[ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available

[ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available

[Jason A. Donenfeld]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20180613`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * wg-quick: android: change name of intent
  * wg-quick: android: delay setting users until end
  
  `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
  them to reconnect. By delaying this until after routes are set, we
  ensure that the sockets reconnect using the tunnel, rather than the old
  route. This fixes push notifications on Android.
  
  * chacha20: add missing include to header
  
  Fixes a compile error on some kernels.
  
  * tools: encoding: add missing static array constraints
  
  Makes static analyzers happier.
  
  * tools: support getentropy(3)
  
  This lets us take advantage of both recent glibc calls as well as the long
  standing getentropy functions on the BSDs.
  
  * chacha20poly1305: use slow crypto on -rt kernels
  
  In rt kernels, spinlocks call schedule(), which means preemption can't
  be disabled. The FPU disables preemption. Hence, we can either
  restructure things to move the calls to kernel_fpu_begin/end to be
  really close to the actual crypto routines, or we can do the slower
  lazier solution of just not using the FPU at all on -rt kernels. This
  patch goes with the latter lazy solution. The reason why we don't
  place the calls to kernel_fpu_begin/end close to the crypto routines
  in the first place is that they're very expensive, as it usually
  involves a call to XSAVE. So on sane kernels, we benefit from only
  having to call it once.

This snapshot contains commits from: Jason A. Donenfeld.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180613.tar.xz
  SHA2-256: c120cdedc3967dcb4ad5c1c7eadd2a1b04ef5dbf2fe60cc8e7c0db337bcda7dc
  BLAKE2b-256: 184b275cc2e49b741260f955b8258fb9832644d81bb9bd6b5ecf56994911e690

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlshJ9YQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrrVDEACdjd2lDHttE+nZyPvfHqGXNMl5nw3oH5+L
iTEH37maMgBdxRt2OTDND9x1Ka4iCtCdH4DDSA+O8KdO2fdJbr+m0yj2R6sz8ycE
M5QQbhfFlmBfExf0lQb5oxkJc0wXI6eDfOHQiZWjKQegfiFTHwmyv7jA/Ggz6Lq1
yu757/4N1SoU5ZWEpg/zGMzMK9PyUoWH/bgZGOnv0GajVjr+lVq3woD9yYX+oWiC
N78Y2giFZ6h2RTgkRj7QO6ceZxMPcg0GSN5ivBt4O38J07An/2Ozy7eUJStP5xTi
VbkiwDxfnhwfsD4vCDKPL0GMvdc/P34NrFr2yWkC22LXsW6ESia7oNkjo98H5Osi
Mr78zjvsjm8rzouiSC7kbp0/8QsjGQsLdX0osNLmdic7ec4ZgIT161Y073epIhh3
JPO/TWLiA/dqqnmM6989da+xOki2BDcnvUwmn9tDoXVS/IQFj/KWMvfKusu0ljLo
PI0tgR3gfyHXsWs3TcJqPksl42gRD85qcZ8LtPKWwYPGm3Q9zh718rZHG252KkoE
QN6ap/mdXoIxmqkkneaL7ipIRpRJmhoa/ACL+6XxgTmfA54lU/O1oLOHBV8DhEdJ
frMu3NMeL430ZCSDjWDwTdZFPuhdGbcXRK5eXhHYjxLWWW7+bdJfBxTjgh4gIQ+U
n94kOWpPZg==
=oJkt
-----END PGP SIGNATURE-----

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available

[Peter Korsgaard]

>>>>> "Jason" == Jason A Donenfeld <Jason@zx2c4.com> writes:

Hi,

 > Hello,
 > A new snapshot, `0.0.20180613`, has been tagged in the git repository.

 > Please note that this snapshot is, like the rest of the project at this point
 > in time, experimental, and does not consitute a real release that would be
 > considered secure and bug-free. WireGuard is generally thought to be fairly
 > stable, and most likely will not crash your computer (though it may).
 > However, as this is a pre-release snapshot, it comes with no guarantees, and
 > its security is not yet to be depended on; it is not applicable for CVEs.

 > With all that said, if you'd like to test this snapshot out, there are a
 > few relevent changes.

FYI, I see complication errors with poly1305.c when building for an ARMv5
target with 4.16.7 after moving from 0.0.20180524:

>>> wireguard 0.0.20180613 Building kernel module(s)
PATH="/home/peko/source/buildroot/output-wireguard/host/bin:/home/peko/source/buildroot/output-wireguard/host/sbin:/home/peko/bin:/home/peko/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" BR_BINARIES_DIR=/home/peko/source/buildroot/output-wireguard/images /usr/bin/make -j5 -C /home/peko/source/buildroot/output-wireguard/build/linux-4.16.7 HOSTCC="/usr/bin/gcc -O2 -I/home/peko/source/buildroot/output-wireguard/host/include -L/home/peko/source/buildroot/output-wireguard/host/lib -Wl,-rpath,/home/peko/source/buildroot/output-wireguard/host/lib" ARCH=arm INSTALL_MOD_PATH=/home/peko/source/buildroot/output-wireguard/target CROSS_COMPILE="/home/peko/source/buildroot/output-wireguard/host/bin/arm-none-linux-gnueabi-" DEPMOD=/home/peko/source/buildroot/output-wireguard/host/sbin/depmod INSTALL_MOD_STRIP=1  PWD=/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src M=/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src modules
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/main.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/noise.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/device.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/peer.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/timers.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/queueing.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/send.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/receive.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/socket.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/hashtables.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/allowedips.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/ratelimiter.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/cookie.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/netlink.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/chacha20.o
  CC [M]  /home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.o
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c: In function 'poly1305_update':
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c:332:4: error: implicit declaration of function 'memcpy' [-Werror=implicit-function-declaration]
    memcpy(ctx->data + num, inp, rem);
    ^
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c:332:4: warning: incompatible implicit declaration of built-in function 'memcpy' [enabled by default]
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c:338:4: warning: incompatible implicit declaration of built-in function 'memcpy' [enabled by default]
    memcpy(ctx->data + num, inp, len);
    ^
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c:353:3: warning: incompatible implicit declaration of built-in function 'memcpy' [enabled by default]
   memcpy(ctx->data, inp, rem);
   ^
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c: In function 'poly1305_finish':
/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.c:372:2: error: implicit declaration of function 'memzero_explicit' [-Werror=implicit-function-declaration]
  memzero_explicit(ctx, sizeof(*ctx));
  ^
cc1: some warnings being treated as errors
scripts/Makefile.build:324: recipe for target '/home/peko/source/buildroot/output-wireguard/build/wireguard-0.0.20180613/src/crypto/poly1305.o' failed


An explicit include of linux/string.h fixes it for me.

-- 
Bye, Peter Korsgaard

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available

[Jason A. Donenfeld]

Thanks for the report. Fixed here:
https://git.zx2c4.com/WireGuard/commit/?id=ed04799b1868f45e05d788e614b9b8cfa4fcab46

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180613` Available

[Peter Korsgaard]

>>>>> "Jason" == Jason A Donenfeld <Jason@zx2c4.com> writes:

 > Thanks for the report. Fixed here:
 > https://git.zx2c4.com/WireGuard/commit/?id=ed04799b1868f45e05d788e614b9b8cfa4fcab46

Thanks for the fast response. I've sent a patch to update the version in
Buildroot:

https://patchwork.ozlabs.org/patch/932233/

-- 
Bye, Peter Korsgaard