openSUSE Build Service

Arjen de Korte (adkorte) accepted request 854310 from

Arjen de Korte (adkorte) over 3 years ago (revision 88)

- Use system apache rpm macros
- Do not hard-depend on systemd: use systemd_ordering instead of
  systemd_requires

Eric Schirra (ecsos) accepted request 854495 from

Eric Schirra (ecsos) over 3 years ago (revision 87)

- Update to 5.4.4
  * Maintenance updates
    - This maintenance release fixes an issue introduced in 
      WordPress 5.5.2 which makes it impossible to install 
      WordPress on a brand new website that does not have an
      existing database connection configuration. This release does
      not affect sites where a database connection is already
      configured, for example, via one-click installers or an
      existing wp-config.php file.
- Changes from 5.4.3
  * Security updates
    - Props to Alex Concha of the WordPress Security Team for 
      their work in hardening deserialization requests.
    - Props to David Binovec on a fix to disable spam embeds from
      disabled sites on a multisite network.
    - Thanks to Marc Montas from Sucuri for reporting an issue that
      could lead to XSS from global variables.
    - Thanks to Justin Tran who reported an issue surrounding
      privilege escalation in XML-RPC. He also found and disclosed
      an issue around privilege escalation around post commenting
      via XML-RPC.
    - Props to Omar Ganiev who reported a method where a DoS attack
      could lead to RCE.
    - Thanks to Karim El Ouerghemmi from RIPS who disclosed
      a method to store XSS in post slugs.
    - Thanks to Slavco for reporting, and confirmation from Karim
      El Ouerghemmi, a method to bypass protected meta that could
      lead to arbitrary file deletion.
    - And a special thanks to @zieladam who was integral in many of
      the releases and patches during this release.
- Use system apache-rpm-macros.

Eric Schirra (ecsos) accepted request 814581 from

Eric Schirra (ecsos) almost 4 years ago (revision 86)

- Update to 5.4.2
  This security and maintenance release features 23 fixes and 
  enhancements. Plus, it adds a number of security fixes.
  https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
  - Props to Sam Thomas (jazzy2fives) for finding an XSS issue 
    where authenticated users with low privileges are able to add 
    JavaScript to posts in the block editor.
  - Props to Luigi – (gubello.me) for discovering an XSS issue 
    where authenticated users with upload permissions are able to 
    add JavaScript to media files.
  - Props to Ben Bidner of the WordPress Security Team for finding 
    an open redirect issue in wp_validate_redirect().
  - Props to Nrimo Ing Pandum for finding an authenticated XSS 
    issue via theme uploads.
  - Props to Simon Scannell of RIPS Technologies for finding an 
    issue where set-screen-option can be misused by plugins leading
    to privilege escalation.
  - Props to Carolina Nymark for discovering an issue where 
    comments from password-protected posts and pages could be 
    displayed under certain conditions.
- Rebase wordpress-sysconfdir.patch

Eric Schirra (ecsos) accepted request 763531 from

Eric Schirra (ecsos) over 4 years ago (revision 85)

Security update to 5.3.1

Eric Schirra (ecsos) accepted request 750542 from

Peter Trommler (ptrommler) over 4 years ago (revision 84)

- refresh wordpress-sysconfdir.patch
- actually compress wordpress-lang-de_DE.tar.gz
- add compress flag in download script

Eric Schirra (ecsos) accepted request 748432 from

Eric Schirra (ecsos) over 4 years ago (revision 83)

Update to 5.3

Eric Schirra (ecsos) accepted request 729012 from

Eric Schirra (ecsos) over 4 years ago (revision 82)

Update to 5.2.3

Eric Schirra (ecsos) accepted request 716601 from

Eric Schirra (ecsos) almost 5 years ago (revision 81)

- Update to 5.2.2
  This is a Maintenance Release
  https://codex.wordpress.org/Version_5-2-2
- Changes from 5.2.1
  This is a Maintenance Release
  https://codex.wordpress.org/Version_5-2-1
- Changes from 5.2
  This is a Maintenance Release
  https://codex.wordpress.org/Version_5-2
- Update german languages
- Run spec-cleaner

Eric Schirra (ecsos) accepted request 687760 from

Eric Schirra (ecsos) about 5 years ago (revision 80)

- Update to 5.1.1
  This is a Security and Maintenance Release
  https://codex.wordpress.org/Version_5.1.1
  https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/

Eric Schirra (ecsos) accepted request 683751 from

Eric Schirra (ecsos) about 5 years ago (revision 79)

- Update to 5.1
This is a Maintenance Release
https://codex.wordpress.org/Version_5.1
- Fix boo#1126065 (CVE-2019-8943): allows Path Traversal in
wp_crop_image()
See: https://nvd.nist.gov/vuln/detail/CVE-2019-8943
- Update to 5.0.3
This is a Maintenance Release
https://codex.wordpress.org/Version_5.0.3
- 15 block editor relaxed bug fixes and improvements
- 2 block editor related I18N bugs fixed
- Users with JS disabled now see a notice when attempting block
edit
- A few PHP errors in Customizer have been fixed
- Issues uploading common file types (e.g.: CSV) have been fixed
- Update to 5.0.2
This is a Maintenance Release
https://codex.wordpress.org/Version_5.0.2
- Fix using of wp-config.php to use wp-config-.php from
sysconfdir.
- Update to 5.0.1
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_5.0.1
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- Update to 5.0
This is a Privacy and Maintenance Release
https://codex.wordpress.org/Version_5.0
https://wordpress.org/support/wordpress-version/version-5-0/
- Use current german language and remove formal-german, because
translation no longer exist.
- Remove separat themes-collections and plugin package,
because both are to old and most likely incompatible.
- Fix boo#1118065
But now setup-config.php in brwoser does no longer work.
- Update to 4.9.8
The primary focuses of 4.9.8 are:
* Introduce "Try Gutenberg" callout
* Privacy fixes/enhancements
This maintenance release fixes 46 bugs, enhancements and blessed
tasks, including updating the Twenty Seventeen bundled theme.
https://codex.wordpress.org/Version_4.9.8
- update to 4.9.7
This is a Privacy and Maintenance Release
https://codex.wordpress.org/Version_4.9.7
- update to 4.9.6
This privacy and maintenance release includes 37 enhancements,
51 bug fixes, and 2 tasks. See the full list of closed tickets in Trac.
The European Union’s General Data Protection Regulation (GDPR)
related changes include Comments, Privacy Policy Page, and Data Handling.
https://codex.wordpress.org/Version_4.9.6
- update to 4.9.5
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.5
- fix boo#1083322
- update to 4.9.4
This is a Maintenance Release
https://codex.wordpress.org/Version_4.9.4
- update to 4.9.3
This is a Maintenance Release
https://codex.wordpress.org/Version_4.9.3
- update to 4.9.2
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.2
- update to 4.9.1
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.1
- update to 4.9
This is a enhancement and bugfix release
https://codex.wordpress.org/Version_4.9
- update to 4.8.3
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.8.3
- update to 4.8.2
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.8.2

- update to 4.8.1
This is a Maintenance Release and enhancement release
https://codex.wordpress.org/Version_4.8.1

- change spec to use php7 also
- update to 4.8
This is a enhancement and bugfix release
https://codex.wordpress.org/Version_4.8
- update to 4.7.5
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.7.5
- update to 4.7.4
This is a Maintenance Release
https://codex.wordpress.org/Version_4.7.4
- security enhancement: forbid access to php files in upload dir
- change PreReq from useradd and groupadd to shadow
- update to 4.7.3
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.7.3
- update to 4.7.2
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.7.2
- fix boo#1022444 CVE-2017-5610: unauthorized user's bypass
- fix boo#1022445 CVE-2017-5611: SQLi when passing unsafe data
- fix boo#1022446 CVE-2017-5612: A cross-site scripting (XSS) in
posts list table
- update to 4.7.1
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.7.1
- update to 4.7
https://codex.wordpress.org/Version_4.7
- update to 4.6.3
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.6.3
- update to 4.6.1
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.6.1
- update to 4.6
https://codex.wordpress.org/Version_4.6
- create -fpm subpackage, provides a php-fpm config
- chown wp-config on the main package
- trigger the apache service only through the -apache subpkg
- add Recommends: wordpress-apache
- Set variables for apache user/group, root path of wordpress and wp-config.php
- Create apache subpackage, install the apache config there, and require apache
- update to 4.5.3
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.5.3
- update to 4.5.2
This is a critical security and bugfix release.
https://codex.wordpress.org/Version_4.5.2
- update to 4.5.1
https://codex.wordpress.org/Version_4.5.1
- changes from 4.5.0
https://codex.wordpress.org/Version_4.5

- update to 4.4.2
This is a critical security and bugfix release.
http://codex.wordpress.org/Version_4.4.2
- update to 4.4.1
This is a critical security release.
http://codex.wordpress.org/Version_4.4.1
- update to 4.4
http://codex.wordpress.org/Version_4.4
- also update german languages file "DU" and "SIE" to 20151205

- update to 4.3.1
This is a critical security release.
http://codex.wordpress.org/Version_4.3.1
- update to 4.3
http://codex.wordpress.org/Version_4.3
- also update german languages file "DU" to 20150819
- update to 4.2.4
This is a critical security release.
http://codex.wordpress.org/Version_4.2.4
- fix rpmlint warnings
- update to 4.2.3
This is a critical security release.
http://codex.wordpress.org/Version_4.2.3

- update to 4.2.2
This is a critical security release.
http://codex.wordpress.org/Version_4.2.2
- Update README.SuSE to give more details of database setup
- Update spec file to recommend a webserver and php5 module
- update to 4.2.1
This is a critical security release.
http://codex.wordpress.org/Version_4.2.1
- update to 4.2
http://codex.wordpress.org/Version_4.2
- Add "Recommends: php5-curl php5-zlib". They allow themes to be installed, but are not truly "required".
- Update README.SuSE to reflect that
- update to 4.1.1
http://codex.wordpress.org/Version_4.1.1
- update theme pageline to 1.4.6
- update to 4.1
also update german languages files to 2014-12-18
- update to 4.0.1
This is a critical security release.
- update to 4.0
- update to 3.9.2
- update to 3.9.1
- Added wordpress-3.9.0-disable-core-auto-updates.patch to fix
bnc#876406
- syscconfigdir-patch now operate on wp-config-sample.php
and wp-config.php
- change wordpress.conf for Apache 2.2 and Apache 2.4
- update to 3.9
also update german languages files to 20140416
- update to 3.8.2
- fix missing plugins directory in core package
- update to 3.8.1
- update to 3.8
- update to 3.7.1
- update to 3.7
also update german languages files to 20131025
- update to 3.6.1
also update german language files to 01.08.2013
- update to 3.5.2
* Server-Side Request Forgery (SSRF) via the HTTP API. CVE-2013-2199.
* Privilege Escalation: Contributors can publish posts, and users can reassign authorship. CVE-2013-2200.
* Cross-Site Scripting (XSS) in SWFUpload. CVE-2013-2205.
* Denial of Service (DoS) via Post Password Cookies. CVE-2013-2173.
* Content Spoofing via Flash Applet in TinyMCE Media Plugin. CVE-2013-2204.
* Cross-Site Scripting (XSS) when Uploading Media. CVE-2013-2201.
* Full Path Disclosure (FPD) during File Upload. CVE-2013-2203.

* Cross-Site Scripting (XSS) (Low Severity) when Editing Media. CVE-2013-2201.
* Cross-Site Scripting (XSS) (Low Severity) when Installing/Updating Plugins/Themes. CVE-2013-2201.
* XML External Entity Injection (XXE) via oEmbed. CVE-2013-2202.
- update to 3.5.1
Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs.
It is also a security release for all previous WordPress versions.
For a full list of changes, consult the list of tickets and the changelog, which include:
Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
Networks: Suggest proper rewrite rules when creating a new network.
Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:
A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

