[Git][debian-gis-team/mapserver][buster-backports] 14 commits: Bump Standards-Version to 4.5.0, no changes.
Bas Couwenberg
gitlab at salsa.debian.org
Fri Mar 27 17:32:47 GMT 2020
Bas Couwenberg pushed to branch buster-backports at Debian GIS Project / mapserver
Commits:
24dc4f71 by Bas Couwenberg at 2020-01-25T10:46:47+01:00
Bump Standards-Version to 4.5.0, no changes.
- - - - -
b2643d5c by Bas Couwenberg at 2020-02-22T19:24:59+01:00
Add upstream patch to fix FTBFS with SWIG 4.0.1. (closes: #951886)
- - - - -
2ce6d941 by Bas Couwenberg at 2020-02-22T19:25:13+01:00
Set distribution to unstable.
- - - - -
008e464f by Bas Couwenberg at 2020-03-19T19:35:41+01:00
Bump debhelper compat to 10.
Changes:
- Drop --parallel option, enabled by default
- - - - -
78c9a684 by Bas Couwenberg at 2020-03-20T20:40:31+01:00
Add upstream patch to fix PHPMapScript error handling vulnerabilities.
- - - - -
8179fd38 by Bas Couwenberg at 2020-03-20T20:40:48+01:00
Set distribution to unstable.
- - - - -
0618089a by Bas Couwenberg at 2020-03-20T21:13:31+01:00
New upstream version 7.4.4
- - - - -
6724c015 by Bas Couwenberg at 2020-03-20T21:13:46+01:00
Update upstream source from tag 'upstream/7.4.4'
Update to upstream version '7.4.4'
with Debian dir 06fc18a52a87bc9994a9530217f27c62a19bd4cb
- - - - -
c14a763c by Bas Couwenberg at 2020-03-20T21:14:04+01:00
New upstream release.
- - - - -
152f8db2 by Bas Couwenberg at 2020-03-20T21:15:35+01:00
Drop mapscript-buffer-overflow.patch, included upstream.
- - - - -
80796225 by Bas Couwenberg at 2020-03-20T21:16:02+01:00
Set distribution to unstable.
- - - - -
6081e613 by Bas Couwenberg at 2020-03-27T18:00:51+01:00
Merge tag 'debian/7.4.4-1' into buster-backports
releasing package mapserver version 7.4.4-1
- - - - -
473bd777 by Bas Couwenberg at 2020-03-27T18:18:19+01:00
Drop mapscript-buffer-overflow.patch, included upstream.
- - - - -
183b670e by Bas Couwenberg at 2020-03-27T18:18:19+01:00
Rebuild for buster-backports.
- - - - -
16 changed files:
- CMakeLists.txt
- HISTORY.TXT
- debian/changelog
- debian/compat
- debian/control
- − debian/patches/mapscript-buffer-overflow.patch
- debian/patches/series
- + debian/patches/swig-4.0.1.patch
- debian/rules
- mapgdal.c
- mapogroutput.c
- maprasterquery.c
- mapresample.c
- mapscript/php/mapscript_error.c
- mapsymbol.c
- mapwfslayer.c
Changes:
=====================================
CMakeLists.txt
=====================================
@@ -17,7 +17,7 @@ include(CheckCSourceCompiles)
set (MapServer_VERSION_MAJOR 7)
set (MapServer_VERSION_MINOR 4)
-set (MapServer_VERSION_REVISION 3)
+set (MapServer_VERSION_REVISION 4)
set (MapServer_VERSION_SUFFIX "")
set(TARGET_VERSION_MAJOR ${MapServer_VERSION_MAJOR})
=====================================
HISTORY.TXT
=====================================
@@ -12,6 +12,11 @@ For a complete change history, please see the Git log comments. For more
details about recent point releases, please see the online changelog at:
http://mapserver.org/development/changelog/
+7.4.4 release (2020-3-20)
+-------------------------
+
+- Security release, see ticket #6014 for more information.
