Context Navigation

← Previous Ticket
Next Ticket →

Ticket #536 (closed maintenance: fixed)

Opened 4 years ago

Last modified 4 years ago

Upgrade Mediawiki to 1.19.6

Reported by:	chris	Owned by:	chris
Priority:	major	Milestone:	Maintenance
Component:	Mediawiki	Keywords:
Cc:	ed	Estimated Number of Hours:	0.25
Add Hours to Ticket:	0	Billable?:	yes
Total Hours:	0.25

Description

A new version of Mediawiki is due out tomorrow:

This is a notice that on Tuesday, April 30th between 20:00-21:00 UTC
(1-2pm PDT) Wikimedia Foundation will release security updates for
current and supported branches of the MediaWiki software. Downloads
and patches will be available at that time, with the git repositories
updated later that afternoon.

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000128.html

The upgrade should simply be a matter of following the steps taken last time, see ticket:532#comment:2

Change History

comment:1 Changed 4 years ago by chris

The new version is out:

I would like to announce the release of MediaWiki 1.20.5 and 1.19.6.
These releases fix 2 security related issues that could affect users
of MediaWiki. Download links are given at the end of this email.

* Jan Schejbal / Hatforce.com reported that SVG script filtering could
be bypassed for Chrome and Firefox clients by using an encoding that
MediaWiki understood, but these browsers interpreted as UTF-8.
https://bugzilla.wikimedia.org/show_bug.cgi?id=47304

* Internal review discovered that extensions were not given the
opportunity to disable a password reset, which could lead to
circumvention of two-factor authentication.
https://bugzilla.wikimedia.org/show_bug.cgi?id=46590

Full release notes for 1.19.6:
https://www.mediawiki.org/wiki/Release_notes/1.19

http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html

comment:2 Changed 4 years ago by chris

Add Hours to Ticket changed from 0.0 to 0.25
Status changed from new to closed
Resolution set to fixed
Total Hours changed from 0.0 to 0.25

sudo -i
cd /web/wiki.transitionnetwork.org
wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz
wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.6.tar.gz.sig
gpg --verify mediawiki-1.19.6.tar.gz.sig 
 gpg: Signature made Wed May  1 20:07:46 2013 BST using DSA key ID 62D84F01
 gpg: Good signature from "Chris Steipp <csteipp@wikimedia.org>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
 Primary key fingerprint: 1624 32D9 E81C 1C61 8B30  1EEC EE1F 6634 62D8 4F01
tar -zxvf mediawiki-1.19.6.tar.gz 
rsync -av mediawiki-1.19.6/ www/ 
chown root:root -R www/
chown -R www-data:www-data www/cache
chown -R www-data:www-data www/images
cd www/maintenance/
php update.php

The version was then checked at https://wiki.transitionnetwork.org/Special:Version

And the documentation was updated wiki:PenguinServer#wiki.transitionnetwork.org

comment:3 Changed 4 years ago by chris

Milestone set to Maintenance

Note: See TracTickets for help on using tickets.

Download in other formats: