Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2
@ 2025-02-02  0:21 Akhilesh Nema
  2025-02-02  5:38 ` Baruch Siach via buildroot
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Akhilesh Nema @ 2025-02-02  0:21 UTC (permalink / raw)
  To: buildroot; +Cc: Akhilesh Nema

It fixes an arbitrary file overwrite vulnerability in the readline.sh.
(CVE-2024-54661)

see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html

README hash changed due to version update.

Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
---
 package/socat/socat.hash | 6 +++---
 package/socat/socat.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/socat/socat.hash b/package/socat/socat.hash
index 70c6e6a8f1..136dce4a71 100644
--- a/package/socat/socat.hash
+++ b/package/socat/socat.hash
@@ -1,8 +1,8 @@
 # From http://www.dest-unreach.org/socat/download.md5sum
-md5  e53a6e8e8594ac87476fe4ae361bbcd1  socat-1.8.0.1.tar.bz2
+md5  7272fe53d51c63ca0e08e0339681803a  socat-1.8.0.2.tar.bz2
 # From http://www.dest-unreach.org/socat/download.sha256sum
-sha256  6a283565db7cf86292c6f70504c58abb03e29888adeed5a6c5f3457e803c1b81  socat-1.8.0.1.tar.bz2
+sha256  adc07a9c2723527cf6568d2fb96559794cf9c254a4bc2edd36f7f3789e9f7625  socat-1.8.0.2.tar.bz2
 # Locally calculated
-sha256  6c07bae42bf0a919c9dd6583f76cc9020a472652dcdad3e84923074a1f412d75  README
+sha256  a18cf021c6380e8ef212c7a95460aff2d96fe9e2146bb09058651bc3b86f4d43  README
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761  COPYING.OpenSSL
diff --git a/package/socat/socat.mk b/package/socat/socat.mk
index 84d9cd3cf8..aa9a94aec4 100644
--- a/package/socat/socat.mk
+++ b/package/socat/socat.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SOCAT_VERSION = 1.8.0.1
+SOCAT_VERSION = 1.8.0.2
 SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
 SOCAT_SITE = http://www.dest-unreach.org/socat/download
 SOCAT_LICENSE = GPL-2.0 with OpenSSL exception
-- 
2.25.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2
  2025-02-02  0:21 [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2 Akhilesh Nema
@ 2025-02-02  5:38 ` Baruch Siach via buildroot
  2025-02-02 11:30 ` Julien Olivain
  2025-02-02 22:28 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Baruch Siach via buildroot @ 2025-02-02  5:38 UTC (permalink / raw)
  To: Akhilesh Nema; +Cc: buildroot

Hi Akhilesh,

On Sat, Feb 01 2025, Akhilesh Nema wrote:
> It fixes an arbitrary file overwrite vulnerability in the readline.sh.
> (CVE-2024-54661)

Thanks for the patch.

Note that technically Buildroot is not vulnerable since we do not
install readline.sh. But this update to good to have anyway.

baruch

> see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
>
> README hash changed due to version update.
>
> Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>
> ---
>  package/socat/socat.hash | 6 +++---
>  package/socat/socat.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/package/socat/socat.hash b/package/socat/socat.hash
> index 70c6e6a8f1..136dce4a71 100644
> --- a/package/socat/socat.hash
> +++ b/package/socat/socat.hash
> @@ -1,8 +1,8 @@
>  # From http://www.dest-unreach.org/socat/download.md5sum
> -md5  e53a6e8e8594ac87476fe4ae361bbcd1  socat-1.8.0.1.tar.bz2
> +md5  7272fe53d51c63ca0e08e0339681803a  socat-1.8.0.2.tar.bz2
>  # From http://www.dest-unreach.org/socat/download.sha256sum
> -sha256  6a283565db7cf86292c6f70504c58abb03e29888adeed5a6c5f3457e803c1b81  socat-1.8.0.1.tar.bz2
> +sha256  adc07a9c2723527cf6568d2fb96559794cf9c254a4bc2edd36f7f3789e9f7625  socat-1.8.0.2.tar.bz2
>  # Locally calculated
> -sha256  6c07bae42bf0a919c9dd6583f76cc9020a472652dcdad3e84923074a1f412d75  README
> +sha256  a18cf021c6380e8ef212c7a95460aff2d96fe9e2146bb09058651bc3b86f4d43  README
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
>  sha256  fd9e48ca316a5032069b9521f4f4b4d9b1c60365012bae1e62286bcd5bd2e761  COPYING.OpenSSL
> diff --git a/package/socat/socat.mk b/package/socat/socat.mk
> index 84d9cd3cf8..aa9a94aec4 100644
> --- a/package/socat/socat.mk
> +++ b/package/socat/socat.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -SOCAT_VERSION = 1.8.0.1
> +SOCAT_VERSION = 1.8.0.2
>  SOCAT_SOURCE = socat-$(SOCAT_VERSION).tar.bz2
>  SOCAT_SITE = http://www.dest-unreach.org/socat/download
>  SOCAT_LICENSE = GPL-2.0 with OpenSSL exception

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2
  2025-02-02  0:21 [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2 Akhilesh Nema
  2025-02-02  5:38 ` Baruch Siach via buildroot
@ 2025-02-02 11:30 ` Julien Olivain
  2025-02-02 22:28 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Julien Olivain @ 2025-02-02 11:30 UTC (permalink / raw)
  To: Akhilesh Nema; +Cc: buildroot

On 02/02/2025 01:21, Akhilesh Nema wrote:
> It fixes an arbitrary file overwrite vulnerability in the readline.sh.
> (CVE-2024-54661)
> 
> see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
> 
> README hash changed due to version update.
> 
> Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>

I applied to master, thanks.
I also added the comment from Baruch that Buildroot is not directly 
impacted.

Best regards,

Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2
  2025-02-02  0:21 [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2 Akhilesh Nema
  2025-02-02  5:38 ` Baruch Siach via buildroot
  2025-02-02 11:30 ` Julien Olivain
@ 2025-02-02 22:28 ` Peter Korsgaard
  2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2025-02-02 22:28 UTC (permalink / raw)
  To: Akhilesh Nema; +Cc: buildroot

>>>>> "Akhilesh" == Akhilesh Nema <nemaakhilesh@gmail.com> writes:

 > It fixes an arbitrary file overwrite vulnerability in the readline.sh.
 > (CVE-2024-54661)

 > see - http://www.dest-unreach.org/socat/contrib/socat-secadv9.html

 > README hash changed due to version update.

 > Signed-off-by: Akhilesh Nema <nemaakhilesh@gmail.com>

Committed to 2024.02.x and 2024.11.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-02-02 22:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-02  0:21 [Buildroot] [PATCH 1/1] package/socat: security bump to version 1.8.0.2 Akhilesh Nema
2025-02-02  5:38 ` Baruch Siach via buildroot
2025-02-02 11:30 ` Julien Olivain
2025-02-02 22:28 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox