Hello community, here is the log from the commit of package socat.546 for openSUSE:11.4:Update checked in at 2012-07-02 17:18:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:11.4:Update/socat.546 (Old) and /work/SRC/openSUSE:11.4:Update/.socat.546.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "socat.546", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-06-28 07:48:42.835576985 +0200 +++ /work/SRC/openSUSE:11.4:Update/.socat.546.new/socat.changes 2012-07-02 17:18:36.000000000 +0200 @@ -0,0 +1,184 @@ +------------------------------------------------------------------- +Mon Jun 11 02:48:27 UTC 2012 - [email protected] + +- fixed heap overflow in READLINE output mode (bnc#759859 / CVE-2012-0219) + socat-1.7.2.1.patch + +------------------------------------------------------------------- +Mon Aug 2 08:31:55 UTC 2010 - [email protected] + +- update to 1.7.3: + * a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes + +------------------------------------------------------------------- +Mon Jan 11 08:24:32 UTC 2010 - [email protected] + +- upgraded to 1.7.1.2: + + fixes OpenSSL "nonblock" failure + + fixes 64-bit issues and some minor bugs + +- changes from 1.7.1.1: + + fixes a couple of bugs, some of which could crash socat under some + circumstances + +- changes from 1.7.1.0: + + provides a few new address options to better control its closing behavior + +- changes from 1.7.0.1: + * fixes a possible SIGSEGV in listening addresses + * fixes client connections with option connect-timeout failed when the + connections succeeded + * fixes the option end-close "did not apply" to some addresses + * half close of EXEC and SYSTEM addresses might have failed for pipes and + socketpair + +------------------------------------------------------------------- +Thu Oct 16 09:56:41 CEST 2008 - [email protected] + +- upgraded to 1.7.0.0 + - support for SCTP stream sockets, raw interface, and generic sockets. + - A new option escape allows it to interrupt raw terminal connections. + - Listening and receiving sockets can set a couple of environment variables. + - Base control of System V STREAMS has been added. + - Many corrections were performed. + +------------------------------------------------------------------- +Mon Feb 11 10:24:33 CET 2008 - [email protected] + +- Update to version 1.6.0.1. + + exec:...,pty did not kill child process under some circumstances; fixed + by correcting typo in xio-progcall.c + + service name resolution failed due to byte order mistake + + socat would hang when invoked with many file descriptors already opened + fix: replaced FOPEN_MAX with FD_SETSIZE + + fixed bugs where sub processes would become zombies because the master + process did not catch SIGCHLD. this affected addresses UDP-LISTEN, + UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT, + ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A + + fixed a bug where sub processes would become zombies because the master + process caught SIGCHLD but did not wait(). this affected addresses + UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM + + corrected option handling with STDIO; usecase: cool-write + + configure --disable-pty also disabled option waitlock + + fixed small bugs on systems with struct ip_mreq without struct ip_mreqn +- Update to version 1.6.0.0. + + new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast + and multicast modes + + new option ip-add-membership for control of multicast group membership + + new address TUN for generation of Linux TUN/TAP pseudo network + interfaces (suggested by Mat Caughron); associated options tun-device, + tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc. + + new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO, + ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses + on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls + socklen parameter on system calls. + + option end-close for control of connection closing allows FD sharing + by sub processes + + range option supports form address:mask with IPv4 + + changed behaviour of SSL-LISTEN to require and verify client + certificate per default + + options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer + grained locking on regular files + + fixed bug where only first tcpwrap option was applied; fixed bug where + tcpwrap IPv6 check always failed + and fixing this bug) + + filan (and socat -D) could hang when a socket was involved + + corrected PTYs on HP-UX (and maybe others) using STREAMS + + correct bind with udp6-listen + + corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro + + corrected problem with read data buffered in OpenSSL layer + + corrected problem with option readbytes when input stream stayed idle + after so many bytes + + fixed a bug where a datagram receiver with option fork could fork two + sub processes per packet +- Don't call test.sh as it doesn't pass if called as non root. +- Don't remove the buildroot in the install section. +- Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available. + +------------------------------------------------------------------- +Thu Mar 22 10:18:31 CET 2007 - [email protected] + +- fix build with newer kernel headers: + some common FS-specific ioctls moved to linux/fs.h + +------------------------------------------------------------------- +Mon Jul 17 12:43:39 CEST 2006 - [email protected] + +- Update to version 1.5.0.0. + + new datagram modes for udp, rawip, unix domain sockets + + socat option -T specifies inactivity timeout + + rewrote lexical analysis to allow nested socat calls + + addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6 + + socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP, + SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection + + addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6 + + option protocol-family (pf), esp. for openssl-listen + + range option supports IPv6 - syntax: range=[::1/128] + + option ipv6-v6only (ipv6only) + + new tcp-wrappers options allow-table, deny-table, tcpwrap-etc + + FIPS version of OpenSSL can be integrated - initial patch provided by + David Acker. See README.FIPS + + support for resolver options res-debug, aaonly, usevc, primary, igntc, + recurse, defnames, stayopen, dnsrch + + options for file attributes on advanced filesystems (ext2, ext3, + reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump, + ext2-noatime, journal-data etc. + + option cool-write controls severeness of write failure (EPIPE, + ECONNRESET) + + option o-noatime + + socat option -lh for hostname in log output + + traffic dumping provides packet headers + + configure.in became part of distribution + + socats unpack directory now has full version, e.g. socat-1.5.0.0/ + + corrected docu of option verify + +------------------------------------------------------------------- +Wed Jan 25 21:41:44 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Apr 26 15:20:20 CEST 2005 - [email protected] + +- disabled test on ARM (hangs QEMU) + +------------------------------------------------------------------- +Sun Mar 20 20:14:32 CET 2005 - [email protected] + +- Update to version 1.4.2.0. + +------------------------------------------------------------------- +Sun Dec 12 15:51:50 CET 2004 - [email protected] + +- Update to version 1.4.1.0. + +------------------------------------------------------------------- +Tue Oct 26 23:18:18 CEST 2004 - [email protected] + +- Update to version 1.4.0.3. + +------------------------------------------------------------------- +Mon Sep 27 00:26:39 CEST 2004 - [email protected] + +- Update to version 1.4.0.2. + +------------------------------------------------------------------- +Sat Aug 28 15:33:21 CEST 2004 - [email protected] + +- Add readline.sh to the examples. + +------------------------------------------------------------------- +Fri Aug 27 16:25:49 CEST 2004 - [email protected] + +- Update to version 1.4.0.1. + +------------------------------------------------------------------- +Mon Jun 14 15:21:13 CEST 2004 - [email protected] + +- Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/ + BuildRequires. + +------------------------------------------------------------------- +Mon Jun 14 12:30:55 CEST 2004 - [email protected] + +- Inital SuSE RPM based on source tar ball spec file. New: ---- socat-1.7.1.3.tar.bz2 socat-1.7.2.1.patch socat.changes socat.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ socat.spec ++++++ # # spec file for package socat (Version 1.7.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 Pascal Bleser <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: socat BuildRequires: openssl-devel procps readline-devel tcpd-devel Version: 1.7.1.3 Release: 1 License: BSD3c ; GPLv2+ Group: Productivity/Networking/Other Url: http://www.dest-unreach.org/socat/ Summary: Multipurpose relay for bidirectional data transfer Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2 Patch0: socat-1.7.2.1.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor, a program, or a combination of two of these. %prep %setup -q %patch0 -p1 %build %{?suse_update_config:%{suse_update_config -f}} export CFLAGS="%{optflags} -fno-strict-aliasing" ./configure \ --prefix=%{_prefix} \ --mandir=%{_mandir} \ --sysconfdir=%{_sysconfdir} %{__make} all mkdir examples mv daemon.sh ftp.sh mail.sh proxyecho.sh readline.sh examples %install mkdir -p \ ${RPM_BUILD_ROOT}/%{_bindir} \ ${RPM_BUILD_ROOT}/%{_mandir}/man1 %{__make} DESTDIR=${RPM_BUILD_ROOT} install %clean %{?buildroot:%__rm -rf "%{buildroot}"} %files %defattr(-,root,root) %doc BUGREPORTS CHANGES COPYING COPYING.OpenSSL DEVELOPMENT EXAMPLES FAQ FILES PORTING README SECURITY VERSION examples %{_bindir}/socat %{_bindir}/procan %{_bindir}/filan %{_mandir}/man1/socat.1%{ext_man} %changelog ++++++ socat-1.7.2.1.patch ++++++ diff --git a/xio-readline.c b/xio-readline.c index 5ffd8ed..dd6998e 100644 --- a/xio-readline.c +++ b/xio-readline.c @@ -214,25 +214,26 @@ void xioscan_readline(struct single *pipe, const void *buff, size_t bytes) { if (pipe->dtype == XIODATA_READLINE && pipe->para.readline.dynprompt) { /* we save the last part of the output as possible prompt */ const void *ptr = buff; - const void *pcr = memrchr(buff, '\r', bytes); - const void *plf = memrchr(buff, '\n', bytes); + const void *pcr; + const void *plf; size_t len; + if (bytes > pipe->para.readline.dynbytes) { ptr = (const char *)buff + bytes - pipe->para.readline.dynbytes; + len = pipe->para.readline.dynbytes; + } else { + len = bytes; } - if (pcr) { - /* forget old prompt */ - pipe->para.readline.dynend = pipe->para.readline.dynprompt; - /* new prompt starts here */ - ptr = (const char *)pcr+1; - } - if (plf && plf >= ptr) { + pcr = memrchr(ptr, '\r', len); + plf = memrchr(ptr, '\n', len); + if (pcr != NULL || plf != NULL) { + const void *peol = Max(pcr, plf); /* forget old prompt */ pipe->para.readline.dynend = pipe->para.readline.dynprompt; + len -= (peol+1 - ptr); /* new prompt starts here */ - ptr = (const char *)plf+1; + ptr = (const char *)peol+1; } - len = (const char *)buff-(const char *)ptr+bytes; if (pipe->para.readline.dynend - pipe->para.readline.dynprompt + len > pipe->para.readline.dynbytes) { memmove(pipe->para.readline.dynprompt, @@ -243,7 +244,6 @@ void xioscan_readline(struct single *pipe, const void *buff, size_t bytes) { pipe->para.readline.dynprompt + pipe->para.readline.dynbytes - len; } memcpy(pipe->para.readline.dynend, ptr, len); - /*pipe->para.readline.dynend = pipe->para.readline.dynprompt + len;*/ pipe->para.readline.dynend = pipe->para.readline.dynend + len; } return; -- 1.7.0.4 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
