[ANNOUNCE] WireGuard Snapshot `0.0.20190123` Available

Jason A. Donenfeld Jason at zx2c4.com
Wed Jan 23 14:40:24 CET 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20190123`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * tools: curve25519: handle unaligned loads/stores safely
  
  This should fix sporadic crashes with `wg pubkey` on certain architectures.
  
  * netlink: auth socket changes against namespace of socket
  
  In WireGuard, the underlying UDP socket lives in the namespace where the
  interface was created and doesn't move if the interface is moved. This
  allows one to create the interface in some privileged place that has
  Internet access, and then move it into a container namespace that only
  has the WireGuard interface for egress. Consider the following
  situation:
  
  1. Interface created in namespace A. Socket therefore lives in namespace A.
  2. Interface moved to namespace B. Socket remains in namespace A.
  3. Namespace B now has access to the interface and changes the listen
     port and/or fwmark of socket. Change is reflected in namespace A.
  
  This behavior is arguably _fine_ and perhaps even expected or
  acceptable. But there's also an argument to be made that B should have
  A's cred to do so. So, this patch adds a simple ns_capable check.
  
  * ratelimiter: build tests with !IPV6
  
  Should reenable building in debug mode for systems without IPv6.
  
  * noise: replace getnstimeofday64 with ktime_get_real_ts64
  * ratelimiter: totalram_pages is now a function
  * qemu: enable FP on MIPS
  
  Linux 5.0 support.
  
  * keygen-html: bring back pure javascript implementation
  
  Benoît Viguier has proofs that values will stay well within 2^53. We
  also have an improved carry function that's much simpler. Probably more
  constant time than emscripten's 64-bit integers.
  
  * contrib: introduce simple highlighter library
  
  This is the highlighter library being used in:
  - https://twitter.com/EdgeSecurity/status/1085294681003454465
  - https://twitter.com/EdgeSecurity/status/1081953278248796165
  
  It's included here as a contrib example, so that others can paste it into
  their own GUI clients for having the same strictly validating highlighting.
  
  * netlink: use __kernel_timespec for handshake time
  
  This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

This snapshot contains commits from: Jason A. Donenfeld.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190123.tar.xz
  SHA2-256: edd13c7631af169e3838621b1a1bff3ef73cf7bc778eec2bd55f7c1089ffdf9b
  BLAKE2b-256: 216ebafc4e3f8906161954003c0afe43171d8d41361cfeb64fb42bcf97567093

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190123.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlxIbrYQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrlNOD/wPd4TjRecDk0ailnrJzJf0AJLM5mnA4kz3
MMD7y2t+gR34XdKWjCTO2GlTV//DvGLEJXtoLJmITheLAZ7a2399I3DwlAKbZKms
r5Vt7AmjZ109uBEn2LpGzkvbGkMBemKTSsNqa0wGO/h3gJj7QF5AbU6Z8cncPdGA
ujCWqP7f/R6US71wQ/3g9+/ZFzrTpHT2MhLMKbOw49d9tzoEXh4nrvTij5fPnWpi
cExAVtHEyfs/V/72mqNeTqo77Thiq40IKq4QeBcqyV7SxeYZzRms39/Yt4aK7Wc2
XG348HkV5ne/tCXfokH32frIXmCSWfZ++kvRNP6fB74z9qgEWDwB2avx4+sd/CEf
pIG7BMcygOLeJPNF12Yp2/wIDBg5YJ58PgvU32hk3kEeicT54+3x4U31wUZnBYBW
2t4Q8e9oM2GkUMjglOR/MWRGZPvKdiHNnJTP7gj6k2xFH6bSdHVGpftoEJ+SZJ1b
1TzyNdf0rF/8CeIYzdGio/O00z22HlyQtzGI93BS0CdJYl1CfgIv9d2srgG/8+4s
qFUnNZan2PKfG6XaVEirPS41K7ywlUlSZgnIVVCYS28I0LXeeXW8FyZBX/PNxkI1
tr3Ch4M1i95S5V5wfzPn9Nt/6YsljGnUHoC69/15Q7GJ5nH3MBACDUlFOqey+z9d
iphIIm5oDg==
=LY4H
-----END PGP SIGNATURE-----


More information about the WireGuard mailing list