pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/tinc tinc: update to 1.0.36
details: https://anonhg.NetBSD.org/pkgsrc/rev/a2281642e53b
branches: trunk
changeset: 454470:a2281642e53b
user: nia <nia%pkgsrc.org@localhost>
date: Sat Jun 12 06:32:02 2021 +0000
description:
tinc: update to 1.0.36
Version 1.0.36 August 26 2019
* Fix compiling tinc with certain versions of the OpenSSL library.
* Fix parsing some IPv6 addresses with :: in them.
* Fix GraphDumpFile output to handle node names starting with a digit.
* Fix a potential segmentation fault when fragmenting packets.
Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
contributions to this version of tinc.
Version 1.0.35 October 5 2018
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
* Minor fixes in the documentation.
Thanks to Amine Amri and Rafael Sadowski for their contributions to this
version of tinc.
Version 1.0.34 June 12 2018
* Fix a potential segmentation fault when connecting to an IPv6 peer via a
proxy.
* Minor improvements to the build system.
* Make the systemd service file identical to the one from the 1.1 branch.
* Fix a potential problem causing IPv4 sockets to not work on macOS.
Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this
version of tinc.
Version 1.0.33 November 4 2017
* Allow compilation from a build directory.
* Source code cleanups.
* Fix some options specified on the command line not surviving a HUP signal.
* Handle tun/tap device returning EPERM or EBUSY.
* Disable PMTUDiscovery when TCPOnly is used.
* Support the --runstatedir option of the autoconf 2.70.
Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to
this version of tinc.
diffstat:
net/tinc/Makefile | 7 +-
net/tinc/distinfo | 11 +--
net/tinc/patches/patch-aa | 133 ----------------------------------------------
3 files changed, 8 insertions(+), 143 deletions(-)
diffs (169 lines):
diff -r 08d3718e3170 -r a2281642e53b net/tinc/Makefile
--- a/net/tinc/Makefile Sat Jun 12 06:22:21 2021 +0000
+++ b/net/tinc/Makefile Sat Jun 12 06:32:02 2021 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.32 2020/05/01 23:17:34 rillig Exp $
+# $NetBSD: Makefile,v 1.33 2021/06/12 06:32:02 nia Exp $
-DISTNAME= tinc-1.0.32
-PKGREVISION= 2
+DISTNAME= tinc-1.0.36
CATEGORIES= net
-MASTER_SITES= http://www.tinc-vpn.org/packages/
+MASTER_SITES= https://www.tinc-vpn.org/packages/
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= https://www.tinc-vpn.org/
diff -r 08d3718e3170 -r a2281642e53b net/tinc/distinfo
--- a/net/tinc/distinfo Sat Jun 12 06:22:21 2021 +0000
+++ b/net/tinc/distinfo Sat Jun 12 06:32:02 2021 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.14 2017/09/08 13:53:25 jperkin Exp $
+$NetBSD: distinfo,v 1.15 2021/06/12 06:32:02 nia Exp $
-SHA1 (tinc-1.0.32.tar.gz) = 33df65ad5a4db04d46e728675f1b35fe957dfad1
-RMD160 (tinc-1.0.32.tar.gz) = b6f8e0d11c206511e4f277409a59cf6df81559fa
-SHA512 (tinc-1.0.32.tar.gz) = 1533305a062782ec788bcb59f4cbfac76ed401ccfe57b5cbd9a3fd9b76a238dbd0f612071c24b157fec4dfc409c79b1b4fbf6e176510b321dcdd79174632028c
-Size (tinc-1.0.32.tar.gz) = 496221 bytes
-SHA1 (patch-aa) = 78f5bb7170c6db79fcdd50a824412e4f249aab37
+SHA1 (tinc-1.0.36.tar.gz) = 0235da77bf0880b6727b03155f953c7257da2863
+RMD160 (tinc-1.0.36.tar.gz) = 02a6618451e3c5290d4257046a4ed9f261e725e2
+SHA512 (tinc-1.0.36.tar.gz) = 23af9162f7ae700bad01e1f59f23f32d1b183b185ec35f4a69a987c52c53cfebfa9e852203b399f035988078e9131e5d59b018554a52a30044f34df6e64b5289
+Size (tinc-1.0.36.tar.gz) = 500320 bytes
diff -r 08d3718e3170 -r a2281642e53b net/tinc/patches/patch-aa
--- a/net/tinc/patches/patch-aa Sat Jun 12 06:22:21 2021 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,133 +0,0 @@
-$NetBSD: patch-aa,v 1.7 2017/09/08 13:53:25 jperkin Exp $
-
-Patches from tonnerre in http://gnats.netbsd.org/30378
-
---- src/protocol_auth.c.orig 2017-07-30 14:01:13.000000000 +0000
-+++ src/protocol_auth.c
-@@ -218,22 +218,28 @@ bool send_metakey(connection_t *c) {
- }
-
- bool metakey_h(connection_t *c) {
-- char buffer[MAX_STRING_SIZE];
-+ char *buffer, fmt[513];
- int cipher, digest, maclength, compression;
- int len;
-
-- if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) {
-+ len = RSA_size(myself->connection->rsa_key);
-+ buffer = xmalloc(2 * len + 1);
-+ memset(buffer, 0, 2 * len + 1);
-+
-+ memset(fmt, 0, 513);
-+ snprintf(fmt, 512, "%%*d %%d %%d %%d %%d %%%ds", 2 * len);
-+ if(sscanf(c->buffer, fmt, &cipher, &digest, &maclength, &compression, buffer) != 5) {
- logger(LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name,
- c->hostname);
-+ free(buffer);
- return false;
- }
-
-- len = RSA_size(myself->connection->rsa_key);
--
- /* Check if the length of the meta key is all right */
-
- if(strlen(buffer) != len * 2) {
- logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength");
-+ free(buffer);
- return false;
- }
-
-@@ -251,6 +257,7 @@ bool metakey_h(connection_t *c) {
-
- if(!hex2bin(buffer, buffer, len)) {
- logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key");
-+ free(buffer);
- return false;
- }
-
-@@ -259,6 +266,7 @@ bool metakey_h(connection_t *c) {
- if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */
- logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s",
- c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
-+ free(buffer);
- return false;
- }
-
-@@ -277,6 +285,7 @@ bool metakey_h(connection_t *c) {
-
- if(!c->incipher) {
- logger(LOG_ERR, "%s (%s) uses unknown cipher!", c->name, c->hostname);
-+ free(buffer);
- return false;
- }
-
-@@ -286,6 +295,7 @@ bool metakey_h(connection_t *c) {
- EVP_CIPHER_iv_length(c->incipher))) {
- logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
- c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
-+ free(buffer);
- return false;
- }
-
-@@ -302,11 +312,13 @@ bool metakey_h(connection_t *c) {
-
- if(!c->indigest) {
- logger(LOG_ERR, "Node %s (%s) uses unknown digest!", c->name, c->hostname);
-+ free(buffer);
- return false;
- }
-
- if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
- logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
-+ free(buffer);
- return false;
- }
- } else {
-@@ -317,6 +329,7 @@ bool metakey_h(connection_t *c) {
-
- c->allow_request = CHALLENGE;
-
-+ free(buffer);
- return send_challenge(c);
- }
-
-@@ -350,22 +363,27 @@ bool send_challenge(connection_t *c) {
- }
-
- bool challenge_h(connection_t *c) {
-- char buffer[MAX_STRING_SIZE];
-- int len;
-+ char *buffer, fmt[513];
-+ int len = RSA_size(myself->connection->rsa_key);
-+
-+ buffer = xmalloc(2 * len + 1);
-+ memset(fmt, 0, 513);
-+ snprintf(fmt, 512, "%%*d %%%ds", 2*len);
-
-- if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) {
-+ if(sscanf(c->buffer, fmt, buffer) != 1) {
- logger(LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name,
- c->hostname);
-+ free(buffer);
- return false;
- }
-
-- len = RSA_size(myself->connection->rsa_key);
-
- /* Check if the length of the challenge is all right */
-
- if(strlen(buffer) != len * 2) {
- logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
- c->hostname, "wrong challenge length");
-+ free(buffer);
- return false;
- }
-
-@@ -384,6 +402,7 @@ bool challenge_h(connection_t *c) {
-
- /* Rest is done by send_chal_reply() */
-
-+ free(buffer);
- return send_chal_reply(c);
- }
-
Home |
Main Index |
Thread Index |
Old Index