3 Makefile.in did not specify dependencies of filan on vsnprintf_r.o
5 Added definition of FILAN_OBJS
6 Thanks to Craig Leres, Clayton Shotwell, and Chris Packham for
9 configure option --enable-msglevel did not work with numbers
11 The autoconf mechanism for determining SHIFT_OFFSET did not work when
13 Thanks to Max Freisinger from Gentoo for seinding a patch.
15 Socat still depended on obsolete gethostbyname() function, thus
16 compiling with MUSL libc failed.
17 Problem reported by Kennedy33.
19 The async signal safe diagnostic system used FDs 3 and 4 internally, so
20 use of appropriate fdin or fdout led to failures.
22 Problem reported by Onur Sentürk.
24 The socket based mechanism for passing messages and signal information
25 from signal handler to process could reach and kill the wrong process.
26 Introduces functions diag_sock_pair(), diag_fork()
27 Thanks to Darren Zhao for analysing and reporting this problem.
29 Option ipv6-join-group did not work because it was applied in the wrong
31 Test: UDP6MULTICAST_UNIDIR
32 Thanks to Angus Gratton for sending a patch.
34 Setting ispeed and ospeed failed for some serial devices because the
35 two settings were applied with two different get/set cycles, Thanks to
36 Alexandre Fenyo for providing an initial patch.
37 However, the actual fix is part of a conceptual change of the termios
38 module that aims for applying all changes in a single tcsetaddr call.
39 Fixes FreeBSD Bug 198441
41 Termios options TAB0,TAB1,TAB2,TAB3, and XTABS did not have an effect.
42 Thanks to Alan Walters for reporting this bug.
44 Substituted cumbersom ISPEED_OFFSET mechanism for cfsetispeed() calls
46 With TCP6-LISTEN and the other passive IPv6 addresses the range option
47 just failed: due to a bug in the syntax parser and two more bugs in
48 the xiocheckrange_ip6() function.
49 The syntax has now been changed from "[::1/128]" to "[::1]/128"!
50 Thanks Leah Neukirchen for sending an initial fix.
52 For name resolution Socat only checked the first character of the host
53 name to decide if it is an IPv4 address. This was not RFC conform. This
54 fix removes the possibility for use of IPv4 addresses with IPv6, e.g.
56 Thanks to Nicolas Fournil for reporting this issue.
58 Print a useful error message when single character options appear to be
59 merged in Socat invocation
63 OpenSSL functions TLS1_client_method() and similar are
64 deprecated. Socat now uses recommended TLS_client_method(). The old
65 functions and dependend option openssl-method can still be
66 used when configuring socat with --enable-openssl-method
68 Shell scripts in socat distribution are now headed with:
70 to make them better portable to systems without /bin/bash
71 Thanks to Maya Rashish for sending a patch
74 test.sh: Show a warning when phase-1 (insecure phase) of a security
77 OpenSSL tests failed on actual Linux distributions. Measures:
78 Increased key lengths from 768 to 1024 bits
79 Added test.sh option -C to delete temp certs from prevsious runs
80 Provide DH-parameter in certificate in PEM
81 OpenSSL s_server option -verify 0 must be omitted
82 OpenSSL authentication method aNULL no longer works
83 Failure of cipher aNULL is not a failure
84 Failure of methods SSL3 and SSL23 is desired
86 test.sh depended on ifconfig and netstat utilities which are no longer
87 availabie in some distributions. test.sh now checks for and prefers
89 Thanks to Ruediger Meier for reporting this problem.
92 Added missing Config/Makefile.DragonFly-2-8-2,
93 Config/config.DragonFly-2-8-2.h
94 Removed testcert.conf (to be generated by test.sh)
97 Simplified handling of missing termios defines.
100 Permit combined -d options as -dd etc.
102 ####################### V 1.7.3.2:
105 SIGSEGV and other signals could lead to a 100% CPU loop
107 Failing name resolution could lead to SIGSEGV
108 Thanks to Max for reporting this issue.
110 Include <stddef.h> for ptrdiff_t
111 Thanks to Jeroen Roovers for reporting this issue.
113 Building with --disable-sycls failed due to missing sslcls.h defines
115 Socat hung when configured with --disable-sycls.
117 Some minor corrections with includes etc.
119 Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
122 Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
124 Test: EXEC_NOFORK_UNIDIR
125 Thanks to David Reiss for reporting this problem.
127 Socat exited with status 0 even when a program invoked with SYSTEM or
129 Tests: SYSTEM_RC EXEC_RC
130 Issue reported by Felix Winkelmann.
132 AddressSanitizer reported a few buffer overflows (false positives).
133 Nevertheless fixed Socat source.
134 Issue reported by Hanno Böck.
136 Socat did not use option ipv6-join-group.
137 Test: USE_IPV6_JOIN_GROUP
138 Thanks to Linux Lüssing for sending a patch.
140 UDP-LISTEN did not honor the max-children option.
141 Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
142 Thanks to Leander Berwers for reporting this issue.
144 Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
145 and therefore were useless.
146 Thanks to Steve Borenstein for reporting this issue.
148 Option dhparam was documented as dhparams. Added the alias name
149 dhparams to fix this.
150 Thanks to Alexander Neumann for sending a patch.
152 Options shut-down and shut-close did not work.
153 Thanks to Stefan Schimanski for providing a patch.
155 There was a bug in printing readline log message caused by a misleading
157 Thanks to Paul Wouters for reporting.
159 The internal vsnprintf_r function looped or crashed on size parameter
160 with hexadecimal output.
162 Ignore exit code of child process when it was killed by master due to
165 Corrected byte order on read of IPV6_TCLASS value from ancillary
168 Fixed type of the bool element in options. This had bug caused failures
169 e.g. of ignoreeof on big-endian systems when bool was not based on int.
171 On systems with predefined bool type whose size differs from int some
172 IPv6 and TCP options (per setsockopt()) failed.
174 Length of integral data in ancillary messages varies (TOS: 1 byte,
175 TTL: 4 bytes), the old implementation failed for TTL on big-endian
178 Fixed an issue in options processing: TUN and DNS flags had failed on
179 big-endian systems and the NO- forms had probable never worked.
182 Type conflict between int and sig_atomic_t between declaration and
183 definition of diag_immediate_type and diag_immediate_exit broke
184 compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
187 Socat failed to compile on platforms with OpenSSL without
188 DTLSv1_client_method or DTLSv1_server_method.
189 Thanks to Simon Matter for sending a patch.
191 NuttX OS headers do not provide struct ip, thus socat did not compile.
192 Made struct ip subject to configure.
193 Thanks to SP for reporting this issue.
195 Socat failed to compile with OpenSSL version 1.0.2d where
196 SSLv3_server_method and SSLv3_client_method are no longer defined.
197 Thanks to Mischa ter Smitten for reporting this issue and providing
200 configure checked for OpenSSL EC_KEY assuming it is a define but it
201 is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
202 Thanks to Andrey Arapov for reporting this bug.
204 Changes to make socat compile with OpenSSL 1.1.
205 Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
206 providing the base patch.
209 Make Socat compatible with BoringSSL.
210 Thanks to Matt Braithwaite for providing a patch.
212 OpenSSL: Use RAND_status to determine PRNG state
213 Thanks to Adam Langley for providing a patch
215 AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
216 requirements. Thanks to Garrick Trowsdale for providing a patch
218 LibreSSL support: check for OPENSSL_NO_COMP
219 Thanks to Bernard Spil for providing a patch
222 socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
224 test.sh: stderr; option -v (verbose); FDOUT_ERROR description
226 improved proxy.sh - it now also takes hostnames
228 A few corrections in test.sh
230 DTLS1 test hangs on some distributions. Test is now only performed
231 with OpenSSL 1.0.2 or higher.
233 More corrections to test.sh that reveal a mistake with IPV6_TCLASS
236 Corrected source of socat man page to correctly show man references
237 like socket(2); removed obseolete entries from See Also
239 Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
240 that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
242 Thanks to Zhigang Wang for reporting this issue.
244 Fixed a couple of English spelling and grammar mistakes.
245 Thanks to Jakub Wild for sending the patches.
247 NOEXPAND() was not resolved 2 times.
249 More minor docu corrections
252 Added contributors to copyright notices. Suggested by Matt Braithwaite.
254 ####################### V 1.7.3.1:
257 Socat security advisory 8
258 A stack overflow in vulnerability was found that can be triggered when
259 command line arguments (complete address specifications, host names,
260 file names) are longer than 512 bytes.
261 Successful exploitation might allow an attacker to execute arbitrary
262 code with the privileges of the socat process.
263 This vulnerability can only be exploited when an attacker is able to
264 inject data into socat's command line.
265 A vulnerable scenario would be a CGI script that reads data from clients
266 and uses (parts of) this data as hostname for a Socat invocation.
268 Credits to Takumi Akiyama for finding and reporting this issue.
270 Socat security advisory 7
272 In the OpenSSL address implementation the hard coded 1024 bit DH p
273 parameter was not prime. The effective cryptographic strength of a key
274 exchange using these parameters was weaker than the one one could get by
275 using a prime p. Moreover, since there is no indication of how these
276 parameters were chosen, the existence of a trapdoor that makes possible
277 for an eavesdropper to recover the shared secret from a key exchange
278 that uses them cannot be ruled out.
279 Futhermore, 1024bit is not considered sufficiently secure.
280 Fix: generated a new 2048bit prime.
281 Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
282 Research (MSVR) for finding and reporting this issue.
284 ####################### V 1.7.3.0:
287 Socat security advisory 6
288 CVE-2015-1379: Possible DoS with fork
289 Fixed problems with signal handling caused by use of not async signal
290 safe functions in signal handlers that could freeze socat, allowing
291 denial of service attacks.
292 Many changes in signal handling and the diagnostic messages system were
293 applied to make the code async signal safe but still provide detailled
294 logging from signal handlers:
295 Coded function vsnprintf_r() as async signal safe incomplete substitute
297 Coded function snprinterr() to replace %m in strings with a system error
299 Instead of gettimeofday() use clock_gettime() when available
300 Pass Diagnostic messages from signal handler per unix socket to the main
302 Use sigaction() instead of signal() for better control
303 Turn off nested signal handler invocations
304 Thanks to Peter Lobsinger for reporting and explaining this issue.
306 Red Hat issue 1019975: add TLS host name checks
307 OpenSSL client checks if the server certificates names in
308 extensions/subjectAltName/DNS or in subject/commonName match the name
309 used to connect or the value of the openssl-commonname option.
310 Test: OPENSSL_CN_CLIENT_SECURITY
312 OpenSSL server checks if the client certificates names in
313 extensions/subjectAltNames/DNS or subject/commonName match the value of
314 the openssl-commonname option when it is used.
315 Test: OPENSSL_CN_SERVER_SECURITY
317 Red Hat issue 1019964: socat now uses the system certificate store with
318 OPENSSL when neither options cafile nor capath are used
320 Red Hat issue 1019972: needs to specify OpenSSL cipher suites
321 Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
322 prevent downgrade attacks
325 OpenSSL addresses set couple of environment variables from values in
326 peer certificate, e.g.:
327 SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
328 SOCAT_OPENSSL_X509_COMMONNAME,
329 SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
330 Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
332 Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
333 Tests: OPENSSL_METHOD_*
335 Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
338 Added a new option termios-rawer for ptys.
339 Thanks to Christian Vogelgsang for pointing me to this requirement
342 Bind with ABSTRACT commands used non-abstract namespace (Linux).
344 Thanks to Denis Shatov for reporting this bug.
346 Fixed return value of nestlex()
348 Option ignoreeof on the right address hung.
350 Thanks to Franz Fasching for reporting this bug.
352 Address SYSTEM, when terminating, shut down its parent addresses,
353 e.g. an SSL connection which the parent assumed to still be active.
354 Test: SYSTEM_SHUTDOWN
356 Passive (listening or receiving) addresses with empty port field bound
357 to a random port instead of terminating with error.
360 configure with some combination of disable options produced config
361 files that failed to compile due to missing IPPROTO_TCP.
362 Thanks to Thierry Fournier for report and patch.
364 fixed a few minor bugs with OpenSSL in configure and with messages
366 Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
367 is required. Thanks to Zhigang Wang for reporting and sending a patch.
369 Christophe Leroy provided a patch that fixes memory leaks reported by
372 Help for filan -L was bad, is now corrected to:
373 "follow symbolic links instead of showing their properties"
375 Address options fdin and fdout were silently ignored when not applicable
376 due to -u or -U option. Now these combinations are caught as errors.
378 Issue reported by Hendrik.
380 Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
381 over option raw which is now obsolote. On SysV systems this call is
382 simulated by appropriate setting.
383 Thanks to Youfu Zhang for reporting issue with option raw.
386 Socat included <sys/poll.h> instead of POSIX <poll.h>
387 Thanks to John Spencer for reporting this issue.
389 Version 1.7.2.4 changed the check for gcc in configure.ac; this
390 broke cross compiling. The particular check gets reverted.
391 Thanks to Ross Burton and Danomi Manchego for reporting this issue.
393 Debian Bug#764251: Set the build timestamp to a deterministic time:
394 support external BUILD_DATE env var to allow to build reproducable
397 Joachim Fenkes provided an new adapted spec file.
399 Type bool and macros Min and Max are defined by socat which led to
400 compile errors when they were already provided by build framework.
401 Thanks to Liyu Liu for providing a patch.
403 David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
404 support and appropriate files in Config/
406 Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
409 Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
410 _POSIX_PTHREAD_SEMANTICS; and minor changes
412 Red Hat issue 1182005: socat 1.7.2.4 build failure missing
414 Socat failed to compile on on PPC due to new requirements for
415 including <linux/errqueue.h> and a weakness in the conditional code.
416 Thanks to Michel Normand for reporting this issue.
419 In the man page the PTY example was badly formatted. Thanks to
420 J.F.Sebastian for sending a patch.
422 Added missing CVE ids to security issues in CHANGES
425 Do not distribute testcert.conf with socat source but generate it
426 (and new testcert6.conf) during test.sh run.
428 ####################### V 1.7.2.4:
431 LISTEN based addresses applied some address options, e.g. so-keepalive,
432 to the listening file descriptor instead of the connected file
434 Thanks to Ulises Alonso for reporting this bug
436 make failed after configure with non gcc compiler due to missing
437 include. Thanks to Horacio Mijail for reporting this problem
439 configure checked for --disable-rawsocket but printed
440 --disable-genericsocket in the help text. Thanks to Ben Gardiner for
441 reporting and patching this bug
443 In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
445 Thanks to David Binderman for reporting this issue.
447 procan could not cleanly format ulimit values longer than 16 decimal
448 digits. Thanks to Frank Dana for providing a patch that increases field
451 OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
453 Thanks to Emile den Tex for reporting this bug.
455 Changed some variable definitions to make gcc -O2 aliasing checker happy
456 Thanks to Ilya Gordeev for reporting these warnings
458 On big endian platforms with type long >32bit the range option applied a
459 bad base address. Thanks to hejia hejia for reporting and fixing this bug.
461 Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
463 Red Hat issue 1022063: out-of-range shifts on net mask bits
465 Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
467 Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
470 Red Hat issue 1021958: fixed a bug with faulty buffer/data length
471 calculation in xio-ascii.c:_xiodump()
473 Red Hat issue 1021972: fixed a missing NUL termination in return string
474 of sysutils.c:sockaddr_info() for the AF_UNIX case
476 fixed some typos and minor issues, including:
477 Red Hat issue 1021967: formatting error in manual page
479 UNIX-LISTEN with fork option did not remove the socket file system entry
480 when exiting. Other file system based passive address types had similar
481 issues or failed to apply options umask, user e.a.
482 Thanks to Lorenzo Monti for pointing me to this issue
485 Red Hat issue 1020203: configure checks fail with some compilers.
488 Performed changes for Fedora release 19
490 Adapted, improved test.sh script
492 Red Hat issue 1021429: getgroupent fails with large number of groups;
493 use getgrouplist() when available instead of sequence of calls to
496 Red Hat issue 1021948: snprintf API change;
497 Implemented xio_snprintf() function as wrapper that tries to emulate C99
498 behaviour on old glibc systems, and adapted all affected calls
501 Mike Frysinger provided a patch that supports long long for time_t,
502 socklen_t and a few other libc types.
504 Artem Mygaiev extended Cedril Priscals Android build script with pty code
506 The check for fips.h required stddef.h
507 Thanks to Matt Hilt for reporting this issue and sending a patch
509 Check for linux/errqueue.h failed on some systems due to lack of
510 linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
512 autoconf now prefers configure.ac over configure.in
513 Thanks to Michael Vastola for sending a patch.
515 type of struct cmsghdr.cmsg is system dependend, determine it with
516 configure; some more print format corrections
519 libwrap always logs to syslog
521 added actual text version of GPLv2
523 ####################### V 1.7.2.3:
526 Socat security advisory 5
527 CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
528 overflow with data from command line (see socat-secadv5.txt)
529 Credits to Florian Weimer of the Red Hat Product Security Team
531 ####################### V 1.7.2.2:
534 Socat security advisory 4
536 after refusing a client connection due to bad source address or source
537 port socat shutdown() the socket but did not close() it, resulting in
538 a file descriptor leak in the listening process, visible with lsof and
539 possibly resulting in EMFILE Too many open files. This issue could be
540 misused for a denial of service attack.
541 Full credits to Catalin Mitrofan for finding and reporting this issue.
543 ####################### V 1.7.2.1:
546 Socat security advisory 3
548 fixed a possible heap buffer overflow in the readline address. This bug
549 could be exploited when all of the following conditions were met:
550 1) one of the addresses is READLINE without the noprompt and without the
552 2) the other (almost arbitrary address) reads malicious data (which is
553 then transferred by socat to READLINE).
554 Workaround: when using the READLINE address apply option prompt or
556 Full credits to Johan Thillemann for finding and reporting this issue.
558 ####################### V 1.7.2.0:
561 when UNIX-LISTEN was applied to an existing file it failed as expected
562 but removed the file. Thanks to Bjoern Bosselmann for reporting this
565 fixed a bug where socat might crash when connecting to a unix domain
566 socket using address GOPEN. Thanks to Martin Forssen for bug report and
569 UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
570 when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
572 UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
573 pointed me to that bug
575 TCP-CONNECT with option nonblock reported successful connect even when
578 address option ioctl-intp failed with "unimplemented type 26". Thanks
579 to Jeremy W. Sherman for reporting and fixing that bug
581 socat option -x did not print packet direction, timestamp etc; thanks
582 to Anthony Sharobaiko for sending a patch
584 address PTY does not take any parameters but did not report an error
587 Marcus Meissner provided a patch that fixes invalid output and possible
588 process crash when socat prints info about an unnamed unix domain
591 Michal Soltys reported the following problem and provided an initial
592 patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during
593 data transfer only parts of the data might have been written.
595 Option o-nonblock in combination with large transfer block sizes
596 may result in partial writes and/or EAGAIN errors that were not handled
597 properly but resulted in data loss or process termination.
599 Fixed a bug that could freeze socat when during assembly of a log
600 message a signal was handled that also printed a log message. socat
601 development had been aware that localtime() is not thread safe but had
602 only expected broken messages, not corrupted stack (glibc 2.11.1,
605 an internal store for child pids was susceptible to pid reuse which
606 could lead to sporadic data loss when both fork option and exec address
607 were used. Thanks to Tetsuya Sodo for reporting this problem and
610 OpenSSL server failed with "no shared cipher" when using cipher aNULL.
611 Fixed by providing temporary DH parameters. Thanks to Philip Rowlands
612 for drawing my attention to this issue.
614 UDP-LISTEN slept 1s after accepting a connection. This is not required.
615 Thanks to Peter Valdemar Morch for reporting this issue
617 fixed a bug that could lead to error or socat crash after a client
618 connection with option retry had been established
620 fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be
623 improved dev_t print format definition
626 Cedril Priscal ported socat to Android (using Googles cross compiler).
627 The port includes the socat_buildscript_for_android.sh script
629 added check for component ipi_spec_dst in struct in_pktinfo so
630 compilation does not fail on Cygwin (thanks to Peter Wagemans for
631 reporting this problem)
633 build failed on RHEL6 due to presence of fips.h; configure now checks
634 for fipsld too. Thanks to Andreas Gruenbacher for reporting this
637 check for netinet6/in6.h only when IPv6 is available and enabled
639 don't fail to compile when the following defines are missing:
640 IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT
641 Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
643 check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX
644 Lion 7.1); thanks to Jerry Jacobs to reporting this problem and
647 fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for
650 corrections for OpenEmbedded, especially termios SHIFT values and
651 ISPEED/OSPEED. Thanks to John Faith for providing the patch
653 minor corrections to docu and test.sh resulting from local compilation
656 fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for
657 reporting this issue and sending a patch.
659 Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
660 is now bsd/libutil.h; compiler warns on vars that is only written to
663 added option max-children that limits the number of concurrent child
664 processes. Thanks to Sam Liddicott for providing the patch.
666 Till Maas added support for tun/tap addresses without IP address
668 added an option openssl-compress that allows to disable the compression
669 feature of newer OpenSSL versions. Thanks to Michael Hanselmann for
670 providing this contribution (sponsored by Google Inc.)
673 minor corrections in docu (thanks to Paggas)
675 client process -> child process
677 ####################### V 1.7.1.3:
680 Socat security advisory 2
682 fixed a stack overflow vulnerability that occurred when command
683 line arguments (whole addresses, host names, file names) were longer
685 Note that this could only be exploited when an attacker was able to
686 inject data into socat's command line.
687 Full credits to Felix Gröbert, Google Security Team, for finding and
690 ####################### V 1.7.1.2:
693 user-late and group-late, when applied to a pty, affected the system
694 device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
695 pointing me to this bug)
697 socats openssl addresses failed with "nonblocking operation did not
698 complete" when the peer performed a renegotiation. Thanks to Benjamin
699 Delpy for reporting this bug.
701 info message during socks connect showed bad port number on little
702 endian systems due to wrong byte order (thanks to Peter M. Galbavy for
703 bug report and patch)
705 Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
706 to default. Thanks to Martin Dorey for reporting this bug.
709 building socat on systems that predefined the CFLAGS environment to
710 contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
711 this problem and to Simon Matter for providing the patch
713 support for Solaris 8 and Sun Studio support (thanks to Sebastian
714 Kayser for providing the patches)
716 on some 64bit systems a compiler warning "cast from pointer to integer
717 of different size" was issued on some option definitions
719 added struct sockaddr_ll to union sockaddr_union to avoid "strict
720 aliasing" warnings (problem reported by Paul Wouters)
723 minor corrections in docu
725 ####################### V 1.7.1.1:
728 corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
729 occur under those conditions. Thanks to Toni Mattila for first
730 reporting this problem.
732 ftruncate64 cut its argument to 32 bits on systems with 32 bit long type
734 socat crashed on systems without setenv() (esp. SunOS up to Solaris 9);
735 thanks to Todd Stansell for reporting this bug
737 with unidirectional EXEC and SYSTEM a close() operation was performed
738 on a random number which could result in hanging e.a.
740 fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
743 docu mentioned option so-bindtodev but correct name is so-bindtodevice.
744 Thanks to Jim Zimmerman for reporting.
747 added environment variables example to doc/socat-multicast.html
749 ####################### V 1.7.1.0:
752 address options shut-none, shut-down, and shut-close allow to control
753 socat's half close behaviour
755 with address option shut-null socat sends an empty packet to the peer
758 option null-eof changes the behaviour of sockets that receive an empty
759 packet to see EOF instead of ignoring it
761 introduced option names substuser-early and su-e, currently equivalent
762 to option substuser (thanks to Mike Perry for providing the patch)
765 fixed some typos and improved some comments
767 ####################### V 1.7.0.1:
770 fixed possible SIGSEGV in listening addresses when a new connection was
771 reset by peer before the socket addresses could be retrieved. Thanks to
772 Mike Perry for sending a patch.
774 fixed a bug, introduced with version 1.7.0.0, that let client
775 connections with option connect-timeout fail when the connections
776 succeeded. Thanks to Bruno De Fraine for reporting this bug.
778 option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
779 and most UNIX-* and ABSTRACT-*
781 half close of EXEC and SYSTEM addresses did not work for pipes and
784 help displayed for some option a wrong type
786 under some circumstances shutdown was called multiple times for the
789 ####################### V 1.7.0.0:
792 new address types SCTP-CONNECT and SCTP-LISTEN implement SCTP stream
793 mode for IPv4 and IPv6; new address options sctp-maxseg and
794 sctp-nodelay (suggested by David A. Madore; thanks to Jonathan Brannan
795 for providing an initial patch)
797 new address "INTERFACE" for transparent network interface handling
798 (suggested by Stuart Nicholson)
800 added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
801 SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
802 protocol independent socket handling; all parameters are explicitely
803 specified as numbers or hex data
805 added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
806 ioctl-bin for generic ioctl() calls.
808 added address options setsockopt-int, setsockopt-bin, and
809 setsockopt-string for generic setsockopt() calls
811 option so-type now only affects the socket() and socketpair() calls,
812 not the name resolution. so-type and so-prototype can now be applied to
813 all socket based addresses.
815 new address option "escape" allows to break a socat instance even when
816 raw terminal mode prevents ^C etc. (feature suggested by Guido Trotter)
818 socat sets environment variables SOCAT_VERSION, SOCAT_PID, SOCAT_PPID
819 for use in executed scripts
821 socat sets environment variables SOCAT_SOCKADDR, SOCAT_SOCKPORT,
822 SOCAT_PEERADDR, SOCAT_PEERPORT in LISTEN type addresses (feature
823 suggested by Ed Sawicki)
825 socat receives all ancillary messages with each received packet on
826 datagram related addresses. The messages are logged in raw form with
827 debug level, and broken down with info level. note: each type of
828 ancillary message must be enabled by appropriate address options.
830 socat provides the contents of ancillary messages received on RECVFROM
831 addresses in appropriate environment variables:
832 SOCAT_TIMESTAMP, SOCAT_IP_DSTADDR, SOCAT_IP_IF, SOCAT_IP_LOCADDR,
833 SOCAT_IP_OPTIONS, SOCAT_IP_TOS, SOCAT_IP_TTL, SOCAT_IPV6_DSTADDR,
834 SOCAT_IPV6_HOPLIMIT, SOCAT_IPV6_TCLASS
836 the following address options were added to enable ancillary messages:
837 so-timestamp, ip-pktinfo (not BSD), ip-recvdstaddr (BSD), ip-recverr,
838 ip-recvif (BSD), ip-recvopts, ip-recvtos, ip-recvttl, ipv6-recvdstopts,
839 ipv6-recverr, ipv6-recvhoplimit, ipv6-recvhopopts, ipv6-recvpathmtu,
840 ipv6-recvpktinfo, ipv6-recvrthdr, ipv6-recvtclass
842 new address options ipv6-tclass and ipv6-unicast-hops set the related
845 STREAMS (UNIX System V STREAMS) can be configured with the new address
846 options i-pop-all and i-push (thanks to Michal Rysavy for providing a
850 some raw IP and UNIX datagram modes failed on BSD systems
852 when UDP-LISTEN continued to listen after packet dropped by, e.g.,
853 range option, the old listen socket would not be closed but a new one
854 created. open sockets could accumulate.
856 there was a bug in ip*-recv with bind option: it did not bind, and
857 with the first received packet an error occurred:
858 socket_init(): unknown address family 0
861 RECVFROM addresses with FORK option hung after processing the first
862 packet. test: UDP4RECVFROM_FORK
864 corrected a few mistakes that caused compiler warnings on 64bit hosts
865 (thanks to Jonathan Brannan e.a. for providing a patch)
867 EXEC and SYSTEM with stderr injected socat messages into the data
868 stream. test: EXECSTDERRLOG
870 when the EXEC address got a string with consecutive spaces it created
871 additional empty arguments (thanks to Olivier Hervieu for reporting
872 this bug). test: EXECSPACES
874 in ignoreeof polling mode socat also blocked data transfer in the other
875 direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
878 corrected alphabetical order of options (proxy-auth)
880 some minor corrections
882 improved test.sh script: more stable timing, corrections for BSD
884 replaced the select() calls by poll() to cleanly fix the problems with
885 many file descriptors already open
887 socat option -lf did not log to file but to stderr
889 socat did not compile on Solaris when configured without termios
890 feature (thanks to Pavan Gadi for reporting this bug)
893 socat compiles and runs on AIX with gcc (thanks to Andi Mather for his
896 socat compiles and runs on Cygwin (thanks to Jan Just Keijser for his
899 socat compiles and runs on HP-UX with gcc (thanks to Michal Rysavy for
902 socat compiles and runs on MacOS X (thanks to Camillo Lugaresi for his
906 filan -s prefixes output with FD number if more than one FD
908 Makefile now supports datarootdir (thanks to Camillo Lugaresi for
911 cleanup in xio-unix.c
913 ####################### V 1.6.0.1:
916 new make target "gitclean"
918 docu source doc/socat.yo released
921 exec:...,pty did not kill child process under some circumstances; fixed
922 by correcting typo in xio-progcall.c (thanks to Ralph Forsythe for
923 reporting this problem)
925 service name resolution failed due to byte order mistake
926 (thanks to James Sainsbury for reporting this problem)
928 socat would hang when invoked with many file descriptors already opened
929 fix: replaced FOPEN_MAX with FD_SETSIZE
930 thanks to Daniel Lucq for reporting this problem.
932 fixed bugs where sub processes would become zombies because the master
933 process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
934 UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
935 ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
936 (thanks to Fernanda G Weiden for reporting this problem)
938 fixed a bug where sub processes would become zombies because the master
939 process caught SIGCHLD but did not wait(). this affected addresses
940 UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
941 (thanks to Evan Borgstrom for reporting this problem)
943 corrected option handling with STDIO; usecase: cool-write
945 configure --disable-pty also disabled option waitlock
947 fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
948 (thanks to Roland Illig for sending a patch)
950 corrected name of option intervall to interval (old form still valid
951 for us German speaking guys)
953 corrected some print statements and variable names
955 make uninstall did not uninstall procan
957 fixed lots of weaknesses in test.sh
959 corrected some bugs and typos in doc/socat.yo, EXAMPLES, C comments
962 procan -c prints C defines important for socat
964 added test OPENSSLEOF for OpenSSL half close
966 ####################### V 1.6.0.0:
969 new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
972 new option ip-add-membership for control of multicast group membership
974 new address TUN for generation of Linux TUN/TAP pseudo network
975 interfaces (suggested by Mat Caughron); associated options tun-device,
976 tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
978 new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
979 ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
980 on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
981 socklen parameter on system calls.
983 option end-close for control of connection closing allows FD sharing
986 range option supports form address:mask with IPv4
988 changed behaviour of OPENSSL-LISTEN to require and verify client
989 certificate per default
991 options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
992 grained locking on regular files
994 uninstall target in Makefile (lack reported by Zeeshan Ali)
997 fixed bug where only first tcpwrap option was applied; fixed bug where
998 tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
1001 filan (and socat -D) could hang when a socket was involved
1003 corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
1006 correct bind with udp6-listen (thanks to Jan Horak for reporting this
1009 corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
1010 (thanks to Leo Zhadanovsky for reporting this problem)
1012 corrected problem with read data buffered in OpenSSL layer (thanks to
1013 Jon Nelson for reporting this bug)
1015 corrected problem with option readbytes when input stream stayed idle
1018 fixed a bug where a datagram receiver with option fork could fork two
1019 sub processes per packet
1022 moved documentation to new doc/ subdir
1024 new documents (kind of mini tutorials) are provided in doc/
1026 ####################### V 1.5.0.0:
1029 new datagram modes for udp, rawip, unix domain sockets
1031 socat option -T specifies inactivity timeout
1033 rewrote lexical analysis to allow nested socat calls
1035 addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
1037 socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
1038 SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
1040 addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
1042 option protocol-family (pf), esp. for openssl-listen
1044 range option supports IPv6 - syntax: range=[::1/128]
1046 option ipv6-v6only (ipv6only)
1048 new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
1050 FIPS version of OpenSSL can be integrated - initial patch provided by
1051 David Acker. See README.FIPS
1053 support for resolver options res-debug, aaonly, usevc, primary, igntc,
1054 recurse, defnames, stayopen, dnsrch
1056 options for file attributes on advanced filesystems (ext2, ext3,
1057 reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
1058 ext2-noatime, journal-data etc.
1060 option cool-write controls severeness of write failure (EPIPE,
1065 socat option -lh for hostname in log output
1067 traffic dumping provides packet headers
1069 configure.in became part of distribution
1071 socats unpack directory now has full version, e.g. socat-1.5.0.0/
1073 corrected docu of option verify
1076 fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
1078 exec with pipes,stderr produced error
1080 setuid-early was ignored with many address types
1082 some minor corrections
1084 ####################### V 1.4.3.1:
1087 PROBLEM: UNIX socket listen accepted only one (or a few) connections.
1088 FIX: do not remove listening UNIX socket in child process
1090 PROBLEM: SIGSEGV when TCP part of SSL connect failed
1091 FIX: check ssl pointer before calling SSL_shutdown
1093 In debug mode, show connect client port even when connect fails
1095 ####################### V 1.4.3.0:
1098 socat options -L, -W for application level locking
1100 options "lockfile", "waitlock" for address level locking
1103 option "readbytes" limits read length (Adam Osuchowski)
1105 option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
1107 pty symlink, unix listen socket, and named pipe are per default removed
1108 after use; option unlink-close overrides this new behaviour and also
1109 controls removal of other socat generated files (Stefan Luethje)
1112 option "retry" did not work with tcp-listen
1114 EPIPE condition could result in a 100% CPU loop
1117 support systems without SHUT_RD etc.
1118 handle more size_t types
1119 try to find makedepend options with gcc 3 (richard/OpenMacNews)
1121 ####################### V 1.4.2.0:
1124 option "connect-timeout" limits wait time for connect operations
1125 (requested by Giulio Orsero)
1127 option "dhparam" for explicit Diffie-Hellman parameter file
1130 support for OpenSSL DSA certificates (Miika Komu)
1132 create install directories before copying files (Miika Komu)
1134 when exiting on signal, return status 128+signum instead of 1
1136 on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
1139 -lu could cause a core dump on long messages
1142 modifications to simplify using socats features in applications
1144 ####################### V 1.4.1.0:
1147 option "wait-slave" blocks open of pty master side until a client
1148 connects, "pty-intervall" controls polling
1150 option -h as synonym to -? for help (contributed by Christian
1153 filan prints formatted time stamps and rdev (disable with -r)
1155 redirect filan's output, so stdout is not affected (contributed by
1158 filan option -L to follow symbolic links
1160 filan shows termios control characters
1163 proxy address no longer performs unsolicited retries
1165 filan -f no longer needs read permission to analyze a file (but still
1166 needs access permission to directory, of course)
1170 FreeBSD options noopt, nopush, md5sig
1171 OpenBSD options sack-disable, signature-enable
1172 HP-UX, Solaris options abort-threshold, conn-abort-threshold
1173 HP-UX options b900, b3600, b7200
1174 Tru64/OSF1 options keepinit, paws, sackena, tsoptena
1176 further corrections:
1177 address pty now uses ptmx as default if openpty is also available
1179 ####################### V 1.4.0.3:
1182 Socat security advisory 1
1184 fix to a syslog() based format string vulnerability that can lead to
1185 remote code execution. See advisory socat-adv-1.txt
1187 ####################### V 1.4.0.2:
1190 exec'd write-only addresses get a chance to flush before being killed
1192 error handler: print notice on error-exit
1194 filan printed wrong file type information
1196 ####################### V 1.4.0.1:
1199 socks4a constructed invalid header. Problem found, reported, and fixed
1200 by Thomas Themel, by Peter Palfrader, and by rik
1202 with nofork, don't forget to apply some process related options
1203 (chroot, setsid, setpgid, ...)
1205 ####################### V 1.4.0.0:
1208 simple openssl server (ssl-l), experimental openssl trust
1210 new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
1213 new options "retry", "forever", and "intervall"
1215 option "fork" for address TCP improves `gender changer´
1217 options "sigint", "sigquit", and "sighup" control passing of signals to
1218 sub process (thanks to David Shea who contributed to this issue)
1220 readline takes respect to the prompt issued by the peer address
1222 options "prompt" and "noprompt" allow to override readline's new
1225 readline supports invisible password with option "noecho"
1227 socat option -lp allows to set hostname in log output
1229 socat option -lu turns on microsecond resolution in log output
1233 before reading available data, check if writing on other channel is
1236 tcp6, udp6: support hostname specification (not only IP address), and
1237 map IP4 names to IP6 addresses
1239 openssl client checks server certificate per default
1241 support unidirectional communication with exec/system subprocess
1243 try to restore original terminal settings when terminating
1245 test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
1247 socks4 failed on platforms where long does not have 32 bits
1248 (thanks to Peter Palfrader and Thomas Seyrat)
1250 hstrerror substitute wrote wrong messages (HP-UX, Solaris)
1252 proxy error message was truncated when answer contained multiple spaces
1256 compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
1258 ####################### V 1.3.2.2:
1261 PROXY CONNECT failed when the status reply from the proxy server
1262 contained more than one consecutive spaces. Problem reported by
1263 Alexandre Bezroutchko
1265 do not SIGSEGV when proxy address fails to resolve server name
1267 udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
1268 Problem reported by Christoph Schittel
1270 test.sh only tests available features
1272 added missing IP and TCP options in filan analyzer
1274 do not apply stdio address options to both directions when in
1277 on systems lacking /dev/*random and egd, provide (weak) entropy from
1282 changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
1284 compiles on True64, FreeBSD (again), NetBSD, OpenBSD
1286 support for long long as st_ino type (Cygwin 1.5)
1288 compile on systems where pty can not be featured
1290 ####################### V 1.3.2.1:
1293 "final" solution for the ENOCHLD problem
1295 corrected "make strip"
1297 default gcc debug/opt is "-O" again
1299 check for /proc at runtime, even if configure found it
1301 src.rpm accidently supported SuSE instead of RedHat
1303 ####################### V 1.3.2.0:
1306 option "nofork" connects an exec'd script or program directly
1307 to the file descriptors of the other address, circumventing the socat
1310 support for files >2GB, using ftruncate64(), lseek64(), stat64()
1312 filan has new "simple" output style (filan -s)
1316 options "binary" and "text" for controlling line termination on Cygwin
1317 file system access (hint from Yang Wu-Zhou)
1319 fix by Yang Wu-Zhou for the Cygwin "No Children" problem
1321 improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
1324 minor corrections to avoid warnings with gcc 3
1327 further corrections and minor improvements:
1328 configure script is generated with autoconf 2.57 (no longer 2.52)
1330 configure passes CFLAGS to Makefile
1332 option -??? for complete list of address options and their short forms
1334 program name in syslog messages is derived from argv[0]
1336 SIGHUP now prints notice instead of error
1338 EIO during read of pty now gives Notice instead of Error, and
1341 use of hstrerror() for printing resolver error messages
1343 setgrent() got required endgrent()
1345 ####################### V 1.3.1.0:
1348 integration of Wietse Venema's tcpwrapper library (libwrap)
1350 with "proxy" address, option "resolve" controls if hostname or IP
1351 address is sent in request
1353 option "lowport" establishes limited authorization for TCP and UDP
1356 improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
1357 An accompanying change in the numbering scheme results in an
1358 incompatibility with earlier socat RPMs!
1361 solved problems and bugs:
1362 PROBLEM: socat daemon terminated when the address of a connecting
1363 client did not match range option value instead of continue listening
1364 SOLVED: in this case, print warning instead of error to keep daemon
1367 PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
1369 SOLVED: dont assume that each exiting child process generates SIGCHLD
1371 when converting CRNL to CR, socat converted to NL
1374 further corrections:
1375 configure script now disables features that depend on missing files
1376 making it more robust in "unsupported" environments
1378 server.pem permissions corrected to 600
1380 "make install" now does not strip; use "make strip; make install"
1381 if you like strip (suggested by Peter Bray)
1383 ####################### V 1.3.0.1:
1385 solved problems and bugs:
1386 PROBLEM: OPENSSL did not apply tcp, ip, and socket options
1387 SOLVED: OPENSSL now correctly handles the options list
1389 PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
1391 SOLVED: these conversions now simply strip all CR's or NL's from input
1396 SunOS ptys now work on x86, too (thanks to Peter Bray)
1398 configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
1401 further corrections:
1402 added WITH_PROXY value to -V output
1404 added compile dependencies of WITH_PTY and WITH_PROXY
1406 -?? did not print option group of proxy options
1408 corrected syntax for bind option in docu
1410 corrected an issue with stdio in unidirectional mode
1412 options socksport and proxyport support service names
1414 ftp.sh script supports proxy address
1416 man page no longer installed with execute permissions (thanks to Peter
1419 fixed a malloc call bug that could cause SIGSEGV or false "out of
1420 memory" errors on EXEC and SYSTEM, depending on program name length and
1423 ####################### V 1.3.0.0:
1426 proxy connect with optional proxy authentication
1428 combined hex and text dump mode, credits to Gregory Margo
1430 address pty applies options user, group, and perm to device
1433 solved problems and bugs:
1434 PROBLEM: option reuseport was not applied (BSD, AIX)
1435 SOLVED: option reuseport now in phase PASTSOCKET instead of PREBIND,
1436 credits to Jean-Baptiste Marchand
1438 PROBLEM: ignoreeof with stdio was ignored
1439 SOLVED: ignoreeof now works correctly with address stdio
1441 PROBLEM: ftp.sh did not use user supplied password
1442 SOLVED: ftp.sh now correctly passes password from command line
1444 PROBLEM: server.pem had expired
1445 SOLVED: new server.pem valid for ten years
1447 PROBLEM: socks notice printed wrong port on some platforms
1448 SOLVED: socks now uses correct byte-order for port number in notice
1451 further corrections:
1452 option name o_trunc corrected to o-trunc
1454 combined use of -u and -U is now detected and prevented
1456 made message system a little more robust against format string attacks
1459 ####################### V 1.2.0.0:
1462 address pty for putting socat behind a new pseudo terminal that may
1463 fake a serial line, modem etc.
1465 experimental openssl integration
1466 (it does not provide any trust between the peers because is does not
1467 check certificates!)
1469 options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
1470 locking mechanism provided by flock()
1472 options setsid and setpgid now available with all address types
1474 option ctty (controlling terminal) now available for all TERMIOS
1477 option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
1478 replaced by options o-trunc and ftruncate=offset
1480 option sourceport now available with TCP and UDP listen addresses to
1481 restrict incoming client connections
1483 unidirectional mode right-to-left (-U)
1486 solved problems and bugs:
1487 PROBLEM: addresses without required parameters but an option containing
1488 a '/' were incorrectly interpreted as implicit GOPEN address
1489 SOLVED: if an address does not have ':' separator but contains '/',
1490 check if the slash is before the first ',' before assuming
1495 ptys under SunOS work now due to use of stream options
1498 further corrections:
1499 with -d -d -d -d -D, don't print debug info during file analysis
1502 ####################### V 1.1.0.1:
1505 .spec file for RPM generation
1508 solved problems and bugs:
1509 PROBLEM: GOPEN on socket did not apply option unlink-late
1510 SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
1513 PROBLEM: with unidirectional mode, an unnecessary close timeout was
1515 SOLUTION: in unidirectional mode, terminate without wait time
1517 PROBLEM: using GOPEN on a unix domain socket failed for datagram
1519 SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
1522 further corrections:
1524 open() flag options had names starting with "o_", now corrected to "o-"
1526 in docu, *-listen addresses were called *_listen
1528 address unix now called unix-connect because it does not handle unix
1531 in test.sh, apply global command line options with all tests
1534 ####################### V 1.1.0.0:
1537 regular man page and html doc - thanks to kromJx for prototype
1539 new address type "readline", utilizing GNU readline and history libs
1541 address option "history-file" for readline
1543 new option "dash" to "exec" address that allows to start login shells
1545 syslog facility can be set per command line option
1547 new address option "tcp-quickack", found in Linux 2.4
1549 option -g prevents option group checking
1551 filan and procan can print usage
1553 procan prints rlimit infos
1556 solved problems and bugs:
1557 PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
1558 SOLVED: set eof flag of channel on shutdown.
1560 PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
1561 and has data available while channel 1 reaches EOF, the data is
1563 SOLVED: during one loop run, first handle all data transfers and
1564 _afterwards_ handle EOF.
