commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-04-01 19:17:02
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.3248 (New)
Package is "wireguard"
Wed Apr 1 19:17:02 2020 rev:14 rq:790368 version:1.0.20200330
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-03-22
14:18:30.918108604 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.3248/wireguard.changes
2020-04-01 19:17:39.103512581 +0200
@@ -1,0 +2,6 @@
+Tue Mar 31 19:29:33 UTC 2020 - Martin Hauke
+
+- Update to version 1.0.20200330
+ * queueing: backport skb_reset_redirect change from 5.6
+
+---
Old:
wireguard-linux-compat-0.0.20200318.tar.asc
wireguard-linux-compat-0.0.20200318.tar.xz
New:
wireguard-linux-compat-1.0.20200330.tar.asc
wireguard-linux-compat-1.0.20200330.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.D44JqO/_old 2020-04-01 19:17:40.723513310 +0200
+++ /var/tmp/diff_new_pack.D44JqO/_new 2020-04-01 19:17:40.735513315 +0200
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20200318
+Version:1.0.20200330
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ wireguard-linux-compat-0.0.20200318.tar.xz ->
wireguard-linux-compat-1.0.20200330.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-linux-compat-0.0.20200318/src/compat/compat.h
new/wireguard-linux-compat-1.0.20200330/src/compat/compat.h
--- old/wireguard-linux-compat-0.0.20200318/src/compat/compat.h 2020-03-19
06:15:25.0 +0100
+++ new/wireguard-linux-compat-1.0.20200330/src/compat/compat.h 2020-03-31
02:15:15.0 +0200
@@ -1024,6 +1024,16 @@
#define COMPAT_CANNOT_USE_MAX_MTU
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
+#include
+static inline void skb_reset_redirect(struct sk_buff *skb)
+{
+#ifdef CONFIG_NET_SCHED
+ skb_reset_tc(skb);
+#endif
+}
+#endif
+
#if defined(ISUBUNTU1604)
#include
#ifndef _WG_LINUX_SIPHASH_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/dkms.conf
new/wireguard-linux-compat-1.0.20200330/src/dkms.conf
--- old/wireguard-linux-compat-0.0.20200318/src/dkms.conf 2020-03-19
06:15:25.0 +0100
+++ new/wireguard-linux-compat-1.0.20200330/src/dkms.conf 2020-03-31
02:15:15.0 +0200
@@ -1,5 +1,5 @@
PACKAGE_NAME="wireguard"
-PACKAGE_VERSION="0.0.20200318"
+PACKAGE_VERSION="1.0.20200330"
AUTOINSTALL=yes
BUILT_MODULE_NAME="wireguard"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/queueing.h
new/wireguard-linux-compat-1.0.20200330/src/queueing.h
--- old/wireguard-linux-compat-0.0.20200318/src/queueing.h 2020-03-19
06:15:25.0 +0100
+++ new/wireguard-linux-compat-1.0.20200330/src/queueing.h 2020-03-31
02:15:15.0 +0200
@@ -103,8 +103,8 @@
skb->dev = NULL;
#ifdef CONFIG_NET_SCHED
skb->tc_index = 0;
- skb_reset_tc(skb);
#endif
+ skb_reset_redirect(skb);
skb->hdr_len = skb_headroom(skb);
skb_reset_mac_header(skb);
skb_reset_network_header(skb);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/version.h
new/wireguard-linux-compat-1.0.20200330/src/version.h
--- old/wireguard-linux-compat-0.0.20200318/src/version.h 2020-03-19
06:15:25.0 +0100
+++ new/wireguard-linux-compat-1.0.20200330/src/version.h 2020-03-31
02:15:15.0 +0200
@@ -1,3 +1,3 @@
#ifndef WIREGUARD_VERSION
-#define WIREGUARD_VERSION "0.0.20200318"
+#define WIREGUARD_VERSION "1.0.20200330"
#endif
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-03-22 14:18:22
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.3160 (New)
Package is "wireguard"
Sun Mar 22 14:18:22 2020 rev:13 rq:787156 version:0.0.20200318
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-03-06
21:27:59.737575898 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.3160/wireguard.changes
2020-03-22 14:18:30.918108604 +0100
@@ -1,0 +2,13 @@
+Sat Mar 21 13:55:07 UTC 2020 - Martin Hauke
+
+- Update to version 0.0.20200318
+ * compat: RHEL 7 backported skb_ensure_writable()
+ * compat: RHEL 8.2 backported ipv6_dst_lookup_flow
+ * curve25519-x86_64: avoid use of r12
+ * wireguard: queueing: account for skb->protocol==0
+ * receive: remove dead code from default packet type case
+ * noise: error out precomputed DH during handshake rather than
+config
+ * send: use normaler alignment formula from upstream
+
+---
Old:
wireguard-linux-compat-0.0.20200215.tar.asc
wireguard-linux-compat-0.0.20200215.tar.xz
New:
wireguard-linux-compat-0.0.20200318.tar.asc
wireguard-linux-compat-0.0.20200318.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.64q8hv/_old 2020-03-22 14:18:31.466108956 +0100
+++ /var/tmp/diff_new_pack.64q8hv/_new 2020-03-22 14:18:31.470108958 +0100
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20200215
+Version:0.0.20200318
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ wireguard-linux-compat-0.0.20200215.tar.xz ->
wireguard-linux-compat-0.0.20200318.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-linux-compat-0.0.20200215/src/compat/compat.h
new/wireguard-linux-compat-0.0.20200318/src/compat/compat.h
--- old/wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-02-15
00:01:31.0 +0100
+++ new/wireguard-linux-compat-0.0.20200318/src/compat/compat.h 2020-03-19
06:15:25.0 +0100
@@ -870,7 +870,7 @@
})
#endif
-#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >=
KERNEL_VERSION(5, 4, 0)) || LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18)
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >=
KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) &&
!defined(ISRHEL82))
#define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) +
(void *)0 ?: dst
#endif
@@ -932,7 +932,7 @@
#define chacha20_neon zinc_chacha20_neon
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) && !defined(ISRHEL7)
#include
static inline int skb_ensure_writable(struct sk_buff *skb, int write_len)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-linux-compat-0.0.20200215/src/crypto/zinc/curve25519/curve25519-x86_64.c
new/wireguard-linux-compat-0.0.20200318/src/crypto/zinc/curve25519/curve25519-x86_64.c
---
old/wireguard-linux-compat-0.0.20200215/src/crypto/zinc/curve25519/curve25519-x86_64.c
2020-02-15 00:01:31.0 +0100
+++
new/wireguard-linux-compat-0.0.20200318/src/crypto/zinc/curve25519/curve25519-x86_64.c
2020-03-19 06:15:25.0 +0100
@@ -156,28 +156,28 @@
" movq 0(%1), %%rdx;"
" mulxq 0(%3), %%r8, %%r9;" " xor %%r10, %%r10;" "
movq %%r8, 0(%0);"
" mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" "
movq %%r10, 8(%0);"
- " mulxq 16(%3), %%r12, %%r13;"" adox %%r11, %%r12;"
+ " mulxq 16(%3), %%rbx, %%r13;"" adox %%r11, %%rbx;"
" mulxq 24(%3), %%r14, %%rdx;"" adox %%r13, %%r14;""
mov $0, %%rax;"
" adox %%rdx, %%rax;"
/* Compute src1[1] * src2 */
" movq 8(%1), %%rdx;"
" mulxq 0(%3), %%r8, %%r9;" " xor %%r10, %%r10;" "
adcxq 8(%0), %%r8;"" movq %%r8, 8(%0);"
- " mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" "
adcx %%r12, %%r10;"" movq %%r10, 16(%0);"
- " mulxq 16(%3), %%r12, %%r13;"" adox %%r11, %%r12;""
adcx %%r14, %%r12;"" mov $0, %%r8;"
+ " mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" "
adcx %%rbx, %%r10;"" movq %%r10, 16(%0);"
+ " mulxq 16(%3), %%rbx,
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-03-06 21:27:57
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New)
Package is "wireguard"
Fri Mar 6 21:27:57 2020 rev:12 rq:781950 version:0.0.20200215
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-26
15:09:03.737671934 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes
2020-03-06 21:27:59.737575898 +0100
@@ -1,0 +2,6 @@
+Thu Mar 5 19:49:50 UTC 2020 - Michal Suchanek
+
+- Fix build on openSUSE 15.2
+ + wireguard-fix-leap152.patch
+
+---
New:
wireguard-fix-leap152.patch
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.K2R2JX/_old 2020-03-06 21:28:00.333576266 +0100
+++ /var/tmp/diff_new_pack.K2R2JX/_new 2020-03-06 21:28:00.333576266 +0100
@@ -29,6 +29,7 @@
Source2:wireguard-kmp-preamble
Source99:
https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring
Patch2: wireguard-fix-leap151.patch
+Patch3: wireguard-fix-leap152.patch
BuildRequires: %{kernel_module_package_buildreqs}
# disable flavors xen,desktop,pae,pv
%kernel_module_package -p wireguard-kmp-preamble
@@ -47,6 +48,9 @@
%if 0%{?sle_version} == 150100
%patch2 -p1
%endif
+%if 0%{?sle_version} == 150200
+%patch3 -p1
+%endif
cd src
set -- *
++ wireguard-fix-leap152.patch ++
--- wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-03-05
20:40:22.527460178 +0100
--- wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-03-05
20:40:22.527460178 +0100
@@ -37,6 +37,9 @@
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) && LINUX_VERSION_CODE >=
KERNEL_VERSION(4, 12, 0)
#define ISOPENSUSE15
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0) && LINUX_VERSION_CODE >=
KERNEL_VERSION(5, 3, 0)
+#define ISOPENSUSE152
+#endif
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0)
@@ -859,7 +862,7 @@
#endif
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) && !defined(ISOPENSUSE152)
#define genl_dumpit_info(cb) ({ \
struct { struct nlattr **attrs; } *a = (void *)((u8 *)cb->args +
offsetofend(struct dump_ctx, next_allowedip)); \
BUILD_BUG_ON(sizeof(cb->args) < offsetofend(struct dump_ctx,
next_allowedip) + sizeof(*a)); \
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-02-26 15:07:59
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New)
Package is "wireguard"
Wed Feb 26 15:07:59 2020 rev:11 rq:779405 version:0.0.20200215
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-15
22:25:58.687327821 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes
2020-02-26 15:09:03.737671934 +0100
@@ -1,0 +2,7 @@
+Wed Feb 26 12:28:36 UTC 2020 - Martin Hauke
+
+- Update to version 0.0.20200215
+ * send: cleanup skb padding calculation
+ * socket: remove useless synchronize_net
+
+---
Old:
wireguard-linux-compat-0.0.20200214.tar.asc
wireguard-linux-compat-0.0.20200214.tar.xz
New:
wireguard-linux-compat-0.0.20200215.tar.asc
wireguard-linux-compat-0.0.20200215.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.lJ5NWF/_old 2020-02-26 15:09:05.925676300 +0100
+++ /var/tmp/diff_new_pack.lJ5NWF/_new 2020-02-26 15:09:05.929676307 +0100
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20200214
+Version:0.0.20200215
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ wireguard-linux-compat-0.0.20200214.tar.xz ->
wireguard-linux-compat-0.0.20200215.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/dkms.conf
new/wireguard-linux-compat-0.0.20200215/src/dkms.conf
--- old/wireguard-linux-compat-0.0.20200214/src/dkms.conf 2020-02-14
14:33:05.0 +0100
+++ new/wireguard-linux-compat-0.0.20200215/src/dkms.conf 2020-02-15
00:01:31.0 +0100
@@ -1,5 +1,5 @@
PACKAGE_NAME="wireguard"
-PACKAGE_VERSION="0.0.20200214"
+PACKAGE_VERSION="0.0.20200215"
AUTOINSTALL=yes
BUILT_MODULE_NAME="wireguard"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/send.c
new/wireguard-linux-compat-0.0.20200215/src/send.c
--- old/wireguard-linux-compat-0.0.20200214/src/send.c 2020-02-14
14:33:05.0 +0100
+++ new/wireguard-linux-compat-0.0.20200215/src/send.c 2020-02-15
00:01:31.0 +0100
@@ -144,17 +144,22 @@
static unsigned int calculate_skb_padding(struct sk_buff *skb)
{
+ unsigned int padded_size, last_unit = skb->len;
+
+ if (unlikely(!PACKET_CB(skb)->mtu))
+ return -last_unit % MESSAGE_PADDING_MULTIPLE;
+
/* We do this modulo business with the MTU, just in case the networking
* layer gives us a packet that's bigger than the MTU. In that case, we
* wouldn't want the final subtraction to overflow in the case of the
-* padded_size being clamped.
+* padded_size being clamped. Fortunately, that's very rarely the case,
+* so we optimize for that not happening.
*/
- unsigned int last_unit = PACKET_CB(skb)->mtu ?
-skb->len % PACKET_CB(skb)->mtu : skb->len;
- unsigned int padded_size = ALIGN(last_unit, MESSAGE_PADDING_MULTIPLE);
+ if (unlikely(last_unit > PACKET_CB(skb)->mtu))
+ last_unit %= PACKET_CB(skb)->mtu;
- if (padded_size > PACKET_CB(skb)->mtu)
- padded_size = PACKET_CB(skb)->mtu;
+ padded_size = min(PACKET_CB(skb)->mtu,
+ ALIGN(last_unit, MESSAGE_PADDING_MULTIPLE));
return padded_size - last_unit;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/socket.c
new/wireguard-linux-compat-0.0.20200215/src/socket.c
--- old/wireguard-linux-compat-0.0.20200214/src/socket.c2020-02-14
14:33:05.0 +0100
+++ new/wireguard-linux-compat-0.0.20200215/src/socket.c2020-02-15
00:01:31.0 +0100
@@ -432,7 +432,6 @@
wg->incoming_port = ntohs(inet_sk(new4)->inet_sport);
mutex_unlock(>socket_update_lock);
synchronize_rcu();
- synchronize_net();
sock_free(old4);
sock_free(old6);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/version.h
new/wireguard-linux-compat-0.0.20200215/src/version.h
--- old/wireguard-linux-compat-0.0.20200214/src/version.h 2020-02-14
14:33:05.0 +0100
+++ new/wireguard-linux-compat-0.0.20200215/src/version.h 2020-02-15
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-02-15 22:25:49
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New)
Package is "wireguard"
Sat Feb 15 22:25:49 2020 rev:10 rq:774408 version:0.0.20200214
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-06
13:08:59.176360989 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes
2020-02-15 22:25:58.687327821 +0100
@@ -1,0 +2,9 @@
+Fri Feb 14 16:08:24 UTC 2020 - Martin Hauke
+
+- Update to version 0.0.20200214
+ * chacha20poly1305: defensively protect against large inputs
+ * netns: ensure that icmp src address is correct with nat
+ * receive: reset last_under_load to zero
+ * send: account for mtu=0 devices
+
+---
Old:
wireguard-linux-compat-0.0.20200205.tar.asc
wireguard-linux-compat-0.0.20200205.tar.xz
New:
wireguard-linux-compat-0.0.20200214.tar.asc
wireguard-linux-compat-0.0.20200214.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.qbNheu/_old 2020-02-15 22:25:59.227328113 +0100
+++ /var/tmp/diff_new_pack.qbNheu/_new 2020-02-15 22:25:59.227328113 +0100
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20200205
+Version:0.0.20200214
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ wireguard-linux-compat-0.0.20200205.tar.xz ->
wireguard-linux-compat-0.0.20200214.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-linux-compat-0.0.20200205/src/compat/compat.h
new/wireguard-linux-compat-0.0.20200214/src/compat/compat.h
--- old/wireguard-linux-compat-0.0.20200205/src/compat/compat.h 2020-02-05
14:37:40.0 +0100
+++ new/wireguard-linux-compat-0.0.20200214/src/compat/compat.h 2020-02-14
14:33:05.0 +0100
@@ -932,6 +932,98 @@
#define chacha20_neon zinc_chacha20_neon
#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0)
+#include
+static inline int skb_ensure_writable(struct sk_buff *skb, int write_len)
+{
+ if (!pskb_may_pull(skb, write_len))
+ return -ENOMEM;
+
+ if (!skb_cloned(skb) || skb_clone_writable(skb, write_len))
+ return 0;
+
+ return pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
+}
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
+#if IS_ENABLED(CONFIG_NF_NAT)
+#include
+#include
+#include
+#include
+#include
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0)
+#include
+#endif
+static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code,
__be32 info)
+{
+ struct sk_buff *cloned_skb = NULL;
+ enum ip_conntrack_info ctinfo;
+ struct nf_conn *ct;
+ __be32 orig_ip;
+
+ ct = nf_ct_get(skb_in, );
+ if (!ct || !(ct->status & IPS_SRC_NAT)) {
+ icmp_send(skb_in, type, code, info);
+ return;
+ }
+
+ if (skb_shared(skb_in))
+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
+
+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
+ (skb_network_header(skb_in) + sizeof(struct iphdr)) >
+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
+ skb_network_offset(skb_in) + sizeof(struct iphdr
+ goto out;
+
+ orig_ip = ip_hdr(skb_in)->saddr;
+ ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip;
+ icmp_send(skb_in, type, code, info);
+ ip_hdr(skb_in)->saddr = orig_ip;
+out:
+ consume_skb(cloned_skb);
+}
+static inline void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code,
__u32 info)
+{
+ struct sk_buff *cloned_skb = NULL;
+ enum ip_conntrack_info ctinfo;
+ struct in6_addr orig_ip;
+ struct nf_conn *ct;
+
+ ct = nf_ct_get(skb_in, );
+ if (!ct || !(ct->status & IPS_SRC_NAT)) {
+ icmpv6_send(skb_in, type, code, info);
+ return;
+ }
+
+ if (skb_shared(skb_in))
+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
+
+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
+ (skb_network_header(skb_in) + sizeof(struct ipv6hdr)) >
+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
+ skb_network_offset(skb_in) + sizeof(struct ipv6hdr
+ goto out;
+
+ orig_ip = ipv6_hdr(skb_in)->saddr;
+ ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6;
+ icmpv6_send(skb_in, type, code,
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-02-06 13:08:55
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New)
Package is "wireguard"
Thu Feb 6 13:08:55 2020 rev:9 rq:770400 version:0.0.20200205
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-29
13:20:33.502236641 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes
2020-02-06 13:08:59.176360989 +0100
@@ -1,0 +2,9 @@
+Wed Feb 5 20:35:15 UTC 2020 - Martin Hauke
+
+- Update to version 0.0.20200205
+ * allowedips: remove previously added list item when OOM fail
+ * noise: reject peers with low order public keys
+ * netns: ensure non-addition of peers with failed precomputation
+ * netns: tie socket waiting to target pid
+
+---
Old:
wireguard-linux-compat-0.0.20200128.tar.asc
wireguard-linux-compat-0.0.20200128.tar.xz
New:
wireguard-linux-compat-0.0.20200205.tar.asc
wireguard-linux-compat-0.0.20200205.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.QDtg4W/_old 2020-02-06 13:09:00.112361498 +0100
+++ /var/tmp/diff_new_pack.QDtg4W/_new 2020-02-06 13:09:00.116361501 +0100
@@ -1,7 +1,7 @@
#
# spec file for package wireguard
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2017-2020, Martin Hauke
#
# All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20200128
+Version:0.0.20200205
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ wireguard-linux-compat-0.0.20200128.tar.xz ->
wireguard-linux-compat-0.0.20200205.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200128/src/allowedips.c
new/wireguard-linux-compat-0.0.20200205/src/allowedips.c
--- old/wireguard-linux-compat-0.0.20200128/src/allowedips.c2020-01-28
16:37:17.0 +0100
+++ new/wireguard-linux-compat-0.0.20200205/src/allowedips.c2020-02-05
14:37:40.0 +0100
@@ -268,6 +268,7 @@
} else {
node = kzalloc(sizeof(*node), GFP_KERNEL);
if (unlikely(!node)) {
+ list_del(>peer_list);
kfree(newnode);
return -ENOMEM;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-linux-compat-0.0.20200128/src/compat/compat.h
new/wireguard-linux-compat-0.0.20200205/src/compat/compat.h
--- old/wireguard-linux-compat-0.0.20200128/src/compat/compat.h 2020-01-28
16:37:17.0 +0100
+++ new/wireguard-linux-compat-0.0.20200205/src/compat/compat.h 2020-02-05
14:37:40.0 +0100
@@ -16,6 +16,11 @@
#define ISRHEL7
#elif RHEL_MAJOR == 8
#define ISRHEL8
+#ifdef RHEL_MINOR
+#if RHEL_MINOR == 2
+#define ISRHEL82
+#endif
+#endif
#endif
#endif
#ifdef UTS_UBUNTU_RELEASE_ABI
@@ -94,7 +99,7 @@
(LINUX_VERSION_CODE < KERNEL_VERSION(3, 18, 27) && LINUX_VERSION_CODE >=
KERNEL_VERSION(3, 17, 0)) || \
(LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 8) && LINUX_VERSION_CODE >=
KERNEL_VERSION(3, 15, 0)) || \
(LINUX_VERSION_CODE < KERNEL_VERSION(3, 14, 40) && LINUX_VERSION_CODE >=
KERNEL_VERSION(3, 13, 0)) || \
-(LINUX_VERSION_CODE < KERNEL_VERSION(3, 12, 54))) &&
!defined(ISUBUNTU1404) && (!defined(ISRHEL7) || RHEL_MINOR < 7) /* TODO: remove
< 7 workaround once CentOS 7.7 comes out. */
+(LINUX_VERSION_CODE < KERNEL_VERSION(3, 12, 54))) &&
!defined(ISUBUNTU1404) && !defined(ISRHEL7)
#include
#include
#define IP6_ECN_set_ce(a, b) IP6_ECN_set_ce(b)
@@ -787,7 +792,7 @@
#endif
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL82)
#include
#define skb_probe_transport_header(a) skb_probe_transport_header(a, 0)
#endif
@@ -796,7 +801,7 @@
#define ignore_df local_df
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL82)
/* Note that all intentional uses of the non-_bh variety need to explicitly
* undef these, conditionalized on COMPAT_CANNOT_DEPRECIATE_BH_RCU.
*/
@@ -838,7 +843,7 @@
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 20, 0) && !defined(ISRHEL8)
#define NLA_EXACT_LEN NLA_UNSPEC
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 2, 0)
+#if LINUX_VERSION_CODE <
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-01-29 13:19:32 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Wed Jan 29 13:19:32 2020 rev:8 rq:768089 version:0.0.20200128 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-22 22:45:59.168567026 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-01-29 13:20:33.502236641 +0100 @@ -1,0 +2,8 @@ +Tue Jan 28 16:28:49 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200128 + * qemu: bump kernel + * compat: refuse to build on >= 5.6 + * compat: account for frankenzinc being in 5.5 + +--- Old: wireguard-linux-compat-0.0.20200121.tar.asc wireguard-linux-compat-0.0.20200121.tar.xz New: wireguard-linux-compat-0.0.20200128.tar.asc wireguard-linux-compat-0.0.20200128.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.i0BirX/_old 2020-01-29 13:20:34.546237174 +0100 +++ /var/tmp/diff_new_pack.i0BirX/_new 2020-01-29 13:20:34.554237179 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200121 +Version:0.0.20200128 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200121.tar.xz -> wireguard-linux-compat-0.0.20200128.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200121/src/compat/compat-asm.h new/wireguard-linux-compat-0.0.20200128/src/compat/compat-asm.h --- old/wireguard-linux-compat-0.0.20200121/src/compat/compat-asm.h 2020-01-21 16:11:10.0 +0100 +++ new/wireguard-linux-compat-0.0.20200128/src/compat/compat-asm.h 2020-01-28 16:37:17.0 +0100 @@ -45,4 +45,34 @@ #define SYM_FUNC_END ENDPROC #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) +#define blake2s_compress_ssse3 zinc_blake2s_compress_ssse3 +#define blake2s_compress_avx512 zinc_blake2s_compress_avx512 +#define poly1305_init_arm zinc_poly1305_init_arm +#define poly1305_blocks_arm zinc_poly1305_blocks_arm +#define poly1305_emit_arm zinc_poly1305_emit_arm +#define poly1305_blocks_neon zinc_poly1305_blocks_neon +#define poly1305_emit_neon zinc_poly1305_emit_neon +#define poly1305_init_mips zinc_poly1305_init_mips +#define poly1305_blocks_mips zinc_poly1305_blocks_mips +#define poly1305_emit_mips zinc_poly1305_emit_mips +#define poly1305_init_x86_64 zinc_poly1305_init_x86_64 +#define poly1305_blocks_x86_64 zinc_poly1305_blocks_x86_64 +#define poly1305_emit_x86_64 zinc_poly1305_emit_x86_64 +#define poly1305_emit_avx zinc_poly1305_emit_avx +#define poly1305_blocks_avx zinc_poly1305_blocks_avx +#define poly1305_blocks_avx2 zinc_poly1305_blocks_avx2 +#define poly1305_blocks_avx512 zinc_poly1305_blocks_avx512 +#define curve25519_neon zinc_curve25519_neon +#define hchacha20_ssse3 zinc_hchacha20_ssse3 +#define chacha20_ssse3 zinc_chacha20_ssse3 +#define chacha20_avx2 zinc_chacha20_avx2 +#define chacha20_avx512 zinc_chacha20_avx512 +#define chacha20_avx512vl zinc_chacha20_avx512vl +#define chacha20_mips zinc_chacha20_mips +#define chacha20_arm zinc_chacha20_arm +#define hchacha20_arm zinc_hchacha20_arm +#define chacha20_neon zinc_chacha20_neon +#endif + #endif /* _WG_COMPATASM_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200121/src/compat/compat.h new/wireguard-linux-compat-0.0.20200128/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200121/src/compat/compat.h 2020-01-21 16:11:10.0 +0100 +++ new/wireguard-linux-compat-0.0.20200128/src/compat/compat.h 2020-01-28 16:37:17.0 +0100 @@ -38,6 +38,10 @@ #error "WireGuard requires Linux >= 3.10" #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) +#error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required." +#endif + #if defined(ISRHEL7) #include #define headers_end headers_start @@ -874,6 +878,55 @@ #endif #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) +#define blake2s_init zinc_blake2s_init +#define blake2s_init_key zinc_blake2s_init_key +#define blake2s_update zinc_blake2s_update +#define blake2s_final zinc_blake2s_final +#define blake2s_hmac zinc_blake2s_hmac +#define chacha20 zinc_chacha20 +#define hchacha20 zinc_hchacha20 +#define chacha20poly1305_encrypt zinc_chacha20poly1305_encrypt +#define chacha20poly1305_encrypt_sg_inplace
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-01-22 22:45:45 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Wed Jan 22 22:45:45 2020 rev:7 rq:766169 version:0.0.20200121 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-21 21:01:00.616866992 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-01-22 22:45:59.168567026 +0100 @@ -1,0 +2,9 @@ +Tue Jan 21 21:55:21 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200121 + * Makefile: strip prefixed v from version.h + * device: skb_list_walk_safe moved upstream + * curve25519: x86_64: replace with formally verified +implementation + +--- Old: wireguard-linux-compat-0.0.20200105.tar.asc wireguard-linux-compat-0.0.20200105.tar.xz New: wireguard-linux-compat-0.0.20200121.tar.asc wireguard-linux-compat-0.0.20200121.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.sbieBb/_old 2020-01-22 22:46:00.800567847 +0100 +++ /var/tmp/diff_new_pack.sbieBb/_new 2020-01-22 22:46:00.804567849 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200105 +Version:0.0.20200121 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200105.tar.xz -> wireguard-linux-compat-0.0.20200121.tar.xz ++ 3894 lines of diff (skipped)
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2020-01-21 21:00:35
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New)
Package is "wireguard"
Tue Jan 21 21:00:35 2020 rev:6 rq:765938 version:0.0.20200105
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-21
12:30:17.743332260 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes
2020-01-21 21:01:00.616866992 +0100
@@ -1,0 +2,16 @@
+Mon Jan 20 21:11:23 UTC 2020 - Martin Hauke
+
+- Update to version 0.0.20200105
+ * socket: mark skbs as not on list when receiving via gro
+
+---
+Mon Jan 20 21:06:05 UTC 2020 - Martin Hauke
+
+- Drop not longer needed patches:
+ * wireguard-remove-depmod.diff
+ * wireguard-fix-systemd-service.patch
+- Mention wireguard-kmp-preamble in the sepc-file as source
+- Package split since upstream reorganized code repositories.
+ * wireguard-tools is now developed in a separate package
+
+---
Old:
WireGuard-0.0.20191219.tar.asc
WireGuard-0.0.20191219.tar.xz
wireguard-fix-systemd-service.patch
wireguard-remove-depmod.diff
wireguard.target
New:
wireguard-linux-compat-0.0.20200105.tar.asc
wireguard-linux-compat-0.0.20200105.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.LRGTSt/_old 2020-01-21 21:01:03.124868161 +0100
+++ /var/tmp/diff_new_pack.LRGTSt/_new 2020-01-21 21:01:03.128868163 +0100
@@ -1,8 +1,8 @@
#
# spec file for package wireguard
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
-# Copyright (c) 2017, Martin Hauke
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017-2020, Martin Hauke
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,30 +18,20 @@
Name: wireguard
-Version:0.0.20191219
+Version:0.0.20200105
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
Group: Productivity/Networking/Security
URL:https://www.wireguard.com/
-Source:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-%{version}.tar.xz
-Source98:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-%{version}.tar.asc
-Source99:
https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring
-Source1:wireguard.target
+Source:
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-%{version}.tar.xz
+Source1:
https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-%{version}.tar.asc
Source2:wireguard-kmp-preamble
-Patch0: wireguard-remove-depmod.diff
-Patch1: wireguard-fix-systemd-service.patch
+Source99:
https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring
Patch2: wireguard-fix-leap151.patch
BuildRequires: %{kernel_module_package_buildreqs}
-BuildRequires: bash-completion
-BuildRequires: libmnl-devel
-BuildRequires: pkgconfig
# disable flavors xen,desktop,pae,pv
%kernel_module_package -p wireguard-kmp-preamble
-%systemd_requires
-%if 0%{?suse_version} >= 1330
-BuildRequires: libelf-devel
-%endif
%description
WireGuard is a novel VPN that runs inside the Linux Kernel and uses
@@ -52,34 +42,12 @@
running on embedded interfaces and super computers alike, fit for
many different circumstances. It runs over UDP.
-%package tools
-Summary:Fast, modern, secure kernel VPN tunnel
-Group: Productivity/Networking/Security
-
-%description tools
-WireGuard is a novel VPN that runs inside the Linux Kernel and uses
-state-of-the-art cryptography (the "Noise" protocol). It aims to be
-faster, simpler, leaner, and more useful than IPSec, while avoiding
-the massive headache. It intends to be considerably more performant
-than OpenVPN. WireGuard is designed as a general purpose VPN for
-running on embedded interfaces and super computers alike, fit for
-many different circumstances. It runs over UDP.
-
-This package contains command-line tools to interact with the
-WireGuard kernel module. Currently, it provides only a single tool:
-
-wg: set and retrieve configuration of WireGuard interfaces
-
%prep
-%setup -q -n WireGuard-%{version}
-%patch0 -p1
-%patch1 -p1
+%setup -q -n wireguard-linux-compat-%{version}
%if 0%{?sle_version} == 150100
%patch2 -p1
%endif
-## HACK: Fixing
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2019-12-21 12:30:06
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.6675 (New)
Package is "wireguard"
Sat Dec 21 12:30:06 2019 rev:5 rq:758082 version:0.0.20191219
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-12
23:19:32.442206066 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.6675/wireguard.changes
2019-12-21 12:30:17.743332260 +0100
@@ -1,0 +2,10 @@
+Thu Dec 19 07:26:52 UTC 2019 - Martin Hauke
+
+- Update to version 0.0.20191219
+ * wg-quick: linux: try both iptables(8) and nft(8) on teardown
+ * wg-quick: linux: use already configured addresses instead of
+in-memory
+ * compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
+ * tools: adjust wg.8 syntax for consistency in COMMANDS section
+
+---
Old:
WireGuard-0.0.20191212.tar.asc
WireGuard-0.0.20191212.tar.xz
New:
WireGuard-0.0.20191219.tar.asc
WireGuard-0.0.20191219.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.N1S1L6/_old 2019-12-21 12:30:19.775333226 +0100
+++ /var/tmp/diff_new_pack.N1S1L6/_new 2019-12-21 12:30:19.811333243 +0100
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20191212
+Version:0.0.20191219
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ WireGuard-0.0.20191212.tar.xz -> WireGuard-0.0.20191219.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191212/src/compat/compat.h
new/WireGuard-0.0.20191219/src/compat/compat.h
--- old/WireGuard-0.0.20191212/src/compat/compat.h 2019-12-12
12:24:51.0 +0100
+++ new/WireGuard-0.0.20191219/src/compat/compat.h 2019-12-19
01:12:35.0 +0100
@@ -861,7 +861,7 @@
})
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0)
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >=
KERNEL_VERSION(5, 4, 0)) || LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18)
#define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) +
(void *)0 ?: dst
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191212/src/dkms.conf
new/WireGuard-0.0.20191219/src/dkms.conf
--- old/WireGuard-0.0.20191212/src/dkms.conf2019-12-12 12:24:51.0
+0100
+++ new/WireGuard-0.0.20191219/src/dkms.conf2019-12-19 01:12:35.0
+0100
@@ -1,5 +1,5 @@
PACKAGE_NAME="wireguard"
-PACKAGE_VERSION="0.0.20191212"
+PACKAGE_VERSION="0.0.20191219"
AUTOINSTALL=yes
BUILT_MODULE_NAME="wireguard"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191212/src/tools/man/wg.8
new/WireGuard-0.0.20191219/src/tools/man/wg.8
--- old/WireGuard-0.0.20191212/src/tools/man/wg.8 2019-12-12
12:24:51.0 +0100
+++ new/WireGuard-0.0.20191219/src/tools/man/wg.8 2019-12-19
01:12:35.0 +0100
@@ -122,7 +122,7 @@
$ wg genkey | tee private.key | wg pubkey > public.key
.TP
\fBhelp\fP
-Show usage message.
+Shows usage message.
.SH CONFIGURATION FILE FORMAT
The configuration file format is based on \fIINI\fP. There are two top level
sections
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191212/src/tools/wg-quick/linux.bash
new/WireGuard-0.0.20191219/src/tools/wg-quick/linux.bash
--- old/WireGuard-0.0.20191212/src/tools/wg-quick/linux.bash2019-12-12
12:24:51.0 +0100
+++ new/WireGuard-0.0.20191219/src/tools/wg-quick/linux.bash2019-12-19
01:12:35.0 +0100
@@ -188,7 +188,8 @@
[[ $table == *" wg-quick-$INTERFACE" ]] && printf -v
nftcmd '%sdelete %s\n' "$nftcmd" "$table"
done < <(nft list tables 2>/dev/null)
[[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
- else
+ fi
+ if type -p iptables >/dev/null; then
local line iptables found restore
for iptables in iptables ip6tables; do
restore="" found=0
@@ -204,7 +205,7 @@
HAVE_SET_FIREWALL=0
add_default() {
- local table i
+ local table line
if ! get_fwmark table; then
table=51820
while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n
$(ip -6 route show table $table 2>/dev/null) ]]; do
@@ -223,11 +224,11 @@
printf -v nftcmd '%sadd chain %s %s preraw { type
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-12-12 23:19:20 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.4691 (New) Package is "wireguard" Thu Dec 12 23:19:20 2019 rev:4 rq:756066 version:0.0.20191212 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-06 12:11:07.816061266 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.4691/wireguard.changes 2019-12-12 23:19:32.442206066 +0100 @@ -1,0 +2,23 @@ +Thu Dec 12 11:57:09 UTC 2019 - Martin Hauke + +- Update to version 0.0.20191212 + * socket: convert to ipv6_dst_lookup_flow for 5.5 + * wg-quick: linux: add support for nft and prefer it + * wg-quick: linux: support older nft(8) + * global: fix up spelling + * main: remove unused include + +--- +Wed Dec 11 20:52:31 UTC 2019 - ch...@computersalat.de + +- Update to 0.0.20191206 + * chacha20poly1305: double check the sgmiter logic with test + * wg-quick: linux: ignore save warnings for iptables-nft + * wg-quick: linux: suppress more warnings on weird kernels + * wg-quick: linux: some iptables don't like empty lines + * crypto: use new assembler macros for 5.5 + * chacha20poly1305: port to sgmitter for 5.5 + * netlink: prepare for removal of genl_family_attrbuf in 5.5 +- fix changelog for 0.0.20191205 + +--- @@ -4 +27 @@ -- Update to version 0.0.20191127 +- Update to version 0.0.20191205 Old: WireGuard-0.0.20191205.tar.asc WireGuard-0.0.20191205.tar.xz New: WireGuard-0.0.20191212.tar.asc WireGuard-0.0.20191212.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.0kwTfJ/_old 2019-12-12 23:19:33.018206014 +0100 +++ /var/tmp/diff_new_pack.0kwTfJ/_new 2019-12-12 23:19:33.022206013 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20191205 +Version:0.0.20191212 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ WireGuard-0.0.20191205.tar.xz -> WireGuard-0.0.20191212.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/contrib/examples/nat-hole-punching/README new/WireGuard-0.0.20191212/contrib/examples/nat-hole-punching/README --- old/WireGuard-0.0.20191205/contrib/examples/nat-hole-punching/README 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/contrib/examples/nat-hole-punching/README 2019-12-12 12:24:51.0 +0100 @@ -9,8 +9,8 @@ Server is 1.2.3.4 and is on the public internet accepting UDP:49918. -Client A is NAT'd and doesnt't know its IP address. -Client B is NAT'd and doesnt't know its IP address. +Client A is NAT'd and doesn't know its IP address. +Client B is NAT'd and doesn't know its IP address. Server runs: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/Kconfig new/WireGuard-0.0.20191212/src/Kconfig --- old/WireGuard-0.0.20191205/src/Kconfig 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/Kconfig 2019-12-12 12:24:51.0 +0100 @@ -5,8 +5,7 @@ select NET_UDP_TUNNEL select DST_CACHE select CRYPTO - select CRYPTO_BLKCIPHER - select XOR_BLOCKS + select CRYPTO_ALGAPI select VFP select VFPv3 if CPU_V7 select NEON if CPU_V7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/compat/compat-asm.h new/WireGuard-0.0.20191212/src/compat/compat-asm.h --- old/WireGuard-0.0.20191205/src/compat/compat-asm.h 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/compat/compat-asm.h 2019-12-12 12:24:51.0 +0100 @@ -40,4 +40,9 @@ #undef pull #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) +#define SYM_FUNC_START ENTRY +#define SYM_FUNC_END ENDPROC +#endif + #endif /* _WG_COMPATASM_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/compat/compat.h new/WireGuard-0.0.20191212/src/compat/compat.h --- old/WireGuard-0.0.20191205/src/compat/compat.h 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/compat/compat.h 2019-12-12 12:24:51.0 +0100 @@ -326,7 +326,7 @@ } #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) +#if LINUX_VERSION_CODE <
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2019-12-06 12:10:20
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.4691 (New)
Package is "wireguard"
Fri Dec 6 12:10:20 2019 rev:3 rq:754509 version:0.0.20191205
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-11-28
10:16:27.111638584 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.4691/wireguard.changes
2019-12-06 12:11:07.816061266 +0100
@@ -1,0 +2,10 @@
+Thu Dec 5 20:21:14 UTC 2019 - Martin Hauke
+
+- Update to version 0.0.20191127
+ * wg-quick: linux: suppress error when finding unused table
+ * wg-quick: linux: ensure postdown hooks execute
+ * wg-quick: linux: have remove_iptables return true
+ * wg-quick: linux: iptables-* -w is not widely supported
+ * ipc: make sure userspace communication frees wgdevice
+
+---
Old:
WireGuard-0.0.20191127.tar.asc
WireGuard-0.0.20191127.tar.xz
New:
WireGuard-0.0.20191205.tar.asc
WireGuard-0.0.20191205.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.BxYYcc/_old 2019-12-06 12:11:09.792060308 +0100
+++ /var/tmp/diff_new_pack.BxYYcc/_new 2019-12-06 12:11:09.796060306 +0100
@@ -18,7 +18,7 @@
Name: wireguard
-Version:0.0.20191127
+Version:0.0.20191205
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ WireGuard-0.0.20191127.tar.xz -> WireGuard-0.0.20191205.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.c
new/WireGuard-0.0.20191205/src/device.c
--- old/WireGuard-0.0.20191127/src/device.c 2019-11-27 15:39:16.0
+0100
+++ new/WireGuard-0.0.20191205/src/device.c 2019-12-05 11:49:46.0
+0100
@@ -171,8 +171,8 @@
dev_kfree_skb(skb);
skb = segs;
}
- do {
- next = skb->next;
+
+ skb_list_walk_safe(skb, skb, next) {
skb_mark_not_on_list(skb);
skb = skb_share_check(skb, GFP_ATOMIC);
@@ -187,7 +187,7 @@
PACKET_CB(skb)->mtu = mtu;
__skb_queue_tail(, skb);
- } while ((skb = next) != NULL);
+ }
spin_lock_bh(>staged_packet_queue.lock);
/* If the queue is getting too big, we start removing the oldest packets
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.h
new/WireGuard-0.0.20191205/src/device.h
--- old/WireGuard-0.0.20191127/src/device.h 2019-11-27 15:39:16.0
+0100
+++ new/WireGuard-0.0.20191205/src/device.h 2019-12-05 11:49:46.0
+0100
@@ -62,4 +62,12 @@
int wg_device_init(void);
void wg_device_uninit(void);
+/* Later after the dust settles, this can be moved into include/linux/skbuff.h,
+ * where virtually all code that deals with GSO segs can benefit, around ~30
+ * drivers as of writing.
+ */
+#define skb_list_walk_safe(first, skb, next)
\
+ for (skb = first, next = skb->next; skb; \
+skb = next, next = skb ? skb->next : NULL)
+
#endif /* _WG_DEVICE_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191127/src/dkms.conf
new/WireGuard-0.0.20191205/src/dkms.conf
--- old/WireGuard-0.0.20191127/src/dkms.conf2019-11-27 15:39:16.0
+0100
+++ new/WireGuard-0.0.20191205/src/dkms.conf2019-12-05 11:49:46.0
+0100
@@ -1,5 +1,5 @@
PACKAGE_NAME="wireguard"
-PACKAGE_VERSION="0.0.20191127"
+PACKAGE_VERSION="0.0.20191205"
AUTOINSTALL=yes
BUILT_MODULE_NAME="wireguard"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191127/src/send.c
new/WireGuard-0.0.20191205/src/send.c
--- old/WireGuard-0.0.20191127/src/send.c 2019-11-27 15:39:16.0
+0100
+++ new/WireGuard-0.0.20191205/src/send.c 2019-12-05 11:49:46.0
+0100
@@ -233,17 +233,6 @@
wg_packet_send_staged_packets(peer);
}
-#define skb_walk_null_queue_safe(first, skb, next)
\
- for (skb = first, next = skb->next; skb; \
-skb = next, next = skb ? skb->next : NULL)
-static void skb_free_null_queue(struct sk_buff *first)
-{
- struct sk_buff *skb, *next;
-
- skb_walk_null_queue_safe(first, skb, next)
- dev_kfree_skb(skb);
-}
-
commit wireguard for openSUSE:Factory
Hello community,
here is the log from the commit of package wireguard for openSUSE:Factory
checked in at 2019-11-28 10:16:04
Comparing /work/SRC/openSUSE:Factory/wireguard (Old)
and /work/SRC/openSUSE:Factory/.wireguard.new.26869 (New)
Package is "wireguard"
Thu Nov 28 10:16:04 2019 rev:2 rq:751449 version:0.0.20191127
Changes:
--- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-11-26
16:52:07.856254371 +0100
+++ /work/SRC/openSUSE:Factory/.wireguard.new.26869/wireguard.changes
2019-11-28 10:16:27.111638584 +0100
@@ -1,0 +2,14 @@
+Wed Nov 27 19:01:39 UTC 2019 - Martin Hauke
+
+- Update to version 0.0.20191127
+ * messages: recalculate rekey max based on a one minute flood
+ * allowedips: safely dereference rcu roots
+ * socket: remove redundant check of new4
+ * allowedips: avoid double lock in selftest error case
+ * wg-quick: linux: only touch net.ipv4 for v4
+ * wg-quick: linux: filter bogus injected packets and don't
+disable rpfilter
+ * reresolve-dns: remove invalid anchors on regex match
+ * tools: add syncconf command
+
+---
Old:
WireGuard-0.0.20191012.tar.asc
WireGuard-0.0.20191012.tar.xz
New:
WireGuard-0.0.20191127.tar.asc
WireGuard-0.0.20191127.tar.xz
Other differences:
--
++ wireguard.spec ++
--- /var/tmp/diff_new_pack.lGZOkF/_old 2019-11-28 10:16:28.139638594 +0100
+++ /var/tmp/diff_new_pack.lGZOkF/_new 2019-11-28 10:16:28.139638594 +0100
@@ -1,7 +1,7 @@
#
# spec file for package wireguard
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2017, Martin Hauke
#
# All modifications and additions to the file contributed by third parties
@@ -13,12 +13,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: wireguard
-Version:0.0.20191012
+Version:0.0.20191127
Release:0
Summary:Fast, modern, secure kernel VPN tunnel
License:GPL-2.0-only
++ WireGuard-0.0.20191012.tar.xz -> WireGuard-0.0.20191127.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/WireGuard-0.0.20191012/contrib/examples/reresolve-dns/reresolve-dns.sh
new/WireGuard-0.0.20191127/contrib/examples/reresolve-dns/reresolve-dns.sh
--- old/WireGuard-0.0.20191012/contrib/examples/reresolve-dns/reresolve-dns.sh
2019-10-12 16:55:11.0 +0200
+++ new/WireGuard-0.0.20191127/contrib/examples/reresolve-dns/reresolve-dns.sh
2019-11-27 15:39:16.0 +0100
@@ -15,7 +15,7 @@
process_peer() {
[[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0
- [[ $(wg show "$INTERFACE" latest-handshakes) =~ ^${PUBLIC_KEY//+/\\+}\
([0-9]+)$ ]] || return 0
+ [[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\
([0-9]+) ]] || return 0
(( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0
wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"
reset_peer_section
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/WireGuard-0.0.20191012/src/allowedips.c
new/WireGuard-0.0.20191127/src/allowedips.c
--- old/WireGuard-0.0.20191012/src/allowedips.c 2019-10-12 16:55:11.0
+0200
+++ new/WireGuard-0.0.20191127/src/allowedips.c 2019-11-27 15:39:16.0
+0100
@@ -299,14 +299,18 @@
RCU_INIT_POINTER(table->root4, NULL);
RCU_INIT_POINTER(table->root6, NULL);
if (rcu_access_pointer(old4)) {
- root_remove_peer_lists(old4);
- call_rcu(_dereference_protected(old4,
- lockdep_is_held(lock))->rcu, root_free_rcu);
+ struct allowedips_node *node = rcu_dereference_protected(old4,
+ lockdep_is_held(lock));
+
+ root_remove_peer_lists(node);
+ call_rcu(>rcu, root_free_rcu);
}
if (rcu_access_pointer(old6)) {
- root_remove_peer_lists(old6);
- call_rcu(_dereference_protected(old6,
- lockdep_is_held(lock))->rcu, root_free_rcu);
+ struct allowedips_node *node = rcu_dereference_protected(old6,
+ lockdep_is_held(lock));
+
+ root_remove_peer_lists(node);
+ call_rcu(>rcu, root_free_rcu);
}
}
