[Pkg-mediawiki-commits] r282 - mediawiki/lenny/debian/patches
Jonathan Wiltshire
jmw at alioth.debian.org
Sun Dec 18 16:19:48 UTC 2011
Author: jmw
Date: 2011-12-18 16:19:48 +0000 (Sun, 18 Dec 2011)
New Revision: 282
Modified:
mediawiki/lenny/debian/patches/CVE-2011-1578.patch
mediawiki/lenny/debian/patches/CVE-2011-1579.patch
mediawiki/lenny/debian/patches/CVE-2011-1580.patch
mediawiki/lenny/debian/patches/CVE-2011-1587.patch
Log:
Refactor patches for 1.12 series
Modified: mediawiki/lenny/debian/patches/CVE-2011-1578.patch
===================================================================
--- mediawiki/lenny/debian/patches/CVE-2011-1578.patch 2011-12-17 23:36:47 UTC (rev 281)
+++ mediawiki/lenny/debian/patches/CVE-2011-1578.patch 2011-12-18 16:19:48 UTC (rev 282)
@@ -13,7 +13,7 @@
Last-Update: 2011-12-17
--- /dev/null
-+++ mediawiki-1.15.5/images/.htaccess
++++ mediawiki-1.12.0/images/.htaccess
@@ -0,0 +1,6 @@
+# Protect against bug 28235
+<IfModule rewrite_module>
@@ -21,9 +21,9 @@
+ RewriteCond %{QUERY_STRING} \.[a-z]{1,4}$ [nocase]
+ RewriteRule . - [forbidden]
+</IfModule>
---- mediawiki-1.15.5.orig/img_auth.php
-+++ mediawiki-1.15.5/img_auth.php
-@@ -25,6 +25,13 @@
+--- mediawiki-1.12.0.orig/img_auth.php
++++ mediawiki-1.12.0/img_auth.php
+@@ -23,6 +23,13 @@
wfPublicError();
}
@@ -37,9 +37,9 @@
// Extract path and image information
if( !isset( $_SERVER['PATH_INFO'] ) ) {
wfDebugLog( 'img_auth', 'Missing PATH_INFO' );
---- mediawiki-1.15.5.orig/includes/RawPage.php
-+++ mediawiki-1.15.5/includes/RawPage.php
-@@ -109,7 +109,7 @@
+--- mediawiki-1.12.0.orig/includes/RawPage.php
++++ mediawiki-1.12.0/includes/RawPage.php
+@@ -108,7 +108,7 @@
}
function view() {
@@ -48,16 +48,16 @@
if( isset( $_SERVER['SCRIPT_URL'] ) ) {
# Normally we use PHP_SELF to get the URL to the script
-@@ -136,7 +136,7 @@
- return;
+@@ -126,7 +126,7 @@
+ $url = $_SERVER['PHP_SELF'];
}
-
+
- if( strcmp( $wgScript, $url ) ) {
+ if( $wgRequest->isPathInfoBad() ) {
# Internet Explorer will ignore the Content-Type header if it
# thinks it sees a file extension it recognizes. Make sure that
# all raw requests are done through the script node, which will
-@@ -150,6 +150,7 @@
+@@ -140,6 +140,7 @@
#
# Just return a 403 Forbidden and get it over with.
wfHttpError( 403, 'Forbidden',
@@ -65,12 +65,13 @@
'Raw pages must be accessed through the primary script entry point.' );
return;
}
---- mediawiki-1.15.5.orig/includes/WebRequest.php
-+++ mediawiki-1.15.5/includes/WebRequest.php
-@@ -662,6 +662,50 @@
+--- mediawiki-1.12.0.orig/includes/WebRequest.php
++++ mediawiki-1.12.0/includes/WebRequest.php
+@@ -600,7 +600,50 @@
function setSessionData( $key, $data ) {
$_SESSION[$key] = $data;
}
+-
+
+ /**
+ * Returns true if the PATH_INFO ends with an extension other than a script
@@ -95,10 +96,10 @@
+ && preg_match( '/\.[a-z]{1,4}$/i', $_SERVER['QUERY_STRING'] ) )
+ {
+ // Bug 28235
-+ // Block only Internet Explorer, and requests with missing UA
++ // Block only Internet Explorer 6, and requests with missing UA
+ // headers that could be IE users behind a privacy proxy.
+ if ( !isset( $_SERVER['HTTP_USER_AGENT'] )
-+ || preg_match( '/; *MSIE/', $_SERVER['HTTP_USER_AGENT'] ) )
++ || preg_match( '/; *MSIE 6/', $_SERVER['HTTP_USER_AGENT'] ) )
+ {
+ return true;
+ }
@@ -118,9 +119,9 @@
}
/**
---- mediawiki-1.15.5.orig/api.php
-+++ mediawiki-1.15.5/api.php
-@@ -56,9 +56,9 @@
+--- mediawiki-1.12.0.orig/api.php
++++ mediawiki-1.12.0/api.php
+@@ -54,9 +54,9 @@
} else {
$url = $_SERVER['PHP_SELF'];
}
Modified: mediawiki/lenny/debian/patches/CVE-2011-1579.patch
===================================================================
--- mediawiki/lenny/debian/patches/CVE-2011-1579.patch 2011-12-17 23:36:47 UTC (rev 281)
+++ mediawiki/lenny/debian/patches/CVE-2011-1579.patch 2011-12-18 16:19:48 UTC (rev 282)
@@ -7,10 +7,10 @@
Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=28450
Last-Update: 2011-12-17
---- mediawiki-1.15.5.orig/includes/Sanitizer.php
-+++ mediawiki-1.15.5/includes/Sanitizer.php
-@@ -646,28 +646,34 @@
-
+--- mediawiki-1.12.0.orig/includes/Sanitizer.php
++++ mediawiki-1.12.0/includes/Sanitizer.php
+@@ -650,28 +650,34 @@
+
/**
* Pick apart some CSS and check it for forbidden or unsafe structures.
- * Returns a sanitized string, or false if it was just too evil.
@@ -56,10 +56,11 @@
static $decodeRegex, $reencodeTable;
if ( !$decodeRegex ) {
$space = '[\\x20\\t\\r\\n\\f]';
-@@ -684,6 +690,21 @@
+@@ -687,6 +693,22 @@
+ }
$value = preg_replace_callback( $decodeRegex,
array( __CLASS__, 'cssDecodeCallback' ), $value );
-
++
+ // Remove any comments; IE gets token splitting wrong
+ // This must be done AFTER decoding character references and
+ // escape sequences, because those steps can introduce comments
Modified: mediawiki/lenny/debian/patches/CVE-2011-1580.patch
===================================================================
--- mediawiki/lenny/debian/patches/CVE-2011-1580.patch 2011-12-17 23:36:47 UTC (rev 281)
+++ mediawiki/lenny/debian/patches/CVE-2011-1580.patch 2011-12-18 16:19:48 UTC (rev 282)
@@ -7,14 +7,13 @@
Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=28449
Last-Update: 2011-12-17
---- mediawiki-1.15.5.orig/includes/Title.php
-+++ mediawiki-1.15.5/includes/Title.php
-@@ -1090,8 +1090,14 @@
+--- mediawiki-1.12.0.orig/includes/Title.php
++++ mediawiki-1.12.0/includes/Title.php
+@@ -1055,7 +1055,14 @@
$errors[] = array( 'confirmedittext' );
}
-- // Edit blocks should not affect reading. Account creation blocks handled at userlogin.
-- if ( $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this ) ) {
+- if ( $user->isBlockedFrom( $this ) ) {
+ if ( in_array( $action, array( 'read', 'createaccount', 'unblock' ) ) ){
+ // Edit blocks should not affect reading.
+ // Account creation blocks handled at userlogin.
@@ -26,43 +25,28 @@
$block = $user->mBlock;
// This is from OutputPage::blockedPage
---- mediawiki-1.15.5.orig/includes/specials/SpecialImport.php
-+++ mediawiki-1.15.5/includes/specials/SpecialImport.php
-@@ -45,7 +45,7 @@
- * Execute
- */
- function execute( $par ) {
-- global $wgRequest;
-+ global $wgRequest, $wgUser, $wgOut;
-
- $this->setHeaders();
- $this->outputHeader();
-@@ -55,7 +55,18 @@
- $wgOut->readOnlyPage();
- return;
- }
--
+--- mediawiki-1.12.0.orig/includes/SpecialImport.php
++++ mediawiki-1.12.0/includes/SpecialImport.php
+@@ -39,6 +39,22 @@
+ return;
+ }
+
++ if( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) {
++ return $wgOut->permissionRequired( 'import' );
++ }
+
-+ if( !$wgUser->isAllowedAny( 'import', 'importupload' ) ) {
-+ return $wgOut->permissionRequired( 'import' );
-+ }
++ # TODO: allow Title::getUserPermissionsErrors() to take an array
++ # FIXME: Title::checkSpecialsAndNSPermissions() has a very wierd expectation of what
++ # getUserPermissionsErrors() might actually be used for, hence the 'ns-specialprotected'
++ $errors = wfMergeErrorArrays(
++ $this->getTitle()->getUserPermissionsErrors( 'import', $wgUser, true, array( 'ns-specialprotected' ) ),
++ $this->getTitle()->getUserPermissionsErrors( 'importupload', $wgUser, true, array( 'ns-specialprotected' ) )
++ );
++ if( $errors ){
++ $wgOut->showPermissionsErrorPage( $errors );
++ return;
++ }
+
-+ # TODO: allow Title::getUserPermissionsErrors() to take an array
-+ # FIXME: Title::checkSpecialsAndNSPermissions() has a very wierd expectation of what
-+ # getUserPermissionsErrors() might actually be used for, hence the 'ns-specialprotected'
-+ $errors = wfMergeErrorArrays(
-+ $this->getTitle()->getUserPermissionsErrors( 'import', $wgUser, true, array( 'ns-specialprotected' ) ),
-+ $this->getTitle()->getUserPermissionsErrors( 'importupload', $wgUser, true, array( 'ns-specialprotected' ) )
-+ );
- if ( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit' ) {
- $this->doImport();
- }
-@@ -133,8 +144,6 @@
-
- private function showForm() {
- global $wgUser, $wgOut, $wgRequest, $wgTitle, $wgImportSources, $wgExportMaxLinkDepth;
-- if( !$wgUser->isAllowed( 'import' ) && !$wgUser->isAllowed( 'importupload' ) )
-- return $wgOut->permissionRequired( 'import' );
-
- $action = $wgTitle->getLocalUrl( 'action=submit' );
-
+ if( $wgRequest->wasPosted() && $wgRequest->getVal( 'action' ) == 'submit') {
+ $isUpload = false;
+ $namespace = $wgRequest->getIntOrNull( 'namespace' );
Modified: mediawiki/lenny/debian/patches/CVE-2011-1587.patch
===================================================================
--- mediawiki/lenny/debian/patches/CVE-2011-1587.patch 2011-12-17 23:36:47 UTC (rev 281)
+++ mediawiki/lenny/debian/patches/CVE-2011-1587.patch 2011-12-18 16:19:48 UTC (rev 282)
@@ -3,8 +3,8 @@
Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=28507
Last-Update: 2011-12-17
---- mediawiki-1.15.5.orig/images/.htaccess
-+++ mediawiki-1.15.5/images/.htaccess
+--- mediawiki-1.12.0.orig/images/.htaccess
++++ mediawiki-1.12.0/images/.htaccess
@@ -1,6 +1,6 @@
# Protect against bug 28235
<IfModule rewrite_module>
@@ -13,9 +13,9 @@
+ RewriteCond %{QUERY_STRING} \.[a-z0-9]{1,4}(#|\?|$) [nocase]
RewriteRule . - [forbidden]
</IfModule>
---- mediawiki-1.15.5.orig/img_auth.php
-+++ mediawiki-1.15.5/img_auth.php
-@@ -27,7 +27,7 @@
+--- mediawiki-1.12.0.orig/img_auth.php
++++ mediawiki-1.12.0/img_auth.php
+@@ -25,7 +25,7 @@
// Check for bug 28235: QUERY_STRING overriding the correct extension
if ( isset( $_SERVER['QUERY_STRING'] )
@@ -24,9 +24,9 @@
{
wfForbidden();
}
---- mediawiki-1.15.5.orig/includes/WebRequest.php
-+++ mediawiki-1.15.5/includes/WebRequest.php
-@@ -683,7 +683,7 @@
+--- mediawiki-1.12.0.orig/includes/WebRequest.php
++++ mediawiki-1.12.0/includes/WebRequest.php
+@@ -621,7 +621,7 @@
global $wgScriptExtension;
if ( isset( $_SERVER['QUERY_STRING'] )
@@ -34,4 +34,4 @@
+ && preg_match( '/\.[a-z0-9]{1,4}(#|\?|$)/i', $_SERVER['QUERY_STRING'] ) )
{
// Bug 28235
- // Block only Internet Explorer, and requests with missing UA
+ // Block only Internet Explorer 6, and requests with missing UA
More information about the Pkg-mediawiki-commits
mailing list