[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor
teor
teor2345 at gmail.com
Wed Dec 13 20:12:50 EST 2017
> On 14 Dec 2017, at 10:39, George Rosamond <george at ceetonetechnology.com> wrote:
>
> teor:
>>
>> On 14 Dec 2017, at 08:22, Daniel Jakots <vigdis+tor at chown.me> wrote:
>>
>>>> We usually don't remove relays from the network unless they are
>>>> actively causing severe issues for clients. The last time we did this
>>>> for a particular tor version was back in 0.2.9 due to a bad directory
>>>> cache bug.
>>>>
>>>> As far as I know, there are no plans to remove older relays from the
>>>> network.
>>>>
>>>> Instead, we will mark them as "not recommended" in Relay Search,
>>>> and the relays themselves will warn about their old version in their
>>>> logs.
>>>
>>> So what does the "not recommended" mark? Just a hint that you should
>>> update?
>>
>> Yes, just a hint to update.
>>
>> We also declare major version series unsupported.
>> (Like 0.2.7 earlier this year, or 0.2.8 and 0.3.0 in January.)
>> Then they stop receiving security patches.
>
> AFAIK, it was just a "Tor out of date" type message out of syslog.
>
> I manually updated the port to 0.3.1.9 for two nodes on OpenBSD -stable,
> and was going to do a diff.
>
> But as these are both small embedded boxes and I have dedicated
> ${TORDATADIR} partitions on each, Tor jumped in disk usage and bombed
> out both bridges.
This is the consensus diffs feature: it stores diffs on disk to reduce
client bandwidth requirements. We didn't communicate this as well as we
could have.
> On that note, what is the maximum Tor data dir everyone is seeing,
> regardless of OS? I have up to 222M on one relay that's on 0.3.1.9.
We're working on a CacheDir option which will be useful here, because it
splits cache files and key/state files.
The cache files can be a few hundred megabytes, and can safely be
deleted. (You should probably do this when Tor isn't running.)
The key/state files should be only a few megabytes.
> Thanks for jumping on it DJ. Backporting *really* matters for the Tor
> stuff.
+1
T
--
Tim / teor
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20171214/5391f952/attachment-0001.bin>
More information about the Tor-BSD
mailing list