Security fix + some bugfixes: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ SRPM: mediawiki-1.35.3-1.mga8.src.rpm i586: mediawiki-1.35.3-1.mga8.noarch.rpm mediawiki-mysql-1.35.3-1.mga8.noarch.rpm mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm x86_64: mediawiki-1.35.3-1.mga8.noarch.rpm mediawiki-mysql-1.35.3-1.mga8.noarch.rpm mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm
Mga 7 rpms, already in use on infra: SRPM: mediawiki-1.31.15-1.mga7.src.rpm i586: mediawiki-1.31.15-1.mga7.noarch.rpm mediawiki-mysql-1.31.15-1.mga7.noarch.rpm mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm x86_64: mediawiki-1.31.15-1.mga7.noarch.rpm mediawiki-mysql-1.31.15-1.mga7.noarch.rpm mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm
Whiteboard: (none) => MGA7TOO, MGA7-64-OKCVE: (none) => CVE-2021-35197
Summary: Update request: mediawiki-1.35.3-1.mga8 => Update request: mediawiki-1.35.3-1.mga8 / mediawiki-1.31.15-1.mga7
Advisory: ======================== Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented) (CVE-2021-35197). The mediawiki packages are upgraded to latest version for their branches. See upstream release notes for other bugfixes. References: - https://bugs.mageia.org/show_bug.cgi?id=29190 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197 - https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.3 - https://www.mediawiki.org/wiki/MediaWiki_1.31 ======================== Updated packages in core/updates_testing: ======================== SRPM: mediawiki-1.35.3-1.mga8.src.rpm i586: mediawiki-1.35.3-1.mga8.noarch.rpm mediawiki-mysql-1.35.3-1.mga8.noarch.rpm mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm x86_64: mediawiki-1.35.3-1.mga8.noarch.rpm mediawiki-mysql-1.35.3-1.mga8.noarch.rpm mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm SRPM: mediawiki-1.31.15-1.mga7.src.rpm i586: mediawiki-1.31.15-1.mga7.noarch.rpm mediawiki-mysql-1.31.15-1.mga7.noarch.rpm mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm x86_64: mediawiki-1.31.15-1.mga7.noarch.rpm mediawiki-mysql-1.31.15-1.mga7.noarch.rpm mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm
CC: (none) => ouaurelien
MGA8-64 Plasma on Lenovo B50 No installation issues. Made sure httpd and mysqld are running and phpmyadmin is installed. Follow wiki, but at first start of mediawiki to do the onfiguration, I get: MediaWiki 1.35 internal error Installing some PHP extensions is required. Required components You are missing a required extension to PHP that MediaWiki requires to run. Please install: ctype (more information) Checked and found the the package php-ctype was not installed, so had MCC to install it. Is that a missed dependency ???? Then restart httpd and now click the link "setup the wiki first" and get a screeen full: MediaWiki internal error. Original exception: [YOwyKeM57FhZ4PagnM4i_QAAAAM] /mediawiki/mw-config/index.php Error from line 689 of /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php: Class "DOMDocument" not found Backtrace: #0 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(669): LocalisationCache->loadPluralFile() #1 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(642): LocalisationCache->loadPluralFiles() #2 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(735): LocalisationCache->getPluralRules() #3 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(861): LocalisationCache->readSourceFilesAndRegisterDeps() #4 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(497): LocalisationCache->recache() #5 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(371): LocalisationCache->initLanguage() #6 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(312): LocalisationCache->loadItem() #7 /usr/share/mediawiki/includes/language/LanguageFallback.php(106): LocalisationCache->getItem() #8 /usr/share/mediawiki/includes/language/LanguageFactory.php(175): MediaWiki\Languages\LanguageFallback->getAll() #9 /usr/share/mediawiki/includes/language/LanguageFactory.php(121): MediaWiki\Languages\LanguageFactory->newFromCode() #10 /usr/share/mediawiki/includes/installer/WebInstaller.php(507): MediaWiki\Languages\LanguageFactory->getLanguage() #11 /usr/share/mediawiki/includes/installer/WebInstaller.php(167): WebInstaller->setupLanguage() #12 /usr/share/mediawiki/mw-config/index.php(82): WebInstaller->execute() #13 /usr/share/mediawiki/mw-config/index.php(40): wfInstallerMain() #14 {main} Exception caught inside exception handler: [YOwyKeM57FhZ4PagnM4i_QAAAAM] /mediawiki/mw-config/index.php Error from line 689 of /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php: Class "DOMDocument" not found Backtrace: #0 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(669): LocalisationCache->loadPluralFile() #1 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(642): LocalisationCache->loadPluralFiles() #2 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(735): LocalisationCache->getPluralRules() #3 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(861): LocalisationCache->readSourceFilesAndRegisterDeps() #4 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(497): LocalisationCache->recache() #5 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(414): LocalisationCache->initLanguage() #6 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(333): LocalisationCache->loadSubitem() #7 /usr/share/mediawiki/languages/Language.php(2645): LocalisationCache->getSubitem() #8 /usr/share/mediawiki/includes/cache/MessageCache.php(1047): Language->getMessage() #9 /usr/share/mediawiki/includes/cache/MessageCache.php(1005): MessageCache->getMessageForLang() #10 /usr/share/mediawiki/includes/cache/MessageCache.php(947): MessageCache->getMessageFromFallbackChain() #11 /usr/share/mediawiki/includes/language/Message.php(1304): MessageCache->get() #12 /usr/share/mediawiki/includes/language/Message.php(862): Message->fetchMessage() #13 /usr/share/mediawiki/includes/language/Message.php(954): Message->toString() #14 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(221): Message->text() #15 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(156): MWExceptionRenderer::msg() #16 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(65): MWExceptionRenderer::reportHTML() #17 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(106): MWExceptionRenderer::output() #18 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report() #19 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(156): MWExceptionHandler::handleException() #20 [internal function]: MWExceptionHandler::handleUncaughtException() #21 {main} Just note that this is a Dutch installation, there is something wrong in that area????
CC: (none) => herman.viaene
Changing in MCC - System the language to English (this is always installed by default?), logging out and back in, does not make any diffeence for this error
In fact, the whole system is still in Dutch
Correction MCC is now in English, but the whole Plasma is still Dutch
the other missing package is "php-dom" I've submitted a: mediawiki-1.35.3-1.1.mga8 that adds requires on php-ctype and php-dom
Once this php-dom is installed, the mediawiki gets created as per the wiki. So Thoams, what next??? OK this update (and let the M7 go thru, or doit again with the new version youjust created??
We'll OK, and push that mediawiki-1.35.3-1.1.mga8 as the only thing changed from the one you tested is the added requires: http://svnweb.mageia.org/packages/updates/8/mediawiki/current/SPECS/mediawiki.spec?r1=1734343&r2=1735719&pathrev=1735720
The m7 update should go ahead despite the missing requires as those who are using it likely had them installed due to other packages such as task-lamp. The missing requires are not regressions. As for m8, the new package needs a quick test before validating, to ensure it doesn't have some problem such as an unsigned rpm.
CC: (none) => davidwhodginsWhiteboard: MGA7TOO, MGA7-64-OK => MGA7TOO, MGA7-64-OK
yeah, I already that mediawiki-1.35.3-1.1.mga8 correctly pulled in php-ctype and php-dom (after first removing all mediawiki packages and the php packages)
... already *tested* ...
Thanks. Validating the update.
Whiteboard: MGA7TOO, MGA7-64-OK => MGA7TOO, MGA7-64-OK MGA8-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
(In reply to Thomas Backlund from comment #11) > yeah, > I already that mediawiki-1.35.3-1.1.mga8 correctly pulled in php-ctype and > php-dom (after first removing all mediawiki packages and the php packages) (In reply to Thomas Backlund from comment #12) > ... already *tested* ... MGA8-OK-64. Validating.
Keywords: (none) => advisoryWhiteboard: MGA7TOO, MGA7-64-OK MGA8-64-OK => MGA7TOO, MGA7-64-OK MGA8-64-OKSummary: Update request: mediawiki-1.35.3-1.mga8 / mediawiki-1.31.15-1.mga7 => Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0346.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Fedora has issued an advisory for this on October 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
Summary: Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7 => Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7 (fixes CVE-2021-35197)