CVS commit: pkgsrc/www/mediawiki

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/mediawiki
From: "Wen Heping" <wen%netbsd.org@localhost>
Date: Sun, 18 Oct 2015 03:11:27 +0000

Module Name:    pkgsrc
Committed By:   wen
Date:           Sun Oct 18 03:11:27 UTC 2015

Modified Files:
        pkgsrc/www/mediawiki: Makefile PLIST distinfo

Log Message:
Update to 1.25.3

Upstream changes:
== Security fixes ==

* Wikipedia user RobinHood70 reported two issues in the chunked upload API.
The API failed to correctly stop adding new chunks to the upload when the
reported size was exceeded (T91203), allowing a malicious users to upload add an
infinite number of chunks for a single file upload. Additionally, a
malicious user could upload chunks of 1 byte for very large files, potentially
creating a very large number of files on the server's filesystem (T91205).
<https://phabricator.wikimedia.org/T91203>
<https://phabricator.wikimedia.org/T91205>

* Internal review discovered that it is not possible to throttle file
uploads.
<https://phabricator.wikimedia.org/T91850>

* Internal review discovered a missing authorization check when removing
suppression from a revision. This allowed users with the 'viewsuppressed'
user right but not the appropriate 'suppressrevision' user right to unsuppress
revisions.
<https://phabricator.wikimedia.org/T95589>

* Richard Stanway from teamliquid.net reported that thumbnails of PNG files
generated with ImageMagick contained the local file path in the image
metadata.
<https://phabricator.wikimedia.org/T108616>

== Bug Fixes in 1.25.3 ==

* Fix having multiple callbacks for a single hook.
<https://phabricator.wikimedia.org/T98975>
* maintenance/refreshLinks.php did not always remove all links pointing to
  nonexistent pages.
<https://phabricator.wikimedia.org/T107632>
* $wgEmergencyContact and $wgPasswordSender now use their default value if
set to an empty string.
<https://phabricator.wikimedia.org/T104142>
* Provide fallbacks for use of mb_convert_encoding() in HtmlFormatter. It
was causing an error when accessing the api help page if the mbstring PHP
  extension was not installed.
<https://phabricator.wikimedia.org/T62174>
* Confirmation emails would sometimes contain invalid codes.
<https://phabricator.wikimedia.org/T105896>
* Fixed edit stash inclusion queries.
<https://phabricator.wikimedia.org/T105597>


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.25 -r1.26 pkgsrc/www/mediawiki/PLIST
cvs rdiff -u -r1.40 -r1.41 pkgsrc/www/mediawiki/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/lang/gauche
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang/gauche
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index