[mapserver] 02/03: Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. (LP: 1648998)
Bas Couwenberg
sebastic at debian.org
Wed Jan 18 22:42:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch ubuntu-trusty
in repository mapserver.
commit 7e4f66df849ba235e4443a5e4435905ed9ccc8f1
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Wed Jan 18 23:08:47 2017 +0100
Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. (LP: 1648998)
---
debian/changelog | 8 +++
debian/patches/CVE-2016-9839.patch | 114 +++++++++++++++++++++++++++++++++++++
debian/patches/CVE-2017-5522.patch | 30 ++++++++++
debian/patches/series | 2 +
4 files changed, 154 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index a8b5608..363d30b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+mapserver (6.4.1-2ubuntu0.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
+ (LP: 1648998)
+
+ -- Bas Couwenberg <sebastic at debian.org> Wed, 18 Jan 2017 23:11:42 +0100
+
mapserver (6.4.1-2) unstable; urgency=low
* Add gpb.conf to use pristine-tar by default.
diff --git a/debian/patches/CVE-2016-9839.patch b/debian/patches/CVE-2016-9839.patch
new file mode 100644
index 0000000..c92d402
--- /dev/null
+++ b/debian/patches/CVE-2016-9839.patch
@@ -0,0 +1,114 @@
+Description: Backport #4928 and #5356
+Author: Thomas Bonfort <thomas.bonfort at gmail.com>
+Origin: https://github.com/mapserver/mapserver/commit/022d24bd34196b6dca67053fb797a6980210bc54
+
+--- a/mapogr.cpp
++++ b/mapogr.cpp
+@@ -1118,18 +1118,15 @@ msOGRFileOpen(layerObj *layer, const cha
+ RELEASE_OGR_LOCK;
+
+ if( hDS == NULL ) {
+- if( strlen(CPLGetLastErrorMsg()) == 0 )
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'. "
+- "File not found or unsupported format.",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)" );
+- else
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'.\n%s\n",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "Open failed for OGR connection in layer `%s'. "
++ "Check logs.",
++ "msOGRFileOpen()",
++ layer->name?layer->name:"(null)" );
++ if( strlen(CPLGetLastErrorMsg()) != 0 )
++ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n",
++ layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ CPLFree( pszDSName );
+ CPLFree( pszLayerDef );
+ return NULL;
+@@ -1154,10 +1151,13 @@ msOGRFileOpen(layerObj *layer, const cha
+ ACQUIRE_OGR_LOCK;
+ hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL );
+ if( hLayer == NULL ) {
+- msSetError(MS_OGRERR,
+- "ExecuteSQL(%s) failed.\n%s",
+- "msOGRFileOpen()",
+- pszLayerDef, CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "ExecuteSQL(%s) failed. Check logs",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug(
++ "ExecuteSQL(%s) failed.\n%s",
++ pszLayerDef, CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ msConnPoolRelease( layer, hDS );
+ CPLFree( pszLayerDef );
+@@ -1189,9 +1189,11 @@ msOGRFileOpen(layerObj *layer, const cha
+ }
+
+ if (hLayer == NULL) {
+- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.",
+- "msOGRFileOpen()",
+- pszLayerDef, connection );
++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug("GetLayer(%s) failed for OGR connection `%s'.",
++ pszLayerDef, connection );
+ CPLFree( pszLayerDef );
+ msConnPoolRelease( layer, hDS );
+ return NULL;
+@@ -1356,10 +1358,12 @@ static int msOGRFileWhichShapes(layerObj
+ if( OGR_L_SetAttributeFilter( psInfo->hLayer, layer->filter.string+6 )
+ != OGRERR_NONE ) {
+ msSetError(MS_OGRERR,
+- "SetAttributeFilter(%s) failed on layer %s.\n%s",
++ "SetAttributeFilter(%s) failed on layer %s.",
+ "msOGRFileWhichShapes()",
+- layer->filter.string+6, layer->name?layer->name:"(null)",
+- CPLGetLastErrorMsg() );
++ layer->filter.string+6, layer->name?layer->name:"(null)");
++ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s",
++ layer->filter.string+6, layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ }
+@@ -1562,8 +1566,8 @@ msOGRFileNextShape(layerObj *layer, shap
+ if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) {
+ psInfo->last_record_index_read = -1;
+ if( CPLGetLastErrorType() == CE_Failure ) {
+- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR, "OGR error. check logs", "msOGRFileNextShape()");
++ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ } else {
+--- a/mappostgis.c
++++ b/mappostgis.c
+@@ -2305,7 +2305,8 @@ int msPostGISLayerOpen(layerObj *layer)
+ }
+ }
+
+- msSetError(MS_QUERYERR, "Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msDebug("Database connection failed (%s) with connect string '%s'\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?.\n", PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msSetError(MS_QUERYERR, "Database connection failed.\nIs the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?", "msPostGISLayerOpen()");
+
+ free(maskeddata);
+ free(layerinfo);
+@@ -2327,7 +2328,6 @@ int msPostGISLayerOpen(layerObj *layer)
+ msSetError(MS_QUERYERR, "PostgreSQL database connection gone bad (%s)", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn));
+ return MS_FAILURE;
+ }
+-
+ }
+ }
+
diff --git a/debian/patches/CVE-2017-5522.patch b/debian/patches/CVE-2017-5522.patch
new file mode 100644
index 0000000..671b81d
--- /dev/null
+++ b/debian/patches/CVE-2017-5522.patch
@@ -0,0 +1,30 @@
+Description: security fix (patch by EvenR)
+ Fixes CVE-2017-5522 (stack buffer overflow)
+Author: Even Rouault <even.rouault at spatialys.com>
+Origin: https://github.com/mapserver/mapserver/commit/fb00f8149898fcf9fcb490a179984e481248f066
+ https://github.com/mapserver/mapserver/commit/f096b132e58cdfe2714ce372e9f4f7c76d72c5ec
+
+--- a/mapogcfilter.c
++++ b/mapogcfilter.c
+@@ -2852,7 +2852,9 @@ char *FLTGetIsLikeComparisonExpression(F
+
+ pszValue = psFilterNode->psRightNode->pszValue;
+ nLength = strlen(pszValue);
+-
++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
++ return NULL;
++
+ iTmp =0;
+ if (nLength > 0 && pszValue[0] != pszWild[0] &&
+ pszValue[0] != pszSingle[0] &&
+--- a/mapogcfiltercommon.c
++++ b/mapogcfiltercommon.c
+@@ -93,6 +93,8 @@ char *FLTGetIsLikeComparisonCommonExpres
+
+ pszValue = psFilterNode->psRightNode->pszValue;
+ nLength = strlen(pszValue);
++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
++ return NULL;
+
+ iTmp =0;
+ if (nLength > 0 && pszValue[0] != pszWild[0] &&
diff --git a/debian/patches/series b/debian/patches/series
index 2b6db3c..05709f8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,5 @@ perl-mapscript-install.patch
ruby-mapscript-install.patch
cmake-mapserver-export.patch
cmake-ruby2.patch
+CVE-2016-9839.patch
+CVE-2017-5522.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git
More information about the Pkg-grass-devel
mailing list