From 9f6b8ee81d7bb2f1f65285bf885a14203f0d1ed2 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sat, 25 May 2019 14:05:51 +0100 Subject: [PATCH] kernel: Update WireGuard to 0.0.20190406 == Changes == * allowedips: initialize list head when removing intermediate nodes Fix for an important regression in removing allowed IPs from the last snapshot. We have new test cases to catch these in the future as well. * wg-quick: freebsd: rebreak interface loopback, while fixing localhost * wg-quick: freebsd: export TMPDIR when restoring and don't make empty Two fixes for FreeBSD which have already been backported into ports. * tools: genkey: account for short reads of /dev/urandom * tools: add support for Haiku The tools now support Haiku! Maybe somebody is working on a WireGuard implementation for it? * tools: warn if an AllowedIP has a nonzero host part If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8) will now print a warning. Even though we mask this automatically down to 192.168.1.0/24, usually when people specify it like this, it's a mistake. * wg-quick: add 'strip' subcommand The new strip subcommand prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as: `wg addconf $DEV <(wg-quick strip $DEV)`. * tools: avoid unneccessary next_peer assignments in sort_peers() Small C optimization the compiler was probably already doing. * peerlookup: rename from hashtables * allowedips: do not use __always_inline * device: use skb accessor functions where possible Suggested tweaks from Dave Miller. * qemu: set framewarn 1280 for 64bit and 1024 for 32bit These should indicate to us more clearly when we cross the most strict stack thresholds expected when using recent compilers with the kernel. * blake2s: simplify * blake2s: remove outlen parameter from final The blake2s implementation has been simplified, since we don't use any of the fancy tree hashing parameters or the like. We also no longer separate the output length at initialization time from the output length at finalization time. * global: the _bh variety of rcu helpers have been unified * compat: nf_nat_core.h was removed upstream * compat: backport skb_mark_not_on_list The usual assortment of compat fixes for Linux 5.1. Signed-off-by: Rolf Neugebauer --- kernel/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/Dockerfile b/kernel/Dockerfile index 83d8cd2f4..658b1171e 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -36,8 +36,8 @@ ARG KERNEL_SERIES ARG EXTRA ARG DEBUG -ENV WIREGUARD_VERSION=0.0.20190227 -ENV WIREGUARD_SHA256="fcdb26fd2692d9e1dee54d14418603c38fbb973a06ce89d08fbe45292ff37f79" +ENV WIREGUARD_VERSION=0.0.20190406 +ENV WIREGUARD_SHA256="2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b" ENV WIREGUARD_URL=https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${WIREGUARD_VERSION}.tar.xz # We copy the entire directory. This copies some unneeded files, but