[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#855170: marked as done (unblock: mapserver/7.0.4-2)

Your message dated Tue, 14 Feb 2017 23:13:58 +0000
with message-id <E1cdmII-0003Qh-OM@respighi.debian.org>
and subject line unblock mapserver
has caused the Debian Bug report #855170,
regarding unblock: mapserver/7.0.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
855170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855170
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mapserver

The attached debdiff contains two patches.

The first fixes a DoS and was reported to me privately by Landry Breuil.

The second is not strictly required for unstable, it fixes a FTBFS issue
with PHP 5. It is required for the OSGeo-Live derivative which uses the
source package maintained in Debian.

unblock mapserver/7.0.4-2

Kind Regards,

Bas

diff -Nru mapserver-7.0.4/debian/changelog mapserver-7.0.4/debian/changelog
--- mapserver-7.0.4/debian/changelog	2017-01-16 19:38:29.000000000 +0100
+++ mapserver-7.0.4/debian/changelog	2017-02-14 18:29:54.000000000 +0100
@@ -1,3 +1,11 @@
+mapserver (7.0.4-2) unstable; urgency=medium
+
+  * Add patch to use include paths from php-config.
+  * Add patch by Landry Breuil to fix memory corruption/double-free
+    when LAYERS parameter is specified multiple times.
+
+ -- Bas Couwenberg <sebastic@debian.org>  Tue, 14 Feb 2017 18:29:54 +0100
+
 mapserver (7.0.4-1) unstable; urgency=high
 
   * New upstream release.
diff -Nru mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch
--- mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch	1970-01-01 01:00:00.000000000 +0100
+++ mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch	2017-02-14 18:23:46.000000000 +0100
@@ -0,0 +1,25 @@
+Description: Declare nLayerOrder where it's used.
+ If LAYERS is specified multiple times in the query string, nLayerOrder isnt
+ reset to 0, and this leads to memory corruption/double-free's upon exit.
+Author: Landry Breuil <breuil@craig.fr>
+Origin: https://github.com/mapserver/mapserver/commit/132695864b27bb6fced9a866f35365f445889a00
+Bug: https://github.com/mapserver/mapserver/issues/5387
+
+--- a/mapwms.c
++++ b/mapwms.c
+@@ -791,7 +791,6 @@ int msWMSLoadGetMapParams(mapObj *map, i
+                           const char *wms_request, owsRequestObj *ows_request)
+ {
+   int i, adjust_extent = MS_FALSE, nonsquare_enabled = MS_FALSE;
+-  int nLayerOrder = 0;
+   int transparent = MS_NOOVERRIDE;
+   int bbox_pixel_is_point = MS_FALSE;
+   outputFormatObj *format = NULL;
+@@ -870,6 +869,7 @@ int msWMSLoadGetMapParams(mapObj *map, i
+ 
+     if (strcasecmp(names[i], "LAYERS") == 0) {
+       int  j, k, iLayer, *layerOrder;
++      int nLayerOrder = 0;
+       char ***nestedGroups = NULL;
+       int *numNestedGroups = NULL;
+       int *isUsedInNestedGroup = NULL;
diff -Nru mapserver-7.0.4/debian/patches/php-mapscript.patch mapserver-7.0.4/debian/patches/php-mapscript.patch
--- mapserver-7.0.4/debian/patches/php-mapscript.patch	1970-01-01 01:00:00.000000000 +0100
+++ mapserver-7.0.4/debian/patches/php-mapscript.patch	2017-02-14 18:24:48.000000000 +0100
@@ -0,0 +1,18 @@
+Description: Use include paths from php-config when include path not found.
+Author: Bas Couwenberg <sebastic@debian.org>
+Forwarded: https://github.com/mapserver/mapserver/pull/5370
+Applied-Upstream: https://github.com/mapserver/mapserver/commit/37a70fff4ab54f12619833414cb1995643f7a10d
+
+--- a/cmake/FindPHP5.cmake
++++ b/cmake/FindPHP5.cmake
+@@ -86,6 +86,10 @@ IF(PHP5_CONFIG_EXECUTABLE)
+ 
+   MESSAGE(STATUS ${PHP5_MAIN_INCLUDE_DIR})
+ 
++  IF(NOT PHP5_INCLUDE_PATH)
++    set(PHP5_INCLUDE_PATH ${PHP5_INCLUDES})
++  ENDIF(NOT PHP5_INCLUDE_PATH)
++
+   IF(PHP5_VERSION LESS 5)
+     MESSAGE(FATAL_ERROR "PHP version is not 5 or later")
+   ENDIF(PHP5_VERSION LESS 5)
diff -Nru mapserver-7.0.4/debian/patches/series mapserver-7.0.4/debian/patches/series
--- mapserver-7.0.4/debian/patches/series	2017-01-07 11:15:20.000000000 +0100
+++ mapserver-7.0.4/debian/patches/series	2017-02-14 18:23:42.000000000 +0100
@@ -2,3 +2,5 @@
 perl-mapscript-install.patch
 ruby-mapscript-install.patch
 java-hardening.patch
+php-mapscript.patch
+0001-Declare-nLayerOrder-where-it-s-used.-5387.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: