nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1  
2 ####################### V 2.0.0-b8:
3  
4 security:
5 CVE-2015-1379
6 Fixed problems with signal handling caused by use of not async signal
7 safe functions in signal handlers that could freeze socat, allowing
8 denial of service attacks.
9 Many changes in signal handling and the diagnostic messages system were
10 applied to make the code async signal safe but still provide detailled
11 logging from signal handlers:
12 Coded function vsnprintf_r() as async signal safe incomplete substitute
13 of libc vsnprintf()
14 Coded function snprinterr() to replace %m in strings with a system error
15 message
16 Instead of gettimeofday() use clock_gettime() when available
17 Pass Diagnostic messages from signal handler per unix socket to the main
18 program flow
19 Use sigaction() instead of signal() for better control
20 Turn off nested signal handler invocations
21 Thanks to Peter Lobsinger for reporting and explaining this issue.
22  
23 Red Hat issue 1019975: add TLS host name checks
24 OpenSSL client checks if the server certificates names in
25 extensions/subjectAltName/DNS or in subject/commonName match the name
26 used to connect or the value of the openssl-commonname option.
27 Test: OPENSSL_CN_CLIENT_SECURITY
28  
29 OpenSSL server checks if the client certificates names in
30 extensions/subjectAltNames/DNS or subject/commonName match the value of
31 the openssl-commonname option when it is used.
32 Test: OPENSSL_CN_SERVER_SECURITY
33  
34 Red Hat issue 1019964: socat now uses the system certificate store with
35 OPENSSL when neither options cafile nor capath are used
36  
37 Red Hat issue 1019972: needs to specify OpenSSL cipher suites
38 Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
39 prevent downgrade attacks
40  
41 corrections:
42 LISTEN based addresses applied some address options, e.g. so-keepalive,
43 to the listening file descriptor instead of the connected file
44 descriptor
45 Thanks to Ulises Alonso for reporting this bug
46  
47 make failed after configure with non gcc compiler due to missing
48 include. Thanks to Horacio Mijail for reporting this problem
49  
50 configure checked for --disable-rawsocket but printed
51 --disable-genericsocket in the help text. Thanks to Ben Gardiner for
52 reporting and patching this bug
53  
54 procan could not cleanly format ulimit values longer than 16 decimal
55 digits. Thanks to Frank Dana for providing a patch that increases field
56 width to 24 digits.
57  
58 OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
59 "Invalid argument"
60 Thanks to Emile den Tex for reporting this bug.
61  
62 Changed some variable definitions to make gcc -O2 aliasing checker happy
63 Thanks to Ilya Gordeev for reporting these warnings
64  
65 On big endian platforms with type long >32bit the range option applied a
66 bad base address. Thanks to hejia hejia for reporting and fixing this bug.
67  
68 Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
69  
70 Red Hat issue 1022063: out-of-range shifts on net mask bits
71  
72 Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
73  
74 Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
75 uses
76  
77 Red Hat issue 1021958: fixed a bug with faulty buffer/data length
78 calculation in xio-ascii.c:_xiodump()
79  
80 Red Hat issue 1021972: fixed a missing NUL termination in return string
81 of sysutils.c:sockaddr_info() for the AF_UNIX case
82  
83 fixed some typos and minor issues, including:
84 Red Hat issue 1021967: formatting error in manual page
85  
86 UNIX-LISTEN with fork option did not remove the socket file system entry
87 when exiting. Other file system based passive address types had similar
88 issues or failed to apply options umask, user e.a.
89 Thanks to Lorenzo Monti for pointing me to this issue
90  
91 fixed bug in xio-openssl.c that prevented error handling of bad number
92 of arguments, thanks to Paulik Tamas for reporting
93  
94 when UNIX-LISTEN was applied to an existing file it failed as expected
95 but removed the file. Thanks to Bjoern Bosselmann for reporting this
96 problem
97  
98 fixed a bug where socat might crash when connecting to a unix domain
99 socket using address GOPEN. Thanks to Martin Forssen for bug report and
100 patch.
101  
102 UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
103 when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
104  
105 UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
106 pointed me to that bug
107  
108 TCP-CONNECT with option nonblock reported successful connect even when
109 it was still pending
110  
111 address option ioctl-intp failed with "unimplemented type 26". Thanks
112 to Jeremy W. Sherman for reporting and fixing that bug
113  
114 socat option -x did not print packet direction, timestamp etc; thanks
115 to Anthony Sharobaiko for sending a patch
116  
117 Marcus Meissner provided a patch that fixes invalid output and possible
118 process crash when socat prints info about an unnamed unix domain
119 socket
120  
121 Michal Soltys reported the following problem and provided an initial
122 patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during
123 data transfer only parts of the data might have been written.
124  
125 Option o-nonblock in combination with large transfer block sizes
126 may result in partial writes and/or EAGAIN errors that were not handled
127 properly but resulted in data loss or process termination.
128  
129 Fixed a bug that could freeze socat when during assembly of a log
130 message a signal was handled that also printed a log message. socat
131 development had been aware that localtime() is not thread safe but had
132 only expected broken messages, not corrupted stack (glibc 2.11.1,
133 Ubuntu 10.4)
134  
135 an internal store for child pids was susceptible to pid reuse which
136 could lead to sporadic data loss when both fork option and exec address
137 were used. Thanks to Tetsuya Sodo for reporting this problem and
138 sending a patch
139  
140 OpenSSL server failed with "no shared cipher" when using cipher aNULL.
141 Fixed by providing temporary DH parameters. Thanks to Philip Rowlands
142 for drawing my attention to this issue.
143  
144 UDP-LISTEN slept 1s after accepting a connection. This is not required.
145 Thanks to Peter Valdemar Morch for reporting this issue
146  
147 fixed a bug that could lead to error or socat crash after a client
148 connection with option retry had been established
149  
150 fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be
151 undefined
152  
153 improved dev_t print format definition
154  
155 user-late and group-late, when applied to a pty, affected the system
156 device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
157 pointing me to this bug)
158  
159 socats openssl addresses failed with "nonblocking operation did not
160 complete" when the peer performed a renegotiation. Thanks to Benjamin
161 Delpy for reporting this bug.
162  
163 info message during socks connect showed bad port number on little
164 endian systems due to wrong byte order (thanks to Peter M. Galbavy for
165 bug report and patch)
166  
167 Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
168 to default. Thanks to Martin Dorey for reporting this bug.
169  
170 corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
171 occur under those conditions. Thanks to Toni Mattila for first
172 reporting this problem.
173  
174 ftruncate64 cut its argument to 32 bits on systems with 32 bit long type
175  
176 with unidirectional EXEC and SYSTEM a close() operation was performed
177 on a random number which could result in hanging e.a.
178  
179 fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
180 systems
181  
182 docu mentions option so-bindtodev but correct name is so-bindtodevice.
183 Thanks to Jim Zimmerman for reporting.
184  
185 Bind with ABSTRACT commands used non-abstract namespace (Linux).
186 Test: ABSTRACT_BIND
187 Thanks to Denis Shatov for reporting this bug.
188  
189 Fixed return value of nestlex()
190  
191 Option ignoreeof on the right address hung.
192 Test: IGNOREEOF_REV
193 Thanks to Franz Fasching for reporting this bug.
194  
195 Address SYSTEM, when terminating, shut down its parent addresses,
196 e.g. an SSL connection which the parent assumed to still be active.
197 Test: SYSTEM_SHUTDOWN
198  
199 Passive (listening or receiving) addresses with empty port field bound
200 to a random port instead of terminating with error.
201 Test: TCP4_NOPORT
202  
203 configure with some combination of disable options produced config
204 files that failed to compile due to missing IPPROTO_TCP.
205 Thanks to Thierry Fournier for report and patch.
206  
207 Fixed a few minor bugs with OpenSSL in configure and with messages
208  
209 Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
210 is required. Thanks to Zhigang Wang for reporting and sending a patch.
211  
212 Christophe Leroy provided a patch that fixes memory leaks reported by
213 valgrind
214  
215 Help for filan -L was bad, is now corrected to:
216 "follow symbolic links instead of showing their properties"
217  
218 Address options fdin and fdout were silently ignored when not applicable
219 due to -u or -U option. Now these combinations are caught as errors.
220 Test: FDOUT_ERROR
221 Issue reported by Hendrik.
222  
223 Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
224 over option raw which is now obsolote. On SysV systems this call is
225 simulated by appropriate setting.
226 Thanks to Youfu Zhang for reporting issue with option raw.
227  
228 ioctl-intp
229 -T hang
230 mixed directions
231 socat_open sprintf overflow
232  
233 Fixed bidirectional UDP-LISTEN error
234  
235 Compilation failed under some non-Linux operating systems due to use
236 of old rfd1 component
237  
238 OPENSSL-LISTEN failed with "Bad file descriptor" when used in
239 write-only context
240  
241 UDP-LISTEN failed with "...is not available". Thanks to Fred for
242 reporting this problem
243  
244 Address FD was not read from when used bidirectionally. Thanks to David
245 Halls for reporting this bug.
246  
247 Options shut-none, shut-down, shut-close all might not have worked
248 correctly. Thanks to Ray Song for reporting this issue.
249  
250 Fixed Debug arguments issue in _socat()
251  
252 Dual type addresses terminated when they were idle for EOF timeout time
253  
254 off_t may be long long
255 more corrections for non Linux
256 configure.ac
257  
258 porting:
259 Red Hat issue 1020203: configure checks fail with some compilers.
260 Use case: clang
261  
262 Performed changes for Fedora release 19
263  
264 Adapted, improved test.sh script
265  
266 Red Hat issue 1021429: getgroupent fails with large number of groups;
267 use getgrouplist() when available instead of sequence of calls to
268 getgrent()
269  
270 Red Hat issue 1021948: snprintf API change;
271 Implemented xio_snprintf() function as wrapper that tries to emulate C99
272 behaviour on old glibc systems, and adapted all affected calls
273 appropriately
274  
275 Mike Frysinger provided a patch that supports long long for time_t,
276 socklen_t and a few other libc types.
277  
278 Artem Mygaiev extended Cedril Priscals Android build script with pty code
279  
280 The check for fips.h required stddef.h
281 Thanks to Matt Hilt for reporting this issue and sending a patch
282  
283 Check for linux/errqueue.h failed on some systems due to lack of
284 linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
285  
286 autoconf now prefers configure.ac over configure.in
287 Thanks to Michael Vastola for sending a patch.
288  
289 type of struct cmsghdr.cmsg is system dependend, determine it with
290 configure; some more print format corrections
291  
292 libwrap always logs to syslog
293  
294 added actual text version of GPLv2
295  
296 Cedril Priscal ported socat to Android (using Googles cross compiler).
297 The port includes the socat_buildscript_for_android.sh script
298  
299 added check for component ipi_spec_dst in struct in_pktinfo so
300 compilation does not fail on Cygwin (thanks to Peter Wagemans for
301 reporting this problem)
302  
303 build failed on RHEL6 due to presence of fips.h; configure now checks
304 for fipsld too. Thanks to Andreas Gruenbacher for reporting this
305 problem
306  
307 check for netinet6/in6.h only when IPv6 is available and enabled
308  
309 don't fail to compile when the following defines are missing:
310 IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT
311 Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
312  
313 check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX
314 Lion 7.1); thanks to Jerry Jacobs to reporting this problem and
315 proposing a solution
316  
317 fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for
318 providing the patch.
319  
320 corrections for OpenEmbedded, especially termios SHIFT values and
321 ISPEED/OSPEED. Thanks to John Faith for providing the patch
322  
323 fixed sa_family_t compile error on DragonFly; minor code cleanup.
324 Thanks to Tony Young for reporting this issue and sending a patch.
325  
326 Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
327 is now bsd/libutil.h; compiler warns on vars that is only written to
328  
329 building socat on systems that predefined the CFLAGS environment to
330 contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
331 this problem and to Simon Matter for providing the patch
332  
333 support for Solaris 8 and Sun Studio support (thanks to Sebastian
334 Kayser for providing the patches)
335  
336 on some 64bit systems a compiler warning "cast from pointer to integer
337 of different size" was issued on some option definitions
338  
339 added struct sockaddr_ll to union sockaddr_union to avoid "strict
340 aliasing" warnings (problem reported by Paul Wouters)
341  
342 Socat included <sys/poll.h> instead of POSIX <poll.h>
343 Thanks to John Spencer for reporting this issue.
344  
345 Version 1.7.2.4 changed the check for gcc in configure.ac; this
346 broke cross compiling. The particular check gets reverted.
347 Thanks to Ross Burton and Danomi Manchego for reporting this issue.
348  
349 Debian Bug#764251: Set the build timestamp to a deterministic time:
350 support external BUILD_DATE env var to allow to build reproducable
351 binaries
352  
353 Joachim Fenkes provided an new adapted spec file.
354  
355 Type bool and macros Min and Max are defined by socat which led to
356 compile errors when they were already provided by build framework.
357 Thanks to Liyu Liu for providing a patch.
358  
359 David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
360 support and appropriate files in Config/
361  
362 Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
363 on Illumos
364  
365 Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
366 _POSIX_PTHREAD_SEMANTICS; and minor changes
367  
368 Red Hat issue 1182005: socat 1.7.2.4 build failure missing
369 linux/errqueue.h
370 Socat failed to compile on on PPC due to new requirements for
371 including <linux/errqueue.h> and a weakness in the conditional code.
372 Thanks to Michel Normand for reporting this issue.
373  
374 Use 'environ' variable only when provided by runtime
375  
376 new features:
377 added option max-children that limits the number of concurrent child
378 processes. Thanks to Sam Liddicott for providing the patch.
379  
380 Till Maas added support for tun/tap addresses without IP address
381  
382 added an option openssl-compress that allows to disable the compression
383 feature of newer OpenSSL versions. Thanks to Michael Hanselmann for
384 providing this contribution (sponsored by Google Inc.)
385  
386 OpenSSL addresses set couple of environment variables from values in
387 peer certificate, e.g.:
388 SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
389 SOCAT_OPENSSL_X509_COMMONNAME,
390 SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
391 Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
392  
393 Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
394 Tests: OPENSSL_METHOD_*
395  
396 Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
397 by Andrey Arapov.
398  
399 Added a new option termios-rawer for ptys.
400 Thanks to Christian Vogelgsang for pointing me to this requirement
401  
402 doc:
403 minor corrections in docu (thanks to Paggas)
404  
405 minor corrections in doc (2x)
406  
407 client process -> child process
408  
409 In the man page the PTY example was badly formatted. Thanks to
410 J.F.Sebastian for sending a patch.
411  
412 Added missing CVE ids to security issues in CHANGES
413  
414 testing:
415 Do not distribute testcert.conf with socat source but generate it
416 (and new testcert6.conf) during test.sh run.
417  
418 ####################### V 2.0.0-b7:
419  
420 security:
421 CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
422 overflow with data from command line (see socat-secadv5.txt)
423 Credits to Florian Weimer of the Red Hat Product Security Team
424  
425 ####################### V 2.0.0-b6:
426  
427 security:
428 CVE-2013-3571:
429 after refusing a client connection due to bad source address or source
430 port socat shutdown() the socket but did not close() it, resulting in
431 a file descriptor leak in the listening process, visible with lsof and
432 possibly resulting in EMFILE Too many open files. This issue could be
433 misused for a denial of service attack.
434 Full credits to Catalin Mitrofan for finding and reporting this issue.
435  
436 ####################### V 2.0.0-b5:
437  
438 security:
439 CVE-2012-0219:
440 fixed a possible heap buffer overflow in the readline address. This bug
441 could be exploited when all of the following conditions were met:
442 1) one of the addresses is READLINE without the noprompt and without the
443 prompt options.
444 2) the other (almost arbitrary address) reads malicious data (which is
445 then transferred by socat to READLINE).
446 Workaround: when using the READLINE address apply option prompt or
447 noprompt.
448 Full credits to Johan Thillemann for finding and reporting this issue.
449  
450 ####################### V 2.0.0-b4:
451  
452 security:
453 CVE-2010-2799:
454 fixed a stack overflow vulnerability that occurred when command
455 line arguments (whole addresses, host names, file names) were longer
456 than 512 bytes.
457 Note that this could only be exploited when an attacker was able to
458 inject data into socat's command line.
459 Full credits to Felix Gröbert, Google Security Team, for finding and
460 reporting this issue
461  
462 ####################### V 2.0.0-b3:
463  
464 new features:
465 added inter addresses for execution of external programs or scripts:
466 EXEC2 and SYSTEM2 are bidirectional, EXEC1 and SYSTEM1 are
467 unidirectional
468  
469 option commtype replaces the now obsolete "socketpair" and "pipes"
470 options and selects the communication mechanism on the left side of
471 EXEC and SYSTEM addresses
472  
473 options leftfd, leftinfd, leftoutfd; and rightfd, rightinfd,
474 rightoutfd override the default file descriptor numbers provided to
475 exec'd programs
476  
477 ####################### V 2.0.0-b2:
478  
479 new features:
480 address chains consisting of inter and endpoint addresses, linked with
481 '|' (pipe character)
482  
483 reverse inter addresses
484  
485 dual type inter addresses
486  
487 changed form of dual addresses from in!!out to out%in
488  
489 address overloading per parameter number, inter/endpoint type, and
490 supported transfer directions
491  
492 derived new inter addresses OPENSSL-CLIENT, OPENSSL-SERVER,
493 PROXY-CLIENT, SOCKS4-CLIENT, SOCKS4A-CLIENT from related old addresses
494  
495 new inter address SOCKS5-CLIENT
496  
497 new inter address NOP
498  
499 new inter address TEST, TESTUNI, TESTREV
500  
501 new form of PTY address with symlink paramater
502  
503 new form of FD address with output/input fd numbers
504  
505 ####################### V 1.7.1.0:
506  
507 new features:
508 address options shut-none, shut-down, and shut-close allow to control
509 socat's half close behaviour
510  
511 with address option shut-null socat sends an empty packet to the peer
512 to indicate EOF
513  
514 option null-eof changes the behaviour of sockets that receive an empty
515 packet to see EOF instead of ignoring it
516  
517 introduced option names substuser-early and su-e, currently equivalent
518 to option substuser (thanks to Mike Perry for providing the patch)
519  
520 corrections:
521 fixed some typos and improved some comments
522  
523 ####################### V 1.7.0.1:
524  
525 corrections:
526 fixed possible SIGSEGV in listening addresses when a new connection was
527 reset by peer before the socket addresses could be retrieved. Thanks to
528 Mike Perry for sending a patch.
529  
530 fixed a bug, introduced with version 1.7.0.0, that let client
531 connections with option connect-timeout fail when the connections
532 succeeded. Thanks to Bruno De Fraine for reporting this bug.
533  
534 option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
535 and most UNIX-* and ABSTRACT-*
536  
537 half close of EXEC and SYSTEM addresses did not work for pipes and
538 sometimes socketpair
539  
540 help displayed for some option a wrong type
541  
542 under some circumstances shutdown was called multiple times for the
543 same fd
544  
545 ####################### V 1.7.0.0:
546  
547 new features:
548 new address types SCTP-CONNECT and SCTP-LISTEN implement SCTP stream
549 mode for IPv4 and IPv6; new address options sctp-maxseg and
550 sctp-nodelay (suggested by David A. Madore; thanks to Jonathan Brannan
551 for providing an initial patch)
552  
553 new address "INTERFACE" for transparent network interface handling
554 (suggested by Stuart Nicholson)
555  
556 added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
557 SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
558 protocol independent socket handling; all parameters are explicitely
559 specified as numbers or hex data
560  
561 added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
562 ioctl-bin for generic ioctl() calls.
563  
564 added address options setsockopt-int, setsockopt-bin, and
565 setsockopt-string for generic setsockopt() calls
566  
567 option so-type now only affects the socket() and socketpair() calls,
568 not the name resolution. so-type and so-prototype can now be applied to
569 all socket based addresses.
570  
571 new address option "escape" allows to break a socat instance even when
572 raw terminal mode prevents ^C etc. (feature suggested by Guido Trotter)
573  
574 socat sets environment variables SOCAT_VERSION, SOCAT_PID, SOCAT_PPID
575 for use in executed scripts
576  
577 socat sets environment variables SOCAT_SOCKADDR, SOCAT_SOCKPORT,
578 SOCAT_PEERADDR, SOCAT_PEERPORT in LISTEN type addresses (feature
579 suggested by Ed Sawicki)
580  
581 socat receives all ancillary messages with each received packet on
582 datagram related addresses. The messages are logged in raw form with
583 debug level, and broken down with info level. note: each type of
584 ancillary message must be enabled by appropriate address options.
585  
586 socat provides the contents of ancillary messages received on RECVFROM
587 addresses in appropriate environment variables:
588 SOCAT_TIMESTAMP, SOCAT_IP_DSTADDR, SOCAT_IP_IF, SOCAT_IP_LOCADDR,
589 SOCAT_IP_OPTIONS, SOCAT_IP_TOS, SOCAT_IP_TTL, SOCAT_IPV6_DSTADDR,
590 SOCAT_IPV6_HOPLIMIT, SOCAT_IPV6_TCLASS
591  
592 the following address options were added to enable ancillary messages:
593 so-timestamp, ip-pktinfo (not BSD), ip-recvdstaddr (BSD), ip-recverr,
594 ip-recvif (BSD), ip-recvopts, ip-recvtos, ip-recvttl, ipv6-recvdstopts,
595 ipv6-recverr, ipv6-recvhoplimit, ipv6-recvhopopts, ipv6-recvpathmtu,
596 ipv6-recvpktinfo, ipv6-recvrthdr, ipv6-recvtclass
597  
598 new address options ipv6-tclass and ipv6-unicast-hops set the related
599 socket options.
600  
601 STREAMS (UNIX System V STREAMS) can be configured with the new address
602 options i-pop-all and i-push (thanks to Michal Rysavy for providing a
603 patch)
604  
605 corrections:
606 some raw IP and UNIX datagram modes failed on BSD systems
607  
608 when UDP-LISTEN continued to listen after packet dropped by, e.g.,
609 range option, the old listen socket would not be closed but a new one
610 created. open sockets could accumulate.
611  
612 there was a bug in ip*-recv with bind option: it did not bind, and
613 with the first received packet an error occurred:
614 socket_init(): unknown address family 0
615 test: RAWIP4RECVBIND
616  
617 RECVFROM addresses with FORK option hung after processing the first
618 packet. test: UDP4RECVFROM_FORK
619  
620 corrected a few mistakes that caused compiler warnings on 64bit hosts
621 (thanks to Jonathan Brannan e.a. for providing a patch)
622  
623 EXEC and SYSTEM with stderr injected socat messages into the data
624 stream. test: EXECSTDERRLOG
625  
626 when the EXEC address got a string with consecutive spaces it created
627 additional empty arguments (thanks to Olivier Hervieu for reporting
628 this bug). test: EXECSPACES
629  
630 in ignoreeof polling mode socat also blocked data transfer in the other
631 direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
632 reporting this bug)
633  
634 corrected alphabetical order of options (proxy-auth)
635  
636 some minor corrections
637  
638 improved test.sh script: more stable timing, corrections for BSD
639  
640 replaced the select() calls by poll() to cleanly fix the problems with
641 many file descriptors already open
642  
643 socat option -lf did not log to file but to stderr
644  
645 socat did not compile on Solaris when configured without termios
646 feature (thanks to Pavan Gadi for reporting this bug)
647  
648 porting:
649 socat compiles and runs on AIX with gcc (thanks to Andi Mather for his
650 help)
651  
652 socat compiles and runs on Cygwin (thanks to Jan Just Keijser for his
653 help)
654  
655 socat compiles and runs on HP-UX with gcc (thanks to Michal Rysavy for
656 his help)
657  
658 socat compiles and runs on MacOS X (thanks to Camillo Lugaresi for his
659 help)
660  
661 further changes:
662 filan -s prefixes output with FD number if more than one FD
663  
664 Makefile now supports datarootdir (thanks to Camillo Lugaresi for
665 providing the patch)
666  
667 cleanup in xio-unix.c
668  
669 ####################### V 1.6.0.1:
670  
671 new features:
672 new make target "gitclean"
673  
674 docu source doc/socat.yo released
675  
676 corrections:
677 exec:...,pty did not kill child process under some circumstances; fixed
678 by correcting typo in xio-progcall.c (thanks to Ralph Forsythe for
679 reporting this problem)
680  
681 service name resolution failed due to byte order mistake
682 (thanks to James Sainsbury for reporting this problem)
683  
684 socat would hang when invoked with many file descriptors already opened
685 fix: replaced FOPEN_MAX with FD_SETSIZE
686 thanks to Daniel Lucq for reporting this problem.
