| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: socat | Distribution: SUSE Linux 16 |
| Version: 1.8.0.2 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 160000.2.3 | Build date: Wed Dec 11 13:13:49 2024 |
| Group: Productivity/Networking/Other | Build host: reproducible |
| Size: 958257 | Source RPM: socat-1.8.0.2-160000.2.3.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: http://www.dest-unreach.org/socat/ | |
| Summary: Multipurpose relay for bidirectional data transfer | |
socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor, a program, or a combination of two of these.
MIT AND SUSE-GPL-2.0-with-openssl-exception
* Wed Dec 11 2024 wolfgang.frisch@suse.com
- Update to 1.8.0.2:
- Security fix for readline.sh: arbitrary file overwrite via predictable /tmp
directory (bsc#1225462 CVE-2024-54661)
- Update to 1.8.0.1:
- Bug fixes
- UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
address in case the server name resolves to both IPv4 and IPv6 addresses.
- Guard applyopts_termios_value() with WITH_TERMIOS.
- In some situations xioclose() was called nested what could cause hanging
of OpenSSL in pthread_rwlock_wrlock().
- socat 1.8.0.0 with addresses of type RECVFROM and option fork, where the
second address failed to connect/open in the child process, entered a
fork loop that was only stopped by FD exhaustion caused by FD leak.
- socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
- With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
did not work.
- IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
argument) failed with message: E retropts_int(): trailing garbage in
numerical arg of option "protocol-family".
- Fixed a possible buffer overrun with long log lines. In fact it does not
write beyond end of buffer but lets pass excessive data to the write()
function.
- Reworked domain name resolution, centralized IPv4/IPv6 sorting.
- Print warning about not checking CRLs in OpenSSL only in the first child
process.
- Features
- Total inactivity timeout option -T 0 now means 0.0 seconds;
- Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
older Socat versions.
- socat-mux.sh and socat-broker.sh, when run as root, now internally use
low (512..1023) UDP ports to increase security.
- Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)
- Socks5 now also allows syntax without socks port, and supports option
socksport.
- Removed 0004-udp-listen-bind4.patch (fixed by upstream socat-1.8.0.1).
- Refreshed socat-test-without-tty.patch to match socat-1.8.0.1.
* Tue Jun 18 2024 meissner@suse.com
- 0004-udp-listen-bind4.patch: fixed a UDP listen error (bsc#1226459)
* Wed May 01 2024 mail+rpm@georg-pfuetzenreuter.net
- Update to 1.8.0.0:
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd "inetd" mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
- Drop socat-common-fixes.patch (no longer necessary)
- Refactor socat-ignore-tests-failure-boo1078346.patch (test suite no longer exits at this stage)
- Add socat-test-dhparam fixture (reduce build load and time)
- Add socat-test-without-tty.patch for testing without tty.
- Note: This version introduces "socat1", linking to "socat"
- Note: This version introduces additional shell scripts, those are shipped in a new "socat-extra" subpackage
* Tue Dec 06 2022 info@paolostivanin.com
- Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on "socat /tmp/x\"x/x -"
- Drop socat-fix-asan-error.patch
* Wed Apr 13 2022 mliska@suse.cz
- Use autosetup
- Add socat-fix-asan-error.patch that is offered to upstream
and that fixes an ASAN error seen for 'test 313 NESTEDOVFL'.
* Sat Jan 22 2022 dmueller@suse.com
- update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
* Mon Nov 01 2021 mardnh@gmx.de
- Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
* Mon Jan 11 2021 dmueller@suse.com
- update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
* Fri Apr 17 2020 mpluskal@suse.com
- Update to version 1.7.3.4:
* bugfix release, see the CHANGES file for all changes
- Refresh patches:
* socat-common-fixes.patch
* socat-ignore-tests-failure-boo1078346.patch
* Tue Feb 04 2020 meissner@suse.com
- socat-common-fixes.patch: include tcpd.h where needed to fix
- fno-common bsc#1160293
* Sat Apr 06 2019 mardnh@gmx.de
- Update to version 1.7.3.3:
* bugfix release, see the CHANGES file for all changes
- Drop patch:
* socat-openssl-1.1-tests.patch (not longer needed)
- Run spec-cleaner
* Mon Sep 10 2018 jengelh@inai.de
- Replace old variables by modern counterparts.
* Thu Aug 30 2018 crrodriguez@opensuse.org
- We HAVE_SSLv23_*_method, just not as functions, but macros
add the relevant defines in the command line so support for
autonegotiation of the highest TLS version is restored.
* Tue Apr 03 2018 kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
* Fri Feb 02 2018 normand@linux.vnet.ibm.com
- Add socat-ignore-tests-failure-boo1078346.patch
flaky test failures PowerPC and s390 , bypass boo#1078346
* Thu Aug 17 2017 meissner@suse.com
- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)
* Mon Apr 10 2017 sweet_f_a@gmx.de
- update to 1.7.3.2, bug fixes:
* fixes uninterruptable hang / CPU loop on host resolution
problems
* some compile problems, and lots of other bugs and porting
issues
- remove fix-linux-errqueue.h-not-found.patch, this build issue
was fixed by upstream
* Tue Feb 02 2016 sweet_f_a@gmx.de
- update to 1.7.3.1, security fixes:
* Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in
OpenSSL" (bnc#938913 and CVE-2015-4000).
* Socat security advisory 8: "Stack overflow in arguments parser"
(bnc#964844)
* Mon Apr 20 2015 sweet_f_a@gmx.de
- test-suite, use a small but safe subset of all tests
- don't remove "example" scripts from builddir, they are needed for
tests
* Tue Apr 14 2015 sweet_f_a@gmx.de
- remove socat-remove_date.patch, export BUILD_DATE instead
(new feature since 1.7.2.4)
- run tests, don't abort yet
- require tcpd-devel only on SUSE systems at build time
* Wed Mar 25 2015 p.drouand@gmail.com
- Update to version 1.7.3.0
* Too many changes to list; please read the CHANGES file for news
- Remove redundant %clean section
- Update fix-linux-errqueue.h-not-found.patch and socat-remove_date.patch
* Sat Oct 25 2014 coolo@suse.com
- correctly apply the patch
* Fri Oct 24 2014 javier@opensuse.org
- Add fix-linux-errqueue.h-not-found.patch
* Tue Mar 11 2014 meissner@suse.com
- updated to 1.7.2.4: minor bugfixes:
This version contains fixes for most of the bugs and porting issues
reported or found in more than two years.
* Mon Mar 03 2014 andreas.stieger@gmx.de
- mention patch in changelog entry, annotate patch
* Sun Feb 02 2014 pascal.bleser@opensuse.org
- update to 1.7.2.3: security fix:
* CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
overflow with data from command line (see socat-secadv5.txt)
- added esocat-remove_date.patch to prevent unneccessary rebuilds,
fixes W: file-contains-date-and-time
* Tue May 28 2013 meissner@suse.com
- updated to 1.7.2.2
This release fixes a security issue: Under certain circumstances,
an FD leak occurs and may be misused for denial-of-service attacks
against socat running in server mode (CVE-2013-3571)
* Mon Mar 04 2013 cfarrell@suse.com
- license update: SUSE-GPL-2.0-with-openssl-exception and MIT
See README
* Sat Mar 02 2013 coolo@suse.com
- update license to new format
* Fri May 25 2012 meissner@suse.com
- udapted to 1.7.2.1
security fix for READLINE bnc#759859
* Wed Dec 21 2011 coolo@suse.com
- remove call to suse_update_config (very old work around)
* Wed Dec 07 2011 meissner@suse.de
- updated to 1.7.2.0
This release allows tun/tap interfaces without IP addresses and
introduces the options openssl-compress and max-children. It fixes 18
bugs and has 11 changes for improved platform support, especially Mac
OS X Lion, DragonFly, and Android.
- socat-unixsalen.patch now upstream.
* Wed Feb 02 2011 meissner@suse.de
- Handle case where a AF_LOCAL socket has no name. bnc#668319
* Mon Aug 02 2010 pascal.bleser@opensuse.org
- update to 1.7.3:
* a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes
* Mon Jan 11 2010 pascal.bleser@opensuse.org
- upgraded to 1.7.1.2:
+ fixes OpenSSL "nonblock" failure
+ fixes 64-bit issues and some minor bugs
- changes from 1.7.1.1:
+ fixes a couple of bugs, some of which could crash socat under some
circumstances
- changes from 1.7.1.0:
+ provides a few new address options to better control its closing behavior
- changes from 1.7.0.1:
* fixes a possible SIGSEGV in listening addresses
* fixes client connections with option connect-timeout failed when the
connections succeeded
* fixes the option end-close "did not apply" to some addresses
* half close of EXEC and SYSTEM addresses might have failed for pipes and
socketpair
* Thu Oct 16 2008 meissner@suse.de
- upgraded to 1.7.0.0
- support for SCTP stream sockets, raw interface, and generic sockets.
- A new option escape allows it to interrupt raw terminal connections.
- Listening and receiving sockets can set a couple of environment variables.
- Base control of System V STREAMS has been added.
- Many corrections were performed.
* Mon Feb 11 2008 lmuelle@suse.de
- Update to version 1.6.0.1.
+ exec:...,pty did not kill child process under some circumstances; fixed
by correcting typo in xio-progcall.c
+ service name resolution failed due to byte order mistake
+ socat would hang when invoked with many file descriptors already opened
fix: replaced FOPEN_MAX with FD_SETSIZE
+ fixed bugs where sub processes would become zombies because the master
process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
+ fixed a bug where sub processes would become zombies because the master
process caught SIGCHLD but did not wait(). this affected addresses
UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
+ corrected option handling with STDIO; usecase: cool-write
+ configure --disable-pty also disabled option waitlock
+ fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
- Update to version 1.6.0.0.
+ new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
and multicast modes
+ new option ip-add-membership for control of multicast group membership
+ new address TUN for generation of Linux TUN/TAP pseudo network
interfaces (suggested by Mat Caughron); associated options tun-device,
tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
+ new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
socklen parameter on system calls.
+ option end-close for control of connection closing allows FD sharing
by sub processes
+ range option supports form address:mask with IPv4
+ changed behaviour of SSL-LISTEN to require and verify client
certificate per default
+ options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
grained locking on regular files
+ fixed bug where only first tcpwrap option was applied; fixed bug where
tcpwrap IPv6 check always failed
and fixing this bug)
+ filan (and socat -D) could hang when a socket was involved
+ corrected PTYs on HP-UX (and maybe others) using STREAMS
+ correct bind with udp6-listen
+ corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
+ corrected problem with read data buffered in OpenSSL layer
+ corrected problem with option readbytes when input stream stayed idle
after so many bytes
+ fixed a bug where a datagram receiver with option fork could fork two
sub processes per packet
- Don't call test.sh as it doesn't pass if called as non root.
- Don't remove the buildroot in the install section.
- Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available.
* Thu Mar 22 2007 ssommer@suse.de
- fix build with newer kernel headers:
some common FS-specific ioctls moved to linux/fs.h
* Mon Jul 17 2006 lmuelle@suse.de
- Update to version 1.5.0.0.
+ new datagram modes for udp, rawip, unix domain sockets
+ socat option -T specifies inactivity timeout
+ rewrote lexical analysis to allow nested socat calls
+ addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
+ socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
+ addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
+ option protocol-family (pf), esp. for openssl-listen
+ range option supports IPv6 - syntax: range=[::1/128]
+ option ipv6-v6only (ipv6only)
+ new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
+ FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
+ support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
+ options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
+ option cool-write controls severeness of write failure (EPIPE,
ECONNRESET)
+ option o-noatime
+ socat option -lh for hostname in log output
+ traffic dumping provides packet headers
+ configure.in became part of distribution
+ socats unpack directory now has full version, e.g. socat-1.5.0.0/
+ corrected docu of option verify
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Apr 26 2005 uli@suse.de
- disabled test on ARM (hangs QEMU)
* Sun Mar 20 2005 lmuelle@suse.de
- Update to version 1.4.2.0.
* Sun Dec 12 2004 lmuelle@suse.de
- Update to version 1.4.1.0.
* Tue Oct 26 2004 lmuelle@suse.de
- Update to version 1.4.0.3.
* Sun Sep 26 2004 lmuelle@suse.de
- Update to version 1.4.0.2.
* Sat Aug 28 2004 lmuelle@suse.de
- Add readline.sh to the examples.
* Fri Aug 27 2004 lmuelle@suse.de
- Update to version 1.4.0.1.
* Mon Jun 14 2004 lmuelle@suse.de
- Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/
BuildRequires.
* Mon Jun 14 2004 lmuelle@suse.de
- Inital SuSE RPM based on source tar ball spec file.
/usr/bin/filan /usr/bin/procan /usr/bin/socat /usr/bin/socat1 /usr/share/doc/packages/socat /usr/share/doc/packages/socat/BUGREPORTS /usr/share/doc/packages/socat/CHANGES /usr/share/doc/packages/socat/DEVELOPMENT /usr/share/doc/packages/socat/EXAMPLES /usr/share/doc/packages/socat/FAQ /usr/share/doc/packages/socat/FILES /usr/share/doc/packages/socat/PORTING /usr/share/doc/packages/socat/README /usr/share/doc/packages/socat/SECURITY /usr/share/doc/packages/socat/VERSION /usr/share/doc/packages/socat/examples /usr/share/doc/packages/socat/examples/daemon.sh /usr/share/doc/packages/socat/examples/ftp.sh /usr/share/doc/packages/socat/examples/mail.sh /usr/share/doc/packages/socat/examples/proxyecho.sh /usr/share/doc/packages/socat/examples/readline.sh /usr/share/licenses/socat /usr/share/licenses/socat/COPYING /usr/share/licenses/socat/COPYING.OpenSSL /usr/share/man/man1/socat.1.gz /usr/share/man/man1/socat1.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:29:13 2025