diff --git a/CHANGES b/CHANGES
index 4885be8..53ef92e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -110,7 +110,7 @@ Features:
Procan tells if char is signed or unsigned
- Socat now prints an info message when implicitely setting SO_REUSEADDR.
+ Socat now prints an info message when implicitly setting SO_REUSEADDR.
Thanks to Michael Renner for this suggestion.
Added generic options setsockopt-socket and setsockopt-connected that
@@ -152,6 +152,12 @@ Testing:
Newer Linux distributions now deprecate usleep; replaced it in test.sh
+Documentation:
+ Removed obsolete CHANGES.ISO-8859-1 file.
+
+ Corrected lots of misspelling and typos.
+ Thanks to Mario de Weerd for reporting these issues.
+
####################### V 1.8.0.2:
Security:
@@ -223,6 +229,9 @@ Corrections:
Print warning about not checking CRLs in OpenSSL only in the first
child process.
+ Fixed preprocessor directives in macro invocation.
+ Thanks to Mario de Weerd for reporting this issue.
+
Features:
Total inactivity timeout option -T 0 now means 0.0 seconds; up to
version 1.8.0.0 it meant no total inactivity timeout.
@@ -390,11 +399,11 @@ Features:
no IP version is preferred by build, environment, option, or address
type, Socat chooses IPv6 because this might activate both versions (but
check option ipv6-v6only).
- Added option ai-passive to control this flag explicitely.
+ Added option ai-passive to control this flag explicitly.
New option ai-v4mapped (v4mapped) sets or unsets the AI_V4MAPPED flag
of the resolver. For Socat addresses requiring IPv6 addresses, this
- resolves IPv4 addresses to the approriate IPv6 address [::ffff:*:*].
+ resolves IPv4 addresses to the appropriate IPv6 address [::ffff:*:*].
DNS resolver Options (res-*) are now set for the complete open phase of
the address, not per getaddrinfo() invocation.
@@ -587,14 +596,14 @@ Porting:
Some corrections for better 32bit systems support.
Testing:
- Removed obselete parts from test.sh
+ Removed obsolete parts from test.sh
test.sh: Introduced function checkcond
Renamed test.sh option -foreign to -internet
Documentation:
- Removed obselete file doc/xio.help
+ Removed obsolete file doc/xio.help
Added doc for option ipv6-join-group (ipv6-add-membership)
Thanks to Martin Buck for sending the patch.
@@ -607,7 +616,7 @@ Documentation:
Corrections:
On connect() failure and in some other situations Socat tries to get
- detailled information about the error with recvmsg(). Error return of
+ detailed information about the error with recvmsg(). Error return of
this function is now logged as Info instead of Warn.
Tests of the correction of the "IP_ADD_SOURCE_MEMBERSHIP but not struct
@@ -651,7 +660,7 @@ Corrections:
Thanks to Gordon W.Ross for reporting and fixing this issue.
Test: RESTORE_TTY
- The OpenSSL client SNI parameter, when not explicitely specified, is
+ The OpenSSL client SNI parameter, when not explicitly specified, is
derived from option commonname or rom target server name. This is not
useful with IP addresses, which Socat now checks and avoids.
@@ -682,7 +691,7 @@ Coding:
fcntl() trace prints flags now in hexadecimal.
- Stream dump options -r and -R now open their pathes with CLOEXEC to
+ Stream dump options -r and -R now open their paths with CLOEXEC to
prevent leaking into sub processes.
Test: EXEC_SNIFF
@@ -981,7 +990,7 @@ Corrections:
Print a message when readbytes option causes EOF
The ip-recverr option had no effect. Corrected and improved its
- handling of ancilliary messages, so it is able to analyze ICMP error
+ handling of ancillary messages, so it is able to analyze ICMP error
packets (Linux only?)
Setgui(), Setuid() calls in xio-progcall.c were useless.
@@ -1119,7 +1128,7 @@ Porting:
ai_protocol=0 and try again
Test: SCTP_SERVICENAME
- Per file filesystem options were still named ext2-* and depended on
+ Per file filesystem options were still named ext2-* and dependent on
<linux/ext2_fs.h>. Now they are called fs-* and depend on <linux/fs.h>.
These fs-* options are also available on old systems with ext2_fs.h
@@ -1132,14 +1141,14 @@ Porting:
SSL_library_init.
With OPENSSL_API_COMPAT=0x10000000L the files openssl/dh.h, openssl/bn.h
- must explicitely be included.
+ must explicitly be included.
Thanks to Rosen Penev for reporting and sending a patch.
Testing:
test.sh now produces a list of tests that could not be performed for
any reason. This helps to analyse these cases.
- OpenSSL s_server appearently started to neglect TCPs half close feature.
+ OpenSSL s_server apparently started to neglect TCPs half close feature.
Test OPENSSL_TCP4 has been changed to tolerate this.
OpenSSL changed its behaviour when connection is rejected. Tests
@@ -1333,7 +1342,7 @@ Corrections:
Porting:
OpenSSL functions TLS1_client_method() and similar are
deprecated. Socat now uses recommended TLS_client_method(). The old
- functions and dependend option openssl-method can still be
+ functions and dependent option openssl-method can still be
used when configuring socat with --enable-openssl-method
Shell scripts in socat distribution are now headed with:
@@ -1375,7 +1384,7 @@ Testing:
More corrections to test.sh:
Language settings could still influence test results
netstat was still required
- Suppress usleep deprecated messag
+ Suppress usleep deprecated message
Force use of IPv4 with some certificates
Set timeout for UDPxMAXCHILDREN tests
@@ -1528,7 +1537,7 @@ testing:
docu:
Corrected source of socat man page to correctly show man references
- like socket(2); removed obseolete entries from See Also
+ like socket(2); removed obsolete entries from See Also
Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
@@ -1571,7 +1580,7 @@ security:
parameters were chosen, the existence of a trapdoor that makes possible
for an eavesdropper to recover the shared secret from a key exchange
that uses them cannot be ruled out.
- Futhermore, 1024bit is not considered sufficiently secure.
+ Furthermore, 1024bit is not considered sufficiently secure.
Fix: generated a new 2048bit prime.
Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
Research (MSVR) for finding and reporting this issue.
@@ -1585,7 +1594,7 @@ security:
safe functions in signal handlers that could freeze socat, allowing
denial of service attacks.
Many changes in signal handling and the diagnostic messages system were
- applied to make the code async signal safe but still provide detailled
+ applied to make the code async signal safe but still provide detailed
logging from signal handlers:
Coded function vsnprintf_r() as async signal safe incomplete substitute
of libc vsnprintf()
@@ -1673,7 +1682,7 @@ corrections:
Issue reported by Hendrik.
Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
- over option raw which is now obsolote. On SysV systems this call is
+ over option raw which is now obsolete. On SysV systems this call is
simulated by appropriate setting.
Thanks to Youfu Zhang for reporting issue with option raw.
@@ -1686,7 +1695,7 @@ porting:
Thanks to Ross Burton and Danomi Manchego for reporting this issue.
Debian Bug#764251: Set the build timestamp to a deterministic time:
- support external BUILD_DATE env var to allow to build reproducable
+ support external BUILD_DATE env var to allow to build reproducible
binaries
Joachim Fenkes provided an new adapted spec file.
@@ -1807,7 +1816,7 @@ porting:
autoconf now prefers configure.ac over configure.in
Thanks to Michael Vastola for sending a patch.
- type of struct cmsghdr.cmsg is system dependend, determine it with
+ type of struct cmsghdr.cmsg is system dependent, determine it with
configure; some more print format corrections
docu:
@@ -1861,7 +1870,7 @@ corrections:
socket using address GOPEN. Thanks to Martin Forssen for bug report and
patch.
- UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
+ UDP-LISTEN would always set SO_REUSEADDR even without fork option and
when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
@@ -2094,7 +2103,7 @@ new features:
added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
- protocol independent socket handling; all parameters are explicitely
+ protocol independent socket handling; all parameters are explicitly
specified as numbers or hex data
added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
@@ -2167,7 +2176,7 @@ corrections:
this bug). test: EXECSPACES
in ignoreeof polling mode socat also blocked data transfer in the other
- direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
+ direction during the 1s wait intervals (thanks to Jorgen Cederlof for
reporting this bug)
corrected alphabetical order of options (proxy-auth)
@@ -2593,7 +2602,7 @@ corrections:
check for /proc at runtime, even if configure found it
- src.rpm accidently supported SuSE instead of RedHat
+ src.rpm accidentally supported SuSE instead of RedHat
####################### V 1.3.2.0:
@@ -2869,7 +2878,7 @@ solved problems and bugs:
SOLVED: now uses common TCP service resolver
PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
- SOLVED: retrieval of FDs now pays respect to PIPE pecularities
+ SOLVED: retrieval of FDs now pays respect to PIPE peculiarities
PROBLEM: using address EXEC against an address with IGNOREEOF, socat
never terminated
diff --git a/CHANGES.ISO-8859-1 b/CHANGES.ISO-8859-1
deleted file mode 100644
index 9509e36..0000000
--- a/CHANGES.ISO-8859-1
+++ /dev/null
@@ -1,1800 +0,0 @@
-
-####################### V 1.7.3.4:
-
-Corrections:
- Header of xiotermios_speed() declared parameter unsigned int instead of
- speed_t, thus compiling failed on MacOS
- Thanks to Joe Strout and others for reporting this bug.
- Thanks to Andrew Childs and others for sending a patch.
-
- Under certain circumstances, termios options of the first address were
- applied to the second address, resulting in error
- "Inappropriate ioctl for device"
- This affected version 1.7.3.3 only.
- Test: TERMIOS_PH_ALL
- Thanks to Ivan J. for reporting this issue.
-
- Socat failed to compile when no poll() system call was found by
- configure.
- Thanks to Jason White for sending a patch.
-
- Due to use of SSL_CTX_clear_mode() Socat failed to compile on old
- systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B.
- for reporting this problem and sending initial patches.
-
- getaddrinfo() in IP4-SENDTO and IP6-SENDTO addresses failed with
- "ai_socktype not supported" when protocol 6 was addressed.
- The fix removes the possibility to use service names with SCTP.
- Test: IP_SENDTO_6
- Thanks to S�ren for sending an initial patch.
-
- Under certain circumstances, Socat printed the "socket ... is at EOF"
- multiple times.
- Test: MULTIPLE_EOF
-
- Newer parts of test.sh used substitutions ${x,,*} or ${x^^*} that are
- not implemented in older bash versions.
-
-####################### V 1.7.3.3:
-
-Corrections:
- Makefile.in did not specify dependencies of filan on vsnprintf_r.o
- and snprinterr.o
- Added definition of FILAN_OBJS
- Thanks to Craig Leres, Clayton Shotwell, and Chris Packham for
- providing patches.
-
- configure option --enable-msglevel did not work with numbers
-
- The autoconf mechanism for determining SHIFT_OFFSET did not work when
- cross compiling.
- Thanks to Max Freisinger from Gentoo for sending a patch.
-
- Socat still depended on obsolete gethostbyname() function, thus
- compiling with MUSL libc failed.
- Problem reported by Kennedy33.
-
- The async signal safe diagnostic system used FDs 3 and 4 internally, so
- use of appropriate fdin or fdout led to failures.
- Test: DIAG_FDIN
- Problem reported by Onur Sent�rk.
-
- The socket based mechanism for passing messages and signal information
- from signal handler to process could reach and kill the wrong process.
- Introduces functions diag_sock_pair(), diag_fork()
- Thanks to Darren Zhao for analysing and reporting this problem.
-
- Option ipv6-join-group did not work because it was applied in the wrong
- phase
- Test: UDP6MULTICAST_UNIDIR
- Thanks to Angus Gratton for sending a patch.
-
- Setting ispeed and ospeed failed for some serial devices because the
- two settings were applied with two different get/set cycles, Thanks to
- Alexandre Fenyo for providing an initial patch.
- However, the actual fix is part of a conceptual change of the termios
- module that aims for applying all changes in a single tcsetaddr call.
- Fixes FreeBSD Bug 198441
-
- Termios options TAB0,TAB1,TAB2,TAB3, and XTABS did not have an effect.
- Thanks to Alan Walters for reporting this bug.
-
- Substituted cumbersom ISPEED_OFFSET mechanism for cfsetispeed() calls
-
- With TCP6-LISTEN and the other passive IPv6 addresses the range option
- just failed: due to a bug in the syntax parser and two more bugs in
- the xiocheckrange_ip6() function.
- The syntax has now been changed from "[::1/128]" to "[::1]/128"!
- Thanks Leah Neukirchen for sending an initial fix.
-
- For name resolution Socat only checked the first character of the host
- name to decide if it is an IPv4 address. This was not RFC conform. This
- fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
- TCP6:127.0.0.1:80
- Debian issue 695885
- Thanks to Nicolas Fournil for reporting this issue.
-
- Print a useful error message when single character options appear to be
- merged in Socat invocation
- Test: SOCCAT_OPT_HINT
-
- Fixed some docu typos.
- Thanks to Travis Wellman, Thomas <tjps636>, Dan Kenigsberg,
- Julian Zinn, and Simon Matter
-
-Porting:
- OpenSSL functions TLS1_client_method() and similar are
- deprecated. Socat now uses recommended TLS_client_method(). The old
- functions and dependend option openssl-method can still be
- used when configuring socat with --enable-openssl-method
-
- Shell scripts in socat distribution are now headed with:
- #! /usr/bin/env bash
- to make them better portable to systems without /bin/bash
- Thanks to Maya Rashish for sending a patch
-
- RES_AAONLY, RES_PRIMARY are deprecated. You can still enable them with
- configure option --enable-res-deprecated.
-
- New versions of OpenSSL preset SSL_MODE_AUTO_RETRY which may hang socat.
- Solution: clear SSL_MODE_AUTO_RETRY when it is set.
-
- Renamed configure.in to configure.ac and set an appropriate symlink for
- older environments.
- Related Gentoo bug 426262: Warning on configure.in
- Thanks to Francesco Turco for reporting that warning.
-
- Fixed new IPv6 range code for platforms without s6_addr32 component.
-
-Testing:
- test.sh: Show a warning when phase-1 (insecure phase) of a security
- test fails
-
- OpenSSL tests failed on actual Linux distributions. Measures:
- Increased key lengths from 768 to 1024 bits
- Added test.sh option -C to delete temp certs from prevsious runs
- Provide DH-parameter in certificate in PEM
- OpenSSL s_server option -verify 0 must be omitted
- OpenSSL authentication method aNULL no longer works
- Failure of cipher aNULL is not a failure
- Failure of methods SSL3 and SSL23 is desired
-
- test.sh depended on ifconfig and netstat utilities which are no longer
- availabie in some distributions. test.sh now checks for and prefers
- ip and ss.
- Thanks to Ruediger Meier for reporting this problem.
-
- More corrections to test.sh:
- Language settings could still influence test results
- netstat was still required
- Suppress usleep deprecated messag
- Force use of IPv4 with some certificates
- Set timeout for UDPxMAXCHILDREN tests
-
-Git:
- Added missing Config/Makefile.DragonFly-2-8-2,
- Config/config.DragonFly-2-8-2.h
- Removed testcert.conf (to be generated by test.sh)
-
-Cosmetics:
- Simplified handling of missing termios defines.
-
-New features:
- Permit combined -d options as -dd etc.
-
-####################### V 1.7.3.2:
-
-corrections:
- SIGSEGV and other signals could lead to a 100% CPU loop
-
- Failing name resolution could lead to SIGSEGV
- Thanks to Max for reporting this issue.
-
- Include <stddef.h> for ptrdiff_t
- Thanks to Jeroen Roovers for reporting this issue.
-
- Building with --disable-sycls failed due to missing sslcls.h defines
-
- Socat hung when configured with --disable-sycls.
-
- Some minor corrections with includes etc.
-
- Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
- for sending a patch.
-
- Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
- incorrectly assigned
- Test: EXEC_NOFORK_UNIDIR
- Thanks to David Reiss for reporting this problem.
-
- Socat exited with status 0 even when a program invoked with SYSTEM or
- EXEC failed.
- Tests: SYSTEM_RC EXEC_RC
- Issue reported by Felix Winkelmann.
-
- AddressSanitizer reported a few buffer overflows (false positives).
- Nevertheless fixed Socat source.
- Issue reported by Hanno B�ck.
-
- Socat did not use option ipv6-join-group.
- Test: USE_IPV6_JOIN_GROUP
- Thanks to Linus L�ssing for sending a patch.
-
- UDP-LISTEN did not honor the max-children option.
- Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
- Thanks to Leander Berwers for reporting this issue.
-
- Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
- and therefore were useless.
- Thanks to Steve Borenstein for reporting this issue.
-
- Option dhparam was documented as dhparams. Added the alias name
- dhparams to fix this.
- Thanks to Alexander Neumann for sending a patch.
-
- Options shut-down and shut-close did not work.
- Thanks to Stefan Schimanski for providing a patch.
-
- There was a bug in printing readline log message caused by a misleading
- indentation.
- Thanks to Paul Wouters for reporting.
-
- The internal vsnprintf_r function looped or crashed on size parameter
- with hexadecimal output.
-
- Ignore exit code of child process when it was killed by master due to
- EOF
-
- Corrected byte order on read of IPV6_TCLASS value from ancillary
- message
-
- Fixed type of the bool element in options. This had bug caused failures
- e.g. of ignoreeof on big-endian systems when bool was not based on int.
-
- On systems with predefined bool type whose size differs from int some
- IPv6 and TCP options (per setsockopt()) failed.
-
- Length of integral data in ancillary messages varies (TOS: 1 byte,
- TTL: 4 bytes), the old implementation failed for TTL on big-endian
- hosts.
-
- Fixed an issue in options processing: TUN and DNS flags had failed on
- big-endian systems and the NO- forms had probable never worked.
-
-porting:
- Type conflict between int and sig_atomic_t between declaration and
- definition of diag_immediate_type and diag_immediate_exit broke
- compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
- reporting this bug.
-
- Socat failed to compile on platforms with OpenSSL without
- DTLSv1_client_method or DTLSv1_server_method.
- Thanks to Simon Matter for sending a patch.
-
- NuttX OS headers do not provide struct ip, thus socat did not compile.
- Made struct ip subject to configure.
- Thanks to SP for reporting this issue.
-
- Socat failed to compile with OpenSSL version 1.0.2d where
- SSLv3_server_method and SSLv3_client_method are no longer defined.
- Thanks to Mischa ter Smitten for reporting this issue and providing
- a patch.
-
- configure checked for OpenSSL EC_KEY assuming it is a define but it
- is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
- Thanks to Andrey Arapov for reporting this bug.
-
- Changes to make socat compile with OpenSSL 1.1.
- Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
- providing the base patch.
- Debian Bug#828550
-
- Make Socat compatible with BoringSSL.
- Thanks to Matt Braithwaite for providing a patch.
-
- OpenSSL: Use RAND_status to determine PRNG state
- Thanks to Adam Langley for providing a patch
-
- AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
- requirements. Thanks to Garrick Trowsdale for providing a patch
-
- LibreSSL support: check for OPENSSL_NO_COMP
- Thanks to Bernard Spil for providing a patch
-
-testing:
- socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
-
- test.sh: stderr; option -v (verbose); FDOUT_ERROR description
-
- improved proxy.sh - it now also takes hostnames
-
- A few corrections in test.sh
-
- DTLS1 test hangs on some distributions. Test is now only performed
- with OpenSSL 1.0.2 or higher.
-
- More corrections to test.sh that reveal a mistake with IPV6_TCLASS
-
-docu:
- Corrected source of socat man page to correctly show man references
- like socket(2); removed obseolete entries from See Also
-
- Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
- that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
- are correct).
- Thanks to Zhigang Wang for reporting this issue.
-
- Fixed a couple of English spelling and grammar mistakes.
- Thanks to Jakub Wild for sending the patches.
-
- NOEXPAND() was not resolved 2 times.
-
- More minor docu corrections
-
-legal:
- Added contributors to copyright notices. Suggested by Matt Braithwaite.
-
-####################### V 1.7.3.1:
-
-security:
- Socat security advisory 8
- A stack overflow in vulnerability was found that can be triggered when
- command line arguments (complete address specifications, host names,
- file names) are longer than 512 bytes.
- Successful exploitation might allow an attacker to execute arbitrary
- code with the privileges of the socat process.
- This vulnerability can only be exploited when an attacker is able to
- inject data into socat's command line.
- A vulnerable scenario would be a CGI script that reads data from clients
- and uses (parts of) this data as hostname for a Socat invocation.
- Test: NESTEDOVFL
- Credits to Takumi Akiyama for finding and reporting this issue.
-
- Socat security advisory 7
- MSVR-1499
- In the OpenSSL address implementation the hard coded 1024 bit DH p
- parameter was not prime. The effective cryptographic strength of a key
- exchange using these parameters was weaker than the one one could get by
- using a prime p. Moreover, since there is no indication of how these
- parameters were chosen, the existence of a trapdoor that makes possible
- for an eavesdropper to recover the shared secret from a key exchange
- that uses them cannot be ruled out.
- Futhermore, 1024bit is not considered sufficiently secure.
- Fix: generated a new 2048bit prime.
- Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
- Research (MSVR) for finding and reporting this issue.
-
-####################### V 1.7.3.0:
-
-security:
- Socat security advisory 6
- CVE-2015-1379: Possible DoS with fork
- Fixed problems with signal handling caused by use of not async signal
- safe functions in signal handlers that could freeze socat, allowing
- denial of service attacks.
- Many changes in signal handling and the diagnostic messages system were
- applied to make the code async signal safe but still provide detailled
- logging from signal handlers:
- Coded function vsnprintf_r() as async signal safe incomplete substitute
- of libc vsnprintf()
- Coded function snprinterr() to replace %m in strings with a system error
- message
- Instead of gettimeofday() use clock_gettime() when available
- Pass Diagnostic messages from signal handler per unix socket to the main
- program flow
- Use sigaction() instead of signal() for better control
- Turn off nested signal handler invocations
- Thanks to Peter Lobsinger for reporting and explaining this issue.
-
- Red Hat issue 1019975: add TLS host name checks
- OpenSSL client checks if the server certificates names in
- extensions/subjectAltName/DNS or in subject/commonName match the name
- used to connect or the value of the openssl-commonname option.
- Test: OPENSSL_CN_CLIENT_SECURITY
-
- OpenSSL server checks if the client certificates names in
- extensions/subjectAltNames/DNS or subject/commonName match the value of
- the openssl-commonname option when it is used.
- Test: OPENSSL_CN_SERVER_SECURITY
-
- Red Hat issue 1019964: socat now uses the system certificate store with
- OPENSSL when neither options cafile nor capath are used
-
- Red Hat issue 1019972: needs to specify OpenSSL cipher suites
- Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
- prevent downgrade attacks
-
-new features:
- OpenSSL addresses set couple of environment variables from values in
- peer certificate, e.g.:
- SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
- SOCAT_OPENSSL_X509_COMMONNAME,
- SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
- Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
-
- Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
- Tests: OPENSSL_METHOD_*
-
- Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
- by Andrey Arapov.
-
- Added a new option termios-rawer for ptys.
- Thanks to Christian Vogelgsang for pointing me to this requirement
-
-corrections:
- Bind with ABSTRACT commands used non-abstract namespace (Linux).
- Test: ABSTRACT_BIND
- Thanks to Denis Shatov for reporting this bug.
-
- Fixed return value of nestlex()
-
- Option ignoreeof on the right address hung.
- Test: IGNOREEOF_REV
- Thanks to Franz Fasching for reporting this bug.
-
- Address SYSTEM, when terminating, shut down its parent addresses,
- e.g. an SSL connection which the parent assumed to still be active.
- Test: SYSTEM_SHUTDOWN
-
- Passive (listening or receiving) addresses with empty port field bound
- to a random port instead of terminating with error.
- Test: TCP4_NOPORT
-
- configure with some combination of disable options produced config
- files that failed to compile due to missing IPPROTO_TCP.
- Thanks to Thierry Fournier for report and patch.
-
- fixed a few minor bugs with OpenSSL in configure and with messages
-
- Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
- is required. Thanks to Zhigang Wang for reporting and sending a patch.
-
- Christophe Leroy provided a patch that fixes memory leaks reported by
- valgrind
-
- Help for filan -L was bad, is now corrected to:
- "follow symbolic links instead of showing their properties"
-
- Address options fdin and fdout were silently ignored when not applicable
- due to -u or -U option. Now these combinations are caught as errors.
- Test: FDOUT_ERROR
- Issue reported by Hendrik.
-
- Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
- over option raw which is now obsolote. On SysV systems this call is
- simulated by appropriate setting.
- Thanks to Youfu Zhang for reporting issue with option raw.
-
-porting:
- Socat included <sys/poll.h> instead of POSIX <poll.h>
- Thanks to John Spencer for reporting this issue.
-
- Version 1.7.2.4 changed the check for gcc in configure.ac; this
- broke cross compiling. The particular check gets reverted.
- Thanks to Ross Burton and Danomi Manchego for reporting this issue.
-
- Debian Bug#764251: Set the build timestamp to a deterministic time:
- support external BUILD_DATE env var to allow to build reproducable
- binaries
-
- Joachim Fenkes provided an new adapted spec file.
-
- Type bool and macros Min and Max are defined by socat which led to
- compile errors when they were already provided by build framework.
- Thanks to Liyu Liu for providing a patch.
-
- David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
- support and appropriate files in Config/
-
- Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
- on Illumos
-
- Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
- _POSIX_PTHREAD_SEMANTICS; and minor changes
-
- Red Hat issue 1182005: socat 1.7.2.4 build failure missing
- linux/errqueue.h
- Socat failed to compile on on PPC due to new requirements for
- including <linux/errqueue.h> and a weakness in the conditional code.
- Thanks to Michel Normand for reporting this issue.
-
-doc:
- In the man page the PTY example was badly formatted. Thanks to
- J.F.Sebastian for sending a patch.
-
- Added missing CVE ids to security issues in CHANGES
-
-testing:
- Do not distribute testcert.conf with socat source but generate it
- (and new testcert6.conf) during test.sh run.
-
-####################### V 1.7.2.4:
-
-corrections:
- LISTEN based addresses applied some address options, e.g. so-keepalive,
- to the listening file descriptor instead of the connected file
- descriptor
- Thanks to Ulises Alonso for reporting this bug
-
- make failed after configure with non gcc compiler due to missing
- include. Thanks to Horacio Mijail for reporting this problem
-
- configure checked for --disable-rawsocket but printed
- --disable-genericsocket in the help text. Thanks to Ben Gardiner for
- reporting and patching this bug
-
- In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
- Probably no impact.
- Thanks to David Binderman for reporting this issue.
-
- procan could not cleanly format ulimit values longer than 16 decimal
- digits. Thanks to Frank Dana for providing a patch that increases field
- width to 24 digits.
-
- OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
- "Invalid argument"
- Thanks to Emile den Tex for reporting this bug.
-
- Changed some variable definitions to make gcc -O2 aliasing checker happy
- Thanks to Ilya Gordeev for reporting these warnings
-
- On big endian platforms with type long >32bit the range option applied a
- bad base address. Thanks to hejia hejia for reporting and fixing this bug.
-
- Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
-
- Red Hat issue 1022063: out-of-range shifts on net mask bits
-
- Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
-
- Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
- uses
-
- Red Hat issue 1021958: fixed a bug with faulty buffer/data length
- calculation in xio-ascii.c:_xiodump()
-
- Red Hat issue 1021972: fixed a missing NUL termination in return string
- of sysutils.c:sockaddr_info() for the AF_UNIX case
-
- fixed some typos and minor issues, including:
- Red Hat issue 1021967: formatting error in manual page
-
- UNIX-LISTEN with fork option did not remove the socket file system entry
- when exiting. Other file system based passive address types had similar
- issues or failed to apply options umask, user e.a.
- Thanks to Lorenzo Monti for pointing me to this issue
-
-porting:
- Red Hat issue 1020203: configure checks fail with some compilers.
- Use case: clang
-
- Performed changes for Fedora release 19
-
- Adapted, improved test.sh script
-
- Red Hat issue 1021429: getgroupent fails with large number of groups;
- use getgrouplist() when available instead of sequence of calls to
- getgrent()
-
- Red Hat issue 1021948: snprintf API change;
- Implemented xio_snprintf() function as wrapper that tries to emulate C99
- behaviour on old glibc systems, and adapted all affected calls
- appropriately
-
- Mike Frysinger provided a patch that supports long long for time_t,
- socklen_t and a few other libc types.
-
- Artem Mygaiev extended Cedril Priscals Android build script with pty code
-
- The check for fips.h required stddef.h
- Thanks to Matt Hilt for reporting this issue and sending a patch
-
- Check for linux/errqueue.h failed on some systems due to lack of
- linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
-
- autoconf now prefers configure.ac over configure.in
- Thanks to Michael Vastola for sending a patch.
-
- type of struct cmsghdr.cmsg is system dependend, determine it with
- configure; some more print format corrections
-
-docu:
- libwrap always logs to syslog
-
- added actual text version of GPLv2
-
-####################### V 1.7.2.3:
-
-security:
- Socat security advisory 5
- CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
- overflow with data from command line (see socat-secadv5.txt)
- Credits to Florian Weimer of the Red Hat Product Security Team
-
-####################### V 1.7.2.2:
-
-security:
- Socat security advisory 4
- CVE-2013-3571:
- after refusing a client connection due to bad source address or source
- port socat shutdown() the socket but did not close() it, resulting in
- a file descriptor leak in the listening process, visible with lsof and
- possibly resulting in EMFILE Too many open files. This issue could be
- misused for a denial of service attack.
- Full credits to Catalin Mitrofan for finding and reporting this issue.
-
-####################### V 1.7.2.1:
-
-security:
- Socat security advisory 3
- CVE-2012-0219:
- fixed a possible heap buffer overflow in the readline address. This bug
- could be exploited when all of the following conditions were met:
- 1) one of the addresses is READLINE without the noprompt and without the
- prompt options.
- 2) the other (almost arbitrary address) reads malicious data (which is
- then transferred by socat to READLINE).
- Workaround: when using the READLINE address apply option prompt or
- noprompt.
- Full credits to Johan Thillemann for finding and reporting this issue.
-
-####################### V 1.7.2.0:
-
-corrections:
- when UNIX-LISTEN was applied to an existing file it failed as expected
- but removed the file. Thanks to Bjoern Bosselmann for reporting this
- problem
-
- fixed a bug where socat might crash when connecting to a unix domain
- socket using address GOPEN. Thanks to Martin Forssen for bug report and
- patch.
-
- UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
- when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
-
- UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
- pointed me to that bug
-
- TCP-CONNECT with option nonblock reported successful connect even when
- it was still pending
-
- address option ioctl-intp failed with "unimplemented type 26". Thanks
- to Jeremy W. Sherman for reporting and fixing that bug
-
- socat option -x did not print packet direction, timestamp etc; thanks
- to Anthony Sharobaiko for sending a patch
-
- address PTY does not take any parameters but did not report an error
- when some were given
-
- Marcus Meissner provided a patch that fixes invalid output and possible
- process crash when socat prints info about an unnamed unix domain
- socket
-
- Michal Soltys reported the following problem and provided an initial
- patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during
- data transfer only parts of the data might have been written.
-
- Option o-nonblock in combination with large transfer block sizes
- may result in partial writes and/or EAGAIN errors that were not handled
- properly but resulted in data loss or process termination.
-
- Fixed a bug that could freeze socat when during assembly of a log
- message a signal was handled that also printed a log message. socat
- development had been aware that localtime() is not thread safe but had
- only expected broken messages, not corrupted stack (glibc 2.11.1,
- Ubuntu 10.4)
-
- an internal store for child pids was susceptible to pid reuse which
- could lead to sporadic data loss when both fork option and exec address
- were used. Thanks to Tetsuya Sodo for reporting this problem and
- sending a patch
-
- OpenSSL server failed with "no shared cipher" when using cipher aNULL.
- Fixed by providing temporary DH parameters. Thanks to Philip Rowlands
- for drawing my attention to this issue.
-
- UDP-LISTEN slept 1s after accepting a connection. This is not required.
- Thanks to Peter Valdemar Morch for reporting this issue
-
- fixed a bug that could lead to error or socat crash after a client
- connection with option retry had been established
-
- fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be
- undefined
-
- improved dev_t print format definition
-
-porting:
- Cedril Priscal ported socat to Android (using Googles cross compiler).
- The port includes the socat_buildscript_for_android.sh script
-
- added check for component ipi_spec_dst in struct in_pktinfo so
- compilation does not fail on Cygwin (thanks to Peter Wagemans for
- reporting this problem)
-
- build failed on RHEL6 due to presence of fips.h; configure now checks
- for fipsld too. Thanks to Andreas Gruenbacher for reporting this
- problem
-
- check for netinet6/in6.h only when IPv6 is available and enabled
-
- don't fail to compile when the following defines are missing:
- IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT
- Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
-
- check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX
- Lion 7.1); thanks to Jerry Jacobs to reporting this problem and
- proposing a solution
-
- fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for
- providing the patch.
-
- corrections for OpenEmbedded, especially termios SHIFT values and
- ISPEED/OSPEED. Thanks to John Faith for providing the patch
-
- minor corrections to docu and test.sh resulting from local compilation
- on Openmoko SHR
-
- fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for
- reporting this issue and sending a patch.
-
- Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
- is now bsd/libutil.h; compiler warns on vars that is only written to
-
-new features:
- added option max-children that limits the number of concurrent child
- processes. Thanks to Sam Liddicott for providing the patch.
-
- Till Maas added support for tun/tap addresses without IP address
-
- added an option openssl-compress that allows to disable the compression
- feature of newer OpenSSL versions. Thanks to Michael Hanselmann for
- providing this contribution (sponsored by Google Inc.)
-
-docu:
- minor corrections in docu (thanks to Paggas)
-
- client process -> child process
-
-####################### V 1.7.1.3:
-
-security:
- Socat security advisory 2
- CVE-2010-2799:
- fixed a stack overflow vulnerability that occurred when command
- line arguments (whole addresses, host names, file names) were longer
- than 512 bytes.
- Note that this could only be exploited when an attacker was able to
- inject data into socat's command line.
- Full credits to Felix Gr�bert, Google Security Team, for finding and
- reporting this issue
-
-####################### V 1.7.1.2:
-
-corrections:
- user-late and group-late, when applied to a pty, affected the system
- device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
- pointing me to this bug)
-
- socats openssl addresses failed with "nonblocking operation did not
- complete" when the peer performed a renegotiation. Thanks to Benjamin
- Delpy for reporting this bug.
-
- info message during socks connect showed bad port number on little
- endian systems due to wrong byte order (thanks to Peter M. Galbavy for
- bug report and patch)
-
- Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
- to default. Thanks to Martin Dorey for reporting this bug.
-
-porting:
- building socat on systems that predefined the CFLAGS environment to
- contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
- this problem and to Simon Matter for providing the patch
-
- support for Solaris 8 and Sun Studio support (thanks to Sebastian
- Kayser for providing the patches)
-
- on some 64bit systems a compiler warning "cast from pointer to integer
- of different size" was issued on some option definitions
-
- added struct sockaddr_ll to union sockaddr_union to avoid "strict
- aliasing" warnings (problem reported by Paul Wouters)
-
-docu:
- minor corrections in docu
-
-####################### V 1.7.1.1:
-
-corrections:
- corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
- occur under those conditions. Thanks to Toni Mattila for first
- reporting this problem.
-
- ftruncate64 cut its argument to 32 bits on systems with 32 bit long type
-
- socat crashed on systems without setenv() (esp. SunOS up to Solaris 9);
- thanks to Todd Stansell for reporting this bug
-
- with unidirectional EXEC and SYSTEM a close() operation was performed
- on a random number which could result in hanging e.a.
-
- fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
- systems
-
- docu mentioned option so-bindtodev but correct name is so-bindtodevice.
- Thanks to Jim Zimmerman for reporting.
-
-docu changes:
- added environment variables example to doc/socat-multicast.html
-
-####################### V 1.7.1.0:
-
-new features:
- address options shut-none, shut-down, and shut-close allow to control
- socat's half close behaviour
-
- with address option shut-null socat sends an empty packet to the peer
- to indicate EOF
-
- option null-eof changes the behaviour of sockets that receive an empty
- packet to see EOF instead of ignoring it
-
- introduced option names substuser-early and su-e, currently equivalent
- to option substuser (thanks to Mike Perry for providing the patch)
-
-corrections:
- fixed some typos and improved some comments
-
-####################### V 1.7.0.1:
-
-corrections:
- fixed possible SIGSEGV in listening addresses when a new connection was
- reset by peer before the socket addresses could be retrieved. Thanks to
- Mike Perry for sending a patch.
-
- fixed a bug, introduced with version 1.7.0.0, that let client
- connections with option connect-timeout fail when the connections
- succeeded. Thanks to Bruno De Fraine for reporting this bug.
-
- option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
- and most UNIX-* and ABSTRACT-*
-
- half close of EXEC and SYSTEM addresses did not work for pipes and
- sometimes socketpair
-
- help displayed for some option a wrong type
-
- under some circumstances shutdown was called multiple times for the
- same fd
-
-####################### V 1.7.0.0:
-
-new features:
- new address types SCTP-CONNECT and SCTP-LISTEN implement SCTP stream
- mode for IPv4 and IPv6; new address options sctp-maxseg and
- sctp-nodelay (suggested by David A. Madore; thanks to Jonathan Brannan
- for providing an initial patch)
-
- new address "INTERFACE" for transparent network interface handling
- (suggested by Stuart Nicholson)
-
- added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
- SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
- protocol independent socket handling; all parameters are explicitely
- specified as numbers or hex data
-
- added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
- ioctl-bin for generic ioctl() calls.
-
- added address options setsockopt-int, setsockopt-bin, and
- setsockopt-string for generic setsockopt() calls
-
- option so-type now only affects the socket() and socketpair() calls,
- not the name resolution. so-type and so-prototype can now be applied to
- all socket based addresses.
