Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mapserver for openSUSE:Factory checked in at 2021-06-16 20:34:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mapserver (Old) and /work/SRC/openSUSE:Factory/.mapserver.new.32437 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mapserver" Wed Jun 16 20:34:54 2021 rev:3 rq:900287 version:7.6.3 Changes: -------- --- /work/SRC/openSUSE:Factory/mapserver/mapserver.changes 2021-04-01 14:18:54.092123436 +0200 +++ /work/SRC/openSUSE:Factory/.mapserver.new.32437/mapserver.changes 2021-06-16 20:36:39.983307087 +0200 @@ -1,0 +2,16 @@ +Mon May 31 18:33:59 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to 7.6.3 + * Security: Address flaw in CGI mapfile loading that makes it + possible to bypass security controls ( CVE-2021-32062 ) + * Fix most of remaining Coverity scan warnings with high priority + * Use CPLSetConfigOption/CPLGetConfigOption for some + CGI/FastCGI-related env vars. + * Require url-based symbol values to be pre-defined. + * Improved initial check on generating reference maps, + avoid crash with label styles + * Fix resource leak and pointObj initialization errors. +- Enable python +- Refresh mapserver-7.6.1-fix_python_install_path.patch + +------------------------------------------------------------------- Old: ---- mapserver-7.6.2.tar.gz New: ---- mapserver-7.6.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mapserver.spec ++++++ --- /var/tmp/diff_new_pack.AE5gjq/_old 2021-06-16 20:36:40.407307810 +0200 +++ /var/tmp/diff_new_pack.AE5gjq/_new 2021-06-16 20:36:40.411307817 +0200 @@ -14,15 +14,13 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%bcond_with python %bcond_with ruby # -# define python for future reference -%define _with_python 1 +%bcond_without python %define libname libmapserver2 %define _cgibindir /srv/www/cgi-bin %if 0%{?suse_version} >= 1500 @@ -32,7 +30,7 @@ %endif Name: mapserver -Version: 7.6.2 +Version: 7.6.3 Release: 0 Summary: Environment for building spatially-enabled internet applications License: MIT @@ -201,8 +199,7 @@ %prep %setup -q -n %{name}-%{version} -%global _default_patch_fuzz 5 -%patch0 -p0 +%patch0 -p1 %build mkdir build ++++++ mapserver-7.6.1-fix_python_install_path.patch ++++++ --- /var/tmp/diff_new_pack.AE5gjq/_old 2021-06-16 20:36:40.431307852 +0200 +++ /var/tmp/diff_new_pack.AE5gjq/_new 2021-06-16 20:36:40.431307852 +0200 @@ -1,8 +1,7 @@ -Index: mapscript/python/CMakeLists.txt -=================================================================== ---- mapscript/python/CMakeLists.txt.orig 2020-07-31 19:11:56.000000000 +0200 -+++ mapscript/python/CMakeLists.txt 2020-09-05 14:44:10.142799065 +0200 -@@ -146,7 +146,7 @@ install( +diff -Nur mapserver-7.6.3/mapscript/python/CMakeLists.txt new/mapscript/python/CMakeLists.txt +--- mapserver-7.6.3/mapscript/python/CMakeLists.txt 2021-04-30 23:26:25.000000000 +0200 ++++ new/mapscript/python/CMakeLists.txt 2021-05-31 20:53:16.269084059 +0200 +@@ -146,7 +146,7 @@ endif() execute_process( ++++++ mapserver-7.6.2.tar.gz -> mapserver-7.6.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/CMakeLists.txt new/mapserver-7.6.3/CMakeLists.txt --- old/mapserver-7.6.2/CMakeLists.txt 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/CMakeLists.txt 2021-04-30 23:26:25.000000000 +0200 @@ -17,7 +17,7 @@ set (MapServer_VERSION_MAJOR 7) set (MapServer_VERSION_MINOR 6) -set (MapServer_VERSION_REVISION 2) +set (MapServer_VERSION_REVISION 3) set (MapServer_VERSION_SUFFIX "") # Set C++ version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/HISTORY.TXT new/mapserver-7.6.3/HISTORY.TXT --- old/mapserver-7.6.2/HISTORY.TXT 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/HISTORY.TXT 2021-04-30 23:26:25.000000000 +0200 @@ -12,6 +12,17 @@ details about recent point releases, please see the online changelog at: http://mapserver.org/development/changelog/ +7.6.3 release (2021-04-30) +------------------------- + +- fix security flaw for processing the MAP parameter (#6313) + +- fix code defects through Coverity Scan warnings (#6307) + +- add support for PROJ 8 (#6249) + +see detailed changelog for other fixes + 7.6.2 release (2020-12-07) ------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/MIGRATION_GUIDE.txt new/mapserver-7.6.3/MIGRATION_GUIDE.txt --- old/mapserver-7.6.2/MIGRATION_GUIDE.txt 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/MIGRATION_GUIDE.txt 2021-04-30 23:26:25.000000000 +0200 @@ -8,7 +8,7 @@ For developers: -The master copy of the MIGRATION_GUIDE is now located in the root of the +The main copy of the MIGRATION_GUIDE is now located in the root of the /MapServer/MapServer-documentation source tree ( https://github.com/MapServer/MapServer-documentation ). Developers are welcome and encouraged to edit/update the guide in the documentation tree directly. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/README.rst new/mapserver-7.6.3/README.rst --- old/mapserver-7.6.2/README.rst 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/README.rst 2021-04-30 23:26:25.000000000 +0200 @@ -69,7 +69,7 @@ :: - Copyright (c) 2008-2020 Open Source Geospatial Foundation. + Copyright (c) 2008-2021 Open Source Geospatial Foundation. Copyright (c) 1996-2008 Regents of the University of Minnesota. Permission is hereby granted, free of charge, to any person obtaining a copy @@ -91,7 +91,7 @@ SOFTWARE. -.. |Build Status| image:: https://travis-ci.com/MapServer/MapServer.svg?branch=master +.. |Build Status| image:: https://travis-ci.com/MapServer/MapServer.svg?branch=main :target: https://travis-ci.com/MapServer/MapServer .. |Appveyor Build Status| image:: https://ci.appveyor.com/api/projects/status/vw1n07095a8bg23u?svg=true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/cmake/FindProj.cmake new/mapserver-7.6.3/cmake/FindProj.cmake --- old/mapserver-7.6.2/cmake/FindProj.cmake 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/cmake/FindProj.cmake 2021-04-30 23:26:25.000000000 +0200 @@ -6,7 +6,7 @@ # PROJ_LIBRARY -FIND_PATH(PROJ_INCLUDE_DIR proj_api.h) +FIND_PATH(PROJ_INCLUDE_DIR NAMES proj.h proj_api.h) FIND_LIBRARY(PROJ_LIBRARY NAMES proj proj_i) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapcontext.c new/mapserver-7.6.3/mapcontext.c --- old/mapserver-7.6.2/mapcontext.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapcontext.c 2021-04-30 23:26:25.000000000 +0200 @@ -811,7 +811,6 @@ int msLoadMapContextLayer(mapObj *map, CPLXMLNode *psLayer, int nVersion, char *filename, int unique_layer_names) { - char *pszProj=NULL; char *pszValue; const char *pszHash; char *pszName=NULL; @@ -970,7 +969,7 @@ pszHash = msLookupHashTable(&(layer->metadata), "wms_srs"); if(((pszHash == NULL) || (strcasecmp(pszHash, "") == 0)) && map->projection.numargs != 0) { - pszProj = map->projection.args[map->projection.numargs-1]; + char* pszProj = map->projection.args[map->projection.numargs-1]; if(pszProj != NULL) { if(strncasecmp(pszProj, "AUTO:", 5) == 0) { @@ -987,6 +986,7 @@ pszProj); } } + msFree(pszProj); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapcpl.c new/mapserver-7.6.3/mapcpl.c --- old/mapserver-7.6.2/mapcpl.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapcpl.c 2021-04-30 23:26:25.000000000 +0200 @@ -195,6 +195,8 @@ return NULL; } + /* We accept leakage of pLibrary */ + /* coverity[leaked_storage] */ return( pSymbol ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapdraw.c new/mapserver-7.6.3/mapdraw.c --- old/mapserver-7.6.2/mapdraw.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapdraw.c 2021-04-30 23:26:25.000000000 +0200 @@ -542,6 +542,13 @@ if(map->legend.status == MS_EMBED && map->legend.postlabelcache) if(UNLIKELY(MS_FAILURE == msEmbedLegend(map, image))) { msFreeImage( image ); +#if defined(USE_WMS_LYR) || defined(USE_WFS_LYR) + /* Cleanup WMS/WFS Request stuff */ + if (pasOWSReqInfo) { + msHTTPFreeRequestObj(pasOWSReqInfo, numOWSRequests); + msFree(pasOWSReqInfo); + } +#endif return NULL; } @@ -552,7 +559,6 @@ if(map->gt.need_geotransform) msMapRestoreRealExtent(map); - if(MS_SUCCESS != msEmbedScalebar(map, image)) { msFreeImage( image ); #if defined(USE_WMS_LYR) || defined(USE_WFS_LYR) @@ -1947,7 +1953,7 @@ { int c = shape->classindex; - pointObj annopnt; + pointObj annopnt = {0,0,0,0}; // initialize int i; if(MS_DRAW_FEATURES(drawmode)) { @@ -2831,7 +2837,7 @@ double aox,aoy; symbolObj *symbol = map->symbolset.symbol[style->symbol]; if(msGetMarkerSize(map, style, &sx, &sy, ts->scalefactor) != MS_SUCCESS) - return MS_FALSE; + return -1; /* real error, different from MS_FALSE, return -1 so we can trap it */ if(style->angle) { pointObj *point = poly->poly->point; point[0].x = sx / 2.0; @@ -3119,6 +3125,7 @@ break; /* the marker collided, break from multi-label loop */ } } + if(have_label_marker == -1) return MS_FAILURE; /* error occured (symbol not found, etc...) */ if(textSymbolPtr->annotext) { /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapfile.c new/mapserver-7.6.3/mapfile.c --- old/mapserver-7.6.2/mapfile.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapfile.c 2021-04-30 23:26:25.000000000 +0200 @@ -97,6 +97,16 @@ return(MS_FAILURE); } +int msIsValidRegex(const char* e) { + ms_regex_t re; + if(ms_regcomp(&re, e, MS_REG_EXTENDED|MS_REG_NOSUB) != 0) { + msSetError(MS_REGEXERR, "Failed to compile expression (%s).", "msEvalRegex()", e); + return(MS_FALSE); + } + ms_regfree(&re); + return MS_TRUE; +} + int msEvalRegex(const char *e, const char *s) { ms_regex_t re; @@ -117,6 +127,26 @@ return(MS_TRUE); } +int msCaseEvalRegex(const char *e, const char *s) +{ + ms_regex_t re; + + if(!e || !s) return(MS_FALSE); + + if(ms_regcomp(&re, e, MS_REG_EXTENDED|MS_REG_ICASE|MS_REG_NOSUB) != 0) { + msSetError(MS_REGEXERR, "Failed to compile expression (%s).", "msEvalRegex()", e); + return(MS_FALSE); + } + + if(ms_regexec(&re, s, 0, NULL, 0) != 0) { /* no match */ + ms_regfree(&re); + return(MS_FALSE); + } + ms_regfree(&re); + + return(MS_TRUE); +} + #ifdef USE_MSFREE void msFree(void *p) { @@ -1933,12 +1963,8 @@ void msInitExpression(expressionObj *exp) { + memset(exp, 0, sizeof(*exp)); exp->type = MS_STRING; - exp->string = NULL; - exp->native_string = NULL; - exp->compiled = MS_FALSE; - exp->flags = 0; - exp->tokens = exp->curtoken = NULL; } void msFreeExpressionTokens(expressionObj *exp) @@ -1993,7 +2019,7 @@ int loadExpression(expressionObj *exp) { - /* TODO: should we fall msFreeExpression if exp->string != NULL? We do some checking to avoid a leak but is it enough... */ + /* TODO: should we call msFreeExpression if exp->string != NULL? We do some checking to avoid a leak but is it enough... */ msyystring_icase = MS_TRUE; if((exp->type = getSymbol(6, MS_STRING,MS_EXPRESSION,MS_REGEX,MS_ISTRING,MS_IREGEX,MS_LIST)) == -1) return(-1); @@ -2002,6 +2028,7 @@ msFree(exp->native_string); } exp->string = msStrdup(msyystring_buffer); + exp->native_string = NULL; if(exp->type == MS_ISTRING) { exp->flags = exp->flags | MS_EXP_INSENSITIVE; @@ -2729,7 +2756,7 @@ msIO_fprintf(stream, "GEOMTRANSFORM (%s)\n", style->_geomtransform.string); } else if(style->_geomtransform.type != MS_GEOMTRANSFORM_NONE) { - writeKeyword(stream, indent, "GEOMTRANSFORM", style->_geomtransform.type, 7, + writeKeyword(stream, indent, "GEOMTRANSFORM", style->_geomtransform.type, 8, MS_GEOMTRANSFORM_BBOX, "\"bbox\"", MS_GEOMTRANSFORM_END, "\"end\"", MS_GEOMTRANSFORM_LABELPOINT, "\"labelpnt\"", @@ -3374,12 +3401,15 @@ static int classResolveSymbolNames(classObj *class) { int i,j; + int try_addimage_if_notfound = MS_TRUE; + + if(msyysource == MS_URL_TOKENS) try_addimage_if_notfound = MS_FALSE; /* step through styles and labels to resolve symbol names */ /* class styles */ for(i=0; i<class->numstyles; i++) { if(class->styles[i]->symbolname) { - if((class->styles[i]->symbol = msGetSymbolIndex(&(class->layer->map->symbolset), class->styles[i]->symbolname, MS_TRUE)) == -1) { + if((class->styles[i]->symbol = msGetSymbolIndex(&(class->layer->map->symbolset), class->styles[i]->symbolname, try_addimage_if_notfound)) == -1) { msSetError(MS_MISCERR, "Undefined symbol \"%s\" in class, style %d of layer %s.", "classResolveSymbolNames()", class->styles[i]->symbolname, i, class->layer->name); return MS_FAILURE; } @@ -3390,7 +3420,7 @@ for(i=0; i<class->numlabels; i++) { for(j=0; j<class->labels[i]->numstyles; j++) { if(class->labels[i]->styles[j]->symbolname) { - if((class->labels[i]->styles[j]->symbol = msGetSymbolIndex(&(class->layer->map->symbolset), class->labels[i]->styles[j]->symbolname, MS_TRUE)) == -1) { + if((class->labels[i]->styles[j]->symbol = msGetSymbolIndex(&(class->layer->map->symbolset), class->labels[i]->styles[j]->symbolname, try_addimage_if_notfound)) == -1) { msSetError(MS_MISCERR, "Undefined symbol \"%s\" in class, label style %d of layer %s.", "classResolveSymbolNames()", class->labels[i]->styles[j]->symbolname, j, class->layer->name); return MS_FAILURE; } @@ -6443,7 +6473,7 @@ MS_CHECK_ALLOC(map, sizeof(mapObj), NULL); if(initMap(map) == -1) { /* initialize this map */ - msFree(map); + msFreeMap(map); return(NULL); } @@ -6535,7 +6565,7 @@ MS_CHECK_ALLOC(map, sizeof(mapObj), NULL); if(initMap(map) == -1) { /* initialize this map */ - msFree(map); + msFreeMap(map); return(NULL); } @@ -6636,17 +6666,6 @@ switch(msyylex()) { case(MAP): switch(msyylex()) { - case(CONFIG): { - char *key=NULL, *value=NULL; - if((getString(&key) != MS_FAILURE) && (getString(&value) != MS_FAILURE)) { - msSetConfigOption( map, key, value ); - free( key ); - key=NULL; - free( value ); - value=NULL; - } - } - break; case(EXTENT): msyystate = MS_TOKENIZE_URL_STRING; msyystring = string; @@ -6748,22 +6767,9 @@ if(msUpdateLayerFromString((GET_LAYER(map, i)), string, MS_TRUE) != MS_SUCCESS) return MS_FAILURE; } - /* make sure any symbol names for this layer have been resolved (bug #2700) */ - for(j=0; j<GET_LAYER(map, i)->numclasses; j++) { - for(k=0; k<GET_LAYER(map, i)->class[j]->numstyles; k++) { - if(GET_LAYER(map, i)->class[j]->styles[k]->symbolname && GET_LAYER(map, i)->class[j]->styles[k]->symbol == 0) { - if((GET_LAYER(map, i)->class[j]->styles[k]->symbol = msGetSymbolIndex(&(map->symbolset), GET_LAYER(map, i)->class[j]->styles[k]->symbolname, MS_TRUE)) == -1) { - msSetError(MS_MISCERR, "Undefined symbol \"%s\" in class %d, style %d of layer %s.", "msUpdateMapFromURL()", GET_LAYER(map, i)->class[j]->styles[k]->symbolname, j, k, GET_LAYER(map, i)->name); - return MS_FAILURE; - } - } - if(!MS_IS_VALID_ARRAY_INDEX(GET_LAYER(map, i)->class[j]->styles[k]->symbol, map->symbolset.numsymbols)) { - msSetError(MS_MISCERR, "Invalid symbol index in class %d, style %d of layer %s.", "msUpdateMapFromURL()", j, k, GET_LAYER(map, i)->name); - return MS_FAILURE; - } - } - } - + // make sure symbols are resolved + if (resolveSymbolNames(map) == MS_FAILURE) return MS_FAILURE; + break; case(LEGEND): if(msyylex() == LABEL) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapgml.c new/mapserver-7.6.3/mapgml.c --- old/mapserver-7.6.2/mapgml.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapgml.c 2021-04-30 23:26:25.000000000 +0200 @@ -34,7 +34,7 @@ #include "maptime.h" -/* Use only mapgml.c if WMS or WFS is available (with minor exceptions at end)*/ +/* Use only mapgml.c if WMS or WFS is available (with minor exceptions at end) */ #if defined(USE_WMS_SVR) || defined (USE_WFS_SVR) @@ -1485,23 +1485,25 @@ if(pszOutputSRS == pszMapSRS && msProjectionsDiffer(&(lp->projection), &(map->projection))) { reprojector = msProjectCreateReprojector(&(lp->projection), &(map->projection)); if( reprojector == NULL ) { - msGMLFreeGroups(groupList); - msGMLFreeConstants(constantList); - msGMLFreeItems(itemList); - msGMLFreeGeometries(geometryList); - return MS_FAILURE; + msGMLFreeGroups(groupList); + msGMLFreeConstants(constantList); + msGMLFreeItems(itemList); + msGMLFreeGeometries(geometryList); + msFree(pszOutputSRS); + return MS_FAILURE; } } for(j=0; j<lp->resultcache->numresults; j++) { status = msLayerGetShape(lp, &shape, &(lp->resultcache->results[j])); if(status != MS_SUCCESS) { - msGMLFreeGroups(groupList); - msGMLFreeConstants(constantList); - msGMLFreeItems(itemList); - msGMLFreeGeometries(geometryList); - msProjectDestroyReprojector(reprojector); - return(status); + msGMLFreeGroups(groupList); + msGMLFreeConstants(constantList); + msGMLFreeItems(itemList); + msGMLFreeGeometries(geometryList); + msProjectDestroyReprojector(reprojector); + msFree(pszOutputSRS); + return MS_FAILURE; } /* project the shape into the map projection (if necessary), note that this projects the bounds as well */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/maphttp.c new/mapserver-7.6.3/maphttp.c --- old/mapserver-7.6.2/maphttp.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/maphttp.c 2021-04-30 23:26:25.000000000 +0200 @@ -39,7 +39,7 @@ #include "mapthread.h" #include "mapows.h" - +#include "cpl_conv.h" #include <time.h> #ifndef _WIN32 @@ -471,7 +471,7 @@ * If set then the value is the full path to the ca-bundle.crt file * e.g. CURL_CA_BUNDLE=/usr/local/share/curl/curl-ca-bundle.crt */ - pszCurlCABundle = getenv("CURL_CA_BUNDLE"); + pszCurlCABundle = CPLGetConfigOption("CURL_CA_BUNDLE", NULL); if (debug) { msDebug("HTTP: Starting to prepare HTTP requests.\n"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/maplabel.c new/mapserver-7.6.3/maplabel.c --- old/mapserver-7.6.2/maplabel.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/maplabel.c 2021-04-30 23:26:25.000000000 +0200 @@ -881,7 +881,7 @@ pointObj get_metrics(pointObj *p, int position, textPathObj *tp, int ox, int oy, double rotation, int buffer, label_bounds *bounds) { - pointObj q; + pointObj q = {0,0,0,0}; // initialize double x1=0, y1=0, x2=0, y2=0; double sin_a,cos_a; double w, h, x, y; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapobject.c new/mapserver-7.6.3/mapobject.c --- old/mapserver-7.6.2/mapobject.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapobject.c 2021-04-30 23:26:25.000000000 +0200 @@ -47,7 +47,7 @@ mapObj *msNewMapObj() { - mapObj *map; + mapObj *map = NULL; /* create an empty map, no layers etc... */ map = (mapObj *)calloc(sizeof(mapObj),1); @@ -57,11 +57,15 @@ return NULL; } - if( initMap( map ) == -1 ) + if( initMap( map ) == -1 ) { + msFreeMap(map); return NULL; + } - if( msPostMapParseOutputFormatSetup( map ) == MS_FAILURE ) + if( msPostMapParseOutputFormatSetup( map ) == MS_FAILURE ) { + msFreeMap(map); return NULL; + } return map; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapogcsld.c new/mapserver-7.6.3/mapogcsld.c --- old/mapserver-7.6.2/mapogcsld.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapogcsld.c 2021-04-30 23:26:25.000000000 +0200 @@ -4716,8 +4716,8 @@ } else pszAttributeName[iValue++] = pszExpression[i]; } - pszAttributeName[iValue] = '\0'; } + pszAttributeName[iValue] = '\0'; } msFreeCharArray(aszValues, nTokens); } else if (bOneCharCompare == 0) { @@ -4744,8 +4744,8 @@ } else pszAttributeName[iValue++] = pszExpression[i]; } - pszAttributeName[iValue] = '\0'; } + pszAttributeName[iValue] = '\0'; } /* -------------------------------------------------------------------- */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapogcsos.c new/mapserver-7.6.3/mapogcsos.c --- old/mapserver-7.6.2/mapogcsos.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapogcsos.c 2021-04-30 23:26:25.000000000 +0200 @@ -2931,16 +2931,22 @@ if (psXPathTmp) sosparams->pszRequest = msStrdup("GetCapabilities"); + xmlXPathFreeObject(psXPathTmp); + psXPathTmp = msLibXml2GetXPath(doc, context, (xmlChar *)"/sos:DescribeSensor"); if (psXPathTmp) sosparams->pszRequest = msStrdup("DescribeSensor"); + xmlXPathFreeObject(psXPathTmp); + psXPathTmp = msLibXml2GetXPath(doc, context, (xmlChar *)"/sos:GetObservation"); if (psXPathTmp) sosparams->pszRequest = msStrdup("GetObservation"); + xmlXPathFreeObject(psXPathTmp); + psXPathTmp = msLibXml2GetXPath(doc, context, (xmlChar *)"/sos:DescribeObservationType"); if (psXPathTmp) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapogr.cpp new/mapserver-7.6.3/mapogr.cpp --- old/mapserver-7.6.2/mapogr.cpp 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapogr.cpp 2021-04-30 23:26:25.000000000 +0200 @@ -3080,7 +3080,10 @@ #ifndef IGNORE_MISSING_DATA if( psTileInfo == NULL && targetTile == -1 ) + { + msFree(pszSRS); goto NextFile; + } #endif if( psTileInfo == NULL ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapows.c new/mapserver-7.6.3/mapows.c --- old/mapserver-7.6.2/mapows.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapows.c 2021-04-30 23:26:25.000000000 +0200 @@ -2587,13 +2587,14 @@ char **tokens; int numtokens, i; size_t bufferSize = 0; - char *oldStyle; + char *oldStyle = NULL; - msOWSGetEPSGProj( proj, metadata, namespaces, - bReturnOnlyFirstOne, &oldStyle ); + msOWSGetEPSGProj( proj, metadata, namespaces, bReturnOnlyFirstOne, &oldStyle ); - if( oldStyle == NULL || strncmp(oldStyle,"EPSG:",5) != 0 ) + if( oldStyle == NULL || strncmp(oldStyle,"EPSG:",5) != 0 ) { + msFree(oldStyle); return NULL; + } result = msStrdup(""); @@ -2647,13 +2648,14 @@ char *result; char **tokens; int numtokens, i; - char *oldStyle; + char *oldStyle = NULL; - msOWSGetEPSGProj( proj, metadata, namespaces, - bReturnOnlyFirstOne, &oldStyle); + msOWSGetEPSGProj( proj, metadata, namespaces, bReturnOnlyFirstOne, &oldStyle); - if( oldStyle == NULL || !EQUALN(oldStyle,"EPSG:",5) ) + if( oldStyle == NULL || !EQUALN(oldStyle,"EPSG:",5) ) { + msFree(oldStyle); // avoid leak return NULL; + } result = msStrdup(""); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mappostgis.c new/mapserver-7.6.3/mappostgis.c --- old/mapserver-7.6.2/mappostgis.