+
7.4.3 release (2019-12-16)
--------------------------
=====================================
debian/changelog
=====================================
@@ -1,3 +1,32 @@
+mapserver (7.4.4-1~bpo10+1) buster-backports; urgency=medium
+
+ * Rebuild for buster-backports.
+
+ -- Bas Couwenberg <sebastic at debian.org> Fri, 27 Mar 2020 18:00:55 +0100
+
+mapserver (7.4.4-1) unstable; urgency=high
+
+ * New upstream release.
+ * Drop mapscript-buffer-overflow.patch, included upstream.
+
+ -- Bas Couwenberg <sebastic at debian.org> Fri, 20 Mar 2020 21:15:45 +0100
+
+mapserver (7.4.3-3) unstable; urgency=high
+
+ * Bump debhelper compat to 10, changes:
+ - Drop --parallel option, enabled by default
+ * Add upstream patch to fix PHPMapScript error handling vulnerabilities.
+
+ -- Bas Couwenberg <sebastic at debian.org> Fri, 20 Mar 2020 20:40:37 +0100
+
+mapserver (7.4.3-2) unstable; urgency=medium
+
+ * Bump Standards-Version to 4.5.0, no changes.
+ * Add upstream patch to fix FTBFS with SWIG 4.0.1.
+ (closes: #951886)
+
+ -- Bas Couwenberg <sebastic at debian.org> Sat, 22 Feb 2020 19:25:03 +0100
+
mapserver (7.4.3-1~bpo10+2) buster-backports; urgency=high
* Add upstream patch to fix PHPMapScript error handling vulnerabilities.
=====================================
debian/compat
=====================================
@@ -1 +1 @@
-9
+10
=====================================
debian/control
=====================================
@@ -5,7 +5,7 @@ Uploaders: Francesco Paolo Lovergine <frankie at debian.org>,
Bas Couwenberg <sebastic at debian.org>
Section: devel
Priority: optional
-Build-Depends: debhelper (>= 9.20160114),
+Build-Depends: debhelper (>= 10~),
dh-php,
dh-python,
dpkg-dev (>= 1.16.1.1),
@@ -45,7 +45,7 @@ Build-Depends: debhelper (>= 9.20160114),
docbook-xml,
xsltproc
Build-Conflicts: libcurl3-openssl-dev
-Standards-Version: 4.4.1
+Standards-Version: 4.5.0
Vcs-Browser: https://salsa.debian.org/debian-gis-team/mapserver
Vcs-Git: https://salsa.debian.org/debian-gis-team/mapserver.git -b buster-backports
Homepage: http://www.mapserver.org
=====================================
debian/patches/mapscript-buffer-overflow.patch deleted
=====================================
@@ -1,62 +0,0 @@
-Description: Fix PHPMapScript vulnerabilities in error handling.
-Author: Jeff McKenna <jmckenna at gatewaygeomatics.com>
-Bug: https://github.com/mapserver/mapserver/issues/6014
-
---- a/mapscript/php/mapscript_error.c
-+++ b/mapscript/php/mapscript_error.c
-@@ -35,8 +35,6 @@
- #include <stdarg.h>
- #include "../../maperror.h"
-
--#define MAX_EXCEPTION_MSG 256
--
- zend_class_entry *mapscript_ce_mapscriptexception;
-
- #if PHP_VERSION_ID >= 70000
-@@ -46,9 +44,10 @@ zval* mapscript_throw_exception(char *fo
- #endif
- {
- va_list args;
-- char message[MAX_EXCEPTION_MSG];
-+ char message[MESSAGELENGTH];
- va_start(args, format);
-- vsprintf(message, format, args);
-+ //prevent buffer overflow
-+ vsnprintf(message, MESSAGELENGTH, format, args);
- va_end(args);
- return zend_throw_exception(mapscript_ce_mapscriptexception, message, 0 TSRMLS_CC);
- }
-@@ -60,7 +59,7 @@ zval* mapscript_throw_mapserver_exceptio
- #endif
- {
- va_list args;
-- char message[MAX_EXCEPTION_MSG];
-+ char message[MESSAGELENGTH];
- errorObj *ms_error;
-
- ms_error = msGetErrorObj();
-@@ -73,17 +72,20 @@ zval* mapscript_throw_mapserver_exceptio
- }
-
- va_start(args, format);
-- vsprintf(message, format, args);
-+ //prevent buffer overflow
-+ vsnprintf(message, MESSAGELENGTH, format, args);
- va_end(args);
-- return mapscript_throw_exception(message TSRMLS_CC);
-+ //prevent format string attack
-+ return mapscript_throw_exception("%s", message TSRMLS_CC);
- }
-
- void mapscript_report_php_error(int error_type, char *format TSRMLS_DC, ...)
- {
- va_list args;
-- char message[MAX_EXCEPTION_MSG];
-+ char message[MESSAGELENGTH];
- va_start(args, format);
-- vsprintf(message, format, args);
-+ //prevent buffer overflow
-+ vsnprintf(message, MESSAGELENGTH, format, args);
- va_end(args);
- php_error_docref(NULL TSRMLS_CC, error_type, "%s,", message);
- }
=====================================
debian/patches/series
=====================================
@@ -1,3 +1,3 @@
perl-mapscript-install.patch
java-hardening.patch
-mapscript-buffer-overflow.patch
+swig-4.0.1.patch
=====================================
debian/patches/swig-4.0.1.patch
=====================================
@@ -0,0 +1,206 @@
+Description: Updates to build MapScript with SWIG 4.0.1
+Author: sethg <sethg at geographika.co.uk>
+Origin: https://github.com/mapserver/mapserver/pull/5983
+Bug: https://github.com/mapserver/mapserver/issues/5982
+Bug-Debian: https://bugs.debian.org/951886
+
+--- a/mapscript/python/pyextend.i
++++ b/mapscript/python/pyextend.i
+@@ -13,6 +13,7 @@
+ *
+ *****************************************************************************/
+
++
+ /* fromstring: Factory for mapfile objects */
+
+ %pythoncode %{
+@@ -222,15 +223,13 @@ def fromstring(data, mappath=None):
+ }
+ }
+
+- def getItemDefinitions(self):
+- return self._item_definitions
++ @property
++ def itemdefinitions(self):
++ return self._item_definitions
+
+- def setItemDefinitions(self, item_definitions):
++ @itemdefinitions.setter
++ def itemdefinitions(self, item_definitions):
+ self._item_definitions = item_definitions
+-
+- __swig_getmethods__["itemdefinitions"] = getItemDefinitions
+- __swig_setmethods__["itemdefinitions"] = setItemDefinitions
+-
+ %}
+ }
+
+@@ -426,25 +425,14 @@ def fromstring(data, mappath=None):
+ memcpy( *argout, self->pattern, sizeof(double) * *pnListSize);
+ }
+
+- void patternlength_set2(int patternlength)
+- {
+- msSetError(MS_MISCERR, "pattern is read-only", "patternlength_set()");
+- }
+
+ %pythoncode %{
+
+- __swig_setmethods__["patternlength"] = _mapscript.styleObj_patternlength_set2
+- __swig_getmethods__["patternlength"] = _mapscript.styleObj_patternlength_get
+- if _newclass:patternlength = _swig_property(_mapscript.styleObj_patternlength_get, _mapscript.styleObj_patternlength_set2)
+-
+- __swig_setmethods__["pattern"] = _mapscript.styleObj_pattern_set
+- __swig_getmethods__["pattern"] = _mapscript.styleObj_pattern_get
+- if _newclass:pattern = _swig_property(_mapscript.styleObj_pattern_get, _mapscript.styleObj_pattern_set)
+-%}
++pattern = property(pattern_get, pattern_set)
+
++%}
+ }
+
+-
+ /******************************************************************************
+ * Extensions to hashTableObj - add dict methods
+ *****************************************************************************/
+--- a/mapscript/python/pymodule.i
++++ b/mapscript/python/pymodule.i
+@@ -17,7 +17,7 @@
+ *****************************************************************************/
+
+ /* Translates Python None to C NULL for strings */
+-%typemap(in,parse="z") char * "";
++//%typemap(in,parse="z") char * "";
+
+ /* To support imageObj::getBytes */
+ %typemap(out) gdBuffer {
+@@ -210,33 +210,15 @@ MapServerError = _mapscript.MapServerErr
+ MapServerChildError = _mapscript.MapServerChildError
+ %}
+
+-/* The bogus "if 1:" is to introduce a new scope to work around indentation
+- handling with pythonappend in different versions. (#3180) */
+-%feature("pythonappend") layerObj %{if 1:
+- self.p_map=None
+- try:
+- # python 2.5
+- if args and len(args)!=0:
+- self.p_map=args[0]
+- except NameError:
+- # python 2.6
+- if map:
+- self.p_map=map
+- %}
+-
+-/* The bogus "if 1:" is to introduce a new scope to work around indentation
+- handling with pythonappend in different versions. (#3180) */
+-%feature("pythonappend") classObj %{if 1:
+- self.p_layer =None
+- try:
+- # python 2.5
+- if args and len(args)!=0:
+- self.p_layer=args[0]
+- except NameError:
+- # python 2.6
+- if layer:
+- self.p_layer=layer
+- %}
++%feature("pythonappend") layerObj %{
++ self.p_map = None
++ if map:
++ self.p_map = map%}
++
++%feature("pythonappend") classObj %{
++ self.p_layer = None
++ if layer:
++ self.p_layer = layer%}
+
+ %feature("shadow") insertClass %{
+ def insertClass(*args):
+--- a/mapscript/python/tests/cases/style_test.py
++++ b/mapscript/python/tests/cases/style_test.py
+@@ -175,6 +175,53 @@ class NewStylesTestCase(MapTestCase):
+ self.assertRaises(mapscript.MapServerChildError,
+ class0.insertStyle, None)
+
++ def testPattern(self):
++ """See https://github.com/mapserver/mapserver/issues/4943"""
++
++ si = mapscript.styleObj()
++ assert si.pattern == ()
++ assert si.patternlength == 0
++
++ def testPattern2(self):
++
++ si = mapscript.styleObj()
++ si.pattern = [2.0, 3, 4]
++ assert si.pattern == (2.0, 3.0, 4.0)
++ assert si.patternlength == 3
++
++ def testPattern3(self):
++ """a pattern must have at least 2 elements"""
++
++ si = mapscript.styleObj()
++ exception = None
++ try:
++ si.pattern = [1.0]
++ except Exception:
++ exception = True
++ assert exception is True
++
++ def testPattern4(self):
++ """a pattern can have a max of 10 elements
++ This is set in mapsymbol.h with #define MS_MAXPATTERNLENGTH 10"""
++
++ si = mapscript.styleObj()
++ exception = None
++ try:
++ si.pattern = [i for i in range(11)]
++ except Exception:
++ exception = True
++ assert exception is True
++
++ def testPattern5(self):
++ """pattern length is read-only"""
++ si = mapscript.styleObj()
++ exception = None
++ try:
++ si.patternlength = 0
++ except Exception:
++ exception = True
++ assert exception is True
++
+
+ class BrushCachingTestCase(MapTestCase):
+
+--- a/mapscript/csharp/swig_csharp_extensions.i
++++ b/mapscript/csharp/swig_csharp_extensions.i
+@@ -224,17 +224,20 @@
+ }
+ %}
+
++#if SWIG_VERSION < 0x040000
+ %typemap(csfinalize) SWIGTYPE %{
+ /* %typemap(csfinalize) SWIGTYPE */
+ ~$csclassname() {
+ Dispose();
+ }
+ %}
++#endif
+
+ %typemap(csconstruct, excode=SWIGEXCODE) SWIGTYPE %{: this($imcall, true, null) {$excode
+ }
+ %}
+
++#if SWIG_VERSION < 0x040000
+ %typemap(csdestruct, methodname="Dispose", methodmodifiers="public") SWIGTYPE {
+ lock(this) {
+ if(swigCPtr.Handle != System.IntPtr.Zero && swigCMemOwn) {
+@@ -246,6 +249,7 @@
+ System.GC.SuppressFinalize(this);
+ }
+ }
++#endif
+
+ %typemap(csdestruct_derived, methodname="Dispose", methodmodifiers="public") TYPE {
+ lock(this) {
=====================================
debian/rules
=====================================
@@ -29,7 +29,6 @@ BUILD_DATE := $(shell LC_ALL=C date -u "+%d %B %Y" -d "@$(SOURCE_DATE_EPOCH)")
%:
dh $@ --with php,python3,pkgkde_symbolshelper \
- --parallel \
--buildsystem cmake
override_dh_auto_clean:
=====================================
mapgdal.c
=====================================
@@ -155,6 +155,7 @@ int msSaveImageGDAL( mapObj *map, imageObj *image, const char *filenameIn )
int bUseXmp = MS_FALSE;
const char *filename = NULL;
char *filenameToFree = NULL;
+ const char *gdal_driver_shortname = format->driver+5;
msGDALInitialize();
memset(&rb,0,sizeof(rasterBufferObj));
@@ -170,11 +171,11 @@ int msSaveImageGDAL( mapObj *map, imageObj *image, const char *filenameIn )
/* Identify the proposed output driver. */
/* -------------------------------------------------------------------- */
msAcquireLock( TLOCK_GDAL );
- hOutputDriver = GDALGetDriverByName( format->driver+5 );
+ hOutputDriver = GDALGetDriverByName( gdal_driver_shortname );
if( hOutputDriver == NULL ) {
msReleaseLock( TLOCK_GDAL );
msSetError( MS_MISCERR, "Failed to find %s driver.",
- "msSaveImageGDAL()", format->driver+5 );
+ "msSaveImageGDAL()", gdal_driver_shortname );
return MS_FAILURE;
}
@@ -190,8 +191,12 @@ int msSaveImageGDAL( mapObj *map, imageObj *image, const char *filenameIn )
if( pszExtension == NULL )
pszExtension = "img.tmp";
- if( bUseXmp == MS_FALSE && GDALGetMetadataItem( hOutputDriver, GDAL_DCAP_VIRTUALIO, NULL )
- != NULL ) {
+ if( bUseXmp == MS_FALSE &&
+ GDALGetMetadataItem( hOutputDriver, GDAL_DCAP_VIRTUALIO, NULL ) != NULL &&
+ /* We need special testing here for the netCDF driver, since recent */
+ /* GDAL versions advertize VirtualIO support, but this is only for the */
+ /* read-side of the driver, not the write-side. */
+ !EQUAL(gdal_driver_shortname, "netCDF") ) {
msCleanVSIDir( "/vsimem/msout" );
filenameToFree = msTmpFile(map, NULL, "/vsimem/msout/", pszExtension );
}
=====================================
mapogroutput.c
=====================================
@@ -892,7 +892,7 @@ int msOGRWriteFromQuery( mapObj *map, outputFormatObj *format, int sendheaders )
/* Process each layer with a resultset. */
/* ==================================================================== */
for( iLayer = 0; iLayer < map->numlayers; iLayer++ ) {
- int status;
+ int status = 0;
layerObj *layer = GET_LAYER(map, iLayer);
shapeObj resultshape;
OGRLayerH hOGRLayer;
@@ -1103,20 +1103,21 @@ int msOGRWriteFromQuery( mapObj *map, outputFormatObj *format, int sendheaders )
if( layer->resultcache->results[i].shape )
{
/* msDebug("Using cached shape %ld\n", layer->resultcache->results[i].shapeindex); */
- msCopyShape(layer->resultcache->results[i].shape, &resultshape);
+ status = msCopyShape(layer->resultcache->results[i].shape, &resultshape);
}
else
{
- status = msLayerGetShape(layer, &resultshape, &(layer->resultcache->results[i]));
- if(status != MS_SUCCESS) {
- OGR_DS_Destroy( hDS );
- msOGRCleanupDS( datasource_name );
- msGMLFreeItems(item_list);
- msFreeShape(&resultshape);
- CSLDestroy(layer_options);
- return status;
- }
+ status = msLayerGetShape(layer, &resultshape, &(layer->resultcache->results[i]));
}
+
+ if(status != MS_SUCCESS) {
+ OGR_DS_Destroy( hDS );
+ msOGRCleanupDS( datasource_name );
+ msGMLFreeItems(item_list);
+ msFreeShape(&resultshape);
+ CSLDestroy(layer_options);
+ return status;
