[mediawiki] Update to 1.22.3

mooninite mooninite at fedoraproject.org
Sat Mar 1 19:26:53 UTC 2014 

commit e5d0522feed5d84dae2d105845f683fd5c3c448d
Author: Michael Cronenworth <mike at cchtml.com>
Date:   Sat Mar 1 13:27:39 2014 -0600

    Update to 1.22.3

 .gitignore     |    1 +
 mediawiki.spec |   15 ++++++++++++++-
 sources        |    2 +-
 3 files changed, 16 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3a607df..30377bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ mediawiki-1.15.4.tar.gz
 /mediawiki-1.22.0.tar.gz
 /mediawiki-1.22.1.tar.gz
 /mediawiki-1.22.2.tar.gz
+/mediawiki-1.22.3.tar.gz
diff --git a/mediawiki.spec b/mediawiki.spec
index 6983307..ecc7f2d 100644
--- a/mediawiki.spec
+++ b/mediawiki.spec
@@ -1,6 +1,6 @@
 Summary: A wiki engine
 Name: mediawiki
-Version: 1.22.2
+Version: 1.22.3
 Release: 1%{?dist}
 License: GPLv2+
 URL: http://www.mediawiki.org/
@@ -122,6 +122,19 @@ echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances
 
 
 %changelog
+* Sat Mar 01 2014 Michael Cronenworth <mike at cchtml.com> - 1.22.3-1
+- Update to 1.22.3
+- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace.
+- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
+- (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
+- (bug 53710) Add sequence support for upsert in DatabaseOracle in the same way as in selectInsert
+- (bug 60231, bug 58719) Various fixes to job running code in Wiki.php: Make it async on Windows. Fixed possible "invalid filename" errors on Windows. Redirect output to dev/null to avoid hanging PHP.
+- (bug 60083) Correct sequence name for fresh Postgres installation. Spotted by gebhkla
+- (bug 60531) Avoid variable naming conflicts in DatabasePostgres::selectSQLText. Spotted by gebhkla
+- (bug 60094) Fix rebuildall.php fatal error with PostgreSQL.
+- (bug 43817) Add error handling if descriptionmsg isn't defined for extension.
+- (bug 60543) Special:PrefixIndex omits stripprefix=1 for "Next page" link.
+
 * Tue Jan 28 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.22.2-1
 - Update to 1.22.2
 - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing
diff --git a/sources b/sources
index 90dbeb2..00730a1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-520e303dfd14d7aa0a64799958ad9811  mediawiki-1.22.2.tar.gz
+473a5c369e45f7c5b403eb7883658d7d  mediawiki-1.22.3.tar.gz

More information about the scm-commits mailing list