Hello community,
here is the log from the commit of package socat for openSUSE:Factory checked in at 2014-03-06 19:29:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/socat (Old)
and /work/SRC/openSUSE:Factory/.socat.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "socat"
Changes:
--------
--- /work/SRC/openSUSE:Factory/socat/socat.changes 2013-06-05 13:13:13.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.socat.new/socat.changes 2014-03-06 19:29:36.000000000 +0100
@@ -1,0 +2,14 @@
+Mon Mar 3 19:35:45 UTC 2014 - andreas.stieger@gmx.de
+
+- mention patch in changelog entry, annotate patch
+
+-------------------------------------------------------------------
+Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org
+
+- update to 1.7.2.3: security fix:
+ * CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
+ overflow with data from command line (see socat-secadv5.txt)
+- added esocat-remove_date.patch to prevent unneccessary rebuilds,
+ fixes W: file-contains-date-and-time
+
+-------------------------------------------------------------------
Old:
----
socat-1.7.2.2.tar.bz2
New:
----
socat-1.7.2.3.tar.bz2
socat-remove_date.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ socat.spec ++++++
--- /var/tmp/diff_new_pack.M116w4/_old 2014-03-06 19:29:37.000000000 +0100
+++ /var/tmp/diff_new_pack.M116w4/_new 2014-03-06 19:29:37.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package socat
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2010 Pascal Bleser
#
# All modifications and additions to the file contributed by third parties
@@ -22,7 +22,7 @@
BuildRequires: procps
BuildRequires: readline-devel
BuildRequires: tcpd-devel
-Version: 1.7.2.2
+Version: 1.7.2.3
Release: 0
Url: http://www.dest-unreach.org/socat/
Summary: Multipurpose relay for bidirectional data transfer
@@ -30,6 +30,7 @@
Group: Productivity/Networking/Other
# 1.7.2.1: md5 7ddfea7e9e85f868670f94d3ea08358b
Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
+Patch1: socat-remove_date.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -42,6 +43,7 @@
%prep
%setup
+%patch1 -p1
%build
export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
@@ -65,6 +67,6 @@
%{_bindir}/socat
%{_bindir}/procan
%{_bindir}/filan
-%{_mandir}/man1/socat.1%{ext_man}
+%{_mandir}/man1/socat.1*
%changelog
++++++ socat-1.7.2.2.tar.bz2 -> socat-1.7.2.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/CHANGES new/socat-1.7.2.3/CHANGES
--- old/socat-1.7.2.2/CHANGES 2013-03-25 17:36:42.000000000 +0100
+++ new/socat-1.7.2.3/CHANGES 2014-01-28 18:39:01.000000000 +0100
@@ -1,4 +1,11 @@
+####################### V 1.7.2.3:
+
+security:
+ CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
+ overflow with data from command line (see socat-secadv5.txt)
+ Credits to Florian Weimer of the Red Hat Product Security Team
+
####################### V 1.7.2.2:
security:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/VERSION new/socat-1.7.2.3/VERSION
--- old/socat-1.7.2.2/VERSION 2013-03-25 17:42:07.000000000 +0100
+++ new/socat-1.7.2.3/VERSION 2014-01-28 18:39:01.000000000 +0100
@@ -1 +1 @@
-"1.7.2.2"
+"1.7.2.3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/test.sh new/socat-1.7.2.3/test.sh
--- old/socat-1.7.2.2/test.sh 2013-03-22 07:43:41.000000000 +0100
+++ new/socat-1.7.2.3/test.sh 2014-01-28 18:39:01.000000000 +0100
@@ -49,6 +49,9 @@
#SOCAT_EGD="egd=/dev/egd-pool"
MISCDELAY=1
[ -z "$SOCAT" ] && SOCAT="./socat"
+if [ ! -x "$SOCAT" ]; then
+ echo "$SOCAT does not exist" >&2; exit 1;
+fi
[ -z "$PROCAN" ] && PROCAN="./procan"
[ -z "$FILAN" ] && FILAN="./filan"
opts="$opt_t $OPTS"
@@ -10876,6 +10879,56 @@
PORT=$((PORT+1))
N=$((N+1))
+
+if false; then # this overflow is not reliably reproducable
+# socat up to 2.0.0-b6 did not check the length of the PROXY-CONNECT command line paramters when copying them into the HTTP request buffer. This could lead to a buffer overflow.
+NAME=PROXY_ADDR_OVFL
+case "$TESTS" in
+*%functions%*|*%bugs%*|*%security%*|*%socket%*|*%$NAME%*)
+TEST="$NAME: proxy address parameters overflow"
+# invoke socat PROXY-CONNECT with long proxy server and target server names. If it terminates with exit code >= 128 it is vulnerable
+# However, even if vulnerable it often does not crash. Therefore we try to use a boundary check program like ElectricFence; only with its help we can tell that clean run proofs absence of vulnerability
+if ! eval $NUMCOND; then :; else
+tf="$td/test$N.stdout"
+te="$td/test$N.stderr"
+tdiff="$td/test$N.diff"
+da="test$N $(date) $RANDOM"
+EF=; for p in ef; do
+ if type ef >/dev/null 2>&1; then
+ EF="ef "; break
+ fi
+done
+CMD0="$SOCAT $opts TCP-LISTEN:$PORT,reuseaddr FILE:/dev/null"
+#CMD1="$EF $SOCAT $opts FILE:/dev/null PROXY-CONNECT:$(perl -e "print 'A' x 256"):$(perl -e "print 'A' x 256"):80"
+CMD1="$EF $SOCAT $opts FILE:/dev/null PROXY-CONNECT:localhost:$(perl -e "print 'A' x 384"):80,proxyport=$PORT"
+printf "test $F_n $TEST... " $N
+$CMD0 >/dev/null 2>"${te}0" &
+pid0=$!
+waittcp4port $PORT 1
+$CMD1 >/dev/null 2>"${te}1"
+rc1=$?
+if [ $rc1 -lt 128 ]; then
+ if [ "$EF" ]; then
+ $PRINTF "$OK\n"
+ numOK=$((numOK+1))
+ else
+ $PRINTF "$UNKNOWN $RED(install ElectricFEnce!)$NORMAL\n"
+ numCANT=$((num+1))
+ fi
+else
+ $PRINTF "$FAILED\n"
+ echo "$CMD1"
+ cat "${te}"
+ numFAIL=$((numFAIL+1))
+fi
+fi # NUMCOND
+ ;;
+esac
+PORT=$((PORT+1))
+N=$((N+1))
+fi # false
+
+
###############################################################################
# here come tests that might affect your systems integrity. Put normal tests
# before this paragraph.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/socat-1.7.2.2/xio-proxy.c new/socat-1.7.2.3/xio-proxy.c
--- old/socat-1.7.2.2/xio-proxy.c 2011-12-06 08:45:03.000000000 +0100
+++ new/socat-1.7.2.3/xio-proxy.c 2014-01-28 18:39:01.000000000 +0100
@@ -1,5 +1,5 @@
/* source: xio-proxy.c */
-/* Copyright Gerhard Rieger 2002-2011 */
+/* Copyright Gerhard Rieger */
/* Published under the GNU General Public License V.2, see file COPYING */
/* this file contains the source for opening addresses of HTTP proxy CONNECT
@@ -275,8 +275,9 @@
struct proxyvars *proxyvars,
int level) {
size_t offset;
- char request[CONNLEN];
- char buff[BUFLEN+1];
+ char request[CONNLEN]; /* HTTP connection request line */
+ int rv;
+ char buff[BUFLEN+1]; /* for receiving HTTP reply headers */
#if CONNLEN > BUFLEN
#error not enough buffer space
#endif
@@ -286,8 +287,12 @@
ssize_t sresult;
/* generate proxy request header - points to final target */
- sprintf(request, "CONNECT %s:%u HTTP/1.0\r\n",
- proxyvars->targetaddr, proxyvars->targetport);
+ rv = snprintf(request, CONNLEN, "CONNECT %s:%u HTTP/1.0\r\n",
+ proxyvars->targetaddr, proxyvars->targetport);
+ if (rv >= CONNLEN || rv < 0) {
+ Error("_xioopen_proxy_connect(): PROXY CONNECT buffer too small");
+ return -1;
+ }
/* send proxy CONNECT request (target addr+port) */
* xiosanitize(request, strlen(request), textbuff) = '\0';
++++++ socat-remove_date.patch ++++++
From: Pascal Bleser
Date: Sun, 02 Feb 2014 10:09:04 +0000
Subject: [PATCH] Remove __DATE__ and __TIME__ macros to avoid unneccessary rebuilds
References:
Upstream: no
remove __DATE__ and __TIME__ macros to avoid unneccessary rebuilds
fixes W: file-contains-date-and-time
---
socat.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Index: socat-1.7.2.3/socat.c
===================================================================
--- socat-1.7.2.3.orig/socat.c 2011-12-06 07:44:41.000000000 +0000
+++ socat-1.7.2.3/socat.c 2014-03-03 19:31:00.000000000 +0000
@@ -70,8 +70,6 @@ static int socat_newchild(void);
static const char socatversion[] =
#include "./VERSION"
;
-static const char timestamp[] = __DATE__" "__TIME__;
-
const char copyright_socat[] = "socat by Gerhard Rieger - see www.dest-unreach.org";
#if WITH_OPENSSL
const char copyright_openssl[] = "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)";
@@ -273,7 +271,7 @@ int main(int argc, const char *argv[]) {
Info(copyright_openssl);
Info(copyright_ssleay);
#endif
- Debug2("socat version %s on %s", socatversion, timestamp);
+ Debug1("socat version %s", socatversion);
xiosetenv("VERSION", socatversion, 1); /* SOCAT_VERSION */
uname(&ubuf); /* ! here we circumvent internal tracing (Uname) */
Debug4("running on %s version %s, release %s, machine %s\n",
@@ -363,7 +361,7 @@ void socat_version(FILE *fd) {
struct utsname ubuf;
fputs(copyright_socat, fd); fputc('\n', fd);
- fprintf(fd, "socat version %s on %s\n", socatversion, timestamp);
+ fprintf(fd, "socat version %s\n", socatversion);
Uname(&ubuf);
fprintf(fd, " running on %s version %s, release %s, machine %s\n",
ubuf.sysname, ubuf.version, ubuf.release, ubuf.machine);
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org