Revisions of mediawiki
Johannes Weberhofer (weberho)
accepted
request 856050
from
Johannes Weberhofer (weberho)
(revision 75)
- New cronjob must run as root
Johannes Weberhofer (weberho)
accepted
request 855808
from
Arjen de Korte (adkorte)
(revision 74)
- Extract main version from version
Johannes Weberhofer (weberho)
accepted
request 855777
from
Johannes Weberhofer (weberho)
(revision 73)
- Updated to version 1.35.0 Changelogs: * https://www.mediawiki.org/wiki/Release_notes/1.35 * https://www.mediawiki.org/wiki/Release_notes/1.34 - The minimum PHP Version is mow 7.3.19 - Replaced mediawiki-1.33-use-localsettings-from-webroot.patch by updated Created mediawiki-1.35-use-localsettings-from-webroot.patch - merged, improved and refactored script files - resolves bnc#1179340 - Put Apache configuration in separate subpackage - Don't Require: mod_php_any as this creates a hard dependency on apache2-prefork (use php-session instead) - Use system apache rpm macros
Dirk Stoecker (dstoecker)
accepted
request 818972
from
Johannes Weberhofer (weberho)
(revision 72)
- Updated to version 1.33.4 Security and maintenance release: * (T247017) PasswordReset performance improvements. * The MultiHttpClient code will fallover to non-curl if curl_multi* is blocked. * (T250568) Work around change in SimpleXMLElement behavior introduced in PHP 7.3.17. * Remove some rotten and out of date documentation. * (T252311) Improvements to some older SQLite update patches. * (T240307) Minor fixes to extension.schema.v2.json and extension.schema.v1.json. * rdbms: Add callback for atomic section cancellation. * (T191668) NameTableStoreTest::getCallCheckingDb simplification. * Make NameTableStore use LoadBalancer::getConnectionRef(). * (T224949) NameTableStore: ensure consistency upon rollback. * (T199474) Set rc_patrolled to 2 for autopatrolled changes in rebuildrecentchanges.php. * (T229461) Update the change_tag table in rebuildrecentchanges.php. * (T234450) Per-user concurrency in SpecialContributions can now be limited by setting $wgPoolCounterConf['SpecialContributions'] appropriately. * (T248947) SECURITY: img_auth.php may leak private extension images into the public cache.
Johannes Weberhofer (weberho)
committed
(revision 71)
Johannes Weberhofer (weberho)
committed
(revision 70)
Johannes Weberhofer (weberho)
committed
(revision 69)
Fixed locations and script names
Johannes Weberhofer (weberho)
accepted
request 789455
from
Johannes Weberhofer (weberho)
(revision 68)
- Updated to version 1.33.3 Security fixes: * (T232932) User content can redirect the logout button to different URL. * (T246602) jquery.makeCollapsible allows applying event handler to any CSS selector.
Johannes Weberhofer (weberho)
accepted
request 782918
from
Johannes Weberhofer (weberho)
(revision 67)
- Updated to version 1.33.2 - BREAKING CHANGES: Read /usr/share/doc/packages/mediawiki/README.DISTRIBUTION
Lars Vogdt (lrupp)
accepted
request 774502
from
Carsten Ziepke (Kieltux)
(revision 66)
- Updated mediawiki-1.31-use-localsettings-from-web-path.patch. Fix for "PHP Warning: Use of undefined constant MW_CONFIG_FILE". - Updated spec file: Copyright (c) 2020 SUSE LLC
Lars Vogdt (lrupp)
accepted
request 758698
from
Eric Schirra (ecsos)
(revision 65)
Update to LTS version 1.31.6
Johannes Weberhofer (weberho)
accepted
request 738099
from
Eric Schirra (ecsos)
(revision 64)
Security update to 1.31.4
Johannes Weberhofer (weberho)
accepted
request 719990
from
Eric Schirra (ecsos)
(revision 63)
Update to 1.31.3
Johannes Weberhofer (weberho)
accepted
request 652604
from
Johannes Weberhofer (weberho)
(revision 62)
- mediawiki-1.31-use-localsettings-from-web-path.patch fixes the handling of locations in our directories - cleaned up spec - cleaned up admin scripts
Lars Vogdt (lrupp)
accepted
request 646736
from
Eric Schirra (ecsos)
(revision 61)
- Update to version 1.31.1 This is a security and maintenance release of the MediaWiki 1.31 branch. Changes since MediaWiki 1.31.0 - (task T169545, CVE-2018-0503) SECURITY: $wgRateLimits entry for 'user' overrides 'newbie'. - (task T194605, CVE-2018-0505) SECURITY: BotPasswords can bypass CentralAuth's account lock. - (task T199029, CVE-2018-13258) SECURITY: Tarball was missing .htaccess files. - (task T197229) Bundle Nuke extension, it was accidentally omitted. - (task T193995) Fix undefined patchPath() method call in parser tests. - (task T198687) Fix various selectFields methods to use the string 'NULL', not null. - Special:BotPasswords now requires reauthentication. - (task T191608, (task T187638) Add 'logid' parameter to Special:Log. - (task T193829) Indicate when a Bot Password needs reset. - (task T198037) GitInfo: Don't try shelling out if it's disabled. - (task T151415) Log email changes. - (task T197206) Fix performance regression when multiple DB used without caching. - (task T197030) PHPSessionHandler: Suppress headers warnings in initialize(). - (task T182377, task T196793) Exif: Guard against uncountable tag values. - (task T200861) Fix total breakage of SQLite web upgrade. - (task T200864) Fix pingback over-reporting on non-MySQL databases - (task T202550) Unbreak SpecialListusersHeaderForm and SpecialListusersHeader hooks. - rebase makealias.sh for apache >= 2.4 and new .htaccess - Update to version 1.31.0 - requires PHP 7.0.0 or later. Although HHVM 3.18.5 or later is supported See changelog at https://www.mediawiki.org/wiki/MediaWiki_1.31 (There are too many changes to list here)
Johannes Weberhofer (weberho)
accepted
request 612716
from
Johannes Weberhofer (weberho)
(revision 60)
- Clean-up spec file - Do no longer require php-ssl - Removed sections for suse < 10.x - Updated dependencies - Update to version 1.30.0 See changelog at https://www.mediawiki.org/wiki/MediaWiki_1.30 Configuration changes: * The "C.UTF-8" locale should be used for $wgShellLocale, if available, to avoid unexpected behavior when code uses locale-sensitive string comparisons. For example, the Scribunto extension considers "bar" < "Foo" in most locales since it ignores case. * $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See documentation of $wgShellLocale for details. * $wgShellLocale is now applied for all requests. wfInitShellLocale() is deprecated and a no-op, as it is no longer needed. * $wgJobClasses may now specify callback functions as an alternative to plain class names. This is intended for extensions that want control over the instantiation of their jobs, to allow for proper dependency injection. * $wgResourceModules may now specify callback functions as an alternative to plain class names, using the 'factory' key in the module description array. This allows dependency injection to be used for ResourceLoader modules. * $wgExceptionHooks has been removed. * (T45547) $wgUsePigLatinVariant added (off by default). * $wgRangeContributionsCIDRLimit was introduced to control the size of IP ranges that can be queried at Special:Contributions. New Features: * (T163562) Added the ability to search for contributions within an IP range at Special:Contributions. References to revisions made by IPs are stored in the ip_changes table to make querying for ranges more efficient. * (T37247) Output from Parser::parse() will now be wrapped in a <div> with class="mw-parser-output" by default. This may be changed or disabled using ParserOptions::setWrapOutputClass(). * Added the 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- specific tags to be added by users. * Added the 'ParserOptionsRegister' hook to allow extensions to register additional parser options. * (T45547) Included Pig Latin, a language game in English, as a LanguageConverter variant. This allows English-speaking developers to develop and test LanguageConverter more easily. Pig Latin can be enabled by setting $wgUsePigLatinVariant to true. * Added the 'RecentChangesPurgeRows' hook to allow extensions to purge data that depends on the recentchanges table. * Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages. Action API changes: * (T37247) action=parse output will be wrapped in a <div> with class="mw-parser-output" by default. This may be changed or disabled using the new 'wrapoutputclass' parameter. * When errorformat is not 'bc', abort reasons from action=login will be formatted as specified by the error formatter parameters. * action=compare can now handle arbitrary text, deleted revisions, and returning users and edit comments. * (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', 'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' parameters to prop=revisions are deprecated, as are the similarly named parameters to prop=deletedrevisions, list=allrevisions, and list=alldeletedrevisions. Use action=compare, action=parse, or action=expandtemplates instead. And sereral other changes
Johannes Weberhofer (weberho)
accepted
request 544278
from
Eric Schirra (ecsos)
(revision 59)
- Update to version 1.29.2 This is a security and maintenance release of the MediaWiki 1.29 branch. Changes since 1.29.1 * (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting. * (T175439) Unbreak Postgres Updater when setting defaults for a column. * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager. * Fixed login button label to accept RawMessage. * Fixed case of SpecialRecentChanges class usage. * (T174255) Declare uploadCount property in importDump.php. * (T163646) Pass a string not an int to mysql_real_escape_string(). * (T180143) Bump justinrainbow/json-schema development dependency to ~5.2. * Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36. * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping. (CVE-2017-8808) * (T165846) SECURITY: BotPassword login attempts weren't throttled. * (T128209) SECURITY: Reflected File Download from api.php. (CVE-2017-8809) * (T134100) SECURITY: Do not reveal if user exists during login failure. (CVE-2017-8810) * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS. (CVE-2017-8811) * (T125163) SECURITY: Make anchor for headlines escape > and <. (CVE-2017-8812) * (T180237) SECURITY: Protect vendor folder with .htaccess. * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php. * (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit. (CVE-2017-8814) * (T119158) SECURITY: Handle -{}- syntax in attributes safely. (CVE-2017-8815) * (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all branches in the previous security release. (CVE-2017-0361)
Johannes Weberhofer (weberho)
accepted
request 537012
from
Johannes Weberhofer (weberho)
(revision 58)
- Require php-openssl instead of php-mcrypt - Update to version 1.29.1. Changelog: https://www.mediawiki.org/wiki/MediaWiki_1.29
Johannes Weberhofer (weberho)
accepted
request 494902
from
Eric Schirra (ecsos)
(revision 57)
update to security and maintenance release 1.28.2
Johannes Weberhofer (weberho)
accepted
request 450418
from
Eric Schirra (ecsos)
(revision 56)
update to 1.28.0
Displaying revisions 21 - 40 of 95