[tor-commits] [translation/gettor-website-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=gettor-website-contentspot
commit e112b27b4db2d9a998722afd9d3e0a5f243c2be6 Author: Translation commit bot Date: Mon Sep 13 21:45:28 2021 + https://gitweb.torproject.org/translation.git/commit/?h=gettor-website-contentspot --- contents+tk.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contents+tk.po b/contents+tk.po index 895298ca38..9f39d9014f 100644 --- a/contents+tk.po +++ b/contents+tk.po @@ -1,6 +1,7 @@ # # Translators: # erinm, 2021 +# Jahan Taganova , 2021 # msgid "" msgstr "" @@ -8,7 +9,7 @@ msgstr "" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-04-17 07:56+CET\n" "PO-Revision-Date: 2021-03-24 14:33+\n" -"Last-Translator: erinm, 2021\n" +"Last-Translator: Jahan Taganova , 2021\n" "Language-Team: Turkmen (https://www.transifex.com/otf/teams/1519/tk/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -96,7 +97,7 @@ msgstr "" #: (dynamic) msgid "Sign up" -msgstr "" +msgstr "Ãazyl" #: (dynamic) msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/gettor-website-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=gettor-website-contentspot
commit be5ebd4a51e9f49e400e01bc6c5af72aa1ae6186 Author: Translation commit bot Date: Mon Sep 13 21:15:23 2021 + https://gitweb.torproject.org/translation.git/commit/?h=gettor-website-contentspot --- contents+ky.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contents+ky.po b/contents+ky.po index 7155650f36..832768ba6f 100644 --- a/contents+ky.po +++ b/contents+ky.po @@ -1,6 +1,7 @@ # # Translators: # erinm, 2021 +# Chyngyz Monokbaev , 2021 # msgid "" msgstr "" @@ -8,7 +9,7 @@ msgstr "" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-04-17 07:56+CET\n" "PO-Revision-Date: 2021-03-24 14:33+\n" -"Last-Translator: erinm, 2021\n" +"Last-Translator: Chyngyz Monokbaev , 2021\n" "Language-Team: Kyrgyz (https://www.transifex.com/otf/teams/1519/ky/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -96,7 +97,7 @@ msgstr "" #: (dynamic) msgid "Sign up" -msgstr "" +msgstr "ÐаÑÑалÑÑ" #: (dynamic) msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.4.6' into release-0.4.6
commit fb7c8325973d704ca84546a04c24244e50d46b6f Merge: 7456f6d777 f728e09ebe Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.6' into release-0.4.6 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 0dbb2f53b933cb089ed18d72717bbf10938ffa76 Merge: da9ff3936d fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:34:44 2021 -0400 Merge branch 'maint-0.3.5' into maint-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.4.5' into maint-0.4.6
commit f728e09ebe611d6858e721eaa37637025bfbf259 Merge: 2be49cdbe5 0dbb2f53b9 Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.5' into maint-0.4.6 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 0dbb2f53b933cb089ed18d72717bbf10938ffa76 Merge: da9ff3936d fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:34:44 2021 -0400 Merge branch 'maint-0.3.5' into maint-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5
commit 0a02fd7445548b95081089ae5642e0ddee99f289 Merge: cb25f5b4eb 0dbb2f53b9 Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.5' into release-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5
commit bc106b9e168730efa406b209acc7625c9c2e0133 Merge: 2d54f2002a fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:25:23 2021 -0400 Merge branch 'maint-0.3.5' into release-0.3.5 .gitlab-ci.yml| 9 ++- src/test/test_switch_id.c | 60 --- 2 files changed, 65 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 0dbb2f53b933cb089ed18d72717bbf10938ffa76 Merge: da9ff3936d fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:34:44 2021 -0400 Merge branch 'maint-0.3.5' into maint-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Merge branch 'maint-0.4.5' into maint-0.4.6
commit f728e09ebe611d6858e721eaa37637025bfbf259 Merge: 2be49cdbe5 0dbb2f53b9 Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.5' into maint-0.4.6 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 0dbb2f53b933cb089ed18d72717bbf10938ffa76 Merge: da9ff3936d fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:34:44 2021 -0400 Merge branch 'maint-0.3.5' into maint-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'maint-0.4.6'
commit 7440a38846d78c2b9040f117fdc4b823cdee4a27 Merge: eac7bdce91 f728e09ebe Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.6' .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'maint-0.3.5' into maint-0.4.5
commit 0dbb2f53b933cb089ed18d72717bbf10938ffa76 Merge: da9ff3936d fcef8e3f75 Author: David Goulet Date: Mon Sep 13 13:34:44 2021 -0400 Merge branch 'maint-0.3.5' into maint-0.4.5 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'maint-0.4.5' into maint-0.4.6
commit f728e09ebe611d6858e721eaa37637025bfbf259 Merge: 2be49cdbe5 0dbb2f53b9 Author: David Goulet Date: Mon Sep 13 13:34:48 2021 -0400 Merge branch 'maint-0.4.5' into maint-0.4.6 .gitlab-ci.yml | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Force amd64 for CI builds.
commit 84d6f977e72aa71c19c65c9a8fa3ff922854510b Author: Alexander Færøy Date: Mon Sep 13 18:05:58 2021 +0200 Force amd64 for CI builds. --- .gitlab-ci.yml | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e9d03caf5..915f242f26 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: + tags: +- amd64 + # This template should be usable on any system that's based on apt. .apt-template: | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Only check for bindable ports if we are unsure if it will fail.
commit fcef8e3f75cf39ae7eb6195713d4855b4fc4d08c Author: Alexander Færøy Date: Thu Feb 4 23:11:11 2021 + Only check for bindable ports if we are unsure if it will fail. We currently assume that the only way for Tor to listen on ports in the privileged port range (1 to 1023), on Linux, is if we are granted the NET_BIND_SERVICE capability. Today on Linux, it's possible to specify the beginning of the unprivileged port range using a sysctl configuration option. Docker (and thus the CI service Tor uses) recently changed this sysctl value to 0, which causes our tests to fail as they assume that we should NOT be able to bind to a privileged port *without* the NET_BIND_SERVICE capability. In this patch, we read the value of the sysctl value via the /proc/sys/ filesystem iff it's present, otherwise we assume the default unprivileged port range begins at port 1024. See: tor#40275 --- src/test/test_switch_id.c | 60 --- 1 file changed, 57 insertions(+), 3 deletions(-) diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index baddf8d66e..91277e374f 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -31,7 +31,47 @@ static const struct { { NULL, 0 } }; +/* Returns the first port that we think we can bind to without special + * permissions. Usually this function returns 1024. */ +static uint16_t +unprivileged_port_range_start(void) +{ + uint16_t result = 1024; + +#if defined(__linux__) + char *content = NULL; + + content = read_file_to_str( + "/proc/sys/net/ipv4/ip_unprivileged_port_start", + 0, + NULL); + + if (content != NULL) { +int ok = 1; +uint16_t tmp_result; + +tmp_result = (uint16_t)tor_parse_long(content, 10, 0, 65535, , NULL); + +if (ok) { + result = tmp_result; +} else { + fprintf(stderr, + "Unable to convert ip_unprivileged_port_start to integer: %s\n", + content); +} + } + + tor_free(content); +#endif /* defined(__linux__) */ + + return result; +} + #if !defined(_WIN32) + +#define PORT_TEST_RANGE_START 600 +#define PORT_TEST_RANGE_END 1024 + /* 0 on no, 1 on yes, -1 on failure. */ static int check_can_bind_low_ports(void) @@ -41,7 +81,7 @@ check_can_bind_low_ports(void) memset(, 0, sizeof(sin)); sin.sin_family = AF_INET; - for (port = 600; port < 1024; ++port) { + for (port = PORT_TEST_RANGE_START; port < PORT_TEST_RANGE_END; ++port) { sin.sin_port = htons(port); tor_socket_t fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (! SOCKET_OK(fd)) { @@ -149,10 +189,24 @@ main(int argc, char **argv) /* Succeed if we can do a setuid with capability retention, and doing so * does not make us lose the ability to bind low ports */ { - int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); + const int keepcaps = (test_id == TEST_SETUID_KEEPCAPS); okay = switch_id(username, keepcaps ? SWITCH_ID_KEEP_BINDLOW : 0) == 0; + if (okay) { -okay = check_can_bind_low_ports() == keepcaps; +/* Only run this check if there are ports we may not be able to bind + * to. */ +const uint16_t min_port = unprivileged_port_range_start(); + +if (min_port >= PORT_TEST_RANGE_START && +min_port < PORT_TEST_RANGE_END) { + okay = check_can_bind_low_ports() == keepcaps; +} else { + fprintf(stderr, + "Skipping check for whether we can bind to any " + "privileged ports as the user system seems to " + "allow us to bind to ports even without any " + "capabilities set.\n"); +} } break; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Use Debian bullseye for our hardened build.
commit 12b64845aebf08e45db94e5610d0ced95b5c1667 Author: Alexander Færøy Date: Mon Aug 16 13:52:58 2021 + Use Debian bullseye for our hardened build. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915f242f26..b83079aa4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -117,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/master] cache is per job. also: separate test for different situations
commit eb777acae11247d8695fba8308eade237f77108d Author: emma peel Date: Mon Sep 13 18:53:36 2021 +0200 cache is per job. also: separate test for different situations --- .gitlab-ci.yml | 96 +- 1 file changed, 81 insertions(+), 15 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bd05699..e753821 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,5 @@ image: debian:buster-slim -cache: - key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG} - paths: -- packages -- lego -- apt-cache # This template should be usable on any system that's based on apt. # taken from tor gitlabci @@ -27,26 +21,98 @@ cache: apt-get upgrade -qy variables: -GIT_SUBMODULE_STRATEGY: recursive + GIT_SUBMODULE_STRATEGY: recursive + PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" + TRANSLATION_BRANCH: "communitytpo-contentspot" + + +stages: +- build +- test_l10n pages: + cache: +key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG} +paths: + - packages + - lego + - apt-cache + - venv + - .cache/pip + - .cache/lektor/builds/ + stage: build script: - *apt-template -- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-babel python3-pip git python3-inifile python3-dev python3-setuptools python3-openssl python3-cryptography i18nspector -y +- DEBIAN_FRONTEND=noninteractive apt-get install gettext python3-babel python3-pip git python3-inifile python3-dev python3-setuptools python3-openssl python3-cryptography i18nspector apt-utils ca-certificates -y +- pip3 install virtualenv +- virtualenv venv +- source venv/bin/activate - pip3 install lektor - echo 'checking out translations' - rm -rf i18n -- git clone --branch communitytpo-contentspot https://git.torproject.org/translation.git i18n -- echo 'reinstalling plugins to have last version' +- git clone --branch $TRANSLATION_BRANCH https://git.torproject.org/translation.git i18n +- echo 'reinstall lektor plugins' +- lektor project-info --output-path - lektor plugins reinstall -- echo 'building lektor 3 times to get translations in place' +- echo 'building lektor 3 more times to get translations in place' - lektor build --output-path public && lektor build --output-path public && lektor build --output-path public -- echo 'lets see if there are any updates in the strings for translation' + artifacts: +paths: + - public + - i18n + rules: +- when: always + +check_new_strings: + cache: +key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG} +paths: + - packages + - lego + - apt-cache + - venv + - .cache/pip + + stage: test_l10n + needs: [pages] + allow_failure: true + rules: +- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' +- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH +- if: '$CI_COMMIT_BRANCH == "translations"' + when: never +- changes: + - content/**/*.lr + - templates/**/* + script: +- *apt-template +- DEBIAN_FRONTEND=noninteractive apt-get install gettext git python3-dev python3-setuptools i18nspector python3-polib python3-requests ca-certificates apt-utils -y - git clone https://gitlab.torproject.org/tpo/community/l10n.git -- pip3 install polib -- l10n/bin/check_po_status.py communitytpo-contentspot -- l10n/bin/check_markdown_links.py i18n/ +- echo 'lets see if there are any updates in the strings for translation' +- l10n/bin/check_po_status.py $TRANSLATION_BRANCH artifacts: paths: - public - i18n + - l10n + +check_l10n: + allow_failure: true + cache: +key: $CI_PROJECT_PATH_SLUG.${CI_COMMIT_REF_SLUG} +paths: + - packages + - lego + - apt-cache + - venv + - i18n + - .cache/pip + stage: test_l10n + needs: [pages] + only: +- translations + script: +- DEBIAN_FRONTEND=noninteractive apt-get install gettext i18nspector python3-polib ca-certificates -y +- echo 'lets see if there are any broken links on the translations' +- l10n/bin/check_markdown_links.py i18n/ + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/main] Merge remote-tracking branch 'tor-gitlab/mr/44'
commit 498023bd188be99435391a2b192519f9ce3a572c Merge: 363ea98 04eb311 Author: Nick Mathewson Date: Mon Sep 13 09:42:47 2021 -0400 Merge remote-tracking branch 'tor-gitlab/mr/44' control-spec.txt | 1 + 1 file changed, 1 insertion(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/main] Add error 451 for ONION_CLIENT_AUTH_ADD
commit 04eb311e87c61dba797459eb81329f1ed8817cf5 Author: Neel Chauhan Date: Sun Sep 12 11:17:08 2021 -0700 Add error 451 for ONION_CLIENT_AUTH_ADD --- control-spec.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/control-spec.txt b/control-spec.txt index 616387c..25977b9 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1935,6 +1935,7 @@ 251 - Client auth credentials for this onion service already existed and replaced. 252 - Added client auth credentials and successfully decrypted a cached descriptor. +451 - We reached authorized client capacity 512 - Syntax error in "HSAddress", or "PrivateKeyBlob" or "Nickname" 551 - Client with with this "Nickname" already exists 552 - Unrecognized KeyType ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Clear asciidoc-helper.sh syntax
commit eac7bdce91f1ab341d801cc2f317dd408ed85cb4 Author: skaluzka Date: Wed Sep 8 22:25:47 2021 +0200 Clear asciidoc-helper.sh syntax Remove all unnecessary ";" characters at the end of several lines. Align all indentations to 4 spaces. Update console messages related to XML_CATALOG_FILES and .bashrc file. Signed-off-by: skaluzka --- doc/asciidoc-helper.sh | 47 +++ 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh index 765850a125..edc9b5b0ea 100755 --- a/doc/asciidoc-helper.sh +++ b/doc/asciidoc-helper.sh @@ -9,7 +9,7 @@ set -e if [ $# != 3 ]; then - exit 1; +exit 1 fi output=$3 @@ -19,50 +19,49 @@ if [ "$1" = "html" ]; then base=${output%%.html.in} if [ "$2" != none ]; then - TZ=UTC "$2" -d manpage -o "$output" "$input"; +TZ=UTC "$2" -d manpage -o "$output" "$input" else - echo "=="; - echo; - echo "You need asciidoc installed to be able to build the manpage."; - echo "To build without manpages, use the --disable-asciidoc argument"; - echo "when calling configure."; - echo; - echo "=="; - exit 1; +echo "==" +echo +echo "You need asciidoc installed to be able to build the manpage." +echo "To build without manpages, use the --disable-asciidoc argument" +echo "when calling configure." +echo +echo "==" +exit 1 fi elif [ "$1" = "man" ]; then input=${output%%.1.in}.1.txt base=${output%%.1.in} if test "$2" = none; then - echo "=="; - echo; - echo "You need asciidoc installed to be able to build the manpage."; - echo "To build without manpages, use the --disable-asciidoc argument"; - echo "when calling configure."; - echo; - echo "=="; - exit 1; +echo "==" +echo +echo "You need asciidoc installed to be able to build the manpage." +echo "To build without manpages, use the --disable-asciidoc argument" +echo "when calling configure." +echo +echo "==" +exit 1 fi if "$2" -f manpage "$input"; then - mv "$base.1" "$output"; +mv "$base.1" "$output" else - cat
[tor-commits] [torspec/main] Merge remote-tracking branch 'tor-gitlab/mr/45'
commit 363ea9878b265d28086c8e392e9fea2ef11af219 Merge: b03be04 8b1babf Author: Nick Mathewson Date: Mon Sep 13 09:35:49 2021 -0400 Merge remote-tracking branch 'tor-gitlab/mr/45' proposals/326-tor-relay-well-known-uri-rfc8615.md | 21 + 1 file changed, 21 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/main] add ed25519-master-pubkey.txt description
commit 8b1babf17c4b61084bfce18daee72d83ea6dfba3 Author: nusenu <360-nus...@gitlab.torproject.org> Date: Sun Sep 12 20:27:26 2021 + add ed25519-master-pubkey.txt description --- proposals/326-tor-relay-well-known-uri-rfc8615.md | 21 + 1 file changed, 21 insertions(+) diff --git a/proposals/326-tor-relay-well-known-uri-rfc8615.md b/proposals/326-tor-relay-well-known-uri-rfc8615.md index 568d387..b1ed60a 100644 --- a/proposals/326-tor-relay-well-known-uri-rfc8615.md +++ b/proposals/326-tor-relay-well-known-uri-rfc8615.md @@ -53,6 +53,27 @@ B234567890123456789012345678901234567890 ``` The RSA SHA1 relay fingerprint can be found in the file named "fingerprint" located in the Tor data directory on the relay. +## /.well-known/tor-relay/ed25519-master-pubkey.txt + +* The file contains one or more ed25519 Tor relay public master keys of relays operated by the entity in control of this website. +* Each line contains one public ed25519 master key in its base64 encoded form. +* The file may contain comments (starting with #). +* Non-comment lines must be exactly 43 characters long and consist of the following characters [a-zA-z0-9/+]. +* Each key MUST appear at most once. +* The file MUST not be larger than one MByte. +* The content MUST be a media type of "text/plain". + +Example file content: + +``` +# we operate these Tor relays +yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI +kXdA5dmIhXblAquMx0M0ApWJJ4JGQGLsjUSn86cbIaU +bHzOT41w56KHh+w6TYwUhN4KrGwPWQWJX04/+tw/+RU +``` + +The base64 encoded ed25519 public master key can be found in the file named "fingerprint-ed25519" located in the Tor data directory on the relay. + # Change Controller ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_release] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release
commit 510534df3d768b68c021c826eb40c131ecbf395d Author: Translation commit bot Date: Mon Sep 13 09:46:44 2021 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release --- it.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/it.po b/it.po index 42356d72a6..bc798a0aa7 100644 --- a/it.po +++ b/it.po @@ -39,7 +39,7 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-09-06 12:01+0200\n" -"PO-Revision-Date: 2021-09-13 09:16+\n" +"PO-Revision-Date: 2021-09-13 09:28+\n" "Last-Translator: Random_R\n" "Language-Team: Italian (http://www.transifex.com/otf/torproject/language/it/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc
commit cb4eba5b52428ac408e40483e443fefc0b2f36ed Author: Translation commit bot Date: Mon Sep 13 09:45:59 2021 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc --- it.po | 96 +-- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/it.po b/it.po index 2c4375ff00..931f31469f 100644 --- a/it.po +++ b/it.po @@ -39,7 +39,7 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-09-06 12:01+0200\n" -"PO-Revision-Date: 2021-09-13 09:15+\n" +"PO-Revision-Date: 2021-09-13 09:28+\n" "Last-Translator: Random_R\n" "Language-Team: Italian (http://www.transifex.com/otf/torproject/language/it/)\n" "MIME-Version: 1.0\n" @@ -2214,7 +2214,7 @@ msgstr "à impossibile connettersi a Tor in modalità offline." #: config/chroot_local-includes/usr/local/bin/tca:158 msgid "" "To connect to Tor and the Internet, restart Tails without Offline Mode." -msgstr "" +msgstr "Per connettersi a Tor e ad internet, riavvia Tails senza la modalità offline." #: ../config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in.h:1 msgid "Report an error" @@ -2597,7 +2597,7 @@ msgstr "Configura un bridge di Tor" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:76 msgid "heading" -msgstr "" +msgstr "intestazione" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:94 msgid "" @@ -2607,11 +2607,11 @@ msgstr "I bridge sono relay di Tor segreti. Usa un bridge come primo relay di To #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:110 msgid "Learn more about Tor bridges" -msgstr "" +msgstr "Maggiori informazioni sui bridge di Tor" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:146 msgid "Use a _default bridge" -msgstr "" +msgstr "Usa un bridge predefinito" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:170 msgid "obfs4 (recommended)" @@ -2628,11 +2628,11 @@ msgstr "Nessuno" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:225 msgid "_Request a new bridge" -msgstr "" +msgstr "_Richiedi un nuovo bridge" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:260 msgid "_Type in a bridge that I already know" -msgstr "" +msgstr "Digita un bridge che conosco già " #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:283 msgid "" @@ -2646,21 +2646,21 @@ msgstr "Attualmente in Tails, solo i bridge obfs4 nascondono che stai utilizzand #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:372 msgid "Save bridge to _Persistent Storage" -msgstr "" +msgstr "Salva il bridge nell'archiviazione persistente" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:397 msgid "Save bridge to Persistent Storage" -msgstr "" +msgstr "Salva il bridge nell'archiviazione persistente" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:398 msgid "toggle-button" -msgstr "" +msgstr "commuta-pulsante" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:538 #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:936 #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:1336 msgid "_Connect to Tor" -msgstr "" +msgstr "_Connetti a Tor" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:583 msgid "Error connecting to Tor" @@ -2668,17 +2668,17 @@ msgstr "Errore durante la connessione di Tor" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:606 msgid "⢠Wrong clock" -msgstr "" +msgstr "⢠Orologio sbagliato" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:626 msgid "" "To prevent network attacks, your time zone and clock need to be correct to " "connect to Tor using a bridge." -msgstr "" +msgstr "Per prevenire attacchi di rete, il tuo fuso orario ed orologio devono essere giusti per connetterti a Tor usando un bridge." #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:639 msgid "Fix _Clock" -msgstr "" +msgstr "Regola l'orologio" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:676 msgid "⢠Public network" @@ -2688,11 +2688,11 @@ msgstr "⢠Rete pubblica" msgid "" "If you are in a shop, hotel, or airport, you might need to sign in to the " "local network using a captive portal." -msgstr "" +msgstr "Se ti trovi in un negozio, hotel o aeroporto, potrebbe essere necessario eseguire l'accesso alla rete locale." #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:709 msgid "Try _Signing in to the Network" -msgstr "" +msgstr "Prova ad accedere alla rete" #: ../config/chroot_local-includes/usr/share/tails/tca/main.ui.in:747 msgid "⢠Local proxy" @@ -2702,15 +2702,15 @@ msgstr "⢠Proxy locale" msgid "" "If you are on a corporate or university network, you might need to configure" " a local proxy." -msgstr "" +msgstr
[tor-commits] [translation/tails-misc_release] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release
commit 0d0ea6d4254d7c77fcb312642af172cc6f903eeb Author: Translation commit bot Date: Mon Sep 13 09:16:40 2021 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release --- it.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/it.po b/it.po index a2058178d3..42356d72a6 100644 --- a/it.po +++ b/it.po @@ -39,8 +39,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-09-06 12:01+0200\n" -"PO-Revision-Date: 2021-09-06 12:26+\n" -"Last-Translator: Transifex Bot <>\n" +"PO-Revision-Date: 2021-09-13 09:16+\n" +"Last-Translator: Random_R\n" "Language-Team: Italian (http://www.transifex.com/otf/torproject/language/it/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc
commit 7ca3a20acd31eea8bd5ce49e963a136fde3d8ded Author: Translation commit bot Date: Mon Sep 13 09:15:54 2021 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc --- it.po | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/it.po b/it.po index 972e716e4b..2c4375ff00 100644 --- a/it.po +++ b/it.po @@ -39,8 +39,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-09-06 12:01+0200\n" -"PO-Revision-Date: 2021-09-06 12:26+\n" -"Last-Translator: Transifex Bot <>\n" +"PO-Revision-Date: 2021-09-13 09:15+\n" +"Last-Translator: Random_R\n" "Language-Team: Italian (http://www.transifex.com/otf/torproject/language/it/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -1736,13 +1736,13 @@ msgstr "_Usa un bridge che conosco già " msgid "" "To save your bridge, unlock you " "Persistent Storage." -msgstr "" +msgstr "Per salvare il bridge, sblocca la tua archiviazione persistente." #: config/chroot_local-includes/usr/lib/python3/dist-packages/tca/ui/main_window.py:245 msgid "" "To save your bridge, create a " "Persistent Storage on your Tails USB stick." -msgstr "" +msgstr "Per salvare il bridge, crea un'archiviazione persistente nella tua chiave USB di Tails." #: config/chroot_local-includes/usr/lib/python3/dist-packages/tca/ui/main_window.py:265 #: config/chroot_local-includes/usr/lib/python3/dist-packages/tca/ui/main_window.py:668 @@ -1770,7 +1770,7 @@ msgstr "Connessione a Tor con bridge predefiniti..." #: config/chroot_local-includes/usr/lib/python3/dist-packages/tca/ui/main_window.py:433 msgid "Connecting to Tor with a custom bridgeâ¦" -msgstr "" +msgstr "Connessione a Tor con un bridge personalizzato..." #: config/chroot_local-includes/usr/lib/python3/dist-packages/tca/ui/main_window.py:542 msgid "" @@ -2012,7 +2012,7 @@ msgid "" "your real IP address.\\n\\nOnly use the Unsafe Browser to sign in to a " "network using a captive portal or browse trusted web pages on the local " "network." -msgstr "" +msgstr "Il browser non sicuro non è anonimo e i siti che visiti possono vedere il tuo indirizzo IP reale.\\n\\nUsa il browser non sicuro solo per accedere ad una rete che usa un captive portal o per navigare pagine fidate nella rete locale." #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:51 msgid "Starting the Unsafe Browser..." @@ -2049,7 +2049,7 @@ msgid "" "The Unsafe Browser was not enabled in the Welcome Screen.\\n\\nTo use the " "Unsafe Browser, restart Tails and enable the Unsafe Browser in the " "additional settings of the Welcome Screen." -msgstr "" +msgstr "Il browser non sicuro non è stato attivato nella schermata di benvenuto.\\n\\nSe vuoi usare il browser non sicuro, riavvia Tails ed attivalo nelle impostazioni aggiuntive della schermata di benvenuto." #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:95 msgid "" @@ -2205,11 +2205,11 @@ msgstr "Blocco chiave pubblica OpenPGP del contatto non valido" #: config/chroot_local-includes/usr/local/bin/tca:156 msgid "You turned on Offline Mode in the Welcome Screen." -msgstr "" +msgstr "Hai attivato la modalità offline nella schermata di benvenuto." #: config/chroot_local-includes/usr/local/bin/tca:157 msgid "It is impossible to connect to Tor in Offline Mode." -msgstr "" +msgstr "à impossibile connettersi a Tor in modalità offline." #: config/chroot_local-includes/usr/local/bin/tca:158 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits