Bug 25988

Summary: mediawiki ldap authentication plugin should probably be replaced with maintained version
Product: Mageia Reporter: David Walser <luigiwalser>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: NEW --- QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mediawiki-ldapauthentication-2.1.0-8.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-12-29 05:23:06 CET 
It appears that our currently packaged plugin is no longer maintained or fully functional:
https://www.mediawiki.org/wiki/Extension:LDAP_Authentication

Note that its replacement:
https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2

requires at least a couple other plugins, and requires a fix for a security issue if that fix hasn't made it into a released version:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000244.html
Comment 1 Lewis Smith 2019-12-29 22:19:32 CET 
The last ref above for "the security/maintenance release of MediaWiki 1.31.6..." includes:
"+ (T240338, No CVE requested) - LDAPAuthentication2 allows login with invalid password"
so it looks as if the fix referred to is in place for the new plugin.

The SRPM noted at head is unchanged since some time, and is to be replaced.by something new as per Description. No registered maintainer, assigning globally (even if DavidW has done this in the past).

Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2019-12-29 22:21:15 CET 
The fix is in git, but I don't know if they've spun a new tarball that includes it yet.