[ANNOUNCE] WireGuard Snapshot `0.0.20190905` Available
Jason A. Donenfeld
Jason at zx2c4.com
Fri Sep 6 00:25:47 CEST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
A new snapshot, `0.0.20190905`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.
== Changes ==
* compat: define conversion constants for ancient kernels
* compat: support running in OpenVZ environments
* compat: do not run bc on clean target
* compat: account for android-4.9 backport of addr_gen_mode
* compat: work around ubuntu breakage
Lots of compat work. Of particular note is that Ubuntu 16.04 screwed up a
backport, which broke WireGuard. Their kernel team is aware of the issue, but
due to bureaucratic constraints, they can't release a new kernel for ~7 weeks,
so we're releasing a new version instead.
* wg-quick: android: refactor and add incoming allow rules
Android battery savers also limit incoming traffic, so we open this up to
WireGuard.
* netlink: enforce that unused bits of flags are zero
This enforcement means we can use these bits later.
* noise: immediately rekey all peers after changing device private key
It should now be possible to change private keys and then immediately
re-handshake, without loosing incoming packets.
* netlink: skip peers with invalid keys
We already had this for some cases but not for the invalid case.
* Kbuild: account for upstream configuration maze changes
This should allow inserting into the build system of mainline kernels for
folks using the jury-rig scripts.
* wg-quick: openbsd: fix alternate routing table syntax
Syntax bug, which should now allow for multiple routing table-based routing on
OpenBSD.
* wg-quick: linux: don't fail down when using systemd-resolved
This prevents systemd-resolved->resolvconf systems to use wg-quick.
* Makefile: allow specifying kernel release
It is now possible to build for a kernel different from the running one.
* tools: windows: enforce named pipe ownership and use protected prefix
Security hardening enhancements for the Windows tools port.
This snapshot contains commits from: Jason A. Donenfeld, Ronan Pigott, Nathan
Chancellor, Mikk Mar, and Ankur Kothari.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in compressed tarball form here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190905.tar.xz
SHA2-256: 78767ceeb5286beaa851145f072d920a340a9f1b771a2943b8efd638cee1a8f6
BLAKE2b-256: 2cb58ed55b4261257b0dcfca58a3e73bc5ea8eb660855e0bbb0639b893d4aa2e
A PGP signature of that file decompressed is available here:
https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190905.tar.asc
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
Thank you,
Jason Donenfeld
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl1xi1wQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrnN9D/sHHEJmmQaJZ4RszJjDydUzq8wJ6SliFT0E
JiuDTWyZQld7IRiCAAPmcgH9Xv783icLUQNKcO6JRAV0rTcmUmV4N6iuT1LKeNIj
KrG44SxuAOSKSQacsJHE+jU4Tbn2MqGztw1f9NwUCOzTg/TfivERTG8+Xi5MP0c6
clkHF6I8aTlV30JeqjmbpbSWYnnYJo5k3mMAY7lPZ4ddiWQTfYm3gBRbDu1cdwjX
IHJ0ZtGvnwrb16/OTwxcPkE0lZiV7WLghHmXJjPbN6V0diHUIyvNddPceN1gxOeK
HbI646KtceDBOGlWA+z6qF27W4PVw29fRtfAtUVDsPXNDRhYvGdnjG1p7ReUamW4
KKuHJHfvgJURy++AXV9PUj6V0MtHANX6bWLjVDKRg+DIHPIU5iATF4Cz6vp9jcOh
r3mJ3iA6XJE/0PSmqM1jbbB0Tb6dIGGXZgymMt4H3Uf0HYROQRAD8PZdl5Ii/d26
1lydevz1TiUpO6ADcYq9PYngSVP4McR8EM/eCkBL+dY3RTlx0/lMemKR992FkTyq
7TutFLfSa0FUJvkk1LsEQvLUKKpfkDiGd+/7v/k6DaIBSkA91kBiTdXNkyJpPnJS
KWlH6dz7QZdVZVxdbZacHeFYvtqaa2+YaDyPJiibByBuwK0+g8lPQnTg3wuFjMIo
FW5aLIHbeg==
=vikk
-----END PGP SIGNATURE-----
More information about the WireGuard
mailing list