On 01/07/2017 09:55 AM, Sebastiaan Couwenberg wrote:
> On 01/07/2017 09:19 AM, Adam D. Barratt wrote:
>> On Fri, 2017-01-06 at 23:23 +0000, Adam D. Barratt wrote:
>>> Control: tags -1 + pending
>>>
>>> On Thu, 2017-01-05 at 21:27 +0100, Sebastiaan Couwenberg wrote:
>>>> On 01/05/2017 09:04 PM, Adam D. Barratt wrote:
>>>>> On Tue, 2016-12-06 at 22:00 +0100, Sebastiaan Couwenberg wrote:
>>>>>> Sorry for the outdated debdiff, for p-u the distribution has been
>>>>>> changed to stable.
>>>>>
>>>>> Please go ahead.
>>>>
>>>> Thanks!
>>>
>>> Flagged for acceptance.
>>
>> The upload subsequently FTBFS on all architectures on the buildds.
>>
>> The relevant portion of the logs appears to be:
>>
>> [...]
>>
>> I'm not entirely sure how you managed to build the amd64 packages
>> without this issue occurring, but please look into this ASAP. As things
>> stand, we won't be including mapserver in 8.7.
>
> I simply built the package in an up-to-date jessie cowbuilder chroot.
>
> The buildds used a newer PHP from p-u, my build was with
> 5.6.24+dfsg-0+deb8u1 in jessie.
>
> I can reproduce the build failure with an i386 chroot on barriere, which
> also uses php 5.6.29+dfsg-0+deb8u1 from jessie-security.
>
> Disabling the PHP support in mapserver may be an option, it has been
> disabled in testing/unstable too because it lacks support for PHP 7. It
> will force users to migrate to other mapscript implementations sooner
> than their upgrade to stretch.
>
> Another option it cherry-pick this change from upstream for this issue:
>
>
> https://github.com/mapserver/mapserver/commit/d5cc5840683bded229dbc2cc7d534db6d1e1f386#diff-f8894221d4e5ead75cf65d8aa506ae91
>
> If that change to mapscript/php/error.c is acceptable for jessie, I'll
> include it in the package and prepare mapserver/6.4.1-5+deb8u2.
I've confirmed that the above commit fixes the FTFBS in the jessie i386
chroot on barriere (with php 5.6.29+dfsg-0+deb8u1), and also works in my
jessie amd64 chroot (with php 5.6.24+dfsg-0+deb8u1).
Updated debdiff against the version in jessie is attached.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
diff -Nru mapserver-6.4.1/debian/changelog mapserver-6.4.1/debian/changelog
--- mapserver-6.4.1/debian/changelog 2014-07-05 17:32:59.000000000 +0200
+++ mapserver-6.4.1/debian/changelog 2017-01-07 10:02:02.000000000 +0100
@@ -1,3 +1,15 @@
+mapserver (6.4.1-5+deb8u2) stable; urgency=medium
+
+ * Add upstream patch to fix FTBFS with php >= 5.6.25.
+
+ -- Bas Couwenberg <sebas...@debian.org> Sat, 07 Jan 2017 09:43:05 +0100
+
+mapserver (6.4.1-5+deb8u1) stable; urgency=high
+
+ * Add upstream patch to fix CVE-2016-9839.
+
+ -- Bas Couwenberg <sebas...@debian.org> Mon, 05 Dec 2016 22:05:30 +0100
+
mapserver (6.4.1-5) unstable; urgency=medium
* Add debug package for libmapserver. Thanks to Frederic Junod for the patch.
diff -Nru mapserver-6.4.1/debian/patches/0001-Backport-4928-and-5356.patch
mapserver-6.4.1/debian/patches/0001-Backport-4928-and-5356.patch
--- mapserver-6.4.1/debian/patches/0001-Backport-4928-and-5356.patch
1970-01-01 01:00:00.000000000 +0100
+++ mapserver-6.4.1/debian/patches/0001-Backport-4928-and-5356.patch
2017-01-07 09:27:30.000000000 +0100
@@ -0,0 +1,120 @@
+From 022d24bd34196b6dca67053fb797a6980210bc54 Mon Sep 17 00:00:00 2001
+From: Thomas Bonfort <thomas.bonf...@gmail.com>
+Date: Thu, 1 Dec 2016 18:59:05 +0100
+Subject: Backport #4928 and #5356
+
+---
+ mapogr.cpp | 52 ++++++++++++++++++++++++++++------------------------
+ mappostgis.c | 4 ++--
+ 2 files changed, 30 insertions(+), 26 deletions(-)
+
+--- a/mapogr.cpp
++++ b/mapogr.cpp
+@@ -1118,18 +1118,15 @@ msOGRFileOpen(layerObj *layer, const cha
+ RELEASE_OGR_LOCK;
+
+ if( hDS == NULL ) {
+- if( strlen(CPLGetLastErrorMsg()) == 0 )
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'. "
+- "File not found or unsupported format.",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)" );
+- else
+- msSetError(MS_OGRERR,
+- "Open failed for OGR connection in layer `%s'.\n%s\n",
+- "msOGRFileOpen()",
+- layer->name?layer->name:"(null)",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "Open failed for OGR connection in layer `%s'. "
++ "Check logs.",
++ "msOGRFileOpen()",
++ layer->name?layer->name:"(null)" );
++ if( strlen(CPLGetLastErrorMsg()) != 0 )
++ msDebug("Open failed for OGR connection in layer `%s'.\n%s\n",
++ layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ CPLFree( pszDSName );
+ CPLFree( pszLayerDef );
+ return NULL;
+@@ -1154,10 +1151,13 @@ msOGRFileOpen(layerObj *layer, const cha
+ ACQUIRE_OGR_LOCK;
+ hLayer = OGR_DS_ExecuteSQL( hDS, pszLayerDef, NULL, NULL );
+ if( hLayer == NULL ) {
+- msSetError(MS_OGRERR,
+- "ExecuteSQL(%s) failed.\n%s",
+- "msOGRFileOpen()",
+- pszLayerDef, CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR,
++ "ExecuteSQL(%s) failed. Check logs",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug(
++ "ExecuteSQL(%s) failed.\n%s",
++ pszLayerDef, CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ msConnPoolRelease( layer, hDS );
+ CPLFree( pszLayerDef );
+@@ -1189,9 +1189,11 @@ msOGRFileOpen(layerObj *layer, const cha
+ }
+
+ if (hLayer == NULL) {
+- msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection `%s'.",
+- "msOGRFileOpen()",
+- pszLayerDef, connection );
++ msSetError(MS_OGRERR, "GetLayer(%s) failed for OGR connection. Check
logs.",
++ "msOGRFileOpen()",
++ pszLayerDef);
++ msDebug("GetLayer(%s) failed for OGR connection `%s'.",
++ pszLayerDef, connection );
+ CPLFree( pszLayerDef );
+ msConnPoolRelease( layer, hDS );
+ return NULL;
+@@ -1356,10 +1358,12 @@ static int msOGRFileWhichShapes(layerObj
+ if( OGR_L_SetAttributeFilter( psInfo->hLayer, layer->filter.string+6 )
+ != OGRERR_NONE ) {
+ msSetError(MS_OGRERR,
+- "SetAttributeFilter(%s) failed on layer %s.\n%s",
++ "SetAttributeFilter(%s) failed on layer %s.",
+ "msOGRFileWhichShapes()",
+- layer->filter.string+6, layer->name?layer->name:"(null)",
+- CPLGetLastErrorMsg() );
++ layer->filter.string+6, layer->name?layer->name:"(null)");
++ msDebug("SetAttributeFilter(%s) failed on layer %s.\n%s",
++ layer->filter.string+6, layer->name?layer->name:"(null)",
++ CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ }
+@@ -1562,8 +1566,8 @@ msOGRFileNextShape(layerObj *layer, shap
+ if( (hFeature = OGR_L_GetNextFeature( psInfo->hLayer )) == NULL ) {
+ psInfo->last_record_index_read = -1;
+ if( CPLGetLastErrorType() == CE_Failure ) {
+- msSetError(MS_OGRERR, "%s", "msOGRFileNextShape()",
+- CPLGetLastErrorMsg() );
++ msSetError(MS_OGRERR, "OGR error. check logs",
"msOGRFileNextShape()");
++ msDebug("msOGRFileNextShape() error: %s", CPLGetLastErrorMsg() );
+ RELEASE_OGR_LOCK;
+ return MS_FAILURE;
+ } else {
+--- a/mappostgis.c
++++ b/mappostgis.c
+@@ -2305,7 +2305,8 @@ int msPostGISLayerOpen(layerObj *layer)
+ }
+ }
+
+- msSetError(MS_QUERYERR, "Database connection failed (%s) with connect
string '%s'\nIs the database running? Is it allowing connections? Does the
specified user exist? Is the password valid? Is the database on the standard
port?", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msDebug("Database connection failed (%s) with connect string '%s'\nIs
the database running? Is it allowing connections? Does the specified user
exist? Is the password valid? Is the database on the standard port?.\n",
PQerrorMessage(layerinfo->pgconn), maskeddata);
++ msSetError(MS_QUERYERR, "Database connection failed.\nIs the database
running? Is it allowing connections? Does the specified user exist? Is the
password valid? Is the database on the standard port?", "msPostGISLayerOpen()");
+
+ free(maskeddata);
+ free(layerinfo);
+@@ -2327,7 +2328,6 @@ int msPostGISLayerOpen(layerObj *layer)
+ msSetError(MS_QUERYERR, "PostgreSQL database connection gone bad
(%s)", "msPostGISLayerOpen()", PQerrorMessage(layerinfo->pgconn));
+ return MS_FAILURE;
+ }
+-
+ }
+ }
+
diff -Nru
mapserver-6.4.1/debian/patches/0001-Fix-build-issue-with-php-5.6.25-5318.patch
mapserver-6.4.1/debian/patches/0001-Fix-build-issue-with-php-5.6.25-5318.patch
---
mapserver-6.4.1/debian/patches/0001-Fix-build-issue-with-php-5.6.25-5318.patch
1970-01-01 01:00:00.000000000 +0100
+++
mapserver-6.4.1/debian/patches/0001-Fix-build-issue-with-php-5.6.25-5318.patch
2017-01-07 10:01:02.000000000 +0100
@@ -0,0 +1,25 @@
+Description: Fix build issue with php >= 5.6.25.
+Author: Landry Breuil
+Origin:
https://github.com/mapserver/mapserver/commit/d5cc5840683bded229dbc2cc7d534db6d1e1f386
+Bug: https://github.com/mapserver/mapserver/pull/5318
+
+--- a/mapscript/php/error.c
++++ b/mapscript/php/error.c
+@@ -31,6 +31,17 @@
+
+ #include "php_mapscript.h"
+
++#if PHP_VERSION_ID >= 50625
++#undef ZVAL_STRING
++#define ZVAL_STRING(z, s, duplicate) do { \
++ const char *__s=(s); \
++ zval *__z = (z); \
++ Z_STRLEN_P(__z) = strlen(__s); \
++ Z_STRVAL_P(__z) = (duplicate?estrndup(__s, Z_STRLEN_P(__z)):(char*)__s);\
++ Z_TYPE_P(__z) = IS_STRING; \
++} while (0)
++#endif
++
+ zend_class_entry *mapscript_ce_error;
+
+ ZEND_BEGIN_ARG_INFO_EX(error___get_args, 0, 0, 1)
diff -Nru mapserver-6.4.1/debian/patches/series
mapserver-6.4.1/debian/patches/series
--- mapserver-6.4.1/debian/patches/series 2014-07-05 17:32:59.000000000
+0200
+++ mapserver-6.4.1/debian/patches/series 2017-01-07 10:00:07.000000000
+0100
@@ -5,3 +5,5 @@
cmake-mapserver-export.patch
java-hardening.patch
php56.patch
+0001-Backport-4928-and-5356.patch
+0001-Fix-build-issue-with-php-5.6.25-5318.patch
