Package: torque / 2.4.16+dfsg-1+deb7u4
Metadata
Package | Version | Patches format |
---|---|---|
torque | 2.4.16+dfsg-1+deb7u4 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
freebsd5_manpages.patch | (download) |
doc/Makefile.am |
4 3 + 1 - 0 ! |
add pbs_resources_freebsd5.7 where missing This fixes the installation of manpages when building on a GNU/kFreeBSD target. |
gnu_fixes.patch | (download) |
src/gui/Ccode/xpbs_scriptload.c |
2 1 + 1 - 0 ! |
--- |
c90string.patch | (download) |
src/resmom/mom_main.c |
2 1 + 1 - 0 ! |
work around a build failure caused by iso c90 string lengths. This is a workaround for a compilation error caused by strings greater than the length '509' ISO C90 compilers are required to support. |
xpbs_xpbsmon_tclIndex.patch | (download) |
src/gui/buildindex.src |
1 1 + 0 - 0 ! |
fix tclindex generation According to http://www.gnu.org/prep/standards/html_node/DESTDIR.html, DESTDIR is a temporary location. "Also, specifying DESTDIR should not change the operation of the software in any way, so its value should not be included in any file contents." Bug-Debian: http://bugs.debian.org/587262 |
tcl85.patch | (download) |
src/tools/xpbsmon/entry.tk |
1 0 + 1 - 0 ! |
--- |
CVE 2013 4319.patch | (download) |
src/server/process_request.c |
15 15 + 0 - 0 ! |
cve-2013-4319: remote arbitrary command execution as root on cluster CVE-2013-4319: A non-priviledged user who was able to run jobs or login to a node which ran pbs_server or pbs_mom, could submit arbitrary jobs to a pbs_mom daemon to queue and run the job, which would run as root. . - The user must be logged in on a node that is already legitimately able to contact pbs_mom daemons or submit jobs. . - If a user submits a job via this defect and pbs_server is running, pbs_server will kill the job unless job syncing is disabled. It may take up to 45 seconds for pbs_server to kill the job. |
fix FTBFS on kfreebsd.patch | (download) |
src/resmom/freebsd5/mom_mach.c |
2 1 + 1 - 0 ! |
fix ftbfs on kfreebsd-{amd64,i386} Fix FTBFS on kfreebsd-{amd64,i386} due to use of deprecated header <nlist.h>. Switch to use <bsd/nlist.h>. |
CVE 2013 4495.patch | (download) |
src/server/svr_mail.c |
288 182 + 106 - 0 ! |
make sending e-mail more robust - Use pipes instead of temporary files to pass the content to sendmail - Use comma as a delimiter for 'To:' addresses per RFC2822 - exec-like functions expect the first argument to be the name of the program - Provide multiple addresses to sendmail in separate arguments . CVE-2013-4495: remote code execution when submitting jobs. |
CVE 2014 0749.patch | (download) |
src/lib/Libdis/disrsi_.c |
9 9 + 0 - 0 ! |
fix stack-based buffer overflow in disrsi_.c CVE-2014-0749: The file disrsi_.c fails to ensure that the length of count (which is read from the request packet) is less than dis_umaxd prior to being used in a later memcpy(). As a result a specially crafted request can smuggle through a count value which is later decremented and becomes the ct value in a memcpy() made from within tcp_gets(): . memcpy((char *)str, tp->tdis_leadp, ct); . This failure to validate count allows control over the size of the memcpy() to be leveraged and as a result control over the amount of data read from the remainder of the packet. If this value is large the memcpy() will overwrite the stack and so can be leveraged in order to gain control over the execution of the program. |
CVE 2014 3684.patch | (download) |
src/cmds/pbs_track.c |
6 6 + 0 - 0 ! |
cve-2014-3684: non-root users able to kill any process on any node in a job limit tm_adopt() to only adopt a session id that is owned by the calling user. . Within a TORQUE Resource Manager job, the tm_adopt() TORQUE library call enables a user-built executable calling tm_adopt() to adopt any session id (and its child processes) regardless of the session id owner on any node within a job. When a job that includes the executable calling tm_adopt() exits, the adopted processes are killed along with the job processes during normal job cleanup. This can enable a non-root user to kill processes he/she doesn't own including root-owned ones on any node in a job. |