Hello community,
here is the log from the commit of package socat for openSUSE:Factory checked in at 2012-06-05 15:35:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/socat (Old)
and /work/SRC/openSUSE:Factory/.socat.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "socat", Maintainer is "meissner@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/socat/socat.changes 2011-12-25 17:41:55.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.socat.new/socat.changes 2012-06-05 15:35:25.000000000 +0200
@@ -1,0 +2,6 @@
+Fri May 25 14:15:08 UTC 2012 - meissner@suse.com
+
+- udapted to 1.7.2.1
+ security fix for READLINE bnc#759859
+
+-------------------------------------------------------------------
Old:
----
socat-1.7.2.0.tar.bz2
New:
----
socat-1.7.2.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ socat.spec ++++++
--- /var/tmp/diff_new_pack.kQkBx0/_old 2012-06-05 15:35:26.000000000 +0200
+++ /var/tmp/diff_new_pack.kQkBx0/_new 2012-06-05 15:35:26.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package socat
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2010 Pascal Bleser
#
# All modifications and additions to the file contributed by third parties
@@ -16,18 +16,19 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
Name: socat
BuildRequires: openssl-devel
BuildRequires: procps
BuildRequires: readline-devel
BuildRequires: tcpd-devel
-Version: 1.7.2.0
+Version: 1.7.2.1
Release: 0
Url: http://www.dest-unreach.org/socat/
Summary: Multipurpose relay for bidirectional data transfer
License: BSD-3-Clause ; GPL-2.0+
Group: Productivity/Networking/Other
-# 1.7.2.0: md5 eb563dd00b9d39a49fb62a677fc941fe
+# 1.7.2.1: md5 7ddfea7e9e85f868670f94d3ea08358b
Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ socat-1.7.2.0.tar.bz2 -> socat-1.7.2.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/CHANGES new/socat-1.7.2.1/CHANGES
--- old/socat-1.7.2.0/CHANGES 2011-12-05 19:21:33.000000000 +0100
+++ new/socat-1.7.2.1/CHANGES 2012-04-22 12:24:00.000000000 +0200
@@ -1,4 +1,17 @@
+####################### V 1.7.2.1:
+
+security:
+ fixed a possible heap buffer overflow in the readline address. This bug
+ could be exploited when all of the following conditions were met:
+ 1) one of the addresses is READLINE without the noprompt and without the
+ prompt options.
+ 2) the other (almost arbitrary address) reads malicious data (which is
+ then transferred by socat to READLINE).
+ Workaround: when using the READLINE address apply option prompt or
+ noprompt.
+ Full credits to Johan Thillemann for finding and reporting this issue.
+
####################### V 1.7.2.0:
corrections:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/COPYING new/socat-1.7.2.1/COPYING
--- old/socat-1.7.2.0/COPYING 2001-04-19 12:39:56.000000000 +0200
+++ new/socat-1.7.2.1/COPYING 2012-01-08 21:27:57.000000000 +0100
@@ -1,12 +1,12 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
- Preamble
+ Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
@@ -15,7 +15,7 @@
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.) You can apply it to
+the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
@@ -55,8 +55,8 @@
The precise terms and conditions for copying, distribution and
modification follow.
-
- GNU GENERAL PUBLIC LICENSE
+
+ GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
@@ -110,7 +110,7 @@
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
-
+
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
@@ -168,7 +168,7 @@
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
-
+
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
@@ -225,7 +225,7 @@
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
-
+
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
@@ -255,7 +255,7 @@
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
- NO WARRANTY
+ NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
@@ -277,9 +277,9 @@
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@
the "copyright" line and a pointer to where the full notice is found.
- Copyright (C) 19yy <name of author>
+ Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -303,16 +303,16 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
- Gnomovision version 69, Copyright (C) 19yy name of author
+ Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
@@ -335,5 +335,5 @@
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Library General
+library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/VERSION new/socat-1.7.2.1/VERSION
--- old/socat-1.7.2.0/VERSION 2011-12-04 15:15:01.000000000 +0100
+++ new/socat-1.7.2.1/VERSION 2012-04-22 12:24:29.000000000 +0200
@@ -1 +1 @@
-"1.7.2.0"
+"1.7.2.1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/doc/socat.html new/socat-1.7.2.1/doc/socat.html
--- old/socat-1.7.2.0/doc/socat.html 2011-12-05 22:13:56.000000000 +0100
+++ new/socat-1.7.2.1/doc/socat.html 2012-04-22 12:25:50.000000000 +0200
@@ -7,6 +7,24 @@
<h1>socat</h1>
<h2>Dec 2011</h2>
+<html><head>
+<link rev="made" href="mailto:socat@dest-unreach.org">
+</head>
+<body>
+<hr>
+<h1></h1>
+
+<html><head>
+<title><strong>socat</strong></title>
+<link rev="made" href="mailto:socat@dest-unreach.org">
+</head>
+<body>
+<hr>
+<h1><strong>socat</strong></h1>
+<h2> </h2>
+<h2>Dec 2011</h2>
+
+
<p>
<a name="CONTENTS"></a>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/test.sh new/socat-1.7.2.1/test.sh
--- old/socat-1.7.2.0/test.sh 2011-12-04 15:03:05.000000000 +0100
+++ new/socat-1.7.2.1/test.sh 2012-04-22 14:12:34.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/bash
# source: test.sh
-# Copyright Gerhard Rieger 2001-2011
+# Copyright Gerhard Rieger 2001-2012
# Published under the GNU General Public License V.2, see file COPYING
# perform lots of tests on socat
@@ -10465,7 +10465,7 @@
tdiff="$td/test$N.diff"
da="test$N $(date) $RANDOM"
# prepare long data - perl might not be installed
-rm -f "$td/terst$N.dat"
+rm -f "$td/test$N.dat"
i=0; while [ $i -lt 64 ]; do echo -n "AAAAAAAAAAAAAAAA" >>"$td/test$N.dat"; i=$((i+1)); done
CMD0="$SOCAT $opts TCP-CONNECT:$(cat "$td/test$N.dat"):$PORT STDIO"
printf "test $F_n $TEST... " $N
@@ -10776,6 +10776,47 @@
N=$((N+1))
+# socat up to 1.7.2.0 had a bug in xioscan_readline() that could be exploited
+# to overflow a heap based buffer (socat security advisory 3)
+# problem reported by Johan Thillemann
+NAME=READLINE_OVFL
+case "$TESTS" in
+*%functions%*|*%bugs%*|*%security%*|*%$NAME%*)
+TEST="$NAME: test for buffer overflow in readline prompt handling"
+# address 1 is the readline where write data was handled erroneous
+# address 2 provides data to trigger the buffer overflow
+# when no SIGSEGV or so occurs the test succeeded (bug fixed)
+if ! eval $NUMCOND; then :; else
+tf="$td/test$N.stdout"
+te="$td/test$N.stderr"
+ti="$td/test$N.data"
+CMD0="$SOCAT $opts READLINE $ti"
+printf "test $F_n $TEST... " $N
+# prepare long data - perl might not be installed
+#perl -e 'print "\r","Z"x513' >"$ti"
+echo $E -n "\rA" >"$ti"
+i=0; while [ $i -lt 32 ]; do echo -n "AAAAAAAAAAAAAAAA" >>"$ti"; let i=i+1; done
+$SOCAT - system:"$CMD0; echo rc=\$? >&2",pty >/dev/null 2>"${te}0"
+rc=$?
+rc0="$(grep ^rc= "${te}0" |sed 's/.*=//')"
+if [ $rc -ne 0 ]; then
+ $PRINTF "${YELLOW}framework failed${NORMAL}\n"
+elif [ $rc0 -eq 0 ]; then
+ $PRINTF "$OK\n"
+ numOK=$((numOK+1))
+else
+ $PRINTF "$FAILED\n"
+ echo "$CMD0"
+ grep -v ^rc= "${te}0"
+ numFAIL=$((numFAIL+1))
+fi
+fi # NUMCOND
+ ;;
+esac
+PORT=$((PORT+1))
+N=$((N+1))
+
+
###############################################################################
# here come tests that might affect your systems integrity. Put normal tests
# before this paragraph.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.0/xio-readline.c new/socat-1.7.2.1/xio-readline.c
--- old/socat-1.7.2.0/xio-readline.c 2011-12-04 14:21:29.000000000 +0100
+++ new/socat-1.7.2.1/xio-readline.c 2012-04-22 12:43:16.000000000 +0200
@@ -1,5 +1,5 @@
/* source: xio-readline.c */
-/* Copyright Gerhard Rieger 2002-2011 */
+/* Copyright Gerhard Rieger 2002-2012 */
/* Published under the GNU General Public License V.2, see file COPYING */
/* this file contains the source for opening the readline address */
@@ -214,25 +214,26 @@
if (pipe->dtype == XIODATA_READLINE && pipe->para.readline.dynprompt) {
/* we save the last part of the output as possible prompt */
const void *ptr = buff;
- const void *pcr = memrchr(buff, '\r', bytes);
- const void *plf = memrchr(buff, '\n', bytes);
+ const void *pcr;
+ const void *plf;
size_t len;
+
if (bytes > pipe->para.readline.dynbytes) {
ptr = (const char *)buff + bytes - pipe->para.readline.dynbytes;
+ len = pipe->para.readline.dynbytes;
+ } else {
+ len = bytes;
}
- if (pcr) {
- /* forget old prompt */
- pipe->para.readline.dynend = pipe->para.readline.dynprompt;
- /* new prompt starts here */
- ptr = (const char *)pcr+1;
- }
- if (plf && plf >= ptr) {
+ pcr = memrchr(ptr, '\r', len);
+ plf = memrchr(ptr, '\n', len);
+ if (pcr != NULL || plf != NULL) {
+ const void *peol = Max(pcr, plf);
/* forget old prompt */
pipe->para.readline.dynend = pipe->para.readline.dynprompt;
+ len -= (peol+1 - ptr);
/* new prompt starts here */
- ptr = (const char *)plf+1;
+ ptr = (const char *)peol+1;
}
- len = (const char *)buff-(const char *)ptr+bytes;
if (pipe->para.readline.dynend - pipe->para.readline.dynprompt + len >
pipe->para.readline.dynbytes) {
memmove(pipe->para.readline.dynprompt,
@@ -243,7 +244,6 @@
pipe->para.readline.dynprompt + pipe->para.readline.dynbytes - len;
}
memcpy(pipe->para.readline.dynend, ptr, len);
- /*pipe->para.readline.dynend = pipe->para.readline.dynprompt + len;*/
pipe->para.readline.dynend = pipe->para.readline.dynend + len;
}
return;
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org