debian/0000755000000000000000000000000012314063436007170 5ustar debian/libgypsy-dev.install0000644000000000000000000000012211411755500013166 0ustar /usr/include/gypsy/ /usr/lib/*.a /usr/lib/*.la /usr/lib/*.so /usr/lib/pkgconfig/ debian/rules0000755000000000000000000000041511715273460010254 0ustar #!/usr/bin/make -f %: dh $@ --with autoreconf override_dh_auto_configure: dh_auto_configure --libexecdir=/usr/lib/gypsy/ override_dh_auto_install: dh_auto_install for file in debian/tmp/usr/lib/*.la; do \ sed -i "/dependency_libs/ s/'.*'/''/" $$file ; \ done debian/libgypsy0.install0000644000000000000000000000002711411756534012506 0ustar /usr/lib/libgypsy.so.* debian/copyright0000644000000000000000000000670111411761523011126 0ustar gypsy was debianized by Alexander Sack in Jun 2010; Packaging in debian/ is Copyright Linaro, 2010 ======= The overall gypsy release is Copyright "The Authors" and is licensed under the GPLv2 (or later) - GPL (v2 or later) - /usr/share/common-licenses/GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Some files are licensed under a more permissive license; namely + src/nmea-gen.h, src/garmin.h, src/nmea-gen.c: - BSD (2-clause): Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + gypsy/gypsy-course.h, gypsy/gypsy-device.h, gypsy/gypsy-time.c, gypsy/gypsy-accuracy.h, gypsy/gypsy-accuracy.c, gypsy/gypsy-satellite.h, gypsy/gypsy-control.h, gypsy/gypsy-satellite.c, gypsy/gypsy-course.c, gypsy/gypsy-position.c, gypsy/gypsy-position.h, gypsy/gypsy-device.c, gypsy/gypsy-control.c, gypsy/gypsy-time.h: - LGPL (v2 or later) - /usr/share/common-licenses/LGPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. debian/libgypsy-doc.install0000644000000000000000000000003711411755267013174 0ustar /usr/share/gtk-doc/html/gypsy/ debian/source/0000755000000000000000000000000011411754326010472 5ustar debian/source/format0000644000000000000000000000001411411754326011700 0ustar 3.0 (quilt) debian/patches/0000755000000000000000000000000012314063431010612 5ustar debian/patches/cve-2011-0523.patch0000644000000000000000000001437511715273130013375 0ustar Author: Michael Leibowitz Description: This is in response to Bug 33431 "CVE-2011-0523: arbitrary file access and buffer overflows" A new config file, /etc/gypsy.conf, is added that specifies a whitelist of globs. By default, they are "/dev/tty*", "/dev/pgps", and "bluetooth" (which matches Bluetooth addresses). Origin: upstream, https://bugs.freedesktop.org/attachment.cgi?id=52255 Index: gypsy-0.8/Makefile.am =================================================================== --- gypsy-0.8.orig/Makefile.am 2009-08-06 16:05:39.000000000 +0200 +++ gypsy-0.8/Makefile.am 2012-02-10 20:51:12.270849703 +0100 @@ -1,4 +1,4 @@ -SUBDIRS = interfaces src gypsy examples docs +SUBDIRS = interfaces src gypsy examples docs etc pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = gypsy.pc Index: gypsy-0.8/configure.ac =================================================================== --- gypsy-0.8.orig/configure.ac 2010-06-09 16:58:03.000000000 +0200 +++ gypsy-0.8/configure.ac 2012-02-10 20:51:12.270849703 +0100 @@ -43,6 +43,8 @@ AC_SUBST(DBUS_SYS_DIR) AC_DEFINE_UNQUOTED(DBUS_SYS_DIR, "$DBUS_SYS_DIR", [Where the system dir for D-Bus is]) +AC_DEFINE_UNQUOTED(CONFIG_FILE_PATH, "${sysconfdir}/gypsy.conf", [The absolute path of the config file]) + DBUS_SERVICES_DIR="${datadir}/dbus-1/system-services" AC_SUBST(DBUS_SERVICES_DIR) AC_DEFINE_UNQUOTED(DBUS_SERVICES_DIR, "$DBUS_SERVICES_DIR", [Where services dir for D-Bus is]) @@ -72,6 +74,7 @@ docs/reference/Makefile docs/reference/version.xml docs/tools/Makefile +etc/Makefile gypsy.pc ]) Index: gypsy-0.8/etc/Makefile.am =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ gypsy-0.8/etc/Makefile.am 2012-02-10 20:51:12.270849703 +0100 @@ -0,0 +1,2 @@ +configdir = $(sysconfdir) +dist_config_DATA = gypsy.conf Index: gypsy-0.8/etc/gypsy.conf =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ gypsy-0.8/etc/gypsy.conf 2012-02-10 20:51:12.270849703 +0100 @@ -0,0 +1,2 @@ +[gypsy] +AllowedDeviceGlobs=/dev/tty*;/dev/pgps;bluetooth Index: gypsy-0.8/src/gypsy-server.c =================================================================== --- gypsy-0.8.orig/src/gypsy-server.c 2009-08-06 12:28:12.000000000 +0200 +++ gypsy-0.8/src/gypsy-server.c 2012-02-10 20:56:02.298849424 +0100 @@ -28,12 +28,17 @@ /* * GypsyServer - The main control object that creates GPS connection objects. */ +#include "config.h" #include #include #include #include +#ifdef HAVE_BLUEZ +#include +#endif + #include "gypsy-server.h" #include "gypsy-client.h" @@ -48,6 +53,9 @@ int client_count; /* When client_count returns to 0, we quit the daemon after TERMINATE_TIMEOUT */ guint32 terminate_id; + + gchar **allowed_device_globs; + gsize allowed_device_glob_count; } GypsyServerPrivate; static guint32 signals[LAST_SIGNAL] = {0, }; @@ -59,6 +67,9 @@ #define GYPSY_GPS_PATH "/org/freedesktop/Gypsy/" #define TERMINATE_TIMEOUT 10000 /* 10 second timeout */ +#define GYPSY_CONF_GROUP "gypsy" +#define GYPSY_CONF_GLOB_KEY "AllowedDeviceGlobs" + static void gypsy_server_create (GypsyServer *gps, const char *IN_device_path, DBusGMethodInvocation *context); @@ -101,6 +112,8 @@ GypsyClient *client; char *path, *device_name, *sender; GList *list; + int i; + gboolean allowed; priv = GET_PRIVATE (gps); @@ -111,6 +124,40 @@ priv->terminate_id = 0; } + + /* compare priv->device_path to allowed globs + * if not allowed, error out */ + allowed = FALSE; + for (i = 0; i < priv->allowed_device_glob_count; i++) { + if (g_str_equal (priv->allowed_device_globs[i], "bluetooth")) { +#ifdef HAVE_BLUEZ + if (bachk (IN_device_path) == 0) { + allowed = TRUE; + break; + } +#else + continue; +#endif /* HAVE_BLUEZ */ + } + if (g_pattern_match_simple (priv->allowed_device_globs[i], + IN_device_path)) { + allowed = TRUE; + break; + } + } + if (allowed == FALSE) { + g_warning ("The device path %s is not allowed by config file", + IN_device_path); + GError *error = NULL; + error = g_error_new (GYPSY_SERVER_ERROR, + GYPSY_SERVER_ERROR_BAD_PATH, + "Bad path: %s", + IN_device_path); + dbus_g_method_return_error (context, error); + g_error_free (error); + return; + } + g_debug ("Creating client for %s", IN_device_path); device_name = g_path_get_basename (IN_device_path); g_debug ("Device name: %s", device_name); @@ -250,6 +297,7 @@ { GypsyServerPrivate *priv = GET_PRIVATE (gps); GError *error = NULL; + GKeyFile *key_file = NULL; priv->connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error); if (priv->connection == NULL) { @@ -265,6 +313,27 @@ priv->client_count = 0; priv->terminate_id = 0; + + key_file = g_key_file_new(); + if (!g_key_file_load_from_file (key_file, CONFIG_FILE_PATH, + G_KEY_FILE_NONE, &error)) + goto error; + + priv->allowed_device_globs = g_key_file_get_string_list (key_file, + GYPSY_CONF_GROUP, + GYPSY_CONF_GLOB_KEY, + &(priv->allowed_device_glob_count), + &error); + if (!priv->allowed_device_globs) + goto error; + + return; + +error: + g_warning ("Error parsing config file:\n%s", + error->message); + g_error_free (error); + g_key_file_free (key_file); } void Index: gypsy-0.8/src/gypsy-server.h =================================================================== --- gypsy-0.8.orig/src/gypsy-server.h 2009-08-03 12:41:42.000000000 +0200 +++ gypsy-0.8/src/gypsy-server.h 2012-02-10 20:51:12.270849703 +0100 @@ -37,6 +37,7 @@ typedef enum { GYPSY_SERVER_ERROR_NO_CLIENT, + GYPSY_SERVER_ERROR_BAD_PATH } GypsyServerError; typedef struct _GypsyServer { debian/patches/message-cast.patch0000644000000000000000000000150712314063431014212 0ustar Description: Fix -Werror=format failure with g_message Author: Colin Watson Forwarded: no Last-Update: 2014-03-24 Index: b/src/gypsy-client.c =================================================================== --- a/src/gypsy-client.c +++ b/src/gypsy-client.c @@ -712,7 +712,7 @@ return FALSE; } } else { - g_message ("Unsupported option key '%s'", l->data); + g_message ("Unsupported option key '%s'", (const char *) l->data); } } g_list_free (keys); Index: b/src/nmea-gen.c =================================================================== --- a/src/nmea-gen.c +++ b/src/nmea-gen.c @@ -150,7 +150,7 @@ year -= 2000; - snprintf(utcdate, NMEA_UTC_SIZE, "%02d%02d%02d", day, month, year); + snprintf(utcdate, NMEA_UTC_SIZE, "%02d%02d%02d", (int)day, (int)month, (int)year); } } debian/patches/unused_var0000644000000000000000000000075711624751337012735 0ustar Description: Fix build failure with GCC 4.6 (-Wunused-but-set-variable) Author: Angel Abad Bug-Ubuntu: https://launchpad.net/bugs/831182 Forwarded: no Last-Update: 2011-08-23 --- a/gypsy/gypsy-time.c +++ b/gypsy/gypsy-time.c @@ -155,9 +155,9 @@ GValue *value, GParamSpec *pspec) { - GypsyTimePrivate *priv; + //GypsyTimePrivate *priv; - priv = GET_PRIVATE (object); + //priv = GET_PRIVATE (object); switch (prop_id) { case PROP_PATH: break; debian/patches/deprecated_g_type_init.patch0000644000000000000000000000345612131245062016334 0ustar Description: Drop deprecated g_type_init() call to fix FTBFS with current glib. Author: Martin Pitt Index: gypsy-0.8/src/main.c =================================================================== --- gypsy-0.8.orig/src/main.c 2009-08-06 12:28:12.000000000 +0200 +++ gypsy-0.8/src/main.c 2013-04-10 13:16:06.000000000 +0200 @@ -145,8 +145,6 @@ umask (022); - g_type_init (); - mainloop = g_main_loop_new (NULL, FALSE); conn = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error); Index: gypsy-0.8/examples/simple-gps-dbus.c =================================================================== --- gypsy-0.8.orig/examples/simple-gps-dbus.c 2009-08-03 12:41:42.000000000 +0200 +++ gypsy-0.8/examples/simple-gps-dbus.c 2013-04-10 13:16:31.738266720 +0200 @@ -122,7 +122,6 @@ DBusError error; GMainLoop *mainloop; - g_type_init (); conn = get_connection (); dbus_error_init (&error); Index: gypsy-0.8/examples/simple-gps-gypsy.c =================================================================== --- gypsy-0.8.orig/examples/simple-gps-gypsy.c 2009-08-03 12:41:42.000000000 +0200 +++ gypsy-0.8/examples/simple-gps-gypsy.c 2013-04-10 13:16:37.538267001 +0200 @@ -68,8 +68,6 @@ return 0; } - g_type_init (); - control = gypsy_control_get_default (); path = gypsy_control_create (control, argv[1], &error); if (path == NULL) { Index: gypsy-0.8/examples/simple-gps-satellites.c =================================================================== --- gypsy-0.8.orig/examples/simple-gps-satellites.c 2009-08-03 12:41:42.000000000 +0200 +++ gypsy-0.8/examples/simple-gps-satellites.c 2013-04-10 13:16:26.354266459 +0200 @@ -43,8 +43,6 @@ return 0; } - g_type_init (); - control = gypsy_control_get_default (); path = gypsy_control_create (control, argv[1], &error); if (path == NULL) { debian/patches/series0000644000000000000000000000022012314062313012017 0ustar unused_var cve-2011-0523.patch cve-2011-0524.patch deprecated_array.patch deprecated_g_type_init.patch format-security.patch message-cast.patch debian/patches/format-security.patch0000644000000000000000000000703412314063063014775 0ustar Description: Fix -Werror=format-security failures Author: Colin Watson Forwarded: no Last-Update: 2014-03-24 Index: b/src/gypsy-client.c =================================================================== --- a/src/gypsy-client.c +++ b/src/gypsy-client.c @@ -408,7 +408,7 @@ } } else { g_warning ("Read error: %s", g_strerror (errno)); - g_set_error (&error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (&error, GYPSY_ERROR, errno, g_strerror (errno)); } return TRUE; @@ -475,7 +475,7 @@ } } else { g_warning ("Read error: %s", g_strerror (errno)); - g_set_error (&error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (&error, GYPSY_ERROR, errno, g_strerror (errno)); } return TRUE; @@ -573,7 +573,7 @@ if (status != G_IO_STATUS_NORMAL) { g_warning ("GARMIN: Error writing \"Private Set Mode\" packet:\n%s", g_strerror (errno)); - g_set_error (&error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (&error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -600,7 +600,7 @@ if (status != G_IO_STATUS_NORMAL) { g_warning ("GARMIN: Error writing \"Start PVT Transfer\" packet:\n%s", g_strerror (errno)); - g_set_error (&error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (&error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -765,7 +765,7 @@ priv->fd = open (priv->device_path, O_RDWR | O_NOCTTY | O_NONBLOCK); if (priv->fd == -1) { g_warning ("Error opening device %s: %s", priv->device_path, g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -774,7 +774,7 @@ if (tcgetattr (priv->fd, &term) < 0) { g_warning ("Error getting term: %s", g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -784,7 +784,7 @@ if (tcsetattr (priv->fd, TCSAFLUSH, &term) < 0) { g_warning ("Error setting term: %s", g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } } @@ -824,7 +824,7 @@ if (status != G_IO_STATUS_NORMAL) { g_warning ("Error setting flags: %s", g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -833,7 +833,7 @@ if (status != G_IO_STATUS_NORMAL) { g_warning ("Error setting encoding: %s", g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); return FALSE; } @@ -863,7 +863,7 @@ } g_warning ("Error connecting: %s", g_strerror (errno)); - g_set_error (error, GYPSY_ERROR, errno, g_strerror (errno)); + g_set_error_literal (error, GYPSY_ERROR, errno, g_strerror (errno)); g_source_remove (priv->error_id); priv->error_id = 0; Index: b/src/main.c =================================================================== --- a/src/main.c +++ b/src/main.c @@ -113,7 +113,7 @@ #if GLIB_CHECK_VERSION(2, 14, 0) char *help; help = g_option_context_get_help (context, TRUE, NULL); - g_print (help); + g_print ("%s", help); g_free (help); #else g_printerr ("Cannot parse arguments: %s\n", error->message); debian/patches/cve-2011-0524.patch0000644000000000000000000001532211715304326013371 0ustar Author: Bastien Nocera Description: Prevent buffer overflows in NMEA parsing By using snprintf() instead of sprintf. Origin: upstream, https://bugs.freedesktop.org/show_bug.cgi?id=33431 diff --git a/src/nmea-gen.c b/src/nmea-gen.c index a8c2483..c52f925 100644 --- a/src/nmea-gen.c +++ b/src/nmea-gen.c @@ -54,6 +54,7 @@ #include "nmea-gen.h" #define NMEA_BUF_SIZE 256 +#define NMEASTC_BUF_SIZE 256 #define NMEA_LATLON_SIZE 16 #define NMEA_UTC_SIZE 16 @@ -121,7 +122,7 @@ void nmea_getutc(D800_Pvt_Data_Type *pvt, char *utctime, char *utcdate) { h = tmp / 3600; m = (tmp - h*3600) / 60; s = (tmp - h*3600 - m*60); - sprintf(utctime, "%02d%02d%02d", h, m, s); + snprintf(utctime, NMEA_UTC_SIZE, "%02d%02d%02d", h, m, s); } if (utcdate) { @@ -149,7 +150,7 @@ void nmea_getutc(D800_Pvt_Data_Type *pvt, char *utctime, char *utcdate) { year -= 2000; - sprintf(utcdate, "%02d%02d%02d", day, month, year); + snprintf(utcdate, NMEA_UTC_SIZE, "%02d%02d%02d", day, month, year); } } @@ -157,16 +158,16 @@ void nmea_fmtlat(double lat, char *latstr) { double latdeg, tmp; latdeg = rad2deg(fabs(lat)); tmp = floor(latdeg); - sprintf(latstr, "%02d%07.4f,%c", (int)tmp, (latdeg - tmp) * 60, - (lat >= 0) ? 