summaryrefslogtreecommitdiff
path: root/www/wordpress
diff options
context:
space:
mode:
authormorr <morr@pkgsrc.org>2013-09-12 17:19:59 +0000
committermorr <morr@pkgsrc.org>2013-09-12 17:19:59 +0000
commit809cdc6ec1e3647bf1d03cbbfe8611fccce5a7d6 (patch)
tree798e84e8a72047083840800ff49e68bda6f718b6 /www/wordpress
parentb6355a45e997e6cf766c39510d0e09cb77fbda70 (diff)
downloadpkgsrc-809cdc6ec1e3647bf1d03cbbfe8611fccce5a7d6.tar.gz
This maintenance release addresses 13 bugs with version 3.6.
Additionally: Version 3.6.1 fixes three security issues: * Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338. * Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339. * Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340. Additional security hardening: * Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML. More on http://codex.wordpress.org/Version_3.6.1
Diffstat (limited to 'www/wordpress')
-rw-r--r--www/wordpress/Makefile4
-rw-r--r--www/wordpress/PLIST6
-rw-r--r--www/wordpress/distinfo8
3 files changed, 7 insertions, 11 deletions
diff --git a/www/wordpress/Makefile b/www/wordpress/Makefile
index cbc41aecb5e..f0288a9270a 100644
--- a/www/wordpress/Makefile
+++ b/www/wordpress/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2013/08/08 07:50:58 morr Exp $
+# $NetBSD: Makefile,v 1.35 2013/09/12 17:19:59 morr Exp $
DISTNAME= wordpress-${VERSION}
-VERSION= 3.6
+VERSION= 3.6.1
CATEGORIES= www
MASTER_SITES= http://wordpress.org/
diff --git a/www/wordpress/PLIST b/www/wordpress/PLIST
index 96c650e20b2..d1bcd18e981 100644
--- a/www/wordpress/PLIST
+++ b/www/wordpress/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.16 2013/08/08 07:50:58 morr Exp $
+@comment $NetBSD: PLIST,v 1.17 2013/09/12 17:19:59 morr Exp $
share/doc/wordpress/license.txt
share/doc/wordpress/readme.html
share/examples/wordpress/wordpress.conf
@@ -208,8 +208,6 @@ share/wordpress/wp-admin/js/accordion.js
share/wordpress/wp-admin/js/accordion.min.js
share/wordpress/wp-admin/js/cat.js
share/wordpress/wp-admin/js/cat.min.js
-share/wordpress/wp-admin/js/categories.js
-share/wordpress/wp-admin/js/categories.min.js
share/wordpress/wp-admin/js/color-picker.js
share/wordpress/wp-admin/js/color-picker.min.js
share/wordpress/wp-admin/js/comment.js
@@ -218,8 +216,6 @@ share/wordpress/wp-admin/js/common.js
share/wordpress/wp-admin/js/common.min.js
share/wordpress/wp-admin/js/custom-background.js
share/wordpress/wp-admin/js/custom-background.min.js
-share/wordpress/wp-admin/js/custom-fields.js
-share/wordpress/wp-admin/js/custom-fields.min.js
share/wordpress/wp-admin/js/custom-header.js
share/wordpress/wp-admin/js/customize-controls.js
share/wordpress/wp-admin/js/customize-controls.min.js
diff --git a/www/wordpress/distinfo b/www/wordpress/distinfo
index 753f0843874..ac85bc9b7e0 100644
--- a/www/wordpress/distinfo
+++ b/www/wordpress/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.26 2013/08/08 07:50:58 morr Exp $
+$NetBSD: distinfo,v 1.27 2013/09/12 17:19:59 morr Exp $
-SHA1 (wordpress-3.6.tar.gz) = c45019be71acb361df2b1e7d81a5348539ce35e6
-RMD160 (wordpress-3.6.tar.gz) = dca8ec30466ff367e23311b3b5310c1fe007a03c
-Size (wordpress-3.6.tar.gz) = 4028740 bytes
+SHA1 (wordpress-3.6.1.tar.gz) = a1ad687776a9348e85b9f9603b4d227e433ef697
+RMD160 (wordpress-3.6.1.tar.gz) = 6fdc4f6fb115905b14ff9bb4902839984c395f11
+Size (wordpress-3.6.1.tar.gz) = 4029511 bytes