[ANNOUNCE] WireGuard Snapshot `0.0.20191012` Available
Jason A. Donenfeld
Jason at zx2c4.com
Sat Oct 12 17:04:49 CEST 2019
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20191012`, has been tagged in the git repository.
Please note that this snapshot is a snapshot rather than a final
release that is considered secure and bug-free. WireGuard is generally
thought to be fairly stable, and most likely will not crash your
computer (though it may). However, as this is a snapshot, it comes
with no guarantees; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.
== Changes ==
* qemu: bump default version
* netns: add test for failing 5.3 FIB changes
Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
We fixed this upstream here:
This is relevant to WireGuard because a very similar sequence of commands is
used by wg-quick(8).
So, we've now added some tests to catch this code path in the future. While
the bug here was a random old use-after-free, the test checks the general
policy routing setup used by wg-quick(8), so that we make sure this continues
to work with future kernels.
* noise: recompare stamps after taking write lock
We now recompare counters while holding a write lock.
* netlink: allow preventing creation of new peers when updating
This is a small enhancement for wg-dynamic, so that we can update peers
without readding them if they've already been removed.
* wg-quick: android: use Binder for setting DNS on Android 10
wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
version of the app for this later today.
This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in compressed tarball form here:
A PGP signature of that file decompressed is available here:
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard