rpms/gpsdrive/F-10 gpsdrive-2.09-CVE-2008-5703.patch, NONE, 1.1 gpsdrive.spec, 1.4, 1.5
Kevin Fenzi
kevin at fedoraproject.org
Wed Feb 4 17:02:16 UTC 2009
Author: kevin
Update of /cvs/extras/rpms/gpsdrive/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15828
Modified Files:
gpsdrive.spec
Added Files:
gpsdrive-2.09-CVE-2008-5703.patch
Log Message:
fix for CVE-2008-4959 - bug 470241
fix for CVE-2008-5380 - bug 475478
fix for CVE-2008-5703 - bug 481702
gpsdrive-2.09-CVE-2008-5703.patch:
--- NEW FILE gpsdrive-2.09-CVE-2008-5703.patch ---
diff -Nur gpsdrive-2.09.orig/src/gpsdrive.c gpsdrive-2.09/src/gpsdrive.c
--- gpsdrive-2.09.orig/src/gpsdrive.c 2008-12-14 18:23:59.000000000 -0700
+++ gpsdrive-2.09/src/gpsdrive.c 2009-02-02 20:37:49.000000000 -0700
@@ -10482,9 +10482,6 @@
g_strlcpy (setpositionname, "", sizeof (setpositionname));
g_strlcpy (serialdev, "/dev/ttyS3", sizeof (serialdev));
-/* setup signal handler */
- signal (SIGUSR1, signalposreq);
-
usesql = TRUE;
// It seems like this doesnt work on cygwin unless the dlopen comes first..-jc
if (usesql)
@@ -12257,7 +12254,6 @@
gpsserialquit ();
unlink ("/tmp/cammain.pid");
unlink ("/tmp/gpsdrivetext.out");
- unlink ("/tmp/gpsdrivepos");
if (savetrack)
savetrackfile (FALSE);
sqlend ();
diff -Nur gpsdrive-2.09.orig/src/gpsproto.h gpsdrive-2.09/src/gpsproto.h
--- gpsdrive-2.09.orig/src/gpsproto.h 2004-02-25 09:19:39.000000000 -0700
+++ gpsdrive-2.09/src/gpsproto.h 2009-02-02 20:36:26.000000000 -0700
@@ -78,7 +78,6 @@
gint about_cb (GtkWidget * widget, guint datum);
gint sel_message_cb (GtkWidget * widget, guint datum);
gint setmessage_cb (GtkWidget * widget, guint datum);
-void signalposreq ();
gint reinsertwp_cb (GtkWidget * widget, guint datum);
GdkPixbuf *create_pixbuf (const gchar * filename);
int gpsserialinit (void);
diff -Nur gpsdrive-2.09.orig/src/splash.c gpsdrive-2.09/src/splash.c
--- gpsdrive-2.09.orig/src/splash.c 2004-03-01 20:07:17.000000000 -0700
+++ gpsdrive-2.09/src/splash.c 2009-02-02 20:36:06.000000000 -0700
@@ -1624,25 +1624,3 @@
return TRUE;
}
-
-/* writes time and position to /tmp/gpsdrivepos */
-
-void
-signalposreq ()
-{
- FILE *f;
- time_t t;
- struct tm *ts;
-
- f = fopen ("/tmp/gpsdrivepos", "w");
- if (f == NULL)
- {
- perror ("/tmp/gpsdrivepos");
- return;
- }
- time (&t);
- ts = localtime (&t);
- fprintf (f, asctime (ts));
- fprintf (f, "POS %f %f\n", current_lat, current_long);
- fclose (f);
-}
Index: gpsdrive.spec
===================================================================
RCS file: /cvs/extras/rpms/gpsdrive/F-10/gpsdrive.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- gpsdrive.spec 9 Apr 2008 03:06:12 -0000 1.4
+++ gpsdrive.spec 4 Feb 2009 17:01:46 -0000 1.5
@@ -1,7 +1,7 @@
Summary: A GPS based navigation tool
Name: gpsdrive
Version: 2.09
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2+
Group: Applications/Productivity
URL: http://www.gpsdrive.de/index.shtml
@@ -10,6 +10,7 @@
Patch1: gpsdrive-2.09-greek.patch
Patch2: gpsdrive-2.09-gcc43.patch
Patch3: gpsdrive-2.09-gps-mysql.patch
+Patch4: gpsdrive-2.09-CVE-2008-5703.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk2-devel >= 2.0.6
BuildRequires: gettext
@@ -35,6 +36,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
# Convert 8859 man pages to UTF-8
for f in man/es/gpsdrive.1 man/de/gpsdrive.1 ; do
@@ -91,6 +93,15 @@
rm -f ${RPM_BUILD_ROOT}%{_datadir}/gpsdrive/TODO
rm -f ${RPM_BUILD_ROOT}%{_datadir}/gpsdrive/create.sql
+# remove geo-code for CVE-2008-4959
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/geo-code
+
+# remove geo-nearest for CVE-2008-5380
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/geo-nearest
+
+# remove gpssmswatch for CVE-2008-5703
+rm -f ${RPM_BUILD_ROOT}%{_bindir}/gpssmswatch
+
desktop-file-install --vendor fedora \
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
gpsdrive.desktop
@@ -117,14 +128,11 @@
%{_libdir}/libnautic*
%{_bindir}/friendsd2
%{_bindir}/garble
-%{_bindir}/geo-code
-%{_bindir}/geo-nearest
%{_bindir}/geocache2way
%{_bindir}/gpsdrive
%{_bindir}/gpsfetchmap.pl
%{_bindir}/gpspoint2gpsdrive.pl
%{_bindir}/gpsreplay
-%{_bindir}/gpssmswatch
%{_bindir}/gpssql_backup.sh
%{_bindir}/gpssql_restore.sh
%{_bindir}/wpcvt
@@ -142,6 +150,11 @@
%{_datadir}/pixmaps/gpsicon.png
%changelog
+* Mon Feb 02 2009 Kevin Fenzi <kevin at tummy.com> - 2.09-7
+- fix for CVE-2008-4959 - bug 470241
+- fix for CVE-2008-5380 - bug 475478
+- fix for CVE-2008-5703 - bug 481702
+
* Tue Apr 08 2008 Kevin Fenzi <kevin at tummy.com> - 2.09-6
- Add patch for gpsd arguments - bug 438615
- Add patch for mysql - bug 441179
More information about the scm-commits
mailing list