20 files changed, 78 insertions, 0 deletions

diff --git a/changes/bug40472 b/changes/bug40472
new file mode 100644
index 0000000000..d87c1dc2cc
--- /dev/null
+++ b/changes/bug40472
@@ -0,0 +1,6 @@
+  o Minor bugfixes (performance, DoS):
+    - Fix one case of a not-especially viable denial-of-service attack found
+      by OSS-Fuzz in our consensus-diff parsing code. This attack causes a
+      lot small of memory allocations and then immediately frees them: this
+      is only slow when running with all the sanitizers enabled.  Fixes one
+      case of bug 40472; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug40515 b/changes/bug40515
new file mode 100644
index 0000000000..d315e28411
--- /dev/null
+++ b/changes/bug40515
@@ -0,0 +1,6 @@
+  o Minor bugfixes (controller, path bias):
+    - When a circuit's path is specified, in full or in part, from the
+      controller API, do not count that circuit towards our path-bias
+      calculations. (Doing so was incorrect, since we cannot tell whether
+      the controller is selecting relays randomly.)  Resolves a "Bug"
+      warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug40645 b/changes/bug40645
new file mode 100644
index 0000000000..044d5b67d2
--- /dev/null
+++ b/changes/bug40645
@@ -0,0 +1,5 @@
+  o Minor bugfixes (defense in depth):
+    - Change a test in the netflow padding code to make it more
+      _obviously_ safe against remotely triggered crashes.
+      (It was safe against these before, but not obviously so.)
+      Fixes bug 40645; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug40684 b/changes/bug40684
new file mode 100644
index 0000000000..8c751ede2c
--- /dev/null
+++ b/changes/bug40684
@@ -0,0 +1,6 @@
+  o Major bugfixes (OSX):
+    - Fix coarse-time computation on Apple platforms (like Mac M1) where
+      the Mach absolute time ticks do not correspond directly to
+      nanoseconds.  Previously, we computed our shift value wrong, which
+      led us to give incorrect timing results.
+      Fixes bug 40684; bugfix on 0.3.3.1-alpha.
diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox
new file mode 100644
index 0000000000..dac8fe72da
--- /dev/null
+++ b/changes/clone3-sandbox
@@ -0,0 +1,3 @@
+  o Minor features (linux seccomp2 sandbox):
+    - Permit the clone3 syscall, which is apparently used in glibc-2.34 and
+      later. Closes ticket 40590.
diff --git a/changes/fallbackdirs-2022-08-11 b/changes/fallbackdirs-2022-08-11
new file mode 100644
index 0000000000..21200700ad
--- /dev/null
+++ b/changes/fallbackdirs-2022-08-11
@@ -0,0 +1,2 @@
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 11, 2022.
diff --git a/changes/fallbackdirs-2022-12-06 b/changes/fallbackdirs-2022-12-06
new file mode 100644
index 0000000000..17daf63f53
--- /dev/null
+++ b/changes/fallbackdirs-2022-12-06
@@ -0,0 +1,2 @@
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 06, 2022.
diff --git a/changes/geoip-2022-08-11 b/changes/geoip-2022-08-11
new file mode 100644
index 0000000000..aad2392f1f
--- /dev/null
+++ b/changes/geoip-2022-08-11
@@ -0,0 +1,3 @@
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2022/08/11.
diff --git a/changes/geoip-2022-08-12 b/changes/geoip-2022-08-12
new file mode 100644
index 0000000000..e8f282db01
--- /dev/null
+++ b/changes/geoip-2022-08-12
@@ -0,0 +1,5 @@
+  o Major bugfixes (geoip data):
+    - IPFire informed us on August 12th that databases generated after
+      (including) August 10th did not have proper ARIN network allocations. We
+      are updating the database to use the one generated on August 9th, 2022.
+      Fixes bug 40658; bugfix on 0.4.5.13.
diff --git a/changes/geoip-2022-12-06 b/changes/geoip-2022-12-06
new file mode 100644
index 0000000000..f96e833e63
--- /dev/null
+++ b/changes/geoip-2022-12-06
@@ -0,0 +1,3 @@
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2022/12/06.
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 0000000000..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+  o Minor bugfixes (onion service, client):
+    - Fix a fatal assert due to a guard subsystem recursion triggered by the
+      onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 0000000000..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+  o Minor bugfixes (metrics port, onion service):
+    - Fix the metrics with a port label to be unique. Before this, all ports of
+      an onion service would be on the same line which violates the Prometheus
+      rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/changes/ticket40601 b/changes/ticket40601
new file mode 100644
index 0000000000..529e3badfe
--- /dev/null
+++ b/changes/ticket40601
@@ -0,0 +1,4 @@
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the rseq system call in the sandbox. This solves a crash issue with
+      glibc 2.35 on Linux.  Patch from pmu-ipf. Fixes bug 40601; bugfix on
+      0.3.5.11. 
diff --git a/changes/ticket40604 b/changes/ticket40604
new file mode 100644
index 0000000000..ec24a46e66
--- /dev/null
+++ b/changes/ticket40604
@@ -0,0 +1,5 @@
+  o Major bugfixes (relay):
+    - Remove OR connections btrack subsystem entries when the connections
+      closes normally. Before this, we would only close it on error and thus
+      leaking memory for each normal OR connections. Fixes bug 40604; bugfix
+      on 0.4.0.1-alpha.
diff --git a/changes/ticket40623 b/changes/ticket40623
new file mode 100644
index 0000000000..d2a0e7eaad
--- /dev/null
+++ b/changes/ticket40623
@@ -0,0 +1,4 @@
+  o Major bugfixes (relay):
+    - Stop sending TRUNCATED cell and instead close the circuits which sends a
+      DESTROY cell so every relay in the circuit path can stop queuing cells.
+      Fixes bug 40623; bugfix on 0.1.0.2-rc.
diff --git a/changes/ticket40649 b/changes/ticket40649
new file mode 100644
index 0000000000..28df58f106
--- /dev/null
+++ b/changes/ticket40649
@@ -0,0 +1,4 @@
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit so to avoid a possible side channel. Fixes bug 40649;
+      bugfix on 0.1.2.4-alpha.
diff --git a/changes/ticket40674 b/changes/ticket40674
new file mode 100644
index 0000000000..b371cafcf0
--- /dev/null
+++ b/changes/ticket40674
@@ -0,0 +1,3 @@
+  o Major bugfixes (relay):
+    - Improve security of our DNS cache by randomly clipping the TTL value.
+      TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40687 b/changes/ticket40687
new file mode 100644
index 0000000000..e96119cf49
--- /dev/null
+++ b/changes/ticket40687
@@ -0,0 +1,2 @@
+  o Directory authority changes (dizum):
+    - Change dizum IP address. Closes ticket 40687.
diff --git a/changes/ticket40688 b/changes/ticket40688
new file mode 100644
index 0000000000..79350cb836
--- /dev/null
+++ b/changes/ticket40688
@@ -0,0 +1,3 @@
+  o Directory authority changes (Faravahar):
+    - Remove Faravahar until its operator, Sina, set it back up online outside
+      of Team Cymru network. Closes ticket 40688.
diff --git a/changes/ticket40722 b/changes/ticket40722
new file mode 100644
index 0000000000..a9a9f520a9
--- /dev/null
+++ b/changes/ticket40722
@@ -0,0 +1,5 @@
+  o Directory authority changes (moria1):
+    - Rotate the relay identity key and v3 identity key for moria1. They
+      have been online for more than a decade and refreshing keys
+      periodically is good practice. Advertise new ports too, to avoid
+      confusion. Closes ticket 40722.