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mappostgis.c 2021-04-30 23:26:25.000000000 +0200 @@ -752,7 +752,7 @@ int arcCircleCenter(const pointObj *p1, const pointObj *p2, const pointObj *p3, pointObj *center, double *radius) { - pointObj c; + pointObj c = {0,0,0,0}; // initialize double dx21, dy21, dx31, dy31, h21, h31, d, r; /* Circle is closed, so p2 must be opposite p1 & p3. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapprimitive.c new/mapserver-7.6.3/mapprimitive.c --- old/mapserver-7.6.2/mapprimitive.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapprimitive.c 2021-04-30 23:26:25.000000000 +0200 @@ -1133,7 +1133,7 @@ */ static pointObj generateLineIntersection(pointObj a, pointObj b, pointObj c, pointObj d) { - pointObj p; + pointObj p = {0,0,0,0}; // initialize double r; double denominator, numerator; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapproject.c new/mapserver-7.6.3/mapproject.c --- old/mapserver-7.6.2/mapproject.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapproject.c 2021-04-30 23:26:25.000000000 +0200 @@ -119,11 +119,23 @@ /* Return to be freed with proj_destroy() if *pbFreePJ = TRUE */ static PJ* createNormalizedPJ(projectionObj *in, projectionObj *out, int* pbFreePJ) { + if( in->proj == out->proj ) + { + /* Special case to avoid out_str below to cause in_str to become invalid */ + *pbFreePJ = TRUE; +#if PROJ_VERSION_MAJOR == 6 && PROJ_VERSION_MINOR == 0 + /* 6.0 didn't support proj=noop */ + return proj_create(in->proj_ctx->proj_ctx, "+proj=affine"); +#else + return proj_create(in->proj_ctx->proj_ctx, "+proj=noop"); +#endif + } + const char* const wkt_options[] = { "MULTILINE=NO", NULL }; - const char* in_str = (in && msProjectHasLonWrapOrOver(in)) ? + const char* in_str = msProjectHasLonWrapOrOver(in) ? proj_as_proj_string(in->proj_ctx->proj_ctx, in->proj, PJ_PROJ_4, NULL) : proj_as_wkt(in->proj_ctx->proj_ctx, in->proj, PJ_WKT2_2018, wkt_options); - const char* out_str = (out && msProjectHasLonWrapOrOver(out)) ? + const char* out_str = msProjectHasLonWrapOrOver(out) ? proj_as_proj_string(out->proj_ctx->proj_ctx, out->proj, PJ_PROJ_4, NULL) : proj_as_wkt(out->proj_ctx->proj_ctx, out->proj, PJ_WKT2_2018, wkt_options); PJ* pj_raw; @@ -1199,7 +1211,7 @@ return MS_FALSE; } - pointObj p; + pointObj p = {0,0,0,0}; // initialize double invgt0 = out->gt.need_geotransform ? out->gt.invgeotransform[0] : 0.0; double invgt1 = out->gt.need_geotransform ? out->gt.invgeotransform[1] : 1.0; double invgt3 = out->gt.need_geotransform ? out->gt.invgeotransform[3] : 0.0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapraster.c new/mapserver-7.6.3/mapraster.c --- old/mapserver-7.6.2/mapraster.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapraster.c 2021-04-30 23:26:25.000000000 +0200 @@ -984,16 +984,22 @@ char szPath[MS_MAXPATHLEN]; int status = MS_SUCCESS; - imageObj *image = NULL; + imageObj *image = NULL; styleObj style; + /* check to see if we have enough information to actually proceed */ + if(!map->reference.image || map->reference.height == 0 || map->reference.width == 0) { + msSetError(MS_MISCERR, "Reference map configuration error.", "msDrawReferenceMap()"); + return NULL; + } rendererVTableObj *renderer = MS_MAP_RENDERER(map); rasterBufferObj *refImage = (rasterBufferObj*)calloc(1,sizeof(rasterBufferObj)); MS_CHECK_ALLOC(refImage, sizeof(rasterBufferObj), NULL); if(MS_SUCCESS != renderer->loadImageFromFile(msBuildPath(szPath, map->mappath, map->reference.image),refImage)) { - msSetError(MS_MISCERR,"error loading reference image %s","msDrawREferenceMap()",szPath); + msSetError(MS_MISCERR,"Error loading reference image %s.","msDrawReferenceMap()",szPath); + free(refImage); return NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapscript/python/README.rst new/mapserver-7.6.3/mapscript/python/README.rst --- old/mapserver-7.6.2/mapscript/python/README.rst 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapscript/python/README.rst 2021-04-30 23:26:25.000000000 +0200 @@ -2,7 +2,7 @@ ===================================== :Author: MapServer Team -:Last Updated: 2020-03-02 +:Last Updated: 2021-01-16 Introduction ------------ @@ -35,7 +35,7 @@ + mapscript can be easily added to a Python `Virtual Environment <https://docs.python-guide.org/dev/virtualenvs/>`_ + Python2 or Python3 versions of mapscript can be installed and work with a single installation of MapServer -Wheels are built based on the `Appveyor build environments <https://github.com/mapserver/mapserver/blob/master/appveyor.yml>`_. +Wheels are built based on the `Appveyor build environments <https://github.com/MapServer/MapServer/blob/main/appveyor.yml>`_. These are as follows at the time of writing: + Python 2.7 x32 @@ -68,6 +68,10 @@ To ensure compatibility with the wheels, please use identical release packages, e.g. ``release-1911-x64-gdal-2-3-mapserver-7-4`` for mapscript 7.4. +.. NOTE:: + `MS4W <https://www.ms4w.com>`_ (MapServer for Windows) is a full installer that contains Python & Python + MapScript already configured out-of-the-box, as well as default OGC web services and over 60 working mapfiles. + When using these packages the MapServer path will be similar to ``C:\release-1911-x64-gdal-2-3-mapserver-7-2\bin``. Prior to installing mapscript it is recommended to update pip to the latest version with the following command: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapserv.c new/mapserver-7.6.3/mapserv.c --- old/mapserver-7.6.2/mapserv.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapserv.c 2021-04-30 23:26:25.000000000 +0200 @@ -43,6 +43,8 @@ #include "mapio.h" #include "maptime.h" +#include "cpl_conv.h" + #ifndef WIN32 #include <signal.h> #endif @@ -162,6 +164,16 @@ if(msGetGlobalDebugLevel() >= MS_DEBUGLEVEL_TUNING) msGettimeofday(&execstarttime, NULL); + /* push high-value ENV vars into the CPL global config - primarily for IIS/FastCGI */ + const char* const apszEnvVars[] = { + "CURL_CA_BUNDLE", "MS_MAPFILE", "MS_MAP_NO_PATH", "MS_MAP_PATTERN", "MS_MAP_ENV_PATTERN", + "MS_MAP_BAD_PATTERN", "MS_MAP_ENV_BAD_PATTERN", + NULL /* guard */ }; + for( int i = 0; apszEnvVars[i] != NULL; ++i ) { + const char* value = getenv(apszEnvVars[i]); + if(value) CPLSetConfigOption(apszEnvVars[i], value); + } + /* -------------------------------------------------------------------- */ /* Process arguments. In normal use as a cgi-bin there are no */ /* commandline switches, but we provide a few for test/debug */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapserv.h new/mapserver-7.6.3/mapserv.h --- old/mapserver-7.6.2/mapserv.h 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapserv.h 2021-04-30 23:26:25.000000000 +0200 @@ -41,6 +41,7 @@ #include "maptile.h" #include "cgiutil.h" + /* ** Defines */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapserver.h new/mapserver-7.6.3/mapserver.h --- old/mapserver-7.6.2/mapserver.h 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapserver.h 2021-04-30 23:26:25.000000000 +0200 @@ -2159,7 +2159,9 @@ MS_DLL_EXPORT char *msWriteReferenceMapToString(referenceMapObj *ref); MS_DLL_EXPORT char *msWriteLegendToString(legendObj *legend); MS_DLL_EXPORT char *msWriteClusterToString(clusterObj *cluster); + MS_DLL_EXPORT int msIsValidRegex(const char* e); MS_DLL_EXPORT int msEvalRegex(const char *e, const char *s); + MS_DLL_EXPORT int msCaseEvalRegex(const char *e, const char *s); #ifdef USE_MSFREE MS_DLL_EXPORT void msFree(void *p); #else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapservutil.c new/mapserver-7.6.3/mapservutil.c --- old/mapserver-7.6.2/mapservutil.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapservutil.c 2021-04-30 23:26:25.000000000 +0200 @@ -33,6 +33,8 @@ #include "maptime.h" #include "mapows.h" +#include "cpl_conv.h" + /* ** Enumerated types, keep the query modes in sequence and at the end of the enumeration (mode enumeration is in maptemplate.h). */ @@ -197,38 +199,67 @@ int i, j; mapObj *map = NULL; + const char *ms_map_bad_pattern_default = "[/\\]{2}|[/\\]?\\.+[/\\]|,"; + const char *ms_map_env_bad_pattern_default = "^(AUTH_.*|CERT_.*|CONTENT_(LENGTH|TYPE)|DOCUMENT_(ROOT|URI)|GATEWAY_INTERFACE|HTTP.*|QUERY_STRING|PATH_(INFO|TRANSLATED)|REMOTE_.*|REQUEST_(METHOD|URI)|SCRIPT_(FILENAME|NAME)|SERVER_.*)"; + + int ms_mapfile_tainted = MS_TRUE; + const char *ms_mapfile = CPLGetConfigOption("MS_MAPFILE", NULL); + + const char *ms_map_no_path = CPLGetConfigOption("MS_MAP_NO_PATH", NULL); + const char *ms_map_pattern = CPLGetConfigOption("MS_MAP_PATTERN", NULL); + const char *ms_map_env_pattern = CPLGetConfigOption("MS_MAP_ENV_PATTERN", NULL); + + const char *ms_map_bad_pattern = CPLGetConfigOption("MS_MAP_BAD_PATTERN", NULL); + if(ms_map_bad_pattern == NULL) ms_map_bad_pattern = ms_map_bad_pattern_default; + + const char *ms_map_env_bad_pattern = CPLGetConfigOption("MS_MAP_ENV_BAD_PATTERN", NULL); + if(ms_map_env_bad_pattern == NULL) ms_map_env_bad_pattern = ms_map_env_bad_pattern_default; + for(i=0; i<mapserv->request->NumParams; i++) /* find the mapfile parameter first */ if(strcasecmp(mapserv->request->ParamNames[i], "map") == 0) break; if(i == mapserv->request->NumParams) { - char *ms_mapfile = getenv("MS_MAPFILE"); - if(ms_mapfile) { - map = msLoadMap(ms_mapfile,NULL); - } else { + if(ms_mapfile == NULL) { msSetError(MS_WEBERR, "CGI variable \"map\" is not set.", "msCGILoadMap()"); /* no default, outta here */ return NULL; } + ms_mapfile_tainted = MS_FALSE; } else { - if(getenv(mapserv->request->ParamValues[i])) /* an environment variable references the actual file to use */ - map = msLoadMap(getenv(mapserv->request->ParamValues[i]), NULL); - else { - /* by here we know the request isn't for something in an environment variable */ - if(getenv("MS_MAP_NO_PATH")) { - msSetError(MS_WEBERR, "Mapfile not found in environment variables and this server is not configured for full paths.", "msCGILoadMap()"); + if(getenv(mapserv->request->ParamValues[i])) { /* an environment variable references the actual file to use */ + /* validate env variable name */ + if(msIsValidRegex(ms_map_env_bad_pattern) == MS_FALSE || msCaseEvalRegex(ms_map_env_bad_pattern, mapserv->request->ParamValues[i]) == MS_TRUE) { + msSetError(MS_WEBERR, "CGI variable \"map\" fails to validate.", "msCGILoadMap()"); return NULL; } - - if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), mapserv->request->ParamValues[i]) != MS_TRUE) { - msSetError(MS_WEBERR, "Parameter 'map' value fails to validate.", "msCGILoadMap()"); + if(ms_map_env_pattern != NULL && msEvalRegex(ms_map_env_pattern, mapserv->request->ParamValues[i]) != MS_TRUE) { + msSetError(MS_WEBERR, "CGI variable \"map\" fails to validate.", "msCGILoadMap()"); return NULL; } + ms_mapfile = getenv(mapserv->request->ParamValues[i]); + } else { + /* by now we know the request isn't for something in an environment variable */ + if(ms_map_no_path != NULL) { + msSetError(MS_WEBERR, "CGI variable \"map\" not found in environment and this server is not configured for full paths.", "msCGILoadMap()"); + return NULL; + } + ms_mapfile = mapserv->request->ParamValues[i]; + } + } - /* ok to try to load now */ - map = msLoadMap(mapserv->request->ParamValues[i], NULL); + /* validate ms_mapfile if tainted */ + if(ms_mapfile_tainted == MS_TRUE) { + if(msIsValidRegex(ms_map_bad_pattern) == MS_FALSE || msEvalRegex(ms_map_bad_pattern, ms_mapfile) == MS_TRUE) { + msSetError(MS_WEBERR, "CGI variable \"map\" fails to validate.", "msCGILoadMap()"); + return NULL; + } + if(ms_map_pattern != NULL && msEvalRegex(ms_map_pattern, ms_mapfile) != MS_TRUE) { + msSetError(MS_WEBERR, "CGI variable \"map\" fails to validate.", "msCGILoadMap()"); + return NULL; } } - + /* ok to try to load now */ + map = msLoadMap(ms_mapfile, NULL); if(!map) return NULL; if(!msLookupHashTable(&(map->web.validation), "immutable")) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapsmoothing.c new/mapserver-7.6.3/mapsmoothing.c --- old/mapserver-7.6.2/mapsmoothing.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapsmoothing.c 2021-04-30 23:26:25.000000000 +0200 @@ -142,7 +142,7 @@ while ((res = nextLineWindow(&lw)) != MS_DONE) { double ratio = 0; - pointObj point; + pointObj point = {0,0,0,0}; // initialize if (lw.lineIsRing && lw.pos==lw.line->numpoints-1) { point = newShape->line[i].point[0]; @@ -261,8 +261,8 @@ while ((res = nextLineWindow(&lw)) != MS_DONE) { double sum_x=0, sum_y=0, sum = 0; - pointObj point; - int k = 0; + pointObj point = {0,0,0,0}; // initialize + int k = 0; if (res == MS_FALSE) { /* invalid window */ msAddPointToLine(&newShape->line[j], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapstring.c new/mapserver-7.6.3/mapstring.c --- old/mapserver-7.6.2/mapstring.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapstring.c 2021-04-30 23:26:25.000000000 +0200 @@ -2184,7 +2184,7 @@ iconv_t cd = NULL; const char *inp; char *outp, *out = NULL; - size_t len, bufsize, bufleft, iconv_status; + size_t len, bufsize, bufleft; int i; if( !layer->encoding || !*layer->encoding || !strcasecmp(layer->encoding, "UTF-8")) @@ -2198,6 +2198,7 @@ } for(i=0;i <shape->numvalues; i++) { + int failedIconv = FALSE; if(!shape->values[i] || (len = strlen(shape->values[i]))==0) { continue; /* Nothing to do */ } @@ -2210,15 +2211,18 @@ outp = out; bufleft = bufsize; - iconv_status = -1; while (len > 0) { - iconv_status = iconv(cd, (char**)&inp, &len, &outp, &bufleft); - if(iconv_status == -1) { - msFree(out); - continue; /* silently ignore failed conversions */ + const size_t iconv_status = iconv(cd, (char**)&inp, &len, &outp, &bufleft); + if(iconv_status == (size_t)(-1)) { + failedIconv = TRUE; + break; } } + if( failedIconv ) { + msFree(out); + continue; /* silently ignore failed conversions */ + } out[bufsize - bufleft] = '\0'; msFree(shape->values[i]); shape->values[i] = out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/maptemplate.c new/mapserver-7.6.3/maptemplate.c --- old/mapserver-7.6.2/maptemplate.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/maptemplate.c 2021-04-30 23:26:25.000000000 +0200 @@ -1728,8 +1728,8 @@ } if(labelposvalid == MS_TRUE) { - pointObj p1; - pointObj p2; + pointObj p1 = {0,0,0,0}; // initialize + pointObj p2 = {0,0,0,0}; int label_offset_x, label_offset_y; labelObj *label=NULL; label_bounds lbounds; @@ -3636,12 +3636,15 @@ while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = msStringConcatenate(outbuf, line); fclose(stream); + stream = NULL; } /* clear any data associated with the join */ msFreeCharArray(join->values, join->numitems); join->values = NULL; + if(stream) fclose(stream); + return(outbuf); } @@ -4219,8 +4222,10 @@ if(strchr(line, '[') != NULL) { tmpline = processLine(mapserv, line, stream, mode); - if(!tmpline) + if(!tmpline) { + fclose(stream); return MS_FAILURE; + } if(papszBuffer) { if(nBufferSize <= (int)(nCurrentSize + strlen(tmpline) + 1)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapwcs.c new/mapserver-7.6.3/mapwcs.c --- old/mapserver-7.6.2/mapwcs.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapwcs.c 2021-04-30 23:26:25.000000000 +0200 @@ -1514,8 +1514,10 @@ /* -------------------------------------------------------------------- */ char *layer_proj = msGetProjectionString( &(layer->projection) ); - if (msLoadProjectionString(&(map->projection), layer_proj) != 0) + if (msLoadProjectionString(&(map->projection), layer_proj) != 0) { + msFree(layer_proj); return msWCSException( map, NULL, NULL, params->version ); + } free( layer_proj ); layer_proj = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapwcs20.c new/mapserver-7.6.3/mapwcs20.c --- old/mapserver-7.6.2/mapwcs20.