--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package moodle
This version fixes the security bug #687924 and the following CVEs:
CVE-2012-4400
CVE-2012-4401
CVE-2012-4402
CVE-2012-4407
CVE-2012-4408
This is the changelog entry:
moodle (2.2.3.dfsg-2.3) unstable; urgency=low
* Non-maintainer upload.
* Backport multiple security issues from upstream's MOODLE_22_STABLE
branch. (Closes: #687924)
- MSA-12-0051: MDL-30792 - File upload size constraint issue
Fixes CVE-2012-4400
- MSA-12-0052: MDL-28207 - Course topics permission issue
Fixes CVE-2012-4401
- MSA-12-0053: MDL-34585 - Blog file access issue
Fixes CVE-2012-4407
- MSA-12-0054: MDL-34519 - Course reset permission issue
Fixes CVE-2012-4408
- MSA-12-0055: MDL-34368 - Web service access token issue
Fixes CVE-2012-4402
-- Didier Raboud <odyx@debian.org> Fri, 28 Sep 2012 12:52:21 +0200
And (as the only diff are new patches in debian/patches) the patches are attached.
Cheers,
OdyX
unblock moodle/2.2.3.dfsg-2.3
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
>From ebf253af171efbc5ff3a0074538c85a5edcb2ee2 Mon Sep 17 00:00:00 2001
From: Rajesh Taneja <rajesh@moodle.com>
Date: Fri, 3 Aug 2012 11:44:20 +0800
Subject: [PATCH] MDL-30792 Files API: maxbytes will be set by
get_max_upload_file_size if less then 0 or greater then max
moodle limit
---
repository/filepicker.php | 4 ++--
repository/repository_ajax.php | 8 ++++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/repository/filepicker.php b/repository/filepicker.php
index 68aee10..610ef13 100644
--- a/repository/filepicker.php
+++ b/repository/filepicker.php
@@ -93,9 +93,9 @@ if ($repository = $DB->get_record_sql($sql, array($repo_id))) {
}
}
-$moodle_maxbytes = get_max_upload_file_size();
+$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes);
// to prevent maxbytes greater than moodle maxbytes setting
-if ($maxbytes == 0 || $maxbytes>=$moodle_maxbytes) {
+if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) {
$maxbytes = $moodle_maxbytes;
}
diff --git a/repository/repository_ajax.php b/repository/repository_ajax.php
index b7793c8..b7f76d1 100644
--- a/repository/repository_ajax.php
+++ b/repository/repository_ajax.php
@@ -83,9 +83,13 @@ if (!$repository = $DB->get_record_sql($sql, array($repo_id))) {
/// Check permissions
repository::check_capability($contextid, $repository);
-$moodle_maxbytes = get_max_upload_file_size();
+$coursemaxbytes = 0;
+if (!empty($course)) {
+ $coursemaxbytes = $course->maxbytes;
+}
+$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes);
// to prevent maxbytes greater than moodle maxbytes setting
-if ($maxbytes == 0 || $maxbytes>=$moodle_maxbytes) {
+if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) {
$maxbytes = $moodle_maxbytes;
}
--
1.7.10.4
>From 43bfb68de9bb2b3f849a1ebded1c2b8e7f738edc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <commits@skodak.org>
Date: Tue, 31 Jul 2012 16:02:54 +0200
Subject: [PATCH] MDL-34585 fix broken blog file access control
---
lib/filelib.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/filelib.php b/lib/filelib.php
index 92565f9..ca20cd2 100644
--- a/lib/filelib.php
+++ b/lib/filelib.php
@@ -3230,15 +3230,15 @@ function file_pluginfile($relativepath, $forcedownload) {
}
}
- if ('publishstate' === 'public') {
+ if ($entry->publishstate === 'public') {
if ($CFG->forcelogin) {
require_login();
}
- } else if ('publishstate' === 'site') {
+ } else if ($entry->publishstate === 'site') {
require_login();
//ok
- } else if ('publishstate' === 'draft') {
+ } else if ($entry->publishstate === 'draft') {
require_login();
if ($USER->id != $entry->userid) {
send_file_not_found();
--
1.7.10.4
>From f4ab33b25ff2013d8334303a06fde1800cd8cce0 Mon Sep 17 00:00:00 2001
From: Rex Lorenzo <rex@oid.ucla.edu>
Date: Tue, 24 Jul 2012 12:01:11 -0700
Subject: [PATCH] MDL-34519 - Course reset not protected by proper capability
---
course/reset.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/course/reset.php b/course/reset.php
index cd0a66b..088c203 100644
--- a/course/reset.php
+++ b/course/reset.php
@@ -39,7 +39,7 @@ if (!$course = $DB->get_record('course', array('id'=>$id))) {
$PAGE->set_url('/course/reset.php', array('id'=>$id));
require_login($course);
-require_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id));
+require_capability('moodle/course:reset', get_context_instance(CONTEXT_COURSE, $course->id));
$strreset = get_string('reset');
$strresetcourse = get_string('resetcourse');
--
1.7.10.4
>From 755dac1e2f3d82853ce12c91d36ee01f1b5501e2 Mon Sep 17 00:00:00 2001
From: Frederic Massart <fred@moodle.com>
Date: Tue, 31 Jul 2012 14:10:05 +0800
Subject: [PATCH] MDL-28207 Course: Showing/hiding/marking a section respect
capabilities
---
course/format/topics/format.php | 46 +++++++++++++++++++++------------------
course/format/weeks/format.php | 34 ++++++++++++++++-------------
course/rest.php | 5 +++--
course/view.php | 5 +++--
4 files changed, 50 insertions(+), 40 deletions(-)
diff --git a/course/format/topics/format.php b/course/format/topics/format.php
index b8ce8f2..0c58c4d 100644
--- a/course/format/topics/format.php
+++ b/course/format/topics/format.php
@@ -186,29 +186,33 @@ while ($section <= $course->numsections) {
'<img src="'.$OUTPUT->pix_url('i/one') . '" class="icon" alt="'.$strshowonlytopic.'" /></a><br />';
}
- if ($PAGE->user_is_editing() && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) {
-
- if ($course->marker == $section) { // Show the "light globe" on/off
- echo '<a href="view.php?id='.$course->id.'&marker=0&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkedthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marked') . '" alt="'.$strmarkedthistopic.'" class="icon"/></a><br />';
- } else {
- echo '<a href="view.php?id='.$course->id.'&marker='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marker') . '" alt="'.$strmarkthistopic.'" class="icon"/></a><br />';
- }
-
- if ($thissection->visible) { // Show the hide/show eye
- echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopichide.'">'.
- '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strtopichide.'" /></a><br />';
- } else {
- echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopicshow.'">'.
- '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strtopicshow.'" /></a><br />';
+ $coursecontext = context_course::instance($course->id);
+ if ($PAGE->user_is_editing()) {
+ if (has_capability('moodle/course:setcurrentsection', $coursecontext)) {
+ if ($course->marker == $section) { // Show the "light globe" on/off
+ echo '<a href="view.php?id='.$course->id.'&marker=0&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkedthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marked') . '" alt="'.$strmarkedthistopic.'" class="icon"/></a><br />';
+ } else {
+ echo '<a href="view.php?id='.$course->id.'&marker='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marker') . '" alt="'.$strmarkthistopic.'" class="icon"/></a><br />';
+ }
}
- if ($section > 1) { // Add a arrow to move section up
- echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'.
- '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />';
+ if (has_capability('moodle/course:sectionvisibility', $coursecontext)) {
+ if ($thissection->visible) { // Show the hide/show eye
+ echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopichide.'">'.
+ '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strtopichide.'" /></a><br />';
+ } else {
+ echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopicshow.'">'.
+ '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strtopicshow.'" /></a><br />';
+ }
}
-
- if ($section < $course->numsections) { // Add a arrow to move section down
- echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'.
- '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />';
+ if (has_capability('moodle/course:update', $coursecontext)) {
+ if ($section > 1) { // Add a arrow to move section up
+ echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'.
