[Pkg-mediawiki-commits] r405 - mediawiki/branches/squeeze/debian/patches
Jonathan Wiltshire
jmw at alioth.debian.org
Sun Dec 16 16:41:42 UTC 2012
Author: jmw
Date: 2012-12-16 16:41:41 +0000 (Sun, 16 Dec 2012)
New Revision: 405
Added:
mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch
Removed:
mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch
Modified:
mediawiki/branches/squeeze/debian/patches/series
Log:
No CVE was assigned to the pcre backtrack exploit
Deleted: mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch
===================================================================
--- mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch 2012-12-13 12:03:17 UTC (rev 404)
+++ mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch 2012-12-16 16:41:41 UTC (rev 405)
@@ -1,50 +0,0 @@
-Description: Prevent linker regex from exceeding PCRE backtrack limit
- Sessions id's in the default MediaWiki authentication are not refreshed on
- login or logout. An attacker can use this to impersonate a user.
-Author: Chris Steipp <csteipp at wikimedia.org>
-Origin: upstream
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
-Reviewed-by: Dominik George <nik at naturalnet.de>
---- a/includes/Linker.php
-+++ b/includes/Linker.php
-@@ -1297,7 +1297,18 @@
- */
- public function formatLinksInComment( $comment ) {
- return preg_replace_callback(
-- '/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
-+ '/
-+ \[\[
-+ :? # ignore optional leading colon
-+ ([^\]|]+) # 1. link target; page names cannot include ] or |
-+ (?:\|
-+ # 2. a pipe-separated substring; only the last is captured
-+ # Stop matching at | and ]] without relying on backtracking.
-+ ((?:]?[^\]|])*+)
-+ )*
-+ \]\]
-+ ([^[]*) # 3. link trail (the text up until the next link)
-+ /x',
- array( $this, 'formatLinksInCommentCallback' ),
- $comment );
- }
-@@ -1316,8 +1327,8 @@
- }
-
- # Handle link renaming [[foo|text]] will show link as "text"
-- if( "" != $match[3] ) {
-- $text = $match[3];
-+ if( "" != $match[2] ) {
-+ $text = $match[2];
- } else {
- $text = $match[1];
- }
-@@ -1328,7 +1339,7 @@
- $thelink = $this->makeMediaLink( $submatch[1], "", $text );
- } else {
- # Other kind of link
-- if( preg_match( $wgContLang->linkTrail(), $match[4], $submatch ) ) {
-+ if( preg_match( $wgContLang->linkTrail(), $match[3], $submatch ) ) {
- $trail = $submatch[1];
- } else {
- $trail = "";
Copied: mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch (from rev 404, mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch)
===================================================================
--- mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch (rev 0)
+++ mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch 2012-12-16 16:41:41 UTC (rev 405)
@@ -0,0 +1,48 @@
+Description: Prevent linker regex from exceeding PCRE backtrack limit
+Author: Chris Steipp <csteipp at wikimedia.org>
+Origin: upstream
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George <nik at naturalnet.de>
+--- a/includes/Linker.php
++++ b/includes/Linker.php
+@@ -1297,7 +1297,18 @@
+ */
+ public function formatLinksInComment( $comment ) {
+ return preg_replace_callback(
+- '/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
++ '/
++ \[\[
++ :? # ignore optional leading colon
++ ([^\]|]+) # 1. link target; page names cannot include ] or |
++ (?:\|
++ # 2. a pipe-separated substring; only the last is captured
++ # Stop matching at | and ]] without relying on backtracking.
++ ((?:]?[^\]|])*+)
++ )*
++ \]\]
++ ([^[]*) # 3. link trail (the text up until the next link)
++ /x',
+ array( $this, 'formatLinksInCommentCallback' ),
+ $comment );
+ }
+@@ -1316,8 +1327,8 @@
+ }
+
+ # Handle link renaming [[foo|text]] will show link as "text"
+- if( "" != $match[3] ) {
+- $text = $match[3];
++ if( "" != $match[2] ) {
++ $text = $match[2];
+ } else {
+ $text = $match[1];
+ }
+@@ -1328,7 +1339,7 @@
+ $thelink = $this->makeMediaLink( $submatch[1], "", $text );
+ } else {
+ # Other kind of link
+- if( preg_match( $wgContLang->linkTrail(), $match[4], $submatch ) ) {
++ if( preg_match( $wgContLang->linkTrail(), $match[3], $submatch ) ) {
+ $trail = $submatch[1];
+ } else {
+ $trail = "";
Modified: mediawiki/branches/squeeze/debian/patches/series
===================================================================
--- mediawiki/branches/squeeze/debian/patches/series 2012-12-13 12:03:17 UTC (rev 404)
+++ mediawiki/branches/squeeze/debian/patches/series 2012-12-16 16:41:41 UTC (rev 405)
@@ -14,4 +14,4 @@
CVE-2011-4361.patch
CVE-2012-0046.patch
CVE-2012-5391.patch
-CVE-2012-5395.patch
+pcre-linker-backtrack.patch
More information about the Pkg-mediawiki-commits
mailing list