Import Debian changes 1.0.19-3~bpo60+1

tinc (1.0.19-3~bpo60+1) squeeze-backports; urgency=high * Rebuild for squeeze-backports. * Build-depend on libvdeplug2-dev, not libvdeplug-dev, as it is how it is named in squeeze. tinc (1.0.19-3) unstable; urgency=high * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
2013-04-23 08:35:41 +04:00 · 2013-04-23 08:35:41 +04:00 · 4343b5a2fa
commit 4343b5a2fa
parent a797a94c81
4 changed files with 46 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,17 @@
+tinc (1.0.19-3~bpo60+1) squeeze-backports; urgency=high
+
+  * Rebuild for squeeze-backports.
+  * Build-depend on libvdeplug2-dev, not libvdeplug-dev,
+    as it is how it is named in squeeze.
+
+ -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 23 Apr 2013 08:35:41 +0400
+
+tinc (1.0.19-3) unstable; urgency=high
+
+  * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
+
+ -- Guus Sliepen <guus@debian.org>  Fri, 12 Apr 2013 22:52:10 +0200
+
 tinc (1.0.19-2) unstable; urgency=low

  * Fix behaviour of tinc-pidfile. Closes: #679130
--- a/debian/control
+++ b/debian/control
@ -2,8 +2,9 @@ Source: tinc
 Section: net
 Priority: optional
 Maintainer: Guus Sliepen <guus@debian.org>
+Uploaders: Michael Tokarev <mjt@tls.msk.ru>
 Standards-Version: 3.9.3
-Build-Depends: libssl-dev, debhelper (>= 9), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
+Build-Depends: libssl-dev, debhelper (>= 9), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev | libvdeplug2-dev
 Homepage: http://www.tinc-vpn.org/

 Package: tinc
--- a/debian/patches/fix-CVE-2013-1428
+++ b/debian/patches/fix-CVE-2013-1428
@ -0,0 +1,29 @@
+From 17a33dfd95b1a29e90db76414eb9622df9632320 Mon Sep 17 00:00:00 2001
+From: Guus Sliepen <guus@tinc-vpn.org>
+Date: Fri, 12 Apr 2013 17:15:05 +0200
+Subject: [PATCH] Drop packets forwarded via TCP if they are too big
+ (CVE-2013-1428).
+
+Normally all requests sent via the meta connections are checked so that they
+cannot be larger than the input buffer. However, when packets are forwarded via
+meta connections, they are copied into a packet buffer without checking whether
+it fits into it. Since the packet buffer is allocated on the stack, this in
+effect allows an authenticated remote node to cause a stack overflow.
+
+This issue was found by Martin Schobert.
+---
+ src/net_packet.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/net_packet.c
+++ b/src/net_packet.c
+@@ -378,6 +378,9 @@
+ void receive_tcppacket(connection_t *c, const char *buffer, int len) {
+ 	vpn_packet_t outpkt;
+ 
+	if(len > sizeof outpkt.data)
+		return;
+
+ 	outpkt.len = len;
+ 	if(c->options & OPTION_TCPONLY)
+ 		outpkt.priority = 0;
--- a/debian/patches/series
+++ b/debian/patches/series
@ -0,0 +1 @@
+fix-CVE-2013-1428