[ANNOUNCE] WireGuard Snapshot `0.0.20170726` Available
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jul 26 03:53:08 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
A new snapshot, `0.0.20170726`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* global: wireguard.io --> wireguard.com
We have a new domain name -- WireGuard.com -- moving away from the .io, due to
security concerns. Along with the new domain, we also have a commonly
requested page for donations: https://www.wireguard.com/donations/ in addition
to a Patreon page for those who are into that: https://www.patreon.com/zx2c4 .
* ratelimiter: consistently use non-bh rcu
* socket: style
* wg-quick: usage typos
* qemu: update default testing kernel
* qemu: warn on all unseeded random usage when in debug mode
* compat: work around odd kernels that backport kvfree
* selftests: ensure that there isnt CPU lag when testing rate limiter
The usual set of small fixes.
* send: orphan skbs when buffering longterm
This works around situations where some apps use the same socket for multiple
interfaces. It's important in this case that indefinately queued packets don't
eat away at the socket's send buffer; otherwise sending to other interfaces
will be blocked.
* device: support 4.13's extact newlink param
We continue to support the newest kernels, in this case adjusting to recent
changes in the upcoming 4.13 release.
* global: use pointer to net_device
This follows an upstream recommendation.
* ratelimiter: use KMEM_CACHE macro
* data: use KMEM_CACHE macro
* data: simplify no-keypair failure case
* send: use skb_queue_empty where appropriate
Some nice cleanups from Samuel Holland, one of this summer's GSoC students.
* blake2s: move compression loop to assembly
* blake2s: fix up alignment issues
Our BLAKE2s implementation now runs a bit faster, thanks to a commit and some
additional suggestions from Samuel Neves, one of the BLAKE2 authors.
* wg-quick: do not set explicit src route for v6 default route
Clueless network operators were trying to use fec0::/10 as a global address,
except that range doesn't have the scope. Previously I worked around this by
adding an explicit `src ...` to the routing table for all v6, but this is
actually undesirable in some caes, so it's better that network operators give
out the correct IPs (likely in fc00::/7).
* wg-quick: do not use grep
This reduces the set of dependencies for wg-quick.
* wg-quick: add explicit support for common DNS usage
wg-quick supports a DNS = field for common usages of DNS. Folks doing
complicated things or who don't want to use resolvconf can continue to use
PostUp for this.
* android: add port of wg-quick
wg-quick now runs on Android using the ndc command to interact with Android's
built-in network management daemons.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170726.tar.xz
SHA2-256: db91452b6b5ec28049721a520fe4fd0683825bad45b7383d12d7b819668201db
BLAKE2b-256: 4afc73c422fcb6e31e0a5d9b121c5809b48e4af49ecd4c6d0c3ed69cab88818c
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.
Thank you,
Jason Donenfeld
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAll39VIQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrgaEEACzkCAXcXTcppbD0+RhSSnCGJ7uFt4DD2WK
9xSa9QLZd7peEIF1GIv70u0B2hHkuyJpaBfk9+BOhbXLL72S2Ol5Db6U8eLHCdXw
ZT2WPq7fFMKzNFlUqvQKdl0BY+rnfdL/mFBw/LNtxgZCg9I/P8bGywhagsAZ41D2
w4JCW+LiaSmV3XRf1w4FI4x/cx5fc6ZzQSEGBRrikELA7Zrmbd5dgega4U4juAHl
CVqRUxzjOWz9KtU29uMy1uiq4ylWGz0sBqE0YZTw/2aHQKRdVkjmkrwdljcYgQ9S
W4wKdUln+mzYy6edYiXGoRanDcJdQ3vCS4K7xiYiwcb5rCelq4XBWpZ3lHDrkuW1
bIZmec3LL4cmZFAIpAfAvHQaW4zWoVAHEtHS/BjgnXk6WMVfp32FXihtZ1Azx45J
SQPRVYMRQlNF4bKFdWPUxsgNT/KsHXAKGfe5qh6uHvfzuwnFHEU5k4f8pQQGDB9A
pytUw+JJxS9DKnW5hOgdW/SLgFE6spPLWESJW/dqQbZmzDNxWYrgSdJaOdknxH50
6Cu6oj4Bzcifcoc7seY/Xlk8HqBQ9bY5X1aIoF6h9EXyz5r1kyzDh+3EaYxZd10V
QZLGEPKBXSRYz0v30sbwHtvpLJNdHmqQBzjwcUuCPe6rPHnhA9OmfwvrJ1fzOUsK
Jn2js2cNtQ==
=brYK
-----END PGP SIGNATURE-----
More information about the WireGuard
mailing list