+ '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />';
+ }
+ if ($section < $course->numsections) { // Add a arrow to move section down
+ echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'.
+ '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />';
+ }
}
}
echo '</div>';
diff --git a/course/format/weeks/format.php b/course/format/weeks/format.php
index c5c78fa..9ae93f1 100644
--- a/course/format/weeks/format.php
+++ b/course/format/weeks/format.php
@@ -192,22 +192,26 @@ defined('MOODLE_INTERNAL') || die();
'<img src="'.$OUTPUT->pix_url('i/one') . '" class="icon wkone" alt="'.$strshowonlyweek.'" /></a><br />';
}
- if ($PAGE->user_is_editing() && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) {
- if ($thissection->visible) { // Show the hide/show eye
- echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekhide.'">'.
- '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strweekhide.'" /></a><br />';
- } else {
- echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekshow.'">'.
- '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strweekshow.'" /></a><br />';
- }
- if ($section > 1) { // Add a arrow to move section up
- echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'.
- '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />';
+ $coursecontext = context_course::instance($course->id);
+ if ($PAGE->user_is_editing()) {
+ if (has_capability('moodle/course:sectionvisibility', $coursecontext)) {
+ if ($thissection->visible) { // Show the hide/show eye
+ echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekhide.'">'.
+ '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strweekhide.'" /></a><br />';
+ } else {
+ echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekshow.'">'.
+ '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strweekshow.'" /></a><br />';
+ }
}
-
- if ($section < $course->numsections) { // Add a arrow to move section down
- echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'.
- '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />';
+ if (has_capability('moodle/course:update', $coursecontext)) {
+ if ($section > 1) { // Add a arrow to move section up
+ echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'.
+ '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />';
+ }
+ if ($section < $course->numsections) { // Add a arrow to move section down
+ echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'.
+ '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />';
+ }
}
}
echo '</div>';
diff --git a/course/rest.php b/course/rest.php
index 5125ffb..3f996a7 100644
--- a/course/rest.php
+++ b/course/rest.php
@@ -78,7 +78,6 @@ switch($requestmethod) {
case 'section':
require_login($course);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
- require_capability('moodle/course:update', $coursecontext);
if (!$DB->record_exists('course_sections', array('course'=>$course->id, 'section'=>$id))) {
error_log('AJAX commands.php: Bad Section ID '.$id);
@@ -87,10 +86,12 @@ switch($requestmethod) {
switch ($field) {
case 'visible':
+ require_capability('moodle/course:sectionvisibility', $coursecontext);
set_section_visible($course->id, $id, $value);
break;
case 'move':
+ require_capability('moodle/course:update', $coursecontext);
move_section_to($course, $id, $value);
break;
}
@@ -158,7 +159,7 @@ switch($requestmethod) {
case 'marker':
require_login($course);
$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
- require_capability('moodle/course:update', $coursecontext);
+ require_capability('moodle/course:setcurrentsection', $coursecontext);
course_set_marker($course->id, $value);
break;
}
diff --git a/course/view.php b/course/view.php
index 8b2621f..816265e 100644
--- a/course/view.php
+++ b/course/view.php
@@ -127,15 +127,16 @@
}
}
- if (has_capability('moodle/course:update', $context)) {
+ if (has_capability('moodle/course:sectionvisibility', $context)) {
if ($hide && confirm_sesskey()) {
set_section_visible($course->id, $hide, '0');
}
-
if ($show && confirm_sesskey()) {
set_section_visible($course->id, $show, '1');
}
+ }
+ if (has_capability('moodle/course:update', $context)) {
if (!empty($section)) {
if (!empty($move) and confirm_sesskey()) {
if (move_section($course, $section, $move)) {
--
1.7.10.4
>From 5678fd4794179522f30ba3993736f827eed5c656 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <commits@skodak.org>
Date: Wed, 1 Aug 2012 08:30:28 +0200
Subject: [PATCH] MDL-34368 fix another validuntil condition
---
webservice/lib.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webservice/lib.php b/webservice/lib.php
index 998edd9..4c475da 100644
--- a/webservice/lib.php
+++ b/webservice/lib.php
@@ -1458,7 +1458,7 @@ abstract class webservice_base_server extends webservice_server {
FROM {external_services} s
JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1 AND sf.functionname = :name2)
JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid)
- WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2";
+ WHERE s.enabled = 1 AND (su.validuntil IS NULL OR su.validuntil < :now) $wscond2";
$params = array_merge($params, array('userid'=>$USER->id, 'name1'=>$function->name, 'name2'=>$function->name, 'now'=>time()));
$rs = $DB->get_recordset_sql($sql, $params);
--
1.7.10.4
>From af6df710114918fbdf51486bbcca8049a2e72cba Mon Sep 17 00:00:00 2001
From: Nathan Mares <nathan@catalyst-au.net>
Date: Tue, 17 Jul 2012 19:11:57 +1000
Subject: [PATCH] MDL-34368: Fix broken query in so tokens are correctly
checked against the linked service
---
webservice/lib.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/webservice/lib.php b/webservice/lib.php
index 1861513..998edd9 100644
--- a/webservice/lib.php
+++ b/webservice/lib.php
@@ -979,7 +979,7 @@ abstract class webservice_zend_server extends webservice_server {
FROM {external_services} s
JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1)
JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid)
- WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2";
+ WHERE s.enabled = 1 AND (su.validuntil IS NULL OR su.validuntil < :now) $wscond2";
$params = array_merge($params, array('userid'=>$USER->id, 'now'=>time()));
--
1.7.10.4
>From f7c9e3bb18e9e7fa06dff625042bf9572d709d45 Mon Sep 17 00:00:00 2001
From: Rajesh Taneja <rajesh@moodle.com>
Date: Fri, 3 Aug 2012 11:47:44 +0800
Subject: [PATCH] MDL-30792 Files API: Cleaner approach to get maxbytes size
in filepicker
---
lib/moodlelib.php | 6 +++---
repository/filepicker.php | 7 ++-----
repository/repository_ajax.php | 7 ++-----
3 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 465226a..08b34ee 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -5728,15 +5728,15 @@ function get_max_upload_file_size($sitebytes=0, $coursebytes=0, $modulebytes=0)
}
}
- if ($sitebytes and $sitebytes < $minimumsize) {
+ if (($sitebytes > 0) and ($sitebytes < $minimumsize)) {
$minimumsize = $sitebytes;
}
- if ($coursebytes and $coursebytes < $minimumsize) {
+ if (($coursebytes > 0) and ($coursebytes < $minimumsize)) {
$minimumsize = $coursebytes;
}
- if ($modulebytes and $modulebytes < $minimumsize) {
+ if (($modulebytes > 0) and ($modulebytes < $minimumsize)) {
$minimumsize = $modulebytes;
}
diff --git a/repository/filepicker.php b/repository/filepicker.php
index 610ef13..fa759c5 100644
--- a/repository/filepicker.php
+++ b/repository/filepicker.php
@@ -93,11 +93,8 @@ if ($repository = $DB->get_record_sql($sql, array($repo_id))) {
}
}
-$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes);
-// to prevent maxbytes greater than moodle maxbytes setting
-if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) {
- $maxbytes = $moodle_maxbytes;
-}
+// Make sure maxbytes passed is within site filesize limits.
+$maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes, $maxbytes);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$params['action'] = 'browse';
diff --git a/repository/repository_ajax.php b/repository/repository_ajax.php
index b7f76d1..f8c9fe5 100644
--- a/repository/repository_ajax.php
+++ b/repository/repository_ajax.php
@@ -87,11 +87,8 @@ $coursemaxbytes = 0;
if (!empty($course)) {
$coursemaxbytes = $course->maxbytes;
}
-$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes);
-// to prevent maxbytes greater than moodle maxbytes setting
-if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) {
- $maxbytes = $moodle_maxbytes;
-}
+// Make sure maxbytes passed is within site filesize limits.
+$maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes, $maxbytes);
/// Wait as long as it takes for this script to finish
set_time_limit(0);
--
1.7.10.4
--- End Message ---