• Posted: 2014-11-30
  • Author: zzz
  • Posted in release

0.9.17 is primarily a bugfix release, but it also continues our migration to stronger cryptographic signatures.

We have moved the news feed system used for the news on your console and the latest router version indication to a signed format using RSA 4096-bit keys for enhanced security.

New eepsites and servers will be ECDSA-signed by default, if ECDSA is available. There is now a warning in the console sidebar if ECDSA is not available. For RedHat users, we have reports of successful installs of the BouncyCastle Provider (bcprov) jar to add ECDSA support.

We've fixed several serious bugs, including an SSU packet corruption problem, and a SAM bug affecting i2p-messenger and other SAM applications. There are several fixes for the preliminary ECDSA router signatures added in the last release but not yet enabled.

Many of us will be attending 31C3 in Hamburg in December. Stop by our table and say hi!

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

RELEASE DETAILS

Changes

  • Signed news
  • ECDSA default for new server tunnels
  • Reseeding now SSL-only by default

Bug Fixes

  • Fix SSU sending corrupt ack-only packets with partial bitfields
  • Fix SSU inbound connection fail from non-DSA router
  • Don't select incompatible peers if we are a non-DSA router
  • Fix EdDSA signature verification bug
  • Set I2NP lookup type flags in all cases, not just when a reply tunnel is used
  • Stop i2ptunnel server acceptor thread after close
  • Fix bug preventing some plugins from stopping completely
  • Fix SAM v3 bug causing failures in incoming connections

Other

  • Add a warning in the console sidebar if ECDSA not supported
  • Log warnings for Java 6 that we will eventually require Java 7
  • Don't let proxied routers auto-floodfill
  • Don't resend SSU acks that are too old
  • Don't publish direct info in SSU address if introducers are required
  • New default opentrackers in i2psnark
  • Add support for specifiying data directory per-torrent in i2psnark
  • Changes in streaming accept() error behavior
  • Minor blockfile format changes
  • New option for persistent random key to preserve peer ordering across restarts
  • Translation updates
  • Update GeoIP data (new installs and PPA only)

SHA256 Checksums:

8aad5b33a4c9184360f4704ae996b096ad9ec8f5d15741ce827fcdcc0014ae94  i2pinstall_0.9.17_windows.exe
4268533d975138118bdd2d5de673e942e7a50e1ff0b3a4de4cb016779af275bd  i2pinstall_0.9.17.jar
6ad5ba79eb3e9b7434ecc4e739d691ca9e012e9cd9bb20d39c780d44b64d37db  i2psource_0.9.17.tar.bz2
34265f12b71d037449c9f7a16a3abae46e3182e4bff325133e311945d1a5eeaf  i2pupdate_0.9.17.zip
0487238533a8bfa39f04e5d30c6e29791866a9ef52824b7bd74afe6ff9598102  i2pupdate.su2
1a623dbd4077dbb39928066f9a2b000145d62eee5dda5d07d345d28515fcd24f  i2pupdate.su3
0fa6d2e386a65ca3d400f1a3c6930800cca7744f1fad392b9f72e7b24714cec4  i2pupdate.sud