From a4b447604a914cedc0b85efa6e33eb1feba0443a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 6 Mar 2014 09:34:09 -0500
Subject: [PATCH] Stop accepting 0.2.2 relay uploads for the consensus.

Resolves ticket 11149.
---
 changes/require_023 |  6 ++++++
 src/or/dirserv.c    | 11 +++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 changes/require_023

diff --git a/changes/require_023 b/changes/require_023
new file mode 100644
index 0000000000..95302e1493
--- /dev/null
+++ b/changes/require_023
@@ -0,0 +1,6 @@
+  o Deprecated versions:
+    - Tor 0.2.2.x is no longer supported, and has not been for a while.
+      Directory authorities will stop accepting descriptors from
+      Tor relays running any version of Tor prior to Tor 0.2.3.25.
+      Resolves ticket 11149.
+
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 984b47d2f5..7393a80ad3 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -393,13 +393,15 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
               strmap_size(fingerprint_list->fp_by_name),
               digestmap_size(fingerprint_list->status_by_digest));
 
-  /* Versions before Tor 0.2.2.35 have known security issues that
-   * make them unsuitable for the current network. */
-  if (platform && !tor_version_as_new_as(platform,"0.2.2.35")) {
+  /* Versions before Tor 0.2.3.25 are too old to support, and aren't
+   * getting any more security fixes. Disable them. */
+  if (platform && !tor_version_as_new_as(platform,"0.2.3.25")) {
     if (msg)
       *msg = "Tor version is insecure or unsupported. Please upgrade!";
     return FP_REJECT;
-  } else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
+  }
+#if 0
+  else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
     /* Versions from 0.2.3-alpha...0.2.3.9-alpha have known security
      * issues that make them unusable for the current network */
     if (!tor_version_as_new_as(platform, "0.2.3.10-alpha")) {
@@ -408,6 +410,7 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
       return FP_REJECT;
     }
   }
+#endif
 
   result = dirserv_get_name_status(id_digest, nickname);
   if (result & FP_NAMED) {