Sun Apr 13 14:10:59 2014 UTC ()

Update to newest version of Wordpress, containing security fixes.

It contains 9 bugfixes and 5 security fixes:

* Potential authentication cookie forgery. CVE-2014-0166.
* Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
* (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
* (Hardening) Fix a low-impact SQL injection by trusted users.
* (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.


(morr)

diff -r1.38 -r1.39 pkgsrc/www/wordpress/Makefile
diff -r1.30 -r1.31 pkgsrc/www/wordpress/distinfo

--- pkgsrc/www/wordpress/Makefile 2014/02/12 19:43:56 1.38
+++ pkgsrc/www/wordpress/Makefile 2014/04/13 14:10:59 1.39

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.38 2014/02/12 19:43:56 morr Exp $
+# $NetBSD: Makefile,v 1.39 2014/04/13 14:10:59 morr Exp $
 DISTNAME=		wordpress-${VERSION}
-VERSION=		3.8.1
+VERSION=		3.8.2
 CATEGORIES=		www
 MASTER_SITES=		http://wordpress.org/
 MAINTAINER=		morr@NetBSD.org
 HOMEPAGE=		http://wordpress.org/
 COMMENT=		Blogging tool written in php
 LICENSE=		gnu-gpl-v2
 USE_TOOLS+=		pax
 .include "../../mk/bsd.prefs.mk"
 .include "../../lang/php/phpversion.mk"
 .include "options.mk"

--- pkgsrc/www/wordpress/distinfo 2014/02/12 19:43:56 1.30
+++ pkgsrc/www/wordpress/distinfo 2014/04/13 14:10:59 1.31

 @@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.30 2014/02/12 19:43:56 morr Exp $
+$NetBSD: distinfo,v 1.31 2014/04/13 14:10:59 morr Exp $
-SHA1 (wordpress-3.8.1.tar.gz) = 904487e0d70a2d2b6a018aaf99e21608d8f2db88
+SHA1 (wordpress-3.8.2.tar.gz) = bc4314abb6d4cb13b284b8ada0d6f69420557bec
-RMD160 (wordpress-3.8.1.tar.gz) = 1f0bfb155d51d773f209973b701f5ca319f28b66
+RMD160 (wordpress-3.8.2.tar.gz) = 4f9a5f26e081f101fbc1a6fe80015f75f92d36b7
-Size (wordpress-3.8.1.tar.gz) = 5869727 bytes
+Size (wordpress-3.8.2.tar.gz) = 5870266 bytes