pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q4]: pkgsrc/www/wordpress Pullup ticket #6139 - requested ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7655dbb941a4
branches: pkgsrc-2019Q4
changeset: 419746:7655dbb941a4
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Sun Feb 23 18:10:23 2020 +0000
description:
Pullup ticket #6139 - requested by morr
www/wordpress: security fix
Revisions pulled up:
- www/wordpress/Makefile 1.91
- www/wordpress/PLIST 1.42
- www/wordpress/distinfo 1.73
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Feb 23 09:59:42 UTC 2020
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
Update to version 5.3.2.
Changes:
Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.
Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Maintenance updates
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability
issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn?t exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user?s locale instead of the site locale.
diffstat:
www/wordpress/Makefile | 5 ++---
www/wordpress/PLIST | 10 +++++++++-
www/wordpress/distinfo | 10 +++++-----
3 files changed, 16 insertions(+), 9 deletions(-)
diffs (88 lines):
diff -r b91da1e40414 -r 7655dbb941a4 www/wordpress/Makefile
--- a/www/wordpress/Makefile Sun Feb 23 15:16:34 2020 +0000
+++ b/www/wordpress/Makefile Sun Feb 23 18:10:23 2020 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.90 2019/12/09 14:20:57 taca Exp $
+# $NetBSD: Makefile,v 1.90.4.1 2020/02/23 18:10:23 bsiegert Exp $
DISTNAME= wordpress-${VERSION}
-VERSION= 5.3
-PKGREVISION= 1
+VERSION= 5.3.2
CATEGORIES= www
MASTER_SITES= https://wordpress.org/
diff -r b91da1e40414 -r 7655dbb941a4 www/wordpress/PLIST
--- a/www/wordpress/PLIST Sun Feb 23 15:16:34 2020 +0000
+++ b/www/wordpress/PLIST Sun Feb 23 18:10:23 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.41 2019/12/04 08:06:04 morr Exp $
+@comment $NetBSD: PLIST,v 1.41.4.1 2020/02/23 18:10:23 bsiegert Exp $
share/doc/wordpress/license.txt
share/doc/wordpress/readme.html
share/examples/wordpress/wordpress.conf
@@ -1453,6 +1453,7 @@
share/wordpress/wp-includes/js/heartbeat.min.js
share/wordpress/wp-includes/js/hoverIntent.js
share/wordpress/wp-includes/js/hoverIntent.min.js
+share/wordpress/wp-includes/js/hoverintent-js.min.js
share/wordpress/wp-includes/js/imagesloaded.min.js
share/wordpress/wp-includes/js/imgareaselect/border-anim-h.gif
share/wordpress/wp-includes/js/imgareaselect/border-anim-v.gif
@@ -1792,6 +1793,7 @@
share/wordpress/wp-includes/sodium_compat/lib/constants.php
share/wordpress/wp-includes/sodium_compat/lib/namespaced.php
share/wordpress/wp-includes/sodium_compat/lib/php72compat.php
+share/wordpress/wp-includes/sodium_compat/lib/php72compat_const.php
share/wordpress/wp-includes/sodium_compat/lib/sodium_compat.php
share/wordpress/wp-includes/sodium_compat/namespaced/Compat.php
share/wordpress/wp-includes/sodium_compat/namespaced/Core/BLAKE2b.php
@@ -1821,6 +1823,9 @@
share/wordpress/wp-includes/sodium_compat/namespaced/File.php
share/wordpress/wp-includes/sodium_compat/src/Compat.php
share/wordpress/wp-includes/sodium_compat/src/Core/BLAKE2b.php
+share/wordpress/wp-includes/sodium_compat/src/Core/Base64/Common.php
+share/wordpress/wp-includes/sodium_compat/src/Core/Base64/Original.php
+share/wordpress/wp-includes/sodium_compat/src/Core/Base64/UrlSafe.php
share/wordpress/wp-includes/sodium_compat/src/Core/ChaCha20.php
share/wordpress/wp-includes/sodium_compat/src/Core/ChaCha20/Ctx.php
share/wordpress/wp-includes/sodium_compat/src/Core/ChaCha20/IetfCtx.php
@@ -1839,6 +1844,7 @@
share/wordpress/wp-includes/sodium_compat/src/Core/Poly1305.php
share/wordpress/wp-includes/sodium_compat/src/Core/Poly1305/State.php
share/wordpress/wp-includes/sodium_compat/src/Core/Salsa20.php
+share/wordpress/wp-includes/sodium_compat/src/Core/SecretStream/State.php
share/wordpress/wp-includes/sodium_compat/src/Core/SipHash.php
share/wordpress/wp-includes/sodium_compat/src/Core/Util.php
share/wordpress/wp-includes/sodium_compat/src/Core/X25519.php
@@ -1865,6 +1871,7 @@
share/wordpress/wp-includes/sodium_compat/src/Core32/Poly1305.php
share/wordpress/wp-includes/sodium_compat/src/Core32/Poly1305/State.php
share/wordpress/wp-includes/sodium_compat/src/Core32/Salsa20.php
+share/wordpress/wp-includes/sodium_compat/src/Core32/SecretStream/State.php
share/wordpress/wp-includes/sodium_compat/src/Core32/SipHash.php
share/wordpress/wp-includes/sodium_compat/src/Core32/Util.php
share/wordpress/wp-includes/sodium_compat/src/Core32/X25519.php
@@ -1873,6 +1880,7 @@
share/wordpress/wp-includes/sodium_compat/src/Crypto.php
share/wordpress/wp-includes/sodium_compat/src/Crypto32.php
share/wordpress/wp-includes/sodium_compat/src/File.php
+share/wordpress/wp-includes/sodium_compat/src/PHP52/SplFixedArray.php
share/wordpress/wp-includes/sodium_compat/src/SodiumException.php
share/wordpress/wp-includes/spl-autoload-compat.php
share/wordpress/wp-includes/taxonomy.php
diff -r b91da1e40414 -r 7655dbb941a4 www/wordpress/distinfo
--- a/www/wordpress/distinfo Sun Feb 23 15:16:34 2020 +0000
+++ b/www/wordpress/distinfo Sun Feb 23 18:10:23 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.72 2019/12/04 08:06:04 morr Exp $
+$NetBSD: distinfo,v 1.72.4.1 2020/02/23 18:10:23 bsiegert Exp $
-SHA1 (wordpress-5.3.tar.gz) = e3edcb1131e539c2b2e10fed37f8b6683c824a98
-RMD160 (wordpress-5.3.tar.gz) = 9e52f5dfb0315d845f261d9ad5d14cf32f634e31
-SHA512 (wordpress-5.3.tar.gz) = 90a0df8a2b965c06ac10ba0dd3521b98bbd6040780bd2ccfa14a445bd2cbdb1311277563dd30f5cdc918a4177ec7c49e89260d95309fb08e271173f242fcfc07
-Size (wordpress-5.3.tar.gz) = 12372564 bytes
+SHA1 (wordpress-5.3.2.tar.gz) = fded476f112dbab14e3b5acddd2bcfa550e7b01b
+RMD160 (wordpress-5.3.2.tar.gz) = 4385dac6def9eeeb6fccdcc2b247ace9fc354b64
+SHA512 (wordpress-5.3.2.tar.gz) = d766d485d9a6a6efb2b92ffaec2ba1f773e55a6e018759bb6b196469b73db2857c34a3dfca1ac406e2b7066072a35c070c99f24b285a47b050e3d21317785198
+Size (wordpress-5.3.2.tar.gz) = 12389281 bytes
Home |
Main Index |
Thread Index |
Old Index