[evolvis-commits] r18294: Prepared new upstream release
mirabilos at evolvis.org
mirabilos at evolvis.org
Wed Apr 11 11:16:14 CEST 2012
Author: mirabilos
Date: 2012-04-11 11:16:14 +0200 (Wed, 11 Apr 2012)
New Revision: 18294
Added:
trunk/mediawiki/debian/patches/add_rss_guid.patch
trunk/mediawiki/debian/patches/detect_invalid_titles.patch
Modified:
trunk/mediawiki/debian/README.Debian
trunk/mediawiki/debian/changelog
trunk/mediawiki/debian/control
trunk/mediawiki/debian/control.in
trunk/mediawiki/debian/patches/debian_specific_config.patch
trunk/mediawiki/debian/patches/mimetypes.patch
trunk/mediawiki/debian/patches/series
trunk/mediawiki/debian/patches/texvc_location.patch
Log:
Prepared new upstream release
Modified: trunk/mediawiki/debian/README.Debian
===================================================================
--- trunk/mediawiki/debian/README.Debian 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/README.Debian 2012-04-11 09:16:14 UTC (rev 18294)
@@ -62,35 +62,6 @@
php /var/lib/mediawiki/maintenance/update.php
This shall need a proper php5 binary, as provided in php5-cli
-Upgrading from mediawiki1.x packages:
- This part is only useful for upgrading from old mediawiki1.x packages.
- Starting with debian lenny, upgrade are done using the previous
- method.
- .
- A rapid sketch of what you need to do is as follow:
- 1) Dump your database to a text file.
- mysqldump --add-drop-table -u <user> -p <my-database> > /path/to/file.sql
- 2) Copy the configuration files from /etc/mediawiki1.x to /var/lib/mediawiki and make them writable for
- your webserver user -- usualy www-data.
- cp /var/lib/mediawiki1.x/LocalSettings.php /etc/mediawiki
- cp /var/lib/mediawiki1.x/AdminSettings.php /etc/mediawiki (if exists)
- 3) Add the following line at the beginning of your /etc/mediawiki/LocalSettings.php if it does not exist:
- define(MW_INSTALL_PATH,"/var/lib/mediawiki");
- 4) Execute the update script:
- You will need an AdminSettings.php file.
- If you don't have any, a sample is available at:
- /usr/share/doc/mediawiki/examples/AdminSettings.sample
- You may fill in this file and copy it in /etc/mediawiki.
- If you use the mysql root account, you may delete it afterward.
- Then run this command:
- php /var/lib/mediawiki/maintenance/update.php
- This shall need a proper php5 binary, as provided in php5-cli
- 5) Execute the rebuildall script:
- php /var/lib/mediawiki/maintenance/rebuildall.php
- 6) Copy the old upload directory (this location has been switched to /images, according to upstream):
- cp -rf /var/lib/mediawiki1.x/upload/* /var/lib/mediawiki/images/
- 7) Update your web server configuration to point to /var/lib/mediawiki
-
Configuring apache and MySQL:
A good how-to to correctly setup the application used by mediawiki can be found there:
http://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Debian_GNU/Linux
Modified: trunk/mediawiki/debian/changelog
===================================================================
--- trunk/mediawiki/debian/changelog 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/changelog 2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,3 +1,34 @@
+mediawiki (1:1.15.2-1) unstable; urgency=high
+
+ * New upstream release.
+ * Fixes security issue:
+ "Two security issues were discovered:
+
+ A CSS validation issue was discovered which allows editors to display
+ external images in wiki pages. This is a privacy concern on public
+ wikis, since a malicious user may link to an image on a server they
+ control, which would allow that attacker to gather IP addresses and
+ other information from users of the public wiki. All sites running
+ publicly-editable MediaWiki installations are advised to upgrade. All
+ versions of MediaWiki (prior to this one) are affected.
+
+ A data leakage vulnerability was discovered in thumb.php which affects
+ wikis which restrict access to private files using img_auth.php, or
+ some similar scheme. All versions of MediaWiki since 1.5 are affected."
+ * Updated standards.
+ * Removed section about upgrading from mediawiki1.x packages
+ in README.Debian since they do not exist in any supported distribution
+ anymore.
+ * Switched php5-gd and imagemagick in Suggests. Closes: #542008
+ * Backported patch from revision 51083 to fix a bug with invalid titles.
+ Closes: #537134
+ * Backported patch from revision 61090 to add a unique guid per RSS
+ feed element.
+ Closes: #383130
+ * Refreshed patches.
+
+ -- Romain Beauxis <toots at rastageeks.org> Mon, 15 Mar 2010 11:41:07 -0500
+
mediawiki (1:1.15.1-1) unstable; urgency=low
* New upstream release.
