diff --git a/changeset_r11798.diff b/changeset_r11798.diff new file mode 100644 index 0000000..0945215 --- /dev/null +++ b/changeset_r11798.diff @@ -0,0 +1,11 @@ +Index: /branches/2.8/wp-login.php +=================================================================== +--- /branches/2.8/wp-login.php (revision 11514) ++++ /branches/2.8/wp-login.php (revision 11798) +@@ -188,5 +188,5 @@ + $key = preg_replace('/[^a-z0-9]/i', '', $key); + +- if ( empty( $key ) ) ++ if ( empty( $key ) || is_array( $key ) ) + return new WP_Error('invalid_key', __('Invalid key')); + diff --git a/wordpress.spec b/wordpress.spec index 2c6dc48..ff6ec9d 100644 --- a/wordpress.spec +++ b/wordpress.spec @@ -3,7 +3,7 @@ URL: http://www.wordpress.org Name: wordpress Version: 2.8.3 Group: Applications/Publishing -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Source0: http://wordpress.org/%{name}-%{version}.tar.gz Source1: wordpress-httpd-conf @@ -11,6 +11,7 @@ Source2: README.fedora.wordpress BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: php >= 4.1.0, httpd, php-mysql BuildArch: noarch +Patch0: changeset_r11798.diff %description Wordpress is an online publishing / weblog package that makes it very easy, @@ -18,6 +19,7 @@ almost trivial, to get information out to people on the web. %prep %setup -q -n wordpress +%patch0 -p3 # disable wp_version_check, updates are always installed via rpm sed -i -e "s,\(.*\)'wp_version_check'\(.*\),#\1'wp_version_check'\2,g" \ wp-includes/update.php @@ -77,6 +79,10 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{_sysconfdir}/wordpress %changelog +* Tue Aug 11 2009 Adrian Reber - 2.8.3-2 +- another security update to fix "Remote admin reset password": + http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html + * Mon Aug 03 2009 Adrian Reber - 2.8.3-1 - updated to 2.8.3 for security fixes