687  
688 fixed bugs where sub processes would become zombies because the master
689 process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
690 UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
691 ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
692 (thanks to Fernanda G Weiden for reporting this problem)
693  
694 fixed a bug where sub processes would become zombies because the master
695 process caught SIGCHLD but did not wait(). this affected addresses
696 UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
697 (thanks to Evan Borgstrom for reporting this problem)
698  
699 corrected option handling with STDIO; usecase: cool-write
700  
701 configure --disable-pty also disabled option waitlock
702  
703 fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
704 (thanks to Roland Illig for sending a patch)
705  
706 corrected name of option intervall to interval (old form still valid
707 for us German speaking guys)
708  
709 corrected some print statements and variable names
710  
711 make uninstall did not uninstall procan
712  
713 fixed lots of weaknesses in test.sh
714  
715 corrected some bugs and typos in doc/socat.yo, EXAMPLES, C comments
716  
717 further changes:
718 procan -c prints C defines important for socat
719  
720 added test OPENSSLEOF for OpenSSL half close
721  
722 ####################### V 1.6.0.0:
723  
724 new features:
725 new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
726 and multicast modes
727  
728 new option ip-add-membership for control of multicast group membership
729  
730 new address TUN for generation of Linux TUN/TAP pseudo network
731 interfaces (suggested by Mat Caughron); associated options tun-device,
732 tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
733  
734 new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
735 ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
736 on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
737 socklen parameter on system calls.
738  
739 option end-close for control of connection closing allows FD sharing
740 by sub processes
741  
742 range option supports form address:mask with IPv4
743  
744 changed behaviour of SSL-LISTEN to require and verify client
745 certificate per default
746  
747 options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
748 grained locking on regular files
749  
750 uninstall target in Makefile (lack reported by Zeeshan Ali)
751  
752 corrections:
753 fixed bug where only first tcpwrap option was applied; fixed bug where
754 tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
755 and fixing this bug)
756  
757 filan (and socat -D) could hang when a socket was involved
758  
759 corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
760 Roberto Mackun)
761  
762 correct bind with udp6-listen (thanks to Jan Horak for reporting this
763 bug)
764  
765 corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
766 (thanks to Leo Zhadanovsky for reporting this problem)
767  
768 corrected problem with read data buffered in OpenSSL layer (thanks to
769 Jon Nelson for reporting this bug)
770  
771 corrected problem with option readbytes when input stream stayed idle
772 after so many bytes
773  
774 fixed a bug where a datagram receiver with option fork could fork two
775 sub processes per packet
776  
777 further changes:
778 moved documentation to new doc/ subdir
779  
780 new documents (kind of mini tutorials) are provided in doc/
781  
782 ####################### V 1.5.0.0:
783  
784 new features:
785 new datagram modes for udp, rawip, unix domain sockets
786  
787 socat option -T specifies inactivity timeout
788  
789 rewrote lexical analysis to allow nested socat calls
790  
791 addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
792  
793 socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
794 SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
795  
796 addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
797  
798 option protocol-family (pf), esp. for openssl-listen
799  
800 range option supports IPv6 - syntax: range=[::1/128]
801  
802 option ipv6-v6only (ipv6only)
803  
804 new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
805  
806 FIPS version of OpenSSL can be integrated - initial patch provided by
807 David Acker. See README.FIPS
808  
809 support for resolver options res-debug, aaonly, usevc, primary, igntc,
810 recurse, defnames, stayopen, dnsrch
811  
812 options for file attributes on advanced filesystems (ext2, ext3,
813 reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
814 ext2-noatime, journal-data etc.
815  
816 option cool-write controls severeness of write failure (EPIPE,
817 ECONNRESET)
818  
819 option o-noatime
820  
821 socat option -lh for hostname in log output
822  
823 traffic dumping provides packet headers
824  
825 configure.in became part of distribution
826  
827 socats unpack directory now has full version, e.g. socat-1.5.0.0/
828  
829 corrected docu of option verify
830  
831 corrections:
832 fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
833  
834 exec with pipes,stderr produced error
835  
836 setuid-early was ignored with many address types
837  
838 some minor corrections
839  
840 ####################### V 1.4.3.1:
841  
842 corrections:
843 PROBLEM: UNIX socket listen accepted only one (or a few) connections.
844 FIX: do not remove listening UNIX socket in child process
845  
846 PROBLEM: SIGSEGV when TCP part of SSL connect failed
847 FIX: check ssl pointer before calling SSL_shutdown
848  
849 In debug mode, show connect client port even when connect fails
850  
851 ####################### V 1.4.3.0:
852  
853 new features:
854 socat options -L, -W for application level locking
855  
856 options "lockfile", "waitlock" for address level locking
857 (Stefan Luethje)
858  
859 option "readbytes" limits read length (Adam Osuchowski)
860  
861 option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
862  
863 pty symlink, unix listen socket, and named pipe are per default removed
864 after use; option unlink-close overrides this new behaviour and also
865 controls removal of other socat generated files (Stefan Luethje)
866  
867 corrections:
868 option "retry" did not work with tcp-listen
869  
870 EPIPE condition could result in a 100% CPU loop
871  
872 further changes:
873 support systems without SHUT_RD etc.
874 handle more size_t types
875 try to find makedepend options with gcc 3 (richard/OpenMacNews)
876  
877 ####################### V 1.4.2.0:
878  
879 new features:
880 option "connect-timeout" limits wait time for connect operations
881 (requested by Giulio Orsero)
882  
883 option "dhparam" for explicit Diffie-Hellman parameter file
884  
885 corrections:
886 support for OpenSSL DSA certificates (Miika Komu)
887  
888 create install directories before copying files (Miika Komu)
889  
890 when exiting on signal, return status 128+signum instead of 1
891  
892 on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
893 Mantinan)
894  
895 -lu could cause a core dump on long messages
896  
897 further changes:
898 modifications to simplify using socats features in applications
899  
900 ####################### V 1.4.1.0:
901  
902 new features:
903 option "wait-slave" blocks open of pty master side until a client
904 connects, "pty-intervall" controls polling
905  
906 option -h as synonym to -? for help (contributed by Christian
907 Lademann)
908  
909 filan prints formatted time stamps and rdev (disable with -r)
910  
911 redirect filan's output, so stdout is not affected (contributed by
912 Luigi Iotti)
913  
914 filan option -L to follow symbolic links
915  
916 filan shows termios control characters
917  
918 corrections:
919 proxy address no longer performs unsolicited retries
920  
921 filan -f no longer needs read permission to analyze a file (but still
922 needs access permission to directory, of course)
923  
924 porting:
925 Option dsusp
926 FreeBSD options noopt, nopush, md5sig
927 OpenBSD options sack-disable, signature-enable
928 HP-UX, Solaris options abort-threshold, conn-abort-threshold
929 HP-UX options b900, b3600, b7200
930 Tru64/OSF1 options keepinit, paws, sackena, tsoptena
931  
932 further corrections:
933 address pty now uses ptmx as default if openpty is also available
934  
935 ####################### V 1.4.0.3:
936  
937 security:
938 CVE-2004-1484:
939 fix to a syslog() based format string vulnerability that can lead to
940 remote code execution. See advisory socat-adv-1.txt
941  
942 ####################### V 1.4.0.2:
943  
944 corrections:
945 exec'd write-only addresses get a chance to flush before being killed
946  
947 error handler: print notice on error-exit
948  
949 filan printed wrong file type information
950  
951 ####################### V 1.4.0.1:
952  
953 corrections:
954 socks4a constructed invalid header. Problem found, reported, and fixed
955 by Thomas Themel, by Peter Palfrader, and by rik
956  
957 with nofork, don't forget to apply some process related options
958 (chroot, setsid, setpgid, ...)
959  
960 ####################### V 1.4.0.0:
961  
962 new features:
963 simple openssl server (ssl-l), experimental openssl trust
964  
965 new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
966 openssl
967  
968 new options "retry", "forever", and "intervall"
969  
970 option "fork" for address TCP improves `gender changer´
971  
972 options "sigint", "sigquit", and "sighup" control passing of signals to
973 sub process (thanks to David Shea who contributed to this issue)
974  
975 readline takes respect to the prompt issued by the peer address
976  
977 options "prompt" and "noprompt" allow to override readline's new
978 default behaviour
979  
980 readline supports invisible password with option "noecho"
981  
982 socat option -lp allows to set hostname in log output
983  
984 socat option -lu turns on microsecond resolution in log output
985  
986  
987 corrections:
988 before reading available data, check if writing on other channel is
989 possible
990  
991 tcp6, udp6: support hostname specification (not only IP address), and
992 map IP4 names to IP6 addresses
993  
994 openssl client checks server certificate per default
995  
996 support unidirectional communication with exec/system subprocess
997  
998 try to restore original terminal settings when terminating
999  
1000 test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
1001  
1002 socks4 failed on platforms where long does not have 32 bits
1003 (thanks to Peter Palfrader and Thomas Seyrat)
1004  
1005 hstrerror substitute wrote wrong messages (HP-UX, Solaris)
1006  
1007 proxy error message was truncated when answer contained multiple spaces
1008  
1009  
1010 porting:
1011 compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
1012  
1013 ####################### V 1.3.2.2:
1014  
1015 corrections:
1016 PROXY CONNECT failed when the status reply from the proxy server
1017 contained more than one consecutive spaces. Problem reported by
1018 Alexandre Bezroutchko
1019  
1020 do not SIGSEGV when proxy address fails to resolve server name
1021  
1022 udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
1023 Problem reported by Christoph Schittel
1024  
1025 test.sh only tests available features
1026  
1027 added missing IP and TCP options in filan analyzer
1028  
1029 do not apply stdio address options to both directions when in
1030 unidirectional mode
1031  
1032 on systems lacking /dev/*random and egd, provide (weak) entropy from
1033 libc random()
1034  
1035  
1036 porting:
1037 changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
1038  
1039 compiles on True64, FreeBSD (again), NetBSD, OpenBSD
1040  
1041 support for long long as st_ino type (Cygwin 1.5)
1042  
1043 compile on systems where pty can not be featured
1044  
1045 ####################### V 1.3.2.1:
1046  
1047 corrections:
1048 "final" solution for the ENOCHLD problem
1049  
1050 corrected "make strip"
1051  
1052 default gcc debug/opt is "-O" again
1053  
1054 check for /proc at runtime, even if configure found it
1055  
1056 src.rpm accidently supported SuSE instead of RedHat
1057  
1058 ####################### V 1.3.2.0:
1059  
1060 new features:
1061 option "nofork" connects an exec'd script or program directly
1062 to the file descriptors of the other address, circumventing the socat
1063 transfer engine
1064  
1065 support for files >2GB, using ftruncate64(), lseek64(), stat64()
1066  
1067 filan has new "simple" output style (filan -s)
1068  
1069  
1070 porting:
1071 options "binary" and "text" for controlling line termination on Cygwin
1072 file system access (hint from Yang Wu-Zhou)
1073  
1074 fix by Yang Wu-Zhou for the Cygwin "No Children" problem
1075  
1076 improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
1077 John DuBois)
1078  
1079 minor corrections to avoid warnings with gcc 3
1080  
1081  
1082 further corrections and minor improvements:
1083 configure script is generated with autoconf 2.57 (no longer 2.52)
1084  
1085 configure passes CFLAGS to Makefile
1086  
1087 option -??? for complete list of address options and their short forms
1088  
1089 program name in syslog messages is derived from argv[0]
1090  
1091 SIGHUP now prints notice instead of error
1092  
1093 EIO during read of pty now gives Notice instead of Error, and
1094 triggers EOF
1095  
1096 use of hstrerror() for printing resolver error messages
1097  
1098 setgrent() got required endgrent()
1099  
1100 ####################### V 1.3.1.0:
1101  
1102 new features:
1103 integration of Wietse Venema's tcpwrapper library (libwrap)
1104  
1105 with "proxy" address, option "resolve" controls if hostname or IP
1106 address is sent in request
1107  
1108 option "lowport" establishes limited authorization for TCP and UDP
1109 connections
1110  
1111 improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
1112 An accompanying change in the numbering scheme results in an
1113 incompatibility with earlier socat RPMs!
1114  
1115  
1116 solved problems and bugs:
1117 PROBLEM: socat daemon terminated when the address of a connecting
1118 client did not match range option value instead of continue listening
1119 SOLVED: in this case, print warning instead of error to keep daemon
1120 active
1121  
1122 PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
1123 processes
1124 SOLVED: dont assume that each exiting child process generates SIGCHLD
1125  
1126 when converting CRNL to CR, socat converted to NL
1127  
1128  
1129 further corrections:
1130 configure script now disables features that depend on missing files
1131 making it more robust in "unsupported" environments
1132  
1133 server.pem permissions corrected to 600
1134  
1135 "make install" now does not strip; use "make strip; make install"
1136 if you like strip (suggested by Peter Bray)
1137  
1138 ####################### V 1.3.0.1:
1139  
1140 solved problems and bugs:
1141 PROBLEM: OPENSSL did not apply tcp, ip, and socket options
1142 SOLVED: OPENSSL now correctly handles the options list
1143  
1144 PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
1145 block boundary
1146 SOLVED: these conversions now simply strip all CR's or NL's from input
1147 stream
1148  
1149  
1150 porting:
1151 SunOS ptys now work on x86, too (thanks to Peter Bray)
1152  
1153 configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
1154  
1155  
1156 further corrections:
1157 added WITH_PROXY value to -V output
1158  
1159 added compile dependencies of WITH_PTY and WITH_PROXY
1160  
1161 -?? did not print option group of proxy options
1162  
1163 corrected syntax for bind option in docu
1164  
1165 corrected an issue with stdio in unidirectional mode
1166  
1167 options socksport and proxyport support service names
1168  
1169 ftp.sh script supports proxy address
1170  
1171 man page no longer installed with execute permissions (thanks to Peter
1172 Bray)
1173  
1174 fixed a malloc call bug that could cause SIGSEGV or false "out of
1175 memory" errors on EXEC and SYSTEM, depending on program name length and
1176 libc.
1177  
1178 ####################### V 1.3.0.0:
1179  
1180 new features:
1181 proxy connect with optional proxy authentication
1182  
1183 combined hex and text dump mode, credits to Gregory Margo
1184  
1185 address pty applies options user, group, and perm to device
1186  
1187  
1188 solved problems and bugs:
1189 PROBLEM: option reuseport was not applied (BSD, AIX)
1190 SOLVED: option reuseport now in phase PASTSOCKET instead of PREBIND,
1191 credits to Jean-Baptiste Marchand
1192  
1193 PROBLEM: ignoreeof with stdio was ignored
1194 SOLVED: ignoreeof now works correctly with address stdio
1195  
1196 PROBLEM: ftp.sh did not use user supplied password
1197 SOLVED: ftp.sh now correctly passes password from command line
1198  
1199 PROBLEM: server.pem had expired
1200 SOLVED: new server.pem valid for ten years
1201  
1202 PROBLEM: socks notice printed wrong port on some platforms
1203 SOLVED: socks now uses correct byte-order for port number in notice
1204  
1205  
1206 further corrections:
1207 option name o_trunc corrected to o-trunc
1208  
1209 combined use of -u and -U is now detected and prevented
1210  
1211 made message system a little more robust against format string attacks
1212  
1213  
1214 ####################### V 1.2.0.0:
1215  
1216 new features:
1217 address pty for putting socat behind a new pseudo terminal that may
1218 fake a serial line, modem etc.
1219  
1220 experimental openssl integration
1221 (it does not provide any trust between the peers because is does not
1222 check certificates!)
1223  
1224 options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
1225 locking mechanism provided by flock()
1226  
1227 options setsid and setpgid now available with all address types
1228  
1229 option ctty (controlling terminal) now available for all TERMIOS
1230 addresses
1231  
1232 option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
1233 replaced by options o-trunc and ftruncate=offset
1234  
1235 option sourceport now available with TCP and UDP listen addresses to
1236 restrict incoming client connections
1237  
1238 unidirectional mode right-to-left (-U)
1239  
1240  
1241 solved problems and bugs:
1242 PROBLEM: addresses without required parameters but an option containing
1243 a '/' were incorrectly interpreted as implicit GOPEN address
1244 SOLVED: if an address does not have ':' separator but contains '/',
1245 check if the slash is before the first ',' before assuming
1246 implicit GOPEN.
1247  
1248  
1249 porting:
1250 ptys under SunOS work now due to use of stream options
1251  
1252  
1253 further corrections:
1254 with -d -d -d -d -D, don't print debug info during file analysis
1255  
1256  
1257 ####################### V 1.1.0.1:
1258  
1259 new features:
1260 .spec file for RPM generation
1261  
1262  
1263 solved problems and bugs:
1264 PROBLEM: GOPEN on socket did not apply option unlink-late
1265 SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
1266 options
1267  
1268 PROBLEM: with unidirectional mode, an unnecessary close timeout was
1269 applied
1270 SOLUTION: in unidirectional mode, terminate without wait time
1271  
1272 PROBLEM: using GOPEN on a unix domain socket failed for datagram
1273 sockets
1274 SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
1275  
1276  
1277 further corrections:
1278  
1279 open() flag options had names starting with "o_", now corrected to "o-"
1280  
1281 in docu, *-listen addresses were called *_listen
1282  
1283 address unix now called unix-connect because it does not handle unix
1284 datagram sockets
1285  
1286 in test.sh, apply global command line options with all tests
1287  
1288  
1289 ####################### V 1.1.0.0:
1290  
1291 new features:
1292 regular man page and html doc - thanks to kromJx for prototype
1293  
1294 new address type "readline", utilizing GNU readline and history libs
1295  
1296 address option "history-file" for readline
1297  
1298 new option "dash" to "exec" address that allows to start login shells
1299  
1300 syslog facility can be set per command line option
1301  
1302 new address option "tcp-quickack", found in Linux 2.4
1303  
1304 option -g prevents option group checking
1305  
1306 filan and procan can print usage
1307  
1308 procan prints rlimit infos
1309  
1310  
1311 solved problems and bugs:
1312 PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
1313 SOLVED: set eof flag of channel on shutdown.
1314  
1315 PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
1316 and has data available while channel 1 reaches EOF, the data is
1317 lost.
1318 SOLVED: during one loop run, first handle all data transfers and
1319 _afterwards_ handle EOF.
1320  
1321 PROBLEM: despite to option NONBLOCK, the connect() call blocked
1322 SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
1323  
1324 PROBLEM: UNLINK options issued error when file did not exist,
1325 terminating socat
1326 SOLVED: failure of unlink() is only warning if errno==ENOENT
1327  
1328 PROBLEM: TCP6-LISTEN required numeric port specification
1329 SOLVED: now uses common TCP service resolver
1330  
1331 PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
1332 SOLVED: retrieval of FDs now pays respect to PIPE pecularities
1333  
1334 PROBLEM: using address EXEC against an address with IGNOREEOF, socat
1335 never terminated
1336 SOLVED: corrected EOF handling of sigchld
1337  
1338  
1339 porting:
1340 MacOS and old AIX versions now have pty
1341  
1342 flock() now available on Linux (configure check was wrong)
1343  
1344 named pipe were generated using mknod(), which requires root under BSD
1345 now they are generated using mkfifo
1346  
1347  
1348 further corrections:
1349 lots of address options that were "forgotten" at runtime are now
1350 available
1351  
1352 option BINDTODEVICE now also called SO-BINDTODEVICE, IF
1353  
1354 "make install" now installs binaries with ownership 0:0
1355  
1356  
1357 ####################### V 1.0.4.2:
1358  
1359 solved problems and bugs:
1360 PROBLEM: EOF of one stream caused close of other stream, giving it no
1361 chance to go down regularly
1362 SOLVED: EOF of one stream now causes shutdown of write part of other
1363 stream
1364  
1365 PROBLEM: sending mail via socks address to qmail showed that crlf
1366 option does not work
1367 SOLVED: socks address applies PH_LATE options
1368  
1369 PROBLEM: in debug mode, no info about socat and platform was issued
1370 SOLVED: print socat version and uname output in debug mode
1371  
1372 PROBLEM: invoking socat with -t and no following parameters caused
1373 SIGSEGV
1374 SOLVED: -t and -b now check next argv entry
1375  
1376 PROBLEM: when opening of logfile (-lf) failed, no error was reported
1377 and no further messages were printed
1378 SOLVED: check result of fopen and print error message if it failed
1379  
1380 new features:
1381 address type UDP-LISTEN now supports option fork: it internally applies
1382 socket option SO_REUSEADDR so a new UDP socket can bind to port after
1383 `accepting´ a connection (child processes might live forever though)
1384 (suggestion from Damjan Lango)
1385  
1386  
1387 ####################### V 1.0.4.1:
1388  
1389 solved problems and bugs:
1390 PROB: assert in libc caused an endless recursion
1391 SOLVED: no longer catch SIGABRT
1392  
1393 PROB: socat printed wrong verbose prefix for "right to left" packets
1394 SOLVED: new parameter for xiotransfer() passes correct prefix
1395  
1396 new features:
1397 in debug mode, socat prints its command line arguments
1398 in verbose mode, escape special characters and replace unprintables
1399 with '.'. Patch from Adrian Thurston.
1400  
1401  
1402 ####################### V 1.0.4.0:
1403  
1404 solved problems and bugs:
1405 Debug output for lstat and fstat said "stat"
1406  
1407 further corrections:
1408 FreeBSD now includes libutil.h
1409  
1410 new features:
1411 option setsid with exec/pty
1412 option setpgid with exec/pty
1413 option ctty with exec/pty
1414 TCP V6 connect test
1415 gettimeofday in sycls.c (no use yet)
1416  
1417 porting:
1418 before Gethostbyname, invoke inet_aton for MacOSX
1419  
1420  
1421 ####################### V 1.0.3.0:
1422  
1423 solved problems and bugs:
1424  
1425 PROB: test 9 of test.sh (echo via file) failed on some platforms,
1426 socat exited without error message
1427 SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
1428  
1429 PROB: test 17 hung forever
1430 REASON: child death before select loop did not result in EOF
1431 SOLVED: check of existence of children before starting select loop
1432  
1433 PROB: test 17 failed
1434 REASON: child dead triggered EOF before last data was read
1435 SOLVED: after child death, read last data before setting EOF
1436  
1437 PROB: filan showed that exec processes incorrectly had fd3 open
1438 REASON: inherited open fd3 from main process
1439 SOLVED: set CLOEXEC flag on pty fd in main process
1440  
1441 PROB: help printed "undef" instead of group "FORK"
1442 SOLVED: added "FORK" to group name array
1443  
1444 PROB: fatal messages did not include severity classifier
1445 SOLVED: added "F" to severity classifier array
1446  
1447 PROB: IP6 addresses where printed incorrectly
1448 SOLVED: removed type casts to unsigned short *
1449  
1450 further corrections:
1451 socat catches illegal -l modes
1452 corrected error message on setsockopt(linger)
1453 option tabdly is of type uint
1454 correction for UDP over IP6
1455 more cpp conditionals, esp. for IP6 situations
1456 better handling of group NAMED options with listening UNIX sockets
1457 applyopts2 now includes last given phase
1458 corrected option group handling for most address types
1459 introduce dropping of unappliable options (dropopts, dropopts2)
1460 gopen now accepts socket and unix-socket options
1461 exec and system now accept all socket and termios options
1462 child process for exec and system addresses with option pty
1463 improved descriptions and options for EXAMPLES
1464 printf format for file mode changed to "0%03o" with length spec.
1465 added va_end() in branch of msg()
1466 changed phase of lock options from PASTOPEN to FD
1467 support up to four early dying processes
1468  
1469 structural changes:
1470 xiosysincludes now includes sysincludes.h for non xio files
1471  
1472 new features:
1473 option umask
1474 CHANGES file
1475 TYPE_DOUBLE, u_double
1476 OFUNC_OFFSET
1477 added getsid(), setsid(), send() to sycls
1478 procan prints sid (session id)
1479 mail.sh gets -f (from) option
1480 new EXAMPLEs for file creation
1481 gatherinfo.sh now tells about failures
1482 test.sh can check for much more address/option combinations
1483  
1484 porting:
1485 ispeed, ospeed for termios on FreeBSD
1486 getpgid() conditional for MacOS 10
1487 added ranlib in Makefile.in for MacOS 10
1488 disable pty option if no pty mechanism is available (MacOS 10)
1489 now compiles and runs on MacOS 10 (still some tests fail)
1490 setgroups() conditional for cygwin
1491 sighandler_t defined conditionally
1492 use gcc option -D_GNU_SOURCE