1566 PROBLEM: despite to option NONBLOCK, the connect() call blocked
1567 SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
1569 PROBLEM: UNLINK options issued error when file did not exist,
1571 SOLVED: failure of unlink() is only warning if errno==ENOENT
1573 PROBLEM: TCP6-LISTEN required numeric port specification
1574 SOLVED: now uses common TCP service resolver
1576 PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
1577 SOLVED: retrieval of FDs now pays respect to PIPE pecularities
1579 PROBLEM: using address EXEC against an address with IGNOREEOF, socat
1581 SOLVED: corrected EOF handling of sigchld
1585 MacOS and old AIX versions now have pty
1587 flock() now available on Linux (configure check was wrong)
1589 named pipe were generated using mknod(), which requires root under BSD
1590 now they are generated using mkfifo
1593 further corrections:
1594 lots of address options that were "forgotten" at runtime are now
1597 option BINDTODEVICE now also called SO-BINDTODEVICE, IF
1599 "make install" now installs binaries with ownership 0:0
1602 ####################### V 1.0.4.2:
1604 solved problems and bugs:
1605 PROBLEM: EOF of one stream caused close of other stream, giving it no
1606 chance to go down regularly
1607 SOLVED: EOF of one stream now causes shutdown of write part of other
1610 PROBLEM: sending mail via socks address to qmail showed that crlf
1611 option does not work
1612 SOLVED: socks address applies PH_LATE options
1614 PROBLEM: in debug mode, no info about socat and platform was issued
1615 SOLVED: print socat version and uname output in debug mode
1617 PROBLEM: invoking socat with -t and no following parameters caused
1619 SOLVED: -t and -b now check next argv entry
1621 PROBLEM: when opening of logfile (-lf) failed, no error was reported
1622 and no further messages were printed
1623 SOLVED: check result of fopen and print error message if it failed
1626 address type UDP-LISTEN now supports option fork: it internally applies
1627 socket option SO_REUSEADDR so a new UDP socket can bind to port after
1628 `accepting´ a connection (child processes might live forever though)
1629 (suggestion from Damjan Lango)
1632 ####################### V 1.0.4.1:
1634 solved problems and bugs:
1635 PROB: assert in libc caused an endless recursion
1636 SOLVED: no longer catch SIGABRT
1638 PROB: socat printed wrong verbose prefix for "right to left" packets
1639 SOLVED: new parameter for xiotransfer() passes correct prefix
1642 in debug mode, socat prints its command line arguments
1643 in verbose mode, escape special characters and replace unprintables
1644 with '.'. Patch from Adrian Thurston.
1647 ####################### V 1.0.4.0:
1649 solved problems and bugs:
1650 Debug output for lstat and fstat said "stat"
1652 further corrections:
1653 FreeBSD now includes libutil.h
1656 option setsid with exec/pty
1657 option setpgid with exec/pty
1658 option ctty with exec/pty
1660 gettimeofday in sycls.c (no use yet)
1663 before Gethostbyname, invoke inet_aton for MacOSX
1666 ####################### V 1.0.3.0:
1668 solved problems and bugs:
1670 PROB: test 9 of test.sh (echo via file) failed on some platforms,
1671 socat exited without error message
1672 SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
1674 PROB: test 17 hung forever
1675 REASON: child death before select loop did not result in EOF
1676 SOLVED: check of existence of children before starting select loop
1678 PROB: test 17 failed
1679 REASON: child dead triggered EOF before last data was read
1680 SOLVED: after child death, read last data before setting EOF
1682 PROB: filan showed that exec processes incorrectly had fd3 open
1683 REASON: inherited open fd3 from main process
1684 SOLVED: set CLOEXEC flag on pty fd in main process
1686 PROB: help printed "undef" instead of group "FORK"
1687 SOLVED: added "FORK" to group name array
1689 PROB: fatal messages did not include severity classifier
1690 SOLVED: added "F" to severity classifier array
1692 PROB: IP6 addresses where printed incorrectly
1693 SOLVED: removed type casts to unsigned short *
1695 further corrections:
1696 socat catches illegal -l modes
1697 corrected error message on setsockopt(linger)
1698 option tabdly is of type uint
1699 correction for UDP over IP6
1700 more cpp conditionals, esp. for IP6 situations
1701 better handling of group NAMED options with listening UNIX sockets
1702 applyopts2 now includes last given phase
1703 corrected option group handling for most address types
1704 introduce dropping of unappliable options (dropopts, dropopts2)
1705 gopen now accepts socket and unix-socket options
1706 exec and system now accept all socket and termios options
1707 child process for exec and system addresses with option pty
1708 improved descriptions and options for EXAMPLES
1709 printf format for file mode changed to "0%03o" with length spec.
1710 added va_end() in branch of msg()
1711 changed phase of lock options from PASTOPEN to FD
1712 support up to four early dying processes
1715 xiosysincludes now includes sysincludes.h for non xio files
1720 TYPE_DOUBLE, u_double
1722 added getsid(), setsid(), send() to sycls
1723 procan prints sid (session id)
1724 mail.sh gets -f (from) option
1725 new EXAMPLEs for file creation
1726 gatherinfo.sh now tells about failures
1727 test.sh can check for much more address/option combinations
1730 ispeed, ospeed for termios on FreeBSD
1731 getpgid() conditional for MacOS 10
1732 added ranlib in Makefile.in for MacOS 10
1733 disable pty option if no pty mechanism is available (MacOS 10)
1734 now compiles and runs on MacOS 10 (still some tests fail)
1735 setgroups() conditional for cygwin
1736 sighandler_t defined conditionally
1737 use gcc option -D_GNU_SOURCE