[boinc] 01/01: Remove server from stable
Gianfranco Costamagna
locutusofborg-guest at moszumanska.debian.org
Tue Nov 4 13:53:42 UTC 2014
This is an automated email from the git hooks/post-receive script.
locutusofborg-guest pushed a commit to branch wheezy
in repository boinc.
commit 203c50d286da7bf90a8eddc90f7825913844f3ac
Author: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Date: Tue Nov 4 14:33:58 2014 +0100
Remove server from stable
---
debian/changelog | 10 +++++--
debian/control | 61 +-------------------------------------
debian/patches/CVE-2013-7386.patch | 27 +++++++++++++++++
debian/patches/series | 1 +
4 files changed, 37 insertions(+), 62 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 69c4139..8565ecd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-boinc (7.0.27+dfsg-5+deb7u1) stable; urgency=low
+boinc (7.0.27+dfsg-5+deb7u1) stable-proposed-updates; urgency=low
[ Guo Yixuan ]
* Removed the deprecated DMUA field from debian/control.
@@ -9,7 +9,13 @@ boinc (7.0.27+dfsg-5+deb7u1) stable; urgency=low
* link_with_gold.patch: patched configure.ac to add -lX11 for linking client
with ld.gold.
- -- Guo Yixuan <culu.gyx at gmail.com> Sat, 29 Jun 2013 16:11:49 +0800
+ [ Gianfranco Costamagna ]
+ * d/{rules,control} remove boinc-server-maker, boinc-cgi-stripchart, and
+ boinc-app-examples binaries due to security problems and not usable
+ (cfr CVE-2013-2018, 706488).
+ * d/patches/CVE-2013-7386.patch fix CVE-2013-7386.
+
+ -- Guo Yixuan <culu.gyx at gmail.com> Tue, 04 Nov 2014 14:32:25 +0100
boinc (7.0.27+dfsg-5) unstable; urgency=low
diff --git a/debian/control b/debian/control
index 68a5e51..8bb1073 100644
--- a/debian/control
+++ b/debian/control
@@ -18,7 +18,7 @@ Build-Depends: debhelper (>= 7.0.50~), po-debconf, dh-buildinfo, pkg-config (>=
libxcb-util0-dev,
libx11-dev, libxss-dev
Homepage: http://boinc.berkeley.edu/
-Vcs-Git: git://git.debian.org/git/pkg-boinc/boinc.git -b sid
+Vcs-Git: git://git.debian.org/git/pkg-boinc/boinc.git -b wheezy
Vcs-Browser: http://git.debian.org/?p=pkg-boinc/boinc.git
@@ -149,51 +149,6 @@ Description: development files to build applications for BOINC projects
infrastructure.
-Package: boinc-server-maker
-Architecture: any
-Provides: boinc-server
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends},
- python-support, python, python-mysqldb,
- mysql-server-5.0 | virtual-mysql-server, apache2 | httpd-cgi,
- php5, php5-cli, php5-mysql,
- tcsh, openssl (>= 0.9.8), adduser, libfcgi0ldbl
-Recommends: libapache2-mod-php5, php5-gd, uuid-runtime,
- boinc-cgi-stripchart
-Suggests: boinc-app-examples
-Description: BOINC server applications and data files
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources. For every scientific problem its own distinct project-server
- must be provided. The users only run a common client with project-specific
- additions (if not self-compiled or available as a Linux distribution's
- package itself) being downloaded from the server.
- .
- This package contains the daemons and tools to create and run BOINC
- projects.
-
-
-Package: boinc-app-examples
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: boinc-server-maker
-Description: example binaries for BOINC servers
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources. For every scientific problem its own distinct project-server
- must be provided. The users only run a common client with project-specific
- additions (if not self-compiled or available as a Linux distribution's
- package itself) being downloaded from the server.
- .
- This package extends the boinc-server-maker package. It features a
- series of small applications that a newly installed environment may
- decide to use for testing purposes. Having them separated has the neat
- side effect that thosee binaries may be retrieved more easily for foreign
- platforms to feed the local servers with.
- .
- The package also features the wrapper application, which is likely
- to find its audience also in real projects.
-
-
Package: boinc-dbg
Section: debug
Priority: extra
@@ -211,17 +166,3 @@ Description: debugging symbols for BOINC binaries
core dumps.
-Package: boinc-cgi-stripchart
-Section: libs
-Priority: extra
-Architecture: all
-Depends: ${misc:Depends}, gnuplot-nox, perl
-Recommends: apache2|httpd-cgi
-Description: CGI script for plotting basic statistical graphs
- The Berkeley Open Infrastructure for Network Computing (BOINC) is a
- software platform for distributed computing using volunteered computer
- resources.
- .
- The BOINC developers have found their charting library to be of
- interest for a larger audience. It is isolated in the BOINC source
- tree and thus presented as a separate package.
diff --git a/debian/patches/CVE-2013-7386.patch b/debian/patches/CVE-2013-7386.patch
new file mode 100644
index 0000000..117ab37
--- /dev/null
+++ b/debian/patches/CVE-2013-7386.patch
@@ -0,0 +1,27 @@
+8ef36e1ce0fd6e0dacffe53613ac9 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Wed, 24 Apr 2013 20:00:02 -0700
+Subject: [PATCH] - client: fix compile warning
+
+---
+ client/cs_account.cpp | 2 +-
+ client/project.cpp | 2 --
+ 2 files changed, 1 insertions(+), 3 deletions(-)
+
+diff --git a/client/cs_account.cpp b/client/cs_account.cpp
+index 04d1981..30d22c2 100644
+--- a/client/cs_account.cpp
++++ b/client/cs_account.cpp
+@@ -79,7 +79,7 @@ int PROJECT::write_account_file() {
+ fprintf(f, "<project_preferences>\n%s</project_preferences>\n",
+ project_prefs.c_str()
+ );
+- fprintf(f, gui_urls.c_str());
++ fprintf(f, "%s", gui_urls.c_str());
+ fprintf(f, "</account>\n");
+ fclose(f);
+ retval = boinc_rename(TEMP_ACCT_FILE_NAME, path);
+--
+1.7.1
+
+
diff --git a/debian/patches/series b/debian/patches/series
index 3f215ca..5ff5565 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -65,3 +65,4 @@ CVE-2013-2018-1-SQL-injections.patch
CVE-2013-2018-2-SQL-injections.patch
CVE-2013-2018-3-SQL-injections.patch
CVE-2013-2018-4-SQL-injections.patch
+CVE-2013-7386.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-boinc/boinc.git
More information about the pkg-boinc-commits
mailing list