[ANNOUNCE] WireGuard Snapshot `0.0.20171031` Available

Jason A. Donenfeld Jason at zx2c4.com
Tue Oct 31 18:34:29 CET 2017

Hash: SHA256


A new snapshot, `0.0.20171031`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * netns: use read built-in instead of ncat hack for dmesg
  * netns: use time-based test instead of quantity-based
  * qemu: allow for cross compilation
  * qemu: work around ccache bugs
  * qemu: test using four cores
  * selftest: initialize mutex in routingtable selftest
  We now cross compile and run in QEMU for x86_64, i686,
  ARMv7, Aarch64, and MIPS. You can see the current build
  status on: https://www.wireguard.com/build-status/
  * stats: more robust accounting
  * compat: fix up stat calculation for udp tunnel
  The statistics from `ip link -stats` or from `wg show` are
  now much more accurate.
  * global: accept decent check_patch.pl suggestions
  * global: infuriating kernel iterator style
  * global: style nits
  * global: use fewer BUG_ONs
  * global: get rid of useless forward declarations
  * blake2: include headers for macros
  * tools: correct type for CTRL_ATTR_FAMILY_ID
  Lots of style cleanups.
  * crypto/avx: make sure we can actually use ymm registers
  This fixes an issue on some Xen platforms that expose
  conflicting CPU features.
  * peer: get rid of peer_for_each magic
  * peer: store total number of peers instead of iterating
  A major cleanup of our peer iteration logic, getting rid
  of a big ugly macro and clarifying our locking semantics.
  * compat: be sure to include header before testing
  * wg-quick: allow specifiying multiple hooks
  You can now specify {Post,Pre}{Down,Up} multiple times, and
  the commands will then run in succession.
  * wg-quick: remember to rewind DNS settings on failure
  Small consistency fix.
  * wg-quick: allow for saving existing interface
  There is now a 'save' option for saving an existing
  configuration without having to bring down the device.
  * wg-quick: fsync the temporary file before renaming
  In case the system looses power, you are now left with
  either the old file or the new file but not an empty file.
  * wg-quick: allow for the hatchet, but not by default
  In order to account for distributions that do not have an
  implementation of resolvconf(8), the contrib directory ships
  with an alternative implementation that may be patched in.
  This was extensively discussed and debated on the mailing
  * device: only take reference if netns is different
  Solves an important memory leak when tearing down network
  namespaces that haven't moved the wireguard device.
  * device: expand scope of destruct lock
  * timers: guard entire setting in block
  Just to be certain.
  * curve25519: only enable int128 if compiler support is sound
  Allows building for Aarch64 with old gcc (such as that used
  by Android) where we don't want to branch to a __multi3.
  * contrib: add reresolve-dns
  A small script that's been passed around for a while now for
  reresolving DNS entries from a cronjob.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: 69b9787b7ae2c681532a7a346e170471f1a651359ed53ff9e6fb8b2c60b9f96a
  BLAKE2b-256: 031791dec058bcc7bbf7affe0c8b496567c9785b57e9b1524437c2d9181f9750

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list