debian/0000775000000000000000000000000013332331075007170 5ustar debian/libzmq3-dev.install0000664000000000000000000000015612311320347012713 0ustar usr/include/* usr/lib/*/libzmq.a usr/lib/*/libzmq.so usr/lib/*/pkgconfig/libzmq.pc debian/zmq.hpp usr/include debian/libzmq3.symbols0000664000000000000000000000303612311320347012161 0ustar libzmq.so.3 libzmq3 #MINVER# zmq_bind@Base 3.2.3+dfsg zmq_close@Base 3.2.3+dfsg zmq_connect@Base 3.2.3+dfsg zmq_ctx_destroy@Base 3.2.3+dfsg zmq_ctx_get@Base 3.2.3+dfsg zmq_ctx_new@Base 3.2.3+dfsg zmq_ctx_set@Base 3.2.3+dfsg zmq_ctx_shutdown@Base 4.0.1+dfsg zmq_ctx_term@Base 4.0.1+dfsg zmq_curve_keypair@Base 4.0.1+dfsg zmq_device@Base 3.2.3+dfsg zmq_disconnect@Base 3.2.3+dfsg zmq_errno@Base 3.2.3+dfsg zmq_getsockopt@Base 3.2.3+dfsg zmq_init@Base 3.2.3+dfsg zmq_msg_close@Base 3.2.3+dfsg zmq_msg_copy@Base 3.2.3+dfsg zmq_msg_data@Base 3.2.3+dfsg zmq_msg_get@Base 3.2.3+dfsg zmq_msg_init@Base 3.2.3+dfsg zmq_msg_init_data@Base 3.2.3+dfsg zmq_msg_init_size@Base 3.2.3+dfsg zmq_msg_more@Base 3.2.3+dfsg zmq_msg_move@Base 3.2.3+dfsg zmq_msg_recv@Base 3.2.3+dfsg zmq_msg_send@Base 3.2.3+dfsg zmq_msg_set@Base 3.2.3+dfsg zmq_msg_size@Base 3.2.3+dfsg zmq_poll@Base 3.2.3+dfsg zmq_proxy@Base 3.2.3+dfsg zmq_recv@Base 3.2.3+dfsg zmq_recviov@Base 3.2.3+dfsg zmq_recvmsg@Base 3.2.3+dfsg zmq_send@Base 3.2.3+dfsg zmq_send_const@Base 4.0.1+dfsg zmq_sendiov@Base 3.2.3+dfsg zmq_sendmsg@Base 3.2.3+dfsg zmq_setsockopt@Base 3.2.3+dfsg zmq_sleep@Base 3.2.3+dfsg zmq_socket@Base 3.2.3+dfsg zmq_socket_monitor@Base 3.2.3+dfsg zmq_stopwatch_start@Base 3.2.3+dfsg zmq_stopwatch_stop@Base 3.2.3+dfsg zmq_strerror@Base 3.2.3+dfsg zmq_term@Base 3.2.3+dfsg zmq_threadclose@Base 4.0.1+dfsg zmq_threadstart@Base 4.0.1+dfsg zmq_unbind@Base 3.2.3+dfsg zmq_version@Base 3.2.3+dfsg zmq_z85_decode@Base 4.0.1+dfsg zmq_z85_encode@Base 4.0.1+dfsg debian/repack.stub0000775000000000000000000000401712311320347011335 0ustar #!/bin/sh : <<=cut =pod =head1 NAME repack.stub - script to repack upstream tarballs from uscan =head1 INSTRUCTIONS put this in debian/repack.stub and add "debian sh debian/repack.stub" to the end of the line in debian/watch. you will also need to add a version mangle to debian/watch. then create a debian/repack.local. this is a shell script that is sourced under "set -e", so be careful to check returns codes. =head1 FUNCTIONS =over 4 =item rm rm is replaced by a function that does some magic ("rm -rv" by default), but also changes MANIFEST if $MANIFEST is 1 =item mv mv is replaced by a function that just does mv (by default), but also changes MANIFEST if $MANIFEST is 1 =item requires_version requires_version is there for future usage for requiring certain versions of the script =back =head1 VARIABLES =over 4 =item SUFFIX defaults to +dfsg what to append to the upstream version =item RM_OPTS defaults to -vrf options to pass to rm =item MANIFEST defaults to 0, set to 1 to turn on. this will manipulate MANIFEST files in CPAN tarballs. =item UP_BASE this is the directory where the upstream source is. =back =head1 COPYRIGHT AND LICENSE Copyright 2009, Ryan Niebur This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut if [ -z "$REPACK_SH" ]; then if [ -x /usr/share/pkg-perl-tools/repack.sh ]; then REPACK_SH='/usr/share/pkg-perl-tools/repack.sh' elif [ -f ../../scripts/repack.sh ]; then REPACK_SH=../../scripts/repack.sh fi if [ -z "$REPACK_SH" ] && which repack.sh > /dev/null; then REPACK_SH=$(which repack.sh) fi fi if [ ! -f "$REPACK_SH" ]; then echo "Couldn't find a repack.sh. please put it in your PATH, put it at ../../scripts/repack.sh, or put it somewhere else and set the REPACK_SH variable" echo "You can get it from http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/pkg-perl-tools.git;a=blob_plain;f=scripts/repack.sh;hb=HEAD" exit 1 fi exec "$REPACK_SH" "$@" debian/patches/0000775000000000000000000000000013332314362010617 5ustar debian/patches/CVE-2014-9721.patch0000664000000000000000000003160413332322043013240 0ustar - See https://github.com/zeromq/zeromq4-x/pull/101 - Almost unchanged from https://github.com/zeromq/zeromq4-x/commit/77ef79e3 - John Morris From 77ef79e3b565f120172c6d1c30fabec6185553da Mon Sep 17 00:00:00 2001 From: Pieter Hintjens Date: Fri, 5 Dec 2014 09:07:37 +0100 Subject: [PATCH] Problem: issue #1273, protocol downgrade attack Solution: backport fix from libzmq master. Also backported test cases. --- src/session_base.cpp | 8 +++ src/session_base.hpp | 1 + src/stream_engine.cpp | 10 +++ tests/test_security_curve.cpp | 50 ++++++++++++++ tests/test_security_null.cpp | 125 +++++++++++++++++++++------------- tests/test_security_plain.cpp | 37 +++++++++- 6 files changed, 183 insertions(+), 48 deletions(-) diff --git a/src/session_base.cpp b/src/session_base.cpp index 7e27e31..638b164 100644 --- a/src/session_base.cpp +++ b/src/session_base.cpp @@ -324,6 +324,14 @@ int zmq::session_base_t::zap_connect () return 0; } +bool zmq::session_base_t::zap_enabled () +{ + return ( + options.mechanism != ZMQ_NULL || + (options.mechanism == ZMQ_NULL && options.zap_domain.length() > 0) + ); +} + void zmq::session_base_t::process_attach (i_engine *engine_) { zmq_assert (engine_ != NULL); diff --git a/src/session_base.hpp b/src/session_base.hpp index 2ef7dc5..413e7a0 100644 --- a/src/session_base.hpp +++ b/src/session_base.hpp @@ -68,6 +68,7 @@ namespace zmq int push_msg (msg_t *msg_); int zap_connect (); + bool zap_enabled (); // Fetches a message. Returns 0 if successful; -1 otherwise. // The caller is responsible for freeing the message when no diff --git a/src/stream_engine.cpp b/src/stream_engine.cpp index 4d252d8..4c07a6a 100644 --- a/src/stream_engine.cpp +++ b/src/stream_engine.cpp @@ -464,6 +464,11 @@ bool zmq::stream_engine_t::handshake () // Is the peer using ZMTP/1.0 with no revision number? // If so, we send and receive rest of identity message if (greeting_recv [0] != 0xff || !(greeting_recv [9] & 0x01)) { + if (session->zap_enabled ()) { + // Reject ZMTP 1.0 connections if ZAP is enabled + error (); + return false; + } encoder = new (std::nothrow) v1_encoder_t (out_batch_size); alloc_assert (encoder); @@ -515,6 +520,11 @@ bool zmq::stream_engine_t::handshake () } else if (greeting_recv [revision_pos] == ZMTP_2_0) { + if (session->zap_enabled ()) { + // Reject ZMTP 1.0 connections if ZAP is enabled + error (); + return false; + } encoder = new (std::nothrow) v2_encoder_t (out_batch_size); alloc_assert (encoder); diff --git a/tests/test_security_curve.cpp b/tests/test_security_curve.cpp index 788fb2c..e8e24c6 100644 --- a/tests/test_security_curve.cpp +++ b/tests/test_security_curve.cpp @@ -18,6 +18,17 @@ */ #include "testutil.hpp" +#if defined (ZMQ_HAVE_WINDOWS) +# include +# include +# include +# define close closesocket +#else +# include +# include +# include +# include +#endif // We'll generate random test keys at startup static char client_public [41]; @@ -199,6 +210,45 @@ int main (void) expect_bounce_fail (server, client); close_zero_linger (client); + // Unauthenticated messages from a vanilla socket shouldn't be received + struct sockaddr_in ip4addr; + int s; + + ip4addr.sin_family = AF_INET; + ip4addr.sin_port = htons (9998); + inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr); + + s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); + rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); + assert (rc > -1); + // send anonymous ZMTP/1.0 greeting + send (s, "\x01\x00", 2, 0); + // send sneaky message that shouldn't be received + send (s, "\x08\x00sneaky\0", 9, 0); + int timeout = 150; + zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout)); + char *buf = s_recv (server); + if (buf != NULL) { + printf ("Received unauthenticated message: %s\n", buf); + assert (buf == NULL); + } + close (s); + + // Check return codes for invalid buffer sizes + client = zmq_socket (ctx, ZMQ_DEALER); + assert (client); + errno = 0; + rc = zmq_setsockopt (client, ZMQ_CURVE_SERVERKEY, server_public, 123); + assert (rc == -1 && errno == EINVAL); + errno = 0; + rc = zmq_setsockopt (client, ZMQ_CURVE_PUBLICKEY, client_public, 123); + assert (rc == -1 && errno == EINVAL); + errno = 0; + rc = zmq_setsockopt (client, ZMQ_CURVE_SECRETKEY, client_secret, 123); + assert (rc == -1 && errno == EINVAL); + rc = zmq_close (client); + assert (rc == 0); + // Shutdown rc = zmq_close (server); assert (rc == 0); diff --git a/tests/test_security_null.cpp b/tests/test_security_null.cpp index 8a55632..0264424 100644 --- a/tests/test_security_null.cpp +++ b/tests/test_security_null.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file + Copyright (c) 2007-2014 Contributors as noted in the AUTHORS file This file is part of 0MQ. @@ -18,6 +18,17 @@ */ #include "testutil.hpp" +#if defined (ZMQ_HAVE_WINDOWS) +# include +# include +# include +# define close closesocket +#else +# include +# include +# include +# include +#endif static void zap_handler (void *handler) @@ -27,7 +38,8 @@ zap_handler (void *handler) char *version = s_recv (handler); if (!version) break; // Terminating - char *sequence = s_recv (handler); + + char *sequence = s_recv (handler); char *domain = s_recv (handler); char *address = s_recv (handler); char *identity = s_recv (handler); @@ -57,7 +69,7 @@ zap_handler (void *handler) free (identity); free (mechanism); } - zmq_close (handler); + close_zero_linger (handler); } int main (void) @@ -76,72 +88,91 @@ int main (void) void *zap_thread = zmq_threadstart (&zap_handler, handler); // We bounce between a binding server and a connecting client + + // We first test client/server with no ZAP domain + // Libzmq does not call our ZAP handler, the connect must succeed void *server = zmq_socket (ctx, ZMQ_DEALER); assert (server); void *client = zmq_socket (ctx, ZMQ_DEALER); assert (client); - - // We first test client/server with no ZAP domain - // Libzmq does not call our ZAP handler, the connect must succeed rc = zmq_bind (server, "tcp://127.0.0.1:9000"); assert (rc == 0); - rc = zmq_connect (client, "tcp://localhost:9000"); + rc = zmq_connect (client, "tcp://127.0.0.1:9000"); assert (rc == 0); bounce (server, client); - zmq_unbind (server, "tcp://127.0.0.1:9000"); - zmq_disconnect (client, "tcp://localhost:9000"); - + + close_zero_linger (client); + close_zero_linger (server); + // Now define a ZAP domain for the server; this enables // authentication. We're using the wrong domain so this test // must fail. - // ************************************************************** - // PH: the following causes libzmq to get confused, so that the - // next step fails. To reproduce, uncomment this block. Note that - // even creating a new client/server socket pair, the behaviour - // does not change. - // ************************************************************** - // Destroying the old sockets and creating new ones isn't needed, - // but it shows that the problem isn't related to specific sockets. - //close_zero_linger (client); - //close_zero_linger (server); - //server = zmq_socket (ctx, ZMQ_DEALER); - //assert (server); - //client = zmq_socket (ctx, ZMQ_DEALER); - //assert (client); - //// The above code should not be required - //rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5); - //assert (rc == 0); - //rc = zmq_bind (server, "tcp://127.0.0.1:9001"); - //assert (rc == 0); - //rc = zmq_connect (client, "tcp://localhost:9001"); - //assert (rc == 0); - //expect_bounce_fail (server, client); - //zmq_unbind (server, "tcp://127.0.0.1:9001"); - //zmq_disconnect (client, "tcp://localhost:9001"); - + server = zmq_socket (ctx, ZMQ_DEALER); + assert (server); + client = zmq_socket (ctx, ZMQ_DEALER); + assert (client); + rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5); + assert (rc == 0); + rc = zmq_bind (server, "tcp://127.0.0.1:9001"); + assert (rc == 0); + rc = zmq_connect (client, "tcp://127.0.0.1:9001"); + assert (rc == 0); + expect_bounce_fail (server, client); + close_zero_linger (client); + close_zero_linger (server); + // Now use the right domain, the test must pass + server = zmq_socket (ctx, ZMQ_DEALER); + assert (server); + client = zmq_socket (ctx, ZMQ_DEALER); + assert (client); + rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "TEST", 4); assert (rc == 0); rc = zmq_bind (server, "tcp://127.0.0.1:9002"); assert (rc == 0); - rc = zmq_connect (client, "tcp://localhost:9002"); + rc = zmq_connect (client, "tcp://127.0.0.1:9002"); assert (rc == 0); - // ************************************************************** - // PH: it fails here; though the ZAP reply is 200 OK, and - // null_mechanism.cpp correctly parses that, the connection - // never succeeds and the test hangs. - // ************************************************************** bounce (server, client); - zmq_unbind (server, "tcp://127.0.0.1:9002"); - zmq_disconnect (client, "tcp://localhost:9002"); - - // Shutdown close_zero_linger (client); close_zero_linger (server); - rc = zmq_ctx_term (ctx); + + // Unauthenticated messages from a vanilla socket shouldn't be received + server = zmq_socket (ctx, ZMQ_DEALER); + assert (server); + rc = zmq_setsockopt (server, ZMQ_ZAP_DOMAIN, "WRONG", 5); + assert (rc == 0); + rc = zmq_bind (server, "tcp://127.0.0.1:9003"); assert (rc == 0); - // Wait until ZAP handler terminates. + struct sockaddr_in ip4addr; + int s; + + ip4addr.sin_family = AF_INET; + ip4addr.sin_port = htons(9003); + inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr); + + s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); + rc = connect (s, (struct sockaddr*) &ip4addr, sizeof ip4addr); + assert (rc > -1); + // send anonymous ZMTP/1.0 greeting + send (s, "\x01\x00", 2, 0); + // send sneaky message that shouldn't be received + send (s, "\x08\x00sneaky\0", 9, 0); + int timeout = 150; + zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout)); + char *buf = s_recv (server); + if (buf != NULL) { + printf ("Received unauthenticated message: %s\n", buf); + assert (buf == NULL); + } + close (s); + close_zero_linger (server); + + // Shutdown + rc = zmq_ctx_term (ctx); + assert (rc == 0); + // Wait until ZAP handler terminates zmq_threadclose (zap_thread); return 0; diff --git a/tests/test_security_plain.cpp b/tests/test_security_plain.cpp index 74973fd..c257840 100644 --- a/tests/test_security_plain.cpp +++ b/tests/test_security_plain.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2007-2013 Contributors as noted in the AUTHORS file + Copyright (c) 2007-2014 Contributors as noted in the AUTHORS file This file is part of 0MQ. @@ -18,6 +18,17 @@ */ #include "testutil.hpp" +#if defined (ZMQ_HAVE_WINDOWS) +# include +# include +# include +# define close closesocket +#else +# include +# include +# include +# include +#endif static void zap_handler (void *ctx) @@ -137,6 +148,30 @@ int main (void) expect_bounce_fail (server, client); close_zero_linger (client); + // Unauthenticated messages from a vanilla socket shouldn't be received + struct sockaddr_in ip4addr; + int s; + + ip4addr.sin_family = AF_INET; + ip4addr.sin_port = htons (9998); + inet_pton (AF_INET, "127.0.0.1", &ip4addr.sin_addr); + + s = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP); + rc = connect (s, (struct sockaddr*) &ip4addr, sizeof (ip4addr)); + assert (rc > -1); + // send anonymous ZMTP/1.0 greeting + send (s, "\x01\x00", 2, 0); + // send sneaky message that shouldn't be received + send (s, "\x08\x00sneaky\0", 9, 0); + int timeout = 150; + zmq_setsockopt (server, ZMQ_RCVTIMEO, &timeout, sizeof (timeout)); + char *buf = s_recv (server); + if (buf != NULL) { + printf ("Received unauthenticated message: %s\n", buf); + assert (buf == NULL); + } + close (s); + // Shutdown rc = zmq_close (server); assert (rc == 0); -- 2.17.1 debian/patches/CVE-2014-7203.patch0000664000000000000000000001677413332314041013243 0ustar From 0900a489213d74feb86fc0b343308fe7884a2a3c Mon Sep 17 00:00:00 2001 From: Matthew Hawn Date: Fri, 19 Sep 2014 18:07:57 -0600 Subject: [PATCH] Problem: curve messages can be replayed Solution: ensure message short nonces are strictly increasing and validate them --- src/curve_client.cpp | 21 +++++++++++++++------ src/curve_client.hpp | 1 + src/curve_server.cpp | 19 ++++++++++++++----- src/curve_server.hpp | 1 + 4 files changed, 31 insertions(+), 11 deletions(-) diff --git a/src/curve_client.cpp b/src/curve_client.cpp index f832466..e20d948 100644 --- a/src/curve_client.cpp +++ b/src/curve_client.cpp @@ -35,7 +35,9 @@ zmq::curve_client_t::curve_client_t (const options_t &options_) : mechanism_t (options_), - state (send_hello) + state (send_hello), + cn_nonce(1), + cn_peer_nonce(1) { memcpy (public_key, options_.curve_public_key, crypto_box_PUBLICKEYBYTES); memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES); @@ -111,7 +113,7 @@ int zmq::curve_client_t::encode (msg_t *msg_) uint8_t message_nonce [crypto_box_NONCEBYTES]; memcpy (message_nonce, "CurveZMQMESSAGEC", 16); - memcpy (message_nonce + 16, &cn_nonce, 8); + put_uint64 (message_nonce + 16, cn_nonce); const size_t mlen = crypto_box_ZEROBYTES + 1 + msg_->size (); @@ -139,7 +141,7 @@ int zmq::curve_client_t::encode (msg_t *msg_) uint8_t *message = static_cast (msg_->data ()); memcpy (message, "\x07MESSAGE", 8); - memcpy (message + 8, &cn_nonce, 8); + memcpy (message + 8, message_nonce + 16, 8); memcpy (message + 16, message_box + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES); @@ -169,6 +171,12 @@ int zmq::curve_client_t::decode (msg_t *msg_) uint8_t message_nonce [crypto_box_NONCEBYTES]; memcpy (message_nonce, "CurveZMQMESSAGES", 16); memcpy (message_nonce + 16, message + 8, 8); + uint64_t nonce = get_uint64(message + 8); + if (nonce <= cn_peer_nonce) { + errno = EPROTO; + return -1; + } + cn_peer_nonce = nonce; const size_t clen = crypto_box_BOXZEROBYTES + (msg_->size () - 16); @@ -221,7 +229,7 @@ int zmq::curve_client_t::produce_hello (msg_t *msg_) // Prepare the full nonce memcpy (hello_nonce, "CurveZMQHELLO---", 16); - memcpy (hello_nonce + 16, &cn_nonce, 8); + put_uint64 (hello_nonce + 16, cn_nonce); // Create Box [64 * %x0](C'->S) memset (hello_plaintext, 0, sizeof hello_plaintext); @@ -344,7 +352,7 @@ int zmq::curve_client_t::produce_initiate (msg_t *msg_) const size_t mlen = ptr - initiate_plaintext; memcpy (initiate_nonce, "CurveZMQINITIATE", 16); - memcpy (initiate_nonce + 16, &cn_nonce, 8); + put_uint64 (initiate_nonce + 16, cn_nonce); rc = crypto_box (initiate_box, initiate_plaintext, mlen, initiate_nonce, cn_server, cn_secret); @@ -359,7 +367,7 @@ int zmq::curve_client_t::produce_initiate (msg_t *msg_) // Cookie provided by the server in the WELCOME command memcpy (initiate + 9, cn_cookie, 96); // Short nonce, prefixed by "CurveZMQINITIATE" - memcpy (initiate + 105, &cn_nonce, 8); + memcpy (initiate + 105, initiate_nonce + 16, 8); // Box [C + vouch + metadata](C'->S') memcpy (initiate + 113, initiate_box + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES); @@ -393,6 +401,7 @@ int zmq::curve_client_t::process_ready (msg_t *msg_) memcpy (ready_nonce, "CurveZMQREADY---", 16); memcpy (ready_nonce + 16, ready + 6, 8); + cn_peer_nonce = get_uint64(msg_data + 6); int rc = crypto_box_open_afternm (ready_plaintext, ready_box, clen, ready_nonce, cn_precom); diff --git a/src/curve_client.hpp b/src/curve_client.hpp index c1569d2..4efdf24 100644 --- a/src/curve_client.hpp +++ b/src/curve_client.hpp @@ -95,6 +95,7 @@ namespace zmq // Nonce uint64_t cn_nonce; + uint64_t cn_peer_nonce; int produce_hello (msg_t *msg_); int process_welcome (msg_t *msg_); diff --git a/src/curve_server.cpp b/src/curve_server.cpp index a324441..9081512 100644 --- a/src/curve_server.cpp +++ b/src/curve_server.cpp @@ -40,7 +40,8 @@ zmq::curve_server_t::curve_server_t (session_base_t *session_, peer_address (peer_address_), state (expect_hello), expecting_zap_reply (false), - cn_nonce (1) + cn_nonce (1), + cn_peer_nonce(1), { // Fetch our secret key from socket options memcpy (secret_key, options_.curve_secret_key, crypto_box_SECRETKEYBYTES); @@ -114,7 +115,7 @@ int zmq::curve_server_t::encode (msg_t *msg_) uint8_t message_nonce [crypto_box_NONCEBYTES]; memcpy (message_nonce, "CurveZMQMESSAGES", 16); - memcpy (message_nonce + 16, &cn_nonce, 8); + put_uint64 (message_nonce + 16, cn_nonce); uint8_t flags = 0; if (msg_->flags () & msg_t::more) @@ -144,7 +145,7 @@ int zmq::curve_server_t::encode (msg_t *msg_) uint8_t *message = static_cast (msg_->data ()); memcpy (message, "\x07MESSAGE", 8); - memcpy (message + 8, &cn_nonce, 8); + memcpy (message + 8, message_nonce + 16, 8); memcpy (message + 16, message_box + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES); @@ -174,6 +175,12 @@ int zmq::curve_server_t::decode (msg_t *msg_) uint8_t message_nonce [crypto_box_NONCEBYTES]; memcpy (message_nonce, "CurveZMQMESSAGEC", 16); memcpy (message_nonce + 16, message + 8, 8); + uint64_t nonce = get_uint64(message + 8); + if (nonce <= cn_peer_nonce) { + errno = EPROTO; + return -1; + } + cn_peer_nonce = nonce; const size_t clen = crypto_box_BOXZEROBYTES + msg_->size () - 16; @@ -260,6 +267,7 @@ int zmq::curve_server_t::process_hello (msg_t *msg_) memcpy (hello_nonce, "CurveZMQHELLO---", 16); memcpy (hello_nonce + 16, hello + 112, 8); + cn_peer_nonce = get_uint64(hello + 112); memset (hello_box, 0, crypto_box_BOXZEROBYTES); memcpy (hello_box + crypto_box_BOXZEROBYTES, hello + 120, 80); @@ -388,6 +396,7 @@ int zmq::curve_server_t::process_initiate (msg_t *msg_) memcpy (initiate_nonce, "CurveZMQINITIATE", 16); memcpy (initiate_nonce + 16, initiate + 105, 8); + cn_peer_nonce = get_uint64(initiate + 105); rc = crypto_box_open (initiate_plaintext, initiate_box, clen, initiate_nonce, cn_client, cn_secret); @@ -469,7 +478,7 @@ int zmq::curve_server_t::produce_ready (msg_t *msg_) const size_t mlen = ptr - ready_plaintext; memcpy (ready_nonce, "CurveZMQREADY---", 16); - memcpy (ready_nonce + 16, &cn_nonce, 8); + put_uint64 (ready_nonce + 16, cn_nonce); int rc = crypto_box_afternm (ready_box, ready_plaintext, mlen, ready_nonce, cn_precom); @@ -482,7 +491,7 @@ int zmq::curve_server_t::produce_ready (msg_t *msg_) memcpy (ready, "\x05READY", 6); // Short nonce, prefixed by "CurveZMQREADY---" - memcpy (ready + 6, &cn_nonce, 8); + memcpy (ready + 6, ready_nonce + 16, 8); // Box [metadata](S'->C') memcpy (ready + 14, ready_box + crypto_box_BOXZEROBYTES, mlen - crypto_box_BOXZEROBYTES); diff --git a/src/curve_server.hpp b/src/curve_server.hpp index c165b54..103ef53 100644 --- a/src/curve_server.hpp +++ b/src/curve_server.hpp @@ -84,6 +84,7 @@ namespace zmq bool expecting_zap_reply; uint64_t cn_nonce; + uint64_t cn_peer_nonce; // Our secret key (s) uint8_t secret_key [crypto_box_SECRETKEYBYTES]; -- 2.17.1 debian/patches/CVE-2014-7202.patch0000664000000000000000000000363513332314031013231 0ustar From 77f14aad95cdf0d2a244ae9b4a025e5ba0adf01a Mon Sep 17 00:00:00 2001 From: Pieter Hintjens Date: Fri, 19 Sep 2014 19:24:45 +0200 Subject: [PATCH] Problem: stream_engine.cpp security can be downgraded Solution: accept only the mechanism defined by the socket options. I've not tested this yet, so it's a speculative fix. --- src/stream_engine.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/stream_engine.cpp b/src/stream_engine.cpp index 00a1bea..4d252d8 100644 --- a/src/stream_engine.cpp +++ b/src/stream_engine.cpp @@ -530,20 +530,23 @@ bool zmq::stream_engine_t::handshake () in_batch_size, options.maxmsgsize); alloc_assert (decoder); - if (memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_NULL + && memcmp (greeting_recv + 12, "NULL\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { mechanism = new (std::nothrow) null_mechanism_t (session, peer_address, options); alloc_assert (mechanism); } else - if (memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_PLAIN + && memcmp (greeting_recv + 12, "PLAIN\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { mechanism = new (std::nothrow) plain_mechanism_t (session, peer_address, options); alloc_assert (mechanism); } #ifdef HAVE_LIBSODIUM else - if (memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { + if (options.mechanism == ZMQ_CURVE + && memcmp (greeting_recv + 12, "CURVE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 20) == 0) { if (options.as_server) mechanism = new (std::nothrow) curve_server_t (session, peer_address, options); -- 2.17.1 debian/patches/series0000664000000000000000000000007413332322043012030 0ustar CVE-2014-7202.patch CVE-2014-7203.patch CVE-2014-9721.patch debian/copyright0000664000000000000000000001016212311320347011117 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: ZeroMQ Source: http://zeromq.org Comment: The upstream tarball has been repacked in order to remove the bundled tarball of OpenPGM. Files: * Copyright: 2009-2011, 250bpm s.r.o 2007-2013, iMatix Corporation 2007-2011, Other contributors as noted in the AUTHORS file License: LGPL-3.0+ Files: src/xreq.cpp src/xpub.cpp src/xsub.cpp tests/test_reqrep_device.cpp tests/test_invalid_rep.cpp Copyright: 2010-2011, 250bpm s.r.o 2011, VMware, Inc 2010-2011, Other contributors as noted in the AUTHORS file License: LGPL-3.0+ Files: src/msg.hpp src/xrep.* src/options.* src/req.* src/socket_base.* src/pipe.* src/encoder.cpp src/lb.cpp src/session_base.* src/fq.cpp include/zmq.h Copyright: 2009-2011, 250bpm s.r.o 2007-2013, iMatix Corporation 2011, VMware, Inc 2007-2011, Other contributors as noted in the AUTHORS file License: LGPL-3.0+ Files: src/pgm_receiver.* src/pgm_sender.* src/pgm_socket.* Copyright: 2009-2011, 250bpm s.r.o 2007-2013, iMatix Corporation 2010-2011, Miru Limited 2007-2011, Other contributors as noted in the AUTHORS file License: LGPL-3.0+ Files: debian/* Copyright: 2009-2010, Adrian von Bidder 2009-2010, Peter Busser 2012, Alessandro Ghedini License: LGPL-2.0+ Files: debian/zmq.hpp Copyright: 2009-2011, 250bpm s.r.o. 2011, Botond Ballo 2007-2013, iMatix Corporation License: MIT Comment: The C++ header was downloaded from https://github.com/zeromq/cppzmq License: LGPL-2.0+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-2". License: LGPL-3.0+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-3". License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/repack.local0000664000000000000000000000006012311320347011441 0ustar MANIFEST=0 SUFFIX=+dfsg rm foreign/openpgm/*.gz debian/source/0000775000000000000000000000000012311320347010464 5ustar debian/source/format0000664000000000000000000000001412311320347011672 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000002242113332323050011035 0ustar zeromq3 (4.0.4+dfsg-2ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - debian/patches/CVE-2014-7202.patch: Solution: accept only the mechanism defined by the socket options. - CVE-2014-7202 * SECURITY UPDATE: man-in-the-middle attackers to conduct replay attacks via unspecified vectors. - debian/patches/CVE-2014-7203.patch: Solution: ensure message short nonces are strictly increasing and validate them. - CVE-2014-7203 * SECURITY UPDATE: remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. - debian/patches/CVE-2014-9721.patch: Solution: if security is defined on a socket, reject all V2 and earlier connections, unconditionally. - CVE-2014-9721 -- Eduardo Barretto Tue, 07 Aug 2018 10:52:48 -0300 zeromq3 (4.0.4+dfsg-2) unstable; urgency=low * Honour nocheck option in DEB_BUILD_OPTIONS . * New maintainer (closes: #741746). -- Laszlo Boszormenyi (GCS) Thu, 20 Mar 2014 14:51:15 +0000 zeromq3 (4.0.4+dfsg-1) unstable; urgency=medium * QA upload; orphan the package - Upload to unstable * New upstream release * Update repack.stub script * Drop 02_fix-exported-symbols.patch and 03_fix-s390-rdtsc.patch (merged upstream) -- Alessandro Ghedini Sun, 16 Mar 2014 14:02:28 +0100 zeromq3 (4.0.3+dfsg-1) experimental; urgency=medium * New upstream release (Closes: #736353) * Drop 01_shutdown-race.patch (merged upstream) * Update *.symbols file * Don't install README anymore * Update copyright file -- Alessandro Ghedini Wed, 05 Feb 2014 22:06:16 +0100 zeromq3 (3.2.4+dfsg-4) unstable; urgency=medium * Update Standards-Version to 3.9.5 (no changes needed) * Add 03_fix-s390-rdtsc.patch to fix FTBFS on s390x (Closes: #734521) * Re-enable tests on s390x -- Alessandro Ghedini Sun, 12 Jan 2014 13:21:34 +0100 zeromq3 (3.2.4+dfsg-3) unstable; urgency=medium * Do not export C++ symbols (Closes: #732654) * Use dh-autoreconf instead of autotools-dev -- Alessandro Ghedini Fri, 20 Dec 2013 19:11:09 +0100 zeromq3 (3.2.4+dfsg-2) unstable; urgency=medium * Fix vcs-field-not-canonical * Add symbols file * Add 01_shutdown-race.patch to fix a race condition on shutdown (Closes: #732576) -- Alessandro Ghedini Thu, 19 Dec 2013 13:42:12 +0100 zeromq3 (3.2.4+dfsg-1) unstable; urgency=low * New upstream release * Update the zmq.hpp C++ header -- Alessandro Ghedini Fri, 20 Sep 2013 13:56:16 +0200 zeromq3 (3.2.3+dfsg-2) unstable; urgency=low * Make test failures non-fatal on kfreebsd and s390/s390x -- Alessandro Ghedini Tue, 14 May 2013 15:42:02 +0200 zeromq3 (3.2.3+dfsg-1) unstable; urgency=low * New upstream release - Change connection failure test to use an invalid hostname (Closes: #705561) * Fix typo in libzmq3-dbg description (Closes: #696731) * Provide the zmq.hpp C++ header again (Closes: #697743) * Upload to unstable -- Alessandro Ghedini Fri, 03 May 2013 13:00:43 +0200 zeromq3 (3.2.2+dfsg-1) experimental; urgency=low * New upstream release (Closes: #694087) * Do not mangle upstream version anymore -- Alessandro Ghedini Sat, 24 Nov 2012 17:07:58 +0100 zeromq3 (3.2.1~rc2+dfsg-1) experimental; urgency=low * New upstream RC release (Closes: #690704) * Bump Standards-Version to 3.9.4 (no changes needed) -- Alessandro Ghedini Tue, 16 Oct 2012 19:49:30 +0200 zeromq3 (3.2.0~rc1+dfsg-1) experimental; urgency=low * New upstream RC release * Use repack.{local,stub} instead of get-orig-source rule * Add 01_fix-unused-variable-error.patch * Remove build dependency on uuid-dev (no more needed) * Add 02_check-ifdef-SO_NOSIGPIPE.patch to fix kfreebsd build * Add 03_fix-test_shutdown_stress-segfault.patch -- Alessandro Ghedini Tue, 12 Jun 2012 10:53:58 +0200 zeromq3 (3.1.0~beta+dfsg-2) experimental; urgency=low * libzmq3-dev Conflicts with libzmq-dev (Closes: #676160) -- Alessandro Ghedini Tue, 05 Jun 2012 09:29:58 +0200 zeromq3 (3.1.0~beta+dfsg-1) experimental; urgency=low * Initial ZeroMQ v3 packaging (Closes: #661503) - Update get-orig-source rule and watch file - Rename binary packages to new SONAME - Update Vcs-* headers too - Update copyright file -- Alessandro Ghedini Mon, 04 Jun 2012 21:21:09 +0200 zeromq (2.2.0+dfsg-2) unstable; urgency=low * Make -dev package Multi-Arch: same too (Closes: #674601) -- Alessandro Ghedini Sun, 03 Jun 2012 13:29:40 +0200 zeromq (2.2.0+dfsg-1) unstable; urgency=low * New maintainer (Closes: #673619) * Repack upstream tarball to remove bundled openpgm tarball and xmlParser - Mangle dversion in watch file * Switch to short-form dh rules file - Use autotools-dev plugin * Bump debhelper compat level to 9 * Update copyright file using Copyright-Format 1.0 * Remove source options * Remove unused lintian overrides * Add Multi-Arch headers - Fix *.install files to use multi-arch paths * Vcs-* tags point to collab-maint repository * Fix short and long descriptions formatting * Ignore beta 3.x releases in watch file * Remove outdated and uselss README.Debian -- Alessandro Ghedini Tue, 22 May 2012 22:24:49 +0200 zeromq (2.2.0-1) unstable; urgency=low * [5661946] Imported Upstream version 2.2.0 (Closes: #672427) * [bbf467d] Bump Standards-Version to 3.9.3 with no changes * [0da0708] Add Vcs-Git and Vcs-Browser to debian/control -- Martin Lucina Sun, 20 May 2012 11:27:32 +0200 zeromq (2.1.11-1) unstable; urgency=low * [4016b65] Imported Upstream version 2.1.11 * [eaa74d0] Maintainer e-mail address changed * [9943256] Run testsuite during build (Closes: #655620) * [5ea0ff8] Remove unneeded libzmq.la from libzmq-dev (Closes: #633292) -- Martin Lucina Mon, 23 Jan 2012 11:14:23 +0100 zeromq (2.1.10-1) unstable; urgency=low * New upstream version. -- Martin Lucina Mon, 03 Oct 2011 17:09:06 +0200 zeromq (2.1.9-1) unstable; urgency=low * New upstream version. -- Martin Lucina Thu, 08 Sep 2011 16:38:46 +0200 zeromq (2.1.7-1) unstable; urgency=low * New upstream version. (closes: #619374) * --with-system-pgm is now used instead of the embedded OpenPGM library. * Added Debian watch file. -- Martin Lucina Fri, 13 May 2011 12:43:09 +0200 zeromq (2.1.4-1) experimental; urgency=low * New upstream version. * OpenPGM re-enabled for amd64 and i386, still using embedded library. -- Martin Lucina Thu, 07 Apr 2011 15:37:46 +0200 zeromq (2.1.3-1) experimental; urgency=low * New upstream version. * The zeromq-bin package has been removed, as upstream has removed the devices. * Temporarily disabled OpenPGM builds on i386 and amd64 due to changes in upstream OpenPGM intergration. -- Martin Lucina Mon, 28 Mar 2011 10:39:51 +0200 zeromq (2.0.10-1) unstable; urgency=low * New upstream version. * Upstream now uses DFSG-clean OpenPGM tarball, so dropping .dfsg from the Debian version. -- Martin Lucina Thu, 21 Oct 2010 16:21:20 +0200 zeromq (2.0.9.dfsg-1) unstable; urgency=medium * New upstream version. * Move all manpages in libzmq0 to zeromq-dev package (closes: #595890) * Updated to standards version 3.9.1. * Add lintian-overrides for spelling-error-in-copyright due to error in upstream license of xmlParser. * Use Breaks: instead of Conflicts: in zeromq-bin package, fixes conflicts-with-version from lintian. * Various other minor fixes for warnings from lintian. -- Martin Lucina Wed, 08 Sep 2010 15:25:45 +0200 zeromq (2.0.7.dfsg-1) unstable; urgency=low * New upstream version. * Reformatted package description, thanks to Rhonda (closes: #577549) * Added AUTHORS, NEWS and README to installed documentation. * New maintainer (closes: #587505) -- Martin Lucina Wed, 30 Jun 2010 12:31:08 +0200 zeromq (2.0.6beta.dfsg-2) unstable; urgency=low * Much improved descriptions (thanks to Martin Lucina) * Rename zeromq-utils to -bin to better reflect the nature of these files. -- Adrian von Bidder Mon, 22 Mar 2010 07:05:29 +0100 zeromq (2.0.6beta.dfsg-1) unstable; urgency=low * New upstream version. - Source doesn't include non-C/C++ language bindings anymore. - New versioning: 2.0.6 is official upstream version which is a beta. * Repacked orig tar: removed non-free RFC documents (closes: #567513) * Improved/corrected description and copyright file, added bzip2 build dependency. Thanks to feedback from zeromq mailing list. * Disable OpenPGM on non-x86 architectures (closes: #567848) -- Adrian von Bidder Wed, 17 Mar 2010 10:43:40 +0100 zeromq (2.0~beta2-1) unstable; urgency=low * Initial package (closes: #566125) -- Adrian von Bidder Tue, 26 Jan 2010 19:03:39 +0100 debian/control0000664000000000000000000000437013332323061010573 0ustar Source: zeromq3 Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Laszlo Boszormenyi (GCS) Build-Depends: debhelper (>= 9), dh-autoreconf, libpgm-dev, pkg-config Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/zeromq3.git Vcs-Git: git://anonscm.debian.org/collab-maint/zeromq3.git Homepage: http://www.zeromq.org/ Package: libzmq3 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: lightweight messaging kernel (shared library) ØMQ is a library which extends the standard socket interfaces with features traditionally provided by specialised messaging middleware products. . ØMQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. . This package contains the libzmq shared library. Package: libzmq3-dev Architecture: any Section: libdevel Depends: libzmq3 (= ${binary:Version}), ${misc:Depends} Conflicts: libzmq-dev Multi-Arch: same Description: lightweight messaging kernel (development files) ØMQ is a library which extends the standard socket interfaces with features traditionally provided by specialised messaging middleware products. . ØMQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. . This package contains the ZeroMQ development libraries and header files. Package: libzmq3-dbg Architecture: any Priority: extra Section: debug Depends: libzmq3 (= ${binary:Version}), ${misc:Depends} Multi-Arch: same Description: lightweight messaging kernel (debugging symbols) ØMQ is a library which extends the standard socket interfaces with features traditionally provided by specialised messaging middleware products. . ØMQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering (subscriptions), seamless access to multiple transport protocols and more. . This package contains the debugging symbols for the ZeroMQ library. debian/zmq.hpp0000664000000000000000000004046712311320347010517 0ustar /* Copyright (c) 2009-2011 250bpm s.r.o. Copyright (c) 2011 Botond Ballo Copyright (c) 2007-2009 iMatix Corporation Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #ifndef __ZMQ_HPP_INCLUDED__ #define __ZMQ_HPP_INCLUDED__ #include #include #include #include #include #include // Detect whether the compiler supports C++11 rvalue references. #if (defined(__GNUC__) && (__GNUC__ > 4 || \ (__GNUC__ == 4 && __GNUC_MINOR__ > 2)) && \ defined(__GXX_EXPERIMENTAL_CXX0X__)) #define ZMQ_HAS_RVALUE_REFS #define ZMQ_DELETED_FUNCTION = delete #elif defined(__clang__) #if __has_feature(cxx_rvalue_references) #define ZMQ_HAS_RVALUE_REFS #endif #if __has_feature(cxx_deleted_functions) #define ZMQ_DELETED_FUNCTION = delete #else #define ZMQ_DELETED_FUNCTION #endif #elif defined(_MSC_VER) && (_MSC_VER >= 1600) #define ZMQ_HAS_RVALUE_REFS #define ZMQ_DELETED_FUNCTION #else #define ZMQ_DELETED_FUNCTION #endif #if ZMQ_VERSION >= ZMQ_MAKE_VERSION(3, 3, 0) #define ZMQ_NEW_MONITOR_EVENT_LAYOUT #endif // In order to prevent unused variable warnings when building in non-debug // mode use this macro to make assertions. #ifndef NDEBUG # define ZMQ_ASSERT(expression) assert(expression) #else # define ZMQ_ASSERT(expression) (void)(expression) #endif namespace zmq { typedef zmq_free_fn free_fn; typedef zmq_pollitem_t pollitem_t; class error_t : public std::exception { public: error_t () : errnum (zmq_errno ()) {} virtual const char *what () const throw () { return zmq_strerror (errnum); } int num () const { return errnum; } private: int errnum; }; inline int poll (zmq_pollitem_t *items_, int nitems_, long timeout_ = -1) { int rc = zmq_poll (items_, nitems_, timeout_); if (rc < 0) throw error_t (); return rc; } inline void proxy (void *frontend, void *backend, void *capture) { int rc = zmq_proxy (frontend, backend, capture); if (rc != 0) throw error_t (); } inline void version (int *major_, int *minor_, int *patch_) { zmq_version (major_, minor_, patch_); } class message_t { friend class socket_t; public: inline message_t () { int rc = zmq_msg_init (&msg); if (rc != 0) throw error_t (); } inline explicit message_t (size_t size_) { int rc = zmq_msg_init_size (&msg, size_); if (rc != 0) throw error_t (); } inline message_t (void *data_, size_t size_, free_fn *ffn_, void *hint_ = NULL) { int rc = zmq_msg_init_data (&msg, data_, size_, ffn_, hint_); if (rc != 0) throw error_t (); } #ifdef ZMQ_HAS_RVALUE_REFS inline message_t (message_t &&rhs) : msg (rhs.msg) { int rc = zmq_msg_init (&rhs.msg); if (rc != 0) throw error_t (); } inline message_t &operator = (message_t &&rhs) { std::swap (msg, rhs.msg); return *this; } #endif inline ~message_t () { int rc = zmq_msg_close (&msg); ZMQ_ASSERT (rc == 0); } inline void rebuild () { int rc = zmq_msg_close (&msg); if (rc != 0) throw error_t (); rc = zmq_msg_init (&msg); if (rc != 0) throw error_t (); } inline void rebuild (size_t size_) { int rc = zmq_msg_close (&msg); if (rc != 0) throw error_t (); rc = zmq_msg_init_size (&msg, size_); if (rc != 0) throw error_t (); } inline void rebuild (void *data_, size_t size_, free_fn *ffn_, void *hint_ = NULL) { int rc = zmq_msg_close (&msg); if (rc != 0) throw error_t (); rc = zmq_msg_init_data (&msg, data_, size_, ffn_, hint_); if (rc != 0) throw error_t (); } inline void move (message_t *msg_) { int rc = zmq_msg_move (&msg, &(msg_->msg)); if (rc != 0) throw error_t (); } inline void copy (message_t *msg_) { int rc = zmq_msg_copy (&msg, &(msg_->msg)); if (rc != 0) throw error_t (); } inline bool more () { int rc = zmq_msg_more (&msg); return rc != 0; } inline void *data () { return zmq_msg_data (&msg); } inline const void* data () const { return zmq_msg_data (const_cast(&msg)); } inline size_t size () const { return zmq_msg_size (const_cast(&msg)); } private: // The underlying message zmq_msg_t msg; // Disable implicit message copying, so that users won't use shared // messages (less efficient) without being aware of the fact. message_t (const message_t&); void operator = (const message_t&); }; class context_t { friend class socket_t; public: inline context_t () { ptr = zmq_ctx_new (); if (ptr == NULL) throw error_t (); } inline explicit context_t (int io_threads_) { ptr = zmq_ctx_new (); if (ptr == NULL) throw error_t (); int rc = zmq_ctx_set (ptr, ZMQ_IO_THREADS, io_threads_); ZMQ_ASSERT (rc == 0); } #ifdef ZMQ_HAS_RVALUE_REFS inline context_t (context_t &&rhs) : ptr (rhs.ptr) { rhs.ptr = NULL; } inline context_t &operator = (context_t &&rhs) { std::swap (ptr, rhs.ptr); return *this; } #endif inline ~context_t () { close(); } inline void close() { if (ptr == NULL) return; int rc = zmq_ctx_destroy (ptr); ZMQ_ASSERT (rc == 0); ptr = NULL; } // Be careful with this, it's probably only useful for // using the C api together with an existing C++ api. // Normally you should never need to use this. inline operator void* () { return ptr; } private: void *ptr; context_t (const context_t&); void operator = (const context_t&); }; class socket_t { friend class monitor_t; public: inline socket_t (context_t &context_, int type_) { ctxptr = context_.ptr; ptr = zmq_socket (context_.ptr, type_); if (ptr == NULL) throw error_t (); } #ifdef ZMQ_HAS_RVALUE_REFS inline socket_t(socket_t&& rhs) : ptr(rhs.ptr) { rhs.ptr = NULL; } inline socket_t& operator=(socket_t&& rhs) { std::swap(ptr, rhs.ptr); return *this; } #endif inline ~socket_t () { close(); } inline operator void* () { return ptr; } inline void close() { if(ptr == NULL) // already closed return ; int rc = zmq_close (ptr); ZMQ_ASSERT (rc == 0); ptr = 0 ; } inline void setsockopt (int option_, const void *optval_, size_t optvallen_) { int rc = zmq_setsockopt (ptr, option_, optval_, optvallen_); if (rc != 0) throw error_t (); } inline void getsockopt (int option_, void *optval_, size_t *optvallen_) { int rc = zmq_getsockopt (ptr, option_, optval_, optvallen_); if (rc != 0) throw error_t (); } inline void bind (const char *addr_) { int rc = zmq_bind (ptr, addr_); if (rc != 0) throw error_t (); } inline void unbind (const char *addr_) { int rc = zmq_unbind (ptr, addr_); if (rc != 0) throw error_t (); } inline void connect (const char *addr_) { int rc = zmq_connect (ptr, addr_); if (rc != 0) throw error_t (); } inline void disconnect (const char *addr_) { int rc = zmq_disconnect (ptr, addr_); if (rc != 0) throw error_t (); } inline bool connected() { return(ptr != NULL); } inline size_t send (const void *buf_, size_t len_, int flags_ = 0) { int nbytes = zmq_send (ptr, buf_, len_, flags_); if (nbytes >= 0) return (size_t) nbytes; if (zmq_errno () == EAGAIN) return 0; throw error_t (); } inline bool send (message_t &msg_, int flags_ = 0) { int nbytes = zmq_msg_send (&(msg_.msg), ptr, flags_); if (nbytes >= 0) return true; if (zmq_errno () == EAGAIN) return false; throw error_t (); } inline size_t recv (void *buf_, size_t len_, int flags_ = 0) { int nbytes = zmq_recv (ptr, buf_, len_, flags_); if (nbytes >= 0) return (size_t) nbytes; if (zmq_errno () == EAGAIN) return 0; throw error_t (); } inline bool recv (message_t *msg_, int flags_ = 0) { int nbytes = zmq_msg_recv (&(msg_->msg), ptr, flags_); if (nbytes >= 0) return true; if (zmq_errno () == EAGAIN) return false; throw error_t (); } private: void *ptr; void *ctxptr; socket_t (const socket_t&) ZMQ_DELETED_FUNCTION; void operator = (const socket_t&) ZMQ_DELETED_FUNCTION; }; class monitor_t { public: monitor_t() : socketPtr(NULL) {} virtual ~monitor_t() {} void monitor(socket_t &socket, const char *addr_, int events = ZMQ_EVENT_ALL) { int rc = zmq_socket_monitor(socket.ptr, addr_, events); if (rc != 0) throw error_t (); socketPtr = socket.ptr; void *s = zmq_socket (socket.ctxptr, ZMQ_PAIR); assert (s); rc = zmq_connect (s, addr_); assert (rc == 0); on_monitor_started(); while (true) { zmq_msg_t eventMsg; zmq_msg_init (&eventMsg); rc = zmq_recvmsg (s, &eventMsg, 0); if (rc == -1 && zmq_errno() == ETERM) break; assert (rc != -1); zmq_event_t* event = static_cast(zmq_msg_data (&eventMsg)); #ifdef ZMQ_NEW_MONITOR_EVENT_LAYOUT zmq_msg_t addrMsg; zmq_msg_init (&addrMsg); rc = zmq_recvmsg (s, &addrMsg, 0); if (rc == -1 && zmq_errno() == ETERM) break; assert (rc != -1); const char* str = static_cast(zmq_msg_data (&addrMsg)); std::string address(str, str + zmq_msg_size(&addrMsg)); zmq_msg_close (&addrMsg); #else // Bit of a hack, but all events in the zmq_event_t union have the same layout so this will work for all event types. std::string address = event->data.connected.addr; #endif #ifdef ZMQ_EVENT_MONITOR_STOPPED if (event->event == ZMQ_EVENT_MONITOR_STOPPED) break; #endif switch (event->event) { case ZMQ_EVENT_CONNECTED: on_event_connected(*event, address.c_str()); break; case ZMQ_EVENT_CONNECT_DELAYED: on_event_connect_delayed(*event, address.c_str()); break; case ZMQ_EVENT_CONNECT_RETRIED: on_event_connect_retried(*event, address.c_str()); break; case ZMQ_EVENT_LISTENING: on_event_listening(*event, address.c_str()); break; case ZMQ_EVENT_BIND_FAILED: on_event_bind_failed(*event, address.c_str()); break; case ZMQ_EVENT_ACCEPTED: on_event_accepted(*event, address.c_str()); break; case ZMQ_EVENT_ACCEPT_FAILED: on_event_accept_failed(*event, address.c_str()); break; case ZMQ_EVENT_CLOSED: on_event_closed(*event, address.c_str()); break; case ZMQ_EVENT_CLOSE_FAILED: on_event_close_failed(*event, address.c_str()); break; case ZMQ_EVENT_DISCONNECTED: on_event_disconnected(*event, address.c_str()); break; default: on_event_unknown(*event, address.c_str()); break; } zmq_msg_close (&eventMsg); } zmq_close (s); socketPtr = NULL; } #ifdef ZMQ_EVENT_MONITOR_STOPPED void abort() { if (socketPtr) zmq_socket_monitor(socketPtr, NULL, 0); } #endif virtual void on_monitor_started() {} virtual void on_event_connected(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_connect_delayed(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_connect_retried(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_listening(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_bind_failed(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_accepted(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_accept_failed(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_closed(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_close_failed(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_disconnected(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } virtual void on_event_unknown(const zmq_event_t &event_, const char* addr_) { (void)event_; (void)addr_; } private: void* socketPtr; }; } #endif debian/rules0000775000000000000000000000077512312600664010261 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 ifeq ($(DEB_BUILD_ARCH_OS), kfreebsd) DO_TEST = no endif override_dh_auto_configure: dh_auto_configure -- --with-system-pgm override_dh_auto_test: ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) ifneq ($(DO_TEST), no) dh_auto_test else -dh_auto_test endif endif override_dh_strip: dh_strip --dbg-package=libzmq3-dbg %: dh $@ --with=autoreconf .PHONY: override_dh_auto_configure override_dh_strip debian/libzmq3.docs0000664000000000000000000000001512311320347011413 0ustar AUTHORS NEWS debian/watch0000664000000000000000000000017612311320347010221 0ustar version=3 options=dversionmangle=s/\+dfsg// \ http://download.zeromq.org/zeromq-(4.*)\.tar\.gz \ debian sh debian/repack.stub debian/compat0000664000000000000000000000000212311320347010362 0ustar 9 debian/libzmq3.install0000664000000000000000000000002612311320347012133 0ustar usr/lib/*/libzmq.so.* debian/libzmq3-dev.manpages0000664000000000000000000000010012311320347013025 0ustar debian/tmp/usr/share/man/man3/* debian/tmp/usr/share/man/man7/*