﻿
####################### V 1.8.1.1:

Corrections:
	Socat with options -v or -x showed incorrect timestamps (microseconds
	in decimal position of nanoseconds).
	There was a related commit in 1.8.1.0, but it did not contain the fix.
	Thanks to David Šmíd for fixing this issue.

	Fixed issue with POSIXMQ in unidirectional context.

	Fixed a few buffer read overruns detected on CheriBSD.

Porting:
	glibc-2.43: strchr with const
	Thanks to Khem Raj, Holger Hoffstätte and others for providing patches.

	Avoid 'int' vs. 'void *' compilation issue in xio-netlink.c caused by
	explicit padding on Musl libc.
	Thanks to Hongxu Jia and others for reporting this issue.

####################### V 1.8.1.0:

Features:
	Implemented new address STALL that never sends data or EOF, and never
	gets ready to write data.
	Tests: STALL_RD STALL_WR

	Added option termios-setflags (setflags) to set the termios tcflags.

	Added address TEXT that takes a string from command line as input data;
	output is sent to STDOUT.
	Test: TEXT_STDOUT

	Added option ipv6-multicast-loop (ipv6-mcloop, mcloop6).

	Added option interface-mtu (if-mtu) to set the MTU of TUN and INTERFACE
	addresses.
	Test: TUN_MTU
	Feature proposed by Baldur Gislason

	Address SHELL now can be used without argument to provide an
	interactive shell.
	Test: INTERACTIVE_SHELL

	Added SOCKS5 client user,password authentication with (old socks4)
	option socksuser and new option sockspass
	Test: SOCKS5_USER_PASS

	Added option ipv6-mtu-discover.
	Thanks to Ondřej Martinek for sending the patch.

	New option tiocswinsz (winsz) (pre)sets size of pseudo terminal (PTY).
	Test: TIOCSWINSZ

	Filan queries and prints terminal size (window size) using
	ioctl(TIOCGWINSZ).

	Filan: new option -W keeps it running and makes it print the FD infos
	on SIGWINCH, useful for watching changes of terminal size (window
	size).

	Filan tries to show more info on dynamic file descriptor states
	(FIONREAD etc.)

	Program invocation (EXEC, SHELL, SYSTEM) with option pty now support
	option symbolic-link (link).
	Feature proposed by Dmitry Koterov.

Corrections:
	Fixed possible SIGSEGV after failed getprotobynumber_r() .

	Fixed minor issues with child process counter.

	Address EXEC had a realloc() based heap overflow when the sub command
	had 8 components and had length 48..63 bytes. On some versions of
	FreeBSD, NetBSD and MacOSX this could produce a failure:
	E execvp("", "", "arg1", "arg2", ...): No such file or directory
	Test: EXEC_REALLOC

	Socat crashed with addresses like IP-RECV:17 because some routine
	assumed existance of a bind address as with UDP.
	Test: IP_RECV_17

	PTY generated per /dev/ptmx (or /dev/ptc) instead of openpty() might
	not have gotten all address options (esp.AIX).

	In version 1.8.0.3 SOCKS4 and SOCKS4a without option sockdport failed
	with something like:
	E getaddrinfo(...): Servname not supported for ai_socktype

	SOCKS4 addresses could SIGSEGV when peer sent TCP-RST during initial
	dialog.
	Test: SOCKS4_SIGSEGV

	Option posixmq-priority had been implemented as boolean and thus only
	the values 0 or 1 were applied.

	Address POSIXMQ now refuses bidirectional mode to prevent unwanted
	flushing of queue; use POSIXMQ-BIDIRECTIONAL when needed.

	Deactivated explicit printing of newline on empty READLINE input line.

	When CREATE is used in read-only context it now refuses to truncate or
	create file.

	Fixed bind option with VSOCK: do not try to resolve vsock id
	(regression after 1.8.0.0).

	EXEC with leading space tried to invoke program with empty name.
	Now it skips leading space.

	Socat with options -v or -x showed incorrect timestamps (microseconds
	in decimal position of nanoseconds).
	Thanks to David Šmíd for reporting and fixing this issue.

	Address GOPEN per default applies the O_APPEND flag; however, the
	option o-append=0 had no effect.
	Test: GOPEN_NO_APPEND

	Options min-proto-version and max-proto-version were documented but
	available only as openssl-min-proto-version etc.
	Now bother forms are documented and available.
	Thanks to Matt Panaro and Stefan Rieche for reporting this issue.

Porting:
	Changed Ioctl() request from int to unsigned long to prevent ioctl
	sign-extension console warnings on 32bit BSD systems.
	And see htps://bugzilla.kernel.org/show_bug.cgi?id=42705 for discussion.

	PTYs on Solaris require use of STREAMs.
	Test: SOLARIS_PTY

	Modifications for: gcc -std=c99 --pedantic

Documentation:
	Improved documentation of POSIXMQ options.

