1.7.2.3: fixes CVE-2014-0019

OBS-URL: https://build.opensuse.org/package/show/network:utilities/socat?expand=0&rev=21

socat-1.7.2.2.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9a167af11a4d3809cbc66f5e2dcb39b6e371251282ef5de6ea6ff0c4be8a953c
-size 433222

socat-1.7.2.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0598ac54af7b138cda9e3c141bcf0cc63eeb2ab31f468a772dc3f7eb3896aad0
+size 424461

socat-remove_date.patch

@@ -0,0 +1,31 @@
+diff --git a/socat.c b/socat.c
+index 5062914..4c9aa1a 100644
+--- a/socat.c
++++ b/socat.c
+@@ -70,8 +70,6 @@ static int socat_newchild(void);
+ static const char socatversion[] =
+ #include "./VERSION"
+       ;
+-static const char timestamp[] = __DATE__" "__TIME__;
+-
+ const char copyright_socat[] = "socat by Gerhard Rieger - see www.dest-unreach.org";
+ #if WITH_OPENSSL
+ const char copyright_openssl[] = "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)";
+@@ -273,7 +271,7 @@ int main(int argc, const char *argv[]) {
+    Info(copyright_openssl);
+    Info(copyright_ssleay);
+ #endif
+-   Debug2("socat version %s on %s", socatversion, timestamp);
++   Debug1("socat version %s", socatversion);
+    xiosetenv("VERSION", socatversion, 1);	/* SOCAT_VERSION */
+    uname(&ubuf);	/* ! here we circumvent internal tracing (Uname) */
+    Debug4("running on %s version %s, release %s, machine %s\n",
+@@ -363,7 +361,7 @@ void socat_version(FILE *fd) {
+    struct utsname ubuf;
+ 
+    fputs(copyright_socat, fd); fputc('\n', fd);
+-   fprintf(fd, "socat version %s on %s\n", socatversion, timestamp);
++   fprintf(fd, "socat version %s\n", socatversion);
+    Uname(&ubuf);
+    fprintf(fd, "   running on %s version %s, release %s, machine %s\n",
+ 	   ubuf.sysname, ubuf.version, ubuf.release, ubuf.machine);

socat.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org
+
+- update to 1.7.2.3: security fix:
+  * CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
+    overflow with data from command line (see socat-secadv5.txt)
+
 -------------------------------------------------------------------
 Tue May 28 13:27:12 UTC 2013 - meissner@suse.com
 

socat.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -22,7 +22,7 @@ BuildRequires:  openssl-devel
 BuildRequires:  procps
 BuildRequires:  readline-devel
 BuildRequires:  tcpd-devel
-Version:        1.7.2.2
+Version:        1.7.2.3
 Release:        0
 Url:            http://www.dest-unreach.org/socat/
 Summary:        Multipurpose relay for bidirectional data transfer
@@ -30,6 +30,7 @@ License:        SUSE-GPL-2.0-with-openssl-exception and MIT
 Group:          Productivity/Networking/Other
 # 1.7.2.1: md5 7ddfea7e9e85f868670f94d3ea08358b
 Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
+Patch1:         socat-remove_date.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -42,6 +43,7 @@ combination of two of these.
 
 %prep
 %setup
+%patch1 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing"
@@ -65,6 +67,6 @@ mkdir -p \
 %{_bindir}/socat
 %{_bindir}/procan
 %{_bindir}/filan
-%{_mandir}/man1/socat.1%{ext_man}
+%{_mandir}/man1/socat.1*
 
 %changelog