Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 153303 - www-apps/wordpress-2.0.5 version bump
Summary: www-apps/wordpress-2.0.5 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Other
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3? [glsa] frilled
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-29 08:15 UTC by Jesus de Santos Garcia
Modified: 2006-11-17 14:36 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
wordpress 2.0.5 ebuild (wordpress-2.0.5.ebuild,2.81 KB, text/plain)
2006-10-30 01:50 UTC, Emanuele Gentili
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jesus de Santos Garcia 2006-10-29 08:15:10 UTC
A new version of wordpress is out with lot of bugfixes: http://wordpress.org/development/2006/10/205-ronan/
Comment 1 Emanuele Gentili 2006-10-30 01:50:36 UTC
Created attachment 100776 [details]
wordpress 2.0.5 ebuild
Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev 2006-10-30 11:36:12 UTC
"The latest in our venerable 2.0 series, which now counts over 1.2 million downloads, is available for download immediately, and we suggest everyone upgrade as this includes security fixes."

Re-assigning to security@g.o
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2006-10-30 11:41:07 UTC
Ok, checking with the fixed bugs in 2.0.5 [1] there seems to be only one security-related [2].

[1] http://trac.wordpress.org/query?status=closed&resolution=fixed&milestone=2.0.5
[2] http://trac.wordpress.org/ticket/2591
Comment 4 Jesus de Santos Garcia 2006-10-30 11:44:41 UTC
I will try tomorrow. I suppose I need to wait for the rsync servers replication...

---------------------------------------


ebuild wordpress-2.0.5.ebuild digest
Appending /usr/local to PORTDIR_OVERLAY...
>>> Downloading 'http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/distfiles/wordpress-2.0.5.tar.gz'
--20:42:52--  http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/distfiles/wordpress-2.0.5.tar.gz
           => `/usr/portage/distfiles/wordpress-2.0.5.tar.gz'
Resolving ftp.belnet.be... 193.190.198.20
Connecting to ftp.belnet.be|193.190.198.20|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
20:42:52 ERROR 404: Not Found.
Comment 5 Wolf Giesen (RETIRED) gentoo-dev 2006-10-30 21:29:28 UTC
Accepting bug; should be at least 3 sec-related fixes, though.

Rating B3 for now, mostly for the unserialize() problem - feel free to comment.
Comment 6 Peter Westwood 2006-10-31 03:18:56 UTC
(In reply to comment #5)
> Accepting bug; should be at least 3 sec-related fixes, though.
> 
> Rating B3 for now, mostly for the unserialize() problem - feel free to comment.
> 

The fix for this is also security related - http://trac.wordpress.org/ticket/3142

Although not vulnerable by default as it requires user registration to be enabled you could spy out the metadata of other users (email, etc) including the admin account.
Comment 7 Jesus de Santos Garcia 2006-11-01 04:40:55 UTC
Two days later and wordpress-2.0.5.tar.gz still cannot be found in the mirrors when doing ebuild digest.

May be there is something i am doing wrong...
Comment 8 Peter Westwood 2006-11-01 05:30:46 UTC
(In reply to comment #7)
> Two days later and wordpress-2.0.5.tar.gz still cannot be found in the mirrors
> when doing ebuild digest.
> 
> May be there is something i am doing wrong...
> 

Yes

wordpress-2.0.5.tar.gz will only reach the mirrors once the new ebuild is committed to the tree.
Comment 9 Jesus de Santos Garcia 2006-11-01 05:48:28 UTC
It upgraded nicely from previous version.

----

Portage 2.1.1-r1 (default-linux/x86/2006.0, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gent                                   oo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 Intel(R) Celeron(R) CPU 2.40GHz
Gentoo Base System version 1.12.5
Last Sync: Wed, 01 Nov 2006 01:50:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.3.5-r2, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -pipe -march=pentium4 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/NX/etc /usr/NX/home /usr/share/X11/xkb /usr/share/logw                                   atch /var/www/localhost/htdocs/cacti/include"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O3 -pipe -march=pentium4 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks metadata-transfer sandbox sfper                                   ms strict"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://linu                                   v.uv.es/mirror/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress                                    --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/d                                   istfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 X acpi alsa apache2 berkdb bitmap-fonts bzip2 cli cracklib crypt dlload                                   er dri eds elibc_glibc emboss encode fam foomaticdb gdbm gif gnome gstreamer gtk                                    gtk2 iconv imlib input_devices_keyboard input_devices_mouse isdnlog jpeg kernel                                   _linux libg++ libwww mad mikmod mmx motif mp3 mpeg ncurses nls nptl nptlonly ogg                                    pam pcre perl png pppd python qt3 qt4 quicktime readline reflection samba sdl s                                   ession snmp spl sse sse2 ssl svg tiff truetype truetype-fonts type1-fonts udev u                                   sb userland_GNU video_cards_fglrx vorbis xml xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGU                                   AS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 10 Wolf Giesen (RETIRED) gentoo-dev 2006-11-06 03:44:05 UTC
Anything preventing this from hitting cvs?
Comment 11 Aaron Kulbe (RETIRED) gentoo-dev 2006-11-07 07:27:07 UTC
Time. I just committed it now.
Comment 12 Wolf Giesen (RETIRED) gentoo-dev 2006-11-07 08:39:41 UTC
Heh, ok .-)

