commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-04-01 19:17:02 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.3248 (New) Package is "wireguard" Wed Apr 1 19:17:02 2020 rev:14 rq:790368 version:1.0.20200330 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-03-22 14:18:30.918108604 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.3248/wireguard.changes 2020-04-01 19:17:39.103512581 +0200 @@ -1,0 +2,6 @@ +Tue Mar 31 19:29:33 UTC 2020 - Martin Hauke + +- Update to version 1.0.20200330 + * queueing: backport skb_reset_redirect change from 5.6 + +--- Old: wireguard-linux-compat-0.0.20200318.tar.asc wireguard-linux-compat-0.0.20200318.tar.xz New: wireguard-linux-compat-1.0.20200330.tar.asc wireguard-linux-compat-1.0.20200330.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.D44JqO/_old 2020-04-01 19:17:40.723513310 +0200 +++ /var/tmp/diff_new_pack.D44JqO/_new 2020-04-01 19:17:40.735513315 +0200 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200318 +Version:1.0.20200330 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200318.tar.xz -> wireguard-linux-compat-1.0.20200330.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/compat/compat.h new/wireguard-linux-compat-1.0.20200330/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200318/src/compat/compat.h 2020-03-19 06:15:25.0 +0100 +++ new/wireguard-linux-compat-1.0.20200330/src/compat/compat.h 2020-03-31 02:15:15.0 +0200 @@ -1024,6 +1024,16 @@ #define COMPAT_CANNOT_USE_MAX_MTU #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#include +static inline void skb_reset_redirect(struct sk_buff *skb) +{ +#ifdef CONFIG_NET_SCHED + skb_reset_tc(skb); +#endif +} +#endif + #if defined(ISUBUNTU1604) #include #ifndef _WG_LINUX_SIPHASH_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/dkms.conf new/wireguard-linux-compat-1.0.20200330/src/dkms.conf --- old/wireguard-linux-compat-0.0.20200318/src/dkms.conf 2020-03-19 06:15:25.0 +0100 +++ new/wireguard-linux-compat-1.0.20200330/src/dkms.conf 2020-03-31 02:15:15.0 +0200 @@ -1,5 +1,5 @@ PACKAGE_NAME="wireguard" -PACKAGE_VERSION="0.0.20200318" +PACKAGE_VERSION="1.0.20200330" AUTOINSTALL=yes BUILT_MODULE_NAME="wireguard" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/queueing.h new/wireguard-linux-compat-1.0.20200330/src/queueing.h --- old/wireguard-linux-compat-0.0.20200318/src/queueing.h 2020-03-19 06:15:25.0 +0100 +++ new/wireguard-linux-compat-1.0.20200330/src/queueing.h 2020-03-31 02:15:15.0 +0200 @@ -103,8 +103,8 @@ skb->dev = NULL; #ifdef CONFIG_NET_SCHED skb->tc_index = 0; - skb_reset_tc(skb); #endif + skb_reset_redirect(skb); skb->hdr_len = skb_headroom(skb); skb_reset_mac_header(skb); skb_reset_network_header(skb); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200318/src/version.h new/wireguard-linux-compat-1.0.20200330/src/version.h --- old/wireguard-linux-compat-0.0.20200318/src/version.h 2020-03-19 06:15:25.0 +0100 +++ new/wireguard-linux-compat-1.0.20200330/src/version.h 2020-03-31 02:15:15.0 +0200 @@ -1,3 +1,3 @@ #ifndef WIREGUARD_VERSION -#define WIREGUARD_VERSION "0.0.20200318" +#define WIREGUARD_VERSION "1.0.20200330" #endif
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-03-22 14:18:22 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.3160 (New) Package is "wireguard" Sun Mar 22 14:18:22 2020 rev:13 rq:787156 version:0.0.20200318 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-03-06 21:27:59.737575898 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.3160/wireguard.changes 2020-03-22 14:18:30.918108604 +0100 @@ -1,0 +2,13 @@ +Sat Mar 21 13:55:07 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200318 + * compat: RHEL 7 backported skb_ensure_writable() + * compat: RHEL 8.2 backported ipv6_dst_lookup_flow + * curve25519-x86_64: avoid use of r12 + * wireguard: queueing: account for skb->protocol==0 + * receive: remove dead code from default packet type case + * noise: error out precomputed DH during handshake rather than +config + * send: use normaler alignment formula from upstream + +--- Old: wireguard-linux-compat-0.0.20200215.tar.asc wireguard-linux-compat-0.0.20200215.tar.xz New: wireguard-linux-compat-0.0.20200318.tar.asc wireguard-linux-compat-0.0.20200318.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.64q8hv/_old 2020-03-22 14:18:31.466108956 +0100 +++ /var/tmp/diff_new_pack.64q8hv/_new 2020-03-22 14:18:31.470108958 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200215 +Version:0.0.20200318 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200215.tar.xz -> wireguard-linux-compat-0.0.20200318.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200215/src/compat/compat.h new/wireguard-linux-compat-0.0.20200318/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-02-15 00:01:31.0 +0100 +++ new/wireguard-linux-compat-0.0.20200318/src/compat/compat.h 2020-03-19 06:15:25.0 +0100 @@ -870,7 +870,7 @@ }) #endif -#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) && !defined(ISRHEL82)) #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) + (void *)0 ?: dst #endif @@ -932,7 +932,7 @@ #define chacha20_neon zinc_chacha20_neon #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) && !defined(ISRHEL7) #include static inline int skb_ensure_writable(struct sk_buff *skb, int write_len) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200215/src/crypto/zinc/curve25519/curve25519-x86_64.c new/wireguard-linux-compat-0.0.20200318/src/crypto/zinc/curve25519/curve25519-x86_64.c --- old/wireguard-linux-compat-0.0.20200215/src/crypto/zinc/curve25519/curve25519-x86_64.c 2020-02-15 00:01:31.0 +0100 +++ new/wireguard-linux-compat-0.0.20200318/src/crypto/zinc/curve25519/curve25519-x86_64.c 2020-03-19 06:15:25.0 +0100 @@ -156,28 +156,28 @@ " movq 0(%1), %%rdx;" " mulxq 0(%3), %%r8, %%r9;" " xor %%r10, %%r10;" " movq %%r8, 0(%0);" " mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" " movq %%r10, 8(%0);" - " mulxq 16(%3), %%r12, %%r13;"" adox %%r11, %%r12;" + " mulxq 16(%3), %%rbx, %%r13;"" adox %%r11, %%rbx;" " mulxq 24(%3), %%r14, %%rdx;"" adox %%r13, %%r14;"" mov $0, %%rax;" " adox %%rdx, %%rax;" /* Compute src1[1] * src2 */ " movq 8(%1), %%rdx;" " mulxq 0(%3), %%r8, %%r9;" " xor %%r10, %%r10;" " adcxq 8(%0), %%r8;"" movq %%r8, 8(%0);" - " mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" " adcx %%r12, %%r10;"" movq %%r10, 16(%0);" - " mulxq 16(%3), %%r12, %%r13;"" adox %%r11, %%r12;"" adcx %%r14, %%r12;"" mov $0, %%r8;" + " mulxq 8(%3), %%r10, %%r11;" " adox %%r9, %%r10;" " adcx %%rbx, %%r10;"" movq %%r10, 16(%0);" + " mulxq 16(%3), %%rbx,
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-03-06 21:27:57 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Fri Mar 6 21:27:57 2020 rev:12 rq:781950 version:0.0.20200215 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-26 15:09:03.737671934 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-03-06 21:27:59.737575898 +0100 @@ -1,0 +2,6 @@ +Thu Mar 5 19:49:50 UTC 2020 - Michal Suchanek + +- Fix build on openSUSE 15.2 + + wireguard-fix-leap152.patch + +--- New: wireguard-fix-leap152.patch Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.K2R2JX/_old 2020-03-06 21:28:00.333576266 +0100 +++ /var/tmp/diff_new_pack.K2R2JX/_new 2020-03-06 21:28:00.333576266 +0100 @@ -29,6 +29,7 @@ Source2:wireguard-kmp-preamble Source99: https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring Patch2: wireguard-fix-leap151.patch +Patch3: wireguard-fix-leap152.patch BuildRequires: %{kernel_module_package_buildreqs} # disable flavors xen,desktop,pae,pv %kernel_module_package -p wireguard-kmp-preamble @@ -47,6 +48,9 @@ %if 0%{?sle_version} == 150100 %patch2 -p1 %endif +%if 0%{?sle_version} == 150200 +%patch3 -p1 +%endif cd src set -- * ++ wireguard-fix-leap152.patch ++ --- wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-03-05 20:40:22.527460178 +0100 --- wireguard-linux-compat-0.0.20200215/src/compat/compat.h 2020-03-05 20:40:22.527460178 +0100 @@ -37,6 +37,9 @@ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) #define ISOPENSUSE15 #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0) +#define ISOPENSUSE152 +#endif #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0) @@ -859,7 +862,7 @@ #endif #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) && !defined(ISOPENSUSE152) #define genl_dumpit_info(cb) ({ \ struct { struct nlattr **attrs; } *a = (void *)((u8 *)cb->args + offsetofend(struct dump_ctx, next_allowedip)); \ BUILD_BUG_ON(sizeof(cb->args) < offsetofend(struct dump_ctx, next_allowedip) + sizeof(*a)); \
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-02-26 15:07:59 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Wed Feb 26 15:07:59 2020 rev:11 rq:779405 version:0.0.20200215 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-15 22:25:58.687327821 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-02-26 15:09:03.737671934 +0100 @@ -1,0 +2,7 @@ +Wed Feb 26 12:28:36 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200215 + * send: cleanup skb padding calculation + * socket: remove useless synchronize_net + +--- Old: wireguard-linux-compat-0.0.20200214.tar.asc wireguard-linux-compat-0.0.20200214.tar.xz New: wireguard-linux-compat-0.0.20200215.tar.asc wireguard-linux-compat-0.0.20200215.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.lJ5NWF/_old 2020-02-26 15:09:05.925676300 +0100 +++ /var/tmp/diff_new_pack.lJ5NWF/_new 2020-02-26 15:09:05.929676307 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200214 +Version:0.0.20200215 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200214.tar.xz -> wireguard-linux-compat-0.0.20200215.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/dkms.conf new/wireguard-linux-compat-0.0.20200215/src/dkms.conf --- old/wireguard-linux-compat-0.0.20200214/src/dkms.conf 2020-02-14 14:33:05.0 +0100 +++ new/wireguard-linux-compat-0.0.20200215/src/dkms.conf 2020-02-15 00:01:31.0 +0100 @@ -1,5 +1,5 @@ PACKAGE_NAME="wireguard" -PACKAGE_VERSION="0.0.20200214" +PACKAGE_VERSION="0.0.20200215" AUTOINSTALL=yes BUILT_MODULE_NAME="wireguard" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/send.c new/wireguard-linux-compat-0.0.20200215/src/send.c --- old/wireguard-linux-compat-0.0.20200214/src/send.c 2020-02-14 14:33:05.0 +0100 +++ new/wireguard-linux-compat-0.0.20200215/src/send.c 2020-02-15 00:01:31.0 +0100 @@ -144,17 +144,22 @@ static unsigned int calculate_skb_padding(struct sk_buff *skb) { + unsigned int padded_size, last_unit = skb->len; + + if (unlikely(!PACKET_CB(skb)->mtu)) + return -last_unit % MESSAGE_PADDING_MULTIPLE; + /* We do this modulo business with the MTU, just in case the networking * layer gives us a packet that's bigger than the MTU. In that case, we * wouldn't want the final subtraction to overflow in the case of the -* padded_size being clamped. +* padded_size being clamped. Fortunately, that's very rarely the case, +* so we optimize for that not happening. */ - unsigned int last_unit = PACKET_CB(skb)->mtu ? -skb->len % PACKET_CB(skb)->mtu : skb->len; - unsigned int padded_size = ALIGN(last_unit, MESSAGE_PADDING_MULTIPLE); + if (unlikely(last_unit > PACKET_CB(skb)->mtu)) + last_unit %= PACKET_CB(skb)->mtu; - if (padded_size > PACKET_CB(skb)->mtu) - padded_size = PACKET_CB(skb)->mtu; + padded_size = min(PACKET_CB(skb)->mtu, + ALIGN(last_unit, MESSAGE_PADDING_MULTIPLE)); return padded_size - last_unit; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/socket.c new/wireguard-linux-compat-0.0.20200215/src/socket.c --- old/wireguard-linux-compat-0.0.20200214/src/socket.c2020-02-14 14:33:05.0 +0100 +++ new/wireguard-linux-compat-0.0.20200215/src/socket.c2020-02-15 00:01:31.0 +0100 @@ -432,7 +432,6 @@ wg->incoming_port = ntohs(inet_sk(new4)->inet_sport); mutex_unlock(>socket_update_lock); synchronize_rcu(); - synchronize_net(); sock_free(old4); sock_free(old6); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200214/src/version.h new/wireguard-linux-compat-0.0.20200215/src/version.h --- old/wireguard-linux-compat-0.0.20200214/src/version.h 2020-02-14 14:33:05.0 +0100 +++ new/wireguard-linux-compat-0.0.20200215/src/version.h 2020-02-15
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-02-15 22:25:49 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Sat Feb 15 22:25:49 2020 rev:10 rq:774408 version:0.0.20200214 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-02-06 13:08:59.176360989 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-02-15 22:25:58.687327821 +0100 @@ -1,0 +2,9 @@ +Fri Feb 14 16:08:24 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200214 + * chacha20poly1305: defensively protect against large inputs + * netns: ensure that icmp src address is correct with nat + * receive: reset last_under_load to zero + * send: account for mtu=0 devices + +--- Old: wireguard-linux-compat-0.0.20200205.tar.asc wireguard-linux-compat-0.0.20200205.tar.xz New: wireguard-linux-compat-0.0.20200214.tar.asc wireguard-linux-compat-0.0.20200214.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.qbNheu/_old 2020-02-15 22:25:59.227328113 +0100 +++ /var/tmp/diff_new_pack.qbNheu/_new 2020-02-15 22:25:59.227328113 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200205 +Version:0.0.20200214 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200205.tar.xz -> wireguard-linux-compat-0.0.20200214.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200205/src/compat/compat.h new/wireguard-linux-compat-0.0.20200214/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200205/src/compat/compat.h 2020-02-05 14:37:40.0 +0100 +++ new/wireguard-linux-compat-0.0.20200214/src/compat/compat.h 2020-02-14 14:33:05.0 +0100 @@ -932,6 +932,98 @@ #define chacha20_neon zinc_chacha20_neon #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) +#include +static inline int skb_ensure_writable(struct sk_buff *skb, int write_len) +{ + if (!pskb_may_pull(skb, write_len)) + return -ENOMEM; + + if (!skb_cloned(skb) || skb_clone_writable(skb, write_len)) + return 0; + + return pskb_expand_head(skb, 0, 0, GFP_ATOMIC); +} +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if IS_ENABLED(CONFIG_NF_NAT) +#include +#include +#include +#include +#include +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) +#include +#endif +static inline void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) +{ + struct sk_buff *cloned_skb = NULL; + enum ip_conntrack_info ctinfo; + struct nf_conn *ct; + __be32 orig_ip; + + ct = nf_ct_get(skb_in, ); + if (!ct || !(ct->status & IPS_SRC_NAT)) { + icmp_send(skb_in, type, code, info); + return; + } + + if (skb_shared(skb_in)) + skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); + + if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || + (skb_network_header(skb_in) + sizeof(struct iphdr)) > + skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, + skb_network_offset(skb_in) + sizeof(struct iphdr + goto out; + + orig_ip = ip_hdr(skb_in)->saddr; + ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; + icmp_send(skb_in, type, code, info); + ip_hdr(skb_in)->saddr = orig_ip; +out: + consume_skb(cloned_skb); +} +static inline void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info) +{ + struct sk_buff *cloned_skb = NULL; + enum ip_conntrack_info ctinfo; + struct in6_addr orig_ip; + struct nf_conn *ct; + + ct = nf_ct_get(skb_in, ); + if (!ct || !(ct->status & IPS_SRC_NAT)) { + icmpv6_send(skb_in, type, code, info); + return; + } + + if (skb_shared(skb_in)) + skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); + + if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || + (skb_network_header(skb_in) + sizeof(struct ipv6hdr)) > + skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, + skb_network_offset(skb_in) + sizeof(struct ipv6hdr + goto out; + + orig_ip = ipv6_hdr(skb_in)->saddr; + ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6; + icmpv6_send(skb_in, type, code,
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-02-06 13:08:55 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Thu Feb 6 13:08:55 2020 rev:9 rq:770400 version:0.0.20200205 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-29 13:20:33.502236641 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-02-06 13:08:59.176360989 +0100 @@ -1,0 +2,9 @@ +Wed Feb 5 20:35:15 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200205 + * allowedips: remove previously added list item when OOM fail + * noise: reject peers with low order public keys + * netns: ensure non-addition of peers with failed precomputation + * netns: tie socket waiting to target pid + +--- Old: wireguard-linux-compat-0.0.20200128.tar.asc wireguard-linux-compat-0.0.20200128.tar.xz New: wireguard-linux-compat-0.0.20200205.tar.asc wireguard-linux-compat-0.0.20200205.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.QDtg4W/_old 2020-02-06 13:09:00.112361498 +0100 +++ /var/tmp/diff_new_pack.QDtg4W/_new 2020-02-06 13:09:00.116361501 +0100 @@ -1,7 +1,7 @@ # # spec file for package wireguard # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # Copyright (c) 2017-2020, Martin Hauke # # All modifications and additions to the file contributed by third parties @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200128 +Version:0.0.20200205 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200128.tar.xz -> wireguard-linux-compat-0.0.20200205.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200128/src/allowedips.c new/wireguard-linux-compat-0.0.20200205/src/allowedips.c --- old/wireguard-linux-compat-0.0.20200128/src/allowedips.c2020-01-28 16:37:17.0 +0100 +++ new/wireguard-linux-compat-0.0.20200205/src/allowedips.c2020-02-05 14:37:40.0 +0100 @@ -268,6 +268,7 @@ } else { node = kzalloc(sizeof(*node), GFP_KERNEL); if (unlikely(!node)) { + list_del(>peer_list); kfree(newnode); return -ENOMEM; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200128/src/compat/compat.h new/wireguard-linux-compat-0.0.20200205/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200128/src/compat/compat.h 2020-01-28 16:37:17.0 +0100 +++ new/wireguard-linux-compat-0.0.20200205/src/compat/compat.h 2020-02-05 14:37:40.0 +0100 @@ -16,6 +16,11 @@ #define ISRHEL7 #elif RHEL_MAJOR == 8 #define ISRHEL8 +#ifdef RHEL_MINOR +#if RHEL_MINOR == 2 +#define ISRHEL82 +#endif +#endif #endif #endif #ifdef UTS_UBUNTU_RELEASE_ABI @@ -94,7 +99,7 @@ (LINUX_VERSION_CODE < KERNEL_VERSION(3, 18, 27) && LINUX_VERSION_CODE >= KERNEL_VERSION(3, 17, 0)) || \ (LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 8) && LINUX_VERSION_CODE >= KERNEL_VERSION(3, 15, 0)) || \ (LINUX_VERSION_CODE < KERNEL_VERSION(3, 14, 40) && LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0)) || \ -(LINUX_VERSION_CODE < KERNEL_VERSION(3, 12, 54))) && !defined(ISUBUNTU1404) && (!defined(ISRHEL7) || RHEL_MINOR < 7) /* TODO: remove < 7 workaround once CentOS 7.7 comes out. */ +(LINUX_VERSION_CODE < KERNEL_VERSION(3, 12, 54))) && !defined(ISUBUNTU1404) && !defined(ISRHEL7) #include #include #define IP6_ECN_set_ce(a, b) IP6_ECN_set_ce(b) @@ -787,7 +792,7 @@ #endif #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL82) #include #define skb_probe_transport_header(a) skb_probe_transport_header(a, 0) #endif @@ -796,7 +801,7 @@ #define ignore_df local_df #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL82) /* Note that all intentional uses of the non-_bh variety need to explicitly * undef these, conditionalized on COMPAT_CANNOT_DEPRECIATE_BH_RCU. */ @@ -838,7 +843,7 @@ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 20, 0) && !defined(ISRHEL8) #define NLA_EXACT_LEN NLA_UNSPEC #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 2, 0) +#if LINUX_VERSION_CODE <
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-01-29 13:19:32 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Wed Jan 29 13:19:32 2020 rev:8 rq:768089 version:0.0.20200128 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-22 22:45:59.168567026 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-01-29 13:20:33.502236641 +0100 @@ -1,0 +2,8 @@ +Tue Jan 28 16:28:49 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200128 + * qemu: bump kernel + * compat: refuse to build on >= 5.6 + * compat: account for frankenzinc being in 5.5 + +--- Old: wireguard-linux-compat-0.0.20200121.tar.asc wireguard-linux-compat-0.0.20200121.tar.xz New: wireguard-linux-compat-0.0.20200128.tar.asc wireguard-linux-compat-0.0.20200128.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.i0BirX/_old 2020-01-29 13:20:34.546237174 +0100 +++ /var/tmp/diff_new_pack.i0BirX/_new 2020-01-29 13:20:34.554237179 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200121 +Version:0.0.20200128 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200121.tar.xz -> wireguard-linux-compat-0.0.20200128.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200121/src/compat/compat-asm.h new/wireguard-linux-compat-0.0.20200128/src/compat/compat-asm.h --- old/wireguard-linux-compat-0.0.20200121/src/compat/compat-asm.h 2020-01-21 16:11:10.0 +0100 +++ new/wireguard-linux-compat-0.0.20200128/src/compat/compat-asm.h 2020-01-28 16:37:17.0 +0100 @@ -45,4 +45,34 @@ #define SYM_FUNC_END ENDPROC #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) +#define blake2s_compress_ssse3 zinc_blake2s_compress_ssse3 +#define blake2s_compress_avx512 zinc_blake2s_compress_avx512 +#define poly1305_init_arm zinc_poly1305_init_arm +#define poly1305_blocks_arm zinc_poly1305_blocks_arm +#define poly1305_emit_arm zinc_poly1305_emit_arm +#define poly1305_blocks_neon zinc_poly1305_blocks_neon +#define poly1305_emit_neon zinc_poly1305_emit_neon +#define poly1305_init_mips zinc_poly1305_init_mips +#define poly1305_blocks_mips zinc_poly1305_blocks_mips +#define poly1305_emit_mips zinc_poly1305_emit_mips +#define poly1305_init_x86_64 zinc_poly1305_init_x86_64 +#define poly1305_blocks_x86_64 zinc_poly1305_blocks_x86_64 +#define poly1305_emit_x86_64 zinc_poly1305_emit_x86_64 +#define poly1305_emit_avx zinc_poly1305_emit_avx +#define poly1305_blocks_avx zinc_poly1305_blocks_avx +#define poly1305_blocks_avx2 zinc_poly1305_blocks_avx2 +#define poly1305_blocks_avx512 zinc_poly1305_blocks_avx512 +#define curve25519_neon zinc_curve25519_neon +#define hchacha20_ssse3 zinc_hchacha20_ssse3 +#define chacha20_ssse3 zinc_chacha20_ssse3 +#define chacha20_avx2 zinc_chacha20_avx2 +#define chacha20_avx512 zinc_chacha20_avx512 +#define chacha20_avx512vl zinc_chacha20_avx512vl +#define chacha20_mips zinc_chacha20_mips +#define chacha20_arm zinc_chacha20_arm +#define hchacha20_arm zinc_hchacha20_arm +#define chacha20_neon zinc_chacha20_neon +#endif + #endif /* _WG_COMPATASM_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/wireguard-linux-compat-0.0.20200121/src/compat/compat.h new/wireguard-linux-compat-0.0.20200128/src/compat/compat.h --- old/wireguard-linux-compat-0.0.20200121/src/compat/compat.h 2020-01-21 16:11:10.0 +0100 +++ new/wireguard-linux-compat-0.0.20200128/src/compat/compat.h 2020-01-28 16:37:17.0 +0100 @@ -38,6 +38,10 @@ #error "WireGuard requires Linux >= 3.10" #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 6, 0) +#error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required." +#endif + #if defined(ISRHEL7) #include #define headers_end headers_start @@ -874,6 +878,55 @@ #endif #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) +#define blake2s_init zinc_blake2s_init +#define blake2s_init_key zinc_blake2s_init_key +#define blake2s_update zinc_blake2s_update +#define blake2s_final zinc_blake2s_final +#define blake2s_hmac zinc_blake2s_hmac +#define chacha20 zinc_chacha20 +#define hchacha20 zinc_hchacha20 +#define chacha20poly1305_encrypt zinc_chacha20poly1305_encrypt +#define chacha20poly1305_encrypt_sg_inplace
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-01-22 22:45:45 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Wed Jan 22 22:45:45 2020 rev:7 rq:766169 version:0.0.20200121 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2020-01-21 21:01:00.616866992 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-01-22 22:45:59.168567026 +0100 @@ -1,0 +2,9 @@ +Tue Jan 21 21:55:21 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200121 + * Makefile: strip prefixed v from version.h + * device: skb_list_walk_safe moved upstream + * curve25519: x86_64: replace with formally verified +implementation + +--- Old: wireguard-linux-compat-0.0.20200105.tar.asc wireguard-linux-compat-0.0.20200105.tar.xz New: wireguard-linux-compat-0.0.20200121.tar.asc wireguard-linux-compat-0.0.20200121.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.sbieBb/_old 2020-01-22 22:46:00.800567847 +0100 +++ /var/tmp/diff_new_pack.sbieBb/_new 2020-01-22 22:46:00.804567849 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20200105 +Version:0.0.20200121 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ wireguard-linux-compat-0.0.20200105.tar.xz -> wireguard-linux-compat-0.0.20200121.tar.xz ++ 3894 lines of diff (skipped)
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2020-01-21 21:00:35 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26092 (New) Package is "wireguard" Tue Jan 21 21:00:35 2020 rev:6 rq:765938 version:0.0.20200105 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-21 12:30:17.743332260 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26092/wireguard.changes 2020-01-21 21:01:00.616866992 +0100 @@ -1,0 +2,16 @@ +Mon Jan 20 21:11:23 UTC 2020 - Martin Hauke + +- Update to version 0.0.20200105 + * socket: mark skbs as not on list when receiving via gro + +--- +Mon Jan 20 21:06:05 UTC 2020 - Martin Hauke + +- Drop not longer needed patches: + * wireguard-remove-depmod.diff + * wireguard-fix-systemd-service.patch +- Mention wireguard-kmp-preamble in the sepc-file as source +- Package split since upstream reorganized code repositories. + * wireguard-tools is now developed in a separate package + +--- Old: WireGuard-0.0.20191219.tar.asc WireGuard-0.0.20191219.tar.xz wireguard-fix-systemd-service.patch wireguard-remove-depmod.diff wireguard.target New: wireguard-linux-compat-0.0.20200105.tar.asc wireguard-linux-compat-0.0.20200105.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.LRGTSt/_old 2020-01-21 21:01:03.124868161 +0100 +++ /var/tmp/diff_new_pack.LRGTSt/_new 2020-01-21 21:01:03.128868163 +0100 @@ -1,8 +1,8 @@ # # spec file for package wireguard # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2017, Martin Hauke +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017-2020, Martin Hauke # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,30 +18,20 @@ Name: wireguard -Version:0.0.20191219 +Version:0.0.20200105 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only Group: Productivity/Networking/Security URL:https://www.wireguard.com/ -Source: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-%{version}.tar.xz -Source98: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-%{version}.tar.asc -Source99: https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring -Source1:wireguard.target +Source: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-%{version}.tar.xz +Source1: https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-%{version}.tar.asc Source2:wireguard-kmp-preamble -Patch0: wireguard-remove-depmod.diff -Patch1: wireguard-fix-systemd-service.patch +Source99: https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring Patch2: wireguard-fix-leap151.patch BuildRequires: %{kernel_module_package_buildreqs} -BuildRequires: bash-completion -BuildRequires: libmnl-devel -BuildRequires: pkgconfig # disable flavors xen,desktop,pae,pv %kernel_module_package -p wireguard-kmp-preamble -%systemd_requires -%if 0%{?suse_version} >= 1330 -BuildRequires: libelf-devel -%endif %description WireGuard is a novel VPN that runs inside the Linux Kernel and uses @@ -52,34 +42,12 @@ running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. -%package tools -Summary:Fast, modern, secure kernel VPN tunnel -Group: Productivity/Networking/Security - -%description tools -WireGuard is a novel VPN that runs inside the Linux Kernel and uses -state-of-the-art cryptography (the "Noise" protocol). It aims to be -faster, simpler, leaner, and more useful than IPSec, while avoiding -the massive headache. It intends to be considerably more performant -than OpenVPN. WireGuard is designed as a general purpose VPN for -running on embedded interfaces and super computers alike, fit for -many different circumstances. It runs over UDP. - -This package contains command-line tools to interact with the -WireGuard kernel module. Currently, it provides only a single tool: - -wg: set and retrieve configuration of WireGuard interfaces - %prep -%setup -q -n WireGuard-%{version} -%patch0 -p1 -%patch1 -p1 +%setup -q -n wireguard-linux-compat-%{version} %if 0%{?sle_version} == 150100 %patch2 -p1 %endif -## HACK: Fixing
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-12-21 12:30:06 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.6675 (New) Package is "wireguard" Sat Dec 21 12:30:06 2019 rev:5 rq:758082 version:0.0.20191219 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-12 23:19:32.442206066 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.6675/wireguard.changes 2019-12-21 12:30:17.743332260 +0100 @@ -1,0 +2,10 @@ +Thu Dec 19 07:26:52 UTC 2019 - Martin Hauke + +- Update to version 0.0.20191219 + * wg-quick: linux: try both iptables(8) and nft(8) on teardown + * wg-quick: linux: use already configured addresses instead of +in-memory + * compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4 + * tools: adjust wg.8 syntax for consistency in COMMANDS section + +--- Old: WireGuard-0.0.20191212.tar.asc WireGuard-0.0.20191212.tar.xz New: WireGuard-0.0.20191219.tar.asc WireGuard-0.0.20191219.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.N1S1L6/_old 2019-12-21 12:30:19.775333226 +0100 +++ /var/tmp/diff_new_pack.N1S1L6/_new 2019-12-21 12:30:19.811333243 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20191212 +Version:0.0.20191219 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ WireGuard-0.0.20191212.tar.xz -> WireGuard-0.0.20191219.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191212/src/compat/compat.h new/WireGuard-0.0.20191219/src/compat/compat.h --- old/WireGuard-0.0.20191212/src/compat/compat.h 2019-12-12 12:24:51.0 +0100 +++ new/WireGuard-0.0.20191219/src/compat/compat.h 2019-12-19 01:12:35.0 +0100 @@ -861,7 +861,7 @@ }) #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) + (void *)0 ?: dst #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191212/src/dkms.conf new/WireGuard-0.0.20191219/src/dkms.conf --- old/WireGuard-0.0.20191212/src/dkms.conf2019-12-12 12:24:51.0 +0100 +++ new/WireGuard-0.0.20191219/src/dkms.conf2019-12-19 01:12:35.0 +0100 @@ -1,5 +1,5 @@ PACKAGE_NAME="wireguard" -PACKAGE_VERSION="0.0.20191212" +PACKAGE_VERSION="0.0.20191219" AUTOINSTALL=yes BUILT_MODULE_NAME="wireguard" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191212/src/tools/man/wg.8 new/WireGuard-0.0.20191219/src/tools/man/wg.8 --- old/WireGuard-0.0.20191212/src/tools/man/wg.8 2019-12-12 12:24:51.0 +0100 +++ new/WireGuard-0.0.20191219/src/tools/man/wg.8 2019-12-19 01:12:35.0 +0100 @@ -122,7 +122,7 @@ $ wg genkey | tee private.key | wg pubkey > public.key .TP \fBhelp\fP -Show usage message. +Shows usage message. .SH CONFIGURATION FILE FORMAT The configuration file format is based on \fIINI\fP. There are two top level sections diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191212/src/tools/wg-quick/linux.bash new/WireGuard-0.0.20191219/src/tools/wg-quick/linux.bash --- old/WireGuard-0.0.20191212/src/tools/wg-quick/linux.bash2019-12-12 12:24:51.0 +0100 +++ new/WireGuard-0.0.20191219/src/tools/wg-quick/linux.bash2019-12-19 01:12:35.0 +0100 @@ -188,7 +188,8 @@ [[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table" done < <(nft list tables 2>/dev/null) [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd") - else + fi + if type -p iptables >/dev/null; then local line iptables found restore for iptables in iptables ip6tables; do restore="" found=0 @@ -204,7 +205,7 @@ HAVE_SET_FIREWALL=0 add_default() { - local table i + local table line if ! get_fwmark table; then table=51820 while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n $(ip -6 route show table $table 2>/dev/null) ]]; do @@ -223,11 +224,11 @@ printf -v nftcmd '%sadd chain %s %s preraw { type
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-12-12 23:19:20 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.4691 (New) Package is "wireguard" Thu Dec 12 23:19:20 2019 rev:4 rq:756066 version:0.0.20191212 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-12-06 12:11:07.816061266 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.4691/wireguard.changes 2019-12-12 23:19:32.442206066 +0100 @@ -1,0 +2,23 @@ +Thu Dec 12 11:57:09 UTC 2019 - Martin Hauke + +- Update to version 0.0.20191212 + * socket: convert to ipv6_dst_lookup_flow for 5.5 + * wg-quick: linux: add support for nft and prefer it + * wg-quick: linux: support older nft(8) + * global: fix up spelling + * main: remove unused include + +--- +Wed Dec 11 20:52:31 UTC 2019 - ch...@computersalat.de + +- Update to 0.0.20191206 + * chacha20poly1305: double check the sgmiter logic with test + * wg-quick: linux: ignore save warnings for iptables-nft + * wg-quick: linux: suppress more warnings on weird kernels + * wg-quick: linux: some iptables don't like empty lines + * crypto: use new assembler macros for 5.5 + * chacha20poly1305: port to sgmitter for 5.5 + * netlink: prepare for removal of genl_family_attrbuf in 5.5 +- fix changelog for 0.0.20191205 + +--- @@ -4 +27 @@ -- Update to version 0.0.20191127 +- Update to version 0.0.20191205 Old: WireGuard-0.0.20191205.tar.asc WireGuard-0.0.20191205.tar.xz New: WireGuard-0.0.20191212.tar.asc WireGuard-0.0.20191212.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.0kwTfJ/_old 2019-12-12 23:19:33.018206014 +0100 +++ /var/tmp/diff_new_pack.0kwTfJ/_new 2019-12-12 23:19:33.022206013 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20191205 +Version:0.0.20191212 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ WireGuard-0.0.20191205.tar.xz -> WireGuard-0.0.20191212.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/contrib/examples/nat-hole-punching/README new/WireGuard-0.0.20191212/contrib/examples/nat-hole-punching/README --- old/WireGuard-0.0.20191205/contrib/examples/nat-hole-punching/README 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/contrib/examples/nat-hole-punching/README 2019-12-12 12:24:51.0 +0100 @@ -9,8 +9,8 @@ Server is 1.2.3.4 and is on the public internet accepting UDP:49918. -Client A is NAT'd and doesnt't know its IP address. -Client B is NAT'd and doesnt't know its IP address. +Client A is NAT'd and doesn't know its IP address. +Client B is NAT'd and doesn't know its IP address. Server runs: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/Kconfig new/WireGuard-0.0.20191212/src/Kconfig --- old/WireGuard-0.0.20191205/src/Kconfig 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/Kconfig 2019-12-12 12:24:51.0 +0100 @@ -5,8 +5,7 @@ select NET_UDP_TUNNEL select DST_CACHE select CRYPTO - select CRYPTO_BLKCIPHER - select XOR_BLOCKS + select CRYPTO_ALGAPI select VFP select VFPv3 if CPU_V7 select NEON if CPU_V7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/compat/compat-asm.h new/WireGuard-0.0.20191212/src/compat/compat-asm.h --- old/WireGuard-0.0.20191205/src/compat/compat-asm.h 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/compat/compat-asm.h 2019-12-12 12:24:51.0 +0100 @@ -40,4 +40,9 @@ #undef pull #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) +#define SYM_FUNC_START ENTRY +#define SYM_FUNC_END ENDPROC +#endif + #endif /* _WG_COMPATASM_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191205/src/compat/compat.h new/WireGuard-0.0.20191212/src/compat/compat.h --- old/WireGuard-0.0.20191205/src/compat/compat.h 2019-12-05 11:49:46.0 +0100 +++ new/WireGuard-0.0.20191212/src/compat/compat.h 2019-12-12 12:24:51.0 +0100 @@ -326,7 +326,7 @@ } #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) +#if LINUX_VERSION_CODE <
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-12-06 12:10:20 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.4691 (New) Package is "wireguard" Fri Dec 6 12:10:20 2019 rev:3 rq:754509 version:0.0.20191205 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-11-28 10:16:27.111638584 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.4691/wireguard.changes 2019-12-06 12:11:07.816061266 +0100 @@ -1,0 +2,10 @@ +Thu Dec 5 20:21:14 UTC 2019 - Martin Hauke + +- Update to version 0.0.20191127 + * wg-quick: linux: suppress error when finding unused table + * wg-quick: linux: ensure postdown hooks execute + * wg-quick: linux: have remove_iptables return true + * wg-quick: linux: iptables-* -w is not widely supported + * ipc: make sure userspace communication frees wgdevice + +--- Old: WireGuard-0.0.20191127.tar.asc WireGuard-0.0.20191127.tar.xz New: WireGuard-0.0.20191205.tar.asc WireGuard-0.0.20191205.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.BxYYcc/_old 2019-12-06 12:11:09.792060308 +0100 +++ /var/tmp/diff_new_pack.BxYYcc/_new 2019-12-06 12:11:09.796060306 +0100 @@ -18,7 +18,7 @@ Name: wireguard -Version:0.0.20191127 +Version:0.0.20191205 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ WireGuard-0.0.20191127.tar.xz -> WireGuard-0.0.20191205.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.c new/WireGuard-0.0.20191205/src/device.c --- old/WireGuard-0.0.20191127/src/device.c 2019-11-27 15:39:16.0 +0100 +++ new/WireGuard-0.0.20191205/src/device.c 2019-12-05 11:49:46.0 +0100 @@ -171,8 +171,8 @@ dev_kfree_skb(skb); skb = segs; } - do { - next = skb->next; + + skb_list_walk_safe(skb, skb, next) { skb_mark_not_on_list(skb); skb = skb_share_check(skb, GFP_ATOMIC); @@ -187,7 +187,7 @@ PACKET_CB(skb)->mtu = mtu; __skb_queue_tail(, skb); - } while ((skb = next) != NULL); + } spin_lock_bh(>staged_packet_queue.lock); /* If the queue is getting too big, we start removing the oldest packets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/device.h new/WireGuard-0.0.20191205/src/device.h --- old/WireGuard-0.0.20191127/src/device.h 2019-11-27 15:39:16.0 +0100 +++ new/WireGuard-0.0.20191205/src/device.h 2019-12-05 11:49:46.0 +0100 @@ -62,4 +62,12 @@ int wg_device_init(void); void wg_device_uninit(void); +/* Later after the dust settles, this can be moved into include/linux/skbuff.h, + * where virtually all code that deals with GSO segs can benefit, around ~30 + * drivers as of writing. + */ +#define skb_list_walk_safe(first, skb, next) \ + for (skb = first, next = skb->next; skb; \ +skb = next, next = skb ? skb->next : NULL) + #endif /* _WG_DEVICE_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/dkms.conf new/WireGuard-0.0.20191205/src/dkms.conf --- old/WireGuard-0.0.20191127/src/dkms.conf2019-11-27 15:39:16.0 +0100 +++ new/WireGuard-0.0.20191205/src/dkms.conf2019-12-05 11:49:46.0 +0100 @@ -1,5 +1,5 @@ PACKAGE_NAME="wireguard" -PACKAGE_VERSION="0.0.20191127" +PACKAGE_VERSION="0.0.20191205" AUTOINSTALL=yes BUILT_MODULE_NAME="wireguard" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191127/src/send.c new/WireGuard-0.0.20191205/src/send.c --- old/WireGuard-0.0.20191127/src/send.c 2019-11-27 15:39:16.0 +0100 +++ new/WireGuard-0.0.20191205/src/send.c 2019-12-05 11:49:46.0 +0100 @@ -233,17 +233,6 @@ wg_packet_send_staged_packets(peer); } -#define skb_walk_null_queue_safe(first, skb, next) \ - for (skb = first, next = skb->next; skb; \ -skb = next, next = skb ? skb->next : NULL) -static void skb_free_null_queue(struct sk_buff *first) -{ - struct sk_buff *skb, *next; - - skb_walk_null_queue_safe(first, skb, next) - dev_kfree_skb(skb); -} -
commit wireguard for openSUSE:Factory
Hello community, here is the log from the commit of package wireguard for openSUSE:Factory checked in at 2019-11-28 10:16:04 Comparing /work/SRC/openSUSE:Factory/wireguard (Old) and /work/SRC/openSUSE:Factory/.wireguard.new.26869 (New) Package is "wireguard" Thu Nov 28 10:16:04 2019 rev:2 rq:751449 version:0.0.20191127 Changes: --- /work/SRC/openSUSE:Factory/wireguard/wireguard.changes 2019-11-26 16:52:07.856254371 +0100 +++ /work/SRC/openSUSE:Factory/.wireguard.new.26869/wireguard.changes 2019-11-28 10:16:27.111638584 +0100 @@ -1,0 +2,14 @@ +Wed Nov 27 19:01:39 UTC 2019 - Martin Hauke + +- Update to version 0.0.20191127 + * messages: recalculate rekey max based on a one minute flood + * allowedips: safely dereference rcu roots + * socket: remove redundant check of new4 + * allowedips: avoid double lock in selftest error case + * wg-quick: linux: only touch net.ipv4 for v4 + * wg-quick: linux: filter bogus injected packets and don't +disable rpfilter + * reresolve-dns: remove invalid anchors on regex match + * tools: add syncconf command + +--- Old: WireGuard-0.0.20191012.tar.asc WireGuard-0.0.20191012.tar.xz New: WireGuard-0.0.20191127.tar.asc WireGuard-0.0.20191127.tar.xz Other differences: -- ++ wireguard.spec ++ --- /var/tmp/diff_new_pack.lGZOkF/_old 2019-11-28 10:16:28.139638594 +0100 +++ /var/tmp/diff_new_pack.lGZOkF/_new 2019-11-28 10:16:28.139638594 +0100 @@ -1,7 +1,7 @@ # # spec file for package wireguard # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017, Martin Hauke # # All modifications and additions to the file contributed by third parties @@ -13,12 +13,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: wireguard -Version:0.0.20191012 +Version:0.0.20191127 Release:0 Summary:Fast, modern, secure kernel VPN tunnel License:GPL-2.0-only ++ WireGuard-0.0.20191012.tar.xz -> WireGuard-0.0.20191127.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191012/contrib/examples/reresolve-dns/reresolve-dns.sh new/WireGuard-0.0.20191127/contrib/examples/reresolve-dns/reresolve-dns.sh --- old/WireGuard-0.0.20191012/contrib/examples/reresolve-dns/reresolve-dns.sh 2019-10-12 16:55:11.0 +0200 +++ new/WireGuard-0.0.20191127/contrib/examples/reresolve-dns/reresolve-dns.sh 2019-11-27 15:39:16.0 +0100 @@ -15,7 +15,7 @@ process_peer() { [[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0 - [[ $(wg show "$INTERFACE" latest-handshakes) =~ ^${PUBLIC_KEY//+/\\+}\ ([0-9]+)$ ]] || return 0 + [[ $(wg show "$INTERFACE" latest-handshakes) =~ ${PUBLIC_KEY//+/\\+}\ ([0-9]+) ]] || return 0 (( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0 wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT" reset_peer_section diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/WireGuard-0.0.20191012/src/allowedips.c new/WireGuard-0.0.20191127/src/allowedips.c --- old/WireGuard-0.0.20191012/src/allowedips.c 2019-10-12 16:55:11.0 +0200 +++ new/WireGuard-0.0.20191127/src/allowedips.c 2019-11-27 15:39:16.0 +0100 @@ -299,14 +299,18 @@ RCU_INIT_POINTER(table->root4, NULL); RCU_INIT_POINTER(table->root6, NULL); if (rcu_access_pointer(old4)) { - root_remove_peer_lists(old4); - call_rcu(_dereference_protected(old4, - lockdep_is_held(lock))->rcu, root_free_rcu); + struct allowedips_node *node = rcu_dereference_protected(old4, + lockdep_is_held(lock)); + + root_remove_peer_lists(node); + call_rcu(>rcu, root_free_rcu); } if (rcu_access_pointer(old6)) { - root_remove_peer_lists(old6); - call_rcu(_dereference_protected(old6, - lockdep_is_held(lock))->rcu, root_free_rcu); + struct allowedips_node *node = rcu_dereference_protected(old6, + lockdep_is_held(lock)); + + root_remove_peer_lists(node); + call_rcu(>rcu, root_free_rcu); } }