Next | Query returned 51 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2020-05-18 13:19:13 by Nia Alarie | Files touched by this commit (3) | Package updated
Log message:
socat: Update to 1.7.3.4

####################### V 1.7.3.4:

Corrections:
	Header of xiotermios_speed() declared parameter unsigned int instead of
	speed_t, thus compiling failed on MacOS
	Thanks to Joe Strout and others for reporting this bug.
	Thanks to Andrew Childs and others for sending a patch.

	Under certain circumstances, termios options of the first address were
	applied to the second address, resulting in error
	"Inappropriate ioctl for device"
	This affected version 1.7.3.3 only.
	Test: TERMIOS_PH_ALL
	Thanks to Ivan J. for reporting this issue.

	Socat failed to compile when no poll() system call was found by
	configure.
	Thanks to Jason White for sending a patch.

	Due to use of SSL_CTX_clear_mode() Socat failed to compile on old
	systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B.
	for reporting this problem and sending initial patches.

	getaddrinfo() in IP4-SENDTO and IP6-SENDTO addresses failed with
	"ai_socktype not supported" when protocol 6 was addressed.
	The fix removes the possibility to use service names with SCTP.
	Test: IP_SENDTO_6
	Thanks to Sören for sending an initial patch.

	Under certain circumstances, Socat printed the "socket ... is at EOF"
	multiple times.
	Test: MULTIPLE_EOF

	Newer parts of test.sh used substitutions ${x,,*} or ${x^^*} that are
	not implemented in older bash versions.
   2020-02-09 14:19:55 by Jaromir Dolecek | Files touched by this commit (1)
Log message:
actually remove the hacks.mk file
   2020-02-09 14:19:10 by Jaromir Dolecek | Files touched by this commit (1)
Log message:
remove the Darwin BIND 8 hack, it's using bind9 for at least a decade already
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-06-25 18:43:48 by Amitai Schleier | Files touched by this commit (2)
Log message:
Use speed_t to match definition, fixing at least OS X build.
   2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423)
Log message:
*: Move SUBST_STAGE from post-patch to pre-configure

Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
   2017-11-11 20:43:06 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
socat: improve our ability to run the tests, less use of /bin/bash

bump PKGREVISION in case any of those scripts are used at runtime
   2017-02-05 21:40:32 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
Update net/socat to socat-1.7.3.2

pkgsrc changes:
 - Take MAINTAINERship

Changes:
1.7.3.2
-------
corrections:
 - SIGSEGV and other signals could lead to a 100% CPU loop
 - Failing name resolution could lead to SIGSEGV
   Thanks to Max for reporting this issue.
 - Include <stddef.h> for ptrdiff_t
   Thanks to Jeroen Roovers for reporting this issue.
 - Building with --disable-sycls failed due to missing sslcls.h defines
   Socat hung when configured with --disable-sycls.
 - Some minor corrections with includes etc.
 - Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
   for sending a patch.
 - Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
   incorrectly assigned
   Test: EXEC_NOFORK_UNIDIR
   Thanks to David Reiss for reporting this problem.
 - Socat exited with status 0 even when a program invoked with SYSTEM or
   EXEC failed.
   Tests: SYSTEM_RC EXEC_RC
   Issue reported by Felix Winkelmann.
 - AddressSanitizer reported a few buffer overflows (false positives).
   Nevertheless fixed Socat source.
   Issue reported by Hanno Böck.
 - Socat did not use option ipv6-join-group.
   Test: USE_IPV6_JOIN_GROUP
   Thanks to Linux Lüssing for sending a patch.
 - UDP-LISTEN did not honor the max-children option.
   Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
   Thanks to Leander Berwers for reporting this issue.
 - Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
   and therefore were useless.
   Thanks to Steve Borenstein for reporting this issue.
 - Option dhparam was documented as dhparams. Added the alias name
   dhparams to fix this.
   Thanks to Alexander Neumann for sending a patch.
 - Options shut-down and shut-close did not work.
   Thanks to Stefan Schimanski for providing a patch.
 - There was a bug in printing readline log message caused by a misleading
   indentation.
   Thanks to Paul Wouters for reporting.
 - The internal vsnprintf_r function looped or crashed on size parameter
   with hexadecimal output.
 - Ignore exit code of child process when it was killed by master due to
   EOF
 - Corrected byte order on read of IPV6_TCLASS value from ancillary
   message
 - Fixed type of the bool element in options. This had bug caused failures
   e.g. of ignoreeof on big-endian systems when bool was not based on int.
 - On systems with predefined bool type whose size differs from int some
   IPv6 and TCP options (per setsockopt()) failed.
 - Length of integral data in ancillary messages varies (TOS: 1 byte,
   TTL: 4 bytes), the old implementation failed for TTL on big-endian
   hosts.
 - Fixed an issue in options processing: TUN and DNS flags had failed on
   big-endian systems and the NO- forms had probable never worked.

porting:
 - Type conflict between int and sig_atomic_t between declaration and
   definition of diag_immediate_type and diag_immediate_exit broke
   compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
   reporting this bug.
 - Socat failed to compile on platforms with OpenSSL without
   DTLSv1_client_method or DTLSv1_server_method.
   Thanks to Simon Matter for sending a patch.
 - NuttX OS headers do not provide struct ip, thus socat did not compile.
   Made struct ip subject to configure.
   Thanks to SP for reporting this issue.
 - Socat failed to compile with OpenSSL version 1.0.2d where
   SSLv3_server_method and SSLv3_client_method are no longer defined.
   Thanks to Mischa ter Smitten for reporting this issue and providing
   a patch.
 - configure checked for OpenSSL EC_KEY assuming it is a define but it
   is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
   Thanks to Andrey Arapov for reporting this bug.
 - Changes to make socat compile with OpenSSL 1.1.
   Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
   providing the base patch.
   Debian Bug#828550
 - Make Socat compatible with BoringSSL.
   Thanks to Matt Braithwaite for providing a patch.
 - OpenSSL: Use RAND_status to determine PRNG state
   Thanks to Adam Langley for providing a patch
 - AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
   requirements. Thanks to Garrick Trowsdale for providing a patch
 - LibreSSL support: check for OPENSSL_NO_COMP
   Thanks to Bernard Spil for providing a patch

testing:
 - socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
 - test.sh: stderr; option -v (verbose); FDOUT_ERROR description
 - improved proxy.sh - it now also takes hostnames
 - A few corrections in test.sh
 - DTLS1 test hangs on some distributions. Test is now only performed
   with OpenSSL 1.0.2 or higher.
 - More corrections to test.sh that reveal a mistake with IPV6_TCLASS

docu:
 - Corrected source of socat man page to correctly show man references
   like socket(2); removed obseolete entries from See Also
 - Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
   that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
   are correct).
   Thanks to Zhigang Wang for reporting this issue.
 - Fixed a couple of English spelling and grammar mistakes.
   Thanks to Jakub Wild for sending the patches.
 - NOEXPAND() was not resolved 2 times.
 - More minor docu corrections

legal:
 - Added contributors to copyright notices. Suggested by Matt Braithwaite.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-02 17:08:01 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
Update net/socat to 1.7.3.1.

Changes:
####################### V 1.7.3.1:
security:
  Socat security advisory 8
  A stack overflow in vulnerability was found that can be triggered when
  command line arguments (complete address specifications, host names,
  file names) are longer than 512 bytes.
  Successful exploitation might allow an attacker to execute arbitrary
  code with the privileges of the socat process.
  This vulnerability can only be exploited when an attacker is able to
  inject data into socat's command line.
  A vulnerable scenario would be a CGI script that reads data from clients
  and uses (parts of) this data as hostname for a Socat invocation.
  Test: NESTEDOVFL
  Credits to Takumi Akiyama for finding and reporting this issue.

  Socat security advisory 7
  MSVR-1499
  In the OpenSSL address implementation the hard coded 1024 bit DH p
  parameter was not prime. The effective cryptographic strength of a key
  exchange using these parameters was weaker than the one one could get by
  using a prime p. Moreover, since there is no indication of how these
  parameters were chosen, the existence of a trapdoor that makes possible
  for an eavesdropper to recover the shared secret from a key exchange
  that uses them cannot be ruled out.
  Futhermore, 1024bit is not considered sufficiently secure.
  Fix: generated a new 2048bit prime.
  Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
  Research (MSVR) for finding and reporting this issue.

Next | Query returned 51 messages, browsing 1 to 10 | Previous