Hello community,
here is the log from the commit of package socat for openSUSE:Factory
checked in at Thu Oct 28 13:29:18 CEST 2010.
--------
--- socat/socat.changes 2010-01-11 09:47:42.000000000 +0100
+++ socat/socat.changes 2010-08-02 14:10:18.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Aug 2 08:31:55 UTC 2010 - pascal.bleser@opensuse.org
+
+- update to 1.7.3:
+ * a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
socat-1.7.1.2.tar.bz2
New:
----
socat-1.7.1.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ socat.spec ++++++
--- /var/tmp/diff_new_pack.FovaXU/_old 2010-10-28 13:28:20.000000000 +0200
+++ /var/tmp/diff_new_pack.FovaXU/_new 2010-10-28 13:28:20.000000000 +0200
@@ -1,7 +1,8 @@
#
-# spec file for package socat (Version 1.7.1.2)
+# spec file for package socat (Version 1.7.1.3)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 Pascal Bleser
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,12 +21,11 @@
Name: socat
BuildRequires: openssl-devel procps readline-devel tcpd-devel
-Version: 1.7.1.2
+Version: 1.7.1.3
Release: 1
License: BSD3c ; GPLv2+
Group: Productivity/Networking/Other
Url: http://www.dest-unreach.org/socat/
-AutoReqProv: on
Summary: Multipurpose relay for bidirectional data transfer
Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -38,18 +38,12 @@
file descriptor (stdin etc.), the GNU line editor, a program, or a
combination of two of these.
-
-
-Authors:
---------
- Gerhard Rieger <socat at dest-unreach dot org>
-
%prep
%setup
%build
%{?suse_update_config:%{suse_update_config -f}}
-export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
+export CFLAGS="%{optflags} -fno-strict-aliasing"
./configure \
--prefix=%{_prefix} \
--mandir=%{_mandir} \
@@ -65,7 +59,7 @@
%{__make} DESTDIR=${RPM_BUILD_ROOT} install
%clean
-[ "${RPM_BUILD_ROOT}" != "/" -a -d ${RPM_BUILD_ROOT} ] && rm -rf ${RPM_BUILD_ROOT}
+%{?buildroot:%__rm -rf "%{buildroot}"}
%files
%defattr(-,root,root)
@@ -73,6 +67,5 @@
%{_bindir}/socat
%{_bindir}/procan
%{_bindir}/filan
-%{_mandir}/man1/socat.1.gz
-
+%{_mandir}/man1/socat.1%{ext_man}
%changelog
++++++ socat-1.7.1.2.tar.bz2 -> socat-1.7.1.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.1.2/CHANGES new/socat-1.7.1.3/CHANGES
--- old/socat-1.7.1.2/CHANGES 2010-01-10 14:31:11.000000000 +0100
+++ new/socat-1.7.1.3/CHANGES 2010-07-06 07:28:25.000000000 +0200
@@ -1,4 +1,15 @@
+####################### V 1.7.1.3:
+
+security:
+ fixed a stack overflow vulnerability that occurred when command
+ line arguments (whole addresses, host names, file names) were longer
+ than 512 bytes.
+ Note that this could only be exploited when an attacker was able to
+ inject data into socat's command line.
+ Full credits to Felix Gröbert, Google Security Team, for finding and
+ reporting this issue
+
####################### V 1.7.1.2:
corrections:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.1.2/VERSION new/socat-1.7.1.3/VERSION
--- old/socat-1.7.1.2/VERSION 2010-01-10 14:31:11.000000000 +0100
+++ new/socat-1.7.1.3/VERSION 2010-07-06 07:28:25.000000000 +0200
@@ -1 +1 @@
-"1.7.1.2"
+"1.7.1.3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.1.2/nestlex.c new/socat-1.7.1.3/nestlex.c
--- old/socat-1.7.1.2/nestlex.c 2008-09-22 21:59:28.000000000 +0200
+++ new/socat-1.7.1.3/nestlex.c 2010-07-06 07:28:25.000000000 +0200
@@ -1,5 +1,5 @@
/* source: nestlex.c */
-/* Copyright Gerhard Rieger 2006 */
+/* Copyright Gerhard Rieger 2006-2010 */
/* Published under the GNU General Public License V.2, see file COPYING */
/* a function for lexical scanning of nested character patterns */
@@ -211,7 +211,7 @@
}
*out++ = c;
--*len;
- if (len == 0) {
+ if (*len == 0) {
*addr = in;
*token = out;
return -1; /* output overflow */
@@ -222,7 +222,7 @@
/* just a simple char */
*out++ = c;
--*len;
- if (len == 0) {
+ if (*len == 0) {
*addr = in;
*token = out;
return -1; /* output overflow */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.1.2/test.sh new/socat-1.7.1.3/test.sh
--- old/socat-1.7.1.2/test.sh 2010-01-10 14:31:11.000000000 +0100
+++ new/socat-1.7.1.3/test.sh 2010-07-06 07:28:25.000000000 +0200
@@ -10115,6 +10115,7 @@
fi # NUMCOND
;;
esac
+PORT=$((PORT+1))
N=$((N+1))
@@ -10167,6 +10168,76 @@
fi # NUMCOND
;;
esac
+PORT=$((PORT+1))
+N=$((N+1))
+
+
+# socat up to 1.7.1.2 had a stack overflow vulnerability that occurred when
+# command line arguments (whole addresses, host names, file names) were longer
+# than 512 bytes.
+NAME=HOSTNAMEOVFL
+case "$TESTS" in
+*%functions%*|*%bugs%*|*%security%*|*%socket%*|*%$NAME%*)
+TEST="$NAME: stack overflow on overly long host name"
+# provide a long host name to TCP-CONNECT and check socats exit code
+if ! eval $NUMCOND; then :; else
+tf="$td/test$N.stdout"
+te="$td/test$N.stderr"
+tdiff="$td/test$N.diff"
+da="test$N $(date) $RANDOM"
+# prepare long data - perl might not be installed
+rm -f "$td/terst$N.dat"
+i=0; while [ $i -lt 64 ]; do echo -n "AAAAAAAAAAAAAAAA" >>"$td/test$N.dat"; i=$((i+1)); done
+CMD0="$SOCAT $opts TCP-CONNECT:$(cat "$td/test$N.dat"):$PORT STDIO"
+printf "test $F_n $TEST... " $N
+$CMD0 &0 2>"${te}0"
+rc0=$?
+if [ $rc0 -lt 128 ] || [ $rc0 -eq 255 ]; then
+ $PRINTF "$OK\n"
+ numOK=$((numOK+1))
+else
+ $PRINTF "$FAILED\n"
+ echo "$CMD0"
+ cat "${te}0"
+ numFAIL=$((numFAIL+1))
+fi
+fi # NUMCOND
+ ;;
+esac
+PORT=$((PORT+1))
+N=$((N+1))
+
+# socat up to 1.7.1.2 had a stack overflow vulnerability that occurred when
+# command line arguments (whole addresses, host names, file names) were longer
+# than 512 bytes.
+NAME=FILENAMEOVFL
+case "$TESTS" in
+*%functions%*|*%bugs%*|*%security%*|*%openssl%*|*%$NAME%*)
+TEST="$NAME: stack overflow on overly long file name"
+# provide a 600 bytes long key file option to SSL-CONNECT and check socats exit code
+if ! eval $NUMCOND; then :; else
+tf="$td/test$N.stdout"
+te="$td/test$N.stderr"
+tdiff="$td/test$N.diff"
+da="test$N $(date) $RANDOM"
+i=0; while [ $i -lt 64 ]; do echo -n "AAAAAAAAAAAAAAAA" >>"$td/test$N.dat"; i=$((i+1)); done
+CMD0="$SOCAT $opts OPENSSL:localhost:$PORT,key=$(cat "$td/test$N.dat") STDIO"
+printf "test $F_n $TEST... " $N
+$CMD0 &0 2>"${te}0"
+rc0=$?
+if [ $rc0 -lt 128 ] || [ $rc0 -eq 255 ]; then
+ $PRINTF "$OK\n"
+ numOK=$((numOK+1))
+else
+ $PRINTF "$FAILED\n"
+ echo "$CMD0"
+ cat "${te}0"
+ numFAIL=$((numFAIL+1))
+fi
+fi # NUMCOND
+ ;;
+esac
+PORT=$((PORT+1))
N=$((N+1))
@@ -10276,7 +10347,7 @@
printf "test $F_n $TEST... " $N
$CMD0 >/dev/null 2>"${te}0" &
pid0=$!
-wait<something>port $xy 1
+wait<something>port $PORT 1
echo "$da" |$CMD1 >"${tf}1" 2>"${te}1"
rc1=$?
kill $pid0 2>/dev/null; wait
@@ -10294,4 +10365,5 @@
fi # NUMCOND
;;
esac
+PORT=$((PORT+1))
N=$((N+1))
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org