[ANNOUNCE] WireGuard Snapshot `0.0.20170726` Available

Jason A. Donenfeld Jason at zx2c4.com
Wed Jul 26 03:53:08 CEST 2017

Hash: SHA256


A new snapshot, `0.0.20170726`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * global: wireguard.io --> wireguard.com
  We have a new domain name -- WireGuard.com -- moving away from the .io, due to
  security concerns. Along with the new domain, we also have a commonly
  requested page for donations: https://www.wireguard.com/donations/ in addition
  to a Patreon page for those who are into that: https://www.patreon.com/zx2c4 .
  * ratelimiter: consistently use non-bh rcu
  * socket: style
  * wg-quick: usage typos
  * qemu: update default testing kernel
  * qemu: warn on all unseeded random usage when in debug mode
  * compat: work around odd kernels that backport kvfree
  * selftests: ensure that there isnt CPU lag when testing rate limiter
  The usual set of small fixes.
  * send: orphan skbs when buffering longterm
  This works around situations where some apps use the same socket for multiple
  interfaces. It's important in this case that indefinately queued packets don't
  eat away at the socket's send buffer; otherwise sending to other interfaces
  will be blocked.
  * device: support 4.13's extact newlink param
  We continue to support the newest kernels, in this case adjusting to recent
  changes in the upcoming 4.13 release.
  * global: use pointer to net_device
  This follows an upstream recommendation.
  * ratelimiter: use KMEM_CACHE macro
  * data: use KMEM_CACHE macro
  * data: simplify no-keypair failure case
  * send: use skb_queue_empty where appropriate
  Some nice cleanups from Samuel Holland, one of this summer's GSoC students.
  * blake2s: move compression loop to assembly
  * blake2s: fix up alignment issues
  Our BLAKE2s implementation now runs a bit faster, thanks to a commit and some
  additional suggestions from Samuel Neves, one of the BLAKE2 authors.
  * wg-quick: do not set explicit src route for v6 default route
  Clueless network operators were trying to use fec0::/10 as a global address,
  except that range doesn't have the scope. Previously I worked around this by
  adding an explicit `src ...` to the routing table for all v6, but this is
  actually undesirable in some caes, so it's better that network operators give
  out the correct IPs (likely in fc00::/7).
  * wg-quick: do not use grep
  This reduces the set of dependencies for wg-quick.
  * wg-quick: add explicit support for common DNS usage
  wg-quick supports a DNS = field for common usages of DNS. Folks doing
  complicated things or who don't want to use resolvconf can continue to use
  PostUp for this.
  * android: add port of wg-quick
  wg-quick now runs on Android using the ndc command to interact with Android's
  built-in network management daemons.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: db91452b6b5ec28049721a520fe4fd0683825bad45b7383d12d7b819668201db
  BLAKE2b-256: 4afc73c422fcb6e31e0a5d9b121c5809b48e4af49ecd4c6d0c3ed69cab88818c

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list