[Pkg-mediawiki-commits] r261 - in mediawiki/trunk/debian: . patches
Jonathan Wiltshire
jmw at alioth.debian.org
Tue Jul 26 09:24:28 UTC 2011
Author: jmw
Date: 2011-07-26 09:24:28 +0000 (Tue, 26 Jul 2011)
New Revision: 261
Removed:
mediawiki/trunk/debian/patches/CVE-2011-0003.patch
mediawiki/trunk/debian/patches/CVE-2011-0047.patch
mediawiki/trunk/debian/patches/add_rss_guid.patch
mediawiki/trunk/debian/patches/backup_documentation.patch
mediawiki/trunk/debian/patches/debian_specific_config.patch
mediawiki/trunk/debian/patches/detect_invalid_titles.patch
mediawiki/trunk/debian/patches/fix_datetime.patch
Modified:
mediawiki/trunk/debian/changelog
mediawiki/trunk/debian/patches/mimetypes.patch
mediawiki/trunk/debian/patches/series
mediawiki/trunk/debian/patches/texvc_location.patch
Log:
Begin preparation for MW 1.17.0: Remove patches integrated upstream and refresh what\'s left
Modified: mediawiki/trunk/debian/changelog
===================================================================
--- mediawiki/trunk/debian/changelog 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/changelog 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,3 +1,9 @@
+mediawiki (1:1.17.0-1) UNRELEASED; urgency=low
+
+ * Remove patches integrated upstream in this version
+
+ -- Jonathan Wiltshire <jmw at debian.org> Sun, 24 Jul 2011 14:43:22 +0100
+
mediawiki (1:1.15.5-4) UNRELEASED; urgency=low
[ Thorsten Glaser ]
Deleted: mediawiki/trunk/debian/patches/CVE-2011-0003.patch
===================================================================
--- mediawiki/trunk/debian/patches/CVE-2011-0003.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/CVE-2011-0003.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,28 +0,0 @@
-Description: prevent ClickJacking by breaking out of iframes
-Origin: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/79566
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
-Author: Tim Starling
-Last-Update: 2011-01-04
-
---- mediawiki-1.15.5.orig/config/index.php
-+++ mediawiki-1.15.5/config/index.php
-@@ -21,6 +21,7 @@
-
- error_reporting( E_ALL );
- header( "Content-type: text/html; charset=utf-8" );
-+header( 'X-Frame-Options: DENY' );
- @ini_set( "display_errors", true );
-
- # In case of errors, let output be clean.
---- mediawiki-1.15.5.orig/includes/OutputPage.php
-+++ mediawiki-1.15.5/includes/OutputPage.php
-@@ -957,6 +957,9 @@
- $wgRequest->response()->header( "Content-type: $wgMimeType; charset={$wgOutputEncoding}" );
- $wgRequest->response()->header( 'Content-language: '.$wgContLanguageCode );
-
-+ # To prevent clickjacking, do not allow this page to be inside a frame.
-+ $wgRequest->response()->header( 'X-Frame-Options: DENY' );
-+
- if ($this->mArticleBodyOnly) {
- $this->out($this->mBodytext);
- } else {
Deleted: mediawiki/trunk/debian/patches/CVE-2011-0047.patch
===================================================================
--- mediawiki/trunk/debian/patches/CVE-2011-0047.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/CVE-2011-0047.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,58 +0,0 @@
-Description: prevent CSS injection vulnerability
-Origin: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/81333
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
-Author: Tim Starling, Roan
-Last-Update: 2011-02-06
-
---- mediawiki-1.15.5.orig/RELEASE-NOTES
-+++ mediawiki-1.15.5/RELEASE-NOTES
-@@ -3,6 +3,9 @@
- Security reminder: MediaWiki does not require PHP's register_globals
- setting since version 1.2.0. If you have it on, turn it *off* if you can.
-
-+== Changes since 1.15.5 ==
-+* (bug 27093, CVE-2011-0047): Fixed CSS injection vulnerability.
-+
- == MediaWiki 1.15.5 ==
-
- 2010-07-28
---- mediawiki-1.15.5.orig/includes/Sanitizer.php
-+++ mediawiki-1.15.5/includes/Sanitizer.php
-@@ -659,6 +659,13 @@
- // Remove any comments; IE gets token splitting wrong
- $value = StringUtils::delimiterReplace( '/*', '*/', ' ', $value );
-
-+ // Remove anything after a comment-start token, to guard against
-+ // incorrect client implementations.
-+ $commentPos = strpos( $value, '/*' );
-+ if ( $commentPos !== false ) {
-+ $value = substr( $value, 0, $commentPos );
-+ }
-+
- // Decode escape sequences and line continuation
- // See the grammar in the CSS 2 spec, appendix D.
- static $decodeRegex, $reencodeTable;
---- mediawiki-1.15.5.orig/includes/StringUtils.php
-+++ mediawiki-1.15.5/includes/StringUtils.php
-@@ -77,16 +77,20 @@
- }
-
- if ( $tokenType == 'start' ) {
-- $inputPos = $tokenOffset + $tokenLength;
- # Only move the start position if we haven't already found a start
- # This means that START START END matches outer pair
- if ( !$foundStart ) {
- # Found start
-+ $inputPos = $tokenOffset + $tokenLength;
- # Write out the non-matching section
- $output .= substr( $subject, $outputPos, $tokenOffset - $outputPos );
- $outputPos = $tokenOffset;
- $contentPos = $inputPos;
- $foundStart = true;
-+ } else {
-+ # Move the input position past the *first character* of START,
-+ # to protect against missing END when it overlaps with START
-+ $inputPos = $tokenOffset + 1;
- }
- } elseif ( $tokenType == 'end' ) {
- if ( $foundStart ) {
Deleted: mediawiki/trunk/debian/patches/add_rss_guid.patch
===================================================================
--- mediawiki/trunk/debian/patches/add_rss_guid.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/add_rss_guid.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,77 +0,0 @@
-Index: mediawiki-1.15.2/includes/Feed.php
-===================================================================
---- mediawiki-1.15.2.orig/includes/Feed.php 2008-11-18 18:11:14.000000000 -0600
-+++ mediawiki-1.15.2/includes/Feed.php 2010-03-15 12:16:49.000000000 -0500
-@@ -37,6 +37,8 @@
- var $Url = '';
- var $Date = '';
- var $Author = '';
-+ var $UniqueId = '';
-+ var $RSSIsPermalink;
- /**#@-*/
-
- /**#@+
-@@ -47,6 +49,8 @@
- $this->Title = $Title;
- $this->Description = $Description;
- $this->Url = $Url;
-+ $this->UniqueId = $Url;
-+ $this->RSSIsPermalink = false;
- $this->Date = $Date;
- $this->Author = $Author;
- $this->Comments = $Comments;
-@@ -58,6 +62,28 @@
- return htmlspecialchars( $string );
- }
-
-+ /**
-+ * Get the unique id of this item
-+ *
-+ * @return String
-+ */
-+ public function getUniqueId() {
-+ if ( $this->UniqueId ) {
-+ return $this->xmlEncode( $this->UniqueId );
-+ }
-+ }
-+
-+ /**
-+ * set the unique id of an item
-+ *
-+ * @param $uniqueId String: unique id for the item
-+ * @param $RSSisPermalink Boolean: set to true if the guid (unique id) is a permalink (RSS feeds only)
-+ */
-+ public function setUniqueId($uniqueId, $RSSisPermalink = False) {
-+ $this->UniqueId = $uniqueId;
-+ $this->RSSIsPermalink = $isPermalink;
-+ }
-+
- public function getTitle() {
- return $this->xmlEncode( $this->Title );
- }
-@@ -84,7 +110,7 @@
- public function getComments() {
- return $this->xmlEncode( $this->Comments );
- }
--
-+
- /**
- * Quickie hack... strip out wikilinks to more legible form from the comment.
- */
-@@ -217,6 +243,7 @@
- <item>
- <title><?php print $item->getTitle() ?></title>
- <link><?php print $item->getUrl() ?></link>
-+ <guid<?php if( $item->RSSIsPermalink ) print ' isPermaLink="true"' ?>><?php print $item->getUniqueId() ?></guid>
- <description><?php print $item->getDescription() ?></description>
- <?php if( $item->getDate() ) { ?><pubDate><?php print $this->formatTime( $item->getDate() ) ?></pubDate><?php } ?>
- <?php if( $item->getAuthor() ) { ?><dc:creator><?php print $item->getAuthor() ?></dc:creator><?php }?>
-@@ -297,7 +324,7 @@
- global $wgMimeType;
- ?>
- <entry>
-- <id><?php print $item->getUrl() ?></id>
-+ <id><?php print $item->getUniqueId() ?></id>
- <title><?php print $item->getTitle() ?></title>
- <link rel="alternate" type="<?php print $wgMimeType ?>" href="<?php print $item->getUrl() ?>"/>
- <?php if( $item->getDate() ) { ?>
Deleted: mediawiki/trunk/debian/patches/backup_documentation.patch
===================================================================
--- mediawiki/trunk/debian/patches/backup_documentation.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/backup_documentation.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,33 +0,0 @@
-Description: expand the inline documentation of maintenance/dumpBackup.php
-Author: Jonathan Wiltshire <debian at jwiltshire.org.uk>
-Bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=24132
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572355
-Last-Update: 2010-06-26
---- mediawiki-1.15.4.orig/maintenance/commandLine.inc
-+++ mediawiki-1.15.4/maintenance/commandLine.inc
-@@ -188,7 +188,8 @@
-
- if ( ! is_readable( $settingsFile ) ) {
- print "A copy of your installation's LocalSettings.php\n" .
-- "must exist and be readable in the source directory.\n";
-+ "must exist and be readable in the source directory.\n" .
-+ "Use --conf to specify it.\n";
- exit( 1 );
- }
- $wgCommandLineMode = true;
---- mediawiki-1.15.4.orig/maintenance/dumpBackup.php
-+++ mediawiki-1.15.4/maintenance/dumpBackup.php
-@@ -91,6 +91,13 @@
- --skip-footer Don't output the </mediawiki> footer
- --stub Don't perform old_text lookups; for 2-pass dump
- --uploads Include upload records (experimental)
-+ --conf Use the specified configuration file (LocalSettings.php)
-+ --aconf Use the specified admin configuration file (AdminSettings.php)
-+
-+ --pagelist=<file>
-+ Find in the specified <file> a list of pages to be backed up
-+
-+ --wiki=<wiki> Only back up the specified <wiki>
-
- Fancy stuff:
- --plugin=<class>[:<file>] Load a dump plugin class
Deleted: mediawiki/trunk/debian/patches/debian_specific_config.patch
===================================================================
--- mediawiki/trunk/debian/patches/debian_specific_config.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/debian_specific_config.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,71 +0,0 @@
---- mediawiki-1.15.4.orig/config/index.php
-+++ mediawiki-1.15.4/config/index.php
-@@ -28,7 +28,6 @@
-
- # Attempt to set up the include path, to fix problems with relative includes
- $IP = dirname( dirname( __FILE__ ) );
--define( 'MW_INSTALL_PATH', $IP );
-
- # Define an entry point and include some files
- define( "MEDIAWIKI", true );
-@@ -232,7 +231,7 @@
- if( !is_writable( "." ) ) {
- dieout( "<h2>Can't write config file, aborting</h2>
-
-- <p>In order to configure the wiki you have to make the <tt>config</tt> subdirectory
-+ <p>In order to configure the wiki you have to make the <tt>/var/lib/mediawiki/config</tt> subdirectory
- writable by the web server. Once configuration is done you'll move the created
- <tt>LocalSettings.php</tt> to the parent directory, and for added safety you can
- then remove the <tt>config</tt> subdirectory entirely.</p>
-@@ -1602,16 +1601,7 @@
- <div class="success-box">
- <p>Installation successful!</p>
- <p>To complete the installation, please do the following:
--<ol>
-- <li>Download config/LocalSettings.php with your FTP client or file manager</li>
-- <li>Upload it to the parent directory</li>
-- <li>Delete config/LocalSettings.php</li>
-- <li>Start using <a href='../$script'>your wiki</a>!
--</ol>
--<p>If you are in a shared hosting environment, do <strong>not</strong> just move LocalSettings.php
--remotely. LocalSettings.php is currently owned by the user your webserver is running under,
--which means that anyone on the same server can read your database password! Downloading
--it and uploading it again will hopefully change the ownership to a user ID specific to you.</p>
-+<p>Move <tt>/var/lib/mediawiki/config/LocalSettings.php</tt> to <tt>/etc/mediawiki/LocalSettings.php</tt> for normal install, root of your install for multisite, with rights 640</p>
- </div>
- EOT;
- } else {
-@@ -1619,7 +1609,7 @@
- <div class="success-box">
- <p>
- <span class="success-message">Installation successful!</span>
--Move the <tt>config/LocalSettings.php</tt> file to the parent directory, then follow
-+Move <tt>/var/lib/mediawiki/config/LocalSettings.php</tt> to /etc/mediawiki, then follow
- <a href="../$script"> this link</a> to your wiki.</p>
- <p>You should change file permissions for <tt>LocalSettings.php</tt> as required to
- prevent other users on the server reading passwords and altering configuration data.</p>
-@@ -1773,6 +1763,12 @@
-
- # If you customize your file layout, set \$IP to the directory that contains
- # the other MediaWiki files. It will be used as a base to locate files.
-+
-+# We define this to allow the configuration file to be explicitly
-+# located in /etc/mediawiki.
-+# Change this if you are setting up multisite wikis on your server.
-+define('MW_INSTALL_PATH','/var/lib/mediawiki');
-+
- if( defined( 'MW_INSTALL_PATH' ) ) {
- \$IP = MW_INSTALL_PATH;
- } else {
-@@ -1872,6 +1868,11 @@
-
- \$wgDiff3 = \"{$slconf['diff3']}\";
-
-+# debian specific include:
-+if (is_file(\"/etc/mediawiki-extensions/extensions.php\")) {
-+ include( \"/etc/mediawiki-extensions/extensions.php\" );
-+}
-+
- # When you make changes to this configuration file, this will make
- # sure that cached pages are cleared.
- \$wgCacheEpoch = max( \$wgCacheEpoch, gmdate( 'YmdHis', @filemtime( __FILE__ ) ) );
Deleted: mediawiki/trunk/debian/patches/detect_invalid_titles.patch
===================================================================
--- mediawiki/trunk/debian/patches/detect_invalid_titles.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/detect_invalid_titles.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,14 +0,0 @@
-Index: mediawiki-1.15.2/includes/specials/SpecialMostlinked.php
-===================================================================
---- mediawiki-1.15.2.orig/includes/specials/SpecialMostlinked.php 2008-07-17 20:31:18.000000000 -0500
-+++ mediawiki-1.15.2/includes/specials/SpecialMostlinked.php 2010-03-15 12:02:51.000000000 -0500
-@@ -75,6 +75,9 @@
- function formatResult( $skin, $result ) {
- global $wgLang;
- $title = Title::makeTitleSafe( $result->namespace, $result->title );
-+ if ( !$title ) {
-+ return '<!-- ' . htmlspecialchars( "Invalid title: [[$title]]" ) . ' -->';
-+ }
- $link = $skin->makeLinkObj( $title );
- $wlh = $this->makeWlhLink( $title,
- wfMsgExt( 'nlinks', array( 'parsemag', 'escape'),
Deleted: mediawiki/trunk/debian/patches/fix_datetime.patch
===================================================================
--- mediawiki/trunk/debian/patches/fix_datetime.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/fix_datetime.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,30 +0,0 @@
-$Id$
-
- Fix obvious bug in the two methods date() and time() to
- make them match both their documentation and the other
- method timeanddate() and convert the input timestamp
- into the format expected by the sprintfDate() method.
- -- Thorsten Glaser <tg at debian.org>
-
---- mediawiki-1.15.5/languages/Language.php~ 2010-09-07 10:59:22.000000000 +0200
-+++ mediawiki-1.15.5/languages/Language.php 2010-09-07 10:59:24.000000000 +0200
-@@ -1268,6 +1268,9 @@ class Language {
- */
- function date( $ts, $adj = false, $format = true, $timecorrection = false ) {
- $this->load();
-+
-+ $ts = wfTimestamp( TS_MW, $ts );
-+
- if ( $adj ) {
- $ts = $this->userAdjust( $ts, $timecorrection );
- }
-@@ -1291,6 +1294,9 @@ class Language {
- */
- function time( $ts, $adj = false, $format = true, $timecorrection = false ) {
- $this->load();
-+
-+ $ts = wfTimestamp( TS_MW, $ts );
-+
- if ( $adj ) {
- $ts = $this->userAdjust( $ts, $timecorrection );
- }
Modified: mediawiki/trunk/debian/patches/mimetypes.patch
===================================================================
--- mediawiki/trunk/debian/patches/mimetypes.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/mimetypes.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -2,14 +2,15 @@
===================================================================
--- mediawiki-1.15.2.orig/includes/DefaultSettings.php 2010-03-15 12:01:58.000000000 -0500
+++ mediawiki-1.15.2/includes/DefaultSettings.php 2010-03-15 12:01:58.000000000 -0500
-@@ -350,8 +350,8 @@
- $wgVerifyMimeType= true;
+@@ -825,8 +825,8 @@
+ $wgVerifyMimeType = true;
/** Sets the mime type definition file to use by MimeMagic.php. */
--$wgMimeTypeFile= "includes/mime.types";
+-$wgMimeTypeFile = "includes/mime.types";
++#$wgMimeTypeFile= "includes/mime.types";
-#$wgMimeTypeFile= "/etc/mime.types";
-+#$wgMimeTypeFile= "includes/mime.types";
-+$wgMimeTypeFile= "/etc/mime.types";
- #$wgMimeTypeFile= NULL; #use built-in defaults only.
++$wgMimeTypeFile = "/etc/mime.types";
+ #$wgMimeTypeFile= null; #use built-in defaults only.
/** Sets the mime type info file to use by MimeMagic.php. */
+
Modified: mediawiki/trunk/debian/patches/series
===================================================================
--- mediawiki/trunk/debian/patches/series 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/series 2011-07-26 09:24:28 UTC (rev 261)
@@ -1,11 +1,4 @@
texvc_location.patch
mimetypes.patch
-debian_specific_config.patch
-detect_invalid_titles.patch
-add_rss_guid.patch
-backup_documentation.patch
suppress_warnings.patch
-CVE-2011-0003.patch
-fix_datetime.patch
-CVE-2011-0047.patch
fix_invalid_sql.patch
Modified: mediawiki/trunk/debian/patches/texvc_location.patch
===================================================================
--- mediawiki/trunk/debian/patches/texvc_location.patch 2011-07-06 10:22:31 UTC (rev 260)
+++ mediawiki/trunk/debian/patches/texvc_location.patch 2011-07-26 09:24:28 UTC (rev 261)
@@ -2,12 +2,12 @@
===================================================================
--- mediawiki-1.15.2.orig/includes/DefaultSettings.php 2010-03-08 16:52:50.000000000 -0600
+++ mediawiki-1.15.2/includes/DefaultSettings.php 2010-03-15 12:03:01.000000000 -0500
-@@ -1737,7 +1737,7 @@
+@@ -3714,7 +3714,7 @@
*/
$wgUseTeX = false;
/** Location of the texvc binary */
--$wgTexvc = './math/texvc';
+-$wgTexvc = $IP . '/math/texvc';
+$wgTexvc = '/usr/bin/texvc';
-
- #
- # Profiling / debugging
+ /**
+ * Texvc background color
+ * use LaTeX color format as used in \special function
More information about the Pkg-mediawiki-commits
mailing list