Mga 7 rpms, already in use on infra:

SRPM:
mediawiki-1.31.15-1.mga7.src.rpm

i586:
mediawiki-1.31.15-1.mga7.noarch.rpm
mediawiki-mysql-1.31.15-1.mga7.noarch.rpm
mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm
mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm

x86_64:
mediawiki-1.31.15-1.mga7.noarch.rpm
mediawiki-mysql-1.31.15-1.mga7.noarch.rpm
mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm
mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm

Whiteboard: (none) => MGA7TOO, MGA7-64-OK
CVE: (none) => CVE-2021-35197

Advisory:
========================

Updated mediawiki packages fix security vulnerability:

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented) (CVE-2021-35197).

The mediawiki packages are upgraded to latest version for their branches.
See upstream release notes for other bugfixes.

References:
 - https://bugs.mageia.org/show_bug.cgi?id=29190
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35197
 - https://www.mediawiki.org/wiki/Release_notes/1.35#MediaWiki_1.35.3
 - https://www.mediawiki.org/wiki/MediaWiki_1.31
========================

Updated packages in core/updates_testing:
========================
SRPM:
mediawiki-1.35.3-1.mga8.src.rpm

i586:
mediawiki-1.35.3-1.mga8.noarch.rpm
mediawiki-mysql-1.35.3-1.mga8.noarch.rpm
mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm
mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm

x86_64:
mediawiki-1.35.3-1.mga8.noarch.rpm
mediawiki-mysql-1.35.3-1.mga8.noarch.rpm
mediawiki-pgsql-1.35.3-1.mga8.noarch.rpm
mediawiki-sqlite-1.35.3-1.mga8.noarch.rpm

SRPM:
mediawiki-1.31.15-1.mga7.src.rpm

i586:
mediawiki-1.31.15-1.mga7.noarch.rpm
mediawiki-mysql-1.31.15-1.mga7.noarch.rpm
mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm
mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm

x86_64:
mediawiki-1.31.15-1.mga7.noarch.rpm
mediawiki-mysql-1.31.15-1.mga7.noarch.rpm
mediawiki-pgsql-1.31.15-1.mga7.noarch.rpm
mediawiki-sqlite-1.31.15-1.mga7.noarch.rpm

CC: (none) => ouaurelien

MGA8-64 Plasma on Lenovo B50
No installation issues.
Made sure httpd and mysqld are running and phpmyadmin is installed.
Follow wiki, but at first start of mediawiki to do the onfiguration, I get:
MediaWiki 1.35 internal error
Installing some PHP extensions is required.
Required components
You are missing a required extension to PHP that MediaWiki requires to run. Please install:
    ctype (more information)
Checked and found the the package php-ctype was not installed, so had MCC to install it. Is that a missed dependency ????
Then restart httpd and now click the link "setup the wiki first" and get a screeen full:

MediaWiki internal error.

Original exception: [YOwyKeM57FhZ4PagnM4i_QAAAAM] /mediawiki/mw-config/index.php Error from line 689 of /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php: Class "DOMDocument" not found
Backtrace:
#0 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(669): LocalisationCache->loadPluralFile()
#1 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(642): LocalisationCache->loadPluralFiles()
#2 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(735): LocalisationCache->getPluralRules()
#3 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(861): LocalisationCache->readSourceFilesAndRegisterDeps()
#4 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(497): LocalisationCache->recache()
#5 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(371): LocalisationCache->initLanguage()
#6 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(312): LocalisationCache->loadItem()
#7 /usr/share/mediawiki/includes/language/LanguageFallback.php(106): LocalisationCache->getItem()
#8 /usr/share/mediawiki/includes/language/LanguageFactory.php(175): MediaWiki\Languages\LanguageFallback->getAll()
#9 /usr/share/mediawiki/includes/language/LanguageFactory.php(121): MediaWiki\Languages\LanguageFactory->newFromCode()
#10 /usr/share/mediawiki/includes/installer/WebInstaller.php(507): MediaWiki\Languages\LanguageFactory->getLanguage()
#11 /usr/share/mediawiki/includes/installer/WebInstaller.php(167): WebInstaller->setupLanguage()
#12 /usr/share/mediawiki/mw-config/index.php(82): WebInstaller->execute()
#13 /usr/share/mediawiki/mw-config/index.php(40): wfInstallerMain()
#14 {main}

Exception caught inside exception handler: [YOwyKeM57FhZ4PagnM4i_QAAAAM] /mediawiki/mw-config/index.php Error from line 689 of /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php: Class "DOMDocument" not found
Backtrace:
#0 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(669): LocalisationCache->loadPluralFile()
#1 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(642): LocalisationCache->loadPluralFiles()
#2 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(735): LocalisationCache->getPluralRules()
#3 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(861): LocalisationCache->readSourceFilesAndRegisterDeps()
#4 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(497): LocalisationCache->recache()
#5 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(414): LocalisationCache->initLanguage()
#6 /usr/share/mediawiki/includes/cache/localisation/LocalisationCache.php(333): LocalisationCache->loadSubitem()
#7 /usr/share/mediawiki/languages/Language.php(2645): LocalisationCache->getSubitem()
#8 /usr/share/mediawiki/includes/cache/MessageCache.php(1047): Language->getMessage()
#9 /usr/share/mediawiki/includes/cache/MessageCache.php(1005): MessageCache->getMessageForLang()
#10 /usr/share/mediawiki/includes/cache/MessageCache.php(947): MessageCache->getMessageFromFallbackChain()
#11 /usr/share/mediawiki/includes/language/Message.php(1304): MessageCache->get()
#12 /usr/share/mediawiki/includes/language/Message.php(862): Message->fetchMessage()
#13 /usr/share/mediawiki/includes/language/Message.php(954): Message->toString()
#14 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(221): Message->text()
#15 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(156): MWExceptionRenderer::msg()
#16 /usr/share/mediawiki/includes/exception/MWExceptionRenderer.php(65): MWExceptionRenderer::reportHTML()
#17 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(106): MWExceptionRenderer::output()
#18 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(185): MWExceptionHandler::report()
#19 /usr/share/mediawiki/includes/exception/MWExceptionHandler.php(156): MWExceptionHandler::handleException()
#20 [internal function]: MWExceptionHandler::handleUncaughtException()
#21 {main}
Just note that  this is a Dutch installation, there is something wrong in that area????

CC: (none) => herman.viaene

Changing in MCC - System the language to English (this is always installed by default?), logging out and back in, does not make any diffeence for this error

In fact, the whole system is still in Dutch

Correction MCC is now in English, but the whole Plasma is still Dutch

the other missing package is "php-dom"

I've submitted a:  mediawiki-1.35.3-1.1.mga8

that adds requires on php-ctype and php-dom

Once this php-dom is installed, the mediawiki gets created as per the wiki.
So Thoams, what next??? OK this update (and let the M7 go thru, or doit again with the new version youjust created??

We'll OK, and push that  mediawiki-1.35.3-1.1.mga8 as the only thing changed from the one you tested is the added requires:
http://svnweb.mageia.org/packages/updates/8/mediawiki/current/SPECS/mediawiki.spec?r1=1734343&r2=1735719&pathrev=1735720

The m7 update should go ahead despite the missing requires as those
who are using it likely had them installed due to other packages such as
task-lamp. The missing requires are not regressions.

As for m8, the new package needs a quick test before validating, to ensure
it doesn't have some problem such as an unsigned rpm.

CC: (none) => davidwhodgins
Whiteboard: MGA7TOO, MGA7-64-OK => MGA7TOO, MGA7-64-OK

yeah, 
I already that mediawiki-1.35.3-1.1.mga8 correctly pulled in php-ctype and php-dom (after first removing all mediawiki packages and the php packages)

... already *tested* ...

Thanks. Validating the update.

Whiteboard: MGA7TOO, MGA7-64-OK => MGA7TOO, MGA7-64-OK MGA8-64-OK
CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

(In reply to Thomas Backlund from comment #11)
> yeah, 
> I already that mediawiki-1.35.3-1.1.mga8 correctly pulled in php-ctype and
> php-dom (after first removing all mediawiki packages and the php packages)

(In reply to Thomas Backlund from comment #12)
> ... already *tested* ...

MGA8-OK-64.
Validating.

Keywords: (none) => advisory
Whiteboard: MGA7TOO, MGA7-64-OK MGA8-64-OK => MGA7TOO, MGA7-64-OK MGA8-64-OK
Summary: Update request: mediawiki-1.35.3-1.mga8 / mediawiki-1.31.15-1.mga7 => Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0346.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Fedora has issued an advisory for this on October 12:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/

Summary: Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7 => Update request: mediawiki-1.35.3-1.1.mga8 / mediawiki-1.31.15-1.mga7 (fixes CVE-2021-35197)