Re: Possible bug in mediawiki package (1.27.7-1~deb9u4)
Hi Jean-Louis,
Note that the mediawiki package is handled by the LTS team. It is not
incorrect to discuss issues like this on debian-user, but a better place
is the debian-lts list. Many LTS users and all of the LTS maintainers
monitor that list.
As to your specific issue ...
On Mon, Sep 28, 2020 at 11:55:04AM +0200, MAS Jean-Louis wrote:
> Hi,
>
> mediawiki package has been updated recently for security update in
> stretch : old-sec: 1:1.27.7-1~deb9u4
>
> But all our mediawiki servers failed with a blank page
>
> we have this error
>
> Exception encountered, of type "ParseError"
> [fdd9f60bf17425482b88d0fa] / ParseError from line 1813 of
> /usr/share/mediawiki/includes/user/User.php: syntax error, unexpected
> 'else' (T_ELSE)
>
I am the one who prepared the 1:1.27.7-1~deb9u4 update. Shortly after
publishing it the maintainer contacted me to inform me that I had
introduced this bug into the package as a result of a defective patch.
>
> Doing a rough mitigation by commenting one of the 'else' function in
> line 1813 of /usr/share/mediawiki/includes/user/User.php revert our
> wikis to a normal state.
>
That is the correct mitigation for the regression.
> Is there a way to see which part of code has been modified in this
> particular security fix, in order to understand if there is a bug or
> it's just a local misconfiguration ?
>
This is definitely a newly introduced defect. I am in the process of
preparing an update to correct this. It should be available later on
today (US/Eastern time).
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: