netcat-openbsd (1.219-1) unstable; urgency=medium * New upstream release (from OpenBSD 7.2). * Salsa CI: Remove default configuration file. * Refresh d/patches. * Update standards version to 4.6.1, no changes needed. -- Guilhem Moulin Thu, 20 Oct 2022 23:19:17 +0200 netcat-openbsd (1.218-5) unstable; urgency=low [ Dirk Jagdmann ] * Add support for abstract namespace sockets in the AF_UNIX family. [ Guilhem Moulin ] * d/t/client-server: Add a simple test for sockets in the AF_UNIX family, including those in the abstract namespace on Linux. We were only checking sockets in the AF_INET family before. * d/p/abstract-unix-domain-socket.patch: Some fixes and improvements upon Dirk's patch. * d/checks: Ensure sockets in the AF_UNIX family are usable up to the sizeof(sun_path) limit, and rejected with ENAMETOOLONG when they exceed it. * d/checks: Add tests for abstract namespace sockets in the AF_UNIX family, incl. for source datagram UNIX domain sockets. * d/p/abstract-unix-domain-socket.patch: Always reject the empty pathname sockets, which on Linux was read as the NUL abstract socket before. The empty abstract socket is still allowed however, and is specified as "@". * d/p/misc-failures-and-features.patch: Remove double warning in unix_connect(). * d/p/misc-failures-and-features.patch: Remove leftover union{}, obsolete since 1.190-1. * d/p/misc-failures-and-features.patch: Factor out Makefile changes to d/p/port-to-linux-with-libbsd.patch. * d/p/misc-failures-and-features.patch: Remove redundant errx() call in unix_connect(). * d/p/misc-failures-and-features.patch: Improve error message for UNIX-domain datagram sockets. * d/checks: Use '--' marker to avoid breakage on socket pathnames starting with '-'. * d/checks/netcat: Set LC_ALL=C. * Add d/NEWS entry mentioning abstract sockets support and its implications. * d/p/*: Consolidate usage of '#if defined(FOO)' vs. '#ifdef FOO'. * d/p/build-without-TLS-support.patch: Rename '-DTLS' to the less generic '-DHAVE_TLS'. * d/p/port-to-linux-with-libbsd.patch: Use automatic Makefile variables. * d/checks/02-connect: Check default temporary socket name for datagram sockets. * d/tests/client-server: Check that the socket path is left behind. * Rather than using mkstemp(3) to create unique names for default source datagram UNIX domain sockets, use mkdtemp(3) to create a new empty directory (with mode 0700) and use it to store a fixed socket name. This fixes a file descriptor leak and a race condition where a new file would be created by an attacker between the unlink(2) and bind(2) calls. We don't use an abstract socket here since it would open a race condition with the possibility for a local attacker to inject fake server responses. * d/p/*: Minor formatting fixes. * d/p/*: Improve Subject: lines. * d/copyright: Update copyright years. -- Guilhem Moulin Fri, 11 Mar 2022 21:54:15 +0100 netcat-openbsd (1.218-4) unstable; urgency=medium * d/checks/*: Allow test suite to fail due to the high rate of false positives on some platforms and build environments. -- Guilhem Moulin Sat, 19 Feb 2022 11:33:57 +0100 netcat-openbsd (1.218-3) unstable; urgency=medium * Upload to unstable. -- Guilhem Moulin Mon, 06 Dec 2021 00:09:18 +0100 netcat-openbsd (1.218-2+exp6) experimental; urgency=medium * d/checks/07-name-resolution: Warn on resolution failures. * d/checks/07-name-resolution: Prefer `getent ahosts/ahostsv4/ahostsv6`. Regression from 1.218-2+exp5. -- Guilhem Moulin Sun, 05 Dec 2021 01:21:26 +0100 netcat-openbsd (1.218-2+exp5) experimental; urgency=medium * d/checks/07-name-resolution: Only use `getent ahosts…` for AF_INET. Using it for AF_UNSPEC yields FTBFS on landau (sparc64 buildd). -- Guilhem Moulin Sun, 05 Dec 2021 00:07:02 +0100 netcat-openbsd (1.218-2+exp4) experimental; urgency=medium * d/checks/07-name-resolution: Also check ip6-localhost. * d/checks/07-name-resolution: Support empty `getent ahostsv6 localhost` output (attempt to fix FTBFS on the reproducible-builds build daemons). -- Guilhem Moulin Sat, 04 Dec 2021 17:12:41 +0100 netcat-openbsd (1.218-2+exp3) experimental; urgency=medium * d/checks/07-name-resolution: Dump resolver status on failure. Unfortunately that test makes r-b unhappy and it's unclear why, so let's dump some extra information on error. -- Guilhem Moulin Tue, 23 Nov 2021 19:06:31 +0100 netcat-openbsd (1.218-2+exp2) experimental; urgency=low * Minor d/rules refactoring. * Demote setsockopt SO_REUSEADDR/SO_REUSEPORT fatal failures to warnings. `nc -l` was unusable (ENOPROTOOPT) on platforms such as GNU Hurd which define but don't implement SO_REUSEPORT. dh_auto_test failed on these platforms since d/t/client-server calls `nc -l`. -- Guilhem Moulin Mon, 15 Nov 2021 19:44:11 +0100 netcat-openbsd (1.218-2+exp1) experimental; urgency=low * d/control: Reflow Description field. * d/copyright: Add self under "Files: debian/*" stanza. * d/checks/07-name-resolution: Dump resolution results on error. This should make FTBFS troubleshooting on some buildds easier. * Also run d/t/client-server after dh_auto_test. * Skip extended test suite on hppa and ia64. * DEP-8, dh_auto_test: Run d/t/client-server also on non-Linux platforms. -- Guilhem Moulin Sun, 14 Nov 2021 17:17:26 +0100 netcat-openbsd (1.218-2) unstable; urgency=low * d/checks: Fix FTBS on some platforms: + Skip entire test suite (and also d/t/client-server) on non-Linux platforms. There are Linux-only dependencies, such as strace(1) and ss(8). + Don't make any asumption regarding v4/v6 preference when resolving localhost. + Don't assume getent(1) produces space-separated output. + Replace strace's '-Ianywhere' with '-I1' so we can run with older strace versions. + Skip TCP MD5 signatures test on unsupported platforms. (It appears hppa chokes on the readpassphrase injection via LD_PRELOAD, and TCP MD5 signature seems to be disabled in the riscv64 buildd.) -- Guilhem Moulin Sun, 14 Nov 2021 04:47:57 +0100 netcat-openbsd (1.218-1) unstable; urgency=low * New upstream release (from OpenBSD 7.0). * d/rules refactoring. * d/netcat-openbsd.{postinst,prerm}: Explicitly exit with status code 0. * Bump Standards-Version to 4.6.0 (no changes needed). * Remove unused lintian override spare-manual-page. * d/checks/*: Add test suite for the upstream codebase as well as the Debian- specific patches. This adds Build-Depends: iproute2, procps, strace (unless under 'nocheck' profile). Parsing strace(1) output isn't ideal of course... but we can't think of a better way to do these checks and it's hopefully fine for dh_auto_test (the DEP-8 tests don't rely on that). * Add DEP-8 tests: 1/ ensure nc(1) is nc.openbsd(1), and 2/ basic client/server communication test. -- Guilhem Moulin Sat, 13 Nov 2021 21:52:14 +0100 netcat-openbsd (1.217.1-1) unstable; urgency=medium * New upstream release (from OpenBSD 6.9). * Refresh debian/README.source to reflect current workflow. * Replace Aron Xu as Maintainer at Aron's request. Many thanks to him for his work on the netcat-openbsd package! * d/p/port-to-linux-with-libsd.patch, d/p/build-without-TLS-support.patch: Add "Forwarded: not-needed" annotation. -- Guilhem Moulin Mon, 16 Aug 2021 03:14:05 +0200 netcat-openbsd (1.217-3) unstable; urgency=low [ Debian Janitor ] * Rely on pre-initialized dpkg-architecture variables. * Update renamed lintian tag names in lintian overrides. [ Guilhem Moulin ] * d/control: Bump Standards-Version to 4.5.1 (no changes necessary). * Add debian/salsa-ci.yml file for GitLab CI. * Rename 'master' (default) branch to 'debian/latest' for DEP-14 compliance. -- Guilhem Moulin Sat, 19 Dec 2020 00:11:23 +0100 netcat-openbsd (1.217-2) unstable; urgency=low * d/patches: Make getnameinfo(3) errors non-fatal in report_sock(): report_sock() is used to show the peer's address/name and port when the '-v' flag is set. Reverse resolution errors need not be fatal. (Closes: #961378) -- Guilhem Moulin Fri, 05 Jun 2020 03:16:35 +0200 netcat-openbsd (1.217-1) unstable; urgency=medium * d/control: + Set debhelper-compat version in Build-Depends. + Remove quilt from Build-Depends. + Bump Standards-Version to 4.5.0 (no changes necessary). + Set 'Rules-Requires-Root: no'. + Bump debhelper compatibility level to 13. * d/netcat-openbsd.{postinst,prerm}: set -e in the scripts themselves not on the shebang line. * Add lintian override for I: manpage-without-executable usr/share/man/man1/nc_openbsd.1.gz * d/copyright: Set fields Upstream-Name. * d/patches/set-TCP-MD5SIG-correctly-for-client-connections.patch: Fix TCP MD5 signature support. The feature now requires the TCP_MD5SIG_EXT socket option, available since Linux 4.13. Thanks to Thomas Habet for report and patch. (Closes: #954934) * d/patches/quit-timer.patch: Make -q0 quit immediately also with UDP sockets. Many thanks to Duncan Roe for the help in debugging this. (Closes: #817050) -- Guilhem Moulin Sat, 23 May 2020 02:04:39 +0200 netcat-openbsd (1.206-1) unstable; urgency=medium * New upstream release (from OpenBSD 6.6) * d/patches/use-flags-to-specify-listen-address.patch: Re-enable specifying client socket for UNIX-domain datagram sockets. Regression introduced in version 1.187-1. Thanks to astian for the report and patch. (Closes: #935650) * debian/control: Bump Standards-Version to 4.4.1 (no changes necessary). -- Guilhem Moulin Mon, 02 Dec 2019 17:10:23 +0100 netcat-openbsd (1.203-2) unstable; urgency=medium * Remove d/patches/verbose-numeric-port.patch: as of 1.203 verbose mode for listening sockets is included in upstream's report_sock() function. (Closes: #934330) -- Guilhem Moulin Fri, 23 Aug 2019 22:59:19 +0200 netcat-openbsd (1.203-1) unstable; urgency=medium * New upstream release (from OpenBSD 6.5) * debian/control: Bump Standards-Version to 4.4.0 (no changes necessary). * debian/control, debian/compat: Bump debhelper compatibility level from 9 to 12. -- Guilhem Moulin Sun, 04 Aug 2019 20:43:25 +0200 netcat-openbsd (1.195-2) unstable; urgency=medium * Report the listening port correctly in verbose mode. Regression since 1.195-1. Thanks to Peter Pentchev for the report and patch. Closes: #920611. * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary). -- Guilhem Moulin Tue, 12 Feb 2019 12:31:51 +0100 netcat-openbsd (1.195-1) unstable; urgency=medium * New upstream release (from OpenBSD 6.4) * debian/control: Bump Standards-Version to 4.2.1 (no changes necessary). * debian/patches: + Move broadcast support out of misc-failures-and-features.patch into an individual patch. + Fix arbitrary port list support (Closes: #886910, regression since 1.178-1) and move it into an individual patch. Furthermore, add range support as well as shuffling in said list, and document these features. (Closes: #886909). -- Guilhem Moulin Mon, 22 Oct 2018 05:18:54 +0200 netcat-openbsd (1.190-2) unstable; urgency=low * d/patches/misc-failures-and-features.patch: Refactor option/argument verification logic and re-enable usage of '-s' (local source address) and '-p' (local source port) in client mode (when '-l' is unset). Regression introduced in version 1.187-1 of that file. Closes: #897020, LP: #1767283. * debian/control: Bump Standards-Version to 4.1.4 (no changes necessary). -- Guilhem Moulin Mon, 30 Apr 2018 19:53:34 +0200 netcat-openbsd (1.190-1) unstable; urgency=low * New upstream release (from OpenBSD 6.3) * debian/control: + Bump Standards-Version to 4.1.3 (no changes necessary). + Migrate Vcs-Browser and Vcs-Git from Alioth to Salsa. -- Guilhem Moulin Thu, 05 Apr 2018 03:04:00 +0200 netcat-openbsd (1.187-1) unstable; urgency=low * New upstream release (from OpenBSD 6.2) * debian/control: Bump Standards-Version to 4.1.1 (no changes necessary). * debian/patches/send-crlf.patch: clarify in the manpage that the "-C" flag (translate LF to CR+LF) only affects input data, and that LF characters that are already preceded with CR are not translated. Closes: #861062. * Allow usage of -s with -l for consistency with netcat-traditional. `nc -l -p 12345 -s ::1` now behave as `nc -l -p 12345 ::1` and `nc -l ::1 12345`. Closes: #879853. -- Guilhem Moulin Sun, 03 Dec 2017 23:01:07 +0100 netcat-openbsd (1.178-3) unstable; urgency=low * Fix FTBFS on hurd-i386. * Fix verbose mode with UDP (-uv). Thanks to Akos Pasztory for the report and patch. Closes: #870240. -- Guilhem Moulin Mon, 31 Jul 2017 18:54:10 +0200 netcat-openbsd (1.178-2) unstable; urgency=medium * debian/control: Bump Standards-Version to 4.0.0 (no changes necessary). * debian/rules: Avoid parsing dpkg-parsechangelog(1) output. * Fix FTBFS on kFreeBSD. -- Guilhem Moulin Tue, 27 Jun 2017 19:01:55 +0200 netcat-openbsd (1.178-1) unstable; urgency=medium * New upstream release (compiled without TLS support). * debian/copyright: Fix license for atomicio.[ch] and socks.c (2-clause vs 3-clause BSD). Closes: #860459. * debian/README.source: new file showing how to import new upstream releases. * set TCP MD5SIG correctly for client connections. Thanks to Thomas Habets for the patch. -- Guilhem Moulin Sat, 17 Jun 2017 12:45:15 +0200 netcat-openbsd (1.130-3) unstable; urgency=medium * Change defaults from "-q0" to "-q-1" to match upstream defaults since the introduction of flag "-N" in version 1.110. Passing a non-negative value to "-q" now implies "-N"; in particular, "-q0" is now a mere alias for "-N". (Closes: #854292) -- Guilhem Moulin Fri, 03 Mar 2017 20:32:55 +0100 netcat-openbsd (1.130-2) unstable; urgency=medium * Fix handling of delayed exit option (Closes: #849192, LP: #1656785) Thanks to Stefan Bader! -- Aron Xu Thu, 26 Jan 2017 16:51:13 +0800 netcat-openbsd (1.130-1) unstable; urgency=low [ Aron Xu ] * Fix cross build, thanks Colin Watson. (Closes: #694844) [ Guilhem Moulin ] * Add self to Uploaders. * New upstream release. (Closes: #682444, #751105, #752931, #817050) * Ensure each line ends with CRLF when -C is set, not just the last line from the read buffer. (Closes: #705223, #711784) * Pause after each line when -i is set, not just after the last line from the read buffer. * debian/control: + Bump Standards-Version to 3.9.8 (no changes necessary). + Upgrade Vcs-Git URI from git:// to https://. + Upgrade Vcs-Browser URI from http:// to https:// and switch to the canonical cgit URI. * debian/compat: Bump debhelper compatibility version to 9. * debian/rules: Set DEB_BUILD_MAINT_OPTIONS to compile and link ELF executables with hardening options enabled. * debian/copyright: + Add missing entries for nc.1 and Makefile. + Replace the format URI http://dep.debian.net/deps/dep5/ by a versioned one https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ . * debian/patches/0001-port-to-linux-with-libsd.patch: Don't truncate to "Proxy-Authorization" header to 7 bytes. Thanks to Petros Angelatos for the patch. (Closes: #792454) * debian/patches/0010-misc-failures-and-features.patch: fix broadcast support (SO_BROADCAST is a socket-level option not a TCP socket option). Thanks to Jakob Wrigley for the patch. (Closes: #702204) -- Guilhem Moulin Fri, 11 Nov 2016 02:28:22 +0100 netcat-openbsd (1.105-7) unstable; urgency=low * Make UNIX dgram sockets work (Closes: #676997). -- Aron