diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-04-11 10:59:11 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-04-11 10:59:11 -0400 |
| commit | 77e51224faf1963241e207004133a2350ad23e5c (patch) | |
| tree | 315f14f0fe88b959d513b601439dbd007e9a671f | |
| parent | ab338e3bb8220de6c38d2b689f2e9593d256e9c4 (diff) | |
| download | tor-77e51224faf1963241e207004133a2350ad23e5c.tar tor-77e51224faf1963241e207004133a2350ad23e5c.tar.gz | |
Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
| -rw-r--r-- | changes/bug4572 | 6 | ||||
| -rw-r--r-- | doc/tor.1.txt | 4 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/dirserv.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
5 files changed, 8 insertions, 12 deletions
diff --git a/changes/bug4572 b/changes/bug4572 new file mode 100644 index 000000000..3107bf913 --- /dev/null +++ b/changes/bug4572 @@ -0,0 +1,6 @@ + o Removed features + - Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option; + authorities needed to use it for a while to keep the network working + as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but that + was six months ago. As of now, it should no longer be needed or used. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e73377bdf..98c97e717 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1610,10 +1610,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS votes on whether to accept relays as hidden service directories. (Default: 1) -GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**:: - When this option is set to 0, do not vote to give the Guard flag to any - version of Tor vulnerable to CVE-2011-2769. (Default: 0) - HIDDEN SERVICE OPTIONS ---------------------- diff --git a/src/or/config.c b/src/or/config.c index 696bbd044..bfed4e5db 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -295,8 +295,7 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif - V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, - BOOL, "0"), + OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(HeartbeatPeriod, INTERVAL, "6 hours"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf..5b6087c94 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || - is_router_version_good_for_possible_guard(ri->platform))) { + (is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( node->identity, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index c323595f1..a498a5708 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3270,10 +3270,6 @@ typedef struct { * number of servers per IP address shared * with an authority. */ - /** Should we assign the Guard flag to relays which would allow - * exploitation of CVE-2011-2768 against their clients? */ - int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; - /** If non-zero, always vote the Fast flag for any relay advertising * this amount of capacity or more. */ uint64_t AuthDirFastGuarantee; |