Testing:
	A few tests required to be run in tty/pty.

	test.sh: New option -Z, tests only up to this number.

	test.sh: Many corrections.

	Made test.sh work on Solaris with bad PATH

	test.sh: AIX grep understands [[:blank:]] but not \< \>

	Fixed some testing issues for MacOSX

	Improved test.sh for systems without ping, without /etc/services, with
	empty $USER .
	Proposed by Maxim Cournoyer for GNU Guix

	More minor corrections of test.sh

	A few tests fail when performed by almighty root, rate this as "cant".

	Options -N and -Z may now be combined to select a range
	New option -X <num> to exclude a test

####################### V 1.8.0.3:

Security:
	readline.sh has new option -lf <logfile> for stderr. If this option is
	not given it logs to a file in . (cwd) only when . is not writable by
	other users.

Corrections:
	Flixed display of option phases in help output.

	filan -s  displayed "(stream)" instead of "tcp" with addresses
	(regression).

	Fixed a bug that made ignoreeof fail in 1.8.0.0 and 1.8.0.1;
	corrected test IGNOREEOF.
	Thanks to Rusty Bird for the precise problem report.

	Fixed the regression introduced with version 1.8.0.1 that in socks5
	addresses the explicit socksport (2nd address parameter) was ignored.
	Thanks to Jakub Fišer for reporting this bug.

	Do not log simple successful write with NOTICE level.

	On partial write do not poll with sleep() but use select()/poll().

	Partial write situations respect total inactivity timeout when
	nonblocking.

	Fixed a bug that could lead to error "xiopoll(...): Bad file descriptor"
	or to undefined behaviour before terminating Socat with addresses EXEC,
	SYSTEM, or SHELL.

	Option ip-add-source-membership did not work.
	Thanks to Duncan Sands and others for reporting this issue and sending
	the fix.

	Option ip-add-membership with only two parameters crashed or failed
	when malloc() does not initialize memory with zeros.
	Thanks to Nicolas Cavallari for reporting and fixing this bug.

	The readline() library function does not output the newline of empty
	input lines. Changed Socat to explicitly print the newline in this
	case.

	Fixed implementation of options o-creat, o-excl, and o-cloexec with
	POSIXMQ-* addresses.
	POSIXMQ addresses are no longer experimental.

	With version 1.8.0.0, and with 1.8.0.1 and option -0, the following
	command failed:
	socat UDP-LISTEN:1234,fork,reuseaddr,bind=127.0.0.1 -
	Message: "E xioopen_ipdgram_listen(): unknown address family 0":
	Thanks to Brian Woo for reporting this issue.
	Test: UDP_LISTEN_BIND4

	Protected SSL_connect() from SIGCHLD,SIGUSR1.

	Nanosleep() trace output now in decimal form.

	UNIX-LISTEN with bind option terminated with INTERNAL error, this is
	now handled properly.
	Test: UNIX_L_BIND

	Removed unused bytes variable from gettimestamp(), corrected #elsif,
	and socks4 record length.
	Thanks to clang-18 and gcc-13.

	Address TCP-CONNECT, when target address resolves to both IPv4 and
	IPv6, now tries to take into account bind address for protocol
	selection.

	Reworked and harmonized ipapp client addresses.
	Tests: TCP_CONNECT_RETRY SCTP_CONNECT_RETRY DCCP_CONNECT_RETRY
	OPENSSL_CONNECT_RETRY SOCKS4_RETRY SOCKS5_CONNECT_RETRY
	PROXY_CONNECT_RETRY

	Socks and proxy clients now also support option max-children.
	Tests: TCP_CONNECT_MAXCHILDREN SCTP_CONNECT_MAXCHILDREN
	DCCP_CONNECT_MAXCHILDREN OPENSSL_CONNECT_MAXCHILDREN
	SOCKS4_MAXCHILDREN SOCKS5_CONNECT_MAXCHILDREN PROXY_CONNECT_MAXCHILDREN

	On failure of getpwuid() (used in options su and su-d) now consider
	errno.

	When IP4 was completed deconfigured, UDP6-RECVFROM with range option
	failed.

	Fixed preprocessor directives in macro invocation.
	Thanks to Mario de Weerd for reporting this issue.

	CONNECT addresses could use a wrong IPPROTO when getaddrinfo() does not
	support the selected one (at least on Debian-4 with SCTP).

	socat -h (help) did not show option groups POSIXMQ, SCTP, DCCP, and
	UDPLITE of addresses.

Features:
	POSIXMQ-RECV now takes option o-nonblock; this, in combination with -T,
	makes it possible to terminate Socat in case the queue is empty.

	New option posixmq-flush (mq-flush) for POSIXMQ addresses empties the
	queue before starting to transfer data.
	Test: LINUX_POSIXMQ_FLUSH

	New options posixmq-maxmsg, posixmq-msgsize.
	Tests: POSIXMQ_MAXMSG POSIXMQ_MSGSIZE

	POSIXMQ is now an alias for POSIXMQ-BIDIRECTIONAL. It can also be used
	in unidirectional context.

	Procan uses getresuid() and getresgid() when available, to determine
	the saved set-user-ID.

	Procan prints more C-defines, esp.O_*, AI_*, EAI_*; __GLIBC__;
	prints some C-defines in oct and hex;
	added option -V

	Procan tells if char is signed or unsigned

	Socat now prints an info message when implicitly setting SO_REUSEADDR.
	Thanks to Michael Renner for this suggestion.

	Added generic options setsockopt-socket and setsockopt-connected that
	are applied after socket() or when connected.

	POSIXMQ addresses now print a warning when options posixmq-maxmsg or
	posixmq-msgsize were not applied.

	New address POSIXMQ-WRITE does the same as POSIXMQ-SEND, as counterpart
	of POSIXMQ-READ.

Building:
	Disabling certain features during configure could break build process.

	Again fixes a few disable problems.

Porting:
	Fix for old FreeBSD.

	Fixes for old Debian

	Fixes for old Scientific/RHEL

	Socat failed to build on platforms without flock() function (AIX,
	Solaris) due to a missing guard.

	Newer Linux distributions do not provide libwrap: do not leave unused
	variable.

	Newer Linux distributions deprecate usleep, replace it.

	OpenSSL-3 loudly deprecates some functions or macros, replace a first
	bunch of them.

	Fixes for FreeBSD-15 (DCCP)

	Fix for compiling on Solaris-11

Testing:
	test.sh produces file results.txt with columns of test numbers, names,
	and results.

	Fixed a few testing issues.

	Added test script sock5server-echo.sh for SOCKS5-CONNECT and
	SOCKS5-LISTEN, and appropriate tests.
	SOCKS5 addresses are no longer experimental.
	Tests: SOCKS5CONNECT_TCP4 SOCKS5LISTEN_TCP4

	Added a developer test that overwrites malloc'ed memory with non-zeros.

	Newer Linux distributions now deprecate usleep; replaced it in test.sh

	UDPLITE4STREAM was trice, changed one of them to UDPLITE6STREAM.

	Catch problems caused by ISPs that filter *.dest-unreach.net records.

Documentation:
	Removed obsolete CHANGES.ISO-8859-1 file.

	Corrected lots of misspelling and typos.
	Thanks to Mario de Weerd for reporting these issues.

	Improved README file.

	Better explained benefit of UDP-DATAGRAM address type.

####################### V 1.8.0.2:

Security:
	Socat security advisory 9
	CVE-2024-54661: Arbitrary file overwrite
	Socat 1.6.0.0 through 1.8.0.1 and version 2 distributions contain a
	wrapper script "readline.sh" that uses a predictable temporary
	directory, allowing unprivileged users to overwrite arbitrary files
	belonging to the scripts caller.
	This is fixed in Version 1.8.0.2
	Mitigating factors: readline.sh is usually neither installed in a bin
	directory nor is it documented. Major Linux distributions install it in
	examples/ or doc/; however it is invoked by test.sh script.
	Thanks to Wolfgang Frisch from SuSE for finding and reporting this
	issue.
	Test: READLINE_SH_OVERWRITE

####################### V 1.8.0.1:

Corrections:
	When no IP version was preferred by environment, option -4/-6, or
	address option pf, Socat version 1.8.0.0 address TCP-LISTEN did not
	accept TCP4 connections under BSD family operating systems, but only
	TCP6. To regain previous behaviour, preferring IP version 4 is now the
	default. This also fixes some other issues with bind and range options.
	Thanks to Mike Andrews for reporting this issue.
	Tests: LISTEN_4 LISTEN_6  V1800_*_RANGE  V1800_*_BIND

	Added Socat option -0 to allow version 1.8.0.0 behaviour (no preferred
	IP version).

	UDP-SENDTO, UDPLITE-SENDTO, and IP-SENDTO addresses now select an IPv4
	address in case the server name resolves to both IPv4 and IPv6
	addresses.
	Tests: V1800_*_SENDTO_RESOLV_6_4

	Guard applyopts_termios_value() with WITH_TERMIOS.
	Thanks to Kush Upadhyay from Amazon Bottlerocket team for providing the
	patch.

	In some situations xioclose() was called nested what could cause hanging
	of OpenSSL in pthread_rwlock_wrlock()

	socat 1.8.0.0 with addresses of type RECVFROM and option fork, where
	the second address failed to connect/open in the child process, entered
	a fork loop that was only stopped by FD exhaustion caused by FD leak.
	Test: RECVFROM_FORK_LOOP

	socat 1.8.0.0 had an FD leak with addresses of type RECVFROM with fork.
	Test: RECVFROM_FORK_LEAK

	With version 1.8.0.0, options ipv6-join-group and ipv6-join-source-group
	did not work.
	Thanks to Linus Luessing for reporting this bug.

	IP-SENDTO and option pf (protocol-family) with protocol name (vs.numeric
	argument) failed with message:
	E retropts_int(): trailing garbage in numerical arg of option "protocol-family"
	Test: IP_SENDTO_PF

	Fixed a possible buffer overrun with long log lines. In fact it does
	not write beyond end of buffer but lets pass excessive data to the
	write() function.
	Thanks to Heinrich Schuchardt from Canonical for reporting and sending
	a patch.

	Reworked domain name resolution, centralized IPv4/IPv6 sorting.

	Print warning about not checking CRLs in OpenSSL only in the first
	child process.

	Fixed preprocessor directives in macro invocation.
	Thanks to Mario de Weerd for reporting this issue.

Features:
	Total inactivity timeout option -T 0 now means 0.0 seconds; up to
	version 1.8.0.0 it meant no total inactivity timeout.

	Changed socat-chain.sh, socat-mux.sh, and socat-broker.sh to work with
	older Socat versions.

	socat-mux.sh and socat-broker.sh, when run as root, now internally use
	low (512..1023) UDP ports to increase security.

	Added option ai-all (sets AI_ALL flag of getaddrinfo() resolver)

	Socks5 now also allows syntax without socks port, and supports option
	socksport.

Porting:
	Changes for building and testing on NetBSD

	New Linux distributions dislike egrep, fgrep

	When NETDB_INTERNAL is not available it should be set to -1.
	Thanks to Baruch Siach for sending a patch.

	On OpenSolaris/Illumos, isastream() is declared only in stropts.h, not
	in sys/stropts.h
	Thanks to Andy Fiddaman for sending a patch.

	On latest Illumos, compilation failed due to new unexpected SO_PROTOCOL
	implementation.
	Thanks to Andy Fiddaman for sending a patch.

Building:
	Makefile.in: procan.o build requires srcdir prefix for explicit source
	file.
	Thanks to Hongxu Jia and Andrew Schoolman for providing patches.

	Makefile.in: the CC define for procan.o build failed when CC had more
	than one word.
	Thanks to Hongxu Jia for providing an inital patch.

Testing:
	Added the optional DEVTESTS feature for developer tests with controlled
	name resolution to both IPv4 and IPV6 addresses: configure Socat with
	--enable-devtests, this provides internal resolution of domain
	dest-unreach.net with host names: localhost-4, localhost-6,
	localhost-4-6, and localhost-6-4

	test.sh: lots of corrections and improvements

	test.sh: many hardcoded sleep values were replaced by much shorter
	values tuned to performance of the platform.

	test.sh -D for output of platform/system specific defines (variables)

	test.sh: fixed ss determination; more DEFS
	
Documentation:
	Fixed a lot of typos.
	Thanks to Solomon Victorino for sending the patch.

####################### V 1.8.0.0:

Security:
	Socats OpenSSL addresses do not (and never did) check certificate
	revocation lists (CRLs). Socat now prints a warning about this.

Features:
	Added the --experimental option that enables use of features that might
	change in the future.

	Now warning messages are printed by default. If you want to see only
	errors and fatals as in previous versions, use option -d0;
	option -d4 is equivalent to -dddd and to -d -d -d -d
	The number of warnings has been reduced, e.g.removing a non existing
	file does in most cases no longer log a warning.

	Added address type internal SOCKETPAIR. This is similar to the unnamed
	PIPE address (only for internal echoing) but it provides datagram mode
	(the default) and thus keeps packet boundaries.
	Tests: SOCKETPAIR_STREAM SOCKETPAIR_DATAGRAM SOCKETPAIR_SEQPACKET
	SOCKETPAIR_BOUNDARIES

	New option -S <mask> controls catching and logging of signals that are
	not internally used by Socat.
	Tests: SIGTERM_NOLOG SIG31_LOG

	Added option ipv6-join-source-group.
	Thanks to Martin Buck and David Schweizer for sending patches.

	Added option http-version to PROXY-CONNECT address to support servers
	that are not able to handle HTTP version 1.0
	Test: PROXY_HTTPVERSION
	Feature inspired by Robin Palotai.

	New options openssl-maxfraglen and openssl-maxsendfrag for
	functions/macros SSL_CTX_set_tlsext_max_fragment_length() and
	SSL_CTX_set_max_send_fragment().
	Thanks to James Tavares for his contribution.

	Added Info log of resulting OpenSSL max fragment length.

	Implemented options rcvtimeo and sndtimeo, the first of which may be
	useful to prevent endlessly hanging DTLS connection etablishment.
	Test: RCVTIMEO_DTLS
	Feature proposed by Vladimir Nikishkin.

	The file names with -r and -R now may contain environment variable
	references.
	Test: VARS_IN_SNIFFPATH

	Socat option --statistics logs final byte and packet counter values
	before exit. Signal USR1 logs actual values.
	Tests: OPTION_STATISTICS SIGUSR1_STATISTICS

	Added option sitout-eio to specify a timerange in which EIO on the pty
	of a sub process is tolerated.
	Red Hat issue 1853102 related.
	Thanks to Jonathan Casiot for sending an initial patch.

	Socat now installs as socat1 and is referenced by symbolic link socat,
	same with man page (socat1.1 by socat.1)

	New option children-shutup[=1|2...] decreases severity of log
	messages in LISTEN and CONNECT type sub processes.
	Test: CHILDREN_SHUTUP

	New option retrieve-vlan for supporting VLANs in INTERFACE addresses:
	Linux normally keeps VLAN tags in outgoing raw packets, but appears to
	strip them from incoming packets and makes them available in
	PACKET_AUXDATA ancillary messages only.
	Up do version 1.7.4.5 Socat did not handle this situation, so the VLAN
	tags where effectively stripped off incoming packets.
	With this option Socat restores the VLAN tag.
	Feature inspired by Zhao Dong.

	Socket option SO_REUSEADDR is now automatically applied to TCP LISTEN
	addresses. reuseaddr= restores the old behaviour.
	Tests: TCP4_REUSEADDR OPENSSL_6_REUSEADDR REUSEADDR_NULL

	TCP based client addresses now try all results of name resolution until
	a connection attempt succeeded.
	Tests: TRY_ADDRS_4 TRY_ADDRS_4_6
	Feature recommended by Anand Buddhdev.

	configure option --enable-default-ipv allows to specify at build time if
	IPv4, IPv6, or none of these is the preferred default; this is related
	to environment variables SOCAT_PREFERRED_RESOLVE_IP and
	SOCAT_DEFAULT_LISTEN_IP, and to Socat option -4, -6.
	Furthermore, mechanism of IPv4 vs.IPv6 selection has been reworked.
	When no IP version is preferred by these mechanism, passive Socat
	addresses (LISTEN, RECV, RECVFROM) default to IPv6 because it might
	support both versions (but checkout option ipv6-v6only).
	For client addresses, when one of these mechanisms applies and name
	resolution gives addresses of both IP versions, the addresses of the
	preferred versions are tried first.

	New option ai-addrconfig sets or unsets the AI_ADDRCONFIG flag of the
	resolver to prevent name resolution to address families that are not
	available in the network configuration. Default value is 1 in case the
	resolver does not get an address family hint.

	Flag AI_PASSIVE is now automatically applied for LISTEN, RECV, and
	RECVFROM type addresses, and with bind option. In addition to its
	application to the getaddrinfo() function, when this flag is set while
	no IP version is preferred by build, environment, option, or address
	type, Socat chooses IPv6 because this might activate both versions (but
	check option ipv6-v6only).
	Added option ai-passive to control this flag explicitly.

	New option ai-v4mapped (v4mapped) sets or unsets the AI_V4MAPPED flag
	of the resolver. For Socat addresses requiring IPv6 addresses, this
	resolves IPv4 addresses to the appropriate IPv6 address [::ffff:*:*].

	DNS resolver Options (res-*) are now set for the complete open phase of
	the address, not per getaddrinfo() invocation.

	Added the netns option that tries to open an address in the given
	network namespace.
	Tests: NETNS NETNS_EXEC

	New address ACCEPT-FD (ACCEPT) expects a listening file descriptor
	passed from parent, and accepts one or more connections for data
	transfer. This can be used with "inetd mode" of systemd.
	Test: ACCEPT_FD

	Added experimental socks5 TCP client support (connect,bind); syntax:
	SOCKS5-CONNECT:<socks-server>:<socks-port>:<target-host>:<target-port>
	SOCKS5-LISTEN:<socks-server>:<socks-port>:<listen-host>:<listen-port>
	Thanks to Charlie Svensson and others for contributions.

	New address types POSIXMQ-RECEIVE, POSIXMQ-READ, POSIXMQ-SEND, and
	POSIXMQ-BIDIRECTIONAL (Linux only, experimental), and option
	posixmq-priority
	Tests: LINUX_POSIXMQ_READ_PRIO LINUX_POSIXMQ_RECV_FORK
	LINUX_POSIXMQ_RECV_MAXCHILDREN LINUX_POSIXMQ_SEND_MAXCHILDREN

	New address SHELL invokes a shell but without the overhead of SYSTEM

	Added options res-retrans and res-retry that make use of undocumented
	resolver variables to set the retransmission time interval resp.the
	number of times to retransmit.
	Disable them and the old res-* opts with: ./configure --disable-resolve

	Added option res-nsaddr that overrides /etc/resolv.conf nameserver
	address based on an undocumented resolver feature.

	New option chdir changes the working directory of the address to the
	given path, only during the open stage.
	Tests: CHDIR_ON_CREATE CHDIR_ON_SYSTEM

	Option umask now applies only during opening of its very address, not
	for the lifetime of the process; the original umask is restored
	afterwards.
	Tests: UMASK_ON_CREATE UMASK_ON_SYSTEM

	Added option unix-bind-tempname (bind-tempname) to allow UNIX (and
	ABSTRACT) client addresses to bind to unique addresses even when
	invoked	in forked off sub processes.
	Tests: UNIX_LISTEN_CONNECT_BIND_TEMPNAME UNIX_LISTEN_CLIENT_BIND_TEMPNAME
	UNIX_RECVFROM_CLIENT_BIND_TEMPNAME UNIX_RECVFROM_SENDTO_BIND_TEMPNAME
	ABSTRACT_LISTEN_CONNECT_BIND_TEMPNAME ABSTRACT_LISTEN_CLIENT_BIND_TEMPNAME
	ABSTRACT_RECVFROM_CLIENT_BIND_TEMPNAME ABSTRACT_RECVFROM_SENDTO_BIND_TEMPNAME
	Thanks to Kai Lüke for sending an initial patch.

	New option f-setpipe-sz (pipesz) sets the pipe size on systems that
	provide ioctl F_SETIPE_SZ.
	Filan prints the current value.
	Tests: STDIN_F_SETPIPE_SZ EXEC_F_SETPIPE_SZ

	Bidirectional PIPE addresses may block on writing a data chunk larger
	than pipe buffer. Socat now tries to detect if transfer block size is
	large enough and issues a warning.

	Added direct support of DCCP protocol, new addresses:
	DCCP-CONNECT (DCCP)
	DCCP-LISTEN (DCCP-L)
	DCCP4-CONNECT (DCCP4)
	DCCP4-LISTEN (DCCP4-L)
	DCCP6-CONNECT (DCCP6)
	DCCP6-LISTEN (DCCP6-L)
	New option: dccp-set-ccid (ccid)

	Support for UDP-Lite protocol, new addresses:
	UDPLITE-CONNECT
	UDPLITE-LISTEN
	UDPLITE-DATAGRAM
	UDPLITE-RECV
	UDPLITE-RECVFROM
	UDPLITE-SENDTO
	All these are also available in UDPLITE4-* and UDPLITE6-* form;
	options udplite-recv-cscov and udplite-send-cscov.

	Procan now prints info about CC and __STDC_VERSION__, about FD_SETSIZE,
	value of SO_PROTOCOL/SO_PROTOTYPE and some other defines, definitions
	of many C types, and the actual umask.

	Procan tries to find the name of the controlling terminal, on Linux it
	reads info from /proc/self/stat and searches for a device with matching
	major and minor numbers.

	Added socat-chain.sh that makes it possible to stack protocols, e.g. to
	drive socks through TLS, or to use TLS over a serial line.
	Tests: SOCAT_CHAIN_SOCKS4 SOCAT_CHAIN_SSL_PTY

	Added script socat-mux.sh that performs n-to-1 / 1-to-n communications
	using two Socat instances with multicasting.
	Tests: SOCAT_MUX

Corrections:
	When a sub process (EXEC, SYSTEM) terminated with exit code other than
	0, its last sent data might have been lost depending on timing of read/
	write and SIGCHLD in Socat.
	Now the SIGCHLD handler does not simply terminate Socat in this case,
	but remembers the failure and allows further processing.
	Thanks to Luke Jones for reporting this issue.

	Now catching the case of empty SNI host to prevent OpenSSL error.
	This is related to Red Hat issue 2081414.

	Better formatted help output; address keywords in help output are now
	printed in uppercase.

	In previous Socat versions errors EPIPE and ECONNRESET on read() were
	handled at warning level, thus not automatically leading to termination
	with exit code 1. Beginning with this release these conditions are
	handled as errors with termination and exit code 1 to not pretend
	success on possible data loss.
	Problem reported by Scott Burkett.

	In previous Socat versions errors on shutdown() were ignored (info
	level).
	Now Socat handles EPIPE and ECONNRESET as errors to indicate possible
	failure of data transfer.

	INTERFACE addresses did not accept options of INTERFACE group (for
	historical reasons they were only available with TUN addresses).

	Opening addresses did not check if they support all directions expected
	by Socat. Now an error is printed when, e.g,, a read-only type address
	is opened for writing.

	A lot of minor corrections, e.g., catch readline() errors in filan,
	detect byte order in procan
	Test: EXEC_SIGINT

	OpenSSL cipherlist option did not override global openssl.cnf settings.
	Now SSL_CTX_set_cipher_list() is called before
	SSL_CTX_use_certificate_chain_file().
	Thanks to Hiroshi Sakurai for reporting the problem and suggesting this
	solution.

	Fixed option sourceport with UDP6-DATAGRAM.

	Some client addresses (e.g. TCP-CONNECT) take the fork option for
	automatically spawning new connections, however the max-children option
	was not applied.

	Fixed the end-close option, it just did not work.

	In configure.ac was a direct call to gcc instead of $CC which broke
	cross compiling.
	Thanks to Fergus Dall for sending a patch.

Coding:
	Introduced groups_t instead of uint32_t, for more flexibility.

	Rearranged option group bits to only require 32 bits on older systems.

	Make gcc happy, replace strncat with "manual" copying

	On addresses like UDP-RECVFROM with fork option every packet causes a
	new child process which then reads the packet. The parent process must
	wait until the packet has been read before checking again. The former
	synchronization mechanism using SIGUSR1 is now replaced by a
	socketpair. SIGUSR1 is no longer used for internal synchronization.
	Tests: UDP4_FORK UDP6_FORK UNIX_FORK

	Renamed xioopts_t to xioparms_t to avoid confusion with xioopts module.

	Moved multicast related code from xioopts.c to xio-ip.c and xio-ip6.c

	Pointers of type struct single are now always called sfd.

Porting:
	Removed Config/ because its contents have not been maintained for many
	years.

	Try to not receive outgoing packets on raw (PF_PACKET) sockets - use
	PACKET_IGNORE_OUTGOING socket options when available.
	Test: INTERFACE_IGNOREOUTGOING

	Renewed port to OpenBSD:
	Guard OPENSSL_INIT_SETTINGS; and minor changes.

	Thanks to Paul Hunt for sending a fix of the configure
	--enable-openssl-base processing.

	Enable direct largefile support on "smaller" systems per
	_FILE_OFFSET_BITS and _LARGE_FILES.
	Thanks to Fergus Dall for sending a patch.

	Some corrections for better 32bit systems support.

Testing:
	Removed obsolete parts from test.sh

	test.sh: Introduced function checkcond

	Renamed test.sh option -foreign to -internet

Documentation:
	Removed obsolete file doc/xio.help

	Added doc for option ipv6-join-group (ipv6-add-membership)
	Thanks to Martin Buck for sending the patch.

	Renamed xiogetpacketsrc() to xiogetancillary()

	On bad parameter number now print syntax.

####################### V 1.7.4.5 (not released):

Corrections:
	On connect() failure and in some other situations Socat tries to get
	detailed information about the error with recvmsg(). Error return of
	this function is now logged as Info instead of Warn.

	Tests of the correction of the "IP_ADD_SOURCE_MEMBERSHIP but not struct
	ip_mreq_source" issue left an #undef in xiosysincludes.h that disabled
	the ip-add-source-membership option.
	Thanks to Benjamin Poirier for sending a patch.

	Fixed a bug in dalan module that caused SIGSEGV in, e.g.,
	SOCKET-LISTEN:1:1:'"/tmp/sock"'
	Test: DALAN_NO_SIGSEGV

	The retry option with some address types (TCP) did not close() the
	sockets after failed attempts, resulting in an FD leak.

	Filan: Corrected some syntax error messages

	Filan: Fixed a bug introduced in 1.7.4.4 that broke displaying
	TCP/UDP on options -s, -S
	Test: FILAN_SHORT_TCP

	Filan: If IP protocol type cannot be retrieved, display at least the
	socket type

	Filan: Fixed diag_set() call in filan_main.c, bug popped up with C23.
	Thanks to Cristian Rodríguez from openSUSE for reporting this issue.

	Querying the vsock Context Identifier (CID) requires an FD from opening
	/dev/vsock.
	Thanks to Volker Simonis for sending a patch.

	Fixed an internal FD leak in the EXEC,SYSTEM addresses.

	The FDs of the socketpair that queues messages from signal handlers
	lacked FD_CLOEXEC and thus leaked into EXEC and SYSTEM child processes.

	Option stderr on addresses EXEC and SYSTEM uses a temporary FD. It
	lacked the FD_CLOEXEC setting and thus leakt into child processes.

	Restoring of STDIO tty settings failed on Solaris type operating
	systems.
	Thanks to Gordon W.Ross for reporting and fixing this issue.
	Test: RESTORE_TTY

	The OpenSSL client SNI parameter, when not explicitly specified, is
	derived from option commonname or rom target server name. This is not
	useful with IP addresses, which Socat now checks and avoids.

	Socat options -L and -W create lock files using mkstemp(), so they had
	permissions 600. There does not seem to be a good reason for this
	restrictive mode. Furthermore Silla Rizzoli experienced that Minicom
	ignores lock files with mode 600, so it is set to 644 now.

	Procan tries to find out VSOCK CID only when running as root

	The mechanism for deferring logs from signal handlers had an issue that
	caused lots of unwanted recvfrom() calls.

	Do not try to remove abstract UNIX socket entries after use.

Features:
	VSOCK, VSOCK-L support options pf, socktype, prototype (currently
	useless)

Coding:
	New Environment variable SOCAT_TRANSFER_WAIT that Socat sleep before
	starting the data transfer loop. Useful, e.g., to accumulate multiple
	packets in a receiving datagram socket before starting to process them.

	"//" comments were used for disabling experimental code. These lines
	have now been removed or disabled in other ways to make Socat compile
	with C89/C90 standard again.

	fcntl() trace prints flags now in hexadecimal.

	Stream dump options -r and -R now open their paths with CLOEXEC to
	prevent leaking into sub processes.
	Test: EXEC_SNIFF

	Stream dump write now warn on write errors and partial writes (but
	still do not recover).

	Removed trailing white space from *.h and *.c files.

Porting:
	Small correction in configure.ac makes Socat C99 able.
	Thanks to Florian Weimer from Red Hat for providing a patch.

Documentation:
	Syntax and semantics of some options (esp.unlink-close) were not clear.
	Thanks to Anthony Chavez for reporting this and making suggestions.

	socat-tun.html described TCP as tunnel medium but this does not keep
	packet boundaries. Changed to UDP.

	Added examples for DCCP client and server.

	Complex Socat examples are now displayed in two or three lines for
	better overview.
	dest-unreach.css stylesheet has been improved to support this.

Testing:
	Idea: EXEC,SYSTEM addresses can keep packet boundaries when option
	socktype=<val-of-SOCK_DGRAM>
	Tests: EXECSOCKETPAIRPACKETS SYSTEMSOCKETPAIRPACKETS
	
	Cosmetic corrections of EXEC,SYSTEM tests.

	test.sh: Added option --expect-fail to specify comma separated list of
	test numbers whose failure shall not cause a failure of the whole
	script.

	test.sh: Added help text

	Speeded up wait loops; more addresses in upper case; more tests with
	command printing ($VERBOSE)

	test.sh: Check if ports are free before using them for tests

	Test EXEC_FDS checks with Filan if EXEC address only passes stdio FDs.

	Improved template; prepared namesFAIL, -d (DEBUG)

####################### V 1.7.4.4:

Corrections:
	In error.c msg2() there was a stack overflow on long messages: The
	terminating \0 Byte was written behind the last position.
	Thanks to Martin Liška for sending the address sanitizer report.

	UDP-RECVFROM with fork sometimes terminated when multiple packets
	arrived. This issue was introduced with a bug fix in version 1.7.4.0.
	Reason was not handling EAGAIN on recvmsg().
	Thanks to Jamie McQuillan for reporting this issue.

	Address TCP with options connect-timeout and retry terminated
	immediately when a connection attempt failed on network error or
	connection refused.
	Test: TCP_TIMEOUT_RETRY
	Thanks to Kamil Holubicki for reporting this issue.

	There were a couple of weaknesses and errors when accessing invalid or
	incompatible file system entries with UNIX domain, file, and generic
	addresses.
	For example, UNIX-CONNECT, when using a non matching socktype, failed
	with -1 and did not print an error message, instead of printing an
	error message and exiting with rc=1.
	Thanks to Paul Wise for reporting and analyzing the case of accessing
	a left over socket entry with GOPEN.

	The rawer option failed because it tried to clear CREAD.
	Test: RAWER

	UDP-SEND and UPD-SENDTO with option lowport always bound to port 1
	instead of a free port in range 640..1023
	Test: UDP_LOWPORT

	Fixed bad parser error message on "socat /tmp/x\"x/x -"

	Tightened syntax checks to detect numerical arguments that are missing
	or have trailing garbage.
	Test: INTEGER_GARBAGE

	ctype(3) functions need there arguments to be unsigned char.
	Thanks to Taylor R Campbell for sending a patch.

	Filan library uses Socats diag/error message system and therefore had
	always the signal handler messages socket pair open. This fix avoids
	this socketpair in standalone Filan.

	Corrected printf format for type socklen_t in two places.

Porting:
	OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain
	conditions: client connection to server with certificate with empty
	subject, and pressing ^C after successful connect.
	This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT.
	Thanks to Martin Dorey for reporting and analyzing this issue, and for
	providing an environment for reproduction.

	Socat failed to compile on platforms that have
	IP_ADD_SOURCE_MEMBERSHIP but not struct ip_mreq_source
	Thanks to Justin Yackoski for sending a patch.

	configure.ac's detection of getprotobynumber_r() variant did not
	recognize if this function does not exist, e.g. on Musl libc.
	Thanks to Alexander Kanavin and Baruch Siach for sending patches.

	Corrected message format when no strftime() is available; improved
	handling of very long host or program names

	Solaris requires that termios options are always applied to the slave
	side of PTY.