Modified: trunk/mediawiki/debian/control
===================================================================
--- trunk/mediawiki/debian/control 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/control 2012-04-11 09:16:14 UTC (rev 18294)
@@ -3,9 +3,9 @@
Priority: optional
Maintainer: Mediawiki Maintenance Team <pkg-mediawiki-devel at lists.alioth.debian.org>
Uploaders: Romain Beauxis <toots at rastageeks.org>
-Build-Depends: debhelper (>= 7.0.1), quilt, patchutils (>= 0.2.25), cdbs (>= 0.4.27), ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
+Build-Depends: cdbs (>= 0.4.53), debhelper (>= 7.0.1), quilt, patchutils (>= 0.2.25), ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
Homepage: http://www.mediawiki.org/
-Standards-Version: 3.8.2
+Standards-Version: 3.8.4
Package: mediawiki
Architecture: all
Modified: trunk/mediawiki/debian/control.in
===================================================================
--- trunk/mediawiki/debian/control.in 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/control.in 2012-04-11 09:16:14 UTC (rev 18294)
@@ -5,13 +5,13 @@
Uploaders: Romain Beauxis <toots at rastageeks.org>
Build-Depends: @cdbs@, ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
Homepage: http://www.mediawiki.org/
-Standards-Version: 3.8.2
+Standards-Version: 3.8.4
Package: mediawiki
Architecture: all
Depends: apache2 | httpd, php5, php5-mysql | php5-pgsql | php5-sqlite, mime-support, ${misc:Depends}
Recommends: mysql-server | postgresql-contrib, php5-cli
-Suggests: php5-gd | imagemagick, mediawiki-math, memcached, clamav
+Suggests: imagemagick | php5-gd, mediawiki-math, memcached, clamav
Description: website engine for collaborative work
MediaWiki is a wiki engine (a program for creating a collaboratively
edited website). It is designed to handle heavy websites containing
Added: trunk/mediawiki/debian/patches/add_rss_guid.patch
===================================================================
--- trunk/mediawiki/debian/patches/add_rss_guid.patch (rev 0)
+++ trunk/mediawiki/debian/patches/add_rss_guid.patch 2012-04-11 09:16:14 UTC (rev 18294)
@@ -0,0 +1,77 @@
+Index: mediawiki-1.15.2/includes/Feed.php
+===================================================================
+--- mediawiki-1.15.2.orig/includes/Feed.php 2008-11-18 18:11:14.000000000 -0600
++++ mediawiki-1.15.2/includes/Feed.php 2010-03-15 12:16:49.000000000 -0500
+@@ -37,6 +37,8 @@
+ var $Url = '';
+ var $Date = '';
+ var $Author = '';
++ var $UniqueId = '';
++ var $RSSIsPermalink;
+ /**#@-*/
+
+ /**#@+
+@@ -47,6 +49,8 @@
+ $this->Title = $Title;
+ $this->Description = $Description;
+ $this->Url = $Url;
++ $this->UniqueId = $Url;
++ $this->RSSIsPermalink = false;
+ $this->Date = $Date;
+ $this->Author = $Author;
+ $this->Comments = $Comments;
+@@ -58,6 +62,28 @@
+ return htmlspecialchars( $string );
+ }
+
++ /**
++ * Get the unique id of this item
++ *
++ * @return String
++ */
++ public function getUniqueId() {
++ if ( $this->UniqueId ) {
++ return $this->xmlEncode( $this->UniqueId );
++ }
++ }
++
++ /**
++ * set the unique id of an item
++ *
++ * @param $uniqueId String: unique id for the item
++ * @param $RSSisPermalink Boolean: set to true if the guid (unique id) is a permalink (RSS feeds only)
++ */
++ public function setUniqueId($uniqueId, $RSSisPermalink = False) {
++ $this->UniqueId = $uniqueId;
++ $this->RSSIsPermalink = $isPermalink;
++ }
++
+ public function getTitle() {
+ return $this->xmlEncode( $this->Title );
+ }
+@@ -84,7 +110,7 @@
+ public function getComments() {
+ return $this->xmlEncode( $this->Comments );
+ }
+-
++
+ /**
+ * Quickie hack... strip out wikilinks to more legible form from the comment.
