[evolvis-commits] r18294: Prepared new upstream release

mirabilos at evolvis.org mirabilos at evolvis.org
Wed Apr 11 11:16:14 CEST 2012


Author: mirabilos
Date: 2012-04-11 11:16:14 +0200 (Wed, 11 Apr 2012)
New Revision: 18294

Added:
   trunk/mediawiki/debian/patches/add_rss_guid.patch
   trunk/mediawiki/debian/patches/detect_invalid_titles.patch
Modified:
   trunk/mediawiki/debian/README.Debian
   trunk/mediawiki/debian/changelog
   trunk/mediawiki/debian/control
   trunk/mediawiki/debian/control.in
   trunk/mediawiki/debian/patches/debian_specific_config.patch
   trunk/mediawiki/debian/patches/mimetypes.patch
   trunk/mediawiki/debian/patches/series
   trunk/mediawiki/debian/patches/texvc_location.patch
Log:
Prepared new upstream release

Modified: trunk/mediawiki/debian/README.Debian
===================================================================
--- trunk/mediawiki/debian/README.Debian	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/README.Debian	2012-04-11 09:16:14 UTC (rev 18294)
@@ -62,35 +62,6 @@
           php /var/lib/mediawiki/maintenance/update.php
 	This shall need a proper php5 binary, as provided in php5-cli
 
-Upgrading from mediawiki1.x packages:
-        This part is only useful for upgrading from old mediawiki1.x packages.
-        Starting with debian lenny, upgrade are done using the previous 
-        method.
-        .
-	A rapid sketch of what you need to do is as follow:
-	1) Dump your database to a text file.
-		mysqldump --add-drop-table -u <user> -p <my-database> > /path/to/file.sql
-	2) Copy the configuration files from /etc/mediawiki1.x to /var/lib/mediawiki and make them writable for
-	     your webserver user -- usualy www-data.
-		cp /var/lib/mediawiki1.x/LocalSettings.php /etc/mediawiki
-		cp /var/lib/mediawiki1.x/AdminSettings.php /etc/mediawiki (if exists)
-	3) Add the following line at the beginning of your /etc/mediawiki/LocalSettings.php if it does not exist:
-		define(MW_INSTALL_PATH,"/var/lib/mediawiki");
-	4) Execute the update script:
-	   You will need an AdminSettings.php file.
-  	     If you don't have any, a sample is available at:
-	       /usr/share/doc/mediawiki/examples/AdminSettings.sample
-             You may fill in this file and copy it in /etc/mediawiki.
-	     If you use the mysql root account, you may delete it afterward.
-	   Then run this command:
-		php /var/lib/mediawiki/maintenance/update.php
-	   This shall need a proper php5 binary, as provided in php5-cli
-	5) Execute the rebuildall script:
-		php /var/lib/mediawiki/maintenance/rebuildall.php
-	6) Copy the old upload directory (this location has been switched to /images, according to upstream):
-		cp -rf /var/lib/mediawiki1.x/upload/* /var/lib/mediawiki/images/
-	7) Update your web server configuration to point to /var/lib/mediawiki
-
 Configuring apache and MySQL:
 	A good how-to to correctly setup the application used by mediawiki can be found there:
 	http://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_GNU/Linux

Modified: trunk/mediawiki/debian/changelog
===================================================================
--- trunk/mediawiki/debian/changelog	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/changelog	2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,3 +1,34 @@
+mediawiki (1:1.15.2-1) unstable; urgency=high
+
+  * New upstream release.
+  * Fixes security issue:
+  "Two security issues were discovered:
+
+   A CSS validation issue was discovered which allows editors to display
+   external images in wiki pages. This is a privacy concern on public
+   wikis, since a malicious user may link to an image on a server they
+   control, which would allow that attacker to gather IP addresses and
+   other information from users of the public wiki. All sites running
+   publicly-editable MediaWiki installations are advised to upgrade. All
+   versions of MediaWiki (prior to this one) are affected.
+
+   A data leakage vulnerability was discovered in thumb.php which affects
+   wikis which restrict access to private files using img_auth.php, or
+   some similar scheme. All versions of MediaWiki since 1.5 are affected."
+  * Updated standards.
+  * Removed section about upgrading from mediawiki1.x packages
+    in README.Debian since they do not exist in any supported distribution
+    anymore.
+  * Switched php5-gd and imagemagick in Suggests. Closes: #542008
+  * Backported patch from revision 51083 to fix a bug with invalid titles.
+  Closes: #537134
+  * Backported patch from revision 61090 to add a unique guid per RSS
+    feed element.
+  Closes: #383130
+  * Refreshed patches. 
+
+ -- Romain Beauxis <toots at rastageeks.org>  Mon, 15 Mar 2010 11:41:07 -0500
+
 mediawiki (1:1.15.1-1) unstable; urgency=low
 
   * New upstream release.

Modified: trunk/mediawiki/debian/control
===================================================================
--- trunk/mediawiki/debian/control	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/control	2012-04-11 09:16:14 UTC (rev 18294)
@@ -3,9 +3,9 @@
 Priority: optional
 Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
 Uploaders: Romain Beauxis <toots at rastageeks.org>
-Build-Depends: debhelper (>= 7.0.1), quilt, patchutils (>= 0.2.25), cdbs (>= 0.4.27), ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
+Build-Depends: cdbs (>= 0.4.53), debhelper (>= 7.0.1), quilt, patchutils (>= 0.2.25), ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
 Homepage: http://www.mediawiki.org/
-Standards-Version: 3.8.2
+Standards-Version: 3.8.4
 
 Package: mediawiki
 Architecture: all

Modified: trunk/mediawiki/debian/control.in
===================================================================
--- trunk/mediawiki/debian/control.in	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/control.in	2012-04-11 09:16:14 UTC (rev 18294)
@@ -5,13 +5,13 @@
 Uploaders: Romain Beauxis <toots at rastageeks.org>
 Build-Depends: @cdbs@, ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
 Homepage: http://www.mediawiki.org/
-Standards-Version: 3.8.2
+Standards-Version: 3.8.4
 
 Package: mediawiki
 Architecture: all
 Depends: apache2 | httpd, php5, php5-mysql | php5-pgsql | php5-sqlite, mime-support, ${misc:Depends} 
 Recommends: mysql-server | postgresql-contrib, php5-cli
-Suggests: php5-gd | imagemagick, mediawiki-math, memcached, clamav
+Suggests: imagemagick | php5-gd, mediawiki-math, memcached, clamav
 Description: website engine for collaborative work
  MediaWiki is a wiki engine (a program for creating a collaboratively
  edited website). It is designed to handle heavy websites containing

Added: trunk/mediawiki/debian/patches/add_rss_guid.patch
===================================================================
--- trunk/mediawiki/debian/patches/add_rss_guid.patch	                        (rev 0)
+++ trunk/mediawiki/debian/patches/add_rss_guid.patch	2012-04-11 09:16:14 UTC (rev 18294)
@@ -0,0 +1,77 @@
+Index: mediawiki-1.15.2/includes/Feed.php
+===================================================================
+--- mediawiki-1.15.2.orig/includes/Feed.php	2008-11-18 18:11:14.000000000 -0600
++++ mediawiki-1.15.2/includes/Feed.php	2010-03-15 12:16:49.000000000 -0500
+@@ -37,6 +37,8 @@
+ 	var $Url = '';
+ 	var $Date = '';
+ 	var $Author = '';
++	var $UniqueId = '';
++	var $RSSIsPermalink;
+ 	/**#@-*/
+ 
+ 	/**#@+
+@@ -47,6 +49,8 @@
+ 		$this->Title = $Title;
+ 		$this->Description = $Description;
+ 		$this->Url = $Url;
++		$this->UniqueId = $Url;
++		$this->RSSIsPermalink = false;
+ 		$this->Date = $Date;
+ 		$this->Author = $Author;
+ 		$this->Comments = $Comments;
+@@ -58,6 +62,28 @@
+ 		return htmlspecialchars( $string );
+ 	}
+ 
++	/**
++	 * Get the unique id of this item
++	 *
++	 * @return String
++	 */
++	public function getUniqueId() {
++		if ( $this->UniqueId ) {
++			return $this->xmlEncode( $this->UniqueId );
++		}
++	}
++
++	/**
++	 * set the unique id of an item
++	 *
++	 * @param $uniqueId String: unique id for the item
++	 * @param $RSSisPermalink Boolean: set to true if the guid (unique id) is a permalink (RSS feeds only)
++	 */
++	public function setUniqueId($uniqueId, $RSSisPermalink = False) {
++		$this->UniqueId = $uniqueId;
++		$this->RSSIsPermalink = $isPermalink;
++	}
++
+ 	public function getTitle() {
+ 		return $this->xmlEncode( $this->Title );
+ 	}
+@@ -84,7 +110,7 @@
+ 	public function getComments() {
+ 		return $this->xmlEncode( $this->Comments );
+ 	}
+-	
++
+ 	/**
+ 	 * Quickie hack... strip out wikilinks to more legible form from the comment.
+ 	 */
+@@ -217,6 +243,7 @@
+ 		<item>
+ 			<title><?php print $item->getTitle() ?></title>
+ 			<link><?php print $item->getUrl() ?></link>
++			<guid<?php if( $item->RSSIsPermalink ) print ' isPermaLink="true"' ?>><?php print $item->getUniqueId() ?></guid>
+ 			<description><?php print $item->getDescription() ?></description>
+ 			<?php if( $item->getDate() ) { ?><pubDate><?php print $this->formatTime( $item->getDate() ) ?></pubDate><?php } ?>
+ 			<?php if( $item->getAuthor() ) { ?><dc:creator><?php print $item->getAuthor() ?></dc:creator><?php }?>
+@@ -297,7 +324,7 @@
+ 		global $wgMimeType;
+ 	?>
+ 	<entry>
+-		<id><?php print $item->getUrl() ?></id>
++		<id><?php print $item->getUniqueId() ?></id>
+ 		<title><?php print $item->getTitle() ?></title>
+ 		<link rel="alternate" type="<?php print $wgMimeType ?>" href="<?php print $item->getUrl() ?>"/>
+ 		<?php if( $item->getDate() ) { ?>

