CVS commit: pkgsrc/www/mediawiki

["Wen Heping" <wen%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wen
Date:           Sun Nov 19 08:36:57 UTC 2017

Modified Files:
        pkgsrc/www/mediawiki: Makefile PLIST distinfo

Log Message:
Update to 1.29.2

Upstream changes:
MediaWiki 1.29.2

This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1

    (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
    (T175439) Unbreak Postgres Updater when setting defaults for a column.
    (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
    Fixed login button label to accept RawMessage.
    Fixed case of SpecialRecentChanges class usage.
    (T174255) Declare uploadCount property in importDump.php.
    (T163646) Pass a string not an int to mysql_real_escape_string().
    (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
    Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled.
    (T128209) SECURITY: Reflected File Download from api.php.
    (T134100) SECURITY: Do not reveal if user exists during login failure.
    (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
    (T125163) SECURITY: Make anchor for headlines escape > and <.
    (T180237) SECURITY: Protect vendor folder with .htaccess.
    (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
    (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
    (T119158) SECURITY: Handle -{}- syntax in attributes safely.
    (T180488) (T125177) "api.log contains passwords in plaintext" wasn't correctly fixed in all branches in the previous security release.


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/www/mediawiki/PLIST
cvs rdiff -u -r1.52 -r1.53 pkgsrc/www/mediawiki/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/mediawiki/Makefile
diff -u pkgsrc/www/mediawiki/Makefile:1.68 pkgsrc/www/mediawiki/Makefile:1.69
--- pkgsrc/www/mediawiki/Makefile:1.68  Thu Aug 24 14:02:39 2017
+++ pkgsrc/www/mediawiki/Makefile       Sun Nov 19 08:36:57 2017
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.68 2017/08/24 14:02:39 wen Exp $
+# $NetBSD: Makefile,v 1.69 2017/11/19 08:36:57 wen Exp $
 
 DISTNAME=      mediawiki-${VER}.${PVER}
 CATEGORIES=    www
@@ -22,7 +22,7 @@ INSTALLATION_DIRS=    ${EGDIR} share/mediaw
 .include "options.mk"
 
 VER=                   1.29
-PVER=                  1
+PVER=                  2
 
 APACHE_USER?=          www
 APACHE_GROUP?=         www

Index: pkgsrc/www/mediawiki/PLIST
diff -u pkgsrc/www/mediawiki/PLIST:1.34 pkgsrc/www/mediawiki/PLIST:1.35
--- pkgsrc/www/mediawiki/PLIST:1.34     Thu Aug 24 14:02:39 2017
+++ pkgsrc/www/mediawiki/PLIST  Sun Nov 19 08:36:57 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.34 2017/08/24 14:02:39 wen Exp $
+@comment $NetBSD: PLIST,v 1.35 2017/11/19 08:36:57 wen Exp $
 share/examples/mediawiki/mediawiki.conf
 share/mediawiki/.eslintrc.json
 share/mediawiki/.stylelintrc
@@ -3310,6 +3310,7 @@ share/mediawiki/extensions/SyntaxHighlig
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/Gruntfile.js
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/README
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/ResourceLoaderGeSHiVisualEditorModule.php
+share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.GeSHi.php
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.ace.php
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
 share/mediawiki/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.compat.php
@@ -4374,6 +4375,7 @@ share/mediawiki/includes/compat/normal/U
 share/mediawiki/includes/composer/ComposerHookHandler.php
 share/mediawiki/includes/composer/ComposerPackageModifier.php
 share/mediawiki/includes/composer/ComposerVersionNormalizer.php
+share/mediawiki/includes/composer/ComposerVendorHtaccessCreator.php
 share/mediawiki/includes/config/Config.php
 share/mediawiki/includes/config/ConfigException.php
 share/mediawiki/includes/config/ConfigFactory.php
@@ -11999,6 +12001,7 @@ share/mediawiki/tests/selenium/wdio.conf
 share/mediawiki/tests/selenium/wdio.conf.js
 share/mediawiki/thumb.php
 share/mediawiki/thumb_handler.php
+share/mediawiki/vendor/.htaccess
 share/mediawiki/vendor/README.md
 share/mediawiki/vendor/autoload.php
 share/mediawiki/vendor/composer.json

Index: pkgsrc/www/mediawiki/distinfo
diff -u pkgsrc/www/mediawiki/distinfo:1.52 pkgsrc/www/mediawiki/distinfo:1.53
--- pkgsrc/www/mediawiki/distinfo:1.52  Thu Aug 24 14:02:39 2017
+++ pkgsrc/www/mediawiki/distinfo       Sun Nov 19 08:36:57 2017
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.52 2017/08/24 14:02:39 wen Exp $
+$NetBSD: distinfo,v 1.53 2017/11/19 08:36:57 wen Exp $
 
-SHA1 (mediawiki-1.29.1.tar.gz) = 4ceacc2b5f883f37ed696fbe5413d547652acdc4
-RMD160 (mediawiki-1.29.1.tar.gz) = 8fa5dcc2481232abfbf0b3d6c43a28c8694d684a
-SHA512 (mediawiki-1.29.1.tar.gz) = c4e04c4fb665c3d8299f3e03e608904aaf0e06381240c7259813eb670c3e32cde919353dd19993250cf49be81d604ac5f6d468bc563116a4b268e5011d34119f
-Size (mediawiki-1.29.1.tar.gz) = 39734499 bytes
+SHA1 (mediawiki-1.29.2.tar.gz) = e1993abcad2cc919b737e23c11bfd37847d00b6c
+RMD160 (mediawiki-1.29.2.tar.gz) = b7856ff1e40f90bf18dce6b259a7ff61296bdeaa
+SHA512 (mediawiki-1.29.2.tar.gz) = 53c6ca82280938d1e3281aa296f44c86dcfbbdf82710b7de578e73e1ef3150db145e059c8c8208859bc437f7a7f7a13eed896be9d44fd364a0ee6d78893fbe86
+Size (mediawiki-1.29.2.tar.gz) = 40146157 bytes