dest-unreach / socat / contrib /
A stack overflow vulnerability was found that can be triggered when command line arguments (complete address specifications, host names, file names) are longer than 512 bytes (advisory)
In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime (advisory)
Socats signal handler implementations was not async-signal-safe and could cause crash or freeze of socat processes (advisory)
Socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line (CVE-2014-0019, advisory)
Under certain circumstances an FD leak occurs and may be misused for denial of service attacks against socat running in server mode (CVE-2013-3571, advisory)
A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (CVE-2012-0219, advisory). Fixed versions are 184.108.40.206 and 2.0.0-b5. Patches are available in the download area.
Michael Hanselmann provided a patch that adds option openssl-compress to disable the compress feature of actual OpenSSL versions.
Vitali Shukela provided a patch that allows to use the original target address of an accepted connection in a socks or proxy address
Jan Just Keijser implemented proxy certificates and provided a patch
An extension for RFC 2217 support written by Kenneth Kassing is provided in the contrib section.
Thomas Schwinge and socats author performed some changes to make socat compile and (partially) run on GNU Hurd systems
These patches are already integrated into the actual socat distribution. Apply them to older socat versions only.
SCTP support for socat has already been requested. Before it could be added to the official distribution, Jonathan Brannan contributed a patch.
It is reported that new socat versions do not build on new Mac OS X versions. Camillo Lugaresi provided a patch that makes socat 220.127.116.11 compile and run on Mac OS X 10.4.
Use this patch if you already have socat 18.104.22.168 source and want to update to 22.214.171.124 but are low on bandwidth or have changed the source code.
Daniel Lucq found that socat might hang when invoked with many file descriptors already opened. Find more info and a patch to this problem.
James Sainsbury found a problem with socat's service name resolution and contributed a solution. Find more info and a patch.