102 files changed, 1193 insertions, 799 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d033b7ca30..4a4798e3e5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -97,6 +97,8 @@ variables:
     - if [ "$STEM" = yes ]; then apt-get install timelimit; fi
     - if [ "$CC" = clang ]; then apt-get install clang; fi
     - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
+    # llvm-symbolizer for sanitizer backtrace
+    - if [ "$HARDENING" = yes ]; then apt-get install llvm; fi
     # TODO: This next line should not be debian-only.
     - if [ "$STEM" = yes ]; then git clone --depth 1 https://git.torproject.org/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
     # TODO: This next line should not be debian-only.
@@ -111,7 +113,7 @@ debian-minimal:
   script:
     - ./scripts/ci/ci-driver.sh
 
-# Minmal check on debian/i386: just make, make check.
+# Minimal check on debian/i386: just make, make check.
 #
 debian-i386-minimal:
   image: i386/debian:buster
diff --git a/ChangeLog b/ChangeLog
index 0ed1710d7b..ed3875a629 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,378 @@
+Changes in version 0.4.7.11 - 2022-11-10
+  This version contains several major fixes aimed at helping defend against
+  network denial of service. It is also extending drastically the MetricsPort
+  for relays to help us gather more internal data to investigate performance
+  and attacks.
+
+  We strongly recommend to upgrade to this version especially for Exit relays
+  in order to help the network defend against this ongoing DDoS.
+
+  o Directory authority changes (dizum, Faravahar):
+    - Change dizum IP address. Closes ticket 40687.
+    - Remove Faravahar until its operator, Sina, set it back up online
+      outside of Team Cymru network. Closes ticket 40688.
+
+  o Major bugfixes (geoip data):
+    - IPFire informed us on August 12th that databases generated after
+      (including) August 10th did not have proper ARIN network
+      allocations. We are updating the database to use the one generated
+      on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13.
+
+  o Major bugfixes (onion service):
+    - Set a much higher circuit build timeout for opened client rendezvous
+      circuit. Before this, tor would time them out very quickly leading to
+      unnecessary retries meaning more load on the network. Fixes bug 40694;
+      bugfix on 0.3.5.1-alpha.
+
+  o Major bugfixes (OSX):
+    - Fix coarse-time computation on Apple platforms (like Mac M1) where
+      the Mach absolute time ticks do not correspond directly to
+      nanoseconds. Previously, we computed our shift value wrong, which
+      led us to give incorrect timing results. Fixes bug 40684; bugfix
+      on 0.3.3.1-alpha.
+
+  o Major bugfixes (relay):
+    - Improve security of our DNS cache by randomly clipping the TTL
+      value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
+
+  o Minor feature (Mac and iOS build):
+    - Change how combine_libs works on Darwin like platforms to make
+      sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
+      symbols on the archive before we repack and run ${RANLIB} on the
+      archive. This fixes a build issue with recent Xcode versions on
+      Mac Silicon and iOS. Closes ticket 40683.
+
+  o Minor feature (metrics):
+    - Add various congestion control counters to the MetricsPort. Closes
+      ticket 40708.
+
+  o Minor feature (performance):
+    - Bump the maximum amount of CPU that can be used from 16 to 128. Note
+      that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug
+      40703; bugfix on 0.3.5.1-alpha.
+
+  o Minor feature (relay):
+    - Make an hardcoded value for the maximum of per CPU tasks into a
+      consensus parameter.
+    - Two new consensus parameters are added to control the wait time in
+      queue of the onionskins. One of them is the torrc
+      MaxOnionQueueDelay options which supersedes the consensus
+      parameter. Closes ticket 40704.
+
+  o Minor feature (relay, DoS):
+    - Apply circuit creation anti-DoS defenses if the outbound circuit
+      max cell queue size is reached too many times. This introduces two
+      new consensus parameters to control the queue size limit and
+      number of times allowed to go over that limit. Closes ticket 40680.
+
+  o Minor feature (relay, metrics):
+    - Add DoS defenses counter to MetricsPort.
+    - Add congestion control RTT reset counter to MetricsPort.
+    - Add counters to the MetricsPort how many connections, per type,
+      are currently opened and how many were created.
+    - Add relay flags from the consensus to the MetricsPort.
+    - Add total number of opened circuits to MetricsPort.
+    - Add total number of streams seen by an Exit to the MetricsPort.
+    - Add traffic stats as in number of read/written bytes in total.
+    - Related to ticket 40194.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 10, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/11/10.
+
+  o Minor bugfixes (authorities, sandbox):
+    - Allow to write file my-consensus-<flavor-name> to disk when
+      sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (dirauth):
+    - Directory authorities stop voting a consensus "Measured" weight
+      for relays with the Authority flag. Now these relays will be
+      considered unmeasured, which should reserve their bandwidth for
+      their dir auth role and minimize distractions from other roles. In
+      place of the "Measured" weight, they now include a
+      "MeasuredButAuthority" weight (not used by anything) so the
+      bandwidth authority's opinion on this relay can be recorded for
+      posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
+      torrc option which never worked right. Fixes bugs 40698 and 40700;
+      bugfix on 0.4.7.2-alpha.
+
+  o Minor bugfixes (onion service client):
+    - A collapsing onion service circuit should be seen as an
+      "unreachable" error so it can be retried. Fixes bug 40692; bugfix
+      on 0.3.5.1-alpha.
+
+  o Minor bugfixes (onion service):
+    - Make the service retry a rendezvous if the circuit is being
+      repurposed for measurements. Fixes bug 40696; bugfix
+      on 0.3.5.1-alpha.
+
+  o Minor bugfixes (relay overload statistics):
+    - Count total create cells vs dropped create cells properly, when
+      assessing if our fraction of dropped cells is too high. We only
+      count non-client circuits in the denominator, but we would include
+      client circuits in the numerator, leading to surprising log lines
+      claiming that we had dropped more than 100% of incoming create
+      cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.
+
+  o Code simplification and refactoring (bridges):
+    - Remove unused code related to ExtPort connection ID. Fixes bug
+      40648; bugfix on 0.3.5.1-alpha.
+
+
+Changes in version 0.4.7.10 - 2022-08-12
+  This version updates the geoip cache that we generate from IPFire location
+  database to use the August 9th, 2022 one. Everyone MUST update to this
+  latest release else circuit path selection and relay metrics are badly
+  affected.
+
+  o Major bugfixes (geoip data):
+    - IPFire informed us on August 12th that databases generated after
+      (including) August 10th did not have proper ARIN network allocations. We
+      are updating the database to use the one generated on August 9th, 2022.
+      Fixes bug 40658; bugfix on 0.4.7.9.
+
+
+Changes in version 0.4.6.12 - 2022-08-12
+  This version updates the geoip cache that we generate from IPFire location
+  database to use the August 9th, 2022 one. Everyone MUST update to this
+  latest release else circuit path selection and relay metrics are badly
+  affected.
+
+  o Major bugfixes (geoip data):
+    - IPFire informed us on August 12th that databases generated after
+      (including) August 10th did not have proper ARIN network allocations. We
+      are updating the database to use the one generated on August 9th, 2022.
+      Fixes bug 40658; bugfix on 0.4.6.11.
+
+
+Changes in version 0.4.5.14 - 2022-08-12
+  This version updates the geoip cache that we generate from IPFire location
+  database to use the August 9th, 2022 one. Everyone MUST update to this
+  latest release else circuit path selection and relay metrics are badly
+  affected.
+
+  o Major bugfixes (geoip data):
+    - IPFire informed us on August 12th that databases generated after
+      (including) August 10th did not have proper ARIN network allocations. We
+      are updating the database to use the one generated on August 9th, 2022.
+      Fixes bug 40658; bugfix on 0.4.5.13.
+
+
+Changes in version 0.4.7.9 - 2022-08-11
+  This version contains several major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. It also contains a major bugfix related to
+  congestion control also aimed at reducing memory pressure on relays.
+  Finally, there is last one major bugfix related to Vanguard L2 layer node
+  selection.
+
+  We strongly recommend to upgrade to this version especially for Exit relays
+  in order to help the network defend against this ongoing DDoS.
+
+  o Major bugfixes (congestion control):
+    - Implement RFC3742 Limited Slow Start. Congestion control was
+      overshooting the congestion window during slow start, particularly
+      for onion service activity. With this fix, we now update the
+      congestion window more often during slow start, as well as dampen
+      the exponential growth when the congestion window grows above a
+      capping parameter. This should reduce the memory increases guard
+      relays were seeing, as well as allow us to set lower queue limits
+      to defend against ongoing DoS attacks. Fixes bug 40642; bugfix
+      on 0.4.7.5-alpha.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Major bugfixes (vanguards):
+    - We had omitted some checks for whether our vanguards (second layer
+      guards from proposal 333) overlapped. Now make sure to pick each
+      of them to be independent. Also, change the design to allow them
+      to come from the same family. Fixes bug 40639; bugfix
+      on 0.4.7.1-alpha.
+
+  o Minor features (dirauth):
+    - Add a torrc option to control the Guard flag bandwidth threshold
+      percentile. Closes ticket 40652.
+    - Add an AuthDirVoteGuard torrc option that can allow authorities to
+      assign the Guard flag to the given fingerprints/country code/IPs.
+      This is a needed feature mostly for defense purposes in case a DoS
+      hits the network and relay start losing the Guard flags too fast.
+    - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE,
+      TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable
+      from torrc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor bugfixes (congestion control):
+    - Add a check for an integer underflow condition that might happen
+      in cases where the system clock is stopped, the ORconn is blocked,
+      and the endpoint sends more than a congestion window worth of non-
+      data control cells at once. This would cause a large congestion
+      window to be calculated instead of a small one. No security
+      impact. Fixes bug 40644; bugfix on 0.4.7.5-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
+Changes in version 0.4.6.11 - 2022-08-11
+  This version contains two major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. The rest of the fixes were backported for
+  stability or safety purposes.
+
+  This is the very LAST version of this series. As of August 1st 2022, it is
+  end-of-life (EOL). We thus strongly recommend to upgrade to the latest
+  stable of the 0.4.7.x series.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34
+      and later. Closes ticket 40590.
+
+  o Minor bugfixes (controller, path bias):
+    - When a circuit's path is specified, in full or in part, from the
+      controller API, do not count that circuit towards our path-bias
+      calculations. (Doing so was incorrect, since we cannot tell
+      whether the controller is selecting relays randomly.) Resolves a
+      "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash
+      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
+      40601; bugfix on 0.3.5.11.
+
+  o Minor bugfixes (metrics port, onion service):
+    - The MetricsPort line for an onion service with multiple ports are now
+      unique that is one line per port. Before this, all ports of an onion
+      service would be on the same line which violates the Prometheus rules of
+      unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
+
+  o Minor bugfixes (onion service, client):
+    - Fix a fatal assert due to a guard subsystem recursion triggered by
+      the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (performance, DoS):
+    - Fix one case of a not-especially viable denial-of-service attack
+      found by OSS-Fuzz in our consensus-diff parsing code. This attack
+      causes a lot small of memory allocations and then immediately
+      frees them: this is only slow when running with all the sanitizers
+      enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
+Changes in version 0.4.5.13 - 2022-08-11
+  This version contains two major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. The rest of the fixes were backported for
+  stability or safety purposes. We strongly recommend to upgrade your relay to
+  this version or, ideally, to the latest stable of the 0.4.7.x series.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34
+      and later. Closes ticket 40590.
+
+  o Minor bugfixes (controller, path bias):
+    - When a circuit's path is specified, in full or in part, from the
+      controller API, do not count that circuit towards our path-bias
+      calculations. (Doing so was incorrect, since we cannot tell
+      whether the controller is selecting relays randomly.) Resolves a
+      "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash
+      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
+      40601; bugfix on 0.3.5.11.
+
+  o Minor bugfixes (metrics port, onion service):
+    - The MetricsPort line for an onion service with multiple ports are now
+      unique that is one line per port. Before this, all ports of an onion
+      service would be on the same line which violates the Prometheus rules of
+      unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
+
+  o Minor bugfixes (onion service, client):
+    - Fix a fatal assert due to a guard subsystem recursion triggered by
+      the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (performance, DoS):
+    - Fix one case of a not-especially viable denial-of-service attack
+      found by OSS-Fuzz in our consensus-diff parsing code. This attack
+      causes a lot small of memory allocations and then immediately
+      frees them: this is only slow when running with all the sanitizers
+      enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
 Changes in version 0.4.7.8 - 2022-06-17
   This version fixes several bugfixes including a High severity security issue
   categorized as a Denial of Service. Everyone running an earlier version
diff --git a/Makefile.am b/Makefile.am
index 280047a71b..c7b8b16d35 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -185,7 +185,6 @@ EXTRA_DIST+= \
 	CODE_OF_CONDUCT							\
 	INSTALL								\
 	LICENSE								\
-	Makefile.nmake							\
 	README.md								\
 	ReleaseNotes							\
 	scripts/build/combine_libs					\
diff --git a/Makefile.nmake b/Makefile.nmake
deleted file mode 100644
index 32401b50b7..0000000000
--- a/Makefile.nmake
+++ /dev/null
@@ -1,19 +0,0 @@
-all:

-	cd src/common

-	$(MAKE) /F Makefile.nmake

-	cd ../../src/ext

-	$(MAKE) /F Makefile.nmake

-	cd ../../src/or

-	$(MAKE) /F Makefile.nmake

-	cd ../../src/test

-	$(MAKE) /F Makefile.nmake

-

-clean:

