pyrox.dev
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
(CVE Id pending), improves SSL client security, and provides a couple of bug and
porting fixes.
Among new features, socat now enables OpenSSL server side use of ECDHE ciphers,
providing PFS (Perfect Forward Secrecy)
http://www.dest-unreach.org/socat/doc/CHANGES
+4
-2
pkgs/tools/networking/socat/default.nix
+4
-2
pkgs/tools/networking/socat/default.nix
···
1
1
{ stdenv, fetchurl, openssl }:
2
2
3
3
stdenv.mkDerivation rec {
4
-
name = "socat-1.7.2.4";
4
+
name = "socat-1.7.3.0";
5
5
6
6
src = fetchurl {
7
7
url = "http://www.dest-unreach.org/socat/download/${name}.tar.bz2";
8
-
sha256 = "028yjka2zr6j1i8pmfmvzqki8ajczdl1hnry1x31xbbg3j83jxsb";
8
+
sha256 = "011ydc0x8camplf8l6mshs3v5fswarld8v0wf7grz6rjq18fhrq7";
9
9
};
10
10
11
11
buildInputs = [ openssl ];
12
+
13
+
patches = [ ./enable-ecdhe.patch ];
12
14
13
15
meta = {
14
16
description = "A utility for bidirectional data transfer between two independent data channels";
+19
pkgs/tools/networking/socat/enable-ecdhe.patch
+19
pkgs/tools/networking/socat/enable-ecdhe.patch
···
1
+
--- socat-1.7.3.0/xio-openssl.c 2015-01-24 15:33:42.000000000 +0100
2
+
+++ socat-1.7.3.0-ecdhe/xio-openssl.c 2015-01-25 13:38:54.353641097 +0100
3
+
@@ -960,7 +960,6 @@
4
+
}
5
+
}
6
+
7
+
-#if defined(EC_KEY) /* not on Openindiana 5.11 */
8
+
{
9
+
/* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
10
+
int nid;
11
+
@@ -982,7 +981,6 @@
12
+
13
+
SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
14
+
}
15
+
-#endif /* !defined(EC_KEY) */
16
+
17
+
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
18
+
if (opt_compress) {
19
+