[Pkg-mediawiki-commits] r405 - mediawiki/branches/squeeze/debian/patches

Sun Dec 16 16:41:42 UTC 2012

Author: jmw
Date: 2012-12-16 16:41:41 +0000 (Sun, 16 Dec 2012)
New Revision: 405

Added:
   mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch
Removed:
   mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch
Modified:
   mediawiki/branches/squeeze/debian/patches/series
Log:
No CVE was assigned to the pcre backtrack exploit

Deleted: mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch
===================================================================

--- mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch	2012-12-13 12:03:17 UTC (rev 404)
+++ mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch	2012-12-16 16:41:41 UTC (rev 405)
@@ -1,50 +0,0 @@
-Description: Prevent linker regex from exceeding PCRE backtrack limit
- Sessions id's in the default MediaWiki authentication are not refreshed on
- login or logout. An attacker can use this to impersonate a user.
-Author: Chris Steipp <csteipp at wikimedia.org>
-Origin: upstream
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
-Reviewed-by: Dominik George <nik at naturalnet.de>
---- a/includes/Linker.php
-+++ b/includes/Linker.php
-@@ -1297,7 +1297,18 @@
- 	 */
- 	public function formatLinksInComment( $comment ) {
- 		return preg_replace_callback(
--			'/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
-+                        '/
-+                                \[\[
-+                                :? # ignore optional leading colon
-+                                ([^\]|]+) # 1. link target; page names cannot include ] or |
-+                                (?:\|
-+                                        # 2. a pipe-separated substring; only the last is captured
-+                                        # Stop matching at | and ]] without relying on backtracking.
-+                                        ((?:]?[^\]|])*+)
-+                                )*
-+                                \]\]
-+                                ([^[]*) # 3. link trail (the text up until the next link)
-+                        /x',
- 			array( $this, 'formatLinksInCommentCallback' ),
- 			$comment );
- 	}
-@@ -1316,8 +1327,8 @@
- 		}
- 
- 		# Handle link renaming [[foo|text]] will show link as "text"
--		if( "" != $match[3] ) {
--			$text = $match[3];
-+		if( "" != $match[2] ) {
-+			$text = $match[2];
- 		} else {
- 			$text = $match[1];
- 		}
-@@ -1328,7 +1339,7 @@
- 			$thelink = $this->makeMediaLink( $submatch[1], "", $text );
- 		} else {
- 			# Other kind of link
--			if( preg_match( $wgContLang->linkTrail(), $match[4], $submatch ) ) {
-+			if( preg_match( $wgContLang->linkTrail(), $match[3], $submatch ) ) {
- 				$trail = $submatch[1];
- 			} else {
- 				$trail = "";

Copied: mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch (from rev 404, mediawiki/branches/squeeze/debian/patches/CVE-2012-5395.patch)
===================================================================
--- mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch	                        (rev 0)
+++ mediawiki/branches/squeeze/debian/patches/pcre-linker-backtrack.patch	2012-12-16 16:41:41 UTC (rev 405)
@@ -0,0 +1,48 @@
+Description: Prevent linker regex from exceeding PCRE backtrack limit
+Author: Chris Steipp <csteipp at wikimedia.org>
+Origin: upstream
+Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694998
+Reviewed-by: Dominik George <nik at naturalnet.de>
+--- a/includes/Linker.php
++++ b/includes/Linker.php
+@@ -1297,7 +1297,18 @@
+ 	 */
+ 	public function formatLinksInComment( $comment ) {
+ 		return preg_replace_callback(
+-			'/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
++                        '/
++                                \[\[
++                                :? # ignore optional leading colon
++                                ([^\]|]+) # 1. link target; page names cannot include ] or |
++                                (?:\|
++                                        # 2. a pipe-separated substring; only the last is captured
++                                        # Stop matching at | and ]] without relying on backtracking.
++                                        ((?:]?[^\]|])*+)
++                                )*
++                                \]\]
++                                ([^[]*) # 3. link trail (the text up until the next link)
++                        /x',
+ 			array( $this, 'formatLinksInCommentCallback' ),
+ 			$comment );
+ 	}
+@@ -1316,8 +1327,8 @@
+ 		}
+ 
+ 		# Handle link renaming [[foo|text]] will show link as "text"
+-		if( "" != $match[3] ) {
+-			$text = $match[3];
++		if( "" != $match[2] ) {
++			$text = $match[2];
+ 		} else {
+ 			$text = $match[1];
+ 		}
+@@ -1328,7 +1339,7 @@
+ 			$thelink = $this->makeMediaLink( $submatch[1], "", $text );
+ 		} else {
+ 			# Other kind of link
+-			if( preg_match( $wgContLang->linkTrail(), $match[4], $submatch ) ) {
++			if( preg_match( $wgContLang->linkTrail(), $match[3], $submatch ) ) {
+ 				$trail = $submatch[1];
+ 			} else {
+ 				$trail = "";

Modified: mediawiki/branches/squeeze/debian/patches/series
===================================================================
--- mediawiki/branches/squeeze/debian/patches/series	2012-12-13 12:03:17 UTC (rev 404)
+++ mediawiki/branches/squeeze/debian/patches/series	2012-12-16 16:41:41 UTC (rev 405)
@@ -14,4 +14,4 @@
 CVE-2011-4361.patch
 CVE-2012-0046.patch
 CVE-2012-5391.patch
-CVE-2012-5395.patch
+pcre-linker-backtrack.patch


