Bug#855170: marked as done (unblock: mapserver/7.0.4-2)

Tue, 14 Feb 2017 15:16:07 -0800 

Your message dated Tue, 14 Feb 2017 23:13:58 +0000
with message-id <e1cdmii-0003qh...@respighi.debian.org>
and subject line unblock mapserver
has caused the Debian Bug report #855170,
regarding unblock: mapserver/7.0.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
855170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855170
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package mapserver

The attached debdiff contains two patches.

The first fixes a DoS and was reported to me privately by Landry Breuil.

The second is not strictly required for unstable, it fixes a FTBFS issue
with PHP 5. It is required for the OSGeo-Live derivative which uses the
source package maintained in Debian.

unblock mapserver/7.0.4-2

Kind Regards,

Bas

diff -Nru mapserver-7.0.4/debian/changelog mapserver-7.0.4/debian/changelog
--- mapserver-7.0.4/debian/changelog    2017-01-16 19:38:29.000000000 +0100
+++ mapserver-7.0.4/debian/changelog    2017-02-14 18:29:54.000000000 +0100
@@ -1,3 +1,11 @@
+mapserver (7.0.4-2) unstable; urgency=medium
+
+  * Add patch to use include paths from php-config.
+  * Add patch by Landry Breuil to fix memory corruption/double-free
+    when LAYERS parameter is specified multiple times.
+
+ -- Bas Couwenberg <sebas...@debian.org>  Tue, 14 Feb 2017 18:29:54 +0100
+
 mapserver (7.0.4-1) unstable; urgency=high
 
   * New upstream release.
diff -Nru 
mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch
 
mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch
--- 
mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch
 1970-01-01 01:00:00.000000000 +0100
+++ 
mapserver-7.0.4/debian/patches/0001-Declare-nLayerOrder-where-it-s-used.-5387.patch
 2017-02-14 18:23:46.000000000 +0100
@@ -0,0 +1,25 @@
+Description: Declare nLayerOrder where it's used.
+ If LAYERS is specified multiple times in the query string, nLayerOrder isnt
+ reset to 0, and this leads to memory corruption/double-free's upon exit.
+Author: Landry Breuil <bre...@craig.fr>
+Origin: 
https://github.com/mapserver/mapserver/commit/132695864b27bb6fced9a866f35365f445889a00
+Bug: https://github.com/mapserver/mapserver/issues/5387
+
+--- a/mapwms.c
++++ b/mapwms.c
+@@ -791,7 +791,6 @@ int msWMSLoadGetMapParams(mapObj *map, i
+                           const char *wms_request, owsRequestObj *ows_request)
+ {
+   int i, adjust_extent = MS_FALSE, nonsquare_enabled = MS_FALSE;
+-  int nLayerOrder = 0;
+   int transparent = MS_NOOVERRIDE;
+   int bbox_pixel_is_point = MS_FALSE;
+   outputFormatObj *format = NULL;
+@@ -870,6 +869,7 @@ int msWMSLoadGetMapParams(mapObj *map, i
+ 
+     if (strcasecmp(names[i], "LAYERS") == 0) {
+       int  j, k, iLayer, *layerOrder;
++      int nLayerOrder = 0;
+       char ***nestedGroups = NULL;
+       int *numNestedGroups = NULL;
+       int *isUsedInNestedGroup = NULL;
diff -Nru mapserver-7.0.4/debian/patches/php-mapscript.patch 
mapserver-7.0.4/debian/patches/php-mapscript.patch
--- mapserver-7.0.4/debian/patches/php-mapscript.patch  1970-01-01 
01:00:00.000000000 +0100
+++ mapserver-7.0.4/debian/patches/php-mapscript.patch  2017-02-14 
18:24:48.000000000 +0100
@@ -0,0 +1,18 @@
+Description: Use include paths from php-config when include path not found.
+Author: Bas Couwenberg <sebas...@debian.org>
+Forwarded: https://github.com/mapserver/mapserver/pull/5370
+Applied-Upstream: 
https://github.com/mapserver/mapserver/commit/37a70fff4ab54f12619833414cb1995643f7a10d
+
+--- a/cmake/FindPHP5.cmake
++++ b/cmake/FindPHP5.cmake
+@@ -86,6 +86,10 @@ IF(PHP5_CONFIG_EXECUTABLE)
+ 
+   MESSAGE(STATUS ${PHP5_MAIN_INCLUDE_DIR})
+ 
++  IF(NOT PHP5_INCLUDE_PATH)
++    set(PHP5_INCLUDE_PATH ${PHP5_INCLUDES})
++  ENDIF(NOT PHP5_INCLUDE_PATH)
++
+   IF(PHP5_VERSION LESS 5)
+     MESSAGE(FATAL_ERROR "PHP version is not 5 or later")
+   ENDIF(PHP5_VERSION LESS 5)
diff -Nru mapserver-7.0.4/debian/patches/series 
mapserver-7.0.4/debian/patches/series
--- mapserver-7.0.4/debian/patches/series       2017-01-07 11:15:20.000000000 
+0100
+++ mapserver-7.0.4/debian/patches/series       2017-02-14 18:23:42.000000000 
+0100
@@ -2,3 +2,5 @@
 perl-mapscript-install.patch
 ruby-mapscript-install.patch
 java-hardening.patch
+php-mapscript.patch
+0001-Declare-nLayerOrder-where-it-s-used.-5387.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---

Reply via email to