Tor 0.2.8.6 is released!
|
时间:2016-08-09 来源:torproject.org 作者:nickm
条评论
|
; bugfix on 0.2.7.3-rc.
Major bugfixes (user interface):
- Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug19203; bugfix on 0.2.3.1-alpha.
Minor features (accounting):
- Added two modes to the AccountingRule option: One for limiting only the number of bytes sent (“AccountingRule out”), and one for limiting only the number of bytes received (“AccountingRule in”). Closes ticket 15989; patch from “unixninja92”.
Minor features (bug-resistance):
- Make Tor survive errors involving connections without a corresponding event object. Previously we’d fail with an assertion; now we produce a log message. Related to bug16248.
- Use tor_snprintf() and tor_vsnprintf() even in external and low- level code, to harden against accidental failures to NUL- terminate. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder.
Minor features (build):
- Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as having possible IPFW support. Closes ticket 18448. Patch from Steven Chamberlain.
- Since our build process now uses “make distcheck”, we no longer force “make dist” to depend on “make check”. Closes ticket 17893; patch from “cypherpunks”.
- Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). We have been tracking OpenSSL 1.1 development as it has progressed, and fixing numerous compatibility issues as they arose. See tickets 17549, 17921, 17984, 19499, and 18286.
- When building manual pages, set the timezone to “UTC”, so that the output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. Patch from intrigeri.
Minor features (clients):
- Make clients, onion services, and bridge relays always use an encrypted begindir connection for directory requests. Resolves ticket 18483. Patch by teor.
Minor features (controller):
- Add ‘GETINFO exit-policy/reject-private/[default,relay]’, so controllers can examine the the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies.
- Adds the FallbackDir entries to ‘GETINFO config/defaults’. Closes tickets 16774 and 17817. Patch by George Tankersley.
- New ‘GETINFO hs/service/desc/id/’ command to retrieve a hidden service descriptor from a service’s local hidden service descriptor cache. Closes ticket 14846.
Minor features (crypto):
- Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
- Add SHA512 support to crypto.c. Closes ticket17663; patch from George Tankersley.
- Improve performance when hashing non-multiple of 8 sized buffers, based on Andrew Moon’s public domain SipHash-2-4 implementation. Fixes bug 17544; bugfix on 0.2.5.3-alpha.
- Validate the hard-coded Diffie-Hellman parameters and ensure that p is a safe prime, and g is a suitable generator. Closes ticket 18221.
- When allocating a digest state object, allocate no more space than we actually need. Previously, we would allocate as much space as the state for the largest algorithm would need. This change saves up to 672 bytes per circuit. Closes ticket 17796.
Minor features (directory downloads):
- Add UseDefaultFallbackDirs, which enables any hard-coded fallback directory mirrors. The default is 1; set it to 0 to disable fallbacks. Implements ticket 17576. Patch by teor.
- Wait for busy authorities and fallback directories to become non- busy when bootstrapping. (A similar change was made in 6c443e987d for directory caches chosen from the consensus.) Closes ticket 17864; patch by teor.
Minor features (geoip):
- Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 Country database.
Minor features (hidden service directory):
- Streamline relay-side hsdir handling: when relays consider whether to accept an uploaded hidden service descriptor, they no longer check whether they are one of the relays in the network that is “supposed” to handle that descriptor. Implements ticket18332.
Minor features (IPv6):
- Add ClientPreferIPv6DirPort, which is set to 0 by default. If set to 1, tor prefers IPv6 directory addresses.
- Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor avoids using IPv4 for client OR and directory connections.
- Add address policy assume_action support for IPv6 addresses.
- Add an argument ‘ipv6=address:orport’ to the DirAuthority and FallbackDir torrc options, to specify an IPv6 address for an authority or fallback directory. Add hard-coded ipv6 addresses for directory authorities that have them. Closes ticket17327; patch from Nick Mathewson and teor.
- Allow users to configure directory authorities and fallback directory servers with IPv6 addresses and ORPorts. Resolves ticket 6027.
- Limit IPv6 mask bits to 128.
- Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug 17638; bugfix on 0.0.2pre8. Patch by teor.
- Try harder to obey the IP version restrictions “ClientUseIPv4 0”, “ClientUseIPv6 0”, “ClientPreferIPv6ORPort”, and “ClientPreferIPv6DirPort”. Closes ticket 17840; patch by teor.
- Warn when comparing against an AF_UNSPEC address in a policy, it’s almost always a bug. Closes ticket 17863; patch by teor.
- routerset_parse now accepts IPv6 literal addresses. Fixes bug 17060; bugfix on 0.2.1.3-alpha. Patch by teor.
Minor features (Linux seccomp2 sandbox):
2/7 首页 上一页 1 2 3 4 5 6 下一页 尾页
|
|
|
|