Hi, the planned security update for mediawiki/1.12.0-2lenny5 will break libmediawiki-perl: the Perl module will no longer be able to log in [1]. I prepared a patch for this problem (attached).
I tested the modified version and it is able to log in to both the new and old version of mediawiki: it only uses the login token if required. See the bug report for a simple script to test this. Please tell us when we should go ahead and upload the package or when you need more information. Regards, Ansgar [1] <http://bugs.debian.org/578691>
diff -u libmediawiki-perl-1.13/debian/changelog libmediawiki-perl-1.13/debian/changelog --- libmediawiki-perl-1.13/debian/changelog +++ libmediawiki-perl-1.13/debian/changelog @@ -1,3 +1,12 @@ +libmediawiki-perl (1.13-1+lenny1) stable-security; urgency=high + + * Add support for login token. (Closes: #578691) + * Use quilt to manage patches. + * Remove David Paleino from Uploaders (as in 1.13-1.1). + * Add myself to Uploaders. + + -- Ansgar Burchardt <ans...@43-1.org> Tue, 27 Apr 2010 20:17:57 +0900 + libmediawiki-perl (1.13-1) unstable; urgency=low * New upstream release diff -u libmediawiki-perl-1.13/debian/rules libmediawiki-perl-1.13/debian/rules --- libmediawiki-perl-1.13/debian/rules +++ libmediawiki-perl-1.13/debian/rules @@ -11,6 +11,8 @@ # always return the default without waiting for user input. export PERL_MM_USE_DEFAULT=1 +include /usr/share/quilt/quilt.make + PACKAGE=$(shell dh_listpackages) ifndef PERL @@ -20,7 +22,7 @@ TMP =$(CURDIR)/debian/$(PACKAGE) build: build-stamp -build-stamp: +build-stamp: $(QUILT_STAMPFN) dh_testdir $(PERL) Makefile.PL \ @@ -39,7 +41,7 @@ touch $@ -clean: +clean: unpatch dh_testdir dh_testroot dh_clean build-stamp install-stamp diff -u libmediawiki-perl-1.13/debian/control libmediawiki-perl-1.13/debian/control --- libmediawiki-perl-1.13/debian/control +++ libmediawiki-perl-1.13/debian/control @@ -1,12 +1,12 @@ Source: libmediawiki-perl Section: perl Priority: optional -Build-Depends: debhelper (>= 5.0.0) +Build-Depends: debhelper (>= 5.0.0), quilt (>= 0.45-1) Build-Depends-Indep: perl (>= 5.8.8-7), libwww-perl, libconfig-inihash-perl, libtest-pod-perl, libtest-pod-coverage-perl Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Uploaders: Michael Mende <deb...@menole.net>, - David Paleino <d.pale...@gmail.com>, + Ansgar Burchardt <ans...@43-1.org>, Damyan Ivanov <d...@debian.org>, Gunnar Wolf <gw...@debian.org> Standards-Version: 3.7.3 only in patch2: unchanged: --- libmediawiki-perl-1.13.orig/debian/patches/login-token.patch +++ libmediawiki-perl-1.13/debian/patches/login-token.patch @@ -0,0 +1,27 @@ +From: Ansgar Burchardt <ans...@43-1.org> +Date: Mon, 26 Apr 2010 14:58:48 +0900 +Origin: vendor +Bug-Debian: http://bugs.debian.org/578691 +Subject: Support login token + +--- libmediawiki-perl-1.13-1.orig/lib/MediaWiki.pm ++++ libmediawiki-perl-1.13-1/lib/MediaWiki.pm +@@ -207,10 +207,17 @@ + return 1; + } + ++ # get login token ++ my $res = $mw->{ua}->request(GET $mw->{index} . "?title=Special:Userlogin"); ++ return $mw->error(ERR_LOGIN_FAILED) unless $res->is_success; ++ ++ my $token; ++ $token = $1 if $res->content() =~ /input type=['"]hidden['"] name=['"]wpLoginToken['"] value=['"]([a-fA-F0-9]+)['"]/i; ++ + my $res = $mw->{ua}->request( + POST $mw->{index} . "?title=Special:Userlogin&action=submitlogin", + Content_Type => 'application/x-www-form-urlencoded', +- Content => [ ( 'wpName' => $user, 'wpPassword' => $pass, 'wpLoginattempt' => 'Log in' ) ] ++ Content => [ ( 'wpName' => $user, 'wpPassword' => $pass, 'wpLoginattempt' => 'Log in' ), defined $token ? (wpLoginToken => $token) : () ] + ); + if($res->code == 302 || $res->header("Set-Cookie")) + { only in patch2: unchanged: --- libmediawiki-perl-1.13.orig/debian/patches/series +++ libmediawiki-perl-1.13/debian/patches/series @@ -0,0 +1 @@ +login-token.patch
pgpxGD6vczWyj.pgp
Description: PGP signature
