diff -Nru netcat-openbsd-1.206/debian/changelog netcat-openbsd-1.217/debian/changelog --- netcat-openbsd-1.206/debian/changelog 2020-03-09 18:50:15.000000000 +0000 +++ netcat-openbsd-1.217/debian/changelog 2020-06-09 20:21:58.000000000 +0000 @@ -1,3 +1,44 @@ +netcat-openbsd (1.217-2ubuntu1) groovy; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Move the netcat transitional package here and have it depend on the + peferred netcat-openbsd implementation of netcat, not + netcat-traditional. + + -- Steve Langasek Tue, 09 Jun 2020 13:21:58 -0700 + +netcat-openbsd (1.217-2) unstable; urgency=low + + * d/patches: Make getnameinfo(3) errors non-fatal in report_sock(): + report_sock() is used to show the peer's address/name and port when the + '-v' flag is set. Reverse resolution errors need not be fatal. + (Closes: #961378) + + -- Guilhem Moulin Fri, 05 Jun 2020 03:16:35 +0200 + +netcat-openbsd (1.217-1) unstable; urgency=medium + + * d/control: + + Set debhelper-compat version in Build-Depends. + + Remove quilt from Build-Depends. + + Bump Standards-Version to 4.5.0 (no changes necessary). + + Set 'Rules-Requires-Root: no'. + + Bump debhelper compatibility level to 13. + * d/netcat-openbsd.{postinst,prerm}: set -e in the scripts themselves not on + the shebang line. + * Add lintian override for + I: manpage-without-executable usr/share/man/man1/nc_openbsd.1.gz + * d/copyright: Set fields Upstream-Name. + * d/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch: Fix TCP + MD5 signature support. The feature now requires the TCP_MD5SIG_EXT socket + option, available since Linux 4.13. Thanks to Thomas Habet for report and + patch. (Closes: #954934) + * d/patches/quit-timer.patch: Make -q0 quit immediately also with UDP + sockets. Many thanks to Duncan Roe for the help in debugging this. + (Closes: #817050) + + -- Guilhem Moulin Sat, 23 May 2020 02:04:39 +0200 + netcat-openbsd (1.206-1ubuntu1) focal; urgency=medium * Move the netcat transitional package here and have it depend on the @@ -284,3 +325,4 @@ back to numeric parsing, so no escaping is needed. -- Decklin Foster Mon, 21 Jan 2008 18:41:37 -0500 + diff -Nru netcat-openbsd-1.206/debian/compat netcat-openbsd-1.217/debian/compat --- netcat-openbsd-1.206/debian/compat 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -12 diff -Nru netcat-openbsd-1.206/debian/control netcat-openbsd-1.217/debian/control --- netcat-openbsd-1.206/debian/control 2020-03-09 18:50:15.000000000 +0000 +++ netcat-openbsd-1.217/debian/control 2020-06-05 03:14:00.000000000 +0000 @@ -4,8 +4,9 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Aron Xu Uploaders: Guilhem Moulin -Standards-Version: 4.4.1 -Build-Depends: debhelper (>= 12~), libbsd-dev, pkg-config, quilt +Standards-Version: 4.5.0 +Rules-Requires-Root: no +Build-Depends: debhelper-compat (= 13), libbsd-dev, pkg-config Vcs-Git: https://salsa.debian.org/debian/netcat-openbsd.git Vcs-Browser: https://salsa.debian.org/debian/netcat-openbsd diff -Nru netcat-openbsd-1.206/debian/copyright netcat-openbsd-1.217/debian/copyright --- netcat-openbsd-1.206/debian/copyright 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/copyright 2020-06-05 03:14:00.000000000 +0000 @@ -1,5 +1,6 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Source: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/nc/ +Upstream-Name: netcat Files: netcat.c Copyright: 2001 Eric Jackson diff -Nru netcat-openbsd-1.206/debian/netcat-openbsd.lintian-overrides netcat-openbsd-1.217/debian/netcat-openbsd.lintian-overrides --- netcat-openbsd-1.206/debian/netcat-openbsd.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ netcat-openbsd-1.217/debian/netcat-openbsd.lintian-overrides 2020-06-05 01:16:35.000000000 +0000 @@ -0,0 +1,2 @@ +# this is the manual for nc(1) +manpage-without-executable usr/share/man/man1/nc_openbsd.1.gz diff -Nru netcat-openbsd-1.206/debian/netcat-openbsd.postinst netcat-openbsd-1.217/debian/netcat-openbsd.postinst --- netcat-openbsd-1.206/debian/netcat-openbsd.postinst 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/netcat-openbsd.postinst 2020-06-05 03:14:00.000000000 +0000 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e if [ "$1" = "configure" ]; then update-alternatives \ diff -Nru netcat-openbsd-1.206/debian/netcat-openbsd.prerm netcat-openbsd-1.217/debian/netcat-openbsd.prerm --- netcat-openbsd-1.206/debian/netcat-openbsd.prerm 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/netcat-openbsd.prerm 2020-06-05 03:14:00.000000000 +0000 @@ -1,4 +1,6 @@ -#!/bin/sh -e +#!/bin/sh + +set -e if [ "$1" = "remove" ]; then update-alternatives --remove nc /bin/nc.openbsd diff -Nru netcat-openbsd-1.206/debian/patches/broadcast-support.patch netcat-openbsd-1.217/debian/patches/broadcast-support.patch --- netcat-openbsd-1.206/debian/patches/broadcast-support.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/broadcast-support.patch 2020-06-05 03:14:00.000000000 +0000 @@ -37,7 +37,7 @@ int dflag; /* detached, no stdin */ int Fflag; /* fdpass sock to stdout */ unsigned int iflag; /* Interval Flag */ -@@ -263,9 +264,9 @@ main(int argc, char *argv[]) +@@ -264,9 +265,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, # if defined(TLS) @@ -49,7 +49,7 @@ # endif != -1) { switch (ch) { -@@ -275,6 +276,13 @@ main(int argc, char *argv[]) +@@ -276,6 +277,13 @@ main(int argc, char *argv[]) case '6': family = AF_INET6; break; @@ -63,7 +63,7 @@ case 'U': family = AF_UNIX; break; -@@ -1853,6 +1861,15 @@ set_common_sockopts(int s, int af) +@@ -1902,6 +1910,15 @@ set_common_sockopts(int s, int af) { int x = 1; @@ -79,7 +79,7 @@ # if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, -@@ -2128,6 +2145,7 @@ help(void) +@@ -2180,6 +2197,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ diff -Nru netcat-openbsd-1.206/debian/patches/build-without-TLS-support.patch netcat-openbsd-1.217/debian/patches/build-without-TLS-support.patch --- netcat-openbsd-1.206/debian/patches/build-without-TLS-support.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/build-without-TLS-support.patch 2020-06-05 03:14:00.000000000 +0000 @@ -8,8 +8,8 @@ --- Makefile | 2 nc.1 | 114 ++--------------------------------------- - netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 3 files changed, 153 insertions(+), 135 deletions(-) + netcat.c | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 3 files changed, 154 insertions(+), 136 deletions(-) --- a/Makefile +++ b/Makefile @@ -43,7 +43,7 @@ .Op Fl P Ar proxy_username .Op Fl p Ar source_port -.Op Fl R Ar CAfile - .Op Fl s Ar source + .Op Fl s Ar sourceaddr .Op Fl T Ar keyword .Op Fl V Ar rtable @@ -54,7 +48,6 @@ @@ -115,8 +115,8 @@ .It Fl k When a connection is completed, listen for another one. Requires -@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on - hostnames or ports. +@@ -196,15 +154,6 @@ Do not perform domain name resolution. + If a name cannot be resolved without DNS, an error will be reported. .It Fl O Ar length Specify the size of the TCP send buffer. -.It Fl o Ar staplefile @@ -145,7 +145,7 @@ .It Fl r Choose source and/or destination ports randomly instead of sequentially within a range or in the order that the system -@@ -239,35 +181,7 @@ Cannot be used together with +@@ -238,35 +180,7 @@ Cannot be used together with or .Fl x . .It Fl T Ar keyword @@ -182,7 +182,7 @@ .Ar keyword may be one of .Cm critical , -@@ -291,13 +205,13 @@ to script telnet sessions. +@@ -290,13 +204,13 @@ to script telnet sessions. Use .Ux Ns -domain sockets. @@ -200,7 +200,7 @@ .Fl x . For .Ux Ns -domain -@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig +@@ -359,12 +273,6 @@ An IPv6 address can be specified unambig in square brackets. A proxy cannot be used with any of the options .Fl lsuU . @@ -213,7 +213,7 @@ .It Fl z Only scan for listening daemons, without sending any data to them. Cannot be used together with -@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec +@@ -518,16 +426,6 @@ the source port, with a timeout of 5 sec .Pp .Dl $ nc -p 31337 -w 5 host.example.com 42 .Pp @@ -286,7 +286,7 @@ +void readwrite(int); +# endif void fdpass(int nfd) __attribute__((noreturn)); - int remote_connect(const char *, const char *, struct addrinfo); + int remote_connect(const char *, const char *, struct addrinfo, char *); +# if defined(TLS) int timeout_tls(int, struct tls *, int (*)(struct tls *)); +# endif @@ -318,7 +318,7 @@ int main(int argc, char *argv[]) -@@ -206,8 +227,10 @@ main(int argc, char *argv[]) +@@ -207,8 +228,10 @@ main(int argc, char *argv[]) const char *errstr; struct addrinfo proxyhints; char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; @@ -329,7 +329,7 @@ uint32_t protocols; ret = 1; -@@ -215,12 +238,18 @@ main(int argc, char *argv[]) +@@ -216,12 +239,18 @@ main(int argc, char *argv[]) host = NULL; uport = NULL; sv = NULL; @@ -348,7 +348,7 @@ != -1) { switch (ch) { case '4': -@@ -242,24 +271,30 @@ main(int argc, char *argv[]) +@@ -243,24 +272,30 @@ main(int argc, char *argv[]) else errx(1, "unsupported proxy protocol"); break; @@ -379,7 +379,7 @@ case 'h': help(); break; -@@ -268,9 +303,11 @@ main(int argc, char *argv[]) +@@ -269,9 +304,11 @@ main(int argc, char *argv[]) if (errstr) errx(1, "interval %s: %s", errstr, optarg); break; @@ -391,7 +391,7 @@ case 'k': kflag = 1; break; -@@ -299,10 +336,12 @@ main(int argc, char *argv[]) +@@ -300,10 +337,12 @@ main(int argc, char *argv[]) case 'p': pflag = optarg; break; @@ -404,7 +404,7 @@ case 'r': rflag = 1; break; -@@ -344,12 +383,14 @@ main(int argc, char *argv[]) +@@ -345,12 +384,14 @@ main(int argc, char *argv[]) if ((proxy = strdup(optarg)) == NULL) err(1, NULL); break; @@ -419,7 +419,7 @@ case 'z': zflag = 1; break; -@@ -368,9 +409,11 @@ main(int argc, char *argv[]) +@@ -369,9 +410,11 @@ main(int argc, char *argv[]) errx(1, "TCP send window %s: %s", errstr, optarg); break; @@ -431,7 +431,7 @@ case 'S': # if defined(TCP_MD5SIG) Sflag = 1; -@@ -381,8 +424,10 @@ main(int argc, char *argv[]) +@@ -382,8 +425,10 @@ main(int argc, char *argv[]) case 'T': errstr = NULL; errno = 0; @@ -442,7 +442,7 @@ if (process_tos_opt(optarg, &Tflag)) break; if (strlen(optarg) > 1 && optarg[0] == '0' && -@@ -392,7 +437,11 @@ main(int argc, char *argv[]) +@@ -393,7 +438,11 @@ main(int argc, char *argv[]) Tflag = (int)strtonum(optarg, 0, 255, &errstr); if (Tflag < 0 || Tflag > 255 || errstr || errno) @@ -454,7 +454,7 @@ break; default: usage(1); -@@ -429,6 +478,7 @@ main(int argc, char *argv[]) +@@ -426,6 +475,7 @@ main(int argc, char *argv[]) } else usage(1); @@ -462,7 +462,7 @@ if (usetls) { if (Cflag && unveil(Cflag, "r") == -1) err(1, "unveil"); -@@ -452,15 +502,19 @@ main(int argc, char *argv[]) +@@ -460,15 +510,19 @@ main(int argc, char *argv[]) err(1, "unveil"); } } @@ -482,7 +482,7 @@ if (Fflag && usetls) errx(1, "cannot use -c and -F"); if (TLSopt && !usetls) -@@ -479,6 +533,7 @@ main(int argc, char *argv[]) +@@ -487,6 +541,7 @@ main(int argc, char *argv[]) errx(1, "you must specify -c to use -H"); if (tls_expectname && !usetls) errx(1, "you must specify -c to use -e"); @@ -490,7 +490,7 @@ /* Get name of temporary socket for unix datagram client */ if ((family == AF_UNIX) && uflag && !lflag) { -@@ -545,6 +600,7 @@ main(int argc, char *argv[]) +@@ -553,6 +608,7 @@ main(int argc, char *argv[]) proxyhints.ai_flags |= AI_NUMERICHOST; } @@ -498,7 +498,7 @@ if (usetls) { if ((tls_cfg = tls_config_new()) == NULL) errx(1, "unable to allocate TLS config"); -@@ -580,7 +636,8 @@ main(int argc, char *argv[]) +@@ -588,7 +644,8 @@ main(int argc, char *argv[]) err(1, "pledge"); } else if (pledge("stdio inet dns", NULL) == -1) err(1, "pledge"); @@ -508,7 +508,7 @@ if (lflag) { ret = 0; -@@ -591,6 +648,7 @@ main(int argc, char *argv[]) +@@ -599,6 +656,7 @@ main(int argc, char *argv[]) s = unix_listen(host); } @@ -516,7 +516,7 @@ if (usetls) { tls_config_verify_client_optional(tls_cfg); if ((tls_ctx = tls_server()) == NULL) -@@ -599,6 +657,7 @@ main(int argc, char *argv[]) +@@ -607,6 +665,7 @@ main(int argc, char *argv[]) errx(1, "tls configuration failed (%s)", tls_error(tls_ctx)); } @@ -524,7 +524,7 @@ /* Allow only one connection at a time, but stay alive. */ for (;;) { if (family != AF_UNIX) { -@@ -614,7 +673,11 @@ main(int argc, char *argv[]) +@@ -622,7 +681,11 @@ main(int argc, char *argv[]) * let it receive datagrams from multiple * socket pairs. */ @@ -536,9 +536,9 @@ } else if (uflag && !kflag) { /* * For UDP and not -k, we will use recvfrom() -@@ -639,9 +702,14 @@ main(int argc, char *argv[]) - report_sock("Connection received", - (struct sockaddr *)&z, len, NULL); +@@ -648,9 +711,14 @@ main(int argc, char *argv[]) + (struct sockaddr *)&z, len, + family == AF_UNIX ? host : NULL); +# if defined(TLS) readwrite(s, NULL); @@ -551,7 +551,7 @@ int connfd; len = sizeof(cliaddr); -@@ -655,6 +723,7 @@ main(int argc, char *argv[]) +@@ -664,6 +732,7 @@ main(int argc, char *argv[]) report_sock("Connection received", (struct sockaddr *)&cliaddr, len, family == AF_UNIX ? host : NULL); @@ -559,7 +559,7 @@ if ((usetls) && (tls_cctx = tls_setup_server(tls_ctx, connfd, host))) readwrite(connfd, tls_cctx); -@@ -664,6 +733,10 @@ main(int argc, char *argv[]) +@@ -673,6 +742,10 @@ main(int argc, char *argv[]) timeout_tls(s, tls_cctx, tls_close); close(connfd); tls_free(tls_cctx); @@ -570,7 +570,7 @@ } if (family == AF_UNIX && uflag) { if (connect(s, NULL, 0) == -1) -@@ -678,7 +751,11 @@ main(int argc, char *argv[]) +@@ -687,7 +760,11 @@ main(int argc, char *argv[]) if ((s = unix_connect(host)) > 0) { if (!zflag) @@ -582,7 +582,7 @@ close(s); } else { warn("%s", host); -@@ -699,6 +776,7 @@ main(int argc, char *argv[]) +@@ -708,6 +785,7 @@ main(int argc, char *argv[]) for (s = -1, i = 0; portlist[i] != NULL; i++) { if (s != -1) close(s); @@ -590,7 +590,7 @@ tls_free(tls_ctx); tls_ctx = NULL; -@@ -709,6 +787,7 @@ main(int argc, char *argv[]) +@@ -718,6 +796,7 @@ main(int argc, char *argv[]) errx(1, "tls configuration failed (%s)", tls_error(tls_ctx)); } @@ -598,7 +598,7 @@ if (xflag) s = socks_connect(host, portlist[i], hints, proxy, proxyport, proxyhints, socksv, -@@ -746,6 +825,7 @@ main(int argc, char *argv[]) +@@ -764,6 +843,7 @@ main(int argc, char *argv[]) } if (Fflag) fdpass(s); @@ -606,7 +606,7 @@ else { if (usetls) tls_setup_client(tls_ctx, s, host); -@@ -754,13 +834,19 @@ main(int argc, char *argv[]) +@@ -772,13 +852,19 @@ main(int argc, char *argv[]) if (tls_ctx) timeout_tls(s, tls_ctx, tls_close); } @@ -626,7 +626,7 @@ return ret; } -@@ -802,6 +888,7 @@ unix_bind(char *path, int flags) +@@ -820,6 +906,7 @@ unix_bind(char *path, int flags) return s; } @@ -634,7 +634,7 @@ int timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *)) { -@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in +@@ -907,6 +994,7 @@ tls_setup_server(struct tls *tls_ctx, in } return NULL; } @@ -642,7 +642,7 @@ /* * unix_connect() -@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha +@@ -1154,7 +1242,11 @@ local_listen(const char *host, const cha * Loop that polls on the network file descriptor and stdin. */ void @@ -654,7 +654,7 @@ { struct pollfd pfd[4]; int stdin_fd = STDIN_FILENO; -@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct +@@ -1254,12 +1346,17 @@ readwrite(int net_fd, struct tls *tls_ct /* try to read from stdin */ if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) { ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf, @@ -673,7 +673,7 @@ pfd[POLL_STDIN].fd = -1; /* read something - poll net out */ if (stdinbufpos > 0) -@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct +@@ -1271,12 +1368,17 @@ readwrite(int net_fd, struct tls *tls_ct /* try to write to network */ if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) { ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf, @@ -692,7 +692,7 @@ pfd[POLL_NETOUT].fd = -1; /* buffer empty - remove self from polling */ if (stdinbufpos == 0) -@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct +@@ -1288,12 +1390,17 @@ readwrite(int net_fd, struct tls *tls_ct /* try to read from network */ if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) { ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf, @@ -711,7 +711,7 @@ pfd[POLL_NETIN].fd = -1; /* eof on net in - remove from pfd */ if (ret == 0) { -@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct +@@ -1320,12 +1427,17 @@ readwrite(int net_fd, struct tls *tls_ct /* try to write to stdout */ if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) { ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf, @@ -730,7 +730,7 @@ pfd[POLL_STDOUT].fd = -1; /* buffer empty - remove self from polling */ if (netinbufpos == 0) -@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct +@@ -1349,21 +1461,31 @@ readwrite(int net_fd, struct tls *tls_ct } ssize_t @@ -762,7 +762,7 @@ if (n <= 0) return n; /* adjust buffer */ -@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz +@@ -1375,21 +1497,31 @@ drainbuf(int fd, unsigned char *buf, siz } ssize_t @@ -794,7 +794,7 @@ if (n <= 0) return n; *bufpos += n; -@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val) +@@ -1707,6 +1839,7 @@ process_tos_opt(char *s, int *val) return 0; } @@ -802,7 +802,7 @@ int process_tls_opt(char *s, int *flags) { -@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char * +@@ -1820,6 +1953,7 @@ report_tls(struct tls * tls_ctx, char * } } @@ -810,7 +810,7 @@ void report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, -@@ -1817,17 +1951,12 @@ help(void) +@@ -1861,17 +1995,12 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ @@ -828,7 +828,7 @@ \t-k Keep inbound sockets open for multiple connects\n\ \t-l Listen mode, for inbound connects\n\ \t-M ttl Outgoing TTL / Hop Limit\n\ -@@ -1835,14 +1964,12 @@ help(void) +@@ -1879,14 +2008,12 @@ help(void) \t-N Shutdown the network socket after EOF on stdin\n\ \t-n Suppress name/port resolutions\n\ \t-O length TCP send buffer length\n\ @@ -838,13 +838,13 @@ - \t-R CAfile CA bundle\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ + \t-s sourceaddr Local source address\n\ - \t-T keyword TOS value or TLS options\n\ + \t-T keyword TOS value\n\ \t-t Answer TELNET negotiation\n\ \t-U Use UNIX domain socket\n\ \t-u UDP mode\n\ -@@ -1852,7 +1979,6 @@ help(void) +@@ -1896,7 +2023,6 @@ help(void) \t-w timeout Timeout for connects and final net reads\n\ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ \t-x addr[:port]\tSpecify proxy address and port\n\ @@ -852,7 +852,7 @@ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); exit(0); -@@ -1862,15 +1988,11 @@ void +@@ -1906,15 +2032,11 @@ void usage(int ret) { fprintf(stderr, @@ -863,10 +863,11 @@ - "[-R CAfile]\n" + "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "\t [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] " "[-w timeout]\n" - "\t [-X proxy_protocol] [-x proxy_address[:port]] " +- "\t [-X proxy_protocol] [-x proxy_address[:port]] " - "[-Z peercertfile]\n" ++ "\t [-X proxy_protocol] [-x proxy_address[:port]]\n" "\t [destination] [port]\n"); if (ret) exit(1); diff -Nru netcat-openbsd-1.206/debian/patches/connect-timeout.patch netcat-openbsd-1.217/debian/patches/connect-timeout.patch --- netcat-openbsd-1.206/debian/patches/connect-timeout.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/connect-timeout.patch 2020-06-05 03:14:00.000000000 +0000 @@ -3,8 +3,8 @@ Subject: connect timeout --- - netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 76 insertions(+), 2 deletions(-) + netcat.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 79 insertions(+), 5 deletions(-) --- a/netcat.c +++ b/netcat.c @@ -37,24 +37,34 @@ int main(int argc, char *argv[]) { -@@ -1079,11 +1087,14 @@ remote_connect(const char *host, const c - - set_common_sockopts(s, res->ai_family); +@@ -1112,18 +1120,21 @@ remote_connect(const char *host, const c + } + } - if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) -+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) ++ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, ++ timeout)) == CONNECTION_SUCCESS) break; -- if (vflag) -+ if (vflag && error == CONNECTION_FAILED) - warn("connect to %s port %s (%s) failed", host, port, - uflag ? "udp" : "tcp"); -+ else if (vflag && error == CONNECTION_TIMEOUT) -+ warn("connect to %s port %s (%s) timed out", host, port, -+ uflag ? "udp" : "tcp"); + + if (vflag) { + /* only print IP if there is something to report */ + if (nflag || ipaddr == NULL || + (strncmp(host, ipaddr, NI_MAXHOST) == 0)) +- warn("connect to %s port %s (%s) failed", host, +- port, uflag ? "udp" : "tcp"); ++ warn("connect to %s port %s (%s) %s", host, ++ port, uflag ? "udp" : "tcp", ++ error == CONNECTION_TIMEOUT ? "timed out" : "failed"); + else +- warn("connect to %s (%s) port %s (%s) failed", +- host, ipaddr, port, uflag ? "udp" : "tcp"); ++ warn("connect to %s (%s) port %s (%s) %s", ++ host, ipaddr, port, uflag ? "udp" : "tcp", ++ error == CONNECTION_TIMEOUT ? "timed out" : "failed"); + } save_errno = errno; - close(s); -@@ -1124,6 +1135,69 @@ timeout_connect(int s, const struct sock +@@ -1165,6 +1176,69 @@ timeout_connect(int s, const struct sock return ret; } diff -Nru netcat-openbsd-1.206/debian/patches/dccp-support.patch netcat-openbsd-1.217/debian/patches/dccp-support.patch --- netcat-openbsd-1.206/debian/patches/dccp-support.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/dccp-support.patch 2020-06-05 03:14:00.000000000 +0000 @@ -4,8 +4,8 @@ --- nc.1 | 4 ++ - netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 2 files changed, 79 insertions(+), 14 deletions(-) + netcat.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--------- + 2 files changed, 79 insertions(+), 13 deletions(-) --- a/nc.1 +++ b/nc.1 @@ -18,7 +18,7 @@ .Op Fl I Ar length .Op Fl i Ar interval .Op Fl M Ar ttl -@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig +@@ -288,6 +288,8 @@ An IPv6 address can be specified unambig in square brackets. A proxy cannot be used with any of the options .Fl lsuU . @@ -45,7 +45,7 @@ static int connect_with_timeout(int fd, const struct sockaddr *sa, socklen_t salen, int ctimeout); -@@ -263,7 +265,7 @@ main(int argc, char *argv[]) +@@ -264,7 +266,7 @@ main(int argc, char *argv[]) # if defined(TLS) "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) # else @@ -54,7 +54,7 @@ # endif != -1) { switch (ch) { -@@ -380,6 +382,13 @@ main(int argc, char *argv[]) +@@ -381,6 +383,13 @@ main(int argc, char *argv[]) case 'u': uflag = 1; break; @@ -68,18 +68,18 @@ case 'V': # if defined(RT_TABLEID_MAX) rtableid = (int)strtonum(optarg, 0, -@@ -484,6 +493,10 @@ main(int argc, char *argv[]) +@@ -485,6 +494,10 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ - if (argv[0] && !argv[1] && family == AF_UNIX) { + if (argc == 1 && family == AF_UNIX) { +# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) + if (dccpflag) + errx(1, "cannot use -Z and -U"); +# endif host = argv[0]; - uport = NULL; - } else if (!argv[0] && lflag) { -@@ -578,8 +591,20 @@ main(int argc, char *argv[]) + } else if (argc == 0 && lflag) { + if (sflag) +@@ -586,8 +599,20 @@ main(int argc, char *argv[]) if (family != AF_UNIX) { memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = family; @@ -102,7 +102,7 @@ if (nflag) hints.ai_flags |= AI_NUMERICHOST; } -@@ -587,7 +612,10 @@ main(int argc, char *argv[]) +@@ -595,7 +620,10 @@ main(int argc, char *argv[]) if (xflag) { if (uflag) errx(1, "no proxy support for UDP mode"); @@ -114,7 +114,7 @@ if (lflag) errx(1, "no proxy support for listen"); -@@ -834,19 +862,20 @@ main(int argc, char *argv[]) +@@ -844,13 +872,14 @@ main(int argc, char *argv[]) } } @@ -129,15 +129,17 @@ + proto); } - fprintf(stderr, - "Connection to %s %s port [%s/%s] " - "succeeded!\n", host, portlist[i], -- uflag ? "udp" : "tcp", -+ proto, + fprintf(stderr, "Connection to %s", host); +@@ -864,7 +893,7 @@ main(int argc, char *argv[]) + fprintf(stderr, " (%s)", ipaddr); + + fprintf(stderr, " %s port [%s/%s] succeeded!\n", +- portlist[i], uflag ? "udp" : "tcp", ++ portlist[i], proto, sv ? sv->s_name : "*"); } if (Fflag) -@@ -1061,6 +1090,24 @@ unix_listen(char *path) +@@ -1080,6 +1109,24 @@ unix_listen(char *path) return s; } @@ -162,7 +164,7 @@ /* * remote_connect() * Returns a socket connected to a remote host. Properly binds to a local -@@ -1091,8 +1138,21 @@ remote_connect(const char *host, const c +@@ -1111,8 +1158,21 @@ remote_connect(const char *host, const c # endif memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res->ai_family; @@ -186,27 +188,28 @@ ahints.ai_flags = AI_PASSIVE; if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) errx(1, "getaddrinfo: %s", gai_strerror(error)); -@@ -1104,15 +1164,16 @@ remote_connect(const char *host, const c - } +@@ -1142,16 +1202,18 @@ remote_connect(const char *host, const c + timeout)) == CONNECTION_SUCCESS) + break; - set_common_sockopts(s, res->ai_family); + char *proto = proto_name(uflag, dccpflag); ++ + if (vflag) { + /* only print IP if there is something to report */ + if (nflag || ipaddr == NULL || + (strncmp(host, ipaddr, NI_MAXHOST) == 0)) + warn("connect to %s port %s (%s) %s", host, +- port, uflag ? "udp" : "tcp", ++ port, proto, + error == CONNECTION_TIMEOUT ? "timed out" : "failed"); + else + warn("connect to %s (%s) port %s (%s) %s", +- host, ipaddr, port, uflag ? "udp" : "tcp", ++ host, ipaddr, port, proto, + error == CONNECTION_TIMEOUT ? "timed out" : "failed"); + } - if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) - break; - if (vflag && error == CONNECTION_FAILED) - warn("connect to %s port %s (%s) failed", host, port, -- uflag ? "udp" : "tcp"); -- else if (vflag && error == CONNECTION_TIMEOUT) -+ proto); -+ else if (vflag && error == CONNECTION_TIMEOUT) - warn("connect to %s port %s (%s) timed out", host, port, -- uflag ? "udp" : "tcp"); -+ proto); - - save_errno = errno; - close(s); -@@ -1716,7 +1777,8 @@ build_ports(char *p) +@@ -1764,7 +1826,8 @@ build_ports(char *p) int hi, lo, cp; int x = 0; @@ -216,7 +219,7 @@ if (sv) { if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) err(1, "asprintf"); -@@ -2096,6 +2158,7 @@ help(void) +@@ -2147,6 +2210,7 @@ help(void) \t-w timeout Timeout for connects and final net reads\n\ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ \t-x addr[:port]\tSpecify proxy address and port\n\ @@ -224,12 +227,12 @@ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); exit(0); -@@ -2105,7 +2168,7 @@ void +@@ -2156,7 +2220,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" + "\t [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]\n" + "\t [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]\n" diff -Nru netcat-openbsd-1.206/debian/patches/destination-port-list.patch netcat-openbsd-1.217/debian/patches/destination-port-list.patch --- netcat-openbsd-1.206/debian/patches/destination-port-list.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/destination-port-list.patch 2020-06-05 03:14:00.000000000 +0000 @@ -9,7 +9,7 @@ --- a/nc.1 +++ b/nc.1 -@@ -414,15 +414,35 @@ The +@@ -413,15 +413,35 @@ The flag can be used to tell .Nm to report open ports, @@ -65,24 +65,23 @@ int ch, s = -1, ret, socksv; - char *host, *uport; + char *host, **uport; + char ipaddr[NI_MAXHOST]; struct addrinfo hints; struct servent *sv; - socklen_t len; -@@ -526,11 +526,11 @@ main(int argc, char *argv[]) - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); +@@ -524,10 +524,10 @@ main(int argc, char *argv[]) + if (zflag) + errx(1, "cannot use -z and -l"); + } else if (argc == 1 && lflag) { - uport = argv[0]; + uport = &argv[0]; - host = NULL; - } else if (argv[0] && argv[1]) { + } else if (argc == 2) { host = argv[0]; - uport = argv[1]; + uport = &argv[1]; } else usage(1); -@@ -718,7 +718,7 @@ main(int argc, char *argv[]) +@@ -726,7 +726,7 @@ main(int argc, char *argv[]) else s = unix_listen(host); } else @@ -91,7 +90,7 @@ if (s < 0) err(1, NULL); -@@ -1786,57 +1786,61 @@ strtoport(char *portstr, int udp) +@@ -1835,57 +1835,61 @@ strtoport(char *portstr, int udp) * that we should try to connect to. */ void diff -Nru netcat-openbsd-1.206/debian/patches/get-sev-by-name.patch netcat-openbsd-1.217/debian/patches/get-sev-by-name.patch --- netcat-openbsd-1.206/debian/patches/get-sev-by-name.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/get-sev-by-name.patch 2020-06-05 03:14:00.000000000 +0000 @@ -8,7 +8,7 @@ --- a/netcat.c +++ b/netcat.c -@@ -1680,11 +1680,16 @@ strtoport(char *portstr, int udp) +@@ -1721,11 +1721,16 @@ strtoport(char *portstr, int udp) void build_ports(char *p) { diff -Nru netcat-openbsd-1.206/debian/patches/make-getnameinfo-errors-nonfatal-in-report_sock.patch netcat-openbsd-1.217/debian/patches/make-getnameinfo-errors-nonfatal-in-report_sock.patch --- netcat-openbsd-1.206/debian/patches/make-getnameinfo-errors-nonfatal-in-report_sock.patch 1970-01-01 00:00:00.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/make-getnameinfo-errors-nonfatal-in-report_sock.patch 2020-06-05 01:16:35.000000000 +0000 @@ -0,0 +1,28 @@ +From: Guilhem Moulin +Date: Fri, 05 Jun 2020 03:11:21 +0200 +Subject: Make getnameinfo(3) errors non-fatal in report_sock() + +report_sock() is used to show the peer's address/name and port when the +ā€˜-vā€™ flag is set. Reverse resolution errors need not be fatal. + +Closes: #961378 +--- + netcat.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -2215,9 +2215,11 @@ report_sock(const char *msg, const struc + case 0: + break; + case EAI_SYSTEM: +- err(1, "getnameinfo"); ++ warn("getnameinfo"); ++ return; + default: +- errx(1, "getnameinfo: %s", gai_strerror(herr)); ++ warnx("getnameinfo: %s", gai_strerror(herr)); ++ return; + } + + fprintf(stderr, "%s on %s %s\n", msg, host, port); diff -Nru netcat-openbsd-1.206/debian/patches/misc-failures-and-features.patch netcat-openbsd-1.217/debian/patches/misc-failures-and-features.patch --- netcat-openbsd-1.206/debian/patches/misc-failures-and-features.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/misc-failures-and-features.patch 2020-06-05 03:14:00.000000000 +0000 @@ -22,7 +22,7 @@ LDFLAGS= -Wl,--no-add-needed --- a/nc.1 +++ b/nc.1 -@@ -365,6 +365,54 @@ and which side is being used as a +@@ -364,6 +364,54 @@ and which side is being used as a The connection may be terminated using an .Dv EOF .Pq Sq ^D . @@ -77,7 +77,7 @@ .Sh DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. -@@ -517,6 +565,9 @@ Original implementation by +@@ -516,6 +564,9 @@ Original implementation by .br Rewritten with IPv6 support by .An Eric Jackson Aq Mt ericj@monkey.org . @@ -97,7 +97,7 @@ #include #include #include -@@ -246,7 +247,10 @@ main(int argc, char *argv[]) +@@ -247,7 +248,10 @@ main(int argc, char *argv[]) struct addrinfo hints; struct servent *sv; socklen_t len; @@ -109,7 +109,7 @@ char *proxy = NULL, *proxyport = NULL; const char *errstr; struct addrinfo proxyhints; -@@ -948,6 +952,8 @@ unix_bind(char *path, int flags) +@@ -970,6 +974,8 @@ unix_bind(char *path, int flags) 0)) == -1) return -1; @@ -118,7 +118,7 @@ memset(&s_un, 0, sizeof(struct sockaddr_un)); s_un.sun_family = AF_UNIX; -@@ -1073,8 +1079,10 @@ unix_connect(char *path) +@@ -1096,8 +1102,10 @@ unix_connect(char *path) if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) == -1) return -1; } else { @@ -130,7 +130,7 @@ } memset(&s_un, 0, sizeof(struct sockaddr_un)); -@@ -1084,10 +1092,12 @@ unix_connect(char *path) +@@ -1107,10 +1115,12 @@ unix_connect(char *path) sizeof(s_un.sun_path)) { close(s); errno = ENAMETOOLONG; diff -Nru netcat-openbsd-1.206/debian/patches/port-to-linux-with-libsd.patch netcat-openbsd-1.217/debian/patches/port-to-linux-with-libsd.patch --- netcat-openbsd-1.206/debian/patches/port-to-linux-with-libsd.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/port-to-linux-with-libsd.patch 2020-06-05 03:14:00.000000000 +0000 @@ -3,11 +3,11 @@ Subject: port to linux with libsd --- - Makefile | 15 ++++++- + Makefile | 15 ++++++ nc.1 | 3 - - netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++--------------- - socks.c | 48 +++++++++++------------ - 4 files changed, 140 insertions(+), 57 deletions(-) + netcat.c | 139 +++++++++++++++++++++++++++++++++++++++++++++------------------ + socks.c | 48 ++++++++++----------- + 4 files changed, 140 insertions(+), 65 deletions(-) --- a/Makefile +++ b/Makefile @@ -41,7 +41,7 @@ .It Fl R Ar CAfile Load the root CA bundle for TLS certificate verification from .Ar CAfile , -@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu +@@ -273,6 +271,7 @@ For the IPv4 TOS/IPv6 traffic class valu may be one of .Cm critical , .Cm inetcontrol , @@ -119,7 +119,7 @@ #include "atomicio.h" -@@ -269,10 +316,14 @@ main(int argc, char *argv[]) +@@ -270,10 +317,14 @@ main(int argc, char *argv[]) uflag = 1; break; case 'V': @@ -134,7 +134,7 @@ break; case 'v': vflag = 1; -@@ -321,7 +372,11 @@ main(int argc, char *argv[]) +@@ -322,7 +373,11 @@ main(int argc, char *argv[]) oflag = optarg; break; case 'S': @@ -146,7 +146,7 @@ break; case 'T': errstr = NULL; -@@ -346,14 +401,23 @@ main(int argc, char *argv[]) +@@ -347,13 +402,22 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; @@ -157,20 +157,19 @@ +# endif /* Cruft to make sure options are clean, and used properly. */ - if (argv[0] && !argv[1] && family == AF_UNIX) { + if (argc == 1 && family == AF_UNIX) { host = argv[0]; - uport = NULL; -+ } else if (!argv[0] && lflag) { ++ } else if (argc == 0 && lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (pflag) + errx(1, "cannot use -p and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); -@@ -389,33 +453,6 @@ main(int argc, char *argv[]) + } else if (argc == 1 && lflag) { + uport = argv[0]; + } else if (argc == 2) { +@@ -397,33 +461,6 @@ main(int argc, char *argv[]) } } @@ -204,7 +203,7 @@ if (!lflag && kflag) errx(1, "must use -l with -k"); if (uflag && usetls) -@@ -450,8 +487,8 @@ main(int argc, char *argv[]) +@@ -458,8 +495,8 @@ main(int argc, char *argv[]) } else { strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", UNIX_DG_TMP_SOCKET_SIZE); @@ -215,7 +214,29 @@ unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } -@@ -934,8 +971,10 @@ remote_connect(const char *host, const c +@@ -580,10 +617,6 @@ main(int argc, char *argv[]) + if (s == -1) + err(1, NULL); + if (uflag && kflag) { +- if (family == AF_UNIX) { +- if (pledge("stdio unix", NULL) == -1) +- err(1, "pledge"); +- } + /* + * For UDP and -k, don't connect the socket, + * let it receive datagrams from multiple +@@ -610,10 +643,6 @@ main(int argc, char *argv[]) + if (rv == -1) + err(1, "connect"); + +- if (family == AF_UNIX) { +- if (pledge("stdio unix", NULL) == -1) +- err(1, "pledge"); +- } + if (vflag) + report_sock("Connection received", + (struct sockaddr *)&z, len, +@@ -962,8 +991,10 @@ remote_connect(const char *host, const c if (sflag || pflag) { struct addrinfo ahints, *ares; @@ -226,7 +247,7 @@ memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -@@ -1027,9 +1066,15 @@ local_listen(const char *host, const cha +@@ -1076,9 +1107,15 @@ local_listen(const char *host, const cha res->ai_protocol)) == -1) continue; @@ -242,7 +263,7 @@ set_common_sockopts(s, res->ai_family); -@@ -1499,11 +1544,13 @@ set_common_sockopts(int s, int af) +@@ -1548,11 +1585,13 @@ set_common_sockopts(int s, int af) { int x = 1; @@ -256,7 +277,7 @@ if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, &x, sizeof(x)) == -1) -@@ -1514,9 +1561,14 @@ set_common_sockopts(int s, int af) +@@ -1563,9 +1602,14 @@ set_common_sockopts(int s, int af) IP_TOS, &Tflag, sizeof(Tflag)) == -1) err(1, "set IP ToS"); @@ -271,7 +292,7 @@ } if (Iflag) { if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, -@@ -1534,19 +1586,34 @@ set_common_sockopts(int s, int af) +@@ -1583,19 +1627,34 @@ set_common_sockopts(int s, int af) IP_TTL, &ttl, sizeof(ttl))) err(1, "set IP TTL"); @@ -306,7 +327,7 @@ } } -@@ -1581,6 +1648,7 @@ process_tos_opt(char *s, int *val) +@@ -1630,6 +1689,7 @@ process_tos_opt(char *s, int *val) { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, @@ -314,7 +335,7 @@ { "lowdelay", IPTOS_LOWDELAY }, { "netcontrol", IPTOS_PREC_NETCONTROL }, { "reliability", IPTOS_RELIABILITY }, -@@ -1742,6 +1810,9 @@ report_sock(const char *msg, const struc +@@ -1794,6 +1854,9 @@ report_sock(const char *msg, const struc void help(void) { @@ -324,7 +345,7 @@ usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ -@@ -1784,7 +1855,7 @@ help(void) +@@ -1836,7 +1899,7 @@ help(void) \t-Z Peer certificate file\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); diff -Nru netcat-openbsd-1.206/debian/patches/quit-timer.patch netcat-openbsd-1.217/debian/patches/quit-timer.patch --- netcat-openbsd-1.206/debian/patches/quit-timer.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/quit-timer.patch 2020-06-05 03:14:00.000000000 +0000 @@ -4,8 +4,8 @@ --- nc.1 | 10 ++++++++++ - netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++--------- - 2 files changed, 51 insertions(+), 9 deletions(-) + netcat.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++----------- + 2 files changed, 59 insertions(+), 11 deletions(-) --- a/nc.1 +++ b/nc.1 @@ -14,7 +14,7 @@ .Op Fl P Ar proxy_username .Op Fl p Ar source_port +.Op Fl q Ar seconds - .Op Fl s Ar source + .Op Fl s Ar sourceaddr .Op Fl T Ar keyword .Op Fl V Ar rtable @@ -167,6 +168,15 @@ Proxy authentication is only supported f @@ -52,7 +52,7 @@ int main(int argc, char *argv[]) { -@@ -256,9 +259,9 @@ main(int argc, char *argv[]) +@@ -257,9 +260,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, # if defined(TLS) @@ -64,7 +64,7 @@ # endif != -1) { switch (ch) { -@@ -350,6 +353,13 @@ main(int argc, char *argv[]) +@@ -351,6 +354,13 @@ main(int argc, char *argv[]) case 'p': pflag = optarg; break; @@ -78,7 +78,7 @@ # if defined(TLS) case 'R': tls_cachanged = 1; -@@ -1320,15 +1330,27 @@ readwrite(int net_fd) +@@ -1361,15 +1371,27 @@ readwrite(int net_fd) while (1) { /* both inputs are gone, buffers are empty, we are done */ if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && @@ -112,22 +112,37 @@ /* poll */ num_fds = poll(pfd, 4, timeout); -@@ -2053,6 +2075,7 @@ help(void) +@@ -1526,6 +1548,13 @@ readwrite(int net_fd) + if (pfd[POLL_NETOUT].fd != -1 && Nflag) + shutdown(pfd[POLL_NETOUT].fd, SHUT_WR); + pfd[POLL_NETOUT].fd = -1; ++ /* #817050: handle UDP sockets and kflag */ ++ if ((lflag || uflag) && pfd[POLL_NETIN].fd != -1 && ++ qflag >= 0 && netinbufpos == 0) { ++ shutdown(pfd[POLL_NETIN].fd, SHUT_RD); ++ pfd[POLL_NETIN].fd = -1; ++ kflag = 0; ++ } + } + /* net in gone and queue empty? */ + if (pfd[POLL_NETIN].fd == -1 && netinbufpos == 0) { +@@ -2097,6 +2126,7 @@ help(void) \t-O length TCP send buffer length\n\ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ + \t-q secs\t quit after EOF on stdin and delay of secs\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ -@@ -2077,10 +2100,19 @@ usage(int ret) + \t-s sourceaddr Local source address\n\ +@@ -2121,10 +2151,18 @@ usage(int ret) fprintf(stderr, "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" -- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " -+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" - "\t [-X proxy_protocol] [-x proxy_address[:port]] " +- "\t [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] " +- "[-w timeout]\n" +- "\t [-X proxy_protocol] [-x proxy_address[:port]]\n" ++ "\t [-q seconds] [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit]\n" ++ "\t [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]]\n" "\t [destination] [port]\n"); if (ret) exit(1); diff -Nru netcat-openbsd-1.206/debian/patches/send-crlf.patch netcat-openbsd-1.217/debian/patches/send-crlf.patch --- netcat-openbsd-1.206/debian/patches/send-crlf.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/send-crlf.patch 2020-06-05 03:14:00.000000000 +0000 @@ -30,7 +30,7 @@ .It Fl D Enable debugging on the socket. .It Fl d -@@ -377,7 +382,7 @@ More complicated examples can be built u +@@ -376,7 +381,7 @@ More complicated examples can be built u of requests required by the server. As another example, an email may be submitted to an SMTP server using: .Bd -literal -offset indent @@ -59,7 +59,7 @@ ssize_t fillbuf(int, unsigned char *, size_t *); # endif -@@ -256,7 +258,7 @@ main(int argc, char *argv[]) +@@ -257,7 +259,7 @@ main(int argc, char *argv[]) # if defined(TLS) "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) # else @@ -68,7 +68,7 @@ # endif != -1) { switch (ch) { -@@ -286,6 +288,10 @@ main(int argc, char *argv[]) +@@ -287,6 +289,10 @@ main(int argc, char *argv[]) case 'c': usetls = 1; break; @@ -79,7 +79,7 @@ # endif case 'd': dflag = 1; -@@ -1324,12 +1330,6 @@ readwrite(int net_fd) +@@ -1365,12 +1371,6 @@ readwrite(int net_fd) stdinbufpos == 0 && netinbufpos == 0) return; @@ -92,7 +92,7 @@ /* poll */ num_fds = poll(pfd, 4, timeout); -@@ -1409,7 +1409,7 @@ readwrite(int net_fd) +@@ -1450,7 +1450,7 @@ readwrite(int net_fd) pfd[POLL_NETOUT].events = POLLOUT; else # else @@ -101,7 +101,7 @@ # endif if (ret == -1) pfd[POLL_NETOUT].fd = -1; -@@ -1468,7 +1468,7 @@ readwrite(int net_fd) +@@ -1509,7 +1509,7 @@ readwrite(int net_fd) pfd[POLL_STDOUT].events = POLLOUT; else # else @@ -110,7 +110,7 @@ # endif if (ret == -1) pfd[POLL_STDOUT].fd = -1; -@@ -1494,33 +1494,40 @@ readwrite(int net_fd) +@@ -1535,33 +1535,40 @@ readwrite(int net_fd) } ssize_t @@ -173,7 +173,7 @@ /* adjust buffer */ adjust = *bufpos - n; if (adjust > 0) -@@ -2030,6 +2037,7 @@ help(void) +@@ -2074,6 +2081,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ @@ -181,12 +181,12 @@ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ \t-F Pass socket fd\n\ -@@ -2067,7 +2075,7 @@ void +@@ -2111,7 +2119,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "\t [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] " "[-w timeout]\n" diff -Nru netcat-openbsd-1.206/debian/patches/serialized-handling-multiple-clients.patch netcat-openbsd-1.217/debian/patches/serialized-handling-multiple-clients.patch --- netcat-openbsd-1.206/debian/patches/serialized-handling-multiple-clients.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/serialized-handling-multiple-clients.patch 2020-06-05 03:14:00.000000000 +0000 @@ -8,7 +8,7 @@ --- a/netcat.c +++ b/netcat.c -@@ -708,7 +708,10 @@ main(int argc, char *argv[]) +@@ -716,7 +716,10 @@ main(int argc, char *argv[]) s = unix_bind(host, 0); else s = unix_listen(host); @@ -20,7 +20,7 @@ # if defined(TLS) if (usetls) { -@@ -722,13 +725,6 @@ main(int argc, char *argv[]) +@@ -730,13 +733,6 @@ main(int argc, char *argv[]) # endif /* Allow only one connection at a time, but stay alive. */ for (;;) { @@ -34,7 +34,7 @@ if (uflag && kflag) { /* * For UDP and -k, don't connect the socket, -@@ -805,8 +801,11 @@ main(int argc, char *argv[]) +@@ -814,8 +810,11 @@ main(int argc, char *argv[]) err(1, "connect"); } diff -Nru netcat-openbsd-1.206/debian/patches/series netcat-openbsd-1.217/debian/patches/series --- netcat-openbsd-1.206/debian/patches/series 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/series 2020-06-05 03:14:00.000000000 +0000 @@ -11,4 +11,5 @@ set-TCP-MD5SIG-correctly-for-client-connections.patch destination-port-list.patch use-flags-to-specify-listen-address.patch +make-getnameinfo-errors-nonfatal-in-report_sock.patch misc-failures-and-features.patch diff -Nru netcat-openbsd-1.206/debian/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch netcat-openbsd-1.217/debian/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch --- netcat-openbsd-1.206/debian/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch 2020-06-05 03:14:00.000000000 +0000 @@ -3,8 +3,8 @@ Subject: Set TCP MD5SIG correctly for client connections --- - netcat.c | 31 ++++++++++++++++++++++++------- - 1 file changed, 24 insertions(+), 7 deletions(-) + netcat.c | 34 ++++++++++++++++++++++++++-------- + 1 file changed, 26 insertions(+), 8 deletions(-) --- a/netcat.c +++ b/netcat.c @@ -12,7 +12,7 @@ #ifdef __linux__ # include #endif -+#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++#if defined(TCP_MD5SIG_EXT) && defined(TCP_MD5SIG_MAXKEYLEN) +# include +#endif @@ -22,7 +22,7 @@ int Cflag = 0; /* CRLF line-ending */ # endif -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++# if defined(TCP_MD5SIG_EXT) && defined(TCP_MD5SIG_MAXKEYLEN) +char Sflag_password[TCP_MD5SIG_MAXKEYLEN]; +# endif int recvcount, recvlimit; @@ -37,28 +37,28 @@ int process_tos_opt(char *, int *); # if defined(TLS) int process_tls_opt(char *, int *); -@@ -458,7 +464,10 @@ main(int argc, char *argv[]) +@@ -459,7 +465,10 @@ main(int argc, char *argv[]) break; # endif case 'S': -# if defined(TCP_MD5SIG) -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++# if defined(TCP_MD5SIG_EXT) && defined(TCP_MD5SIG_MAXKEYLEN) + if (readpassphrase("TCP MD5SIG password: ", + Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL) + errx(1, "Unable to read TCP MD5SIG password"); Sflag = 1; # else errx(1, "no TCP MD5 signature support available"); -@@ -1170,7 +1179,7 @@ remote_connect(const char *host, const c +@@ -1190,7 +1199,7 @@ remote_connect(const char *host, const c freeaddrinfo(ares); } - set_common_sockopts(s, res->ai_family); + set_common_sockopts(s, res->ai_addr); - char *proto = proto_name(uflag, dccpflag); - if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) -@@ -1324,7 +1333,7 @@ local_listen(const char *host, const cha + if (ipaddr != NULL) { + herr = getnameinfo(res->ai_addr, res->ai_addrlen, +@@ -1366,7 +1375,7 @@ local_listen(const char *host, const cha err(1, NULL); # endif @@ -67,7 +67,7 @@ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) -@@ -1856,9 +1865,10 @@ udptest(int s) +@@ -1905,9 +1914,10 @@ udptest(int s) } void @@ -79,22 +79,24 @@ # if defined(SO_BROADCAST) if (bflag) { -@@ -1869,10 +1879,17 @@ set_common_sockopts(int s, int af) +@@ -1918,10 +1928,18 @@ set_common_sockopts(int s, int af) err(1, NULL); } # endif -# if defined(TCP_MD5SIG) -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++# if defined(TCP_MD5SIG_EXT) && defined(TCP_MD5SIG_MAXKEYLEN) if (Sflag) { +- if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, +- &x, sizeof(x)) == -1) + struct tcp_md5sig sig; + memset(&sig, 0, sizeof(sig)); + memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage)); + sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password) + ? TCP_MD5SIG_MAXKEYLEN + : strlen(Sflag_password); -+ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen); - if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, -- &x, sizeof(x)) == -1) ++ memcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen); ++ sig.tcpm_flags = TCP_MD5SIG_FLAG_PREFIX; ++ if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG_EXT, + &sig, sizeof(sig)) == -1) err(1, NULL); } diff -Nru netcat-openbsd-1.206/debian/patches/udp-scan-timeout.patch netcat-openbsd-1.217/debian/patches/udp-scan-timeout.patch --- netcat-openbsd-1.206/debian/patches/udp-scan-timeout.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/udp-scan-timeout.patch 2020-06-05 03:14:00.000000000 +0000 @@ -17,7 +17,7 @@ /* Command Line Options */ int dflag; /* detached, no stdin */ int Fflag; /* fdpass sock to stdout */ -@@ -823,7 +825,7 @@ main(int argc, char *argv[]) +@@ -833,7 +835,7 @@ main(int argc, char *argv[]) continue; ret = 0; @@ -26,7 +26,7 @@ /* For UDP, make sure we are connected. */ if (uflag) { if (udptest(s) == -1) { -@@ -1768,15 +1770,20 @@ build_ports(char *p) +@@ -1816,15 +1818,20 @@ build_ports(char *p) int udptest(int s) { diff -Nru netcat-openbsd-1.206/debian/patches/use-flags-to-specify-listen-address.patch netcat-openbsd-1.217/debian/patches/use-flags-to-specify-listen-address.patch --- netcat-openbsd-1.206/debian/patches/use-flags-to-specify-listen-address.patch 2019-12-02 16:10:23.000000000 +0000 +++ netcat-openbsd-1.217/debian/patches/use-flags-to-specify-listen-address.patch 2020-06-05 03:14:00.000000000 +0000 @@ -4,8 +4,8 @@ --- nc.1 | 18 ++++++++++++++---- - netcat.c | 51 +++++++++++++++++++++++++++++++-------------------- - 2 files changed, 45 insertions(+), 24 deletions(-) + netcat.c | 47 +++++++++++++++++++++++++++++++---------------- + 2 files changed, 45 insertions(+), 20 deletions(-) --- a/nc.1 +++ b/nc.1 @@ -32,7 +32,7 @@ Additionally, any timeouts specified with the .Fl w option are ignored. -@@ -194,8 +206,6 @@ For +@@ -193,8 +205,6 @@ For datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. Cannot be used together with @@ -43,30 +43,26 @@ Change the IPv4 TOS/IPv6 traffic class value. --- a/netcat.c +++ b/netcat.c -@@ -509,31 +509,42 @@ main(int argc, char *argv[]) +@@ -510,27 +510,42 @@ main(int argc, char *argv[]) # endif /* Cruft to make sure options are clean, and used properly. */ -- if (argv[0] && !argv[1] && family == AF_UNIX) { +- if (argc == 1 && family == AF_UNIX) { -# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) - if (dccpflag) - errx(1, "cannot use -Z and -U"); -# endif - host = argv[0]; -- uport = NULL; -- } else if (!argv[0] && lflag) { +- } else if (argc == 0 && lflag) { - if (sflag) - errx(1, "cannot use -s and -l"); - if (pflag) - errx(1, "cannot use -p and -l"); - if (zflag) - errx(1, "cannot use -z and -l"); -- } else if (argv[0] && !argv[1]) { -- if (!lflag) -- usage(1); +- } else if (argc == 1 && lflag) { - uport = &argv[0]; -- host = NULL; -- } else if (argv[0] && argv[1]) { +- } else if (argc == 2) { + if (argc == 0 && lflag) { + uport = &pflag; + host = sflag; diff -Nru netcat-openbsd-1.206/nc.1 netcat-openbsd-1.217/nc.1 --- netcat-openbsd-1.206/nc.1 2019-12-02 13:51:04.000000000 +0000 +++ netcat-openbsd-1.217/nc.1 2020-05-22 19:18:56.000000000 +0000 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nc.1,v 1.93 2018/12/27 17:45:36 jmc Exp $ +.\" $OpenBSD: nc.1,v 1.95 2020/02/12 14:46:36 schwarze Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 27 2018 $ +.Dd $Mdocdate: February 12 2020 $ .Dt NC 1 .Os .Sh NAME @@ -47,7 +47,7 @@ .Op Fl P Ar proxy_username .Op Fl p Ar source_port .Op Fl R Ar CAfile -.Op Fl s Ar source +.Op Fl s Ar sourceaddr .Op Fl T Ar keyword .Op Fl V Ar rtable .Op Fl W Ar recvlimit @@ -192,8 +192,8 @@ the network socket after EOF on the input. Some servers require this to finish their work. .It Fl n -Do not do any DNS or service lookups on any specified addresses, -hostnames or ports. +Do not perform domain name resolution. +If a name cannot be resolved without DNS, an error will be reported. .It Fl O Ar length Specify the size of the TCP send buffer. .It Fl o Ar staplefile @@ -228,10 +228,9 @@ assigns them. .It Fl S Enable the RFC 2385 TCP MD5 signature option. -.It Fl s Ar source -Send packets from the interface with the -.Ar source -IP address. +.It Fl s Ar sourceaddr +Set the source address to send packets from, +which is useful on machines with multiple interfaces. For .Ux Ns -domain datagram sockets, specifies the local temporary socket file diff -Nru netcat-openbsd-1.206/netcat.c netcat-openbsd-1.217/netcat.c --- netcat-openbsd-1.206/netcat.c 2019-12-02 13:51:04.000000000 +0000 +++ netcat-openbsd-1.217/netcat.c 2020-05-22 19:18:56.000000000 +0000 @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.206 2019/08/08 16:49:35 mestre Exp $ */ +/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */ /* * Copyright (c) 2001 Eric Jackson * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -125,7 +125,7 @@ int local_listen(const char *, const char *, struct addrinfo); void readwrite(int, struct tls *); void fdpass(int nfd) __attribute__((noreturn)); -int remote_connect(const char *, const char *, struct addrinfo); +int remote_connect(const char *, const char *, struct addrinfo, char *); int timeout_tls(int, struct tls *, int (*)(struct tls *)); int timeout_connect(int, const struct sockaddr *, socklen_t); int socks_connect(const char *, const char *, struct addrinfo, @@ -151,6 +151,7 @@ { int ch, s = -1, ret, socksv; char *host, *uport; + char ipaddr[NI_MAXHOST]; struct addrinfo hints; struct servent *sv; socklen_t len; @@ -351,15 +352,11 @@ err(1, "setrtable"); /* Cruft to make sure options are clean, and used properly. */ - if (argv[0] && !argv[1] && family == AF_UNIX) { + if (argc == 1 && family == AF_UNIX) { host = argv[0]; - uport = NULL; - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); + } else if (argc == 1 && lflag) { uport = argv[0]; - host = NULL; - } else if (argv[0] && argv[1]) { + } else if (argc == 2) { host = argv[0]; uport = argv[1]; } else @@ -374,13 +371,24 @@ err(1, "unveil"); if (oflag && unveil(oflag, "r") == -1) err(1, "unveil"); + } else if (family == AF_UNIX && uflag && lflag && !kflag) { + /* + * After recvfrom(2) from client, the server connects + * to the client socket. As the client path is determined + * during runtime, we cannot unveil(2). + */ } else { if (family == AF_UNIX) { if (unveil(host, "rwc") == -1) err(1, "unveil"); - if (uflag && !lflag) { - if (unveil(sflag ? sflag : "/tmp", "rwc") == -1) - err(1, "unveil"); + if (uflag && !kflag) { + if (sflag) { + if (unveil(sflag, "rwc") == -1) + err(1, "unveil"); + } else { + if (unveil("/tmp", "rwc") == -1) + err(1, "unveil"); + } } } else { /* no filesystem visibility */ @@ -572,6 +580,10 @@ if (s == -1) err(1, NULL); if (uflag && kflag) { + if (family == AF_UNIX) { + if (pledge("stdio unix", NULL) == -1) + err(1, "pledge"); + } /* * For UDP and -k, don't connect the socket, * let it receive datagrams from multiple @@ -598,9 +610,14 @@ if (rv == -1) err(1, "connect"); + if (family == AF_UNIX) { + if (pledge("stdio unix", NULL) == -1) + err(1, "pledge"); + } if (vflag) report_sock("Connection received", - (struct sockaddr *)&z, len, NULL); + (struct sockaddr *)&z, len, + family == AF_UNIX ? host : NULL); readwrite(s, NULL); } else { @@ -677,7 +694,8 @@ proxy, proxyport, proxyhints, socksv, Pflag); else - s = remote_connect(host, portlist[i], hints); + s = remote_connect(host, portlist[i], hints, + ipaddr); if (s == -1) continue; @@ -701,10 +719,18 @@ uflag ? "udp" : "tcp"); } - fprintf(stderr, - "Connection to %s %s port [%s/%s] " - "succeeded!\n", host, portlist[i], - uflag ? "udp" : "tcp", + fprintf(stderr, "Connection to %s", host); + + /* + * if we aren't connecting thru a proxy and + * there is something to report, print IP + */ + if (!nflag && !xflag + && (strcmp(host, ipaddr) != 0)) + fprintf(stderr, " (%s)", ipaddr); + + fprintf(stderr, " %s port [%s/%s] succeeded!\n", + portlist[i], uflag ? "udp" : "tcp", sv ? sv->s_name : "*"); } if (Fflag) @@ -809,8 +835,8 @@ } if (vflag) report_tls(tls_ctx, host); - if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && - strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) + if (tls_expecthash && (tls_peer_cert_hash(tls_ctx) == NULL || + strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)) errx(1, "peer certificate is not %s", tls_expecthash); if (Zflag) { save_peer_cert(tls_ctx, Zflag); @@ -838,8 +864,9 @@ report_tls(tls_cctx, host); if ((TLSopt & TLS_CCERT) && !gotcert) warnx("No client certificate provided"); - else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash && - strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) + else if (gotcert && tls_expecthash && + (tls_peer_cert_hash(tls_cctx) == NULL || + strcmp(tls_expecthash, tls_peer_cert_hash(tls_cctx)) != 0)) warnx("peer certificate is not %s", tls_expecthash); else if (gotcert && tls_expectname && (!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) @@ -916,10 +943,11 @@ * port or source address if needed. Returns -1 on failure. */ int -remote_connect(const char *host, const char *port, struct addrinfo hints) +remote_connect(const char *host, const char *port, struct addrinfo hints, + char *ipaddr) { struct addrinfo *res, *res0; - int s = -1, error, on = 1, save_errno; + int s = -1, error, herr, on = 1, save_errno; if ((error = getaddrinfo(host, port, &hints, &res0))) errx(1, "getaddrinfo for host \"%s\" port %s: %s", host, @@ -952,11 +980,32 @@ set_common_sockopts(s, res->ai_family); + if (ipaddr != NULL) { + herr = getnameinfo(res->ai_addr, res->ai_addrlen, + ipaddr, NI_MAXHOST, NULL, 0, NI_NUMERICHOST); + switch (herr) { + case 0: + break; + case EAI_SYSTEM: + err(1, "getnameinfo"); + default: + errx(1, "getnameinfo: %s", gai_strerror(herr)); + } + } + if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) break; - if (vflag) - warn("connect to %s port %s (%s) failed", host, port, - uflag ? "udp" : "tcp"); + + if (vflag) { + /* only print IP if there is something to report */ + if (nflag || ipaddr == NULL || + (strncmp(host, ipaddr, NI_MAXHOST) == 0)) + warn("connect to %s port %s (%s) failed", host, + port, uflag ? "udp" : "tcp"); + else + warn("connect to %s (%s) port %s (%s) failed", + host, ipaddr, port, uflag ? "udp" : "tcp"); + } save_errno = errno; close(s); @@ -1728,11 +1777,14 @@ if (nflag) flags |= NI_NUMERICHOST; - if ((herr = getnameinfo(sa, salen, host, sizeof(host), - port, sizeof(port), flags)) != 0) { - if (herr == EAI_SYSTEM) + herr = getnameinfo(sa, salen, host, sizeof(host), port, sizeof(port), + flags); + switch (herr) { + case 0: + break; + case EAI_SYSTEM: err(1, "getnameinfo"); - else + default: errx(1, "getnameinfo: %s", gai_strerror(herr)); } @@ -1770,7 +1822,7 @@ \t-R CAfile CA bundle\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ + \t-s sourceaddr Local source address\n\ \t-T keyword TOS value or TLS options\n\ \t-t Answer TELNET negotiation\n\ \t-U Use UNIX domain socket\n\ @@ -1796,7 +1848,7 @@ "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n" "\t [-o staplefile] [-P proxy_username] [-p source_port] " "[-R CAfile]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "\t [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] " "[-w timeout]\n" "\t [-X proxy_protocol] [-x proxy_address[:port]] " "[-Z peercertfile]\n" diff -Nru netcat-openbsd-1.206/socks.c netcat-openbsd-1.217/socks.c --- netcat-openbsd-1.206/socks.c 2019-12-02 13:51:04.000000000 +0000 +++ netcat-openbsd-1.217/socks.c 2020-05-22 19:18:56.000000000 +0000 @@ -1,4 +1,4 @@ -/* $OpenBSD: socks.c,v 1.29 2019/07/29 15:19:03 benno Exp $ */ +/* $OpenBSD: socks.c,v 1.30 2019/11/04 17:33:28 millert Exp $ */ /* * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. @@ -53,7 +53,7 @@ #define SOCKS_DOMAIN 3 #define SOCKS_IPV6 4 -int remote_connect(const char *, const char *, struct addrinfo); +int remote_connect(const char *, const char *, struct addrinfo, char *); int socks_connect(const char *, const char *, struct addrinfo, const char *, const char *, struct addrinfo, int, const char *); @@ -201,7 +201,7 @@ if (authretry++ > 3) errx(1, "Too many authentication failures"); - proxyfd = remote_connect(proxyhost, proxyport, proxyhints); + proxyfd = remote_connect(proxyhost, proxyport, proxyhints, NULL); if (proxyfd < 0) return (-1);