pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/www/mediawiki



Module Name:    pkgsrc
Committed By:   wen
Date:           Mon Apr  6 15:30:03 UTC 2015

Modified Files:
        pkgsrc/www/mediawiki: Makefile PLIST distinfo

Log Message:
Update to 1.24.2

Upstream changes:
MediaWiki 1.24.2
This is a security and maintenance release of the MediaWiki 1.24 branch.

Changes since 1.24.1
(bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.
(bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.
(bug T88310) SECURITY: Always expand xml entities when checking SVG's.
(bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
(bug T85855) SECURITY: Don't execute another user's CSS or JS on preview.
(bug T64685) SECURITY: Allow setting maximal password length to prevent DoS when using PBKDF2.
(bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.
Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix loading these special pages when $wgAutoloadAttemptLowercase is false.
(bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.
(bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change and running update.php to fix.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/www/mediawiki/Makefile
cvs rdiff -u -r1.22 -r1.23 pkgsrc/www/mediawiki/PLIST
cvs rdiff -u -r1.37 -r1.38 pkgsrc/www/mediawiki/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index