kumquat-buildroot/package/tinc/tinc.mk
Peter Korsgaard d0758184c0 tinc: security bump to version 1.0.35
Fixes the following security issues:

CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow
a man-in-the-middle attack that, even if the MITM cannot decrypt the traffic
sent between the two endpoints, when the MITM can correctly predict when an
ephemeral key exchange message is sent in a TCP connection between two
nodes, allows the MITM to force one node to send UDP packets in plaintext.
The tinc 1.1pre versions are not affected by this.

CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34
allow an oracle attack, similar to CVE-2018-16737, but due to the
mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now
requires a timing attack that has only a limited time to complete.  Tinc
1.1pre16 and earlier are also affected if there are nodes on the same VPN
that still use the legacy protocol from tinc version 1.0.x.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-10-09 14:48:11 +02:00

26 lines
711 B
Makefile

################################################################################
#
# tinc
#
################################################################################
TINC_VERSION = 1.0.35
TINC_SITE = http://www.tinc-vpn.org/packages
TINC_DEPENDENCIES = lzo openssl zlib
TINC_LICENSE = GPL-2.0+ with OpenSSL exception
TINC_LICENSE_FILES = COPYING COPYING.README
TINC_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -std=c99"
ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
TINC_CONF_ENV += \
ax_cv_check_cflags___fPIE=no \
ax_cv_check_ldflags___pie=no
endif
ifeq ($(BR2_INIT_SYSTEMD),y)
TINC_DEPENDENCIES += systemd
TINC_CONF_OPTS += --with-systemdsystemunitdir=/usr/lib/systemd/system
endif
$(eval $(autotools-package))