[ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

Jason A. Donenfeld Jason at zx2c4.com
Wed May 31 16:35:36 CEST 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20170531`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  This rather large snapshot touches quite a few sensitive areas, so I'm
  releasing it now rather than later to receive feedback on any possible issues.
  It also contains fixes, so everybody should upgrade.
  
  * man: fix psk mention in wg-quick man page
  * man: update wg-quick(8) to show Debian resolvconf braindamage
  
  Documentation cleanups.
  
  * wg-quick: use src routing for default routes in v6
  
  ip-rule(8) doesn't do the right thing with source addresses, unless we
  explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
  
  * curve25519: actually, do some things on heap sometimes
  * curve25519: align the basepoint to 32 bytes
  * curve25519: add NEON versions for ARM
  * data: enable BH during parallel crypto on ARM/NEON
  * chacha20poly1305: move constants to rodata
  * chacha20poly1305: add NEON versions for ARM and ARM64
  
  We now have faster primitives on ARM and ARM64 processors, which should
  improve performance.
  
  * handshake: process in parallel
  
  Handshakes are now processed in parallel using all cores, which should improve
  throughput during a storm.
  
  * noise: no need to store ephemeral public key
  * noise: precompute static-static ECDH operation
  
  We can precompute the ECDH(s, s) calculation, which improves handshake
  initiation message performance by double.
  
  * style: spaces after for loops
  * peer: use iterator macro instead of callback
  
  The most unreadable C ever produced. It might be wise to find a sexier-looking
  alternative at some point.
  
  * compat: remove warning for < 4.1
  * compat: ship padata if kernel doesn't have it
  
  The usual array of annoying compat things.
  
  * rust test: convert screech test to snow
  * rust test: add icmp ping
  
  We now use Jake's snow library for Noise in the test, which we've expanded to
  complete a ping.
  
  * config: do not error out when getting if no peers
  * tools: allow creating device with no peers
  
  Fixing some small things in the tool/config interaction.
  
  * device: keep going when share_check fails
  * routingtable: remove unnecessary check in node_placement()
  * config: it's faster to memcpy than strncpy
  * timers: fix typo in comment
  
  Nits.
  
  * debug: print interface name in dmesg
  
  For those who compile with `make debug`, you'll be happy to see a bit better
  information in dmesg.
  
  * timers: rework handshake reply control flow
  * timers: the completion of a handshake also is on key confirmation
  * timers: reset retry-attempt counter when not retrying
  
  Tightening up our timer implementation, which is quite important.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .

This snapshot is available in tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170531.tar.xz
  SHA2-256: 2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7cacc
  BLAKE2b-256: 64e5d061e0d03133b781b902d3b5b61658b6d9f664b304325476d5add3a701ca

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlku1IoQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drh/KD/4iyKcLlhBivsvC9pGbIcAL9nvsnFq7dkOz
MILh3048lMRGCts7RsgH7+Q6Yzzn0HwbwPfAugsjcXrGJGhVwSx5WP5H9oD1ev+1
A9H+zVU4srLBJa/khC3ccjYNmOHEiC2ugv6DSy8cNn4cnH/2YPbhocqhnrvVnEKU
4ESXcF35/iuc6c3XJCd9EK1bF7263zIodDS3HkBh31muV4x8POr7m897v78AIUJb
GR7w5P6y27kH2VU0onobLXQ0vfy2Nr3SHSZwu7HBFdXAX//okB+sdmMloBUmqgx3
wNT0rjcd6KB4W8w44Cj2i61p2d8o+Up50r7EA0E+rU8oIVrQXkmpkeLBWkmzHD6H
ZlZVMxSfosW+2yIslWzjJ7EOHn72FI5ANXoP0IQymON2NVhbegevI3+HbxrR+tvQ
sAQHvIwsfJ116ACrISYt1xo7b2mMmGjS8/XNcpqGaIkqLGwxHJ7kJiOlzl0lBtaP
cSHzjeVMD4BKo63UQioLGUkIL7lj36L9VK46gBZ3C0HvllgOfHv6MOUD+Ev1vw7N
4z4UjmhuiHDq7xQ1Bq5haH8d6Pager5ece4DMKN5YUrYmQIikLTEGFcktGsow9ym
mUoeYskrkhw2uJN32Dr6nDHdxG+WQaGIMk+CpIoCh7e6dRa7eYJ9MeNaF2/Pl5TL
F7yVoGQFgQ==
=llZj
-----END PGP SIGNATURE-----

More information about the WireGuard mailing list