18 files changed, 85 insertions, 0 deletions

diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic
new file mode 100644
index 0000000000..1e38654957
--- /dev/null
+++ b/changes/29241_diagnostic
@@ -0,0 +1,4 @@
+  o Minor features (NSS, diagnostic):
+    - Try to log an error from NSS (if there is any) and a more useful
+      description of our situation if we are using NSS and a call to
+      SSL_ExportKeyingMaterial() fails.  Diagnostic for ticket 29241.
diff --git a/changes/bug28614_better_logging b/changes/bug28614_better_logging
new file mode 100644
index 0000000000..26d19c3c11
--- /dev/null
+++ b/changes/bug28614_better_logging
@@ -0,0 +1,6 @@
+  o Minor bugfixes (logging):
+    - On Windows, when errors cause us to reload a consensus from disk, tell
+      the user that we are retrying at log level "notice". Previously we only
+      logged this information at "info", which was confusing because the
+      errors themselves were logged at "warning". Improves previous fix for
+      28614.  Fixes bug 30004; bugfix on 0.4.0.2-alpha.
diff --git a/changes/bug29036 b/changes/bug29036
new file mode 100644
index 0000000000..8b96c5c8fa
--- /dev/null
+++ b/changes/bug29036
@@ -0,0 +1,5 @@
+  o Minor bugfix (continuous integration):
+    - Reset coverage state on disk after Travis CI has finished. This is being
+      done to prevent future gcda file merge errors which causes the test suite
+      for the process subsystem to fail. The process subsystem was introduced
+      in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15.
diff --git a/changes/bug29241 b/changes/bug29241
new file mode 100644
index 0000000000..7f25e154d1
--- /dev/null
+++ b/changes/bug29241
@@ -0,0 +1,6 @@
+  o Major bugfixes (NSS, relay):
+    - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384
+      for their PRF. Due to an NSS bug, the TLS key exporters for these
+      ciphersuites don't work -- which caused relays to fail to handshake
+      with one another when these ciphersuites were enabled.
+      Fixes bug 29241; bugfix on 0.3.5.1-alpha.
diff --git a/changes/bug29500 b/changes/bug29500
new file mode 100644
index 0000000000..16550935b2
--- /dev/null
+++ b/changes/bug29500
@@ -0,0 +1,3 @@
+  o Minor bugfixes (circuitpadding testing):
+    - Minor tweaks to avoid very rare test failures related to timers and
+      monotime. Fixes bug 29500; bugfix on 0.4.0.1-alpha
diff --git a/changes/bug29527 b/changes/bug29527
new file mode 100644
index 0000000000..6f36a9e1a0
--- /dev/null
+++ b/changes/bug29527
@@ -0,0 +1,5 @@
+  o Minor features (circuit padding):
+    - Stop warning about undefined behavior in the probability distribution
+      tests. Float division by zero may technically be undefined behaviour in
+      C, but it's well-defined in IEEE 754. Partial backport of 29298.
+      Closes ticket 29527; bugfix on 0.4.0.1-alpha.
diff --git a/changes/bug29922 b/changes/bug29922
new file mode 100644
index 0000000000..dacb951097
--- /dev/null
+++ b/changes/bug29922
@@ -0,0 +1,4 @@
+  o Minor bugfixes (testing, windows):
+    - Fix a test failure caused by an unexpected bug warning in
+      our test for tor_gmtime_r(-1). Fixes bug 29922;
+      bugfix on 0.2.9.3-alpha.
diff --git a/changes/bug29926 b/changes/bug29926
new file mode 100644
index 0000000000..ab1417c603
--- /dev/null
+++ b/changes/bug29926
@@ -0,0 +1,2 @@
+  o Code simplification and refactoring (shell scripts):
+    - Fix shellcheck warnings in asciidoc-helper.sh. Resolves issue 29926.
diff --git a/changes/bug29959-040 b/changes/bug29959-040
new file mode 100644
index 0000000000..3740e0169a
--- /dev/null
+++ b/changes/bug29959-040
@@ -0,0 +1,3 @@
+  o Minor bugfixes (directory authorities):
+    - Actually include the bandwidth-file-digest line in directory authority
+      votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha.
diff --git a/changes/bug30011 b/changes/bug30011
new file mode 100644
index 0000000000..4c9069e291
--- /dev/null
+++ b/changes/bug30011
@@ -0,0 +1,4 @@
+  o Minor bugfixes (CI):
+    - Terminate test-stem if it takes more than 9.5 minutes to run.
+      (Travis terminates the job after 10 minutes of no output.)
+      Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha.
diff --git a/changes/bug30021 b/changes/bug30021
new file mode 100644
index 0000000000..2a887f3cf2
--- /dev/null
+++ b/changes/bug30021
@@ -0,0 +1,8 @@
+  o Minor bugfixes (TLS protocol, integration tests):
+    - When classifying a client's selection of TLS ciphers, if the client
+      ciphers are not yet available, do not cache the result. Previously,
+      we had cached the unavailability of the cipher list and never looked
+      again, which in turn led us to assume that the client only supported
+      the ancient V1 link protocol.  This, in turn, was causing Stem
+      integration tests to stall in some cases.
+      Fixes bug 30021; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug30040 b/changes/bug30040
new file mode 100644
index 0000000000..7d80528a10
--- /dev/null
+++ b/changes/bug30040
@@ -0,0 +1,9 @@
+  o Minor bugfixes (security):
+    - Fix a potential double free bug when reading huge bandwidth files. The
+      issue is not exploitable in the current Tor network because the
+      vulnerable code is only reached when directory authorities read bandwidth
+      files, but bandwidth files come from a trusted source (usually the
+      authorities themselves). Furthermore, the issue is only exploitable in
+      rare (non-POSIX) 32-bit architectures which are not used by any of the
+      current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
+      and fixed by Tobias Stoeckmann.
diff --git a/changes/bug30041 b/changes/bug30041
new file mode 100644
index 0000000000..801c8f67ac
--- /dev/null
+++ b/changes/bug30041
@@ -0,0 +1,5 @@
+  o Minor bugfixes (hardening):
+    - Verify in more places that we are not about to create a buffer
+      with more than INT_MAX bytes, to avoid possible OOB access in the event
+      of bugs.  Fixes bug 30041; bugfix on 0.2.0.16.  Found and fixed by
+      Tobias Stoeckmann.
diff --git a/changes/doc29121 b/changes/doc29121
new file mode 100644
index 0000000000..dd31cc9c70
--- /dev/null
+++ b/changes/doc29121
@@ -0,0 +1,3 @@
+  o Documentation:
+    - Clarify that Tor performs stream isolation between *Port listeners by
+      default. Resolves issue 29121.
diff --git a/changes/ticket29108 b/changes/ticket29108
new file mode 100644
index 0000000000..7adb08ecb1
--- /dev/null
+++ b/changes/ticket29108
@@ -0,0 +1,5 @@
+  o Code simplification and refactoring:
+    - Split crypto_digest.c into three parts: 1) general code that does not
+      depend on either NSS or OpenSSL (stays in crypto_digest.c); 2) code that
+      depends on NSS API (moved to crypto_digest_nss.c); 3) code that depends
+      on OpenSSL API (moved to crypto_digest_openssl.c). Resolves ticket 29108.
diff --git a/changes/ticket29357 b/changes/ticket29357
new file mode 100644
index 0000000000..3aab930cd4
--- /dev/null
+++ b/changes/ticket29357
@@ -0,0 +1,7 @@
+  o Minor features (dormant mode):
+    - Add a DormantCanceledByStartup option to tell Tor that it should
+      treat a startup event as cancelling any previous dormant state.
+      Integrators should use this option with caution: it should
+      only be used if Tor is being started because of something that the
+      user did, and not if Tor is being automatically started in the
+      background. Closes ticket 29357.
diff --git a/changes/ticket29897 b/changes/ticket29897
new file mode 100644
index 0000000000..232a79fbce
--- /dev/null
+++ b/changes/ticket29897
@@ -0,0 +1,3 @@
+  o Code simplification and refactoring:
+    - Refactor handle_get_next_bandwidth() to use connection_dir_buf_add().
+      Implements ticket 29897.
diff --git a/changes/ticket29962 b/changes/ticket29962
new file mode 100644
index 0000000000..e36cc0cf9a
--- /dev/null
+++ b/changes/ticket29962
@@ -0,0 +1,3 @@
+  o Minor features (continuous integration):
+    - On Travis Rust builds, cleanup Rust registry and refrain from caching
+      target/ directory to speed up builds. Resolves issue 29962.