Page MenuHomePhabricator
Create Task
Maniphest T128695

Block::updateTimestamp() updates expiry of all blocks for the IP
Closed, ResolvedPublic
Actions

Description

If a wiki hasn't seen enough traffic that Block::purgeExpired() is called, it's possible that there are expired blocks plus autoblocks, and when those autoblocks are extended, the expired block will get extended as well.

Details

SubjectRepoBranchLines +/-
Use ipb_id when updating expiry in Block::updateTimestamp()mediawiki/coreREL1_26+1 -1
Use ipb_id when updating expiry in Block::updateTimestamp()mediawiki/coreREL1_23+1 -1
Use ipb_id when updating expiry in Block::updateTimestamp()mediawiki/coremaster+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Legoktm created this task.Mar 3 2016, 2:45 AM
gerritbot added a subscriber: gerritbot.Mar 3 2016, 2:49 AM

Change 274623 had a related patch set uploaded (by Legoktm):
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/274623

gerritbot added a project: Patch-For-Review.Mar 3 2016, 2:49 AM
gerritbot added a comment.Mar 10 2016, 5:42 PM

Change 274623 merged by jenkins-bot:
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/274623

ReleaseTaggerBot added projects: MW-1.27-release-notes, MW-1.27-release (WMF-deploy-2016-03-15_(1.27.0-wmf.17)).Mar 14 2016, 9:02 PM
Legoktm closed this task as Resolved.Mar 14 2016, 10:07 PM
Bawolff mentioned this in T128481: Local block of 114.93.135.192 not expiring on betawikiversity.Apr 22 2016, 3:17 PM
Bawolff added subscribers: csteipp, demon, Bawolff.Apr 22 2016, 8:38 PM
In T128481#2231148, @Legoktm wrote:

we should probably get T128695 backported into the security release?

Maybe. Its not an exploit us bug, and it might be too late for the current release. Ill mark it blocking the release bug and let @demon and @csteipp decide

Bawolff added a parent task: T124940: MediaWiki 1.26.3 security release.Apr 22 2016, 8:47 PM
dpatrick mentioned this in T133070: MediaWiki 1.27.1 security release.Jul 8 2016, 10:31 PM
dpatrick added a parent task: T133070: MediaWiki 1.27.1 security release.
gerritbot added a comment.Aug 10 2016, 9:08 PM

Change 304114 had a related patch set uploaded (by Chad):
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/304114

gerritbot added a comment.Aug 10 2016, 9:09 PM

Change 304115 had a related patch set uploaded (by Chad):
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/304115

demon added a comment.Aug 10 2016, 9:09 PM

Went ahead and just backported to REL1_23 and REL1_25 so they get caught up in the next release.

demon removed a parent task: T133070: MediaWiki 1.27.1 security release.Aug 10 2016, 9:14 PM
gerritbot added a comment.Aug 11 2016, 12:04 AM

Change 304115 merged by jenkins-bot:
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/304115

gerritbot added a comment.Aug 11 2016, 12:06 AM

Change 304114 merged by jenkins-bot:
Use ipb_id when updating expiry in Block::updateTimestamp()

https://gerrit.wikimedia.org/r/304114

ReleaseTaggerBot added projects: MW-1.23-release, MW-1.26-release.Aug 11 2016, 1:00 AM
Samuele2002 added a subtask: T257393: Local block of 180.214.232.49 not expiring on outreach.wikimedia.Jul 8 2020, 12:51 AM
Reedy closed subtask T257393: Local block of 180.214.232.49 not expiring on outreach.wikimedia as Resolved.Jul 8 2020, 4:12 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:40 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL