diff options
| author | Andrey Arapov <arno@nixaid.com> | 2015-01-25 13:48:11 +0100 |
|---|---|---|
| committer | Andrey Arapov <arno@nixaid.com> | 2015-01-25 13:48:11 +0100 |
| commit | 7a7e59d2a973458c4eab0d1b52590966a478d825 (patch) | |
| tree | 6418eb1ed402856a47a3fbe4cb82e6c1eef231cf /pkgs/tools/networking/socat | |
| parent | 35af8c61050617f1b2310465f6ab7695e906720b (diff) | |
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack
(CVE Id pending), improves SSL client security, and provides a couple of bug and
porting fixes.
Among new features, socat now enables OpenSSL server side use of ECDHE ciphers,
providing PFS (Perfect Forward Secrecy)
http://www.dest-unreach.org/socat/doc/CHANGES
Diffstat (limited to 'pkgs/tools/networking/socat')
| -rw-r--r-- | pkgs/tools/networking/socat/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/tools/networking/socat/enable-ecdhe.patch | 19 |
2 files changed, 23 insertions, 2 deletions
diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix index e33edaa32da..65d3b01e89c 100644 --- a/pkgs/tools/networking/socat/default.nix +++ b/pkgs/tools/networking/socat/default.nix @@ -1,15 +1,17 @@ { stdenv, fetchurl, openssl }: stdenv.mkDerivation rec { - name = "socat-1.7.2.4"; + name = "socat-1.7.3.0"; src = fetchurl { url = "http://www.dest-unreach.org/socat/download/${name}.tar.bz2"; - sha256 = "028yjka2zr6j1i8pmfmvzqki8ajczdl1hnry1x31xbbg3j83jxsb"; + sha256 = "011ydc0x8camplf8l6mshs3v5fswarld8v0wf7grz6rjq18fhrq7"; }; buildInputs = [ openssl ]; + patches = [ ./enable-ecdhe.patch ]; + meta = { description = "A utility for bidirectional data transfer between two independent data channels"; homepage = http://www.dest-unreach.org/socat/; diff --git a/pkgs/tools/networking/socat/enable-ecdhe.patch b/pkgs/tools/networking/socat/enable-ecdhe.patch new file mode 100644 index 00000000000..ad63ec287bc --- /dev/null +++ b/pkgs/tools/networking/socat/enable-ecdhe.patch @@ -0,0 +1,19 @@ +--- socat-1.7.3.0/xio-openssl.c 2015-01-24 15:33:42.000000000 +0100 ++++ socat-1.7.3.0-ecdhe/xio-openssl.c 2015-01-25 13:38:54.353641097 +0100 +@@ -960,7 +960,6 @@ + } + } + +-#if defined(EC_KEY) /* not on Openindiana 5.11 */ + { + /* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */ + int nid; +@@ -982,7 +981,6 @@ + + SSL_CTX_set_tmp_ecdh(*ctx, ecdh); + } +-#endif /* !defined(EC_KEY) */ + + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + if (opt_compress) { + |