Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Tue Nov 4 17:19:00 UTC 2014
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org at packages.debian.org
Usertags: pu
Summary of the updates:
-Fixing some CVEs (with patches)
-Link with -lX11 because some detection code in hostinfo_unix.cpp uses it
(were used to, now the package in jessie uses a different approach)
cfr various bugs such as 721298 and others
-remove app-examples cgi-stripchart and server-maker useful only with server
but we want to throw out server maker from any stable/testing release
(until we will consider it stable enough to be included).
If somebody wants it he is encouraged to use experimental.
-Bump policy and remove DMUA, I know they aren't in this scope, but they were
already committed into git (and I didn't revert, bad me)
Honestly most of the patches are server-side patches, but some library changes
might affect clients aswell, so I prefer to keep them even if we don't ship
the server anymore, because xml parsing is done also for the local
configuration file, and it can (how?) possibly be attached from someone
having access to the machine (I don't want to investigate, fixing the
input reading looks always a sane thing)
Following the debdiff.
diff -Nru boinc-7.0.27+dfsg/debian/changelog boinc-7.0.27+dfsg/debian/changelog
--- boinc-7.0.27+dfsg/debian/changelog 2012-06-25 11:13:12.000000000 +0200
+++ boinc-7.0.27+dfsg/debian/changelog 2014-11-04 14:32:40.000000000 +0100
@@ -1,3 +1,22 @@
+boinc (7.0.27+dfsg-5+deb7u1) stable-proposed-updates; urgency=low
+
+ [ Guo Yixuan ]
+ * Removed the deprecated DMUA field from debian/control.
+ * Bump policy version to 3.9.4, and use branch in Vcs-Git.
+ * Tried to fix CVE-2013-2298 and CVE-2013-2018.
+ * Added libx11-dev to build-deps. (It's used directly in
+ client/hostinfo_unix.cpp.)
+ * link_with_gold.patch: patched configure.ac to add -lX11 for linking client
+ with ld.gold.
+
+ [ Gianfranco Costamagna ]
+ * d/{rules,control} remove boinc-server-maker, boinc-cgi-stripchart, and
+ boinc-app-examples binaries due to security problems and not usable
+ (cfr CVE-2013-2018, 706488).
+ * d/patches/CVE-2013-7386.patch fix CVE-2013-7386.
+
+ -- Guo Yixuan <culu.gyx at gmail.com> Tue, 04 Nov 2014 14:32:25 +0100
+
boinc (7.0.27+dfsg-5) unstable; urgency=low
* debian/rules: use dpkg-buildflags to get default flags.
diff -Nru boinc-7.0.27+dfsg/debian/control boinc-7.0.27+dfsg/debian/control
--- boinc-7.0.27+dfsg/debian/control 2012-06-25 11:32:19.000000000 +0200
+++ boinc-7.0.27+dfsg/debian/control 2014-11-04 14:27:08.000000000 +0100
@@ -6,8 +6,7 @@
Rene Mayorga <rmayorga at debian.org>,
Daniel Hahler <ubuntu at thequod.de>,
Guo Yixuan <culu.gyx at gmail.com>
-DM-Upload-Allowed: yes
-Standards-Version: 3.9.3
+Standards-Version: 3.9.4
Build-Depends: debhelper (>= 7.0.50~), po-debconf, dh-buildinfo, pkg-config (>= 0.15),
dpkg-dev (>= 1.16.1.1),
libtool, autoconf (>= 2.59), autotools-dev, automake1.9 (>= 1.9.3), gettext,
@@ -17,9 +16,9 @@
freeglut3-dev, libwxgtk2.8-dev, libgtk2.0-dev,
libsqlite3-dev, libmysqlclient-dev, python, libfcgi-dev, libjpeg-dev,
libxcb-util0-dev,
- libxss-dev
+ libx11-dev, libxss-dev
Homepage: http://boinc.berkeley.edu/
-Vcs-Git: git://git.debian.org/git/pkg-boinc/boinc.git
+Vcs-Git: git://git.debian.org/git/pkg-boinc/boinc.git -b wheezy
Vcs-Browser: http://git.debian.org/?p=pkg-boinc/boinc.git
@@ -150,51 +149,6 @@
infrastructure.
