[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861628: marked as done (unblock: mediawiki/1:1.27.3-1)



Your message dated Tue, 02 May 2017 05:43:00 +0000
with message-id <c312fd8a-4423-d6f1-5d40-44ce80b480b7@thykier.net>
and subject line Re: Bug#861628: unblock: mediawiki/1:1.27.3-1
has caused the Debian Bug report #861628,
regarding unblock: mediawiki/1:1.27.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861628: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861628
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mediawiki

1.27.3 is a security release of MediaWiki that fixes
CVE-2017-0372. It was supposed to be included in the
last release but wasn't included by upstream.

unblock mediawiki/1:1.27.3-1

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.10.11-200.fc25.x86_64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru mediawiki-1.27.2/composer.json mediawiki-1.27.3/composer.json
--- mediawiki-1.27.2/composer.json	2017-04-06 11:54:24.000000000 -0700
+++ mediawiki-1.27.3/composer.json	2017-04-30 12:13:55.000000000 -0700
@@ -51,6 +51,7 @@
 		"nikic/php-parser": "1.4.1",
 		"nmred/kafka-php": "0.1.5",
 		"phpunit/phpunit": "4.8.24",
+		"wikimedia/testing-access-wrapper": "~1.0",
 		"wikimedia/avro": "1.7.7"
 	},
 	"suggest": {
diff -Nru mediawiki-1.27.2/debian/changelog mediawiki-1.27.3/debian/changelog
--- mediawiki-1.27.2/debian/changelog	2017-04-06 14:04:24.000000000 -0700
+++ mediawiki-1.27.3/debian/changelog	2017-05-01 13:20:11.000000000 -0700
@@ -1,10 +1,17 @@
+mediawiki (1:1.27.3-1) unstable; urgency=medium
+
+  * Imported Upstream version 1.27.3 (security release), that
+    actually contains the fix for CVE-2017-0372 (Closes: #861585)
+
+ -- Kunal Mehta <legoktm@member.fsf.org>  Mon, 01 May 2017 13:20:11 -0700
+
 mediawiki (1:1.27.2-1) unstable; urgency=medium
 
   * Improve NEWS file (Closes: #852862, #854352)
   * Imported Upstream version 1.27.2 (security release), fixing
     CVE-2017-0363, CVE-2017-0364, CVE-2017-0365, CVE-2017-0361,
     CVE-2017-0362, CVE-2017-0368, CVE-2017-0366, CVE-2017-0370,
-    CVE-2017-0369, CVE-2017-0367, CVE-2017-0372
+    CVE-2017-0369, CVE-2017-0367
 
  -- Kunal Mehta <legoktm@member.fsf.org>  Thu, 06 Apr 2017 14:04:24 -0700
 
diff -Nru mediawiki-1.27.2/docs/hooks.txt mediawiki-1.27.3/docs/hooks.txt
--- mediawiki-1.27.2/docs/hooks.txt	2017-04-06 11:54:24.000000000 -0700
+++ mediawiki-1.27.3/docs/hooks.txt	2017-04-30 12:13:55.000000000 -0700
@@ -212,9 +212,13 @@
 		# ...
 		function protect() {
 			global $wgUser;
-			if ( Hooks::run( 'ArticleProtect', array( &$this, &$wgUser ) ) ) {
+
+			// Avoid PHP 7.1 warning from passing $this by reference
+			$article = $this;
+
+			if ( Hooks::run( 'ArticleProtect', [ &$article, &$wgUser ] ) ) {
 				# protect the article
-				Hooks::run( 'ArticleProtectComplete', array( &$this, &$wgUser ) );
+				Hooks::run( 'ArticleProtectComplete', [ &$article, &$wgUser ] );
 			}
 		}
 	}
diff -Nru mediawiki-1.27.2/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php mediawiki-1.27.3/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php
--- mediawiki-1.27.2/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php	2017-04-06 11:55:03.000000000 -0700
+++ mediawiki-1.27.3/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.class.php	2017-04-30 12:14:30.000000000 -0700
@@ -263,8 +263,8 @@
 		}
 
 		// Starting line number
-		if ( isset( $args['start'] ) ) {
-			$options['linenostart'] = $args['start'];
+		if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) {
+			$options['linenostart'] = (int)$args['start'];
 		}
 
 		if ( $inline ) {
diff -Nru mediawiki-1.27.2/includes/DefaultSettings.php mediawiki-1.27.3/includes/DefaultSettings.php
--- mediawiki-1.27.2/includes/DefaultSettings.php	2017-04-06 11:54:29.000000000 -0700
+++ mediawiki-1.27.3/includes/DefaultSettings.php	2017-04-30 12:13:55.000000000 -0700
@@ -75,7 +75,7 @@
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.27.2';
+$wgVersion = '1.27.3';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php
diff -Nru mediawiki-1.27.2/includes/MagicWord.php mediawiki-1.27.3/includes/MagicWord.php
--- mediawiki-1.27.2/includes/MagicWord.php	2017-04-06 11:54:24.000000000 -0700
+++ mediawiki-1.27.3/includes/MagicWord.php	2017-04-30 12:13:55.000000000 -0700
@@ -525,7 +525,7 @@
 		$this->mFound = false;
 		$text = preg_replace_callback(
 			$this->getRegex(),
-			[ &$this, 'pregRemoveAndRecord' ],
+			[ $this, 'pregRemoveAndRecord' ],
 			$text
 		);
 
@@ -540,7 +540,7 @@
 		$this->mFound = false;
 		$text = preg_replace_callback(
 			$this->getRegexStart(),
-			[ &$this, 'pregRemoveAndRecord' ],
+			[ $this, 'pregRemoveAndRecord' ],
 			$text
 		);
 
diff -Nru mediawiki-1.27.2/includes/Title.php mediawiki-1.27.3/includes/Title.php
--- mediawiki-1.27.2/includes/Title.php	2017-04-06 11:54:29.000000000 -0700
+++ mediawiki-1.27.3/includes/Title.php	2017-04-30 12:13:55.000000000 -0700
@@ -2311,7 +2311,7 @@
 				// Undeleting where nothing currently exists implies creating
 				$errors[] = [ 'undelete-cantcreate' ];
 			}
- 		}
+		}
 		return $errors;
 	}
 
diff -Nru mediawiki-1.27.2/includes/api/ApiMain.php mediawiki-1.27.3/includes/api/ApiMain.php
--- mediawiki-1.27.2/includes/api/ApiMain.php	2017-04-06 11:54:28.000000000 -0700
+++ mediawiki-1.27.3/includes/api/ApiMain.php	2017-04-30 12:13:55.000000000 -0700
@@ -1479,7 +1479,7 @@
 		$this->mParamsUsed += array_fill_keys( (array)$params, true );
 	}
 
- 	/**
+	/**
 	 * Get the request parameters that should be considered sensitive
 	 * @since 1.28
 	 * @return array
diff -Nru mediawiki-1.27.2/includes/changes/ChangesList.php mediawiki-1.27.3/includes/changes/ChangesList.php
--- mediawiki-1.27.2/includes/changes/ChangesList.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/changes/ChangesList.php	2017-04-30 12:13:55.000000000 -0700
@@ -431,8 +431,10 @@
 
 		# TODO: Deprecate the $s argument, it seems happily unused.
 		$s = '';
+		# Avoid PHP 7.1 warning from passing $this by reference
+		$changesList = $this;
 		Hooks::run( 'ChangesListInsertArticleLink',
-			[ &$this, &$articlelink, &$s, &$rc, $unpatrolled, $watched ] );
+			[ &$changesList, &$articlelink, &$s, &$rc, $unpatrolled, $watched ] );
 
 		return "{$s} {$articlelink}";
 	}
diff -Nru mediawiki-1.27.2/includes/changes/OldChangesList.php mediawiki-1.27.3/includes/changes/OldChangesList.php
--- mediawiki-1.27.2/includes/changes/OldChangesList.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/changes/OldChangesList.php	2017-04-30 12:13:55.000000000 -0700
@@ -50,7 +50,9 @@
 				$rc->mAttribs['rc_namespace'] . '-' . $rc->mAttribs['rc_title'] );
 		}
 
-		if ( !Hooks::run( 'OldChangesListRecentChangesLine', [ &$this, &$html, $rc, &$classes ] ) ) {
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$list = $this;
+		if ( !Hooks::run( 'OldChangesListRecentChangesLine', [ &$list, &$html, $rc, &$classes ] ) ) {
 			return false;
 		}
 
diff -Nru mediawiki-1.27.2/includes/changes/RecentChange.php mediawiki-1.27.3/includes/changes/RecentChange.php
--- mediawiki-1.27.2/includes/changes/RecentChange.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/changes/RecentChange.php	2017-04-30 12:13:55.000000000 -0700
@@ -312,7 +312,9 @@
 		$this->mAttribs['rc_id'] = $dbw->insertId();
 
 		# Notify extensions
-		Hooks::run( 'RecentChange_save', [ &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$rc = $this;
+		Hooks::run( 'RecentChange_save', [ &$rc ] );
 
 		# Notify external application via UDP
 		if ( !$noudp ) {
diff -Nru mediawiki-1.27.2/includes/db/Database.php mediawiki-1.27.3/includes/db/Database.php
--- mediawiki-1.27.2/includes/db/Database.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/db/Database.php	2017-04-30 12:13:55.000000000 -0700
@@ -2278,7 +2278,7 @@
 		list( $startOpts, $useIndex, $tailOpts ) = $this->makeSelectOptions( $selectOptions );
 
 		if ( is_array( $srcTable ) ) {
-			$srcTable = implode( ',', array_map( [ &$this, 'tableName' ], $srcTable ) );
+			$srcTable = implode( ',', array_map( [ $this, 'tableName' ], $srcTable ) );
 		} else {
 			$srcTable = $this->tableName( $srcTable );
 		}
diff -Nru mediawiki-1.27.2/includes/db/DatabaseOracle.php mediawiki-1.27.3/includes/db/DatabaseOracle.php
--- mediawiki-1.27.2/includes/db/DatabaseOracle.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/db/DatabaseOracle.php	2017-04-30 12:13:55.000000000 -0700
@@ -729,7 +729,7 @@
 		}
 		list( $startOpts, $useIndex, $tailOpts ) = $this->makeSelectOptions( $selectOptions );
 		if ( is_array( $srcTable ) ) {
-			$srcTable = implode( ',', array_map( [ &$this, 'tableName' ], $srcTable ) );
+			$srcTable = implode( ',', array_map( [ $this, 'tableName' ], $srcTable ) );
 		} else {
 			$srcTable = $this->tableName( $srcTable );
 		}
@@ -1059,7 +1059,7 @@
 	private function fieldInfoMulti( $table, $field ) {
 		$field = strtoupper( $field );
 		if ( is_array( $table ) ) {
-			$table = array_map( [ &$this, 'tableNameInternal' ], $table );
+			$table = array_map( [ $this, 'tableNameInternal' ], $table );
 			$tableWhere = 'IN (';
 			foreach ( $table as &$singleTable ) {
 				$singleTable = $this->removeIdentifierQuotes( $singleTable );
diff -Nru mediawiki-1.27.2/includes/db/DatabasePostgres.php mediawiki-1.27.3/includes/db/DatabasePostgres.php
--- mediawiki-1.27.2/includes/db/DatabasePostgres.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/db/DatabasePostgres.php	2017-04-30 12:13:55.000000000 -0700
@@ -929,7 +929,7 @@
 		}
 		list( $startOpts, $useIndex, $tailOpts ) = $this->makeSelectOptions( $selectOptions );
 		if ( is_array( $srcTable ) ) {
-			$srcTable = implode( ',', array_map( [ &$this, 'tableName' ], $srcTable ) );
+			$srcTable = implode( ',', array_map( [ $this, 'tableName' ], $srcTable ) );
 		} else {
 			$srcTable = $this->tableName( $srcTable );
 		}
@@ -1498,7 +1498,7 @@
 
 		if ( isset( $options['FOR UPDATE'] ) ) {
 			$postLimitTail .= ' FOR UPDATE OF ' .
-				implode( ', ', array_map( [ &$this, 'tableName' ], $options['FOR UPDATE'] ) );
+				implode( ', ', array_map( [ $this, 'tableName' ], $options['FOR UPDATE'] ) );
 		} elseif ( isset( $noKeyOptions['FOR UPDATE'] ) ) {
 			$postLimitTail .= ' FOR UPDATE';
 		}
diff -Nru mediawiki-1.27.2/includes/deferred/LinksUpdate.php mediawiki-1.27.3/includes/deferred/LinksUpdate.php
--- mediawiki-1.27.2/includes/deferred/LinksUpdate.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/deferred/LinksUpdate.php	2017-04-30 12:13:55.000000000 -0700
@@ -136,18 +136,24 @@
 
 		$this->mRecursive = $recursive;
 
-		Hooks::run( 'LinksUpdateConstructed', [ &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$linksUpdate = $this;
+		Hooks::run( 'LinksUpdateConstructed', [ &$linksUpdate ] );
 	}
 
 	/**
 	 * Update link tables with outgoing links from an updated article
 	 */
 	public function doUpdate() {
-		Hooks::run( 'LinksUpdate', [ &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$linksUpdate = $this;
+		Hooks::run( 'LinksUpdate', [ &$linksUpdate ] );
 		$this->doIncrementalUpdate();
 
 		$this->mDb->onTransactionIdle( function() {
-			Hooks::run( 'LinksUpdateComplete', [ &$this ] );
+			// Avoid PHP 7.1 warning from passing $this by reference
+			$linksUpdate = $this;
+			Hooks::run( 'LinksUpdateComplete', [ &$linksUpdate ] );
 		} );
 	}
 
diff -Nru mediawiki-1.27.2/includes/diff/DifferenceEngine.php mediawiki-1.27.3/includes/diff/DifferenceEngine.php
--- mediawiki-1.27.2/includes/diff/DifferenceEngine.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/diff/DifferenceEngine.php	2017-04-30 12:13:55.000000000 -0700
@@ -747,8 +747,11 @@
 
 		$difftext = $this->generateContentDiffBody( $this->mOldContent, $this->mNewContent );
 
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$diffEngine = $this;
+
 		// Save to cache for 7 days
-		if ( !Hooks::run( 'AbortDiffCache', [ &$this ] ) ) {
+		if ( !Hooks::run( 'AbortDiffCache', [ &$diffEngine ] ) ) {
 			wfIncrStats( 'diff_cache.uncacheable' );
 		} elseif ( $key !== false && $difftext !== false ) {
 			wfIncrStats( 'diff_cache.miss' );
@@ -978,7 +981,7 @@
 	public function localiseLineNumbers( $text ) {
 		return preg_replace_callback(
 			'/<!--LINE (\d+)-->/',
-			[ &$this, 'localiseLineNumbersCb' ],
+			[ $this, 'localiseLineNumbersCb' ],
 			$text
 		);
 	}
diff -Nru mediawiki-1.27.2/includes/export/XmlDumpWriter.php mediawiki-1.27.3/includes/export/XmlDumpWriter.php
--- mediawiki-1.27.2/includes/export/XmlDumpWriter.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/export/XmlDumpWriter.php	2017-04-30 12:13:55.000000000 -0700
@@ -269,7 +269,9 @@
 			$out .= "      <sha1/>\n";
 		}
 
-		Hooks::run( 'XmlDumpWriterWriteRevision', [ &$this, &$out, $row, $text ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$writer = $this;
+		Hooks::run( 'XmlDumpWriterWriteRevision', [ &$writer, &$out, $row, $text ] );
 
 		$out .= "    </revision>\n";
 
diff -Nru mediawiki-1.27.2/includes/filerepo/file/LocalFile.php mediawiki-1.27.3/includes/filerepo/file/LocalFile.php
--- mediawiki-1.27.2/includes/filerepo/file/LocalFile.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/filerepo/file/LocalFile.php	2017-04-30 12:13:55.000000000 -0700
@@ -1024,7 +1024,9 @@
 		$opts['ORDER BY'] = "oi_timestamp $order";
 		$opts['USE INDEX'] = [ 'oldimage' => 'oi_name_timestamp' ];
 
-		Hooks::run( 'LocalFile::getHistory', [ &$this, &$tables, &$fields,
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$localFile = $this;
+		Hooks::run( 'LocalFile::getHistory', [ &$localFile, &$tables, &$fields,
 			&$conds, &$opts, &$join_conds ] );
 
 		$res = $dbr->select( $tables, $fields, $conds, __METHOD__, $opts, $join_conds );
diff -Nru mediawiki-1.27.2/includes/interwiki/Interwiki.php mediawiki-1.27.3/includes/interwiki/Interwiki.php
--- mediawiki-1.27.2/includes/interwiki/Interwiki.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/interwiki/Interwiki.php	2017-04-30 12:13:55.000000000 -0700
@@ -130,7 +130,7 @@
 	 */
 	public static function invalidateCache( $prefix ) {
 		$cache = ObjectCache::getMainWANInstance();
-		$key = wfMemcKey( 'interwiki', $prefix );
+		$key = $cache->makeKey( 'interwiki', $prefix );
 		$cache->delete( $key );
 		unset( static::$smCache[$prefix] );
 	}
@@ -236,8 +236,9 @@
 			}
 		}
 
-		$iwData = ObjectCache::getMainWANInstance()->getWithSetCallback(
-			wfMemcKey( 'interwiki', $prefix ),
+		$cache = ObjectCache::getMainWANInstance();
+		$iwData = $cache->getWithSetCallback(
+			$cache->makeKey( 'interwiki', $prefix ),
 			$wgInterwikiExpiry,
 			function ( $oldValue, &$ttl, array &$setOpts ) use ( $prefix ) {
 				$dbr = wfGetDB( DB_SLAVE );
diff -Nru mediawiki-1.27.2/includes/libs/objectcache/WinCacheBagOStuff.php mediawiki-1.27.3/includes/libs/objectcache/WinCacheBagOStuff.php
--- mediawiki-1.27.2/includes/libs/objectcache/WinCacheBagOStuff.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/libs/objectcache/WinCacheBagOStuff.php	2017-04-30 12:13:55.000000000 -0700
@@ -53,9 +53,16 @@
 
 	public function merge( $key, $callback, $exptime = 0, $attempts = 10, $flags = 0 ) {
 		if ( !is_callable( $callback ) ) {
-			throw new Exception( "Got invalid callback." );
+			throw new InvalidArgumentException( "Got invalid callback." );
 		}
 
-		return $this->mergeViaCas( $key, $callback, $exptime, $attempts );
+		if ( wincache_lock( $key ) ) { // optimize with FIFO lock
+			$ok = $this->mergeViaLock( $key, $callback, $exptime, $attempts, $flags );
+			wincache_unlock( $key );
+		} else {
+			$ok = false;
+		}
+
+		return $ok;
 	}
 }
diff -Nru mediawiki-1.27.2/includes/libs/replacers/Replacer.php mediawiki-1.27.3/includes/libs/replacers/Replacer.php
--- mediawiki-1.27.2/includes/libs/replacers/Replacer.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/libs/replacers/Replacer.php	2017-04-30 12:13:51.000000000 -0700
@@ -27,7 +27,7 @@
 	 * @return array
 	 */
 	public function cb() {
-		return [ &$this, 'replace' ];
+		return [ $this, 'replace' ];
 	}
 
 	/**
diff -Nru mediawiki-1.27.2/includes/page/ImagePage.php mediawiki-1.27.3/includes/page/ImagePage.php
--- mediawiki-1.27.2/includes/page/ImagePage.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/page/ImagePage.php	2017-04-30 12:13:55.000000000 -0700
@@ -347,7 +347,10 @@
 			$filename = wfEscapeWikiText( $this->displayImg->getName() );
 			$linktext = $filename;
 
-			Hooks::run( 'ImageOpenShowImageInlineBefore', [ &$this, &$out ] );
+			// Avoid PHP 7.1 warning from passing $this by reference
+			$imagePage = $this;
+
+			Hooks::run( 'ImageOpenShowImageInlineBefore', [ &$imagePage, &$out ] );
 
 			if ( $this->displayImg->allowInlineDisplay() ) {
 				# image
diff -Nru mediawiki-1.27.2/includes/page/WikiPage.php mediawiki-1.27.3/includes/page/WikiPage.php
--- mediawiki-1.27.2/includes/page/WikiPage.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/page/WikiPage.php	2017-04-30 12:13:55.000000000 -0700
@@ -305,7 +305,7 @@
 
 		$row = $dbr->selectRow( 'page', $fields, $conditions, __METHOD__, $options );
 
-		Hooks::run( 'ArticlePageDataAfter', [ &$this, &$row ] );
+		Hooks::run( 'ArticlePageDataAfter', [ &$wikiPage, &$row ] );
 
 		return $row;
 	}
diff -Nru mediawiki-1.27.2/includes/parser/DateFormatter.php mediawiki-1.27.3/includes/parser/DateFormatter.php
--- mediawiki-1.27.2/includes/parser/DateFormatter.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/parser/DateFormatter.php	2017-04-30 12:13:55.000000000 -0700
@@ -191,7 +191,7 @@
 
 			// Another horrible hack
 			$this->mLinked = $linked;
-			$text = preg_replace_callback( $regex, [ &$this, 'replace' ], $text );
+			$text = preg_replace_callback( $regex, [ $this, 'replace' ], $text );
 			unset( $this->mLinked );
 		}
 		return $text;
diff -Nru mediawiki-1.27.2/includes/parser/LinkHolderArray.php mediawiki-1.27.3/includes/parser/LinkHolderArray.php
--- mediawiki-1.27.2/includes/parser/LinkHolderArray.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/parser/LinkHolderArray.php	2017-04-30 12:13:55.000000000 -0700
@@ -641,7 +641,7 @@
 
 		$text = preg_replace_callback(
 			'/<!--(LINK|IWLINK) (.*?)-->/',
-			[ &$this, 'replaceTextCallback' ],
+			[ $this, 'replaceTextCallback' ],
 			$text );
 
 		return $text;
diff -Nru mediawiki-1.27.2/includes/parser/Parser.php mediawiki-1.27.3/includes/parser/Parser.php
--- mediawiki-1.27.2/includes/parser/Parser.php	2017-04-06 11:54:29.000000000 -0700
+++ mediawiki-1.27.3/includes/parser/Parser.php	2017-04-30 12:13:55.000000000 -0700
@@ -332,7 +332,9 @@
 		CoreTagHooks::register( $this );
 		$this->initialiseVariables();
 
-		Hooks::run( 'ParserFirstCallInit', [ &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'ParserFirstCallInit', [ &$parser ] );
 	}
 
 	/**
@@ -387,7 +389,9 @@
 
 		$this->mProfiler = new SectionProfiler();
 
-		Hooks::run( 'ParserClearState', [ &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'ParserClearState', [ &$parser ] );
 	}
 
 	/**
@@ -440,11 +444,13 @@
 			$this->mRevisionSize = null;
 		}
 
-		Hooks::run( 'ParserBeforeStrip', [ &$this, &$text, &$this->mStripState ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'ParserBeforeStrip', [ &$parser, &$text, &$this->mStripState ] );
 		# No more strip!
-		Hooks::run( 'ParserAfterStrip', [ &$this, &$text, &$this->mStripState ] );
+		Hooks::run( 'ParserAfterStrip', [ &$parser, &$text, &$this->mStripState ] );
 		$text = $this->internalParse( $text );
-		Hooks::run( 'ParserAfterParse', [ &$this, &$text, &$this->mStripState ] );
+		Hooks::run( 'ParserAfterParse', [ &$parser, &$text, &$this->mStripState ] );
 
 		$text = $this->internalParseHalfParsed( $text, true, $linestart );
 
@@ -602,8 +608,10 @@
 	 * @return string UNSAFE half-parsed HTML
 	 */
 	public function recursiveTagParse( $text, $frame = false ) {
-		Hooks::run( 'ParserBeforeStrip', [ &$this, &$text, &$this->mStripState ] );
-		Hooks::run( 'ParserAfterStrip', [ &$this, &$text, &$this->mStripState ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'ParserBeforeStrip', [ &$parser, &$text, &$this->mStripState ] );
+		Hooks::run( 'ParserAfterStrip', [ &$parser, &$text, &$this->mStripState ] );
 		$text = $this->internalParse( $text, false, $frame );
 		return $text;
 	}
@@ -650,8 +658,10 @@
 		if ( $revid !== null ) {
 			$this->mRevisionId = $revid;
 		}
-		Hooks::run( 'ParserBeforeStrip', [ &$this, &$text, &$this->mStripState ] );
-		Hooks::run( 'ParserAfterStrip', [ &$this, &$text, &$this->mStripState ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'ParserBeforeStrip', [ &$parser, &$text, &$this->mStripState ] );
+		Hooks::run( 'ParserAfterStrip', [ &$parser, &$text, &$this->mStripState ] );
 		$text = $this->replaceVariables( $text, $frame );
 		$text = $this->mStripState->unstripBoth( $text );
 		return $text;
@@ -1227,8 +1237,11 @@
 
 		$origText = $text;
 
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+
 		# Hook to suspend the parser in this state
-		if ( !Hooks::run( 'ParserBeforeInternalParse', [ &$this, &$text, &$this->mStripState ] ) ) {
+		if ( !Hooks::run( 'ParserBeforeInternalParse', [ &$parser, &$text, &$this->mStripState ] ) ) {
 			return $text;
 		}
 
@@ -1248,14 +1261,14 @@
 			$text = $this->replaceVariables( $text );
 		}
 
-		Hooks::run( 'InternalParseBeforeSanitize', [ &$this, &$text, &$this->mStripState ] );
+		Hooks::run( 'InternalParseBeforeSanitize', [ &$parser, &$text, &$this->mStripState ] );
 		$text = Sanitizer::removeHTMLtags(
 			$text,
-			[ &$this, 'attributeStripCallback' ],
+			[ $this, 'attributeStripCallback' ],
 			false,
 			array_keys( $this->mTransparentTagHooks )
 		);
-		Hooks::run( 'InternalParseBeforeLinks', [ &$this, &$text, &$this->mStripState ] );
+		Hooks::run( 'InternalParseBeforeLinks', [ &$parser, &$text, &$this->mStripState ] );
 
 		# Tables need to come after variable replacement for things to work
 		# properly; putting them before other transformations should keep
@@ -1294,8 +1307,11 @@
 	private function internalParseHalfParsed( $text, $isMain = true, $linestart = true ) {
 		$text = $this->mStripState->unstripGeneral( $text );
 
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+
 		if ( $isMain ) {
-			Hooks::run( 'ParserAfterUnstrip', [ &$this, &$text ] );
+			Hooks::run( 'ParserAfterUnstrip', [ &$parser, &$text ] );
 		}
 
 		# Clean up special characters, only run once, next-to-last before doBlockLevels
@@ -1334,7 +1350,7 @@
 		$text = $this->mStripState->unstripNoWiki( $text );
 
 		if ( $isMain ) {
-			Hooks::run( 'ParserBeforeTidy', [ &$this, &$text ] );
+			Hooks::run( 'ParserBeforeTidy', [ &$parser, &$text ] );
 		}
 
 		$text = $this->replaceTransparentTags( $text );
@@ -1374,7 +1390,7 @@
 		}
 
 		if ( $isMain ) {
-			Hooks::run( 'ParserAfterTidy', [ &$this, &$text ] );
+			Hooks::run( 'ParserAfterTidy', [ &$parser, &$text ] );
 		}
 
 		return $text;
@@ -1412,7 +1428,7 @@
 					(?: [0-9]  $spdash? ){9} #  9 digits with opt. delimiters
 					[0-9Xx]                  #  check digit
 				)\b
-			)!xu", [ &$this, 'magicLinkCallback' ], $text );
+			)!xu", [ $this, 'magicLinkCallback' ], $text );
 		return $text;
 	}
 
@@ -2927,18 +2943,21 @@
 				. ' called while parsing (no title set)' );
 		}
 
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+
 		/**
 		 * Some of these require message or data lookups and can be
 		 * expensive to check many times.
 		 */
-		if ( Hooks::run( 'ParserGetVariableValueVarCache', [ &$this, &$this->mVarCache ] ) ) {
+		if ( Hooks::run( 'ParserGetVariableValueVarCache', [ &$parser, &$this->mVarCache ] ) ) {
 			if ( isset( $this->mVarCache[$index] ) ) {
 				return $this->mVarCache[$index];
 			}
 		}
 
 		$ts = wfTimestamp( TS_UNIX, $this->mOptions->getTimestamp() );
-		Hooks::run( 'ParserGetVariableValueTs', [ &$this, &$ts ] );
+		Hooks::run( 'ParserGetVariableValueTs', [ &$parser, &$ts ] );
 
 		$pageLang = $this->getFunctionLang();
 
@@ -3248,7 +3267,7 @@
 				$ret = null;
 				Hooks::run(
 					'ParserGetVariableValueSwitch',
-					[ &$this, &$this->mVarCache, &$index, &$ret, &$frame ]
+					[ &$parser, &$this->mVarCache, &$index, &$ret, &$frame ]
 				);
 
 				return $ret;
@@ -3781,7 +3800,10 @@
 			throw new MWException( "Tag hook for $function is not callable\n" );
 		}
 
-		$allArgs = [ &$this ];
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+
+		$allArgs = [ &$parser ];
 		if ( $flags & self::SFH_OBJECT_ARGS ) {
 			# Convert arguments to PPNodes and collect for appending to $allArgs
 			$funcArgs = [];
@@ -4261,7 +4283,9 @@
 					throw new MWException( "Tag hook for $name is not callable\n" );
 				}
 
-				$output = call_user_func_array( $callback, [ &$this, $frame, $content, $attributes ] );
+				// Avoid PHP 7.1 warning from passing $this by reference
+				$parser = $this;
+				$output = call_user_func_array( $callback, [ &$parser, $frame, $content, $attributes ] );
 			} else {
 				$output = '<span class="error">Invalid tag extension name: ' .
 					htmlspecialchars( $name ) . '</span>';
@@ -5363,7 +5387,9 @@
 		}
 		$ig->setAdditionalOptions( $params );
 
-		Hooks::run( 'BeforeParserrenderImageGallery', [ &$this, &$ig ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$parser = $this;
+		Hooks::run( 'BeforeParserrenderImageGallery', [ &$parser, &$ig ] );
 
 		$lines = StringUtils::explode( "\n", $text );
 		foreach ( $lines as $line ) {
diff -Nru mediawiki-1.27.2/includes/resourceloader/ResourceLoader.php mediawiki-1.27.3/includes/resourceloader/ResourceLoader.php
--- mediawiki-1.27.2/includes/resourceloader/ResourceLoader.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/resourceloader/ResourceLoader.php	2017-04-30 12:13:56.000000000 -0700
@@ -251,7 +251,10 @@
 		$this->register( include "$IP/resources/ResourcesOOUI.php" );
 		// Register extension modules
 		$this->register( $config->get( 'ResourceModules' ) );
-		Hooks::run( 'ResourceLoaderRegisterModules', [ &$this ] );
+
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$rl = $this;
+		Hooks::run( 'ResourceLoaderRegisterModules', [ &$rl ] );
 
 		if ( $config->get( 'EnableJavaScriptTest' ) === true ) {
 			$this->registerTestModules();
@@ -402,7 +405,9 @@
 		$testModules = [];
 		$testModules['qunit'] = [];
 		// Get other test suites (e.g. from extensions)
-		Hooks::run( 'ResourceLoaderTestModules', [ &$testModules, &$this ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$rl = $this;
+		Hooks::run( 'ResourceLoaderTestModules', [ &$testModules, &$rl ] );
 
 		// Add the testrunner (which configures QUnit) to the dependencies.
 		// Since it must be ready before any of the test suites are executed.
diff -Nru mediawiki-1.27.2/includes/skins/BaseTemplate.php mediawiki-1.27.3/includes/skins/BaseTemplate.php
--- mediawiki-1.27.2/includes/skins/BaseTemplate.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/skins/BaseTemplate.php	2017-04-30 12:13:56.000000000 -0700
@@ -111,7 +111,9 @@
 			$toolbox['info']['id'] = 't-info';
 		}
 
-		Hooks::run( 'BaseTemplateToolbox', [ &$this, &$toolbox ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$template = $this;
+		Hooks::run( 'BaseTemplateToolbox', [ &$template, &$toolbox ] );
 		return $toolbox;
 	}
 
@@ -226,7 +228,9 @@
 			ob_start();
 			// We pass an extra 'true' at the end so extensions using BaseTemplateToolbox
 			// can abort and avoid outputting double toolbox links
-			Hooks::run( 'SkinTemplateToolboxEnd', [ &$this, true ] );
+			// Avoid PHP 7.1 warning from passing $this by reference
+			$template = $this;
+			Hooks::run( 'SkinTemplateToolboxEnd', [ &$template, true ] );
 			$hookContents = ob_get_contents();
 			ob_end_clean();
 			if ( !trim( $hookContents ) ) {
diff -Nru mediawiki-1.27.2/includes/skins/SkinTemplate.php mediawiki-1.27.3/includes/skins/SkinTemplate.php
--- mediawiki-1.27.2/includes/skins/SkinTemplate.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/skins/SkinTemplate.php	2017-04-30 12:13:56.000000000 -0700
@@ -485,8 +485,10 @@
 		$tpl->set( 'debughtml', $this->generateDebugHTML() );
 		$tpl->set( 'reporttime', wfReportTime() );
 
+		// Avoid PHP 7.1 warning of passing $this by reference
+		$skinTemplate = $this;
 		// original version by hansm
-		if ( !Hooks::run( 'SkinTemplateOutputPageBeforeExec', [ &$this, &$tpl ] ) ) {
+		if ( !Hooks::run( 'SkinTemplateOutputPageBeforeExec', [ &$skinTemplate, &$tpl ] ) ) {
 			wfDebug( __METHOD__ . ": Hook SkinTemplateOutputPageBeforeExec broke outputPage execution!\n" );
 		}
 
@@ -747,8 +749,10 @@
 				MWNamespace::getSubject( $title->getNamespace() ) );
 		}
 
+		// Avoid PHP 7.1 warning of passing $this by reference
+		$skinTemplate = $this;
 		$result = [];
-		if ( !Hooks::run( 'SkinTemplateTabAction', [ &$this,
+		if ( !Hooks::run( 'SkinTemplateTabAction', [ &$skinTemplate,
 				$title, $message, $selected, $checkEdit,
 				&$classes, &$query, &$text, &$result ] ) ) {
 			return $result;
@@ -844,8 +848,10 @@
 
 		$userCanRead = $title->quickUserCan( 'read', $user );
 
+		// Avoid PHP 7.1 warning of passing $this by reference
+		$skinTemplate = $this;
 		$preventActiveTabs = false;
-		Hooks::run( 'SkinTemplatePreventOtherActiveTabs', [ &$this, &$preventActiveTabs ] );
+		Hooks::run( 'SkinTemplatePreventOtherActiveTabs', [ &$skinTemplate, &$preventActiveTabs ] );
 
 		// Checks if page is some kind of content
 		if ( $title->canExist() ) {
@@ -1048,7 +1054,9 @@
 				}
 			}
 
-			Hooks::run( 'SkinTemplateNavigation', [ &$this, &$content_navigation ] );
+			// Avoid PHP 7.1 warning of passing $this by reference
+			$skinTemplate = $this;
+			Hooks::run( 'SkinTemplateNavigation', [ &$skinTemplate, &$content_navigation ] );
 
 			if ( $userCanRead && !$wgDisableLangConversion ) {
 				$pageLang = $title->getPageLanguage();
@@ -1090,12 +1098,16 @@
 				'context' => 'subject'
 			];
 
+			// Avoid PHP 7.1 warning of passing $this by reference
+			$skinTemplate = $this;
 			Hooks::run( 'SkinTemplateNavigation::SpecialPage',
-				[ &$this, &$content_navigation ] );
+				[ &$skinTemplate, &$content_navigation ] );
 		}
 
+		// Avoid PHP 7.1 warning of passing $this by reference
+		$skinTemplate = $this;
 		// Equiv to SkinTemplateContentActions
-		Hooks::run( 'SkinTemplateNavigation::Universal', [ &$this, &$content_navigation ] );
+		Hooks::run( 'SkinTemplateNavigation::Universal', [ &$skinTemplate, &$content_navigation ] );
 
 		// Setup xml ids and tooltip info
 		foreach ( $content_navigation as $section => &$links ) {
@@ -1229,9 +1241,11 @@
 				];
 			}
 
+			// Avoid PHP 7.1 warning of passing $this by reference
+			$skinTemplate = $this;
 			// Use the copy of revision ID in case this undocumented, shady hook tries to mess with internals
 			Hooks::run( 'SkinTemplateBuildNavUrlsNav_urlsAfterPermalink',
-				[ &$this, &$nav_urls, &$revid, &$revid ] );
+				[ &$skinTemplate, &$nav_urls, &$revid, &$revid ] );
 		}
 
 		if ( $out->isArticleRelated() ) {
diff -Nru mediawiki-1.27.2/includes/specials/SpecialMovepage.php mediawiki-1.27.3/includes/specials/SpecialMovepage.php
--- mediawiki-1.27.2/includes/specials/SpecialMovepage.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/specials/SpecialMovepage.php	2017-04-30 12:13:56.000000000 -0700
@@ -630,7 +630,9 @@
 			$newLink )->params( $oldText, $newText )->parseAsBlock() );
 		$out->addWikiMsg( $msgName );
 
-		Hooks::run( 'SpecialMovepageAfterMove', [ &$this, &$ot, &$nt ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$movePage = $this;
+		Hooks::run( 'SpecialMovepageAfterMove', [ &$movePage, &$ot, &$nt ] );
 
 		# Now we move extra pages we've been asked to move: subpages and talk
 		# pages.  First, if the old page or the new page is a talk page, we
diff -Nru mediawiki-1.27.2/includes/specials/SpecialWantedpages.php mediawiki-1.27.3/includes/specials/SpecialWantedpages.php
--- mediawiki-1.27.2/includes/specials/SpecialWantedpages.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/specials/SpecialWantedpages.php	2017-04-30 12:13:56.000000000 -0700
@@ -84,7 +84,9 @@
 			]
 		];
 		// Replacement for the WantedPages::getSQL hook
-		Hooks::run( 'WantedPages::getQueryInfo', [ &$this, &$query ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$wantedPages = $this;
+		Hooks::run( 'WantedPages::getQueryInfo', [ &$wantedPages, &$query ] );
 
 		return $query;
 	}
diff -Nru mediawiki-1.27.2/includes/specials/pagers/ContribsPager.php mediawiki-1.27.3/includes/specials/pagers/ContribsPager.php
--- mediawiki-1.27.2/includes/specials/pagers/ContribsPager.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/specials/pagers/ContribsPager.php	2017-04-30 12:13:56.000000000 -0700
@@ -197,7 +197,9 @@
 			$this->tagFilter
 		);
 
-		Hooks::run( 'ContribsPager::getQueryInfo', [ &$this, &$queryInfo ] );
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$pager = $this;
+		Hooks::run( 'ContribsPager::getQueryInfo', [ &$pager, &$queryInfo ] );
 
 		return $queryInfo;
 	}
diff -Nru mediawiki-1.27.2/includes/specials/pagers/NewPagesPager.php mediawiki-1.27.3/includes/specials/pagers/NewPagesPager.php
--- mediawiki-1.27.2/includes/specials/pagers/NewPagesPager.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/includes/specials/pagers/NewPagesPager.php	2017-04-30 12:13:56.000000000 -0700
@@ -91,8 +91,10 @@
 		];
 		$join_conds = [ 'page' => [ 'INNER JOIN', 'page_id=rc_cur_id' ] ];
 
+		// Avoid PHP 7.1 warning from passing $this by reference
+		$pager = $this;
 		Hooks::run( 'SpecialNewpagesConditions',
-			[ &$this, $this->opts, &$conds, &$tables, &$fields, &$join_conds ] );
+			[ &$pager, $this->opts, &$conds, &$tables, &$fields, &$join_conds ] );
 
 		$options = [];
 
diff -Nru mediawiki-1.27.2/languages/Language.php mediawiki-1.27.3/languages/Language.php
--- mediawiki-1.27.2/languages/Language.php	2017-04-06 11:54:25.000000000 -0700
+++ mediawiki-1.27.3/languages/Language.php	2017-04-30 12:13:56.000000000 -0700
@@ -4414,7 +4414,7 @@
 		# such as action=raw much more expensive than they need to be.
 		# This will hopefully cover most cases.
 		$talk = preg_replace_callback( '/{{grammar:(.*?)\|(.*?)}}/i',
-			[ &$this, 'replaceGrammarInNamespace' ], $talk );
+			[ $this, 'replaceGrammarInNamespace' ], $talk );
 		return str_replace( ' ', '_', $talk );
 	}
 

--- End Message ---
--- Begin Message ---
Kunal Mehta:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package mediawiki
> 
> 1.27.3 is a security release of MediaWiki that fixes
> CVE-2017-0372. It was supposed to be included in the
> last release but wasn't included by upstream.
> 
> unblock mediawiki/1:1.27.3-1
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Reply to: