diff options
author | nia <nia@pkgsrc.org> | 2021-06-12 06:32:02 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2021-06-12 06:32:02 +0000 |
commit | 2897f3ababba0f064951f08b0bec104054720944 (patch) | |
tree | 5e1f8c388e5ff4a9ef56325e450315e58a7fb55f /net/tinc | |
parent | 2ebc6c31d664d80a735e15c8344de2b8eea01b1a (diff) | |
download | pkgsrc-2897f3ababba0f064951f08b0bec104054720944.tar.gz |
tinc: update to 1.0.36
Version 1.0.36 August 26 2019
* Fix compiling tinc with certain versions of the OpenSSL library.
* Fix parsing some IPv6 addresses with :: in them.
* Fix GraphDumpFile output to handle node names starting with a digit.
* Fix a potential segmentation fault when fragmenting packets.
Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
contributions to this version of tinc.
Version 1.0.35 October 5 2018
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
* Minor fixes in the documentation.
Thanks to Amine Amri and Rafael Sadowski for their contributions to this
version of tinc.
Version 1.0.34 June 12 2018
* Fix a potential segmentation fault when connecting to an IPv6 peer via a
proxy.
* Minor improvements to the build system.
* Make the systemd service file identical to the one from the 1.1 branch.
* Fix a potential problem causing IPv4 sockets to not work on macOS.
Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this
version of tinc.
Version 1.0.33 November 4 2017
* Allow compilation from a build directory.
* Source code cleanups.
* Fix some options specified on the command line not surviving a HUP signal.
* Handle tun/tap device returning EPERM or EBUSY.
* Disable PMTUDiscovery when TCPOnly is used.
* Support the --runstatedir option of the autoconf 2.70.
Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to
this version of tinc.
Diffstat (limited to 'net/tinc')
-rw-r--r-- | net/tinc/Makefile | 7 | ||||
-rw-r--r-- | net/tinc/distinfo | 11 | ||||
-rw-r--r-- | net/tinc/patches/patch-aa | 133 |
3 files changed, 8 insertions, 143 deletions
diff --git a/net/tinc/Makefile b/net/tinc/Makefile index a6f400fd842..74a3d6ed9a0 100644 --- a/net/tinc/Makefile +++ b/net/tinc/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.32 2020/05/01 23:17:34 rillig Exp $ +# $NetBSD: Makefile,v 1.33 2021/06/12 06:32:02 nia Exp $ -DISTNAME= tinc-1.0.32 -PKGREVISION= 2 +DISTNAME= tinc-1.0.36 CATEGORIES= net -MASTER_SITES= http://www.tinc-vpn.org/packages/ +MASTER_SITES= https://www.tinc-vpn.org/packages/ MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= https://www.tinc-vpn.org/ diff --git a/net/tinc/distinfo b/net/tinc/distinfo index e8d85d1565a..725870ad25d 100644 --- a/net/tinc/distinfo +++ b/net/tinc/distinfo @@ -1,7 +1,6 @@ -$NetBSD: distinfo,v 1.14 2017/09/08 13:53:25 jperkin Exp $ +$NetBSD: distinfo,v 1.15 2021/06/12 06:32:02 nia Exp $ -SHA1 (tinc-1.0.32.tar.gz) = 33df65ad5a4db04d46e728675f1b35fe957dfad1 -RMD160 (tinc-1.0.32.tar.gz) = b6f8e0d11c206511e4f277409a59cf6df81559fa -SHA512 (tinc-1.0.32.tar.gz) = 1533305a062782ec788bcb59f4cbfac76ed401ccfe57b5cbd9a3fd9b76a238dbd0f612071c24b157fec4dfc409c79b1b4fbf6e176510b321dcdd79174632028c -Size (tinc-1.0.32.tar.gz) = 496221 bytes -SHA1 (patch-aa) = 78f5bb7170c6db79fcdd50a824412e4f249aab37 +SHA1 (tinc-1.0.36.tar.gz) = 0235da77bf0880b6727b03155f953c7257da2863 +RMD160 (tinc-1.0.36.tar.gz) = 02a6618451e3c5290d4257046a4ed9f261e725e2 +SHA512 (tinc-1.0.36.tar.gz) = 23af9162f7ae700bad01e1f59f23f32d1b183b185ec35f4a69a987c52c53cfebfa9e852203b399f035988078e9131e5d59b018554a52a30044f34df6e64b5289 +Size (tinc-1.0.36.tar.gz) = 500320 bytes diff --git a/net/tinc/patches/patch-aa b/net/tinc/patches/patch-aa deleted file mode 100644 index 89be85fb64b..00000000000 --- a/net/tinc/patches/patch-aa +++ /dev/null @@ -1,133 +0,0 @@ -$NetBSD: patch-aa,v 1.7 2017/09/08 13:53:25 jperkin Exp $ - -Patches from tonnerre in http://gnats.netbsd.org/30378 - ---- src/protocol_auth.c.orig 2017-07-30 14:01:13.000000000 +0000 -+++ src/protocol_auth.c -@@ -218,22 +218,28 @@ bool send_metakey(connection_t *c) { - } - - bool metakey_h(connection_t *c) { -- char buffer[MAX_STRING_SIZE]; -+ char *buffer, fmt[513]; - int cipher, digest, maclength, compression; - int len; - -- if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { -+ len = RSA_size(myself->connection->rsa_key); -+ buffer = xmalloc(2 * len + 1); -+ memset(buffer, 0, 2 * len + 1); -+ -+ memset(fmt, 0, 513); -+ snprintf(fmt, 512, "%%*d %%d %%d %%d %%d %%%ds", 2 * len); -+ if(sscanf(c->buffer, fmt, &cipher, &digest, &maclength, &compression, buffer) != 5) { - logger(LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name, - c->hostname); -+ free(buffer); - return false; - } - -- len = RSA_size(myself->connection->rsa_key); -- - /* Check if the length of the meta key is all right */ - - if(strlen(buffer) != len * 2) { - logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength"); -+ free(buffer); - return false; - } - -@@ -251,6 +257,7 @@ bool metakey_h(connection_t *c) { - - if(!hex2bin(buffer, buffer, len)) { - logger(LOG_ERR, "Got bad %s from %s(%s): %s", "METAKEY", c->name, c->hostname, "invalid key"); -+ free(buffer); - return false; - } - -@@ -259,6 +266,7 @@ bool metakey_h(connection_t *c) { - if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ - logger(LOG_ERR, "Error during decryption of meta key for %s (%s): %s", - c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); -+ free(buffer); - return false; - } - -@@ -277,6 +285,7 @@ bool metakey_h(connection_t *c) { - - if(!c->incipher) { - logger(LOG_ERR, "%s (%s) uses unknown cipher!", c->name, c->hostname); -+ free(buffer); - return false; - } - -@@ -286,6 +295,7 @@ bool metakey_h(connection_t *c) { - EVP_CIPHER_iv_length(c->incipher))) { - logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s", - c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); -+ free(buffer); - return false; - } - -@@ -302,11 +312,13 @@ bool metakey_h(connection_t *c) { - - if(!c->indigest) { - logger(LOG_ERR, "Node %s (%s) uses unknown digest!", c->name, c->hostname); -+ free(buffer); - return false; - } - - if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) { - logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname); -+ free(buffer); - return false; - } - } else { -@@ -317,6 +329,7 @@ bool metakey_h(connection_t *c) { - - c->allow_request = CHALLENGE; - -+ free(buffer); - return send_challenge(c); - } - -@@ -350,22 +363,27 @@ bool send_challenge(connection_t *c) { - } - - bool challenge_h(connection_t *c) { -- char buffer[MAX_STRING_SIZE]; -- int len; -+ char *buffer, fmt[513]; -+ int len = RSA_size(myself->connection->rsa_key); -+ -+ buffer = xmalloc(2 * len + 1); -+ memset(fmt, 0, 513); -+ snprintf(fmt, 512, "%%*d %%%ds", 2*len); - -- if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { -+ if(sscanf(c->buffer, fmt, buffer) != 1) { - logger(LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name, - c->hostname); -+ free(buffer); - return false; - } - -- len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the challenge is all right */ - - if(strlen(buffer) != len * 2) { - logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, - c->hostname, "wrong challenge length"); -+ free(buffer); - return false; - } - -@@ -384,6 +402,7 @@ bool challenge_h(connection_t *c) { - - /* Rest is done by send_chal_reply() */ - -+ free(buffer); - return send_chal_reply(c); - } - |