Tor merge requestshttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests2022-01-18T18:19:55Zhttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/510main: Update a dead URL in a log notice2022-01-18T18:19:55ZDavid Gouletdgoulet@torproject.orgmain: Update a dead URL in a log noticeChange https://www.torproject.org/download/download#warning to
https://support.torproject.org/faq/staying-anonymous/
Closes #40544
Signed-off-by: David Goulet <dgoulet@torproject.org>Change https://www.torproject.org/download/download#warning to
https://support.torproject.org/faq/staying-anonymous/
Closes #40544
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/509relay: Don't advertise HSv2 protocol version2022-01-18T18:19:53ZDavid Gouletdgoulet@torproject.orgrelay: Don't advertise HSv2 protocol versionWe removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.3.5.17,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>We removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.3.5.17,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/511Update new relay blogpost URL2022-01-18T18:19:51ZDavid Gouletdgoulet@torproject.orgUpdate new relay blogpost URLThis removes the '/blog/' URL component which relies on a
redirection since the blog has been migrated to LektorThis removes the '/blog/' URL component which relies on a
redirection since the blog has been migrated to LektorTor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/508Update new relay blogpost URL2022-01-18T17:57:51ZJérôme Charaouilavamind@torproject.orgUpdate new relay blogpost URLThis removes the '/blog/' URL component which relies on a
redirection since the blog has been migrated to Lektor.This removes the '/blog/' URL component which relies on a
redirection since the blog has been migrated to Lektor.Tor: 0.4.7.x-stableJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/484Add scary warnings about changing the protover list.2021-11-05T15:01:51ZDavid Gouletdgoulet@torproject.orgAdd scary warnings about changing the protover list.Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.Doing this in the wrong way has potential to cause serious havoc on
the network, so let's make it harder for future programmers to mess
it up.Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/482relay: Don't advertise HSv2 protocol version2021-11-05T14:19:42ZDavid Gouletdgoulet@torproject.orgrelay: Don't advertise HSv2 protocol versionWe removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.4.5.12,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>We removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.4.5.12,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.5.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/481relay: Don't advertise HSv2 protocol version2021-11-05T14:19:35ZDavid Gouletdgoulet@torproject.orgrelay: Don't advertise HSv2 protocol versionWe removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.3.5.17,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>We removed HSIntro=3 and HSDir=1 that are v2 specific. Since 0.3.5.17,
we do not support introducing or being a directory for onion service v2.
Closes #40509
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/477Draft: relay: Don't allow DirPort on non-IPv42021-11-03T13:55:19ZDavid Gouletdgoulet@torproject.orgDraft: relay: Don't allow DirPort on non-IPv4Our code doesn't allow it and so this prevents an assert() crash if the
DirPort is for instance IPv6 only.
Fixes #40494
Signed-off-by: David Goulet <dgoulet@torproject.org>Our code doesn't allow it and so this prevents an assert() crash if the
DirPort is for instance IPv6 only.
Fixes #40494
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.5.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/478man: Missing OverloadStatistics option in tor.12021-11-02T15:28:28ZDavid Gouletdgoulet@torproject.orgman: Missing OverloadStatistics option in tor.1Closes #40504
Signed-off-by: David Goulet <dgoulet@torproject.org>Closes #40504
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.6.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/475Fix Windows build for 0.3.52021-10-29T16:57:06ZAlexander Færøyahf@torproject.orgFix Windows build for 0.3.5This is a 0.3.5 backport of tor#40275.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:
src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
defined but not used [-We...This is a 0.3.5 backport of tor#40275.
While trying to resolve our CI issues, the Windows build broke with an
unused function error:
src/test/test_switch_id.c:37:1: error: ‘unprivileged_port_range_start’
defined but not used [-Werror=unused-function]
We solve this by moving the `#if !defined(_WIN32)` test above the
`unprivileged_port_range_start()` function defintion such that it is
included in its body.
This is an unreviewed commit.
See: tor#40275https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/393Upgrade and rate-limit compression failure message.2021-10-28T14:40:13ZNick MathewsonUpgrade and rate-limit compression failure message.Without this message getting logged at 'WARN', it's hard to
contextualize the messages we get about compression bombs, so this
message should fix #40175.
I'm rate-limiting this, however, since it _could_ get spammy if
somebody on the ne...Without this message getting logged at 'WARN', it's hard to
contextualize the messages we get about compression bombs, so this
message should fix #40175.
I'm rate-limiting this, however, since it _could_ get spammy if
somebody on the network starts acting up. (Right now it should be
very quiet; I've asked Sebastian to check it, and he says that he
doesn't hit this message in practice.)
Closes #40175.
We should test this out in 0.4.6 first before we backport all the way to 0.4.5.Tor: 0.4.5.x-post-stablehttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/400Fix compilation on systems with older compilers.2021-10-28T14:40:12ZAlexander Færøyahf@torproject.orgFix compilation on systems with older compilers.This patch fixes a build error with GCC 7.x which doesn't seem to accept
const int's as constants in macro initialization.
See: tpo/core/tor#40410
This MR replaces !398This patch fixes a build error with GCC 7.x which doesn't seem to accept
const int's as constants in macro initialization.
See: tpo/core/tor#40410
This MR replaces !398Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/467fallbackdir: Regenerate the list for October 20212021-10-21T14:03:38ZDavid Gouletdgoulet@torproject.orgfallbackdir: Regenerate the list for October 2021Closes #40493
Signed-off-by: David Goulet <dgoulet@torproject.org>Closes #40493
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/338Add a MinTimeToReportBandwidth option; make it 0 for testing networks.2021-10-21T12:37:07ZNick MathewsonAdd a MinTimeToReportBandwidth option; make it 0 for testing networks.This option changes the time for which a bandwidth measurement period
must have been in progress before we include it when reporting our
observed bandwidth in our descriptors. Without this option, we only
consider a time period towards ...This option changes the time for which a bandwidth measurement period
must have been in progress before we include it when reporting our
observed bandwidth in our descriptors. Without this option, we only
consider a time period towards our maximum if it has been running
for a full day. Obviously, that's unacceptable for testing
networks, where we'd like to get results as soon as possible.
For non-testing networks, I've put a (somewhat arbitrary) 2-hour
minimum on the option, since there are traffic analysis concerns
with immediate reporting here.
Closes #40337.https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/369Stop calling evdns_set_random_bytes_fn()2021-10-20T17:37:18ZNick MathewsonStop calling evdns_set_random_bytes_fn()This function has been a no-op since Libevent 2.0.4-alpha, when
libevent got an arc4random() implementation. Libevent has finally
removed it, which will break our compilation unless we stop calling
it. (This is currently breaking compi...This function has been a no-op since Libevent 2.0.4-alpha, when
libevent got an arc4random() implementation. Libevent has finally
removed it, which will break our compilation unless we stop calling
it. (This is currently breaking compilation in OSS-fuzz.)
Closes #40371.Alexander Færøyahf@torproject.orgAlexander Færøyahf@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/463Draft: relay: Overload state on DNS timeout is now X% over Y secs2021-10-20T13:19:19ZDavid Gouletdgoulet@torproject.orgDraft: relay: Overload state on DNS timeout is now X% over Y secsWith this commit, we will only report a general overload state if we've
seen more than X% of DNS timeout errors over Y seconds. Previous
behavior was to report when a single timeout occured which is really too
small of a threshold.
The ...With this commit, we will only report a general overload state if we've
seen more than X% of DNS timeout errors over Y seconds. Previous
behavior was to report when a single timeout occured which is really too
small of a threshold.
The value X is a consensus parameters called
"overload_dns_timeout_scale_percent" which is a scaled percentage
(factor of 1000) so we can represent decimal points for X like 0.5% for
instance. Its default is 1000 which ends up being 1%.
The value Y is a consensus parameters called
"overload_dns_timeout_period_secs" which is the time period for which
will gather DNS errors and once over, we assess if that X% has been
reached ultimately triggering a general overload signal.
Closes #40491
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.6.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/462hs-v2: Disable SOCKS connection for v2 addresses2021-10-19T15:03:17ZDavid Gouletdgoulet@torproject.orghs-v2: Disable SOCKS connection for v2 addressesThis effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.6.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/461hs-v2: Disable SOCKS connection for v2 addresses2021-10-19T15:03:15ZDavid Gouletdgoulet@torproject.orghs-v2: Disable SOCKS connection for v2 addressesThis effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.4.5.x-post-stableDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/445hs-v2: Disable SOCKS connection for v2 addresses2021-10-19T15:03:13ZDavid Gouletdgoulet@torproject.orghs-v2: Disable SOCKS connection for v2 addressesThis effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>Tor: 0.3.5.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/merge_requests/392Prefer mmap()ed consensus files over cached_dir_t entries.2021-10-06T19:45:38ZNick MathewsonPrefer mmap()ed consensus files over cached_dir_t entries.Cached_dir_t is a somewhat "legacy" kind of storage when used for
consensus documents, and it appears that there are cases when
changing our settings causes us to stop updating those entries.
This can cause trouble, as @arma found out i...Cached_dir_t is a somewhat "legacy" kind of storage when used for
consensus documents, and it appears that there are cases when
changing our settings causes us to stop updating those entries.
This can cause trouble, as @arma found out in #40375, where he
changed his settings around, and consensus diff application got
messed up: consensus diffs were being _requested_ based on the
latest consensus, but were being (incorrectly) applied to a
consensus that was no longer the latest one.
This patch is a minimal fix for backporting purposes: it has Tor do
the same search when applying consensus diffs as we use to request
them. This should be sufficient for correct behavior.
There's a similar case in GETINFO handling; I've fixed that too.
Fixes #40375; bugfix on 0.3.1.1-alpha.
----
This bug is a bit rare, so let's try it out on main or 0.4.6 before we think about backporting it all the way to 0.4.5.Tor: 0.4.5.x-post-stable