[mapserver] 02/03: Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. (LP: 1648998)
Bas Couwenberg
sebastic at debian.org
Wed Jan 18 22:42:32 UTC 2017
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch ubuntu-xenial
in repository mapserver.
commit 8e713ebf5ee7181bea841d80ccbdd4bfb1801c8d
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Wed Jan 18 23:08:47 2017 +0100
Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522. (LP: 1648998)
---
debian/changelog | 7 +++
debian/patches/CVE-2016-9839.patch | 94 ++++++++++++++++++++++++++++++++++++++
debian/patches/CVE-2017-5522.patch | 30 ++++++++++++
debian/patches/series | 2 +
4 files changed, 133 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 8a89fc4..f986083 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+mapserver (7.0.0-9ubuntu3.1) UNRELEASED; urgency=medium
+
+ * Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
+ (LP: 1648998)
+
+ -- Bas Couwenberg <sebastic at debian.org> Wed, 18 Jan 2017 23:11:42 +0100
+
mapserver (7.0.0-9ubuntu3) xenial; urgency=medium
* No-change rebuild for ruby2.3-only support.
diff --git a/debian/patches/CVE-2016-9839.patch b/debian/patches/CVE-2016-9839.patch
new file mode 100644
index 0000000..3365458
--- /dev/null
+++ b/debian/patches/CVE-2016-9839.patch
@@ -0,0 +1,94 @@
+Description: Backport #4928 and #5356
+Author: Thomas Bonfort <thomas.bonfort at gmail.com>
+Origin: https://github.com/mapserver/mapserver/commit/022d24bd34196b6dca67053fb797a6980210bc54
+
+--- a/mapogr.cpp
++++ b/mapogr.cpp
+@@ -1158,18 +1158,15 @@ msOGRFileOpen(layerObj *layer, const cha
+ RELEASE_OGR_LOCK;
+
+ if( hDS == NULL ) {
+- if( strlen(CPLGetLastErrorMsg()) == 0 )
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'. "
+- "File not found or unsupported format.",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)" );
+- else
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'.\n%s\n",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "Open failed for OGR connection in layer `%s'. "
++ "Check logs.",
++ "msOGRFileOpen()",
++ layer->name?layer->name:"(null)" );
++ if( strlen(CPLGetLastErrorMsg()) != 0 )
++ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n",
++ layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ CPLFree( pszDSName );
+ CPLFree( pszLayerDef );
+ return NULL;
+@@ -1194,10 +1191,13 @@ msOGRFileOpen(layerObj *layer, const cha
+ ACQUIRE_OGR_LOCK;
+ hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL );
+ if( hLayer == NULL ) {
+- msSetError(MS_OGRERR,
+- "ExecuteSQL(%s) failed.\n%s",
+- "msOGRFileOpen()",
+- pszLayerDef, CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "ExecuteSQL(%s) failed. Check logs",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug(
++ "ExecuteSQL(%s) failed.\n%s",
++ pszLayerDef, CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ msConnPoolRelease( layer, hDS );
+ CPLFree( pszLayerDef );
+@@ -1229,9 +1229,11 @@ msOGRFileOpen(layerObj *layer, const cha
+ }
+
+ if (hLayer == NULL) {
+- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.",
+- "msOGRFileOpen()",
+- pszLayerDef, connection );
++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug("GetLayer(%s) failed for OGR connection `%s'.",
++ pszLayerDef, connection );
+ CPLFree( pszLayerDef );
+ msConnPoolRelease( layer, hDS );
+ return NULL;
+@@ -1650,7 +1652,14 @@ static int msOGRFileWhichShapes(layerObj
+
+ CPLErrorReset();
+ if( OGR_L_SetAttributeFilter( psInfo->hLayer, pszOGRFilter ) != OGRERR_NONE ) {
+- msSetError(MS_OGRERR, "SetAttributeFilter(%s) failed on layer %s.\n%s", "msOGRFileWhichShapes()", layer->filter.string+6, layer->name?layer->name:"(null)", CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "SetAttributeFilter(%s) failed on layer %s.",
++ "msOGRFileWhichShapes()",
++ layer->filter.string+6,
++ layer->filter.string+6, layer->name?layer->name:"(null)");
++ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s",
++ layer->filter.string+6, layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ msFree(pszOGRFilter);
+ return MS_FAILURE;
+@@ -1855,8 +1864,8 @@ msOGRFileNextShape(layerObj *layer, shap
+ if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) {
+ psInfo->last_record_index_read = -1;
+ if( CPLGetLastErrorType() == CE_Failure ) {
+- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR, "OGR error. check logs", "msOGRFileNextShape()");
++ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ } else {
diff --git a/debian/patches/CVE-2017-5522.patch b/debian/patches/CVE-2017-5522.patch
new file mode 100644
index 0000000..435ee17
--- /dev/null
+++ b/debian/patches/CVE-2017-5522.patch
@@ -0,0 +1,30 @@
+Description: security fix (patch by EvenR)
+ Fixes CVE-2017-5522 (stack buffer overflow)
+Author: Even Rouault <even.rouault at spatialys.com>
+Origin: https://github.com/mapserver/mapserver/commit/fb00f8149898fcf9fcb490a179984e481248f066
+ https://github.com/mapserver/mapserver/commit/f096b132e58cdfe2714ce372e9f4f7c76d72c5ec
+
+--- a/mapogcfilter.c
++++ b/mapogcfilter.c
+@@ -2922,7 +2922,9 @@ char *FLTGetIsLikeComparisonExpression(F
+
+ pszValue = psFilterNode->psRightNode->pszValue;
+ nLength = strlen(pszValue);
+-
++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
++ return NULL;
++
+ iTmp =0;
+ if (nLength > 0 && pszValue[0] != pszWild[0] &&
+ pszValue[0] != pszSingle[0] &&
+--- a/mapogcfiltercommon.c
++++ b/mapogcfiltercommon.c
+@@ -88,6 +88,8 @@ char *FLTGetIsLikeComparisonCommonExpres
+
+ pszValue = psFilterNode->psRightNode->pszValue;
+ nLength = strlen(pszValue);
++ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
++ return NULL;
+
+ iTmp =0;
+ if (nLength > 0 && pszValue[0] != pszWild[0] && pszValue[0] != pszSingle[0] && pszValue[0] != pszEscape[0]) {
diff --git a/debian/patches/series b/debian/patches/series
index 4b660a8..84884dc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,5 @@ dont-export-mapserver-target-for-static-libmapserver.patch
0001-Fix-java-mapscript-to-be-compatible-with-newer-swig.patch
fix-types.patch
should-typo.patch
+CVE-2016-9839.patch
+CVE-2017-5522.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/mapserver.git
More information about the Pkg-grass-devel
mailing list