pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/tinc tinc: update to 1.0.36



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a2281642e53b
branches:  trunk
changeset: 454470:a2281642e53b
user:      nia <nia%pkgsrc.org@localhost>
date:      Sat Jun 12 06:32:02 2021 +0000

description:
tinc: update to 1.0.36

Version 1.0.36               August 26 2019

 * Fix compiling tinc with certain versions of the OpenSSL library.
 * Fix parsing some IPv6 addresses with :: in them.
 * Fix GraphDumpFile output to handle node names starting with a digit.
 * Fix a potential segmentation fault when fragmenting packets.

Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
contributions to this version of tinc.

Version 1.0.35               October 5 2018

 * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
 * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
 * Minor fixes in the documentation.

Thanks to Amine Amri and Rafael Sadowski for their contributions to this
version of tinc.

Version 1.0.34               June 12 2018

 * Fix a potential segmentation fault when connecting to an IPv6 peer via a
   proxy.
 * Minor improvements to the build system.
 * Make the systemd service file identical to the one from the 1.1 branch.
 * Fix a potential problem causing IPv4 sockets to not work on macOS.

Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this
version of tinc.

Version 1.0.33               November 4 2017

 * Allow compilation from a build directory.
 * Source code cleanups.
 * Fix some options specified on the command line not surviving a HUP signal.
 * Handle tun/tap device returning EPERM or EBUSY.
 * Disable PMTUDiscovery when TCPOnly is used.
 * Support the --runstatedir option of the autoconf 2.70.

Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to
this version of tinc.

diffstat:

 net/tinc/Makefile         |    7 +-
 net/tinc/distinfo         |   11 +--
 net/tinc/patches/patch-aa |  133 ----------------------------------------------
 3 files changed, 8 insertions(+), 143 deletions(-)

diffs (169 lines):

diff -r 08d3718e3170 -r a2281642e53b net/tinc/Makefile
--- a/net/tinc/Makefile Sat Jun 12 06:22:21 2021 +0000
+++ b/net/tinc/Makefile Sat Jun 12 06:32:02 2021 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.32 2020/05/01 23:17:34 rillig Exp $
+# $NetBSD: Makefile,v 1.33 2021/06/12 06:32:02 nia Exp $
 
-DISTNAME=      tinc-1.0.32
-PKGREVISION=   2
+DISTNAME=      tinc-1.0.36
 CATEGORIES=    net
-MASTER_SITES=  http://www.tinc-vpn.org/packages/
+MASTER_SITES=  https://www.tinc-vpn.org/packages/
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      https://www.tinc-vpn.org/
diff -r 08d3718e3170 -r a2281642e53b net/tinc/distinfo
--- a/net/tinc/distinfo Sat Jun 12 06:22:21 2021 +0000
+++ b/net/tinc/distinfo Sat Jun 12 06:32:02 2021 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.14 2017/09/08 13:53:25 jperkin Exp $
+$NetBSD: distinfo,v 1.15 2021/06/12 06:32:02 nia Exp $
 
-SHA1 (tinc-1.0.32.tar.gz) = 33df65ad5a4db04d46e728675f1b35fe957dfad1
-RMD160 (tinc-1.0.32.tar.gz) = b6f8e0d11c206511e4f277409a59cf6df81559fa
-SHA512 (tinc-1.0.32.tar.gz) = 1533305a062782ec788bcb59f4cbfac76ed401ccfe57b5cbd9a3fd9b76a238dbd0f612071c24b157fec4dfc409c79b1b4fbf6e176510b321dcdd79174632028c
-Size (tinc-1.0.32.tar.gz) = 496221 bytes
-SHA1 (patch-aa) = 78f5bb7170c6db79fcdd50a824412e4f249aab37
+SHA1 (tinc-1.0.36.tar.gz) = 0235da77bf0880b6727b03155f953c7257da2863
+RMD160 (tinc-1.0.36.tar.gz) = 02a6618451e3c5290d4257046a4ed9f261e725e2
+SHA512 (tinc-1.0.36.tar.gz) = 23af9162f7ae700bad01e1f59f23f32d1b183b185ec35f4a69a987c52c53cfebfa9e852203b399f035988078e9131e5d59b018554a52a30044f34df6e64b5289
+Size (tinc-1.0.36.tar.gz) = 500320 bytes
diff -r 08d3718e3170 -r a2281642e53b net/tinc/patches/patch-aa
--- a/net/tinc/patches/patch-aa Sat Jun 12 06:22:21 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,133 +0,0 @@
-$NetBSD: patch-aa,v 1.7 2017/09/08 13:53:25 jperkin Exp $
-
-Patches from tonnerre in http://gnats.netbsd.org/30378
-
---- src/protocol_auth.c.orig   2017-07-30 14:01:13.000000000 +0000
-+++ src/protocol_auth.c
-@@ -218,22 +218,28 @@ bool send_metakey(connection_t *c) {
- }
- 
- bool metakey_h(connection_t *c) {
--      char buffer[MAX_STRING_SIZE];
-+      char *buffer, fmt[513];
-       int cipher, digest, maclength, compression;
-       int len;
- 
--      if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) {
-+      len = RSA_size(myself->connection->rsa_key);
-+      buffer = xmalloc(2 * len + 1);
-+      memset(buffer, 0, 2 * len + 1);
-+
-+      memset(fmt, 0, 513);
-+      snprintf(fmt, 512, "%%*d %%d %%d %%d %%d %%%ds", 2 * len);
-+      if(sscanf(c->buffer, fmt, &cipher, &digest, &maclength, &compression, buffer) != 5) {
-               logger(LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name,
-                          c->hostname);
-+              free(buffer);
-               return false;
-       }
- 
--      len = RSA_size(myself->connection->rsa_key);
--
-       /* Check if the length of the meta key is all right */
- 
-       if(strlen(buffer) != len * 2) {
-               logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength");
-+              free(buffer);
-               return false;
-       }
- 
-@@ -251,6 +257,7 @@ bool metakey_h(connection_t *c) {
- 
-       if(!hex2bin(buffer, buffer, len)) {
-               logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key");
-+              free(buffer);
-               return false;
-       }
- 
-@@ -259,6 +266,7 @@ bool metakey_h(connection_t *c) {
-       if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) {  /* See challenge() */
-               logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s",
-                          c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
-+              free(buffer);
-               return false;
-       }
- 
-@@ -277,6 +285,7 @@ bool metakey_h(connection_t *c) {
-               
-               if(!c->incipher) {
-                       logger(LOG_ERR, "%s (%s) uses unknown cipher!", c->name, c->hostname);
-+                      free(buffer);
-                       return false;
-               }
- 
-@@ -286,6 +295,7 @@ bool metakey_h(connection_t *c) {
-                                       EVP_CIPHER_iv_length(c->incipher))) {
-                       logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
-                                       c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
-+                      free(buffer);
-                       return false;
-               }
- 
-@@ -302,11 +312,13 @@ bool metakey_h(connection_t *c) {
- 
-               if(!c->indigest) {
-                       logger(LOG_ERR, "Node %s (%s) uses unknown digest!", c->name, c->hostname);
-+                      free(buffer);
-                       return false;
-               }
- 
-               if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
-                       logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
-+                      free(buffer);
-                       return false;
-               }
-       } else {
-@@ -317,6 +329,7 @@ bool metakey_h(connection_t *c) {
- 
-       c->allow_request = CHALLENGE;
- 
-+      free(buffer);
-       return send_challenge(c);
- }
- 
-@@ -350,22 +363,27 @@ bool send_challenge(connection_t *c) {
- }
- 
- bool challenge_h(connection_t *c) {
--      char buffer[MAX_STRING_SIZE];
--      int len;
-+      char *buffer, fmt[513];
-+      int len = RSA_size(myself->connection->rsa_key);
-+
-+      buffer = xmalloc(2 * len + 1);
-+      memset(fmt, 0, 513);
-+      snprintf(fmt, 512, "%%*d %%%ds", 2*len);
- 
--      if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) {
-+      if(sscanf(c->buffer, fmt, buffer) != 1) {
-               logger(LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name,
-                          c->hostname);
-+              free(buffer);
-               return false;
-       }
- 
--      len = RSA_size(myself->connection->rsa_key);
- 
-       /* Check if the length of the challenge is all right */
- 
-       if(strlen(buffer) != len * 2) {
-               logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
-                          c->hostname, "wrong challenge length");
-+              free(buffer);
-               return false;
-       }
- 
-@@ -384,6 +402,7 @@ bool challenge_h(connection_t *c) {
- 
-       /* Rest is done by send_chal_reply() */
- 
-+      free(buffer);
-       return send_chal_reply(c);
- }
- 



Home | Main Index | Thread Index | Old Index