Path to this page:
Subject: CVS commit: [pkgsrc-2012Q3] pkgsrc/www/mediawiki
From: Matthias Scheler
Date: 2012-12-04 11:36:23
Message id: 20121204103623.A4A03175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3979 - requested by wen
www/mediawiki: security update
Revisions pulled up:
- www/mediawiki/Makefile 1.25
- www/mediawiki/PLIST 1.12
- www/mediawiki/distinfo 1.16
---
Module Name: pkgsrc
Committed By: wen
Date: Fri Nov 30 08:12:24 UTC 2012
Modified Files:
pkgsrc/www/mediawiki: Makefile PLIST distinfo
Log Message:
Update to 1.20.1
Upstream changes:
MediaWiki 1.20.1
This is a security release of the MediaWiki 1.20 branch
Changes since 1.20
(bug 42202) Validate options to prevent html injection
(bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
(bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
Javscript Lint fixes
(bug 40632) Remove CleanupPresentationalAttributes feature
[Database] Fixed case where trx idle callbacks might be lost.
MediaWiki 1.20
MediaWiki 1.20 is a stable release.
PHP 5.3 now required
Since 1.20, the lowest supported version of PHP is now 5.3.2. Please
upgrade PHP if you have not done so prior to upgrading MediaWiki.
Configuration changes in 1.20
$wgGitRepositoryViewers defines a mapping from Git remote repository
to the Gitweb instance URL used in Special:Version.
$wgUsePathInfo = true; is no longer needed to make $wgArticlePath work
on servers using like nginx, lighttpd, and apache over fastcgi.
MediaWiki now always extracts path info from REQUEST_URI if it's
available.
The user right 'upload_by_url' is no longer given to sysops by
default. This only affects installations which have
$wgAllowCopyUploads set to true.
Removed f-prot support from $wgAntivirusSetup.
New variable $wgDBerrorLogTZ to provide dates in the error log in a
different timezone than the wiki timezone set by $wgLocaltimezone.
New variables $wgDBssl and $wgDBcompress to enable SSL and compression
for database connections, if either are available for the selected DB
type.
$wgUseCombinedLoginLink now defaults to false, making MediaWiki output
separate login and create account links by default.
New features in 1.20
Added TitleIsAlwaysKnown hook which gets called when determining if a
page exists.
Added NamespaceIsMovable hook which gets called when determining if
pages in a certain namespace can be moved.
Added SpecialPageBeforeExecute hook which gets called before
SpecialPage::execute.
Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
Added ORMTable, ORMRow and ORMResult classes for additional
abstraction of database interaction.
Added CacheHelper and associated SpecialCachedPage and CachedAction
helper classes.
(bug 32341) Add upload by URL domain limitation.
&useskin=default will now always display the default skin. Useful for
users with a preference for the non-default skin to look at something
using the default skin.
(bug 27619) Remove preference option to display broken links as link?
(bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
(bug 34302) Add CSS classes to email fields in user preferences.
Introduced $wgDebugDBTransactions to trace transaction status
(currently PostgreSQL only).
(bug 23795) Add parser itself to ParserMakeImageParams hook.
Introduce a cryptographic random number generator source api for use
when generating various tokens.
(bug 30963) Option on Special:Prefixindex and Special:Allpages to not
show redirects.
(bug 18062) New message when edit or create the local page of a shared file.
(bug 22870) Separate interface message when creating a page.
(bug 17615) nosummary option should be reassigned on preview/captcha.
(bug 34355) Add a variable and parser function for the namespace number.
(bug 35649) Special:Version now shows hashes of extensions checked out from git.
(bug 35728) Git revisions are now linked on Special:Version.
"Show Changes" on default messages shows now diff against default \
message text
(bug 23006) create #speciale parser function.
generateSitemap can now optionally skip redirect pages.
(bug 27757) New API command just for retrieving tokens (not page-based).
Added GitViewers hook for extensions using external git repositories
to have a web-based repository viewer linked to from Special:Version.
Memcached debug logs can now be sent to their own file logs by setting
$wgDebugLogFile['memcached'] to some filepath.
(bug 35685) api.php URL and other entry point URLs are now listed on
Special:Version
Edit notices can now be translated.
jQuery upgraded to 1.8.2.
jQuery UI upgraded to 1.8.23.
QUnit upgraded from v1.2.0 to v1.10.0.
(bug 37604) jquery.cookie upgraded to 2011 version.
(bug 22887) Add warning and tracking category for preprocessor errors
(bug 31704) Allow selection of associated namespace on the watchlist
(bug 5445) Now remove autoblocks when a user is unblocked.
Added $wgLogExceptionBacktrace, on by default, to allow logging of
exception backtraces.
Added device detection for determining device capabilities.
QUnit.newMwEnvironment now supports passing a custom setup and/or
teardown function. Arguments signature has changed. First arguments is
now an options object of which 'config' can be a property. Previously
'config' itself was the first and only argument.
New getCreator and getOldestRevision methods added to WikiPage class
(bug 4220) the XML dump format schema now have unique identity
constraints for page and revision identifiers. Patch by Elvis
Stansvik.
cleanupSpam.php now can delete spam pages if --delete was specified
instead of blanking them.
Added new hook ChangePasswordForm to allow adding of additional fields
in Special:ChangePassword
Added new function getDomain to AuthPlugin for getting a user's domain
(bug 23427) New magic word {{PAGEID}} which gives the current page ID.
Will be null on previewing a page being created.
(bug 37627) UserNotLoggedIn() exception to show a generic error page
whenever a user is not logged in.
Watched status in changes lists are no longer indicated by
<strong></strong> tags with class "mw-watched". \
Instead, each line now
has a class "mw-changeslist-line-watched" or
"mw-changeslist-line-not-watched", and the title itself is surrounded
by <span></span> tags with class "mw-title".
Added ContribsPager::reallyDoQuery hook allowing extensions to data to
MyContribs
Added new hook ParserAfterParse to allow extensions to affect parsed
output after the parse is complete but before block level processing,
link holder replacement, and so on.
(bug 34678) Added InternalParseBeforeSanitize hook which gets called
during Parser's internalParse method just before the parser removes
unwanted/dangerous HTML tags.
Added new hook AfterFinalPageOutput to allow modifications to buffered
page output before sent to the client.
(bug 36783) Implement jQuery Promise interface in mediawiki.api module.
Make dates in sortable tables sort according to the page content
language instead of the site content language
(bug 37926) Deleterevision will no longer allow users to delete log
entries, the new deletelogentry permission is required for this.
(bug 14237) Allow PAGESINCATEGORY to distinguish between 'all',
'pages', 'files' and 'subcats'
(bug 38362) Make Special:Listuser includeable on wiki pages.
Added support in jquery.localize for placeholder attributes.
(bug 38151) Implemented mw.user.getRights for getting and caching the
current user's user rights.
Session storage can now configured independently of general object
cache storage, by using $wgSessionCacheType. $wgSessionsInMemcached
has been renamed to $wgSessionsInObjectCache, with the old name
retained for backwards compatibility. When this feature is enabled,
the expiry time can now be configured with
$wgObjectCacheSessionExpiry.
Added a Redis client for object caching.
Implemented mw.user.getGroups for getting and caching user groups.
(bug 37830) Added $wgRequirePasswordforEmailChange to control whether
password confirmation is required for changing an email address or
not.
HTMLForm mutators can now be chained (they return $this)
A new message, "api-error-filetype-banned-type", is available for
formatting API upload errors due to the file extension blacklist.
New hook 'ParserTestGlobals' allows to set globals before running parser tests.
Allow importing pages as subpage.
Add lang and hreflang attributes to language links on Login page.
(bug 22749) Create Special:MostInterwikis.
Show change tags when transclude Special:Recentchanges(linked) or
Special:Newpages.
(bug 23226) Add |class= parameter to image links in order to add
class(es) to HTML img tag.
(bug 39431) SVG animated status is now shown in long description.
(bug 39376) jquery.form upgraded to 3.14.
SVG files will now show the actual width in the SVG's specified units
in the metadata box.
Added ResourceLoader module "jquery.jStorage" (v0.3.0, \
http://jStorage.info/).
(bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
Added ResourceLoader module "jquery.badge".
mw.util.$content now points to the overall content area in the skin
rather than just page text content area. If you need the old behaviour
please use $( '#mw-content-text').
jsMessage has been replaced with a floating bubble notification system
complete with auto-hide, multi-message support, and message
replacement tags.
jquery.messageBox which appears to be unused by both core and
extensions has been removed.
(bug 34939) Made link parsing insensitive ([HttP://]).
(bug 40072) Add CSS classes to items in output of ChangesList pages.
Added $wgCopyUploadProxy global to define which proxy to use for copy uploads.
(bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new
module, mediawiki.searchSuggest, based on SimpleSeach from
Extension:Vector.
Files: