[Pkg-mediawiki-devel] Bug#702308: unblock: mediawiki/1:1.19.4-1

Jonathan Wiltshire jmw at debian.org
Mon Mar 4 23:58:07 UTC 2013 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package mediawiki

This is a high urgency security fix, in a maintenance release. Upstrema has
bundled a few other changes in too, but I think they are all justified:

+    - New preference type - 'api'. Preferences of this type are not shown
+      on Special:Preferences, but are still available via the
+      action=options API.
required by:
+    - (bug 44010) Context is passed to UserGetLanguageObject.

This bug causes incorrect languages to be used in page history entries, for
example in [1] where the contributor's language has been used and not the
current user's.

1: https://www.mediawiki.org/w/index.php?title=Manual:Pywikipediabot/id&action=history

+    - The recursion guard on RequestContext::getLanguage() was weakened.

The recursion guard has been made non-fatal because it was causing a variety
of exceptions with various root causes. The behaviour now is log-and-continue.

+    - (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST

>From the commit message: "Preserve caller expectations for behaviour of
sslVerifyHost". I couldn't express it any more concisely.

+    - (bug 43518) API action=unblock should return the user name, not the
+      full user object (Closes: #702305)

This is the security bug.

+    - Increase timeout values for some tests

In production, tests are carried out against a real database which if large
enough causes timeouts. The current values are too low, this just bumps them
up a bit (enough, according to upstream - I don't have a large enough setup
to hit the problem).

Full debdiff minus language changes attached.


unblock mediawiki/1:1.19.4-1

Thanks.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mediawiki_1.19.4-1.diff
Type: text/x-diff
Size: 26311 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20130304/5d0b9775/attachment-0001.diff>

More information about the Pkg-mediawiki-devel mailing list