Import Debian changes 1.1~pre14-16-g15b868e-1

tinc (1.1~pre14-16-g15b868e-1) experimental; urgency=medium

  * New upstream release.
    - Use the latest git version in order to compile with OpenSSL 1.1.0.
  * Bump debian/compat and Standards-Version.
  * Fix the version number in configure.ac.
  * Make the build reproducible.
This commit is contained in:
Guus Sliepen 2016-09-26 21:35:35 +02:00
commit 3c37b83332
52 changed files with 860 additions and 293 deletions

View file

@ -1,3 +1,19 @@
Version 1.1pre14 May 01 2016
------------------------------------------------------------------------
Guus Sliepen (2):
Revert "Remove tinc.service, it is not necessary."
Releasing 1.1pre14.
Version 1.1pre13 April 30 2016
------------------------------------------------------------------------
Guus Sliepen (4):
Fix BSD tun device support.
Remove tinc.service, it is not necessary.
AutoConnect now only chooses from nodes for which we know an address.
Releasing 1.1pre13.
Version 1.1pre12 April 24 2016
------------------------------------------------------------------------

View file

@ -90,8 +90,11 @@ host_triplet = @host@
subdir = .
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \

12
NEWS
View file

@ -1,3 +1,13 @@
# Version 1.1pre13 May 1 2016
* Add tinc.service back.
# Version 1.1pre13 April 30 2016
* Fix BSD tun device support that was broken in 1.1pre12.
* Speed up AutoConnect when there are many host config files present without
an Address.
# Version 1.1pre12 April 24 2016
* Added a "--syslog" option to force logging to syslog even if running in the
@ -21,7 +31,7 @@
* Initial support for generating a tinc-up script from an invitation.
* Many small fixes, documentation updates.
Thanks to Etienne Dechamps, thorkill, Vittorio Gambaletta, Martin Weinelt,
Thanks to Etienne Dechamps, Rafał Leśniak, Vittorio Gambaletta, Martin Weinelt,
Sven-Haegar Koch, Florian Klink, LunnarShadow, Dato Simó, Jo-Philipp Wich,
Jochen Voss, Nathan Stratton Treadway, Pierre Emeriaud, xentec, Samuel
Thibault and Michael Tokarev for their contributions to this version of tinc.

4
README
View file

@ -1,4 +1,4 @@
This is the README file for tinc version 1.1pre12. Installation
This is the README file for tinc version 1.1pre14. Installation
instructions may be found in the INSTALL file.
tinc is Copyright © 1998-2016 Ivo Timmermans, Guus Sliepen <guus@tinc-vpn.org>, and others.
@ -32,7 +32,7 @@ at your own risk.
Compatibility
-------------
Version 1.1pre12 is compatible with 1.0pre8, 1.0 and later, but not with older
Version 1.1pre14 is compatible with 1.0pre8, 1.0 and later, but not with older
versions of tinc.
When the ExperimentalProtocol option is used, tinc is still compatible with

1
THANKS
View file

@ -84,7 +84,6 @@ We would like to thank the following people for their contributions to tinc:
* Sven-Haegar Koch
* Teemu Kiviniemi
* Thomas Tsiakalakis
* thorkill
* Timothy Redaelli
* Tomasz Fortuna
* Tomislav Čohar

3
aclocal.m4 vendored
View file

@ -1151,8 +1151,11 @@ AC_SUBST([am__untar])
]) # _AM_PROG_TAR
m4_include([m4/attribute.m4])
m4_include([m4/ax_append_flag.m4])
m4_include([m4/ax_cflags_warn_all.m4])
m4_include([m4/ax_check_compile_flag.m4])
m4_include([m4/ax_check_link_flag.m4])
m4_include([m4/ax_require_defined.m4])
m4_include([m4/curses.m4])
m4_include([m4/libgcrypt.m4])
m4_include([m4/lzo.m4])

111
config.guess vendored
View file

@ -1,8 +1,8 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2015 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2015-08-20'
timestamp='2016-04-02'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -27,7 +27,7 @@ timestamp='2015-08-20'
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
#
# Please send patches to <config-patches@gnu.org>.
@ -50,7 +50,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2015 Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -237,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
@ -268,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
UNAME_MACHINE=alpha ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
UNAME_MACHINE=alphaev5 ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
UNAME_MACHINE=alphaev56 ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
UNAME_MACHINE=alphapca56 ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
UNAME_MACHINE=alphapca57 ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
UNAME_MACHINE=alphaev6 ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
UNAME_MACHINE=alphaev67 ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
UNAME_MACHINE=alphaev68 ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
UNAME_MACHINE=alphaev69 ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
UNAME_MACHINE=alphaev7 ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
UNAME_MACHINE=alphaev79 ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
@ -376,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
SUN_ARCH="i386"
SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH="x86_64"
SUN_ARCH=x86_64
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
@ -410,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
@ -635,13 +639,13 @@ EOF
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
@ -680,11 +684,11 @@ EOF
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
if [ ${HP_ARCH} = hppa2.0w ]
then
eval $set_cc_for_build
@ -697,12 +701,12 @@ EOF
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
HP_ARCH="hppa2.0w"
HP_ARCH=hppa2.0w
else
HP_ARCH="hppa64"
HP_ARCH=hppa64
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@ -807,14 +811,14 @@ EOF
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
@ -896,7 +900,7 @@ EOF
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
@ -919,7 +923,7 @@ EOF
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
@ -965,6 +969,9 @@ EOF
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
k1om:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
@ -1120,7 +1127,7 @@ EOF
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
@ -1269,6 +1276,9 @@ EOF
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
SX-ACE:SUPER-UX:*:*)
echo sxace-nec-superux${UNAME_RELEASE}
exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@ -1282,9 +1292,9 @@ EOF
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
@ -1306,7 +1316,7 @@ EOF
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
@ -1337,7 +1347,7 @@ EOF
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
if test "$cputype" = 386; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
@ -1379,7 +1389,7 @@ EOF
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
@ -1390,6 +1400,9 @@ EOF
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
amd64:Isilon\ OneFS:*:*)
echo x86_64-unknown-onefs
exit ;;
esac
cat >&2 <<EOF
@ -1399,9 +1412,9 @@ This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
and
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be

