[ANNOUNCE] WireGuard Snapshot `0.0.20190905` Available
Jason A. Donenfeld
Jason at zx2c4.com
Fri Sep 6 00:25:47 CEST 2019
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20190905`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not constitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.
== Changes ==
* compat: define conversion constants for ancient kernels
* compat: support running in OpenVZ environments
* compat: do not run bc on clean target
* compat: account for android-4.9 backport of addr_gen_mode
* compat: work around ubuntu breakage
Lots of compat work. Of particular note is that Ubuntu 16.04 screwed up a
backport, which broke WireGuard. Their kernel team is aware of the issue, but
due to bureaucratic constraints, they can't release a new kernel for ~7 weeks,
so we're releasing a new version instead.
* wg-quick: android: refactor and add incoming allow rules
Android battery savers also limit incoming traffic, so we open this up to
* netlink: enforce that unused bits of flags are zero
This enforcement means we can use these bits later.
* noise: immediately rekey all peers after changing device private key
It should now be possible to change private keys and then immediately
re-handshake, without loosing incoming packets.
* netlink: skip peers with invalid keys
We already had this for some cases but not for the invalid case.
* Kbuild: account for upstream configuration maze changes
This should allow inserting into the build system of mainline kernels for
folks using the jury-rig scripts.
* wg-quick: openbsd: fix alternate routing table syntax
Syntax bug, which should now allow for multiple routing table-based routing on
* wg-quick: linux: don't fail down when using systemd-resolved
This prevents systemd-resolved->resolvconf systems to use wg-quick.
* Makefile: allow specifying kernel release
It is now possible to build for a kernel different from the running one.
* tools: windows: enforce named pipe ownership and use protected prefix
Security hardening enhancements for the Windows tools port.
This snapshot contains commits from: Jason A. Donenfeld, Ronan Pigott, Nathan
Chancellor, Mikk Mar, and Ankur Kothari.
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .
This snapshot is available in compressed tarball form here:
A PGP signature of that file decompressed is available here:
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard