CVS commit: [pkgsrc-2010Q3] pkgsrc/www/wordpress

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Dec  7 12:08:21 UTC 2010

Modified Files:
        pkgsrc/www/wordpress [pkgsrc-2010Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #3296 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                        1.12
- www/wordpress/PLIST                           1.7
- www/wordpress/distinfo                        1.8
---
Module Name:    pkgsrc
Committed By:   morr
Date:           Sun Dec  5 16:46:29 UTC 2010

Modified Files:
        pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could
  gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can
  easily be abused.
* Fix canonical redirection for permalinks containing %category% with
  nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting
  a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap()
  even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a
  URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for
  upgraded WordPress MU installs

While here, set license.


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/www/wordpress/PLIST
cvs rdiff -u -r1.7 -r1.7.2.1 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.