Fold in and clean up remaining changes files

11 files changed, 59 insertions, 66 deletions

diff --git a/ChangeLog b/ChangeLog
index 8ea0008be1..764c5cc85a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.2.26-alpha - 2011-05-??
+Changes in version 0.2.2.26-beta - 2011-05-1?
   o Security fixes:
     - Replace all potentially sensitive memory comparison operations
       with versions whose runtime does not depend on the data being
@@ -6,6 +6,12 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
       adversary can use variations in timing information to learn
       sensitive data. Fix for one case of bug 3122. (Safe memcmp
       implementation by Robert Ransom based partially on code by DJB.)
+    - When receiving a hidden service descriptor, check that it is for
+      the hidden service we wanted. Previously, Tor would store any
+      hidden service descriptors that a directory gave it, whether it
+      wanted them or not. This wouldn't have let an attacker impersonate
+      a hidden service, but it did let directories pre-seed a client
+      with a descriptors that it didn't want. Bugfix on 0.0.6.
 
   o Major features:
     - The options SocksPort, ControlPort, and so on now all accept a
@@ -23,6 +29,15 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
       given connection type. This is useful when the user has configured
       "SocksPort auto" and the controller needs to know which port got
       chosen. Resolves another part of ticket 3076.
+    - Add a new ControlSocketsGroupWritable configuration option: when
+      it is turned on, ControlSockets are group-writeable by the default
+      group of the current user. Patch by Jérémy Bobbio; implements
+      ticket 2972.
+    - Tor now refuses to create a ControlSocket in a directory that is
+      world-readable (or group-readable if ControlSocketsGroupWritable
+      is 0). This is necessary because some operating systems do not
+      enforce permissions on an AF_UNIX sockets. Permissions on the
+      directory holding the socket, however, seems to work everywhere.
     - Rate-limit a warning about failures to download v2 networkstatus
       documents.  Resolves part of bug 1352.
     - Backport code from 0.2.3.x to allow directory authorities to clean
@@ -31,6 +46,10 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
       what it means rather than calling it an unexpected status code.
       Closes bug 2503. Patch from Michael Yakubovich.
     - Update to the May 1 2011 Maxmind GeoLite Country database.
+    - Set SO_REUSEADDR on all sockets, not just listeners. This should
+      help busy exit nodes avoid running out of useable ports just
+      because all the ports have been used in the near past. Resolves
+      issue 2850.
 
   o Minor bugfixes:
     - When loading the microdesc journal, remember its current size.
@@ -65,6 +84,45 @@ Changes in version 0.2.2.26-alpha - 2011-05-??
     - Add missing explanations for the authority-related torrc options
       RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey in the
       man page. Resolves issue 2379.
+    - On SIGHUP, do not clear out all TrackHostExits mappings, client
+      DNS cache entries, and virtual address mappings: that's what
+      NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.
+    - When a controller changes TrackHostExits, remove mappings for
+      hosts that should no longer have their exits tracked. Bugfix on
+      0.1.0.1-rc.
+    - When a controller changes VirtualAddrNetwork, remove any mappings
+      for hosts that were automapped to the old network. Bugfix on
+      0.1.1.19-rc.
+    - When a controller changes one of the AutomapHosts* options, remove
+      any mappings for hosts that should no longer be automapped. Bugfix
+      on 0.2.0.1-alpha.
+    - Accept hidden service descriptors if we think we are a hidden
+      service directory, regardless of what our consensus says. This
+      helps robustness, since clients and hidden services can sometimes
+      have a more up-to-date view of the network consensus than we do,
+      and if they think that the directory authorities list us a HSDir,
+      we might actually be one. Related to bug 2732; bugfix on
+      0.2.0.10-alpha.
+    - Do not reset the bridge descriptor download status every time we
+      re-parse our configuration or get a configuration change. Fixes
+      bug 3019; bugfix on 0.2.0.3-alpha.
+    - Resolve an untriggerable issue in smartlist_string_num_isin(),
+      where if the function had ever in the future been used to check
+      for the presence of a too-large number, it would have given an
+      incorrect result. (Fortunately, we only used it for 16-bit
+      values.)  Fixes bug 3175; bugfix on 0.1.0.1-rc.
+    - Require that introduction point keys and onion keys have public
+      exponent 65537. Bugfix on 0.2.0.10-alpha.
+    - As an authority, do not upload our own vote or signature set to
+      ourself. It would tell us nothing new, and as of 0.2.2.24-alpha,
+      it would get flagged as a duplicate. Resolves bug 3026.
+    - Accept hidden service descriptors if we think we are a hidden
+      service directory, regardless of what our consensus says. This
+      helps robustness, since clients and hidden services can sometimes
+      have a more up-to-date view of the network consensus than we do,
+      and if they think that the directory authorities list us a HSDir,
+      we might actually be one. Related to bug 2732; bugfix on
+      0.2.0.10-alpha.
 
   o Removed features:
     - Caches no longer download and serve v2 networkstatus documents
diff --git a/changes/bug1345 b/changes/bug1345
deleted file mode 100644
index 0c9375a35d..0000000000
--- a/changes/bug1345
+++ /dev/null
@@ -1,13 +0,0 @@
-  o Minor bugfixes:
-    - On SIGHUP, do not clear out all TrackHostExits mappings, client DNS
-      cache entries, and virtual address mappings: that's what NEWNYM is
-      for.  Bugfix on Tor 0.1.0.1-rc; fixes bug 1345.
-    - When TrackHostExits is changed from a controller, remove any
-      mappings for hosts that should no longer have their exits tracked.
-      Bugfix on Tor 0.1.0.1-rc.
-    - When VirtualAddrNetwork option is changed from a controller,
-      remove any mappings for hosts that were automapped to
-      that network.  Bugfix on 0.1.1.19-rc.
-    - When one of the AutomapHosts* options is changed from a
-      controller, remove any mappings for hosts that should no longer be
-      automapped.  Bugfix on 0.2.0.1-alpha.
diff --git a/changes/bug2732-simple b/changes/bug2732-simple
deleted file mode 100644
index 367836152d..0000000000
--- a/changes/bug2732-simple
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes
-    - Do not reject hidden service descriptors simply because we don't
-      think we have not been assigned the HSDir flag.  Clients and
-      hidden services can have a more up-to-date view of the network
-      consensus, and if they think that the directory authorities
-      list us a HSDir, we might actually be one.  Related to bug 2732;
-      bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug2792_checkdir b/changes/bug2792_checkdir
deleted file mode 100644
index 10de1deb2d..0000000000
--- a/changes/bug2792_checkdir
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Minor features:
-    - Tor now refuses to create a ControlSocket in a directory that is
-      world-readable (or group-readable if ControlSocketsGroupWritable
-      is 0).  This is necessary because some operating systems do not
-      check the permissions on an AF_UNIX socket when programs try to
-      connect to it.  Checking permissions on the directory holding
-      the socket, however, seems to work everywhere.
-
diff --git a/changes/bug2850 b/changes/bug2850
deleted file mode 100644
index 77ccbfa25d..0000000000
--- a/changes/bug2850
+++ /dev/null
@@ -1,5 +0,0 @@
-  - Minor features
-    o Set SO_REUSEADDR on all sockets, not just listeners.  This should
-      help busy exit nodes avoid running out of useable ports just because
-      all the ports have been used in the near past.  Resolves issue 2850.
-
diff --git a/changes/bug2972 b/changes/bug2972
deleted file mode 100644
index 26afcca421..0000000000
--- a/changes/bug2972
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features:
-    - Allow ControlSockets to be group-writable when the
-      ControlSocksGroupWritable configuration option is turned on. Patch
-      by Jérémy Bobbio; implements ticket 2972.
-
diff --git a/changes/bug3019 b/changes/bug3019
deleted file mode 100644
index 4df709fb3b..0000000000
--- a/changes/bug3019
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Do not reset the bridge descriptor download status every time we
-      re-parse our configuration or get a configuration change.  Fixes
-      bug 3019; bugfix on Tor 0.2.0.3-alpha.
diff --git a/changes/bug3026 b/changes/bug3026
deleted file mode 100644
index c0c0a3860a..0000000000
--- a/changes/bug3026
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (directory authority)
-    - Do not upload our own vote or signature set to ourself.  It would
-      tell us nothing new.  Also, as of Tor 0.2.2.24-alpha, we started
-      to warn about receiving duplicate votes.  Resolves bug 3026.
diff --git a/changes/bug3175 b/changes/bug3175
deleted file mode 100644
index 3360fbce00..0000000000
--- a/changes/bug3175
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - Resolve an untriggerable issue in smartlist_string_num_isin(),
-      where if the function had ever in the future been used to check
-      for the presence of a too-large number, it would have given an
-      incorrect result.  (Fortunately, we only used it for 16-bit
-      values.)  Fixes bug 3175; bugfix on Tor 0.1.0.1-rc.
-
diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id
deleted file mode 100644
index 2f37c30216..0000000000
--- a/changes/check-fetched-rend-desc-service-id
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Security fixes:
-    - When fetching a hidden service descriptor, check that it is for
-      the hidden service we were trying to connect to, in order to
-      stop a directory from pre-seeding a client with a descriptor for
-      a hidden service that they didn't want.  Bugfix on 0.0.6.
-
-
diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents
deleted file mode 100644
index a8d00673be..0000000000
--- a/changes/check-public-key-exponents
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Require that introduction point keys and onion keys have public
-      exponent 65537.  Bugfix on 0.2.0.10-alpha.
-
-