aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/CMakeLists.txt6
-rw-r--r--app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch31
-rw-r--r--changelog.md1
3 files changed, 3 insertions, 35 deletions
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index b4853eb..181a27a 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -54,10 +54,8 @@ ExternalProject_Add(libressl
54 54
55ExternalProject_Add(tinc 55ExternalProject_Add(tinc
56 DEPENDS lzo libressl 56 DEPENDS lzo libressl
57 URL https://github.com/gsliepen/tinc/archive/3ee0d5dddb56a13b8f3c50637e3cd075c701c9aa.tar.gz 57 URL https://tinc-vpn.org/packages/tinc-1.1pre18.tar.gz
58 URL_HASH SHA256=3a901e7e59d50675b311087ea202f5e409bf69df91d09d7798a0813f3ec05e13 58 URL_HASH SHA256=2757ddc62cf64b411f569db2fa85c25ec846c0db110023f6befb33691f078986
59 # TODO: remove patch once merged in upstream (https://github.com/gsliepen/tinc/pull/251)
60 PATCH_COMMAND patch -p1 < ${PROJECT_SOURCE_DIR}/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
61 CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && 59 CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> &&
62 <SOURCE_DIR>/configure ${xCONFIG} 60 <SOURCE_DIR>/configure ${xCONFIG}
63 --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local 61 --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local
diff --git a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
deleted file mode 100644
index 85ab949..0000000
--- a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From b6498e6402d9681743b697c1c9f0760448b3be54 Mon Sep 17 00:00:00 2001
2From: pacien <pacien.trangirard@pacien.net>
3Date: Wed, 9 Sep 2020 01:24:28 +0200
4Subject: [PATCH] tincctl: restrict umask argument for FORTIFY
5
6`umask(mode)` calls that do not verify `(mode & 0777) == mode` are
7rejected when the libc FORTIFY checks are enabled [1].
8
9The unrestricted `~perms` was indeed making this assertion fail.
10
11[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404
12---
13 src/tincctl.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16diff --git a/src/tincctl.c b/src/tincctl.c
17index 08f30189..11c1a96c 100644
18--- a/src/tincctl.c
19+++ b/src/tincctl.c
20@@ -237,7 +237,7 @@ static bool parse_options(int argc, char **argv) {
21 FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
22 mode_t mask = umask(0);
23 perms &= ~mask;
24- umask(~perms);
25+ umask(~perms & 0777);
26 FILE *f = fopen(filename, mode);
27
28 if(!f) {
29--
302.25.4
31
diff --git a/changelog.md b/changelog.md
index 8aaa1a7..7feeb86 100644
--- a/changelog.md
+++ b/changelog.md
@@ -4,6 +4,7 @@ This file lists notable changes that have been made to the application on each r
4Releases are tracked and referred to using git tags. 4Releases are tracked and referred to using git tags.
5 5
6## v0.33 - NEXT RELEASE 6## v0.33 - NEXT RELEASE
7- update tinc to 1.1-pre18
7- update LibreSSL to 3.3.3 8- update LibreSSL to 3.3.3
8 9
9## v0.32 - 2020-12-17 10## v0.32 - 2020-12-17