Begin work on a changelog for 0.2.4.22 by copying in the changes files unedited

16 files changed, 92 insertions, 79 deletions

diff --git a/ChangeLog b/ChangeLog
index d8ae424c25..7992f700fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,95 @@
+Changes in version 0.2.4.22 - 2014-05-??
+  Write a paragraph here.
+
+  o Major bugfixes:
+    - When running a hidden service, do not allow TunneledDirConns 0;
+      this will keep the hidden service from running, and also
+      make it publish its descriptors directly over HTTP. Fixes bug 10849;
+      bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes:
+    - Stop leaking memory when we successfully resolve a PTR record.
+      Fixes bug 11437; bugfix on 0.2.4.7-alpha.
+
+  o Major features (security):
+    - Block authority signing keys that were used on an authorities
+      vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
+      (We don't have any evidence that these keys _were_ compromised;
+      we're doing this to be prudent.) Resolves ticket 11464.
+
+  o Major bugfixes:
+    - Generate the server's preference list for ciphersuites
+      automatically based on uniform criteria, and considering all
+      OpenSSL ciphersuites with acceptable strength and forward
+      secrecy. (The sort order is: prefer AES to 3DES; break ties by
+      preferring ECDHE to DHE; break ties by preferring GCM to CBC;
+      break ties by preferring SHA384 to SHA256 to SHA1; and finally,
+      break ties by preferring AES256 to AES128.) This resolves bugs
+      #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
+      Bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes:
+    - Avoid sending an garbage value to the controller when a circuit is
+      cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
+
+  o Minor features:
+    - When we run out of usable circuit IDs on a channel, log only one
+      warning for the whole channel, and include a description of
+      how many circuits there were on the channel. Fix for part of ticket
+      #11553.
+
+  o Minor bugfixes:
+    - Downgrade the warning severity for the the "md was still referenced 1
+      node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
+      diagnose this bug, and the current warning in earlier versions of
+      tor achieves nothing useful. Addresses warning from bug 7164.
+
+  o Documentation:
+    - Correctly document that we search for a system torrc file before
+      looking in ~/.torrc. Fixes documentation side of 9213; bugfix
+      on 0.2.3.18-rc.
+
+  o Minor bugfixes:
+    - Avoid 60-second delays in the bootstrapping process when Tor
+      is launching for a second time while using bridges. Fixes bug 9229;
+      bugfix on 0.2.0.3-alpha.
+
+  o Minor bugfixes:
+    - Give the correct URL in the warning message that we present
+      when the user is trying to run a Tor relay on an ancient version
+      of Windows. Fixes bug 9393.
+
+  o Minor features (security):
+    - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
+      the default at 8GBytes), to better support Raspberry Pi users. Fixes
+      bug 9686; bugfix on 0.2.4.14-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation error when compiling with --disable-cuve25519.
+      Fixes bug 9700; bugfix on 0.2.4.17-rc.
+
+  o Minor features (performance, compatibility):
+    - Update the list of TLS cipehrsuites that a client advertises
+      to match those advertised by Firefox 28. This enables selection of
+      (fast) GCM ciphersuites, disables some strange old ciphers, and
+      disables the ECDH (not to be confused with ECDHE) ciphersuites.
+      Resolves ticket 11438.
+
+  o Major bugfixes (security, OOM)
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This could enable a memory
+      exhaustion attack by directory servers. Fixes bug #11649; bugfix
+      on 0.2.2.6-alpha.
+
+  o Minor features:
+    - Servers now trust themselves to have a better view than clients of
+      which TLS ciphersuites to choose. (Thanks to #11513, the server
+      list is now well-considered, whereas the client list has been
+      chosen mainly for anti-fingerprinting purposes.) Resolves ticket
+      11528.
+
+
+
 Changes in version 0.2.4.21 - 2014-02-28
   Tor 0.2.4.21 further improves security against potential adversaries who
   find breaking 1024-bit crypto doable, and backports several stability
diff --git a/changes/bug10849_023 b/changes/bug10849_023
deleted file mode 100644
index 480dea3de0..0000000000
--- a/changes/bug10849_023
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - When running a hidden service, do not allow TunneledDirConns 0;
-      this will keep the hidden service from running, and also
-      make it publish its descriptors directly over HTTP. Fixes bug 10849;
-      bugfix on 0.2.1.1-alpha.
-
diff --git a/changes/bug11437 b/changes/bug11437
deleted file mode 100644
index f5117cae99..0000000000
--- a/changes/bug11437
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Stop leaking memory when we successfully resolve a PTR record.
-      Fixes bug 11437; bugfix on 0.2.4.7-alpha.
diff --git a/changes/bug11464_023 b/changes/bug11464_023
deleted file mode 100644
index 80c04b21e6..0000000000
--- a/changes/bug11464_023
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major features (security):
-    - Block authority signing keys that were used on an authorities
-      vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
-      (We don't have any evidence that these keys _were_ compromised;
-      we're doing this to be prudent.) Resolves ticket 11464.
diff --git a/changes/bug11513 b/changes/bug11513
deleted file mode 100644
index 820c02605f..0000000000
--- a/changes/bug11513
+++ /dev/null
@@ -1,12 +0,0 @@
-  o Major bugfixes:
-    - Generate the server's preference list for ciphersuites
-      automatically based on uniform criteria, and considering all
-      OpenSSL ciphersuites with acceptable strength and forward
-      secrecy. (The sort order is: prefer AES to 3DES; break ties by
-      preferring ECDHE to DHE; break ties by preferring GCM to CBC;
-      break ties by preferring SHA384 to SHA256 to SHA1; and finally,
-      break ties by preferring AES256 to AES128.) This resolves bugs
-      #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
-      Bugfix on 0.2.4.8-alpha.
-
-
diff --git a/changes/bug11519 b/changes/bug11519
deleted file mode 100644
index 5c1e6af7e4..0000000000
--- a/changes/bug11519
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Avoid sending an garbage value to the controller when a circuit is
-      cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
diff --git a/changes/bug11553 b/changes/bug11553
deleted file mode 100644
index 1540f4642f..0000000000
--- a/changes/bug11553
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features:
-    - When we run out of usable circuit IDs on a channel, log only one
-      warning for the whole channel, and include a description of
-      how many circuits there were on the channel. Fix for part of ticket
-      #11553.
diff --git a/changes/bug7164_downgrade b/changes/bug7164_downgrade
deleted file mode 100644
index 4d75586bb1..0000000000
--- a/changes/bug7164_downgrade
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Downgrade the warning severity for the the "md was still referenced 1
-      node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
-      diagnose this bug, and the current warning in earlier versions of
-      tor achieves nothing useful. Addresses warning from bug 7164.
-
diff --git a/changes/bug9213_doc b/changes/bug9213_doc
deleted file mode 100644
index 2f959dd831..0000000000
--- a/changes/bug9213_doc
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Documentation:
-    - Correctly document that we search for a system torrc file before
-      looking in ~/.torrc. Fixes documentation side of 9213; bugfix
-      on 0.2.3.18-rc.
-
diff --git a/changes/bug9229 b/changes/bug9229
deleted file mode 100644
index ad7fd22c28..0000000000
--- a/changes/bug9229
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Avoid 60-second delays in the bootstrapping process when Tor
-      is launching for a second time while using bridges. Fixes bug 9229;
-      bugfix on 0.2.0.3-alpha.
-
diff --git a/changes/bug9393 b/changes/bug9393
deleted file mode 100644
index 9aedd1260b..0000000000
--- a/changes/bug9393
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Give the correct URL in the warning message that we present
-      when the user is trying to run a Tor relay on an ancient version
-      of Windows. Fixes bug 9393.
diff --git a/changes/bug9686_024 b/changes/bug9686_024
deleted file mode 100644
index 8705379d32..0000000000
--- a/changes/bug9686_024
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (security):
-    - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
-      the default at 8GBytes), to better support Raspberry Pi users. Fixes
-      bug 9686; bugfix on 0.2.4.14-alpha.
-
diff --git a/changes/bug9700 b/changes/bug9700
deleted file mode 100644
index f59f54cb01..0000000000
--- a/changes/bug9700
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix a compilation error when compiling with --disable-cuve25519.
-      Fixes bug 9700; bugfix on 0.2.4.17-rc.
diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers
deleted file mode 100644
index 05eb4e9bcc..0000000000
--- a/changes/ff28_ciphers
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (performance, compatibility):
-    - Update the list of TLS cipehrsuites that a client advertises
-      to match those advertised by Firefox 28. This enables selection of
-      (fast) GCM ciphersuites, disables some strange old ciphers, and
-      disables the ECDH (not to be confused with ECDHE) ciphersuites.
-      Resolves ticket 11438.
diff --git a/changes/md_leak_bug b/changes/md_leak_bug
deleted file mode 100644
index 26270aacc3..0000000000
--- a/changes/md_leak_bug
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, OOM)
-    - Fix a memory leak that could occur if a microdescriptor parse
-      fails during the tokenizing step. This could enable a memory
-      exhaustion attack by directory servers. Fixes bug #11649; bugfix
-      on 0.2.2.6-alpha.
diff --git a/changes/ticket11528 b/changes/ticket11528
deleted file mode 100644
index 15daad9950..0000000000
--- a/changes/ticket11528
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features:
-    - Servers now trust themselves to have a better view than clients of
-      which TLS ciphersuites to choose. (Thanks to #11513, the server
-      list is now well-considered, whereas the client list has been
-      chosen mainly for anti-fingerprinting purposes.) Resolves ticket
-      11528.