Thu Aug 12 17:54:14 2010 UTC ()

Update socat to 1.7.1.3

Changelog:

security:
	fixed a stack overflow vulnerability that occurred when command
	line arguments (whole addresses, host names, file names) were longer
	than 512 bytes.
	Note that this could only be exploited when an attacker was able to
	inject data into socat's command line.
	Full credits to Felix Grobert, Google Security Team, for finding and
	reporting this issue


(zafer)

diff -r1.23 -r1.24 pkgsrc/net/socat/Makefile
diff -r1.14 -r1.15 pkgsrc/net/socat/distinfo

--- pkgsrc/net/socat/Makefile 2010/04/19 19:52:13 1.23
+++ pkgsrc/net/socat/Makefile 2010/08/12 17:54:14 1.24

 @@ -1,16 +1,16 @@
-# $NetBSD: Makefile,v 1.23 2010/04/19 19:52:13 zafer Exp $
+# $NetBSD: Makefile,v 1.24 2010/08/12 17:54:14 zafer Exp $
-DISTNAME=	socat-1.7.1.2
+DISTNAME=	socat-1.7.1.3
 CATEGORIES=	net
 MASTER_SITES=	http://www.dest-unreach.org/socat/download/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.dest-unreach.org/socat/
 COMMENT=	"netcat++" (extended design, new implementation)
 LICENSE=	gnu-gpl-v2
 PKG_DESTDIR_SUPPORT=	user-destdir
 GNU_CONFIGURE=		YES
 USE_GNU_READLINE=	YES
 ONLY_FOR_COMPILER=	gcc	# uses -Werror in the configure script

--- pkgsrc/net/socat/distinfo 2010/04/19 19:52:13 1.14
+++ pkgsrc/net/socat/distinfo 2010/08/12 17:54:14 1.15

 @@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.14 2010/04/19 19:52:13 zafer Exp $
+$NetBSD: distinfo,v 1.15 2010/08/12 17:54:14 zafer Exp $
-SHA1 (socat-1.7.1.2.tar.gz) = dbd76e9fdac13ae95c46be9bb8a95ef4258bb466
+SHA1 (socat-1.7.1.3.tar.gz) = 5a42275da0d8a5182452b36535a74c3cdf21793b
-RMD160 (socat-1.7.1.2.tar.gz) = 2ef9b80cf5e6cc57a837c0c78e269538460aaeee
+RMD160 (socat-1.7.1.3.tar.gz) = fa4fdb731b5bef344f6c24a5bc242ae910728d57
-Size (socat-1.7.1.2.tar.gz) = 554091 bytes
+Size (socat-1.7.1.3.tar.gz) = 553489 bytes
 SHA1 (patch-aa) = c10b68a5ca36ec27c6e77a01f6f89a832a4862eb