Summary: A wiki engine Name: mediawiki Version: 1.41.1 Release: 3%{?dist} License: GPL-2.0-or-later URL: https://www.mediawiki.org/ Source0: https://releases.wikimedia.org/mediawiki/1.41/%{name}-%{version}.tar.gz Source1: https://releases.wikimedia.org/mediawiki/1.41/%{name}-%{version}.tar.gz.sig Source2: mediawiki.conf Source3: README.RPM Source4: mw-createinstance.in Source5: mw-updateallinstances.in BuildArch: noarch BuildRequires: djvulibre BuildRequires: perl-generators BuildRequires: php-cli BuildRequires: php-gd BuildRequires: php-intl BuildRequires: php-pdo #BuildRequires: php-phpunit-PHPUnit BuildRequires: php-theseer-autoload BuildRequires: php-composer(cssjanus/cssjanus) >= 2.1.1 BuildRequires: php-composer(liuggio/statsd-php-client) >= 1.0.18 BuildRequires: php-composer(oojs/oojs-ui) >= 0.48.1 BuildRequires: php-composer(psr/log) >= 1.1.4 BuildRequires: php-composer(wikimedia/assert) >= 0.5.1 BuildRequires: php-composer(wikimedia/avro) >= 1.9.0 BuildRequires: php-composer(wikimedia/cdb) >= 3.0.0 BuildRequires: php-composer(wikimedia/utfnormal) >= 4.0.0 BuildRequires: php-composer(zordius/lightncandy) >= 1.2.6 BuildRequires: php-pear(Mail) >= 1.5.1 BuildRequires: php-pear(Mail_Mime) >= 1.10.11 BuildRequires: php-pear(Net_SMTP) >= 1.10.0 BuildRequires: php-pear(Net_Socket) >= 1.2.2 BuildRequires: python3-devel Requires: httpd-filesystem Requires: php(httpd) Requires: php(language) >= 7.4.3 Requires: php-gd Requires: php-xml Requires: diffutils Recommends: ImageMagick Requires: php-composer(cssjanus/cssjanus) >= 2.1.1 Requires: php-composer(liuggio/statsd-php-client) >= 1.0.18 Requires: php-composer(oojs/oojs-ui) >= 0.48.1 Requires: php-composer(psr/log) >= 1.1.4 Requires: php-composer(wikimedia/assert) >= 0.5.1 Requires: php-composer(wikimedia/avro) >= 1.9.0 Requires: php-composer(wikimedia/cdb) >= 3.0.0 Requires: php-composer(wikimedia/utfnormal) >= 4.0.0 Requires: php-composer(zordius/lightncandy) >= 1.2.6 Requires: php-pear(Mail) >= 1.5.0 Requires: php-pear(Mail_Mime) >= 1.10.11 Requires: php-pear(Net_SMTP) >= 1.10.0 Requires: php-pear(Net_Socket) >= 1.2.2 # Update script call command-line php Requires(post): php-cli Obsoletes: php-mediawiki-at-ease <= 1.1.0 Obsoletes: php-wikimedia-ip-set <= 3.1.0 Provides: bundled(php-christian-riesen-base32) = 1.6.0 Provides: bundled(php-composer-semver) = 3.3.2 Provides: bundled(php-guzzlehttp-guzzle) = 7.5.3 Provides: bundled(php-guzzlehttp-promises) = 1.5.3 Provides: bundled(php-guzzlehttp-psr7) = 2.4.5 Provides: bundled(php-jakobo-hotp-php) = 2.0.0 Provides: bundled(php-justinrainbow-json-schema) = 5.2.13 Provides: bundled(php-monolog-monolog) = 2.2.0 Provides: bundled(php-pear-console_getopt) = 1.4.3 Provides: bundled(php-pear-Net_URL2) = 2.2.2 Provides: bundled(php-pear-pear-core-minimal) = 1.10.13 Provides: bundled(php-pear-pear_exception) = 1.0.2 Provides: bundled(php-psr-container) = 1.1.2 Provides: bundled(php-psr-http-client) = 1.0.3 Provides: bundled(php-psr-http-factory) = 1.0.2 Provides: bundled(php-psr-http-message) = 1.0.1 Provides: bundled(php-ralouphie-getallheaders) = 3.0.3 Provides: bundled(php-symfony-deprecation-contracts) = 2.5.2 Provides: bundled(php-symfony-polyfill-php80) = 1.28.0 Provides: bundled(php-symfony-polyfill-php81) = 1.28.0 Provides: bundled(php-symfony-polyfill-php82) = 1.28.0 Provides: bundled(php-symfony-polyfill-php83) = 1.28.0 Provides: bundled(php-symfony-yaml) = 5.4.23 Provides: bundled(php-wikimedia-at-ease) = 2.1.0 Provides: bundled(php-wikimedia-common-passwords) = 0.5.0 Provides: bundled(php-wikimedia-composer-merge-plugin) = 2.1.0 Provides: bundled(php-wikimedia-equivset) = 1.5.1 Provides: bundled(php-wikimedia-timestamp) = 4.1.1 Provides: bundled(php-wikimedia-base-convert) = 2.0.2 Provides: bundled(php-wikimedia-bcp-47-code) = 2.0.0 Provides: bundled(php-wikimedia-cldr-plural-rule-parser) = 2.0.0 Provides: bundled(php-wikimedia-composer-merge-plugin) = 2.0.1 Provides: bundled(php-wikimedia-html-formatter) = 4.0.3 Provides: bundled(php-wikimedia-ip-utils) = 4.0.0 Provides: bundled(php-wikimedia-langconv) = 0.4.2 Provides: bundled(php-wikimedia-less.php) = 4.1.1 Provides: bundled(php-wikimedia-minify) = 2.5.1 Provides: bundled(php-wikimedia-normalized-exception) = 1.0.1 Provides: bundled(php-wikimedia-object-factory) = 5.0.1 Provides: bundled(php-wikimedia-parsoid) = 0.18.2 Provides: bundled(php-wikimedia-php-session-serializer) = 2.0.1 Provides: bundled(php-wikimedia-purtle) = 1.0.8 Provides: bundled(php-wikimedia-relpath) = 3.0.0 Provides: bundled(php-wikimedia-remex-html) = 4.0.1 Provides: bundled(php-wikimedia-request-timeout) = 1.2.0 Provides: bundled(php-wikimedia-running-stat) = 2.1.0 Provides: bundled(php-wikimedia-scoped-callback) = 4.0.0 Provides: bundled(php-wikimedia-services) = 3.0.0 Provides: bundled(php-wikimedia-shellbox) = 4.0.0 Provides: bundled(php-wikimedia-timestamp) = 4.1.0 Provides: bundled(php-wikimedia-wait-condition-loop) = 2.0.2 Provides: bundled(php-wikimedia-wrappedstring) = 4.0.1 Provides: bundled(php-wikimedia-xmp-reader) = 0.9.1 Provides: bundled(php-wikimedia-zest-css) = 3.0.0 %description MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under %{_pkgdocdir}/README.RPM. Remember to remove the config dir after completing the configuration. %prep %autosetup # Remove extension as it ships a bundled lua binary rm -rf extensions/Scribunto # Remove bundled PHP libraries in order to use system versions rm -rf vendor/composer/*php rm -rf vendor/composer/*json rm -rf vendor/composer/LICENSE rm -rf vendor/cssjanus rm -rf vendor/liuggio rm -rf vendor/oojs #rm -rf vendor/oyejorge rm -rf vendor/pear/mail rm -rf vendor/pear/mail_mime rm -rf vendor/pear/mail_mime-decode rm -rf vendor/psr/log rm -rf vendor/wikimedia/assert rm -rf vendor/wikimedia/avro rm -rf vendor/wikimedia/cdb rm -rf vendor/wikimedia/composer-merge-plugin rm -rf vendor/wikimedia/ip-set rm -rf vendor/wikimedia/utfnormal rm -rf vendor/zordius ln -s %{_datadir}/php/cssjanus vendor/cssjanus-shared ln -s %{_datadir}/php/Liuggio vendor/liuggio-shared ln -s %{_datadir}/php/OOUI vendor/oojs-shared #ln -s %%{_datadir}/php/lessphp vendor/oyejorge-shared ln -s %{_datadir}/pear/Mail vendor/pear/mail-shared ln -s %{_datadir}/php/Psr vendor/psr-shared ln -s %{_datadir}/php/Wikimedia vendor/wikimedia/assert-shared ln -s %{_datadir}/php/avro vendor/wikimedia/avro-shared ln -s %{_datadir}/php/Cdb vendor/wikimedia/cdb-shared ln -s %{_datadir}/php/IPSet vendor/wikimedia/ip-set-shared ln -s %{_datadir}/php/UtfNormal vendor/wikimedia/utfnormal-shared ln -s %{_datadir}/php/zordius vendor/zordius-shared # Fix up Python shebangs %py3_shebang_fix \ maintenance/language/zhtable/Makefile.py \ extensions/ConfirmEdit/captcha.py \ extensions/SyntaxHighlight_GeSHi/pygments/create_pygmentize_bundle %build %{_bindir}/php -d memory_limit=1G %{_bindir}/phpab --follow --tolerant --output vendor/autoload.php vendor echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/at-ease/src/Wikimedia/Functions.php';" >> vendor/autoload.php echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/base-convert/src/Functions.php';" >> vendor/autoload.php echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/html-formatter/src/HtmlFormatter.php';" >> vendor/autoload.php echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/php-session-serializer/src/Wikimedia/PhpSessionSerializer.php';" >> vendor/autoload.php echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/timestamp/src/defines.php';" >> vendor/autoload.php echo "require dirname(dirname(__FILE__)) . '/vendor/wikimedia/relpath/src/Wikimedia/RelPath.php';" >> vendor/autoload.php %install # move away the documentation to the final folder. cp -p %{SOURCE3} . # now copy the rest to the buildroot. mkdir -p %{buildroot}%{_datadir}/mediawiki cp -a * %{buildroot}%{_datadir}/mediawiki/ # remove unneeded parts rm -fr %{buildroot}%{_datadir}/mediawiki/{t,test,tests} rm -fr %{buildroot}%{_datadir}/mediawiki/includes/zhtable find %{buildroot}%{_datadir}/mediawiki/ \ \( -name .htaccess -or -name \*.cmi \) \ | xargs -r rm rm -fr %{buildroot}%{_datadir}/mediawiki/maintenance/hhvm/ # fix permissions find %{buildroot}%{_datadir}/mediawiki -name \*.pl | xargs -r chmod +x chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/storage/make-blobs chmod +x %{buildroot}%{_datadir}/mediawiki/extensions/ConfirmEdit/captcha.py # remove version control/patch files find %{buildroot} -name .svnignore | xargs -r rm find %{buildroot} -name \*.commoncode | xargs -r rm find %{buildroot} -name .gitreview | xargs -r rm find %{buildroot} -name .jshintignore | xargs -r rm find %{buildroot} -name .jshintrc | xargs -r rm # placeholder for a default instance mkdir -p %{buildroot}/var/www/wiki mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/ install -p -m 0644 %{SOURCE2} \ %{buildroot}%{_sysconfdir}/httpd/conf.d/mediawiki.conf # tools for keeping mediawiki instances current mkdir -p %{buildroot}%{_sbindir} sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \ < %{SOURCE4} > %{buildroot}%{_sbindir}/mw-createinstance sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \ < %{SOURCE5} > %{buildroot}%{_sbindir}/mw-updateallinstances chmod 0755 %{buildroot}%{_sbindir}/mw-* mkdir %{buildroot}%{_sysconfdir}/mediawiki echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances %check php maintenance/install.php \ --dbtype sqlite \ --dbname mediawiki-test \ --dbpath /tmp \ --pass test123456 \ Test test cd tests/phpunit # Database tests currently fail on the 1.26 release series # https://phabricator.wikimedia.org/T122301 # KafkaHandlerTest tests now fail in 1.26.3 #make database # Some tests now fail on the 1.27 release series. #FLAGS="--exclude-group Broken,ParserFuzz,Destructive,Database,Stub,default" make phpunit %post %{_sbindir}/mw-updateallinstances >> /var/log/mediawiki-updates.log 2>&1 || : %files %doc FAQ HISTORY README.md README.RPM RELEASE-NOTES-1.41 UPGRADE CREDITS docs %license COPYING %{_datadir}/mediawiki /var/www/wiki %config(noreplace) %{_sysconfdir}/httpd/conf.d/mediawiki.conf %dir %{_sysconfdir}/mediawiki %config(noreplace) %{_sysconfdir}/mediawiki/instances %{_sbindir}/mw-createinstance %{_sbindir}/mw-updateallinstances %changelog * Mon Dec 09 2024 Orion Poplawski - 1.41.1-3 - Use run.php for maintenance scripts (rhbz#2330978) * Thu Jul 18 2024 Fedora Release Engineering - 1.41.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri May 03 2024 Michael Cronenworth - 1.41.1-1 - Update to 1.41.1 * Thu Jan 25 2024 Fedora Release Engineering - 1.40.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 1.40.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Aug 23 2023 Michael Cronenworth - 1.40.0-1 - Update to 1.40.0 * Thu Jul 20 2023 Fedora Release Engineering - 1.39.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Apr 01 2023 Michael Cronenworth - 1.39.3-1 - Update to 1.39.3 * Sun Feb 26 2023 Michael Cronenworth - 1.39.2-1 - Update to 1.39.2 - https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.2 - Change ImageMagick to a weak dependency * Sun Feb 26 2023 Orion Poplawski - 1.39.1-3 - Add tags for skins in apache httpd config (bz#2171908) * Thu Jan 19 2023 Fedora Release Engineering - 1.39.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jan 10 2023 Michael Cronenworth - 1.39.1-1 - Update to 1.39.1 - https://www.mediawiki.org/wiki/Release_notes/1.39#MediaWiki_1.39.1 * Tue Nov 01 2022 Michael Cronenworth - 1.38.4-1 - Update to 1.38.4 * Thu Sep 01 2022 Michael Cronenworth - 1.38.2-1 - Update to 1.38.2 - https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.2 * Thu Jul 21 2022 Fedora Release Engineering - 1.38.