[ANNOUNCE] WireGuard Snapshot `0.0.20190905` Available

Jason A. Donenfeld Jason at zx2c4.com
Fri Sep 6 00:25:47 CEST 2019

Hash: SHA256


A new snapshot, `0.0.20190905`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * compat: define conversion constants for ancient kernels
  * compat: support running in OpenVZ environments
  * compat: do not run bc on clean target
  * compat: account for android-4.9 backport of addr_gen_mode
  * compat: work around ubuntu breakage
  Lots of compat work. Of particular note is that Ubuntu 16.04 screwed up a
  backport, which broke WireGuard. Their kernel team is aware of the issue, but
  due to bureaucratic constraints, they can't release a new kernel for ~7 weeks,
  so we're releasing a new version instead.
  * wg-quick: android: refactor and add incoming allow rules
  Android battery savers also limit incoming traffic, so we open this up to
  * netlink: enforce that unused bits of flags are zero
  This enforcement means we can use these bits later.
  * noise: immediately rekey all peers after changing device private key
  It should now be possible to change private keys and then immediately
  re-handshake, without loosing incoming packets.
  * netlink: skip peers with invalid keys
  We already had this for some cases but not for the invalid case.
  * Kbuild: account for upstream configuration maze changes
  This should allow inserting into the build system of mainline kernels for
  folks using the jury-rig scripts.
  * wg-quick: openbsd: fix alternate routing table syntax
  Syntax bug, which should now allow for multiple routing table-based routing on
  * wg-quick: linux: don't fail down when using systemd-resolved
  This prevents systemd-resolved->resolvconf systems to use wg-quick.
  * Makefile: allow specifying kernel release
  It is now possible to build for a kernel different from the running one.
  * tools: windows: enforce named pipe ownership and use protected prefix
  Security hardening enhancements for the Windows tools port.

This snapshot contains commits from: Jason A. Donenfeld, Ronan Pigott, Nathan 
Chancellor, Mikk Mar, and Ankur Kothari.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  SHA2-256: 78767ceeb5286beaa851145f072d920a340a9f1b771a2943b8efd638cee1a8f6
  BLAKE2b-256: 2cb58ed55b4261257b0dcfca58a3e73bc5ea8eb660855e0bbb0639b893d4aa2e

A PGP signature of that file decompressed is available here:
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list