mooninite pushed to mediawiki (f22). "Update to 1.24.2"

notifications at fedoraproject.org notifications at fedoraproject.org
Wed Apr 1 13:38:15 UTC 2015 

>From 3caf725838b05505ad8cda63c479a9e38437deda Mon Sep 17 00:00:00 2001
From: Michael Cronenworth <mike at cchtml.com>
Date: Wed, 1 Apr 2015 08:31:27 -0500
Subject: Update to 1.24.2


diff --git a/.gitignore b/.gitignore
index d7f6378..881f928 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/mediawiki-1.24.1.tar.gz
+/mediawiki-1.24.2.tar.gz
diff --git a/mediawiki.spec b/mediawiki.spec
index 12ac01c..2f8bb85 100644
--- a/mediawiki.spec
+++ b/mediawiki.spec
@@ -1,6 +1,6 @@
 Summary: A wiki engine
 Name: mediawiki
-Version: 1.24.1
+Version: 1.24.2
 Release: 1%{?dist}
 License: GPLv2+
 URL: http://www.mediawiki.org/
@@ -117,6 +117,19 @@ echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances
 
 
 %changelog
+* Wed Apr 01 2015 Michael Cronenworth <mike at cchtml.com> - 1.24.2-1
+- Update to 1.24.2
+- (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks.
+- (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS.
+- (bug T88310) SECURITY: Always expand xml entities when checking SVG's.
+- (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS.
+- (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview.
+- (bug T64685) SECURITY: Allow setting maximal password length to prevent DoS when using PBKDF2.
+- (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy.
+- Fix case of SpecialAllPages/SpecialAllMessages in SpecialPageFactory to fix loading these special pages when $wgAutoloadAttemptLowercase is false.
+- (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL.
+- (bug T76254) Fix deleting of pages with PostgreSQL. Requires a schema change and running update.php to fix.
+
 * Thu Dec 18 2014 Michael Cronenworth <mike at cchtml.com> - 1.24.1-1
 - Update to 1.24.1
 - (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
diff --git a/sources b/sources
index 86ee969..3cbdd7d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-fb1a48c777c17df8f20a95061b3a483c  mediawiki-1.24.1.tar.gz
+6832bba1b9407245ec9f63b10845d0c1  mediawiki-1.24.2.tar.gz
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/mediawiki.git/commit/?h=f22&id=3caf725838b05505ad8cda63c479a9e38437deda

More information about the scm-commits mailing list