[Buildroot] [PATCH] wireguard: bump to 0.0.20180708
Peter Korsgaard
peter at korsgaard.com
Thu Jul 19 18:14:38 UTC 2018
>>>>> "Jason" == Jason A Donenfeld <Jason at zx2c4.com> writes:
> * chacha20poly1305: use slow crypto on -rt kernels on arm too
> Leftover from the last commit of the previous snapshot that we forgot to
> handle.
> * tools: getentropy requires macOS 10.12
> Small build time fixup for old versions of macOS.
> * queueing: remove useless spinlocks on sc
> * queueing: re-enable preemption periodically to lower latency
> * simd: encapsulate fpu amortization into nice functions
> * simd: no need to restore fpu state when no preemption
> This will improve general system latency on preempt-enabled systems, like
> desktops.
> * dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
> Fixes wg-quick's dns hatchet on CentOS.
> * qemu: bump default kernel
> By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which
> upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407
> * noise: take locks for ss precomputation
> * netlink: maintain static_identity lock over entire private key update
> Minor locking correctness fixes and optimizations.
> * noise: wait for crng before taking locks
> We now make sure that an outgoing packet which needs a potentially unseeded
> rng won't block a call to wg(8), which takes similar locks for retrieving
> data.
> * receive: drop handshake packets if rng is not initialized
> If the rng is unseeded, we drop incoming handshake packets, so that it's not
> possible for an attacker to fill the handshake queue thereby provoking
> cookies.
> * ratelimiter: mitigate reference underflow
> * ratelimiter: do not allow concurrent init and uninit
> Minor correctness and hardening fixes, which don't fix anything particular in
> WireGuard, but might be useful if our ratelimiter is ever used elsewhere.
> * compat: use stabler lkml links
> * poly1305: add missing string.h header
> Minor fixups.
> * receive: don't toggle bh
> The last snapshot caused a big performance regression, which we partially
> revert here. This general matter, though, will be revisited in the future,
> perhaps by switching to NAPI.
> * main: test poly1305 before chacha20poly1305
> * poly1305: give linker the correct constant data section size
> While the default bfd linker did the right thing, gold would sometimes merge
> section incorrectly because of an incorrect section length field, resulting in
> wrong calculations.
> * simd: add missing header
> Fixes a compile error on a few odd kernels.
> * global: fix a few typos
> * manpages: eliminate whitespace at the end of the line
> * tools: fix misspelling of strchrnul in comment
> Cosmetic fixups.
> * global: use ktime boottime instead of jiffies
> * global: use fast boottime instead of normal boottime
> * compat: more robust ktime backport
> We now use the equivalent of clock_gettime(CLOCK_BOOTTIME) for doing age
> checks on time-limited objects, such as ephemeral keys, so that on systems
> where we don't clear before sleep (like Android), we make sure to invalidate
> the objects after the proper amount of time, taking into account time spent
> asleep.
> * wg-quick: android: prevent outgoing handshake packets from being dropped
> Recent android phones block outgoing packets using iptables while the system
> is asleep. This makes sense for most services, but not for a tunnel device
> itself, so we work around this by inserting our own iptables rule.
> * device: print daddr not saddr in missing peer error
> * receive: style
> Debug messages now make sense again.
> * wg-quick: android: support excluding applications
> Android now supports excluding certain apps (uids) from the tunnel.
> * selftest: ratelimiter: improve chance of success via retry
> * qemu: bump default kernel version
> * qemu: decide debug kernel based on KERNEL_VERSION
> Some improvements to our testing infrastructure.
> * receive: use NAPI on the receive path
> This is a big change that should both improve preemption latency (by not
> disabling it unconditionally) and vastly improve rx performance on most
> systems by using NAPI. The main purpose of this snapshot is to test out this
> technique.
> Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
Committed to 2018.02.x and 2018.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list