pkgsrc.se | The NetBSD package collection

./www/wordpress, Blogging tool written in php

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2019Q4, Version: 5.3.2, Package name: wordpress-5.3.2, Maintainer: morr

WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.

Required to run:
[archivers/php-zlib] [archivers/php-zip] [databases/php-mysqli] [graphics/php-gd] [www/ap-php] [www/php-curl]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: ap-php

Master sites:

https://wordpress.org/ (Download)

SHA1: fded476f112dbab14e3b5acddd2bcfa550e7b01b
RMD160: 4385dac6def9eeeb6fccdcc2b247ace9fc354b64
Filesize: 12098.907 KB

Version history: (Expand)

(2020-02-23) Updated to version: wordpress-5.3.2
(2020-01-02) Package added to pkgsrc.se, version wordpress-5.3nb1 (created)

CVS history: (Expand)

2020-02-23 19:10:23 by Benny Siegert | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #6139 - requested by morr
www/wordpress: security fix

Revisions pulled up:
- www/wordpress/Makefile                                        1.91
- www/wordpress/PLIST                                           1.42
- www/wordpress/distinfo                                        1.73

---
   Module Name:    pkgsrc
   Committed By:   morr
   Date:           Sun Feb 23 09:59:42 UTC 2020

   Modified Files:
           pkgsrc/www/wordpress: Makefile PLIST distinfo

   Log message:
   Update to version 5.3.2.

   Changes:

   Version 5.3.2:
   Maintenance updates
   - Date/Time: Ensure that get_feed_build_date() correctly handles a modified \ 
post object with invalid date.
   - Uploads: Fix file name collision in wp_unique_filename() when uploading a \ 
file with upper case extension on non case-sensitive file systems.
   - Media: Fix PHP warnings in wp_unique_filename() when the destination \ 
directory is unreadable.
   - Administration: Fix the colors in all color schemes for buttons with the \ 
.active class.
   - Tests/build tools: In wp_insert_post(), when checking the post date to set \ 
future or publish status, use a proper delta comparison.

   Version 5.3.1:
   Security fixes
   - Props to Daniel Bachhuber for finding an issue where an unprivileged user \ 
could make a post sticky via the REST API.
   - Props to Simon Scannell of RIPS Technologies for finding and disclosing an \ 
issue where cross-site scripting (XSS) could be stored in well-crafted links.
   - Props to the WordPress.org Security Team for hardening \ 
wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
   - Props to Nguyen The Duc for discovering a stored XSS vulnerability using \ 
block editor content.

   Maintenance updates
   - Administration: improvements to admin form controls height and alignment \ 
standardization (see related dev note), dashboard widget links accessibility and \ 
alternate color scheme readability issues (see related dev note).
   - Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
   - Bundled themes: add customizer option to show/hide author bio, replace JS \ 
based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
   - Date/time: improve non-GMT dates calculation, fix date format output in \ 
specific languages and make get_permalink() more resilient against PHP timezone \ 
changes.
   - Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist \ 
anymore.
   - External libraries: update sodium_compat.
   - Site health: allow the remind interval for the admin email verification to \ 
be filtered.
   - Uploads: avoid thumbnails overwriting other uploads when filename matches, \ 
and exclude PNG images from scaling after upload.
   - Users: ensure administration email verification uses the user’s locale \ 
instead of the site locale.