update to 20140127gitf2753b
This commit is contained in:
parent
f8d5e9ad38
commit
48a3b2f5f6
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@
|
||||
/gpsd-3.8.tar.gz
|
||||
/gpsd-3.9.tar.gz
|
||||
/gpsd-3.10.tar.gz
|
||||
/gpsd-20140127gitf2753b.tar.gz
|
||||
|
@ -1,25 +0,0 @@
|
||||
commit 14ad8ddef480df52e090bfea65b4ae081c241506
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Fri Nov 22 18:19:42 2013 +0100
|
||||
|
||||
Set time stamp in chrony SOCK sample correctly.
|
||||
|
||||
The tv field should be the local time when was the sample received, not
|
||||
the reference time. Otherwise the sample could be ignored as coming from
|
||||
future.
|
||||
|
||||
Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
|
||||
|
||||
diff --git a/ntpshm.c b/ntpshm.c
|
||||
index 109e4ea..fe8e450 100644
|
||||
--- a/ntpshm.c
|
||||
+++ b/ntpshm.c
|
||||
@@ -351,7 +351,7 @@ static void chrony_send(struct gps_device_t *session, struct timedrift_t *td)
|
||||
sample.leap = session->context->leap_notify;
|
||||
sample.magic = SOCK_MAGIC;
|
||||
/*@-type@*//* splint is confused about struct timespec */
|
||||
- TSTOTV(&sample.tv, &td->real);
|
||||
+ TSTOTV(&sample.tv, &td->clock);
|
||||
/*@-compdef@*/
|
||||
sample.offset = timespec_diff_ns(td->real, td->clock) / 1e9;
|
||||
/*@+compdef@*/
|
@ -1,30 +0,0 @@
|
||||
commit 0583730e98906f9c779f8705138adb2572d305c2
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Fri Nov 22 18:19:40 2013 +0100
|
||||
|
||||
Allow multiple options in LINKFLAGS.
|
||||
|
||||
Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
|
||||
|
||||
diff --git a/SConstruct b/SConstruct
|
||||
index b7627e7..4332fe4 100644
|
||||
--- a/SConstruct
|
||||
+++ b/SConstruct
|
||||
@@ -239,7 +239,7 @@ env['PYTHON'] = sys.executable
|
||||
env['STRIP'] = "strip"
|
||||
env['PKG_CONFIG'] = "pkg-config"
|
||||
env['CHRPATH'] = 'chrpath'
|
||||
-for i in ["AR", "ARFLAGS", "CCFLAGS", "CFLAGS", "CC", "CXX", "CXXFLAGS", "STRIP", "PKG_CONFIG", "CHRPATH", "LD", "TAR"]:
|
||||
+for i in ["AR", "ARFLAGS", "CCFLAGS", "CFLAGS", "CC", "CXX", "CXXFLAGS", "LINKFLAGS", "STRIP", "PKG_CONFIG", "CHRPATH", "LD", "TAR"]:
|
||||
if os.environ.has_key(i):
|
||||
j = i
|
||||
if i == "LD":
|
||||
@@ -248,7 +248,7 @@ for i in ["AR", "ARFLAGS", "CCFLAGS", "CFLAGS", "CC", "CXX", "CXXFLAGS", "STRIP"
|
||||
env.Replace(**{j: Split(os.getenv(i))})
|
||||
else:
|
||||
env.Replace(**{j: os.getenv(i)})
|
||||
-for flag in ["LDFLAGS", "LINKFLAGS", "SHLINKFLAGS", "CPPFLAGS"]:
|
||||
+for flag in ["LDFLAGS", "SHLINKFLAGS", "CPPFLAGS"]:
|
||||
if os.environ.has_key(flag):
|
||||
env.MergeFlags({flag : [os.getenv(flag)]})
|
||||
|
@ -1,99 +0,0 @@
|
||||
commit a128248dbcab3d15da72bdc77c53cbde8de0baa1
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Fri Nov 22 18:19:43 2013 +0100
|
||||
|
||||
Don't keep cap_sys_time capability.
