head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.10 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.8 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.6 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.4 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.2 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.3.0.2 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.2.0.8 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.6 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.4 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.2 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.1.0.14 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.12 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.10 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.8 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.6 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.4 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.2 pkgsrc-2006Q2-base:1.1; locks; strict; comment @# @; 1.4 date 2009.02.11.01.05.25; author gdt; state dead; branches; next 1.3; 1.3 date 2008.10.24.13.25.50; author gdt; state Exp; branches; next 1.2; 1.2 date 2008.01.15.00.58.18; author gdt; state dead; branches; next 1.1; 1.1 date 2006.04.20.15.28.00; author joerg; state Exp; branches; next ; desc @@ 1.4 log @Update to 2.38. patch-ac and patch-ad (security fix to listen only on localhost) were merged upstream. * Tue Feb 10 Eric S. Raymond - 2.38 Regression test load for RoyalTek RGM3800 and Blumax GPS-009 added. Scaling on E error-estimate fields fixed to match O. Listen on localhost only by default to avoid security problems; this can be overridden with the -G command-line option. The packet-state machine can now recognize RTCM3 packets, though support is not yet complete. Added support for ublox5 and mkt-3301 devices. Add a wrapper around gpsd_hexdump to save CPU. Lots of little fixes to various packet parsers. Always keep the device open: "-n" is not optional any more. xgpsspeed no longer depends on Motif. gpsctl can now ship arbitrary payloads to a device. It's possible to send binary through the control channel with the new "&" command. Experimental new driver for Novatel SuperStarII. The 'g' mode switch command now requires, and returns, 'rtcm104v2' rather than 'rtcm104'; this is design forward for when RTCM104v2 is fully working. @ text @$NetBSD: patch-ac,v 1.3 2008/10/24 13:25:50 gdt Exp $ Don't expose position via INADDR_ANY by default. Security fix for http://developer.berlios.de/bugs/?func=detailbug&bug_id=14707&group_id=2116 --- gpsd.c.orig 2008-01-28 15:04:33.000000000 -0500 +++ gpsd.c @@@@ -86,6 +86,7 @@@@ static fd_set all_fds; static int maxfd; static int debuglevel; +static bool listen_global = false; static bool in_background = false; static bool nowait = false; static jmp_buf restartbuf; @@@@ -230,7 +231,10 @@@@ static int passivesock(char *service, ch /*@@ -mustfreefresh @@*/ memset((char *) &sin, 0, sizeof(sin)); /*@@i1@@*/sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; + if (listen_global) + sin.sin_addr.s_addr = htonl(INADDR_ANY); + else + sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); if ((pse = getservbyname(service, protocol))) sin.sin_port = htons(ntohs((in_port_t)pse->s_port)); @@@@ -1271,7 +1275,7 @@@@ int main(int argc, char *argv[]) (void)setlocale(LC_NUMERIC, "C"); #endif debuglevel = 0; - while ((option = getopt(argc, argv, "F:D:S:bhNnP:V" + while ((option = getopt(argc, argv, "F:D:S:bhNnP:VG" #ifdef RTCM104_SERVICE "R:" #endif /* RTCM104_SERVICE */ @@@@ -1280,6 +1284,8 @@@@ int main(int argc, char *argv[]) case 'D': debuglevel = (int) strtol(optarg, 0, 0); break; + case 'G': + listen_global = true; case 'F': control_socket = optarg; break; @ 1.3 log @Security fix: by default, only listen on INADDR_LOOPBACK, so that position is only provided on on-machine clients. Previously, gpsd listened on INADDR_ANY, providing position of the computer to any host that asked. (The fix is in upstream bugzilla, with link in patches/patch-ac.) @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 2.36. Note that python programs are no longer installed. - Integrated Garmin Simple Text Protocol driver from Peter Slansky. Minor fixes in error modeling and a better NaN guard stabilize the Trimble regression tests. Remove the wired-in NTP time offset from the NMEA driver, this could only have worked by accident and should be set in ntpd.conf. Integrated Ashtech driver from Chris Kuethe. - Navcom driver merged. Removed -d -f and -p options of gpsd; these have been undocumented for a while. Make gpsd play well with pkgconfig. Incorrect computation of VDOP when GPSes didn't supply it has been fixed. The xgps code has been revamped and now has a much nicer interface. Add -b (no-configuration) option as a sadly clumsy workaround for some problems with Bluetooth receivers. Added tests for Haicom-305N and Pharos 360; separated out the tests for the unstable Trimble drivers. 32-vs-64-bit problems in the regression tests have been solved. - Fix for byte-swapping of Zodiac control messages on big-endian hardware. Disable iTalk by default and note that it needs to be tested. Command line arguments can now be DGPSIP or NTRIP URLs; -d is deprecated. Added udev rules. Address excessive processor and memory utilization on SBCs; it's now possible to configure compile-time limits on the number of devices and client sessions. Eliminate use of fuser(1) in gpsfake. Get gpsd working with EarthMates again, this had been broken since 2.15. Massive string safety audit and OpenBSD port by Chris Kuethe. J command added. The gpsctl and gpscat tools and the gpsd.phps script were added. Switched to lesstif from openmotif. Better autodetection of DLE-led packet protocols (notably TSIP and Garmin binary) and of SiRFStar I and III devices. Fixed buggy parsing and generation of PGRME. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 2006/04/20 15:28:00 joerg Exp $ d3 22 a24 4 --- gpspipe.c.orig 2006-04-20 15:17:54.000000000 +0000 +++ gpspipe.c @@@@ -25,7 +25,8 @@@@ */ d26 20 a45 7 +#include +#include #include #include -#include #include #include @ 1.1 log @Fix pthread detection. Fix compilation on DragonFly. @ text @d1 1 a1 1 $NetBSD$ @