socat: patch CVE-2024-54661

Picked upstream commit https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f Since this was the only commit in 1.8.0.2 it also contained release changes which were dropped. (From OE-Core rev: 624b91c23559d7d1bc51ec221331513529853cd2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-01-16 23:42:00 +0100
committer: Steve Sakoman <steve@sakoman.com> 2025-01-29 06:20:43 -0800
commit: 05a5e1c1d73e2f965474d2af23840989841e9f8b (patch)
tree: daf52b012c4c0028827cf034d4ad23c630fc12df
parent: d3a9774876585eefab9d904be4f16e0f878a0f25 (diff)
download: poky-05a5e1c1d73e2f965474d2af23840989841e9f8b.tar.gz
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
new file mode 100644
index 0000000000..3bf685ebd9
--- /dev/null
+++ b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
@@ -0,0 +1,113 @@
+From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001
+From: Gerhard Rieger <gerhard@dest-unreach.org>
+Date: Fri, 6 Dec 2024 11:42:09 +0100
+Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in
+ readline.sh
+CVE: CVE-2024-54661
+Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ readline.sh | 10 +++++++--
+ test.sh     | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 71 insertions(+), 2 deletions(-)
+diff --git a/readline.sh b/readline.sh
+index b6f8438..1045303 100755
+--- a/readline.sh
+++ b/readline.sh
+@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
+ else
+     HISTOPT=
+ fi
+-mkdir -p /tmp/$USER || exit 1
+ #
+ #
+ 
+-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
+if test -w .; then
+    STDERR=./socat-readline.${1##*/}.log
+    rm -f $STDERR
+else
+    STDERR=/dev/null
+fi
+
+exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
+ 
+diff --git a/test.sh b/test.sh
+index 46bebf8..5204ac7 100755
+--- a/test.sh
+++ b/test.sh
+@@ -19154,6 +19154,69 @@ esac
+ N=$((N+1))
+ 
+ 
+# Test the readline.sh file overwrite vulnerability
+NAME=READLINE_SH_OVERWRITE
+case "$TESTS" in
+*%$N%*|*%functions%*|*%bugs%*|*%readline%*|*%security%*|*%$NAME%*)
+TEST="$NAME: Test the readline.sh file overwrite vulnerability"
+# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file,
+# run readline.sh
+# When the temporary file is kept the test succeeded
+if ! eval $NUMCOND; then :
+elif ! cond=$(checkconds \
+                 "" \
+                 "" \
+                 "readline.sh" \
+                 "" \
+                 "" \
+                 "" \
+                 "" ); then
+    $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
+    numCANT=$((numCANT+1))
+    listCANT="$listCANT $N"
+    namesCANT="$namesCANT $NAME"
+else
+    tf="$td/test$N.file"
+    te="$td/test$N.stderr"
+    tdiff="$td/test$N.diff"
+    da="test$N $(date) $RANDOM"
+    echo "$da" >"$tf"
+    ln -sf "$tf" /tmp/$USER/stderr2
+    CMD0="readline.sh cat"
+    printf "test $F_n $TEST... " $N
+    $CMD0 </dev/null >/dev/null 2>"${te}0"
+    rc0=$?
+#    if [ "$rc0" -ne 0 ]; then
+#      $PRINTF "$CANT (rc0=$rc0)\n"
+#      echo "$CMD0"
+#      cat "${te}0" >&2
+#      numCANT=$((numCANT+1))
+#      listCANT="$listCANT $N"
+#      namesCANT="$namesCANT $NAME"
+#    elif ! echo "$da" |diff - "$tf" >$tdiff; then
+    if ! echo "$da" |diff - "$tf" >$tdiff; then
+       $PRINTF "$FAILED (diff)\n"
+       echo "$CMD0 &"
+       cat "${te}0" >&2
+       echo "// diff:" >&2
+       cat "$tdiff" >&2
+       numFAIL=$((numFAIL+1))
+       listFAIL="$listFAIL $N"
+       namesFAIL="$namesFAIL $NAME"
+    else
+       $PRINTF "$OK\n"
+       if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
+       if [ "$DEBUG" ];   then cat "${te}0" >&2; fi
+       if [ "$VERBOSE" ]; then echo "$CMD1"; fi
+       if [ "$DEBUG" ];   then cat "${te}1" >&2; fi
+       numOK=$((numOK+1))
+       listOK="$listOK $N"
+    fi
+fi # NUMCOND
+ ;;
+esac
+N=$((N+1))
+
+ # end of common tests
+ 
+ ##################################################################################
+-- 
+2.30.2
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
index 912605c95c..bb39730005 100644
--- a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
+++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
           file://0001-fix-compile-procan.c-failed.patch \
+           file://CVE-2024-54661.patch \
 "
 SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"
author	Peter Marko <peter.marko@siemens.com>	2025-01-16 23:42:00 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-01-29 06:20:43 -0800
commit	05a5e1c1d73e2f965474d2af23840989841e9f8b (patch)
tree	daf52b012c4c0028827cf034d4ad23c630fc12df
parent	d3a9774876585eefab9d904be4f16e0f878a0f25 (diff)
download	poky-05a5e1c1d73e2f965474d2af23840989841e9f8b.tar.gz

diff --git a/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch new file mode 100644 index 0000000000..3bf685ebd9 --- /dev/null +++ b/meta/recipes-connectivity/socat/files/CVE-2024-54661.patch
@@ -0,0 +1,113 @@
		1	From 4ee1f31cf80019c5907876576d6dfd49368d660f Mon Sep 17 00:00:00 2001
		2	From: Gerhard Rieger <gerhard@dest-unreach.org>
		3	Date: Fri, 6 Dec 2024 11:42:09 +0100
		4	Subject: [PATCH] Version 1.8.0.2 - CVE-2024-54661: Arbitrary file overwrite in
		5	readline.sh
		6
		7	CVE: CVE-2024-54661
		8	Upstream-Status: Backport [https://repo.or.cz/socat.git/commitdiff/4ee1f31cf80019c5907876576d6dfd49368d660f]
		9	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		10	---
		11	readline.sh \| 10 +++++++--
		12	test.sh \| 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
		13	2 files changed, 71 insertions(+), 2 deletions(-)
		14
		15	diff --git a/readline.sh b/readline.sh
		16	index b6f8438..1045303 100755
		17	--- a/readline.sh
		18	+++ b/readline.sh
		19	@@ -22,9 +22,15 @@ if [ "$withhistfile" ]; then
		20	else
		21	HISTOPT=
		22	fi
		23	-mkdir -p /tmp/$USER \|\| exit 1
		24	#
		25	#
		26
		27	-exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>/tmp/$USER/stderr2
		28	+if test -w .; then
		29	+ STDERR=./socat-readline.${1##*/}.log
		30	+ rm -f $STDERR
		31	+else
		32	+ STDERR=/dev/null
		33	+fi
		34	+
		35	+exec socat -d readline"$HISTOPT",noecho='[Pp]assword:' exec:"$PROGRAM",sigint,pty,setsid,ctty,raw,echo=0,stderr 2>$STDERR
		36
		37	diff --git a/test.sh b/test.sh
		38	index 46bebf8..5204ac7 100755
		39	--- a/test.sh
		40	+++ b/test.sh
		41	@@ -19154,6 +19154,69 @@ esac
		42	N=$((N+1))
		43
		44
		45	+# Test the readline.sh file overwrite vulnerability
		46	+NAME=READLINE_SH_OVERWRITE
		47	+case "$TESTS" in
		48	+%$N%\|%functions%\|%bugs%\|%readline%\|%security%\|%$NAME%)
		49	+TEST="$NAME: Test the readline.sh file overwrite vulnerability"
		50	+# Create a symlink /tmp/$USER/stderr2 pointing to a temporary file,
		51	+# run readline.sh
		52	+# When the temporary file is kept the test succeeded
		53	+if ! eval $NUMCOND; then :
		54	+elif ! cond=$(checkconds \
		55	+ "" \
		56	+ "" \
		57	+ "readline.sh" \
		58	+ "" \
		59	+ "" \
		60	+ "" \
		61	+ "" ); then
		62	+ $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
		63	+ numCANT=$((numCANT+1))
		64	+ listCANT="$listCANT $N"
		65	+ namesCANT="$namesCANT $NAME"
		66	+else
		67	+ tf="$td/test$N.file"
		68	+ te="$td/test$N.stderr"
		69	+ tdiff="$td/test$N.diff"
		70	+ da="test$N $(date) $RANDOM"
		71	+ echo "$da" >"$tf"
		72	+ ln -sf "$tf" /tmp/$USER/stderr2
		73	+ CMD0="readline.sh cat"
		74	+ printf "test $F_n $TEST... " $N
		75	+ $CMD0 </dev/null >/dev/null 2>"${te}0"
		76	+ rc0=$?
		77	+# if [ "$rc0" -ne 0 ]; then
		78	+# $PRINTF "$CANT (rc0=$rc0)\n"
		79	+# echo "$CMD0"
		80	+# cat "${te}0" >&2
		81	+# numCANT=$((numCANT+1))
		82	+# listCANT="$listCANT $N"
		83	+# namesCANT="$namesCANT $NAME"
		84	+# elif ! echo "$da" \|diff - "$tf" >$tdiff; then
		85	+ if ! echo "$da" \|diff - "$tf" >$tdiff; then
		86	+ $PRINTF "$FAILED (diff)\n"
		87	+ echo "$CMD0 &"
		88	+ cat "${te}0" >&2
		89	+ echo "// diff:" >&2
		90	+ cat "$tdiff" >&2
		91	+ numFAIL=$((numFAIL+1))
		92	+ listFAIL="$listFAIL $N"
		93	+ namesFAIL="$namesFAIL $NAME"
		94	+ else
		95	+ $PRINTF "$OK\n"
		96	+ if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
		97	+ if [ "$DEBUG" ]; then cat "${te}0" >&2; fi
		98	+ if [ "$VERBOSE" ]; then echo "$CMD1"; fi
		99	+ if [ "$DEBUG" ]; then cat "${te}1" >&2; fi
		100	+ numOK=$((numOK+1))
		101	+ listOK="$listOK $N"
		102	+ fi
		103	+fi # NUMCOND
		104	+ ;;
		105	+esac
		106	+N=$((N+1))
		107	+
		108	# end of common tests
		109
		110	##################################################################################
		111	--
		112	2.30.2
		113


diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb index 912605c95c..bb39730005 100644 --- a/meta/recipes-connectivity/socat/socat_1.8.0.0.bb +++ b/meta/recipes-connectivity/socat/socat_1.8.0.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
11		11
12	SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \	12	SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
13	file://0001-fix-compile-procan.c-failed.patch \	13	file://0001-fix-compile-procan.c-failed.patch \
		14	file://CVE-2024-54661.patch \
14	"	15	"
15		16
16	SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"	17	SRC_URI[sha256sum] = "e1de683dd22ee0e3a6c6bbff269abe18ab0c9d7eb650204f125155b9005faca7"