nc doesn't support "-s IP" option

Bug #1767283 reported by Stefan Schwarz on 2018-04-27
This bug affects 2 people
Affects Status Importance Assigned to Milestone
netcat-openbsd (Debian)
Fix Released
netcat-openbsd (Ubuntu)

Bug Description


 * This worked in former relases, so from a LTS->LTS upgraders POV it is
   an upgrade regression
 * The impact is that local source (-s) can no more be used as before
 * The fix is backporting the fix that we made in Debian (but without all
   the noise of the arg parsing rewrite for SRU simplicity)

[Test Case]

 * Run with local source port, like your local SSH for example:
     $ netcat -s 22 < /dev/null

[Regression Potential]

 * the Minimized change (compared to the big change that versions going
   forward got) should be safe as it just allows a case that was formerly
   forbidden in arg-parsing. Never the less there could be a regression if
   one of those combinations causes an issue when ran where it formerly
   just was denied on arg parse. Think a script that since Bionic fails
   (due to this bug) but once enabled will "work" and DUE TO THAT might
   then trigger actions that are an issue.
   Never the less, since currently in Bionic this just fails, I'd assume
   the this is a rather theoretical risk - and being a regression to
   former releases we should fix it to make LTS->LTS upgraders suffer

[Other Info]

 * n/a


netcat shows a usage error if i try to use the "-s" option:

Example in Bionic:

$ netcat -s 22 < /dev/null
usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]
   [-m minttl] [-O length] [-P proxy_username] [-p source_port]
   [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] [-w timeout]
   [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port]

Example in Xenial:

netcat -s 22 < /dev/null
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4

Manpage shows that the option is still availible and should work. Both systems use openbsd netcat.

$ type netcat
netcat is hashed (/bin/netcat)
$ ls -lah /bin/netcat
lrwxrwxrwx 1 root root 24 Apr 25 21:56 /bin/netcat -> /etc/alternatives/netcat
$ ls -lah /etc/alternatives/netcat
lrwxrwxrwx 1 root root 15 Apr 25 21:56 /etc/alternatives/netcat -> /bin/nc.openbsd

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: netcat-openbsd 1.187-1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Fri Apr 27 13:41:20 2018
 gcc-8-base 8-20180414-1ubuntu2
 libbsd0 0.8.7-1
 libc6 2.27-3ubuntu1
 libgcc1 1:8-20180414-1ubuntu2
 PATH=(custom, no user)
SourcePackage: netcat-openbsd
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Stefan Schwarz (foosinn) wrote :

-t in description (typo) mislead me - fixed the description

description: updated

Even the example from the manpage fails:
$ nc -s 42

Changed in netcat-openbsd (Ubuntu):
status: New → Confirmed

In gdb I see it gets to read -s

                case 's':
                        sflag = optarg;

It realizes no more options are there and then ends at
        } else if (argv[0] && argv[1]) {
                host = argv[0];
                uport = &argv[1];
                if (pflag || sflag)

And sflag is set, so it reports usage and exits.
The particular check in this path of pflag/sflag didn't exist back then.

I found this comes in via a patch
That was in Debian and Ubuntu since late 2016

This patch was modified by:
commit 2ebffb014c830e49f6fad600c59cc1b82fe356a4
Author: Guilhem Moulin <email address hidden>
Date: Sun Dec 3 22:58:11 2017 +0100

    Allow usage of -s with -l for consistency with netcat-traditional.

Since then this is also in Debian.

I'm not an expert on netcat but I hope this initial triage helps the next that will look at it.

I reported to Debian as well as they are also affected.
Especially since the change came from Guilhem - it might be best to think about a solution together.

Changed in netcat-openbsd (Debian):
status: Unknown → New
Changed in netcat-openbsd (Debian):
status: New → Fix Committed

Fix is now available in [1].
But needs to be picked up for 18.10 (once archive is open in a few days) and then prepped as 18.04 SRU.


Changed in netcat-openbsd (Debian):
status: Fix Committed → Fix Released

1.190-2 is in cosmic-proposed, but right now some tests still fail for 18.10/Cosmic not being fully open (e.g. no autotest/cloud images or missing 18.10 in postgres common.
So I have to beg your pardon to wait a bit more :-/

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netcat-openbsd - 1.190-2

netcat-openbsd (1.190-2) unstable; urgency=low

  * d/patches/misc-failures-and-features.patch: Refactor option/argument
    verification logic and re-enable usage of '-s' (local source address) and
    '-p' (local source port) in client mode (when '-l' is unset). Regression
    introduced in version 1.187-1 of that file. Closes: #897020, LP: #1767283.
  * debian/control: Bump Standards-Version to 4.1.4 (no changes necessary).

 -- Guilhem Moulin <email address hidden> Mon, 30 Apr 2018 19:53:34 +0200

Changed in netcat-openbsd (Ubuntu):
status: Confirmed → Fix Released

\o/ everything migrated fine in Cosmic now.
Time is ready for an SRU now into Bionic.

Changed in netcat-openbsd (Ubuntu Bionic):
status: New → Triaged

I backported the changes which had a lot of extra noise that had to be dropped.
Now a build is ready in ppa [1]

I haven't actually read the patch too much yet but found the build to not solve the issues for me on the example from the man page - so I started taking a deeper look.
It really works with the newer upstream version, so the patch needs a backport plus soem adaption to work in Bionic.

I found a snippet that I missed on the backport (ugly :-/) a better version built now and works for me. Due to the complexity thou and my unfamiliarity with the code I'd ask for some extra testing thou.

I'm proposing an SRU-MP but really any extra check is welcome.


Found a much better backport much more suited for the SRU process.
New build in ppa, if it tests fine I'll propose that instead.

Changes reviewed and SRU Template ready, uploaded for the SRU Team to accept it into Bionic.

description: updated

Hello Stefan, or anyone else affected,

Accepted netcat-openbsd into bionic-proposed. The package will build now and be available at in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at . Thank you in advance!

Changed in netcat-openbsd (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-bionic
Stefan Schwarz (foosinn) wrote :

Hey Łukasz,
hey Christian,

i can confirm that 1.187-1ubuntu0.1 fixes the issue. I did a quick check, and i did not find any other issues.

Thanks a lot for your help!

Thanks Stefan, updating the tags per former comment.

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netcat-openbsd - 1.187-1ubuntu0.1

netcat-openbsd (1.187-1ubuntu0.1) bionic; urgency=medium

  * Re-enable usage of '-s' (local source address) and '-p' (local source
    port) in client mode (when '-l' is unset). Regression introduced in
    a Debian-specific patch added in 1.187-1. (LP: #1767283).
    Backport of

 -- Christian Ehrhardt <email address hidden> Mon, 14 May 2018 14:24:33 +0200

Changed in netcat-openbsd (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for netcat-openbsd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.