and bring all the changelogs into master too

1 files changed, 114 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index fc8348d51a..688d6554ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,120 @@
 Changes in version 0.2.6.1-alpha - 2014-??-??
 
 
+Changes in version 0.2.5.6-alpha - 2014-07-28
+  Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
+  risk from guard rotation, and fixes a variety of other issues to get
+  us closer to a release candidate.
+
+  o Major features (also in 0.2.4.23):
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes (also in 0.2.4.23):
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Major bugfixes:
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Minor features:
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+    - Slightly enhance the diagnostic message for bug 12184.
+
+  o Minor bugfixes (also in 0.2.4.23):
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Fix compilation when building with bufferevents enabled. (This
+      configuration is still not expected to work, however.)
+      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
+      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
+      Gunasekaran.
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.5.5-alpha - 2014-06-18
   Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
   0.2.5.x release series, including a couple of DoS issues, some