aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/updater (follow)
Commit message (Collapse)AuthorAgeFilesLines
* updater: drain the entire response when fetching version listJason A. Donenfeld2026-05-191-4/+3
| | | | | | | | | WinHTTP can short-read across TLS or HTTP chunk boundaries, so a single Read may truncate the signed file list. Signify verification catches it, but the user sees a spurious update-check failure instead of a successful fetch. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater,fetcher: disable HTTP/3Jason A. Donenfeld2026-05-061-5/+2
| | | | | | | We had reports of it failing. Reported-by: Ben Yoder <byoder@moltzconstructors.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: regenerate syscall code from latest x/sys/windows wrapperJason A. Donenfeld2026-04-201-12/+12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: response is unsigned anywayJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: fix error message text to specify hex, not base64Jason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: read proper number of numbersJason A. Donenfeld2026-04-161-1/+1
| | | | | | | There's no way it'd be valid anyway, but this index is for utf16 chars, not utf8 chars. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: more gracefully handle read errors in winhttpJason A. Donenfeld2026-04-161-1/+1
| | | | | | Otherwise we keep trying infinitely. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: do not return swallowed errorJason A. Donenfeld2026-04-101-2/+1
| | | | | | Before we were still returning the swallowed error. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater,fetcher: enable http/3 opportunisticallyJason A. Donenfeld2026-03-302-3/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: do not verify EV statusJason A. Donenfeld2026-03-232-40/+0
| | | | | | | | | We'll keep signing with EV. But this is not a security check. Anybody can add an EV signature. It's not very expensive to do. And we've never checked that it's actually _our_ signature. For that, there's the normal ed25519-based mechanism, which is a lot nicer and faster. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: raise min windows version to 10Jason A. Donenfeld2026-03-211-23/+4
| | | | | | | | | | | | | | | Since we're also bumping the PE subsystem header to 10.0, this means we need a _load_config with the proper flags. So there's some work to be done here. This also means bumping LLVM and Go builds. In the case of Go, the patch is still pending: https://go-review.googlesource.com/c/go/+/756680 , so it's a custom build. Remove lots of compatibility code and hacks. Also update the installer to display a useful message. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: modernize go conventionsJason A. Donenfeld2026-03-181-5/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-1811-11/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-0611-11/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use strings.Cut where possibleJason A. Donenfeld2021-12-231-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-092-1/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher,winhttp: force TLS 1.2 on Win 8.0 and 7Jason A. Donenfeld2021-10-292-1/+24
| | | | | | | | On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only allows for TLS 1.0. And of course there's no TLS 1.3 support there at all. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: return to using proper constantJason A. Donenfeld2021-08-031-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: use correct constant for authentication verification and freeJason A. Donenfeld2021-07-291-2/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: port to arm64Jason A. Donenfeld2021-02-181-1/+1
| | | | | | | | | | We build Go from modified-source with a bootstrap version, rather than shipping so many patches in this repo. This commit also removes the previous WOW hacks, and goes back to strictly forbidding WOW. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: move away from ioutilJason A. Donenfeld2021-02-011-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright dateJason A. Donenfeld2021-02-0111-11/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winhttp: use errors.As for unwrappingJason A. Donenfeld2021-01-251-4/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater,version: simplify code locationsJason A. Donenfeld2021-01-256-25/+33
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: another attempt at winhttpJason A. Donenfeld2020-11-308-28/+846
| | | | | | | This reverts commit fbc3ceba56df06a61346f0b873f1e1d85c5b05a9, while reworking it too. This saves 2M in the binary. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update headersJason A. Donenfeld2020-11-227-7/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: unify architecture string handlingJason A. Donenfeld2020-11-223-61/+1
| | | | | | | Always report native architecture and use "x86" instead of "386" for all identification strings, except when explicitly stating the Go verison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: allow S-1-5-32-556 users to launch a limited UIJason A. Donenfeld2020-11-221-1/+0
| | | | | | | | | | | | | | | | | I still have serious security reservations about this, both conceptually -- should users be allowed to do this stuff? -- and pratically -- there are issues with this implementation that need some examination. TODO: - Is that registry key a secure path? Should we double check it? - Are we leaking handles to the unpriv'd process from the manager? Audit this too. - IPC notifications are blocking. Should we move this to a go routine to mitigate DoS potential? - Is GOB deserialization secure? Can an NCO user crash or RCE the manager? Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: remove obsolete syscall stubJason A. Donenfeld2020-11-181-8/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: BOOLEAN is a char, whereas BOOL is an intJason A. Donenfeld2020-11-171-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: SetFileInformationByHandle moved into x/sysJason A. Donenfeld2020-11-171-11/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: handle deletion more smoothlyJason A. Donenfeld2020-11-172-21/+50
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* conf: move configuration to C:\Program Files\WireGuard\DataJason A. Donenfeld2020-11-161-3/+5
| | | | | | It doesn't get wiped out on Windows upgrades. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mod: bump x/sys for IsWow64Process2Jason A. Donenfeld2020-11-163-86/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: use constants from debug/peJason A. Donenfeld2020-11-162-40/+5
| | | | | | | These are nice here, but we don't want to use them for memmod, since there we need a more complete linker. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: updater: introduce ARM64 MSI packagesSimon Rozman2020-11-136-12/+180
| | | | | | Windows 10 ARM64 refuses to install ARM MSI. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: enable ARM MSI buildingSimon Rozman2020-11-131-0/+2
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* updater: allow updating from the command lineJason A. Donenfeld2020-04-051-4/+23
| | | | | | | | | The administrator user may run `wireguard.exe /update`, which will check for updates and install it if available. A log file may be written using `wireguard.exe /update path\to\log\file.txt`. Requested-by: Elliot Saba <staticfloat@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: use ed25519 from standard libraryJason A. Donenfeld2019-10-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Revert "updater: use winhttp to reduce filesize"Jason A. Donenfeld2019-09-276-684/+21
| | | | | | | | This reverts commit b1a33fd099fdcc25b0edba9c0e3f2ea9f8d0d9c4. We'll revisit this later. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: use winhttp to reduce filesizeJason A. Donenfeld2019-09-236-21/+684
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use SECURITY_DESCRIPTOR apis from x/sys/windowsJason A. Donenfeld2019-09-231-3/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: use correct length for security attributesJason A. Donenfeld2019-09-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: hard code name and version at compile timeJason A. Donenfeld2019-08-301-2/+1
| | | | | | | | | We really do want the true name and version in logs so that external consumers have a good reference point for helping us debug. We can then do the log file directory explicitly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: use ProductName and ProductVersion as stringsJason A. Donenfeld2019-08-301-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: cleanup TODO comment spacingJason A. Donenfeld2019-06-072-6/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use filepath.Join uniformlyJason A. Donenfeld2019-05-251-5/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: use winpipe instead of winioJason A. Donenfeld2019-05-231-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: regroup all importsJason A. Donenfeld2019-05-144-6/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* service: allow go to create correct environment blockJason A. Donenfeld2019-05-132-4/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>