diff options
author | wiz <wiz@pkgsrc.org> | 2005-05-30 16:58:03 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2005-05-30 16:58:03 +0000 |
commit | 903b92942a405458124caa0f41d3e537da5aa5aa (patch) | |
tree | 0de69beec6ce638e63748cbaf25d022138a6f11f /net/tinc | |
parent | f584d1001567d625eac373ee306e93fe4a6d7fab (diff) | |
download | pkgsrc-903b92942a405458124caa0f41d3e537da5aa5aa.tar.gz |
Update to 1.0.4, including a patch by Tonnerre, provided
in PR 30378.
version 1.0.4 May 4 2005
* Fix switch and hub modes.
* Optionally start scripts when a Subnet becomes (un)reachable.
version 1.0.3 Nov 11 2004
* Show error message when failing to write a PID file.
* Ignore spaces at end of lines in config files.
* Fix handling of late packets.
* Unify BSD tun/tap device handling. This allows IPv6 on tun devices and
anything on tap devices as long as the underlying OS supports it.
* Handle IPv6 on Solaris tun devices.
* Allow tinc to work properly under Windows XP SP2.
* Allow VLAN tagged Ethernet frames in switch and hub mode.
* Experimental PMTUDiscovery, TunnelServer and BlockingTCP options.
version 1.0.2 Nov 8 2003
* Fix address and hostname resolving under Windows.
* Remove warnings about non-existing scripts and unsupported address families.
* Use the event logger under Windows.
* Fix quoting of filenames and command line arguments under Windows.
* Strict checks for length incoming network packets and return values of
cryptographic functions,
* Fix a bug in metadata handling that made the tinc daemon abort.
Diffstat (limited to 'net/tinc')
-rw-r--r-- | net/tinc/Makefile | 5 | ||||
-rw-r--r-- | net/tinc/distinfo | 9 | ||||
-rw-r--r-- | net/tinc/patches/patch-aa | 196 |
3 files changed, 203 insertions, 7 deletions
diff --git a/net/tinc/Makefile b/net/tinc/Makefile index cbab497c42f..132983bbf57 100644 --- a/net/tinc/Makefile +++ b/net/tinc/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.4 2005/04/11 21:47:00 tv Exp $ +# $NetBSD: Makefile,v 1.5 2005/05/30 16:58:03 wiz Exp $ # -DISTNAME= tinc-1.0.1 -PKGREVISION= 1 +DISTNAME= tinc-1.0.4 CATEGORIES= net MASTER_SITES= http://tinc.nl.linux.org/packages/ diff --git a/net/tinc/distinfo b/net/tinc/distinfo index 088bc172a43..a1df13bd749 100644 --- a/net/tinc/distinfo +++ b/net/tinc/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.2 2005/02/24 12:14:05 agc Exp $ +$NetBSD: distinfo,v 1.3 2005/05/30 16:58:03 wiz Exp $ -SHA1 (tinc-1.0.1.tar.gz) = dfd064d1e7eba298e4f9a103543fd656700e243b -RMD160 (tinc-1.0.1.tar.gz) = f12faf6e46e6662a70517462223744ee8fa513a7 -Size (tinc-1.0.1.tar.gz) = 464507 bytes +SHA1 (tinc-1.0.4.tar.gz) = b70c87a147e5a01edcb70593ea29155eed075785 +RMD160 (tinc-1.0.4.tar.gz) = f4ec33a10f5039c625ec124376216cc03aa5f318 +Size (tinc-1.0.4.tar.gz) = 480305 bytes +SHA1 (patch-aa) = f1cd0121d10181ab8ce44295605ecd46ea225ba5 diff --git a/net/tinc/patches/patch-aa b/net/tinc/patches/patch-aa new file mode 100644 index 00000000000..079ce0940a7 --- /dev/null +++ b/net/tinc/patches/patch-aa @@ -0,0 +1,196 @@ +diff -Nur src/protocol_auth.c src/protocol_auth.c +--- src/protocol_auth.c Fri May 27 14:28:54 2005 ++++ src/protocol_auth.c Fri May 27 14:28:30 2005 +@@ -118,7 +118,7 @@ + + bool send_metakey(connection_t *c) + { +- char buffer[MAX_STRING_SIZE]; ++ char *buffer; + int len; + bool x; + +@@ -129,10 +129,11 @@ + /* Allocate buffers for the meta key */ + + if(!c->outkey) +- c->outkey = xmalloc(len); ++ c->outkey = xmalloc_and_zero(len); + + if(!c->outctx) + c->outctx = xmalloc_and_zero(sizeof(*c->outctx)); ++ buffer = xmalloc_and_zero(2 * len + 1); + cp(); + /* Copy random data to the buffer */ + +@@ -167,6 +168,7 @@ + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); ++ free(buffer); + return false; + } + +@@ -191,35 +193,45 @@ + c->outcipher->iv_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); ++ free(buffer); + return false; + } + + c->status.encryptout = true; + } + ++ free(buffer); + return x; + } + + bool metakey_h(connection_t *c) + { +- char buffer[MAX_STRING_SIZE]; ++ char *buffer, fmt[513]; + int cipher, digest, maclength, compression; + int len; + + cp(); + +- if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { ++ len = RSA_size(myself->connection->rsa_key); ++ buffer = xmalloc(2 * len + 1); ++ memset(buffer, 0, 2 * len + 1); ++ ++ memset(fmt, 0, 513); ++ snprintf(fmt, 512, "%%*d %%d %%d %%d %%d %%%ds", 2 * len); ++ ++ if(sscanf(c->buffer, fmt, &cipher, &digest, &maclength, &compression, buffer) != 5) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, + c->hostname); ++ free(buffer); + return false; + } + +- len = RSA_size(myself->connection->rsa_key); + + /* Check if the length of the meta key is all right */ + + if(strlen(buffer) != len * 2) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); ++ free(buffer); + return false; + } + +@@ -240,6 +252,7 @@ + if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); ++ free(buffer); + return false; + } + +@@ -258,6 +271,7 @@ + + if(!c->incipher) { + logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); ++ free(buffer); + return false; + } + +@@ -267,6 +281,7 @@ + c->incipher->iv_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); ++ free(buffer); + return false; + } + +@@ -282,11 +297,13 @@ + + if(!c->indigest) { + logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); ++ free(buffer); + return false; + } + + if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { + logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); ++ free(buffer); + return false; + } + } else { +@@ -297,19 +314,22 @@ + + c->allow_request = CHALLENGE; + ++ free(buffer); + return send_challenge(c); + } + + bool send_challenge(connection_t *c) + { +- char buffer[MAX_STRING_SIZE]; ++ char *buffer; + int len; ++ bool ret; + + cp(); + + /* CHECKME: what is most reasonable value for len? */ + + len = RSA_size(c->rsa_key); ++ buffer = xmalloc_and_zero(2 * len + 1); + + /* Allocate buffers for the challenge */ + +@@ -327,29 +347,37 @@ + + /* Send the challenge */ + +- return send_request(c, "%d %s", CHALLENGE, buffer); ++ ret = send_request(c, "%d %s", CHALLENGE, buffer); ++ ++ free(buffer); ++ ++ return ret; + } + + bool challenge_h(connection_t *c) + { +- char buffer[MAX_STRING_SIZE]; +- int len; ++ char *buffer, fmt[513]; ++ int len = RSA_size(myself->connection->rsa_key); + + cp(); + +- if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { ++ buffer = xmalloc(2 * len + 1); ++ memset(fmt, 0, 513); ++ snprintf(fmt, 512, "%%*d %%%ds", 2*len); ++ ++ if(sscanf(c->buffer, fmt, buffer) != 1) { + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, + c->hostname); ++ free(buffer); + return false; + } + +- len = RSA_size(myself->connection->rsa_key); +- + /* Check if the length of the challenge is all right */ + + if(strlen(buffer) != len * 2) { + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, "wrong challenge length"); ++ free(buffer); + return false; + } + +@@ -366,6 +394,7 @@ + + /* Rest is done by send_chal_reply() */ + ++ free(buffer); + return send_chal_reply(c); + } + |