head 1.7; access; symbols pkgsrc-2014Q2:1.6.0.44 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.42 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.40 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.38 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.6.0.36 pkgsrc-2013Q2-base:1.6 pkgsrc-2013Q1:1.6.0.34 pkgsrc-2013Q1-base:1.6 pkgsrc-2012Q4:1.6.0.32 pkgsrc-2012Q4-base:1.6 pkgsrc-2012Q3:1.6.0.30 pkgsrc-2012Q3-base:1.6 pkgsrc-2012Q2:1.6.0.28 pkgsrc-2012Q2-base:1.6 pkgsrc-2012Q1:1.6.0.26 pkgsrc-2012Q1-base:1.6 pkgsrc-2011Q4:1.6.0.24 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q3:1.6.0.22 pkgsrc-2011Q3-base:1.6 pkgsrc-2011Q2:1.6.0.20 pkgsrc-2011Q2-base:1.6 pkgsrc-2011Q1:1.6.0.18 pkgsrc-2011Q1-base:1.6 pkgsrc-2010Q4:1.6.0.16 pkgsrc-2010Q4-base:1.6 pkgsrc-2010Q3:1.6.0.14 pkgsrc-2010Q3-base:1.6 pkgsrc-2010Q2:1.6.0.12 pkgsrc-2010Q2-base:1.6 pkgsrc-2010Q1:1.6.0.10 pkgsrc-2010Q1-base:1.6 pkgsrc-2009Q4:1.6.0.8 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q3:1.6.0.6 pkgsrc-2009Q3-base:1.6 pkgsrc-2009Q2:1.6.0.4 pkgsrc-2009Q2-base:1.6 pkgsrc-2009Q1:1.6.0.2 pkgsrc-2009Q1-base:1.6 pkgsrc-2008Q4:1.5.0.2 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.4.0.18 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.16 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.14 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.12 pkgsrc-2008Q1:1.4.0.10 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.8 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.6 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.4 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.2 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.10 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.1.1.1.0.6 pkgsrc-2004Q3-base:1.1.1.1 pkgsrc-2004Q2:1.1.1.1.0.4 pkgsrc-2004Q2-base:1.1.1.1 pkgsrc-2004Q1:1.1.1.1.0.2 pkgsrc-2004Q1-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.7 date 2014.09.07.23.24.56; author rodent; state dead; branches; next 1.6; commitid C2aKvGwyFCzHatPx; 1.6 date 2009.03.11.08.40.32; author apb; state Exp; branches 1.6.44.1; next 1.5; 1.5 date 2008.10.25.18.21.18; author adrianp; state dead; branches; next 1.4; 1.4 date 2007.02.17.17.44.57; author adrianp; state Exp; branches; next 1.3; 1.3 date 2006.02.05.00.33.34; author adrianp; state Exp; branches; next 1.2; 1.2 date 2004.09.30.12.42.46; author adrianp; state Exp; branches; next 1.1; 1.1 date 2004.02.14.22.43.38; author minskim; state Exp; branches 1.1.1.1; next ; 1.6.44.1 date 2014.09.19.11.30.10; author tron; state dead; branches; next ; commitid GE5wRbZX9zyJQWQx; 1.1.1.1 date 2004.02.14.22.43.38; author minskim; state Exp; branches 1.1.1.1.6.1; next ; 1.1.1.1.6.1 date 2004.10.26.11.25.05; author agc; state Exp; branches; next ; desc @@ 1.7 log @Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019. patches/patch-aa seems to have been committed upstream. Passing readline location to configure and fixing CCOPTS in Makefile.in seems to not be necessary anymore. From CHANGES: ####################### V 1.7.2.4: corrections: LISTEN based addresses applied some address options, e.g. so-keepalive, to the listening file descriptor instead of the connected file descriptor make failed after configure with non gcc compiler due to missing include. configure checked for --disable-rawsocket but printed --disable-genericsocket in the help text. In xioshutdown() a wrong branch was chosen after RECVFROM type addresses. Probably no impact. procan could not cleanly format ulimit values longer than 16 decimal digits. Thanks to Frank Dana for providing a patch that increases field width to 24 digits. OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with "Invalid argument" Changed some variable definitions to make gcc -O2 aliasing checker happy On big endian platforms with type long >32bit the range option applied a bad base address. Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy() uses Red Hat issue 1021958: fixed a bug with faulty buffer/data length calculation in xio-ascii.c:_xiodump() Red Hat issue 1021972: fixed a missing NUL termination in return string of sysutils.c:sockaddr_info() for the AF_UNIX case fixed some typos and minor issues, including: Red Hat issue 1021967: formatting error in manual page UNIX-LISTEN with fork option did not remove the socket file system entry when exiting. Other file system based passive address types had similar issues or failed to apply options umask, user e.a. porting: Red Hat issue 1020203: configure checks fail with some compilers. Use case: clang Performed changes for Fedora release 19 Adapted, improved test.sh script Red Hat issue 1021429: getgroupent fails with large number of groups; use getgrouplist() when available instead of sequence of calls to getgrent() Red Hat issue 1021948: snprintf API change; Implemented xio_snprintf() function as wrapper that tries to emulate C99 behaviour on old glibc systems, and adapted all affected calls appropriately Mike Frysinger provided a patch that supports long long for time_t, socklen_t and a few other libc types. Artem Mygaiev extended Cedril Priscals Android build script with pty code The check for fips.h required stddef.h Check for linux/errqueue.h failed on some systems due to lack of linux/types.h inclusion. autoconf now prefers configure.ac over configure.in type of struct cmsghdr.cmsg is system dependend, determine it with configure; some more print format corrections docu: libwrap always logs to syslog added actual text version of GPLv2 ####################### V 1.7.2.3: security: CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line (see socat-secadv5.txt) @ text @$NetBSD: patch-aa,v 1.6 2009/03/11 08:40:32 apb Exp $ --- compat.h.orig 2008-10-05 22:23:07.000000000 +0200 +++ compat.h @@@@ -232,6 +232,10 @@@@ #define F_time "%ld" # elif HAVE_BASIC_TIME_T==6 #define F_time "%lu" +# elif HAVE_BASIC_TIME_T==7 +#define F_time "%lld" +# elif HAVE_BASIC_TIME_T==8 +#define F_time "%llu" # else #error "HAVE_BASIC_TIME_T is out of range:" HAVE_BASIC_TIME_T # endif @ 1.6 log @Support systems where time_t is equivalent to "long long" or "unsigned long long". @ text @d1 1 a1 1 $NetBSD$ @ 1.6.44.1 log @Pullup ticket #4494 - requested by rodent net/socat: security update Revisions pulled up: - net/socat/Makefile 1.32 - net/socat/distinfo 1.20 - net/socat/patches/patch-aa deleted - net/socat/patches/patch-configure 1.2 - net/socat/patches/patch-mytypes.h 1.2 --- Module Name: pkgsrc Committed By: rodent Date: Sun Sep 7 23:24:56 UTC 2014 Modified Files: pkgsrc/net/socat: Makefile distinfo pkgsrc/net/socat/patches: patch-configure patch-mytypes.h Removed Files: pkgsrc/net/socat/patches: patch-aa Log Message: Update to latest stable, 1.7.2.4, which is supposed to resolve CVE-2014-0019. patches/patch-aa seems to have been committed upstream. Passing readline location to configure and fixing CCOPTS in Makefile.in seems to not be necessary anymore. From CHANGES: ####################### V 1.7.2.4: corrections: LISTEN based addresses applied some address options, e.g. so-keepalive, to the listening file descriptor instead of the connected file descriptor make failed after configure with non gcc compiler due to missing include. configure checked for --disable-rawsocket but printed --disable-genericsocket in the help text. In xioshutdown() a wrong branch was chosen after RECVFROM type addresses. Probably no impact. procan could not cleanly format ulimit values longer than 16 decimal digits. Thanks to Frank Dana for providing a patch that increases field width to 24 digits. OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with "Invalid argument" Changed some variable definitions to make gcc -O2 aliasing checker happy On big endian platforms with type long >32bit the range option applied a bad base address. Red Hat issue 1022070: missing length check in xiolog_ancillary_socket() Red Hat issue 1022063: out-of-range shifts on net mask bits Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4() Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy() uses Red Hat issue 1021958: fixed a bug with faulty buffer/data length calculation in xio-ascii.c:_xiodump() Red Hat issue 1021972: fixed a missing NUL termination in return string of sysutils.c:sockaddr_info() for the AF_UNIX case fixed some typos and minor issues, including: Red Hat issue 1021967: formatting error in manual page UNIX-LISTEN with fork option did not remove the socket file system entry when exiting. Other file system based passive address types had similar issues or failed to apply options umask, user e.a. porting: Red Hat issue 1020203: configure checks fail with some compilers. Use case: clang Performed changes for Fedora release 19 Adapted, improved test.sh script Red Hat issue 1021429: getgroupent fails with large number of groups; use getgrouplist() when available instead of sequence of calls to getgrent() Red Hat issue 1021948: snprintf API change; Implemented xio_snprintf() function as wrapper that tries to emulate C99 behaviour on old glibc systems, and adapted all affected calls appropriately Mike Frysinger provided a patch that supports long long for time_t, socklen_t and a few other libc types. Artem Mygaiev extended Cedril Priscals Android build script with pty code The check for fips.h required stddef.h Check for linux/errqueue.h failed on some systems due to lack of linux/types.h inclusion. autoconf now prefers configure.ac over configure.in type of struct cmsghdr.cmsg is system dependend, determine it with configure; some more print format corrections docu: libwrap always logs to syslog added actual text version of GPLv2 ####################### V 1.7.2.3: security: CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line (see socat-secadv5.txt) @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.6 2009/03/11 08:40:32 apb Exp $ @ 1.5 log @Update to 1.7.0.0 2008/10/15: socat version 1.7.0.0 brings support for SCTP stream, raw interface, and generic sockets. New option escape allows to interrupt raw terminal connections. Listening and receiving sockets can set a couple of environment variables. Added base control of System V STREAMS. Lots of corrections were performed. socat compiles on Mac OS X again. Patch from Leonardo Taccari @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.4 2007/02/17 17:44:57 adrianp Exp $ d3 13 a15 11 --- Makefile.in.orig 2006-07-13 23:18:49.000000000 +0100 +++ Makefile.in @@@@ -21,7 +21,7 @@@@ srcdir = @@srcdir@@ VPATH = @@srcdir@@ CC = @@CC@@ -CCOPTS = $(CCOPT) -Wall -Wno-parentheses +CCOPTS = $(CCOPT) SYSDEFS = @@SYSDEFS@@ CPPFLAGS = -I. @@CPPFLAGS@@ @ 1.4 log @Update to 1.5.0.0 new features: new datagram modes for udp, rawip, unix domain sockets socat option -T specifies inactivity timeout rewrote lexical analysis to allow nested socat calls addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6 socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP, SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6 option protocol-family (pf), esp. for openssl-listen range option supports IPv6 - syntax: range=[::1/128] option ipv6-v6only (ipv6only) new tcp-wrappers options allow-table, deny-table, tcpwrap-etc FIPS version of OpenSSL can be integrated - initial patch provided by David Acker. See README.FIPS support for resolver options res-debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, dnsrch options for file attributes on advanced filesystems (ext2, ext3, reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump, ext2-noatime, journal-data etc. option cool-write controls severeness of write failure (EPIPE, ECONNRESET) option o-noatime socat option -lh for hostname in log output traffic dumping provides packet headers configure.in became part of distribution socats unpack directory now has full version, e.g. socat-1.5.0.0/ corrected docu of option verify corrections: fixed tcpwrappers integration - initial fix provided by Rudolf Cejka exec with pipes,stderr produced error setuid-early was ignored with many address types some minor corrections @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update to 1.4.3.1 > ####################### V 1.4.3.1: > > corrections: > PROBLEM: UNIX socket listen accepted only one (or a few) connections. > FIX: do not remove listening UNIX socket in child process > > PROBLEM: SIGSEGV when TCP part of SSL connect failed > FIX: check ssl pointer before calling SSH_shutdown > > In debug mode, show connect client port even when connect fails > > ####################### V 1.4.3.0: > > new features: > socat options -L, -W for application level locking > > options "lockfile", "waitlock" for address level locking > (Stefan Luethje) > > option "readbytes" limits read length (Adam Osuchowski) > > option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude) > socat options -L, -W for application level locking > > options "lockfile", "waitlock" for address level locking > (Stefan Luethje) > > option "readbytes" limits read length (Adam Osuchowski) > > option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude) > > pty symlink, unix listen socket, and named pipe are per default removed > after use; option unlink-close overrides this new behaviour and also > controls removal of other socat generated files (Stefan Luethje) > > corrections: > option "retry" did not work with tcp-listen > > EPIPE condition could result in a 100% CPU loop > > further changes: > support systems without SHUT_RD etc. > handle more size_t types > try to find makedepend options with gcc 3 (richard/OpenMacNews) @ text @d3 1 a3 1 --- Makefile.in.orig 2006-01-29 17:14:11.000000000 +0000 d5 1 a5 1 @@@@ -21,13 +21,13 @@@@ srcdir = @@srcdir@@ d10 1 a10 1 +CCOPTS = $(CCOPT) a13 7 #0 INCLS = -I. @@V_INCL@@ DEFS = @@DEFS@@ -LIBS = @@LIBS@@ +LIBS = @@LDFLAGS@@ @@LIBS@@ INSTALL = @@INSTALL@@ @ 1.2 log @Update socat to 1.4.0.2 - Change to my NetBSD email address ####################### V 1.4.0.2: corrections: exec'd write-only addresses get a chance to flush before being killed error handler: print notice on error-exit filan printed wrong file type information ####################### V 1.4.0.1: corrections: socks4a constructed invalid header. Problem found, reported, and fixed by Thomas Themel, by Peter Palfrader, and by rik with nofork, don't forget to apply some process related options (chroot, setsid, setpgid, ...) ####################### V 1.4.0.0: new features: simple openssl server (ssl-l), experimental openssl trust new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for openssl new options "retry", "forever", and "intervall" option "fork" for address TCP improves `gender changerĀ“ options "sigint", "sigquit", and "sighup" control passing of signals to sub process (thanks to David Shea who contributed to this issue) readline takes respect to the prompt issued by the peer address options "prompt" and "noprompt" allow to override readline's new default behaviour readline supports invisible password with option "noecho" socat option -lp allows to set hostname in log output socat option -lu turns on microsecond resolution in log output corrections: before reading available data, check if writing on other channel is possible tcp6, udp6: support hostname specification (not only IP address), and map IP4 names to IP6 addresses openssl client checks server certificate per default support unidirectional communication with exec/system subprocess try to restore original terminal settings when terminating test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$ socks4 failed on platforms where long does not have 32 bits (thanks to Peter Palfrader and Thomas Seyrat) hstrerror substitute wrote wrong messages (HP-UX, Solaris) proxy error message was truncated when answer contained multiple spaces porting: compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link) @ text @d3 3 a5 3 --- Makefile.in.orig 2004-09-30 13:23:21.000000000 +0000 +++ Makefile.in 2004-09-30 13:24:30.000000000 +0000 @@@@ -21,12 +21,12 @@@@ d10 1 a10 1 +CCOPTS = $(CCOPT) d12 1 @ 1.1 log @Initial revision @ text @d3 3 a5 3 --- Makefile.in.orig 2003-10-19 03:01:41.000000000 -0500 +++ Makefile.in @@@@ -21,11 +21,11 @@@@ srcdir = @@srcdir@@ d12 2 a13 1 INCLS = -I. @@V_INCL@@ @ 1.1.1.1 log @Import socat-1.3.2.2 from pkgsrc-wip. Provided by Adrian Portelli, and slightly modified by me. socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (serial line etc. or a pseudo terminal), a socket (UNIX, IP4, IP6 - raw, UDP, TCP), an SSL socket, proxy CONNECT connection, a file descriptor (stdin etc.), the GNU line editor, a program, or a combination of two of these. These modes include generation of "listening" sockets, pipes and pseudo terminals. @ text @@ 1.1.1.1.6.1 log @Security Pullup - requested by Adrian Portelli security fix for socat Includes the following modifications: Module Name: pkgsrc Committed By: adrianp Date: Thu Sep 30 12:42:46 UTC 2004 Modified Files: pkgsrc/net/socat: Makefile distinfo pkgsrc/net/socat/patches: patch-aa Log Message: Update socat to 1.4.0.2 - Change to my NetBSD email address ####################### V 1.4.0.2: corrections: exec'd write-only addresses get a chance to flush before being killed error handler: print notice on error-exit filan printed wrong file type information ####################### V 1.4.0.1: corrections: socks4a constructed invalid header. Problem found, reported, and fixed by Thomas Themel, by Peter Palfrader, and by rik with nofork, don't forget to apply some process related options (chroot, setsid, setpgid, ...) ####################### V 1.4.0.0: new features: simple openssl server (ssl-l), experimental openssl trust new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for openssl new options "retry", "forever", and "intervall" option "fork" for address TCP improves `gender changerĀ“ options "sigint", "sigquit", and "sighup" control passing of signals to sub process (thanks to David Shea who contributed to this issue) readline takes respect to the prompt issued by the peer address options "prompt" and "noprompt" allow to override readline's new default behaviour readline supports invisible password with option "noecho" socat option -lp allows to set hostname in log output socat option -lu turns on microsecond resolution in log output corrections: before reading available data, check if writing on other channel is possible tcp6, udp6: support hostname specification (not only IP address), and map IP4 names to IP6 addresses openssl client checks server certificate per default support unidirectional communication with exec/system subprocess try to restore original terminal settings when terminating test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$ socks4 failed on platforms where long does not have 32 bits (thanks to Peter Palfrader and Thomas Seyrat) hstrerror substitute wrote wrong messages (HP-UX, Solaris) proxy error message was truncated when answer contained multiple spaces porting: compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link) To generate a diff of this commit: cvs rdiff -r1.2 -r1.3 pkgsrc/net/socat/Makefile cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/net/socat/distinfo cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/net/socat/patches/patch-aa --- Module Name: pkgsrc Committed By: adrianp Date: Mon Oct 25 17:13:51 UTC 2004 Modified Files: pkgsrc/net/socat: Makefile distinfo Log Message: - Update to 1.4.0.3 - Security fix for: http://www.dest-unreach.org/socat/advisory/socat-adv-1.html To generate a diff of this commit: cvs rdiff -r1.4 -r1.5 pkgsrc/net/socat/Makefile cvs rdiff -r1.2 -r1.3 pkgsrc/net/socat/distinfo @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1.1.1 2004/02/14 22:43:38 minskim Exp $ d3 3 a5 3 --- Makefile.in.orig 2004-09-30 13:23:21.000000000 +0000 +++ Makefile.in 2004-09-30 13:24:30.000000000 +0000 @@@@ -21,12 +21,12 @@@@ d12 1 a12 2 CPPFLAGS = -I. @@CPPFLAGS@@ #0 INCLS = -I. @@V_INCL@@ @