Thu Dec 30 22:27:45 2010 UTC ()
Critical security update.
ChangeLog:

* Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to
attribute names. Handle padded entities when checking for bad protocols.
Normalize entities before checking for bad protocols in esc_url().


(morr)
diff -r1.13 -r1.14 pkgsrc/www/wordpress/Makefile
diff -r1.9 -r1.10 pkgsrc/www/wordpress/distinfo
cvs diff -r1.13 -r1.14 pkgsrc/www/wordpress/Makefile (switch to unified diff)

--- pkgsrc/www/wordpress/Makefile 2010/12/10 23:34:17 1.13
+++ pkgsrc/www/wordpress/Makefile 2010/12/30 22:27:45 1.14
@@ -1,64 +1,64 @@ @@ -1,64 +1,64 @@
1# $NetBSD: Makefile,v 1.13 2010/12/10 23:34:17 morr Exp $ 1# $NetBSD: Makefile,v 1.14 2010/12/30 22:27:45 morr Exp $
2 2
3DISTNAME= wordpress-${VERSION} 3DISTNAME= wordpress-${VERSION}
4VERSION= 3.0.3 4VERSION= 3.0.4
5CATEGORIES= www 5CATEGORIES= www
6MASTER_SITES= http://wordpress.org/ 6MASTER_SITES= http://wordpress.org/
7 7
8MAINTAINER= morr@NetBSD.org 8MAINTAINER= morr@NetBSD.org
9HOMEPAGE= http://wordpress.org/ 9HOMEPAGE= http://wordpress.org/
10COMMENT= Blogging tool written in php 10COMMENT= Blogging tool written in php
11LICENSE= gnu-gpl-v2 11LICENSE= gnu-gpl-v2
12 12
13PKG_DESTDIR_SUPPORT= user-destdir 13PKG_DESTDIR_SUPPORT= user-destdir
14 14
15USE_TOOLS+= pax 15USE_TOOLS+= pax
16 16
17.include "../../mk/bsd.prefs.mk" 17.include "../../mk/bsd.prefs.mk"
18.include "../../lang/php/phpversion.mk" 18.include "../../lang/php/phpversion.mk"
19.include "options.mk" 19.include "options.mk"
20 20
21NO_BUILD= yes 21NO_BUILD= yes
22WRKSRC= ${WRKDIR}/wordpress 22WRKSRC= ${WRKDIR}/wordpress
23 23
24WWW_USER?= ${APACHE_USER} 24WWW_USER?= ${APACHE_USER}
25WWW_GROUP?= ${APACHE_GROUP} 25WWW_GROUP?= ${APACHE_GROUP}
26 26
27PKG_GROUPS_VARS= WWW_GROUP 27PKG_GROUPS_VARS= WWW_GROUP
28PKG_USERS_VARS= WWW_USER 28PKG_USERS_VARS= WWW_USER
29BUILD_DEFS+= WWW_USER WWW_GROUP APACHE_USER APACHE_GROUP 29BUILD_DEFS+= WWW_USER WWW_GROUP APACHE_USER APACHE_GROUP
30EGDIR= ${PREFIX}/share/examples/wordpress 30EGDIR= ${PREFIX}/share/examples/wordpress
31DOCDIR= ${PREFIX}/share/doc/wordpress 31DOCDIR= ${PREFIX}/share/doc/wordpress
32WPHOME= ${PREFIX}/share/wordpress 32WPHOME= ${PREFIX}/share/wordpress
33FILES_SUBST+= WPHOME=${WPHOME} 33FILES_SUBST+= WPHOME=${WPHOME}
34MESSAGE_SUBST+= DOCDIR=${DOCDIR} 34MESSAGE_SUBST+= DOCDIR=${DOCDIR}
35 35
36CONF_FILES+= ${EGDIR}/wordpress.conf ${PKG_SYSCONFDIR}/wordpress.conf 36CONF_FILES+= ${EGDIR}/wordpress.conf ${PKG_SYSCONFDIR}/wordpress.conf
37CONF_FILES_PERMS+= ${EGDIR}/wp-config-sample.php ${WPHOME}/wp-config.php \ 37CONF_FILES_PERMS+= ${EGDIR}/wp-config-sample.php ${WPHOME}/wp-config.php \
38 ${WWW_USER} ${WWW_GROUP} 0640 38 ${WWW_USER} ${WWW_GROUP} 0640
39OWN_DIRS_PERMS+= ${WPHOME}/wp-content/uploads \ 39OWN_DIRS_PERMS+= ${WPHOME}/wp-content/uploads \
40 ${WWW_USER} ${WWW_GROUP} 0750 40 ${WWW_USER} ${WWW_GROUP} 0750
41 41
42INSTALLATION_DIRS+= ${DOCDIR} ${WPHOME} ${EGDIR} 42INSTALLATION_DIRS+= ${DOCDIR} ${WPHOME} ${EGDIR}
43 43
44DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.3:../../databases/php-mysql 44DEPENDS+= ${PHP_PKG_PREFIX}-mysql>=4.3.3:../../databases/php-mysql
45 45
46do-install: 46do-install:
47 ${INSTALL_DATA} ${WRKSRC}/readme.html ${DESTDIR}${DOCDIR} 47 ${INSTALL_DATA} ${WRKSRC}/readme.html ${DESTDIR}${DOCDIR}
48 ${INSTALL_DATA} ${WRKSRC}/license.txt ${DESTDIR}${DOCDIR} 48 ${INSTALL_DATA} ${WRKSRC}/license.txt ${DESTDIR}${DOCDIR}
49 49
50 ${INSTALL_DATA} ${WRKSRC}/wp-config-sample.php ${DESTDIR}${EGDIR} 50 ${INSTALL_DATA} ${WRKSRC}/wp-config-sample.php ${DESTDIR}${EGDIR}
51 ${INSTALL_DATA} ${FILESDIR}/wordpress.conf ${DESTDIR}${EGDIR} 51 ${INSTALL_DATA} ${FILESDIR}/wordpress.conf ${DESTDIR}${EGDIR}
52 52
53 ${RM} ${WRKSRC}/readme.html 53 ${RM} ${WRKSRC}/readme.html
54 ${RM} ${WRKSRC}/license.txt 54 ${RM} ${WRKSRC}/license.txt
55 ${RM} ${WRKSRC}/wp-config-sample.php 55 ${RM} ${WRKSRC}/wp-config-sample.php
56 56
57 cd ${WRKSRC} && pax -rw -pmp . ${DESTDIR}${WPHOME} 57 cd ${WRKSRC} && pax -rw -pmp . ${DESTDIR}${WPHOME}
58 ${TOUCH} ${DESTDIR}${WPHOME}/wp-content/plugins/index.html 58 ${TOUCH} ${DESTDIR}${WPHOME}/wp-content/plugins/index.html
59 ${FIND} ${DESTDIR}${WPHOME} \ 59 ${FIND} ${DESTDIR}${WPHOME} \
60 -type d -exec ${CHMOD} ${PKGDIRMODE} "{}" \; 60 -type d -exec ${CHMOD} ${PKGDIRMODE} "{}" \;
61 ${FIND} ${DESTDIR}${WPHOME} \ 61 ${FIND} ${DESTDIR}${WPHOME} \
62 -type f -exec ${CHMOD} ${SHAREMODE} "{}" \; 62 -type f -exec ${CHMOD} ${SHAREMODE} "{}" \;
63 63
64.include "../../mk/bsd.pkg.mk" 64.include "../../mk/bsd.pkg.mk"
cvs diff -r1.9 -r1.10 pkgsrc/www/wordpress/distinfo (switch to unified diff)

--- pkgsrc/www/wordpress/distinfo 2010/12/10 23:34:18 1.9
+++ pkgsrc/www/wordpress/distinfo 2010/12/30 22:27:45 1.10
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.9 2010/12/10 23:34:18 morr Exp $ 1$NetBSD: distinfo,v 1.10 2010/12/30 22:27:45 morr Exp $
2 2
3SHA1 (wordpress-3.0.3.tar.gz) = 888c2f32fa18dfd5f02291cd8f33c67c3c9cc367 3SHA1 (wordpress-3.0.4.tar.gz) = b0c0500281078fb26e591231269a3baf04fc58c3
4RMD160 (wordpress-3.0.3.tar.gz) = f8273b8cdafe9265f666abfae6309f9ed4590e0a 4RMD160 (wordpress-3.0.4.tar.gz) = c0418e9622e95ecca4cc7e10c3f2ef7339de1bdf
5Size (wordpress-3.0.3.tar.gz) = 2689163 bytes 5Size (wordpress-3.0.4.tar.gz) = 2699202 bytes