This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch jessie in repository mapserver.
commit 574f906653bab70ee6403997175935e42f99c58f Author: Bas Couwenberg <[email protected]> Date: Mon Dec 5 22:05:23 2016 +0100 Add upstream patch to fix CVE-2016-9839. --- debian/changelog | 6 ++ debian/patches/0001-Backport-4928-and-5356.patch | 120 +++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 127 insertions(+) diff --git a/debian/changelog b/debian/changelog index 4c18ce0..64d8f2d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +mapserver (6.4.1-5+deb8u1) UNRELEASED; urgency=high + + * Add upstream patch to fix CVE-2016-9839. + + -- Bas Couwenberg <[email protected]> Mon, 05 Dec 2016 22:03:30 +0100 + mapserver (6.4.1-5) unstable; urgency=medium * Add debug package for libmapserver. Thanks to Frederic Junod for the patch. diff --git a/debian/patches/0001-Backport-4928-and-5356.patch b/debian/patches/0001-Backport-4928-and-5356.patch new file mode 100644 index 0000000..25195e5 --- /dev/null +++ b/debian/patches/0001-Backport-4928-and-5356.patch @@ -0,0 +1,120 @@ +From 022d24bd34196b6dca67053fb797a6980210bc54 Mon Sep 17 00:00:00 2001 +From: Thomas Bonfort <[email protected]> +Date: Thu, 1 Dec 2016 18:59:05 +0100 +Subject: Backport #4928 and #5356 + +--- + mapogr.cpp | 52 ++++++++++++++++++++++++++++------------------------ + mappostgis.c | 4 ++-- + 2 files changed, 30 insertions(+), 26 deletions(-) + +--- a/mapogr.cpp ++++ b/mapogr.cpp +@@ -1118,18 +1118,15 @@ msOGRFileOpen(layerObj *layer, const cha + RELEASE_OGR_LOCK; + + if( hDS == NULL ) { +- if( strlen(CPLGetLastErrorMsg()) == 0 ) +- msSetError(MS_OGRERR, +- "Open failed for OGR connection in layer `%s'. " +- "File not found or unsupported format.", +- "msOGRFileOpen()", +- layer->name?layer->name:"(null)" ); +- else +- msSetError(MS_OGRERR, +- "Open failed for OGR connection in layer `%s'.\n%s\n", +- "msOGRFileOpen()", +- layer->name?layer->name:"(null)", +- CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, ++ "Open failed for OGR connection in layer `%s'. " ++ "Check logs.", ++ "msOGRFileOpen()", ++ layer->name?layer->name:"(null)" ); ++ if( strlen(CPLGetLastErrorMsg()) != 0 ) ++ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n", ++ layer->name?layer->name:"(null)", ++ CPLGetLastErrorMsg() ); + CPLFree( pszDSName ); + CPLFree( pszLayerDef ); + return NULL; +@@ -1154,10 +1151,13 @@ msOGRFileOpen(layerObj *layer, const cha + ACQUIRE_OGR_LOCK; + hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL ); + if( hLayer == NULL ) { +- msSetError(MS_OGRERR, +- "ExecuteSQL(%s) failed.\n%s", +- "msOGRFileOpen()", +- pszLayerDef, CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, ++ "ExecuteSQL(%s) failed. Check logs", ++ "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug( ++ "ExecuteSQL(%s) failed.\n%s", ++ pszLayerDef, CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + msConnPoolRelease( layer, hDS ); + CPLFree( pszLayerDef ); +@@ -1189,9 +1189,11 @@ msOGRFileOpen(layerObj *layer, const cha + } + + if (hLayer == NULL) { +- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.", +- "msOGRFileOpen()", +- pszLayerDef, connection ); ++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.", ++ "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug("GetLayer(%s) failed for OGR connection `%s'.", ++ pszLayerDef, connection ); + CPLFree( pszLayerDef ); + msConnPoolRelease( layer, hDS ); + return NULL; +@@ -1356,10 +1358,12 @@ static int msOGRFileWhichShapes(layerObj + if( OGR_L_SetAttributeFilter( psInfo->hLayer, layer->filter.string+6 ) + != OGRERR_NONE ) { + msSetError(MS_OGRERR, +- "SetAttributeFilter(%s) failed on layer %s.\n%s", ++ "SetAttributeFilter(%s) failed on layer %s.", + "msOGRFileWhichShapes()", +- layer->filter.string+6, layer->name?layer->name:"(null)", +- CPLGetLastErrorMsg() ); ++ layer->filter.string+6, layer->name?layer->name:"(null)"); ++ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s", ++ layer->filter.string+6, layer->name?layer->name:"(null)", ++ CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + return MS_FAILURE; + } +@@ -1562,8 +1566,8 @@ msOGRFileNextShape(layerObj *layer, shap + if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) { + psInfo->last_record_index_read = -1; + if( CPLGetLastErrorType() == CE_Failure ) { +- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()", +- CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, "OGR error. check logs", "msOGRFileNextShape()"); ++ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + return MS_FAILURE; + } else { +--- a/mappostgis.c ++++ b/mappostgis.c +@@ -2305,7 +2305,8 @@ int msPostGISLayerOpen(layerObj *layer) + } + } + +- msSetError(MS_QUERYERR, "Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn), maskeddata); ++ msDebug("Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?.\n", PQerrorMessage(layerinfo->pgconn), maskeddata); ++ msSetError(MS_QUERYERR, "Database connection failed.\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()"); + + free(maskeddata); + free(layerinfo); +@@ -2327,7 +2328,6 @@ int msPostGISLayerOpen(layerObj *layer) + msSetError(MS_QUERYERR, "PostgreSQL database connection gone bad (%s)", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn)); + return MS_FAILURE; + } +- + } + } + diff --git a/debian/patches/series b/debian/patches/series index 1fd50e2..ba6b786 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ ruby-mapscript-install.patch cmake-mapserver-export.patch java-hardening.patch php56.patch +0001-Backport-4928-and-5356.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git _______________________________________________ Pkg-grass-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
