WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: [ANNOUNCE] WireGuard Snapshot `0.0.20191012` Available
Date: Sat, 12 Oct 2019 17:04:49 +0200
Message-ID: <fa44965fdbb56e19@frisell.zx2c4.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20191012`, has been tagged in the git repository.

Please note that this snapshot is a snapshot rather than a final
release that is considered secure and bug-free. WireGuard is generally
thought to be fairly stable, and most likely will not crash your
computer (though it may).  However, as this is a snapshot, it comes
with no guarantees; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevant changes.

== Changes ==

  * qemu: bump default version
  * netns: add test for failing 5.3 FIB changes
  
  Kernels 5.3.0 - 5.3.3 crash (and are probably exploitable) via this one liner:
  
  unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234::1'
  
  We fixed this upstream here:
  
  https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
  
  This is relevant to WireGuard because a very similar sequence of commands is
  used by wg-quick(8).
  
  So, we've now added some tests to catch this code path in the future. While
  the bug here was a random old use-after-free, the test checks the general
  policy routing setup used by wg-quick(8), so that we make sure this continues
  to work with future kernels.
  
  * noise: recompare stamps after taking write lock
  
  We now recompare counters while holding a write lock.
  
  * netlink: allow preventing creation of new peers when updating
  
  This is a small enhancement for wg-dynamic, so that we can update peers
  without readding them if they've already been removed.
  
  * wg-quick: android: use Binder for setting DNS on Android 10
  
  wg-quick(8) for Android now supports Android 10 (Q). We'll be releasing a new
  version of the app for this later today.

This snapshot contains commits from: Jason A. Donenfeld and Nicolas Douma.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.xz
  SHA2-256: 93573193c9c1c22fde31eb1729ad428ca39da77a603a3d81561a9816ccecfa8e
  BLAKE2b-256: d7979c453201b9fb6b1ad12092515b27ea6899397637a34f46e74b52b36ddf56

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20191012.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAl2h64gQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drhw1D/9dQzRVt647BccXpBTJuCQhBB8jrW6XTk0S
1es84sx491kLZFNPv+ykT1lv/sWGoB9IKHXMxQFWutwpk3HmqAt8HgUPbfB7eM/L
QxMGNe8beiXhTrtx3g2ZLduvi0mHC2JEqUu3+1UzqLtfsgq75wWzy1FicVQKgcy7
cAFBbPPz7O3L4QXN1tj3OnBjj8wBUqRrriwkjdCd+gwiktJ2DfUPDX/39wb/qpJx
hA7A2XnJV9td0Y4fHZnAoHZ3MRWryUGN/EMIL5Cy/JnuppY9bNibTGWB5dUiUjYt
ANRRdNvst/LZrVgaocWjMh51O9S7a/Z1OP6Ewts48M0gxja2pIFgT4nzS8hzwQRE
okxAsMoEAzVRp+O3Hra/ZRswzjNI1iOQAfDtFbq8upD6W3COx479gQySzD6l7cdY
M06gmtZVrfey7s5K4fFw5axKv/l2AwSrCSpxiMFYked72vsFSlzvF2Gr8YCtyQSh
cliiptR+KBqExcvYo7x/R2vfVA5yR4+vaDgCWYb44gUIZIYcHvyi1MG/SgeFa8VO
amTaqngGsdxK6eBxlpzdW9XKFro39GYKiWIrMIdjBFZOSR+h06OVhmtpe538vOjk
Zqh64lpiCRWHrS0dd/mR3+FX0l4Jyy1V3STt8vuvvjECtFFWMovGoHXscQY1jAx/
XdPy0w2vUQ==
=hiCl
-----END PGP SIGNATURE-----
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

                 reply index

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fa44965fdbb56e19@frisell.zx2c4.com \
    --to=jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox