Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-12-06 12:10:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireguard" Fri Dec 6 12:10:20 2019 rev:3 rq:754509 version:0.0.20191205 Changes: -------- --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-11-28 10:16:27.111638584 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.4691/wireguard.changes 2019-12-06 12:11:07.816061266 +0100 @@ -1,0 +2,10 @@ +Thu Dec 5 20:21:14 UTC 2019 - Martin Hauke <[email protected]> + +- Update to version 0.0.20191127 + * wg-quick: linux: suppress error when finding unused table + * wg-quick: linux: ensure postdown hooks execute + * wg-quick: linux: have remove_iptables return true + * wg-quick: linux: iptables-* -w is not widely supported + * ipc: make sure userspace communication frees wgdevice + +------------------------------------------------------------------- Old: ---- WireGuard-0.0.20191127.tar.asc WireGuard-0.0.20191127.tar.xz New: ---- WireGuard-0.0.20191205.tar.asc WireGuard-0.0.20191205.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wireguard.spec ++++++ --- /var/tmp/diff_new_pack.BxYYcc/_old 2019-12-06 12:11:09.792060308 +0100 +++ /var/tmp/diff_new_pack.BxYYcc/_new 2019-12-06 12:11:09.796060306 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version: 0.0.20191127 +Version: 0.0.20191205 Release: 0 Summary: Fast, modern, secure kernel VPN tunnel License: GPL-2.0-only ++++++ WireGuard-0.0.20191127.tar.xz -> WireGuard-0.0.20191205.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.c new/WireGuard-0.0.20191205/src/device.c --- old/WireGuard-0.0.20191127/src/device.c 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/device.c 2019-12-05 11:49:46.000000000 +0100 @@ -171,8 +171,8 @@ dev_kfree_skb(skb); skb = segs; } - do { - next = skb->next; + + skb_list_walk_safe(skb, skb, next) { skb_mark_not_on_list(skb); skb = skb_share_check(skb, GFP_ATOMIC); @@ -187,7 +187,7 @@ PACKET_CB(skb)->mtu = mtu; __skb_queue_tail(&packets, skb); - } while ((skb = next) != NULL); + } spin_lock_bh(&peer->staged_packet_queue.lock); /* If the queue is getting too big, we start removing the oldest packets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.h new/WireGuard-0.0.20191205/src/device.h --- old/WireGuard-0.0.20191127/src/device.h 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/device.h 2019-12-05 11:49:46.000000000 +0100 @@ -62,4 +62,12 @@ int wg_device_init(void); void wg_device_uninit(void); +/* Later after the dust settles, this can be moved into include/linux/skbuff.h, + * where virtually all code that deals with GSO segs can benefit, around ~30 + * drivers as of writing. + */ +#define skb_list_walk_safe(first, skb, next) \ + for (skb = first, next = skb->next; skb; \ + skb = next, next = skb ? skb->next : NULL) + #endif /* _WG_DEVICE_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/dkms.conf new/WireGuard-0.0.20191205/src/dkms.conf --- old/WireGuard-0.0.20191127/src/dkms.conf 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/dkms.conf 2019-12-05 11:49:46.000000000 +0100 @@ -1,5 +1,5 @@ PACKAGE_NAME="wireguard" -PACKAGE_VERSION="0.0.20191127" +PACKAGE_VERSION="0.0.20191205" AUTOINSTALL=yes BUILT_MODULE_NAME="wireguard" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/send.c new/WireGuard-0.0.20191205/src/send.c --- old/WireGuard-0.0.20191127/src/send.c 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/send.c 2019-12-05 11:49:46.000000000 +0100 @@ -233,17 +233,6 @@ wg_packet_send_staged_packets(peer); } -#define skb_walk_null_queue_safe(first, skb, next) \ - for (skb = first, next = skb->next; skb; \ - skb = next, next = skb ? skb->next : NULL) -static void skb_free_null_queue(struct sk_buff *first) -{ - struct sk_buff *skb, *next; - - skb_walk_null_queue_safe(first, skb, next) - dev_kfree_skb(skb); -} - static void wg_packet_create_data_done(struct sk_buff *first, struct wg_peer *peer) { @@ -252,7 +241,7 @@ wg_timers_any_authenticated_packet_traversal(peer); wg_timers_any_authenticated_packet_sent(peer); - skb_walk_null_queue_safe(first, skb, next) { + skb_list_walk_safe(first, skb, next) { is_keepalive = skb->len == message_data_len(0); if (likely(!wg_socket_send_skb_to_peer(peer, skb, PACKET_CB(skb)->ds) && !is_keepalive)) @@ -284,7 +273,7 @@ if (likely(state == PACKET_STATE_CRYPTED)) wg_packet_create_data_done(first, peer); else - skb_free_null_queue(first); + kfree_skb_list(first); wg_noise_keypair_put(keypair, false); wg_peer_put(peer); @@ -302,7 +291,7 @@ while ((first = ptr_ring_consume_bh(&queue->ring)) != NULL) { enum packet_state state = PACKET_STATE_CRYPTED; - skb_walk_null_queue_safe(first, skb, next) { + skb_list_walk_safe(first, skb, next) { if (likely(encrypt_packet(skb, PACKET_CB(first)->keypair, &simd_context))) { @@ -343,7 +332,7 @@ return; wg_noise_keypair_put(PACKET_CB(first)->keypair, false); wg_peer_put(peer); - skb_free_null_queue(first); + kfree_skb_list(first); } void wg_packet_purge_staged_packets(struct wg_peer *peer) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/socket.c new/WireGuard-0.0.20191205/src/socket.c --- old/WireGuard-0.0.20191127/src/socket.c 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/socket.c 2019-12-05 11:49:46.000000000 +0100 @@ -31,7 +31,7 @@ struct sock *sock; int ret = 0; - skb->next = skb->prev = NULL; + skb_mark_not_on_list(skb); skb->dev = wg->dev; skb->mark = wg->fwmark; @@ -117,7 +117,7 @@ struct sock *sock; int ret = 0; - skb->next = skb->prev = NULL; + skb_mark_not_on_list(skb); skb->dev = wg->dev; skb->mark = wg->fwmark; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/tools/ipc.c new/WireGuard-0.0.20191205/src/tools/ipc.c --- old/WireGuard-0.0.20191127/src/tools/ipc.c 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/tools/ipc.c 2019-12-05 11:49:46.000000000 +0100 @@ -303,8 +303,12 @@ return -errno; f = userspace_interface_file(iface); - if (!f) - return -errno; + if (!f) { + ret = -errno; + free(dev); + *out = NULL; + return ret; + } fprintf(f, "get=1\n\n"); fflush(f); @@ -314,11 +318,8 @@ while (getline(&key, &line_buffer_len, f) > 0) { line_len = strlen(key); - if (line_len == 1 && key[0] == '\n') { - free(key); - fclose(f); - return ret; - } + if (line_len == 1 && key[0] == '\n') + goto err; value = strchr(key, '='); if (!value || line_len == 0 || key[line_len - 1] != '\n') break; @@ -382,7 +383,7 @@ *end++ = '\0'; } if (getaddrinfo(begin, end, &hints, &resolved) != 0) { - errno = ENETUNREACH; + ret = ENETUNREACH; goto err; } if ((resolved->ai_family == AF_INET && resolved->ai_addrlen == sizeof(struct sockaddr_in)) || @@ -437,8 +438,10 @@ ret = -EPROTO; err: free(key); - free_wgdevice(dev); - *out = NULL; + if (ret) { + free_wgdevice(dev); + *out = NULL; + } fclose(f); errno = -ret; return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/tools/setconf.c new/WireGuard-0.0.20191205/src/tools/setconf.c --- old/WireGuard-0.0.20191127/src/tools/setconf.c 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/tools/setconf.c 2019-12-05 11:49:46.000000000 +0100 @@ -45,8 +45,10 @@ return false; } - if (!runtime->first_peer) + if (!runtime->first_peer) { + free_wgdevice(runtime); return true; + } file->flags &= ~WGDEVICE_REPLACE_PEERS; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/tools/wg-quick/linux.bash new/WireGuard-0.0.20191205/src/tools/wg-quick/linux.bash --- old/WireGuard-0.0.20191127/src/tools/wg-quick/linux.bash 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/tools/wg-quick/linux.bash 2019-12-05 11:49:46.000000000 +0100 @@ -190,7 +190,7 @@ [[ $line == "-A"* ]] && found=1 printf -v restore '%s\n%s' "$restore" "${line/#-A/-D}" done < <($iptables-save) - [[ $found -eq 1 ]] && echo "$restore" | cmd $iptables-restore -nw + [[ $found -ne 1 ]] || echo "$restore" | cmd $iptables-restore -n done } @@ -199,7 +199,7 @@ local table proto i iptables if ! get_fwmark table; then table=51820 - while [[ -n $(ip -4 route show table $table) || -n $(ip -6 route show table $table) ]]; do + while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n $(ip -6 route show table $table 2>/dev/null) ]]; do ((table++)) done cmd wg set "$INTERFACE" fwmark $table @@ -217,7 +217,7 @@ done printf -v restore '%s\nCOMMIT\n*mangle\n-I POSTROUTING -m mark --mark %d -p udp -j CONNMARK --save-mark %s\n-I PREROUTING -p udp -j CONNMARK --restore-mark %s\nCOMMIT\n' "$restore" $table "$marker" "$marker" [[ $proto == -4 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1 - echo "$restore" | cmd $iptables-restore -nw + echo "$restore" | cmd $iptables-restore -n HAVE_SET_IPTABLES=1 return 0 } @@ -322,8 +322,8 @@ execute_hooks "${PRE_DOWN[@]}" [[ $SAVE_CONFIG -eq 0 ]] || save_config del_if - unset_dns - remove_iptables + unset_dns || true + remove_iptables || true execute_hooks "${POST_DOWN[@]}" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/version.h new/WireGuard-0.0.20191205/src/version.h --- old/WireGuard-0.0.20191127/src/version.h 2019-11-27 15:39:16.000000000 +0100 +++ new/WireGuard-0.0.20191205/src/version.h 2019-12-05 11:49:46.000000000 +0100 @@ -1 +1 @@ -#define WIREGUARD_VERSION "0.0.20191127" +#define WIREGUARD_VERSION "0.0.20191205"
