gnu: Remove linux-libre 6.3.
This kernel series is no longer supported upstream. * gnu/packages/linux.scm (linux-libre-6.3-version, linux-libre-6.3-gnu-revision, deblob-scripts-6.3, linux-libre-6.3-pristine-source, linux-libre-6.3-source, linux-libre-headers-6.3, linux-libre-6.3): Remove variables. * gnu/packages/aux-files/linux-libre/6.3-arm.conf, gnu/packages/aux-files/linux-libre/6.3-arm64.conf, gnu/packages/aux-files/linux-libre/6.3-i686.conf, gnu/packages/aux-files/linux-libre/6.3-x86_64.conf: Delete files. * Makefile.am (AUX_FILES): Remove them. * gnu/packages/patches/linux-libre-wireguard-postup-privkey.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.master
parent
8eefb81b77
commit
db775e7367
|
@ -414,10 +414,6 @@ AUX_FILES = \
|
||||||
gnu/packages/aux-files/linux-libre/6.4-arm64.conf \
|
gnu/packages/aux-files/linux-libre/6.4-arm64.conf \
|
||||||
gnu/packages/aux-files/linux-libre/6.4-i686.conf \
|
gnu/packages/aux-files/linux-libre/6.4-i686.conf \
|
||||||
gnu/packages/aux-files/linux-libre/6.4-x86_64.conf \
|
gnu/packages/aux-files/linux-libre/6.4-x86_64.conf \
|
||||||
gnu/packages/aux-files/linux-libre/6.3-arm.conf \
|
|
||||||
gnu/packages/aux-files/linux-libre/6.3-arm64.conf \
|
|
||||||
gnu/packages/aux-files/linux-libre/6.3-i686.conf \
|
|
||||||
gnu/packages/aux-files/linux-libre/6.3-x86_64.conf \
|
|
||||||
gnu/packages/aux-files/linux-libre/6.1-arm.conf \
|
gnu/packages/aux-files/linux-libre/6.1-arm.conf \
|
||||||
gnu/packages/aux-files/linux-libre/6.1-arm64.conf \
|
gnu/packages/aux-files/linux-libre/6.1-arm64.conf \
|
||||||
gnu/packages/aux-files/linux-libre/6.1-i686.conf \
|
gnu/packages/aux-files/linux-libre/6.1-i686.conf \
|
||||||
|
|
|
@ -1554,7 +1554,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/linphone-desktop-without-sdk.patch \
|
%D%/packages/patches/linphone-desktop-without-sdk.patch \
|
||||||
%D%/packages/patches/linux-libre-infodocs-target.patch \
|
%D%/packages/patches/linux-libre-infodocs-target.patch \
|
||||||
%D%/packages/patches/linux-libre-support-for-Pinebook-Pro.patch \
|
%D%/packages/patches/linux-libre-support-for-Pinebook-Pro.patch \
|
||||||
%D%/packages/patches/linux-libre-wireguard-postup-privkey.patch \
|
|
||||||
%D%/packages/patches/linux-pam-no-setfsuid.patch \
|
%D%/packages/patches/linux-pam-no-setfsuid.patch \
|
||||||
%D%/packages/patches/linux-pam-unix_chkpwd.patch \
|
%D%/packages/patches/linux-pam-unix_chkpwd.patch \
|
||||||
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
|
%D%/packages/patches/linuxdcpp-openssl-1.1.patch \
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -502,21 +502,6 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
|
||||||
(%upstream-linux-source version hash)
|
(%upstream-linux-source version hash)
|
||||||
deblob-scripts-6.4)))
|
deblob-scripts-6.4)))
|
||||||
|
|
||||||
(define-public linux-libre-6.3-version "6.3.13")
|
|
||||||
(define-public linux-libre-6.3-gnu-revision "gnu")
|
|
||||||
(define deblob-scripts-6.3
|
|
||||||
(linux-libre-deblob-scripts
|
|
||||||
linux-libre-6.3-version
|
|
||||||
linux-libre-6.3-gnu-revision
|
|
||||||
(base32 "01ivgzq18fwas87q84jx9jipcw58kwdnch7ylwg06d98ncga27px")
|
|
||||||
(base32 "1i6vyakvqgmr3lcmr0aj8n7lbcksrp4d0rm1sz7cz64hwbsr67pq")))
|
|
||||||
(define-public linux-libre-6.3-pristine-source
|
|
||||||
(let ((version linux-libre-6.3-version)
|
|
||||||
(hash (base32 "1ywijjhf19bciip75ppzjjh7bkadd449jr64yg2j5049w9h0aipa")))
|
|
||||||
(make-linux-libre-source version
|
|
||||||
(%upstream-linux-source version hash)
|
|
||||||
deblob-scripts-6.3)))
|
|
||||||
|
|
||||||
;; The "longterm" kernels — the older releases with long-term upstream support.
|
;; The "longterm" kernels — the older releases with long-term upstream support.
