[Pkg-mediawiki-commits] r493 - in mediawiki: tarballs trunk/debian trunk/debian/patches
Thorsten Glaser
tg at moszumanska.debian.org
Tue Dec 31 10:23:31 UTC 2013
Author: tg
Date: 2013-12-31 10:23:30 +0000 (Tue, 31 Dec 2013)
New Revision: 493
Added:
mediawiki/tarballs/mediawiki_1.19.9+dfsg.orig.tar.xz
Removed:
mediawiki/trunk/debian/patches/fix_CVE-2013-4567_and_CVE-2013-4568.patch
mediawiki/trunk/debian/patches/fix_CVE-2013-4572.patch
Modified:
mediawiki/trunk/debian/changelog
mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch
mediawiki/trunk/debian/patches/series
Log:
refresh against 1.19.9
Added: mediawiki/tarballs/mediawiki_1.19.9+dfsg.orig.tar.xz
===================================================================
(Binary files differ)
Property changes on: mediawiki/tarballs/mediawiki_1.19.9+dfsg.orig.tar.xz
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: mediawiki/trunk/debian/changelog
===================================================================
--- mediawiki/trunk/debian/changelog 2013-12-31 10:04:43 UTC (rev 492)
+++ mediawiki/trunk/debian/changelog 2013-12-31 10:23:30 UTC (rev 493)
@@ -1,5 +1,6 @@
-mediawiki (1:1.19.8+dfsg-3) UNRELEASED; urgency=low
+mediawiki (1:1.19.9+dfsg-1) UNRELEASED; urgency=low
+ [ Jonathan Wiltshire ]
* Re-work debian/rule:get-orig-source:
- use more conventional tools
- improve legibility
@@ -7,8 +8,11 @@
* Guard against missing mod_php5 in Apache configuration
(Closes: #725162)
- -- Jonathan Wiltshire <jmw at debian.org> Sat, 28 Sep 2013 21:30:15 +0100
+ [ Thorsten Glaser ]
+ * Refresh patches against 1.19.9
+ -- Thorsten Glaser <tg at mirbsd.de> Tue, 31 Dec 2013 11:23:05 +0100
+
mediawiki (1:1.19.8+dfsg-2.2) unstable; urgency=high
* Non-maintainer upload
Deleted: mediawiki/trunk/debian/patches/fix_CVE-2013-4567_and_CVE-2013-4568.patch
===================================================================
--- mediawiki/trunk/debian/patches/fix_CVE-2013-4567_and_CVE-2013-4568.patch 2013-12-31 10:04:43 UTC (rev 492)
+++ mediawiki/trunk/debian/patches/fix_CVE-2013-4567_and_CVE-2013-4568.patch 2013-12-31 10:23:30 UTC (rev 493)
@@ -1,153 +0,0 @@
-Description: Sanitizer::checkCss blacklist can be bypassed using vertical tab (ASCII 11)
- .
- Kevin Israel (Wikipedia user PleaseStand) identified and reported two
- vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist
- (CVE-2013-4567, CVE-2013-4568).
-Author: Chris Steipp, <csteipp at wikimedia.org>
-Origin: upstream, https://bugzilla.wikimedia.org/attachment.cgi?id=13772&action=difr
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
-Bug-Debian: http://bugs.debian.org/729629
-
---- a/includes/Sanitizer.php
-+++ b/includes/Sanitizer.php
-@@ -882,6 +882,21 @@
- $value = preg_replace_callback( $decodeRegex,
- array( __CLASS__, 'cssDecodeCallback' ), $value );
-
-+ // Normalize Halfwidth and Fullwidth Unicode block that IE6 might treat as ascii
-+ $value = preg_replace_callback(
-+ '/[!-z]/u', // U+FF01 to U+FF5A
-+ array( __CLASS__, 'cssNormalizeUnicodeWidth' ),
-+ $value
-+ );
-+
-+ // Convert more characters IE6 might treat as ascii
-+ // U+0280, U+0274, U+207F, U+029F, U+026A, U+207D, U+208D
-+ $value = str_replace(
-+ array( 'ʀ', 'ɴ', 'ⁿ', 'ʟ', 'ɪ', '⁽', '₍' ),
-+ array( 'r', 'n', 'n', 'l', 'i', '(', '(' ),
-+ $value
-+ );
-+
- // Remove any comments; IE gets token splitting wrong
- // This must be done AFTER decoding character references and
- // escape sequences, because those steps can introduce comments
-@@ -897,8 +912,24 @@
- $value = substr( $value, 0, $commentPos );
- }
-
-+ // S followed by repeat, iteration, or prolonged sound marks,
-+ // which IE will treat as "ss"
-+ $value = preg_replace(
-+ '/s(?:
-+ \xE3\x80\xB1 | # U+3031
-+ \xE3\x82\x9D | # U+309D
-+ \xE3\x83\xBC | # U+30FC
-+ \xE3\x83\xBD | # U+30FD
-+ \xEF\xB9\xBC | # U+FE7C
-+ \xEF\xB9\xBD | # U+FE7D
-+ \xEF\xBD\xB0 # U+FF70
-+ )/ix',
-+ 'ss',
-+ $value
-+ );
-+
- // Reject problematic keywords and control characters
-- if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
-+ if ( preg_match( '/[\000-\010\013\016-\037\177]/', $value ) ) {
- return '/* invalid control char */';
- } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( !ix', $value ) ) {
- return '/* insecure input */';
-@@ -907,6 +938,19 @@
- }
-
- /**
-+ * Normalize Unicode U+FF01 to U+FF5A
-+ * @param character $char
-+ * @return character in ASCII range \x21-\x7A
-+ */
-+ static function cssNormalizeUnicodeWidth( $matches ) {
-+ $cp = utf8ToCodepoint( $matches[0] );
-+ if ( $cp === false ) {
-+ return '';
-+ }
-+ return chr( $cp - 65248 ); // ASCII range \x21-\x7A
-+ }
-+
-+ /**
- * @param $matches array
- * @return String
- */
---- a/tests/parser/parserTests.txt
-+++ b/tests/parser/parserTests.txt
-@@ -5059,6 +5059,70 @@
-
- !! end
-
-+!! test
-+CSS safety test: vertical tab
-+!! input
-+<p style="font-size: 100px; background-image:url\b(https://www.google.com/images/srpr/logo6w.png)">A</p>
-+!! result
-+<p style="/* invalid control char */">A</p>
-+
-+!! end
-+
-+!! test
-+MSIE CSS safety test: Fullwidth
-+!! input
-+<p style="font-size: 100px; color: expression((title='XSSed'),'red')">A</p>
-+<div style="top:EXPRESSION(alert())">B</div>
-+!! result
-+<p style="/* insecure input */">A</p>
-+<div style="/* insecure input */">B</div>
-+
-+!! end
-+
-+!! test
-+MSIE CSS safety test: IPA extensions
-+!! input
-+<div style="background-image:uʀʟ(javascript:alert())">A</div>
-+<p style="font-size: 100px; color: expʀessɪoɴ((title='XSSed'),'red')">B</p>
-+!! result
-+<div style="/* insecure input */">A</div>
-+<p style="/* insecure input */">B</p>
-+
-+!! end
-+
-+!! test
-+MSIE CSS safety test: sup/sub script
-+!! input
-+<div style="background-image:url⁽javascript:alert())">A</div>
-+<div style="background-image:url₍javascript:alert())">B</div>
-+<p style="font-size: 100px; color: expressioⁿ((title='XSSed'),'red')">C</p>
-+!! result
-+<div style="/* insecure input */">A</div>
-+<div style="/* insecure input */">B</div>
-+<p style="/* insecure input */">C</p>
-+
-+!! end
-+
-+!! test
-+MSIE CSS safety test: Repetition markers
-+!! input
-+<p style="font-size: 100px; color: expres〱ion((title='XSSed'),'red')">A</p>
-+<p style="font-size: 100px; color: expresゝion((title='XSSed'),'red')">B</p>
-+<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">C</p>
-+<p style="font-size: 100px; color: expresヽion((title='XSSed'),'red')">D</p>
-+<p style="font-size: 100px; color: expresﹽion((title='XSSed'),'red')">E</p>
-+<p style="font-size: 100px; color: expresﹼion((title='XSSed'),'red')">F</p>
-+<p style="font-size: 100px; color: expresーion((title='XSSed'),'red')">G</p>
-+!! result
-+<p style="/* insecure input */">A</p>
-+<p style="/* insecure input */">B</p>
-+<p style="/* insecure input */">C</p>
-+<p style="/* insecure input */">D</p>
-+<p style="/* insecure input */">E</p>
-+<p style="/* insecure input */">F</p>
-+<p style="/* insecure input */">G</p>
-+
-+!! end
-
- !! test
- Table attribute legitimate extension
Deleted: mediawiki/trunk/debian/patches/fix_CVE-2013-4572.patch
===================================================================
--- mediawiki/trunk/debian/patches/fix_CVE-2013-4572.patch 2013-12-31 10:04:43 UTC (rev 492)
+++ mediawiki/trunk/debian/patches/fix_CVE-2013-4572.patch 2013-12-31 10:23:30 UTC (rev 493)
@@ -1,36 +0,0 @@
-Description: Multiple users with the same session ID
- .
- Internal review while debugging a site issue discovered that MediaWiki
- and the CentralNotice extension were incorrectly setting cache headers when
- a user was autocreated, causing the user's session cookies to be cached,
- and returned to other users (CVE-2013-4572).
-Author: Chris Steipp, <csteipp at wikimedia.org>
-Origin: upstream, https://bugzilla.wikimedia.org/attachment.cgi?id=13779&action=diff
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
-Bug-Debian: http://bugs.debian.org/729629
-
---- a/includes/actions/RawAction.php
-+++ b/includes/actions/RawAction.php
-@@ -79,6 +79,11 @@
- # Output may contain user-specific data;
- # vary generated content for open sessions on private wikis
- $privateCache = !$wgGroupPermissions['*']['read'] && ( $smaxage == 0 || session_id() != '' );
-+ // Bug 53032 - make this private if user is logged in,
-+ // so we don't accidentally cache cookies
-+ if ( !$privateCache ) {
-+ $privateCache = $this->getUser()->isLoggedIn();
-+ }
- # allow the client to cache this for 24 hours
- $mode = $privateCache ? 'private' : 'public';
- $response->header( 'Cache-Control: ' . $mode . ', s-maxage=' . $smaxage . ', max-age=' . $maxage );
---- a/includes/specials/SpecialUploadStash.php
-+++ b/includes/specials/SpecialUploadStash.php
-@@ -279,6 +279,8 @@
- header( "Content-Type: $contentType", true );
- header( 'Content-Transfer-Encoding: binary', true );
- header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true );
-+ // Bug 53032 - It shouldn't be a problem here, but let's be safe and not cache
-+ header( 'Cache-Control: private' );
- header( "Content-Length: $size", true );
- }
-
Modified: mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch
===================================================================
--- mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch 2013-12-31 10:04:43 UTC (rev 492)
+++ mediawiki/trunk/debian/patches/fix_invalid_xhtml.patch 2013-12-31 10:23:30 UTC (rev 493)
@@ -56,6 +56,48 @@
$html .= ' ' . Html::rawElement( 'div', array( 'class' => 'mw-htmlform-flatlist-item' ), $checkbox );
}
+--- a/includes/Linker.php
++++ b/includes/Linker.php
+@@ -1148,7 +1148,7 @@ class Linker {
+ * @return string
+ */
+ private static function formatAutocommentsCallback( $match ) {
+- global $wgLang;
++ global $wgLang, $wgHtml5;
+ $title = self::$autocommentTitle;
+ $local = self::$autocommentLocal;
+
+@@ -1189,7 +1189,9 @@ class Linker {
+ $auto .= wfMsgExt( 'colon-separator', array( 'escapenoentities', 'content' ) );
+ }
+ $auto = '<span class="autocomment">' . $auto . '</span>';
+- $comment = $pre . $link . $wgLang->getDirMark() . '<span dir="auto">' . $auto . $post . '</span>';
++ $comment = $pre . $link . $wgLang->getDirMark() .
++ '<span' . ($wgHtml5 ? ' dir="auto"' : '') . '>' . $auto .
++ $post . '</span>';
+ return $comment;
+ }
+
+@@ -1392,6 +1394,8 @@ class Linker {
+ * @return string
+ */
+ public static function commentBlock( $comment, $title = null, $local = false ) {
++ global $wgHtml5;
++
+ // '*' used to be the comment inserted by the software way back
+ // in antiquity in case none was provided, here for backwards
+ // compatability, acc. to brion -ævar
+@@ -1399,7 +1403,9 @@ class Linker {
+ return '';
+ } else {
+ $formatted = self::formatComment( $comment, $title, $local );
+- return " <span class=\"comment\" dir=\"auto\">($formatted)</span>";
++ return " <span class=\"comment\"" .
++ ($wgHtml5 ? " dir=\"auto\"" : "") .
++ ">($formatted)</span>";
+ }
+ }
+
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -1613,6 +1613,8 @@ abstract class BaseTemplate extends Quic
@@ -79,6 +121,27 @@
$html = Html::rawElement( isset( $attrs['href'] ) ? 'a' : $options['link-fallback'], $attrs, $html );
}
+--- a/includes/media/MediaTransformOutput.php
++++ b/includes/media/MediaTransformOutput.php
+@@ -259,7 +259,7 @@ class ThumbnailImage extends MediaTransf
+ }
+
+ $attribs = array(
+- 'alt' => $alt,
++ 'alt' => $alt ? $alt : '(thumbnail)',
+ 'src' => $this->url,
+ 'width' => $this->width,
+ 'height' => $this->height,
+--- a/includes/specials/SpecialUpload.php
++++ b/includes/specials/SpecialUpload.php
+@@ -930,6 +930,7 @@ class UploadForm extends HTMLForm {
+ $this->addHeaderText(
+ '<div class="thumb t' . $wgContLang->alignEnd() . '">' .
+ Html::element( 'img', array(
++ 'alt' => '(thumbnail)',
+ 'src' => $mto->getUrl(),
+ 'class' => 'thumbimage',
+ ) ) . '</div>', 'description' );
--- a/skins/MonoBook.php
+++ b/skins/MonoBook.php
@@ -60,6 +60,8 @@ class MonoBookTemplate extends BaseTempl
@@ -126,66 +189,3 @@
</div>
</div>
<div class="portlet" id="p-logo">
---- a/includes/Linker.php
-+++ b/includes/Linker.php
-@@ -1148,7 +1148,7 @@ class Linker {
- * @return string
- */
- private static function formatAutocommentsCallback( $match ) {
-- global $wgLang;
-+ global $wgLang, $wgHtml5;
- $title = self::$autocommentTitle;
- $local = self::$autocommentLocal;
-
-@@ -1189,7 +1189,9 @@ class Linker {
- $auto .= wfMsgExt( 'colon-separator', array( 'escapenoentities', 'content' ) );
- }
- $auto = '<span class="autocomment">' . $auto . '</span>';
-- $comment = $pre . $link . $wgLang->getDirMark() . '<span dir="auto">' . $auto . $post . '</span>';
-+ $comment = $pre . $link . $wgLang->getDirMark() .
-+ '<span' . ($wgHtml5 ? ' dir="auto"' : '') . '>' . $auto .
-+ $post . '</span>';
- return $comment;
- }
-
-@@ -1392,6 +1394,8 @@ class Linker {
- * @return string
- */
- public static function commentBlock( $comment, $title = null, $local = false ) {
-+ global $wgHtml5;
-+
- // '*' used to be the comment inserted by the software way back
- // in antiquity in case none was provided, here for backwards
- // compatability, acc. to brion -ævar
-@@ -1399,7 +1403,9 @@ class Linker {
- return '';
- } else {
- $formatted = self::formatComment( $comment, $title, $local );
-- return " <span class=\"comment\" dir=\"auto\">($formatted)</span>";
-+ return " <span class=\"comment\"" .
-+ ($wgHtml5 ? " dir=\"auto\"" : "") .
-+ ">($formatted)</span>";
- }
- }
-
---- a/includes/media/MediaTransformOutput.php
-+++ b/includes/media/MediaTransformOutput.php
-@@ -259,7 +259,7 @@ class ThumbnailImage extends MediaTransf
- }
-
- $attribs = array(
-- 'alt' => $alt,
-+ 'alt' => $alt ? $alt : '(thumbnail)',
- 'src' => $this->url,
- 'width' => $this->width,
- 'height' => $this->height,
---- a/includes/specials/SpecialUpload.php
-+++ b/includes/specials/SpecialUpload.php
-@@ -930,6 +930,7 @@ class UploadForm extends HTMLForm {
- $this->addHeaderText(
- '<div class="thumb t' . $wgContLang->alignEnd() . '">' .
- Html::element( 'img', array(
-+ 'alt' => '(thumbnail)',
- 'src' => $mto->getUrl(),
- 'class' => 'thumbimage',
- ) ) . '</div>', 'description' );
Modified: mediawiki/trunk/debian/patches/series
===================================================================
--- mediawiki/trunk/debian/patches/series 2013-12-31 10:04:43 UTC (rev 492)
+++ mediawiki/trunk/debian/patches/series 2013-12-31 10:23:30 UTC (rev 493)
@@ -9,5 +9,3 @@
fix_warnings.patch
mimetypes.patch
suppress_warnings.patch
-fix_CVE-2013-4567_and_CVE-2013-4568.patch
-fix_CVE-2013-4572.patch
More information about the Pkg-mediawiki-commits
mailing list