Re: Question on proposed integration of MediaWiki 1.19.3 in wheezy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
> Can you provide us with a filtered debfiff of the 1.19.3? Just
> remember to let us know what filtering you used (e.g. filterdiff -x
> '*/messages/Messages*.php' ).
find attached the filtered diff. It was created using:
filterdiff \
-x '*/includes/installer/Installer.i18n.php' \
-x '*/languages/messages/Messages*.php' \
-x '*/tests/phpunit/languages/*.php' \
mediawiki_1.19.2-2_1.19.3-0.1.debdiff \
>mediawiki_1.19.2-2_1.19.3-0.1_wo_translations.diff
I'd really appreciate your acknowledgement of 1.19.3 because it would
really ease life for everyone involved.
Cheers,
Nik
- --
* mirabilos is handling my post-1990 smartphone *
<mirabilos> Aaah, it vibrates! Wherefor art thou, daemonic device??
PGP fingerprint: 2086 9A4B E67D 1DCD FFF6 F6C1 59FC 8E1D 6F2A 8001
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQFOBAEBCAA4BQJQyF7VMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAHh1gf/S/DBIbBnYJrsamSeU07g
/6rETCAfm2f0EnumpiV6AG8M9+mW8f9u4OmNna3btAErgtg/H+WlN0clTK32/AB/
k3JD7hSwTmG4nTAP7jabPVZO6zdDjpPn1vk4CiKrqKDdf+lr+LrEmgliIjc3Bk21
CQllneMniT7JSpMQoDxb+Ywrwno1XTFfmZrw3RxavhxmV4rxEWLCYBWQP+HpPnNq
+cnprcg3iEd+sDJT7SqWvcmV+jrmN2RfPwKOn3dlIQaNsfyGqayl+fUkn15ClCKG
/hGZ5kKFiFASx6F0qon+QF7/02qpbHE6q1QXEuyuvJ9PIRe2ewuxzUFqZW75H3q3
0w==
=vsZB
-----END PGP SIGNATURE-----
diff -Nru mediawiki-1.19.2/debian/changelog mediawiki-1.19.3/debian/changelog
--- mediawiki-1.19.2/debian/changelog 2012-10-02 14:09:51.000000000 +0200
+++ mediawiki-1.19.3/debian/changelog 2012-12-12 09:47:27.000000000 +0100
@@ -1,3 +1,14 @@
+mediawiki (1:1.19.3-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream version fixes security issues (Closes: 694998).
+ + Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+ https://bugzilla.wikimedia.org/show_bug.cgi?id=40995
+ + Prevent linker regex from exceeding PCRE backtrack limit
+ https://bugzilla.wikimedia.org/show_bug.cgi?id=41400
+
+ -- Dominik George <nik@naturalnet.de> Wed, 12 Dec 2012 09:44:08 +0100
+
mediawiki (1:1.19.2-2) unstable; urgency=low
* debian/watch: mangle the epoch away so DDPO is green again
diff -Nru mediawiki-1.19.2/includes/DefaultSettings.php mediawiki-1.19.3/includes/DefaultSettings.php
--- mediawiki-1.19.2/includes/DefaultSettings.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/DefaultSettings.php 2012-11-29 19:36:12.000000000 +0100
@@ -33,7 +33,7 @@
/** @endcond */
/** MediaWiki version number */
-$wgVersion = '1.19.2';
+$wgVersion = '1.19.3';
/** Name of the site. It must be changed in LocalSettings.php */
$wgSitename = 'MediaWiki';
diff -Nru mediawiki-1.19.2/includes/GlobalFunctions.php mediawiki-1.19.3/includes/GlobalFunctions.php
--- mediawiki-1.19.2/includes/GlobalFunctions.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/GlobalFunctions.php 2012-11-29 19:36:12.000000000 +0100
@@ -3293,6 +3293,23 @@
}
/**
+ * Check if there is sufficent entropy in php's built-in session generation
+ * PHP's built-in session entropy is enabled if:
+ * - entropy_file is set or you're on Windows with php 5.3.3+
+ * - AND entropy_length is > 0
+ * We treat it as disabled if it doesn't have an entropy length of at least 32
+ *
+ * @return bool true = there is sufficient entropy
+ */
+function wfCheckEntropy() {
+ return (
+ ( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
+ || ini_get( 'session.entropy_file' )
+ )
+ && intval( ini_get( 'session.entropy_length' ) ) >= 32;
+}
+
+/**
* Override session_id before session startup if php's built-in
* session generation code is not secure.
*/
@@ -3302,16 +3319,8 @@
return;
}
- // PHP's built-in session entropy is enabled if:
- // - entropy_file is set or you're on Windows with php 5.3.3+
- // - AND entropy_length is > 0
- // We treat it as disabled if it doesn't have an entropy length of at least 32
- $entropyEnabled = (
- ( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
- || ini_get( 'session.entropy_file' )
- )
- && intval( ini_get( 'session.entropy_length' ) ) >= 32;
-
+ $entropyEnabled = wfCheckEntropy();
+
// If built-in entropy is not enabled or not sufficient override php's built in session id generation code
if ( !$entropyEnabled ) {
wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, overriding session id generation using our cryptrand source.\n" );
diff -Nru mediawiki-1.19.2/includes/installer/Installer.i18n.php mediawiki-1.19.3/includes/installer/Installer.i18n.php
diff -Nru mediawiki-1.19.2/includes/installer/Installer.php mediawiki-1.19.3/includes/installer/Installer.php
--- mediawiki-1.19.2/includes/installer/Installer.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/installer/Installer.php 2012-11-29 19:36:12.000000000 +0100
@@ -756,6 +756,11 @@
/**
* Environment check for the PCRE module.
+ *
+ * @note If this check were to fail, the parser would
+ * probably throw an exception before the result
+ * of this check is shown to the user.
+ * @return bool
*/
protected function envCheckPCRE() {
if ( !function_exists( 'preg_match' ) ) {
@@ -764,8 +769,13 @@
}
wfSuppressWarnings();
$regexd = preg_replace( '/[\x{0430}-\x{04FF}]/iu', '', '-Ð?Ð?Ð?Ð?Ð?-' );
+ // Need to check for \p support too, as PCRE can be compiled
+ // with utf8 support, but not unicode property support.
+ // check that \p{Zs} (space separators) matches
+ // U+3000 (Ideographic space)
+ $regexprop = preg_replace( '/\p{Zs}/u', '', "-\xE3\x80\x80-" );
wfRestoreWarnings();
- if ( $regexd != '--' ) {
+ if ( $regexd != '--' || $regexprop != '--' ) {
$this->showError( 'config-pcre-no-utf8' );
return false;
}
diff -Nru mediawiki-1.19.2/includes/Linker.php mediawiki-1.19.3/includes/Linker.php
--- mediawiki-1.19.2/includes/Linker.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/Linker.php 2012-11-29 19:36:12.000000000 +0100
@@ -1213,7 +1213,18 @@
self::$commentContextTitle = $title;
self::$commentLocal = $local;
$html = preg_replace_callback(
- '/\[\[:?(.*?)(\|(.*?))*\]\]([^[]*)/',
+ '/
+ \[\[
+ :? # ignore optional leading colon
+ ([^\]|]+) # 1. link target; page names cannot include ] or |
+ (?:\|
+ # 2. a pipe-separated substring; only the last is captured
+ # Stop matching at | and ]] without relying on backtracking.
