This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch wheezy in repository mapserver.
commit 94694a585422838c25cd66654844b3fa776bccd0 Author: Bas Couwenberg <[email protected]> Date: Mon Dec 5 22:19:06 2016 +0100 Add upstream patch to fix CVE-2016-9839. --- debian/changelog | 6 ++ debian/patches/0001-Backport-4928-and-5356.patch | 97 ++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 104 insertions(+) diff --git a/debian/changelog b/debian/changelog index 61c0e90..d67582d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +mapserver (6.0.1-3.2+deb7u3) UNRELEASED; urgency=high + + * Add upstream patch to fix CVE-2016-9839. + + -- Bas Couwenberg <[email protected]> Mon, 05 Dec 2016 22:18:33 +0100 + mapserver (6.0.1-3.2+deb7u2) stable-proposed-updates; urgency=low * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the diff --git a/debian/patches/0001-Backport-4928-and-5356.patch b/debian/patches/0001-Backport-4928-and-5356.patch new file mode 100644 index 0000000..0fd5bf0 --- /dev/null +++ b/debian/patches/0001-Backport-4928-and-5356.patch @@ -0,0 +1,97 @@ +From 889971607c1d01ff95bc45d1ba44bd92ba5aafb2 Mon Sep 17 00:00:00 2001 +From: Thomas Bonfort <[email protected]> +Date: Thu, 1 Dec 2016 18:59:05 +0100 +Subject: Backport #4928 and #5356 + +--- + mapogr.cpp | 34 ++++++++++++++++++++-------------- + mappostgis.c | 3 ++- + 2 files changed, 22 insertions(+), 15 deletions(-) + +--- a/mapogr.cpp ++++ b/mapogr.cpp +@@ -1408,16 +1408,14 @@ msOGRFileOpen(layerObj *layer, const cha + + if( hDS == NULL ) + { +- if( strlen(CPLGetLastErrorMsg()) == 0 ) +- msSetError(MS_OGRERR, +- "Open failed for OGR connection in layer `%s'. " +- "File not found or unsupported format.", +- "msOGRFileOpen()", +- layer->name?layer->name:"(null)" ); +- else +- msSetError(MS_OGRERR, ++ msSetError(MS_OGRERR, ++ "Open failed for OGR connection in layer `%s'. " ++ "Check logs.", ++ "msOGRFileOpen()", ++ layer->name?layer->name:"(null)" ); ++ if( strlen(CPLGetLastErrorMsg()) != 0 ) ++ msDebug( + "Open failed for OGR connection in layer `%s'.\n%s\n", +- "msOGRFileOpen()", + layer->name?layer->name:"(null)", + CPLGetLastErrorMsg() ); + CPLFree( pszDSName ); +@@ -1467,8 +1465,11 @@ msOGRFileOpen(layerObj *layer, const cha + if( hLayer == NULL ) + { + msSetError(MS_OGRERR, +- "ExecuteSQL(%s) failed.\n%s", ++ "ExecuteSQL(%s) failed. Check logs", + "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug( ++ "ExecuteSQL(%s) failed.\n%s", + pszLayerDef, CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + msConnPoolRelease( layer, hDS ); +@@ -1481,8 +1482,10 @@ msOGRFileOpen(layerObj *layer, const cha + + if (hLayer == NULL) + { +- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.", ++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.", + "msOGRFileOpen()", ++ pszLayerDef); ++ msDebug("GetLayer(%s) failed for OGR connection `%s'.", + pszLayerDef, connection ); + CPLFree( pszLayerDef ); + msConnPoolRelease( layer, hDS ); +@@ -1635,8 +1638,11 @@ static int msOGRFileWhichShapes(layerObj + != OGRERR_NONE ) + { + msSetError(MS_OGRERR, +- "SetAttributeFilter(%s) failed on layer %s.\n%s", ++ "SetAttributeFilter(%s) failed on layer %s.", + "msOGRFileWhichShapes()", ++ layer->filter.string+6, layer->name?layer->name:"(null)"); ++ msDebug( ++ "SetAttributeFilter(%s) failed on layer %s.\n%s", + layer->filter.string+6, layer->name?layer->name:"(null)", + CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; +@@ -1852,8 +1858,8 @@ msOGRFileNextShape(layerObj *layer, shap + psInfo->last_record_index_read = -1; + if( CPLGetLastErrorType() == CE_Failure ) + { +- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()", +- CPLGetLastErrorMsg() ); ++ msSetError(MS_OGRERR, "error. check logs", "msOGRFileNextShape()"); ++ msDebug("%s", CPLGetLastErrorMsg() ); + RELEASE_OGR_LOCK; + return MS_FAILURE; + } +--- a/mappostgis.c ++++ b/mappostgis.c +@@ -2237,7 +2237,8 @@ int msPostGISLayerOpen(layerObj *layer) + } + } + +- msSetError(MS_QUERYERR, "Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn), maskeddata); ++ msDebug("Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?.\n", PQerrorMessage(layerinfo->pgconn), maskeddata); ++ msSetError(MS_QUERYERR, "Database connection failed.\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()"); + + free(maskeddata); + free(layerinfo); diff --git a/debian/patches/series b/debian/patches/series index 17ec2a1..9a801a0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ php54 multiarch-libgd contenttype cve-2013-7262 +0001-Backport-4928-and-5356.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git _______________________________________________ Pkg-grass-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
