CVS commit: pkgsrc/www/wordpress

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/wordpress
From: "Daniel Horecki" <morr%netbsd.org@localhost>
Date: Sun, 1 Nov 2020 15:06:09 +0000

Module Name:    pkgsrc
Committed By:   morr
Date:           Sun Nov  1 15:06:09 UTC 2020

Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security and maintenance update to version 5.5.3.

5.5.3:

This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.

5.5.2:

Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/wordpress/Makefile
diff -u pkgsrc/www/wordpress/Makefile:1.94 pkgsrc/www/wordpress/Makefile:1.95
--- pkgsrc/www/wordpress/Makefile:1.94  Sat Sep 19 12:29:15 2020
+++ pkgsrc/www/wordpress/Makefile       Sun Nov  1 15:06:08 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.94 2020/09/19 12:29:15 morr Exp $
+# $NetBSD: Makefile,v 1.95 2020/11/01 15:06:08 morr Exp $
 
 DISTNAME=              wordpress-${VERSION}
-VERSION=               5.5.1
+VERSION=               5.5.3
 CATEGORIES=            www
 MASTER_SITES=          https://wordpress.org/
 

Index: pkgsrc/www/wordpress/distinfo
diff -u pkgsrc/www/wordpress/distinfo:1.76 pkgsrc/www/wordpress/distinfo:1.77
--- pkgsrc/www/wordpress/distinfo:1.76  Sat Sep 19 12:29:15 2020
+++ pkgsrc/www/wordpress/distinfo       Sun Nov  1 15:06:08 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.76 2020/09/19 12:29:15 morr Exp $
+$NetBSD: distinfo,v 1.77 2020/11/01 15:06:08 morr Exp $
 
-SHA1 (wordpress-5.5.1.tar.gz) = d3316a4ffff2a12cf92fde8bfdd1ff8691e41931
-RMD160 (wordpress-5.5.1.tar.gz) = 3bf7930b3faa21a0f88395942b899c7397eeac68
-SHA512 (wordpress-5.5.1.tar.gz) = 11285e6e776756185814cde905986ce01f586d159fb06de5d16463cec544c8b3b85a695af51e9de71cbcd79f039ed8f6da233a8e82f5ee797d5124983b6ff0d3
-Size (wordpress-5.5.1.tar.gz) = 12983648 bytes
+SHA1 (wordpress-5.5.3.tar.gz) = 61015720c679a6cbf9ad51701f0f3fedb51b3273
+RMD160 (wordpress-5.5.3.tar.gz) = 88e39d79ce49bb4be5a85d97aa1ced5780844d01
+SHA512 (wordpress-5.5.3.tar.gz) = acc96987e792c85f1a1e4fbc434dc10e6c648ba51d0239354d8ee398604db90c6dfa075b565ddb4ab15cb36d9e06095c93ce30027b3cb61b04ffe5986069da03
+Size (wordpress-5.5.3.tar.gz) = 12987499 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index