|
||||
|
||||
It's not necessary to keep the capability since time_pps_setparams is
|
||||
called before root privileges are dropped.
|
||||
|
||||
Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
|
||||
|
||||
diff --git a/SConstruct b/SConstruct
|
||||
index 4332fe4..c5120ae 100644
|
||||
--- a/SConstruct
|
||||
+++ b/SConstruct
|
||||
@@ -455,7 +455,6 @@ if env.GetOption("clean") or env.GetOption("help"):
|
||||
rtlibs = []
|
||||
usblibs = []
|
||||
bluezlibs = []
|
||||
- caplibs = []
|
||||
ncurseslibs = []
|
||||
confdefs = []
|
||||
manbuilder = False
|
||||
@@ -558,14 +557,6 @@ else:
|
||||
confdefs.append("/* #undef HAVE_LIBRT */\n")
|
||||
rtlibs = []
|
||||
|
||||
- if config.CheckLib('libcap'):
|
||||
- confdefs.append("#define HAVE_LIBCAP 1\n")
|
||||
- # System library - no special flags
|
||||
- caplibs = ["-lcap"]
|
||||
- else:
|
||||
- confdefs.append("/* #undef HAVE_LIBCAP */\n")
|
||||
- caplibs = []
|
||||
-
|
||||
if env['dbus_export'] and config.CheckPKG('dbus-1'):
|
||||
confdefs.append("#define HAVE_DBUS 1\n")
|
||||
dbus_libs = pkg_config('dbus-1')
|
||||
@@ -957,7 +948,7 @@ if qt_env:
|
||||
# The libraries have dependencies on system libraries
|
||||
|
||||
gpslibs = ["-lgps", "-lm"]
|
||||
-gpsdlibs = ["-lgpsd"] + usblibs + bluezlibs + gpslibs + caplibs
|
||||
+gpsdlibs = ["-lgpsd"] + usblibs + bluezlibs + gpslibs
|
||||
|
||||
|
||||
# We need to be able to make a static client library for ad-hoc testing.
|
||||
diff --git a/gpsd.c b/gpsd.c
|
||||
index 76d1850..d7fce5f 100644
|
||||
--- a/gpsd.c
|
||||
+++ b/gpsd.c
|
||||
@@ -44,11 +44,6 @@
|
||||
|
||||
#include "gpsd_config.h"
|
||||
|
||||
-#if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S)
|
||||
-#include <sys/capability.h>
|
||||
-#include <sys/prctl.h>
|
||||
-#endif /* HAVE_LIBCAP */
|
||||
-
|
||||
#include "gpsd.h"
|
||||
#include "sockaddr.h"
|
||||
#include "gps_json.h"
|
||||
@@ -2039,13 +2034,6 @@ int main(int argc, char *argv[])
|
||||
struct passwd *pw;
|
||||
struct stat stb;
|
||||
|
||||
-#if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S)
|
||||
- /* set flag: keep privileges across setuid() call */
|
||||
- if (prctl(PR_SET_KEEPCAPS, 1L, 0L, 0L, 0L) == -1)
|
||||
- gpsd_report(context.debug, LOG_ERR,
|
||||
- "prctl(PR_SET_KEEPCAPS, 1L ) failed\n");
|
||||
-#endif /* HAVE_LIBCAP */
|
||||
-
|
||||
/* make default devices accessible even after we drop privileges */
|
||||
for (i = optind; i < argc; i++)
|
||||
/* coverity[toctou] */
|
||||
@@ -2091,21 +2079,6 @@ int main(int argc, char *argv[])
|
||||
"setuid() failed, errno %s\n",
|
||||
strerror(errno));
|
||||
/*@+type@*/
|
||||
-
|
||||
- #if defined(HAVE_LIBCAP) && !defined(S_SPLINT_S)
|
||||
- /* drop root capabilities, except CAP_SYS_TIME for 1PPS support */
|
||||
- {
|
||||
- cap_t caps = cap_from_text("cap_sys_time=pe");
|
||||
-
|
||||
- if (!caps)
|
||||
- gpsd_report(context.debug, LOG_ERR, "cap_from_text() failed.\n");
|
||||
- else if (cap_set_proc(caps) == -1) {
|
||||
- gpsd_report(context.debug, LOG_ERR,
|
||||
- "cap_set_proc() failed to drop root privs\n");
|
||||
- cap_free(caps);
|
||||
- }
|
||||
- }
|
||||
-#endif /* HAVE_LIBCAP */
|
||||
}
|
||||
gpsd_report(context.debug, LOG_INF,
|
||||
"running with effective group ID %d\n", getegid());
|
@ -1,23 +0,0 @@
|
||||
commit c3f7db262c8e2e615dae9c3db6f0385bddc48df2
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Fri Nov 22 18:19:41 2013 +0100
|
||||
|
||||
Drop also supplementary groups when dropping privileges.
|
||||
|
||||
Signed-off-by: Eric S. Raymond <esr@thyrsus.com>
|
||||
|
||||
diff --git a/gpsd.c b/gpsd.c
|
||||
index c77f684..76d1850 100644
|
||||
--- a/gpsd.c
|
||||
+++ b/gpsd.c
|
||||
@@ -2059,6 +2059,10 @@ int main(int argc, char *argv[])
|
||||
* of any compromises in the code. It requires that all GPS
|
||||
* devices have their group read/write permissions set.
|
||||
*/
|
||||
+ if (setgroups(0, NULL) != 0)
|
||||
+ gpsd_report(context.debug, LOG_ERROR,
|
||||
+ "setgroups() failed, errno %s\n",
|
||||
+ strerror(errno));
|
||||
/*@-type@*/
|
||||
#ifdef GPSD_GROUP
|
||||
{
|
18
gpsd.spec
18
gpsd.spec
@ -1,4 +1,5 @@
|
||||
%global _hardened_build 1
|
||||
%global gitrev 20140127gitf2753b
|
||||
|
||||
Name: gpsd
|
||||
Version: 3.10
|
||||
@ -8,18 +9,11 @@ Summary: Service daemon for mediating access to a GPS
|
||||
Group: System Environment/Daemons
|
||||
License: BSD
|
||||
URL: http://catb.org/gpsd/
|
||||
Source0: http://download.savannah.gnu.org/releases/gpsd/%{name}-%{version}.tar.gz
|
||||
#Source0: http://download.savannah.gnu.org/releases/gpsd/%{name}-%{version}.tar.gz
|
||||
Source0: gpsd-%{gitrev}.tar.gz
|
||||
Source10: gpsd.service
|
||||
Source11: gpsd.sysconfig
|
||||
Source12: gpsdctl.service
|
||||
# PPS seems to be working without cap_sys_time
|
||||
Patch1: gpsd-nolibcap.patch
|
||||
# allow multiple options in LINKFLAGS
|
||||
Patch2: gpsd-linkflags.patch
|
||||
# set time stamp in chrony SOCK sample correctly
|
||||
Patch3: gpsd-chronyts.patch
|
||||
# drop also supplementary groups when dropping privileges
|
||||
Patch4: gpsd-setgroups.patch
|
||||
|
||||
BuildRequires: dbus-devel dbus-glib-devel ncurses-devel xmlto python-devel
|
||||
BuildRequires: scons desktop-file-utils bluez-libs-devel pps-tools-devel
|
||||
@ -81,11 +75,7 @@ can run on a serial terminal or terminal emulator.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1 -b .nolibcap
|
||||
%patch2 -p1 -b .linkflags
|
||||
%patch3 -p1 -b .chronyts
|
||||
%patch4 -p1 -b .setgroups
|
||||
%setup -q -n %{name}
|
||||
|
||||
%build
|
||||
export CCFLAGS="%{optflags}"
|
||||
|
Loading…
Reference in New Issue
Block a user