Tilman Sauerbeck [Thu, 28 Dec 2017 12:11:18 +0000 (13:11 +0100)]
Remove unused function SSL_readcert().
Tilman Sauerbeck [Thu, 28 Dec 2017 12:09:20 +0000 (13:09 +0100)]
Avoid use of uninitialized pointer in OpenSSL's SSLi_init().
Tilman Sauerbeck [Thu, 28 Dec 2017 11:37:38 +0000 (12:37 +0100)]
Remove casts made unneeded by the previous changeset.
Tilman Sauerbeck [Thu, 28 Dec 2017 11:34:22 +0000 (12:34 +0100)]
Declare client_t::channel as struct channel for better type safety.
Tilman Sauerbeck [Thu, 28 Dec 2017 11:20:56 +0000 (12:20 +0100)]
Simplify message reference management in Client_send_message_except().
In Client_send_message_except() and Client_send_message_except_ver(),
we only need to take an extra reference when we are about to send
the message.
Tilman Sauerbeck [Thu, 28 Dec 2017 10:27:08 +0000 (11:27 +0100)]
Rework SSLi_hash2hex() and SSLi_hex2hash().
This replaces the stdio-based implementation (printf(), scanf())
with a hand-written one. This should be worthwhile even if it's
unlikely that these functions show up in any profile.
Tilman Sauerbeck [Wed, 27 Dec 2017 18:46:12 +0000 (19:46 +0100)]
Fix my name in the list of contributors.
Tilman Sauerbeck [Wed, 27 Dec 2017 15:22:11 +0000 (16:22 +0100)]
Remove useless if's around free() calls.
It is legal to free(NULL).
Tilman Sauerbeck [Wed, 27 Dec 2017 15:13:46 +0000 (16:13 +0100)]
Remove multiplication from second argument to Memory_safeMalloc().
In Msg_banList_create(), transform
Memory_safeMalloc(1, sizeof(foo) * many)
to
Memory_safeMalloc(many, sizeof(foo))
to actually make use of Memory_safeMalloc()'s overflow detection.
Tilman Sauerbeck [Wed, 27 Dec 2017 15:11:08 +0000 (16:11 +0100)]
Use Memory_safeCalloc() to allocate zeroed memory.
This replaces a few occurences of Memory_safeMalloc() followed by
memset(ptr, 0, ...) with calls to Memory_safeCalloc().
Felix Morgner [Mon, 28 Aug 2017 07:41:25 +0000 (09:41 +0200)]
Merge pull request #114 from concatime/patch-1
server: update source URL
Felix Morgner [Sun, 6 Aug 2017 11:19:56 +0000 (13:19 +0200)]
Merge pull request #116 from C4K3/deprecate-autotools
Add autotools deprecation warning
Sebastian Blunt [Mon, 5 Jun 2017 13:09:36 +0000 (15:09 +0200)]
Add autotools deprecation warning
Adds a warning about autotools being deprecated directly in autogen.sh
Using the m4_warn/m4_errprintn macro causes the warning to not be
displayed with autogen.sh, and using AC_MSG_WARN is only displayed when
configure is run (which might instead be desirable.) This solution
very clearly displays the warning when running autogen.sh.
concatime [Wed, 31 May 2017 05:23:38 +0000 (01:23 -0400)]
Update server.c
Changed old link.
Felix Morgner [Thu, 18 May 2017 11:11:03 +0000 (13:11 +0200)]
Merge pull request #113 from Trivve/patch-2
Fix error compiling with mbed TLS 2.4
Andreas [Fri, 12 May 2017 11:27:05 +0000 (13:27 +0200)]
Fix incorrect include for mbedtls and version checking
Felix Morgner [Sat, 29 Apr 2017 10:48:50 +0000 (12:48 +0200)]
Bump version to 0.2.17
Felix Morgner [Sat, 29 Apr 2017 10:41:15 +0000 (12:41 +0200)]
Merge pull request #109 from C4K3/openssl110
Fix error compiling with openssl 1.1.0
Sebastian Blunt [Sat, 29 Apr 2017 09:58:24 +0000 (11:58 +0200)]
Fix compiling with autotools and openssl 1.1.0
Since the functions previously checked against have been removed in
openssl 1.1.0, it would not compile. This changes it so that functions
available in both 1.0.2 and 1.1.0 are used instead.
I originally had a lot of problems getting it to work, using the example
from https://wiki.openssl.org/index.php/Library_Initialization#Autoconf
as then it would no longer link against ssl. It turns out that this was
because when AC_CHECK_LIB has a action-if-found specified, it will NOT
add ssl to LIBS, as opposed to what is said on
https://autotools.io/autoconf/finding.html -- I discovered this after
finally just going to the original documentation, which correctly
documents the macro
(https://www.gnu.org/software/autoconf/manual/autoconf-2.61/html_node/Libraries.html)
Sebastian Blunt [Fri, 28 Apr 2017 12:18:17 +0000 (14:18 +0200)]
Fix error compiling with openssl 1.1.0
Would throw a dereferencing pointer to incomplete type previously. This
change is compatible with both openssl 1.1.0 and 1.0.2, the only
supported openssl releases.
Building with autotools and openssl 1.1.0 does still not work.
Felix Morgner [Mon, 6 Feb 2017 08:38:04 +0000 (09:38 +0100)]
Bump to 0.2.17rc1
Felix Morgner [Thu, 26 Jan 2017 23:32:24 +0000 (00:32 +0100)]
Add Travis CI configuration
Felix Morgner [Thu, 26 Jan 2017 13:52:49 +0000 (14:52 +0100)]
Update contributors
Felix Morgner [Thu, 26 Jan 2017 13:35:37 +0000 (14:35 +0100)]
Merge pull request #103 from l2dy/patch-1
Hotfix TLSv1 support for mbed TLS
Felix Morgner [Thu, 26 Jan 2017 13:06:08 +0000 (14:06 +0100)]
Support for mbed TLS 2.4 fixes #102
Felix Morgner [Thu, 26 Jan 2017 12:39:44 +0000 (13:39 +0100)]
Merge pull request #98 from adufray/patch-1
Zero King [Thu, 26 Jan 2017 12:21:32 +0000 (12:21 +0000)]
Hotfix TLSv1 support for mbed TLS
Felix Morgner [Thu, 26 Jan 2017 12:12:25 +0000 (13:12 +0100)]
Merge pull request #80 from Nauxuron/master
Felix Morgner [Thu, 26 Jan 2017 12:08:41 +0000 (13:08 +0100)]
Adjust pull request #80
Felix Morgner [Thu, 26 Jan 2017 11:30:42 +0000 (12:30 +0100)]
Merge pull request #100 from C4K3/scheduler-timing
Set scheduling policy before dropping privileges
Felix Morgner [Thu, 26 Jan 2017 11:28:58 +0000 (12:28 +0100)]
Merge pull request #101 from C4K3/bindport6
bindport6 defaults to bindport, rather than 64738
Sebastian Blunt [Mon, 26 Dec 2016 18:20:56 +0000 (19:20 +0100)]
bindport6 defaults to bindport, rather than 64738
Previously if bindport6 was unspecified it would always default to
64738, this changes it so that it instead defaults to whatever bindport
is, i.e. as long as bindport6 is unspecified, then umurmur will bind to
the same ports on v4 and v6. If bindport6 is specified it will of course
take precedence.
Suggested in #97.
Sebastian Blunt [Tue, 6 Dec 2016 17:11:14 +0000 (18:11 +0100)]
Set scheduling policy before dropping privileges
Previously if set to daemonize, set to run with realtime priority, and
set to drop privileges, umurmur would try to set the scheduling policy
after dropping privileges, which would fail as unprivileged processes
are not allowed to set a realtime scheduling policy as of Linux 2.6.12.
Fixes #94.
Felix Morgner [Sat, 26 Nov 2016 11:02:00 +0000 (12:02 +0100)]
Update contributors
Felix Morgner [Sat, 26 Nov 2016 10:57:51 +0000 (11:57 +0100)]
Merge pull request #99 from C4K3/show-addresses-option
Sebastian Blunt [Wed, 16 Nov 2016 20:44:22 +0000 (21:44 +0100)]
Add show-addresses option, to optionally hide user's IP addresses
Currently IP addresses of every connected user are visible to everybody
through the user information dialog. This adds an option of whether or
not to show them, if set to true (default) then everything will be as
before, whereas with false they will not be shown to anybody.
IP addresses will still be logged in log messages and so forth.
