Sync from SUSE:SLFO:Main socat revision a2d5cb9bdadf944590aab3691e73f97a

2024-05-04 00:44:04 +02:00 · 2024-05-04 00:44:04 +02:00 · a7bdc7928b
commit a7bdc7928b
7 changed files with 584 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/socat-1.7.4.3.tar.gz
+++ b/socat-1.7.4.3.tar.gz
--- a/socat-common-fixes.patch
+++ b/socat-common-fixes.patch
@ -0,0 +1,41 @@
+Index: socat-1.7.4.1/filan.c
+===================================================================
+--- socat-1.7.4.1.orig/filan.c
+++ socat-1.7.4.1/filan.c
+@@ -20,6 +20,10 @@
+ 
+ #include "filan.h"
+ 
+#ifdef WITH_LIBWRAP
+#include <tcpd.h>
+#endif
+
+ 
+ struct sockopt {
+    int so;
+Index: socat-1.7.4.1/procan.c
+===================================================================
+--- socat-1.7.4.1.orig/procan.c
+++ socat-1.7.4.1/procan.c
+@@ -16,6 +16,9 @@
+ #include "filan.h"
+ 
+ #include <sys/resource.h>
+#ifdef WITH_LIBWRAP
+#include <tcpd.h>
+#endif
+ 
+ #include "procan.h"
+ 
+Index: socat-1.7.4.1/xio-tcpwrap.c
+===================================================================
+--- socat-1.7.4.1.orig/xio-tcpwrap.c
+++ socat-1.7.4.1/xio-tcpwrap.c
+@@ -13,6 +13,7 @@
+ #include "xio-tcpwrap.h"
+ 
+ 
+
+ #if (WITH_TCP || WITH_UDP) && WITH_LIBWRAP
+ 
+ const struct optdesc opt_tcpwrappers = { "tcpwrappers", "tcpwrap", OPT_TCPWRAPPERS, GROUP_RANGE,  PH_ACCEPT, TYPE_STRING_NULL, OFUNC_SPEC };
--- a/socat-fix-asan-error.patch
+++ b/socat-fix-asan-error.patch
@ -0,0 +1,13 @@
+diff --git a/error.c b/error.c
+index 3135fd5..eacfec5 100644
+--- a/error.c
+++ b/error.c
+@@ -360,7 +360,7 @@ void msg2(
+    if (handler)  bufp[-1] = tolower(bufp[-1]); /* for debugging, low chars indicate messages from signal handlers */
+ #endif
+    *bufp++ = ' ';
+-   strncpy(bufp, text, BUFLEN-(bufp-buff)-1);
+   strncpy(bufp, text, BUFLEN-(bufp-buff)-2);
+    strcat(bufp, "\n");
+    _msg(level, buff, syslp);
+    if (level >= diagopts.exitlevel) {
--- a/socat-ignore-tests-failure-boo1078346.patch
+++ b/socat-ignore-tests-failure-boo1078346.patch
@ -0,0 +1,25 @@
+From: Michel Normand <normand@linux.vnet.ibm.com>
+Subject: socat ignore tests failure boo1078346
+Date: Wed, 31 Jan 2018 10:19:54 +0100
+
+socat ignore flaky tests failure boo1078346
+for PowerPC and S390
+
+Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com>
+---
+ test.sh |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: socat-1.7.4.1/test.sh
+===================================================================
+--- socat-1.7.4.1.orig/test.sh
+++ socat-1.7.4.1/test.sh
+@@ -15042,7 +15042,7 @@ if [ "$numCANT" -gt 0 ]; then
+ fi
+ if [ "$numFAIL" -gt 0 ]; then
+     echo "FAILED: $listFAIL"
+-    exit 1
+    uname -p | grep -qE 'ppc|s390' && { echo "ignore flaky failures, bypass boo#1078346"; exit 0; } || exit 1
+ fi
+ exit 0
+ 
--- a/socat.changes
+++ b/socat.changes
@ -0,0 +1,381 @@
+-------------------------------------------------------------------
+Wed Apr 13 07:41:15 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Use autosetup
+- Add socat-fix-asan-error.patch that is offered to upstream
+  and that fixes an ASAN error seen for 'test 313 NESTEDOVFL'.
+
+-------------------------------------------------------------------
+Sat Jan 22 20:54:21 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.7.4.3:
+  * fixes the TCP_INFO issue that broke building on non-Linux platforms. 
+  * building on AIX works again. 
+  * A few more corrections and improvements have been added 
+
+-------------------------------------------------------------------
+Mon Nov  1 18:46:42 UTC 2021 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 1.7.4.2:
+  * Fixes a lot of bugs, e.g., for options -r and -R.
+  * Further bugfixes, see the CHANGES file
+
+-------------------------------------------------------------------
+Mon Jan 11 22:24:07 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.7.4.1:
+  Security:
+  * Buffer size option (-b) is internally doubled for CR-CRLF conversion,
+    but not checked for integer overflow. This could lead to heap based buffer
+    overflow, assuming the attacker could provide this parameter. 
+  * Many further bugfixes and new features, see the CHANGES file
+
+-------------------------------------------------------------------
+Fri Apr 17 06:58:23 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
+
+- Update to version 1.7.3.4:
+  * bugfix release, see the CHANGES file for all changes
+- Refresh patches:
+  * socat-common-fixes.patch
+  * socat-ignore-tests-failure-boo1078346.patch
+
+-------------------------------------------------------------------
+Tue Feb  4 12:41:58 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- socat-common-fixes.patch: include tcpd.h where needed to fix
+  -fno-common bsc#1160293
+
+-------------------------------------------------------------------
+Sat Apr  6 13:34:11 UTC 2019 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 1.7.3.3:
+  * bugfix release, see the CHANGES file for all changes
+- Drop patch:
+  * socat-openssl-1.1-tests.patch (not longer needed)
+- Run spec-cleaner
+
+-------------------------------------------------------------------
+Mon Sep 10 12:14:48 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Replace old variables by modern counterparts.
+
+-------------------------------------------------------------------
+Thu Aug 30 16:32:32 UTC 2018 - crrodriguez@opensuse.org
+
+- We HAVE_SSLv23_*_method, just not as functions, but macros
+  add the relevant defines in the command line so support for
+  autonegotiation of the highest TLS version is restored.
+
+-------------------------------------------------------------------
+Tue Apr  3 13:53:32 CEST 2018 - kukuk@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+
+-------------------------------------------------------------------
+Fri Feb  2 06:50:32 UTC 2018 - normand@linux.vnet.ibm.com
+
+- Add socat-ignore-tests-failure-boo1078346.patch
+  flaky test failures PowerPC and s390 , bypass boo#1078346
+
+-------------------------------------------------------------------
+Thu Aug 17 13:42:49 UTC 2017 - meissner@suse.com
+
+- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)
+
+-------------------------------------------------------------------
+Mon Apr 10 14:56:19 UTC 2017 - sweet_f_a@gmx.de
+
+- update to 1.7.3.2, bug fixes:
+  * fixes uninterruptable hang / CPU loop on host resolution
+    problems
+  * some compile problems, and lots of other bugs and porting
+    issues
+- remove fix-linux-errqueue.h-not-found.patch, this build issue
+  was fixed by upstream
+
+-------------------------------------------------------------------
+Tue Feb  2 12:19:40 UTC 2016 - sweet_f_a@gmx.de
+
+- update to 1.7.3.1, security fixes:
+  * Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in
+    OpenSSL" (bnc#938913 and CVE-2015-4000).
+  * Socat security advisory 8: "Stack overflow in arguments parser"
+    (bnc#964844)
+
+-------------------------------------------------------------------
+Mon Apr 20 05:54:10 UTC 2015 - sweet_f_a@gmx.de
+
+- test-suite, use a small but safe subset of all tests
+- don't remove "example" scripts from builddir, they are needed for
+  tests
+
+-------------------------------------------------------------------
+Tue Apr 14 15:57:19 UTC 2015 - sweet_f_a@gmx.de
+
+- remove socat-remove_date.patch, export BUILD_DATE instead
+  (new feature since 1.7.2.4)
+- run tests, don't abort yet
+- require tcpd-devel only on SUSE systems at build time
+
+-------------------------------------------------------------------
+Wed Mar 25 15:29:21 UTC 2015 - p.drouand@gmail.com
+
+- Update to version 1.7.3.0
+  * Too many changes to list; please read the CHANGES file for news
+- Remove redundant %clean section
+- Update fix-linux-errqueue.h-not-found.patch and socat-remove_date.patch 
+
+-------------------------------------------------------------------
+Sat Oct 25 06:53:21 UTC 2014 - coolo@suse.com
+
+- correctly apply the patch
+
+-------------------------------------------------------------------
+Fri Oct 24 10:02:01 UTC 2014 - javier@opensuse.org
+
+- Add fix-linux-errqueue.h-not-found.patch 
+
+-------------------------------------------------------------------
+Tue Mar 11 07:05:34 UTC 2014 - meissner@suse.com
+
+- updated to 1.7.2.4: minor bugfixes:
+  This version contains fixes for most of the bugs and porting issues
+  reported or found in more than two years.
+
+-------------------------------------------------------------------
+Mon Mar  3 19:35:45 UTC 2014 - andreas.stieger@gmx.de
+
+- mention patch in changelog entry, annotate patch
+
+-------------------------------------------------------------------
+Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org
+
+- update to 1.7.2.3: security fix:
+  * CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
+    overflow with data from command line (see socat-secadv5.txt)
+- added esocat-remove_date.patch to prevent unneccessary rebuilds,
+  fixes W: file-contains-date-and-time
+
+-------------------------------------------------------------------
+Tue May 28 13:27:12 UTC 2013 - meissner@suse.com
+
+- updated to 1.7.2.2
+  This release fixes a security issue: Under certain circumstances,
+  an FD leak occurs and may be misused for denial-of-service attacks
+  against socat running in server mode (CVE-2013-3571)
+
+-------------------------------------------------------------------
+Mon Mar  4 11:20:27 UTC 2013 - cfarrell@suse.com
+
+- license update: SUSE-GPL-2.0-with-openssl-exception and MIT
+  See README
+
+-------------------------------------------------------------------
+Sat Mar  2 08:13:52 UTC 2013 - coolo@suse.com
+
+- update license to new format
+
+-------------------------------------------------------------------
+Fri May 25 14:15:08 UTC 2012 - meissner@suse.com
+
+- udapted to 1.7.2.1
+  security fix for READLINE bnc#759859
+
+-------------------------------------------------------------------
+Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com
+
+- remove call to suse_update_config (very old work around)
+
+-------------------------------------------------------------------
+Wed Dec  7 17:49:55 CET 2011 - meissner@suse.de
+
+- updated to 1.7.2.0
+  This release allows tun/tap interfaces without IP addresses and
+  introduces the options openssl-compress and max-children. It fixes 18
+  bugs and has 11 changes for improved platform support, especially Mac
+  OS X Lion, DragonFly, and Android.
+- socat-unixsalen.patch now upstream.
+
+-------------------------------------------------------------------
+Wed Feb  2 18:23:27 CET 2011 - meissner@suse.de
+
+- Handle case where a AF_LOCAL socket has no name. bnc#668319
+
+-------------------------------------------------------------------
+Mon Aug  2 08:31:55 UTC 2010 - pascal.bleser@opensuse.org
+
+- update to 1.7.3:
+  * a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes
+
+-------------------------------------------------------------------
+Mon Jan 11 08:24:32 UTC 2010 - pascal.bleser@opensuse.org
+
+- upgraded to 1.7.1.2:
+  + fixes OpenSSL "nonblock" failure
+  + fixes 64-bit issues and some minor bugs
+
+- changes from 1.7.1.1:
+  + fixes a couple of bugs, some of which could crash socat under some
+    circumstances
+
+- changes from 1.7.1.0:
+  + provides a few new address options to better control its closing behavior
+
+- changes from 1.7.0.1:
+  * fixes a possible SIGSEGV in listening addresses
+  * fixes client connections with option connect-timeout failed when the
+    connections succeeded
+  * fixes the option end-close "did not apply" to some addresses
+  * half close of EXEC and SYSTEM addresses might have failed for pipes and
+    socketpair
+
+-------------------------------------------------------------------
+Thu Oct 16 09:56:41 CEST 2008 - meissner@suse.de
+
+- upgraded to 1.7.0.0
+  - support for SCTP stream sockets, raw interface, and generic sockets.
+  - A new option escape allows it to interrupt raw terminal connections.
+  - Listening and receiving sockets can set a couple of environment variables.
+  - Base control of System V STREAMS has been added.
+  - Many corrections were performed.
+
+-------------------------------------------------------------------
+Mon Feb 11 10:24:33 CET 2008 - lmuelle@suse.de
+
+- Update to version 1.6.0.1.
+  + exec:...,pty did not kill child process under some circumstances; fixed
+    by correcting typo in xio-progcall.c
+  + service name resolution failed due to byte order mistake
+  + socat would hang when invoked with many file descriptors already opened
+    fix: replaced FOPEN_MAX with FD_SETSIZE
+  + fixed bugs where sub processes would become zombies because the master
+    process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
+    UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
+    ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
+  + fixed a bug where sub processes would become zombies because the master
+    process caught SIGCHLD but did not wait(). this affected addresses
+    UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
+  + corrected option handling with STDIO; usecase: cool-write
+  + configure --disable-pty  also disabled option waitlock
+  + fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
+- Update to version 1.6.0.0.
+  + new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
+    and multicast modes
+  + new option ip-add-membership for control of multicast group membership
+  + new address TUN for generation of Linux TUN/TAP pseudo network
+    interfaces (suggested by Mat Caughron); associated options tun-device,
+    tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
+  + new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
+    ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
+    on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
+    socklen parameter on system calls.
+  + option end-close for control of connection closing allows FD sharing
+    by sub processes
+  + range option supports form address:mask with IPv4
+  + changed behaviour of SSL-LISTEN to require and verify client
+    certificate per default
+  + options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
+    grained locking on regular files
+  + fixed bug where only first tcpwrap option was applied; fixed bug where
+    tcpwrap IPv6 check always failed
+    and fixing this bug)
+  + filan (and socat -D) could hang when a socket was involved
+  + corrected PTYs on HP-UX (and maybe others) using STREAMS
+  + correct bind with udp6-listen
+  + corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
+  + corrected problem with read data buffered in OpenSSL layer
+  + corrected problem with option readbytes when input stream stayed idle
+    after so many bytes
+  + fixed a bug where a datagram receiver with option fork could fork two
+    sub processes per packet
+- Don't call test.sh as it doesn't pass if called as non root.
+- Don't remove the buildroot in the install section.
+- Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available.
+
+-------------------------------------------------------------------
+Thu Mar 22 10:18:31 CET 2007 - ssommer@suse.de
+
+- fix build with newer kernel headers:
+    some common FS-specific ioctls moved to linux/fs.h
+
+-------------------------------------------------------------------
+Mon Jul 17 12:43:39 CEST 2006 - lmuelle@suse.de
+
+- Update to version 1.5.0.0.
+  + new datagram modes for udp, rawip, unix domain sockets
+  + socat option -T specifies inactivity timeout
+  + rewrote lexical analysis to allow nested socat calls
+  + addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
+  + socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
+    SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
+  + addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
+  + option protocol-family (pf), esp. for openssl-listen
+  + range option supports IPv6 - syntax: range=[::1/128]
+  + option ipv6-v6only (ipv6only)
+  + new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
+  + FIPS version of OpenSSL can be integrated - initial patch provided by
+    David Acker. See README.FIPS
+  + support for resolver options res-debug, aaonly, usevc, primary, igntc,
+    recurse, defnames, stayopen, dnsrch
+  + options for file attributes on advanced filesystems (ext2, ext3,
+    reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
+    ext2-noatime, journal-data etc.
+  + option cool-write controls severeness of write failure (EPIPE,
+    ECONNRESET)
+  + option o-noatime
+  + socat option -lh for hostname in log output
+  + traffic dumping provides packet headers
+  + configure.in became part of distribution
+  + socats unpack directory now has full version, e.g. socat-1.5.0.0/
+  + corrected docu of option verify
+
+-------------------------------------------------------------------
+Wed Jan 25 21:41:44 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Tue Apr 26 15:20:20 CEST 2005 - uli@suse.de
+
+- disabled test on ARM (hangs QEMU)
+
+-------------------------------------------------------------------
+Sun Mar 20 20:14:32 CET 2005 - lmuelle@suse.de
+
+- Update to version 1.4.2.0.
+
+-------------------------------------------------------------------
+Sun Dec 12 15:51:50 CET 2004 - lmuelle@suse.de
+
+- Update to version 1.4.1.0.
+
+-------------------------------------------------------------------
+Tue Oct 26 23:18:18 CEST 2004 - lmuelle@suse.de
+
+- Update to version 1.4.0.3.
+
+-------------------------------------------------------------------
+Mon Sep 27 00:26:39 CEST 2004 - lmuelle@suse.de
+
+- Update to version 1.4.0.2.
+
+-------------------------------------------------------------------
+Sat Aug 28 15:33:21 CEST 2004 - lmuelle@suse.de
+
+- Add readline.sh to the examples.
+
+-------------------------------------------------------------------
+Fri Aug 27 16:25:49 CEST 2004 - lmuelle@suse.de
+
+- Update to version 1.4.0.1.
+
+-------------------------------------------------------------------
+Mon Jun 14 15:21:13 CEST 2004 - lmuelle@suse.de
+
+- Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/
+  BuildRequires.
+
+-------------------------------------------------------------------
+Mon Jun 14 12:30:55 CEST 2004 - lmuelle@suse.de
+
+- Inital SuSE RPM based on source tar ball spec file.
--- a/socat.spec
+++ b/socat.spec
@ -0,0 +1,98 @@
+#
+# spec file for package socat
+#
+# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           socat
+Version:        1.7.4.3
+Release:        0
+Summary:        Multipurpose relay for bidirectional data transfer
+License:        MIT AND SUSE-GPL-2.0-with-openssl-exception
+Group:          Productivity/Networking/Other
+URL:            http://www.dest-unreach.org/socat/
+Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz
+Source1:        %{name}.changes
+Patch1:         socat-ignore-tests-failure-boo1078346.patch
+Patch2:         socat-common-fixes.patch
+Patch3:         socat-fix-asan-error.patch
+BuildRequires:  iputils
+BuildRequires:  net-tools
+BuildRequires:  openssl-devel
+BuildRequires:  procps
+BuildRequires:  readline-devel
+%if 0%{?suse_version}
+BuildRequires:  tcpd-devel
+%endif
+%if 0%{?suse_version}
+BuildRequires:  iproute2
+BuildRequires:  netcfg
+%endif
+%if 0%{?suse_version} >= 1330
+BuildRequires:  net-tools-deprecated
+%endif
+
+%description
+socat is a relay for bidirectional data transfer between two
+independent data channels. Each of these data channels may be a file,
+pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX,
+IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a
+file descriptor (stdin etc.), the GNU line editor, a program, or a
+combination of two of these.
+
+%prep
+%autosetup
+sed 's|#! %{_bindir}/env bash|#!%{_bindir}/bash|' -i proxyecho.sh readline.sh
+
+%build
+# export deterministic BUILD_DATE, format like "__DATE__ __TIME__"
+CL_DATE="$(awk -F " - " 'NR==2{print $1;}' %{SOURCE1})"
+test -n "$CL_DATE"
+export BUILD_DATE="$(LANG=C date --utc -d "${CL_DATE}" +"%{b} %{e} %{Y} %{T}")"
+export CFLAGS="%{optflags} -fno-strict-aliasing -DHAVE_SSLv23_client_method -DHAVE_SSLv23_server_method -fno-common"
+%configure
+%make_build all
+mkdir examples
+cp -a daemon.sh ftp.sh mail.sh proxyecho.sh readline.sh examples
+
+%install
+mkdir -p \
+	%{buildroot}/%{_bindir} \
+	%{buildroot}/%{_mandir}/man1
+%make_install
+
+%check
+export TERM=ansi
+# use a small but safe subset of all tests
+sotests="filan consistency stdio fd pipe pipes exec gopen noatime system"
+%ifnarch armv6l armv6hl aarch64
+# add some more tests for fast machines only
+sotests+=" unix"
+%endif
+# increase socket shutdown timeout, default 0.1 or 0.5 caused sometimes
+# random failures on slow machines (armv6l, aarch64)
+export OPTS="-t 2"
+./test.sh $sotests
+
+%files
+%license COPYING COPYING.OpenSSL
+%doc BUGREPORTS CHANGES DEVELOPMENT EXAMPLES FAQ FILES PORTING README SECURITY VERSION examples
+%{_bindir}/socat
+%{_bindir}/procan
+%{_bindir}/filan
+%{_mandir}/man1/socat.1%{?ext_man}
+
+%changelog