[ANNOUNCE] WireGuard Snapshot `0.0.20191212` Available
Jason A. Donenfeld
Jason at zx2c4.com
Thu Dec 12 12:34:58 CET 2019
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20191212`, has been tagged in the git repository.
Please note that this snapshot is a snapshot rather than a final
release that is considered secure and bug-free. WireGuard is generally
thought to be fairly stable, and most likely will not crash your
computer (though it may). However, as this is a snapshot, it comes
with no guarantees; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.
== Changes ==
* socket: convert to ipv6_dst_lookup_flow for 5.5
WireGuard should now run fine on 5.5-rc1, for folks running pre-release
kernels. Note that although WireGuard is slated to enter mainline with 5.6
(thus making 5.5 the last compat-release), the patch in net-next for 5.6 will
apply evenly over 5.5 as well. The difference between doing that and using
WireGuard out of the compat-release here is that this one here uses nicer
crypto primitives. While Frankenzinc has landed, we're still in the process of
getting some remaining primitives upstream so that functionality is paired. In
otherwords, it's now an iterative process to transform Frankenzinc back into
Zinc proper. So until then, I'd recommend sticking with this repo like usual,
and waiting for 5.6 to start using it in tree, which is the release at which
WireGuard will be in Linus' tree anyway.
* compat: support building for RHEL-8.1 instead of RHEL-8.0
Please send an email if you're still experiencing build problems on RHEL or
* wg-quick: linux: add support for nft and prefer it
There was a long mailing list discussion about this. The conclusion is here:
* wg-quick: linux: support older nft(8)
We can't use all the niceties of modern nft(8) because many distros still ship
old tools. Hopefully this will be the only old-nft(8)-enabling commit; it took
many more tries with iptables(8) to get it working everywhere.
* global: fix up spelling
* main: remove unused include <linux/version.h>
This snapshot contains commits from: Jason A. Donenfeld, YueHaibing, Sergey
Ivanov, and Josh Soref.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in compressed tarball form here:
A PGP signature of that file decompressed is available here:
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard