[SCM] BOINC packaging branch, wheezy, updated. debian/7.0.27+dfsg-5-21-g8ddb22e

Thu Jun 27 02:20:11 UTC 2013

The following commit has been merged in the wheezy branch:
commit 173bfe585a829ff51ddb6543c24b2be920cfffe5
Author: Guo Yixuan <culu.gyx at gmail.com>
Date:   Thu Jun 27 10:04:31 2013 +0800

    CVE-2013-2018 2nd patch
    
    boinc-v2: e8d6c33fe158129a5616e18eb84a7a9d44aca15f

diff --git a/debian/patches/CVE-2013-2018-2-SQL-injections.patch b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
new file mode 100644
index 0000000..7b38f77
--- /dev/null
+++ b/debian/patches/CVE-2013-2018-2-SQL-injections.patch
@@ -0,0 +1,107 @@
+From e8d6c33fe158129a5616e18eb84a7a9d44aca15f Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 7 Jan 2013 19:40:20 -0800
+Subject: [PATCH] - user web: fix security vulnerabilities
+
+---
+ html/inc/bossa.inc               | 1 +
+ html/user/submit.php             | 1 +
+ html/user/submit_rpc_handler.php | 2 ++
+ html/user/team_admins.php        | 1 +
+ html/user/team_search.php        | 8 +++++---
+ 6 files changed, 15 insertions(+), 5 deletions(-)
+ 
+diff --git a/html/inc/bossa.inc b/html/inc/bossa.inc
+index 2dfef55..625ca52 100644
+--- a/html/inc/bossa.inc
++++ b/html/inc/bossa.inc
+@@ -45,6 +45,7 @@ function bossa_batch_create($appid, $name, $calibration) {
+ }
+ 
+ function bossa_app_lookup($name) {
++    $name = BoincDb::escape_string($name);
+     $app = BossaApp::lookup("short_name='$name'");
+     if (!$app) return 0;
+     return $app->id;
+diff --git a/html/user/submit.php b/html/user/submit.php
+index ebaf385..4d8d7c5 100644
+--- a/html/user/submit.php
++++ b/html/user/submit.php
+@@ -196,6 +196,7 @@ function handle_main($user) {
+     ";
+     $x = "";
+     foreach ($submit_urls as $appname=>$submit_url) {
++        $appname = BoincDb::escape_string($appname);
+         $app = BoincApp::lookup("name='$appname'");
+         if (!$app) error_page("bad submit_url name: $appname");
+         $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
+index 9a2686a..e3b6d15 100644
+--- a/html/user/submit_rpc_handler.php
++++ b/html/user/submit_rpc_handler.php
+@@ -38,6 +38,7 @@ function error($s) {
+ function authenticate_user($r, $app) {
+     $auth = (string)$r->authenticator;
+     if (!$auth) error("no authenticator");
++    $auth = BoincDb::escape_string($auth);
+     $user = BoincUser::lookup("authenticator='$auth'");
+     if (!$user) error("bad authenticator");
+     $user_submit = BoincUserSubmit::lookup_userid($user->id);
+@@ -53,6 +54,7 @@ function authenticate_user($r, $app) {
+ 
+ function get_app($r) {
+     $name = (string)($r->batch->app_name);
++    $name = BoincDb::escape_string($name);
+     $app = BoincApp::lookup("name='$name'");
+     if (!$app) error("no app");
+     return $app;
+diff --git a/html/user/team_admins.php b/html/user/team_admins.php
+index 2c0876b..96f2c25 100644
+--- a/html/user/team_admins.php
++++ b/html/user/team_admins.php
+@@ -93,6 +93,7 @@ function remove_admin($team) {
+ 
+ function add_admin($team) {
+     $email_addr = get_str('email_addr');
++    $email_addr =  BoincDb::escape_string($email_addr);
+     $user = BoincUser::lookup("email_addr='$email_addr'");
+     if (!$user) error_page(tra("no such user"));
+     if ($user->teamid != $team->id) error_page(tra("User is not member of team"));
+diff --git a/html/user/team_search.php b/html/user/team_search.php
+index 683fba4..d70c20a 100644
+--- a/html/user/team_search.php
++++ b/html/user/team_search.php
+@@ -126,11 +126,11 @@ function search($params) {
+     if (strlen($params->keywords)) {
+         $kw = BoincDb::escape_string($params->keywords);
+         $name_lc = strtolower($kw);
+-        $name_lc = escape_pattern($name_lc);
+ 
+         $list2 = get_teams("name='$name_lc'", $params->active);
+         merge_lists($list2, $list, 20);
+ 
++        $name_lc = escape_pattern($name_lc);
+         $list2 = get_teams("name like '".$name_lc."%'", $params->active);
+         merge_lists($list2, $list, 5);
+ 
+@@ -142,13 +142,15 @@ function search($params) {
+         $tried = true;
+     }
+     if (strlen($params->country) && $params->country!='None') {
+-        $list2 = get_teams("country = '$params->country'", $params->active);
++        $country = BoincDb::escape_string($params->country);
++        $list2 = get_teams("country = '$country'", $params->active);
+         //echo "<br>country matches: ",sizeof($list2);
+         merge_lists($list2, $list, 1);
+         $tried = true;
+     }
+     if ($params->type and $params->type>1) {
+-        $list2 = get_teams("type=$params->type", $params->active);
++        $type = BoincDb::escape_string($params->type);
++        $list2 = get_teams("type=$type", $params->active);
+         //echo "<br>type matches: ",sizeof($list2);
+         merge_lists($list2, $list, 2);
+         $tried = true;
+-- 
+1.8.3.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 9da85d5..d3edb18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -62,3 +62,4 @@ CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch
 link_with_gold.patch
 wrapper.patch
 CVE-2013-2018-1-SQL-injections.patch
+CVE-2013-2018-2-SQL-injections.patch

-- 
BOINC packaging

