[ANNOUNCE] WireGuard Snapshot `0.0.20181218` Available
Jason A. Donenfeld
Jason at zx2c4.com
Tue Dec 18 16:50:27 CET 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
A new snapshot, `0.0.20181218`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.
== Changes ==
* jerry-rig: replace S_shipped with pl
This fixes our jerry rig script, so that people can patch WireGuard into
arbitrary kernel trees, instead of building as a standalone module.
* chacha20,poly1305: simplify perlasm fanciness
Numerous cleanups and correctness fixes in the assembly generators.
* compat: don't undef BUILD_BUG_ON for Clang >=8
The clang bug was finally fixed upstream, so we remove the workaround, while
retaining the hack in our compat layer.
* embeddable-wg-library: do not warn on unrecognized netlink attributes
This brings behavior into parity with wg(8), and also allows more graceful
addition of netlink attributes.
* chacha20: do not define unused asm function
This not only decreases code size, but also makes PaX's RAP happier.
* compat: account for Clang CFI
It turns out that RAP is no longer the only game in town, when it comes to CFI
on kernels before Kees' epic timer_list refactoring. The Pixel 3/3XL kernels
are based on 4.9 and come with Clang CFI on by default, so we account for this
in our compat layer, so that we don't get CFI violation's and thus crashes.
* wg-quick: bring interface up while setting MTU
A small optimization to save a fork/exec.
* makefile: use immediate expansion and use correct template patterns
Coming up with the right combination of makefile template params that work on
many kernels hasn't been easy, but hopefully this should solve building in a
number of strange circumstances. If you're still having issues and you're
using ccache, be sure to flush your cache first, as the cache might be serving
stale copies of gcc's dependency info.
This snapshot contains commits from: Jason A. Donenfeld, Nathan Chancellor,
and Aaron Jones.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in compressed tarball form here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20181218.tar.xz
SHA2-256: 2e9f86acefa49dbfb7fa6f5e10d543f1885a2d5460cd5e102696901107675735
BLAKE2b-256: e83755faa9ccb87048bc53b5d533c4b8e4a6fa859d2f95400c5a1716ff31a457
A PGP signature of that file decompressed is available here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20181218.tar.asc
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
Thank you,
Jason Donenfeld
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlwZFzEQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrpAZD/0cyPj0K2lq6vf0NyFVAWrrHY2JL5OC/tmx
lLBkQ/+Uvbam8MmXPdDrd0irFKW/9oc63bEFvuueyZpmNpWxvyzhsQ7ssKmL3Q7V
CRfNCO76s/JTbxiPcDyWCbB2pjx/1nNNDikqChPXRgupKJJREFjwOFWC5ypctHrh
pXxbS0YfmUotq7nkAqouwFkulO1sreM0n/Oe9TLdNhKjR3Y9pLBR9Ft9nWcU/0JJ
f1vhHhGWYM16u42cVUq/eoNDKZIJCGYIF2oGaIdNTVSfKIPyDLUJ1nr/PQpodrK4
jWLj4Xb/+zyGjdxQhKCfASRZPwLivhETxGPS8ZdhjDYVbxPJyUG3ICDIXGpLje9X
7pOmyEGTisyxEzhCvu2f6FDQYqOlHor31g2HjDG1ZpicnyEnFIFjvkjbD17bBb6y
LKNHt6cix4VkJkNz1/ENmey5WyA/+4qMoiI7/1aXJWPtI4k3wigsKxWogi1FWKiA
L20TqdPW8zU/Z5RQPviUcgI4GpYXE4o05ssEQAzeKdEcgADjXgytXMCZYgE4Nfb0
WfsjfJzPZBsDh1/XFxeNg7W2dKxfIjqCs/QRN2NpJJeU2mHq4osZaHm7wfhhcqne
Rmip//d93wiSFrjDzr2Vxh9QoAd81dB2l31dBlfylTqiF6TufLeHtljPw4pS0WHj
taams54OYQ==
=1aaJ
-----END PGP SIGNATURE-----
More information about the WireGuard
mailing list