Eric Brown: PR pkg/52567: Readme.MacOSX is out of date
Additional changes by me: don't mention that the file isn't README.OSX
due to OS X being a different name, because the new name macOS makes
the filename less confusing.
Upstream has very complicated ifdefs that try to define UNIX
everywhere but windows, except that it fails to include NetBSD. Then,
it uses UNIX to avoid using the non-standard stricmp and instead use
the POSIX-conforming strcasecmp.
For pkgsrc, rip out an entire screenful of complexity and just define
UNIX if not defined. Resolves build on NetBSD 7, and probably other places.
Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).
And 6 other fixes:
* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.
*I18N
- #41794 - Support numbers in locales during installation
* Security
- #13377 - Add more sanitization in _cleanup_header_comment
*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called
More on https://codex.wordpress.org/Version_4.8.2
Notes from py-unittest2:
There was a separate version of unittest2 for Python 3. This is no longer needed, but still exists on PyPI. This had the project name "unittest2py3k" but uses the same package name ("unittest2").
From trebol via pkgsrc-users.
While here, regenerate patches (one per file, unified diffs).
Bump PKGREVISION.
(This commit message was written in sam.)
Add a PRINT_PLIST_AWK to help avoid this being removed again in the future,
though with all the PLIST_VARS used it's still difficult to keep updated. It
is probably worth splitting the vars into individual PLIST files instead.
Unfortunately this still does not build due to errors in the book. It's
likely this package should just be deleted, but I'll leave it around for
now in case someone speaks gnuchess and is able to patch it sufficiently.
Bump PKGREVISION anyway for the LICENSE change.
