seedsigner/buildroot
seedsigner/buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/socat: security bump to version 1.8.0.2

Browse Source 
It fixes an arbitrary file overwrite vulnerability in the readline.sh.
(CVE-2024-54661)

see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html

README hash changed due to version update.

Note: Buildroot is not impacted by this vulnerability as the
readline.sh is not installed on target.

Quoting changelog [1]:

    Mitigating factors: readline.sh is usually neither installed in a bin
    directory nor is it documented. Major Linux distributions install it in
    examples/ or doc/; however it is invoked by test.sh script.

[1] https://repo.or.cz/socat.git/blob/refs/tags/tag-1.8.0.2:/CHANGES

Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
[Julien: add note that Buildroot is not impacted in commit log]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit d70df3ab44159f297d562af47e164d00c724ba28)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Akhilesh Nema 2025-02-01 16:21:02 -08:00 committed by Peter Korsgaard
parent 02e33e9617
commit a28afd7d85
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/socat/socat.hash
View File

@ -1,8 +1,8 @@
# From http://www.dest-unreach.org/socat/download.md5sum
md5 e53a6e8e8594ac87476fe4ae361bbcd1 socat-1.8.0.1.tar.bz2
md5 7272fe53d51c63ca0e08e0339681803a socat-1.8.0.2.tar.bz2
# From http://www.dest-unreach.org/socat/download.sha256sum
sha256 6a283565db7cf86292c6f70504c58abb03e29888adeed5a6c5f3457e803c1b81 socat-1.8.0.1.tar.bz2
sha256 adc07a9c2723527cf6568d2fb96559794cf9c254a4bc2edd36f7f3789e9f7625 socat-1.8.0.2.tar.bz2
# Locally calculated
sha256 6c07bae42bf0a919c9dd6583f76cc9020a472652dcdad3e84923074a1f412d75 README
sha256 a18cf021c6380e8ef212c7a95460aff2d96fe9e2146bb09058651bc3b86f4d43 README
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761 COPYING.OpenSSL

2
package/socat/socat.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
SOCAT_VERSION = 1.8.0.1
SOCAT_VERSION = 1.8.0.2
SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
SOCAT_SITE = http://www.dest-unreach.org/socat/download
SOCAT_LICENSE = GPL-2.0 with OpenSSL exception