Changelog
netcat-openbsd (1.218-5) unstable; urgency=low
[ Dirk Jagdmann ]
* Add support for abstract namespace sockets in the AF_UNIX family.
[ Guilhem Moulin ]
* d/t/client-server: Add a simple test for sockets in the AF_UNIX family,
including those in the abstract namespace on Linux. We were only checking
sockets in the AF_INET family before.
* d/p/abstract-unix-domain-socket.patch: Some fixes and improvements upon
Dirk's patch.
* d/checks: Ensure sockets in the AF_UNIX family are usable up to the
sizeof(sun_path) limit, and rejected with ENAMETOOLONG when they exceed it.
* d/checks: Add tests for abstract namespace sockets in the AF_UNIX family,
incl. for source datagram UNIX domain sockets.
* d/p/abstract-unix-domain-socket.patch: Always reject the empty pathname
sockets, which on Linux was read as the NUL abstract socket before. The
empty abstract socket is still allowed however, and is specified as "@".
* d/p/misc-failures-and-features.patch: Remove double warning in
unix_connect().
* d/p/misc-failures-and-features.patch: Remove leftover union{}, obsolete
since 1.190-1.
* d/p/misc-failures-and-features.patch: Factor out Makefile changes to
d/p/port-to-linux-with-libbsd.patch.
* d/p/misc-failures-and-features.patch: Remove redundant errx() call in
unix_connect().
* d/p/misc-failures-and-features.patch: Improve error message for UNIX-domain
datagram sockets.
* d/checks: Use '--' marker to avoid breakage on socket pathnames starting
with '-'.
* d/checks/netcat: Set LC_ALL=C.
* Add d/NEWS entry mentioning abstract sockets support and its implications.
* d/p/*: Consolidate usage of '#if defined(FOO)' vs. '#ifdef FOO'.
* d/p/build-without-TLS-support.patch: Rename '-DTLS' to the less generic
'-DHAVE_TLS'.
* d/p/port-to-linux-with-libbsd.patch: Use automatic Makefile variables.
* d/checks/02-connect: Check default temporary socket name for datagram
sockets.
* d/tests/client-server: Check that the socket path is left behind.
* Rather than using mkstemp(3) to create unique names for default source
datagram UNIX domain sockets, use mkdtemp(3) to create a new empty
directory (with mode 0700) and use it to store a fixed socket name. This
fixes a file descriptor leak and a race condition where a new file would be
created by an attacker between the unlink(2) and bind(2) calls. We don't
use an abstract socket here since it would open a race condition with the
possibility for a local attacker to inject fake server responses.
* d/p/*: Minor formatting fixes.
* d/p/*: Improve Subject: lines.
* d/copyright: Update copyright years.
-- Guilhem Moulin <email address hidden> Fri, 11 Mar 2022 21:54:15 +0100