Modified: trunk/mediawiki/debian/patches/debian_specific_config.patch
===================================================================
--- trunk/mediawiki/debian/patches/debian_specific_config.patch	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/debian_specific_config.patch	2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/config/index.php
+Index: mediawiki-1.15.2/config/index.php
 ===================================================================
---- mediawiki-1.15.0.orig/config/index.php	2009-06-19 01:51:35.000000000 +0200
-+++ mediawiki-1.15.0/config/index.php	2009-06-19 01:52:30.000000000 +0200
+--- mediawiki-1.15.2.orig/config/index.php	2009-05-08 00:51:15.000000000 -0500
++++ mediawiki-1.15.2/config/index.php	2010-03-15 12:01:59.000000000 -0500
 @@ -232,7 +232,7 @@
  if( !is_writable( "." ) ) {
  	dieout( "<h2>Can't write config file, aborting</h2>

Added: trunk/mediawiki/debian/patches/detect_invalid_titles.patch
===================================================================
--- trunk/mediawiki/debian/patches/detect_invalid_titles.patch	                        (rev 0)
+++ trunk/mediawiki/debian/patches/detect_invalid_titles.patch	2012-04-11 09:16:14 UTC (rev 18294)
@@ -0,0 +1,14 @@
+Index: mediawiki-1.15.2/includes/specials/SpecialMostlinked.php
+===================================================================
+--- mediawiki-1.15.2.orig/includes/specials/SpecialMostlinked.php	2008-07-17 20:31:18.000000000 -0500
++++ mediawiki-1.15.2/includes/specials/SpecialMostlinked.php	2010-03-15 12:02:51.000000000 -0500
+@@ -75,6 +75,9 @@
+ 	function formatResult( $skin, $result ) {
+ 		global $wgLang;
+ 		$title = Title::makeTitleSafe( $result->namespace, $result->title );
++                if ( !$title ) {
++                        return '<!-- ' . htmlspecialchars( "Invalid title: [[$title]]" ) . ' -->';
++                }
+ 		$link = $skin->makeLinkObj( $title );
+ 		$wlh = $this->makeWlhLink( $title,
+ 			wfMsgExt( 'nlinks', array( 'parsemag', 'escape'),

Modified: trunk/mediawiki/debian/patches/mimetypes.patch
===================================================================
--- trunk/mediawiki/debian/patches/mimetypes.patch	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/mimetypes.patch	2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/includes/DefaultSettings.php
+Index: mediawiki-1.15.2/includes/DefaultSettings.php
 ===================================================================
---- mediawiki-1.15.0.orig/includes/DefaultSettings.php	2009-06-19 01:52:28.000000000 +0200
-+++ mediawiki-1.15.0/includes/DefaultSettings.php	2009-06-19 01:52:29.000000000 +0200
+--- mediawiki-1.15.2.orig/includes/DefaultSettings.php	2010-03-15 12:01:58.000000000 -0500
++++ mediawiki-1.15.2/includes/DefaultSettings.php	2010-03-15 12:01:58.000000000 -0500
 @@ -350,8 +350,8 @@
  $wgVerifyMimeType= true;
  

Modified: trunk/mediawiki/debian/patches/series
===================================================================
--- trunk/mediawiki/debian/patches/series	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/series	2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,3 +1,5 @@
 texvc_location.patch
 mimetypes.patch
 debian_specific_config.patch
+detect_invalid_titles.patch
+add_rss_guid.patch

Modified: trunk/mediawiki/debian/patches/texvc_location.patch
===================================================================
--- trunk/mediawiki/debian/patches/texvc_location.patch	2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/texvc_location.patch	2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/includes/DefaultSettings.php
+Index: mediawiki-1.15.2/includes/DefaultSettings.php
 ===================================================================
---- mediawiki-1.15.0.orig/includes/DefaultSettings.php	2009-06-19 01:51:39.000000000 +0200
-+++ mediawiki-1.15.0/includes/DefaultSettings.php	2009-06-19 01:52:39.000000000 +0200
+--- mediawiki-1.15.2.orig/includes/DefaultSettings.php	2010-03-08 16:52:50.000000000 -0600
++++ mediawiki-1.15.2/includes/DefaultSettings.php	2010-03-15 12:03:01.000000000 -0500
 @@ -1737,7 +1737,7 @@
   */
  $wgUseTeX = false;



More information about the evolvis-commits mailing list