| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This also involves bumping wireguard-tools so that wg.exe is up to date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This actually wasn't a problem before, because Windows ignores the
length field when not renaming to an alternative data stream:
FileName = lpFileInformation->FileName;
if ( lpFileInformation->FileNameLength >= 2 && *FileName == ':' )
{
FileNameLength = lpFileInformation->FileNameLength;
Src.MaximumLength = FileNameLength;
Src.Length = FileNameLength;
Src.Buffer = lpFileInformation->FileName;
}
else
{
status = RtlDosPathNameToNtPathName_U_WithStatus(FileName, &Src, 0, 0);
if ( status < 0 )
{
v15 = status;
LABEL_19:
BaseSetLastNTError(v15);
return 0;
}
FileNameLength = Src.Length;
}
Nonetheless, it's clear from this code (>=2) and the documentation that
the length field is intended to be in bytes, not chars. So fix that.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
We'll keep signing with EV. But this is not a security check. Anybody
can add an EV signature. It's not very expensive to do. And we've never
checked that it's actually _our_ signature. For that, there's the normal
ed25519-based mechanism, which is a lot nicer and faster.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since we're also bumping the PE subsystem header to 10.0, this means we
need a _load_config with the proper flags. So there's some work to be
done here.
This also means bumping LLVM and Go builds. In the case of Go, the patch
is still pending: https://go-review.googlesource.com/c/go/+/756680 , so
it's a custom build.
Remove lots of compatibility code and hacks. Also update the installer
to display a useful message.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
Also, make the name more confusing, no match the option, so that it
can initialize to false. This might be controversial; there are
arguments on both sides.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
| |
This fixes "Import tunnel(s) from file" and any other file open/save
dialog popup crash on ARM64.
Reported-by: Damjan Perenič <dperenic@connect.ust.hk>
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
|
|
|
|
|
|
| |
Existing code signing was hard-coded to use a locally installed
certificate (hardware security dongles included). However, signtool.exe
is extensible to allow any kind of digest signing plugin with /dlib and
/dmdf switches. This is used for cloud-based code signing (e.g.
Microsoft Trusted Signing).
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
|
|
|
| |
The version 3.14.0.4118 we were using is no longer available for
download.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deploying WireGuard MSI using Microsoft Endpoint Manager (aka MS Intune)
falls short with poor Microsoft Endpoint Manager support: no ARM64
support, requires multiple per-architecture deployments...
Fetcher proves super-useful for automating WireGuard install. It
contains platform selection logic, MSI download, integrity check...
However, automated installation is an unattended process and the
wireguard-installer.exe must not block the process for any user prompts.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Now that these are sorted properly, we can rely on the top one being the
newest. Before, we assumed the last one was the newest, which was only
true during betas and rcs, which required us to swap back and forth
between the first one and the last one. But even then, the last one
wouldn't always be the latest beta! So sometimes we had to change it to
the second to last one. And on and on with madness. In other words,
before the list was basically unsorted. But now that it's sorted, we can
just use the top one always, which is what we want.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that checking for internet connectivity is not really a
reliable way of knowing whether the WSAHOST_NOT_FOUND is legitimate or
not. So just give up on that approach, assume WSAHOST_NOT_FOUND is
always illegitimate at boot, and loop for a long time. This might induce
annoyances for admins who want to kill legitimate WSAHOST_NOT_FOUND
services that keep trying again, but they'll just have to wait for two
minutes.
Reported-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Current binaries overflow into `wchar_t total_bytes_str[22]`, which is
not used anywhere after the overflow, so no harm done thankfully.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
| |
Reported-by: shuaidonga <1181157720@qq.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
This should be easy to revert when we want to add it back.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
Hopefully this scares users less, while keeping the update tab so that
they still annoy their sysadmins to update.
Reported-by: Bruno Andry <bandry@ut1.org>
Discussed-with: Diab Neiroukh <lazerl0rd@thezest.dev>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
| |
Apparently this works now, but it didn't used to.
Reported-by: Christoph Loesch <wireguard-mail@chil.at>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Jason A. Donenfeld
Simon Rozman