Jérôme Charaoui authored 3 years ago and David Goulet committed 3 years ago

This removes the '/blog/' URL component which relies on a 
redirection since the blog has been migrated to Lektor

From LibreSSL versions 3.2.1 through 3.4.0, our configure script
would conclude that TLSv1.3 as supported, but it actually wasn't.
This led to annoying breakage like #40128 and #40445.

Now we give an error message if we try to build with one of those
versions.

Closes #40511.

Previously the logic was reversed, and always gave the wrong answer.
This has no other effect than to change whether we suppress
deprecated API warnings.

Fixes #40429; bugfix on 0.3.5.13.

Signed-off-by: David Goulet <dgoulet@torproject.org>

This also moves the warnings and add some theatrical effect around the
code so anyone modifying those list should notice the warnings signs and
read the comment accordingly.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.

Signed-off-by: David Goulet <dgoulet@torproject.org>

See: tpo/core/tor#40505

While trying to resolve our CI issues, the Windows build broke with an
unused function error:

   src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
   defined but not used [-Werror=unused-function]

We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.

This is an unreviewed commit.

See: tor#40275

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Alexander Hansen Færøy authored 4 years ago and David Goulet committed 3 years ago

Closes #26299

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Closes #40493

Signed-off-by: David Goulet <dgoulet@torproject.org>

This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477

This patch unbreaks the current build after tor!369 landed.

See: https://bugs.torproject.org/tpo/core/tor/40371

Now that we don't have version 2, it gives us:

  [warn] HiddenServiceVersion must be between 3 and 3, not 2.

This commit changes it to:

  [warn] HiddenServiceVersion must be 3, not 2.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Closes #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Some tests were removed because they were testing something not usable
anymore.

Some tests remains to make sure that things are indeed disabled.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Relay do not accept both stores and lookups of version 2 descriptor.
This effectively disable version 2 HSDir supports for relays.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

Upon receiving a v2 introduction request, the relay will close the
circuit and send back a tor protocol error.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

The minimum service version is raised from 2 to 3 which effectively
disable loading or creating an onion service v2.

As for ADD_ONION, for version 2, a 551 error is returned:

  "551 Failed to add Onion Service"

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>

We currently assume that the only way for Tor to listen on ports in the
privileged port range (1 to 1023), on Linux, is if we are granted the
NET_BIND_SERVICE capability. Today on Linux, it's possible to specify
the beginning of the unprivileged port range using a sysctl
configuration option. Docker (and thus the CI service Tor uses) recently
changed this sysctl value to 0, which causes our tests to fail as they
assume that we should NOT be able to bind to a privileged port *without*
the NET_BIND_SERVICE capability.

In this patch, we read the value of the sysctl value via the /proc/sys/
filesystem iff it's present, otherwise we assume the default
unprivileged port range begins at port 1024.

See: tor#40275

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>