[ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jun 13 16:19:08 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20180613`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* wg-quick: android: change name of intent
* wg-quick: android: delay setting users until end
`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route. This fixes push notifications on Android.
* chacha20: add missing include to header
Fixes a compile error on some kernels.
* tools: encoding: add missing static array constraints
Makes static analyzers happier.
* tools: support getentropy(3)
This lets us take advantage of both recent glibc calls as well as the long
standing getentropy functions on the BSDs.
* chacha20poly1305: use slow crypto on -rt kernels
In rt kernels, spinlocks call schedule(), which means preemption can't
be disabled. The FPU disables preemption. Hence, we can either
restructure things to move the calls to kernel_fpu_begin/end to be
really close to the actual crypto routines, or we can do the slower
lazier solution of just not using the FPU at all on -rt kernels. This
patch goes with the latter lazy solution. The reason why we don't
place the calls to kernel_fpu_begin/end close to the crypto routines
in the first place is that they're very expensive, as it usually
involves a call to XSAVE. So on sane kernels, we benefit from only
having to call it once.
This snapshot contains commits from: Jason A. Donenfeld.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard