summaryrefslogtreecommitdiff
path: root/geography/gpsd
diff options
context:
space:
mode:
authorgdt <gdt@pkgsrc.org>2008-10-24 13:25:50 +0000
committergdt <gdt@pkgsrc.org>2008-10-24 13:25:50 +0000
commitf406a93c38e61a3e62961b17494be906e5ae81bb (patch)
tree3f91e33a0bc756d1eae63e962fc53b3ad8ee550b /geography/gpsd
parent2a488d8b37b01ec8e833db11a1f2dd11512277ed (diff)
downloadpkgsrc-f406a93c38e61a3e62961b17494be906e5ae81bb.tar.gz
Security fix: by default, only listen on INADDR_LOOPBACK, so that
position is only provided on on-machine clients. Previously, gpsd listened on INADDR_ANY, providing position of the computer to any host that asked. (The fix is in upstream bugzilla, with link in patches/patch-ac.)
Diffstat (limited to 'geography/gpsd')
-rw-r--r--geography/gpsd/Makefile3
-rw-r--r--geography/gpsd/distinfo4
-rw-r--r--geography/gpsd/patches/patch-ac45
-rw-r--r--geography/gpsd/patches/patch-ad41
4 files changed, 91 insertions, 2 deletions
diff --git a/geography/gpsd/Makefile b/geography/gpsd/Makefile
index 5196ce54fbd..eea6fa06576 100644
--- a/geography/gpsd/Makefile
+++ b/geography/gpsd/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2008/10/24 13:08:13 gdt Exp $
+# $NetBSD: Makefile,v 1.13 2008/10/24 13:25:50 gdt Exp $
DISTNAME= gpsd-2.37
+PKGREVISION= 1
CATEGORIES= geography
MASTER_SITES= http://download.berlios.de/gpsd/
diff --git a/geography/gpsd/distinfo b/geography/gpsd/distinfo
index d2c80ff8f18..63d4928ec5f 100644
--- a/geography/gpsd/distinfo
+++ b/geography/gpsd/distinfo
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.10 2008/10/24 13:08:13 gdt Exp $
+$NetBSD: distinfo,v 1.11 2008/10/24 13:25:50 gdt Exp $
SHA1 (gpsd-2.37.tar.gz) = 5bf4e1db9e570cc14b70bd0cf902926f96131ace
RMD160 (gpsd-2.37.tar.gz) = 72387ef3c8da39ed1a1dffa9aecfff1622023fcc
Size (gpsd-2.37.tar.gz) = 712943 bytes
SHA1 (patch-aa) = 0f581183a114d63733c57ed9f0ceead43e2e5607
SHA1 (patch-ab) = 869942effbfc22ece1716dce0ffb5c907dd66906
+SHA1 (patch-ac) = 2cfd090f2c7bf1d526b5d6125c451b5f45617dd0
+SHA1 (patch-ad) = 551701d43016f9fefd0bd488415bfecb62c55d1a
diff --git a/geography/gpsd/patches/patch-ac b/geography/gpsd/patches/patch-ac
new file mode 100644
index 00000000000..2bb560e7bc6
--- /dev/null
+++ b/geography/gpsd/patches/patch-ac
@@ -0,0 +1,45 @@
+$NetBSD: patch-ac,v 1.3 2008/10/24 13:25:50 gdt Exp $
+
+Don't expose position via INADDR_ANY by default. Security fix for
+http://developer.berlios.de/bugs/?func=detailbug&bug_id=14707&group_id=2116
+
+--- gpsd.c.orig 2008-01-28 15:04:33.000000000 -0500
++++ gpsd.c
+@@ -86,6 +86,7 @@
+ static fd_set all_fds;
+ static int maxfd;
+ static int debuglevel;
++static bool listen_global = false;
+ static bool in_background = false;
+ static bool nowait = false;
+ static jmp_buf restartbuf;
+@@ -230,7 +231,10 @@ static int passivesock(char *service, ch
+ /*@ -mustfreefresh @*/
+ memset((char *) &sin, 0, sizeof(sin));
+ /*@i1@*/sin.sin_family = AF_INET;
+- sin.sin_addr.s_addr = INADDR_ANY;
++ if (listen_global)
++ sin.sin_addr.s_addr = htonl(INADDR_ANY);
++ else
++ sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+ if ((pse = getservbyname(service, protocol)))
+ sin.sin_port = htons(ntohs((in_port_t)pse->s_port));
+@@ -1271,7 +1275,7 @@ int main(int argc, char *argv[])
+ (void)setlocale(LC_NUMERIC, "C");
+ #endif
+ debuglevel = 0;
+- while ((option = getopt(argc, argv, "F:D:S:bhNnP:V"
++ while ((option = getopt(argc, argv, "F:D:S:bhNnP:VG"
+ #ifdef RTCM104_SERVICE
+ "R:"
+ #endif /* RTCM104_SERVICE */
+@@ -1280,6 +1284,8 @@ int main(int argc, char *argv[])
+ case 'D':
+ debuglevel = (int) strtol(optarg, 0, 0);
+ break;
++ case 'G':
++ listen_global = true;
+ case 'F':
+ control_socket = optarg;
+ break;
diff --git a/geography/gpsd/patches/patch-ad b/geography/gpsd/patches/patch-ad
new file mode 100644
index 00000000000..ab01a2b9c67
--- /dev/null
+++ b/geography/gpsd/patches/patch-ad
@@ -0,0 +1,41 @@
+$NetBSD: patch-ad,v 1.3 2008/10/24 13:25:50 gdt Exp $
+
+Don't expose position via INADDR_ANY by default. Security fix for
+http://developer.berlios.de/bugs/?func=detailbug&bug_id=14707&group_id=2116
+
+--- gpsd.xml.orig 2008-01-21 13:35:31.000000000 -0500
++++ gpsd.xml
+@@ -20,6 +20,7 @@
+ <command>gpsd</command>
+ <arg choice='opt'>-f <replaceable>GPS-devicename</replaceable></arg>
+ <arg choice='opt'>-F <replaceable>control-socket</replaceable></arg>
++ <arg choice='opt'>-G </arg>
+ <!-- arg choice='opt'>-R
+ <replaceable>rtcm-listener-port</replaceable></arg -->
+ <arg choice='opt'>-S <replaceable>listener-port</replaceable></arg>
+@@ -107,6 +108,12 @@ commands that edit the daemon's internal
+ clients.</para></listitem>
+ </varlistentry -->
+ <varlistentry>
++<term>-G</term>
++<listitem><para>If present, listen for connections from other
++systems. Otherwise, listen only for connections from this system.
++</para></listitem>
++</varlistentry>
++<varlistentry>
+ <term>-S</term>
+ <listitem><para>Set TCP/IP port on which to listen for GPSD clients
+ (default is 2947).</para></listitem>
+@@ -871,6 +878,12 @@ will not attempt to document this interf
+ </refsect1>
+ <refsect1 id='security'><title>SECURITY AND PERMISSIONS ISSUES</title>
+
++<para><application>gpsd</application>, if given the -G flag, will
++listen for connections from any reachable host, and then disclose the
++current position. Before using the -G flag, consider whether you
++consider your computer's location to be sensitive data to be kept
++private or something that you wish to publish.</para>
++
+ <para><application>gpsd</application> must start up as root in order
+ to open the NTPD shared-memory segment, open its logfile, and create
+ its local control socket. Before doing any processing of GPS data, it