<feed xmlns='http://www.w3.org/2005/Atom'>
<title>wireguard-windows/updater, branch master</title>
<subtitle>WireGuard client for Windows</subtitle>
<id>https://git.zx2c4.com/wireguard-windows/atom/updater?h=master</id>
<link rel='self' href='https://git.zx2c4.com/wireguard-windows/atom/updater?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/'/>
<updated>2026-05-19T15:37:20Z</updated>
<entry>
<title>updater: drain the entire response when fetching version list</title>
<updated>2026-05-19T15:37:20Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-17T20:39:51Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=cfa08a78d0a4a87b5b2aee4b29d92cab1adba0e5'/>
<id>urn:sha1:cfa08a78d0a4a87b5b2aee4b29d92cab1adba0e5</id>
<content type='text'>
WinHTTP can short-read across TLS or HTTP chunk boundaries, so a
single Read may truncate the signed file list. Signify verification
catches it, but the user sees a spurious update-check failure
instead of a successful fetch.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater,fetcher: disable HTTP/3</title>
<updated>2026-05-06T13:42:37Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-06T13:42:37Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=56c8aa4e8aad4a7844ee3165b4df448bb9a7ce2c'/>
<id>urn:sha1:56c8aa4e8aad4a7844ee3165b4df448bb9a7ce2c</id>
<content type='text'>
We had reports of it failing.

Reported-by: Ben Yoder &lt;byoder@moltzconstructors.com&gt;
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>global: regenerate syscall code from latest x/sys/windows wrapper</title>
<updated>2026-04-20T10:57:17Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-20T10:57:17Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=10295fbc425e44cc302d04b6e7dcb7428594cf61'/>
<id>urn:sha1:10295fbc425e44cc302d04b6e7dcb7428594cf61</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: response is unsigned anyway</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-13T01:37:17Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=34e6a2db0dbcfba9c11097f346668695cdebdfca'/>
<id>urn:sha1:34e6a2db0dbcfba9c11097f346668695cdebdfca</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: fix error message text to specify hex, not base64</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-11T16:33:37Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=cd8816255c2a3c29cdb01e30c3a8136fa2a51086'/>
<id>urn:sha1:cd8816255c2a3c29cdb01e30c3a8136fa2a51086</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: read proper number of numbers</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-11T16:32:44Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=c8329e6d2c91c454e999e4986c21621e23e4f5a6'/>
<id>urn:sha1:c8329e6d2c91c454e999e4986c21621e23e4f5a6</id>
<content type='text'>
There's no way it'd be valid anyway, but this index is for utf16 chars,
not utf8 chars.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: more gracefully handle read errors in winhttp</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-11T16:17:24Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=23a75c7677addcf3bec70170e9b98ee05a72d503'/>
<id>urn:sha1:23a75c7677addcf3bec70170e9b98ee05a72d503</id>
<content type='text'>
Otherwise we keep trying infinitely.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: do not return swallowed error</title>
<updated>2026-04-10T16:25:35Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-10T16:25:35Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=4804d318e69065bba79a93fda5cc9065fc1d0dba'/>
<id>urn:sha1:4804d318e69065bba79a93fda5cc9065fc1d0dba</id>
<content type='text'>
Before we were still returning the swallowed error.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater,fetcher: enable http/3 opportunistically</title>
<updated>2026-03-30T12:01:41Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-03-30T12:01:41Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=3be6201ee697feacf06e23b5a1f08351787d59f6'/>
<id>urn:sha1:3be6201ee697feacf06e23b5a1f08351787d59f6</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>updater: do not verify EV status</title>
<updated>2026-03-23T13:48:11Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-03-23T13:48:11Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=108c5e4b9ed3b8e4c37832df8e23537f5995512a'/>
<id>urn:sha1:108c5e4b9ed3b8e4c37832df8e23537f5995512a</id>
<content type='text'>
We'll keep signing with EV. But this is not a security check. Anybody
can add an EV signature. It's not very expensive to do. And we've never
checked that it's actually _our_ signature. For that, there's the normal
ed25519-based mechanism, which is a lot nicer and faster.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
</feed>
