diff --git a/socat-1.7.1.3-support-ipless-tuntap.patch b/socat-1.7.1.3-support-ipless-tuntap.patch deleted file mode 100644 index e46a3fe..0000000 --- a/socat-1.7.1.3-support-ipless-tuntap.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -up socat-1.7.1.3/xio-tun.c.orig socat-1.7.1.3/xio-tun.c ---- socat-1.7.1.3/xio-tun.c.orig 2011-05-19 20:25:38.654799000 +0200 -+++ socat-1.7.1.3/xio-tun.c 2011-05-19 20:37:48.675627004 +0200 -@@ -78,8 +78,8 @@ static int xioopen_tun(int argc, const c - char *ifaddr; - int result; - -- if (argc != 2) { -- Error2("%s: wrong number of parameters (%d instead of 1)", -+ if (argc > 2 || argc < 0) { -+ Error2("%s: wrong number of parameters (%d instead of 0 or 1)", - argv[0], argc-1); - } - -@@ -146,30 +146,31 @@ static int xioopen_tun(int argc, const c - } - - /*--------------------- setting interface address and netmask ------------*/ -- if ((ifaddr = strdup(argv[1])) == NULL) { -- Error1("strdup(\"%s\"): out of memory", argv[1]); -- return STAT_RETRYLATER; -+ if (argc == 2) { -+ if ((ifaddr = strdup(argv[1])) == NULL) { -+ Error1("strdup(\"%s\"): out of memory", argv[1]); -+ return STAT_RETRYLATER; -+ } -+ if ((result = xioparsenetwork(ifaddr, pf, &network)) != STAT_OK) { -+ /*! recover */ -+ return result; -+ } -+ socket_init(pf, (union sockaddr_union *)&ifr.ifr_addr); -+ ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr = -+ network.netaddr.ip4.sin_addr; -+ if (Ioctl(sockfd, SIOCSIFADDR, &ifr) < 0) { -+ Error4("ioctl(%d, SIOCSIFADDR, {\"%s\", \"%s\"}: %s", -+ sockfd, ifr.ifr_name, ifaddr, strerror(errno)); -+ } -+ ((struct sockaddr_in *)&ifr.ifr_netmask)->sin_addr = -+ network.netmask.ip4.sin_addr; -+ if (Ioctl(sockfd, SIOCSIFNETMASK, &ifr) < 0) { -+ Error4("ioctl(%d, SIOCSIFNETMASK, {\"0x%08u\", \"%s\"}, %s", -+ sockfd, ((struct sockaddr_in *)&ifr.ifr_netmask)->sin_addr.s_addr, -+ ifaddr, strerror(errno)); -+ } -+ free(ifaddr); - } -- if ((result = xioparsenetwork(ifaddr, pf, &network)) != STAT_OK) { -- /*! recover */ -- return result; -- } -- socket_init(pf, (union sockaddr_union *)&ifr.ifr_addr); -- ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr = -- network.netaddr.ip4.sin_addr; -- if (Ioctl(sockfd, SIOCSIFADDR, &ifr) < 0) { -- Error4("ioctl(%d, SIOCSIFADDR, {\"%s\", \"%s\"}: %s", -- sockfd, ifr.ifr_name, ifaddr, strerror(errno)); -- } -- ((struct sockaddr_in *)&ifr.ifr_netmask)->sin_addr = -- network.netmask.ip4.sin_addr; -- if (Ioctl(sockfd, SIOCSIFNETMASK, &ifr) < 0) { -- Error4("ioctl(%d, SIOCSIFNETMASK, {\"0x%08u\", \"%s\"}, %s", -- sockfd, ((struct sockaddr_in *)&ifr.ifr_netmask)->sin_addr.s_addr, -- ifaddr, strerror(errno)); -- } -- free(ifaddr); -- - /*--------------------- setting interface flags --------------------------*/ - applyopts_single(&xfd->stream, opts, PH_FD); - diff --git a/socat-1.7.2.1-errqueue.patch b/socat-1.7.2.1-errqueue.patch deleted file mode 100644 index 6aa89e2..0000000 --- a/socat-1.7.2.1-errqueue.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur socat-1.7.2.1-orig/xio-ip.c socat-1.7.2.1/xio-ip.c ---- socat-1.7.2.1-orig/xio-ip.c 2011-12-06 02:45:03.000000000 -0500 -+++ socat-1.7.2.1/xio-ip.c 2012-05-23 16:31:23.000000000 -0400 -@@ -42,6 +42,7 @@ - const struct optdesc opt_ip_hdrincl = { "ip-hdrincl", "hdrincl", OPT_IP_HDRINCL, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_HDRINCL }; - #endif - #ifdef IP_RECVERR -+# include - const struct optdesc opt_ip_recverr = { "ip-recverr", "recverr", OPT_IP_RECVERR, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_RECVERR }; - #endif - #ifdef IP_MTU_DISCOVER diff --git a/socat-1.7.2.1-procan-cdefs.patch b/socat-1.7.2.1-procan-cdefs.patch deleted file mode 100644 index 5375e02..0000000 --- a/socat-1.7.2.1-procan-cdefs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur socat-1.7.2.1-orig/procan-cdefs.c socat-1.7.2.1/procan-cdefs.c ---- socat-1.7.2.1-orig/procan-cdefs.c 2010-10-06 03:25:30.000000000 -0400 -+++ socat-1.7.2.1/procan-cdefs.c 2012-11-20 17:15:37.521215330 -0500 -@@ -20,7 +20,7 @@ - fprintf(outfile, "#define FD_SETSIZE %u\n", FD_SETSIZE); - #endif - #ifdef NFDBITS -- fprintf(outfile, "#define NFDBITS "F_Zu"\n", NFDBITS); -+ fprintf(outfile, "#define NFDBITS %u\n", NFDBITS); - #endif - #ifdef O_RDONLY - fprintf(outfile, "#define O_RDONLY %u\n", O_RDONLY); diff --git a/socat-1.7.2.4-errqueue.patch b/socat-1.7.2.4-errqueue.patch deleted file mode 100644 index 8e37d8e..0000000 --- a/socat-1.7.2.4-errqueue.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- a/config.h.in -+++ a/config.h.in -@@ -308,6 +308,9 @@ - /* define if your struct sigaction has sa_sigaction */ - #undef HAVE_STRUCT_SIGACTION_SA_SIGACTION - -+/* define if you have struct sock_extended_err */ -+#undef HAVE_STRUCT_SOCK_EXTENDED_ERR -+ - /* Define if your struct termios has component c_ispeed */ - #undef HAVE_TERMIOS_ISPEED - ---- a/configure.in -+++ a/configure.in -@@ -80,7 +80,8 @@ AC_HEADER_RESOLV() - AC_CHECK_HEADERS(termios.h linux/if_tun.h) - AC_CHECK_HEADERS(net/if_dl.h) - AC_CHECK_HEADERS(linux/types.h) --AC_CHECK_HEADER(linux/errqueue.h, AC_DEFINE(HAVE_LINUX_ERRQUEUE_H), [], [#include ]) -+AC_CHECK_HEADER(linux/errqueue.h, AC_DEFINE(HAVE_LINUX_ERRQUEUE_H), [], [#include -+#include ]) - AC_CHECK_HEADERS(sys/utsname.h sys/select.h sys/file.h) - AC_CHECK_HEADERS(util.h bsd/libutil.h libutil.h sys/stropts.h regex.h) - AC_CHECK_HEADERS(linux/fs.h linux/ext2_fs.h) -@@ -915,6 +916,22 @@ if test $sc_cv_type_sa_family_t = yes; then - fi - AC_MSG_RESULT($sc_cv_type_sa_family_t) - -+AC_MSG_CHECKING(for struct sock_extended_err) -+AC_CACHE_VAL(sc_cv_struct_sock_extended_err, -+[AC_TRY_COMPILE([#include -+#if TIME_WITH_SYS_TIME -+#include -+#endif -+#if HAVE_LINUX_ERRQUEUE_H -+#include -+#endif],[struct sock_extended_err s;], -+[sc_cv_struct_sock_extended_err=yes], -+[sc_cv_struct_sock_extended_err=no])]) -+if test $sc_cv_struct_sock_extended_err = yes; then -+ AC_DEFINE(HAVE_STRUCT_SOCK_EXTENDED_ERR) -+fi -+AC_MSG_RESULT($sc_cv_struct_sock_extended_err) -+ - AC_MSG_CHECKING(for struct sigaction.sa_sigaction) - AC_CACHE_VAL(sc_cv_struct_sigaction_sa_sigaction, - [AC_TRY_COMPILE([#include ],[struct sigaction s;s.sa_sigaction=0;], ---- a/xio-ip.c -+++ a/xio-ip.c -@@ -503,7 +503,7 @@ int xiolog_ancillary_ip(struct cmsghdr *cmsg, int *num, - return STAT_OK; - #endif /* defined(IP_PKTINFO) && HAVE_STRUCT_IN_PKTINFO */ - #endif /* WITH_IP4 */ --#ifdef IP_RECVERR -+#if defined(IP_RECVERR) && HAVE_STRUCT_SOCK_EXTENDED_ERR - case IP_RECVERR: { - struct sock_extended_err *err = - (struct sock_extended_err *)CMSG_DATA(cmsg); -@@ -521,7 +521,7 @@ int xiolog_ancillary_ip(struct cmsghdr *cmsg, int *num, - err->ee_code, '\0', err->ee_info, '\0', err->ee_data); - return STAT_OK; - } --#endif /* IP_RECVERR */ -+#endif /* defined(IP_RECVERR) && HAVE_STRUCT_SOCK_EXTENDED_ERR */ - #ifdef IP_RECVIF - case IP_RECVIF: { - /* spec in FreeBSD: /usr/include/net/if_dl.h */ diff --git a/socat-1.7.2.4-test.patch b/socat-1.7.2.4-test.patch deleted file mode 100644 index ba03f97..0000000 --- a/socat-1.7.2.4-test.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -Naur socat-1.7.2.4-orig/test.sh socat-1.7.2.4/test.sh ---- socat-1.7.2.4-orig/test.sh 2014-03-09 10:51:39.000000000 -0400 -+++ socat-1.7.2.4/test.sh 2014-04-10 19:26:46.744943241 -0400 -@@ -3713,11 +3713,13 @@ - if [ "$MYPID" = "$MYPPID" -o "$MYPID" = "$MYPGID" -o "$MYPID" = "$MYSID" -o \ - "$MYPPID" = "$MYPGID" -o "$MYPPID" = "$MYSID" -o "$MYPGID" = "$MYSID" ]; - then -- $PRINTF "$FAILED:\n" -- echo "$CMD" -- cat "$te" -- numFAIL=$((numFAIL+1)) -- listFAIL="$listFAIL $N" -+ $PRINTF "test $F_n $TEST... ${YELLOW}skipped - fails in mock ${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) -+ #$PRINTF "$FAILED:\n" -+ #echo "$CMD" -+ #cat "$te" -+ #numFAIL=$((numFAIL+1)) -+ #listFAIL="$listFAIL $N" - else - $PRINTF "$OK\n" - numOK=$((numOK+1)) -@@ -4218,7 +4220,11 @@ - elif ! testaddrs listen tcp ip4 >/dev/null || ! runsip4 >/dev/null; then - $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 not available${NORMAL}\n" $N - numCANT=$((numCANT+1)) -+elif test -n "not-empty"; then -+ $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 external network test skipped${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) - else -+# never called - tf="$td/test$N.stdout" - te="$td/test$N.stderr" - tdiff="$td/test$N.diff" -@@ -4263,7 +4269,11 @@ - elif ! testaddrs listen tcp ip6 >/dev/null || ! runsip6 >/dev/null; then - $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv6 not available${NORMAL}\n" $N - numCANT=$((numCANT+1)) -+elif test -n "not-empty"; then -+ $PRINTF "test $F_n $TEST... ${YELLOW}TCP/IPv4 external network test skipped${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) - else -+# never called - tf="$td/test$N.stdout" - te="$td/test$N.stderr" - tdiff="$td/test$N.diff" -@@ -4303,6 +4313,9 @@ - *%$N%*|*%functions%*|*%socks%*|*%socks4a%*|*%tcp%*|*%tcp4%*|*%ip4%*|*%$NAME%*) - TEST="$NAME: socks4a connect over TCP/IPv4" - if ! eval $NUMCOND; then :; -+elif test -n "not-empty"; then -+ $PRINTF "test $F_n $TEST... ${YELLOW}SOCKS4A skipped - unreliable in mock ${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) - elif ! testaddrs socks4a >/dev/null; then - $PRINTF "test $F_n $TEST... ${YELLOW}SOCKS4A not available${NORMAL}\n" $N - numCANT=$((numCANT+1)) -@@ -4348,6 +4361,9 @@ - *%$N%*|*%functions%*|*%socks%*|*%socks4a%*|*%tcp%*|*%tcp6%*|*%ip6%*|*%$NAME%*) - TEST="$NAME: socks4a connect over TCP/IPv6" - if ! eval $NUMCOND; then :; -+elif test -n "not-empty"; then -+ $PRINTF "test $F_n $TEST... ${YELLOW}SOCKS4A skipped - unreliable in mock ${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) - elif ! testaddrs socks4a >/dev/null; then - $PRINTF "test $F_n $TEST... ${YELLOW}SOCKS4A not available${NORMAL}\n" $N - numCANT=$((numCANT+1)) -@@ -9660,6 +9676,9 @@ - # outside code then checks if the environment contains the variables correctly - # describing the peer and local sockets. - if ! eval $NUMCOND; then :; -+elif test -n "not-empty"; then -+ $PRINTF "test $F_n $TEST... ${YELLOW}$(echo "$feat" |tr a-z A-Z) too unreliable${NORMAL}\n" $N -+ numCANT=$((numCANT+1)) - elif ! feat=$(testaddrs $FEAT); then - $PRINTF "test $F_n $TEST... ${YELLOW}$(echo "$feat" |tr a-z A-Z) not available${NORMAL}\n" $N - numCANT=$((numCANT+1)) -@@ -9669,7 +9688,7 @@ - numCANT=$((numCANT+1)) - elif [ "$KEYW" = "SCTP4" ] && ! runssctp4 "$((PORT))"; then - $PRINTF "test $F_n $TEST... ${YELLOW}$KEYW not available${NORMAL}\n" $N --elif [ "$KEYW" = "SCTP6" ] && ! runssctp4 "$((PORT))"; then -+elif [ "$KEYW" = "SCTP6" ] && ! runssctp6 "$((PORT))"; then - #!!! branch not reached - caught above! - $PRINTF "test $F_n $TEST... ${YELLOW}$KEYW not available${NORMAL}\n" $N - else diff --git a/socat-1.7.4.0-uint64_t.patch b/socat-1.7.4.0-uint64_t.patch deleted file mode 100644 index 9b1a8a9..0000000 --- a/socat-1.7.4.0-uint64_t.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -Naur socat-1.7.4.0-orig/compat.h socat-1.7.4.0/compat.h ---- socat-1.7.4.0-orig/compat.h 2021-01-03 13:23:22.000000000 -0500 -+++ socat-1.7.4.0/compat.h 2021-01-04 14:07:30.229747181 -0500 -@@ -134,6 +134,8 @@ - # define F_uint64_t "%u" - # elif HAVE_BASIC_UINT64_T==6 - # define F_uint64_t "%lu" -+# elif HAVE_BASIC_UINT64_T==8 -+# define F_uint64_t "%llu" - # else - # error "HAVE_BASIC_UINT64_T is out of range:" HAVE_BASIC_UINT64_T - # endif -@@ -147,7 +149,7 @@ - # elif HAVE_BASIC_INT16_T==3 - # define F_int16_t "%d" - # elif HAVE_BASIC_INT16_T==5 --# define F_int16_t "%l" -+# define F_int16_t "%ld" - # else - # error "HAVE_BASIC_INT16_T is out of range:" HAVE_BASIC_INT16_T - # endif -@@ -161,7 +163,7 @@ - # elif HAVE_BASIC_INT32_T==3 - # define F_int32_t "%d" - # elif HAVE_BASIC_INT32_T==5 --# define F_int32_t "%l" -+# define F_int32_t "%ld" - # else - # error "HAVE_BASIC_INT32_T is out of range:" HAVE_BASIC_INT32_T - # endif -@@ -175,7 +177,9 @@ - # elif HAVE_BASIC_INT64_T==3 - # define F_int64_t "%d" - # elif HAVE_BASIC_INT64_T==5 --# define F_int64_t "%l" -+# define F_int64_t "%ld" -+# elif HAVE_BASIC_INT64_T==7 -+# define F_int64_t "%lld" - # else - # error "HAVE_BASIC_INT64_T is out of range:" HAVE_BASIC_INT64_T - # endif diff --git a/socat-1.7.4.4-CVE-2024-54661.patch b/socat-1.7.4.4-CVE-2024-54661.patch new file mode 100644 index 0000000..a1e1658 --- /dev/null +++ b/socat-1.7.4.4-CVE-2024-54661.patch @@ -0,0 +1,22 @@ +http://www.dest-unreach.org/socat/contrib/socat-secadv9.html + +--- socat-1.8.0.1/readline.sh 2019-04-04 10:59:55.000000000 +0200 ++++ socat-1.8.0.2/readline.sh 2024-12-06 11:44:17.376502570 +0100 +@@ -22,9 +22,15 @@ + else + HISTOPT= + fi +-mkdir -p /tmp/$USER || exit 1 + # + # + +-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2 ++if test -w .; then ++ STDERR=./socat-readline.${1##*/}.log ++ rm -f $STDERR ++else ++ STDERR=/dev/null ++fi ++ ++exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR + diff --git a/socat-ext2.patch b/socat-ext2.patch deleted file mode 100644 index f22f9a7..0000000 --- a/socat-ext2.patch +++ /dev/null @@ -1,13 +0,0 @@ -*** xio-ext2.c.orig 2007-02-19 23:26:33.000000000 -0500 ---- xio-ext2.c 2007-02-19 23:24:58.000000000 -0500 -*************** -*** 15,20 **** ---- 15,22 ---- - - /****** FD options ******/ - -+ #include -+ - #ifdef EXT2_SECRM_FL - /* secure deletion, chattr 's' */ - const struct optdesc opt_ext2_secrm = { "ext2-secrm", "secrm", OPT_EXT2_SECRM, GROUP_REG, PH_FD, TYPE_BOOL, OFUNC_IOCTL_MASK_LONG, EXT2_IOC_GETFLAGS, EXT2_IOC_SETFLAGS, EXT2_SECRM_FL }; diff --git a/socat-wall.patch b/socat-wall.patch deleted file mode 100644 index a442a77..0000000 --- a/socat-wall.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- /home/paul/BUILD/socat-1.7.1.1/configure.in 2009-05-06 14:09:03.000000000 -0400 -+++ configure.in 2009-05-09 09:29:03.000000000 -0400 -@@ -84,7 +84,7 @@ AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB - dnl Check for hstrerror prototype - AC_MSG_CHECKING(for hstrerror prototype) - AC_CACHE_VAL(sc_cv_have_prototype_hstrerror, --[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $CFLAGS1"; -+[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $(echo "$CFLAGS1" | sed -e 's@-Wall\>@@g')"; - AC_TRY_COMPILE([#include ],[hstrerror();], - [sc_cv_have_prototype_hstrerror=no], - [sc_cv_have_prototype_hstrerror=yes]); -@@ -1296,7 +1296,7 @@ dnl output values: 1..short, 2..unsign - dnl 5..long, 6..u-long; others not yet supported - define(AC_BASIC_TYPE,[ - AC_CACHE_CHECK(for equivalent simple type of $2, $4, --[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $CFLAGS1" -+[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $(echo "$CFLAGS1" | sed -e 's@-Wall\>@@g')" - AC_TRY_COMPILE([$1],[$2 u; short v; &u==&v;], - [$4="1 /* short */"], - [AC_TRY_COMPILE([$1],[$2 u; unsigned short v; &u==&v;], -@@ -1328,7 +1328,7 @@ dnl arg4: output variable, values see AC - dnl arg5: cache variable (might be constructed automatically) - define(AC_TYPEOF_COMPONENT,[ - AC_CACHE_CHECK(for basic type of $2.$3, $5, --[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $CFLAGS1" -+[CFLAGS1="$CFLAGS"; CFLAGS="-Werror -O0 $(echo "$CFLAGS1" | sed -e 's@-Wall\>@@g')" - AC_TRY_COMPILE([$1],[$2 u;short v; &u.$3==&v;], - [$5="1 /* short */"], - [AC_TRY_COMPILE([$1],[$2 u; unsigned short v; &u.$3==&v;], diff --git a/socat.spec b/socat.spec index a8f073b..2fd684a 100644 --- a/socat.spec +++ b/socat.spec @@ -3,13 +3,14 @@ Summary: Bidirectional data relay between two data channels ('netcat++') Name: socat Version: 1.7.4.4 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL-2.0-only Url: http://www.dest-unreach.org/socat/ Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz Patch1: socat-1.7.3.3-warn.patch Patch2: socat-configure-c99.patch +Patch3: socat-1.7.4.4-CVE-2024-54661.patch BuildRequires: make BuildRequires: gcc @@ -30,8 +31,7 @@ line editor (readline), a program, or a combination of two of these. %setup -q iconv -f iso8859-1 -t utf-8 CHANGES > CHANGES.utf8 mv CHANGES.utf8 CHANGES -%patch1 -p1 -%patch2 -p1 +%autopatch -p1 %build %configure \ @@ -75,6 +75,11 @@ export OD_C=/usr/bin/od %doc %{_mandir}/man1/* %changelog +* Tue Jan 7 2025 Joe Orton - 1.7.4.4-8 +- add fix for CVE-2024-54661 + Resolves: RHEL-70097 +- switch to autopatch, remove unused patches + * Tue Oct 29 2024 Troy Dawson - 1.7.4.4-7 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018