[ANNOUNCE] WireGuard Snapshot `0.0.20180620` Available

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: "WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: [ANNOUNCE] WireGuard Snapshot `0.0.20180620` Available
Date: Wed, 20 Jun 2018 21:19:56 +0200	[thread overview]
Message-ID: <b9a4b41fbe912803@frisell.zx2c4.com> (raw)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20180620`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * chacha20poly1305: use slow crypto on -rt kernels on arm too

  Leftover from the last commit of the previous snapshot that we forgot to
  handle.

  * tools: getentropy requires macOS 10.12

  Small build time fixup for old versions of macOS.

  * queueing: remove useless spinlocks on sc
  * queueing: re-enable preemption periodically to lower latency
  * simd: encapsulate fpu amortization into nice functions
  * simd: no need to restore fpu state when no preemption

  This will improve general system latency on preempt-enabled systems, like
  desktops.

  * dns-hatchet: apply resolv.conf's selinux context to new resolv.conf

  Fixes wg-quick's dns hatchet on CentOS.

  * qemu: bump default kernel

  By bumping to 4.17.2, we actually uncovered a bug in the SLUB allocator, which
  upstream is now fixing: https://lkml.org/lkml/2018/6/18/1407

  * noise: take locks for ss precomputation
  * netlink: maintain static_identity lock over entire private key update

  Minor locking correctness fixes and optimizations.

  * noise: wait for crng before taking locks

  We now make sure that an outgoing packet which needs a potentially unseeded
  rng won't block a call to wg(8), which takes similar locks for retrieving
  data.

  * receive: drop handshake packets if rng is not initialized

  If the rng is unseeded, we drop incoming handshake packets, so that it's not
  possible for an attacker to fill the handshake queue thereby provoking
  cookies.

  * ratelimiter: mitigate reference underflow
  * ratelimiter: do not allow concurrent init and uninit

  Minor correctness and hardening fixes, which don't fix anything particular in
  WireGuard, but might be useful if our ratelimiter is ever used elsewhere.

  * compat: use stabler lkml links
  * poly1305: add missing string.h header

  Minor fixups.

This snapshot contains commits from: Jason A. Donenfeld.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180620.tar.xz
  SHA2-256: b4db98ea751c8e667454f98ea1c15d704a784fe1bc093b03bd64575418a7c242
  BLAKE2b-256: f4e5a65f384a04cb1202e2866afc52469f121acb092a06be270d13ed211efdec

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlsqqI0QHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4DrmPrEADFN1u60NGocdWyFtXnv16wrvM93ZKbOteX
Wa3wkh/pagPktCHyi4qNAU1C3VGyzAF5V/9vBVd9D+nzhZcDd2Zyj7u+5dDRlPun
N5zaxj5wq84peSxjHKXZht/11P5g6e2/9hDFNsM8PAE7qfrmSrhoxGdymSFT9kHA
iyCp89uXfyWcqtKffw3kfzrjgZLi3cwi793GydWGoURPFdy3xpy8NCvakpsakmG0
JYFRTq8YKceAPSBN8uFEC/BlermAWssd78OiQjCzIpkxZc64MEidoCvZPSynVWqD
wSOxfsH8aHd/GYq74+IQ/uLaFlt3W0ive/IZ7ESF+Q3c5FdkguVMIN4lo9XxBPKa
a3MDREdxToLZMxbh3ublDrjxDHNx6rARHsaIlkmcxynnMPz+j/5J5yi8z8R/p6bY
K8hF6KJqW18h90EuKfVdAkKUnaKfS7k82VKXBz2M6d1bFnz4psE5eD2uLzCXkIFl
Sj/+QlqanU/P4r8ZASOWRNXzrLtpFxR7fAzlgE/hTTY6heA/txxeTQK79iswniya
4fsZ0pVApnH7oLWpAsntByuiSAPnQB+R+4eLKgU5KUngRTtx8ITSazo3Z5/ZWCnI
sMTJT1L2+yRh6kLI5IVjHaQ0w0cn7Ymd/rlmW23Yyi3QEZUeFV1DKClSOy93Rs58
v7U2S/briA==
=Mdq3
-----END PGP SIGNATURE-----

next             reply	other threads:[~2018-06-20 19:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-20 19:19 Jason A. Donenfeld [this message]
2018-06-20 20:11 ` Lonnie Abelbeck
2018-06-20 20:33   ` Matthias Urlichs
2018-06-20 21:24   ` Jason A. Donenfeld
2018-06-20 22:37     ` Lonnie Abelbeck
2018-06-20 23:47       ` Jason A. Donenfeld
2018-06-21  0:22         ` Lonnie Abelbeck
2018-06-21 13:51           ` Lonnie Abelbeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b9a4b41fbe912803@frisell.zx2c4.com \
    --to=jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).