./www/mediawiki, Free software wiki package originally written for Wikipedia

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.32.1, Package name: mediawiki-1.32.1, Maintainer: wen

MediaWiki is free server-based software which is licensed under the GNU
General Public License (GPL). It's designed to be run on a large server
farm for a website that gets millions of hits per day. MediaWiki is an
extremely powerful, scalable software and a feature-rich wiki implementation,
that uses PHP to process and display data stored in its MySQL database.

Required to run:
[textproc/php-json] [graphics/php-gd] [converters/php-mbstring] [databases/php-mysqli] [textproc/php-intl]

Required to build:
[www/apache24] [pkgtools/cwrappers]

Package options: apache, mysql

Master sites:

SHA1: 0b45049473254221b3e133ff5df0ad11c82b9822
RMD160: 990b2b0d27bd2a54a11a694348818ad089a8d46f
Filesize: 35327.965 KB

Version history: (Expand)

CVS history: (Expand)

   2019-05-23 21:23:24 by Roland Illig | Files touched by this commit (242)
Log message:
all: replace SUBST_SED with the simpler SUBST_VARS

pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
   2019-05-08 04:12:07 by Wen Heping | Files touched by this commit (2) | Package updated
Log message:
Update to 1.32.1

Upstream changes:
== MediaWiki 1.32.1 ==

=== Changes since MediaWiki 1.32.0 ===
* (T213577) rdbms: avoid transaction status errors from ping() in rollback().
* rdbms: Pass required parameter.
* rdbms: do not treat SAVEPOINT and RELEASE SAVEPOINT as write queries.
* (T204531) rdbms: reduce LoadBalancer replication log spam.
* (T213489) Avoid session double-start in Setup.php.
* (T213717) Correct namespace 'Template' for gom-deva
* (T198054) Fix login page crash caused by unknown language via ?uselang
* (T215324) (T210937) list=users mistakenly reports user as missing.
* (T209483) Add ILBFactory::redefineLocalDomain method. This is intended for
  use with scripts like addWiki.php to avoid mismatched domain errors.
* (T208871) The hard-coded Google search form on the database error page was
* (T204800) Fix Title::getFragmentForURL for bad interwiki prefix
* (T215566) Fix installer being unable to determine if the database exists
  during a fresh installation.
   2019-01-16 00:46:24 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 1.32.0

Upstream changelog is too long, please visit:
   2018-09-23 05:33:29 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 1.31.1
Update my email

Upstream changelog is too long, please visit :
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2017-12-30 14:43:32 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 1.30.0

Upstream changes:
MediaWiki 1.30.0
Changes since MediaWiki 1.30.0-rc.0

    Upgraded Moment.js from v2.15.0 to v2.19.3.
    Add ip_changes to postgres/tables.sql.
    Skip null shell parameters.
    Add wfWaitForSlaves() to maintenance/migrateComments.php.
    (T182245) Fix join conditions in ImageListPager.
    (T178626) Revert #contentSub and #jump-to-nav margin changes.

MySQL version requirement in 1.30

As of 1.30, MediaWiki now requires MySQL 5.5.8 or higher (see Compatibility section).
Configuration changes in 1.30

    The "C.UTF-8" locale should be used for $wgShellLocale, if \ 
available, to avoid unexpected behavior when code uses locale-sensitive string \ 
comparisons. For example, the Scribunto extension considers "bar" < \ 
"Foo" in most locales since it ignores case.
    $wgShellLocale now affects LC_ALL rather than only LC_CTYPE. See \ 
documentation of $wgShellLocale for details.
    $wgShellLocale is now applied for all requests. wfInitShellLocale() is \ 
deprecated and a no-op, as it is no longer needed.
    $wgJobClasses may now specify callback functions as an alternative to plain \ 
class names. This is intended for extensions that want control over the \ 
instantiation of their jobs, to allow for proper dependency injection.
    $wgResourceModules may now specify callback functions as an alternative to \ 
plain class names, using the 'factory' key in the module description array. This \ 
allows dependency injection to be used for ResourceLoader modules.
    $wgExceptionHooks has been removed.
    (T163562) $wgRangeContributionsCIDRLimit was introduced to control the size \ 
of IP ranges that can be queried at Special:Contributions.
    (T45547) $wgUsePigLatinVariant added (off by default).
    (T152540) MediaWiki now supports a section ID escaping style that allows to \ 
display non-Latin characters verbatim on many modern browsers. This is \ 
controlled by the new configuration setting, $wgFragmentMode.
    $wgExperimentalHtmlIds is now deprecated and will be removed in a future \ 
version, use $wgFragmentMode to migrate off it to a modern alternative.
    $wgExternalInterwikiFragmentMode was introduced to control how fragments in \ 
sinterwikis going outside of current wiki farm are encoded.
    (T120333) Soft-deprecated the use of PHP extension 'mysql' in favor of \ 
'mysqli'. This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0. \ 
MediaWiki auto-selects the 'mysqli' driver since MediaWiki 1.22, except if \ 
explicitly requested through the configuration parameter $wgDBservers. However \ 
some maintenance scripts (bitnami?) still may rely on "mysql".
    $wgOOUIEditPage was removed, as it is now the default. This was documented \ 
as a temporary variable during the migration period.

New features in 1.30

    (T37247) Output from Parser::parse() will now be wrapped in a div with \ 
class="mw-parser-output" by default. This may be changed or disabled \ 
using ParserOptions::setWrapOutputClass().
    (T163562) Added ability to search for contributions within an IP ranges at \ 
    Added 'ChangeTagsAllowedAdd' hook, enabling extensions to allow software- \ 
specific tags to be added by users.
    Added a 'ParserOptionsRegister' hook to allow extensions to register \ 
additional parser options.
    (T45547) Included Pig Latin, a language game in English, as a \ 
LanguageConverter variant. This allows English-speaking developers to develop \ 
and test LanguageConverter more easily. Pig Latin can be enabled by setting \ 
$wgUsePigLatinVariant to true.
    Added RecentChangesPurgeRows hook to allow extensions to purge data that \ 
depends on the recentchanges table.
    Added JS config values wgDiffOldId/wgDiffNewId to the output of diff pages.
    (T2424) Added direct unwatch links to entries in Special:Watchlist (if the \ 
'watchlistunwatchlinks' preference option is enabled). With JavaScript enabled, \ 
these links toggle so the user can also re-watch pages that have just been \ 
    Added $wgParserTestMediaHandlers, where mock media handlers can be passed to \ 
MediaHandlerFactory for parser tests.
    Edit summaries, block reasons, and other "comments" are now stored \ 
in a separate database table. Use the CommentFormatter class to access them.
        This is currently gated by $wgCommentTableSchemaMigrationStage. Most \ 
wikis can set this to MIGRATION_NEW and run maintenance/migrateComments.php as \ 
soon as any necessary extensions are updated.
    (T138166) Added ability for users to prohibit other users from sending them \ 
emails with Special:Emailuser. Can be enabled by setting \ 
$wgEnableUserEmailBlacklist to true.
    (T67297) $wgBrowserBlackList is deprecated, and changing it will have no \ 
effect. Instead, users using browsers that do not support Unicode will be unable \ 
to edit and should upgrade to a modern browser instead.

External library changes in 1.30
Upgraded external libraries

    Updated justinrainbow/json-schema from v3.0 to v5.2.
    Updated mediawiki/mediawiki-codesniffer from v0.7.2 to v0.12.0.
    Updated wikimedia/composer-merge-plugin from v1.4.0 to v1.4.1.
    Updated wikimedia/relpath from v1.0.3 to v2.0.0.
    Updated OOjs from v2.0.0 to v2.1.0.
    Updated OOUI from v0.21.1 to v0.23.0.
    Updated QUnit from v1.23.1 to v2.4.0.
    Updated phpunit/phpunit from v4.8.35 to v4.8.36.
    Upgraded Moment.js from v2.15.0 to v2.19.3.

New external libraries

    The class \TestingAccessWrapper has been moved to the external library \ 
wikimedia/testing-access-wrapper and renamed \Wikimedia\TestingAccessWrapper.
    Purtle, a fast, lightweight RDF generator.

Removed and replaced external libraries


Bug fixes in 1.30

    (T151633) Ordered list items use now Devanagari digits in Nepalese (thanks \ 
to Sfic)

Action API changes in 1.30

    (T37247) action=parse output will be wrapped in a div with \ 
class="mw-parser-output" by default. This may be changed or disabled \ 
using the new 'wrapoutputclass' parameter.
    When errorformat is not 'bc', abort reasons from action=login will be \ 
formatted as specified by the error formatter parameters.
    action=compare can now handle arbitrary text, deleted revisions, and \ 
returning users and edit comments.
    (T164106) The 'rvdifftotext', 'rvdifftotextpst', 'rvdiffto', \ 
'rvexpandtemplates', 'rvgeneratexml', 'rvparse', and 'rvprop=parsetree' \ 
parameters to prop=revisions are deprecated, as are the similarly named \ 
parameters to prop=deletedrevisions, list=allrevisions, and \ 
list=alldeletedrevisions. Use action=compare, action=parse, or \ 
action=expandtemplates instead.

Action API internal changes in 1.30

    ApiBase::getDescriptionMessage() and the "apihelp-*-description" \ 
messages are deprecated. The existing message should be split between \ 
"apihelp-*-summary" and "apihelp-*-extended-description".
    (T123931) Individual values of multi-valued parameters can now be marked as \ 

Languages updated in 1.30

MediaWiki supports over 350 languages. Many localisations are updated regularly. \ 
Below only new and removed languages are listed, as well as changes to languages \ 
because of Phabricator reports.

    Added: kbp (Kabɩyɛ / Kabiyè)
    Added: skr (Saraiki, سرائیکی)
    Added: tay (Tayal / Atayal)
    Removed: tokipona (Toki Pona)

Pig Latin added

    (T45547) Added Pig Latin, a made-up English variant (en-x-piglatin), for \ 
easier variant development and testing. Disabled by default. It can be enabled \ 
by setting $wgUsePigLatinVariant to true.

Other changes in 1.30

    The use of an associative array for $wgProxyList, where the IP address is in \ 
the key instead of the value, is deprecated (e.g. [ '' => 'value' \ 
]). Please convert these arrays to indexed/sequential ones (e.g. [ '' \ 
    mw.user.bucket (deprecated in 1.23) was removed.
    LoadBalancer::getServerInfo() and LoadBalancer::setServerInfo() are \ 
deprecated. There are no known callers.
    File::getStreamHeaders() was deprecated.
    MediaHandler::getStreamHeaders() was deprecated.
    Title::canTalk() was deprecated. The new Title::canHaveTalkPage() should be \ 
used instead.
    MWNamespace::canTalk() was deprecated. The new \ 
MWNamespace::hasTalkNamespace() should be used instead.
    The ExtractThumbParameters hook (deprecated in 1.21) was removed.
    The OutputPage::addParserOutputNoText and ::getHeadLinks methods (both \ 
deprecated in 1.24) were removed.
    wfMemcKey() and wfGlobalCacheKey() were deprecated. BagOStuff::makeKey() and \ 
BagOStuff::makeGlobalKey() should be used instead.
    (T146304) Preprocessor handling of LanguageConverter markup has been \ 
improved. As a result of the new uniform handling, '-{' may need to be escaped \ 
(for example, as '-<nowiki/>{') where it occurs inside template arguments \ 
or wikilinks.
    (T163966) Page moves are now counted as edits for the purposes of \ 
autopromotion, i.e., they increment the user_editcount field in the database.
    Two new hooks, LogEventsListLineEnding and NewPagesLineEnding, were added \ 
for manipulating Special:Log and Special:NewPages lines.
    The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData, \ 
PageHistoryLineEnding, ContributionsLineEnding and \ 
DeletedContributionsLineEnding hooks have an additional parameter, for \ 
manipulating HTML data attributes of RC/history lines. \ 
EnhancedChangesListModifyBlockLineData can do that via the $data['attribs'] \ 
    (T130632) The OutputPage::enableTOC() method was removed.
    WikiPage::getParserOutput() will now throw an exception if passed \ 
ParserOptions that would pollute the parser cache. Callers should use \ 
WikiPage::makeParserOptions() to create the ParserOptions object and only change \ 
options that affect the parser cache key.
    Article::viewRedirect() is deprecated.
    IP::isValidBlock() was deprecated. Use the equivalent IP::isValidRange().
    DeprecatedGlobal no longer supports passing in a direct value, it requires a \ 
callable factory function or a class name.
    The $parserMemc global, wfGetParserCacheStorage(), and \ 
ParserCache::singleton() are all deprecated. The main ParserCache instance \ 
should be obtained from MediaWikiServices instead. Access to the underlying \ 
BagOStuff is possible through the new ParserCache::getCacheStorage() method.
    .mw-ui-constructive CSS class (deprecated in 1.27) was removed.
    Sanitizer::escapeId() was deprecated, use escapeIdForAttribute(), \ 
escapeIdForLink() or escapeIdForExternalInterwiki() instead.
    Title::escapeFragmentForURL() was deprecated, use one of the aforementioned \ 
Sanitizer functions or, if possible, Title::getFragmentForURL().
    Second parameter to Sanitizer::escapeIdReferenceList() ($options) now does \ 
nothing and is deprecated.
    mw.util.escapeId() was deprecated, use escapeIdForAttribute() or \ 
    MagicWord::replaceMultiple() (deprecated in 1.25) was removed.
    WikiImporter now requires the second parameter to be an instance of the \ 
Config, class. Prior to that, the Config parameter was optional (a behavior \ 
deprecated in 1.25).
    Removed 'jquery.mwExtension' module. (deprecated since 1.26)
    mediawiki.ui: Deprecate greys, which are not part of WikimediaUI color \ 
palette any more.
    CdbReader, CdbWriter, CdbException classes (deprecated in 1.25) were \ 
removed. The namespaced classes in the Cdb namespace should be used instead.
    IPSet class (deprecated in 1.26) was removed. The namespaced IPSet\IPSet \ 
should be used instead.
    RunningStat class (deprecated in 1.27) was removed. The namespaced \ 
RunningStat\RunningStat should be used instead.
    MWMemcached and MemCachedClientforWiki classes (deprecated in 1.27) were \ 
removed. The MemcachedClient class should be used instead.
    EditPage underwent some refactoring and deprecations:
        EditPage::isOouiEnabled() is deprecated and will always return true.
        EditPage::getSummaryInput() and ::getSummaryInputOOUI() are deprecated. \ 
Please use ::getSummaryInputWidget() instead.
        EditPage::getCheckboxes() and ::getCheckboxesOOUI() are deprecated. \ 
Please use ::getCheckboxesWidget() instead.
        Creating an EditPage instance without calling \ 
EditPage::setContextTitle() should be avoided and will be deprecated in a future \ 
        EditPage::safeUnicodeInput() and ::safeUnicodeOutput() are deprecated \ 
and no-ops.
        EditPage::$isCssJsSubpage, ::$isCssSubpage, and ::$isJsSubpage are \ 
deprecated. The corresponding methods from Title should be used instead.
        EditPage::$isWrongCaseCssJsPage is deprecated. There is no replacement.
        EditPage::$mArticle and ::$mTitle are deprecated for public usage. The \ 
getters ::getArticle() and ::getTitle() should be used instead.
        Trying to control or fake EditPage context by overriding $wgUser, \ 
$wgRequest, $wgOut, and $wgLang is no longer supported and won't work. The \ 
IContextSource returned from EditPage::getContext() must be modified instead.
    Parser::getRandomString() (deprecated in 1.26) was removed.
    Parser::uniqPrefix() (deprecated in 1.26) was removed.
    Parser::extractTagsAndParams() now only accepts three arguments. The fourth, \ 
$uniq_prefix was deprecated in 1.26 and has now been removed.
    (T172514) The following tables have had their UNIQUE indexes turned into \ 
proper PRIMARY KEYs for increased maintainability: categorylinks, imagelinks, \ 
iwlinks, langlinks, log_search, module_deps, objectcache, pagelinks, \ 
query_cache, site_stats, templatelinks, text, transcache, user_former_groups, \ 
    IDatabase::nextSequenceValue() is no longer needed by any database backends \ 
(formerly it was needed by PostgreSQL and Oracle), and is now deprecated.
    (T146591) The lc_lang_key index on the l10n_cache table has been changed \ 
    (T157227) bot_password.bp_user, change_tag.ct_log_id, change_tag.ct_rev_id, \ 
page_restrictions.pr_user, tag_summary.ts_log_id, tag_summary.ts_rev_id and \ 
user_properties.up_user have all been made unsigned on MySQL.
    DB_SLAVE is deprecated. DB_REPLICA should be used instead.
    wfUsePHP() is deprecated.
    wfFixSessionID() was removed.
    wfShellExec() and related functions are deprecated, use Shell::command(). \ 
This also slightly changes the behavior of how execution time limits are \ 
calculated when only some of defaults are overridden per-call. When in doubt, \ 
always override both wall clock and CPU time.
    (T138166) SpecialEmailUser::getTarget() now requires a second argument, the \ 
sending user object. Using the method without the second argument is deprecated.
    (T67297) Browsers that don't support Unicode will have their edits rejected.
    (T178450) The module 'jquery.badge' is deprecated and will be removed in a \ 
future release. For notifying the user of an event, the Notifications \ 
("Echo") system should be used instead.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and \ 
browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled


MediaWiki 1.30 requires PHP 5.5.9 or later. There is experimental support for \ 
HHVM 3.6.5 or later.

MySQL/MariaDB is the recommended DBMS. PostgreSQL or SQLite can also be used, \ 
but support for them is somewhat less mature. There is experimental support for \ 
Oracle and Microsoft SQL Server.

The supported versions are:

    MySQL 5.5.8 or later
    PostgreSQL 8.3 or later
    SQLite 3.3.7 or later
    Oracle 9.0.1 or later
    Microsoft SQL Server 2005 (9.00.1399)


1.30 has several database changes since 1.29, and will not work without schema \ 
updates. Note that due to changes to some very large tables like the revision \ 
table, the schema update may take a long time (minutes on a medium sized site, \ 
many hours on a large site).

Don't forget to always back up your database before upgrading!

See the file UPGRADE for more detailed upgrade instructions, including important \ 
information when upgrading from versions prior to 1.11.

For notes on 1.29.x and older releases, see HISTORY.
   2017-11-19 09:36:57 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 1.29.2

Upstream changes:
MediaWiki 1.29.2

This is a security and maintenance release of the MediaWiki 1.29 branch.
Changes since 1.29.1

    (T166757) Avoid scoped lock errors in Category::refreshCounts() due to nesting.
    (T175439) Unbreak Postgres Updater when setting defaults for a column.
    (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
    Fixed login button label to accept RawMessage.
    Fixed case of SpecialRecentChanges class usage.
    (T174255) Declare uploadCount property in importDump.php.
    (T163646) Pass a string not an int to mysql_real_escape_string().
    (T180143) Bump justinrainbow/json-schema development dependency to ~5.2.
    Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36.
    (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and \ 
browser sends non-standard url escaping.
    (T165846) SECURITY: BotPassword login attempts weren't throttled.
    (T128209) SECURITY: Reflected File Download from api.php.
    (T134100) SECURITY: Do not reveal if user exists during login failure.
    (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
    (T125163) SECURITY: Make anchor for headlines escape > and <.
    (T180237) SECURITY: Protect vendor folder with .htaccess.
    (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in update.php.
    (T124404) SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit.
    (T119158) SECURITY: Handle -{}- syntax in attributes safely.
    (T180488) (T125177) "api.log contains passwords in plaintext" \ 
wasn't correctly fixed in all branches in the previous security release.