[ANNOUNCE] WireGuard Snapshot `0.0.20170409` Available
Jason A. Donenfeld
Jason at zx2c4.com
Sun Apr 9 15:33:20 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
A new snapshot, `0.0.20170409`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* compat: allow create-patch to work on debian-based builds
* main: add /sys/module/wireguard/version
* tools: do not use addrconfig with port in gai
* config: do not allow peers with public keys the same as the interface
* curve25519: protect against potential invalid point attacks
* chacha20poly1305: enforce authtag checking with compiler
While Noise is resilliant to invalid point attacks, it's still better to check
explicitly for NULLs from 25519. While we're at it, we make the compile warn
if we don't check the return value of sensitive crypto functions.
* locking: always use _bh
* chacha20poly1305: check return values of sgops
* data: simplify flow
* data: cleanup parallel workqueue and use two max_active
* data: alloca is actually as dangerous as they say
These should improve stability in certain cases, though this involved
some potentially big rewrites, so I'll keep an eye on incoming bug
reports.
* compat: support 3.16
* compat: support 3.14
* compat: support 3.12
* compat: support 3.10
* compat: careful with destructors
* compat: warn on < 4.1
We now experimentally support kernels going back to 3.10. This means
that WireGuard should run on nearly all Android devices, the Ubiquiti
EdgeRouter, and probably most other random Linux devices that you can
find. I'm looking forward to seeing the community pick up the work
producing pre-compiled modules for various things.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .
This snapshot is available in tarball form here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170409.tar.xz
SHA2-256: 31473b4d14178f82d6ff46df019d57982c210c03d1a985d54db35bdd76efbb18
BLAKE2b-256: 29b6f2414c913809c793e9cc4616773dea7b74dc17f622204b9ffc282f5997bd
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.
Thank you,
Jason Donenfeld
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAljqN9oQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrjkjD/4u34M5ujEOKutTf30zdsZarOzrCwyICvDl
/kERtPfRCPcvt7AwfnlOIGEiMYBJ8TqxgubR4gVsrb/hYyV/Lh3EtYZLaYWkIzVo
ezULyiwx9knBt1HVDlEgu2BU3+cLYjAOX+SYMjrPRMr0BW/okkYfNrMsY3YTFzz5
wXtgrFbWndLdvJggZt0tZgloXfLuAlG4q3sBWMWMxFErUDusMyZS9l5Dn36sVST3
9W4QcSdQKrAQ3VeNuZgdiTQuZFN+1ROgrcl4Z/uTsrCrh8DA+2LfdOsKTr21UTfK
WLiDKqIjIqX7sKKyK+B12QjkvabFdtwIyAKoUk6n/1Q/6bJ9Kvet3UjA7V0uP495
EiTO1X5dQiTvqUP6RLLHNBvbrYjP11/88EM6YLj3+0G56rthiMMQOLum1mxKa0+v
itYwOm1XqGqWaO8d9bOVyPADDlhmVqffz+XYd9DriUm5VCt8U+5BZmW2/M2J+A/f
2yqTrNlCGk5+SzD8CsYRDC80KIVav1WFK71lPTpp8g3cCJ17rH+y8DaSjdKt25KC
LuIXpOi6YKVeJa7HjiRpLRwGMp+M4xdbjmSTy7b/mnhNhGLnlC3FHZ+k1kc0JQS8
lOLH5i7t/+CkL7gvxvtZ4D8q8F1XomhS2I6zxADXV95x/ZBj5zI6rvyFBvhkTpd8
Q2lpTr72ZQ==
=ofIG
-----END PGP SIGNATURE-----
More information about the WireGuard
mailing list