Merge branch 'maint-0.2.2' into release-0.2.2

changes/all_descs

@@ -0,0 +1,4 @@
+  o Major bugfixes (bridge authority)
+    - Do not allow encrypte requests for "all" bridges to return all
+      bridges.
+

changes/ipv6_crash

@@ -0,0 +1,4 @@
+  o Major bugfixes:
+    - Fix a crash in parsing router descriptors containing IPv6
+      addresses.  This one crashed the directory authorities when somebody
+      fired up some experimental code. Bugfix on 0.2.1.3-alpha.

src/or/dirserv.c

@@ -2970,6 +2970,8 @@ dirserv_get_routerdesc_fingerprints(smartlist_t *fps_out, const char *key,
     SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
                       smartlist_add(fps_out,
                       tor_memdup(r->cache_info.identity_digest, DIGEST_LEN)));
+    /* Treat "all" requests as if they were unencrypted */
+    for_unencrypted_conn = 1;
   } else if (!strcmp(key, "authority")) {
     routerinfo_t *ri = router_get_my_routerinfo();
     if (ri)

src/or/policies.c

@@ -888,6 +888,8 @@ exit_policy_is_general_exit_helper(smartlist_t *policy, int port)
 
   memset(subnet_status, 0, sizeof(subnet_status));
   SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
+    if (tor_addr_family(&p->addr) != AF_INET)
+      continue; /* IPv4 only for now */
     if (p->prt_min > port || p->prt_max < port)
       continue; /* Doesn't cover our port. */
     mask = 0;

src/or/routerparse.c

@@ -1505,6 +1505,12 @@ router_parse_entry_from_string(const char *s, const char *end,
       router->has_old_dnsworkers = 1;
   }
 
+  if (find_opt_by_keyword(tokens, K_REJECT6) ||
+      find_opt_by_keyword(tokens, K_ACCEPT6)) {
+    log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
+             "older Tors.");
+    goto err;
+  }
   exit_policy_tokens = find_all_exitpolicy(tokens);
   if (!smartlist_len(exit_policy_tokens)) {
     log_warn(LD_DIR, "No exit policy tokens in descriptor.");