* [Buildroot] [git commit branch/2020.11.x] package/socat: security bump to version 1.7.4.1
@ 2021-01-30 15:38 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-01-30 15:38 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=05677757026e524b2740b27683cb875d20d75ee1
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.11.x
Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based
buffer overflow, assuming the attacker could provide this parameter.
- Update indentation in hash file (two spaces)
- Update hash of README file due to minor updates:
https://repo.or.cz/socat.git/commit/b145170837d75bd7a1a5803283910ab075d47bea
https://repo.or.cz/socat.git/commit/0a115feadc3102f17e0a8a1a985319af0295f704
http://www.dest-unreach.org/socat/doc/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1b18d9104f7b2f4e7710a094501d72d457c8001f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/socat/socat.hash | 10 +++++-----
package/socat/socat.mk | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/package/socat/socat.hash b/package/socat/socat.hash
index e5b65925d1..5a4c520455 100644
--- a/package/socat/socat.hash
+++ b/package/socat/socat.hash
@@ -1,8 +1,8 @@
# From http://www.dest-unreach.org/socat/download.md5sum
-md5 3cca4f8cd9d2d1caabd9cc099451bac9 socat-1.7.3.4.tar.bz2
+md5 36cad050ecf4981ab044c3fbd75c643f socat-1.7.4.1.tar.bz2
# From http://www.dest-unreach.org/socat/download.sha256sum
-sha256 972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc socat-1.7.3.4.tar.bz2
+sha256 3faca25614e89123dff5045680549ecef519d02e331aaf3c4f5a8f6837c675e9 socat-1.7.4.1.tar.bz2
# Locally calculated
-sha256 4846488cea98a2905dc75b7aa5eea721568e372447efe06b85bd896ee8c54f10 README
-sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
-sha256 fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761 COPYING.OpenSSL
+sha256 b1ebebbce145027f4268211f36d121b083aeeabdc1736eb144b8afd8e86ce8da README
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256 fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761 COPYING.OpenSSL
diff --git a/package/socat/socat.mk b/package/socat/socat.mk
index 4bfdc18f91..ad450727e0 100644
--- a/package/socat/socat.mk
+++ b/package/socat/socat.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SOCAT_VERSION = 1.7.3.4
+SOCAT_VERSION = 1.7.4.1
SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
SOCAT_SITE = http://www.dest-unreach.org/socat/download
SOCAT_LICENSE = GPL-2.0 with OpenSSL exception
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-30 15:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-30 15:38 [Buildroot] [git commit branch/2020.11.x] package/socat: security bump to version 1.7.4.1 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.