Xu Wed, 13 Jun 2012 09:01:43 +0800 netcat-openbsd (1.105-6) unstable; urgency=low * Fix segfaults when using -Ulv (Closes: #668558). * Do not continue to listen on port after accepting connection. -- Aron Xu Thu, 03 May 2012 07:38:59 +0800 netcat-openbsd (1.105-5) unstable; urgency=low * Add $LDFLAGS from environment (Closes: #665321). -- Aron Xu Mon, 26 Mar 2012 01:37:16 +0800 netcat-openbsd (1.105-4) unstable; urgency=high * High urgency for fixing RC bug. * Fix readwrite() behaviour (Closes: #662741). -- Aron Xu Tue, 06 Mar 2012 15:18:26 +0800 netcat-openbsd (1.105-3) unstable; urgency=low * Clear up symlink of man page. * Use Breaks instead of Conflicts. * Fix minor warnings from man. -- Aron Xu Sun, 19 Feb 2012 14:28:46 +0800 netcat-openbsd (1.105-2) unstable; urgency=low * Add missing Build-Depends: pkg-config. -- Aron Xu Sun, 19 Feb 2012 03:59:37 +0800 netcat-openbsd (1.105-1) unstable; urgency=low * New upstream CVS snapshot, new maintainer. - Verbose message to strerr (Closes: #570765). - Can use packet's content > 1024 (Closes: #607003). - Replace non-portable echo with printf (Closes: #510372). * debian/patches: - Rearrange existing patches, fix new porting issues. - Option -l and -p are now compatible (Closes: #540073). - Use libbsd instead of glib for strlcpy (Closes: #550611). - Fix build with -Wl,--as-needed (Closes: #604781). - Handling multiple clients subsquently when -k (Closes: #514792). - Replace inet_ntoa with inet_ntop to support IPv6 (Closes: #512992). - Modify -q behavior to be compatible with nc.traditional (Closes: #508722, #594614, #606925, #611964). - DCCP and broadcast support. - Arbitrary port list to scan. - Fix misc connection failures (Closes: #579485, #579486, #579487, #579488, #633948). - Improve verbose information and documentations. * debian/rules: - Link nc.openbsd.1 from nc.1 (Closes: #535951). - Enable optional hardening build flags. * debian/control: - Replace glib with libbsd. - Update to use debhelper 8, std-ver 3.9.2. - Priority: important, to make it into base system. - Add Vcs-*. * debian/compat: - Update to 8 from 4. -- Aron Xu Wed, 15 Feb 2012 01:39:04 +0800 netcat-openbsd (1.89-4) unstable; urgency=low * Quit immediately after EOF if -q is not given (i.e. make the default equivalent to -q 0). This is the standard upstream behavior and what other Linux distributions use. It is different from netcat-traditional, but compatibility with other versions of OpenBSD netcat is more important. (Closes: #502188) -- Decklin Foster Sun, 18 Apr 2010 20:05:08 -0400 netcat-openbsd (1.89-3) unstable; urgency=low * Silence -z flag, for compatibility with netcat-traditional (Closes: #464564) * Move stray line in socks.c to quilt patch series (Closes: #485160) * Add missing documentation for -q option to man page. -- Decklin Foster Thu, 19 Jun 2008 16:20:01 -0400 netcat-openbsd (1.89-2) unstable; urgency=low * Replace references to "netcat-base" with "netcat-traditional" (future name of the old netcat package). -- Decklin Foster Wed, 30 Jan 2008 18:24:46 -0500 netcat-openbsd (1.89-1) unstable; urgency=low * Initial release. (Closes: #145798) * Includes support for: - IPv6 (Closes: #461317) - Unix domain sockets (Closes: #348564) - SOCKS (Closes: #142898) * Conflict with netcat versions older than netcat-traditional, so that we can use alternatives. * Port some features over from netcat-traditional: - Exit successfully when printing help text (-h), and include the Debian revision. - Add the -q (quit on standard input EOF) flag. - Add support for specifying ports by name (/etc/services). Unlike the old hack for this, nc will first try to find a named service, then fall back to numeric parsing, so no escaping is needed. -- Decklin Foster Mon, 21 Jan 2008 18:41:37 -0500