3 Makefile.in did not specify dependencies of filan on vsnprintf_r.o
5 Added definition of FILAN_OBJS
6 Thanks to Craig Leres, Clayton Shotwell, and Chris Packham for
9 configure option --enable-msglevel did not work with numbers
11 The autoconf mechanism for determining SHIFT_OFFSET did not work when
13 Thanks to Max Freisinger from Gentoo for seinding a patch.
15 Socat still depended on obsolete gethostbyname() function, thus
16 compiling with MUSL libc failed.
17 Problem reported by Kennedy33.
19 The async signal safe diagnostic system used FDs 3 and 4 internally, so
20 use of appropriate fdin or fdout led to failures.
22 Problem reported by Onur Sentürk.
24 The socket based mechanism for passing messages and signal information
25 from signal handler to process could reach and kill the wrong process.
26 Introduces functions diag_sock_pair(), diag_fork()
27 Thanks to Darren Zhao for analysing and reporting this problem.
29 Option ipv6-join-group did not work because it was applied in the wrong
31 Test: UDP6MULTICAST_UNIDIR
32 Thanks to Angus Gratton for sending a patch.
34 Setting ispeed and ospeed failed for some serial devices because the
35 two settings were applied with two different get/set cycles, Thanks to
36 Alexandre Fenyo for providing an initial patch.
37 However, the actual fix is part of a conceptual change of the termios
38 module that aims for applying all changes in a single tcsetaddr call.
39 Fixes FreeBSD Bug 198441
41 Termios options TAB0,TAB1,TAB2,TAB3, and XTABS did not have an effect.
42 Thanks to Alan Walters for reporting this bug.
44 Substituted cumbersom ISPEED_OFFSET mechanism for cfsetispeed() calls
47 test.sh: Show a warning when phase-1 (insecure phase) of a security
50 OpenSSL tests failed on actual Linux distributions. Measures:
51 Increased key lengths from 768 to 1024 bits
52 Added test.sh option -C to delete temp certs from prevsious runs
53 Provide DH-parameter in certificate in PEM
54 OpenSSL s_server option -verify 0 must be omitted
55 OpenSSL authentication method aNULL no longer works
56 Failure of cipher aNULL is not a failure
57 Failure of methods SSL3 and SSL23 is desired
60 Added missing Config/Makefile.DragonFly-2-8-2,
61 Config/config.DragonFly-2-8-2.h
62 Removed testcert.conf (to be generated by test.sh)
65 Simplified handling of missing termios defines.
67 ####################### V 1.7.3.2:
70 SIGSEGV and other signals could lead to a 100% CPU loop
72 Failing name resolution could lead to SIGSEGV
73 Thanks to Max for reporting this issue.
75 Include <stddef.h> for ptrdiff_t
76 Thanks to Jeroen Roovers for reporting this issue.
78 Building with --disable-sycls failed due to missing sslcls.h defines
80 Socat hung when configured with --disable-sycls.
82 Some minor corrections with includes etc.
84 Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
87 Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
89 Test: EXEC_NOFORK_UNIDIR
90 Thanks to David Reiss for reporting this problem.
92 Socat exited with status 0 even when a program invoked with SYSTEM or
94 Tests: SYSTEM_RC EXEC_RC
95 Issue reported by Felix Winkelmann.
97 AddressSanitizer reported a few buffer overflows (false positives).
98 Nevertheless fixed Socat source.
99 Issue reported by Hanno Böck.
101 Socat did not use option ipv6-join-group.
102 Test: USE_IPV6_JOIN_GROUP
103 Thanks to Linux Lüssing for sending a patch.
105 UDP-LISTEN did not honor the max-children option.
106 Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
107 Thanks to Leander Berwers for reporting this issue.
109 Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
110 and therefore were useless.
111 Thanks to Steve Borenstein for reporting this issue.
113 Option dhparam was documented as dhparams. Added the alias name
114 dhparams to fix this.
115 Thanks to Alexander Neumann for sending a patch.
117 Options shut-down and shut-close did not work.
118 Thanks to Stefan Schimanski for providing a patch.
120 There was a bug in printing readline log message caused by a misleading
122 Thanks to Paul Wouters for reporting.
124 The internal vsnprintf_r function looped or crashed on size parameter
125 with hexadecimal output.
127 Ignore exit code of child process when it was killed by master due to
130 Corrected byte order on read of IPV6_TCLASS value from ancillary
133 Fixed type of the bool element in options. This had bug caused failures
134 e.g. of ignoreeof on big-endian systems when bool was not based on int.
136 On systems with predefined bool type whose size differs from int some
137 IPv6 and TCP options (per setsockopt()) failed.
139 Length of integral data in ancillary messages varies (TOS: 1 byte,
140 TTL: 4 bytes), the old implementation failed for TTL on big-endian
143 Fixed an issue in options processing: TUN and DNS flags had failed on
144 big-endian systems and the NO- forms had probable never worked.
147 Type conflict between int and sig_atomic_t between declaration and
148 definition of diag_immediate_type and diag_immediate_exit broke
149 compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
152 Socat failed to compile on platforms with OpenSSL without
153 DTLSv1_client_method or DTLSv1_server_method.
154 Thanks to Simon Matter for sending a patch.
156 NuttX OS headers do not provide struct ip, thus socat did not compile.
157 Made struct ip subject to configure.
158 Thanks to SP for reporting this issue.
160 Socat failed to compile with OpenSSL version 1.0.2d where
161 SSLv3_server_method and SSLv3_client_method are no longer defined.
162 Thanks to Mischa ter Smitten for reporting this issue and providing
165 configure checked for OpenSSL EC_KEY assuming it is a define but it
166 is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
167 Thanks to Andrey Arapov for reporting this bug.
169 Changes to make socat compile with OpenSSL 1.1.
170 Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
171 providing the base patch.
174 Make Socat compatible with BoringSSL.
175 Thanks to Matt Braithwaite for providing a patch.
177 OpenSSL: Use RAND_status to determine PRNG state
178 Thanks to Adam Langley for providing a patch
180 AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
181 requirements. Thanks to Garrick Trowsdale for providing a patch
183 LibreSSL support: check for OPENSSL_NO_COMP
184 Thanks to Bernard Spil for providing a patch
187 socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
189 test.sh: stderr; option -v (verbose); FDOUT_ERROR description
191 improved proxy.sh - it now also takes hostnames
193 A few corrections in test.sh
195 DTLS1 test hangs on some distributions. Test is now only performed
196 with OpenSSL 1.0.2 or higher.
198 More corrections to test.sh that reveal a mistake with IPV6_TCLASS
201 Corrected source of socat man page to correctly show man references
202 like socket(2); removed obseolete entries from See Also
204 Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
205 that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
207 Thanks to Zhigang Wang for reporting this issue.
209 Fixed a couple of English spelling and grammar mistakes.
210 Thanks to Jakub Wild for sending the patches.
212 NOEXPAND() was not resolved 2 times.
214 More minor docu corrections
217 Added contributors to copyright notices. Suggested by Matt Braithwaite.
219 ####################### V 1.7.3.1:
222 Socat security advisory 8
223 A stack overflow in vulnerability was found that can be triggered when
224 command line arguments (complete address specifications, host names,
225 file names) are longer than 512 bytes.
226 Successful exploitation might allow an attacker to execute arbitrary
227 code with the privileges of the socat process.
228 This vulnerability can only be exploited when an attacker is able to
229 inject data into socat's command line.
230 A vulnerable scenario would be a CGI script that reads data from clients
231 and uses (parts of) this data as hostname for a Socat invocation.
233 Credits to Takumi Akiyama for finding and reporting this issue.
235 Socat security advisory 7
237 In the OpenSSL address implementation the hard coded 1024 bit DH p
238 parameter was not prime. The effective cryptographic strength of a key
239 exchange using these parameters was weaker than the one one could get by
240 using a prime p. Moreover, since there is no indication of how these
241 parameters were chosen, the existence of a trapdoor that makes possible
242 for an eavesdropper to recover the shared secret from a key exchange
243 that uses them cannot be ruled out.
244 Futhermore, 1024bit is not considered sufficiently secure.
245 Fix: generated a new 2048bit prime.
246 Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
247 Research (MSVR) for finding and reporting this issue.
249 ####################### V 1.7.3.0:
252 Socat security advisory 6
253 CVE-2015-1379: Possible DoS with fork
254 Fixed problems with signal handling caused by use of not async signal
255 safe functions in signal handlers that could freeze socat, allowing
256 denial of service attacks.
257 Many changes in signal handling and the diagnostic messages system were
258 applied to make the code async signal safe but still provide detailled
259 logging from signal handlers:
260 Coded function vsnprintf_r() as async signal safe incomplete substitute
262 Coded function snprinterr() to replace %m in strings with a system error
264 Instead of gettimeofday() use clock_gettime() when available
265 Pass Diagnostic messages from signal handler per unix socket to the main
267 Use sigaction() instead of signal() for better control
268 Turn off nested signal handler invocations
269 Thanks to Peter Lobsinger for reporting and explaining this issue.
271 Red Hat issue 1019975: add TLS host name checks
272 OpenSSL client checks if the server certificates names in
273 extensions/subjectAltName/DNS or in subject/commonName match the name
274 used to connect or the value of the openssl-commonname option.
275 Test: OPENSSL_CN_CLIENT_SECURITY
277 OpenSSL server checks if the client certificates names in
278 extensions/subjectAltNames/DNS or subject/commonName match the value of
279 the openssl-commonname option when it is used.
280 Test: OPENSSL_CN_SERVER_SECURITY
282 Red Hat issue 1019964: socat now uses the system certificate store with
283 OPENSSL when neither options cafile nor capath are used
285 Red Hat issue 1019972: needs to specify OpenSSL cipher suites
286 Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
287 prevent downgrade attacks
290 OpenSSL addresses set couple of environment variables from values in
291 peer certificate, e.g.:
292 SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
293 SOCAT_OPENSSL_X509_COMMONNAME,
294 SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
295 Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
297 Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
298 Tests: OPENSSL_METHOD_*
300 Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
303 Added a new option termios-rawer for ptys.
304 Thanks to Christian Vogelgsang for pointing me to this requirement
307 Bind with ABSTRACT commands used non-abstract namespace (Linux).
309 Thanks to Denis Shatov for reporting this bug.
311 Fixed return value of nestlex()
313 Option ignoreeof on the right address hung.
315 Thanks to Franz Fasching for reporting this bug.
317 Address SYSTEM, when terminating, shut down its parent addresses,
318 e.g. an SSL connection which the parent assumed to still be active.
319 Test: SYSTEM_SHUTDOWN
321 Passive (listening or receiving) addresses with empty port field bound
322 to a random port instead of terminating with error.
325 configure with some combination of disable options produced config
326 files that failed to compile due to missing IPPROTO_TCP.
327 Thanks to Thierry Fournier for report and patch.
329 fixed a few minor bugs with OpenSSL in configure and with messages
331 Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
332 is required. Thanks to Zhigang Wang for reporting and sending a patch.
334 Christophe Leroy provided a patch that fixes memory leaks reported by
337 Help for filan -L was bad, is now corrected to:
338 "follow symbolic links instead of showing their properties"
340 Address options fdin and fdout were silently ignored when not applicable
341 due to -u or -U option. Now these combinations are caught as errors.
343 Issue reported by Hendrik.
345 Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
346 over option raw which is now obsolote. On SysV systems this call is
347 simulated by appropriate setting.
348 Thanks to Youfu Zhang for reporting issue with option raw.
351 Socat included <sys/poll.h> instead of POSIX <poll.h>
352 Thanks to John Spencer for reporting this issue.
354 Version 1.7.2.4 changed the check for gcc in configure.ac; this
355 broke cross compiling. The particular check gets reverted.
356 Thanks to Ross Burton and Danomi Manchego for reporting this issue.
358 Debian Bug#764251: Set the build timestamp to a deterministic time:
359 support external BUILD_DATE env var to allow to build reproducable
362 Joachim Fenkes provided an new adapted spec file.
364 Type bool and macros Min and Max are defined by socat which led to
365 compile errors when they were already provided by build framework.
366 Thanks to Liyu Liu for providing a patch.
368 David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
369 support and appropriate files in Config/
371 Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
374 Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
375 _POSIX_PTHREAD_SEMANTICS; and minor changes
377 Red Hat issue 1182005: socat 1.7.2.4 build failure missing
379 Socat failed to compile on on PPC due to new requirements for
380 including <linux/errqueue.h> and a weakness in the conditional code.
381 Thanks to Michel Normand for reporting this issue.
384 In the man page the PTY example was badly formatted. Thanks to
385 J.F.Sebastian for sending a patch.
387 Added missing CVE ids to security issues in CHANGES
390 Do not distribute testcert.conf with socat source but generate it
391 (and new testcert6.conf) during test.sh run.
393 ####################### V 1.7.2.4:
396 LISTEN based addresses applied some address options, e.g. so-keepalive,
397 to the listening file descriptor instead of the connected file
399 Thanks to Ulises Alonso for reporting this bug
401 make failed after configure with non gcc compiler due to missing
402 include. Thanks to Horacio Mijail for reporting this problem
404 configure checked for --disable-rawsocket but printed
405 --disable-genericsocket in the help text. Thanks to Ben Gardiner for
406 reporting and patching this bug
408 In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
410 Thanks to David Binderman for reporting this issue.
412 procan could not cleanly format ulimit values longer than 16 decimal
413 digits. Thanks to Frank Dana for providing a patch that increases field
416 OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
418 Thanks to Emile den Tex for reporting this bug.
420 Changed some variable definitions to make gcc -O2 aliasing checker happy
421 Thanks to Ilya Gordeev for reporting these warnings
423 On big endian platforms with type long >32bit the range option applied a
424 bad base address. Thanks to hejia hejia for reporting and fixing this bug.
426 Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
428 Red Hat issue 1022063: out-of-range shifts on net mask bits
430 Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
432 Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
435 Red Hat issue 1021958: fixed a bug with faulty buffer/data length
436 calculation in xio-ascii.c:_xiodump()
438 Red Hat issue 1021972: fixed a missing NUL termination in return string
439 of sysutils.c:sockaddr_info() for the AF_UNIX case
441 fixed some typos and minor issues, including:
442 Red Hat issue 1021967: formatting error in manual page
444 UNIX-LISTEN with fork option did not remove the socket file system entry
445 when exiting. Other file system based passive address types had similar
446 issues or failed to apply options umask, user e.a.
447 Thanks to Lorenzo Monti for pointing me to this issue
450 Red Hat issue 1020203: configure checks fail with some compilers.
453 Performed changes for Fedora release 19
455 Adapted, improved test.sh script
457 Red Hat issue 1021429: getgroupent fails with large number of groups;
458 use getgrouplist() when available instead of sequence of calls to
461 Red Hat issue 1021948: snprintf API change;
462 Implemented xio_snprintf() function as wrapper that tries to emulate C99
463 behaviour on old glibc systems, and adapted all affected calls
466 Mike Frysinger provided a patch that supports long long for time_t,
467 socklen_t and a few other libc types.
469 Artem Mygaiev extended Cedril Priscals Android build script with pty code
471 The check for fips.h required stddef.h
472 Thanks to Matt Hilt for reporting this issue and sending a patch
474 Check for linux/errqueue.h failed on some systems due to lack of
475 linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
477 autoconf now prefers configure.ac over configure.in
478 Thanks to Michael Vastola for sending a patch.
480 type of struct cmsghdr.cmsg is system dependend, determine it with
481 configure; some more print format corrections
484 libwrap always logs to syslog
486 added actual text version of GPLv2
488 ####################### V 1.7.2.3:
491 Socat security advisory 5
492 CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
493 overflow with data from command line (see socat-secadv5.txt)
494 Credits to Florian Weimer of the Red Hat Product Security Team
496 ####################### V 1.7.2.2:
499 Socat security advisory 4
501 after refusing a client connection due to bad source address or source
502 port socat shutdown() the socket but did not close() it, resulting in
503 a file descriptor leak in the listening process, visible with lsof and
504 possibly resulting in EMFILE Too many open files. This issue could be
505 misused for a denial of service attack.
506 Full credits to Catalin Mitrofan for finding and reporting this issue.
508 ####################### V 1.7.2.1:
511 Socat security advisory 3
513 fixed a possible heap buffer overflow in the readline address. This bug
514 could be exploited when all of the following conditions were met:
515 1) one of the addresses is READLINE without the noprompt and without the
517 2) the other (almost arbitrary address) reads malicious data (which is
518 then transferred by socat to READLINE).
519 Workaround: when using the READLINE address apply option prompt or
521 Full credits to Johan Thillemann for finding and reporting this issue.
523 ####################### V 1.7.2.0:
526 when UNIX-LISTEN was applied to an existing file it failed as expected
527 but removed the file. Thanks to Bjoern Bosselmann for reporting this
530 fixed a bug where socat might crash when connecting to a unix domain
531 socket using address GOPEN. Thanks to Martin Forssen for bug report and
534 UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
535 when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
537 UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
538 pointed me to that bug
540 TCP-CONNECT with option nonblock reported successful connect even when
543 address option ioctl-intp failed with "unimplemented type 26". Thanks
544 to Jeremy W. Sherman for reporting and fixing that bug
546 socat option -x did not print packet direction, timestamp etc; thanks
547 to Anthony Sharobaiko for sending a patch
549 address PTY does not take any parameters but did not report an error
552 Marcus Meissner provided a patch that fixes invalid output and possible
553 process crash when socat prints info about an unnamed unix domain
556 Michal Soltys reported the following problem and provided an initial
557 patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during
558 data transfer only parts of the data might have been written.
560 Option o-nonblock in combination with large transfer block sizes
561 may result in partial writes and/or EAGAIN errors that were not handled
562 properly but resulted in data loss or process termination.
564 Fixed a bug that could freeze socat when during assembly of a log
565 message a signal was handled that also printed a log message. socat
566 development had been aware that localtime() is not thread safe but had
567 only expected broken messages, not corrupted stack (glibc 2.11.1,
570 an internal store for child pids was susceptible to pid reuse which
571 could lead to sporadic data loss when both fork option and exec address
572 were used. Thanks to Tetsuya Sodo for reporting this problem and
575 OpenSSL server failed with "no shared cipher" when using cipher aNULL.
576 Fixed by providing temporary DH parameters. Thanks to Philip Rowlands
577 for drawing my attention to this issue.
579 UDP-LISTEN slept 1s after accepting a connection. This is not required.
580 Thanks to Peter Valdemar Morch for reporting this issue
582 fixed a bug that could lead to error or socat crash after a client
583 connection with option retry had been established
585 fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be
588 improved dev_t print format definition
591 Cedril Priscal ported socat to Android (using Googles cross compiler).
592 The port includes the socat_buildscript_for_android.sh script
594 added check for component ipi_spec_dst in struct in_pktinfo so
595 compilation does not fail on Cygwin (thanks to Peter Wagemans for
596 reporting this problem)
598 build failed on RHEL6 due to presence of fips.h; configure now checks
599 for fipsld too. Thanks to Andreas Gruenbacher for reporting this
602 check for netinet6/in6.h only when IPv6 is available and enabled
604 don't fail to compile when the following defines are missing:
605 IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT
606 Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
608 check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX
609 Lion 7.1); thanks to Jerry Jacobs to reporting this problem and
612 fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for
615 corrections for OpenEmbedded, especially termios SHIFT values and
616 ISPEED/OSPEED. Thanks to John Faith for providing the patch
618 minor corrections to docu and test.sh resulting from local compilation
621 fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for
622 reporting this issue and sending a patch.
624 Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
625 is now bsd/libutil.h; compiler warns on vars that is only written to
628 added option max-children that limits the number of concurrent child
629 processes. Thanks to Sam Liddicott for providing the patch.
631 Till Maas added support for tun/tap addresses without IP address
633 added an option openssl-compress that allows to disable the compression
634 feature of newer OpenSSL versions. Thanks to Michael Hanselmann for
635 providing this contribution (sponsored by Google Inc.)
638 minor corrections in docu (thanks to Paggas)
640 client process -> child process
642 ####################### V 1.7.1.3:
645 Socat security advisory 2
647 fixed a stack overflow vulnerability that occurred when command
648 line arguments (whole addresses, host names, file names) were longer
650 Note that this could only be exploited when an attacker was able to
651 inject data into socat's command line.
652 Full credits to Felix Gröbert, Google Security Team, for finding and
655 ####################### V 1.7.1.2:
658 user-late and group-late, when applied to a pty, affected the system
659 device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
660 pointing me to this bug)
662 socats openssl addresses failed with "nonblocking operation did not
663 complete" when the peer performed a renegotiation. Thanks to Benjamin
664 Delpy for reporting this bug.
666 info message during socks connect showed bad port number on little
667 endian systems due to wrong byte order (thanks to Peter M. Galbavy for
668 bug report and patch)
670 Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
671 to default. Thanks to Martin Dorey for reporting this bug.
674 building socat on systems that predefined the CFLAGS environment to
675 contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
676 this problem and to Simon Matter for providing the patch
678 support for Solaris 8 and Sun Studio support (thanks to Sebastian
679 Kayser for providing the patches)
681 on some 64bit systems a compiler warning "cast from pointer to integer
682 of different size" was issued on some option definitions
684 added struct sockaddr_ll to union sockaddr_union to avoid "strict
685 aliasing" warnings (problem reported by Paul Wouters)
688 minor corrections in docu
690 ####################### V 1.7.1.1:
693 corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
694 occur under those conditions. Thanks to Toni Mattila for first
695 reporting this problem.
697 ftruncate64 cut its argument to 32 bits on systems with 32 bit long type
699 socat crashed on systems without setenv() (esp. SunOS up to Solaris 9);
700 thanks to Todd Stansell for reporting this bug
702 with unidirectional EXEC and SYSTEM a close() operation was performed
703 on a random number which could result in hanging e.a.
705 fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
708 docu mentioned option so-bindtodev but correct name is so-bindtodevice.
709 Thanks to Jim Zimmerman for reporting.
712 added environment variables example to doc/socat-multicast.html
714 ####################### V 1.7.1.0:
717 address options shut-none, shut-down, and shut-close allow to control
718 socat's half close behaviour
720 with address option shut-null socat sends an empty packet to the peer
723 option null-eof changes the behaviour of sockets that receive an empty
724 packet to see EOF instead of ignoring it
726 introduced option names substuser-early and su-e, currently equivalent
727 to option substuser (thanks to Mike Perry for providing the patch)
730 fixed some typos and improved some comments
732 ####################### V 1.7.0.1:
735 fixed possible SIGSEGV in listening addresses when a new connection was
736 reset by peer before the socket addresses could be retrieved. Thanks to
737 Mike Perry for sending a patch.
739 fixed a bug, introduced with version 1.7.0.0, that let client
740 connections with option connect-timeout fail when the connections
741 succeeded. Thanks to Bruno De Fraine for reporting this bug.
743 option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
744 and most UNIX-* and ABSTRACT-*
746 half close of EXEC and SYSTEM addresses did not work for pipes and
749 help displayed for some option a wrong type
751 under some circumstances shutdown was called multiple times for the
754 ####################### V 1.7.0.0:
757 new address types SCTP-CONNECT and SCTP-LISTEN implement SCTP stream
758 mode for IPv4 and IPv6; new address options sctp-maxseg and
759 sctp-nodelay (suggested by David A. Madore; thanks to Jonathan Brannan
760 for providing an initial patch)
762 new address "INTERFACE" for transparent network interface handling
763 (suggested by Stuart Nicholson)
765 added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
766 SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
767 protocol independent socket handling; all parameters are explicitely
768 specified as numbers or hex data
770 added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
771 ioctl-bin for generic ioctl() calls.
773 added address options setsockopt-int, setsockopt-bin, and
774 setsockopt-string for generic setsockopt() calls
776 option so-type now only affects the socket() and socketpair() calls,
777 not the name resolution. so-type and so-prototype can now be applied to
778 all socket based addresses.
780 new address option "escape" allows to break a socat instance even when
781 raw terminal mode prevents ^C etc. (feature suggested by Guido Trotter)
783 socat sets environment variables SOCAT_VERSION, SOCAT_PID, SOCAT_PPID
784 for use in executed scripts
786 socat sets environment variables SOCAT_SOCKADDR, SOCAT_SOCKPORT,
787 SOCAT_PEERADDR, SOCAT_PEERPORT in LISTEN type addresses (feature
788 suggested by Ed Sawicki)
790 socat receives all ancillary messages with each received packet on
791 datagram related addresses. The messages are logged in raw form with
792 debug level, and broken down with info level. note: each type of
793 ancillary message must be enabled by appropriate address options.
795 socat provides the contents of ancillary messages received on RECVFROM
796 addresses in appropriate environment variables:
797 SOCAT_TIMESTAMP, SOCAT_IP_DSTADDR, SOCAT_IP_IF, SOCAT_IP_LOCADDR,
798 SOCAT_IP_OPTIONS, SOCAT_IP_TOS, SOCAT_IP_TTL, SOCAT_IPV6_DSTADDR,
799 SOCAT_IPV6_HOPLIMIT, SOCAT_IPV6_TCLASS
801 the following address options were added to enable ancillary messages:
802 so-timestamp, ip-pktinfo (not BSD), ip-recvdstaddr (BSD), ip-recverr,
803 ip-recvif (BSD), ip-recvopts, ip-recvtos, ip-recvttl, ipv6-recvdstopts,
804 ipv6-recverr, ipv6-recvhoplimit, ipv6-recvhopopts, ipv6-recvpathmtu,
805 ipv6-recvpktinfo, ipv6-recvrthdr, ipv6-recvtclass
807 new address options ipv6-tclass and ipv6-unicast-hops set the related
810 STREAMS (UNIX System V STREAMS) can be configured with the new address
811 options i-pop-all and i-push (thanks to Michal Rysavy for providing a
815 some raw IP and UNIX datagram modes failed on BSD systems
817 when UDP-LISTEN continued to listen after packet dropped by, e.g.,
818 range option, the old listen socket would not be closed but a new one
819 created. open sockets could accumulate.
821 there was a bug in ip*-recv with bind option: it did not bind, and
822 with the first received packet an error occurred:
823 socket_init(): unknown address family 0
826 RECVFROM addresses with FORK option hung after processing the first
827 packet. test: UDP4RECVFROM_FORK
829 corrected a few mistakes that caused compiler warnings on 64bit hosts
830 (thanks to Jonathan Brannan e.a. for providing a patch)
832 EXEC and SYSTEM with stderr injected socat messages into the data
833 stream. test: EXECSTDERRLOG
835 when the EXEC address got a string with consecutive spaces it created
836 additional empty arguments (thanks to Olivier Hervieu for reporting
837 this bug). test: EXECSPACES
839 in ignoreeof polling mode socat also blocked data transfer in the other
840 direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
843 corrected alphabetical order of options (proxy-auth)
845 some minor corrections
847 improved test.sh script: more stable timing, corrections for BSD
849 replaced the select() calls by poll() to cleanly fix the problems with
850 many file descriptors already open
852 socat option -lf did not log to file but to stderr
854 socat did not compile on Solaris when configured without termios
855 feature (thanks to Pavan Gadi for reporting this bug)
858 socat compiles and runs on AIX with gcc (thanks to Andi Mather for his
861 socat compiles and runs on Cygwin (thanks to Jan Just Keijser for his
864 socat compiles and runs on HP-UX with gcc (thanks to Michal Rysavy for
867 socat compiles and runs on MacOS X (thanks to Camillo Lugaresi for his
871 filan -s prefixes output with FD number if more than one FD
873 Makefile now supports datarootdir (thanks to Camillo Lugaresi for
876 cleanup in xio-unix.c
878 ####################### V 1.6.0.1:
881 new make target "gitclean"
883 docu source doc/socat.yo released
886 exec:...,pty did not kill child process under some circumstances; fixed
887 by correcting typo in xio-progcall.c (thanks to Ralph Forsythe for
888 reporting this problem)
890 service name resolution failed due to byte order mistake
891 (thanks to James Sainsbury for reporting this problem)
893 socat would hang when invoked with many file descriptors already opened
894 fix: replaced FOPEN_MAX with FD_SETSIZE
895 thanks to Daniel Lucq for reporting this problem.
897 fixed bugs where sub processes would become zombies because the master
898 process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
899 UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
900 ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
901 (thanks to Fernanda G Weiden for reporting this problem)
903 fixed a bug where sub processes would become zombies because the master
904 process caught SIGCHLD but did not wait(). this affected addresses
905 UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
906 (thanks to Evan Borgstrom for reporting this problem)
908 corrected option handling with STDIO; usecase: cool-write
910 configure --disable-pty also disabled option waitlock
912 fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
913 (thanks to Roland Illig for sending a patch)
915 corrected name of option intervall to interval (old form still valid
916 for us German speaking guys)
918 corrected some print statements and variable names
920 make uninstall did not uninstall procan
922 fixed lots of weaknesses in test.sh
924 corrected some bugs and typos in doc/socat.yo, EXAMPLES, C comments
927 procan -c prints C defines important for socat
929 added test OPENSSLEOF for OpenSSL half close
931 ####################### V 1.6.0.0:
934 new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
937 new option ip-add-membership for control of multicast group membership
939 new address TUN for generation of Linux TUN/TAP pseudo network
940 interfaces (suggested by Mat Caughron); associated options tun-device,
941 tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
943 new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
944 ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
945 on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
946 socklen parameter on system calls.
948 option end-close for control of connection closing allows FD sharing
951 range option supports form address:mask with IPv4
953 changed behaviour of OPENSSL-LISTEN to require and verify client
954 certificate per default
956 options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
957 grained locking on regular files
959 uninstall target in Makefile (lack reported by Zeeshan Ali)
962 fixed bug where only first tcpwrap option was applied; fixed bug where
963 tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
966 filan (and socat -D) could hang when a socket was involved
968 corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
971 correct bind with udp6-listen (thanks to Jan Horak for reporting this
974 corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
975 (thanks to Leo Zhadanovsky for reporting this problem)
977 corrected problem with read data buffered in OpenSSL layer (thanks to
978 Jon Nelson for reporting this bug)
980 corrected problem with option readbytes when input stream stayed idle
983 fixed a bug where a datagram receiver with option fork could fork two
984 sub processes per packet
987 moved documentation to new doc/ subdir
989 new documents (kind of mini tutorials) are provided in doc/
991 ####################### V 1.5.0.0:
994 new datagram modes for udp, rawip, unix domain sockets
996 socat option -T specifies inactivity timeout
998 rewrote lexical analysis to allow nested socat calls
1000 addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
1002 socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
1003 SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
1005 addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
1007 option protocol-family (pf), esp. for openssl-listen
1009 range option supports IPv6 - syntax: range=[::1/128]
1011 option ipv6-v6only (ipv6only)
1013 new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
1015 FIPS version of OpenSSL can be integrated - initial patch provided by
1016 David Acker. See README.FIPS
1018 support for resolver options res-debug, aaonly, usevc, primary, igntc,
1019 recurse, defnames, stayopen, dnsrch
1021 options for file attributes on advanced filesystems (ext2, ext3,
1022 reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
1023 ext2-noatime, journal-data etc.
1025 option cool-write controls severeness of write failure (EPIPE,
1030 socat option -lh for hostname in log output
1032 traffic dumping provides packet headers
1034 configure.in became part of distribution
1036 socats unpack directory now has full version, e.g. socat-1.5.0.0/
1038 corrected docu of option verify
1041 fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
1043 exec with pipes,stderr produced error
1045 setuid-early was ignored with many address types
1047 some minor corrections
1049 ####################### V 1.4.3.1:
1052 PROBLEM: UNIX socket listen accepted only one (or a few) connections.
1053 FIX: do not remove listening UNIX socket in child process
1055 PROBLEM: SIGSEGV when TCP part of SSL connect failed
1056 FIX: check ssl pointer before calling SSL_shutdown
1058 In debug mode, show connect client port even when connect fails
1060 ####################### V 1.4.3.0:
1063 socat options -L, -W for application level locking
1065 options "lockfile", "waitlock" for address level locking
1068 option "readbytes" limits read length (Adam Osuchowski)
1070 option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
1072 pty symlink, unix listen socket, and named pipe are per default removed
1073 after use; option unlink-close overrides this new behaviour and also
1074 controls removal of other socat generated files (Stefan Luethje)
1077 option "retry" did not work with tcp-listen
1079 EPIPE condition could result in a 100% CPU loop
1082 support systems without SHUT_RD etc.
1083 handle more size_t types
1084 try to find makedepend options with gcc 3 (richard/OpenMacNews)
1086 ####################### V 1.4.2.0:
1089 option "connect-timeout" limits wait time for connect operations
1090 (requested by Giulio Orsero)
1092 option "dhparam" for explicit Diffie-Hellman parameter file
1095 support for OpenSSL DSA certificates (Miika Komu)
1097 create install directories before copying files (Miika Komu)
1099 when exiting on signal, return status 128+signum instead of 1
1101 on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
1104 -lu could cause a core dump on long messages
1107 modifications to simplify using socats features in applications
1109 ####################### V 1.4.1.0:
1112 option "wait-slave" blocks open of pty master side until a client
1113 connects, "pty-intervall" controls polling
1115 option -h as synonym to -? for help (contributed by Christian
1118 filan prints formatted time stamps and rdev (disable with -r)
1120 redirect filan's output, so stdout is not affected (contributed by
1123 filan option -L to follow symbolic links
1125 filan shows termios control characters
1128 proxy address no longer performs unsolicited retries
1130 filan -f no longer needs read permission to analyze a file (but still
1131 needs access permission to directory, of course)
1135 FreeBSD options noopt, nopush, md5sig
1136 OpenBSD options sack-disable, signature-enable
1137 HP-UX, Solaris options abort-threshold, conn-abort-threshold
1138 HP-UX options b900, b3600, b7200
1139 Tru64/OSF1 options keepinit, paws, sackena, tsoptena
1141 further corrections:
1142 address pty now uses ptmx as default if openpty is also available
1144 ####################### V 1.4.0.3:
1147 Socat security advisory 1
1149 fix to a syslog() based format string vulnerability that can lead to
1150 remote code execution. See advisory socat-adv-1.txt
1152 ####################### V 1.4.0.2:
1155 exec'd write-only addresses get a chance to flush before being killed
1157 error handler: print notice on error-exit
1159 filan printed wrong file type information
1161 ####################### V 1.4.0.1:
1164 socks4a constructed invalid header. Problem found, reported, and fixed
1165 by Thomas Themel, by Peter Palfrader, and by rik
1167 with nofork, don't forget to apply some process related options
1168 (chroot, setsid, setpgid, ...)
1170 ####################### V 1.4.0.0:
1173 simple openssl server (ssl-l), experimental openssl trust
1175 new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
1178 new options "retry", "forever", and "intervall"
1180 option "fork" for address TCP improves `gender changer´
1182 options "sigint", "sigquit", and "sighup" control passing of signals to
1183 sub process (thanks to David Shea who contributed to this issue)
1185 readline takes respect to the prompt issued by the peer address
1187 options "prompt" and "noprompt" allow to override readline's new
1190 readline supports invisible password with option "noecho"
1192 socat option -lp allows to set hostname in log output
1194 socat option -lu turns on microsecond resolution in log output
1198 before reading available data, check if writing on other channel is
1201 tcp6, udp6: support hostname specification (not only IP address), and
1202 map IP4 names to IP6 addresses
1204 openssl client checks server certificate per default
1206 support unidirectional communication with exec/system subprocess
1208 try to restore original terminal settings when terminating
1210 test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$
1212 socks4 failed on platforms where long does not have 32 bits
1213 (thanks to Peter Palfrader and Thomas Seyrat)
1215 hstrerror substitute wrote wrong messages (HP-UX, Solaris)
1217 proxy error message was truncated when answer contained multiple spaces
1221 compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
1223 ####################### V 1.3.2.2:
1226 PROXY CONNECT failed when the status reply from the proxy server
1227 contained more than one consecutive spaces. Problem reported by
1228 Alexandre Bezroutchko
1230 do not SIGSEGV when proxy address fails to resolve server name
1232 udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
1233 Problem reported by Christoph Schittel
1235 test.sh only tests available features
1237 added missing IP and TCP options in filan analyzer
1239 do not apply stdio address options to both directions when in
1242 on systems lacking /dev/*random and egd, provide (weak) entropy from
1247 changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
1249 compiles on True64, FreeBSD (again), NetBSD, OpenBSD
1251 support for long long as st_ino type (Cygwin 1.5)
1253 compile on systems where pty can not be featured
1255 ####################### V 1.3.2.1:
1258 "final" solution for the ENOCHLD problem
1260 corrected "make strip"
1262 default gcc debug/opt is "-O" again
1264 check for /proc at runtime, even if configure found it
1266 src.rpm accidently supported SuSE instead of RedHat
1268 ####################### V 1.3.2.0:
1271 option "nofork" connects an exec'd script or program directly
1272 to the file descriptors of the other address, circumventing the socat
1275 support for files >2GB, using ftruncate64(), lseek64(), stat64()
1277 filan has new "simple" output style (filan -s)
1281 options "binary" and "text" for controlling line termination on Cygwin
1282 file system access (hint from Yang Wu-Zhou)
1284 fix by Yang Wu-Zhou for the Cygwin "No Children" problem
1286 improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
1289 minor corrections to avoid warnings with gcc 3
1292 further corrections and minor improvements:
1293 configure script is generated with autoconf 2.57 (no longer 2.52)
1295 configure passes CFLAGS to Makefile
1297 option -??? for complete list of address options and their short forms
1299 program name in syslog messages is derived from argv[0]
1301 SIGHUP now prints notice instead of error
1303 EIO during read of pty now gives Notice instead of Error, and
1306 use of hstrerror() for printing resolver error messages
1308 setgrent() got required endgrent()
1310 ####################### V 1.3.1.0:
1313 integration of Wietse Venema's tcpwrapper library (libwrap)
1315 with "proxy" address, option "resolve" controls if hostname or IP
1316 address is sent in request
1318 option "lowport" establishes limited authorization for TCP and UDP
1321 improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
1322 An accompanying change in the numbering scheme results in an
1323 incompatibility with earlier socat RPMs!
1326 solved problems and bugs:
1327 PROBLEM: socat daemon terminated when the address of a connecting
1328 client did not match range option value instead of continue listening
1329 SOLVED: in this case, print warning instead of error to keep daemon
1332 PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
1334 SOLVED: dont assume that each exiting child process generates SIGCHLD
1336 when converting CRNL to CR, socat converted to NL
1339 further corrections:
1340 configure script now disables features that depend on missing files
1341 making it more robust in "unsupported" environments
1343 server.pem permissions corrected to 600
1345 "make install" now does not strip; use "make strip; make install"
1346 if you like strip (suggested by Peter Bray)
1348 ####################### V 1.3.0.1:
1350 solved problems and bugs:
1351 PROBLEM: OPENSSL did not apply tcp, ip, and socket options
1352 SOLVED: OPENSSL now correctly handles the options list
1354 PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
1356 SOLVED: these conversions now simply strip all CR's or NL's from input
1361 SunOS ptys now work on x86, too (thanks to Peter Bray)
1363 configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
1366 further corrections:
1367 added WITH_PROXY value to -V output
1369 added compile dependencies of WITH_PTY and WITH_PROXY
1371 -?? did not print option group of proxy options
1373 corrected syntax for bind option in docu
1375 corrected an issue with stdio in unidirectional mode
1377 options socksport and proxyport support service names
1379 ftp.sh script supports proxy address
1381 man page no longer installed with execute permissions (thanks to Peter
1384 fixed a malloc call bug that could cause SIGSEGV or false "out of
1385 memory" errors on EXEC and SYSTEM, depending on program name length and
1388 ####################### V 1.3.0.0:
1391 proxy connect with optional proxy authentication
1393 combined hex and text dump mode, credits to Gregory Margo
1395 address pty applies options user, group, and perm to device
1398 solved problems and bugs:
1399 PROBLEM: option reuseport was not applied (BSD, AIX)
1400 SOLVED: option reuseport now in phase PASTSOCKET instead of PREBIND,
1401 credits to Jean-Baptiste Marchand
1403 PROBLEM: ignoreeof with stdio was ignored
1404 SOLVED: ignoreeof now works correctly with address stdio
1406 PROBLEM: ftp.sh did not use user supplied password
1407 SOLVED: ftp.sh now correctly passes password from command line
1409 PROBLEM: server.pem had expired
1410 SOLVED: new server.pem valid for ten years
1412 PROBLEM: socks notice printed wrong port on some platforms
1413 SOLVED: socks now uses correct byte-order for port number in notice
1416 further corrections:
1417 option name o_trunc corrected to o-trunc
1419 combined use of -u and -U is now detected and prevented
1421 made message system a little more robust against format string attacks
1424 ####################### V 1.2.0.0:
1427 address pty for putting socat behind a new pseudo terminal that may
1428 fake a serial line, modem etc.
1430 experimental openssl integration
1431 (it does not provide any trust between the peers because is does not
1432 check certificates!)
1434 options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
1435 locking mechanism provided by flock()
1437 options setsid and setpgid now available with all address types
1439 option ctty (controlling terminal) now available for all TERMIOS
1442 option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
1443 replaced by options o-trunc and ftruncate=offset
1445 option sourceport now available with TCP and UDP listen addresses to
1446 restrict incoming client connections
1448 unidirectional mode right-to-left (-U)
1451 solved problems and bugs:
1452 PROBLEM: addresses without required parameters but an option containing
1453 a '/' were incorrectly interpreted as implicit GOPEN address
1454 SOLVED: if an address does not have ':' separator but contains '/',
1455 check if the slash is before the first ',' before assuming
1460 ptys under SunOS work now due to use of stream options
1463 further corrections:
1464 with -d -d -d -d -D, don't print debug info during file analysis
1467 ####################### V 1.1.0.1:
1470 .spec file for RPM generation
1473 solved problems and bugs:
1474 PROBLEM: GOPEN on socket did not apply option unlink-late
1475 SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
1478 PROBLEM: with unidirectional mode, an unnecessary close timeout was
1480 SOLUTION: in unidirectional mode, terminate without wait time
1482 PROBLEM: using GOPEN on a unix domain socket failed for datagram
1484 SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
1487 further corrections:
1489 open() flag options had names starting with "o_", now corrected to "o-"
1491 in docu, *-listen addresses were called *_listen
1493 address unix now called unix-connect because it does not handle unix
1496 in test.sh, apply global command line options with all tests
1499 ####################### V 1.1.0.0:
1502 regular man page and html doc - thanks to kromJx for prototype
1504 new address type "readline", utilizing GNU readline and history libs
1506 address option "history-file" for readline
1508 new option "dash" to "exec" address that allows to start login shells
1510 syslog facility can be set per command line option
1512 new address option "tcp-quickack", found in Linux 2.4
1514 option -g prevents option group checking
1516 filan and procan can print usage
1518 procan prints rlimit infos
1521 solved problems and bugs:
1522 PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
1523 SOLVED: set eof flag of channel on shutdown.
1525 PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
1526 and has data available while channel 1 reaches EOF, the data is
1528 SOLVED: during one loop run, first handle all data transfers and
1529 _afterwards_ handle EOF.
1531 PROBLEM: despite to option NONBLOCK, the connect() call blocked
1532 SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
1534 PROBLEM: UNLINK options issued error when file did not exist,
1536 SOLVED: failure of unlink() is only warning if errno==ENOENT
1538 PROBLEM: TCP6-LISTEN required numeric port specification
1539 SOLVED: now uses common TCP service resolver
1541 PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
1542 SOLVED: retrieval of FDs now pays respect to PIPE pecularities
1544 PROBLEM: using address EXEC against an address with IGNOREEOF, socat
1546 SOLVED: corrected EOF handling of sigchld
1550 MacOS and old AIX versions now have pty
1552 flock() now available on Linux (configure check was wrong)
1554 named pipe were generated using mknod(), which requires root under BSD
1555 now they are generated using mkfifo
1558 further corrections:
1559 lots of address options that were "forgotten" at runtime are now
1562 option BINDTODEVICE now also called SO-BINDTODEVICE, IF
1564 "make install" now installs binaries with ownership 0:0
1567 ####################### V 1.0.4.2:
1569 solved problems and bugs:
1570 PROBLEM: EOF of one stream caused close of other stream, giving it no
1571 chance to go down regularly
1572 SOLVED: EOF of one stream now causes shutdown of write part of other
1575 PROBLEM: sending mail via socks address to qmail showed that crlf
1576 option does not work
1577 SOLVED: socks address applies PH_LATE options
1579 PROBLEM: in debug mode, no info about socat and platform was issued
1580 SOLVED: print socat version and uname output in debug mode
1582 PROBLEM: invoking socat with -t and no following parameters caused
1584 SOLVED: -t and -b now check next argv entry
1586 PROBLEM: when opening of logfile (-lf) failed, no error was reported
1587 and no further messages were printed
1588 SOLVED: check result of fopen and print error message if it failed
1591 address type UDP-LISTEN now supports option fork: it internally applies
1592 socket option SO_REUSEADDR so a new UDP socket can bind to port after
1593 `accepting´ a connection (child processes might live forever though)
1594 (suggestion from Damjan Lango)
1597 ####################### V 1.0.4.1:
1599 solved problems and bugs:
1600 PROB: assert in libc caused an endless recursion
1601 SOLVED: no longer catch SIGABRT
1603 PROB: socat printed wrong verbose prefix for "right to left" packets
1604 SOLVED: new parameter for xiotransfer() passes correct prefix
1607 in debug mode, socat prints its command line arguments
1608 in verbose mode, escape special characters and replace unprintables
1609 with '.'. Patch from Adrian Thurston.
1612 ####################### V 1.0.4.0:
1614 solved problems and bugs:
1615 Debug output for lstat and fstat said "stat"
1617 further corrections:
1618 FreeBSD now includes libutil.h
1621 option setsid with exec/pty
1622 option setpgid with exec/pty
1623 option ctty with exec/pty
1625 gettimeofday in sycls.c (no use yet)
1628 before Gethostbyname, invoke inet_aton for MacOSX
1631 ####################### V 1.0.3.0:
1633 solved problems and bugs:
1635 PROB: test 9 of test.sh (echo via file) failed on some platforms,
1636 socat exited without error message
1637 SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
1639 PROB: test 17 hung forever
1640 REASON: child death before select loop did not result in EOF
1641 SOLVED: check of existence of children before starting select loop
1643 PROB: test 17 failed
1644 REASON: child dead triggered EOF before last data was read
1645 SOLVED: after child death, read last data before setting EOF
1647 PROB: filan showed that exec processes incorrectly had fd3 open
1648 REASON: inherited open fd3 from main process
1649 SOLVED: set CLOEXEC flag on pty fd in main process
1651 PROB: help printed "undef" instead of group "FORK"
1652 SOLVED: added "FORK" to group name array
1654 PROB: fatal messages did not include severity classifier
1655 SOLVED: added "F" to severity classifier array
1657 PROB: IP6 addresses where printed incorrectly
1658 SOLVED: removed type casts to unsigned short *
1660 further corrections:
1661 socat catches illegal -l modes
1662 corrected error message on setsockopt(linger)
1663 option tabdly is of type uint
1664 correction for UDP over IP6
1665 more cpp conditionals, esp. for IP6 situations
1666 better handling of group NAMED options with listening UNIX sockets
1667 applyopts2 now includes last given phase
1668 corrected option group handling for most address types
1669 introduce dropping of unappliable options (dropopts, dropopts2)
1670 gopen now accepts socket and unix-socket options
1671 exec and system now accept all socket and termios options
1672 child process for exec and system addresses with option pty
1673 improved descriptions and options for EXAMPLES
1674 printf format for file mode changed to "0%03o" with length spec.
1675 added va_end() in branch of msg()
1676 changed phase of lock options from PASTOPEN to FD
1677 support up to four early dying processes
1680 xiosysincludes now includes sysincludes.h for non xio files
1685 TYPE_DOUBLE, u_double
1687 added getsid(), setsid(), send() to sycls
1688 procan prints sid (session id)
1689 mail.sh gets -f (from) option
1690 new EXAMPLEs for file creation
1691 gatherinfo.sh now tells about failures
1692 test.sh can check for much more address/option combinations
1695 ispeed, ospeed for termios on FreeBSD
1696 getpgid() conditional for MacOS 10
1697 added ranlib in Makefile.in for MacOS 10
1698 disable pty option if no pty mechanism is available (MacOS 10)
1699 now compiles and runs on MacOS 10 (still some tests fail)
1700 setgroups() conditional for cygwin
1701 sighandler_t defined conditionally
1702 use gcc option -D_GNU_SOURCE