---
- branch: MAIN
  date: Sun Nov 19 08:36:57 UTC 2017
  files:
  - new: '1.69'
    old: '1.68'
    path: pkgsrc/www/mediawiki/Makefile
    pathrev: pkgsrc/www/mediawiki/Makefile@1.69
    type: modified
  - new: '1.35'
    old: '1.34'
    path: pkgsrc/www/mediawiki/PLIST
    pathrev: pkgsrc/www/mediawiki/PLIST@1.35
    type: modified
  - new: '1.53'
    old: '1.52'
    path: pkgsrc/www/mediawiki/distinfo
    pathrev: pkgsrc/www/mediawiki/distinfo@1.53
    type: modified
  id: 20171119T083657Z.7c958879282439d399afb369f1e1c27b846f4b36
  log: |
    Update to 1.29.2

    Upstream changes:
    MediaWiki 1.29.2

    This is a security and maintenance release of the MediaWiki 1.29 branch.
    Changes since 1.29.1

        (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
        (T175439) Unbreak Postgres Updater when setting defaults for a column.
        (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
        Fixed login button label to accept RawMessage.
        Fixed case of SpecialRecentChanges class usage.
        (T174255) Declare uploadCount property in importDump.php.
        (T163646) Pass a string not an int to mysql_real_escape_string().
        (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
        Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
        (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
        (T165846) SECURITY: BotPassword login attempts weren't throttled.
        (T128209) SECURITY: Reflected File Download from api.php.
        (T134100) SECURITY: Do not reveal if user exists during login failure.
        (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
        (T125163) SECURITY: Make anchor for headlines escape > and <.
        (T180237) SECURITY: Protect vendor folder with .htaccess.
        (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
        (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
        (T119158) SECURITY: Handle -{}- syntax in attributes safely.
        (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all branches in the previous security release.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/mediawiki'
  unixtime: '1511080617'
  user: wen