diff --git a/gpsd-3.23.1.tar.xz b/gpsd-3.23.1.tar.xz new file mode 100644 index 0000000..280c94d --- /dev/null +++ b/gpsd-3.23.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ca2c466df783c57b8a07ad3f5c67943186d05befdc377de938ed111d1358a8c1 +size 3450632 diff --git a/gpsd-3.23.1.tar.xz.sig b/gpsd-3.23.1.tar.xz.sig new file mode 100644 index 0000000..74994e6 Binary files /dev/null and b/gpsd-3.23.1.tar.xz.sig differ diff --git a/gpsd-3.23.tar.xz b/gpsd-3.23.tar.xz deleted file mode 100644 index 2e6df78..0000000 --- a/gpsd-3.23.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e36429b9f6fc42004894dff3dc4453f5b43f95af8533b96d3d135987418da9df -size 3442744 diff --git a/gpsd-3.23.tar.xz.sig b/gpsd-3.23.tar.xz.sig deleted file mode 100644 index 10edb98..0000000 Binary files a/gpsd-3.23.tar.xz.sig and /dev/null differ diff --git a/gpsd.changes b/gpsd.changes index 10ee8ae..d1f6b0c 100644 --- a/gpsd.changes +++ b/gpsd.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Mon Sep 27 10:44:40 UTC 2021 - Dirk Stoecker + +- Set ProtectClock to false or gpsd will not start + +------------------------------------------------------------------- +Wed Sep 22 17:29:34 UTC 2021 - Arjen de Korte + +- Don't use gpsd version in patches (will break with every update) + % harden_gpsd.service.patch + % harden_gpsdctl@.service.patch + +------------------------------------------------------------------- +Wed Sep 22 07:07:20 UTC 2021 - Arjen de Korte + +- Update to version 3.23.1 + * Improve ubx cycle detection. + * Add quirks for Jackson Labs nonstandard NMEA + * Change STATUS_NO_FIX to STATUS_UNK to avoid confusion with fix + mode. + * Change STATUS_FIX to STATUS_GPS to avoid confusion with fix + mode. + * Change STATUS_DGPS_FIX to STATUS_DGPS to avoid confusion with + fix mode. + * Split SOURCE_ACM from SOURCE_USB. ACM has no speeds. + * Add speeds 1 mbps, 1.152 mbps, 1.5 mbps, and higher. When libc + supports them. + * Improve autobaud. + * Add new u-blox M10 messages. + * Fix u-blox M6, M7 initialization issues. + * Various ubxtool and gpxlogger updates. + * Add mtk3301_speed_switcher() + * No API, ABI changes. + * Fallback to "python3" if "python" not found. + +------------------------------------------------------------------- +Mon Sep 20 15:34:40 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_gpsd.service.patch + * harden_gpsdctl@.service.patch + ------------------------------------------------------------------- Sat Aug 7 03:32:40 UTC 2021 - Arjen de Korte @@ -723,4 +765,3 @@ Sun Dec 17 13:21:22 CEST 2006 - anschneider@suse.de Mon Jun 05 10:44:57 CEST 2006 - anschneider@suse.de - Initial package - diff --git a/gpsd.spec b/gpsd.spec index 70f0a75..e873b41 100644 --- a/gpsd.spec +++ b/gpsd.spec @@ -22,7 +22,7 @@ %define _udevdir %(pkg-config --variable udevdir udev) %bcond_without python2 Name: gpsd -Version: 3.23 +Version: 3.23.1 Release: 0 Summary: Service daemon for mediating access to a GPS License: BSD-3-Clause @@ -34,6 +34,8 @@ Source2: udev.gpsd Source3: sysconfig.gpsd Source98: https://download-mirror.savannah.gnu.org/releases/gpsd/%{name}-%{version}.tar.xz.sig Source99: %{name}.keyring +Patch0: harden_gpsd.service.patch +Patch1: harden_gpsdctl@.service.patch BuildRequires: chrpath BuildRequires: fdupes BuildRequires: gcc-c++ @@ -163,10 +165,17 @@ can run on a serial terminal or terminal emulator. %if %{with python2} mkdir -p %{name}-%{version}/python2 tar -xf %{SOURCE0} -C %{name}-%{version}/python2 +pushd %{name}-%{version}/python2/%{name}-%{version} +%patch0 +%patch1 +popd %endif mkdir -p %{name}-%{version}/python3 tar -xf %{SOURCE0} -C %{name}-%{version}/python3 -cd %{name}-%{version} +pushd %{name}-%{version}/python3/%{name}-%{version} +%patch0 +%patch1 +popd %build # LTO fails on aarch64 (version 3.22, May 2021) diff --git a/harden_gpsd.service.patch b/harden_gpsd.service.patch new file mode 100644 index 0000000..0c30855 --- /dev/null +++ b/harden_gpsd.service.patch @@ -0,0 +1,23 @@ +Index: systemd/gpsd.service.in +=================================================================== +--- systemd/gpsd.service.in ++++ systemd/gpsd.service.in +@@ -5,6 +5,18 @@ Requires=gpsd.socket + After=chronyd.service + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectClock=false ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=forking + EnvironmentFile=-/etc/default/gpsd + EnvironmentFile=-/etc/sysconfig/gpsd diff --git a/harden_gpsdctl@.service.patch b/harden_gpsdctl@.service.patch new file mode 100644 index 0000000..65a9d00 --- /dev/null +++ b/harden_gpsdctl@.service.patch @@ -0,0 +1,23 @@ +Index: systemd/gpsdctl@.service.in +=================================================================== +--- systemd/gpsdctl@.service.in ++++ systemd/gpsdctl@.service.in +@@ -5,6 +5,18 @@ BindsTo=dev-%i.device + After=dev-%i.device + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++ProtectHostname=true ++ProtectClock=false ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=oneshot + Environment="GPSD_SOCKET=@RUNDIR@/gpsd.sock" + EnvironmentFile=-/etc/default/gpsd