diff options
| -rw-r--r-- | changes/bug4572 | 6 | ||||
| -rw-r--r-- | doc/tor.1.txt | 4 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/dirserv.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
5 files changed, 8 insertions, 12 deletions
diff --git a/changes/bug4572 b/changes/bug4572 new file mode 100644 index 0000000000..3107bf9135 --- /dev/null +++ b/changes/bug4572 @@ -0,0 +1,6 @@ + o Removed features + - Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option; + authorities needed to use it for a while to keep the network working + as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but that + was six months ago. As of now, it should no longer be needed or used. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e73377bdfd..98c97e717a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1610,10 +1610,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS votes on whether to accept relays as hidden service directories. (Default: 1) -GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**:: - When this option is set to 0, do not vote to give the Guard flag to any - version of Tor vulnerable to CVE-2011-2769. (Default: 0) - HIDDEN SERVICE OPTIONS ---------------------- diff --git a/src/or/config.c b/src/or/config.c index 696bbd0440..bfed4e5db4 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -295,8 +295,7 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif - V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, - BOOL, "0"), + OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(HeartbeatPeriod, INTERVAL, "6 hours"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf4..5b6087c943 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || - is_router_version_good_for_possible_guard(ri->platform))) { + (is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( node->identity, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index c323595f1e..a498a57083 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3270,10 +3270,6 @@ typedef struct { * number of servers per IP address shared * with an authority. */ - /** Should we assign the Guard flag to relays which would allow - * exploitation of CVE-2011-2768 against their clients? */ - int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; - /** If non-zero, always vote the Fast flag for any relay advertising * this amount of capacity or more. */ uint64_t AuthDirFastGuarantee; |