aports/testing/wireguard-tools, branch 3.9-stable Main aports tree testing/wireguard-tools: fix quotes in checksum 2019-01-25T15:06:55+00:00 Natanael Copa ncopa@alpinelinux.org 2019-01-25T15:06:55+00:00 92b0caf829b64934a11d713708953e37a28316a2 






testing/wireguard: upgrade to 0.0.20190123
2019-01-24T16:54:03+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2019-01-23T13:50:56+00:00

ee1955b85cff0d912c7c3c96d58b807541e48082

* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>







testing/wireguard-tools: split wg and wg-quick
2019-01-05T23:38:02+00:00

Carlo Landmeter
clandmeter@alpinelinux.org

2019-01-05T23:34:44+00:00

8bbf99be2e60a2fe53f41735d50161f98770fdef

We split wg and wg-quick into seperate packages but let the main pacakge
pull both of them in. This way they can have their own deps and we can
pull them in independently.

We also patch wg-quick to ue busybox sysctl.





We split wg and wg-quick into seperate packages but let the main pacakge
pull both of them in. This way they can have their own deps and we can
pull them in independently.

We also patch wg-quick to ue busybox sysctl.







testing/wireguard-tools: add missing depends
2019-01-03T08:30:49+00:00

Stuart Cardall
developer@it-offshore.co.uk

2019-01-02T21:28:39+00:00

16a4a9c1c7a1b50a313a3a70efaf324189ae0d00

wg-quick does not work with some of the busybox built-ins.
based on original report by Nathan Caldwell (saintdev at gmail dot com)

adds depends for:
	procps
	iproute2
	coreutils (for sysctl -r)

but NOT for Bash (which is required by wg-quick only & not by other wg-tools)

see also:

https://github.com/alpinelinux/aports/pull/3903
https://lists.zx2c4.com/pipermail/wireguard/2018-December/003608.html





wg-quick does not work with some of the busybox built-ins.
based on original report by Nathan Caldwell (saintdev at gmail dot com)

adds depends for:
	procps
	iproute2
	coreutils (for sysctl -r)

but NOT for Bash (which is required by wg-quick only & not by other wg-tools)

see also:

https://github.com/alpinelinux/aports/pull/3903
https://lists.zx2c4.com/pipermail/wireguard/2018-December/003608.html







testing/wireguard: upgrade to 0.0.20181218
2018-12-18T20:02:10+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2018-12-18T17:06:33+00:00

932513c69d63b19b87b3d516e076d15c0baccc87

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>







testing/wireguard: upgrade to 0.0.20181119
2018-11-20T15:33:04+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2018-11-19T17:30:34+00:00

2d6d4f4faa2d9f46146b28c540ae5c791da4489b

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>







testing/wireguard: upgrade to 0.0.20181115
2018-11-15T21:44:12+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2018-11-15T20:13:50+00:00

11eee56b9cdbae7dea80c63bd941e04f752ebd23

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>







testing/wireguard: upgrade to 0.0.20181018
2018-10-23T11:19:06+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2018-10-18T01:48:14+00:00

6ebe01c8ff39d3ea4db0c88aeb53b3ad562a2454

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>







testing/wireguard-tools: Document pkgrel/_toolsrel requirement
2018-10-23T11:19:06+00:00

Jonathan Neuschäfer
j.neuschaefer@gmx.net

2018-05-14T13:22:16+00:00

f22f189a022d1ac55cd926282fcccdc922513616












testing/wireguard: upgrade to 0.0.20181006
2018-10-15T09:18:58+00:00

Jason A. Donenfeld
Jason@zx2c4.com

2018-10-06T03:07:58+00:00

4f4102288725f62bd3ac0477edd05a6fb14a0feb

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>





Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>