dir auths reject 0.2.9.x for x<5, due to bug 20499

Directory authorities now reject relays running versions
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
suffer from bug 20499 and don't keep their consensus cache
up-to-date.

Resolves ticket 20509.

diff --git a/changes/bug20509 b/changes/bug20509
new file mode 100644 (file)
index 0000000..a39ca9f
--- /dev/null
+++ b/changes/bug20509
@@ -0,0 +1,5 @@
+  o Minor features:
+    - Directory authorities now reject relays running versions
+      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
+      suffer from bug 20499 and don't keep their consensus cache
+      up-to-date. Resolves ticket 20509.

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index fa3938b5ec7048a667280c8599e8fd0cf0196667..fedbe51b4c62e4af2b863d6c9865aeedcda84cab 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -383,6 +383,17 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
     return FP_REJECT;
   }
 
+  /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't
+   * keep their consensus up to date so they make bad guards.
+   * The simple fix is to just drop them from the network. */
+  if (platform &&
+      tor_version_as_new_as(platform,"0.2.9.0-alpha") &&
+      !tor_version_as_new_as(platform,"0.2.9.5-alpha")) {
+    if (msg)
+      *msg = "Tor version contains bug 20499. Please upgrade!";
+    return FP_REJECT;
+  }
+
   status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
                                    id_digest);
   if (status_by_digest)