From 03cbd0e47309fbff42761cfe2e266e139ee8aeba Mon Sep 17 00:00:00 2001
From: athimm <athimm@fedoraproject.org>
Date: Apr 07 2010 17:22:15 +0000
Subject: Update to 1.15.3.


---

diff --git a/.cvsignore b/.cvsignore
index 55d65b3..9dc106e 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-mediawiki-1.15.2.tar.gz
+mediawiki-1.15.3.tar.gz
diff --git a/mediawiki-1.15.0-commoncode.patch b/mediawiki-1.15.0-commoncode.patch
deleted file mode 100644
index 60a9e26..0000000
--- a/mediawiki-1.15.0-commoncode.patch
+++ /dev/null
@@ -1,184 +0,0 @@
---- mediawiki-1.15.0//includes/Setup.php.commoncode	2009-01-27 20:58:26.000000000 +0100
-+++ mediawiki-1.15.0//includes/Setup.php	2009-07-11 21:46:03.000000000 +0200
-@@ -45,7 +45,7 @@
- if( $wgLogo === false ) $wgLogo = "$wgStylePath/common/images/wiki.png";
- 
- if( $wgUploadPath === false ) $wgUploadPath = "$wgScriptPath/images";
--if( $wgUploadDirectory === false ) $wgUploadDirectory = "$IP/images";
-+if( $wgUploadDirectory === false ) $wgUploadDirectory = "$DIR/images";
- 
- if( $wgMathPath === false ) $wgMathPath = "{$wgUploadPath}/math";
- if( $wgMathDirectory === false ) $wgMathDirectory = "{$wgUploadDirectory}/math";
---- mediawiki-1.15.0//includes/WebStart.php.commoncode	2008-11-07 17:38:01.000000000 +0100
-+++ mediawiki-1.15.0//includes/WebStart.php	2009-07-11 21:46:03.000000000 +0200
-@@ -103,14 +103,14 @@
- 	# LocalSettings.php is the per site customization file. If it does not exit
- 	# the wiki installer need to be launched or the generated file moved from
- 	# ./config/ to ./
--	if( !file_exists( "$IP/LocalSettings.php" ) ) {
-+	if( !file_exists( "$DIR/LocalSettings.php" ) ) {
- 		require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
- 		require_once( "$IP/includes/templates/NoLocalSettings.php" );
- 		die();
- 	}
- 
- 	# Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
--	require_once( "$IP/LocalSettings.php" );
-+	require_once( "$DIR/LocalSettings.php" );
- }
- wfProfileOut( 'WebStart.php-conf' );
- 
---- mediawiki-1.15.0//includes/templates/NoLocalSettings.php.commoncode	2009-02-20 14:56:57.000000000 +0100
-+++ mediawiki-1.15.0//includes/templates/NoLocalSettings.php	2009-07-11 21:46:03.000000000 +0200
-@@ -58,7 +58,7 @@
- 		<h1>MediaWiki <?php echo htmlspecialchars( $wgVersion ) ?></h1>
- 		<div class='error'>
- 		<?php
--		if ( file_exists( 'config/LocalSettings.php' ) ) {
-+		if ( file_exists( $DIR . 'config/LocalSettings.php' ) ) {
- 			echo( 'To complete the installation, move <tt>config/LocalSettings.php</tt> to the parent directory.' );
- 		} else {
- 			echo( "Please <a href=\"" . htmlspecialchars( $path ) . "config/index." . htmlspecialchars( $ext ) . "\" title='setup'> set up the wiki</a> first." );
---- mediawiki-1.15.0//maintenance/archives/upgradeWatchlist.php.commoncode	2008-07-11 00:00:04.000000000 +0200
-+++ mediawiki-1.15.0//maintenance/archives/upgradeWatchlist.php	2009-07-11 21:46:03.000000000 +0200
-@@ -15,7 +15,7 @@
- # Convert watchlists to new format
- 
- global $IP;
--require_once( "../LocalSettings.php" );
-+require_once( "$DIR/LocalSettings.php" );
- require_once( "$IP/Setup.php" );
- 
- $wgTitle = Title::newFromText( "Rebuild links script" );
---- mediawiki-1.15.0//maintenance/commandLine.inc.commoncode	2009-02-23 13:37:33.000000000 +0100
-+++ mediawiki-1.15.0//maintenance/commandLine.inc	2009-07-11 21:46:03.000000000 +0200
-@@ -6,6 +6,8 @@
-  * @defgroup Maintenance Maintenance
-  */
- 
-+$DIR=getcwd();
-+
- $wgRequestTime = microtime(true);
- 
- /** */
-@@ -175,7 +177,7 @@
- 	if ( isset( $options['conf'] ) ) {
- 		$settingsFile = $options['conf'];
- 	} else {
--		$settingsFile = "$IP/LocalSettings.php";
-+		$settingsFile = "$DIR/LocalSettings.php";
- 	}
- 	if ( isset( $options['wiki'] ) ) {
- 		$bits = explode( '-', $options['wiki'] );
-@@ -201,7 +203,7 @@
- 
- 	$adminSettings = isset( $options['aconf'] )
- 		? $options['aconf']
--		: "{$IP}/AdminSettings.php";
-+		: "{$DIR}/AdminSettings.php";
- 	if( is_readable( $adminSettings ) )
- 		require_once( $adminSettings );
- 
---- mediawiki-1.15.0//maintenance/update.php.commoncode	2008-07-19 14:15:07.000000000 +0200
-+++ mediawiki-1.15.0//maintenance/update.php	2009-07-11 21:46:03.000000000 +0200
-@@ -10,6 +10,9 @@
-  * @ingroup Maintenance
-  */
- 
-+$DIR=getcwd();
-+chdir('/usr/share/mediawiki');
-+
- /** */
- $wgUseMasterForMaintenance = true;
- $options = array( 'quick', 'nopurge' );
---- mediawiki-1.15.0//config/index.php.commoncode	2009-05-08 07:51:15.000000000 +0200
-+++ mediawiki-1.15.0//config/index.php	2009-07-11 21:46:03.000000000 +0200
-@@ -19,6 +19,9 @@
- # 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- # http://www.gnu.org/copyleft/gpl.html
- 
-+$DIR=dirname( getcwd() );
-+chdir('/usr/share/mediawiki/config');
-+
- error_reporting( E_ALL );
- header( "Content-type: text/html; charset=utf-8" );
- @ini_set( "display_errors", true );
-@@ -27,7 +30,7 @@
- $wgRequestTime = microtime( true );
- 
- # Attempt to set up the include path, to fix problems with relative includes
--$IP = dirname( dirname( __FILE__ ) );
-+$IP = '/usr/share/mediawiki';
- define( 'MW_INSTALL_PATH', $IP );
- 
- # Define an entry point and include some files
-@@ -218,18 +221,18 @@
- 
- /* Check for existing configurations and bug out! */
- 
--if( file_exists( "../LocalSettings.php" ) ) {
-+if( file_exists( "$DIR/LocalSettings.php" ) ) {
- 	$script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php';
- 	dieout( "<p><strong>Setup has completed, <a href='../$script'>your wiki</a> is configured.</strong></p>
- 	<p>Please delete the /config directory for extra security.</p>" );
- }
- 
--if( file_exists( "./LocalSettings.php" ) ) {
-+if( file_exists( "$DIR/LocalSettings.php" ) ) {
- 	writeSuccessMessage();
- 	dieout( '' );
- }
- 
--if( !is_writable( "." ) ) {
-+if( !is_writable( $DIR . "/config" ) ) {
- 	dieout( "<h2>Can't write config file, aborting</h2>
- 
- 	<p>In order to configure the wiki you have to make the <tt>config</tt> subdirectory
-@@ -1213,7 +1216,7 @@
- 		$localSettings = "<" . "?php$endl$local";
- 		// Fix up a common line-ending problem (due to CVS on Windows)
- 		$localSettings = str_replace( "\r\n", "\n", $localSettings );
--		$f = fopen( "LocalSettings.php", 'xt' );
-+		$f = fopen( $DIR . "/config/LocalSettings.php", 'xt' );
- 
- 		if( $f == false ) {
- 			print( "</li>\n" );
-@@ -1776,7 +1779,7 @@
- if( defined( 'MW_INSTALL_PATH' ) ) {
- 	\$IP = MW_INSTALL_PATH;
- } else {
--	\$IP = dirname( __FILE__ );
-+	\$IP = '/usr/share/mediawiki';
- }
- 
- \$path = array( \$IP, \"\$IP/includes\", \"\$IP/languages\" );
---- mediawiki-1.15.0//index.php.commoncode	2009-03-20 13:00:38.000000000 +0100
-+++ mediawiki-1.15.0//index.php	2009-07-11 21:46:03.000000000 +0200
-@@ -36,9 +36,11 @@
-  * @file
-  */
- 
-+$DIR=getcwd();
-+chdir('/usr/share/mediawiki');
- 
- # Initialise common code
--$preIP = dirname( __FILE__ );
-+$preIP = '/usr/share/mediawiki';
- require_once( "$preIP/includes/WebStart.php" );
- 
- # Initialize MediaWiki base class
---- mediawiki-1.15.0//api.php.commoncode	2009-05-05 16:07:59.000000000 +0200
-+++ mediawiki-1.15.0//api.php	2009-07-11 21:46:03.000000000 +0200
-@@ -34,8 +34,11 @@
-  * in the URL.
-  */
- 
-+$DIR=getcwd();
-+chdir('/usr/share/mediawiki');
-+
- // Initialise common code
--require (dirname(__FILE__) . '/includes/WebStart.php');
-+require ('/usr/share/mediawiki' . '/includes/WebStart.php');
- 
- wfProfileIn('api.php');
- 
diff --git a/mediawiki-1.15.3-commoncode.patch b/mediawiki-1.15.3-commoncode.patch
new file mode 100644
index 0000000..a6bfedf
--- /dev/null
+++ b/mediawiki-1.15.3-commoncode.patch
@@ -0,0 +1,185 @@
+/usr/src/at/work/BUILD.flocki /usr/src/at/work/SRC/mediawiki
+--- mediawiki-1.15.3/includes/Setup.php.commoncode	2009-01-27 20:58:26.000000000 +0100
++++ mediawiki-1.15.3/includes/Setup.php	2010-04-07 18:42:58.396563698 +0200
+@@ -45,7 +45,7 @@
+ if( $wgLogo === false ) $wgLogo = "$wgStylePath/common/images/wiki.png";
+ 
+ if( $wgUploadPath === false ) $wgUploadPath = "$wgScriptPath/images";
+-if( $wgUploadDirectory === false ) $wgUploadDirectory = "$IP/images";
++if( $wgUploadDirectory === false ) $wgUploadDirectory = "$DIR/images";
+ 
+ if( $wgMathPath === false ) $wgMathPath = "{$wgUploadPath}/math";
+ if( $wgMathDirectory === false ) $wgMathDirectory = "{$wgUploadDirectory}/math";
+--- mediawiki-1.15.3/includes/WebStart.php.commoncode	2008-11-07 17:38:01.000000000 +0100
++++ mediawiki-1.15.3/includes/WebStart.php	2010-04-07 18:42:58.397562562 +0200
+@@ -103,14 +103,14 @@
+ 	# LocalSettings.php is the per site customization file. If it does not exit
+ 	# the wiki installer need to be launched or the generated file moved from
+ 	# ./config/ to ./
+-	if( !file_exists( "$IP/LocalSettings.php" ) ) {
++	if( !file_exists( "$DIR/LocalSettings.php" ) ) {
+ 		require_once( "$IP/includes/DefaultSettings.php" ); # used for printing the version
+ 		require_once( "$IP/includes/templates/NoLocalSettings.php" );
+ 		die();
+ 	}
+ 
+ 	# Include site settings. $IP may be changed (hopefully before the AutoLoader is invoked)
+-	require_once( "$IP/LocalSettings.php" );
++	require_once( "$DIR/LocalSettings.php" );
+ }
+ wfProfileOut( 'WebStart.php-conf' );
+ 
+--- mediawiki-1.15.3/includes/templates/NoLocalSettings.php.commoncode	2009-02-20 14:56:57.000000000 +0100
++++ mediawiki-1.15.3/includes/templates/NoLocalSettings.php	2010-04-07 18:42:58.397562562 +0200
+@@ -58,7 +58,7 @@
+ 		<h1>MediaWiki <?php echo htmlspecialchars( $wgVersion ) ?></h1>
+ 		<div class='error'>
+ 		<?php
+-		if ( file_exists( 'config/LocalSettings.php' ) ) {
++		if ( file_exists( $DIR . 'config/LocalSettings.php' ) ) {
+ 			echo( 'To complete the installation, move <tt>config/LocalSettings.php</tt> to the parent directory.' );
+ 		} else {
+ 			echo( "Please <a href=\"" . htmlspecialchars( $path ) . "config/index." . htmlspecialchars( $ext ) . "\" title='setup'> set up the wiki</a> first." );
+--- mediawiki-1.15.3/maintenance/archives/upgradeWatchlist.php.commoncode	2008-07-11 00:00:04.000000000 +0200