- update to Release 3.5
New Standard Theme “Twenty Twelve”
Uses the current Theme Features
responsive Design
Improvements of the administration interface uses the current
New welcome screen
HiDPI Admin (for Retina display)
Summary of options
Suppression of the Link Manager (blogroll)
Media improvements
Upload / Insert workflow revised
Full contribution types UI for file attachments
- patch for /etc and FS_METHOD to direct for update over http
and without FTP
- update to 3.4.2
- update to 3.1.4
o wp#17556 PHP Errors on the media page in 3.1.3
o wp#17559 Deprecated query_string doesn't support array arguments
o wp#17855 Allow plus '+' character when sanitizing mime type
o wp#17910 User Profile JS cleanup
- update to 3.1.3
o wp#17264 Duplicate posts returned if multiple meta_values match
and no meta_key is set
o wp#17327 Plugins page pagination links disabled for Must-use
plugins / Incorrect path displayed in must-use help text
- some rpmlint fixes
o wrong-script-end-of-line-encoding (wp-content/themes/layers/*)
o script-without-shebang (replace to all files)
- added themes (http://wordpress.org/extend/themes/)
o autumn-leaves.1.0
o chip-life.1.3.4
o grunge-wall.3.6
o layers.1.1.1
o orange-coffee.1.1
o portfolio-press.0.7.3
o softgreen.1.2
o strawberry-blend.1.2
o tropicala.1.5
o wp-bats-theme.1.2
- added themes (http://wordpress.org/extend/themes/)
o blackneon.1.0.2
o decoder.0.9.1
o elements-of-seo.1.2
o flexi-blue.1.0.0
o piano-black.2.2
o phantom.1.1
o sliding-door.2.6.1
o tomorrow.1.09
o varg.1.3.1
o yoko.1.0.3
- fix deps/build
o SLE_10, Fedora (no fdupes)
o Fedora (no apache2 but httpd)
o Fedora (fix "apxs" defines)
o add @AP_SROOT@ to wordpress.httpd
- add rpmlintrc
- initial pkg 3.1.2

Eric Schirra (ecsos) accepted request 678957 from

Eric Schirra (ecsos) over 5 years ago (revision 78)

- Update to 5.1
  This is a Maintenance Release
  https://codex.wordpress.org/Version_5.1
- Don't know if CVE-2019-8943 is fixed, because it is plenty years
  old and no entry found at wordpress itself.
  See: https://www.securityfocus.com/bid/107089

Eric Schirra (ecsos) committed over 5 years ago (revision 77)

Eric Schirra (ecsos) accepted request 664545 from

Sean Lewis (seanlew) over 5 years ago (revision 76)

Update wordpress

Eric Schirra (ecsos) accepted request 660868 from

Eric Schirra (ecsos) over 5 years ago (revision 75)

- Update to 5.0.2
  This is a Maintenance Release
  https://codex.wordpress.org/Version_5.0.2
- Fix using of wp-config.php to use wp-config-.php from
  sysconfdir.

Eric Schirra (ecsos) accepted request 657829 from

Eric Schirra (ecsos) over 5 years ago (revision 74)

- Update to 5.0.1
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_5.0.1
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- Update to 5.0
This is a Privacy and Maintenance Release
https://codex.wordpress.org/Version_5.0
https://wordpress.org/support/wordpress-version/version-5-0/
- Use current german language and remove formal-german, because
translation no longer exist.
- Remove separat themes-collections and plugin package,
because both are to old and most likely incompatible.
- Fix boo#1118065
But now setup-config.php in brwoser does no longer work.
- Update to 4.9.8
The primary focuses of 4.9.8 are:
* Introduce "Try Gutenberg" callout
* Privacy fixes/enhancements
This maintenance release fixes 46 bugs, enhancements and blessed
tasks, including updating the Twenty Seventeen bundled theme.
https://codex.wordpress.org/Version_4.9.8
- update to 4.9.7
This is a Privacy and Maintenance Release
https://codex.wordpress.org/Version_4.9.7
- update to 4.9.6
This privacy and maintenance release includes 37 enhancements,
51 bug fixes, and 2 tasks. See the full list of closed tickets in Trac.
The European Union’s General Data Protection Regulation (GDPR)
related changes include Comments, Privacy Policy Page, and Data Handling.
https://codex.wordpress.org/Version_4.9.6
- update to 4.9.5
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.5
- fix boo#1083322
- update to 4.9.4
This is a Maintenance Release
https://codex.wordpress.org/Version_4.9.4
- update to 4.9.3
This is a Maintenance Release
https://codex.wordpress.org/Version_4.9.3
- update to 4.9.2
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.2
- update to 4.9.1
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.9.1
- update to 4.9
This is a enhancement and bugfix release
https://codex.wordpress.org/Version_4.9
- update to 4.8.3
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.8.3
- update to 4.8.2
This is a Security and Maintenance Release
https://codex.wordpress.org/Version_4.8.2