Bug 16578

Working fine on our production wiki at work, Mageia 4 i586.

Whiteboard: MGA4TOO has_procedure => MGA4TOO has_procedure MGA4-32-OK

Trying this on mga5 x86_64.
Cannot get past the pre-testing stage of setting up a wiki.  I gave the database a name then specified myself as the user with my login password.  Failure:
DB connection error: Access denied for lcl....

It is not clear from the documentation if it is root or the user who does the setting up.  I started with root.  Is that the problem?

CC: (none) => tarazed25

It occurs to me that a database has to be set up first as well.  And I don't know how to do that.  Need some guidance here.  Know nothing about mysql.  Guess I shall have to start researching.

(In reply to Len Lawrence from comment #3)
> It occurs to me that a database has to be set up first as well.  And I don't
> know how to do that.  Need some guidance here.  Know nothing about mysql. 
> Guess I shall have to start researching.

See the testing procedure for Moodle (check resolved bugs in bugzilla); you can do something similar to set up the db.

Having no luck with this.  Created a database called boojum via root and tried creating a user called tyro with a password.  The user was rejected so I used my login name and password, which I had been trying to avoid.  That succeeded so I logged out of root and tried the hostname/mediawiki page in Firefox.  Supplied the database name boojum and then lcl :: password and that was rejected.  I am stumped.

Yes, I tested moodle when it came up recently and had no trouble at all so I don't know what is going wrong this time.  Shall try to retrace my steps.

Got there at last.  One of the problems was that I did not realize that mysql does not do DNS translation.  Stupid idea anyway to specify a particular machine.  Went back to localhost and user tyro lives.  Mediawiki established.

Now for the update....

Removed all traces of mediawiki from the system.
Installed mediawiki and mediawiki-mysql and recreated the mediawiki from scratch;
database boojum, use tyro.  Modified the main page OK.

Looks like this is OK.  The packages are noarch but marking it as OK for 64-bit systems.

Oh.  Do the other variants have to be tested too?  i.e. pgsql and sqlite?

Whiteboard: MGA4TOO has_procedure MGA4-32-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK

(In reply to Len Lawrence from comment #8)
> Oh.  Do the other variants have to be tested too?  i.e. pgsql and sqlite?

It doesn't hurt, but they don't absolutely have to be.

Testing Mageia 4 x64

Already had MediaWiki installed against PostgreSQL & working. From Updates Testing applied this update:
 mediawiki-1.23.10-1.mga4
 mediawiki-pgsql-1.23.10-1.mga4
It continues to function correctly. Update OK.

CC: (none) => lewyssmith
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-64-OK MGA4-64-OK

Validating. Advisory needed though.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Still no response to the CVE request.  Generic advisory for now.

Advisory:
========================

Updated mediawiki packages fix security vulnerabilities:

The mediawiki package has been updated to version 1.23.10, which fixes
multiple security issues and other bugs.  See the release announcement for
more details.

References:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0320.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

CVEs have finally been assigned:
http://openwall.com/lists/oss-security/2015/08/27/6

CVE-2013-7444
CVE-2015-6727
CVE-2015-6728
CVE-2015-6729
CVE-2015-6730
CVE-2015-6731
CVE-2015-6732
CVE-2015-6733
CVE-2015-6734
CVE-2015-6735
CVE-2015-6736
CVE-2015-6737

LWN entry with CVEs:
http://lwn.net/Vulnerabilities/656657/

This one was deleted:
http://lwn.net/Vulnerabilities/655405/

URL: http://lwn.net/Vulnerabilities/655405/ => http://lwn.net/Vulnerabilities/656657/