[ANNOUNCE] WireGuard Snapshot `0.0.20191012` Available

Jason A. Donenfeld Jason at zx2c4.com
Sat Oct 12 17:04:49 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20191012`, has been tagged in the git repository.

Please note that this snapshot is a snapshot rather than a final
release that is considered secure and bug-free. WireGuard is generally
thought to be fairly stable, and most likely will not crash your
computer (though it may).  However, as this is a snapshot, it comes
with no guarantees; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * qemu: bump default version
  * netns: add test for failing 5.3 FIB changes
  
  Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
  
  unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
  
  We fixed this upstream here:
  
  https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
  
  This is relevant to WireGuard because a very similar sequence of commands is
  used by wg-quick(8).
  
  So, we've now added some tests to catch this code path in the future. While
  the bug here was a random old use-after-free, the test checks the general
  policy routing setup used by wg-quick(8), so that we make sure this continues
  to work with future kernels.
  
  * noise: recompare stamps after taking write lock
  
  We now recompare counters while holding a write lock.
  
  * netlink: allow preventing creation of new peers when updating
  
  This is a small enhancement for wg-dynamic, so that we can update peers
  without readding them if they've already been removed.
  
  * wg-quick: android: use Binder for setting DNS on Android 10
  
  wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
  version of the app for this later today.

This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz
  SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e
  BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl2h64gQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drhw1D/9dQzRVt647BccXpBTJuCQhBB8jrW6XTk0S
1es84sx491kLZFNPv+ykT1lv/sWGoB9IKHXMxQFWutwpk3HmqAt8HgUPbfB7eM/L
QxMGNe8beiXhTrtx3g2ZLduvi0mHC2JEqUu3+1UzqLtfsgq75wWzy1FicVQKgcy7
cAFBbPPz7O3L4QXN1tj3OnBjj8wBUqRrriwkjdCd+gwiktJ2DfUPDX/39wb/qpJx
hA7A2XnJV9td0Y4fHZnAoHZ3MRWryUGN/EMIL5Cy/JnuppY9bNibTGWB5dUiUjYt
ANRRdNvst/LZrVgaocWjMh51O9S7a/Z1OP6Ewts48M0gxja2pIFgT4nzS8hzwQRE
okxAsMoEAzVRp+O3Hra/ZRswzjNI1iOQAfDtFbq8upD6W3COx479gQySzD6l7cdY
M06gmtZVrfey7s5K4fFw5axKv/l2AwSrCSpxiMFYked72vsFSlzvF2Gr8YCtyQSh
cliiptR+KBqExcvYo7x/R2vfVA5yR4+vaDgCWYb44gUIZIYcHvyi1MG/SgeFa8VO
amTaqngGsdxK6eBxlpzdW9XKFro39GYKiWIrMIdjBFZOSR+h06OVhmtpe538vOjk
Zqh64lpiCRWHrS0dd/mR3+FX0l4Jyy1V3STt8vuvvjECtFFWMovGoHXscQY1jAx/
XdPy0w2vUQ==
=hiCl
-----END PGP SIGNATURE-----


More information about the WireGuard mailing list