Path to this page:
Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/www/mediawiki
From: Benny Siegert
Date: 2016-05-21 21:53:38
Message id: 20160521195338.47D0BFBBA@cvs.NetBSD.org
Log Message:
Pullup ticket #5027 - requested by wen
www/mediawiki: security fix
Revisions pulled up:
- www/mediawiki/Makefile 1.59
- www/mediawiki/PLIST 1.28
- www/mediawiki/distinfo 1.45
---
Module Name: pkgsrc
Committed By: wen
Date: Sat May 21 11:58:12 UTC 2016
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.26.3
Upstream changes:
MediaWiki 1.26.3
This is a maintenance release of the MediaWiki 1.26 branch.
Changes since 1.26.2
(bug T116266) Fixed undefined property notices in DairikiDiff under HHVM.
(bug T123166) Fix fatal error when importing pages to titles which
cannot be created, such as invalid titles or titles the user is not
allowed to edit.
(bug T122056) Old tokens are remaining valid within a new session
(bug T127114) Login throttle can be tricked using
non-canonicalized usernames
(bug T123653) Cross-domain policy regexp is too narrow
(bug T123071) Incorrectly identifying http link in a's href
attributes, due to m modifier in regex
(bug T129506) MediaWiki:Gadget-popups.js isn't renderable
(bug T125283) Users occasionally logged in as different users
after SessionManager deployment
(bug T103239) Patrol allows click catching and patrolling of any page
(bug T122807) [tracking] Check php crypto primatives
(bug T98313) Graphs can leak tokens, leading to CSRF
(bug T130947) Diff generation should use PoolCounter
(bug T133507) Careless use of $wgExternalLinkTarget is insecure
(bug T132874) API action=move is not rate limited
(bug T110143) strip markers can be used to get around html
attribute escaping in (bug many?) parser tags
(bug T116030) Increase pbkdf2 parameter strengths
(bug T127420) Pbkdf2Password does not check if hash_pbkdf2(bug ) succeeded
(bug T126685) Globally throttle password attempts
Files: