Created attachment 2044774 [details]
Update to 1.8.0.1 (#2307725)

the-new-hotness/release-monitoring.org's scratch build of socat-1.8.0.1-1.fc40.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=122421920

Releases retrieved: 1.8.0.2
Upstream release that is considered latest: 1.8.0.2
Current version/release in rawhide: 1.8.0.0-4.fc41
URL: http://www.dest-unreach.org/socat/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/4848/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/socat

Created attachment 2062095 [details]
Update to 1.8.0.2 (#2307725)

the-new-hotness/release-monitoring.org's scratch build of socat-1.8.0.2-1.fc40.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=126717694

Releases retrieved: 1.8.0.3
Upstream release that is considered latest: 1.8.0.3
Current version/release in rawhide: 1.8.0.0-5.fc42
URL: http://www.dest-unreach.org/socat/

Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_Monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from Anitya: https://release-monitoring.org/project/4848/


To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/socat

Scratch build failed. Details below:

BuilderException: Build failed:
Couldn't upload source /var/tmp/thn-kc0yl_z8/./SRPMS/socat-1.8.0.3-1.fc40.src.rpm to koji.

Traceback:
  File "/usr/local/lib/python3.12/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/hotness/builders/koji.py", line 252, in build
    output["build_id"] = self._scratch_build(session, package.name, srpm)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/hotness/builders/koji.py", line 477, in _scratch_build
    raise BuilderException("Couldn't upload source {} to koji.".format(source))

If you think this issue is caused by some bug in the-new-hotness, please report it on the-new-hotness issue tracker: https://github.com/fedora-infra/the-new-hotness/issues

(In reply to Upstream Release Monitoring from comment #6)

> Releases retrieved: 1.8.0.3
> Upstream release that is considered latest: 1.8.0.3
> Current version/release in rawhide: 1.8.0.0-5.fc42
> URL: http://www.dest-unreach.org/socat/
> Based on the information from Anitya: https://release-monitoring.org/project/4848/ 
> To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/socat

####################### V 1.8.0.3:

Security:
	readline.sh has new option -lf <logfile> for stderr. If this option is
	not given it logs to a file in . (cwd) only when . is not writable by
	other users.

Corrections:
	Fixed display of option phases in help output.

	filan -s  displayed "(stream)" instead of "tcp" with addresses
	(regression).

	Fixed a bug that made ignoreeof fail in 1.8.0.0 and 1.8.0.1;
	corrected test IGNOREEOF.
	Thanks to Rusty Bird for the precise problem report.

	Fixed the regression introduced with version 1.8.0.1 that in socks5
	addresses the explicit socksport (2nd address parameter) was ignored.
	Thanks to Jakub Fišer for reporting this bug.

	Do not log simple successful write with NOTICE level.

	On partial write to not poll with sleep() but use select()/poll().

	Partial write situations respect total inactivity timeout when
	nonblocking.

	Fixed a bug that could lead to error "xiopoll(...): Bad file descriptor"
	or to undefined behaviour before terminating Socat with addresses EXEC,
	SYSTEM, or SHELL.

	Option ip-add-source-membership did not work.
	Thanks to Duncan Sands and others for reporting this issue and sending
	the fix.

	Option ip-add-membership with only two parameters crashed or failed
	when malloc() does not initialize memory with zeros.
	Thanks to Nicolas Cavallari for reporting and fixing this bug.

	The readline() library function does not output the newline of empty
	input lines. Changed Socat to explicitly print the newline in this
	case.

	Fixed implementation of options o-creat, o-excl, and o-cloexec with
	POSIXMQ-* addresses.
	POSIXMQ addresses are no longer experimental.

	With version 1.8.0.0, and with 1.8.0.1 and option -0, the following
	command failed:
	socat UDP-LISTEN:1234,fork,reuseaddr,bind=127.0.0.1 -
	Message: "E xioopen_ipdgram_listen(): unknown address family 0":
	Thanks to Brian Woo for reporting this issue.
	Test: UDP_LISTEN_BIND4

	Protected SSL_connect() from SIGCHLD,SIGUSR1.

	Nanosleep() trace output now in decimal form.

	UNIX-LISTEN with bind option terminated with INTERNAL error, this is
	now handled properly.
	Test: UNIX_L_BIND

	Removed unused bytes variable from gettimestamp(), corrected #elsif,
	and socks4 record length.
	Thanks to clang-18 and gcc-13.

	Address TCP-CONNECT, when target address resolves to both IPv4 and
	IPv6, now tries to take into account bind address for protocol
	selection.

	Reworked and harmonized ipapp client addresses.
	Tests: TCP_CONNECT_RETRY SCTP_CONNECT_RETRY DCCP_CONNECT_RETRY
	OPENSSL_CONNECT_RETRY SOCKS4_RETRY SOCKS5_CONNECT_RETRY
	PROXY_CONNECT_RETRY

	Socks and proxy clients now also support option max-children.
	Tests: TCP_CONNECT_MAXCHILDREN SCTP_CONNECT_MAXCHILDREN
	DCCP_CONNECT_MAXCHILDREN OPENSSL_CONNECT_MAXCHILDREN
	SOCKS4_MAXCHILDREN SOCKS5_CONNECT_MAXCHILDREN PROXY_CONNECT_MAXCHILDREN

	On failure of getpwuid() (used in options su and su-d) now consider
	errno.

	When IP4 was completed deconfigured, UDP6-RECVFROM with range option
	failed.

	Fixed preprocessor directives in macro invocation.
	Thanks to Mario de Weerd for reporting this issue.

	CONNECT addresses could use a wrong IPPROTO when getaddrinfo() does not
	support the selected one (at least on Debian-4 with SCTP).

	socat -h (help) did not show option groups POSIXMQ, SCTP, DCCP, and
	UDPLITE of addresses.

Features:
	POSIXMQ-RECV now takes option o-nonblock; this, in combination with -T,
	makes it possible to terminate Socat in case the queue is empty.

	New option posixmq-flush (mq-flush) for POSIXMQ addresses empties the
	queue before starting to transfer data.
	Test: LINUX_POSIXMQ_FLUSH

	New options posixmq-maxmsg, posixmq-msgsize.
	Tests: POSIXMQ_MAXMSG POSIXMQ_MSGSIZE

	POSIXMQ is now an alias for POSIXMQ-BIDIRECTIONAL. It can also be used
	in unidirectional context.

	Procan uses getresuid() and getresgid() when available, to determine
	the saved set-user-ID.

	Procan prints more C-defines, esp.O_*, AI_*, EAI_*; __GLIBC__;
	prints some C-defines in oct and hex;
	added option -V

	Procan tells if char is signed or unsigned

	Socat now prints an info message when implicitly setting SO_REUSEADDR.
	Thanks to Michael Renner for this suggestion.

	Added generic options setsockopt-socket and setsockopt-connected that
	are applied after socket() or when connected.

	POSIXMQ addresses now print a warning when options posixmq-maxmsg or
	posixmq-msgsize were not applied.

	New address POSIXMQ-WRITE does the same as POSIXMQ-SEND, as counterpart
	of POSIXMQ-READ.

Building:
	Disabling certain features during configure could break build process.

	Again fixes a few disable problems.

Porting:
	Fix for old FreeBSD.

	Fixes for old Debian

	Fixes for old Scientific/RHEL

	Socat failed to build on platforms without flock() function (AIX,
	Solaris) due to a missing guard.

	Newer Linux distributions do not provide libwrap: do not leave unused
	variable.

	Newer Linux distributions deprecate usleep, replace it.

	OpenSSL-3 loudly deprecates some functions or macros, replace a first
	bunch of them.

	Fixes for FreeBSD-15 (DCCP)

	Fix for compiling on Solaris-11

Testing:
	test.sh produces file results.txt with columns of test numbers, names,
	and results.

	Fixed a few testing issues.

	Added test script sock5server-echo.sh for SOCKS5-CONNECT and
	SOCKS5-LISTEN, and appropriate tests.
	SOCKS5 addresses are no longer experimental.
	Tests: SOCKS5CONNECT_TCP4 SOCKS5LISTEN_TCP4

	Added a developer test that overwrites malloc'ed memory with non-zeros.

	Newer Linux distributions now deprecate usleep; replaced it in test.sh

	UDPLITE4STREAM was trice, changed one of them to UDPLITE6STREAM.

	Catch problems caused by ISPs that filter *.dest-unreach.net records.

Documentation:
	Removed obsolete CHANGES.ISO-8859-1 file.

	Corrected lots of misspelling and typos.
	Thanks to Mario de Weerd for reporting these issues.

	Improved README file.

	Better explained benefit of UDP-DATAGRAM address type.

####################### V 1.8.0.2:

Security:
	Socat security advisory 9
	CVE-2024-54661: Arbitrary file overwrite
	Socat 1.6.0.0 through 1.8.0.1 and version 2 distributions contain a
	wrapper script "readline.sh" that uses a predictable temporary
	directory, allowing unprivileged users to overwrite arbitrary files
	belonging to the scripts caller.
	This is fixed in Version 1.8.0.2
	Mitigating factors: readline.sh is usually neither installed in a bin
	directory nor is it documented. Major Linux distributions install it in
	examples/ or doc/; however it is invoked by test.sh script.
	Thanks to Wolfgang Frisch from SuSE for finding and reporting this
	issue.
	Test: READLINE_SH_OVERWRITE

####################### V 1.8.0.1:

Corrections:
	When no IP version was preferred by environment, option -4/-6, or
	address option pf, Socat version 1.8.0.0 address TCP-LISTEN did not
	accept TCP4 connections under BSD family operating systems, but only
	TCP6. To regain previous behaviour, preferring IP version 4 is now the
	default. This also fixes some other issues with bind and range options.
	Thanks to Mike Andrews for reporting this issue.
	Tests: LISTEN_4 LISTEN_6  V1800_*_RANGE  V1800_*_BIND

	Added Socat option -0 to allow version 1.8.0.0 behaviour (no preferred
	IP version).

	UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
	address in case the server name resolves to both IPv4 and IPv6
	addresses.
	Tests: V1800_*_SENDTO_RESOLV_6_4

	Guard applyopts_termios_value() with WITH_TERMIOS.
	Thanks to Kush Upadhyay from Amazon Bottlerocket team for providing the
	patch.

	In some situations xioclose() was called nested what could cause hanging
	of OpenSSL in pthread_rwlock_wrlock()

	socat 1.8.0.0 with addresses of type RECVFROM and option fork, where
	the second address failed to connect/open in the child process, entered
	a fork loop that was only stopped by FD exhaustion caused by FD leak.
	Test: RECVFROM_FORK_LOOP

	socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
	Test: RECVFROM_FORK_LEAK

	With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
	did not work.
	Thanks to Linus Luessing for reporting this bug.

	IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
	argument) failed with message:
	E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
	Test: IP_SENDTO_PF

	Fixed a possible buffer overrun with long log lines. In fact it does
	not write beyond end of buffer but lets pass excessive data to the
	write() function.
	Thanks to Heinrich Schuchardt from Canonical for reporting and sending
	a patch.

	Reworked domain name resolution, centralized IPv4/IPv6 sorting.

	Print warning about not checking CRLs in OpenSSL only in the first
	child process.

	Fixed preprocessor directives in macro invocation.
	Thanks to Mario de Weerd for reporting this issue.

Features:
	Total inactivity timeout option -T 0 now means 0.0 seconds; up to
	version 1.8.0.0 it meant no total inactivity timeout.

	Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
	older Socat versions.

	socat-mux.sh and socat-broker.sh, when run as root, now internally use
	low (512..1023) UDP ports to increase security.

	Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)

	Socks5 now also allows syntax without socks port, and supports option
	socksport.

Porting:
	Changes for building and testing on NetBSD

	New Linux distributions dislike egrep, fgrep

	When NETDB_INTERNAL is not available it should be set to -1.
	Thanks to Baruch Siach for sending a patch.

	On OpenSolaris/Illumos, isastream() is declared only in stropts.h, not
	in sys/stropts.h
	Thanks to Andy Fiddaman for sending a patch.

	On latest Illumos, compilation failed due to new unexpected SO_PROTOCOL
	implementation.
	Thanks to Andy Fiddaman for sending a patch.

Building:
	Makefile.in: procan.o build requires srcdir prefix for explicit source
	file.
	Thanks to Hongxu Jia and Andrew Schoolman for providing patches.

	Makefile.in: the CC define for procan.o build failed when CC had more
	than one word.
	Thanks to Hongxu Jia for providing an inital patch.

Testing:
	Added the optional DEVTESTS feature for developer tests with controlled
	name resolution to both IPv4 and IPV6 addresses: configure Socat with
	--enable-devtests, this provides internal resolution of domain
	dest-unreach.net with host names: localhost-4, localhost-6,
	localhost-4-6, and localhost-6-4

	test.sh: lots of corrections and improvements

	test.sh: many hardcoded sleep values were replaced by much shorter
	values tuned to performance of the platform.

	test.sh -D for output of platform/system specific defines (variables)

	test.sh: fixed ss determination; more DEFS
	
Documentation:
	Fixed a lot of typos.
	Thanks to Solomon Victorino for sending the patch.

FEDORA-2025-0d54679581 (socat-1.8.0.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-0d54679581

FEDORA-2025-0d54679581 (socat-1.8.0.3-1.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.

FEDORA-2025-33885cfff8 (socat-1.8.0.3-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-33885cfff8

FEDORA-2025-4f0d6d3522 (socat-1.8.0.3-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-4f0d6d3522

FEDORA-2025-33885cfff8 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-33885cfff8`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-33885cfff8

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2025-4f0d6d3522 has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4f0d6d3522`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4f0d6d3522

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2025-33885cfff8 (socat-1.8.0.3-1.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.

FEDORA-2025-4f0d6d3522 (socat-1.8.0.3-1.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.