[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702308: marked as done (unblock: mediawiki/1:1.19.4-1)

Your message dated Tue, 05 Mar 2013 13:22:52 +0000
with message-id <70548dd8697ab6491e157cdc48d1b486@mail.adsl.funky-badger.org>
and subject line Re: Bug#702308: unblock: mediawiki/1:1.19.4-1
has caused the Debian Bug report #702308,
regarding unblock: mediawiki/1:1.19.4-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
702308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702308
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mediawiki

This is a high urgency security fix, in a maintenance release. Upstrema has
bundled a few other changes in too, but I think they are all justified:

+    - New preference type - 'api'. Preferences of this type are not shown
+      on Special:Preferences, but are still available via the
+      action=options API.
required by:
+    - (bug 44010) Context is passed to UserGetLanguageObject.

This bug causes incorrect languages to be used in page history entries, for
example in [1] where the contributor's language has been used and not the
current user's.

1: https://www.mediawiki.org/w/index.php?title=Manual:Pywikipediabot/id&action=history

+    - The recursion guard on RequestContext::getLanguage() was weakened.

The recursion guard has been made non-fatal because it was causing a variety
of exceptions with various root causes. The behaviour now is log-and-continue.

+    - (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST

>From the commit message: "Preserve caller expectations for behaviour of
sslVerifyHost". I couldn't express it any more concisely.

+    - (bug 43518) API action=unblock should return the user name, not the
+      full user object (Closes: #702305)

This is the security bug.

+    - Increase timeout values for some tests

In production, tests are carried out against a real database which if large
enough causes timeouts. The current values are too low, this just bumps them
up a bit (enough, according to upstream - I don't have a large enough setup
to hit the problem).

Full debdiff minus language changes attached.


unblock mediawiki/1:1.19.4-1

Thanks.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

diff -Nru mediawiki-1.19.3/debian/changelog mediawiki-1.19.4/debian/changelog
--- mediawiki-1.19.3/debian/changelog	2013-02-18 09:24:25.000000000 +0000
+++ mediawiki-1.19.4/debian/changelog	2013-03-04 23:06:35.000000000 +0000
@@ -1,3 +1,19 @@
+mediawiki (1:1.19.4-1) unstable; urgency=high
+
+  * Urgency high for security fix
+  * New upstream release:
+    - New preference type - 'api'. Preferences of this type are not shown
+      on Special:Preferences, but are still available via the
+      action=options API.
+    - (bug 44010) Context is passed to UserGetLanguageObject.
+    - The recursion guard on RequestContext::getLanguage() was weakened.
+    - (bug 44135/bug 42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
+    - (bug 43518) API action=unblock should return the user name, not the
+      full user object (Closes: #702305)
+    - Increase timeout values for some tests
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Mon, 04 Mar 2013 23:06:30 +0000
+
 mediawiki (1:1.19.3-2) unstable; urgency=low
 
   * Add missing changelog entries to 1:1.19.3-1 upload (oops…)
diff -Nru mediawiki-1.19.3/docs/hooks.txt mediawiki-1.19.4/docs/hooks.txt
--- mediawiki-1.19.3/docs/hooks.txt	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/docs/hooks.txt	2013-03-04 18:11:51.000000000 +0000
@@ -2103,6 +2103,7 @@
 'UserGetLanguageObject': Called when getting user's interface language object
 $user: User object
 &$code: Langauge code that will be used to create the object
+$context: RequestContext object
 
 'UserGetReservedNames': allows to modify $wgReservedUsernames at run time
 &$reservedUsernames: $wgReservedUsernames
diff -Nru mediawiki-1.19.3/includes/api/ApiUnblock.php mediawiki-1.19.4/includes/api/ApiUnblock.php
--- mediawiki-1.19.3/includes/api/ApiUnblock.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/api/ApiUnblock.php	2013-03-04 18:11:51.000000000 +0000
@@ -78,7 +78,8 @@
 		}
 
 		$res['id'] = $block->getId();
-		$res['user'] = $block->getType() == Block::TYPE_AUTO ? '' : $block->getTarget();
+		$target = $block->getType() == Block::TYPE_AUTO ? '' : $block->getTarget();
+		$res['user'] = $target instanceof User ? $target->getName() : $target;
 		$res['reason'] = $params['reason'];
 		$this->getResult()->addValue( null, $this->getModuleName(), $res );
 	}
diff -Nru mediawiki-1.19.3/includes/AutoLoader.php mediawiki-1.19.4/includes/AutoLoader.php
--- mediawiki-1.19.3/includes/AutoLoader.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/AutoLoader.php	2013-03-04 18:11:51.000000000 +0000
@@ -98,6 +98,7 @@
 	'HistoryBlobStub' => 'includes/HistoryBlob.php',
 	'Hooks' => 'includes/Hooks.php',
 	'Html' => 'includes/Html.php',
+	'HTMLApiField' => 'includes/HTMLForm.php',
 	'HTMLCheckField' => 'includes/HTMLForm.php',
 	'HTMLEditTools' => 'includes/HTMLForm.php',
 	'HTMLFloatField' => 'includes/HTMLForm.php',
diff -Nru mediawiki-1.19.3/includes/context/RequestContext.php mediawiki-1.19.4/includes/context/RequestContext.php
--- mediawiki-1.19.3/includes/context/RequestContext.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/context/RequestContext.php	2013-03-04 18:11:51.000000000 +0000
@@ -261,21 +261,33 @@
 	}
 
 	/**
-	 * Get the Language object
+	 * Get the Language object.
+	 * Initialization of user or request objects can depend on this.
 	 *
 	 * @return Language
 	 * @since 1.19
 	 */
 	public function getLanguage() {
-		if ( $this->lang === null ) {
+		if ( isset( $this->recursion ) ) {
+			trigger_error( "Recursion detected in " . __METHOD__, E_USER_WARNING );
+			$e = new Exception;
+			wfDebugLog( 'recursion-guard', "Recursion detected:\n" . $e->getTraceAsString() );
+
+			global $wgLanguageCode;
+			$code = ( $wgLanguageCode ) ? $wgLanguageCode : 'en';
+			$this->lang = Language::factory( $code );
+		} elseif ( $this->lang === null ) {
+			$this->recursion = true;
+
 			global $wgLanguageCode, $wgContLang;
-			$code = $this->getRequest()->getVal(
-				'uselang',
-				$this->getUser()->getOption( 'language' )
-			);
+
+			$request = $this->getRequest();
+			$user = $this->getUser();
+
+			$code = $request->getVal( 'uselang', $user->getOption( 'language' ) );
 			$code = self::sanitizeLangCode( $code );
 
-			wfRunHooks( 'UserGetLanguageObject', array( $this->getUser(), &$code ) );
+			wfRunHooks( 'UserGetLanguageObject', array( $user, &$code, $this ) );
 
 			if( $code === $wgLanguageCode ) {
 				$this->lang = $wgContLang;
@@ -283,7 +295,10 @@
 				$obj = Language::factory( $code );
 				$this->lang = $obj;
 			}
+
+			unset( $this->recursion );
 		}
+
 		return $this->lang;
 	}
 
@@ -378,8 +393,8 @@
 	 *   language or a uselang param in the fauxrequest data may change the lang
 	 * - Skin will be based on the anonymous user, should be the wiki's default skin
 	 *
-	 * @param $title Title Title to use for the extraneous request
-	 * @param $request Mixed A WebRequest or data to use for a FauxRequest
+	 * @param Title $title Title to use for the extraneous request
+	 * @param WebRequest|array $request A WebRequest or data to use for a FauxRequest
 	 * @return RequestContext
 	 */
 	public static function newExtraneousContext( Title $title, $request=array() ) {
diff -Nru mediawiki-1.19.3/includes/DefaultSettings.php mediawiki-1.19.4/includes/DefaultSettings.php
--- mediawiki-1.19.3/includes/DefaultSettings.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/DefaultSettings.php	2013-03-04 18:11:51.000000000 +0000
@@ -33,7 +33,7 @@
 /** @endcond */
 
 /** MediaWiki version number */
-$wgVersion = '1.19.3';
+$wgVersion = '1.19.4';
 
 /** Name of the site. It must be changed in LocalSettings.php */
 $wgSitename = 'MediaWiki';
diff -Nru mediawiki-1.19.3/includes/HTMLForm.php mediawiki-1.19.4/includes/HTMLForm.php
--- mediawiki-1.19.3/includes/HTMLForm.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/HTMLForm.php	2013-03-04 18:11:51.000000000 +0000
@@ -57,6 +57,7 @@
 
 	// A mapping of 'type' inputs onto standard HTMLFormField subclasses
 	static $typeMappings = array(
+		'api' => 'HTMLApiField',
 		'text' => 'HTMLTextField',
 		'textarea' => 'HTMLTextAreaField',
 		'select' => 'HTMLSelectField',
@@ -2035,3 +2036,21 @@
 			. "</div></td></tr>\n";
 	}
 }
+
+class HTMLApiField extends HTMLFormField {
+	public function getTableRow( $value ) {
+		return '';
+	}
+
+	public function getDiv( $value ) {
+		return $this->getTableRow( $value );
+	}
+
+	public function getRaw( $value ) {
+		return $this->getTableRow( $value );
+	}
+
+	public function getInputHTML( $value ) {
+		return '';
+	}
+}
diff -Nru mediawiki-1.19.3/includes/HttpFunctions.php mediawiki-1.19.4/includes/HttpFunctions.php
--- mediawiki-1.19.3/includes/HttpFunctions.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/HttpFunctions.php	2013-03-04 18:11:51.000000000 +0000
@@ -690,13 +690,8 @@
 		}
 		$this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent'];
 
-		if ( isset( $this->sslVerifyHost ) ) {
-			$this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost;
-		}
-
-		if ( isset( $this->sslVerifyCert ) ) {
-			$this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
-		}
+		$this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost ? 2 : 0;
+		$this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
 
 		if ( $this->caInfo ) {
 			$this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
diff -Nru mediawiki-1.19.3/includes/Preferences.php mediawiki-1.19.4/includes/Preferences.php
--- mediawiki-1.19.3/includes/Preferences.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/Preferences.php	2013-03-04 18:11:51.000000000 +0000
@@ -1220,6 +1220,13 @@
 			$formDescriptor = array_diff_key( $formDescriptor, $removeKeys );
 		}
 
+		// Remove type=api preferences. They are not intended for rendering in the form.
+		foreach ( $formDescriptor as $name => $info ) {
+			if ( isset( $info['type'] ) && $info['type'] === 'api' ) {
+				unset( $formDescriptor[$name] );
+			}
+		}
+
 		/**
 		 * @var $htmlForm PreferencesForm
 		 */
diff -Nru mediawiki-1.19.3/includes/WebRequest.php mediawiki-1.19.4/includes/WebRequest.php
--- mediawiki-1.19.3/includes/WebRequest.php	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/includes/WebRequest.php	2013-03-04 18:11:51.000000000 +0000
@@ -1258,6 +1258,10 @@
 		return $this->wasPosted;
 	}
 
+	public function getCookie( $key, $prefix = null, $default = null ) {
+		return $default;
+	}
+
 	public function checkSessionCookie() {
 		return false;
 	}
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAce.php mediawiki-1.19.4/languages/messages/MessagesAce.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAf.php mediawiki-1.19.4/languages/messages/MessagesAf.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAm.php mediawiki-1.19.4/languages/messages/MessagesAm.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesArc.php mediawiki-1.19.4/languages/messages/MessagesArc.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAr.php mediawiki-1.19.4/languages/messages/MessagesAr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAs.php mediawiki-1.19.4/languages/messages/MessagesAs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAst.php mediawiki-1.19.4/languages/messages/MessagesAst.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesAz.php mediawiki-1.19.4/languages/messages/MessagesAz.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBa.php mediawiki-1.19.4/languages/messages/MessagesBa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBar.php mediawiki-1.19.4/languages/messages/MessagesBar.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBcl.php mediawiki-1.19.4/languages/messages/MessagesBcl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBe_tarask.php mediawiki-1.19.4/languages/messages/MessagesBe_tarask.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBg.php mediawiki-1.19.4/languages/messages/MessagesBg.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBh.php mediawiki-1.19.4/languages/messages/MessagesBh.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBn.php mediawiki-1.19.4/languages/messages/MessagesBn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBr.php mediawiki-1.19.4/languages/messages/MessagesBr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesBs.php mediawiki-1.19.4/languages/messages/MessagesBs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesCa.php mediawiki-1.19.4/languages/messages/MessagesCa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesCkb.php mediawiki-1.19.4/languages/messages/MessagesCkb.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesCs.php mediawiki-1.19.4/languages/messages/MessagesCs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesCv.php mediawiki-1.19.4/languages/messages/MessagesCv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesCy.php mediawiki-1.19.4/languages/messages/MessagesCy.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesDa.php mediawiki-1.19.4/languages/messages/MessagesDa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesDe.php mediawiki-1.19.4/languages/messages/MessagesDe.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesDiq.php mediawiki-1.19.4/languages/messages/MessagesDiq.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesDsb.php mediawiki-1.19.4/languages/messages/MessagesDsb.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesDv.php mediawiki-1.19.4/languages/messages/MessagesDv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEl.php mediawiki-1.19.4/languages/messages/MessagesEl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEn.php mediawiki-1.19.4/languages/messages/MessagesEn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEo.php mediawiki-1.19.4/languages/messages/MessagesEo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEs.php mediawiki-1.19.4/languages/messages/MessagesEs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEt.php mediawiki-1.19.4/languages/messages/MessagesEt.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesEu.php mediawiki-1.19.4/languages/messages/MessagesEu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFa.php mediawiki-1.19.4/languages/messages/MessagesFa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFi.php mediawiki-1.19.4/languages/messages/MessagesFi.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFo.php mediawiki-1.19.4/languages/messages/MessagesFo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFr.php mediawiki-1.19.4/languages/messages/MessagesFr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFrp.php mediawiki-1.19.4/languages/messages/MessagesFrp.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesFrr.php mediawiki-1.19.4/languages/messages/MessagesFrr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesGa.php mediawiki-1.19.4/languages/messages/MessagesGa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesGd.php mediawiki-1.19.4/languages/messages/MessagesGd.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesGl.php mediawiki-1.19.4/languages/messages/MessagesGl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesGsw.php mediawiki-1.19.4/languages/messages/MessagesGsw.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesGu.php mediawiki-1.19.4/languages/messages/MessagesGu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHe.php mediawiki-1.19.4/languages/messages/MessagesHe.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHif_latn.php mediawiki-1.19.4/languages/messages/MessagesHif_latn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHi.php mediawiki-1.19.4/languages/messages/MessagesHi.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHr.php mediawiki-1.19.4/languages/messages/MessagesHr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHsb.php mediawiki-1.19.4/languages/messages/MessagesHsb.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHu.php mediawiki-1.19.4/languages/messages/MessagesHu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesHy.php mediawiki-1.19.4/languages/messages/MessagesHy.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesId.php mediawiki-1.19.4/languages/messages/MessagesId.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesIg.php mediawiki-1.19.4/languages/messages/MessagesIg.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesIlo.php mediawiki-1.19.4/languages/messages/MessagesIlo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesInh.php mediawiki-1.19.4/languages/messages/MessagesInh.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesIs.php mediawiki-1.19.4/languages/messages/MessagesIs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesIt.php mediawiki-1.19.4/languages/messages/MessagesIt.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesJa.php mediawiki-1.19.4/languages/messages/MessagesJa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesJv.php mediawiki-1.19.4/languages/messages/MessagesJv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKa.php mediawiki-1.19.4/languages/messages/MessagesKa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKhw.php mediawiki-1.19.4/languages/messages/MessagesKhw.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKiu.php mediawiki-1.19.4/languages/messages/MessagesKiu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKm.php mediawiki-1.19.4/languages/messages/MessagesKm.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKn.php mediawiki-1.19.4/languages/messages/MessagesKn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKo.php mediawiki-1.19.4/languages/messages/MessagesKo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKsh.php mediawiki-1.19.4/languages/messages/MessagesKsh.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKu_latn.php mediawiki-1.19.4/languages/messages/MessagesKu_latn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKw.php mediawiki-1.19.4/languages/messages/MessagesKw.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesKy.php mediawiki-1.19.4/languages/messages/MessagesKy.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLad.php mediawiki-1.19.4/languages/messages/MessagesLad.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLa.php mediawiki-1.19.4/languages/messages/MessagesLa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLb.php mediawiki-1.19.4/languages/messages/MessagesLb.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLez.php mediawiki-1.19.4/languages/messages/MessagesLez.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLiv.php mediawiki-1.19.4/languages/messages/MessagesLiv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLn.php mediawiki-1.19.4/languages/messages/MessagesLn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLt.php mediawiki-1.19.4/languages/messages/MessagesLt.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesLv.php mediawiki-1.19.4/languages/messages/MessagesLv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMap_bms.php mediawiki-1.19.4/languages/messages/MessagesMap_bms.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMg.php mediawiki-1.19.4/languages/messages/MessagesMg.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMin.php mediawiki-1.19.4/languages/messages/MessagesMin.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMk.php mediawiki-1.19.4/languages/messages/MessagesMk.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMl.php mediawiki-1.19.4/languages/messages/MessagesMl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMn.php mediawiki-1.19.4/languages/messages/MessagesMn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMs.php mediawiki-1.19.4/languages/messages/MessagesMs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMt.php mediawiki-1.19.4/languages/messages/MessagesMt.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMyv.php mediawiki-1.19.4/languages/messages/MessagesMyv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesMzn.php mediawiki-1.19.4/languages/messages/MessagesMzn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesNb.php mediawiki-1.19.4/languages/messages/MessagesNb.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesNds_nl.php mediawiki-1.19.4/languages/messages/MessagesNds_nl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesNl.php mediawiki-1.19.4/languages/messages/MessagesNl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesNn.php mediawiki-1.19.4/languages/messages/MessagesNn.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesOc.php mediawiki-1.19.4/languages/messages/MessagesOc.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesOr.php mediawiki-1.19.4/languages/messages/MessagesOr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesOs.php mediawiki-1.19.4/languages/messages/MessagesOs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPam.php mediawiki-1.19.4/languages/messages/MessagesPam.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPa.php mediawiki-1.19.4/languages/messages/MessagesPa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPcd.php mediawiki-1.19.4/languages/messages/MessagesPcd.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPfl.php mediawiki-1.19.4/languages/messages/MessagesPfl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPl.php mediawiki-1.19.4/languages/messages/MessagesPl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPms.php mediawiki-1.19.4/languages/messages/MessagesPms.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPs.php mediawiki-1.19.4/languages/messages/MessagesPs.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPt_br.php mediawiki-1.19.4/languages/messages/MessagesPt_br.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesPt.php mediawiki-1.19.4/languages/messages/MessagesPt.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesQqq.php mediawiki-1.19.4/languages/messages/MessagesQqq.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesQug.php mediawiki-1.19.4/languages/messages/MessagesQug.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesQu.php mediawiki-1.19.4/languages/messages/MessagesQu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesRm.php mediawiki-1.19.4/languages/messages/MessagesRm.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesRoa_tara.php mediawiki-1.19.4/languages/messages/MessagesRoa_tara.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesRo.php mediawiki-1.19.4/languages/messages/MessagesRo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesRue.php mediawiki-1.19.4/languages/messages/MessagesRue.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesRu.php mediawiki-1.19.4/languages/messages/MessagesRu.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSah.php mediawiki-1.19.4/languages/messages/MessagesSah.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSa.php mediawiki-1.19.4/languages/messages/MessagesSa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSh.php mediawiki-1.19.4/languages/messages/MessagesSh.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSi.php mediawiki-1.19.4/languages/messages/MessagesSi.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSk.php mediawiki-1.19.4/languages/messages/MessagesSk.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSl.php mediawiki-1.19.4/languages/messages/MessagesSl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSo.php mediawiki-1.19.4/languages/messages/MessagesSo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSq.php mediawiki-1.19.4/languages/messages/MessagesSq.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSr_ec.php mediawiki-1.19.4/languages/messages/MessagesSr_ec.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSv.php mediawiki-1.19.4/languages/messages/MessagesSv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesSw.php mediawiki-1.19.4/languages/messages/MessagesSw.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTa.php mediawiki-1.19.4/languages/messages/MessagesTa.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTe.php mediawiki-1.19.4/languages/messages/MessagesTe.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTh.php mediawiki-1.19.4/languages/messages/MessagesTh.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTl.php mediawiki-1.19.4/languages/messages/MessagesTl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTr.php mediawiki-1.19.4/languages/messages/MessagesTr.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTt_cyrl.php mediawiki-1.19.4/languages/messages/MessagesTt_cyrl.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesTyv.php mediawiki-1.19.4/languages/messages/MessagesTyv.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesUg_arab.php mediawiki-1.19.4/languages/messages/MessagesUg_arab.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesUk.php mediawiki-1.19.4/languages/messages/MessagesUk.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesUz.php mediawiki-1.19.4/languages/messages/MessagesUz.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesVec.php mediawiki-1.19.4/languages/messages/MessagesVec.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesVep.php mediawiki-1.19.4/languages/messages/MessagesVep.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesVi.php mediawiki-1.19.4/languages/messages/MessagesVi.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesVro.php mediawiki-1.19.4/languages/messages/MessagesVro.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesWar.php mediawiki-1.19.4/languages/messages/MessagesWar.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesYi.php mediawiki-1.19.4/languages/messages/MessagesYi.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesYo.php mediawiki-1.19.4/languages/messages/MessagesYo.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesYue.php mediawiki-1.19.4/languages/messages/MessagesYue.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesZh_hans.php mediawiki-1.19.4/languages/messages/MessagesZh_hans.php
diff -Nru mediawiki-1.19.3/languages/messages/MessagesZh_hant.php mediawiki-1.19.4/languages/messages/MessagesZh_hant.php
diff -Nru mediawiki-1.19.3/RELEASE-NOTES-1.19 mediawiki-1.19.4/RELEASE-NOTES-1.19
--- mediawiki-1.19.3/RELEASE-NOTES-1.19	2012-11-29 18:36:12.000000000 +0000
+++ mediawiki-1.19.4/RELEASE-NOTES-1.19	2013-03-04 18:11:51.000000000 +0000
@@ -3,6 +3,19 @@
 Security reminder: MediaWiki does not require PHP's register_globals
 setting since version 1.2.0. If you have it on, turn it '''off''' if you can.
 
+== MediaWiki 1.19.4 ==
+
+This is a maintenance release of the MediaWiki 1.19 branch
+
+=== Changes since 1.19.3 ===
+* New preference type - 'api'. Preferences of this type are not shown on
+  Special:Preferences, but are still available via the action=options API.
+* (bug 44010) Context is passed to UserGetLanguageObject.
+* The recursion guard on RequestContext::getLanguage() was weakened.
+* (bug 44135/42441) Pass '2' instead of 'true' to CURLOPT_SSL_VERIFYHOST
+* (bug 43518) API action=unblock should return the user name, not the full
+  user object
+
 == MediaWiki 1.19.3 ==
 
 This is a security release of the MediaWiki 1.19 branch
diff -Nru mediawiki-1.19.3/tests/phpunit/suite.xml mediawiki-1.19.4/tests/phpunit/suite.xml
--- mediawiki-1.19.3/tests/phpunit/suite.xml	2012-11-29 18:36:13.000000000 +0000
+++ mediawiki-1.19.4/tests/phpunit/suite.xml	2013-03-04 18:11:51.000000000 +0000
@@ -8,8 +8,8 @@
          convertNoticesToExceptions="true"
          convertWarningsToExceptions="true"
          stopOnFailure="false"
-		 timeoutForSmallTests="2"
-		 timeoutForMediumTests="10"
+		 timeoutForSmallTests="10"
+		 timeoutForMediumTests="30"
 		 timeoutForLargeTests="60"
          strict="true"
 		 verbose="true">

--- End Message ---
--- Begin Message --- 
On 04.03.2013 23:58, Jonathan Wiltshire wrote:

Please unblock package mediawiki
This is a high urgency security fix, in a maintenance release. Upstrema has bundled a few other changes in too, but I think they are all justified: 

Unblocked; thanks.

Regards,

Adam

--- End Message ---
Reply to: