"Fossies" - the Fresh Open Source Software Archive

Member "socat-1.7.3.2/CHANGES" (23 Jan 2017, 54395 Bytes) of package /linux/privat/socat-1.7.3.2.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "CHANGES": 1.7.3.1_vs_1.7.3.2.

    1 
    2 ####################### V 1.7.3.2:
    3 
    4 corrections:
    5 	SIGSEGV and other signals could lead to a 100% CPU loop
    6 
    7 	Failing name resolution could lead to SIGSEGV
    8 	Thanks to Max for reporting this issue.
    9 
   10 	Include <stddef.h> for ptrdiff_t
   11 	Thanks to Jeroen Roovers for reporting this issue.
   12 
   13 	Building with --disable-sycls failed due to missing sslcls.h defines
   14 
   15 	Socat hung when configured with --disable-sycls.
   16 
   17 	Some minor corrections with includes etc.
   18 
   19 	Option so-reuseport did not work. Thanks to Some Raghavendra Prabhu
   20 	for sending a patch.
   21 
   22 	Programs invoked with EXEC, nofork, and -u or -U had stdin and stdout
   23 	incorrectly assigned
   24 	Test: EXEC_NOFORK_UNIDIR
   25 	Thanks to David Reiss for reporting this problem.
   26 
   27 	Socat exited with status 0 even when a program invoked with SYSTEM or
   28 	EXEC failed.
   29 	Tests: SYSTEM_RC EXEC_RC
   30 	Issue reported by Felix Winkelmann.
   31 
   32 	AddressSanitizer reported a few buffer overflows (false positives).
   33 	Nevertheless fixed Socat source.
   34 	Issue reported by Hanno Böck.
   35 
   36 	Socat did not use option ipv6-join-group.
   37 	Test: USE_IPV6_JOIN_GROUP
   38 	Thanks to Linux Lüssing for sending a patch.
   39 
   40 	UDP-LISTEN did not honor the max-children option.
   41 	Test: UDP4MAXCHILDREN UDP6MAXCHILDREN
   42 	Thanks to Leander Berwers for reporting this issue.
   43 
   44 	Options so-rcvtimeo and so-sndtimeo do not work with poll()/select()
   45 	and therefore were useless.
   46 	Thanks to Steve Borenstein for reporting this issue.
   47 
   48 	Option dhparam was documented as dhparams. Added the alias name
   49 	dhparams to fix this.
   50 	Thanks to Alexander Neumann for sending a patch.
   51 
   52 	Options shut-down and shut-close did not work.
   53 	Thanks to Stefan Schimanski for providing a patch.
   54 
   55 	There was a bug in printing readline log message caused by a misleading
   56 	indentation.
   57 	Thanks to Paul Wouters for reporting.
   58 
   59 	The internal vsnprintf_r function looped or crashed on size parameter
   60 	with hexadecimal output.
   61 
   62 	Ignore exit code of child process when it was killed by master due to
   63 	EOF
   64 
   65 	Corrected byte order on read of IPV6_TCLASS value from ancillary
   66 	message
   67 
   68 	Fixed type of the bool element in options. This had bug caused failures
   69 	e.g. of ignoreeof on big-endian systems when bool was not based on int.
   70 
   71 	On systems with predefined bool type whose size differs from int some
   72 	IPv6 and TCP options (per setsockopt()) failed.
   73 
   74 	Length of integral data in ancillary messages varies (TOS: 1 byte,
   75 	TTL: 4 bytes), the old implementation failed for TTL on big-endian
   76 	hosts.
   77 
   78 	Fixed an issue in options processing: TUN and DNS flags had failed on
   79 	big-endian systems and the NO- forms had probable never worked.
   80 
   81 porting:
   82 	Type conflict between int and sig_atomic_t between declaration and
   83 	definition of diag_immediate_type and diag_immediate_exit broke
   84 	compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for
   85 	reporting this bug.
   86 
   87 	Socat failed to compile on platforms with OpenSSL without
   88 	DTLSv1_client_method or DTLSv1_server_method.
   89 	Thanks to Simon Matter for sending a patch.
   90 
   91 	NuttX OS headers do not provide struct ip, thus socat did not compile.
   92 	Made struct ip subject to configure.
   93 	Thanks to SP for reporting this issue.
   94 
   95 	Socat failed to compile with OpenSSL version 1.0.2d where
   96 	SSLv3_server_method and SSLv3_client_method are no longer defined.
   97 	Thanks to Mischa ter Smitten for reporting this issue and providing
   98 	a patch.
   99 
  100 	configure checked for OpenSSL EC_KEY assuming it is a define but it
  101 	is a type, thus OpenSSL ECDHE ciphers failed even on Linux.
  102 	Thanks to Andrey Arapov for reporting this bug.
  103 
  104 	Changes to make socat compile with OpenSSL 1.1. 
  105 	Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
  106 	providing the base patch.
  107 	Debian Bug#828550
  108 
  109 	Make Socat compatible with BoringSSL.
  110 	Thanks to Matt Braithwaite for providing a patch.
  111 
  112 	OpenSSL: Use RAND_status to determine PRNG state
  113 	Thanks to Adam Langley for providing a patch
  114 
  115 	AIX-7 uses an extended O_ACCMODE that does not fit socat's internal
  116 	requirements. Thanks to Garrick Trowsdale for providing a patch
  117 
  118 	LibreSSL support: check for OPENSSL_NO_COMP
  119 	Thanks to Bernard Spil for providing a patch
  120 
  121 testing:
  122 	socks4echo.sh and socks4a-echo.sh hung with new bash with read -n
  123 
  124 	test.sh: stderr; option -v (verbose); FDOUT_ERROR description
  125 
  126 	improved proxy.sh - it now also takes hostnames
  127 
  128 	A few corrections in test.sh
  129 
  130 	DTLS1 test hangs on some distributions. Test is now only performed
  131 	with OpenSSL 1.0.2 or higher.
  132 
  133 	More corrections to test.sh that reveal a mistake with IPV6_TCLASS
  134 
  135 docu:
  136 	Corrected source of socat man page to correctly show man references
  137 	like socket(2); removed obseolete entries from See Also
  138 
  139 	Docu and some comments mentioned addresses SSL-LISTEN and SSL-CONNECT
  140 	that do not exist (OPENSSL-LISTEN, SSL-L; and OPENNSSL-CONNECT, SSL
  141 	are correct).
  142 	Thanks to Zhigang Wang for reporting this issue.
  143 
  144 	Fixed a couple of English spelling and grammar mistakes.
  145 	Thanks to Jakub Wild for sending the patches.
  146 
  147 	NOEXPAND() was not resolved 2 times.
  148 
  149 	More minor docu corrections
  150 
  151 legal:
  152 	Added contributors to copyright notices. Suggested by Matt Braithwaite.
  153 
  154 ####################### V 1.7.3.1:
  155 
  156 security:
  157 	Socat security advisory 8
  158 	A stack overflow in vulnerability was found that can be triggered when
  159 	command line arguments (complete address specifications, host names,
  160 	file names) are longer than 512 bytes.
  161 	Successful exploitation might allow an attacker to execute arbitrary
  162 	code with the privileges of the socat process.
  163 	This vulnerability can only be exploited when an attacker is able to
  164 	inject data into socat's command line.
  165 	A vulnerable scenario would be a CGI script that reads data from clients
  166 	and uses (parts of) this data as hostname for a Socat invocation.
  167 	Test: NESTEDOVFL
  168 	Credits to Takumi Akiyama for finding and reporting this issue.
  169 
  170 	Socat security advisory 7
  171 	MSVR-1499
  172 	In the OpenSSL address implementation the hard coded 1024 bit DH p
  173 	parameter was not prime. The effective cryptographic strength of a key
  174 	exchange using these parameters was weaker than the one one could get by
  175 	using a prime p. Moreover, since there is no indication of how these
  176 	parameters were chosen, the existence of a trapdoor that makes possible
  177 	for an eavesdropper to recover the shared secret from a key exchange
  178 	that uses them cannot be ruled out.
  179 	Futhermore, 1024bit is not considered sufficiently secure.
  180 	Fix: generated a new 2048bit prime.
  181 	Thanks to Santiago Zanella-Beguelin and Microsoft Vulnerability
  182 	Research (MSVR) for finding and reporting this issue.
  183 
  184 ####################### V 1.7.3.0:
  185 
  186 security:
  187 	Socat security advisory 6
  188 	CVE-2015-1379: Possible DoS with fork
  189 	Fixed problems with signal handling caused by use of not async signal
  190 	safe functions in signal handlers that could freeze socat, allowing
  191 	denial of service attacks.
  192 	Many changes in signal handling and the diagnostic messages system were
  193 	applied to make the code async signal safe but still provide detailled
  194 	logging from signal handlers:
  195 	Coded function vsnprintf_r() as async signal safe incomplete substitute
  196 	of libc vsnprintf()
  197 	Coded function snprinterr() to replace %m in strings with a system error
  198 	message
  199 	Instead of gettimeofday() use clock_gettime() when available
  200 	Pass Diagnostic messages from signal handler per unix socket to the main
  201 	program flow
  202 	Use sigaction() instead of signal() for better control
  203 	Turn off nested signal handler invocations
  204 	Thanks to Peter Lobsinger for reporting and explaining this issue.
  205 
  206 	Red Hat issue 1019975: add TLS host name checks
  207 	OpenSSL client checks if the server certificates names in
  208 	extensions/subjectAltName/DNS or in subject/commonName match the name
  209 	used to connect or the value of the openssl-commonname option.
  210 	Test: OPENSSL_CN_CLIENT_SECURITY
  211 
  212 	OpenSSL server checks if the client certificates names in
  213 	extensions/subjectAltNames/DNS or subject/commonName match the value of
  214 	the openssl-commonname option when it is used.
  215 	Test: OPENSSL_CN_SERVER_SECURITY
  216 
  217 	Red Hat issue 1019964: socat now uses the system certificate store with
  218 	OPENSSL when neither options cafile nor capath are used
  219 
  220 	Red Hat issue 1019972: needs to specify OpenSSL cipher suites
  221 	Default cipherlist is now "HIGH:-NULL:-PSK:-aNULL" instead of empty to
  222 	prevent downgrade attacks
  223 
  224 new features:
  225 	OpenSSL addresses set couple of environment variables from values in
  226 	peer certificate, e.g.: 
  227 	SOCAT_OPENSSL_X509_SUBJECT, SOCAT_OPENSSL_X509_ISSUER,
  228 	SOCAT_OPENSSL_X509_COMMONNAME, 
  229 	SOCAT_OPENSSL_X509V3_SUBJECTALTNAME_DNS
  230 	Tests: ENV_OPENSSL_{CLIENT,SERVER}_X509_*
  231 
  232 	Added support for methods TLSv1, TLSv1.1, TLSv1.2, and DTLS1
  233 	Tests: OPENSSL_METHOD_*
  234 
  235 	Enabled OpenSSL server side use of ECDHE ciphers. Feature suggested
  236 	by Andrey Arapov.
  237 
  238 	Added a new option termios-rawer for ptys.
  239 	Thanks to Christian Vogelgsang for pointing me to this requirement
  240 
  241 corrections:
  242 	Bind with ABSTRACT commands used non-abstract namespace (Linux).
  243 	Test: ABSTRACT_BIND
  244 	Thanks to Denis Shatov for reporting this bug.
  245 
  246 	Fixed return value of nestlex()
  247 
  248 	Option ignoreeof on the right address hung.
  249 	Test: IGNOREEOF_REV
  250 	Thanks to Franz Fasching for reporting this bug.
  251 
  252 	Address SYSTEM, when terminating, shut down its parent addresses,
  253 	e.g. an SSL connection which the parent assumed to still be active.
  254 	Test: SYSTEM_SHUTDOWN
  255 
  256 	Passive (listening or receiving) addresses with empty port field bound
  257 	to a random port instead of terminating with error.
  258 	Test: TCP4_NOPORT
  259 
  260 	configure with some combination of disable options produced config
  261 	files that failed to compile due to missing IPPROTO_TCP.
  262 	Thanks to Thierry Fournier for report and patch.
  263 
  264 	fixed a few minor bugs with OpenSSL in configure and with messages
  265 
  266 	Socat did not work in FIPS mode because 1024 instead of 512 bit DH prime
  267 	is required. Thanks to Zhigang Wang for reporting and sending a patch.
  268 
  269 	Christophe Leroy provided a patch that fixes memory leaks reported by
  270 	valgrind
  271 
  272 	Help for filan -L was bad, is now corrected to:
  273 	"follow symbolic links instead of showing their properties"
  274 
  275 	Address options fdin and fdout were silently ignored when not applicable
  276 	due to -u or -U option. Now these combinations are caught as errors.
  277 	Test: FDOUT_ERROR
  278 	Issue reported by Hendrik.
  279 
  280 	Added option termios-cfmakeraw that calls cfmakeraw() and is preferred
  281 	over option raw which is now obsolote. On SysV systems this call is
  282 	simulated by appropriate setting.
  283 	Thanks to Youfu Zhang for reporting issue with option raw.
  284 
  285 porting:
  286 	Socat included <sys/poll.h> instead of POSIX <poll.h>
  287 	Thanks to John Spencer for reporting this issue.
  288 
  289 	Version 1.7.2.4 changed the check for gcc in configure.ac; this
  290 	broke cross compiling. The particular check gets reverted.
  291 	Thanks to Ross Burton and Danomi Manchego for reporting this issue.
  292 
  293 	Debian Bug#764251: Set the build timestamp to a deterministic time:
  294 	support external BUILD_DATE env var to allow to build reproducable
  295 	binaries
  296 
  297 	Joachim Fenkes provided an new adapted spec file.
  298 
  299 	Type bool and macros Min and Max are defined by socat which led to
  300 	compile errors when they were already provided by build framework.
  301 	Thanks to Liyu Liu for providing a patch.
  302 
  303 	David Arnstein contributed a patch for NetBSD 5.1 including stdbool.h
  304 	support and appropriate files in Config/
  305 
  306 	Lauri Tirkkonen contributed a patch regarding netinet/if_ether.h
  307 	on Illumos
  308 
  309 	Changes for Openindiana: define _XPG4_2, __EXTENSIONS__,
  310 	_POSIX_PTHREAD_SEMANTICS; and minor changes
  311 
  312 	Red Hat issue 1182005: socat 1.7.2.4 build failure missing
  313 	linux/errqueue.h
  314 	Socat failed to compile on on PPC due to new requirements for
  315 	including <linux/errqueue.h> and a weakness in the conditional code.
  316 	Thanks to Michel Normand for reporting this issue.
  317 
  318 doc:
  319 	In the man page the PTY example was badly formatted. Thanks to
  320 	J.F.Sebastian for sending a patch.
  321 
  322 	Added missing CVE ids to security issues in CHANGES
  323 
  324 testing:
  325 	Do not distribute testcert.conf with socat source but generate it
  326 	(and new testcert6.conf) during test.sh run.
  327 
  328 ####################### V 1.7.2.4:
  329 
  330 corrections:
  331 	LISTEN based addresses applied some address options, e.g. so-keepalive,
  332 	to the listening file descriptor instead of the connected file
  333 	descriptor
  334 	Thanks to Ulises Alonso for reporting this bug
  335 
  336 	make failed after configure with non gcc compiler due to missing
  337 	include. Thanks to Horacio Mijail for reporting this problem
  338 
  339 	configure checked for --disable-rawsocket but printed
  340 	--disable-genericsocket in the help text. Thanks to Ben Gardiner for
  341 	reporting and patching this bug
  342 
  343 	In xioshutdown() a wrong branch was chosen after RECVFROM type addresses.
  344 	Probably no impact.
  345 	Thanks to David Binderman for reporting this issue.
  346 
  347 	procan could not cleanly format ulimit values longer than 16 decimal
  348 	digits. Thanks to Frank Dana for providing a patch that increases field
  349 	width to 24 digits.
  350 
  351 	OPENSSL-CONNECT with bind option failed on some systems, eg.FreeBSD, with
  352 	"Invalid argument"
  353 	Thanks to Emile den Tex for reporting this bug.
  354 
  355 	Changed some variable definitions to make gcc -O2 aliasing checker happy
  356 	Thanks to Ilya Gordeev for reporting these warnings
  357 
  358 	On big endian platforms with type long >32bit the range option applied a
  359 	bad base address. Thanks to hejia hejia for reporting and fixing this bug.
  360 
  361 	Red Hat issue 1022070: missing length check in xiolog_ancillary_socket()
  362 
  363 	Red Hat issue 1022063: out-of-range shifts on net mask bits
  364 
  365 	Red Hat issue 1022062: strcpy misuse in xiosetsockaddrenv_ip4()
  366 
  367 	Red Hat issue 1022048: strncpy hardening: corrected suspicious strncpy()
  368 	uses
  369 
  370 	Red Hat issue 1021958: fixed a bug with faulty buffer/data length
  371 	calculation in xio-ascii.c:_xiodump()
  372 
  373 	Red Hat issue 1021972: fixed a missing NUL termination in return string
  374 	of sysutils.c:sockaddr_info() for the AF_UNIX case
  375 
  376 	fixed some typos and minor issues, including:
  377 	Red Hat issue 1021967: formatting error in manual page
  378 
  379 	UNIX-LISTEN with fork option did not remove the socket file system entry
  380 	when exiting. Other file system based passive address types had similar
  381 	issues or failed to apply options umask, user e.a.
  382 	Thanks to Lorenzo Monti for pointing me to this issue
  383 
  384 porting:
  385 	Red Hat issue 1020203: configure checks fail with some compilers.
  386 	Use case: clang
  387 
  388 	Performed changes for Fedora release 19
  389 
  390 	Adapted, improved test.sh script
  391 
  392 	Red Hat issue 1021429: getgroupent fails with large number of groups;
  393 	use getgrouplist() when available instead of sequence of calls to
  394 	getgrent()
  395 
  396 	Red Hat issue 1021948: snprintf API change;
  397 	Implemented xio_snprintf() function as wrapper that tries to emulate C99
  398 	behaviour on old glibc systems, and adapted all affected calls
  399 	appropriately
  400 
  401 	Mike Frysinger provided a patch that supports long long for time_t,
  402 	socklen_t and a few other libc types.
  403 
  404 	Artem Mygaiev extended Cedril Priscals Android build script with pty code
  405 
  406 	The check for fips.h required stddef.h
  407 	Thanks to Matt Hilt for reporting this issue and sending a patch
  408 
  409 	Check for linux/errqueue.h failed on some systems due to lack of
  410 	linux/types.h inclusion. Thanks to Michael Vastola for sending a patch.
  411 
  412 	autoconf now prefers configure.ac over configure.in
  413 	Thanks to Michael Vastola for sending a patch.
  414 
  415 	type of struct cmsghdr.cmsg is system dependend, determine it with
  416 	configure; some more print format corrections
  417 
  418 docu:
  419 	libwrap always logs to syslog
  420 
  421 	added actual text version of GPLv2
  422 
  423 ####################### V 1.7.2.3:
  424 
  425 security:
  426 	Socat security advisory 5
  427 	CVE-2014-0019: socats PROXY-CONNECT address was vulnerable to a buffer
  428 	overflow with data from command line (see socat-secadv5.txt)
  429 	Credits to Florian Weimer of the Red Hat Product Security Team
  430 
  431 ####################### V 1.7.2.2:
  432 
  433 security:
  434 	Socat security advisory 4
  435 	CVE-2013-3571:
  436 	after refusing a client connection due to bad source address or source
  437 	port socat shutdown() the socket but did not close() it, resulting in
  438 	a file descriptor leak in the listening process, visible with lsof and
  439 	possibly resulting in EMFILE Too many open files. This issue could be
  440 	misused for a denial of service attack.
  441 	Full credits to Catalin Mitrofan for finding and reporting this issue.
  442 
  443 ####################### V 1.7.2.1:
  444 
  445 security:
  446 	Socat security advisory 3
  447 	CVE-2012-0219:
  448 	fixed a possible heap buffer overflow in the readline address. This bug
  449 	could be exploited when all of the following conditions were met:
  450 	1) one of the addresses is READLINE without the noprompt and without the
  451 	prompt options.
  452 	2) the other (almost arbitrary address) reads malicious data (which is
  453 	then transferred by socat to READLINE).
  454 	Workaround: when using the READLINE address apply option prompt or
  455 	noprompt.
  456 	Full credits to Johan Thillemann for finding and reporting this issue.
  457 
  458 ####################### V 1.7.2.0:
  459 
  460 corrections:
  461 	when UNIX-LISTEN was applied to an existing file it failed as expected
  462 	but removed the file. Thanks to Bjoern Bosselmann for reporting this
  463 	problem
  464 
  465 	fixed a bug where socat might crash when connecting to a unix domain
  466 	socket using address GOPEN. Thanks to Martin Forssen for bug report and
  467 	patch.
  468 
  469 	UDP-LISTEN would alway set SO_REUSEADDR even without fork option and
  470 	when user set it to 0. Thanks to Michal Svoboda for reporting this bug.
  471 
  472 	UNIX-CONNECT did not support half-close. Thanks to Greg Hughes who
  473 	pointed me to that bug
  474 
  475 	TCP-CONNECT with option nonblock reported successful connect even when
  476 	it was still pending
  477 
  478 	address option ioctl-intp failed with "unimplemented type 26". Thanks
  479 	to Jeremy W. Sherman for reporting and fixing that bug
  480 
  481 	socat option -x did not print packet direction, timestamp etc; thanks
  482 	to Anthony Sharobaiko for sending a patch
  483 
  484 	address PTY does not take any parameters but did not report an error
  485 	when some were given
  486 
  487 	Marcus Meissner provided a patch that fixes invalid output and possible
  488 	process crash when socat prints info about an unnamed unix domain
  489 	socket
  490 
  491 	Michal Soltys reported the following problem and provided an initial
  492 	patch: when socat was interrupted, e.g. by SIGSTOP, and resumed during
  493 	data transfer only parts of the data might have been written.
  494 
  495 	Option o-nonblock in combination with large transfer block sizes
  496 	may result in partial writes and/or EAGAIN errors that were not handled
  497 	properly but resulted in data loss or process termination.
  498 
  499 	Fixed a bug that could freeze socat when during assembly of a log
  500 	message a signal was handled that also printed a log message. socat
  501 	development had been aware that localtime() is not thread safe but had
  502 	only expected broken messages, not corrupted stack (glibc 2.11.1,
  503 	Ubuntu 10.4)
  504 
  505 	an internal store for child pids was susceptible to pid reuse which
  506 	could lead to sporadic data loss when both fork option and exec address
  507 	were used. Thanks to Tetsuya Sodo for reporting this problem and
  508 	sending a patch
  509 
  510 	OpenSSL server failed with "no shared cipher" when using cipher aNULL.
  511 	Fixed by providing temporary DH parameters. Thanks to Philip Rowlands
  512 	for drawing my attention to this issue.
  513 
  514 	UDP-LISTEN slept 1s after accepting a connection. This is not required.
  515 	Thanks to Peter Valdemar Morch for reporting this issue
  516 
  517 	fixed a bug that could lead to error or socat crash after a client
  518 	connection with option retry had been established
  519 
  520 	fixed configure.in bug on net/if.h check that caused IF_NAMESIZE to be
  521 	undefined
  522 
  523 	improved dev_t print format definition
  524 
  525 porting:
  526 	Cedril Priscal ported socat to Android (using Googles cross compiler).
  527 	The port includes the socat_buildscript_for_android.sh script
  528 
  529 	added check for component ipi_spec_dst in struct in_pktinfo so
  530 	compilation does not fail on Cygwin (thanks to Peter Wagemans for
  531 	reporting this problem)
  532 
  533 	build failed on RHEL6 due to presence of fips.h; configure now checks
  534 	for fipsld too. Thanks to Andreas Gruenbacher for reporting this
  535 	problem
  536 
  537 	check for netinet6/in6.h only when IPv6 is available and enabled
  538 
  539 	don't fail to compile when the following defines are missing:
  540 	IPV6_PKTINFO IPV6_RTHDR IPV6_DSTOPTS IPV6_HOPOPTS IPV6_HOPLIMIT
  541 	Thanks to Jerry Jacobs for reporting this problem (Mac OS X Lion 10.7)
  542 
  543 	check if define __APPLE_USE_RFC_2292 helps to enable IPV6_* (MacOSX
  544 	Lion 7.1); thanks to Jerry Jacobs to reporting this problem and
  545 	proposing a solution
  546 
  547 	fixed compiler warnings on Mac OS X 64bit. Thanks to Guy Harris for
  548 	providing the patch.
  549 
  550 	corrections for OpenEmbedded, especially termios SHIFT values and
  551 	ISPEED/OSPEED. Thanks to John Faith for providing the patch
  552 
  553 	minor corrections to docu and test.sh resulting from local compilation
  554 	on Openmoko SHR
  555 
  556 	fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for
  557 	reporting this issue and sending a patch.
  558 
  559 	Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
  560 	is now bsd/libutil.h; compiler warns on vars that is only written to
  561 
  562 new features: 
  563 	added option max-children that limits the number of concurrent child
  564 	processes. Thanks to Sam Liddicott for providing the patch.
  565 
  566 	Till Maas added support for tun/tap addresses without IP address
  567  
  568 	added an option openssl-compress that allows to disable the compression
  569 	feature of newer OpenSSL versions. Thanks to Michael Hanselmann for
  570 	providing this contribution (sponsored by Google Inc.)
  571 
  572 docu:
  573 	minor corrections in docu (thanks to Paggas)
  574 
  575 	client process -> child process
  576 
  577 ####################### V 1.7.1.3:
  578 
  579 security:
  580 	Socat security advisory 2
  581 	CVE-2010-2799:
  582 	fixed a stack overflow vulnerability that occurred when command
  583 	line arguments (whole addresses, host names, file names) were longer
  584 	than 512 bytes.
  585 	Note that this could only be exploited when an attacker was able to
  586 	inject data into socat's command line.
  587 	Full credits to Felix Gröbert, Google Security Team, for finding and
  588 	reporting this issue
  589 
  590 ####################### V 1.7.1.2:
  591 
  592 corrections:
  593 	user-late and group-late, when applied to a pty, affected the system
  594 	device /dev/ptmx instead of the pty (thanks to Matthew Cloke for
  595 	pointing me to this bug)
  596 
  597 	socats openssl addresses failed with "nonblocking operation did not
  598 	complete" when the peer performed a renegotiation. Thanks to Benjamin
  599 	Delpy for reporting this bug.
  600 
  601 	info message during socks connect showed bad port number on little
  602 	endian systems due to wrong byte order (thanks to Peter M. Galbavy for
  603 	bug report and patch)
  604 
  605 	Debian bug 531078: socat execs children with SIGCHLD ignored; corrected
  606 	to default. Thanks to Martin Dorey for reporting this bug.
  607 
  608 porting:
  609 	building socat on systems that predefined the CFLAGS environment to
  610 	contain -Wall failed (esp.RedHat). Thanks to Paul Wouters for reporting
  611 	this problem and to Simon Matter for providing the patch
  612 
  613 	support for Solaris 8 and Sun Studio support (thanks to Sebastian
  614 	Kayser for providing the patches)
  615 
  616 	on some 64bit systems a compiler warning "cast from pointer to integer
  617 	of different size" was issued on some option definitions
  618 
  619 	added struct sockaddr_ll to union sockaddr_union to avoid "strict
  620 	aliasing" warnings (problem reported by Paul Wouters)
  621 
  622 docu:
  623 	minor corrections in docu
  624 
  625 ####################### V 1.7.1.1:
  626 
  627 corrections:
  628 	corrected the "fixed possible SIGSEGV" fix because SIGSEGV still might
  629 	occur under those conditions. Thanks to Toni Mattila for first
  630 	reporting this problem.
  631 
  632 	ftruncate64 cut its argument to 32 bits on systems with 32 bit long type
  633 
  634 	socat crashed on systems without setenv() (esp. SunOS up to Solaris 9);
  635 	thanks to Todd Stansell for reporting this bug
  636 
  637 	with unidirectional EXEC and SYSTEM a close() operation was performed
  638 	on a random number which could result in hanging e.a.
  639 
  640 	fixed a compile problem caused by size_t/socklen_t mismatch on 64bit
  641 	systems
  642 
  643 	docu mentioned option so-bindtodev but correct name is so-bindtodevice. 
  644 	Thanks to Jim Zimmerman for reporting.
  645 
  646 docu changes:
  647 	added environment variables example to doc/socat-multicast.html
  648 
  649 ####################### V 1.7.1.0:
  650 
  651 new features:
  652 	address options shut-none, shut-down, and shut-close allow to control
  653 	socat's half close behaviour
  654 
  655 	with address option shut-null socat sends an empty packet to the peer
  656 	to indicate EOF
  657 
  658 	option null-eof changes the behaviour of sockets that receive an empty
  659 	packet to see EOF instead of ignoring it
  660 
  661 	introduced option names substuser-early and su-e, currently equivalent
  662 	to option substuser (thanks to Mike Perry for providing the patch)
  663 
  664 corrections:
  665 	fixed some typos and improved some comments
  666 
  667 ####################### V 1.7.0.1:
  668 
  669 corrections:
  670 	fixed possible SIGSEGV in listening addresses when a new connection was
  671 	reset by peer before the socket addresses could be retrieved. Thanks to
  672 	Mike Perry for sending a patch.
  673 
  674 	fixed a bug, introduced with version 1.7.0.0, that let client
  675 	connections with option connect-timeout fail when the connections
  676 	succeeded. Thanks to Bruno De Fraine for reporting this bug.
  677 
  678 	option end-close "did not apply" to addresses PTY, SOCKET-CONNECT,
  679 	and most UNIX-* and ABSTRACT-*
  680 
  681 	half close of EXEC and SYSTEM addresses did not work for pipes and
  682 	sometimes socketpair
  683 
  684 	help displayed for some option a wrong type
  685 
  686 	under some circumstances shutdown was called multiple times for the
  687 	same fd
  688 
  689 ####################### V 1.7.0.0:
  690 
  691 new features:
  692 	new address types SCTP-CONNECT and SCTP-LISTEN implement SCTP stream
  693 	mode for IPv4 and IPv6; new address options sctp-maxseg and
  694 	sctp-nodelay (suggested by David A. Madore; thanks to Jonathan Brannan
  695 	for providing an initial patch)
  696 
  697 	new address "INTERFACE" for transparent network interface handling
  698 	(suggested by Stuart Nicholson)
  699 
  700 	added generic socket addresses: SOCKET-CONNECT, SOCKET-LISTEN,
  701 	SOCKET-SENDTO, SOCKET-RECVFROM, SOCKET-RECV, SOCKET-DATAGRAM allow
  702 	protocol independent socket handling; all parameters are explicitely
  703 	specified as numbers or hex data
  704 
  705 	added address options ioctl-void, ioctl-int, ioctl-intp, ioctl-string,
  706 	ioctl-bin for generic ioctl() calls.
  707 
  708 	added address options setsockopt-int, setsockopt-bin, and
  709 	setsockopt-string for generic setsockopt() calls
  710 
  711 	option so-type now only affects the socket() and socketpair() calls,
  712 	not the name resolution. so-type and so-prototype can now be applied to
  713 	all socket based addresses.
  714 
  715 	new address option "escape" allows to break a socat instance even when
  716 	raw terminal mode prevents ^C etc. (feature suggested by Guido Trotter)
  717 
  718 	socat sets environment variables SOCAT_VERSION, SOCAT_PID, SOCAT_PPID
  719 	for use in executed scripts
  720 
  721 	socat sets environment variables SOCAT_SOCKADDR, SOCAT_SOCKPORT,
  722 	SOCAT_PEERADDR, SOCAT_PEERPORT in LISTEN type addresses (feature
  723 	suggested by Ed Sawicki)
  724 
  725 	socat receives all ancillary messages with each received packet on
  726 	datagram related addresses. The messages are logged in raw form with
  727 	debug level, and broken down with info level. note: each type of
  728 	ancillary message must be enabled by appropriate address options. 
  729 
  730 	socat provides the contents of ancillary messages received on RECVFROM
  731 	addresses in appropriate environment variables:
  732 	SOCAT_TIMESTAMP, SOCAT_IP_DSTADDR, SOCAT_IP_IF, SOCAT_IP_LOCADDR,
  733 	SOCAT_IP_OPTIONS, SOCAT_IP_TOS, SOCAT_IP_TTL, SOCAT_IPV6_DSTADDR,
  734 	SOCAT_IPV6_HOPLIMIT, SOCAT_IPV6_TCLASS
  735 
  736 	the following address options were added to enable ancillary messages:
  737 	so-timestamp, ip-pktinfo (not BSD), ip-recvdstaddr (BSD), ip-recverr,
  738 	ip-recvif (BSD), ip-recvopts, ip-recvtos, ip-recvttl, ipv6-recvdstopts,
  739 	ipv6-recverr, ipv6-recvhoplimit, ipv6-recvhopopts, ipv6-recvpathmtu,
  740 	ipv6-recvpktinfo, ipv6-recvrthdr, ipv6-recvtclass
  741 
  742 	new address options ipv6-tclass and ipv6-unicast-hops set the related
  743 	socket options.
  744 
  745 	STREAMS (UNIX System V STREAMS) can be configured with the new address
  746 	options i-pop-all and i-push (thanks to Michal Rysavy for providing a
  747 	patch)
  748 
  749 corrections:
  750 	some raw IP and UNIX datagram modes failed on BSD systems
  751 
  752 	when UDP-LISTEN continued to listen after packet dropped by, e.g.,
  753 	range option, the old listen socket would not be closed but a new one
  754 	created. open sockets could accumulate.
  755 
  756 	there was a bug in ip*-recv with bind option: it did not bind, and
  757 	with the first received packet an error occurred:
  758 	socket_init(): unknown address family 0
  759 	test: RAWIP4RECVBIND
  760 
  761 	RECVFROM addresses with FORK option hung after processing the first
  762 	packet. test: UDP4RECVFROM_FORK
  763 
  764 	corrected a few mistakes that caused compiler warnings on 64bit hosts
  765 	(thanks to Jonathan Brannan e.a. for providing a patch)
  766 
  767 	EXEC and SYSTEM with stderr injected socat messages into the data
  768 	stream. test: EXECSTDERRLOG
  769 
  770 	when the EXEC address got a string with consecutive spaces it created
  771 	additional empty arguments (thanks to Olivier Hervieu for reporting
  772 	this bug). test: EXECSPACES
  773 
  774 	in ignoreeof polling mode socat also blocked data transfer in the other
  775 	direction during the 1s wait intervalls (thanks to Jorgen Cederlof for
  776 	reporting this bug)
  777 
  778 	corrected alphabetical order of options (proxy-auth)
  779 
  780 	some minor corrections
  781 
  782 	improved test.sh script: more stable timing, corrections for BSD
  783 
  784 	replaced the select() calls by poll() to cleanly fix the problems with
  785 	many file descriptors already open
  786 
  787 	socat option -lf did not log to file but to stderr
  788 
  789 	socat did not compile on Solaris when configured without termios
  790 	feature (thanks to Pavan Gadi for reporting this bug)
  791 
  792 porting:
  793 	socat compiles and runs on AIX with gcc (thanks to Andi Mather for his
  794 	help)
  795 
  796 	socat compiles and runs on Cygwin (thanks to Jan Just Keijser for his
  797 	help)
  798 
  799 	socat compiles and runs on HP-UX with gcc (thanks to Michal Rysavy for
  800 	his help)
  801 
  802 	socat compiles and runs on MacOS X (thanks to Camillo Lugaresi for his
  803 	help)
  804 
  805 further changes:
  806 	filan -s prefixes output with FD number if more than one FD
  807 
  808 	Makefile now supports datarootdir (thanks to Camillo Lugaresi for
  809 	providing the patch)
  810 
  811 	cleanup in xio-unix.c
  812 
  813 ####################### V 1.6.0.1:
  814 
  815 new features:
  816 	new make target "gitclean"
  817 
  818 	docu source doc/socat.yo released
  819 
  820 corrections:
  821 	exec:...,pty did not kill child process under some circumstances; fixed
  822 	by correcting typo in xio-progcall.c (thanks to Ralph Forsythe for
  823 	reporting this problem) 
  824 
  825 	service name resolution failed due to byte order mistake
  826 	(thanks to James Sainsbury for reporting this problem)
  827 
  828 	socat would hang when invoked with many file descriptors already opened
  829 	fix: replaced FOPEN_MAX with FD_SETSIZE
  830 	thanks to Daniel Lucq for reporting this problem.
  831 
  832 	fixed bugs where sub processes would become zombies because the master
  833 	process did not catch SIGCHLD. this affected addresses UDP-LISTEN,
  834 	UDP-CONNECT, TCP-CONNECT, OPENSSL, PROXY, UNIX-CONNECT, UNIX-CLIENT,
  835 	ABSTRACT-CONNECT, ABSTRACT-CLIENT, SOCKSA, SOCKS4A
  836 	(thanks to Fernanda G Weiden for reporting this problem)
  837 
  838 	fixed a bug where sub processes would become zombies because the master
  839 	process caught SIGCHLD but did not wait(). this affected addresses
  840 	UDP-RECVFROM, IP-RECVFROM, UNIX-RECVFROM, ABSTRACT-RECVFROM
  841 	(thanks to Evan Borgstrom for reporting this problem)
  842 
  843 	corrected option handling with STDIO; usecase: cool-write
  844 
  845 	configure --disable-pty  also disabled option waitlock
  846 
  847 	fixed small bugs on systems with struct ip_mreq without struct ip_mreqn
  848 	(thanks to Roland Illig for sending a patch)
  849 
  850 	corrected name of option intervall to interval (old form still valid
  851 	for us German speaking guys)
  852 
  853 	corrected some print statements and variable names
  854 
  855 	make uninstall  did not uninstall procan
  856 
  857 	fixed lots of weaknesses in test.sh
  858 
  859 	corrected some bugs and typos in doc/socat.yo, EXAMPLES, C comments
  860 
  861 further changes:
  862 	procan -c prints C defines important for socat
  863 
  864 	added test OPENSSLEOF for OpenSSL half close
  865 
  866 ####################### V 1.6.0.0:
  867 
  868 new features:
  869 	new addresses IP-DATAGRAM and UDP-DATAGRAM allow versatile broadcast
  870 	and multicast modes 
  871 
  872 	new option ip-add-membership for control of multicast group membership
  873 
  874 	new address TUN for generation of Linux TUN/TAP pseudo network
  875 	interfaces (suggested by Mat Caughron); associated options tun-device,
  876 	tun-name, tun-type; iff-up, iff-promisc, iff-noarp, iff-no-pi etc.
  877 
  878 	new addresses ABSTRACT-CONNECT, ABSTRACT-LISTEN, ABSTRACT-SENDTO,
  879 	ABSTRACT-RECV, and ABSTRACT-RECVFROM for abstract UNIX domain addresses
  880 	on Linux (requested by Zeeshan Ali); option unix-tightsocklen controls
  881 	socklen parameter on system calls.
  882 
  883 	option end-close for control of connection closing allows FD sharing
  884 	by sub processes
  885 
  886 	range option supports form address:mask with IPv4
  887 
  888 	changed behaviour of OPENSSL-LISTEN to require and verify client
  889 	certificate per default
  890 
  891 	options f-setlkw-rd, f-setlkw-wr, f-setlk-rd, f-setlk-wr allow finer
  892 	grained locking on regular files
  893 
  894 	uninstall target in Makefile (lack reported by Zeeshan Ali)
  895 
  896 corrections:
  897 	fixed bug where only first tcpwrap option was applied; fixed bug where
  898 	tcpwrap IPv6 check always failed (thanks to Rudolf Cejka for reporting
  899 	and fixing this bug) 
  900 
  901 	filan (and socat -D) could hang when a socket was involved
  902 
  903 	corrected PTYs on HP-UX (and maybe others) using STREAMS (inspired by
  904 	Roberto Mackun)
  905 
  906 	correct bind with udp6-listen (thanks to Jan Horak for reporting this
  907 	bug)
  908 
  909 	corrected filan.c peekbuff[0] which did not compile with Sun Studio Pro
  910 	(thanks to Leo Zhadanovsky for reporting this problem)
  911 
  912 	corrected problem with read data buffered in OpenSSL layer (thanks to
  913 	Jon Nelson for reporting this bug)
  914 
  915 	corrected problem with option readbytes when input stream stayed idle
  916 	after so many bytes
  917 
  918 	fixed a bug where a datagram receiver with option fork could fork two
  919 	sub processes per packet
  920 
  921 further changes:
  922 	moved documentation to new doc/ subdir
  923 
  924 	new documents (kind of mini tutorials) are provided in doc/
  925 
  926 ####################### V 1.5.0.0:
  927 
  928 new features:
  929 	new datagram modes for udp, rawip, unix domain sockets
  930 
  931 	socat option -T specifies inactivity timeout
  932 
  933 	rewrote lexical analysis to allow nested socat calls
  934 
  935 	addresses tcp, udp, tcp-l, udp-l, and rawip now support IPv4 and IPv6
  936 
  937 	socat options -4, -6 and environment variables SOCAT_DEFAULT_LISTEN_IP,
  938 	SOCAT_PREFERRED_RESOLVE_IP for control of protocol selection
  939 
  940 	addresses ssl, ssl-l, socks, proxy now support IPv4 and IPv6
  941 
  942 	option protocol-family (pf), esp. for openssl-listen
  943 
  944 	range option supports IPv6 - syntax: range=[::1/128]
  945 
  946 	option ipv6-v6only (ipv6only)
  947 
  948 	new tcp-wrappers options allow-table, deny-table, tcpwrap-etc
  949 
  950 	FIPS version of OpenSSL can be integrated - initial patch provided by
  951 	David Acker. See README.FIPS
  952 
  953 	support for resolver options res-debug, aaonly, usevc, primary, igntc,
  954 	recurse, defnames, stayopen, dnsrch
  955 
  956 	options for file attributes on advanced filesystems (ext2, ext3,
  957 	reiser): secrm, unrm, compr, ext2-sync, immutable, ext2-append, nodump,
  958 	ext2-noatime, journal-data etc.
  959 
  960 	option cool-write controls severeness of write failure (EPIPE,
  961 	ECONNRESET)
  962 
  963 	option o-noatime
  964 
  965 	socat option -lh for hostname in log output
  966 
  967 	traffic dumping provides packet headers
  968 
  969 	configure.in became part of distribution
  970 
  971 	socats unpack directory now has full version, e.g. socat-1.5.0.0/
  972 
  973 	corrected docu of option verify
  974 
  975 corrections:
  976 	fixed tcpwrappers integration - initial fix provided by Rudolf Cejka
  977 
  978 	exec with pipes,stderr produced error
  979 
  980 	setuid-early was ignored with many address types
  981 
  982 	some minor corrections
  983 
  984 ####################### V 1.4.3.1:
  985 
  986 corrections:
  987 	PROBLEM: UNIX socket listen accepted only one (or a few) connections.
  988 	FIX: do not remove listening UNIX socket in child process
  989 
  990 	PROBLEM: SIGSEGV when TCP part of SSL connect failed
  991 	FIX: check ssl pointer before calling SSL_shutdown
  992 
  993 	In debug mode, show connect client port even when connect fails
  994 
  995 ####################### V 1.4.3.0:
  996 
  997 new features:
  998 	socat options -L, -W for application level locking
  999 
 1000 	options "lockfile", "waitlock" for address level locking
 1001 	(Stefan Luethje)
 1002 
 1003 	option "readbytes" limits read length (Adam Osuchowski)
 1004 
 1005 	option "retry" for unix-connect, unix-listen, tcp6-listen (Dale Dude)
 1006 
 1007 	pty symlink, unix listen socket, and named pipe are per default removed
 1008 	after use; option unlink-close overrides this new behaviour and also
 1009 	controls removal of other socat generated files (Stefan Luethje)
 1010 
 1011 corrections:
 1012 	option "retry" did not work with tcp-listen
 1013 
 1014 	EPIPE condition could result in a 100% CPU loop
 1015 
 1016 further changes:
 1017 	support systems without SHUT_RD etc.
 1018 	handle more size_t types
 1019 	try to find makedepend options with gcc 3 (richard/OpenMacNews)
 1020 
 1021 ####################### V 1.4.2.0:
 1022 
 1023 new features:
 1024 	option "connect-timeout" limits wait time for connect operations
 1025 	(requested by Giulio Orsero)
 1026 
 1027 	option "dhparam" for explicit Diffie-Hellman parameter file
 1028 
 1029 corrections:
 1030 	support for OpenSSL DSA certificates (Miika Komu)
 1031 
 1032 	create install directories before copying files (Miika Komu)
 1033 
 1034 	when exiting on signal, return status 128+signum instead of 1
 1035 
 1036 	on EPIPE and ECONNRESET, only issue a warning (Santiago Garcia
 1037 	Mantinan)
 1038 
 1039 	-lu could cause a core dump on long messages
 1040 
 1041 further changes:
 1042 	modifications to simplify using socats features in applications
 1043 
 1044 ####################### V 1.4.1.0:
 1045 
 1046 new features:
 1047 	option "wait-slave" blocks open of pty master side until a client
 1048 	connects, "pty-intervall" controls polling
 1049 
 1050 	option -h as synonym to -? for help (contributed by Christian
 1051 	Lademann)
 1052 
 1053 	filan prints formatted time stamps and rdev (disable with -r)
 1054 
 1055 	redirect filan's output, so stdout is not affected (contributed by
 1056 	Luigi Iotti) 
 1057 
 1058 	filan option -L to follow symbolic links
 1059 
 1060 	filan shows termios control characters
 1061 
 1062 corrections:
 1063 	proxy address no longer performs unsolicited retries
 1064 
 1065 	filan -f no longer needs read permission to analyze a file (but still
 1066 	needs access permission to directory, of course)
 1067 
 1068 porting:
 1069 	Option dsusp
 1070 	FreeBSD options noopt, nopush, md5sig
 1071 	OpenBSD options sack-disable, signature-enable
 1072 	HP-UX, Solaris options abort-threshold, conn-abort-threshold
 1073 	HP-UX options b900, b3600, b7200
 1074 	Tru64/OSF1 options keepinit, paws, sackena, tsoptena
 1075 
 1076 further corrections:
 1077 	address pty now uses ptmx as default if openpty is also available
 1078 
 1079 ####################### V 1.4.0.3:
 1080 
 1081 security:
 1082 	Socat security advisory 1
 1083 	CVE-2004-1484:
 1084 	fix to a syslog() based format string vulnerability that can lead to
 1085 	remote code execution. See advisory socat-adv-1.txt
 1086 
 1087 ####################### V 1.4.0.2:
 1088 
 1089 corrections:
 1090 	exec'd write-only addresses get a chance to flush before being killed
 1091 
 1092 	error handler: print notice on error-exit
 1093 
 1094 	filan printed wrong file type information
 1095 
 1096 ####################### V 1.4.0.1:
 1097 
 1098 corrections:
 1099 	socks4a constructed invalid header. Problem found, reported, and fixed
 1100 	by Thomas Themel, by Peter Palfrader, and by rik
 1101 
 1102 	with nofork, don't forget to apply some process related options
 1103 	(chroot, setsid, setpgid, ...)
 1104 
 1105 ####################### V 1.4.0.0:
 1106 
 1107 new features:
 1108 	simple openssl server (ssl-l), experimental openssl trust
 1109 
 1110 	new options "cafile", "capath", "key", "cert", "egd", and "pseudo" for
 1111 	openssl
 1112 
 1113 	new options "retry", "forever", and "intervall"
 1114 
 1115 	option "fork" for address TCP improves `gender changer´
 1116 
 1117 	options "sigint", "sigquit", and "sighup" control passing of signals to
 1118 	sub process (thanks to David Shea who contributed to this issue)
 1119 
 1120 	readline takes respect to the prompt issued by the peer address
 1121 
 1122 	options "prompt" and "noprompt" allow to override readline's new
 1123 	default behaviour
 1124 
 1125 	readline supports invisible password with option "noecho"
 1126 
 1127 	socat option -lp allows to set hostname in log output
 1128 
 1129 	socat option -lu turns on microsecond resolution in log output
 1130 
 1131 
 1132 corrections:
 1133 	before reading available data, check if writing on other channel is
 1134 	possible
 1135 
 1136 	tcp6, udp6: support hostname specification (not only IP address), and
 1137 	map IP4 names to IP6 addresses
 1138 
 1139 	openssl client checks server certificate per default
 1140 
 1141 	support unidirectional communication with exec/system subprocess
 1142 
 1143 	try to restore original terminal settings when terminating
 1144 
 1145 	test.sh uses tmp dir /tmp/$USER/$$ instead of /tmp/$$ 
 1146 
 1147 	socks4 failed on platforms where long does not have 32 bits
 1148 	(thanks to Peter Palfrader and Thomas Seyrat)
 1149 
 1150 	hstrerror substitute wrote wrong messages (HP-UX, Solaris)
 1151 
 1152 	proxy error message was truncated when answer contained multiple spaces
 1153 
 1154 
 1155 porting:
 1156 	compiles with AIX xlc, HP-UX cc, Tru64 cc (but might not link)
 1157 
 1158 ####################### V 1.3.2.2:
 1159 
 1160 corrections:
 1161 	PROXY CONNECT failed when the status reply from the proxy server
 1162 	contained more than one consecutive spaces. Problem reported by
 1163 	Alexandre Bezroutchko
 1164 
 1165 	do not SIGSEGV when proxy address fails to resolve server name
 1166 
 1167 	udp-listen failed on systems where AF_INET != SOCK_DGRAM (e.g. SunOS).
