[Tor-BSD] OpenBSD testers neededFw: fix security issue in -stable for net/tor

teor teor2345 at gmail.com
Wed Dec 13 20:12:50 EST 2017

> On 14 Dec 2017, at 10:39, George Rosamond <george at ceetonetechnology.com> wrote:
> teor:
>> On 14 Dec 2017, at 08:22, Daniel Jakots <vigdis+tor at chown.me> wrote:
>>>> We usually don't remove relays from the network unless they are
>>>> actively causing severe issues for clients. The last time we did this
>>>> for a particular tor version was back in 0.2.9 due to a bad directory
>>>> cache bug.
>>>> As far as I know, there are no plans to remove older relays from the
>>>> network.
>>>> Instead, we will mark them as "not recommended" in Relay Search,
>>>> and the relays themselves will warn about their old version in their
>>>> logs.
>>> So what does the "not recommended" mark? Just a hint that you should
>>> update?
>> Yes, just a hint to update.
>> We also declare major version series unsupported.
>> (Like 0.2.7 earlier this year, or 0.2.8 and 0.3.0 in January.)
>> Then they stop receiving security patches.
> AFAIK, it was just a "Tor out of date" type message out of syslog.
> I manually updated the port to for two nodes on OpenBSD -stable,
> and was going to do a diff.
> But as these are both small embedded boxes and I have dedicated
> ${TORDATADIR} partitions on each, Tor jumped in disk usage and bombed
> out both bridges.

This is the consensus diffs feature: it stores diffs on disk to reduce
client bandwidth requirements. We didn't communicate this as well as we
could have.

> On that note, what is the maximum Tor data dir everyone is seeing,
> regardless of OS?  I have up to 222M on one relay that's on

We're working on a CacheDir option which will be useful here, because it
splits cache files and key/state files.

The cache files can be a few hundred megabytes, and can safely be
deleted. (You should probably do this when Tor isn't running.)

The key/state files should be only a few megabytes.

> Thanks for jumping on it DJ.  Backporting *really* matters for the Tor
> stuff.



Tim / teor

PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20171214/5391f952/attachment-0001.bin>

More information about the Tor-BSD mailing list