Start on an 0.2.6.1-alpha changelog

I concatenated the remaining changes/* files, removed them, made the
headings more uniform, then told format_changelog.py to sort,
collate, and wrap them.

1 files changed, 349 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 32a4ab35ec..5f8b6627c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,353 @@
 Changes in version 0.2.6.1-alpha - 2014-??-??
+  o Major features (bridges):
+    - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
+      transports if they are configured via the "TOR_PT_PROXY" enviorment
+      variable. Implements proposal 232. Resolves ticket 8402.
+
+  o Major features (client performance, hidden services):
+    - Allow clients to use optimistic data when connecting to a hidden
+      service, which should cut out the initial round-trip for client-
+       side programs including Tor Browser. (Now that Tor 0.2.2.x is
+      obsolete, all hidden services should support server-side
+      optimistic data.) See proposal 181 for details. Implements ticket
+      13211. - Add an option to overwrite logs (TruncateLogFile). Closes
+      ticket #5583.
+
+  o Major features (directory system):
+    - Upon receiving a server descriptor, microdescriptor, extrainfo
+      document, or other object that is unparseable, if its digest
+      matches what we expected, then mark it as not to be downloaded
+      again. Previously, when we got a descriptor we didn't like, we
+      would keep trying to download it over and over. Closes
+      ticket 11243.
+
+  o Major features (sample torrc):
+    - Add a new, infrequently-changed "torrc.minimal". This file's
+      purpose is similar to torrc.sample, but it is meant to be small
+      and change as infrequently as possible, for the benefit of users
+      whose systems prompt them for intervention whenever a default
+      configuration file is changed. Making this change allows us to
+      update torrc.sample to be a more generally useful "sample torrc".
+
+  o Major bugfixes (directory authorities):
+    - Relays should not be assigned the HSDir flag if they are
+      considered invalid. Also, do not assign the HSDir flag to relays
+      that are currently hibernating. Fixes #12573. Bugfix
+      on tor-0.2.0.10-alpha
+
+  o Major bugfixes (directory bandwidth performance):
+    - Don't flush the zlib buffer aggressively when compressing
+      directory information for clients. This should save about 7% of
+      the bandwidth currently used for compressed descriptors and
+      microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
+
+  o Minor features (security, memory wiping):
+    - Ensure we securely wipe keys from memory after
+      crypto_digest_get_digest and init_curve25519_keypair_from_file
+      have finished using them. Fixes bug 13477.
+
+  o Minor features (security, out-of-memory handling):
+    - When handling a low-memory situation, allocate less memory for
+      teporary data structures. Fixes issue 10115.
+    - When closing an edge connection because we've run out of memory,
+      also count the amount of memory that any tunnelled directory
+      connection attached to that connection had consumed. Part of
+      ticket 11792.
+    - When considering whether we're running low on memory, consider
+      memory that was allocated as part of zlib buffers as well. Count
+      that memory as reclaimed by our OOM handler. Part of ticket 11792.
+    - When handling out-of-memory conditions, also look at non-tunnneled
+      directory connections, and kill the ones that have had data
+      sitting on them for the longest. Part of ticket 11792.
+
+  o Minor features (client):
+    - Clients are now willing to send optimistic circuit data (before
+      they receive a 'connected' cell) to relays of any version. We used
+      to only do it for relays running 0.2.3.1-alpha or later, but now
+      all relays are new enough. Resolves ticket 13153.
+
+  o Minor features (directory authorities):
+    - Don't list relays with a bandwidth estimate of 0 in the consensus.
+      Implements a feature proposed during discussion of bug 13000.
+    - In tor-gencert, report an error if the user provides the same
+      argument more than once.
+    - If a directory authority can't find a best consensus method in the
+      votes that it holds, it now falls back to its favorite consensus
+      method. Previously, it fell back to method 1. Neither of these is
+      likely to get enough signatures, but "fall back to favorite"
+      doesn't require us to maintain support an obsolete consensus
+      method. Implements another part of proposal 215.
+
+  o Minor features (logging):
+    - On unix, you can now use named pipes as the target of the Log
+      option, and other options that try to append to files. Closes
+      ticket 12061. Patch from "carlo von lynX".
+    - When opening a log file at startup, send it every log message that
+      we generated between startup and opening it. Closes ticket 6938.
+
+  o Minor features (portability, Solaris):
+    - Threads are no longer disabled by default on Solaris; we believe
+      that the versions of Solaris with broken threading support are all
+      obsolete by now. Resolves ticket 9495.
+
+  o Minor features (relay):
+    - Re-check our address after we detect a changed IP address from
+      getsockname(). This ensures that the controller command "GETINFO
+      address" will report the correct value. Resolves ticket 11582.
+      Patch from "ra".
+    - A new AccountingRule option lets you set whether you'd like the
+      AccountingMax value to be applied separately to inbound and
+      outbound traffic, or applied to the sum of inbound and outbound
+      traffic. Resolves ticket 961. Patch by "chobe".
+
+  o Minor features (testing networks):
+    - Add the TestingDirAuthVoteExit option, a list of nodes to vote
+      Exit for regardless of their uptime, bandwidth, or exit policy.
+      TestingTorNetwork must be set for this option to have any effect.
+      Works around an issue where authorities would take up to 35
+      minutes to give nodes the Exit flag in a test network, despite
+      short consensus intervals. Partially implements ticket 13161.
+
+  o Minor features (validation):
+    - Check all date/time values passed to tor_timegm and
+      parse_rfc1123_time for validity, taking leap years into account.
+      Improves HTTP header validation. Implemented with bug 13476.
+    - Clamp year values returned by system localtime(_r) and gmtime(_r)
+      to year 1 in correct_tm. This ensures tor can read any values it
+      writes out. Fixes bug 13476.
+
+  o Minor bugfixes (bridge clients):
+    - When a bridge has been configured without an identity digest (not
+      recommended), avoid launching an extra channel to it when
+      bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (bridges):
+    - When DisableNetwork is set, do not launch pluggable transport
+      plugins, and if any are running already, terminate the existing
+      instances. Resolves ticket 13213.
+
+  o Minor bugfixes (C correctness):
+    - Fix several instances of possible integer overflow/underflow/NaN.
+      Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
+      from "teor".
+    - In circuit_build_times_calculate_timeout() in circuitstats.c,
+      avoid dividing by zero in the pareto calculations. This traps
+      under clang -fsanitize=undefined-trap
+      -fsanitize-undefined-trap-on-error. Fixes bug 13290; bugfix
+      on tor-0.2.2.2-alpha.
+    - Fix an instance of integer overflow in format_time_interval().
+      Fixes bug 13393.
+    - Set the correct day of year value when the system's localtime(_r)
+      or gmtime(_r) functions fail to set struct tm. Not externally
+      visible. Fixes bug 13476.
+    - Avoid unlikely signed integer overflow in tor_timegm on systems
+      with 32-bit time_t. Fixes bug 13476.
+
+  o Minor bugfixes (client):
+    - Use the consensus schedule for downloading consensuses, and not
+      the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
+    - Handle unsupported SOCKS5 requests properly by responding with
+      'Command not supported' reply message before closing a TCP
+      connection to the user. Fixes bug 12971.
+    - Handle malformed SOCKS5 requests properly by responding with an
+      appropriate error message before closing a TCP connection to the
+      user. Fixes bug 13314.
+
+  o Minor bugfixes (client, torrc):
+    - Stop modifying the value of our DirReqStatistics torrc option just
+      because we're not a bridge or relay. This bug was causing Tor
+      Browser users to write "DirReqStatistics 0" in their torrc files
+      as if they had chosen to change the config. Fixes bug 4244; bugfix
+      on 0.2.3.1-alpha.
+    - When GeoIPExcludeUnkonwn is enabled, do not incorrectly decide
+      that our options have changed every time we SIGHUP. Fixes bug
+      9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
+
+  o Minor bugfixes (controller):
+    - Return an error when the second or later arguments of the
+      "setevents" controller command are invalid events. Previously we
+      would return success while silently skipping invalid events. Fixes
+      bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
+
+  o Minor bugfixes (directory system):
+    - Always believe that v3 directory authorities serve extra-info
+      documents, regardless of whether their server descriptor contains
+      a "caches-extra-info" line or not. Fixes part of #11683. Bugfix
+      on 0.2.0.1-alpha.
+    - When running as a v3 directory authority, advertise that you serve
+      extra-info documents so that clients who want them can find them
+      from you too. Fixes part of bug #11683. Bugfix on 0.2.0.1-alpha.
+    - Bitwise check the BRIDGE_DIRINFO flag rather than using equality.
+      Fixes a (potential) bug where directories offering BRIDGE_DIRINFO
+      and some other flag (i.e. microdescriptors or extrainfo) would be
+      ignored when looking for bridge directories. Partially fixes
+      bug 13163.
+
+  o Minor bugfixes (networking):
+    - Check for orconns and use connection_or_close_for_error() rather
+      than connection_mark_for_close() directly in the getsockopt()
+      failure case of connection_handle_write_impl(). Fixes bug #11302.
+
+  o Minor bugfixes (relay):
+    - When generating our family list, remove spaces from around the
+      entries there. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
+    - If our previous bandwidth estimate was 0 bytes, allow publishing a
+      new relay descriptor immediately. Fixes bug 13000; bugfix
+      on 0.1.1.6-alpha.
+
+  o Minor bugfixes (testing networks):
+    - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
+      testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
+    - Stop using the default authorities in networks which provide both
+      AlternateDirAuthority and AlternateBridgeAuthority. Partially
+      fixes bug 13163.
+
+  o Minor bugfixes (testing):
+    - Stop spawn test failures due to a race condition between the
+      SIGCHLD handler updating the process status, and the test reading
+      it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (testing, Windows):
+    - Avoid passing an extra backslash when creating a temporary
+      directory for running the unit tests on Windows. Fixes bug 12392;
+      bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
+
+  o Minor bugfixes (windows):
+    - Remove code to special-case handling of NTE_BAD_KEYSET when
+      acquiring windows CryptoAPI context. This error can't actually
+      occur for the parameters we're providing. Fixes bug 10816; bugfix
+      on 0.0.2pre26.
+
+  o Minor bugfixes (zlib):
+    - When trying to finalize a zlib stream where we have already
+      exhausted all the input bytes and we need more bytes in the output
+      buffer, do not report the write as successful. Fixes bug 11824;
+      bugfix on 0.1.1.23.
+
+  o Build fixes:
+    - Allow our configure script to build correctly with autoconf 2.62
+      again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
+    - Improve configure script error message to make it clear that
+      compilation has failed and that user has to either add
+      --disable-asciidoc argument or install asciidoc. Resolves
+      ticket 13228.
+    - Stop test & bench build failures with --disable-curve25519. Fixes
+      bug 13285.
+
+  o Code simplification and refactoring:
+    - Change the entry_is_live() function to take named bitfield
+      elements instead of an unnamed list of booleans. Closes
+      ticket 12202.
+    - Refactoring and unit-testing entry_is_time_to_retry() in
+      entrynodes.c. Resolves ticket 12205.
+    - Use calloc and reallocarray functions in preference to multiply-
+      then-malloc. This makes it less likely for us to fall victim to an
+      integer overflow attack when allocating. Resolves ticket 12855.
+    - Use the standard macro name SIZE_MAX, instead of our
+      own SIZE_T_MAX.
+    - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
+      functions which take them as arguments. Replace 0 with NO_DIRINFO
+      in a function call for clarity. Seeks to prevent future issues
+      like 13163.
+    - Avoid 4 null pointer errors under clang shallow analysis by using
+      tor_assert() to prove that the pointers aren't null. Fixes
+      bug 13284.
+
+  o Code simplifications and refactoring:
+    - Reworking API of policies_parse_exit_policy() function to use a
+      bitmask to represent parsing options instead of a confusing mess
+      of booleans. Resolves ticket 8197.
+    - Introducing helper function to parse ExitPolicy in
+      or_options_t structure.
+
+  o New compiler requirements:
+    - Tor 0.2.6.x requires that your compiler support more of the C99
+      language standard than before. The 'configure' script now detects
+      whether your compiler supports C99 mid-block declarations and
+      designated initializers. If it does not, Tor will not compile.
+
+      We may revisit this requirement if it turns out that a significant
+      number of people need to build Tor with compilers that don't
+      bother implementing a 15-year-old standard. Closes ticket 13233.
+
+  o Removed code:
+    - We no longer remind the user about obsolete configuration options
+      that have been obsolete since 0.2.3.x or later. Patch by
+      Adrien Bak.
+
+  o Removed features:
+    - The old "StrictEntryNodes" and "StrictExitNodes" options, which
+      used to be deprecated synonyms for "StrictNodes", are now marked
+      obsolete. Resolves ticket 12226.
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+    - Directory authorities do not support being Naming dirauths
+      anymore. The "NamingAuthoritativeDir" config option has
+      been obsoleted.
+    - Directory authorities do not support giving out the BadDirectory
+      flag anymore.
+    - Clients don't understand the BadDirectory flag in the consensus
+      anymore, and ignore it.
+    - Tor no longer supports systems without threading support. When we
+      began working on Tor, there were several systems that didn't have
+      threads, or where the thread support wasn't able to run the
+      threads of a single process on multiple CPUs. That no longer
+      holds: every system where Tor needs to run well now has threading
+      support. Resolves ticket 12439.
+
+  o Removed platform support:
+    - We no longer include special code to build on Windows CE; as far
+      as we know, nobody has used Tor on Windows CE in a very long time.
+      Closes ticket 11446.
+
+  o Testing:
+    - Refactor the function that chooses guard nodes so that it can more
+      easily be tested; write some tests for it.
+    - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
+      bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
+    - Create unit tests for format_time_interval(). With bug 13393.
+    - Add unit tests for tor_timegm signed overflow, tor_timegm and
+      parse_rfc1123_time validity checks, correct_tm year clamping. Unit
+      tests (visible) fixes in bug 13476.
+    - Add a "coverage-html" make target to generate HTML-visualized
+      coverage results when building with --enable-coverage. (Requires
+      lcov.) Patch from Kevin Murray.
+    - Enable the backtrace handler (where supported) when running the
+      unit tests.
+    - Revise all unit tests that used the legacy test_* macros to
+      instead use the recommended tt_* macros. This patch was generated
+      with coccinelle, to avoid manual errors. Closes ticket 13119.
+
+  o Distribution (systemd):
+    - systemd unit file: only allow tor to write to /var/lib/tor and
+      /var/log/tor. The rest of the filesystem is accessible for reading
+      only. Patch by intrigeri; resolves ticket 12751.
+    - systemd unit file: ensures that the process and all its children
+      can never gain new privileges. Patch by intrigeri; resolves
+      ticket 12939.
+    - systemd unit file: set up /var/run/tor as writable for the Tor
+      service. Patch by intrigeri; resolves ticket 13196.
+
+  o Removed features (directory authorities):
+    - Remove code that prevented authorities from listing Tor servers
+      affected by CVE-2011-2769 as guards. These servers are already
+      rejected altogether due to the minimum version requirement of
+      0.2.3.16-alpha. Closes ticket 13152.
+    - Directory authorities no longer advertise or support consensus
+      methods 1 through 12 inclusive. These consensus methods were
+      obsolete and/or insecure: maintaining the ability to support them
+      served no good purpose. Implements part of proposal 215; closes
+      ticket 10163.
+
+  o Testing (test-network.sh):
+    - Stop using "echo -n", as some shells' built-in echo doesn't
+      support "-n". Instead, use "/bin/echo -n". Partially fixes
+      bug 13161.
+    - Stop an apparent test-network hang when used with make -j2. Fixes
+      bug 13331.
+    - Add a --delay option to test-network.sh, which configures the
+      delay before the chutney network tests for data transmission.
+      Partially implements ticket 13161.
 
 
 Changes in version 0.2.5.10 - 2014-10-24