+ }
/*
** Perform classification, and some annotation related magic.
=====================================
maprasterquery.c
=====================================
@@ -417,6 +417,9 @@ msRasterQueryByRectLow(mapObj *map, layerObj *layer, GDALDatasetH hDS,
CPLErr eErr;
rasterLayerInfo *rlinfo;
rectObj searchrect;
+#if PROJ_VERSION_MAJOR < 6
+ int mayNeedLonWrapAdjustment = MS_FALSE;
+#endif
rlinfo = (rasterLayerInfo *) layer->layerinfo;
@@ -555,6 +558,16 @@ msRasterQueryByRectLow(mapObj *map, layerObj *layer, GDALDatasetH hDS,
+ sqrt( rlinfo->range_dist );
dfAdjustedRange = dfAdjustedRange * dfAdjustedRange;
+#if PROJ_VERSION_MAJOR < 6
+ if( layer->project &&
+ pj_is_latlong(layer->projection.proj) &&
+ pj_is_latlong(map->projection.proj) )
+ {
+ double dfLonWrap = 0;
+ mayNeedLonWrapAdjustment = msProjectHasLonWrap(&(layer->projection), &dfLonWrap);
+ }
+#endif
+
/* -------------------------------------------------------------------- */
/* Loop over all pixels determining which are "in". */
/* -------------------------------------------------------------------- */
@@ -580,8 +593,22 @@ msRasterQueryByRectLow(mapObj *map, layerObj *layer, GDALDatasetH hDS,
/* coordinates if we have a hit */
sReprojectedPixelLocation = sPixelLocation;
if( layer->project )
+ {
+#if PROJ_VERSION_MAJOR < 6
+ /* Works around a bug in PROJ < 6 when reprojecting from a lon_wrap */
+ /* geogCRS to a geogCRS, and the input abs(longitude) is > 180. Then */
+ /* lon_wrap was ignored and the output longitude remained as the source */
+ if( mayNeedLonWrapAdjustment )
+ {
+ if( rlinfo->target_point.x < sReprojectedPixelLocation.x - 180 )
+ sReprojectedPixelLocation.x -= 360;
+ else if( rlinfo->target_point.x > sReprojectedPixelLocation.x + 180 )
+ sReprojectedPixelLocation.x += 360;
+ }
+#endif
msProjectPoint( &(layer->projection), &(map->projection),
&sReprojectedPixelLocation);
+ }
/* If we are doing QueryByShape, check against the shape now */
if( rlinfo->searchshape != NULL ) {
=====================================
mapresample.c
=====================================
@@ -1145,6 +1145,7 @@ static int msTransformMapToSource( int nDstXSize, int nDstYSize,
double dfYMinOut = 0.0;
double dfXMaxOut = 0.0;
double dfYMaxOut = 0.0;
+ const double dfHalfRes = adfDstGeoTransform[1] / 2;
/* Find out average y coordinate in src projection */
for( i = 0; i < nSamples; i++ ) {
@@ -1183,7 +1184,7 @@ static int msTransformMapToSource( int nDstXSize, int nDstYSize,
2, 1, x2, y2, z2 );
msReleaseLock( TLOCK_PROJ );
- if( x2[0] >= dfXMinOut && x2[0] <= dfXMaxOut &&
+ if( x2[0] >= dfXMinOut - dfHalfRes && x2[0] <= dfXMaxOut + dfHalfRes &&
y2[0] >= dfYMinOut && y2[0] <= dfYMaxOut )
{
double x_out = adfInvSrcGeoTransform[0]
@@ -1193,8 +1194,8 @@ static int msTransformMapToSource( int nDstXSize, int nDstYSize,
+ (dfLonWrap-180)*adfInvSrcGeoTransform[4]
+ dfY*adfInvSrcGeoTransform[5];
- /* Does the raster cover a whole 360 deg range ? */
- if( nSrcXSize == (int)(adfInvSrcGeoTransform[1] * 360 + 0.5) )
+ /* Does the raster cover, at least, a whole 360 deg range ? */
+ if( nSrcXSize >= (int)(adfInvSrcGeoTransform[1] * 360) )
{
psSrcExtent->minx = 0;
psSrcExtent->maxx = nSrcXSize;
@@ -1208,8 +1209,8 @@ static int msTransformMapToSource( int nDstXSize, int nDstYSize,
psSrcExtent->maxy = MS_MAX(psSrcExtent->maxy, y_out);
}
- if( x2[1] >= dfXMinOut && x2[1] <= dfXMaxOut &&
- x2[1] >= dfYMinOut && y2[1] <= dfYMaxOut )
+ if( x2[1] >= dfXMinOut - dfHalfRes && x2[1] <= dfXMaxOut + dfHalfRes &&
+ y2[1] >= dfYMinOut && y2[1] <= dfYMaxOut )
{
double x_out = adfInvSrcGeoTransform[0]
+ (dfLonWrap+180)*adfInvSrcGeoTransform[1]
@@ -1218,8 +1219,8 @@ static int msTransformMapToSource( int nDstXSize, int nDstYSize,
+ (dfLonWrap+180)*adfInvSrcGeoTransform[4]
+ dfY*adfInvSrcGeoTransform[5];
- /* Does the raster cover a whole 360 deg range ? */
- if( nSrcXSize == (int)(adfInvSrcGeoTransform[1] * 360 + 0.5) )
+ /* Does the raster cover, at least, a whole 360 deg range ? */
+ if( nSrcXSize >= (int)(adfInvSrcGeoTransform[1] * 360) )
{
psSrcExtent->minx = 0;
psSrcExtent->maxx = nSrcXSize;
=====================================
mapscript/php/mapscript_error.c
=====================================
@@ -35,8 +35,6 @@
#include <stdarg.h>
#include "../../maperror.h"
-#define MAX_EXCEPTION_MSG 256
-
zend_class_entry *mapscript_ce_mapscriptexception;
#if PHP_VERSION_ID >= 70000
@@ -46,9 +44,10 @@ zval* mapscript_throw_exception(char *format TSRMLS_DC, ...)
#endif
{
va_list args;
- char message[MAX_EXCEPTION_MSG];
+ char message[MESSAGELENGTH];
va_start(args, format);
- vsprintf(message, format, args);
+ //prevent buffer overflow
+ vsnprintf(message, MESSAGELENGTH, format, args);
va_end(args);
return zend_throw_exception(mapscript_ce_mapscriptexception, message, 0 TSRMLS_CC);
}
@@ -60,7 +59,7 @@ zval* mapscript_throw_mapserver_exception(char *format TSRMLS_DC, ...)
#endif
{
va_list args;
- char message[MAX_EXCEPTION_MSG];
+ char message[MESSAGELENGTH];
errorObj *ms_error;
ms_error = msGetErrorObj();
@@ -73,17 +72,20 @@ zval* mapscript_throw_mapserver_exception(char *format TSRMLS_DC, ...)
}
va_start(args, format);
- vsprintf(message, format, args);
+ //prevent buffer overflow
+ vsnprintf(message, MESSAGELENGTH, format, args);
va_end(args);
- return mapscript_throw_exception(message TSRMLS_CC);
+ //prevent format string attack
+ return mapscript_throw_exception("%s", message TSRMLS_CC);
}
void mapscript_report_php_error(int error_type, char *format TSRMLS_DC, ...)
{
va_list args;
- char message[MAX_EXCEPTION_MSG];
+ char message[MESSAGELENGTH];
va_start(args, format);
- vsprintf(message, format, args);
+ //prevent buffer overflow
+ vsnprintf(message, MESSAGELENGTH, format, args);
va_end(args);
php_error_docref(NULL TSRMLS_CC, error_type, "%s,", message);
}
=====================================
mapsymbol.c
=====================================
@@ -558,6 +558,7 @@ int loadSymbolSet(symbolSetObj *symbolset, mapObj *map)
char szPath[MS_MAXPATHLEN], *pszSymbolPath=NULL;
int foundSymbolSetToken=MS_FALSE;
+ int symbolSetLevel=0;
int token;
if(!symbolset) {
@@ -598,12 +599,20 @@ int loadSymbolSet(symbolSetObj *symbolset, mapObj *map)
switch(token) {
case(END):
+ if (--symbolSetLevel < 0) {
+ msSetError(MS_IDENTERR, "END token found outside SYMBOLSET context. When nesting multiple SYMBOLSETs, make sure the SYMBOLSET/END pairs match.", "msLoadSymbolSet()");
+ status = -1;
+ }
+ break;
case(EOF):
status = 0;
break;
case(SYMBOL):
/* Allocate/init memory for new symbol if needed */
- if (msGrowSymbolSet(symbolset) == NULL) {
+ if (symbolSetLevel == 0) {
+ msSetError(MS_IDENTERR, "SYMBOL token found outside SYMBOLSET context. When nesting multiple SYMBOLSETs, make sure the SYMBOLSET/END pairs match.", "msLoadSymbolSet()");
+ status = -1;
+ } else if (msGrowSymbolSet(symbolset) == NULL) {
status = -1;
} else if((loadSymbol((symbolset->symbol[symbolset->numsymbols]), pszSymbolPath) == -1))
status = -1;
@@ -612,6 +621,7 @@ int loadSymbolSet(symbolSetObj *symbolset, mapObj *map)
break;
case(SYMBOLSET):
foundSymbolSetToken = MS_TRUE;
+ symbolSetLevel++;
break;
default:
msSetError(MS_IDENTERR, "Parsing error near (%s):(line %d)", "loadSymbolSet()", msyystring_buffer, msyylineno);
=====================================
mapwfslayer.c
=====================================
@@ -256,7 +256,7 @@ static char *msBuildWFSLayerPostRequest(mapObj *map, layerObj *lp,
"</ogc:Filter>", pszGeometryName, bbox->minx, bbox->miny, bbox->maxx, bbox->maxy);
}
- bufferSize = strlen(pszFilter)+500;
+ bufferSize = strlen(pszFilter)+strlen(psParams->pszTypeName)+500;
pszPostReq = (char *)msSmallMalloc(bufferSize);
if (psParams->nMaxFeatures > 0)
snprintf(pszPostReq, bufferSize, "<?xml version=\"1.0\" ?>\n"
@@ -1295,4 +1295,3 @@ msWFSLayerInitializeVirtualTable(layerObj *layer)
return MS_SUCCESS;
}
-
View it on GitLab: https://salsa.debian.org/debian-gis-team/mapserver/-/compare/f805ff79fac76591d9390459d51b22b82716d13a...183b670e7ec0cd657d0958b2b0d95369d85c976a
--
View it on GitLab: https://salsa.debian.org/debian-gis-team/mapserver/-/compare/f805ff79fac76591d9390459d51b22b82716d13a...183b670e7ec0cd657d0958b2b0d95369d85c976a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20200327/c5ebd654/attachment-0001.html>
More information about the Pkg-grass-devel
mailing list