[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor

teor teor2345 at gmail.com
Wed Dec 13 16:09:04 EST 2017


Hi,

> On 14 Dec 2017, at 07:52, Daniel Jakots <vigdis+tor at chown.me> wrote:
> 
> Hey,
> 
> If you run a relay on OpenBSD -stable, can you test the patch attached
> please?
> 
> TIA,
> 
> Begin forwarded message:
> 
> Date: Wed, 13 Dec 2017 15:48:08 -0500
> From: Daniel Jakots <danj+obsd at chown.me>
> To: ports at openbsd.org
> Subject: fix security issue in -stable for net/tor
> 
> 
> Hi,
> 
> A bunch of security fixes were released on Dec 1st, -current was
> updated but not -stable
> https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html
> 
> Now Tor is going to remove the affected relays for the networks so
> updating is really mandatory :p

Where did you hear this?

We usually don't remove relays from the network unless they are
actively causing severe issues for clients. The last time we did this
for a particular tor version was back in 0.2.9 due to a bad directory
cache bug.

As far as I know, there are no plans to remove older relays from the
network.

Instead, we will mark them as "not recommended" in Relay Search,
and the relays themselves will warn about their old version in their
logs.

It's still important to update to protect users :-)

> Here's a diff to update the ports. Ports compiled tested only so tests
> report welcome.

Running "make check" runs Tor's test suite.
It's worth doing for a new version.

T


More information about the Tor-BSD mailing list