Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package wireguard-tools for openSUSE:Factory
checked in at 2021-10-04 18:40:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wireguard-tools (Old)
and /work/SRC/openSUSE:Factory/.wireguard-tools.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireguard-tools"
Mon Oct 4 18:40:27 2021 rev:12 rq:922718 version:1.0.20210914
Changes:
--------
--- /work/SRC/openSUSE:Factory/wireguard-tools/wireguard-tools.changes
2021-04-25 21:29:06.092551632 +0200
+++
/work/SRC/openSUSE:Factory/.wireguard-tools.new.2443/wireguard-tools.changes
2021-10-04 18:42:17.418284162 +0200
@@ -1,0 +2,11 @@
+Fri Oct 1 20:54:57 UTC 2021 - Andreas Stieger <[email protected]>
+
+- remove world-readable permissions from /etc/wireguard boo#1191224
+
+-------------------------------------------------------------------
+Sun Sep 26 09:34:32 UTC 2021 - Martin Hauke <[email protected]>
+
+- Update to version 1.0.20210914
+ * no relevant changes for Linux systems
+
+-------------------------------------------------------------------
Old:
----
wireguard-tools-1.0.20210424.tar.asc
wireguard-tools-1.0.20210424.tar.xz
New:
----
wireguard-tools-1.0.20210914.tar.asc
wireguard-tools-1.0.20210914.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wireguard-tools.spec ++++++
--- /var/tmp/diff_new_pack.PMFaD5/_old 2021-10-04 18:42:17.882284916 +0200
+++ /var/tmp/diff_new_pack.PMFaD5/_new 2021-10-04 18:42:17.882284916 +0200
@@ -18,7 +18,7 @@
Name: wireguard-tools
-Version: 1.0.20210424
+Version: 1.0.20210914
Release: 0
Summary: WireGuard userspace tools
License: GPL-2.0-only
@@ -61,8 +61,6 @@
WITH_WGQUICK=yes \
WITH_SYSTEMDUNITS=yes
-install -d %{buildroot}/%{_sysconfdir}/wireguard/
-
%pre
%service_add_pre wg-quick.target [email protected]
++++++ wireguard-tools-1.0.20210424.tar.xz ->
wireguard-tools-1.0.20210914.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20210424/contrib/launchd/com.wireguard.wg0.plist
new/wireguard-tools-1.0.20210914/contrib/launchd/com.wireguard.wg0.plist
--- old/wireguard-tools-1.0.20210424/contrib/launchd/com.wireguard.wg0.plist
2021-04-24 22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/contrib/launchd/com.wireguard.wg0.plist
2021-09-14 00:43:31.000000000 +0200
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";;>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>Label</key>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/Makefile
new/wireguard-tools-1.0.20210914/src/Makefile
--- old/wireguard-tools-1.0.20210424/src/Makefile 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/Makefile 2021-09-14
00:43:31.000000000 +0200
@@ -59,12 +59,16 @@
LDLIBS += -lnetwork -lbsd
endif
ifeq ($(PLATFORM),windows)
-CC := x86_64-w64-mingw32-gcc
-WINDRES := x86_64-w64-mingw32-windres
+CC := x86_64-w64-mingw32-clang
+WINDRES := $(shell $(CC) $(CFLAGS) -print-prog-name=windres 2>/dev/null)
CFLAGS += -Iwincompat/include -include wincompat/compat.h -DWINVER=0x0601
-D_WIN32_WINNT=0x0601 -flto
-LDLIBS += -lws2_32 -flto
+LDLIBS += -lws2_32 -lsetupapi -lole32 -ladvapi32 -Lwincompat
+LDFLAGS += -flto -Wl,--dynamicbase -Wl,--nxcompat -Wl,--tsaware -mconsole
+LDFLAGS += -Wl,--major-os-version=6 -Wl,--minor-os-version=1
-Wl,--major-subsystem-version=6 -Wl,--minor-subsystem-version=1
+# The use of -Wl,/delayload: here implies we're using llvm-mingw
+LDFLAGS += -Wl,/delayload:ws2_32.dll -Wl,/delayload:setupapi.dll
-Wl,/delayload:ole32.dll -Wl,/delayload:advapi32.dll
VERSION := $(patsubst "%",%,$(filter "%",$(file < version.h)))
-wg: wincompat/libc.o wincompat/init.o wincompat/resources.o
+wg: wincompat/libc.o wincompat/init.o wincompat/loader.o wincompat/resources.o
wincompat/resources.o: wincompat/resources.rc wincompat/manifest.xml
$(WINDRES) -DVERSION_STR=$(VERSION) -O coff -c 65001 -i $< -o $@
endif
@@ -78,12 +82,13 @@
COMPILE.c += $(BUILT_IN_COMPILE.c)
BUILT_IN_RM := $(RM)
RM := @a() { echo " CLEAN $$@"; $(BUILT_IN_RM) "$$@"; }; a
+WINDRES := @a() { echo " WINDRES $${@: -1}"; $(WINDRES) "$$@"; }; a
endif
wg: $(sort $(patsubst %.c,%.o,$(wildcard *.c)))
clean:
- $(RM) wg *.o *.d
+ $(RM) wg *.o *.d $(wildcard wincompat/*.o wincompat/*.lib
wincompat/*.dll)
install: wg
@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg
"$(DESTDIR)$(BINDIR)/wg"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/ipc-openbsd.h
new/wireguard-tools-1.0.20210914/src/ipc-openbsd.h
--- old/wireguard-tools-1.0.20210424/src/ipc-openbsd.h 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/ipc-openbsd.h 2021-09-14
00:43:31.000000000 +0200
@@ -255,13 +255,12 @@
wg_aip->a_af = aip->family;
wg_aip->a_cidr = aip->cidr;
- if (aip->family == AF_INET) {
+ if (aip->family == AF_INET)
memcpy(&wg_aip->a_ipv4, &aip->ip4,
sizeof(wg_aip->a_ipv4));
- } else if (aip->family == AF_INET6) {
+ else if (aip->family == AF_INET6)
memcpy(&wg_aip->a_ipv6, &aip->ip6,
sizeof(wg_aip->a_ipv6));
- } else {
+ else
continue;
- }
++aip_count;
++wg_aip;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/ipc-uapi-windows.h
new/wireguard-tools-1.0.20210914/src/ipc-uapi-windows.h
--- old/wireguard-tools-1.0.20210424/src/ipc-uapi-windows.h 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/ipc-uapi-windows.h 2021-09-14
00:43:31.000000000 +0200
@@ -10,126 +10,96 @@
#include <stdio.h>
#include <stdbool.h>
#include <fcntl.h>
+#include <hashtable.h>
static FILE *userspace_interface_file(const char *iface)
{
- char fname[MAX_PATH], error_message[1024 * 128] = { 0 };
- HANDLE thread_token, process_snapshot, winlogon_process,
winlogon_token, duplicated_token, pipe_handle = INVALID_HANDLE_VALUE;
- PROCESSENTRY32 entry = { .dwSize = sizeof(PROCESSENTRY32) };
- PSECURITY_DESCRIPTOR pipe_sd;
- PSID pipe_sid;
+ char fname[MAX_PATH];
+ HANDLE pipe_handle;
SID expected_sid;
- BOOL ret;
+ DWORD bytes = sizeof(expected_sid);
+ PSID pipe_sid;
+ PSECURITY_DESCRIPTOR pipe_sd;
+ bool equal;
int fd;
- DWORD last_error = ERROR_SUCCESS, bytes = sizeof(expected_sid);
- TOKEN_PRIVILEGES privileges = {
- .PrivilegeCount = 1,
- .Privileges = {{ .Attributes = SE_PRIVILEGE_ENABLED }}
- };
- if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME,
&privileges.Privileges[0].Luid))
- goto err;
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, &expected_sid, &bytes))
goto err;
- process_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- if (process_snapshot == INVALID_HANDLE_VALUE)
- goto err;
- for (ret = Process32First(process_snapshot, &entry); ret; last_error =
GetLastError(), ret = Process32Next(process_snapshot, &entry)) {
- if (strcasecmp(entry.szExeFile, "winlogon.exe"))
- continue;
-
- RevertToSelf();
- if (!ImpersonateSelf(SecurityImpersonation))
- continue;
- if (!OpenThreadToken(GetCurrentThread(),
TOKEN_ADJUST_PRIVILEGES, FALSE, &thread_token))
- continue;
- if (!AdjustTokenPrivileges(thread_token, FALSE, &privileges,
sizeof(privileges), NULL, NULL)) {
- last_error = GetLastError();
- CloseHandle(thread_token);
- continue;
- }
- CloseHandle(thread_token);
-
- winlogon_process = OpenProcess(PROCESS_QUERY_INFORMATION,
FALSE, entry.th32ProcessID);
- if (!winlogon_process)
- continue;
- if (!OpenProcessToken(winlogon_process, TOKEN_IMPERSONATE |
TOKEN_DUPLICATE, &winlogon_token))
- continue;
- CloseHandle(winlogon_process);
- if (!DuplicateToken(winlogon_token, SecurityImpersonation,
&duplicated_token)) {
- last_error = GetLastError();
- RevertToSelf();
- continue;
- }
- CloseHandle(winlogon_token);
- if (!SetThreadToken(NULL, duplicated_token)) {
- last_error = GetLastError();
- CloseHandle(duplicated_token);
- continue;
- }
- CloseHandle(duplicated_token);
-
- snprintf(fname, sizeof(fname),
"\\\\.\\pipe\\ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
- pipe_handle = CreateFile(fname, GENERIC_READ | GENERIC_WRITE,
0, NULL, OPEN_EXISTING, 0, NULL);
- last_error = GetLastError();
- if (pipe_handle == INVALID_HANDLE_VALUE)
- continue;
- last_error = GetSecurityInfo(pipe_handle, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION, &pipe_sid, NULL, NULL, NULL, &pipe_sd);
- if (last_error != ERROR_SUCCESS) {
- CloseHandle(pipe_handle);
- continue;
- }
- last_error = EqualSid(&expected_sid, pipe_sid) ? ERROR_SUCCESS
: ERROR_ACCESS_DENIED;
- LocalFree(pipe_sd);
- if (last_error != ERROR_SUCCESS) {
- CloseHandle(pipe_handle);
- continue;
- }
- last_error = ERROR_SUCCESS;
- break;
- }
- RevertToSelf();
- CloseHandle(process_snapshot);
-
- if (last_error != ERROR_SUCCESS || pipe_handle == INVALID_HANDLE_VALUE)
+ snprintf(fname, sizeof(fname),
"\\\\.\\pipe\\ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
+ pipe_handle = CreateFileA(fname, GENERIC_READ | GENERIC_WRITE, 0, NULL,
OPEN_EXISTING, 0, NULL);
+ if (pipe_handle == INVALID_HANDLE_VALUE)
goto err;
+ if (GetSecurityInfo(pipe_handle, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION, &pipe_sid, NULL, NULL, NULL, &pipe_sd) !=
ERROR_SUCCESS)
+ goto err_close;
+ equal = EqualSid(&expected_sid, pipe_sid);
+ LocalFree(pipe_sd);
+ if (!equal)
+ goto err_close;
fd = _open_osfhandle((intptr_t)pipe_handle, _O_RDWR);
if (fd == -1) {
- last_error = GetLastError();
CloseHandle(pipe_handle);
- goto err;
+ return NULL;
}
return _fdopen(fd, "r+");
-
+err_close:
+ CloseHandle(pipe_handle);
err:
- if (last_error == ERROR_SUCCESS)
- last_error = GetLastError();
- if (last_error == ERROR_SUCCESS)
- last_error = ERROR_ACCESS_DENIED;
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS, NULL, last_error, MAKELANGID(LANG_NEUTRAL,
SUBLANG_DEFAULT), error_message, sizeof(error_message) - 1, NULL);
- fprintf(stderr, "Error: Unable to open IPC handle via SYSTEM
impersonation: %ld: %s\n", last_error, error_message);
errno = EACCES;
return NULL;
}
+static bool have_cached_interfaces;
+static struct hashtable cached_interfaces;
+
+static bool userspace_has_wireguard_interface(const char *iface)
+{
+ char fname[MAX_PATH];
+ WIN32_FIND_DATA find_data;
+ HANDLE find_handle;
+ bool ret = false;
+
+ if (have_cached_interfaces)
+ return hashtable_find_entry(&cached_interfaces, iface) != NULL;
+
+ snprintf(fname, sizeof(fname),
"ProtectedPrefix\\Administrators\\WireGuard\\%s", iface);
+ find_handle = FindFirstFile("\\\\.\\pipe\\*", &find_data);
+ if (find_handle == INVALID_HANDLE_VALUE)
+ return -EIO;
+ do {
+ if (!strcmp(fname, find_data.cFileName)) {
+ ret = true;
+ break;
+ }
+ } while (FindNextFile(find_handle, &find_data));
+ FindClose(find_handle);
+ return ret;
+}
+
static int userspace_get_wireguard_interfaces(struct string_list *list)
{
static const char prefix[] =
"ProtectedPrefix\\Administrators\\WireGuard\\";
WIN32_FIND_DATA find_data;
HANDLE find_handle;
+ char *iface;
int ret = 0;
find_handle = FindFirstFile("\\\\.\\pipe\\*", &find_data);
if (find_handle == INVALID_HANDLE_VALUE)
- return -GetLastError();
+ return -EIO;
do {
if (strncmp(prefix, find_data.cFileName, strlen(prefix)))
continue;
- ret = string_list_add(list, find_data.cFileName +
strlen(prefix));
+ iface = find_data.cFileName + strlen(prefix);
+ ret = string_list_add(list, iface);
if (ret < 0)
goto out;
+ if (!hashtable_find_or_insert_entry(&cached_interfaces, iface))
{
+ ret = -errno;
+ goto out;
+ }
} while (FindNextFile(find_handle, &find_data));
+ have_cached_interfaces = true;
out:
FindClose(find_handle);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/ipc-windows.h
new/wireguard-tools-1.0.20210914/src/ipc-windows.h
--- old/wireguard-tools-1.0.20210424/src/ipc-windows.h 1970-01-01
01:00:00.000000000 +0100
+++ new/wireguard-tools-1.0.20210914/src/ipc-windows.h 2021-09-14
00:43:31.000000000 +0200
@@ -0,0 +1,500 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2015-2021 Jason A. Donenfeld <[email protected]>. All Rights
Reserved.
+ */
+
+#include "containers.h"
+#include <windows.h>
+#include <setupapi.h>
+#include <cfgmgr32.h>
+#include <iphlpapi.h>
+#include <initguid.h>
+#include <devguid.h>
+#include <ddk/ndisguid.h>
+#include <wireguard.h>
+#include <hashtable.h>
+
+#define IPC_SUPPORTS_KERNEL_INTERFACE
+
+static bool have_cached_kernel_interfaces;
+static struct hashtable cached_kernel_interfaces;
+static const DEVPROPKEY devpkey_name = DEVPKEY_WG_NAME;
+
+static int kernel_get_wireguard_interfaces(struct string_list *list)
+{
+ HDEVINFO dev_info = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL,
NULL, DIGCF_PRESENT, NULL, NULL, NULL);
+ bool will_have_cached_kernel_interfaces = true;
+
+ if (dev_info == INVALID_HANDLE_VALUE) {
+ errno = EACCES;
+ return -errno;
+ }
+
+ for (DWORD i = 0;; ++i) {
+ bool found = false;
+ DWORD buf_len = 0, value_type;
+ WCHAR *buf = NULL, adapter_name[MAX_ADAPTER_NAME];
+ SP_DEVINFO_DATA dev_info_data = { .cbSize =
sizeof(SP_DEVINFO_DATA) };
+ DEVPROPTYPE prop_type;
+ ULONG status, problem_code;
+ char *interface_name;
+ struct hashtable_entry *entry;
+
+ if (!SetupDiEnumDeviceInfo(dev_info, i, &dev_info_data)) {
+ if (GetLastError() == ERROR_NO_MORE_ITEMS)
+ break;
+ continue;
+ }
+
+ while (!SetupDiGetDeviceRegistryPropertyW(dev_info,
&dev_info_data, SPDRP_HARDWAREID, &value_type, (BYTE *)buf, buf_len, &buf_len))
{
+ free(buf);
+ buf = NULL;
+ if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ break;
+ buf = malloc(buf_len);
+ if (!buf)
+ break;
+ }
+
+ if (!buf || value_type != REG_MULTI_SZ || buf_len <
sizeof(*buf) * 2 || buf[buf_len / sizeof(*buf) - 1] || buf[buf_len /
sizeof(*buf) - 2]) {
+ free(buf);
+ continue;
+ }
+
+ for (WCHAR *item = buf; *item; item += wcslen(item) + 1) {
+ if (!_wcsicmp(item, L"wireguard")) {
+ found = true;
+ break;
+ }
+ }
+ free(buf);
+ if (!found)
+ continue;
+
+ if (!SetupDiGetDevicePropertyW(dev_info, &dev_info_data,
&devpkey_name,
+ &prop_type, (PBYTE)adapter_name,
+ sizeof(adapter_name), NULL, 0) ||
+ prop_type != DEVPROP_TYPE_STRING)
+ continue;
+ adapter_name[_countof(adapter_name) - 1] = L'0';
+ if (!adapter_name[0])
+ continue;
+ buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1,
NULL, 0, NULL, NULL);
+ if (!buf_len)
+ continue;
+ interface_name = malloc(buf_len);
+ if (!interface_name)
+ continue;
+ buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1,
interface_name, buf_len, NULL, NULL);
+ if (!buf_len) {
+ free(interface_name);
+ continue;
+ }
+
+ if (CM_Get_DevNode_Status(&status, &problem_code,
dev_info_data.DevInst, 0) == CR_SUCCESS &&
+ (status & (DN_DRIVER_LOADED | DN_STARTED)) ==
(DN_DRIVER_LOADED | DN_STARTED))
+ string_list_add(list, interface_name);
+
+ entry =
hashtable_find_or_insert_entry(&cached_kernel_interfaces, interface_name);
+ free(interface_name);
+ if (!entry)
+ continue;
+
+ if (SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, NULL,
0, &buf_len) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ continue;
+ entry->value = calloc(sizeof(WCHAR), buf_len);
+ if (!entry->value)
+ continue;
+ if (!SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data,
entry->value, buf_len, &buf_len)) {
+ free(entry->value);
+ entry->value = NULL;
+ continue;
+ }
+
+ will_have_cached_kernel_interfaces = true;
+ }
+ SetupDiDestroyDeviceInfoList(dev_info);
+ have_cached_kernel_interfaces = will_have_cached_kernel_interfaces;
+ return 0;
+}
+
+static HANDLE kernel_interface_handle(const char *iface)
+{
+ HDEVINFO dev_info;
+ WCHAR *interfaces = NULL;
+ HANDLE handle;
+
+ if (have_cached_kernel_interfaces) {
+ struct hashtable_entry *entry =
hashtable_find_entry(&cached_kernel_interfaces, iface);
+ if (entry) {
+ DWORD buf_len;
+ if (CM_Get_Device_Interface_List_SizeW(
+ &buf_len, (GUID *)&GUID_DEVINTERFACE_NET,
(DEVINSTID_W)entry->value,
+ CM_GET_DEVICE_INTERFACE_LIST_PRESENT) !=
CR_SUCCESS)
+ goto err_hash;
+ interfaces = calloc(buf_len, sizeof(*interfaces));
+ if (!interfaces)
+ goto err_hash;
+ if (CM_Get_Device_Interface_ListW(
+ (GUID *)&GUID_DEVINTERFACE_NET,
(DEVINSTID_W)entry->value, interfaces, buf_len,
+ CM_GET_DEVICE_INTERFACE_LIST_PRESENT) !=
CR_SUCCESS || !interfaces[0]) {
+ free(interfaces);
+ interfaces = NULL;
+ goto err_hash;
+ }
+ handle = CreateFileW(interfaces, GENERIC_READ |
GENERIC_WRITE,
+ FILE_SHARE_READ | FILE_SHARE_WRITE
| FILE_SHARE_DELETE, NULL,
+ OPEN_EXISTING, 0, NULL);
+ free(interfaces);
+ if (handle == INVALID_HANDLE_VALUE)
+ goto err_hash;
+ return handle;
+err_hash:
+ errno = EACCES;
+ return NULL;
+ }
+ }
+
+ dev_info = SetupDiGetClassDevsExW(&GUID_DEVCLASS_NET, NULL, NULL,
DIGCF_PRESENT, NULL, NULL, NULL);
+ if (dev_info == INVALID_HANDLE_VALUE)
+ return NULL;
+
+ for (DWORD i = 0; !interfaces; ++i) {
+ bool found = false;
+ DWORD buf_len = 0, value_type;
+ WCHAR *buf = NULL, adapter_name[MAX_ADAPTER_NAME];
+ SP_DEVINFO_DATA dev_info_data = { .cbSize =
sizeof(SP_DEVINFO_DATA) };
+ DEVPROPTYPE prop_type;
+ char *interface_name;
+
+ if (!SetupDiEnumDeviceInfo(dev_info, i, &dev_info_data)) {
+ if (GetLastError() == ERROR_NO_MORE_ITEMS)
+ break;
+ continue;
+ }
+
+ while (!SetupDiGetDeviceRegistryPropertyW(dev_info,
&dev_info_data, SPDRP_HARDWAREID, &value_type, (BYTE *)buf, buf_len, &buf_len))
{
+ free(buf);
+ buf = NULL;
+ if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ break;
+ buf = malloc(buf_len);
+ if (!buf)
+ break;
+ }
+
+ if (!buf || value_type != REG_MULTI_SZ || buf_len <
sizeof(*buf) * 2 || buf[buf_len / sizeof(*buf) - 1] || buf[buf_len /
sizeof(*buf) - 2]) {
+ free(buf);
+ continue;
+ }
+
+ for (WCHAR *item = buf; *item; item += wcslen(item) + 1) {
+ if (!_wcsicmp(item, L"wireguard")) {
+ found = true;
+ break;
+ }
+ }
+ free(buf);
+ if (!found)
+ continue;
+
+ if (!SetupDiGetDevicePropertyW(dev_info, &dev_info_data,
&devpkey_name,
+ &prop_type, (PBYTE)adapter_name,
+ sizeof(adapter_name), NULL, 0) ||
+ prop_type != DEVPROP_TYPE_STRING)
+ continue;
+ adapter_name[_countof(adapter_name) - 1] = L'0';
+ if (!adapter_name[0])
+ continue;
+ buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1,
NULL, 0, NULL, NULL);
+ if (!buf_len)
+ continue;
+ interface_name = malloc(buf_len);
+ if (!interface_name)
+ continue;
+ buf_len = WideCharToMultiByte(CP_UTF8, 0, adapter_name, -1,
interface_name, buf_len, NULL, NULL);
+ if (!buf_len) {
+ free(interface_name);
+ continue;
+ }
+ found = !strcmp(interface_name, iface);
+ free(interface_name);
+ if (!found)
+ continue;
+
+ if (SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, NULL,
0, &buf_len) || GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ continue;
+ buf = calloc(sizeof(*buf), buf_len);
+ if (!buf)
+ continue;
+ if (!SetupDiGetDeviceInstanceIdW(dev_info, &dev_info_data, buf,
buf_len, &buf_len))
+ goto cleanup_instance_id;
+ if (CM_Get_Device_Interface_List_SizeW(
+ &buf_len, (GUID *)&GUID_DEVINTERFACE_NET,
(DEVINSTID_W)buf,
+ CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS)
+ goto cleanup_instance_id;
+ interfaces = calloc(buf_len, sizeof(*interfaces));
+ if (!interfaces)
+ goto cleanup_instance_id;
+ if (CM_Get_Device_Interface_ListW(
+ (GUID *)&GUID_DEVINTERFACE_NET, (DEVINSTID_W)buf,
interfaces, buf_len,
+ CM_GET_DEVICE_INTERFACE_LIST_PRESENT) != CR_SUCCESS ||
!interfaces[0]) {
+ free(interfaces);
+ interfaces = NULL;
+ goto cleanup_instance_id;
+ }
+cleanup_instance_id:
+ free(buf);
+ }
+ SetupDiDestroyDeviceInfoList(dev_info);
+ if (!interfaces) {
+ errno = ENOENT;
+ return NULL;
+ }
+ handle = CreateFileW(interfaces, GENERIC_READ | GENERIC_WRITE,
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
FILE_SHARE_DELETE, NULL,
+ OPEN_EXISTING, 0, NULL);
+ free(interfaces);
+ if (handle == INVALID_HANDLE_VALUE) {
+ errno = EACCES;
+ return NULL;
+ }
+ return handle;
+}
+
+static int kernel_get_device(struct wgdevice **device, const char *iface)
+{
+ WG_IOCTL_INTERFACE *wg_iface;
+ WG_IOCTL_PEER *wg_peer;
+ WG_IOCTL_ALLOWED_IP *wg_aip;
+ void *buf = NULL;
+ DWORD buf_len = 0;
+ HANDLE handle = kernel_interface_handle(iface);
+ struct wgdevice *dev;
+ struct wgpeer *peer;
+ struct wgallowedip *aip;
+ int ret;
+
+ *device = NULL;
+
+ if (!handle)
+ return -errno;
+
+ while (!DeviceIoControl(handle, WG_IOCTL_GET, NULL, 0, buf, buf_len,
&buf_len, NULL)) {
+ free(buf);
+ if (GetLastError() != ERROR_MORE_DATA) {
+ errno = EACCES;
+ return -errno;
+ }
+ buf = malloc(buf_len);
+ if (!buf)
+ return -errno;
+ }
+
+ wg_iface = (WG_IOCTL_INTERFACE *)buf;
+ dev = calloc(1, sizeof(*dev));
+ if (!dev)
+ goto out;
+ strncpy(dev->name, iface, sizeof(dev->name));
+ dev->name[sizeof(dev->name) - 1] = '\0';
+
+ if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_LISTEN_PORT) {
+ dev->listen_port = wg_iface->ListenPort;
+ dev->flags |= WGDEVICE_HAS_LISTEN_PORT;
+ }
+
+ if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY) {
+ memcpy(dev->public_key, wg_iface->PublicKey,
sizeof(dev->public_key));
+ dev->flags |= WGDEVICE_HAS_PUBLIC_KEY;
+ }
+
+ if (wg_iface->Flags & WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY) {
+ memcpy(dev->private_key, wg_iface->PrivateKey,
sizeof(dev->private_key));
+ dev->flags |= WGDEVICE_HAS_PRIVATE_KEY;
+ }
+
+ wg_peer = buf + sizeof(WG_IOCTL_INTERFACE);
+ for (ULONG i = 0; i < wg_iface->PeersCount; ++i) {
+ peer = calloc(1, sizeof(*peer));
+ if (!peer)
+ goto out;
+
+ if (dev->first_peer == NULL)
+ dev->first_peer = peer;
+ else
+ dev->last_peer->next_peer = peer;
+ dev->last_peer = peer;
+
+ if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PUBLIC_KEY) {
+ memcpy(peer->public_key, wg_peer->PublicKey,
sizeof(peer->public_key));
+ peer->flags |= WGPEER_HAS_PUBLIC_KEY;
+ }
+
+ if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PRESHARED_KEY) {
+ memcpy(peer->preshared_key, wg_peer->PresharedKey,
sizeof(peer->preshared_key));
+ if (!key_is_zero(peer->preshared_key))
+ peer->flags |= WGPEER_HAS_PRESHARED_KEY;
+ }
+
+ if (wg_peer->Flags & WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE) {
+ peer->persistent_keepalive_interval =
wg_peer->PersistentKeepalive;
+ peer->flags |= WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL;
+ }
+
+ if (wg_peer->Flags & WG_IOCTL_PEER_HAS_ENDPOINT) {
+ if (wg_peer->Endpoint.si_family == AF_INET)
+ peer->endpoint.addr4 = wg_peer->Endpoint.Ipv4;
+ else if (wg_peer->Endpoint.si_family == AF_INET6)
+ peer->endpoint.addr6 = wg_peer->Endpoint.Ipv6;
+ }
+
+ peer->rx_bytes = wg_peer->RxBytes;
+ peer->tx_bytes = wg_peer->TxBytes;
+
+ if (wg_peer->LastHandshake) {
+ peer->last_handshake_time.tv_sec =
wg_peer->LastHandshake / 10000000 - 11644473600LL;
+ peer->last_handshake_time.tv_nsec =
wg_peer->LastHandshake % 10000000 * 100;
+ }
+
+ wg_aip = (void *)wg_peer + sizeof(WG_IOCTL_PEER);
+ for (ULONG j = 0; j < wg_peer->AllowedIPsCount; ++j) {
+ aip = calloc(1, sizeof(*aip));
+ if (!aip)
+ goto out;
+
+ if (peer->first_allowedip == NULL)
+ peer->first_allowedip = aip;
+ else
+ peer->last_allowedip->next_allowedip = aip;
+ peer->last_allowedip = aip;
+
+ aip->family = wg_aip->AddressFamily;
+ if (wg_aip->AddressFamily == AF_INET) {
+ memcpy(&aip->ip4, &wg_aip->Address.V4,
sizeof(aip->ip4));
+ aip->cidr = wg_aip->Cidr;
+ } else if (wg_aip->AddressFamily == AF_INET6) {
+ memcpy(&aip->ip6, &wg_aip->Address.V6,
sizeof(aip->ip6));
+ aip->cidr = wg_aip->Cidr;
+ }
+ ++wg_aip;
+ }
+ wg_peer = (WG_IOCTL_PEER *)wg_aip;
+ }
+ *device = dev;
+ errno = 0;
+out:
+ ret = -errno;
+ free(buf);
+ CloseHandle(handle);
+ return ret;
+}
+
+static int kernel_set_device(struct wgdevice *dev)
+{
+ WG_IOCTL_INTERFACE *wg_iface = NULL;
+ WG_IOCTL_PEER *wg_peer;
+ WG_IOCTL_ALLOWED_IP *wg_aip;
+ DWORD buf_len = sizeof(WG_IOCTL_INTERFACE);
+ HANDLE handle = kernel_interface_handle(dev->name);
+ struct wgpeer *peer;
+ struct wgallowedip *aip;
+ size_t peer_count, aip_count;
+ int ret = 0;
+
+ if (!handle)
+ return -errno;
+
+ for_each_wgpeer(dev, peer) {
+ if (DWORD_MAX - buf_len < sizeof(WG_IOCTL_PEER)) {
+ errno = EOVERFLOW;
+ goto out;
+ }
+ buf_len += sizeof(WG_IOCTL_PEER);
+ for_each_wgallowedip(peer, aip) {
+ if (DWORD_MAX - buf_len < sizeof(WG_IOCTL_ALLOWED_IP)) {
+ errno = EOVERFLOW;
+ goto out;
+ }
+ buf_len += sizeof(WG_IOCTL_ALLOWED_IP);
+ }
+ }
+ wg_iface = calloc(1, buf_len);
+ if (!wg_iface)
+ goto out;
+
+ if (dev->flags & WGDEVICE_HAS_PRIVATE_KEY) {
+ memcpy(wg_iface->PrivateKey, dev->private_key,
sizeof(wg_iface->PrivateKey));
+ wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY;
+ }
+
+ if (dev->flags & WGDEVICE_HAS_LISTEN_PORT) {
+ wg_iface->ListenPort = dev->listen_port;
+ wg_iface->Flags |= WG_IOCTL_INTERFACE_HAS_LISTEN_PORT;
+ }
+
+ if (dev->flags & WGDEVICE_REPLACE_PEERS)
+ wg_iface->Flags |= WG_IOCTL_INTERFACE_REPLACE_PEERS;
+
+ peer_count = 0;
+ wg_peer = (void *)wg_iface + sizeof(WG_IOCTL_INTERFACE);
+ for_each_wgpeer(dev, peer) {
+ wg_peer->Flags = WG_IOCTL_PEER_HAS_PUBLIC_KEY;
+ memcpy(wg_peer->PublicKey, peer->public_key,
sizeof(wg_peer->PublicKey));
+
+ if (peer->flags & WGPEER_HAS_PRESHARED_KEY) {
+ memcpy(wg_peer->PresharedKey, peer->preshared_key,
sizeof(wg_peer->PresharedKey));
+ wg_peer->Flags |= WG_IOCTL_PEER_HAS_PRESHARED_KEY;
+ }
+
+ if (peer->flags & WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL) {
+ wg_peer->PersistentKeepalive =
peer->persistent_keepalive_interval;
+ wg_peer->Flags |=
WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE;
+ }
+
+ if (peer->endpoint.addr.sa_family == AF_INET) {
+ wg_peer->Endpoint.Ipv4 = peer->endpoint.addr4;
+ wg_peer->Flags |= WG_IOCTL_PEER_HAS_ENDPOINT;
+ } else if (peer->endpoint.addr.sa_family == AF_INET6) {
+ wg_peer->Endpoint.Ipv6 = peer->endpoint.addr6;
+ wg_peer->Flags |= WG_IOCTL_PEER_HAS_ENDPOINT;
+ }
+
+ if (peer->flags & WGPEER_REPLACE_ALLOWEDIPS)
+ wg_peer->Flags |= WG_IOCTL_PEER_REPLACE_ALLOWED_IPS;
+
+ if (peer->flags & WGPEER_REMOVE_ME)
+ wg_peer->Flags |= WG_IOCTL_PEER_REMOVE;
+
+ aip_count = 0;
+ wg_aip = (void *)wg_peer + sizeof(WG_IOCTL_PEER);
+ for_each_wgallowedip(peer, aip) {
+ wg_aip->AddressFamily = aip->family;
+ wg_aip->Cidr = aip->cidr;
+
+ if (aip->family == AF_INET)
+ wg_aip->Address.V4 = aip->ip4;
+ else if (aip->family == AF_INET6)
+ wg_aip->Address.V6 = aip->ip6;
+ else
+ continue;
+ ++aip_count;
+ ++wg_aip;
+ }
+ wg_peer->AllowedIPsCount = aip_count;
+ ++peer_count;
+ wg_peer = (WG_IOCTL_PEER *)wg_aip;
+ }
+ wg_iface->PeersCount = peer_count;
+
+ if (!DeviceIoControl(handle, WG_IOCTL_SET, NULL, 0, wg_iface, buf_len,
&buf_len, NULL)) {
+ errno = EACCES;
+ goto out;
+ }
+ errno = 0;
+
+out:
+ ret = -errno;
+ free(wg_iface);
+ CloseHandle(handle);
+ return ret;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/ipc.c
new/wireguard-tools-1.0.20210914/src/ipc.c
--- old/wireguard-tools-1.0.20210424/src/ipc.c 2021-04-24 22:43:19.000000000
+0200
+++ new/wireguard-tools-1.0.20210914/src/ipc.c 2021-09-14 00:43:31.000000000
+0200
@@ -47,6 +47,8 @@
#include "ipc-openbsd.h"
#elif defined(__FreeBSD__)
#include "ipc-freebsd.h"
+#elif defined(_WIN32)
+#include "ipc-windows.h"
#endif
/* first\0second\0third\0forth\0last\0\0 */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/man/wg.8
new/wireguard-tools-1.0.20210914/src/man/wg.8
--- old/wireguard-tools-1.0.20210424/src/man/wg.8 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/man/wg.8 2021-09-14
00:43:31.000000000 +0200
@@ -219,6 +219,13 @@
\fB # modprobe wireguard && echo module wireguard +p >
/sys/kernel/debug/dynamic_debug/control\fP
+On OpenBSD and FreeBSD, debugging information can be written into
+.BR dmesg (1)
+on a per-interface basis by using
+.BR ifconfig (1):
+
+\fB # ifconfig wg0 debug
+
On userspace implementations, it is customary to set the \fILOG_LEVEL\fP
environment variable to \fIverbose\fP.
.SH ENVIRONMENT VARIABLES
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20210424/src/uapi/windows/wireguard.h
new/wireguard-tools-1.0.20210914/src/uapi/windows/wireguard.h
--- old/wireguard-tools-1.0.20210424/src/uapi/windows/wireguard.h
1970-01-01 01:00:00.000000000 +0100
+++ new/wireguard-tools-1.0.20210914/src/uapi/windows/wireguard.h
2021-09-14 00:43:31.000000000 +0200
@@ -0,0 +1,80 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2021 WireGuard LLC. All Rights Reserved.
+ */
+
+#ifndef _WIREGUARD_NT_H
+#define _WIREGUARD_NT_H
+
+#include <ntdef.h>
+#include <ws2def.h>
+#include <ws2ipdef.h>
+#include <inaddr.h>
+#include <in6addr.h>
+
+#define WG_KEY_LEN 32
+
+typedef struct _WG_IOCTL_ALLOWED_IP
+{
+ union
+ {
+ IN_ADDR V4;
+ IN6_ADDR V6;
+ } Address;
+ ADDRESS_FAMILY AddressFamily;
+ UCHAR Cidr;
+} __attribute__((aligned(8))) WG_IOCTL_ALLOWED_IP;
+
+typedef enum
+{
+ WG_IOCTL_PEER_HAS_PUBLIC_KEY = 1 << 0,
+ WG_IOCTL_PEER_HAS_PRESHARED_KEY = 1 << 1,
+ WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE = 1 << 2,
+ WG_IOCTL_PEER_HAS_ENDPOINT = 1 << 3,
+ WG_IOCTL_PEER_HAS_PROTOCOL_VERSION = 1 << 4,
+ WG_IOCTL_PEER_REPLACE_ALLOWED_IPS = 1 << 5,
+ WG_IOCTL_PEER_REMOVE = 1 << 6,
+ WG_IOCTL_PEER_UPDATE = 1 << 7
+} WG_IOCTL_PEER_FLAG;
+
+typedef struct _WG_IOCTL_PEER
+{
+ WG_IOCTL_PEER_FLAG Flags;
+ ULONG ProtocolVersion; /* 0 = latest protocol, 1 = this protocol. */
+ UCHAR PublicKey[WG_KEY_LEN];
+ UCHAR PresharedKey[WG_KEY_LEN];
+ USHORT PersistentKeepalive;
+ SOCKADDR_INET Endpoint;
+ ULONG64 TxBytes;
+ ULONG64 RxBytes;
+ ULONG64 LastHandshake;
+ ULONG AllowedIPsCount;
+} __attribute__((aligned(8))) WG_IOCTL_PEER;
+
+typedef enum
+{
+ WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY = 1 << 0,
+ WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY = 1 << 1,
+ WG_IOCTL_INTERFACE_HAS_LISTEN_PORT = 1 << 2,
+ WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3
+} WG_IOCTL_INTERFACE_FLAG;
+
+typedef struct _WG_IOCTL_INTERFACE
+{
+ WG_IOCTL_INTERFACE_FLAG Flags;
+ USHORT ListenPort;
+ UCHAR PrivateKey[WG_KEY_LEN];
+ UCHAR PublicKey[WG_KEY_LEN];
+ ULONG PeersCount;
+} __attribute__((aligned(8))) WG_IOCTL_INTERFACE;
+
+#define WG_IOCTL_GET CTL_CODE(45208U, 321, METHOD_OUT_DIRECT, FILE_READ_DATA |
FILE_WRITE_DATA)
+#define WG_IOCTL_SET CTL_CODE(45208U, 322, METHOD_IN_DIRECT, FILE_READ_DATA |
FILE_WRITE_DATA)
+
+#define DEVPKEY_WG_NAME (DEVPROPKEY) { \
+ { 0x65726957, 0x7547, 0x7261, { 0x64, 0x4e, 0x61, 0x6d, 0x65,
0x4b, 0x65, 0x79 } }, \
+ DEVPROPID_FIRST_USABLE + 1 \
+ }
+
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/version.h
new/wireguard-tools-1.0.20210914/src/version.h
--- old/wireguard-tools-1.0.20210424/src/version.h 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/version.h 2021-09-14
00:43:31.000000000 +0200
@@ -1,3 +1,3 @@
#ifndef WIREGUARD_TOOLS_VERSION
-#define WIREGUARD_TOOLS_VERSION "1.0.20210424"
+#define WIREGUARD_TOOLS_VERSION "1.0.20210914"
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/wg-quick/android.c
new/wireguard-tools-1.0.20210914/src/wg-quick/android.c
--- old/wireguard-tools-1.0.20210424/src/wg-quick/android.c 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/wg-quick/android.c 2021-09-14
00:43:31.000000000 +0200
@@ -1,6 +1,6 @@
// SPDX-License-Identifier: GPL-2.0
/*
- * Copyright (C) 2015-2020 Jason A. Donenfeld <[email protected]>. All Rights
Reserved.
+ * Copyright (C) 2015-2021 Jason A. Donenfeld <[email protected]>. All Rights
Reserved.
*
* This is a shell script written in C. It very intentionally still functions
like
* a shell script, calling out to external executables such as ip(8).
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/param.h>
+#include <sys/system_properties.h>
#ifndef WG_PACKAGE_NAME
#define WG_PACKAGE_NAME "com.wireguard.android"
@@ -39,6 +40,7 @@
static bool is_exiting = false;
static bool binder_available = false;
+static unsigned int sdk_version;
static void *xmalloc(size_t size)
{
@@ -727,7 +729,7 @@
cmd("ip6tables -I INPUT 1 -p udp --dport %u -j %s -m comment
--comment \"wireguard rule %s\"", listen_port, should_block_ipv6(iface) ?
"DROP" : "ACCEPT", iface);
}
cmd("ip link set up dev %s", iface);
- cndc("network create %u vpn 1 1", *netid);
+ cndc(sdk_version < 31 ? "network create %u vpn 1 1" : "network create
%u vpn 1", *netid);
cndc("network interface add %u %s", *netid, iface);
}
@@ -1278,6 +1280,10 @@
_cleanup_free_ char *excluded_applications = NULL;
_cleanup_free_ char *included_applications = NULL;
unsigned int mtu;
+ char prop[PROP_VALUE_MAX + 1];
+
+ if (__system_property_get("ro.build.version.sdk", prop))
+ sdk_version = atoi(prop);
if (argc == 2 && (!strcmp(argv[1], "help") || !strcmp(argv[1],
"--help") || !strcmp(argv[1], "-h")))
cmd_usage(argv[0]);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20210424/src/wg-quick/darwin.bash
new/wireguard-tools-1.0.20210914/src/wg-quick/darwin.bash
--- old/wireguard-tools-1.0.20210424/src/wg-quick/darwin.bash 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/wg-quick/darwin.bash 2021-09-14
00:43:31.000000000 +0200
@@ -194,14 +194,14 @@
GATEWAY4=""
while read -r destination gateway _; do
- [[ $destination == default ]] || continue
+ [[ $destination == default && $gateway != "link#"* ]] ||
continue
GATEWAY4="$gateway"
break
done < <(netstat -nr -f inet)
GATEWAY6=""
while read -r destination gateway _; do
- [[ $destination == default ]] || continue
+ [[ $destination == default && $gateway != "link#"* ]] ||
continue
GATEWAY6="$gateway"
break
done < <(netstat -nr -f inet6)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20210424/src/wg-quick/openbsd.bash
new/wireguard-tools-1.0.20210914/src/wg-quick/openbsd.bash
--- old/wireguard-tools-1.0.20210424/src/wg-quick/openbsd.bash 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/wg-quick/openbsd.bash 2021-09-14
00:43:31.000000000 +0200
@@ -283,15 +283,25 @@
set_dns() {
[[ ${#DNS[@]} -gt 0 ]] || return 0
- # TODO: this is a horrible way of doing it. Has OpenBSD no resolvconf?
+
+ # TODO: add exclusive support for nameservers
+ if pgrep -qx unwind; then
+ echo "[!] WARNING: unwind will leak DNS queries" >&2
+ elif pgrep -qx resolvd; then
+ echo "[!] WARNING: resolvd may leak DNS queries" >&2
+ else
+ echo "[+] resolvd is not running, DNS will not be configured"
>&2
+ return 0
+ fi
+
cmd cp /etc/resolv.conf "/etc/resolv.conf.wg-quick-backup.$INTERFACE"
- { cmd printf 'nameserver %s\n' "${DNS[@]}"
- [[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n'
"${DNS_SEARCH[*]}"
- } > /etc/resolv.conf
+ [[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n'
"${DNS_SEARCH[*]}" > /etc/resolv.conf
+ route nameserver ${REAL_INTERFACE} ${DNS[@]}
}
unset_dns() {
[[ -f "/etc/resolv.conf.wg-quick-backup.$INTERFACE" ]] || return 0
+ route nameserver ${REAL_INTERFACE}
cmd mv "/etc/resolv.conf.wg-quick-backup.$INTERFACE" /etc/resolv.conf
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20210424/src/wincompat/include/hashtable.h
new/wireguard-tools-1.0.20210914/src/wincompat/include/hashtable.h
--- old/wireguard-tools-1.0.20210424/src/wincompat/include/hashtable.h
1970-01-01 01:00:00.000000000 +0100
+++ new/wireguard-tools-1.0.20210914/src/wincompat/include/hashtable.h
2021-09-14 00:43:31.000000000 +0200
@@ -0,0 +1,61 @@
+/* SPDX-License-Identifier: GPL-2.0
+ *
+ * Copyright (C) 2018-2021 WireGuard LLC. All Rights Reserved.
+ */
+
+#ifndef _HASHTABLE_H
+#define _HASHTABLE_H
+
+#include <string.h>
+
+enum { HASHTABLE_ENTRY_BUCKETS_POW2 = 1 << 10 };
+
+struct hashtable_entry {
+ char *key;
+ void *value;
+ struct hashtable_entry *next;
+};
+
+struct hashtable {
+ struct hashtable_entry *entry_buckets[HASHTABLE_ENTRY_BUCKETS_POW2];
+};
+
+static unsigned int hashtable_bucket(const char *str)
+{
+ unsigned long hash = 5381;
+ char c;
+ while ((c = *str++))
+ hash = ((hash << 5) + hash) ^ c;
+ return hash & (HASHTABLE_ENTRY_BUCKETS_POW2 - 1);
+}
+
+static struct hashtable_entry *hashtable_find_entry(struct hashtable
*hashtable, const char *key)
+{
+ struct hashtable_entry *entry;
+ for (entry = hashtable->entry_buckets[hashtable_bucket(key)]; entry;
entry = entry->next) {
+ if (!strcmp(entry->key, key))
+ return entry;
+ }
+ return NULL;
+}
+
+static struct hashtable_entry *hashtable_find_or_insert_entry(struct hashtable
*hashtable, const char *key)
+{
+ struct hashtable_entry **entry;
+ for (entry = &hashtable->entry_buckets[hashtable_bucket(key)]; *entry;
entry = &(*entry)->next) {
+ if (!strcmp((*entry)->key, key))
+ return *entry;
+ }
+ *entry = calloc(1, sizeof(**entry));
+ if (!*entry)
+ return NULL;
+ (*entry)->key = strdup(key);
+ if (!(*entry)->key) {
+ free(*entry);
+ *entry = NULL;
+ return NULL;
+ }
+ return *entry;
+}
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/wincompat/init.c
new/wireguard-tools-1.0.20210914/src/wincompat/init.c
--- old/wireguard-tools-1.0.20210424/src/wincompat/init.c 2021-04-24
22:43:19.000000000 +0200
+++ new/wireguard-tools-1.0.20210914/src/wincompat/init.c 2021-09-14
00:43:31.000000000 +0200
@@ -16,6 +16,10 @@
DWORD console_mode;
HANDLE stdout_handle;
WSADATA wsaData;
+
+ if (!SetDllDirectoryA("") ||
!SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32))
+ abort();
+
WSAStartup(MAKEWORD(2, 2), &wsaData);
stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE); // We don't close this.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20210424/src/wincompat/loader.c
new/wireguard-tools-1.0.20210914/src/wincompat/loader.c
--- old/wireguard-tools-1.0.20210424/src/wincompat/loader.c 1970-01-01
01:00:00.000000000 +0100
+++ new/wireguard-tools-1.0.20210914/src/wincompat/loader.c 2021-09-14
00:43:31.000000000 +0200
@@ -0,0 +1,20 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2015-2021 Jason A. Donenfeld <[email protected]>. All Rights
Reserved.
+ */
+
+#include <windows.h>
+#include <delayimp.h>
+
+static FARPROC WINAPI delayed_load_library_hook(unsigned dliNotify,
PDelayLoadInfo pdli)
+{
+ HMODULE library;
+ if (dliNotify != dliNotePreLoadLibrary)
+ return NULL;
+ library = LoadLibraryExA(pdli->szDll, NULL,
LOAD_LIBRARY_SEARCH_SYSTEM32);
+ if (!library)
+ abort();
+ return (FARPROC)library;
+}
+
+PfnDliHook __pfnDliNotifyHook2 = delayed_load_library_hook;
