pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/tinc Update tinc to 1.0.32. Changes since 1.0.26:
details: https://anonhg.NetBSD.org/pkgsrc/rev/6edf61151561
branches: trunk
changeset: 367927:6edf61151561
user: jperkin <jperkin%pkgsrc.org@localhost>
date: Fri Sep 08 13:53:25 2017 +0000
description:
Update tinc to 1.0.32. Changes since 1.0.26:
Version 1.0.32 September 02 2017
------------------------------------------------------------------------
Guus Sliepen (13):
Don't dereference myself->incipher if it's NULL.
Merge remote-tracking branch 'VittGam/master'
Use /dev/udp instead of /dev/ip on Solaris.
Use getmsg()/putmsg() instead of read()/write() on Solaris.
Fix Solaris DeviceType = tap in router Mode.
Bind outgoing TCP sockets.
Move logging of "would block" messages to debug level 4.
Set KillMode=mixed in the systemd service file.
Don't forget about outgoing connections on host file read errors.
Fix Proxy = exec.
Set status.proxy_passed early for Proxy = exec.
Don't try to bind Proxy = exec sockets to an address.
Releasing 1.0.32.
Vittorio Gambaletta (VittGam) (1):
route: Support ToS/DiffServ priority inheritance when routing IPv6
packets.
Version 1.0.31 January 15 2017
------------------------------------------------------------------------
Guus Sliepen (1):
Releasing 1.0.31.
?lie Bouttier (1):
Remove ExecStop in tinc@.service
Version 1.0.30 October 30 2016
------------------------------------------------------------------------
Guus Sliepen (11):
Allow non-empty lines after status code from a HTTP proxy.
Fix proxy reply parsing broken by the previous commit.
Log only the first line of a proxy request rejection message.
Delay sending the real ID request until after a proxy request is granted.
Use AES256 and SHA256 by default, also for the meta-connections.
Enforce maximum amount of bytes sent/received on meta-connections.
Fix bit shifting arithmetic so the code actually does what the last commit
message says.
Really fix byte budget calculation.
Use AES in CTR mode instead of OFB mode for meta-connections.
Use CFB mode for meta-connections to improve security.
Releasing 1.0.30.
Version 1.0.29 October 09 2016
------------------------------------------------------------------------
Guus Sliepen (11):
Preserve IPv6 scope_id in edges.
Ensure compatibility with OpenSSL 1.1.0.
Add -Wall to CFLAGS.
Check return value of RSA_generate_key_ex().
Force nul-termination of strings after vsnprintf().
Log warnings about dropped packets only with debug level 5 or higher.
Add a copy of ax_append_flag.m4.
Add ax_require_defined.m4.
Fix possibly unitialized variable.
Fix compiler warnings about format string errors on BSD.
Releasing 1.0.29.
Version 1.0.28 April 10 2016
------------------------------------------------------------------------
Guus Sliepen (8):
Fix compiling bsd/device.c on systems without utun.
Really remove use of __DATE__ and __TIME__ to facilitate reproducible
builds.
Add systemd service files.
Update .gitignore.
Ensure the service files are in the tarball.
Explicitly mention that LibreSSL can be used as well.
Update links in the documentation.
Releasing 1.0.28.
Version 1.0.27 April 10 2016
------------------------------------------------------------------------
Guus Sliepen (26):
Add missing AM_PROG_CC_C_O to configure.ac.
Attribution for various contributors.
Update "now" after connect() when making outgoing connections.
Add ability to use proxies to connect to hostnames when there is no
nameserver.
Only add a reflexive address when we're sure it's working.
Fix compatibility with TAP-Win32 9.0.0.21 and later.
Fix warnings from the Clang Static Analyzer.
Improve performance of edge updates.
Clarify that scripts are called synchronously.
Small fixes for the documentation.
Add warnings for bad combinations of Device and Interface.
Fix forwarding of edge updates.
Don't compile getopt*.c if the system provides getopt_long().
Update .gitignore.
Update THANKS.
Use iface instead of interface.
Update copyright notices.
Remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
Cast 0xff to char before comparing it to another char.
Get rid of a warning when compiling tinc using MinGW.
Every BSD flavor has a tap device nowadays.
Use devname() if available to support devfs cloning on BSD.
Use SIOCGIFADDR on BSDs that support it.
Enable silent builds by default.
Add support for OS X utun interfaces.
Releasing 1.0.27.
Vittorio Gambaletta (VittGam) (6):
Fix DecrementTTL option.
Fix source IP address for ICMP unreachable packets generated by tinc.
Try to reply with node address only when decrementing the TTL.
Fix DecrementTTL option for packets destined to the local node.
s/broadcast_packet_helper/route_broadcast/
Remove forward declaration for do_decrement_ttl.
LunarShaddow (3):
fix typo
re-arrange include sequence to avoid a mingw introduced bug.
Proofing README.
Florian Weik (1):
Fix NAME variable in subnet-* scripts for local subnets.
Nathan Stratton Treadway (1):
Fix invalid checksum generation.
diffstat:
net/tinc/Makefile | 5 ++---
net/tinc/distinfo | 13 ++++++-------
net/tinc/patches/patch-aa | 28 +++++++++++++++-------------
net/tinc/patches/patch-ac | 22 ----------------------
4 files changed, 23 insertions(+), 45 deletions(-)
diffs (154 lines):
diff -r 85a1da6a7568 -r 6edf61151561 net/tinc/Makefile
--- a/net/tinc/Makefile Fri Sep 08 13:35:02 2017 +0000
+++ b/net/tinc/Makefile Fri Sep 08 13:53:25 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.26 2017/04/19 11:24:38 jperkin Exp $
+# $NetBSD: Makefile,v 1.27 2017/09/08 13:53:25 jperkin Exp $
-DISTNAME= tinc-1.0.26
-PKGREVISION= 1
+DISTNAME= tinc-1.0.32
CATEGORIES= net
MASTER_SITES= http://www.tinc-vpn.org/packages/
diff -r 85a1da6a7568 -r 6edf61151561 net/tinc/distinfo
--- a/net/tinc/distinfo Fri Sep 08 13:35:02 2017 +0000
+++ b/net/tinc/distinfo Fri Sep 08 13:53:25 2017 +0000
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.13 2015/11/04 00:35:40 agc Exp $
+$NetBSD: distinfo,v 1.14 2017/09/08 13:53:25 jperkin Exp $
-SHA1 (tinc-1.0.26.tar.gz) = 4c6c650618b2015f9b8ec5bd04c0fa38e8f215c5
-RMD160 (tinc-1.0.26.tar.gz) = 0864250102300fd592076749510097a80e667dd1
-SHA512 (tinc-1.0.26.tar.gz) = 33f0a21a6a7f5b4e3bad5e30437efe88738bab243d9ea303842c454be53de0296878da90502b577996767a07d597453054fd4cdefbd05d22b49a6fb78b2aa64c
-Size (tinc-1.0.26.tar.gz) = 473681 bytes
-SHA1 (patch-aa) = 15b56f157cc1d23865c1ef5bc9f6adc499027ca5
-SHA1 (patch-ac) = 7e2aedcbc88ca71cb46d5a0a81e654671a7219b6
+SHA1 (tinc-1.0.32.tar.gz) = 33df65ad5a4db04d46e728675f1b35fe957dfad1
+RMD160 (tinc-1.0.32.tar.gz) = b6f8e0d11c206511e4f277409a59cf6df81559fa
+SHA512 (tinc-1.0.32.tar.gz) = 1533305a062782ec788bcb59f4cbfac76ed401ccfe57b5cbd9a3fd9b76a238dbd0f612071c24b157fec4dfc409c79b1b4fbf6e176510b321dcdd79174632028c
+Size (tinc-1.0.32.tar.gz) = 496221 bytes
+SHA1 (patch-aa) = 78f5bb7170c6db79fcdd50a824412e4f249aab37
diff -r 85a1da6a7568 -r 6edf61151561 net/tinc/patches/patch-aa
--- a/net/tinc/patches/patch-aa Fri Sep 08 13:35:02 2017 +0000
+++ b/net/tinc/patches/patch-aa Fri Sep 08 13:53:25 2017 +0000
@@ -1,8 +1,10 @@
-$NetBSD: patch-aa,v 1.6 2013/10/14 18:27:54 tonnerre Exp $
+$NetBSD: patch-aa,v 1.7 2017/09/08 13:53:25 jperkin Exp $
+
+Patches from tonnerre in http://gnats.netbsd.org/30378
---- src/protocol_auth.c.orig 2013-05-15 21:15:26.000000000 +0000
+--- src/protocol_auth.c.orig 2017-07-30 14:01:13.000000000 +0000
+++ src/protocol_auth.c
-@@ -280,22 +280,28 @@ bool send_metakey(connection_t *c) {
+@@ -218,22 +218,28 @@ bool send_metakey(connection_t *c) {
}
bool metakey_h(connection_t *c) {
@@ -35,7 +37,7 @@
return false;
}
-@@ -310,6 +316,7 @@ bool metakey_h(connection_t *c) {
+@@ -251,6 +257,7 @@ bool metakey_h(connection_t *c) {
if(!hex2bin(buffer, buffer, len)) {
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key");
@@ -43,7 +45,7 @@
return false;
}
-@@ -318,6 +325,7 @@ bool metakey_h(connection_t *c) {
+@@ -259,6 +266,7 @@ bool metakey_h(connection_t *c) {
if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */
logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s",
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
@@ -51,7 +53,7 @@
return false;
}
-@@ -336,6 +344,7 @@ bool metakey_h(connection_t *c) {
+@@ -277,6 +285,7 @@ bool metakey_h(connection_t *c) {
if(!c->incipher) {
logger(LOG_ERR, "%s (%s) uses unknown cipher!", c->name, c->hostname);
@@ -59,15 +61,15 @@
return false;
}
-@@ -345,6 +354,7 @@ bool metakey_h(connection_t *c) {
- c->incipher->iv_len)) {
+@@ -286,6 +295,7 @@ bool metakey_h(connection_t *c) {
+ EVP_CIPHER_iv_length(c->incipher))) {
logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
+ free(buffer);
return false;
}
-@@ -360,11 +370,13 @@ bool metakey_h(connection_t *c) {
+@@ -302,11 +312,13 @@ bool metakey_h(connection_t *c) {
if(!c->indigest) {
logger(LOG_ERR, "Node %s (%s) uses unknown digest!", c->name, c->hostname);
@@ -75,13 +77,13 @@
return false;
}
- if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
+ if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
+ free(buffer);
return false;
}
} else {
-@@ -375,6 +387,7 @@ bool metakey_h(connection_t *c) {
+@@ -317,6 +329,7 @@ bool metakey_h(connection_t *c) {
c->allow_request = CHALLENGE;
@@ -89,7 +91,7 @@
return send_challenge(c);
}
-@@ -404,22 +417,27 @@ bool send_challenge(connection_t *c) {
+@@ -350,22 +363,27 @@ bool send_challenge(connection_t *c) {
}
bool challenge_h(connection_t *c) {
@@ -121,7 +123,7 @@
return false;
}
-@@ -438,6 +456,7 @@ bool challenge_h(connection_t *c) {
+@@ -384,6 +402,7 @@ bool challenge_h(connection_t *c) {
/* Rest is done by send_chal_reply() */
diff -r 85a1da6a7568 -r 6edf61151561 net/tinc/patches/patch-ac
--- a/net/tinc/patches/patch-ac Fri Sep 08 13:35:02 2017 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-ac,v 1.2 2013/12/01 20:18:29 tonnerre Exp $
-
-DragonFly BSD support (see https://github.com/gsliepen/tinc/pull/1)
-
---- config.h.in.orig 2010-04-11 19:49:08 +0200
-+++ config.h.in
-@@ -163,9 +163,15 @@
- /* Define to 1 if you have the <net/if_tap.h> header file. */
- #undef HAVE_NET_IF_TAP_H
-
-+/* Define to 1 if you have the <net/tap/if_tap.h> header file. */
-+#undef HAVE_NET_TAP_IF_TAP_H
-+
- /* Define to 1 if you have the <net/if_tun.h> header file. */
- #undef HAVE_NET_IF_TUN_H
-
-+/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
-+#undef HAVE_NET_TUN_IF_TUN_H
-+
- /* Define to 1 if you have the <net/if_types.h> header file. */
- #undef HAVE_NET_IF_TYPES_H
-
Home |
Main Index |
Thread Index |
Old Index