The NetBSD Project

CVS log for pkgsrc/www/wordpress/PLIST

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / wordpress

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.49 / (download) - annotate - [select for diffs], Sun Jul 25 11:49:00 2021 UTC (4 months, 1 week ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, HEAD
Changes since 1.48: +454 -21 lines
Diff to previous 1.48 (colored)

Welcome to version 5.8.

Highlights of this release:
- manage widgets with blocks
- display posts with new blocks and patterns
- overview of the page structure
- suggested patterns for blocks
- style and colorize images
- theme.json
- dropping support for IE11
- adding support for WebP
- adding additional block supports

More details here: https://wordpress.org/support/wordpress-version/version-5-8/

Revision 1.48 / (download) - annotate - [select for diffs], Sun Mar 14 17:01:33 2021 UTC (8 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.47: +14 -1 lines
Diff to previous 1.47 (colored)

Update to version 5.7

Highlights of this release:
- block editor changes
- WP Admin: a new color palette
- from HTTP to HTTPS in a single click
- new robots API
- ongoing cleanup after update to jQuery 3.5.1
- lazy-load your iframes # Lazy-load your iframes

More details here: https://wordpress.org/support/wordpress-version/version-5.7/

Revision 1.47 / (download) - annotate - [select for diffs], Sun Feb 28 00:04:11 2021 UTC (9 months ago) by morr
Branch: MAIN
Changes since 1.46: +5 -0 lines
Diff to previous 1.46 (colored)

Update to version 5.6.2.

Changes:

5.6.2:
This maintenance release features 5 bug fixes. These bugs affect WordPress version 5.6.1.

WordPress Core changes on Trac:
- #52440: Prevent the "Leave site" browser alert in Classic Editor when post title, excerpt, or post content fields are missing.
- #52018: Avoid a fatal error in PHP 8.0 when the "zip" PHP extension is disabled.

Block editor changes from GitHub and Trac:

- #52396: Image options are not visible in pop up when the clicking replace button from Image block.
- #52449: Can't change font size the 5.6.1 paragraph block.
- GH-26583: Restore block preview within the block inserter.

5.6.1:
This maintenance release features 20 bug fixes as well as 7 issues fixed on the block editor. These bugs affect WordPress version 5.6

WordPress Core changes on Trac:

- #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
- #52327: Requested updates to the PHP Update Alert
- #51940: The schema for the taxonomy property of a term in the REST API should not include all taxonomies
- #51980: App Passwords: „ŗŌĘdd New Application Password„ŗsubmit button is hidden on mobile devices in „ŗŌ∂ser Profile„ŗpage
- #51995: WordPress 5.6: Classic editor menu is not sticky
- #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
- #52013: Duplicate wp_authorize_application_password_form actions
- #52030: Media metaboxes return fatal error if no author metadata present
- #52038: Issue in WooCommerce with wp_editor() after update to WP 5.6
- #52046: The Distraction Free Writing setting on the old Edit Post screen may be reset after page reload
- #52065: Media gallery: „ŗŌĘlign„ŗand „ŗŌ≠ink To„ŗfields missing from „ŗŌ™nsert from URL„ŗ- #52066: Application Passwords are unusable in combination with password protected /wp-admin
- #52075: Word Count on Classic Editor doesn„ŗ—’ update in real time on Firefox unless saved
- #52097: Site Health Loopback Test doesn„ŗ—’ send admin cookies
- #52135: False positive on `WP_Site_Health_Auto_Updates`
- #52196: wp_get_attachment_metadata() is broken if no first argument is passed in.
- #52205: REST API: Plugins Controller single plugin route fatal errors on multisite
- #52299: Exported user data can be listed with directory listing
- #52351: missing echo function for translate method
- #52391: Gutenberg Updates for 5.6.1

Block editor changes from GitHub:

- #27970: Fix editor crash when registering a block pattern without categories
- #27733: Embed block: Add html and reusable support back
- #27727: Add aria labels to box control component inputs/button
- #27627: HTML Block: Fix editor styles
- #27526: Core Data: Normalize _fields value for use in stableKey
- #26705: Fix: Font size picker does not correctly handles big font sizes.
- #26432: Edit Site: prevent inserter overscroll

Revision 1.46 / (download) - annotate - [select for diffs], Fri Dec 11 18:09:09 2020 UTC (11 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.45: +250 -59 lines
Diff to previous 1.45 (colored)

Update to Wordpress 5.6.

List of changes is here: https://wordpress.org/support/wordpress-version/version-5-6/

Revision 1.45 / (download) - annotate - [select for diffs], Sat Sep 19 12:29:15 2020 UTC (14 months, 1 week ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.44: +79 -4 lines
Diff to previous 1.44 (colored)

Update to wordpress 5.5.1.

Changes:

5.5:
- lazy-loaded images
- new sitemap
- autoupdate of plugins and themes
- block editor:
  - block patterns
  - block directory
  - inline image editing

5.5.1:
WordPress Core changes on Trac:

#50882 - Administration: WP 5.5: Cannot attribute content when deleting users
#50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" dropdown menu doesn't work
#38009 - Comments: #reply-title.comment-reply-title not updating when replying to an individual
#50845 - Editor: Block patterns: Fix translatable strings (take 2)
#50858 - Site Health: Check PHP notices with site_status_tests filter
#50887 - Site Health: Add site environment to debug information
#50892 - Editor: Some block patterns have text contrast issues with dark themes
#50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated
#50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error
#50919 - Script Loader: Change the jquery handle back to an alias for jquery-core
#50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox
#50945 - Site Health: don't give a warning when upload_max_size is lower than max_post_size
#50988 - Upgrade/Install: Pass details about the specific plugin and theme updates attempted to filters
#50992 - Bootstrap/Load: Remove the ability to alter the list of environment types in wp_get_environment_type()
#50999 - Script Loader: Disable concatenation for scripts with translations to ensure they are printed in the right order
#51011 - Upgrade/Install: Empty string comparison on home option during DB upgrades is invalid
#51018 - Editor: PHP Notice thrown when searching for certain terms via the Gutenberg block directory
#51151 - Editor: Packages update
#51021 - REST API: Permit uniqueItems keyword in endpoint args
#51146 - REST API: Fix multi-type schemas with integer fields
#51029 - Filesystem API: Typo in variable name causes warning from fclose()
#51042 - Post: missing excerpt
#51050 - Docs: Add docblock for get_the_archive_title() filter
#51052 - Administration: Undefined index: update-supported
#51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5
#51064 - Bootstrap/Load: Consider adding "local" as environment on WP_ENVIRONMENT_TYPE
#51073 - Administration: Extra padding below the admin bar
#51075 - Docs: Update docs for custom logo functions
#51122 - Docs: add a mention about the use of loading attribute in wp_get_attachment_image function
#51127 - UI/CSS: Remove non-color related styling from Modern color scheme
#51129 - Upgrade/Install: Only display the auto-update links on the Network Admin > Themes screen for themes that support the feature
#51337 - Template: wp_terms_checklist not checking selected taxonomy items with selected_cats option
#51184 - get_the_date() checks $format only for empty variable and fails on false boolean
#51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server
#38009 - #reply-title.comment-reply-title not updating when replying to an individual
#51123 - commonL10n and other JS globals removed without backwards compatibility
#50848 - Clarify the usage of null for auto_update_{$type} filter
#51081 - Fatal Error - Undefined get_page_templates() in Customizer
#51154 - sitemaps should be initialized before each test is run
#51028 - Dot should be out of the quotes

Block editor changes from GitHub:

PR24609 -  Fix missing selected block highlighting in list view
PR24599 -  Fix specificity for buttons with outline style and background colors
PR24533 -  Fix incorrect aria description in List View
PR24516 -  Fix regression bug for category select in QueryControls component
PR24478 -  Fix tiny editor preview when using Mobile or Tablet options with metaboxes enabled

Revision 1.44 / (download) - annotate - [select for diffs], Sun Jun 21 19:02:31 2020 UTC (17 months, 1 week ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.43: +1 -0 lines
Diff to previous 1.43 (colored)

Security and maintenance update to Wordpress 5.4.2.

Changes:

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven„ŗ—’ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- Props to Luigi „ŗ(gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

More details on https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

Revision 1.43 / (download) - annotate - [select for diffs], Sun May 3 12:00:03 2020 UTC (18 months, 4 weeks ago) by morr
Branch: MAIN
Changes since 1.42: +23 -49 lines
Diff to previous 1.42 (colored)

Update to version 5.4.1.

Changes for 5.4:

Too much to include here, visit https://wordpress.org/support/wordpress-version/version-5-4/

Changes for 5.4.1:

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you„ŗ—Õl want to upgrade. If you haven„ŗ—’ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.

WordPress 5.4.1 also fixes some regressions introduced in version 5.4:

#49838 „ŗAccessibility: Fix the headings hierarchy on the Freedoms page
#49798 „ŗCustomize: Give the WordPress logo a white background for dark mode browsers
#49853 „ŗMail: Make the check for empty post title in wp-mail.php more resilient
#49753 „ŗMedia: Remove display: none; from the (visually hidden) <input type="file"> button used in Plupload to select files for uploading. Fixes selecting files in Edge <= 44 and iOS Safari
#49772 „ŗPrivacy: Support additional elements (table, ol, ul) in privacy policy guide new styling
#49802 „ŗPrivacy: Make the deprecated wp_get_user_request_data() function available on front end
#49645 „ŗREST API: Fix revisions controller get_item permission check
#49648 „ŗREST API: Fix _fields filtering of registered rest fields
#49824 „ŗSite Health: Instantiation prevents use of some hooks by plugins
#49759 „ŗTaxonomy: Un-deprecate category_link and tag_link filters
#49974 „ŗBlock Editor updates

Revision 1.41.4.1 / (download) - annotate - [select for diffs], Sun Feb 23 18:10:23 2020 UTC (21 months, 1 week ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.41: +8 -0 lines
Diff to previous 1.41 (colored) next main 1.42 (colored)

Pullup ticket #6139 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.91
- www/wordpress/PLIST                                           1.42
- www/wordpress/distinfo                                        1.73

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Feb 23 09:59:42 UTC 2020

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 5.3.2.

   Changes:

   Version 5.3.2:
   Maintenance updates
   - Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
   - Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
   - Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
   - Administration: Fix the colors in all color schemes for buttons with the .active class.
   - Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

   Version 5.3.1:
   Security fixes
   - Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
   - Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
   - Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
   - Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

   Maintenance updates
   - Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
   - Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
   - Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
   - Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
   - Embeds: remove CollegeHumor oEmbed provider as the service doesn„ŗ—’ exist anymore.
   - External libraries: update sodium_compat.
   - Site health: allow the remind interval for the admin email verification to be filtered.
   - Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
   - Users: ensure administration email verification uses the user„ŗ—‘ locale instead of the site locale.

Revision 1.42 / (download) - annotate - [select for diffs], Sun Feb 23 09:59:42 2020 UTC (21 months, 1 week ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.41: +8 -0 lines
Diff to previous 1.41 (colored)

Update to version 5.3.2.

Changes:

Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Maintenance updates
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn„ŗ—’ exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user„ŗ—‘ locale instead of the site locale.

Revision 1.41 / (download) - annotate - [select for diffs], Wed Dec 4 08:06:04 2019 UTC (23 months, 4 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base
Branch point for: pkgsrc-2019Q4
Changes since 1.40: +90 -3 lines
Diff to previous 1.40 (colored)

Update to version 5.3.

Changes:
- Block Editor Improvements
- Expanded Design Flexibility
- new theme called Twenty Twenty
- Automatic Image Rotation
- Site Health Checks
- Admin Email Verification
- Date/Time Component Fixes
- PHP 7.4 Compatibility

For full changes, look at https://wordpress.org/support/wordpress-version/version-5-3/

Revision 1.40 / (download) - annotate - [select for diffs], Tue Jul 16 19:31:21 2019 UTC (2 years, 4 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.39: +122 -0 lines
Diff to previous 1.39 (colored)

Update to 5.2.2. From the changelog:

5.2:
- Site Health
- PHP Error Protection
- Accessibility Updates
- New Dashboard Icons
- Plugin Compatibility Checks
- Privacy Updates
- New Body Hook
- Building JavaScript

5.2.1:
- 47180: An issue typing in the block editor while using a RTL language
  has been fixed.
- 47186: An bug causing 32-bit systems to run out of memory when using
  sodium_compat was fixed.
- 47189: The "Update your plugins" link in Site Health now links to the
  correct page in multisite installs.
- 47185: An issue in wp_delete_file_from_directory() where files were
  not deleting on Windows systems has been fixed.
- 47205: A bug was fixed where spaces could not be added in the Classic
  Editor after pressing shift+enter.
- 47265: 2 fatal errors on the error protection page when a PHP error
  was encountered in a drop-in (such as advanced-cache.php) were fixed.
- 47244: wp_targeted_link_rel() has been improved to prevent instances
  where single and double quotation marks were incorrectly staggered.
- 47169: PHP/MySQL minimum version requirement checks now return proper
  error codes when requirements are not met in test environments.
- 47177: The backwards compatibility of get_search_form() was improved.
- 47297: The accuracy of the HTTP requests test in Site Health was improved.
- 47229: TinyMCE has been updated to version 4.9.4.
- 47323: Prevents a fatal error that occurs when upgrading to 5.2.1 from
  WordPress < 5.2.
- 47304: Fixes a regression that can affect the accuracy of
  <lastBuildDate> in feeds.
- 47312: Changes the string used on the About page for 5.2.1 to one that
  is already translated.

5.2.2:
- 45094: Dashboard elements don't always have clear focus states, tab order
- 46289: RTL Bug „ŗwrong navigation arrows in media modal
- 46749: Extra border is displaying at bottom of Help section in Firefox
  (Responsive : 778 * 841)
- 46881: Site Health: improve the header elements horizontal centering
- 46957: Site Health: Make site health page access be filterable
- 46960: Site Health: Table design issue in small devices (iphone 5/SE).
- 46997: Theme update links show in Customizer and don't work
- 47070: Recovery Mode Exit button not visible in responsive view
- 47158: Merge similar strings introduced in WP 5.2
- 47227: I18n: Merge similar translation strings „ŗsite health tabs
- 47475: I18n: Merge similar strings and fix typo
- 47429: Editor: Update packages for WordPress 5.2.2
- 47457: Fix the mediaelements player controls bar sizing

Revision 1.39 / (download) - annotate - [select for diffs], Sat Mar 2 14:30:14 2019 UTC (2 years, 9 months ago) by wen
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.38: +7 -3 lines
Diff to previous 1.38 (colored)

Update to 5.1

Upstream changelog please visit:
https://wordpress.org/news/2019/02/betty/

Revision 1.38 / (download) - annotate - [select for diffs], Fri Dec 7 12:25:58 2018 UTC (2 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.37: +244 -43 lines
Diff to previous 1.37 (colored)

Update Wordpress to 5.0.

On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo,
was released to the public. WordPress 5.0 will revolutionize content editing
with introduction of a new block editor and block editor-compatible default
theme Twenty Nineteen.

More infomations at https://wordpress.org/support/wordpress-version/version-5-0/

Revision 1.36.2.1 / (download) - annotate - [select for diffs], Sun Jan 21 16:02:43 2018 UTC (3 years, 10 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.36: +1 -35 lines
Diff to previous 1.36 (colored) next main 1.37 (colored)

Pullup ticket #5687 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.75
- www/wordpress/PLIST                                           1.37
- www/wordpress/distinfo                                        1.60

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Jan 20 11:58:01 UTC 2018

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 4.9.2

   CHanges:

   XSS fixed in the Flash fallback files in MediaElement 4.x.

   Bundled Theme
   #42820 - Twenty Seventeen -watch that language

   Customize
   #42492 - Selecting menu location changes line height
   #42871 - Features box textstrings in Feature Filter area need new linebreak

   Database
   #42812 - Use MySQLi when available by default

   Editor
   #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
   #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

   External Libraries
   #42439 - Update random_compat external library for PHP 7 linting failure

   Formatting
   #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

   Media
   #42225 - Whitelist Flac Files
   #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
   #42480 - Consistent suppression of `getimagesize()` errors
   #42720 - Remove unnecessary MediaElement.js files

   Plugins
   #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

   REST API
   #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

   Taxonomy
   #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
   #42605 - category_description() does not work properly since 4.9
   #42717 - get_category_link() accepting object but not id

   TinyMCE
   #42416 - Code assumes iframe mode, exception in inline mode

   Upgrade/Install
   #42963 - Improve deletion of $_old_files during upgrades

   Widgets
   #42603 - Widgets Warning after activating theme and on dashboard widgets page
   #42719 - Always attempt to restore widgets' previous assignment
   #42867 - HTML Widget: toggleClass() should be passed true/false as second param


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/wordpress/distinfo

Revision 1.37 / (download) - annotate - [select for diffs], Sat Jan 20 11:58:01 2018 UTC (3 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.36: +0 -34 lines
Diff to previous 1.36 (colored)

Update to version 4.9.2

CHanges:

XSS fixed in the Flash fallback files in MediaElement 4.x.

Bundled Theme
#42820 - Twenty Seventeen -watch that language

Customize
#42492 - Selecting menu location changes line height
#42871 - Features box textstrings in Feature Filter area need new linebreak

Database
#42812 - Use MySQLi when available by default

Editor
#42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
#43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries
#42439 - Update random_compat external library for PHP 7 linting failure

Formatting
#42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media
#42225 - Whitelist Flac Files
#42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
#42480 - Consistent suppression of `getimagesize()` errors
#42720 - Remove unnecessary MediaElement.js files

Plugins
#43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

REST API
#42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy
#42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
#42605 - category_description() does not work properly since 4.9
#42717 - get_category_link() accepting object but not id

TinyMCE
#42416 - Code assumes iframe mode, exception in inline mode

Upgrade/Install
#42963 - Improve deletion of $_old_files during upgrades

Widgets
#42603 - Widgets Warning after activating theme and on dashboard widgets page
#42719 - Always attempt to restore widgets' previous assignment
#42867 - HTML Widget: toggleClass() should be passed true/false as second param

Revision 1.34.6.2 / (download) - annotate - [select for diffs], Wed Dec 20 18:38:37 2017 UTC (3 years, 11 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.34.6.1: +87 -33 lines
Diff to previous 1.34.6.1 (colored) to branchpoint 1.34 (colored) next main 1.35 (colored)

Pullup ticket #5659 - requested by bsiegert
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.74
- www/wordpress/PLIST                                           1.36
- www/wordpress/distinfo                                        1.59

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Dec  3 17:06:37 UTC 2017

   Modified Files:
    	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version, 4.9.1

   This version fixes 4 security bugs from earlier versions.

   For details, head to https://codex.wordpress.org/Version_4.9.1
   For 4.9 changes, head to https://codex.wordpress.org/Version_4.9


   To generate a diff of this commit:
   cvs rdiff -u -r1.73 -r1.74 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/wordpress/distinfo

Revision 1.36 / (download) - annotate - [select for diffs], Sun Dec 3 17:06:37 2017 UTC (3 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.35: +86 -32 lines
Diff to previous 1.35 (colored)

Update to newest version, 4.9.1

This version fixes 4 security bugs from earlier versions.

For details, head to https://codex.wordpress.org/Version_4.9.1
For 4.9 changes, head to https://codex.wordpress.org/Version_4.9

Revision 1.34.6.1 / (download) - annotate - [select for diffs], Mon Nov 6 19:41:32 2017 UTC (4 years ago) by bsiegert
Branch: pkgsrc-2017Q3
Changes since 1.34: +2 -1 lines
Diff to previous 1.34 (colored)

Pullup ticket #5616 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.73
- www/wordpress/PLIST                                           1.35
- www/wordpress/distinfo                                        1.58

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Fri Nov  3 09:49:13 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Security update to version 4.8.3.

   WordPress versions 4.8.2 and earlier are affected by an issue where
   $wpdb->prepare() can create unexpected and unsafe queries leading to potential
   SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
   but we„ŗ—◊e added hardening to prevent plugins and themes from accidentally
   causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.35 / (download) - annotate - [select for diffs], Fri Nov 3 09:49:13 2017 UTC (4 years ago) by morr
Branch: MAIN
Changes since 1.34: +1 -0 lines
Diff to previous 1.34 (colored)

Security update to version 4.8.3.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but we„ŗ—◊e added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.33.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 18:52:40 2017 UTC (4 years, 5 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.33: +16 -8 lines
Diff to previous 1.33 (colored) next main 1.34 (colored)

Pullup ticket #5487 - requested by sevan
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.68-1.69
- www/wordpress/PLIST                                           1.34
- www/wordpress/distinfo                                        1.54-1.55

---
   Module Name:    pkgsrc
   Committed By:   jklos
   Date:           Tue May 30 07:20:15 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update 4.7.5. Bugs fixed:

   Insufficient redirect validation in the HTTP class. Reported by Ronni
   Skansing.
   Improper handling of post meta data values in the XML-RPC API. Reported by
   Sam Thomas.
   Lack of capability checks for post meta data in the XML-RPC API. Reported
   by Ben Bidner of the WordPress Security Team.
   A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
   filesystem credentials dialog. Reported by Yorick Koster.
   A cross-site scripting (XSS) vulnerability was discovered when attempting
   to upload very large files. Reported by Ronni Skansing.
   A cross-site scripting (XSS) vulnerability was discovered related to the
   Customizer. Reported by Weston Ruter of the WordPress Security Team.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Jun 18 18:01:42 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version 4.8.

   For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.34 / (download) - annotate - [select for diffs], Sun Jun 18 18:01:42 2017 UTC (4 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q2-base, pkgsrc-2017Q2
Branch point for: pkgsrc-2017Q3
Changes since 1.33: +16 -8 lines
Diff to previous 1.33 (colored)

Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.33 / (download) - annotate - [select for diffs], Tue Mar 7 17:39:13 2017 UTC (4 years, 8 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.32: +1 -2 lines
Diff to previous 1.32 (colored)

Security update to version 4.7.3.

Fixed security bugs:

* Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè
  Dale, Yorick Koster, and Simon P. Briggs.
* Control characters can trick redirect URL validation. Reported by Daniel
  Chatfield.
* Unintended files can be deleted by administrators using the plugin deletion
  functionality. Reported by xuliang.
* Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc
  Montpas.
* Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
* Cross-site request forgery (CSRF) in Press This leading to excessive use of
  server resources. Reported by Sipke Mellema.

More information here: https://codex.wordpress.org/Version_4.7.3

Revision 1.32 / (download) - annotate - [select for diffs], Mon Jan 9 19:10:16 2017 UTC (4 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.31: +108 -61 lines
Diff to previous 1.31 (colored)

Update to newest version 4.7.

Major changes:

New Default Theme - Twenty Seventeen
- It is an ambitious theme designed for business websites that focuses on a
  creative home page and an easy site setup experience for users.

* multiple sections on the front page, selected in the Customizer.
* a striking asymmetrical grid.
* custom color schemes, built on top of a monochromatic foundation, and
  adjustable via a hue picker.
* different headline placement for pages, changeable in the Customizer, via
  them options.
* a great experience in many languages, thanks to language-specific font stacks.
* SVG icons (a first for a default theme).
* support for custom logo, custom header image and many post formats.
* the use of new functions in Core for making child theming easier.
	Note: Twenty Seventeen only works on 4.7 and above. It uses the new
	video header and starter content features, each launched in 4.7.

REST API Content Endpoints
* API endpoints for WordPress content. WordPress 4.7 comes with REST API
  endpoints for posts, comments, terms, users, meta, and settings. Content
  endpoints provide machine-readable external access to your WordPress site
  with a clear, standards-driven interface, paving the way for new and
  innovative methods of interacting with your site.

Revision 1.31 / (download) - annotate - [select for diffs], Thu Sep 29 18:02:09 2016 UTC (5 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.30: +1 -0 lines
Diff to previous 1.30 (colored)

Security update to version 4.6.1.

WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.

WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:

Bootstrap/Load

#37680 PHP Warning: ini_get_all() has been disabled for security reasons

- Database
#37683 „ŗ$collate and $charset can be undefined in wpdb::init_charset()
#37689 „ŗIssues with utf8mb4 collation and the 4.6 update

- Editor
#37690 „ŗBackspace causes jumping

- Email
#37736 „ŗEmails fail on certain server setups

- External Libraries
#37700 „ŗWarning: curl_exec() has been disabled for security reasons (Requests library)
#37720 „ŗThe minified version of the Masonry shim was not updated in #37666 (Masonry library)

- HTTP API
#37733 „ŗcURL error 3: malformed for remote requests
#37768 „ŗHTTP API no longer accepts integer and float values for the cookies argument

- Post Thumbnails
#37697 „ŗStrange behavior with thumbnails on preview in 4.6

- Script Loader
#37800 „ŗClose „ŗ◊Õink rel„ŗdns-prefetch tag

- Taxonomy
#37721 „ŗImprove error handling of is_object_in_term in taxonomy.php

- Themes
#37755 „ŗVisual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

- TinyMCE
#37760 „ŗProblem with RTL

- Upgrade/Install
#37731 „ŗInfinite loop in _wp_json_sanity_check() during plugin install

Revision 1.30 / (download) - annotate - [select for diffs], Mon Aug 22 18:11:04 2016 UTC (5 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.29: +1 -1 lines
Diff to previous 1.29 (colored)

pkgsrc changes to package:

- Add missing php modules
- Limit work with php-5.6
- Improve the wordpress.conf
- Install wp-config-sample.php to WPHOME but not EGDIR

Patch from wen heping.

Revision 1.29 / (download) - annotate - [select for diffs], Sun Aug 21 20:04:57 2016 UTC (5 years, 3 months ago) by jklos
Branch: MAIN
Changes since 1.28: +86 -3 lines
Diff to previous 1.28 (colored)

Update WordPress to 4.6 "Pepper":
https://wordpress.org/news/2016/08/pepper/

Revision 1.28 / (download) - annotate - [select for diffs], Wed May 4 20:18:32 2016 UTC (5 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.27: +51 -1 lines
Diff to previous 1.27 (colored)

Update to newest version of 4.5.1.

For 4.5.1
This maintenance release fixes a total of 12 bugs in Version 4.5 including:

Build/Test Tools
#36498 Shrinkwrap npm dependencies for 4.5

Bundled Theme
#36510 Twenty eleven page templates with widgets incorrectly styled

Customize
#36457 Customizer Device Preview: Use px units for tablet preview size

Database
#36629 Database connect functions can cause un-catchable warnings

Editor
#36458 Fix support for Safari + VoiceOver when editing inline links

Emoji
#36604 Emoji skin tone support test incorrectly passing in Chrome

Feeds
#36620 Feeds using an rss-http content type are now served as application/octet-stream

Media
#36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED'
#36578 wp_ajax_send_attachment_to_editor() bug
#36621 Don„ŗ—’ cache the results of wp_mkdir_p() in a persistent cache

Rewrite Rules
#36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows

TinyMCE
#36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)

For 4.5.
What's New
Security
- SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam
- Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l)
- Script compression option CSRF, reported by Ronni Skansing

Posts
- Inline Link Editing
- Additional Editor Shortcuts

Comments
- Moderate Comment Screen Refresh
- Max Lengths for Comment Form Fields
- Comment Error Page Navigation

Appearance
- Responsive Preview of your site
- Theme Logo Support
- Selective Refresh
- Easy of use

Install Process
Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API

Detail can be found here:

http://codex.wordpress.org/Version_4.5
http://codex.wordpress.org/Version_4.5.1

Revision 1.27 / (download) - annotate - [select for diffs], Sun Jan 3 16:22:53 2016 UTC (5 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.26: +151 -62 lines
Diff to previous 1.26 (colored)

Update to newest version 4.4.

What's New
  General
  * Developer reference - Improvements to inline code documentation.
  * i18n support - Improvements to translation strings all over the core.
  * Admin page headings were adjusted from H3 to H2 tags to reinforce page hierarchy
  * Improvements to how list tables are displayed on all size screens
  Posts
  * The post/page permalink UI was simplified, linking the permalink and removing the "View" button
  Comments
  * The "View Comment" link was relocated from the Status meta box in the comment-editing screen
  * Many comment functions can now accept a full object instead of 'comment_ID' to reduce cache/db lookups
  * Orphaned comments now fall back to the 'edit_posts' capability
  Appearance
  * Site icons will now fall back to the 'full' size URL when the 'thumbnail' size doesn't exist
  Multisite
  * The language chooser was added to the new site form on wp-signup.php
  * Sites may no longer be created with the following reserved slugs: wp-admin, wp-content, wp-includes, or wp-json

Revision 1.26 / (download) - annotate - [select for diffs], Fri Aug 21 03:27:56 2015 UTC (6 years, 3 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.25: +23 -5 lines
Diff to previous 1.25 (colored)

Update WordPress to 4.3.

Revision 1.25 / (download) - annotate - [select for diffs], Mon May 11 05:16:31 2015 UTC (6 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.24: +0 -3 lines
Diff to previous 1.24 (colored)

Security and maintenance update to version 4.2.2.

WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML
file shipped with recent Genericons packages included in the Twenty Fifteen
theme as well as a number of popular plugins by removing the file.

Version 4.2.2 also improves on a fix for a critical cross-site scripting
vulnerability introduced in 4.2.1.

The release also includes hardening for a potential cross-site scripting
vulnerability when using the Visual editor.

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs
from 4.2.1, including:

o Fixes an emoji loading error in IE9 and IE10
o Fixes a keyboard shortcut for saving from the Visual editor on Mac
o Fixes oEmbed for YouTube URLs to always expect https
o Fixes how WordPress checks for encoding when sending strings to MySQL
o Fixes a bug with allowing queries to reference tables in the dbname.tablename
  format
o Lowers memory usage for a regex checking for UTF-8 encoding
o Fixes an issue with trying to change the wrong index in the wp_signups table
  on utf8mb4 conversion
o Improves performance of loop detection in _get_term_children()
o Fixes a bug where attachment URLs were incorrectly being forced to use https
  in some contexts
o Fixes a bug where creating a temporary file could end up in an endless loop.

Revision 1.24 / (download) - annotate - [select for diffs], Mon May 4 19:48:00 2015 UTC (6 years, 6 months ago) by morr
Branch: MAIN
Changes since 1.23: +27 -0 lines
Diff to previous 1.23 (colored)

Security update to newest version 4.2.1.

Changes:

Wordpress 4.2:

o Press This has been completely revamped. Clip it, edit it, publish it. Get
  familiar with the new and improved Press This. From the Tools menu, add Press
  This to your browser bookmark bar or your mobile device home screen. Once
  installed you can share your content with lightning speed. Sharing your
  favorite videos, images, and content has never been this fast or this easy.
o Now you can browse and switch installed themes in the Customizer. Browse and
  preview your installed themes from the Customizer. Make sure the theme looks
  great with your content, before it debuts on your site.
o More intuitive plugin update and install from the Plugins Screen. Goodbye
  boring loading screen, hello smooth and simple plugin updates. Click Update Now
  and watch the magic happen.
o Writing in WordPress, whatever your language, just got better.  WordPress 4.2
  supports a host of new characters out-of-the-box, including native Chinese,
  Japanese, and Korean characters, musical and mathematical symbols, and
  hieroglyphs. Don„ŗ—’ use any of those characters? You can still have fun „ŗemoji
  are now available in WordPress! Get creative and decorate your content with !√ý,
  !ņļ, !ŅÚ, !Ļű, and all the many other emoji.

Wordpress 4.2.1:

o fix for a critical cross-site scripting (XSS) vulnerability, which could
  enable commenters to compromise a site.

Revision 1.23 / (download) - annotate - [select for diffs], Fri Jan 2 12:40:59 2015 UTC (6 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.22: +84 -72 lines
Diff to previous 1.22 (colored)

Update to version 4.1.

Major changes:

General
- Show the number of approved comments, instead of total comments, in the „ŗ◊Ęt A Glance„ŗsection in the dashboard.
- Site Language: Install translations on the fly on the General Settings screen. The language drop down now includes installed languages and all available translations when the filesystem is writable by WordPress.
- Admin notices: There are now four types of notices: success (green), warning (orange), error (red), and info (blue).

Posts
- Spellchecking is enabled for the post title field on the Edit Post screen.

Media
- Disable multi-file uploading in iOS 7.x Safari as it prevents uploading of videos.
- Allow PSDs (Photoshop documents) to be uploaded.
- oEmbed: Add support for the Vine endpoint.
- Display error message when Media Library upload fails.

Appearance
- Custom Header and Custom Background screens removed. Admin menu links now go to the Customizer.
- Widgets screen now has a Manage in Customizer link at top of screen.
- Themes: Make "Live Preview" the primary action and „ŗ◊Ęctivate„ŗsecondary.

Users
- Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions.
Accessibility
- Admin menu separators are now hidden from screen readers.
- Improved keyboard control of Edit Selection mode in the media manager.
- Improved keyboard accessibility on Custom Header and Custom Background screen.
- Improved text contrast against dark backgrounds in the admin menu and toolbar.
- When switching to the Text editor, make the textarea visible to screen readers.
- Use <button> instead of <a> for the Visual/Text buttons to make them focusable.
- Improve the focus style for review links in the plugin info modal.
- TinyMCE:
 -- Return focus to the editor on pressing Escape while the image toolbar is focused.
 -- Add a Close button to the Help modal and close it on Escape.
 -- Override the title on the editor iframe (read by screen reader apps), replace with the Alt+Shift+H shortcut.
 -- Add focus shortcuts descriptions to the Help modal.

Multisite
- Set the default network language on the Network Settings screen.

Revision 1.22 / (download) - annotate - [select for diffs], Fri Sep 12 22:18:08 2014 UTC (7 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.21: +26 -8 lines
Diff to previous 1.21 (colored)

Update to version 4.0.

Major changes:

General

- Featured image previews now support .bmp files
- Featured Image meta box is now hidden for contributors lacking upload
  capabilities
- New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube
  playlists, TED talks
- Install WordPress in your language
- Streamlined Language management right from the dashboard

Posts

- Display embed previews for audio/visual URLs in Visual editor content
  box.
- Page scrolling now scrolls post content box.
- Edit Post/Page menu bar sticks to top of content box when scrolling
  (Visual and Text editor).
- Color picker was re-added to the Visual editor

Media

- Add Media Grid view option (default) for Media Library
- Add "Bulk Select" button to Media Grid view to delete multiple items
- Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu
- Expand oEmbed support to include YouTube playlist URLs and Polldaddy„ŗ—‘
  short URL format
- Remove Viddler oEmbed support
- Update SlideShare oEmbed regex
- Improved media experience on small screen sizes (embedded videos now
  responsive)
- Native video and audio shortcodes now support Flash playback looping

Comments

- Comments in trash can now be marked as spam.

Plugins

- Display plugins list as grid, with thumbnails, on Add New screen.
- Add popup window with plugin details (displays info from plugin's
  directory page).
- Add "Beta Testing" tab to Plugins screen for new features-as-plugins.

Accessibility

- Improved keyboard accessibility in the Add Media panel
- Improved screen-reader support for Customizer sections
- Makes links in help tabs keyboard accessible
- Improvements for screen-readers when managing widgets in the
  Customizer

Install Process

- Add language select menu as first Installation screen (skipped for
  localized installs)

Multisite

- mp4 file extension was added to allowed upload file types

Revision 1.21 / (download) - annotate - [select for diffs], Sun Aug 17 08:48:33 2014 UTC (7 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)

Security update to version 3.9.2

Changes:

* Fixes a possible denial of service issue in PHP„ŗ—‘ XML processing, reported by
  Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael
  Adams and Andrew Nacin of the WordPress security team and David Rothstein of
  the Drupal security team.
* Fixes a possible but unlikely code execution when processing widgets
  (WordPress is not affected by default), discovered by Alex Concha of the
  WordPress security team.
* Prevents information disclosure via XML entity attacks in the external GetID3
  library, reported by Ivan Novikov of ONSec.
* Adds protections against brute attacks against CSRF tokens, reported by David
  Tomaschik of the Google Security Team.
* Contains some additional security hardening, like preventing cross-site
  scripting that could be triggered only by administrators.

Revision 1.20 / (download) - annotate - [select for diffs], Fri May 16 19:55:07 2014 UTC (7 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.19: +148 -173 lines
Diff to previous 1.19 (colored)

Update to wordpress 3.9.1.

Changes:
- A smoother media editing experience
- Improved visual editing - speed, accessibility, and mobile support
- Edit images easily - quicker access to crop and rotation tools, scale images
  directly in the editor
- Drag and drop your images right onto the editor
- Image gallery previews right in the editor
- Showcase music and clips with simple audio and video playlists
- Live widget and header image previews in the Customizer
- Stunning new theme browser

Version 3.9.1 fixes 34 bugs from 3.9.

More details on http://codex.wordpress.org/Version_3.9 and
http://codex.wordpress.org/Version_3.9.1

Revision 1.19 / (download) - annotate - [select for diffs], Thu Jan 23 16:27:49 2014 UTC (7 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.18: +141 -40 lines
Diff to previous 1.18 (colored)

Update to version 3.8.

Changes:

Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management

New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
  content's layout with a full-width page template and a contributor page to show
  off your authors.

For Developers
* External Libraries have been updated.
* Better RTL support

More info on http://codex.wordpress.org/Version_3.8

Revision 1.18 / (download) - annotate - [select for diffs], Fri Nov 8 21:33:02 2013 UTC (8 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.17: +11 -3 lines
Diff to previous 1.17 (colored)

Update to 3.7.1 Maintenance Release.

Changes:

Version 3.7:

* Background Updates
-  Automatic updates for maintenance and security updates.
-  Daily updates for developers using nightly builds.
* Stronger Password Meter
-  New password meter to encourage users to choose stronger passwords.
* Improved Search
-  More relevant search results.
* Better Global Support
-  Localized versions will receive faster and more complete translations.
-  Background updates will include translations

More info on http://codex.wordpress.org/Version_3.7

Version 3.7.1:

- Images with captions no longer appear broken in the visual editor.
- Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org.
- Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early.
- Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values.
- Fix a warning that may occur in certain setups while performing a search, and a few other notices.

More info on http://codex.wordpress.org/Version_3.7.1

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Fri Sep 13 13:07:27 2013 UTC (8 years, 2 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.15: +120 -92 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Pullup ticket #4234 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.34-1.35
- www/wordpress/PLIST                                           1.16-1.17
- www/wordpress/distinfo                                        1.26-1.27

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Aug  8 07:50:58 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version of Wordpress 3.6.

   ChangeLog:

   New Default Theme - Twenty Thirteen
   * Focus on blogging
   * Single column layout with Sidebar / Widgets in the footer
   * Latest Theme Features support, particularly Post Formats and Semantic Markup
   * Font-based icons (Genericons)

   Admin Enhancements
   * UI improvements on Navigation Menus Screen
   * Revisions revised to be more dynamic and scalable
   * Autosave and Post Locking
   * Preview Audio and Video on Media Edit Screen
   * In-line login following expired sessions

   For Developers
   * External Libraries have been updated.
   * New audio/video APIs give developers access to powerful media metadata, like
   ID3 tags.
   * Filters for revisions, allowing you to set the number of revisions ad hoc
   instead of only via a define.
   * Semantic Markup allows themes to choose improved HTML5 markup for search
   forms, comment forms, and comment lists.
   * Search content for shortcodes with has_shortcode() and adjust shortcode
   attributes with a new filter.

   More info on http://codex.wordpress.org/Version_3.6

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Sep 12 17:19:59 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   This maintenance release addresses 13 bugs with version 3.6.

   Additionally: Version 3.6.1 fixes three security issues:

   * Remote Code Execution: Block unsafe PHP de-serialization that could occur in
   limited situations and setups, which can lead to remote code execution.
   Reported by Tom Van Goethem. CVE-2013-4338.
   * Link Injection / Open Redirect: Fix insufficient input validation that could
   result in redirecting or leading a user to another website.
   Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
   for Disease Control and Prevention. CVE-2013-4339.
   * Privilege Escalation: Prevent a user with an Author role, using a specially
   crafted request, from being able to create a post "written by" another user.
   Reported by Anakorn Kyavatanakij. CVE-2013-4340.

   Additional security hardening:

   * Updated security restrictions around file uploads to mitigate the potential
   for cross-site scripting. The extensions .swf and .exe are no longer allowed
   by default, and .htm and .html are only allowed if the user has the ability
   to use unfiltered HTML.

   More on http://codex.wordpress.org/Version_3.6.1

Revision 1.17 / (download) - annotate - [select for diffs], Thu Sep 12 17:19:59 2013 UTC (8 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.16: +0 -4 lines
Diff to previous 1.16 (colored)

This maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.

Additional security hardening:

* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.

More on http://codex.wordpress.org/Version_3.6.1

Revision 1.16 / (download) - annotate - [select for diffs], Thu Aug 8 07:50:58 2013 UTC (8 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.15: +120 -88 lines
Diff to previous 1.15 (colored)

Update to newest version of Wordpress 3.6.

ChangeLog:

New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)

Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions

For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter.

More info on http://codex.wordpress.org/Version_3.6

Revision 1.14.2.1 / (download) - annotate - [select for diffs], Sat Jun 29 23:38:30 2013 UTC (8 years, 5 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.14: +0 -1 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)

Pullup ticket #4166 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.32-1.33
- www/wordpress/PLIST                                           1.15
- www/wordpress/distinfo                                        1.25

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jun 24 16:13:21 UTC 2013

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to version 3.5.2.

   Fixed issues:

   * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
   * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
   * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
   * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
   * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
   * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
   * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

   * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
   * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
   * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Jun 24 16:16:42 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile

   Log Message:
   Remove pkgrevision bit

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Jun 27 08:04:57 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: PLIST

   Log Message:
   Fix PLIST file, unbreak build

Revision 1.15 / (download) - annotate - [select for diffs], Thu Jun 27 08:04:57 2013 UTC (8 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.14: +1 -2 lines
Diff to previous 1.14 (colored)

Fix PLIST file, unbreak build

Revision 1.13.2.1 / (download) - annotate - [select for diffs], Sun Jan 27 14:06:48 2013 UTC (8 years, 10 months ago) by spz
Branch: pkgsrc-2012Q4
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)

Pullup ticket #4042 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.30
- www/wordpress/PLIST                                           1.14
- www/wordpress/distinfo                                        1.24

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Jan 27 07:51:37 UTC 2013
   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo
   Log Message:
   This maintenance release addresses 37 bugs with version 3.5, including:
   * Editor: Prevent certain HTML elements from being unexpectedly removed or
   modified in rare cases.
   * Media: Fix a collection of minor workflow and compatibility issues in the new
   media manager.
   * Networks: Suggest proper rewrite rules when creating a new network.
   * Prevent scheduled posts from being stripped of certain HTML, such as video
   embeds, when they are published.
   * Work around some misconfigurations that may have caused some JavaScript in
   the WordPress admin area to fail.
   * Suppress some warnings that could occur when a plugin misused the database or
   user APIs.
   Additionally: Version 3.5.1 fixes a few security issues:
   * Server-side request forgery (SSRF) and remote port scanning via pingbacks.
   Fixed by the WordPress security team.
   * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
   Cave of the WordPress security team.
   * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
   was released to address this issue.
   To generate a diff of this commit:
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo

Revision 1.14 / (download) - annotate - [select for diffs], Sun Jan 27 07:51:37 2013 UTC (8 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Changes since 1.13: +1 -1 lines
Diff to previous 1.13 (colored)

This maintenance release addresses 37 bugs with version 3.5, including:

* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.

Additionally: Version 3.5.1 fixes a few security issues:

* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.

Revision 1.13 / (download) - annotate - [select for diffs], Sun Dec 16 22:20:27 2012 UTC (8 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.12: +251 -207 lines
Diff to previous 1.12 (colored)

Update to version 3.5.

Highlights

* New Media Manager
     + Beautiful interface: A streamlined, all-new experience
     + Create galleries faster with drag-and-drop reordering,
       inline caption editing, and simplified controls
     + Insert multiple images at once with Shift/Ctrl+click

* New Default Theme - Twenty Twelve
     + Simple, flexible, elegant
     + Mobile-first, responsive design
     + Gorgeous Open Sans typeface
     + Uses the latest Theme Features

* Admin Enhancements
     + New Welcome Screen
     + Retina-Ready (HiDPI) Admin
     + Hide Link Manager for new installs
     + Better accessibility for screenreaders, touch devices, and
       keyboard users
     + More polish on admin screens, including a new color picker

* For Developers
     + WP_Comment_Query and WP_User_Query accept now meta queries
       just like WP_Query
     + Meta queries now support querying for objects without a
       particular meta key
     + Post objects are now instances of a WP_Post class, which
       improves performance and caching
     + Multisite's switch_to_blog() is now significantly faster and
       more reliable
     + WordPress has added the Underscore and Backbone JavaScript
       libraries
     + TinyMCE, jQuery, jQuery UI, and SimplePie have all been
       updated to the latest versions
     + Image Editing API for cropping, scaling, etc., that uses
       ImageMagick as well as GD
     + XML-RPC: Now always enabled and supports fetching users,
       managing post revisions, searching
     + New "show_admin_column" parameter for register_taxonomy()
       allows automatic creation of taxonomy columns on associated post-types.

Revision 1.12 / (download) - annotate - [select for diffs], Fri Jun 29 10:40:13 2012 UTC (9 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.11: +75 -30 lines
Diff to previous 1.11 (colored)

Security update to version of Wordpress 3.4.1.

ChangeLog:

Wordpress 3.4.1:

* Fixes an issue where a theme„ŗ—‘ page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a network-wide activation.
* Better compatibility with servers running certain versions of PHP (5.2.4, 5.4)
or with uncommon setups (safe mode, open_basedir), which had caused warnings or
in some cases prevented emails from being sent.

Additionally: Version 3.4.1 fixes a few security issues and contains some security
hardening. These issues were discovered and fixed by the WordPress security team:

* Privilege Escalation/XSS. Critical. Administrators and editors in multisite
were accidentally allowed to use unfiltered_html for 3.4.0.
* CSRF. Additional CSRF protection in the customizer.
* Information Disclosure: Disclosure of post contents to authors and contributors
(such as private or draft posts).
* Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
* Hardening: Require a child theme to be activated with its intended parent only.

Wordpress 3.4:

* Enhanced theme control
    * Customize theme options before activating a new theme using Theme Customizer
    * Use Theme Previewer to customize current theme without changing the front-end design

* Custom Headers
    * Improved Custom Headers with flexible sizes
    * Selecting Custom Header Images and Custom Background Images from Media Library Screen

* Media improvements
    * Support HTML in image captions

* Under the Hood improvements
    * Improvements in WordPress internationalization and localization (more info)
    * Different split in translation POT files for faster translations
    * Codex XML-RPC information update accessed via XML-RPC_WordPress_API
    * WP_Query improvements

Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 14 19:47:45 2011 UTC (9 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.10: +68 -80 lines
Diff to previous 1.10 (colored)

Update to version 3.3.

Highlights:

* Easier Uploading
    - File Type Detection - A single upload button
    - Drag-and-Drop Media Uploader
* Dashboard Design
    - New Toolbar in the dashboard, combining the Admin Bar and admin
      header
    - Responsive design for some screens, including iPad/tablet
      support
    - Flyout menus, providing single-click access to any screen
* New User Experience
    - New feature pointers, helping users navigate new features
    - Post-update About screen
    - Dashboard welcome area for new installs
* Content Tools
    - Better co-editing that releases post locks immediately
    - Don't lose widgets when switching themes
    - Tumblr Importer
* Under the Hood improvements
    - Use the postname permalink structure without a performance
      penalty
    - Improved Editor API
    - is_main_query() function and WP_Query method
    - Remove a number of funky characters from post slugs
    - jQuery 1.7.1 and jQuery UI 1.8.16
    - A new Screen API for adding help documentation and adapting to
      screen contexts
    - Improved metadata API
* Performance improvements and hundreds of bug fixes

More changes at http://codex.wordpress.org/Version_3.3

Revision 1.10 / (download) - annotate - [select for diffs], Fri Aug 19 18:18:26 2011 UTC (10 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)

Update to newest release.

From the Announcement blog: "This maintenance release fixes a server
incompatibility related to JSON that„ŗ—‘ unfortunately affected some of you,
as well as a few other fixes in the new dashboard design and the Twenty
Eleven theme."

Revision 1.8.4.1 / (download) - annotate - [select for diffs], Tue Jul 12 10:58:47 2011 UTC (10 years, 4 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.8: +123 -11 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)

Pullup ticket #3471 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.20
- www/wordpress/PLIST                                           1.9
- www/wordpress/distinfo                                        1.16

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jul 11 22:53:50 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version - 3.2.

   Highlights:

   * Refreshed Administrative UI - Admin redesign
   * New Default Theme "Twenty Eleven" - Uses the latest Theme Features
   * Full Screen Editor - Distraction free writing experience
   * Extended Admin Bar - More useful links to control the site

   * Enhanced Browser Compatibility -
     - Drop Internet Explorer 6 support
     - Start End-of-life (EOL) cycle for Internet Explorer 7
     - Browse Happy notify users of out-of-date browser

   * WordPress is Faster and Lighter -
     - Faster page loads -- We've gone through the most commonly loaded
     pages in WP and done improvements to their load time
     - Faster Upgrades -- The update system now support incremental
     upgrades so after 3.2 you'll find upgrading faster than ever
     - Optimizations to WP_Filesystem -- Updates over FTP are now much
     quicker and less error prone
     - Stream downloads to the filesystem -- Improves update times and
     lowers the memory footprint
     - Performance improvements for wptexturize()
     - Remove PHP4 compatibility including timezone support
     - More efficient term intersection queries
     - Some optimizations in the HTML sanitizer (kses)
     - Speed optimizations for is_serialized_string()
     - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary
     Ajax requests as well as the memory footprint
     - And many other improvements and tweaks

   Contains also security fixes from wordpress 3.1.4.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Jul 11 22:53:49 2011 UTC (10 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.8: +123 -11 lines
Diff to previous 1.8 (colored)

Update to newest version - 3.2.

Highlights:

* Refreshed Administrative UI - Admin redesign
* New Default Theme "Twenty Eleven" - Uses the latest Theme Features
* Full Screen Editor - Distraction free writing experience
* Extended Admin Bar - More useful links to control the site

* Enhanced Browser Compatibility -
  - Drop Internet Explorer 6 support
  - Start End-of-life (EOL) cycle for Internet Explorer 7
  - Browse Happy notify users of out-of-date browser

* WordPress is Faster and Lighter -
  - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time
  - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever
  - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone
  - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint
  - Performance improvements for wptexturize()
  - Remove PHP4 compatibility including timezone support
  - More efficient term intersection queries
  - Some optimizations in the HTML sanitizer (kses)
  - Speed optimizations for is_serialized_string()
  - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint
  - And many other improvements and tweaks

Contains also security fixes from wordpress 3.1.4.

Revision 1.8 / (download) - annotate - [select for diffs], Sun Feb 27 10:30:16 2011 UTC (10 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q1-base, pkgsrc-2011Q1
Branch point for: pkgsrc-2011Q2
Changes since 1.7: +111 -34 lines
Diff to previous 1.7 (colored)

Update to wordpress-3.1.

Changes:
* Internal Linking - click a button for an internal link and it allows
you to search for a post or browse a list of existing content and select it
for inclusion.
* Admin Bar - contains various links to useful admin screens. By default,
the admin bar is displayed when a user is logged in and visiting the site
and is not displayed in admin screens for single blog installs. For multisite
installs, the admin bar is displayed both when visiting the site and in the
admin screens.
* Streamlined Writing Interface - new users of WordPress will find the write
screen much less cluttered than before, as more of the options are hidden by
default. You can click on Screen Options in the top right to bring them back.
* Post Formats - meta information that can be used by themes to customize
presentation of a post. Read more in the article Post Formats.
* Network Admin - move Super Admin menus and related pages out of the regular
admin and into a new Network Admin screen.
* List-type Admin Screens - sortable columns for list-type screens and better
pagination.
* Exporter/Importer Overhaul - many under the hood changes including adding
author information, better handling for taxonomies and terms, and proper
support for navigation menus.
* Custom Content Type Improvements - allows developers to generate archive
pages, and have better menu and capability controls.
* Advanced Queries - allows developers to query multiple taxonomies and custom
fields.
* Refreshed Blue Admin Color Scheme - puts the focus more squarely on your
content.

More changes at http://codex.wordpress.org/Version_3.1

Revision 1.6.2.1 / (download) - annotate - [select for diffs], Tue Dec 7 12:08:21 2010 UTC (10 years, 11 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.6: +2 -0 lines
Diff to previous 1.6 (colored) next main 1.7 (colored)

Pullup ticket #3296 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.12
- www/wordpress/PLIST				1.7
- www/wordpress/distinfo			1.8
---
Module Name:	pkgsrc
Committed By:	morr
Date:		Sun Dec  5 16:46:29 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could
  gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can
  easily be abused.
* Fix canonical redirection for permalinks containing %category% with
  nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting
  a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap()
  even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a
  URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for
  upgraded WordPress MU installs

While here, set license.

Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 5 16:46:28 2010 UTC (10 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base, pkgsrc-2010Q4
Changes since 1.6: +3 -1 lines
Diff to previous 1.6 (colored)

Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
* Fix canonical redirection for permalinks containing %category% with nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

While here, set license.

Revision 1.6 / (download) - annotate - [select for diffs], Wed Aug 4 07:52:37 2010 UTC (11 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Changes since 1.5: +114 -112 lines
Diff to previous 1.5 (colored)

Update to 3.0.1.

3.0.1:
* Fixed 54 tickets total. A break down of ticket status by component can be found in Trac (http://core.trac.wordpress.org/milestone/3.0.1).
* Added unregister_nav_menu(), for child themes.

3.0:
* WordPress and WordPress MU have merged, allowing the management of multiple sites (called Multisite) from one WordPress installation.
* New default theme "Twenty Ten" takes full advantage of the current features of WordPress.
* New Custom Menu Management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets.
* Custom Header and Custom Background APIs.
* Contextual help text accessed under the Help tab of every screen in the WordPress administration.
* Ability to set the admin username and password during installation.
* Bulk updating of themes with an automatic maintenance mode during the process.
* Support for Shortlinks.
* Improved Custom Post Types and Custom Taxonomies including hierarchical (category-style) support. (Try the Custom Post Type UI or GD Custom Posts And Taxonomies Tools plugins to see the possibilities.)
* A lighter admin color scheme to increase accessibility and put the focus more squarely on your content.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 19 22:34:02 2010 UTC (11 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.4: +36 -7 lines
Diff to previous 1.4 (colored)

Update to 2.9.2

2.9.2:
    * Fixed problem where where logged in users can peek at trashed posts belonging to other authors.
    * Fixed other issues

2.9.1:
    * Fixed problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts
    * Fixed other issues

2.9:

 User Features

    * Trash status for posts, pages, and comments (includes restore and permanent delete)
    * Add support for 'include' and 'exclude' to [gallery] (Gallery Shortcode)
    * Allow user registration to be enabled by an XMLRPC client
    * Add support for sticky posts to the WXR exporter and importer
    * 'rel=canonical' for singular pages
    * Scroll back to the same location after saving a file in the Plugin and Theme editors
    * Correct comments and remove unnecessary echos from the default themes sidebar template file
    * Enable the APP (Atom) attachment file download to work correctly
    * Support location of category templates based on 'category-slug' as well as 'category-id' (Ticket 10614)
    * Support location of tag templates based on 'tag-id' as well as 'tag-slug' (Ticket 10868)
    * Support location of page templates based on 'page-slug' and 'page-id'
    * Set "Allow my blog to appear in search engines" to checked in installation
    * Don't offer to make a category its own parent
    * Remove Sphere from search list
    * Minify admin CSS
    * Show correct max upload filesize error message
    * Add 'rel' attribute to next/previous post links
    * Make the default and classic themes comment textareas valid XHTML
    * Clean up '.button' and '.button[disabled]' CSS classes, add 'spinner' and 'gray-out' buttons after clicking Publish or Update post
    * Fix race condition with autosave when clicking Publish immediately after entering post title
    * Add Comments for Pages in the WordPress Default theme
    * Define '$content_width' for Kubrick
    * Better feedback on publishing of future posts and pages
    * Display comments in descending date order, consistently
    * Add means of automatically repairing tables
    * Press This bookmarklet fixes
    * Give plugins and themes simple control over the text displayed at the end of an autogenerated Excerpt
    * Don't show "Change Permalinks" button when editing the page set as "Front page"
    * Image editing
    * Retire BunnyTags importer
    * Retire Jerome's keywords importer
    * Explain that the permalink is temporary for autosave generated permalinks
    * Update SimplePie to 1.2
    * Eliminate the redundant and confusing comment threading depth of 1
    * Easier Embeds with oEmbed support (see Ticket #10337) (oEmbed discovery disabled by default, use plugin to enable it)
    * TinyMCE 3.2.7
    * Remove rel='tag' on links in Tag Clouds
    * Add a title to the Home link output by wp_page_menu()
    * Adjust comment moderation keyboard shortcut keys 'd = trash' or delete depending on the screen
    * Show "Draft updated" instead of "Post updated" when saving draft
    * Show the login form in a popup when autosave hits the login grace period
    * Open View/Preview post in a new window from the link in the Saved/Updated message
    * Separate fields for 'image alt' and 'image caption' in Media uploader
    * Display better information about broken themes when there is no stylesheet
    * Improve situation when tables such as wp_options table were 'corrupt' new installation message was offered. Add means of automatically repairing tables
    * Export and import custom taxonomies
    * Admin copy improvements
    * Don't show page templates in the drop down if they are in a subdirectory
    * Make codex link open in a new window
    * Change 'Remove' link on widgets to 'Delete' because it doesn't just remove it, it deletes the settings for that widget instance.

Development, Themes, Plugins

    * Added 'excerpt_more' filter to wp_trim_excerpt() function, which allow developers to change excerpt '[...]' more string (Ticket 10395)
    * Add 'smilies_src' filter so plugins can better add smilies
    * Canonical redirects for post name queries
    * Allow _wp_get_comment_list() to handle custom comment types
    * Return an empty array instead of false for get_children() when no children found
    * Add some filters so that HTTP requests can be filtered
    * Move plugin update notice output to the plugin specific hook
    * Limit wp-mail 'blog by email' checks to every 5 minutes
    * Make it much easier to filter contact methods from user profiles
    * Allow filtering of get_edit_post_link for custom post_type
    * 'get_sample_permalink_html' filter
    * Enforce activation key to be a string, reject activation keys that are arrays
    * Support for new post types
    * Respect custom post_type in queries
    * Send Retry-After header when in maintenance mode
    * Various WP Filesystem related fixes and documentation
    * Add constants for ftp connections timeouts
    * Increase timeout on cron-based requests when checking for upgrades
    * Don't use has_action() before do_action() in http.php
    * Speed up jQuery based scripts
    * Use the current user as author for autosave
    * Show My Posts as default view on the Edit Posts screen for users without 'edit_others_posts' cap
    * Ensure that drafts viewed over XMLRPC have a correct gmt date set
    * Pass user id to 'get_' the_author_meta filters
    * Move _wp_get_user_contactmethods() into the registrations functions file
    * Machine parseable db error codes
    * Add global JS vars and actions to the media uploader iframe
    * Add JSON compat for PHP < 5.2
    * Make option_name the primary key for the options table
    * Allow a plugin to do a complete takeover of Post by Email
    * Logarithmic scale for tag cloud
    * Pass Post ID to the 'get_comments_number' filter
    * Always filter the url in the media upload form
    * Add a 'the_terms' filter
    * is_blog_installed() improvements
    * Allow force_ssl_admin() to properly accept false as a value
    * Pass logged_in cookie to async-upload and filter the cookie scheme in auth_redirect()
    * Add more actions around database add/delete/update operations
    * phpDoc for wp_"check|set"_post_lock functions
    * Use the old strings which are more translator friendly and add a generic default string to aid re-use by plugins adding post_types
    * Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field()
    * Use null instead of 0 when setting content length
    * Include 'hidden' directories in filesystem dirlist by default
    * Pass args array to 'wp_list_pages' filter
    * Actions for taxonomy updates
    * Key should be 'comment_id' not 'post_id' in comments table
    * Add get_delete_post_link () to retrieve delete posts link for post
    * Add 'separator' parameter to wp_tag_cloud() and wp_generate_tag_cloud() functions (Ticket 10315)
    * Added add_comment_meta() family of functions
    * Use a post_parent of 0 instead of -1 to indicate unattached posts
    * Improve get_page_hierarchy() function
    * Deprecate the_content_rss(), add the_content_feed() and get_the_content_feed(). Convert places that called the_content_rss() with an excerpt length to the_excerpt_rss(). Remove the rss_excerpt_length option. Use the_content_feed() where the_content() was previously used in feeds.
    * Add 'pad_counts' argument to wp_dropdown_categories()
    * Remove codepress
    * Remove the php-gettext library
    * Canonical post thumbanils
    * Add a filter to the_author_posts_link()
    * Merge post.js with page.js and slug.js, optimize categories and tags JS, standardize postboxes IDs and JS
    * Introduce register_theme_directory() which takes a wp-content-relative path and will additionally scan it for themes. Plugins can use this to add themes without requiring copying by the user
    * Add set_user_role action hook
    * Allow theme devs to change attrs (like CSS class) of thumbnail images
    * Add wp-post-image CSS class to post images
    * Allow for plugins to enhance the number of metadata fields captured from plugin and theme headers
    * Merge updated pomo code
    * Switch to using NOOP_Translations for untranslated sites
    * Improve wptexturize performance
    * Provide context to the strings in the Plugin and Theme installers to allow for different grammatical gender
    * Fixes for theme subdir support
    * Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data
    * Add 'orderby=comment_count' argument to query_posts()
    * Honor Post Type for Sticky Posts
    * Allow querying multiple post types
    * Introduce add_theme_support(feature) and current_theme_supports(feature) for announcing and checking theme support for various features
    * Introduce require_if_theme_supports()
    * Add number of Embed related filters
    * Add 'IMAGE_EDIT_OVERWRITE' constant to control edited image save or replace, most useful for setups that have dynamic image resizing
    * Add load_child_theme_textdomain() to allow child themes to have their own translation files
    * Add sidebar descriptions to sidebar settings and widget admin screen
    * Make option_id primary. Add uniques for option_name and autoload
    * Allow plugins to override the behaviour of load_textdomain() in a variety of flexible ways
    * Mark _c() as deprecated. The new _x() function should be used instead.
    * Allow plugins to change the redirect on post/page publishing/submitting
    * Standardize on 'user_id' instead of 'user_ID' when passing comment data. Accept either 'user_id' or 'user_ID'. Remove 'user_id' global.
    * Filter imported comments
    * Introducing set_post_image_size(w, h, crop) so themes can register their special size/crop for canonical post images
    * Standardize around "post image" instead of "post thumbnail"
    * Allow registering post image support per post type
    * Return false from is_paged() if on the first page.
    * Check MySQL and PHP versions when auto upgrading
    * Add required php and mysql versions to version.php
    * Hard code required version in update-core.php

PR pkg/42765

Revision 1.3.2.1 / (download) - annotate - [select for diffs], Fri Nov 13 11:07:27 2009 UTC (12 years ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.3: +0 -2 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pullup ticket #2933 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.6
- www/wordpress/PLIST				1.4
- www/wordpress/distinfo			1.5
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Thu Nov 12 22:05:55 UTC 2009

Modified Files:
        pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with
define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations

Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 12 22:05:55 2009 UTC (12 years ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.3: +1 -3 lines
Diff to previous 1.3 (colored)

Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations

Revision 1.2.2.1 / (download) - annotate - [select for diffs], Tue Jul 28 22:11:14 2009 UTC (12 years, 4 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.2: +134 -10 lines
Diff to previous 1.2 (colored) next main 1.3 (colored)

Pullup ticket #2843 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.3
- www/wordpress/PLIST			1.3
- www/wordpress/distinfo		1.2
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Jul 28 21:20:20 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an
option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.3 / (download) - annotate - [select for diffs], Tue Jul 28 21:20:20 2009 UTC (12 years, 4 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.2: +134 -10 lines
Diff to previous 1.2 (colored)

Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.2 / (download) - annotate - [select for diffs], Sun Jun 14 22:00:41 2009 UTC (12 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.1: +2 -80 lines
Diff to previous 1.1 (colored)

Convert @exec/@unexec to @pkgdir or drop it.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Apr 6 11:31:02 2009 UTC (12 years, 7 months ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Import of wordpress 2.7.1 from pkgsrc-wip
Initiall packaged by shinden@linux.pl and then hacked by me

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 6 11:31:02 2009 UTC (12 years, 7 months ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>