diff --git a/0001-Fix-buffer-overflow-in-Backup.Creator.patch b/0001-Fix-buffer-overflow-in-Backup.Creator.patch new file mode 100644 index 0000000..d56e55d --- /dev/null +++ b/0001-Fix-buffer-overflow-in-Backup.Creator.patch @@ -0,0 +1,36 @@ +From ec7e2902c19a886578062979e2749372bfea0380 Mon Sep 17 00:00:00 2001 +From: Martin Liska +Date: Mon, 20 Jun 2022 10:24:13 +0200 +Subject: [PATCH] Fix buffer overflow in Backup.Creator + +I noticed that while testing the upcoming GCC 12 with -D_FORTIFY_SOURCE=3: +here I have + +$1 = 0x7ffff7f0f940 "Linux, kernel 5.16.14-1-default (#1 SMP PREEMPT Fri Mar 11 12:33:34 UTC 2022 (80acc65))" +(gdb) p (int)strlen(GetOS()) +$3 = 87 +so GetOS() returns 87 chars while: + +include/gammu-backup.h: char Creator[80]; + +Fixes: #701 +--- + include/gammu-backup.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/gammu-backup.h b/include/gammu-backup.h +index e7fbc6e74..d5574ea7a 100644 +--- a/include/gammu-backup.h ++++ b/include/gammu-backup.h +@@ -218,7 +218,7 @@ typedef struct { + /** + * Name of program which created backup + */ +- char Creator[80]; ++ char Creator[512]; + /** + * Timestamp of backup + */ +-- +2.36.1 + diff --git a/gammu.changes b/gammu.changes index b707733..30b251b 100644 --- a/gammu.changes +++ b/gammu.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon May 23 19:38:16 UTC 2022 - Martin Liška + +- Add fix-buffer-overflow-in-backup.patch in order to address + https://github.com/gammu/gammu/issues/701. +- Use autosetup. + ------------------------------------------------------------------- Fri Oct 15 07:32:06 UTC 2021 - Johannes Segitz diff --git a/gammu.spec b/gammu.spec index 904de70..06c0175 100644 --- a/gammu.spec +++ b/gammu.spec @@ -1,7 +1,7 @@ # # spec file for package gammu # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,7 +31,8 @@ Patch1: gammu-remove-gplv3-files.patch Patch2: 0001-Enable-fPIE-pie.patch Patch3: 0001-Update-Python-scripts-to-Python-3.patch Patch4: 0001-Docs-Adjust-attributes-order-to-avoid-bugs-in-breath.patch -Patch5: harden_gammu-smsd.service.patch +Patch5: harden_gammu-smsd.service.patch +Patch6: 0001-Fix-buffer-overflow-in-Backup.Creator.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: gettext @@ -185,12 +186,7 @@ Currently supported phones include: This package contains the Gammu SMS daemon shared library. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 +%autosetup -p1 # GPL-3.0 licensed files, bnc#775397 rm -rf contrib/sms-gammu2android