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapwcs20.c 2021-04-30 23:26:25.000000000 +0200 @@ -3602,6 +3602,7 @@ status = msWCSGetCapabilities20_CoverageSummary( map, params, psDoc, psNode, layer ); if(status != MS_SUCCESS) { + msFree(validated_language); xmlFreeDoc(psDoc); xmlCleanupParser(); return msWCSException(map, "Internal", "mapserv", params->version); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapwfs.c new/mapserver-7.6.3/mapwfs.c --- old/mapserver-7.6.2/mapwfs.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapwfs.c 2021-04-30 23:26:25.000000000 +0200 @@ -2202,15 +2202,12 @@ status = msLoadProjectionString(&(map->projection), pszMapSRS); if (status != 0) { - msSetError(MS_WFSERR, "msLoadProjectionString() failed: %s", - "msWFSGetFeature()", pszMapSRS); + msSetError(MS_WFSERR, "msLoadProjectionString() failed: %s", "msWFSGetFeature()", pszMapSRS); msFree(pszMapSRS); - return msWFSException(map, "mapserv", MS_OWS_ERROR_NO_APPLICABLE_CODE, - paramsObj->pszVersion); + return msWFSException(map, "mapserv", MS_OWS_ERROR_NO_APPLICABLE_CODE, paramsObj->pszVersion); } - msFree(pszMapSRS); - } + msFree(pszMapSRS); /*make sure that the layer projection is loaded. It could come from a ows/wfs_srs metadata*/ @@ -5182,10 +5179,12 @@ } /* these are unsupported requests. Just set the */ /* request value and return; */ - else if (msWFSGetIndexUnsupportedOperation(psOperation->pszValue) >= 0) { + else { int idx = msWFSGetIndexUnsupportedOperation(psOperation->pszValue); - wfsparams->pszRequest = msStrdup(wfsUnsupportedOperations[idx]); - break; + if( idx >= 0 ) { + wfsparams->pszRequest = msStrdup(wfsUnsupportedOperations[idx]); + break; + } } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/mapwmslayer.c new/mapserver-7.6.3/mapwmslayer.c --- old/mapserver-7.6.2/mapwmslayer.c 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/mapwmslayer.c 2021-04-30 23:26:25.000000000 +0200 @@ -430,7 +430,7 @@ int bFlipAxisOrder = MS_FALSE; const char *pszTmp; int bIsEssential = MS_FALSE; - + if (lp->connectiontype != MS_WMS) { msSetError(MS_WMSCONNERR, "Call supported only for CONNECTIONTYPE WMS", "msBuildWMSLayerURL()"); @@ -619,24 +619,30 @@ char* pszEPSGCodeFromLayer = NULL; msOWSGetEPSGProj(&(lp->projection), NULL, "MO", MS_TRUE, &pszEPSGCodeFromLayer); if (pszEPSGCodeFromLayer == NULL || strcasecmp(pszEPSG, pszEPSGCodeFromLayer) != 0) { - char *ows_srs; - msOWSGetEPSGProj(NULL,&(lp->metadata), "MO", MS_FALSE, &ows_srs); + char *ows_srs = NULL; + msOWSGetEPSGProj(NULL, &(lp->metadata), "MO", MS_FALSE, &ows_srs); /* no need to set lp->proj if it is already set and there is only one item in the _srs metadata for this layer - we will assume the projection block matches the _srs metadata (the search for ' ' in ows_srs is a test to see if there are multiple EPSG: codes) */ if( lp->projection.numargs == 0 || ows_srs == NULL || (strchr(ows_srs,' ') != NULL) ) { - msFree(ows_srs); if (strncasecmp(pszEPSG, "EPSG:", 5) == 0) { char szProj[20]; snprintf(szProj, sizeof(szProj), "init=epsg:%s", pszEPSG+5); - if (msLoadProjectionString(&(lp->projection), szProj) != 0) + if (msLoadProjectionString(&(lp->projection), szProj) != 0) { + msFree(pszEPSGCodeFromLayer); + msFree(ows_srs); return MS_FAILURE; + } } else { - if (msLoadProjectionString(&(lp->projection), pszEPSG) != 0) + if (msLoadProjectionString(&(lp->projection), pszEPSG) != 0) { + msFree(pszEPSGCodeFromLayer); + msFree(ows_srs); return MS_FAILURE; + } } } + msFree(ows_srs); } msFree(pszEPSGCodeFromLayer); } @@ -734,8 +740,8 @@ msRectIntersect( &bbox, &layer_rect ); - bbox_width = ceil((bbox.maxx - bbox.minx) / cellsize); - bbox_height = ceil((bbox.maxy - bbox.miny) / cellsize); + bbox_width = round((bbox.maxx - bbox.minx) / cellsize); + bbox_height = round((bbox.maxy - bbox.miny) / cellsize); /* Force going through the resampler if we're going to receive a clipped BBOX (#4931) */ if(msLayerGetProcessingKey(lp, "RESAMPLE") == NULL) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/renderers/agg/include/agg_rendering_buffer.h new/mapserver-7.6.3/renderers/agg/include/agg_rendering_buffer.h --- old/mapserver-7.6.2/renderers/agg/include/agg_rendering_buffer.h 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/renderers/agg/include/agg_rendering_buffer.h 2021-04-30 23:26:25.000000000 +0200 @@ -128,7 +128,7 @@ private: //-------------------------------------------------------------------- - T* m_buf; // Pointer to renrdering buffer + T* m_buf; // Pointer to rendering buffer T* m_start; // Pointer to first pixel depending on stride unsigned m_width; // Width in pixels unsigned m_height; // Height in pixels @@ -258,7 +258,7 @@ private: //-------------------------------------------------------------------- - T* m_buf; // Pointer to renrdering buffer + T* m_buf; // Pointer to rendering buffer pod_array<T*> m_rows; // Pointers to each row of the buffer unsigned m_width; // Width in pixels unsigned m_height; // Height in pixels diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mapserver-7.6.2/scripts/vagrant/packages.sh new/mapserver-7.6.3/scripts/vagrant/packages.sh --- old/mapserver-7.6.2/scripts/vagrant/packages.sh 2020-12-07 21:09:40.000000000 +0100 +++ new/mapserver-7.6.3/scripts/vagrant/packages.sh 2021-04-30 23:26:25.000000000 +0200 @@ -22,6 +22,6 @@ libprotobuf-dev libprotobuf-c0-dev protobuf-c-compiler libharfbuzz-dev gdal-bin \ curl sqlite3 -curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py +curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py python get-pip.py pip install -U -r /vagrant/msautotest/requirements.txt
