[ANNOUNCE] WireGuard Snapshot `0.0.20180904` Available

Jason A. Donenfeld Jason at zx2c4.com
Tue Sep 4 20:29:32 CEST 2018

Hash: SHA256


A new snapshot, `0.0.20180904`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * wg-quick: darwin: prefer system paths for tools
  The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
  Other than that, it's explicitly coded against the native system
  utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
  full absolute path (via $SELF and $BASH, respectively), we can simply
  set the $PATH to be prefixed by the default system binary paths. This
  way, if users install tools that conflict with system tools -- such as
  GNU coreutils -- we won't accidently call those.
  * wg-quick: check correct variable for route deduplication
  This should avoid adding duplicate routes when adding the allowed IPs as
  interface routes automatically.
  * Kconfig: use new-style help marker
  * global: run through clang-format
  * uapi: reformat
  * global: satisfy check_patch.pl errors
  * global: prefer sizeof(*pointer) when possible
  * global: always find OOM unlikely
  Tons of style cleanups.
  * crypto: use unaligned helpers
  We now avoid unaligned accesses for generic users of the crypto API.
  * crypto: import zinc
  More style cleanups and a rearrangement of the crypto routines to fit how this
  is going to work upstream. This required some fairly big changes to our build
  system, so there may be some build errors we'll have to address in subsequent
  * compat: rng_is_initialized made it into 4.19
  We therefore don't need it in the compat layer anymore.
  * curve25519-hacl64: use formally verified C for comparisons
  The previous code had been proved in Z3, but this new code from upstream
  KreMLin is directly generated from the F*, which is preferable. The
  assembly generated is identical.
  * curve25519-x86_64: let the compiler decide when/how to load constants
  Small performance boost.
  * curve25519-arm: reformat
  * curve25519-arm: cleanups from lkml
  * curve25519-arm: add spaces after commas
  * curve25519-arm: use ordinary prolog and epilogue
  * curve25519-arm: do not waste 32 bytes of stack
  * curve25519-arm: prefix immediates with #
  This incorporates ASM nits from upstream review.
  * netlink: insert peer version placeholder
  * tools: ipc: do not warn on unrecognized netlink attributes
  Adds a placeholder so that we can always bump versions without worrying about
  API guarantees.

This snapshot contains commits from: Jason A. Donenfeld and Samuel Neves.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  SHA2-256: a38ead72994a7db7cda2d0085f410df1111b4728db050a519883eda8f3fe38f1
  BLAKE2b-256: 985e7c33e81c2d298fe60a6f3cd5163d1faf83a858ecd48cdc1cb6e4cc421b53

A PGP signature of that file decompressed is available here:
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list