Summary: A wiki engine
Name: mediawiki
Version: 1.23.8
Release: 1%{?dist}
License: GPLv2+
URL: http://www.mediawiki.org/
Source0: http://download.wikimedia.org/mediawiki/1.23/mediawiki-%{version}.tar.gz
Source1: mediawiki.conf
Source2: README.RPM
Source3: mw-createinstance.in
Source4: mw-updateallinstances.in
BuildArch: noarch
Requires(pre): httpd
Requires: php-common >= 5, php-xml, php-pecl-jsonc
Requires: diffutils, ImageMagick, php-gd
Provides: mediawiki-math = %{version}-%{release}
Provides: mediawiki-nomath = %{version}-%{release}
Provides: mediawiki116 = %{version}-%{release}
Obsoletes: mediawiki-math < 1.16.5-63
Obsoletes: mediawiki-nomath < 1.16.5-63
Obsoletes: mediawiki116 < 1.16.0-10
#temporary extension provides/obsoletes
Provides: mediawiki-Cite = 0-0.10.20080901svn.2
Provides: mediawiki-imagemap = 0-0.7.r37906.2
Provides: mediawiki-ParserFunctions = 1.1.1-10.svn45003.2
Obsoletes: mediawiki-Cite < 0-0.10.20080901svn.1
Obsoletes: mediawiki-imagemap < 0-0.7.r37906.1
Obsoletes: mediawiki-ParserFunctions < 1.1.1-10.svn45003.1
%description
MediaWiki is the software used for Wikipedia and the other Wikimedia
Foundation websites. Compared to other wikis, it has an excellent
range of features and support for high-traffic websites using multiple
servers
This package supports wiki farms. Read the instructions for creating wiki
instances under %{_defaultdocdir}/%{name}-%{version}/README.RPM.
Remember to remove the config dir after completing the configuration.
%prep
%setup -q
%build
%install
# move away the documentation to the final folder.
mkdir -p %{buildroot}%{_defaultdocdir}/%{name}-%{version}
cp -p %{SOURCE2} %{buildroot}%{_defaultdocdir}/%{name}-%{version}/
# now copy the rest to the buildroot.
mkdir -p %{buildroot}%{_datadir}/mediawiki
cp -a * %{buildroot}%{_datadir}/mediawiki/
# remove unneeded parts
rm -fr %{buildroot}%{_datadir}/mediawiki/{t,test,tests}
rm -fr %{buildroot}%{_datadir}/mediawiki/includes/zhtable
find %{buildroot}%{_datadir}/mediawiki/ \
\( -name .htaccess -or -name \*.cmi \) \
| xargs -r rm
# fix permissions
find %{buildroot}%{_datadir}/mediawiki -name \*.pl | xargs -r chmod +x
chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/cssjanus/cssjanus.py
chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/cssjanus/csslex.py
chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/hiphop/run-server
chmod +x %{buildroot}%{_datadir}/mediawiki/maintenance/storage/make-blobs
chmod +x %{buildroot}%{_datadir}/mediawiki/includes/limit.sh
chmod +x %{buildroot}%{_datadir}/mediawiki/includes/normal/UtfNormalTest2.php
chmod +x %{buildroot}%{_datadir}/mediawiki/extensions/ConfirmEdit/captcha.py
# remove version control/patch files
find %{buildroot} -name .svnignore | xargs -r rm
find %{buildroot} -name \*.commoncode | xargs -r rm
find %{buildroot} -name .gitreview | xargs -r rm
find %{buildroot} -name .jshintignore | xargs -r rm
find %{buildroot} -name .jshintrc | xargs -r rm
# placeholder for a default instance
mkdir -p %{buildroot}/var/www/wiki
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
install -p -m 0644 %{SOURCE1} \
%{buildroot}%{_sysconfdir}/httpd/conf.d/mediawiki.conf
# tools for keeping mediawiki instances current
mkdir -p %{buildroot}%{_sbindir}
sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \
< %{SOURCE3} > %{buildroot}%{_sbindir}/mw-createinstance
sed -e's,@datadir@,%{_datadir},g' -e's,@sysconfdir@,%{_sysconfdir},g' \
< %{SOURCE4} > %{buildroot}%{_sbindir}/mw-updateallinstances
chmod 0755 %{buildroot}%{_sbindir}/mw-*
mkdir %{buildroot}%{_sysconfdir}/mediawiki
echo /var/www/wiki > %{buildroot}%{_sysconfdir}/mediawiki/instances
%post
%{_sbindir}/mw-updateallinstances >> /var/log/mediawiki-updates.log 2>&1 || :
%files
%doc COPYING FAQ HISTORY README RELEASE-NOTES-1.23 UPGRADE CREDITS docs
%{_datadir}/mediawiki
/var/www/wiki
%config(noreplace) %{_sysconfdir}/httpd/conf.d/mediawiki.conf
%dir %{_sysconfdir}/mediawiki
%config(noreplace) %{_sysconfdir}/mediawiki/instances
%{_sbindir}/mw-createinstance
%{_sbindir}/mw-updateallinstances
%changelog
* Thu Dec 18 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.8-1
- Update to 1.23.8
- (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML, which could lead to xss. Permission to edit MediaWiki namespace is required to exploit this.
- (bug T77028) [SECURITY] Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as part of its name.
- (bug T74222) The original patch for T74222 was reverted as unnecessary.
* Fri Nov 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.7-1
- Update to 1.23.7
- Release notes: http://www.mediawiki.org/wiki/Release_notes/1.23#MediaWiki_1.23.7
* Mon Nov 03 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.6-1
- Update to 1.23.6
- (bug 67440) Allow classes to be registered properly from installer
- (bug 72274) Job queue not running (HTTP 411) due to missing Content-Length: header
* Thu Oct 02 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.5-1
- Update to 1.23.5
- CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module
allowance.
* Fri Sep 26 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.4-1
- Update to 1.23.4
- (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter <style> elements; normalize style
elements and attributes before filtering; add checks for attributes that contain css; add unit tests
for html5sec and reported bugs.
- (bug 65998) Make MySQLi work with non-standard socket.
- (bug 66986) GlobalVarConfig shouldn't throw exceptions for null-valued config settings.
* Thu Aug 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.3-1
- Update to 1.23.3
- (bug 68501) Correctly handle incorrect namespace in cleanupTitles.php.
- (bug 64970) Fix support for blobs on DatabaseOracle::update.
- (bug 66574) Display MediaWiki:Loginprompt on the login page.
- (bug 67870) wfShellExec() cuts off stdout at multiples of 8192 bytes.
- (bug 60629) Handle invalid language code gracefully in
Language::fetchLanguageNames.
- (bug 62017) Restore the number of rows shown on Special:Watchlist.
- Check for boolean false result from database query in SqlBagOStuff.
* Sat Aug 16 2014 Michael Cronenworth <mike@cchtml.com> - 1.23.2-1
- Update to 1.23.2 (long term support branch)
- (bug 68187) SECURITY: Prepend jsonp callback with comment.
- (bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading
a new page in Javascript,instead of relying on the URL in the link that has been clicked.
- (bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
- (bug 68313) Preferences: Turn stubthreshold back into a combo box.
- (bug 65214) Fix initSiteStats.php maintenance script.
- (bug 67594) Special:ActiveUsers: Fix to work with PostgreSQL.
* Wed Jun 25 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.11-1
- Update to 1.21.11
- (bug 65839) SECURITY: Prevent external resources in SVG files.
- (bug 66428) MimeMagic: Don't seek before BOF. This has weird side effects
like only extracting the tail of the file partially or not at all.
* Sat May 31 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.10-1
- Update to 1.21.10
- (bug 65501) SECURITY: Don't parse usernames as wikitext on Special:PasswordReset.
- (bug 36356) Add space between two feed links.
* Fri Apr 25 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.9-1
- Update to 1.21.9
- (bug 63251) (CVE-2014-2853) SECURITY: Escape sortKey in pageInfo.
- (bug 58640) Fixed a compatibility issue with PCRE 8.34 that caused pages to appear blank or with missing text.
* Fri Mar 28 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.8-1
- Update to 1.21.8
- (bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
- (bug 62467) Set a title for the context during import on the cli.
* Sat Mar 01 2014 Michael Cronenworth <mike@cchtml.com> - 1.21.6-1
- Update to 1.21.6
- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace.
- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
- (bug 61362) SECURITY: API: Don't find links in the middle of api.php links.
* Tue Jan 28 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.21.5-1
- Update to 1.21.5
- (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing
* Tue Jan 14 2014 Patrick Uiterwijk <puiterwijk@redhat.com> - 1.21.4-1
- Security update to 1.19.10
- (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads
- (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks
- (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles
- (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads
- (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks
* Tue Nov 19 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.3-1
- New upstream release.
* Sat Oct 05 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.2-2
- Packaging fixes. (#1006110, #1007377)
* Thu Sep 05 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.2-1
- New upstream release.
* Sat Jul 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-4
- Update mw-createinstance
* Wed Jul 10 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-3
- Fix Obsoletes
* Tue Jul 09 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-2
- Provide/Obsolete now included extensions (#967811)
* Mon Jun 03 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.1-1
- New upstream release.
* Tue May 28 2013 Michael Cronenworth <mike@cchtml.com> - 1.21.0-1
- New upstream release.
* Tue May 07 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.5-1
- New upstream release.
- Obsolete mediawiki116 package.
* Wed Apr 17 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.4-1
- New upstream release.
* Thu Apr 11 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-3
- Update mw-* scripts. (#926899)
* Tue Mar 12 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-2
- Update mw-createinstance for new access points.
* Mon Mar 4 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.3-1
- New upstream release.
* Thu Feb 28 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.2-2
- Fix upgrade path.
* Wed Feb 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.20.2-1
- New upstream release.
* Wed Feb 27 2013 Michael Cronenworth <mike@cchtml.com> - 1.19.3-1
- New upstream release.
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-62
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-61
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.16.5-60
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sun May 8 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.5-59
- Update to 1.16.5.
* Fri Apr 22 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.4-58
- texvc was being accidentially wiped out before packaging it.
* Sat Apr 16 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.4-57
- Update to 1.16.4.
* Sun Apr 3 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.16.2-56
- Update to 1.16.2.
- Fixes RH bugs #614065, #644325, #682281, #662402
- Enable suggestions while typing in search boxes by default.
- Add some basic mediawiki management scripts.
* Fri Sep 10 2010 Nick Bebout <nb@fedoraproject.org> - 1.15.4-55
- Mark mediawiki.conf as config(noreplace) (RH bug #614396).
* Mon Jul 5 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.4-54
- Update to 1.5.14 (Fixes CVE-2010-1647 CVE-2010-1648).
- Change BR php to php-common (RH bug #549822).
* Wed Apr 7 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.3-53
- Update to 1.15.3 (Fixes login CSRF vulnerability).
* Wed Mar 31 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.2-51
- Update to 1.15.2 (Fixes CSS validation issue and data leakage
vulnerability).
* Fri Jul 24 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-50
- Add a README.RPM and a sample apache mediawiki.conf file.
* Thu Jul 23 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-49
- All (runtime) dependencies from mediawiki need to move to
mediawiki-nomath.
* Mon Jul 13 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-48
- Update to 1.15.1 (Fixes XSS vulnerability).
* Sat Jul 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.0-47
- Fix api.php breakage.
* Sat Jun 13 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.0-46
- Update to 1.15.0.
* Thu Apr 16 2009 S390x secondary arch maintainer <fedora-s390x@lists.fedoraproject.org>
- ExcludeArch sparc64, s390, s390x as we don't have OCaml on those archs
(added sparc64 per request from the sparc maintainer)
* Sat Feb 28 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.14.0-45
- Update to 1.14.0.
* Sun Feb 22 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.4-44
- Split package up, so some users can decide to not install math
support (results in smaller installs), see RH bug #485447.
* Wed Feb 18 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.4-43
- Update to 1.13.4, closes RH bug #485728.
* Tue Dec 23 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.3-42
- Update to 1.13.3, closes RH bug #476621 (CVE-2008-5249,
CVE-2008-5250, CVE-2008-5252 and CVE-2008-5687, CVE-2008-5688)
* Sun Oct 5 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.2-41
- Update to 1.13.2.
* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.0-40
- Use consistently Patch0 and %%patch0.
* Sat Aug 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.13.0-39
- Update to 1.13.0.
* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.10.4-40
- fix license tag
* Tue Mar 4 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.4-38
- Update to 1.10.4.
* Sun Feb 17 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.3-37
- Update to 1.10.3.
- Fixes CVE-2008-0460 (bug #430286).
* Wed May 9 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.10.0-35
- Update to 1.10.0.
* Thu Feb 22 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.3-34
- Update to 1.9.4.
* Mon Feb 5 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.2-33
- Update to 1.9.2.
* Fri Feb 2 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.1-32
- Fix permissions.
- Remove some parts not needed at runtime anymore.
* Thu Feb 1 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.9.1-31
- Update to 1.9.1.
* Sat Oct 14 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.8.2-28
- Update to 1.8.2.
* Wed Oct 11 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.8.1-27
- Update to 1.8.1.
- Update to 1.8.0.
* Mon Jul 10 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.7.1.
* Wed Jun 7 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.6.7.
* Fri May 26 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.6.6.
* Thu Apr 13 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.6.3.
* Sat Apr 8 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.6.2.
* Fri Apr 7 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.6.1.
* Mon Apr 3 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.8.
* Thu Mar 2 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.7.
* Thu Jan 19 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.6.
* Fri Jan 6 2006 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.5.
* Sun Dec 4 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.3.
* Fri Nov 4 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.2.
* Mon Oct 31 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.1.
* Thu Oct 6 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5.0.
* Fri Sep 2 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5rc4.
* Sun Jul 31 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5beta4.
* Fri Jul 8 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5beta3.
* Tue Jul 5 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Update to 1.5beta2.
* Sun Jul 3 2005 Axel Thimm <Axel.Thimm@ATrpms.net>
- Initial build.