+ ((?:]?[^\]|])*+)
+ )*
+ \]\]
+ ([^[]*) # 3. link trail (the text up until the next link)
+ /x',
array( 'Linker', 'formatLinksInCommentCallback' ),
$comment );
self::$commentContextTitle = null;
@@ -1239,8 +1250,8 @@
}
# Handle link renaming [[foo|text]] will show link as "text"
- if ( $match[3] != "" ) {
- $text = $match[3];
+ if ( $match[2] != "" ) {
+ $text = $match[2];
} else {
$text = $match[1];
}
@@ -1255,7 +1266,7 @@
}
} else {
# Other kind of link
- if ( preg_match( $wgContLang->linkTrail(), $match[4], $submatch ) ) {
+ if ( preg_match( $wgContLang->linkTrail(), $match[3], $submatch ) ) {
$trail = $submatch[1];
} else {
$trail = "";
diff -Nru mediawiki-1.19.2/includes/Message.php mediawiki-1.19.3/includes/Message.php
--- mediawiki-1.19.2/includes/Message.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/Message.php 2012-11-29 19:36:12.000000000 +0100
@@ -515,7 +515,6 @@
* Extracts the parameter type and preprocessed the value if needed.
* @param $param String|Array: Parameter as defined in this class.
* @return Tuple(type, value)
- * @throws MWException
*/
protected function extractParam( $param ) {
if ( is_array( $param ) && isset( $param['raw'] ) ) {
@@ -527,7 +526,11 @@
} elseif ( !is_array( $param ) ) {
return array( 'before', $param );
} else {
- throw new MWException( "Invalid message parameter" );
+ trigger_error(
+ "Invalid message parameter: " . htmlspecialchars( serialize( $param ) ),
+ E_USER_WARNING
+ );
+ return array( 'before', '[INVALID]' );
}
}
diff -Nru mediawiki-1.19.2/includes/parser/Parser.php mediawiki-1.19.3/includes/parser/Parser.php
--- mediawiki-1.19.2/includes/parser/Parser.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/parser/Parser.php 2012-11-29 19:36:12.000000000 +0100
@@ -1481,6 +1481,9 @@
wfProfileIn( __METHOD__ );
$bits = preg_split( $this->mExtLinkBracketedRegex, $text, -1, PREG_SPLIT_DELIM_CAPTURE );
+ if ( $bits === false ) {
+ throw new MWException( "PCRE needs to be compiled with --enable-unicode-properties in order for MediaWiki to function" );
+ }
$s = array_shift( $bits );
$i = 0;
diff -Nru mediawiki-1.19.2/includes/specials/SpecialUserlogin.php mediawiki-1.19.3/includes/specials/SpecialUserlogin.php
--- mediawiki-1.19.2/includes/specials/SpecialUserlogin.php 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/includes/specials/SpecialUserlogin.php 2012-11-29 19:36:12.000000000 +0100
@@ -745,6 +745,8 @@
$userLang = Language::factory( $code );
$wgLang = $userLang;
$this->getContext()->setLanguage( $userLang );
+ // Reset SessionID on Successful login (bug 40995)
+ $this->renewSessionId();
return $this->successfulLogin();
} else {
return $this->cookieRedirectCheck( 'login' );
@@ -1179,6 +1181,23 @@
$wgRequest->setSessionData( 'wsCreateaccountToken', null );
}
+ /**
+ * Renew the user's session id, using strong entropy
+ */
+ private function renewSessionId() {
+ if ( wfCheckEntropy() ) {
+ session_regenerate_id( false );
+ } else {
+ //If we don't trust PHP's entropy, we have to replace the session manually
+ $tmp = $_SESSION;
+ session_unset();
+ session_write_close();
+ session_id( MWCryptRand::generateHex( 32 ) );
+ session_start();
+ $_SESSION = $tmp;
+ }
+ }
+
/**
* @private
*/
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAce.php mediawiki-1.19.3/languages/messages/MessagesAce.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAf.php mediawiki-1.19.3/languages/messages/MessagesAf.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAm.php mediawiki-1.19.3/languages/messages/MessagesAm.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesArc.php mediawiki-1.19.3/languages/messages/MessagesArc.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesArn.php mediawiki-1.19.3/languages/messages/MessagesArn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAr.php mediawiki-1.19.3/languages/messages/MessagesAr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesArz.php mediawiki-1.19.3/languages/messages/MessagesArz.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAs.php mediawiki-1.19.3/languages/messages/MessagesAs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAst.php mediawiki-1.19.3/languages/messages/MessagesAst.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAv.php mediawiki-1.19.3/languages/messages/MessagesAv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesAz.php mediawiki-1.19.3/languages/messages/MessagesAz.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBa.php mediawiki-1.19.3/languages/messages/MessagesBa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBar.php mediawiki-1.19.3/languages/messages/MessagesBar.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBcl.php mediawiki-1.19.3/languages/messages/MessagesBcl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBe.php mediawiki-1.19.3/languages/messages/MessagesBe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBe_tarask.php mediawiki-1.19.3/languages/messages/MessagesBe_tarask.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBg.php mediawiki-1.19.3/languages/messages/MessagesBg.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBn.php mediawiki-1.19.3/languages/messages/MessagesBn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBo.php mediawiki-1.19.3/languages/messages/MessagesBo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBr.php mediawiki-1.19.3/languages/messages/MessagesBr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesBs.php mediawiki-1.19.3/languages/messages/MessagesBs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCa.php mediawiki-1.19.3/languages/messages/MessagesCa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCeb.php mediawiki-1.19.3/languages/messages/MessagesCeb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCkb.php mediawiki-1.19.3/languages/messages/MessagesCkb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCrh_cyrl.php mediawiki-1.19.3/languages/messages/MessagesCrh_cyrl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCrh_latn.php mediawiki-1.19.3/languages/messages/MessagesCrh_latn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCs.php mediawiki-1.19.3/languages/messages/MessagesCs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCu.php mediawiki-1.19.3/languages/messages/MessagesCu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesCy.php mediawiki-1.19.3/languages/messages/MessagesCy.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDa.php mediawiki-1.19.3/languages/messages/MessagesDa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDe_ch.php mediawiki-1.19.3/languages/messages/MessagesDe_ch.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDe_formal.php mediawiki-1.19.3/languages/messages/MessagesDe_formal.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDe.php mediawiki-1.19.3/languages/messages/MessagesDe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDiq.php mediawiki-1.19.3/languages/messages/MessagesDiq.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDsb.php mediawiki-1.19.3/languages/messages/MessagesDsb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesDtp.php mediawiki-1.19.3/languages/messages/MessagesDtp.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEl.php mediawiki-1.19.3/languages/messages/MessagesEl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEn.php mediawiki-1.19.3/languages/messages/MessagesEn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEo.php mediawiki-1.19.3/languages/messages/MessagesEo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEs.php mediawiki-1.19.3/languages/messages/MessagesEs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEt.php mediawiki-1.19.3/languages/messages/MessagesEt.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesEu.php mediawiki-1.19.3/languages/messages/MessagesEu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFa.php mediawiki-1.19.3/languages/messages/MessagesFa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFf.php mediawiki-1.19.3/languages/messages/MessagesFf.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFi.php mediawiki-1.19.3/languages/messages/MessagesFi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFo.php mediawiki-1.19.3/languages/messages/MessagesFo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFr.php mediawiki-1.19.3/languages/messages/MessagesFr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesFrp.php mediawiki-1.19.3/languages/messages/MessagesFrp.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGan_hans.php mediawiki-1.19.3/languages/messages/MessagesGan_hans.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGan_hant.php mediawiki-1.19.3/languages/messages/MessagesGan_hant.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGd.php mediawiki-1.19.3/languages/messages/MessagesGd.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGl.php mediawiki-1.19.3/languages/messages/MessagesGl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGsw.php mediawiki-1.19.3/languages/messages/MessagesGsw.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesGu.php mediawiki-1.19.3/languages/messages/MessagesGu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHa.php mediawiki-1.19.3/languages/messages/MessagesHa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHe.php mediawiki-1.19.3/languages/messages/MessagesHe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHif_latn.php mediawiki-1.19.3/languages/messages/MessagesHif_latn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHil.php mediawiki-1.19.3/languages/messages/MessagesHil.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHi.php mediawiki-1.19.3/languages/messages/MessagesHi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHr.php mediawiki-1.19.3/languages/messages/MessagesHr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHsb.php mediawiki-1.19.3/languages/messages/MessagesHsb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHu.php mediawiki-1.19.3/languages/messages/MessagesHu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesHy.php mediawiki-1.19.3/languages/messages/MessagesHy.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesIa.php mediawiki-1.19.3/languages/messages/MessagesIa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesId.php mediawiki-1.19.3/languages/messages/MessagesId.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesIlo.php mediawiki-1.19.3/languages/messages/MessagesIlo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesInh.php mediawiki-1.19.3/languages/messages/MessagesInh.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesIs.php mediawiki-1.19.3/languages/messages/MessagesIs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesIt.php mediawiki-1.19.3/languages/messages/MessagesIt.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesJa.php mediawiki-1.19.3/languages/messages/MessagesJa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesJbo.php mediawiki-1.19.3/languages/messages/MessagesJbo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKab.php mediawiki-1.19.3/languages/messages/MessagesKab.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKa.php mediawiki-1.19.3/languages/messages/MessagesKa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKhw.php mediawiki-1.19.3/languages/messages/MessagesKhw.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKiu.php mediawiki-1.19.3/languages/messages/MessagesKiu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKk_arab.php mediawiki-1.19.3/languages/messages/MessagesKk_arab.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKk_cyrl.php mediawiki-1.19.3/languages/messages/MessagesKk_cyrl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKk_latn.php mediawiki-1.19.3/languages/messages/MessagesKk_latn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKm.php mediawiki-1.19.3/languages/messages/MessagesKm.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKn.php mediawiki-1.19.3/languages/messages/MessagesKn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKo.php mediawiki-1.19.3/languages/messages/MessagesKo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKrc.php mediawiki-1.19.3/languages/messages/MessagesKrc.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKsh.php mediawiki-1.19.3/languages/messages/MessagesKsh.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKu_latn.php mediawiki-1.19.3/languages/messages/MessagesKu_latn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKv.php mediawiki-1.19.3/languages/messages/MessagesKv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKw.php mediawiki-1.19.3/languages/messages/MessagesKw.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesKy.php mediawiki-1.19.3/languages/messages/MessagesKy.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLad.php mediawiki-1.19.3/languages/messages/MessagesLad.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLa.php mediawiki-1.19.3/languages/messages/MessagesLa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLbe.php mediawiki-1.19.3/languages/messages/MessagesLbe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLb.php mediawiki-1.19.3/languages/messages/MessagesLb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLez.php mediawiki-1.19.3/languages/messages/MessagesLez.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLt.php mediawiki-1.19.3/languages/messages/MessagesLt.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLv.php mediawiki-1.19.3/languages/messages/MessagesLv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLzh.php mediawiki-1.19.3/languages/messages/MessagesLzh.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesLzz.php mediawiki-1.19.3/languages/messages/MessagesLzz.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMai.php mediawiki-1.19.3/languages/messages/MessagesMai.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMdf.php mediawiki-1.19.3/languages/messages/MessagesMdf.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMg.php mediawiki-1.19.3/languages/messages/MessagesMg.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMhr.php mediawiki-1.19.3/languages/messages/MessagesMhr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMin.php mediawiki-1.19.3/languages/messages/MessagesMin.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMk.php mediawiki-1.19.3/languages/messages/MessagesMk.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMl.php mediawiki-1.19.3/languages/messages/MessagesMl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMn.php mediawiki-1.19.3/languages/messages/MessagesMn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMr.php mediawiki-1.19.3/languages/messages/MessagesMr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMs.php mediawiki-1.19.3/languages/messages/MessagesMs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMt.php mediawiki-1.19.3/languages/messages/MessagesMt.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMyv.php mediawiki-1.19.3/languages/messages/MessagesMyv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesMzn.php mediawiki-1.19.3/languages/messages/MessagesMzn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNah.php mediawiki-1.19.3/languages/messages/MessagesNah.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNb.php mediawiki-1.19.3/languages/messages/MessagesNb.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNds_nl.php mediawiki-1.19.3/languages/messages/MessagesNds_nl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNds.php mediawiki-1.19.3/languages/messages/MessagesNds.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNe.php mediawiki-1.19.3/languages/messages/MessagesNe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNl_informal.php mediawiki-1.19.3/languages/messages/MessagesNl_informal.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNl.php mediawiki-1.19.3/languages/messages/MessagesNl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNn.php mediawiki-1.19.3/languages/messages/MessagesNn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesNso.php mediawiki-1.19.3/languages/messages/MessagesNso.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesOc.php mediawiki-1.19.3/languages/messages/MessagesOc.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesOr.php mediawiki-1.19.3/languages/messages/MessagesOr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesOs.php mediawiki-1.19.3/languages/messages/MessagesOs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPam.php mediawiki-1.19.3/languages/messages/MessagesPam.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPa.php mediawiki-1.19.3/languages/messages/MessagesPa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPcd.php mediawiki-1.19.3/languages/messages/MessagesPcd.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPdc.php mediawiki-1.19.3/languages/messages/MessagesPdc.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPfl.php mediawiki-1.19.3/languages/messages/MessagesPfl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPl.php mediawiki-1.19.3/languages/messages/MessagesPl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPms.php mediawiki-1.19.3/languages/messages/MessagesPms.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPs.php mediawiki-1.19.3/languages/messages/MessagesPs.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPt_br.php mediawiki-1.19.3/languages/messages/MessagesPt_br.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesPt.php mediawiki-1.19.3/languages/messages/MessagesPt.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesQqq.php mediawiki-1.19.3/languages/messages/MessagesQqq.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesQu.php mediawiki-1.19.3/languages/messages/MessagesQu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesRm.php mediawiki-1.19.3/languages/messages/MessagesRm.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesRoa_tara.php mediawiki-1.19.3/languages/messages/MessagesRoa_tara.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesRo.php mediawiki-1.19.3/languages/messages/MessagesRo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesRue.php mediawiki-1.19.3/languages/messages/MessagesRue.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesRu.php mediawiki-1.19.3/languages/messages/MessagesRu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSah.php mediawiki-1.19.3/languages/messages/MessagesSah.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSa.php mediawiki-1.19.3/languages/messages/MessagesSa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesScn.php mediawiki-1.19.3/languages/messages/MessagesScn.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSh.php mediawiki-1.19.3/languages/messages/MessagesSh.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSi.php mediawiki-1.19.3/languages/messages/MessagesSi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSk.php mediawiki-1.19.3/languages/messages/MessagesSk.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSl.php mediawiki-1.19.3/languages/messages/MessagesSl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSq.php mediawiki-1.19.3/languages/messages/MessagesSq.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSr_ec.php mediawiki-1.19.3/languages/messages/MessagesSr_ec.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSr_el.php mediawiki-1.19.3/languages/messages/MessagesSr_el.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSu.php mediawiki-1.19.3/languages/messages/MessagesSu.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSv.php mediawiki-1.19.3/languages/messages/MessagesSv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesSw.php mediawiki-1.19.3/languages/messages/MessagesSw.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTa.php mediawiki-1.19.3/languages/messages/MessagesTa.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTe.php mediawiki-1.19.3/languages/messages/MessagesTe.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTet.php mediawiki-1.19.3/languages/messages/MessagesTet.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTg_cyrl.php mediawiki-1.19.3/languages/messages/MessagesTg_cyrl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTh.php mediawiki-1.19.3/languages/messages/MessagesTh.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTk.php mediawiki-1.19.3/languages/messages/MessagesTk.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTl.php mediawiki-1.19.3/languages/messages/MessagesTl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTpi.php mediawiki-1.19.3/languages/messages/MessagesTpi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTr.php mediawiki-1.19.3/languages/messages/MessagesTr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTt_cyrl.php mediawiki-1.19.3/languages/messages/MessagesTt_cyrl.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesTyv.php mediawiki-1.19.3/languages/messages/MessagesTyv.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesUdm.php mediawiki-1.19.3/languages/messages/MessagesUdm.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesUg_arab.php mediawiki-1.19.3/languages/messages/MessagesUg_arab.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesUk.php mediawiki-1.19.3/languages/messages/MessagesUk.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesUr.php mediawiki-1.19.3/languages/messages/MessagesUr.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesUz.php mediawiki-1.19.3/languages/messages/MessagesUz.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesVep.php mediawiki-1.19.3/languages/messages/MessagesVep.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesVi.php mediawiki-1.19.3/languages/messages/MessagesVi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesVot.php mediawiki-1.19.3/languages/messages/MessagesVot.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesVro.php mediawiki-1.19.3/languages/messages/MessagesVro.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesWar.php mediawiki-1.19.3/languages/messages/MessagesWar.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesYi.php mediawiki-1.19.3/languages/messages/MessagesYi.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesYo.php mediawiki-1.19.3/languages/messages/MessagesYo.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesZh_hans.php mediawiki-1.19.3/languages/messages/MessagesZh_hans.php
diff -Nru mediawiki-1.19.2/languages/messages/MessagesZh_hant.php mediawiki-1.19.3/languages/messages/MessagesZh_hant.php
diff -Nru mediawiki-1.19.2/RELEASE-NOTES-1.19 mediawiki-1.19.3/RELEASE-NOTES-1.19
--- mediawiki-1.19.2/RELEASE-NOTES-1.19 2012-08-31 00:25:34.000000000 +0200
+++ mediawiki-1.19.3/RELEASE-NOTES-1.19 2012-11-29 19:36:12.000000000 +0100
@@ -3,18 +3,28 @@
Security reminder: MediaWiki does not require PHP's register_globals
setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
+== MediaWiki 1.19.3 ==
+
+This is a security release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.2 ===
+* (bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
+* (bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
+* Increase permitted runtime for testParserTest (only used for continuous
+ integration).
+* Updated messages translations from http://translatewiki.net/
+
== MediaWiki 1.19.2 ==
-2012-08-30
This is a security release of the MediaWiki 1.19 branch
=== Changes since 1.19.1 ===
* (bug 39700) File: link to non-existing file can inject html
-* (bug 35839) Hidden block text leaking to admins
+* (bug 39823) Hidden block text leaking to admins
* (bug 39184) LDAP password leakage
* (bug 39180) Disallow framing of api results
* (bug 37587) Enforce language codes to be html safe
-* (bug 38333) Check global blocks on account creation
+* (bug 39824) Check global blocks on account creation
== MediaWiki 1.19 ==
@@ -28,6 +38,8 @@
=== Changes since 1.19.1 ===
* (bug 38406) Properly quote table names in DatabaseBase::tableName()
+* (bug 38249) Parser will throw an exception instead of outputting gibberish if
+ PCRE is compiled without support for unicode properties.
=== Changes since 1.19.0 ===
* (bug 36568) Fixed "Illegal string offset 'LIMIT'" warnings in updater
diff -Nru mediawiki-1.19.2/tests/phpunit/includes/parser/NewParserTest.php mediawiki-1.19.3/tests/phpunit/includes/parser/NewParserTest.php
--- mediawiki-1.19.2/tests/phpunit/includes/parser/NewParserTest.php 2012-08-31 00:25:35.000000000 +0200
+++ mediawiki-1.19.3/tests/phpunit/includes/parser/NewParserTest.php 2012-11-29 19:36:13.000000000 +0100
@@ -510,7 +510,10 @@
$this->file = $filename;
}
- /** @dataProvider parserTestProvider */
+ /**
+ * @group medium
+ * @dataProvider parserTestProvider
+ */
public function testParserTest( $desc, $input, $result, $opts, $config ) {
if ( $this->regex != '' && !preg_match( '/' . $this->regex . '/', $desc ) ) {
$this->assertTrue( true ); // XXX: don't flood output with "test made no assertions"
diff -Nru mediawiki-1.19.2/tests/phpunit/languages/LanguageTest.php mediawiki-1.19.3/tests/phpunit/languages/LanguageTest.php
Reply to: