Sun Nov 19 08:36:57 2017 UTC ()
Update to 1.29.2

Upstream changes:
MediaWiki 1.29.2

This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1

    (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
    (T175439) Unbreak Postgres Updater when setting defaults for a column.
    (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
    Fixed login button label to accept RawMessage.
    Fixed case of SpecialRecentChanges class usage.
    (T174255) Declare uploadCount property in importDump.php.
    (T163646) Pass a string not an int to mysql_real_escape_string().
    (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
    Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled.
    (T128209) SECURITY: Reflected File Download from api.php.
    (T134100) SECURITY: Do not reveal if user exists during login failure.
    (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
    (T125163) SECURITY: Make anchor for headlines escape > and <.
    (T180237) SECURITY: Protect vendor folder with .htaccess.
    (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
    (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
    (T119158) SECURITY: Handle -{}- syntax in attributes safely.
    (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all branches in the previous security release.


(wen)
diff -r1.68 -r1.69 pkgsrc/www/mediawiki/Makefile
diff -r1.34 -r1.35 pkgsrc/www/mediawiki/PLIST
diff -r1.52 -r1.53 pkgsrc/www/mediawiki/distinfo
cvs diff -r1.68 -r1.69 pkgsrc/www/mediawiki/Makefile (expand / switch to unified diff)

--- pkgsrc/www/mediawiki/Makefile 2017/08/24 14:02:39 1.68
+++ pkgsrc/www/mediawiki/Makefile 2017/11/19 08:36:57 1.69
@@ -1,38 +1,38 @@ @@ -1,38 +1,38 @@
1# $NetBSD: Makefile,v 1.68 2017/08/24 14:02:39 wen Exp $ 1# $NetBSD: Makefile,v 1.69 2017/11/19 08:36:57 wen Exp $
2 2
3DISTNAME= mediawiki-${VER}.${PVER} 3DISTNAME= mediawiki-${VER}.${PVER}
4CATEGORIES= www 4CATEGORIES= www
5MASTER_SITES= https://releases.wikimedia.org/mediawiki/${VER}/ 5MASTER_SITES= https://releases.wikimedia.org/mediawiki/${VER}/
6 6
7MAINTAINER= wenheping@gmail.com 7MAINTAINER= wenheping@gmail.com
8HOMEPAGE= http://www.mediawiki.org/ 8HOMEPAGE= http://www.mediawiki.org/
9COMMENT= Free software wiki package originally written for Wikipedia 9COMMENT= Free software wiki package originally written for Wikipedia
10LICENSE= gnu-gpl-v2 10LICENSE= gnu-gpl-v2
11 11
12DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.5.9:../../graphics/php-gd 12DEPENDS+= ${PHP_PKG_PREFIX}-gd>=5.5.9:../../graphics/php-gd
13DEPENDS+= ${PHP_PKG_PREFIX}-intl>=5.5.9:../../textproc/php-intl 13DEPENDS+= ${PHP_PKG_PREFIX}-intl>=5.5.9:../../textproc/php-intl
14DEPENDS+= ${PHP_PKG_PREFIX}-json>=5.5.9:../../textproc/php-json 14DEPENDS+= ${PHP_PKG_PREFIX}-json>=5.5.9:../../textproc/php-json
15DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.5.9:../../converters/php-mbstring 15DEPENDS+= ${PHP_PKG_PREFIX}-mbstring>=5.5.9:../../converters/php-mbstring
16 16
17EGDIR= share/examples/mediawiki 17EGDIR= share/examples/mediawiki
18MEDIAWIKI= ${PREFIX}/share/mediawiki 18MEDIAWIKI= ${PREFIX}/share/mediawiki
19INSTALLATION_DIRS= ${EGDIR} share/mediawiki 19INSTALLATION_DIRS= ${EGDIR} share/mediawiki
20 20
21.include "../../mk/bsd.prefs.mk" 21.include "../../mk/bsd.prefs.mk"
22.include "options.mk" 22.include "options.mk"
23 23
24VER= 1.29 24VER= 1.29
25PVER= 1 25PVER= 2
26 26
27APACHE_USER?= www 27APACHE_USER?= www
28APACHE_GROUP?= www 28APACHE_GROUP?= www
29BUILD_DEFS+= APACHE_USER APACHE_GROUP 29BUILD_DEFS+= APACHE_USER APACHE_GROUP
30 30
31PKG_SYSCONFSUBDIR?= httpd 31PKG_SYSCONFSUBDIR?= httpd
32MESSAGE_SUBST+= PKG_SYSCONFDIR=${PKG_SYSCONFDIR} 32MESSAGE_SUBST+= PKG_SYSCONFDIR=${PKG_SYSCONFDIR}
33 33
34CONF_FILES= ${PREFIX}/${EGDIR}/mediawiki.conf \ 34CONF_FILES= ${PREFIX}/${EGDIR}/mediawiki.conf \
35 ${PKG_SYSCONFDIR}/mediawiki.conf 35 ${PKG_SYSCONFDIR}/mediawiki.conf
36 36
37NO_CONFIGURE= YES 37NO_CONFIGURE= YES
38NO_BUILD= YES 38NO_BUILD= YES
cvs diff -r1.34 -r1.35 pkgsrc/www/mediawiki/PLIST (expand / switch to unified diff)

--- pkgsrc/www/mediawiki/PLIST 2017/08/24 14:02:39 1.34
+++ pkgsrc/www/mediawiki/PLIST 2017/11/19 08:36:57 1.35
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.34 2017/08/24 14:02:39 wen Exp $ 1@comment $NetBSD: PLIST,v 1.35 2017/11/19 08:36:57 wen Exp $
2share/examples/mediawiki/mediawiki.conf 2share/examples/mediawiki/mediawiki.conf
3share/mediawiki/.eslintrc.json 3share/mediawiki/.eslintrc.json
4share/mediawiki/.stylelintrc 4share/mediawiki/.stylelintrc
5share/mediawiki/COPYING 5share/mediawiki/COPYING
6share/mediawiki/CREDITS 6share/mediawiki/CREDITS
7share/mediawiki/FAQ 7share/mediawiki/FAQ
8share/mediawiki/Gemfile.lock 8share/mediawiki/Gemfile.lock
9share/mediawiki/Gruntfile.js 9share/mediawiki/Gruntfile.js
10share/mediawiki/HISTORY 10share/mediawiki/HISTORY
11share/mediawiki/INSTALL 11share/mediawiki/INSTALL
12share/mediawiki/README 12share/mediawiki/README
13share/mediawiki/RELEASE-NOTES-1.29 13share/mediawiki/RELEASE-NOTES-1.29
14share/mediawiki/Rakefile 14share/mediawiki/Rakefile
@@ -3300,26 +3300,27 @@ share/mediawiki/extensions/SpamBlacklist @@ -3300,26 +3300,27 @@ share/mediawiki/extensions/SpamBlacklist
3300share/mediawiki/extensions/SpamBlacklist/i18n/vec.json 3300share/mediawiki/extensions/SpamBlacklist/i18n/vec.json
3301share/mediawiki/extensions/SpamBlacklist/i18n/vi.json 3301share/mediawiki/extensions/SpamBlacklist/i18n/vi.json
3302share/mediawiki/extensions/SpamBlacklist/i18n/wuu.json 3302share/mediawiki/extensions/SpamBlacklist/i18n/wuu.json
3303share/mediawiki/extensions/SpamBlacklist/i18n/yue.json 3303share/mediawiki/extensions/SpamBlacklist/i18n/yue.json
3304share/mediawiki/extensions/SpamBlacklist/i18n/zh-hans.json 3304share/mediawiki/extensions/SpamBlacklist/i18n/zh-hans.json
3305share/mediawiki/extensions/SpamBlacklist/i18n/zh-hant.json 3305share/mediawiki/extensions/SpamBlacklist/i18n/zh-hant.json
3306share/mediawiki/extensions/SpamBlacklist/maintenance/cleanup.php 3306share/mediawiki/extensions/SpamBlacklist/maintenance/cleanup.php
3307share/mediawiki/extensions/SyntaxHighlight_GeSHi/.eslintrc.json 3307share/mediawiki/extensions/SyntaxHighlight_GeSHi/.eslintrc.json
3308share/mediawiki/extensions/SyntaxHighlight_GeSHi/.stylelintrc 3308share/mediawiki/extensions/SyntaxHighlight_GeSHi/.stylelintrc
3309share/mediawiki/extensions/SyntaxHighlight_GeSHi/COPYING 3309share/mediawiki/extensions/SyntaxHighlight_GeSHi/COPYING
3310share/mediawiki/extensions/SyntaxHighlight_GeSHi/Gruntfile.js 3310share/mediawiki/extensions/SyntaxHighlight_GeSHi/Gruntfile.js
3311share/mediawiki/extensions/SyntaxHighlight_GeSHi/README 3311share/mediawiki/extensions/SyntaxHighlight_GeSHi/README
3312share/mediawiki/extensions/SyntaxHighlight_GeSHi/ResourceLoaderGeSHiVisualEditorModule.php 3312share/mediawiki/extensions/SyntaxHighlight_GeSHi/ResourceLoaderGeSHiVisualEditorModule.php
 3313share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.GeSHi.php
3313share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.ace.php 3314share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.ace.php
3314share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php 3315share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
3315share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.compat.php 3316share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.compat.php
3316share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.lexers.php 3317share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.lexers.php
3317share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.php 3318share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.php
3318share/mediawiki/extensions/SyntaxHighlight_GeSHi/composer.json 3319share/mediawiki/extensions/SyntaxHighlight_GeSHi/composer.json
3319share/mediawiki/extensions/SyntaxHighlight_GeSHi/extension.json 3320share/mediawiki/extensions/SyntaxHighlight_GeSHi/extension.json
3320share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ady-cyrl.json 3321share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ady-cyrl.json
3321share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/af.json 3322share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/af.json
3322share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/an.json 3323share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/an.json
3323share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ar.json 3324share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ar.json
3324share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/arz.json 3325share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/arz.json
3325share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ast.json 3326share/mediawiki/extensions/SyntaxHighlight_GeSHi/i18n/ast.json
@@ -4364,26 +4365,27 @@ share/mediawiki/includes/collation/Numer @@ -4364,26 +4365,27 @@ share/mediawiki/includes/collation/Numer
4364share/mediawiki/includes/collation/UppercaseCollation.php 4365share/mediawiki/includes/collation/UppercaseCollation.php
4365share/mediawiki/includes/compat/CdbCompat.php 4366share/mediawiki/includes/compat/CdbCompat.php
4366share/mediawiki/includes/compat/IPSetCompat.php 4367share/mediawiki/includes/compat/IPSetCompat.php
4367share/mediawiki/includes/compat/MemcachedClientCompat.php 4368share/mediawiki/includes/compat/MemcachedClientCompat.php
4368share/mediawiki/includes/compat/RunningStatCompat.php 4369share/mediawiki/includes/compat/RunningStatCompat.php
4369share/mediawiki/includes/compat/ScopedCallback.php 4370share/mediawiki/includes/compat/ScopedCallback.php
4370share/mediawiki/includes/compat/Timestamp.php 4371share/mediawiki/includes/compat/Timestamp.php
4371share/mediawiki/includes/compat/normal/UtfNormal.php 4372share/mediawiki/includes/compat/normal/UtfNormal.php
4372share/mediawiki/includes/compat/normal/UtfNormalDefines.php 4373share/mediawiki/includes/compat/normal/UtfNormalDefines.php
4373share/mediawiki/includes/compat/normal/UtfNormalUtil.php 4374share/mediawiki/includes/compat/normal/UtfNormalUtil.php
4374share/mediawiki/includes/composer/ComposerHookHandler.php 4375share/mediawiki/includes/composer/ComposerHookHandler.php
4375share/mediawiki/includes/composer/ComposerPackageModifier.php 4376share/mediawiki/includes/composer/ComposerPackageModifier.php
4376share/mediawiki/includes/composer/ComposerVersionNormalizer.php 4377share/mediawiki/includes/composer/ComposerVersionNormalizer.php
 4378share/mediawiki/includes/composer/ComposerVendorHtaccessCreator.php
4377share/mediawiki/includes/config/Config.php 4379share/mediawiki/includes/config/Config.php
4378share/mediawiki/includes/config/ConfigException.php 4380share/mediawiki/includes/config/ConfigException.php
4379share/mediawiki/includes/config/ConfigFactory.php 4381share/mediawiki/includes/config/ConfigFactory.php
4380share/mediawiki/includes/config/EtcdConfig.php 4382share/mediawiki/includes/config/EtcdConfig.php
4381share/mediawiki/includes/config/GlobalVarConfig.php 4383share/mediawiki/includes/config/GlobalVarConfig.php
4382share/mediawiki/includes/config/HashConfig.php 4384share/mediawiki/includes/config/HashConfig.php
4383share/mediawiki/includes/config/MultiConfig.php 4385share/mediawiki/includes/config/MultiConfig.php
4384share/mediawiki/includes/config/MutableConfig.php 4386share/mediawiki/includes/config/MutableConfig.php
4385share/mediawiki/includes/content/AbstractContent.php 4387share/mediawiki/includes/content/AbstractContent.php
4386share/mediawiki/includes/content/CodeContentHandler.php 4388share/mediawiki/includes/content/CodeContentHandler.php
4387share/mediawiki/includes/content/Content.php 4389share/mediawiki/includes/content/Content.php
4388share/mediawiki/includes/content/ContentHandler.php 4390share/mediawiki/includes/content/ContentHandler.php
4389share/mediawiki/includes/content/CssContent.php 4391share/mediawiki/includes/content/CssContent.php
@@ -11989,26 +11991,27 @@ share/mediawiki/tests/selenium/README.md @@ -11989,26 +11991,27 @@ share/mediawiki/tests/selenium/README.md
11989share/mediawiki/tests/selenium/pageobjects/createaccount.page.js 11991share/mediawiki/tests/selenium/pageobjects/createaccount.page.js
11990share/mediawiki/tests/selenium/pageobjects/edit.page.js 11992share/mediawiki/tests/selenium/pageobjects/edit.page.js
11991share/mediawiki/tests/selenium/pageobjects/history.page.js 11993share/mediawiki/tests/selenium/pageobjects/history.page.js
11992share/mediawiki/tests/selenium/pageobjects/page.js 11994share/mediawiki/tests/selenium/pageobjects/page.js
11993share/mediawiki/tests/selenium/pageobjects/preferences.page.js 11995share/mediawiki/tests/selenium/pageobjects/preferences.page.js
11994share/mediawiki/tests/selenium/pageobjects/userlogin.page.js 11996share/mediawiki/tests/selenium/pageobjects/userlogin.page.js
11995share/mediawiki/tests/selenium/pageobjects/userlogout.page.js 11997share/mediawiki/tests/selenium/pageobjects/userlogout.page.js
11996share/mediawiki/tests/selenium/specs/page.js 11998share/mediawiki/tests/selenium/specs/page.js
11997share/mediawiki/tests/selenium/specs/user.js 11999share/mediawiki/tests/selenium/specs/user.js
11998share/mediawiki/tests/selenium/wdio.conf.jenkins.js 12000share/mediawiki/tests/selenium/wdio.conf.jenkins.js
11999share/mediawiki/tests/selenium/wdio.conf.js 12001share/mediawiki/tests/selenium/wdio.conf.js
12000share/mediawiki/thumb.php 12002share/mediawiki/thumb.php
12001share/mediawiki/thumb_handler.php 12003share/mediawiki/thumb_handler.php
 12004share/mediawiki/vendor/.htaccess
12002share/mediawiki/vendor/README.md 12005share/mediawiki/vendor/README.md
12003share/mediawiki/vendor/autoload.php 12006share/mediawiki/vendor/autoload.php
12004share/mediawiki/vendor/composer.json 12007share/mediawiki/vendor/composer.json
12005share/mediawiki/vendor/composer.lock 12008share/mediawiki/vendor/composer.lock
12006share/mediawiki/vendor/composer/ClassLoader.php 12009share/mediawiki/vendor/composer/ClassLoader.php
12007share/mediawiki/vendor/composer/LICENSE 12010share/mediawiki/vendor/composer/LICENSE
12008share/mediawiki/vendor/composer/autoload_classmap.php 12011share/mediawiki/vendor/composer/autoload_classmap.php
12009share/mediawiki/vendor/composer/autoload_files.php 12012share/mediawiki/vendor/composer/autoload_files.php
12010share/mediawiki/vendor/composer/autoload_namespaces.php 12013share/mediawiki/vendor/composer/autoload_namespaces.php
12011share/mediawiki/vendor/composer/autoload_psr4.php 12014share/mediawiki/vendor/composer/autoload_psr4.php
12012share/mediawiki/vendor/composer/autoload_real.php 12015share/mediawiki/vendor/composer/autoload_real.php
12013share/mediawiki/vendor/composer/autoload_static.php 12016share/mediawiki/vendor/composer/autoload_static.php
12014share/mediawiki/vendor/composer/include_paths.php 12017share/mediawiki/vendor/composer/include_paths.php
cvs diff -r1.52 -r1.53 pkgsrc/www/mediawiki/distinfo (expand / switch to unified diff)

--- pkgsrc/www/mediawiki/distinfo 2017/08/24 14:02:39 1.52
+++ pkgsrc/www/mediawiki/distinfo 2017/11/19 08:36:57 1.53
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.52 2017/08/24 14:02:39 wen Exp $ 1$NetBSD: distinfo,v 1.53 2017/11/19 08:36:57 wen Exp $
2 2
3SHA1 (mediawiki-1.29.1.tar.gz) = 4ceacc2b5f883f37ed696fbe5413d547652acdc4 3SHA1 (mediawiki-1.29.2.tar.gz) = e1993abcad2cc919b737e23c11bfd37847d00b6c
4RMD160 (mediawiki-1.29.1.tar.gz) = 8fa5dcc2481232abfbf0b3d6c43a28c8694d684a 4RMD160 (mediawiki-1.29.2.tar.gz) = b7856ff1e40f90bf18dce6b259a7ff61296bdeaa
5SHA512 (mediawiki-1.29.1.tar.gz) = c4e04c4fb665c3d8299f3e03e608904aaf0e06381240c7259813eb670c3e32cde919353dd19993250cf49be81d604ac5f6d468bc563116a4b268e5011d34119f 5SHA512 (mediawiki-1.29.2.tar.gz) = 53c6ca82280938d1e3281aa296f44c86dcfbbdf82710b7de578e73e1ef3150db145e059c8c8208859bc437f7a7f7a13eed896be9d44fd364a0ee6d78893fbe86
6Size (mediawiki-1.29.1.tar.gz) = 39734499 bytes 6Size (mediawiki-1.29.2.tar.gz) = 40146157 bytes