[ANNOUNCE] WireGuard Snapshot `0.0.20180513` Available

Jason A. Donenfeld Jason at zx2c4.com
Sun May 13 17:35:03 CEST 2018

Hash: SHA256


A new snapshot, `0.0.20180513`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * keygen-html: add zip file example
  The alpha Android app now supports importing from .zip files, so the example
  contrib code has been updated to show people how to trivially generate .zip
  files from ... javascript. That's right, the WireGuard repo now contains some
  more demo javascript.
  * qemu: retry on 404 in wget for kernel.org race
  Simple fix for build.wireguard.com's handling of new kernels.
  * embeddable-wg-library: zero attribute padding
  This imports 37c876b55a2c00424ccda5a300ab5fdec1d88b22 from upstream libmnl.
  * allowedips: add selftest for allowedips_walk_by_peer
  * allowedips: use native endian on lookup
  * allowedips: produce better assembly with unsigned arithmetic
  * allowedips: simplify arithmetic
  A series of bitmath improvements make allowedips lookups sleeker and faster.
  * socket: use skb_put_data
  This follows 59ae1d127ac0ae404baf414c434ba2651b793f46 in the kernel.
  * chacha20poly1305: make gcc 8.1 happy
  GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`.
  This results in a warning that `memcpy(ctx->data + num, inp, len);` may
  overflow the `data` field, which is correct for arbitrary values of `num`.
  To make the invariant explicit we ensure that `num` is in the required range.
  An alternative would be to change `ctx->num` to a 4-bit bitfield at the point
  of declaration.
  This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz
  end`, which have identical performance characteristics.
  * queueing: preserve pfmemalloc header bit
  Precautionary measure. Further work on this function goes on in the netdev
  thread: https://marc.info/?l=linux-netdev&m=152607982125178&w=2
  * compat: handle RHEL 7.5's recent backports
  * compat: don't clear header bits on RHEL
  WireGuard now supports RHEL's latest kernel, which involved fixing some pretty
  major crashes and clashes with RHEL's backports.

This snapshot contains commits from: Jason A. Donenfeld and Samuel Neves.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  SHA2-256: 28a15c59f6710851587ebca76a335f1aaaa077aad052732e0959f2bae9ba8d5c
  BLAKE2b-256: 24bbe3e6d382682138ccf0987f134b5786dc2c12e1a6aefc4a49dfd4aae6d48b

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list