pkgsrc/net/socat/distinfo

$NetBSD: distinfo,v 1.25 2017/11/11 19:43:06 maya Exp $

SHA1 (socat-1.7.3.2.tar.gz) = 28eca1f8efeadde3f96c1ac89e553c28d736d41d
RMD160 (socat-1.7.3.2.tar.gz) = b20967255460adb348aa90f42aaa6bea062f4b7c
SHA512 (socat-1.7.3.2.tar.gz) = 540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972
Size (socat-1.7.3.2.tar.gz) = 611707 bytes
SHA1 (patch-mytypes.h) = 94df5a47f7fbadf867e0994edeeb857b467021df
SHA1 (patch-test.sh) = f8e123d3e1a71d6ec34dc2dc42c6de0875a47754
socat: improve our ability to run the tests, less use of /bin/bash bump PKGREVISION in case any of those scripts are used at runtime 2017-11-11 20:43:06 +01:00			$NetBSD: distinfo,v 1.25 2017/11/11 19:43:06 maya Exp $
Import socat-1.3.2.2 from pkgsrc-wip. Provided by Adrian Portelli, and slightly modified by me. socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor, a program, or a combination of two of these. These modes include generation of "listening" sockets, pipes and pseudo terminals. 2004-02-14 23:43:38 +01:00
Update net/socat to socat-1.7.3.2 pkgsrc changes: - Take MAINTAINERship Changes: 1.7.3.2 ------- corrections: - SIGSEGV and other signals could lead to a 100% CPU loop - Failing name resolution could lead to SIGSEGV Thanks to Max for reporting this issue. - Include <stddef.h> for ptrdiff_t Thanks to Jeroen Roovers for reporting this issue. - Building with --disable-sycls failed due to missing sslcls.h defines Socat hung when configured with --disable-sycls. - Some minor corrections with includes etc. - Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu for sending a patch. - Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout incorrectly assigned Test: EXEC_NOFORK_UNIDIR Thanks to David Reiss for reporting this problem. - Socat exited with status 0 even when a program invoked with SYSTEM or EXEC failed. Tests: SYSTEM_RC EXEC_RC Issue reported by Felix Winkelmann. - AddressSanitizer reported a few buffer overflows (false positives). Nevertheless fixed Socat source. Issue reported by Hanno BÃ¶ck. - Socat did not use option ipv6-join-group. Test: USE_IPV6_JOIN_GROUP Thanks to Linux Lüssing for sending a patch. - UDP-LISTEN did not honor the max-children option. Test: UDP4MAXCHILDREN UDP6MAXCHILDREN Thanks to Leander Berwers for reporting this issue. - Options so-rcvtimeo and so-sndtimeo do not work with poll()/select() and therefore were useless. Thanks to Steve Borenstein for reporting this issue. - Option dhparam was documented as dhparams. Added the alias name dhparams to fix this. Thanks to Alexander Neumann for sending a patch. - Options shut-down and shut-close did not work. Thanks to Stefan Schimanski for providing a patch. - There was a bug in printing readline log message caused by a misleading indentation. Thanks to Paul Wouters for reporting. - The internal vsnprintf_r function looped or crashed on size parameter with hexadecimal output. - Ignore exit code of child process when it was killed by master due to EOF - Corrected byte order on read of IPV6_TCLASS value from ancillary message - Fixed type of the bool element in options. This had bug caused failures e.g. of ignoreeof on big-endian systems when bool was not based on int. - On systems with predefined bool type whose size differs from int some IPv6 and TCP options (per setsockopt()) failed. - Length of integral data in ancillary messages varies (TOS: 1 byte, TTL: 4 bytes), the old implementation failed for TTL on big-endian hosts. - Fixed an issue in options processing: TUN and DNS flags had failed on big-endian systems and the NO- forms had probable never worked. porting: - Type conflict between int and sig_atomic_t between declaration and definition of diag_immediate_type and diag_immediate_exit broke compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for reporting this bug. - Socat failed to compile on platforms with OpenSSL without DTLSv1_client_method or DTLSv1_server_method. Thanks to Simon Matter for sending a patch. - NuttX OS headers do not provide struct ip, thus socat did not compile. Made struct ip subject to configure. Thanks to SP for reporting this issue. - Socat failed to compile with OpenSSL version 1.0.2d where SSLv3_server_method and SSLv3_client_method are no longer defined. Thanks to Mischa ter Smitten for reporting this issue and providing a patch. - configure checked for OpenSSL EC_KEY assuming it is a define but it is a type, thus OpenSSL ECDHE ciphers failed even on Linux. Thanks to Andrey Arapov for reporting this bug. - Changes to make socat compile with OpenSSL 1.1. Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for providing the base patch. Debian Bug#828550 - Make Socat compatible with BoringSSL. Thanks to Matt Braithwaite for providing a patch. - OpenSSL: Use RAND_status to determine PRNG state Thanks to Adam Langley for providing a patch - AIX-7 uses an extended O_ACCMODE that does not fit socat's internal requirements. Thanks to Garrick Trowsdale for providing a patch - LibreSSL support: check for OPENSSL_NO_COMP Thanks to Bernard Spil for providing a patch testing: - socks4echo.sh and socks4a-echo.sh hung with new bash with read -n - test.sh: stderr; option -v (verbose); FDOUT_ERROR description - improved proxy.sh - it now also takes hostnames - A few corrections in test.sh - DTLS1 test hangs on some distributions. Test is now only performed with OpenSSL 1.0.2 or higher. - More corrections to test.sh that reveal a mistake with IPV6_TCLASS docu: - Corrected source of socat man page to correctly show man references like socket(2); removed obseolete entries from See Also - Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL are correct). Thanks to Zhigang Wang for reporting this issue. - Fixed a couple of English spelling and grammar mistakes. Thanks to Jakub Wild for sending the patches. - NOEXPAND() was not resolved 2 times. - More minor docu corrections legal: - Added contributors to copyright notices. Suggested by Matt Braithwaite. 2017-02-05 21:40:32 +01:00			`SHA1 (socat-1.7.3.2.tar.gz) = 28eca1f8efeadde3f96c1ac89e553c28d736d41d`
			`RMD160 (socat-1.7.3.2.tar.gz) = b20967255460adb348aa90f42aaa6bea062f4b7c`
			`SHA512 (socat-1.7.3.2.tar.gz) = 540658b2a3d1b87673196282e5c62b97681bd0f1d1e4759ff9d72909d11060235ee9e9521a973603c1b00376436a9444248e5fbc0ffac65f8edb9c9bc28e7972`
			`Size (socat-1.7.3.2.tar.gz) = 611707 bytes`
Update socat to 1.7.3.0. From Ben Gergely in PR pkg/49996. ####################### V 1.7.3.0: security: (CVE Id pending) Fixed problems with signal handling caused by use of not async signal safe functions in signal handlers that could freeze socat, allowing denial of service attacks. Many changes in signal handling and the diagnostic messages system were applied to make the code async signal safe but still provide detailled logging from signal handlers: Coded function vsnprintf_r() as async signal safe incomplete substitute of libc vsnprintf() Coded function snprinterr() to replace %m in strings with a system error message Instead of gettimeofday() use clock_gettime() when available Pass Diagnostic messages from signal handler per unix socket to the main program flow Use sigaction() instead of signal() for better control Turn off nested signal handler invocations Thanks to Peter Lobsinger for reporting and explaining this issue. Red Hat issue 1019975: add TLS host name checks OpenSSL client checks if the server certificates names in extensions/subjectAltName/DNS or in subject/commonName match the name used to connect or the value of the openssl-commonname option. Test: OPENSSL_CN_CLIENT_SECURITY OpenSSL server checks if the client certificates names in extensions/subjectAltNames/DNS or subject/commonName match the value of the openssl-commonname option when it is used. Test: OPENSSL_CN_SERVER_SECURITY Red Hat issue 1019964: socat now uses the system certificate store with OPENSSL when neither options cafile nor capath are used Red Hat issue 1019972: needs to specify OpenSSL cipher suites Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to prevent downgrade attacks new features: OpenSSL addresses set couple of environment variables from values in peer certificate, e.g.: SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER, SOCAT_OPENSSL_X509_COMMONNAME, SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_* Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1 Tests: OPENSSL_METHOD_* Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested by Andrey Arapov. Added a new option termios-rawer for ptys. Thanks to Christian Vogelgsang for pointing me to this requirement corrections: Bind with ABSTRACT commands used non-abstract namespace (Linux). Test: ABSTRACT_BIND Thanks to Denis Shatov for reporting this bug. Fixed return value of nestlex() Option ignoreeof on the right address hung. Test: IGNOREEOF_REV Thanks to Franz Fasching for reporting this bug. Address SYSTEM, when terminating, shut down its parent addresses, e.g. an SSL connection which the parent assumed to still be active. Test: SYSTEM_SHUTDOWN Passive (listening or receiving) addresses with empty port field bound to a random port instead of terminating with error. Test: TCP4_NOPORT configure with some combination of disable options produced config files that failed to compile due to missing IPPROTO_TCP. Thanks to Thierry Fournier for report and patch. fixed a few minor bugs with OpenSSL in configure and with messages Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime is required. Thanks to Zhigang Wang for reporting and sending a patch. Christophe Leroy provided a patch that fixes memory leaks reported by valgrind Help for filan -L was bad, is now corrected to: "follow symbolic links instead of showing their properties" Address options fdin and fdout were silently ignored when not applicable due to -u or -U option. Now these combinations are caught as errors. Test: FDOUT_ERROR Issue reported by Hendrik. Added option termios-cfmakeraw that calls cfmakeraw() and is preferred over option raw which is now obsolote. On SysV systems this call is simulated by appropriate setting. Thanks to Youfu Zhang for reporting issue with option raw. porting: Socat included <sys/poll.h> instead of POSIX <poll.h> Thanks to John Spencer for reporting this issue. Version 1.7.2.4 changed the check for gcc in configure.ac; this broke cross compiling. The particular check gets reverted. Thanks to Ross Burton and Danomi Manchego for reporting this issue. Debian Bug#764251: Set the build timestamp to a deterministic time: support external BUILD_DATE env var to allow to build reproducable binaries Joachim Fenkes provided an new adapted spec file. Type bool and macros Min and Max are defined by socat which led to compile errors when they were already provided by build framework. Thanks to Liyu Liu for providing a patch. David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h support and appropriate files in Config/ Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h on Illumos Changes for Openindiana: define _XPG4_2, __EXTENSIONS__, _POSIX_PTHREAD_SEMANTICS; and minor changes Red Hat issue 1182005: socat 1.7.2.4 build failure missing linux/errqueue.h Socat failed to compile on on PPC due to new requirements for including <linux/errqueue.h> and a weakness in the conditional code. Thanks to Michel Normand for reporting this issue. doc: In the man page the PTY example was badly formatted. Thanks to J.F.Sebastian for sending a patch. Added missing CVE ids to security issues in CHANGES testing: Do not distribute testcert.conf with socat source but generate it (and new testcert6.conf) during test.sh run. ####################### V 1.7.2.4: corrections: LISTEN based addresses applied some address options, e.g. so-keepalive, to the listening file descriptor instead of the connected file descriptor Thanks to Ulises Alonso for reporting this bug make failed after configure with non gcc compiler due to missing include. Thanks to Horacio Mijail for reporting this problem configure checked for --disable-rawsocket but printed --disable-genericsocket in the help text. Thanks to Ben Gardiner for reporting and patching this bug In xioshutdown() a wrong branch was chosen after RECVFROM type addresses. Probably no impact. Thanks to David Binderman for reproting this issue. procan could not cleanly format ulimit values longer than 16 decimal digits. Thanks to Frank Dana for providing a patch that increases field width to 24 digits. OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with "Invalid argument" Thanks to Emile den Tex for reporting this bug. Changed some variable definitions to make gcc -O2 aliasing checker happy Thanks to Ilya Gordeev for reporting these warnings On big endian platforms with type long >32bit the range option applied a bad base address. Thanks to hejia hejia for reporting and fixing this bug. Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy() uses Red Hat issue 1021958: fixed a bug with faulty buffer/data length calculation in xio-ascii.c:_xiodump() Red Hat issue 1021972: fixed a missing NUL termination in return string of sysutils.c:sockaddr_info() for the AF_UNIX case fixed some typos and minor issues, including: Red Hat issue 1021967: formatting error in manual page UNIX-LISTEN with fork option did not remove the socket file system entry when exiting. Other file system based passive address types had similar issues or failed to apply options umask, user e.a. Thanks to Lorenzo Monti for pointing me to this issue porting: Red Hat issue 1020203: configure checks fail with some compilers. Use case: clang Performed changes for Fedora release 19 Adapted, improved test.sh script Red Hat issue 1021429: getgroupent fails with large number of groups; use getgrouplist() when available instead of sequence of calls to getgrent() Red Hat issue 1021948: snprintf API change; Implemented xio_snprintf() function as wrapper that tries to emulate C99 behaviour on old glibc systems, and adapted all affected calls appropriately Mike Frysinger provided a patch that supports long long for time_t, socklen_t and a few other libc types. Artem Mygaiev extended Cedril Priscals Android build script with pty code The check for fips.h required stddef.h Thanks to Matt Hilt for reporting this issue and sending a patch Check for linux/errqueue.h failed on some systems due to lack of linux/types.h inclusion. Thanks to Michael Vastola for sending a patch. autoconf now prefers configure.ac over configure.in Thanks to Michael Vastola for sending a patch. type of struct cmsghdr.cmsg is system dependend, determine it with configure; some more print format corrections docu: libwrap always logs to syslog added actual text version of GPLv2 2015-07-25 16:43:23 +02:00			`SHA1 (patch-mytypes.h) = 94df5a47f7fbadf867e0994edeeb857b467021df`
socat: improve our ability to run the tests, less use of /bin/bash bump PKGREVISION in case any of those scripts are used at runtime 2017-11-11 20:43:06 +01:00			`SHA1 (patch-test.sh) = f8e123d3e1a71d6ec34dc2dc42c6de0875a47754`