[ANNOUNCE] WireGuard Snapshot `0.0.20181115` Available

Jason A. Donenfeld Jason at zx2c4.com
Thu Nov 15 21:10:33 CET 2018

Hash: SHA256


A new snapshot, `0.0.20181115`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * Zinc no longer ships generated assembly code. Rather, we now
    bundle in the original perlasm generator for it. The primary purpose
    of this snapshot is to get testing of this.
  * Clarify the peer removal logic and make lifetimes more precise.
  * Use READ_ONCE for is_valid and is_dead.
  * No need to use atomic when the recounter is mutex protected.
  * Fix up macros and annotations in allowedips.
  * Increment drop counter when staged packets are dropped.
  * Use static constants instead of enums for 64-bit values in selftest.
  * Mark large constants as ULL in poly1305-donna64.
  * Fix sparse warnings in allowedips debugging code.
  * Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
    carefully control the lifetime of these functions and ensure they never
    execute after dropping the last reference.
  * Cleanup hashing in ratelimiter.
  * Do not guard timer removals, since del_timer is always okay.
  * We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
    bit more general.
  * Set csum_level to ~0, since the poly1305 authenticator certainly means
    that no data was modified in transit.
  * Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
    skb_checksum_setup check.
  * wg.8: specify that wg(8) shows runtime info too
  * wg.8: AllowedIPs isn't actually required
  * keygen-html: add missing glue macro
  * wg-quick: android: do not choke on empty allowed-ips

This snapshot contains commits from: Jason A. Donenfeld, Samuel Neves, and 
Andrejs Hanins.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  SHA2-256: 11292c7e86fce6fb0d9fd170389d2afc609bda963a7faf1fd713e11c2af53085
  BLAKE2b-256: a49d76514c73f7c901a8fc1e75dc0f561f60d9ff16a8b5a879d92bc2ea89b29b

A PGP signature of that file decompressed is available here:
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list