Sat Apr 18 19:27:12 2009 UTC ()
Update net/tinc to version 1.0.9. Pick up maintainership and set license.

Changes since version 1.0.7:

 - Apply patch from Max Rijevski fixing a memory leak when closing connections.
   It also cleans up more when stopping tinc, helping tools like valgrind.
 - Handle broadcast and multicast packets in router mode.
   Multicast packets are treated as broadcast packets.
 - Update the manpage as well, and some whitespace to make its source more legible.
 - Update documentation.
   - TCPOnly is not experimental.
   - Do not mention old Linux kernels and Ethertap anymore.
   - Document the DeviceType, PMTU and PMTUDiscovery options.
 - Enable PMTU discovery by default.
 - Update copyright information.
 - Update Dutch translation.
 - Make sure IPv6 sockets are IPv6 only.
 - This will get rid of the "Can't bind to 0.0.0.0 port 655/tcp: Address already
   in use" message on Linux.
 - Use TUNIFHEAD by default on FreeBSD to make sure IPv6 works.
 - Treat virtual network device as tap if Mode = switch or hub.
   On OpenBSD, the link0 flag should still be set in tinc-up or by other means.
 - Correct debug message.
 - Prevent freeing a NULL pointer when a hostname is unresolvable.
 - Do not try to send REQ_KEY or ANS_KEY requests to unreachable nodes.
 - Fix reading configuration files that do not end with a newline.
 - Make sure the prefixlength of subnets is sane.
 - Handle SERVICE_CONTROL_INTERROGATE requests. Thanks to Carsten Ralle for noticing this.
 - Don't free struct addrinfo too early. Spotted by Christian Cier-Zniewski.
 - Update dutch translation.
 - Make sure connection->name is never NULL.
 - Apply patch from "dnk" making sockets non-blocking under Windows.
 - Close the proper filedescriptor (if it exists).
 - Apply patch from Scott Lamb fixing some memory and resource leaks.
 - Apply patch from Scott Lamb preventing an infinite loop when sending SIGALRM.


(tonnerre)
diff -r1.11 -r1.12 pkgsrc/net/tinc/Makefile
diff -r1.6 -r1.7 pkgsrc/net/tinc/distinfo
diff -r1.3 -r1.4 pkgsrc/net/tinc/patches/patch-aa
cvs diff -r1.11 -r1.12 pkgsrc/net/tinc/Makefile (expand / switch to unified diff)

--- pkgsrc/net/tinc/Makefile 2008/01/18 05:08:50 1.11
+++ pkgsrc/net/tinc/Makefile 2009/04/18 19:27:11 1.12
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: Makefile,v 1.11 2008/01/18 05:08:50 tnn Exp $ 1# $NetBSD: Makefile,v 1.12 2009/04/18 19:27:11 tonnerre Exp $
2# 2#
3 3
4DISTNAME= tinc-1.0.7 4DISTNAME= tinc-1.0.9
5PKGREVISION= 2 
6CATEGORIES= net 5CATEGORIES= net
7MASTER_SITES= http://www.tinc-vpn.org/packages/ 6MASTER_SITES= http://www.tinc-vpn.org/packages/
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= tonnerre@NetBSD.org
10HOMEPAGE= http://www.tinc-vpn.org/ 9HOMEPAGE= http://www.tinc-vpn.org/
 10LICENSE= gnu-gpl-v2
11COMMENT= Virtual Private Network (VPN) daemon 11COMMENT= Virtual Private Network (VPN) daemon
12 12
13PKG_DESTDIR_SUPPORT= user-destdir 13PKG_DESTDIR_SUPPORT= user-destdir
14 14
15GNU_CONFIGURE= yes 15GNU_CONFIGURE= yes
16INFO_FILES= yes 16INFO_FILES= yes
17USE_TOOLS+= msgfmt 17USE_TOOLS+= msgfmt
18 18
19.include "../../archivers/lzo/buildlink3.mk" 19.include "../../archivers/lzo/buildlink3.mk"
20.include "../../converters/libiconv/buildlink3.mk" 20.include "../../converters/libiconv/buildlink3.mk"
21.include "../../devel/gettext-lib/buildlink3.mk" 21.include "../../devel/gettext-lib/buildlink3.mk"
22.include "../../devel/zlib/buildlink3.mk" 22.include "../../devel/zlib/buildlink3.mk"
23.include "../../security/openssl/buildlink3.mk" 23.include "../../security/openssl/buildlink3.mk"
cvs diff -r1.6 -r1.7 pkgsrc/net/tinc/distinfo (expand / switch to unified diff)

--- pkgsrc/net/tinc/distinfo 2007/04/21 15:19:01 1.6
+++ pkgsrc/net/tinc/distinfo 2009/04/18 19:27:11 1.7
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
1$NetBSD: distinfo,v 1.6 2007/04/21 15:19:01 obache Exp $ 1$NetBSD: distinfo,v 1.7 2009/04/18 19:27:11 tonnerre Exp $
2 2
3SHA1 (tinc-1.0.7.tar.gz) = 79b18aa72d5c694c2a9ee7f59c8cf274407ed908 3SHA1 (tinc-1.0.9.tar.gz) = 55de1bc3b47a48fb162b00ffbb3bac1e2058a7ed
4RMD160 (tinc-1.0.7.tar.gz) = 74ce43f65700b182dff879ac08c41859faee27c2 4RMD160 (tinc-1.0.9.tar.gz) = 43ad67040ed7aaad710c5137659f8f0f1d908101
5Size (tinc-1.0.7.tar.gz) = 499135 bytes 5Size (tinc-1.0.9.tar.gz) = 519048 bytes
6SHA1 (patch-aa) = 2bc5c4acf339a29a10c6f8b03ab74d5341f036b4 6SHA1 (patch-aa) = 21bb1d30038faddedd9dea93e968d8a071b227a7
7SHA1 (patch-ab) = 482217af3b35ec7d3f9959857684ef38df1d72ce 7SHA1 (patch-ab) = 482217af3b35ec7d3f9959857684ef38df1d72ce
cvs diff -r1.3 -r1.4 pkgsrc/net/tinc/patches/Attic/patch-aa (expand / switch to unified diff)

--- pkgsrc/net/tinc/patches/Attic/patch-aa 2007/04/21 15:19:01 1.3
+++ pkgsrc/net/tinc/patches/Attic/patch-aa 2009/04/18 19:27:11 1.4
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1$NetBSD: patch-aa,v 1.3 2007/04/21 15:19:01 obache Exp $ 1$NetBSD: patch-aa,v 1.4 2009/04/18 19:27:11 tonnerre Exp $
2 2
3--- src/protocol_auth.c.orig 2006-04-26 13:53:05.000000000 +0000 3--- src/protocol_auth.c.orig 2008-12-22 21:35:45.000000000 +0100
4+++ src/protocol_auth.c 4+++ src/protocol_auth.c
5@@ -128,10 +128,10 @@ bool send_metakey(connection_t *c) 5@@ -128,10 +128,10 @@ bool send_metakey(connection_t *c)
6  6
7 /* Allocate buffers for the meta key */ 7 /* Allocate buffers for the meta key */
8  8
9- buffer = alloca(2 * len + 1); 9- buffer = alloca(2 * len + 1);
10+ buffer = xmalloc_and_zero(2 * len + 1); 10+ buffer = xmalloc_and_zero(2 * len + 1);
11  11
12 if(!c->outkey) 12 if(!c->outkey)
13- c->outkey = xmalloc(len); 13- c->outkey = xmalloc(len);
14+ c->outkey = xmalloc_and_zero(len); 14+ c->outkey = xmalloc_and_zero(len);
15  15
16 if(!c->outctx) 16 if(!c->outctx)
@@ -62,90 +62,82 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 @@ -62,90 +62,82 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19
62 return false; 62 return false;
63 } 63 }
64  64
65- len = RSA_size(myself->connection->rsa_key); 65- len = RSA_size(myself->connection->rsa_key);
66  66
67 /* Check if the length of the meta key is all right */ 67 /* Check if the length of the meta key is all right */
68  68
69 if(strlen(buffer) != len * 2) { 69 if(strlen(buffer) != len * 2) {
70 logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); 70 logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength");
71+ free(buffer); 71+ free(buffer);
72 return false; 72 return false;
73 } 73 }
74  74
75@@ -242,6 +253,7 @@ bool metakey_h(connection_t *c) 75@@ -260,6 +271,7 @@ bool metakey_h(connection_t *c)
76 if(RSA_private_decrypt(len, (unsigned char *)buffer, (unsigned char *)c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ 
77 logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), 
78 c->name, c->hostname); 
79+ free(buffer); 
80 return false; 
81 } 
82  
83@@ -260,6 +272,7 @@ bool metakey_h(connection_t *c) 
84  76
85 if(!c->incipher) { 77 if(!c->incipher) {
86 logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); 78 logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname);
87+ free(buffer); 79+ free(buffer);
88 return false; 80 return false;
89 } 81 }
90  82
91@@ -269,6 +282,7 @@ bool metakey_h(connection_t *c) 83@@ -269,6 +281,7 @@ bool metakey_h(connection_t *c)
92 c->incipher->iv_len)) { 84 c->incipher->iv_len)) {
93 logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), 85 logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"),
94 c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); 86 c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
95+ free(buffer); 87+ free(buffer);
96 return false; 88 return false;
97 } 89 }
98  90
99@@ -284,11 +298,13 @@ bool metakey_h(connection_t *c) 91@@ -284,11 +297,13 @@ bool metakey_h(connection_t *c)
100  92
101 if(!c->indigest) { 93 if(!c->indigest) {
102 logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); 94 logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname);
103+ free(buffer); 95+ free(buffer);
104 return false; 96 return false;
105 } 97 }
106  98
107 if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { 99 if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
108 logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); 100 logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname);
109+ free(buffer); 101+ free(buffer);
110 return false; 102 return false;
111 } 103 }
112 } else { 104 } else {
113@@ -299,6 +315,7 @@ bool metakey_h(connection_t *c) 105@@ -299,6 +314,7 @@ bool metakey_h(connection_t *c)
114  106
115 c->allow_request = CHALLENGE; 107 c->allow_request = CHALLENGE;
116  108
117+ free(buffer); 109+ free(buffer);
118 return send_challenge(c); 110 return send_challenge(c);
119 } 111 }
120  112
121@@ -306,6 +323,7 @@ bool send_challenge(connection_t *c) 113@@ -306,6 +322,7 @@ bool send_challenge(connection_t *c)
122 { 114 {
123 char *buffer; 115 char *buffer;
124 int len; 116 int len;
125+ bool ret; 117+ bool ret;
126  118
127 cp(); 119 cp();
128  120
129@@ -315,7 +333,7 @@ bool send_challenge(connection_t *c) 121@@ -315,7 +332,7 @@ bool send_challenge(connection_t *c)
130  122
131 /* Allocate buffers for the challenge */ 123 /* Allocate buffers for the challenge */
132  124
133- buffer = alloca(2 * len + 1); 125- buffer = alloca(2 * len + 1);
134+ buffer = xmalloc_and_zero(2 * len + 1); 126+ buffer = xmalloc_and_zero(2 * len + 1);
135  127
136 if(!c->hischallenge) 128 if(!c->hischallenge)
137 c->hischallenge = xmalloc(len); 129 c->hischallenge = xmalloc(len);
138@@ -331,29 +349,37 @@ bool send_challenge(connection_t *c) 130@@ -331,29 +348,37 @@ bool send_challenge(connection_t *c)
139  131
140 /* Send the challenge */ 132 /* Send the challenge */
141  133
142- return send_request(c, "%d %s", CHALLENGE, buffer); 134- return send_request(c, "%d %s", CHALLENGE, buffer);
143+ ret = send_request(c, "%d %s", CHALLENGE, buffer); 135+ ret = send_request(c, "%d %s", CHALLENGE, buffer);
144+ 136+
145+ free(buffer); 137+ free(buffer);
146+ 138+
147+ return ret; 139+ return ret;
148 } 140 }
149  141
150 bool challenge_h(connection_t *c) 142 bool challenge_h(connection_t *c)
151 { 143 {
@@ -169,21 +161,21 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19 @@ -169,21 +161,21 @@ $NetBSD: patch-aa,v 1.3 2007/04/21 15:19
169 } 161 }
170  162
171- len = RSA_size(myself->connection->rsa_key); 163- len = RSA_size(myself->connection->rsa_key);
172- 164-
173 /* Check if the length of the challenge is all right */ 165 /* Check if the length of the challenge is all right */
174  166
175 if(strlen(buffer) != len * 2) { 167 if(strlen(buffer) != len * 2) {
176 logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, 168 logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name,
177 c->hostname, "wrong challenge length"); 169 c->hostname, "wrong challenge length");
178+ free(buffer); 170+ free(buffer);
179 return false; 171 return false;
180 } 172 }
181  173
182@@ -370,6 +396,7 @@ bool challenge_h(connection_t *c) 174@@ -370,6 +395,7 @@ bool challenge_h(connection_t *c)
183  175
184 /* Rest is done by send_chal_reply() */ 176 /* Rest is done by send_chal_reply() */
185  177
186+ free(buffer); 178+ free(buffer);
187 return send_chal_reply(c); 179 return send_chal_reply(c);
188 } 180 }
189  181