Start on an 0.3.0.3-alpha changelog

26 files changed, 137 insertions, 130 deletions

diff --git a/ChangeLog b/ChangeLog
index 59fdc51d8c..62cf13d388 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,140 @@
+Changes in version 0.3.0.3-alpha - 2017-02-03
+  BLURB BLURB BLURB.
+
+  o Major bugfixes (directory authority):
+    - During voting, when marking a node as a probable sybil, do not
+      clear its BadExit flag: sybils can still be bad in other ways
+      too. (We still clear the other flags.) Fixes bug 21108; bugfix
+      on 0.2.0.13-alpha.
+    - When deciding whether we have just found a router to be reachable,
+      do not penalize it for not having performed an Ed25519 link
+      handshake if it does not claim to support an Ed25519 handshake.
+      Previously, we would treat such relays as non-running. Fixes bug
+      21107; bugfix on 0.2.3.1-alpha.
+
+  o Major bugfixes (entry guards):
+    - Stop trying to build circuits through entry guards for which we
+      have no descriptor yet. Also, stop crashing if we *do*
+      accidentally try to build a circuit in such a state. Fixes bug
+      21242; bugfix on 0.3.0.1-alpha.
+
+  o Major bugfixes (IPv6 Exits):
+    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
+      IPv6 addresses. Instead, only reject a port over IPv6 if the exit
+      policy rejects that port on more than an IPv6 /16 of addresses.
+      This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a
+      relay's own IPv6 address by default. Fixes bug 21357; bugfix on
+      commit 004f3f4e53 in 0.2.4.7-alpha.
+
+  o Minor feature (client):
+    - Enable IPv6 traffic by default on the SocksPort. To disable this,
+      a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
+
+  o Minor feature (fallback scripts):
+    - Add a check_existing mode to updateFallbackDirs.py, which checks
+      if fallbacks in the hard-coded list are working. Closes ticket
+      20174. Patch by haxxpop.
+
+  o Minor features (ciphersuite selection):
+    - Allow servers to accept a wider range of ciphersuites, including
+      chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
+    - Clients now advertise a list of ciphersuites closer to the ones
+      preferred by Firefox. Closes ticket 15426.
+
+  o Minor features (controller, configuration):
+    - Each of the *Port options, such as SocksPort, ORPort, ControlPort,
+      and so on, now comes with a __*Port variant that will not be saved
+      to the torrc file by the controller's SAVECONF command. This
+      change allows TorBrowser to set up a single-use domain socket for
+      each time it launches Tor. Closes ticket 20956.
+    - The GETCONF command can now query options that may only be
+      meaningful in context-sensitive lists. This allows the controller
+      to query the mixed SocksPort/__SocksPort style options introduced
+      in feature 20956. Implements ticket 21300.
+
+  o Minor features (portability, compilation):
+    - Autoconf now check to determine if OpenSSL structures are opaque,
+      instead of explicitly checking for OpenSSL version numbers. Part
+      of ticket 21359.
+    - Support building with recent LibreSSL code that uses opaque
+      structures. Closes ticket 21359.
+
+  o Minor features (relay):
+    - Allow separation of exit and relay traffic to different source IP
+      addresses. Closes ticket 17975. Written by Michael Sonntag.
+
+  o Minor bugfix (logging):
+    - Don't recommend the use of Tor2web in non anonymous mode. In that
+      mode, we disable client functionalities and recommending Tor2web
+      as a solution is a bad idea because in that case client loses all
+      anonymity. Tor2web should really only be used in very specific
+      cases and with users *knowing* what they do. Fixes bug 21294;
+      bugfix on 0.2.9.3-alpha.
+
+  o Minor bugfixes (client):
+    - Always recover from failures in extend_info_from_node(), in an
+      attempt to prevent any recurrence of bug 21242. Fixes bug 21372;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (client, entry guards):
+    - Fix a bug warning (with backtrace) when we fail a channel that
+      circuits to fallback directories on it. Fixes bug 21128; bugfix
+      on 0.3.0.1-alpha.
+    - Fix a spurious bug warning (with backtrace) when removing an
+      expired entry guard. Fixes bug 21129; bugfix on 0.3.0.1-alpha.
+    - Fix a bug of the new guard algorithm where tor could stall for up
+      to 10 minutes before retrying a guard after a long period of no
+      network. Fixes bug 21052; bugfix on 0.3.0.1-alpha.
+    - Do not try to build circuits until we have descriptors for our
+      primary entry guards. Related to fix for bug 21242.
+
+  o Minor bugfixes (configure, autoconf):
+    - Rename the configure option --enable-expensive-hardening to
+      --enable-fragile-hardening. TROVE-2017-001 was triggerable only
+      through the expensive hardening which is making the tor daemon
+      abort when the issue is detected. Thus, it makes tor more at risk
+      of remote crashes but safer against RCE or heartbleed bug
+      category. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes (controller):
+    - Restore the (deprecated) DROPGUARDS controller command. Fixes bug
+      20824; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (hidden service):
+    - Cleanup expiring intro point nodes if no circuit is associated to
+      it anymore. It was causing, rarely, the service to not open enough
+      introduction points circuit in the case we had dead expiring
+      nodes.; bugfix on 0.2.7.2-alpha.
+    - Stop modifying the value of our torrc option
+      HiddenServiceStatistics just because we're not a bridge or relay.
+      Use an internal value for what tor should use and keep the torrc
+      option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha.
+    - Two possible underflow which would ultimately lead to creating a
+      lot of introduction points circuits and closing them in a non stop
+      loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (portability):
+    - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or
+      "__OpenBSD__". It is supported by OpenBSD itself and also most
+      OpenBSD variants like Bitrig. Fixes bug 20980; bugfix
+      on 0.1.2.1-alpha.
+    - Do not silently truncate content of files if they are larger than
+      SIZE_MAX bytes. This issue could occur on 32 bit systems with
+      large file support and files which are larger than 4 GB. Fixes bug
+      21134; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (tor-resolve):
+    - The tor-resolve command line tool now rejects hostnames over 255
+      characters in length. Previously, it would silently truncate them,
+      which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
+      Patch by "junglefowl".
+
+  o Minor bugfixes (Windows services):
+    - Be sure to initialize the monotonic time subsystem before using
+      it, even when running as an NT service. Fixes bug 21356; bugfix
+      on 0.2.9.1-alpha.
+
+
 Changes in version 0.3.0.2-alpha - 2017-01-23
   Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could
   cause relays and clients to crash, even if they were not built with
diff --git a/changes/21359 b/changes/21359
deleted file mode 100644
index 24113a03e6..0000000000
--- a/changes/21359
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor features (portability, compilation):
-    - Support building with recent LibreSSL code that uses opaque
-      structures. Closes ticket 21359.
-    - Autoconf now check to determine if OpenSSL
-      structures are opaque, instead of explicitly checking for
-      OpenSSL version numbers. 
-      Part of ticket 21359.
diff --git a/changes/bug20824 b/changes/bug20824
deleted file mode 100644
index 0cd52054ed..0000000000
--- a/changes/bug20824
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (controller):
-    - Restore the (deprecated) DROPGUARDS controller command.
-      Fixes bug 20824; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug20980 b/changes/bug20980
deleted file mode 100644
index 0f8e28e77a..0000000000
--- a/changes/bug20980
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfix (OpenBSD):
-    - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or
-      "__OpenBSD__". It is supported by OpenBSD itself and also most OpenBSD
-      variants like Bitrig. Fixes bug 20980; bugfix on 0.1.2.1-alpha.
diff --git a/changes/bug21052 b/changes/bug21052
deleted file mode 100644
index 0597b3b306..0000000000
--- a/changes/bug21052
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (client, guards):
-    - Fix a bug of the new guard algorithm where tor could stall for up to 10
-      minutes before retrying a guard after a long period of no network.
-      Fixes bug 21052; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug21107 b/changes/bug21107
deleted file mode 100644
index e9e4e788cb..0000000000
--- a/changes/bug21107
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (directory authority):
-    - When deciding whether we have just found a router to be reachable,
-      do not penalize it for not having performed an Ed25519 link handshake
-      if it does not claim to support an Ed25519 handshake. Previously,
-      we would treat such relays as non-running.
-      Fixes bug 21107; bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug21108_029 b/changes/bug21108_029
deleted file mode 100644
index 3a3f004fc6..0000000000
--- a/changes/bug21108_029
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (directory authority):
-    - During voting, when marking a node as a probable sybil, do not
-      clear its BadExit flag: sybils can still be bad in other ways
-      too. (We still clear the other flags.) Fixes bug 21108; bugfix
-      on 0.2.0.13-alpha.
-
diff --git a/changes/bug21128 b/changes/bug21128
deleted file mode 100644
index 972d2a2818..0000000000
--- a/changes/bug21128
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (client, entry guards):
-    - Fix a bug warning (with backtrace) when we fail a channel
-      that circuits to fallback directories on it. Fixes bug 21128;
-      bugfix on 0.3.0.1-alpha.
-
diff --git a/changes/bug21129 b/changes/bug21129
deleted file mode 100644
index 5a09bb489d..0000000000
--- a/changes/bug21129
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (client, entry guards):
-    - Fix a spurious bug warning (with backtrace) when removing an
-      expired entry guard.  Fixes bug 21129; bugfix on 0.3.0.1-alpha.
-
diff --git a/changes/bug21134 b/changes/bug21134
deleted file mode 100644
index b851718372..0000000000
--- a/changes/bug21134
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability):
-    - Do not silently truncate content of files if they are larger
-      than SIZE_MAX bytes. This issue could occur on 32 bit systems
-      with large file support and files which are larger than 4 GB.
-      Fixes bug 21134; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug21150 b/changes/bug21150
deleted file mode 100644
index a5235d509f..0000000000
--- a/changes/bug21150
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (config, hidden service):
-    - Stop modifying the value of our torrc option HiddenServiceStatistics
-      just because we're not a bridge or relay. Use an internal value for what
-      tor should use and keep the torrc option intact. Fixes bug 21150; bugfix
-      on 0.2.6.2-alpha.
diff --git a/changes/bug21242 b/changes/bug21242
deleted file mode 100644
index 0bdc203afc..0000000000
--- a/changes/bug21242
+++ /dev/null
@@ -1,10 +0,0 @@
-  o Major bugfixes (entry guards):
-    - Stop trying to build circuits through entry guards for which we
-      have no descriptor yet. Also, stop crashing if we *do* accidentally
-      try to build a circuit in such a state. Fixes bug 21242; bugfix
-      on 0.3.0.1-alpha.
-
-  o Minor features (entry guards):
-    - Do not try to build circuits until we have descriptors for our
-      primary entry guards. Related to fix for bug 21242.
-
diff --git a/changes/bug21280 b/changes/bug21280
deleted file mode 100644
index e9f0bc174c..0000000000
--- a/changes/bug21280
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (tor-resolve):
-    - The tor-resolve command line tool now rejects hostnames over 255
-      characters in length. Previously, it would silently truncate
-      them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
-      Patch by "junglefowl".
diff --git a/changes/bug21290 b/changes/bug21290
deleted file mode 100644
index 6c899b8094..0000000000
--- a/changes/bug21290
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (configure, autoconf):
-    - Rename the configure option --enable-expensive-hardening to
-      --enable-fragile-hardening. TROVE-2017-001 was triggerable only through
-      the expensive hardening which is making the tor daemon abort when the
-      issue is detected. Thus, it makes tor more at risk of remote crashes but
-      safer against RCE or heartbleed bug category. Fixes bug 21290; bugfix on
-      0.2.5.4-alpha.
diff --git a/changes/bug21294 b/changes/bug21294
deleted file mode 100644
index 32351d329c..0000000000
--- a/changes/bug21294
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfix (logging):
-    - Don't recommend to use Tor2web in non anonymous mode. In that mode, we
-      disable client functionalities and recommending Tor2web as a solution is
-      a bad idea because in that case client loses all anonymity. Tor2web
-      should really only be used in very specific cases and with users
-      *knowing* what they do. Fixes bug 21294; bugfix on 0.2.9.3-alpha.
diff --git a/changes/bug21300 b/changes/bug21300
deleted file mode 100644
index 70cc12a93c..0000000000
--- a/changes/bug21300
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (controller):
-    - The GETCONF command can now query options that may only be meaningful
-      in context-sensitive lists. This allows the controller to query
-      the mixed SocksPort/__SocksPort style options introduced in
-      feature 20956. Implements ticket 21300.
-
diff --git a/changes/bug21302 b/changes/bug21302
deleted file mode 100644
index 309b3574a6..0000000000
--- a/changes/bug21302
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Two possible underflow which would ultimately lead to creating a lot of
-      introduction points circuits and closing them in a non stop loop. Fixes
-      bug 21302; bugfix on 0.2.7.2-alpha.
-    - Cleanup expiring intro point nodes if no circuit is associated to it
-      anymore. It was causing, rarely, the service to not open enough
-      introduction points circuit in the case we had dead expiring nodes.;
-      bugfix on 0.2.7.2-alpha.
diff --git a/changes/bug21357 b/changes/bug21357
deleted file mode 100644
index a1cb43a78a..0000000000
--- a/changes/bug21357
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (IPv6 Exits):
-    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6
-      addresses. Instead, only reject a port over IPv6 if the exit policy
-      rejects that port on more than an IPv6 /16 of addresses. This bug was
-      made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6
-      address by default.
-      Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
diff --git a/changes/bug21372 b/changes/bug21372
deleted file mode 100644
index 178ae3aab1..0000000000
--- a/changes/bug21372
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (client):
-    - Always recover from failures in extend_info_from_node(),
-      in an attempt to prevent any recurrence of bug 21242.
-      Fixes bug 21372; bugfix on 0.2.3.1-alpha.
diff --git a/changes/change_separate_exit_and_relay.txt b/changes/change_separate_exit_and_relay.txt
deleted file mode 100644
index de7defcb41..0000000000
--- a/changes/change_separate_exit_and_relay.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (relay):

-    - Allow separation of exit and relay traffic to different source IP

-      addresses. Closes ticket 17975. Written by Michael Sonntag.

diff --git a/changes/ciphers.inc b/changes/ciphers.inc
deleted file mode 100644
index a8b5fd655f..0000000000
--- a/changes/ciphers.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (ciphersuite selection):
-    - Clients now advertise a list of ciphersuites closer to the ones
-      preferred by Firefox. Closes ticket 15426.
-
-
diff --git a/changes/feature20956 b/changes/feature20956
deleted file mode 100644
index 1ebddb1662..0000000000
--- a/changes/feature20956
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (configuration, controller):
-    - Each of the *Port options, such as SocksPort, ORPort, ControlPort,
-      and so on, now comes with a __*Port variant that will not be
-      saved to the torrc file by the controller's SAVECONF command.
-      This change allows TorBrowser to set up a single-use domain socket
-      for each time it launches Tor. Closes ticket 20956.
diff --git a/changes/feature21269 b/changes/feature21269
deleted file mode 100644
index 4ddbd128af..0000000000
--- a/changes/feature21269
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor feature (client):
-    - Enable IPv6 traffic by default on the SocksPort. To disable this, a user
-      will have to specify "NoIPv6Traffic". Closes ticket 21269.
diff --git a/changes/server_cipher b/changes/server_cipher
deleted file mode 100644
index b80c88a9cd..0000000000
--- a/changes/server_cipher
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (ciphersuite choices):
-    - Allow servers to accept a wider range of ciphersuites, including
-      chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
diff --git a/changes/ticket20174 b/changes/ticket20174
deleted file mode 100644
index b727fc137f..0000000000
--- a/changes/ticket20174
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor feature (fallback scripts):
-    - Add a check_existing mode to updateFallbackDirs.py, which checks if
-      fallbacks in the hard-coded list are working. Closes ticket 20174.
-      Patch by haxxpop.
diff --git a/changes/ticket21356 b/changes/ticket21356
deleted file mode 100644
index 394238ba7d..0000000000
--- a/changes/ticket21356
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (Windows services):
-    - Be sure to initialize the monotonic time subsystem before using it,
-      even when running as an NT service.
-      Fixes bug 21356; bugfix on 0.2.9.1-alpha.