-6.10/themes/bluemarine/page.tpl.php 2009-10-25 01:09:41.000000000 +0200 +@@ -4,8 +4,8 @@ + + + +- <?php print $head_title ?> + ++ <?php print $head_title ?> + + + +diff -pruN -x '*~' drupal-6.10.orig/themes/chameleon/chameleon.theme drupal-6.10/themes/chameleon/chameleon.theme +--- drupal-6.10.orig/themes/chameleon/chameleon.theme 2008-01-24 10:42:53.000000000 +0100 ++++ drupal-6.10/themes/chameleon/chameleon.theme 2009-10-25 01:11:42.000000000 +0200 +@@ -30,8 +30,8 @@ function chameleon_page($content, $show_ + $output = "\n"; + $output .= "\n"; + $output .= "\n"; +- $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n"; + $output .= drupal_get_html_head(); ++ $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n"; + $output .= drupal_get_css(); + $output .= drupal_get_js(); + $output .= ""; +diff -pruN -x '*~' drupal-6.10.orig/themes/garland/maintenance-page.tpl.php drupal-6.10/themes/garland/maintenance-page.tpl.php +--- drupal-6.10.orig/themes/garland/maintenance-page.tpl.php 2008-01-24 10:42:53.000000000 +0100 ++++ drupal-6.10/themes/garland/maintenance-page.tpl.php 2009-10-25 01:12:33.000000000 +0200 +@@ -15,8 +15,8 @@ + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + + +- <?php print $head_title ?> + ++ <?php print $head_title ?> + + +