From nurupo at tox.chat Fri Nov 9 04:58:37 2018 From: nurupo at tox.chat (nurupo) Date: Thu, 08 Nov 2018 23:58:37 -0500 Subject: [Bootstrap] Memory leak bug resulting in DoS discovered, update to toxcore v0.2.8 that has it fixed In-Reply-To: <35337d2edb69f743f81cb5741de25d69@mail.tox.chat> References: <35337d2edb69f743f81cb5741de25d69@mail.tox.chat> Message-ID: <6cb217f536ce9372c00743c2530b060c@mail.tox.chat> Hi, As per the notice given in the previous email, nodes that weren't updated to use TokTok toxcore v0.2.8 have been removed. We have kept the tox-rs nodes (nodes with the version number starting with 3), as they are not subject to the memory leak bug. Since we were at it, nodes that have been offline for over 30 days have been removed too. Here is a list of nodes that were removed due to using a potentially DoSable version of tox-bootstrapd: Manolis 461FA3776EF0FA655F1A05477DF1B3B614F7D6B124F7DB1DD4FE3C08B03B640F 2016010100 Busindre A179B09749AC826FF01F37A9613F6B57118AE014D4196A0E1105A98F93A54702 2016010100 Busindre 1D5A5F2F5D6233058BF0259B09622FB40B482E4FA0931EB8FD3AB8E7BF7DAF6F 2014101200 pucetox 7AED21F94D82B05774F697B209628CD5A9AD17E0C073D9329076A4C28ED28147 2016010100 ru_maniac 0FB96EEBFB1650DDB52E70CF773DDFCABE25A95CC3BB50FC251082E4B63EF82A 2016010100 Skey B71E91E2F5029B0A84D3B1136319CDD3D1DB6D3702B6CEFA66A4BEB25A635916 2016010100 t3mp 5625A62618CB4FCA70E147A71B29695F38CC65FF0CBD68AD46254585BE564802 2016010100 CeBe 6EE1FADE9F55CC7938234CC07C864081FC606D8FE7B751EDA217F268F1078A39 2016010100 Amin 5A59705F86B9FC0671FDF72ED9BB5E55015FF20B349985543DDD4B0656CA1C63 2016010100 clearmartin CD133B521159541FB1D326DE9850F5E56A6C724B5B8E5EB5CD8D950408E95707 2014101200 Here is a list of nodes that were removed due to being offline for too long (over 30 days): Yani E59A0E71ADA20D35BD1B0957059D7EF7E7792B3D680AE25C6F4DBBA09114D165 0 years, 1 months, 15 days, 8 hours, 57 minutes and 47 seconds linxon B38255EE4B054924F6D79A5E6E5889EC94B6ADF6FE9906F97A3D01E3D083223A 0 years, 1 months, 15 days, 10 hours, 29 minutes and 45 seconds er0p FB6A7FFE8F144B3ACBD00B7C644AFA14F8764DFADE6DA5691965C7F45A604450 0 years, 3 months, 10 days, 15 hours, 26 minutes and 2 seconds Phsm 20965721D32CE50C3E837DD75B33908B33037E6225110BFF209277AEAF3F9639 0 years, 3 months, 15 days, 0 hours, 46 minutes and 2 seconds isotoxin 5823FB947FF24CF83DDFAC3F3BAA18F96EA2018B16CC08429CB97FA502F40C23 0 years, 4 months, 21 days, 4 hours, 58 minutes and 25 seconds Feel free to request your node to be added back if you have updated it and brought it back online. --- Regards, nurupo On 2018-10-08 13:46, nurupo via Bootstrap wrote: > Hi, > > A bug was discovered in TokTok toxcore and irungentoo toxcore that can > be used to take down bootstrap nodes. > You can read more about it in the blog post > https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ > > Please update your nodes to TokTok toxcore v0.2.8, which has that bug > fixed. > > Any node that is not updated to use TokTok toxcore v0.2.8 will be > removed from the bootstrap node list on November 8th, 2018 -- a month > from now. > > You need to update to TokTok toxcore v0.2.8 even if you use irungentoo > toxcore with the bug fixed, as there is no way to distinguish between > an updated and non-updated irungentoo toxcore node due to > tox-bootstrapd reporting the same version for both.