From patchwork Wed Jan 23 13:49:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 1029950 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=zx2c4.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="fv8YkvN/"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=zx2c4.com header.i=@zx2c4.com header.b="dDaOwrBx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43l69T4FQJz9s3q for ; Thu, 24 Jan 2019 00:50:05 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=wTutx6UwhoEZRkN87HquPJ8XRTNYuHd8teDIEyhHjNA=; b=fv8YkvN/wp6Gtu NbXRShmubouojHEguKaHViuiNLupE5vyX2gTrBJfBqRlLc1hI8UOW2LH794tG6ntSWbwryF/0A2a1 UiOnN72kQDcJzCmjcxHX8ktuGJPfu2BWWx/uYryox2vQFflOqslaNzM9o6RuJFa5OoeeBhGtlllf7 zM5Vb3tJ0H+dY3c3+AumRTe1cYc1Y3zpokTlMfbMYOJQR5HssJaoKW66auAkwWxEwakY45Jgu63jn 2lmHw8XhTr7XLgXw8BTgEZq8a+b+gghBZEhgh7pGhAmfJ13cGBSH4Lq0JzjDkX1o4gBgYormerDJy EG69XvwKgQQDOZjizLgQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gmIum-0003gW-TP; Wed, 23 Jan 2019 13:50:00 +0000 Received: from frisell.zx2c4.com ([192.95.5.64]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gmIui-0003fE-Ri for openwrt-devel@lists.openwrt.org; Wed, 23 Jan 2019 13:49:59 +0000 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 56abd0f4; Wed, 23 Jan 2019 13:35:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=from:to:cc :subject:date:message-id:mime-version:content-type :content-transfer-encoding; s=mail; bh=neznRcXmElT/+4fUabRVmSjPf mI=; b=dDaOwrBx4+UaXZCd5HycR0fCB9CNfLk9CZoX19IgN7WTV+gi7kppeEVgd UrTo3v5EDAgzXCSkCFOEPSn/o1k4+1Y2hnbpZgKlFDGZboJb5fZTimsiN3rkZQcD sBxwLD2tayX3GA3DQclqBlpAZHvN7Q90m0x9Dna0VS2sqkGTUlyKz6Pi2rYvLM/g nWf8VNSgS3cUCewXP9n1wJKzyb5eEr0mB9JZcmX7TK6Fh6hK8bU2IYTRt0a97msB ngxuMPuSND6yeTAutWQj+muXKa/s1bvKnk1HsJRBiyBZ2AJzK542sCyW+OF//azP qUOTwiVqOX3r+90uOCJmu59o936Mg== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 484c75bc (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 23 Jan 2019 13:35:28 +0000 (UTC) From: "Jason A. Donenfeld" To: openwrt-devel@lists.openwrt.org Date: Wed, 23 Jan 2019 14:49:44 +0100 Message-Id: <20190123134944.2642-1-Jason@zx2c4.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190123_054957_114563_4879CD85 X-CRM114-Status: GOOD ( 11.38 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [192.95.5.64 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Subject: [OpenWrt-Devel] [PATCH] wireguard: bump to 0.0.20190123 X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Jason A. Donenfeld" Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org * tools: curve25519: handle unaligned loads/stores safely This should fix sporadic crashes with `wg pubkey` on certain architectures. * netlink: auth socket changes against namespace of socket In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check. * ratelimiter: build tests with !IPV6 Should reenable building in debug mode for systems without IPv6. * noise: replace getnstimeofday64 with ktime_get_real_ts64 * ratelimiter: totalram_pages is now a function * qemu: enable FP on MIPS Linux 5.0 support. * keygen-html: bring back pure javascript implementation BenoƮt Viguier has proofs that values will stay well within 2^53. We also have an improved carry function that's much simpler. Probably more constant time than emscripten's 64-bit integers. * contrib: introduce simple highlighter library This is the highlighter library being used in: - https://twitter.com/EdgeSecurity/status/1085294681003454465 - https://twitter.com/EdgeSecurity/status/1081953278248796165 It's included here as a contrib example, so that others can paste it into their own GUI clients for having the same strictly validating highlighting. * netlink: use __kernel_timespec for handshake time This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info. Signed-off-by: Jason A. Donenfeld --- package/network/services/wireguard/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile index f752d3b..2e9f17e 100644 --- a/package/network/services/wireguard/Makefile +++ b/package/network/services/wireguard/Makefile @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard -PKG_VERSION:=0.0.20181218 +PKG_VERSION:=0.0.20190123 PKG_RELEASE:=1 PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/ -PKG_HASH:=2e9f86acefa49dbfb7fa6f5e10d543f1885a2d5460cd5e102696901107675735 +PKG_HASH:=edd13c7631af169e3838621b1a1bff3ef73cf7bc778eec2bd55f7c1089ffdf9b PKG_LICENSE:=GPL-2.0 Apache-2.0 PKG_LICENSE_FILES:=COPYING