--- - branch: MAIN date: Sat May 21 11:58:12 UTC 2016 files: - new: '1.59' old: '1.58' path: pkgsrc/www/mediawiki/Makefile pathrev: pkgsrc/www/mediawiki/Makefile@1.59 type: modified - new: '1.28' old: '1.27' path: pkgsrc/www/mediawiki/PLIST pathrev: pkgsrc/www/mediawiki/PLIST@1.28 type: modified - new: '1.45' old: '1.44' path: pkgsrc/www/mediawiki/distinfo pathrev: pkgsrc/www/mediawiki/distinfo@1.45 type: modified id: 20160521T115812Z.6327ebba256a5d230104804a8389168687f6d2f0 log: | Update to 1.26.3 Upstream changes: MediaWiki 1.26.3 This is a maintenance release of the MediaWiki 1.26 branch. Changes since 1.26.2 (bug T116266) Fixed undefined property notices in DairikiDiff under HHVM. (bug T123166) Fix fatal error when importing pages to titles which cannot be created, such as invalid titles or titles the user is not allowed to edit. (bug T122056) Old tokens are remaining valid within a new session (bug T127114) Login throttle can be tricked using non-canonicalized usernames (bug T123653) Cross-domain policy regexp is too narrow (bug T123071) Incorrectly identifying http link in a's href attributes, due to m modifier in regex (bug T129506) MediaWiki:Gadget-popups.js isn't renderable (bug T125283) Users occasionally logged in as different users after SessionManager deployment (bug T103239) Patrol allows click catching and patrolling of any page (bug T122807) [tracking] Check php crypto primatives (bug T98313) Graphs can leak tokens, leading to CSRF (bug T130947) Diff generation should use PoolCounter (bug T133507) Careless use of $wgExternalLinkTarget is insecure (bug T132874) API action=move is not rate limited (bug T110143) strip markers can be used to get around html attribute escaping in (bug many?) parser tags (bug T116030) Increase pbkdf2 parameter strengths (bug T127420) Pbkdf2Password does not check if hash_pbkdf2(bug ) succeeded (bug T126685) Globally throttle password attempts module: pkgsrc subject: 'CVS commit: pkgsrc/www/mediawiki' unixtime: '1463831892' user: wen