From upstream's changelog:
* timers: queue up killing ephemerals only if not already
We fix up a small detail in the timer logic that changed during the last
snapshot.
* receive: trim incoming packets to IP header length
Packets are now trimmed to their actual length, not their length+padding,
before handing to the rest of the network subsystem, so that packets look
pretty in tcpdump. This doesn't actually affect what userspace sees, since the
kernel trims it at a later stage, but it does make pcaps a bit nicer to use.
* curve25519: use more standard label convention in asm
This ensures that perf(1) shows the function name instead of the label name.
* compat: remove padata hotplug code
Fixes building on kernels that have HOTPLUG enabled but no PADATA support.
* config: add new line for style
* device: do-while assignment style
* peer: explicitly initialize atomic
Style.
* noise: fix race when replacing handshake
Handle a situation in which three peers, all running on the same system, begin
a handshake with all three of each other, at exactly the same time, on a
multi-CPU system.
* random: wait for random bytes when generating nonces and ephemerals
We've been working with upstream to add a new API to the kernel for ensuring
that the RNG actually is seeded. Until they merge it for 4.13, we provide a
poly-fill to the compat code. This means that WireGuard will block during
handshakes until the RNG has enough entropy, so that it's never in a
circumstance in which ephemeral keys are generated from bad randomness.
* go test: properly pad message
* go test: correct tai64n and formatting
* external-tests: add keepalive packet
* go test: use x/crypto for blake2s now that we have 128-bit mac
* external-tests: trim the fat
Improvements for the external tests.
* wg-quick: make sure we have empty table for both v6 and v4
* wg-quick: match ipv6 default route more broadly
Tiny nits with wg-quick, one of which should now allow multiple v6-only
wg-quick instances running at the same time.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
From the upstream NEWS file:
v1.7.5
lz4hc : new high compression mode : levels 10-12 compress more and slower, by Przemyslaw Skibinski
lz4cat : fix : works with relative path (#284) and stdin (#285) (reported by @beiDei8z)
cli : fix minor notification when using -r recursive mode
API : lz4frame : LZ4F_frameBound(0) gives upper bound of *flush() and *End() operations (#290, #280)
doc : markdown version of man page, by Takayuki Matsuoka (#279)
build : Makefile : fix make -jX lib+exe concurrency (#277)
build : cmake : improvements by Michał Górny (#296)
v1.7.4.2
fix : Makefile : release build compatible with PIE and customized compilation directives provided through environment variables (#274, reported by Antoine Martin)
v1.7.4
Improved : much better speed in -mx32 mode
cli : fix : Large file support in 32-bits mode on Mac OS-X
fix : compilation on gcc 4.4 (#272), reported by Antoine Martin
v1.7.3
Changed : moved to versioning; package, cli and library have same version number
Improved: Small decompression speed boost
Improved: Small compression speed improvement on 64-bits systems
Improved: Small compression ratio and speed improvement on small files
Improved: Significant speed boost on ARMv6 and ARMv7
Fix : better ratio on 64-bits big-endian targets
Improved cmake build script, by Evan Nemerson
New liblz4-dll project, by Przemyslaw Skibinki
Makefile: Generates object files (*.o) for faster (re)compilation on low power systems
cli : new : --rm and --help commands
cli : new : preserved file attributes, by Przemyslaw Skibinki
cli : fix : crash on some invalid inputs
cli : fix : -t correctly validates lz4-compressed files, by Nick Terrell
cli : fix : detects and reports fread() errors, thanks to Hiroshi Fujishima report #243
cli : bench : new : -r recursive mode
lz4cat : can cat multiple files in a single command line (#184)
Added : doc/lz4_manual.html, by Przemyslaw Skibinski
Added : dictionary compression and frame decompression examples, by Nick Terrell
Added : Debianization, by Evgeniy Polyakov
Signed-off-by: Darik Horn <dajhorn@vanadac.com>
Removed patch 1008-fix-musl-sys-headers.patch which was integrated
upstream.
(Compile tested only so far)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
backend:
* cosmetics
frontend:
* "Save & Reply" now distinguish between normal and manual/backup mode
and triggers an appropriate reload or a start action
Signed-off-by: Dirk Brenken <dev@brenken.org>
Aiccu is a client utility used to connect to the SixXS platform.
As the SixXS platform has been sunset on 2017-06-06[1] and the server parts
of TIC/AYIYA protocol implementations haven't been published, there's no
point to maintain aiccu package anymore.
[1]: https://www.sixxs.net/sunset/
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
Script priority adjusted.
Custom memory management turned off to save some memory on low-end device.
Signed-off-by: Antonio Paunovic <antonio.paunovic@sartura.hr>
backend:
* add new 'manual mode' to re-use blocklist backups during startup,
get fresh lists only via manual reload or restart action
* additional free memory check during dns restart to prevent OOM errors
* removed palevo tracker from default config,
this tracker has been discontinued
* cosmetics
LuCI frontend (see luci repo):
* add new 'manual mode' under extra options
Signed-off-by: Dirk Brenken <dev@brenken.org>
The Makefile would still force the use of and linking against uClibc++
even though libstdc++ may have been chosen, which would result in the
package depending on libstdcpp ($(CXX_DEPENDS) but we would still be
missing an libuClibc++ library depdency.
Fix this by looking at CONFIG_USE_UCLIBCXX to adjust the configure
script variables.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Hannu Nyman
Jason A. Donenfeld
Daniel Golle
Peter Wagner
Hirokazu MORIKAWA
Darik Horn
Michael Heimpold
Dirk Brenken
Ondřej Caletka
Lucian Cristian
Luka Perkov
Antonio Paunovic
Federico Di Marco
Karl Palsson
Noah Meyerhans
Adrian Panella
Leonardo Medici
W. van den Akker
aTanW
Florian Fainelli