2008-01-27 12:00:08 +00:00
|
|
|
|
|
2008-02-17 13:59:16 +00:00
|
|
|
|
####################### V 2.0.0-b1:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
address chains consisting of inter and endpoint addresses, linked with
|
|
|
|
|
'|' (pipe character)
|
|
|
|
|
|
|
|
|
|
reverting inter addresses
|
|
|
|
|
|
|
|
|
|
dual type inter addresses
|
|
|
|
|
|
|
|
|
|
changed form of dual addresses from in!!out to out%in
|
|
|
|
|
|
|
|
|
|
address overloading per parameter number, inter/endpoint type, and
|
|
|
|
|
supported transfer directions
|
|
|
|
|
|
|
|
|
|
derived new inter addresses OPENSSL-CLIENT, OPENSSL-SERVER,
|
|
|
|
|
PROXY-CLIENT, SOCKS4-CLIENT, SOCKS4A-CLIENT from related old addresses
|
|
|
|
|
|
|
|
|
|
new inter address SOCKS5-CLIENT
|
|
|
|
|
|
|
|
|
|
new inter address NOP
|
|
|
|
|
|
|
|
|
|
new inter address TEST, TESTUNI, TESTREV
|
|
|
|
|
|
|
|
|
|
new form of PTY address with symlink paramater
|
|
|
|
|
|
|
|
|
|
new form of FD address with output/input fd numbers
|
|
|
|
|
|
2008-01-27 12:00:08 +00:00
|
|
|
|
####################### V 1.6.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
|
|
|
|
|
and multicast modes
|
|
|
|
|
|
|
|
|
|
new option ip-add-membership for control of multicast group membership
|
|
|
|
|
|
|
|
|
|
new address TUN for generation of Linux TUN/TAP pseudo network
|
|
|
|
|
interfaces (suggested by Mat Caughron); associated options tun-device,
|
|
|
|
|
tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
|
|
|
|
|
|
|
|
|
|
new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
|
|
|
|
|
ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
|
|
|
|
|
on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
|
|
|
|
|
socklen parameter on system calls.
|
|
|
|
|
|
|
|
|
|
option end-close for control of connection closing allows FD sharing
|
|
|
|
|
by sub processes
|
|
|
|
|
|
|
|
|
|
range option supports form address:mask with IPv4
|
|
|
|
|
|
|
|
|
|
changed behaviour of SSL-LISTEN to require and verify client
|
|
|
|
|
certificate per default
|
|
|
|
|
|
|
|
|
|
options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
|
|
|
|
|
grained locking on regular files
|
|
|
|
|
|
|
|
|
|
uninstall target in Makefile (lack reported by Zeeshan Ali)
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
fixed bug where only first tcpwrap option was applied; fixed bug where
|
|
|
|
|
tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
|
|
|
|
|
and fixing this bug)
|
|
|
|
|
|
|
|
|
|
filan (and socat -D) could hang when a socket was involved
|
|
|
|
|
|
|
|
|
|
corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
|
|
|
|
|
Roberto Mackun)
|
|
|
|
|
|
|
|
|
|
correct bind with udp6-listen (thanks to Jan Horak for reporting this
|
|
|
|
|
bug)
|
|
|
|
|
|
|
|
|
|
corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
|
|
|
|
|
(thanks to Leo Zhadanovsky for reporting this problem)
|
|
|
|
|
|
|
|
|
|
corrected problem with read data buffered in OpenSSL layer (thanks to
|
|
|
|
|
Jon Nelson for reporting this bug)
|
|
|
|
|
|
|
|
|
|
corrected problem with option readbytes when input stream stayed idle
|
|
|
|
|
after so many bytes
|
|
|
|
|
|
|
|
|
|
fixed a bug where a datagram receiver with option fork could fork two
|
|
|
|
|
sub processes per packet
|
|
|
|
|
|
|
|
|
|
further changes:
|
|
|
|
|
moved documentation to new doc/ subdir
|
|
|
|
|
|
|
|
|
|
new documents (kind of mini tutorials) are provided in doc/
|
|
|
|
|
|
|
|
|
|
####################### V 1.5.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
new datagram modes for udp, rawip, unix domain sockets
|
|
|
|
|
|
|
|
|
|
socat option -T specifies inactivity timeout
|
|
|
|
|
|
|
|
|
|
rewrote lexical analysis to allow nested socat calls
|
|
|
|
|
|
|
|
|
|
addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
|
|
|
|
|
|
|
|
|
|
socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
|
|
|
|
|
SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
|
|
|
|
|
|
|
|
|
|
addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
|
|
|
|
|
|
|
|
|
|
option protocol-family (pf), esp. for openssl-listen
|
|
|
|
|
|
|
|
|
|
range option supports IPv6 - syntax: range=[::1/128]
|
|
|
|
|
|
|
|
|
|
option ipv6-v6only (ipv6only)
|
|
|
|
|
|
|
|
|
|
new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
|
|
|
|
|
|
|
|
|
|
FIPS version of OpenSSL can be integrated - initial patch provided by
|
|
|
|
|
David Acker. See README.FIPS
|
|
|
|
|
|
|
|
|
|
support for resolver options res-debug, aaonly, usevc, primary, igntc,
|
|
|
|
|
recurse, defnames, stayopen, dnsrch
|
|
|
|
|
|
|
|
|
|
options for file attributes on advanced filesystems (ext2, ext3,
|
|
|
|
|
reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
|
|
|
|
|
ext2-noatime, journal-data etc.
|
|
|
|
|
|
|
|
|
|
option cool-write controls severeness of write failure (EPIPE,
|
|
|
|
|
ECONNRESET)
|
|
|
|
|
|
|
|
|
|
option o-noatime
|
|
|
|
|
|
|
|
|
|
socat option -lh for hostname in log output
|
|
|
|
|
|
|
|
|
|
traffic dumping provides packet headers
|
|
|
|
|
|
|
|
|
|
configure.in became part of distribution
|
|
|
|
|
|
|
|
|
|
socats unpack directory now has full version, e.g. socat-1.5.0.0/
|
|
|
|
|
|
|
|
|
|
corrected docu of option verify
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
|
|
|
|
|
|
|
|
|
|
exec with pipes,stderr produced error
|
|
|
|
|
|
|
|
|
|
setuid-early was ignored with many address types
|
|
|
|
|
|
|
|
|
|
some minor corrections
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.3.1:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
PROBLEM: UNIX socket listen accepted only one (or a few) connections.
|
|
|
|
|
FIX: do not remove listening UNIX socket in child process
|
|
|
|
|
|
|
|
|
|
PROBLEM: SIGSEGV when TCP part of SSL connect failed
|
|
|
|
|
FIX: check ssl pointer before calling SSL_shutdown
|
|
|
|
|
|
|
|
|
|
In debug mode, show connect client port even when connect fails
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.3.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
socat options -L, -W for application level locking
|
|
|
|
|
|
|
|
|
|
options "lockfile", "waitlock" for address level locking
|
|
|
|
|
(Stefan Luethje)
|
|
|
|
|
|
|
|
|
|
option "readbytes" limits read length (Adam Osuchowski)
|
|
|
|
|
|
|
|
|
|
option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
|
|
|
|
|
|
|
|
|
|
pty symlink, unix listen socket, and named pipe are per default removed
|
|
|
|
|
after use; option unlink-close overrides this new behaviour and also
|
|
|
|
|
controls removal of other socat generated files (Stefan Luethje)
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
option "retry" did not work with tcp-listen
|
|
|
|
|
|
|
|
|
|
EPIPE condition could result in a 100% CPU loop
|
|
|
|
|
|
|
|
|
|
further changes:
|
|
|
|
|
support systems without SHUT_RD etc.
