Merge pull request #5951 from arno01/socat

socat: Update from 1.7.2.4 to 1.7.3.0, fixes a possible denial of service attack

2 files changed, 23 insertions, 2 deletions

diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix
index e33edaa32da9..65d3b01e89cf 100644
--- a/pkgs/tools/networking/socat/default.nix
+++ b/pkgs/tools/networking/socat/default.nix
@@ -1,15 +1,17 @@
 { stdenv, fetchurl, openssl }:
 
 stdenv.mkDerivation rec {
-  name = "socat-1.7.2.4";
+  name = "socat-1.7.3.0";
 
   src = fetchurl {
     url = "http://www.dest-unreach.org/socat/download/${name}.tar.bz2";
-    sha256 = "028yjka2zr6j1i8pmfmvzqki8ajczdl1hnry1x31xbbg3j83jxsb";
+    sha256 = "011ydc0x8camplf8l6mshs3v5fswarld8v0wf7grz6rjq18fhrq7";
   };
 
   buildInputs = [ openssl ];
 
+  patches = [ ./enable-ecdhe.patch ];
+
   meta = {
     description = "A utility for bidirectional data transfer between two independent data channels";
     homepage = http://www.dest-unreach.org/socat/;
diff --git a/pkgs/tools/networking/socat/enable-ecdhe.patch b/pkgs/tools/networking/socat/enable-ecdhe.patch
new file mode 100644
index 000000000000..ad63ec287bcf
--- /dev/null
+++ b/pkgs/tools/networking/socat/enable-ecdhe.patch
@@ -0,0 +1,19 @@
+--- socat-1.7.3.0/xio-openssl.c	2015-01-24 15:33:42.000000000 +0100
++++ socat-1.7.3.0-ecdhe/xio-openssl.c	2015-01-25 13:38:54.353641097 +0100
+@@ -960,7 +960,6 @@
+       }
+    }
+
+-#if defined(EC_KEY)	/* not on Openindiana 5.11 */
+    {
+       /* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */
+       int	 nid;
+@@ -982,7 +981,6 @@
+
+       SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
+    }
+-#endif /* !defined(EC_KEY) */
+
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+    if (opt_compress) {
+