[tor] [tor-announce] Tor 0.2.9.9 is released
Patrick O'Doherty
p at trickod.com
Sun Jan 29 19:51:00 UTC 2017
Update: exit-01 is back online.
I suspect that the issue here is the post-install hooks for the debian
package.
Specifically it appears that the hooks successfully stop the 4x tor
instances that we have, but only restarts a single instance with a
different configuration outside of the 4 that we have configured. This
one tor instance interferes with our custom /etc/init.d/tor script such
that it appears to no-op the "start" function, detecting the existing
tor process and doing nothing.
The solution is to kill the unwanted single tor instance created by the
hook, and then the /etc/init.d/tor script starts the 4 correctly
configured instances.
Another reminder to myself that migrating to ansible-relayor would make
this an easier upgrade process.
cheers,
p
Patrick O'Doherty:
> I attempted to update this last night but while the package was updated
> I don't think I successfully restarted the 4x tor instances due to our
> non-standard /etc/init.d/tor script.
>
> Making a note to commit what we have into a git repo and see how it
> might be updated. Alternatively migrating our node to be managed by an
> ansible-relayor[0] ansible playbook might be nice and make future
> expansion that much easier to manage.
>
> [0] - https://github.com/nusenu/ansible-relayor
>
> Roger Dingledine:
>> (If you are about to reply saying "please take me off
>> this list", instead please follow these instructions:
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
>> You will have to enter the actual email address you used to subscribe.)
>>
>> Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
>> cause relays and clients to crash, even if they were not built with
>> the --enable-expensive-hardening option. This bug affects all 0.2.9.x
>> versions, and also affects 0.3.0.1-alpha: all relays running an affected
>> version should upgrade.
>>
>> This release also resolves a client-side onion service reachability bug,
>> and resolves a pair of small portability issues.
>>
>> You can download the source code from https://dist.torproject.org/
>> but most users should wait for the upcoming Tor Browser release, or
>> for their upcoming system package updates.
>>
>> Changes in version 0.2.9.9 - 2017-01-23
>> o Major bugfixes (security):
>> - Downgrade the "-ftrapv" option from "always on" to "only on when
>> --enable-expensive-hardening is provided." This hardening option,
>> like others, can turn survivable bugs into crashes -- and having
>> it on by default made a (relatively harmless) integer overflow bug
>> into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
>> bugfix on 0.2.9.1-alpha.
>>
>> o Major bugfixes (client, onion service):
>> - Fix a client-side onion service reachability bug, where multiple
>> socks requests to an onion service (or a single slow request)
>> could cause us to mistakenly mark some of the service's
>> introduction points as failed, and we cache that failure so
>> eventually we run out and can't reach the service. Also resolves a
>> mysterious "Remote server sent bogus reason code 65021" log
>> warning. The bug was introduced in ticket 17218, where we tried to
>> remember the circuit end reason as a uint16_t, which mangled
>> negative values. Partially fixes bug 21056 and fixes bug 20307;
>> bugfix on 0.2.8.1-alpha.
>>
>> o Minor features (geoip):
>> - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
>> Country database.
>>
>> o Minor bugfixes (portability):
>> - Avoid crashing when Tor is built using headers that contain
>> CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
>> without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
>> on 0.2.9.1-alpha.
>> - Fix Libevent detection on platforms without Libevent 1 headers
>> installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
>>
>>
>>
>> _______________________________________________
>> tor-announce mailing list
>> tor-announce at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/tor/attachments/20170129/4db4de93/attachment-0003.sig>
More information about the tor
mailing list