[OpenWrt-Devel] [PATCH] wireguard: bump to 0.0.20190123

Hans Dedecker dedeckeh at gmail.com
Wed Jan 23 12:09:34 EST 2019


On Wed, Jan 23, 2019 at 2:50 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> * tools: curve25519: handle unaligned loads/stores safely
>
> This should fix sporadic crashes with `wg pubkey` on certain architectures.
>
> * netlink: auth socket changes against namespace of socket
>
> In WireGuard, the underlying UDP socket lives in the namespace where the
> interface was created and doesn't move if the interface is moved. This
> allows one to create the interface in some privileged place that has
> Internet access, and then move it into a container namespace that only
> has the WireGuard interface for egress. Consider the following
> situation:
>
> 1. Interface created in namespace A. Socket therefore lives in namespace A.
> 2. Interface moved to namespace B. Socket remains in namespace A.
> 3. Namespace B now has access to the interface and changes the listen
> port and/or fwmark of socket. Change is reflected in namespace A.
>
> This behavior is arguably _fine_ and perhaps even expected or
> acceptable. But there's also an argument to be made that B should have
> A's cred to do so. So, this patch adds a simple ns_capable check.
>
> * ratelimiter: build tests with !IPV6
>
> Should reenable building in debug mode for systems without IPv6.
>
> * noise: replace getnstimeofday64 with ktime_get_real_ts64
> * ratelimiter: totalram_pages is now a function
> * qemu: enable FP on MIPS
>
> Linux 5.0 support.
>
> * keygen-html: bring back pure javascript implementation
>
> Benoît Viguier has proofs that values will stay well within 2^53. We
> also have an improved carry function that's much simpler. Probably more
> constant time than emscripten's 64-bit integers.
>
> * contrib: introduce simple highlighter library
>
> This is the highlighter library being used in:
> - https://twitter.com/EdgeSecurity/status/1085294681003454465
> - https://twitter.com/EdgeSecurity/status/1081953278248796165
>
> It's included here as a contrib example, so that others can paste it into
> their own GUI clients for having the same strictly validating highlighting.
>
> * netlink: use __kernel_timespec for handshake time
>
> This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.
>
> Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
> ---
>  package/network/services/wireguard/Makefile | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile
> index f752d3b..2e9f17e 100644
> --- a/package/network/services/wireguard/Makefile
> +++ b/package/network/services/wireguard/Makefile
> @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk
>
>  PKG_NAME:=wireguard
>
> -PKG_VERSION:=0.0.20181218
> +PKG_VERSION:=0.0.20190123
>  PKG_RELEASE:=1
>
>  PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
>  PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
> -PKG_HASH:=2e9f86acefa49dbfb7fa6f5e10d543f1885a2d5460cd5e102696901107675735
> +PKG_HASH:=edd13c7631af169e3838621b1a1bff3ef73cf7bc778eec2bd55f7c1089ffdf9b
>
>  PKG_LICENSE:=GPL-2.0 Apache-2.0
>  PKG_LICENSE_FILES:=COPYING
> --
> 2.20.1
Patch pushed to master
(https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=bbcd0634f8c9769a336386f8df471231d24a27cc);
thx

Hans
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list