[arch-commits] Commit in wordpress/trunk (PKGBUILD password_reset_exploit.patch)
Date: Sunday, April 5, 2020 @ 15:38:36 Author: arodseth Revision: 611862 upgpkg: wordpress 5.4-1 Modified: wordpress/trunk/PKGBUILD Deleted: wordpress/trunk/password_reset_exploit.patch --+ PKGBUILD | 13 +++-- password_reset_exploit.patch | 31 --- 2 files changed, 3 insertions(+), 41 deletions(-) Modified: PKGBUILD === --- PKGBUILD2020-04-05 15:38:28 UTC (rev 611861) +++ PKGBUILD2020-04-05 15:38:36 UTC (rev 611862) @@ -5,7 +5,7 @@ # Contributor: Christopher Rogers pkgname=wordpress -pkgver=5.3.2 +pkgver=5.4 pkgrel=1 pkgdesc='Blog tool and publishing platform' arch=(any) @@ -17,16 +17,9 @@ 'mariadb: Database server') options=(emptydirs) install=$pkgname.install -source=("https://wordpress.org/$pkgname-$pkgver.tar.gz; -password_reset_exploit.patch) -sha256sums=('e186687e82a154da187dce888c016284e2afe9eb3088e3f365db811e06910167' -'84c716953fb1aad583bfe62c2aba88173b760c60a90f6752228d4ba966e647b9') +source=("https://wordpress.org/$pkgname-$pkgver.tar.gz;) +sha256sums=('39c326170d0e18ea6daac4d3082574d2ae66cbdbc0a0b34b3e286693f27af283') -prepare() { - cd $pkgname - patch -p1 -i "$srcdir/password_reset_exploit.patch" -} - package() { install -d "$pkgdir/usr/share/webapps" cp -r $pkgname "$pkgdir/usr/share/webapps" Deleted: password_reset_exploit.patch === --- password_reset_exploit.patch2020-04-05 15:38:28 UTC (rev 611861) +++ password_reset_exploit.patch2020-04-05 15:38:36 UTC (rev 611862) @@ -1,31 +0,0 @@ a/wp-includes/pluggable.php2017-05-07 15:19:40.838218673 +0200 -+++ b/wp-includes/pluggable.php2017-05-07 15:25:35.661548515 +0200 -@@ -328,14 +328,20 @@ -* https://core.trac.wordpress.org/ticket/5007. -*/ - -- if ( ! isset( $from_email ) ) { -- // Get the site domain and get rid of www. -- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); -- if ( substr( $sitename, 0, 4 ) == 'www.' ) { -- $sitename = substr( $sitename, 4 ); -- } -- -- $from_email = 'wordpress@' . $sitename; -+ // Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092 -+ if ( !isset( $from_email ) ) { -+ // Get the site domain and get rid of www. -+ $sitename = strtolower( WP_HOME ); -+ if ( substr( $sitename, 0, 7 ) == 'http://' ) { -+ $sitename = substr( $sitename, 7 ); -+ } -+ if ( substr( $sitename, 0, 8 ) == 'https://' ) { -+ $sitename = substr( $sitename, 8 ); -+ } -+ if ( substr( $sitename, 0, 4 ) == 'www.' ) { -+ $sitename = substr( $sitename, 4 ); -+ } -+ $from_email = 'wordpress@' . $sitename; - } - - /**
[arch-commits] Commit in wordpress/trunk (PKGBUILD password_reset_exploit.patch)
Date: Friday, February 22, 2019 @ 15:51:17 Author: arodseth Revision: 435215 upgpkg: wordpress 5.1-1 Modified: wordpress/trunk/PKGBUILD wordpress/trunk/password_reset_exploit.patch --+ PKGBUILD | 25 - password_reset_exploit.patch | 58 +++-- 2 files changed, 40 insertions(+), 43 deletions(-) Modified: PKGBUILD === --- PKGBUILD2019-02-22 15:51:07 UTC (rev 435214) +++ PKGBUILD2019-02-22 15:51:17 UTC (rev 435215) @@ -5,33 +5,32 @@ # Contributor: Christopher Rogers pkgname=wordpress -pkgver=5.0.3 +pkgver=5.1 pkgrel=1 pkgdesc='Blog tool and publishing platform' -arch=('any') +arch=(any) url='https://wordpress.org/' -license=('GPL') -depends=('php') +license=(GPL) +depends=(php) optdepends=('nginx: Web server for serving WordPress' 'apache: Web server for serving WordPress' 'mariadb: Database server') -options=('emptydirs') -install="$pkgname.install" +options=(emptydirs) +install=$pkgname.install source=("https://wordpress.org/$pkgname-$pkgver.tar.gz; -'password_reset_exploit.patch') -sha256sums=('9aa4d1bc9acc39279f15e914415be87af01a886287b1b92b3a80426a4edbd78a' -'e73886f5cd0dd79a1ddc64113b181df0d32cefc975a09796994e885d75361726') +password_reset_exploit.patch) +sha256sums=('debd29c267021e34f59c31b210dd82e9c476fa9f1abdc62b5fdd1d50078fed4a' +'84c716953fb1aad583bfe62c2aba88173b760c60a90f6752228d4ba966e647b9') prepare() { - cd "$pkgname" - + cd $pkgname patch -p1 -i "$srcdir/password_reset_exploit.patch" } package() { install -d "$pkgdir/usr/share/webapps" - cp -r "$pkgname" "$pkgdir/usr/share/webapps" + cp -r $pkgname "$pkgdir/usr/share/webapps" } -# getver: wordpress.org/download/ +# getver: core.trac.wordpress.org/timeline?milestone=on # vim: ts=2 sw=2 et: Modified: password_reset_exploit.patch === --- password_reset_exploit.patch2019-02-22 15:51:07 UTC (rev 435214) +++ password_reset_exploit.patch2019-02-22 15:51:17 UTC (rev 