Sort and collate the ReleaseNotes sections again.

1 files changed, 119 insertions, 134 deletions

diff --git a/ReleaseNotes b/ReleaseNotes
index 13c01b37e3..f26d40abeb 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,13 +3,26 @@ of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
 Changes in version 0.2.5.9 - 2014-10-2x
-
   o Deprecated versions:
     - Tor 0.2.2.x has reached end-of-life; it has received no patches or
       attention for some while. Directory authorities no longer accept
       descriptors from relays running any version of Tor prior to Tor
       0.2.3.16-alpha. Resolves ticket 11149.
 
+  o Major features (client security):
+    - The ntor handshake is now on-by-default, no matter what the
+      directory authorities recommend. Implements ticket 8561.
+
+  o Major features (other security):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+    - Make the "tor-gencert" tool used by directory authority operators
+      create 2048-bit signing keys by default (rather than 1024-bit, since
+      1024-bit is uncomfortably small these days). Addresses ticket 10324.
+
   o Major features (relay security, DoS-resistance):
     - When deciding whether we have run out of memory and we need to
       close circuits, also consider memory allocated in buffers for
@@ -34,19 +47,13 @@ Changes in version 0.2.5.9 - 2014-10-2x
       the default was always 8 GB. You can still override the default by
       setting MaxMemInQueues yourself. Resolves ticket 11396.
 
-  o Major features (client security):
-    - The ntor handshake is now on-by-default, no matter what the
-      directory authorities recommend. Implements ticket 8561.
-
-  o Major features (other security):
-    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
-      today support TLS 1.0 or later, so we can safely turn off support
-      for this old (and insecure) protocol. Fixes bug 13426.
-    - Warn about attempts to run hidden services and relays in the same
-      process: that's probably not a good idea. Closes ticket 12908.
-    - Make the "tor-gencert" tool used by directory authority operators
-      create 2048-bit signing keys by default (rather than 1024-bit, since
-      1024-bit is uncomfortably small these days). Addresses ticket 10324.
+  o Major features (bridges and pluggable transports):
+    - Add support for passing arguments to managed pluggable transport
+      proxies. Implements ticket 3594.
+    - Bridges now track GeoIP information and the number of their users
+      even when pluggable transports are in use, and report usage
+      statistics in their extra-info descriptors. Resolves tickets 4773
+      and 5040.
 
   o Major features (bridges):
     - Don't launch pluggable transport proxies if we don't have any
@@ -59,6 +66,14 @@ Changes in version 0.2.5.9 - 2014-10-2x
       to e.g. include at least one Stable bridge in its answers. Fixes
       bug 9859.
 
+  o Major features (controller):
+    - Extend ORCONN controller event to include an "ID" parameter,
+      and add four new controller event types CONN_BW, CIRC_BW,
+      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+      The new events are emitted in private Tor networks only, with the
+      goal of being able to better track performance and load during
+      full-network simulations. Implements proposal 218 and ticket 7359.
+
   o Major features (relay performance):
     - Speed up server-side lookups of rendezvous and introduction point
       circuits by using hashtables instead of linear searches. These
@@ -82,13 +97,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
       platforms. This work has been done by Cristian-Matei Toader for
       Google Summer of Code. Resolves tickets 11351 and 11465.
 
-  o Major features (controller):
-    - Extend ORCONN controller event to include an "ID" parameter,
-      and add four new controller event types CONN_BW, CIRC_BW,
-      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
-      The new events are emitted in private Tor networks only, with the
-      goal of being able to better track performance and load during
-      full-network simulations. Implements proposal 218 and ticket 7359.
+  o Major features (testing networks):
+    - Make testing Tor networks bootstrap better: lower directory fetch
+      retry schedules and maximum interval without directory requests,
+      and raise maximum download tries. Implements ticket 6752.
+    - Add make target 'test-network' to run tests on a Chutney network.
+      Implements ticket 8530.
 
   o Major features (other):
     - On some platforms (currently: recent OSX versions, glibc-based
@@ -98,21 +112,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
       are dumped to stderr (if possible) and to any logs that are
       reporting errors. Implements ticket 9299.
 
-  o Major features (bridges and pluggable transports):
-    - Add support for passing arguments to managed pluggable transport
-      proxies. Implements ticket 3594.
-    - Bridges now track GeoIP information and the number of their users
-      even when pluggable transports are in use, and report usage
-      statistics in their extra-info descriptors. Resolves tickets 4773
-      and 5040.
-
-  o Major features (testing networks):
-    - Make testing Tor networks bootstrap better: lower directory fetch
-      retry schedules and maximum interval without directory requests,
-      and raise maximum download tries. Implements ticket 6752.
-    - Add make target 'test-network' to run tests on a Chutney network.
-      Implements ticket 8530.
-
   o Major bugfixes (security, directory authorities):
     - Directory authorities now include a digest of each relay's
       identity key as a part of its microdescriptor.
@@ -139,6 +138,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
       became more strict about when we have "enough directory information
       to build circuits".
 
+  o Major bugfixes (client, pluggable transports):
+    - When managing pluggable transports, use OS notification facilities
+      to learn if they have crashed, and don't attempt to kill any
+      process that has already exited. Fixes bug 8746; bugfix
+      on 0.2.3.6-alpha.
+
   o Major bugfixes (relay denial of service):
     - Instead of writing destroy cells directly to outgoing connection
       buffers, queue them and intersperse them with other outgoing cells.
@@ -147,12 +152,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
       delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
       bugfix on 0.2.0.1-alpha.
 
-  o Major bugfixes (client, pluggable transports):
-    - When managing pluggable transports, use OS notification facilities
-      to learn if they have crashed, and don't attempt to kill any
-      process that has already exited. Fixes bug 8746; bugfix
-      on 0.2.3.6-alpha.
-
   o Major bugfixes (relay):
     - Avoid queuing or sending destroy cells for circuit ID zero when we
       fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
@@ -236,6 +235,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
       configure rather than at build time. Fixes issue 6506. Patch from
       Arlo Breault.
 
+  o Minor features (client):
+    - Add a new option, PredictedPortsRelevanceTime, to control how long
+      after having received a request to connect to a given port Tor
+      will try to keep circuits ready in anticipation of future requests
+      for that port. Patch from "unixninja92"; implements ticket 9176.
+
   o Minor features (config options and command line):
     - Add an --allow-missing-torrc commandline option that tells Tor to
       run even if the configuration file specified by -f is not available.
@@ -277,6 +282,9 @@ Changes in version 0.2.5.9 - 2014-10-2x
       guards. Not recommended for ordinary use, since replacing guards
       too frequently makes several attacks easier. Resolves ticket 9934;
       patch from "ra".
+    - Implement the TRANSPORT_LAUNCHED control port event that
+      notifies controllers about new launched pluggable
+      transports. Resolves ticket 5609.
 
   o Minor features (diagnostic):
     - When logging a warning because of bug 7164, additionally check the
@@ -300,11 +308,24 @@ Changes in version 0.2.5.9 - 2014-10-2x
       warnings. We now include more information, to figure out why we
       might be cleaning a microdescriptor for being too old if it's
       still referenced by a live node_t object.
+    - Log current accounting state (bytes sent and received + remaining
+      time for the current accounting period) in the relay's heartbeat
+      message. Implements ticket 5526; patch from Peter Retzlaff.
 
   o Minor features (geoip):
     - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
       Country database.
 
+  o Minor features (interface):
+    - Generate a warning if any ports are listed in the SocksPolicy,
+      DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
+      AuthDirBadExit options. (These options only support address
+      ranges.) Fixes part of ticket 11108.
+
+  o Minor features (kernel API usage):
+    - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
+      sockets in a single system call. Implements ticket 5129.
+
   o Minor features (log messages):
     - When ServerTransportPlugin is set on a bridge, Tor can write more
       useful statistics about bridge use in its extrainfo descriptors,
@@ -326,6 +347,13 @@ Changes in version 0.2.5.9 - 2014-10-2x
     - Warn less verbosely when receiving a malformed
       ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
 
+  o Minor features (performance):
+    - If we're using the pure-C 32-bit curve25519_donna implementation
+      of curve25519, build it with the -fomit-frame-pointer option to
+      make it go faster on register-starved hosts. This improves our
+      handshake performance by about 6% on i386 hosts without nacl.
+      Closes ticket 8109.
+
   o Minor features (relay):
     - If a circuit timed out for at least 3 minutes, check if we have a
       new external IP address, and publish a new descriptor with the new
@@ -350,79 +378,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
       pf.conf(5) manual page for information on configuring pf to use
       divert-to rules. Closes ticket 10896; patch from Dana Koch.
 
-  o Minor features (client):
-    - Add a new option, PredictedPortsRelevanceTime, to control how long
-      after having received a request to connect to a given port Tor
-      will try to keep circuits ready in anticipation of future requests
-      for that port. Patch from "unixninja92"; implements ticket 9176.
-
-  o Minor features (interface):
-    - Generate a warning if any ports are listed in the SocksPolicy,
-      DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
-      AuthDirBadExit options. (These options only support address
-      ranges.) Fixes part of ticket 11108.
-
-  o Minor features (kernel API usage):
-    - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
-      sockets in a single system call. Implements ticket 5129.
-
-  o Minor features (diagnostic):
-    - Log current accounting state (bytes sent and received + remaining
-      time for the current accounting period) in the relay's heartbeat
-      message. Implements ticket 5526; patch from Peter Retzlaff.
-
-  o Minor features (controller):
-    - Implement the TRANSPORT_LAUNCHED control port event that
-      notifies controllers about new launched pluggable
-      transports. Resolves ticket 5609.
-
-  o Minor features (performance):
-    - If we're using the pure-C 32-bit curve25519_donna implementation
-      of curve25519, build it with the -fomit-frame-pointer option to
-      make it go faster on register-starved hosts. This improves our
-      handshake performance by about 6% on i386 hosts without nacl.
-      Closes ticket 8109.
-
-  o Minor bugfixes (tools):
-    - Disable the sandbox name resolver cache when running tor-resolve:
-      tor-resolve doesn't use the sandbox code, and turning it on was
-      breaking attempts to do tor-resolve on a non-default server on
-      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
-
-  o Minor bugfixes (compilation):
-    - Compile correctly with builds and forks of OpenSSL (such as
-      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
-      0.2.1.1-alpha. Patch from "dhill".
-
-  o Minor bugfixes (Directory server):
-    - No longer accept malformed http headers when parsing urls from
-      headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
-      bugfix on 0.0.6pre1.
-
-  o Minor bugfixes (misc code correctness):
-    - In munge_extrainfo_into_routerinfo(), check the return value of
-      memchr(). This would have been a serious issue if we ever passed
-      it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
-      from Arlo Breault.
-    - On the chance that somebody manages to build Tor on a
-      platform where time_t is unsigned, correct the way that
-      microdesc_add_to_cache() handles negative time arguments.
-      Fixes bug 8042; bugfix on 0.2.3.1-alpha.
-
-  o Minor bugfixes (interface):
-    - Reject relative control socket paths and emit a warning. Previously,
-      single-component control socket paths would be rejected, but Tor
-      would not log why it could not validate the config. Fixes bug 9258;
-      bugfix on 0.2.3.16-alpha.
-
-  o Minor bugfixes (Directory server):
-    - When sending a compressed set of descriptors or microdescriptors,
-      make sure to finalize the zlib stream. Previously, we would write
-      all the compressed data, but if the last descriptor we wanted to
-      send was missing or too old, we would not mark the stream as
-      finished. This caused problems for decompression tools. Fixes bug
-      11648; bugfix on 0.1.1.23.
-
   o Minor bugfixes (bridge client):
     - Stop accepting bridge lines containing hostnames. Doing so would
       cause clients to perform DNS requests on the hostnames, which was
@@ -439,10 +394,15 @@ Changes in version 0.2.5.9 - 2014-10-2x
       but ScrambleSuit will soon become the first one.) Fixes bug 9162;
       bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
 
-  o Minor bugfixes (compilation):
-    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
-      turned off (that is, without support for v2 link handshakes). Fixes
-      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
+  o Minor bugfixes (build, auxiliary programs):
+    - Stop preprocessing the "torify" script with autoconf, since
+      it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
+      from Guilhem.
+    - The tor-fw-helper program now follows the standard convention and
+      exits with status code "0" on success. Fixes bug 9030; bugfix on
+      0.2.3.1-alpha. Patch by Arlo Breault.
+    - Corrected ./configure advice for what openssl dev package you should
+      install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
 
   o Minor bugfixes (client):
     - Avoid "Tried to open a socket with DisableNetwork set" warnings
@@ -521,6 +481,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
       9573; bugfix on 0.0.9pre5.
 
   o Minor bugfixes (compilation):
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
+      turned off (that is, without support for v2 link handshakes). Fixes
+      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
     - In routerlist_assert_ok(), don't take the address of a
       routerinfo's cache_info member unless that routerinfo is non-NULL.
       Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
@@ -542,6 +508,9 @@ Changes in version 0.2.5.9 - 2014-10-2x
       bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
     - Fix compilation with dmalloc. Fixes bug 11605; bugfix
       on 0.2.4.10-alpha.
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
 
   o Minor bugfixes (controller and command-line):
     - If changing a config option via "setconf" fails in a recoverable
@@ -550,10 +519,27 @@ Changes in version 0.2.5.9 - 2014-10-2x
       write out that file if we successfully switch to the new config
       option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
 
+  o Minor bugfixes (Directory server):
+    - No longer accept malformed http headers when parsing urls from
+      headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
+      bugfix on 0.0.6pre1.
+    - When sending a compressed set of descriptors or microdescriptors,
+      make sure to finalize the zlib stream. Previously, we would write
+      all the compressed data, but if the last descriptor we wanted to
+      send was missing or too old, we would not mark the stream as
+      finished. This caused problems for decompression tools. Fixes bug
+      11648; bugfix on 0.1.1.23.
+
   o Minor bugfixes (hidden service):
     - Only retry attempts to connect to a chosen rendezvous point 8
       times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
 
+  o Minor bugfixes (interface):
+    - Reject relative control socket paths and emit a warning. Previously,
+      single-component control socket paths would be rejected, but Tor
+      would not log why it could not validate the config. Fixes bug 9258;
+      bugfix on 0.2.3.16-alpha.
+
   o Minor bugfixes (log messages):
     - Fix a bug where clients using bridges would report themselves
       as 50% bootstrapped even without a live consensus document.
@@ -591,6 +577,14 @@ Changes in version 0.2.5.9 - 2014-10-2x
       from 'warn' to 'protocol warning'. Closes ticket 8093.
 
   o Minor bugfixes (misc code correctness):
+    - In munge_extrainfo_into_routerinfo(), check the return value of
+      memchr(). This would have been a serious issue if we ever passed
+      it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
+      from Arlo Breault.
+    - On the chance that somebody manages to build Tor on a
+      platform where time_t is unsigned, correct the way that
+      microdesc_add_to_cache() handles negative time arguments.
+      Fixes bug 8042; bugfix on 0.2.3.1-alpha.
     - Fix various instances of undefined behavior in channeltls.c,
       tor_memmem(), and eventdns.c that would cause us to construct
       pointers to memory outside an allocated object. (These invalid
@@ -698,6 +692,12 @@ Changes in version 0.2.5.9 - 2014-10-2x
       by forgetting to free things in the unit test code. Fixes bug
       11618, bugfixes on many versions of Tor.
 
+  o Minor bugfixes (tools):
+    - Disable the sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
+
   o Minor bugfixes (tor-fw-helper):
     - Give a correct log message when tor-fw-helper fails to launch.
       (Previously, we would say something like "tor-fw-helper sent us a
@@ -712,16 +712,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
       own keys when generating a v3 networkstatus vote. These leaks
       should never have affected anyone in practice.
 
-  o Minor bugfixes (build, auxiliary programs):
-    - Stop preprocessing the "torify" script with autoconf, since
-      it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
-      from Guilhem.
-    - The tor-fw-helper program now follows the standard convention and
-      exits with status code "0" on success. Fixes bug 9030; bugfix on
-      0.2.3.1-alpha. Patch by Arlo Breault.
-    - Corrected ./configure advice for what openssl dev package you should
-      install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
-
   o Code simplification and refactoring:
     - Remove some old fallback code designed to keep Tor clients working
       in a network with only two working relays. Elsewhere in the code we
@@ -760,11 +750,6 @@ Changes in version 0.2.5.9 - 2014-10-2x
     - Get rid of router->address, since in all cases it was just the
       string representation of router->addr. Resolves ticket 5528.
 
-  o Minor bugfixes (compilation):
-    - Build and run correctly on systems like OpenBSD-current that have
-      patched OpenSSL to remove get_cipher_by_char and/or its
-      implementations. Fixes issue 13325.
-
   o Documentation:
     - Adjust the URLs in the README to refer to the new locations of
       several documents on the website. Fixes bug 12830. Patch from