Oops, this should have landed before the release.
Change-Id: Ied53880771367e2338370cc72996a64445203ecd
(cherry picked from commit 7cfef131a4f74bc9fdf1f956f2dc09aa4aa3d8e3)
Service is no longer running, so it's a default that doesn't do anything
Bug: T382987
Change-Id: I3a21c12ba689928d38e410cbe2547ab7e616ac8a
(cherry picked from commit 4a6fac8b7dadfdffe6e0e239b8a551436e147d97)
MWCryptHKDF was added ten years ago (in af66c04d39), and as far as
I can tell, it was never used anywhere. It seems unlikely that CryptHKDF
will be used in the future, at least in its current form, for several
reasons:
* PHP 7.1.2+ has hash_hkdf(), so HKDF() would not be needed.
* At the time MWCryptHKDF was created, access to a CSPRNG was dependent
on server configuration: operating system, enabled PHP extensions,
open_basedir, etc. The "clock drift" RNG used as a last resort was not
considered to be secure or fast enough for generating large amounts of
output.[1] random_bytes(), added in PHP 7, changed the situation.
* Depleting the input pool of Linux's RNG is no longer a concern; there
is no more blocking output pool for /dev/random.[2][3] In 2022, this
change and others, including some that improved performance,[4] were
backported to stable kernels as old as 4.9.[5]
* $wgAuthenticationTokenVersion obviated the primary use case of
quickly resetting the user_token field for all users, assuming all
the existing tokens are unique.
* CryptHKDF seems to perform much slower than random_bytes(), at least
on Linux, making it pointless to use given that the other reasons for
its existence no longer apply.
[1]: https://bots.wmflabs.org/logs/%23mediawiki-core/20161004.txt
[2]: https://lwn.net/Articles/808575/
[3]: https://lore.kernel.org/all/cover.1577088521.git.luto@kernel.org/
[4]: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
[5]: https://lore.kernel.org/all/Yo3pmh9hiUFtQz77@zx2c4.com/T/
Change-Id: I29136fad826341d21728671aa30285d5551f1162
Hard deprecated since MW 1.37, cannot be found in Codesearch, even with "Everything" selected.
Bug: T362636
Change-Id: Ie2e09d55a464f72e2fe9a01113629aafc38f2ce9
- Make si_page primary key
- Allow si_title to be larger
- Switch from utf8 to utf8mb4
- Remove default of empty string for titles
Sqlite is not migrated, as it has it's own overrides
Postgres is migrated, but is not in actual use
This is mostly from I273e3a7715abf97d2889904642c7c375e76de4f6
Bug: T249976
Bug: T231827
Change-Id: I12adff3e6ca6a9986ff207bef16272195c3a6a48
(cherry picked from commit a2ba7ee14d6b38a5e89bcc63c3bd0ca8b5107702)
Follow up to I4c249acb1fcd0848428c99b8d3badebbc38b5dac
to note that previously soft deprecated methods now emit
warnings.
Bug: T377521
Change-Id: Ia02cad71d2274cecc7ad39ca9e2e94c149360213
Methods were deprecated in 1.39 and the majority of skins are now
updated. This change means that skins can no longer override the rendering
of the HEAD element meaning extensions can rely on ResourceLoader support,
and hooks that modify the HEAD element indirectly
The new Skin::outputPageFinal method is adding to honor the existing
outputPage method that is stable to override but to prevent extending skin classes
from generating HTML which does not include HTML generated by hooks e.g.
ResourceLoader internals. This new method is for
internal usage by OutputPage only for this reason.
This keeps all HTML generation inside
the Skin class (e.g. preserves the status quo) until we can work out better
boundaries between Skin and OutputPage.
Bug: T306942
Change-Id: Ib023ef3335bb72306a01230b6cd1169dc7652588
(cherry picked from commit c7656257159a3d85422f4558f5add6df1564f3c3)
In a future release this will return an array, not a reference to the
internal array, to maintain abstraction and allow for representation
changes internal to ParserOutput.
This patch just add deprecation notices to the class and to the
release notes.
Change-Id: Ie3a3f98402c5a5a3a92326d7736c0df874829a6b
