Date: Sunday, April 5, 2020 @ 15:38:36 Author: arodseth Revision: 611862
upgpkg: wordpress 5.4-1 Modified: wordpress/trunk/PKGBUILD Deleted: wordpress/trunk/password_reset_exploit.patch ------------------------------+ PKGBUILD | 13 +++---------- password_reset_exploit.patch | 31 ------------------------------- 2 files changed, 3 insertions(+), 41 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-04-05 15:38:28 UTC (rev 611861) +++ PKGBUILD 2020-04-05 15:38:36 UTC (rev 611862) @@ -5,7 +5,7 @@ # Contributor: Christopher Rogers <slaxemula...@gmail.com> pkgname=wordpress -pkgver=5.3.2 +pkgver=5.4 pkgrel=1 pkgdesc='Blog tool and publishing platform' arch=(any) @@ -17,16 +17,9 @@ 'mariadb: Database server') options=(emptydirs) install=$pkgname.install -source=("https://wordpress.org/$pkgname-$pkgver.tar.gz" - password_reset_exploit.patch) -sha256sums=('e186687e82a154da187dce888c016284e2afe9eb3088e3f365db811e06910167' - '84c716953fb1aad583bfe62c2aba88173b760c60a90f6752228d4ba966e647b9') +source=("https://wordpress.org/$pkgname-$pkgver.tar.gz") +sha256sums=('39c326170d0e18ea6daac4d3082574d2ae66cbdbc0a0b34b3e286693f27af283') -prepare() { - cd $pkgname - patch -p1 -i "$srcdir/password_reset_exploit.patch" -} - package() { install -d "$pkgdir/usr/share/webapps" cp -r $pkgname "$pkgdir/usr/share/webapps" Deleted: password_reset_exploit.patch =================================================================== --- password_reset_exploit.patch 2020-04-05 15:38:28 UTC (rev 611861) +++ password_reset_exploit.patch 2020-04-05 15:38:36 UTC (rev 611862) @@ -1,31 +0,0 @@ ---- a/wp-includes/pluggable.php 2017-05-07 15:19:40.838218673 +0200 -+++ b/wp-includes/pluggable.php 2017-05-07 15:25:35.661548515 +0200 -@@ -328,14 +328,20 @@ - * https://core.trac.wordpress.org/ticket/5007. - */ - -- if ( ! isset( $from_email ) ) { -- // Get the site domain and get rid of www. -- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); -- if ( substr( $sitename, 0, 4 ) == 'www.' ) { -- $sitename = substr( $sitename, 4 ); -- } -- -- $from_email = 'wordpress@' . $sitename; -+ // Thanks simlevesque @ https://news.ycombinator.com/item?id=14265092 -+ if ( !isset( $from_email ) ) { -+ // Get the site domain and get rid of www. -+ $sitename = strtolower( WP_HOME ); -+ if ( substr( $sitename, 0, 7 ) == 'http://' ) { -+ $sitename = substr( $sitename, 7 ); -+ } -+ if ( substr( $sitename, 0, 8 ) == 'https://' ) { -+ $sitename = substr( $sitename, 8 ); -+ } -+ if ( substr( $sitename, 0, 4 ) == 'www.' ) { -+ $sitename = substr( $sitename, 4 ); -+ } -+ $from_email = 'wordpress@' . $sitename; - } - - /**