Upgrade Semantic extensions

RESOLVED FIXED in 2015-Q1

Status

Websites
wiki.mozilla.org
--
major
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: GPHemsley, Assigned: jd)

Tracking

Production
2015-Q1
All
Linux
Dependency tree / graph

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15])

(Reporter)

Description

3 years ago
A lot of our existing sec bugs are due to problems in the Semantic extensions. However, we don't appear to be running the latest versions of them.

* Semantic MediaWiki
  https://semantic-mediawiki.org/
* Semantic Forms
  https://www.mediawiki.org/wiki/Extension:Semantic_Forms
* Semantic Watchlist
  https://www.mediawiki.org/wiki/Extension:Semantic_Watchlist
* SMWAskAPI
  http://sourceforge.net/projects/smwaskapi/

It's possible that upgrading them would eliminate some of our sec bugs.

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1592]

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1592] → [kanban:https://kanbanize.com/ctrl_board/4/1593]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16]
Target Milestone: --- → 2014-Q4
Assignee: nobody → gphemsley
(Reporter)

Comment 1

3 years ago
This is something webops has to do.
Assignee: gphemsley → nobody
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23]
(Reporter)

Updated

3 years ago
Blocks: 801027
(Reporter)

Updated

3 years ago
Blocks: 801638

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30]
(Reporter)

Comment 3

3 years ago
Hey C, can you elaborate on what pushed this out?
Flags: needinfo?(cliang)

Comment 4

3 years ago
Too many things on the plate to get it done last week.  Doing an import of the DB into dev takes roughly 30 minutes and, during that time, we can't do anything *else* to dev.
Flags: needinfo?(cliang)
(Assignee)

Comment 5

3 years ago
I have upgraded these in dev. We get these from:
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
and the version 2.0 for SemanticMediawiki is not there yet so I have set it to track the 1.9.x branch.

The versions are set as follows:
Semantic MediaWiki
1.9.x
Semantic_Forms
2.8
Semantic Watchlist
0.2.2

nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks the site.
Assignee: nobody → jcrowe
(Reporter)

Comment 6

3 years ago
(In reply to C. Liang [:cyliang] from comment #4)
> Too many things on the plate to get it done last week.  Doing an import of
> the DB into dev takes roughly 30 minutes and, during that time, we can't do
> anything *else* to dev.

That's cool. I'm just an idiot and didn't notice you were pushing out from last week rather than from this week.

(In reply to Jason Crowe [:jd] from comment #5)
> nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> the site.

Can you elaborate as to why? By design, that's not supposed to happen.
(Reporter)

Updated

3 years ago
Flags: needinfo?(jcrowe)
(Assignee)

Comment 7

3 years ago
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #6)
> > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> > the site.
> 
> Can you elaborate as to why? By design, that's not supposed to happen.

Unfortunately I did not save the error message, however when I set it to track HEAD the site would not load and had an error. If you want the error I can change it to track HEAD and collect the actual error.

Let me know
Flags: needinfo?(jcrowe)
(Reporter)

Comment 8

3 years ago
(In reply to Jason Crowe [:jd] from comment #7)
> (In reply to Gordon P. Hemsley [:GPHemsley] from comment #6)
> > > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> > > the site.
> > 
> > Can you elaborate as to why? By design, that's not supposed to happen.
> 
> Unfortunately I did not save the error message, however when I set it to
> track HEAD the site would not load and had an error. If you want the error I
> can change it to track HEAD and collect the actual error.
> 
> Let me know

Sure, might as well. It's only dev. :)
(In reply to Jason Crowe [:jd] from comment #5)
> I have upgraded these in dev. We get these from:
> https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> to track the 1.9.x branch.

