openwrt/package/network/services
Jason A. Donenfeld 2bd56595a6 wireguard: bump to 0.0.20200318
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.

* curve25519-x86_64: avoid use of r12

This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.

* wireguard: queueing: account for skb->protocol==0

This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.

* receive: remove dead code from default packet type case

A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.

* noise: error out precomputed DH during handshake rather than config

All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.

* send: use normaler alignment formula from upstream

We're trying to keep a minimal delta with upstream for the compat backport.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:42:07 +01:00
..
dnsmasq dnsmasq: bump to v2.81rc3 2020-03-10 12:49:07 +00:00
dropbear dropbear: fix compile error 2020-01-15 21:31:12 +01:00
ead ead: fix resource leak in tinysrp 2020-01-05 19:36:46 +01:00
hostapd hostapd: fix segfault in wpa_supplicant ubus 2020-03-18 19:05:22 +01:00
igmpproxy igmpproxy: drop SSDP packets 2018-07-30 10:43:36 +02:00
ipset-dns base-files: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/ 2020-01-07 15:36:03 +02:00
lldpd lldpd: bump to 1.0.5 2020-02-22 10:31:28 +02:00
odhcpd odhcpd: update to latest git HEAD 2020-03-15 20:09:19 +01:00
omcproxy omcproxy: define configuration file 2019-02-27 10:26:14 +01:00
openvpn openvpn: update to 2.4.8 2019-12-22 10:45:09 +01:00
openvpn-easy-rsa openvpn-easy-rsa: update to 3.0.4 2018-07-30 10:43:38 +02:00
ppp ppp: activate PIE ASLR by default 2020-03-01 21:35:59 +01:00
relayd treewide: replace LEDE_GIT with PROJECT_GIT 2018-01-10 21:27:32 +01:00
samba36 samba36: allow build with no ipv6 support 2019-02-17 19:22:39 +01:00
uhttpd uhttpd: update to latest Git HEAD 2020-02-12 18:01:13 +01:00
umdns treewide: replace LEDE_GIT with PROJECT_GIT 2018-01-10 21:27:32 +01:00
wireguard wireguard: bump to 0.0.20200318 2020-03-21 09:42:07 +01:00