[ANNOUNCE] WireGuard Snapshot `0.0.20190905` Available

Jason A. Donenfeld Jason at zx2c4.com
Fri Sep 6 00:25:47 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20190905`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * compat: define conversion constants for ancient kernels
  * compat: support running in OpenVZ environments
  * compat: do not run bc on clean target
  * compat: account for android-4.9 backport of addr_gen_mode
  * compat: work around ubuntu breakage
  
  Lots of compat work. Of particular note is that Ubuntu 16.04 screwed up a
  backport, which broke WireGuard. Their kernel team is aware of the issue, but
  due to bureaucratic constraints, they can't release a new kernel for ~7 weeks,
  so we're releasing a new version instead.
  
  * wg-quick: android: refactor and add incoming allow rules
  
  Android battery savers also limit incoming traffic, so we open this up to
  WireGuard.
  
  * netlink: enforce that unused bits of flags are zero
  
  This enforcement means we can use these bits later.
  
  * noise: immediately rekey all peers after changing device private key
  
  It should now be possible to change private keys and then immediately
  re-handshake, without loosing incoming packets.
  
  * netlink: skip peers with invalid keys
  
  We already had this for some cases but not for the invalid case.
  
  * Kbuild: account for upstream configuration maze changes
  
  This should allow inserting into the build system of mainline kernels for
  folks using the jury-rig scripts.
  
  * wg-quick: openbsd: fix alternate routing table syntax
  
  Syntax bug, which should now allow for multiple routing table-based routing on
  OpenBSD.
  
  * wg-quick: linux: don't fail down when using systemd-resolved
  
  This prevents systemd-resolved->resolvconf systems to use wg-quick.
  
  * Makefile: allow specifying kernel release
  
  It is now possible to build for a kernel different from the running one.
  
  * tools: windows: enforce named pipe ownership and use protected prefix
  
  Security hardening enhancements for the Windows tools port.

This snapshot contains commits from: Jason A. Donenfeld, Ronan Pigott, Nathan 
Chancellor, Mikk Mar, and Ankur Kothari.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190905.tar.xz
  SHA2-256: 78767ceeb5286beaa851145f072d920a340a9f1b771a2943b8efd638cee1a8f6
  BLAKE2b-256: 2cb58ed55b4261257b0dcfca58a3e73bc5ea8eb660855e0bbb0639b893d4aa2e

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190905.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl1xi1wQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrnN9D/sHHEJmmQaJZ4RszJjDydUzq8wJ6SliFT0E
JiuDTWyZQld7IRiCAAPmcgH9Xv783icLUQNKcO6JRAV0rTcmUmV4N6iuT1LKeNIj
KrG44SxuAOSKSQacsJHE+jU4Tbn2MqGztw1f9NwUCOzTg/TfivERTG8+Xi5MP0c6
clkHF6I8aTlV30JeqjmbpbSWYnnYJo5k3mMAY7lPZ4ddiWQTfYm3gBRbDu1cdwjX
IHJ0ZtGvnwrb16/OTwxcPkE0lZiV7WLghHmXJjPbN6V0diHUIyvNddPceN1gxOeK
HbI646KtceDBOGlWA+z6qF27W4PVw29fRtfAtUVDsPXNDRhYvGdnjG1p7ReUamW4
KKuHJHfvgJURy++AXV9PUj6V0MtHANX6bWLjVDKRg+DIHPIU5iATF4Cz6vp9jcOh
r3mJ3iA6XJE/0PSmqM1jbbB0Tb6dIGGXZgymMt4H3Uf0HYROQRAD8PZdl5Ii/d26
1lydevz1TiUpO6ADcYq9PYngSVP4McR8EM/eCkBL+dY3RTlx0/lMemKR992FkTyq
7TutFLfSa0FUJvkk1LsEQvLUKKpfkDiGd+/7v/k6DaIBSkA91kBiTdXNkyJpPnJS
KWlH6dz7QZdVZVxdbZacHeFYvtqaa2+YaDyPJiibByBuwK0+g8lPQnTg3wuFjMIo
FW5aLIHbeg==
=vikk
-----END PGP SIGNATURE-----


More information about the WireGuard mailing list