From 68745e7519573d56485e4bb00cb06a0db0aef079 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: May 27 2013 20:39:33 +0000 Subject: * Mon May 27 2013 Paul Wouters - 1.7.2.2-2 - Added two patches that fixes some -Wformat warnings. these fix 2 of 3 failing test cases from test.sh - Enabled hardening with full relro/pie - Switched from readline5 to readline (6) --- diff --git a/socat-1.7.2.1-errqueue.patch b/socat-1.7.2.1-errqueue.patch new file mode 100644 index 0000000..6aa89e2 --- /dev/null +++ b/socat-1.7.2.1-errqueue.patch @@ -0,0 +1,11 @@ +diff -Naur socat-1.7.2.1-orig/xio-ip.c socat-1.7.2.1/xio-ip.c +--- socat-1.7.2.1-orig/xio-ip.c 2011-12-06 02:45:03.000000000 -0500 ++++ socat-1.7.2.1/xio-ip.c 2012-05-23 16:31:23.000000000 -0400 +@@ -42,6 +42,7 @@ + const struct optdesc opt_ip_hdrincl = { "ip-hdrincl", "hdrincl", OPT_IP_HDRINCL, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_HDRINCL }; + #endif + #ifdef IP_RECVERR ++# include + const struct optdesc opt_ip_recverr = { "ip-recverr", "recverr", OPT_IP_RECVERR, GROUP_SOCK_IP, PH_PASTSOCKET, TYPE_INT, OFUNC_SOCKOPT, SOL_IP, IP_RECVERR }; + #endif + #ifdef IP_MTU_DISCOVER diff --git a/socat-1.7.2.1-procan-cdefs.patch b/socat-1.7.2.1-procan-cdefs.patch new file mode 100644 index 0000000..5375e02 --- /dev/null +++ b/socat-1.7.2.1-procan-cdefs.patch @@ -0,0 +1,12 @@ +diff -Naur socat-1.7.2.1-orig/procan-cdefs.c socat-1.7.2.1/procan-cdefs.c +--- socat-1.7.2.1-orig/procan-cdefs.c 2010-10-06 03:25:30.000000000 -0400 ++++ socat-1.7.2.1/procan-cdefs.c 2012-11-20 17:15:37.521215330 -0500 +@@ -20,7 +20,7 @@ + fprintf(outfile, "#define FD_SETSIZE %u\n", FD_SETSIZE); + #endif + #ifdef NFDBITS +- fprintf(outfile, "#define NFDBITS "F_Zu"\n", NFDBITS); ++ fprintf(outfile, "#define NFDBITS %u\n", NFDBITS); + #endif + #ifdef O_RDONLY + fprintf(outfile, "#define O_RDONLY %u\n", O_RDONLY); diff --git a/socat.spec b/socat.spec index f1be6b9..6b87fd8 100644 --- a/socat.spec +++ b/socat.spec @@ -1,14 +1,18 @@ +%global _hardened_build 1 + Summary: Bidirectional data relay between two data channels ('netcat++') Name: socat Version: 1.7.2.2 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Url: http://www.dest-unreach.org/%{name} Source: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: openssl-devel compat-readline5-devel ncurses-devel +BuildRequires: openssl-devel readline-devel ncurses-devel BuildRequires: autoconf kernel-headers > 2.6.18 +Patch1: socat-1.7.2.1-procan-cdefs.patch +Patch2: socat-1.7.2.1-errqueue.patch %description Socat is a relay for bidirectional data transfer between two independent data @@ -16,17 +20,18 @@ channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor (readline), a program, or a combination of two of these. -The compat-readline5 library is used to avoid GPLv2 vs GPLv3 issues. %prep %setup -q iconv -f iso8859-1 -t utf-8 CHANGES > CHANGES.utf8 mv CHANGES.utf8 CHANGES +%patch1 -p1 +%patch2 -p1 %build + autoconf -export CPPFLAGS="-I%{_includedir}/readline5" LDFLAGS="-L%{_libdir}/readline5" %configure \ --enable-help --enable-stdio \ --enable-fdnum --enable-file --enable-creat \ @@ -36,7 +41,8 @@ export CPPFLAGS="-I%{_includedir}/readline5" LDFLAGS="-L%{_libdir}/readline5" --enable-listen --enable-proxy --enable-exec \ --enable-system --enable-pty --enable-readline \ --enable-openssl --enable-sycls --enable-filan \ - --enable-retry --enable-libwrap + --enable-retry --enable-libwrap --enable-fips + chmod 644 *.sh make %{?_smp_mflags} @@ -62,6 +68,12 @@ rm -rf %{buildroot} %doc %{_mandir}/man1/socat.1* %changelog +* Mon May 27 2013 Paul Wouters - 1.7.2.2-2 +- Added two patches that fixes some -Wformat warnings. these fix 2 of 3 + failing test cases from test.sh +- Enabled hardening with full relro/pie +- Switch from readline5 to readline(6) + * Mon May 27 2013 Paul Wouters - 1.7.2.2-1 - Updated to 1.7.2.2 for CVE-2013-3571, rhbz#967539