./net/socat, netcat++ (extended design, new implementation)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2014Q2, Version: 1.7.2.2nb1, Package name: socat-1.7.2.2nb1, Maintainer: pkgsrc-users

socat is a relay for bidirectional data transfer between two
independent data channels. Each of these data channels may be a file,
pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX,
IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a
file descriptor (stdin etc.), the GNU line editor, a program, or a
combination of two of these. These modes include generation of
"listening" sockets, pipes and pseudo terminals.


Required to run:
[devel/readline]


Package options: inet6

Master sites:

SHA1: 588294c17373d52a8ac877dcd599ef26f14b110b
RMD160: 465923e2163530a99b40647865aee9ade62b0ebc
Filesize: 551.683 KB

Version history: (Expand)


CVS history: (Expand)


   2014-09-19 13:30:10 by Matthias Scheler | Files touched by this commit (5) | Package updated
Log message:
Pullup ticket #4494 - requested by rodent
net/socat: security update

Revisions pulled up:
- net/socat/Makefile                                            1.32
- net/socat/distinfo                                            1.20
- net/socat/patches/patch-aa                                    deleted
- net/socat/patches/patch-configure                             1.2
- net/socat/patches/patch-mytypes.h                             1.2

---
   Module Name:	pkgsrc
   Committed By:	rodent
   Date:		Sun Sep  7 23:24:56 UTC 2014

   Modified Files:
   	pkgsrc/net/socat: Makefile distinfo
   	pkgsrc/net/socat/patches: patch-configure patch-mytypes.h
   Removed Files:
   	pkgsrc/net/socat/patches: patch-aa

   Log message:
   Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019.
   patches/patch-aa seems to have been committed upstream. Passing readline
   location to configure and fixing CCOPTS in Makefile.in seems to not be
   necessary anymore. From CHANGES:

   ####################### V 1.7.2.4:

   corrections:
   	LISTEN based addresses applied some address options, e.g. so-keepalive,
   	to the listening file descriptor instead of the connected file
   	descriptor

   	make failed after configure with non gcc compiler due to missing
   	include.

   	configure checked for --disable-rawsocket but printed
   	--disable-genericsocket in the help text.

   	In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
   	Probably no impact.

   	procan could not cleanly format ulimit values longer than 16 decimal
   	digits. Thanks to Frank Dana for providing a patch that increases field
   	width to 24 digits.

   	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
   	"Invalid argument"

   	Changed some variable definitions to make gcc -O2 aliasing checker happy

   	On big endian platforms with type long >32bit the range option applied a
   	bad base address.

   	Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()

   	Red Hat issue 1022063: out-of-range shifts on net mask bits

   	Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()

   	Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
   	uses

   	Red Hat issue 1021958: fixed a bug with faulty buffer/data length
   	calculation in xio-ascii.c:_xiodump()

   	Red Hat issue 1021972: fixed a missing NUL termination in return string
   	of sysutils.c:sockaddr_info() for the AF_UNIX case

   	fixed some typos and minor issues, including:
   	Red Hat issue 1021967: formatting error in manual page

   	UNIX-LISTEN with fork option did not remove the socket file system entry
   	when exiting. Other file system based passive address types had similar
   	issues or failed to apply options umask, user e.a.

   porting:
   	Red Hat issue 1020203: configure checks fail with some compilers.
   	Use case: clang

   	Performed changes for Fedora release 19

   	Adapted, improved test.sh script

   	Red Hat issue 1021429: getgroupent fails with large number of groups;
   	use getgrouplist() when available instead of sequence of calls to
   	getgrent()

   	Red Hat issue 1021948: snprintf API change;
   	Implemented xio_snprintf() function as wrapper that tries to emulate C99
   	behaviour on old glibc systems, and adapted all affected calls
   	appropriately

   	Mike Frysinger provided a patch that supports long long for time_t,
   	socklen_t and a few other libc types.

   	Artem Mygaiev extended Cedril Priscals Android build script with pty code

   	The check for fips.h required stddef.h

   	Check for linux/errqueue.h failed on some systems due to lack of
   	linux/types.h inclusion.

   	autoconf now prefers configure.ac over configure.in

   	type of struct cmsghdr.cmsg is system dependend, determine it with
   	configure; some more print format corrections

   docu:
   	libwrap always logs to syslog

   	added actual text version of GPLv2

   ####################### V 1.7.2.3:

   security:
   	CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
   	overflow with data from command line (see socat-secadv5.txt)