Re: Security and maintenance release: 1.31.8 / 1.33.4 / 1.34.2

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Security and maintenance release: 1.31.8 / 1.33.4 / 1.34.2

Marshall Lake

I'm running an older version of MediaWiki ... 1.27.4

I installed it via the Software Manager on Mint 19.3.  1.27.4 seems to be
the only version available on the Software Manager.  I attempted to
install a later version via a tarball but ran into problems.

Is it possible to obtain a current version using the Software Manager?



On Wed, 24 Jun 2020, Sam Reed wrote:

> I would like to announce the release of MediaWiki 1.34.2, 1.33.4 and 1.31.8!
>
> These releases also serve as a maintenance release for these branches.
>
> We've noted that this is minor, and as such you don't need to apply them as
> quickly as with other security releases, if you're unable to do so, or if
> you're not running a private wiki. We therefore decided to continue with
> getting the security (and maintenance) release out for this quarter as
> planned, even with the global situation as is.
>
> While tarballs have already been uploaded, git tags will follow later on
> today.
>
> An "MediaWiki Extensions Security Release Supplement" email will follow
> this one.
>
> As mentioned in the pre-release announcement, this will be the final
> release of the MediaWiki 1.33 branch, barring any unforeseen issues. If you
> are currently running 1.33, you are advised to upgrade to a newer,
> supported version of MediaWiki, which as of writing is MediaWiki 1.34 (as
> 1.35 has not been released yet). MediaWiki 1.34 will be supported until
> November 2020. A separate notification of this will be sent out too.
>
> == Security fixes ==
> * (T248947) img_auth.php may leak private extension images into the public
> cache. CVE-2020-15005
>
> == Links to all mentioned tasks ==
> * https://phabricator.wikimedia.org/T248947
>
> == Release notes ==
>
> Full release notes for 1.31.8:
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES-1.31
> https://www.mediawiki.org/wiki/Release_notes/1.31
>
> Full release notes for 1.33.4:
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_33/RELEASE-NOTES-1.33
> https://www.mediawiki.org/wiki/Release_notes/1.33
>
> Full release notes for 1.34.2:
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_34/RELEASE-NOTES-1.34
> https://www.mediawiki.org/wiki/Release_notes/1.34
>
> For information about how to upgrade, see
> <https://www.mediawiki.org/wiki/Manual:Upgrading>
>
> **********************************************************************
> Download:
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz
>
> Download without bundled extensions:
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz
>
> Patch to previous version (1.31.7):
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz
>
> GPG signatures:
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
>
> **********************************************************************
> Download:
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz
>
> Download without bundled extensions:
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz
>
> Patch to previous version (1.33.3):
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz
>
> GPG signatures:
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
>
> **********************************************************************
> Download:
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz
>
> Download without bundled extensions:
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz
>
> Patch to previous version (1.34.1):
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz
>
> GPG signatures:
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz.sig
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz.sig
>
> Public keys:
> https://www.mediawiki.org/keys/keys.html
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

--
Marshall Lake -- [hidden email] -- http://www.mlake.net

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

[MediaWiki-l] Mediawiki on Mint 19.3 (was: Security and maintenance release...)

Jeffrey Walton
On Wed, Jun 24, 2020 at 2:16 PM Marshall Lake <[hidden email]> wrote:
>
> I'm running an older version of MediaWiki ... 1.27.4
>
> I installed it via the Software Manager on Mint 19.3.  1.27.4 seems to be
> the only version available on the Software Manager.  I attempted to
> install a later version via a tarball but ran into problems.
>
> Is it possible to obtain a current version using the Software Manager?

I don't have a Mint 19.3 release to test, but you can probably get
something more recent if you perform a dist-upgrade. But it probably
won't be the latest, like MW 1.34.2.

When working with distros that provide old software, you will probably
need to do something like this:
https://github.com/weidai11/website/blob/master/mediawiki/wiki-upgrade.txt.
They are the instructions I use to keep a CentOS 7 box current.

If that looks too complex, then consider moving to Fedora. Fedora
provides the latest software available during its release. Fedora
releases every 6 months, so every 6 months you do the equivalent of a
dist-upgrade using
https://docs.fedoraproject.org/en-US/quick-docs/dnf-system-upgrade/.

