Import Debian changes 1.0.21-1

tinc (1.0.21-1) unstable; urgency=low

  * New upstream release.
    - Includes fix for CVE-2013-1428.

debian/changelog

@@ -1,3 +1,10 @@
+tinc (1.0.21-1) unstable; urgency=low
+
+  * New upstream release.
+    - Includes fix for CVE-2013-1428.
+
+ -- Guus Sliepen <guus@debian.org>  Sun, 05 May 2013 10:42:33 +0200
+
 tinc (1.0.19-3) unstable; urgency=high
 
   * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).

debian/patches/fix-CVE-2013-1428

@@ -1,29 +0,0 @@
-From 17a33dfd95b1a29e90db76414eb9622df9632320 Mon Sep 17 00:00:00 2001
-From: Guus Sliepen <guus@tinc-vpn.org>
-Date: Fri, 12 Apr 2013 17:15:05 +0200
-Subject: [PATCH] Drop packets forwarded via TCP if they are too big
- (CVE-2013-1428).
-
-Normally all requests sent via the meta connections are checked so that they
-cannot be larger than the input buffer. However, when packets are forwarded via
-meta connections, they are copied into a packet buffer without checking whether
-it fits into it. Since the packet buffer is allocated on the stack, this in
-effect allows an authenticated remote node to cause a stack overflow.
-
-This issue was found by Martin Schobert.
----
- src/net_packet.c |    3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/net_packet.c
-+++ b/src/net_packet.c
-@@ -378,6 +378,9 @@
- void receive_tcppacket(connection_t *c, const char *buffer, int len) {
- 	vpn_packet_t outpkt;
- 
-+	if(len > sizeof outpkt.data)
-+		return;
-+
- 	outpkt.len = len;
- 	if(c->options & OPTION_TCPONLY)
- 		outpkt.priority = 0;

debian/patches/series

@@ -1 +0,0 @@
-fix-CVE-2013-1428