Import Debian changes 1.0.19-3~bpo60+1
tinc (1.0.19-3~bpo60+1) squeeze-backports; urgency=high
* Rebuild for squeeze-backports.
* Build-depend on libvdeplug2-dev, not libvdeplug-dev,
as it is how it is named in squeeze.
tinc (1.0.19-3) unstable; urgency=high
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
This commit is contained in:
Michael Tokarev
Guus Sliepen
parent
a797a94c81
commit
4343b5a2fa
4 changed files with 46 additions and 1 deletions
14
debian/changelog
vendored
14
debian/changelog
vendored
|
|
@ -1,3 +1,17 @@
|
||||||
|
tinc (1.0.19-3~bpo60+1) squeeze-backports; urgency=high
|
||||||
|
|
||||||
|
* Rebuild for squeeze-backports.
|
||||||
|
* Build-depend on libvdeplug2-dev, not libvdeplug-dev,
|
||||||
|
as it is how it is named in squeeze.
|
||||||
|
|
||||||
|
-- Michael Tokarev <mjt@tls.msk.ru> Tue, 23 Apr 2013 08:35:41 +0400
|
||||||
|
|
||||||
|
tinc (1.0.19-3) unstable; urgency=high
|
||||||
|
|
||||||
|
* Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
|
||||||
|
|
||||||
|
-- Guus Sliepen <guus@debian.org> Fri, 12 Apr 2013 22:52:10 +0200
|
||||||
|
|
||||||
tinc (1.0.19-2) unstable; urgency=low
|
tinc (1.0.19-2) unstable; urgency=low
|
||||||
|
|
||||||
* Fix behaviour of tinc-pidfile. Closes: #679130
|
* Fix behaviour of tinc-pidfile. Closes: #679130
|
||||||
|
|
|
||||||
3
debian/control
vendored
3
debian/control
vendored
|
|
@ -2,8 +2,9 @@ Source: tinc
|
||||||
Section: net
|
Section: net
|
||||||
Priority: optional
|
Priority: optional
|
||||||
Maintainer: Guus Sliepen <guus@debian.org>
|
Maintainer: Guus Sliepen <guus@debian.org>
|
||||||
|
Uploaders: Michael Tokarev <mjt@tls.msk.ru>
|
||||||
Standards-Version: 3.9.3
|
Standards-Version: 3.9.3
|
||||||
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev
|
Build-Depends: libssl-dev, debhelper (>= 9), gettext, texi2html, texinfo, zlib1g-dev, liblzo2-dev, libvdeplug-dev | libvdeplug2-dev
|
||||||
Homepage: http://www.tinc-vpn.org/
|
Homepage: http://www.tinc-vpn.org/
|
||||||
|
|
||||||
Package: tinc
|
Package: tinc
|
||||||
|
|
|
||||||
29
debian/patches/fix-CVE-2013-1428
vendored
Normal file
29
debian/patches/fix-CVE-2013-1428
vendored
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
From 17a33dfd95b1a29e90db76414eb9622df9632320 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guus Sliepen <guus@tinc-vpn.org>
|
||||||
|
Date: Fri, 12 Apr 2013 17:15:05 +0200
|
||||||
|
Subject: [PATCH] Drop packets forwarded via TCP if they are too big
|
||||||
|
(CVE-2013-1428).
|
||||||
|
|
||||||
|
Normally all requests sent via the meta connections are checked so that they
|
||||||
|
cannot be larger than the input buffer. However, when packets are forwarded via
|
||||||
|
meta connections, they are copied into a packet buffer without checking whether
|
||||||
|
it fits into it. Since the packet buffer is allocated on the stack, this in
|
||||||
|
effect allows an authenticated remote node to cause a stack overflow.
|
||||||
|
|
||||||
|
This issue was found by Martin Schobert.
|
||||||
|
---
|
||||||
|
src/net_packet.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
--- a/src/net_packet.c
|
||||||
|
+++ b/src/net_packet.c
|
||||||
|
@@ -378,6 +378,9 @@
|
||||||
|
void receive_tcppacket(connection_t *c, const char *buffer, int len) {
|
||||||
|
vpn_packet_t outpkt;
|
||||||
|
|
||||||
|
+ if(len > sizeof outpkt.data)
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
outpkt.len = len;
|
||||||
|
if(c->options & OPTION_TCPONLY)
|
||||||
|
outpkt.priority = 0;
|
||||||
1
debian/patches/series
vendored
Normal file
1
debian/patches/series
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
fix-CVE-2013-1428
|
||||||
Loading…
Reference in a new issue