[ANNOUNCE] WireGuard Snapshot `0.0.20180625` Available
Jason A. Donenfeld
Jason at zx2c4.com
Mon Jun 25 19:43:41 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20180625`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* receive: don't toggle bh
The last snapshot caused a big performance regression, which we partially
revert here. This general matter, though, will be revisited in the future,
perhaps by switching to NAPI.
* main: test poly1305 before chacha20poly1305
* poly1305: give linker the correct constant data section size
While the default bfd linker did the right thing, gold would sometimes merge
section incorrectly because of an incorrect section length field, resulting in
* simd: add missing header
Fixes a compile error on a few odd kernels.
* global: fix a few typos
* manpages: eliminate whitespace at the end of the line
* tools: fix misspelling of strchrnul in comment
* global: use ktime boottime instead of jiffies
* global: use fast boottime instead of normal boottime
* compat: more robust ktime backport
We now use the equivalent of clock_gettime(CLOCK_BOOTTIME) for doing age
checks on time-limited objects, such as ephemeral keys, so that on systems
where we don't clear before sleep (like Android), we make sure to invalidate
the objects after the proper amount of time, taking into account time spent
* wg-quick: android: prevent outgoing handshake packets from being dropped
Recent android phones block outgoing packets using iptables while the system
is asleep. This makes sense for most services, but not for a tunnel device
itself, so we work around this by inserting our own iptables rule.
This snapshot contains commits from: Jason A. Donenfeld and Jonathan
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard