Up to [cvs.NetBSD.org] / pkgsrc / www / wordpress
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.108 / (download) - annotate - [select for diffs], Wed Mar 6 14:02:59 2024 UTC (6 weeks, 2 days ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
HEAD
Changes since 1.107: +2 -2
lines
Diff to previous 1.107 (colored)
www/wordpress: use tab instead of spaces
Revision 1.107 / (download) - annotate - [select for diffs], Tue Feb 27 23:09:39 2024 UTC (7 weeks, 2 days ago) by morr
Branch: MAIN
Changes since 1.106: +5 -2
lines
Diff to previous 1.106 (colored)
Update to version 6.4.3. Changelog: 6.4.3: WordPress 6.4.3 includes 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes. The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release: - m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges). - @_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability. The 6.4.3 release was led by Sarah Norris, Joe McGill, and Aaron Jorbin. 6.4.2: WordPress 6.4.2 fixes 7 Big fixes #59819 - Change CSS align-item from start / end to flex-start / flex-end for full browser support #59821 - Irrelevant comment for translators #59847 - Since WordPress 6.4, the functions.php of a theme moved to a different location using register_theme_directory is no longer called #59869 - Incorrect reference in docblock for _register_theme_block_patterns #59882 - Expose serialized template content to callbacks registered to the `hooked_block_types` filter. #59891 - Incorrect example for WP_HTML_Tag_Processor class #59935 - Site editor: logo The security team addressed the following vulnerability in WordPress 6.4.2 - A Remote Code Execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installations. The 6.4.2 release was led by @jorbin. 6.4.1: WordPress 6.4.1 fixes 4 regressions introduced in version 6.4. Fixed Core tickets from trac: #59830 - Administration: Typos in wp_admin_notice() arguments #59837 - Categories are removed when bulk editing posts #59842 - WordPress 6.4 wp_remote_get (cURL error 28: Operation timed out) #59846 - Reinstate the wpdb::$use_mysqli property The 6.4.1 release was lead by @jorbin and @hellofromtonya. 6.4: - Meet Twenty Twenty-Four Experience site editing at its finest with Twenty Twenty-Four. This new multi-faceted default theme has been thoughtfully crafted with three distinct use cases in mind, from writers and artists to entrepreneurs. Save time and effort with its extensive collection of over 35 templates and patterns - and unlock a world of creative possibilities with a few tweaks. Twenty Twenty-Four's remarkable flexibility ensures an ideal fit for almost any type of site. Check it out in this demo. - Let your writing flow New enhancements ensure your content creation journey is smooth. Find new keyboard shortcuts in List View, smarter list merging, and enhanced control over link settings. A cohesive toolbar experience for the Navigation, List, and Quote blocks lets you work efficiently with the tooling options you need. - The Command Palette just got better First introduced in WordPress 6.3, the Command Palette is a powerful tool to quickly find what you need, perform tasks efficiently, and speed up your building workflow. Enjoy a refreshed design and new commands to perform block-specific actions in this release. - Categorize and filter patterns Patterns are an excellent way to leverage the potential of blocks and simplify your site-building process. WordPress 6.4 allows you to organize them with custom categories. Plus, new advanced filtering in the Patterns section of the inserter makes finding all your patterns more intuitive. - Get creative with more design tools Build beautiful and functional layouts with an expanded set of design tools. Play with background images in Group blocks for unique designs and maintain image dimensions consistent with placeholder aspect ratios. Do you want to add buttons to your Navigation block? Now you can do it conveniently without a line of code. - Make your images stand out Enable lightbox functionality to let your site visitors enjoy full-screen, interactive images on click. Apply it globally or to specific images to customize the viewing experience. - Rename Group blocks Set custom names for Group blocks to organize and distinguish areas of your content easily. These names will be visible in List View. - Preview images in List View New previews for Gallery and Image blocks in List View let you visualize and locate where images on your content are at a glance. - Share patterns across sites Need to use your custom patterns on another site? Import and export them as JSON files from the Site EditorãàÑÔ patterns view. - Introducing Block Hooks Block Hooks enables developers to automatically insert dynamic blocks at specific content locations, enriching the extensibility of block themes through plugins. While considered a developer tool, this feature is geared to respect your preferences and gives you complete control to add, dismiss, and customize auto-inserted blocks to your needs. - Performance wins This release includes more than 100 performance-related updates for a faster and more efficient experience. Notable enhancements focus on template loading performance for themes (including Twenty Twenty-Four), usage of the script loading strategies "defer" and "async" in core, blocks, and themes, and optimization of autoloaded options. - Accessibility highlights Every release is committed to making WordPress accessible to everyone. WordPress 6.4 brings several List View improvements and aria-label support for the Navigation block, among other highlights. The admin user interface includes enhancements to button placements, "Add New" menu items context, and Site Health spoken messages. Learn more about all the work aimed at improving accessibility in this post. - Other notes of interest PHP 8.1 or 8.2 are recommended for use with WordPress 6.4. Find in-depth details on PHP support in this post. WordPress 6.4 disables attachment pages for new installations. 6.3: - Do everything in the Site Editor WordPress 6.3 brings your content, templates, and patterns together in the Site Editor for the first time. Add pages, browse style variations, create synced patterns, and enjoy fine-tuned control over navigation menus. Spend less time switching across different site areas - so you can focus on what matters most. Creation to completion, all in one place. - Preview Block themes Experience block themes before you switch and preview the Site Editor, with options to customize directly before committing to a new theme. - Create and sync patterns Arrange blocks and save them to the 'My Patterns' section for use throughout your site. You can even specify whether to sync your patterns (previously referred to as "Reusable blocks") so that one change applies to all parts of your site. Or, utilize patterns as a starting point with the ability to customize each instance. - Work faster with the Command Palette Switch to a specific template or open your editor preferences with a new tool that helps you quickly access expanded functionality. With simple keyboard shortcuts (mac+k on Mac or Ctrl+k on Windows), clicking the sidebar search icon in Site View, or clicking the Title Bar, get where you need to go and do what you need to do in seconds. - Sharpen your designs with new tools New design controls bring more versatility for fine-tuning, starting with the ability to customize your captions from the Styles interface without coding. You can manage your duotone filters in Styles for supported blocks and pick from the options provided by your theme or disable them entirely. The Cover block gets added settings for text color, layout controls, and border options, making this powerful block even more handy. - Track design changes with Style revisions With a new audit trail, you can now see how your site looked at a specific time. Visualize these revisions in a timeline and access a one-click option to restore prior styles. - Annotate with the Footnotes block Footnotes add convenient annotations throughout your content. Now you can add and link footnotes for any paragraph. - Show or hide content with the Details block Use the Details block to avoid spoiling a surprise, create an interactive Q&A section, or hide a long paragraph under a heading. - Performance gets a boost WordPress 6.3 has 170+ performance updates, including defer and async support for the Scripts API and fetchpriority support for images. These improvements, along with block template resolution, image lazy-loading, and the emoji loader, can dramatically improve your website's perceived load time. - Accessibility remains a core focus Incorporating more than 50 accessibility improvements across the platform, WordPress 6.3 is more accessible than ever. Improved labeling, optimized tab and arrow-key navigation, revised heading hierarchy, and new controls in the admin image editor allow those using assistive technologies to navigate more easily. - Other highlights - Set aspect ratio on images Specify your aspect ratios and ensure design integrity, especially when using images in patterns. - Build your site distraction-free Distraction-free designing is now available in the Site Editor. - Rediscover the Top Toolbar A revamped Top Toolbar offers parent selectors for nested blocks, options when selecting multiple blocks, and an interface embedded into the title bar with new functionality in mind. - List View improvements Drag and drop to every content layer and delete any block you would like in the updated List View. - Build templates with Patterns Create unique patterns to jumpstart template creation with a new modal enabling access to pattern selection. 6.2: - Meet the reimagined Site Editor An updated interface gives you more control over your site editing experience. Explore full previews of your templates and template parts, then jump in and get to editing your site from wherever you choose. - Manage your menu in more ways with the Navigation block A new sidebar experience makes it easier to edit your site's navigation. Add, remove, and reorder menu items fasterãàÇÏo matter how complex your menus are. - Discover a smoother experience for the Block Inserter A refreshed design gives you more visibility and easier access to the content you need. Use the Media tab to drag and drop content from your existing Media Library quickly. Find patterns faster with a split view that lets you navigate categories and see previews all at once. - Find the controls you want when you need them Your block settings sidebar is better organized with tabs for Settings and Styles. So the tools you need are easy to identify and access. - Build faster with headers and footers for block themes Discover a new collection of header and footer patterns. Use them with any block theme as a quick, high-quality starting point for your site's templates. - Explore Openverse media right from the Editor Openverse's library catalogs over 600 million free, openly licensed stock images and audio - and now it's directly integrated into the Editor. - Focus on writing with Distraction Free mode For those times you want to be alone with your ideas. You can now hide all your panels and controls, leaving you free to bring your content to life. - Experience the Site Editor, now out of beta Stable and ready for you to dive in and explore: 6.2 is your personal invitation to discover what the next generation of WordPress - and block themes - can do. - Meet the new Style Book Get a complete overview of how every block in your site's library looks. All in one place, all at a glance. - Copy and paste styles Perfect the design on one type of block, then copy and paste those styles to other blocks to get just the look you want. - Custom CSS Power up your site any way you wish. Add CSS to your site, or your blocks, for another level of control over your site's look and feel. - Sticky positioning Choose to keep top-level group blocks fixed to the top of a page as visitors scroll. - Importing widgets Options to import your favorite widgets from Classic themes to Block themes. - Local fonts in themes Default WordPress themes offer better privacy with Google Fonts now included.
Revision 1.106 / (download) - annotate - [select for diffs], Mon Nov 28 09:26:18 2022 UTC (16 months, 3 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.105: +2 -2
lines
Diff to previous 1.105 (colored)
Update to version 6.1. Changes: - Twenty Twenty-Three: A fresh default theme with 10 distinct style variations After the introduction of foundational elements for block themes and style variations introduced by the 5.9 and 6.0 releases WordPress site builders welcome a new default theme, Twenty Twenty-Three, that is powered by 10 different styles and tagged as "Accessibility Ready." These intentionally unique ensure users can apply a different look and feel to their site with a single click-all within a single theme. - New templates for an improved creator experience Additional new and more refined templates now give site builders more control over the creation of their sites. In this suite of new templates find a custom template for posts & pages in the Site Editor. Create and edit template parts like headers and footers more quickly with a new search-and-replace tool and easily view your new site. - Design tools for more consistency and control Thoughtful upgrades to the controls for design elements and blocks make laying out and building your new site a more consistent, complete, and intuitive experience. - Manage menus with ease New fallback options in the navigation block mean you can edit the menu that's open; no searching needed. Plus, the controls for choosing and working on menus have their own place in the block settings. The mobile menu system also gets an upgrade with new features, including different icon options, to make the menu yours. - Cleaner layouts and document settings visualization View and manage post and page settings with a better-organized display improving the use of features like template picker and scheduler. - One-click lock setting for all inner blocks When locking blocks, a new toggle lets you apply your lock settings to all the blocks in a containing block like the group, cover, and column blocks. - Improved block placeholders Various blocks have improved placeholders that reflect customization options to help you design your site and its content. For example, the Image block placeholder displays custom borders and duotone filters even before selecting an image. - Compose richer lists and quotes with inner blocks The List and Quote blocks now support inner blocks, allowing for more flexible and rich compositions like adding headings inside your Quote blocks. - More Responsive text with fluid typography Fluid typography lets you define font sizes that adapt for easy reading in any screen size. - Add starter patterns to any post type In WordPress 6.0, when you created a new page, you would see suggested patterns so you did not have to start with a blank page. In 6.1, you will also see the starter patterns modal when you create a new instance of any post type. - Find block themes faster The Themes Directory has a filter for block themes, and a pattern preview gives a better sense of what the theme might look like while exploring different themes and patterns. - Keep your Site Editor settings for later Site Editor settings are now persistent for each user. This means your settings will now be consistent across browsers and devices. - A streamlined style system The CSS rules for margin, padding, typography, colors, and borders within the styles engine are now all in one place, reducing time spent on layout-specific tasks and helps to generate semantic class names. - Updated interface options and features Updates include styling elements like buttons, citations, and links globally; controlling hover, active, and focus states for links using theme.json (not available to control in the interface yet); and customizing outline support for blocks and elements, among other features. - Continued evolution of layout options The default content dimensions provided by themes can now be overridden in the Styles Sidebar, giving site builders better control over full-width content. Developers have fine-grained control over these controls. - Block Template parts in classic themes Block template parts can now be defined in classic themes by adding the appropriate HTML files `parts` directory at the root of the theme. - Expanded support for Query Loop blocks New filters let Query Block variations support custom queries for more powerful variations and advanced hierarchical post types filtering options. - Filters for all your styles Leverage filters in the Styles sidebar to control settings at all four levels of your siteãàÇÄore, theme, user, or block, from less to more specific. - Spacing presets for faster, consistent design Save time and avoid hard-coding values into a theme with preset margin and padding values for multiple blocks. - Content-only editing support for container blocks Thanks to content-only editing settings, layouts can be locked within container blocks. In a content-only block, its children are invisible to the List View and entirely uneditable. So you control the layout while your writers can focus on the content. Combine it with block-locking options for even more advanced control over your blocks. - Other notes of interest 6.1 includes a new time-to-read feature showing content authors the approximate time-to-read values for pages, posts, and custom post types. The site tagline is empty by default in new sites but can be modified in General Settings. A new modal design offers a background blur effect, making it easier to focus on the task at hand. - Enhancing WordPress 6.1 accessibility Accessibility is an integral part of the WordPress mission of fostering an inclusive community and supporting users of all types around the world. With this in mind, WordPress 6.1 includes nearly 60 updates specifically focused on enhancing the accessibility of the platform. Read about these updates to learn more about the continual initiatives aimed at improving accessibility. - Improved performance in WordPress 6.1 WordPress 6.1 resolves more than 25 tickets dedicated to enhancing performance with improvements for every type of site. A full breakdown can be found in the Performance Field Guide. Explore learn.wordpress.org for brief how-to videos and lots more on new features in WordPress. Or join a live interactive online workshop on a specific WordPress topic. Developers can explore the WordPress 6.1 Field Guide, complete with detailed developer notes to help you build with and extend WordPress.Read the WordPress 6.1 Release Notes for more information on the included enhancements and issues fixed, installation information, developer notes and resources, release contributors, and the list of file changes in this release.
Revision 1.105 / (download) - annotate - [select for diffs], Sat Apr 9 15:07:15 2022 UTC (2 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2
Changes since 1.104: +2 -2
lines
Diff to previous 1.104 (colored)
Update to version 5.9.3. Changes: Maintenance updates This maintenance release features 9 bug fixes in Core and 10 bug fixes in the block editor. The following core tickets from Trac were fixed: #52409 Filesystem API: Include the ssh-ed25519 public key signature algorithm as an alternative to ssh-rsa #54878 Themes: Hide block themes live preview link following installation #54916 Administration: Do not specify menu order for the Widgets menu when the active theme is a block theme #54939 Customizer: When a block theme is active, add an information about Site Editor in the Customizer #55203 Media: Make get_post_galleries() only return galleries #55241 Themes: Avoid undefined variable warning on get_svg_filters() #55311 Editor: Fix broken asset URLs when using WP outside of the regular directory #55337 Editor: Optimize preload paths for post and site editors #55474 Update WordPress packages for 5.9.3 The following block editor issues from GitHub were fixed: PR38136 Adds aria-label to the search button, as accessibility enhancement PR38863 Template List: Decode entities in record titles PR38891 Use wp_unique_id() instead of uniqid() to generate CSS class names PR38765 Cover block: Fix gradient overlay (remove black background color) PR39045 Try: Fix image responsive rules PR38762 Fixes #38761 by removing obsolete ::before pseudo element PR39091 Avoid error when ãàÏÔtylesãàsettings are removed PR39164 Change location of block support styles in <head> PR39340 Image: Restore baseline responsiveness in the block PR39445 Fix: Table block doesnãàÑÕ keep background color
Revision 1.101.4.2 / (download) - annotate - [select for diffs], Sun Mar 13 18:48:14 2022 UTC (2 years, 1 month ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.101.4.1: +2 -2
lines
Diff to previous 1.101.4.1 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)
Pullup ticket #6600 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.103-1.104 - www/wordpress/PLIST 1.51 - www/wordpress/distinfo 1.87-1.88 --- Module Name: pkgsrc Committed By: morr Date: Tue Feb 22 23:14:24 UTC 2022 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to version 5.9.1 Changes for 5.9 are too big to list. You can view them here: \ https://wordpress.org/news/2022/01/josephine/ Changes in 5.9.1: WordPress 5.9.1 features 33 bug fixes on Core, as well as 52 bug fixes for the Block \ Editor. The WordPress 5.9.1 release was led by Jean-Baptiste Audras and George \ Mamadashvili. The following core tickets from Trac were fixed: #54250 Twenty Twenty One: Editor Buttons margins incompatible with gap #54782 Default presets in use by default themes need to be updated #54844 Unnecessary database queries when a block theme isn't in use #54849 Site transients cause DB errors when installing #54862 FSE Navigation Block Styling Submenu #54886 "Show hidden updates" button is invisible #54889 Cannot access "Manage menus" in Navigation block toolbar when running a \ classic theme #54896 TT2: Blank screen displayed for custom post type #54900 PHP warning in `WP_REST_Global_Styles_Controller` if no `styles` exist in \ theme.json #54902 Media Library Overlay Drag-and-Drop To Reorder Images Does Not \ Work In WP 5.9 #54904 Bounce hoverIntent.js version in script-loader to 10.1.2 #54906 Check _get_cron_array type in upgrade_590 routine #54908 Standard post type UI is exposed for templates and template parts #54911 Twenty Twenty-Two: Theme Check Plugin issue for the image size #54922 Normalizing CSS also catches CSS IDs instead of only URLs #54928 Twenty Twenty-Two: 404 search label should be translated #54929 Twenty Twenty-Two: Pricing Table pattern header levels should be \ consistent #54944 By applying a background color to a group block, it aligns to the \ left in the editor #54955 Custom fields issue #54960 Media Library Dragging Option Isn't Reflected #54977 Dashboard welcome banner: fix bug when displayed in certain contexts #55018 Twenty Twenty-Two â¬â Update theme URI link #55072 Widgets editor: Widget Group is missing .wp-widget-group__inner-blocks \ container #55103 Twenty Twenty-Two: Restore padding for Group blocks with a \ background color #55109 Plugins no longer download to tmp folder #55148 In block themes, styles should load in the head #55151 View scripts of blocks are loaded in editor #55161 Full Site Editing: PHP Warning with incomplete presets #55177 Normalizing relative CSS links should skip data URIs #55178 Allow fully extending WP_Theme_JSON and WP_Theme_JSON_Resolver classes #55179 Backport bugfixes from Gutenberg into Core for WP 5.9.1 #55188 Block styles should load after global styles in the editor #55190 Global styles duotone not rendering in post editor The following block editor issues from GitHub were fixed: PR38857 Fix for late static binding in the resolver PR38780 Block Editor: Add settings to enable/disable auto anchor generation PR38750 Load block support styles in the head for block themes PR38745 Fix global styles loading logic PR38695 Site Editor: Limit template part slugs to Latin chars PR38671 Allow extending the WP_Theme_JSON_Gutenberg class PR38656 Edit Site: Add template check to â¬Ë×ÔetPage' action PR38655 Add site editor initial redirect error handling PR38649 Fix search block html handling for label and button text PR38642 Gallery block: copy all attributes when transforming to Image blocks PR38625 Allow child classes to use the private methods and constants PR38561 Only apply the social links block migration if there's a need for a \ migration PR38516 Block preview: fix resize listener PR38442 Duotone: Allow users to specify custom filters PR38432 Remove the aria-label from the site title block PR38399 Images: Try moving responsive rule to common.scss. PR38362 Cover block: Add back missing styles PR38310 Gallery block: fix bug with link destination default option not being \ set PR38189 Gallery: Ensure the last image takes up all available space PR38070 Post Editor: Fix template queries PR37983 Tree Grid: Fix keyboard navigation for expand/collapse table rows in \ Firefox PR37954 Fix duotone render in non-fse themes PR37941 Unset inherited backgrounds on Posts Lists PR37895 Site Editor: Fix broken â¬Ë׳edo' by removing faulty logic for discarding \ unsaved Logo changes PR37885 Load the global styles before the theme styles in the \ editor PR37853 Block.json schema: update fontSize and lineHeight props PR37840 [History]: Fix redo after update/publish with transient edits PR37778 Update core/archive block schema to reflect no block-level settings \ support PR37774 Spacer: Fix unit settings filter PR37762 Schema: Fix appearanceTools in theme.json schema PR37650 Site Editor: Add keyboard shortcut help modal PR37647 Site Editor: Add the "Help" link to the tools menu PR37644 Fix: Coloring panel is unusable in RTL PR37569 Docs: Add automated theme.json reference documentation PR37493 Update: make color style labels simpler PR37486 Show UI warning if Pages cannot be retrieved in Page List block PR37474 Fix empty gray circle when site has no logo on template list page PR37430 Update: Allow color gradient popover to be above the color toggle PR37425 Border panel: Collapse color controls PR37248 Site editor â¬â try redirecting to homepage before the react render PR37165 Remove versioning in theme schema descriptions PR37067 Update: PanelColorGradientSettings to use dropdowns PR37034 Block Editor: Handle the absence of href attrib in links PR36917 Update theme.json version PR36746 Update theme.json schema to allow for per-block management of settings PR36540 Post Featured Image: Move width and height controls into the Dimensions \ panel via SlotFill PR36411 Schemas: Allow custom blocks in theme.json styles PR36343 Add pattern to name key in block.json Schema PR36295 Schema: Allow block.json attribute type to be an array PR36236 Fix duotone theme cache PR36186 Spacer: add custom units for height and width PR30873 Focus save button when entities save states panel is opened --- Module Name: pkgsrc Committed By: morr Date: Sat Mar 12 17:16:30 UTC 2022 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security fix for Wordpress. Fixing 1 bug and 3 security bugs. More informaton here: https://wordpress.org/support/wordpress-version/version-5-9-2/
Revision 1.104 / (download) - annotate - [select for diffs], Sat Mar 12 17:16:30 2022 UTC (2 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.103: +2 -2
lines
Diff to previous 1.103 (colored)
Security fix for Wordpress. Fixing 1 bug and 3 security bugs. More informaton here: https://wordpress.org/support/wordpress-version/version-5-9-2/
Revision 1.103 / (download) - annotate - [select for diffs], Tue Feb 22 23:14:24 2022 UTC (2 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.102: +2 -2
lines
Diff to previous 1.102 (colored)
Update to version 5.9.1 Changes for 5.9 are too big to list. You can view them here: https://wordpress.org/news/2022/01/josephine/ Changes in 5.9.1: WordPress 5.9.1 features 33 bug fixes on Core, as well as 52 bug fixes for the Block Editor. The WordPress 5.9.1 release was led by Jean-Baptiste Audras and George Mamadashvili. The following core tickets from Trac were fixed: #54250 Twenty Twenty One: Editor Buttons margins incompatible with gap #54782 Default presets in use by default themes need to be updated #54844 Unnecessary database queries when a block theme isnãàÑÕ in use #54849 Site transients cause DB errors when installing #54862 FSE Navigation Block Styling Submenu #54886 "Show hidden updates" button is invisible #54889 Cannot access "Manage menus" in Navigation block toolbar when running a classic theme #54896 TT2: Blank screen displayed for custom post type #54900 PHP warning in `WP_REST_Global_Styles_Controller` if no `styles` exist in theme.json #54902 Media Library Overlay Drag-and-Drop To Reorder Images Does Not Work In WP 5.9 #54904 Bounce hoverIntent.js version in script-loader to 10.1.2 #54906 Check _get_cron_array type in upgrade_590 routine #54908 Standard post type UI is exposed for templates and template parts #54911 Twenty Twenty-Two: Theme Check Plugin issue for the image size #54922 Normalizing CSS also catches CSS IDs instead of only URLs #54928 Twenty Twenty-Two: 404 search label should be translated #54929 Twenty Twenty-Two: Pricing Table pattern header levels should be consistent #54944 By applying a background color to a group block, it aligns to the left in the editor #54955 Custom fields issue #54960 Media Library Dragging Option IsnãàÑÕ Reflected #54977 Dashboard welcome banner: fix bug when displayed in certain contexts #55018 Twenty Twenty-Two ãàUpdate theme URI link #55072 Widgets editor: Widget Group is missing .wp-widget-group__inner-blocks container #55103 Twenty Twenty-Two: Restore padding for Group blocks with a background color #55109 Plugins no longer download to tmp folder #55148 In block themes, styles should load in the head #55151 View scripts of blocks are loaded in editor #55161 Full Site Editing: PHP Warning with incomplete presets #55177 Normalizing relative CSS links should skip data URIs #55178 Allow fully extending WP_Theme_JSON and WP_Theme_JSON_Resolver classes #55179 Backport bugfixes from Gutenberg into Core for WP 5.9.1 #55188 Block styles should load after global styles in the editor #55190 Global styles duotone not rendering in post editor The following block editor issues from GitHub were fixed: PR38857 Fix for late static binding in the resolver PR38780 Block Editor: Add settings to enable/disable auto anchor generation PR38750 Load block support styles in the head for block themes PR38745 Fix global styles loading logic PR38695 Site Editor: Limit template part slugs to Latin chars PR38671 Allow extending the WP_Theme_JSON_Gutenberg class PR38656 Edit Site: Add template check to ãàÏÔetPageãàaction PR38655 Add site editor initial redirect error handling PR38649 Fix search block html handling for label and button text PR38642 Gallery block: copy all attributes when transforming to Image blocks PR38625 Allow child classes to use the private methods and constants PR38561 Only apply the social links block migration if thereãàÑÔ a need for a migration PR38516 Block preview: fix resize listener PR38442 Duotone: Allow users to specify custom filters PR38432 Remove the aria-label from the site title block PR38399 Images: Try moving responsive rule to common.scss. PR38362 Cover block: Add back missing styles PR38310 Gallery block: fix bug with link destination default option not being set PR38189 Gallery: Ensure the last image takes up all available space PR38070 Post Editor: Fix template queries PR37983 Tree Grid: Fix keyboard navigation for expand/collapse table rows in Firefox PR37954 Fix duotone render in non-fse themes PR37941 Unset inherited backgrounds on Posts Lists PR37895 Site Editor: Fix broken ãàϳedoãàby removing faulty logic for discarding unsaved Logo changes PR37885 Load the global styles before the theme styles in the editor PR37853 Block.json schema: update fontSize and lineHeight props PR37840 [History]: Fix redo after update/publish with transient edits PR37778 Update core/archive block schema to reflect no block-level settings support PR37774 Spacer: Fix unit settings filter PR37762 Schema: Fix appearanceTools in theme.json schema PR37650 Site Editor: Add keyboard shortcut help modal PR37647 Site Editor: Add the ãàשelpãàlink to the tools menu PR37644 Fix: Coloring panel is unusable in RTL PR37569 Docs: Add automated theme.json reference documentation PR37493 Update: make color style labels simpler PR37486 Show UI warning if Pages cannot be retrieved in Page List block PR37474 Fix empty gray circle when site has no logo on template list page PR37430 Update: Allow color gradient popover to be above the color toggle PR37425 Border panel: Collapse color controls PR37248 Site editor ãàtry redirecting to homepage before the react render PR37165 Remove versioning in theme schema descriptions PR37067 Update: PanelColorGradientSettings to use dropdowns PR37034 Block Editor: Handle the absence of href attrib in links PR36917 Update theme.json version PR36746 Update theme.json schema to allow for per-block management of settings PR36540 Post Featured Image: Move width and height controls into the Dimensions panel via SlotFill PR36411 Schemas: Allow custom blocks in theme.json styles PR36343 Add pattern to name key in block.json Schema PR36295 Schema: Allow block.json attribute type to be an array PR36236 Fix duotone theme cache PR36186 Spacer: add custom units for height and width PR30873 Focus save button when entities save states panel is opened
Revision 1.101.4.1 / (download) - annotate - [select for diffs], Fri Jan 14 07:33:32 2022 UTC (2 years, 3 months ago) by bsiegert
Branch: pkgsrc-2021Q4
Changes since 1.101: +2 -2
lines
Diff to previous 1.101 (colored)
Pullup ticket #6567 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.102 - www/wordpress/PLIST 1.50 - www/wordpress/distinfo 1.86 --- Module Name: pkgsrc Committed By: morr Date: Mon Jan 10 20:48:20 UTC 2022 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Security update to 5.8.3. Changes since 5.8: 5.8.3 4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues: * Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs. * Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations. * Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query. * Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query. More info on https://wordpress.org/support/wordpress-version/version-5-8-3/ 5.8.2 1 security update and fixed 2 bugs. More info on https://wordpress.org/support/wordpress-version/version-5-8-2/ 5.8.1 3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues: * Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API. * Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in the block editor. * The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes. In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release: * Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release's beta period. * Props Steve Henty for reporting a privilege escalation issue in the block editor. More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
Revision 1.102 / (download) - annotate - [select for diffs], Mon Jan 10 20:48:20 2022 UTC (2 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.101: +2 -2
lines
Diff to previous 1.101 (colored)
Security update to 5.8.3. Changes since 5.8: 5.8.3 4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues: * Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs. * Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations. * Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query. * Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query. More info on https://wordpress.org/support/wordpress-version/version-5-8-3/ 5.8.2 1 security update and fixed 2 bugs. More info on https://wordpress.org/support/wordpress-version/version-5-8-2/ 5.8.1 3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues: * Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API. * Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in the block editor. * The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes. In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release: * Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release's beta period. * Props Steve Henty for reporting a privilege escalation issue in the block editor. More info on https://wordpress.org/support/wordpress-version/version-5-8-1/
Revision 1.101 / (download) - annotate - [select for diffs], Sun Jul 25 11:49:00 2021 UTC (2 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3
Branch point for: pkgsrc-2021Q4
Changes since 1.100: +2 -2
lines
Diff to previous 1.100 (colored)
Welcome to version 5.8. Highlights of this release: - manage widgets with blocks - display posts with new blocks and patterns - overview of the page structure - suggested patterns for blocks - style and colorize images - theme.json - dropping support for IE11 - adding support for WebP - adding additional block supports More details here: https://wordpress.org/support/wordpress-version/version-5-8/
Revision 1.99.2.1 / (download) - annotate - [select for diffs], Sat Jul 24 16:38:46 2021 UTC (2 years, 8 months ago) by bsiegert
Branch: pkgsrc-2021Q2
Changes since 1.99: +2 -2
lines
Diff to previous 1.99 (colored) next main 1.100 (colored)
Pullup ticket #6490 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.100 - www/wordpress/distinfo 1.82 --- Module Name: pkgsrc Committed By: morr Date: Sat Jul 17 15:51:33 UTC 2021 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 5.7.2. Security issue fixed: - Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.
Revision 1.100 / (download) - annotate - [select for diffs], Sat Jul 17 15:51:33 2021 UTC (2 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.99: +2 -2
lines
Diff to previous 1.99 (colored)
Security update to 5.7.2. Security issue fixed: - Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.
Revision 1.99 / (download) - annotate - [select for diffs], Fri Apr 23 06:05:55 2021 UTC (2 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base
Branch point for: pkgsrc-2021Q2
Changes since 1.98: +2 -2
lines
Diff to previous 1.98 (colored)
Security update to 5.7.1. Two security issues affect WordPress versions between 4.7 and 5.7. - thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8 - thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API
Revision 1.98 / (download) - annotate - [select for diffs], Sun Mar 14 17:01:33 2021 UTC (3 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.97: +2 -2
lines
Diff to previous 1.97 (colored)
Update to version 5.7 Highlights of this release: - block editor changes - WP Admin: a new color palette - from HTTP to HTTPS in a single click - new robots API - ongoing cleanup after update to jQuery 3.5.1 - lazy-load your iframes # Lazy-load your iframes More details here: https://wordpress.org/support/wordpress-version/version-5.7/
Revision 1.97 / (download) - annotate - [select for diffs], Sun Feb 28 00:04:11 2021 UTC (3 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.96: +2 -2
lines
Diff to previous 1.96 (colored)
Update to version 5.6.2. Changes: 5.6.2: This maintenance release features 5 bug fixes. These bugs affect WordPress version 5.6.1. WordPress Core changes on Trac: - #52440: Prevent the "Leave site" browser alert in Classic Editor when post title, excerpt, or post content fields are missing. - #52018: Avoid a fatal error in PHP 8.0 when the "zip" PHP extension is disabled. Block editor changes from GitHub and Trac: - #52396: Image options are not visible in pop up when the clicking replace button from Image block. - #52449: Can't change font size the 5.6.1 paragraph block. - GH-26583: Restore block preview within the block inserter. 5.6.1: This maintenance release features 20 bug fixes as well as 7 issues fixed on the block editor. These bugs affect WordPress version 5.6 WordPress Core changes on Trac: - #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings - #52327: Requested updates to the PHP Update Alert - #51940: The schema for the taxonomy property of a term in the REST API should not include all taxonomies - #51980: App Passwords: ãàÏ¢dd New Application Passwordãàsubmit button is hidden on mobile devices in ãà϶ser Profileãàpage - #51995: WordPress 5.6: Classic editor menu is not sticky - #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469 - #52013: Duplicate wp_authorize_application_password_form actions - #52030: Media metaboxes return fatal error if no author metadata present - #52038: Issue in WooCommerce with wp_editor() after update to WP 5.6 - #52046: The Distraction Free Writing setting on the old Edit Post screen may be reset after page reload - #52065: Media gallery: ãàÏ¢lignãàand ãàÏink Toãàfields missing from ãàϪnsert from URLãà- #52066: Application Passwords are unusable in combination with password protected /wp-admin - #52075: Word Count on Classic Editor doesnãàÑÕ update in real time on Firefox unless saved - #52097: Site Health Loopback Test doesnãàÑÕ send admin cookies - #52135: False positive on `WP_Site_Health_Auto_Updates` - #52196: wp_get_attachment_metadata() is broken if no first argument is passed in. - #52205: REST API: Plugins Controller single plugin route fatal errors on multisite - #52299: Exported user data can be listed with directory listing - #52351: missing echo function for translate method - #52391: Gutenberg Updates for 5.6.1 Block editor changes from GitHub: - #27970: Fix editor crash when registering a block pattern without categories - #27733: Embed block: Add html and reusable support back - #27727: Add aria labels to box control component inputs/button - #27627: HTML Block: Fix editor styles - #27526: Core Data: Normalize _fields value for use in stableKey - #26705: Fix: Font size picker does not correctly handles big font sizes. - #26432: Edit Site: prevent inserter overscroll
Revision 1.96 / (download) - annotate - [select for diffs], Fri Dec 11 18:09:09 2020 UTC (3 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.95: +2 -2
lines
Diff to previous 1.95 (colored)
Update to Wordpress 5.6. List of changes is here: https://wordpress.org/support/wordpress-version/version-5-6/
Revision 1.95 / (download) - annotate - [select for diffs], Sun Nov 1 15:06:08 2020 UTC (3 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.94: +2 -2
lines
Diff to previous 1.94 (colored)
Security and maintenance update to version 5.5.3. 5.5.3: This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have an existing database connection configuration. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file. 5.5.2: Security updates: - Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests. - Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network. - Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables. - Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC. - Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE. - Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. - Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion. - And a special thanks to @zieladam who was integral in many of the releases and patches during this release. Maintenance updates: #51130 Events displayed in venue timezone instead of userãàÑÔ #51659 Update Gutenberg Dependencies for WordPress 5.5.2 #50861 Remove Facebook and Instagram as an oEmbed Source #50903 Set the local environment to a development environment type by default #50949 Posts show wrong time when user is in a different time zone than the siteãàÑÔ #51053 Video Embeds set to align left disappear in Gutenberg editor #51175 Wrong reply box title #51219 Theme editor page showing undefined variable notice #51251 Fix PHP notice when opening the edit image popup #51263 PHP warning when editing comments in the administration comment edit screen #51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set) #51400 Undefined index during automatic plugin/theme updates #51595 Unable to make anonymous comments via XML-RPC #51645 Undefined index: echo in core files
Revision 1.94 / (download) - annotate - [select for diffs], Sat Sep 19 12:29:15 2020 UTC (3 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.93: +2 -2
lines
Diff to previous 1.93 (colored)
Update to wordpress 5.5.1. Changes: 5.5: - lazy-loaded images - new sitemap - autoupdate of plugins and themes - block editor: - block patterns - block directory - inline image editing 5.5.1: WordPress Core changes on Trac: #50882 - Administration: WP 5.5: Cannot attribute content when deleting users #50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" dropdown menu doesn't work #38009 - Comments: #reply-title.comment-reply-title not updating when replying to an individual #50845 - Editor: Block patterns: Fix translatable strings (take 2) #50858 - Site Health: Check PHP notices with site_status_tests filter #50887 - Site Health: Add site environment to debug information #50892 - Editor: Some block patterns have text contrast issues with dark themes #50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated #50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error #50919 - Script Loader: Change the jquery handle back to an alias for jquery-core #50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox #50945 - Site Health: don't give a warning when upload_max_size is lower than max_post_size #50988 - Upgrade/Install: Pass details about the specific plugin and theme updates attempted to filters #50992 - Bootstrap/Load: Remove the ability to alter the list of environment types in wp_get_environment_type() #50999 - Script Loader: Disable concatenation for scripts with translations to ensure they are printed in the right order #51011 - Upgrade/Install: Empty string comparison on home option during DB upgrades is invalid #51018 - Editor: PHP Notice thrown when searching for certain terms via the Gutenberg block directory #51151 - Editor: Packages update #51021 - REST API: Permit uniqueItems keyword in endpoint args #51146 - REST API: Fix multi-type schemas with integer fields #51029 - Filesystem API: Typo in variable name causes warning from fclose() #51042 - Post: missing excerpt #51050 - Docs: Add docblock for get_the_archive_title() filter #51052 - Administration: Undefined index: update-supported #51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5 #51064 - Bootstrap/Load: Consider adding "local" as environment on WP_ENVIRONMENT_TYPE #51073 - Administration: Extra padding below the admin bar #51075 - Docs: Update docs for custom logo functions #51122 - Docs: add a mention about the use of loading attribute in wp_get_attachment_image function #51127 - UI/CSS: Remove non-color related styling from Modern color scheme #51129 - Upgrade/Install: Only display the auto-update links on the Network Admin > Themes screen for themes that support the feature #51337 - Template: wp_terms_checklist not checking selected taxonomy items with selected_cats option #51184 - get_the_date() checks $format only for empty variable and fails on false boolean #51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server #38009 - #reply-title.comment-reply-title not updating when replying to an individual #51123 - commonL10n and other JS globals removed without backwards compatibility #50848 - Clarify the usage of null for auto_update_{$type} filter #51081 - Fatal Error - Undefined get_page_templates() in Customizer #51154 - sitemaps should be initialized before each test is run #51028 - Dot should be out of the quotes Block editor changes from GitHub: PR24609 - Fix missing selected block highlighting in list view PR24599 - Fix specificity for buttons with outline style and background colors PR24533 - Fix incorrect aria description in List View PR24516 - Fix regression bug for category select in QueryControls component PR24478 - Fix tiny editor preview when using Mobile or Tablet options with metaboxes enabled
Revision 1.93 / (download) - annotate - [select for diffs], Sun Jun 21 19:02:31 2020 UTC (3 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.92: +2 -2
lines
Diff to previous 1.92 (colored)
Security and maintenance update to Wordpress 5.4.2. Changes: WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you havenãàÑÕ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues. - Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor. - Props to Luigi ãà(gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files. - Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect(). - Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads. - Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation. - Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions. Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. More details on https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
Revision 1.92 / (download) - annotate - [select for diffs], Sun May 3 12:00:03 2020 UTC (3 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.91: +2 -2
lines
Diff to previous 1.91 (colored)
Update to version 5.4.1. Changes for 5.4: Too much to include here, visit https://wordpress.org/support/wordpress-version/version-5-4/ Changes for 5.4.1: Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so youãàÑÍl want to upgrade. If you havenãàÑÕ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues. - Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated - Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated - Props to Evan Ricafort for discovering an XSS issue in the Customizer - Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block - Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache - Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads. - Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure. WordPress 5.4.1 also fixes some regressions introduced in version 5.4: #49838 ãàAccessibility: Fix the headings hierarchy on the Freedoms page #49798 ãàCustomize: Give the WordPress logo a white background for dark mode browsers #49853 ãàMail: Make the check for empty post title in wp-mail.php more resilient #49753 ãàMedia: Remove display: none; from the (visually hidden) <input type="file"> button used in Plupload to select files for uploading. Fixes selecting files in Edge <= 44 and iOS Safari #49772 ãàPrivacy: Support additional elements (table, ol, ul) in privacy policy guide new styling #49802 ãàPrivacy: Make the deprecated wp_get_user_request_data() function available on front end #49645 ãàREST API: Fix revisions controller get_item permission check #49648 ãàREST API: Fix _fields filtering of registered rest fields #49824 ãàSite Health: Instantiation prevents use of some hooks by plugins #49759 ãàTaxonomy: Un-deprecate category_link and tag_link filters #49974 ãàBlock Editor updates
Revision 1.90.4.1 / (download) - annotate - [select for diffs], Sun Feb 23 18:10:23 2020 UTC (4 years, 1 month ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.90: +2 -3
lines
Diff to previous 1.90 (colored) next main 1.91 (colored)
Pullup ticket #6139 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.91 - www/wordpress/PLIST 1.42 - www/wordpress/distinfo 1.73 --- Module Name: pkgsrc Committed By: morr Date: Sun Feb 23 09:59:42 UTC 2020 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to version 5.3.2. Changes: Version 5.3.2: Maintenance updates - Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date. - Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems. - Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable. - Administration: Fix the colors in all color schemes for buttons with the .active class. - Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison. Version 5.3.1: Security fixes - Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. - Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. - Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. - Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content. Maintenance updates - Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note). - Block editor: fix Edge scrolling issues and intermittent JavaScript issues. - Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS. - Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes. - Embeds: remove CollegeHumor oEmbed provider as the service doesnãàÑÕ exist anymore. - External libraries: update sodium_compat. - Site health: allow the remind interval for the admin email verification to be filtered. - Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload. - Users: ensure administration email verification uses the userãàÑÔ locale instead of the site locale.
Revision 1.91 / (download) - annotate - [select for diffs], Sun Feb 23 09:59:42 2020 UTC (4 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.90: +2 -3
lines
Diff to previous 1.90 (colored)
Update to version 5.3.2. Changes: Version 5.3.2: Maintenance updates - Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date. - Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems. - Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable. - Administration: Fix the colors in all color schemes for buttons with the .active class. - Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison. Version 5.3.1: Security fixes - Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. - Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links. - Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. - Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content. Maintenance updates - Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note). - Block editor: fix Edge scrolling issues and intermittent JavaScript issues. - Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS. - Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes. - Embeds: remove CollegeHumor oEmbed provider as the service doesnãàÑÕ exist anymore. - External libraries: update sodium_compat. - Site health: allow the remind interval for the admin email verification to be filtered. - Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload. - Users: ensure administration email verification uses the userãàÑÔ locale instead of the site locale.
Revision 1.90 / (download) - annotate - [select for diffs], Mon Dec 9 14:20:57 2019 UTC (4 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base
Branch point for: pkgsrc-2019Q4
Changes since 1.89: +2 -1
lines
Diff to previous 1.89 (colored)
Bump PKGREVISION by changing of default PHP version.
Revision 1.89 / (download) - annotate - [select for diffs], Wed Dec 4 08:06:04 2019 UTC (4 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.88: +2 -2
lines
Diff to previous 1.88 (colored)
Update to version 5.3. Changes: - Block Editor Improvements - Expanded Design Flexibility - new theme called Twenty Twenty - Automatic Image Rotation - Site Health Checks - Admin Email Verification - Date/Time Component Fixes - PHP 7.4 Compatibility For full changes, look at https://wordpress.org/support/wordpress-version/version-5-3/
Revision 1.88 / (download) - annotate - [select for diffs], Wed Oct 23 07:25:20 2019 UTC (4 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.87: +2 -2
lines
Diff to previous 1.87 (colored)
Maintenance and security update to version 5.2.4. Changes: 5.2.4: Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header. Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated. Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin. 5.2.3: #38415: New Custom Link menu item has a wrong fallback label #45739: Block Editor: $editor_styles bug. #45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter #46757: Media Trash: The Bulk Media options when in the Trash shouldnãàÑÕ provide two primary buttons #46758: Media Trash: Primary button(s) should be on the left #46899: Ensure that tables generated by the Settings API have no semantics #47079: Incorrect version for excerpt_allowed_blocks filter #47113: Media views: dismiss notice button is invisible #47145: Feature Image dialog does not follow the dialog pattern #47190: Twenty Seventeen: Native audio and video embeds have no focus state. #47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options. #47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages #47390: Improve accessibility of forms elements within some ãà×Çorm-tableãàforms #47414: Twenty Seventeen: Button block preview has extra spacing within button #47458: Fix tab sequence order in the Media attachment browser #47489: Emoji are substituted in preformatted blocks #47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11 #47538: Minor Verbiage Update ãàSwitch ãàÏÅeveloper timeãàfor ãàÏ developerãà#47543: Twenty Seventeen: buttons donãàÑÕ change color on hover and focus #47561: Plugin: View details popup layout issue #47603: My account toggle on admin bar not visible at high zoom levels #47604: Undefined variable: locked in wp-admin/edit-form-blocks.php #47687: Use alt tags for gallery images in editor #47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2) #47693: customizer Color picker should get closed when click on color picker area. #47723: Adding a custom link in nav-menus.php doesnãàÑÕ trim whitespace #47758: Font sizes on installation screen are too small #47835: PHP requirement always set to null for plugins #47888: Adding a custom link in menu via Customize doesnãàÑÕ trim whitespace. Security Fixes Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect. Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads. Props to Zhouyuan Yang of FortinetãàÑÔ FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews. Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard. Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks. In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
Revision 1.87 / (download) - annotate - [select for diffs], Tue Jul 16 19:31:21 2019 UTC (4 years, 9 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.86: +7 -7
lines
Diff to previous 1.86 (colored)
Update to 5.2.2. From the changelog: 5.2: - Site Health - PHP Error Protection - Accessibility Updates - New Dashboard Icons - Plugin Compatibility Checks - Privacy Updates - New Body Hook - Building JavaScript 5.2.1: - 47180: An issue typing in the block editor while using a RTL language has been fixed. - 47186: An bug causing 32-bit systems to run out of memory when using sodium_compat was fixed. - 47189: The "Update your plugins" link in Site Health now links to the correct page in multisite installs. - 47185: An issue in wp_delete_file_from_directory() where files were not deleting on Windows systems has been fixed. - 47205: A bug was fixed where spaces could not be added in the Classic Editor after pressing shift+enter. - 47265: 2 fatal errors on the error protection page when a PHP error was encountered in a drop-in (such as advanced-cache.php) were fixed. - 47244: wp_targeted_link_rel() has been improved to prevent instances where single and double quotation marks were incorrectly staggered. - 47169: PHP/MySQL minimum version requirement checks now return proper error codes when requirements are not met in test environments. - 47177: The backwards compatibility of get_search_form() was improved. - 47297: The accuracy of the HTTP requests test in Site Health was improved. - 47229: TinyMCE has been updated to version 4.9.4. - 47323: Prevents a fatal error that occurs when upgrading to 5.2.1 from WordPress < 5.2. - 47304: Fixes a regression that can affect the accuracy of <lastBuildDate> in feeds. - 47312: Changes the string used on the About page for 5.2.1 to one that is already translated. 5.2.2: - 45094: Dashboard elements don't always have clear focus states, tab order - 46289: RTL Bug ãàwrong navigation arrows in media modal - 46749: Extra border is displaying at bottom of Help section in Firefox (Responsive : 778 * 841) - 46881: Site Health: improve the header elements horizontal centering - 46957: Site Health: Make site health page access be filterable - 46960: Site Health: Table design issue in small devices (iphone 5/SE). - 46997: Theme update links show in Customizer and don't work - 47070: Recovery Mode Exit button not visible in responsive view - 47158: Merge similar strings introduced in WP 5.2 - 47227: I18n: Merge similar translation strings ãàsite health tabs - 47475: I18n: Merge similar strings and fix typo - 47429: Editor: Update packages for WordPress 5.2.2 - 47457: Fix the mediaelements player controls bar sizing
Revision 1.86 / (download) - annotate - [select for diffs], Thu May 23 19:23:22 2019 UTC (4 years, 10 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.85: +2 -2
lines
Diff to previous 1.85 (colored)
all: replace SUBST_SED with the simpler SUBST_VARS pkglint -Wall -r --only "substitution command" -F With manual review and indentation fixes since pkglint doesn't get that part correct in every case.
Revision 1.85 / (download) - annotate - [select for diffs], Sat Mar 16 17:55:04 2019 UTC (5 years, 1 month ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.84: +2 -2
lines
Diff to previous 1.84 (colored)
Update Wordpress to 5.1.1 due to security issue outlined here: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
Revision 1.84 / (download) - annotate - [select for diffs], Sat Mar 2 14:30:14 2019 UTC (5 years, 1 month ago) by wen
Branch: MAIN
Changes since 1.83: +2 -2
lines
Diff to previous 1.83 (colored)
Update to 5.1 Upstream changelog please visit: https://wordpress.org/news/2019/02/betty/
Revision 1.83 / (download) - annotate - [select for diffs], Thu Jan 24 10:24:19 2019 UTC (5 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.82: +2 -2
lines
Diff to previous 1.82 (colored)
Update to newest version, 5.0.3. Version 5.0.2 fixed 73 bugs. Details here: https://wordpress.org/support/wordpress-version/version-5-0-2/ Version 5.0.3 fixed 37 bugs and 7 performance improvements for the block editor. Details here: https://wordpress.org/support/wordpress-version/version-5-0-3/
Revision 1.82 / (download) - annotate - [select for diffs], Thu Dec 13 07:09:42 2018 UTC (5 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.81: +2 -2
lines
Diff to previous 1.81 (colored)
Security update to 5.0.1. More information at: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
Revision 1.81 / (download) - annotate - [select for diffs], Fri Dec 7 12:25:58 2018 UTC (5 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.80: +2 -2
lines
Diff to previous 1.80 (colored)
Update Wordpress to 5.0. On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo, was released to the public. WordPress 5.0 will revolutionize content editing with introduction of a new block editor and block editor-compatible default theme Twenty Nineteen. More infomations at https://wordpress.org/support/wordpress-version/version-5-0/
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Mon Jul 16 14:04:22 2018 UTC (5 years, 9 months ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.78: +3 -3
lines
Diff to previous 1.78 (colored) next main 1.79 (colored)
Pullup ticket #5786 - requested by taca www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.79-1.80 - www/wordpress/distinfo 1.64 --- Module Name: pkgsrc Committed By: jperkin Date: Wed Jul 4 13:40:45 UTC 2018 Modified Files: pkgsrc/www/wordpress: Makefile Log Message: *: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed. --- Module Name: pkgsrc Committed By: wen Date: Sat Jul 7 02:55:25 UTC 2018 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to 4.9.7 Upstream changes: WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues. Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first. Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.
Revision 1.80 / (download) - annotate - [select for diffs], Sat Jul 7 02:55:25 2018 UTC (5 years, 9 months ago) by wen
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3
Changes since 1.79: +2 -2
lines
Diff to previous 1.79 (colored)
Update to 4.9.7 Upstream changes: WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues. Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging out. Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen. Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first. Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Jul 4 13:40:42 2018 UTC (5 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.78: +2 -2
lines
Diff to previous 1.78 (colored)
*: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed.
Revision 1.78 / (download) - annotate - [select for diffs], Fri May 18 14:22:40 2018 UTC (5 years, 11 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Changes since 1.77: +2 -2
lines
Diff to previous 1.77 (colored)
Update to 4.9.6, which is a privacy and maintenance release: https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/
Revision 1.76.2.1 / (download) - annotate - [select for diffs], Fri Apr 27 19:53:52 2018 UTC (5 years, 11 months ago) by bsiegert
Branch: pkgsrc-2018Q1
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored) next main 1.77 (colored)
Pullup ticket #5738 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.77 - www/wordpress/distinfo 1.62 --- Module Name: pkgsrc Committed By: morr Date: Mon Apr 16 10:22:10 UTC 2018 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to version 4.9.5. This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated. WordPress versions 4.9.4 and earlier are affected by three security issues. More changes at https://codex.wordpress.org/Version_4.9.5.
Revision 1.77 / (download) - annotate - [select for diffs], Mon Apr 16 10:22:10 2018 UTC (6 years ago) by morr
Branch: MAIN
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
Update to version 4.9.5. This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated. WordPress versions 4.9.4 and earlier are affected by three security issues. More changes at https://codex.wordpress.org/Version_4.9.5.
Revision 1.76 / (download) - annotate - [select for diffs], Mon Feb 12 08:33:19 2018 UTC (6 years, 2 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Changes since 1.75: +2 -2
lines
Diff to previous 1.75 (colored)
Update Wordpress to 4.9.4 which fixes an issue introduced in 4.9.3. 4.9.3 fixes 34 bugs: https://codex.wordpress.org/Version_4.9.3 https://codex.wordpress.org/Version_4.9.4
Revision 1.74.2.1 / (download) - annotate - [select for diffs], Sun Jan 21 16:02:43 2018 UTC (6 years, 2 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.74: +2 -2
lines
Diff to previous 1.74 (colored) next main 1.75 (colored)
Pullup ticket #5687 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.75 - www/wordpress/PLIST 1.37 - www/wordpress/distinfo 1.60 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Sat Jan 20 11:58:01 UTC 2018 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to version 4.9.2 CHanges: XSS fixed in the Flash fallback files in MediaElement 4.x. Bundled Theme #42820 - Twenty Seventeen -watch that language Customize #42492 - Selecting menu location changes line height #42871 - Features box textstrings in Feature Filter area need new linebreak Database #42812 - Use MySQLi when available by default Editor #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors External Libraries #42439 - Update random_compat external library for PHP 7 linting failure Formatting #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two. Media #42225 - Whitelist Flac Files #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available #42480 - Consistent suppression of `getimagesize()` errors #42720 - Remove unnecessary MediaElement.js files Plugins #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal REST API #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()` Taxonomy #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy #42605 - category_description() does not work properly since 4.9 #42717 - get_category_link() accepting object but not id TinyMCE #42416 - Code assumes iframe mode, exception in inline mode Upgrade/Install #42963 - Improve deletion of $_old_files during upgrades Widgets #42603 - Widgets Warning after activating theme and on dashboard widgets page #42719 - Always attempt to restore widgets' previous assignment #42867 - HTML Widget: toggleClass() should be passed true/false as second param To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.75 pkgsrc/www/wordpress/Makefile cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/wordpress/PLIST cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/wordpress/distinfo
Revision 1.75 / (download) - annotate - [select for diffs], Sat Jan 20 11:58:01 2018 UTC (6 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.74: +2 -2
lines
Diff to previous 1.74 (colored)
Update to version 4.9.2 CHanges: XSS fixed in the Flash fallback files in MediaElement 4.x. Bundled Theme #42820 - Twenty Seventeen -watch that language Customize #42492 - Selecting menu location changes line height #42871 - Features box textstrings in Feature Filter area need new linebreak Database #42812 - Use MySQLi when available by default Editor #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors External Libraries #42439 - Update random_compat external library for PHP 7 linting failure Formatting #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two. Media #42225 - Whitelist Flac Files #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available #42480 - Consistent suppression of `getimagesize()` errors #42720 - Remove unnecessary MediaElement.js files Plugins #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal REST API #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()` Taxonomy #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy #42605 - category_description() does not work properly since 4.9 #42717 - get_category_link() accepting object but not id TinyMCE #42416 - Code assumes iframe mode, exception in inline mode Upgrade/Install #42963 - Improve deletion of $_old_files during upgrades Widgets #42603 - Widgets Warning after activating theme and on dashboard widgets page #42719 - Always attempt to restore widgets' previous assignment #42867 - HTML Widget: toggleClass() should be passed true/false as second param
Revision 1.72.4.2 / (download) - annotate - [select for diffs], Wed Dec 20 18:38:37 2017 UTC (6 years, 4 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.72.4.1: +2 -2
lines
Diff to previous 1.72.4.1 (colored) to branchpoint 1.72 (colored) next main 1.73 (colored)
Pullup ticket #5659 - requested by bsiegert www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.74 - www/wordpress/PLIST 1.36 - www/wordpress/distinfo 1.59 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Sun Dec 3 17:06:37 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version, 4.9.1 This version fixes 4 security bugs from earlier versions. For details, head to https://codex.wordpress.org/Version_4.9.1 For 4.9 changes, head to https://codex.wordpress.org/Version_4.9 To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 pkgsrc/www/wordpress/Makefile cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/wordpress/PLIST cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/wordpress/distinfo
Revision 1.74 / (download) - annotate - [select for diffs], Sun Dec 3 17:06:37 2017 UTC (6 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored)
Update to newest version, 4.9.1 This version fixes 4 security bugs from earlier versions. For details, head to https://codex.wordpress.org/Version_4.9.1 For 4.9 changes, head to https://codex.wordpress.org/Version_4.9
Revision 1.72.4.1 / (download) - annotate - [select for diffs], Mon Nov 6 19:41:32 2017 UTC (6 years, 5 months ago) by bsiegert
Branch: pkgsrc-2017Q3
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored)
Pullup ticket #5616 - requested by morr www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.73 - www/wordpress/PLIST 1.35 - www/wordpress/distinfo 1.58 --- Module Name: pkgsrc Committed By: morr Date: Fri Nov 3 09:49:13 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Security update to version 4.8.3. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but weãàÑ×e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.
Revision 1.73 / (download) - annotate - [select for diffs], Fri Nov 3 09:49:13 2017 UTC (6 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored)
Security update to version 4.8.3. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but weãàÑ×e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.
Revision 1.72 / (download) - annotate - [select for diffs], Thu Sep 21 19:24:46 2017 UTC (6 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored)
Security update to version 4.8.2 Security issues: - $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but weãàÑ×e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco. - A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team. - A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. - A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet). - A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ñù°éÁþíð(Chen Ruiqi). - An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx). - A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team. - A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic). - A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar). And 6 other fixes: * Emoji - #41584 - Upgrade Twemoji to 2.5.0 - #41852 - Fix UN flag test by returning the correct value. *I18N - #41794 - Support numbers in locales during installation * Security - #13377 - Add more sanitization in _cleanup_header_comment *Widgets - #41596 - New Text Widget recognizes HTML but does not render it in the front end - #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called More on https://codex.wordpress.org/Version_4.8.2
Revision 1.71 / (download) - annotate - [select for diffs], Wed Sep 6 09:03:05 2017 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.70: +3 -3
lines
Diff to previous 1.70 (colored)
Follow some redirects.
Revision 1.70 / (download) - annotate - [select for diffs], Mon Aug 7 20:12:14 2017 UTC (6 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.69: +2 -2
lines
Diff to previous 1.69 (colored)
Update to version 4.8.1. WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 release series, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. Administration * #40982 - Permalink Settings: custom structure field keyboard trap Build/Test Tools * #41327 - Bump Akismet External - 4.9 Edition Comments * #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile Customize * #40978 - Customizer Panel Footer border missing * #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu because the "Delete Menu" link and the "Add Items" button are too close together * #41158 - Increase tinymce panel z-index * #41410 - Set `'filter' => 'content'` on starter content "business info" widget Embeds * #41019 - oEmbed: Update VideoPress oEmbed URL * #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args` * #41299 - oEmbed proxy fails to forward maxwidth and maxheight params General * #41056 - WP-API JS Client: Settings is incorrectly registered as a collection Media * #41231 - media-views.js: Cannot read .length of undefined (this.controller.$uploaderToggler.length) REST API * #38964 - Add filter to allow modifying response *after* embedded data is added * #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled Taxonomy * #41010 - wp_get_object_terms() returns duplicate terms if more than one taxonomy is given in args TinyMCE * #41408 - TinyMCE: Images with link and caption look "broken" when selected Widgets * #40907 - Introduce widget dedicated for HTML code * #40935 - Facebook Video Works On Preview But Not On Theme * #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code * #40960 - Widgets: The Text widget should respect the ×¥isable the visual editor when writingãàsetting * #40972 - TinyMCE editor in Text widget does not have RTL contents * #40974 - Updated text widget do not save text (when using paste) * #40977 - Widgets: Query param for `loop` added for non-hosted external videos * #40986 - Widgets: text widget and media widgets cannot be edited in accessibility mode * #41021 - Text widget does not show Title field or TinyMCE editor * #41361 - Text widget can raise JS error if customize-base is enqueued on widgets admin screen * #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta * #41392 - Theme styles for Text widget do not apply to Custom HTML widget * #41394 - Text widget: Rename legacy mode to visual mode and improve back-compat for widget_text filters
Revision 1.64.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 18:52:40 2017 UTC (6 years, 9 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.64: +2 -3
lines
Diff to previous 1.64 (colored) next main 1.65 (colored)
Pullup ticket #5487 - requested by sevan www/wordpress: security fix Revisions pulled up: - www/wordpress/Makefile 1.68-1.69 - www/wordpress/PLIST 1.34 - www/wordpress/distinfo 1.54-1.55 --- Module Name: pkgsrc Committed By: jklos Date: Tue May 30 07:20:15 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update 4.7.5. Bugs fixed: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. --- Module Name: pkgsrc Committed By: morr Date: Sun Jun 18 18:01:42 UTC 2017 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version 4.8. For changes, check https://codex.wordpress.org/Version_4.8.
Revision 1.69 / (download) - annotate - [select for diffs], Sun Jun 18 18:01:42 2017 UTC (6 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.68: +2 -3
lines
Diff to previous 1.68 (colored)
Update to newest version 4.8. For changes, check https://codex.wordpress.org/Version_4.8.
Revision 1.68 / (download) - annotate - [select for diffs], Tue May 30 07:20:15 2017 UTC (6 years, 10 months ago) by jklos
Branch: MAIN
Changes since 1.67: +3 -3
lines
Diff to previous 1.67 (colored)
Security update 4.7.5. Bugs fixed: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Revision 1.67 / (download) - annotate - [select for diffs], Sat Apr 15 15:46:29 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored)
PKGREVISION was too high, 1 is enough.
Revision 1.66 / (download) - annotate - [select for diffs], Sat Apr 15 15:44:50 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.65: +3 -3
lines
Diff to previous 1.65 (colored)
Switch to use php-mysqli. Bump PKGREVISION.
Revision 1.65 / (download) - annotate - [select for diffs], Sat Apr 15 15:05:29 2017 UTC (7 years ago) by taca
Branch: MAIN
Changes since 1.64: +1 -2
lines
Diff to previous 1.64 (colored)
WordPress 4.7 suggests using PHP 7, so remove PHP's version restriction to 56 now.
Revision 1.64 / (download) - annotate - [select for diffs], Sun Mar 12 07:20:52 2017 UTC (7 years, 1 month ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.63: +2 -1
lines
Diff to previous 1.63 (colored)
pkgrevision bump for changed apache default. bumping any package depending on a pkg with APACHE_PKG_PREFIX but without APACHE_PKG_PREFIX in its PKGNAME.
Revision 1.63 / (download) - annotate - [select for diffs], Tue Mar 7 17:39:13 2017 UTC (7 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.62: +2 -2
lines
Diff to previous 1.62 (colored)
Security update to version 4.7.3. Fixed security bugs: * Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. * Control characters can trick redirect URL validation. Reported by Daniel Chatfield. * Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by xuliang. * Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc Montpas. * Cross-site scripting (XSS) via taxonomy term names. Reported by Delta. * Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema. More information here: https://codex.wordpress.org/Version_4.7.3
Revision 1.62 / (download) - annotate - [select for diffs], Sat Jan 28 10:14:15 2017 UTC (7 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.61: +2 -2
lines
Diff to previous 1.61 (colored)
Security update to version 4.7.2. Changes: Version 4.7.2 * Remote code execution (RCE) in PHPMailer No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane. * The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean. * Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team. * Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam. * Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince. * Post via email checks mail.example.com if default settings arenãàÑÕ changed. Reported by John Blackbourn of the WordPress Security Team. * A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing. * Weak cryptographic security for multisite activation key. Reported by Jack. Version 4.7.1 * The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. * WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but weãàÑ×e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). * A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
Revision 1.61 / (download) - annotate - [select for diffs], Mon Jan 9 19:10:16 2017 UTC (7 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored)
Update to newest version 4.7. Major changes: New Default Theme - Twenty Seventeen - It is an ambitious theme designed for business websites that focuses on a creative home page and an easy site setup experience for users. * multiple sections on the front page, selected in the Customizer. * a striking asymmetrical grid. * custom color schemes, built on top of a monochromatic foundation, and adjustable via a hue picker. * different headline placement for pages, changeable in the Customizer, via them options. * a great experience in many languages, thanks to language-specific font stacks. * SVG icons (a first for a default theme). * support for custom logo, custom header image and many post formats. * the use of new functions in Core for making child theming easier. Note: Twenty Seventeen only works on 4.7 and above. It uses the new video header and starter content features, each launched in 4.7. REST API Content Endpoints * API endpoints for WordPress content. WordPress 4.7 comes with REST API endpoints for posts, comments, terms, users, meta, and settings. Content endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, paving the way for new and innovative methods of interacting with your site.
Revision 1.60 / (download) - annotate - [select for diffs], Thu Sep 29 18:02:09 2016 UTC (7 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.59: +2 -3
lines
Diff to previous 1.59 (colored)
Security update to version 4.6.1. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including: Bootstrap/Load #37680 ãàPHP Warning: ini_get_all() has been disabled for security reasons - Database #37683 ãà$collate and $charset can be undefined in wpdb::init_charset() #37689 ãàIssues with utf8mb4 collation and the 4.6 update - Editor #37690 ãàBackspace causes jumping - Email #37736 ãàEmails fail on certain server setups - External Libraries #37700 ãàWarning: curl_exec() has been disabled for security reasons (Requests library) #37720 ãàThe minified version of the Masonry shim was not updated in #37666 (Masonry library) - HTTP API #37733 ãàcURL error 3: malformed for remote requests #37768 ãàHTTP API no longer accepts integer and float values for the cookies argument - Post Thumbnails #37697 ãàStrange behavior with thumbnails on preview in 4.6 - Script Loader #37800 ãàClose ãà×Íink relãàdns-prefetch tag - Taxonomy #37721 ãàImprove error handling of is_object_in_term in taxonomy.php - Themes #37755 ãàVisual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6 - TinyMCE #37760 ãàProblem with RTL - Upgrade/Install #37731 ãàInfinite loop in _wp_json_sanity_check() during plugin install
Revision 1.59 / (download) - annotate - [select for diffs], Mon Aug 22 18:12:25 2016 UTC (7 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.58: +2 -1
lines
Diff to previous 1.58 (colored)
Bump revision for previous commit
Revision 1.58 / (download) - annotate - [select for diffs], Mon Aug 22 18:11:04 2016 UTC (7 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.57: +22 -6
lines
Diff to previous 1.57 (colored)
pkgsrc changes to package: - Add missing php modules - Limit work with php-5.6 - Improve the wordpress.conf - Install wp-config-sample.php to WPHOME but not EGDIR Patch from wen heping.
Revision 1.57 / (download) - annotate - [select for diffs], Sun Aug 21 20:04:57 2016 UTC (7 years, 7 months ago) by jklos
Branch: MAIN
Changes since 1.56: +2 -2
lines
Diff to previous 1.56 (colored)
Update WordPress to 4.6 "Pepper": https://wordpress.org/news/2016/08/pepper/
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jun 22 00:56:29 2016 UTC (7 years, 9 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.55: +2 -2
lines
Diff to previous 1.55 (colored)
Update WordPress to 4.5.3. This is a maintenance and security release: https://wordpress.org/news/2016/06/wordpress-4-5-3/
Revision 1.55 / (download) - annotate - [select for diffs], Wed May 4 20:18:32 2016 UTC (7 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.54: +2 -2
lines
Diff to previous 1.54 (colored)
Update to newest version of 4.5.1. For 4.5.1 This maintenance release fixes a total of 12 bugs in Version 4.5 including: Build/Test Tools #36498 Shrinkwrap npm dependencies for 4.5 Bundled Theme #36510 Twenty eleven page templates with widgets incorrectly styled Customize #36457 Customizer Device Preview: Use px units for tablet preview size Database #36629 Database connect functions can cause un-catchable warnings Editor #36458 Fix support for Safari + VoiceOver when editing inline links Emoji #36604 Emoji skin tone support test incorrectly passing in Chrome Feeds #36620 Feeds using an rss-http content type are now served as application/octet-stream Media #36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED' #36578 wp_ajax_send_attachment_to_editor() bug #36621 DonãàÑÕ cache the results of wp_mkdir_p() in a persistent cache Rewrite Rules #36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows TinyMCE #36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit) For 4.5. What's New Security - SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam - Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l) - Script compression option CSRF, reported by Ronni Skansing Posts - Inline Link Editing - Additional Editor Shortcuts Comments - Moderate Comment Screen Refresh - Max Lengths for Comment Form Fields - Comment Error Page Navigation Appearance - Responsive Preview of your site - Theme Logo Support - Selective Refresh - Easy of use Install Process Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API Detail can be found here: http://codex.wordpress.org/Version_4.5 http://codex.wordpress.org/Version_4.5.1
Revision 1.54 / (download) - annotate - [select for diffs], Thu Feb 11 09:30:39 2016 UTC (8 years, 2 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.53: +2 -2
lines
Diff to previous 1.53 (colored)
Update Wordpress to 4.4.2.
Revision 1.53 / (download) - annotate - [select for diffs], Sun Jan 3 16:22:53 2016 UTC (8 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.52: +2 -4
lines
Diff to previous 1.52 (colored)
Update to newest version 4.4. What's New General * Developer reference - Improvements to inline code documentation. * i18n support - Improvements to translation strings all over the core. * Admin page headings were adjusted from H3 to H2 tags to reinforce page hierarchy * Improvements to how list tables are displayed on all size screens Posts * The post/page permalink UI was simplified, linking the permalink and removing the "View" button Comments * The "View Comment" link was relocated from the Status meta box in the comment-editing screen * Many comment functions can now accept a full object instead of 'comment_ID' to reduce cache/db lookups * Orphaned comments now fall back to the 'edit_posts' capability Appearance * Site icons will now fall back to the 'full' size URL when the 'thumbnail' size doesn't exist Multisite * The language chooser was added to the new site form on wp-signup.php * Sites may no longer be created with the following reserved slugs: wp-admin, wp-content, wp-includes, or wp-json
Revision 1.52 / (download) - annotate - [select for diffs], Sun Dec 6 12:13:13 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.51: +3 -1
lines
Diff to previous 1.51 (colored)
Explicitly restrict PHP_VERSIONS_ACCEPTED to 55 and 56 for packages which use php-mysql package.
Revision 1.51 / (download) - annotate - [select for diffs], Thu Sep 17 19:10:48 2015 UTC (8 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored)
Security update to version 4.3.1. This version fixes two cross-site scripting vulnerabilities (CVE-2015-5714, CVE-2015-5715) and a potential privilege escalation.
Revision 1.50 / (download) - annotate - [select for diffs], Fri Aug 21 03:27:56 2015 UTC (8 years, 8 months ago) by jklos
Branch: MAIN
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored)
Update WordPress to 4.3.
Revision 1.49 / (download) - annotate - [select for diffs], Sun Aug 16 08:26:24 2015 UTC (8 years, 8 months ago) by jklos
Branch: MAIN
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored)
Update to 4.2.4 to address security issues: https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
Revision 1.48 / (download) - annotate - [select for diffs], Sun Aug 2 21:51:24 2015 UTC (8 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored)
Security update to version 4.2.3. Changes: WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. The release also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. In addition to the security fixes, WordPress 4.2.3 contains fixes for 21 bugs from 4.2.2, including: * FIX - Upgrades: If a table has already been converted to utf8mb4, there's no need to try and convert it again. * FIX - Remove a redundant index drop. * FIX - Don't upgrade global tables to utf8mb4 when DO_NOT_UPGRADE_GLOBAL_TABLES is defined. * FIX - Enable utf8mb4 for MySQL extension users. * FIX - Plugin update rely upon wp_update_plugins() to check the contents of the transient and return early if no request needs to be made. * FIX - WPDB: When extracting the table name from a query, there is a 1000 character limit on the SQL string that would be searched. * FIX - WPDB: When checking that text isn't too long to insert into a column, LONGTEXT columns could fail, as their length is longer than PHP_INT_MAX. * FIX - Plugin update handles the case where the plugin is installed into a different directory than it previously existed in. * FIX - Plugin update feature doesn't recognize errors * FIX - Plugin update error messages lack detail * FIX - Multiple plugin updates: Even if one of plugins update fails, allow further updates to continue. * FIX - In comment_form(), ensure that filtered arguments contain all required default values. * FIX - WPDB: Remove some of the complexities in ::strip_invalid_text() associated with switching character sets between queries. * FIX - WPDB: ::strip_text_from_query() doesn't pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL. * FIX - Emoji script is producing errors on pages with SVG content * FIX - Unable to drag widgets down page past certain length. * FIX - TinyMCE: wpView: fix typo in createInstance that prevented instances from being reused. * FIX - SCRIPT_DEBUG check in print_emoji_detection_script() generated PHP Notices. * FIX - If the shortcode content contains HTML code, the TinyMCE View no longer works. * FIX - Better handling when the credential form is long (such as when SSH is active). * FIX - sanitize_option didn't handle a WP_Error Object.
Revision 1.47 / (download) - annotate - [select for diffs], Mon May 11 05:16:31 2015 UTC (8 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2
Changes since 1.46: +2 -2
lines
Diff to previous 1.46 (colored)
Security and maintenance update to version 4.2.2. WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme as well as a number of popular plugins by removing the file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in 4.2.1. The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor. In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including: o Fixes an emoji loading error in IE9 and IE10 o Fixes a keyboard shortcut for saving from the Visual editor on Mac o Fixes oEmbed for YouTube URLs to always expect https o Fixes how WordPress checks for encoding when sending strings to MySQL o Fixes a bug with allowing queries to reference tables in the dbname.tablename format o Lowers memory usage for a regex checking for UTF-8 encoding o Fixes an issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion o Improves performance of loop detection in _get_term_children() o Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts o Fixes a bug where creating a temporary file could end up in an endless loop.
Revision 1.46 / (download) - annotate - [select for diffs], Mon May 4 19:48:00 2015 UTC (8 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.45: +2 -2
lines
Diff to previous 1.45 (colored)
Security update to newest version 4.2.1. Changes: Wordpress 4.2: o Press This has been completely revamped. Clip it, edit it, publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy. o Now you can browse and switch installed themes in the Customizer. Browse and preview your installed themes from the Customizer. Make sure the theme looks great with your content, before it debuts on your site. o More intuitive plugin update and install from the Plugins Screen. Goodbye boring loading screen, hello smooth and simple plugin updates. Click Update Now and watch the magic happen. o Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs. DonãàÑÕ use any of those characters? You can still have fun ãàemoji are now available in WordPress! Get creative and decorate your content with !Ãù, !Àº, !¿ò, !¹õ, and all the many other emoji. Wordpress 4.2.1: o fix for a critical cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Apr 22 06:38:15 2015 UTC (9 years ago) by morr
Branch: MAIN
Changes since 1.44: +2 -2
lines
Diff to previous 1.44 (colored)
Security update to version 4.1.2. Changes: 4.1.1: Maintenance release, fixed 21 bugs. 4.1.2: - A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. - Files with invalid or unsafe names could be uploaded. - Some plugins are vulnerable to an SQL injection attack. - A very limited cross-site scripting vulnerability could be used as part of a social engineering attack. - Four hardening changes, including better validation of post titles within the Dashboard.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 2 12:40:59 2015 UTC (9 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored)
Update to version 4.1. Major changes: General - Show the number of approved comments, instead of total comments, in the ãà×¢t A Glanceãàsection in the dashboard. - Site Language: Install translations on the fly on the General Settings screen. The language drop down now includes installed languages and all available translations when the filesystem is writable by WordPress. - Admin notices: There are now four types of notices: success (green), warning (orange), error (red), and info (blue). Posts - Spellchecking is enabled for the post title field on the Edit Post screen. Media - Disable multi-file uploading in iOS 7.x Safari as it prevents uploading of videos. - Allow PSDs (Photoshop documents) to be uploaded. - oEmbed: Add support for the Vine endpoint. - Display error message when Media Library upload fails. Appearance - Custom Header and Custom Background screens removed. Admin menu links now go to the Customizer. - Widgets screen now has a Manage in Customizer link at top of screen. - Themes: Make "Live Preview" the primary action and ãà×¢ctivateãàsecondary. Users - Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions. Accessibility - Admin menu separators are now hidden from screen readers. - Improved keyboard control of Edit Selection mode in the media manager. - Improved keyboard accessibility on Custom Header and Custom Background screen. - Improved text contrast against dark backgrounds in the admin menu and toolbar. - When switching to the Text editor, make the textarea visible to screen readers. - Use <button> instead of <a> for the Visual/Text buttons to make them focusable. - Improve the focus style for review links in the plugin info modal. - TinyMCE: -- Return focus to the editor on pressing Escape while the image toolbar is focused. -- Add a Close button to the Help modal and close it on Escape. -- Override the title on the editor iframe (read by screen reader apps), replace with the Alt+Shift+H shortcut. -- Add focus shortcuts descriptions to the Help modal. Multisite - Set the default network language on the Network Settings screen.
Revision 1.42.2.1 / (download) - annotate - [select for diffs], Tue Nov 25 15:04:11 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored) next main 1.43 (colored)
Pullup ticket #4559 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.43 - www/wordpress/distinfo 1.35 --- Module Name: pkgsrc Committed By: morr Date: Mon Nov 24 19:08:53 UTC 2014 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 4.0.1. Changes: - Three cross-site scripting issues that a contributor or author could use to compromise a site. - A cross-site request forgery that could be used to trick a user into changing their password. - An issue that could lead to a denial of service when passwords are checked. - Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. - An extremely unlikely hash collision could allow a userÑÔ account to be compromised, that also required that they havenãàÑÕ logged in since 2008 (I wish I were kidding). - WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. More details on http://codex.wordpress.org/Version_4.0.1.
Revision 1.43 / (download) - annotate - [select for diffs], Mon Nov 24 19:08:53 2014 UTC (9 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored)
Security update to 4.0.1. Changes: - Three cross-site scripting issues that a contributor or author could use to compromise a site. - A cross-site request forgery that could be used to trick a user into changing their password. - An issue that could lead to a denial of service when passwords are checked. - Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. - An extremely unlikely hash collision could allow a userãàÑÔ account to be compromised, that also required that they havenãàÑÕ logged in since 2008 (I wish I were kidding). - WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. More details on http://codex.wordpress.org/Version_4.0.1.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Sep 12 22:18:08 2014 UTC (9 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored)
Update to version 4.0. Major changes: General - Featured image previews now support .bmp files - Featured Image meta box is now hidden for contributors lacking upload capabilities - New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube playlists, TED talks - Install WordPress in your language - Streamlined Language management right from the dashboard Posts - Display embed previews for audio/visual URLs in Visual editor content box. - Page scrolling now scrolls post content box. - Edit Post/Page menu bar sticks to top of content box when scrolling (Visual and Text editor). - Color picker was re-added to the Visual editor Media - Add Media Grid view option (default) for Media Library - Add "Bulk Select" button to Media Grid view to delete multiple items - Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu - Expand oEmbed support to include YouTube playlist URLs and PolldaddyãàÑÔ short URL format - Remove Viddler oEmbed support - Update SlideShare oEmbed regex - Improved media experience on small screen sizes (embedded videos now responsive) - Native video and audio shortcodes now support Flash playback looping Comments - Comments in trash can now be marked as spam. Plugins - Display plugins list as grid, with thumbnails, on Add New screen. - Add popup window with plugin details (displays info from plugin's directory page). - Add "Beta Testing" tab to Plugins screen for new features-as-plugins. Accessibility - Improved keyboard accessibility in the Add Media panel - Improved screen-reader support for Customizer sections - Makes links in help tabs keyboard accessible - Improvements for screen-readers when managing widgets in the Customizer Install Process - Add language select menu as first Installation screen (skipped for localized installs) Multisite - mp4 file extension was added to allowed upload file types
Revision 1.41 / (download) - annotate - [select for diffs], Sun Aug 17 08:48:33 2014 UTC (9 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.40: +2 -2
lines
Diff to previous 1.40 (colored)
Security update to version 3.9.2 Changes: * Fixes a possible denial of service issue in PHPãàÑÔ XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. * Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team. * Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec. * Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team. * Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
Revision 1.40 / (download) - annotate - [select for diffs], Fri May 16 19:55:07 2014 UTC (9 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.39: +2 -2
lines
Diff to previous 1.39 (colored)
Update to wordpress 3.9.1. Changes: - A smoother media editing experience - Improved visual editing - speed, accessibility, and mobile support - Edit images easily - quicker access to crop and rotation tools, scale images directly in the editor - Drag and drop your images right onto the editor - Image gallery previews right in the editor - Showcase music and clips with simple audio and video playlists - Live widget and header image previews in the Customizer - Stunning new theme browser Version 3.9.1 fixes 34 bugs from 3.9. More details on http://codex.wordpress.org/Version_3.9 and http://codex.wordpress.org/Version_3.9.1
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Mon Apr 14 12:29:38 2014 UTC (10 years ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.38: +2 -2
lines
Diff to previous 1.38 (colored) next main 1.39 (colored)
Pullup ticket #4370 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.39 - www/wordpress/distinfo 1.31 --- Module Name: pkgsrc Committed By: morr Date: Sun Apr 13 14:10:59 UTC 2014 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to newest version of Wordpress, containing security fixes. It contains 9 bugfixes and 5 security fixes: * Potential authentication cookie forgery. CVE-2014-0166. * Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165. * (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. * (Hardening) Fix a low-impact SQL injection by trusted users. * (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
Revision 1.39 / (download) - annotate - [select for diffs], Sun Apr 13 14:10:59 2014 UTC (10 years ago) by morr
Branch: MAIN
Changes since 1.38: +2 -2
lines
Diff to previous 1.38 (colored)
Update to newest version of Wordpress, containing security fixes. It contains 9 bugfixes and 5 security fixes: * Potential authentication cookie forgery. CVE-2014-0166. * Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165. * (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests. * (Hardening) Fix a low-impact SQL injection by trusted users. * (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
Revision 1.38 / (download) - annotate - [select for diffs], Wed Feb 12 19:43:56 2014 UTC (10 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored)
Update to version 3.8.1 Changes: Addressed 31 bugs in 3.8, including various fixes and improvements for the new dashboard design and new themes admin screen. More info at http://codex.wordpress.org/Version_3.8.1
Revision 1.37 / (download) - annotate - [select for diffs], Thu Jan 23 16:27:49 2014 UTC (10 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.36: +2 -2
lines
Diff to previous 1.36 (colored)
Update to version 3.8. Changes: Introduces a new, modern admin design * A fresh, uncluttered design * Clean typography with Open Sans * Superior contrast and large, comfortable type * Responsive interfaces throughout * Refined, theme management * Smoother, click-to-add widget management New Default Theme - Twenty Fourteen * Easily create a responsive magazine website with a sleek, modern design. * Feature your favorite homepage content in either a grid or a slider. * Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors. For Developers * External Libraries have been updated. * Better RTL support More info on http://codex.wordpress.org/Version_3.8
Revision 1.36 / (download) - annotate - [select for diffs], Fri Nov 8 21:33:02 2013 UTC (10 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored)
Update to 3.7.1 Maintenance Release. Changes: Version 3.7: * Background Updates - Automatic updates for maintenance and security updates. - Daily updates for developers using nightly builds. * Stronger Password Meter - New password meter to encourage users to choose stronger passwords. * Improved Search - More relevant search results. * Better Global Support - Localized versions will receive faster and more complete translations. - Background updates will include translations More info on http://codex.wordpress.org/Version_3.7 Version 3.7.1: - Images with captions no longer appear broken in the visual editor. - Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org. - Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early. - Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values. - Fix a warning that may occur in certain setups while performing a search, and a few other notices. More info on http://codex.wordpress.org/Version_3.7.1
Revision 1.33.2.1 / (download) - annotate - [select for diffs], Fri Sep 13 13:07:27 2013 UTC (10 years, 7 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.33: +2 -2
lines
Diff to previous 1.33 (colored) next main 1.34 (colored)
Pullup ticket #4234 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.34-1.35 - www/wordpress/PLIST 1.16-1.17 - www/wordpress/distinfo 1.26-1.27 --- Module Name: pkgsrc Committed By: morr Date: Thu Aug 8 07:50:58 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version of Wordpress 3.6. ChangeLog: New Default Theme - Twenty Thirteen * Focus on blogging * Single column layout with Sidebar / Widgets in the footer * Latest Theme Features support, particularly Post Formats and Semantic Markup * Font-based icons (Genericons) Admin Enhancements * UI improvements on Navigation Menus Screen * Revisions revised to be more dynamic and scalable * Autosave and Post Locking * Preview Audio and Video on Media Edit Screen * In-line login following expired sessions For Developers * External Libraries have been updated. * New audio/video APIs give developers access to powerful media metadata, like ID3 tags. * Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define. * Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists. * Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter. More info on http://codex.wordpress.org/Version_3.6 --- Module Name: pkgsrc Committed By: morr Date: Thu Sep 12 17:19:59 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: This maintenance release addresses 13 bugs with version 3.6. Additionally: Version 3.6.1 fixes three security issues: * Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338. * Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339. * Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340. Additional security hardening: * Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML. More on http://codex.wordpress.org/Version_3.6.1
Revision 1.35 / (download) - annotate - [select for diffs], Thu Sep 12 17:19:59 2013 UTC (10 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored)
This maintenance release addresses 13 bugs with version 3.6. Additionally: Version 3.6.1 fixes three security issues: * Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338. * Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339. * Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340. Additional security hardening: * Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML. More on http://codex.wordpress.org/Version_3.6.1
Revision 1.34 / (download) - annotate - [select for diffs], Thu Aug 8 07:50:58 2013 UTC (10 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.33: +2 -2
lines
Diff to previous 1.33 (colored)
Update to newest version of Wordpress 3.6. ChangeLog: New Default Theme - Twenty Thirteen * Focus on blogging * Single column layout with Sidebar / Widgets in the footer * Latest Theme Features support, particularly Post Formats and Semantic Markup * Font-based icons (Genericons) Admin Enhancements * UI improvements on Navigation Menus Screen * Revisions revised to be more dynamic and scalable * Autosave and Post Locking * Preview Audio and Video on Media Edit Screen * In-line login following expired sessions For Developers * External Libraries have been updated. * New audio/video APIs give developers access to powerful media metadata, like ID3 tags. * Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define. * Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists. * Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter. More info on http://codex.wordpress.org/Version_3.6
Revision 1.31.2.1 / (download) - annotate - [select for diffs], Sat Jun 29 23:38:30 2013 UTC (10 years, 9 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.31: +2 -3
lines
Diff to previous 1.31 (colored) next main 1.32 (colored)
Pullup ticket #4166 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.32-1.33 - www/wordpress/PLIST 1.15 - www/wordpress/distinfo 1.25 --- Module Name: pkgsrc Committed By: morr Date: Mon Jun 24 16:13:21 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to version 3.5.2. Fixed issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202. --- Module Name: pkgsrc Committed By: morr Date: Mon Jun 24 16:16:42 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile Log Message: Remove pkgrevision bit --- Module Name: pkgsrc Committed By: morr Date: Thu Jun 27 08:04:57 UTC 2013 Modified Files: pkgsrc/www/wordpress: PLIST Log Message: Fix PLIST file, unbreak build
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jun 24 16:16:42 2013 UTC (10 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.32: +1 -2
lines
Diff to previous 1.32 (colored)
Remove pkgrevision bit
Revision 1.32 / (download) - annotate - [select for diffs], Mon Jun 24 16:13:21 2013 UTC (10 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.31: +2 -2
lines
Diff to previous 1.31 (colored)
Security update to version 3.5.2. Fixed issues: * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199. * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200. * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205. * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173. * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204. * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201. * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203. * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201. * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201. * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
Revision 1.31 / (download) - annotate - [select for diffs], Sat Mar 16 07:21:26 2013 UTC (11 years, 1 month ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Changes since 1.30: +2 -1
lines
Diff to previous 1.30 (colored)
Bump PKGREVISION from default PHP version change to 5.4.
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Sun Jan 27 14:06:48 2013 UTC (11 years, 2 months ago) by spz
Branch: pkgsrc-2012Q4
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored) next main 1.30 (colored)
Pullup ticket #4042 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.30 - www/wordpress/PLIST 1.14 - www/wordpress/distinfo 1.24 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Sun Jan 27 07:51:37 UTC 2013 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: This maintenance release addresses 37 bugs with version 3.5, including: * Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. * Media: Fix a collection of minor workflow and compatibility issues in the new media manager. * Networks: Suggest proper rewrite rules when creating a new network. * Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. * Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. * Suppress some warnings that could occur when a plugin misused the database or user APIs. Additionally: Version 3.5.1 fixes a few security issues: * Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team. * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team. * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo
Revision 1.30 / (download) - annotate - [select for diffs], Sun Jan 27 07:51:37 2013 UTC (11 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored)
This maintenance release addresses 37 bugs with version 3.5, including: * Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. * Media: Fix a collection of minor workflow and compatibility issues in the new media manager. * Networks: Suggest proper rewrite rules when creating a new network. * Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published. * Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail. * Suppress some warnings that could occur when a plugin misused the database or user APIs. Additionally: Version 3.5.1 fixes a few security issues: * Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team. * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team. * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Dec 16 22:20:27 2012 UTC (11 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Update to version 3.5. Highlights * New Media Manager + Beautiful interface: A streamlined, all-new experience + Create galleries faster with drag-and-drop reordering, inline caption editing, and simplified controls + Insert multiple images at once with Shift/Ctrl+click * New Default Theme - Twenty Twelve + Simple, flexible, elegant + Mobile-first, responsive design + Gorgeous Open Sans typeface + Uses the latest Theme Features * Admin Enhancements + New Welcome Screen + Retina-Ready (HiDPI) Admin + Hide Link Manager for new installs + Better accessibility for screenreaders, touch devices, and keyboard users + More polish on admin screens, including a new color picker * For Developers + WP_Comment_Query and WP_User_Query accept now meta queries just like WP_Query + Meta queries now support querying for objects without a particular meta key + Post objects are now instances of a WP_Post class, which improves performance and caching + Multisite's switch_to_blog() is now significantly faster and more reliable + WordPress has added the Underscore and Backbone JavaScript libraries + TinyMCE, jQuery, jQuery UI, and SimplePie have all been updated to the latest versions + Image Editing API for cropping, scaling, etc., that uses ImageMagick as well as GD + XML-RPC: Now always enabled and supports fetching users, managing post revisions, searching + New "show_admin_column" parameter for register_taxonomy() allows automatic creation of taxonomy columns on associated post-types.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Oct 28 06:31:09 2012 UTC (11 years, 5 months ago) by asau
Branch: MAIN
Changes since 1.27: +1 -3
lines
Diff to previous 1.27 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.26.2.1 / (download) - annotate - [select for diffs], Sun Sep 9 16:32:55 2012 UTC (11 years, 7 months ago) by tron
Branch: pkgsrc-2012Q2
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored) next main 1.27 (colored)
Pullup ticket #3918 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.27 - www/wordpress/distinfo 1.22 --- Module Name: pkgsrc Committed By: morr Date: Sun Sep 9 06:56:10 UTC 2012 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to Wordpress 3.4.2. Changes: * Fixes some issues in the admin area where some older browsers (IE7, in particular) may slow down, lag, or freeze. * Fixes an issue where a theme may not preview correctly, or its screenshot may not be displayed. * Fixes the use of multiple trackback URLs in a post. * Prevents improperly sized images from being uploaded as headers from the customizer. * Ensures proper error messages can be shown to PHP4 installs. (WordPress requires PHP 5.2.4 or later.) * Fixes handling of oEmbed providers that only return XML responses. * Addresses pagination problems with some category permalink structures. * Adds more fields to be returned from the XML-RPC wp.getPost method. * Avoids errors when updating automatically from very old versions of WordPress (pre-3.0). * Fixes problems with the visual editor when working with captions. Additionally: Version 3.4.2 fixes a few security issues and contains some security hardening. These issues were discovered and addressed by the WordPress security team: * Fix unfiltered HTML capabilities in multisite. * Fix possible privilege escalation in the Atom Publishing Protocol endpoint. * Allow operations on network plugins only through the network admin. * Hardening: Simplify error messages when uploads fail. * Hardening: Validate a parameter passed to wp_get_object_terms().
Revision 1.27 / (download) - annotate - [select for diffs], Sun Sep 9 06:56:10 2012 UTC (11 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored)
Update to Wordpress 3.4.2. Changes: * Fixes some issues in the admin area where some older browsers (IE7, in particular) may slow down, lag, or freeze. * Fixes an issue where a theme may not preview correctly, or its screenshot may not be displayed. * Fixes the use of multiple trackback URLs in a post. * Prevents improperly sized images from being uploaded as headers from the customizer. * Ensures proper error messages can be shown to PHP4 installs. (WordPress requires PHP 5.2.4 or later.) * Fixes handling of oEmbed providers that only return XML responses. * Addresses pagination problems with some category permalink structures. * Adds more fields to be returned from the XML-RPC wp.getPost method. * Avoids errors when updating automatically from very old versions of WordPress (pre-3.0). * Fixes problems with the visual editor when working with captions. Additionally: Version 3.4.2 fixes a few security issues and contains some security hardening. These issues were discovered and addressed by the WordPress security team: * Fix unfiltered HTML capabilities in multisite. * Fix possible privilege escalation in the Atom Publishing Protocol endpoint. * Allow operations on network plugins only through the network admin. * Hardening: Simplify error messages when uploads fail. * Hardening: Validate a parameter passed to wp_get_object_terms().
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 29 10:40:13 2012 UTC (11 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.25: +2 -2
lines
Diff to previous 1.25 (colored)
Security update to version of Wordpress 3.4.1. ChangeLog: Wordpress 3.4.1: * Fixes an issue where a themeãàÑÔ page templates were sometimes not detected. * Addresses problems with some category permalink structures. * Better handling for plugins or themes loading JavaScript incorrectly. * Adds early support for uploading images on iOS 6 devices. * Allows for a technique commonly used by plugins to detect a network-wide activation. * Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent. Additionally: Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team: * Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0. * CSRF. Additional CSRF protection in the customizer. * Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts). * Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information. * Hardening: Require a child theme to be activated with its intended parent only. Wordpress 3.4: * Enhanced theme control * Customize theme options before activating a new theme using Theme Customizer * Use Theme Previewer to customize current theme without changing the front-end design * Custom Headers * Improved Custom Headers with flexible sizes * Selecting Custom Header Images and Custom Background Images from Media Library Screen * Media improvements * Support HTML in image captions * Under the Hood improvements * Improvements in WordPress internationalization and localization (more info) * Different split in translation POT files for faster translations * Codex XML-RPC information update accessed via XML-RPC_WordPress_API * WP_Query improvements
Revision 1.24.4.1 / (download) - annotate - [select for diffs], Wed Apr 25 19:13:12 2012 UTC (11 years, 11 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.24: +2 -2
lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Pullup ticket #3756 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.25 - www/wordpress/distinfo 1.20 --- Module Name: pkgsrc Committed By: morr Date: Wed Apr 25 13:00:37 UTC 2012 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to Wordpress 3.3.2. Three external libraries included in WordPress received security updates: * Plupload (version 1.5.4), which WordPress uses for uploading media. * SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. * SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes. WordPress 3.3.2 also addresses: * Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. * Cross-site scripting vulnerability when making URLs clickable. * Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Revision 1.25 / (download) - annotate - [select for diffs], Wed Apr 25 13:00:37 2012 UTC (11 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.24: +2 -2
lines
Diff to previous 1.24 (colored)
Security update to Wordpress 3.3.2. Three external libraries included in WordPress received security updates: * Plupload (version 1.5.4), which WordPress uses for uploading media. * SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. * SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes. WordPress 3.3.2 also addresses: * Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. * Cross-site scripting vulnerability when making URLs clickable. * Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 4 21:10:33 2012 UTC (12 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Branch point for: pkgsrc-2012Q1
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored)
Security update to 3.3.1. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Dec 14 19:47:45 2011 UTC (12 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.22: +2 -3
lines
Diff to previous 1.22 (colored)
Update to version 3.3. Highlights: * Easier Uploading - File Type Detection - A single upload button - Drag-and-Drop Media Uploader * Dashboard Design - New Toolbar in the dashboard, combining the Admin Bar and admin header - Responsive design for some screens, including iPad/tablet support - Flyout menus, providing single-click access to any screen * New User Experience - New feature pointers, helping users navigate new features - Post-update About screen - Dashboard welcome area for new installs * Content Tools - Better co-editing that releases post locks immediately - Don't lose widgets when switching themes - Tumblr Importer * Under the Hood improvements - Use the postname permalink structure without a performance penalty - Improved Editor API - is_main_query() function and WP_Query method - Remove a number of funky characters from post slugs - jQuery 1.7.1 and jQuery UI 1.8.16 - A new Screen API for adding help documentation and adapting to screen contexts - Improved metadata API * Performance improvements and hundreds of bug fixes More changes at http://codex.wordpress.org/Version_3.3
Revision 1.22 / (download) - annotate - [select for diffs], Fri Sep 16 05:46:27 2011 UTC (12 years, 7 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.21: +2 -1
lines
Diff to previous 1.21 (colored)
Bump PKGREVISION from PHP_VERSION_DEFAULT changes.
Revision 1.21 / (download) - annotate - [select for diffs], Fri Aug 19 18:18:26 2011 UTC (12 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
Update to newest release. From the Announcement blog: "This maintenance release fixes a server incompatibility related to JSON thatãàÑÔ unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme."
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Tue Jul 12 10:58:47 2011 UTC (12 years, 9 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored) next main 1.20 (colored)
Pullup ticket #3471 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.20 - www/wordpress/PLIST 1.9 - www/wordpress/distinfo 1.16 --- Module Name: pkgsrc Committed By: morr Date: Mon Jul 11 22:53:50 UTC 2011 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to newest version - 3.2. Highlights: * Refreshed Administrative UI - Admin redesign * New Default Theme "Twenty Eleven" - Uses the latest Theme Features * Full Screen Editor - Distraction free writing experience * Extended Admin Bar - More useful links to control the site * Enhanced Browser Compatibility - - Drop Internet Explorer 6 support - Start End-of-life (EOL) cycle for Internet Explorer 7 - Browse Happy notify users of out-of-date browser * WordPress is Faster and Lighter - - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint - Performance improvements for wptexturize() - Remove PHP4 compatibility including timezone support - More efficient term intersection queries - Some optimizations in the HTML sanitizer (kses) - Speed optimizations for is_serialized_string() - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint - And many other improvements and tweaks Contains also security fixes from wordpress 3.1.4.
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jul 11 22:53:49 2011 UTC (12 years, 9 months ago) by morr
Branch: MAIN
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Update to newest version - 3.2. Highlights: * Refreshed Administrative UI - Admin redesign * New Default Theme "Twenty Eleven" - Uses the latest Theme Features * Full Screen Editor - Distraction free writing experience * Extended Admin Bar - More useful links to control the site * Enhanced Browser Compatibility - - Drop Internet Explorer 6 support - Start End-of-life (EOL) cycle for Internet Explorer 7 - Browse Happy notify users of out-of-date browser * WordPress is Faster and Lighter - - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint - Performance improvements for wptexturize() - Remove PHP4 compatibility including timezone support - More efficient term intersection queries - Some optimizations in the HTML sanitizer (kses) - Speed optimizations for is_serialized_string() - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint - And many other improvements and tweaks Contains also security fixes from wordpress 3.1.4.
Revision 1.16.2.3 / (download) - annotate - [select for diffs], Fri May 27 11:07:01 2011 UTC (12 years, 10 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.16.2.2: +2 -2
lines
Diff to previous 1.16.2.2 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Pullup ticket #3441 - requested by morr www/wordpress security update Revisions pulled up: - www/wordpress/Makefile 1.19 - www/wordpress/distinfo 1.15 --- Module Name: pkgsrc Committed By: morr Date: Thu May 26 22:59:38 UTC 2011 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 3.1.3. * Various security hardening by Alexander Concha. * Taxonomy query hardening by John Lamansky. * Prevent sniffing out user names of non-authors by using canonical redirects. Props Veróîica Valeros. * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research. * Improves file upload security on hosts with dangerous security settings. * Cleans up old WordPress import files if the import does not finish. * Introduce "clickjacking" protection in modern browsers on admin and login pages.
Revision 1.19 / (download) - annotate - [select for diffs], Thu May 26 22:59:38 2011 UTC (12 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
Security update to 3.1.3. * Various security hardening by Alexander Concha. * Taxonomy query hardening by John Lamansky. * Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research. * Improves file upload security on hosts with dangerous security settings. * Cleans up old WordPress import files if the import does not finish. * Introduce "clickjacking" protection in modern browsers on admin and login pages.
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Mon May 9 04:59:08 2011 UTC (12 years, 11 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.16.2.1: +2 -2
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored)
Pullup ticket #3425 - requested by morr www/wordpress security update. Revisions pulled up: - www/wordpress/Makefile 1.18 - www/wordpress/distinfo 1.14 --- Module Name: pkgsrc Committed By: morr Date: Sun May 8 20:43:36 UTC 2011 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 3.1.2. * Fix a vulnerability that allowed Contributor-level users to improperly publish posts. * Fix user queries ordered by post count. * Fix multiple tag queries. * Prevent over-escaping of post titles when using Quick Edit for pages.
Revision 1.18 / (download) - annotate - [select for diffs], Sun May 8 20:43:36 2011 UTC (12 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
Security update to 3.1.2. * Fix a vulnerability that allowed Contributor-level users to improperly publish posts. * Fix user queries ordered by post count. * Fix multiple tag queries. * Prevent over-escaping of post titles when using Quick Edit for pages.
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Mon Apr 11 14:20:16 2011 UTC (13 years ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored)
Pullup ticket #3408 - requested by morr www/wordpress security update Revisions pulled up: - www/wordpress/Makefile 1.17 - www/wordpress/distinfo 1.13 --- Module Name: pkgsrc Committed By: morr Date: Sat Apr 9 00:57:43 UTC 2011 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to wordpress 3.1.1. This maintenance and security release fixes almost thirty issues in 3.1, including: * Some security hardening to media uploads * Performance improvements * Fixes for IIS6 support * Fixes for taxonomy and PATHINFO (/index.php/) permalinks * Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three security issues discovered by WordPress core developers Jon Cave and Peter Westwood, of wordpress's security team. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links in comments, and the third addresses an XSS flaw.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Apr 9 00:57:42 2011 UTC (13 years ago) by morr
Branch: MAIN
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored)
Update to wordpress 3.1.1. This maintenance and security release fixes almost thirty issues in 3.1, including: * Some security hardening to media uploads * Performance improvements * Fixes for IIS6 support * Fixes for taxonomy and PATHINFO (/index.php/) permalinks * Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three security issues discovered by WordPress core developers Jon Cave and Peter Westwood, of wordpress's security team. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links in comments, and the third addresses an XSS flaw.
Revision 1.16 / (download) - annotate - [select for diffs], Sun Feb 27 10:30:16 2011 UTC (13 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Update to wordpress-3.1. Changes: * Internal Linking - click a button for an internal link and it allows you to search for a post or browse a list of existing content and select it for inclusion. * Admin Bar - contains various links to useful admin screens. By default, the admin bar is displayed when a user is logged in and visiting the site and is not displayed in admin screens for single blog installs. For multisite installs, the admin bar is displayed both when visiting the site and in the admin screens. * Streamlined Writing Interface - new users of WordPress will find the write screen much less cluttered than before, as more of the options are hidden by default. You can click on Screen Options in the top right to bring them back. * Post Formats - meta information that can be used by themes to customize presentation of a post. Read more in the article Post Formats. * Network Admin - move Super Admin menus and related pages out of the regular admin and into a new Network Admin screen. * List-type Admin Screens - sortable columns for list-type screens and better pagination. * Exporter/Importer Overhaul - many under the hood changes including adding author information, better handling for taxonomies and terms, and proper support for navigation menus. * Custom Content Type Improvements - allows developers to generate archive pages, and have better menu and capability controls. * Advanced Queries - allows developers to query multiple taxonomies and custom fields. * Refreshed Blue Admin Color Scheme - puts the focus more squarely on your content. More changes at http://codex.wordpress.org/Version_3.1
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Fri Feb 11 04:31:47 2011 UTC (13 years, 2 months ago) by sbd
Branch: pkgsrc-2010Q4
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
Pullup ticket #3349 - requested by morr www/wordpress update Revisions pulled up: - pkgsrc/www/wordpress/Makefile 1.15 - pkgsrc/www/wordpress/distinfo 1.11 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Thu Feb 10 10:25:50 UTC 2011 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 3.0.5. Changes: * Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. * Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. * Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. * Enhancement: Force HTML filtering on comment text in the admin * Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. * Update the license to GPLv2 (or later) and update copyright information for the KSES library.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 10 10:25:50 2011 UTC (13 years, 2 months ago) by morr
Branch: MAIN
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
Security update to 3.0.5. Changes: * Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. * Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. * Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. * Enhancement: Force HTML filtering on comment text in the admin * Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. * Update the license to GPLv2 (or later) and update copyright information for the KSES library.
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Fri Dec 31 07:12:17 2010 UTC (13 years, 3 months ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.11.2.2: +2 -2
lines
Diff to previous 1.11.2.2 (colored) to branchpoint 1.11 (colored) next main 1.12 (colored)
Pullup ticket #3314 - requested by morr wordpress critical security update. Revisions pulled up: - www/wordpress/Makefile 1.14 - www/wordpress/distinfo 1.10 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: morr Date: Thu Dec 30 22:27:45 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Critical security update. ChangeLog: * Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url().
Revision 1.14 / (download) - annotate - [select for diffs], Thu Dec 30 22:27:45 2010 UTC (13 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
Critical security update. ChangeLog: * Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url().
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Sun Dec 12 15:34:39 2010 UTC (13 years, 4 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.11.2.1: +1 -1
lines
Diff to previous 1.11.2.1 (colored) to branchpoint 1.11 (colored)
Pullup ticket #3300 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.13 - www/wordpress/distinfo 1.9 --- Module Name: pkgsrc Committed By: morr Date: Fri Dec 10 23:34:18 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Security update to 3.0.3. Changes: Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Dec 10 23:34:17 2010 UTC (13 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
Security update to 3.0.3. Changes: Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Tue Dec 7 12:08:21 2010 UTC (13 years, 4 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.11: +3 -2
lines
Diff to previous 1.11 (colored)
Pullup ticket #3296 - requested by morr www/wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.12 - www/wordpress/PLIST 1.7 - www/wordpress/distinfo 1.8 --- Module Name: pkgsrc Committed By: morr Date: Sun Dec 5 16:46:29 UTC 2010 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Security update. Changes: * Fix moderate security issue where a malicious Author-level user could gain further access to the site. * Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. * Fix canonical redirection for permalinks containing %category% with nested categories and paging. * Fix occasional irrelevant error messages on plugin activation. * Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. * Clarify the license in the readme * Multisite: Fix the delete_user meta capability * Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins * Multisite: Fix ms-files.php content type headers when requesting a URL with a query string * Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs While here, set license.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Dec 5 16:46:28 2010 UTC (13 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.11: +3 -2
lines
Diff to previous 1.11 (colored)
Security update. Changes: * Fix moderate security issue where a malicious Author-level user could gain further access to the site. * Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. * Fix canonical redirection for permalinks containing %category% with nested categories and paging. * Fix occasional irrelevant error messages on plugin activation. * Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. * Clarify the license in the readme * Multisite: Fix the delete_user meta capability * Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins * Multisite: Fix ms-files.php content type headers when requesting a URL with a query string * Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs While here, set license.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Aug 4 07:52:37 2010 UTC (13 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Update to 3.0.1. 3.0.1: * Fixed 54 tickets total. A break down of ticket status by component can be found in Trac (http://core.trac.wordpress.org/milestone/3.0.1). * Added unregister_nav_menu(), for child themes. 3.0: * WordPress and WordPress MU have merged, allowing the management of multiple sites (called Multisite) from one WordPress installation. * New default theme "Twenty Ten" takes full advantage of the current features of WordPress. * New Custom Menu Management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets. * Custom Header and Custom Background APIs. * Contextual help text accessed under the Help tab of every screen in the WordPress administration. * Ability to set the admin username and password during installation. * Bulk updating of themes with an automatic maintenance mode during the process. * Support for Shortlinks. * Improved Custom Post Types and Custom Taxonomies including hierarchical (category-style) support. (Try the Custom Post Type UI or GD Custom Posts And Taxonomies Tools plugins to see the possibilities.) * A lighter admin color scheme to increase accessibility and put the focus more squarely on your content.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 19 22:34:02 2010 UTC (14 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2
Changes since 1.9: +7 -7
lines
Diff to previous 1.9 (colored)
Update to 2.9.2 2.9.2: * Fixed problem where where logged in users can peek at trashed posts belonging to other authors. * Fixed other issues 2.9.1: * Fixed problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts * Fixed other issues 2.9: User Features * Trash status for posts, pages, and comments (includes restore and permanent delete) * Add support for 'include' and 'exclude' to [gallery] (Gallery Shortcode) * Allow user registration to be enabled by an XMLRPC client * Add support for sticky posts to the WXR exporter and importer * 'rel=canonical' for singular pages * Scroll back to the same location after saving a file in the Plugin and Theme editors * Correct comments and remove unnecessary echos from the default themes sidebar template file * Enable the APP (Atom) attachment file download to work correctly * Support location of category templates based on 'category-slug' as well as 'category-id' (Ticket 10614) * Support location of tag templates based on 'tag-id' as well as 'tag-slug' (Ticket 10868) * Support location of page templates based on 'page-slug' and 'page-id' * Set "Allow my blog to appear in search engines" to checked in installation * Don't offer to make a category its own parent * Remove Sphere from search list * Minify admin CSS * Show correct max upload filesize error message * Add 'rel' attribute to next/previous post links * Make the default and classic themes comment textareas valid XHTML * Clean up '.button' and '.button[disabled]' CSS classes, add 'spinner' and 'gray-out' buttons after clicking Publish or Update post * Fix race condition with autosave when clicking Publish immediately after entering post title * Add Comments for Pages in the WordPress Default theme * Define '$content_width' for Kubrick * Better feedback on publishing of future posts and pages * Display comments in descending date order, consistently * Add means of automatically repairing tables * Press This bookmarklet fixes * Give plugins and themes simple control over the text displayed at the end of an autogenerated Excerpt * Don't show "Change Permalinks" button when editing the page set as "Front page" * Image editing * Retire BunnyTags importer * Retire Jerome's keywords importer * Explain that the permalink is temporary for autosave generated permalinks * Update SimplePie to 1.2 * Eliminate the redundant and confusing comment threading depth of 1 * Easier Embeds with oEmbed support (see Ticket #10337) (oEmbed discovery disabled by default, use plugin to enable it) * TinyMCE 3.2.7 * Remove rel='tag' on links in Tag Clouds * Add a title to the Home link output by wp_page_menu() * Adjust comment moderation keyboard shortcut keys 'd = trash' or delete depending on the screen * Show "Draft updated" instead of "Post updated" when saving draft * Show the login form in a popup when autosave hits the login grace period * Open View/Preview post in a new window from the link in the Saved/Updated message * Separate fields for 'image alt' and 'image caption' in Media uploader * Display better information about broken themes when there is no stylesheet * Improve situation when tables such as wp_options table were 'corrupt' new installation message was offered. Add means of automatically repairing tables * Export and import custom taxonomies * Admin copy improvements * Don't show page templates in the drop down if they are in a subdirectory * Make codex link open in a new window * Change 'Remove' link on widgets to 'Delete' because it doesn't just remove it, it deletes the settings for that widget instance. Development, Themes, Plugins * Added 'excerpt_more' filter to wp_trim_excerpt() function, which allow developers to change excerpt '[...]' more string (Ticket 10395) * Add 'smilies_src' filter so plugins can better add smilies * Canonical redirects for post name queries * Allow _wp_get_comment_list() to handle custom comment types * Return an empty array instead of false for get_children() when no children found * Add some filters so that HTTP requests can be filtered * Move plugin update notice output to the plugin specific hook * Limit wp-mail 'blog by email' checks to every 5 minutes * Make it much easier to filter contact methods from user profiles * Allow filtering of get_edit_post_link for custom post_type * 'get_sample_permalink_html' filter * Enforce activation key to be a string, reject activation keys that are arrays * Support for new post types * Respect custom post_type in queries * Send Retry-After header when in maintenance mode * Various WP Filesystem related fixes and documentation * Add constants for ftp connections timeouts * Increase timeout on cron-based requests when checking for upgrades * Don't use has_action() before do_action() in http.php * Speed up jQuery based scripts * Use the current user as author for autosave * Show My Posts as default view on the Edit Posts screen for users without 'edit_others_posts' cap * Ensure that drafts viewed over XMLRPC have a correct gmt date set * Pass user id to 'get_' the_author_meta filters * Move _wp_get_user_contactmethods() into the registrations functions file * Machine parseable db error codes * Add global JS vars and actions to the media uploader iframe * Add JSON compat for PHP < 5.2 * Make option_name the primary key for the options table * Allow a plugin to do a complete takeover of Post by Email * Logarithmic scale for tag cloud * Pass Post ID to the 'get_comments_number' filter * Always filter the url in the media upload form * Add a 'the_terms' filter * is_blog_installed() improvements * Allow force_ssl_admin() to properly accept false as a value * Pass logged_in cookie to async-upload and filter the cookie scheme in auth_redirect() * Add more actions around database add/delete/update operations * phpDoc for wp_"check|set"_post_lock functions * Use the old strings which are more translator friendly and add a generic default string to aid re-use by plugins adding post_types * Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field() * Use null instead of 0 when setting content length * Include 'hidden' directories in filesystem dirlist by default * Pass args array to 'wp_list_pages' filter * Actions for taxonomy updates * Key should be 'comment_id' not 'post_id' in comments table * Add get_delete_post_link () to retrieve delete posts link for post * Add 'separator' parameter to wp_tag_cloud() and wp_generate_tag_cloud() functions (Ticket 10315) * Added add_comment_meta() family of functions * Use a post_parent of 0 instead of -1 to indicate unattached posts * Improve get_page_hierarchy() function * Deprecate the_content_rss(), add the_content_feed() and get_the_content_feed(). Convert places that called the_content_rss() with an excerpt length to the_excerpt_rss(). Remove the rss_excerpt_length option. Use the_content_feed() where the_content() was previously used in feeds. * Add 'pad_counts' argument to wp_dropdown_categories() * Remove codepress * Remove the php-gettext library * Canonical post thumbanils * Add a filter to the_author_posts_link() * Merge post.js with page.js and slug.js, optimize categories and tags JS, standardize postboxes IDs and JS * Introduce register_theme_directory() which takes a wp-content-relative path and will additionally scan it for themes. Plugins can use this to add themes without requiring copying by the user * Add set_user_role action hook * Allow theme devs to change attrs (like CSS class) of thumbnail images * Add wp-post-image CSS class to post images * Allow for plugins to enhance the number of metadata fields captured from plugin and theme headers * Merge updated pomo code * Switch to using NOOP_Translations for untranslated sites * Improve wptexturize performance * Provide context to the strings in the Plugin and Theme installers to allow for different grammatical gender * Fixes for theme subdir support * Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data * Add 'orderby=comment_count' argument to query_posts() * Honor Post Type for Sticky Posts * Allow querying multiple post types * Introduce add_theme_support(feature) and current_theme_supports(feature) for announcing and checking theme support for various features * Introduce require_if_theme_supports() * Add number of Embed related filters * Add 'IMAGE_EDIT_OVERWRITE' constant to control edited image save or replace, most useful for setups that have dynamic image resizing * Add load_child_theme_textdomain() to allow child themes to have their own translation files * Add sidebar descriptions to sidebar settings and widget admin screen * Make option_id primary. Add uniques for option_name and autoload * Allow plugins to override the behaviour of load_textdomain() in a variety of flexible ways * Mark _c() as deprecated. The new _x() function should be used instead. * Allow plugins to change the redirect on post/page publishing/submitting * Standardize on 'user_id' instead of 'user_ID' when passing comment data. Accept either 'user_id' or 'user_ID'. Remove 'user_id' global. * Filter imported comments * Introducing set_post_image_size(w, h, crop) so themes can register their special size/crop for canonical post images * Standardize around "post image" instead of "post thumbnail" * Allow registering post image support per post type * Return false from is_paged() if on the first page. * Check MySQL and PHP versions when auto upgrading * Add required php and mysql versions to version.php * Hard code required version in update-core.php PR pkg/42765
Revision 1.9 / (download) - annotate - [select for diffs], Sun Mar 21 22:47:34 2010 UTC (14 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
Revert unintentional part of last revision
Revision 1.8 / (download) - annotate - [select for diffs], Sun Mar 21 08:56:58 2010 UTC (14 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Take over maintenance
Revision 1.7 / (download) - annotate - [select for diffs], Sat Mar 20 21:32:41 2010 UTC (14 years, 1 month ago) by adrianp
Branch: MAIN
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
Don't have time to MAINTAIN these anymore, so back to pkgsrc-users@
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Fri Nov 13 11:07:27 2009 UTC (14 years, 5 months ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pullup ticket #2933 - requested by adrianp wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.6 - www/wordpress/PLIST 1.4 - www/wordpress/distinfo 1.5 --- Module Name: pkgsrc Committed By: adrianp Date: Thu Nov 12 22:05:55 UTC 2009 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to 2.8.6 - 2.8.5 * Fix for trackback DOS * Removal of permalink_structure eval * Remove some create_function() calls * Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php * Add extra escapes here and there for some backside coverage * Retire two old importers * A few small bug fixes - 2.8.6 * Fixed an XSS vulnerability in Press This * Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations
Revision 1.6 / (download) - annotate - [select for diffs], Thu Nov 12 22:05:55 2009 UTC (14 years, 5 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Update to 2.8.6 - 2.8.5 * Fix for trackback DOS * Removal of permalink_structure eval * Remove some create_function() calls * Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php * Add extra escapes here and there for some backside coverage * Retire two old importers * A few small bug fixes - 2.8.6 * Fixed an XSS vulnerability in Press This * Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations
Revision 1.1.1.1.2.3 / (download) - annotate - [select for diffs], Fri Aug 14 10:02:07 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.2: +1 -1
lines
Diff to previous 1.1.1.1.2.2 (colored) to branchpoint 1.1.1.1 (colored) next main 1.2 (colored)
Pullup ticket #2864 - requested by adrianp wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.5 - www/wordpress/distinfo 1.4 --- Module Name: pkgsrc Committed By: adrianp Date: Wed Aug 12 20:21:10 UTC 2009 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: Update to 2.8.4 to fix security issue: http://wordpress.org/development/2009/08/2-8-4-security-release/
Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 12 20:21:10 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Update to 2.8.4 to fix security issue: http://wordpress.org/development/2009/08/2-8-4-security-release/
Revision 1.1.1.1.2.2 / (download) - annotate - [select for diffs], Wed Aug 5 10:37:39 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.1: +1 -1
lines
Diff to previous 1.1.1.1.2.1 (colored) to branchpoint 1.1.1.1 (colored)
Pullup ticket #2848 - requested by adrianp wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.4 - www/wordpress/distinfo 1.3 --- Module Name: pkgsrc Committed By: adrianp Date: Tue Aug 4 21:32:40 UTC 2009 Modified Files: pkgsrc/www/wordpress: Makefile distinfo Log Message: WordPress 2.8.3 Security Release Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Aug 4 21:32:40 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
WordPress 2.8.3 Security Release Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.
Revision 1.1.1.1.2.1 / (download) - annotate - [select for diffs], Tue Jul 28 22:11:14 2009 UTC (14 years, 8 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1: +1 -1
lines
Diff to previous 1.1.1.1 (colored)
Pullup ticket #2843 - requested by adrianp wordpress: security update Revisions pulled up: - www/wordpress/Makefile 1.3 - www/wordpress/PLIST 1.3 - www/wordpress/distinfo 1.2 --- Module Name: pkgsrc Committed By: adrianp Date: Tue Jul 28 21:20:20 UTC 2009 Modified Files: pkgsrc/www/wordpress: Makefile PLIST distinfo Log Message: Update to 2.8.2 Highlights * New drag-and-drop widgets admin interface and new widgets API * Syntax highlighting and function lookup built into plugin and theme editors * Browse the theme directory and install themes from the admin * Allow the dashboard widgets to be arranged in up to four columns * Allow configuring the number of items to show on management pages with an option in Screen Options * Support timezones and automatic daylight savings time adjustment * Support IIS 7.0 URL Rewrite Module * Faster loading of admin pages via script compression and concatenation For all the details see: http://codex.wordpress.org/Version_2.8
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jul 28 21:20:20 2009 UTC (14 years, 8 months ago) by adrianp
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Update to 2.8.2 Highlights * New drag-and-drop widgets admin interface and new widgets API * Syntax highlighting and function lookup built into plugin and theme editors * Browse the theme directory and install themes from the admin * Allow the dashboard widgets to be arranged in up to four columns * Allow configuring the number of items to show on management pages with an option in Screen Options * Support timezones and automatic daylight savings time adjustment * Support IIS 7.0 URL Rewrite Module * Faster loading of admin pages via script compression and concatenation For all the details see: http://codex.wordpress.org/Version_2.8
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 7 18:35:39 2009 UTC (14 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.1: +3 -2
lines
Diff to previous 1.1 (colored)
Fix user-destdir.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Apr 6 11:31:02 2009 UTC (15 years ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import of wordpress 2.7.1 from pkgsrc-wip Initiall packaged by shinden@linux.pl and then hacked by me WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 6 11:31:02 2009 UTC (15 years ago) by adrianp
Branch: MAIN
Initial revision