[ANNOUNCE] WireGuard Snapshot `0.0.20170810` Available

Jason A. Donenfeld Jason at zx2c4.com
Thu Aug 10 02:20:06 CEST 2017

Hash: SHA256


A new snapshot, `0.0.20170810`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * jason: leaving for short trip
  This is the last snapshot I'll be making for the next 3 or so weeks,
  as I'll be going on a short vacation mostly off-the-grid. (If any
  Icelandic WireGuarders are reading this, feel free to shoot me
  an email if you'd like some stickers.) When I return, development
  will resume at an even faster rate than before.
  * android: fix readme
  * contrib: move Android tools to wireguard-android repo
  All the Android tools have been moved to an Android-specific repo,
  which, in addition to having all the wg-quick CLI things, will also
  have a nice UI that Samuel, one of our GSoC students, has been
  working on. Stay tuned, exciting things coming.
  * socket: move print function from compat
  * compat: work around odd kernels that backport kv[mz]alloc
  * compat: get rid of warnings on frankenkernels
  * compat: support grsecurity with our compat padata implementation
  * netns: work around linux 3.10 issues
  The usual set of compat fixups for weird kernels. With regards to
  Grsecurity, we make a change that _should_ make this part of the
  compat layer work with Grsecurity, but unfortunately I really have
  no way of knowing, since I don't actually have access to their
  source code. I assume, though, if this doesn't work, I'll receive
  more complaints and will take another stab in the dark. The general
  situation saddens me, as I really liked that project and wish I
  could still play with it.
  * recieve: cleanup variable usage
  * receive: single line if style
  * recieve: pskb_trim already checks length
  * receive: move lastminute guard into timer event
  * selftest: more checking in ratelimiter
  * blake2s: satisfy sparse
  * routingtable: unbloat BUG()
  * timers: rename confusingly named functions and variables
  * noise: infer initiator or not from handshake state
  Usual set of code quality cleanups.
  * tools: stricter userspace ipc parsing
  * netns: explictly test reply to sender routing
  * timers: do not send out double keepalive
  Some logic fixes and a more expansive test suite.
  * hashtables: allow up to 2^20 peers per interface
  * hashtables: if we have an index match, don't search further ever
  This allows for nearly 1 million peers per interface, which should be
  more than enough. If needed later, this number could easily be increased
  beyond this. We also increase the size of the hashtables to accommodate
  this upper bound. In the future, it might be smart to dynamically expand
  the hashtable instead of this hard coded compromise value between small
  systems and large systems. Ongoing work includes figuring out the most
  optimal scheme for these hashtables and for the insertion to mask their
  order from timing inference.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: ab96230390625aad6f4816fa23aef6e9f7fee130f083d838919129ff12089bf7
  BLAKE2b-256: efd0c65b6d18ce4009a62fa08c4c82ce9850ddb736b389c5d1bd14414dfce142

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list