[Pkg-mediawiki-commits] r434 - in mediawiki/trunk/debian: . patches

Thorsten Glaser tg at alioth.debian.org
Tue Apr 16 09:06:45 UTC 2013 

Author: tg
Date: 2013-04-16 09:06:45 +0000 (Tue, 16 Apr 2013)
New Revision: 434

Modified:
   mediawiki/trunk/debian/changelog
   mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch
   mediawiki/trunk/debian/patches/suppress_warnings.patch
Log:
prepare upload of security fix release


Modified: mediawiki/trunk/debian/changelog
===================================================================
--- mediawiki/trunk/debian/changelog	2013-04-16 08:59:02 UTC (rev 433)
+++ mediawiki/trunk/debian/changelog	2013-04-16 09:06:45 UTC (rev 434)
@@ -1,4 +1,4 @@
-mediawiki (1:1.19.4-2) UNRELEASED; urgency=low
+mediawiki (1:1.19.5-1) unstable; urgency=high
 
   [ Platonides ]
   * Update config URL in README.Debian (Closes: #703804)
@@ -6,8 +6,15 @@
   [ Thorsten Glaser ]
   * Re-add LocalSettings creation snippet for support of the
     mediawiki-extensions Debian packaging (Closes: #703852)
+  * New upstream security-only release:
+    - (bug 47251) SECURITY: Disable external entities in Import
+    - (bug 46859) SECURITY: Disable external entities in XMLReader
+    - (bug 46084) SECURITY: Sanitize $limitReport before outputting
+    - (bug 43594) Fix notices displayed on PHP 5.4
+    - (bug 40585) Don't drop 'step="any"' in HTML input fields.
+  * Refresh patches against new upstream code
 
- -- Thorsten Glaser <tg at mirbsd.de>  Mon, 25 Mar 2013 10:38:35 +0100
+ -- Thorsten Glaser <tg at mirbsd.de>  Tue, 16 Apr 2013 11:04:05 +0200
 
 mediawiki (1:1.19.4-1) unstable; urgency=high
 

Modified: mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch
===================================================================
--- mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch	2013-04-16 08:59:02 UTC (rev 433)
+++ mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch	2013-04-16 09:06:45 UTC (rev 434)
@@ -11,7 +11,7 @@
 
 --- a/includes/HTMLForm.php
 +++ b/includes/HTMLForm.php
-@@ -803,6 +803,9 @@ class HTMLForm extends ContextSource {
+@@ -804,6 +804,9 @@ class HTMLForm extends ContextSource {
  			$attribs['id'] = Sanitizer::escapeId( "mw-htmlform-$sectionName" );
  		}
  
@@ -21,7 +21,7 @@
  		$tableHtml = Html::rawElement( 'table', $attribs,
  			Html::rawElement( 'tbody', array(), "\n$tableHtml\n" ) ) . "\n";
  
-@@ -1206,6 +1209,8 @@ class HTMLTextField extends HTMLFormFiel
+@@ -1207,6 +1210,8 @@ class HTMLTextField extends HTMLFormFiel
  	}
  
  	function getInputHTML( $value ) {
@@ -30,7 +30,7 @@
  		$attribs = array(
  			'id' => $this->mID,
  			'name' => $this->mName,
-@@ -1229,6 +1234,8 @@ class HTMLTextField extends HTMLFormFiel
+@@ -1230,6 +1235,8 @@ class HTMLTextField extends HTMLFormFiel
  		# well
  		foreach ( array( 'min', 'max', 'pattern', 'title', 'step',
  		'placeholder' ) as $param ) {
@@ -39,7 +39,7 @@
  			if ( isset( $this->mParams[$param] ) ) {
  				$attribs[$param] = $this->mParams[$param];
  			}
-@@ -1625,13 +1632,14 @@ class HTMLMultiSelectField extends HTMLF
+@@ -1626,13 +1633,14 @@ class HTMLMultiSelectField extends HTMLF
  				$html .= Html::rawElement( 'h1', array(), $label ) . "\n";
  				$html .= $this->formatOptions( $info, $value );
  			} else {
@@ -148,7 +148,7 @@
  		return $comment;
  	}
  
-@@ -1381,6 +1383,8 @@ class Linker {
+@@ -1392,6 +1394,8 @@ class Linker {
  	 * @return string
  	 */
  	public static function commentBlock( $comment, $title = null, $local = false ) {
@@ -157,7 +157,7 @@
  		// '*' used to be the comment inserted by the software way back
  		// in antiquity in case none was provided, here for backwards
  		// compatability, acc. to brion -ævar
-@@ -1388,7 +1392,9 @@ class Linker {
+@@ -1399,7 +1403,9 @@ class Linker {
  			return '';
  		} else {
  			$formatted = self::formatComment( $comment, $title, $local );

Modified: mediawiki/trunk/debian/patches/suppress_warnings.patch
===================================================================
--- mediawiki/trunk/debian/patches/suppress_warnings.patch	2013-04-16 08:59:02 UTC (rev 433)
+++ mediawiki/trunk/debian/patches/suppress_warnings.patch	2013-04-16 09:06:45 UTC (rev 434)
@@ -25,12 +25,12 @@
 @@ -2217,6 +2220,7 @@ function wfSuppressWarnings( $end = fals
  				define( 'E_DEPRECATED', 8192 );
  			}
- 			$originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED ) );
+ 			$originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT ) );
 +			$wf__warnings_suppressed = true;
  		}
  		++$suppressCount;
  	}
-@@ -3362,7 +3366,7 @@ function wfSetupSession( $sessionId = fa
+@@ -3371,7 +3375,7 @@ function wfSetupSession( $sessionId = fa
  		wfFixSessionID();
  	}
  	wfSuppressWarnings();

More information about the Pkg-mediawiki-commits mailing list