[ANNOUNCE] WireGuard Snapshot `0.0.20190123` Available

Jason A. Donenfeld Jason at zx2c4.com
Wed Jan 23 14:40:24 CET 2019

Hash: SHA256


A new snapshot, `0.0.20190123`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * tools: curve25519: handle unaligned loads/stores safely
  This should fix sporadic crashes with `wg pubkey` on certain architectures.
  * netlink: auth socket changes against namespace of socket
  In WireGuard, the underlying UDP socket lives in the namespace where the
  interface was created and doesn't move if the interface is moved. This
  allows one to create the interface in some privileged place that has
  Internet access, and then move it into a container namespace that only
  has the WireGuard interface for egress. Consider the following
  1. Interface created in namespace A. Socket therefore lives in namespace A.
  2. Interface moved to namespace B. Socket remains in namespace A.
  3. Namespace B now has access to the interface and changes the listen
     port and/or fwmark of socket. Change is reflected in namespace A.
  This behavior is arguably _fine_ and perhaps even expected or
  acceptable. But there's also an argument to be made that B should have
  A's cred to do so. So, this patch adds a simple ns_capable check.
  * ratelimiter: build tests with !IPV6
  Should reenable building in debug mode for systems without IPv6.
  * noise: replace getnstimeofday64 with ktime_get_real_ts64
  * ratelimiter: totalram_pages is now a function
  * qemu: enable FP on MIPS
  Linux 5.0 support.
  * keygen-html: bring back pure javascript implementation
  Benoît Viguier has proofs that values will stay well within 2^53. We
  also have an improved carry function that's much simpler. Probably more
  constant time than emscripten's 64-bit integers.
  * contrib: introduce simple highlighter library
  This is the highlighter library being used in:
  - https://twitter.com/EdgeSecurity/status/1085294681003454465
  - https://twitter.com/EdgeSecurity/status/1081953278248796165
  It's included here as a contrib example, so that others can paste it into
  their own GUI clients for having the same strictly validating highlighting.
  * netlink: use __kernel_timespec for handshake time
  This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

This snapshot contains commits from: Jason A. Donenfeld.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  SHA2-256: edd13c7631af169e3838621b1a1bff3ef73cf7bc778eec2bd55f7c1089ffdf9b
  BLAKE2b-256: 216ebafc4e3f8906161954003c0afe43171d8d41361cfeb64fb42bcf97567093

A PGP signature of that file decompressed is available here:
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list