From 0ab4b903f4e8bc4a134a2487729f8f94dcad6b65 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko <adam.ierymenko@zerotier.com> Date: Tue, 6 Oct 2020 18:09:51 -0400 Subject: [PATCH] Cert and codesign tweaks, release notes. --- RELEASE-NOTES.md | 17 +++++++++++++++++ make-mac.mk | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 2f3777b42..bf5b9614f 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,6 +1,23 @@ ZeroTier Release Notes ====== +# 2020-10-05 -- Version 1.6.0-beta1 + +Version 1.6.0 is a significant release that incorporates a number of back-ported fixes and features from the ZeroTier 2.0 tree. + +Major new features are: + + * **Multipath support** with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual. + * **DNS configuration** push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed. + * **AES-GMAC-SIV** encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise. + +Known issues that are not yet fixed: + + * Some Mac users have reported periods of 100% CPU in kernel_task and connection instability after leaving networks that have been joined for a period of time, or needing to kill ZeroTier and restart it to finish leaving a network. This doesn't appear to affect all users and we haven't diagnosed the root cause yet. + * The service sometimes hangs on shutdown requiring a kill -9. This also does not affect all systems or users. + * AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions. + * Some users have reported multicast/broadcast outages on networks lasting up to 30 seconds. Still investigating. + # 2019-08-30 -- Version 1.4.6 * Update default root list to latest diff --git a/make-mac.mk b/make-mac.mk index 42deaed86..279af3071 100644 --- a/make-mac.mk +++ b/make-mac.mk @@ -40,7 +40,7 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1) ZT_USE_MINIUPNPC=1 CODESIGN=codesign PRODUCTSIGN=productsign - CODESIGN_APP_CERT="Apple Distribution: ZeroTier, Inc (8ZD9JUCZ4V)" + CODESIGN_APP_CERT="Developer ID Application: ZeroTier, Inc (8ZD9JUCZ4V)" CODESIGN_INSTALLER_CERT="Developer ID Installer: ZeroTier, Inc (8ZD9JUCZ4V)" NOTARIZE=xcrun altool NOTARIZE_USER_ID="adam.ierymenko@gmail.com" @@ -105,7 +105,7 @@ one: $(CORE_OBJS) $(ONE_OBJS) one.o mac-agent # $(STRIP) zerotier-one ln -sf zerotier-one zerotier-idtool ln -sf zerotier-one zerotier-cli - $(CODESIGN) -f -s $(CODESIGN_APP_CERT) zerotier-one + $(CODESIGN) -f --options=runtime -s $(CODESIGN_APP_CERT) zerotier-one zerotier-one: one