patches

nd-guest Mon, 29 Dec 2008 08:12:06 -0800

Author: nd-guest
Date: 2008-12-29 16:12:01 +0000 (Mon, 29 Dec 2008)
New Revision: 1835


Added:
   packages/gpsdrive/trunk/debian/patches/101-signalposreq.dpatch
   packages/gpsdrive/trunk/debian/patches/102-unittest.dpatch
Modified:
   packages/gpsdrive/trunk/debian/patches/00list
Log:
add patches to fix several symlink vulnerabilites.


Modified: packages/gpsdrive/trunk/debian/patches/00list
===================================================================
--- packages/gpsdrive/trunk/debian/patches/00list       2008-12-27 15:33:32 UTC 
(rev 1834)
+++ packages/gpsdrive/trunk/debian/patches/00list       2008-12-29 16:12:01 UTC 
(rev 1835)
@@ -16,3 +16,5 @@
 98-mapnik-exception
 99-autobestmap
 100-fix-insecure-tempfiles
+101-signalposreq
+102-unittest

Added: packages/gpsdrive/trunk/debian/patches/101-signalposreq.dpatch
===================================================================
--- packages/gpsdrive/trunk/debian/patches/101-signalposreq.dpatch              
                (rev 0)
+++ packages/gpsdrive/trunk/debian/patches/101-signalposreq.dpatch      
2008-12-29 16:12:01 UTC (rev 1835)
@@ -0,0 +1,70 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 101-signalposreq.dpatch by Andreas Putzo <andr...@putzo.net>
+##
+## DP: Remove signalposreq() from gpsdrive, vulnerable to symlink attacks.
+## DP: Remove weird deletion of temporary files.
+
+...@dpatch@
+diff -urNad gpsdrive-2.10~pre4-6.dfsg~/src/gpsdrive.c 
gpsdrive-2.10~pre4-6.dfsg/src/gpsdrive.c
+--- gpsdrive-2.10~pre4-6.dfsg~/src/gpsdrive.c  2008-12-28 18:10:54.000000000 
+0000
++++ gpsdrive-2.10~pre4-6.dfsg/src/gpsdrive.c   2008-12-28 18:11:27.000000000 
+0000
+@@ -3087,9 +3087,6 @@
+     /*  all default values must be set BEFORE readconfig! */
+     g_strlcpy (setpositionname, "", sizeof (setpositionname));
+ 
+-    /* setup signal handler */
+-    signal (SIGUSR1, signalposreq);
+-
+     sql_load_lib();
+     /*  I18l */
+ 
+@@ -3419,9 +3416,6 @@
+     gdk_pixbuf_unref (friendspixbuf);
+ 
+ 
+-    unlink ("/tmp/cammain.pid");
+-    unlink ("/tmp/gpsdrivetext.out");
+-    unlink ("/tmp/gpsdrivepos");
+     if (local_config.savetrack)
+       savetrackfile (2);
+     sqlend ();
+diff -urNad gpsdrive-2.10~pre4-6.dfsg~/src/gpsproto.h 
gpsdrive-2.10~pre4-6.dfsg/src/gpsproto.h
+--- gpsdrive-2.10~pre4-6.dfsg~/src/gpsproto.h  2007-09-14 21:47:13.000000000 
+0000
++++ gpsdrive-2.10~pre4-6.dfsg/src/gpsproto.h   2008-12-28 18:11:32.000000000 
+0000
+@@ -75,7 +75,6 @@
+ gint settings_main_cb (GtkWidget *widget, guint datum);
+ gint sel_message_cb (GtkWidget * widget, guint datum);
+ gint setmessage_cb (GtkWidget * widget, guint datum);
+-void signalposreq ();
+ gint reinsertwp_cb (GtkWidget * widget, guint datum);
+ GdkPixbuf *create_pixbuf (const gchar * filename);
+ gint simulated_pos (GtkWidget * widget, guint * datum);
+diff -urNad gpsdrive-2.10~pre4-6.dfsg~/src/splash.c 
gpsdrive-2.10~pre4-6.dfsg/src/splash.c
+--- gpsdrive-2.10~pre4-6.dfsg~/src/splash.c    2007-09-14 21:47:13.000000000 
+0000
++++ gpsdrive-2.10~pre4-6.dfsg/src/splash.c     2008-12-28 18:11:18.000000000 
+0000
+@@ -630,25 +630,3 @@
+                         (gtk_widget_destroy), NULL);
+       return TRUE;
+ }
+-
+-
+-/* writes time and position to /tmp/gpsdrivepos */
+-void
+-signalposreq ()
+-{
+-      FILE *f;
+-      time_t t;
+-      struct tm *ts;
+-
+-      f = fopen ("/tmp/gpsdrivepos", "w");
+-      if (f == NULL)
+-      {
+-              perror ("/tmp/gpsdrivepos");
+-              return;
+-      }
+-      time (&t);
+-      ts = localtime (&t);
+-      fprintf (f, asctime (ts));
+-      fprintf (f, "POS %f %f\n", coords.current_lat, coords.current_lon);
+-      fclose (f);
+-}


Property changes on: 
packages/gpsdrive/trunk/debian/patches/101-signalposreq.dpatch
___________________________________________________________________
Name: svn:executable
   + *

Added: packages/gpsdrive/trunk/debian/patches/102-unittest.dpatch
===================================================================
--- packages/gpsdrive/trunk/debian/patches/102-unittest.dpatch                  
        (rev 0)
+++ packages/gpsdrive/trunk/debian/patches/102-unittest.dpatch  2008-12-29 
16:12:01 UTC (rev 1835)
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 102-unittest.dpatch by Andreas Putzo <andr...@putzo.net>
+##
+## DP: Use mkdtemp to avoid a potential symlink attack.
+
+...@dpatch@
+diff -urNad gpsdrive-2.10~pre4-6.dfsg~/src/unit_test.c 
gpsdrive-2.10~pre4-6.dfsg/src/unit_test.c
+--- gpsdrive-2.10~pre4-6.dfsg~/src/unit_test.c 2007-09-15 15:12:03.000000000 
+0000
++++ gpsdrive-2.10~pre4-6.dfsg/src/unit_test.c  2008-12-29 15:33:26.000000000 
+0000
+@@ -649,10 +649,12 @@
+     gchar fn[500];
+     gint response;
+ 
+-
+-    g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test");
+-    mkdir (dir_proc, 0777);
+-    g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test/proc");
++    strncpy(dir_proc, "/tmp/gpsdrive-unit-test.XXXXXX", sizeof(dir_proc));
++    if (mkdtemp(dir_proc) == NULL) {
++        printf("Error: Faild to create temporary directory\n");
++        exit(1);
++    }
++    strncat(dir_proc, "/proc", sizeof(dir_proc));
+     mkdir (dir_proc, 0777);
+ 
+     if (mydebug > 0)


Property changes on: packages/gpsdrive/trunk/debian/patches/102-unittest.dpatch
___________________________________________________________________
Name: svn:executable
   + *


_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel

[DebianGIS-dev] r1835 - packages/gpsdrive/trunk/debian/patches

Reply via email to