-Package: boinc-server-maker
-Architecture: any
-Provides: boinc-server
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends},
- python-support, python, python-mysqldb,
- mysql-server-5.0 | virtual-mysql-server, apache2 | httpd-cgi,
- php5, php5-cli, php5-mysql,
- tcsh, openssl (>= 0.9.8), adduser, libfcgi0ldbl
-Recommends: libapache2-mod-php5, php5-gd, uuid-runtime,
- boinc-cgi-stripchart
-Suggests: boinc-app-examples
-Description: BOINC server applications and data files
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources. For every scientific problem its own distinct project-server
- must be provided. The users only run a common client with project-specific
- additions (if not self-compiled or available as a Linux distribution's
- package itself) being downloaded from the server.
- .
- This package contains the daemons and tools to create and run BOINC
- projects.
-
-
-Package: boinc-app-examples
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: boinc-server-maker
-Description: example binaries for BOINC servers
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources. For every scientific problem its own distinct project-server
- must be provided. The users only run a common client with project-specific
- additions (if not self-compiled or available as a Linux distribution's
- package itself) being downloaded from the server.
- .
- This package extends the boinc-server-maker package. It features a
- series of small applications that a newly installed environment may
- decide to use for testing purposes. Having them separated has the neat
- side effect that thosee binaries may be retrieved more easily for foreign
- platforms to feed the local servers with.
- .
- The package also features the wrapper application, which is likely
- to find its audience also in real projects.
-
-
Package: boinc-dbg
Section: debug
Priority: extra
@@ -212,17 +166,3 @@
core dumps.
-Package: boinc-cgi-stripchart
-Section: libs
-Priority: extra
-Architecture: all
-Depends: ${misc:Depends}, gnuplot-nox, perl
-Recommends: apache2|httpd-cgi
-Description: CGI script for plotting basic statistical graphs
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources.
- .
- The BOINC developers have found their charting library to be of
- interest for a larger audience. It is isolated in the BOINC source
- tree and thus presented as a separate package.
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-1-SQL-injections.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-1-SQL-injections.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-1-SQL-injections.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-1-SQL-injections.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,48 @@
+From 3ced18ddaaea5e03d2cc70f8cce5ab214b4d5635 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 11 Mar 2013 00:02:16 -0700
+Subject: [PATCH] - client: don't show cache size in startup messages.
+
+---
+ db/boinc_db.cpp | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/db/boinc_db.cpp b/db/boinc_db.cpp
+index 48aecfa..116c78e 100644
+--- a/db/boinc_db.cpp
++++ b/db/boinc_db.cpp
+@@ -1026,6 +1026,7 @@ void DB_RESULT::db_parse(MYSQL_ROW &r) {
+
+ void DB_MSG_FROM_HOST::db_print(char* buf) {
+ ESCAPE(xml);
++ ESCAPE(variety);
+ sprintf(buf,
+ "create_time=%d, "
+ "hostid=%d, variety='%s', "
+@@ -1037,6 +1038,7 @@ void DB_MSG_FROM_HOST::db_print(char* buf) {
+
+ );
+ UNESCAPE(xml);
++ UNESCAPE(variety);
+ }
+
+ void DB_MSG_FROM_HOST::db_parse(MYSQL_ROW& r) {
+@@ -1052,6 +1054,7 @@ void DB_MSG_FROM_HOST::db_parse(MYSQL_ROW& r) {
+
+ void DB_MSG_TO_HOST::db_print(char* buf) {
+ ESCAPE(xml);
++ ESCAPE(variety);
+ sprintf(buf,
+ "create_time=%d, "
+ "hostid=%d, variety='%s', "
+@@ -1061,6 +1064,7 @@ void DB_MSG_TO_HOST::db_print(char* buf) {
+ handled, xml
+ );
+ UNESCAPE(xml);
++ UNESCAPE(variety);
+ }
+
+ void DB_MSG_TO_HOST::db_parse(MYSQL_ROW& r) {
+--
+1.8.3.1
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-2-SQL-injections.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-2-SQL-injections.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-2-SQL-injections.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-2-SQL-injections.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,107 @@
+From e8d6c33fe158129a5616e18eb84a7a9d44aca15f Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 7 Jan 2013 19:40:20 -0800
+Subject: [PATCH] - user web: fix security vulnerabilities
+
+---
+ html/inc/bossa.inc | 1 +
+ html/user/submit.php | 1 +
+ html/user/submit_rpc_handler.php | 2 ++
+ html/user/team_admins.php | 1 +
+ html/user/team_search.php | 8 +++++---
+ 6 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/html/inc/bossa.inc b/html/inc/bossa.inc
+index 2dfef55..625ca52 100644
+--- a/html/inc/bossa.inc
++++ b/html/inc/bossa.inc
+@@ -45,6 +45,7 @@ function bossa_batch_create($appid, $name, $calibration) {
+ }
+
+ function bossa_app_lookup($name) {
++ $name = BoincDb::escape_string($name);
+ $app = BossaApp::lookup("short_name='$name'");
+ if (!$app) return 0;
+ return $app->id;
+#diff --git a/html/user/submit.php b/html/user/submit.php
+#index ebaf385..4d8d7c5 100644
+#--- a/html/user/submit.php
+#+++ b/html/user/submit.php
+#@@ -196,6 +196,7 @@ function handle_main($user) {
+# ";
+# $x = "";
+# foreach ($submit_urls as $appname=>$submit_url) {
+#+ $appname = BoincDb::escape_string($appname);
+# $app = BoincApp::lookup("name='$appname'");
+# if (!$app) error_page("bad submit_url name: $appname");
+# $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
+index 9a2686a..e3b6d15 100644
+--- a/html/user/submit_rpc_handler.php
++++ b/html/user/submit_rpc_handler.php
+@@ -38,6 +38,7 @@ function error($s) {
+ function authenticate_user($r, $app) {
+ $auth = (string)$r->authenticator;
+ if (!$auth) error("no authenticator");
++ $auth = BoincDb::escape_string($auth);
+ $user = BoincUser::lookup("authenticator='$auth'");
+ if (!$user) error("bad authenticator");
+ $user_submit = BoincUserSubmit::lookup_userid($user->id);
+@@ -53,6 +54,7 @@ function authenticate_user($r, $app) {
+
+ function get_app($r) {
+ $name = (string)($r->batch->app_name);
++ $name = BoincDb::escape_string($name);
+ $app = BoincApp::lookup("name='$name'");
+ if (!$app) error("no app");
+ return $app;
+diff --git a/html/user/team_admins.php b/html/user/team_admins.php
+index 2c0876b..96f2c25 100644
+--- a/html/user/team_admins.php
++++ b/html/user/team_admins.php
+@@ -93,6 +93,7 @@ function remove_admin($team) {
+
+ function add_admin($team) {
+ $email_addr = get_str('email_addr');
++ $email_addr = BoincDb::escape_string($email_addr);
+ $user = BoincUser::lookup("email_addr='$email_addr'");
+ if (!$user) error_page(tra("no such user"));
+ if ($user->teamid != $team->id) error_page(tra("User is not member of team"));
+diff --git a/html/user/team_search.php b/html/user/team_search.php
+index 683fba4..d70c20a 100644
+--- a/html/user/team_search.php
++++ b/html/user/team_search.php
+@@ -126,11 +126,11 @@ function search($params) {
+ if (strlen($params->keywords)) {
+ $kw = BoincDb::escape_string($params->keywords);
+ $name_lc = strtolower($kw);
+- $name_lc = escape_pattern($name_lc);
+
+ $list2 = get_teams("name='$name_lc'", $params->active);
+ merge_lists($list2, $list, 20);
+
++ $name_lc = escape_pattern($name_lc);
+ $list2 = get_teams("name like '".$name_lc."%'", $params->active);
+ merge_lists($list2, $list, 5);
+
+@@ -142,13 +142,15 @@ function search($params) {
+ $tried = true;
+ }
+ if (strlen($params->country) && $params->country!='None') {
+- $list2 = get_teams("country = '$params->country'", $params->active);
++ $country = BoincDb::escape_string($params->country);
++ $list2 = get_teams("country = '$country'", $params->active);
+ //echo "<br>country matches: ",sizeof($list2);
+ merge_lists($list2, $list, 1);
+ $tried = true;
+ }
+ if ($params->type and $params->type>1) {
+- $list2 = get_teams("type=$params->type", $params->active);
++ $type = BoincDb::escape_string($params->type);
++ $list2 = get_teams("type=$type", $params->active);
+ //echo "<br>type matches: ",sizeof($list2);
+ merge_lists($list2, $list, 2);
+ $tried = true;
+--
+1.8.3.1
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-3-SQL-injections.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-3-SQL-injections.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-3-SQL-injections.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-3-SQL-injections.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,33 @@
+From 6e205de096da83b12ffb2f0183b43e51261eb0c4 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 7 Jan 2013 23:33:22 -0800
+Subject: [PATCH] - user web: fix a security vulnerability
+
+---
+ html/user/team_search.php | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/html/user/team_search.php b/html/user/team_search.php
+index d70c20a..1a87bcd 100644
+--- a/html/user/team_search.php
++++ b/html/user/team_search.php
+@@ -149,7 +149,6 @@ function search($params) {
+ $tried = true;
+ }
+ if ($params->type and $params->type>1) {
+- $type = BoincDb::escape_string($params->type);
+ $list2 = get_teams("type=$type", $params->active);
+ //echo "<br>type matches: ",sizeof($list2);
+ merge_lists($list2, $list, 2);
+@@ -169,7 +168,7 @@ if ($submit || $xml) {
+ $params = null;
+ $params->keywords = get_str('keywords', true);
+ $params->country = get_str("country", true);
+- $params->type = get_str("type", true);
++ $params->type = get_int("type", true);
+ $params->active = get_str('active', true);
+ $list = search($params);
+ if ($xml) {
+--
+1.8.3.1
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-4-SQL-injections.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-4-SQL-injections.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-4-SQL-injections.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-2018-4-SQL-injections.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,25 @@
+From ce3110489bc139b8218252ba1cb0862d69f72ae3 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Tue, 8 Jan 2013 11:32:16 -0800
+Subject: [PATCH] - user web: fix typo
+
+---
+ html/user/team_search.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/html/user/team_search.php b/html/user/team_search.php
+index 1a87bcd..3778695 100644
+--- a/html/user/team_search.php
++++ b/html/user/team_search.php
+@@ -149,7 +149,7 @@ function search($params) {
+ $tried = true;
+ }
+ if ($params->type and $params->type>1) {
+- $list2 = get_teams("type=$type", $params->active);
++ $list2 = get_teams("type=$params->type", $params->active);
+ //echo "<br>type matches: ",sizeof($list2);
+ merge_lists($list2, $list, 2);
+ $tried = true;
+--
+1.8.3.1
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,357 @@
+From 2fea03824925cbcb976f4191f4d8321e41a4d95b Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Wed, 27 Feb 2013 13:03:44 -0800
+Subject: [PATCH] - Scheduler: fix security vulnerabilities
+
+---
+ lib/parse.cpp | 25 +++++++++++++------------
+ lib/parse.h | 46 ++++++++++++++++++++++++++++++++--------------
+ sched/handle_request.cpp | 10 ++++++----
+ sched/sched_locality.cpp | 4 ++--
+ sched/sched_types.cpp | 2 +-
+ 5 files changed, 54 insertions(+), 33 deletions(-)
+
+--- a/lib/parse.cpp
++++ b/lib/parse.cpp
+@@ -497,7 +497,7 @@ bool XML_PARSER::scan_nonws(int& first_c
+ char c;
+ while (1) {
+ c = f->_getc();
+- if (c == EOF) return true;
++ if (!c || c == EOF) return true;
+ unsigned char uc = c;
+ if (isspace(uc)) continue;
+ first_char = c;
+@@ -505,18 +505,12 @@ bool XML_PARSER::scan_nonws(int& first_c
+ }
+ }
+
+-#define XML_PARSE_COMMENT 1
+-#define XML_PARSE_EOF 2
+-#define XML_PARSE_CDATA 3
+-#define XML_PARSE_TAG 4
+-#define XML_PARSE_DATA 5
+-
+ int XML_PARSER::scan_comment() {
+ char buf[256];
+ char* p = buf;
+ while (1) {
+ int c = f->_getc();
+- if (c == EOF) return XML_PARSE_EOF;
++ if (!c || c == EOF) return XML_PARSE_EOF;
+ *p++ = c;
+ *p = 0;
+ if (strstr(buf, "-->")) {
+@@ -534,7 +528,7 @@ int XML_PARSER::scan_cdata(char* buf, in
+ len--;
+ while (1) {
+ int c = f->_getc();
+- if (c == EOF) return XML_PARSE_EOF;
++ if (!c || c == EOF) return XML_PARSE_EOF;
+ if (len) {
+ *p++ = c;
+ len--;
+@@ -571,7 +565,7 @@ int XML_PARSER::scan_tag(
+
+ for (int i=0; ; i++) {
+ c = f->_getc();
+- if (c == EOF) return XML_PARSE_EOF;
++ if (!c || c == EOF) return XML_PARSE_EOF;
+ if (c == '>') {
+ *buf = 0;
+ if (attr_buf) *attr_buf = 0;
+@@ -587,6 +581,8 @@ int XML_PARSER::scan_tag(
+ } else if (c == '/') {
+ if (--tag_len > 0) {
+ *buf++ = c;
++ } else {
++ return XML_PARSE_OVERFLOW;
+ }
+ } else {
+ if (found_space) {
+@@ -598,6 +594,8 @@ int XML_PARSER::scan_tag(
+ } else {
+ if (--tag_len > 0) {
+ *buf++ = c;
++ } else {
++ return XML_PARSE_OVERFLOW;
+ }
+ }
+ }
+@@ -615,21 +613,22 @@ int XML_PARSER::scan_tag(
+
+ // read and copy text to buf; stop when find a <;
+ // ungetc() that so we read it again
+-// Return true iff reached EOF
++// Return XML_PARSE_DATA if successful
+ //
+-bool XML_PARSER::copy_until_tag(char* buf, int len) {
++int XML_PARSER::copy_until_tag(char* buf, int len) {
+ int c;
+ while (1) {
+ c = f->_getc();
+- if (c == EOF) return true;
++ if (!c || c == EOF) return XML_PARSE_EOF;
+ if (c == '<') {
+ f->_ungetc(c);
+ *buf = 0;
+- return false;
++ return XML_PARSE_DATA;
+ }
+- if (--len > 0) {
+- *buf++ = c;
++ if (--len <= 0) {
++ return XML_PARSE_OVERFLOW;
+ }
++ *buf++ = c;
+ }
+ }
+
+@@ -647,12 +646,12 @@ int XML_PARSER::get_aux(char* buf, int l
+ if (c == '<') {
+ retval = scan_tag(buf, len, attr_buf, attr_len);
+ if (retval == XML_PARSE_EOF) return retval;
++ if (retval == XML_PARSE_OVERFLOW) return retval;
+ if (retval == XML_PARSE_COMMENT) continue;
+ } else {
+ buf[0] = c;
+- eof = copy_until_tag(buf+1, len-1);
+- if (eof) return XML_PARSE_EOF;
+- retval = XML_PARSE_DATA;
++ retval = copy_until_tag(buf+1, len-1);
++ if (retval != XML_PARSE_DATA) return retval;
+ }
+ strip_whitespace(buf);
+ return retval;
+@@ -663,7 +662,9 @@ bool XML_PARSER::get(
+ char* buf, int len, bool& _is_tag, char* attr_buf, int attr_len
+ ) {
+ switch (get_aux(buf, len, attr_buf, attr_len)) {
+- case XML_PARSE_EOF: return true;
++ case XML_PARSE_EOF:
++ case XML_PARSE_OVERFLOW:
++ return true;
+ case XML_PARSE_TAG:
+ _is_tag = true;
+ break;
+@@ -685,11 +686,12 @@ bool XML_PARSER::get(
+ //
+ bool XML_PARSER::parse_str(const char* start_tag, char* buf, int len) {
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
++
++ size_t n = strlen(parsed_tag);
+
+ // handle the archaic form <tag/>, which means empty string
+ //
+- size_t n = strlen(parsed_tag);
+ if (parsed_tag[n-1] == '/') {
+ strcpy(tag, parsed_tag);
+ tag[n-1] = 0;
+@@ -745,7 +747,7 @@ bool XML_PARSER::parse_string(const char
+ bool XML_PARSER::parse_int(const char* start_tag, int& i) {
+ char buf[256], *end;
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ if (strcmp(parsed_tag, start_tag)) return false;
+
+@@ -780,7 +782,7 @@ bool XML_PARSER::parse_int(const char* s
+ bool XML_PARSER::parse_double(const char* start_tag, double& x) {
+ char buf[256], *end;
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ if (strcmp(parsed_tag, start_tag)) return false;
+
+@@ -815,7 +817,7 @@ bool XML_PARSER::parse_double(const char
+ bool XML_PARSER::parse_ulong(const char* start_tag, unsigned long& x) {
+ char buf[256], *end;
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ if (strcmp(parsed_tag, start_tag)) return false;
+
+@@ -850,7 +852,7 @@ bool XML_PARSER::parse_ulong(const char*
+ bool XML_PARSER::parse_ulonglong(const char* start_tag, unsigned long long& x) {
+ char buf[256], *end;
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ if (strcmp(parsed_tag, start_tag)) return false;
+
+@@ -885,7 +887,7 @@ bool XML_PARSER::parse_ulonglong(const c
+ bool XML_PARSER::parse_bool(const char* start_tag, bool& b) {
+ char buf[256], *end;
+ bool eof;
+- char end_tag[256], tag[256];
++ char end_tag[TAG_BUF_LEN], tag[TAG_BUF_LEN];
+
+ // handle the archaic form <tag/>, which means true
+ //
+@@ -919,7 +921,7 @@ bool XML_PARSER::parse_bool(const char*
+ // parse a start tag (optionally preceded by <?xml>)
+ //
+ bool XML_PARSER::parse_start(const char* start_tag) {
+- char tag[256];
++ char tag[TAG_BUF_LEN];
+ bool eof;
+
+ eof = get(tag, sizeof(tag), is_tag);
+@@ -951,7 +953,7 @@ int XML_PARSER::element_contents(const c
+ break;
+ }
+ int c = f->_getc();
+- if (c == EOF) {
++ if (!c || c == EOF) {
+ retval = ERR_XML_PARSE;
+ break;
+ }
+@@ -998,7 +1000,7 @@ int XML_PARSER::element_contents(const c
+ void XML_PARSER::skip_unexpected(
+ const char* start_tag, bool verbose, const char* where
+ ) {
+- char tag[256], end_tag[256];
++ char tag[TAG_BUF_LEN], end_tag[TAG_BUF_LEN];
+
+ if (verbose) {
+ fprintf(stderr, "Unrecognized XML in %s: %s\n", where, start_tag);
+@@ -1019,7 +1021,7 @@ void XML_PARSER::skip_unexpected(
+ // copy this entire element, including start and end tags, to the buffer
+ //
+ int XML_PARSER::copy_element(string& out) {
+- char end_tag[256], buf[1024];
++ char end_tag[TAG_BUF_LEN], buf[1024];
+
+ // handle <foo/> case
+ //
+--- a/lib/parse.h
++++ b/lib/parse.h
+@@ -28,12 +28,21 @@
+
+ // see parse_test.cpp for example usage of XML_PARSER
+
++#define XML_PARSE_COMMENT 1
++#define XML_PARSE_EOF 2
++#define XML_PARSE_CDATA 3
++#define XML_PARSE_TAG 4
++#define XML_PARSE_DATA 5
++#define XML_PARSE_OVERFLOW 6
++
++#define TAG_BUF_LEN 256
++
+ class XML_PARSER {
+ bool scan_nonws(int&);
+ int scan_comment();
+ int scan_tag(char*, int, char* ab=0, int al=0);
+ int scan_cdata(char*, int);
+- bool copy_until_tag(char*, int);
++ int copy_until_tag(char*, int);
+ public:
+ char parsed_tag[4096];
+ bool is_tag;
+@@ -44,7 +53,13 @@ public:
+ }
+ bool get(char*, int, bool&, char* ab=0, int al=0);
+ inline bool get_tag(char* ab=0, int al=0) {
+- return get(parsed_tag, sizeof(parsed_tag), is_tag, ab, al);
++ if (get(parsed_tag, sizeof(parsed_tag), is_tag, ab, al)) {
++ return true;
++ }
++ if (strlen(parsed_tag) > TAG_BUF_LEN-10) {
++ return true;
++ }
++ return false;
+ }
+ inline bool match_tag(const char* tag) {
+ return !strcmp(parsed_tag, tag);
+--- a/sched/handle_request.cpp
++++ b/sched/handle_request.cpp
+@@ -167,7 +167,7 @@ void unlock_sched() {
+ // find the user's most recently-created host with given host CPID
+ //
+ static bool find_host_by_cpid(DB_USER& user, char* host_cpid, DB_HOST& host) {
+- char buf[256], buf2[256];
++ char buf[1024], buf2[256];
+ sprintf(buf, "%s%s", host_cpid, user.email_addr);
+ md5_block((const unsigned char*)buf, strlen(buf), buf2);
+
+@@ -236,7 +236,7 @@ static void mark_results_over(DB_HOST& h
+ //
+ int authenticate_user() {
+ int retval;
+- char buf[256];
++ char buf[1024];
+ DB_HOST host;
+ DB_USER user;
+ DB_TEAM team;
+@@ -294,6 +294,7 @@ int authenticate_user() {
+ strlcpy(
+ user.authenticator, g_request->authenticator, sizeof(user.authenticator)
+ );
++ escape_string(user.authenticator, sizeof(user.authenticator));
+ sprintf(buf, "where authenticator='%s'", user.authenticator);
+ retval = user.lookup(buf);
+ if (retval) {
+@@ -360,6 +361,7 @@ lookup_user_and_make_new_host:
+ user.authenticator, g_request->authenticator,
+ sizeof(user.authenticator)
+ );
++ escape_string(user.authenticator, sizeof(user.authenticator));
+ sprintf(buf, "where authenticator='%s'", user.authenticator);
+ retval = user.lookup(buf);
+ }
+@@ -492,7 +494,7 @@ got_host:
+ static int modify_host_struct(HOST& host) {
+ host.timezone = g_request->host.timezone;
+ strncpy(host.domain_name, g_request->host.domain_name, sizeof(host.domain_name));
+- char buf[256], buf2[256];
++ char buf[1024], buf2[1024];
+ sprintf(buf, "[BOINC|%d.%d.%d]",
+ g_request->core_client_major_version,
+ g_request->core_client_minor_version,
+@@ -691,7 +693,7 @@ int send_result_abort() {
+ // 2) send global prefs in reply msg if needed
+ //
+ int handle_global_prefs() {
+- char buf[BLOB_SIZE];
++ char buf[BLOB_SIZE+256];
+ g_reply->send_global_prefs = false;
+ bool have_working_prefs = (strlen(g_request->working_global_prefs_xml)>0);
+ bool have_master_prefs = (strlen(g_request->global_prefs_xml)>0);
+--- a/sched/sched_locality.cpp
++++ b/sched/sched_locality.cpp
+@@ -73,7 +73,7 @@ int delete_file_from_host() {
+ #endif
+
+ int nfiles = (int)g_request->file_infos.size();
+- char buf[256];
++ char buf[1024];
+ if (!nfiles) {
+
+ double maxdisk = max_allowable_disk();
+@@ -1232,7 +1232,7 @@ void send_file_deletes() {
+ int num_useless = g_request->files_not_needed.size();
+ int i;
+ for (i=0; i<num_useless; i++) {
+- char buf[256];
++ char buf[1024];
+ FILE_INFO& fi = g_request->files_not_needed[i];
+ g_reply->file_deletes.push_back(fi);
+ if (config.debug_locality) {
+--- a/sched/sched_types.cpp
++++ b/sched/sched_types.cpp
+@@ -1323,7 +1323,7 @@ void PROJECT_FILES::init() {
+ }
+
+ void get_weak_auth(USER& user, char* buf) {
+- char buf2[256], out[256];
++ char buf2[1024], out[256];
+ sprintf(buf2, "%s%s", user.authenticator, user.passwd_hash);
+ md5_block((unsigned char*)buf2, strlen(buf2), out);
+ sprintf(buf, "%d_%s", user.id, out);
diff -Nru boinc-7.0.27+dfsg/debian/patches/CVE-2013-7386.patch boinc-7.0.27+dfsg/debian/patches/CVE-2013-7386.patch
--- boinc-7.0.27+dfsg/debian/patches/CVE-2013-7386.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/CVE-2013-7386.patch 2014-11-04 14:25:34.000000000 +0100
@@ -0,0 +1,27 @@
+8ef36e1ce0fd6e0dacffe53613ac9 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Wed, 24 Apr 2013 20:00:02 -0700
+Subject: [PATCH] - client: fix compile warning
+
+---
+ client/cs_account.cpp | 2 +-
+ client/project.cpp | 2 --
+ 2 files changed, 1 insertions(+), 3 deletions(-)
+
+diff --git a/client/cs_account.cpp b/client/cs_account.cpp
+index 04d1981..30d22c2 100644
+--- a/client/cs_account.cpp
++++ b/client/cs_account.cpp
+@@ -79,7 +79,7 @@ int PROJECT::write_account_file() {
+ fprintf(f, "<project_preferences>\n%s</project_preferences>\n",
+ project_prefs.c_str()
+ );
+- fprintf(f, gui_urls.c_str());
++ fprintf(f, "%s", gui_urls.c_str());
+ fprintf(f, "</account>\n");
+ fclose(f);
+ retval = boinc_rename(TEMP_ACCT_FILE_NAME, path);
+--
+1.7.1
+
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/link_with_gold.patch boinc-7.0.27+dfsg/debian/patches/link_with_gold.patch
--- boinc-7.0.27+dfsg/debian/patches/link_with_gold.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/link_with_gold.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,14 @@
+Index: boinc/configure.ac
+===================================================================
+--- boinc.orig/configure.ac
++++ boinc/configure.ac
+@@ -814,6 +814,9 @@
+ SAH_CHECK_LIB([Xss],[XScreenSaverAllocInfo],[
+ AC_DEFINE([HAVE_XSS],[1],[Define to 1 if you have xss library])
+ CLIENTLIBS="${sah_lib_last} ${CLIENTLIBS}"])
++ SAH_CHECK_LIB([X11],[XOpenDisplay],[
++ AC_DEFINE([HAVE_X11],[1],[Define to 1 if you have X11 library])
++ CLIENTLIBS="${sah_lib_last} ${CLIENTLIBS}"])
+ echo DEBUG: CLIENTLIBS=${CLIENTLIBS} >&5
+ fi
+
diff -Nru boinc-7.0.27+dfsg/debian/patches/series boinc-7.0.27+dfsg/debian/patches/series
--- boinc-7.0.27+dfsg/debian/patches/series 2012-06-25 10:30:02.000000000 +0200
+++ boinc-7.0.27+dfsg/debian/patches/series 2014-11-04 14:29:55.000000000 +0100
@@ -57,3 +57,12 @@
#screensaver_woes.patch
boinc_manager_project_info_page.patch
add_hardening_flags.patch
+workaround-objcxx.patch
+CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch
+link_with_gold.patch
+wrapper.patch
+CVE-2013-2018-1-SQL-injections.patch
+CVE-2013-2018-2-SQL-injections.patch
+CVE-2013-2018-3-SQL-injections.patch
+CVE-2013-2018-4-SQL-injections.patch
+CVE-2013-7386.patch
diff -Nru boinc-7.0.27+dfsg/debian/patches/workaround-objcxx.patch boinc-7.0.27+dfsg/debian/patches/workaround-objcxx.patch
--- boinc-7.0.27+dfsg/debian/patches/workaround-objcxx.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/workaround-objcxx.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,44 @@
+--- a/api/Makefile.am
++++ b/api/Makefile.am
+@@ -23,10 +23,10 @@ graphics2_files = \
+ #texfont.cpp
+ #txf_util.cpp
+
+-if OS_DARWIN
+- graphics2_files += mac_icon.cpp
+- graphics2_files += macglutfix.m
+-endif
++# if OS_DARWIN
++# graphics2_files += mac_icon.cpp
++# graphics2_files += macglutfix.m
++# endif
+
+ # library for OpenCL apps
+ opencl_files = \
+--- a/clientgui/Makefile.am
++++ b/clientgui/Makefile.am
+@@ -17,15 +17,15 @@ endif
+ endif ## ENABLE_CLIENT_RELEASE
+
+ if OS_DARWIN
+- LIBS += -framework IOKit -framework Foundation -framework ScreenSaver -framework Cocoa -framework Security
+- mac_sources = mac/SystemMenu.m \
+- mac/mac_saver_module.cpp \
+- mac/Mac_Saver_ModuleView.m \
+- mac/MacBitmapComboBox.cpp \
+- mac/MacSysMenu.cpp \
+- mac/Mac_GUI.cpp\
+- mac/browser_safari.mm
+-
++# LIBS += -framework IOKit -framework Foundation -framework ScreenSaver -framework Cocoa -framework Security
++# mac_sources = mac/SystemMenu.m \
++# mac/mac_saver_module.cpp \
++# mac/Mac_Saver_ModuleView.m \
++# mac/MacBitmapComboBox.cpp \
++# mac/MacSysMenu.cpp \
++# mac/Mac_GUI.cpp\
++# mac/browser_safari.mm
++ mac_sources =
+ mac_headers = mac/*.h
+ else
+ mac_headers =
diff -Nru boinc-7.0.27+dfsg/debian/patches/wrapper.patch boinc-7.0.27+dfsg/debian/patches/wrapper.patch
--- boinc-7.0.27+dfsg/debian/patches/wrapper.patch 1970-01-01 01:00:00.000000000 +0100
+++ boinc-7.0.27+dfsg/debian/patches/wrapper.patch 2014-11-04 14:25:23.000000000 +0100
@@ -0,0 +1,11 @@
+--- a/samples/wrapper/wrapper.cpp
++++ b/samples/wrapper/wrapper.cpp
+@@ -39,6 +39,8 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <sys/time.h>
++#include <sys/resource.h>
+ #endif
+
+ #include "boinc_api.h"
More information about the pkg-boinc-devel
mailing list