|
|
|
|
|
handle more size_t types
|
|
|
|
|
try to find makedepend options with gcc 3 (richard/OpenMacNews)
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.2.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
option "connect-timeout" limits wait time for connect operations
|
|
|
|
|
(requested by Giulio Orsero)
|
|
|
|
|
|
|
|
|
|
option "dhparam" for explicit Diffie-Hellman parameter file
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
support for OpenSSL DSA certificates (Miika Komu)
|
|
|
|
|
|
|
|
|
|
create install directories before copying files (Miika Komu)
|
|
|
|
|
|
|
|
|
|
when exiting on signal, return status 128+signum instead of 1
|
|
|
|
|
|
|
|
|
|
on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
|
|
|
|
|
Mantinan)
|
|
|
|
|
|
|
|
|
|
-lu could cause a core dump on long messages
|
|
|
|
|
|
|
|
|
|
further changes:
|
|
|
|
|
modifications to simplify using socats features in applications
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.1.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
option "wait-slave" blocks open of pty master side until a client
|
|
|
|
|
connects, "pty-intervall" controls polling
|
|
|
|
|
|
|
|
|
|
option -h as synonym to -? for help (contributed by Christian
|
|
|
|
|
Lademann)
|
|
|
|
|
|
|
|
|
|
filan prints formatted time stamps and rdev (disable with -r)
|
|
|
|
|
|
|
|
|
|
redirect filan's output, so stdout is not affected (contributed by
|
|
|
|
|
Luigi Iotti)
|
|
|
|
|
|
|
|
|
|
filan option -L to follow symbolic links
|
|
|
|
|
|
|
|
|
|
filan shows termios control characters
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
proxy address no longer performs unsolicited retries
|
|
|
|
|
|
|
|
|
|
filan -f no longer needs read permission to analyze a file (but still
|
|
|
|
|
needs access permission to directory, of course)
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
Option dsusp
|
|
|
|
|
FreeBSD options noopt, nopush, md5sig
|
|
|
|
|
OpenBSD options sack-disable, signature-enable
|
|
|
|
|
HP-UX, Solaris options abort-threshold, conn-abort-threshold
|
|
|
|
|
HP-UX options b900, b3600, b7200
|
|
|
|
|
Tru64/OSF1 options keepinit, paws, sackena, tsoptena
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
address pty now uses ptmx as default if openpty is also available
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.0.3:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
fix to a syslog() based format string vulnerability that can lead to
|
|
|
|
|
remote code execution. See advisory socat-adv-1.txt
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.0.2:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
exec'd write-only addresses get a chance to flush before being killed
|
|
|
|
|
|
|
|
|
|
error handler: print notice on error-exit
|
|
|
|
|
|
|
|
|
|
filan printed wrong file type information
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.0.1:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
socks4a constructed invalid header. Problem found, reported, and fixed
|
|
|
|
|
by Thomas Themel, by Peter Palfrader, and by rik
|
|
|
|
|
|
|
|
|
|
with nofork, don't forget to apply some process related options
|
|
|
|
|
(chroot, setsid, setpgid, ...)
|
|
|
|
|
|
|
|
|
|
####################### V 1.4.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
simple openssl server (ssl-l), experimental openssl trust
|
|
|
|
|
|
|
|
|
|
new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
|
|
|
|
|
openssl
|
|
|
|
|
|
|
|
|
|
new options "retry", "forever", and "intervall"
|
|
|
|
|
|
|
|
|
|
option "fork" for address TCP improves `gender changer<65>
|
|
|
|
|
|
|
|
|
|
options "sigint", "sigquit", and "sighup" control passing of signals to
|
|
|
|
|
sub process (thanks to David Shea who contributed to this issue)
|
|
|
|
|
|
|
|
|
|
readline takes respect to the prompt issued by the peer address
|
|
|
|
|
|
|
|
|
|
options "prompt" and "noprompt" allow to override readline's new
|
|
|
|
|
default behaviour
|
|
|
|
|
|
|
|
|
|
readline supports invisible password with option "noecho"
|
|
|
|
|
|
|
|
|
|
socat option -lp allows to set hostname in log output
|
|
|
|
|
|
|
|
|
|
socat option -lu turns on microsecond resolution in log output
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
before reading available data, check if writing on other channel is
|
|
|
|
|
possible
|
|
|
|
|
|
|
|
|
|
tcp6, udp6: support hostname specification (not only IP address), and
|
|
|
|
|
map IP4 names to IP6 addresses
|
|
|
|
|
|
|
|
|
|
openssl client checks server certificate per default
|
|
|
|
|
|
|
|
|
|
support unidirectional communication with exec/system subprocess
|
|
|
|
|
|
|
|
|
|
try to restore original terminal settings when terminating
|
|
|
|
|
|
|
|
|
|
test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
|
|
|
|
|
|
|
|
|
|
socks4 failed on platforms where long does not have 32 bits
|
|
|
|
|
(thanks to Peter Palfrader and Thomas Seyrat)
|
|
|
|
|
|
|
|
|
|
hstrerror substitute wrote wrong messages (HP-UX, Solaris)
|
|
|
|
|
|
|
|
|
|
proxy error message was truncated when answer contained multiple spaces
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.2.2:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
PROXY CONNECT failed when the status reply from the proxy server
|
|
|
|
|
contained more than one consecutive spaces. Problem reported by
|
|
|
|
|
Alexandre Bezroutchko
|
|
|
|
|
|
|
|
|
|
do not SIGSEGV when proxy address fails to resolve server name
|
|
|
|
|
|
|
|
|
|
udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
|
|
|
|
|
Problem reported by Christoph Schittel
|
|
|
|
|
|
|
|
|
|
test.sh only tests available features
|
|
|
|
|
|
|
|
|
|
added missing IP and TCP options in filan analyzer
|
|
|
|
|
|
|
|
|
|
do not apply stdio address options to both directions when in
|
|
|
|
|
unidirectional mode
|
|
|
|
|
|
|
|
|
|
on systems lacking /dev/*random and egd, provide (weak) entropy from
|
|
|
|
|
libc random()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
|
|
|
|
|
|
|
|
|
|
compiles on True64, FreeBSD (again), NetBSD, OpenBSD
|
|
|
|
|
|
|
|
|
|
support for long long as st_ino type (Cygwin 1.5)
|
|
|
|
|
|
|
|
|
|
compile on systems where pty can not be featured
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.2.1:
|
|
|
|
|
|
|
|
|
|
corrections:
|
|
|
|
|
"final" solution for the ENOCHLD problem
|
|
|
|
|
|
|
|
|
|
corrected "make strip"
|
|
|
|
|
|
|
|
|
|
default gcc debug/opt is "-O" again
|
|
|
|
|
|
|
|
|
|
check for /proc at runtime, even if configure found it
|
|
|
|
|
|
|
|
|
|
src.rpm accidently supported SuSE instead of RedHat
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.2.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
option "nofork" connects an exec'd script or program directly
|
|
|
|
|
to the file descriptors of the other address, circumventing the socat
|
|
|
|
|
transfer engine
|
|
|
|
|
|
|
|
|
|
support for files >2GB, using ftruncate64(), lseek64(), stat64()
|
|
|
|
|
|
|
|
|
|
filan has new "simple" output style (filan -s)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
options "binary" and "text" for controlling line termination on Cygwin
|
|
|
|
|
file system access (hint from Yang Wu-Zhou)
|
|
|
|
|
|
|
|
|
|
fix by Yang Wu-Zhou for the Cygwin "No Children" problem
|
|
|
|
|
|
|
|
|
|
improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
|
|
|
|
|
John DuBois)
|
|
|
|
|
|
|
|
|
|
minor corrections to avoid warnings with gcc 3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections and minor improvements:
|
|
|
|
|
configure script is generated with autoconf 2.57 (no longer 2.52)
|
|
|
|
|
|
|
|
|
|
configure passes CFLAGS to Makefile
|
|
|
|
|
|
|
|
|
|
option -??? for complete list of address options and their short forms
|
|
|
|
|
|
|
|
|
|
program name in syslog messages is derived from argv[0]
|
|
|
|
|
|
|
|
|
|
SIGHUP now prints notice instead of error
|
|
|
|
|
|
|
|
|
|
EIO during read of pty now gives Notice instead of Error, and
|
|
|
|
|
triggers EOF
|
|
|
|
|
|
|
|
|
|
use of hstrerror() for printing resolver error messages
|
|
|
|
|
|
|
|
|
|
setgrent() got required endgrent()
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.1.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
integration of Wietse Venema's tcpwrapper library (libwrap)
|
|
|
|
|
|
|
|
|
|
with "proxy" address, option "resolve" controls if hostname or IP
|
|
|
|
|
address is sent in request
|
|
|
|
|
|
|
|
|
|
option "lowport" establishes limited authorization for TCP and UDP
|
|
|
|
|
connections
|
|
|
|
|
|
|
|
|
|
improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
|
|
|
|
|
An accompanying change in the numbering scheme results in an
|
|
|
|
|
incompatibility with earlier socat RPMs!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: socat daemon terminated when the address of a connecting
|
|
|
|
|
client did not match range option value instead of continue listening
|
|
|
|
|
SOLVED: in this case, print warning instead of error to keep daemon
|
|
|
|
|
active
|
|
|
|
|
|
|
|
|
|
PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
|
|
|
|
|
processes
|
|
|
|
|
SOLVED: dont assume that each exiting child process generates SIGCHLD
|
|
|
|
|
|
|
|
|
|
when converting CRNL to CR, socat converted to NL
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
configure script now disables features that depend on missing files
|
|
|
|
|
making it more robust in "unsupported" environments
|
|
|
|
|
|
|
|
|
|
server.pem permissions corrected to 600
|
|
|
|
|
|
|
|
|
|
"make install" now does not strip; use "make strip; make install"
|
|
|
|
|
if you like strip (suggested by Peter Bray)
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.0.1:
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: OPENSSL did not apply tcp, ip, and socket options
|
|
|
|
|
SOLVED: OPENSSL now correctly handles the options list
|
|
|
|
|
|
|
|
|
|
PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
|
|
|
|
|
block boundary
|
|
|
|
|
SOLVED: these conversions now simply strip all CR's or NL's from input
|
|
|
|
|
stream
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
SunOS ptys now work on x86, too (thanks to Peter Bray)
|
|
|
|
|
|
|
|
|
|
configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
added WITH_PROXY value to -V output
|
|
|
|
|
|
|
|
|
|
added compile dependencies of WITH_PTY and WITH_PROXY
|
|
|
|
|
|
|
|
|
|
-?? did not print option group of proxy options
|
|
|
|
|
|
|
|
|
|
corrected syntax for bind option in docu
|
|
|
|
|
|
|
|
|
|
corrected an issue with stdio in unidirectional mode
|
|
|
|
|
|
|
|
|
|
options socksport and proxyport support service names
|
|
|
|
|
|
|
|
|
|
ftp.sh script supports proxy address
|
|
|
|
|
|
|
|
|
|
man page no longer installed with execute permissions (thanks to Peter
|
|
|
|
|
Bray)
|
|
|
|
|
|
|
|
|
|
fixed a malloc call bug that could cause SIGSEGV or false "out of
|
|
|
|
|
memory" errors on EXEC and SYSTEM, depending on program name length and
|
|
|
|
|
libc.
|
|
|
|
|
|
|
|
|
|
####################### V 1.3.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
proxy connect with optional proxy authentication
|
|
|
|
|
|
|
|
|
|
combined hex and text dump mode, credits to Gregory Margo
|
|
|
|
|
|
|
|
|
|
address pty applies options user, group, and perm to device
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: option reuseport was not applied (BSD, AIX)
|
|
|
|
|
SOLVED: option reuseport now in phase PASTSOCKET instead of PREBIND,
|
|
|
|
|
credits to Jean-Baptiste Marchand
|
|
|
|
|
|
|
|
|
|
PROBLEM: ignoreeof with stdio was ignored
|
|
|
|
|
SOLVED: ignoreeof now works correctly with address stdio
|
|
|
|
|
|
|
|
|
|
PROBLEM: ftp.sh did not use user supplied password
|
|
|
|
|
SOLVED: ftp.sh now correctly passes password from command line
|
|
|
|
|
|
|
|
|
|
PROBLEM: server.pem had expired
|
|
|
|
|
SOLVED: new server.pem valid for ten years
|
|
|
|
|
|
|
|
|
|
PROBLEM: socks notice printed wrong port on some platforms
|
|
|
|
|
SOLVED: socks now uses correct byte-order for port number in notice
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
option name o_trunc corrected to o-trunc
|
|
|
|
|
|
|
|
|
|
combined use of -u and -U is now detected and prevented
|
|
|
|
|
|
|
|
|
|
made message system a little more robust against format string attacks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.2.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
address pty for putting socat behind a new pseudo terminal that may
|
|
|
|
|
fake a serial line, modem etc.
|
|
|
|
|
|
|
|
|
|
experimental openssl integration
|
|
|
|
|
(it does not provide any trust between the peers because is does not
|
|
|
|
|
check certificates!)
|
|
|
|
|
|
|
|
|
|
options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
|
|
|
|
|
locking mechanism provided by flock()
|
|
|
|
|
|
|
|
|
|
options setsid and setpgid now available with all address types
|
|
|
|
|
|
|
|
|
|
option ctty (controlling terminal) now available for all TERMIOS
|
|
|
|
|
addresses
|
|
|
|
|
|
|
|
|
|
option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
|
|
|
|
|
replaced by options o-trunc and ftruncate=offset
|
|
|
|
|
|
|
|
|
|
option sourceport now available with TCP and UDP listen addresses to
|
|
|
|
|
restrict incoming client connections
|
|
|
|
|
|
|
|
|
|
unidirectional mode right-to-left (-U)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: addresses without required parameters but an option containing
|
|
|
|
|
a '/' were incorrectly interpreted as implicit GOPEN address
|
|
|
|
|
SOLVED: if an address does not have ':' separator but contains '/',
|
|
|
|
|
check if the slash is before the first ',' before assuming
|
|
|
|
|
implicit GOPEN.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
ptys under SunOS work now due to use of stream options
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
with -d -d -d -d -D, don't print debug info during file analysis
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.1.0.1:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
.spec file for RPM generation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: GOPEN on socket did not apply option unlink-late
|
|
|
|
|
SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
|
|
|
|
|
options
|
|
|
|
|
|
|
|
|
|
PROBLEM: with unidirectional mode, an unnecessary close timeout was
|
|
|
|
|
applied
|
|
|
|
|
SOLUTION: in unidirectional mode, terminate without wait time
|
|
|
|
|
|
|
|
|
|
PROBLEM: using GOPEN on a unix domain socket failed for datagram
|
|
|
|
|
sockets
|
|
|
|
|
SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
|
|
|
|
|
open() flag options had names starting with "o_", now corrected to "o-"
|
|
|
|
|
|
|
|
|
|
in docu, *-listen addresses were called *_listen
|
|
|
|
|
|
|
|
|
|
address unix now called unix-connect because it does not handle unix
|
|
|
|
|
datagram sockets
|
|
|
|
|
|
|
|
|
|
in test.sh, apply global command line options with all tests
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.1.0.0:
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
regular man page and html doc - thanks to kromJx for prototype
|
|
|
|
|
|
|
|
|
|
new address type "readline", utilizing GNU readline and history libs
|
|
|
|
|
|
|
|
|
|
address option "history-file" for readline
|
|
|
|
|
|
|
|
|
|
new option "dash" to "exec" address that allows to start login shells
|
|
|
|
|
|
|
|
|
|
syslog facility can be set per command line option
|
|
|
|
|
|
|
|
|
|
new address option "tcp-quickack", found in Linux 2.4
|
|
|
|
|
|
|
|
|
|
option -g prevents option group checking
|
|
|
|
|
|
|
|
|
|
filan and procan can print usage
|
|
|
|
|
|
|
|
|
|
procan prints rlimit infos
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
|
|
|
|
|
SOLVED: set eof flag of channel on shutdown.
|
|
|
|
|
|
|
|
|
|
PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
|
|
|
|
|
and has data available while channel 1 reaches EOF, the data is
|
|
|
|
|
lost.
|
|
|
|
|
SOLVED: during one loop run, first handle all data transfers and
|
|
|
|
|
_afterwards_ handle EOF.
|
|
|
|
|
|
|
|
|
|
PROBLEM: despite to option NONBLOCK, the connect() call blocked
|
|
|
|
|
SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
|
|
|
|
|
|
|
|
|
|
PROBLEM: UNLINK options issued error when file did not exist,
|
|
|
|
|
terminating socat
|
|
|
|
|
SOLVED: failure of unlink() is only warning if errno==ENOENT
|
|
|
|
|
|
|
|
|
|
PROBLEM: TCP6-LISTEN required numeric port specification
|
|
|
|
|
SOLVED: now uses common TCP service resolver
|
|
|
|
|
|
|
|
|
|
PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
|
|
|
|
|
SOLVED: retrieval of FDs now pays respect to PIPE pecularities
|
|
|
|
|
|
|
|
|
|
PROBLEM: using address EXEC against an address with IGNOREEOF, socat
|
|
|
|
|
never terminated
|
|
|
|
|
SOLVED: corrected EOF handling of sigchld
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
MacOS and old AIX versions now have pty
|
|
|
|
|
|
|
|
|
|
flock() now available on Linux (configure check was wrong)
|
|
|
|
|
|
|
|
|
|
named pipe were generated using mknod(), which requires root under BSD
|
|
|
|
|
now they are generated using mkfifo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
lots of address options that were "forgotten" at runtime are now
|
|
|
|
|
available
|
|
|
|
|
|
|
|
|
|
option BINDTODEVICE now also called SO-BINDTODEVICE, IF
|
|
|
|
|
|
|
|
|
|
"make install" now installs binaries with ownership 0:0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.0.4.2:
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROBLEM: EOF of one stream caused close of other stream, giving it no
|
|
|
|
|
chance to go down regularly
|
|
|
|
|
SOLVED: EOF of one stream now causes shutdown of write part of other
|
|
|
|
|
stream
|
|
|
|
|
|
|
|
|
|
PROBLEM: sending mail via socks address to qmail showed that crlf
|
|
|
|
|
option does not work
|
|
|
|
|
SOLVED: socks address applies PH_LATE options
|
|
|
|
|
|
|
|
|
|
PROBLEM: in debug mode, no info about socat and platform was issued
|
|
|
|
|
SOLVED: print socat version and uname output in debug mode
|
|
|
|
|
|
|
|
|
|
PROBLEM: invoking socat with -t and no following parameters caused
|
|
|
|
|
SIGSEGV
|
|
|
|
|
SOLVED: -t and -b now check next argv entry
|
|
|
|
|
|
|
|
|
|
PROBLEM: when opening of logfile (-lf) failed, no error was reported
|
|
|
|
|
and no further messages were printed
|
|
|
|
|
SOLVED: check result of fopen and print error message if it failed
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
address type UDP-LISTEN now supports option fork: it internally applies
|
|
|
|
|
socket option SO_REUSEADDR so a new UDP socket can bind to port after
|
|
|
|
|
`accepting<6E> a connection (child processes might live forever though)
|
|
|
|
|
(suggestion from Damjan Lango)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.0.4.1:
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
PROB: assert in libc caused an endless recursion
|
|
|
|
|
SOLVED: no longer catch SIGABRT
|
|
|
|
|
|
|
|
|
|
PROB: socat printed wrong verbose prefix for "right to left" packets
|
|
|
|
|
SOLVED: new parameter for xiotransfer() passes correct prefix
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
in debug mode, socat prints its command line arguments
|
|
|
|
|
in verbose mode, escape special characters and replace unprintables
|
|
|
|
|
with '.'. Patch from Adrian Thurston.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.0.4.0:
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
Debug output for lstat and fstat said "stat"
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
FreeBSD now includes libutil.h
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
option setsid with exec/pty
|
|
|
|
|
option setpgid with exec/pty
|
|
|
|
|
option ctty with exec/pty
|
|
|
|
|
TCP V6 connect test
|
|
|
|
|
gettimeofday in sycls.c (no use yet)
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
before Gethostbyname, invoke inet_aton for MacOSX
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### V 1.0.3.0:
|
|
|
|
|
|
|
|
|
|
solved problems and bugs:
|
|
|
|
|
|
|
|
|
|
PROB: test 9 of test.sh (echo via file) failed on some platforms,
|
|
|
|
|
socat exited without error message
|
|
|
|
|
SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
|
|
|
|
|
|
|
|
|
|
PROB: test 17 hung forever
|
|
|
|
|
REASON: child death before select loop did not result in EOF
|
|
|
|
|
SOLVED: check of existence of children before starting select loop
|
|
|
|
|
|
|
|
|
|
PROB: test 17 failed
|
|
|
|
|
REASON: child dead triggered EOF before last data was read
|
|
|
|
|
SOLVED: after child death, read last data before setting EOF
|
|
|
|
|
|
|
|
|
|
PROB: filan showed that exec processes incorrectly had fd3 open
|
|
|
|
|
REASON: inherited open fd3 from main process
|
|
|
|
|
SOLVED: set CLOEXEC flag on pty fd in main process
|
|
|
|
|
|
|
|
|
|
PROB: help printed "undef" instead of group "FORK"
|
|
|
|
|
SOLVED: added "FORK" to group name array
|
|
|
|
|
|
|
|
|
|
PROB: fatal messages did not include severity classifier
|
|
|
|
|
SOLVED: added "F" to severity classifier array
|
|
|
|
|
|
|
|
|
|
PROB: IP6 addresses where printed incorrectly
|
|
|
|
|
SOLVED: removed type casts to unsigned short *
|
|
|
|
|
|
|
|
|
|
further corrections:
|
|
|
|
|
socat catches illegal -l modes
|
|
|
|
|
corrected error message on setsockopt(linger)
|
|
|
|
|
option tabdly is of type uint
|
|
|
|
|
correction for UDP over IP6
|
|
|
|
|
more cpp conditionals, esp. for IP6 situations
|
|
|
|
|
better handling of group NAMED options with listening UNIX sockets
|
|
|
|
|
applyopts2 now includes last given phase
|
|
|
|
|
corrected option group handling for most address types
|
|
|
|
|
introduce dropping of unappliable options (dropopts, dropopts2)
|
|
|
|
|
gopen now accepts socket and unix-socket options
|
|
|
|
|
exec and system now accept all socket and termios options
|
|
|
|
|
child process for exec and system addresses with option pty
|
|
|
|
|
improved descriptions and options for EXAMPLES
|
|
|
|
|
printf format for file mode changed to "0%03o" with length spec.
|
|
|
|
|
added va_end() in branch of msg()
|
|
|
|
|
changed phase of lock options from PASTOPEN to FD
|
|
|
|
|
support up to four early dying processes
|
|
|
|
|
|
|
|
|
|
structural changes:
|
|
|
|
|
xiosysincludes now includes sysincludes.h for non xio files
|
|
|
|
|
|
|
|
|
|
new features:
|
|
|
|
|
option umask
|
|
|
|
|
CHANGES file
|
|
|
|
|
TYPE_DOUBLE, u_double
|
|
|
|
|
OFUNC_OFFSET
|
|
|
|
|
added getsid(), setsid(), send() to sycls
|
|
|
|
|
procan prints sid (session id)
|
|
|
|
|
mail.sh gets -f (from) option
|
|
|
|
|
new EXAMPLEs for file creation
|
|
|
|
|
gatherinfo.sh now tells about failures
|
|
|
|
|
test.sh can check for much more address/option combinations
|
|
|
|
|
|
|
|
|
|
porting:
|
|
|
|
|
ispeed, ospeed for termios on FreeBSD
|
|
|
|
|
getpgid() conditional for MacOS 10
|
|
|
|
|
added ranlib in Makefile.in for MacOS 10
|
|
|
|
|
disable pty option if no pty mechanism is available (MacOS 10)
|
|
|
|
|
now compiles and runs on MacOS 10 (still some tests fail)
|
|
|
|
|
setgroups() conditional for cygwin
|
|
|
|
|
sighandler_t defined conditionally
|
|
|
|
|
use gcc option -D_GNU_SOURCE
|