Thu Sep 29 18:02:09 2016 UTC ()
Security update to version 4.6.1.

WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.

WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:

Bootstrap/Load

#37680 – PHP Warning: ini_get_all() has been disabled for security reasons

- Database
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update

- Editor
#37690 – Backspace causes jumping

- Email
#37736 – Emails fail on certain server setups

- External Libraries
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)

- HTTP API
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument

- Post Thumbnails
#37697 – Strange behavior with thumbnails on preview in 4.6

- Script Loader
#37800 – Close “link rel” dns-prefetch tag

- Taxonomy
#37721 – Improve error handling of is_object_in_term in taxonomy.php

- Themes
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

- TinyMCE
#37760 – Problem with RTL

- Upgrade/Install
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install


(morr)
diff -r1.59 -r1.60 pkgsrc/www/wordpress/Makefile
diff -r1.30 -r1.31 pkgsrc/www/wordpress/PLIST
diff -r1.49 -r1.50 pkgsrc/www/wordpress/distinfo
cvs diff -r1.59 -r1.60 pkgsrc/www/wordpress/Makefile (expand / switch to unified diff)

--- pkgsrc/www/wordpress/Makefile 2016/08/22 18:12:25 1.59
+++ pkgsrc/www/wordpress/Makefile 2016/09/29 18:02:09 1.60
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.59 2016/08/22 18:12:25 morr Exp $ 1# $NetBSD: Makefile,v 1.60 2016/09/29 18:02:09 morr Exp $
2 2
3DISTNAME= wordpress-${VERSION} 3DISTNAME= wordpress-${VERSION}
4VERSION= 4.6 4VERSION= 4.6.1
5PKGREVISION= 1 
6CATEGORIES= www 5CATEGORIES= www
7MASTER_SITES= http://wordpress.org/ 6MASTER_SITES= http://wordpress.org/
8 7
9MAINTAINER= morr@NetBSD.org 8MAINTAINER= morr@NetBSD.org
10HOMEPAGE= http://wordpress.org/ 9HOMEPAGE= http://wordpress.org/
11COMMENT= Blogging tool written in php 10COMMENT= Blogging tool written in php
12LICENSE= gnu-gpl-v2 11LICENSE= gnu-gpl-v2
13 12
14USE_TOOLS+= pax 13USE_TOOLS+= pax
15 14
16.include "../../mk/bsd.prefs.mk" 15.include "../../mk/bsd.prefs.mk"
17.include "../../lang/php/phpversion.mk" 16.include "../../lang/php/phpversion.mk"
18.include "options.mk" 17.include "options.mk"
cvs diff -r1.30 -r1.31 pkgsrc/www/wordpress/PLIST (expand / switch to unified diff)

--- pkgsrc/www/wordpress/PLIST 2016/08/22 18:11:04 1.30
+++ pkgsrc/www/wordpress/PLIST 2016/09/29 18:02:09 1.31
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.30 2016/08/22 18:11:04 morr Exp $ 1@comment $NetBSD: PLIST,v 1.31 2016/09/29 18:02:09 morr Exp $
2share/doc/wordpress/license.txt 2share/doc/wordpress/license.txt
3share/doc/wordpress/readme.html 3share/doc/wordpress/readme.html
4share/examples/wordpress/wordpress.conf 4share/examples/wordpress/wordpress.conf
5share/wordpress/index.php 5share/wordpress/index.php
6share/wordpress/wp-activate.php 6share/wordpress/wp-activate.php
7share/wordpress/wp-admin/about.php 7share/wordpress/wp-admin/about.php
8share/wordpress/wp-admin/admin-ajax.php 8share/wordpress/wp-admin/admin-ajax.php
9share/wordpress/wp-admin/admin-footer.php 9share/wordpress/wp-admin/admin-footer.php
10share/wordpress/wp-admin/admin-functions.php 10share/wordpress/wp-admin/admin-functions.php
11share/wordpress/wp-admin/admin-header.php 11share/wordpress/wp-admin/admin-header.php
12share/wordpress/wp-admin/admin-post.php 12share/wordpress/wp-admin/admin-post.php
13share/wordpress/wp-admin/admin.php 13share/wordpress/wp-admin/admin.php
14share/wordpress/wp-admin/async-upload.php 14share/wordpress/wp-admin/async-upload.php
@@ -511,26 +511,27 @@ share/wordpress/wp-admin/users.php @@ -511,26 +511,27 @@ share/wordpress/wp-admin/users.php
511share/wordpress/wp-admin/widgets.php 511share/wordpress/wp-admin/widgets.php
512share/wordpress/wp-blog-header.php 512share/wordpress/wp-blog-header.php
513share/wordpress/wp-comments-post.php 513share/wordpress/wp-comments-post.php
514share/wordpress/wp-config-sample.php 514share/wordpress/wp-config-sample.php
515share/wordpress/wp-content/index.php 515share/wordpress/wp-content/index.php
516share/wordpress/wp-content/plugins/akismet/.htaccess 516share/wordpress/wp-content/plugins/akismet/.htaccess
517share/wordpress/wp-content/plugins/akismet/LICENSE.txt 517share/wordpress/wp-content/plugins/akismet/LICENSE.txt
518share/wordpress/wp-content/plugins/akismet/_inc/akismet.css 518share/wordpress/wp-content/plugins/akismet/_inc/akismet.css
519share/wordpress/wp-content/plugins/akismet/_inc/akismet.js 519share/wordpress/wp-content/plugins/akismet/_inc/akismet.js
520share/wordpress/wp-content/plugins/akismet/_inc/form.js 520share/wordpress/wp-content/plugins/akismet/_inc/form.js
521share/wordpress/wp-content/plugins/akismet/_inc/img/logo-full-2x.png 521share/wordpress/wp-content/plugins/akismet/_inc/img/logo-full-2x.png
522share/wordpress/wp-content/plugins/akismet/akismet.php 522share/wordpress/wp-content/plugins/akismet/akismet.php
523share/wordpress/wp-content/plugins/akismet/class.akismet-admin.php 523share/wordpress/wp-content/plugins/akismet/class.akismet-admin.php
 524share/wordpress/wp-content/plugins/akismet/class.akismet-cli.php
524share/wordpress/wp-content/plugins/akismet/class.akismet-widget.php 525share/wordpress/wp-content/plugins/akismet/class.akismet-widget.php
525share/wordpress/wp-content/plugins/akismet/class.akismet.php 526share/wordpress/wp-content/plugins/akismet/class.akismet.php
526share/wordpress/wp-content/plugins/akismet/index.php 527share/wordpress/wp-content/plugins/akismet/index.php
527share/wordpress/wp-content/plugins/akismet/readme.txt 528share/wordpress/wp-content/plugins/akismet/readme.txt
528share/wordpress/wp-content/plugins/akismet/views/config.php 529share/wordpress/wp-content/plugins/akismet/views/config.php
529share/wordpress/wp-content/plugins/akismet/views/get.php 530share/wordpress/wp-content/plugins/akismet/views/get.php
530share/wordpress/wp-content/plugins/akismet/views/notice.php 531share/wordpress/wp-content/plugins/akismet/views/notice.php
531share/wordpress/wp-content/plugins/akismet/views/start.php 532share/wordpress/wp-content/plugins/akismet/views/start.php
532share/wordpress/wp-content/plugins/akismet/views/stats.php 533share/wordpress/wp-content/plugins/akismet/views/stats.php
533share/wordpress/wp-content/plugins/akismet/views/strict.php 534share/wordpress/wp-content/plugins/akismet/views/strict.php
534share/wordpress/wp-content/plugins/akismet/wrapper.php 535share/wordpress/wp-content/plugins/akismet/wrapper.php
535share/wordpress/wp-content/plugins/hello.php 536share/wordpress/wp-content/plugins/hello.php
536share/wordpress/wp-content/plugins/index.html 537share/wordpress/wp-content/plugins/index.html
cvs diff -r1.49 -r1.50 pkgsrc/www/wordpress/distinfo (expand / switch to unified diff)

--- pkgsrc/www/wordpress/distinfo 2016/08/21 20:04:57 1.49
+++ pkgsrc/www/wordpress/distinfo 2016/09/29 18:02:09 1.50
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.49 2016/08/21 20:04:57 jklos Exp $ 1$NetBSD: distinfo,v 1.50 2016/09/29 18:02:09 morr Exp $
2 2
3SHA1 (wordpress-4.6.tar.gz) = 830962689f350e43cd1a069f3a4f68a44c0339c8 3SHA1 (wordpress-4.6.1.tar.gz) = 027e065d30a64720624a7404a1820e6c6fff1202
4RMD160 (wordpress-4.6.tar.gz) = 8b8c2ea20d1683294c99d5765072a9c94f17eac5 4RMD160 (wordpress-4.6.1.tar.gz) = fb28f4e3a357ce346fe6cbeecf2b56a227716699
5SHA512 (wordpress-4.6.tar.gz) = b07a3ee677b68337342ef9e42aa03a4602acd6b1c53df5f6d517db740ea62344eed03a2a8d1931953de2a99e405b688d2e49bbb654e6ccb3568ff8d8caf30038 5SHA512 (wordpress-4.6.1.tar.gz) = 303c8fe8ec877baf7380677dc22505062613dfc33c03f8858f7c6b9ce7a5825ba00a13395730fa554da9d2b3ccab8c3441e40fbc29fee45f7da44f46aa400981
6Size (wordpress-4.6.tar.gz) = 7961192 bytes 6Size (wordpress-4.6.1.tar.gz) = 7961036 bytes