...
 
Commits (4)
mapserver (7.0.0-9ubuntu3.1) xenial-security; urgency=medium
* Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
(LP: #1648998)
-- Bas Couwenberg <sebastic@debian.org> Wed, 18 Jan 2017 23:38:33 +0100
mapserver (7.0.0-9ubuntu3) xenial; urgency=medium
* No-change rebuild for ruby2.3-only support.
-- Matthias Klose <doko@ubuntu.com> Sun, 13 Mar 2016 21:14:56 +0000
mapserver (7.0.0-9ubuntu2) xenial; urgency=medium
* No-change rebuild to add ruby2.3 support.
-- Matthias Klose <doko@ubuntu.com> Sun, 13 Mar 2016 12:34:42 +0000
mapserver (7.0.0-9ubuntu1) xenial; urgency=medium
* Disable php5-mapscript while swig does not support PHP 7.0
(LP: #1546823).
-- Nishanth Aravamudan <nish.aravamudan@canonical.com> Thu, 18 Feb 2016 16:24:09 -0800
mapserver (7.0.0-9) unstable; urgency=medium
* Update Vcs-Git URL to use HTTPS.
......
Source: mapserver
Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
XSBC-Original-Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
Uploaders: Francesco Paolo Lovergine <frankie@debian.org>,
Alan Boudreault <aboudreault@mapgears.com>,
Bas Couwenberg <sebastic@debian.org>
......@@ -29,7 +30,6 @@ Build-Depends: debhelper (>= 9),
libxml2-dev,
libxslt1-dev,
zlib1g-dev (>= 1.1.4),
php5-dev,
pkg-config,
pkg-kde-tools,
python-all (>= 2.6.6-3~),
......@@ -58,7 +58,6 @@ Suggests: cgi-mapserver,
mapserver-bin,
mapserver-doc,
libmapscript-perl,
php5-mapscript,
python-mapscript,
ruby-mapscript
Pre-Depends: ${misc:Pre-Depends}
......@@ -95,7 +94,6 @@ Suggests: cgi-mapserver,
mapserver-bin,
mapserver-doc,
libmapscript-perl,
php5-mapscript,
python-mapscript,
ruby-mapscript
Breaks: libmapserver-6.2.1-dev (<< 6.4.0-1~),
......@@ -118,7 +116,6 @@ Depends: ${shlibs:Depends},
Suggests: mapserver-bin,
mapserver-doc,
libmapscript-perl,
php5-mapscript,
python-mapscript,
ruby-mapscript
Description: CGI executable for MapServer
......@@ -140,7 +137,6 @@ Suggests: cgi-mapserver,
mapserver-doc,
shapelib,
libmapscript-perl,
php5-mapscript,
python-mapscript,
ruby-mapscript
Description: MapServer utilities
......@@ -157,7 +153,6 @@ Section: doc
Depends: ${misc:Depends}
Suggests: cgi-mapserver,
libmapscript-perl,
php5-mapscript,
python-mapscript,
ruby-mapscript
Description: documentation for MapServer
......@@ -168,19 +163,6 @@ Description: documentation for MapServer
functionality in MapScript is provided by the suggested mapscript
library packages.
Package: php5-mapscript
Architecture: any
Section: php
Depends: ${shlibs:Depends},
${misc:Depends}
Suggests: mapserver-bin,
mapserver-doc
Description: php5-cgi module for MapServer
PHP MapScript provides MapServer functions for PHP scripts.
.
MapServer is a CGI-based framework for Internet map services which
supports Open Geospatial Consortium (OGC) standards.
Package: libmapscript-perl
Architecture: any
Section: perl
......
Description: Backport #4928 and #5356
Author: Thomas Bonfort <thomas.bonfort@gmail.com>
Origin: https://github.com/mapserver/mapserver/commit/022d24bd34196b6dca67053fb797a6980210bc54
Last-Update: 2017-01-24
Index: mapserver-7.0.0/mapogr.cpp
===================================================================
--- mapserver-7.0.0.orig/mapogr.cpp 2017-01-24 09:12:57.751675311 -0500
+++ mapserver-7.0.0/mapogr.cpp 2017-01-24 09:13:13.431845432 -0500
@@ -1158,18 +1158,15 @@
RELEASE_OGR_LOCK;
if( hDS == NULL ) {
- if( strlen(CPLGetLastErrorMsg()) == 0 )
- msSetError(MS_OGRERR,
- "Open failed for OGR connection in layer `%s'. "
- "File not found or unsupported format.",
- "msOGRFileOpen()",
- layer->name?layer->name:"(null)" );
- else
- msSetError(MS_OGRERR,
- "Open failed for OGR connection in layer `%s'.\n%s\n",
- "msOGRFileOpen()",
- layer->name?layer->name:"(null)",
- CPLGetLastErrorMsg() );
+ msSetError(MS_OGRERR,
+ "Open failed for OGR connection in layer `%s'. "
+ "Check logs.",
+ "msOGRFileOpen()",
+ layer->name?layer->name:"(null)" );
+ if( strlen(CPLGetLastErrorMsg()) != 0 )
+ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n",
+ layer->name?layer->name:"(null)",
+ CPLGetLastErrorMsg() );
CPLFree( pszDSName );
CPLFree( pszLayerDef );
return NULL;
@@ -1194,10 +1191,13 @@
ACQUIRE_OGR_LOCK;
hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL );
if( hLayer == NULL ) {
- msSetError(MS_OGRERR,
- "ExecuteSQL(%s) failed.\n%s",
- "msOGRFileOpen()",
- pszLayerDef, CPLGetLastErrorMsg() );
+ msSetError(MS_OGRERR,
+ "ExecuteSQL(%s) failed. Check logs",
+ "msOGRFileOpen()",
+ pszLayerDef);
+ msDebug(
+ "ExecuteSQL(%s) failed.\n%s",
+ pszLayerDef, CPLGetLastErrorMsg() );
RELEASE_OGR_LOCK;
msConnPoolRelease( layer, hDS );
CPLFree( pszLayerDef );
@@ -1229,9 +1229,11 @@
}
if (hLayer == NULL) {
- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.",
- "msOGRFileOpen()",
- pszLayerDef, connection );
+ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check logs.",
+ "msOGRFileOpen()",
+ pszLayerDef);
+ msDebug("GetLayer(%s) failed for OGR connection `%s'.",
+ pszLayerDef, connection );
CPLFree( pszLayerDef );
msConnPoolRelease( layer, hDS );
return NULL;
@@ -1650,7 +1652,13 @@
CPLErrorReset();
if( OGR_L_SetAttributeFilter( psInfo->hLayer, pszOGRFilter ) != OGRERR_NONE ) {
- msSetError(MS_OGRERR, "SetAttributeFilter(%s) failed on layer %s.\n%s", "msOGRFileWhichShapes()", layer->filter.string+6, layer->name?layer->name:"(null)", CPLGetLastErrorMsg() );
+ msSetError(MS_OGRERR,
+ "SetAttributeFilter(%s) failed on layer %s.",
+ "msOGRFileWhichShapes()",
+ layer->filter.string+6, layer->name?layer->name:"(null)");
+ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s",
+ layer->filter.string+6, layer->name?layer->name:"(null)",
+ CPLGetLastErrorMsg() );
RELEASE_OGR_LOCK;
msFree(pszOGRFilter);
return MS_FAILURE;
@@ -1855,8 +1863,8 @@
if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) {
psInfo->last_record_index_read = -1;
if( CPLGetLastErrorType() == CE_Failure ) {
- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()",
- CPLGetLastErrorMsg() );
+ msSetError(MS_OGRERR, "OGR error. check logs", "msOGRFileNextShape()");
+ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() );
RELEASE_OGR_LOCK;
return MS_FAILURE;
} else {
Description: security fix (patch by EvenR)
Fixes CVE-2017-5522 (stack buffer overflow)
Author: Even Rouault <even.rouault@spatialys.com>
Origin: https://github.com/mapserver/mapserver/commit/fb00f8149898fcf9fcb490a179984e481248f066
https://github.com/mapserver/mapserver/commit/f096b132e58cdfe2714ce372e9f4f7c76d72c5ec
--- a/mapogcfilter.c
+++ b/mapogcfilter.c
@@ -2922,7 +2922,9 @@ char *FLTGetIsLikeComparisonExpression(F
pszValue = psFilterNode->psRightNode->pszValue;
nLength = strlen(pszValue);
-
+ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
+ return NULL;
+
iTmp =0;
if (nLength > 0 && pszValue[0] != pszWild[0] &&
pszValue[0] != pszSingle[0] &&
--- a/mapogcfiltercommon.c
+++ b/mapogcfiltercommon.c
@@ -88,6 +88,8 @@ char *FLTGetIsLikeComparisonCommonExpres
pszValue = psFilterNode->psRightNode->pszValue;
nLength = strlen(pszValue);
+ if( 1 + 2 * nLength + 1 + 1 >= sizeof(szTmp) )
+ return NULL;
iTmp =0;
if (nLength > 0 && pszValue[0] != pszWild[0] && pszValue[0] != pszSingle[0] && pszValue[0] != pszEscape[0]) {
......@@ -10,3 +10,5 @@ dont-export-mapserver-target-for-static-libmapserver.patch
0001-Fix-java-mapscript-to-be-compatible-with-newer-swig.patch
fix-types.patch
should-typo.patch
CVE-2016-9839.patch
CVE-2017-5522.patch
usr/lib/php5/
etc/php5/mods-available/
#!/bin/sh
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
#DEBHELPER#
if [ "$1" = "configure" ]; then
php5enmod mapscript
fi
exit 0
#!/bin/sh
set -e
#DEBHELPER#
if [ "$1" = "remove" ]; then
php5dismod mapscript
fi
exit 0
......@@ -22,7 +22,6 @@ CFLAGS += $(CPPFLAGS)
CFLAGS += $(LDFLAGS)
RUBYVERSIONS := $(shell dh_ruby --print-supported)
PHP5API := $(shell php-config5 --phpapi)
MANPAGES := $(wildcard debian/man/*.*.xml)
......@@ -83,7 +82,7 @@ override_dh_auto_clean:
override_dh_auto_configure:
dh_auto_configure -- $(CMAKE_OPTS) \
-DWITH_PYTHON=1 \
-DWITH_PHP=1 \
-DWITH_PHP=0 \
-DWITH_PERL=1 \
-DWITH_RUBY=0 \
-DWITH_JAVA=1 \
......@@ -142,20 +141,12 @@ override_dh_auto_install:
-mkdir -p debian/tmp/usr/lib/cgi-bin
install -m755 debian/tmp/usr/bin/mapserv debian/tmp/usr/lib/cgi-bin/mapserv
# PHP mapscript
echo 'misc:Depends=phpapi-'$(PHP5API) >> debian/php5-mapscript.substvars
-mkdir -p debian/tmp/etc/php5/mods-available/
install -m644 debian/mapscript.ini debian/tmp/etc/php5/mods-available/
override_dh_installchangelogs:
dh_installchangelogs HISTORY.TXT
override_dh_installexamples:
dh_installexamples
-chmod a-x $(CURDIR)/debian/php*-mapscript/usr/share/doc/php*-mapscript/examples/*.phtml
override_dh_install:
dh_install --autodest --list-missing
......