[mapserver] 01/02: Add upstream patch to fix CVE-2016-9839.
Bas Couwenberg
sebastic at debian.org
Mon Dec 5 23:28:58 UTC 2016
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch wheezy
in repository mapserver.
commit 94694a585422838c25cd66654844b3fa776bccd0
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Mon Dec 5 22:19:06 2016 +0100
Add upstream patch to fix CVE-2016-9839.
---
debian/changelog | 6 ++
debian/patches/0001-Backport-4928-and-5356.patch | 97 ++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 104 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 61c0e90..d67582d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+mapserver (6.0.1-3.2+deb7u3) UNRELEASED; urgency=high
+
+ * Add upstream patch to fix CVE-2016-9839.
+
+ -- Bas Couwenberg <sebastic at debian.org> Mon, 05 Dec 2016 22:18:33 +0100
+
mapserver (6.0.1-3.2+deb7u2) stable-proposed-updates; urgency=low
* Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
diff --git a/debian/patches/0001-Backport-4928-and-5356.patch b/debian/patches/0001-Backport-4928-and-5356.patch
new file mode 100644
index 0000000..0fd5bf0
--- /dev/null
+++ b/debian/patches/0001-Backport-4928-and-5356.patch
@@ -0,0 +1,97 @@
+From 889971607c1d01ff95bc45d1ba44bd92ba5aafb2 Mon Sep 17 00:00:00 2001
+From: Thomas Bonfort <thomas.bonfort at gmail.com>
+Date: Thu, 1 Dec 2016 18:59:05 +0100
+Subject: Backport #4928 and #5356
+
+---
+ mapogr.cpp | 34 ++++++++++++++++++++--------------
+ mappostgis.c | 3 ++-
+ 2 files changed, 22 insertions(+), 15 deletions(-)
+
+--- a/mapogr.cpp
++++ b/mapogr.cpp
+@@ -1408,16 +1408,14 @@ msOGRFileOpen(layerObj *layer, const cha
+
+ if( hDS == NULL )
+ {
+- if( strlen(CPLGetLastErrorMsg()) == 0 )
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'. "
+- "File not found or unsupported format.",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)" );
+- else
+- msSetError(MS_OGRERR,
++ msSetError(MS_OGRERR,
++ "Open failed for OGR connection in layer `%s'. "
++ "Check logs.",
++ "msOGRFileOpen()",
++ layer->name?layer->name:"(null)" );
++ if( strlen(CPLGetLastErrorMsg()) != 0 )
++ msDebug(
+ "Open failed for OGR connection in layer `%s'.\n%s\n",
+- "msOGRFileOpen()",
+ layer->name?layer->name:"(null)",
+ CPLGetLastErrorMsg() );
+ CPLFree( pszDSName );
+@@ -1467,8 +1465,11 @@ msOGRFileOpen(layerObj *layer, const cha
+ if( hLayer == NULL )
+ {
+ msSetError(MS_OGRERR,
+- "ExecuteSQL(%s) failed.\n%s",
++ "ExecuteSQL(%s) failed. Check logs",
+ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug(
++ "ExecuteSQL(%s) failed.\n%s",
+ pszLayerDef, CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ msConnPoolRelease( layer, hDS );
+@@ -1481,8 +1482,10 @@ msOGRFileOpen(layerObj *layer, const cha
+
+ if (hLayer == NULL)
+ {
+- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.",
++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.",
+ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug("GetLayer(%s) failed for OGR connection `%s'.",
+ pszLayerDef, connection );
+ CPLFree( pszLayerDef );
+ msConnPoolRelease( layer, hDS );
+@@ -1635,8 +1638,11 @@ static int msOGRFileWhichShapes(layerObj
+ != OGRERR_NONE )
+ {
+ msSetError(MS_OGRERR,
+- "SetAttributeFilter(%s) failed on layer %s.\n%s",
++ "SetAttributeFilter(%s) failed on layer %s.",
+ "msOGRFileWhichShapes()",
++ layer->filter.string+6, layer->name?layer->name:"(null)");
++ msDebug(
++ "SetAttributeFilter(%s) failed on layer %s.\n%s",
+ layer->filter.string+6, layer->name?layer->name:"(null)",
+ CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+@@ -1852,8 +1858,8 @@ msOGRFileNextShape(layerObj *layer, shap
+ psInfo->last_record_index_read = -1;
+ if( CPLGetLastErrorType() == CE_Failure )
+ {
+- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR, "error. check logs", "msOGRFileNextShape()");
++ msDebug("%s", CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ }
+--- a/mappostgis.c
++++ b/mappostgis.c
+@@ -2237,7 +2237,8 @@ int msPostGISLayerOpen(layerObj *layer)
+ }
+ }
+
+- msSetError(MS_QUERYERR, "Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msDebug("Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?.\n", PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msSetError(MS_QUERYERR, "Database connection failed.\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()");
+
+ free(maskeddata);
+ free(layerinfo);
diff --git a/debian/patches/series b/debian/patches/series
index 17ec2a1..9a801a0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ php54
multiarch-libgd
contenttype
cve-2013-7262
+0001-Backport-4928-and-5356.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git
More information about the Pkg-grass-devel
mailing list