diff options
-rw-r--r-- | .gitlab-ci.yml | 9 | ||||
-rw-r--r-- | changes/ticket40474 | 5 | ||||
-rw-r--r-- | src/core/or/connection_edge.c | 16 |
3 files changed, 23 insertions, 7 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f7abf8362e..fa29c65c58 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,6 +37,12 @@ variables: paths: - artifacts/ + +# This template is used for x86-64 builds. +.x86-64-template: &x86-64-template + tags: + - amd64 + # This template should be usable on any system that's based on apt. .apt-template: &apt-template | export LC_ALL=C.UTF-8 @@ -57,6 +63,7 @@ variables: # This template sets us up for Debian system in particular. .debian-template: &debian-template <<: *artifacts-template + <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be @@ -110,7 +117,7 @@ debian-minimal: # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: - image: debian:testing + image: debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" diff --git a/changes/ticket40474 b/changes/ticket40474 new file mode 100644 index 0000000000..d2a7231106 --- /dev/null +++ b/changes/ticket40474 @@ -0,0 +1,5 @@ + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log once any v2 access attempts in order to not pollute the logs + with warnings and avoid recording the times on disk when v2 access was + attempted. Important to note that the onion address was _never_ logged. + That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8. diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 7f260ba185..82e8ead5e0 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -2584,12 +2584,16 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, tor_assert(!automap); if (addresstype == ONION_V2_HOSTNAME) { - log_warn(LD_PROTOCOL, - "Warning! You've just connected to a v2 onion address. These " - "addresses are deprecated for security reasons, and are no " - "longer supported in Tor. Please encourage the site operator " - "to upgrade. For more information see " - "https://blog.torproject.org/v2-deprecation-timeline"); + static bool log_once = false; + if (!log_once) { + log_warn(LD_PROTOCOL, + "Warning! You've just connected to a v2 onion address. These " + "addresses are deprecated for security reasons, and are no " + "longer supported in Tor. Please encourage the site operator " + "to upgrade. For more information see " + "https://blog.torproject.org/v2-deprecation-timeline"); + log_once = true; + } } return connection_ap_handle_onion(conn, socks, circ, addresstype); |