pool/gammu
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 983881 from home:marxin:branches:hardware

Browse Source 
- Add fix-buffer-overflow-in-backup.patch in order to address
  https://github.com/gammu/gammu/issues/701.
- Use autosetup.

OBS-URL: https://build.opensuse.org/request/show/983881
OBS-URL: https://build.opensuse.org/package/show/hardware/gammu?expand=0&rev=58
This commit is contained in:
Martin Liška 2022-06-20 08:31:09 +00:00 committed by Git OBS Bridge
parent 2edee83e82
commit 5ac0e78b1c
3 changed files with 47 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
0001-Fix-buffer-overflow-in-Backup.Creator.patch Normal file
View File

@ -0,0 +1,36 @@
From ec7e2902c19a886578062979e2749372bfea0380 Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Mon, 20 Jun 2022 10:24:13 +0200
Subject: [PATCH] Fix buffer overflow in Backup.Creator
I noticed that while testing the upcoming GCC 12 with -D_FORTIFY_SOURCE=3:
here I have
$1 = 0x7ffff7f0f940 <Buffer.1.lto_priv.1> "Linux, kernel 5.16.14-1-default (#1 SMP PREEMPT Fri Mar 11 12:33:34 UTC 2022 (80acc65))"
(gdb) p (int)strlen(GetOS())
$3 = 87
so GetOS() returns 87 chars while:
include/gammu-backup.h: char Creator[80];
Fixes: #701
---
include/gammu-backup.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/gammu-backup.h b/include/gammu-backup.h
index e7fbc6e74..d5574ea7a 100644
--- a/include/gammu-backup.h
+++ b/include/gammu-backup.h
@@ -218,7 +218,7 @@ typedef struct {
/**
* Name of program which created backup
*/
- char Creator[80];
+ char Creator[512];
/**
* Timestamp of backup
*/
--
2.36.1

7
gammu.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon May 23 19:38:16 UTC 2022 - Martin Liška <mliska@suse.cz>
- Add fix-buffer-overflow-in-backup.patch in order to address
https://github.com/gammu/gammu/issues/701.
- Use autosetup.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 15 07:32:06 UTC 2021 - Johannes Segitz <jsegitz@suse.com> Fri Oct 15 07:32:06 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

10
gammu.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package gammu # spec file for package gammu
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -32,6 +32,7 @@ Patch2: 0001-Enable-fPIE-pie.patch
Patch3: 0001-Update-Python-scripts-to-Python-3.patch Patch3: 0001-Update-Python-scripts-to-Python-3.patch
Patch4: 0001-Docs-Adjust-attributes-order-to-avoid-bugs-in-breath.patch Patch4: 0001-Docs-Adjust-attributes-order-to-avoid-bugs-in-breath.patch
Patch5: harden_gammu-smsd.service.patch Patch5: harden_gammu-smsd.service.patch
Patch6: 0001-Fix-buffer-overflow-in-Backup.Creator.patch
BuildRequires: cmake >= 2.8 BuildRequires: cmake >= 2.8
BuildRequires: doxygen BuildRequires: doxygen
BuildRequires: gettext BuildRequires: gettext
@ -185,12 +186,7 @@ Currently supported phones include:
This package contains the Gammu SMS daemon shared library. This package contains the Gammu SMS daemon shared library.
%prep %prep
%setup -q %autosetup -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
# GPL-3.0 licensed files, bnc#775397 # GPL-3.0 licensed files, bnc#775397
rm -rf contrib/sms-gammu2android rm -rf contrib/sms-gammu2android