[tor] [tor-announce] Tor 0.2.9.9 is released

Patrick O'Doherty p at trickod.com
Sun Jan 29 19:51:00 UTC 2017 

Update: exit-01 is back online.

I suspect that the issue here is the post-install hooks for the debian
package.

Specifically it appears that the hooks successfully stop the 4x tor
instances that we have, but only restarts a single instance with a
different configuration outside of the 4 that we have configured. This
one tor instance interferes with our custom /etc/init.d/tor script such
that it appears to no-op the "start" function, detecting the existing
tor process and doing nothing.

The solution is to kill the unwanted single tor instance created by the
hook, and then the /etc/init.d/tor script starts the 4 correctly
configured instances.

Another reminder to myself that migrating to ansible-relayor would make
this an easier upgrade process.

cheers,

p

Patrick O'Doherty:
> I attempted to update this last night but while the package was updated
> I don't think I successfully restarted the 4x tor instances due to our
> non-standard /etc/init.d/tor script.
> 
> Making a note to commit what we have into a git repo and see how it
> might be updated. Alternatively migrating our node to be managed by an
> ansible-relayor[0] ansible playbook might be nice and make future
> expansion that much easier to manage.
> 
> [0] - https://github.com/nusenu/ansible-relayor
> 
> Roger Dingledine:
>> (If you are about to reply saying "please take me off
>> this list", instead please follow these instructions:
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
>> You will have to enter the actual email address you used to subscribe.)
>>
>> Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
>> cause relays and clients to crash, even if they were not built with
>> the --enable-expensive-hardening option. This bug affects all 0.2.9.x
>> versions, and also affects 0.3.0.1-alpha: all relays running an affected
>> version should upgrade.
>>
>> This release also resolves a client-side onion service reachability bug,
>> and resolves a pair of small portability issues.
>>
>> You can download the source code from https://dist.torproject.org/
>> but most users should wait for the upcoming Tor Browser release, or
>> for their upcoming system package updates.
>>
>> Changes in version 0.2.9.9 - 2017-01-23
>>   o Major bugfixes (security):
>>     - Downgrade the "-ftrapv" option from "always on" to "only on when
>>       --enable-expensive-hardening is provided." This hardening option,
>>       like others, can turn survivable bugs into crashes -- and having
>>       it on by default made a (relatively harmless) integer overflow bug
>>       into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
>>       bugfix on 0.2.9.1-alpha.
>>
>>   o Major bugfixes (client, onion service):
>>     - Fix a client-side onion service reachability bug, where multiple
>>       socks requests to an onion service (or a single slow request)
>>       could cause us to mistakenly mark some of the service's
>>       introduction points as failed, and we cache that failure so
>>       eventually we run out and can't reach the service. Also resolves a
>>       mysterious "Remote server sent bogus reason code 65021" log
>>       warning. The bug was introduced in ticket 17218, where we tried to
>>       remember the circuit end reason as a uint16_t, which mangled
>>       negative values. Partially fixes bug 21056 and fixes bug 20307;
>>       bugfix on 0.2.8.1-alpha.
>>
>>   o Minor features (geoip):
>>     - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
>>       Country database.
>>
>>   o Minor bugfixes (portability):
>>     - Avoid crashing when Tor is built using headers that contain
>>       CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
>>       without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
>>       on 0.2.9.1-alpha.
>>     - Fix Libevent detection on platforms without Libevent 1 headers
>>       installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
>>
>>
>>
>> _______________________________________________
>> tor-announce mailing list
>> tor-announce at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/tor/attachments/20170129/4db4de93/attachment-0003.sig>

More information about the tor mailing list