Hi Jean-Louis, Note that the mediawiki package is handled by the LTS team. It is not incorrect to discuss issues like this on debian-user, but a better place is the debian-lts list. Many LTS users and all of the LTS maintainers monitor that list.
As to your specific issue ... On Mon, Sep 28, 2020 at 11:55:04AM +0200, MAS Jean-Louis wrote: > Hi, > > mediawiki package has been updated recently for security update in > stretch : old-sec: 1:1.27.7-1~deb9u4 > > But all our mediawiki servers failed with a blank page > > we have this error > > Exception encountered, of type "ParseError" > [fdd9f60bf17425482b88d0fa] / ParseError from line 1813 of > /usr/share/mediawiki/includes/user/User.php: syntax error, unexpected > 'else' (T_ELSE) > I am the one who prepared the 1:1.27.7-1~deb9u4 update. Shortly after publishing it the maintainer contacted me to inform me that I had introduced this bug into the package as a result of a defective patch. > > Doing a rough mitigation by commenting one of the 'else' function in > line 1813 of /usr/share/mediawiki/includes/user/User.php revert our > wikis to a normal state. > That is the correct mitigation for the regression. > Is there a way to see which part of code has been modified in this > particular security fix, in order to understand if there is a bug or > it's just a local misconfiguration ? > This is definitely a newly introduced defect. I am in the process of preparing an update to correct this. It should be available later on today (US/Eastern time). Regards, -Roberto -- Roberto C. Sánchez