Fixes #81.
adufray [Sat, 15 Oct 2016 22:51:00 +0000 (17:51 -0500)]
Use modern ciphers & prefer server order
Set ciphers to prefer ChaCha20, ephemeral elliptic curve Diffie-Hellman, and AES with GCM mode, in that order. Also add the flag to the SSL context to prefer the server's cipher ordering.
Wim de With [Tue, 5 Jan 2016 14:04:59 +0000 (15:04 +0100)]
Do user switch after SSL keys are initialized
Since SSL private keys are usually stored as readable by root only, and
if a user to switch to is specified, the switch will already have taken
place before the SSL keys are read. This means that umurmur still won't
have permission to read the keys. The fix is to switch users after
initialization.
The second problem occurs when systemd is used. If systemd is used, it's
better to let systemd handle the daemonizing of the process. However,
this means that the process will never switch users when the systemd
service is started. So this fixes that by switching the user in all
cases.
Felix Morgner [Sun, 6 Mar 2016 22:54:51 +0000 (23:54 +0100)]
Hotfix TLSv1 support for OpenSSL #84
Felix Morgner [Sun, 6 Mar 2016 22:40:45 +0000 (23:40 +0100)]
Upgrade TLS suites for GnuTLS, mbedTLS and OpenSSL
I could not figure out whether or not PolarSSL, which is technically
now mbedTLS, does support ECDHE suites. I currently have no access to
PolarSSL myself. It would be great if somebody could figure that one
out. Relates to #82, fixes #84 and #77.
Felix Morgner [Sat, 5 Mar 2016 15:18:15 +0000 (16:18 +0100)]
Merge pull request #83 from pfmooney/sockoptlen
Fix size of value passed to setsockopt
Felix Morgner [Sat, 5 Mar 2016 15:15:04 +0000 (16:15 +0100)]
Merge pull request #78 from l2dy/patch-1
mbedtls_havege_init in mbedcrypto
Patrick Mooney [Sun, 21 Feb 2016 08:11:34 +0000 (02:11 -0600)]
Fix size of value passed to setsockopt
l2dy [Sun, 13 Dec 2015 17:36:47 +0000 (01:36 +0800)]
mbedtls havege
Felix Morgner [Mon, 9 Nov 2015 08:48:39 +0000 (09:48 +0100)]
Merge branch 'snowblind-master'
Felix Morgner [Mon, 9 Nov 2015 08:47:37 +0000 (09:47 +0100)]
Merge branch 'master' of https://github.com/snowblind/umurmur into snowblind-master
Felix Morgner [Mon, 9 Nov 2015 08:36:56 +0000 (09:36 +0100)]
Update numurmon and umurmur-monitor
Felix Morgner [Mon, 9 Nov 2015 08:34:36 +0000 (09:34 +0100)]
Move cmake includes required by SelectRTBackend
Felix Morgner [Sat, 7 Nov 2015 15:18:21 +0000 (16:18 +0100)]
Update numurmon and umurmur-monitor
Felix Morgner [Sat, 7 Nov 2015 14:58:48 +0000 (15:58 +0100)]
Update numurmon
Felix Morgner [Thu, 5 Nov 2015 17:10:30 +0000 (18:10 +0100)]
Fix repo URL for numurmon
Felix Morgner [Thu, 5 Nov 2015 17:06:08 +0000 (18:06 +0100)]
Update CMake environment and add new tool
Felix Morgner [Thu, 5 Nov 2015 15:12:25 +0000 (16:12 +0100)]
Add nurmurmon to tools
Michael J. Pounders [Thu, 22 Oct 2015 01:32:29 +0000 (21:32 -0400)]
Add client Key hash to shm_area
Felix Morgner [Tue, 22 Sep 2015 00:37:40 +0000 (17:37 -0700)]
Switch to safe calloc wrapper
The mbedTLS backend was still using plain calloc. I refactored the code
to use the new safe calloc wrapper.
Felix Morgner [Tue, 22 Sep 2015 00:35:04 +0000 (17:35 -0700)]
Add missing include
The include of stdlib.h was missing from memory.c resulting in a
compiler warning when using the GnuTLS backend.
Felix Morgner [Tue, 22 Sep 2015 00:28:44 +0000 (17:28 -0700)]
Merge branch 'master' of github.com:fmorgner/umurmur
Felix Morgner [Tue, 22 Sep 2015 00:17:12 +0000 (17:17 -0700)]
Merge pull request #71 from Rawi666/mbedtls2x
mbedTLS 2.x support
Szymon Pusz [Wed, 12 Aug 2015 16:27:03 +0000 (18:27 +0200)]
mbedTLS 2.x memory improvement
SSL config is now created during init only and not for each client (should save a couple of memory bytes)
Martin Johansson [Tue, 4 Aug 2015 08:38:18 +0000 (10:38 +0200)]
Remove '-r' switch from OpenWRT init script since current default C-library (musl) doesn't support Posix realtime API.
Andres Erbsen [Wed, 15 Jul 2015 06:08:12 +0000 (23:08 -0700)]
ssli_openssl.c:161: s/bool/bool_t/
To be consistent with existing code (and require less patches on OpenBSD).
Felix Morgner [Tue, 11 Aug 2015 18:28:43 +0000 (20:28 +0200)]
Merge pull request #70 from andres-erbsen/patch-1
ssli_openssl.c:161: s/bool/bool_t/
Martin Johansson [Tue, 4 Aug 2015 08:41:36 +0000 (10:41 +0200)]
Merge branch 'master' of github.com:fatbob313/umurmur
Martin Johansson [Tue, 4 Aug 2015 08:38:18 +0000 (10:38 +0200)]
Remove '-r' switch from OpenWRT init script since current default C-library (musl) doesn't support Posix realtime API.
Szymon Pusz [Sat, 25 Jul 2015 20:07:56 +0000 (22:07 +0200)]
mbedTLS 2.x support
Andres Erbsen [Wed, 15 Jul 2015 06:08:12 +0000 (23:08 -0700)]
ssli_openssl.c:161: s/bool/bool_t/
To be consistent with existing code (and require less patches on OpenBSD).
Felix Morgner [Mon, 13 Jul 2015 08:18:54 +0000 (10:18 +0200)]
Fixed build errors
Dan Turner [Sun, 12 Jul 2015 11:15:42 +0000 (12:15 +0100)]
Fixed typo in new safe malloc.
Dan Turner [Thu, 25 Jun 2015 15:05:51 +0000 (16:05 +0100)]
Removed null-pointer dereference in low mem.
Felix Morgner [Sun, 12 Jul 2015 13:01:07 +0000 (15:01 +0200)]
Use different API for reading TLS cert (fixes #64)
The OpenSSL TLS backend now reads the certificate file using
SSL_CTX_use_certificate_chain_file(...) so that concatenated
certificate files containing a verification chain are read correctly.
Thanks to Andres Erbsen (@andres-erbsen) for reporting the issue.
Felix Morgner [Sun, 12 Jul 2015 11:12:46 +0000 (13:12 +0200)]
Merge pull request #66 from omor1/master
Fix for commit #
2eec458
Omri Mor [Sun, 12 Jul 2015 09:34:18 +0000 (12:34 +0300)]
Null pointer references
Felix Morgner [Tue, 7 Jul 2015 08:14:54 +0000 (10:14 +0200)]
Improved Autotools environment
The config.h.in does not overwrite the in-tree file anymore.
Additionally, the build is now silent by default.
Felix Morgner [Tue, 7 Jul 2015 07:50:24 +0000 (09:50 +0200)]
Improved builds on OS X
Felix Morgner [Mon, 6 Jul 2015 12:39:54 +0000 (14:39 +0200)]
updated README
Felix Morgner [Mon, 6 Jul 2015 09:20:34 +0000 (11:20 +0200)]
Fixed mutiple possible null-pointer derefences #63
Felix Morgner [Fri, 19 Jun 2015 22:39:29 +0000 (00:39 +0200)]
Bumped version number for bugfix release
This release fixes the following 2 bugs:
1. A crash in the SHM API when a client is being removed from the server
during a SHM update (issue #60) - fixed by Daniel Weeks (@doctaweeks)
2. Failure to detect missing IPv6 support in FreeBSD jails - fixed by
Marcus Ball (@marcusball)
It is strongly advised that users who make use of the SHM API (e.g.
using umurmur-monitor) upgrade to this version, as bug #60 could cause
possible denial-of-service due to the server crashing.
Felix Morgner [Fri, 19 Jun 2015 22:32:41 +0000 (00:32 +0200)]
Merge pull request #62 from marcusball/master
Added socket errno EPROTONOSUPPORT to socket support check in checkIPversions()
Felix Morgner [Fri, 19 Jun 2015 22:17:36 +0000 (00:17 +0200)]
Merge pull-request #61 (fixes issue #60)
shm format cleanup and crash fix
Marcus Ball [Fri, 19 Jun 2015 20:08:58 +0000 (16:08 -0400)]
Added socket errno EPROTONOSUPPORT to socket support check in checkIPversions()
Daniel M. Weeks [Thu, 11 Jun 2015 15:44:33 +0000 (11:44 -0400)]
Fix shm crash if client is being removed
Daniel M. Weeks [Thu, 11 Jun 2015 15:42:42 +0000 (11:42 -0400)]
Convert file format DOS->UNIX
Daniel M. Weeks [Thu, 11 Jun 2015 15:26:04 +0000 (11:26 -0400)]
Mark Log_fatal noreturn
Martin Johansson [Tue, 19 May 2015 16:49:31 +0000 (18:49 +0200)]
Add compile-time check for POLARSSL_VERSION_FEATURES before using version_get_string().
Felix Morgner [Thu, 14 May 2015 08:47:05 +0000 (10:47 +0200)]
Merge pull request #59 from Hello71/patch-1
ChangeLog: fix typo
Alex Xu [Sun, 12 Apr 2015 14:25:20 +0000 (10:25 -0400)]
ChangeLog: fix typo
Felix Morgner [Tue, 7 Apr 2015 10:01:12 +0000 (12:01 +0200)]
Release 0.2.16
Felix Morgner [Tue, 7 Apr 2015 09:37:56 +0000 (11:37 +0200)]
Checking for GnuTLS version. Fixes #58
Felix Morgner [Mon, 16 Feb 2015 07:44:30 +0000 (08:44 +0100)]
updated umurmur-monitor
Felix Morgner [Mon, 16 Feb 2015 06:14:19 +0000 (07:14 +0100)]
silenced two warnings
Felix Morgner [Wed, 11 Feb 2015 13:25:06 +0000 (14:25 +0100)]
fixed GnuTLS related crash when daemonizing
additional fix for DH-parameters not being set
Felix Morgner [Wed, 11 Feb 2015 12:01:15 +0000 (13:01 +0100)]
added support for building umurmur-monitor
It is now possible (with cmake) to build umurmur-monitor as a
subproject of umumur. To do so, use the following command line to clone
umurmur:
git clone --recursive <url-to-repo>
or simply update your current copy (fetch, rebase, merge, whatever you
prefer) and then run:
git submodule udate --init
Afterwards, create your build directory and use either ccmake or a
command line similiar to the following:
cmake <path-to-CMakeLists.txt-of-umurmur> -DUSE_SHAREDMEMORY_API=ON \
-DBUILD_UMURMUR_MONITOR=ON <other-flags>
Currently, building umurmur-monitor is OFF by default, even if cmake
finds the sources for the project. This might change in the future when
demanded.
Felix Morgner [Wed, 11 Feb 2015 10:08:52 +0000 (11:08 +0100)]
added umurmur-monitor as a submodule
Felix Morgner [Wed, 11 Feb 2015 10:03:49 +0000 (11:03 +0100)]
Merge pull request #56 from fmorgner/master
A little bit of warning related cleanup
Felix Morgner [Wed, 11 Feb 2015 10:00:52 +0000 (11:00 +0100)]
fixed qualification warnings
Felix Morgner [Wed, 11 Feb 2015 09:57:42 +0000 (10:57 +0100)]
fixed type conversion warnings
Felix Morgner [Wed, 11 Feb 2015 09:49:47 +0000 (10:49 +0100)]
moved mon-umurmurd into seperate project
Felix Morgner [Wed, 11 Feb 2015 09:44:22 +0000 (10:44 +0100)]
fixed copy/paste mistake
Felix Morgner [Tue, 10 Feb 2015 18:55:18 +0000 (19:55 +0100)]
Merge pull request #55 from fmorgner/master
Added GnuTLS support to the autotools build environment
Felix Morgner [Tue, 10 Feb 2015 18:46:04 +0000 (19:46 +0100)]
Merge branch 'master' of github.com:umurmur/umurmur