[ANNOUNCE] WireGuard Snapshot `0.0.20180620` Available
Jason A. Donenfeld
Jason at zx2c4.com
Wed Jun 20 21:19:56 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20180620`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* chacha20poly1305: use slow crypto on -rt kernels on arm too
Leftover from the last commit of the previous snapshot that we forgot to
* tools: getentropy requires macOS 10.12
Small build time fixup for old versions of macOS.
* queueing: remove useless spinlocks on sc
* queueing: re-enable preemption periodically to lower latency
* simd: encapsulate fpu amortization into nice functions
* simd: no need to restore fpu state when no preemption
This will improve general system latency on preempt-enabled systems, like
* dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
Fixes wg-quick's dns hatchet on CentOS.
* qemu: bump default kernel
By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which
upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407
* noise: take locks for ss precomputation
* netlink: maintain static_identity lock over entire private key update
Minor locking correctness fixes and optimizations.
* noise: wait for crng before taking locks
We now make sure that an outgoing packet which needs a potentially unseeded
rng won't block a call to wg(8), which takes similar locks for retrieving
* receive: drop handshake packets if rng is not initialized
If the rng is unseeded, we drop incoming handshake packets, so that it's not
possible for an attacker to fill the handshake queue thereby provoking
* ratelimiter: mitigate reference underflow
* ratelimiter: do not allow concurrent init and uninit
Minor correctness and hardening fixes, which don't fix anything particular in
WireGuard, but might be useful if our ratelimiter is ever used elsewhere.
* compat: use stabler lkml links
* poly1305: add missing string.h header
This snapshot contains commits from: Jason A. Donenfeld.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard