[Pkg-mediawiki-commits] r514 - mediawiki/branches/wheezy/debian mediawiki/branches/wheezy/debian/etc mediawiki/branches/wheezy/debian/patches mediawiki/branches/wheezy/debian/source mediawiki-extensions/branches/wheezy/debian
Thorsten Glaser
tg at moszumanska.debian.org
Fri Feb 7 14:27:55 UTC 2014
Author: tg
Date: 2014-02-07 14:27:55 +0000 (Fri, 07 Feb 2014)
New Revision: 514
Added:
mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.preinst
mediawiki/branches/wheezy/debian/cc-0.png
mediawiki/branches/wheezy/debian/cc-by-nc-sa.png
mediawiki/branches/wheezy/debian/cc-by-sa.png
mediawiki/branches/wheezy/debian/cc-by.png
mediawiki/branches/wheezy/debian/mediawiki.preinst
mediawiki/branches/wheezy/debian/source/include-binaries
Removed:
mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.dirs
mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.links
mediawiki/branches/wheezy/debian/patches/CVE-2013-4302.patch
Modified:
mediawiki-extensions/branches/wheezy/debian/changelog
mediawiki-extensions/branches/wheezy/debian/control.in
mediawiki-extensions/branches/wheezy/debian/copyright
mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.links
mediawiki/branches/wheezy/debian/changelog
mediawiki/branches/wheezy/debian/control
mediawiki/branches/wheezy/debian/copyright
mediawiki/branches/wheezy/debian/etc/apache.conf
mediawiki/branches/wheezy/debian/mediawiki.install
mediawiki/branches/wheezy/debian/mediawiki.links
mediawiki/branches/wheezy/debian/patches/series
mediawiki/branches/wheezy/debian/patches/suppress_warnings.patch
mediawiki/branches/wheezy/debian/rules
mediawiki/branches/wheezy/debian/watch
Log:
commit proposed stable updates
Added: mediawiki/branches/wheezy/debian/cc-0.png
===================================================================
(Binary files differ)
Property changes on: mediawiki/branches/wheezy/debian/cc-0.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: mediawiki/branches/wheezy/debian/cc-by-nc-sa.png
===================================================================
(Binary files differ)
Property changes on: mediawiki/branches/wheezy/debian/cc-by-nc-sa.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: mediawiki/branches/wheezy/debian/cc-by-sa.png
===================================================================
(Binary files differ)
Property changes on: mediawiki/branches/wheezy/debian/cc-by-sa.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: mediawiki/branches/wheezy/debian/cc-by.png
===================================================================
(Binary files differ)
Property changes on: mediawiki/branches/wheezy/debian/cc-by.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Modified: mediawiki/branches/wheezy/debian/changelog
===================================================================
--- mediawiki/branches/wheezy/debian/changelog 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/changelog 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,3 +1,35 @@
+mediawiki (1:1.19.11+dfsg-1~deb7u1) stable-security; urgency=medium
+
+ * New upstream security fix release (Closes: #729629, #706601):
+ - CVE-2014-1610 (bug 60339) remote code exec in Djvu thumbnailer
+ - CVE-2013-4568 (bug 58088) Don't normalize U+FF3C to \ in CSS Checks
+ - CVE-2013-6452 (bug 57550) Disallow stylesheets in SVG Uploads
+ - CVE-2013-6453 (bug 58553) Return error on invalid XML for SVG Uploads
+ - CVE-2013-6454 (bug 58472) Disallow -o-link in styles
+ - CVE-2013-6472 (bug 58699) Fix RevDel log entry information leaks
+ - CVE-2013-4572 (bug 53032) Don't cache when a call could autocreate
+ - CVE-2013-4567 (bug 55332) Vertical tab allows bypassing filters
+ - CVE-2013-4568 (bug 55332) "expression" filtering in IE6 bypass
+ - SVG script filtering could be bypassed for Chrome and Firefox
+ clients by using an encoding that MediaWiki understood, but these
+ browsers interpreted as UTF-8. (CVE-2013-2031)
+ - Internal review discovered that extensions were not given the
+ opportunity to disable a password reset, which could lead to
+ circumvention of two-factor authentication (CVE-2013-2032)
+ - (and others)
+ * Replace trademarked image files by self-drawn Free ones
+ * Secure the default images directory (Closes: #716884)
+ * Handle /var/lib/mediawiki/extensions/* always as symlinks, for
+ both core and extra extensions, with upgrade path (Closes: #719208)
+ * Ship files in /etc/mediawiki-extensions/extensions-available/
+ for extensions shipped with the mediawiki core
+ * Change watch file to track upstream LTS version
+ * debian/control: Change VCS-* URLs (unbreak; point to stable)
+ * Update copyright file with things noted by Paul Tagliamonte, thanks!
+ * Refresh one patch to make it apply cleanly against 1.19.11
+
+ -- Thorsten Glaser <tg at mirbsd.de> Fri, 07 Feb 2014 15:23:11 +0100
+
mediawiki (1:1.19.5-1+deb7u1) stable-security; urgency=low
* CVE-2013-4302: apply patch from upstream to prevent
Modified: mediawiki/branches/wheezy/debian/control
===================================================================
--- mediawiki/branches/wheezy/debian/control 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/control 2014-02-07 14:27:55 UTC (rev 514)
@@ -8,8 +8,8 @@
ocaml-nox | ocaml, xsltproc, docbook-xml, docbook-xsl, po-debconf
Homepage: http://www.mediawiki.org/
Standards-Version: 3.9.3
-Vcs-SVN: svn://svn.debian.org/svn/pkg-mediawiki/mediawiki/trunk/
-Vcs-Browser: http://svn.debian.org/viewsvn/pkg-mediawiki/mediawiki/trunk/
+Vcs-SVN: svn://anonscm.debian.org/pkg-mediawiki/mediawiki/branches/wheezy/
+Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mediawiki/mediawiki/branches/wheezy/
Package: mediawiki
Architecture: all
@@ -17,15 +17,15 @@
Recommends: mysql-server | postgresql-contrib, php5-cli, python, php-wikidiff2, mediawiki-extensions-base
Suggests: imagemagick | php5-gd, mediawiki-math, memcached, clamav
Breaks: fusionforge-plugin-mediawiki (<< 5.2~rc1+1~),
- mediawiki-extensions-base (<< 2.8~),
mediawiki-extensions-geshi (<< 2.8~),
mediawiki-extensions-ldapauth (<< 2.8~),
mediawiki-extensions-openid (<< 2.8~),
- mediawiki-extensions-confirmedit (<< 2.8~),
mediawiki-extensions-fckeditor,
mediawiki-extensions-collection (<< 2.8~),
mediawiki-extensions-graphviz (<< 2.8~),
mediawiki-extensions (<< 2.8~)
+Conflicts: mediawiki-extensions-base (<< 3.5~),
+ mediawiki-extensions-confirmedit
Description: website engine for collaborative work
MediaWiki is a wiki engine (a program for creating a collaboratively
edited website). It is designed to handle heavy websites containing
Modified: mediawiki/branches/wheezy/debian/copyright
===================================================================
--- mediawiki/branches/wheezy/debian/copyright 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/copyright 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,7 +1,7 @@
This package was debianized by Marc Dequènes <Duck at DuckCorp.org> on
Fri, 31 Dec 2004 00:11:42 +0100.
-It was downloaded from http://wikipedia.sourceforge.net/
+It was downloaded from http://dumps.wikimedia.org/mediawiki/
Upstream Authors: Mediawiki Development Team <mediawiki-l at Wikimedia.org>
@@ -66,18 +66,88 @@
// | client logic under 2-clause BSD license. |
// +---------------------------------------------------------------------------+
- File button_S_italic.png is licensed under the public domain.
+ File includes/libs/CSSMin.php is under the Apache License, Version 2.0,
+ which can be found in /usr/share/common-licenses/Apache-2.0 on Debian
+ systems, and is compatible with the GNU GPLv3.
+ WARNING: This makes MediaWiki “net” GNU GPLv3 or later!
- Images found on the common skins icons images are licensed under
+ Files includes/libs/IEContentAnalyzer.php and IEUrlExtension.php were
+ written by Tim Starling who permits any OSI approved licence to be used
+ for them: http://www.mediawiki.org/wiki/User:Tim_Starling
+
+ File includes/libs/JavaScriptMinifier.php is available under any of
+ the Apache, MIT, GPL, LGPL licences.
+
+ File includes/libs/jsminplus.php is available under the MPL 1.1 or
+ the GNU GPLv2 or later or LGPLv2.1 or later.
+
+ File resources/jquery/jquery.qunit.js contains jsDump which is
+ Copyright (c) 2008 Ariel Flesler and covered by the BSD licence.
+
+ File resources/jquery.effects/jquery.effects.core.js contains
+ jQuery Easing which is Copyright 2008 George McGinley Smith
+ and covered by the 3-clause BSD licence:
+
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the author nor the names of contributors may be used to
+ * endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+
+ File button_S_italic.png is in the public domain.
+
+ MediaWiki makes use of the Sajax Toolkit by modernmethod,
+ http://www.modernmethod.com/sajax/ which has the following license:
+
+ 'This work is licensed under the Creative Commons Attribution
+ License. To view a copy of this license, visit
+ http://creativecommons.org/licenses/by/2.0/ or send a letter
+ to Creative Commons, 559 Nathan Abbott Way,
+ Stanford, California 94305, USA.'
+
+ MediaWiki use Creative Commons license marks to points to their online
+ licenses. This content is trademarked and used under a specific license
+ available at http://creativecommons.org/policies#trademark
+ The restricted content is:
+ * skins/common/images/cc-0.png
+ * skins/common/images/cc-by-nc-sa.png
+ * skins/common/images/cc-by-sa.png
+ * skins/common/images/cc-by.png
+ These images have been removed from the +dfsg tarball and replaced by
+ Free versions drawn by Thorsten Glaser in xpaint, optimised with GIMP.
+
+ Images found on the common skins icons images are licensed under
GNU LGPL License.
-
+
+ The vector skin uses csshover by Peter Nederlof, licenced under the
+ GNU LGPL version 2.1 or later.
+
Everything else is under the following copyright/license.
- Copyright (C) 2003-2004 Mediawiki Development Team
+ Copyright (C) 2003-2013 Mediawiki Development Team
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 dated June, 1991.
+ the Free Software Foundation; version 2 or later.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -91,4 +161,3 @@
On Debian systems, the complete text of the GNU General
Public License can be found in `/usr/share/common-licenses/GPL-2'.
-
Modified: mediawiki/branches/wheezy/debian/etc/apache.conf
===================================================================
--- mediawiki/branches/wheezy/debian/etc/apache.conf 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/etc/apache.conf 2014-02-07 14:27:55 UTC (rev 514)
@@ -13,8 +13,21 @@
<Directory /var/lib/mediawiki/config>
Options -FollowSymLinks
AllowOverride None
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
</Directory>
+<Directory /var/lib/mediawiki/images>
+ Options -FollowSymLinks
+ AllowOverride None
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
+</Directory>
<Directory /var/lib/mediawiki/upload>
Options -FollowSymLinks
AllowOverride None
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
</Directory>
Modified: mediawiki/branches/wheezy/debian/mediawiki.install
===================================================================
--- mediawiki/branches/wheezy/debian/mediawiki.install 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/mediawiki.install 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,3 +1,4 @@
+debian/cc-* usr/share/mediawiki/skins/common/images
debian/etc/* etc/mediawiki
*.php *.phtml includes index.php languages maintenance mw-config resources skins usr/share/mediawiki
cache extensions images var/lib/mediawiki
Modified: mediawiki/branches/wheezy/debian/mediawiki.links
===================================================================
--- mediawiki/branches/wheezy/debian/mediawiki.links 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/mediawiki.links 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,5 +1,17 @@
etc/mediawiki/LocalSettings.php var/lib/mediawiki/LocalSettings.php
etc/mediawiki/AdminSettings.php var/lib/mediawiki/AdminSettings.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/Asirra.php etc/mediawiki-extensions/extensions-available/Asirra.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/ConfirmEdit.php etc/mediawiki-extensions/extensions-available/ConfirmEdit.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/FancyCaptcha.php etc/mediawiki-extensions/extensions-available/FancyCaptcha.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/MathCaptcha.php etc/mediawiki-extensions/extensions-available/MathCaptcha.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/QuestyCaptcha.php etc/mediawiki-extensions/extensions-available/QuestyCaptcha.php
+usr/share/mediawiki/extensions-core/ConfirmEdit/ReCaptcha.php etc/mediawiki-extensions/extensions-available/ReCaptcha.php
+usr/share/mediawiki/extensions-core/Gadgets/Gadgets.php etc/mediawiki-extensions/extensions-available/Gadgets.php
+usr/share/mediawiki/extensions-core/Nuke/Nuke.php etc/mediawiki-extensions/extensions-available/Nuke.php
+usr/share/mediawiki/extensions-core/ParserFunctions/ParserFunctions.php etc/mediawiki-extensions/extensions-available/ParserFunctions.php
+usr/share/mediawiki/extensions-core/Renameuser/Renameuser.php etc/mediawiki-extensions/extensions-available/Renameuser.php
+usr/share/mediawiki/extensions-core/Vector/Vector.php etc/mediawiki-extensions/extensions-available/Vector.php
+usr/share/mediawiki/extensions-core/WikiEditor/WikiEditor.php etc/mediawiki-extensions/extensions-available/WikiEditor.php
var/lib/mediawiki/LocalSettings.php usr/share/mediawiki/LocalSettings.php
var/lib/mediawiki/AdminSettings.php usr/share/mediawiki/AdminSettings.php
var/lib/mediawiki/config usr/share/mediawiki/config
Added: mediawiki/branches/wheezy/debian/mediawiki.preinst
===================================================================
--- mediawiki/branches/wheezy/debian/mediawiki.preinst (rev 0)
+++ mediawiki/branches/wheezy/debian/mediawiki.preinst 2014-02-07 14:27:55 UTC (rev 514)
@@ -0,0 +1,45 @@
+#!/bin/sh
+# $Id: mediawiki.preinst 494 2013-12-31 10:36:29Z tg $
+# From MirOS: contrib/hosted/tg/deb/jupp/debian/jupp.preinst,v 1.5 2011/10/06 08:59:57 tg Exp $
+
+set -e
+
+# This maintainer script can be called the following ways:
+#
+# * new-preinst "install" [$old_version]
+# * new-preinst "upgrade" [$old_version]
+# * old-preinst "abort-upgrade" $new_version
+# Essential packages and Pre-Depends are available. Pre-Depends have
+# been configured once, but may be unpacked or Half-Configured only,
+# or, for "abort-upgrade", Half-Installed if their upgrade failed.
+
+case $1 in
+install|upgrade)
+ # move directories to symlinks (once)
+ if test -z "$2" || \
+ dpkg --compare-versions "$2" lt '1:1.19.9'; then
+ rm -rf /var/lib/mediawiki/extensions/ConfirmEdit
+ rm -rf /var/lib/mediawiki/extensions/Gadgets
+ rm -rf /var/lib/mediawiki/extensions/Nuke
+ rm -rf /var/lib/mediawiki/extensions/ParserFunctions
+ rm -rf /var/lib/mediawiki/extensions/Renameuser
+ rm -rf /var/lib/mediawiki/extensions/Vector
+ rm -rf /var/lib/mediawiki/extensions/WikiEditor
+ fi
+ ;;
+
+abort-upgrade)
+ ;;
+
+*)
+ echo >&2 "preinst called with unknown subcommand '$1'"
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
Deleted: mediawiki/branches/wheezy/debian/patches/CVE-2013-4302.patch
===================================================================
--- mediawiki/branches/wheezy/debian/patches/CVE-2013-4302.patch 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/patches/CVE-2013-4302.patch 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,87 +0,0 @@
-From f8998c726550b85ab6a4362c364a51f1604ea687 Mon Sep 17 00:00:00 2001
-From: Brad Jorsch <bjorsch at wikimedia.org>
-Date: Tue, 3 Sep 2013 07:59:13 -0700
-Subject: [PATCH] SECURITY: Prevent tokens in jsonp mode
-
-Add checks to token-returning functions to prevent returning tokens in
-jsonp mode. This affects action=login, action=block, action=unblock, and
-action=query&list=deletedrevs.
-
-Bug: 49090
-Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7
----
- includes/api/ApiBlock.php | 4 ++++
- includes/api/ApiLogin.php | 9 +++++++++
- includes/api/ApiQueryDeletedrevs.php | 5 +++++
- includes/api/ApiUnblock.php | 4 ++++
- 5 files changed, 24 insertions(+), 1 deletion(-)
-
-diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
-index 351ac6b..5c9e68f 100644
---- a/includes/api/ApiBlock.php
-+++ b/includes/api/ApiBlock.php
-@@ -47,6 +47,10 @@ class ApiBlock extends ApiBase {
- $params = $this->extractRequestParams();
-
- if ( $params['gettoken'] ) {
-+ // If we're in JSON callback mode, no tokens can be obtained
-+ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
-+ $this->dieUsage( 'Cannot get token when using a callback', 'aborted' );
-+ }
- $res['blocktoken'] = $user->getEditToken( '', $this->getMain()->getRequest() );
- $this->getResult()->addValue( null, $this->getModuleName(), $res );
- return;
-diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
-index aa570cb..3384910 100644
---- a/includes/api/ApiLogin.php
-+++ b/includes/api/ApiLogin.php
-@@ -46,6 +46,15 @@ class ApiLogin extends ApiBase {
- * is reached. The expiry is $this->mLoginThrottle.
- */
- public function execute() {
-+ // If we're in JSON callback mode, no tokens can be obtained
-+ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
-+ $this->getResult()->addValue( null, 'login', array(
-+ 'result' => 'Aborted',
-+ 'reason' => 'Cannot log in when using a callback',
-+ ) );
-+ return;
-+ }
-+
- $params = $this->extractRequestParams();
-
- $result = array();
-diff --git a/includes/api/ApiQueryDeletedrevs.php b/includes/api/ApiQueryDeletedrevs.php
-index 0a0cc93..13978f9 100644
---- a/includes/api/ApiQueryDeletedrevs.php
-+++ b/includes/api/ApiQueryDeletedrevs.php
-@@ -57,6 +57,11 @@ class ApiQueryDeletedrevs extends ApiQueryBase {
- $fld_content = isset( $prop['content'] );
- $fld_token = isset( $prop['token'] );
-
-+ // If we're in JSON callback mode, no tokens can be obtained
-+ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
-+ $fld_token = false;
-+ }
-+
- $result = $this->getResult();
- $pageSet = $this->getPageSet();
- $titles = $pageSet->getTitles();
-diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php
-index d0ad3a8..122cb98 100644
---- a/includes/api/ApiUnblock.php
-+++ b/includes/api/ApiUnblock.php
-@@ -44,6 +44,10 @@ class ApiUnblock extends ApiBase {
- $params = $this->extractRequestParams();
-
- if ( $params['gettoken'] ) {
-+ // If we're in JSON callback mode, no tokens can be obtained
-+ if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
-+ $this->dieUsage( 'Cannot get token when using a callback', 'aborted' );
-+ }
- $res['unblocktoken'] = $user->getEditToken( '', $this->getMain()->getRequest() );
- $this->getResult()->addValue( null, $this->getModuleName(), $res );
- return;
---
-1.7.10.4
-
Modified: mediawiki/branches/wheezy/debian/patches/series
===================================================================
--- mediawiki/branches/wheezy/debian/patches/series 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/patches/series 2014-02-07 14:27:55 UTC (rev 514)
@@ -7,4 +7,3 @@
bz40889.patch
bz39635.patch
debian_specific_config.patch
-CVE-2013-4302.patch
Modified: mediawiki/branches/wheezy/debian/patches/suppress_warnings.patch
===================================================================
--- mediawiki/branches/wheezy/debian/patches/suppress_warnings.patch 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/patches/suppress_warnings.patch 2014-02-07 14:27:55 UTC (rev 514)
@@ -22,15 +22,15 @@
}
}
} else {
-@@ -2217,6 +2220,7 @@ function wfSuppressWarnings( $end = fals
- define( 'E_DEPRECATED', 8192 );
+@@ -2220,6 +2223,7 @@ function wfSuppressWarnings( $end = fals
+ define( 'E_USER_DEPRECATED', 16384 );
}
$originalLevel = error_reporting( E_ALL & ~( E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE | E_DEPRECATED | E_USER_DEPRECATED | E_STRICT ) );
+ $wf__warnings_suppressed = true;
}
++$suppressCount;
}
-@@ -3371,7 +3375,7 @@ function wfSetupSession( $sessionId = fa
+@@ -3374,7 +3378,7 @@ function wfSetupSession( $sessionId = fa
wfFixSessionID();
}
wfSuppressWarnings();
Modified: mediawiki/branches/wheezy/debian/rules
===================================================================
--- mediawiki/branches/wheezy/debian/rules 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/rules 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,8 +1,8 @@
#!/usr/bin/make -f
-DEB_VERSION ?= $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
-DEB_NOEPOCH_VERSION ?= $(shell echo $(DEB_VERSION) | cut -d: -f2-)
-DEB_UPSTREAM_VERSION ?= $(shell echo $(DEB_NOEPOCH_VERSION) | sed 's/-[^-]*$$//')
+DEB_VERSION:=$(shell dpkg-parsechangelog -n1 | sed -n '/^Version: /s///p')
+DEB_NOEPOCH_VERSION:=$(shell DEB_VERSION=${DEB_VERSION}; echo $${DEB_VERSION\#*:})
+DEB_UPSTREAM_VERSION:=$(shell DEB_NOEPOCH_VERSION=${DEB_NOEPOCH_VERSION}; echo $${DEB_NOEPOCH_VERSION%+dfsg-*})
override_dh_install:
dh_install
@@ -42,6 +42,18 @@
# Put debian version for mediawiki version..
sed -e "s#$(DEB_UPSTREAM_VERSION)#$(DEB_NOEPOCH_VERSION)#" \
-i debian/mediawiki/usr/share/mediawiki/includes/DefaultSettings.php
+ # Move extensions
+ mkdir -p debian/mediawiki/usr/share/doc/mediawiki
+ mv debian/mediawiki/var/lib/mediawiki/extensions/README \
+ debian/mediawiki/usr/share/doc/mediawiki/README.extensions
+ mv debian/mediawiki/var/lib/mediawiki/extensions \
+ debian/mediawiki/usr/share/mediawiki/extensions-core
+ mkdir debian/mediawiki/var/lib/mediawiki/extensions
+ coreextensions=$$(cd debian/mediawiki/usr/share/mediawiki/extensions-core; \
+ echo *); for coreextension in $$coreextensions; do \
+ dh_link usr/share/mediawiki/extensions-core/"$$coreextension" \
+ var/lib/mediawiki/extensions/"$$coreextension"; \
+ done
override_dh_installdeb:
find debian/mediawiki -depth \( -name ".cvsignore" -o -name ".gitignore" -o -name ".arch-ids" \) -exec rm -rf {} \;
Added: mediawiki/branches/wheezy/debian/source/include-binaries
===================================================================
--- mediawiki/branches/wheezy/debian/source/include-binaries (rev 0)
+++ mediawiki/branches/wheezy/debian/source/include-binaries 2014-02-07 14:27:55 UTC (rev 514)
@@ -0,0 +1,4 @@
+debian/cc-0.png
+debian/cc-by-nc-sa.png
+debian/cc-by-sa.png
+debian/cc-by.png
Modified: mediawiki/branches/wheezy/debian/watch
===================================================================
--- mediawiki/branches/wheezy/debian/watch 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki/branches/wheezy/debian/watch 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,6 +1,4 @@
-# Compulsory line, this is a version 3 file
version=3
-opts="dversionmangle=s/^[0-9]+://" \
-http://www.mediawiki.org/wiki/Download http://download.wikimedia.org/mediawiki/.*/mediawiki-(.*).tar.gz
-
+opts="dversionmangle=s/^[0-9]+://;s/\+dfsg$//,pgpsigurlmangle=s/$/.sig/" \
+http://dumps.wikimedia.org/mediawiki/1.19/ mediawiki-([0-9.]*).tar.gz
Modified: mediawiki-extensions/branches/wheezy/debian/changelog
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/changelog 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/changelog 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,3 +1,15 @@
+mediawiki-extensions (3.5~deb7u1) stable-security; urgency=medium
+
+ * Remove old (harmful) mediawiki-extensions postrm in
+ new mediawiki-extensions-base preinst (Closes: #698438)
+ * Stop shipping extensions that moved to core in 1.19
+ - mediawiki-extensions-confirmedit is gone and will
+ need manual removal; the functionality of this
+ package is fully provided by mediawiki’s core now
+ * debian/control: Change VCS-* URLs (unbreak; point to stable)
+
+ -- Thorsten Glaser <tg at mirbsd.de> Fri, 07 Feb 2014 15:24:42 +0100
+
mediawiki-extensions (2.11) unstable; urgency=medium
* RSS_Reader: correctly sanitise the message body as well,
Modified: mediawiki-extensions/branches/wheezy/debian/control.in
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/control.in 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/control.in 2014-02-07 14:27:55 UTC (rev 514)
@@ -5,8 +5,8 @@
Uploaders: Romain Beauxis <toots at rastageeks.org>, Thorsten Glaser <tg at mirbsd.de>
Build-Depends: @cdbs@
Standards-Version: 3.9.3
-Vcs-SVN: svn://svn.debian.org/svn/pkg-mediawiki/mediawiki-extensions/trunk/
-Vcs-Browser: http://svn.debian.org/viewsvn/pkg-mediawiki/mediawiki-extensions/trunk/
+Vcs-SVN: svn://anonscm.debian.org/pkg-mediawiki/mediawiki-extensions/branches/wheezy/
+Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-mediawiki/mediawiki-extensions/branches/wheezy/
Package: mediawiki-extensions-base
Architecture: all
@@ -28,11 +28,9 @@
* NewestPages -- show the last pages added to the wiki
* News -- embed excerpt from RecentChanges into a page
* PageCSS -- parser hook to add per-page CSS
- * ParserFunctions -- collection of parser functions
* Poem -- add tags for poems
* Polyglot -- provide redirects based on user language
* RSS_Reader -- embed RSS feed content into a page
- * SpecialRenameuser -- special page to rename users
.
These extensions are set together for the Debian mediawiki
package, but they may also be used separately.
@@ -73,24 +71,6 @@
This extension is set for the Debian mediawiki
package, but it may also be used separately.
-Package: mediawiki-extensions-confirmedit
-Architecture: all
-Depends: ${misc:Depends}, mediawiki-extensions-base,
- python, python-imaging
-Recommends: mediawiki-math
-Replaces: mediawiki-extensions (<< 2.0)
-Description: Extensions for MediaWiki -- ConfirmEdit extension
- This package provides the mediawiki extensions for
- various captcha used to confirm user's editions.
- .
- Currently, it contains:
- * ConfirmEdit -- very simple text Captcha
- * FancyCaptcha -- more complex image captchas (needs ConfirmEdit)
- * MathCaptcha -- captchas using simple sums and the math renderer
- .
- This extension is set for the Debian mediawiki
- package, but it may also be used separately.
-
Package: mediawiki-extensions-collection
Architecture: all
Depends: ${misc:Depends}, mediawiki-extensions-base, php5-curl
@@ -118,7 +98,6 @@
mediawiki-extensions-geshi,
mediawiki-extensions-ldapauth,
mediawiki-extensions-openid,
- mediawiki-extensions-confirmedit,
mediawiki-extensions-collection,
mediawiki-extensions-graphviz,
${misc:Depends}
Modified: mediawiki-extensions/branches/wheezy/debian/copyright
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/copyright 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/copyright 2014-02-07 14:27:55 UTC (rev 514)
@@ -24,21 +24,14 @@
Poem is Copyright 2005, Nikola Smolenski <smolensk at eunet.yu>.
-ParserFunctions is Copyright 2006 by the mediawiki developpers
-
PageCSS is Copyright 2005, Ævar Arnfjörð Bjarmason <avarab at gmail.com>
FootNote is Copyright 2006 Anders Wegge Jakobsen <awegge at gmail.com>
-Renameuser is Copyright 2005, Ævar Arnfjörð Bjarmason <avarab at gmail.com>
-
LdapAuthentication is Copyright 2004 Ryan Lane
CategoryTree is Copyright 2006-2007 Daniel Kinzler
-ConfirmEdit is Copyright 2005-2007 Brion Vibber <brion at wikimedia.org>
-captcha.py is Copyright 2005 Neil Harris; see file for others.
-
ExtensionFunctions is Copyright 2007 Mediawiki Development Team <mediawiki-l at Wikimedia.org>.
This file is a part of the mediawiki software.
@@ -69,9 +62,9 @@
License
=======
-Cite, NewestPages, SyntaxHighlight_GeSHi, ParserFunctions, PageCSS, FootNote,
-Renameuser, LdapAuthentication, CategoryTree, ConfirmEdit, ExtensionFunctions,
-OpenID, RSS_Reader, NewUserNotif, CreateBox, Interwiki are released under the
+Cite, NewestPages, SyntaxHighlight_GeSHi, PageCSS, FootNote,
+LdapAuthentication, CategoryTree, ExtensionFunctions, OpenID,
+RSS_Reader, NewUserNotif, CreateBox, Interwiki are released under the
terms of the GNU General Public License 2.0 or later.
This package is free software; you can redistribute it and/or modify
@@ -110,3 +103,7 @@
The Debian packaging is © 2006, Romain Beauxis <toots at rastageeks.org> and
is licensed under the GPLv2, see above.
+
+Several of the modifications are Copyright © 2010-2014
+ Thorsten Glaser <t.glaser at tarent.de>
+and licenced under the GNU GPLv2 or later, same as MediaWiki.
Modified: mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.links
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.links 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.links 2014-02-07 14:27:55 UTC (rev 514)
@@ -23,13 +23,9 @@
usr/share/mediawiki-extensions/base/News/News.php etc/mediawiki-extensions/extensions-available/News.php
usr/share/mediawiki-extensions/base/PageCSS var/lib/mediawiki/extensions/PageCSS
usr/share/mediawiki-extensions/base/PageCSS/PageCSS.php etc/mediawiki-extensions/extensions-available/PageCSS.php
-usr/share/mediawiki-extensions/base/ParserFunctions var/lib/mediawiki/extensions/ParserFunctions
-usr/share/mediawiki-extensions/base/ParserFunctions/ParserFunctions.php etc/mediawiki-extensions/extensions-available/ParserFunctions.php
usr/share/mediawiki-extensions/base/Poem var/lib/mediawiki/extensions/Poem
usr/share/mediawiki-extensions/base/Poem/Poem.php etc/mediawiki-extensions/extensions-available/Poem.php
usr/share/mediawiki-extensions/base/Polyglot var/lib/mediawiki/extensions/Polyglot
usr/share/mediawiki-extensions/base/Polyglot/Polyglot.php etc/mediawiki-extensions/extensions-available/Polyglot.php
-usr/share/mediawiki-extensions/base/Renameuser var/lib/mediawiki/extensions/Renameuser
-usr/share/mediawiki-extensions/base/Renameuser/SpecialRenameuser.php etc/mediawiki-extensions/extensions-available/SpecialRenameuser.php
usr/share/mediawiki-extensions/base/RSS_Reader var/lib/mediawiki/extensions/RSS_Reader
usr/share/mediawiki-extensions/base/RSS_Reader/RSSReader.php etc/mediawiki-extensions/extensions-available/RSSReader.php
Added: mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.preinst
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.preinst (rev 0)
+++ mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-base.preinst 2014-02-07 14:27:55 UTC (rev 514)
@@ -0,0 +1,40 @@
+#!/bin/sh
+# From MirOS: contrib/hosted/tg/deb/jupp/debian/jupp.preinst,v 1.5 2011/10/06 08:59:57 tg Exp $
+
+set -e
+
+# This maintainer script can be called the following ways:
+#
+# * new-preinst "install" [$old_version]
+# * new-preinst "upgrade" [$old_version]
+# * old-preinst "abort-upgrade" $new_version
+# Essential packages and Pre-Depends are available. Pre-Depends have
+# been configured once, but may be unpacked or Half-Configured only,
+# or, for "abort-upgrade", Half-Installed if their upgrade failed.
+
+case $1 in
+install|upgrade)
+ # cf. #698438
+ test -s /var/lib/dpkg/info/mediawiki-extensions.postrm && \
+ case "$(md5sum /var/lib/dpkg/info/mediawiki-extensions.postrm)" in
+ aa21aaba44c96d8af67c86e89f61c35a*)
+ rm -f /var/lib/dpkg/info/mediawiki-extensions.postrm
+ ;;
+ esac
+ ;;
+
+abort-upgrade)
+ ;;
+
+*)
+ echo >&2 "preinst called with unknown subcommand '$1'"
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
Deleted: mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.dirs
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.dirs 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.dirs 2014-02-07 14:27:55 UTC (rev 514)
@@ -1 +0,0 @@
-var/lib/mediawiki/extensions
Deleted: mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.links
===================================================================
--- mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.links 2014-02-02 00:09:00 UTC (rev 513)
+++ mediawiki-extensions/branches/wheezy/debian/mediawiki-extensions-confirmedit.links 2014-02-07 14:27:55 UTC (rev 514)
@@ -1,4 +0,0 @@
-usr/share/mediawiki-extensions/confirmedit var/lib/mediawiki/extensions/ConfirmEdit
-usr/share/mediawiki-extensions/confirmedit/ConfirmEdit.php etc/mediawiki-extensions/extensions-available/ConfirmEdit.php
-usr/share/mediawiki-extensions/confirmedit/FancyCaptcha.php etc/mediawiki-extensions/extensions-available/FancyCaptcha.php
-usr/share/mediawiki-extensions/confirmedit/MathCaptcha.php etc/mediawiki-extensions/extensions-available/MathCaptcha.php
More information about the Pkg-mediawiki-commits
mailing list