This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch ubuntu-xenial in repository mapserver.
commit 8e713ebf5ee7181bea841d80ccbdd4bfb1801c8d Author: Bas Couwenberg <sebas...@xs4all.nl> Date: Wed Jan 18 23:08:47 2017 +0100 Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. (LP: 1648998) --- debian/changelog | 7 +++ debian/patches/CVE-2016-9839.patch | 94 ++++++++++++++++++++++++++++++++++++++ debian/patches/CVE-2017-5522.patch | 30 ++++++++++++ debian/patches/series | 2 + 4 files changed, 133 insertions(+) diff --git a/debian/changelog b/debian/changelog index 8a89fc4..f986083 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +mapserver (7.0.0-9ubuntu3.1) UNRELEASED; urgency=medium + + * Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. + (LP: 1648998) + + -- Bas Couwenberg <sebas...@debian.org> Wed, 18 Jan 2017 23:11:42 +0100 + mapserver (7.0.0-9ubuntu3) xenial; urgency=medium * No-change rebuild for ruby2.3-only support. diff --git a/debian/patches/CVE-2016-9839.patch b/debian/patches/CVE-2016-9839.patch new file mode 100644 index 0000000..3365458 --- /dev/null +++ b/debian/patches/CVE-2016-9839.patch @@ -0,0 +1,94 @@ +Description: Backport #4928 and #5356 +Author: Thomas Bonfort <thomas.bonf...@gmail.com> +Origin: https://github.com/mapserver/mapserver/commit/022d24bd34196b6dca67053fb797a6980210bc54 + +--- a/mapogr.cpp ++++ b/mapogr.cpp +@@ -1158,18 +1158,15 @@ msOGRFileOpen(layerObj *layer, const cha + RELEASE_OGR_LOCK; + + if( hDS == NULL ) { +- if( strlen(CPLGetLastErrorMsg()) == 0 ) +- msSetError(MS_OGRERR, +- "Open failed for OGR connection in layer `%s'. " +- "File not found or unsupported format.", +- "msOGRFileOpen()", +- layer->name?layer->name:"(null)" ); +- else +- msSetError(MS_OGRERR, +- "Open failed for OGR connection in layer `%s'.\n%s\n", +- "msOGRFileOpen()", +- layer->name?layer->name:"(null)", +- CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, ++ "Open failed for OGR connection in layer `%s'. " ++ "Check logs.", ++ "msOGRFileOpen()", ++ layer->name?layer->name:"(null)" ); ++ if( strlen(CPLGetLastErrorMsg()) != 0 ) ++ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n", ++ layer->name?layer->name:"(null)", ++ CPLGetLastErrorMsg() ); + CPLFree( pszDSName ); + CPLFree( pszLayerDef ); + return NULL; +@@ -1194,10 +1191,13 @@ msOGRFileOpen(layerObj *layer, const cha + ACQUIRE_OGR_LOCK; + hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL ); + if( hLayer == NULL ) { +- msSetError(MS_OGRERR, +- "ExecuteSQL(%s) failed.\n%s", +- "msOGRFileOpen()", +- pszLayerDef, CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, ++ "ExecuteSQL(%s) failed. Check logs", ++ "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug( ++ "ExecuteSQL(%s) failed.\n%s", ++ pszLayerDef, CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + msConnPoolRelease( layer, hDS ); + CPLFree( pszLayerDef ); +@@ -1229,9 +1229,11 @@ msOGRFileOpen(layerObj *layer, const cha + } + + if (hLayer == NULL) { +- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.", +- "msOGRFileOpen()", +- pszLayerDef, connection ); ++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.", ++ "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug("GetLayer(%s) failed for OGR connection `%s'.", ++ pszLayerDef, connection ); + CPLFree( pszLayerDef ); + msConnPoolRelease( layer, hDS ); + return NULL; +@@ -1650,7 +1652,14 @@ static int msOGRFileWhichShapes(layerObj + + CPLErrorReset(); + if( OGR_L_SetAttributeFilter( psInfo->hLayer, pszOGRFilter ) != OGRERR_NONE ) { +- msSetError(MS_OGRERR, "SetAttributeFilter(%s) failed on layer %s.\n%s", "msOGRFileWhichShapes()", layer->filter.string+6, layer->name?layer->name:"(null)", CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, ++ "SetAttributeFilter(%s) failed on layer %s.", ++ "msOGRFileWhichShapes()", ++ layer->filter.string+6, ++ layer->filter.string+6, layer->name?layer->name:"(null)"); ++ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s", ++ layer->filter.string+6, layer->name?layer->name:"(null)", ++ CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + msFree(pszOGRFilter); + return MS_FAILURE; +@@ -1855,8 +1864,8 @@ msOGRFileNextShape(layerObj *layer, shap + if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) { + psInfo->last_record_index_read = -1; + if( CPLGetLastErrorType() == CE_Failure ) { +- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()", +- CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, "OGR error. check logs", "msOGRFileNextShape()"); ++ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + return MS_FAILURE; + } else { diff --git a/debian/patches/CVE-2017-5522.patch b/debian/patches/CVE-2017-5522.patch new file mode 100644 index 0000000..435ee17 --- /dev/null +++ b/debian/patches/CVE-2017-5522.patch @@ -0,0 +1,30 @@ +Description: security fix (patch by EvenR) + Fixes CVE-2017-5522 (stack buffer overflow) +Author: Even Rouault <even.roua...@spatialys.com> +Origin: https://github.com/mapserver/mapserver/commit/fb00f8149898fcf9fcb490a179984e481248f066 + https://github.com/mapserver/mapserver/commit/f096b132e58cdfe2714ce372e9f4f7c76d72c5ec + +--- a/mapogcfilter.c ++++ b/mapogcfilter.c +@@ -2922,7 +2922,9 @@ char *FLTGetIsLikeComparisonExpression(F + + pszValue = psFilterNode->psRightNode->pszValue; + nLength = strlen(pszValue); +- ++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) ) ++ return NULL; ++ + iTmp =0; + if (nLength > 0 && pszValue[0] != pszWild[0] && + pszValue[0] != pszSingle[0] && +--- a/mapogcfiltercommon.c ++++ b/mapogcfiltercommon.c +@@ -88,6 +88,8 @@ char *FLTGetIsLikeComparisonCommonExpres + + pszValue = psFilterNode->psRightNode->pszValue; + nLength = strlen(pszValue); ++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) ) ++ return NULL; + + iTmp =0; + if (nLength > 0 && pszValue[0] != pszWild[0] && pszValue[0] != pszSingle[0] && pszValue[0] != pszEscape[0]) { diff --git a/debian/patches/series b/debian/patches/series index 4b660a8..84884dc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -10,3 +10,5 @@ dont-export-mapserver-target-for-static-libmapserver.patch 0001-Fix-java-mapscript-to-be-compatible-with-newer-swig.patch fix-types.patch should-typo.patch +CVE-2016-9839.patch +CVE-2017-5522.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel