From e875b12895aef2423878b8c6e7c5641d479383bc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 14:04:25 +0000 Subject: [PATCH 1/6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cjdns.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cjdns.spec b/cjdns.spec index 333d7e6..3680d47 100644 --- a/cjdns.spec +++ b/cjdns.spec @@ -81,7 +81,7 @@ Name: cjdns # major version is cjdns protocol version: Version: 20.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The privacy-friendly network without borders # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC # cnacl is unused except when use_embedded is true @@ -748,6 +748,9 @@ fi %{_bindir}/graphStats %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 20.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Wed Jan 22 2020 Stuart Gathman - 20.5-1 - New upstream release From 2046c35701e2cebde2d13cb4e080f8f82bf72b5b Mon Sep 17 00:00:00 2001 From: "Stuart D. Gathman" Date: Mon, 16 Mar 2020 17:01:00 -0400 Subject: [PATCH 2/6] Minor doc updates --- cjdns.README_Fedora.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/cjdns.README_Fedora.md b/cjdns.README_Fedora.md index 7f8430b..397f10c 100644 --- a/cjdns.README_Fedora.md +++ b/cjdns.README_Fedora.md @@ -45,10 +45,11 @@ cannot [insert standard cryptography disclaimer] be spoofed. Most mesh VPNs decrypt packets before routing to a new node. This means that if a relay node is compromised in a conventional VPN, it can see and even alter packets. All cjdns packets are end to end encrypted - relay nodes are untrusted. Cjdns is -source routed, there is no centralized routing. If a node is "blackholing" -your packets for some reason - simply doesn't route through that node anymore. -(But see Security below.) The usual security problems with source routing -don't apply because cjdns IPs can't be (easily) spoofed. +source routed, there is no centralized routing (an option for chosen route +servers is slated for future implementation). If a node is "blackholing" +your packets for some reason - cjdns simply doesn't route through that node +anymore. (But see Security below.) The usual security problems with source +routing don't apply because cjdns IPs can't be (easily) spoofed. ## Startup @@ -80,9 +81,6 @@ can speed this up dramatically with: The resume service restarts cjdns when the system wakes up from sleep. -For rhel6, use ```start cjdns``` instead of systemctl - ditto for restart -and stop. - ## Security By default, Fedora Workstation will treat the tun device created by cjdroute as @@ -103,7 +101,8 @@ are more cumbersome. The Distributed Hash Table algorithm is a core component of cjdns - which is vulnerable to a Denial of Service attack known as "Sybil". This attack can block specific updates to the DHT - to prevent your node from joining a mesh, -for instance. +for instance. The Sybil attack is less effective because Cjdns uses +chosen peers. Simply cut off abusive peers. On the positive side, you can safely use telnet to cjdns IPs and the http protocol is automatically encrypted (but you need a secure DNS or raw ip to be @@ -150,7 +149,7 @@ http_access allow adultpcs You may install a network service that depends on cjdns, for instance you might install thttpd to serve up -[nodeinfo.json](https://docs.meshwith.me/en/cjdns/nodeinfo.json.html). If +[nodeinfo.json](https://github.com/hyperboria/docs/blob/master/cjdns/nodeinfo-json.md). If thttpd is configured to listen only on your cjdns IP, then it will not start until cjdns is up and running. Add ```After=cjdns-wait-online.service``` to ```thttpd.service``` to hold off starting the service until cjdns has the From 2180d4ec58532d44ed5df9c1aa28895db6de0109 Mon Sep 17 00:00:00 2001 From: "Stuart D. Gathman" Date: Thu, 2 Apr 2020 11:23:54 -0400 Subject: [PATCH 3/6] Rebuilt for f33 --- cjdns.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cjdns.spec b/cjdns.spec index 3680d47..9ff502c 100644 --- a/cjdns.spec +++ b/cjdns.spec @@ -81,7 +81,7 @@ Name: cjdns # major version is cjdns protocol version: Version: 20.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The privacy-friendly network without borders # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC # cnacl is unused except when use_embedded is true @@ -748,6 +748,10 @@ fi %{_bindir}/graphStats %changelog +* Mon Mar 16 2020 Stuart Gathman - 20.5-3 +- Rebuilt for Fedora 33 +- Minor doc updates + * Tue Jan 28 2020 Fedora Release Engineering - 20.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From df2aefa4b621bc9a950888c975a3c7576484260b Mon Sep 17 00:00:00 2001 From: "Stuart D. Gathman" Date: Tue, 14 Apr 2020 16:39:38 -0400 Subject: [PATCH 4/6] New upstream version. --- cjdns.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cjdns.spec b/cjdns.spec index 9ff502c..491e384 100644 --- a/cjdns.spec +++ b/cjdns.spec @@ -80,8 +80,8 @@ Name: cjdns # major version is cjdns protocol version: -Version: 20.5 -Release: 3%{?dist} +Version: 20.6 +Release: 1%{?dist} Summary: The privacy-friendly network without borders # cjdns is all GPLv3 except libuv which is MIT and BSD and ISC # cnacl is unused except when use_embedded is true @@ -338,7 +338,7 @@ sed -i -e '/optimizeLevel:/ s/-O0/-O2/' node_build/make.js %endif %patch19 -p1 -b .fuzz #patch20 -p1 -b .sysctl -%patch22 -b .gcc10 +#patch22 -b .gcc10 cp %{SOURCE1} README_Fedora.md From 96130950b3e2b326da7c43ab8cb56ba326c6f1a4 Mon Sep 17 00:00:00 2001 From: "Stuart D. Gathman" Date: Tue, 14 Apr 2020 16:42:50 -0400 Subject: [PATCH 5/6] New upstream source --- .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index d2b88d7..a0b72fa 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /cjdns-v20.4.tar.gz /python-cjdns-0.1.tar.gz /cjdns-v20.5.tar.gz +/cjdns-v20.6.tar.gz diff --git a/sources b/sources index 57c705f..a1f0a31 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ SHA512 (cjdns-v20.4.tar.gz) = 5a6bd36b2edd07fa883efa4b14dd8a7ba0189bf43404e27ab6ae3b0c2f1e63ce738c52b34416f51f93c9752f6654ea95eac2c71897d2a1e19f4a6d1ca3bad46d SHA512 (python-cjdns-0.1.tar.gz) = f3b7c9afe6bc2f8b0b872cc7fbe9e997657ecf1cbb1f7e8e417099f1265541af919e965be2508a8613f3a2223020ac077473fe48c78f9553dda1a927364bb256 SHA512 (cjdns-v20.5.tar.gz) = 36ae20182b9e9601ae64630cb0fa96caccbe5279be48520ea8b457a15437da5c9b48a5ae5588bd76ef819efe696b5a582a906a50e4dbe7760bb96fa7d1d63ea3 +SHA512 (cjdns-v20.6.tar.gz) = 34057583f2215899b96f95cc60ba0532aff12834ad2c4b432a6752c811f60ed3d6d33ec82e039b159f090558020faf69c71b373ac33ca9e41b186be0b87c3332 From 654b931376287c98d6caac6ec8b95e3817943379 Mon Sep 17 00:00:00 2001 From: "Stuart D. Gathman" Date: Tue, 14 Apr 2020 17:11:47 -0400 Subject: [PATCH 6/6] Adjust self test timeout --- cjdns.fuzz.patch | 2 +- cjdns.spec | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cjdns.fuzz.patch b/cjdns.fuzz.patch index 878f7c6..33b4ada 100644 --- a/cjdns.fuzz.patch +++ b/cjdns.fuzz.patch @@ -7,7 +7,7 @@ diff -up ./test/Main_fuzz_test.c.fuzz ./test/Main_fuzz_test.c uint64_t now = Time_currentTimeMilliseconds(ctx->base); - if ((now - ctx->startTime) > 5000) { - Assert_failure("Failed to link in 5 seconds"); -+ if ((now - ctx->startTime) > 100000) { ++ if ((now - ctx->startTime) > 200000) { + Assert_failure("Failed to link in 100 seconds"); } } diff --git a/cjdns.spec b/cjdns.spec index 491e384..cacbc91 100644 --- a/cjdns.spec +++ b/cjdns.spec @@ -331,9 +331,9 @@ rm -rf node_build/dependencies/libuv %else rm -rf node_build/dependencies/libuv/build/gyp # use system gyp %ifarch s390x -sed -i -e '/optimizeLevel:/ s/-O0/-O1/' node_build/make.js +sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js %else -sed -i -e '/optimizeLevel:/ s/-O0/-O2/' node_build/make.js +sed -i -e '/optimizeLevel:/ s/-O0/-O3/' node_build/make.js %endif %endif %patch19 -p1 -b .fuzz @@ -748,6 +748,9 @@ fi %{_bindir}/graphStats %changelog +* Mon Mar 16 2020 Stuart Gathman - 20.6-1 +- New upstream release + * Mon Mar 16 2020 Stuart Gathman - 20.5-3 - Rebuilt for Fedora 33 - Minor doc updates