[ANNOUNCE] wireguard-tools v1.0.20200820 released
Jason A. Donenfeld
Jason at zx2c4.com
Thu Aug 20 12:13:26 CEST 2020
-----BEGIN PGP SIGNED MESSAGE-----
A new version, v1.0.20200820, of wireguard-tools has been tagged in the git
repository, containing various required userspace utilities, such as the
wg(8) and wg-quick(8) commands and documentation.
== Changes ==
* ipc: split into separate files per-platform
This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.
* wincompat: fold random into genkey
As part of moving to per-platform files, we can fold our get_random_bytes
implementation in the same way that we handle the other ones.
* systemd: add reload target to systemd unit
Users can now run `systemctl reload wg-quick at wgnet0`, as described in the
wg-quick(8) man page. Note that this won't adjust Address=, DNS=, or the
various other non-wg(8) fields.
* man: wg-quick: use syncconf instead of addconf for strip example
Simple documentation fix.
* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h
In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h
* wg-quick: wait on process substitutions
Bash does not propagate error values, which is a bummer, but process
substitutions are a useful feature. Introduce a new idiom to deal with
this: either "; wait $!" after the line to propagate the error, or "||
true" to indicate explicitly that we don't care about the error. Discussions
about this with upstream bash didn't lead anywhere:
So, we now work around this limitation manually.
This release contains commits from: Jason A. Donenfeld and Domonkos P.
As always, the source is available at https://git.zx2c4.com/wireguard-tools/ and
information about the project is available at https://www.wireguard.com/ .
This release is available in compressed tarball form here:
A PGP signature of that file decompressed is available here:
Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
Remember to unxz the tarball before verifying the signature.
If you're a package maintainer, please bump your package version. If you're a
user, the WireGuard team welcomes any and all feedback on this latest version.
Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard