Merge branch 'bump-wireguard-go-for-android-and-macos-droid-560'

10 files changed, 63 insertions, 50 deletions

diff --git a/.github/workflows/daemon.yml b/.github/workflows/daemon.yml
index 6112f30fe8..3293e02879 100644
--- a/.github/workflows/daemon.yml
+++ b/.github/workflows/daemon.yml
@@ -100,7 +100,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.5
+          go-version: 1.21.3
 
       - name: Build and test crates
         run: ./ci/check-rust.sh
diff --git a/.github/workflows/desktop-e2e.yml b/.github/workflows/desktop-e2e.yml
index 8594ae32bf..3a42bb9b3c 100644
--- a/.github/workflows/desktop-e2e.yml
+++ b/.github/workflows/desktop-e2e.yml
@@ -234,7 +234,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.5
+          go-version: 1.21.3
       - name: Install Protoc
         uses: arduino/setup-protoc@v2
         with:
diff --git a/android/fdroid-build/init.sh b/android/fdroid-build/init.sh
index f8d498e10c..4d5cf8ce35 100755
--- a/android/fdroid-build/init.sh
+++ b/android/fdroid-build/init.sh
@@ -20,9 +20,9 @@ rustup target add \
     armv7-linux-androideabi
 
 # Install golang
-GOLANG_VERSION="1.18.5"
+GOLANG_VERSION="1.21.3"
 # Checksum from: https://golang.org/dl/
-GOLANG_HASH="9e5de37f9c49942c601b191ac5fba404b868bfc21d446d6960acc12283d6e5f2"
+GOLANG_HASH="1241381b2843fae5a9707eec1f8fb2ef94d827990582c7c7c32f5bdfbfd420c8"
 cd "$HOME"
 curl -sf -L -o go.tgz https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz
 echo "$GOLANG_HASH go.tgz" | sha256sum -c
diff --git a/building/README.md b/building/README.md
index 505c47f780..856b18a690 100644
--- a/building/README.md
+++ b/building/README.md
@@ -29,8 +29,11 @@ Build and publish the container image. Tag it with the github hash of the curren
 This also adds the container GPG signatures to the sigstore and commits that to git.
 The single sigstore addition (signed) commit can be pushed directly to the main branch without PR.
 ```
+# Builds a new container image, pushes it to the registry, signs it and commits the signatures in git
 ./build-and-publish-container-image.sh (linux|android)
-git push # Pushes the new sigstore entry
+
+# Pushes the new sigstore entry
+GIT_SSH_COMMAND="ssh -i /path/to/deploy-key" git push
 ```
 
 When satisfied with how the new image works, the `building/{linux,android}-container-image.txt`
diff --git a/building/android-container-image.txt b/building/android-container-image.txt
index 70b6fed39f..87fdd82c32 100644
--- a/building/android-container-image.txt
+++ b/building/android-container-image.txt
@@ -1 +1 @@
-ghcr.io/mullvad/mullvadvpn-app-build-android:9504b914a
+ghcr.io/mullvad/mullvadvpn-app-build-android:169361256
diff --git a/building/linux-container-image.txt b/building/linux-container-image.txt
index b94b251735..f9109d9414 100644
--- a/building/linux-container-image.txt
+++ b/building/linux-container-image.txt
@@ -1 +1 @@
-ghcr.io/mullvad/mullvadvpn-app-build:4986f0398
+ghcr.io/mullvad/mullvadvpn-app-build:1b882ccbc
diff --git a/wireguard/libwg/Android.mk b/wireguard/libwg/Android.mk
index 54fd160db8..acf2f6fe88 100644
--- a/wireguard/libwg/Android.mk
+++ b/wireguard/libwg/Android.mk
@@ -22,7 +22,7 @@ default: $(DESTDIR)/libwg.so
 
 GOBUILDARCH := $(NDK_GO_ARCH_MAP_$(shell uname -m))
 GOBUILDOS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
-GOBUILDVERSION := 1.18.5
+GOBUILDVERSION := 1.21.3
 # TODO: Add checksum?
 GOBUILDTARBALL := https://go.dev/dl/go$(GOBUILDVERSION).$(GOBUILDOS)-$(GOBUILDARCH).tar.gz
 GOBUILDVERSION_NEEDED := go version go$(GOBUILDVERSION) $(GOBUILDOS)/$(GOBUILDARCH)
diff --git a/wireguard/libwg/go.mod b/wireguard/libwg/go.mod
index 63ca03adbf..a19c17af3a 100644
--- a/wireguard/libwg/go.mod
+++ b/wireguard/libwg/go.mod
@@ -1,10 +1,10 @@
 module github.com/mullvad/mullvadvpn-app/wireguard/libwg
 
-go 1.18
+go 1.20
 
 require (
-	golang.org/x/sys v0.0.0-20220808155132-1c4a2a72c664
-	golang.zx2c4.com/wireguard v0.0.0-20220703234212-c31a7b1ab478
+	golang.org/x/sys v0.6.0
+	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
 )
 
 require (
diff --git a/wireguard/libwg/go.sum b/wireguard/libwg/go.sum
index b9afc6c3fc..d129c587a5 100644
--- a/wireguard/libwg/go.sum
+++ b/wireguard/libwg/go.sum
@@ -2,9 +2,9 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJ
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20220809184613-07c6da5e1ced h1:3dYNDff0VT5xj+mbj2XucFst9WKk6PdGOrb9n+SbIvw=
 golang.org/x/net v0.0.0-20220809184613-07c6da5e1ced/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/sys v0.0.0-20220808155132-1c4a2a72c664 h1:v1W7bwXHsnLLloWYTVEdvGvA7BHMeBYsPcF0GLDxIRs=
-golang.org/x/sys v0.0.0-20220808155132-1c4a2a72c664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
 golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
-golang.zx2c4.com/wireguard v0.0.0-20220703234212-c31a7b1ab478 h1:vDy//hdR+GnROE3OdYbQKt9rdtNdHkDtONvpRwmls/0=
-golang.zx2c4.com/wireguard v0.0.0-20220703234212-c31a7b1ab478/go.mod h1:bVQfyl2sCM/QIIGHpWbFGfHPuDvqnCNkT6MQLTCjO/U=
+golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675 h1:/J/RVnr7ng4fWPRH3xa4WtBJ1Jp+Auu4YNLmGiPv5QU=
+golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675/go.mod h1:whfbyDBt09xhCYQWtO2+3UVjlaq6/9hDZrjg2ZE6SyA=
diff --git a/wireguard/libwg/goruntime-boottime-over-monotonic.diff b/wireguard/libwg/goruntime-boottime-over-monotonic.diff
index 5cbc225674..5d78242b13 100644
--- a/wireguard/libwg/goruntime-boottime-over-monotonic.diff
+++ b/wireguard/libwg/goruntime-boottime-over-monotonic.diff
@@ -1,7 +1,8 @@
-From b83553d9f260ba20c6faaa52e6fe6f74309eb41a Mon Sep 17 00:00:00 2001
+From 61f3ae8298d1c503cbc31539e0f3a73446c7db9d Mon Sep 17 00:00:00 2001
 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Mon, 22 Feb 2021 02:36:03 +0100
-Subject: [PATCH] runtime: use CLOCK_BOOTTIME in nanotime on Linux
+Date: Tue, 21 Mar 2023 15:33:56 +0100
+Subject: [PATCH] [release-branch.go1.20] runtime: use CLOCK_BOOTTIME in
+ nanotime on Linux
 
 This makes timers account for having expired while a computer was
 asleep, which is quite common on mobile devices. Note that BOOTTIME is
@@ -21,17 +22,17 @@ Change-Id: I7b2a6ca0c5bc5fce57ec0eeafe7b68270b429321
  src/runtime/sys_linux_amd64.s   | 2 +-
  src/runtime/sys_linux_arm.s     | 4 ++--
  src/runtime/sys_linux_arm64.s   | 4 ++--
- src/runtime/sys_linux_mips64x.s | 2 +-
+ src/runtime/sys_linux_mips64x.s | 4 ++--
  src/runtime/sys_linux_mipsx.s   | 2 +-
  src/runtime/sys_linux_ppc64x.s  | 2 +-
  src/runtime/sys_linux_s390x.s   | 2 +-
- 8 files changed, 11 insertions(+), 11 deletions(-)
+ 8 files changed, 12 insertions(+), 12 deletions(-)
 
 diff --git a/src/runtime/sys_linux_386.s b/src/runtime/sys_linux_386.s
-index 1e3a834812..78b6021fc7 100644
+index 12a294153d..17e3524b40 100644
 --- a/src/runtime/sys_linux_386.s
 +++ b/src/runtime/sys_linux_386.s
-@@ -337,13 +337,13 @@ noswitch:
+@@ -352,13 +352,13 @@ noswitch:
  
  	LEAL	8(SP), BX	// &ts (struct timespec)
  	MOVL	BX, 4(SP)
@@ -48,10 +49,10 @@ index 1e3a834812..78b6021fc7 100644
  	INVOKE_SYSCALL
  
 diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
-index 37cb8dad03..e8b730bcaa 100644
+index c7a89ba536..01f0a6a26e 100644
 --- a/src/runtime/sys_linux_amd64.s
 +++ b/src/runtime/sys_linux_amd64.s
-@@ -302,7 +302,7 @@ noswitch:
+@@ -255,7 +255,7 @@ noswitch:
  	SUBQ	$16, SP		// Space for results
  	ANDQ	$~15, SP	// Align for C code
  
@@ -61,7 +62,7 @@ index 37cb8dad03..e8b730bcaa 100644
  	MOVQ	runtime·vdsoClockgettimeSym(SB), AX
  	CMPQ	AX, $0
 diff --git a/src/runtime/sys_linux_arm.s b/src/runtime/sys_linux_arm.s
-index 475f52344c..bb567abcf4 100644
+index 7b8c4f0e04..9798a1334e 100644
 --- a/src/runtime/sys_linux_arm.s
 +++ b/src/runtime/sys_linux_arm.s
 @@ -11,7 +11,7 @@
@@ -73,20 +74,20 @@ index 475f52344c..bb567abcf4 100644
  
  // for EABI, as we don't support OABI
  #define SYS_BASE 0x0
-@@ -366,7 +366,7 @@ noswitch:
- 	SUB	$24, R13	// Space for results
- 	BIC	$0x7, R13	// Align for C code
+@@ -374,7 +374,7 @@ finish:
  
+ // func nanotime1() int64
+ TEXT runtime·nanotime1(SB),NOSPLIT,$12-8
 -	MOVW	$CLOCK_MONOTONIC, R0
 +	MOVW	$CLOCK_BOOTTIME, R0
- 	MOVW	$8(R13), R1	// timespec
- 	MOVW	runtime·vdsoClockgettimeSym(SB), R2
- 	CMP	$0, R2
+ 	MOVW	$spec-12(SP), R1	// timespec
+ 
+ 	MOVW	runtime·vdsoClockgettimeSym(SB), R4
 diff --git a/src/runtime/sys_linux_arm64.s b/src/runtime/sys_linux_arm64.s
-index 198a5bacef..9715387f36 100644
+index 38ff6ac330..6b819c5441 100644
 --- a/src/runtime/sys_linux_arm64.s
 +++ b/src/runtime/sys_linux_arm64.s
-@@ -13,7 +13,7 @@
+@@ -14,7 +14,7 @@
  #define AT_FDCWD -100
  
  #define CLOCK_REALTIME 0
@@ -95,7 +96,7 @@ index 198a5bacef..9715387f36 100644
  
  #define SYS_exit		93
  #define SYS_read		63
-@@ -319,7 +319,7 @@ noswitch:
+@@ -338,7 +338,7 @@ noswitch:
  	BIC	$15, R1
  	MOVD	R1, RSP
  
@@ -105,10 +106,10 @@ index 198a5bacef..9715387f36 100644
  	CBZ	R2, fallback
  
 diff --git a/src/runtime/sys_linux_mips64x.s b/src/runtime/sys_linux_mips64x.s
-index c3e9f37694..e3879acd38 100644
+index 47f2da524d..a8b387f193 100644
 --- a/src/runtime/sys_linux_mips64x.s
 +++ b/src/runtime/sys_linux_mips64x.s
-@@ -312,7 +312,7 @@ noswitch:
+@@ -326,7 +326,7 @@ noswitch:
  	AND	$~15, R1	// Align for C code
  	MOVV	R1, R29
  
@@ -117,11 +118,20 @@ index c3e9f37694..e3879acd38 100644
  	MOVV	$0(R29), R5
  
  	MOVV	runtime·vdsoClockgettimeSym(SB), R25
+@@ -336,7 +336,7 @@ noswitch:
+ 	// see walltime for detail
+ 	BEQ	R2, R0, finish
+ 	MOVV	R0, runtime·vdsoClockgettimeSym(SB)
+-	MOVW	$1, R4 // CLOCK_MONOTONIC
++	MOVW	$7, R4 // CLOCK_BOOTTIME
+ 	MOVV	$0(R29), R5
+ 	JMP	fallback
+ 
 diff --git a/src/runtime/sys_linux_mipsx.s b/src/runtime/sys_linux_mipsx.s
-index fab2ab3892..f9af103594 100644
+index 5e6b6c1504..7f5fd2a80e 100644
 --- a/src/runtime/sys_linux_mipsx.s
 +++ b/src/runtime/sys_linux_mipsx.s
-@@ -238,7 +238,7 @@ TEXT runtime·walltime1(SB),NOSPLIT,$8-12
+@@ -243,7 +243,7 @@ TEXT runtime·walltime(SB),NOSPLIT,$8-12
  	RET
  
  TEXT runtime·nanotime1(SB),NOSPLIT,$8-8
@@ -131,11 +141,11 @@ index fab2ab3892..f9af103594 100644
  	MOVW	$SYS_clock_gettime, R2
  	SYSCALL
 diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
-index fd69ee70a5..ff6bc8355b 100644
+index d0427a4807..05ee9fede9 100644
 --- a/src/runtime/sys_linux_ppc64x.s
 +++ b/src/runtime/sys_linux_ppc64x.s
-@@ -249,7 +249,7 @@ fallback:
- 	JMP	finish
+@@ -298,7 +298,7 @@ fallback:
+ 	JMP	return
  
  TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
 -	MOVD	$1, R3		// CLOCK_MONOTONIC
@@ -144,18 +154,18 @@ index fd69ee70a5..ff6bc8355b 100644
  	MOVD	R1, R15		// R15 is unchanged by C code
  	MOVD	g_m(g), R21	// R21 = m
 diff --git a/src/runtime/sys_linux_s390x.s b/src/runtime/sys_linux_s390x.s
-index c15a1d5364..f52c4d5098 100644
+index 1448670b91..7d2ee3231c 100644
 --- a/src/runtime/sys_linux_s390x.s
 +++ b/src/runtime/sys_linux_s390x.s
-@@ -207,7 +207,7 @@ TEXT runtime·walltime1(SB),NOSPLIT,$16
+@@ -296,7 +296,7 @@ fallback:
  	RET
  
- TEXT runtime·nanotime1(SB),NOSPLIT,$16
--	MOVW	$1, R2 // CLOCK_MONOTONIC
-+	MOVW	$7, R2 // CLOCK_BOOTTIME
- 	MOVD	$tp-16(SP), R3
- 	MOVW	$SYS_clock_gettime, R1
- 	SYSCALL
+ TEXT runtime·nanotime1(SB),NOSPLIT,$32-8
+-	MOVW	$1, R2			// CLOCK_MONOTONIC
++	MOVW	$7, R2			// CLOCK_BOOTTIME
+ 
+ 	MOVD	R15, R7			// Backup stack pointer
+ 
 -- 
-2.30.1
+2.17.1