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jun 16 2022 Michael Cronenworth - 1.38.1-1 - Update to 1.38.1 - https://www.mediawiki.org/wiki/Release_notes/1.38#MediaWiki_1.38.1 * Sat Mar 12 2022 Orion Poplawski - 1.37.1-3 - Avoid dangling symlinks in mw-createinstane, install rest.php * Thu Jan 20 2022 Fedora Release Engineering - 1.37.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Dec 21 2021 Michael Cronenworth - 1.37.1-1 - Update to 1.37.1 - https://www.mediawiki.org/wiki/Release_notes/1.37#MediaWiki_1.37.1 * Mon Oct 04 2021 Michael Cronenworth - 1.36.2-1 - Update to 1.36.2 - https://www.mediawiki.org/wiki/Release_notes/1.36#MediaWiki_1.36.2 * Thu Jul 22 2021 Fedora Release Engineering - 1.36.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jun 02 2021 Michael Cronenworth - 1.36.0-1 - Update to 1.36.0 - https://www.mediawiki.org/wiki/Release_notes/1.36 * Mon Apr 12 2021 Michael Cronenworth - 1.35.2-1 - Update to 1.35.2 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2021-April/000272.html * Tue Jan 26 2021 Fedora Release Engineering - 1.35.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Dec 18 2020 Michael Cronenworth - 1.35.1-1 - Update to 1.35.1 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html * Wed Dec 02 2020 Michael Cronenworth - 1.35.0-1 - Update to 1.35.0 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000263.html * Fri Sep 25 2020 Michael Cronenworth - 1.34.4-1 - Update to 1.34.4 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000262.html * Thu Sep 24 2020 Michael Cronenworth - 1.34.3-1 - Update to 1.34.3 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-September/000260.html * Tue Jul 28 2020 Fedora Release Engineering - 1.34.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jun 25 2020 Michael Cronenworth - 1.34.2-1 - Update to 1.34.2 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000252.html * Thu Mar 26 2020 Michael Cronenworth - 1.34.1-1 - Update to 1.34.1 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000252.html * Thu Mar 05 2020 Michael Cronenworth - 1.34.0-1 - Update to 1.34.0 * Wed Jan 29 2020 Fedora Release Engineering - 1.33.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Oct 07 2019 Michael Cronenworth - 1.33.1-1 - Update to 1.33.1 * Fri Sep 13 2019 Michael Cronenworth - 1.33.0-2 - Change python support from 2 to 3 (RHBZ#1738080) * Fri Sep 13 2019 Michael Cronenworth - 1.33.0-1 - Update to 1.33.0 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-July/000235.html * Thu Jul 25 2019 Fedora Release Engineering - 1.32.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jun 06 2019 Michael Cronenworth - 1.32.2-1 - Update to 1.32.2 - https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000230.html * Wed May 01 2019 Michael Cronenworth - 1.32.1-1 - Update to 1.32.1 - https://www.mediawiki.org/wiki/MediaWiki_1.32 * Fri Feb 01 2019 Fedora Release Engineering - 1.29.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Sep 28 2018 Michael Cronenworth - 1.29.3-1 - Update to 1.29.3 - https://www.mediawiki.org/wiki/Release_notes/1.29#MediaWiki_1.29.3 * Fri Jul 13 2018 Fedora Release Engineering - 1.29.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 08 2018 Fedora Release Engineering - 1.29.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Nov 20 2017 Michael Cronenworth - 1.29.2-2 - Add links to new libraries (rhbz#1515022) * Thu Nov 16 2017 Michael Cronenworth - 1.29.2-1 - Update to 1.29.2 * Mon Sep 18 2017 Michael Cronenworth - 1.29.1-1 - Update to 1.29.1 * Wed Jul 26 2017 Fedora Release Engineering - 1.29.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon Jul 17 2017 Michael Cronenworth - 1.29.0-1 - Update to 1.29.0 * Mon May 01 2017 Michael Cronenworth - 1.28.2-1 - Update to 1.28.2 - https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.2 * Fri Apr 07 2017 Michael Cronenworth - 1.28.1-2 - Remove hhvm pieces * Thu Apr 06 2017 Michael Cronenworth - 1.28.1-1 - Update to 1.28.1 - https://www.mediawiki.org/wiki/Release_notes/1.28#MediaWiki_1.28.1 * Fri Feb 10 2017 Fedora Release Engineering - 1.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Nov 30 2016 Michael Cronenworth - 1.28.0-1 - Update to 1.28.0 - https://www.mediawiki.org/wiki/MediaWiki_1.28 * Mon Nov 28 2016 Michael Cronenworth - 1.27.1-2 - Add relpath to autoloader. (rhbz#1398171) * Sun Aug 28 2016 Michael Cronenworth - 1.27.1-1 - Update to 1.27.1 - https://www.mediawiki.org/wiki/MediaWiki_1.27 * Wed Jun 29 2016 Michael Cronenworth - 1.26.3-2 - PHP 7 rebuild * Fri Jun 24 2016 Michael Cronenworth - 1.26.3-1 - Update to 1.26.3 - https://www.mediawiki.org/wiki/Release_notes/1.26#MediaWiki_1.26.3 * Thu Feb 04 2016 Fedora Release Engineering - 1.26.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Dec 23 2015 Michael Cronenworth - 1.26.2-1 - Update to 1.26.2 - https://www.mediawiki.org/wiki/Release_notes/1.26#MediaWiki_1.26.2 * Sun Nov 29 2015 Michael Cronenworth - 1.26.0-1 - Update to 1.26.0 - https://www.mediawiki.org/wiki/Release_notes/1.26#MediaWiki_1.26.0 * Wed Oct 21 2015 Michael Cronenworth - 1.25.3-1 - Update to 1.25.3 - https://www.mediawiki.org/wiki/Release_notes/1.25#MediaWiki_1.25.3 * Wed Aug 19 2015 Michael Cronenworth - 1.25.2-2 - Rename shared library directories to not confict with old bundled names * Tue Aug 18 2015 Michael Cronenworth - 1.25.2-1 - Update to 1.25.2 - https://www.mediawiki.org/wiki/Release_notes/1.25#MediaWiki_1.25.2 * Wed Jun 24 2015 Michael Cronenworth - 1.25.1-3 - Temp workaround for RHBZ#1230630 - Enable tests * Wed Jun 17 2015 Fedora Release Engineering - 1.25.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue May 26 2015 Michael Cronenworth - 1.25.1-1 - Update to 1.25.1 - http://www.mediawiki.org/wiki/MediaWiki_1.25 * Thu May 21 2015 Michael Cronenworth - 1.24.2-2 - Less restrictive requires on webserver and php engine (rhbz#1223712) * Wed Apr 01 2015 Michael Cronenworth - 1.24.2-1 - Update to 1.24.2 - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks. - (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS. - (bug T88310) SECURITY: Always expand xml entities when checking SVG's. - (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. - (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview. - (bug T64685) SECURITY: Allow setting maximal password length to prevent DoS when using PBKDF2. - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy. - Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix loading these special pages when $wgAutoloadAttemptLowercase is false. - (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL. - (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change and running update.php to fix. * Thu Dec 18 2014 Michael Cronenworth - 1.24.1-1 - Update to 1.24.1 - (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this. - (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name. - (bug T74222) The original patch for T74222 was reverted as unnecessary. - Fixed a couple of entries in RELEASE-NOTES-1.24. - (bug T76168) OutputPage: Add accessors for some protected properties. - (bug T74834) Make 1.24 branch directly installable under PostgreSQL. * Fri Nov 28 2014 Michael Cronenworth - 1.24.0-1 - Update to 1.24.0 - Release notes: http://www.mediawiki.org/wiki/Release_notes/1.24 * Mon Nov 03 2014 Michael Cronenworth - 1.23.6-1 - Update to 1.23.6 - (bug 67440) Allow classes to be registered properly from installer - (bug 72274) Job queue not running (HTTP 411) due to missing Content-Length: header * Thu Oct 02 2014 Michael Cronenworth - 1.23.5-1 - Update to 1.23.5 - CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance. * Fri Sep 26 2014 Michael Cronenworth - 1.23.4-1 - Update to 1.23.4 - (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter