-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
A new snapshot, `0.0.20190406`, has been tagged in the git repository. Please note that this snapshot is, like the rest of the project at this point in time, experimental, and does not constitute a real release that would be considered secure and bug-free. WireGuard is generally thought to be fairly stable, and most likely will not crash your computer (though it may). However, as this is a pre-release snapshot, it comes with no guarantees, and its security is not yet to be depended on; it is not applicable for CVEs. With all that said, if you'd like to test this snapshot out, there are a few relevant changes. == Changes == * allowedips: initialize list head when removing intermediate nodes Fix for an important regression in removing allowed IPs from the last snapshot. We have new test cases to catch these in the future as well. * wg-quick: freebsd: rebreak interface loopback, while fixing localhost * wg-quick: freebsd: export TMPDIR when restoring and don't make empty Two fixes for FreeBSD which have already been backported into ports. * tools: genkey: account for short reads of /dev/urandom * tools: add support for Haiku The tools now support Haiku! Maybe somebody is working on a WireGuard implementation for it? * tools: warn if an AllowedIP has a nonzero host part If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8) will now print a warning. Even though we mask this automatically down to 192.168.1.0/24, usually when people specify it like this, it's a mistake. * wg-quick: add 'strip' subcommand The new strip subcommand prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as: `wg addconf $DEV <(wg-quick strip $DEV)`. * tools: avoid unneccessary next_peer assignments in sort_peers() Small C optimization the compiler was probably already doing. * peerlookup: rename from hashtables * allowedips: do not use __always_inline * device: use skb accessor functions where possible Suggested tweaks from Dave Miller. * qemu: set framewarn 1280 for 64bit and 1024 for 32bit These should indicate to us more clearly when we cross the most strict stack thresholds expected when using recent compilers with the kernel. * blake2s: simplify * blake2s: remove outlen parameter from final The blake2s implementation has been simplified, since we don't use any of the fancy tree hashing parameters or the like. We also no longer separate the output length at initialization time from the output length at finalization time. * global: the _bh variety of rcu helpers have been unified * compat: nf_nat_core.h was removed upstream * compat: backport skb_mark_not_on_list The usual assortment of compat fixes for Linux 5.1. This snapshot contains commits from: Jason A. Donenfeld, Luis Ressel, Samuel Neves, Bruno Wolff III, and Alexander von Gluck IV. As always, the source is available at https://git.zx2c4.com/WireGuard/ and information about the project is available at https://www.wireguard.com/ . This snapshot is available in compressed tarball form here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.xz SHA2-256: 2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b BLAKE2b-256: 787a01fa3d6a800d7376a04ff57dd16d884a7d3cb99d2f91bfc59895ab759200 A PGP signature of that file decompressed is available here: https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20190406.tar.asc Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE If you're a snapshot package maintainer, please bump your package version. If you're a user, the WireGuard team welcomes any and all feedback on this latest snapshot. Finally, WireGuard development thrives on donations. By popular demand, we have a webpage for this: https://www.wireguard.com/donations/ Thank you, Jason Donenfeld -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlyoi8YQHGphc29uQHp4 MmM0LmNvbQAKCRBJ/HASpd4DrjjSD/0fLlg/QLlGngPIldxT/BsaNLyiPxBBcrFv lr0jl0x6qNXi6Gj/2KEdiTH/wCmzsWhu7Fa+q5KIly8hYDDBnDfDXYVxQcUva9H0 1XNXDuq+R2yW9r7pWZXRWtbmxWrY6SWvoB73L0Tbqrv0AIFNtmJdF5ut7lFuCw+v 5TZ3OsXvATGVDx9wWVdufrT3la+RhzYDushNJ8JZtCcENKutUgLg3QfjiArjfT7W ndjsVINbeXWeUsB/lEK95U9yliCLjQiaJspf6LSvm/s7V+ZIQybWi2a4x9T5ZwuH o2JP5x4xOElCH3hJ+lCD/rSSBHFRkwq0XtwjOVcgTRXZSWCbuaE/CSeA4JaAKXdB rklV+LpBt9h/ghm8o92ieExK2IJwoOBM8b1f+DEjIepc75PA0BuSqhFXRuV4jAr9 i3zEtDz48ZksY6z9o+XObVCAg64sh+7vOr9Ztgkx30juDbwAoMfCx2IDSb702GlW sBQwt5fbhC1y0k4WfY/MMuuH29jcJUuDHB7bees3atXr5yOR7r58gEKKKGwcHPG+ 8+Dz+ihRv9pFSJPCon4nupohHMwBo7ZjpsV3V6lkz8GY7+QeM/P9BQLkdpIU38NS bazNAN1MAkvLOkYS6gMK5Y8o8+uJsLJJMQCaDSx5eMUkYS4TE8YHBH4BucfpzW6P bdz1k5I6NQ== =eR4J -----END PGP SIGNATURE----- _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
