Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1641847700182970"
MIME-Version: 1.0
Date: Mon, 10 Jan 2022 20:48:20 +0000
From: "Daniel Horecki" <morr@netbsd.org>
Subject: CVS commit: pkgsrc/www/wordpress
To: pkgsrc-changes@NetBSD.org
Reply-To: morr@netbsd.org
Message-Id: <20220110204820.5E123FB24@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1641847700182970
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	morr
Date:		Mon Jan 10 20:48:20 UTC 2022

Modified Files:
	pkgsrc/www/wordpress: Makefile PLIST distinfo

Log Message:
Security update to 5.8.3.

Changes since 5.8:

5.8.3

4 security issues affect WordPress versions between 3.7 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues:

* Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
* Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
* Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
* Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query.

More info on https://wordpress.org/support/wordpress-version/version-5-8-3/

5.8.2

1 security update and fixed 2 bugs.

More info on https://wordpress.org/support/wordpress-version/version-5-8-2/

5.8.1

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven't yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

* Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
* Props to Michal Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
* The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:

* Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release's beta period.
* Props Steve Henty for reporting a privilege escalation issue in the block editor.

More info on https://wordpress.org/support/wordpress-version/version-5-8-1/


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.49 -r1.50 pkgsrc/www/wordpress/PLIST
cvs rdiff -u -r1.85 -r1.86 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1641847700182970
Content-Disposition: inline
Content-Length: 2530
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/www/wordpress/Makefile
diff -u pkgsrc/www/wordpress/Makefile:1.101 pkgsrc/www/wordpress/Makefile:1.102
--- pkgsrc/www/wordpress/Makefile:1.101	Sun Jul 25 11:49:00 2021
+++ pkgsrc/www/wordpress/Makefile	Mon Jan 10 20:48:20 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.101 2021/07/25 11:49:00 morr Exp $
+# $NetBSD: Makefile,v 1.102 2022/01/10 20:48:20 morr Exp $
 
 DISTNAME=		wordpress-${VERSION}
-VERSION=		5.8
+VERSION=		5.8.3
 CATEGORIES=		www
 MASTER_SITES=		https://wordpress.org/
 

Index: pkgsrc/www/wordpress/PLIST
diff -u pkgsrc/www/wordpress/PLIST:1.49 pkgsrc/www/wordpress/PLIST:1.50
--- pkgsrc/www/wordpress/PLIST:1.49	Sun Jul 25 11:49:00 2021
+++ pkgsrc/www/wordpress/PLIST	Mon Jan 10 20:48:20 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.49 2021/07/25 11:49:00 morr Exp $
+@comment $NetBSD: PLIST,v 1.50 2022/01/10 20:48:20 morr Exp $
 share/doc/wordpress/license.txt
 share/doc/wordpress/readme.html
 share/examples/wordpress/wordpress.conf
@@ -574,7 +574,7 @@ share/wordpress/wp-content/plugins/akism
 share/wordpress/wp-content/plugins/akismet/LICENSE.txt
 share/wordpress/wp-content/plugins/akismet/_inc/akismet.css
 share/wordpress/wp-content/plugins/akismet/_inc/akismet.js
-share/wordpress/wp-content/plugins/akismet/_inc/form.js
+share/wordpress/wp-content/plugins/akismet/_inc/img/logo-a-2x.png
 share/wordpress/wp-content/plugins/akismet/_inc/img/logo-full-2x.png
 share/wordpress/wp-content/plugins/akismet/akismet.php
 share/wordpress/wp-content/plugins/akismet/changelog.txt

Index: pkgsrc/www/wordpress/distinfo
diff -u pkgsrc/www/wordpress/distinfo:1.85 pkgsrc/www/wordpress/distinfo:1.86
--- pkgsrc/www/wordpress/distinfo:1.85	Tue Oct 26 11:31:14 2021
+++ pkgsrc/www/wordpress/distinfo	Mon Jan 10 20:48:20 2022
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.85 2021/10/26 11:31:14 nia Exp $
+$NetBSD: distinfo,v 1.86 2022/01/10 20:48:20 morr Exp $
 
-BLAKE2s (wordpress-5.8.tar.gz) = 1c8f198b481a45e86ec9af8571e8bea8bc7abaa04d77fc693f5f5fb29ac7d247
-SHA512 (wordpress-5.8.tar.gz) = 6f3c2f2e2d3d3ac57798533d062f12d1d751dc8c2fd30fb6448d60d50d74b416ecc32f1b3c54efd6a3edfcc227f29b14706e8ffadaf7d9710ab345ee47b88629
-Size (wordpress-5.8.tar.gz) = 15073609 bytes
+BLAKE2s (wordpress-5.8.3.tar.gz) = 625bb95bf452587b451e7fac32f2d556d96094727c0a95d3141d0b37d2e6a5e3
+SHA512 (wordpress-5.8.3.tar.gz) = 08ebf959d9ae8ca33bee86fec222fb0266dc10bf6db4ed1ebeb7886a422abd838cbcc4d004002dea2c923c7a0822a1f410881b01f2e234560836b1635d98718b
+Size (wordpress-5.8.3.tar.gz) = 15087521 bytes


--_----------=_1641847700182970--