Jeff

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Security and maintenance release: 1.31.8 / 1.33.4 / 1.34.2

reedy
In reply to this post by Marshall Lake
The mint package search tool at http://packages.linuxmint.com/ is currently
pretty broken... So I can't tell you what's in 20, and as such, whether
upgrading your OS will help

But as it's a Debian derivative, and
https://packages.debian.org/buster/mediawiki exists... It shouldn't be
difficult for them to bring in the packages from upstream

On Wed, 24 Jun 2020 at 19:15, Marshall Lake <[hidden email]> wrote:

>
> I'm running an older version of MediaWiki ... 1.27.4
>
> I installed it via the Software Manager on Mint 19.3.  1.27.4 seems to be
> the only version available on the Software Manager.  I attempted to
> install a later version via a tarball but ran into problems.
>
> Is it possible to obtain a current version using the Software Manager?
>
>
>
> On Wed, 24 Jun 2020, Sam Reed wrote:
>
> > I would like to announce the release of MediaWiki 1.34.2, 1.33.4 and
> 1.31.8!
> >
> > These releases also serve as a maintenance release for these branches.
> >
> > We've noted that this is minor, and as such you don't need to apply them
> as
> > quickly as with other security releases, if you're unable to do so, or if
> > you're not running a private wiki. We therefore decided to continue with
> > getting the security (and maintenance) release out for this quarter as
> > planned, even with the global situation as is.
> >
> > While tarballs have already been uploaded, git tags will follow later on
> > today.
> >
> > An "MediaWiki Extensions Security Release Supplement" email will follow
> > this one.
> >
> > As mentioned in the pre-release announcement, this will be the final
> > release of the MediaWiki 1.33 branch, barring any unforeseen issues. If
> you
> > are currently running 1.33, you are advised to upgrade to a newer,
> > supported version of MediaWiki, which as of writing is MediaWiki 1.34 (as
> > 1.35 has not been released yet). MediaWiki 1.34 will be supported until
> > November 2020. A separate notification of this will be sent out too.
> >
> > == Security fixes ==
> > * (T248947) img_auth.php may leak private extension images into the
> public
> > cache. CVE-2020-15005
> >
> > == Links to all mentioned tasks ==
> > * https://phabricator.wikimedia.org/T248947
> >
> > == Release notes ==
> >
> > Full release notes for 1.31.8:
> >
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_31/RELEASE-NOTES-1.31
> > https://www.mediawiki.org/wiki/Release_notes/1.31
> >
> > Full release notes for 1.33.4:
> >
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_33/RELEASE-NOTES-1.33
> > https://www.mediawiki.org/wiki/Release_notes/1.33
> >
> > Full release notes for 1.34.2:
> >
> https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_34/RELEASE-NOTES-1.34
> > https://www.mediawiki.org/wiki/Release_notes/1.34
> >
> > For information about how to upgrade, see
> > <https://www.mediawiki.org/wiki/Manual:Upgrading>
> >
> > **********************************************************************
> > Download:
> > https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz
> >
> > Download without bundled extensions:
> >
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz
> >
> > Patch to previous version (1.31.7):
> > https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz
> >
> > GPG signatures:
> >
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.8.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.8.patch.gz.sig
> >
> > Public keys:
> > https://www.mediawiki.org/keys/keys.html
> >
> > **********************************************************************
> > Download:
> > https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz
> >
> > Download without bundled extensions:
> >
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz
> >
> > Patch to previous version (1.33.3):
> > https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz
> >
> > GPG signatures:
> >
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-core-1.33.4.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.33/mediawiki-1.33.4.patch.gz.sig
> >
> > Public keys:
> > https://www.mediawiki.org/keys/keys.html
> >
> > **********************************************************************
> > Download:
> > https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz
> >
> > Download without bundled extensions:
> >
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz
> >
> > Patch to previous version (1.34.1):
> > https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz
> >
> > GPG signatures:
> >
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-core-1.34.2.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.tar.gz.sig
> >
> https://releases.wikimedia.org/mediawiki/1.34/mediawiki-1.34.2.patch.gz.sig
> >
> > Public keys:
> > https://www.mediawiki.org/keys/keys.html
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
> --
> Marshall Lake -- [hidden email] -- http://www.mlake.net
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Security and maintenance release: 1.31.8 / 1.33.4 / 1.34.2