Why the source listed above for SemanticMediaWiki and not this one, which is listed by maintainers as canonical?
https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0

I can't quite tell what's supposed to be at the gerrit.wikimedia.org link since no results are listed.
(Assignee)

Comment 10

3 years ago
(In reply to Christie Koehler [:ckoehler] from comment #9)
> (In reply to Jason Crowe [:jd] from comment #5)
> > I have upgraded these in dev. We get these from:
> > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> > and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> > to track the 1.9.x branch.
> 
> Why the source listed above for SemanticMediaWiki and not this one, which is
> listed by maintainers as canonical?
> https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0
> 
> I can't quite tell what's supposed to be at the gerrit.wikimedia.org link
> since no results are listed.

Beats me. I am happy to switch them to something else if you like. As long as it is git based and web accessible. Just give me the URLs you want me to use and I will switch things around.
(Reporter)

Comment 11

3 years ago
(In reply to Jason Crowe [:jd] from comment #10)
> (In reply to Christie Koehler [:ckoehler] from comment #9)
> > (In reply to Jason Crowe [:jd] from comment #5)
> > > I have upgraded these in dev. We get these from:
> > > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> > > and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> > > to track the 1.9.x branch.
> > 
> > Why the source listed above for SemanticMediaWiki and not this one, which is
> > listed by maintainers as canonical?
> > https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0
> > 
> > I can't quite tell what's supposed to be at the gerrit.wikimedia.org link
> > since no results are listed.
> 
> Beats me. I am happy to switch them to something else if you like. As long
> as it is git based and web accessible. Just give me the URLs you want me to
> use and I will switch things around.

Indeed, Gerrit is Wikimedia's code review tool. I don't think it is intended to be the canonical repository for anything.

This SHOULD be where it's safe to pull from:
https://git.wikimedia.org/log/mediawiki%2Fextensions%2FSemanticMediaWiki.git/refs%2Fheads%2FREL1_23

However, it seems SMW has decided to buck the trend and live outside the MediaWiki ecosystem. I think the GitHub link that Christie provided is the latest available. Nevertheless, proceed with caution.
(Assignee)

Comment 12

3 years ago
For reference, this query is necessary for this update:
ALTER TABLE swl_groups ADD COLUMN group_custom_texts BLOB NULL;

As noted here:
http://www.mediawiki.org/wiki/Extension:Semantic_Watchlist#Updating_from_version_0.1
(Reporter)

Updated

3 years ago
Blocks: 928470
(Reporter)

Updated

3 years ago
Blocks: 928466
(Reporter)

Comment 13

3 years ago
FWIW, I just discovered Semantic Bundle, which packages all these related extensions (and more?) together:

https://www.mediawiki.org/wiki/Semantic_Bundle

Regardless, we should push whatever we can through the pipeline ASAP. If we can't get SMW updated to the latest version, we should file a separate bug for it and follow up later.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13]
(Assignee)

Comment 14

3 years ago
I pulled it in from the github location. I am hoping to get some time tomorrow to hopefully finish the dev site restructuring and once that works this will follow.
(Reporter)

Comment 15

3 years ago
(In reply to Jason Crowe [:jd] from comment #14)
> I pulled it in from the github location. I am hoping to get some time
> tomorrow to hopefully finish the dev site restructuring and once that works
> this will follow.

Good to know, especially because I just noticed that roughly half of our (known) security bugs will be fixed by these upgrades.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20]
This is pending JDs re-work of deployment configuration. Rescheduling for next week.
(Assignee)

Comment 17

3 years ago
This is wrapped up in the new deployment model and is going out as part of that deployment process.

Dev is already updated. If all goes well stage will be updated tomorrow with prod to follow in one week.
Depends on: 1118972, 1118973, 1118976
(Reporter)

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]]
(Reporter)

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]]
(Reporter)

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]

Updated

3 years ago
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15] → [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]
(Reporter)

Updated

3 years ago
Depends on: 1118970
(Assignee)

Comment 18

3 years ago
This has been deployed to production.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: 2014-Q4 → 2015-Q1
(Reporter)

Updated

3 years ago
Group: websites-security
You need to log in before you can comment on or make changes to this bug.