socat/socat.changes

423 lines
17 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Wed May 1 18:50:03 UTC 2024 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update to 1.8.0.0:
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
- Drop socat-common-fixes.patch (no longer necessary)
- Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
- Add socat-test-dhparam fixture (reduce build load and time)
- Add socat-test-without-tty.patch for testing without tty.
- Note: This version introduces "socat1", linking to "socat"
- Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
-------------------------------------------------------------------
Tue Dec 6 13:46:41 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
- Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
 incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on "socat /tmp/x\"x/x -"
- Drop socat-fix-asan-error.patch
-------------------------------------------------------------------
Wed Apr 13 07:41:15 UTC 2022 - Martin Liška <mliska@suse.cz>
- Use autosetup
- Add socat-fix-asan-error.patch that is offered to upstream
and that fixes an ASAN error seen for 'test 313 NESTEDOVFL'.
-------------------------------------------------------------------
Sat Jan 22 20:54:21 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
-------------------------------------------------------------------
Mon Nov 1 18:46:42 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
-------------------------------------------------------------------
Mon Jan 11 22:24:07 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
-------------------------------------------------------------------
Fri Apr 17 06:58:23 UTC 2020 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.7.3.4:
* bugfix release, see the CHANGES file for all changes
- Refresh patches:
* socat-common-fixes.patch
* socat-ignore-tests-failure-boo1078346.patch
-------------------------------------------------------------------
Tue Feb 4 12:41:58 UTC 2020 - Marcus Meissner <meissner@suse.com>
- socat-common-fixes.patch: include tcpd.h where needed to fix
-fno-common bsc#1160293
-------------------------------------------------------------------
Sat Apr 6 13:34:11 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.3.3:
* bugfix release, see the CHANGES file for all changes
- Drop patch:
* socat-openssl-1.1-tests.patch (not longer needed)
- Run spec-cleaner
-------------------------------------------------------------------
Mon Sep 10 12:14:48 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Replace old variables by modern counterparts.
-------------------------------------------------------------------
Thu Aug 30 16:32:32 UTC 2018 - crrodriguez@opensuse.org
- We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.
-------------------------------------------------------------------
Tue Apr 3 13:53:32 CEST 2018 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
-------------------------------------------------------------------
Fri Feb 2 06:50:32 UTC 2018 - normand@linux.vnet.ibm.com
- Add socat-ignore-tests-failure-boo1078346.patch
flaky test failures PowerPC and s390 , bypass boo#1078346
-------------------------------------------------------------------
Thu Aug 17 13:42:49 UTC 2017 - meissner@suse.com
- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)
-------------------------------------------------------------------
Mon Apr 10 14:56:19 UTC 2017 - sweet_f_a@gmx.de
- update to 1.7.3.2, bug fixes:
* fixes uninterruptable hang / CPU loop on host resolution
problems
* some compile problems, and lots of other bugs and porting
issues
- remove fix-linux-errqueue.h-not-found.patch, this build issue
was fixed by upstream
-------------------------------------------------------------------
Tue Feb 2 12:19:40 UTC 2016 - sweet_f_a@gmx.de
- update to 1.7.3.1, security fixes:
* Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in
OpenSSL" (bnc#938913 and CVE-2015-4000).
* Socat security advisory 8: "Stack overflow in arguments parser"
(bnc#964844)
-------------------------------------------------------------------
Mon Apr 20 05:54:10 UTC 2015 - sweet_f_a@gmx.de
- test-suite, use a small but safe subset of all tests
- don't remove "example" scripts from builddir, they are needed for
tests
-------------------------------------------------------------------
Tue Apr 14 15:57:19 UTC 2015 - sweet_f_a@gmx.de
- remove socat-remove_date.patch, export BUILD_DATE instead
(new feature since 1.7.2.4)
- run tests, don't abort yet
- require tcpd-devel only on SUSE systems at build time
-------------------------------------------------------------------
Wed Mar 25 15:29:21 UTC 2015 - p.drouand@gmail.com
- Update to version 1.7.3.0
* Too many changes to list; please read the CHANGES file for news
- Remove redundant %clean section
- Update fix-linux-errqueue.h-not-found.patch and socat-remove_date.patch
-------------------------------------------------------------------
Sat Oct 25 06:53:21 UTC 2014 - coolo@suse.com
- correctly apply the patch
-------------------------------------------------------------------
Fri Oct 24 10:02:01 UTC 2014 - javier@opensuse.org
- Add fix-linux-errqueue.h-not-found.patch
-------------------------------------------------------------------
Tue Mar 11 07:05:34 UTC 2014 - meissner@suse.com
- updated to 1.7.2.4: minor bugfixes:
This version contains fixes for most of the bugs and porting issues
reported or found in more than two years.
-------------------------------------------------------------------
Mon Mar 3 19:35:45 UTC 2014 - andreas.stieger@gmx.de
- mention patch in changelog entry, annotate patch
-------------------------------------------------------------------
Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org
- update to 1.7.2.3: security fix:
* CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
overflow with data from command line (see socat-secadv5.txt)
- added esocat-remove_date.patch to prevent unneccessary rebuilds,
fixes W: file-contains-date-and-time
-------------------------------------------------------------------
Tue May 28 13:27:12 UTC 2013 - meissner@suse.com
- updated to 1.7.2.2
This release fixes a security issue: Under certain circumstances,
an FD leak occurs and may be misused for denial-of-service attacks
against socat running in server mode (CVE-2013-3571)
-------------------------------------------------------------------
Mon Mar 4 11:20:27 UTC 2013 - cfarrell@suse.com
- license update: SUSE-GPL-2.0-with-openssl-exception and MIT
See README
-------------------------------------------------------------------
Sat Mar 2 08:13:52 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Fri May 25 14:15:08 UTC 2012 - meissner@suse.com
- udapted to 1.7.2.1
security fix for READLINE bnc#759859
-------------------------------------------------------------------
Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com
- remove call to suse_update_config (very old work around)
-------------------------------------------------------------------
Wed Dec 7 17:49:55 CET 2011 - meissner@suse.de
- updated to 1.7.2.0
This release allows tun/tap interfaces without IP addresses and
introduces the options openssl-compress and max-children. It fixes 18
bugs and has 11 changes for improved platform support, especially Mac
OS X Lion, DragonFly, and Android.
- socat-unixsalen.patch now upstream.
-------------------------------------------------------------------
Wed Feb 2 18:23:27 CET 2011 - meissner@suse.de
- Handle case where a AF_LOCAL socket has no name. bnc#668319
-------------------------------------------------------------------
Mon Aug 2 08:31:55 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.7.3:
* a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes
-------------------------------------------------------------------
Mon Jan 11 08:24:32 UTC 2010 - pascal.bleser@opensuse.org
- upgraded to 1.7.1.2:
+ fixes OpenSSL "nonblock" failure
+ fixes 64-bit issues and some minor bugs
- changes from 1.7.1.1:
+ fixes a couple of bugs, some of which could crash socat under some
circumstances
- changes from 1.7.1.0:
+ provides a few new address options to better control its closing behavior
- changes from 1.7.0.1:
* fixes a possible SIGSEGV in listening addresses
* fixes client connections with option connect-timeout failed when the
connections succeeded
* fixes the option end-close "did not apply" to some addresses
* half close of EXEC and SYSTEM addresses might have failed for pipes and
socketpair
-------------------------------------------------------------------
Thu Oct 16 09:56:41 CEST 2008 - meissner@suse.de
- upgraded to 1.7.0.0
- support for SCTP stream sockets, raw interface, and generic sockets.
- A new option escape allows it to interrupt raw terminal connections.
- Listening and receiving sockets can set a couple of environment variables.
- Base control of System V STREAMS has been added.
- Many corrections were performed.
-------------------------------------------------------------------
Mon Feb 11 10:24:33 CET 2008 - lmuelle@suse.de
- Update to version 1.6.0.1.
+ exec:...,pty did not kill child process under some circumstances; fixed
by correcting typo in xio-progcall.c
+ service name resolution failed due to byte order mistake
+ socat would hang when invoked with many file descriptors already opened
fix: replaced FOPEN_MAX with FD_SETSIZE
+ fixed bugs where sub processes would become zombies because the master
process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
+ fixed a bug where sub processes would become zombies because the master
process caught SIGCHLD but did not wait(). this affected addresses
UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
+ corrected option handling with STDIO; usecase: cool-write
+ configure --disable-pty also disabled option waitlock
+ fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
- Update to version 1.6.0.0.
+ new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
and multicast modes
+ new option ip-add-membership for control of multicast group membership
+ new address TUN for generation of Linux TUN/TAP pseudo network
interfaces (suggested by Mat Caughron); associated options tun-device,
tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
+ new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
socklen parameter on system calls.
+ option end-close for control of connection closing allows FD sharing
by sub processes
+ range option supports form address:mask with IPv4
+ changed behaviour of SSL-LISTEN to require and verify client
certificate per default
+ options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
grained locking on regular files
+ fixed bug where only first tcpwrap option was applied; fixed bug where
tcpwrap IPv6 check always failed
and fixing this bug)
+ filan (and socat -D) could hang when a socket was involved
+ corrected PTYs on HP-UX (and maybe others) using STREAMS
+ correct bind with udp6-listen
+ corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
+ corrected problem with read data buffered in OpenSSL layer
+ corrected problem with option readbytes when input stream stayed idle
after so many bytes
+ fixed a bug where a datagram receiver with option fork could fork two
sub processes per packet
- Don't call test.sh as it doesn't pass if called as non root.
- Don't remove the buildroot in the install section.
- Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available.
-------------------------------------------------------------------
Thu Mar 22 10:18:31 CET 2007 - ssommer@suse.de
- fix build with newer kernel headers:
some common FS-specific ioctls moved to linux/fs.h
-------------------------------------------------------------------
Mon Jul 17 12:43:39 CEST 2006 - lmuelle@suse.de
- Update to version 1.5.0.0.
+ new datagram modes for udp, rawip, unix domain sockets
+ socat option -T specifies inactivity timeout
+ rewrote lexical analysis to allow nested socat calls
+ addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
+ socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
+ addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
+ option protocol-family (pf), esp. for openssl-listen
+ range option supports IPv6 - syntax: range=[::1/128]
+ option ipv6-v6only (ipv6only)
+ new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
+ FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
+ support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
+ options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
+ option cool-write controls severeness of write failure (EPIPE,
ECONNRESET)
+ option o-noatime
+ socat option -lh for hostname in log output
+ traffic dumping provides packet headers
+ configure.in became part of distribution
+ socats unpack directory now has full version, e.g. socat-1.5.0.0/
+ corrected docu of option verify
-------------------------------------------------------------------
Wed Jan 25 21:41:44 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Apr 26 15:20:20 CEST 2005 - uli@suse.de
- disabled test on ARM (hangs QEMU)
-------------------------------------------------------------------
Sun Mar 20 20:14:32 CET 2005 - lmuelle@suse.de
- Update to version 1.4.2.0.
-------------------------------------------------------------------
Sun Dec 12 15:51:50 CET 2004 - lmuelle@suse.de
- Update to version 1.4.1.0.
-------------------------------------------------------------------
Tue Oct 26 23:18:18 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.3.
-------------------------------------------------------------------
Mon Sep 27 00:26:39 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.2.
-------------------------------------------------------------------
Sat Aug 28 15:33:21 CEST 2004 - lmuelle@suse.de
- Add readline.sh to the examples.
-------------------------------------------------------------------
Fri Aug 27 16:25:49 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.1.
-------------------------------------------------------------------
Mon Jun 14 15:21:13 CEST 2004 - lmuelle@suse.de
- Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/
BuildRequires.
-------------------------------------------------------------------
Mon Jun 14 12:30:55 CEST 2004 - lmuelle@suse.de
- Inital SuSE RPM based on source tar ball spec file.