Hello community, here is the log from the commit of package socat for openSUSE:Factory checked in at 2014-03-06 19:29:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/socat (Old) and /work/SRC/openSUSE:Factory/.socat.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "socat" Changes: -------- --- /work/SRC/openSUSE:Factory/socat/socat.changes 2013-06-05 13:13:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.socat.new/socat.changes 2014-03-06 19:29:36.000000000 +0100 @@ -1,0 +2,14 @@ +Mon Mar 3 19:35:45 UTC 2014 - andreas.stieger@gmx.de + +- mention patch in changelog entry, annotate patch + +------------------------------------------------------------------- +Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org + +- update to 1.7.2.3: security fix: + * CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer + overflow with data from command line (see socat-secadv5.txt) +- added esocat-remove_date.patch to prevent unneccessary rebuilds, + fixes W: file-contains-date-and-time + +------------------------------------------------------------------- Old: ---- socat-1.7.2.2.tar.bz2 New: ---- socat-1.7.2.3.tar.bz2 socat-remove_date.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ socat.spec ++++++ --- /var/tmp/diff_new_pack.M116w4/_old 2014-03-06 19:29:37.000000000 +0100 +++ /var/tmp/diff_new_pack.M116w4/_new 2014-03-06 19:29:37.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package socat # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -22,7 +22,7 @@ BuildRequires: procps BuildRequires: readline-devel BuildRequires: tcpd-devel -Version: 1.7.2.2 +Version: 1.7.2.3 Release: 0 Url: http://www.dest-unreach.org/socat/ Summary: Multipurpose relay for bidirectional data transfer @@ -30,6 +30,7 @@ Group: Productivity/Networking/Other # 1.7.2.1: md5 7ddfea7e9e85f868670f94d3ea08358b Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2 +Patch1: socat-remove_date.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -42,6 +43,7 @@ %prep %setup +%patch1 -p1 %build export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing" @@ -65,6 +67,6 @@ %{_bindir}/socat %{_bindir}/procan %{_bindir}/filan -%{_mandir}/man1/socat.1%{ext_man} +%{_mandir}/man1/socat.1* %changelog ++++++ socat-1.7.2.2.tar.bz2 -> socat-1.7.2.3.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/CHANGES new/socat-1.7.2.3/CHANGES --- old/socat-1.7.2.2/CHANGES 2013-03-25 17:36:42.000000000 +0100 +++ new/socat-1.7.2.3/CHANGES 2014-01-28 18:39:01.000000000 +0100 @@ -1,4 +1,11 @@ +####################### V 1.7.2.3: + +security: + CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer + overflow with data from command line (see socat-secadv5.txt) + Credits to Florian Weimer of the Red Hat Product Security Team + ####################### V 1.7.2.2: security: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/VERSION new/socat-1.7.2.3/VERSION --- old/socat-1.7.2.2/VERSION 2013-03-25 17:42:07.000000000 +0100 +++ new/socat-1.7.2.3/VERSION 2014-01-28 18:39:01.000000000 +0100 @@ -1 +1 @@ -"1.7.2.2" +"1.7.2.3" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/test.sh new/socat-1.7.2.3/test.sh --- old/socat-1.7.2.2/test.sh 2013-03-22 07:43:41.000000000 +0100 +++ new/socat-1.7.2.3/test.sh 2014-01-28 18:39:01.000000000 +0100 @@ -49,6 +49,9 @@ #SOCAT_EGD="egd=/dev/egd-pool" MISCDELAY=1 [ -z "$SOCAT" ] && SOCAT="./socat" +if [ ! -x "$SOCAT" ]; then + echo "$SOCAT does not exist" >&2; exit 1; +fi [ -z "$PROCAN" ] && PROCAN="./procan" [ -z "$FILAN" ] && FILAN="./filan" opts="$opt_t $OPTS" @@ -10876,6 +10879,56 @@ PORT=$((PORT+1)) N=$((N+1)) + +if false; then # this overflow is not reliably reproducable +# socat up to 2.0.0-b6 did not check the length of the PROXY-CONNECT command line paramters when copying them into the HTTP request buffer. This could lead to a buffer overflow. +NAME=PROXY_ADDR_OVFL +case "$TESTS" in +*%functions%*|*%bugs%*|*%security%*|*%socket%*|*%$NAME%*) +TEST="$NAME: proxy address parameters overflow" +# invoke socat PROXY-CONNECT with long proxy server and target server names. If it terminates with exit code >= 128 it is vulnerable +# However, even if vulnerable it often does not crash. Therefore we try to use a boundary check program like ElectricFence; only with its help we can tell that clean run proofs absence of vulnerability +if ! eval $NUMCOND; then :; else +tf="$td/test$N.stdout" +te="$td/test$N.stderr" +tdiff="$td/test$N.diff" +da="test$N $(date) $RANDOM" +EF=; for p in ef; do + if type ef >/dev/null 2>&1; then + EF="ef "; break + fi +done +CMD0="$SOCAT $opts TCP-LISTEN:$PORT,reuseaddr FILE:/dev/null" +#CMD1="$EF $SOCAT $opts FILE:/dev/null PROXY-CONNECT:$(perl -e "print 'A' x 256"):$(perl -e "print 'A' x 256"):80" +CMD1="$EF $SOCAT $opts FILE:/dev/null PROXY-CONNECT:localhost:$(perl -e "print 'A' x 384"):80,proxyport=$PORT" +printf "test $F_n $TEST... " $N +$CMD0 >/dev/null 2>"${te}0" & +pid0=$! +waittcp4port $PORT 1 +$CMD1 >/dev/null 2>"${te}1" +rc1=$? +if [ $rc1 -lt 128 ]; then + if [ "$EF" ]; then + $PRINTF "$OK\n" + numOK=$((numOK+1)) + else + $PRINTF "$UNKNOWN $RED(install ElectricFEnce!)$NORMAL\n" + numCANT=$((num+1)) + fi +else + $PRINTF "$FAILED\n" + echo "$CMD1" + cat "${te}" + numFAIL=$((numFAIL+1)) +fi +fi # NUMCOND + ;; +esac +PORT=$((PORT+1)) +N=$((N+1)) +fi # false + + ############################################################################### # here come tests that might affect your systems integrity. Put normal tests # before this paragraph. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/xio-proxy.c new/socat-1.7.2.3/xio-proxy.c --- old/socat-1.7.2.2/xio-proxy.c 2011-12-06 08:45:03.000000000 +0100 +++ new/socat-1.7.2.3/xio-proxy.c 2014-01-28 18:39:01.000000000 +0100 @@ -1,5 +1,5 @@ /* source: xio-proxy.c */ -/* Copyright Gerhard Rieger 2002-2011 */ +/* Copyright Gerhard Rieger */ /* Published under the GNU General Public License V.2, see file COPYING */ /* this file contains the source for opening addresses of HTTP proxy CONNECT @@ -275,8 +275,9 @@ struct proxyvars *proxyvars, int level) { size_t offset; - char request[CONNLEN]; - char buff[BUFLEN+1]; + char request[CONNLEN]; /* HTTP connection request line */ + int rv; + char buff[BUFLEN+1]; /* for receiving HTTP reply headers */ #if CONNLEN > BUFLEN #error not enough buffer space #endif @@ -286,8 +287,12 @@ ssize_t sresult; /* generate proxy request header - points to final target */ - sprintf(request, "CONNECT %s:%u HTTP/1.0\r\n", - proxyvars->targetaddr, proxyvars->targetport); + rv = snprintf(request, CONNLEN, "CONNECT %s:%u HTTP/1.0\r\n", + proxyvars->targetaddr, proxyvars->targetport); + if (rv >= CONNLEN || rv < 0) { + Error("_xioopen_proxy_connect(): PROXY CONNECT buffer too small"); + return -1; + } /* send proxy CONNECT request (target addr+port) */ * xiosanitize(request, strlen(request), textbuff) = '\0'; ++++++ socat-remove_date.patch ++++++ From: Pascal Bleser <pascal.bleser@opensuse.org> Date: Sun, 02 Feb 2014 10:09:04 +0000 Subject: [PATCH] Remove __DATE__ and __TIME__ macros to avoid unneccessary rebuilds References: Upstream: no remove __DATE__ and __TIME__ macros to avoid unneccessary rebuilds fixes W: file-contains-date-and-time --- socat.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) Index: socat-1.7.2.3/socat.c =================================================================== --- socat-1.7.2.3.orig/socat.c 2011-12-06 07:44:41.000000000 +0000 +++ socat-1.7.2.3/socat.c 2014-03-03 19:31:00.000000000 +0000 @@ -70,8 +70,6 @@ static int socat_newchild(void); static const char socatversion[] = #include "./VERSION" ; -static const char timestamp[] = __DATE__" "__TIME__; - const char copyright_socat[] = "socat by Gerhard Rieger - see www.dest-unreach.org"; #if WITH_OPENSSL const char copyright_openssl[] = "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"; @@ -273,7 +271,7 @@ int main(int argc, const char *argv[]) { Info(copyright_openssl); Info(copyright_ssleay); #endif - Debug2("socat version %s on %s", socatversion, timestamp); + Debug1("socat version %s", socatversion); xiosetenv("VERSION", socatversion, 1); /* SOCAT_VERSION */ uname(&ubuf); /* ! here we circumvent internal tracing (Uname) */ Debug4("running on %s version %s, release %s, machine %s\n", @@ -363,7 +361,7 @@ void socat_version(FILE *fd) { struct utsname ubuf; fputs(copyright_socat, fd); fputc('\n', fd); - fprintf(fd, "socat version %s on %s\n", socatversion, timestamp); + fprintf(fd, "socat version %s\n", socatversion); Uname(&ubuf); fprintf(fd, " running on %s version %s, release %s, machine %s\n", ubuf.sysname, ubuf.version, ubuf.release, ubuf.machine); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org