[arch-commits] Commit in wordpress/trunk (PKGBUILD password_reset_exploit.patch)

Fri Feb 22 15:51:19 UTC 2019

Date: Friday, February 22, 2019 @ 15:51:17
  Author: arodseth
Revision: 435215

upgpkg: wordpress 5.1-1

Modified:
  wordpress/trunk/PKGBUILD
  wordpress/trunk/password_reset_exploit.patch

------------------------------+
 PKGBUILD                     |   25 ++++++++---------
 password_reset_exploit.patch |   58 +++++++++++++++++++----------------------
 2 files changed, 40 insertions(+), 43 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2019-02-22 15:51:07 UTC (rev 435214)
+++ PKGBUILD	2019-02-22 15:51:17 UTC (rev 435215)
@@ -5,33 +5,32 @@
 # Contributor: Christopher Rogers <slaxemulator at gmail.com>
 
 pkgname=wordpress
-pkgver=5.0.3
+pkgver=5.1
 pkgrel=1
 pkgdesc='Blog tool and publishing platform'
-arch=('any')
+arch=(any)
 url='https://wordpress.org/'
-license=('GPL')
-depends=('php')
+license=(GPL)
+depends=(php)
 optdepends=('nginx: Web server for serving WordPress'
             'apache: Web server for serving WordPress'
             'mariadb: Database server')
-options=('emptydirs')
-install="$pkgname.install"
+options=(emptydirs)
+install=$pkgname.install
 source=("https://wordpress.org/$pkgname-$pkgver.tar.gz"
-        'password_reset_exploit.patch')
-sha256sums=('9aa4d1bc9acc39279f15e914415be87af01a886287b1b92b3a80426a4edbd78a'
-            'e73886f5cd0dd79a1ddc64113b181df0d32cefc975a09796994e885d75361726')
+        password_reset_exploit.patch)
+sha256sums=('debd29c267021e34f59c31b210dd82e9c476fa9f1abdc62b5fdd1d50078fed4a'
+            '84c716953fb1aad583bfe62c2aba88173b760c60a90f6752228d4ba966e647b9')
 
 prepare() {
-  cd "$pkgname"
-
+  cd $pkgname
   patch -p1 -i "$srcdir/password_reset_exploit.patch"
 }
 
 package() {
   install -d "$pkgdir/usr/share/webapps"
-  cp -r "$pkgname" "$pkgdir/usr/share/webapps"
+  cp -r $pkgname "$pkgdir/usr/share/webapps"
 }
 
-# getver: wordpress.org/download/
+# getver: core.trac.wordpress.org/timeline?milestone=on
 # vim: ts=2 sw=2 et:

Modified: password_reset_exploit.patch
===================================================================
--- password_reset_exploit.patch	2019-02-22 15:51:07 UTC (rev 435214)
+++ password_reset_exploit.patch	2019-02-22 15:51:17 UTC (rev 435215)
@@ -1,33 +1,31 @@
 --- a/wp-includes/pluggable.php	2017-05-07 15:19:40.838218673 +0200
 +++ b/wp-includes/pluggable.php	2017-05-07 15:25:35.661548515 +0200
-@@ -321,15 +321,21 @@
- 	 * https://core.trac.wordpress.org/ticket/5007.
- 	 */
-
--	if ( !isset( $from_email ) ) {
--		// Get the site domain and get rid of www.
--		$sitename = strtolower( $_SERVER['SERVER_NAME'] );
--		if ( substr( $sitename, 0, 4 ) == 'www.' ) {
--			$sitename = substr( $sitename, 4 );
--		}
+@@ -328,14 +328,20 @@
+ 		 * https://core.trac.wordpress.org/ticket/5007.
+ 		 */
+ 
+-		if ( ! isset( $from_email ) ) {
+-			// Get the site domain and get rid of www.
+-			$sitename = strtolower( $_SERVER['SERVER_NAME'] );
+-			if ( substr( $sitename, 0, 4 ) == 'www.' ) {
+-				$sitename = substr( $sitename, 4 );
+-			}
 -
--		$from_email = 'wordpress@' . $sitename;
--	}
-+    // Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092
-+    if ( !isset( $from_email ) ) {
-+        // Get the site domain and get rid of www.
-+        $sitename = strtolower( WP_HOME );
-+        if ( substr( $sitename, 0, 7 ) == 'http://' ) {
-+            $sitename = substr( $sitename, 7 );
-+        }
-+        if ( substr( $sitename, 0, 8 ) == 'https://' ) {
-+            $sitename = substr( $sitename, 8 );
-+        }
-+        if ( substr( $sitename, 0, 4 ) == 'www.' ) {
-+            $sitename = substr( $sitename, 4 );
-+        }
-+        $from_email = 'wordpress@' . $sitename;
-+    }
-
- 	/**
- 	 * Filters the email address to send from.
+-			$from_email = 'wordpress@' . $sitename;
++		// Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092
++		if ( !isset( $from_email ) ) {
++				// Get the site domain and get rid of www.
++				$sitename = strtolower( WP_HOME );
++				if ( substr( $sitename, 0, 7 ) == 'http://' ) {
++						$sitename = substr( $sitename, 7 );
++				}
++				if ( substr( $sitename, 0, 8 ) == 'https://' ) {
++						$sitename = substr( $sitename, 8 );
++				}
++				if ( substr( $sitename, 0, 4 ) == 'www.' ) {
++						$sitename = substr( $sitename, 4 );
++				}
++				$from_email = 'wordpress@' . $sitename;
+ 		}
+ 
+ 		/**