View file

@ -21,6 +21,9 @@
/* Define to 1 if you have the `asprintf' function. */
#undef HAVE_ASPRINTF
/* Define to 1 if you have the `BN_GENCB_new' function. */
#undef HAVE_BN_GENCB_NEW
/* Unknown BSD variant */
#undef HAVE_BSD
@ -56,6 +59,12 @@
/* DragonFly */
#undef HAVE_DRAGONFLY
/* Define to 1 if you have the `ERR_remove_state' function. */
#undef HAVE_ERR_REMOVE_STATE
/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
#undef HAVE_EVP_CIPHER_CTX_NEW
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
#undef HAVE_EVP_ENCRYPTINIT_EX
@ -227,8 +236,8 @@
/* Define to 1 if you have the `putenv' function. */
#undef HAVE_PUTENV
/* Define to 1 if you have the `RAND_status' function. */
#undef HAVE_RAND_STATUS
/* Define to 1 if you have the `RAND_bytes' function. */
#undef HAVE_RAND_BYTES
/* have readline support */
#undef HAVE_READLINE
@ -245,6 +254,9 @@
/* Define to 1 if you have the <resolv.h> header file. */
#undef HAVE_RESOLV_H
/* Define to 1 if you have the `RSA_set0_key' function. */
#undef HAVE_RSA_SET0_KEY
/* Solaris/SunOS */
#undef HAVE_SOLARIS

18
config.sub vendored
View file

@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2015 Free Software Foundation, Inc.
# Copyright 1992-2016 Free Software Foundation, Inc.
timestamp='2015-08-20'
timestamp='2016-03-30'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -33,7 +33,7 @@ timestamp='2015-08-20'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -53,8 +53,7 @@ timestamp='2015-08-20'
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2015 Free Software Foundation, Inc.
Copyright 1992-2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -1383,7 +1382,7 @@ case $os in
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -bitrig* | -openbsd* | -solidbsd* \
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
@ -1399,7 +1398,8 @@ case $os in
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
| -onefs* | -tirtos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1531,6 +1531,8 @@ case $os in
;;
-nacl*)
;;
-ios)
;;
-none)
;;
*)

118
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for tinc tinc-1.1pre12.
# Generated by GNU Autoconf 2.69 for tinc 1.1pre14-18-ge6497a2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@ -577,8 +577,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='tinc'
PACKAGE_TARNAME='tinc'
PACKAGE_VERSION='tinc-1.1pre12'
PACKAGE_STRING='tinc tinc-1.1pre12'
PACKAGE_VERSION='1.1pre14-18-ge6497a2'
PACKAGE_STRING='tinc 1.1pre14-18-ge6497a2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures tinc tinc-1.1pre12 to adapt to many kinds of systems.
\`configure' configures tinc 1.1pre14-18-ge6497a2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1417,7 +1417,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of tinc tinc-1.1pre12:";;
short | recursive ) echo "Configuration of tinc 1.1pre14-18-ge6497a2:";;
esac
cat <<\_ACEOF
@ -1556,7 +1556,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
tinc configure tinc-1.1pre12
tinc configure 1.1pre14-18-ge6497a2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2021,7 +2021,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by tinc $as_me tinc-1.1pre12, which was
It was created by tinc $as_me 1.1pre14-18-ge6497a2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -4256,7 +4256,7 @@ fi
# Define the identity of the package.
PACKAGE='tinc'
VERSION='tinc-1.1pre12'
VERSION='1.1pre14-18-ge6497a2'
cat >>confdefs.h <<_ACEOF
@ -5257,6 +5257,89 @@ if test -d /sw/lib; then :
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking CFLAGS for maximum warnings" >&5
$as_echo_n "checking CFLAGS for maximum warnings... " >&6; }
if ${ac_cv_cflags_warn_all+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_cv_cflags_warn_all="no, unknown"
ac_save_CFLAGS="$CFLAGS"
for ac_arg in "-warn all % -warn all" "-pedantic % -Wall" "-xstrconst % -v" "-std1 % -verbose -w0 -warnprotos" "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" "-ansi -ansiE % -fullwarn" "+ESlit % +w1" "-Xc % -pvctl,fullmsg" "-h conform % -h msglevel 2" #
do CFLAGS="$ac_save_CFLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_cflags_warn_all=`echo $ac_arg | sed -e 's,.*% *,,'` ; break
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
done
CFLAGS="$ac_save_CFLAGS"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cflags_warn_all" >&5
$as_echo "$ac_cv_cflags_warn_all" >&6; }
case ".$ac_cv_cflags_warn_all" in
.ok|.ok,*) ;;
.|.no|.no,*) ;;
*)
if ${CFLAGS+:} false; then :
case " $CFLAGS " in #(
*" $ac_cv_cflags_warn_all "*) :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$ac_cv_cflags_warn_all"; } >&5
(: CFLAGS already contains $ac_cv_cflags_warn_all) 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } ;; #(
*) :
as_fn_append CFLAGS " $ac_cv_cflags_warn_all"
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5
(: CFLAGS="$CFLAGS") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
;;
esac
else
CFLAGS=$ac_cv_cflags_warn_all
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5
(: CFLAGS="$CFLAGS") 2>&5
ac_status=$?
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
fi
;;
esac
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
# Check whether --enable-hardening was given.
if test "${enable_hardening+set}" = set; then :
enableval=$enable_hardening;
@ -6911,7 +6994,7 @@ else
fi
for ac_func in RAND_status EVP_EncryptInit_ex
for ac_func in RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -6945,6 +7028,19 @@ else
fi
for ac_func in BN_GENCB_new ERR_remove_state RSA_set0_key
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
done
fi
@ -7676,7 +7772,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by tinc $as_me tinc-1.1pre12, which was
This file was extended by tinc $as_me 1.1pre14-18-ge6497a2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -7742,7 +7838,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
tinc config.status tinc-1.1pre12
tinc config.status 1.1pre14-18-ge6497a2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View file

@ -140,6 +140,8 @@ AS_IF([test -d /sw/lib], [LIBS="$LIBS -L/sw/lib"])
dnl Compiler hardening flags
dnl No -fstack-protector-all because it doesn't work on all platforms or architectures.
AX_CFLAGS_WARN_ALL(CFLAGS)
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
AS_IF([test "x$enable_hardening" != "xno"],
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"])

10
debian/changelog vendored
View file

@ -1,3 +1,13 @@
tinc (1.1~pre14-16-g15b868e-1) experimental; urgency=medium
* New upstream release.
- Use the latest git version in order to compile with OpenSSL 1.1.0.
* Bump debian/compat and Standards-Version.
* Fix the version number in configure.ac.
* Make the build reproducible.
-- Guus Sliepen <guus@debian.org> Mon, 26 Sep 2016 21:35:35 +0200
tinc (1.1~pre12-1) experimental; urgency=medium
* New upstream release.

2
debian/compat vendored
View file

@ -1 +1 @@
9
10

2
debian/control vendored
View file

@ -2,7 +2,7 @@ Source: tinc
Section: net
Priority: optional
Maintainer: Guus Sliepen <guus@debian.org>
Standards-Version: 3.9.7
Standards-Version: 3.9.8
Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 9), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libvdeplug-dev, python | python-all | python-dev | python-all-dev, dh-python
Homepage: https://www.tinc-vpn.org/

11
debian/patches/fix-version-number vendored Normal file
View file

@ -0,0 +1,11 @@
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT([tinc], m4_esyscmd_s((git describe || echo UNKNOWN) | sed 's/release-//'))
+AC_INIT([tinc], m4_esyscmd_s((git describe || echo 1.1pre14-16-g15b868e) | sed 's/release-//'))
AC_CONFIG_SRCDIR([src/tincd.c])
AC_GNU_SOURCE
AM_INIT_AUTOMAKE([std-options subdir-objects nostdinc silent-rules -Wall])

50
debian/patches/reproducible-build vendored Normal file
View file

@ -0,0 +1,50 @@
--- a/src/process.c
+++ b/src/process.c
@@ -219,8 +219,8 @@
openlogger(identname, logmode);
- logger(DEBUG_ALWAYS, LOG_NOTICE, "tincd %s (%s %s) starting, debug level %d",
- BUILD_VERSION, BUILD_DATE, BUILD_TIME, debug_level);
+ logger(DEBUG_ALWAYS, LOG_NOTICE, "tincd %s starting, debug level %d",
+ BUILD_VERSION, debug_level);
return true;
}
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -87,8 +87,8 @@
};
static void version(void) {
- printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
- BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
+ printf("%s version %s (protocol %d.%d)\n", PACKAGE,
+ BUILD_VERSION, PROT_MAJOR, PROT_MINOR);
printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -344,8 +344,8 @@
chdir(confbase);
if(show_version) {
- printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
- BUILD_VERSION, BUILD_DATE, BUILD_TIME, PROT_MAJOR, PROT_MINOR);
+ printf("%s version %s (protocol %d.%d)\n", PACKAGE,
+ BUILD_VERSION, PROT_MAJOR, PROT_MINOR);
printf("Copyright (C) 1998-2016 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
--- a/src/version.c
+++ b/src/version.c
@@ -22,8 +22,6 @@
#include "../config.h"
/* This file is always rebuilt (even if there are no changes) so that the following is updated */
-const char* const BUILD_DATE = __DATE__;
-const char* const BUILD_TIME = __TIME__;
#ifdef GIT_DESCRIPTION
const char* const BUILD_VERSION = GIT_DESCRIPTION;
#else

2
debian/patches/series vendored Normal file
View file

@ -0,0 +1,2 @@
fix-version-number
reproducible-build

2
debian/rules vendored
View file

@ -15,7 +15,7 @@
dh $@ --parallel --with python2
override_dh_auto_configure:
dh_auto_configure -- --enable-uml --enable-vde
dh_auto_configure -- --enable-uml --enable-vde --with-systemd
$(MAKE) clean
override_dh_auto_install:

2
debian/tinc.install vendored
View file

@ -5,4 +5,4 @@ usr/share/man/man5
usr/share/man/man8/tincd.*
usr/share/man/man8/tinc.*
usr/share/info
debian/*.service /lib/systemd/system/
lib/systemd/system

16
debian/tinc.service vendored
View file

@ -1,16 +0,0 @@
# This is a mostly empty service, but allows commands like stop, start, reload
# to propagate to all tinc@ service instances.
[Unit]
Description=Tinc VPN
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecReload=/bin/true
WorkingDirectory=/etc/tinc
[Install]
WantedBy=multi-user.target

17
debian/tinc@.service vendored
View file

@ -1,17 +0,0 @@
[Unit]
Description=Tinc net %i
PartOf=tinc.service
ReloadPropagatedFrom=tinc.service
[Service]
Type=simple
WorkingDirectory=/etc/tinc/%i
ExecStart=/usr/sbin/tinc -n %i start -D
ExecReload=/usr/sbin/tinc -n %i reload
ExecStop=/usr/sbin/tinc -n %i stop
TimeoutStopSec=5
Restart=always
RestartSec=60
[Install]
WantedBy=tinc.service

View file

@ -89,8 +89,11 @@ host_triplet = @host@
subdir = doc
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \

Binary file not shown.

View file

@ -91,8 +91,11 @@ host_triplet = @host@
subdir = gui
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \

71
m4/ax_append_flag.m4 Normal file
View file

@ -0,0 +1,71 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
#
# DESCRIPTION
#
# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
# added in between.
#
# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
# FLAG.
#
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
#
# LICENSE
#
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 6
AC_DEFUN([AX_APPEND_FLAG],
[dnl
AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
AS_VAR_SET_IF(FLAGS,[
AS_CASE([" AS_VAR_GET(FLAGS) "],
[*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
[
AS_VAR_APPEND(FLAGS,[" $1"])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
],
[
AS_VAR_SET(FLAGS,[$1])
AC_RUN_LOG([: FLAGS="$FLAGS"])
])
AS_VAR_POPDEF([FLAGS])dnl
])dnl AX_APPEND_FLAG

122
m4/ax_cflags_warn_all.m4 Normal file
View file

@ -0,0 +1,122 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_cflags_warn_all.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
# AX_CXXFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
# AX_FCFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
#
# DESCRIPTION
#
# Try to find a compiler option that enables most reasonable warnings.
#
# For the GNU compiler it will be -Wall (and -ansi -pedantic) The result
# is added to the shellvar being CFLAGS, CXXFLAGS, or FCFLAGS by default.
#
# Currently this macro knows about the GCC, Solaris, Digital Unix, AIX,
# HP-UX, IRIX, NEC SX-5 (Super-UX 10), Cray J90 (Unicos 10.0.0.8), and
# Intel compilers. For a given compiler, the Fortran flags are much more
# experimental than their C equivalents.
#
# - $1 shell-variable-to-add-to : CFLAGS, CXXFLAGS, or FCFLAGS
# - $2 add-value-if-not-found : nothing
# - $3 action-if-found : add value to shellvariable
# - $4 action-if-not-found : nothing
#
# NOTE: These macros depend on AX_APPEND_FLAG.
#
# LICENSE
#
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
# Copyright (c) 2010 Rhys Ulerich <rhys.ulerich@gmail.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 3 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.
#serial 15
AC_DEFUN([AX_FLAGS_WARN_ALL],[dnl
AS_VAR_PUSHDEF([FLAGS],[_AC_LANG_PREFIX[]FLAGS])dnl
AS_VAR_PUSHDEF([VAR],[ac_cv_[]_AC_LANG_ABBREV[]flags_warn_all])dnl
AC_CACHE_CHECK([m4_ifval($1,$1,FLAGS) for maximum warnings],
VAR,[VAR="no, unknown"
ac_save_[]FLAGS="$[]FLAGS"
for ac_arg dnl
in "-warn all % -warn all" dnl Intel
"-pedantic % -Wall" dnl GCC
"-xstrconst % -v" dnl Solaris C
"-std1 % -verbose -w0 -warnprotos" dnl Digital Unix
"-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" dnl AIX
"-ansi -ansiE % -fullwarn" dnl IRIX
"+ESlit % +w1" dnl HP-UX C
"-Xc % -pvctl[,]fullmsg" dnl NEC SX-5 (Super-UX 10)
"-h conform % -h msglevel 2" dnl Cray C (Unicos)
#
do FLAGS="$ac_save_[]FLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
[VAR=`echo $ac_arg | sed -e 's,.*% *,,'` ; break])
done
FLAGS="$ac_save_[]FLAGS"
])
AS_VAR_POPDEF([FLAGS])dnl
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
case ".$VAR" in
.ok|.ok,*) m4_ifvaln($3,$3) ;;
.|.no|.no,*) m4_default($4,[m4_ifval($2,[AX_APPEND_FLAG([$2], [$1])])]) ;;
*) m4_default($3,[AX_APPEND_FLAG([$VAR], [$1])]) ;;
esac
AS_VAR_POPDEF([VAR])dnl
])dnl AX_FLAGS_WARN_ALL
dnl implementation tactics:
dnl the for-argument contains a list of options. The first part of
dnl these does only exist to detect the compiler - usually it is
dnl a global option to enable -ansi or -extrawarnings. All other
dnl compilers will fail about it. That was needed since a lot of
dnl compilers will give false positives for some option-syntax
dnl like -Woption or -Xoption as they think of it is a pass-through
dnl to later compile stages or something. The "%" is used as a
dnl delimiter. A non-option comment can be given after "%%" marks
dnl which will be shown but not added to the respective C/CXXFLAGS.
AC_DEFUN([AX_CFLAGS_WARN_ALL],[dnl
AC_LANG_PUSH([C])
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
AC_LANG_POP([C])
])
AC_DEFUN([AX_CXXFLAGS_WARN_ALL],[dnl
AC_LANG_PUSH([C++])
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
AC_LANG_POP([C++])
])
AC_DEFUN([AX_FCFLAGS_WARN_ALL],[dnl
AC_LANG_PUSH([Fortran])
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
AC_LANG_POP([Fortran])
])

37
m4/ax_require_defined.m4 Normal file
View file

@ -0,0 +1,37 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_require_defined.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_REQUIRE_DEFINED(MACRO)
#
# DESCRIPTION
#
# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
# been defined and thus are available for use. This avoids random issues
# where a macro isn't expanded. Instead the configure script emits a
# non-fatal:
#
# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
#
# It's like AC_REQUIRE except it doesn't expand the required macro.
#
# Here's an example:
#
# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
#
# LICENSE
#
# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 1
AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
])dnl AX_REQUIRE_DEFINED

View file

@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL],
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
)
AC_CHECK_FUNCS([RAND_status EVP_EncryptInit_ex], ,
AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
)
@ -53,4 +53,6 @@ AC_DEFUN([tinc_OPENSSL],
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
[#include <openssl/evp.h>]
)
AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
])

View file

@ -196,8 +196,11 @@ sbin_PROGRAMS = tincd$(EXEEXT) tinc$(EXEEXT) sptps_test$(EXEEXT) \
subdir = src
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \

View file

@ -349,13 +349,13 @@ static bool read_packet(vpn_packet_t *packet) {
case DEVICE_TYPE_UTUN:
case DEVICE_TYPE_TUNIFHEAD: {
if((inlen = read(device_fd, packet->data + 10, MTU - 10)) <= 0) {
if((inlen = read(device_fd, DATA(packet) + 10, MTU - 10)) <= 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info,
device, strerror(errno));
return false;
}
switch (packet->data[14] >> 4) {
switch (DATA(packet)[14] >> 4) {
case 4:
DATA(packet)[12] = 0x08;
DATA(packet)[13] = 0x00;
@ -369,7 +369,7 @@ static bool read_packet(vpn_packet_t *packet) {
default:
logger(DEBUG_TRAFFIC, LOG_ERR,
"Unknown IP version %d while reading packet from %s %s",
packet->data[14] >> 4, device_info, device);
DATA(packet)[14] >> 4, device_info, device);
return false;
}
@ -430,9 +430,9 @@ static bool write_packet(vpn_packet_t *packet) {
return false;
}
memcpy(packet->data + 10, &type, sizeof type);
memcpy(DATA(packet) + 10, &type, sizeof type);
if(write(device_fd, packet->data + 10, packet->len - 10) < 0) {
if(write(device_fd, DATA(packet) + 10, packet->len - 10) < 0) {
logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device,
strerror(errno));
return false;

View file

@ -87,7 +87,7 @@ static void tun_error(char *format, ...)
{
va_list vl;
va_start(vl, format);
vsnprintf(tunemu_error, ERROR_BUFFER_SIZE, format, vl);
vsnprintf(tunemu_error, sizeof tunemu_error, format, vl);
va_end(vl);
}

View file

@ -106,6 +106,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
va_copy(aq, ap);
status = vsnprintf(*buf, len, fmt, aq);
buf[len - 1] = 0;
va_end(aq);
if(status >= 0)

View file

@ -110,20 +110,22 @@ void logger(int level, int priority, const char *format, ...) {
va_start(ap, format);
int len = vsnprintf(message, sizeof message, format, ap);
message[sizeof message - 1] = 0;
va_end(ap);
if(len > 0 && len < sizeof message && message[len - 1] == '\n')
if(len > 0 && len < sizeof message - 1 && message[len - 1] == '\n')
message[len - 1] = 0;
real_logger(level, priority, message);
}
static void sptps_logger(sptps_t *s, int s_errno, const char *format, va_list ap) {
char message[1024] = "";
char message[1024];
size_t msglen = sizeof message;
int len = vsnprintf(message, msglen, format, ap);
if(len > 0 && len < sizeof message) {
message[sizeof message - 1] = 0;
if(len > 0 && len < sizeof message - 1) {
if(message[len - 1] == '\n')
message[--len] = 0;

103
src/net.c
View file

@ -42,6 +42,7 @@ static int sleeptime = 10;
time_t last_config_check = 0;
static timeout_t pingtimer;
static timeout_t periodictimer;
static struct timeval last_periodic_run_time;
/* Purge edges and subnets of unreachable nodes. Use carefully. */
@ -93,7 +94,8 @@ void purge(void) {
void terminate_connection(connection_t *c, bool report) {
logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Closing connection with %s (%s)", c->name, c->hostname);
if(c->node && c->node->connection == c)
if(c->node) {
if(c->node->connection == c)
c->node->connection = NULL;
if(c->edge) {
@ -119,6 +121,7 @@ void terminate_connection(connection_t *c, bool report) {
}
}
}
}
outgoing_t *outgoing = c->outgoing;
connection_del(c);
@ -144,30 +147,76 @@ void terminate_connection(connection_t *c, bool report) {
and close the connection.
*/
static void timeout_handler(void *data) {
bool close_all_connections = false;
/*
timeout_handler will start after 30 seconds from start of tincd
hold information about the elapsed time since last time the handler
has been run
*/
long sleep_time = now.tv_sec - last_periodic_run_time.tv_sec;
/*
It seems that finding sane default value is harder than expected
Since we send every second a UDP packet to make holepunching work
And default UDP state expire on firewalls is between 15-30 seconds
we drop all connections after 60 Seconds - UDPDiscoveryTimeout=30
by default
*/
if (sleep_time > 2 * udp_discovery_timeout) {
logger(DEBUG_ALWAYS, LOG_ERR, "Awaking from dead after %ld seconds of sleep", sleep_time);
/*
Do not send any packets to tinc after we wake up.
The other node probably closed our connection but we still
are holding context information to them. This may happen on
laptops or any other hardware which can be suspended for some time.
Sending any data to node that wasn't expecting it will produce
annoying and misleading errors on the other side about failed signature
verification and or about missing sptps context
*/
close_all_connections = true;
}
last_periodic_run_time = now;
for list_each(connection_t, c, connection_list) {
// control connections (eg. tinc ctl) do not have any timeout
if(c->status.control)
continue;
if(c->last_ping_time + pingtimeout <= now.tv_sec) {
if(c->edge) {
try_tx(c->node, false);
if(c->status.pinged) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds", c->name, c->hostname, (long)(now.tv_sec - c->last_ping_time));
} else if(c->last_ping_time + pinginterval <= now.tv_sec) {
send_ping(c);
continue;
} else {
if(close_all_connections) {
logger(DEBUG_ALWAYS, LOG_ERR, "Forcing connection close after sleep time %s (%s)", c->name, c->hostname);
terminate_connection(c, c->edge);
continue;
}
} else {
// Bail out early if we haven't reached the ping timeout for this node yet
if(c->last_ping_time + pingtimeout > now.tv_sec)
continue;
// timeout during connection establishing
if(!c->edge) {
if(c->status.connecting)
logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout while connecting to %s (%s)", c->name, c->hostname);
else
logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout from %s (%s) during authentication", c->name, c->hostname);
}
terminate_connection(c, c->edge);
continue;
}
// helps in UDP holepunching
try_tx(c->node, false);
// timeout during ping
if(c->status.pinged) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds", c->name, c->hostname, (long)now.tv_sec - c->last_ping_time);
terminate_connection(c, c->edge);
continue;
}
// check whether we need to send a new ping
if(c->last_ping_time + pinginterval <= now.tv_sec)
send_ping(c);
}
timeout_set(data, &(struct timeval){1, rand() % 100000});
@ -210,19 +259,25 @@ static void periodic_handler(void *data) {
and we are not already trying to make one, create an
outgoing connection to this node.
*/
int r = rand() % (node_tree->count - 1);
int i = 0;
int count = 0;
for splay_each(node_t, n, node_tree) {
if(n == myself || n->connection || !(n->status.has_address || n->status.reachable))
continue;
count++;
}
if(!count)
goto end;
int r = rand() % count;
for splay_each(node_t, n, node_tree) {
if(n == myself)
if(n == myself || n->connection || !(n->status.has_address || n->status.reachable))
continue;
if(i++ != r)
if(r--)
continue;
if(n->connection)
break;
bool found = false;
for list_each(outgoing_t, outgoing, outgoing_list) {
@ -239,6 +294,7 @@ static void periodic_handler(void *data) {
list_insert_tail(outgoing_list, outgoing);
setup_outgoing_connection(outgoing);
}
break;
}
} else if(nc > 3) {
@ -287,6 +343,7 @@ static void periodic_handler(void *data) {
}
}
end:
timeout_set(data, &(struct timeval){5, rand() % 100000});
}
@ -344,9 +401,14 @@ int reload_configuration(void) {
for splay_each(subnet_t, subnet, subnet_tree)
if (subnet->owner)
subnet->expires = 1;
}
load_all_subnets();
for splay_each(node_t, n, node_tree)
n->status.has_address = false;
load_all_nodes();
if(strictsubnets) {
for splay_each(subnet_t, subnet, subnet_tree) {
if (!subnet->owner)
continue;
@ -444,6 +506,7 @@ void retry(void) {
this is where it all happens...
*/
int main_loop(void) {
last_periodic_run_time = now;
timeout_add(&pingtimer, timeout_handler, &pingtimer, &(struct timeval){pingtimeout, rand() % 100000});
timeout_add(&periodictimer, periodic_handler, &periodictimer, &(struct timeval){0, 0});

View file

@ -217,7 +217,6 @@ extern void regenerate_key(void);
extern void purge(void);
extern void retry(void);
extern int reload_configuration(void);
extern void load_all_subnets(void);
extern void load_all_nodes(void);
extern void try_tx(struct node_t *n, bool);

View file

@ -355,16 +355,16 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
if(seqno != n->received_seqno + 1) {
if(seqno >= n->received_seqno + replaywin * 8) {
if(n->farfuture++ < replaywin >> 2) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture);
return false;
}
logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)",
logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)",
seqno - n->received_seqno - 1, n->name, n->hostname);
memset(n->late, 0, replaywin);
} else if (seqno <= n->received_seqno) {
if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
n->name, n->hostname, seqno, n->received_seqno);
return false;
}
@ -436,7 +436,7 @@ void receive_tcppacket(connection_t *c, const char *buffer, int len) {
bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) {
if (len < sizeof(node_id_t) + sizeof(node_id_t)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname);
return false;
}
@ -499,7 +499,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) {
uint8_t type = 0;
int offset = 0;
if(!(DATA(origpkt)[12] | DATA(origpkt)[13])) {
if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) {
sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len);
return;
}
@ -767,7 +767,7 @@ bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_
char buf[len + sizeof to->id + sizeof from->id]; char* buf_ptr = buf;
memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id;
memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id;
memcpy(buf_ptr, data, len); buf_ptr += len;
memcpy(buf_ptr, data, len);
logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname);
return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof buf);
}

View file

@ -324,62 +324,6 @@ void regenerate_key(void) {
n->status.validkey_in = false;
}
/*
Read Subnets from all host config files
*/
void load_all_subnets(void) {
DIR *dir;
struct dirent *ent;
char dname[PATH_MAX];
snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase);
dir = opendir(dname);
if(!dir) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno));
return;
}
while((ent = readdir(dir))) {
if(!check_id(ent->d_name))
continue;
node_t *n = lookup_node(ent->d_name);
#ifdef _DIRENT_HAVE_D_TYPE
//if(ent->d_type != DT_REG)
// continue;
#endif
splay_tree_t *config_tree;
init_configuration(&config_tree);
read_config_options(config_tree, ent->d_name);
read_host_config(config_tree, ent->d_name);
if(!n) {
n = new_node();
n->name = xstrdup(ent->d_name);
node_add(n);
}
for(config_t *cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
subnet_t *s, *s2;
if(!get_config_subnet(cfg, &s))
continue;
if((s2 = lookup_subnet(n, s))) {
s2->expires = -1;
free(s);
} else {
subnet_add(n, s);
}
}
exit_configuration(&config_tree);
}
closedir(dir);
}
void load_all_nodes(void) {
DIR *dir;
struct dirent *ent;
@ -397,17 +341,42 @@ void load_all_nodes(void) {
continue;
node_t *n = lookup_node(ent->d_name);
if(n)
continue;
splay_tree_t *config_tree;
init_configuration(&config_tree);
read_config_options(config_tree, ent->d_name);
read_host_config(config_tree, ent->d_name);
if(!n) {
n = new_node();
n->name = xstrdup(ent->d_name);
node_add(n);
}
closedir(dir);
if(strictsubnets) {
for(config_t *cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) {
subnet_t *s, *s2;
if(!get_config_subnet(cfg, &s))
continue;
if((s2 = lookup_subnet(n, s))) {
s2->expires = -1;
free(s);
} else {
subnet_add(n, s);
}
}
}
if(lookup_config(config_tree, "Address"))
n->status.has_address = true;
exit_configuration(&config_tree);
}
closedir(dir);
}
char *get_name(void) {
char *name = NULL;
@ -707,7 +676,7 @@ static bool add_listen_address(char *address, bool bindto) {
int udp_fd = setup_vpn_in_socket((sockaddr_t *) aip->ai_addr);
if(tcp_fd < 0) {
if(udp_fd < 0) {
close(tcp_fd);
continue;
}
@ -947,9 +916,6 @@ static bool setup_myself(void) {
graph();
if(strictsubnets)
load_all_subnets();
else if(autoconnect)
load_all_nodes();
/* Open device */

View file

@ -534,6 +534,8 @@ begin:
} else if(proxytype == PROXY_EXEC) {
result = 0;
} else {
if(!proxyai)
abort();
result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen);
freeaddrinfo(proxyai);
}

View file

@ -234,3 +234,22 @@ void sockaddrunmap(sockaddr_t *sa) {
sa->in.sin_family = AF_INET;
}
}
void sockaddr_setport(sockaddr_t *sa, const char *port) {
uint16_t portnum = htons(atoi(port));
if(!portnum)
return;
switch(sa->sa.sa_family) {
case AF_INET:
sa->in.sin_port = portnum;
break;
case AF_INET6:
sa->in6.sin6_port = portnum;
break;
case AF_UNKNOWN:
free(sa->unknown.port);
sa->unknown.port = xstrdup(port);
default:
return;
}
}

View file

@ -34,5 +34,6 @@ extern int sockaddrcmp_noport(const sockaddr_t *, const sockaddr_t *);
extern void sockaddrunmap(sockaddr_t *);
extern void sockaddrfree(sockaddr_t *);
extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *);
extern void sockaddr_setport(sockaddr_t *, const char *);
#endif /* __TINC_NETUTL_H__ */

View file

@ -40,7 +40,8 @@ typedef struct node_status_t {
unsigned int send_locally:1; /* 1 if the next UDP packet should be sent on the local network */
unsigned int udppacket:1; /* 1 if the most recently received packet was UDP */
unsigned int validkey_in:1; /* 1 if we have sent a valid key to him */
unsigned int unused:21;
unsigned int has_address:1; /* 1 if we know an external address for this node */
unsigned int unused:20;
} node_status_t;
typedef struct node_t {

View file

@ -28,14 +28,16 @@
#include "../xalloc.h"
struct cipher {
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
};
static cipher_t *cipher_open(const EVP_CIPHER *evp_cipher) {
cipher_t *cipher = xzalloc(sizeof *cipher);
cipher->cipher = evp_cipher;
EVP_CIPHER_CTX_init(&cipher->ctx);
cipher->ctx = EVP_CIPHER_CTX_new();
if(!cipher->ctx)
abort();
return cipher;
}
@ -68,7 +70,7 @@ void cipher_close(cipher_t *cipher) {
if(!cipher)
return;
EVP_CIPHER_CTX_cleanup(&cipher->ctx);
EVP_CIPHER_CTX_free(cipher->ctx);
free(cipher);
}
@ -76,23 +78,23 @@ size_t cipher_keylength(const cipher_t *cipher) {
if(!cipher || !cipher->cipher)
return 0;
return cipher->cipher->key_len + cipher->cipher->iv_len;
return EVP_CIPHER_key_length(cipher->cipher) + EVP_CIPHER_iv_length(cipher->cipher);
}
size_t cipher_blocksize(const cipher_t *cipher) {
if(!cipher || !cipher->cipher)
return 1;
return cipher->cipher->block_size;
return EVP_CIPHER_block_size(cipher->cipher);
}
bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
bool result;
if(encrypt)
result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len);
result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher));
else
result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len);
result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher));
if(result)
return true;
@ -105,9 +107,9 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry
bool result;
if(encrypt)
result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len);
result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher));
else
result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len);
result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher));
if(result)
return true;
@ -119,15 +121,15 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry
bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
if(oneshot) {
int len, pad;
if(EVP_EncryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_EncryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_EncryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_EncryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(outlen) *outlen = len + pad;
return true;
}
} else {
int len;
if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) {
if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
if(outlen) *outlen = len;
return true;
}
@ -140,15 +142,15 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou
bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
if(oneshot) {
int len, pad;
if(EVP_DecryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_DecryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_DecryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL)
&& EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen)
&& EVP_DecryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) {
if(outlen) *outlen = len + pad;
return true;
}
} else {
int len;
if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) {
if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) {
if(outlen) *outlen = len;
return true;
}
@ -162,9 +164,9 @@ int cipher_get_nid(const cipher_t *cipher) {
if(!cipher || !cipher->cipher)
return 0;
return cipher->cipher->nid;
return EVP_CIPHER_nid(cipher->cipher);
}
bool cipher_active(const cipher_t *cipher) {
return cipher && cipher->cipher && cipher->cipher->nid != 0;
return cipher && cipher->cipher && EVP_CIPHER_nid(cipher->cipher) != 0;
}

View file

@ -93,14 +93,19 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out
return false;
}
} else {
EVP_MD_CTX ctx;
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
if(!ctx)
abort();
if(!EVP_DigestInit(&ctx, digest->digest)
|| !EVP_DigestUpdate(&ctx, indata, inlen)
|| !EVP_DigestFinal(&ctx, tmpdata, NULL)) {
if(!EVP_DigestInit(ctx, digest->digest)
|| !EVP_DigestUpdate(ctx, indata, inlen)
|| !EVP_DigestFinal(ctx, tmpdata, NULL)) {
logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
EVP_MD_CTX_destroy(ctx);
return false;
}
EVP_MD_CTX_destroy(ctx);
}
memcpy(outdata, tmpdata, digest->maclength);
@ -118,14 +123,14 @@ int digest_get_nid(const digest_t *digest) {
if(!digest || !digest->digest)
return 0;
return digest->digest->type;
return EVP_MD_type(digest->digest);
}
size_t digest_keylength(const digest_t *digest) {
if(!digest || !digest->digest)
return 0;
return digest->digest->md_size;
return EVP_MD_size(digest->digest);
}
size_t digest_length(const digest_t *digest) {
@ -136,5 +141,5 @@ size_t digest_length(const digest_t *digest) {
}
bool digest_active(const digest_t *digest) {
return digest && digest->digest && digest->digest->type != 0;
return digest && digest->digest && EVP_MD_type(digest->digest) != 0;
}

View file

@ -30,28 +30,51 @@ typedef RSA rsa_t;
// Set RSA keys
#ifndef HAVE_RSA_SET0_KEY
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
BN_free(r->n); r->n = n;
BN_free(r->e); r->e = e;
BN_free(r->d); r->d = d;
return 1;
}
#endif
rsa_t *rsa_set_hex_public_key(char *n, char *e) {
BIGNUM *bn_n = NULL;
BIGNUM *bn_e = NULL;
if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e)) {
BN_free(bn_e);
BN_free(bn_n);
return false;
}
rsa_t *rsa = RSA_new();
if(!rsa)
return NULL;
if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e)) {
RSA_free(rsa);
return false;
}
RSA_set0_key(rsa, bn_n, bn_e, NULL);
return rsa;
}
rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) {
BIGNUM *bn_n = NULL;
BIGNUM *bn_e = NULL;
BIGNUM *bn_d = NULL;
if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e) || BN_hex2bn(&bn_d, d) != strlen(d)) {
BN_free(bn_d);
BN_free(bn_e);
BN_free(bn_n);
return false;
}
rsa_t *rsa = RSA_new();
if(!rsa)
return NULL;
if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e) || BN_hex2bn(&rsa->d, d) != strlen(d)) {
RSA_free(rsa);
return false;
}
RSA_set0_key(rsa, bn_n, bn_e, bn_d);
return rsa;
}

View file

@ -27,10 +27,11 @@ typedef RSA rsa_t;
#include "../logger.h"
#include "../rsagen.h"
#include "../xalloc.h"
/* This function prettyprints the key generation process */
static void indicator(int a, int b, void *p) {
static int indicator(int a, int b, BN_GENCB *cb) {
switch (a) {
case 0:
fprintf(stderr, ".");
@ -62,12 +63,45 @@ static void indicator(int a, int b, void *p) {
default:
fprintf(stderr, "?");
}
return 1;
}
// Generate RSA key
#ifndef HAVE_BN_GENCB_NEW
BN_GENCB *BN_GENCB_new(void) {
return xzalloc(sizeof(BN_GENCB));
}
void BN_GENCB_free(BN_GENCB *cb) {
free(cb);
}
#endif
rsa_t *rsa_generate(size_t bits, unsigned long exponent) {
return RSA_generate_key(bits, exponent, indicator, NULL);
BIGNUM *bn_e = BN_new();
rsa_t *rsa = RSA_new();
BN_GENCB *cb = BN_GENCB_new();
if(!bn_e || !rsa || !cb)
abort();
BN_set_word(bn_e, exponent);
BN_GENCB_set(cb, indicator, NULL);
int result = RSA_generate_key_ex(rsa, bits, bn_e, cb);
BN_GENCB_free(cb);
BN_free(bn_e);
if(!result) {
fprintf(stderr, "Error during key generation!\n");
RSA_free(rsa);
return NULL;
}
return rsa;
}
// Write PEM RSA keys

View file

@ -72,10 +72,11 @@ bool send_request(connection_t *c, const char *format, ...) {
input buffer anyway */
va_start(args, format);
len = vsnprintf(request, MAXBUFSIZE, format, args);
len = vsnprintf(request, sizeof request, format, args);
request[sizeof request - 1] = 0;
va_end(args);
if(len < 0 || len > MAXBUFSIZE - 1) {
if(len < 0 || len > sizeof request - 1) {
logger(DEBUG_ALWAYS, LOG_ERR, "Output buffer overflow while sending request to %s (%s)",
c->name, c->hostname);
return false;

View file

@ -790,7 +790,6 @@ bool ack_h(connection_t *c, const char *request) {
return upgrade_h(c, request);
char hisport[MAX_STRING_SIZE];
char *hisaddress;
int weight, mtu;
uint32_t options;
node_t *n;
@ -867,19 +866,14 @@ bool ack_h(connection_t *c, const char *request) {
c->edge = new_edge();
c->edge->from = myself;
c->edge->to = n;
sockaddr2str(&c->address, &hisaddress, NULL);
c->edge->address = str2sockaddr(hisaddress, hisport);
free(hisaddress);
sockaddrcpy(&c->edge->address, &c->address);
sockaddr_setport(&c->edge->address, hisport);
sockaddr_t local_sa;
socklen_t local_salen = sizeof local_sa;
if (getsockname(c->socket, &local_sa.sa, &local_salen) < 0)
logger(DEBUG_ALWAYS, LOG_WARNING, "Could not get local socket address for connection with %s", c->name);
else {
char *local_address;
sockaddr2str(&local_sa, &local_address, NULL);
c->edge->local_address = str2sockaddr(local_address, myport);
free(local_address);
}
else
sockaddr_setport(&local_sa, myport);
c->edge->weight = (weight + c->estimated_weight) / 2;
c->edge->connection = c;
c->edge->options = c->options;

View file

@ -547,8 +547,6 @@ size_t sptps_receive_data(sptps_t *s, const void *data, size_t len) {
memcpy(s->inbuf + s->buflen, data, toread);
total_read += toread;
s->buflen += toread;
len -= toread;
data += toread;
// If we don't have a whole record, exit.
if(s->buflen < s->reclen + (s->instate ? 19UL : 3UL))

View file

@ -560,6 +560,7 @@ bool sendline(int fd, char *format, ...) {
va_start(ap, format);
blen = vsnprintf(buffer, sizeof buffer, format, ap);
buffer[sizeof buffer - 1] = 0;
va_end(ap);
if(blen < 1 || blen >= sizeof buffer)
@ -718,6 +719,13 @@ bool connect_tincd(bool verbose) {
}
fclose(f);
if ((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) {
fprintf(stderr, "Could not find tincd running at pid %d\n", pid);
/* clean up the stale socket and pid file */
unlink(pidfilename);
unlink(unixsocketname);
return false;
}
#ifndef HAVE_MINGW
struct sockaddr_un sa;
@ -878,7 +886,7 @@ static int cmd_start(int argc, char *argv[]) {
if(!pid) {
close(pfd[0]);
char buf[100] = "";
char buf[100];
snprintf(buf, sizeof buf, "%d", pfd[1]);
setenv("TINC_UMBILICAL", buf, true);
exit(execvp(c, nargv));
@ -1384,7 +1392,7 @@ static int cmd_pid(int argc, char *argv[]) {
return 1;
}
if(!connect_tincd(true) && !pid)
if(!connect_tincd(true) || !pid)
return 1;
printf("%d\n", pid);
@ -2513,6 +2521,7 @@ static int cmd_verify(int argc, char *argv[]) {
char *newline = memchr(data, '\n', len);
if(!newline || (newline - data > MAX_STRING_SIZE - 1)) {
fprintf(stderr, "Invalid input\n");
free(data);
return 1;
}
@ -2525,11 +2534,13 @@ static int cmd_verify(int argc, char *argv[]) {
if(sscanf(data, "Signature = %s %ld %s", signer, &t, sig) != 3 || strlen(sig) != 86 || !t || !check_id(signer)) {
fprintf(stderr, "Invalid input\n");
free(data);
return 1;
}
if(node && strcmp(node, signer)) {
fprintf(stderr, "Signature is not made by %s\n", node);
free(data);
return 1;
}
@ -2823,8 +2834,10 @@ static int cmd_shell(int argc, char *argv[]) {
if(nargc == argc)
continue;
if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit"))
if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) {
free(nargv);
return result;
}
bool found = false;

View file

@ -91,8 +91,11 @@ host_triplet = @host@
subdir = systemd
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \

View file

@ -91,8 +91,11 @@ check_PROGRAMS = pong$(EXEEXT)
subdir = test
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
$(top_srcdir)/m4/ax_append_flag.m4 \
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
$(top_srcdir)/m4/ax_check_link_flag.m4 \
$(top_srcdir)/m4/ax_require_defined.m4 \
$(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \
$(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \