------------------------------------------------------------------- Tue May 28 13:27:12 UTC 2013 - meissner@suse.com - updated to 1.7.2.2 This release fixes a security issue: Under certain circumstances, an FD leak occurs and may be misused for denial-of-service attacks against socat running in server mode (CVE-2013-3571) ------------------------------------------------------------------- Mon Mar 4 11:20:27 UTC 2013 - cfarrell@suse.com - license update: SUSE-GPL-2.0-with-openssl-exception and MIT See README ------------------------------------------------------------------- Sat Mar 2 08:13:52 UTC 2013 - coolo@suse.com - update license to new format ------------------------------------------------------------------- Fri May 25 14:15:08 UTC 2012 - meissner@suse.com - udapted to 1.7.2.1 security fix for READLINE bnc#759859 ------------------------------------------------------------------- Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com - remove call to suse_update_config (very old work around) ------------------------------------------------------------------- Wed Dec 7 17:49:55 CET 2011 - meissner@suse.de - updated to 1.7.2.0 This release allows tun/tap interfaces without IP addresses and introduces the options openssl-compress and max-children. It fixes 18 bugs and has 11 changes for improved platform support, especially Mac OS X Lion, DragonFly, and Android. - socat-unixsalen.patch now upstream. ------------------------------------------------------------------- Wed Feb 2 18:23:27 CET 2011 - meissner@suse.de - Handle case where a AF_LOCAL socket has no name. bnc#668319 ------------------------------------------------------------------- Mon Aug 2 08:31:55 UTC 2010 - pascal.bleser@opensuse.org - update to 1.7.3: * a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes ------------------------------------------------------------------- Mon Jan 11 08:24:32 UTC 2010 - pascal.bleser@opensuse.org - upgraded to 1.7.1.2: + fixes OpenSSL "nonblock" failure + fixes 64-bit issues and some minor bugs - changes from 1.7.1.1: + fixes a couple of bugs, some of which could crash socat under some circumstances - changes from 1.7.1.0: + provides a few new address options to better control its closing behavior - changes from 1.7.0.1: * fixes a possible SIGSEGV in listening addresses * fixes client connections with option connect-timeout failed when the connections succeeded * fixes the option end-close "did not apply" to some addresses * half close of EXEC and SYSTEM addresses might have failed for pipes and socketpair ------------------------------------------------------------------- Thu Oct 16 09:56:41 CEST 2008 - meissner@suse.de - upgraded to 1.7.0.0 - support for SCTP stream sockets, raw interface, and generic sockets. - A new option escape allows it to interrupt raw terminal connections. - Listening and receiving sockets can set a couple of environment variables. - Base control of System V STREAMS has been added. - Many corrections were performed. ------------------------------------------------------------------- Mon Feb 11 10:24:33 CET 2008 - lmuelle@suse.de - Update to version 1.6.0.1. + exec:...,pty did not kill child process under some circumstances; fixed by correcting typo in xio-progcall.c + service name resolution failed due to byte order mistake + socat would hang when invoked with many file descriptors already opened fix: replaced FOPEN_MAX with FD_SETSIZE + fixed bugs where sub processes would become zombies because the master process did not catch SIGCHLD. this affected addresses UDP-LISTEN, UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT, ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A + fixed a bug where sub processes would become zombies because the master process caught SIGCHLD but did not wait(). this affected addresses UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM + corrected option handling with STDIO; usecase: cool-write + configure --disable-pty also disabled option waitlock + fixed small bugs on systems with struct ip_mreq without struct ip_mreqn - Update to version 1.6.0.0. + new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast and multicast modes + new option ip-add-membership for control of multicast group membership + new address TUN for generation of Linux TUN/TAP pseudo network interfaces (suggested by Mat Caughron); associated options tun-device, tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc. + new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO, ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls socklen parameter on system calls. + option end-close for control of connection closing allows FD sharing by sub processes + range option supports form address:mask with IPv4 + changed behaviour of SSL-LISTEN to require and verify client certificate per default + options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer grained locking on regular files + fixed bug where only first tcpwrap option was applied; fixed bug where tcpwrap IPv6 check always failed and fixing this bug) + filan (and socat -D) could hang when a socket was involved + corrected PTYs on HP-UX (and maybe others) using STREAMS + correct bind with udp6-listen + corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro + corrected problem with read data buffered in OpenSSL layer + corrected problem with option readbytes when input stream stayed idle after so many bytes + fixed a bug where a datagram receiver with option fork could fork two sub processes per packet - Don't call test.sh as it doesn't pass if called as non root. - Don't remove the buildroot in the install section. - Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available. ------------------------------------------------------------------- Thu Mar 22 10:18:31 CET 2007 - ssommer@suse.de - fix build with newer kernel headers: some common FS-specific ioctls moved to linux/fs.h ------------------------------------------------------------------- Mon Jul 17 12:43:39 CEST 2006 - lmuelle@suse.de - Update to version 1.5.0.0. + new datagram modes for udp, rawip, unix domain sockets + socat option -T specifies inactivity timeout + rewrote lexical analysis to allow nested socat calls + addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6 + socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP, SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection + addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6 + option protocol-family (pf), esp. for openssl-listen + range option supports IPv6 - syntax: range=[::1/128] + option ipv6-v6only (ipv6only) + new tcp-wrappers options allow-table, deny-table, tcpwrap-etc + FIPS version of OpenSSL can be integrated - initial patch provided by David Acker. See README.FIPS + support for resolver options res-debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, dnsrch + options for file attributes on advanced filesystems (ext2, ext3, reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump, ext2-noatime, journal-data etc. + option cool-write controls severeness of write failure (EPIPE, ECONNRESET) + option o-noatime + socat option -lh for hostname in log output + traffic dumping provides packet headers + configure.in became part of distribution + socats unpack directory now has full version, e.g. socat-1.5.0.0/ + corrected docu of option verify ------------------------------------------------------------------- Wed Jan 25 21:41:44 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Apr 26 15:20:20 CEST 2005 - uli@suse.de - disabled test on ARM (hangs QEMU) ------------------------------------------------------------------- Sun Mar 20 20:14:32 CET 2005 - lmuelle@suse.de - Update to version 1.4.2.0. ------------------------------------------------------------------- Sun Dec 12 15:51:50 CET 2004 - lmuelle@suse.de - Update to version 1.4.1.0. ------------------------------------------------------------------- Tue Oct 26 23:18:18 CEST 2004 - lmuelle@suse.de - Update to version 1.4.0.3. ------------------------------------------------------------------- Mon Sep 27 00:26:39 CEST 2004 - lmuelle@suse.de - Update to version 1.4.0.2. ------------------------------------------------------------------- Sat Aug 28 15:33:21 CEST 2004 - lmuelle@suse.de - Add readline.sh to the examples. ------------------------------------------------------------------- Fri Aug 27 16:25:49 CEST 2004 - lmuelle@suse.de - Update to version 1.4.0.1. ------------------------------------------------------------------- Mon Jun 14 15:21:13 CEST 2004 - lmuelle@suse.de - Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/ BuildRequires. ------------------------------------------------------------------- Mon Jun 14 12:30:55 CEST 2004 - lmuelle@suse.de - Inital SuSE RPM based on source tar ball spec file.