-
- new address option "escape" allows to break a socat instance even when
- raw terminal mode prevents ^C etc. (feature suggested by Guido Trotter)
-
- socat sets environment variables SOCAT_VERSION, SOCAT_PID, SOCAT_PPID
- for use in executed scripts
-
- socat sets environment variables SOCAT_SOCKADDR, SOCAT_SOCKPORT,
- SOCAT_PEERADDR, SOCAT_PEERPORT in LISTEN type addresses (feature
- suggested by Ed Sawicki)
-
- socat receives all ancillary messages with each received packet on
- datagram related addresses. The messages are logged in raw form with
- debug level, and broken down with info level. note: each type of
- ancillary message must be enabled by appropriate address options.
-
- socat provides the contents of ancillary messages received on RECVFROM
- addresses in appropriate environment variables:
- SOCAT_TIMESTAMP, SOCAT_IP_DSTADDR, SOCAT_IP_IF, SOCAT_IP_LOCADDR,
- SOCAT_IP_OPTIONS, SOCAT_IP_TOS, SOCAT_IP_TTL, SOCAT_IPV6_DSTADDR,
- SOCAT_IPV6_HOPLIMIT, SOCAT_IPV6_TCLASS
-
- the following address options were added to enable ancillary messages:
- so-timestamp, ip-pktinfo (not BSD), ip-recvdstaddr (BSD), ip-recverr,
- ip-recvif (BSD), ip-recvopts, ip-recvtos, ip-recvttl, ipv6-recvdstopts,
- ipv6-recverr, ipv6-recvhoplimit, ipv6-recvhopopts, ipv6-recvpathmtu,
- ipv6-recvpktinfo, ipv6-recvrthdr, ipv6-recvtclass
-
- new address options ipv6-tclass and ipv6-unicast-hops set the related
- socket options.
-
- STREAMS (UNIX System V STREAMS) can be configured with the new address
- options i-pop-all and i-push (thanks to Michal Rysavy for providing a
- patch)
-
-corrections:
- some raw IP and UNIX datagram modes failed on BSD systems
-
- when UDP-LISTEN continued to listen after packet dropped by, e.g.,
- range option, the old listen socket would not be closed but a new one
- created. open sockets could accumulate.
-
- there was a bug in ip*-recv with bind option: it did not bind, and
- with the first received packet an error occurred:
- socket_init(): unknown address family 0
- test: RAWIP4RECVBIND
-
- RECVFROM addresses with FORK option hung after processing the first
- packet. test: UDP4RECVFROM_FORK
-
- corrected a few mistakes that caused compiler warnings on 64bit hosts
- (thanks to Jonathan Brannan e.a. for providing a patch)
-
- EXEC and SYSTEM with stderr injected socat messages into the data
- stream. test: EXECSTDERRLOG
-
- when the EXEC address got a string with consecutive spaces it created
- additional empty arguments (thanks to Olivier Hervieu for reporting
- this bug). test: EXECSPACES
-
- in ignoreeof polling mode socat also blocked data transfer in the other
- direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
- reporting this bug)
-
- corrected alphabetical order of options (proxy-auth)
-
- some minor corrections
-
- improved test.sh script: more stable timing, corrections for BSD
-
- replaced the select() calls by poll() to cleanly fix the problems with
- many file descriptors already open
-
- socat option -lf did not log to file but to stderr
-
- socat did not compile on Solaris when configured without termios
- feature (thanks to Pavan Gadi for reporting this bug)
-
-porting:
- socat compiles and runs on AIX with gcc (thanks to Andi Mather for his
- help)
-
- socat compiles and runs on Cygwin (thanks to Jan Just Keijser for his
- help)
-
- socat compiles and runs on HP-UX with gcc (thanks to Michal Rysavy for
- his help)
-
- socat compiles and runs on MacOS X (thanks to Camillo Lugaresi for his
- help)
-
-further changes:
- filan -s prefixes output with FD number if more than one FD
-
- Makefile now supports datarootdir (thanks to Camillo Lugaresi for
- providing the patch)
-
- cleanup in xio-unix.c
-
-####################### V 1.6.0.1:
-
-new features:
- new make target "gitclean"
-
- docu source doc/socat.yo released
-
-corrections:
- exec:...,pty did not kill child process under some circumstances; fixed
- by correcting typo in xio-progcall.c (thanks to Ralph Forsythe for
- reporting this problem)
-
- service name resolution failed due to byte order mistake
- (thanks to James Sainsbury for reporting this problem)
-
- socat would hang when invoked with many file descriptors already opened
- fix: replaced FOPEN_MAX with FD_SETSIZE
- thanks to Daniel Lucq for reporting this problem.
-
- fixed bugs where sub processes would become zombies because the master
- process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
- UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
- ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
- (thanks to Fernanda G Weiden for reporting this problem)
-
- fixed a bug where sub processes would become zombies because the master
- process caught SIGCHLD but did not wait(). this affected addresses
- UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
- (thanks to Evan Borgstrom for reporting this problem)
-
- corrected option handling with STDIO; usecase: cool-write
-
- configure --disable-pty also disabled option waitlock
-
- fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
- (thanks to Roland Illig for sending a patch)
-
- corrected name of option intervall to interval (old form still valid
- for us German speaking guys)
-
- corrected some print statements and variable names
-
- make uninstall did not uninstall procan
-
- fixed lots of weaknesses in test.sh
-
- corrected some bugs and typos in doc/socat.yo, EXAMPLES, C comments
-
-further changes:
- procan -c prints C defines important for socat
-
- added test OPENSSLEOF for OpenSSL half close
-
-####################### V 1.6.0.0:
-
-new features:
- new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
- and multicast modes
-
- new option ip-add-membership for control of multicast group membership
-
- new address TUN for generation of Linux TUN/TAP pseudo network
- interfaces (suggested by Mat Caughron); associated options tun-device,
- tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
-
- new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
- ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
- on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
- socklen parameter on system calls.
-
- option end-close for control of connection closing allows FD sharing
- by sub processes
-
- range option supports form address:mask with IPv4
-
- changed behaviour of OPENSSL-LISTEN to require and verify client
- certificate per default
-
- options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
- grained locking on regular files
-
- uninstall target in Makefile (lack reported by Zeeshan Ali)
-
-corrections:
- fixed bug where only first tcpwrap option was applied; fixed bug where
- tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
- and fixing this bug)
-
- filan (and socat -D) could hang when a socket was involved
-
- corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
- Roberto Mackun)
-
- correct bind with udp6-listen (thanks to Jan Horak for reporting this
- bug)
-
- corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
- (thanks to Leo Zhadanovsky for reporting this problem)
-
- corrected problem with read data buffered in OpenSSL layer (thanks to
- Jon Nelson for reporting this bug)
-
- corrected problem with option readbytes when input stream stayed idle
- after so many bytes
-
- fixed a bug where a datagram receiver with option fork could fork two
- sub processes per packet
-
-further changes:
- moved documentation to new doc/ subdir
-
- new documents (kind of mini tutorials) are provided in doc/
-
-####################### V 1.5.0.0:
-
-new features:
- new datagram modes for udp, rawip, unix domain sockets
-
- socat option -T specifies inactivity timeout
-
- rewrote lexical analysis to allow nested socat calls
-
- addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
-
- socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
- SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
-
- addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
-
- option protocol-family (pf), esp. for openssl-listen
-
- range option supports IPv6 - syntax: range=[::1/128]
-
- option ipv6-v6only (ipv6only)
-
- new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
-
- FIPS version of OpenSSL can be integrated - initial patch provided by
- David Acker. See README.FIPS
-
- support for resolver options res-debug, aaonly, usevc, primary, igntc,
- recurse, defnames, stayopen, dnsrch
-
- options for file attributes on advanced filesystems (ext2, ext3,
- reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
- ext2-noatime, journal-data etc.
-
- option cool-write controls severeness of write failure (EPIPE,
- ECONNRESET)
-
- option o-noatime
-
- socat option -lh for hostname in log output
-
- traffic dumping provides packet headers
-
- configure.in became part of distribution
-
- socats unpack directory now has full version, e.g. socat-1.5.0.0/
-
- corrected docu of option verify
-
-corrections:
- fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
-
- exec with pipes,stderr produced error
-
- setuid-early was ignored with many address types
-
- some minor corrections
-
-####################### V 1.4.3.1:
-
-corrections:
- PROBLEM: UNIX socket listen accepted only one (or a few) connections.
- FIX: do not remove listening UNIX socket in child process
-
- PROBLEM: SIGSEGV when TCP part of SSL connect failed
- FIX: check ssl pointer before calling SSL_shutdown
-
- In debug mode, show connect client port even when connect fails
-
-####################### V 1.4.3.0:
-
-new features:
- socat options -L, -W for application level locking
-
- options "lockfile", "waitlock" for address level locking
- (Stefan Luethje)
-
- option "readbytes" limits read length (Adam Osuchowski)
-
- option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
-
- pty symlink, unix listen socket, and named pipe are per default removed
- after use; option unlink-close overrides this new behaviour and also
- controls removal of other socat generated files (Stefan Luethje)
-
-corrections:
- option "retry" did not work with tcp-listen
-
- EPIPE condition could result in a 100% CPU loop
-
-further changes:
- support systems without SHUT_RD etc.
- handle more size_t types
- try to find makedepend options with gcc 3 (richard/OpenMacNews)
-
-####################### V 1.4.2.0:
-
-new features:
- option "connect-timeout" limits wait time for connect operations
- (requested by Giulio Orsero)
-
- option "dhparam" for explicit Diffie-Hellman parameter file
-
-corrections:
- support for OpenSSL DSA certificates (Miika Komu)
-
- create install directories before copying files (Miika Komu)
-
- when exiting on signal, return status 128+signum instead of 1
-
- on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
- Mantinan)
-
- -lu could cause a core dump on long messages
-
-further changes:
- modifications to simplify using socats features in applications
-
-####################### V 1.4.1.0:
-
-new features:
- option "wait-slave" blocks open of pty master side until a client
- connects, "pty-intervall" controls polling
-
- option -h as synonym to -? for help (contributed by Christian
- Lademann)
-
- filan prints formatted time stamps and rdev (disable with -r)
-
- redirect filan's output, so stdout is not affected (contributed by
- Luigi Iotti)
-
- filan option -L to follow symbolic links
-
- filan shows termios control characters
-
-corrections:
- proxy address no longer performs unsolicited retries
-
- filan -f no longer needs read permission to analyze a file (but still
- needs access permission to directory, of course)
-
-porting:
- Option dsusp
- FreeBSD options noopt, nopush, md5sig
- OpenBSD options sack-disable, signature-enable
- HP-UX, Solaris options abort-threshold, conn-abort-threshold
- HP-UX options b900, b3600, b7200
- Tru64/OSF1 options keepinit, paws, sackena, tsoptena
-
-further corrections:
- address pty now uses ptmx as default if openpty is also available
-
-####################### V 1.4.0.3:
-
-security:
- Socat security advisory 1
- CVE-2004-1484:
- fix to a syslog() based format string vulnerability that can lead to
- remote code execution. See advisory socat-adv-1.txt
-
-####################### V 1.4.0.2:
-
-corrections:
- exec'd write-only addresses get a chance to flush before being killed
-
- error handler: print notice on error-exit
-
- filan printed wrong file type information
-
-####################### V 1.4.0.1:
-
-corrections:
- socks4a constructed invalid header. Problem found, reported, and fixed
- by Thomas Themel, by Peter Palfrader, and by rik
-
- with nofork, don't forget to apply some process related options
- (chroot, setsid, setpgid, ...)
-
-####################### V 1.4.0.0:
-
-new features:
- simple openssl server (ssl-l), experimental openssl trust
-
- new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
- openssl
-
- new options "retry", "forever", and "intervall"
-
- option "fork" for address TCP improves `gender changer�
-
- options "sigint", "sigquit", and "sighup" control passing of signals to
- sub process (thanks to David Shea who contributed to this issue)
-
- readline takes respect to the prompt issued by the peer address
-
- options "prompt" and "noprompt" allow to override readline's new
- default behaviour
-
- readline supports invisible password with option "noecho"
-
- socat option -lp allows to set hostname in log output
-
- socat option -lu turns on microsecond resolution in log output
-
-
-corrections:
- before reading available data, check if writing on other channel is
- possible
-
- tcp6, udp6: support hostname specification (not only IP address), and
- map IP4 names to IP6 addresses
-
- openssl client checks server certificate per default
-
- support unidirectional communication with exec/system subprocess
-
- try to restore original terminal settings when terminating
-
- test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
-
- socks4 failed on platforms where long does not have 32 bits
- (thanks to Peter Palfrader and Thomas Seyrat)
-
- hstrerror substitute wrote wrong messages (HP-UX, Solaris)
-
- proxy error message was truncated when answer contained multiple spaces
-
-
-porting:
- compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
-
-####################### V 1.3.2.2:
-
-corrections:
- PROXY CONNECT failed when the status reply from the proxy server
- contained more than one consecutive spaces. Problem reported by
- Alexandre Bezroutchko
-
- do not SIGSEGV when proxy address fails to resolve server name
-
- udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
- Problem reported by Christoph Schittel
-
- test.sh only tests available features
-
- added missing IP and TCP options in filan analyzer
-
- do not apply stdio address options to both directions when in
- unidirectional mode
-
- on systems lacking /dev/*random and egd, provide (weak) entropy from
- libc random()
-
-
-porting:
- changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
-
- compiles on True64, FreeBSD (again), NetBSD, OpenBSD
-
- support for long long as st_ino type (Cygwin 1.5)
-
- compile on systems where pty can not be featured
-
-####################### V 1.3.2.1:
-
-corrections:
- "final" solution for the ENOCHLD problem
-
- corrected "make strip"
-
- default gcc debug/opt is "-O" again
-
- check for /proc at runtime, even if configure found it
-
- src.rpm accidently supported SuSE instead of RedHat
-
-####################### V 1.3.2.0:
-
-new features:
- option "nofork" connects an exec'd script or program directly
- to the file descriptors of the other address, circumventing the socat
- transfer engine
-
- support for files >2GB, using ftruncate64(), lseek64(), stat64()
-
- filan has new "simple" output style (filan -s)
-
-
-porting:
- options "binary" and "text" for controlling line termination on Cygwin
- file system access (hint from Yang Wu-Zhou)
-
- fix by Yang Wu-Zhou for the Cygwin "No Children" problem
-
- improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
- John DuBois)
-
- minor corrections to avoid warnings with gcc 3
-
-
-further corrections and minor improvements:
- configure script is generated with autoconf 2.57 (no longer 2.52)
-
- configure passes CFLAGS to Makefile
-
- option -??? for complete list of address options and their short forms
-
- program name in syslog messages is derived from argv[0]
-
- SIGHUP now prints notice instead of error
-
- EIO during read of pty now gives Notice instead of Error, and
- triggers EOF
-
- use of hstrerror() for printing resolver error messages
-
- setgrent() got required endgrent()
-
-####################### V 1.3.1.0:
-
-new features:
- integration of Wietse Venema's tcpwrapper library (libwrap)
-
- with "proxy" address, option "resolve" controls if hostname or IP
- address is sent in request
-
- option "lowport" establishes limited authorization for TCP and UDP
- connections
-
- improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
- An accompanying change in the numbering scheme results in an
- incompatibility with earlier socat RPMs!
-
-
-solved problems and bugs:
- PROBLEM: socat daemon terminated when the address of a connecting
- client did not match range option value instead of continue listening
- SOLVED: in this case, print warning instead of error to keep daemon
- active
-
- PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
- processes
- SOLVED: dont assume that each exiting child process generates SIGCHLD
-
- when converting CRNL to CR, socat converted to NL
-
-
-further corrections:
- configure script now disables features that depend on missing files
- making it more robust in "unsupported" environments
-
- server.pem permissions corrected to 600
-
- "make install" now does not strip; use "make strip; make install"
- if you like strip (suggested by Peter Bray)
-
-####################### V 1.3.0.1:
-
-solved problems and bugs:
- PROBLEM: OPENSSL did not apply tcp, ip, and socket options
- SOLVED: OPENSSL now correctly handles the options list
-
- PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
- block boundary
- SOLVED: these conversions now simply strip all CR's or NL's from input
- stream
-
-
-porting:
- SunOS ptys now work on x86, too (thanks to Peter Bray)
-
- configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
-
-
-further corrections:
- added WITH_PROXY value to -V output
-
- added compile dependencies of WITH_PTY and WITH_PROXY
-
- -?? did not print option group of proxy options
-
- corrected syntax for bind option in docu
-
- corrected an issue with stdio in unidirectional mode
-
- options socksport and proxyport support service names
-
- ftp.sh script supports proxy address
-
- man page no longer installed with execute permissions (thanks to Peter
- Bray)
-
- fixed a malloc call bug that could cause SIGSEGV or false "out of
- memory" errors on EXEC and SYSTEM, depending on program name length and
- libc.
-
-####################### V 1.3.0.0:
-
-new features:
- proxy connect with optional proxy authentication
-
- combined hex and text dump mode, credits to Gregory Margo
-
- address pty applies options user, group, and perm to device
-
-
-solved problems and bugs:
- PROBLEM: option reuseport was not applied (BSD, AIX)
- SOLVED: option reuseport now in phase PASTSOCKET instead of PREBIND,
- credits to Jean-Baptiste Marchand
-
- PROBLEM: ignoreeof with stdio was ignored
- SOLVED: ignoreeof now works correctly with address stdio
-
- PROBLEM: ftp.sh did not use user supplied password
- SOLVED: ftp.sh now correctly passes password from command line
-
- PROBLEM: server.pem had expired
- SOLVED: new server.pem valid for ten years
-
- PROBLEM: socks notice printed wrong port on some platforms
- SOLVED: socks now uses correct byte-order for port number in notice
-
-
-further corrections:
- option name o_trunc corrected to o-trunc
-
- combined use of -u and -U is now detected and prevented
-
- made message system a little more robust against format string attacks
-
-
-####################### V 1.2.0.0:
-
-new features:
- address pty for putting socat behind a new pseudo terminal that may
- fake a serial line, modem etc.
-
- experimental openssl integration
- (it does not provide any trust between the peers because is does not
- check certificates!)
-
- options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
- locking mechanism provided by flock()
-
- options setsid and setpgid now available with all address types
-
- option ctty (controlling terminal) now available for all TERMIOS
- addresses
-
- option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
- replaced by options o-trunc and ftruncate=offset
-
- option sourceport now available with TCP and UDP listen addresses to
- restrict incoming client connections
-
- unidirectional mode right-to-left (-U)
-
-
-solved problems and bugs:
- PROBLEM: addresses without required parameters but an option containing
- a '/' were incorrectly interpreted as implicit GOPEN address
- SOLVED: if an address does not have ':' separator but contains '/',
- check if the slash is before the first ',' before assuming
- implicit GOPEN.
-
-
-porting:
- ptys under SunOS work now due to use of stream options
-
-
-further corrections:
- with -d -d -d -d -D, don't print debug info during file analysis
-
-
-####################### V 1.1.0.1:
-
-new features:
- .spec file for RPM generation
-
-
-solved problems and bugs:
- PROBLEM: GOPEN on socket did not apply option unlink-late
- SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
- options
-
- PROBLEM: with unidirectional mode, an unnecessary close timeout was
- applied
- SOLUTION: in unidirectional mode, terminate without wait time
-
- PROBLEM: using GOPEN on a unix domain socket failed for datagram
- sockets
- SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
-
-
-further corrections:
-
- open() flag options had names starting with "o_", now corrected to "o-"
-
- in docu, *-listen addresses were called *_listen
-
- address unix now called unix-connect because it does not handle unix
- datagram sockets
-
- in test.sh, apply global command line options with all tests
-
-
-####################### V 1.1.0.0:
-
-new features:
- regular man page and html doc - thanks to kromJx for prototype
-
- new address type "readline", utilizing GNU readline and history libs
-
- address option "history-file" for readline
-
- new option "dash" to "exec" address that allows to start login shells
-
- syslog facility can be set per command line option
-
- new address option "tcp-quickack", found in Linux 2.4
-
- option -g prevents option group checking
-
- filan and procan can print usage
-
- procan prints rlimit infos
-
-
-solved problems and bugs:
- PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
- SOLVED: set eof flag of channel on shutdown.
-
- PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
- and has data available while channel 1 reaches EOF, the data is
- lost.
- SOLVED: during one loop run, first handle all data transfers and
- _afterwards_ handle EOF.
-
- PROBLEM: despite to option NONBLOCK, the connect() call blocked
- SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
-
- PROBLEM: UNLINK options issued error when file did not exist,
- terminating socat
- SOLVED: failure of unlink() is only warning if errno==ENOENT
-
- PROBLEM: TCP6-LISTEN required numeric port specification
- SOLVED: now uses common TCP service resolver
-
- PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
- SOLVED: retrieval of FDs now pays respect to PIPE pecularities
-
- PROBLEM: using address EXEC against an address with IGNOREEOF, socat
- never terminated
- SOLVED: corrected EOF handling of sigchld
-
-
-porting:
- MacOS and old AIX versions now have pty
-
- flock() now available on Linux (configure check was wrong)
-
- named pipe were generated using mknod(), which requires root under BSD
- now they are generated using mkfifo
-
-
-further corrections:
- lots of address options that were "forgotten" at runtime are now
- available
-
- option BINDTODEVICE now also called SO-BINDTODEVICE, IF
-
- "make install" now installs binaries with ownership 0:0
-
-
-####################### V 1.0.4.2:
-
-solved problems and bugs:
- PROBLEM: EOF of one stream caused close of other stream, giving it no
- chance to go down regularly
- SOLVED: EOF of one stream now causes shutdown of write part of other
- stream
-
- PROBLEM: sending mail via socks address to qmail showed that crlf
- option does not work
- SOLVED: socks address applies PH_LATE options
-
- PROBLEM: in debug mode, no info about socat and platform was issued
- SOLVED: print socat version and uname output in debug mode
-
- PROBLEM: invoking socat with -t and no following parameters caused
- SIGSEGV
- SOLVED: -t and -b now check next argv entry
-
- PROBLEM: when opening of logfile (-lf) failed, no error was reported
- and no further messages were printed
- SOLVED: check result of fopen and print error message if it failed
-
-new features:
- address type UDP-LISTEN now supports option fork: it internally applies
- socket option SO_REUSEADDR so a new UDP socket can bind to port after
- `accepting� a connection (child processes might live forever though)
- (suggestion from Damjan Lango)
-
-
-####################### V 1.0.4.1:
-
-solved problems and bugs:
- PROB: assert in libc caused an endless recursion
- SOLVED: no longer catch SIGABRT
-
- PROB: socat printed wrong verbose prefix for "right to left" packets
- SOLVED: new parameter for xiotransfer() passes correct prefix
-
-new features:
- in debug mode, socat prints its command line arguments
- in verbose mode, escape special characters and replace unprintables
- with '.'. Patch from Adrian Thurston.
-
-
-####################### V 1.0.4.0:
-
-solved problems and bugs:
- Debug output for lstat and fstat said "stat"
-
-further corrections:
- FreeBSD now includes libutil.h
-
-new features:
- option setsid with exec/pty
- option setpgid with exec/pty
- option ctty with exec/pty
- TCP V6 connect test
- gettimeofday in sycls.c (no use yet)
-
-porting:
- before Gethostbyname, invoke inet_aton for MacOSX
-
-
-####################### V 1.0.3.0:
-
-solved problems and bugs:
-
- PROB: test 9 of test.sh (echo via file) failed on some platforms,
- socat exited without error message
- SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
-
- PROB: test 17 hung forever
- REASON: child death before select loop did not result in EOF
- SOLVED: check of existence of children before starting select loop
-
- PROB: test 17 failed
- REASON: child dead triggered EOF before last data was read
- SOLVED: after child death, read last data before setting EOF
-
- PROB: filan showed that exec processes incorrectly had fd3 open
- REASON: inherited open fd3 from main process
- SOLVED: set CLOEXEC flag on pty fd in main process
-
- PROB: help printed "undef" instead of group "FORK"
- SOLVED: added "FORK" to group name array
-
- PROB: fatal messages did not include severity classifier
- SOLVED: added "F" to severity classifier array
-
- PROB: IP6 addresses where printed incorrectly
- SOLVED: removed type casts to unsigned short *
-
-further corrections:
- socat catches illegal -l modes
- corrected error message on setsockopt(linger)
- option tabdly is of type uint
- correction for UDP over IP6
- more cpp conditionals, esp. for IP6 situations
- better handling of group NAMED options with listening UNIX sockets
- applyopts2 now includes last given phase
- corrected option group handling for most address types
- introduce dropping of unappliable options (dropopts, dropopts2)
- gopen now accepts socket and unix-socket options
- exec and system now accept all socket and termios options
- child process for exec and system addresses with option pty
- improved descriptions and options for EXAMPLES
- printf format for file mode changed to "0%03o" with length spec.
