Bug 25988 - mediawiki ldap authentication plugin should probably be replaced with maintained version
Summary: mediawiki ldap authentication plugin should probably be replaced with maintai...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-29 05:23 CET by David Walser
Modified: 2019-12-29 22:21 CET (History)
0 users

See Also:
Source RPM: mediawiki-ldapauthentication-2.1.0-8.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-12-29 05:23:06 CET 
It appears that our currently packaged plugin is no longer maintained or fully functional:
https://www.mediawiki.org/wiki/Extension:LDAP_Authentication

Note that its replacement:
https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2

requires at least a couple other plugins, and requires a fix for a security issue if that fix hasn't made it into a released version:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-December/000244.html
Comment 1 Lewis Smith 2019-12-29 22:19:32 CET 
The last ref above for "the security/maintenance release of MediaWiki 1.31.6..." includes:
"+ (T240338, No CVE requested) - LDAPAuthentication2 allows login with invalid password"
so it looks as if the fix referred to is in place for the new plugin.

The SRPM noted at head is unchanged since some time, and is to be replaced.by something new as per Description. No registered maintainer, assigning globally (even if DavidW has done this in the past).

Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2019-12-29 22:21:15 CET 
The fix is in git, but I don't know if they've spun a new tarball that includes it yet.
Note You need to log in before you can comment on or make changes to this bug.