- Fix compiling tinc with certain versions of the OpenSSL library.
- Fix parsing some IPv6 addresses with :: in them.
- Fix GraphDumpFile output to handle node names starting with a digit.
- Fix a potential segmentation fault when fragmenting packets.
Take maintainer;
OK rsadowski
- "Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738)."
- "Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758)."
-- More see https://www.tinc-vpn.org/security/
PLIST mode 640 tinc.conf tweak from sthen@
OK sthen@ jca@
Changelog:
Allow compilation from a build directory.
Source code cleanups.
Fix some options specified on the command line not surviving a HUP
signal.
Handle tun/tap device returning EPERM or EBUSY.
Disable PMTUDiscovery when TCPOnly is used.
Support the —runstatedir option of the autoconf 2.70.
Port changes:
- "patch-doc_tinc_texi" committed upstream.
- "Using $< in a non-suffix rule context is a GNUmake idiom
(Makefile:840)" enable USE_GMAKE.c
OK jca
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
encryption to create a secure private network between hosts on the Internet.
Because the tunnel appears to the IP level network code as a normal network
device, there is no need to adapt any existing software. This tunnelling
allows VPN sites to share information with each other over the Internet
without exposing any information to others.
A single tinc daemon can accept more than one connection at a time, thus
making it possible to create larger virtual networks, because some
limitations are circumvented.
Instead of most other VPN implementations, tinc encapsulates each network
packet in its own UDP packet, instead of encapsulating all into one TCP or
even PPP over TCP stream. This results in lower latencies, less overhead,
and in general better responsiveness and throughput.
