[ANNOUNCE] WireGuard Snapshot `0.0.20170810` Available
Jason A. Donenfeld
Jason at zx2c4.com
Thu Aug 10 02:20:06 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20170810`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* jason: leaving for short trip
This is the last snapshot I'll be making for the next 3 or so weeks,
as I'll be going on a short vacation mostly off-the-grid. (If any
Icelandic WireGuarders are reading this, feel free to shoot me
an email if you'd like some stickers.) When I return, development
will resume at an even faster rate than before.
* android: fix readme
* contrib: move Android tools to wireguard-android repo
All the Android tools have been moved to an Android-specific repo,
which, in addition to having all the wg-quick CLI things, will also
have a nice UI that Samuel, one of our GSoC students, has been
working on. Stay tuned, exciting things coming.
* socket: move print function from compat
* compat: work around odd kernels that backport kv[mz]alloc
* compat: get rid of warnings on frankenkernels
* compat: support grsecurity with our compat padata implementation
* netns: work around linux 3.10 issues
The usual set of compat fixups for weird kernels. With regards to
Grsecurity, we make a change that _should_ make this part of the
compat layer work with Grsecurity, but unfortunately I really have
no way of knowing, since I don't actually have access to their
source code. I assume, though, if this doesn't work, I'll receive
more complaints and will take another stab in the dark. The general
situation saddens me, as I really liked that project and wish I
could still play with it.
* recieve: cleanup variable usage
* receive: single line if style
* recieve: pskb_trim already checks length
* receive: move lastminute guard into timer event
* selftest: more checking in ratelimiter
* blake2s: satisfy sparse
* routingtable: unbloat BUG()
* timers: rename confusingly named functions and variables
* noise: infer initiator or not from handshake state
Usual set of code quality cleanups.
* tools: stricter userspace ipc parsing
* netns: explictly test reply to sender routing
* timers: do not send out double keepalive
Some logic fixes and a more expansive test suite.
* hashtables: allow up to 2^20 peers per interface
* hashtables: if we have an index match, don't search further ever
This allows for nearly 1 million peers per interface, which should be
more than enough. If needed later, this number could easily be increased
beyond this. We also increase the size of the hashtables to accommodate
this upper bound. In the future, it might be smart to dynamically expand
the hashtable instead of this hard coded compromise value between small
systems and large systems. Ongoing work includes figuring out the most
optimal scheme for these hashtables and for the insertion to mask their
order from timing inference.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard