Sync from SUSE:SLFO:Main socat revision 9c73b7a96116045da96a3bbe02692665

2025-02-20 10:05:55 +01:00 · 2025-02-20 10:05:55 +01:00 · 8b325e6d5d
commit 8b325e6d5d
parent a7bdc7928b
9 changed files with 151 additions and 81 deletions
--- a/socat-1.7.4.3.tar.gz
+++ b/socat-1.7.4.3.tar.gz
--- a/socat-1.8.0.2.tar.gz
+++ b/socat-1.8.0.2.tar.gz
--- a/socat-common-fixes.patch
+++ b/socat-common-fixes.patch
@ -1,41 +0,0 @@
-Index: socat-1.7.4.1/filan.c
-===================================================================
--- socat-1.7.4.1.orig/filan.c
-+++ socat-1.7.4.1/filan.c
-@@ -20,6 +20,10 @@
- 
- #include "filan.h"
- 
-+#ifdef WITH_LIBWRAP
-+#include <tcpd.h>
-+#endif
-+
- 
- struct sockopt {
-    int so;
-Index: socat-1.7.4.1/procan.c
-===================================================================
--- socat-1.7.4.1.orig/procan.c
-+++ socat-1.7.4.1/procan.c
-@@ -16,6 +16,9 @@
- #include "filan.h"
- 
- #include <sys/resource.h>
-+#ifdef WITH_LIBWRAP
-+#include <tcpd.h>
-+#endif
- 
- #include "procan.h"
- 
-Index: socat-1.7.4.1/xio-tcpwrap.c
-===================================================================
--- socat-1.7.4.1.orig/xio-tcpwrap.c
-+++ socat-1.7.4.1/xio-tcpwrap.c
-@@ -13,6 +13,7 @@
- #include "xio-tcpwrap.h"
- 
- 
-+
- #if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
- 
- const struct optdesc opt_tcpwrappers = { "tcpwrappers", "tcpwrap", OPT_TCPWRAPPERS, GROUP_RANGE,  PH_ACCEPT, TYPE_STRING_NULL, OFUNC_SPEC };
--- a/socat-fix-asan-error.patch
+++ b/socat-fix-asan-error.patch
@ -1,13 +0,0 @@
-diff --git a/error.c b/error.c
-index 3135fd5..eacfec5 100644
--- a/error.c
-+++ b/error.c
-@@ -360,7 +360,7 @@ void msg2(
-    if (handler)  bufp[-1] = tolower(bufp[-1]); /* for debugging, low chars indicate messages from signal handlers */
- #endif
-    *bufp++ = ' ';
-   strncpy(bufp, text, BUFLEN-(bufp-buff)-1);
-+   strncpy(bufp, text, BUFLEN-(bufp-buff)-2);
-    strcat(bufp, "\n");
-    _msg(level, buff, syslp);
-    if (level >= diagopts.exitlevel) {
--- a/socat-ignore-tests-failure-boo1078346.patch
+++ b/socat-ignore-tests-failure-boo1078346.patch
@ -1,25 +1,10 @@
-From: Michel Normand <normand@linux.vnet.ibm.com>
-Subject: socat ignore tests failure boo1078346
-Date: Wed, 31 Jan 2018 10:19:54 +0100
-
-socat ignore flaky tests failure boo1078346
-for PowerPC and S390
-
-Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
---
- test.sh |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: socat-1.7.4.1/test.sh
-===================================================================
--- socat-1.7.4.1.orig/test.sh
-+++ socat-1.7.4.1/test.sh
-@@ -15042,7 +15042,7 @@ if [ "$numCANT" -gt 0 ]; then
+--- a/test.sh	2023-11-13 20:31:08.000000000 +0100
+++ b/test.sh	2024-05-01 21:16:36.479550579 +0200
+@@ -19239,6 +19239,7 @@
 fi
 if [ "$numFAIL" -gt 0 ]; then
     echo "FAILED: $listFAIL"
-    exit 1
-+    uname -p | grep -qE 'ppc|s390' && { echo "ignore flaky failures, bypass boo#1078346"; exit 0; } || exit 1
+    uname -p | grep -qE 'ppc|s390' && { echo "ignore flaky failures, bypass boo#1078346"; exit 0; } && exit
 fi
- exit 0
 
+ if [ -z "$OPT_EXPECT_FAIL" ]; then
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBDAKCAQEAi07zA4IHy7z3zO1Z80pW4ODsfoGkK37EimJ1mxg16W2EaskIHSO1
+phICWQFxHJVamtLDdxgcH6FIUw6oznkkkpKqhd3iRQbb4vV0T3bxe7595ic+l5Cb
+9pnh90PW5//CxSen5tgsdGAqWvzybupGcN1TlTEyNsfL/By4J9l5p6btmtpdMbqO
+AgUpZzkQQvUw+WBNBcqImcH3PIM69yzHQJw5fxE67h/upDyaqJh25PKMmGpOwBVP
+QDzmNx0znB/Hop+1YUJJjiuCnFJLSvLacLjHB3sg70EIuG9Kaw4Krrblf3YP5SjY
+002fW2pSR0A8wIKtjc0ApZHgK7Xad3SpHwIBAgICAOE=
+-----END DH PARAMETERS-----
--- a/socat-test-without-tty.patch
+++ b/socat-test-without-tty.patch
@ -0,0 +1,20 @@
+--- a/test.sh	2023-11-13 20:31:08.000000000 +0100
+++ b/test.sh	2024-05-01 21:25:27.709337509 +0200
+@@ -16054,9 +16054,15 @@
+ pid0=$!
+ relsleep 2
+ TTY=$(tty |sed 's|/dev/||')
+-pkill -USR1 -t $TTY socat || { echo "pkill -t $TTY -USR1 socat"; }
+if [ "$TTY" = 'not a tty' ]
+then
+   TTY=''
+else
+   TTY="-t $TTY"
+fi
+pkill -USR1 $TTY socat || { echo "pkill $TTY -USR1 socat"; }
+ relsleep 2
+-pkill -t $TTY socat
+pkill $TTY socat
+ wait
+ if [ "$(grep STATISTICS "${te}0" |wc -l)" -eq 2 ]; then
+     $PRINTF "$OK\n"
--- a/socat.changes
+++ b/socat.changes
@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Wed Dec 11 12:13:49 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- Update to 1.8.0.2:
+  - Security fix for readline.sh: arbitrary file overwrite via predictable /tmp
+    directory (bsc#1225462 CVE-2024-54661)
+
+- Update to 1.8.0.1:
+  - Bug fixes
+    - UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
+      address in case the server name resolves to both IPv4 and IPv6 addresses.
+    - Guard applyopts_termios_value() with WITH_TERMIOS.
+    - In some situations xioclose() was called nested what could cause hanging
+      of OpenSSL in pthread_rwlock_wrlock().
+    - socat 1.8.0.0 with addresses of type RECVFROM and option fork, where the
+      second address failed to connect/open in the child process, entered a
+      fork loop that was only stopped by FD exhaustion caused by FD leak.
+    - socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
+    - With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
+      did not work.
+    - IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
+      argument) failed with message: E retropts_int(): trailing garbage in
+      numerical arg of option "protocol-family".
+    - Fixed a possible buffer overrun with long log lines. In fact it does not
+      write beyond end of buffer but lets pass excessive data to the write()
+      function.
+    - Reworked domain name resolution, centralized IPv4/IPv6 sorting.
+    - Print warning about not checking CRLs in OpenSSL only in the first child
+      process.
+  - Features
+    - Total inactivity timeout option -T 0 now means 0.0 seconds;
+    - Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
+      older Socat versions.
+    - socat-mux.sh and socat-broker.sh, when run as root, now internally use
+      low (512..1023) UDP ports to increase security.
+    - Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)
+    - Socks5 now also allows syntax without socks port, and supports option
+      socksport.
+
+- Removed 0004-udp-listen-bind4.patch (fixed by upstream socat-1.8.0.1).
+- Refreshed socat-test-without-tty.patch to match socat-1.8.0.1.
+
+-------------------------------------------------------------------
+Tue Jun 18 12:42:37 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- 0004-udp-listen-bind4.patch: fixed a UDP listen error (bsc#1226459)
+
+-------------------------------------------------------------------
+Wed May  1 18:50:03 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+- Update to 1.8.0.0:
+    * Support for network namespaces (option netns)
+    * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
+    * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
+    * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
+    * New script socat-mux.sh allows n-to-1 / 1-to-n communications
+    * New script socat-broker.sh allows group communications
+    * Experimental socks5 client feature
+    * Address ACCEPT-FD for systemd "inetd" mode
+    * UDP-Lite and DCCP address types
+    * Addresses SOCKETPAIR and SHELL
+    * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
+    * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
+    * Simple statistics output with Socat option --statistics and with SIGUSR1
+    * A couple of new options, many fixes and corrections, see file CHANGES
+
+- Drop socat-common-fixes.patch (no longer necessary)
+- Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
+- Add socat-test-dhparam fixture (reduce build load and time)
+- Add socat-test-without-tty.patch for testing without tty.
+
+- Note: This version introduces "socat1", linking to "socat"
+- Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
+
+-------------------------------------------------------------------
+Tue Dec  6 13:46:41 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 1.7.4.4:
+  * FIX: In error.c msg2() there was a stack overflow on long messages: The
+    terminating \0 Byte was written behind the last position.
+  * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
+    arrived.
+  * FIX: a couple of weaknesses and errors when accessing invalid or
+    incompatible file system entries with UNIX domain, file, and generic
+    addresses.
+  * FIX: bad parser error message on "socat /tmp/x\"x/x -"
+- Drop socat-fix-asan-error.patch
+
 -------------------------------------------------------------------
 Wed Apr 13 07:41:15 UTC 2022 - Martin Liška <mliska@suse.cz>

--- a/socat.spec
+++ b/socat.spec
@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@ -18,7 +18,7 @@


 Name:           socat
-Version:        1.7.4.3
+Version:        1.8.0.2
 Release:        0
 Summary:        Multipurpose relay for bidirectional data transfer
 License:        MIT AND SUSE-GPL-2.0-with-openssl-exception
@ -26,9 +26,12 @@ Group:          Productivity/Networking/Other
 URL:            http://www.dest-unreach.org/socat/
 Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz
 Source1:        %{name}.changes
+Source2:        socat-test-dhparam
+# TODO: as of 1.8.0.0, test.sh supports "--expect-fail <code>", this should be used
+#       instead of ignoring all test failures
 Patch1:         socat-ignore-tests-failure-boo1078346.patch
-Patch2:         socat-common-fixes.patch
-Patch3:         socat-fix-asan-error.patch
+# Support build environments without a TTY
+Patch2:         socat-test-without-tty.patch
 BuildRequires:  iputils
 BuildRequires:  net-tools
 BuildRequires:  openssl-devel
@ -53,6 +56,16 @@ IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a
 file descriptor (stdin etc.), the GNU line editor, a program, or a
 combination of two of these.

+%package extra
+Summary:        Additional scripts for socat
+Requires:       %{name} = %{version}
+
+%description extra
+This ships the following scripts:
+- socat-broker.sh
+- socat-chain.sh
+- socat-mux.sh
+
 %prep
 %autosetup
 sed 's|#! %{_bindir}/env bash|#!%{_bindir}/bash|' -i proxyecho.sh readline.sh
@ -74,6 +87,9 @@ mkdir -p \
 	%{buildroot}/%{_mandir}/man1
 %make_install

+# avoid expensive dhparam generation on every build with enabled checks
+cp %{SOURCE2} testcert.dh
+
 %check
 export TERM=ansi
 # use a small but safe subset of all tests
@ -91,8 +107,15 @@ export OPTS="-t 2"
 %license COPYING COPYING.OpenSSL
 %doc BUGREPORTS CHANGES DEVELOPMENT EXAMPLES FAQ FILES PORTING README SECURITY VERSION examples
 %{_bindir}/socat
+%{_bindir}/socat1
 %{_bindir}/procan
 %{_bindir}/filan
 %{_mandir}/man1/socat.1%{?ext_man}
+%{_mandir}/man1/socat1.1%{?ext_man}
+
+%files extra
+%{_bindir}/socat-broker.sh
+%{_bindir}/socat-chain.sh
+%{_bindir}/socat-mux.sh

 %changelog