Add the remaining changes items to ChangeLog for 0.2.7.2-alpha

30 files changed, 209 insertions, 199 deletions

diff --git a/ChangeLog b/ChangeLog
index af3b00dea5..5efd10c8a8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,36 +1,45 @@
 Changes in version 0.2.7.2-alpha - 2015-07-??
+  o Major features:
+    - Add support for offline encrypted ed25519 master keys. To use this
+      feature on your tor relay, run "tor --keygen" to make a new master
+      key (or to make a new signing key if you already have a master
+      key). Closes ticket 13642.
+
+  o Major feature (Hidden Service):
+    - Add the torrc option HiddenServiceNumIntroductionPoints for an
+      operatory to specify a fix amount of introduction points. Maximum
+      value is 10 and default is 3. Closes ticket 4862.
+    - Remove the introduction point adaptative algorithm which is
+      leaking popularity by changing the amount of introduction points
+      depending on the amount of traffic the HS sees. With this, we
+      stick to only 3 introduction points. Closes ticket 4862.
+
+  o Major features (Ed25519 identity keys, Prop220):
+    - All relays now maintain a stronger identity key, using the Ed25519
+      elliptic curve signature format. This master key is designed so
+      that it can be kept offline. Relays also generate an online
+      signing key, and a set of other Ed25519 keys and certificates.
+      These are all automatically regenerated and rotated as needed.
+    - Directory authorities now vote on Ed25519 identity keys along with
+      RSA1024 keys.
+    - Directory authorities track which Ed25519 identity keys have been
+      used with which RSA1024 identity keys, and do not allow them to
+      vary freely.
+    - Microdescriptors now include ed25519 identity keys.
+
+  o Major features (onion key cross-certification):
+    - Relay descriptors now include signatures of the identity keys
+      using the TAP and ntor onion keys. This allows relays to prove
+      ownership of their own onion keys. Because of this change,
+      microdescriptors no longer need to include RSA identity keys.
+      Implements proposal 228; closes ticket 12499.
 
   o Major bugfixes (client-side privacy, also in 0.2.6.9):
     - Properly separate out each SOCKSPort when applying stream
-      isolation. The error occurred because each port's session group was
-      being overwritten by a default value when the listener connection
-      was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
-      by "jojelino".
-
-  o Minor feature (directory authorities, security, also in 0.2.6.9):
-    - The HSDir flag given by authorities now requires the Stable flag.
-      For the current network, this results in going from 2887 to 2806
-      HSDirs. Also, it makes it harder for an attacker to launch a sybil
-      attack by raising the effort for a relay to become Stable which
-      takes at the very least 7 days to do so and by keeping the 96
-      hours uptime requirement for HSDir. Implements ticket 8243.
-
-  o Minor bugfixes (compilation, also in 0.2.6.9):
-    - Build with --enable-systemd correctly when libsystemd is
-      installed, but systemd is not. Fixes bug 16164; bugfix on
-      0.2.6.3-alpha. Patch from Peter Palfrader.
-
-  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
-    - Fix sandboxing to work when running as a relaymby renaming of
-      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
-      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
-    - Allow systemd connections to work with the Linux seccomp2 sandbox
-      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
-      Peter Palfrader.
-
-  o Minor bugfixes (tests, also in 0.2.6.9):
-    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
-      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+      isolation. The error occurred because each port's session group
+      was being overwritten by a default value when the listener
+      connection was initialized. Fixes bug 16247; bugfix on
+      0.2.6.3-alpha. Patch by "jojelino".
 
   o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
     - Stop refusing to store updated hidden service descriptors on a
@@ -42,6 +51,14 @@ Changes in version 0.2.7.2-alpha - 2015-07-??
       of a setback. First-round fix for bug 16381; bugfix
       on 0.2.6.3-alpha.
 
+  o Major bugfixes (open file limit):
+    - The max open file limit wasn't checked before calling
+      tor_accept_socket_nonblocking() which made tor go beyond the open
+      file limit set previously. With this fix, before opening a new
+      socket, tor validates the open file limit just before and if the
+      max has been reached, return EMFILE. Fixes bug 16288; bugfix
+      on 0.1.1.1-alpha.
+
   o Major bugfixes (stability, also in 0.2.6.10):
     - Stop crashing with an assertion failure when parsing certain kinds
       of malformed or truncated microdescriptors. Fixes bug 16400;
@@ -52,10 +69,74 @@ Changes in version 0.2.7.2-alpha - 2015-07-??
       service while a NEWNYM is in progress. Fixes bug 16013; bugfix
       on 0.1.0.1-rc.
 
+  o Minor feature (directory authorities, security, also in 0.2.6.9):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable which
+      takes at the very least 7 days to do so and by keeping the 96
+      hours uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor feature (performance):
+    - Improve the runtime speed of Ed25519 operations by using the
+      public-domain ed25519-donna by Andrew M. ("floodyberry").
+      Implements ticket 16467.
+    - Improve the runtime speed of the ntor handshake by using an
+      optimized curve25519 basepoint scalarmult implementation from the
+      public-domain ed25519-donna by Andrew M. ("floodyberry"), based on
+      ideas by Adam Langley. Implements ticket 9663.
+
+  o Minor features (client):
+    - Relax the validation done to hostnames in SOCKS5 requests, and
+      allow '_' to cope with domains observed in the wild that are
+      serving non-RFC compliant records. Resolves ticket 16430.
+
+  o Minor features (client, unix sockets):
+    - Add GroupWritable and WorldWritable options to unix-socket based
+      SocksPort and ControlPort options. These options apply to a single
+      socket, and override {Control,Socks}SocketsGroupWritable. Closes
+      ticket 15220.
+
+  o Minor Features (crypto, testing):
+    - Now that OpenSSL has its own scrypt implementation, add an unit
+      test that checks for interoperability between libscrypt_scrypt()
+      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+      and rely on EVP_PBE_scrypt() whenever possible. Resolves
+      ticket 16189.
+
+  o Minor features (directory authorities):
+    - Directory authorities no longer vote against the "Fast", "Stable",
+      and "HSDir" flags just because they were going to vote against
+      "Running": if the consensus turns out to be that the router was
+      running, then the authority's vote should count. Patch from Peter
+      Retzlaff; closes issue 8712.
+
   o Minor features (geoip, also in 0.2.6.10):
     - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
     - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
 
+  o Minor features (hidden service):
+    - Add the new options "HiddenServiceMaxStreams" and
+      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
+      limit the maximum number of simultaneous streams per circuit, and
+      optionally tear down the circuit when the limit is exceeded. Part
+      of ticket 16052.
+
+  o Minor features (portability):
+    - Use C99 variadic macros when the compiler is not GCC. This avoids
+      failing compilations on MSVC, and fixes a log-file-based race
+      condition in our old workarounds. Original patch from Gisle Vanem.
+
+  o Minor bugfixes (compilation, also in 0.2.6.9):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (controller):
+    - Add the descriptor ID in each HS_DESC control event. It was
+      missing but specified in control-spec.txt. Fixes bug 15881; bugfix
+      on 0.2.5.2-alpha.
+
   o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
     - Check for failures from crypto_early_init, and refuse to continue.
       A previous typo meant that we could keep going with an
@@ -63,11 +144,110 @@ Changes in version 0.2.7.2-alpha - 2015-07-??
       its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
       when implementing ticket 4900. Patch by "teor".
 
+  o Minor bugfixes (Hidden service):
+    - When cannibalizing a circuit for an introduction point, always
+      extend to the chosen exit node creating a 4 hop circuit instead of
+      using the current circuit exit node which resulted in changing the
+      original intro point choice. This resulted in the hidden service
+      skipping excluded nodes like for instance reconnecting to an
+      expired intro point. Fixes bug 16260; bugfix on 0.1.0.1-rc. This
+      is particularly important for the introduction point retry
+      behavior (see bug 8239) since cannibalization is allowed, which is
+      desired, so it's important to pin the chosen exit point.
+
+  o Minor bugfixes (hidden service):
+    - Fix a crash when reloading configuration while at least one
+      configured and one ephemeral hidden service exists. Fixes bug
+      16060; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Avoid crashing with a double-free bug when we create an ephemeral
+      hidden service but adding it fails for some reason. Fixes bug
+      16228; bugfix on 0.2.7.1-alpha.
+
   o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
     - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
       these when eventfd2() support is missing. Fixes bug 16363; bugfix
       on 0.2.6.3-alpha. Patch from "teor".
 
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
+    - Fix sandboxing to work when running as a relaymby renaming of
+      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
+      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (systemd):
+    - Fix an accidental formatting error that broke the systemd
+      configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (tests):
+    - Use the configured Python executable when running test-stem-full.
+      Fixes bug 16470; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (tests, also in 0.2.6.9):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+  o Minor enhancements (correctness, testing):
+    - Document use of coverity, clang static analyzer, and clang dynamic
+      undefined behavior and address sanitizers in doc/HACKING. Add
+      clang dynamic sanitizer blacklist in
+      contrib/clang/sanitizer_blacklist.txt to exempt known undefined
+      behavior. Include detailed usage instructions in the blacklist.
+      Patch by "teor". Closes ticket 15817.
+
+  o Minor fixes (sandbox, files):
+    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
+      defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
+
+  o Minor fixes (threads, comments):
+    - Always initialise return value in compute_desc_id in rendcommon.c
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Check for NULL values in getinfo_helper_onions Patch by "teor".
+      Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Remove undefined directive-in-macro in test_util_writepid clang
+      3.7 complains that using a preprocessor directive inside a macro
+      invocation in test_util_writepid in test_util.c is undefined.
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+
+  o Code simplification and refactoring:
+    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
+      to ensure they remain consistent and visible everywhere.
+    - Remove some vestigial workarounds for the MSVC6 compiler. We
+      haven't supported that in ages.
+    - The link authentication code has been refactored for better
+      testability and reliability. It now uses code generated with the
+      "trunnel" binary encoding generator, to reduce the risk of bugs
+      due to programmer error. Done as part of ticket 12498.
+
+  o Removed features:
+    - Remove the HidServDirectoryV2 option. Now all relays offer to
+      store hidden service descriptors. Related to 16543.
+    - Remove the VoteOnHidServDirectoriesV2 option, since all
+      authorities have long set it to 1. Closes ticket 16543.
+    - Tor no longer supports copies of OpenSSL that are missing support
+      for Elliptic Curve Cryptography. In particular support for at
+      least one of P256 or P224 is now required, with manual
+      configuration needed if only P224 is available. Resolves
+      ticket 16140.
+    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
+      on an operating system that has not upgraded to OpenSSL 1.0 or
+      later, and you compile Tor from source, you will need to install a
+      more recent OpenSSL to link Tor against.) Resolves ticket 16034.
+
+  o Testing:
+    - The link authentication protocol code now has extensive tests.
+    - The relay descriptor signature testing code now has
+      extensive tests.
+    - The test_workqueue program now runs faster, and is enabled by
+      default as a part of "make check".
+
+  o Features (control protocl):
+    - Support network-liveness GETINFO key and NETWORK_LIVENESS events
+      in the control protocol. Resolves ticket 15358.
+
 
 Changes in version 0.2.6.10 - 2015-07-12
   Tor version 0.2.6.10 fixes some significant stability and hidden
diff --git a/changes/8712 b/changes/8712
deleted file mode 100644
index c7423e84c8..0000000000
--- a/changes/8712
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (directory authorities):
-    - Directory authorities no longer vote against the "Fast",
-      "Stable", and "HSDir" flags just because they were going to vote
-      against "Running": if the consensus turns out to be that the
-      router was running, then the authority's vote should count.
-      Patch from Peter Retzlaff; closes issue 8712.
\ No newline at end of file
diff --git a/changes/bug12498 b/changes/bug12498
deleted file mode 100644
index 185ba467f4..0000000000
--- a/changes/bug12498
+++ /dev/null
@@ -1,29 +0,0 @@
-  o Major features (Ed25519 identity keys, Prop220):
-    - All relays now maintain a stronger identity key, using the
-      Ed25519 elliptic curve signature format.  This master key is
-      designed so that it can be kept offline. Relays also generate
-      an online signing key, and a set of other Ed25519 keys and certificates.
-      These are all automatically regenerated and rotated as needed.
-    - Directory authorities track which Ed25519 identity keys have been
-      used with which RSA1024 identity keys, and do not allow them to vary
-      freely.
-    - Directory authorities now vote on Ed25519 identity keys along with
-      RSA1024 keys.
-    - Microdescriptors now include ed25519 identity keys.
-
-  o Major features (onion key cross-certification):
-    - Relay descriptors now include signatures of the identity keys using
-      the TAP and ntor onion keys. This allows relays to prove ownership of
-      their own onion keys. Because of this change, microdescriptors no longer
-      need to include RSA identity keys. Implements proposal 228;
-      closes ticket 12499.
-
-  o Code simplification and refactoring:
-    - The link authentication code has been refactored for better testability
-      and reliability.  It now uses code generated with the "trunnel"
-      binary encoding generator, to reduce the risk of bugs due to 
-      programmer error. Done as part of ticket 12498.
-
-  o Testing:
-    - The link authentication protocol code now has extensive tests.
-    - The relay descriptor signature testing code now has extensive tests.
diff --git a/changes/bug15881 b/changes/bug15881
deleted file mode 100644
index b0dcb2fc6d..0000000000
--- a/changes/bug15881
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (controller):
-    - Add the descriptor ID in each HS_DESC control event. It was missing
-      but specified in control-spec.txt. Fixes bug 15881; bugfix
-      on 0.2.5.2-alpha.
diff --git a/changes/bug16060 b/changes/bug16060
deleted file mode 100644
index eb0b50f7ed..0000000000
--- a/changes/bug16060
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Fix a crash when reloading configuration while at least one
-      configured and one ephemeral hidden service exists. Fixes bug 16060;
-      bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16115-NULL-getinfo-onions b/changes/bug16115-NULL-getinfo-onions
deleted file mode 100644
index 40983b34d1..0000000000
--- a/changes/bug16115-NULL-getinfo-onions
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor fixes (threads, comments):
-    - Check for NULL values in getinfo_helper_onions
-      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16115-init-var b/changes/bug16115-init-var
deleted file mode 100644
index e29bb133de..0000000000
--- a/changes/bug16115-init-var
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor fixes (threads, comments):
-    - Always initialise return value in compute_desc_id in rendcommon.c
-      Patch by "teor".
-      Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16115-undef-directive-in-macro b/changes/bug16115-undef-directive-in-macro
deleted file mode 100644
index 17aac1f88c..0000000000
--- a/changes/bug16115-undef-directive-in-macro
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor fixes (threads, comments):
-    - Remove undefined directive-in-macro in test_util_writepid
-      clang 3.7 complains that using a preprocessor directive inside
-      a macro invocation in test_util_writepid in test_util.c is undefined.
-      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16152 b/changes/bug16152
deleted file mode 100644
index 8b93a60715..0000000000
--- a/changes/bug16152
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (systemd):
-    - Fix an accidental formatting error that broke the systemd
-      configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16228 b/changes/bug16228
deleted file mode 100644
index bf36cf82ea..0000000000
--- a/changes/bug16228
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Avoid crashing with a double-free bug when we create an
-      ephemeral hidden service but adding it fails for some reason.
-      Fixes bug 16228; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16260 b/changes/bug16260
deleted file mode 100644
index a2797b8b0c..0000000000
--- a/changes/bug16260
+++ /dev/null
@@ -1,11 +0,0 @@
-  o Minor bugfix (Hidden service)
-    - When cannibalizing a circuit for an introduction point, always extend
-      to the chosen exit node creating a 4 hop circuit instead of using the
-      current circuit exit node which resulted in changing the original
-      intro point choice. This resulted in the hidden service skipping
-      excluded nodes like for instance reconnecting to an expired intro
-      point. Fixes bug 16260; bugfix on 0.1.0.1-rc.
-
-      This is particularly important for the introduction point retry
-      behavior (see bug 8239) since cannibalization is allowed, which is
-      desired, so it's important to pin the chosen exit point.
diff --git a/changes/bug16288 b/changes/bug16288
deleted file mode 100644
index b3cfaa09e7..0000000000
--- a/changes/bug16288
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (open file limit):
-    - The max open file limit wasn't checked before calling
-      tor_accept_socket_nonblocking() which made tor go beyond the open
-      file limit set previously. With this fix, before opening a new socket,
-      tor validates the open file limit just before and if the max has been
-      reached, return EMFILE. Fixes  bug 16288; bugfix on 0.1.1.1-alpha.
diff --git a/changes/bug16430 b/changes/bug16430
deleted file mode 100644
index ca7b874f98..0000000000
--- a/changes/bug16430
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (client):
-    - Relax the validation done to hostnames in SOCKS5 requests, and allow
-      '_' to cope with domains observed in the wild that are serving non-RFC
-      compliant records. Resolves ticket 16430.
diff --git a/changes/bug16470 b/changes/bug16470
deleted file mode 100644
index 3d1b419f6b..0000000000
--- a/changes/bug16470
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (tests):
-    - Use the configured Python executable when running test-stem-full. Fixes
-      bug 16470; bugfix on 0.2.7.1-alpha.
diff --git a/changes/bug16515-sandbox-cloexec b/changes/bug16515-sandbox-cloexec
deleted file mode 100644
index c667f4b23c..0000000000
--- a/changes/bug16515-sandbox-cloexec
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor fixes (sandbox, files):
-    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined.
-      Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug16543 b/changes/bug16543
deleted file mode 100644
index b2528336da..0000000000
--- a/changes/bug16543
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Removed features:
-    - Remove the HidServDirectoryV2 option. Now all relays offer to store
-      hidden service descriptors. Related to 16543.
-    - Remove the VoteOnHidServDirectoriesV2 option, since all authorities
-      have long set it to 1. Closes ticket 16543.
diff --git a/changes/bug4862 b/changes/bug4862
deleted file mode 100644
index f92d79d7ec..0000000000
--- a/changes/bug4862
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major feature (Hidden Service):
-    - Remove the introduction point adaptative algorithm which is leaking
-      popularity by changing the amount of introduction points depending on
-      the amount of traffic the HS sees. With this, we stick to only 3
-      introduction points. Closes ticket 4862.
-    - Add the torrc option HiddenServiceNumIntroductionPoints for an
-      operatory to specify a fix amount of introduction points. Maximum
-      value is 10 and default is 3. Closes ticket 4862.
diff --git a/changes/faster-workqueue-test b/changes/faster-workqueue-test
deleted file mode 100644
index 16489e40ad..0000000000
--- a/changes/faster-workqueue-test
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Testing:
-    - The test_workqueue program now runs faster, and is enabled by
-      default as a part of "make check".
diff --git a/changes/feature13642 b/changes/feature13642
deleted file mode 100644
index a1a9b25d59..0000000000
--- a/changes/feature13642
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major features:
-    - Add support for offline encrypted ed25519 master keys. To use
-      this feature on your tor relay, run "tor --keygen" to make a new
-      master key (or to make a new signing key if you already have a
-      master key).  Closes ticket 13642.
diff --git a/changes/feature15220 b/changes/feature15220
deleted file mode 100644
index 6cab36dffd..0000000000
--- a/changes/feature15220
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (client, unix sockets):
-    - Add GroupWritable and WorldWritable options to unix-socket based
-      SocksPort and ControlPort options. These options apply to a single
-      socket, and override {Control,Socks}SocketsGroupWritable. Closes
-      ticket 15220.
diff --git a/changes/feature15817-clang-sanitizers b/changes/feature15817-clang-sanitizers
deleted file mode 100644
index 0010bd6679..0000000000
--- a/changes/feature15817-clang-sanitizers
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor enhancements (correctness, testing):
-    - Document use of coverity, clang static analyzer, and clang dynamic
-      undefined behavior and address sanitizers in doc/HACKING.
-      Add clang dynamic sanitizer blacklist in
-      contrib/clang/sanitizer_blacklist.txt to exempt known undefined
-      behavior. Include detailed usage instructions in the blacklist.
-      Patch by "teor". Closes ticket 15817.
diff --git a/changes/feature16052 b/changes/feature16052
deleted file mode 100644
index cd09b58867..0000000000
--- a/changes/feature16052
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (hidden service):
-    - Add the new options "HiddenServiceMaxStreams" and
-      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to limit
-      the maximum number of simultaneous streams per circuit, and optionally
-      tear down the circuit when the limit is exceeded. Part of ticket 16052.
diff --git a/changes/feature16467 b/changes/feature16467
deleted file mode 100644
index 5cd30fd1d9..0000000000
--- a/changes/feature16467
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor feature (performance):
-    - Improve the runtime speed of Ed25519 operations by using the
-      public-domain ed25519-donna by Andrew M. ("floodyberry"). Implements
-      ticket 16467.
diff --git a/changes/feature9663 b/changes/feature9663
deleted file mode 100644
index c02e08d034..0000000000
--- a/changes/feature9663
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor feature (performance):
-    - Improve the runtime speed of the ntor handshake by using an
-      optimized curve25519 basepoint scalarmult implementation from the
-      public-domain ed25519-donna by Andrew M. ("floodyberry"), based on
-      ideas by Adam Langley. Implements ticket 9663.
diff --git a/changes/ticket15358 b/changes/ticket15358
deleted file mode 100644
index 5b1758641e..0000000000
--- a/changes/ticket15358
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Features (control protocl):
-    - Support network-liveness GETINFO key and NETWORK_LIVENESS events in the
-      control protocol.  Resolves ticket 15358.
diff --git a/changes/ticket16034 b/changes/ticket16034
deleted file mode 100644
index a8546efbe8..0000000000
--- a/changes/ticket16034
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Removed features:
-
-    - Tor no longer supports versions of OpenSSL before 1.0. (If you
-      are on an operating system that has not upgraded to OpenSSL 1.0
-      or later, and you compile Tor from source, you will need to
-      install a more recent OpenSSL to link Tor against.)
-      Resolves ticket 16034.
diff --git a/changes/ticket16140 b/changes/ticket16140
deleted file mode 100644
index 27986715c5..0000000000
--- a/changes/ticket16140
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Removed features:
-
-    - Tor no longer supports copies of OpenSSL that are missing support for
-      Elliptic Curve Cryptography.  In particular support for at least one of
-      P256 or P224 is now required, with manual configuration needed if only
-      P224 is available.
-      Resolves ticket 16140.
diff --git a/changes/ticket16189 b/changes/ticket16189
deleted file mode 100644
index f07fad90ee..0000000000
--- a/changes/ticket16189
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor Features (crypto, testing):
-    - Now that OpenSSL has its own scrypt implementation, add an unit
-      test that checks for interoperability between libscrypt_scrypt()
-      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
-      and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket
-      16189.
diff --git a/changes/variadic_macros b/changes/variadic_macros
deleted file mode 100644
index 0d84dd922e..0000000000
--- a/changes/variadic_macros
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (portability):
-    - Use C99 variadic macros when the compiler is not GCC. This avoids
-      failing compilations on MSVC, and fixes a log-file-based race
-      condition in our old workarounds. Original patch from Gisle Vanem.
diff --git a/changes/win-macros b/changes/win-macros
deleted file mode 100644
index a46a474d08..0000000000
--- a/changes/win-macros
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Code simplification and refactoring:
-    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
-      to ensure they remain consistent and visible everywhere.
-
-    - Remove some vestigial workarounds for the MSVC6 compiler.  We haven't
-      supported that in ages.
-