Stop accepting 0.2.2 relay uploads for the consensus.

Resolves ticket 11149.
This commit is contained in:
Nick Mathewson 2014-03-06 09:34:09 -05:00
parent 663aba07e5
commit a4b447604a
2 changed files with 13 additions and 4 deletions

6
changes/require_023 Normal file
View File

@ -0,0 +1,6 @@
o Deprecated versions:
- Tor 0.2.2.x is no longer supported, and has not been for a while.
Directory authorities will stop accepting descriptors from
Tor relays running any version of Tor prior to Tor 0.2.3.25.
Resolves ticket 11149.

View File

@ -393,13 +393,15 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
strmap_size(fingerprint_list->fp_by_name), strmap_size(fingerprint_list->fp_by_name),
digestmap_size(fingerprint_list->status_by_digest)); digestmap_size(fingerprint_list->status_by_digest));
/* Versions before Tor 0.2.2.35 have known security issues that /* Versions before Tor 0.2.3.25 are too old to support, and aren't
* make them unsuitable for the current network. */ * getting any more security fixes. Disable them. */
if (platform && !tor_version_as_new_as(platform,"0.2.2.35")) { if (platform && !tor_version_as_new_as(platform,"0.2.3.25")) {
if (msg) if (msg)
*msg = "Tor version is insecure or unsupported. Please upgrade!"; *msg = "Tor version is insecure or unsupported. Please upgrade!";
return FP_REJECT; return FP_REJECT;
} else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) { }
#if 0
else if (platform && tor_version_as_new_as(platform,"0.2.3.0-alpha")) {
/* Versions from 0.2.3-alpha...0.2.3.9-alpha have known security /* Versions from 0.2.3-alpha...0.2.3.9-alpha have known security
* issues that make them unusable for the current network */ * issues that make them unusable for the current network */
if (!tor_version_as_new_as(platform, "0.2.3.10-alpha")) { if (!tor_version_as_new_as(platform, "0.2.3.10-alpha")) {
@ -408,6 +410,7 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
return FP_REJECT; return FP_REJECT;
} }
} }
#endif
result = dirserv_get_name_status(id_digest, nickname); result = dirserv_get_name_status(id_digest, nickname);
if (result & FP_NAMED) { if (result & FP_NAMED) {