fold in further changes files

11 files changed, 36 insertions, 48 deletions

diff --git a/ChangeLog b/ChangeLog
index cc7663c23c..bfcb459e05 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,24 @@
-Changes in version 0.2.3.17-alpha - 2012-06-??
+Changes in version 0.2.3.17-beta - 2012-06-1?
+  o Major features:
+    - Enable gcc and ld hardening by default. Resolves ticket 5210.
+    - Update TLS cipher list to match Firefox 8 and later. Resolves
+      ticket 4744.
+    - Implement the client side of proposal 198: remove support for
+      clients falsely claiming to support standard ciphersuites that
+      they can actually provide. As of modern OpenSSL versions, it's not
+      necessary to fake any standard ciphersuite, and doing so prevents
+      us from using better ciphersuites in the future, since servers
+      can't know whether an advertised ciphersuite is really supported or
+      not. Some hosts -- notably, ones with very old versions of OpenSSL
+      or where OpenSSL has been built with ECC disabled -- will stand
+      out because of this change; TBB users should not be affected.
 
   o Major bugfixes:
+    - Change the AllowDotExit rules so they should actually work.
+      We now enforce AllowDotExit only immediately after receiving an
+      address via SOCKS or DNSPort: other sources are free to provide
+      .exit addresses after the resolution occurs. Fixes bug 3940;
+      bugfix on 0.2.2.1-alpha.
     - When building Tor on Windows with -DUNICODE (not default), ensure
       that error messages, filenames, and DNS server names are always
       NUL-terminated when we convert them to a single-byte encoding.
@@ -15,8 +33,18 @@ Changes in version 0.2.3.17-alpha - 2012-06-??
       bug 6094; bugfix on 0.2.3.16-alpha.
 
   o Minor bugfixes:
+    - Disable writing on marked-for-close connections when they are
+      blocked on bandwidth, to prevent busy-looping in Libevent. Fixes
+      bug 5263; bugfix on 0.0.2pre13, where we first added a special
+      case for flushing marked connections.
     - Detect SSL handshake even when the initial attempt to write the
       server hello fails. Fixes bug 4592; bugfix on 0.2.0.13-alpha.
+    - Fix a (harmless) integer overflow in cell statistics reported by
+      some fast relays. Fixes bug 5849; bugfix on 0.2.2.1-alpha.
+    - Make sure circuitbuild.c checks LearnCircuitBuildTimeout in all the
+      right places and never depends on the consensus parameters or
+      computes adaptive timeouts when it is disabled. Fixes bug 5049;
+      bugfix on 0.2.2.14-alpha.
     - Make Tor build correctly again with -DUNICODE -D_UNICODE defined.
       Fixes bug 6097; bugfix on 0.2.2.16-alpha.
     - Fix an edge case where TestingTorNetwork is set but the authorities
@@ -26,6 +54,8 @@ Changes in version 0.2.3.17-alpha - 2012-06-??
     - Correct the manpage's descriptions for the default values of 
       DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix
       on 0.2.3.1-alpha.
+    - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on
+      0.2.3.11-alpha.
 
   o Minor features:
     - Rate-limit the "Weighted bandwidth is 0.000000" message, and add
@@ -34,6 +64,11 @@ Changes in version 0.2.3.17-alpha - 2012-06-??
     - Check CircuitBuildTimeout and LearnCircuitBuildTimeout in
       options_validate(); warn if LearnCircuitBuildTimeout is disabled and
       CircuitBuildTimeout is set unreasonably low. Resolves ticket 5452.
+    - Warn the user when HTTPProxy, but no other proxy type, is
+      configured. This can cause surprising behavior: it doesn't send
+      all of Tor's traffic over the HTTPProxy -- it sends unencrypted
+      directory traffic only. Resolves ticket 4663.
+    - Update to the June 6 2012 Maxmind GeoLite Country database.
 
 
 Changes in version 0.2.2.37 - 2012-06-06
diff --git a/changes/bug3940_redux b/changes/bug3940_redux
deleted file mode 100644
index 7733740d93..0000000000
--- a/changes/bug3940_redux
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes:
-    - Change the AllowDotExit rules so they should actually work.
-      We now enforce AllowDotExit only immediately after receiving
-      an address via SOCKS or DNSPort: other sources are free to provide
-      .exit addresses after the resolution occurs.
diff --git a/changes/bug4663 b/changes/bug4663
deleted file mode 100644
index f720ff5da4..0000000000
--- a/changes/bug4663
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features:
-    - Warn the user when HTTPProxy, but no other proxy type, is
-      configured. This can cause surprising behavior: it doesn't send
-      all of Tor's traffic over the HTTPProxy--it sends unencrypted
-      directory traffic only. Resolves ticket 4663.
diff --git a/changes/bug4744 b/changes/bug4744
deleted file mode 100644
index 1563cd1143..0000000000
--- a/changes/bug4744
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major features:
-    - Update cipher cipher list to match Firefox 8 and later. Fix for
-      issue 4744.
-
diff --git a/changes/bug5049 b/changes/bug5049
deleted file mode 100644
index 677fd42869..0000000000
--- a/changes/bug5049
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Make sure circuitbuild.c checks LearnCircuitBuildTimeout in all the
-      right places and never depends on the consensus parameters or computes
-      adaptive timeouts when it is disabled.
diff --git a/changes/bug5210 b/changes/bug5210
deleted file mode 100644
index b07e7f1f23..0000000000
--- a/changes/bug5210
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Security fixes:
-    - Enable gcc and ld hardening by default. Fixes bug 5210.
diff --git a/changes/bug5263 b/changes/bug5263
deleted file mode 100644
index 25793f141b..0000000000
--- a/changes/bug5263
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Disable writing on marked-for-close connections when they are
-      blocked on bandwidth, to prevent busy-looping in Libevent. Fixes
-      bug 5263; bugfix on 0.0.2pre13, where we first added a special
-      case for flushing marked connections.
diff --git a/changes/bug5849 b/changes/bug5849
deleted file mode 100644
index b6738a6b99..0000000000
--- a/changes/bug5849
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Fix a (harmless) integer overflow in cell statistics reported by
-      some fast relays.  Fixes bug 5849; bugfix on 0.2.2.1-alpha.
diff --git a/changes/bug6141 b/changes/bug6141
deleted file mode 100644
index b95475c2df..0000000000
--- a/changes/bug6141
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on
-      0.2.3.11-alpha.
-
diff --git a/changes/geoip-june2012 b/changes/geoip-june2012
deleted file mode 100644
index f73bf35529..0000000000
--- a/changes/geoip-june2012
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update to the June 6 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/prop198 b/changes/prop198
deleted file mode 100644
index fd666864c3..0000000000
--- a/changes/prop198
+++ /dev/null
@@ -1,12 +0,0 @@
-  o Removed features:
-
-    - Remove support for clients claiming to support any standard
-      ciphersuites that we can actually provide.  (As of modern
-      OpenSSL versions, it's not necessary to fake any standard
-      ciphersuite, and doing so prevents us from using better
-      ciphersuites in the future, since servers can't know whether an
-      advertised ciphersuite is really supported or not.)  Some
-      hosts--notably, ones with very old versions of OpenSSL or where
-      OpenSSL has been built with ECC disabled-- will stand out
-      because of this change; TBB users should not be affected.
-      This implements the client side of proposal 198.