Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/www/mediawiki
From: Benny Siegert
Date: 2016-05-21 21:53:38
Message id: 20160521195338.47D0BFBBA@cvs.NetBSD.org

Log Message:
Pullup ticket #5027 - requested by wen
www/mediawiki: security fix

Revisions pulled up:
- www/mediawiki/Makefile                                        1.59
- www/mediawiki/PLIST                                           1.28
- www/mediawiki/distinfo                                        1.45

---
   Module Name:    pkgsrc
   Committed By:   wen
   Date:           Sat May 21 11:58:12 UTC 2016

   Modified Files:
           pkgsrc/www/mediawiki: Makefile PLIST distinfo

   Log Message:
   Update to 1.26.3

   Upstream changes:
   MediaWiki 1.26.3

   This is a maintenance release of the MediaWiki 1.26 branch.
   Changes since 1.26.2

       (bug T116266) Fixed undefined property notices in DairikiDiff under HHVM.
       (bug T123166) Fix fatal error when importing pages to titles which
   cannot be created, such as invalid titles or titles the user is not
   allowed to edit.
       (bug T122056) Old tokens are remaining valid within a new session
       (bug T127114) Login throttle can be tricked using
   non-canonicalized usernames
       (bug T123653) Cross-domain policy regexp is too narrow
       (bug T123071) Incorrectly identifying http link in a's href
   attributes, due to m modifier in regex
       (bug T129506) MediaWiki:Gadget-popups.js isn't renderable
       (bug T125283) Users occasionally logged in as different users
   after SessionManager deployment
       (bug T103239) Patrol allows click catching and patrolling of any page
       (bug T122807) [tracking] Check php crypto primatives
       (bug T98313) Graphs can leak tokens, leading to CSRF
       (bug T130947) Diff generation should use PoolCounter
       (bug T133507) Careless use of $wgExternalLinkTarget is insecure
       (bug T132874) API action=move is not rate limited
       (bug T110143) strip markers can be used to get around html
   attribute escaping in (bug many?) parser tags
       (bug T116030) Increase pbkdf2 parameter strengths
       (bug T127420) Pbkdf2Password does not check if hash_pbkdf2(bug ) succeeded
       (bug T126685) Globally throttle password attempts

Files:
RevisionActionfile
1.58.4.1modifypkgsrc/www/mediawiki/Makefile
1.27.4.1modifypkgsrc/www/mediawiki/PLIST
1.44.4.1modifypkgsrc/www/mediawiki/distinfo