The NetBSD Project

CVS log for pkgsrc/www/wordpress/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / wordpress

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.85 / (download) - annotate - [select for diffs], Tue Oct 26 11:31:14 2021 UTC (6 weeks, 1 day ago) by nia
Branch: MAIN
CVS Tags: HEAD
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)

www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz

Revision 1.84 / (download) - annotate - [select for diffs], Thu Oct 7 15:08:58 2021 UTC (2 months ago) by nia
Branch: MAIN
Changes since 1.83: +1 -2 lines
Diff to previous 1.83 (colored)

www: Remove SHA1 hashes for distfiles

Revision 1.83 / (download) - annotate - [select for diffs], Sun Jul 25 11:49:00 2021 UTC (4 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.82: +5 -5 lines
Diff to previous 1.82 (colored)

Welcome to version 5.8.

Highlights of this release:
- manage widgets with blocks
- display posts with new blocks and patterns
- overview of the page structure
- suggested patterns for blocks
- style and colorize images
- theme.json
- dropping support for IE11
- adding support for WebP
- adding additional block supports

More details here: https://wordpress.org/support/wordpress-version/version-5-8/

Revision 1.81.2.1 / (download) - annotate - [select for diffs], Sat Jul 24 16:38:46 2021 UTC (4 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2021Q2
Changes since 1.81: +5 -5 lines
Diff to previous 1.81 (colored) next main 1.82 (colored)

Pullup ticket #6490 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.100
- www/wordpress/distinfo                                        1.82

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sat Jul 17 15:51:33 UTC 2021

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 5.7.2.

   Security issue fixed:
   - Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.

Revision 1.82 / (download) - annotate - [select for diffs], Sat Jul 17 15:51:33 2021 UTC (4 months, 3 weeks ago) by morr
Branch: MAIN
Changes since 1.81: +5 -5 lines
Diff to previous 1.81 (colored)

Security update to 5.7.2.

Security issue fixed:
- Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.

Revision 1.81 / (download) - annotate - [select for diffs], Fri Apr 23 06:05:55 2021 UTC (7 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base
Branch point for: pkgsrc-2021Q2
Changes since 1.80: +5 -5 lines
Diff to previous 1.80 (colored)

Security update to 5.7.1.

Two security issues affect WordPress versions between 4.7 and 5.7.

- thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
- thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API

Revision 1.80 / (download) - annotate - [select for diffs], Sun Mar 14 17:01:33 2021 UTC (8 months, 3 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.79: +5 -5 lines
Diff to previous 1.79 (colored)

Update to version 5.7

Highlights of this release:
- block editor changes
- WP Admin: a new color palette
- from HTTP to HTTPS in a single click
- new robots API
- ongoing cleanup after update to jQuery 3.5.1
- lazy-load your iframes # Lazy-load your iframes

More details here: https://wordpress.org/support/wordpress-version/version-5.7/

Revision 1.79 / (download) - annotate - [select for diffs], Sun Feb 28 00:04:11 2021 UTC (9 months, 1 week ago) by morr
Branch: MAIN
Changes since 1.78: +5 -5 lines
Diff to previous 1.78 (colored)

Update to version 5.6.2.

Changes:

5.6.2:
This maintenance release features 5 bug fixes. These bugs affect WordPress version 5.6.1.

WordPress Core changes on Trac:
- #52440: Prevent the "Leave site" browser alert in Classic Editor when post title, excerpt, or post content fields are missing.
- #52018: Avoid a fatal error in PHP 8.0 when the "zip" PHP extension is disabled.

Block editor changes from GitHub and Trac:

- #52396: Image options are not visible in pop up when the clicking replace button from Image block.
- #52449: Can't change font size the 5.6.1 paragraph block.
- GH-26583: Restore block preview within the block inserter.

5.6.1:
This maintenance release features 20 bug fixes as well as 7 issues fixed on the block editor. These bugs affect WordPress version 5.6

WordPress Core changes on Trac:

- #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
- #52327: Requested updates to the PHP Update Alert
- #51940: The schema for the taxonomy property of a term in the REST API should not include all taxonomies
- #51980: App Passwords: „ŗŌĘdd New Application Password„ŗsubmit button is hidden on mobile devices in „ŗŌ∂ser Profile„ŗpage
- #51995: WordPress 5.6: Classic editor menu is not sticky
- #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
- #52013: Duplicate wp_authorize_application_password_form actions
- #52030: Media metaboxes return fatal error if no author metadata present
- #52038: Issue in WooCommerce with wp_editor() after update to WP 5.6
- #52046: The Distraction Free Writing setting on the old Edit Post screen may be reset after page reload
- #52065: Media gallery: „ŗŌĘlign„ŗand „ŗŌ≠ink To„ŗfields missing from „ŗŌ™nsert from URL„ŗ- #52066: Application Passwords are unusable in combination with password protected /wp-admin
- #52075: Word Count on Classic Editor doesn„ŗ—’ update in real time on Firefox unless saved
- #52097: Site Health Loopback Test doesn„ŗ—’ send admin cookies
- #52135: False positive on `WP_Site_Health_Auto_Updates`
- #52196: wp_get_attachment_metadata() is broken if no first argument is passed in.
- #52205: REST API: Plugins Controller single plugin route fatal errors on multisite
- #52299: Exported user data can be listed with directory listing
- #52351: missing echo function for translate method
- #52391: Gutenberg Updates for 5.6.1

Block editor changes from GitHub:

- #27970: Fix editor crash when registering a block pattern without categories
- #27733: Embed block: Add html and reusable support back
- #27727: Add aria labels to box control component inputs/button
- #27627: HTML Block: Fix editor styles
- #27526: Core Data: Normalize _fields value for use in stableKey
- #26705: Fix: Font size picker does not correctly handles big font sizes.
- #26432: Edit Site: prevent inserter overscroll

Revision 1.78 / (download) - annotate - [select for diffs], Fri Dec 11 18:09:09 2020 UTC (11 months, 3 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.77: +5 -5 lines
Diff to previous 1.77 (colored)

Update to Wordpress 5.6.

List of changes is here: https://wordpress.org/support/wordpress-version/version-5-6/

Revision 1.77 / (download) - annotate - [select for diffs], Sun Nov 1 15:06:08 2020 UTC (13 months, 1 week ago) by morr
Branch: MAIN
Changes since 1.76: +5 -5 lines
Diff to previous 1.76 (colored)

Security and maintenance update to version 5.5.3.

5.5.3:

This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.

5.5.2:

Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Maintenance updates:
#51130 Events displayed in venue timezone instead of user„ŗ—‘
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site„ŗ—‘
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files

Revision 1.76 / (download) - annotate - [select for diffs], Sat Sep 19 12:29:15 2020 UTC (14 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.75: +5 -5 lines
Diff to previous 1.75 (colored)

Update to wordpress 5.5.1.

Changes:

5.5:
- lazy-loaded images
- new sitemap
- autoupdate of plugins and themes
- block editor:
  - block patterns
  - block directory
  - inline image editing

5.5.1:
WordPress Core changes on Trac:

#50882 - Administration: WP 5.5: Cannot attribute content when deleting users
#50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" dropdown menu doesn't work
#38009 - Comments: #reply-title.comment-reply-title not updating when replying to an individual
#50845 - Editor: Block patterns: Fix translatable strings (take 2)
#50858 - Site Health: Check PHP notices with site_status_tests filter
#50887 - Site Health: Add site environment to debug information
#50892 - Editor: Some block patterns have text contrast issues with dark themes
#50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated
#50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error
#50919 - Script Loader: Change the jquery handle back to an alias for jquery-core
#50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox
#50945 - Site Health: don't give a warning when upload_max_size is lower than max_post_size
#50988 - Upgrade/Install: Pass details about the specific plugin and theme updates attempted to filters
#50992 - Bootstrap/Load: Remove the ability to alter the list of environment types in wp_get_environment_type()
#50999 - Script Loader: Disable concatenation for scripts with translations to ensure they are printed in the right order
#51011 - Upgrade/Install: Empty string comparison on home option during DB upgrades is invalid
#51018 - Editor: PHP Notice thrown when searching for certain terms via the Gutenberg block directory
#51151 - Editor: Packages update
#51021 - REST API: Permit uniqueItems keyword in endpoint args
#51146 - REST API: Fix multi-type schemas with integer fields
#51029 - Filesystem API: Typo in variable name causes warning from fclose()
#51042 - Post: missing excerpt
#51050 - Docs: Add docblock for get_the_archive_title() filter
#51052 - Administration: Undefined index: update-supported
#51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5
#51064 - Bootstrap/Load: Consider adding "local" as environment on WP_ENVIRONMENT_TYPE
#51073 - Administration: Extra padding below the admin bar
#51075 - Docs: Update docs for custom logo functions
#51122 - Docs: add a mention about the use of loading attribute in wp_get_attachment_image function
#51127 - UI/CSS: Remove non-color related styling from Modern color scheme
#51129 - Upgrade/Install: Only display the auto-update links on the Network Admin > Themes screen for themes that support the feature
#51337 - Template: wp_terms_checklist not checking selected taxonomy items with selected_cats option
#51184 - get_the_date() checks $format only for empty variable and fails on false boolean
#51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server
#38009 - #reply-title.comment-reply-title not updating when replying to an individual
#51123 - commonL10n and other JS globals removed without backwards compatibility
#50848 - Clarify the usage of null for auto_update_{$type} filter
#51081 - Fatal Error - Undefined get_page_templates() in Customizer
#51154 - sitemaps should be initialized before each test is run
#51028 - Dot should be out of the quotes

Block editor changes from GitHub:

PR24609 -  Fix missing selected block highlighting in list view
PR24599 -  Fix specificity for buttons with outline style and background colors
PR24533 -  Fix incorrect aria description in List View
PR24516 -  Fix regression bug for category select in QueryControls component
PR24478 -  Fix tiny editor preview when using Mobile or Tablet options with metaboxes enabled

Revision 1.75 / (download) - annotate - [select for diffs], Sun Jun 21 19:02:31 2020 UTC (17 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.74: +5 -5 lines
Diff to previous 1.74 (colored)

Security and maintenance update to Wordpress 5.4.2.

Changes:

WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven„ŗ—’ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- Props to Luigi „ŗ(gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

More details on https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

Revision 1.74 / (download) - annotate - [select for diffs], Sun May 3 12:00:03 2020 UTC (19 months ago) by morr
Branch: MAIN
Changes since 1.73: +5 -5 lines
Diff to previous 1.73 (colored)

Update to version 5.4.1.

Changes for 5.4:

Too much to include here, visit https://wordpress.org/support/wordpress-version/version-5-4/

Changes for 5.4.1:

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you„ŗ—Õl want to upgrade. If you haven„ŗ—’ yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.

WordPress 5.4.1 also fixes some regressions introduced in version 5.4:

#49838 „ŗAccessibility: Fix the headings hierarchy on the Freedoms page
#49798 „ŗCustomize: Give the WordPress logo a white background for dark mode browsers
#49853 „ŗMail: Make the check for empty post title in wp-mail.php more resilient
#49753 „ŗMedia: Remove display: none; from the (visually hidden) <input type="file"> button used in Plupload to select files for uploading. Fixes selecting files in Edge <= 44 and iOS Safari
#49772 „ŗPrivacy: Support additional elements (table, ol, ul) in privacy policy guide new styling
#49802 „ŗPrivacy: Make the deprecated wp_get_user_request_data() function available on front end
#49645 „ŗREST API: Fix revisions controller get_item permission check
#49648 „ŗREST API: Fix _fields filtering of registered rest fields
#49824 „ŗSite Health: Instantiation prevents use of some hooks by plugins
#49759 „ŗTaxonomy: Un-deprecate category_link and tag_link filters
#49974 „ŗBlock Editor updates

Revision 1.72.4.1 / (download) - annotate - [select for diffs], Sun Feb 23 18:10:23 2020 UTC (21 months, 2 weeks ago) by bsiegert
Branch: pkgsrc-2019Q4
Changes since 1.72: +5 -5 lines
Diff to previous 1.72 (colored) next main 1.73 (colored)

Pullup ticket #6139 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.91
- www/wordpress/PLIST                                           1.42
- www/wordpress/distinfo                                        1.73

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Feb 23 09:59:42 UTC 2020

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 5.3.2.

   Changes:

   Version 5.3.2:
   Maintenance updates
   - Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
   - Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
   - Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
   - Administration: Fix the colors in all color schemes for buttons with the .active class.
   - Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

   Version 5.3.1:
   Security fixes
   - Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
   - Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
   - Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
   - Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

   Maintenance updates
   - Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
   - Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
   - Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
   - Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
   - Embeds: remove CollegeHumor oEmbed provider as the service doesn„ŗ—’ exist anymore.
   - External libraries: update sodium_compat.
   - Site health: allow the remind interval for the admin email verification to be filtered.
   - Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
   - Users: ensure administration email verification uses the user„ŗ—‘ locale instead of the site locale.

Revision 1.73 / (download) - annotate - [select for diffs], Sun Feb 23 09:59:42 2020 UTC (21 months, 2 weeks ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.72: +5 -5 lines
Diff to previous 1.72 (colored)

Update to version 5.3.2.

Changes:

Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Maintenance updates
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn„ŗ—’ exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user„ŗ—‘ locale instead of the site locale.

Revision 1.72 / (download) - annotate - [select for diffs], Wed Dec 4 08:06:04 2019 UTC (2 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base
Branch point for: pkgsrc-2019Q4
Changes since 1.71: +5 -5 lines
Diff to previous 1.71 (colored)

Update to version 5.3.

Changes:
- Block Editor Improvements
- Expanded Design Flexibility
- new theme called Twenty Twenty
- Automatic Image Rotation
- Site Health Checks
- Admin Email Verification
- Date/Time Component Fixes
- PHP 7.4 Compatibility

For full changes, look at https://wordpress.org/support/wordpress-version/version-5-3/

Revision 1.71 / (download) - annotate - [select for diffs], Wed Oct 23 07:25:20 2019 UTC (2 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.70: +5 -5 lines
Diff to previous 1.70 (colored)

Maintenance and security update to version 5.2.4.

Changes:
5.2.4:

Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.

5.2.3:
#38415: New Custom Link menu item has a wrong fallback label
#45739: Block Editor: $editor_styles bug.
#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#46757: Media Trash: The Bulk Media options when in the Trash shouldn„ŗ—’ provide two primary buttons
#46758: Media Trash: Primary button(s) should be on the left
#46899: Ensure that tables generated by the Settings API have no semantics
#47079: Incorrect version for excerpt_allowed_blocks filter
#47113: Media views: dismiss notice button is invisible
#47145: Feature Image dialog does not follow the dialog pattern
#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47390: Improve accessibility of forms elements within some „ŗ◊«orm-table„ŗforms
#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47458: Fix tab sequence order in the Media attachment browser
#47489: Emoji are substituted in preformatted blocks
#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47538: Minor Verbiage Update „ŗSwitch „ŗŌŇeveloper time„ŗfor „ŗŌ¬ developer„ŗ#47543: Twenty Seventeen: buttons don„ŗ—’ change color on hover and focus
#47561: Plugin: View details popup layout issue
#47603: My account toggle on admin bar not visible at high zoom levels
#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47687: Use alt tags for gallery images in editor
#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47693: customizer Color picker should get closed when click on color picker area.
#47723: Adding a custom link in nav-menus.php doesn„ŗ—’ trim whitespace
#47758: Font sizes on installation screen are too small
#47835: PHP requirement always set to null for plugins
#47888: Adding a custom link in menu via Customize doesn„ŗ—’ trim whitespace.

Security Fixes
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of Fortinet„ŗ—‘ FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.

Revision 1.70 / (download) - annotate - [select for diffs], Tue Jul 16 19:31:21 2019 UTC (2 years, 4 months ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.69: +5 -5 lines
Diff to previous 1.69 (colored)

Update to 5.2.2. From the changelog:

5.2:
- Site Health
- PHP Error Protection
- Accessibility Updates
- New Dashboard Icons
- Plugin Compatibility Checks
- Privacy Updates
- New Body Hook
- Building JavaScript

5.2.1:
- 47180: An issue typing in the block editor while using a RTL language
  has been fixed.
- 47186: An bug causing 32-bit systems to run out of memory when using
  sodium_compat was fixed.
- 47189: The "Update your plugins" link in Site Health now links to the
  correct page in multisite installs.
- 47185: An issue in wp_delete_file_from_directory() where files were
  not deleting on Windows systems has been fixed.
- 47205: A bug was fixed where spaces could not be added in the Classic
  Editor after pressing shift+enter.
- 47265: 2 fatal errors on the error protection page when a PHP error
  was encountered in a drop-in (such as advanced-cache.php) were fixed.
- 47244: wp_targeted_link_rel() has been improved to prevent instances
  where single and double quotation marks were incorrectly staggered.
- 47169: PHP/MySQL minimum version requirement checks now return proper
  error codes when requirements are not met in test environments.
- 47177: The backwards compatibility of get_search_form() was improved.
- 47297: The accuracy of the HTTP requests test in Site Health was improved.
- 47229: TinyMCE has been updated to version 4.9.4.
- 47323: Prevents a fatal error that occurs when upgrading to 5.2.1 from
  WordPress < 5.2.
- 47304: Fixes a regression that can affect the accuracy of
  <lastBuildDate> in feeds.
- 47312: Changes the string used on the About page for 5.2.1 to one that
  is already translated.

5.2.2:
- 45094: Dashboard elements don't always have clear focus states, tab order
- 46289: RTL Bug „ŗwrong navigation arrows in media modal
- 46749: Extra border is displaying at bottom of Help section in Firefox
  (Responsive : 778 * 841)
- 46881: Site Health: improve the header elements horizontal centering
- 46957: Site Health: Make site health page access be filterable
- 46960: Site Health: Table design issue in small devices (iphone 5/SE).
- 46997: Theme update links show in Customizer and don't work
- 47070: Recovery Mode Exit button not visible in responsive view
- 47158: Merge similar strings introduced in WP 5.2
- 47227: I18n: Merge similar translation strings „ŗsite health tabs
- 47475: I18n: Merge similar strings and fix typo
- 47429: Editor: Update packages for WordPress 5.2.2
- 47457: Fix the mediaelements player controls bar sizing

Revision 1.69 / (download) - annotate - [select for diffs], Sat Mar 16 17:55:04 2019 UTC (2 years, 8 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.68: +5 -5 lines
Diff to previous 1.68 (colored)

Update Wordpress to 5.1.1 due to security issue outlined here:

https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/

Revision 1.68 / (download) - annotate - [select for diffs], Sat Mar 2 14:30:14 2019 UTC (2 years, 9 months ago) by wen
Branch: MAIN
Changes since 1.67: +5 -5 lines
Diff to previous 1.67 (colored)

Update to 5.1

Upstream changelog please visit:
https://wordpress.org/news/2019/02/betty/

Revision 1.67 / (download) - annotate - [select for diffs], Thu Jan 24 10:24:19 2019 UTC (2 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.66: +5 -5 lines
Diff to previous 1.66 (colored)

Update to newest version, 5.0.3.

Version 5.0.2 fixed 73 bugs. Details here:
https://wordpress.org/support/wordpress-version/version-5-0-2/

Version 5.0.3 fixed 37 bugs and 7 performance improvements for the block editor.
Details here:
https://wordpress.org/support/wordpress-version/version-5-0-3/

Revision 1.66 / (download) - annotate - [select for diffs], Thu Dec 13 07:09:42 2018 UTC (2 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Changes since 1.65: +5 -5 lines
Diff to previous 1.65 (colored)

Security update to 5.0.1.

More information at:
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

Revision 1.65 / (download) - annotate - [select for diffs], Fri Dec 7 12:25:58 2018 UTC (3 years ago) by morr
Branch: MAIN
Changes since 1.64: +5 -5 lines
Diff to previous 1.64 (colored)

Update Wordpress to 5.0.

On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo,
was released to the public. WordPress 5.0 will revolutionize content editing
with introduction of a new block editor and block editor-compatible default
theme Twenty Nineteen.

More infomations at https://wordpress.org/support/wordpress-version/version-5-0/

Revision 1.63.2.1 / (download) - annotate - [select for diffs], Mon Jul 16 14:04:22 2018 UTC (3 years, 4 months ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored) next main 1.64 (colored)

Pullup ticket #5786 - requested by taca
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.79-1.80
- www/wordpress/distinfo                                        1.64

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Jul  4 13:40:45 UTC 2018

   Modified Files:
   	pkgsrc/www/wordpress: Makefile

   Log Message:
   *: Move SUBST_STAGE from post-patch to pre-configure

   Performing substitutions during post-patch breaks tools such as mkpatches,
   making it very difficult to regenerate correct patches after making changes,
   and often leading to substituted string replacements being committed.

---
   Module Name:	pkgsrc
   Committed By:	wen
   Date:		Sat Jul  7 02:55:25 UTC 2018

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to 4.9.7

   Upstream changes:
   WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

   WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

   Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

   Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

       Taxonomy: Improve cache handling for term queries.
       Posts, Post Types: Clear post password cookie when logging out.
       Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
       Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
       Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Revision 1.64 / (download) - annotate - [select for diffs], Sat Jul 7 02:55:25 2018 UTC (3 years, 5 months ago) by wen
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored)

Update to 4.9.7

Upstream changes:
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

    Taxonomy: Improve cache handling for term queries.
    Posts, Post Types: Clear post password cookie when logging out.
    Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
    Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
    Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Revision 1.63 / (download) - annotate - [select for diffs], Fri May 18 14:22:40 2018 UTC (3 years, 6 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Changes since 1.62: +5 -5 lines
Diff to previous 1.62 (colored)

Update to 4.9.6, which is a privacy and maintenance release:
https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/

Revision 1.61.2.1 / (download) - annotate - [select for diffs], Fri Apr 27 19:53:52 2018 UTC (3 years, 7 months ago) by bsiegert
Branch: pkgsrc-2018Q1
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored) next main 1.62 (colored)

Pullup ticket #5738 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.77
- www/wordpress/distinfo                                        1.62

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Apr 16 10:22:10 UTC 2018

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to version 4.9.5.

   This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.

   WordPress versions 4.9.4 and earlier are affected by three security issues.

   More changes at https://codex.wordpress.org/Version_4.9.5.

Revision 1.62 / (download) - annotate - [select for diffs], Mon Apr 16 10:22:10 2018 UTC (3 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored)

Update to version 4.9.5.

This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, media library, error notices, and some security fixes. Twenty Seventeen bundled theme and Hello Dolly bundled plugin have also been updated.

WordPress versions 4.9.4 and earlier are affected by three security issues.

More changes at https://codex.wordpress.org/Version_4.9.5.

Revision 1.61 / (download) - annotate - [select for diffs], Mon Feb 12 08:33:19 2018 UTC (3 years, 9 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Changes since 1.60: +5 -5 lines
Diff to previous 1.60 (colored)

Update Wordpress to 4.9.4 which fixes an issue introduced in 4.9.3.
4.9.3 fixes 34 bugs:

https://codex.wordpress.org/Version_4.9.3
https://codex.wordpress.org/Version_4.9.4

Revision 1.59.2.1 / (download) - annotate - [select for diffs], Sun Jan 21 16:02:43 2018 UTC (3 years, 10 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.59: +5 -5 lines
Diff to previous 1.59 (colored) next main 1.60 (colored)

Pullup ticket #5687 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.75
- www/wordpress/PLIST                                           1.37
- www/wordpress/distinfo                                        1.60

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Jan 20 11:58:01 UTC 2018

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to version 4.9.2

   CHanges:

   XSS fixed in the Flash fallback files in MediaElement 4.x.

   Bundled Theme
   #42820 - Twenty Seventeen -watch that language

   Customize
   #42492 - Selecting menu location changes line height
   #42871 - Features box textstrings in Feature Filter area need new linebreak

   Database
   #42812 - Use MySQLi when available by default

   Editor
   #42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
   #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

   External Libraries
   #42439 - Update random_compat external library for PHP 7 linting failure

   Formatting
   #42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

   Media
   #42225 - Whitelist Flac Files
   #42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
   #42480 - Consistent suppression of `getimagesize()` errors
   #42720 - Remove unnecessary MediaElement.js files

   Plugins
   #43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

   REST API
   #42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

   Taxonomy
   #42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
   #42605 - category_description() does not work properly since 4.9
   #42717 - get_category_link() accepting object but not id

   TinyMCE
   #42416 - Code assumes iframe mode, exception in inline mode

   Upgrade/Install
   #42963 - Improve deletion of $_old_files during upgrades

   Widgets
   #42603 - Widgets Warning after activating theme and on dashboard widgets page
   #42719 - Always attempt to restore widgets' previous assignment
   #42867 - HTML Widget: toggleClass() should be passed true/false as second param


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/www/wordpress/distinfo

Revision 1.60 / (download) - annotate - [select for diffs], Sat Jan 20 11:58:01 2018 UTC (3 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.59: +5 -5 lines
Diff to previous 1.59 (colored)

Update to version 4.9.2

CHanges:

XSS fixed in the Flash fallback files in MediaElement 4.x.

Bundled Theme
#42820 - Twenty Seventeen -watch that language

Customize
#42492 - Selecting menu location changes line height
#42871 - Features box textstrings in Feature Filter area need new linebreak

Database
#42812 - Use MySQLi when available by default

Editor
#42664 - Editor link autocomplete suggestions: no fallback title displayed for posts with no title
#43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries
#42439 - Update random_compat external library for PHP 7 linting failure

Formatting
#42578 - PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media
#42225 - Whitelist Flac Files
#42447 - Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn't available
#42480 - Consistent suppression of `getimagesize()` errors
#42720 - Remove unnecessary MediaElement.js files

Plugins
#43082 - Add plugins search results: the plugin details modal opens in the thickbox modal

REST API
#42828 - Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy
#42771 - WP_Term::get_instance() regression for non-category terms queried with 'category' taxonomy
#42605 - category_description() does not work properly since 4.9
#42717 - get_category_link() accepting object but not id

TinyMCE
#42416 - Code assumes iframe mode, exception in inline mode

Upgrade/Install
#42963 - Improve deletion of $_old_files during upgrades

Widgets
#42603 - Widgets Warning after activating theme and on dashboard widgets page
#42719 - Always attempt to restore widgets' previous assignment
#42867 - HTML Widget: toggleClass() should be passed true/false as second param

Revision 1.57.4.2 / (download) - annotate - [select for diffs], Wed Dec 20 18:38:37 2017 UTC (3 years, 11 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.57.4.1: +5 -5 lines
Diff to previous 1.57.4.1 (colored) to branchpoint 1.57 (colored) next main 1.58 (colored)

Pullup ticket #5659 - requested by bsiegert
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.74
- www/wordpress/PLIST                                           1.36
- www/wordpress/distinfo                                        1.59

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Dec  3 17:06:37 UTC 2017

   Modified Files:
    	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version, 4.9.1

   This version fixes 4 security bugs from earlier versions.

   For details, head to https://codex.wordpress.org/Version_4.9.1
   For 4.9 changes, head to https://codex.wordpress.org/Version_4.9


   To generate a diff of this commit:
   cvs rdiff -u -r1.73 -r1.74 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/www/wordpress/distinfo

Revision 1.59 / (download) - annotate - [select for diffs], Sun Dec 3 17:06:37 2017 UTC (4 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.58: +5 -5 lines
Diff to previous 1.58 (colored)

Update to newest version, 4.9.1

This version fixes 4 security bugs from earlier versions.

For details, head to https://codex.wordpress.org/Version_4.9.1
For 4.9 changes, head to https://codex.wordpress.org/Version_4.9

Revision 1.57.4.1 / (download) - annotate - [select for diffs], Mon Nov 6 19:41:32 2017 UTC (4 years, 1 month ago) by bsiegert
Branch: pkgsrc-2017Q3
Changes since 1.57: +5 -5 lines
Diff to previous 1.57 (colored)

Pullup ticket #5616 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.73
- www/wordpress/PLIST                                           1.35
- www/wordpress/distinfo                                        1.58

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Fri Nov  3 09:49:13 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Security update to version 4.8.3.

   WordPress versions 4.8.2 and earlier are affected by an issue where
   $wpdb->prepare() can create unexpected and unsafe queries leading to potential
   SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
   but we„ŗ—◊e added hardening to prevent plugins and themes from accidentally
   causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.58 / (download) - annotate - [select for diffs], Fri Nov 3 09:49:13 2017 UTC (4 years, 1 month ago) by morr
Branch: MAIN
Changes since 1.57: +5 -5 lines
Diff to previous 1.57 (colored)

Security update to version 4.8.3.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to potential
SQL injection (SQLi). WordPress core is not directly vulnerable to this issue,
but we„ŗ—◊e added hardening to prevent plugins and themes from accidentally
causing a vulnerability. Reported by Anthony Ferrara.

Revision 1.57 / (download) - annotate - [select for diffs], Thu Sep 21 19:24:46 2017 UTC (4 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.56: +5 -5 lines
Diff to previous 1.56 (colored)

Security update to version 4.8.2

Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we„ŗ—◊e added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by ŮýįťŃĢŪū(Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

And 6 other fixes:

* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.

*I18N
- #41794 - Support numbers in locales during installation

* Security
- #13377 - Add more sanitization in _cleanup_header_comment

*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called

More on https://codex.wordpress.org/Version_4.8.2

Revision 1.56 / (download) - annotate - [select for diffs], Mon Aug 7 20:12:14 2017 UTC (4 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.55: +5 -5 lines
Diff to previous 1.55 (colored)

Update to version 4.8.1.

WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 release series, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget.

Administration
* #40982 - Permalink Settings: custom structure field keyboard trap

Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition

Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile

Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu because the "Delete Menu" link and the "Add Items" button are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business info" widget

Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params

General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection

Media
* #41231 - media-views.js: Cannot read .length of undefined (this.controller.$uploaderToggler.length)

REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled

Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one taxonomy is given in args

TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when selected

Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the ◊•isable the visual editor when writing„ŗsetting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve back-compat for widget_text filters

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 18:52:40 2017 UTC (4 years, 5 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored) next main 1.54 (colored)

Pullup ticket #5487 - requested by sevan
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.68-1.69
- www/wordpress/PLIST                                           1.34
- www/wordpress/distinfo                                        1.54-1.55

---
   Module Name:    pkgsrc
   Committed By:   jklos
   Date:           Tue May 30 07:20:15 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update 4.7.5. Bugs fixed:

   Insufficient redirect validation in the HTTP class. Reported by Ronni
   Skansing.
   Improper handling of post meta data values in the XML-RPC API. Reported by
   Sam Thomas.
   Lack of capability checks for post meta data in the XML-RPC API. Reported
   by Ben Bidner of the WordPress Security Team.
   A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
   filesystem credentials dialog. Reported by Yorick Koster.
   A cross-site scripting (XSS) vulnerability was discovered when attempting
   to upload very large files. Reported by Ronni Skansing.
   A cross-site scripting (XSS) vulnerability was discovered related to the
   Customizer. Reported by Weston Ruter of the WordPress Security Team.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Jun 18 18:01:42 UTC 2017

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version 4.8.

   For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.55 / (download) - annotate - [select for diffs], Sun Jun 18 18:01:42 2017 UTC (4 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.54: +5 -5 lines
Diff to previous 1.54 (colored)

Update to newest version 4.8.

For changes, check https://codex.wordpress.org/Version_4.8.

Revision 1.54 / (download) - annotate - [select for diffs], Tue May 30 07:20:15 2017 UTC (4 years, 6 months ago) by jklos
Branch: MAIN
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored)

Security update 4.7.5. Bugs fixed:

Insufficient redirect validation in the HTTP class. Reported by Ronni
Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by
Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported
by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the
filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting
to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the
Customizer. Reported by Weston Ruter of the WordPress Security Team.

Revision 1.53 / (download) - annotate - [select for diffs], Tue Mar 7 17:39:13 2017 UTC (4 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)

Security update to version 4.7.3.

Fixed security bugs:

* Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè
  Dale, Yorick Koster, and Simon P. Briggs.
* Control characters can trick redirect URL validation. Reported by Daniel
  Chatfield.
* Unintended files can be deleted by administrators using the plugin deletion
  functionality. Reported by xuliang.
* Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc
  Montpas.
* Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
* Cross-site request forgery (CSRF) in Press This leading to excessive use of
  server resources. Reported by Sipke Mellema.

More information here: https://codex.wordpress.org/Version_4.7.3

Revision 1.52 / (download) - annotate - [select for diffs], Sat Jan 28 10:14:15 2017 UTC (4 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)

Security update to version 4.7.2.

Changes:

Version 4.7.2

* Remote code execution (RCE) in PHPMailer No specific issue appears to
  affect WordPress or any of the major plugins we investigated but, out of an
  abundance of caution, we updated PHPMailer in this release. This issue was
  reported to PHPMailer by Dawid Golunski and Paul Buonopane.
* The REST API exposed user data for all users who had authored a post of a
  public post type. WordPress 4.7.1 limits this to only post types which have
  specified that they should be shown within the REST API. Reported by
  Krogsgard and Chris Jean.
* Cross-site scripting (XSS) via the plugin name or version header on
  update-core.php. Reported by Dominik Schilling of the WordPress Security
  Team.
* Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported
  by Abdullah Hussam.
* Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
* Post via email checks mail.example.com if default settings aren„ŗ—’ changed.
  Reported by John Blackbourn of the WordPress Security Team.
* A cross-site request forgery (CSRF) was discovered in the accessibility mode
  of widget editing. Reported by Ronnie Skansing.
* Weak cryptographic security for multisite activation key. Reported by Jack.

Version 4.7.1

* The user interface for assigning taxonomy terms in Press This is shown to
  users who do not have permissions to use it. Reported by David Herrera of
  Alley Interactive.
* WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
  WordPress core is not directly vulnerable to this issue, but we„ŗ—◊e added
  hardening to prevent plugins and themes from accidentally causing a
  vulnerability. Reported by Mo Jangda (batmoo).
* A cross-site scripting (XSS) vulnerability was discovered in the posts list
  table. Reported by Ian Dunn of the WordPress Security Team.

Revision 1.51 / (download) - annotate - [select for diffs], Mon Jan 9 19:10:16 2017 UTC (4 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.50: +5 -5 lines
Diff to previous 1.50 (colored)

Update to newest version 4.7.

Major changes:

New Default Theme - Twenty Seventeen
- It is an ambitious theme designed for business websites that focuses on a
  creative home page and an easy site setup experience for users.

* multiple sections on the front page, selected in the Customizer.
* a striking asymmetrical grid.
* custom color schemes, built on top of a monochromatic foundation, and
  adjustable via a hue picker.
* different headline placement for pages, changeable in the Customizer, via
  them options.
* a great experience in many languages, thanks to language-specific font stacks.
* SVG icons (a first for a default theme).
* support for custom logo, custom header image and many post formats.
* the use of new functions in Core for making child theming easier.
	Note: Twenty Seventeen only works on 4.7 and above. It uses the new
	video header and starter content features, each launched in 4.7.

REST API Content Endpoints
* API endpoints for WordPress content. WordPress 4.7 comes with REST API
  endpoints for posts, comments, terms, users, meta, and settings. Content
  endpoints provide machine-readable external access to your WordPress site
  with a clear, standards-driven interface, paving the way for new and
  innovative methods of interacting with your site.

Revision 1.50 / (download) - annotate - [select for diffs], Thu Sep 29 18:02:09 2016 UTC (5 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.49: +5 -5 lines
Diff to previous 1.49 (colored)

Security update to version 4.6.1.

WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.

WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:

Bootstrap/Load

#37680 „ŗPHP Warning: ini_get_all() has been disabled for security reasons

- Database
#37683 „ŗ$collate and $charset can be undefined in wpdb::init_charset()
#37689 „ŗIssues with utf8mb4 collation and the 4.6 update

- Editor
#37690 „ŗBackspace causes jumping

- Email
#37736 „ŗEmails fail on certain server setups

- External Libraries
#37700 „ŗWarning: curl_exec() has been disabled for security reasons (Requests library)
#37720 „ŗThe minified version of the Masonry shim was not updated in #37666 (Masonry library)

- HTTP API
#37733 „ŗcURL error 3: malformed for remote requests
#37768 „ŗHTTP API no longer accepts integer and float values for the cookies argument

- Post Thumbnails
#37697 „ŗStrange behavior with thumbnails on preview in 4.6

- Script Loader
#37800 „ŗClose „ŗ◊Õink rel„ŗdns-prefetch tag

- Taxonomy
#37721 „ŗImprove error handling of is_object_in_term in taxonomy.php

- Themes
#37755 „ŗVisual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

- TinyMCE
#37760 „ŗProblem with RTL

- Upgrade/Install
#37731 „ŗInfinite loop in _wp_json_sanity_check() during plugin install

Revision 1.49 / (download) - annotate - [select for diffs], Sun Aug 21 20:04:57 2016 UTC (5 years, 3 months ago) by jklos
Branch: MAIN
Changes since 1.48: +5 -5 lines
Diff to previous 1.48 (colored)

Update WordPress to 4.6 "Pepper":
https://wordpress.org/news/2016/08/pepper/

Revision 1.48 / (download) - annotate - [select for diffs], Wed Jun 22 00:56:29 2016 UTC (5 years, 5 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored)

Update WordPress to 4.5.3. This is a maintenance and security release:
https://wordpress.org/news/2016/06/wordpress-4-5-3/

Revision 1.47 / (download) - annotate - [select for diffs], Wed May 4 20:18:32 2016 UTC (5 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (colored)

Update to newest version of 4.5.1.

For 4.5.1
This maintenance release fixes a total of 12 bugs in Version 4.5 including:

Build/Test Tools
#36498 Shrinkwrap npm dependencies for 4.5

Bundled Theme
#36510 Twenty eleven page templates with widgets incorrectly styled

Customize
#36457 Customizer Device Preview: Use px units for tablet preview size

Database
#36629 Database connect functions can cause un-catchable warnings

Editor
#36458 Fix support for Safari + VoiceOver when editing inline links

Emoji
#36604 Emoji skin tone support test incorrectly passing in Chrome

Feeds
#36620 Feeds using an rss-http content type are now served as application/octet-stream

Media
#36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED'
#36578 wp_ajax_send_attachment_to_editor() bug
#36621 Don„ŗ—’ cache the results of wp_mkdir_p() in a persistent cache

Rewrite Rules
#36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows

TinyMCE
#36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)

For 4.5.
What's New
Security
- SSRF Bypass using Octal & Hexedecimal IP addresses, reported by Yu Wang & Tong Shi from BAIDU XTeam
- Reflected XSS on the network settings page, reported by Emanuel Bronshtein (@e3amn2l)
- Script compression option CSRF, reported by Ronni Skansing

Posts
- Inline Link Editing
- Additional Editor Shortcuts

Comments
- Moderate Comment Screen Refresh
- Max Lengths for Comment Form Fields
- Comment Error Page Navigation

Appearance
- Responsive Preview of your site
- Theme Logo Support
- Selective Refresh
- Easy of use

Install Process
Version 4.5 default to generating secret keys and salts locally instead of relying on the WordPress.org API

Detail can be found here:

http://codex.wordpress.org/Version_4.5
http://codex.wordpress.org/Version_4.5.1

Revision 1.46 / (download) - annotate - [select for diffs], Thu Feb 11 09:30:39 2016 UTC (5 years, 9 months ago) by jklos
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.45: +5 -5 lines
Diff to previous 1.45 (colored)

Update Wordpress to 4.4.2.

Revision 1.45 / (download) - annotate - [select for diffs], Sun Jan 3 16:22:53 2016 UTC (5 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.44: +5 -5 lines
Diff to previous 1.44 (colored)

Update to newest version 4.4.

What's New
  General
  * Developer reference - Improvements to inline code documentation.
  * i18n support - Improvements to translation strings all over the core.
  * Admin page headings were adjusted from H3 to H2 tags to reinforce page hierarchy
  * Improvements to how list tables are displayed on all size screens
  Posts
  * The post/page permalink UI was simplified, linking the permalink and removing the "View" button
  Comments
  * The "View Comment" link was relocated from the Status meta box in the comment-editing screen
  * Many comment functions can now accept a full object instead of 'comment_ID' to reduce cache/db lookups
  * Orphaned comments now fall back to the 'edit_posts' capability
  Appearance
  * Site icons will now fall back to the 'full' size URL when the 'thumbnail' size doesn't exist
  Multisite
  * The language chooser was added to the new site form on wp-signup.php
  * Sites may no longer be created with the following reserved slugs: wp-admin, wp-content, wp-includes, or wp-json

Revision 1.44 / (download) - annotate - [select for diffs], Wed Nov 4 02:47:42 2015 UTC (6 years, 1 month ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)

Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.43 / (download) - annotate - [select for diffs], Thu Sep 17 19:10:48 2015 UTC (6 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.42: +4 -4 lines
Diff to previous 1.42 (colored)

Security update to version 4.3.1.

This version fixes two cross-site scripting vulnerabilities (CVE-2015-5714,
CVE-2015-5715) and a potential privilege escalation.

Revision 1.42 / (download) - annotate - [select for diffs], Fri Aug 21 03:27:56 2015 UTC (6 years, 3 months ago) by jklos
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)

Update WordPress to 4.3.

Revision 1.41 / (download) - annotate - [select for diffs], Sun Aug 16 08:26:24 2015 UTC (6 years, 3 months ago) by jklos
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)

Update to 4.2.4 to address security issues:
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

Revision 1.40 / (download) - annotate - [select for diffs], Sun Aug 2 21:51:24 2015 UTC (6 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.39: +4 -4 lines
Diff to previous 1.39 (colored)

Security update to version 4.2.3.

Changes:

WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow
users with the Contributor or Author role to compromise a site.

The release also fixes an issue where it was possible for a user with
Subscriber permissions to create a draft through Quick Draft.

In addition to the security fixes, WordPress 4.2.3 contains fixes for
21 bugs from 4.2.2, including:
 * FIX - Upgrades: If a table has already been converted to utf8mb4,
   there's no need to try and convert it again.
 * FIX - Remove a redundant index drop.
 * FIX - Don't upgrade global tables to utf8mb4 when
   DO_NOT_UPGRADE_GLOBAL_TABLES is defined.
 * FIX - Enable utf8mb4 for MySQL extension users.
 * FIX - Plugin update rely upon wp_update_plugins() to check the
   contents of the transient and return early if no request needs to
  be made.
 * FIX - WPDB: When extracting the table name from a query, there is a
   1000 character limit on the SQL string that would be searched.
 * FIX - WPDB: When checking that text isn't too long to insert into a
   column, LONGTEXT columns could fail, as their length is longer than
   PHP_INT_MAX.
 * FIX - Plugin update handles the case where the plugin is installed
   into a different directory than it previously existed in.
 * FIX - Plugin update feature doesn't recognize errors
 * FIX - Plugin update error messages lack detail
 * FIX - Multiple plugin updates: Even if one of plugins update fails,
   allow further updates to continue.
 * FIX - In comment_form(), ensure that filtered arguments contain all
   required default values.
 * FIX - WPDB: Remove some of the complexities in
   ::strip_invalid_text() associated with switching character sets
   between queries.
 * FIX - WPDB: ::strip_text_from_query() doesn't pass a length to
   ::strip_invalid_text(), which was causing queries to fail when they
   contained characters that needed to be sanity checked by MySQL.
  * FIX - Emoji script is producing errors on pages with SVG content
 * FIX - Unable to drag widgets down page past certain length.
 * FIX - TinyMCE: wpView: fix typo in createInstance that prevented
   instances from being reused.
 * FIX - SCRIPT_DEBUG check in print_emoji_detection_script()
   generated PHP Notices.
 * FIX - If the shortcode content contains HTML code, the TinyMCE View
   no longer works.
 * FIX - Better handling when the credential form is long (such as
   when SSH is active).
 * FIX - sanitize_option didn't handle a WP_Error Object.

Revision 1.39 / (download) - annotate - [select for diffs], Mon May 11 05:16:31 2015 UTC (6 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.38: +4 -4 lines
Diff to previous 1.38 (colored)

Security and maintenance update to version 4.2.2.

WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML
file shipped with recent Genericons packages included in the Twenty Fifteen
theme as well as a number of popular plugins by removing the file.

Version 4.2.2 also improves on a fix for a critical cross-site scripting
vulnerability introduced in 4.2.1.

The release also includes hardening for a potential cross-site scripting
vulnerability when using the Visual editor.

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs
from 4.2.1, including:

o Fixes an emoji loading error in IE9 and IE10
o Fixes a keyboard shortcut for saving from the Visual editor on Mac
o Fixes oEmbed for YouTube URLs to always expect https
o Fixes how WordPress checks for encoding when sending strings to MySQL
o Fixes a bug with allowing queries to reference tables in the dbname.tablename
  format
o Lowers memory usage for a regex checking for UTF-8 encoding
o Fixes an issue with trying to change the wrong index in the wp_signups table
  on utf8mb4 conversion
o Improves performance of loop detection in _get_term_children()
o Fixes a bug where attachment URLs were incorrectly being forced to use https
  in some contexts
o Fixes a bug where creating a temporary file could end up in an endless loop.

Revision 1.38 / (download) - annotate - [select for diffs], Mon May 4 19:48:00 2015 UTC (6 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.37: +4 -4 lines
Diff to previous 1.37 (colored)

Security update to newest version 4.2.1.

Changes:

Wordpress 4.2:

o Press This has been completely revamped. Clip it, edit it, publish it. Get
  familiar with the new and improved Press This. From the Tools menu, add Press
  This to your browser bookmark bar or your mobile device home screen. Once
  installed you can share your content with lightning speed. Sharing your
  favorite videos, images, and content has never been this fast or this easy.
o Now you can browse and switch installed themes in the Customizer. Browse and
  preview your installed themes from the Customizer. Make sure the theme looks
  great with your content, before it debuts on your site.
o More intuitive plugin update and install from the Plugins Screen. Goodbye
  boring loading screen, hello smooth and simple plugin updates. Click Update Now
  and watch the magic happen.
o Writing in WordPress, whatever your language, just got better.  WordPress 4.2
  supports a host of new characters out-of-the-box, including native Chinese,
  Japanese, and Korean characters, musical and mathematical symbols, and
  hieroglyphs. Don„ŗ—’ use any of those characters? You can still have fun „ŗemoji
  are now available in WordPress! Get creative and decorate your content with !√ý,
  !ņļ, !ŅÚ, !Ļű, and all the many other emoji.

Wordpress 4.2.1:

o fix for a critical cross-site scripting (XSS) vulnerability, which could
  enable commenters to compromise a site.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Apr 22 06:38:15 2015 UTC (6 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored)

Security update to version 4.1.2.

Changes:

4.1.1:

Maintenance release, fixed 21 bugs.

4.1.2:

- A serious critical cross-site scripting vulnerability, which could enable
  anonymous users to compromise a site.
- Files with invalid or unsafe names could be uploaded.
- Some plugins are vulnerable to an SQL injection attack.
- A very limited cross-site scripting vulnerability could be used as part of a
  social engineering attack.
- Four hardening changes, including better validation of post titles within the
  Dashboard.

Revision 1.36 / (download) - annotate - [select for diffs], Fri Jan 2 12:40:59 2015 UTC (6 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.35: +4 -4 lines
Diff to previous 1.35 (colored)

Update to version 4.1.

Major changes:

General
- Show the number of approved comments, instead of total comments, in the „ŗ◊Ęt A Glance„ŗsection in the dashboard.
- Site Language: Install translations on the fly on the General Settings screen. The language drop down now includes installed languages and all available translations when the filesystem is writable by WordPress.
- Admin notices: There are now four types of notices: success (green), warning (orange), error (red), and info (blue).

Posts
- Spellchecking is enabled for the post title field on the Edit Post screen.

Media
- Disable multi-file uploading in iOS 7.x Safari as it prevents uploading of videos.
- Allow PSDs (Photoshop documents) to be uploaded.
- oEmbed: Add support for the Vine endpoint.
- Display error message when Media Library upload fails.

Appearance
- Custom Header and Custom Background screens removed. Admin menu links now go to the Customizer.
- Widgets screen now has a Manage in Customizer link at top of screen.
- Themes: Make "Live Preview" the primary action and „ŗ◊Ęctivate„ŗsecondary.

Users
- Introduce a button on the user profile screen which clears all other sessions, and on the user editing screen which clears all sessions.
Accessibility
- Admin menu separators are now hidden from screen readers.
- Improved keyboard control of Edit Selection mode in the media manager.
- Improved keyboard accessibility on Custom Header and Custom Background screen.
- Improved text contrast against dark backgrounds in the admin menu and toolbar.
- When switching to the Text editor, make the textarea visible to screen readers.
- Use <button> instead of <a> for the Visual/Text buttons to make them focusable.
- Improve the focus style for review links in the plugin info modal.
- TinyMCE:
 -- Return focus to the editor on pressing Escape while the image toolbar is focused.
 -- Add a Close button to the Help modal and close it on Escape.
 -- Override the title on the editor iframe (read by screen reader apps), replace with the Alt+Shift+H shortcut.
 -- Add focus shortcuts descriptions to the Help modal.

Multisite
- Set the default network language on the Network Settings screen.

Revision 1.34.2.1 / (download) - annotate - [select for diffs], Tue Nov 25 15:04:11 2014 UTC (7 years ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored) next main 1.35 (colored)

Pullup ticket #4559 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.43
- www/wordpress/distinfo                                        1.35

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Nov 24 19:08:53 UTC 2014

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 4.0.1.

   Changes:
   - Three cross-site scripting issues that a contributor or author could use to
     compromise a site.
   - A cross-site request forgery that could be used to trick a user into changing
     their password.
   - An issue that could lead to a denial of service when passwords are checked.
   - Additional protections for server-side request forgery attacks when WordPress
     makes HTTP requests.
   - An extremely unlikely hash collision could allow a user—‘ account to be
     compromised, that also required that they haven„ŗ—’ logged in since 2008 (I
     wish I were kidding).
   - WordPress now invalidates the links in a password reset email if the user
     remembers their password, logs in, and changes their email address.

   More details on http://codex.wordpress.org/Version_4.0.1.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 24 19:08:53 2014 UTC (7 years ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored)

Security update to 4.0.1.

Changes:
- Three cross-site scripting issues that a contributor or author could use to
  compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
  their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
  makes HTTP requests.
- An extremely unlikely hash collision could allow a user„ŗ—‘ account to be
  compromised, that also required that they haven„ŗ—’ logged in since 2008 (I
  wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
  remembers their password, logs in, and changes their email address.

More details on http://codex.wordpress.org/Version_4.0.1.

Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 12 22:18:08 2014 UTC (7 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored)

Update to version 4.0.

Major changes:

General

- Featured image previews now support .bmp files
- Featured Image meta box is now hidden for contributors lacking upload
  capabilities
- New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube
  playlists, TED talks
- Install WordPress in your language
- Streamlined Language management right from the dashboard

Posts

- Display embed previews for audio/visual URLs in Visual editor content
  box.
- Page scrolling now scrolls post content box.
- Edit Post/Page menu bar sticks to top of content box when scrolling
  (Visual and Text editor).
- Color picker was re-added to the Visual editor

Media

- Add Media Grid view option (default) for Media Library
- Add "Bulk Select" button to Media Grid view to delete multiple items
- Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu
- Expand oEmbed support to include YouTube playlist URLs and Polldaddy„ŗ—‘
  short URL format
- Remove Viddler oEmbed support
- Update SlideShare oEmbed regex
- Improved media experience on small screen sizes (embedded videos now
  responsive)
- Native video and audio shortcodes now support Flash playback looping

Comments

- Comments in trash can now be marked as spam.

Plugins

- Display plugins list as grid, with thumbnails, on Add New screen.
- Add popup window with plugin details (displays info from plugin's
  directory page).
- Add "Beta Testing" tab to Plugins screen for new features-as-plugins.

Accessibility

- Improved keyboard accessibility in the Add Media panel
- Improved screen-reader support for Customizer sections
- Makes links in help tabs keyboard accessible
- Improvements for screen-readers when managing widgets in the
  Customizer

Install Process

- Add language select menu as first Installation screen (skipped for
  localized installs)

Multisite

- mp4 file extension was added to allowed upload file types

Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 17 08:48:33 2014 UTC (7 years, 3 months ago) by morr
Branch: MAIN
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)

Security update to version 3.9.2

Changes:

* Fixes a possible denial of service issue in PHP„ŗ—‘ XML processing, reported by
  Nir Goldshlager of the Salesforce.com Product Security Team. Fixed by Michael
  Adams and Andrew Nacin of the WordPress security team and David Rothstein of
  the Drupal security team.
* Fixes a possible but unlikely code execution when processing widgets
  (WordPress is not affected by default), discovered by Alex Concha of the
  WordPress security team.
* Prevents information disclosure via XML entity attacks in the external GetID3
  library, reported by Ivan Novikov of ONSec.
* Adds protections against brute attacks against CSRF tokens, reported by David
  Tomaschik of the Google Security Team.
* Contains some additional security hardening, like preventing cross-site
  scripting that could be triggered only by administrators.

Revision 1.32 / (download) - annotate - [select for diffs], Fri May 16 19:55:07 2014 UTC (7 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored)

Update to wordpress 3.9.1.

Changes:
- A smoother media editing experience
- Improved visual editing - speed, accessibility, and mobile support
- Edit images easily - quicker access to crop and rotation tools, scale images
  directly in the editor
- Drag and drop your images right onto the editor
- Image gallery previews right in the editor
- Showcase music and clips with simple audio and video playlists
- Live widget and header image previews in the Customizer
- Stunning new theme browser

Version 3.9.1 fixes 34 bugs from 3.9.

More details on http://codex.wordpress.org/Version_3.9 and
http://codex.wordpress.org/Version_3.9.1

Revision 1.30.2.1 / (download) - annotate - [select for diffs], Mon Apr 14 12:29:38 2014 UTC (7 years, 7 months ago) by tron
Branch: pkgsrc-2014Q1
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored) next main 1.31 (colored)

Pullup ticket #4370 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.39
- www/wordpress/distinfo                                        1.31

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Apr 13 14:10:59 UTC 2014

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to newest version of Wordpress, containing security fixes.

   It contains 9 bugfixes and 5 security fixes:

   * Potential authentication cookie forgery. CVE-2014-0166.
   * Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
   * (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
   * (Hardening) Fix a low-impact SQL injection by trusted users.
   * (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Revision 1.31 / (download) - annotate - [select for diffs], Sun Apr 13 14:10:59 2014 UTC (7 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)

Update to newest version of Wordpress, containing security fixes.

It contains 9 bugfixes and 5 security fixes:

* Potential authentication cookie forgery. CVE-2014-0166.
* Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
* (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
* (Hardening) Fix a low-impact SQL injection by trusted users.
* (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.

Revision 1.30 / (download) - annotate - [select for diffs], Wed Feb 12 19:43:56 2014 UTC (7 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)

Update to version 3.8.1

Changes:

Addressed 31 bugs in 3.8, including various fixes and improvements for the new
dashboard design and new themes admin screen.

More info at http://codex.wordpress.org/Version_3.8.1

Revision 1.29 / (download) - annotate - [select for diffs], Thu Jan 23 16:27:49 2014 UTC (7 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.28: +4 -4 lines
Diff to previous 1.28 (colored)

Update to version 3.8.

Changes:

Introduces a new, modern admin design
* A fresh, uncluttered design
* Clean typography with Open Sans
* Superior contrast and large, comfortable type
* Responsive interfaces throughout
* Refined, theme management
* Smoother, click-to-add widget management

New Default Theme - Twenty Fourteen
* Easily create a responsive magazine website with a sleek, modern design.
* Feature your favorite homepage content in either a grid or a slider.
* Use the three widget areas to customize your website, and change your
  content's layout with a full-width page template and a contributor page to show
  off your authors.

For Developers
* External Libraries have been updated.
* Better RTL support

More info on http://codex.wordpress.org/Version_3.8

Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 8 21:33:02 2013 UTC (8 years, 1 month ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.27: +4 -4 lines
Diff to previous 1.27 (colored)

Update to 3.7.1 Maintenance Release.

Changes:

Version 3.7:

* Background Updates
-  Automatic updates for maintenance and security updates.
-  Daily updates for developers using nightly builds.
* Stronger Password Meter
-  New password meter to encourage users to choose stronger passwords.
* Improved Search
-  More relevant search results.
* Better Global Support
-  Localized versions will receive faster and more complete translations.
-  Background updates will include translations

More info on http://codex.wordpress.org/Version_3.7

Version 3.7.1:

- Images with captions no longer appear broken in the visual editor.
- Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org.
- Avoid fatal errors with certain plugins that were incorrectly calling some WordPress functions too early.
- Fix hierarchical sorting in get_pages(), exclusions in wp_list_categories(), and in_category() when called with empty values.
- Fix a warning that may occur in certain setups while performing a search, and a few other notices.

More info on http://codex.wordpress.org/Version_3.7.1

Revision 1.25.2.1 / (download) - annotate - [select for diffs], Fri Sep 13 13:07:27 2013 UTC (8 years, 2 months ago) by tron
Branch: pkgsrc-2013Q2
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored) next main 1.26 (colored)

Pullup ticket #4234 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.34-1.35
- www/wordpress/PLIST                                           1.16-1.17
- www/wordpress/distinfo                                        1.26-1.27

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Aug  8 07:50:58 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version of Wordpress 3.6.

   ChangeLog:

   New Default Theme - Twenty Thirteen
   * Focus on blogging
   * Single column layout with Sidebar / Widgets in the footer
   * Latest Theme Features support, particularly Post Formats and Semantic Markup
   * Font-based icons (Genericons)

   Admin Enhancements
   * UI improvements on Navigation Menus Screen
   * Revisions revised to be more dynamic and scalable
   * Autosave and Post Locking
   * Preview Audio and Video on Media Edit Screen
   * In-line login following expired sessions

   For Developers
   * External Libraries have been updated.
   * New audio/video APIs give developers access to powerful media metadata, like
   ID3 tags.
   * Filters for revisions, allowing you to set the number of revisions ad hoc
   instead of only via a define.
   * Semantic Markup allows themes to choose improved HTML5 markup for search
   forms, comment forms, and comment lists.
   * Search content for shortcodes with has_shortcode() and adjust shortcode
   attributes with a new filter.

   More info on http://codex.wordpress.org/Version_3.6

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Sep 12 17:19:59 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   This maintenance release addresses 13 bugs with version 3.6.

   Additionally: Version 3.6.1 fixes three security issues:

   * Remote Code Execution: Block unsafe PHP de-serialization that could occur in
   limited situations and setups, which can lead to remote code execution.
   Reported by Tom Van Goethem. CVE-2013-4338.
   * Link Injection / Open Redirect: Fix insufficient input validation that could
   result in redirecting or leading a user to another website.
   Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
   for Disease Control and Prevention. CVE-2013-4339.
   * Privilege Escalation: Prevent a user with an Author role, using a specially
   crafted request, from being able to create a post "written by" another user.
   Reported by Anakorn Kyavatanakij. CVE-2013-4340.

   Additional security hardening:

   * Updated security restrictions around file uploads to mitigate the potential
   for cross-site scripting. The extensions .swf and .exe are no longer allowed
   by default, and .htm and .html are only allowed if the user has the ability
   to use unfiltered HTML.

   More on http://codex.wordpress.org/Version_3.6.1

Revision 1.27 / (download) - annotate - [select for diffs], Thu Sep 12 17:19:59 2013 UTC (8 years, 2 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)

This maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

* Remote Code Execution: Block unsafe PHP de-serialization that could occur in
limited situations and setups, which can lead to remote code execution.
Reported by Tom Van Goethem. CVE-2013-4338.
* Link Injection / Open Redirect: Fix insufficient input validation that could
result in redirecting or leading a user to another website.
Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
for Disease Control and Prevention. CVE-2013-4339.
* Privilege Escalation: Prevent a user with an Author role, using a specially
crafted request, from being able to create a post "written by" another user.
Reported by Anakorn Kyavatanakij. CVE-2013-4340.

Additional security hardening:

* Updated security restrictions around file uploads to mitigate the potential
for cross-site scripting. The extensions .swf and .exe are no longer allowed
by default, and .htm and .html are only allowed if the user has the ability
to use unfiltered HTML.

More on http://codex.wordpress.org/Version_3.6.1

Revision 1.26 / (download) - annotate - [select for diffs], Thu Aug 8 07:50:58 2013 UTC (8 years, 4 months ago) by morr
Branch: MAIN
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored)

Update to newest version of Wordpress 3.6.

ChangeLog:

New Default Theme - Twenty Thirteen
* Focus on blogging
* Single column layout with Sidebar / Widgets in the footer
* Latest Theme Features support, particularly Post Formats and Semantic Markup
* Font-based icons (Genericons)

Admin Enhancements
* UI improvements on Navigation Menus Screen
* Revisions revised to be more dynamic and scalable
* Autosave and Post Locking
* Preview Audio and Video on Media Edit Screen
* In-line login following expired sessions

For Developers
* External Libraries have been updated.
* New audio/video APIs give developers access to powerful media metadata, like ID3 tags.
* Filters for revisions, allowing you to set the number of revisions ad hoc instead of only via a define.
* Semantic Markup allows themes to choose improved HTML5 markup for search forms, comment forms, and comment lists.
* Search content for shortcodes with has_shortcode() and adjust shortcode attributes with a new filter.

More info on http://codex.wordpress.org/Version_3.6

Revision 1.24.2.1 / (download) - annotate - [select for diffs], Sat Jun 29 23:38:30 2013 UTC (8 years, 5 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.24: +4 -4 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #4166 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.32-1.33
- www/wordpress/PLIST                                           1.15
- www/wordpress/distinfo                                        1.25

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jun 24 16:13:21 UTC 2013

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to version 3.5.2.

   Fixed issues:

   * Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
   * Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
   * Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
   * Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
   * Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
   * Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
   * Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

   * Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
   * Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
   * XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Mon Jun 24 16:16:42 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile

   Log Message:
   Remove pkgrevision bit

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Jun 27 08:04:57 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: PLIST

   Log Message:
   Fix PLIST file, unbreak build

Revision 1.25 / (download) - annotate - [select for diffs], Mon Jun 24 16:13:21 2013 UTC (8 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Changes since 1.24: +4 -4 lines
Diff to previous 1.24 (colored)

Security update to version 3.5.2.

Fixed issues:

* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.

Revision 1.23.2.1 / (download) - annotate - [select for diffs], Sun Jan 27 14:06:48 2013 UTC (8 years, 10 months ago) by spz
Branch: pkgsrc-2012Q4
Changes since 1.23: +4 -4 lines
Diff to previous 1.23 (colored) next main 1.24 (colored)

Pullup ticket #4042 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.30
- www/wordpress/PLIST                                           1.14
- www/wordpress/distinfo                                        1.24

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Jan 27 07:51:37 UTC 2013
   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo
   Log Message:
   This maintenance release addresses 37 bugs with version 3.5, including:
   * Editor: Prevent certain HTML elements from being unexpectedly removed or
   modified in rare cases.
   * Media: Fix a collection of minor workflow and compatibility issues in the new
   media manager.
   * Networks: Suggest proper rewrite rules when creating a new network.
   * Prevent scheduled posts from being stripped of certain HTML, such as video
   embeds, when they are published.
   * Work around some misconfigurations that may have caused some JavaScript in
   the WordPress admin area to fail.
   * Suppress some warnings that could occur when a plugin misused the database or
   user APIs.
   Additionally: Version 3.5.1 fixes a few security issues:
   * Server-side request forgery (SSRF) and remote port scanning via pingbacks.
   Fixed by the WordPress security team.
   * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
   Cave of the WordPress security team.
   * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
   was released to address this issue.
   To generate a diff of this commit:
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST
   cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo

Revision 1.24 / (download) - annotate - [select for diffs], Sun Jan 27 07:51:37 2013 UTC (8 years, 10 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Changes since 1.23: +4 -4 lines
Diff to previous 1.23 (colored)

This maintenance release addresses 37 bugs with version 3.5, including:

* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.

Additionally: Version 3.5.1 fixes a few security issues:

* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.

Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 16 22:20:27 2012 UTC (8 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)

Update to version 3.5.

Highlights

* New Media Manager
     + Beautiful interface: A streamlined, all-new experience
     + Create galleries faster with drag-and-drop reordering,
       inline caption editing, and simplified controls
     + Insert multiple images at once with Shift/Ctrl+click

* New Default Theme - Twenty Twelve
     + Simple, flexible, elegant
     + Mobile-first, responsive design
     + Gorgeous Open Sans typeface
     + Uses the latest Theme Features

* Admin Enhancements
     + New Welcome Screen
     + Retina-Ready (HiDPI) Admin
     + Hide Link Manager for new installs
     + Better accessibility for screenreaders, touch devices, and
       keyboard users
     + More polish on admin screens, including a new color picker

* For Developers
     + WP_Comment_Query and WP_User_Query accept now meta queries
       just like WP_Query
     + Meta queries now support querying for objects without a
       particular meta key
     + Post objects are now instances of a WP_Post class, which
       improves performance and caching
     + Multisite's switch_to_blog() is now significantly faster and
       more reliable
     + WordPress has added the Underscore and Backbone JavaScript
       libraries
     + TinyMCE, jQuery, jQuery UI, and SimplePie have all been
       updated to the latest versions
     + Image Editing API for cropping, scaling, etc., that uses
       ImageMagick as well as GD
     + XML-RPC: Now always enabled and supports fetching users,
       managing post revisions, searching
     + New "show_admin_column" parameter for register_taxonomy()
       allows automatic creation of taxonomy columns on associated post-types.

Revision 1.21.2.1 / (download) - annotate - [select for diffs], Sun Sep 9 16:32:55 2012 UTC (9 years, 3 months ago) by tron
Branch: pkgsrc-2012Q2
Changes since 1.21: +4 -4 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)

Pullup ticket #3918 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.27
- www/wordpress/distinfo                                        1.22

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun Sep  9 06:56:10 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to Wordpress 3.4.2.

   Changes:

   * Fixes some issues in the admin area where some older browsers (IE7, in
   particular) may slow down, lag, or freeze.
   * Fixes an issue where a theme may not preview correctly, or its screenshot may
   not be displayed.
   * Fixes the use of multiple trackback URLs in a post.
   * Prevents improperly sized images from being uploaded as headers from the
   customizer.
   * Ensures proper error messages can be shown to PHP4 installs. (WordPress
   requires PHP 5.2.4 or later.)
   * Fixes handling of oEmbed providers that only return XML responses.
   * Addresses pagination problems with some category permalink structures.
   * Adds more fields to be returned from the XML-RPC wp.getPost method.
   * Avoids errors when updating automatically from very old versions of WordPress
   (pre-3.0).
   * Fixes problems with the visual editor when working with captions.

   Additionally: Version 3.4.2 fixes a few security issues and contains some
   security hardening. These issues were discovered and addressed by the WordPress
   security team:

   * Fix unfiltered HTML capabilities in multisite.
   * Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
   * Allow operations on network plugins only through the network admin.
   * Hardening: Simplify error messages when uploads fail.
   * Hardening: Validate a parameter passed to wp_get_object_terms().

Revision 1.22 / (download) - annotate - [select for diffs], Sun Sep 9 06:56:10 2012 UTC (9 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3
Changes since 1.21: +4 -4 lines
Diff to previous 1.21 (colored)

Update to Wordpress 3.4.2.

Changes:

* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.

Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:

* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().

Revision 1.21 / (download) - annotate - [select for diffs], Fri Jun 29 10:40:13 2012 UTC (9 years, 5 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base
Branch point for: pkgsrc-2012Q2
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)

Security update to version of Wordpress 3.4.1.

ChangeLog:

Wordpress 3.4.1:

* Fixes an issue where a theme„ŗ—‘ page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a network-wide activation.
* Better compatibility with servers running certain versions of PHP (5.2.4, 5.4)
or with uncommon setups (safe mode, open_basedir), which had caused warnings or
in some cases prevented emails from being sent.

Additionally: Version 3.4.1 fixes a few security issues and contains some security
hardening. These issues were discovered and fixed by the WordPress security team:

* Privilege Escalation/XSS. Critical. Administrators and editors in multisite
were accidentally allowed to use unfiltered_html for 3.4.0.
* CSRF. Additional CSRF protection in the customizer.
* Information Disclosure: Disclosure of post contents to authors and contributors
(such as private or draft posts).
* Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
* Hardening: Require a child theme to be activated with its intended parent only.

Wordpress 3.4:

* Enhanced theme control
    * Customize theme options before activating a new theme using Theme Customizer
    * Use Theme Previewer to customize current theme without changing the front-end design

* Custom Headers
    * Improved Custom Headers with flexible sizes
    * Selecting Custom Header Images and Custom Background Images from Media Library Screen

* Media improvements
    * Support HTML in image captions

* Under the Hood improvements
    * Improvements in WordPress internationalization and localization (more info)
    * Different split in translation POT files for faster translations
    * Codex XML-RPC information update accessed via XML-RPC_WordPress_API
    * WP_Query improvements

Revision 1.19.4.1 / (download) - annotate - [select for diffs], Wed Apr 25 19:13:12 2012 UTC (9 years, 7 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pullup ticket #3756 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.25
- www/wordpress/distinfo                                        1.20

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Wed Apr 25 13:00:37 UTC 2012

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to Wordpress 3.3.2.

   Three external libraries included in WordPress received security updates:

   * Plupload (version 1.5.4), which WordPress uses for uploading media.
   * SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
   * SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

   WordPress 3.3.2 also addresses:

   * Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
   * Cross-site scripting vulnerability when making URLs clickable.
   * Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Revision 1.20 / (download) - annotate - [select for diffs], Wed Apr 25 13:00:37 2012 UTC (9 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)

Security update to Wordpress 3.3.2.

Three external libraries included in WordPress received security updates:

* Plupload (version 1.5.4), which WordPress uses for uploading media.
* SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
* SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

* Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
* Cross-site scripting vulnerability when making URLs clickable.
* Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Jan 4 21:10:33 2012 UTC (9 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2011Q4-base, pkgsrc-2011Q4
Branch point for: pkgsrc-2012Q1
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

Security update to 3.3.1.

This maintenance release fixes 15 issues with WordPress 3.3, as well as
a fix for a cross-site scripting vulnerability that affected version 3.3.

Revision 1.18 / (download) - annotate - [select for diffs], Wed Dec 14 19:47:45 2011 UTC (9 years, 11 months ago) by morr
Branch: MAIN
Changes since 1.17: +4 -4 lines
Diff to previous 1.17 (colored)

Update to version 3.3.

Highlights:

* Easier Uploading
    - File Type Detection - A single upload button
    - Drag-and-Drop Media Uploader
* Dashboard Design
    - New Toolbar in the dashboard, combining the Admin Bar and admin
      header
    - Responsive design for some screens, including iPad/tablet
      support
    - Flyout menus, providing single-click access to any screen
* New User Experience
    - New feature pointers, helping users navigate new features
    - Post-update About screen
    - Dashboard welcome area for new installs
* Content Tools
    - Better co-editing that releases post locks immediately
    - Don't lose widgets when switching themes
    - Tumblr Importer
* Under the Hood improvements
    - Use the postname permalink structure without a performance
      penalty
    - Improved Editor API
    - is_main_query() function and WP_Query method
    - Remove a number of funky characters from post slugs
    - jQuery 1.7.1 and jQuery UI 1.8.16
    - A new Screen API for adding help documentation and adapting to
      screen contexts
    - Improved metadata API
* Performance improvements and hundreds of bug fixes

More changes at http://codex.wordpress.org/Version_3.3

Revision 1.17 / (download) - annotate - [select for diffs], Fri Aug 19 18:18:26 2011 UTC (10 years, 3 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)

Update to newest release.

From the Announcement blog: "This maintenance release fixes a server
incompatibility related to JSON that„ŗ—‘ unfortunately affected some of you,
as well as a few other fixes in the new dashboard design and the Twenty
Eleven theme."

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Tue Jul 12 10:58:47 2011 UTC (10 years, 5 months ago) by tron
Branch: pkgsrc-2011Q2
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Pullup ticket #3471 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.20
- www/wordpress/PLIST                                           1.9
- www/wordpress/distinfo                                        1.16

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Mon Jul 11 22:53:50 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log Message:
   Update to newest version - 3.2.

   Highlights:

   * Refreshed Administrative UI - Admin redesign
   * New Default Theme "Twenty Eleven" - Uses the latest Theme Features
   * Full Screen Editor - Distraction free writing experience
   * Extended Admin Bar - More useful links to control the site

   * Enhanced Browser Compatibility -
     - Drop Internet Explorer 6 support
     - Start End-of-life (EOL) cycle for Internet Explorer 7
     - Browse Happy notify users of out-of-date browser

   * WordPress is Faster and Lighter -
     - Faster page loads -- We've gone through the most commonly loaded
     pages in WP and done improvements to their load time
     - Faster Upgrades -- The update system now support incremental
     upgrades so after 3.2 you'll find upgrading faster than ever
     - Optimizations to WP_Filesystem -- Updates over FTP are now much
     quicker and less error prone
     - Stream downloads to the filesystem -- Improves update times and
     lowers the memory footprint
     - Performance improvements for wptexturize()
     - Remove PHP4 compatibility including timezone support
     - More efficient term intersection queries
     - Some optimizations in the HTML sanitizer (kses)
     - Speed optimizations for is_serialized_string()
     - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary
     Ajax requests as well as the memory footprint
     - And many other improvements and tweaks

   Contains also security fixes from wordpress 3.1.4.

Revision 1.16 / (download) - annotate - [select for diffs], Mon Jul 11 22:53:49 2011 UTC (10 years, 5 months ago) by morr
Branch: MAIN
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

Update to newest version - 3.2.

Highlights:

* Refreshed Administrative UI - Admin redesign
* New Default Theme "Twenty Eleven" - Uses the latest Theme Features
* Full Screen Editor - Distraction free writing experience
* Extended Admin Bar - More useful links to control the site

* Enhanced Browser Compatibility -
  - Drop Internet Explorer 6 support
  - Start End-of-life (EOL) cycle for Internet Explorer 7
  - Browse Happy notify users of out-of-date browser

* WordPress is Faster and Lighter -
  - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time
  - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever
  - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone
  - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint
  - Performance improvements for wptexturize()
  - Remove PHP4 compatibility including timezone support
  - More efficient term intersection queries
  - Some optimizations in the HTML sanitizer (kses)
  - Speed optimizations for is_serialized_string()
  - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint
  - And many other improvements and tweaks

Contains also security fixes from wordpress 3.1.4.

Revision 1.12.2.3 / (download) - annotate - [select for diffs], Fri May 27 11:07:01 2011 UTC (10 years, 6 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.12.2.2: +4 -4 lines
Diff to previous 1.12.2.2 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)

Pullup ticket #3441 - requested by morr
www/wordpress security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.19
- www/wordpress/distinfo                                        1.15

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Thu May 26 22:59:38 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.1.3.

   * Various security hardening by Alexander Concha.
   * Taxonomy query hardening by John Lamansky.
   * Prevent sniffing out user names of non-authors by using canonical
     redirects. Props VerůÓica Valeros.
   * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of
     Microsoft, and Microsoft Vulnerability Research.
   * Improves file upload security on hosts with dangerous security
     settings.
   * Cleans up old WordPress import files if the import does not finish.
   * Introduce "clickjacking" protection in modern browsers on admin and
     login pages.

Revision 1.15 / (download) - annotate - [select for diffs], Thu May 26 22:59:38 2011 UTC (10 years, 6 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base
Branch point for: pkgsrc-2011Q2
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

Security update to 3.1.3.

* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce "clickjacking" protection in modern browsers on admin and login pages.

Revision 1.12.2.2 / (download) - annotate - [select for diffs], Mon May 9 04:59:08 2011 UTC (10 years, 7 months ago) by sbd
Branch: pkgsrc-2011Q1
Changes since 1.12.2.1: +4 -4 lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored)

Pullup ticket #3425 - requested by morr
www/wordpress security update.

Revisions pulled up:
- www/wordpress/Makefile                                        1.18
- www/wordpress/distinfo                                        1.14

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sun May  8 20:43:36 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.1.2.

   * Fix a vulnerability that allowed Contributor-level users to improperly
     publish posts.
   * Fix user queries ordered by post count.
   * Fix multiple tag queries.
   * Prevent over-escaping of post titles when using Quick Edit for pages.

Revision 1.14 / (download) - annotate - [select for diffs], Sun May 8 20:43:36 2011 UTC (10 years, 7 months ago) by morr
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)

Security update to 3.1.2.

* Fix a vulnerability that allowed Contributor-level users to improperly
  publish posts.
* Fix user queries ordered by post count.
* Fix multiple tag queries.
* Prevent over-escaping of post titles when using Quick Edit for pages.

Revision 1.12.2.1 / (download) - annotate - [select for diffs], Mon Apr 11 14:20:16 2011 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2011Q1
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

Pullup ticket #3408 - requested by morr
www/wordpress security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.17
- www/wordpress/distinfo                                        1.13

---
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Sat Apr  9 00:57:43 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Update to wordpress 3.1.1.

   This maintenance and security release fixes almost thirty issues in 3.1,
   including:

   * Some security hardening to media uploads
   * Performance improvements
   * Fixes for IIS6 support
   * Fixes for taxonomy and PATHINFO (/index.php/) permalinks
   * Fixes for various query and taxonomy edge cases that caused some plugin
   compatibility issues

   Version 3.1.1 also addresses three security issues discovered by
   WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
   team. The first hardens CSRF prevention in the media uploader. The
   second avoids a PHP crash in certain environments when handling
   devilishly devised links in comments, and the third addresses an XSS
   flaw.

Revision 1.13 / (download) - annotate - [select for diffs], Sat Apr 9 00:57:42 2011 UTC (10 years, 8 months ago) by morr
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

Update to wordpress 3.1.1.

This maintenance and security release fixes almost thirty issues in 3.1,
including:

* Some security hardening to media uploads
* Performance improvements
* Fixes for IIS6 support
* Fixes for taxonomy and PATHINFO (/index.php/) permalinks
* Fixes for various query and taxonomy edge cases that caused some plugin
compatibility issues

Version 3.1.1 also addresses three security issues discovered by
WordPress core developers Jon Cave and Peter Westwood, of wordpress's security
team. The first hardens CSRF prevention in the media uploader. The
second avoids a PHP crash in certain environments when handling
devilishly devised links in comments, and the third addresses an XSS
flaw.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 27 10:30:16 2011 UTC (10 years, 9 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base
Branch point for: pkgsrc-2011Q1
Changes since 1.11: +4 -4 lines
Diff to previous 1.11 (colored)

Update to wordpress-3.1.

Changes:
* Internal Linking - click a button for an internal link and it allows
you to search for a post or browse a list of existing content and select it
for inclusion.
* Admin Bar - contains various links to useful admin screens. By default,
the admin bar is displayed when a user is logged in and visiting the site
and is not displayed in admin screens for single blog installs. For multisite
installs, the admin bar is displayed both when visiting the site and in the
admin screens.
* Streamlined Writing Interface - new users of WordPress will find the write
screen much less cluttered than before, as more of the options are hidden by
default. You can click on Screen Options in the top right to bring them back.
* Post Formats - meta information that can be used by themes to customize
presentation of a post. Read more in the article Post Formats.
* Network Admin - move Super Admin menus and related pages out of the regular
admin and into a new Network Admin screen.
* List-type Admin Screens - sortable columns for list-type screens and better
pagination.
* Exporter/Importer Overhaul - many under the hood changes including adding
author information, better handling for taxonomies and terms, and proper
support for navigation menus.
* Custom Content Type Improvements - allows developers to generate archive
pages, and have better menu and capability controls.
* Advanced Queries - allows developers to query multiple taxonomies and custom
fields.
* Refreshed Blue Admin Color Scheme - puts the focus more squarely on your
content.

More changes at http://codex.wordpress.org/Version_3.1

Revision 1.10.2.1 / (download) - annotate - [select for diffs], Fri Feb 11 04:31:47 2011 UTC (10 years, 9 months ago) by sbd
Branch: pkgsrc-2010Q4
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored) next main 1.11 (colored)

Pullup ticket #3349 - requested by morr
www/wordpress update

Revisions pulled up:
- pkgsrc/www/wordpress/Makefile		1.15
- pkgsrc/www/wordpress/distinfo		1.11

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	morr
   Date:		Thu Feb 10 10:25:50 UTC 2011

   Modified Files:
   	pkgsrc/www/wordpress: Makefile distinfo

   Log Message:
   Security update to 3.0.5. Changes:

   * Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer
     additional sanitization to various fields. Affects users of the
     Author or Contributor role.
   * Fix XSS bug: Preserve tag escaping in the tags meta box. Affects
     users of the Author or Contributor role.
   * Fix potential information disclosure of posts through the media
     uploader. Affects users of the Author role.
   * Enhancement: Force HTML filtering on comment text in the admin
   * Enhancement: Harden check_admin_referer() when called without
     arguments, which plugins should avoid.
   * Update the license to GPLv2 (or later) and update copyright
     information for the KSES library.

Revision 1.11 / (download) - annotate - [select for diffs], Thu Feb 10 10:25:50 2011 UTC (10 years, 10 months ago) by morr
Branch: MAIN
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)

Security update to 3.0.5. Changes:

* Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
* Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.
* Fix potential information disclosure of posts through the media uploader. Affects users of the Author role.
* Enhancement: Force HTML filtering on comment text in the admin
* Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid.
* Update the license to GPLv2 (or later) and update copyright information for the KSES library.

Revision 1.7.2.3 / (download) - annotate - [select for diffs], Fri Dec 31 07:12:18 2010 UTC (10 years, 11 months ago) by sbd
Branch: pkgsrc-2010Q3
Changes since 1.7.2.2: +4 -4 lines
Diff to previous 1.7.2.2 (colored) to branchpoint 1.7 (colored) next main 1.8 (colored)

Pullup ticket #3314 - requested by morr
wordpress critical security update.

Revisions pulled up:
- www/wordpress/Makefile	1.14
- www/wordpress/distinfo	1.10

-------------------------------------------------------------------------
Module Name:	pkgsrc
Committed By:	morr
Date:		Thu Dec 30 22:27:45 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive
  to attribute names. Handle padded entities when checking for bad
  protocols. Normalize entities before checking for bad protocols in
  esc_url().

Revision 1.10 / (download) - annotate - [select for diffs], Thu Dec 30 22:27:45 2010 UTC (10 years, 11 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)

Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to
attribute names. Handle padded entities when checking for bad protocols.
Normalize entities before checking for bad protocols in esc_url().

Revision 1.7.2.2 / (download) - annotate - [select for diffs], Sun Dec 12 15:34:39 2010 UTC (10 years, 11 months ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.7.2.1: +3 -3 lines
Diff to previous 1.7.2.1 (colored) to branchpoint 1.7 (colored)

Pullup ticket #3300 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.13
- www/wordpress/distinfo			1.9
---
Module Name:	pkgsrc
Committed By:	morr
Date:		Fri Dec 10 23:34:18 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to 3.0.3. Changes:

Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.

Revision 1.9 / (download) - annotate - [select for diffs], Fri Dec 10 23:34:18 2010 UTC (11 years ago) by morr
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Security update to 3.0.3. Changes:

Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.

Revision 1.7.2.1 / (download) - annotate - [select for diffs], Tue Dec 7 12:08:21 2010 UTC (11 years ago) by tron
Branch: pkgsrc-2010Q3
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Pullup ticket #3296 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.12
- www/wordpress/PLIST				1.7
- www/wordpress/distinfo			1.8
---
Module Name:	pkgsrc
Committed By:	morr
Date:		Sun Dec  5 16:46:29 UTC 2010

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could
  gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can
  easily be abused.
* Fix canonical redirection for permalinks containing %category% with
  nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting
  a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap()
  even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a
  URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for
  upgraded WordPress MU installs

While here, set license.

Revision 1.8 / (download) - annotate - [select for diffs], Sun Dec 5 16:46:28 2010 UTC (11 years ago) by morr
Branch: MAIN
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Security update. Changes:

* Fix moderate security issue where a malicious Author-level user could gain further access to the site.

* Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
* Fix canonical redirection for permalinks containing %category% with nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

While here, set license.

Revision 1.7 / (download) - annotate - [select for diffs], Wed Aug 4 07:52:37 2010 UTC (11 years, 4 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base
Branch point for: pkgsrc-2010Q3
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)

Update to 3.0.1.

3.0.1:
* Fixed 54 tickets total. A break down of ticket status by component can be found in Trac (http://core.trac.wordpress.org/milestone/3.0.1).
* Added unregister_nav_menu(), for child themes.

3.0:
* WordPress and WordPress MU have merged, allowing the management of multiple sites (called Multisite) from one WordPress installation.
* New default theme "Twenty Ten" takes full advantage of the current features of WordPress.
* New Custom Menu Management feature, allows creation of custom menus combining posts, pages, categories, tags, and links for use in theme menus or widgets.
* Custom Header and Custom Background APIs.
* Contextual help text accessed under the Help tab of every screen in the WordPress administration.
* Ability to set the admin username and password during installation.
* Bulk updating of themes with an automatic maintenance mode during the process.
* Support for Shortlinks.
* Improved Custom Post Types and Custom Taxonomies including hierarchical (category-style) support. (Try the Custom Post Type UI or GD Custom Posts And Taxonomies Tools plugins to see the possibilities.)
* A lighter admin color scheme to increase accessibility and put the focus more squarely on your content.

Revision 1.6 / (download) - annotate - [select for diffs], Mon Apr 19 22:34:02 2010 UTC (11 years, 7 months ago) by morr
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)

Update to 2.9.2

2.9.2:
    * Fixed problem where where logged in users can peek at trashed posts belonging to other authors.
    * Fixed other issues

2.9.1:
    * Fixed problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts
    * Fixed other issues

2.9:

 User Features

    * Trash status for posts, pages, and comments (includes restore and permanent delete)
    * Add support for 'include' and 'exclude' to [gallery] (Gallery Shortcode)
    * Allow user registration to be enabled by an XMLRPC client
    * Add support for sticky posts to the WXR exporter and importer
    * 'rel=canonical' for singular pages
    * Scroll back to the same location after saving a file in the Plugin and Theme editors
    * Correct comments and remove unnecessary echos from the default themes sidebar template file
    * Enable the APP (Atom) attachment file download to work correctly
    * Support location of category templates based on 'category-slug' as well as 'category-id' (Ticket 10614)
    * Support location of tag templates based on 'tag-id' as well as 'tag-slug' (Ticket 10868)
    * Support location of page templates based on 'page-slug' and 'page-id'
    * Set "Allow my blog to appear in search engines" to checked in installation
    * Don't offer to make a category its own parent
    * Remove Sphere from search list
    * Minify admin CSS
    * Show correct max upload filesize error message
    * Add 'rel' attribute to next/previous post links
    * Make the default and classic themes comment textareas valid XHTML
    * Clean up '.button' and '.button[disabled]' CSS classes, add 'spinner' and 'gray-out' buttons after clicking Publish or Update post
    * Fix race condition with autosave when clicking Publish immediately after entering post title
    * Add Comments for Pages in the WordPress Default theme
    * Define '$content_width' for Kubrick
    * Better feedback on publishing of future posts and pages
    * Display comments in descending date order, consistently
    * Add means of automatically repairing tables
    * Press This bookmarklet fixes
    * Give plugins and themes simple control over the text displayed at the end of an autogenerated Excerpt
    * Don't show "Change Permalinks" button when editing the page set as "Front page"
    * Image editing
    * Retire BunnyTags importer
    * Retire Jerome's keywords importer
    * Explain that the permalink is temporary for autosave generated permalinks
    * Update SimplePie to 1.2
    * Eliminate the redundant and confusing comment threading depth of 1
    * Easier Embeds with oEmbed support (see Ticket #10337) (oEmbed discovery disabled by default, use plugin to enable it)
    * TinyMCE 3.2.7
    * Remove rel='tag' on links in Tag Clouds
    * Add a title to the Home link output by wp_page_menu()
    * Adjust comment moderation keyboard shortcut keys 'd = trash' or delete depending on the screen
    * Show "Draft updated" instead of "Post updated" when saving draft
    * Show the login form in a popup when autosave hits the login grace period
    * Open View/Preview post in a new window from the link in the Saved/Updated message
    * Separate fields for 'image alt' and 'image caption' in Media uploader
    * Display better information about broken themes when there is no stylesheet
    * Improve situation when tables such as wp_options table were 'corrupt' new installation message was offered. Add means of automatically repairing tables
    * Export and import custom taxonomies
    * Admin copy improvements
    * Don't show page templates in the drop down if they are in a subdirectory
    * Make codex link open in a new window
    * Change 'Remove' link on widgets to 'Delete' because it doesn't just remove it, it deletes the settings for that widget instance.

Development, Themes, Plugins

    * Added 'excerpt_more' filter to wp_trim_excerpt() function, which allow developers to change excerpt '[...]' more string (Ticket 10395)
    * Add 'smilies_src' filter so plugins can better add smilies
    * Canonical redirects for post name queries
    * Allow _wp_get_comment_list() to handle custom comment types
    * Return an empty array instead of false for get_children() when no children found
    * Add some filters so that HTTP requests can be filtered
    * Move plugin update notice output to the plugin specific hook
    * Limit wp-mail 'blog by email' checks to every 5 minutes
    * Make it much easier to filter contact methods from user profiles
    * Allow filtering of get_edit_post_link for custom post_type
    * 'get_sample_permalink_html' filter
    * Enforce activation key to be a string, reject activation keys that are arrays
    * Support for new post types
    * Respect custom post_type in queries
    * Send Retry-After header when in maintenance mode
    * Various WP Filesystem related fixes and documentation
    * Add constants for ftp connections timeouts
    * Increase timeout on cron-based requests when checking for upgrades
    * Don't use has_action() before do_action() in http.php
    * Speed up jQuery based scripts
    * Use the current user as author for autosave
    * Show My Posts as default view on the Edit Posts screen for users without 'edit_others_posts' cap
    * Ensure that drafts viewed over XMLRPC have a correct gmt date set
    * Pass user id to 'get_' the_author_meta filters
    * Move _wp_get_user_contactmethods() into the registrations functions file
    * Machine parseable db error codes
    * Add global JS vars and actions to the media uploader iframe
    * Add JSON compat for PHP < 5.2
    * Make option_name the primary key for the options table
    * Allow a plugin to do a complete takeover of Post by Email
    * Logarithmic scale for tag cloud
    * Pass Post ID to the 'get_comments_number' filter
    * Always filter the url in the media upload form
    * Add a 'the_terms' filter
    * is_blog_installed() improvements
    * Allow force_ssl_admin() to properly accept false as a value
    * Pass logged_in cookie to async-upload and filter the cookie scheme in auth_redirect()
    * Add more actions around database add/delete/update operations
    * phpDoc for wp_"check|set"_post_lock functions
    * Use the old strings which are more translator friendly and add a generic default string to aid re-use by plugins adding post_types
    * Filter fields through kses upon display and introduce sanitize_user_object() and sanitize_user_field()
    * Use null instead of 0 when setting content length
    * Include 'hidden' directories in filesystem dirlist by default
    * Pass args array to 'wp_list_pages' filter
    * Actions for taxonomy updates
    * Key should be 'comment_id' not 'post_id' in comments table
    * Add get_delete_post_link () to retrieve delete posts link for post
    * Add 'separator' parameter to wp_tag_cloud() and wp_generate_tag_cloud() functions (Ticket 10315)
    * Added add_comment_meta() family of functions
    * Use a post_parent of 0 instead of -1 to indicate unattached posts
    * Improve get_page_hierarchy() function
    * Deprecate the_content_rss(), add the_content_feed() and get_the_content_feed(). Convert places that called the_content_rss() with an excerpt length to the_excerpt_rss(). Remove the rss_excerpt_length option. Use the_content_feed() where the_content() was previously used in feeds.
    * Add 'pad_counts' argument to wp_dropdown_categories()
    * Remove codepress
    * Remove the php-gettext library
    * Canonical post thumbanils
    * Add a filter to the_author_posts_link()
    * Merge post.js with page.js and slug.js, optimize categories and tags JS, standardize postboxes IDs and JS
    * Introduce register_theme_directory() which takes a wp-content-relative path and will additionally scan it for themes. Plugins can use this to add themes without requiring copying by the user
    * Add set_user_role action hook
    * Allow theme devs to change attrs (like CSS class) of thumbnail images
    * Add wp-post-image CSS class to post images
    * Allow for plugins to enhance the number of metadata fields captured from plugin and theme headers
    * Merge updated pomo code
    * Switch to using NOOP_Translations for untranslated sites
    * Improve wptexturize performance
    * Provide context to the strings in the Plugin and Theme installers to allow for different grammatical gender
    * Fixes for theme subdir support
    * Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data
    * Add 'orderby=comment_count' argument to query_posts()
    * Honor Post Type for Sticky Posts
    * Allow querying multiple post types
    * Introduce add_theme_support(feature) and current_theme_supports(feature) for announcing and checking theme support for various features
    * Introduce require_if_theme_supports()
    * Add number of Embed related filters
    * Add 'IMAGE_EDIT_OVERWRITE' constant to control edited image save or replace, most useful for setups that have dynamic image resizing
    * Add load_child_theme_textdomain() to allow child themes to have their own translation files
    * Add sidebar descriptions to sidebar settings and widget admin screen
    * Make option_id primary. Add uniques for option_name and autoload
    * Allow plugins to override the behaviour of load_textdomain() in a variety of flexible ways
    * Mark _c() as deprecated. The new _x() function should be used instead.
    * Allow plugins to change the redirect on post/page publishing/submitting
    * Standardize on 'user_id' instead of 'user_ID' when passing comment data. Accept either 'user_id' or 'user_ID'. Remove 'user_id' global.
    * Filter imported comments
    * Introducing set_post_image_size(w, h, crop) so themes can register their special size/crop for canonical post images
    * Standardize around "post image" instead of "post thumbnail"
    * Allow registering post image support per post type
    * Return false from is_paged() if on the first page.
    * Check MySQL and PHP versions when auto upgrading
    * Add required php and mysql versions to version.php
    * Hard code required version in update-core.php

PR pkg/42765

Revision 1.4.2.1 / (download) - annotate - [select for diffs], Fri Nov 13 11:07:27 2009 UTC (12 years ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pullup ticket #2933 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile			1.6
- www/wordpress/PLIST				1.4
- www/wordpress/distinfo			1.5
---
Module Name:    pkgsrc
Committed By:   adrianp
Date:           Thu Nov 12 22:05:55 UTC 2009

Modified Files:
        pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with
define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in
certain Apache configurations

Revision 1.5 / (download) - annotate - [select for diffs], Thu Nov 12 22:05:55 2009 UTC (12 years ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)

Update to 2.8.6

- 2.8.5
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it again with define('ALLOW_UNFILTERED_UPLOADS', true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes

- 2.8.6
* Fixed an XSS vulnerability in Press This
* Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations

Revision 1.1.1.1.2.3 / (download) - annotate - [select for diffs], Fri Aug 14 10:02:07 2009 UTC (12 years, 3 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.2: +3 -3 lines
Diff to previous 1.1.1.1.2.2 (colored) to branchpoint 1.1.1.1 (colored) next main 1.2 (colored)

Pullup ticket #2864 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.5
- www/wordpress/distinfo		1.4
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Wed Aug 12 20:21:10 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Update to 2.8.4 to fix security issue:
	http://wordpress.org/development/2009/08/2-8-4-security-release/

Revision 1.4 / (download) - annotate - [select for diffs], Wed Aug 12 20:21:10 2009 UTC (12 years, 3 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base
Branch point for: pkgsrc-2009Q3
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)

Update to 2.8.4 to fix security issue:
	http://wordpress.org/development/2009/08/2-8-4-security-release/

Revision 1.1.1.1.2.2 / (download) - annotate - [select for diffs], Wed Aug 5 10:37:39 2009 UTC (12 years, 4 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1.2.1: +3 -3 lines
Diff to previous 1.1.1.1.2.1 (colored) to branchpoint 1.1.1.1 (colored)

Pullup ticket #2848 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.4
- www/wordpress/distinfo		1.3
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Aug	 4 21:32:40 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile distinfo

Log Message:
WordPress 2.8.3 Security Release

Unfortunately, I missed some places when fixing the privilege escalation issues
for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several
folks in the community dug deeper and discovered areas that were overlooked.
With their help, the remaining issues are fixed in 2.8.3.  Since this is a
security release, upgrading is highly recommended.

Revision 1.3 / (download) - annotate - [select for diffs], Tue Aug 4 21:32:40 2009 UTC (12 years, 4 months ago) by adrianp
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)

WordPress 2.8.3 Security Release

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.

Revision 1.1.1.1.2.1 / (download) - annotate - [select for diffs], Tue Jul 28 22:11:15 2009 UTC (12 years, 4 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1: +3 -3 lines
Diff to previous 1.1.1.1 (colored)

Pullup ticket #2843 - requested by adrianp
wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile		1.3
- www/wordpress/PLIST			1.3
- www/wordpress/distinfo		1.2
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Tue Jul 28 21:20:20 UTC 2009

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an
option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 28 21:20:20 2009 UTC (12 years, 4 months ago) by adrianp
Branch: MAIN
Changes since 1.1: +4 -4 lines
Diff to previous 1.1 (colored)

Update to 2.8.2

Highlights
* New drag-and-drop widgets admin interface and new widgets API
* Syntax highlighting and function lookup built into plugin and theme editors
* Browse the theme directory and install themes from the admin
* Allow the dashboard widgets to be arranged in up to four columns
* Allow configuring the number of items to show on management pages with an option in Screen Options
* Support timezones and automatic daylight savings time adjustment
* Support IIS 7.0 URL Rewrite Module
* Faster loading of admin pages via script compression and concatenation

For all the details see: http://codex.wordpress.org/Version_2.8

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Apr 6 11:31:02 2009 UTC (12 years, 8 months ago) by adrianp
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Import of wordpress 2.7.1 from pkgsrc-wip
Initiall packaged by shinden@linux.pl and then hacked by me

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 6 11:31:02 2009 UTC (12 years, 8 months ago) by adrianp
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>