On Wed, Jan 23, 2019 at 2:50 PM Jason A. Donenfeld <ja...@zx2c4.com> wrote: > > * tools: curve25519: handle unaligned loads/stores safely > > This should fix sporadic crashes with `wg pubkey` on certain architectures. > > * netlink: auth socket changes against namespace of socket > > In WireGuard, the underlying UDP socket lives in the namespace where the > interface was created and doesn't move if the interface is moved. This > allows one to create the interface in some privileged place that has > Internet access, and then move it into a container namespace that only > has the WireGuard interface for egress. Consider the following > situation: > > 1. Interface created in namespace A. Socket therefore lives in namespace A. > 2. Interface moved to namespace B. Socket remains in namespace A. > 3. Namespace B now has access to the interface and changes the listen > port and/or fwmark of socket. Change is reflected in namespace A. > > This behavior is arguably _fine_ and perhaps even expected or > acceptable. But there's also an argument to be made that B should have > A's cred to do so. So, this patch adds a simple ns_capable check. > > * ratelimiter: build tests with !IPV6 > > Should reenable building in debug mode for systems without IPv6. > > * noise: replace getnstimeofday64 with ktime_get_real_ts64 > * ratelimiter: totalram_pages is now a function > * qemu: enable FP on MIPS > > Linux 5.0 support. > > * keygen-html: bring back pure javascript implementation > > BenoƮt Viguier has proofs that values will stay well within 2^53. We > also have an improved carry function that's much simpler. Probably more > constant time than emscripten's 64-bit integers. > > * contrib: introduce simple highlighter library > > This is the highlighter library being used in: > - https://twitter.com/EdgeSecurity/status/1085294681003454465 > - https://twitter.com/EdgeSecurity/status/1081953278248796165 > > It's included here as a contrib example, so that others can paste it into > their own GUI clients for having the same strictly validating highlighting. > > * netlink: use __kernel_timespec for handshake time > > This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info. > > Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com> > --- > package/network/services/wireguard/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/network/services/wireguard/Makefile > b/package/network/services/wireguard/Makefile > index f752d3b..2e9f17e 100644 > --- a/package/network/services/wireguard/Makefile > +++ b/package/network/services/wireguard/Makefile > @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk > > PKG_NAME:=wireguard > > -PKG_VERSION:=0.0.20181218 > +PKG_VERSION:=0.0.20190123 > PKG_RELEASE:=1 > > PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz > PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/ > -PKG_HASH:=2e9f86acefa49dbfb7fa6f5e10d543f1885a2d5460cd5e102696901107675735 > +PKG_HASH:=edd13c7631af169e3838621b1a1bff3ef73cf7bc778eec2bd55f7c1089ffdf9b > > PKG_LICENSE:=GPL-2.0 Apache-2.0 > PKG_LICENSE_FILES:=COPYING > -- > 2.20.1 Patch pushed to master (https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=bbcd0634f8c9769a336386f8df471231d24a27cc); thx
Hans > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
