[WireGuard] [ANNOUNCE] Snapshot `experimental-0.0.20160722` Available
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 22 21:19:39 CEST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
A new experimental snapshot, `experimental-0.0.20160722`, has been tagged in
the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. However, if you'd like to test this snapshot
out, there are a few relevent changes.
== Changes ==
Sorry about the second release in two days. I don't like to release at this
velocity, but the changes in the cross-platform interface were important to
get out there, so that folks working on userspace implementations have
something to work with.
* tools: abstract sockets are dangerous
* tools: Use seqpacket instead of dgram
* tools: use stream instead of seqpacket* tools: propagate set errno
This is annoying. First we realized that abstract sockets aren't a good idea
for bidirectional communication. Then this lead to greater reflections that in
fact we need something connection oriented but still packet based: seqpacket.
While this was supported in FreeBSD and Linux, it wasn't in OS X. So we moved
to an ordinary Unix stream, and now this is what we're using for the
cross-platform interface. It has the added advantage of mapping well to
Windows named pipes, when we add Windows support.
* tools: add default cflag
* tools: add -MP to makefile
Some build system enhancements.
* socket: simpler debug message
* socket: reset IPv4 socket to NULL after free
* socket: fix compat for 4.1 v6 sockets
Though we already work around the immature UDP tunnel API in 4.1 and 4.2
kernels, it turns out that 4.1 had really broken behavior with regards to
namespace sysctl nobs. So, we work around this borked behavior. Fortunately
this cruft will be removed when WireGuard is merged upstream. But for now it's
important so that folks still on 4.1 can use WireGuard.
* cookie: do not expose csprng directly
* index hashtable: run random indices through siphash
These patches ensure that we never put information from /dev/urandom directly
on the wire, in the case of a NOBUS backdoor. It's a bit overkill and
paranoid, but still nice to do.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .
This snapshot is available in tarball form here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-experimental-0.0.20160722.tar.xz
SHA256: 0dcda97b6bb4e962f731a863df9b4291c1c453b01f4faba78be4aaa13a594242
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.
Thank you,
Jason Donenfeld
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQItBAEBCAAXBQJXknGwEBxqYXNvbkB6eDJjNC5jb20ACgkQSfxwEqXeA67SWQ//
VSjgM1/loGmN3ZcABFB6bcJWiDgrcF31HLdBgmBsk97Qweqwovuo8iPjMEdsmOR5
NF9iT9X3I2W3dSUreYwjvTKsUBWGJA0BqT/L3bsMnbrCz8cbPPIUKg3bHR6mOmKs
r4u/lyglb1j8L3ooqoXNNW3T4EKNOZRU55Wq5PWklXbK2S3+/CaE2r2mT+hZuIbc
abVZQQujwqXFOI/wkF/m/qP5HboynN5w427bGYcRdJb7T6w8UY+k61cJvbfQwL/w
D5DkmUGYa3Waz8P19fcpwTqbqQ0sncVwFRB9hFmgqY8yQ1ZkUxforgw6sjI9TjKw
2r0+h0m7Mf/TK2+ILmn7Ibqr95NnpEM4T2YoKi+sS5mAgdr2cctKUOPGHZWpd3Os
cifgfHQu1L+CASC0Cx7hwImi3vHoq+3Ds4nrDgBY02qFDqMe0PdbDZbmGD2Td0iQ
/wg5kyNV0zaXBQ9IAJ2jNxP7XRhkaxmB9ajFDNur7g4mLp0RfLc+DuwZUITPyh3Q
y7TMcANnYY72AUseiwWOFvQq6oXdzY6ykw5wmnqTa3aozu4xaEqbsdbpUgTTokWG
NzdolAKu+xv2eG4WLjzLItllsLHmQ/bB99XkH/SMbHqEUkIcGAvjNevJ6iUfIbEX
JqetcHgCyYLwKsOhdEfzF2t5Sg4nICYGIKI9JrXBbeI=
=Mq3+
-----END PGP SIGNATURE-----
More information about the WireGuard
mailing list