[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu, 9 Feb 2017 13:04:30 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 09 Feb 2017 13:04:44 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=GUhHV2jOBNr1tI7mQMpdN16ta3IvVe8F8oGt/SYzKko=; b=BplUJp6UkeCKnoZjaPEemnDbjagW1WgWucI0kForR6gnG7ougA8mk+yIrvn1GjK3A/ grB4bESC/PnUB7IEKCK3oY5dNV920aMX/8aUYJ89VDLmbIms3FT/3HepmOB3Cxhg2sov SPyHT7/MWh98ySfJIi4ujIryCfFfyLjpufsfnBFif80WHGx6vSySILCciGMZO0xwoxfT fXd8+HC3Wb4hFOyINjYctl0nfYQbgyOy2vkqAL1mYGm0dhxsEF5OtmvIxn6HvZ/Pzavw pWkj9930hCbC/8c0UEaeJVaGU0nEJL6uIEFD2HdwQ4UFgFGHPIj34VmiX5CGJT80Y3NA wosQ==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi, awesome relay operators!

About two weeks ago, we put out 0.2.9.9, to fix a significant problem
in our build process that led to an easy remote crash attack:

  o Major bugfixes (security):
    - Downgrade the "-ftrapv" option from "always on" to "only on when
      --enable-expensive-hardening is provided." This hardening option,
      like others, can turn survivable bugs into crashes -- and having
      it on by default made a (relatively harmless) integer overflow bug
      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
      bugfix on 0.2.9.1-alpha.


If you are on some earlier version of 0.2.9.x, it would be really
great if you could update your relay some time soon: I want to put out
a fix for the underlying bug here, but I'm hesitant to do so while
there are still 700 crashable relays on the network.

Also if you are on 0.3.0.1-alpha, you should upgrade to 0.3.0.2-alpha
or later, but there are only around 53 relays still on that version,
so I'm freaking out less about that.

best wishes and many thanks,
-- 
Nick
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9
  - From: nusenu
- Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Provider Suggestion, Scaleway -- Online SAS: not so good for diversity
Next by Author: Re: [tor-relays] Reaching out to webiron
Previous by thread: Re: [tor-relays] What does this log message mean ? : Starting with guard context "default"
Next by thread: Re: [tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running 0.2.9.9
Index(es):
- Author
- Thread