免费SS | 加入收藏 | 设为首页 | 我要投稿 | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
您当前的位置:首页 > 翻墙动态

Tor 0.2.7.3-rc is released

时间:2015-09-25  来源:  作者:

Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It contains numerous usability fixes for Ed25519 keys, safeguards against several misconfiguration problems, significant simplifications to Tor's callgraph, and numerous bugfixes and small features.NfN免费翻墙网

This is the most tested release of Tor to date. The unit tests cover 39.40% of the code, and the integration tests (accessible with "make test-full-online", requiring stem and chutney and a network connection) raise the coverage to 64.49%.NfN免费翻墙网

NOTE: This is a release candidate. We think we've squashed most of the bugs, but there are probably a few more left over.NfN免费翻墙网

Changes in version 0.2.7.3-rc - 2015-09-25

  • Major features (security, hidden services):
    • Hidden services, if using the EntryNodes option, are required to use more than one EntryNode, in order to avoid a guard discovery attack. (This would only affect people who had configured hidden services and manually specified the EntryNodes option with a single entry-node. The impact was that it would be easy to remotely identify the guard node used by such a hidden service. See ticket for more information.) Fixes ticket 14917.
  • Major features (Ed25519 keys, keypinning):
    • The key-pinning option on directory authorities is now advisory- only by default. In a future version, or when the AuthDirPinKeys option is set, pins are enforced again. Disabling key-pinning seemed like a good idea so that we can survive the fallout of any usability problems associated with Ed25519 keys. Closes ticket 17135.

 NfN免费翻墙网

  • Major features (Ed25519 performance):
    • Improve the speed of Ed25519 operations and Curve25519 keypair generation when built targeting 32 bit x86 platforms with SSE2 available. Implements ticket 16535.
    • Improve the runtime speed of Ed25519 signature verification by using Ed25519-donna's batch verification support. Implements ticket 16533.
  • Major features (performance testing):
    • The test-network.sh script now supports performance testing. Requires corresponding chutney performance testing changes. Patch by "teor". Closes ticket 14175.
  • Major features (relay, Ed25519):
    • Significant usability improvements for Ed25519 key management. Log messages are better, and the code can recover from far more failure conditions. Thanks to "s7r" for reporting and diagnosing so many of these!
    • Add a new OfflineMasterKey option to tell Tor never to try loading or generating a secret Ed25519 identity key. You can use this in combination with tor --keygen to manage offline and/or encrypted Ed25519 keys. Implements ticket 16944.
    • Add a --newpass option to allow changing or removing the passphrase of an encrypted key with tor --keygen. Implements part of ticket 16769.
    • On receiving a HUP signal, check to see whether the Ed25519 signing key has changed, and reload it if so. Closes ticket 16790.
  • Major bugfixes (relay, Ed25519):
    • Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on 0.2.7.2-alpha. Reported by "s7r".
    • Improve handling of expired signing keys with offline master keys. Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
  • Minor features (client-side privacy):
    • New KeyAliveSOCKSAuth option to indefinitely extend circuit lifespan when IsolateSOCKSAuth and streams with SOCKS authentication are attached to the circuit. This allows applications like TorBrowser to manage circuit lifetime on their own. Implements feature 15482.
    • When logging malformed hostnames from SOCKS5 requests, respect SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
  • Minor features (compilation):
    • Give a warning as early as possible when trying to build with an unsupported OpenSSL version. Closes ticket 16901.
    • Fail during configure if we're trying to build against an OpenSSL built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha which started requiring ECC.
  • Minor features (geoip):
    • Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
  • Minor features (hidden services):
    • Relays need to have the Fast flag to get the HSDir flag. As this is being written, we'll go from 2745 HSDirs down to 2342, a ~14% drop. This change should make some attacks against the hidden service directory system harder. Fixes ticket 15963.
    • Turn on hidden service statistics collection by setting the torrc option HiddenServiceStatistics to "1" by default. (This keeps track only of the fraction of traffic used by hidden services, and the total number of hidden services in existence.) Closes ticket 15254.
    • Client now uses an introduction point failure cache to know when to fetch or keep a descriptor in their cache. Previously, failures were recorded implicitly, but not explicitly remembered. Closes ticket 16389.
  • Minor features (testing, authorities, documentation):
    • New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to explicitly manage consensus flags in testing networks. Patch by "robgjansen", modified by "teor". Implements part of ticket 14882.
  • Minor bugfixes (security, exit policies):
    • ExitPolicyRejectPrivate now also rejects the relay's published IPv6 address (if any), and any publicly routable IPv4 or IPv6 addresses on any local interfaces. ticket 17027. Patch by "teor". Fixes bug 17027; bugfix on 0.2.0.11-alpha.
  • Minor bug fixes (torrc exit policies):
    • In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only produce IPv6 wildcard addresses. Previously they would produce both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha.
    • When parsing torrc ExitPolicies, we now warn for a number of cases where the user's intent is likely to differ from Tor's actual behavior. These include: using an IPv4 address with an accept6 or reject6 line; using "private" on an accept6 or reject6 line; and including any ExitPolicy lines after accept *:* or reject *:*. Related to ticket 16069.
    • When parsing torrc ExitPolicies, we now issue an info-level message when expanding an "accept/reject *" line to include both IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
    • In each instance above, usage advice is provided to avoid the message. Resolves ticket 16069. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha.
  • Minor bugfixes (authority):
    • Don't assign "HSDir" to a router if it isn't Valid and Running. Fixes bug 16524; bugfix on 0.2.7.2-alpha.
    • Downgrade log messages about Ed25519 key issues if they are in old cached router descriptors. Fixes part of bug 16286; bugfix on 0.2.7.2-alpha.
    • When we find an Ed25519 key issue in a cached descriptor, stop saying the descriptor was just "uploaded". Fixes another part of bug 16286; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (control port):
    • Repair a warning and a spurious result when getting the maximum number of file descriptors from the controller. Fixes bug 16697; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (correctness):
    • When calling channel_free_list(), avoid calling smartlist_remove() while inside a FOREACH loop. This partially reverts commit 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
  • Minor bugfixes (documentation):
    • Advise users on how to configure separate IPv4 and IPv6 exit policies in the manpage and sample torrcs. Related to ticket 16069.
    • Fix the usage message of tor-resolve(1) so that it no longer lists the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
    • Fix an error in the manual page and comments for TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir required "ORPort connectivity". While this is true, it is in no way unique to the HSDir flag. Of all the flags, only HSDirs need a DirPort configured in order for the authorities to assign that particular flag. Patch by "teor". Fixed as part of 14882; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (Ed25519):
    • Fix a memory leak when reading router descriptors with expired Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (linux seccomp2 sandbox):
    • Allow bridge authorities to run correctly under the seccomp2 sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
    • Allow routers with ed25519 keys to run correctly under the seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (open file limit):
    • Fix set_max_file_descriptors() to set by default the max open file limit to the current limit when setrlimit() fails. Fixes bug 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet.
  • Minor bugfixes (portability):
    • Try harder to normalize the exit status of the Tor process to the standard-provided range. Fixes bug 16975; bugfix on every version of Tor ever.
    • Check correctly for Windows socket errors in the workqueue backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
    • Fix the behavior of crypto_rand_time_range() when told to consider times before 1970. (These times were possible when running in a simulated network environment where time()'s output starts at zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
    • Restore correct operation of TLS client-cipher detection on OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (relay):
    • Ensure that worker threads actually exit when a fatal error or shutdown is indicated. This fix doesn't currently affect the behavior of Tor, because Tor workers never indicates fatal error or shutdown except in the unit tests. Fixes bug 16868; bugfix on 0.2.6.3-alpha.
    • Unblock threads before releasing the work queue mutex to ensure predictable scheduling behavior. Fixes bug 16644; bugfix on 0.2.6.3-alpha.
  • Code simplification and refactoring:
    • Change the function that's called when we need to retry all downloads so that it only reschedules the downloads to happen immediately, rather than launching them all at once itself. This further simplifies Tor's callgraph.
    • Move some format-parsing functions out of crypto.c and crypto_curve25519.c into crypto_format.c and/or util_format.c.
    • Move the client-only parts of init_keys() into a separate function. Closes ticket 16763.
    • Simplify the microdesc_free() implementation so that it no longer appears (to code analysis tools) to potentially invoke a huge suite of other microdesc functions.
    • Simply the control graph further by deferring the inner body of directory_all_unreachable() into a callback. Closes ticket 16762.
    • Treat the loss of an owning controller as equivalent to a SIGTERM signal. This removes a tiny amount of duplicated code, and simplifies our callgraph. Closes ticket 16788.
    • When generating an event to send to the controller, we no longer put the event over the network immediately. Instead, we queue these events, and use a Libevent callback to deliver them. This change simplifies Tor's callgraph by reducing the number of functions from which all other Tor functions are reachable. Closes ticket 16695.
    • Wrap Windows-only C files inside '#ifdef _WIN32' so that tools that try to scan or compile every file on Unix won't decide that they are broken.
    • Remove the unused "nulterminate" argument from buf_pullup().
  • Documentation:
    • Recommend a 40 GB example AccountingMax in torrc.sample rather than a 4 GB max. Closes ticket 16742.
    • Include the TUNING document in our source tarball. It is referred to in the ChangeLog and an error message. Fixes bug 16929; bugfix on 0.2.6.1-alpha.
  • Removed code:
    • The internal pure-C tor-fw-helper tool is now removed from the Tor distribution, in favor of the pure-Go clone available from https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries used by the C tor-fw-helper are not, in our opinion, very confidence- inspiring in their secure-programming techniques. Closes ticket 13338.
    • Remove the code that would try to aggressively flush controller connections while writing to them. This code was introduced in 0.1.2.7-alpha, in order to keep output buffers from exceeding their limits. But there is no longer a maximum output buffer size, and flushing data in this way caused some undesirable recursions in our call graph. Closes ticket 16480.
  • Testing:
    • Make "bridges+hs" the default test network. This tests almost all tor functionality during make test-network, while allowing tests to succeed on non-IPv6 systems. Requires chutney commit 396da92 in test-network-bridges-hs. Closes tickets 16945 (tor) and 16946 (chutney). Patches by "teor".
    • Autodetect CHUTNEY_PATH if the chutney and Tor sources are side- by-side in the same parent directory. Closes ticket 16903. Patch by "teor".
    • Use environment variables rather than autoconf substitutions to send variables from the build system to the test scripts. This change should be easier to maintain, and cause 'make distcheck' to work better than before. Fixes bug 17148.
    • Add a new set of callgraph analysis scripts that use clang to produce a list of which Tor functions are reachable from which other Tor functions. We're planning to use these to help simplify our code structure by identifying illogical dependencies.
    • Add new 'test-full' and 'test-full-online' targets to run all tests, including integration tests with stem and chutney.
    • Make the test-workqueue test work on Windows by initializing the network before we begin.
    • New make target (make test-network-all) to run multiple applicable chutney test cases. Patch from Teor; closes 16953.
    • Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl() functions in dns.c. Implements a portion of ticket 16831.
    • When building Tor with testing coverage enabled, run Chutney tests (if any) using the 'tor-cov' coverage binary.
    • When running test-network or test-stem, check for the absence of stem/chutney before doing any build operations.

来自https://blog.torproject.org/blog/tor-0273-rc-releasedNfN免费翻墙网

来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

VeePN解除阻止网站 - 解除阻止代理应用程序
VeePN解除阻止网站 -
免费Ultrasurf VPN安卓版v1.1.5直接下载
免费Ultrasurf VPN安卓
TomVPN-免费高速一键连接翻墙科学上网VPN
TomVPN-免费高速一键连
Secure VPN – A high speed, ultra secure VPN
Secure VPN – A high
相关文章
栏目更新
栏目热门
墙外新闻
读者文摘

你可以访问真正的互联网了。You can access the real Internet.

管理员精中特别提醒:本网站域名、主机和管理员都在美国,且本网站内容仅为非中国大陆网友服务。禁止中国大陆网友浏览本站!若中国大陆网友因错误操作打开本站网页,请立即关闭!中国大陆网友浏览本网站存在法律风险,恳请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题、安全问题和其他所有问题,本站均无法负责也概不负责。

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所发的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对提供的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

S. Grand Ave.,Suite 3910,Los Angeles,CA 90071

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。