From 7a25e2926d52f7989461eefdac65512440351821 Mon Sep 17 00:00:00 2001 From: Steve Dibb Date: Thu, 4 Jan 2007 20:16:57 +0000 Subject: [PATCH] Security fix, bug 159229 Package-Manager: portage-2.1.1-r2 --- www-apps/wordpress/ChangeLog | 11 ++- .../wordpress/files/digest-wordpress-2.0.5-r1 | 3 + .../files/wordpress-2.0.5-templates-sec.diff | 17 ++++ www-apps/wordpress/wordpress-2.0.5-r1.ebuild | 98 +++++++++++++++++++ 4 files changed, 127 insertions(+), 2 deletions(-) create mode 100644 www-apps/wordpress/files/digest-wordpress-2.0.5-r1 create mode 100644 www-apps/wordpress/files/wordpress-2.0.5-templates-sec.diff create mode 100644 www-apps/wordpress/wordpress-2.0.5-r1.ebuild diff --git a/www-apps/wordpress/ChangeLog b/www-apps/wordpress/ChangeLog index 193c456e91ee..749d2799ef27 100644 --- a/www-apps/wordpress/ChangeLog +++ b/www-apps/wordpress/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apps/wordpress -# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/wordpress/ChangeLog,v 1.66 2006/11/23 21:50:54 vivo Exp $ +# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/www-apps/wordpress/ChangeLog,v 1.67 2007/01/04 20:16:57 beandog Exp $ + +*wordpress-2.0.5-r1 (04 Jan 2007) + + 04 Jan 2007; Steve Dibb + +files/wordpress-2.0.5-templates-sec.diff, -wordpress-2.0.5.ebuild, + +wordpress-2.0.5-r1.ebuild: + Security fix, bug 159229 23 Nov 2006; vivo ChangeLog: dev-db/mysql => virtual/mysql corrections diff --git a/www-apps/wordpress/files/digest-wordpress-2.0.5-r1 b/www-apps/wordpress/files/digest-wordpress-2.0.5-r1 new file mode 100644 index 000000000000..a64b1f4054c8 --- /dev/null +++ b/www-apps/wordpress/files/digest-wordpress-2.0.5-r1 @@ -0,0 +1,3 @@ +MD5 f16ffc47e22ba3540a1e4f32354fae0e wordpress-2.0.5.tar.gz 517574 +RMD160 dcf6d225c25d74a659717b682827d32ddbfdf939 wordpress-2.0.5.tar.gz 517574 +SHA256 e4bb49dabc68e10e973a23ea86dd5748594f226ddb9298bab823e7dcc3c859cf wordpress-2.0.5.tar.gz 517574 diff --git a/www-apps/wordpress/files/wordpress-2.0.5-templates-sec.diff b/www-apps/wordpress/files/wordpress-2.0.5-templates-sec.diff new file mode 100644 index 000000000000..fc299a363998 --- /dev/null +++ b/www-apps/wordpress/files/wordpress-2.0.5-templates-sec.diff @@ -0,0 +1,17 @@ +--- wp-admin/templates.php.orig 2006-12-30 13:02:01.000000000 -0700 ++++ wp-admin/templates.php 2006-12-30 13:02:26.000000000 -0700 +@@ -108,13 +108,13 @@ + if ( $recents ) : + ?> +

+ '; + foreach ($recents as $recent) : +- echo "
  • " . get_file_description(basename($recent)) . "
    • "; ++ echo "
  • " . wp_specialchars(get_file_description(basename($recent))) . "
    • "; + endforeach; + echo ''; + endif; + ?> +

    + .tar.gz +SRC_URI=mirror://gentoo/${P}.tar.gz +LICENSE="GPL-2" +KEYWORDS="amd64 hppa ppc sparc x86" +IUSE="" +RDEPEND="virtual/httpd-php + virtual/mysql" +WEBAPP_MANUAL_SLOT="yes" +SLOT="2.0.5" + +DEPEND="${DEPEND} ${RDEPEND}" + +S="${WORKDIR}/${PN}" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/wordpress-2.0.5-templates-sec.diff +} + +src_install() { + local docs="license.txt readme.html" + + webapp_src_preinst + + einfo "Installing main files" + cp wp-config-sample.php wp-config.php + cp -r * ${D}${MY_HTDOCSDIR} + einfo "Done" + + ewarn + ewarn Please make sure you have register_globals = off set in your /etc/apache2/php.ini file + ewarn If this is not an option for your web server and you NEED it set to on, then insert the following in your WordPress .htaccess file: + ewarn php_flag register_globals off + ewarn + + ewarn + ewarn You will need to create a table for your WordPress database. This + ewarn assumes you have some knowledge of MySQL, and already have it + ewarn installed and configured. If not, please refer to + ewarn the Gentoo MySQL guide at the following URL: + ewarn http://www.gentoo.org/doc/en/mysql-howto.xml + ewarn Log in to MySQL, and create a new database called + ewarn "wordpress". From this point, you will need to edit + ewarn your wp-config.php file in $DocumentRoot/wordpress/ + ewarn and point to your database. Once this is done, you can log in to + ewarn WordPress at http://localhost/wordpress + ewarn + + ewarn + ewarn If you are upgrading from a previous version BACK UP your + ewarn database. Once you are done with that, browse to + ewarn http://localhost/wordpress/wp-admin/upgrade.php and follow + ewarn the instructions on the screen. + ewarn + + # handle documentation files + # + # NOTE that doc files go into /usr/share/doc as normal; they do NOT + # get installed per vhost! + + dodoc ${docs} + for doc in ${docs} INSTALL; do + rm -f ${doc} + done + + # Identify the configuration files that this app uses + # User can want to make changes to these! + webapp_serverowned ${MY_HTDOCSDIR}/index.php + #webapp_serverowned ${MY_HTDOCSDIR}/wp-layout.css + webapp_serverowned ${MY_HTDOCSDIR}/wp-admin/menu.php + webapp_serverowned ${MY_HTDOCSDIR} + webapp_configfile ${MY_HTDOCSDIR}/wp-config.php + # Identify any script files that need #! headers adding to run under + # a CGI script (such as PHP/CGI) + # + # for wordpress, we *assume* that all .php files need to have CGI/BIN + # support added + + # post-install instructions + #webapp_postinst_txt en ${FILESDIR}/1.2/postinstall-en.txt + + # now strut stuff + webapp_src_install + +} -- 2.26.2