 1168 	Problem reported by Christoph Schittel
 1169 
 1170 	test.sh only tests available features
 1171 
 1172 	added missing IP and TCP options in filan analyzer
 1173 
 1174 	do not apply stdio address options to both directions when in 
 1175 	unidirectional mode
 1176 
 1177 	on systems lacking /dev/*random and egd, provide (weak) entropy from
 1178 	libc random()
 1179 
 1180 
 1181 porting:
 1182 	changes for HP-UX (VREPRINT, h_NETDB_INTERNAL)
 1183 
 1184 	compiles on True64, FreeBSD (again), NetBSD, OpenBSD
 1185 
 1186 	support for  long long  as  st_ino type (Cygwin 1.5)
 1187 
 1188 	compile on systems where pty can not be featured
 1189 
 1190 ####################### V 1.3.2.1:
 1191 
 1192 corrections:
 1193 	"final" solution for the ENOCHLD problem
 1194 
 1195 	corrected "make strip"
 1196 
 1197 	default gcc debug/opt is "-O" again
 1198 
 1199 	check for /proc at runtime, even if configure found it
 1200 
 1201 	src.rpm accidently supported SuSE instead of RedHat
 1202 
 1203 ####################### V 1.3.2.0:
 1204 
 1205 new features:
 1206 	option "nofork" connects an exec'd script or program directly
 1207 	to the file descriptors of the other address, circumventing the socat
 1208 	transfer engine
 1209 
 1210 	support for files >2GB, using ftruncate64(), lseek64(), stat64()
 1211 
 1212 	filan has new "simple" output style (filan -s)
 1213 
 1214 
 1215 porting:
 1216 	options "binary" and "text" for controlling line termination on Cygwin
 1217 	file system access (hint from Yang Wu-Zhou)
 1218 
 1219 	fix by Yang Wu-Zhou for the Cygwin "No Children" problem
 1220 
 1221 	improved support for OSR: _SVID3; no IS_SOCK, no F_GETOWN (thanks to
 1222 	John DuBois)
 1223 
 1224 	minor corrections to avoid warnings with gcc 3
 1225 
 1226 
 1227 further corrections and minor improvements:
 1228 	configure script is generated with autoconf 2.57 (no longer 2.52)
 1229 
 1230 	configure passes CFLAGS to Makefile
 1231 
 1232 	option -??? for complete list of address options and their short forms
 1233 
 1234 	program name in syslog messages is derived from argv[0]
 1235 
 1236 	SIGHUP now prints notice instead of error
 1237 
 1238 	EIO during read of pty now gives Notice instead of Error, and
 1239 	triggers EOF
 1240 
 1241 	use of hstrerror() for printing resolver error messages
 1242 
 1243 	setgrent() got required endgrent()
 1244 
 1245 ####################### V 1.3.1.0:
 1246 
 1247 new features:
 1248 	integration of Wietse Venema's tcpwrapper library (libwrap)
 1249 
 1250 	with "proxy" address, option "resolve" controls if hostname or IP
 1251 	address is sent in request
 1252 
 1253 	option "lowport" establishes limited authorization for TCP and UDP
 1254 	connections 
 1255 
 1256 	improvement of .spec file for RPM creation (thanks to Gerd v. Egidy)
 1257 	An accompanying change in the numbering scheme results in an 
 1258 	incompatibility with earlier socat RPMs!
 1259 
 1260 
 1261 solved problems and bugs:
 1262 	PROBLEM: socat daemon terminated when the address of a connecting
 1263 	client did not match range option value instead of continue listening
 1264 	SOLVED: in this case, print warning instead of error to keep daemon
 1265 	active 
 1266 
 1267 	PROBLEM: tcp-listen with fork sometimes left excessive number of zombie
 1268 	processes
 1269 	SOLVED: dont assume that each exiting child process generates SIGCHLD
 1270 
 1271 	when converting CRNL to CR, socat converted to NL
 1272 
 1273 
 1274 further corrections:
 1275 	configure script now disables features that depend on missing files
 1276 	making it more robust in "unsupported" environments
 1277 
 1278 	server.pem permissions corrected to 600
 1279 
 1280 	"make install" now does not strip; use "make strip; make install"
 1281 	if you like strip (suggested by Peter Bray)
 1282 
 1283 ####################### V 1.3.0.1:
 1284 
 1285 solved problems and bugs:
 1286 	PROBLEM: OPENSSL did not apply tcp, ip, and socket options
 1287 	SOLVED: OPENSSL now correctly handles the options list
 1288 
 1289 	PROBLEM: CRNL to NL and CRNL to CR conversions failed when CRNL crossed
 1290 	block boundary
 1291 	SOLVED: these conversions now simply strip all CR's or NL's from input
 1292 	stream 
 1293 
 1294 
 1295 porting:
 1296 	SunOS ptys now work on x86, too (thanks to Peter Bray)
 1297 
 1298 	configure looks for freeware libs in /pkgs/lib/ (thanks to Peter Bray)
 1299 
 1300 
 1301 further corrections:
 1302 	added WITH_PROXY value to -V output
 1303 
 1304 	added compile dependencies of WITH_PTY and WITH_PROXY
 1305 
 1306 	-?? did not print option group of proxy options
 1307 
 1308 	corrected syntax for bind option in docu
 1309 
 1310 	corrected an issue with stdio in unidirectional mode
 1311 
 1312 	options socksport and proxyport support service names
 1313 
 1314 	ftp.sh script supports proxy address
 1315 
 1316 	man page no longer installed with execute permissions (thanks to Peter
 1317 	Bray) 
 1318 
 1319 	fixed a malloc call bug that could cause SIGSEGV or false "out of
 1320 	memory" errors on EXEC and SYSTEM, depending on program name length and
 1321 	libc.
 1322 
 1323 ####################### V 1.3.0.0:
 1324 
 1325 new features:
 1326 	proxy connect with optional proxy authentication
 1327 
 1328 	combined hex and text dump mode, credits to Gregory Margo
 1329 
 1330 	address pty applies options user, group, and perm to device
 1331 
 1332 
 1333 solved problems and bugs:
 1334 	PROBLEM: option reuseport was not applied (BSD, AIX)
 1335 	SOLVED:	option reuseport now in phase PASTSOCKET instead of PREBIND,
 1336 		credits to Jean-Baptiste Marchand
 1337 
 1338 	PROBLEM: ignoreeof with stdio was ignored
 1339 	SOLVED: ignoreeof now works correctly with address stdio
 1340 
 1341 	PROBLEM: ftp.sh did not use user supplied password
 1342 	SOLVED: ftp.sh now correctly passes password from command line
 1343 
 1344 	PROBLEM: server.pem had expired
 1345 	SOLVED: new server.pem valid for ten years
 1346 
 1347 	PROBLEM: socks notice printed wrong port on some platforms
 1348 	SOLVED: socks now uses correct byte-order for port number in notice
 1349 
 1350 
 1351 further corrections:
 1352 	option name o_trunc corrected to o-trunc
 1353 
 1354 	combined use of -u and -U is now detected and prevented
 1355 
 1356 	made message system a little more robust against format string attacks
 1357 
 1358 
 1359 ####################### V 1.2.0.0:
 1360 
 1361 new features:
 1362 	address pty for putting socat behind a new pseudo terminal that may
 1363 	fake a serial line, modem etc.
 1364 
 1365 	experimental openssl integration
 1366 	(it does not provide any trust between the peers because is does not
 1367 	 check certificates!)
 1368 
 1369 	options flock-ex, flock-ex-nb, flock-sh, flock-sh-nb to control all
 1370 	locking mechanism provided by flock()
 1371 
 1372 	options setsid and setpgid now available with all address types
 1373 
 1374 	option ctty (controlling terminal) now available for all TERMIOS
 1375 	addresses 
 1376 
 1377 	option truncate (a hybrid of open(.., O_TRUNC) and ftruncate()) is
 1378 	replaced by options o-trunc and ftruncate=offset
 1379 
 1380 	option sourceport now available with TCP and UDP listen addresses to
 1381 	restrict incoming client connections
 1382 
 1383 	unidirectional mode right-to-left (-U)
 1384 
 1385 
 1386 solved problems and bugs:
 1387 	PROBLEM: addresses without required parameters but an option containing
 1388 		a '/' were incorrectly interpreted as implicit GOPEN address
 1389 	SOLVED: if an address does not have ':' separator but contains '/',
 1390 		check if the slash is before the first ',' before assuming
 1391 		implicit GOPEN.
 1392 
 1393 
 1394 porting:
 1395 	ptys under SunOS work now due to use of stream options
 1396 
 1397 
 1398 further corrections:
 1399 	with -d -d -d -d -D, don't print debug info during file analysis
 1400 
 1401 
 1402 ####################### V 1.1.0.1:
 1403 
 1404 new features:
 1405 	.spec file for RPM generation
 1406 
 1407 
 1408 solved problems and bugs:
 1409 	PROBLEM: GOPEN on socket did not apply option unlink-late
 1410 	SOLUTION: GOPEN for socket now applies group NAMED, phase PASTOPEN
 1411 		options 
 1412 
 1413 	PROBLEM: with unidirectional mode, an unnecessary close timeout was
 1414 		applied
 1415 	SOLUTION: in unidirectional mode, terminate without wait time
 1416 
 1417 	PROBLEM: using GOPEN on a unix domain socket failed for datagram
 1418 		sockets
 1419 	SOLUTION: when connect() fails with EPROTOTYPE, use a datagram socket
 1420 
 1421 
 1422 further corrections:
 1423 
 1424 	open() flag options had names starting with "o_", now corrected to "o-"
 1425 
 1426 	in docu, *-listen addresses were called *_listen
 1427 
 1428 	address unix now called unix-connect because it does not handle unix
 1429 	datagram sockets
 1430 
 1431 	in test.sh, apply global command line options with all tests
 1432 
 1433 
 1434 ####################### V 1.1.0.0:
 1435 
 1436 new features:
 1437 	regular man page and html doc - thanks to kromJx for prototype
 1438 
 1439 	new address type "readline", utilizing GNU readline and history libs
 1440 
 1441 	address option "history-file" for readline
 1442 
 1443 	new option "dash" to "exec" address that allows to start login shells
 1444 
 1445 	syslog facility can be set per command line option
 1446 
 1447 	new address option "tcp-quickack", found in Linux 2.4
 1448 
 1449 	option -g prevents option group checking
 1450 
 1451 	filan and procan can print usage
 1452 
 1453 	procan prints rlimit infos
 1454 
 1455 
 1456 solved problems and bugs:
 1457 	PROBLEM: raw IP socket SIGSEGV'ed when it had been shut down.
 1458 	SOLVED: set eof flag of channel on shutdown.
 1459 
 1460 	PROBLEM: if channel 2 uses a single non-socket FD in bidirectional mode
 1461 		and has data available while channel 1 reaches EOF, the data is
 1462 		lost. 
 1463 	SOLVED: during one loop run, first handle all data transfers and
 1464 		_afterwards_ handle EOF. 
 1465 
 1466 	PROBLEM: despite to option NONBLOCK, the connect() call blocked
 1467 	SOLVED: option NONBLOCK is now applied in phase FD instead of LATE
 1468 
 1469 	PROBLEM: UNLINK options issued error when file did not exist,
 1470 		terminating socat
 1471 	SOLVED: failure of unlink() is only warning if errno==ENOENT
 1472 
 1473 	PROBLEM: TCP6-LISTEN required numeric port specification
 1474 	SOLVED: now uses common TCP service resolver
 1475 
 1476 	PROBLEM: with PIPE, wrong FDs were shown for data transfer loop
 1477 	SOLVED: retrieval of FDs now pays respect to PIPE pecularities
 1478 
 1479 	PROBLEM: using address EXEC against an address with IGNOREEOF, socat
 1480 		never terminated
 1481 	SOLVED: corrected EOF handling of sigchld
 1482 
 1483 
 1484 porting:
 1485 	MacOS and old AIX versions now have pty
 1486 
 1487 	flock() now available on Linux (configure check was wrong)
 1488 
 1489 	named pipe were generated using mknod(), which requires root under BSD
 1490 	now they are generated using mkfifo
 1491 
 1492 
 1493 further corrections:
 1494 	lots of address options that were "forgotten" at runtime are now
 1495 	available 
 1496 
 1497 	option BINDTODEVICE now also called SO-BINDTODEVICE, IF
 1498 
 1499 	"make install" now installs binaries with ownership 0:0
 1500 
 1501 
 1502 ####################### V 1.0.4.2:
 1503 
 1504 solved problems and bugs:
 1505 	PROBLEM: EOF of one stream caused close of other stream, giving it no
 1506 	chance to go down regularly
 1507 	SOLVED: EOF of one stream now causes shutdown of write part of other
 1508 	stream
 1509 
 1510 	PROBLEM: sending mail via socks address to qmail showed that crlf
 1511 	option does not work
 1512 	SOLVED: socks address applies PH_LATE options
 1513 
 1514 	PROBLEM: in debug mode, no info about socat and platform was issued
 1515 	SOLVED: print socat version and uname output in debug mode
 1516 
 1517 	PROBLEM: invoking socat with -t and no following parameters caused
 1518 	SIGSEGV
 1519 	SOLVED: -t and -b now check next argv entry
 1520 
 1521 	PROBLEM: when opening of logfile (-lf) failed, no error was reported
 1522 	and no further messages were printed
 1523 	SOLVED: check result of fopen and print error message if it failed
 1524 
 1525 new features:
 1526 	address type UDP-LISTEN now supports option fork: it internally applies
 1527 	socket option SO_REUSEADDR so a new UDP socket can bind to port after
 1528 	`accepting´ a connection (child processes might live forever though)
 1529 	(suggestion from Damjan Lango)
 1530 
 1531 
 1532 ####################### V 1.0.4.1:
 1533 
 1534 solved problems and bugs:
 1535 	PROB: assert in libc caused an endless recursion
 1536 	SOLVED: no longer catch SIGABRT
 1537 
 1538 	PROB: socat printed wrong verbose prefix for "right to left" packets
 1539 	SOLVED: new parameter for xiotransfer() passes correct prefix
 1540 
 1541 new features:
 1542 	in debug mode, socat prints its command line arguments
 1543 	in verbose mode, escape special characters and replace unprintables
 1544 		with '.'. Patch from Adrian Thurston.
 1545 
 1546 
 1547 ####################### V 1.0.4.0:
 1548 
 1549 solved problems and bugs:
 1550 	Debug output for lstat and fstat said "stat"
 1551 
 1552 further corrections:
 1553 	FreeBSD now includes libutil.h
 1554 
 1555 new features:
 1556 	option setsid with exec/pty
 1557 	option setpgid with exec/pty
 1558 	option ctty with exec/pty
 1559 	TCP V6 connect test
 1560 	gettimeofday in sycls.c (no use yet)
 1561 
 1562 porting:
 1563 	before Gethostbyname, invoke inet_aton for MacOSX
 1564 
 1565 
 1566 ####################### V 1.0.3.0:
 1567 
 1568 solved problems and bugs:
 1569 
 1570 	PROB: test 9 of test.sh (echo via file) failed on some platforms,
 1571 	socat exited without error message
 1572 	SOLVED: _xioopen_named_early(): preset statbuf.st_mode with 0
 1573 
 1574 	PROB: test 17 hung forever
 1575 	REASON: child death before select loop did not result in EOF
 1576 	SOLVED: check of existence of children before starting select loop
 1577 
 1578 	PROB: test 17 failed
 1579 	REASON: child dead triggered EOF before last data was read
 1580 	SOLVED: after child death, read last data before setting EOF
 1581 
 1582 	PROB: filan showed that exec processes incorrectly had fd3 open
 1583 	REASON: inherited open fd3 from main process
 1584 	SOLVED: set CLOEXEC flag on pty fd in main process
 1585 
 1586 	PROB: help printed "undef" instead of group "FORK"
 1587 	SOLVED: added "FORK" to group name array
 1588 
 1589 	PROB: fatal messages did not include severity classifier
 1590 	SOLVED: added "F" to severity classifier array 
 1591 
 1592 	PROB: IP6 addresses where printed incorrectly
 1593 	SOLVED: removed type casts to unsigned short *
 1594 
 1595 further corrections:
 1596 	socat catches illegal -l modes
 1597 	corrected error message on setsockopt(linger)
 1598 	option tabdly is of type uint
 1599 	correction for UDP over IP6
 1600 	more cpp conditionals, esp. for IP6 situations
 1601 	better handling of group NAMED options with listening UNIX sockets
 1602 	applyopts2 now includes last given phase
 1603 	corrected option group handling for most address types
 1604 	introduce dropping of unappliable options (dropopts, dropopts2)
 1605 	gopen now accepts socket and unix-socket options
 1606 	exec and system now accept all socket and termios options
 1607 	child process for exec and system addresses with option pty
 1608 	improved descriptions and options for EXAMPLES
 1609 	printf format for file mode changed to "0%03o" with length spec.
 1610 	added va_end() in branch of msg()
 1611 	changed phase of lock options from PASTOPEN to FD
 1612 	support up to four early dying processes
 1613 
 1614 structural changes:
 1615 	xiosysincludes now includes sysincludes.h for non xio files
 1616 
 1617 new features:
 1618 	option umask
 1619 	CHANGES file
 1620 	TYPE_DOUBLE, u_double
 1621 	OFUNC_OFFSET
 1622 	added getsid(), setsid(), send() to sycls
 1623 	procan prints sid (session id)
 1624 	mail.sh gets -f (from) option
 1625 	new EXAMPLEs for file creation
 1626 	gatherinfo.sh now tells about failures
 1627 	test.sh can check for much more address/option combinations
 1628 
 1629 porting:
 1630 	ispeed, ospeed for termios on FreeBSD
 1631 	getpgid() conditional for MacOS 10
 1632 	added ranlib in Makefile.in for MacOS 10
 1633 	disable pty option if no pty mechanism is available (MacOS 10)
 1634 	now compiles and runs on MacOS 10 (still some tests fail)
 1635 	setgroups() conditional for cygwin
 1636 	sighandler_t defined conditionally
 1637 	use gcc option -D_GNU_SOURCE