-	cd src/common

-	$(MAKE) /F Makefile.nmake clean

-	cd ../../src/ext

-	$(MAKE) /F Makefile.nmake clean

-	cd ../../src/or

-	$(MAKE) /F Makefile.nmake clean

-	cd ../../src/test

-	$(MAKE) /F Makefile.nmake clean

diff --git a/ReleaseNotes b/ReleaseNotes
index ae90f71510..a1c741ce84 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,218 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.7.9 - 2022-08-11
+  This version contains several major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. It also contains a major bugfix related to
+  congestion control also aimed at reducing memory pressure on relays.
+  Finally, there is last one major bugfix related to Vanguard L2 layer node
+  selection.
+
+  We strongly recommend to upgrade to this version especially for Exit relays
+  in order to help the network defend against this ongoing DDoS.
+
+  o Major bugfixes (congestion control):
+    - Implement RFC3742 Limited Slow Start. Congestion control was
+      overshooting the congestion window during slow start, particularly
+      for onion service activity. With this fix, we now update the
+      congestion window more often during slow start, as well as dampen
+      the exponential growth when the congestion window grows above a
+      capping parameter. This should reduce the memory increases guard
+      relays were seeing, as well as allow us to set lower queue limits
+      to defend against ongoing DoS attacks. Fixes bug 40642; bugfix
+      on 0.4.7.5-alpha.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Major bugfixes (vanguards):
+    - We had omitted some checks for whether our vanguards (second layer
+      guards from proposal 333) overlapped. Now make sure to pick each
+      of them to be independent. Also, change the design to allow them
+      to come from the same family. Fixes bug 40639; bugfix
+      on 0.4.7.1-alpha.
+
+  o Minor features (dirauth):
+    - Add a torrc option to control the Guard flag bandwidth threshold
+      percentile. Closes ticket 40652.
+    - Add an AuthDirVoteGuard torrc option that can allow authorities to
+      assign the Guard flag to the given fingerprints/country code/IPs.
+      This is a needed feature mostly for defense purposes in case a DoS
+      hits the network and relay start losing the Guard flags too fast.
+    - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE,
+      TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable
+      from torrc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor bugfixes (congestion control):
+    - Add a check for an integer underflow condition that might happen
+      in cases where the system clock is stopped, the ORconn is blocked,
+      and the endpoint sends more than a congestion window worth of non-
+      data control cells at once. This would cause a large congestion
+      window to be calculated instead of a small one. No security
+      impact. Fixes bug 40644; bugfix on 0.4.7.5-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
+Changes in version 0.4.6.11 - 2022-08-11
+  This version contains two major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. The rest of the fixes were backported for
+  stability or safety purposes.
+
+  This is the very LAST version of this series. As of August 1st 2022, it is
+  end-of-life (EOL). We thus strongly recommend to upgrade to the latest
+  stable of the 0.4.7.x series.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34
+      and later. Closes ticket 40590.
+
+  o Minor bugfixes (controller, path bias):
+    - When a circuit's path is specified, in full or in part, from the
+      controller API, do not count that circuit towards our path-bias
+      calculations. (Doing so was incorrect, since we cannot tell
+      whether the controller is selecting relays randomly.) Resolves a
+      "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash
+      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
+      40601; bugfix on 0.3.5.11.
+
+  o Minor bugfixes (metrics port, onion service):
+    - The MetricsPort line for an onion service with multiple ports are now
+      unique that is one line per port. Before this, all ports of an onion
+      service would be on the same line which violates the Prometheus rules of
+      unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
+
+  o Minor bugfixes (onion service, client):
+    - Fix a fatal assert due to a guard subsystem recursion triggered by
+      the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (performance, DoS):
+    - Fix one case of a not-especially viable denial-of-service attack
+      found by OSS-Fuzz in our consensus-diff parsing code. This attack
+      causes a lot small of memory allocations and then immediately
+      frees them: this is only slow when running with all the sanitizers
+      enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
+Changes in version 0.4.5.13 - 2022-08-11
+  This version contains two major fixes aimed at reducing memory pressure on
+  relays and possible side-channel. The rest of the fixes were backported for
+  stability or safety purposes. We strongly recommend to upgrade your relay to
+  this version or, ideally, to the latest stable of the 0.4.7.x series.
+
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      close normally. Before this, we would only remove the entry on error and
+      thus leaking memory for each normal OR connections. Fixes bug 40604;
+      bugfix on 0.4.0.1-alpha.
+    - Stop sending TRUNCATED cell and instead close the circuit from which we
+      received a DESTROY cell. This makes every relay in the circuit path to
+      stop queuing cells. Fixes bug 40623; bugfix on 0.1.0.2-rc.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2022/08/11.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34
+      and later. Closes ticket 40590.
+
+  o Minor bugfixes (controller, path bias):
+    - When a circuit's path is specified, in full or in part, from the
+      controller API, do not count that circuit towards our path-bias
+      calculations. (Doing so was incorrect, since we cannot tell
+      whether the controller is selecting relays randomly.) Resolves a
+      "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes. (It was safe
+      against these before, but not obviously so.) Fixes bug 40645;
+      bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash
+      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
+      40601; bugfix on 0.3.5.11.
+
+  o Minor bugfixes (metrics port, onion service):
+    - The MetricsPort line for an onion service with multiple ports are now
+      unique that is one line per port. Before this, all ports of an onion
+      service would be on the same line which violates the Prometheus rules of
+      unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
+
+  o Minor bugfixes (onion service, client):
+    - Fix a fatal assert due to a guard subsystem recursion triggered by
+      the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (performance, DoS):
+    - Fix one case of a not-especially viable denial-of-service attack
+      found by OSS-Fuzz in our consensus-diff parsing code. This attack
+      causes a lot small of memory allocations and then immediately
+      frees them: this is only slow when running with all the sanitizers
+      enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit in order to avoid a possible side channel. Fixes bug
+      40649; bugfix on 0.1.2.4-alpha.
+
+
 Changes in version 0.4.7.8 - 2022-06-17
   This version fixes several bugfixes including a High severity security issue
   categorized as a Denial of Service. Everyone running an earlier version
diff --git a/changes/aarch64_sandbox b/changes/aarch64_sandbox
new file mode 100644
index 0000000000..d1d64d6e6c
--- /dev/null
+++ b/changes/aarch64_sandbox
@@ -0,0 +1,5 @@
+  o Minor bugfixes (sandbox):
+    - Fix sandbox support on AArch64 systems. More "*at" variants of syscalls
+      are now supported. Signed 32 bit syscall parameters are checked more
+      precisely, which should lead to lower likelihood of breakages with future
+      compiler and libc releases. Fixes bug 40599; bugfix on 0.4.4.3-alpha.
diff --git a/changes/bsd_libc b/changes/bsd_libc
new file mode 100644
index 0000000000..01b09f0da5
--- /dev/null
+++ b/changes/bsd_libc
@@ -0,0 +1,3 @@
+  o Minor feature (compilation):
+    - Fix returning something other than "Unknown N/A" as libc version if we
+      build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD or NetBSD.
diff --git a/changes/bug40431 b/changes/bug40431
new file mode 100644
index 0000000000..fbc3bb5ca0
--- /dev/null
+++ b/changes/bug40431
@@ -0,0 +1,4 @@
+  o Removed features:
+    - Remove the RendPostPeriod option. This was primarily used in Version 2
+      Onion Services and after its deprecation isn't needed anymore. Closes
+      ticket 40431. Patch by Neel Chauhan.
diff --git a/changes/bug40523 b/changes/bug40523
new file mode 100644
index 0000000000..880fc469fd
--- /dev/null
+++ b/changes/bug40523
@@ -0,0 +1,4 @@
+  o Minor bugfixes (relay):
+    - Remove a harmless "Bug" log message that can happen in
+      relay_addr_learn_from_dirauth() on relays during startup. Finishes
+      fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.
diff --git a/changes/bug40603 b/changes/bug40603
new file mode 100644
index 0000000000..aa00718a48
--- /dev/null
+++ b/changes/bug40603
@@ -0,0 +1,5 @@
+  o Minor bugfixes (logging):
+    - Demote a harmless warn log message about finding a second hop to from
+      warn level to info level, if we do not have enough descriptors yet.
+      Leave it at notice level for other cases. Fixes bug 40603;
+      bugfix on 0.4.7.1-alpha.
diff --git a/changes/bug40612 b/changes/bug40612
new file mode 100644
index 0000000000..526f23bdd6
--- /dev/null
+++ b/changes/bug40612
@@ -0,0 +1,5 @@
+  o Minor bugfixes (logging):
+    - Demote a notice log message about "Unexpected path length" to info
+      level. These cases seem to happen arbitrarily, and we likely will
+      never find all of them before the switch to arti. Fixes bug 40612;
+      bugfix on 0.4.7.5-alpha.
diff --git a/changes/bug40619 b/changes/bug40619
new file mode 100644
index 0000000000..e49c2b5260
--- /dev/null
+++ b/changes/bug40619
@@ -0,0 +1,3 @@
+  o Minor bugfixes (logging):
+    - Correct a log message when cleaning microdescriptors.
+      Fixes bug 40619; bugfix on 0.2.5.4-alpha.
diff --git a/changes/bug40620 b/changes/bug40620
new file mode 100644
index 0000000000..086a71d3f6
--- /dev/null
+++ b/changes/bug40620
@@ -0,0 +1,3 @@
+  o Minor bugfixes (relay, logging):
+    - Demote a harmless XOFF log message to from notice level to info level.
+      Fixes bug 40620; bugfix on 0.4.7.5-alpha.
diff --git a/changes/bug40626 b/changes/bug40626
new file mode 100644
index 0000000000..cda8abe4d7
--- /dev/null
+++ b/changes/bug40626
@@ -0,0 +1,6 @@
+  o Major bugfixes (congestion control, TROVE-2022-001):
+    - Fix a scenario where RTT estimation can become wedged, seriously
+      degrading congestion control performance on all circuits. This impacts
+      clients, onion services, and relays, and can be triggered remotely by a
+      malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix
+      on 0.4.7.5-alpha.
diff --git a/changes/faster_tests b/changes/faster_tests
new file mode 100644
index 0000000000..150dff968f
--- /dev/null
+++ b/changes/faster_tests
@@ -0,0 +1,3 @@
+  o Minor features (tests):
+    - Avoid needless key reinitialization with OpenSSL during unit tests,
+      saving significant time.  Patch from Alex Xu.
diff --git a/changes/ip_bind_address_no_port b/changes/ip_bind_address_no_port
new file mode 100644
index 0000000000..9c4f712a9e
--- /dev/null
+++ b/changes/ip_bind_address_no_port
@@ -0,0 +1,5 @@
+  o Minor features (relays):
+    - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing
+      sockets, allowing relays using OutboundBindAddress to make more outgoing
+      connections than ephemeral ports, as long as they are to separate
+      destinations. Related to issue 40597; patch by Alex Xu (Hello71).
diff --git a/changes/issue40597 b/changes/issue40597
new file mode 100644
index 0000000000..db2220805e
--- /dev/null
+++ b/changes/issue40597
@@ -0,0 +1,4 @@
+  o Minor features (relays):
+    - Trigger OOS when bind fails with EADDRINUSE. This improves fairness when
+      a large number of exit connections are requested, and properly signals
+      exhaustion to the network. Fixes issue 40597; patch by Alex Xu (Hello71).
diff --git a/changes/issue40630 b/changes/issue40630
new file mode 100644
index 0000000000..faf04941b6
--- /dev/null
+++ b/changes/issue40630
@@ -0,0 +1,3 @@
+  o Minor features (portability, compilation):
+    - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
+      Fixes issue 40630; patch by Alex Xu (Hello71).
diff --git a/changes/log-quotes b/changes/log-quotes
new file mode 100644
index 0000000000..7c9308eb44
--- /dev/null
+++ b/changes/log-quotes
@@ -0,0 +1,3 @@
+  o Minor bugfixes (logging):
+    - Avoid ""double-quoting"" strings in several log messages.
+      Fixes bug 22723; bugfix on 0.1.2.2-alpha.
diff --git a/changes/prop275 b/changes/prop275
new file mode 100644
index 0000000000..bbbf38d959
--- /dev/null
+++ b/changes/prop275
@@ -0,0 +1,12 @@
+  o Minor features (directory authority):
+    - Add a new consensus method in which the "published" times on router
+      entries in a microdesc consensus are all set to a meaningless fixed
+      date.  Doing this will make the download size for compressed microdesc
+      consensus diffs much smaller.
+      Part of ticket 40130; implements proposal 275.
+
+  o Minor features (network documents):
+    - Clients and relays no longer track the "published on" time declared
+      for relays in any consensus documents.  When reporting this time on
+      the control port, they instead report a fixed date in the future.
+      Part of ticket 40130.
diff --git a/changes/ticket40596 b/changes/ticket40596
new file mode 100644
index 0000000000..13c8e5b34a
--- /dev/null
+++ b/changes/ticket40596
@@ -0,0 +1,4 @@
+  o Minor bugfixes (pluggable transports, windows):
+    - Remove a warning `BUG()` that could occur when attempting to execute a
+      non-existing pluggable transport on Windows. Fixes bug 40596; bugfix on
+      0.4.0.1-alpha.
diff --git a/changes/ticket40601 b/changes/ticket40601
new file mode 100644
index 0000000000..529e3badfe
--- /dev/null
+++ b/changes/ticket40601
@@ -0,0 +1,4 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash issue with
+      glibc 2.35 on Linux.  Patch from pmu-ipf. Fixes bug 40601; bugfix on
+      0.3.5.11. 
diff --git a/changes/ticket40647 b/changes/ticket40647
new file mode 100644
index 0000000000..ae20aae3f3
--- /dev/null
+++ b/changes/ticket40647
@@ -0,0 +1,4 @@
+  o Minor bugfixes (relay):
+    - Remove a "BUG" warning for an acceptable race between a circuit close
+      and considering that circuit active. Fixes bug 40647; bugfix on
+      0.3.5.1-alpha.
diff --git a/changes/ticket40691 b/changes/ticket40691
new file mode 100644
index 0000000000..f1c518fc18
--- /dev/null
+++ b/changes/ticket40691
@@ -0,0 +1,3 @@
+  o Minor features (relay):
+    - Do not warn about configuration options that may expose a non-anonymous
+      onion service. Closes ticket 40691.
diff --git a/changes/ticket40705 b/changes/ticket40705
new file mode 100644
index 0000000000..2de01c76d5
--- /dev/null
+++ b/changes/ticket40705
@@ -0,0 +1,7 @@
+  o Major features (dirauth):
+    - Directory authorities and relays now interact properly with
+      directory authorities if they change addresses. In the past, they
+      would continue to upload votes, signatures, descriptors, etc to
+      the hard-coded address in the configuration. Now, if the directory
+      authority is listed in the consensus at a different address, they
+      will direct queries to this new address. Implements ticket 40705.
diff --git a/changes/ticket40713 b/changes/ticket40713
new file mode 100644
index 0000000000..eaddfd30d7
--- /dev/null
+++ b/changes/ticket40713
@@ -0,0 +1,4 @@
+  o Minor feature (cpuworker):
+    - Always use the number of threads for our CPU worker pool to the number of
+      core available but cap it to a minimum of 2 in case of a single core.
+      Fixes bug 40713; bugfix on 0.3.5.1-alpha.
diff --git a/configure.ac b/configure.ac
index 2fd3257d94..f2e5f72e97 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.7.11-dev])
+AC_INIT([tor],[0.4.8.0-alpha-dev])
 AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"], [Flags passed to config
 # version number changes.  Tor uses it to make sure that it
 # only shuts down for missing "required protocols" when those protocols
 # are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-11-10"], # for 0.4.7.11-dev
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-04-27"], # for 0.4.8.0-alpha-dev
           [Approximate date when this software was released. (Updated when the version changes.)])
 
 # "foreign" means we don't follow GNU package layout standards
@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 AC_MSG_CHECKING([for OpenSSL < 1.0.1])
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <openssl/opensslv.h>
-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
+#if OPENSSL_VERSION_NUMBER < 0x1000100fL
 #error "too old"
 #endif
    ]], [[]])],
@@ -2357,7 +2357,6 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then
      -Wexplicit-ownership-type
      -Wextern-initializer
      -Wextra
-     -Wextra-semi
      -Wextra-tokens
      -Wflexible-array-extensions
      -Wfloat-conversion
@@ -2504,6 +2503,8 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then
   ], [ TOR_TRY_COMPILE_WITH_CFLAGS(warning_flag, [],
               [TOR_WARNING_FLAGS="$TOR_WARNING_FLAGS warning_flag" CFLAGS="$CFLAGS warning_flag"], true)
      ])
+     
+  AX_CHECK_COMPILE_FLAG([-Wextra-semi], [CFLAGS="$CFLAGS -Wextra-semi"], [], [-Werror])
 
 dnl    We should re-enable this in some later version.  Clang doesn't
 dnl    mind, but it causes trouble with GCC.
diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in
index 8e015baf5c..9b172331fd 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.4.7.11-dev"
+!define VERSION "0.4.8.0-alpha-dev"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"
diff --git a/contrib/win32build/tor.nsi.in b/contrib/win32build/tor.nsi.in
index dd24df454c..2d8c2b9adf 100644
--- a/contrib/win32build/tor.nsi.in
+++ b/contrib/win32build/tor.nsi.in
@@ -5,8 +5,8 @@
 ; NOTE: This file might be obsolete. Look at tor-mingw.nsi.in instead.
 ;-----------------------------------------
 ; How to make an installer:
-;   Step 0. If you are a Tor maintainer, make sure that tor.nsi and
-;           src/win32/orconfig.h all have the correct version number.
+;   Step 0. If you are a Tor maintainer, make sure that tor.nsi has
+;           the correct version number.
 ;   Step 1. Download and install OpenSSL.  Make sure that the OpenSSL
 ;           version listed below matches the one you downloaded.
 ;   Step 2. Download and install NSIS (http://nsis.sourceforge.net)
diff --git a/doc/HACKING/ReleasingTor.md b/doc/HACKING/ReleasingTor.md
index a32bb10dad..6422d84891 100644
--- a/doc/HACKING/ReleasingTor.md
+++ b/doc/HACKING/ReleasingTor.md
@@ -53,6 +53,12 @@ been merged upstream.
       (Version bumps apply to `maint`; anything touching the changelog should
       apply only to `main` or `release`.)
 
+      When updating the version, it will be on `maint` branches and so to
+      merge-forward, use `git merge -s ours`. For instance, if merging the
+      version change of `maint-0.4.5` into `maint-0.4.6`, do on `maint-0.4.6`
+      this command: `git merge -s ours maint-0.4.5`. And then you can proceed
+      with a git-merge-forward.
+
    2. For the ChangeLog and ReleaseNotes, you need to write a blurb at the top
       explaining a bit the release.
 
@@ -120,26 +126,32 @@ do the following:
    2. Merge upstream the artifacts from the `patches` job in the
       `Post-process` stage of the CI release pipeline.
 
+      Like step (2.1) above, the `-dev` version bump need to be done manually
+      with a `git merge -s ours`.
+
    3. Write and post the release announcement for the `forum.torproject.net`
       in the `News -> Tor Release Announcement` category.
 
       If possible, mention in which Tor Browser version (with dates) the
       release will be in. This usually only applies to the latest stable.
 
-   4. Inform `tor-talk@lists.torproject.org` with the releasing pointing to
+   4. Inform `tor-announce@lists.torproject.org` with the releasing pointing to
       the Forum. Append the ChangeLog there. We do this until we can automate
       such post from the forum directly.
 
 ### New Stable
 
-   1. Create the `maint-x.y.z` and `release-x.y.z` branches and update the
-      `./scripts/git/git-list-tor-branches.sh` with the new version.
-
-   2. Add the new version in `./scripts/ci/ci-driver.sh`.
+   1. Create the `maint-x.y.z` and `release-x.y.z` branches at the version
+      tag. Then update the `./scripts/git/git-list-tor-branches.sh` with the
+      new version.
 
-   3. Forward port the ChangeLog and ReleaseNotes into main branch. Remove any
-      change logs of stable releases in ReleaseNotes.
+   2. Update `./scripts/git/git-list-tor-branches.sh` and
+      `./scripts/ci/ci-driver.sh` with the new version in `maint-x.y.z` and
+      then merge forward into main. (If you haven't pushed remotely the new
+      branches, merge the local branch).
 
+   3. In `main`, bump version to the next series: `tor-x.y.0-alpha-dev` and
+      then tag it: `git tag -s tor-x.y.0-alpha-dev`
 
 ## Appendix: An alternative means to notify packagers
 
diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh
index 98e216e68a..a3e2f8f9bf 100755
--- a/doc/asciidoc-helper.sh
+++ b/doc/asciidoc-helper.sh
@@ -12,7 +12,7 @@ if [ $# != 3 ]; then
     exit 1
 fi
 
-SOURCE_DATE_EPOCH="$(git show --no-patch --format='%ct')"
+SOURCE_DATE_EPOCH="$(git -C "$(dirname "$0")" show --no-patch --format='%ct')"
 export SOURCE_DATE_EPOCH
 
 output=$3
diff --git a/doc/building-tor-msvc.txt b/doc/building-tor-msvc.txt
deleted file mode 100644
index dbc644d172..0000000000
--- a/doc/building-tor-msvc.txt
+++ /dev/null
@@ -1,122 +0,0 @@
-Building Tor with MSVC.

-=======================

-

-NOTE: This is not the preferred method for building Tor on windows: we use

-mingw for our packages.

-

-Last updated 9 September 2014.

-

-

-Requirements:

--------------

-

- * Visual Studio 2010

-    https://go.microsoft.com/fwlink/?LinkId=323467

- * CMake 2.8.12.2

-    https://www.cmake.org/download/

- * Perl 5.16

-    https://www.activestate.com/activeperl/downloads

- * Latest stable OpenSSL tarball

-    https://www.openssl.org/source/

- * Latest stable zlib tarball

-    https://zlib.net/

- * Latest stable libevent Libevent tarball

-    https://github.com/libevent/libevent/releases

-

-Make sure you check signatures for all these packages.

-

-Steps:

-------

-

-Building OpenSSL from source as a shared library:

-

- cd <openssl source dir>

- perl Configure VC-WIN32

- perl util\mkfiles.pl >MINFO

- perl util\mk1mf.pl no-asm dll VC-WIN32 >32dll.mak

- perl util\mkdef.pl 32 libeay > ms\libeay32.def

- perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

- nmake -f 32dll.mak

-

-Making OpenSSL final package:

-

- Create <openssl final package dir>, I'd recommend using a name like <openssl

- source dir>-vc10.

-

- Copy the following directories and files to their respective locations

-  <openssl source dir>\inc32\openssl => <openssl final package dir>\include\openssl

-  <openssl source dir>\out32dll\libeay32.lib => <openssl final package dir>\lib\libeay32.lib

-  <openssl source dir>\out32dll\ssleay32.lib => <openssl final package dir>\lib\ssleay32.lib

-  <openssl source dir>\out32dll\libeay32.dll => <openssl final package dir>\bin\libeay32.dll

-  <openssl source dir>\out32dll\openssl.exe => <openssl final package dir>\bin\openssl.exe

-  <openssl source dir>\out32dll\ssleay32.dll => <openssl final package dir>\bin\ssleay32.dll

-

-Building Zlib from source:

-

- cd <zlib source dir>

- nmake -f win32/Makefile.msc

-

-Building libevent:

-

- cd <libevent source dir>

- mkdir build && cd build

- SET OPENSSL_ROOT_DIR=<openssl final package dir>

- cmake -G "NMake Makefiles" .. -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo -DCMAKE_C_FLAGS_RELWITHDEBINFO:STRING="/MT /Zi /O2 /Ob1 /D NDEBUG" -DZLIB_LIBRARY:FILEPATH="<zlib source dir>\zdll.lib" -DZLIB_INCLUDE_DIR:PATH="<zlib source dir>"

- nmake event

-

-Building Tor:

-

- Create a dir above tor source dir named build-alpha and two subdirs include

- and lib.

-

- Your build tree should now be similar to this one:

-  * build-alpha

-    - include

-    - lib

-  * <libevent source dir>

-    - build

-    - cmake

-    - ...

-  * <openssl source dir>

-    - ...

-    - ms

-    - util

-    - ...

-  * <openssl final package dir>

-    - bin

-    - include

-    - lib

-  * <tor source dir>

-    - ...

-    - src

-    - ...

-  * <zlib source dir>

-    - ...

-    - win32

-    - ...

-

- Copy the following dirs and files to the following locations:

-  <openssl final package dir>\include\openssl => build-alpha\include\openssl

-  <libevent source dir>\include => build-alpha\include

-  <libevent source dir>\WIN32-Code\nmake\event2 => build-alpha\include\event2

-  <zlib source dir>\z*.h => build-alpha\include\z*.h

-

- Now copy the following files to the following locations and rename them

- according new names:

-

-  <libevent source dir>\build\lib\event.lib => build-alpha\lib\libevent.lib

-  <openssl final package dir>\lib\libeay32.lib => build-alpha\lib\libcrypto.lib

-  <openssl final package dir>\lib\ssleay32.lib => build-alpha\lib\libssl.lib

-  <zlib source dir>\zdll.lib => build-alpha\lib\libz.lib

-

- And we are now ready for the build process:

-

-  cd <tor source dir>

-  nmake -f Makefile.nmake

-

- After the above process is completed there should be a tor.exe in <tor

- source dir>\src\or

-

- Copy tor.exe to desired location and also copy zlib1.dll, libeay32.dll and

- ssleay32.dll from built zlib and openssl packages

-

diff --git a/doc/include.am b/doc/include.am
index d10f380e7f..7570978ddb 100644
--- a/doc/include.am
+++ b/doc/include.am
@@ -56,10 +56,10 @@ EXTRA_DIST+= doc/asciidoc-helper.sh			\
 	     doc/HACKING/HelpfulTools.md 			\
 	     doc/HACKING/HowToReview.md  			\
 	     doc/HACKING/Module.md				\
-	     doc/HACKING/ReleasingTor.md                        \
-	     doc/HACKING/WritingTests.md
-	     doc/HACKING/tracing/Tracing.md				\
-	     doc/HACKING/tracing/EventsCircuit.md
+	     doc/HACKING/ReleasingTor.md			\
+	     doc/HACKING/WritingTests.md			\
+	     doc/HACKING/tracing/EventsCircuit.md		\
+	     doc/HACKING/tracing/README.md
 
 docdir = @docdir@
 
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 3672444c5d..e81b290b55 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -335,7 +335,7 @@ forward slash (/) in the configuration file and on the command line.
     to mess with it. (Default: -1)
 
 [[ClientTransportPlugin]] **ClientTransportPlugin** __transport__ socks4|socks5 __IP__:__PORT__::
-**ClientTransportPlugin** __transport__ exec __path-to-binary__ [options]::
+[[ClientTransportPlugin-2]] **ClientTransportPlugin** __transport__ exec __path-to-binary__ [options]::
     In its first form, when set along with a corresponding Bridge line, the Tor
     client forwards its traffic to a SOCKS-speaking proxy on "IP:PORT".
     (IPv4 addresses should written as-is; IPv6 addresses should be wrapped in
@@ -860,6 +860,7 @@ forward slash (/) in the configuration file and on the command line.
     \_relayed traffic_ to the given number of bytes in each direction.
     They do not include directory fetches by the relay (from authority
     or other relays), because that is considered "client" activity. (Default: 0)
+    RelayBandwidthBurst defaults to the value of RelayBandwidthRate if unset.
 
 [[RelayBandwidthRate]] **RelayBandwidthRate** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
     If not 0, a separate token bucket limits the average incoming bandwidth
@@ -869,6 +870,7 @@ forward slash (/) in the configuration file and on the command line.
     requests, but that may change in future versions. They do not include directory
     fetches by the relay (from authority or other relays), because that is considered
     "client" activity.  (Default: 0)
+    RelayBandwidthRate defaults to the value of RelayBandwidthBurst if unset.
 
 [[RephistTrackTime]] **RephistTrackTime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
     Tells an authority, or other node tracking node reliability and history,
@@ -3532,7 +3534,7 @@ Service side:
   configured, the service will be accessible to anyone with the onion address.
 
   Revoking a client can be done by removing their ".auth" file, however the
-  revocation will be in effect only after the tor process gets restarted even if
+  revocation will be in effect only after the tor process gets restarted or if
   a SIGHUP takes place.
 
 Client side:
@@ -3588,7 +3590,6 @@ The following options are used for running a testing Tor network.
        TestingDirConnectionMaxStall 30 seconds
        TestingEnableConnBwEvent 1
        TestingEnableCellStatsEvent 1
-       RendPostPeriod 2 minutes
 
 [[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **seconds**|**minutes**|**hours**::
     After starting as an authority, do not make claims about whether routers
diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4
new file mode 100644
index 0000000000..95df39679e
--- /dev/null
+++ b/m4/ax_check_compile_flag.m4
@@ -0,0 +1,51 @@
+ #   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+ #   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+ #
+ #   This program is free software: you can redistribute it and/or modify it
+ #   under the terms of the GNU General Public License as published by the
+ #   Free Software Foundation, either version 3 of the License, or (at your
+ #   option) any later version.
+ #
+ #   This program is distributed in the hope that it will be useful, but
+ #   WITHOUT ANY WARRANTY; without even the implied warranty of
+ #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ #   Public License for more details.
+ #
+ #   You should have received a copy of the GNU General Public License along
+ #   with this program. If not, see <https://www.gnu.org/licenses/>.
+ #
+ #   As a special exception, the respective Autoconf Macro's copyright owner
+ #   gives unlimited permission to copy, distribute and modify the configure
+ #   scripts that are the output of Autoconf when processing the Macro. You
+ #   need not follow the terms of the GNU General Public License when using
+ #   or distributing such scripts, even though portions of the text of the
+ #   Macro appear in them. The GNU General Public License (GPL) does govern
+ #   all other use of the material that constitutes the Autoconf Macro.
+ #
+ #   This special exception to the GPL applies to versions of the Autoconf
+ #   Macro released by the Autoconf Archive. When you make and distribute a
+ #   modified version of the Autoconf Macro, you may extend this special
+ #   exception to the GPL to apply to your modified version as well.
+ #   Copying and distribution of this file, with or without modification, are
+ #   permitted in any medium without royalty provided the copyright notice
+ #   and this notice are preserved.  This file is offered as-is, without any
+ #   warranty.
+
+ #serial 5
+ #serial 6
+
+ AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+ [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_VAR_IF(CACHEVAR,yes,
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/scripts/ci/ci-driver.sh b/scripts/ci/ci-driver.sh
index ef31da1ca3..8871154c9c 100755
--- a/scripts/ci/ci-driver.sh
+++ b/scripts/ci/ci-driver.sh
@@ -297,10 +297,6 @@ case "$TOR_VERSION" in
         TOR_VER_AT_LEAST_043=yes
         TOR_VER_AT_LEAST_044=yes
         ;;
-    0.4.6.*)
-        TOR_VER_AT_LEAST_043=yes
-        TOR_VER_AT_LEAST_044=yes
-        ;;
     0.4.7.*)
         TOR_VER_AT_LEAST_043=yes
         TOR_VER_AT_LEAST_044=yes
diff --git a/scripts/git/git-list-tor-branches.sh b/scripts/git/git-list-tor-branches.sh
index dd3cf154b4..9a862368bd 100755
--- a/scripts/git/git-list-tor-branches.sh
+++ b/scripts/git/git-list-tor-branches.sh
@@ -146,9 +146,6 @@ finish() {
 branch maint-0.4.5
 branch release-0.4.5
 
-branch maint-0.4.6
-branch release-0.4.6
-
 branch maint-0.4.7
 branch release-0.4.7
 
diff --git a/scripts/maint/checkOptionDocs.pl.in b/scripts/maint/checkOptionDocs.pl.in
index 2d4a7884f5..d2c2a838d6 100644
--- a/scripts/maint/checkOptionDocs.pl.in
+++ b/scripts/maint/checkOptionDocs.pl.in
@@ -41,9 +41,16 @@ loadTorrc("@abs_top_srcdir@/src/config/torrc.sample.in", \%torrcSampleOptions);
 my $considerNextLine = 0;
 open(F, "@abs_top_srcdir@/doc/man/tor.1.txt") or die;
 while (<F>) {
-    if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*!) {
+    if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*! && $considerNextLine) {
         $manPageOptions{$2} = 1;
         print "Missing an anchor: $2\n" unless (defined $1 or $2 eq 'tor');
+        $considerNextLine = 1;
+    } elsif (m!^\s*$! or
+             m!^\s*\+\s*$! or
+             m!^\s*//!) {
+        $considerNextLine = 1;
+    } else {
+        $considerNextLine = 0;
     }
 }
 close F;
diff --git a/scripts/maint/geoip/geoip-db-tool/Cargo.lock b/scripts/maint/geoip/geoip-db-tool/Cargo.lock
index ba610d4fc3..7441503549 100644
--- a/scripts/maint/geoip/geoip-db-tool/Cargo.lock
+++ b/scripts/maint/geoip/geoip-db-tool/Cargo.lock
@@ -1,10 +1,12 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
+version = 3
+
 [[package]]
 name = "argh"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91792f088f87cdc7a2cfb1d617fa5ea18d7f1dc22ef0e1b5f82f3157cdc522be"
+checksum = "a7e7e4aa7e40747e023c0761dafcb42333a9517575bbf1241747f68dd3177a62"
 dependencies = [
  "argh_derive",
  "argh_shared",
@@ -12,9 +14,9 @@ dependencies = [
 
 [[package]]
 name = "argh_derive"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4eb0c0c120ad477412dc95a4ce31e38f2113e46bd13511253f79196ca68b067"
+checksum = "69f2bd7ff6ed6414f4e5521bd509bae46454bbd513801767ced3f21a751ab4bc"
 dependencies = [
  "argh_shared",
  "heck",
@@ -25,9 +27,9 @@ dependencies = [
 
 [[package]]
 name = "argh_shared"
-version = "0.1.4"
+version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "781f336cc9826dbaddb9754cb5db61e64cab4f69668bd19dcc4a0394a86f4cb1"
+checksum = "47253b98986dafc7a3e1cf3259194f1f47ac61abb57a57f46ec09e48d004ecda"
 
 [[package]]
 name = "geoip-db-tool"
@@ -40,9 +42,9 @@ dependencies = [
 
 [[package]]
 name = "heck"
-version = "0.3.2"
+version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cbf45460356b7deeb5e3415b5563308c0a9b057c85e12b06ad551f98d0a6ac"
+checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c"
 dependencies = [
  "unicode-segmentation",
 ]
@@ -58,53 +60,53 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.24"
+version = "1.0.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
+checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
 dependencies = [
- "unicode-xid",
+ "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.9"
+version = "1.0.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7"
+checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
 dependencies = [
  "proc-macro2",
 ]
 
 [[package]]
 name = "rangemap"
-version = "0.1.10"
+version = "0.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90531bef860f96441c4cb74a1e43c281cd1366143928f944546ef0b1c60392b0"
+checksum = "3929836cb64d09ee7deee59635c3d9bffbc1c0373e247efff6272abd62a11baa"
 
 [[package]]
 name = "serde"
-version = "1.0.123"
+version = "1.0.143"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92d5161132722baa40d802cc70b15262b98258453e85e5d1d365c757c73869ae"
+checksum = "53e8e5d5b70924f74ff5c6d64d9a5acd91422117c60f48c4e07855238a254553"
 
 [[package]]
 name = "syn"
-version = "1.0.60"
+version = "1.0.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c700597eca8a5a762beb35753ef6b94df201c81cca676604f547495a0d7f0081"
+checksum = "58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13"
 dependencies = [
  "proc-macro2",
  "quote",
- "unicode-xid",
+ "unicode-ident",
 ]
 
 [[package]]
-name = "unicode-segmentation"
-version = "1.7.1"
+name = "unicode-ident"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb0d2e7be6ae3a5fa87eed5fb451aff96f2573d2694942e40543ae0bbe19c796"
+checksum = "c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf"
 
 [[package]]
-name = "unicode-xid"
-version = "0.2.1"
+name = "unicode-segmentation"
+version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
+checksum = "7e8820f5d777f6224dc4be3632222971ac30164d4a258d595640799554ebfd99"
diff --git a/scripts/maint/update_versions.py b/scripts/maint/update_versions.py
index 07de1c343a..361dbe2cd3 100755
--- a/scripts/maint/update_versions.py
+++ b/scripts/maint/update_versions.py
@@ -129,8 +129,3 @@ update_file(P("contrib/win32build/tor-mingw.nsi.in"),
             re.compile(r'!define VERSION .*'),
             u'!define VERSION "{}"'.format(version),
             encoding="iso-8859-1")
-
-# In src/win32/orconfig.h, we replace the definition of VERSION.
-update_file(P("src/win32/orconfig.h"),
-            re.compile(r'#define VERSION .*'),
-            u'#define VERSION "{}"'.format(version))
diff --git a/src/app/config/config.c b/src/app/config/config.c
index e02bcf0387..7443d6bcb3 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -624,7 +624,6 @@ static const config_var_t option_vars_[] = {
   V(RejectPlaintextPorts,        CSV,      ""),
   V(RelayBandwidthBurst,         MEMUNIT,  "0"),
   V(RelayBandwidthRate,          MEMUNIT,  "0"),
-  V(RendPostPeriod,              INTERVAL, "1 hour"), /* Used internally. */
   V(RephistTrackTime,            INTERVAL, "24 hours"),
   V_IMMUTABLE(RunAsDaemon,       BOOL,     "0"),
   V(ReducedExitPolicy,           BOOL,     "0"),
@@ -2974,19 +2973,11 @@ config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
   return 0;
 }
 
-/** Lowest allowable value for RendPostPeriod; if this is too low, hidden
- * services can overload the directory system. */
-#define MIN_REND_POST_PERIOD (10*60)
-#define MIN_REND_POST_PERIOD_TESTING (5)
-
 /** Highest allowable value for CircuitsAvailableTimeout.
  * If this is too large, client connections will stay open for too long,
  * incurring extra padding overhead. */
 #define MAX_CIRCS_AVAILABLE_TIME (24*60*60)
 
-/** Highest allowable value for RendPostPeriod. */
-#define MAX_DIR_PERIOD ((7*24*60*60)/2)
-
 /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
  * will generate too many circuits and potentially overload the network. */
 #define MIN_MAX_CIRCUIT_DIRTINESS 10
@@ -3546,21 +3537,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg)
   if (options_validate_relay_padding(old_options, options, msg) < 0)
     return -1;
 
-  const int min_rendpostperiod =
-    options->TestingTorNetwork ?
-    MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD;
-  if (options->RendPostPeriod < min_rendpostperiod) {
-    log_warn(LD_CONFIG, "RendPostPeriod option is too short; "
-             "raising to %d seconds.", min_rendpostperiod);
-    options->RendPostPeriod = min_rendpostperiod;
-  }
-
-  if (options->RendPostPeriod > MAX_DIR_PERIOD) {
-    log_warn(LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
-             MAX_DIR_PERIOD);
-    options->RendPostPeriod = MAX_DIR_PERIOD;
-  }
-
   /* Check the Single Onion Service options */
   if (options_validate_single_onion(options, msg) < 0)
     return -1;
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 290a2bb9b4..0811af1388 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -396,8 +396,6 @@ struct or_options_t {
   /** List of suffixes for <b>AutomapHostsOnResolve</b>.  The special value
    * "." means "match everything." */
   struct smartlist_t *AutomapHostsSuffixes;
-  int RendPostPeriod; /**< How often do we post each rendezvous service
-                       * descriptor? Remember to publish them independently. */
   int KeepalivePeriod; /**< How often do we send padding cells to keep
                         * connections alive? */
   int SocksTimeout; /**< How long do we let a socks connection wait
diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc
index 039454a0d0..2774a4c8ea 100644
--- a/src/app/config/testnet.inc
+++ b/src/app/config/testnet.inc
@@ -30,5 +30,4 @@
 { "TestingDirConnectionMaxStall", "30 seconds" },
 { "TestingEnableConnBwEvent", "1" },
 { "TestingEnableCellStatsEvent", "1" },
-{ "RendPostPeriod", "2 minutes" },
 { "___UsingTestNetworkDefaults", "1" },
diff --git a/src/config/include.am b/src/config/include.am
index ee38934938..351f32f575 100644
--- a/src/config/include.am
+++ b/src/config/include.am
@@ -12,9 +12,3 @@ EXTRA_DIST+= \
 conf_DATA = src/config/torrc.sample
 
 tordata_DATA = src/config/geoip src/config/geoip6
-# fallback_consensus
-
-# If we don't have it, fake it.
-src_config_fallback-consensus:
-	touch src/config/fallback-consensus
-
diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in
index edc30d043c..639d7c4d68 100644
--- a/src/config/torrc.sample.in
+++ b/src/config/torrc.sample.in
@@ -10,7 +10,7 @@
 ## for more options you can use in this file.
 ##
 ## Tor will look for this file in various places based on your platform:
-## https://www.torproject.org/docs/faq#torrc
+## https://support.torproject.org/tbb/tbb-editing-torrc/
 
 ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
 ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
@@ -78,7 +78,7 @@
 
 ################ This section is just for relays #####################
 #
-## See https://www.torproject.org/docs/tor-doc-relay for details.
+## See https://community.torproject.org/relay for details.
 
 ## Required: what port to advertise for incoming Tor connections.
 #ORPort 9001
@@ -166,7 +166,7 @@
 ## key fingerprint of each Tor relay you control, even if they're on
 ## different networks. You declare it here so Tor clients can avoid
 ## using more than one of your relays in a single circuit. See
-## https://www.torproject.org/docs/faq#MultipleRelays
+## https://support.torproject.org/relay-operators/multiple-relays/
 ## However, you should never include a bridge's fingerprint here, as it would
 ## break its concealability and potentially reveal its IP/TCP address.
 ##
@@ -204,9 +204,9 @@
 ## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
 ## the default exit policy. Leave commented to just use the default, which is
 ## described in the man page or at
-## https://www.torproject.org/documentation.html
+## https://support.torproject.org/relay-operators
 ##
-## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## Look at https://support.torproject.org/abuse/exit-relay-expectations/
 ## for issues you might encounter if you use the default exit policy.
 ##
 ## If certain IPs and ports are blocked externally, e.g. by your firewall,
@@ -242,11 +242,11 @@
 #BridgeDistribution none
 
 ## Configuration options can be imported from files or folders using the %include
-## option with the value being a path. This path can have wildcards. Wildcards are 
-## expanded first, using lexical order. Then, for each matching file or folder, the following 
-## rules are followed: if the path is a file, the options from the file will be parsed as if 
-## they were written where the %include option is. If the path is a folder, all files on that 
-## folder will be parsed following lexical order. Files starting with a dot are ignored. Files 
+## option with the value being a path. This path can have wildcards. Wildcards are
+## expanded first, using lexical order. Then, for each matching file or folder, the following
+## rules are followed: if the path is a file, the options from the file will be parsed as if
+## they were written where the %include option is. If the path is a folder, all files on that
+## folder will be parsed following lexical order. Files starting with a dot are ignored. Files
 ## on subfolders are ignored.
 ## The %include option can be used recursively.
 #%include /etc/torrc.d/*.conf
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index b0b297ac57..9a91c545b2 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -2235,21 +2235,44 @@ connection_connect_sockaddr,(connection_t *conn,
              tor_socket_strerror(errno));
   }
 
-  /*
-   * We've got the socket open; give the OOS handler a chance to check
-   * against configured maximum socket number, but tell it no exhaustion
-   * failure.
-   */
-  connection_check_oos(get_n_open_sockets(), 0);
+#ifdef IP_BIND_ADDRESS_NO_PORT
+  static int try_ip_bind_address_no_port = 1;
+  if (bindaddr && try_ip_bind_address_no_port &&
+      setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int){1}, sizeof(int))) {
+    if (errno == EINVAL) {
+      log_notice(LD_NET, "Tor was built with support for "
+                         "IP_BIND_ADDRESS_NO_PORT, but the current kernel "
+                         "doesn't support it. This might cause Tor to run out "
+                         "of ephemeral ports more quickly.");
+      try_ip_bind_address_no_port = 0;
+    } else {
+      log_warn(LD_NET, "Error setting IP_BIND_ADDRESS_NO_PORT on new "
+                       "connection: %s", tor_socket_strerror(errno));
+    }
+  }
+#endif
 
   if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
     *socket_error = tor_socket_errno(s);
-    log_warn(LD_NET,"Error binding network socket: %s",
-             tor_socket_strerror(*socket_error));
+    if (ERRNO_IS_EADDRINUSE(*socket_error)) {
+      socket_failed_from_resource_exhaustion();
+      connection_check_oos(get_n_open_sockets(), 1);
+    } else {
+      log_warn(LD_NET,"Error binding network socket: %s",
+               tor_socket_strerror(*socket_error));
+      connection_check_oos(get_n_open_sockets(), 0);
+    }
     tor_close_socket(s);
     return -1;
   }
 
+  /*
+   * We've got the socket open and bound; give the OOS handler a chance to
+   * check against configured maximum socket number, but tell it no exhaustion
+   * failure.
+   */
+  connection_check_oos(get_n_open_sockets(), 0);
+
   tor_assert(options);
   if (options->ConstrainedSockets)
     set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index 39d4899075..9ad8939e4d 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -129,7 +129,7 @@ cpu_init(void)
       always make sure we have at least two threads, so that there will be at
       least one thread of each kind.
     */
-    const int n_threads = get_num_cpus(get_options()) + 1;
+    const int n_threads = MAX(get_num_cpus(get_options()), 2);
     threadpool = threadpool_new(n_threads,
                                 replyqueue,
                                 worker_state_new,
diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c
index 526f8c37af..8e1b33e56e 100644
--- a/src/core/mainloop/mainloop.c
+++ b/src/core/mainloop/mainloop.c
@@ -274,16 +274,8 @@ connection_add_impl(connection_t *conn, int is_connecting)
 void
 connection_unregister_events(connection_t *conn)
 {
-  if (conn->read_event) {
-    if (event_del(conn->read_event))
-      log_warn(LD_BUG, "Error removing read event for %d", (int)conn->s);
-    tor_free(conn->read_event);
-  }
-  if (conn->write_event) {
-    if (event_del(conn->write_event))
-      log_warn(LD_BUG, "Error removing write event for %d", (int)conn->s);
-    tor_free(conn->write_event);
-  }
+  tor_event_free(conn->read_event);
+  tor_event_free(conn->write_event);
   if (conn->type == CONN_TYPE_AP_DNS_LISTENER) {
     dnsserv_close_listener(conn);
   }
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index 511df4112b..257d33f1ab 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -11,7 +11,7 @@
  * constructing/sending create/extend cells, and so on).
  *
  * On the client side, this module handles launching circuits. Circuit
- * launches are srtarted from circuit_establish_circuit(), called from
+ * launches are started from circuit_establish_circuit(), called from
  * circuit_launch_by_extend_info()).  To choose the path the circuit will
  * take, onion_extend_cpath() calls into a maze of node selection functions.
  *
diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index f55771c79e..c759ddf281 100644
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -709,7 +709,7 @@ circuit_build_times_handle_completed_hop(origin_circuit_t *circ)
      * Switch their purpose and wait. */
     if (circ->base_.purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) {
       log_info(LD_CIRC,
-               "Deciding to timeout circuit %"PRIu32"\n",
+               "Deciding to timeout circuit %"PRIu32,
                (circ->global_identifier));
       circuit_build_times_mark_circ_as_measurement_only(circ);
     }
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5bf7d148d7..11a0edcc6a 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -558,7 +558,7 @@ conn_update_on_close(conn_client_stats_t *stats, const tor_addr_t *addr)
 {
   /* Extra super duper safety. Going below 0 means an underflow which could
    * lead to most likely a false positive. In theory, this should never happen
-   * but lets be extra safe. */
+   * but let's be extra safe. */
   if (BUG(stats->concurrent_count == 0)) {
     return;
   }
@@ -673,7 +673,7 @@ dos_cc_new_create_cell(channel_t *chan)
   /* This is the detection. Assess at every CREATE cell if the client should
    * get marked as malicious. This should be kept as fast as possible. */
   if (cc_has_exhausted_circuits(&entry->dos_stats)) {
-    /* If this is the first time we mark this entry, log it a info level.
+    /* If this is the first time we mark this entry, log it.
      * Under heavy DDoS, logging each time we mark would results in lots and
      * lots of logs. */
     if (entry->dos_stats.cc_stats.marked_until_ts == 0) {
diff --git a/src/core/or/or.h b/src/core/or/or.h
index dc8f516f0a..c6d9864b53 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -436,10 +436,6 @@ typedef enum {
 #define LEGAL_NICKNAME_CHARACTERS \
   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
 
-/** Name to use in client TLS certificates if no nickname is given. Once
- * Tor 0.1.2.x is obsolete, we can remove this. */
-#define DEFAULT_CLIENT_NICKNAME "client"
-
 /** Name chosen by routers that don't configure nicknames */
 #define UNNAMED_ROUTER_NICKNAME "Unnamed"
 
diff --git a/src/core/or/or_connection_st.h b/src/core/or/or_connection_st.h
index aceed4d2c4..97dfe7a637 100644
--- a/src/core/or/or_connection_st.h
+++ b/src/core/or/or_connection_st.h
@@ -28,7 +28,7 @@ struct or_connection_t {
 
   /** This is the ClientHash value we expect to receive from the
    *  client during the Extended ORPort authentication protocol. We
-   *  compute it upon receiving the ClientNoce from the client, and we
+   *  compute it upon receiving the ClientNonce from the client, and we
    *  compare it with the actual ClientHash value sent by the
    *  client. */
   char *ext_or_auth_correct_client_hash;
diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index 39a7b783ab..69b85b5d80 100644
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -3039,10 +3039,23 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max))
       streams_blocked = circ->streams_blocked_on_p_chan;
     }
 
-    /* Circuitmux told us this was active, so it should have cells */
-    if (/*BUG(*/ queue->n == 0 /*)*/) {
-      log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
-               "to send. Trying to recover.");
+    /* Circuitmux told us this was active, so it should have cells.
+     *
+     * Note: In terms of logic and coherence, this should never happen but the
+     * cmux dragon is powerful. Reason is that when the OOM is triggered, when
+     * cleaning up circuits, we mark them for close and then clear their cell
+     * queues. And so, we can have a circuit considered active by the cmux
+     * dragon but without cells. The cmux subsystem is only notified of this
+     * when the circuit is freed which leaves a tiny window between close and
+     * free to end up here.
+     *
+     * We are accepting this as an "ok" race else the changes are likely non
+     * trivial to make the mark for close to set the num cells to 0 and change
+     * the free functions to detach the circuit conditionnaly without creating
+     * a chain effect of madness.
+     *
+     * The lesson here is arti will prevail and leave the cmux dragon alone. */
+    if (queue->n == 0) {
       circuitmux_set_num_cells(cmux, circ, 0);
       if (! circ->marked_for_close)
         circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
@@ -3170,7 +3183,7 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max))
 #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
   (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
 
-/* The maximum number of cell a circuit queue can contain. This is updated at
+/* The maximum number of cells a circuit queue can contain. This is updated at
  * every new consensus and controlled by a parameter. */
 static int32_t max_circuit_cell_queue_size =
   RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
diff --git a/src/ext/Makefile.nmake b/src/ext/Makefile.nmake
deleted file mode 100644
index d02d03bf41..0000000000
--- a/src/ext/Makefile.nmake
+++ /dev/null
@@ -1,12 +0,0 @@
-all: csiphash.lib
-
-CFLAGS = /O2 /MT /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common \
-    /I ..\ext
-
-CSIPHASH_OBJECTS = csiphash.obj
-
-csiphash.lib: $(CSIPHASH_OBJECTS)
-	lib $(CSIPHASH_OBJECTS) $(CURVE25519_DONNA_OBJECTS) /out:csiphash.lib
-
-clean:
-	del *.obj *.lib
diff --git a/src/feature/control/getinfo_geoip.c b/src/feature/control/getinfo_geoip.c
index be89c2c641..e2d277f256 100644
--- a/src/feature/control/getinfo_geoip.c
+++ b/src/feature/control/getinfo_geoip.c
@@ -44,10 +44,7 @@ getinfo_helper_geoip(control_connection_t *control_conn,
       *errmsg = "GeoIP data not loaded";
       return -1;
     }
-    if (family == AF_INET)
-      c = geoip_get_country_by_ipv4(tor_addr_to_ipv4h(&addr));
-    else                      /* AF_INET6 */
-      c = geoip_get_country_by_ipv6(tor_addr_to_in6(&addr));
+    c = geoip_get_country_by_addr(&addr);
     *answer = tor_strdup(geoip_get_country_name(c));
   }
   return 0;
diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c
index 1bb4fd7de1..b9f022bebd 100644
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@@ -390,7 +390,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
     rsf = routerstatus_format_entry(&vrs->status,
                                     vrs->version, vrs->protocols,
                                     NS_V3_VOTE,
-                                    vrs);
+                                    vrs,
+                                    -1);
     if (rsf)
       smartlist_add(chunks, rsf);
 
