[ANNOUNCE] WireGuard Snapshot `0.0.20170409` Available
Jason A. Donenfeld
Jason at zx2c4.com
Sun Apr 9 15:33:20 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20170409`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* compat: allow create-patch to work on debian-based builds
* main: add /sys/module/wireguard/version
* tools: do not use addrconfig with port in gai
* config: do not allow peers with public keys the same as the interface
* curve25519: protect against potential invalid point attacks
* chacha20poly1305: enforce authtag checking with compiler
While Noise is resilliant to invalid point attacks, it's still better to check
explicitly for NULLs from 25519. While we're at it, we make the compile warn
if we don't check the return value of sensitive crypto functions.
* locking: always use _bh
* chacha20poly1305: check return values of sgops
* data: simplify flow
* data: cleanup parallel workqueue and use two max_active
* data: alloca is actually as dangerous as they say
These should improve stability in certain cases, though this involved
some potentially big rewrites, so I'll keep an eye on incoming bug
* compat: support 3.16
* compat: support 3.14
* compat: support 3.12
* compat: support 3.10
* compat: careful with destructors
* compat: warn on < 4.1
We now experimentally support kernels going back to 3.10. This means
that WireGuard should run on nearly all Android devices, the Ubiquiti
EdgeRouter, and probably most other random Linux devices that you can
find. I'm looking forward to seeing the community pick up the work
producing pre-compiled modules for various things.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard