Begin work on an 0.2.9.10 changelog

This one is much more normal than the 0.2.[45678] changelogs
I just started, since there has been a much shorter gap since the
most recent 0.2.9 release.

10 files changed, 64 insertions, 49 deletions

diff --git a/ChangeLog b/ChangeLog
index 512c245ad6..973a43c935 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,67 @@
+Changes in version 0.2.9.10 - 2017-03-??
+  Tor 0.2.9.10 backports a security fix from later Tor releass.
+
+  Tor 0.2.9.10 also includes fixes for some major issues affecting
+  directory authorities, LibreSSL compatibility, and IPv6 correctness.
+
+  The Tor 0.2.9.x release series is now marked as a long-term-support
+  series.  We intend to backport security fixes to 0.2.9.x until at
+  least March of 2020.
+
+  o Major bugfixes (directory authority, 0.3.0.3-alpha):
+    - During voting, when marking a relay as a probable sybil, do not
+      clear its BadExit flag: sybils can still be bad in other ways
+      too. (We still clear the other flags.) Fixes bug 21108; bugfix
+      on 0.2.0.13-alpha.
+
+  o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
+    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
+      any IPv6 addresses. Instead, only reject a port over IPv6 if the
+      exit policy rejects that port on more than an IPv6 /16 of
+      addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
+      which rejected a relay's own IPv6 address by default. Fixes bug
+      21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
+
+  o Major bugfixes (parsing, also in 0.3.0.4-rc):
+    - Fix an integer underflow bug when comparing malformed Tor versions.
+      This bug is harmless, except when Tor has been built with
+      --enable-expensive-hardening, which would turn it into a crash;
+      or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
+      -ftrapv by default.
+      Part of TROVE-2017-001. Fixes bug 21278; bugfix on
+      0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor features (directory authority, also in 0.3.0.4-rc):
+    - Directory authorities now reject descriptors that claim to be
+      malformed versions of Tor. Helps prevent exploitation of bug 21278.
+
+  o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
+    - Autoconf now checks to determine if OpenSSL structures are opaque,
+      instead of explicitly checking for OpenSSL version numbers. Part
+      of ticket 21359.
+    - Support building with recent LibreSSL code that uses opaque
+      structures. Closes ticket 21359.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
+    - Repair a couple of (unreachable or harmless) cases of the risky
+      comparison-by-subtraction pattern that caused bug 21278.
+
+  o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
+    - The tor-resolve command line tool now rejects hostnames over 255
+      characters in length. Previously, it would silently truncate them,
+      which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
+      Patch by "junglefowl".
+
+  o Minor bugfixes (voting consistency, also in 0.3.0.4-rc):
+    - Reject version numbers with components that exceed INT32_MAX.
+      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+      Fixes bug 21450; bugfix on 0.0.8pre1.
+
+
 Changes in version 0.2.9.9 - 2017-01-23
   Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
   cause relays and clients to crash, even if they were not built with
diff --git a/changes/21359 b/changes/21359
deleted file mode 100644
index cc9b377d52..0000000000
--- a/changes/21359
+++ /dev/null
@@ -1,8 +0,0 @@
-
-  o Minor features (portability, compilationc)
-    - Support building with recent LibreSSL code that uses opaque
-      structures. Closes ticket 21359.
-    - Autoconf now check to determine if OpenSSL
-      structures are opaque, instead of explicitly checking for
-      OpenSSL version numbers. 
-      Part of ticket 21359.
diff --git a/changes/bug21108_029 b/changes/bug21108_029
deleted file mode 100644
index 3a3f004fc6..0000000000
--- a/changes/bug21108_029
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (directory authority):
-    - During voting, when marking a node as a probable sybil, do not
-      clear its BadExit flag: sybils can still be bad in other ways
-      too. (We still clear the other flags.) Fixes bug 21108; bugfix
-      on 0.2.0.13-alpha.
-
diff --git a/changes/bug21278_extras b/changes/bug21278_extras
deleted file mode 100644
index ffdf4a047b..0000000000
--- a/changes/bug21278_extras
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (code correctness):
-    - Repair a couple of (unreachable or harmless) cases of the risky
-      comparison-by-subtraction pattern that caused bug 21278.
diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention
deleted file mode 100644
index e07f0a670c..0000000000
--- a/changes/bug21278_prevention
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Directory authorities now reject descriptors that claim to be
-      malformed versions of Tor. Helps prevent exploitation of bug 21278.
-      
diff --git a/changes/bug21280 b/changes/bug21280
deleted file mode 100644
index e9f0bc174c..0000000000
--- a/changes/bug21280
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (tor-resolve):
-    - The tor-resolve command line tool now rejects hostnames over 255
-      characters in length. Previously, it would silently truncate
-      them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
-      Patch by "junglefowl".
diff --git a/changes/bug21357 b/changes/bug21357
deleted file mode 100644
index a1cb43a78a..0000000000
--- a/changes/bug21357
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (IPv6 Exits):
-    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6
-      addresses. Instead, only reject a port over IPv6 if the exit policy
-      rejects that port on more than an IPv6 /16 of addresses. This bug was
-      made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6
-      address by default.
-      Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
diff --git a/changes/bug21450 b/changes/bug21450
deleted file mode 100644
index a1cf89ab41..0000000000
--- a/changes/bug21450
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (voting consistency):
-    - Reject version numbers with components that exceed INT32_MAX.
-      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
-      Fixes bug 21450; bugfix on 0.0.8pre1.
diff --git a/changes/geoip-february2017 b/changes/geoip-february2017
deleted file mode 100644
index ec54b6122a..0000000000
--- a/changes/geoip-february2017
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2
deleted file mode 100644
index 3ef073cf9f..0000000000
--- a/changes/trove-2017-001.2
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (parsing):
-    - Fix an integer underflow bug when comparing malformed Tor versions.
-      This bug is harmless, except when Tor has been built with
-      --enable-expensive-hardening, which would turn it into a crash;
-      or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
-      -ftrapv by default.
-      Part of TROVE-2017-001. Fixes bug 21278; bugfix on
-      0.0.8pre1. Found by OSS-Fuzz.