[ANNOUNCE] WireGuard Snapshot `0.0.20180513` Available
Jason A. Donenfeld
Jason at zx2c4.com
Sun May 13 17:35:03 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20180513`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
* keygen-html: add zip file example
The alpha Android app now supports importing from .zip files, so the example
contrib code has been updated to show people how to trivially generate .zip
* qemu: retry on 404 in wget for kernel.org race
Simple fix for build.wireguard.com's handling of new kernels.
* embeddable-wg-library: zero attribute padding
This imports 37c876b55a2c00424ccda5a300ab5fdec1d88b22 from upstream libmnl.
* allowedips: add selftest for allowedips_walk_by_peer
* allowedips: use native endian on lookup
* allowedips: produce better assembly with unsigned arithmetic
* allowedips: simplify arithmetic
A series of bitmath improvements make allowedips lookups sleeker and faster.
* socket: use skb_put_data
This follows 59ae1d127ac0ae404baf414c434ba2651b793f46 in the kernel.
* chacha20poly1305: make gcc 8.1 happy
GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`.
This results in a warning that `memcpy(ctx->data + num, inp, len);` may
overflow the `data` field, which is correct for arbitrary values of `num`.
To make the invariant explicit we ensure that `num` is in the required range.
An alternative would be to change `ctx->num` to a 4-bit bitfield at the point
This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz
end`, which have identical performance characteristics.
* queueing: preserve pfmemalloc header bit
Precautionary measure. Further work on this function goes on in the netdev
* compat: handle RHEL 7.5's recent backports
* compat: don't clear header bits on RHEL
WireGuard now supports RHEL's latest kernel, which involved fixing some pretty
major crashes and clashes with RHEL's backports.
This snapshot contains commits from: Jason A. Donenfeld and Samuel Neves.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard