[tor] [tor-announce] Tor 0.2.9.9 is released
Patrick O'Doherty
p at trickod.com
Tue Jan 24 21:55:00 UTC 2017
I attempted to update this last night but while the package was updated
I don't think I successfully restarted the 4x tor instances due to our
non-standard /etc/init.d/tor script.
Making a note to commit what we have into a git repo and see how it
might be updated. Alternatively migrating our node to be managed by an
ansible-relayor[0] ansible playbook might be nice and make future
expansion that much easier to manage.
[0] - https://github.com/nusenu/ansible-relayor
Roger Dingledine:
> (If you are about to reply saying "please take me off
> this list", instead please follow these instructions:
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
> You will have to enter the actual email address you used to subscribe.)
>
> Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
> cause relays and clients to crash, even if they were not built with
> the --enable-expensive-hardening option. This bug affects all 0.2.9.x
> versions, and also affects 0.3.0.1-alpha: all relays running an affected
> version should upgrade.
>
> This release also resolves a client-side onion service reachability bug,
> and resolves a pair of small portability issues.
>
> You can download the source code from https://dist.torproject.org/
> but most users should wait for the upcoming Tor Browser release, or
> for their upcoming system package updates.
>
> Changes in version 0.2.9.9 - 2017-01-23
> o Major bugfixes (security):
> - Downgrade the "-ftrapv" option from "always on" to "only on when
> --enable-expensive-hardening is provided." This hardening option,
> like others, can turn survivable bugs into crashes -- and having
> it on by default made a (relatively harmless) integer overflow bug
> into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
> bugfix on 0.2.9.1-alpha.
>
> o Major bugfixes (client, onion service):
> - Fix a client-side onion service reachability bug, where multiple
> socks requests to an onion service (or a single slow request)
> could cause us to mistakenly mark some of the service's
> introduction points as failed, and we cache that failure so
> eventually we run out and can't reach the service. Also resolves a
> mysterious "Remote server sent bogus reason code 65021" log
> warning. The bug was introduced in ticket 17218, where we tried to
> remember the circuit end reason as a uint16_t, which mangled
> negative values. Partially fixes bug 21056 and fixes bug 20307;
> bugfix on 0.2.8.1-alpha.
>
> o Minor features (geoip):
> - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
> Country database.
>
> o Minor bugfixes (portability):
> - Avoid crashing when Tor is built using headers that contain
> CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
> without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
> on 0.2.9.1-alpha.
> - Fix Libevent detection on platforms without Libevent 1 headers
> installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
>
>
>
> _______________________________________________
> tor-announce mailing list
> tor-announce at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://www.noisebridge.net/pipermail/tor/attachments/20170124/aa5682e9/attachment-0002.sig>
More information about the tor
mailing list