diff options
| -rw-r--r-- | app/CMakeLists.txt | 6 | ||||
| -rw-r--r-- | app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch | 31 | ||||
| -rw-r--r-- | changelog.md | 1 |
3 files changed, 3 insertions, 35 deletions
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt index b4853eb..181a27a 100644 --- a/app/CMakeLists.txt +++ b/app/CMakeLists.txt | |||
| @@ -54,10 +54,8 @@ ExternalProject_Add(libressl | |||
| 54 | 54 | ||
| 55 | ExternalProject_Add(tinc | 55 | ExternalProject_Add(tinc |
| 56 | DEPENDS lzo libressl | 56 | DEPENDS lzo libressl |
| 57 | URL https://github.com/gsliepen/tinc/archive/3ee0d5dddb56a13b8f3c50637e3cd075c701c9aa.tar.gz | 57 | URL https://tinc-vpn.org/packages/tinc-1.1pre18.tar.gz |
| 58 | URL_HASH SHA256=3a901e7e59d50675b311087ea202f5e409bf69df91d09d7798a0813f3ec05e13 | 58 | URL_HASH SHA256=2757ddc62cf64b411f569db2fa85c25ec846c0db110023f6befb33691f078986 |
| 59 | # TODO: remove patch once merged in upstream (https://github.com/gsliepen/tinc/pull/251) | ||
| 60 | PATCH_COMMAND patch -p1 < ${PROJECT_SOURCE_DIR}/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch | ||
| 61 | CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && | 59 | CONFIGURE_COMMAND autoreconf -fsi <SOURCE_DIR> && |
| 62 | <SOURCE_DIR>/configure ${xCONFIG} | 60 | <SOURCE_DIR>/configure ${xCONFIG} |
| 63 | --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local | 61 | --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local |
diff --git a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch deleted file mode 100644 index 85ab949..0000000 --- a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | From b6498e6402d9681743b697c1c9f0760448b3be54 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: pacien <pacien.trangirard@pacien.net> | ||
| 3 | Date: Wed, 9 Sep 2020 01:24:28 +0200 | ||
| 4 | Subject: [PATCH] tincctl: restrict umask argument for FORTIFY | ||
| 5 | |||
| 6 | `umask(mode)` calls that do not verify `(mode & 0777) == mode` are | ||
| 7 | rejected when the libc FORTIFY checks are enabled [1]. | ||
| 8 | |||
| 9 | The unrestricted `~perms` was indeed making this assertion fail. | ||
| 10 | |||
| 11 | [1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404 | ||
| 12 | --- | ||
| 13 | src/tincctl.c | 2 +- | ||
| 14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 15 | |||
| 16 | diff --git a/src/tincctl.c b/src/tincctl.c | ||
| 17 | index 08f30189..11c1a96c 100644 | ||
| 18 | --- a/src/tincctl.c | ||
| 19 | +++ b/src/tincctl.c | ||
| 20 | @@ -237,7 +237,7 @@ static bool parse_options(int argc, char **argv) { | ||
| 21 | FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { | ||
| 22 | mode_t mask = umask(0); | ||
| 23 | perms &= ~mask; | ||
| 24 | - umask(~perms); | ||
| 25 | + umask(~perms & 0777); | ||
| 26 | FILE *f = fopen(filename, mode); | ||
| 27 | |||
| 28 | if(!f) { | ||
| 29 | -- | ||
| 30 | 2.25.4 | ||
| 31 | |||
diff --git a/changelog.md b/changelog.md index 8aaa1a7..7feeb86 100644 --- a/changelog.md +++ b/changelog.md | |||
| @@ -4,6 +4,7 @@ This file lists notable changes that have been made to the application on each r | |||
| 4 | Releases are tracked and referred to using git tags. | 4 | Releases are tracked and referred to using git tags. |
| 5 | 5 | ||
| 6 | ## v0.33 - NEXT RELEASE | 6 | ## v0.33 - NEXT RELEASE |
| 7 | - update tinc to 1.1-pre18 | ||
| 7 | - update LibreSSL to 3.3.3 | 8 | - update LibreSSL to 3.3.3 |
| 8 | 9 | ||
| 9 | ## v0.32 - 2020-12-17 | 10 | ## v0.32 - 2020-12-17 |