++++ mediawiki-1.15.3/maintenance/archives/upgradeWatchlist.php	2010-04-07 18:42:58.398561985 +0200
+@@ -15,7 +15,7 @@
+ # Convert watchlists to new format
+ 
+ global $IP;
+-require_once( "../LocalSettings.php" );
++require_once( "$DIR/LocalSettings.php" );
+ require_once( "$IP/Setup.php" );
+ 
+ $wgTitle = Title::newFromText( "Rebuild links script" );
+--- mediawiki-1.15.3/maintenance/commandLine.inc.commoncode	2009-02-23 13:37:33.000000000 +0100
++++ mediawiki-1.15.3/maintenance/commandLine.inc	2010-04-07 18:44:40.780312313 +0200
+@@ -6,6 +6,8 @@
+  * @defgroup Maintenance Maintenance
+  */
+ 
++if (! isset($DIR)) $DIR=getcwd();
++
+ $wgRequestTime = microtime(true);
+ 
+ /** */
+@@ -175,7 +177,7 @@
+ 	if ( isset( $options['conf'] ) ) {
+ 		$settingsFile = $options['conf'];
+ 	} else {
+-		$settingsFile = "$IP/LocalSettings.php";
++		$settingsFile = "$DIR/LocalSettings.php";
+ 	}
+ 	if ( isset( $options['wiki'] ) ) {
+ 		$bits = explode( '-', $options['wiki'] );
+@@ -201,7 +203,7 @@
+ 
+ 	$adminSettings = isset( $options['aconf'] )
+ 		? $options['aconf']
+-		: "{$IP}/AdminSettings.php";
++		: "{$DIR}/AdminSettings.php";
+ 	if( is_readable( $adminSettings ) )
+ 		require_once( $adminSettings );
+ 
+--- mediawiki-1.15.3/maintenance/update.php.commoncode	2008-07-19 14:15:07.000000000 +0200
++++ mediawiki-1.15.3/maintenance/update.php	2010-04-07 18:42:58.399562246 +0200
+@@ -10,6 +10,9 @@
+  * @ingroup Maintenance
+  */
+ 
++$DIR=getcwd();
++chdir('/usr/share/mediawiki');
++
+ /** */
+ $wgUseMasterForMaintenance = true;
+ $options = array( 'quick', 'nopurge' );
+--- mediawiki-1.15.3/config/index.php.commoncode	2009-05-08 07:51:15.000000000 +0200
++++ mediawiki-1.15.3/config/index.php	2010-04-07 18:42:58.402562471 +0200
+@@ -19,6 +19,9 @@
+ # 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ # http://www.gnu.org/copyleft/gpl.html
+ 
++$DIR=dirname( getcwd() );
++chdir('/usr/share/mediawiki/config');
++
+ error_reporting( E_ALL );
+ header( "Content-type: text/html; charset=utf-8" );
+ @ini_set( "display_errors", true );
+@@ -27,7 +30,7 @@
+ $wgRequestTime = microtime( true );
+ 
+ # Attempt to set up the include path, to fix problems with relative includes
+-$IP = dirname( dirname( __FILE__ ) );
++$IP = '/usr/share/mediawiki';
+ define( 'MW_INSTALL_PATH', $IP );
+ 
+ # Define an entry point and include some files
+@@ -218,18 +221,18 @@
+ 
+ /* Check for existing configurations and bug out! */
+ 
+-if( file_exists( "../LocalSettings.php" ) ) {
++if( file_exists( "$DIR/LocalSettings.php" ) ) {
+ 	$script = defined('MW_INSTALL_PHP5_EXT') ? 'index.php5' : 'index.php';
+ 	dieout( "<p><strong>Setup has completed, <a href='../$script'>your wiki</a> is configured.</strong></p>
+ 	<p>Please delete the /config directory for extra security.</p>" );
+ }
+ 
+-if( file_exists( "./LocalSettings.php" ) ) {
++if( file_exists( "$DIR/LocalSettings.php" ) ) {
+ 	writeSuccessMessage();
+ 	dieout( '' );
+ }
+ 
+-if( !is_writable( "." ) ) {
++if( !is_writable( $DIR . "/config" ) ) {
+ 	dieout( "<h2>Can't write config file, aborting</h2>
+ 
+ 	<p>In order to configure the wiki you have to make the <tt>config</tt> subdirectory
+@@ -1213,7 +1216,7 @@
+ 		$localSettings = "<" . "?php$endl$local";
+ 		// Fix up a common line-ending problem (due to CVS on Windows)
+ 		$localSettings = str_replace( "\r\n", "\n", $localSettings );
+-		$f = fopen( "LocalSettings.php", 'xt' );
++		$f = fopen( $DIR . "/config/LocalSettings.php", 'xt' );
+ 
+ 		if( $f == false ) {
+ 			print( "</li>\n" );
+@@ -1776,7 +1779,7 @@
+ if( defined( 'MW_INSTALL_PATH' ) ) {
+ 	\$IP = MW_INSTALL_PATH;
+ } else {
+-	\$IP = dirname( __FILE__ );
++	\$IP = '/usr/share/mediawiki';
+ }
+ 
+ \$path = array( \$IP, \"\$IP/includes\", \"\$IP/languages\" );
+--- mediawiki-1.15.3/index.php.commoncode	2009-03-20 13:00:38.000000000 +0100
++++ mediawiki-1.15.3/index.php	2010-04-07 18:42:58.402562471 +0200
+@@ -36,9 +36,11 @@
+  * @file
+  */
+ 
++$DIR=getcwd();
++chdir('/usr/share/mediawiki');
+ 
+ # Initialise common code
+-$preIP = dirname( __FILE__ );
++$preIP = '/usr/share/mediawiki';
+ require_once( "$preIP/includes/WebStart.php" );
+ 
+ # Initialize MediaWiki base class
+--- mediawiki-1.15.3/api.php.commoncode	2009-05-05 16:07:59.000000000 +0200
++++ mediawiki-1.15.3/api.php	2010-04-07 18:42:58.403562173 +0200
+@@ -34,8 +34,11 @@
+  * in the URL.
+  */
+ 
++$DIR=getcwd();
++chdir('/usr/share/mediawiki');
++
+ // Initialise common code
+-require (dirname(__FILE__) . '/includes/WebStart.php');
++require ('/usr/share/mediawiki' . '/includes/WebStart.php');
+ 
+ wfProfileIn('api.php');
+ 
diff --git a/mediawiki.spec b/mediawiki.spec
index ffbe6bf..b0e9d49 100644
--- a/mediawiki.spec
+++ b/mediawiki.spec
@@ -1,7 +1,7 @@
 Summary: A wiki engine
 Name: mediawiki
-Version: 1.15.2
-Release: 51%{?dist}
+Version: 1.15.3
+Release: 52%{?dist}
 License: GPLv2+
 Group: Development/Tools
 URL: http://www.mediawiki.org/
@@ -127,8 +127,12 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Wed Apr  7 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.3-52
+- Update to 1.15.3 (Fixes login CSRF vulnerability).
+
 * Wed Mar 31 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.2-51
-- Update to 1.15.2.
+- Update to 1.15.2 (Fixes CSS validation issue and data leakage
+  vulnerability).
 
 * Fri Jul 24 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 1.15.1-50
 - Add a README.RPM and a sample apache mediawiki.conf file.
diff --git a/sources b/sources
index a217f58..93b8531 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-fa5f7d22133068e5c9760a3777004293  mediawiki-1.15.2.tar.gz
+6bf89504a3192d4641de5404d39ac50a  mediawiki-1.15.3.tar.gz