Kunal Mehta
In reply to this post by Marshall Lake
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

On 2020-06-24 11:15, Marshall Lake wrote:

>
> I'm running an older version of MediaWiki ... 1.27.4
>
> I installed it via the Software Manager on Mint 19.3.  1.27.4 seems
> to be the only version available on the Software Manager.  I
> attempted to install a later version via a tarball but ran into
> problems.
>
> Is it possible to obtain a current version using the Software
> Manager?

I've never tested with Linux Mint before, but my understanding is that
it should be close enough to Ubuntu that you can use my PPA
<https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-lts> to get
updated packages.

If it doesn't work out, let me know and I'll see what I can do to help
get working packages for Mint.

- -- Legoktm
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2MtZ8F27ngU4xIGd8QX4EBsFJpsFAl7zxmQACgkQ8QX4EBsF
JpsGkxAAlVUyMeFHsynuFeMSz15YTWAuTsGkpaTGBQjSQ4G9aqGb59tNPpBBAZQB
D0Vn7ZBI0hwJRUFBh58ouGNYJBFVyj1XKh7znfKUur5TPRjrOjyscko5ss/Tv26f
KTiv6gZRH+QQ2U7hExB1a+XS8WELzao7qFBS1pu4Hx+4OOO6qUdiZVS2JKoyMk3Z
RDMej4dpTaYh3WwVWFa9bh9LldhoSs8YKTortwbnjulofLqCIwZv0RMFCtCNqtfv
HhwP8aja1ryi/T/m3IfDvKPQIMTyDP/SGcLqI8wMV0LrQKJCu2PvnSQTADcuyBTR
BFCodyYPnoGHJFcLWayVa4AUkOXcavEwqnfnr1cgQiudJcoWSodQI2NdODYDctyZ
CM5UzPWCMlMFPP8PI2bhJzF1IlJ6eTGXlqIIw2TlV98CaAg8o8CwYKfFj4BdeR8E
ZIxUJVcHiL6/o4l6fxYiQTaKj4NoCvsJkYIYjc95AH442UVw67DeB16brDfpJs+x
9L4tYYMAD064BNqJkLgelhwq2GbOlKM/7tOURcXGmCR6XAh6VUCO+w1TWLc5w8LS
cMJkoBsut9QYhlRk6dQCvKvnkIrAox/aREBZVN/e/hL+BYm97gn4ho6SVtt1p1b0
3B/WqSEoIT1RPQpz5J3hz09gXvwCo7MsTGCMzxEms5gLen+Jj4M=
=f7Ku
-----END PGP SIGNATURE-----

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Security and maintenance release: 1.31.8 / 1.33.4 / 1.34.2

Marshall Lake

On Wed, 24 Jun 2020, Kunal Mehta wrote:

> On 2020-06-24 11:15, Marshall Lake wrote:
>>
>> I'm running an older version of MediaWiki ... 1.27.4
>>
>> I installed it via the Software Manager on Mint 19.3.  1.27.4 seems to
>> be the only version available on the Software Manager.  I attempted to
>> install a later version via a tarball but ran into problems.
>>
>> Is it possible to obtain a current version using the Software Manager?

> I've never tested with Linux Mint before, but my understanding is that
> it should be close enough to Ubuntu that you can use my PPA
> <https://launchpad.net/~legoktm/+archive/ubuntu/mediawiki-lts> to get
> updated packages.
>
> If it doesn't work out, let me know and I'll see what I can do to help
> get working packages for Mint.

After adding your PPA and doing "apt-get update ; apt-get upgrade",
MediaWiki v1.31.7 is now installed, although, things are different and I
cannot find the wiki page I was working on.  I'll keep playing with it in
my spare time, but the update/upgrade/install does seem to have worked.

--
Marshall Lake -- [hidden email] -- http://www.mlake.net

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l