@@ -618,8 +619,8 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
    * the descriptor digests matched, so somebody is making SHA1 collisions.
    */
 #define CMP_FIELD(utype, itype, field) do {                             \
-    utype aval = (utype) (itype) a->status.field;                       \
-    utype bval = (utype) (itype) b->status.field;                       \
+    utype aval = (utype) (itype) a->field;                              \
+    utype bval = (utype) (itype) b->field;                              \
     utype u = bval - aval;                                              \
     itype r2 = (itype) u;                                               \
     if (r2 < 0) {                                                       \
@@ -638,8 +639,8 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
                             CMP_EXACT))) {
     return r;
   }
-  CMP_FIELD(unsigned, int, ipv4_orport);
-  CMP_FIELD(unsigned, int, ipv4_dirport);
+  CMP_FIELD(unsigned, int, status.ipv4_orport);
+  CMP_FIELD(unsigned, int, status.ipv4_dirport);
 
   return 0;
 }
@@ -692,10 +693,10 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
     } else {
       if (cur && (cur_n > most_n ||
                   (cur_n == most_n &&
-                   cur->status.published_on > most_published))) {
+                   cur->published_on > most_published))) {
         most = cur;
         most_n = cur_n;
-        most_published = cur->status.published_on;
+        most_published = cur->published_on;
       }
       cur_n = 1;
       cur = rs;
@@ -703,7 +704,7 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
   } SMARTLIST_FOREACH_END(rs);
 
   if (cur_n > most_n ||
-      (cur && cur_n == most_n && cur->status.published_on > most_published)) {
+      (cur && cur_n == most_n && cur->published_on > most_published)) {
     most = cur;
     // most_n = cur_n; // unused after this point.
     // most_published = cur->status.published_on; // unused after this point.
@@ -2047,7 +2048,6 @@ networkstatus_compute_consensus(smartlist_t *votes,
       memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
              DIGEST_LEN);
       tor_addr_copy(&rs_out.ipv4_addr, &rs->status.ipv4_addr);
-      rs_out.published_on = rs->status.published_on;
       rs_out.ipv4_dirport = rs->status.ipv4_dirport;
       rs_out.ipv4_orport = rs->status.ipv4_orport;
       tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr);
@@ -2055,6 +2055,21 @@ networkstatus_compute_consensus(smartlist_t *votes,
       rs_out.has_bandwidth = 0;
       rs_out.has_exitsummary = 0;
 
+      time_t published_on = rs->published_on;
+
+      /* Starting with this consensus method, we no longer include a
+         meaningful published_on time for microdescriptor consensuses.  This
+         makes their diffs smaller and more compressible.
+
+         We need to keep including a meaningful published_on time for NS
+         consensuses, however, until 035 relays are all obsolete. (They use
+         it for a purpose similar to the current StaleDesc flag.)
+      */
+      if (consensus_method >= MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED &&
+          flavor == FLAV_MICRODESC) {
+        published_on = -1;
+      }
+
       if (chosen_name && !naming_conflict) {
         strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname));
       } else {
@@ -2276,7 +2291,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
         /* Okay!! Now we can write the descriptor... */
         /*     First line goes into "buf". */
         buf = routerstatus_format_entry(&rs_out, NULL, NULL,
-                                        rs_format, NULL);
+                                        rs_format, NULL, published_on);
         if (buf)
           smartlist_add(chunks, buf);
       }
@@ -4744,6 +4759,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
       dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now,
                                                list_bad_exits,
                                                list_middle_only);
+      vrs->published_on = ri->cache_info.published_on;
 
       if (ri->cache_info.signing_key_cert) {
         memcpy(vrs->ed25519_id,
diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h
index 64aaec116e..ae8d43a6f0 100644
--- a/src/feature/dirauth/dirvote.h
+++ b/src/feature/dirauth/dirvote.h
@@ -53,7 +53,7 @@
 #define MIN_SUPPORTED_CONSENSUS_METHOD 28
 
 /** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 32
+#define MAX_SUPPORTED_CONSENSUS_METHOD 33
 
 /**
  * Lowest consensus method where microdescriptor lines are put in canonical
@@ -74,6 +74,12 @@
  */
 #define MIN_METHOD_FOR_MIDDLEONLY 32
 
+/**
+ * Lowest consensus method for which we suppress the published time in
+ * microdescriptor consensuses.
+ */
+#define MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED 33
+
 /** Default bandwidth to clip unmeasured bandwidths to using method >=
  * MIN_METHOD_TO_CLIP_UNMEASURED_BW.  (This is not a consensus method; do not
  * get confused with the above macros.) */
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
index 7d61247e23..6a9cc5e95f 100644
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -110,7 +110,7 @@ add_rsa_fingerprint_to_dir(const char *fp, authdir_config_t *list,
   tor_strstrip(fingerprint, " ");
   if (base16_decode(d, DIGEST_LEN,
                     fingerprint, strlen(fingerprint)) != DIGEST_LEN) {
-    log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
+    log_warn(LD_DIRSERV, "Couldn't decode fingerprint %s",
              escaped(fp));
     tor_free(fingerprint);
     return -1;
diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c
index 4e9c8e2f45..84eefdd90b 100644
--- a/src/feature/dirclient/dirclient.c
+++ b/src/feature/dirclient/dirclient.c
@@ -242,14 +242,21 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
    * harmless, and we may as well err on the side of getting things uploaded.
    */
   SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
-      routerstatus_t *rs = &(ds->fake_status);
+      const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest);
+      if (!rs) {
+        /* prefer to use the address in the consensus, but fall back to
+         * the hard-coded trusted_dir_server address if we don't have a
+         * consensus or this digest isn't in our consensus. */
+        rs = &ds->fake_status;
+      }
+
       size_t upload_len = payload_len;
 
       if ((type & ds->type) == 0)
         continue;
 
       if (exclude_self && router_digest_is_me(ds->digest)) {
-        /* we don't upload to ourselves, but at least there's now at least
+        /* we don't upload to ourselves, but there's now at least
          * one authority of this type that has what we wanted to upload. */
         found = 1;
         continue;
@@ -276,10 +283,8 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
       }
       if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
         indirection = DIRIND_ANONYMOUS;
-      } else if (!reachable_addr_allows_dir_server(ds,
-                                                     FIREWALL_DIR_CONNECTION,
-                                                     0)) {
-        if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
+      } else if (!reachable_addr_allows_rs(rs, FIREWALL_DIR_CONNECTION, 0)) {
+        if (reachable_addr_allows_rs(rs, FIREWALL_OR_CONNECTION, 0))
           indirection = DIRIND_ONEHOP;
         else
           indirection = DIRIND_ANONYMOUS;
@@ -590,7 +595,13 @@ directory_get_from_all_authorities(uint8_t dir_purpose,
         continue;
       if (!(ds->type & V3_DIRINFO))
         continue;
-      const routerstatus_t *rs = &ds->fake_status;
+      const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest);
+      if (!rs) {
+        /* prefer to use the address in the consensus, but fall back to
+         * the hard-coded trusted_dir_server address if we don't have a
+         * consensus or this digest isn't in our consensus. */
+        rs = &ds->fake_status;
+      }
       directory_request_t *req = directory_request_new(dir_purpose);
       directory_request_set_routerstatus(req, rs);
       directory_request_set_router_purpose(req, router_purpose);
diff --git a/src/feature/dirparse/ns_parse.c b/src/feature/dirparse/ns_parse.c
index cd3e2731be..3e1f9a3bd3 100644
--- a/src/feature/dirparse/ns_parse.c
+++ b/src/feature/dirparse/ns_parse.c
@@ -371,14 +371,17 @@ routerstatus_parse_entry_from_string(memarea_t *area,
     }
   }
 
+  time_t published_on;
   if (tor_snprintf(timebuf, sizeof(timebuf), "%s %s",
                    tok->args[3+offset], tok->args[4+offset]) < 0 ||
-      parse_iso_time(timebuf, &rs->published_on)<0) {
+      parse_iso_time(timebuf, &published_on)<0) {
     log_warn(LD_DIR, "Error parsing time '%s %s' [%d %d]",
              tok->args[3+offset], tok->args[4+offset],
              offset, (int)flav);
     goto err;
   }
+  if (vote_rs)
+    vote_rs->published_on = published_on;
 
   if (tor_inet_aton(tok->args[5+offset], &in) == 0) {
     log_warn(LD_DIR, "Error parsing router address in network-status %s",
diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c
index cf8e377313..dcca1d7086 100644
--- a/src/feature/hs/hs_cache.c
+++ b/src/feature/hs/hs_cache.c
@@ -1081,7 +1081,7 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
    *
    *   1) Deallocate all entries from v3 cache that are older than K hours
    *      2.1) If the amount of remove bytes has been reached, stop.
-   *   2) Set K = K - RendPostPeriod and repeat process until K is < 0.
+   *   2) Set K = K - 1 hour and repeat process until K is < 0.
    *
    * This ends up being O(Kn).
    */
@@ -1104,8 +1104,9 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
     if (bytes_removed < min_remove_bytes) {
       /* We haven't remove enough bytes so clean v3 cache. */
       bytes_removed += cache_clean_v3_as_dir(now, cutoff);
-      /* Decrement K by a post period to shorten the cutoff. */
-      k -= get_options()->RendPostPeriod;
+      /* Decrement K by a post period to shorten the cutoff, Two minutes
+       * if we are a testing network, or one hour otherwise. */
+      k -= get_options()->TestingTorNetwork ? 120 : 3600;
     }
   } while (bytes_removed < min_remove_bytes);
 
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index a50598d9f3..7cee3480d5 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -644,8 +644,8 @@ send_introduce1(origin_circuit_t *intro_circ,
     goto tran_err;
   }
 
-  /* Check if the rendevous circuit was setup WITHOUT congestion control but if
-   * it is enabled and the service supports it. This can happen, see
+  /* Check if the rendezvous circuit was setup WITHOUT congestion control,
+   * but if it is enabled and the service supports it. This can happen, see
    * setup_rendezvous_circ_congestion_control() and so close rendezvous circuit
    * so another one can be created. */
   if (TO_CIRCUIT(rend_circ)->ccontrol == NULL && congestion_control_enabled()
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 1caa5ab64a..4e971233af 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -2419,7 +2419,7 @@ should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
     goto end;
   }
 
-  /* Pass this point, even though we might be over the retry limit, we check
+  /* Past this point, even though we might be over the retry limit, we check
    * if a circuit (established or pending) exists. In that case, we should not
    * remove it because it might simply be valid and opened at the previous
    * scheduled event for the last retry. */
diff --git a/src/feature/nodelist/fmt_routerstatus.c b/src/feature/nodelist/fmt_routerstatus.c
index 8c02a302af..4be2ec2a18 100644
--- a/src/feature/nodelist/fmt_routerstatus.c
+++ b/src/feature/nodelist/fmt_routerstatus.c
@@ -26,6 +26,9 @@
 /** Helper: write the router-status information in <b>rs</b> into a newly
  * allocated character buffer.  Use the same format as in network-status
  * documents.  If <b>version</b> is non-NULL, add a "v" line for the platform.
+ * If <b>declared_publish_time</b> is nonnegative, we declare it as the
+ * publication time.  Otherwise we look for a publication time in <b>vrs</b>,
+ * and fall back to a default (not useful) publication time.
  *
  * Return 0 on success, -1 on failure.
  *
@@ -38,12 +41,14 @@
  *   NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present,
  *        it contains additional information for the vote.
  *   NS_CONTROL_PORT - Output a NS document for the control port.
+ *
  */
 char *
 routerstatus_format_entry(const routerstatus_t *rs, const char *version,
                           const char *protocols,
                           routerstatus_format_type_t format,
-                          const vote_routerstatus_t *vrs)
+                          const vote_routerstatus_t *vrs,
+                          time_t declared_publish_time)
 {
   char *summary;
   char *result = NULL;
@@ -53,11 +58,18 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
   char digest64[BASE64_DIGEST_LEN+1];
   smartlist_t *chunks = smartlist_new();
 
+  if (declared_publish_time >= 0) {
+    format_iso_time(published, declared_publish_time);
+  } else if (vrs) {
+    format_iso_time(published, vrs->published_on);
+  } else {
+    strlcpy(published, "2038-01-01 00:00:00", sizeof(published));
+  }
+
   const char *ip_str = fmt_addr(&rs->ipv4_addr);
   if (ip_str[0] == '\0')
     goto err;
 
-  format_iso_time(published, rs->published_on);
   digest_to_base64(identity64, rs->identity_digest);
   digest_to_base64(digest64, rs->descriptor_digest);
 
diff --git a/src/feature/nodelist/fmt_routerstatus.h b/src/feature/nodelist/fmt_routerstatus.h
index 7482f373e1..740ea51dd9 100644
--- a/src/feature/nodelist/fmt_routerstatus.h
+++ b/src/feature/nodelist/fmt_routerstatus.h
@@ -35,6 +35,7 @@ char *routerstatus_format_entry(
                               const char *version,
                               const char *protocols,
                               routerstatus_format_type_t format,
-                              const vote_routerstatus_t *vrs);
+                              const vote_routerstatus_t *vrs,
+                              time_t declared_publish_time);
 
 #endif /* !defined(TOR_FMT_ROUTERSTATUS_H) */
diff --git a/src/feature/nodelist/microdesc.c b/src/feature/nodelist/microdesc.c
index a95d535dc0..9e5f0bb9a4 100644
--- a/src/feature/nodelist/microdesc.c
+++ b/src/feature/nodelist/microdesc.c
@@ -626,7 +626,7 @@ microdesc_cache_clean(microdesc_cache_t *cache, time_t cutoff, int force)
                           (*mdp)->digest, DIGEST256_LEN)) {
               rs_match = "Microdesc digest in RS matches";
             } else {
-              rs_match = "Microdesc digest in RS does match";
+              rs_match = "Microdesc digest in RS does not match";
             }
             if (ns) {
               /* This should be impossible, but let's see! */
diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c
index af3bde83a5..b994cfabc4 100644
--- a/src/feature/nodelist/networkstatus.c
+++ b/src/feature/nodelist/networkstatus.c
@@ -1616,7 +1616,6 @@ routerstatus_has_visibly_changed(const routerstatus_t *a,
          a->is_hs_dir != b->is_hs_dir ||
          a->is_staledesc != b->is_staledesc ||
          a->has_bandwidth != b->has_bandwidth ||
-         a->published_on != b->published_on ||
          a->ipv6_orport != b->ipv6_orport ||
          a->is_v2_dir != b->is_v2_dir ||
          a->bandwidth_kb != b->bandwidth_kb ||
@@ -2372,7 +2371,7 @@ char *
 networkstatus_getinfo_helper_single(const routerstatus_t *rs)
 {
   return routerstatus_format_entry(rs, NULL, NULL, NS_CONTROL_PORT,
-                                   NULL);
+                                   NULL, -1);
 }
 
 /**
@@ -2404,7 +2403,6 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   rs->is_hs_dir = node->is_hs_dir;
   rs->is_named = rs->is_unnamed = 0;
 
-  rs->published_on = ri->cache_info.published_on;
   memcpy(rs->identity_digest, node->identity, DIGEST_LEN);
   memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest,
          DIGEST_LEN);
@@ -2622,15 +2620,12 @@ networkstatus_parse_flavor_name(const char *flavname)
 int
 client_would_use_router(const routerstatus_t *rs, time_t now)
 {
+  (void) now;
   if (!rs->is_flagged_running) {
     /* If we had this router descriptor, we wouldn't even bother using it.
      * (Fetching and storing depends on by we_want_to_fetch_flavor().) */
     return 0;
   }
-  if (rs->published_on + OLD_ROUTER_DESC_MAX_AGE < now) {
-    /* We'd drop it immediately for being too old. */
-    return 0;
-  }
   if (!routerstatus_version_supports_extend2_cells(rs, 1)) {
     /* We'd ignore it because it doesn't support EXTEND2 cells.
      * If we don't know the version, download the descriptor so we can
diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c
index c00f7ffb26..9f0f845126 100644
--- a/src/feature/nodelist/routerlist.c
+++ b/src/feature/nodelist/routerlist.c
@@ -1924,11 +1924,9 @@ routerlist_remove_old_routers(void)
     retain = digestset_new(n_max_retain);
   }
 
-  cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
   /* Retain anything listed in the consensus. */
   if (consensus) {
     SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs,
-        if (rs->published_on >= cutoff)
           digestset_add(retain, rs->descriptor_digest));
   }
 
@@ -2653,7 +2651,7 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
   digestmap_t *map = NULL;
   smartlist_t *no_longer_old = smartlist_new();
   smartlist_t *downloadable = smartlist_new();
-  routerstatus_t *source = NULL;
+  const routerstatus_t *source = NULL;
   int authdir = authdir_mode(options);
   int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0,
     n_inprogress=0, n_in_oldrouters=0;
@@ -2669,10 +2667,17 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
     networkstatus_voter_info_t *voter = smartlist_get(consensus->voters, 0);
     tor_assert(voter);
     ds = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
-    if (ds)
-      source = &(ds->fake_status);
-    else
+    if (ds) {
+      source = router_get_consensus_status_by_id(ds->digest);
+      if (!source) {
+        /* prefer to use the address in the consensus, but fall back to
+         * the hard-coded trusted_dir_server address if we don't have a
+         * consensus or this digest isn't in our consensus. */
+        source = &ds->fake_status;
+      }
+    } else {
       log_warn(LD_DIR, "couldn't lookup source from vote?");
+    }
   }
 
   map = digestmap_new();
@@ -2721,17 +2726,20 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
         continue; /* We would never use it ourself. */
       }
       if (is_vote && source) {
-        char time_bufnew[ISO_TIME_LEN+1];
-        char time_bufold[ISO_TIME_LEN+1];
+        char old_digest_buf[HEX_DIGEST_LEN+1];
+        const char *old_digest = "none";
         const routerinfo_t *oldrouter;
         oldrouter = router_get_by_id_digest(rs->identity_digest);
-        format_iso_time(time_bufnew, rs->published_on);
-        if (oldrouter)
-          format_iso_time(time_bufold, oldrouter->cache_info.published_on);
+        if (oldrouter) {
+          base16_encode(old_digest_buf, sizeof(old_digest_buf),
+                        oldrouter->cache_info.signed_descriptor_digest,
+                        DIGEST_LEN);
+          old_digest = old_digest_buf;
+        }
         log_info(LD_DIR, "Learned about %s (%s vs %s) from %s's vote (%s)",
                  routerstatus_describe(rs),
-                 time_bufnew,
-                 oldrouter ? time_bufold : "none",
+                 hex_str(rs->descriptor_digest, DIGEST_LEN),
+                 old_digest,
                  source->nickname, oldrouter ? "known" : "unknown");
       }
       smartlist_add(downloadable, rs->descriptor_digest);
diff --git a/src/feature/nodelist/routerstatus_st.h b/src/feature/nodelist/routerstatus_st.h
index 55b76de581..a36c80917c 100644
--- a/src/feature/nodelist/routerstatus_st.h
+++ b/src/feature/nodelist/routerstatus_st.h
@@ -21,7 +21,6 @@ struct routerstatus_t {
  * routerstatus_has_visibly_changed and the printing function
  * routerstatus_format_entry in NS_CONTROL_PORT mode.
  */
-  time_t published_on; /**< When was this router published? */
   char nickname[MAX_NICKNAME_LEN+1]; /**< The nickname this router says it
                                       * has. */
   char identity_digest[DIGEST_LEN]; /**< Digest of the router's identity
diff --git a/src/feature/nodelist/vote_routerstatus_st.h b/src/feature/nodelist/vote_routerstatus_st.h
index 6b2f7b92a9..41d465db8f 100644
--- a/src/feature/nodelist/vote_routerstatus_st.h
+++ b/src/feature/nodelist/vote_routerstatus_st.h
@@ -18,6 +18,7 @@
 struct vote_routerstatus_t {
   routerstatus_t status; /**< Underlying 'status' object for this router.
                           * Flags are redundant. */
+  time_t published_on; /**< When was this router published? */
   /** How many known-flags are allowed in a vote? This is the width of
    * the flags field of vote_routerstatus_t */
 #define MAX_KNOWN_FLAGS_IN_VOTE 64
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c
index a38bf5cf5a..9d50fa7c31 100644
--- a/src/feature/relay/dns.c
+++ b/src/feature/relay/dns.c
@@ -768,11 +768,11 @@ dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve,
 
     if (!is_reverse || !is_resolve) {
       if (!is_reverse)
-        log_info(LD_EXIT, "Bad .in-addr.arpa address \"%s\"; sending error.",
+        log_info(LD_EXIT, "Bad .in-addr.arpa address %s; sending error.",
                  escaped_safe_str(exitconn->base_.address));
       else if (!is_resolve)
         log_info(LD_EXIT,
-                 "Attempt to connect to a .in-addr.arpa address \"%s\"; "
+                 "Attempt to connect to a .in-addr.arpa address %s; "
                  "sending error.",
                  escaped_safe_str(exitconn->base_.address));
 
diff --git a/src/feature/relay/relay_config.c b/src/feature/relay/relay_config.c
index 85ccfc18a7..aa9d48beac 100644
--- a/src/feature/relay/relay_config.c
+++ b/src/feature/relay/relay_config.c
@@ -33,6 +33,7 @@
 #include "core/or/port_cfg_st.h"
 
 #include "feature/hibernate/hibernate.h"
+#include "feature/hs/hs_service.h"
 #include "feature/nodelist/nickname.h"
 #include "feature/stats/geoip_stats.h"
 #include "feature/stats/predict_ports.h"
@@ -942,7 +943,8 @@ options_validate_relay_accounting(const or_options_t *old_options,
   if (accounting_parse_options(options, 1)<0)
     REJECT("Failed to parse accounting options. See logs for details.");
 
-  if (options->AccountingMax) {
+  if (options->AccountingMax &&
+      !hs_service_non_anonymous_mode_enabled(options)) {
     if (options->RendConfigLines && server_mode(options)) {
       log_warn(LD_CONFIG, "Using accounting with a hidden service and an "
                "ORPort is risky: your hidden service(s) and your public "
@@ -1118,7 +1120,8 @@ options_validate_relay_mode(const or_options_t *old_options,
   if (BUG(!msg))
     return -1;
 
-  if (server_mode(options) && options->RendConfigLines)
+  if (server_mode(options) && options->RendConfigLines &&
+      !hs_service_non_anonymous_mode_enabled(options))
     log_warn(LD_CONFIG,
         "Tor is currently configured as a relay and a hidden service. "
         "That's not very secure: you should probably run your hidden service "
diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c
index f4f9d40823..5a32283a7b 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -212,17 +212,19 @@ relay_addr_learn_from_dirauth(void)
       return;
     }
     const node_t *node = node_get_by_id(rs->identity_digest);
-    if (!node) {
+    extend_info_t *ei = NULL;
+    if (node) {
+      ei = extend_info_from_node(node, 1, false);
+    }
+    if (!node || !ei) {
       /* This can happen if we are still in the early starting stage where no
        * descriptors we actually fetched and thus we have the routerstatus_t
        * for the authority but not its descriptor which is needed to build a
        * circuit and thus learn our address. */
-      log_info(LD_GENERAL, "Can't build a circuit to an authority. Unable to "
-                           "learn for now our address from them.");
-      return;
-    }
-    extend_info_t *ei = extend_info_from_node(node, 1, false);
-    if (BUG(!ei)) {
+      log_info(LD_GENERAL,
+               "Trying to learn our IP address by connecting to an "
+               "authority, but can't build a circuit to one yet. Will try "
+               "again soon.");
       return;
     }
 
diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index bc98fd985c..dddc0b1de5 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -2554,8 +2554,6 @@ mark_my_descriptor_dirty_if_too_old(time_t now)
     rs = networkstatus_vote_find_entry(ns, server_identitykey_digest);
     if (rs == NULL)
       retry_fast_reason = "not listed in consensus";
-    else if (rs->published_on < slow_cutoff)
-      retry_fast_reason = "version listed in consensus is quite old";
     else if (rs->is_staledesc && ns->valid_after > desc_clean_since)
       retry_fast_reason = "listed as stale in consensus";
   }
diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c
index d1ccc5edf5..8f4f33151a 100644
--- a/src/feature/stats/rephist.c
+++ b/src/feature/stats/rephist.c
@@ -2292,7 +2292,7 @@ static overload_onionskin_assessment_t overload_onionskin_assessment;
 
 /**
  * We combine ntorv3 and ntor into the same stat, so we must
- * use this function to covert the cell type to a stat index.
+ * use this function to convert the cell type to a stat index.
  */
 static inline uint16_t
 onionskin_type_to_stat(uint16_t type)
@@ -2315,7 +2315,7 @@ onionskin_type_to_stat(uint16_t type)
  * the stats are reset back to 0 and the assessment time period updated.
  *
  * This is called when a ntor handshake is _requested_ because we want to avoid
- * to have an assymetric situation where requested counter is reset to 0 but
+ * to have an asymmetric situation where requested counter is reset to 0 but
  * then a drop happens leading to the drop counter being incremented while the
  * requested counter is 0. */
 static void
diff --git a/src/include.am b/src/include.am
index 36d323e6eb..29a392a132 100644
--- a/src/include.am
+++ b/src/include.am
@@ -87,6 +87,5 @@ include src/app/include.am
 
 include src/test/include.am
 include src/tools/include.am
-include src/win32/include.am
 include src/config/include.am
 include src/test/fuzz/include.am
diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
index 0f56f338b5..c5eccdb015 100644
--- a/src/lib/crypt_ops/compat_openssl.h
+++ b/src/lib/crypt_ops/compat_openssl.h
@@ -20,32 +20,36 @@
  * \brief compatibility definitions for working with different openssl forks
  **/
 
-#if !defined(LIBRESSL_VERSION_NUMBER) && \
-  OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
 #error "We require OpenSSL >= 1.0.1"
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
-   ! defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
 /* We define this macro if we're trying to build with the majorly refactored
  * API in OpenSSL 1.1 */
 #define OPENSSL_1_1_API
 #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
 
-#ifndef OPENSSL_1_1_API
-#define OpenSSL_version(v) SSLeay_version(v)
-#define tor_OpenSSL_version_num() SSLeay()
+/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */
+#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
 #define RAND_OpenSSL() RAND_SSLeay()
 #define STATE_IS_SW_SERVER_HELLO(st)       \
   (((st) == SSL3_ST_SW_SRVR_HELLO_A) ||    \
    ((st) == SSL3_ST_SW_SRVR_HELLO_B))
 #define OSSL_HANDSHAKE_STATE int
 #define CONST_IF_OPENSSL_1_1_API
-#else /* defined(OPENSSL_1_1_API) */
-#define tor_OpenSSL_version_num() OpenSSL_version_num()
+#else
 #define STATE_IS_SW_SERVER_HELLO(st) \
   ((st) == TLS_ST_SW_SRVR_HELLO)
 #define CONST_IF_OPENSSL_1_1_API const
+#endif
+
+/* OpenSSL 1.1 and LibreSSL both have these APIs */
+#ifndef OPENSSL_1_1_API
+#define OpenSSL_version(v) SSLeay_version(v)
+#define tor_OpenSSL_version_num() SSLeay()
+#else /* defined(OPENSSL_1_1_API) */
+#define tor_OpenSSL_version_num() OpenSSL_version_num()
 #endif /* !defined(OPENSSL_1_1_API) */
 
 #endif /* defined(ENABLE_OPENSSL) */
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
index c6f63ffa08..96a37721dd 100644
--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
@@ -54,8 +54,7 @@
 #define DISABLE_ENGINES
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
-  !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
 /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
  * setting up various callbacks.
  *
diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
index a21c4a65cf..544d72e6ca 100644
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -572,7 +572,9 @@ static bool
 rsa_private_key_too_long(RSA *rsa, int max_bits)
 {
   const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
-#ifdef OPENSSL_1_1_API
+#if defined(OPENSSL_1_1_API) && \
+    (!defined(LIBRESSL_VERSION_NUMBER) || \
+     LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0))
 
 #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
   n = RSA_get0_n(rsa);
@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
 
   if (RSA_bits(rsa) > max_bits)
     return true;
-#else /* !defined(OPENSSL_1_1_API) */
+#else /* !defined(OPENSSL_1_1_API) && ... */
   n = rsa->n;
   e = rsa->e;
   p = rsa->p;
@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
   dmp1 = rsa->dmp1;
   dmq1 = rsa->dmq1;
   iqmp = rsa->iqmp;
-#endif /* defined(OPENSSL_1_1_API) */
+#endif /* defined(OPENSSL_1_1_API) && ... */
 
   if (n && BN_num_bits(n) > max_bits)
     return true;
diff --git a/src/lib/dispatch/dispatch_cfg_st.h b/src/lib/dispatch/dispatch_cfg_st.h
index 636f2e6df5..503d13e010 100644
--- a/src/lib/dispatch/dispatch_cfg_st.h
+++ b/src/lib/dispatch/dispatch_cfg_st.h
@@ -24,9 +24,9 @@ struct dispatch_cfg_t {
   struct smartlist_t *type_by_msg;
   /** A list of channel_id_t (cast to void*), indexed by msg_t. */
   struct smartlist_t *chan_by_msg;
-  /** A list of dispatch_rcv_t, indexed by msg_type_id_t. */
+  /** A list of dispatch_typefns_t, indexed by msg_type_id_t. */
   struct smartlist_t *fns_by_type;
-  /** A list of dispatch_typefns_t, indexed by msg_t. */
+  /** A list of dispatch_rcv_t, indexed by msg_t. */
   struct smartlist_t *recv_by_msg;
 };
 
diff --git a/src/lib/geoip/geoip.c b/src/lib/geoip/geoip.c
index 686040613d..f13354dbe1 100644
--- a/src/lib/geoip/geoip.c
+++ b/src/lib/geoip/geoip.c
@@ -387,7 +387,7 @@ geoip_load_file(sa_family_t family, const char *filename, int severity)
  * be less than geoip_get_n_countries().  To decode it, call
  * geoip_get_country_name().
  */
-int
+STATIC int
 geoip_get_country_by_ipv4(uint32_t ipaddr)
 {
   geoip_ipv4_entry_t *ent;
@@ -403,7 +403,7 @@ geoip_get_country_by_ipv4(uint32_t ipaddr)
  * 0 for the 'unknown country'.  The return value will always be less than
  * geoip_get_n_countries().  To decode it, call geoip_get_country_name().
  */
-int
+STATIC int
 geoip_get_country_by_ipv6(const struct in6_addr *addr)
 {
   geoip_ipv6_entry_t *ent;
diff --git a/src/lib/geoip/geoip.h b/src/lib/geoip/geoip.h
index 764ed1d5a5..e68573fd1a 100644
--- a/src/lib/geoip/geoip.h
+++ b/src/lib/geoip/geoip.h
@@ -21,14 +21,14 @@
 #ifdef GEOIP_PRIVATE
 STATIC int geoip_parse_entry(const char *line, sa_family_t family);
 STATIC void clear_geoip_db(void);
+
+STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr);
+STATIC int geoip_get_country_by_ipv6(const struct in6_addr *addr);
 #endif /* defined(GEOIP_PRIVATE) */
 
 struct in6_addr;
 struct tor_addr_t;
 
-int geoip_get_country_by_ipv4(uint32_t ipaddr);
-int geoip_get_country_by_ipv6(const struct in6_addr *addr);
-
 /** A per-country GeoIP record. */
 typedef struct geoip_country_t {
   /** A nul-terminated two-letter country-code. */
diff --git a/src/lib/malloc/malloc.h b/src/lib/malloc/malloc.h
index cc031f843a..48a3ac32cf 100644
--- a/src/lib/malloc/malloc.h
+++ b/src/lib/malloc/malloc.h
@@ -11,6 +11,7 @@
 #ifndef TOR_UTIL_MALLOC_H
 #define TOR_UTIL_MALLOC_H
 
+#include <assert.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include "lib/cc/compat_compiler.h"
@@ -45,6 +46,9 @@ void tor_free_(void *mem);
 #ifdef __GNUC__
 #define tor_free(p) STMT_BEGIN                                 \
     typeof(&(p)) tor_free__tmpvar = &(p);                      \
+    _Static_assert(!__builtin_types_compatible_p(typeof(*tor_free__tmpvar), \
+                                                 struct event *), \
+                   "use tor_event_free for struct event *");   \
     raw_free(*tor_free__tmpvar);                               \
     *tor_free__tmpvar=NULL;                                    \
   STMT_END
diff --git a/src/lib/osinfo/libc.c b/src/lib/osinfo/libc.c
index f52dea41aa..1ca26ff707 100644
--- a/src/lib/osinfo/libc.c
+++ b/src/lib/osinfo/libc.c
@@ -31,6 +31,9 @@
 const char *
 tor_libc_get_name(void)
 {
+#if defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE)
+  return "BSD";
+#endif /* defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) */
 #ifdef __GLIBC__
   return "Glibc";
 #else /* !defined(__GLIBC__) */
@@ -43,6 +46,21 @@ tor_libc_get_name(void)
 const char *
 tor_libc_get_version_str(void)
 {
+#if defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE)
+#include <sys/param.h>
+#ifdef __DragonFly_version
+  return STR(__DragonFly_version);
+#endif
+#ifdef __FreeBSD__
+  return STR(__FreeBSD_version);
+#endif
+#ifdef __NetBSD_Version__
+  return STR(__NetBSD_Version__);
+#endif
+#ifdef OpenBSD
+  return STR(OpenBSD);
+#endif
+#endif /* defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) */
 #ifdef CHECK_LIBC_VERSION
   const char *version = gnu_get_libc_version();
   if (version == NULL)
diff --git a/src/lib/process/process_win32.c b/src/lib/process/process_win32.c
index dfcb17a480..6458f93752 100644
--- a/src/lib/process/process_win32.c
+++ b/src/lib/process/process_win32.c
@@ -888,7 +888,7 @@ process_win32_read_from_handle(process_win32_handle_t *handle,
 
   /* Check if we have been asked to read from a handle that have already told
    * us that we have reached the end of the file. */
-  if (BUG(handle->reached_eof))
+  if (handle->reached_eof)
     return 0;
 
   /* This cast should be safe since our buffer can be at maximum up to
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index cc00d2048f..a476e57fbc 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -141,10 +141,12 @@ static sandbox_cfg_t *filter_dynamic = NULL;
  * the high bits of the value might get masked out improperly. */
 #define SCMP_CMP_MASKED(a,b,c) \
   SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c))
-/* For negative constants, the rule to add depends on the glibc version. */
-#define SCMP_CMP_NEG(a,op,b) (libc_negative_constant_needs_cast() ? \
-                              (SCMP_CMP((a), (op), (unsigned int)(b))) : \
-                              (SCMP_CMP_STR((a), (op), (b))))
+/* Negative constants aren't consistently sign extended or zero extended.
+ * Different compilers, libc, and architectures behave differently. For cases
+ * where the kernel ABI uses a 32 bit integer, this macro can be used to
+ * mask-compare only the lower 32 bits of the value. */
+#define SCMP_CMP_LOWER32_EQ(a,b) \
+  SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, 0xFFFFFFFF, (unsigned int)(b))
 
 /** Variable used for storing all syscall numbers that will be allowed with the
  * stage 1 general Tor sandbox.
@@ -516,14 +518,6 @@ libc_uses_openat_for_opendir(void)
          (is_libc_at_least(2, 15) && !is_libc_at_least(2, 22));
 }
 
-/* Return true if we think we're running with a libc that needs to cast
- * negative arguments like AT_FDCWD for seccomp rules. */
-static int
-libc_negative_constant_needs_cast(void)
-{
-  return is_libc_at_least(2, 27);
-}
-
 /** Allow a single file to be opened.  If <b>use_openat</b> is true,
  * we're using a libc that remaps all the opens into openats. */
 static int
@@ -531,7 +525,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
 {
   if (use_openat) {
     return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
-                              SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
+                              SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
                               SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
   } else {
     return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
@@ -612,6 +606,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   return 0;
 }
 
+static int
+sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  int rc;
+  sandbox_cfg_t *elem = NULL;
+
+  // for each dynamic parameter filters
+  for (elem = filter; elem != NULL; elem = elem->next) {
+    smp_param_t *param = elem->param;
+
+    if (param != NULL && param->prot == 1 && param->syscall
+        == SCMP_SYS(fchmodat)) {
+      rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat),
+          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+          SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
+      if (rc != 0) {
+        log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received "
+            "libseccomp error %d", rc);
+        return rc;
+      }
+    }
+  }
+
+  return 0;
+}
+
 #ifdef __i386__
 static int
 sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
@@ -664,6 +684,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 #endif /* defined(__i386__) */
 
+static int
+sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  int rc;
+  sandbox_cfg_t *elem = NULL;
+
+  // for each dynamic parameter filters
+  for (elem = filter; elem != NULL; elem = elem->next) {
+    smp_param_t *param = elem->param;
+
+    if (param != NULL && param->prot == 1 && param->syscall
+        == SCMP_SYS(fchownat)) {
+      rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat),
+          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+          SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
+      if (rc != 0) {
+        log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received "
+            "libseccomp error %d", rc);
+        return rc;
+      }
+    }
+  }
+
+  return 0;
+}
+
 /**
  * Function responsible for setting up the rename syscall for
  * the seccomp filter sandbox.
@@ -696,6 +742,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
 }
 
 /**
+ * Function responsible for setting up the renameat syscall for
+ * the seccomp filter sandbox.
+ */
+static int
+sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+{
+  int rc;
+  sandbox_cfg_t *elem = NULL;
+
+  // for each dynamic parameter filters
+  for (elem = filter; elem != NULL; elem = elem->next) {
+    smp_param_t *param = elem->param;
+
+    if (param != NULL && param->prot == 1 &&
+        param->syscall == SCMP_SYS(renameat)) {
+
+      rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat),
+            SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+            SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
+            SCMP_CMP_LOWER32_EQ(2, AT_FDCWD),
+            SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2));
+      if (rc != 0) {
+        log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received "
+            "libseccomp error %d", rc);
+        return rc;
+      }
+    }
+  }
+
+  return 0;
+}
+
+/**
  * Function responsible for setting up the openat syscall for
  * the seccomp filter sandbox.
  */
@@ -712,7 +791,7 @@ sb_openat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     if (param != NULL && param->prot == 1 && param->syscall
         == SCMP_SYS(openat)) {
       rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
-          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
+          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
           SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
           SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|
               O_CLOEXEC));
@@ -954,6 +1033,14 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
     return rc;
 #endif /* defined(IPV6_V6ONLY) */
 
+#ifdef IP_BIND_ADDRESS_NO_PORT
+  rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt),
+      SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP),
+      SCMP_CMP(2, SCMP_CMP_EQ, IP_BIND_ADDRESS_NO_PORT));
+  if (rc)
+    return rc;
+#endif
+
   return 0;
 }
 
@@ -1315,7 +1402,9 @@ static sandbox_filter_func_t filter_func[] = {
 #else
     sb_chown,
 #endif
+    sb_fchownat,
     sb_chmod,
+    sb_fchmodat,
     sb_open,
     sb_openat,
     sb_opendir,
@@ -1323,6 +1412,7 @@ static sandbox_filter_func_t filter_func[] = {
     sb_ptrace,
 #endif
     sb_rename,
+    sb_renameat,
 #ifdef __NR_fcntl64
     sb_fcntl64,
 #endif
@@ -1590,10 +1680,24 @@ new_element(int syscall, char *value)
 
 #ifdef __i386__
 #define SCMP_chown SCMP_SYS(chown32)
+#elif defined(__aarch64__) && defined(__LP64__)
+#define SCMP_chown SCMP_SYS(fchownat)
 #else
 #define SCMP_chown SCMP_SYS(chown)
 #endif
 
+#if defined(__aarch64__) && defined(__LP64__)
+#define SCMP_chmod SCMP_SYS(fchmodat)
+#else
+#define SCMP_chmod SCMP_SYS(chmod)
+#endif
+
+#if defined(__aarch64__) && defined(__LP64__)
+#define SCMP_rename SCMP_SYS(renameat)
+#else
+#define SCMP_rename SCMP_SYS(rename)
+#endif
+
 #ifdef __NR_stat64
 #define SCMP_stat SCMP_SYS(stat64)
 #else
@@ -1631,7 +1735,7 @@ sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element(SCMP_SYS(chmod), file);
+  elem = new_element(SCMP_chmod, file);
 
   elem->next = *cfg;
   *cfg = elem;
@@ -1657,7 +1761,7 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
 {
   sandbox_cfg_t *elem = NULL;
 
-  elem = new_element2(SCMP_SYS(rename), file1, file2);
+  elem = new_element2(SCMP_rename, file1, file2);
 
   elem->next = *cfg;
   *cfg = elem;
diff --git a/src/test/Makefile.nmake b/src/test/Makefile.nmake
deleted file mode 100644
index ca6a84cf8a..0000000000
--- a/src/test/Makefile.nmake
+++ /dev/null
@@ -1,35 +0,0 @@
-all: test.exe bench.exe
-
-CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or \
-    /I ..\ext
-
-LIBS = ..\..\..\build-alpha\lib\libevent.lib \
- ..\..\..\build-alpha\lib\libcrypto.lib \
- ..\..\..\build-alpha\lib\libssl.lib \
- ..\..\..\build-alpha\lib\libz.lib \
- ..\or\libtor.lib \
- ws2_32.lib advapi32.lib shell32.lib \
- crypt32.lib gdi32.lib user32.lib
-
-TEST_OBJECTS = test.obj test_addr.obj test_channel.obj test_channeltls.obj \
-        test_consdiff.obj test_containers.obj \
-	test_controller_events.obj test_crypto.obj test_data.obj test_dir.obj \
-	test_checkdir.obj test_microdesc.obj test_pt.obj test_util.obj \
-        test_config.obj test_connection.obj \
-	test_cell_formats.obj test_relay.obj test_replay.obj \
-	test_channelpadding.obj \
-	test_circuitstats.obj \
-	test_circuitpadding.obj \
-	test_scheduler.obj test_introduce.obj test_hs.obj tinytest.obj
-
-tinytest.obj: ..\ext\tinytest.c
-	$(CC) $(CFLAGS) /D snprintf=_snprintf /c ..\ext\tinytest.c
-
-test.exe: $(TEST_OBJECTS)
-	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib $(TEST_OBJECTS) /Fe$@
-
-bench.exe: bench.obj
-	$(CC) $(CFLAGS) bench.obj $(LIBS) ..\common\*.lib /Fe$@
-
-clean:
-	del *.obj *.lib test.exe bench.exe
diff --git a/src/test/conf_examples/large_1/expected b/src/test/conf_examples/large_1/expected
index fcd19db3df..73e48cf0d3 100644
--- a/src/test/conf_examples/large_1/expected
+++ b/src/test/conf_examples/large_1/expected
@@ -126,7 +126,6 @@ ReachableORAddresses 128.0.0.0/8
 RejectPlaintextPorts 23
 RelayBandwidthBurst 10000
 RelayBandwidthRate 1000
-RendPostPeriod 600
 RephistTrackTime 600
 SafeLogging 0
 Schedulers Vanilla,KISTLite,Kist
diff --git a/src/test/conf_examples/large_1/expected_no_dirauth b/src/test/conf_examples/large_1/expected_no_dirauth
index 4a19bc546c..21f08d0a33 100644
--- a/src/test/conf_examples/large_1/expected_no_dirauth
+++ b/src/test/conf_examples/large_1/expected_no_dirauth
@@ -125,7 +125,6 @@ ReachableORAddresses 128.0.0.0/8
 RejectPlaintextPorts 23
 RelayBandwidthBurst 10000
 RelayBandwidthRate 1000
-RendPostPeriod 600
 RephistTrackTime 600
 SafeLogging 0
 Schedulers Vanilla,KISTLite,Kist
diff --git a/src/test/conf_examples/large_1/torrc b/src/test/conf_examples/large_1/torrc
index 3f5b1e179f..ebf4a3fb96 100644
--- a/src/test/conf_examples/large_1/torrc
+++ b/src/test/conf_examples/large_1/torrc
@@ -133,7 +133,6 @@ ReachableORAddresses 128.0.0.0/8
 RejectPlaintextPorts 23
 RelayBandwidthBurst 10000
 RelayBandwidthRate 1000
-RendPostPeriod 10 minutes
 RephistTrackTime 10 minutes
 SafeLogging 0
 SafeSocks 0
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index fbf9d6a5ab..ed94fe8aaa 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -22,6 +22,7 @@
 #include "feature/dircommon/directory.h"
 #include "core/or/connection_or.h"
 #include "lib/net/resolve.h"
+#include "lib/evloop/compat_libevent.h"
 
 #include "test/test_connection.h"
 #include "test/test_helpers.h"
@@ -113,14 +114,8 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg)
     /* We didn't call tor_libevent_initialize(), so event_base was NULL,
      * so we can't rely on connection_unregister_events() use of event_del().
      */
-    if (conn->linked_conn->read_event) {
-      tor_free(conn->linked_conn->read_event);
-      conn->linked_conn->read_event = NULL;
-    }
-    if (conn->linked_conn->write_event) {
-      tor_free(conn->linked_conn->write_event);
-      conn->linked_conn->write_event = NULL;
-    }
+    tor_event_free(conn->linked_conn->read_event);
+    tor_event_free(conn->linked_conn->write_event);
 
     if (!conn->linked_conn->marked_for_close) {
       connection_close_immediate(conn->linked_conn);
@@ -142,14 +137,8 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg)
   /* We didn't set the events up properly, so we can't use event_del() in
    * close_closeable_connections() > connection_free()
    * > connection_unregister_events() */
-  if (conn->read_event) {
-    tor_free(conn->read_event);
-    conn->read_event = NULL;
-  }
-  if (conn->write_event) {
-    tor_free(conn->write_event);
-    conn->write_event = NULL;
-  }
+  tor_event_free(conn->read_event);
+  tor_event_free(conn->write_event);
 
   if (!conn->marked_for_close) {
     connection_close_immediate(conn);
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 186e09f236..248fd8ab5d 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -2971,7 +2971,7 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
                 (voter == 1)) {
     /* Check the first routerstatus. */
     tt_str_op(vrs->version,OP_EQ, "0.1.2.14");
-    tt_int_op(rs->published_on,OP_EQ, now-1500);
+    tt_int_op(vrs->published_on,OP_EQ, now-1500);
     tt_str_op(rs->nickname,OP_EQ, "router2");
     tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
@@ -2996,7 +2996,7 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now)
     if (voter == 1) {
       /* Check the second routerstatus. */
       tt_str_op(vrs->version,OP_EQ, "0.2.0.5");
-      tt_int_op(rs->published_on,OP_EQ, now-1000);
+      tt_int_op(vrs->published_on,OP_EQ, now-1000);
       tt_str_op(rs->nickname,OP_EQ, "router1");
     }
     tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
@@ -3057,6 +3057,7 @@ test_consensus_for_v3ns(networkstatus_t *con, time_t now)
 static void
 test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now)
 {
+  (void)now;
   tor_addr_t addr_ipv6;
 
   tt_assert(rs);
@@ -3093,7 +3094,6 @@ test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now)
                DIGEST_LEN);
     tt_str_op(rs->nickname,OP_EQ, "router1");
     tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    tt_int_op(rs->published_on,OP_EQ, now-1000);
     tt_assert(tor_addr_eq_ipv4h(&rs->ipv4_addr, 0x99009901));
     tt_int_op(rs->ipv4_orport,OP_EQ, 443);
     tt_int_op(rs->ipv4_dirport,OP_EQ, 0);
@@ -3968,7 +3968,7 @@ gen_routerstatus_for_umbw(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.2.14");
-      rs->published_on = now-1500;
+      vrs->published_on = now-1500;
       strlcpy(rs->nickname, "router2", sizeof(rs->nickname));
       memset(rs->identity_digest, 3, DIGEST_LEN);
       memset(rs->descriptor_digest, 78, DIGEST_LEN);
@@ -3993,7 +3993,7 @@ gen_routerstatus_for_umbw(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.2.0.5");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router1", sizeof(rs->nickname));
       memset(rs->identity_digest, 5, DIGEST_LEN);
       memset(rs->descriptor_digest, 77, DIGEST_LEN);
@@ -4020,7 +4020,7 @@ gen_routerstatus_for_umbw(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.0.3");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router3", sizeof(rs->nickname));
       memset(rs->identity_digest, 0x33, DIGEST_LEN);
       memset(rs->descriptor_digest, 79, DIGEST_LEN);
@@ -4046,7 +4046,7 @@ gen_routerstatus_for_umbw(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.6.3");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router4", sizeof(rs->nickname));
       memset(rs->identity_digest, 0x34, DIGEST_LEN);
       memset(rs->descriptor_digest, 47, DIGEST_LEN);
@@ -4146,7 +4146,7 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * cutoff.
      */
     tt_str_op(vrs->version,OP_EQ, "0.1.2.14");
-    tt_int_op(rs->published_on,OP_EQ, now-1500);
+    tt_int_op(vrs->published_on,OP_EQ, now-1500);
     tt_str_op(rs->nickname,OP_EQ, "router2");
     tt_mem_op(rs->identity_digest,OP_EQ,
                "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3"
@@ -4170,7 +4170,7 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now)
      * cutoff.
      */
     tt_str_op(vrs->version,OP_EQ, "0.2.0.5");
-    tt_int_op(rs->published_on,OP_EQ, now-1000);
+    tt_int_op(vrs->published_on,OP_EQ, now-1000);
     tt_str_op(rs->nickname,OP_EQ, "router1");
     tt_mem_op(rs->identity_digest,OP_EQ,
                "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5"
@@ -4245,6 +4245,7 @@ test_consensus_for_umbw(networkstatus_t *con, time_t now)
 static void
 test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
 {
+  (void)now;
   tor_addr_t addr_ipv6;
   uint32_t max_unmeasured_bw_kb = (alternate_clip_bw > 0) ?
     alternate_clip_bw : DEFAULT_MAX_UNMEASURED_BW_KB;
@@ -4285,7 +4286,6 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now)
                DIGEST_LEN);
     tt_str_op(rs->nickname,OP_EQ, "router1");
     tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN);
-    tt_int_op(rs->published_on,OP_EQ, now-1000);
     tt_assert(tor_addr_eq_ipv4h(&rs->ipv4_addr, 0x99009901));
     tt_int_op(rs->ipv4_orport,OP_EQ, 443);
     tt_int_op(rs->ipv4_dirport,OP_EQ, 0);
@@ -4385,7 +4385,6 @@ test_dir_fmt_control_ns(void *arg)
   (void)arg;
 
   memset(&rs, 0, sizeof(rs));
-  rs.published_on = 1364925198;
   strlcpy(rs.nickname, "TetsuoMilk", sizeof(rs.nickname));
   memcpy(rs.identity_digest, "Stately, plump Buck ", DIGEST_LEN);
   memcpy(rs.descriptor_digest, "Mulligan came up fro", DIGEST_LEN);
@@ -4403,7 +4402,7 @@ test_dir_fmt_control_ns(void *arg)
   tt_assert(s);
   tt_str_op(s, OP_EQ,
             "r TetsuoMilk U3RhdGVseSwgcGx1bXAgQnVjayA "
-               "TXVsbGlnYW4gY2FtZSB1cCBmcm8 2013-04-02 17:53:18 "
+               "TXVsbGlnYW4gY2FtZSB1cCBmcm8 2038-01-01 00:00:00 "
                "32.48.64.80 9001 9002\n"
             "s Exit Fast Running V2Dir\n"
             "w Bandwidth=1000\n");
diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c
index 201ea900ff..50ba32b562 100644
--- a/src/test/test_dir_common.c
+++ b/src/test/test_dir_common.c
@@ -93,7 +93,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.2.14");
-      rs->published_on = now-1500;
+      vrs->published_on = now-1500;
       strlcpy(rs->nickname, "router2", sizeof(rs->nickname));
       memset(rs->identity_digest, TEST_DIR_ROUTER_ID_1, DIGEST_LEN);
       memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_1, DIGEST_LEN);
@@ -111,7 +111,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.2.0.5");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router1", sizeof(rs->nickname));
       memset(rs->identity_digest, TEST_DIR_ROUTER_ID_2, DIGEST_LEN);
       memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_2, DIGEST_LEN);
@@ -130,7 +130,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.0.3");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router3", sizeof(rs->nickname));
       memset(rs->identity_digest, TEST_DIR_ROUTER_ID_3, DIGEST_LEN);
       memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_3, DIGEST_LEN);
@@ -147,7 +147,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now)
       vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
       rs = &vrs->status;
       vrs->version = tor_strdup("0.1.6.3");
-      rs->published_on = now-1000;
+      vrs->published_on = now-1000;
       strlcpy(rs->nickname, "router4", sizeof(rs->nickname));
       memset(rs->identity_digest, TEST_DIR_ROUTER_ID_4, DIGEST_LEN);
       memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_4, DIGEST_LEN);
diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c
index 250db9a964..ecd29f5464 100644
--- a/src/test/test_nodelist.c
+++ b/src/test/test_nodelist.c
@@ -1273,7 +1273,6 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg)
   memcpy(rs_orig.descriptor_digest, "abcdefghijklmnopqrst", 20);
   tor_addr_from_ipv4h(&rs_orig.ipv4_addr, 0x7f000001);
   rs_orig.ipv4_orport = 3;
-  rs_orig.published_on = time(NULL);
   rs_orig.has_bandwidth = 1;
   rs_orig.bandwidth_kb = 20;
 
@@ -1284,9 +1283,9 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg)
     tor_free(fmt);                                                        \
     fmt_orig = routerstatus_format_entry(&rs_orig, NULL, NULL,            \
                           NS_CONTROL_PORT,                                \
-                          NULL);                                          \
+                          NULL, -1);                                      \
     fmt = routerstatus_format_entry(&rs, NULL, NULL, NS_CONTROL_PORT,     \
-                          NULL);                                          \
+                          NULL, -1);                                      \
     tt_assert(fmt_orig);                                                  \
     tt_assert(fmt);                                                       \
   STMT_END
@@ -1322,9 +1321,6 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg)
   strlcpy(rs.nickname, "fr1end1y", sizeof(rs.nickname));
   ASSERT_CHANGED();
 
-  rs.published_on += 3600;
-  ASSERT_CHANGED();
-
   rs.ipv4_orport = 55;
   ASSERT_CHANGED();
 
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 182e6dd572..6610e317a7 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -2006,43 +2006,6 @@ test_options_validate__testing(void *ignored)
 }
 
 static void
-test_options_validate__hidserv(void *ignored)
-{
-  (void)ignored;
-  int ret;
-  char *msg;
-  setup_capture_of_logs(LOG_WARN);
-
-  options_test_data_t *tdata = NULL;
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data("RendPostPeriod 1\n" );
-  mock_clean_saved_logs();
-  ret = options_validate(NULL, tdata->opt, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  expect_log_msg("RendPostPeriod option is too short;"
-            " raising to 600 seconds.\n");
-  tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600);
-  tor_free(msg);
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data("RendPostPeriod 302401\n" );
-  mock_clean_saved_logs();
-  ret = options_validate(NULL, tdata->opt, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  expect_log_msg("RendPostPeriod is too large; "
-            "clipping to 302400s.\n");
-  tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400);
-  tor_free(msg);
-
- done:
-  teardown_capture_of_logs();
-  policies_free_all();
-  free_options_test_data(tdata);
-  tor_free(msg);
-}
-
-static void
 test_options_validate__path_bias(void *ignored)
 {
   (void)ignored;
@@ -4270,7 +4233,6 @@ struct testcase_t options_tests[] = {
   LOCAL_VALIDATE_TEST(safe_logging),
   LOCAL_VALIDATE_TEST(publish_server_descriptor),
   LOCAL_VALIDATE_TEST(testing),
-  LOCAL_VALIDATE_TEST(hidserv),
   LOCAL_VALIDATE_TEST(path_bias),
   LOCAL_VALIDATE_TEST(bandwidth),
   LOCAL_VALIDATE_TEST(circuits),
diff --git a/src/test/test_router.c b/src/test/test_router.c
index 15cc93fbfc..47084bba01 100644
--- a/src/test/test_router.c
+++ b/src/test/test_router.c
@@ -282,7 +282,6 @@ test_router_mark_if_too_old(void *arg)
   mock_ns = &ns;
   mock_ns->valid_after = now-3600;
   mock_rs = &rs;
-  mock_rs->published_on = now - 10;
 
   // no reason to mark this time.
   desc_clean_since = now-10;
@@ -302,25 +301,14 @@ test_router_mark_if_too_old(void *arg)
   tt_i64_op(desc_clean_since, OP_EQ, 0);
   tt_str_op(desc_dirty_reason, OP_EQ, "time for new descriptor");
 
-  // Version in consensus published a long time ago?  We won't mark it
-  // if it's been clean for only a short time.
   desc_clean_since = now - 10;
   desc_dirty_reason = NULL;
-  mock_rs->published_on = now - 3600 * 96;
   mark_my_descriptor_dirty_if_too_old(now);
   tt_i64_op(desc_clean_since, OP_EQ, now - 10);
 
-  // ... but if it's been clean a while, we mark.
-  desc_clean_since = now - 2 * 3600;
-  mark_my_descriptor_dirty_if_too_old(now);
-  tt_i64_op(desc_clean_since, OP_EQ, 0);
-  tt_str_op(desc_dirty_reason, OP_EQ,
-            "version listed in consensus is quite old");
-
-  // same deal if we're marked stale.
+  // Version in consensus marked as stale?  We'll mark it.
   desc_clean_since = now - 2 * 3600;
   desc_dirty_reason = NULL;
-  mock_rs->published_on = now - 10;
   mock_rs->is_staledesc = 1;
   mark_my_descriptor_dirty_if_too_old(now);
   tt_i64_op(desc_clean_since, OP_EQ, 0);
diff --git a/src/test/test_voting_flags.c b/src/test/test_voting_flags.c
index 457b0fa796..a5b1248cc1 100644
--- a/src/test/test_voting_flags.c
+++ b/src/test/test_voting_flags.c
@@ -40,7 +40,6 @@ setup_cfg(flag_vote_test_cfg_t *c)
   memset(c->ri.cache_info.signed_descriptor_digest, 0xee, DIGEST_LEN);
 
   c->ri.cache_info.published_on = c->now - 100;
-  c->expected.published_on = c->now - 100;
 
   tor_addr_from_ipv4h(&c->ri.ipv4_addr, 0x7f010105);
   tor_addr_from_ipv4h(&c->expected.ipv4_addr, 0x7f010105);
@@ -65,7 +64,6 @@ check_result(flag_vote_test_cfg_t *c)
   dirauth_set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now,
                                            0, 0);
 
-  tt_i64_op(rs.published_on, OP_EQ, c->expected.published_on);
   tt_str_op(rs.nickname, OP_EQ, c->expected.nickname);
 
   // identity_digest and descriptor_digest are not set here.
@@ -144,13 +142,11 @@ test_voting_flags_staledesc(void *arg)
   time_t now = cfg->now;
 
   cfg->ri.cache_info.published_on = now - DESC_IS_STALE_INTERVAL + 10;
-  cfg->expected.published_on = now - DESC_IS_STALE_INTERVAL + 10;
   // no change in expectations for is_staledesc
   if (!check_result(cfg))
     goto done;
 
   cfg->ri.cache_info.published_on = now - DESC_IS_STALE_INTERVAL - 10;
-  cfg->expected.published_on = now - DESC_IS_STALE_INTERVAL - 10;
   cfg->expected.is_staledesc = 1;
   if (!check_result(cfg))
     goto done;
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 2fd424c07e..88d04e6082 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -244,14 +244,18 @@ void tinytest_postfork(void);
 void
 tinytest_prefork(void)
 {
+#ifdef ENABLE_NSS
   free_pregenerated_keys();
+#endif
   subsystems_prefork();
 }
 void
 tinytest_postfork(void)
 {
   subsystems_postfork();
+#ifdef ENABLE_NSS
   init_pregenerated_keys();
+#endif
 }
 
 static void
diff --git a/src/tools/Makefile.nmake b/src/tools/Makefile.nmake
deleted file mode 100644
index e223d9b135..0000000000
--- a/src/tools/Makefile.nmake
+++ /dev/null
@@ -1,22 +0,0 @@
-all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe
-
-CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or
-
-LIBS = ..\..\..\build-alpha\lib\libevent.lib \
- ..\..\..\build-alpha\lib\libcrypto.lib \
- ..\..\..\build-alpha\lib\libssl.lib \
- ..\..\..\build-alpha\lib\libz.lib \
- ws2_32.lib advapi32.lib shell32.lib \
- crypt32.lib gdi32.lib user32.lib
-
-tor-gencert.exe: tor-gencert.obj
-	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-gencert.obj
-
-tor-resolve.exe: tor-resolve.obj
-	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj
-
-tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj
-	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj
-
-clean:
-	del *.obj *.lib *.exe
diff --git a/src/win32/include.am b/src/win32/include.am
deleted file mode 100644
index dad59af3ae..0000000000
--- a/src/win32/include.am
+++ /dev/null
@@ -1,3 +0,0 @@
-
-EXTRA_DIST+= src/win32/orconfig.h
-
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
deleted file mode 100644
index ef37d56dc3..0000000000
--- a/src/win32/orconfig.h
+++ /dev/null
@@ -1,242 +0,0 @@
-/* orconfig.h for Windows -- This file is *not* generated by autoconf.
- * Instead, it has to be hand-edited to keep Win32 happy.
- */
-
-/* Windows-only defines. */
-#define CONFDIR ""
-
-/* Define to 1 if you have the <arpa/inet.h> header file. */
-#undef HAVE_ARPA_INET_H
-
-/* Define to 1 if you have the <assert.h> header file. */
-#define HAVE_ASSERT_H
-
-/* Define to 1 if you have the <ctype.h> header file. */
-#define HAVE_CTYPE_H
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H
-
-/* Define to 1 if you have the `ftime' function. */
-#define HAVE_FTIME
-
-/* Define to 1 if you have the `gettimeofday' function. */
-#undef HAVE_GETTIMEOFDAY
-
-/* Define to 1 if you have the <grp.h> header file. */
-#undef HAVE_GRP_H
-
-/* Define to 1 if you have the `inet_aton' function. */
-#undef HAVE_INET_ATON
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-/* #define HAVE_INTTYPES_H */
-
-/* Define to 1 if you have the <limits.h> header file. */
-#define HAVE_LIMITS_H
-
-/* Define to 1 if you have the <machine/limits.h> header file. */
-#undef HAVE_MACHINE_LIMITS_H
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H
-
-/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H
-
-/* Define to 1 if you have the <netinet/in.h> header file. */
-#undef HAVE_NETINET_IN_H
-
-/* Define to 1 if you have the <poll.h> header file. */
-#undef HAVE_POLL_H
-
-/* Define to 1 if you have the <pwd.h> header file. */
-#undef HAVE_PWD_H
-
-/* Define to 1 if you have the <signal.h> header file. */
-#define HAVE_SIGNAL_H
-
-/* Define to 1 if you have the `socketpair' function. */
-#undef HAVE_SOCKETPAIR
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H
-
-/* Define to 1 if you have the `strlcat' function. */
-#undef HAVE_STRLCAT
-
-/* Define to 1 if you have the `strlcpy' function. */
-#undef HAVE_STRLCPY
-
-/* Define to 1 if you have the `strptime' function. */
-#undef HAVE_STRPTIME
-
-/* Define to 1 if your timeval has a tv_sec element. */
-#define HAVE_STRUCT_TIMEVAL_TV_SEC
-/* Change to #undef if you're using BCC */
-
-/* Define to 1 if you have the <sys/fcntl.h> header file. */
-#undef HAVE_SYS_FCNTL_H
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define to 1 if you have the <sys/limits.h> header file. */
-#undef HAVE_SYS_LIMITS_H
-
-/* Define to 1 if you have the <sys/poll.h> header file. */
-#undef HAVE_SYS_POLL_H
-
-/* Define to 1 if you have the <sys/socket.h> header file. */
-#undef HAVE_SYS_SOCKET_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <sys/utime.h> header file. */
-#define HAVE_SYS_UTIME_H
-
-/* Define to 1 if you have the <sys/wait.h> header file. */
-#undef HAVE_SYS_WAIT_H
-
-/* Define to 1 if you have the <time.h> header file. */
-#define HAVE_TIME_H
-
-/* Define to 1 if you have the `uname' function. */
-#undef HAVE_UNAME
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to 1 if you have the `_vscprintf' function. */
-#define HAVE__VSCPRINTF 1
-
-/* Define to 1 iff NULL is represented by a 0 in memory. */
-#define NULL_REP_IS_ZERO_BYTES 1
-
-/* Define to 1 iff memset(0) sets doubles to 0.0 */
-#define DOUBLE_0_REP_IS_ZERO_BYTES 1
-
-/* Name of package */
-#define PACKAGE "tor"
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* The size of a `char', as computed by sizeof. */
-#define SIZEOF_CHAR 1
-
-/* The size of a `int', as computed by sizeof. */
-#define SIZEOF_INT 4
-
-/* The size of a `int16_t', as computed by sizeof. */
-#undef SIZEOF_INT16_T
-
-/* The size of a `int32_t', as computed by sizeof. */
-#undef SIZEOF_INT32_T
-
-/* The size of a `int64_t', as computed by sizeof. */
-#undef SIZEOF_INT64_T
-
-/* The size of a `int8_t', as computed by sizeof. */
-#undef SIZEOF_INT8_T
-
-/* The size of a `long', as computed by sizeof. */
-#define SIZEOF_LONG 4
-
-/* The size of a `long long', as computed by sizeof. */
-#undef SIZEOF_LONG_LONG
-
-/* The size of `pid_t', as computed by sizeof. */
-#define SIZEOF_PID_T 0
-
-/* The size of a `short', as computed by sizeof. */
-#define SIZEOF_SHORT 2
-
-/* The size of a `time_t', as computed by sizeof. */
-#define SIZEOF_TIME_T 4
-
-/* The size of a `uint16_t', as computed by sizeof. */
-#undef SIZEOF_UINT16_T
-
-/* The size of a `uint32_t', as computed by sizeof. */
-#undef SIZEOF_UINT32_T
-
-/* The size of a `uint64_t', as computed by sizeof. */
-#undef SIZEOF_UINT64_T
-
-/* The size of a `uint8_t', as computed by sizeof. */
-#undef SIZEOF_UINT8_T
-
-/* The size of a `void *', as computed by sizeof. */
-#define SIZEOF_VOID_P 4
-
-/* The size of a `__int64', as computed by sizeof. */
-#define SIZEOF___INT64 8
-
-/* The sizeof a size_t, as computed by sizeof. */
-#define SIZEOF_SIZE_T 4
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS
-
-/* Define to 1 iff unaligned int access is allowed */
-#define UNALIGNED_INT_ACCESS_OK
-
-/* Define to 1 iff we represent negative integers with two's complement */
-#define USING_TWOS_COMPLEMENT
-
-/* Version number of package */
-#define VERSION "0.4.7.11-dev"
-
-#define HAVE_STRUCT_SOCKADDR_IN6
-#define HAVE_STRUCT_IN6_ADDR
-#define RSHIFT_DOES_SIGN_EXTEND
-#define FLEXIBLE_ARRAY_MEMBER 0
-#define SHARE_DATADIR ""
-#define USE_CURVE25519_DONNA
-
-#define ENUM_VALS_ARE_SIGNED 1
-
-#ifndef STDOUT_FILENO
-#define STDOUT_FILENO 1
-#endif
-
-#ifndef STDERR_FILENO
-#define STDERR_FILENO 2
-#endif
-
-#define WINVER 0x0501
-#define _WIN32_WINNT 0x0501
-#define WIN32_LEAN_AND_MEAN 1
-