File socat.changes of Package socat.36762
-------------------------------------------------------------------
Tue Dec 10 10:42:17 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Security fix for readline.sh: arbitrary file overwrite (bsc#1225462)
- add CVE-2024-54661.patch
-------------------------------------------------------------------
Thu Feb 4 10:52:55 UTC 2016 - psimons@suse.de
- bnc#964844: Fixed security advisory 8, Stack overflow in parser,
<http://www.openwall.com/lists/oss-security/2016/02/01/5>, by applying
security-advisory-8-stack-overflow-in-parser.patch.
- bnc#938913: Improved resilience against Logjam attacks (CVE-2015-4000)
by increasing the size of the default DH group from 512 to 2048 bit
via increase-dh-group-size-to-defend-against-logjam-1.patch and
increase-dh-group-size-to-defend-against-logjam-2.patch. This change
avoids the non-prime 1024 bit DH p parameter in OpenSSL
<http://www.dest-unreach.org/socat/contrib/socat-secadv7.html>.
-------------------------------------------------------------------
Tue Mar 11 07:05:34 UTC 2014 - meissner@suse.com
- updated to 1.7.2.4: minor bugfixes:
This version contains fixes for most of the bugs and porting issues
reported or found in more than two years.
-------------------------------------------------------------------
Mon Mar 3 19:35:45 UTC 2014 - andreas.stieger@gmx.de
- mention patch in changelog entry, annotate patch
-------------------------------------------------------------------
Sun Feb 02 10:09:04 UTC 2014 - pascal.bleser@opensuse.org
- update to 1.7.2.3: security fix:
* CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
overflow with data from command line (see socat-secadv5.txt)
- added esocat-remove_date.patch to prevent unneccessary rebuilds,
fixes W: file-contains-date-and-time
-------------------------------------------------------------------
Tue May 28 13:27:12 UTC 2013 - meissner@suse.com
- updated to 1.7.2.2
This release fixes a security issue: Under certain circumstances,
an FD leak occurs and may be misused for denial-of-service attacks
against socat running in server mode (CVE-2013-3571)
-------------------------------------------------------------------
Mon Mar 4 11:20:27 UTC 2013 - cfarrell@suse.com
- license update: SUSE-GPL-2.0-with-openssl-exception and MIT
See README
-------------------------------------------------------------------
Sat Mar 2 08:13:52 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Fri May 25 14:15:08 UTC 2012 - meissner@suse.com
- udapted to 1.7.2.1
security fix for READLINE bnc#759859
-------------------------------------------------------------------
Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com
- remove call to suse_update_config (very old work around)
-------------------------------------------------------------------
Wed Dec 7 17:49:55 CET 2011 - meissner@suse.de
- updated to 1.7.2.0
This release allows tun/tap interfaces without IP addresses and
introduces the options openssl-compress and max-children. It fixes 18
bugs and has 11 changes for improved platform support, especially Mac
OS X Lion, DragonFly, and Android.
- socat-unixsalen.patch now upstream.
-------------------------------------------------------------------
Wed Feb 2 18:23:27 CET 2011 - meissner@suse.de
- Handle case where a AF_LOCAL socket has no name. bnc#668319
-------------------------------------------------------------------
Mon Aug 2 08:31:55 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.7.3:
* a stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes
-------------------------------------------------------------------
Mon Jan 11 08:24:32 UTC 2010 - pascal.bleser@opensuse.org
- upgraded to 1.7.1.2:
+ fixes OpenSSL "nonblock" failure
+ fixes 64-bit issues and some minor bugs
- changes from 1.7.1.1:
+ fixes a couple of bugs, some of which could crash socat under some
circumstances
- changes from 1.7.1.0:
+ provides a few new address options to better control its closing behavior
- changes from 1.7.0.1:
* fixes a possible SIGSEGV in listening addresses
* fixes client connections with option connect-timeout failed when the
connections succeeded
* fixes the option end-close "did not apply" to some addresses
* half close of EXEC and SYSTEM addresses might have failed for pipes and
socketpair
-------------------------------------------------------------------
Thu Oct 16 09:56:41 CEST 2008 - meissner@suse.de
- upgraded to 1.7.0.0
- support for SCTP stream sockets, raw interface, and generic sockets.
- A new option escape allows it to interrupt raw terminal connections.
- Listening and receiving sockets can set a couple of environment variables.
- Base control of System V STREAMS has been added.
- Many corrections were performed.
-------------------------------------------------------------------
Mon Feb 11 10:24:33 CET 2008 - lmuelle@suse.de
- Update to version 1.6.0.1.
+ exec:...,pty did not kill child process under some circumstances; fixed
by correcting typo in xio-progcall.c
+ service name resolution failed due to byte order mistake
+ socat would hang when invoked with many file descriptors already opened
fix: replaced FOPEN_MAX with FD_SETSIZE
+ fixed bugs where sub processes would become zombies because the master
process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
+ fixed a bug where sub processes would become zombies because the master
process caught SIGCHLD but did not wait(). this affected addresses
UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
+ corrected option handling with STDIO; usecase: cool-write
+ configure --disable-pty also disabled option waitlock
+ fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
- Update to version 1.6.0.0.
+ new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
and multicast modes
+ new option ip-add-membership for control of multicast group membership
+ new address TUN for generation of Linux TUN/TAP pseudo network
interfaces (suggested by Mat Caughron); associated options tun-device,
tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
+ new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
socklen parameter on system calls.
+ option end-close for control of connection closing allows FD sharing
by sub processes
+ range option supports form address:mask with IPv4
+ changed behaviour of SSL-LISTEN to require and verify client
certificate per default
+ options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
grained locking on regular files
+ fixed bug where only first tcpwrap option was applied; fixed bug where
tcpwrap IPv6 check always failed
and fixing this bug)
+ filan (and socat -D) could hang when a socket was involved
+ corrected PTYs on HP-UX (and maybe others) using STREAMS
+ correct bind with udp6-listen
+ corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
+ corrected problem with read data buffered in OpenSSL layer
+ corrected problem with option readbytes when input stream stayed idle
after so many bytes
+ fixed a bug where a datagram receiver with option fork could fork two
sub processes per packet
- Don't call test.sh as it doesn't pass if called as non root.
- Don't remove the buildroot in the install section.
- Remove patch as linux/fs.h is included if HAVE_LINUX_FS_H is available.
-------------------------------------------------------------------
Thu Mar 22 10:18:31 CET 2007 - ssommer@suse.de
- fix build with newer kernel headers:
some common FS-specific ioctls moved to linux/fs.h
-------------------------------------------------------------------
Mon Jul 17 12:43:39 CEST 2006 - lmuelle@suse.de
- Update to version 1.5.0.0.
+ new datagram modes for udp, rawip, unix domain sockets
+ socat option -T specifies inactivity timeout
+ rewrote lexical analysis to allow nested socat calls
+ addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
+ socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
+ addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
+ option protocol-family (pf), esp. for openssl-listen
+ range option supports IPv6 - syntax: range=[::1/128]
+ option ipv6-v6only (ipv6only)
+ new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
+ FIPS version of OpenSSL can be integrated - initial patch provided by
David Acker. See README.FIPS
+ support for resolver options res-debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, dnsrch
+ options for file attributes on advanced filesystems (ext2, ext3,
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
ext2-noatime, journal-data etc.
+ option cool-write controls severeness of write failure (EPIPE,
ECONNRESET)
+ option o-noatime
+ socat option -lh for hostname in log output
+ traffic dumping provides packet headers
+ configure.in became part of distribution
+ socats unpack directory now has full version, e.g. socat-1.5.0.0/
+ corrected docu of option verify
-------------------------------------------------------------------
Wed Jan 25 21:41:44 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Apr 26 15:20:20 CEST 2005 - uli@suse.de
- disabled test on ARM (hangs QEMU)
-------------------------------------------------------------------
Sun Mar 20 20:14:32 CET 2005 - lmuelle@suse.de
- Update to version 1.4.2.0.
-------------------------------------------------------------------
Sun Dec 12 15:51:50 CET 2004 - lmuelle@suse.de
- Update to version 1.4.1.0.
-------------------------------------------------------------------
Tue Oct 26 23:18:18 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.3.
-------------------------------------------------------------------
Mon Sep 27 00:26:39 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.2.
-------------------------------------------------------------------
Sat Aug 28 15:33:21 CEST 2004 - lmuelle@suse.de
- Add readline.sh to the examples.
-------------------------------------------------------------------
Fri Aug 27 16:25:49 CEST 2004 - lmuelle@suse.de
- Update to version 1.4.0.1.
-------------------------------------------------------------------
Mon Jun 14 15:21:13 CEST 2004 - lmuelle@suse.de
- Add openssl-devel, readline-devel, and tcpd-devel to neededforbuild/
BuildRequires.
-------------------------------------------------------------------
Mon Jun 14 12:30:55 CEST 2004 - lmuelle@suse.de
- Inital SuSE RPM based on source tar ball spec file.
