./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2013Q2, Version: 3.6.1, Package name: wordpress-3.6.1, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.


Required to run:
[www/ap-php] [databases/php-mysql]

Required to build:
[www/apache22]

Package options: ap-php

Master sites:

SHA1: a1ad687776a9348e85b9f9603b4d227e433ef697
RMD160: 6fdc4f6fb115905b14ff9bb4902839984c395f11
Filesize: 3935.069 KB

Version history: (Expand)


CVS history: (Expand)


   2013-09-13 15:07:27 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #4234 - requested by morr
www/wordpress: security update

Revisions pulled up:
- www/wordpress/Makefile                                        1.34-1.35
- www/wordpress/PLIST                                           1.16-1.17
- www/wordpress/distinfo                                        1.26-1.27

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Aug  8 07:50:58 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log message:
   Update to newest version of Wordpress 3.6.

   ChangeLog:

   New Default Theme - Twenty Thirteen
   * Focus on blogging
   * Single column layout with Sidebar / Widgets in the footer
   * Latest Theme Features support, particularly Post Formats and Semantic Markup
   * Font-based icons (Genericons)

   Admin Enhancements
   * UI improvements on Navigation Menus Screen
   * Revisions revised to be more dynamic and scalable
   * Autosave and Post Locking
   * Preview Audio and Video on Media Edit Screen
   * In-line login following expired sessions

   For Developers
   * External Libraries have been updated.
   * New audio/video APIs give developers access to powerful media metadata, like
   ID3 tags.
   * Filters for revisions, allowing you to set the number of revisions ad hoc
   instead of only via a define.
   * Semantic Markup allows themes to choose improved HTML5 markup for search
   forms, comment forms, and comment lists.
   * Search content for shortcodes with has_shortcode() and adjust shortcode
   attributes with a new filter.

   More info on http://codex.wordpress.org/Version_3.6

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Thu Sep 12 17:19:59 UTC 2013

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log message:
   This maintenance release addresses 13 bugs with version 3.6.

   Additionally: Version 3.6.1 fixes three security issues:

   * Remote Code Execution: Block unsafe PHP de-serialization that could occur in
   limited situations and setups, which can lead to remote code execution.
   Reported by Tom Van Goethem. CVE-2013-4338.
   * Link Injection / Open Redirect: Fix insufficient input validation that could
   result in redirecting or leading a user to another website.
   Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers
   for Disease Control and Prevention. CVE-2013-4339.
   * Privilege Escalation: Prevent a user with an Author role, using a specially
   crafted request, from being able to create a post "written by" \ 
another user.
   Reported by Anakorn Kyavatanakij. CVE-2013-4340.

   Additional security hardening:

   * Updated security restrictions around file uploads to mitigate the potential
   for cross-site scripting. The extensions .swf and .exe are no longer allowed
   by default, and .htm and .html are only allowed if the user has the ability
   to use unfiltered HTML.

   More on http://codex.wordpress.org/Version_3.6.1