Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Just to tie a loose end, it _does_ work fine on buster if you're actually on the latest kernel. If you have a long uptime and not rebooted, you will have these problems when it tries to compile wireguard for your currently used, old kernel, but there's no problem as such 4.19.0-9 anymore. -Timo signature.asc Description: OpenPGP digital signature
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Timo Jyrinki kirjoitti 18.6.2020 klo 18.18: > I managed to fix it thanks to message #34, changing > /usr/src/wireguard-1.0.20200520/compat/compat.h slightly and running dpkg > --configure -a. It built fine both against 4.19.0-6-marvell and > 4.19.0-9-marvell. Likewise for 1.0.20200611-1~bpo10+1, I needed to make sure line 98 in /usr/src/wireguard-1.0.*/compat/compat.h is in use. Then dpkg --configure -a to finish building. The patch from #34 is not enough for buster as it's nowadays included in these backports. -Timo signature.asc Description: OpenPGP digital signature
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Hi, I had this too using buster + backports: --- DKMS make.log for wireguard-1.0.20200520 for kernel 4.19.0-6-marvell (armv5tel) to 18.6.2020 15.12.16 +0300 make: Siirrytään hakemistoon ”/usr/src/linux-headers-4.19.0-6-marvell” CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/main.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/noise.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/device.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/peer.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/timers.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/queueing.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/send.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/receive.o CC [M] /var/lib/dkms/wireguard/1.0.20200520/build/socket.o /var/lib/dkms/wireguard/1.0.20200520/build/socket.c: In function ‘send6’: /var/lib/dkms/wireguard/1.0.20200520/build/socket.c:139:20: error: ‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup_flow’; did you mean ‘ipv6_dst_lookup’? dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, , ^~~~ ipv6_dst_lookup make[3]: *** [/usr/src/linux-headers-4.19.0-6-common/scripts/Makefile.build:309: /var/lib/dkms/wireguard/1.0.20200520/build/socket.o] Virhe 1 make[2]: *** [/usr/src/linux-headers-4.19.0-6-common/Makefile:1534: _module_/var/lib/dkms/wireguard/1.0.20200520/build] Virhe 2 make[1]: *** [Makefile:146: sub-make] Virhe 2 make: *** [Makefile:8: all] Virhe 2 make: Poistutaan hakemistosta ”/usr/src/linux-headers-4.19.0-6-marvell” --- I managed to fix it thanks to message #34, changing /usr/src/wireguard-1.0.20200520/compat/compat.h slightly and running dpkg --configure -a. It built fine both against 4.19.0-6-marvell and 4.19.0-9-marvell. -Timo signature.asc Description: OpenPGP digital signature
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Hello, I'm experiencing the same error: " DKMS make.log for wireguard-1.0.20200506 for kernel 4.19.118 (x86_64) Fri 29 May 2020 06:12:30 PM CEST make: Entering directory '/usr/src/linux-source-4.19' CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/main.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/noise.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/device.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/peer.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/timers.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/queueing.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/send.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/receive.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/socket.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/peerlookup.o CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/allowedips.o In file included from : /var/lib/dkms/wireguard/1.0.20200506/build/socket.c: In function ‘send6’: /var/lib/dkms/wireguard/1.0.20200506/build/compat/compat.h:104:42: error: ‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup’; did you mean ‘ipv6_dst_lookup_flow’? #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) + (void *)0 ?: dst ^~~ /var/lib/dkms/wireguard/1.0.20200506/build/socket.c:139:20: note: in expansion of macro ‘ipv6_dst_lookup_flow’ dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, , ^~~~ make[1]: *** [scripts/Makefile.build:308: /var/lib/dkms/wireguard/1.0.20200506/build/socket.o] Error 1 make[1]: *** Waiting for unfinished jobs make: *** [Makefile:1537: _module_/var/lib/dkms/wireguard/1.0.20200506/build] Error 2 make: Leaving directory '/usr/src/linux-source-4.19' " I'm running Debian Buster 10.4 with a compiled kernel 4.19.118. Trying to install Wireguard via buster-backports. Any ideas? Thanks a lot!
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
This problem is still present in stable (buster 10.4): kernel 4.19.0-9-amd64 wireguard-dkms 0.0.20181119-1
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Package: wireguard-dkms Followup-For: Bug #959157 Dear Maintainer, wireguard-dkms 1.0.20200429-2 (from unstable) compile module successfully so this set fixed the problem for me $ dpkg -l | grep wireguard ii wireguard 1.0.20200319-1~bpo10+1 all ii wireguard-dkms 1.0.20200429-2 all ii wireguard-tools1.0.20200319-1~bpo10+1 amd64 -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages wireguard-dkms depends on: ii bc1.07.1-2+b1 ii dkms 2.6.1-4 ii perl 5.28.1-6 Versions of packages wireguard-dkms recommends: ii wireguard1.0.20200319-1~bpo10+1 ii wireguard-tools 1.0.20200319-1~bpo10+1 wireguard-dkms suggests no packages. -- no debconf information
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Package: wireguard-dkms Version: 1.0.20200429-1~bpo10+1 Followup-For: Bug #959157 Dear Maintainer, look like problem is still here: $ sudo aptitude -f install The following partially installed packages will be configured: wireguard wireguard-dkms No packages will be installed, upgraded, or removed. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 0 B will be used. Setting up wireguard-dkms (1.0.20200429-1~bpo10+1) ... Removing old wireguard-1.0.20200429 DKMS files... -- Deleting module version: 1.0.20200429 completely from the DKMS tree. -- Done. Loading new wireguard-1.0.20200429 DKMS files... Building for 4.19.0-9-amd64 Building initial module for 4.19.0-9-amd64 Error! Bad return status for module build on kernel: 4.19.0-9-amd64 (x86_64) Consult /var/lib/dkms/wireguard/1.0.20200429/build/make.log for more information. dpkg: error processing package wireguard-dkms (--configure): installed wireguard-dkms package post-installation script subprocess returned error exit status 10 dpkg: dependency problems prevent configuration of wireguard: wireguard depends on wireguard-dkms (>= 0.0.20200121-2) | wireguard-modules (>= 0.0.20191219); however: Package wireguard-dkms is not configured yet. Package wireguard-modules is not installed. dpkg: error processing package wireguard (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: wireguard-dkms wireguard E: Sub-process /usr/bin/dpkg returned an error code (1) Setting up wireguard-dkms (1.0.20200429-1~bpo10+1) ... Removing old wireguard-1.0.20200429 DKMS files... -- Deleting module version: 1.0.20200429 completely from the DKMS tree. -- Done. Loading new wireguard-1.0.20200429 DKMS files... Building for 4.19.0-9-amd64 Building initial module for 4.19.0-9-amd64 Error! Bad return status for module build on kernel: 4.19.0-9-amd64 (x86_64) Consult /var/lib/dkms/wireguard/1.0.20200429/build/make.log for more information. dpkg: error processing package wireguard-dkms (--configure): installed wireguard-dkms package post-installation script subprocess returned error exit status 10 dpkg: dependency problems prevent configuration of wireguard: wireguard depends on wireguard-dkms (>= 0.0.20200121-2) | wireguard-modules (>= 0.0.20191219); however: Package wireguard-dkms is not configured yet. Package wireguard-modules is not installed. dpkg: error processing package wireguard (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: wireguard-dkms wireguard $ cat /var/lib/dkms/wireguard/1.0.20200429/build/make.log DKMS make.log for wireguard-1.0.20200429 for kernel 4.19.0-9-amd64 (x86_64) Sat May 2 16:31:27 +10 2020 make: Entering directory '/usr/src/linux-headers-4.19.0-9-amd64' CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/main.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/noise.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/device.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/peer.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/timers.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/queueing.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/send.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/receive.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/socket.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/peerlookup.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/allowedips.o CC [M] /var/lib/dkms/wireguard/1.0.20200429/build/ratelimiter.o In file included from : /var/lib/dkms/wireguard/1.0.20200429/build/socket.c: In function 'send6': /var/lib/dkms/wireguard/1.0.20200429/build/compat/compat.h:102:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'? #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) + (void *)0 ?: dst ^~~ /var/lib/dkms/wireguard/1.0.20200429/build/socket.c:145:20: note: in expansion of macro 'ipv6_dst_lookup_flow' dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, , ^~~~ make[3]: *** [/usr/src/linux-headers-4.19.0-9-common/scripts/Makefile.build:308: /var/lib/dkms/wireguard/1.0.20200429/build/socket.o] Error 1 make[3]: *** Waiting for unfinished jobs make[2]: *** [/usr/src/linux-headers-4.19.0-9-common/Makefile:1537: _module_/var/lib/dkms/wireguard/1.0.20200429/build] Error 2 make[1]: *** [Makefile:146: sub-make] Error 2 make: *** [Makefile:8: all] Error 2 make: Leaving directory '/usr/src/linux-headers-4.19.0-9-amd64' $ uname -a Linux hostname 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) x86_64 GNU/Linux -- System Information: Debian Release: 10.3 APT prefers stable-updates APT
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
https://git.zx2c4.com/wireguard-linux-compat/commit/?id=4602590adee92557847e61c8cd14445d35fbfa2e
Bug#959157: fix for CVE-2020-1749 in linux-image-4.19.0-9 breaks wireguard
Package: wireguard Version: 1.0.20200319-1~bpo10+1 Severity: grave Hello wireguard package maintainer, DSA 4667-1, a Linux security update released on 2020-04-28, includes a fix for CVE-2020-1749 that changes ipv6_stub to use ip6_dst_lookup_flow instead of ip6_dst_lookup. In wireguard-linux-compat/src/compat/compat.h, the following must be corrected such that ipv6_dst_lookup_flow is used for Debian linux kernel 4.19.0-9: 99 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3, 16, 83) 100 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup_flow(b, c, d) 101 #elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) && LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18) && !defined(ISRHEL82)) 102 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, , c) + (void *)0 ?: dst 103 #endif Otherwise, line 102 is used and the code fails to build from source. Thanks, Luca -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (90, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages wireguard depends on: ii wireguard-dkms 0.0.20200318-1~bpo10+1 ii wireguard-tools 1.0.20200319-1~bpo10+1 wireguard recommends no packages. wireguard suggests no packages. -- no debconf information