CVS log for pkgsrc/www/wordpress/Makefile

Up to [cvs.NetBSD.org] / pkgsrc / www / wordpress

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.108 / (download) - annotate - [select for diffs], Wed Mar 6 14:02:59 2024 UTC (6 weeks, 2 days ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1, HEAD
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)

www/wordpress: use tab instead of spaces

Revision 1.107 / (download) - annotate - [select for diffs], Tue Feb 27 23:09:39 2024 UTC (7 weeks, 2 days ago) by morr
Branch: MAIN
Changes since 1.106: +5 -2 lines
Diff to previous 1.106 (colored)

Update to version 6.4.3.

Changelog:

6.4.3:

WordPress 6.4.3 includes 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes.

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

- m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
- @_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
The 6.4.3 release was led by Sarah Norris, Joe McGill, and Aaron Jorbin.

6.4.2:

WordPress 6.4.2 fixes 7 Big fixes

#59819 - Change CSS align-item from start / end to flex-start / flex-end for full browser support
#59821 - Irrelevant comment for translators
#59847 - Since WordPress 6.4, the functions.php of a theme moved to a different location using register_theme_directory is no longer called
#59869 - Incorrect reference in docblock for _register_theme_block_patterns
#59882 - Expose serialized template content to callbacks registered to the `hooked_block_types` filter.
#59891 - Incorrect example for WP_HTML_Tag_Processor class
#59935 - Site editor: logo
The security team addressed the following vulnerability in WordPress 6.4.2

- A Remote Code Execution vulnerability that is not directly exploitable in core;
however, the security team feels that there is a potential for high severity
when combined with some plugins, especially in multisite installations.
The 6.4.2 release was led by @jorbin.

6.4.1:

WordPress 6.4.1 fixes 4 regressions introduced in version 6.4.

Fixed Core tickets from trac:

#59830 - Administration: Typos in wp_admin_notice() arguments
#59837 - Categories are removed when bulk editing posts
#59842 - WordPress 6.4 wp_remote_get (cURL error 28: Operation timed out)
#59846 - Reinstate the wpdb::$use_mysqli property

The 6.4.1 release was lead by @jorbin and @hellofromtonya.

6.4:

- Meet Twenty Twenty-Four
Experience site editing at its finest with Twenty Twenty-Four. This new
multi-faceted default theme has been thoughtfully crafted with three distinct
use cases in mind, from writers and artists to entrepreneurs. Save time and
effort with its extensive collection of over 35 templates and patterns - and
unlock a world of creative possibilities with a few tweaks.
Twenty Twenty-Four's remarkable flexibility ensures an ideal fit for almost
any type of site. Check it out in this demo.

- Let your writing flow
New enhancements ensure your content creation journey is smooth. Find new
keyboard shortcuts in List View, smarter list merging, and enhanced control
over link settings. A cohesive toolbar experience for the Navigation, List,
and Quote blocks lets you work efficiently with the tooling options you need.

- The Command Palette just got better
First introduced in WordPress 6.3, the Command Palette is a powerful tool to
quickly find what you need, perform tasks efficiently, and speed up your building
workflow. Enjoy a refreshed design and new commands to perform block-specific
actions in this release.

- Categorize and filter patterns
Patterns are an excellent way to leverage the potential of blocks and simplify
your site-building process. WordPress 6.4 allows you to organize them with
custom categories. Plus, new advanced filtering in the Patterns section of
the inserter makes finding all your patterns more intuitive.

- Get creative with more design tools
Build beautiful and functional layouts with an expanded set of design tools.
Play with background images in Group blocks for unique designs and maintain
image dimensions consistent with placeholder aspect ratios. Do you want to add
buttons to your Navigation block? Now you can do it conveniently without a line of code.

- Make your images stand out
Enable lightbox functionality to let your site visitors enjoy full-screen,
interactive images on click. Apply it globally or to specific images to
customize the viewing experience.

- Rename Group blocks
Set custom names for Group blocks to organize and distinguish areas of your
content easily. These names will be visible in List View.

- Preview images in List View
New previews for Gallery and Image blocks in List View let you visualize and
locate where images on your content are at a glance.

- Share patterns across sites
Need to use your custom patterns on another site? Import and export them as
JSON files from the Site EditorãàÑÔ patterns view.

- Introducing Block Hooks
Block Hooks enables developers to automatically insert dynamic blocks at specific
content locations, enriching the extensibility of block themes through plugins.
While considered a developer tool, this feature is geared to respect your
preferences and gives you complete control to add, dismiss, and customize
auto-inserted blocks to your needs.

- Performance wins
This release includes more than 100 performance-related updates for a faster and
more efficient experience. Notable enhancements focus on template loading
performance for themes (including Twenty Twenty-Four), usage of the script loading
strategies "defer" and "async" in core, blocks, and themes, and optimization
of autoloaded options.

- Accessibility highlights
Every release is committed to making WordPress accessible to everyone.
WordPress 6.4 brings several List View improvements and aria-label support for
the Navigation block, among other highlights. The admin user interface includes
enhancements to button placements, "Add New" menu items context, and Site Health
spoken messages. Learn more about all the work aimed at improving accessibility
in this post.

- Other notes of interest
PHP 8.1 or 8.2 are recommended for use with WordPress 6.4. Find in-depth details on PHP support in this post.
WordPress 6.4 disables attachment pages for new installations.

6.3:

- Do everything in the Site Editor
WordPress 6.3 brings your content, templates, and patterns together in the
Site Editor for the first time. Add pages, browse style variations, create
synced patterns, and enjoy fine-tuned control over navigation menus. Spend
less time switching across different site areas - so you can focus on what
matters most. Creation to completion, all in one place.

- Preview Block themes
Experience block themes before you switch and preview the Site Editor, with
options to customize directly before committing to a new theme.

- Create and sync patterns
Arrange blocks and save them to the 'My Patterns' section for use throughout
your site. You can even specify whether to sync your patterns (previously
referred to as "Reusable blocks") so that one change applies to all parts of
your site. Or, utilize patterns as a starting point with the ability to customize
each instance.

- Work faster with the Command Palette
Switch to a specific template or open your editor preferences with a new tool
that helps you quickly access expanded functionality. With simple keyboard
shortcuts (mac+k on Mac or Ctrl+k on Windows), clicking the sidebar search icon
in Site View, or clicking the Title Bar, get where you need to go and do what
you need to do in seconds.

- Sharpen your designs with new tools
New design controls bring more versatility for fine-tuning, starting with the
ability to customize your captions from the Styles interface without coding.
You can manage your duotone filters in Styles for supported blocks and pick from
the options provided by your theme or disable them entirely. The Cover block
gets added settings for text color, layout controls, and border options, making
this powerful block even more handy.

- Track design changes with Style revisions
With a new audit trail, you can now see how your site looked at a specific time.
Visualize these revisions in a timeline and access a one-click option to
restore prior styles.

- Annotate with the Footnotes block
Footnotes add convenient annotations throughout your content.
Now you can add and link footnotes for any paragraph.

- Show or hide content with the Details block
Use the Details block to avoid spoiling a surprise, create an interactive Q&A
section, or hide a long paragraph under a heading.

- Performance gets a boost
WordPress 6.3 has 170+ performance updates, including defer and async support
for the Scripts API and fetchpriority support for images. These improvements,
along with block template resolution, image lazy-loading, and the emoji loader,
can dramatically improve your website's perceived load time.

- Accessibility remains a core focus
Incorporating more than 50 accessibility improvements across the platform,
WordPress 6.3 is more accessible than ever. Improved labeling, optimized tab
and arrow-key navigation, revised heading hierarchy, and new controls in
the admin image editor allow those using assistive technologies to navigate
more easily.

- Other highlights
- Set aspect ratio on images
Specify your aspect ratios and ensure design integrity, especially when using images in patterns.

- Build your site distraction-free
Distraction-free designing is now available in the Site Editor.

- Rediscover the Top Toolbar
A revamped Top Toolbar offers parent selectors for nested blocks, options when selecting multiple blocks, and an interface embedded into the title bar with new functionality in mind.

- List View improvements
Drag and drop to every content layer and delete any block you would like in the updated List View.

- Build templates with Patterns
Create unique patterns to jumpstart template creation with a new modal enabling access to pattern selection.

6.2:

- Meet the reimagined Site Editor
An updated interface gives you more control over your site editing experience.
Explore full previews of your templates and template parts, then jump in and
get to editing your site from wherever you choose.

- Manage your menu in more ways with the Navigation block
A new sidebar experience makes it easier to edit your site's navigation.
Add, remove, and reorder menu items fasterãàÇÏo matter how complex
your menus are.

- Discover a smoother experience for the Block Inserter
A refreshed design gives you more visibility and easier access to the content
you need. Use the Media tab to drag and drop content from your existing Media
Library quickly. Find patterns faster with a split view that lets you navigate
categories and see previews all at once.

- Find the controls you want when you need them
Your block settings sidebar is better organized with tabs for Settings and
Styles. So the tools you need are easy to identify and access.

- Build faster with headers and footers for block themes
Discover a new collection of header and footer patterns. Use them with any
block theme as a quick, high-quality starting point for your site's templates.

- Explore Openverse media right from the Editor
Openverse's library catalogs over 600 million free, openly licensed stock images
and audio - and now it's directly integrated into the Editor.

- Focus on writing with Distraction Free mode
For those times you want to be alone with your ideas. You can now hide all
your panels and controls, leaving you free to bring your content to life.

- Experience the Site Editor, now out of beta
Stable and ready for you to dive in and explore: 6.2 is your personal invitation
to discover what the next generation of WordPress - and block themes - can do.

- Meet the new Style Book
Get a complete overview of how every block in your site's library looks.
All in one place, all at a glance.

- Copy and paste styles
Perfect the design on one type of block, then copy and paste those styles to
other blocks to get just the look you want.

- Custom CSS
Power up your site any way you wish. Add CSS to your site, or your blocks,
for another level of control over your site's look and feel.

- Sticky positioning
Choose to keep top-level group blocks fixed to the top of a page as visitors scroll.

- Importing widgets
Options to import your favorite widgets from Classic themes to Block themes.

- Local fonts in themes
Default WordPress themes offer better privacy with Google Fonts now included.

Revision 1.106 / (download) - annotate - [select for diffs], Mon Nov 28 09:26:18 2022 UTC (16 months, 3 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)

Update to version 6.1.

Changes:

- Twenty Twenty-Three: A fresh default theme with 10 distinct style variations
After the introduction of foundational elements for block themes and style variations introduced by the 5.9 and 6.0 releases WordPress site builders welcome a new default theme, Twenty Twenty-Three, that is powered by 10 different styles and tagged as "Accessibility Ready." These intentionally unique ensure users can apply a different look and feel to their site with a single click-all within a single theme.

- New templates for an improved creator experience
Additional new and more refined templates now give site builders more control over the creation of their sites. In this suite of new templates find a custom template for posts & pages in the Site Editor. Create and edit template parts like headers and footers more quickly with a new search-and-replace tool and easily view your new site.

- Design tools for more consistency and control
Thoughtful upgrades to the controls for design elements and blocks make laying out and building your new site a more consistent, complete, and intuitive experience.

- Manage menus with ease
New fallback options in the navigation block mean you can edit the menu that's open; no searching needed. Plus, the controls for choosing and working on menus have their own place in the block settings. The mobile menu system also gets an upgrade with new features, including different icon options, to make the menu yours.

- Cleaner layouts and document settings visualization
View and manage post and page settings with a better-organized display improving the use of features like template picker and scheduler.

- One-click lock setting for all inner blocks
When locking blocks, a new toggle lets you apply your lock settings to all the blocks in a containing block like the group, cover, and column blocks.

- Improved block placeholders
Various blocks have improved placeholders that reflect customization options to help you design your site and its content. For example, the Image block placeholder displays custom borders and duotone filters even before selecting an image.

- Compose richer lists and quotes with inner blocks
The List and Quote blocks now support inner blocks, allowing for more flexible and rich compositions like adding headings inside your Quote blocks.

- More Responsive text with fluid typography
Fluid typography lets you define font sizes that adapt for easy reading in any screen size.

- Add starter patterns to any post type
In WordPress 6.0, when you created a new page, you would see suggested patterns so you did not have to start with a blank page. In 6.1, you will also see the starter patterns modal when you create a new instance of any post type.

- Find block themes faster
The Themes Directory has a filter for block themes, and a pattern preview gives a better sense of what the theme might look like while exploring different themes and patterns.

- Keep your Site Editor settings for later
Site Editor settings are now persistent for each user. This means your settings will now be consistent across browsers and devices.

- A streamlined style system
The CSS rules for margin, padding, typography, colors, and borders within the styles engine are now all in one place, reducing time spent on layout-specific tasks and helps to generate semantic class names.

- Updated interface options and features
Updates include styling elements like buttons, citations, and links globally; controlling hover, active, and focus states for links using theme.json (not available to control in the interface yet); and customizing outline support for blocks and elements, among other features.

- Continued evolution of layout options
The default content dimensions provided by themes can now be overridden in the Styles Sidebar, giving site builders better control over full-width content. Developers have fine-grained control over these controls.

- Block Template parts in classic themes
Block template parts can now be defined in classic themes by adding the appropriate HTML files `parts` directory at the root of the theme.

- Expanded support for Query Loop blocks
New filters let Query Block variations support custom queries for more powerful variations and advanced hierarchical post types filtering options.

- Filters for all your styles
Leverage filters in the Styles sidebar to control settings at all four levels of your siteãàÇÄore, theme, user, or block, from less to more specific.

- Spacing presets for faster, consistent design
Save time and avoid hard-coding values into a theme with preset margin and padding values for multiple blocks.

- Content-only editing support for container blocks
Thanks to content-only editing settings, layouts can be locked within container blocks. In a content-only block, its children are invisible to the List View and entirely uneditable. So you control the layout while your writers can focus on the content. Combine it with block-locking options for even more advanced control over your blocks.

- Other notes of interest
6.1 includes a new time-to-read feature showing content authors the approximate time-to-read values for pages, posts, and custom post types.
The site tagline is empty by default in new sites but can be modified in General Settings.
A new modal design offers a background blur effect, making it easier to focus on the task at hand.

- Enhancing WordPress 6.1 accessibility
Accessibility is an integral part of the WordPress mission of fostering an inclusive community and supporting users of all types around the world. With this in mind, WordPress 6.1 includes nearly 60 updates specifically focused on enhancing the accessibility of the platform. Read about these updates to learn more about the continual initiatives aimed at improving accessibility.

- Improved performance in WordPress 6.1
WordPress 6.1 resolves more than 25 tickets dedicated to enhancing performance with improvements for every type of site. A full breakdown can be found in the Performance Field Guide.

Explore learn.wordpress.org for brief how-to videos and lots more on new features in WordPress. Or join a live interactive online workshop on a specific WordPress topic.

Developers can explore the WordPress 6.1 Field Guide, complete with detailed developer notes to help you build with and extend WordPress.Read the WordPress 6.1 Release Notes for more information on the included enhancements and issues fixed, installation information, developer notes and resources, release contributors, and the list of file changes in this release.

Revision 1.105 / (download) - annotate - [select for diffs], Sat Apr 9 15:07:15 2022 UTC (2 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.104: +2 -2 lines
Diff to previous 1.104 (colored)

Update to version 5.9.3.

Changes:

Maintenance updates
This maintenance release features 9 bug fixes in Core and 10 bug fixes in the block editor.
The following core tickets from Trac were fixed:
    #52409 Filesystem API: Include the ssh-ed25519 public key signature algorithm as an alternative to ssh-rsa
    #54878 Themes: Hide block themes live preview link following installation
    #54916 Administration: Do not specify menu order for the Widgets menu when the active theme is a block theme
    #54939 Customizer: When a block theme is active, add an information about Site Editor in the Customizer
    #55203 Media: Make get_post_galleries() only return galleries
    #55241 Themes: Avoid undefined variable warning on get_svg_filters()
    #55311 Editor: Fix broken asset URLs when using WP outside of the regular directory
    #55337 Editor: Optimize preload paths for post and site editors
    #55474 Update WordPress packages for 5.9.3

The following block editor issues from GitHub were fixed:
    PR38136 Adds aria-label to the search button, as accessibility enhancement
    PR38863 Template List: Decode entities in record titles
    PR38891 Use wp_unique_id() instead of uniqid() to generate CSS class names
    PR38765 Cover block: Fix gradient overlay (remove black background color)
    PR39045 Try: Fix image responsive rules
    PR38762 Fixes #38761 by removing obsolete ::before pseudo element
    PR39091 Avoid error when ãàÏÔtylesãàsettings are removed
    PR39164 Change location of block support styles in <head>
    PR39340 Image: Restore baseline responsiveness in the block
    PR39445 Fix: Table block doesnãàÑÕ keep background color

Revision 1.101.4.2 / (download) - annotate - [select for diffs], Sun Mar 13 18:48:14 2022 UTC (2 years, 1 month ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.101.4.1: +2 -2 lines
Diff to previous 1.101.4.1 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)

Pullup ticket #6600 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.103-1.104
- www/wordpress/PLIST                                           1.51
- www/wordpress/distinfo                                        1.87-1.88

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Tue Feb 22 23:14:24 UTC 2022

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 5.9.1

   Changes for 5.9 are too big to list. You can view them here: \
   https://wordpress.org/news/2022/01/josephine/

   Changes in 5.9.1:

   WordPress 5.9.1 features 33 bug fixes on Core, as well as 52 bug fixes for the Block \
   Editor. The WordPress 5.9.1 release was led by Jean-Baptiste Audras and George \
   Mamadashvili. The following core tickets from Trac were fixed:

       #54250  Twenty Twenty One: Editor Buttons margins incompatible with gap
       #54782  Default presets in use by default themes need to be updated
       #54844  Unnecessary database queries when a block theme isn't in use
       #54849  Site transients cause DB errors when installing
       #54862  FSE Navigation Block Styling Submenu
       #54886  "Show hidden updates" button is invisible
       #54889  Cannot access "Manage menus" in Navigation block toolbar when running a \
   classic theme  #54896  TT2: Blank screen displayed for custom post type
       #54900  PHP warning in `WP_REST_Global_Styles_Controller` if no `styles` exist in \
   theme.json  #54902  Media Library Overlay Drag-and-Drop To Reorder Images Does Not \
   Work In WP 5.9  #54904  Bounce hoverIntent.js version in script-loader to 10.1.2
       #54906  Check _get_cron_array type in upgrade_590 routine
       #54908  Standard post type UI is exposed for templates and template parts
       #54911  Twenty Twenty-Two: Theme Check Plugin issue for the image size
       #54922  Normalizing CSS also catches CSS IDs instead of only URLs
       #54928  Twenty Twenty-Two: 404 search label should be translated
       #54929  Twenty Twenty-Two: Pricing Table pattern header levels should be \
   consistent  #54944  By applying a background color to a group block, it aligns to the \
   left in the editor  #54955  Custom fields issue
       #54960  Media Library Dragging Option Isn't Reflected
       #54977  Dashboard welcome banner: fix bug when displayed in certain contexts
       #55018  Twenty Twenty-Two Ã¢¬â Update theme URI link
       #55072  Widgets editor: Widget Group is missing .wp-widget-group__inner-blocks \
   container  #55103  Twenty Twenty-Two: Restore padding for Group blocks with a \
   background color  #55109  Plugins no longer download to tmp folder
       #55148  In block themes, styles should load in the head
       #55151  View scripts of blocks are loaded in editor
       #55161  Full Site Editing: PHP Warning with incomplete presets
       #55177  Normalizing relative CSS links should skip data URIs
       #55178  Allow fully extending WP_Theme_JSON and WP_Theme_JSON_Resolver classes
       #55179  Backport bugfixes from Gutenberg into Core for WP 5.9.1
       #55188  Block styles should load after global styles in the editor
       #55190  Global styles duotone not rendering in post editor

   The following block editor issues from GitHub were fixed:

       PR38857  Fix for late static binding in the resolver
       PR38780  Block Editor: Add settings to enable/disable auto anchor generation
       PR38750  Load block support styles in the head for block themes
       PR38745  Fix global styles loading logic
       PR38695  Site Editor: Limit template part slugs to Latin chars
       PR38671  Allow extending the WP_Theme_JSON_Gutenberg class
       PR38656  Edit Site: Add template check to Ã¢¬Ë×ÔetPage' action
       PR38655  Add site editor initial redirect error handling
       PR38649  Fix search block html handling for label and button text
       PR38642  Gallery block: copy all attributes when transforming to Image blocks
       PR38625  Allow child classes to use the private methods and constants
       PR38561  Only apply the social links block migration if there's a need for a \
   migration  PR38516  Block preview: fix resize listener
       PR38442  Duotone: Allow users to specify custom filters
       PR38432  Remove the aria-label from the site title block
       PR38399  Images: Try moving responsive rule to common.scss.
       PR38362  Cover block: Add back missing styles
       PR38310  Gallery block: fix bug with link destination default option not being \
   set  PR38189  Gallery: Ensure the last image takes up all available space
       PR38070  Post Editor: Fix template queries
       PR37983  Tree Grid: Fix keyboard navigation for expand/collapse table rows in \
   Firefox  PR37954  Fix duotone render in non-fse themes
       PR37941  Unset inherited backgrounds on Posts Lists
       PR37895  Site Editor: Fix broken Ã¢¬Ë×³edo' by removing faulty logic for discarding \
   unsaved Logo changes  PR37885  Load the global styles before the theme styles in the \
   editor  PR37853  Block.json schema: update fontSize and lineHeight props
       PR37840  [History]: Fix redo after update/publish with transient edits
       PR37778  Update core/archive block schema to reflect no block-level settings \
   support  PR37774  Spacer: Fix unit settings filter
       PR37762  Schema: Fix appearanceTools in theme.json schema
       PR37650  Site Editor: Add keyboard shortcut help modal
       PR37647  Site Editor: Add the "Help" link to the tools menu
       PR37644  Fix: Coloring panel is unusable in RTL
       PR37569  Docs: Add automated theme.json reference documentation
       PR37493  Update: make color style labels simpler
       PR37486  Show UI warning if Pages cannot be retrieved in Page List block
       PR37474  Fix empty gray circle when site has no logo on template list page
       PR37430  Update: Allow color gradient popover to be above the color toggle
       PR37425  Border panel: Collapse color controls
       PR37248  Site editor Ã¢¬â try redirecting to homepage before the react render
       PR37165  Remove versioning in theme schema descriptions
       PR37067  Update: PanelColorGradientSettings to use dropdowns
       PR37034  Block Editor: Handle the absence of href attrib in links
       PR36917  Update theme.json version
       PR36746  Update theme.json schema to allow for per-block management of settings
       PR36540  Post Featured Image: Move width and height controls into the Dimensions \
   panel via SlotFill  PR36411  Schemas: Allow custom blocks in theme.json styles
       PR36343  Add pattern to name key in block.json Schema
       PR36295  Schema: Allow block.json attribute type to be an array
       PR36236  Fix duotone theme cache
       PR36186  Spacer: add custom units for height and width
       PR30873  Focus save button when entities save states panel is opened

---
   Module Name: pkgsrc
   Committed By: morr

   Date: Sat Mar 12 17:16:30 UTC 2022
   Modified Files:


   pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security fix for Wordpress.
   Fixing 1 bug and 3 security bugs.


   More informaton here:
   https://wordpress.org/support/wordpress-version/version-5-9-2/

Revision 1.104 / (download) - annotate - [select for diffs], Sat Mar 12 17:16:30 2022 UTC (2 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)

Security fix for Wordpress.

Fixing 1 bug and 3 security bugs.

More informaton here: https://wordpress.org/support/wordpress-version/version-5-9-2/

Revision 1.103 / (download) - annotate - [select for diffs], Tue Feb 22 23:14:24 2022 UTC (2 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.102: +2 -2 lines
Diff to previous 1.102 (colored)

Update to version 5.9.1

Changes for 5.9 are too big to list. You can view them here: https://wordpress.org/news/2022/01/josephine/

Changes in 5.9.1:

WordPress 5.9.1 features 33 bug fixes on Core, as well as 52 bug fixes for the Block Editor.
The WordPress 5.9.1 release was led by Jean-Baptiste Audras and George Mamadashvili.
The following core tickets from Trac were fixed:

    #54250  Twenty Twenty One: Editor Buttons margins incompatible with gap
    #54782  Default presets in use by default themes need to be updated
    #54844  Unnecessary database queries when a block theme isnãàÑÕ in use
    #54849  Site transients cause DB errors when installing
    #54862  FSE Navigation Block Styling Submenu
    #54886  "Show hidden updates" button is invisible
    #54889  Cannot access "Manage menus" in Navigation block toolbar when running a classic theme
    #54896  TT2: Blank screen displayed for custom post type
    #54900  PHP warning in `WP_REST_Global_Styles_Controller` if no `styles` exist in theme.json
    #54902  Media Library Overlay Drag-and-Drop To Reorder Images Does Not Work In WP 5.9
    #54904  Bounce hoverIntent.js version in script-loader to 10.1.2
    #54906  Check _get_cron_array type in upgrade_590 routine
    #54908  Standard post type UI is exposed for templates and template parts
    #54911  Twenty Twenty-Two: Theme Check Plugin issue for the image size
    #54922  Normalizing CSS also catches CSS IDs instead of only URLs
    #54928  Twenty Twenty-Two: 404 search label should be translated
    #54929  Twenty Twenty-Two: Pricing Table pattern header levels should be consistent
    #54944  By applying a background color to a group block, it aligns to the left in the editor
    #54955  Custom fields issue
    #54960  Media Library Dragging Option IsnãàÑÕ Reflected
    #54977  Dashboard welcome banner: fix bug when displayed in certain contexts
    #55018  Twenty Twenty-Two ãàUpdate theme URI link
    #55072  Widgets editor: Widget Group is missing .wp-widget-group__inner-blocks container
    #55103  Twenty Twenty-Two: Restore padding for Group blocks with a background color
    #55109  Plugins no longer download to tmp folder
    #55148  In block themes, styles should load in the head
    #55151  View scripts of blocks are loaded in editor
    #55161  Full Site Editing: PHP Warning with incomplete presets
    #55177  Normalizing relative CSS links should skip data URIs
    #55178  Allow fully extending WP_Theme_JSON and WP_Theme_JSON_Resolver classes
    #55179  Backport bugfixes from Gutenberg into Core for WP 5.9.1
    #55188  Block styles should load after global styles in the editor
    #55190  Global styles duotone not rendering in post editor

The following block editor issues from GitHub were fixed:

    PR38857  Fix for late static binding in the resolver
    PR38780  Block Editor: Add settings to enable/disable auto anchor generation
    PR38750  Load block support styles in the head for block themes
    PR38745  Fix global styles loading logic
    PR38695  Site Editor: Limit template part slugs to Latin chars
    PR38671  Allow extending the WP_Theme_JSON_Gutenberg class
    PR38656  Edit Site: Add template check to ãàÏÔetPageãàaction
    PR38655  Add site editor initial redirect error handling
    PR38649  Fix search block html handling for label and button text
    PR38642  Gallery block: copy all attributes when transforming to Image blocks
    PR38625  Allow child classes to use the private methods and constants
    PR38561  Only apply the social links block migration if thereãàÑÔ a need for a migration
    PR38516  Block preview: fix resize listener
    PR38442  Duotone: Allow users to specify custom filters
    PR38432  Remove the aria-label from the site title block
    PR38399  Images: Try moving responsive rule to common.scss.
    PR38362  Cover block: Add back missing styles
    PR38310  Gallery block: fix bug with link destination default option not being set
    PR38189  Gallery: Ensure the last image takes up all available space
    PR38070  Post Editor: Fix template queries
    PR37983  Tree Grid: Fix keyboard navigation for expand/collapse table rows in Firefox
    PR37954  Fix duotone render in non-fse themes
    PR37941  Unset inherited backgrounds on Posts Lists
    PR37895  Site Editor: Fix broken ãàÏ³edoãàby removing faulty logic for discarding unsaved Logo changes
    PR37885  Load the global styles before the theme styles in the editor
    PR37853  Block.json schema: update fontSize and lineHeight props
    PR37840  [History]: Fix redo after update/publish with transient edits
    PR37778  Update core/archive block schema to reflect no block-level settings support
    PR37774  Spacer: Fix unit settings filter
    PR37762  Schema: Fix appearanceTools in theme.json schema
    PR37650  Site Editor: Add keyboard shortcut help modal
    PR37647  Site Editor: Add the ãà×©elpãàlink to the tools menu
    PR37644  Fix: Coloring panel is unusable in RTL
    PR37569  Docs: Add automated theme.json reference documentation
    PR37493  Update: make color style labels simpler
    PR37486  Show UI warning if Pages cannot be retrieved in Page List block
    PR37474  Fix empty gray circle when site has no logo on template list page
    PR37430  Update: Allow color gradient popover to be above the color toggle
    PR37425  Border panel: Collapse color controls
    PR37248  Site editor ãàtry redirecting to homepage before the react render
    PR37165  Remove versioning in theme schema descriptions
    PR37067  Update: PanelColorGradientSettings to use dropdowns
    PR37034  Block Editor: Handle the absence of href attrib in links
    PR36917  Update theme.json version
    PR36746  Update theme.json schema to allow for per-block management of settings
    PR36540  Post Featured Image: Move width and height controls into the Dimensions panel via SlotFill
    PR36411  Schemas: Allow custom blocks in theme.json styles
    PR36343  Add pattern to name key in block.json Schema
    PR36295  Schema: Allow block.json attribute type to be an array
    PR36236  Fix duotone theme cache
    PR36186  Spacer: add custom units for height and width
    PR30873  Focus save button when entities save states panel is opened

Revision 1.101.4.1 / (download) - annotate - [select for diffs], Fri Jan 14 07:33:32 2022 UTC (2 years, 3 months ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)

Pullup ticket #6567 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile 1.102
- www/wordpress/PLIST 1.50
- www/wordpress/distinfo 1.86

---
Module Name: pkgsrc
Committed By: morr
Date: Mon Jan 10 20:48:20 UTC 2022

Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update to 5.8.3.

Changes since 5.8:

5.8.3

4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues:

* Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
* Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
* Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
* Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query.

More info on https://wordpress.org/support/wordpress-version/version-5-8-3/

5.8.2

1 security update and fixed 2 bugs.

More info on https://wordpress.org/support/wordpress-version/version-5-8-2/

5.8.1

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

* Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
* Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
* The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:

* Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release's beta period.
* Props Steve Henty for reporting a privilege escalation issue in the block editor.

More info on https://wordpress.org/support/wordpress-version/version-5-8-1/

Revision 1.102 / (download) - annotate - [select for diffs], Mon Jan 10 20:48:20 2022 UTC (2 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)

Security update to 5.8.3.

Changes since 5.8:

5.8.3

4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues:

More info on https://wordpress.org/support/wordpress-version/version-5-8-3/

5.8.2

1 security update and fixed 2 bugs.

More info on https://wordpress.org/support/wordpress-version/version-5-8-2/

5.8.1

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

More info on https://wordpress.org/support/wordpress-version/version-5-8-1/

Revision 1.101 / (download) - annotate - [select for diffs], Sun Jul 25 11:49:00 2021 UTC (2 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q3-base, pkgsrc-2021Q3
Branch point for: pkgsrc-2021Q4
Changes since 1.100: +2 -2 lines
Diff to previous 1.100 (colored)

Welcome to version 5.8.

Highlights of this release:
- manage widgets with blocks
- display posts with new blocks and patterns
- overview of the page structure
- suggested patterns for blocks
- style and colorize images
- theme.json
- dropping support for IE11
- adding support for WebP
- adding additional block supports

More details here: https://wordpress.org/support/wordpress-version/version-5-8/

Revision 1.99.2.1 / (download) - annotate - [select for diffs], Sat Jul 24 16:38:46 2021 UTC (2 years, 8 months ago) by bsiegert
Branch: pkgsrc-2021Q2
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored) next main 1.100 (colored)

Pullup ticket #6490 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.100
- www/wordpress/distinfo                                        1.82

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sat Jul 17 15:51:33 UTC 2021

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 5.7.2.

   Security issue fixed:
   - Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.

Revision 1.100 / (download) - annotate - [select for diffs], Sat Jul 17 15:51:33 2021 UTC (2 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)

Security update to 5.7.2.

Security issue fixed:
- Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.

Revision 1.99 / (download) - annotate - [select for diffs], Fri Apr 23 06:05:55 2021 UTC (2 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base
Branch point for: pkgsrc-2021Q2
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored)

Security update to 5.7.1.

Two security issues affect WordPress versions between 4.7 and 5.7.

- thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
- thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API

Revision 1.98 / (download) - annotate - [select for diffs], Sun Mar 14 17:01:33 2021 UTC (3 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)

Update to version 5.7

Highlights of this release:
- block editor changes
- WP Admin: a new color palette
- from HTTP to HTTPS in a single click
- new robots API
- ongoing cleanup after update to jQuery 3.5.1
- lazy-load your iframes # Lazy-load your iframes

More details here: https://wordpress.org/support/wordpress-version/version-5.7/

Revision 1.97 / (download) - annotate - [select for diffs], Sun Feb 28 00:04:11 2021 UTC (3 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)

Update to version 5.6.2.

Changes:

5.6.2:
This maintenance release features 5 bug fixes. These bugs affect WordPress version 5.6.1.

WordPress Core changes on Trac:
- #52440: Prevent the "Leave site" browser alert in Classic Editor when post title, excerpt, or post content fields are missing.
- #52018: Avoid a fatal error in PHP 8.0 when the "zip" PHP extension is disabled.

Block editor changes from GitHub and Trac:

- #52396: Image options are not visible in pop up when the clicking replace button from Image block.
- #52449: Can't change font size the 5.6.1 paragraph block.
- GH-26583: Restore block preview within the block inserter.

5.6.1:
This maintenance release features 20 bug fixes as well as 7 issues fixed on the block editor. These bugs affect WordPress version 5.6

WordPress Core changes on Trac:

- #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
- #52327: Requested updates to the PHP Update Alert
- #51940: The schema for the taxonomy property of a term in the REST API should not include all taxonomies
- #51980: App Passwords: ãàÏ¢dd New Application Passwordãàsubmit button is hidden on mobile devices in ãàÏ¶ser Profileãàpage
- #51995: WordPress 5.6: Classic editor menu is not sticky
- #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
- #52013: Duplicate wp_authorize_application_password_form actions
- #52030: Media metaboxes return fatal error if no author metadata present
- #52038: Issue in WooCommerce with wp_editor() after update to WP 5.6
- #52046: The Distraction Free Writing setting on the old Edit Post screen may be reset after page reload
- #52065: Media gallery: ãàÏ¢lignãàand ãàÏink Toãàfields missing from ãàÏªnsert from URLãà- #52066: Application Passwords are unusable in combination with password protected /wp-admin
- #52075: Word Count on Classic Editor doesnãàÑÕ update in real time on Firefox unless saved
- #52097: Site Health Loopback Test doesnãàÑÕ send admin cookies
- #52135: False positive on `WP_Site_Health_Auto_Updates`
- #52196: wp_get_attachment_metadata() is broken if no first argument is passed in.
- #52205: REST API: Plugins Controller single plugin route fatal errors on multisite
- #52299: Exported user data can be listed with directory listing
- #52351: missing echo function for translate method
- #52391: Gutenberg Updates for 5.6.1

Block editor changes from GitHub:

- #27970: Fix editor crash when registering a block pattern without categories
- #27733: Embed block: Add html and reusable support back
- #27727: Add aria labels to box control component inputs/button
- #27627: HTML Block: Fix editor styles
- #27526: Core Data: Normalize _fields value for use in stableKey
- #26705: Fix: Font size picker does not correctly handles big font sizes.
- #26432: Edit Site: prevent inserter overscroll

Revision 1.96 / (download) - annotate - [select for diffs], Fri Dec 11 18:09:09 2020 UTC (3 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)

Update to Wordpress 5.6.

List of changes is here: https://wordpress.org/support/wordpress-version/version-5-6/

Revision 1.95 / (download) - annotate - [select for diffs], Sun Nov 1 15:06:08 2020 UTC (3 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.94: +2 -2 lines
Diff to previous 1.94 (colored)

Security and maintenance update to version 5.5.3.

5.5.3:

This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.

5.5.2:

Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Maintenance updates:
#51130 Events displayed in venue timezone instead of userãàÑÔ
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the siteãàÑÔ
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files

Revision 1.94 / (download) - annotate - [select for diffs], Sat Sep 19 12:29:15 2020 UTC (3 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)

Update to wordpress 5.5.1.

Changes:

5.5:
- lazy-loaded images
- new sitemap
- autoupdate of plugins and themes
- block editor:
  - block patterns
  - block directory
  - inline image editing

5.5.1:
WordPress Core changes on Trac:

#50882 - Administration: WP 5.5: Cannot attribute content when deleting users
#50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" dropdown menu doesn't work
#38009 - Comments: #reply-title.comment-reply-title not updating when replying to an individual
#50845 - Editor: Block patterns: Fix translatable strings (take 2)
#50858 - Site Health: Check PHP notices with site_status_tests filter
#50887 - Site Health: Add site environment to debug information
#50892 - Editor: Some block patterns have text contrast issues with dark themes
#50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated
#50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error
#50919 - Script Loader: Change the jquery handle back to an alias for jquery-core
#50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox
#50945 - Site Health: don't give a warning when upload_max_size is lower than max_post_size
#50988 - Upgrade/Install: Pass details about the specific plugin and theme updates attempted to filters
#50992 - Bootstrap/Load: Remove the ability to alter the list of environment types in wp_get_environment_type()
#50999 - Script Loader: Disable concatenation for scripts with translations to ensure they are printed in the right order
#51011 - Upgrade/Install: Empty string comparison on home option during DB upgrades is invalid
#51018 - Editor: PHP Notice thrown when searching for certain terms via the Gutenberg block directory
#51151 - Editor: Packages update
#51021 - REST API: Permit uniqueItems keyword in endpoint args
#51146 - REST API: Fix multi-type schemas with integer fields
#51029 - Filesystem API: Typo in variable name causes warning from fclose()
#51042 - Post: missing excerpt
#51050 - Docs: Add docblock for get_the_archive_title() filter
#51052 - Administration: Undefined index: update-supported
#51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5
#51064 - Bootstrap/Load: Consider adding "local" as environment on WP_ENVIRONMENT_TYPE
#51073 - Administration: Extra padding below the admin bar
#51075 - Docs: Update docs for custom logo functions
#51122 - Docs: add a mention about the use of loading attribute in wp_get_attachment_image function
#51127 - UI/CSS: Remove non-color related styling from Modern color scheme
#51129 - Upgrade/Install: Only display the auto-update links on the Network Admin > Themes screen for themes that support the feature
#51337 - Template: wp_terms_checklist not checking selected taxonomy items with selected_cats option
#51184 - get_the_date() checks $format only for empty variable and fails on false boolean
#51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server
#38009 - #reply-title.comment-reply-title not updating when replying to an individual
#51123 - commonL10n and other JS globals removed without backwards compatibility
#50848 - Clarify the usage of null for auto_update_{$type} filter
#51081 - Fatal Error - Undefined get_page_templates() in Customizer
#51154 - sitemaps should be initialized before each test is run
#51028 - Dot should be out of the quotes

Block editor changes from GitHub:

PR24609 -  Fix missing selected block highlighting in list view
PR24599 -  Fix specificity for buttons with outline style and background colors
PR24533 -  Fix incorrect aria description in List View
PR24516 -  Fix regression bug for category select in QueryControls component
PR24478 -  Fix tiny editor preview when using Mobile or Tablet options with metaboxes enabled

Revision 1.93 / (download) - annotate - [select for diffs], Sun Jun 21 19:02:31 2020 UTC (3 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)

Security and maintenance update to Wordpress 5.4.2.

Changes:

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you havenãàÑÕ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- Props to Luigi ãà(gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

More details on https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

Revision 1.92 / (download) - annotate - [select for diffs], Sun May 3 12:00:03 2020 UTC (3 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)

Update to version 5.4.1.

Changes for 5.4:

Too much to include here, visit https://wordpress.org/support/wordpress-version/version-5-4/

Changes for 5.4.1:

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so youãàÑÍl want to upgrade. If you havenãàÑÕ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.

WordPress 5.4.1 also fixes some regressions introduced in version 5.4:

#49838 ãàAccessibility: Fix the headings hierarchy on the Freedoms page
#49798 ãàCustomize: Give the WordPress logo a white background for dark mode browsers
#49853 ãàMail: Make the check for empty post title in wp-mail.php more resilient
#49753 ãàMedia: Remove display: none; from the (visually hidden) <input type="file"> button used in Plupload to select files for uploading. Fixes selecting files in Edge <= 44 and iOS Safari
#49772 ãàPrivacy: Support additional elements (table, ol, ul) in privacy policy guide new styling
#49802 ãàPrivacy: Make the deprecated wp_get_user_request_data() function available on front end
#49645 ãàREST API: Fix revisions controller get_item permission check
#49648 ãàREST API: Fix _fields filtering of registered rest fields
#49824 ãàSite Health: Instantiation prevents use of some hooks by plugins
#49759 ãàTaxonomy: Un-deprecate category_link and tag_link filters
#49974 ãàBlock Editor updates

Revision 1.90.4.1 / (download) - annotate - [select for diffs], Sun Feb 23 18:10:23 2020 UTC (4 years, 1 month ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.90: +2 -3 lines
Diff to previous 1.90 (colored) next main 1.91 (colored)

Pullup ticket #6139 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile 1.91
- www/wordpress/PLIST 1.42
- www/wordpress/distinfo 1.73

---
Module Name: pkgsrc
Committed By: morr
Date: Sun Feb 23 09:59:42 UTC 2020

Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to version 5.3.2.

Changes:

Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Maintenance updates
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesnãàÑÕ exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the userãàÑÔ locale instead of the site locale.

Revision 1.91 / (download) - annotate - [select for diffs], Sun Feb 23 09:59:42 2020 UTC (4 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.90: +2 -3 lines
Diff to previous 1.90 (colored)

Update to version 5.3.2.

Changes:

Revision 1.90 / (download) - annotate - [select for diffs], Mon Dec 9 14:20:57 2019 UTC (4 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base
Branch point for: pkgsrc-2019Q4
Changes since 1.89: +2 -1 lines
Diff to previous 1.89 (colored)

Bump PKGREVISION by changing of default PHP version.

Revision 1.89 / (download) - annotate - [select for diffs], Wed Dec 4 08:06:04 2019 UTC (4 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored)

Update to version 5.3.

Changes:
- Block Editor Improvements
- Expanded Design Flexibility
- new theme called Twenty Twenty
- Automatic Image Rotation
- Site Health Checks
- Admin Email Verification
- Date/Time Component Fixes
- PHP 7.4 Compatibility

For full changes, look at https://wordpress.org/support/wordpress-version/version-5-3/

Revision 1.88 / (download) - annotate - [select for diffs], Wed Oct 23 07:25:20 2019 UTC (4 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)

Maintenance and security update to version 5.2.4.

Changes:
5.2.4:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

5.2.3:
#38415: New Custom Link menu item has a wrong fallback label
#45739: Block Editor: $editor_styles bug.
#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#46757: Media Trash: The Bulk Media options when in the Trash shouldnãàÑÕ provide two primary buttons
#46758: Media Trash: Primary button(s) should be on the left
#46899: Ensure that tables generated by the Settings API have no semantics
#47079: Incorrect version for excerpt_allowed_blocks filter
#47113: Media views: dismiss notice button is invisible
#47145: Feature Image dialog does not follow the dialog pattern
#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47390: Improve accessibility of forms elements within some ãà×Çorm-tableãàforms
#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47458: Fix tab sequence order in the Media attachment browser
#47489: Emoji are substituted in preformatted blocks
#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47538: Minor Verbiage Update ãàSwitch ãàÏÅeveloper timeãàfor ãàÏÂ developerãà#47543: Twenty Seventeen: buttons donãàÑÕ change color on hover and focus
#47561: Plugin: View details popup layout issue
#47603: My account toggle on admin bar not visible at high zoom levels
#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47687: Use alt tags for gallery images in editor
#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47693: customizer Color picker should get closed when click on color picker area.
#47723: Adding a custom link in nav-menus.php doesnãàÑÕ trim whitespace
#47758: Font sizes on installation screen are too small
#47835: PHP requirement always set to null for plugins
#47888: Adding a custom link in menu via Customize doesnãàÑÕ trim whitespace.

Security Fixes
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of FortinetãàÑÔ FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.

Revision 1.87 / (download) - annotate - [select for diffs], Tue Jul 16 19:31:21 2019 UTC (4 years, 9 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.86: +7 -7 lines
Diff to previous 1.86 (colored)

Update to 5.2.2. From the changelog:

5.2:
- Site Health
- PHP Error Protection
- Accessibility Updates
- New Dashboard Icons
- Plugin Compatibility Checks
- Privacy Updates
- New Body Hook
- Building JavaScript

5.2.1:
- 47180: An issue typing in the block editor while using a RTL language
  has been fixed.
- 47186: An bug causing 32-bit systems to run out of memory when using
  sodium_compat was fixed.
- 47189: The "Update your plugins" link in Site Health now links to the
  correct page in multisite installs.
- 47185: An issue in wp_delete_file_from_directory() where files were
  not deleting on Windows systems has been fixed.
- 47205: A bug was fixed where spaces could not be added in the Classic
  Editor after pressing shift+enter.
- 47265: 2 fatal errors on the error protection page when a PHP error
  was encountered in a drop-in (such as advanced-cache.php) were fixed.
- 47244: wp_targeted_link_rel() has been improved to prevent instances
  where single and double quotation marks were incorrectly staggered.
- 47169: PHP/MySQL minimum version requirement checks now return proper
  error codes when requirements are not met in test environments.
- 47177: The backwards compatibility of get_search_form() was improved.
- 47297: The accuracy of the HTTP requests test in Site Health was improved.
- 47229: TinyMCE has been updated to version 4.9.4.
- 47323: Prevents a fatal error that occurs when upgrading to 5.2.1 from
  WordPress < 5.2.
- 47304: Fixes a regression that can affect the accuracy of
  <lastBuildDate> in feeds.
- 47312: Changes the string used on the About page for 5.2.1 to one that
  is already translated.

5.2.2:
- 45094: Dashboard elements don't always have clear focus states, tab order
- 46289: RTL Bug ãàwrong navigation arrows in media modal
- 46749: Extra border is displaying at bottom of Help section in Firefox
  (Responsive : 778 * 841)
- 46881: Site Health: improve the header elements horizontal centering
- 46957: Site Health: Make site health page access be filterable
- 46960: Site Health: Table design issue in small devices (iphone 5/SE).
- 46997: Theme update links show in Customizer and don't work
- 47070: Recovery Mode Exit button not visible in responsive view
- 47158: Merge similar strings introduced in WP 5.2
- 47227: I18n: Merge similar translation strings ãàsite health tabs
- 47475: I18n: Merge similar strings and fix typo
- 47429: Editor: Update packages for WordPress 5.2.2
- 47457: Fix the mediaelements player controls bar sizing

Revision 1.86 / (download) - annotate - [select for diffs], Thu May 23 19:23:22 2019 UTC (4 years, 10 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)

all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.

Revision 1.85 / (download) - annotate - [select for diffs], Sat Mar 16 17:55:04 2019 UTC (5 years, 1 month ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)

Update Wordpress to 5.1.1 due to security issue outlined here:

https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/

Revision 1.84 / (download) - annotate - [select for diffs], Sat Mar 2 14:30:14 2019 UTC (5 years, 1 month ago) by wen
Branch: MAIN
Changes since 1.83: +2 -2 lines
Diff to previous 1.83 (colored)

Update to 5.1

Upstream changelog please visit:
https://wordpress.org/news/2019/02/betty/

Revision 1.83 / (download) - annotate - [select for diffs], Thu Jan 24 10:24:19 2019 UTC (5 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)

Update to newest version, 5.0.3.

Version 5.0.2 fixed 73 bugs. Details here:
https://wordpress.org/support/wordpress-version/version-5-0-2/

Version 5.0.3 fixed 37 bugs and 7 performance improvements for the block editor.
Details here:
https://wordpress.org/support/wordpress-version/version-5-0-3/

Revision 1.82 / (download) - annotate - [select for diffs], Thu Dec 13 07:09:42 2018 UTC (5 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.81: +2 -2 lines
Diff to previous 1.81 (colored)

Security update to 5.0.1.

More information at:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

Revision 1.81 / (download) - annotate - [select for diffs], Fri Dec 7 12:25:58 2018 UTC (5 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)

Update Wordpress to 5.0.

On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo,
was released to the public. WordPress 5.0 will revolutionize content editing
with introduction of a new block editor and block editor-compatible default
theme Twenty Nineteen.

More infomations at https://wordpress.org/support/wordpress-version/version-5-0/

Revision 1.78.2.1 / (download) - annotate - [select for diffs], Mon Jul 16 14:04:22 2018 UTC (5 years, 9 months ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored) next main 1.79 (colored)

Pullup ticket #5786 - requested by taca
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile 1.79-1.80
- www/wordpress/distinfo 1.64

---
Module Name: pkgsrc
Committed By: jperkin
Date: Wed Jul 4 13:40:45 UTC 2018

Modified Files:
pkgsrc/www/wordpress: Makefile

Log Message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.

---
Module Name: pkgsrc
Committed By: wen
Date: Sat Jul 7 02:55:25 UTC 2018

Modified Files:
pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Update to 4.9.7

Upstream changes:
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

Taxonomy: Improve cache handling for term queries.
Posts, Post Types: Clear post password cookie when logging out.
Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Revision 1.80 / (download) - annotate - [select for diffs], Sat Jul 7 02:55:25 2018 UTC (5 years, 9 months ago) by wen
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)

Update to 4.9.7

Upstream changes:
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

    Taxonomy: Improve cache handling for term queries.
    Posts, Post Types: Clear post password cookie when logging out.
    Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
    Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
    Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Revision 1.79 / (download) - annotate - [select for diffs], Wed Jul 4 13:40:42 2018 UTC (5 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.78: +2 -2 lines
Diff to previous 1.78 (colored)

*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.

Revision 1.78 / (download) - annotate - [select for diffs], Fri May 18 14:22:40 2018 UTC (5 years, 11 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)

Update to 4.9.6, which is a privacy and maintenance release:
https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/

Revision 1.76.2.1 / (download) - annotate - [select for diffs], Fri Apr 27 19:53:52 2018 UTC (5 years, 11 months ago) by bsiegert
Branch: pkgsrc-2018Q1
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored) next main 1.77 (colored)

Pullup ticket #5738 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.77
- www/wordpress/distinfo                                        1.62

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Apr 16 10:22:10 UTC 2018

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to version 4.9.5.

   This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.

   WordPress versions 4.9.4 and earlier are affected by three security issues.

   More changes at https://codex.wordpress.org/Version_4.9.5.

Revision 1.77 / (download) - annotate - [select for diffs], Mon Apr 16 10:22:10 2018 UTC (6 years ago) by morr
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)

Update to version 4.9.5.

This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.

WordPress versions 4.9.4 and earlier are affected by three security issues.

More changes at https://codex.wordpress.org/Version_4.9.5.

Revision 1.76 / (download) - annotate - [select for diffs], Mon Feb 12 08:33:19 2018 UTC (6 years, 2 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Changes since 1.75: +2 -2 lines
Diff to previous 1.75 (colored)

Update Wordpress to 4.9.4 which fixes an issue introduced in 4.9.3.
4.9.3 fixes 34 bugs:

https://codex.wordpress.org/Version_4.9.3
https://codex.wordpress.org/Version_4.9.4

Revision 1.74.2.1 / (download) - annotate - [select for diffs], Sun Jan 21 16:02:43 2018 UTC (6 years, 2 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored) next main 1.75 (colored)

Pullup ticket #5687 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.75
- www/wordpress/PLIST                                           1.37
- www/wordpress/distinfo                                        1.60

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Jan 20 11:58:01 UTC 2018

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 4.9.2

   CHanges:

   XSS fixed in the Flash fallback files in MediaElement 4.x.

   Bundled Theme
   #42820 - Twenty Seventeen -watch that language

   Customize
   #42492 - Selecting menu location changes line height
   #42871 - Features box textstrings in Feature Filter area need new linebreak

   Database
   #42812 - Use MySQLi when available by default

   Editor
   #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
   #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

   External Libraries
   #42439 - Update random_compat external library for PHP 7 linting failure

   Formatting
   #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

   Media
   #42225 - Whitelist Flac Files
   #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
   #42480 - Consistent suppression of `getimagesize()` errors
   #42720 - Remove unnecessary MediaElement.js files

   Plugins
   #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

   REST API
   #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

   Taxonomy
   #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
   #42605 - category_description() does not work properly since 4.9
   #42717 - get_category_link() accepting object but not id

   TinyMCE
   #42416 - Code assumes iframe mode, exception in inline mode

   Upgrade/Install
   #42963 - Improve deletion of $_old_files during upgrades

   Widgets
   #42603 - Widgets Warning after activating theme and on dashboard widgets page
   #42719 - Always attempt to restore widgets' previous assignment
   #42867 - HTML Widget: toggleClass() should be passed true/false as second param


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/wordpress/distinfo

Revision 1.75 / (download) - annotate - [select for diffs], Sat Jan 20 11:58:01 2018 UTC (6 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)

Update to version 4.9.2

CHanges:

XSS fixed in the Flash fallback files in MediaElement 4.x.

Bundled Theme
#42820 - Twenty Seventeen -watch that language

Customize
#42492 - Selecting menu location changes line height
#42871 - Features box textstrings in Feature Filter area need new linebreak

Database
#42812 - Use MySQLi when available by default

Editor
#42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
#43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries
#42439 - Update random_compat external library for PHP 7 linting failure

Formatting
#42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media
#42225 - Whitelist Flac Files
#42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
#42480 - Consistent suppression of `getimagesize()` errors
#42720 - Remove unnecessary MediaElement.js files

Plugins
#43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

REST API
#42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy
#42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
#42605 - category_description() does not work properly since 4.9
#42717 - get_category_link() accepting object but not id

TinyMCE
#42416 - Code assumes iframe mode, exception in inline mode

Upgrade/Install
#42963 - Improve deletion of $_old_files during upgrades

Widgets
#42603 - Widgets Warning after activating theme and on dashboard widgets page
#42719 - Always attempt to restore widgets' previous assignment
#42867 - HTML Widget: toggleClass() should be passed true/false as second param

Revision 1.72.4.2 / (download) - annotate - [select for diffs], Wed Dec 20 18:38:37 2017 UTC (6 years, 4 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.72.4.1: +2 -2 lines
Diff to previous 1.72.4.1 (colored) to branchpoint 1.72 (colored) next main 1.73 (colored)

Pullup ticket #5659 - requested by bsiegert
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.74
- www/wordpress/PLIST                                           1.36
- www/wordpress/distinfo                                        1.59

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Dec  3 17:06:37 UTC 2017

   Modified Files:
    	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version, 4.9.1

   This version fixes 4 security bugs from earlier versions.

   For details, head to https://codex.wordpress.org/Version_4.9.1
   For 4.9 changes, head to https://codex.wordpress.org/Version_4.9


   To generate a diff of this commit:
   cvs rdiff -u -r1.73 -r1.74 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/wordpress/distinfo

Revision 1.74 / (download) - annotate - [select for diffs], Sun Dec 3 17:06:37 2017 UTC (6 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)

Update to newest version, 4.9.1

This version fixes 4 security bugs from earlier versions.

For details, head to https://codex.wordpress.org/Version_4.9.1
For 4.9 changes, head to https://codex.wordpress.org/Version_4.9

Revision 1.72.4.1 / (download) - annotate - [select for diffs], Mon Nov 6 19:41:32 2017 UTC (6 years, 5 months ago) by bsiegert
Branch: pkgsrc-2017Q3
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)

Pullup ticket #5616 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.73
- www/wordpress/PLIST                                           1.35
- www/wordpress/distinfo                                        1.58

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Fri Nov  3 09:49:13 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Security update to version 4.8.3.

   WordPress versions 4.8.2 and earlier are affected by an issue where
   $wpdb->prepare() can create unexpected and unsafe queries leading to potential
   SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
   but weãàÑ×e added hardening to prevent plugins and themes from accidentally
   causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.73 / (download) - annotate - [select for diffs], Fri Nov 3 09:49:13 2017 UTC (6 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)

Security update to version 4.8.3.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but weãàÑ×e added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.72 / (download) - annotate - [select for diffs], Thu Sep 21 19:24:46 2017 UTC (6 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)

Security update to version 4.8.2

Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but weãàÑ×e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ñù°éÁþíð(Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

And 6 other fixes:

* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.

*I18N
- #41794 - Support numbers in locales during installation

* Security
- #13377 - Add more sanitization in _cleanup_header_comment

*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called

More on https://codex.wordpress.org/Version_4.8.2

Revision 1.71 / (download) - annotate - [select for diffs], Wed Sep 6 09:03:05 2017 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.70: +3 -3 lines
Diff to previous 1.70 (colored)

Follow some redirects.

Revision 1.70 / (download) - annotate - [select for diffs], Mon Aug 7 20:12:14 2017 UTC (6 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.69: +2 -2 lines
Diff to previous 1.69 (colored)

Update to version 4.8.1.

WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 release series, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget.

Administration
* #40982 - Permalink Settings: custom structure field keyboard trap

Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition

Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile

Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu because the "Delete Menu" link and the "Add Items" button are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business info" widget

Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params

General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection

Media
* #41231 - media-views.js: Cannot read .length of undefined (this.controller.$uploaderToggler.length)

REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled

Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one taxonomy is given in args

TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when selected

Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the ×¥isable the visual editor when writingãàsetting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve back-compat for widget_text filters

Revision 1.64.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 18:52:40 2017 UTC (6 years, 9 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.64: +2 -3 lines
Diff to previous 1.64 (colored) next main 1.65 (colored)

Pullup ticket #5487 - requested by sevan
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.68-1.69
- www/wordpress/PLIST                                           1.34
- www/wordpress/distinfo                                        1.54-1.55

---
   Module Name:    pkgsrc
   Committed By:   jklos
   Date:           Tue May 30 07:20:15 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update 4.7.5. Bugs fixed:

   Insufficient redirect validation in the HTTP class. Reported by Ronni
   Skansing.
   Improper handling of post meta data values in the XML-RPC API. Reported by
   Sam Thomas.
   Lack of capability checks for post meta data in the XML-RPC API. Reported
   by Ben Bidner of the WordPress Security Team.
   A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
   filesystem credentials dialog. Reported by Yorick Koster.
   A cross-site scripting (XSS) vulnerability was discovered when attempting
   to upload very large files. Reported by Ronni Skansing.
   A cross-site scripting (XSS) vulnerability was discovered related to the
   Customizer. Reported by Weston Ruter of the WordPress Security Team.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Jun 18 18:01:42 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version 4.8.

   For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.69 / (download) - annotate - [select for diffs], Sun Jun 18 18:01:42 2017 UTC (6 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.68: +2 -3 lines
Diff to previous 1.68 (colored)

Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.68 / (download) - annotate - [select for diffs], Tue May 30 07:20:15 2017 UTC (6 years, 10 months ago) by jklos
Branch: MAIN
Changes since 1.67: +3 -3 lines
Diff to previous 1.67 (colored)

Security update 4.7.5. Bugs fixed:

Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.

Revision 1.67 / (download) - annotate - [select for diffs], Sat Apr 15 15:46:29 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)

PKGREVISION was too high, 1 is enough.

Revision 1.66 / (download) - annotate - [select for diffs], Sat Apr 15 15:44:50 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.65: +3 -3 lines
Diff to previous 1.65 (colored)

Switch to use php-mysqli.

Bump PKGREVISION.

Revision 1.65 / (download) - annotate - [select for diffs], Sat Apr 15 15:05:29 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.64: +1 -2 lines
Diff to previous 1.64 (colored)

WordPress 4.7 suggests using PHP 7, so remove PHP's version restriction to
56 now.

Revision 1.64 / (download) - annotate - [select for diffs], Sun Mar 12 07:20:52 2017 UTC (7 years, 1 month ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.63: +2 -1 lines
Diff to previous 1.63 (colored)

pkgrevision bump for changed apache default.

bumping any package depending on a pkg with APACHE_PKG_PREFIX but without
APACHE_PKG_PREFIX in its PKGNAME.

Revision 1.63 / (download) - annotate - [select for diffs], Tue Mar 7 17:39:13 2017 UTC (7 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)

Security update to version 4.7.3.

Fixed security bugs:

* Cross-site scripting (XSS) via media file metadata. Reported by Chris AndrÃ¨
  Dale, Yorick Koster, and Simon P. Briggs.
* Control characters can trick redirect URL validation. Reported by Daniel
  Chatfield.
* Unintended files can be deleted by administrators using the plugin deletion
  functionality. Reported by xuliang.
* Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc
  Montpas.
* Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
* Cross-site request forgery (CSRF) in Press This leading to excessive use of
  server resources. Reported by Sipke Mellema.

More information here: https://codex.wordpress.org/Version_4.7.3

Revision 1.62 / (download) - annotate - [select for diffs], Sat Jan 28 10:14:15 2017 UTC (7 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)

Security update to version 4.7.2.

Changes:

Version 4.7.2

* Remote code execution (RCE) in PHPMailer No specific issue appears to
  affect WordPress or any of the major plugins we investigated but, out of an
  abundance of caution, we updated PHPMailer in this release. This issue was
  reported to PHPMailer by Dawid Golunski and Paul Buonopane.
* The REST API exposed user data for all users who had authored a post of a
  public post type. WordPress 4.7.1 limits this to only post types which have
  specified that they should be shown within the REST API. Reported by
  Krogsgard and Chris Jean.
* Cross-site scripting (XSS) via the plugin name or version header on
  update-core.php. Reported by Dominik Schilling of the WordPress Security
  Team.
* Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported
  by Abdullah Hussam.
* Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
* Post via email checks mail.example.com if default settings arenãàÑÕ changed.
  Reported by John Blackbourn of the WordPress Security Team.
* A cross-site request forgery (CSRF) was discovered in the accessibility mode
  of widget editing. Reported by Ronnie Skansing.
* Weak cryptographic security for multisite activation key. Reported by Jack.

Version 4.7.1

* The user interface for assigning taxonomy terms in Press This is shown to
  users who do not have permissions to use it. Reported by David Herrera of
  Alley Interactive.
* WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
  WordPress core is not directly vulnerable to this issue, but weãàÑ×e added
  hardening to prevent plugins and themes from accidentally causing a
  vulnerability. Reported by Mo Jangda (batmoo).
* A cross-site scripting (XSS) vulnerability was discovered in the posts list
  table. Reported by Ian Dunn of the WordPress Security Team.

Revision 1.61 / (download) - annotate - [select for diffs], Mon Jan 9 19:10:16 2017 UTC (7 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)

Update to newest version 4.7.

Major changes:

New Default Theme - Twenty Seventeen
- It is an ambitious theme designed for business websites that focuses on a
  creative home page and an easy site setup experience for users.

* multiple sections on the front page, selected in the Customizer.
* a striking asymmetrical grid.
* custom color schemes, built on top of a monochromatic foundation, and
  adjustable via a hue picker.
* different headline placement for pages, changeable in the Customizer, via
  them options.
* a great experience in many languages, thanks to language-specific font stacks.
* SVG icons (a first for a default theme).
* support for custom logo, custom header image and many post formats.
* the use of new functions in Core for making child theming easier.
	Note: Twenty Seventeen only works on 4.7 and above. It uses the new
	video header and starter content features, each launched in 4.7.

REST API Content Endpoints
* API endpoints for WordPress content. WordPress 4.7 comes with REST API
  endpoints for posts, comments, terms, users, meta, and settings. Content
  endpoints provide machine-readable external access to your WordPress site
  with a clear, standards-driven interface, paving the way for new and
  innovative methods of interacting with your site.

Revision 1.60 / (download) - annotate - [select for diffs], Thu Sep 29 18:02:09 2016 UTC (7 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.59: +2 -3 lines
Diff to previous 1.59 (colored)

Security update to version 4.6.1.

WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.

WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:

Bootstrap/Load

#37680 ãàPHP Warning: ini_get_all() has been disabled for security reasons

- Database
#37683 ãà$collate and $charset can be undefined in wpdb::init_charset()
#37689 ãàIssues with utf8mb4 collation and the 4.6 update

- Editor
#37690 ãàBackspace causes jumping

- Email
#37736 ãàEmails fail on certain server setups

- External Libraries
#37700 ãàWarning: curl_exec() has been disabled for security reasons (Requests library)
#37720 ãàThe minified version of the Masonry shim was not updated in #37666 (Masonry library)

- HTTP API
#37733 ãàcURL error 3: malformed for remote requests
#37768 ãàHTTP API no longer accepts integer and float values for the cookies argument

- Post Thumbnails
#37697 ãàStrange behavior with thumbnails on preview in 4.6

- Script Loader
#37800 ãàClose ãà×Íink relãàdns-prefetch tag

- Taxonomy
#37721 ãàImprove error handling of is_object_in_term in taxonomy.php

- Themes
#37755 ãàVisual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

- TinyMCE
#37760 ãàProblem with RTL

- Upgrade/Install
#37731 ãàInfinite loop in _wp_json_sanity_check() during plugin install

Revision 1.59 / (download) - annotate - [select for diffs], Mon Aug 22 18:12:25 2016 UTC (7 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)

Bump revision for previous commit

Revision 1.58 / (download) - annotate - [select for diffs], Mon Aug 22 18:11:04 2016 UTC (7 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.57: +22 -6 lines
Diff to previous 1.57 (colored)

pkgsrc changes to package:

- Add missing php modules
- Limit work with php-5.6
- Improve the wordpress.conf
- Install wp-config-sample.php to WPHOME but not EGDIR

Patch from wen heping.

Revision 1.57 / (download) - annotate - [select for diffs], Sun Aug 21 20:04:57 2016 UTC (7 years, 7 months ago) by jklos
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)

Update WordPress to 4.6 "Pepper":
https://wordpress.org/news/2016/08/pepper/

Revision 1.56 / (download) - annotate - [select for diffs], Wed Jun 22 00:56:29 2016 UTC (7 years, 9 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)

Update WordPress to 4.5.3. This is a maintenance and security release:
https://wordpress.org/news/2016/06/wordpress-4-5-3/

Revision 1.55 / (download) - annotate - [select for diffs], Wed May 4 20:18:32 2016 UTC (7 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)

Update to newest version of 4.5.1.

For 4.5.1
This maintenance release fixes a total of 12 bugs in Version 4.5 including:

Build/Test Tools
#36498 Shrinkwrap npm dependencies for 4.5

Bundled Theme
#36510 Twenty eleven page templates with widgets incorrectly styled

Customize
#36457 Customizer Device Preview: Use px units for tablet preview size

Database
#36629 Database connect functions can cause un-catchable warnings

Editor
#36458 Fix support for Safari + VoiceOver when editing inline links

Emoji
#36604 Emoji skin tone support test incorrectly passing in Chrome

Feeds
#36620 Feeds using an rss-http content type are now served as application/octet-stream

Media
#36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED'
#36578 wp_ajax_send_attachment_to_editor() bug
#36621 DonãàÑÕ cache the results of wp_mkdir_p() in a persistent cache

Rewrite Rules
#36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows

TinyMCE
#36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)

For 4.5.
What's New
Security
- SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam
- Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l)
- Script compression option CSRF, reported by Ronni Skansing

Posts
- Inline Link Editing
- Additional Editor Shortcuts

Comments
- Moderate Comment Screen Refresh
- Max Lengths for Comment Form Fields
- Comment Error Page Navigation

Appearance
- Responsive Preview of your site
- Theme Logo Support
- Selective Refresh
- Easy of use

Install Process
Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API

Detail can be found here:

http://codex.wordpress.org/Version_4.5
http://codex.wordpress.org/Version_4.5.1

Revision 1.54 / (download) - annotate - [select for diffs], Thu Feb 11 09:30:39 2016 UTC (8 years, 2 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)

Update Wordpress to 4.4.2.

Revision 1.53 / (download) - annotate - [select for diffs], Sun Jan 3 16:22:53 2016 UTC (8 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.52: +2 -4 lines
Diff to previous 1.52 (colored)

Update to newest version 4.4.

What's New
  General
  * Developer reference - Improvements to inline code documentation.
  * i18n support - Improvements to translation strings all over the core.
  * Admin page headings were adjusted from H3 to H2 tags to reinforce page hierarchy
  * Improvements to how list tables are displayed on all size screens
  Posts
  * The post/page permalink UI was simplified, linking the permalink and removing the "View" button
  Comments
  * The "View Comment" link was relocated from the Status meta box in the comment-editing screen
  * Many comment functions can now accept a full object instead of 'comment_ID' to reduce cache/db lookups
  * Orphaned comments now fall back to the 'edit_posts' capability
  Appearance
  * Site icons will now fall back to the 'full' size URL when the 'thumbnail' size doesn't exist
  Multisite
  * The language chooser was added to the new site form on wp-signup.php
  * Sites may no longer be created with the following reserved slugs: wp-admin, wp-content, wp-includes, or wp-json

Revision 1.52 / (download) - annotate - [select for diffs], Sun Dec 6 12:13:13 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.51: +3 -1 lines
Diff to previous 1.51 (colored)

Explicitly restrict PHP_VERSIONS_ACCEPTED to 55 and 56 for packages which
use php-mysql package.

Revision 1.51 / (download) - annotate - [select for diffs], Thu Sep 17 19:10:48 2015 UTC (8 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)

Security update to version 4.3.1.

This version fixes two cross-site scripting vulnerabilities (CVE-2015-5714,
CVE-2015-5715) and a potential privilege escalation.

Revision 1.50 / (download) - annotate - [select for diffs], Fri Aug 21 03:27:56 2015 UTC (8 years, 8 months ago) by jklos
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)

Update WordPress to 4.3.

Revision 1.49 / (download) - annotate - [select for diffs], Sun Aug 16 08:26:24 2015 UTC (8 years, 8 months ago) by jklos
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

Update to 4.2.4 to address security issues:
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

Revision 1.48 / (download) - annotate - [select for diffs], Sun Aug 2 21:51:24 2015 UTC (8 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

Security update to version 4.2.3.

Changes:

WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow
users with the Contributor or Author role to compromise a site.

The release also fixes an issue where it was possible for a user with
Subscriber permissions to create a draft through Quick Draft.

In addition to the security fixes, WordPress 4.2.3 contains fixes for
21 bugs from 4.2.2, including:
 * FIX - Upgrades: If a table has already been converted to utf8mb4,
   there's no need to try and convert it again.
 * FIX - Remove a redundant index drop.
 * FIX - Don't upgrade global tables to utf8mb4 when
   DO_NOT_UPGRADE_GLOBAL_TABLES is defined.
 * FIX - Enable utf8mb4 for MySQL extension users.
 * FIX - Plugin update rely upon wp_update_plugins() to check the
   contents of the transient and return early if no request needs to
  be made.
 * FIX - WPDB: When extracting the table name from a query, there is a
   1000 character limit on the SQL string that would be searched.
 * FIX - WPDB: When checking that text isn't too long to insert into a
   column, LONGTEXT columns could fail, as their length is longer than
   PHP_INT_MAX.
 * FIX - Plugin update handles the case where the plugin is installed
   into a different directory than it previously existed in.
 * FIX - Plugin update feature doesn't recognize errors
 * FIX - Plugin update error messages lack detail
 * FIX - Multiple plugin updates: Even if one of plugins update fails,
   allow further updates to continue.
 * FIX - In comment_form(), ensure that filtered arguments contain all
   required default values.
 * FIX - WPDB: Remove some of the complexities in
   ::strip_invalid_text() associated with switching character sets
   between queries.
 * FIX - WPDB: ::strip_text_from_query() doesn't pass a length to
   ::strip_invalid_text(), which was causing queries to fail when they
   contained characters that needed to be sanity checked by MySQL.
  * FIX - Emoji script is producing errors on pages with SVG content
 * FIX - Unable to drag widgets down page past certain length.
 * FIX - TinyMCE: wpView: fix typo in createInstance that prevented
   instances from being reused.
 * FIX - SCRIPT_DEBUG check in print_emoji_detection_script()
   generated PHP Notices.
 * FIX - If the shortcode content contains HTML code, the TinyMCE View
   no longer works.
 * FIX - Better handling when the credential form is long (such as
   when SSH is active).
 * FIX - sanitize_option didn't handle a WP_Error Object.

Revision 1.47 / (download) - annotate - [select for diffs], Mon May 11 05:16:31 2015 UTC (8 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)

Security and maintenance update to version 4.2.2.

WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML
file shipped with recent Genericons packages included in the Twenty Fifteen
theme as well as a number of popular plugins by removing the file.

Version 4.2.2 also improves on a fix for a critical cross-site scripting
vulnerability introduced in 4.2.1.

The release also includes hardening for a potential cross-site scripting
vulnerability when using the Visual editor.

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs
from 4.2.1, including:

o Fixes an emoji loading error in IE9 and IE10
o Fixes a keyboard shortcut for saving from the Visual editor on Mac
o Fixes oEmbed for YouTube URLs to always expect https
o Fixes how WordPress checks for encoding when sending strings to MySQL
o Fixes a bug with allowing queries to reference tables in the dbname.tablename
  format
o Lowers memory usage for a regex checking for UTF-8 encoding
o Fixes an issue with trying to change the wrong index in the wp_signups table
  on utf8mb4 conversion
o Improves performance of loop detection in _get_term_children()
o Fixes a bug where attachment URLs were incorrectly being forced to use https
  in some contexts
o Fixes a bug where creating a temporary file could end up in an endless loop.

Revision 1.46 / (download) - annotate - [select for diffs], Mon May 4 19:48:00 2015 UTC (8 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)

Security update to newest version 4.2.1.

Changes:

Wordpress 4.2:

o Press This has been completely revamped. Clip it, edit it, publish it. Get
  familiar with the new and improved Press This. From the Tools menu, add Press
  This to your browser bookmark bar or your mobile device home screen. Once
  installed you can share your content with lightning speed. Sharing your
  favorite videos, images, and content has never been this fast or this easy.
o Now you can browse and switch installed themes in the Customizer. Browse and
  preview your installed themes from the Customizer. Make sure the theme looks
  great with your content, before it debuts on your site.
o More intuitive plugin update and install from the Plugins Screen. Goodbye
  boring loading screen, hello smooth and simple plugin updates. Click Update Now
  and watch the magic happen.
o Writing in WordPress, whatever your language, just got better.  WordPress 4.2
  supports a host of new characters out-of-the-box, including native Chinese,
  Japanese, and Korean characters, musical and mathematical symbols, and
  hieroglyphs. DonãàÑÕ use any of those characters? You can still have fun ãàemoji
  are now available in WordPress! Get creative and decorate your content with !Ãù,
  !Àº, !¿ò, !¹õ, and all the many other emoji.

Wordpress 4.2.1:

o fix for a critical cross-site scripting (XSS) vulnerability, which could
  enable commenters to compromise a site.

Revision 1.45 / (download) - annotate - [select for diffs], Wed Apr 22 06:38:15 2015 UTC (9 years ago) by morr
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)

Security update to version 4.1.2.

Changes:

4.1.1:

Maintenance release, fixed 21 bugs.

4.1.2:

- A serious critical cross-site scripting vulnerability, which could enable
  anonymous users to compromise a site.
- Files with invalid or unsafe names could be uploaded.
- Some plugins are vulnerable to an SQL injection attack.
- A very limited cross-site scripting vulnerability could be used as part of a
  social engineering attack.
- Four hardening changes, including better validation of post titles within the
  Dashboard.

Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 2 12:40:59 2015 UTC (9 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)

Update to version 4.1.

Major changes:

General
- Show the number of approved comments, instead of total comments, in the ãà×¢t A Glanceãàsection in the dashboard.
- Site Language: Install translations on the fly on the General Settings screen. The language drop down now includes installed languages and all available translations when the filesystem is writable by WordPress.
- Admin notices: There are now four types of notices: success (green), warning (orange), error (red), and info (blue).

Posts
- Spellchecking is enabled for the post title field on the Edit Post screen.

Media
- Disable multi-file uploading in iOS 7.x Safari as it prevents uploading of videos.
- Allow PSDs (Photoshop documents) to be uploaded.
- oEmbed: Add support for the Vine endpoint.
- Display error message when Media Library upload fails.

Appearance
- Custom Header and Custom Background screens removed. Admin menu links now go to the Customizer.
- Widgets screen now has a Manage in Customizer link at top of screen.
- Themes: Make "Live Preview" the primary action and ãà×¢ctivateãàsecondary.

Users
- Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions.
Accessibility
- Admin menu separators are now hidden from screen readers.
- Improved keyboard control of Edit Selection mode in the media manager.
- Improved keyboard accessibility on Custom Header and Custom Background screen.
- Improved text contrast against dark backgrounds in the admin menu and toolbar.
- When switching to the Text editor, make the textarea visible to screen readers.
- Use <button> instead of <a> for the Visual/Text buttons to make them focusable.
- Improve the focus style for review links in the plugin info modal.
- TinyMCE:
-- Return focus to the editor on pressing Escape while the image toolbar is focused.
-- Add a Close button to the Help modal and close it on Escape.
-- Override the title on the editor iframe (read by screen reader apps), replace with the Alt+Shift+H shortcut.
-- Add focus shortcuts descriptions to the Help modal.

Multisite
- Set the default network language on the Network Settings screen.

Revision 1.42.2.1 / (download) - annotate - [select for diffs], Tue Nov 25 15:04:11 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored) next main 1.43 (colored)

Pullup ticket #4559 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.43
- www/wordpress/distinfo                                        1.35

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Nov 24 19:08:53 UTC 2014

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 4.0.1.

   Changes:
   - Three cross-site scripting issues that a contributor or author could use to
     compromise a site.
   - A cross-site request forgery that could be used to trick a user into changing
     their password.
   - An issue that could lead to a denial of service when passwords are checked.
   - Additional protections for server-side request forgery attacks when WordPress
     makes HTTP requests.
   - An extremely unlikely hash collision could allow a userÑÔ account to be
     compromised, that also required that they havenãàÑÕ logged in since 2008 (I
     wish I were kidding).
   - WordPress now invalidates the links in a password reset email if the user
     remembers their password, logs in, and changes their email address.

   More details on http://codex.wordpress.org/Version_4.0.1.

Revision 1.43 / (download) - annotate - [select for diffs], Mon Nov 24 19:08:53 2014 UTC (9 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)

Security update to 4.0.1.

Changes:
- Three cross-site scripting issues that a contributor or author could use to
  compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
  their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
  makes HTTP requests.
- An extremely unlikely hash collision could allow a userãàÑÔ account to be
  compromised, that also required that they havenãàÑÕ logged in since 2008 (I
  wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
  remembers their password, logs in, and changes their email address.

More details on http://codex.wordpress.org/Version_4.0.1.

Revision 1.42 / (download) - annotate - [select for diffs], Fri Sep 12 22:18:08 2014 UTC (9 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)

Update to version 4.0.

Major changes:

General

- Featured image previews now support .bmp files
- Featured Image meta box is now hidden for contributors lacking upload
  capabilities
- New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube
  playlists, TED talks
- Install WordPress in your language
- Streamlined Language management right from the dashboard

Posts

- Display embed previews for audio/visual URLs in Visual editor content
  box.
- Page scrolling now scrolls post content box.
- Edit Post/Page menu bar sticks to top of content box when scrolling
  (Visual and Text editor).
- Color picker was re-added to the Visual editor

Media

- Add Media Grid view option (default) for Media Library
- Add "Bulk Select" button to Media Grid view to delete multiple items
- Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu
- Expand oEmbed support to include YouTube playlist URLs and PolldaddyãàÑÔ
  short URL format
- Remove Viddler oEmbed support
- Update SlideShare oEmbed regex
- Improved media experience on small screen sizes (embedded videos now
  responsive)
- Native video and audio shortcodes now support Flash playback looping

Comments

- Comments in trash can now be marked as spam.

Plugins

- Display plugins list as grid, with thumbnails, on Add New screen.
- Add popup window with plugin details (displays info from plugin's
  directory page).
- Add "Beta Testing" tab to Plugins screen for new features-as-plugins.

Accessibility

- Improved keyboard accessibility in the Add Media panel
- Improved screen-reader support for Customizer sections
- Makes links in help tabs keyboard accessible
- Improvements for screen-readers when managing widgets in the
  Customizer

Install Process

- Add language select menu as first Installation screen (skipped for
  localized installs)

Multisite

- mp4 file extension was added to allowed upload file types

Revision 1.41 / (download) - annotate - [select for diffs], Sun Aug 17 08:48:33 2014 UTC (9 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

Security update to version 3.9.2

Changes:

* Fixes a possible denial of service issue in PHPãàÑÔ XML processing, reported by
  Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael
  Adams and Andrew Nacin of the WordPress security team and David Rothstein of
  the Drupal security team.
* Fixes a possible but unlikely code execution when processing widgets
  (WordPress is not affected by default), discovered by Alex Concha of the
  WordPress security team.
* Prevents information disclosure via XML entity attacks in the external GetID3
  library, reported by Ivan Novikov of ONSec.
* Adds protections against brute attacks against CSRF tokens, reported by David
  Tomaschik of the Google Security Team.
* Contains some additional security hardening, like preventing cross-site
  scripting that could be triggered only by administrators.

Revision 1.40 / (download) - annotate - [select for diffs], Fri May 16 19:55:07 2014 UTC (9 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

Update to wordpress 3.9.1.

Changes:
- A smoother media editing experience
- Improved visual editing - speed, accessibility, and mobile support
- Edit images easily - quicker access to crop and rotation tools, scale images
  directly in the editor
- Drag and drop your images right onto the editor
- Image gallery previews right in the editor
- Showcase music and clips with simple audio and video playlists
- Live widget and header image previews in the Customizer
- Stunning new theme browser

Version 3.9.1 fixes 34 bugs from 3.9.

More details on http://codex.wordpress.org/Version_3.9 and
http://codex.wordpress.org/Version_3.9.1

Revision 1.38.2.1 / (download) - annotate - [select for diffs], Mon Apr 14 12:29:38 2014 UTC (10 years ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored) next main 1.39 (colored)

Pullup ticket #4370 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.39
- www/wordpress/distinfo                                        1.31

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Apr 13 14:10:59 UTC 2014

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to newest version of Wordpress, containing security fixes.

   It contains 9 bugfixes and 5 security fixes:

   * Potential authentication cookie forgery. CVE-2014-0166.
   * Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
   * (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
   * (Hardening) Fix a low-impact SQL injection by trusted users.
   * (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Revision 1.39 / (download) - annotate - [select for diffs], Sun Apr 13 14:10:59 2014 UTC (10 years ago) by morr
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

Update to newest version of Wordpress, containing security fixes.

It contains 9 bugfixes and 5 security fixes:

* Potential authentication cookie forgery. CVE-2014-0166.
* Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
* (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
* (Hardening) Fix a low-impact SQL injection by trusted users.
* (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Revision 1.38 / (download) - annotate - [select for diffs], Wed Feb 12 19:43:56 2014 UTC (10 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

Update to version 3.8.1

Changes:

Addressed 31 bugs in 3.8, including various fixes and improvements for the new
dashboard design and new themes admin screen.

More info at http://codex.wordpress.org/Version_3.8.1

Revision 1.37 / (download) - annotate - [select for diffs], Thu Jan 23 16:27:49 2014 UTC (10 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)

Update to version 3.8.

Changes:

Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management

New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
  content's layout with a full-width page template and a contributor page to show
  off your authors.

For Developers
* External Libraries have been updated.
* Better RTL support

More info on http://codex.wordpress.org/Version_3.8

Revision 1.36 / (download) - annotate - [select for diffs], Fri Nov 8 21:33:02 2013 UTC (10 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)

Update to 3.7.1 Maintenance Release.

Changes:

Version 3.7:

* Background Updates
-  Automatic updates for maintenance and security updates.
-  Daily updates for developers using nightly builds.
* Stronger Password Meter
-  New password meter to encourage users to choose stronger passwords.
* Improved Search
-  More relevant search results.
* Better Global Support
-  Localized versions will receive faster and more complete translations.
-  Background updates will include translations

More info on http://codex.wordpress.org/Version_3.7

Version 3.7.1:

- Images with captions no longer appear broken in the visual editor.
- Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org.
- Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early.
- Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values.
- Fix a warning that may occur in certain setups while performing a search, and a few other notices.

More info on http://codex.wordpress.org/Version_3.7.1

Revision 1.33.2.1 / (download) - annotate - [select for diffs], Fri Sep 13 13:07:27 2013 UTC (10 years, 7 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored) next main 1.34 (colored)

Pullup ticket #4234 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.34-1.35
- www/wordpress/PLIST                                           1.16-1.17
- www/wordpress/distinfo                                        1.26-1.27

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Aug  8 07:50:58 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version of Wordpress 3.6.

   ChangeLog:

   New Default Theme - Twenty Thirteen
   * Focus on blogging
   * Single column layout with Sidebar / Widgets in the footer
   * Latest Theme Features support, particularly Post Formats and Semantic Markup
   * Font-based icons (Genericons)

   Admin Enhancements
   * UI improvements on Navigation Menus Screen
   * Revisions revised to be more dynamic and scalable
   * Autosave and Post Locking
   * Preview Audio and Video on Media Edit Screen
   * In-line login following expired sessions

   For Developers
   * External Libraries have been updated.
   * New audio/video APIs give developers access to powerful media metadata, like
   ID3 tags.
   * Filters for revisions, allowing you to set the number of revisions ad hoc
   instead of only via a define.
   * Semantic Markup allows themes to choose improved HTML5 markup for search
   forms, comment forms, and comment lists.
   * Search content for shortcodes with has_shortcode() and adjust shortcode
   attributes with a new filter.

   More info on http://codex.wordpress.org/Version_3.6

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Sep 12 17:19:59 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   This maintenance release addresses 13 bugs with version 3.6.

   Additionally: Version 3.6.1 fixes three security issues:

   * Remote Code Execution: Block unsafe PHP de-serialization that could occur in
   limited situations and setups, which can lead to remote code execution.
   Reported by Tom Van Goethem. CVE-2013-4338.
   * Link Injection / Open Redirect: Fix insufficient input validation that could
   result in redirecting or leading a user to another website.
   Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
   for Disease Control and Prevention. CVE-2013-4339.
   * Privilege Escalation: Prevent a user with an Author role, using a specially
   crafted request, from being able to create a post "written by" another user.
   Reported by Anakorn Kyavatanakij. CVE-2013-4340.

   Additional security hardening:

   * Updated security restrictions around file uploads to mitigate the potential
   for cross-site scripting. The extensions .swf and .exe are no longer allowed
   by default, and .htm and .html are only allowed if the user has the ability
   to use unfiltered HTML.

   More on http://codex.wordpress.org/Version_3.6.1

Revision 1.35 / (download) - annotate - [select for diffs], Thu Sep 12 17:19:59 2013 UTC (10 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

This maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.

Additional security hardening:

* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.

More on http://codex.wordpress.org/Version_3.6.1

Revision 1.34 / (download) - annotate - [select for diffs], Thu Aug 8 07:50:58 2013 UTC (10 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

Update to newest version of Wordpress 3.6.

ChangeLog:

New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)

Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions

For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter.

More info on http://codex.wordpress.org/Version_3.6

Revision 1.31.2.1 / (download) - annotate - [select for diffs], Sat Jun 29 23:38:30 2013 UTC (10 years, 9 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.31: +2 -3 lines
Diff to previous 1.31 (colored) next main 1.32 (colored)

Pullup ticket #4166 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.32-1.33
- www/wordpress/PLIST                                           1.15
- www/wordpress/distinfo                                        1.25

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jun 24 16:13:21 UTC 2013

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to version 3.5.2.

   Fixed issues:

   * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
   * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
   * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
   * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
   * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
   * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
   * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

   * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
   * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
   * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Jun 24 16:16:42 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile

   Log Message:
   Remove pkgrevision bit

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Jun 27 08:04:57 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: PLIST

   Log Message:
   Fix PLIST file, unbreak build

Revision 1.33 / (download) - annotate - [select for diffs], Mon Jun 24 16:16:42 2013 UTC (10 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.32: +1 -2 lines
Diff to previous 1.32 (colored)

Remove pkgrevision bit

Revision 1.32 / (download) - annotate - [select for diffs], Mon Jun 24 16:13:21 2013 UTC (10 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Revision 1.31 / (download) - annotate - [select for diffs], Sat Mar 16 07:21:26 2013 UTC (11 years, 1 month ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)

Bump PKGREVISION from default PHP version change to 5.4.

Revision 1.29.2.1 / (download) - annotate - [select for diffs], Sun Jan 27 14:06:48 2013 UTC (11 years, 2 months ago) by spz
Branch: pkgsrc-2012Q4
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored) next main 1.30 (colored)

Pullup ticket #4042 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.30
- www/wordpress/PLIST                                           1.14
- www/wordpress/distinfo                                        1.24

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Jan 27 07:51:37 UTC 2013
   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo
   Log Message:
   This maintenance release addresses 37 bugs with version 3.5, including:
   * Editor: Prevent certain HTML elements from being unexpectedly removed or
   modified in rare cases.
   * Media: Fix a collection of minor workflow and compatibility issues in the new
   media manager.
   * Networks: Suggest proper rewrite rules when creating a new network.
   * Prevent scheduled posts from being stripped of certain HTML, such as video
   embeds, when they are published.
   * Work around some misconfigurations that may have caused some JavaScript in
   the WordPress admin area to fail.
   * Suppress some warnings that could occur when a plugin misused the database or
   user APIs.
   Additionally: Version 3.5.1 fixes a few security issues:
   * Server-side request forgery (SSRF) and remote port scanning via pingbacks.
   Fixed by the WordPress security team.
   * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
   Cave of the WordPress security team.
   * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
   was released to address this issue.
   To generate a diff of this commit:
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo

Revision 1.30 / (download) - annotate - [select for diffs], Sun Jan 27 07:51:37 2013 UTC (11 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)

This maintenance release addresses 37 bugs with version 3.5, including:

* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.

Additionally: Version 3.5.1 fixes a few security issues:

* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.

Revision 1.29 / (download) - annotate - [select for diffs], Sun Dec 16 22:20:27 2012 UTC (11 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Update to version 3.5.

Highlights

* New Media Manager
     + Beautiful interface: A streamlined, all-new experience
     + Create galleries faster with drag-and-drop reordering,
       inline caption editing, and simplified controls
     + Insert multiple images at once with Shift/Ctrl+click

* New Default Theme - Twenty Twelve
     + Simple, flexible, elegant
     + Mobile-first, responsive design
     + Gorgeous Open Sans typeface
     + Uses the latest Theme Features

* Admin Enhancements
     + New Welcome Screen
     + Retina-Ready (HiDPI) Admin
     + Hide Link Manager for new installs
     + Better accessibility for screenreaders, touch devices, and
       keyboard users
     + More polish on admin screens, including a new color picker

* For Developers
     + WP_Comment_Query and WP_User_Query accept now meta queries
       just like WP_Query
     + Meta queries now support querying for objects without a
       particular meta key
     + Post objects are now instances of a WP_Post class, which
       improves performance and caching
     + Multisite's switch_to_blog() is now significantly faster and
       more reliable
     + WordPress has added the Underscore and Backbone JavaScript
       libraries
     + TinyMCE, jQuery, jQuery UI, and SimplePie have all been
       updated to the latest versions
     + Image Editing API for cropping, scaling, etc., that uses
       ImageMagick as well as GD
     + XML-RPC: Now always enabled and supports fetching users,
       managing post revisions, searching
     + New "show_admin_column" parameter for register_taxonomy()
       allows automatic creation of taxonomy columns on associated post-types.

