[ANNOUNCE] WireGuard Snapshot `0.0.20190406` Available

Jason A. Donenfeld Jason at zx2c4.com
Sat Apr 6 13:21:52 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20190406`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * allowedips: initialize list head when removing intermediate nodes
  
  Fix for an important regression in removing allowed IPs from the last
  snapshot. We have new test cases to catch these in the future as well.
  
  * wg-quick: freebsd: rebreak interface loopback, while fixing localhost
  * wg-quick: freebsd: export TMPDIR when restoring and don't make empty
  
  Two fixes for FreeBSD which have already been backported into ports.
  
  * tools: genkey: account for short reads of /dev/urandom
  * tools: add support for Haiku
  
  The tools now support Haiku! Maybe somebody is working on a WireGuard
  implementation for it?
  
  * tools: warn if an AllowedIP has a nonzero host part
  
  If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
  will now print a warning. Even though we mask this automatically down to
  192.168.1.0/24, usually when people specify it like this, it's a mistake.
  
  * wg-quick: add 'strip' subcommand
  
  The new strip subcommand prints the config file to stdout after stripping
  it of all wg-quick-specific options. This enables tricks such as:
  `wg addconf $DEV <(wg-quick strip $DEV)`.
  
  * tools: avoid unneccessary next_peer assignments in sort_peers()
  
  Small C optimization the compiler was probably already doing.
  
  * peerlookup: rename from hashtables
  * allowedips: do not use __always_inline
  * device: use skb accessor functions where possible
  
  Suggested tweaks from Dave Miller.
  
  * qemu: set framewarn 1280 for 64bit and 1024 for 32bit
  
  These should indicate to us more clearly when we cross the most strict stack
  thresholds expected when using recent compilers with the kernel.
  
  * blake2s: simplify
  * blake2s: remove outlen parameter from final
  
  The blake2s implementation has been simplified, since we don't use any of the
  fancy tree hashing parameters or the like. We also no longer separate the
  output length at initialization time from the output length at finalization
  time.
  
  * global: the _bh variety of rcu helpers have been unified
  * compat: nf_nat_core.h was removed upstream
  * compat: backport skb_mark_not_on_list
  
  The usual assortment of compat fixes for Linux 5.1.

This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, Samuel 
Neves, Bruno Wolff III, and Alexander von Gluck IV.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.xz
  SHA2-256: 2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b
  BLAKE2b-256: 787a01fa3d6a800d7376a04ff57dd16d884a7d3cb99d2f91bfc59895ab759200

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlyoi8YQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrjjSD/0fLlg/QLlGngPIldxT/BsaNLyiPxBBcrFv
lr0jl0x6qNXi6Gj/2KEdiTH/wCmzsWhu7Fa+q5KIly8hYDDBnDfDXYVxQcUva9H0
1XNXDuq+R2yW9r7pWZXRWtbmxWrY6SWvoB73L0Tbqrv0AIFNtmJdF5ut7lFuCw+v
5TZ3OsXvATGVDx9wWVdufrT3la+RhzYDushNJ8JZtCcENKutUgLg3QfjiArjfT7W
ndjsVINbeXWeUsB/lEK95U9yliCLjQiaJspf6LSvm/s7V+ZIQybWi2a4x9T5ZwuH
o2JP5x4xOElCH3hJ+lCD/rSSBHFRkwq0XtwjOVcgTRXZSWCbuaE/CSeA4JaAKXdB
rklV+LpBt9h/ghm8o92ieExK2IJwoOBM8b1f+DEjIepc75PA0BuSqhFXRuV4jAr9
i3zEtDz48ZksY6z9o+XObVCAg64sh+7vOr9Ztgkx30juDbwAoMfCx2IDSb702GlW
sBQwt5fbhC1y0k4WfY/MMuuH29jcJUuDHB7bees3atXr5yOR7r58gEKKKGwcHPG+
8+Dz+ihRv9pFSJPCon4nupohHMwBo7ZjpsV3V6lkz8GY7+QeM/P9BQLkdpIU38NS
bazNAN1MAkvLOkYS6gMK5Y8o8+uJsLJJMQCaDSx5eMUkYS4TE8YHBH4BucfpzW6P
bdz1k5I6NQ==
=eR4J
-----END PGP SIGNATURE-----


More information about the WireGuard mailing list