The NetBSD Project

CVS log for pkgsrc/net/socat/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / socat

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.55: download - view: text, markup, annotated - select for diffs
Sun Oct 27 15:35:08 2024 UTC (6 weeks, 2 days ago) by leot
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +2 -2 lines
socat: Update to 1.8.0.1

pkgsrc changes:
 - Remove all patches: they were all present upstream

Changes:
1.8.0.1:
Corrections:
 When no IP version was preferred by environment, option -4/-6, or
 address option pf, Socat version 1.8.0.0 address TCP-LISTEN did not
 accept TCP4 connections under BSD family operating systems, but only
 TCP6. To regain previous behaviour, preferring IP version 4 is now the
 default. This also fixes some other issues with bind and range options.
 Thanks to Mike Andrews for reporting this issue.
 Tests: LISTEN_4 LISTEN_6  V1800_*_RANGE  V1800_*_BIND

 Added Socat option -0 to allow version 1.8.0.0 behaviour (no preferred
 IP version).

 UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
 address in case the server name resolves to both IPv4 and IPv6
 addresses.
 Tests: V1800_*_SENDTO_RESOLV_6_4

 Guard applyopts_termios_value() with WITH_TERMIOS.
 Thanks to Kush Upadhyay from Amazon Bottlerocket team for providing the
 patch.

 In some situations xioclose() was called nested what could cause hanging
 of OpenSSL in pthread_rwlock_wrlock()

 socat 1.8.0.0 with addresses of type RECVFROM and option fork, where
 the second address failed to connect/open in the child process, entered
 a fork loop that was only stopped by FD exhaustion caused by FD leak.
 Test: RECVFROM_FORK_LOOP

 socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
 Test: RECVFROM_FORK_LEAK

 With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
 did not work.
 Thanks to Linus Luessing for reporting this bug.

 IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
 argument) failed with message:
 E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
 Test: IP_SENDTO_PF

 Fixed a possible buffer overrun with long log lines. In fact it does
 not write beyond end of buffer but lets pass excessive data to the
 write() function.
 Thanks to Heinrich Schuchardt from Canonical for reporting and sending
 a patch.

 Reworked domain name resolution, centralized IPv4/IPv6 sorting.

 Print warning about not checking CRLs in OpenSSL only in the first
 child process.

Features:
 Total inactivity timeout option -T 0 now means 0.0 seconds; up to
 version 1.8.0.0 it meant no total inactivity timeout.

 Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
 older Socat versions.

 socat-mux.sh and socat-broker.sh, when run as root, now internally use
 low (512..1023) UDP ports to increase security.

 Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)

 Socks5 now also allows syntax without socks port, and supports option
 socksport.

Porting:
 Changes for building and testing on NetBSD

 New Linux distributions dislike egrep, fgrep

 When NETDB_INTERNAL is not available it should be set to -1.
 Thanks to Baruch Siach for sending a patch.

 On OpenSolaris/Illumos, isastream() is declared only in stropts.h, not
 in sys/stropts.h
 Thanks to Andy Fiddaman for sending a patch.

 On latest Illumos, compilation failed due to new unexpected SO_PROTOCOL
 implementation.
 Thanks to Andy Fiddaman for sending a patch.

Building:
 Makefile.in: procan.o build requires srcdir prefix for explicit source
 file.
 Thanks to Hongxu Jia and Andrew Schoolman for providing patches.

 Makefile.in: the CC define for procan.o build failed when CC had more
 than one word.
 Thanks to Hongxu Jia for providing an inital patch.

Testing:
 Added the optional DEVTESTS feature for developer tests with controlled
 name resolution to both IPv4 and IPV6 addresses: configure Socat with
 --enable-devtests, this provides internal resolution of domain
 dest-unreach.net with host names: localhost-4, localhost-6,
 localhost-4-6, and localhost-6-4

 test.sh: lots of corrections and improvements

 test.sh: many hardcoded sleep values were replaced by much shorter
 values tuned to performance of the platform.

 test.sh -D for output of platform/system specific defines (variables)

 test.sh: fixed ss determination; more DEFS

Documentation:
 Fixed a lot of typos.
 Thanks to Solomon Victorino for sending the patch.

Revision 1.54: download - view: text, markup, annotated - select for diffs
Sun Apr 21 11:36:51 2024 UTC (7 months, 2 weeks ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +2 -2 lines
... braino

Revision 1.53: download - view: text, markup, annotated - select for diffs
Sun Apr 21 11:36:38 2024 UTC (7 months, 2 weeks ago) by nia
Branches: MAIN
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +3 -1 lines
socat: Requires strndup

Revision 1.52: download - view: text, markup, annotated - select for diffs
Mon Dec 25 23:43:31 2023 UTC (11 months, 2 weeks ago) by mef
Branches: MAIN
CVS tags: pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +2 -2 lines
(net/socat) Fix build, zsh is necessary always

Revision 1.51: download - view: text, markup, annotated - select for diffs
Fri Nov 24 13:14:12 2023 UTC (12 months, 2 weeks ago) by ryoon
Branches: MAIN
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +2 -3 lines
socat: Update to 1.8.0.0

Changelog:
####################### V 1.8.0.0

Security:
	Socats OpenSSL addresses do not (and never did) check certificate
	revocation lists (CRLs). Socat now prints a warning about this.

Features:
	Added the --experimental option that enables use of features that might
	change in the future.

	Now warning messages are printed by default. If you want to see only
	errors and fatals as in previous versions, use option -d0;
	option -d4 is equivalent to -dddd and to -d -d -d -d
	The number of warnings has been reduced, e.g.removing a non existing
	file does in most cases no longer log a warning.

	Added address type internal SOCKETPAIR. This is similar to the unnamed
	PIPE address (only for internal echoing) but it provides datagram mode
	(the default) and thus keeps packet boundaries.
	Tests: SOCKETPAIR_STREAM SOCKETPAIR_DATAGRAM SOCKETPAIR_SEQPACKET
	SOCKETPAIR_BOUNDARIES

	New option -S <mask> controls catching and logging of signals that are
	not internally used by Socat.
	Tests: SIGTERM_NOLOG SIG31_LOG

	Added option ipv6-join-source-group.
	Thanks to Martin Buck and David Schweizer for sending patches.

	Added option http-version to PROXY-CONNECT address to support servers
	that are not able to handle HTTP version 1.0
	Test: PROXY_HTTPVERSION
	Feature inspired by Robin Palotai.

	New options openssl-maxfraglen and openssl-maxsendfrag for
	functions/macros SSL_CTX_set_tlsext_max_fragment_length() and
	SSL_CTX_set_max_send_fragment().
	Thanks to James Tavares for his contribution.

	Added Info log of resulting OpenSSL max fragment length.

	Implemented options rcvtimeo and sndtimeo, the first of which may be
	useful to prevent endlessly hanging DTLS connection etablishment.
	Test: RCVTIMEO_DTLS
	Feature proposed by Vladimir Nikishkin.

	The file names with -r and -R now may contain environment variable
	references.
	Test: VARS_IN_SNIFFPATH

	Socat option --statistics logs final byte and packet counter values
	before exit. Signal USR1 logs actual values.
	Tests: OPTION_STATISTICS SIGUSR1_STATISTICS

	Added option sitout-eio to specify a timerange in which EIO on the pty
	of a sub process is tolerated.
	Red Hat issue 1853102 related.
	Thanks to Jonathan Casiot for sending an initial patch.

	Socat now installs as socat1 and is referenced by symbolic link socat,
	same with man page (socat1.1 by socat.1)

	New option children-shutup[=1|2...] decreases severity of log
	messages in LISTEN and CONNECT type sub processes.
	Test: CHILDREN_SHUTUP

	New option retrieve-vlan for supporting VLANs in INTERFACE addresses:
	Linux normally keeps VLAN tags in outgoing raw packets, but appears to
	strip them from incoming packets and makes them available in
	PACKET_AUXDATA ancillary messages only.
	Up do version 1.7.4.5 Socat did not handle this situation, so the VLAN
	tags where effectively stripped off incoming packets.
	With this option Socat restores the VLAN tag.
	Feature inspired by Zhao Dong.

	Socket option SO_REUSEADDR is now automatically applied to TCP LISTEN
	addresses. reuseaddr= restores the old behaviour.
	Tests: TCP4_REUSEADDR OPENSSL_6_REUSEADDR REUSEADDR_NULL

	TCP based client addresses now try all results of name resolution until
	a connection attempt succeeded.
	Tests: TRY_ADDRS_4 TRY_ADDRS_4_6
	Feature recommended by Anand Buddhdev.

	configure option --enable-default-ipv allows to specify at build time if
	IPv4, IPv6, or none of these is the preferred default; this is related
	to environment variables SOCAT_PREFERRED_RESOLVE_IP and
	SOCAT_DEFAULT_LISTEN_IP, and to Socat option -4, -6.
	Furthermore, mechanism of IPv4 vs.IPv6 selection has been reworked.
	When no IP version is preferred by these mechanism, passive Socat
	addresses (LISTEN, RECV, RECVFROM) default to IPv6 because it might
	support both versions (but checkout option ipv6-v6only).
	For client addresses, when one of these mechanisms applies and name
	resolution gives addresses of both IP versions, the addresses of the
	preferred versions are tried first.

	New option ai-addrconfig sets or unsets the AI_ADDRCONFIG flag of the
	resolver to prevent name resolution to address families that are not
	available in the network configuration. Default value is 1 in case the
	resolver does not get an address family hint.

	Flag AI_PASSIVE is now automatically applied for LISTEN, RECV, and
	RECVFROM type addresses, and with bind option. In addition to its
	application to the getaddrinfo() function, when this flag is set while
	no IP version is preferred by build, environment, option, or address
	type, Socat chooses IPv6 because this might activate both versions (but
	check option ipv6-v6only).
	Added option ai-passive to control this flag explicitely.

	New option ai-v4mapped (v4mapped) sets or unsets the AI_V4MAPPED flag
	of the resolver. For Socat addresses requiring IPv6 addresses, this
	resolves IPv4 addresses to the approriate IPv6 address [::ffff:*:*].

	DNS resolver Options (res-*) are now set for the complete open phase of
	the address, not per getaddrinfo() invocation.

	Added the netns option that tries to open an address in the given
	network namespace.
	Tests: NETNS NETNS_EXEC

	New address ACCEPT-FD (ACCEPT) expects a listening file descriptor
	passed from parent, and accepts one or more connections for data
	transfer. This can be used with "inetd mode" of systemd.
	Test: ACCEPT_FD

	Added experimental socks5 TCP client support (connect,bind); syntax:
	SOCKS5-CONNECT:<socks-server>:<socks-port>:<target-host>:<target-port>
	SOCKS5-LISTEN:<socks-server>:<socks-port>:<listen-host>:<listen-port>
	Thanks to Charlie Svensson and others for contributions.

	New address types POSIXMQ-RECEIVE, POSIXMQ-READ, POSIXMQ-SEND, and
	POSIXMQ-BIDIRECTIONAL (Linux only, experimental), and option
	posixmq-priority
	Tests: LINUX_POSIXMQ_READ_PRIO LINUX_POSIXMQ_RECV_FORK
	LINUX_POSIXMQ_RECV_MAXCHILDREN LINUX_POSIXMQ_SEND_MAXCHILDREN

	New address SHELL invokes a shell but without the overhead of SYSTEM

	Added options res-retrans and res-retry that make use of undocumented
	resolver variables to set the retransmission time interval resp.the
	number of times to retransmit.
	Disable them and the old res-* opts with: ./configure --disable-resolve

	Added option res-nsaddr that overrides /etc/resolv.conf nameserver
	address based on an undocumented resolver feature.

	New option chdir changes the working directory of the address to the
	given path, only during the open stage.
	Tests: CHDIR_ON_CREATE CHDIR_ON_SYSTEM

	Option umask now applies only during opening of its very address, not
	for the lifetime of the process; the original umask is restored
	afterwards.
	Tests: UMASK_ON_CREATE UMASK_ON_SYSTEM

	Added option unix-bind-tempname (bind-tempname) to allow UNIX (and
	ABSTRACT) client addresses to bind to unique addresses even when
	invoked	in forked off sub processes.
	Tests: UNIX_LISTEN_CONNECT_BIND_TEMPNAME UNIX_LISTEN_CLIENT_BIND_TEMPNAME
	UNIX_RECVFROM_CLIENT_BIND_TEMPNAME UNIX_RECVFROM_SENDTO_BIND_TEMPNAME
	ABSTRACT_LISTEN_CONNECT_BIND_TEMPNAME ABSTRACT_LISTEN_CLIENT_BIND_TEMPNAME
	ABSTRACT_RECVFROM_CLIENT_BIND_TEMPNAME ABSTRACT_RECVFROM_SENDTO_BIND_TEMPNAME
	Thanks to Kai Lüke for sending an initial patch.

	New option f-setpipe-sz (pipesz) sets the pipe size on systems that
	provide ioctl F_SETIPE_SZ.
	Filan prints the current value.
	Tests: STDIN_F_SETPIPE_SZ EXEC_F_SETPIPE_SZ

	Bidirectional PIPE addresses may block on writing a data chunk larger
	than pipe buffer. Socat now tries to detect if transfer block size is
	large enough and issues a warning.

	Added direct support of DCCP protocol, new addresses:
	DCCP-CONNECT (DCCP)
	DCCP-LISTEN (DCCP-L)
	DCCP4-CONNECT (DCCP4)
	DCCP4-LISTEN (DCCP4-L)
	DCCP6-CONNECT (DCCP6)
	DCCP6-LISTEN (DCCP6-L)
	New option: dccp-set-ccid (ccid)

	Support for UDP-Lite protocol, new addresses:
	UDPLITE-CONNECT
	UDPLITE-LISTEN
	UDPLITE-DATAGRAM
	UDPLITE-RECV
	UDPLITE-RECVFROM
	UDPLITE-SENDTO
	All these are also available in UDPLITE4-* and UDPLITE6-* form;
	options udplite-recv-cscov and udplite-send-cscov.

	Procan now prints info about CC and __STDC_VERSION__, about FD_SETSIZE,
	value of SO_PROTOCOL/SO_PROTOTYPE and some other defines, definitions
	of many C types, and the actual umask.

	Procan tries to find the name of the controlling terminal, on Linux it
	reads info from /proc/self/stat and searches for a device with matching
	major and minor numbers.

	Added socat-chain.sh that makes it possible to stack protocols, e.g. to
	drive socks through TLS, or to use TLS over a serial line.
	Tests: SOCAT_CHAIN_SOCKS4 SOCAT_CHAIN_SSL_PTY

	Added script socat-mux.sh that performs n-to-1 / 1-to-n communications
	using two Socat instances with multicasting.
	Tests: SOCAT_MUX

Corrections:
	When a sub process (EXEC, SYSTEM) terminated with exit code other than
	0, its last sent data might have been lost depending on timing of read/
	write and SIGCHLD in Socat.
	Now the SIGCHLD handler does not simply terminate Socat in this case,
	but remembers the failure and allows further processing.
	Thanks to Luke Jones for reporting this issue.

	Now catching the case of empty SNI host to prevent OpenSSL error.
	This is related to Red Hat issue 2081414.

	Better formatted help output; address keywords in help output are now
	printed in uppercase.

	In previous Socat versions errors EPIPE and ECONNRESET on read() were
	handled at warning level, thus not automatically leading to termination
	with exit code 1. Beginning with this release these conditions are
	handled as errors with termination and exit code 1 to not pretend
	success on possible data loss.
	Problem reported by Scott Burkett.

	In previous Socat versions errors on shutdown() were ignored (info
	level).
	Now Socat handles EPIPE and ECONNRESET as errors to indicate possible
	failure of data transfer.

	INTERFACE addresses did not accept options of INTERFACE group (for
	historical reasons they were only available with TUN addresses).

	Opening addresses did not check if they support all directions expected
	by Socat. Now an error is printed when, e.g,, a read-only type address
	is opened for writing.

	A lot of minor corrections, e.g., catch readline() errors in filan,
	detect byte order in procan
	Test: EXEC_SIGINT

	OpenSSL cipherlist option did not override global openssl.cnf settings.
	Now SSL_CTX_set_cipher_list() is called before
	SSL_CTX_use_certificate_chain_file().
	Thanks to Hiroshi Sakurai for reporting the problem and suggesting this
	solution.

	Fixed option sourceport with UDP6-DATAGRAM.

	Some client addresses (e.g. TCP-CONNECT) take the fork option for
	automatically spawning new connections, however the max-children option
	was not applied.

	Fixed the end-close option, it just did not work.

	In configure.ac was a direct call to gcc instead of $CC which broke
	cross compiling.
	Thanks to Fergus Dall for sending a patch.

Coding:
	Introduced groups_t instead of uint32_t, for more flexibility.

	Rearranged option group bits to only require 32 bits on older systems.

	Make gcc happy, replace strncat with "manual" copying

	On addresses like UDP-RECVFROM with fork option every packet causes a
	new child process which then reads the packet. The parent process must
	wait until the packet has been read before checking again. The former
	synchronization mechanism using SIGUSR1 is now replaced by a
	socketpair. SIGUSR1 is no longer used for internal synchronization.
	Tests: UDP4_FORK UDP6_FORK UNIX_FORK

	Renamed xioopts_t to xioparms_t to avoid confusion with xioopts module.

	Moved multicast related code from xioopts.c to xio-ip.c and xio-ip6.c

	Pointers of type struct single are now always called sfd.

Porting:
	Removed Config/ because its contents have not been maintained for many
	years.

	Try to not receive outgoing packets on raw (PF_PACKET) sockets - use
	PACKET_IGNORE_OUTGOING socket options when available.
	Test: INTERFACE_IGNOREOUTGOING

	Renewed port to OpenBSD:
	Guard OPENSSL_INIT_SETTINGS; and minor changes.

	Thanks to Paul Hunt for sending a fix of the configure
	--enable-openssl-base processing.

	Enable direct largefile support on "smaller" systems per
	_FILE_OFFSET_BITS and _LARGE_FILES.
	Thanks to Fergus Dall for sending a patch.

	Some corrections for better 32bit systems support.

Testing:
	Removed obselete parts from test.sh

	test.sh: Introduced function checkcond

	Renamed test.sh option -foreign to -internet

Documentation:
	Removed obselete file doc/xio.help

	Added doc for option ipv6-join-group (ipv6-add-membership)
	Thanks to Martin Buck for sending the patch.

	Renamed xiogetpacketsrc() to xiogetancillary()

	On bad parameter number now print syntax.

####################### V 1.7.4.5 (not released):

Corrections:
	On connect() failure and in some other situations Socat tries to get
	detailled information about the error with recvmsg(). Error return of
	this function is now logged as Info instead of Warn.

	Tests of the correction of the "IP_ADD_SOURCE_MEMBERSHIP but not struct
	ip_mreq_source" issue left an #undef in xiosysincludes.h that disabled
	the ip-add-source-membership option.
	Thanks to Benjamin Poirier for sending a patch.

	Fixed a bug in dalan module that caused SIGSEGV in, e.g.,
	SOCKET-LISTEN:1:1:'"/tmp/sock"'
	Test: DALAN_NO_SIGSEGV

	The retry option with some address types (TCP) did not close() the
	sockets after failed attempts, resulting in an FD leak.

	Filan: Corrected some syntax error messages

	Filan: Fixed a bug introduced in 1.7.4.4 that broke displaying
	TCP/UDP on options -s, -S
	Test: FILAN_SHORT_TCP

	Filan: If IP protocol type cannot be retrieved, display at least the
	socket type

	Filan: Fixed diag_set() call in filan_main.c, bug popped up with C23.
	Thanks to Cristian Rodríguez from openSUSE for reporting this issue.

	Querying the vsock Context Identifier (CID) requires an FD from opening
	/dev/vsock.
	Thanks to Volker Simonis for sending a patch.

	Fixed an internal FD leak in the EXEC,SYSTEM addresses.

	The FDs of the socketpair that queues messages from signal handlers
	lacked FD_CLOEXEC and thus leaked into EXEC and SYSTEM child processes.

	Option stderr on addresses EXEC and SYSTEM uses a temporary FD. It
	lacked the FD_CLOEXEC setting and thus leakt into child processes.

	Restoring of STDIO tty settings failed on Solaris type operating
	systems.
	Thanks to Gordon W.Ross for reporting and fixing this issue.
	Test: RESTORE_TTY

	The OpenSSL client SNI parameter, when not explicitely specified, is
	derived from option commonname or rom target server name. This is not
	useful with IP addresses, which Socat now checks and avoids.

	Socat options -L and -W create lock files using mkstemp(), so they had
	permissions 600. There does not seem to be a good reason for this
	restrictive mode. Furthermore Silla Rizzoli experienced that Minicom
	ignores lock files with mode 600, so it is set to 644 now.

	Procan tries to find out VSOCK CID only when running as root

	The mechanism for deferring logs from signal handlers had an issue that
	caused lots of unwanted recvfrom() calls.

	Do not try to remove abstract UNIX socket entries after use.

Features:
	VSOCK, VSOCK-L support options pf, socktype, prototype (currently
	useless)

Coding:
	New Environment variable SOCAT_TRANSFER_WAIT that Socat sleep before
	starting the data transfer loop. Useful, e.g., to accumulate multiple
	packets in a receiving datagram socket before starting to process them.

	"//" comments were used for disabling experimental code. These lines
	have now been removed or disabled in other ways to make Socat compile
	with C89/C90 standard again.

	fcntl() trace prints flags now in hexadecimal.

	Stream dump options -r and -R now open their pathes with CLOEXEC to
	prevent leaking into sub processes.
	Test: EXEC_SNIFF

	Stream dump write now warn on write errors and partial writes (but
	still do not recover).

	Removed trailing white space from *.h and *.c files.

Porting:
	Small correction in configure.ac makes Socat C99 able.
	Thanks to Florian Weimer from Red Hat for providing a patch.

Documentation:
	Syntax and semantics of some options (esp.unlink-close) were not clear.
	Thanks to Anthony Chavez for reporting this and making suggestions.

	socat-tun.html described TCP as tunnel medium but this does not keep
	packet boundaries. Changed to UDP.

	Added examples for DCCP client and server.

	Complex Socat examples are now displayed in two or three lines for
	better overview.
	dest-unreach.css stylesheet has been improved to support this.

Testing:
	Idea: EXEC,SYSTEM addresses can keep packet boundaries when option
	socktype=<val-of-SOCK_DGRAM>
	Tests: EXECSOCKETPAIRPACKETS SYSTEMSOCKETPAIRPACKETS

	Cosmetic corrections of EXEC,SYSTEM tests.

	test.sh: Added option --expect-fail to specify comma separated list of
	test numbers whose failure shall not cause a failure of the whole
	script.

	test.sh: Added help text

	Speeded up wait loops; more addresses in upper case; more tests with
	command printing ($VERBOSE)

	test.sh: Check if ports are free before using them for tests

	Test EXEC_FDS checks with Filan if EXEC address only passes stdio FDs.

	Improved template; prepared namesFAIL, -d (DEBUG)

Revision 1.50: download - view: text, markup, annotated - select for diffs
Tue Oct 24 22:10:34 2023 UTC (13 months, 2 weeks ago) by wiz
Branches: MAIN
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +2 -1 lines
*: bump for openssl 3

Revision 1.49: download - view: text, markup, annotated - select for diffs
Thu Aug 17 21:55:22 2023 UTC (15 months, 3 weeks ago) by leot
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +2 -2 lines
socat: Update to 1.7.4.4

pkgsrc changes:
- Remove patch-sysutils.c, patch-xio-openssl.c, patch-xio-socket.c: applied
  upstream

Changes:
1.7.4.4
=======
Corrections:
 - In error.c msg2() there was a stack overflow on long messages: The
   terminating \0 Byte was written behind the last position.
   Thanks to Martin Liška for sending the address sanitizer report.
 - UDP-RECVFROM with fork sometimes terminated when multiple packets
   arrived. This issue was introduced with a bug fix in version 1.7.4.0.
   Reason was not handling EAGAIN on recvmsg().
   Thanks to Jamie McQuillan for reporting this issue.
 - Address TCP with options connect-timeout and retry terminated
   immediately when a connection attempt failed on network error or
   connection refused.
   Test: TCP_TIMEOUT_RETRY
   Thanks to Kamil Holubicki for reporting this issue.
 - There were a couple of weaknesses and errors when accessing invalid or
   incompatible file system entries with UNIX domain, file, and generic
   addresses.
   For example, UNIX-CONNECT, when using a non matching socktype, failed
   with -1 and did not print an error message, instead of printing an
   error message and exiting with rc=1.
   Thanks to Paul Wise for reporting and analyzing the case of accessing
   a left over socket entry with GOPEN.
 - The rawer option failed because it tried to clear CREAD.
 - UDP-SEND and UPD-SENDTO with option lowport always bound to port 1
   instead of a free port in range 640..1023
 - Fixed bad parser error message on "socat /tmp/x\"x/x -"
 - Tightened syntax checks to detect numerical arguments that are missing
   or have trailing garbage.
 - ctype(3) functions need there arguments to be unsigned char.
   Thanks to Taylor R Campbell for sending a patch.
 - Filan library uses Socats diag/error message system and therefore had
   always the signal handler messages socket pair open. This fix avoids
   this socketpair in standalone Filan.
 - Corrected printf format for type socklen_t in two places.

Porting:
 - OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain
   conditions: client connection to server with certificate with empty
   subject, and pressing ^C after successful connect.
   This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT.
   Thanks to Martin Dorey for reporting and analyzing this issue, and for
   providing an environment for reproduction.
 - Socat failed to compile on platforms that have
   IP_ADD_SOURCE_MEMBERSHIP but not struct ip_mreq_source
   Thanks to Justin Yackoski for sending a patch.
 - configure.ac's detection of getprotobynumber_r() variant did not
   recognize if this function does not exist, e.g. on Musl libc.
   Thanks to Alexander Kanavin and Baruch Siach for sending patches.
 - Corrected message format when no strftime() is available; improved
   handling of very long host or program names
 - Solaris requires that termios options are always applied to the slave
   side of PTY.
 - Fixed ancillary messages on Solaris.
 - Filan: Solaris has the open file path infos in /proc/<pid>/path/
   Thanks to Andy Fiddaman to directing me to the patch.
 - Filan now recognizes and prints Solaris doors and event ports.
 - Solaris derivatives no longer need librt for clock_gettime()
   Thanks to Andy Fiddaman to directing me to the patch.

Building:
 - Failure during building documentation, e.g. due to missing Yodl
   packages, now does not let the build process fail.
   Feature requested by Seyhun.

Features:
 - Filan prints target of symlink when appropriate
 - VSOCK-LISTEN now generates environment variables SOCAT_PEERADDR,
   SOCAT_PEERPORT, SOCAT_SOCKADDR, SOCAT_SOCKPORT
   New address aliases VSOCK, VSOCK-L

Documentation:
 - Fixed typo in doc/socat-tun.html and link in README.
   Thanks to William Suthers for reporting.
 - Fixed hard coded path in docu examples.
   Thanks to Jakub Wilk for sending a patch.
 - Updated doc/socat-openssltunnel.html: 2048 bits, commonname

Testing:
 - Unset SOCAT_MAIN_WAIT on informational Socat calls
 - SOCAT=socat used ./socat instead of the version derived by $PATH
 - Do not try VSOCK_ECHO test when feature is not compiled in.
 - Fixed logging of test 220 TUNINTERFACE
   Musl libc refuses to execve() shell scripts, 2 tests needed to be
   adapted.
 - Musl libc has FOPEN_MAX=1000 which made bash dumping core on test
   EXCEED_FOPEN_MAX.
 - Added tests for failures of UNIX socket and GOPEN accesses to non
   matching file system entries.
 - On RHEL-9 SCTP support requires installation of package
   kernel-modules-extra. test.sh now detects when SCTP is missing in
   kernel and reacts with warnings instead of errors.
 - VSOCK loopback still does not seem to work even in kernel 5.13, so just
   issue warning on "No such device".

Revision 1.48: download - view: text, markup, annotated - select for diffs
Sat Jul 23 15:40:33 2022 UTC (2 years, 4 months ago) by leot
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +2 -3 lines
socat: Update to 0.0.12

pkgsrc changes:
 - Remove hopefully no longer needed patch-fdname.c, Solaris support should be
   now properly handled by upstream too

Changes:
1.7.4.3
-------
Fixes the TCP_INFO issue that broke building on non-Linux platforms. Furthermore,
building on AIX works again. A few more corrections and improvements have been
added.

1.7.4.2
-------
Fixes a lot of bugs, e.g., for options -r and -R.

Revision 1.47: download - view: text, markup, annotated - select for diffs
Sun Apr 3 10:29:41 2022 UTC (2 years, 8 months ago) by riastradh
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +2 -1 lines
net/socat: Patch ctype(3) abuse.

Revision 1.46: download - view: text, markup, annotated - select for diffs
Sun Jan 10 22:07:28 2021 UTC (3 years, 11 months ago) by otis
Branches: MAIN
CVS tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +2 -2 lines
net/socat: Update to 1.7.4.1

Fix compilation on 32-bit systems and file transfer with OpenSSL.

Revision 1.45: download - view: text, markup, annotated - select for diffs
Wed Jan 6 15:12:31 2021 UTC (3 years, 11 months ago) by leot
Branches: MAIN
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +2 -2 lines
socat: Update to 1.7.4.0

Changes:
1.7.4.0
-------
Security:
 Buffer size option (-b) is internally doubled for CR-CRLF conversion,
 but not checked for integer overflow. This could lead to heap based
 buffer overflow, assuming the attacker could provide this parameter.
 Test: BLKSIZE_INT_OVERFL
 Thanks to Lê Hiếu Bùi for reporting this issue and sending an
 example exploit.

Corrections:
 Socats address parser read over end of string when there were unbalanced
 quotes
 Test: UNBALANCED_QUOTE

 Removed unused usleep() call from sycls.c

 Unsetenv() was conditional in sysutils.c but not in xio-openssl.c thus
 building failed on Solaris 9.
 Thanks to Greg Earle for reporting this issue and providing a patch.

 Mitigated race condition of quickly terminating SYSTEM or EXEC child
 processes.

 Option o-direct might require alignment of read/write buffer to, e.g.,
 512 bytes, Socat now takes care of this when allocating the buffer.
 With this fix read() succeeds, however, write() still might fail when
 not writing complete pages.
 Test: O_DIRECT

 There was a race condition in the way Socat UDP-RECVFROM and similar
 addresses with option fork prevents one packet from triggering
 multiple processes. The symptom was that Socat master process seemed to
 hang and did not process further packets. The fix makes use of
 pselect() system call.
 Thanks to Fulvio Scapin for reporting this issue.

 UNIX domain client addresses applied file system entry options (group
 NAMED) to the server socket instead of the client (bind) socket entry.
 Tests: UNIX_SENDTO_UNLINK UNIX_CONNECT_UNLINK
 Thanks to Nico Williams for reporting this major issue.

 Length of single address options was limited to 511 bytes. This value
 is now increased to 2047 bytes.
 Change suggested by Mario Camou.

 Addresses of type RECVFROM with option fork looped with an error
 message in case that the second address failed before consuming the
 packet. The fix makes RECVFROM drop the packet when the second address
 failed before reading it. Use retry or forever option with the second
 address if you want to avoid data loss.
 Thanks to Chunmei Xu for reporting this issue and proving the patch.

 Socats DTLS implementation has been reworked and appears to work now
 reasonably over UDP.
 New addresses: OPENSSL-DTLS-SERVER (DTLS-L),
 	OPENSSL-DTLS-CLIENT (DTLS)
 Tests: OPENSSL_DTLS_CLIENT OPENSSL_DTLS_SERVER
 	OPENSSL_METHOD_DTLS1 OPENSSL_METHOD_DTLS1.2
 Thanks to Brandon Carpenter, Qing Wan, and Pavel Nakonechnyi for
 sending patches.

 filan did not output the socket protocol.
 filan -s assumed each stream socket to be TCP and each datagram socket
 to be UDP. Now it uses SO_PROTOCOL and getprotoent() for correct output.

 Help text showed two parameters for UDP4-RECVFROM address, but only
 <port> is allowed.
 Thanks to John the Scott for reporting this issue.

 Error messages from SSL_read() and SSL_write() sometimes stated
 SSL_connect instead of originating function name.

 Fixed some more non functional minor issues.

Porting:
 In gcc version 10 the default changed from -fcommon to -fno-common.
 Consequently, linking filan and procan failed with error
 "multiple definition of `deny_severity'" and `allow_severity'
 Fixed by removing definitions in filan.c and procan.c
 Debian issue 957823
 Thanks to László Böszörményi and others for reporting this issue.

 Solaris 9 does not provide strndup(); added substitute code.
 Thanks to Greg Earle for providing a patch.

 Added configure option --enable-openssl-base to specify the location of
 a non-OS OpenSSL installation

 There are systems whose kernel understands SCTP but getaddrinfo does
 not. As workaround after EIA_SOCKTYPE on name and service resolution
 fall back to ai_socktype=0; if it fails with EAI_SERVICE, set
 ai_protocol=0 and try again
 Test: SCTP_SERVICENAME

 Per file filesystem options were still name ext2-* and depended on
 <linux/ext2_fs.h>. Now they are called fs-* and depend on <linux/fs.h>.
 These fs-* options are also available on old systems with ext2_fs.h

 New options openssl-min-proto-version (min-version) and
 openssl-max-proto-version (max-version) give access to the related
 OpenSSL set-macros and substitute deprecated version-specific methods.
 Test: OPENSSL_MIN_VERSION

 With OpenSSL use OPENSSL_init_SSL when available, instead of deprecated
 SSL_library_init.

 With OPENSSL_API_COMPAT=0x10000000L the files openssl/dh.h, openssl/bn.h
 must explicitely be included.
 Thanks to Rosen Penev for reporting and sending a patch.

Testing:
 test.sh now produces a list of tests that could not be performed for
 any reason. This helps to analyse these cases.

 OpenSSL s_server appearently started to neglect TCPs half close feature.
 Test OPENSSL_TCP4 has been changed to tolerate this.

 OpenSSL changed its behaviour when connection is rejected. Tests
 OPENSSLCERTSERVER, OPENSSL_CN_CLIENT_SECURITY, and
 OPENSSL_CN_SERVER_SECURITY now tolerate this.

 OpenSSL no longer allows explicit renegotiation with TLSv1.3, thus the
 appropriate tests failed.
 Fix: use TLSv1.2 for renegotiation tests
 Tests: OPENSSLRENEG1 OPENSSLRENEG2

 Ubuntu 20.04 requires 2048 bit certificates with OpenSSL

 Archlinux 2020 has not which command; its ip,ss commands have modified
 version strings

 More testing issues solved:
 * ss to pipe might omit column separator
 * UDP6MULTICAST_UNIDIR fails on newer Linux kernels
 * do not use sort -V
 * renamed testaddrs() to testfeats(), and introduced new testaddrs()

New features:
 GOPEN and UNIX-CLIENT addresses now support sockets of type SEQPACKET.
 Test: GOPENUNIXSEQPACKET
 Feature suggested by vi0oss.

 The generic setsockopt-int and related options are, in case of
 listening/accepting addresses, applied to the connected socket(s). To enable
 setting options on the listening socket, a new option setsockopt-listen
 has been implemented. See the documentation for info on data types.
 Tests: SETSOCKOPT SETSOCKOPT_LISTEN
 Thanks to Steven Danna and Korian Edeline for reporting this issue.

 Filan option -S gives short description like -s but with improved
 format

 Socat OpenSSL client, when server was specified using IP address, did
 not verify connection on certificates SubjectAltName IP entries.
 Tests: OPENSSL_SERVERALTAUTH OPENSSL_SERVERALTIP4AUTH OPENSSL_SERVERALTIP6AUTH
 Fixes Red Hat bug 1805132

 Added options -r and -R for raw dump of transferred data to files.
 Test: OPTION_RAW_DUMP

 Added option ip-transparent (socket option IP_TRANSPARENT)
 Thanks to Wang Shanker for sending a patch.

 OPENSSL-CONNECT now automatically uses the SNI feature, option
 openssl-no-sni turns it off. Option openssl-snihost overrides the value
 of option openssl-commonname or the server name.
 Tests: OPENSSL_SNI OPENSSL_NO_SNI
 Thanks to Travis Burtrum for providing the initial patch

 New option accept-timeout (listen-timeout)
 Test: ACCEPTTIMEOUT
 Proposed by Roland

 New option ip-add-source-membership
 Feature inspired by Brian (b f31415)

 INCOMPATIBLE CHANGE: Address UDP-DATAGRAM now does not check peerport
 of replies, as it did up to version 1.7.3.4. Use option sourceport when
 you need the old behaviour.
 Test: UDP_DATAGRAM_SOURCEPORT
 Feature inspired by Hans Bueckler for SSDP inquiry (for UPnP)

 New option proxy-authorization-file reads PROXY-CONNECT credentials
 from file and makes it possible to hide this data from the process
 table.
 Test: PROXYAUTHFILE
 Thanks to Charles Stephens for sending an initial patch.

 Added AF_VSOCK support with VSOCK-CONNECT and VSOCK-LISTEN addresses.
 Developed by Stefano Garzarella.

Coding:
 Added printf formats for uint16_t etc.

Documentation:
 Address UDP-RECV does not support option fork.
 Thanks to Fulvio Scapin for reporting that mistake in docu.

 TUN address documentation showed TCP for backend which may merge
 consecutive packets which causes data loss.
 Thanks to Tomasz Lakota for reporting this issue.

Revision 1.44: download - view: text, markup, annotated - select for diffs
Mon May 18 11:19:13 2020 UTC (4 years, 6 months ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +2 -3 lines
socat: Update to 1.7.3.4

####################### V 1.7.3.4:

Corrections:
	Header of xiotermios_speed() declared parameter unsigned int instead of
	speed_t, thus compiling failed on MacOS
	Thanks to Joe Strout and others for reporting this bug.
	Thanks to Andrew Childs and others for sending a patch.

	Under certain circumstances, termios options of the first address were
	applied to the second address, resulting in error
	"Inappropriate ioctl for device"
	This affected version 1.7.3.3 only.
	Test: TERMIOS_PH_ALL
	Thanks to Ivan J. for reporting this issue.

	Socat failed to compile when no poll() system call was found by
	configure.
	Thanks to Jason White for sending a patch.

	Due to use of SSL_CTX_clear_mode() Socat failed to compile on old
	systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B.
	for reporting this problem and sending initial patches.

	getaddrinfo() in IP4-SENDTO and IP6-SENDTO addresses failed with
	"ai_socktype not supported" when protocol 6 was addressed.
	The fix removes the possibility to use service names with SCTP.
	Test: IP_SENDTO_6
	Thanks to Sören for sending an initial patch.

	Under certain circumstances, Socat printed the "socket ... is at EOF"
	multiple times.
	Test: MULTIPLE_EOF

	Newer parts of test.sh used substitutions ${x,,*} or ${x^^*} that are
	not implemented in older bash versions.

Revision 1.43: download - view: text, markup, annotated - select for diffs
Sun Feb 9 13:19:10 2020 UTC (4 years, 10 months ago) by jdolecek
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +2 -2 lines
remove the Darwin BIND 8 hack, it's using bind9 for at least a decade already

Revision 1.42: download - view: text, markup, annotated - select for diffs
Sat Jan 18 21:50:26 2020 UTC (4 years, 10 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +2 -1 lines
*: Recursive revision bump for openssl 1.1.1.

Revision 1.41: download - view: text, markup, annotated - select for diffs
Sun Apr 7 19:26:56 2019 UTC (5 years, 8 months ago) by leot
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +4 -6 lines
socat: Update to 1.7.3.3

pkgsrc changes:
 - Adjust test related definition
 - Remove no longer needed patches

Changes:
1.7.3.3:
--------
Corrections:
 Makefile.in did not specify dependencies of filan on vsnprintf_r.o
 and snprinterr.o
 Added definition of FILAN_OBJS
 Thanks to Craig Leres, Clayton Shotwell, and Chris Packham for
 providing patches.

 configure option --enable-msglevel did not work with numbers

 The autoconf mechanism for determining SHIFT_OFFSET did not work when
 cross compiling.
 Thanks to Max Freisinger from Gentoo for sending a patch.

 Socat still depended on obsolete gethostbyname() function, thus
 compiling with MUSL libc failed.
 Problem reported by Kennedy33.

 The async signal safe diagnostic system used FDs 3 and 4 internally, so
 use of appropriate fdin or fdout led to failures.
 Test: DIAG_FDIN
 Problem reported by Onur Sentürk.

 The socket based mechanism for passing messages and signal information
 from signal handler to process could reach and kill the wrong process.
 Introduces functions diag_sock_pair(), diag_fork()
 Thanks to Darren Zhao for analysing and reporting this problem.

 Option ipv6-join-group did not work because it was applied in the wrong
 phase
 Test: UDP6MULTICAST_UNIDIR
 Thanks to Angus Gratton for sending a patch.

 Setting ispeed and ospeed failed for some serial devices because the
 two settings were applied with two different get/set cycles, Thanks to
 Alexandre Fenyo for providing an initial patch.
 However, the actual fix is part of a conceptual change of the termios
 module that aims for applying all changes in a single tcsetaddr call.
 Fixes FreeBSD Bug 198441

 Termios options TAB0,TAB1,TAB2,TAB3, and XTABS did not have an effect.
 Thanks to Alan Walters for reporting this bug.

 Substituted cumbersom ISPEED_OFFSET mechanism for cfsetispeed() calls

 With TCP6-LISTEN and the other passive IPv6 addresses the range option
 just failed: due to a bug in the syntax parser and two more bugs in
 the xiocheckrange_ip6() function.
 The syntax has now been changed from "[::1/128]" to "[::1]/128"!
 Thanks Leah Neukirchen for sending an initial fix.

 For name resolution Socat only checked the first character of the host
 name to decide if it is an IPv4 address. This was not RFC conform. This
 fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
 TCP6:127.0.0.1:80
 Thanks to Nicolas Fournil for reporting this issue.

 Print a useful error message when single character options appear to be
 merged in Socat invocation
        Test: SOCCAT_OPT_HINT

 Fixed some docu typos.
 Thanks to Travis Wellman, Thomas <tjps636>, Dan Kenigsberg,
 Julian Zinn, and Simon Matter

Porting:
 OpenSSL functions TLS1_client_method() and similar are
 deprecated. Socat now uses recommended TLS_client_method(). The old
 functions and dependend option openssl-method can still be
 used when configuring socat with --enable-openssl-method

 Shell scripts in socat distribution are now headed with:
 #! /usr/bin/env bash
 to make them better portable to systems without /bin/bash
 Thanks to Maya Rashish for sending a patch

 RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with
 configure option --enable-res-deprecated.

 New versions of OpenSSL preset SSL_MODE_AUTO_RETRY which may hang socat.
 Solution: clear SSL_MODE_AUTO_RETRY when it is set.

 Renamed configure.in to configure.ac and set an appropriate symlink for
 older environments.
 Related Gentoo bug 426262: Warning on configure.in
 Thanks to Francesco Turco for reporting that warning.

 Fixed new IPv6 range code for platforms without s6_addr32 component.

Testing:
 test.sh: Show a warning when phase-1 (insecure phase) of a security
 test fails

 OpenSSL tests failed on actual Linux distributions. Measures:
 Increased key lengths from 768 to 1024 bits
 Added test.sh option -C to delete temp certs from prevsious runs
 Provide DH-parameter in certificate in PEM
 OpenSSL s_server option -verify 0 must be omitted
 OpenSSL authentication method aNULL no longer works
 Failure of cipher aNULL is not a failure
 Failure of methods SSL3 and SSL23 is desired

 test.sh depended on ifconfig and netstat utilities which are no longer
 available in some distributions. test.sh now checks for and prefers
 ip and ss.
 Thanks to Ruediger Meier for reporting this problem.

 More corrections to test.sh:
 Language settings could still influence test results
 netstat was still required
 Suppress usleep deprecated messag
 Force use of IPv4 with some certificates
 Set timeout for UDPxMAXCHILDREN tests

Git:
 Added missing Config/Makefile.DragonFly-2-8-2,
 Config/config.DragonFly-2-8-2.h
 Removed testcert.conf (to be generated by test.sh)

Cosmetics:
 Simplified handling of missing termios defines.

New features:
 Permit combined -d options as -dd etc.

Revision 1.40: download - view: text, markup, annotated - select for diffs
Wed Jul 4 13:40:31 2018 UTC (6 years, 5 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +2 -2 lines
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.

Revision 1.39: download - view: text, markup, annotated - select for diffs
Sat Nov 11 19:43:06 2017 UTC (7 years, 1 month ago) by maya
Branches: MAIN
CVS tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +8 -1 lines
socat: improve our ability to run the tests, less use of /bin/bash

bump PKGREVISION in case any of those scripts are used at runtime

Revision 1.38: download - view: text, markup, annotated - select for diffs
Sun Feb 5 20:40:32 2017 UTC (7 years, 10 months ago) by leot
Branches: MAIN
CVS tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +3 -4 lines
Update net/socat to socat-1.7.3.2

pkgsrc changes:
 - Take MAINTAINERship

Changes:
1.7.3.2
-------
corrections:
 - SIGSEGV and other signals could lead to a 100% CPU loop
 - Failing name resolution could lead to SIGSEGV
   Thanks to Max for reporting this issue.
 - Include <stddef.h> for ptrdiff_t
   Thanks to Jeroen Roovers for reporting this issue.
 - Building with --disable-sycls failed due to missing sslcls.h defines
   Socat hung when configured with --disable-sycls.
 - Some minor corrections with includes etc.
 - Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
   for sending a patch.
 - Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
   incorrectly assigned
   Test: EXEC_NOFORK_UNIDIR
   Thanks to David Reiss for reporting this problem.
 - Socat exited with status 0 even when a program invoked with SYSTEM or
   EXEC failed.
   Tests: SYSTEM_RC EXEC_RC
   Issue reported by Felix Winkelmann.
 - AddressSanitizer reported a few buffer overflows (false positives).
   Nevertheless fixed Socat source.
   Issue reported by Hanno Böck.
 - Socat did not use option ipv6-join-group.
   Test: USE_IPV6_JOIN_GROUP
   Thanks to Linux Lüssing for sending a patch.
 - UDP-LISTEN did not honor the max-children option.
   Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
   Thanks to Leander Berwers for reporting this issue.
 - Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
   and therefore were useless.
   Thanks to Steve Borenstein for reporting this issue.
 - Option dhparam was documented as dhparams. Added the alias name
   dhparams to fix this.
   Thanks to Alexander Neumann for sending a patch.
 - Options shut-down and shut-close did not work.
   Thanks to Stefan Schimanski for providing a patch.
 - There was a bug in printing readline log message caused by a misleading
   indentation.
   Thanks to Paul Wouters for reporting.
 - The internal vsnprintf_r function looped or crashed on size parameter
   with hexadecimal output.
 - Ignore exit code of child process when it was killed by master due to
   EOF
 - Corrected byte order on read of IPV6_TCLASS value from ancillary
   message
 - Fixed type of the bool element in options. This had bug caused failures
   e.g. of ignoreeof on big-endian systems when bool was not based on int.
 - On systems with predefined bool type whose size differs from int some
   IPv6 and TCP options (per setsockopt()) failed.
 - Length of integral data in ancillary messages varies (TOS: 1 byte,
   TTL: 4 bytes), the old implementation failed for TTL on big-endian
   hosts.
 - Fixed an issue in options processing: TUN and DNS flags had failed on
   big-endian systems and the NO- forms had probable never worked.

porting:
 - Type conflict between int and sig_atomic_t between declaration and
   definition of diag_immediate_type and diag_immediate_exit broke
   compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
   reporting this bug.
 - Socat failed to compile on platforms with OpenSSL without
   DTLSv1_client_method or DTLSv1_server_method.
   Thanks to Simon Matter for sending a patch.
 - NuttX OS headers do not provide struct ip, thus socat did not compile.
   Made struct ip subject to configure.
   Thanks to SP for reporting this issue.
 - Socat failed to compile with OpenSSL version 1.0.2d where
   SSLv3_server_method and SSLv3_client_method are no longer defined.
   Thanks to Mischa ter Smitten for reporting this issue and providing
   a patch.
 - configure checked for OpenSSL EC_KEY assuming it is a define but it
   is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
   Thanks to Andrey Arapov for reporting this bug.
 - Changes to make socat compile with OpenSSL 1.1.
   Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
   providing the base patch.
   Debian Bug#828550
 - Make Socat compatible with BoringSSL.
   Thanks to Matt Braithwaite for providing a patch.
 - OpenSSL: Use RAND_status to determine PRNG state
   Thanks to Adam Langley for providing a patch
 - AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
   requirements. Thanks to Garrick Trowsdale for providing a patch
 - LibreSSL support: check for OPENSSL_NO_COMP
   Thanks to Bernard Spil for providing a patch

testing:
 - socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
 - test.sh: stderr; option -v (verbose); FDOUT_ERROR description
 - improved proxy.sh - it now also takes hostnames
 - A few corrections in test.sh
 - DTLS1 test hangs on some distributions. Test is now only performed
   with OpenSSL 1.0.2 or higher.
 - More corrections to test.sh that reveal a mistake with IPV6_TCLASS

docu:
 - Corrected source of socat man page to correctly show man references
   like socket(2); removed obseolete entries from See Also
 - Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
   that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
   are correct).
   Thanks to Zhigang Wang for reporting this issue.
 - Fixed a couple of English spelling and grammar mistakes.
   Thanks to Jakub Wild for sending the patches.
 - NOEXPAND() was not resolved 2 times.
 - More minor docu corrections

legal:
 - Added contributors to copyright notices. Suggested by Matt Braithwaite.

Revision 1.37: download - view: text, markup, annotated - select for diffs
Sat Mar 5 11:29:12 2016 UTC (8 years, 9 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +2 -1 lines
Bump PKGREVISION for security/openssl ABI bump.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Tue Feb 2 16:08:01 2016 UTC (8 years, 10 months ago) by leot
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -2 lines
Update net/socat to 1.7.3.1.

Changes:
####################### V 1.7.3.1:
security:
  Socat security advisory 8
  A stack overflow in vulnerability was found that can be triggered when
  command line arguments (complete address specifications, host names,
  file names) are longer than 512 bytes.
  Successful exploitation might allow an attacker to execute arbitrary
  code with the privileges of the socat process.
  This vulnerability can only be exploited when an attacker is able to
  inject data into socat's command line.
  A vulnerable scenario would be a CGI script that reads data from clients
  and uses (parts of) this data as hostname for a Socat invocation.
  Test: NESTEDOVFL
  Credits to Takumi Akiyama for finding and reporting this issue.

  Socat security advisory 7
  MSVR-1499
  In the OpenSSL address implementation the hard coded 1024 bit DH p
  parameter was not prime. The effective cryptographic strength of a key
  exchange using these parameters was weaker than the one one could get by
  using a prime p. Moreover, since there is no indication of how these
  parameters were chosen, the existence of a trapdoor that makes possible
  for an eavesdropper to recover the shared secret from a key exchange
  that uses them cannot be ruled out.
  Futhermore, 1024bit is not considered sufficiently secure.
  Fix: generated a new 2048bit prime.
  Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
  Research (MSVR) for finding and reporting this issue.

Revision 1.34.2.1: download - view: text, markup, annotated - select for diffs
Sun Jul 26 19:57:43 2015 UTC (9 years, 4 months ago) by tron
Branches: pkgsrc-2015Q2
Diff to: previous 1.34: preferred, colored; next MAIN 1.35: preferred, colored
Changes since revision 1.34: +2 -2 lines
Pullup ticket #4782 - requested by bsiegert
net/socat: security update

Revisions pulled up:
- net/socat/Makefile                                            1.35
- net/socat/distinfo                                            1.21
- net/socat/patches/patch-configure                             deleted
- net/socat/patches/patch-mytypes.h                             1.3

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sat Jul 25 14:43:23 UTC 2015

   Modified Files:
           pkgsrc/net/socat: Makefile distinfo
           pkgsrc/net/socat/patches: patch-mytypes.h
   Removed Files:
           pkgsrc/net/socat/patches: patch-configure

   Log Message:
   Update socat to 1.7.3.0. From Ben Gergely in PR pkg/49996.

   ####################### V 1.7.3.0:

   security:
           (CVE Id pending)
           Fixed problems with signal handling caused by use of not async signal
           safe functions in signal handlers that could freeze socat, allowing
           denial of service attacks.
           Many changes in signal handling and the diagnostic messages system were
           applied to make the code async signal safe but still provide detailled
           logging from signal handlers:
           Coded function vsnprintf_r() as async signal safe incomplete substitute
           of libc vsnprintf()
           Coded function snprinterr() to replace %m in strings with a system error
           message
           Instead of gettimeofday() use clock_gettime() when available
           Pass Diagnostic messages from signal handler per unix socket to the main
           program flow
           Use sigaction() instead of signal() for better control
           Turn off nested signal handler invocations
           Thanks to Peter Lobsinger for reporting and explaining this issue.

           Red Hat issue 1019975: add TLS host name checks
           OpenSSL client checks if the server certificates names in
           extensions/subjectAltName/DNS or in subject/commonName match the name
           used to connect or the value of the openssl-commonname option.
           Test: OPENSSL_CN_CLIENT_SECURITY

           OpenSSL server checks if the client certificates names in
           extensions/subjectAltNames/DNS or subject/commonName match the value of
           the openssl-commonname option when it is used.
           Test: OPENSSL_CN_SERVER_SECURITY

           Red Hat issue 1019964: socat now uses the system certificate store with
           OPENSSL when neither options cafile nor capath are used

           Red Hat issue 1019972: needs to specify OpenSSL cipher suites
           Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
           prevent downgrade attacks

   new features:
           OpenSSL addresses set couple of environment variables from values in
           peer certificate, e.g.:
           SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
           SOCAT_OPENSSL_X509_COMMONNAME,
           SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
           Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*

           Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
           Tests: OPENSSL_METHOD_*

           Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
           by Andrey Arapov.

           Added a new option termios-rawer for ptys.
           Thanks to Christian Vogelgsang for pointing me to this requirement

   corrections:
           Bind with ABSTRACT commands used non-abstract namespace (Linux).
           Test: ABSTRACT_BIND
           Thanks to Denis Shatov for reporting this bug.

           Fixed return value of nestlex()

           Option ignoreeof on the right address hung.
           Test: IGNOREEOF_REV
           Thanks to Franz Fasching for reporting this bug.

           Address SYSTEM, when terminating, shut down its parent addresses,
           e.g. an SSL connection which the parent assumed to still be active.
           Test: SYSTEM_SHUTDOWN

           Passive (listening or receiving) addresses with empty port field bound
           to a random port instead of terminating with error.
           Test: TCP4_NOPORT

           configure with some combination of disable options produced config
           files that failed to compile due to missing IPPROTO_TCP.
           Thanks to Thierry Fournier for report and patch.

           fixed a few minor bugs with OpenSSL in configure and with messages

           Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
           is required. Thanks to Zhigang Wang for reporting and sending a patch.

           Christophe Leroy provided a patch that fixes memory leaks reported by
           valgrind

           Help for filan -L was bad, is now corrected to:
           "follow symbolic links instead of showing their properties"

           Address options fdin and fdout were silently ignored when not applicable
           due to -u or -U option. Now these combinations are caught as errors.
           Test: FDOUT_ERROR
           Issue reported by Hendrik.

           Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
           over option raw which is now obsolote. On SysV systems this call is
           simulated by appropriate setting.
           Thanks to Youfu Zhang for reporting issue with option raw.

   porting:
           Socat included <sys/poll.h> instead of POSIX <poll.h>
           Thanks to John Spencer for reporting this issue.

           Version 1.7.2.4 changed the check for gcc in configure.ac; this
           broke cross compiling. The particular check gets reverted.
           Thanks to Ross Burton and Danomi Manchego for reporting this issue.

           Debian Bug#764251: Set the build timestamp to a deterministic time:
           support external BUILD_DATE env var to allow to build reproducable
           binaries

           Joachim Fenkes provided an new adapted spec file.

           Type bool and macros Min and Max are defined by socat which led to
           compile errors when they were already provided by build framework.
           Thanks to Liyu Liu for providing a patch.

           David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
           support and appropriate files in Config/

           Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
           on Illumos

           Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
           _POSIX_PTHREAD_SEMANTICS; and minor changes

           Red Hat issue 1182005: socat 1.7.2.4 build failure missing
           linux/errqueue.h
           Socat failed to compile on on PPC due to new requirements for
           including <linux/errqueue.h> and a weakness in the conditional code.
           Thanks to Michel Normand for reporting this issue.

   doc:
           In the man page the PTY example was badly formatted. Thanks to
           J.F.Sebastian for sending a patch.

           Added missing CVE ids to security issues in CHANGES

   testing:
           Do not distribute testcert.conf with socat source but generate it
           (and new testcert6.conf) during test.sh run.

   ####################### V 1.7.2.4:

   corrections:
           LISTEN based addresses applied some address options, e.g. so-keepalive,
           to the listening file descriptor instead of the connected file
           descriptor
           Thanks to Ulises Alonso for reporting this bug

           make failed after configure with non gcc compiler due to missing
           include. Thanks to Horacio Mijail for reporting this problem

           configure checked for --disable-rawsocket but printed
           --disable-genericsocket in the help text. Thanks to Ben Gardiner for
           reporting and patching this bug

           In xioshutdown() a wrong branch was chosen after RECVFROM type
   addresses.
           Probably no impact.
           Thanks to David Binderman for reproting this issue.

           procan could not cleanly format ulimit values longer than 16 decimal
           digits. Thanks to Frank Dana for providing a patch that increases field
           width to 24 digits.

           OPENSSL-CONNECT with bind option failed on some systems,
   eg.FreeBSD, with
           "Invalid argument"
           Thanks to Emile den Tex for reporting this bug.

           Changed some variable definitions to make gcc -O2 aliasing checker happy
           Thanks to Ilya Gordeev for reporting these warnings

           On big endian platforms with type long >32bit the range option applied a
           bad base address. Thanks to hejia hejia for reporting and
   fixing this bug.

           Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

           Red Hat issue 1022063: out-of-range shifts on net mask bits

           Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

           Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
           uses

           Red Hat issue 1021958: fixed a bug with faulty buffer/data length
           calculation in xio-ascii.c:_xiodump()

           Red Hat issue 1021972: fixed a missing NUL termination in return string
           of sysutils.c:sockaddr_info() for the AF_UNIX case

           fixed some typos and minor issues, including:
           Red Hat issue 1021967: formatting error in manual page

           UNIX-LISTEN with fork option did not remove the socket file system entry
           when exiting. Other file system based passive address types had similar
           issues or failed to apply options umask, user e.a.
           Thanks to Lorenzo Monti for pointing me to this issue

   porting:
           Red Hat issue 1020203: configure checks fail with some compilers.
           Use case: clang

           Performed changes for Fedora release 19

           Adapted, improved test.sh script

           Red Hat issue 1021429: getgroupent fails with large number of groups;
           use getgrouplist() when available instead of sequence of calls to
           getgrent()

           Red Hat issue 1021948: snprintf API change;
           Implemented xio_snprintf() function as wrapper that tries to emulate C99
           behaviour on old glibc systems, and adapted all affected calls
           appropriately

           Mike Frysinger provided a patch that supports long long for time_t,
           socklen_t and a few other libc types.

           Artem Mygaiev extended Cedril Priscals Android build script
   with pty code

           The check for fips.h required stddef.h
           Thanks to Matt Hilt for reporting this issue and sending a patch

           Check for linux/errqueue.h failed on some systems due to lack of
           linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.

           autoconf now prefers configure.ac over configure.in
           Thanks to Michael Vastola for sending a patch.

           type of struct cmsghdr.cmsg is system dependend, determine it with
           configure; some more print format corrections

   docu:
           libwrap always logs to syslog

           added actual text version of GPLv2

Revision 1.35: download - view: text, markup, annotated - select for diffs
Sat Jul 25 14:43:23 2015 UTC (9 years, 4 months ago) by bsiegert
Branches: MAIN
CVS tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +2 -2 lines
Update socat to 1.7.3.0. From Ben Gergely in PR pkg/49996.

####################### V 1.7.3.0:

security:
	(CVE Id pending)
	Fixed problems with signal handling caused by use of not async signal
	safe functions in signal handlers that could freeze socat, allowing
	denial of service attacks.
	Many changes in signal handling and the diagnostic messages system were
	applied to make the code async signal safe but still provide detailled
	logging from signal handlers:
	Coded function vsnprintf_r() as async signal safe incomplete substitute
	of libc vsnprintf()
	Coded function snprinterr() to replace %m in strings with a system error
	message
	Instead of gettimeofday() use clock_gettime() when available
	Pass Diagnostic messages from signal handler per unix socket to the main
	program flow
	Use sigaction() instead of signal() for better control
	Turn off nested signal handler invocations
	Thanks to Peter Lobsinger for reporting and explaining this issue.

	Red Hat issue 1019975: add TLS host name checks
	OpenSSL client checks if the server certificates names in
	extensions/subjectAltName/DNS or in subject/commonName match the name
	used to connect or the value of the openssl-commonname option.
	Test: OPENSSL_CN_CLIENT_SECURITY

	OpenSSL server checks if the client certificates names in
	extensions/subjectAltNames/DNS or subject/commonName match the value of
	the openssl-commonname option when it is used.
	Test: OPENSSL_CN_SERVER_SECURITY

	Red Hat issue 1019964: socat now uses the system certificate store with
	OPENSSL when neither options cafile nor capath are used

	Red Hat issue 1019972: needs to specify OpenSSL cipher suites
	Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
	prevent downgrade attacks

new features:
	OpenSSL addresses set couple of environment variables from values in
	peer certificate, e.g.:
	SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
	SOCAT_OPENSSL_X509_COMMONNAME,
	SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
	Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*

	Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
	Tests: OPENSSL_METHOD_*

	Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
	by Andrey Arapov.

	Added a new option termios-rawer for ptys.
	Thanks to Christian Vogelgsang for pointing me to this requirement

corrections:
	Bind with ABSTRACT commands used non-abstract namespace (Linux).
	Test: ABSTRACT_BIND
	Thanks to Denis Shatov for reporting this bug.

	Fixed return value of nestlex()

	Option ignoreeof on the right address hung.
	Test: IGNOREEOF_REV
	Thanks to Franz Fasching for reporting this bug.

	Address SYSTEM, when terminating, shut down its parent addresses,
	e.g. an SSL connection which the parent assumed to still be active.
	Test: SYSTEM_SHUTDOWN

	Passive (listening or receiving) addresses with empty port field bound
	to a random port instead of terminating with error.
	Test: TCP4_NOPORT

	configure with some combination of disable options produced config
	files that failed to compile due to missing IPPROTO_TCP.
	Thanks to Thierry Fournier for report and patch.

	fixed a few minor bugs with OpenSSL in configure and with messages

	Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
	is required. Thanks to Zhigang Wang for reporting and sending a patch.

	Christophe Leroy provided a patch that fixes memory leaks reported by
	valgrind

	Help for filan -L was bad, is now corrected to:
	"follow symbolic links instead of showing their properties"

	Address options fdin and fdout were silently ignored when not applicable
	due to -u or -U option. Now these combinations are caught as errors.
	Test: FDOUT_ERROR
	Issue reported by Hendrik.

	Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
	over option raw which is now obsolote. On SysV systems this call is
	simulated by appropriate setting.
	Thanks to Youfu Zhang for reporting issue with option raw.

porting:
	Socat included <sys/poll.h> instead of POSIX <poll.h>
	Thanks to John Spencer for reporting this issue.

	Version 1.7.2.4 changed the check for gcc in configure.ac; this
	broke cross compiling. The particular check gets reverted.
	Thanks to Ross Burton and Danomi Manchego for reporting this issue.

	Debian Bug#764251: Set the build timestamp to a deterministic time:
	support external BUILD_DATE env var to allow to build reproducable
	binaries

	Joachim Fenkes provided an new adapted spec file.

	Type bool and macros Min and Max are defined by socat which led to
	compile errors when they were already provided by build framework.
	Thanks to Liyu Liu for providing a patch.

	David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
	support and appropriate files in Config/

	Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
	on Illumos

	Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
	_POSIX_PTHREAD_SEMANTICS; and minor changes

	Red Hat issue 1182005: socat 1.7.2.4 build failure missing
	linux/errqueue.h
	Socat failed to compile on on PPC due to new requirements for
	including <linux/errqueue.h> and a weakness in the conditional code.
	Thanks to Michel Normand for reporting this issue.

doc:
	In the man page the PTY example was badly formatted. Thanks to
	J.F.Sebastian for sending a patch.

	Added missing CVE ids to security issues in CHANGES

testing:
	Do not distribute testcert.conf with socat source but generate it
	(and new testcert6.conf) during test.sh run.

####################### V 1.7.2.4:

corrections:
	LISTEN based addresses applied some address options, e.g. so-keepalive,
	to the listening file descriptor instead of the connected file
	descriptor
	Thanks to Ulises Alonso for reporting this bug

	make failed after configure with non gcc compiler due to missing
	include. Thanks to Horacio Mijail for reporting this problem

	configure checked for --disable-rawsocket but printed
	--disable-genericsocket in the help text. Thanks to Ben Gardiner for
	reporting and patching this bug

	In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
	Probably no impact.
	Thanks to David Binderman for reproting this issue.

	procan could not cleanly format ulimit values longer than 16 decimal
	digits. Thanks to Frank Dana for providing a patch that increases field
	width to 24 digits.

	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
	"Invalid argument"
	Thanks to Emile den Tex for reporting this bug.

	Changed some variable definitions to make gcc -O2 aliasing checker happy
	Thanks to Ilya Gordeev for reporting these warnings

	On big endian platforms with type long >32bit the range option applied a
	bad base address. Thanks to hejia hejia for reporting and fixing this bug.

	Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

	Red Hat issue 1022063: out-of-range shifts on net mask bits

	Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

	Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
	uses

	Red Hat issue 1021958: fixed a bug with faulty buffer/data length
	calculation in xio-ascii.c:_xiodump()

	Red Hat issue 1021972: fixed a missing NUL termination in return string
	of sysutils.c:sockaddr_info() for the AF_UNIX case

	fixed some typos and minor issues, including:
	Red Hat issue 1021967: formatting error in manual page

	UNIX-LISTEN with fork option did not remove the socket file system entry
	when exiting. Other file system based passive address types had similar
	issues or failed to apply options umask, user e.a.
	Thanks to Lorenzo Monti for pointing me to this issue

porting:
	Red Hat issue 1020203: configure checks fail with some compilers.
	Use case: clang

	Performed changes for Fedora release 19

	Adapted, improved test.sh script

	Red Hat issue 1021429: getgroupent fails with large number of groups;
	use getgrouplist() when available instead of sequence of calls to
	getgrent()

	Red Hat issue 1021948: snprintf API change;
	Implemented xio_snprintf() function as wrapper that tries to emulate C99
	behaviour on old glibc systems, and adapted all affected calls
	appropriately

	Mike Frysinger provided a patch that supports long long for time_t,
	socklen_t and a few other libc types.

	Artem Mygaiev extended Cedril Priscals Android build script with pty code

	The check for fips.h required stddef.h
	Thanks to Matt Hilt for reporting this issue and sending a patch

	Check for linux/errqueue.h failed on some systems due to lack of
	linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.

	autoconf now prefers configure.ac over configure.in
	Thanks to Michael Vastola for sending a patch.

	type of struct cmsghdr.cmsg is system dependend, determine it with
	configure; some more print format corrections

docu:
	libwrap always logs to syslog

	added actual text version of GPLv2

Revision 1.32.6.1: download - view: text, markup, annotated - select for diffs
Mon Apr 27 22:02:37 2015 UTC (9 years, 7 months ago) by tron
Branches: pkgsrc-2015Q1
Diff to: previous 1.32: preferred, colored; next MAIN 1.33: preferred, colored
Changes since revision 1.32: +2 -2 lines
Pullup ticket #4689 - requested by dholland
net/socat: build fix

Revisions pulled up:
- net/socat/Makefile                                            1.33

---
   Module Name:	pkgsrc
   Committed By:	dholland
   Date:		Sat Apr 25 23:31:23 UTC 2015

   Modified Files:
   	pkgsrc/net/socat: Makefile

   Log Message:
   Add clang to ONLY_FOR_COMPILER per PR 49852 from Alexander Borkowski.

   (XXX: shouldn't the wrappers be taking care of -Werror for compilers
   that don't understand it?)

Revision 1.34: download - view: text, markup, annotated - select for diffs
Sun Apr 26 11:14:31 2015 UTC (9 years, 7 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +1 -2 lines
Drop ONLY_FOR_COMPILER. If -Werror is no good reason for such a mask and
should be handled if desired.

Revision 1.33: download - view: text, markup, annotated - select for diffs
Sat Apr 25 23:31:23 2015 UTC (9 years, 7 months ago) by dholland
Branches: MAIN
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -2 lines
Add clang to ONLY_FOR_COMPILER per PR 49852 from Alexander Borkowski.

(XXX: shouldn't the wrappers be taking care of -Werror for compilers
that don't understand it?)

Revision 1.31.4.1: download - view: text, markup, annotated - select for diffs
Fri Sep 19 11:30:10 2014 UTC (10 years, 2 months ago) by tron
Branches: pkgsrc-2014Q2
Diff to: previous 1.31: preferred, colored; next MAIN 1.32: preferred, colored
Changes since revision 1.31: +2 -10 lines
Pullup ticket #4494 - requested by rodent
net/socat: security update

Revisions pulled up:
- net/socat/Makefile                                            1.32
- net/socat/distinfo                                            1.20
- net/socat/patches/patch-aa                                    deleted
- net/socat/patches/patch-configure                             1.2
- net/socat/patches/patch-mytypes.h                             1.2

---
   Module Name:	pkgsrc
   Committed By:	rodent
   Date:		Sun Sep  7 23:24:56 UTC 2014

   Modified Files:
   	pkgsrc/net/socat: Makefile distinfo
   	pkgsrc/net/socat/patches: patch-configure patch-mytypes.h
   Removed Files:
   	pkgsrc/net/socat/patches: patch-aa

   Log Message:
   Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019.
   patches/patch-aa seems to have been committed upstream. Passing readline
   location to configure and fixing CCOPTS in Makefile.in seems to not be
   necessary anymore. From CHANGES:

   ####################### V 1.7.2.4:

   corrections:
   	LISTEN based addresses applied some address options, e.g. so-keepalive,
   	to the listening file descriptor instead of the connected file
   	descriptor

   	make failed after configure with non gcc compiler due to missing
   	include.

   	configure checked for --disable-rawsocket but printed
   	--disable-genericsocket in the help text.

   	In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
   	Probably no impact.

   	procan could not cleanly format ulimit values longer than 16 decimal
   	digits. Thanks to Frank Dana for providing a patch that increases field
   	width to 24 digits.

   	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
   	"Invalid argument"

   	Changed some variable definitions to make gcc -O2 aliasing checker happy

   	On big endian platforms with type long >32bit the range option applied a
   	bad base address.

   	Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

   	Red Hat issue 1022063: out-of-range shifts on net mask bits

   	Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

   	Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
   	uses

   	Red Hat issue 1021958: fixed a bug with faulty buffer/data length
   	calculation in xio-ascii.c:_xiodump()

   	Red Hat issue 1021972: fixed a missing NUL termination in return string
   	of sysutils.c:sockaddr_info() for the AF_UNIX case

   	fixed some typos and minor issues, including:
   	Red Hat issue 1021967: formatting error in manual page

   	UNIX-LISTEN with fork option did not remove the socket file system entry
   	when exiting. Other file system based passive address types had similar
   	issues or failed to apply options umask, user e.a.

   porting:
   	Red Hat issue 1020203: configure checks fail with some compilers.
   	Use case: clang

   	Performed changes for Fedora release 19

   	Adapted, improved test.sh script

   	Red Hat issue 1021429: getgroupent fails with large number of groups;
   	use getgrouplist() when available instead of sequence of calls to
   	getgrent()

   	Red Hat issue 1021948: snprintf API change;
   	Implemented xio_snprintf() function as wrapper that tries to emulate C99
   	behaviour on old glibc systems, and adapted all affected calls
   	appropriately

   	Mike Frysinger provided a patch that supports long long for time_t,
   	socklen_t and a few other libc types.

   	Artem Mygaiev extended Cedril Priscals Android build script with pty code

   	The check for fips.h required stddef.h

   	Check for linux/errqueue.h failed on some systems due to lack of
   	linux/types.h inclusion.

   	autoconf now prefers configure.ac over configure.in

   	type of struct cmsghdr.cmsg is system dependend, determine it with
   	configure; some more print format corrections

   docu:
   	libwrap always logs to syslog

   	added actual text version of GPLv2

   ####################### V 1.7.2.3:

   security:
   	CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
   	overflow with data from command line (see socat-secadv5.txt)

Revision 1.32: download - view: text, markup, annotated - select for diffs
Sun Sep 7 23:24:56 2014 UTC (10 years, 3 months ago) by rodent
Branches: MAIN
CVS tags: pkgsrc-2015Q1-base, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3
Branch point for: pkgsrc-2015Q1
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +2 -10 lines
Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019.
patches/patch-aa seems to have been committed upstream. Passing readline
location to configure and fixing CCOPTS in Makefile.in seems to not be
necessary anymore. From CHANGES:

####################### V 1.7.2.4:

corrections:
	LISTEN based addresses applied some address options, e.g. so-keepalive,
	to the listening file descriptor instead of the connected file
	descriptor

	make failed after configure with non gcc compiler due to missing
	include.

	configure checked for --disable-rawsocket but printed
	--disable-genericsocket in the help text.

	In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
	Probably no impact.

	procan could not cleanly format ulimit values longer than 16 decimal
	digits. Thanks to Frank Dana for providing a patch that increases field
	width to 24 digits.

	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
	"Invalid argument"

	Changed some variable definitions to make gcc -O2 aliasing checker happy

	On big endian platforms with type long >32bit the range option applied a
	bad base address.

	Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

	Red Hat issue 1022063: out-of-range shifts on net mask bits

	Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

	Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
	uses

	Red Hat issue 1021958: fixed a bug with faulty buffer/data length
	calculation in xio-ascii.c:_xiodump()

	Red Hat issue 1021972: fixed a missing NUL termination in return string
	of sysutils.c:sockaddr_info() for the AF_UNIX case

	fixed some typos and minor issues, including:
	Red Hat issue 1021967: formatting error in manual page

	UNIX-LISTEN with fork option did not remove the socket file system entry
	when exiting. Other file system based passive address types had similar
	issues or failed to apply options umask, user e.a.

porting:
	Red Hat issue 1020203: configure checks fail with some compilers.
	Use case: clang

	Performed changes for Fedora release 19

	Adapted, improved test.sh script

	Red Hat issue 1021429: getgroupent fails with large number of groups;
	use getgrouplist() when available instead of sequence of calls to
	getgrent()

	Red Hat issue 1021948: snprintf API change;
	Implemented xio_snprintf() function as wrapper that tries to emulate C99
	behaviour on old glibc systems, and adapted all affected calls
	appropriately

	Mike Frysinger provided a patch that supports long long for time_t,
	socklen_t and a few other libc types.

	Artem Mygaiev extended Cedril Priscals Android build script with pty code

	The check for fips.h required stddef.h

	Check for linux/errqueue.h failed on some systems due to lack of
	linux/types.h inclusion.

	autoconf now prefers configure.ac over configure.in

	type of struct cmsghdr.cmsg is system dependend, determine it with
	configure; some more print format corrections

docu:
	libwrap always logs to syslog

	added actual text version of GPLv2

####################### V 1.7.2.3:

security:
	CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
	overflow with data from command line (see socat-secadv5.txt)

Revision 1.31: download - view: text, markup, annotated - select for diffs
Wed Feb 12 23:18:26 2014 UTC (10 years, 9 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Branch point for: pkgsrc-2014Q2
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +2 -1 lines
Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.30: download - view: text, markup, annotated - select for diffs
Mon Oct 21 09:54:11 2013 UTC (11 years, 1 month ago) by fhajny
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -2 lines
Update socat to 1.7.2.2 (thanks Sebastian Wiedenroth).

Changes:
- Fix for CVE-2013-3571.

Revision 1.29: download - view: text, markup, annotated - select for diffs
Mon Jul 15 02:02:27 2013 UTC (11 years, 4 months ago) by ryoon
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +1 -2 lines
* .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes
  are replaced with .include "../../devel/readline/buildlink3.mk", and
  USE_GNU_READLINE are removed,

* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
  are replaced with .include "../../mk/readline.buildlink3.mk".

Revision 1.28: download - view: text, markup, annotated - select for diffs
Fri May 10 00:46:53 2013 UTC (11 years, 7 months ago) by riastradh
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +11 -1 lines
Kludgily fix cross-build of net/socat on NetBSD.

The right fix is to thwap socat over the head for worrying about the
values of these constants at compile-time, but that's inexpedient...

ok agc

Revision 1.26.2.1: download - view: text, markup, annotated - select for diffs
Thu Apr 11 22:22:30 2013 UTC (11 years, 8 months ago) by tron
Branches: pkgsrc-2013Q1
Diff to: previous 1.26: preferred, colored; next MAIN 1.27: preferred, colored
Changes since revision 1.26: +2 -3 lines
Pullup ticket #4117 - requested by khorben
net/socat: security update

Revisions pulled up:
- net/socat/Makefile                                            1.27
- net/socat/distinfo                                            1.17

---
   Module Name:    pkgsrc
   Committed By:   khorben
   Date:           Thu Apr 11 09:38:10 UTC 2013

   Modified Files:
           pkgsrc/net/socat: Makefile distinfo

   Log Message:
   Updated socat to version 1.7.2.1

   Security update:
   "A heap based buffer overflow vulnerability has been found with data that
   happens to be output on the READLINE address." (CVE-2012-0219)

   Tested according to the official advisory at
   http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

   XXX pull-up to 2013Q1

Revision 1.27: download - view: text, markup, annotated - select for diffs
Thu Apr 11 09:38:09 2013 UTC (11 years, 8 months ago) by khorben
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +2 -3 lines
Updated socat to version 1.7.2.1

Security update:
"A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address." (CVE-2012-0219)

Tested according to the official advisory at http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

XXX pull-up to 2013Q1

Revision 1.26: download - view: text, markup, annotated - select for diffs
Wed Feb 6 23:23:24 2013 UTC (11 years, 10 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -1 lines
PKGREVISION bumps for the security/openssl 1.0.1d update.

Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue Oct 23 17:19:09 2012 UTC (12 years, 1 month ago) by asau
Branches: MAIN
CVS tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +1 -3 lines
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.23.2.1: download - view: text, markup, annotated - select for diffs
Fri Aug 13 14:26:23 2010 UTC (14 years, 4 months ago) by tron
Branches: pkgsrc-2010Q2
Diff to: previous 1.23: preferred, colored; next MAIN 1.24: preferred, colored
Changes since revision 1.23: +2 -2 lines
Pullup ticket #3206 - requested by tron
net/socat: security update

Revisions pulled up:
- net/socat/Makefile				1.24
- net/socat/distinfo				1.15
---
Module Name:	pkgsrc
Committed By:	zafer
Date:		Thu Aug 12 17:54:14 UTC 2010

Modified Files:
	pkgsrc/net/socat: Makefile distinfo

Log Message:
Update socat to 1.7.1.3

Changelog:

security:
	fixed a stack overflow vulnerability that occurred when command
	line arguments (whole addresses, host names, file names) were longer
	than 512 bytes.
	Note that this could only be exploited when an attacker was able to
	inject data into socat's command line.
	Full credits to Felix Grobert, Google Security Team, for finding and
	reporting this issue

Revision 1.24: download - view: text, markup, annotated - select for diffs
Thu Aug 12 17:54:14 2010 UTC (14 years, 4 months ago) by zafer
Branches: MAIN
CVS tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -2 lines
Update socat to 1.7.1.3

Changelog:

security:
	fixed a stack overflow vulnerability that occurred when command
	line arguments (whole addresses, host names, file names) were longer
	than 512 bytes.
	Note that this could only be exploited when an attacker was able to
	inject data into socat's command line.
	Full credits to Felix Grobert, Google Security Team, for finding and
	reporting this issue

Revision 1.23: download - view: text, markup, annotated - select for diffs
Mon Apr 19 19:52:13 2010 UTC (14 years, 7 months ago) by zafer
Branches: MAIN
CVS tags: pkgsrc-2010Q2-base
Branch point for: pkgsrc-2010Q2
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -3 lines
Update socat to 1.7.1.2

Changelog:

corrections:
	user-late and group-late, when applied to a pty, affected the system
	device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
	pointing me to this bug)

	socats openssl addresses failed with "nonblocking operation did not
	complete" when the peer performed a renegotiation. Thanks to Benjamin
	Delpy for reporting this bug.

	info message during socks connect showed bad port number on little
	endian systems due to wrong byte order (thanks to Peter M. Galbavy for
	bug report and patch)

	Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
	to default. Thanks to Martin Dorey for reporting this bug.

porting:
	building socat on systems that predefined the CFLAGS environment to
	contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
	this problem and to Simon Matter for providing the patch

	support for Solaris 8 and Sun Studio support (thanks to Sebastian
	Kayser for providing the patches)

	on some 64bit systems a compiler warning "cast from pointer to integer
	of different size" was issued on some option definitions

	added struct sockaddr_ll to union sockaddr_union to avoid "strict
	aliasing" warnings (problem reported by Paul Wouters)

docu:
	minor corrections in docu

Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Jan 17 12:02:35 2010 UTC (14 years, 10 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +2 -1 lines
Recursive PKGREVISION bump for jpeg update to 8.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Sun Jul 19 12:08:12 2009 UTC (15 years, 4 months ago) by zafer
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +3 -3 lines
Update socat to 1.7.1.1. Add license.

ChangeLog:

V 1.7.1.1:

corrections:
corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
occur under those conditions. Thanks to Toni Mattila for first
reporting this problem.

ftruncate64 cut its argument to 32 bits on systems with 32 bit long type

socat crashed on systems without setenv() (esp. SunOS up to Solaris 9);
thanks to Todd Stansell for reporting this bug

with unidirectional EXEC and SYSTEM a close() operation was performed
on a random number which could result in hanging e.a.

fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
systems

docu mentioned option so-bindtodev but correct name is so-bindtodevice.
Thanks to Jim Zimmerman for reporting.

docu changes:
added environment variables example to doc/socat-multicast.html

V 1.7.1.0:

new features:
address options shut-none, shut-down, and shut-close allow to control
socat's half close behaviour

with address option shut-null socat sends an empty packet to the peer
to indicate EOF

option null-eof changes the behaviour of sockets that receive an empty
packet to see EOF instead of ignoring it

introduced option names substuser-early and su-e, currently equivalent
to option substuser (thanks to Mike Perry for providing the patch)

corrections:
fixed some typos and improved some comments

V 1.7.0.1:

corrections:
fixed possible SIGSEGV in listening addresses when a new connection was
reset by peer before the socket addresses could be retrieved. Thanks to
Mike Perry for sending a patch.

fixed a bug, introduced with version 1.7.0.0, that let client
connections with option connect-timeout fail when the connections
succeeded. Thanks to Bruno De Fraine for reporting this bug.

option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
and most UNIX-* and ABSTRACT-*

half close of EXEC and SYSTEM addresses did not work for pipes and
sometimes socketpair

help displayed for some option a wrong type

under some circumstances shutdown was called multiple times for the
same fd

Revision 1.20: download - view: text, markup, annotated - select for diffs
Fri Jul 17 18:00:20 2009 UTC (15 years, 4 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -2 lines
Give up MAINTAINER

Revision 1.19: download - view: text, markup, annotated - select for diffs
Wed May 20 00:58:26 2009 UTC (15 years, 6 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2009Q2-base, pkgsrc-2009Q2
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -2 lines
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib
major change.

Reported by Robert Elz in PR 41345.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Wed Mar 11 08:40:32 2009 UTC (15 years, 9 months ago) by apb
Branches: MAIN
CVS tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -1 lines
Support systems where time_t is equivalent to "long long" or
"unsigned long long".

Revision 1.17: download - view: text, markup, annotated - select for diffs
Sat Oct 25 18:21:18 2008 UTC (16 years, 1 month ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +8 -3 lines
Update to 1.7.0.0
2008/10/15: socat version 1.7.0.0 brings support for SCTP stream, raw
interface, and generic sockets. New option escape allows to interrupt raw
terminal connections. Listening and receiving sockets can set a couple of
environment variables. Added base control of System V STREAMS. Lots of
corrections were performed. socat compiles on Mac OS X again.

Patch from Leonardo Taccari

Revision 1.16: download - view: text, markup, annotated - select for diffs
Fri Jun 20 01:09:31 2008 UTC (16 years, 5 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +3 -1 lines
Add DESTDIR support.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Sun Jan 27 14:09:09 2008 UTC (16 years, 10 months ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -1 lines
Only for gcc, and even in that case there are lots of reasonable
compiler warnings.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Sun Jan 27 12:35:35 2008 UTC (16 years, 10 months ago) by rillig
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
PKGREVISION++ for the previous change.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Fri Jan 18 05:08:49 2008 UTC (16 years, 10 months ago) by tnn
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -1 lines
Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@

Revision 1.12: download - view: text, markup, annotated - select for diffs
Tue Oct 9 20:21:29 2007 UTC (17 years, 2 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +3 -1 lines
Add options.mk for explicitly disabling inet6
Patch from Yakovetsky Vladimir in PR# 37088

Revision 1.11: download - view: text, markup, annotated - select for diffs
Mon Apr 9 09:47:48 2007 UTC (17 years, 8 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -4 lines
Update to 1.6.0.0

Some new features/corrections include:
* new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
  and multicast modes
* range option supports form address:mask with IPv4
* changed behaviour of SSL-LISTEN to require and verify client
  certificate per default
* filan (and socat -D) could hang when a socket was involved

See: http://www.dest-unreach.org/socat/doc/CHANGES for all the details

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sat Feb 17 17:44:57 2007 UTC (17 years, 9 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -3 lines
Update to 1.5.0.0

new features:
new datagram modes for udp, rawip, unix domain sockets
socat option -T specifies inactivity timeout
rewrote lexical analysis to allow nested socat calls
addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
option protocol-family (pf), esp. for openssl-listen
range option supports IPv6 - syntax: range=[::1/128]
option ipv6-v6only (ipv6only)
new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
option cool-write controls severeness of write failure (EPIPE, ECONNRESET)
option o-noatime
socat option -lh for hostname in log output
traffic dumping provides packet headers
configure.in became part of distribution
socats unpack directory now has full version, e.g. socat-1.5.0.0/
corrected docu of option verify

corrections:
fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
exec with pipes,stderr produced error
setuid-early was ignored with many address types
some minor corrections

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Feb 5 00:33:34 2006 UTC (18 years, 10 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -3 lines
Update to 1.4.3.1
> ####################### V 1.4.3.1:
>
> corrections:
>         PROBLEM: UNIX socket listen accepted only one (or a few) connections.
>         FIX: do not remove listening UNIX socket in child process
>
>         PROBLEM: SIGSEGV when TCP part of SSL connect failed
>         FIX: check ssl pointer before calling SSH_shutdown
>
>         In debug mode, show connect client port even when connect fails
>
> ####################### V 1.4.3.0:
>
> new features:
>         socat options -L, -W for application level locking
>
>         options "lockfile", "waitlock" for address level locking
>         (Stefan Luethje)
>
>         option "readbytes" limits read length (Adam Osuchowski)
>
>         option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
>         socat options -L, -W for application level locking
>
>         options "lockfile", "waitlock" for address level locking
>         (Stefan Luethje)
>
>         option "readbytes" limits read length (Adam Osuchowski)
>
>         option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
>
>         pty symlink, unix listen socket, and named pipe are per default removed
>         after use; option unlink-close overrides this new behaviour and also
>         controls removal of other socat generated files (Stefan Luethje)
>
> corrections:
>         option "retry" did not work with tcp-listen
>
>         EPIPE condition could result in a 100% CPU loop
>
> further changes:
>         support systems without SHUT_RD etc.
>         handle more size_t types
>         try to find makedepend options with gcc 3 (richard/OpenMacNews)

Revision 1.8: download - view: text, markup, annotated - select for diffs
Mon Apr 11 21:46:59 2005 UTC (19 years, 8 months ago) by tv
Branches: MAIN
CVS tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4, pkgsrc-2005Q3-base, pkgsrc-2005Q3, pkgsrc-2005Q2-base, pkgsrc-2005Q2
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +1 -2 lines
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Mar 26 11:40:29 2005 UTC (19 years, 8 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -2 lines
- Update socat from 1.4.1.0 -> 1.4.2.0

new features:
option "connect-timeout" limits wait time for connect operations
(requested by Giulio Orsero)
option "dhparam" for explicit Diffie-Hellman parameter file

corrections:
support for OpenSSL DSA certificates (Miika Komu)
create install directories before copying files (Miika Komu)
when exiting on signal, return status 128+signum instead of 1
on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
Mantinan)
-lu could cause a core dump on long messages

further changes:
modifications to simplify using socats features in application

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sat Jan 22 18:57:56 2005 UTC (19 years, 10 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
Update to 1.4.1.0

new features:
option "wait-slave" blocks open of pty master side until a client
connects, "pty-intervall" controls polling
option -h as synonym to -? for help (contributed by Christian Lademann)
filan prints formatted time stamps and rdev (disable with -r)
redirect filan's output, so stdout is not affected (contributed by Luigi Iotti)
filan option -L to follow symbolic links
filan shows termios control characters

corrections:
proxy address no longer performs unsolicited retries
filan -f no longer needs read permission to analyze a file (but still
needs access permission to directory, of course)

porting:
Option dsusp
FreeBSD options noopt, nopush, md5sig
OpenBSD options sack-disable, signature-enable
HP-UX, Solaris options abort-threshold, conn-abort-threshold
HP-UX options b900, b3600, b7200
Tru64/OSF1 options keepinit, paws, sackena, tsoptena

further corrections:
address pty now uses ptmx as default if openpty is also available

Revision 1.2.6.1: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:25:05 2004 UTC (20 years, 1 month ago) by agc
Branches: pkgsrc-2004Q3
Diff to: previous 1.2: preferred, colored; next MAIN 1.3: preferred, colored
Changes since revision 1.2: +4 -5 lines
Security Pullup - requested by Adrian Portelli
security fix for socat

	Includes the following modifications:

	Module Name:    pkgsrc
	Committed By:   adrianp
	Date:           Thu Sep 30 12:42:46 UTC 2004

	Modified Files:
		pkgsrc/net/socat: Makefile distinfo
		pkgsrc/net/socat/patches: patch-aa

	Log Message:
	Update socat to 1.4.0.2

	- Change to my NetBSD email address

	####################### V 1.4.0.2:

	corrections:
		exec'd write-only addresses get a chance to flush before being killed
		error handler: print notice on error-exit
		filan printed wrong file type information

	####################### V 1.4.0.1:

	corrections:
		socks4a constructed invalid header. Problem found, reported, and fixed
		by Thomas Themel, by Peter Palfrader, and by rik
		with nofork, don't forget to apply some process related options
		(chroot, setsid, setpgid, ...)

	####################### V 1.4.0.0:

	new features:
		simple openssl server (ssl-l), experimental openssl trust
		new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
		openssl
		new options "retry", "forever", and "intervall"
		option "fork" for address TCP improves `gender changer´
		options "sigint", "sigquit", and "sighup" control passing of signals to
		sub process (thanks to David Shea who contributed to this issue)
		readline takes respect to the prompt issued by the peer address
		options "prompt" and "noprompt" allow to override readline's new
		default behaviour
		readline supports invisible password with option "noecho"
		socat option -lp allows to set hostname in log output
		socat option -lu turns on microsecond resolution in log output

	corrections:
		before reading available data, check if writing on other channel is
		possible
		tcp6, udp6: support hostname specification (not only IP address), and
		map IP4 names to IP6 addresses
		openssl client checks server certificate per default
		support unidirectional communication with exec/system subprocess
		try to restore original terminal settings when terminating
		test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
		socks4 failed on platforms where long does not have 32 bits
		(thanks to Peter Palfrader and Thomas Seyrat)
		hstrerror substitute wrote wrong messages (HP-UX, Solaris)
		proxy error message was truncated when answer contained multiple spaces

	porting:
		compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)


	To generate a diff of this commit:
	cvs rdiff -r1.2 -r1.3 pkgsrc/net/socat/Makefile
	cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/net/socat/distinfo
	cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/net/socat/patches/patch-aa
---
	Module Name:    pkgsrc
	Committed By:   adrianp
	Date:           Mon Oct 25 17:13:51 UTC 2004

	Modified Files:
		pkgsrc/net/socat: Makefile distinfo

	Log Message:
	- Update to 1.4.0.3
	- Security fix for: http://www.dest-unreach.org/socat/advisory/socat-adv-1.html


	To generate a diff of this commit:
	cvs rdiff -r1.4 -r1.5 pkgsrc/net/socat/Makefile
	cvs rdiff -r1.2 -r1.3 pkgsrc/net/socat/distinfo

Revision 1.5: download - view: text, markup, annotated - select for diffs
Mon Oct 25 17:13:51 2004 UTC (20 years, 1 month ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -3 lines
- Update to 1.4.0.3
- Security fix for: http://www.dest-unreach.org/socat/advisory/socat-adv-1.html

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sun Oct 3 00:17:58 2004 UTC (20 years, 2 months ago) by tv
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -1 lines
Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Thu Sep 30 12:42:45 2004 UTC (20 years, 2 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +4 -5 lines
Update socat to 1.4.0.2

- Change to my NetBSD email address

####################### V 1.4.0.2:

corrections:
	exec'd write-only addresses get a chance to flush before being killed
	error handler: print notice on error-exit
	filan printed wrong file type information

####################### V 1.4.0.1:

corrections:
	socks4a constructed invalid header. Problem found, reported, and fixed
	by Thomas Themel, by Peter Palfrader, and by rik
	with nofork, don't forget to apply some process related options
	(chroot, setsid, setpgid, ...)

####################### V 1.4.0.0:

new features:
	simple openssl server (ssl-l), experimental openssl trust
	new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
	openssl
	new options "retry", "forever", and "intervall"
	option "fork" for address TCP improves `gender changer´
	options "sigint", "sigquit", and "sighup" control passing of signals to
	sub process (thanks to David Shea who contributed to this issue)
	readline takes respect to the prompt issued by the peer address
	options "prompt" and "noprompt" allow to override readline's new
	default behaviour
	readline supports invisible password with option "noecho"
	socat option -lp allows to set hostname in log output
	socat option -lu turns on microsecond resolution in log output

corrections:
	before reading available data, check if writing on other channel is
	possible
	tcp6, udp6: support hostname specification (not only IP address), and
	map IP4 names to IP6 addresses
	openssl client checks server certificate per default
	support unidirectional communication with exec/system subprocess
	try to restore original terminal settings when terminating
	test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
	socks4 failed on platforms where long does not have 32 bits
	(thanks to Peter Palfrader and Thomas Seyrat)
	hstrerror substitute wrote wrong messages (HP-UX, Solaris)
	proxy error message was truncated when answer contained multiple spaces

porting:
	compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)

Revision 1.2: download - view: text, markup, annotated - select for diffs
Fri Mar 26 02:27:49 2004 UTC (20 years, 8 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2004Q3-base, pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Branch point for: pkgsrc-2004Q3
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -1 lines
PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Feb 14 22:43:38 2004 UTC (20 years, 10 months ago) by minskim
Branches: TNF
CVS tags: pkgsrc-base
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Import socat-1.3.2.2 from pkgsrc-wip.  Provided by Adrian Portelli,
and slightly modified by me.

socat is a relay for bidirectional data transfer between two
independent data channels.  Each of these data channels may be a file,
pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX,
IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a
file descriptor (stdin etc.), the GNU line editor, a program, or a
combination of two of these.  These modes include generation of
"listening" sockets, pipes and pseudo terminals.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sat Feb 14 22:43:38 2004 UTC (20 years, 10 months ago) by minskim
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>