kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/php-ja-wordpress/MESSAGE
taca 654dc88fd0 www/php-ja-wordpress: update to 5.4.2 
Update php-ja-wordpress to 5.4.2

pkgsrc changes: clean up Makefile a little.


Quote from release document but omit maintenance updates for 5.4.1 and
later.

5.3.2 (2019-12-18)

Maintenance updates

- Date/Time: Ensure that get_feed_build_date() correctly handles a modified
  post object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a
  file with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination
  directory is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the
  .active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set
  future or publish status, use a proper delta comparison.

5.4 (2020-03-31)

Too much to include here, visit
https://wordpress.org/support/wordpress-version/version-5-4/

5.4.1 (2020-04-29)5.4

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1
fixes them, so you'll want to upgrade. If you haven't yet updated to 5.4,
there are also updated versions of 5.3 and earlier that fix the security
issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported
  an issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be
  viewed unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS
  issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who
  discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently
  reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was
  discovered by Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in
  5.4 RC5. We wanted to be sure to give credit and thank them for all of
  their work in making WordPress more secure.

5.4.2 (2020-06-10)

Security Updates

WordPress versions 5.4 and earlier are affected by the following bugs, which
are fixed in version 5.4.2. If you haven't yet updated to 5.4, there are
also updated versions of 5.3 and earlier that fix the security issues.

- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where
  authenticated users with low privileges are able to add JavaScript to
  posts in the block editor.
- Props to Luigi - (gubello.me) for discovering an XSS issue where
  authenticated users with upload permissions are able to add JavaScript to
  media files.
- Props to Ben Bidner of the WordPress Security Team for finding an open
  redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme
  uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where
  set-screen-option can be misused by plugins leading to privilege
  escalation.
- Props to Carolina Nymark for discovering an issue where comments from
  password-protected posts and pages could be displayed under certain
  conditions.
2020-06-21 16:42:55 +00:00

61 lines
1.9 KiB
Text
Raw Blame History

===========================================================================
$NetBSD: MESSAGE,v 1.5 2020/06/21 16:42:55 taca Exp $
To use Japanese localized WordPress with Apache httpd 2.4 and php-fpm,
you will need to perform the following steps.
1. Install databases/mysql57-server, and enable it, and set root password.
2. Create the database for WordPress.
$ mysql -u root -p
Enter password:
mysql> create database wordpressdb;
3. Create MySQL user account for WordPress, and grant permission for them.
$ mysql -u root -p
Enter password:
mysql> grant all on wordpressdb.* to 'wpadmin'@'localhost' \
identified by 'wppassword';
4. Edit ${PREFIX}/share/ja-wordpress/wp-config.php, and it should have
the following lines.
define('DB_NAME', 'wordpressdb');
define('DB_USER', 'wpadmin');
define('DB_PASSWORD', 'wppassword');
define('DB_HOST', 'localhost');
5. Edit ${PREFIX}/etc/httpd/httpd.conf, and add the following line at
the its bottom.
LoadModule proxy_module lib/httpd/mod_proxy.so
LoadModule proxy_fcgi_module lib/httpd/mod_proxy_fcgi.so
ProxyPassMatch ^/wordpress/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/${PREFIX}/share/ja-wordpress/$1
Alias /wordpress ${PREFIX}/share/ja-wordpress
<Directory "${PREFIX}/share/ja-wordpress">
Order allow,deny
Allow from all
AllowOverride FileInfo All
Require all granted
DirectoryIndex index.php
</Directory>
6. Add the following line to ${PREFIX}/etc/php.ini.
extension=mysql.so
7. Adjust ${PREFIX}/etc/ja-wordpress.conf for your environment.
8. Start Apache httpd 2.4 and php-fpm, and access
http://localhost/wordpress/ , and enter website name etc.
For further post-installation customisation you may need to make
changes to file permissions etc. based on the functionality that
you require. A good starting place for these issues can be found
in this article:
http://codex.wordpress.org/Hardening_WordPress
===========================================================================
Reference in a new issue View git blame Copy permalink