Summary: A wiki engine Name: mediawiki Version: 1.23.9 Release: 1%{?dist} License: GPLv2+ URL: http://www.mediawiki.org/ Source0: http://download.wikimedia.org/mediawiki/1.23/mediawiki-%{version}.tar.gz Source1: mediawiki.conf Source2: README.RPM Source3: mw-createinstance.in Source4: mw-updateallinstances.in BuildArch: noarch Requires(pre): httpd Requires: php-common >= 5, php-xml, php-pecl-jsonc Requires: diffutils, ImageMagick, php-gd Provides: mediawiki-math = %{version}-%{release} Provides: mediawiki-nomath = %{version}-%{release} Provides: mediawiki116 = %{version}-%{release} Obsoletes: mediawiki-math < 1.16.5-63 Obsoletes: mediawiki-nomath < 1.16.5-63 Obsoletes: mediawiki116 < 1.16.0-10 #temporary extension provides/obsoletes Provides: mediawiki-Cite = 0-0.10.20080901svn.2 Provides: mediawiki-imagemap = 0-0.7.r37906.2 Provides: mediawiki-ParserFunctions = 1.1.1-10.svn45003.2 Obsoletes: mediawiki-Cite < 0-0.10.20080901svn.1 Obsoletes: mediawiki-imagemap < 0-0.7.r37906.1 Obsoletes: mediawiki-ParserFunctions < 1.1.1-10.svn45003.1 %description MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under %{_pkgdocdir}/README.RPM. Remember to remove the config dir after completing the configuration. %prep %setup -q %build %install # move away the documentation to the final folder. mkdir -p %{buildroot}%{_pkgdocdir} cp -p %{SOURCE2} %{buildroot}%{_pkgdocdir} # now copy the rest to the buildroot. mkdir -p %{buildroot}%{_datadir}/mediawiki cp -a * %{buildroot}%{_datadir}/mediawiki/ # remove unneeded parts rm -fr %{buildroot}%{_datadir}/mediawiki/{t,test,tests} rm -fr %{buildroot}%{_datadir}/mediawiki/includes/zhtable find %{buildroot}%{_datadir}/mediawiki/ \ \( -name .htaccess -or -name \*.cmi \) \ | xargs -r rm # fix permissions find %{buildroot}%{_datadir}/mediawiki -name \*.pl | xargs -r chmod +x chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/cssjanus/cssjanus.py chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/cssjanus/csslex.py chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/hiphop/run-server chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/storage/make-blobs chmod +x %{buildroot}%{_datadir}/mediawiki/includes/limit.sh chmod +x %{buildroot}%{_datadir}/mediawiki/includes/normal/UtfNormalTest2.php chmod +x %{buildroot}%{_datadir}/mediawiki/extensions/ConfirmEdit/captcha.py # remove version control/patch files find %{buildroot} -name .svnignore | xargs -r rm find %{buildroot} -name \*.commoncode | xargs -r rm find %{buildroot} -name .gitreview | xargs -r rm find %{buildroot} -name .jshintignore | xargs -r rm find %{buildroot} -name .jshintrc | xargs -r rm # placeholder for a default instance mkdir -p %{buildroot}/var/www/wiki mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/ install -p -m 0644 %{SOURCE1} \ %{buildroot}%{_sysconfdir}/httpd/conf.d/mediawiki.conf # tools for keeping mediawiki instances current mkdir -p %{buildroot}%{_sbindir} sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \ < %{SOURCE3} > %{buildroot}%{_sbindir}/mw-createinstance sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \ < %{SOURCE4} > %{buildroot}%{_sbindir}/mw-updateallinstances chmod 0755 %{buildroot}%{_sbindir}/mw-* mkdir %{buildroot}%{_sysconfdir}/mediawiki echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances %post %{_sbindir}/mw-updateallinstances >> /var/log/mediawiki-updates.log 2>&1 || : %files %doc COPYING FAQ HISTORY README RELEASE-NOTES-1.23 UPGRADE CREDITS docs %{_datadir}/mediawiki /var/www/wiki %config(noreplace) %{_sysconfdir}/httpd/conf.d/mediawiki.conf %dir %{_sysconfdir}/mediawiki %config(noreplace) %{_sysconfdir}/mediawiki/instances %{_sbindir}/mw-createinstance %{_sbindir}/mw-updateallinstances %changelog * Wed Apr 01 2015 Michael Cronenworth <mike@cchtml.com> - 1.23.9-1 - Update to 1.23.9 - (bug T85848, bug T71210) SECURITY: Don't parse XMP blocks that contain XML entities, to prevent various DoS attacks. - (bug T85848) SECURITY: Don't allow directly calling Xml::isWellFormed, to reduce likelihood of DoS. - (bug T88310) SECURITY: Always expand xml entities when checking SVG's. - (bug T73394) SECURITY: Escape > in Html::expandAttributes to prevent XSS. - (bug T85855) SECURITY: Don't execute another user's CSS or JS on preview. - (bug T85349, bug T85850, bug T86711) SECURITY: Multiple issues fixed in SVG filtering to prevent XSS and protect viewer's privacy. - (bug T70087) Fix Special:ActiveUsers page for installations using PostgreSQL. * Thu Dec 18 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.8-1 - Update to 1.23.8 - (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this. - (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name. - (bug T74222) The original patch for T74222 was reverted as unnecessary. * Fri Nov 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.7-1 - Update to 1.23.7 - Release notes: http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7 * Mon Nov 03 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.6-1 - Update to 1.23.6 - (bug 67440) Allow classes to be registered properly from installer - (bug 72274) Job queue not running (HTTP 411) due to missing Content-Length: header * Thu Oct 02 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.5-1 - Update to 1.23.5 - CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance. * Fri Sep 26 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.4-1 - Update to 1.23.4 - (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style elements and attributes before filtering; add checks for attributes that contain css; add unit tests for html5sec and reported bugs. - (bug 65998) Make MySQLi work with non-standard socket. - (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config settings. * Thu Aug 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.3-1 - Update to 1.23.3 - (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php. - (bug 64970) Fix support for blobs on DatabaseOracle::update. - (bug 66574) Display MediaWiki:Loginprompt on the login page. - (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes. - (bug 60629) Handle invalid language code gracefully in Language::fetchLanguageNames. - (bug 62017) Restore the number of rows shown on Special:Watchlist. - Check for boolean false result from database query in SqlBagOStuff. * Sat Aug 16 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.2-1 - Update to 1.23.2 (long term support branch) - (bug 68187) SECURITY: Prepend jsonp callback with comment. - (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked. - (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput. - (bug 68313) Preferences: Turn stubthreshold back into a combo box. - (bug 65214) Fix initSiteStats.php maintenance script. - (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL. * Wed Jun 25 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.11-1 - Update to 1.21.11 - (bug 65839) SECURITY: Prevent external resources in SVG files. - (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all. * Sat May 31 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.10-1 - Update to 1.21.10 - (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset. - (bug 36356) Add space between two feed links. * Fri Apr 25 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.9-1 - Update to 1.21.9 - (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in pageInfo. - (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text. * Fri Mar 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.8-1 - Update to 1.21.8 - (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword. - (bug 62467) Set a title for the context during import on the cli. * Sat Mar 01 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.6-1 - Update to 1.21.6 - (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace. - (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time. - (bug 61362) SECURITY: API: Don't find links in the middle of api.php links. * Tue Jan 28 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.21.5-1 - Update to 1.21.5 - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing * Tue Jan 14 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.21.4-1 - Security update to 1.21.4 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks * Tue Nov 19 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.3-1 - New upstream release. * Sat Oct 05 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.2-2 - Packaging fixes. (#1006110, #1007377) * Thu Sep 05 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.2-1 - New upstream release. * Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 1.21.1-6 - Perl 5.18 rebuild * Sat Jul 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-5 - Update mw-createinstance - Support for UnversionedDocdirs * Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1.21.1-4 - Perl 5.18 rebuild * Wed Jul 10 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-3 - Fix Obsoletes * Tue Jul 09 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-2 - Provide/Obsolete now included extensions (#967811) * Mon Jun 03 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-1 - New upstream release. * Tue May 28 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.0-1 - New upstream release. * Tue May 07 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.5-1 - New upstream release. - Obsolete mediawiki116 package. * Wed Apr 17 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.4-1 - New upstream release. * Thu Apr 11 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-3 - Update mw-* scripts. (#926899) * Tue Mar 12 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-2 - Update mw-createinstance for new access points. * Mon Mar 4 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-1 - New upstream release. * Thu Feb 28 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.2-2 - Fix upgrade path. * Wed Feb 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.2-1 - New upstream release. * Wed Feb 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.19.3-1 - New upstream release. * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-62 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-61 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-60 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Sun May 8 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.5-59 - Update to 1.16.5. * Fri Apr 22 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.4-58 - texvc was being accidentially wiped out before packaging it. * Sat Apr 16 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.4-57 - Update to 1.16.4. * Sun Apr 3 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.2-56 - Update to 1.16.2. - Fixes RH bugs #614065, #644325, #682281, #662402 - Enable suggestions while typing in search boxes by default. - Add some basic mediawiki management scripts. * Fri Sep 10 2010 Nick Bebout <nb@fedoraproject.org> - 1.15.4-55 - Mark mediawiki.conf as config(noreplace) (RH bug #614396). * Mon Jul 5 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.4-54 - Update to 1.5.14 (Fixes CVE-2010-1647 CVE-2010-1648). - Change BR php to php-common (RH bug #549822). * Wed Apr 7 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.3-53 - Update to 1.15.3 (Fixes login CSRF vulnerability). * Wed Mar 31 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.2-51 - Update to 1.15.2 (Fixes CSS validation issue and data leakage vulnerability). * Fri Jul 24 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-50 - Add a README.RPM and a sample apache mediawiki.conf file. * Thu Jul 23 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-49 - All (runtime) dependencies from mediawiki need to move to mediawiki-nomath. * Mon Jul 13 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-48 - Update to 1.15.1 (Fixes XSS vulnerability). * Sat Jul 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.0-47 - Fix api.php breakage. * Sat Jun 13 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.0-46 - Update to 1.15.0. * Thu Apr 16 2009 S390x secondary arch maintainer <fedora-s390x@lists.fedoraproject.org> - ExcludeArch sparc64, s390, s390x as we don't have OCaml on those archs (added sparc64 per request from the sparc maintainer) * Sat Feb 28 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.14.0-45 - Update to 1.14.0. * Sun Feb 22 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.4-44 - Split package up, so some users can decide to not install math support (results in smaller installs), see RH bug #485447. * Wed Feb 18 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.4-43 - Update to 1.13.4, closes RH bug #485728. * Tue Dec 23 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.3-42 - Update to 1.13.3, closes RH bug #476621 (CVE-2008-5249, CVE-2008-5250, CVE-2008-5252 and CVE-2008-5687, CVE-2008-5688) * Sun Oct 5 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.2-41 - Update to 1.13.2. * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.0-40 - Use consistently Patch0 and %%patch0. * Sat Aug 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.0-39 - Update to 1.13.0. * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.10.4-40 - fix license tag * Tue Mar 4 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.4-38 - Update to 1.10.4. * Sun Feb 17 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.3-37 - Update to 1.10.3. - Fixes CVE-2008-0460 (bug #430286). * Wed May 9 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.0-35 - Update to 1.10.0. * Thu Feb 22 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.3-34 - Update to 1.9.4. * Mon Feb 5 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.2-33 - Update to 1.9.2. * Fri Feb 2 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.1-32 - Fix permissions. - Remove some parts not needed at runtime anymore. * Thu Feb 1 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.1-31 - Update to 1.9.1. * Sat Oct 14 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.8.2-28 - Update to 1.8.2. * Wed Oct 11 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.8.1-27 - Update to 1.8.1. - Update to 1.8.0. * Mon Jul 10 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.7.1. * Wed Jun 7 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.6.7. * Fri May 26 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.6.6. * Thu Apr 13 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.6.3. * Sat Apr 8 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.6.2. * Fri Apr 7 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.6.1. * Mon Apr 3 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.8. * Thu Mar 2 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.7. * Thu Jan 19 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.6. * Fri Jan 6 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.5. * Sun Dec 4 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.3. * Fri Nov 4 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.2. * Mon Oct 31 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.1. * Thu Oct 6 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5.0. * Fri Sep 2 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5rc4. * Sun Jul 31 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5beta4. * Fri Jul 8 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5beta3. * Tue Jul 5 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Update to 1.5beta2. * Sun Jul 3 2005 Axel Thimm <Axel.Thimm@ATrpms.net> - Initial build.