|
||||||
;; Here are the support timelines:
|
;; Here are the support timelines:
|
||||||
;; <https://www.kernel.org/category/releases.html>
|
;; <https://www.kernel.org/category/releases.html>
|
||||||
|
@ -643,13 +628,6 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
|
||||||
(list %boot-logo-patch
|
(list %boot-logo-patch
|
||||||
%linux-libre-arm-export-__sync_icache_dcache-patch)))
|
%linux-libre-arm-export-__sync_icache_dcache-patch)))
|
||||||
|
|
||||||
(define-public linux-libre-6.3-source
|
|
||||||
(source-with-patches linux-libre-6.3-pristine-source
|
|
||||||
(list %boot-logo-patch
|
|
||||||
%linux-libre-arm-export-__sync_icache_dcache-patch
|
|
||||||
(search-patch
|
|
||||||
"linux-libre-wireguard-postup-privkey.patch"))))
|
|
||||||
|
|
||||||
(define-public linux-libre-6.1-source
|
(define-public linux-libre-6.1-source
|
||||||
(source-with-patches linux-libre-6.1-pristine-source
|
(source-with-patches linux-libre-6.1-pristine-source
|
||||||
(append
|
(append
|
||||||
|
@ -768,11 +746,6 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
|
||||||
linux-libre-6.4-gnu-revision
|
linux-libre-6.4-gnu-revision
|
||||||
linux-libre-6.4-source))
|
linux-libre-6.4-source))
|
||||||
|
|
||||||
(define-public linux-libre-headers-6.3
|
|
||||||
(make-linux-libre-headers* linux-libre-6.3-version
|
|
||||||
linux-libre-6.3-gnu-revision
|
|
||||||
linux-libre-6.3-source))
|
|
||||||
|
|
||||||
(define-public linux-libre-headers-6.1
|
(define-public linux-libre-headers-6.1
|
||||||
(make-linux-libre-headers* linux-libre-6.1-version
|
(make-linux-libre-headers* linux-libre-6.1-version
|
||||||
linux-libre-6.1-gnu-revision
|
linux-libre-6.1-gnu-revision
|
||||||
|
@ -1119,14 +1092,6 @@ Linux kernel. It has been modified to remove all non-free binary blobs.")
|
||||||
"aarch64-linux" "powerpc64le-linux" "riscv64-linux")
|
"aarch64-linux" "powerpc64le-linux" "riscv64-linux")
|
||||||
#:configuration-file kernel-config))
|
#:configuration-file kernel-config))
|
||||||
|
|
||||||
(define-public linux-libre-6.3
|
|
||||||
(make-linux-libre* linux-libre-6.3-version
|
|
||||||
linux-libre-6.3-gnu-revision
|
|
||||||
linux-libre-6.3-source
|
|
||||||
'("x86_64-linux" "i686-linux" "armhf-linux"
|
|
||||||
"aarch64-linux" "powerpc64le-linux" "riscv64-linux")
|
|
||||||
#:configuration-file kernel-config))
|
|
||||||
|
|
||||||
(define-public linux-libre-version linux-libre-6.4-version)
|
(define-public linux-libre-version linux-libre-6.4-version)
|
||||||
(define-public linux-libre-gnu-revision linux-libre-6.4-gnu-revision)
|
(define-public linux-libre-gnu-revision linux-libre-6.4-gnu-revision)
|
||||||
(define-public linux-libre-pristine-source linux-libre-6.4-pristine-source)
|
(define-public linux-libre-pristine-source linux-libre-6.4-pristine-source)
|
||||||
|
|
|
@ -1,119 +0,0 @@
|
||||||
From 3ac1bf099766f1e9735883d5127148054cd5b30a Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
|
||||||
Date: Thu, 18 May 2023 03:08:44 +0200
|
|
||||||
Subject: wireguard: netlink: send staged packets when setting initial private
|
|
||||||
key
|
|
||||||
|
|
||||||
Packets bound for peers can queue up prior to the device private key
|
|
||||||
being set. For example, if persistent keepalive is set, a packet is
|
|
||||||
queued up to be sent as soon as the device comes up. However, if the
|
|
||||||
private key hasn't been set yet, the handshake message never sends, and
|
|
||||||
no timer is armed to retry, since that would be pointless.
|
|
||||||
|
|
||||||
But, if a user later sets a private key, the expectation is that those
|
|
||||||
queued packets, such as a persistent keepalive, are actually sent. So
|
|
||||||
adjust the configuration logic to account for this edge case, and add a
|
|
||||||
test case to make sure this works.
|
|
||||||
|
|
||||||
Maxim noticed this with a wg-quick(8) config to the tune of:
|
|
||||||
|
|
||||||
[Interface]
|
|
||||||
PostUp = wg set %i private-key somefile
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
PublicKey = ...
|
|
||||||
Endpoint = ...
|
|
||||||
PersistentKeepalive = 25
|
|
||||||
|
|
||||||
Here, the private key gets set after the device comes up using a PostUp
|
|
||||||
script, triggering the bug.
|
|
||||||
|
|
||||||
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Reported-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
||||||
Link: https://lore.kernel.org/wireguard/87fs7xtqrv.fsf@gmail.com/
|
|
||||||
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
||||||
---
|
|
||||||
drivers/net/wireguard/netlink.c | 14 +++++++++-----
|
|
||||||
tools/testing/selftests/wireguard/netns.sh | 30 ++++++++++++++++++++++++++----
|
|
||||||
2 files changed, 35 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
|
|
||||||
index 43c8c84e7ea8..6d1bd9f52d02 100644
|
|
||||||
--- a/drivers/net/wireguard/netlink.c
|
|
||||||
+++ b/drivers/net/wireguard/netlink.c
|
|
||||||
@@ -546,6 +546,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
|
|
||||||
u8 *private_key = nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]);
|
|
||||||
u8 public_key[NOISE_PUBLIC_KEY_LEN];
|
|
||||||
struct wg_peer *peer, *temp;
|
|
||||||
+ bool send_staged_packets;
|
|
||||||
|
|
||||||
if (!crypto_memneq(wg->static_identity.static_private,
|
|
||||||
private_key, NOISE_PUBLIC_KEY_LEN))
|
|
||||||
@@ -564,14 +565,17 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
|
|
||||||
}
|
|
||||||
|
|
||||||
down_write(&wg->static_identity.lock);
|
|
||||||
- wg_noise_set_static_identity_private_key(&wg->static_identity,
|
|
||||||
- private_key);
|
|
||||||
- list_for_each_entry_safe(peer, temp, &wg->peer_list,
|
|
||||||
- peer_list) {
|
|
||||||
+ send_staged_packets = !wg->static_identity.has_identity && netif_running(wg->dev);
|
|
||||||
+ wg_noise_set_static_identity_private_key(&wg->static_identity, private_key);
|
|
||||||
+ send_staged_packets = send_staged_packets && wg->static_identity.has_identity;
|
|
||||||
+
|
|
||||||
+ wg_cookie_checker_precompute_device_keys(&wg->cookie_checker);
|
|
||||||
+ list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) {
|
|
||||||
wg_noise_precompute_static_static(peer);
|
|
||||||
wg_noise_expire_current_peer_keypairs(peer);
|
|
||||||
+ if (send_staged_packets)
|
|
||||||
+ wg_packet_send_staged_packets(peer);
|
|
||||||
}
|
|
||||||
- wg_cookie_checker_precompute_device_keys(&wg->cookie_checker);
|
|
||||||
up_write(&wg->static_identity.lock);
|
|
||||||
}
|
|
||||||
skip_set_private_key:
|
|
||||||
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
|
|
||||||
index 69c7796c7ca9..405ff262ca93 100755
|
|
||||||
--- a/tools/testing/selftests/wireguard/netns.sh
|
|
||||||
+++ b/tools/testing/selftests/wireguard/netns.sh
|
|
||||||
@@ -514,10 +514,32 @@ n2 bash -c 'printf 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
|
|
||||||
n1 ping -W 1 -c 1 192.168.241.2
|
|
||||||
[[ $(n2 wg show wg0 endpoints) == "$pub1 10.0.0.3:1" ]]
|
|
||||||
|
|
||||||
-ip1 link del veth1
|
|
||||||
-ip1 link del veth3
|
|
||||||
-ip1 link del wg0
|
|
||||||
-ip2 link del wg0
|
|
||||||
+ip1 link del dev veth3
|
|
||||||
+ip1 link del dev wg0
|
|
||||||
+ip2 link del dev wg0
|
|
||||||
+
|
|
||||||
+# Make sure persistent keep alives are sent when an adapter comes up
|
|
||||||
+ip1 link add dev wg0 type wireguard
|
|
||||||
+n1 wg set wg0 private-key <(echo "$key1") peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
|
|
||||||
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
|
|
||||||
+[[ $tx_bytes -eq 0 ]]
|
|
||||||
+ip1 link set dev wg0 up
|
|
||||||
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
|
|
||||||
+[[ $tx_bytes -gt 0 ]]
|
|
||||||
+ip1 link del dev wg0
|
|
||||||
+# This should also happen even if the private key is set later
|
|
||||||
+ip1 link add dev wg0 type wireguard
|
|
||||||
+n1 wg set wg0 peer "$pub2" endpoint 10.0.0.1:1 persistent-keepalive 1
|
|
||||||
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
|
|
||||||
+[[ $tx_bytes -eq 0 ]]
|
|
||||||
+ip1 link set dev wg0 up
|
|
||||||
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
|
|
||||||
+[[ $tx_bytes -eq 0 ]]
|
|
||||||
+n1 wg set wg0 private-key <(echo "$key1")
|
|
||||||
+read _ _ tx_bytes < <(n1 wg show wg0 transfer)
|
|
||||||
+[[ $tx_bytes -gt 0 ]]
|
|
||||||
+ip1 link del dev veth1
|
|
||||||
+ip1 link del dev wg0
|
|
||||||
|
|
||||||
# We test that Netlink/IPC is working properly by doing things that usually cause split responses
|
|
||||||
ip0 link add dev wg0 type wireguard
|
|
||||||
--
|
|
||||||
cgit v1.2.3-59-g8ed1b
|
|
||||||
|
|
Reference in New Issue