[Tor-BSD] New: DNS hijacking Old: Re: NYCBUG1 earns a T-shirt!

nanotek nanotek at bsdbox.co
Thu Dec 12 11:07:33 EST 2013


On 13/12/2013 3:02 AM, George Rosamond wrote:
> offlist again ;)
>
> reply below..
>
> nanotek:
>> On 13/12/2013 2:52 AM, George Rosamond wrote:
>>> Kyle Isom:
>>>> On 12/12/13 01:15, nanotek wrote:
>>>>> I'm hesitant to upgrade now, though, as the relay is up and running
>>>>> without a problem.
>>>>>
>>>> This is a case where you *really* do want to upgrade. There were several
>>>> major things fixed in the latest version; the latest version that was
>>>> released last night is largely the same as devel version in the repo.
>>>
>>> He is actually running the latest Tor in FreeBSD ports... just not
>>> tor-devel.
>>>
>>> But the Tor tarballs are now at 0.2.4.19 for stable and 0.2.5.1 for
>>> alpha/devel.
>>>
>>> Both ports should be updated soon... but OTOH, I do recommend running
>>> tor-devel out of FreeBSD ports.  It's in alpha/devel that the itches
>>> seem to be scratched first, and for years, I've never had an issue
>>> running that branch.
>>>
>>> But quick primer on installing a newer Tor before the FreeBSD ports are
>>> updated.
>>>
>>> 1.  Download the "Source Tarball" from the extended downloads list from
>>> the Tor www site and dump into /usr/ports/distfiles
>>>
>>> 2.  Edit the appropriate Makefile for the new version on the
>>> DISTVERSION= line.
>>>
>>> 3.  from the port directory, run: make makesum
>>>
>>> 4.  Deinstall and reinstall with new version.  Seems that when you
>>> uninstall it now, the daemon actually stops and needs to be manually
>>> restarted after it's been reinstalled.
>>>
>>> g
>>> _______________________________________________
>>> A list focused on porting and running Tor software on *BSD Unix
>>> Tor-BSD mailing list
>>> Tor-BSD at nycbug.org
>>> http://www.nycbug.org/mailman/listinfo/tor-bsd
>>>
>>
>> Thanks, George. I appreciate the advice. Out of interest, am I posing a
>> security risk to others by running the version I currently am? I don't
>> run Tor as a client on my server at all. Only on Win7 where I have the
>> latest release; so, I'm assuming I'm as protected as the current version
>> of Tor affords. But, I do care about the level of security I'm providing
>> my relay users.
>>
>
> I don't think there's a specific vulnerability with that version, and it
> is the most recent version at this second in FreeBSD ports, but since
> anonymity online is such a psychotic arms race, it's a good idea to keep
> as current as possible.
>
> g
>

True. In light of Eitan's email, I think I'll give it a week to see if 
the maintainer updates the latest release in /tor-devel. If not, I'll 
update myself from the source tarball. I'm relatively new to FreeBSD and 
don't want to make things harder than they need to be. Although, your 
instructions are very precise -- it would be hard to mess up.

-- 
nanotek at bsdbox.co



More information about the Tor-BSD mailing list