435215) @@ -1,33 +1,31 @@ --- a/wp-includes/pluggable.php2017-05-07 15:19:40.838218673 +0200 +++ b/wp-includes/pluggable.php2017-05-07 15:25:35.661548515 +0200 -@@ -321,15 +321,21 @@ -* https://core.trac.wordpress.org/ticket/5007. -*/ - -- if ( !isset( $from_email ) ) { -- // Get the site domain and get rid of www. -- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); -- if ( substr( $sitename, 0, 4 ) == 'www.' ) { -- $sitename = substr( $sitename, 4 ); -- } +@@ -328,14 +328,20 @@ +* https://core.trac.wordpress.org/ticket/5007. +*/ + +- if ( ! isset( $from_email ) ) { +- // Get the site domain and get rid of www. +- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); +- if ( substr( $sitename, 0, 4 ) == 'www.' ) { +- $sitename = substr( $sitename, 4 ); +- } - -- $from_email = 'wordpress@' . $sitename; -- } -+// Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092 -+if ( !isset( $from_email ) ) { -+// Get the site domain and get rid of www. -+$sitename = strtolower( WP_HOME ); -+if ( substr( $sitename, 0, 7 ) == 'http://' ) { -+$sitename = substr( $sitename, 7 ); -+} -+if ( substr( $sitename, 0, 8 ) == 'https://' ) { -+$sitename = substr( $sitename, 8 ); -+} -+if ( substr( $sitename, 0, 4 ) == 'www.' ) { -+$sitename = substr( $sitename, 4 ); -+} -+$from_email = 'wordpress@' . $sitename; -+} - - /** -* Filters the email address to send from. +- $from_email = 'wordpress@' . $sitename; ++ // Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092 ++ if ( !isset( $from_email ) ) { ++ // Get the site domain and get rid of www. ++ $sitename = strtolower( WP_HOME ); ++ if ( substr( $sitename, 0, 7 ) == 'http://' ) { ++ $sitename = substr( $sitename, 7 ); ++ } ++ if ( substr( $sitename, 0, 8 ) == 'https://' ) { ++ $sitename = substr( $sitename, 8 ); ++ } ++ if ( substr( $sitename, 0, 4 ) == 'www.' ) { ++ $sitename = substr( $sitename, 4 ); ++ } ++
[arch-commits] Commit in wordpress/trunk (PKGBUILD password_reset_exploit.patch)
Date: Sunday, May 7, 2017 @ 13:45:33 Author: arodseth Revision: 227255 upgpkg: wordpress 4.7.4-2 Added: wordpress/trunk/password_reset_exploit.patch Modified: wordpress/trunk/PKGBUILD --+ PKGBUILD | 14 ++ password_reset_exploit.patch | 33 + 2 files changed, 43 insertions(+), 4 deletions(-) Modified: PKGBUILD === --- PKGBUILD2017-05-07 12:23:54 UTC (rev 227254) +++ PKGBUILD2017-05-07 13:45:33 UTC (rev 227255) @@ -7,7 +7,7 @@ pkgname=wordpress pkgver=4.7.4 -pkgrel=1 +pkgrel=2 pkgdesc='Blog tool and publishing platform' arch=('any') url='https://wordpress.org/' @@ -19,12 +19,18 @@ 'mysql: Database server') options=('emptydirs') install="$pkgname.install" -source=("https://wordpress.org/$pkgname-$pkgver.tar.gz;) -sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd') +source=("https://wordpress.org/$pkgname-$pkgver.tar.gz; 'password_reset_exploit.patch') +sha256sums=('c11ce7580f21dfbca70dd6f817d3376385be6d34cf4d86f233eae3acb5fd87fd' +'68244b5bd534b21c88dc25074bf1fbc7a26d601cee69d78a467b1287f9eb2eed') +prepare() { + cd "$pkgname" + patch -p1 -i "$srcdir/password_reset_exploit.patch" +} + package() { install -d "$pkgdir/usr/share/webapps" - cp -r wordpress "$pkgdir/usr/share/webapps" + cp -r "$pkgname" "$pkgdir/usr/share/webapps" } # vim:set ts=2 sw=2 et: Added: password_reset_exploit.patch === --- password_reset_exploit.patch(rev 0) +++ password_reset_exploit.patch2017-05-07 13:45:33 UTC (rev 227255) @@ -0,0 +1,33 @@ +--- a/wp-includes/pluggable.php2017-05-07 15:19:40.838218673 +0200 b/wp-includes/pluggable.php2017-05-07 15:25:35.661548515 +0200 +@@ -321,15 +321,21 @@ +* https://core.trac.wordpress.org/ticket/5007. +*/ + +- if ( !isset( $from_email ) ) { +- // Get the site domain and get rid of www. +- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); +- if ( substr( $sitename, 0, 4 ) == 'www.' ) { +- $sitename = substr( $sitename, 4 ); +- } +- +- $from_email = 'wordpress@' . $sitename; +- } ++// Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092 ++if ( !isset( $from_email ) ) { ++// Get the site domain and get rid of www. ++$sitename = strtolower( WP_HOME ); ++if ( substr( $sitename, 0, 7 ) == 'http://' ) { ++$sitename = substr( $sitename, 7 ); ++} ++if ( substr( $sitename, 0, 8 ) == 'https://' ) { ++$sitename = substr( $sitename, 8 ); ++} ++if ( substr( $sitename, 0, 4 ) == 'www.' ) { ++$sitename = substr( $sitename, 4 ); ++} ++$from_email = 'wordpress@' . $sitename; ++} + + /** +* Filters the email address to send from.