'N' : 'S'); + snprintf(latstr, NMEA_LATLON_SIZE, "%02d%07.4f,%c", (int)tmp, (latdeg - tmp) * 60, + (lat >= 0) ? 'N' : 'S'); } void nmea_fmtlon(double lon, char *lonstr) { double londeg, tmp; londeg = rad2deg(fabs(lon)); tmp = floor(londeg); - sprintf(lonstr, "%03d%07.4f,%c", (int)tmp, (londeg - tmp) * 60, - (lon >= 0) ? 'E' : 'W'); + snprintf(lonstr, NMEA_LATLON_SIZE, "%03d%07.4f,%c", (int)tmp, (londeg - tmp) * 60, + (lon >= 0) ? 'E' : 'W'); } /* @@ -216,12 +217,12 @@ int nmea_gpgga(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { } } - sprintf(buf, "GPGGA,%s,%s,%s,%d,%02d,,%.1f,M,%.1f,M,,", utc, slat, slon, fix, nsat, - pvt->msl_hght + pvt->alt, -pvt->msl_hght); + snprintf(buf, NMEA_BUF_SIZE, "GPGGA,%s,%s,%s,%d,%02d,,%.1f,M,%.1f,M,,", utc, slat, slon, fix, nsat, + pvt->msl_hght + pvt->alt, -pvt->msl_hght); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -268,13 +269,13 @@ int nmea_gprmc(D800_Pvt_Data_Type *pvt, char *nmeastc) { g_lastcourse = course; /* remember for later */ } - sprintf(buf, "GPRMC,%s,%c,%s,%s,%05.1f,%05.1f,%s,,", utctime, - (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V', - slat, slon, speed, course, utcdate); + snprintf(buf, NMEA_BUF_SIZE, "GPRMC,%s,%c,%s,%s,%05.1f,%05.1f,%s,,", utctime, + (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V', + slat, slon, speed, course, utcdate); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -298,12 +299,12 @@ int nmea_gpgll(D800_Pvt_Data_Type *pvt, char *nmeastc) { /* longitude */ nmea_fmtlon(pvt->lon, slon); - sprintf(buf, "GPGLL,%s,%s,%s,%c", slat, slon, utctime, - (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V'); + snprintf(buf, NMEA_BUF_SIZE, "GPGLL,%s,%s,%s,%c", slat, slon, utctime, + (pvt->fix >= 2 && pvt->fix <= 5) ? 'A' : 'V'); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -334,7 +335,7 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { fprintf(stderr, "WARNING: unknown fix type %d\n", pvt->fix); } - sprintf(buf, "GPGSA,A,%d", fix); + snprintf(buf, NMEA_BUF_SIZE, "GPGSA,A,%d", fix); if (sat != NULL) { for (i = 0; i < SAT_MAX_COUNT; i++) { @@ -343,7 +344,7 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { #ifdef DEBUG g_debug ("%s: using sat %2d", __FUNCTION__, sat[i].svid); #endif - sprintf(buf+strlen(buf), ",%02d", sat[i].svid); + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf), ",%02d", sat[i].svid); nsat++; } else @@ -362,10 +363,10 @@ int nmea_gpgsa(D800_Pvt_Data_Type *pvt, cpo_sat_data *sat, char *nmeastc) { strcat(buf, ",,,,,,,,,,,,"); } - sprintf(buf+strlen(buf), ",,,"); // this should be DOP info + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf),",,,"); // this should be DOP info cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -386,9 +387,9 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { int nsat, i, nout, msgi; if (sat == NULL) { - sprintf(buf, "GPGSV,1,1,00"); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,1,1,00"); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); return 0; } @@ -417,15 +418,15 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { if (nsat == 0) { /* build a 'null' GPGSV string */ - sprintf(buf, "GPGSV,1,1,00"); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,1,1,00"); cksum = nmea_cksum(buf); - sprintf(nmeastc, "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc, NMEASTC_BUF_SIZE, "$%s*%02X\r\n", buf, cksum); } else { /* scan the array again and build the GPGSV string(s) of active sats */ nout = 0; msgi = 1; nmeastc[0] = 0; - sprintf(buf, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); for (i = 0; i < SAT_MAX_COUNT; i++) { if (((sat[i].status & SAT_STATUS_MASK) == SAT_STATUS_GOOD) && (sat[i].svid <= MAX_SAT_SVID)) { int snr; @@ -435,24 +436,24 @@ int nmea_gpgsv(cpo_sat_data *sat, char *nmeastc) { // else snr = sat[i].snr/100; /* empirically, this seems to be the correct factor */ - sprintf(buf+strlen(buf), ",%02d,%02d,%03d,%02d", - sat[i].svid, sat[i].elev, sat[i].azmth, snr); + snprintf(buf+strlen(buf), NMEA_BUF_SIZE - strlen(buf), ",%02d,%02d,%03d,%02d", + sat[i].svid, sat[i].elev, sat[i].azmth, snr); nout++; /* if we have accumulated a group of 4 sats, write out the string */ if (nout == 4) { cksum = nmea_cksum(buf); - sprintf(nmeastc+strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc+strlen(nmeastc), NMEASTC_BUF_SIZE - strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); msgi++; nout = 0; - sprintf(buf, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); + snprintf(buf, NMEA_BUF_SIZE, "GPGSV,%d,%d,%02d", (nsat-1)/4+1, msgi, nsat); } } } if (nout != 0) { cksum = nmea_cksum(buf); - sprintf(nmeastc+strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); + snprintf(nmeastc+strlen(nmeastc), NMEASTC_BUF_SIZE - strlen(nmeastc), "$%s*%02X\r\n", buf, cksum); } } -- 1.7.6.2 debian/patches/deprecated_array.patch0000644000000000000000000000264111715303206015135 0ustar Description: The new glib 2.32 deprecated GValueArray, use the replacements instead, Author: Andreas Moog Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45909 Forwarded: https://bugs.freedesktop.org/attachment.cgi?id=56888 Last-Update: <2012-02-10> Index: gypsy-0.8/gypsy/gypsy-satellite.c =================================================================== --- gypsy-0.8.orig/gypsy/gypsy-satellite.c 2012-02-10 21:35:32.000000000 +0100 +++ gypsy-0.8/gypsy/gypsy-satellite.c 2012-02-10 21:52:17.138846779 +0100 @@ -191,15 +191,15 @@ for (i = 0; i < sats->len; i++) { GypsySatelliteDetails *details; - GValueArray *vals = sats->pdata[i]; + GArray *vals = sats->pdata[i]; details = g_slice_new (GypsySatelliteDetails); - details->satellite_id = g_value_get_uint (g_value_array_get_nth (vals, 0)); - details->in_use = g_value_get_boolean (g_value_array_get_nth (vals, 1)); - details->elevation = g_value_get_uint (g_value_array_get_nth (vals, 2)); - details->azimuth = g_value_get_uint (g_value_array_get_nth (vals, 3)); - details->snr = g_value_get_uint (g_value_array_get_nth (vals, 4)); + details->satellite_id = g_array_index(vals,guint,0); + details->in_use = g_array_index(vals,gboolean,1); + details->elevation = g_array_index(vals,guint,2); + details->azimuth = g_array_index(vals,guint,3); + details->snr = g_array_index(vals,guint,4); g_ptr_array_add (satellites, details); } debian/compat0000644000000000000000000000000211411754314010365 0ustar 7 debian/control0000644000000000000000000000616711715273675010621 0ustar Source: gypsy Section: utils Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Linaro User Platforms Build-Depends: debhelper (>= 7.0.50~), dh-autoreconf, gtk-doc-tools, libbluetooth-dev, libglib2.0-dev, libdbus-glib-1-dev (>= 0.60), xsltproc Priority: optional Standards-Version: 3.8.4 Package: gypsy-daemon Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Section: utils Description: A GPS Multiplexing Daemon Gypsy is a GPS multiplexing daemon which allows multiple clients to access GPS data from multiple GPS sources concurrently. . Without some sort of multiplexing system, a GPS device can only safely be accessed by one client. In a server situation this may not cause any problems, but on modern desktop which could potentially have multiple location aware devices, this could be an issue. . Gypsy hides the tricky details of parsing NMEA from the client applications, passing the data as simple values for the clients to use. . Gypsy uses D-Bus to notify clients about location changes, sitting on the system bus, issuing signals as the GPS data changes. This design allows clients to only be notified about the changes they care about and ignore the rest. Gypsy has fine grained signals, so a client only interested in position changes will not be woken up for any other changes like, for example, satellite detail changes. . Gypsy is designed to be usable on all manner of systems, from low powered devices (such as Nokia N810 and Openmoko Neo) to regular high powered desktop systems. As the signals it emits are fine grained applications are woken up only when they absolutely need to be, keeping power requirements to a minimum. . Gypsy was designed to fix the numerous design flaws found in GPSD. . Included with Gypsy is libgypsy which is a GObject based C wrapper for the D-Bus API making writing clients very simple, although any language with D-Bus bindings can be used to write a Gypsy client (See simple-gps-python.py in the Gypsy sources for an example written in Python). Package: libgypsy0 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Section: libs Description: A GPS Multiplexing Daemon (Library Package) Gypsy is a GPS multiplexing daemon which allows multiple clients to access GPS data from multiple GPS sources concurrently. . This package ships the libraries for use of gypsy daemon Package: libgypsy-dev Architecture: any Depends: libgypsy0 (= ${binary:Version}), ${misc:Depends} Section: libdevel Description: A GPS Multiplexing Daemon (Development Package) Gypsy is a GPS multiplexing daemon which allows multiple clients to access GPS data from multiple GPS sources concurrently. . This package ships the library Development file of gypsy daemon Package: libgypsy-doc Architecture: any Depends: libgypsy0 (= ${binary:Version}), ${misc:Depends} Section: doc Description: A GPS Multiplexing Daemon (HTML API Docs) Gypsy is a GPS multiplexing daemon which allows multiple clients to access GPS data from multiple GPS sources concurrently. . This package ships the HTML API doc files. debian/changelog0000644000000000000000000000367312314063434011051 0ustar gypsy (0.8-0ubuntu7) trusty; urgency=medium * Fix -Werror=format-security and -Werror=format failures. -- Colin Watson Mon, 24 Mar 2014 17:10:51 +0000 gypsy (0.8-0ubuntu6) raring; urgency=low * Add deprecated_g_type_init.patch: Drop deprecated g_type_init() call to fix FTBFS with current glib. -- Martin Pitt Wed, 10 Apr 2013 13:15:13 +0200 gypsy (0.8-0ubuntu5) precise; urgency=low * Add default configuration file /etc/gypsy.conf -- Andreas Moog Tue, 14 Feb 2012 19:55:12 +0100 gypsy (0.8-0ubuntu4) precise; urgency=low * debian/patches/cve-2011-0523.patch: - SECURITY UPDATE: CVE-2011-0523: "arbitrary file access and buffer overflows" A new config file, /etc/gypsy.conf, is added that specifies a whitelist of globs. By default, they are "/dev/tty*", "/dev/pgps", and "bluetooth" (which matches Bluetooth addresses). Thanks to Michael Leibowitz * debian/patches/cve-2011-0524.patch: - SECURITY UPDATE: CVE-2011-0524 Prevent buffer overflows in NMEA parsing By using snprintf() instead of sprintf. Thanks to Bastien Nocera * debian/patches/ deprecated_array.patch: - Use GArray instead of GValueArray, which got deprecated in recent glib. This fixes a FTBFS -- Andreas Moog Fri, 10 Feb 2012 20:56:20 +0100 gypsy (0.8-0ubuntu3) oneiric; urgency=low * debian/patches/unused_var: - Fix build failure with GCC 4.6 (LP: #831182) -- Angel Abad Tue, 23 Aug 2011 18:16:00 +0200 gypsy (0.8-0ubuntu2) natty; urgency=low * debian/rules: Clean out dependency_libs from la-file (policy 10.2) -- Andreas Moog Mon, 04 Apr 2011 01:47:22 +0200 gypsy (0.8-0ubuntu1) maverick; urgency=low * Initial release for linaro/maverick -- Alexander Sack Mon, 28 Jun 2010 01:51:51 +0200 debian/gypsy-daemon.install0000644000000000000000000000021411716527015013174 0ustar /etc/gypsy.conf /etc/dbus-1/system.d/Gypsy.conf /usr/share/dbus-1/system-services/org.freedesktop.Gypsy.service /usr/lib/gypsy/gypsy-daemon