SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for wireguard-kmp-pae-1.0.20200401_k5.5.13_1-40.2.i586.rpm :

* Wed Apr 01 2020 Martin Hauke - Update to version 1.0.20200401
* compat: queueing: skb_reset_redirect change has been backported to 5.[45]
* qemu: bump default kernel to 5.5.14
* Tue Mar 31 2020 Martin Hauke - Update to version 1.0.20200330
* queueing: backport skb_reset_redirect change from 5.6
* Sat Mar 21 2020 Martin Hauke - Update to version 0.0.20200318
* compat: RHEL 7 backported skb_ensure_writable()
* compat: RHEL 8.2 backported ipv6_dst_lookup_flow
* curve25519-x86_64: avoid use of r12
* wireguard: queueing: account for skb->protocol==0
* receive: remove dead code from default packet type case
* noise: error out precomputed DH during handshake rather than config
* send: use normaler alignment formula from upstream
* Thu Mar 05 2020 Michal Suchanek - Fix build on openSUSE 15.2 + wireguard-fix-leap152.patch
* Wed Feb 26 2020 Martin Hauke - Update to version 0.0.20200215
* send: cleanup skb padding calculation
* socket: remove useless synchronize_net
* Fri Feb 14 2020 Martin Hauke - Update to version 0.0.20200214
* chacha20poly1305: defensively protect against large inputs
* netns: ensure that icmp src address is correct with nat
* receive: reset last_under_load to zero
* send: account for mtu=0 devices
* Wed Feb 05 2020 Martin Hauke - Update to version 0.0.20200205
* allowedips: remove previously added list item when OOM fail
* noise: reject peers with low order public keys
* netns: ensure non-addition of peers with failed precomputation
* netns: tie socket waiting to target pid
* Tue Jan 28 2020 Martin Hauke - Update to version 0.0.20200128
* qemu: bump kernel
* compat: refuse to build on >= 5.6
* compat: account for frankenzinc being in 5.5
* Tue Jan 21 2020 Martin Hauke - Update to version 0.0.20200121
* Makefile: strip prefixed v from version.h
* device: skb_list_walk_safe moved upstream
* curve25519: x86_64: replace with formally verified implementation
* Mon Jan 20 2020 Martin Hauke - Update to version 0.0.20200105
* socket: mark skbs as not on list when receiving via gro
* Mon Jan 20 2020 Martin Hauke - Drop not longer needed patches:
* wireguard-remove-depmod.diff
* wireguard-fix-systemd-service.patch- Mention wireguard-kmp-preamble in the sepc-file as source- Package split since upstream reorganized code repositories.
* wireguard-tools is now developed in a separate package
* Thu Dec 19 2019 Martin Hauke - Update to version 0.0.20191219
* wg-quick: linux: try both iptables(8) and nft(8) on teardown
* wg-quick: linux: use already configured addresses instead of in-memory
* compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
* tools: adjust wg.8 syntax for consistency in COMMANDS section
* Thu Dec 12 2019 Martin Hauke - Update to version 0.0.20191212
* socket: convert to ipv6_dst_lookup_flow for 5.5
* wg-quick: linux: add support for nft and prefer it
* wg-quick: linux: support older nft(8)
* global: fix up spelling
* main: remove unused include
* Wed Dec 11 2019 chrisAATTcomputersalat.de- Update to 0.0.20191206
* chacha20poly1305: double check the sgmiter logic with test
* wg-quick: linux: ignore save warnings for iptables-nft
* wg-quick: linux: suppress more warnings on weird kernels
* wg-quick: linux: some iptables don\'t like empty lines
* crypto: use new assembler macros for 5.5
* chacha20poly1305: port to sgmitter for 5.5
* netlink: prepare for removal of genl_family_attrbuf in 5.5- fix changelog for 0.0.20191205
* Thu Dec 05 2019 Martin Hauke - Update to version 0.0.20191205
* wg-quick: linux: suppress error when finding unused table
* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-
* -w is not widely supported
* ipc: make sure userspace communication frees wgdevice
* Wed Nov 27 2019 Martin Hauke - Update to version 0.0.20191127
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* wg-quick: linux: only touch net.ipv4 for v4
* wg-quick: linux: filter bogus injected packets and don\'t disable rpfilter
* reresolve-dns: remove invalid anchors on regex match
* tools: add syncconf command
* Mon Oct 28 2019 Martin Hauke - Drop debian packaging related files:
* debian.tar.xz
* wireguard.dsc
* Mon Oct 28 2019 Martin Hauke - Don\'t rename gpg signature
* Sat Oct 12 2019 Martin Hauke - Update to version 0.0.20191012
* netns: add test for failing 5.3 FIB changes
* noise: recompare stamps after taking write lock
* netlink: allow preventing creation of new peers when updating
* Mon Sep 16 2019 Martin Hauke - Update to version 0.0.20190913
* compat: support newer PaX
* compat: don\'t rewrite siphash when it\'s from compat
* Kbuild: squelch warnings for stack limit on broken kernel configs
* compat: support rhel/centos 7.7
* Sun Sep 08 2019 Martin Hauke - Update to version 0.0.20190905
* Lots of compat work.
* netlink: enforce that unused bits of flags are zero
* noise: immediately rekey all peers after changing device private key
* netlink: skip peers with invalid keys
* wg-quick: linux: don\'t fail down when using systemd-resolved- Update patch:
* wireguard-remove-depmod.diff
* Sat Jul 13 2019 Adam Mizerski - refresh wireguard-fix-leap151.patch
* Tue Jul 02 2019 Martin Hauke - Update to version 0.0.20190702
* curve25519: not all linkers support bmi2 and adx
* qemu: show signal when failing
* compat: some kernels weirdly backport prandom_u32_max
* compat: unify custom function prefix/suffix
* global: switch to coarse ktime
* netlink: cast struct over cb->args for type safety
* peer: use LIST_HEAD macro
* receive: queue dead packets to napi queue instead of empty rx_queue
* Wed Jun 12 2019 Michal Hrusecky - fix build on openSUSE 15.1
* update wireguard-fix-leap151.patch
* Sat Jun 01 2019 Martin Hauke - Update to version 0.0.20190601
* compat: don\'t call xgetbv on cpus with no XSAVE
* Sat Jun 01 2019 Martin Hauke - Update to version 0.0.20190531
* tools: add wincompat layer to wg(8)
* compat: udp_tunnel: force cast sk_data_ready
* socket: set ignore_df=1 on xmit
* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies
* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2
* timers: add jitter on ack failure reinitiation
* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop
* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
* Sat Apr 06 2019 Martin Hauke - Update to version 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes
* wg-quick: freebsd: rebreak interface loopback, while fixing localhost
* wg-quick: freebsd: export TMPDIR when restoring and don\'t make empty
* tools: genkey: account for short reads of /dev/urandom
* tools: warn if an AllowedIP has a nonzero host part
* wg-quick: add \'strip\' subcommand
* tools: avoid unneccessary next_peer assignments in sort_peers()
* qemu: set framewarn 1280 for 64bit and 1024 for 32bit
* blake2s: simplify
* blake2s: remove outlen parameter from final
* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list
* compat fixes for Linux 5.1.
* Wed Feb 27 2019 Martin Hauke - Update to version 0.0.20190227
* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn\'t need to be initialized
* queueing: more reasonable allocator function convention
* systemd: wg-quick should depend on nss-lookup.target
* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp
* hashtables: decouple hashtable allocations from the main device allocation.
* chacha20poly1305: permit unaligned strides on certain platforms
* The map allocations required to fix this are mostly slower than unaligned paths.
* noise: store clamped key instead of raw key
* compat: ipv6_stub is sometimes null
* Makefile: don\'t duplicate code in install and modules-install
* Makefile: make the depmod path configurable
* queueing: net-next has changed signature of skb_probe_transport_header
* netlink: don\'t remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips- Update patches:
* wireguard-fix-systemd-service.patch
* wireguard-remove-depmod.diff
* Tue Feb 26 2019 Martin Hauke - Add patch:
* wireguard-fix-leap151.patch
* Wed Feb 06 2019 mardnhAATTgmx.de- Be more verbose during build with \"make V=1\"
* Wed Jan 23 2019 mardnhAATTgmx.de- Update to version 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely
* netlink: auth socket changes against namespace of socket
* ratelimiter: build tests with !IPV6
* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS
* keygen-html: bring back pure javascript implementation
* contrib: introduce simple highlighter library
* Sat Jan 05 2019 mardnhAATTgmx.de- Fix systemd handling- Add patch:
* wireguard-fix-systemd-service.patch
* Tue Dec 18 2018 mardnhAATTgmx.de- Update to version 0.0.20181218
* jerry-rig: replace S_shipped with pl
* chacha20,poly1305: simplify perlasm fanciness
* compat: don\'t undef BUILD_BUG_ON for Clang >=8
* embeddable-wg-library: do not warn on unrecognized netlink attributes
* chacha20: do not define unused asm function
* compat: account for Clang CFI
* wg-quick: bring interface up while setting MTU
* makefile: use immediate expansion and use correct template patterns
* Mon Nov 19 2018 mardnhAATTgmx.de- Update to version 0.0.20181119
* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don\'t do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate
* Thu Nov 15 2018 mardnhAATTgmx.de- Update to version 0.0.20181115 == Changes ==
* Zinc no longer ships generated assembly code. Rather, we now bundle in the original perlasm generator for it. The primary purpose of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can carefully control the lifetime of these functions and ensure they never execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear
*on-suspend decision a bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn\'t actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips
* Mon Oct 22 2018 Adam Mizerski - fix building multiple kernel flavors
* Thu Oct 18 2018 mardnhAATTgmx.de- Update to version 0.0.20181018 == Changes ==
* compat: don\'t output for grep errors
* compat: look in Kbuild and Makefile since they differ based on arch
* create-patch: blacklist instead of whitelist This should solve the last of the compat issues introduced with the revamped build system and upstream changes.
* qemu: kill after 20 minutes Our test suite now accounts for hangs.
* global: prefix functions used in callbacks with wg_
* global: rename struct wireguard_ to struct wg_
* global: more nits
* timers: avoid using control statements in macro
* allowedips: remove control statement from macro by rewriting
* device: use textual error labels always
* global: give if statements brackets and other cleanups
* main: change module description
* main: get rid of unloaded debug message Stylistic cleanups from upstream.
* netlink: do not stuff index into nla type It\'s not used for anything, and LKML doesn\'t like the type being used as an index value. Technically this changes UAPI, but in practice nobody used this, and if they did use it for anything, that thing was probably broken anyway.
* allowedips: swap endianness early on Otherwise if gcc\'s optimizer is able to look far in but not overly far in, we wind up with \"warning: \'key\' may be used uninitialized in this function [-Wmaybe-uninitialized]\".
* tools: use libc\'s endianness macro if no compiler macro
* tools: compile on gnu99 This lets us be compiled with ancient gcc.
* tools: don\'t fail if a netlink interface dump is inconsistent Netlink returns NLM_F_DUMP_INTR if the set of all tunnels changed during the dump. That\'s unfortunate, but is pretty common on busy systems that are adding and removing tunnels all the time. Rather than retrying, potentially indefinitely, we just work with the partial results.
* tools: wg-quick: wait for interface to disappear on freebsd This should improve init scripts that restart tunnels using wg-quick.
* Sun Oct 07 2018 mardnhAATTgmx.de- Update to version 0.0.20181007 == Changes ==
* makefile: do more generic wildcard so as to avoid rename issues Yesterday\'s snapshot broke DKMS installation, which is the majority of distros using WireGuard, so we\'re rushing out a fix the day after so that people can actually run it.
* compat: account for ancient ARM assembler
* compat: make asm/simd.h conditional on its existence
* compat: clang cannot handle __builtin_constant_p Yesterday\'s snapshot broke old ARM kernels and Android kernels using Clang.
* crypto: disable broken implementations in selftests If the selftests determine a particular crypto implementation doesn\'t work, it prints a warning -- since that would be a pretty grave bug -- but it also just disables that implementation so that we don\'t compute anything incorrectly.
* crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
* allowedips: document additional nobs
* crypto: clean up remaining .h->.c
* global: style nits Various cleanups and style nits.
* Sat Oct 06 2018 mardnhAATTgmx.de- Update to version 0.0.20181006 == Changes ==
* Account for big-endian 2^26 conversion in Poly1305.
* Account for big-endian NEON in Curve25519.
* Fix macros in big-endian AArch64 code so that this will actually run there at all.
* Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
* Call simd_relax() within any preempt-disabling glue code every once in a while so as not to increase latency if folks pass in super long buffers.
* Prefer compiler-defined architecture macros in assembly code, which puts us in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
* Non-static symbols are prefixed with wg_ to avoid polluting the global namespace.
* Return a bool from simd_relax() indicating whether or not we were rescheduled.
* Reflect the proper simd conditions on arm.
* Do not reorder lines in Kbuild files for the simd asm-generic addition, since we don\'t want to cause merge conflicts.
* WARN() if the selftests fail in Zinc, since if this is an initcall, it won\'t block module loading, so we want to be loud.
* Document some interdependencies beside include statements.
* Add missing static statement to fpu init functions.
* Use union in chacha to access state words as a flat matrix, instead of casting a struct to a u8 and hoping all goes well. Then, by passing around that array as a struct for as long as possible, we can update counter[0] instead of state[12] in the generic blocks, which makes it clearer what\'s happening.
* Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86, and the other implementations do not require that kind of alignment either.
* Submit patch to ARM tree for adjusting RiscPC\'s cflags to be -march=armv3 so that we can build code that uses umull.
* Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config variables consistently throughout.
* Document rationale for the 2^26->2^64/32 conversion in code comments.
* Convert all of remaining BUG_ON to WARN_ON.
* Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old ISAs via the macro in .
* Do not allow WireGuard to be a built-in if IPv6 is a module.
* Writeback the base register and reorder multiplications in the NEON x25519 implementation.
* Try all combinations of different implementations in selftests, so that potential bugs are more immediately unearthed.
* Self tests and SIMD glue code work with #include, which lets the compiler optimize these. Previously these files were .h, because they were included, but a simple grep of the kernel tree shows 259 other files that carry out this same pattern. Only they prefer to instead name the files with a .c instead of a .h, so we now follow the convention.
* Support many more platforms in QEMU, especially big endian ones.
* Kernels < 3.17 don\'t have read_cpuid_part, so fix building there.
* Tue Sep 25 2018 mardnhAATTgmx.de- Update to version 0.0.20180925 == Changes ==
* poly1305: better module description
* blake2s: simplify final function
* poly1305: no need to trick gcc 8.1
* chacha20: prefer crypto_xor_cpy to avoid memmove
* poly1305: account for simd being toggled off midway
* crypto: do not waste space on selftest items
* poly1305-mips32r2: remove all reorder directives
* chacha20-mips32r2: fix typo to allow reorder again
* chacha20-mips32r2: remove reorder directives
* chacha20-arm: go with Ard\'s version to optimize for Cortex-A7
* chacha20-mips32r2: use simpler calling convention
* chacha20-mips32r2: reduce jumptable entry size and stack usage
* chacha20: add chunked selftest and test sliding alignments and hchacha20
* crypto-arm: rework KERNEL_MODE_NEON handling
* chacha20-arm: use new scalar implementation
* curve25519-fiat32: work around m68k compiler stack frame bug
* crypto: flatten out makefile
* crypto-arm: rework KERNEL_MODE_NEON handling again
* poly1305-mips64: remove useless preprocessor error
* chacha20-arm: updated scalar code from Andy
* chacha20-arm: remove unused preambles
* hchacha20: keep in native endian in words
* crypto: make constant naming scheme consistent
* chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
* chacha20: add bounds checking to selftests
* curve25519-hacl64: reduce stack usage under KASAN Tons of improvements to our cryptography API, including some nice performance boosts on ARM Cortex-A7 and MIPS32r2.
* allowedips: change from BUG_ON to WARN_ON
* allowedips: work around kasan stack frame bug in selftest
* global: put SPDX identifier on its own line
* netlink: reverse my christmas trees
* global: reduce stack frame size Style and correctness changes. We now use less stack space as well.
* Tue Sep 18 2018 mardnhAATTgmx.de- Update to version 0.0.20180918 == Changes ==
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5
*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don\'t activate simd for small blocks
* poly1305-x86_64: don\'t activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test Tons of improvements all around the board to our cryptography library, including some performance boosts with how we handle SIMD for small packets.
* send/receive: reduce number of sg entries This quells a powerpc stack usage warning.
* global: remove non-essential inline annotations We now allow the compiler to determine whether or not to inline certain functions, while still manually choosing so for a few performance-critical sections.
* Tue Sep 11 2018 mardnhAATTgmx.de- Update to version 0.0.20180910 == Changes ==
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it\'s going upstream This fixes a decent amount of compat breakage and thumb2-mode breakage introduced by our move to Zinc.
* crypto: use CRYPTOGAMS license Rather than using code from OpenSSL, use code directly from AndyP.
* poly1305: rewrite self tests from scratch
* poly1305: switch to donna This makes our C Poly1305 implementation a bit more intensely tested and also faster, especially on 64-bit systems. It also sets the stage for moving to a HACL
* implementation when that\'s ready.
* Tue Sep 04 2018 mardnhAATTgmx.de- Update to version 0.0.20180904 == Changes ==
* wg-quick: darwin: prefer system paths for tools The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8). Other than that, it\'s explicitly coded against the native system utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their full absolute path (via $SELF and $BASH, respectively), we can simply set the $PATH to be prefixed by the default system binary paths. This way, if users install tools that conflict with system tools -- such as GNU coreutils -- we won\'t accidently call those.
* wg-quick: check correct variable for route deduplication This should avoid adding duplicate routes when adding the allowed IPs as interface routes automatically.
* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(
*pointer) when possible
* global: always find OOM unlikely Tons of style cleanups.
* crypto: use unaligned helpers We now avoid unaligned accesses for generic users of the crypto API.
* crypto: import zinc More style cleanups and a rearrangement of the crypto routines to fit how this is going to work upstream. This required some fairly big changes to our build system, so there may be some build errors we\'ll have to address in subsequent snapshots.
* compat: rng_is_initialized made it into 4.19 We therefore don\'t need it in the compat layer anymore.
* curve25519-hacl64: use formally verified C for comparisons The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F
*, which is preferable. The assembly generated is identical.
* curve25519-x86_64: let the compiler decide when/how to load constants Small performance boost.
* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with # This incorporates ASM nits from upstream review.
* netlink: insert peer version placeholder
* tools: ipc: do not warn on unrecognized netlink attributes
* Fri Aug 10 2018 mardnhAATTgmx.de- Update to version 0.0.20180809 == Changes ==
* send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we\'re much better off just using a boring atomic64 for this. It\'s simpler and performs better. Also, while we\'re at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize.
* compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms.
* crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML.
* chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they\'re rejected by SMTP servers.
* qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree.
* curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register.
* chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library.
* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness.
* timers: include header in right file This fixes compilation in some environments.
* netlink: don\'t start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we\'ll be looking to create a fuzzer out of Matt\'s nice library.
* Fri Aug 03 2018 mardnhAATTgmx.de- Update to version 0.0.20180802 == Changes ==
* chacha20poly1305: selftest: split up test vector constants The test vectors are encoded as long strings -- really long strings -- and apparently RFC821 doesn\'t like lines longer than 998. https://cr.yp.to/smtp/message.html
* queueing: keep reference to peer after setting atomic state bit This fixes a regression introduced when preparing the LKML submission.
* allowedips: prevent double read in kref
* allowedips: avoid window of disappeared peer
* hashtables: document immediate zeroing semantics
* peer: ensure resources are freed when creation fails
* queueing: document double-adding and reference conditions
* queueing: ensure strictly ordered loads and stores
* cookie: returned keypair might disappear if rcu lock not held
* noise: free peer references on failure
* peer: ensure destruction doesn\'t race Various fixes, as well as lots of code comment documentation, for a small variety of the less obvious aspects of object lifecycles, focused on correctness.
* allowedips: free root inside of RCU callback
* allowedips: use different macro names so as to avoid confusion These incorporate two suggestions from LKML.
* Tue Jul 31 2018 mardnhAATTgmx.de- Upate to version 0.0.20180731 == Changes ==
* receive: check against proper return value type Ensure error counters are correct in the receive path.
* embeddable-wg-library: do not left shift negative numbers Avoids implementation-defined C behavior and also improves performance.
* wg-quick: android: allow package to be overridden
* wg-quick: android: remove compat code Small android fixes.
* qemu: show log if process crashes
* qemu: update musl and kernel The usual QEMU suite bump.
* curve25519-x86_64: tighten the x25519 assembly Small performance optimization from Samuel. The wide multiplication by 38 in mul_a24_eltfp25519_1w is redundant: (2^256-1)
* 121666 / 2^256 is at most 121665, and therefore a 64-bit multiplication can never overflow.
* curve25519-x86_64: tighten reductions modulo 2^256-38 Small performance optimization from Samuel. At this stage the value if C[4] is at most ((2^256-1) + 38
*(2^256-1)) / 2^256 = 38, so there is no need to use a wide multiplication.
* curve25519-x86_64: simplify the final reduction by adding 19 beforehand Small performance optimization from Samuel. At this stage the value if C[4] is at most ((2^256-1) + 38
*(2^256-1)) / 2^256 = 38, Correctness can be quickly verified with the following z3py script: >>> from z3 import
* >>> x = BitVec(\"x\", 256) # any 256-bit value >>> ref = URem(x, 2
*
*255 - 19) # correct value >>> t = Extract(255, 255, x); x &= 2
*
*255 - 1; # btrq $63, %3 >>> u = If(t != 0, BitVecVal(38, 256), BitVecVal(19, 256)) # cmovncl %k5, %k4 >>> x += u # addq %4, %0; adcq $0, %1; adcq $0, %2; adcq $0, %3; >>> t = Extract(255, 255, x); x &= 2
*
*255 - 1; # btrq $63, %3 >>> u = If(t != 0, BitVecVal(0, 256), BitVecVal(19, 256)) # cmovncl %k5, %k4 >>> x -= u # subq %4, %0; sbbq $0, %1; sbbq $0, %2; sbbq $0, %3; >>> prove(x == ref) proved
* ratelimiter: prevent init/uninit race Fixes a classic ABA problem that isn\'t actually reachable because of rtnl_lock, but it\'s good to be correct anyway.
* peer: simplify rcu reference counts Use RCU reference counts only when we must, and otherwise use a more reasonably named function.
* main: add missing chacha20poly1305 header
* send: address of variable is never null
* noise: remove outdated comment
* main: properly name label
* noise: use hex constant for tai64n offset
* device: adjust comment
* Thu Jul 19 2018 mardnhAATTgmx.de- Update to version 0.0.20180718 == Changes ==
* tools: only error on wg show if all interfaces fail wg(8) now has a more reasonable error code semantic.
* receive: account for zero or negative budget A correctness fix that no other drivers implement but that we really should be doing anyway.
* recieve: disable NAPI busy polling This avoids adding one reference per peer to the napi_hash hashtable, as normally done by netif_napi_add(). Since we potentially could have up to 2^20 peers this would make busy polling very slow globally. This approach is preferable to having only a single napi struct because we get one gro_list per peer, which means packets can be combined nicely even if we have a large number of peers. This is also done by gro_cells_init() in net/core/gro_cells.c.
* receive: use gro call instead of plain call This enables incredible performance improvements in some cases. Benchmark and see for yourself. It should affect large TCP flows.
* wg-quick: allow link local default gateway IPv6 endpoints will now work better on BSD and Darwin.
* device: destroy workqueue before freeing queue Another small correctness fix.
* Sun Jul 08 2018 mardnhAATTgmx.de- Update to version 0.0.20180708 == Changes ==
* device: print daddr not saddr in missing peer error
* receive: style Debug messages now make sense again.
* wg-quick: android: support excluding applications Android now supports excluding certain apps (uids) from the tunnel.
* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION Some improvements to our testing infrastructure.
* receive: use NAPI on the receive path This is a big change that should both improve preemption latency (by not disabling it unconditionally) and vastly improve rx performance on most systems by using NAPI. The main purpose of this snapshot is to test out this technique.
* Mon Jun 25 2018 mardnhAATTgmx.de- Update to version 0.0.20180625 == Changes ==
* receive: don\'t toggle bh The last snapshot caused a big performance regression, which we partially revert here. This general matter, though, will be revisited in the future, perhaps by switching to NAPI.
* main: test poly1305 before chacha20poly1305
* poly1305: give linker the correct constant data section size While the default bfd linker did the right thing, gold would sometimes merge section incorrectly because of an incorrect section length field, resulting in wrong calculations.
* simd: add missing header Fixes a compile error on a few odd kernels.
* global: fix a few typos
* manpages: eliminate whitespace at the end of the line
* tools: fix misspelling of strchrnul in comment Cosmetic fixups.
* global: use ktime boottime instead of jiffies
* global: use fast boottime instead of normal boottime
* compat: more robust ktime backport We now use the equivalent of clock_gettime(CLOCK_BOOTTIME) for doing age checks on time-limited objects, such as ephemeral keys, so that on systems where we don\'t clear before sleep (like Android), we make sure to invalidate the objects after the proper amount of time, taking into account time spent asleep.
* wg-quick: android: prevent outgoing handshake packets from being dropped Recent android phones block outgoing packets using iptables while the system is asleep. This makes sense for most services, but not for a tunnel device itself, so we work around this by inserting our own iptables rule.
* Wed Jun 20 2018 mardnhAATTgmx.de- Update to version 0.0.20180620 == Changes ==
* chacha20poly1305: use slow crypto on -rt kernels on arm too Leftover from the last commit of the previous snapshot that we forgot to handle.
* tools: getentropy requires macOS 10.12 Small build time fixup for old versions of macOS.
* queueing: remove useless spinlocks on sc
* queueing: re-enable preemption periodically to lower latency
* simd: encapsulate fpu amortization into nice functions
* simd: no need to restore fpu state when no preemption This will improve general system latency on preempt-enabled systems, like desktops.
* dns-hatchet: apply resolv.conf\'s selinux context to new resolv.conf Fixes wg-quick\'s dns hatchet on CentOS.
* qemu: bump default kernel By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407
* noise: take locks for ss precomputation
* netlink: maintain static_identity lock over entire private key update Minor locking correctness fixes and optimizations.
* noise: wait for crng before taking locks We now make sure that an outgoing packet which needs a potentially unseeded rng won\'t block a call to wg(8), which takes similar locks for retrieving data.
* receive: drop handshake packets if rng is not initialized If the rng is unseeded, we drop incoming handshake packets, so that it\'s not possible for an attacker to fill the handshake queue thereby provoking cookies.
* ratelimiter: mitigate reference underflow
* ratelimiter: do not allow concurrent init and uninit Minor correctness and hardening fixes, which don\'t fix anything particular in WireGuard, but might be useful if our ratelimiter is ever used elsewhere.
* compat: use stabler lkml links
* poly1305: add missing string.h header Minor fixups.
* Wed Jun 13 2018 mardnhAATTgmx.de- Update to version 0.0.20180613 == Changes ==
* wg-quick: android: change name of intent
* wg-quick: android: delay setting users until end `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing them to reconnect. By delaying this until after routes are set, we ensure that the sockets reconnect using the tunnel, rather than the old route. This fixes push notifications on Android.
* chacha20: add missing include to header Fixes a compile error on some kernels.
* tools: encoding: add missing static array constraints Makes static analyzers happier.
* tools: support getentropy(3) This lets us take advantage of both recent glibc calls as well as the long standing getentropy functions on the BSDs.
* chacha20poly1305: use slow crypto on -rt kernels In rt kernels, spinlocks call schedule(), which means preemption can\'t be disabled. The FPU disables preemption. Hence, we can either restructure things to move the calls to kernel_fpu_begin/end to be really close to the actual crypto routines, or we can do the slower lazier solution of just not using the FPU at all on -rt kernels. This patch goes with the latter lazy solution. The reason why we don\'t place the calls to kernel_fpu_begin/end close to the crypto routines in the first place is that they\'re very expensive, as it usually involves a call to XSAVE. So on sane kernels, we benefit from only having to call it once.
* Fri Jun 01 2018 mardnhAATTgmx.de- Update to version 0.0.20180531 == Changes ==
* compat: don\'t clash with get_random_u32 backports This should allow running on recent Qualcomm msm8998 kernels.
* wg-quick: determine IPs when saving interface
* wg-quick: darwin: add multiple IP addresses
* wg-quick: freebsd: configure as p2p link
* wg-quick: darwin: set DNS servers after delay on route change Usual set of wg-quick changes, since the recent cross platform additions.
* curve25519: x86_64: satisfy sparse
* curve25519: x86_64: make symbol static
* crypto: consistent constification Small cleanups in the crypto primitives.
* chacha20poly1305: split up into separate files
* chacha20poly1305: combine stack variables into union
* chacha20poly1305: test scattergather functions too
* chacha20poly1305: test for authtag failure We\'ve reorganized our chapoly implementation and added lots of new tests as well. The generic C chacha should be slightly faster in the process.
* poly1305: mips: compute S on fly Small speedup on MIPS.
* device: do not assume dst is always valid Fixes a crash when forwarding packets from devices that use flow offloading.
* tools: constanter time encoding
* Fri Jun 01 2018 mardnhAATTgmx.de- Update to version 0.0.20180524 == Changes ==
* allowedips: set pointer to null before freeing
* ncat-client-server: do not always call sudo and use env bash
* qemu: bump default kernel for gcc 8.1
* compat: work around qcom 4.9 backports The usual fixes.
* tools: fix OpenBSD build
* tools: always pass -v as first argument to install Portability changes.
* wg-quick: darwin: rename namefile environment variable
* wg-quick: darwin: do not remove routes when no real interface
* wg-quick: freebsd: add new implementation
* wg-quick: openbsd: add new implementation
* wg-quick: support FreeBSD/Darwin search path
* wg-quick: better bash completion for non-renaming OSes
* wg-quick: allow enumeration of socket files
* Sat May 19 2018 mardnhAATTgmx.de- Update to version 0.0.20180519 == Changes ==
* chacha20poly1305: add mips32 implementation \"The OpenWRT Commit\" - this significantly speeds up performance on cheap plastic MIPS routers, and presumably the remaining MIPS32r2 super computers out there.
* timers: reinitialize state on init
* timers: round up instead of down in slack_time
* timers: remove slack_time
* timers: clear send_keepalive timer on sending handshake response
* timers: no need to clear keepalive in persistent keepalive Andrew He and I have helped simplify the timers and remove some old warts, making the whole system a bit easier to analyze.
* tools: fix errno propagation and messages Error messages are now more coherent.
* wg-quick: use invoking shell in auto rooting Rather than letting sudo use bash from PATH, we now have it use whatever bash is currently executing the script.
* device: remove allowedips before individual peers This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with many peers would grind when deleting the interface.
* dns-hatchet: update paths Our reorganizing of the wg-quick bash paths was not sync\'d with this patch, resulting in some trivial problems for Fedora and OpenSUSE.
* compat: backport for OpenSUSE 15 Usual compat fixes.
* wg-quick: add darwin implementation We released a Darwin implementation of wg-quick(8), to be used with the new wireguard-go snapshot.
* wg-quick: darwin: ensure socket directory exists
* wg-quick: darwin: remove v6 routes after shutdown
* wg-quick: darwin: bash correctness
* wg-quick: darwin: restore DNS on down
* wg-quick: darwin: use bash from environment and require bash 4+
* wg-quick: darwin: sometimes there are no network services
* wg-quick: darwin: avoid routing loop if no default
* wg-quick: darwin: networksetup does not like missing stdio
* wg-quick: darwin: reorder functions
* wg-quick: darwin: simpler inclusion check After a pretty intense first few days of the new macOS port, we\'ve fixed a few bugs and improved functionality of wg-quick(8).
* ncat-client-server: add wg-quick variant We now have client-quick.sh that does the same as client.sh except it builds a file for wg-quick(8), which can then be used in `wg-quick up demo`.- Add patch:
* wireguard-fix-dns-hatchet-apply-dot-sh.patch (fixed upstream)
* Tue May 15 2018 mardnhAATTgmx.de- Update to version 0.0.20180514
* compat: backport for OpenSUSE 15- Add patch:
* wireguard-fix-dns-hatchet-apply-dot-sh.patch
* Mon May 14 2018 mardnhAATTgmx.de- Update to version 0.0.20180513 == Changes ==
* keygen-html: add zip file example The alpha Android app now supports importing from .zip files, so the example contrib code has been updated to show people how to trivially generate .zip files from ... javascript. That\'s right, the WireGuard repo now contains some more demo javascript.
* qemu: retry on 404 in wget for kernel.org race Simple fix for build.wireguard.com\'s handling of new kernels.
* embeddable-wg-library: zero attribute padding This imports 37c876b55a2c00424ccda5a300ab5fdec1d88b22 from upstream libmnl.
* allowedips: add selftest for allowedips_walk_by_peer
* allowedips: use native endian on lookup
* allowedips: produce better assembly with unsigned arithmetic
* allowedips: simplify arithmetic A series of bitmath improvements make allowedips lookups sleeker and faster.
* socket: use skb_put_data This follows 59ae1d127ac0ae404baf414c434ba2651b793f46 in the kernel.
* chacha20poly1305: make gcc 8.1 happy GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`. This results in a warning that `memcpy(ctx->data + num, inp, len);` may overflow the `data` field, which is correct for arbitrary values of `num`. To make the invariant explicit we ensure that `num` is in the required range. An alternative would be to change `ctx->num` to a 4-bit bitfield at the point of declaration. This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz end`, which have identical performance characteristics.
* queueing: preserve pfmemalloc header bit Precautionary measure. Further work on this function goes on in the netdev thread: https://marc.info/?l=linux-netdev&m=152607982125178&w=2
* compat: handle RHEL 7.5\'s recent backports
* compat: don\'t clear header bits on RHEL WireGuard now supports RHEL\'s latest kernel, which involved fixing some pretty major crashes and clashes with RHEL\'s backports.
* Mon Apr 23 2018 mardnhAATTgmx.de- Update to version 0.0.20180420 == Changes ==
* wg-quick: account for specified fwmark in auto routing mode If we\'re doing automatic routing with default routes, but the config has also specified an explicit fwmark, then use that explicit fwmark, even if it\'s conflicting, since the administrator has explicitly opted into using it. Also, when shutting down the interface, we only now remove the fancy rules if we\'re in automatic routing mode with default routes.
* send: account for route-based MTU It might be that a particular route has a different MTU than the interface, via `ip route add ... dev wg0 mtu 1281`, for example. In this case, it\'s important that we don\'t accidently pad beyond the end of the MTU. We accomplish that in this patch by carrying forward the MTU from the dst if it exists. We also add a unit test for this issue.
* send: simplify skb_padding with nice macro
* blake2s: remove unused helper
* compat: remove unused dev_recursion_level backport Cleanups.
* poly1305: do not place constants in different sections We\'re referencing these constants as one contiguous blob, so if there\'s any merging that goes on with other constants elsewhere (such as the kernel\'s current poly1305 implementation that we hope to replace), then these will be reordered and have the wrong values.
* Fri Apr 13 2018 mardnhAATTgmx.de- Update to version 0.0.20180413 == Changes ==
* wg-quick.8: fix typo
* wg-quick: hide errors on save This fixes a small regression in the resolvconf save handling on Debian.
* compat: stable kernels are now receiving b87b619
* compat: silence warning on frankenkernels
* compat: support OpenSUSE 15 Usual set of fixes for weird kernels.
* curve25519: use precomp implementation instead of sandy2x
* curve25519: use cmov instead of xor for cswap
* curve25519: memzero in batches
* curve25519: precomp const correctness Rather than using sandy2x, which requires use of the vector registers and simd instructions (and therefore thermal throttling and register save/restores), we instead use BMI2 and ADX instructions to achieve better performance, using: - https://eprint.iacr.org/2017/264 - https://github.com/armfazh/rfc7748_precomputed
* curve25519: add self tests from wycheproof
* chacha20poly1305: add self tests from wycheproof Wycheproof now provides sneaky test vectors, so we\'ve imported them into our self-tests to mitigate regressions. More info can be found at: - https://github.com/google/wycheproof- Remove patch:
* wireguard-sles15-compat.patch (fixed upstream)
* Mon Mar 12 2018 mardnhAATTgmx.de- Package /etc/wireguard/- Run spec-cleaner
* Fri Mar 09 2018 mardnhAATTgmx.de- Add patch:
* wireguard-sles15-compat.patch
* Sun Mar 04 2018 mardnhAATTgmx.de- Update to version 0.0.20180304 == Changes ==
* NOTICE: off the grid Do note that I\'ll be going off the grid from the end of this coming week until April 1. This snapshot is expected to be fairly stable in the interim.
* queueing: skb_reset: mark as xnet This allows cgroups to classify packets.
* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions The embeddable library gains a few extra tricks, for people implementing plugins for various network managers.
* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype Small cleanups.
* compat: workaround netlink refcount bug An upstream refcounting bug meant that in certain situations it became impossible to unload the module. So, we work around it in the compat code. The problem has been fixed in 4.16.
* contrib: keygen-html: rewrite in pure javascript
* Revert \"contrib: keygen-html: rewrite in pure javascript\" We nearly moved away from emscripten\'ing the fiat32 code, but the resultant floating point javascript was just too terrifying.
* Kconfig: require DST_CACHE explicitly Required for certain frankenkernels.
* compat: use correct -include path Fixes certain out-of-tree build systems.
* noise: align static_identity keys Gives us better alignment of private keys.
* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it Better compatibility with Debian\'s resolvconf.
* contrib: add extract-handshakes kprobe example
* Mon Feb 19 2018 mardnhAATTgmx.de- Update to version 0.0.20180218 == Changes ==
* keygen-html: fix up copyright Copy and paste errors.
* tools: do not collide types with libc clashes
* tools: FreeBSD doesn\'t have EAI_NODATA
* tools: fixup errno handling
* tools: endian.h is not portable Fixes compilation and correctness several places.
* tools: allow in-line comments You can now put a # comment anywhere in a line, in which case, it extends until the end of the line.
* wg-quick: match from beginning rather than shift right This raises the proper error when providing interface names that are too long.
* qemu: add support for powerpc Now that we have known PPC users, it\'s probably a good thing to ensure we don\'t introduce bugs, so PPC has been added to our CI on build.wireguard.com.
* poly1305: fix up selftest counter Make sure we\'re using the right array length in the debug-mode-only self-tests.
* netns: replace n0 ip with ip0, per custom Fixes up console output consistency.
* qemu: more granular memleak detection This avoids us getting memory leak errors due to upstream\'s power management drivers leaking, or the like, when we\'re only interested in WireGuard memory leaks.
* socket: free skb if there isn\'t an endpoint Fixes a memory leak.
* allowedips: indicate to clang-analyzer that trie is non-null Hopefully future versions are slightly smarter...
* blake2s: use union instead of casting Similarly fixes a clang-analyzer issue, as well as ensuring alignment.
* tools: normalize strncpy/snprintf usage Correctness.
* contrib: add embeddable wireguard library
* Fri Feb 02 2018 mardnhAATTgmx.de- Update to version 0.0.20180202 == Changes ==
* curve25519-fiat32: uninline certain functions This results in much smaller code size and significanat speed gains on smaller hardware.
* poly1305: add poly-specific self-tests Poly is easy to get wrong, so we\'ve added quite a few tests that examine certain edge cases and places where other implementations of historically failed.
* tools: dedup secret normalization
* tools: share curve25519 implementations with kernel
* contrib: keygen-html: share curve25519 implementation with kernel There is now only one place where we ship 25519 code.
* qemu: disable PIE for compilation
* qemu: disable AVX-512 in userland
* qemu: update base versions Test suite enhancements.
* device: let udev know what kind of device we are This enables folks to query the device type via udev, which is what systemd\'s networkctl uses.
* tools: fread doesn\'t change errno This fixes clearing pre-shared keys on old glibc.
* chacha20poly1305: use existing rol32 function
* chacha20poly1305: better buffer alignment Small enhancements.
* curve25519: verify that specialized basepoint implementations are correct Since some implementations have a specialized function for computing basepoints, it\'s important to do some basic sanity checking with them.
* curve25519: replace hacl64 with fiat64 For about 24 hours, fiat64 was faster.
* curve25519: replace fiat64 with faster hacl64 Then hacl64 caught up, so we moved back to it.
* curve25519: break more things with more test cases These extra test cases help break the current \"rfc7748_precomputed\" implementation, which we\'re not using here at the moment, but it is still useful to ensure that we don\'t fall victim to the same bugs.
* Thu Jan 18 2018 mardnhAATTgmx.de- Update to version 0.0.20180118 == Changes ==
* receive: treat packet checking as irrelevant for timers Small simplification to the state machine, as discussed with Mathias Hall-Andersen.
* socket: check for null socket before fishing out sport
* wg-quick: ifnames have max len of 15
* tools: plug memleak in config error path Important bug fixes.
* external-tests: add python implementation Piotr Lizonczyk has contributed a test vector written in Python.
* poly1305: remove indirect calls From Samuel Neves, we now are in a better position to mitigate speculative execution attacks.
* curve25519: modularize implementation
* curve25519: import 32-bit fiat-crypto implementation
* curve25519: import 64-bit hacl-star implementation
* curve25519: resolve symbol clash between fe types
* curve25519: wire up new impls and remove donna
* tools: import new curve25519 implementations
* contrib: keygen-html: update curve25519 implementation Two of our Curve25519 implementations now use formally verified C. Read this mailing list post for more information: https://lists.zx2c4.com/pipermail/wireguard/2018-January/002304.html
  
ICM