Sync from SUSE:SLFO:Main socat revision 9c73b7a96116045da96a3bbe02692665

2025-02-20 10:05:55 +01:00 · 2025-02-20 10:05:55 +01:00 · 8b325e6d5d
commit 8b325e6d5d
parent a7bdc7928b
9 changed files with 151 additions and 81 deletions
--- a/socat-1.7.4.3.tar.gz
+++ b/socat-1.7.4.3.tar.gz
--- a/socat-1.8.0.2.tar.gz
+++ b/socat-1.8.0.2.tar.gz
--- a/socat-common-fixes.patch
+++ b/socat-common-fixes.patch
@ -1,41 +0,0 @@
 Index: socat-1.7.4.1/filan.c
 ===================================================================
 --- socat-1.7.4.1.orig/filan.c
 +++ socat-1.7.4.1/filan.c
@@ -20,6 +20,10 @@
 #include "filan.h"
 +#ifdef WITH_LIBWRAP
 +#include <tcpd.h>
 +#endif
 +
 struct sockopt {
    int so;
 Index: socat-1.7.4.1/procan.c
 ===================================================================
 --- socat-1.7.4.1.orig/procan.c
 +++ socat-1.7.4.1/procan.c
@@ -16,6 +16,9 @@
 #include "filan.h"
 #include <sys/resource.h>
 +#ifdef WITH_LIBWRAP
 +#include <tcpd.h>
 +#endif
 #include "procan.h"
 Index: socat-1.7.4.1/xio-tcpwrap.c
 ===================================================================
 --- socat-1.7.4.1.orig/xio-tcpwrap.c
 +++ socat-1.7.4.1/xio-tcpwrap.c
@@ -13,6 +13,7 @@
 #include "xio-tcpwrap.h"
 +
 #if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
 const struct optdesc opt_tcpwrappers = { "tcpwrappers", "tcpwrap", OPT_TCPWRAPPERS, GROUP_RANGE,  PH_ACCEPT, TYPE_STRING_NULL, OFUNC_SPEC };
--- a/socat-fix-asan-error.patch
+++ b/socat-fix-asan-error.patch
@ -1,13 +0,0 @@
 diff --git a/error.c b/error.c
 index 3135fd5..eacfec5 100644
 --- a/error.c
 +++ b/error.c
@@ -360,7 +360,7 @@ void msg2(
    if (handler)  bufp[-1] = tolower(bufp[-1]); /* for debugging, low chars indicate messages from signal handlers */
 #endif
    *bufp++ = ' ';
 -   strncpy(bufp, text, BUFLEN-(bufp-buff)-1);
 +   strncpy(bufp, text, BUFLEN-(bufp-buff)-2);
    strcat(bufp, "\n");
    _msg(level, buff, syslp);
    if (level >= diagopts.exitlevel) {
--- a/socat-ignore-tests-failure-boo1078346.patch
+++ b/socat-ignore-tests-failure-boo1078346.patch
@ -1,25 +1,10 @@
-From: Michel Normand <normand@linux.vnet.ibm.com>
+--- a/test.sh	2023-11-13 20:31:08.000000000 +0100
-Subject: socat ignore tests failure boo1078346
+++ b/test.sh	2024-05-01 21:16:36.479550579 +0200
-Date: Wed, 31 Jan 2018 10:19:54 +0100
+@@ -19239,6 +19239,7 @@
 socat ignore flaky tests failure boo1078346
 for PowerPC and S390
 Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
 ---
 test.sh |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: socat-1.7.4.1/test.sh
 ===================================================================
 --- socat-1.7.4.1.orig/test.sh
 +++ socat-1.7.4.1/test.sh
@@ -15042,7 +15042,7 @@ if [ "$numCANT" -gt 0 ]; then
 fi
 if [ "$numFAIL" -gt 0 ]; then
     echo "FAILED: $listFAIL"
-    exit 1
+    uname -p | grep -qE 'ppc|s390' && { echo "ignore flaky failures, bypass boo#1078346"; exit 0; } && exit
 +    uname -p | grep -qE 'ppc|s390' && { echo "ignore flaky failures, bypass boo#1078346"; exit 0; } || exit 1
 fi
 exit 0
 if [ -z "$OPT_EXPECT_FAIL" ]; then
--- a/8
+++ b/8
@ -0,0 +1,8 @@
 -----BEGIN DH PARAMETERS-----
 MIIBDAKCAQEAi07zA4IHy7z3zO1Z80pW4ODsfoGkK37EimJ1mxg16W2EaskIHSO1
 phICWQFxHJVamtLDdxgcH6FIUw6oznkkkpKqhd3iRQbb4vV0T3bxe7595ic+l5Cb
 9pnh90PW5//CxSen5tgsdGAqWvzybupGcN1TlTEyNsfL/By4J9l5p6btmtpdMbqO
 AgUpZzkQQvUw+WBNBcqImcH3PIM69yzHQJw5fxE67h/upDyaqJh25PKMmGpOwBVP
 QDzmNx0znB/Hop+1YUJJjiuCnFJLSvLacLjHB3sg70EIuG9Kaw4Krrblf3YP5SjY
 002fW2pSR0A8wIKtjc0ApZHgK7Xad3SpHwIBAgICAOE=
 -----END DH PARAMETERS-----
--- a/socat-test-without-tty.patch
+++ b/socat-test-without-tty.patch
@ -0,0 +1,20 @@
 --- a/test.sh	2023-11-13 20:31:08.000000000 +0100
 +++ b/test.sh	2024-05-01 21:25:27.709337509 +0200
@@ -16054,9 +16054,15 @@
 pid0=$!
 relsleep 2
 TTY=$(tty |sed 's|/dev/||')
 -pkill -USR1 -t $TTY socat || { echo "pkill -t $TTY -USR1 socat"; }
 +if [ "$TTY" = 'not a tty' ]
 +then
 +   TTY=''
 +else
 +   TTY="-t $TTY"
 +fi
 +pkill -USR1 $TTY socat || { echo "pkill $TTY -USR1 socat"; }
 relsleep 2
 -pkill -t $TTY socat
 +pkill $TTY socat
 wait
 if [ "$(grep STATISTICS "${te}0" |wc -l)" -eq 2 ]; then
     $PRINTF "$OK\n"
--- a/socat.changes
+++ b/socat.changes
@ -1,3 +1,91 @@
 -------------------------------------------------------------------
 Wed Dec 11 12:13:49 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
 - Update to 1.8.0.2:
  - Security fix for readline.sh: arbitrary file overwrite via predictable /tmp
    directory (bsc#1225462 CVE-2024-54661)
 - Update to 1.8.0.1:
  - Bug fixes
    - UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
      address in case the server name resolves to both IPv4 and IPv6 addresses.
    - Guard applyopts_termios_value() with WITH_TERMIOS.
    - In some situations xioclose() was called nested what could cause hanging
      of OpenSSL in pthread_rwlock_wrlock().
    - socat 1.8.0.0 with addresses of type RECVFROM and option fork, where the
      second address failed to connect/open in the child process, entered a
      fork loop that was only stopped by FD exhaustion caused by FD leak.
    - socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
    - With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
      did not work.
    - IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
      argument) failed with message: E retropts_int(): trailing garbage in
      numerical arg of option "protocol-family".
    - Fixed a possible buffer overrun with long log lines. In fact it does not
      write beyond end of buffer but lets pass excessive data to the write()
      function.
    - Reworked domain name resolution, centralized IPv4/IPv6 sorting.
    - Print warning about not checking CRLs in OpenSSL only in the first child
      process.
  - Features
    - Total inactivity timeout option -T 0 now means 0.0 seconds;
    - Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
      older Socat versions.
    - socat-mux.sh and socat-broker.sh, when run as root, now internally use
      low (512..1023) UDP ports to increase security.
    - Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)
    - Socks5 now also allows syntax without socks port, and supports option
      socksport.
 - Removed 0004-udp-listen-bind4.patch (fixed by upstream socat-1.8.0.1).
 - Refreshed socat-test-without-tty.patch to match socat-1.8.0.1.
 -------------------------------------------------------------------
 Tue Jun 18 12:42:37 UTC 2024 - Marcus Meissner <meissner@suse.com>
 - 0004-udp-listen-bind4.patch: fixed a UDP listen error (bsc#1226459)
 -------------------------------------------------------------------
 Wed May  1 18:50:03 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
 - Update to 1.8.0.0:
    * Support for network namespaces (option netns)
    * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
    * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
    * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
    * New script socat-mux.sh allows n-to-1 / 1-to-n communications
    * New script socat-broker.sh allows group communications
    * Experimental socks5 client feature
    * Address ACCEPT-FD for systemd "inetd" mode
    * UDP-Lite and DCCP address types
    * Addresses SOCKETPAIR and SHELL
    * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
    * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
    * Simple statistics output with Socat option --statistics and with SIGUSR1
    * A couple of new options, many fixes and corrections, see file CHANGES
 - Drop socat-common-fixes.patch (no longer necessary)
 - Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
 - Add socat-test-dhparam fixture (reduce build load and time)
 - Add socat-test-without-tty.patch for testing without tty.
 - Note: This version introduces "socat1", linking to "socat"
 - Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
 -------------------------------------------------------------------
 Tue Dec  6 13:46:41 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
 - Update to 1.7.4.4:
  * FIX: In error.c msg2() there was a stack overflow on long messages: The
    terminating \0 Byte was written behind the last position.
  * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
    arrived.
  * FIX: a couple of weaknesses and errors when accessing invalid or
    incompatible file system entries with UNIX domain, file, and generic
    addresses.
  * FIX: bad parser error message on "socat /tmp/x\"x/x -"
 - Drop socat-fix-asan-error.patch
 -------------------------------------------------------------------
 Wed Apr 13 07:41:15 UTC 2022 - Martin Liška <mliska@suse.cz>
--- a/socat.spec
+++ b/socat.spec
@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@ -18,7 +18,7 @@
 Name:           socat
-Version:        1.7.4.3
+Version:        1.8.0.2
 Release:        0
 Summary:        Multipurpose relay for bidirectional data transfer
 License:        MIT AND SUSE-GPL-2.0-with-openssl-exception
@ -26,9 +26,12 @@ Group:          Productivity/Networking/Other
 URL:            http://www.dest-unreach.org/socat/
 Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz
 Source1:        %{name}.changes
 Source2:        socat-test-dhparam
 # TODO: as of 1.8.0.0, test.sh supports "--expect-fail <code>", this should be used
 #       instead of ignoring all test failures
 Patch1:         socat-ignore-tests-failure-boo1078346.patch
-Patch2:         socat-common-fixes.patch
+# Support build environments without a TTY
-Patch3:         socat-fix-asan-error.patch
+Patch2:         socat-test-without-tty.patch
 BuildRequires:  iputils
 BuildRequires:  net-tools
 BuildRequires:  openssl-devel
@ -53,6 +56,16 @@ IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a
 file descriptor (stdin etc.), the GNU line editor, a program, or a
 combination of two of these.
 %package extra
 Summary:        Additional scripts for socat
 Requires:       %{name} = %{version}
 %description extra
 This ships the following scripts:
 - socat-broker.sh
 - socat-chain.sh
 - socat-mux.sh
 %prep
 %autosetup
 sed 's|#! %{_bindir}/env bash|#!%{_bindir}/bash|' -i proxyecho.sh readline.sh
@ -74,6 +87,9 @@ mkdir -p \
 	%{buildroot}/%{_mandir}/man1
 %make_install
 # avoid expensive dhparam generation on every build with enabled checks
 cp %{SOURCE2} testcert.dh
 %check
 export TERM=ansi
 # use a small but safe subset of all tests
@ -91,8 +107,15 @@ export OPTS="-t 2"
 %license COPYING COPYING.OpenSSL
 %doc BUGREPORTS CHANGES DEVELOPMENT EXAMPLES FAQ FILES PORTING README SECURITY VERSION examples
 %{_bindir}/socat
 %{_bindir}/socat1
 %{_bindir}/procan
 %{_bindir}/filan
 %{_mandir}/man1/socat.1%{?ext_man}
 %{_mandir}/man1/socat1.1%{?ext_man}
 %files extra
 %{_bindir}/socat-broker.sh
 %{_bindir}/socat-chain.sh
 %{_bindir}/socat-mux.sh
 %changelog