Revision 1.28 / (download) - annotate - [select for diffs], Sun Oct 28 06:31:09 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.27: +1 -3 lines
Diff to previous 1.27 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.26.2.1 / (download) - annotate - [select for diffs], Sun Sep 9 16:32:55 2012 UTC (11 years, 7 months ago) by tron
Branch: pkgsrc-2012Q2
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored) next main 1.27 (colored)

Pullup ticket #3918 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.27
- www/wordpress/distinfo                                        1.22

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Sep  9 06:56:10 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to Wordpress 3.4.2.

   Changes:

   * Fixes some issues in the admin area where some older browsers (IE7, in
   particular) may slow down, lag, or freeze.
   * Fixes an issue where a theme may not preview correctly, or its screenshot may
   not be displayed.
   * Fixes the use of multiple trackback URLs in a post.
   * Prevents improperly sized images from being uploaded as headers from the
   customizer.
   * Ensures proper error messages can be shown to PHP4 installs. (WordPress
   requires PHP 5.2.4 or later.)
   * Fixes handling of oEmbed providers that only return XML responses.
   * Addresses pagination problems with some category permalink structures.
   * Adds more fields to be returned from the XML-RPC wp.getPost method.
   * Avoids errors when updating automatically from very old versions of WordPress
   (pre-3.0).
   * Fixes problems with the visual editor when working with captions.

   Additionally: Version 3.4.2 fixes a few security issues and contains some
   security hardening. These issues were discovered and addressed by the WordPress
   security team:

   * Fix unfiltered HTML capabilities in multisite.
   * Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
   * Allow operations on network plugins only through the network admin.
   * Hardening: Simplify error messages when uploads fail.
   * Hardening: Validate a parameter passed to wp_get_object_terms().

Revision 1.27 / (download) - annotate - [select for diffs], Sun Sep 9 06:56:10 2012 UTC (11 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

Update to Wordpress 3.4.2.

Changes:

* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.

Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:

* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().

Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 29 10:40:13 2012 UTC (11 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Security update to version of Wordpress 3.4.1.

ChangeLog:

Wordpress 3.4.1:

* Fixes an issue where a themeãàÑÔ page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a network-wide activation.
* Better compatibility with servers running certain versions of PHP (5.2.4, 5.4)
or with uncommon setups (safe mode, open_basedir), which had caused warnings or
in some cases prevented emails from being sent.

Additionally: Version 3.4.1 fixes a few security issues and contains some security
hardening. These issues were discovered and fixed by the WordPress security team:

* Privilege Escalation/XSS. Critical. Administrators and editors in multisite
were accidentally allowed to use unfiltered_html for 3.4.0.
* CSRF. Additional CSRF protection in the customizer.
* Information Disclosure: Disclosure of post contents to authors and contributors
(such as private or draft posts).
* Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
* Hardening: Require a child theme to be activated with its intended parent only.

Wordpress 3.4:

* Enhanced theme control
* Customize theme options before activating a new theme using Theme Customizer
* Use Theme Previewer to customize current theme without changing the front-end design

* Custom Headers
* Improved Custom Headers with flexible sizes
* Selecting Custom Header Images and Custom Background Images from Media Library Screen

* Media improvements
* Support HTML in image captions

* Under the Hood improvements
* Improvements in WordPress internationalization and localization (more info)
* Different split in translation POT files for faster translations
* Codex XML-RPC information update accessed via XML-RPC_WordPress_API
* WP_Query improvements

Revision 1.24.4.1 / (download) - annotate - [select for diffs], Wed Apr 25 19:13:12 2012 UTC (11 years, 11 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #3756 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.25
- www/wordpress/distinfo                                        1.20

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Wed Apr 25 13:00:37 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to Wordpress 3.3.2.

   Three external libraries included in WordPress received security updates:

   * Plupload (version 1.5.4), which WordPress uses for uploading media.
   * SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
   * SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

   WordPress 3.3.2 also addresses:

   * Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
   * Cross-site scripting vulnerability when making URLs clickable.
   * Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Revision 1.25 / (download) - annotate - [select for diffs], Wed Apr 25 13:00:37 2012 UTC (11 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

Security update to Wordpress 3.3.2.

Three external libraries included in WordPress received security updates:

* Plupload (version 1.5.4), which WordPress uses for uploading media.
* SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
* SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

* Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
* Cross-site scripting vulnerability when making URLs clickable.
* Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 4 21:10:33 2012 UTC (12 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2011Q4-base, pkgsrc-2011Q4
Branch point for: pkgsrc-2012Q1
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

Security update to 3.3.1.

This maintenance release fixes 15 issues with WordPress 3.3, as well as
a fix for a cross-site scripting vulnerability that affected version 3.3.

Revision 1.23 / (download) - annotate - [select for diffs], Wed Dec 14 19:47:45 2011 UTC (12 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.22: +2 -3 lines
Diff to previous 1.22 (colored)

Update to version 3.3.

Highlights:

* Easier Uploading
    - File Type Detection - A single upload button
    - Drag-and-Drop Media Uploader
* Dashboard Design
    - New Toolbar in the dashboard, combining the Admin Bar and admin
      header
    - Responsive design for some screens, including iPad/tablet
      support
    - Flyout menus, providing single-click access to any screen
* New User Experience
    - New feature pointers, helping users navigate new features
    - Post-update About screen
    - Dashboard welcome area for new installs
* Content Tools
    - Better co-editing that releases post locks immediately
    - Don't lose widgets when switching themes
    - Tumblr Importer
* Under the Hood improvements
    - Use the postname permalink structure without a performance
      penalty
    - Improved Editor API
    - is_main_query() function and WP_Query method
    - Remove a number of funky characters from post slugs
    - jQuery 1.7.1 and jQuery UI 1.8.16
    - A new Screen API for adding help documentation and adapting to
      screen contexts
    - Improved metadata API
* Performance improvements and hundreds of bug fixes

More changes at http://codex.wordpress.org/Version_3.3

Revision 1.22 / (download) - annotate - [select for diffs], Fri Sep 16 05:46:27 2011 UTC (12 years, 7 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)

Bump PKGREVISION from PHP_VERSION_DEFAULT changes.

Revision 1.21 / (download) - annotate - [select for diffs], Fri Aug 19 18:18:26 2011 UTC (12 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Update to newest release.

From the Announcement blog: "This maintenance release fixes a server
incompatibility related to JSON thatãàÑÔ unfortunately affected some of you,
as well as a few other fixes in the new dashboard design and the Twenty
Eleven theme."

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Tue Jul 12 10:58:47 2011 UTC (12 years, 9 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pullup ticket #3471 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.20
- www/wordpress/PLIST                                           1.9
- www/wordpress/distinfo                                        1.16

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jul 11 22:53:50 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version - 3.2.

   Highlights:

   * Refreshed Administrative UI - Admin redesign
   * New Default Theme "Twenty Eleven" - Uses the latest Theme Features
   * Full Screen Editor - Distraction free writing experience
   * Extended Admin Bar - More useful links to control the site

   * Enhanced Browser Compatibility -
     - Drop Internet Explorer 6 support
     - Start End-of-life (EOL) cycle for Internet Explorer 7
     - Browse Happy notify users of out-of-date browser

   * WordPress is Faster and Lighter -
     - Faster page loads -- We've gone through the most commonly loaded
     pages in WP and done improvements to their load time
     - Faster Upgrades -- The update system now support incremental
     upgrades so after 3.2 you'll find upgrading faster than ever
     - Optimizations to WP_Filesystem -- Updates over FTP are now much
     quicker and less error prone
     - Stream downloads to the filesystem -- Improves update times and
     lowers the memory footprint
     - Performance improvements for wptexturize()
     - Remove PHP4 compatibility including timezone support
     - More efficient term intersection queries
     - Some optimizations in the HTML sanitizer (kses)
     - Speed optimizations for is_serialized_string()
     - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary
     Ajax requests as well as the memory footprint
     - And many other improvements and tweaks

   Contains also security fixes from wordpress 3.1.4.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Jul 11 22:53:49 2011 UTC (12 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Update to newest version - 3.2.

Highlights:

* Refreshed Administrative UI - Admin redesign
* New Default Theme "Twenty Eleven" - Uses the latest Theme Features
* Full Screen Editor - Distraction free writing experience
* Extended Admin Bar - More useful links to control the site

* Enhanced Browser Compatibility -
  - Drop Internet Explorer 6 support
  - Start End-of-life (EOL) cycle for Internet Explorer 7
  - Browse Happy notify users of out-of-date browser

* WordPress is Faster and Lighter -
  - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time
  - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever
  - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone
  - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint
  - Performance improvements for wptexturize()
  - Remove PHP4 compatibility including timezone support
  - More efficient term intersection queries
  - Some optimizations in the HTML sanitizer (kses)
  - Speed optimizations for is_serialized_string()
  - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint
  - And many other improvements and tweaks

Contains also security fixes from wordpress 3.1.4.

Revision 1.16.2.3 / (download) - annotate - [select for diffs], Fri May 27 11:07:01 2011 UTC (12 years, 10 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.16.2.2: +2 -2 lines
Diff to previous 1.16.2.2 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)

Pullup ticket #3441 - requested by morr
www/wordpress security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.19
- www/wordpress/distinfo                                        1.15

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Thu May 26 22:59:38 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.1.3.

   * Various security hardening by Alexander Concha.
   * Taxonomy query hardening by John Lamansky.
   * Prevent sniffing out user names of non-authors by using canonical
     redirects. Props Veróîica Valeros.
   * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
     Microsoft, and Microsoft Vulnerability Research.
   * Improves file upload security on hosts with dangerous security
     settings.
   * Cleans up old WordPress import files if the import does not finish.
   * Introduce "clickjacking" protection in modern browsers on admin and
     login pages.

Revision 1.19 / (download) - annotate - [select for diffs], Thu May 26 22:59:38 2011 UTC (12 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Security update to 3.1.3.

* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props VerÃ³nica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce "clickjacking" protection in modern browsers on admin and login pages.

Revision 1.16.2.2 / (download) - annotate - [select for diffs], Mon May 9 04:59:08 2011 UTC (12 years, 11 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.16.2.1: +2 -2 lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored)

Pullup ticket #3425 - requested by morr
www/wordpress security update.

Revisions pulled up:
- www/wordpress/Makefile                                        1.18
- www/wordpress/distinfo                                        1.14

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun May  8 20:43:36 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.1.2.

   * Fix a vulnerability that allowed Contributor-level users to improperly
     publish posts.
   * Fix user queries ordered by post count.
   * Fix multiple tag queries.
   * Prevent over-escaping of post titles when using Quick Edit for pages.

Revision 1.18 / (download) - annotate - [select for diffs], Sun May 8 20:43:36 2011 UTC (12 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

Security update to 3.1.2.

* Fix a vulnerability that allowed Contributor-level users to improperly
  publish posts.
* Fix user queries ordered by post count.
* Fix multiple tag queries.
* Prevent over-escaping of post titles when using Quick Edit for pages.

Revision 1.16.2.1 / (download) - annotate - [select for diffs], Mon Apr 11 14:20:16 2011 UTC (13 years ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Pullup ticket #3408 - requested by morr
www/wordpress security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.17
- www/wordpress/distinfo                                        1.13

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Apr  9 00:57:43 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to wordpress 3.1.1.

   This maintenance and security release fixes almost thirty issues in 3.1,
   including:

   * Some security hardening to media uploads
   * Performance improvements
   * Fixes for IIS6 support
   * Fixes for taxonomy and PATHINFO (/index.php/) permalinks
   * Fixes for various query and taxonomy edge cases that caused some plugin
   compatibility issues

   Version 3.1.1 also addresses three security issues discovered by
   WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
   team. The first hardens CSRF prevention in the media uploader. The
   second avoids a PHP crash in certain environments when handling
   devilishly devised links in comments, and the third addresses an XSS
   flaw.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Apr 9 00:57:42 2011 UTC (13 years ago) by morr
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Update to wordpress 3.1.1.

This maintenance and security release fixes almost thirty issues in 3.1,
including:

* Some security hardening to media uploads
* Performance improvements
* Fixes for IIS6 support
* Fixes for taxonomy and PATHINFO (/index.php/) permalinks
* Fixes for various query and taxonomy edge cases that caused some plugin
compatibility issues

Version 3.1.1 also addresses three security issues discovered by
WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
team. The first hardens CSRF prevention in the media uploader. The
second avoids a PHP crash in certain environments when handling
devilishly devised links in comments, and the third addresses an XSS
flaw.

Revision 1.16 / (download) - annotate - [select for diffs], Sun Feb 27 10:30:16 2011 UTC (13 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

Update to wordpress-3.1.

Changes:
* Internal Linking - click a button for an internal link and it allows
you to search for a post or browse a list of existing content and select it
for inclusion.
* Admin Bar - contains various links to useful admin screens. By default,
the admin bar is displayed when a user is logged in and visiting the site
and is not displayed in admin screens for single blog installs. For multisite
installs, the admin bar is displayed both when visiting the site and in the
admin screens.
* Streamlined Writing Interface - new users of WordPress will find the write
screen much less cluttered than before, as more of the options are hidden by
default. You can click on Screen Options in the top right to bring them back.
* Post Formats - meta information that can be used by themes to customize
presentation of a post. Read more in the article Post Formats.
* Network Admin - move Super Admin menus and related pages out of the regular
admin and into a new Network Admin screen.
* List-type Admin Screens - sortable columns for list-type screens and better
pagination.
* Exporter/Importer Overhaul - many under the hood changes including adding
author information, better handling for taxonomies and terms, and proper
support for navigation menus.
* Custom Content Type Improvements - allows developers to generate archive
pages, and have better menu and capability controls.
* Advanced Queries - allows developers to query multiple taxonomies and custom
fields.
* Refreshed Blue Admin Color Scheme - puts the focus more squarely on your
content.

More changes at http://codex.wordpress.org/Version_3.1

Revision 1.14.2.1 / (download) - annotate - [select for diffs], Fri Feb 11 04:31:47 2011 UTC (13 years, 2 months ago) by sbd
Branch: pkgsrc-2010Q4
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #3349 - requested by morr
www/wordpress update

Revisions pulled up:
- pkgsrc/www/wordpress/Makefile		1.15
- pkgsrc/www/wordpress/distinfo		1.11

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Thu Feb 10 10:25:50 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.0.5. Changes:

   * Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer
     additional sanitization to various fields. Affects users of the
     Author or Contributor role.
   * Fix XSS bug: Preserve tag escaping in the tags meta box. Affects
     users of the Author or Contributor role.
   * Fix potential information disclosure of posts through the media
     uploader. Affects users of the Author role.
   * Enhancement: Force HTML filtering on comment text in the admin
   * Enhancement: Harden check_admin_referer() when called without
     arguments, which plugins should avoid.
   * Update the license to GPLv2 (or later) and update copyright
     information for the KSES library.

Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 10 10:25:50 2011 UTC (13 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Security update to 3.0.5. Changes:

* Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
* Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.
* Fix potential information disclosure of posts through the media uploader. Affects users of the Author role.
* Enhancement: Force HTML filtering on comment text in the admin
* Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid.
* Update the license to GPLv2 (or later) and update copyright information for the KSES library.

Revision 1.11.2.3 / (download) - annotate - [select for diffs], Fri Dec 31 07:12:17 2010 UTC (13 years, 3 months ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.11.2.2: +2 -2 lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)

Pullup ticket #3314 - requested by morr
wordpress critical security update.

Revisions pulled up:
- www/wordpress/Makefile	1.14
- www/wordpress/distinfo	1.10

-------------------------------------------------------------------------
Module Name:	pkgsrc
Committed By:	morr
Date:		Thu Dec 30 22:27:45 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive
  to attribute names. Handle padded entities when checking for bad
  protocols. Normalize entities before checking for bad protocols in
  esc_url().

Revision 1.14 / (download) - annotate - [select for diffs], Thu Dec 30 22:27:45 2010 UTC (13 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)

Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to
attribute names. Handle padded entities when checking for bad protocols.
Normalize entities before checking for bad protocols in esc_url().

Revision 1.11.2.2 / (download) - annotate - [select for diffs], Sun Dec 12 15:34:39 2010 UTC (13 years, 4 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.11.2.1: +1 -1 lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored)

Pullup ticket #3300 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.13
- www/wordpress/distinfo			1.9
---
Module Name:	pkgsrc
Committed By:	morr
Date:		Fri Dec 10 23:34:18 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to 3.0.3. Changes:

Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.

Revision 1.13 / (download) - annotate - [select for diffs], Fri Dec 10 23:34:17 2010 UTC (13 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

Security update to 3.0.3. Changes:

Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.

Revision 1.11.2.1 / (download) - annotate - [select for diffs], Tue Dec 7 12:08:21 2010 UTC (13 years, 4 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)

Pullup ticket #3296 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.12
- www/wordpress/PLIST				1.7
- www/wordpress/distinfo			1.8
---
Module Name:	pkgsrc
Committed By:	morr
Date:		Sun Dec  5 16:46:29 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could
  gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can
  easily be abused.
* Fix canonical redirection for permalinks containing %category% with
  nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting
  a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap()
  even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a
  URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for
  upgraded WordPress MU installs

While here, set license.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Dec 5 16:46:28 2010 UTC (13 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)

Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
* Fix canonical redirection for permalinks containing %category% with nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

While here, set license.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Aug 4 07:52:37 2010 UTC (13 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

Update to 3.0.1.

3.0.1:
* Fixed 54 tickets total. A break down of ticket status by component can be found in Trac (http://core.trac.wordpress.org/milestone/3.0.1).
* Added unregister_nav_menu(), for child themes.

3.0:
* WordPress and WordPress MU have merged, allowing the management of multiple sites (called Multisite) from one WordPress installation.
* New default theme "Twenty Ten" takes full advantage of the current features of WordPress.
* New Custom Menu Management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets.
* Custom Header and Custom Background APIs.
* Contextual help text accessed under the Help tab of every screen in the WordPress administration.
* Ability to set the admin username and password during installation.
* Bulk updating of themes with an automatic maintenance mode during the process.
* Support for Shortlinks.
* Improved Custom Post Types and Custom Taxonomies including hierarchical (category-style) support. (Try the Custom Post Type UI or GD Custom Posts And Taxonomies Tools plugins to see the possibilities.)
* A lighter admin color scheme to increase accessibility and put the focus more squarely on your content.

Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 19 22:34:02 2010 UTC (14 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.9: +7 -7 lines
Diff to previous 1.9 (colored)

Update to 2.9.2

2.9.2:
    * Fixed problem where where logged in users can peek at trashed posts belonging to other authors.
    * Fixed other issues

2.9.1:
    * Fixed problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts
    * Fixed other issues

2.9:

 User Features

    * Trash status for posts, pages, and comments (includes restore and permanent delete)
    * Add support for 'include' and 'exclude' to [gallery] (Gallery Shortcode)
    * Allow user registration to be enabled by an XMLRPC client
    * Add support for sticky posts to the WXR exporter and importer
    * 'rel=canonical' for singular pages
    * Scroll back to the same location after saving a file in the Plugin and Theme editors
    * Correct comments and remove unnecessary echos from the default themes sidebar template file
    * Enable the APP (Atom) attachment file download to work correctly
    * Support location of category templates based on 'category-slug' as well as 'category-id' (Ticket 10614)
    * Support location of tag templates based on 'tag-id' as well as 'tag-slug' (Ticket 10868)
    * Support location of page templates based on 'page-slug' and 'page-id'
    * Set "Allow my blog to appear in search engines" to checked in installation
    * Don't offer to make a category its own parent
    * Remove Sphere from search list
    * Minify admin CSS
    * Show correct max upload filesize error message
    * Add 'rel' attribute to next/previous post links
    * Make the default and classic themes comment textareas valid XHTML
    * Clean up '.button' and '.button[disabled]' CSS classes, add 'spinner' and 'gray-out' buttons after clicking Publish or Update post
    * Fix race condition with autosave when clicking Publish immediately after entering post title
    * Add Comments for Pages in the WordPress Default theme
    * Define '$content_width' for Kubrick
    * Better feedback on publishing of future posts and pages
    * Display comments in descending date order, consistently
    * Add means of automatically repairing tables
    * Press This bookmarklet fixes
    * Give plugins and themes simple control over the text displayed at the end of an autogenerated Excerpt
    * Don't show "Change Permalinks" button when editing the page set as "Front page"
    * Image editing
    * Retire BunnyTags importer
    * Retire Jerome's keywords importer
    * Explain that the permalink is temporary for autosave generated permalinks
    * Update SimplePie to 1.2
    * Eliminate the redundant and confusing comment threading depth of 1
    * Easier Embeds with oEmbed support (see Ticket #10337) (oEmbed discovery disabled by default, use plugin to enable it)
    * TinyMCE 3.2.7
    * Remove rel='tag' on links in Tag Clouds
    * Add a title to the Home link output by wp_page_menu()
    * Adjust comment moderation keyboard shortcut keys 'd = trash' or delete depending on the screen
    * Show "Draft updated" instead of "Post updated" when saving draft
    * Show the login form in a popup when autosave hits the login grace period
    * Open View/Preview post in a new window from the link in the Saved/Updated message
    * Separate fields for 'image alt' and 'image caption' in Media uploader
    * Display better information about broken themes when there is no stylesheet
    * Improve situation when tables such as wp_options table were 'corrupt' new installation message was offered. Add means of automatically repairing tables
    * Export and import custom taxonomies
    * Admin copy improvements
    * Don't show page templates in the drop down if they are in a subdirectory
    * Make codex link open in a new window
    * Change 'Remove' link on widgets to 'Delete' because it doesn't just remove it, it deletes the settings for that widget instance.

Development, Themes, Plugins

    * Added 'excerpt_more' filter to wp_trim_excerpt() function, which allow developers to change excerpt '[...]' more string (Ticket 10395)
    * Add 'smilies_src' filter so plugins can better add smilies
    * Canonical redirects for post name queries
    * Allow _wp_get_comment_list() to handle custom comment types
    * Return an empty array instead of false for get_children() when no children found
    * Add some filters so that HTTP requests can be filtered
    * Move plugin update notice output to the plugin specific hook
    * Limit wp-mail 'blog by email' checks to every 5 minutes
    * Make it much easier to filter contact methods from user profiles
    * Allow filtering of get_edit_post_link for custom post_type
    * 'get_sample_permalink_html' filter
    * Enforce activation key to be a string, reject activation keys that are arrays
    * Support for new post types
    * Respect custom post_type in queries
    * Send Retry-After header when in maintenance mode
    * Various WP Filesystem related fixes and documentation
    * Add constants for ftp connections timeouts
    * Increase timeout on cron-based requests when checking for upgrades
    * Don't use has_action() before do_action() in http.php
    * Speed up jQuery based scripts
    * Use the current user as author for autosave
    * Show My Posts as default view on the Edit Posts screen for users without 'edit_others_posts' cap
    * Ensure that drafts viewed over XMLRPC have a correct gmt date set
    * Pass user id to 'get_' the_author_meta filters
    * Move _wp_get_user_contactmethods() into the registrations functions file
    * Machine parseable db error codes
    * Add global JS vars and actions to the media uploader iframe
    * Add JSON compat for PHP < 5.2
    * Make option_name the primary key for the options table
    * Allow a plugin to do a complete takeover of Post by Email
    * Logarithmic scale for tag cloud
    * Pass Post ID to the 'get_comments_number' filter
    * Always filter the url in the media upload form
    * Add a 'the_terms' filter
    * is_blog_installed() improvements
    * Allow force_ssl_admin() to properly accept false as a value
    * Pass logged_in cookie to async-upload and filter the cookie scheme in auth_redirect()
    * Add more actions around database add/delete/update operations
    * phpDoc for wp_"check|set"_post_lock functions
    * Use the old strings which are more translator friendly and add a generic default string to aid re-use by plugins adding post_types
    * Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field()
    * Use null instead of 0 when setting content length
    * Include 'hidden' directories in filesystem dirlist by default
    * Pass args array to 'wp_list_pages' filter
    * Actions for taxonomy updates
    * Key should be 'comment_id' not 'post_id' in comments table
    * Add get_delete_post_link () to retrieve delete posts link for post
    * Add 'separator' parameter to wp_tag_cloud() and wp_generate_tag_cloud() functions (Ticket 10315)
    * Added add_comment_meta() family of functions
    * Use a post_parent of 0 instead of -1 to indicate unattached posts
    * Improve get_page_hierarchy() function
    * Deprecate the_content_rss(), add the_content_feed() and get_the_content_feed(). Convert places that called the_content_rss() with an excerpt length to the_excerpt_rss(). Remove the rss_excerpt_length option. Use the_content_feed() where the_content() was previously used in feeds.
    * Add 'pad_counts' argument to wp_dropdown_categories()
    * Remove codepress
    * Remove the php-gettext library
    * Canonical post thumbanils
    * Add a filter to the_author_posts_link()
    * Merge post.js with page.js and slug.js, optimize categories and tags JS, standardize postboxes IDs and JS
    * Introduce register_theme_directory() which takes a wp-content-relative path and will additionally scan it for themes. Plugins can use this to add themes without requiring copying by the user
    * Add set_user_role action hook
    * Allow theme devs to change attrs (like CSS class) of thumbnail images
    * Add wp-post-image CSS class to post images
    * Allow for plugins to enhance the number of metadata fields captured from plugin and theme headers
    * Merge updated pomo code
    * Switch to using NOOP_Translations for untranslated sites
    * Improve wptexturize performance
    * Provide context to the strings in the Plugin and Theme installers to allow for different grammatical gender
    * Fixes for theme subdir support
    * Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data
    * Add 'orderby=comment_count' argument to query_posts()
    * Honor Post Type for Sticky Posts
    * Allow querying multiple post types
    * Introduce add_theme_support(feature) and current_theme_supports(feature) for announcing and checking theme support for various features
    * Introduce require_if_theme_supports()
    * Add number of Embed related filters
    * Add 'IMAGE_EDIT_OVERWRITE' constant to control edited image save or replace, most useful for setups that have dynamic image resizing
    * Add load_child_theme_textdomain() to allow child themes to have their own translation files
    * Add sidebar descriptions to sidebar settings and widget admin screen
    * Make option_id primary. Add uniques for option_name and autoload
    * Allow plugins to override the behaviour of load_textdomain() in a variety of flexible ways
    * Mark _c() as deprecated. The new _x() function should be used instead.
    * Allow plugins to change the redirect on post/page publishing/submitting
    * Standardize on 'user_id' instead of 'user_ID' when passing comment data. Accept either 'user_id' or 'user_ID'. Remove 'user_id' global.
    * Filter imported comments
    * Introducing set_post_image_size(w, h, crop) so themes can register their special size/crop for canonical post images
    * Standardize around "post image" instead of "post thumbnail"
    * Allow registering post image support per post type
    * Return false from is_paged() if on the first page.
    * Check MySQL and PHP versions when auto upgrading
    * Add required php and mysql versions to version.php
    * Hard code required version in update-core.php

PR pkg/42765

Revision 1.9 / (download) - annotate - [select for diffs], Sun Mar 21 22:47:34 2010 UTC (14 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)

Revert unintentional part of last revision

Revision 1.8 / (download) - annotate - [select for diffs], Sun Mar 21 08:56:58 2010 UTC (14 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Take over maintenance

Revision 1.7 / (download) - annotate - [select for diffs], Sat Mar 20 21:32:41 2010 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)

Don't have time to MAINTAIN these anymore, so back to pkgsrc-users@

Revision 1.5.2.1 / (download) - annotate - [select for diffs], Fri Nov 13 11:07:27 2009 UTC (14 years, 5 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)

Pullup ticket #2933 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.6
- www/wordpress/PLIST				1.4
- www/wordpress/distinfo			1.5
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Thu Nov 12 22:05:55 UTC 2009

Modified Files:
        pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with
define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations

Revision 1.6 / (download) - annotate - [select for diffs], Thu Nov 12 22:05:55 2009 UTC (14 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations

Revision 1.1.1.1.2.3 / (download) - annotate - [select for diffs], Fri Aug 14 10:02:07 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.2: +1 -1 lines
Diff to previous 1.1.1.1.2.2 (colored) to branchpoint 1.1.1.1 (colored) next main 1.2 (colored)

Pullup ticket #2864 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.5
- www/wordpress/distinfo		1.4
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Wed Aug 12 20:21:10 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Update to 2.8.4 to fix security issue:
	http://wordpress.org/development/2009/08/2-8-4-security-release/

Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 12 20:21:10 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Update to 2.8.4 to fix security issue:
	http://wordpress.org/development/2009/08/2-8-4-security-release/

Revision 1.1.1.1.2.2 / (download) - annotate - [select for diffs], Wed Aug 5 10:37:39 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.1: +1 -1 lines
Diff to previous 1.1.1.1.2.1 (colored) to branchpoint 1.1.1.1 (colored)

Pullup ticket #2848 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.4
- www/wordpress/distinfo		1.3
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Aug	 4 21:32:40 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
WordPress 2.8.3 Security Release

Unfortunately, I missed some places when fixing the privilege escalation issues
for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several
folks in the community dug deeper and discovered areas that were overlooked.
With their help, the remaining issues are fixed in 2.8.3.  Since this is a
security release, upgrading is highly recommended.

Revision 1.4 / (download) - annotate - [select for diffs], Tue Aug 4 21:32:40 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

WordPress 2.8.3 Security Release

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.

Revision 1.1.1.1.2.1 / (download) - annotate - [select for diffs], Tue Jul 28 22:11:14 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1: +1 -1 lines
Diff to previous 1.1.1.1 (colored)

Pullup ticket #2843 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.3
- www/wordpress/PLIST			1.3
- www/wordpress/distinfo		1.2
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Jul 28 21:20:20 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an
option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.3 / (download) - annotate - [select for diffs], Tue Jul 28 21:20:20 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 7 18:35:39 2009 UTC (14 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)

Fix user-destdir.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Apr 6 11:31:02 2009 UTC (15 years ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Import of wordpress 2.7.1 from pkgsrc-wip
Initiall packaged by shinden@linux.pl and then hacked by me

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 6 11:31:02 2009 UTC (15 years ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Diffs between
and

Preferred Diff type:
View only Branch:
Sort log by:

CVSweb <webmaster@jp.NetBSD.org>