- added va_end() in branch of msg()
- changed phase of lock options from PASTOPEN to FD
- support up to four early dying processes
-
-structural changes:
- xiosysincludes now includes sysincludes.h for non xio files
-
-new features:
- option umask
- CHANGES file
- TYPE_DOUBLE, u_double
- OFUNC_OFFSET
- added getsid(), setsid(), send() to sycls
- procan prints sid (session id)
- mail.sh gets -f (from) option
- new EXAMPLEs for file creation
- gatherinfo.sh now tells about failures
- test.sh can check for much more address/option combinations
-
-porting:
- ispeed, ospeed for termios on FreeBSD
- getpgid() conditional for MacOS 10
- added ranlib in Makefile.in for MacOS 10
- disable pty option if no pty mechanism is available (MacOS 10)
- now compiles and runs on MacOS 10 (still some tests fail)
- setgroups() conditional for cygwin
- sighandler_t defined conditionally
- use gcc option -D_GNU_SOURCE
diff --git a/EXAMPLES b/EXAMPLES
index 51b10ff..9ace4c4 100644
--- a/EXAMPLES
+++ b/EXAMPLES
@@ -67,7 +67,7 @@ $ socat \
TCP-LISTEN:8000,crlf \
SYSTEM:"echo HTTP/1.0 200; echo Content-Type\: text/plain; echo; cat"
-// A less primitive HTTP echo server that sends back not only the reqest but
+// A less primitive HTTP echo server that sends back not only the request but
// also server and client address and port. Might have portability issues with
// echo
$ socat -T 1 -d -d \
@@ -131,7 +131,7 @@ $ socat \
///////////////////////////////////////////////////////////////////////////////
// Intrusion testing
-// Found an XWindow Server behind IP filters with FTP data hole? (you are
+// Found an X-Window Server behind IP filters with FTP data hole? (you are
// lucky!)
// prepare your host:
# rm -f /tmp/.X11-unix/X1
@@ -241,7 +241,7 @@ $ socat - /tmp/postoffice
// Uses of filan
// See what your operating system opens for you
$ filan
-// or if that was too detailled
+// or if that was too detailed
$ filan -s
// See what file descriptors are passed via exec function
$ socat - EXEC:"filan -s",nofork
@@ -342,7 +342,7 @@ socat \
// three main versions for entering password:
// 1) from your TTY; have 10 seconds to enter password:
(sleep 10; echo "ls"; sleep 1) |socat - EXEC:'ssh server',pty
-// 2) from XWindows (DISPLAY !); again 10 seconds
+// 2) from X-Windows (DISPLAY !); again 10 seconds
(sleep 10; echo "ls"; sleep 1) |socat - EXEC:'ssh server',pty,setsid
// 3) from script
(sleep 5; echo PASSWORD; echo ls; sleep 1) |./socat - EXEC:'ssh server',pty,setsid,ctty
diff --git a/FAQ b/FAQ
index 51d8c1b..d3845eb 100644
--- a/FAQ
+++ b/FAQ
@@ -60,7 +60,7 @@ Q: When I specify a dual address (two partial addresses linked with "!!") on
the command line, I get some message "event not found", and my shell history
has the line truncated. Not even protecting the '!'s with '\' helps.
-A: '!' is appearently used by your shell as history expansion character. Say
+A: '!' is apparently used by your shell as history expansion character. Say
"set +H" and add this line to your (bash) profile.
diff --git a/PORTING b/PORTING
index 0571bf7..2cbb8f1 100644
--- a/PORTING
+++ b/PORTING
@@ -51,7 +51,7 @@ ACTIVE PHASE:
. xioopts.h: enum e_optcode (sorted numerically/alphabetically by name)
. xio-*.c: select the appropriate address file (e.g., xio-tcp.c for
TCP-options) and make a record of type struct optdesc: opt_newoption
- . xio-*.h: the declation of struct optdesc
+ . xio-*.h: the declaration of struct optdesc
. xioopts.c: add records to struct optname optionnames for all appropriate
names (sorted strictly ASCII for binary search)
. filan.c: add the option to the appropriate array (sockopts, ipopts,
diff --git a/README.FIPS b/README.FIPS
index 0452844..2b92ea0 100644
--- a/README.FIPS
+++ b/README.FIPS
@@ -29,7 +29,7 @@ initializes things so after a fork, the child must reinitialize. When the
ssl code detects a forks occur and if FIPS mode was enabled, it reinitializes
FIPS by disabling and then enabling it again.
-To produce Davids enviroment, do the following:
+To produce Davids environment, do the following:
To build openssl
download OpenSSL 0.9.7j-fips-dev from
http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz
diff --git a/SECURITY b/SECURITY
index 0e10075..27f295a 100644
--- a/SECURITY
+++ b/SECURITY
@@ -24,7 +24,7 @@ avoid accessing files in world-writable directories like /tmp
* When using socat with system, exec, or in a shell script, know what you do
-* With system and exec, use absolute pathes or set the path option
+* With system and exec, use absolute paths or set the path option
* When starting programs with socat, consider using the chroot option (this
requires root, so use the substuser option too).
diff --git a/configure.ac b/configure.ac
index da5d4e3..3c5cc5b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,7 +39,7 @@ AC_PROG_RANLIB
AC_SUBST(AR)
AC_CHECK_PROG(AR, ar, ar, gar)
#
-# we need to explicitely call this here; otherwise, with --disable-libwrap we
+# we need to explicitly call this here; otherwise, with --disable-libwrap we
# fail
AC_LANG_COMPILER_REQUIRE()
@@ -2250,7 +2250,7 @@ AC_TRY_COMPILE([#include <resolv.h>],
dnl "tcpd" "tcpwrappers"
# on some platforms, raw linking with libwrap fails because allow_severity and
-# deny_severity are not explicitely defined. Thus we put the libwrap part to
+# deny_severity are not explicitly defined. Thus we put the libwrap part to
# the end
AC_MSG_CHECKING(whether to include libwrap support)
AC_ARG_ENABLE(libwrap, [ --disable-libwrap disable libwrap support],
diff --git a/doc/socat-genericsocket.html b/doc/socat-genericsocket.html
index 0525696..2ad1440 100644
--- a/doc/socat-genericsocket.html
+++ b/doc/socat-genericsocket.html
@@ -10,7 +10,7 @@
<h2>Introduction</h2>
<p>Beginning with version 1.7.0 socat provides means to freely control
important aspects of socket handling. This allows to experiment with socket
- types and protocols that are not explicitely implemented in socat.
+ types and protocols that are not explicitly implemented in socat.
</p>
<p>The related socat features fall into three major categories:<p>
@@ -216,7 +216,7 @@ struct sockaddr_at {
</p>
<p>The address family component must be omitted from the socket address because
- it is added by socat implicitely. The resulting hexadecimal representation of
+ it is added by socat implicitly. The resulting hexadecimal representation of
the target socket address is therefore:
</p>
<tt>x40x00xff00xf3x00x0000000000000000</tt>
@@ -287,7 +287,7 @@ struct sockaddr_at {
and for bind and range options. The basis is the <tt>struct sockaddr_*</tt> for
the respective address family that should be declared in the C include files.
Please keep in mind that their first two bytes (<tt>sa_family</tt> and - on BSD
-- <tt>sa_len</tt>) are implicitely prepended by socat.</p>
+- <tt>sa_len</tt>) are implicitly prepended by socat.</p>
<h4>Linux on 32bit Intel:</h4>
diff --git a/doc/socat.yo b/doc/socat.yo
index 6cfd907..4690543 100644
--- a/doc/socat.yo
+++ b/doc/socat.yo
@@ -1301,7 +1301,7 @@ label(ADDRESS_TCP6_LISTEN)dit(bf(tt(TCP6-LISTEN:<port>)))
link(ipv6only)(OPTION_IPV6_V6ONLY)nl()
Option groups: link(FD)(GROUP_FD),link(SOCKET)(GROUP_SOCKET),link(LISTEN)(GROUP_LISTEN),link(CHILD)(GROUP_CHILD),link(RANGE)(GROUP_RANGE),link(IP6)(GROUP_IP6),link(TCP)(GROUP_TCP),link(RETRY)(GROUP_RETRY) nl()
label(ADDRESS_TUN)dit(bf(tt(TUN[:<if-addr>/<bits>])))
- Creates a Linux TUN/TAP device and optionally assignes it the address and
+ Creates a Linux TUN/TAP device and optionally assigns it the address and
netmask given by the parameters. The resulting network interface is almost
ready for use by other processes; socat serves its "wire side". This address
requires read and write access to the tunnel cloning device, usually
@@ -2150,7 +2150,7 @@ label(OPTION_SETGID)dit(bf(tt(setgid=<group>)))
processing the address. This call might require root privilege. Please note
that this option does not drop other group related privileges.
label(OPTION_SETGID_EARLY)dit(bf(tt(setgid-early=<group>)))
- Like link(setgit)(OPTION_SETGID) but is performed before opening the address.
+ Like link(setgid)(OPTION_SETGID) but is performed before opening the address.
label(OPTION_SETUID)dit(bf(tt(setuid=<user>)))
Changes the link(<user>)(TYPE_USER) (owner) of the process after processing
the address. This call might require root privilege. Please note that this
@@ -2203,7 +2203,7 @@ label(OPTION_NOECHO)dit(bf(tt(noecho=<pattern>)))
Specifies a regular pattern for a prompt that prevents the following input
line from being displayed on the screen and from being added to the history.
The prompt is defined as the text that was output to the readline address
- after the lastest newline character and before an input character was
+ after the last newline character and before an input character was
typed. The pattern is a regular expression, e.g.
"^[Pp]assword:.*$" or "([Uu]ser:|[Pp]assword:)". See NOEXPAND(regex(7)) for details.
(link(example)(EXAMPLE_OPTION_NOECHO))
@@ -2382,7 +2382,7 @@ COMMENT(label(OPTION_SECURITYENCRYPTIONNETWORK)dit(bf(tt(securityencryptionnetwo
COMMENT(label(OPTION_SECURITYENCRYPTIONTRANSPORT)dit(bf(tt(securityencryptiontransport)))
Set the code(SO_SECURITY_ENCRYPTION_TRANSPORT) socket option.)
COMMENT(label(OPTION_SIOCSPGRP)dit(bf(tt(siocspgrp=<pid_t>)))
- Set the SIOCSPGRP with code(ioclt()) to enable SIGIO.)
+ Set the SIOCSPGRP with code(ioctl()) to enable SIGIO.)
COMMENT(label(OPTION_USEIFBUFS)dit(bf(tt(useifbufs)))
Set the code(SO_USE_IFBUFS) socket option.)
label(OPTION_SO_TIMESTAMP)dit(bf(tt(so-timestamp)))
@@ -3365,7 +3365,7 @@ label(OPTION_OPENSSL_PSEUDO)dit(bf(tt(pseudo)))
gathering daemon can be utilized, this option activates a mechanism for
providing pseudo entropy. This is achieved by taking the current time in
microseconds for feeding the libc pseudo random number generator with an
- initial value. openssl is then feeded with output from NOEXPAND(random()) calls.nl()
+ initial value. openssl is then fed with output from NOEXPAND(random()) calls.nl()
NOTE:This mechanism is not sufficient for generation of secure keys!
label(OPTION_OPENSSL_COMPRESS)dit(bf(tt(compress)))
Enable or disable the use of compression for a connection. Setting this to
@@ -3612,10 +3612,10 @@ label(TYPE_LONG)dit(long)
label(TYPE_LONGLONG)dit(long long)
A number read with code(strtoll()). The value must fit into a C long long.
label(TYPE_OFF)dit(off_t)
- An implementation dependend signed number, usually 32 bits, read with strtol
+ An implementation dependent signed number, usually 32 bits, read with strtol
or strtoll.
label(TYPE_OFF64)dit(off64_t)
- An implementation dependend signed number, usually 64 bits, read with strtol
+ An implementation dependent signed number, usually 64 bits, read with strtol
or strtoll.
label(TYPE_MODE_T)dit(mode_t)
An unsigned integer, read with code(strtoul()), specifying mode (permission)
diff --git a/error.h b/error.h
index 9853f8a..0cc4fac 100644
--- a/error.h
+++ b/error.h
@@ -183,7 +183,7 @@
#define Debug18(m,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12,a13,a14,a15,a16,a17,a18)
#endif /* !(WITH_MSGLEVEL <= E_DEBUG) */
-/* message with software controlled serverity */
+/* message with software controlled severity */
#if WITH_MSGLEVEL <= E_FATAL
#define Msg(l,m) msg(l,"%s",m)
#define Msg1(l,m,a1) msg(l,m,a1)
diff --git a/filan_main.c b/filan_main.c
index 24dd5e9..d90432f 100644
--- a/filan_main.c
+++ b/filan_main.c
@@ -167,7 +167,7 @@ int main(int argc, const char *argv[]) {
Nanosleep(&waittime, NULL);
if (style == 0) {
- /* this style gives detailled infos, but requires a file descriptor */
+ /* This style gives detailed infos, but requires a file descriptor */
if (filename) {
#if LATER /* this is just in case that S_ISSOCK does not work */
struct stat buf;
diff --git a/readline-test.sh b/readline-test.sh
index 26f392f..569bde6 100755
--- a/readline-test.sh
+++ b/readline-test.sh
@@ -36,7 +36,7 @@ $ECHO
if [ "$USERNAME" != "$CREDUSER" -o "$PASSWORD" != "$CREDPASS" ]; then
$ECHO "Authentication failed" >&2
- exit -1
+ exit 1
fi
while $ECHO "$PROMPT\c"; read -r COMMAND; do
diff --git a/socat.c b/socat.c
index 567cd29..3e9cc91 100644
--- a/socat.c
+++ b/socat.c
@@ -785,7 +785,7 @@ int socat(const char *address1, const char *address2) {
int i;
for (i = 0; i < NUMUNKNOWN; ++i) {
if (XIO_RDSTREAM(sock1)->para.exec.pid == diedunknown[i]) {
- /* child has alread died... but it might have put regular data into
+ /* Child has already died... but it might have put regular data into
the communication channel, so continue */
Info2("child "F_pid" has already died with status %d",
XIO_RDSTREAM(sock1)->para.exec.pid, statunknown[i]);
@@ -828,7 +828,7 @@ int socat(const char *address1, const char *address2) {
int i;
for (i = 0; i < NUMUNKNOWN; ++i) {
if (XIO_RDSTREAM(sock2)->para.exec.pid == diedunknown[i]) {
- /* child has alread died... but it might have put regular data into
+ /* Child has already died... but it might have put regular data into
the communication channel, so continue */
Info2("child "F_pid" has already died with status %d",
XIO_RDSTREAM(sock2)->para.exec.pid, statunknown[i]);
diff --git a/sysutils.c b/sysutils.c
index f395e58..f25531a 100644
--- a/sysutils.c
+++ b/sysutils.c
@@ -580,7 +580,7 @@ int getusergroups(const char *user, gid_t *list, int *ngroups) {
/* we prefer getgrouplist because it may be much faster with many groups, but it is not standard */
gid_t grp, twogrps[2];
int two = 2;
- /* getgrouplist requires to pass an extra group id, typically the users primary group, that is then added to the supplementary group list. We don't want such an additional group in the result, but there is not "unspecified" gid value available. Thus we try to find an abitrary supplementary group id that we then pass in a second call to getgrouplist. */
+ /* getgrouplist requires to pass an extra group id, typically the users primary group, that is then added to the supplementary group list. We don't want such an additional group in the result, but there is not "unspecified" gid value available. Thus we try to find an arbitrary supplementary group id that we then pass in a second call to getgrouplist. */
grp = 0;
Getgrouplist(user, grp, twogrps, &two);
if (two == 1) {
diff --git a/test.sh b/test.sh
index 9b7bf0f..d97a850 100755
--- a/test.sh
+++ b/test.sh
@@ -616,7 +616,7 @@ TF="$TD/socat-q"
IFS="$($ECHO ' \n\t')"
if ! $SOCAT -hhh >/dev/null; then
echo "Failed: $SOCAT -hhh" >&2
- exit -1
+ exit 2
fi
$SOCAT -hhh |sed -n '/^ address-head:/,/^ opts:/ p' |grep -v -e "^ address-head:" -e "^ opts:" |sed -e 's/^[[:space:]]*//' -e 's/[: ].*//' |grep -v '^<' >"$TF"
$SOCAT -hhh |sed -n '/^ address-head:/,/^ opts:/ p' |grep -v -e "^ address-head:" -e "^ opts:" |sed -e 's/^[[:space:]]*//' -e 's/[: ].*//' |grep -v '^<' |LC_ALL=C sort |diff "$TF" - >"$TF-diff"
@@ -912,7 +912,7 @@ childprocess () {
local l
case "$1" in
[1-9]*) ;;
- *) echo "childprocess \"$1\": not a number" >&2; exit -1 ;;
+ *) echo "childprocess \"$1\": not a number" >&2; exit 2 ;;
esac
case "$UNAME" in
AIX) l="$(ps -fade |grep "^........ ...... $(printf %6u $1)")" ;;
@@ -939,7 +939,7 @@ childpids () {
if [ "X$1" = "X-r" ]; then recursive=1; shift; fi
case "$1" in
[1-9]*) ;;
- *) echo "childpids \"$1\": not a number" >&2; exit -1 ;;
+ *) echo "childpids \"$1\": not a number" >&2; exit 2 ;;
esac
case "$UNAME" in
AIX) l="$(ps -fade |grep "^........ ...... $(printf %6u $1)" |awk '{print($2);}')" ;;
@@ -2177,7 +2177,7 @@ N=$((N+1))
NAME=DUALSTDIO
case "$TESTS" in
*%$N%*|*%functions%*|*%stdio%*|*%$NAME%*)
-TEST="$NAME: splitted form of stdio ('stdin!!stdout') with simple echo via internal pipe"
+TEST="$NAME: split form of stdio ('stdin!!stdout') with simple echo via internal pipe"
testecho "$N" "$NAME" "$TEST" "stdin!!stdout" "pipe" "$opts"
esac
N=$((N+1))
@@ -2186,7 +2186,7 @@ N=$((N+1))
NAME=DUALSHORTSTDIO
case "$TESTS" in
*%$N%*|*%functions%*|*%stdio%*|*%$NAME%*)
-TEST="$NAME: short splitted form of stdio ('-!!-') with simple echo via internal pipe"
+TEST="$NAME: short split form of stdio ('-!!-') with simple echo via internal pipe"
testecho "$N" "$NAME" "$TEST" "-!!-" "pipe" "$opts"
esac
N=$((N+1))
@@ -9292,7 +9292,7 @@ N=$((N+1))
# test: there is a bug with the readbytes option: when the socket delivered
-# exacly that many bytes as specified with readbytes and the stays idle (no
+# exactly that many bytes as specified with readbytes and the stays idle (no
# more data, no EOF), socat waits for more data instead of generating EOF on
# this in put stream.
NAME=READBYTES_EOF
@@ -9336,7 +9336,7 @@ N=$((N+1))
NAME=EXECPTYKILL
case "$TESTS" in
*%$N%*|*%functions%*|*%bugs%*|*%exec%*|*%pty%*|*%listen%*|*%unix%*|*%fork%*|*%$NAME%*)
-TEST="$NAME: exec:...,pty explicitely kills sub process"
+TEST="$NAME: exec:...,pty explicitly kills sub process"
# we want to check if the exec'd sub process is killed in time
# for this we have a shell script that generates a file after two seconds;
# it should be killed after one second, so if the file was generated the test
@@ -11817,7 +11817,9 @@ N=$((N+1))
if false; then # this overflow is not reliably reproducable
-# socat up to 2.0.0-b6 did not check the length of the PROXY-CONNECT command line paramters when copying them into the HTTP request buffer. This could lead to a buffer overflow.
+# Socat up to 2.0.0-b6 did not check the length of the PROXY-CONNECT command
+# line parameters when copying them into the HTTP request buffer. This could
+# lead to a buffer overflow.
NAME=PROXY_ADDR_OVFL
case "$TESTS" in
*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%socket%*|*%listen%*|*%$NAME%*)
@@ -12475,7 +12477,7 @@ case "$TESTS" in
TEST="$NAME: SYSTEM address does not shutdown its parents addresses"
# start an OpenSSL echo server using SYSTEM:cat
# start an OpenSSL client that sends data
-# when the client recieves its data and terminates without error the test succeeded
+# when the client receives its data and terminates without error the test succeeded
# in case of the bug the client issues an error like:
# SSL_connect(): error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
if ! eval $NUMCOND; then :;
@@ -13139,7 +13141,7 @@ NAME=DIAG_FDIN
case "$TESTS" in
*%$N%*|*%functions%*|*%bugs%*|*%exec%*|*%$NAME%*)
TEST="$NAME: test use of fdin=3"
-# Use FD 3 explicitely with fdin and test if Socat passes data to executed
+# Use FD 3 explicitly with fdin and test if Socat passes data to executed
# program
if ! eval $NUMCOND; then :; else
tf="$td/test$N.stdout"
@@ -13449,7 +13451,9 @@ if [ $rc -ne 0 ] && grep -q "Invalid argument" "$te" && [ $UNAME = Linux ]; then
echo "$CMD" >&2
cat "$te" >&2
failed ;;
- *) $PRINTF "${YELLOW}inable file system${NORMAL}\n"
+ *) $PRINTF "${YELLOW}unsupported file system${NORMAL}\n"
+ if [ "$VERBOSE" ]; then echo "$CMD"; fi
+ if [ "$DEBUG" ]; then cat "${te}" >&2; fi
cant ;;
esac
elif [ $rc -ne 0 ]; then
@@ -15133,7 +15137,7 @@ elif [ $rc1 -eq 139 ]; then
cat "${te}" >&2
failed
else
- # soemthing unexpected happened
+ # Something unexpected happened
$PRINTF "$CANT\n"
echo "$CMD"
cat "${te}" >&2
@@ -16755,7 +16759,7 @@ esac
N=$((N+1))
-# Test the POSIX MQ feature with continuous READ and priorization on Linux
+# Test the POSIX MQ feature with continuous READ and prioritization on Linux
NAME=POSIXMQ_READ_PRIO
case "$TESTS" in
*%$N%*|*%functions%*|*%socket%*|*%posixmq%*|*%$NAME%*)
@@ -17038,7 +17042,6 @@ fi # NUMCOND
;;
esac
N=$((N+1))
-date "+%Y/%m/%d %H:%M:%S.%N"
# Test the sigint option with SHELL address
@@ -17650,7 +17653,7 @@ CMD0="$TRACE $SOCAT $opts -lp server $SRV:${ts}0,fork PIPE"
# The following command is the solution: option unix-bind-tempname generates
# random names (like tempnam(2)) for binding the datagram client socket;
# creating the XXXXXX file makes sure that the (non abstract) clients cannot
-# erronously bind there (part of the test)
+# erroneously bind there (part of the test)
CMD1="$TRACE $SOCAT $opts -lp bind-tempname TCP4-LISTEN:$PORT,reuseaddr,fork $CLI:${ts}0,bind=${ts}1"
touch ${ts}1.XXXXXX; CMD1="$TRACE $SOCAT $opts -lp tempname TCP4-LISTEN:$PORT,reuseaddr,fork $CLI:${ts}0,bind-tempname=${ts}1.XXXXXX"
CMD2="$TRACE $SOCAT $opts -lp client - TCP4-CONNECT:$LOCALHOST:$PORT"
@@ -20085,9 +20088,9 @@ PROXY tcp CONNECT 127.0.0.1:80 proxyport=\$PORT,crlf TCP-L crlf
##################################################################################
#=================================================================================
-# here come tests that might affect your systems integrity. Put normal tests
+# Here come tests that might affect your systems integrity. Put normal tests
# before this paragraph.
-# tests must be explicitely selected by roottough or name (not number)
+# Tests must be explicitly selected by roottough or name (not number)
NAME=PTYGROUPLATE
case "$TESTS" in
diff --git a/xio-ascii.c b/xio-ascii.c
index 2fb61b9..9493103 100644
--- a/xio-ascii.c
+++ b/xio-ascii.c
@@ -11,7 +11,7 @@
#include "xio-ascii.h"
-/* for each 6 bit pattern we have an ASCII character in the arry */
+/* For each 6 bit pattern we have an ASCII character in the array */
const static int base64chars[] = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
diff --git a/xio-fs.c b/xio-fs.c
index 1678828..5630f23 100644
--- a/xio-fs.c
+++ b/xio-fs.c
@@ -87,7 +87,7 @@ const struct optdesc opt_fs_noatime = { "fs-noatime", "noatime",
#endif /* FS_NOATIME_FL */
/* FS_DIRTY_FL ??? */
-/* FS_COMPRBLK_FL one ore more compress clusters */
+/* FS_COMPRBLK_FL one or more compress clusters */
/* FS_NOCOMPR_FL access raw compressed data */
/* FS_ECOMPR_FL compression error */
/* FS_BTREE_FL btree format dir */
diff --git a/xio-interface.c b/xio-interface.c
index d870f87..c09aec5 100644
--- a/xio-interface.c
+++ b/xio-interface.c
@@ -71,7 +71,7 @@ int _xioopen_interface(const char *ifname,
if (ifindex(ifname, &ifidx, -1) < 0) {
Error1("unknown interface \"%s\"", ifname);
- ifidx = 0; /* desparate attempt to continue */
+ ifidx = 0; /* desperate attempt to continue */
}
if (sfd->howtoend == END_UNSPEC)
@@ -276,7 +276,7 @@ int _xiointerface_apply_iff(
#if HAVE_STRUCT_CMSGHDR && HAVE_STRUCT_TPACKET_AUXDATA
-/* Converts the ancillary message in *cmsg into a form useable for further
+/* Converts the ancillary message in *cmsg into a form usable for further
processing. Knows the specifics of common message types.
On PACKET_AUXDATA it stored the ancillary data in the XFD.
For other types:
diff --git a/xio-ip.c b/xio-ip.c
index 7b1c56e..dcc8c45 100644
--- a/xio-ip.c
+++ b/xio-ip.c
@@ -919,7 +919,7 @@ int xioresolve(const char *node, const char *service,
}
#if defined(HAVE_STRUCT_CMSGHDR) && defined(CMSG_DATA)
-/* Converts the ancillary message in *cmsg into a form useable for further
+/* Converts the ancillary message in *cmsg into a form usable for further
processing. knows the specifics of common message types.
These are valid for IPv4 and IPv6
Returns the number of resulting syntax elements in *num
diff --git a/xio-ip6.c b/xio-ip6.c
index 8bd4a53..221f01f 100644
--- a/xio-ip6.c
+++ b/xio-ip6.c
@@ -249,7 +249,7 @@ int xiocheckrange_ip6(struct sockaddr_in6 *pa, struct xiorange *range) {
#if defined(HAVE_STRUCT_CMSGHDR) && defined(CMSG_DATA)
/* provides info about the ancillary message:
- converts the ancillary message in *cmsg into a form useable for further
+ converts the ancillary message in *cmsg into a form usable for further
processing. knows the specifics of common message types.
returns the number of resulting syntax elements in *num
returns a sequence of \0 terminated type strings in *typbuff
diff --git a/xio-ipapp.c b/xio-ipapp.c
index 77c449e..d0c1871 100644
--- a/xio-ipapp.c
+++ b/xio-ipapp.c
@@ -449,7 +449,7 @@ int _xioopen_ipapp_listen_prepare(
retropt_string(opts, OPT_BIND, &bindname);
- /* Set AI_PASSIVE, except when it is explicitely disabled */
+ /* Set AI_PASSIVE, except when it is explicitly disabled */
ai_flags2[0] = ai_flags[0];
ai_flags2[1] = ai_flags[1];
if (!(ai_flags2[1] & AI_PASSIVE))
diff --git a/xio-openssl.c b/xio-openssl.c
index 21a571a..9a2ca62 100644
--- a/xio-openssl.c
+++ b/xio-openssl.c
@@ -5,7 +5,7 @@
/* this file contains the implementation of the openssl addresses */
#include "xiosysincludes.h"
-#if WITH_OPENSSL /* make this address configure dependend */
+#if WITH_OPENSSL /* make this address configure dependent */
#include <openssl/conf.h>
#include <openssl/x509v3.h>
@@ -266,7 +266,7 @@ static int xioopen_openssl_connect(
hostname = argv[1];
portname = argv[2];
if (hostname[0] == '\0') {
- /* we catch this explicitely because empty commonname (peername) disables
+ /* We catch this explicitly because empty commonname (peername) disables
commonName check of peer certificate */
Error1("%s: empty host name", argv[0]);
return STAT_NORETRY;
@@ -806,7 +806,7 @@ int _xioopen_openssl_listen(struct single *sfd,
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
/* In OpenSSL 0.9.7 compression methods could be added using
- * SSL_COMP_add_compression_method(3), but the implemntation is not compatible
+ * SSL_COMP_add_compression_method(3), but the implementation is not compatible
* with the standard (RFC3749).
*/
static int openssl_setup_compression(SSL_CTX *ctx, char *method)
diff --git a/xio-openssl.h b/xio-openssl.h
index 204aca6..3570856 100644
--- a/xio-openssl.h
+++ b/xio-openssl.h
@@ -5,7 +5,7 @@
#ifndef __xio_openssl_included
#define __xio_openssl_included 1
-#if WITH_OPENSSL /* make this address configure dependend */
+#if WITH_OPENSSL /* make this address configure dependent */
#define SSLIO_BASE 0x53530000 /* "SSxx" */
#define SSLIO_MASK 0xffff0000
diff --git a/xio-socket.c b/xio-socket.c
index 6400c01..8c0b3db 100644
--- a/xio-socket.c
+++ b/xio-socket.c
@@ -1776,7 +1776,7 @@ int xiocheckpeer(xiosingle_t *sfd,
#if HAVE_STRUCT_CMSGHDR
-/* converts the ancillary message in *cmsg into a form useable for further
+/* Converts the ancillary message in *cmsg into a form usable for further
processing. knows the specifics of common message types.
returns the number of resulting syntax elements in *num
returns a sequence of \0 terminated type strings in *typbuff
@@ -1997,7 +1997,7 @@ int xioparserange(
return -1;
}
/* we have parsed the address and mask; now we make sure that the stored
- address has 0 where mask is 0, to simplify comparisions */
+ address has 0 where mask is 0, to simplify comparisons */
switch (pf) {
#if WITH_IP4
case PF_INET:
diff --git a/xio-stdio.c b/xio-stdio.c
index 9f8aac9..a84c61e 100644
--- a/xio-stdio.c
+++ b/xio-stdio.c
@@ -17,7 +17,7 @@ static int xioopen_stdio(int argc, const char *argv[], struct opt *opts, int xio
static int xioopen_stdfd(int argc, const char *argv[], struct opt *opts, int xioflags, xiofile_t *xfd, const struct addrdesc *addrdesc);
-/* we specify all option groups that we can imagine for a FD, becasue the
+/* We specify all option groups that we can imagine for a FD, because the
changed parsing mechanism does not allow us to check the type of FD before
applying the options */
const struct addrdesc xioaddr_stdio = { "STDIO", 3, xioopen_stdio, GROUP_FD|GROUP_FIFO|GROUP_CHR|GROUP_BLK|GROUP_FILE|GROUP_SOCKET|GROUP_TERMIOS|GROUP_SOCK_UNIX|GROUP_SOCK_IP|GROUP_IPAPP, 0, 0, 0 HELP(NULL) };
diff --git a/xio-streams.c b/xio-streams.c
index e470f3e..3be956e 100644
--- a/xio-streams.c
+++ b/xio-streams.c
@@ -65,7 +65,7 @@ void dummy(void) {
#else /* !defined(ENABLE_APPLYOPT) */
#include "xiosysincludes.h"
-#if WITH_STREAMS /* make this address configure dependend */
+#if WITH_STREAMS /* make this address configure dependent */
#include "xioopen.h"
#include "xio-fd.h"
diff --git a/xio-tcpwrap.c b/xio-tcpwrap.c
index 26a3a1f..b8d2797 100644
--- a/xio-tcpwrap.c
+++ b/xio-tcpwrap.c
@@ -79,7 +79,7 @@ int xio_retropt_tcpwrap(
}
-/* returns -1 if forbidden, 0 if no tcpwrap check, or 1 if explicitely allowed
+/* Returns -1 if forbidden, 0 if no tcpwrap check, or 1 if explicitly allowed
*/
int xio_tcpwrap_check(
struct single *sfd,
diff --git a/xio-termios.c b/xio-termios.c
index 60209f7..976165d 100644
--- a/xio-termios.c
+++ b/xio-termios.c
@@ -501,7 +501,7 @@ int xiotermios_spec(int fd, int optcode) {
#if HAVE_CFMAKERAW
cfmakeraw(&_xiotermios_data.termarg);
#else
- /* these setting follow the Linux documenation of cfmakeraw */
+ /* These settings follow the Linux documentation of cfmakeraw */
_xiotermios_data.termarg.c_iflag &=
~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON);
_xiotermios_data.termarg.c_oflag &= ~(OPOST);
diff --git a/xio-tun.c b/xio-tun.c
index f66be7e..4618da4 100644
--- a/xio-tun.c
+++ b/xio-tun.c
@@ -120,7 +120,7 @@ static int xioopen_tun(
if (retropt_bool(opts, OPT_IFF_NO_PI, &no_pi) == 0) {
if (no_pi) {
ifr.ifr_flags |= IFF_NO_PI;
-#if 0 /* not neccessary for now */
+#if 0 /* not necessary for now */
} else {
ifr.ifr_flags &= ~IFF_NO_PI;
#endif
@@ -139,7 +139,7 @@ static int xioopen_tun(
/* we seem to need a socket for manipulating the interface */
if ((sockfd = Socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
Error1("socket(PF_INET, SOCK_DGRAM, 0): %s", strerror(errno));
- sockfd = sfd->fd; /* desparate fallback attempt */
+ sockfd = sfd->fd; /* desperate fallback attempt */
}
/*--------------------- setting interface address and netmask ------------*/
diff --git a/xio-udp.c b/xio-udp.c
index d74f670..94a8947 100644
--- a/xio-udp.c
+++ b/xio-udp.c
@@ -550,7 +550,7 @@ int xioopen_udp_recvfrom(
if (sfd->howtoend == END_UNSPEC)
sfd->howtoend = END_NONE;
- /* Set AI_PASSIVE, except when it is explicitely disabled */
+ /* Set AI_PASSIVE, except when it is explicitly disabled */
ai_flags2[0] = xfd->stream.para.socket.ip.ai_flags[0];
ai_flags2[1] = xfd->stream.para.socket.ip.ai_flags[1];
if (!(ai_flags2[1] & AI_PASSIVE))
@@ -626,7 +626,7 @@ int xioopen_udp_recv(
xioinit_ip(&pf, xioparms.default_ip);
retropt_socket_pf(opts, &pf);
- /* Set AI_PASSIVE, except when it is explicitely disabled */
+ /* Set AI_PASSIVE, except when it is explicitly disabled */
ai_flags2[0] = xfd->stream.para.socket.ip.ai_flags[0];
ai_flags2[1] = xfd->stream.para.socket.ip.ai_flags[1];
if (!(ai_flags2[1] & AI_PASSIVE))
diff --git a/xio-unix.c b/xio-unix.c
index b1bc04f..735b4af 100644
--- a/xio-unix.c
+++ b/xio-unix.c
@@ -15,7 +15,7 @@
#if WITH_UNIX
-/* to avoid unneccessary runtime if () conditionals when no abstract support is
+/* To avoid unnecessary runtime if () conditionals when no abstract support is
compiled in (or at least to give optimizing compilers a good chance) we need
a constant that can be used in C expressions */
#if WITH_ABSTRACT_UNIXSOCKET
@@ -33,7 +33,7 @@ static int xioopen_unix_client(int argc, const char *argv[], struct opt *opts, i
/* the first free parameter is 0 for "normal" unix domain sockets, or 1 for
abstract unix sockets (Linux); the second and third free parameter are
- unsused */
+ unused */
const struct addrdesc xioaddr_unix_connect = { "UNIX-CONNECT", 1+XIO_RDWR, xioopen_unix_connect, GROUP_FD|GROUP_NAMED|GROUP_SOCKET|GROUP_SOCK_UNIX|GROUP_RETRY, 0, 0, 0 HELP(":<filename>") };
#if WITH_LISTEN
const struct addrdesc xioaddr_unix_listen = { "UNIX-LISTEN", 1+XIO_RDWR, xioopen_unix_listen, GROUP_FD|GROUP_NAMED|GROUP_SOCKET|GROUP_SOCK_UNIX|GROUP_LISTEN|GROUP_CHILD|GROUP_RETRY, 0, 0, 0 HELP(":<filename>") };
diff --git a/xio.h b/xio.h
index ade2d0a..05bef49 100644
--- a/xio.h
+++ b/xio.h
@@ -126,7 +126,7 @@ typedef struct xioparms {
/* pack the description of a lock file */
typedef struct {
const char *lockfile; /* name of lockfile; NULL if no locking */
- bool waitlock; /* dont't exit when already locked */
+ bool waitlock; /* don't exit when already locked */
struct timespec intervall; /* polling intervall */
} xiolock_t;
diff --git a/xioinitialize.c b/xioinitialize.c
index b06915e..3abc8e2 100644
--- a/xioinitialize.c
+++ b/xioinitialize.c
@@ -175,8 +175,8 @@ static int xio_nokill(xiofile_t *sock) {
return result;
}
-/* call this function immediately after fork() in child process */
-/* it performs some neccessary actions
+/* Call this function immediately after fork() in child process */
+/* It performs some necessary actions
returns 0 on success or != 0 if an error occurred */
int xio_forked_inchild(void) {
int result = 0;
diff --git a/xioopts.c b/xioopts.c
index aa2f525..901a82b 100644
--- a/xioopts.c
+++ b/xioopts.c
@@ -3342,7 +3342,7 @@ int retropt_bind(struct opt *opts,
}
# if WITH_IP4 || WITH_IP6
- /* Set AI_PASSIVE, except when it is explicitely disabled */
+ /* Set AI_PASSIVE, except when it is explicitly disabled */
ai_flags2[0] = ai_flags[0];
ai_flags2[1] = ai_flags[1];
if (!(ai_flags2[1] & AI_PASSIVE))
diff --git a/xioopts.h b/xioopts.h
index 593fc5d..1f32161 100644
--- a/xioopts.h
+++ b/xioopts.h
@@ -150,7 +150,7 @@ enum e_func {
#define GROUP_NONE 0x00000000
#define GROUP_ADDR 0x00000000 /* options that apply to all addresses */
-#define GROUP_FD 0x00000001 /* everything applyable to a fd */
+#define GROUP_FD 0x00000001 /* everything applicable to a fd */
#define GROUP_FIFO 0x00000002
#define GROUP_CHR 0x00000004 /* not yet used? */
#define GROUP_BLK 0x00000008