Initial changelog draft for 0.4.1.1-alpha (mostly automated)

98 files changed, 432 insertions, 396 deletions

diff --git a/ChangeLog b/ChangeLog
index a69a7253b0..827c4c3131 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,435 @@
+Changes in version 0.4.1.1-alpha - 2019-05-??
+  This is the first alpha in the 0.4.1.x series. It introduces
+  lightweight circuit padding to make some onion-service circuits harder
+  to distinguish, includes a new "authenticated SENDME" feature to make
+  certain denial-of-service attacks more difficult, and improves
+  performance in several areas.
+
+  o Major features (Circuit padding):
+    - Onion service clients will now add padding cells to the initial
+      portions of their INTRODUCE and RENDEZVOUS circuits, to make those
+      circuits' traffic patterns look more like general purpose Exit
+      traffic. The overhead for this is 2 extra cells in each direction
+      for RENDEZVOUS circuits, and 1 extra upstream cell and 10
+      downstream cells for INTRODUCE circuits. This will only be enabled
+      if the circuit's middle node supports this feature, too. (Clients
+      may specify fixed middle nodes with the MiddleNodes torrc
+      directive, and may force-disable this feature with the
+      CircuitPadding torrc directive). Closes ticket 28634.
+
+  o Major features (code organization):
+    - Tor now includes a generic publish-subscribe message-passing
+      subsystem that we can use to organize intermodule dependencies. We
+      hope to use this to reduce dependencies between modules that don't
+      need to be related, and to generally simplify our codebase. Closes
+      ticket 28226.
+
+  o Major features (controller protocol):
+    - Controller commands are now parsed using a generalized parsing
+      subsystem. Previously, each controller command was responsible for
+      parsing its own input. Closes ticket 30091.
+
+  o Major features (flow control):
+    - Implement authenticated SENDMEs detailed in proposal 289. A SENDME
+      cell now includes the digest of the last cell received so once the
+      end point receives the SENDME, it can confirm the other side's
+      knowledge of the previous cells that were sent. This behavior is
+      controlled by two new consensus parameters, see proposal for more
+      details. Fixes ticket 26288.
+
+  o Major features (performance):
+    - Update our node selection algorithm to exclude nodes in linear
+      time. Previously, the algorithm was quadratic, which could slow
+      down heavily used onion services. Closes ticket 30307.
+
+  o Minor feature (circuit padding):
+    - We now use a fast RNG when scheduling circuit padding. Part of
+      ticket 28636.
+
+  o Minor feature (maintenance scripts):
+    - Add to scripts/maint/ helper maintainer scripts used for git
+      maintenance. Closes ticket 29391.
+
+  o Minor features (circuit padding):
+    - Allow the padding machine designer to pick the edges of their
+      histogram instead of trying to compute them automatically using an
+      exponential formula. Resolves some undefined behavior in the case
+      of small histograms and allows greater flexibility on machine
+      design. Closes ticket 29298; bugfix on 0.4.0.1-alpha.
+    - Provide the ability for circuit padding machines to hold a circuit
+      open until they are done padding it. Closes ticket 28780.
+
+  o Minor features (compile-time modules):
+    - Add a --list-modules command to print a list of which compile-time
+      modules are enabled. Closes ticket 30452.
+
+  o Minor features (continuous integration):
+    - Remove sudo configuration lines from .travis.yml as they are no
+      longer needed with current Travis build environment. Resolves
+      issue 30213.
+
+  o Minor features (controller):
+    - Add onion service version 3 support to HSFETCH. Previously, only
+      version 2 onion services were supported. Closes ticket 25417.
+      Patch by Neel Chauhan
+
+  o Minor features (debugging):
+    - Introduce tor_assertf() and tor_assertf_nonfatal() to enable
+      logging of additional information during assert failure. Now we
+      can use format strings to include pieces of information that are
+      relevant for trouble shooting. Resolves ticket 29662.
+
+  o Minor features (defense in depth):
+    - In smartlist_remove_keeporder(), set any pointers that become
+      unused to NULL, in case a bug causes them to be used later. Closes
+      ticket 30176. Patch from Tobias Stoeckmann.
+    - Tor now uses a fast cryptographically strong PRNG even for
+      decisions that we do not believe are security-sensitive.
+      Previously, for performance reasons, we had used a trivially
+      predictable linear congruential generator algorithm for certain
+      load-balancing and statistical sampling decisions. Now we use our
+      fast RNG in those cases. Closes ticket 29542.
+
+  o Minor features (developer tooling):
+    - Call practracker from pre-push and pre-commit git hooks to let a
+      developer know if they made any code style violations in their
+      last commit. This should help preventing code style violations
+      appearing upstream. Closes ticket 30051.
+    - Call pre-commit git hook from pre-push hook to make sure we're
+      running documentation and code style checks before pushing to
+      remote git repository. Implements feature 30033.
+    - Modify git pre-push hook script to disallow pushing branches other
+      than master, release-* and maint-* to origin remote. Implements
+      feature 29532.
+
+  o Minor features (developer tools):
+    - Add a script to check that each header has a well-formed and
+      unique guard marco. Closes ticket 29756.
+    - Introduce a post-merge git hook script to check if we're pulling
+      in any changes to our git workspace management scripts from
+      upstream. Resolves issue 29588.
+
+  o Minor features (development tools):
+    - Tor's test scripts now check for files and functions that seem too
+      long and complicated. Existing overlong functions and files are
+      accepted for now, but should eventually be refactored. Closes
+      ticket 29221.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2
+      Country database. Closes ticket 30522.
+
+  o Minor features (git scripts):
+    - In git-pull-all.sh, also fetch the latest tor-github pull
+      requests. Implements ticket 30114.
+
+  o Minor features (HTTP tunnel):
+    - Return an informative web page when the HTTPTunnelPort is used as
+      an HTTP proxy. Closes ticket 27821, patch by "eighthave".
+
+  o Minor features (IPv6, v3 onion services):
+    - Make v3 onion services put IPv6 addresses in service descriptors.
+      Before this change, service descriptors only contained IPv4
+      addressesd. Implements 26992.
+
+  o Minor features (modularity):
+    - The --disable-module-dirauth compile-time option now disables even
+      more dirauth-only code. Closes ticket 30345.
+
+  o Minor features (performance):
+    - Use OpenSSL's implementations of SHA3 when available (in OpenSSL
+      1.1.1 and later), since they tend to be faster than tiny-keccak.
+      Closes ticket 28837.
+
+  o Minor features (performance, RNG):
+    - Tor now constructs a fast secure pseudorandom number generator for
+      each thread, to use for cases where performance is critical. This
+      PRNG is based on AES-CTR, using a buffering construction similar
+      to libottery and the (newer) OpenBSD arc4random() code. It
+      outperforms OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for
+      small outputs. Although we believe it to be cryptographically
+      strong, we are only using it when necessary for reasonable
+      performance. Implements tickets 29023 and 29536.
+
+  o Minor features (testing):
+    - Tor's unit test code now contains a standard set of functions to
+      replace the PRNG with a deterministic or reproducible version for
+      testing. Previously, various tests implemented this in various
+      ways. Implements ticket 29732.
+    - We now have a script, cov-test-determinism.sh, to identify places
+      where our unit test coverage has become nondeterministic. Closes
+      ticket 29436.
+
+  o Minor bugfixes (bridge authority):
+    - We set bridges as running when we dump the bridge status to a
+      file. Previously, we set bridges as running in a GETINFO
+      controller, but these shouldn't modify vital data structures.
+      Fixes bug 24490; bugfix on 0.2.0.13-alpha. Patch by Neel Chauhan
+
+  o Minor bugfixes (Channel padding statistics):
+    - Channel padding write totals and padding-enabled totals are now
+      counted properly in relay extrainfo descriptors. Fixes bug 29231;
+      bugfix on 0.3.1.1-alpha
+
+  o Minor bugfixes (circuit padding):
+    - Add a torrc option to disable circuit padding. Fixes bug 28693;
+      bugfix on 0.4.0.1-alpha.
+    - Allow circuit padding machines to specify that they do not
+      contribute much overhead, and provide consensus flags and torrc
+      options to force clients to only use low overhead machines. Fixes
+      bug 29203; bugfix on 0.4.0.1-alpha.
+    - Provide consensus parameter to fully disable circuit padding, to
+      be used in emergency network overload situations. Fixes bug 30173;
+      bugfix on 0.4.0.1-alpha.
+    - The circuit padding subsystem does not schedule padding if dormant
+      mode is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (circuitpadding):
+    - Inspect circuit-level cell queue before sending padding, to avoid
+      sending padding while too much data is queued. Fixes bug 29204;
+      bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (compilation, unusual configuration):
+    - Avoid failures when building with ALL_BUGS_ARE_FAILED due to
+      missing declarations of abort(), and prevent other such failures
+      in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.
+
+  o Minor bugfixes (controller protocol):
+    - Teach the controller parser to correctly distinguish an object
+      preceded by an argument list from one without. Previously, it
+      couldn't distinguish an argument list from the first line of a
+      multiline object. Fixes bug 29984; bugfix on 0.2.3.8-alpha.
+
+  o Minor bugfixes (developer tools):
+    - Update our pre-commit.git-hook script to work correctly on older
+      Tor branches and release branches without any changes files, and
+      to actually exit when something fails. Fixes bug 29553; bugfix
+      on 0.4.0.2-alpha.
+
+  o Minor bugfixes (dirauth, ipv6):
+    - If we are a durauth with IPv6 and are marking relays as running,
+      mark ourselves as reachable on IPv6. Fixes bug 24338; bugfix on
+      0.4.0.2-alpha. Patch by Neel Chauhan
+
+  o Minor bugfixes (documentation):
+    - Improve the documentation for MapAddress .exit. Fixes bug 30109;
+      bugfix on 0.1.0.1-rc.
+    - Improve the monotonic time module and function documentation.
+      Explain what "monotonic" actually means, and document some results
+      that have surprised people. Fixes bug 29640; bugfix
+      on 0.2.9.1-alpha.
+
+  o Minor bugfixes (documentation, manpage):
+    - Use proper formatting when providing an example on quoting options
+      that contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc.
+
+  o Minor bugfixes (lib):
+
+  o Minor bugfixes (logging):
+    - Do not log a warning for OpenSSL versions that should be
+      compatible. Fixes bug 30190; bugfix on 0.2.4.2-alpha
+
+  o Minor bugfixes (logging, configuration):
+    - Warn operators when MyFamily option is set but ContactInfo is
+      missing, as the latter should be set too. Fixes bug 25110; bugfix
+      on 0.3.3.1-alpha.
+
+  o Minor bugfixes (memory leak):
+    - Avoid a minor memory leak that could occur on relays when creating
+      a keys directory failed. Fixes bug 30148; bugfix on 0.3.3.1-alpha.
+
+  o Minor bugfixes (onion services):
+    - Avoid a GCC 9.1.1 warning (and possible crash depending on libc
+      implemenation) when failing to load an onion service client
+      authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha.
+    - If we are launching repeated HSFETCH queries and are rate-limited,
+      we introduce a new controller response QUERY_RATE_LIMITED instead
+      of QUERY_NO_HSDIR, while keeping the latter for when onion service
+      directories are missing a descriptor. Previously, we returned
+      QUERY_NO_HSDIR for both cases. Fixes bug 28269; bugfix on
+      0.3.1.1-alpha. Patch by Neel Chauhan
+    - If we are relaunching a circuit to a rendevous service in
+      rend_service_relaunch_rendezvous() and
+      hs_service_requires_uptime_circ() is true, the
+      CIRCLAUNCH_NEED_UPTIME flag is added to the circuit. Previously,
+      we only set this flag when we received a INTRODUCE2 cell in
+      rend_service_receive_introduction(). Fixes bug 17357; bugfix on
+      0.4.0.2-alpha. Patch by Neel Chauhan
+
+  o Minor bugfixes (onion services, performance):
+    - If we are building circuits to onion services, in
+      circuit_is_acceptable() we only call tor_addr_parse() in places
+      where we use the returned family and address values from this
+      function. Previously, we called tor_addr_parse() in
+      circuit_is_acceptable() even if it wasn't used. This change will
+      improve performance when building circuits. Fixes bug 22210;
+      bugfix on 0.2.8.12. Patch by Neel Chauhan
+
+  o Minor bugfixes (performance):
+    - When checking a node for bridge status, use a fast check to make
+      sure that its identity is set. Previously, we used a constant-time
+      check, which is not necessary when verifying a BUG() condition that
+      causes a stack trace. Fixes bug 30308; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (pluggable transports):
+    - Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as
+      well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (probability distributions):
+    - Refactor and improve parts of the probability distribution code
+      that made Coverity complain. Fixes bug 29805; bugfix
+      on 0.4.0.1-alpha.
+
+  o Minor bugfixes (python):
+    - Stop assuming that /usr/bin/python3 exists. For scripts that work
+      with python2, use /usr/bin/python. Otherwise, use /usr/bin/env
+      python3. Fixes bug 29913; bugfix on 0.2.5.3-alpha.
+
+  o Minor bugfixes (relay):
+    - If we are are a relay and have IPv6Exit to 1 while ExitRelay is
+      auto, we act as if ExitRelay is 1. Previously, we ignored IPv6Exit
+      if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on
+      0.3.5.1-alpha. Patch by Neel Chauhan.
+
+  o Minor bugfixes (stats):
+    - When ExtraInfoStatistics is 0, stop including bandwidth usage
+      statistics, GeoIPFile hashes, ServerTransportPlugin lines, and
+      bridge statistics by country in extra-info documents. Fixes bug
+      29018; bugfix on 0.2.4.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Call setrlimit() to disable core dumps in test_bt_cl.c instead of
+      using `ulimit -c` in test_bt.sh, which violates POSIX shell
+      compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (testing, v3 onion services):
+    - Fix some incorrect code in the v3 onion service unit tests. Fixes
+      bug 29243; bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (tor-resolve):
+    - Fix a memory leak in tor-resolve that could happen if Tor gave it
+      a malformed SOCKS response. (Memory leaks in tor-resolve don't
+      actually matter, but it's good to fix them anyway.) Fixes bug
+      30151; bugfix on 0.4.0.1-alpha.
+
+  o Minor bugfixes (unit tests):
+    - In the "routerkeys/*" tests, check the return values of mkdir()
+      for possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha.
+      Found by Coverity as CID 1444254.
+    - Split test_utils_general() to several smaller test functions in
+      test_utils_general(). This makes it easier to perform resource
+      deallocation on assert failure and fixes Coverity warnings CID
+      1444117 and CID 1444118. Fixes bug 29823; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (v3 onion services):
+    - Stop ignoring IPv6 link specifiers sent to v3 onion services. v3
+      onion service IPv6 support is still incomplete, see 23493 for
+      details. Fixes bug 23588; bugfix on 0.3.2.1-alpha. Patch by
+      Neel Chauhan.
+
+  o Code simplification and refactoring:
+    - Abstract out the low-level formatting of replies on the control
+      port. Implements ticket 30007.
+    - Add several assertions in an attempt to fix some Coverity
+      warnings. Closes ticket 30149.
+    - Introduce a connection_dir_buf_add() helper function that checks
+      for compress_state of dir_connection_t and automatically writes a
+      string to directory connection with or without compression.
+      Resolves issue 28816.
+    - Make the base32_decode() API return the number of bytes written,
+      for consistency with base64_decode(). Closes ticket 28913.
+    - Move most relay-only periodic events out of mainloop.c into the
+      relay subsystem. Closes ticket 30414.
+    - Refactor and encapsulate parts of the codebase that manipulate
+      crypt_path_t objects. Resolves issue 30236.
+    - Refactor several places in our code that coverity incorrectly
+      believed that we might have memory leaks, so that we can analyze
+      our software more easily. Closes ticket 30147.
+    - Remove redundant return values in crypto_format, and the
+      associated return value checks elsewhere in the code. Make the
+      implementations in crypto_format consistent, and remove redundant
+      code. Resolves ticket 29660.
+    - Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that
+      it is not a constant-time function. Closes ticket 30309.
+    - Replace hs_desc_link_specifier_t with link_specifier_t, and remove
+      all hs_desc_link_specifier_t-specific code. Fixes bug 22781;
+      bugfix on 0.3.2.1-alpha.
+    - Simplify v3 onion service link specifier handling code. Fixes bug
+      23576; bugfix on 0.3.2.1-alpha.
+    - Split crypto_digest.c into three parts: 1) general code that does
+      not depend on either NSS or OpenSSL (stays in crypto_digest.c); 2)
+      code that depends on NSS API (moved to crypto_digest_nss.c); 3)
+      code that depends on OpenSSL API (moved to
+      crypto_digest_openssl.c). Resolves ticket 29108.
+    - Split up the control.c file into several submodules, in
+      preparation for distributing its current responsibilities
+      throughout the codebase. Closes ticket 29894.
+    - Start move responsibility for knowing about periodic events to the
+      appropriate subsystems, so that the mainloop doesn't need to know
+      all the periodic events in the rest of the codebase. Implements
+      tickets 30293 and 30294.
+
+  o Documentation:
+    - Document how to find git commits and tags for bug fixes in
+      CodingStandards.md. And update some changes file documentation.
+      Closes ticket 30261.
+
+  o Removed features:
+    - Remove linux-tor-prio.sh script from contrib/operator-tools
+      directory. Resolves issue 29434.
+    - Remove obsolete OpenSUSE initscript. Resolves issue 30076.
+    - Remove the obsolete script at contrib/dist/tor.sh.in. Resolves
+      issue 30075.
+
+  o Testing:
+    - Check that representative subsets of values of `int` and `unsigned
+      int` can be represented by `void *`. Resolves issue 29537.
+
+  o Code simplification and refactoring (circuit padding):
+    - Avoid calling monotime_absolute_usec() in circuit padding machines
+      that do not use token removal or circuit RTT estimation. Fixes bug
+      29085; bugfix on 0.4.0.1-alpha.
+
+  o Code simplification and refactoring (shell scripts):
+    - Cleanup autogen.sh to silence shellcheck warnings. Closes
+      ticket 26069.
+    - Cleanup test_keygen.sh to silence all shellcheck warnings. Closes
+      ticket 29062.
+    - Cleanup test_switch_id.sh to silence shellcheck warnings. Closes
+      ticket 29065.
+    - Fix issues shellcheck found in test_rebind.sh. Resolves
+      issue 29063.
+    - Fix shellcheck warning SC2006 in src/test/fuzz/minimize.sh.
+      Resolves issue 30079.
+    - Fix shellcheck warning in test_rust.sh. Fixes issue 29064.
+    - Fix shellcheck warning in torify script. Resolves issue 29070.
+    - Fix shellcheck warnings in asciidoc-helper.sh. Resolves
+      issue 29926.
+    - Fix shellcheck warnings in fuzz_multi.sh. Resolves issue 30077.
+    - Fix shellcheck warnings in fuzz_static_testcases.sh. Resolves
+      ticket 29059.
+    - Fix shellcheck warnings in nagios-check-tor-authority-cert script.
+      Resolves issue 29071.
+    - Fix shellcheck warnings in src/test/fuzz/fixup_filenames.sh.
+      Resolves issue 30078.
+    - Fix shellcheck warnings in test-network.sh. Resolves issue 29060.
+    - Fix shellcheck warnings in test_key_expiration.sh. Resolves
+      issue 30002.
+    - Fix shellcheck warnings in zero_length_keys.sh. Resolves
+      issue 29068.
+    - Fix test_workqueue_*.sh scripts to silence shellcheck SC2086
+      warnings. Fixes issue 29067.
+
+  o Testing (chutney):
+    - In "make test-network-all", test IPv6-only v3 single onion
+      services, using the chutney network single-onion-v23-ipv6-md. This
+      test will not pass until 23588 has been merged. Closes
+      ticket 27251.
+
+  o Testing (continuous integration):
+    - In Travis, show stem's tor log after failure. Closes ticket 30234.
+
+
 Changes in version 0.4.0.5 - 2019-05-02
   This is the first stable release in the 0.4.0.x series. It contains
   improvements for power management and bootstrap reporting, as well as
diff --git a/changes/bug17357 b/changes/bug17357
deleted file mode 100644
index 1188b65fd7..0000000000
--- a/changes/bug17357
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (onion services):
-    - If we are relaunching a circuit to a rendevous service in
-      rend_service_relaunch_rendezvous() and hs_service_requires_uptime_circ()
-      is true, the CIRCLAUNCH_NEED_UPTIME flag is added to the circuit.
-      Previously, we only set this flag when we received a INTRODUCE2
-      cell in rend_service_receive_introduction(). Fixes bug 17357;
-      bugfix on 0.4.0.2-alpha. Patch by Neel Chauhan
diff --git a/changes/bug22210 b/changes/bug22210
deleted file mode 100644
index d7a00fd72c..0000000000
--- a/changes/bug22210
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (onion services, performance):
-    - If we are building circuits to onion services, in circuit_is_acceptable()
-      we only call tor_addr_parse() in places where we use the returned
-      family and address values from this function. Previously, we called
-      tor_addr_parse() in circuit_is_acceptable() even if it wasn't used.
-      This change will improve performance when building circuits. Fixes
-      bug 22210; bugfix on 0.2.8.12. Patch by Neel Chauhan
diff --git a/changes/bug22781 b/changes/bug22781
deleted file mode 100644
index 5606dfa5e2..0000000000
--- a/changes/bug22781
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Replace hs_desc_link_specifier_t with link_specifier_t,
-      and remove all hs_desc_link_specifier_t-specific code.
-      Fixes bug 22781; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug23576 b/changes/bug23576
deleted file mode 100644
index edcae02e5e..0000000000
--- a/changes/bug23576
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor features (IPv6, v3 onion services):
-    - Make v3 onion services put IPv6 addresses in service
-      descriptors. Before this change, service descriptors only
-      contained IPv4 addressesd. Implements 26992.
-  o Code simplification and refactoring:
-    - Simplify v3 onion service link specifier handling code.
-      Fixes bug 23576; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug23588 b/changes/bug23588
deleted file mode 100644
index 86064ab313..0000000000
--- a/changes/bug23588
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (v3 onion services):
-    - Stop ignoring IPv6 link specifiers sent to v3 onion services.
-      v3 onion service IPv6 support is still incomplete, see 23493 for
-      details. Fixes bug 23588; bugfix on 0.3.2.1-alpha.
-      Patch by Neel Chauhan.
diff --git a/changes/bug24338 b/changes/bug24338
deleted file mode 100644
index 75984b6329..0000000000
--- a/changes/bug24338
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (dirauth, ipv6):
-    - If we are a durauth with IPv6 and are marking relays as running, mark
-      ourselves as reachable on IPv6. Fixes bug 24338; bugfix on 0.4.0.2-alpha.
-      Patch by Neel Chauhan
diff --git a/changes/bug24490 b/changes/bug24490
deleted file mode 100644
index cf9281c878..0000000000
--- a/changes/bug24490
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (bridge authority):
-    - We set bridges as running when we dump the bridge status to a file.
-      Previously, we set bridges as running in a GETINFO controller, but
-      these shouldn't modify vital data structures. Fixes bug 24490;
-      bugfix on 0.2.0.13-alpha. Patch by Neel Chauhan
diff --git a/changes/bug28269 b/changes/bug28269
deleted file mode 100644
index bdfe9e1aae..0000000000
--- a/changes/bug28269
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes (onion services):
-    - If we are launching repeated HSFETCH queries and are rate-limited,
-      we introduce a new controller response QUERY_RATE_LIMITED instead
-      of QUERY_NO_HSDIR, while keeping the latter for when onion service
-      directories are missing a descriptor. Previously, we returned
-      QUERY_NO_HSDIR for both cases. Fixes bug 28269; bugfix on
-      0.3.1.1-alpha. Patch by Neel Chauhan
diff --git a/changes/bug28636 b/changes/bug28636
deleted file mode 100644
index 240655cbea..0000000000
--- a/changes/bug28636
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Minor bugfixes (circuit padding):
-    - The circuit padding subsystem does not schedule padding if dormant mode
-      is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha.
-
-  o Minor feature (circuit padding):
-    - We now use a fast RNG when scheduling circuit padding. Part of ticket
-      28636.
-
diff --git a/changes/bug29018 b/changes/bug29018
deleted file mode 100644
index b006ae36a7..0000000000
--- a/changes/bug29018
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (stats):
-    - When ExtraInfoStatistics is 0, stop including bandwidth usage statistics,
-      GeoIPFile hashes, ServerTransportPlugin lines, and bridge statistics
-      by country in extra-info documents. Fixes bug 29018;
-      bugfix on 0.2.4.1-alpha.
diff --git a/changes/bug29061 b/changes/bug29061
deleted file mode 100644
index 58fc4f22e9..0000000000
--- a/changes/bug29061
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (testing):
-    - Call setrlimit() to disable core dumps in test_bt_cl.c instead of
-      using `ulimit -c` in test_bt.sh, which violates POSIX shell
-      compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha.
diff --git a/changes/bug29063 b/changes/bug29063
deleted file mode 100644
index 8cbcbebc6e..0000000000
--- a/changes/bug29063
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix issues shellcheck found in test_rebind.sh. Resolves issue 29063.
diff --git a/changes/bug29085 b/changes/bug29085
deleted file mode 100644
index b17c06378f..0000000000
--- a/changes/bug29085
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring (circuit padding):
-    - Avoid calling monotime_absolute_usec() in circuit padding machines
-      that do not use token removal or circuit RTT estimation. Fixes bug
-      29085; bugfix on 0.4.0.1-alpha.
diff --git a/changes/bug29204 b/changes/bug29204
deleted file mode 100644
index ec2cf67b2f..0000000000
--- a/changes/bug29204
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (circuitpadding):
-    - Inspect circuit-level cell queue before sending padding, to avoid
-      sending padding while too much data is queued. Fixes bug 29204;
-      bugfix on 0.4.0.1-alpha.
diff --git a/changes/bug29221 b/changes/bug29221
deleted file mode 100644
index fbe08aa9a0..0000000000
--- a/changes/bug29221
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (development tools):
-    - Tor's test scripts now check for files and functions that seem
-      too long and complicated.  Existing overlong functions and files are
-      accepted for now, but should eventually be refactored. Closes
-      ticket 29221.
diff --git a/changes/bug29231 b/changes/bug29231
deleted file mode 100644
index bcc19e1b48..0000000000
--- a/changes/bug29231
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (Channel padding statistics):
-    - Channel padding write totals and padding-enabled totals are now
-      counted properly in relay extrainfo descriptors. Fixes bug 29231;
-      bugfix on 0.3.1.1-alpha
diff --git a/changes/bug29243 b/changes/bug29243
deleted file mode 100644
index b5694f7568..0000000000
--- a/changes/bug29243
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (testing, v3 onion services):
-    - Fix some incorrect code in the v3 onion service unit tests.
-      Fixes bug 29243; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug29298 b/changes/bug29298
deleted file mode 100644
index 6e447b62dd..0000000000
--- a/changes/bug29298
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (circuit padding):
-    - Allow the padding machine designer to pick the edges of their histogram
-      instead of trying to compute them automatically using an exponential
-      formula. Resolves some undefined behavior in the case of small histograms
-      and allows greater flexibility on machine design. Closes ticket 29298;
-      bugfix on 0.4.0.1-alpha.
\ No newline at end of file
diff --git a/changes/bug29613 b/changes/bug29613
deleted file mode 100644
index e966973255..0000000000
--- a/changes/bug29613
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (relay):
-    - If we are are a relay and have IPv6Exit to 1 while ExitRelay is
-      auto, we act as if ExitRelay is 1. Previously, we ignored IPv6Exit
-      if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on 0.3.5.1-alpha.
-      Patch by Neel Chauhan.
diff --git a/changes/bug29640 b/changes/bug29640
deleted file mode 100644
index 81adeae32a..0000000000
--- a/changes/bug29640
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (documentation):
-    - Improve the monotonic time module and function documentation. Explain
-      what "monotonic" actually means, and document some results that have
-      surprised people. Fixes bug 29640; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug29805 b/changes/bug29805
deleted file mode 100644
index 00c846e9af..0000000000
--- a/changes/bug29805
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (probability distributions):
-    - Refactor and improve parts of the probability distribution code that made
-      Coverity complain. Fixes bug 29805; bugfix on 0.4.0.1-alpha.
\ No newline at end of file
diff --git a/changes/bug29823 b/changes/bug29823
deleted file mode 100644
index d856cf1fef..0000000000
--- a/changes/bug29823
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Split test_utils_general() to several smaller test functions in
-      test_utils_general(). This makes it easier to perform resource
-      deallocation on assert failure and fixes Coverity warnings CID 1444117
-      and CID 1444118. Fixes bug 29823; bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug29926 b/changes/bug29926
deleted file mode 100644
index ab1417c603..0000000000
--- a/changes/bug29926
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in asciidoc-helper.sh. Resolves issue 29926.
diff --git a/changes/bug29939 b/changes/bug29939
deleted file mode 100644
index 0e9b46c075..0000000000
--- a/changes/bug29939
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - In the "routerkeys/*" tests, check the return values of mkdir() for
-      possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha. Found by
-      Coverity as CID 1444254.
diff --git a/changes/bug30002 b/changes/bug30002
deleted file mode 100644
index da61c9e4b2..0000000000
--- a/changes/bug30002
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in test_key_expiration.sh. Resolves issue 30002.
diff --git a/changes/bug30109 b/changes/bug30109
deleted file mode 100644
index b25aa803bb..0000000000
--- a/changes/bug30109
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (documentation):
-    - Improve the documentation for MapAddress .exit.
-      Fixes bug 30109; bugfix on 0.1.0.1-rc.
diff --git a/changes/bug30148 b/changes/bug30148
deleted file mode 100644
index 7d0257e3fe..0000000000
--- a/changes/bug30148
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (memory leak):
-    - Avoid a minor memory leak that could occur on relays when
-      creating a keys directory failed. Fixes bug 30148; bugfix on
-      0.3.3.1-alpha.
diff --git a/changes/bug30151 b/changes/bug30151
deleted file mode 100644
index 8ac9a320a0..0000000000
--- a/changes/bug30151
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (tor-resolve):
-    - Fix a memory leak in tor-resolve that could happen if Tor gave it a
-      malformed SOCKS response.  (Memory leaks in tor-resolve don't actually
-      matter, but it's good to fix them anyway.)  Fixes bug 30151; bugfix on
-      0.4.0.1-alpha.
diff --git a/changes/bug30189 b/changes/bug30189
deleted file mode 100644
index f8c932a5f9..0000000000
--- a/changes/bug30189
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation, unusual configuration):
-    - Avoid failures when building with ALL_BUGS_ARE_FAILED due to
-      missing declarations of abort(), and prevent other such failures
-      in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha.
diff --git a/changes/bug30190 b/changes/bug30190
deleted file mode 100644
index e2352c3b9c..0000000000
--- a/changes/bug30190
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (lib):
-    do not log a warning for OpenSSL versions that should be compatible
-    Fixes bug 30190; bugfix on 0.2.4.2-alpha
diff --git a/changes/bug30236 b/changes/bug30236
deleted file mode 100644
index ceaa98c8f1..0000000000
--- a/changes/bug30236
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Refactor and encapsulate parts of the codebase that manipulate
-      crypt_path_t objects. Resolves issue 30236.
\ No newline at end of file
diff --git a/changes/bug30309 b/changes/bug30309
deleted file mode 100644
index 6cbbe8d156..0000000000
--- a/changes/bug30309
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that
-      it is not a constant-time function. Closes ticket 30309.
diff --git a/changes/bug30452 b/changes/bug30452
deleted file mode 100644
index 2bb401d87d..0000000000
--- a/changes/bug30452
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (compile-time modules):
-    - Add a --list-modules command to print a list of which compile-time
-      modules are enabled. Closes ticket 30452.
diff --git a/changes/bug30475 b/changes/bug30475
deleted file mode 100644
index 839597b885..0000000000
--- a/changes/bug30475
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes ():
-    - Avoid a GCC 9.1.1 warning (and possible crash depending on libc
-      implemenation) when failing to load a hidden service client authorization
-      file.  Fixes bug 30475; bugfix on 0.3.5.1-alpha.
diff --git a/changes/bugs28693+30173+29203 b/changes/bugs28693+30173+29203
deleted file mode 100644
index 9faa6279bf..0000000000
--- a/changes/bugs28693+30173+29203
+++ /dev/null
@@ -1,12 +0,0 @@
-  o Minor bugfixes (circuit padding):
-    - Add a torrc option to disable circuit padding. Fixes bug 28693; bugfix
-      on 0.4.0.1-alpha.
-  o Minor bugfixes (circuit padding):
-    - Provide consensus parameter to fully disable circuit padding, to be used
-      in emergency network overload situations. Fixes bug 30173; bugfix on
-      0.4.0.1-alpha.
-  o Minor bugfixes (circuit padding):
-    - Allow circuit padding machines to specify that they do not contribute
-      much overhead, and provide consensus flags and torrc options to force
-      clients to only use low overhead machines. Fixes bug 29203; bugfix on
-      0.4.0.1-alpha.
diff --git a/changes/coverity_falsepos b/changes/coverity_falsepos
deleted file mode 100644
index 9fbb01a0c1..0000000000
--- a/changes/coverity_falsepos
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Refactor several places in our code that coverity incorrectly believed
-      that we might have memory leaks, so that we can analyze our software
-      more easily.  Closes ticket 30147.
diff --git a/changes/feature29532 b/changes/feature29532
deleted file mode 100644
index 4d95e6bca8..0000000000
--- a/changes/feature29532
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (developer tooling):
-    - Modify git pre-push hook script to disallow pushing branches other than
-      master, release-* and maint-* to origin remote. Implements feature
-      29532.
diff --git a/changes/geoip-2019-05-13 b/changes/geoip-2019-05-13
deleted file mode 100644
index 0a2fa18971..0000000000
--- a/changes/geoip-2019-05-13
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2
-      Country database. Closes ticket 30522.
-
diff --git a/changes/pubsub b/changes/pubsub
deleted file mode 100644
index f67b36b988..0000000000
--- a/changes/pubsub
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major features (code organization):
-    - Tor now includes a generic publish-subscribe message-passing subsystem
-      that we can use to organize intermodule dependencies.  We hope to use
-      this to reduce dependencies between modules that don't need to be
-      related, and to generally simplify our codebase. Closes ticket 28226.
diff --git a/changes/ticket25110 b/changes/ticket25110
deleted file mode 100644
index 298e33287f..0000000000
--- a/changes/ticket25110
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging, configuration):
-    - Warn operators when MyFamily option is set but ContactInfo
-      is missing, as the latter should be set too.
-      Fixes bug 25110; bugfix on 0.3.3.1-alpha.
diff --git a/changes/ticket25417 b/changes/ticket25417
deleted file mode 100644
index 41f2acc988..0000000000
--- a/changes/ticket25417
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (controller):
-    - Add onion service version 3 support to HSFETCH. Previously, only
-      version 2 onion services were supported. Closes ticket 25417.
-      Patch by Neel Chauhan
diff --git a/changes/ticket25614 b/changes/ticket25614
deleted file mode 100644
index 82988eeace..0000000000
--- a/changes/ticket25614
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (pluggable transports):
-    - Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as
-      well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha.
diff --git a/changes/ticket26069 b/changes/ticket26069
deleted file mode 100644
index caed9be348..0000000000
--- a/changes/ticket26069
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Cleanup autogen.sh to silence shellcheck warnings. Closes ticket 26069.
diff --git a/changes/ticket26288 b/changes/ticket26288
deleted file mode 100644
index 59bb856dd2..0000000000
--- a/changes/ticket26288
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major features (flow control):
-    - Implement authenticated SENDMEs detailed in proposal 289. A SENDME cell
-      now includes the digest of the last cell received so once the end point
-      receives the SENDME, it can confirm the other side's knowledge of the
-      previous cells that were sent. This behavior is controlled by two new
-      consensus parameters, see proposal for more details. Fixes ticket 26288.
diff --git a/changes/ticket27251 b/changes/ticket27251
deleted file mode 100644
index 7ce296e8da..0000000000
--- a/changes/ticket27251
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Testing (chutney):
-    - In "make test-network-all", test IPv6-only v3 single onion services,
-      using the chutney network single-onion-v23-ipv6-md. This test will
-      not pass until 23588 has been merged. Closes ticket 27251.
diff --git a/changes/ticket27821 b/changes/ticket27821
deleted file mode 100644
index 158f308fbf..0000000000
--- a/changes/ticket27821
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (HTTP tunnel):
-    - Return an informative web page when the HTTPTunnelPort is used as an
-      HTTP proxy. Closes ticket 27821, patch by "eighthave".
diff --git a/changes/ticket28634 b/changes/ticket28634
deleted file mode 100644
index 7ba05e5c55..0000000000
--- a/changes/ticket28634
+++ /dev/null
@@ -1,10 +0,0 @@
-  o Major features (Circuit padding):
-    - Onion service clients will now add padding cells to the initial portions
-      of their INTRODUCE and RENDEZVOUS circuits, to make those circuits'
-      traffic patterns look more like general purpose Exit traffic. The
-      overhead for this is 2 extra cells in each direction for RENDEZVOUS
-      circuits, and 1 extra upstream cell and 10 downstream cells for INTRODUCE
-      circuits. This will only be enabled if the circuit's middle node supports
-      this feature, too. (Clients may specify fixed middle nodes with the MiddleNodes
-      torrc directive, and may force-disable this feature with the CircuitPadding
-      torrc directive). Closes ticket 28634.
diff --git a/changes/ticket28780 b/changes/ticket28780
deleted file mode 100644
index d7c6693f8c..0000000000
--- a/changes/ticket28780
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (circuit padding):
-    - Provide the ability for circuit padding machines to hold a circuit open
-      until they are done padding it. Closes ticket 28780.
diff --git a/changes/ticket28816 b/changes/ticket28816
deleted file mode 100644
index 02878ccfdc..0000000000
--- a/changes/ticket28816
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Introduce a connection_dir_buf_add() helper function that checks for
-      compress_state of dir_connection_t and automatically writes a string to
-      directory connection with or without compression. Resolves issue 28816.
diff --git a/changes/ticket28837 b/changes/ticket28837
deleted file mode 100644
index 3bc8f12597..0000000000
--- a/changes/ticket28837
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (performance):
-    - Use OpenSSL's implementations of SHA3 when available (in OpenSSL 1.1.1
-      and later), since they tend to be faster than tiny-keccak. Closes
-      ticket 28837.
diff --git a/changes/ticket28913 b/changes/ticket28913
deleted file mode 100644
index e09847464d..0000000000
--- a/changes/ticket28913
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Make the base32_decode() API return the number of bytes written,
-      for consistency with base64_decode().
-      Closes ticket 28913.
diff --git a/changes/ticket29059 b/changes/ticket29059
deleted file mode 100644
index d47d0e2a3b..0000000000
--- a/changes/ticket29059
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in fuzz_static_testcases.sh. Resolves ticket
-      29059.
diff --git a/changes/ticket29060 b/changes/ticket29060
deleted file mode 100644
index 380cc8eb11..0000000000
--- a/changes/ticket29060
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in test-network.sh. Resolves issue 29060.
diff --git a/changes/ticket29062 b/changes/ticket29062
deleted file mode 100644
index de05c621f1..0000000000
--- a/changes/ticket29062
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Cleanup test_keygen.sh to silence all shellcheck warnings. Closes
-      ticket 29062.
diff --git a/changes/ticket29064 b/changes/ticket29064
deleted file mode 100644
index 616b8aa77e..0000000000
--- a/changes/ticket29064
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warning in test_rust.sh. Fixes issue 29064.
diff --git a/changes/ticket29065 b/changes/ticket29065
deleted file mode 100644
index edf00ac99c..0000000000
--- a/changes/ticket29065
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Cleanup test_switch_id.sh to silence shellcheck warnings. Closes
-      ticket 29065.
diff --git a/changes/ticket29067 b/changes/ticket29067
deleted file mode 100644
index a660648775..0000000000
--- a/changes/ticket29067
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix test_workqueue_*.sh scripts to silence shellcheck SC2086
-      warnings. Fixes issue 29067.
diff --git a/changes/ticket29068 b/changes/ticket29068
deleted file mode 100644
index 77ef304f1d..0000000000
--- a/changes/ticket29068
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in zero_length_keys.sh. Resolves issue 29068.
diff --git a/changes/ticket29070 b/changes/ticket29070
deleted file mode 100644
index 2716915359..0000000000
--- a/changes/ticket29070
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warning in torify script. Resolves issue 29070.
diff --git a/changes/ticket29071 b/changes/ticket29071
deleted file mode 100644
index 0997a8d22f..0000000000
--- a/changes/ticket29071
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in nagios-check-tor-authority-cert script.
-      Resolves issue 29071.
diff --git a/changes/ticket29108 b/changes/ticket29108
deleted file mode 100644
index 7adb08ecb1..0000000000
--- a/changes/ticket29108
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Split crypto_digest.c into three parts: 1) general code that does not
-      depend on either NSS or OpenSSL (stays in crypto_digest.c); 2) code that
-      depends on NSS API (moved to crypto_digest_nss.c); 3) code that depends
-      on OpenSSL API (moved to crypto_digest_openssl.c). Resolves ticket 29108.
diff --git a/changes/ticket29391 b/changes/ticket29391
deleted file mode 100644
index f00fa61c47..0000000000
--- a/changes/ticket29391
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor feature (maintenance scripts):
-    - Add to scripts/maint/ helper maintainer scripts used for git maintenance.
-      Closes ticket 29391.
diff --git a/changes/ticket29434 b/changes/ticket29434
deleted file mode 100644
index 8037044f0b..0000000000
--- a/changes/ticket29434
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Removed features:
-    - Remove linux-tor-prio.sh script from contrib/operator-tools directory.
-      Resolves issue 29434.
diff --git a/changes/ticket29436 b/changes/ticket29436
deleted file mode 100644
index 025be619e5..0000000000
--- a/changes/ticket29436
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (testing):
-    - We now have a script, cov-test-determinism.sh, to identify places
-      where our unit test coverage has become nondeterministic.
-      Closes ticket 29436.
diff --git a/changes/ticket29536 b/changes/ticket29536
deleted file mode 100644
index a5ae26b701..0000000000
--- a/changes/ticket29536
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Minor features (performance, RNG):
-    - Tor now constructs a fast secure pseudorandom number generator for
-      each thread, to use for cases where performance is critical. This PRNG
-      is based on AES-CTR, using a buffering construction similar to
-      libottery and the (newer) OpenBSD arc4random() code.  It outperforms
-      OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for small outputs.
-      Although we believe it to be cryptographically strong, we are only
-      using it when necessary for reasonable performance. Implements tickets
-      29023 and 29536.
diff --git a/changes/ticket29537 b/changes/ticket29537
deleted file mode 100644
index afe2308205..0000000000
--- a/changes/ticket29537
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Testing:
-    - Check that representative subsets of values of `int` and `unsigned int`
-      can be represented by `void *`. Resolves issue 29537.
diff --git a/changes/ticket29542 b/changes/ticket29542
deleted file mode 100644
index 465a8e31bc..0000000000
--- a/changes/ticket29542
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor features (defense in depth):
-    - Tor now uses a fast cryptographically strong PRNG even for decisions
-      that we do not believe are security-sensitive.  Previously, for
-      performance reasons, we had used a trivially predictable linear
-      congruential generator algorithm for certain load-balancing and
-      statistical sampling decisions. Now we use our fast RNG in those cases.
-      Closes ticket 29542.
diff --git a/changes/ticket29553 b/changes/ticket29553
deleted file mode 100644
index af441b92b0..0000000000
--- a/changes/ticket29553
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (developer tools):
-    - Update our pre-commit.git-hook script to work correctly on older Tor
-      branches and release branches without any changes files,
-      and to actually exit when something fails.  Fixes bug 29553; bugfix on
-      0.4.0.2-alpha.
diff --git a/changes/ticket29588 b/changes/ticket29588
deleted file mode 100644
index c81bccb00d..0000000000
--- a/changes/ticket29588
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (developer tools):
-    - Introduce a post-merge git hook script to check if we're pulling in any
-      changes to our git workspace management scripts from upstream. Resolves
-      issue 29588.
diff --git a/changes/ticket29635 b/changes/ticket29635
deleted file mode 100644
index cbadbf648a..0000000000
--- a/changes/ticket29635
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (documentation, manpage):
-    - Use proper formatting when providing an example on quoting options that
-      contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc.
diff --git a/changes/ticket29660 b/changes/ticket29660
deleted file mode 100644
index 84b8059106..0000000000
--- a/changes/ticket29660
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove redundant return values in crypto_format, and the associated
-      return value checks elsewhere in the code. Make the implementations in
-      crypto_format consistent, and remove redundant code.
-      Resolves ticket 29660.
diff --git a/changes/ticket29662 b/changes/ticket29662
deleted file mode 100644
index 872df9ad82..0000000000
--- a/changes/ticket29662
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (debugging):
-    - Introduce tor_assertf() and tor_assertf_nonfatal() to enable logging of
-      additional information during assert failure. Now we can use format
-      strings to include pieces of information that are relevant for trouble
-      shooting. Resolves ticket 29662.
diff --git a/changes/ticket29732 b/changes/ticket29732
deleted file mode 100644
index bb72361c48..0000000000
--- a/changes/ticket29732
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (testing):
-    - Tor's unit test code now contains a standard set of functions to
-      replace the PRNG with a deterministic or reproducible version for
-      testing. Previously, various tests implemented this in various ways.
-      Implements ticket 29732.
diff --git a/changes/ticket29756 b/changes/ticket29756
deleted file mode 100644
index 79995b4995..0000000000
--- a/changes/ticket29756
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (developer tools):
-    - Add a script to check that each header has a well-formed and unique
-      guard marco. Closes ticket 29756.
diff --git a/changes/ticket29894 b/changes/ticket29894
deleted file mode 100644
index 6392598ec6..0000000000
--- a/changes/ticket29894
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Split up the control.c file into several submodules, in preparation
-      for distributing its current responsibilities throughout the codebase.
-      Closes ticket 29894.
diff --git a/changes/ticket29913 b/changes/ticket29913
deleted file mode 100644
index a713b0ccef..0000000000
--- a/changes/ticket29913
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (python):
-    - Stop assuming that /usr/bin/python3 exists. For scripts that work with
-      python2, use /usr/bin/python. Otherwise, use /usr/bin/env python3.
-      Fixes bug 29913; bugfix on 0.2.5.3-alpha.
diff --git a/changes/ticket29984 b/changes/ticket29984
deleted file mode 100644
index 8631dff27b..0000000000
--- a/changes/ticket29984
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (controller protocol):
-    - Teach the controller parser to correctly distinguish an object
-      preceded by an argument list from one without. Previously, it
-      couldn't distinguish an argument list from the first line of a
-      multiline object. Fixes bug 29984; bugfix on 0.2.3.8-alpha.
diff --git a/changes/ticket30007 b/changes/ticket30007
deleted file mode 100644
index e87f6b956f..0000000000
--- a/changes/ticket30007
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Abstract out the low-level formatting of replies on the control
-      port. Implements ticket 30007.
diff --git a/changes/ticket30033 b/changes/ticket30033
deleted file mode 100644
index 3f66d049c8..0000000000
--- a/changes/ticket30033
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (developer tooling):
-    - Call pre-commit git hook from pre-push hook to make sure we're
-      running documentation and code style checks before pushing to remote
-      git repository. Implements feature 30033.
diff --git a/changes/ticket30051 b/changes/ticket30051
deleted file mode 100644
index 87b6d7611f..0000000000
--- a/changes/ticket30051
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (developer tooling):
-    - Call practracker from pre-push and pre-commit git hooks to let a
-      developer know if they made any code style violations in their last
-      commit. This should help preventing code style violations appearing
-      upstream. Closes ticket 30051.
diff --git a/changes/ticket30075 b/changes/ticket30075
deleted file mode 100644
index 288abd7674..0000000000
--- a/changes/ticket30075
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Removed features:
-    - Remove the obsolete script at contrib/dist/tor.sh.in. Resolves issue
-      30075.
diff --git a/changes/ticket30076 b/changes/ticket30076
deleted file mode 100644
index 1334bc4603..0000000000
--- a/changes/ticket30076
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Removed features:
-    - Remove obsolete OpenSUSE initscript. Resolves issue 30076.
diff --git a/changes/ticket30077 b/changes/ticket30077
deleted file mode 100644
index 9be014730e..0000000000
--- a/changes/ticket30077
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in fuzz_multi.sh. Resolves issue 30077.
diff --git a/changes/ticket30078 b/changes/ticket30078
deleted file mode 100644
index 5ab5abdbfd..0000000000
--- a/changes/ticket30078
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warnings in src/test/fuzz/fixup_filenames.sh. Resolves
-      issue 30078.
diff --git a/changes/ticket30079 b/changes/ticket30079
deleted file mode 100644
index 56b88e7f53..0000000000
--- a/changes/ticket30079
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring (shell scripts):
-    - Fix shellcheck warning SC2006 in src/test/fuzz/minimize.sh. Resolves
-      issue 30079.
diff --git a/changes/ticket30091 b/changes/ticket30091
deleted file mode 100644
index 968ea01f4a..0000000000
--- a/changes/ticket30091
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major features (controller protocol):
-    - Controller commands are now parsed using a generalized parsing
-      subsystem. Previously, each controller command was responsible for
-      parsing its own input.  Closes ticket 30091.
diff --git a/changes/ticket30114 b/changes/ticket30114
deleted file mode 100644
index a80f7f4dcf..0000000000
--- a/changes/ticket30114
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (git scripts):
-    - In git-pull-all.sh, also fetch the latest tor-github pull requests.
-      Implements ticket 30114.
diff --git a/changes/ticket30149 b/changes/ticket30149
deleted file mode 100644
index a21687ac2f..0000000000
--- a/changes/ticket30149
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Add several assertions in an attempt to fix some Coverity warnings.
-      Closes ticket 30149.
diff --git a/changes/ticket30176 b/changes/ticket30176
deleted file mode 100644
index da23760ce5..0000000000
--- a/changes/ticket30176
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (defense in depth):
-    - In smartlist_remove_keeporder(), set any pointers that become
-      unused to NULL, in case a bug causes them to be used later. Closes
-      ticket 30176.  Patch from Tobias Stoeckmann.
diff --git a/changes/ticket30213 b/changes/ticket30213
deleted file mode 100644
index acb7614807..0000000000
--- a/changes/ticket30213
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (continuous integration):
-    - Remove sudo configuration lines from .travis.yml as they are no longer
-      needed with current Travis build environment. Resolves issue 30213.
diff --git a/changes/ticket30234 b/changes/ticket30234
deleted file mode 100644
index 5a0076bad2..0000000000
--- a/changes/ticket30234
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Testing (continuous integration):
-    - In Travis, show stem's tor log after failure. Closes ticket 30234.
diff --git a/changes/ticket30261 b/changes/ticket30261
deleted file mode 100644
index e4a2643c88..0000000000
--- a/changes/ticket30261
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Documentation:
-    - Document how to find git commits and tags for bug fixes in
-      CodingStandards.md. And update some changes file documentation.
-      Closes ticket 30261.
diff --git a/changes/ticket30293 b/changes/ticket30293
deleted file mode 100644
index c74b6cd346..0000000000
--- a/changes/ticket30293
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Start move responsibility for knowing about periodic events to the
-      appropriate subsystems, so that the mainloop doesn't need to know all
-      the periodic events in the rest of the codebase.  Implements tickets
-      30293 and 30294.
diff --git a/changes/ticket30307 b/changes/ticket30307
deleted file mode 100644
index abcacb6085..0000000000
--- a/changes/ticket30307
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major features (performance):
-    - Update our node selection algorithm to exclude nodes in linear time.
-      Previously, the algorithm was quadratic, which could slow down heavily
-      used onion services.  Closes ticket 30307.
diff --git a/changes/ticket30308 b/changes/ticket30308
deleted file mode 100644
index b78e6b3e9f..0000000000
--- a/changes/ticket30308
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (performance):
-    - When checking a node for bridge status, use a fast check to make sure
-      that its identity is set. Previously, we used a constant-time check,
-      which is not necessary when verifying a BUG() condition that causes
-      a stack trace. Fixes bug 30308; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket30345 b/changes/ticket30345
deleted file mode 100644
index 639db8d7ee..0000000000
--- a/changes/ticket30345
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features (modularity):
-    - The --disable-module-dirauth compile-time option now disables
-      even more dirauth-only code. Closes ticket 30345.
diff --git a/changes/ticket30414 b/changes/ticket30414
deleted file mode 100644
index 029ed1311f..0000000000
--- a/changes/ticket30414
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Move most relay-only periodic events out of mainloop.c into the
-      relay subsystem. Closes ticket 30414.