[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20160722` Available

Jason A. Donenfeld Jason at zx2c4.com
Fri Jul 22 21:19:39 CEST 2016

Hash: SHA256


A new experimental snapshot, `experimental-0.0.20160722`, has been tagged in
the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. However, if you'd like to test this snapshot
out, there are a few relevent changes.

== Changes ==

  Sorry about the second release in two days. I don't like to release at this
  velocity, but the changes in the cross-platform interface were important to
  get out there, so that folks working on userspace implementations have
  something to work with.
  * tools: abstract sockets are dangerous
  * tools: Use seqpacket instead of dgram
  * tools: use stream instead of seqpacket* tools: propagate set errno
  This is annoying. First we realized that abstract sockets aren't a good idea
  for bidirectional communication. Then this lead to greater reflections that in
  fact we need something connection oriented but still packet based: seqpacket.
  While this was supported in FreeBSD and Linux, it wasn't in OS X. So we moved
  to an ordinary Unix stream, and now this is what we're using for the
  cross-platform interface. It has the added advantage of mapping well to
  Windows named pipes, when we add Windows support.
  * tools: add default cflag
  * tools: add -MP to makefile
  Some build system enhancements.
  * socket: simpler debug message
  * socket: reset IPv4 socket to NULL after free
  * socket: fix compat for 4.1 v6 sockets
  Though we already work around the immature UDP tunnel API in 4.1 and 4.2
  kernels, it turns out that 4.1 had really broken behavior with regards to
  namespace sysctl nobs. So, we work around this borked behavior. Fortunately
  this cruft will be removed when WireGuard is merged upstream. But for now it's
  important so that folks still on 4.1 can use WireGuard.
  * cookie: do not expose csprng directly
  * index hashtable: run random indices through siphash
  These patches ensure that we never put information from /dev/urandom directly
  on the wire, in the case of a NOBUS backdoor. It's a bit overkill and
  paranoid, but still nice to do.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .

This snapshot is available in tarball form here:
  SHA256: 0dcda97b6bb4e962f731a863df9b4291c1c453b01f4faba78be4aaa13a594242

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Thank you,
Jason Donenfeld

Version: GnuPG v2


More information about the WireGuard mailing list