Arches, please test & mark stable.
Comment 13 Jesus de Santos Garcia 2006-11-07 09:14:20 UTC
> 
> Yes
> 
> wordpress-2.0.5.tar.gz will only reach the mirrors once the new ebuild is
> committed to the tree.
> 

Already committed and the same problem:

>>> Emerging (1 of 1) www-apps/wordpress-2.0.5 to /
>>> Downloading 'http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/distfiles/wordpress-2.0.5.tar.gz'
--18:11:22--  http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/distfiles/wordpress-2.0.5.tar.gz
           => `/usr/portage/distfiles/wordpress-2.0.5.tar.gz'
Resolving ftp.belnet.be... 193.190.198.20
Connecting to ftp.belnet.be|193.190.198.20|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
18:11:22 ERROR 404: Not Found.


Comment 14 Tobias Scherbaum (RETIRED) gentoo-dev 2006-11-07 10:27:52 UTC
ppc stable
Comment 15 Aaron Kulbe (RETIRED) gentoo-dev 2006-11-07 10:58:23 UTC
I put the tarball on the distfiles-local mirror. It will take a while to propagate to the other mirrors.
Comment 16 Markus Meier gentoo-dev 2006-11-07 11:29:47 UTC
www-apps/wordpress-2.0.5  USE="-vhosts"
1. emerges on x86
2. passes collision test
3. works

Portage 2.1.1-r1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17.13 i686)
=================================================================
System uname: 2.6.17.13 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.6
Last Sync: Tue, 07 Nov 2006 17:50:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt css cups dbus divx4linux dlloader dri dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3 mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 17 Gustavo Zacarias (RETIRED) gentoo-dev 2006-11-07 11:43:02 UTC
sparc stable.
Comment 18 Joshua Jackson (RETIRED) gentoo-dev 2006-11-07 21:10:18 UTC
x86 is stable ^.^
Comment 19 Danny van Dyk (RETIRED) gentoo-dev 2006-11-08 09:51:48 UTC
Hm, somewhere is a dep on net-www/apache missing. On a fresh stage3,

  emerge --onlydeps www-apps/wordpress
  ACCEPT_KEYWORDS="~amd64" emerge "=www-apps/wordpress-2.0.5"

yields:

 * vhosts USE flag not set - auto-installing using webapp-config
 * This is an installation
 * wordpress-2.0.5 is not installed - using install mode
 * Running //usr/sbin/webapp-config -I -h localhost -u root -d /wordpress wordpress 2.0.5
* Fatal error: Your configuration file sets the server type "Apache"
* Fatal error: but the corresponding package does not seem to be installed!
* Fatal error: Please "emerge >=net-www/apache-1.3" or correct your settings.
* Fatal error(s) - aborting

Besides that, it works. Stable on amd64.
Comment 20 Wolf Giesen (RETIRED) gentoo-dev 2006-11-08 10:19:14 UTC
Hm, I'd say you need to configure your webapp-config. At least I hope WordPress runs on others httpds like lightttpd, too ...
Comment 21 Aaron Kulbe (RETIRED) gentoo-dev 2006-11-08 13:20:45 UTC
Per Stuart, this is a webapp-config bug. It should not be checking to see if a specific web server is installed, or not.
Comment 22 Jeroen Roovers (RETIRED) gentoo-dev 2006-11-08 19:21:41 UTC
Stable for HPPA. All done. Sorry for the loooong wait.
Comment 23 Wolf Giesen (RETIRED) gentoo-dev 2006-11-08 22:36:03 UTC
Thanks. SecTeam, review draft please.
Comment 24 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-17 14:36:39 UTC
GLSA 200611-10