diff --git a/.cvsignore b/.cvsignore index 9a585ee..ff07df1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -wordpress-2.0.4.tar.gz +wordpress-2.0.5.tar.gz diff --git a/sources b/sources index acfe7d1..318205c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -0de8e4b2051ce9313a23d7726210d5e3 wordpress-2.0.4.tar.gz +f16ffc47e22ba3540a1e4f32354fae0e wordpress-2.0.5.tar.gz diff --git a/wordpress-bz213985.patch b/wordpress-bz213985.patch deleted file mode 100644 index 58d8f5c..0000000 --- a/wordpress-bz213985.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -ruN wp-204/wp-content/plugins/wp-db-backup.php wp-205/wp-content/plugins/wp-db-backup.php ---- wp-204/wp-content/plugins/wp-db-backup.php 2006-07-26 18:56:56.000000000 -0400 -+++ wp-205/wp-content/plugins/wp-db-backup.php 2006-09-25 14:51:54.000000000 -0400 -@@ -4,7 +4,7 @@ - Plugin URI: http://www.skippy.net/blog/plugins/ - Description: On-demand backup of your WordPress database. - Author: Scott Merrill --Version: 1.7 -+Version: 1.8 - Author URI: http://www.skippy.net/ - - Much of this was modified from Mark Ghosh's One Click Backup, which -@@ -69,7 +69,8 @@ - $via = isset($_GET['via']) ? $_GET['via'] : 'http'; - - $this->backup_file = $_GET['backup']; -- -+ $this->validate_file($this->backup_file); -+ - switch($via) { - case 'smtp': - case 'email': -@@ -95,6 +96,7 @@ - } - if (isset($_GET['fragment'] )) { - list($table, $segment, $filename) = explode(':', $_GET['fragment']); -+ $this->validate_file($filename); - $this->backup_fragment($table, $segment, $filename); - } - -@@ -881,6 +883,18 @@ - - return; - } // wp_cron_db_backup -+ -+ function validate_file($file) { -+ if (false !== strpos($file, '..')) -+ die(__("Cheatin' uh ?")); -+ -+ if (false !== strpos($file, './')) -+ die(__("Cheatin' uh ?")); -+ -+ if (':' == substr($file, 1, 1)) -+ die(__("Cheatin' uh ?")); -+ } -+ - } - - function wpdbBackup_init() { diff --git a/wordpress.spec b/wordpress.spec index 1ee1347..bb1a942 100644 --- a/wordpress.spec +++ b/wordpress.spec @@ -1,9 +1,9 @@ Summary: WordPress blogging software URL: http://www.wordpress.org Name: wordpress -Version: 2.0.4 +Version: 2.0.5 Group: Applications/Publishing -Release: 4%{?dist} +Release: 1%{?dist} License: GPL # Source0 with name-version does not work for web retrieval, # latest.tar.gz does not work for build @@ -11,7 +11,6 @@ License: GPL Source0: http://wordpress.org/%{name}-%{version}.tar.gz Source1: wordpress-httpd-conf Source2: README.fedora.wordpress -Patch0: wordpress-bz213985.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: php >= 4.1.0, httpd, php-mysql BuildArch: noarch @@ -22,7 +21,6 @@ almost trivial, to get information out to people on the web. %prep %setup -q -n wordpress -%patch0 -p1 %install mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/wordpress @@ -74,6 +72,9 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{_sysconfdir}/wordpress %changelog +* Wed Dec 27 2006 John Berninger - 2.0.5-1 +- ver 2.0.5 to fix bz 220818 + * Sun Dec 3 2006 John Berninger - 2.0.4-4 - Remove mysql-server dependency for real this time.