Version bump, fixes security bug #88926.

Package-Manager: portage-2.0.51.19

5 files changed, 101 insertions, 7 deletions

diff --git a/www-apps/wordpress/ChangeLog b/www-apps/wordpress/ChangeLog
index c54c6c5d3ffb..77bfaac2d13f 100644
--- a/www-apps/wordpress/ChangeLog
+++ b/www-apps/wordpress/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-apps/wordpress
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/wordpress/ChangeLog,v 1.10 2005/03/02 11:36:59 ka0ttic Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/wordpress/ChangeLog,v 1.11 2005/04/20 17:55:58 beu Exp $
+
+*wordpress-1.5 (20 Apr 2005)
+
+  20 Apr 2005; Elfyn McBratney <beu@gentoo.org> +files/dummy-templates.php,
+  +wordpress-1.5.ebuild:
+  Version bump, fixes security bug #88926.  Stable on x86.
 
   02 Mar 2005; Aaron Walker <ka0ttic@gentoo.org>
   -files/wordpress-1.0.2.gentoo.diff, -files/1.2/login-patch.diff,
diff --git a/www-apps/wordpress/Manifest b/www-apps/wordpress/Manifest
index 4ac90e3240b1..5f21ddd1b93b 100644
--- a/www-apps/wordpress/Manifest
+++ b/www-apps/wordpress/Manifest
@@ -1,14 +1,17 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 0ac25997252ba5fa240be54c00823002 wordpress-1.2.2.ebuild 2093
-MD5 7fe8d91aa71903b7e5f7a54b0b3ae4e9 ChangeLog 3504
 MD5 4defd726d2b03decc5b7ff21b0aac1a3 metadata.xml 225
+MD5 9b5406e7db060f26624508ef85fd155a ChangeLog 3691
+MD5 0ac25997252ba5fa240be54c00823002 wordpress-1.2.2.ebuild 2093
+MD5 faf5db948f0dddd6d2b7593159108dd4 wordpress-1.5.ebuild 2147
+MD5 f816ff62dcd7cadf0fae9384ab9618e5 files/dummy-templates.php 269
 MD5 623542b78674abcdc33bb18a783739c8 files/digest-wordpress-1.2.2 64
+MD5 6befd2f0d4bc6d48d2ff1e81df578d4f files/digest-wordpress-1.5 62
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
+Version: GnuPG v1.4.1 (GNU/Linux)
 
-iD8DBQFCJaVnEZCkKN40op4RAl5RAJ4tB2ZMRbPZOK5Xu21kPg6Z30PYXQCeMV6u
-EGMuUpbPR3+ofoRrseO0Q9E=
-=Oxyw
+iD8DBQFCZpfUjUHll2nfF60RAmbaAJ49/H4RXaiWYThEr3InqQMGmLVYNACgup96
+IxvqLNdiz8yJRvdcZB2RScs=
+=xLfK
 -----END PGP SIGNATURE-----
diff --git a/www-apps/wordpress/files/digest-wordpress-1.5 b/www-apps/wordpress/files/digest-wordpress-1.5
new file mode 100644
index 000000000000..cd0e0d288dfa
--- /dev/null
+++ b/www-apps/wordpress/files/digest-wordpress-1.5
@@ -0,0 +1 @@
+MD5 df6dc18a7a0d93fa6bb187eb48b41612 latest-1.5.tar.gz 280251
diff --git a/www-apps/wordpress/files/dummy-templates.php b/www-apps/wordpress/files/dummy-templates.php
new file mode 100644
index 000000000000..c40c287c6784
--- /dev/null
+++ b/www-apps/wordpress/files/dummy-templates.php
@@ -0,0 +1,7 @@
+<?php
+
+die("The wp-admin/templates.php file has been removed due to XSS vulnerabilites that have not \n".
+		"yet been fixed upstream.  For more information, see \n".
+		"<a href=\"http://bugs.gentoo.org/show_bug.cgi?id=88926\">bug 88926</a> at Gentoo's bugzilla.");
+
+?>
diff --git a/www-apps/wordpress/wordpress-1.5.ebuild b/www-apps/wordpress/wordpress-1.5.ebuild
new file mode 100644
index 000000000000..928e1d766835
--- /dev/null
+++ b/www-apps/wordpress/wordpress-1.5.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apps/wordpress/wordpress-1.5.ebuild,v 1.1 2005/04/20 17:55:58 beu Exp $
+
+inherit webapp eutils
+
+#Wordpress releases have a release name tagged on the end of the version on the tar.gz files
+#wordpress 1.2.1 has no extension
+#MY_EXT="mingus"
+
+DESCRIPTION="Wordpress php and mysql based CMS system."
+HOMEPAGE="http://wordpress.org/"
+#Latest version is only available in the format!
+#Download is renamed by HTTP Header as wordpress-1.2.2.tar.gz
+SRC_URI="http://wordpress.org/latest-1.5.tar.gz"
+LICENSE="GPL-2"
+KEYWORDS="x86 ~ppc ~sparc"
+IUSE=""
+RDEPEND=">=dev-php/mod_php-4.1
+	 >=dev-db/mysql-3.23.23"
+
+DEPEND="${DEPEND} ${RDEPEND} >=net-www/webapp-config-1.10-r5"
+
+S="${WORKDIR}/${PN}"
+
+src_unpack() {
+	unpack ${A}
+# no patch needed anymore
+#	epatch ${FILESDIR}/${PV}/login-patch.diff
+}
+
+src_install() {
+	local docs="license.txt readme.html"
+
+	webapp_src_preinst
+
+	# remove wp-admin/templates.php (XSS exploit).  See bug #88926.
+	rm -f wp-admin/templates.php
+	cp ${FILESDIR}/dummy-templates.php wp-admin/templates.php
+
+	einfo "Installing main files"
+	cp -r * ${D}${MY_HTDOCSDIR}
+	einfo "Done"
+
+	# handle documentation files
+	#
+	# NOTE that doc files go into /usr/share/doc as normal; they do NOT
+	# get installed per vhost!
+
+	dodoc ${docs}
+	for doc in ${docs} INSTALL; do
+		rm -f ${doc}
+	done
+
+	# Identify the configuration files that this app uses
+	# User can want to make changes to these!
+	webapp_serverowned ${MY_HTDOCSDIR}/index.php
+	#webapp_serverowned ${MY_HTDOCSDIR}/wp-layout.css
+	webapp_serverowned ${MY_HTDOCSDIR}/wp-admin/menu.php
+	webapp_serverowned ${MY_HTDOCSDIR}
+
+	# Identify any script files that need #! headers adding to run under
+	# a CGI script (such as PHP/CGI)
+	#
+	# for wordpress, we *assume* that all .php files need to have CGI/BIN
+	# support added
+
+	for x in `find . -name '*.php' -print ` ; do
+		webapp_runbycgibin php ${MY_HTDOCSDIR}/$x
+	done
+
+	# post-install instructions
+	#webapp_postinst_txt en ${FILESDIR}/1.2/postinstall-en.txt
+
+	# now strut stuff
+	webapp_src_install
+}