+ */
+@@ -217,6 +243,7 @@
+ <item>
+ <title><?php print $item->getTitle() ?></title>
+ <link><?php print $item->getUrl() ?></link>
++ <guid<?php if( $item->RSSIsPermalink ) print ' isPermaLink="true"' ?>><?php print $item->getUniqueId() ?></guid>
+ <description><?php print $item->getDescription() ?></description>
+ <?php if( $item->getDate() ) { ?><pubDate><?php print $this->formatTime( $item->getDate() ) ?></pubDate><?php } ?>
+ <?php if( $item->getAuthor() ) { ?><dc:creator><?php print $item->getAuthor() ?></dc:creator><?php }?>
+@@ -297,7 +324,7 @@
+ global $wgMimeType;
+ ?>
+ <entry>
+- <id><?php print $item->getUrl() ?></id>
++ <id><?php print $item->getUniqueId() ?></id>
+ <title><?php print $item->getTitle() ?></title>
+ <link rel="alternate" type="<?php print $wgMimeType ?>" href="<?php print $item->getUrl() ?>"/>
+ <?php if( $item->getDate() ) { ?>
Modified: trunk/mediawiki/debian/patches/debian_specific_config.patch
===================================================================
--- trunk/mediawiki/debian/patches/debian_specific_config.patch 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/debian_specific_config.patch 2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/config/index.php
+Index: mediawiki-1.15.2/config/index.php
===================================================================
---- mediawiki-1.15.0.orig/config/index.php 2009-06-19 01:51:35.000000000 +0200
-+++ mediawiki-1.15.0/config/index.php 2009-06-19 01:52:30.000000000 +0200
+--- mediawiki-1.15.2.orig/config/index.php 2009-05-08 00:51:15.000000000 -0500
++++ mediawiki-1.15.2/config/index.php 2010-03-15 12:01:59.000000000 -0500
@@ -232,7 +232,7 @@
if( !is_writable( "." ) ) {
dieout( "<h2>Can't write config file, aborting</h2>
Added: trunk/mediawiki/debian/patches/detect_invalid_titles.patch
===================================================================
--- trunk/mediawiki/debian/patches/detect_invalid_titles.patch (rev 0)
+++ trunk/mediawiki/debian/patches/detect_invalid_titles.patch 2012-04-11 09:16:14 UTC (rev 18294)
@@ -0,0 +1,14 @@
+Index: mediawiki-1.15.2/includes/specials/SpecialMostlinked.php
+===================================================================
+--- mediawiki-1.15.2.orig/includes/specials/SpecialMostlinked.php 2008-07-17 20:31:18.000000000 -0500
++++ mediawiki-1.15.2/includes/specials/SpecialMostlinked.php 2010-03-15 12:02:51.000000000 -0500
+@@ -75,6 +75,9 @@
+ function formatResult( $skin, $result ) {
+ global $wgLang;
+ $title = Title::makeTitleSafe( $result->namespace, $result->title );
++ if ( !$title ) {
++ return '<!-- ' . htmlspecialchars( "Invalid title: [[$title]]" ) . ' -->';
++ }
+ $link = $skin->makeLinkObj( $title );
+ $wlh = $this->makeWlhLink( $title,
+ wfMsgExt( 'nlinks', array( 'parsemag', 'escape'),
Modified: trunk/mediawiki/debian/patches/mimetypes.patch
===================================================================
--- trunk/mediawiki/debian/patches/mimetypes.patch 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/mimetypes.patch 2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/includes/DefaultSettings.php
+Index: mediawiki-1.15.2/includes/DefaultSettings.php
===================================================================
---- mediawiki-1.15.0.orig/includes/DefaultSettings.php 2009-06-19 01:52:28.000000000 +0200
-+++ mediawiki-1.15.0/includes/DefaultSettings.php 2009-06-19 01:52:29.000000000 +0200
+--- mediawiki-1.15.2.orig/includes/DefaultSettings.php 2010-03-15 12:01:58.000000000 -0500
++++ mediawiki-1.15.2/includes/DefaultSettings.php 2010-03-15 12:01:58.000000000 -0500
@@ -350,8 +350,8 @@
$wgVerifyMimeType= true;
Modified: trunk/mediawiki/debian/patches/series
===================================================================
--- trunk/mediawiki/debian/patches/series 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/series 2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,3 +1,5 @@
texvc_location.patch
mimetypes.patch
debian_specific_config.patch
+detect_invalid_titles.patch
+add_rss_guid.patch
Modified: trunk/mediawiki/debian/patches/texvc_location.patch
===================================================================
--- trunk/mediawiki/debian/patches/texvc_location.patch 2012-04-11 09:16:12 UTC (rev 18293)
+++ trunk/mediawiki/debian/patches/texvc_location.patch 2012-04-11 09:16:14 UTC (rev 18294)
@@ -1,7 +1,7 @@
-Index: mediawiki-1.15.0/includes/DefaultSettings.php
+Index: mediawiki-1.15.2/includes/DefaultSettings.php
===================================================================
---- mediawiki-1.15.0.orig/includes/DefaultSettings.php 2009-06-19 01:51:39.000000000 +0200
-+++ mediawiki-1.15.0/includes/DefaultSettings.php 2009-06-19 01:52:39.000000000 +0200
+--- mediawiki-1.15.2.orig/includes/DefaultSettings.php 2010-03-08 16:52:50.000000000 -0600
++++ mediawiki-1.15.2/includes/DefaultSettings.php 2010-03-15 12:03:01.000000000 -0500
@@ -1737,7 +1737,7 @@
*/
$wgUseTeX = false;
More information about the evolvis-commits
mailing list