From c833b249a9a24d72578c3d53b675c148fe1518ed Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 13 Jun 2017 15:35:26 +0200
Subject: [PATCH] wireguard: version bump

From upstream's changelog:

  * timers: queue up killing ephemerals only if not already

  We fix up a small detail in the timer logic that changed during the last
  snapshot.

  * receive: trim incoming packets to IP header length

  Packets are now trimmed to their actual length, not their length+padding,
  before handing to the rest of the network subsystem, so that packets look
  pretty in tcpdump. This doesn't actually affect what userspace sees, since the
  kernel trims it at a later stage, but it does make pcaps a bit nicer to use.

  * curve25519: use more standard label convention in asm

  This ensures that perf(1) shows the function name instead of the label name.

  * compat: remove padata hotplug code

  Fixes building on kernels that have HOTPLUG enabled but no PADATA support.

  * config: add new line for style
  * device: do-while assignment style
  * peer: explicitly initialize atomic

  Style.

  * noise: fix race when replacing handshake

  Handle a situation in which three peers, all running on the same system, begin
  a handshake with all three of each other, at exactly the same time, on a
  multi-CPU system.

  * random: wait for random bytes when generating nonces and ephemerals

  We've been working with upstream to add a new API to the kernel for ensuring
  that the RNG actually is seeded. Until they merge it for 4.13, we provide a
  poly-fill to the compat code. This means that WireGuard will block during
  handshakes until the RNG has enough entropy, so that it's never in a
  circumstance in which ephemeral keys are generated from bad randomness.

  * go test: properly pad message
  * go test: correct tai64n and formatting
  * external-tests: add keepalive packet
  * go test: use x/crypto for blake2s now that we have 128-bit mac
  * external-tests: trim the fat

  Improvements for the external tests.

  * wg-quick: make sure we have empty table for both v6 and v4
  * wg-quick: match ipv6 default route more broadly

  Tiny nits with wg-quick, one of which should now allow multiple v6-only
  wg-quick instances running at the same time.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 net/wireguard/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/wireguard/Makefile b/net/wireguard/Makefile
index e04bd2631..f55e9a2db 100644
--- a/net/wireguard/Makefile
+++ b/net/wireguard/Makefile
@@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=wireguard
 
-PKG_VERSION:=0.0.20170531
+PKG_VERSION:=0.0.20170613
 PKG_RELEASE:=1
 
 PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
-PKG_HASH:=2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7cacc
+PKG_HASH:=88ac77569eeb79c517318d58a0954caa0a4d2a6a1694e74c2a3b1c14438ac941
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING