summaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/6783_big_hammer6
-rw-r--r--changes/bug199211
-rw-r--r--changes/bug22865
-rw-r--r--changes/bug60242
-rw-r--r--changes/bug60436
-rw-r--r--changes/bug61746
-rw-r--r--changes/bug62066
-rw-r--r--changes/bug62183
-rw-r--r--changes/bug6244_part_c6
-rw-r--r--changes/bug62516
-rw-r--r--changes/bug6252_again11
-rw-r--r--changes/bug62717
-rw-r--r--changes/bug62743
-rw-r--r--changes/bug6274_23
-rw-r--r--changes/bug62964
-rw-r--r--changes/bug63044
-rw-r--r--changes/bug63415
-rw-r--r--changes/bug63774
-rw-r--r--changes/bug63796
-rw-r--r--changes/bug63873
-rw-r--r--changes/bug63974
-rw-r--r--changes/bug640416
-rw-r--r--changes/bug64233
-rw-r--r--changes/bug64363
-rw-r--r--changes/bug64724
-rw-r--r--changes/bug64756
-rw-r--r--changes/bug64805
-rw-r--r--changes/bug64904
-rw-r--r--changes/bug65002
-rw-r--r--changes/bug650715
-rw-r--r--changes/bug65145
-rw-r--r--changes/bug65305
-rw-r--r--changes/bug65724
-rw-r--r--changes/bug66734
-rw-r--r--changes/bug66907
-rw-r--r--changes/bug67106
-rw-r--r--changes/bug67323
-rw-r--r--changes/bug67439
-rw-r--r--changes/bug67744
-rw-r--r--changes/bug68015
-rw-r--r--changes/bug68115
-rw-r--r--changes/bug68279
-rw-r--r--changes/bug68444
-rw-r--r--changes/bug68664
-rw-r--r--changes/bug70145
-rw-r--r--changes/bug70223
-rw-r--r--changes/bug70376
-rw-r--r--changes/bug70544
-rw-r--r--changes/bug70655
-rw-r--r--changes/bug71399
-rw-r--r--changes/bug7164_diagnostic4
-rw-r--r--changes/bug71906
-rw-r--r--changes/bug71915
-rw-r--r--changes/bug719210
-rw-r--r--changes/bug72804
-rw-r--r--changes/bug73504
-rw-r--r--changes/bug735212
-rw-r--r--changes/bug74644
-rw-r--r--changes/bug75829
-rw-r--r--changes/bug7707_diagnostic5
-rw-r--r--changes/bug77683
-rw-r--r--changes/bug77997
-rw-r--r--changes/bug780113
-rw-r--r--changes/bug7816.0248
-rw-r--r--changes/bug7816_0237
-rw-r--r--changes/bug7816_023_small3
-rw-r--r--changes/bug78898
-rw-r--r--changes/bug79027
-rw-r--r--changes/bug79474
-rw-r--r--changes/bug79504
-rw-r--r--changes/bug80025
-rw-r--r--changes/bug80145
-rw-r--r--changes/bug80317
-rw-r--r--changes/bug80596
-rw-r--r--changes/bug80625
-rw-r--r--changes/bug80656
-rw-r--r--changes/bug81217
-rw-r--r--changes/bug81515
-rw-r--r--changes/bug81583
-rw-r--r--changes/bug81616
-rw-r--r--changes/bug81807
-rw-r--r--changes/bug82005
-rw-r--r--changes/bug82034
-rw-r--r--changes/bug82077
-rw-r--r--changes/bug82096
-rw-r--r--changes/bug82106
-rw-r--r--changes/bug82186
-rw-r--r--changes/bug82315
-rw-r--r--changes/bug8235-diagnosing5
-rw-r--r--changes/bug82733
-rw-r--r--changes/bug82909
-rw-r--r--changes/bug84084
-rw-r--r--changes/bug84275
-rw-r--r--changes/bug84354
-rw-r--r--changes/bug84645
-rw-r--r--changes/bug84754
-rw-r--r--changes/bug8477-easypart3
-rw-r--r--changes/bug85963
-rw-r--r--changes/bug85986
-rw-r--r--changes/bug85994
-rw-r--r--changes/bug86383
-rw-r--r--changes/cov7090564
-rw-r--r--changes/cov9806504
-rw-r--r--changes/cve-2012-22495
-rw-r--r--changes/dirserv-BUGGY-a7
-rw-r--r--changes/disable_pathbias_messages3
-rw-r--r--changes/easy.ratelim3
-rw-r--r--changes/feature49947
-rw-r--r--changes/geoip-dec20123
-rw-r--r--changes/geoip-jan20133
-rw-r--r--changes/geoip-nov20123
-rw-r--r--changes/integers_donna3
-rw-r--r--changes/link_negotiation_assert6
-rw-r--r--changes/log-noise11
-rw-r--r--changes/pathsel-BUGGY-a14
-rw-r--r--changes/port_doc3
-rw-r--r--changes/revert-geoip-may20126
-rw-r--r--changes/signof_enum7
-rw-r--r--changes/smartlist_foreach8
-rw-r--r--changes/ticket22678
-rw-r--r--changes/ticket57493
-rw-r--r--changes/ticket82404
-rw-r--r--changes/ticket84434
-rw-r--r--changes/warn-unsigned-time_t5
124 files changed, 352 insertions, 333 deletions
diff --git a/changes/6783_big_hammer b/changes/6783_big_hammer
new file mode 100644
index 0000000000..2ff3249b33
--- /dev/null
+++ b/changes/6783_big_hammer
@@ -0,0 +1,6 @@
+ o Major features (deprecation):
+ - There's now a "DisableV2DirectoryInfo_" option that prevents us
+ from serving any directory requests for v2 directory information.
+ This is for us to test disabling the old deprecated V2 directory
+ format, so that we can see whether doing so has any effect on
+ network load. Part of a fix for bug 6783.
diff --git a/changes/bug1992 b/changes/bug1992
new file mode 100644
index 0000000000..6a751dc7e6
--- /dev/null
+++ b/changes/bug1992
@@ -0,0 +1,11 @@
+ o Minor bugfixes:
+ - Stop trying to resolve our hostname so often (e.g. every time we
+ think about doing a directory fetch). Now we reuse the cached
+ answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
+ and 2410 (bugfix on 0.1.2.2-alpha).
+
+ o Minor features:
+ - Make bridge relays check once a minute for whether their IP
+ address has changed, rather than only every 15 minutes. Resolves
+ bugs 1913 and 1992.
+
diff --git a/changes/bug2286 b/changes/bug2286
new file mode 100644
index 0000000000..4f8dfbbf68
--- /dev/null
+++ b/changes/bug2286
@@ -0,0 +1,5 @@
+ o Major features (directory authority):
+ - Directory authorities now support a new consensus method (17)
+ where they cap the published bandwidth of servers for which
+ insufficient bandwidth measurements exist. Fixes part of bug
+ 2286.
diff --git a/changes/bug6024 b/changes/bug6024
deleted file mode 100644
index 743e6ef1fe..0000000000
--- a/changes/bug6024
+++ /dev/null
@@ -1,2 +0,0 @@
- o Documentation fixes:
- - Clarify that hidden services are TCP only. Fixes bug 6024.
diff --git a/changes/bug6043 b/changes/bug6043
deleted file mode 100644
index b88bafb788..0000000000
--- a/changes/bug6043
+++ /dev/null
@@ -1,6 +0,0 @@
- o Packaging (RPM):
- - Our default RPM spec files have been updated to work with mock
- and rpmbuild on RHEL/Fedora. They have an updated set of
- dependencies and conflicts, a fix for an ancient typo when creating
- the "_tor" user, and better instructions. Thanks to Ondrej
- Mikle for the patch series; fix for bug 6043.
diff --git a/changes/bug6174 b/changes/bug6174
new file mode 100644
index 0000000000..79d2930ec3
--- /dev/null
+++ b/changes/bug6174
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - When we mark a circuit as unusable for new circuits, have it
+ continue to be unusable for new circuits even if MaxCircuitDirtiness
+ is increased too much at the wrong time, or the system clock jumped
+ backwards. Fix for bug 6174; bugfix on 0.0.2pre26.
+
diff --git a/changes/bug6206 b/changes/bug6206
new file mode 100644
index 0000000000..61a16d291a
--- /dev/null
+++ b/changes/bug6206
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Always check the return values of functions fcntl() and
+ setsockopt(). We don't believe these are ever actually failing in
+ practice, but better safe than sorry. Also, checking these return
+ values should please some analysis tools (like Coverity). Patch
+ from 'flupzor'. Fix for bug 8206; bugfix on all versions of Tor.
diff --git a/changes/bug6218 b/changes/bug6218
deleted file mode 100644
index 5d5d108b00..0000000000
--- a/changes/bug6218
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218;
- bugfix on 0.2.1.10-alpha.
diff --git a/changes/bug6244_part_c b/changes/bug6244_part_c
deleted file mode 100644
index dea6e7b69e..0000000000
--- a/changes/bug6244_part_c
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (controller):
- - Make wildcarded addresses (that is, ones beginning with *.) work when
- provided via the controller's MapAddress command. Previously, they
- were accepted, but we never actually noticed that they were wildcards.
- Fix for bug 6244; bugfix on 0.2.3.9-alpha.
-
diff --git a/changes/bug6251 b/changes/bug6251
deleted file mode 100644
index c782a93e49..0000000000
--- a/changes/bug6251
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Downgrade "set buildtimeout to low value" messages to INFO
- severity; they were never an actual problem, there was never
- anything reasonable to do about them, and they tended to spam
- logs from time to time. Fix for bug 6251; bugfix on
- 0.2.2.2-alpha. \ No newline at end of file
diff --git a/changes/bug6252_again b/changes/bug6252_again
deleted file mode 100644
index f7fd00cb38..0000000000
--- a/changes/bug6252_again
+++ /dev/null
@@ -1,11 +0,0 @@
- o Security fixes:
- - Tear down the circuit if we get an unexpected SENDME cell. Clients
- could use this trick to make their circuits receive cells faster
- than our flow control would have allowed, or to gum up the network,
- or possibly to do targeted memory denial-of-service attacks on
- entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
- from July 2002, before the release of Tor 0.0.0. We had committed
- this patch previously, but we had to revert it because of bug 6271.
- Now that 6271 is fixed, this appears to work.
-
-
diff --git a/changes/bug6271 b/changes/bug6271
deleted file mode 100644
index 06b129f73f..0000000000
--- a/changes/bug6271
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes
-
- - Fix a bug handling SENDME cells on nonexistent streams that
- could result in bizarre window values. Report and patch
- contributed pseudymously. Fixes part of bug 6271. This bug
- was introduced before the first Tor release, in svn commit
- r152.
diff --git a/changes/bug6274 b/changes/bug6274
deleted file mode 100644
index ad1abcde54..0000000000
--- a/changes/bug6274
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Ignore ServerTransportPlugin lines when Tor is not configured as
- a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6274_2 b/changes/bug6274_2
deleted file mode 100644
index 89576f9328..0000000000
--- a/changes/bug6274_2
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Terminate active server managed proxies if Tor stops being a
- relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug6296 b/changes/bug6296
deleted file mode 100644
index b452b1745d..0000000000
--- a/changes/bug6296
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
-
- - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes
- compilation on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc.
diff --git a/changes/bug6304 b/changes/bug6304
new file mode 100644
index 0000000000..445560a8e1
--- /dev/null
+++ b/changes/bug6304
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Behave correctly when the user disables LearnCircuitBuildTimeout
+ but doesn't tell us what they would like the timeout to be. Fixes
+ bug 6304; bugfix on 0.2.2.14-alpha.
diff --git a/changes/bug6341 b/changes/bug6341
deleted file mode 100644
index 04e52c7cd3..0000000000
--- a/changes/bug6341
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix a possible crash bug when checking for deactivated circuits
- in connection_or_flush_from_first_active_circuit(). Fixes bug
- 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received
- pseudonymously.
diff --git a/changes/bug6377 b/changes/bug6377
deleted file mode 100644
index a3a3672783..0000000000
--- a/changes/bug6377
+++ /dev/null
@@ -1,4 +0,0 @@
- o Testing:
- - Make it possible to set the TestingTorNetwork configuration
- option using AlternateDirAuthority and AlternateBridgeAuthority
- as an alternative to setting DirServer.
diff --git a/changes/bug6379 b/changes/bug6379
deleted file mode 100644
index 1f2b6941cd..0000000000
--- a/changes/bug6379
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Fix build warnings from --enable-openbsd-malloc with gcc warnings
- enabled. Fixes bug 6379.
- - Fix 64-bit warnings from --enable-openbsd-malloc. Fixes bug 6379.
- Bugfix on 0.2.0.20-rc.
-
diff --git a/changes/bug6387 b/changes/bug6387
deleted file mode 100644
index 73fc4f7cfe..0000000000
--- a/changes/bug6387
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Clarify the documentation for the Alternate*Authority options.
- Fixes bug 6387.
diff --git a/changes/bug6397 b/changes/bug6397
deleted file mode 100644
index 23d8359bd2..0000000000
--- a/changes/bug6397
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - When disabling guards for having too high a proportion of failed
- circuits, make sure to look at each guard. Fix for bug 6397; bugfix
- on 0.2.3.17-beta.
diff --git a/changes/bug6404 b/changes/bug6404
deleted file mode 100644
index 948f00b92e..0000000000
--- a/changes/bug6404
+++ /dev/null
@@ -1,16 +0,0 @@
- o Minor bugfixes:
-
- - Remove the maximum length of microdescriptor we are willing to
- generate. Occasionally this is needed for routers
- with complex policies or family declarations. Partial fix for
- bug 6404; fix on 0.2.2.6-alpha.
-
- - Authorities no longer include any router in their
- microdescriptor consensuses for which they couldn't generate or
- agree on a microdescriptor. Partial fix for bug 6404; fix on
- 0.2.2.6-alpha.
-
- - Move log message when unable to find a microdesc in a
- routerstatus entry to parse time. Previously we'd spam this
- warning every time we tried to figure out which microdescriptors
- to download. Partial fix for bug 6404; fix on 0.2.3.18-rc.
diff --git a/changes/bug6423 b/changes/bug6423
deleted file mode 100644
index 2ea4f1410d..0000000000
--- a/changes/bug6423
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Consider new, removed or changed IPv6 OR ports a non cosmetic
- change.
diff --git a/changes/bug6436 b/changes/bug6436
deleted file mode 100644
index 2c163df105..0000000000
--- a/changes/bug6436
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Provide a better error message about possible OSX Asciidoc failure
- reasons. Fix for bug 6436.
diff --git a/changes/bug6472 b/changes/bug6472
deleted file mode 100644
index dcd42ebe68..0000000000
--- a/changes/bug6472
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Avoid a pair of double-free and use-after-mark bugs that can
- occur with certain timings in canceled and re-received DNS
- requests. Fix for bug 6472; bugfix on 0.0.7rc1.
diff --git a/changes/bug6475 b/changes/bug6475
deleted file mode 100644
index 67bab99622..0000000000
--- a/changes/bug6475
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Add internal circuit construction state to protect against
- the noisy warn message "Unexpectedly high circuit_successes".
- Also add some additional rate-limited notice messages to help
- determine the root cause of the warn. Fixes bug 6475.
- Bugfix against 0.2.3.17-beta.
diff --git a/changes/bug6480 b/changes/bug6480
deleted file mode 100644
index 83ae00b251..0000000000
--- a/changes/bug6480
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Avoid read-from-freed-RAM bug and related double-free bug that
- could occur when a DNS request fails while launching it. Fixes
- bug 6480; bugfix on 0.2.0.1-alpha.
-
diff --git a/changes/bug6490 b/changes/bug6490
deleted file mode 100644
index c92daad8f4..0000000000
--- a/changes/bug6490
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Warn when Tor is configured to use accounting in a way that will
- link a hidden service to some other hidden service or public
- address. Fix for bug 6490.
diff --git a/changes/bug6500 b/changes/bug6500
deleted file mode 100644
index cac2054a3a..0000000000
--- a/changes/bug6500
+++ /dev/null
@@ -1,2 +0,0 @@
- o Minor bugfixes:
- - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500.
diff --git a/changes/bug6507 b/changes/bug6507
deleted file mode 100644
index 89940cbf7b..0000000000
--- a/changes/bug6507
+++ /dev/null
@@ -1,15 +0,0 @@
- o Major bugfixes:
- - Detect 'ORPort 0' as meaning, uniformly, that we're not running
- as a server. Previously, some of our code would treat the
- presence of any ORPort line as meaning that we should act like a
- server, even though our new listener code would correctly not
- open any ORPorts for ORPort 0. Similar bugs in other Port
- options are also fixed. Fixes bug 6507; bugfix on 0.2.3.3-alpha.
-
- o Minor features:
-
- - Detect and reject attempts to specify both 'FooPort' and
- 'FooPort 0' in the same configuration domain. (It's still okay
- to have a FooPort in your configuration file,and use 'FooPort 0'
- on the command line to disable it.) Fixes another case of
- bug6507; bugfix on 0.2.3.3-alpha.
diff --git a/changes/bug6514 b/changes/bug6514
deleted file mode 100644
index 84633bd279..0000000000
--- a/changes/bug6514
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Add a (probably redundant) memory clear between iterations of
- the router status voting loop, to prevent future coding errors
- where data might leak between iterations of the loop. Resolves
- ticket 6514.
diff --git a/changes/bug6530 b/changes/bug6530
deleted file mode 100644
index 825bbb752a..0000000000
--- a/changes/bug6530
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major security fixes:
- - Avoid a read of uninitializd RAM when reading a vote or consensus
- document with an unrecognized flavor name. This could lead to a
- remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
-
diff --git a/changes/bug6572 b/changes/bug6572
new file mode 100644
index 0000000000..6508d1bcb5
--- /dev/null
+++ b/changes/bug6572
@@ -0,0 +1,4 @@
+ o Minor bugfixes (log messages)
+ - Use circuit creation time for network liveness evaluation. This
+ should eliminate warning log messages about liveness caused by
+ changes in timeout evaluation. Fixes bug 6572; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug6673 b/changes/bug6673
new file mode 100644
index 0000000000..506b449892
--- /dev/null
+++ b/changes/bug6673
@@ -0,0 +1,4 @@
+ o Minor features (build):
+ - Detect and reject attempts to build Tor with threading support
+ when OpenSSL have been compiled with threading support disabled.
+ Fixes bug 6673.
diff --git a/changes/bug6690 b/changes/bug6690
deleted file mode 100644
index 99d42976ed..0000000000
--- a/changes/bug6690
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (security):
- - Do not crash when comparing an address with port value 0 to an
- address policy. This bug could have been used to cause a remote
- assertion failure by or against directory authorities, or to
- allow some applications to crash clients. Fixes bug 6690; bugfix
- on 0.2.1.10-alpha.
-
diff --git a/changes/bug6710 b/changes/bug6710
deleted file mode 100644
index 2c89346114..0000000000
--- a/changes/bug6710
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (security):
- - Reject any attempt to extend to an internal address. Without
- this fix, a router could be used to probe addresses on an
- internal network to see whether they were accepting
- connections. Fix for bug 6710; bugfix on 0.0.8pre1.
-
diff --git a/changes/bug6732 b/changes/bug6732
deleted file mode 100644
index 7a744e014a..0000000000
--- a/changes/bug6732
+++ /dev/null
@@ -1,3 +0,0 @@
- o Documentation:
- - Add missing documentation for consensus and microdesc files. Fix for
- bug 6732.
diff --git a/changes/bug6743 b/changes/bug6743
deleted file mode 100644
index 6ec78f853a..0000000000
--- a/changes/bug6743
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
- - Allow one-hop directory fetching circuits the full "circuit build
- timeout" period, rather than just half of it, before failing them
- and marking the relay down. This fix should help reduce cases where
- clients declare relays (or worse, bridges) unreachable because
- the TLS handshake takes a few seconds to complete. Fixes bug 6743;
- bugfix on 0.2.2.2-alpha, where we changed the timeout from a static
- 30 seconds.
-
diff --git a/changes/bug6774 b/changes/bug6774
deleted file mode 100644
index 0c137fd678..0000000000
--- a/changes/bug6774
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Avoid crashing on a malformed state file where EntryGuardPathBias
- precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta.
-
diff --git a/changes/bug6801 b/changes/bug6801
deleted file mode 100644
index ef21acc98f..0000000000
--- a/changes/bug6801
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Avoid segfault when starting up having run with an extremely old
- version of Tor and parsing its state file. Fixes bug 6801; bugfix on
- 0.2.2.23-alpha.
-
diff --git a/changes/bug6811 b/changes/bug6811
deleted file mode 100644
index 841ec1c54a..0000000000
--- a/changes/bug6811
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major security fixes:
- - Fix an assertion failure in tor_timegm that could be triggered
- by a badly formatted directory object. Bug found by fuzzing with
- Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
-
diff --git a/changes/bug6827 b/changes/bug6827
deleted file mode 100644
index bf71d2b97c..0000000000
--- a/changes/bug6827
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
-
- - Avoid undefined behaviour when parsing the list of supported
- rendezvous/introduction protocols in a hidden service
- descriptor. Previously, Tor would have confused (as-yet-unused)
- protocol version numbers greater than 32 with lower ones on many
- platforms. Fixes bug 6827; bugfix on 0.2.0.10-alpha; found by
- George Kadianakis.
-
diff --git a/changes/bug6844 b/changes/bug6844
deleted file mode 100644
index 338e19d9a5..0000000000
--- a/changes/bug6844
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Correct file sizes when reading binary files on
- Cygwin, to avoid a bug where Tor would fail to read its state file.
- Fixes bug 6844; bugfix on 0.1.2.7-alpha.
diff --git a/changes/bug6866 b/changes/bug6866
deleted file mode 100644
index 561676b765..0000000000
--- a/changes/bug6866
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Convert an assert in the pathbias code to a log message. Assert
- appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
- bugfix on 0.2.3.17-beta.
diff --git a/changes/bug7014 b/changes/bug7014
deleted file mode 100644
index 1d39103a50..0000000000
--- a/changes/bug7014
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Fix two cases in src/or/transports.c where we were calling
- fmt_addr() twice in a parameter list. Bug found by David
- Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
-
diff --git a/changes/bug7022 b/changes/bug7022
deleted file mode 100644
index 10ac354724..0000000000
--- a/changes/bug7022
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix memory leaks whenever we logged any message about the "path
- bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
diff --git a/changes/bug7037 b/changes/bug7037
deleted file mode 100644
index fc3a1ad1c5..0000000000
--- a/changes/bug7037
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - When relays refuse a "create" cell because their queue of pending
- create cells is too big (typically because their cpu can't keep up
- with the arrival rate), send back reason "resource limit" rather
- than reason "internal", so network measurement scripts can get a
- more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
diff --git a/changes/bug7054 b/changes/bug7054
new file mode 100644
index 0000000000..15680d72ce
--- /dev/null
+++ b/changes/bug7054
@@ -0,0 +1,4 @@
+ o Minor bugfixes (man page):
+ - Say "KBytes" rather than "KB" in the man page (for various values
+ of K), to further reduce confusion about whether Tor counts in
+ units of memory or fractions of units of memory. Fixes bug 7054.
diff --git a/changes/bug7065 b/changes/bug7065
new file mode 100644
index 0000000000..1ca6841021
--- /dev/null
+++ b/changes/bug7065
@@ -0,0 +1,5 @@
+ o Minor bugfix (log cleanups):
+ - Eliminate several instances where we use Nickname=ID to refer to
+ nodes in logs. Use Nickname (ID) instead. (Elsewhere, we still use
+ $ID=Nickname, which is also acceptable.) Fixes bug #7065. Bugfix
+ on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha.
diff --git a/changes/bug7139 b/changes/bug7139
deleted file mode 100644
index dfb7d32838..0000000000
--- a/changes/bug7139
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (security):
-
- - Disable TLS session tickets. OpenSSL's implementation were giving
- our TLS session keys the lifetime of our TLS context objects, when
- perfect forward secrecy would want us to discard anything that
- could decrypt a link connection as soon as the link connection was
- closed. Fixes bug 7139; bugfix on all versions of Tor linked
- against OpenSSL 1.0.0 or later. Found by "nextgens".
-
diff --git a/changes/bug7164_diagnostic b/changes/bug7164_diagnostic
new file mode 100644
index 0000000000..8bedfc4bd5
--- /dev/null
+++ b/changes/bug7164_diagnostic
@@ -0,0 +1,4 @@
+ o Minor features (bug diagnostic):
+ - If we fail to free a microdescriptor because of bug #7164, log
+ the filename and line number from which we tried to free it.
+ This should help us finally fix #7164.
diff --git a/changes/bug7190 b/changes/bug7190
deleted file mode 100644
index 1607f79442..0000000000
--- a/changes/bug7190
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Clients now consider the ClientRejectInternalAddresses config option
- when using a microdescriptor consensus stanza to decide whether
- an exit relay would allow exiting to an internal address. Fixes
- bug 7190; bugfix on 0.2.3.1-alpha.
-
diff --git a/changes/bug7191 b/changes/bug7191
deleted file mode 100644
index a3bee6e5f7..0000000000
--- a/changes/bug7191
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix a denial of service attack by which any directory authority
- could crash all the others, or by which a single v2 directory
- authority could crash everybody downloading v2 directory
- information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug7192 b/changes/bug7192
deleted file mode 100644
index 10cbc2469a..0000000000
--- a/changes/bug7192
+++ /dev/null
@@ -1,10 +0,0 @@
- o Major bugfixes:
- - When parsing exit policy summaries from microdescriptors, we had
- previously been ignoring the last character in each one, so that
- "accept 80,443,8080" would be treated by clients as indicating a
- node that allows access to ports 80, 443, and 808. That would lead
- to clients attempting connections that could never work, and
- ignoring exit nodes that would support their connections. Now clients
- parse these exit policy summaries correctly. Fixes bug 7192;
- bugfix on 0.2.3.1-alpha.
-
diff --git a/changes/bug7280 b/changes/bug7280
new file mode 100644
index 0000000000..ef5d36a802
--- /dev/null
+++ b/changes/bug7280
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix some bugs in tor-fw-helper-natpmp when trying to build and
+ run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
+ Fixes bug 7280; bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug7350 b/changes/bug7350
new file mode 100644
index 0000000000..b0ee9d0919
--- /dev/null
+++ b/changes/bug7350
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - Avoid an assertion when we discover that we'd like to write a cell
+ onto a closing connection: just discard the cell. Fixes another
+ case of bug 7350; bugfix on 0.2.4.4-alpha.
diff --git a/changes/bug7352 b/changes/bug7352
deleted file mode 100644
index 74a878dbe0..0000000000
--- a/changes/bug7352
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes:
- - Tor tries to wipe potentially sensitive data after using it, so
- that if some subsequent security failure exposes Tor's memory,
- the damage will be limited. But we had a bug where the compiler
- was eliminating these wipe operations when it decided that the
- memory was no longer visible to a (correctly running) program,
- hence defeating our attempt at defense in depth. We fix that
- by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
- is unlikely to optimize away. Future versions of Tor may use
- a less ridiculously heavy approach for this. Fixes bug 7352.
- Reported in an article by Andrey Karpov.
-
diff --git a/changes/bug7464 b/changes/bug7464
deleted file mode 100644
index 9259cc74a3..0000000000
--- a/changes/bug7464
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Fix a harmless bug when opting against publishing a relay descriptor
- because DisableNetwork is set. Fixes bug 7464; bugfix on
- 0.2.3.9-alpha.
diff --git a/changes/bug7582 b/changes/bug7582
new file mode 100644
index 0000000000..f3b0635765
--- /dev/null
+++ b/changes/bug7582
@@ -0,0 +1,9 @@
+ o Major bugfixes:
+
+ - When an exit node tells us that it is rejecting because of its
+ exit policy a stream we expected it to accept (because of its exit
+ policy), do not mark the node as useless for exiting if our
+ expectation was only based on an exit policy summary. Instead,
+ mark the circuit as unsuitable for that particular address. Fixes
+ part of bug 7582; bugfix on 0.2.3.2-alpha.
+
diff --git a/changes/bug7707_diagnostic b/changes/bug7707_diagnostic
new file mode 100644
index 0000000000..0c3138e785
--- /dev/null
+++ b/changes/bug7707_diagnostic
@@ -0,0 +1,5 @@
+ o Minor features:
+ - Add another diagnostic to the heartbeat message: track and log
+ overhead that TLS is adding to the data we write. If this is
+ high, we are sending too little data to SSL_write at a time.
+ Diagnostic for bug 7707.
diff --git a/changes/bug7768 b/changes/bug7768
new file mode 100644
index 0000000000..e3f9600afb
--- /dev/null
+++ b/changes/bug7768
@@ -0,0 +1,3 @@
+ o Documentation fixes:
+ - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
+ names match. Fixes bug 7768.
diff --git a/changes/bug7799 b/changes/bug7799
new file mode 100644
index 0000000000..ed4570129c
--- /dev/null
+++ b/changes/bug7799
@@ -0,0 +1,7 @@
+ o Minor changes (log clarification)
+ - Add more detail to a log message about relaxed timeouts. Hopefully
+ this additional detail will allow us to diagnose the cause of bug 7799.
+ o Minor bugfixes
+ - Don't attempt to relax the timeout of already opened 1-hop circuits.
+ They might never timeout. This should eliminate some/all cases of
+ the relaxed timeout log message.
diff --git a/changes/bug7801 b/changes/bug7801
new file mode 100644
index 0000000000..1d6d021f3f
--- /dev/null
+++ b/changes/bug7801
@@ -0,0 +1,13 @@
+ o Minor bugfixes:
+ - When choosing which stream on a formerly stalled circuit to wake
+ first, make better use of the platform's weak RNG. Previously, we
+ had been using the % ("modulo") operator to try to generate a 1/N
+ chance of picking each stream, but this behaves badly with many
+ platforms' choice of weak RNG. Fix for bug 7801; bugfix on
+ 0.2.2.20-alpha.
+ - Use our own weak RNG when we need a weak RNG. Windows's rand()
+ and Irix's random() only return 15 bits; Solaris's random()
+ returns more bits but its RAND_MAX says it only returns 15, and
+ so on. Fixes another aspect of bug 7801; bugfix on
+ 0.2.2.20-alpha.
+
diff --git a/changes/bug7816.024 b/changes/bug7816.024
new file mode 100644
index 0000000000..b5d55f5d6d
--- /dev/null
+++ b/changes/bug7816.024
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+ - Avoid leaking IPv6 policy content if we fail to format it into
+ a router descriptor. Spotted by Coverity. Fixes part of 7816;
+ bugfix on 0.2.4.7-alpha.
+
+ - Avoid leaking memory if we fail to compute a consensus signature
+ or we generated a consensus we couldn't parse. Spotted by Coverity.
+ Fixes part of 7816; bugfix on 0.2.0.5-alpha.
diff --git a/changes/bug7816_023 b/changes/bug7816_023
new file mode 100644
index 0000000000..a4530292cc
--- /dev/null
+++ b/changes/bug7816_023
@@ -0,0 +1,7 @@
+ o Minor bugfixes (memory leak, controller):
+ - Fix a memory leak during safe-cookie controller authentication.
+ Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.3.13-alpha.
+
+ o Minor bugfixes (memory leak, HTTPS proxy support):
+ - Fix a memory leak when receiving headers from an HTTPS proxy.
+ Spotted by Coverity. Fixes part of bug 7816; bugfix on 0.2.1.1-alpha.
diff --git a/changes/bug7816_023_small b/changes/bug7816_023_small
new file mode 100644
index 0000000000..cd90f035f1
--- /dev/null
+++ b/changes/bug7816_023_small
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Fix various places where we leak file descriptors or memory on
+ error cases. Spotted by coverity. Fixes parts of bug 7816.
diff --git a/changes/bug7889 b/changes/bug7889
deleted file mode 100644
index ce99a59ce5..0000000000
--- a/changes/bug7889
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes:
- - Reject bogus create and relay cells with 0 circuit ID or 0 stream
- ID: these could be used to create unexpected streams and circuits
- which would count as "present" to some parts of Tor but "absent"
- to others, leading to zombie circuits and streams or to a
- bandwidth DOS. Fixes bug 7889; bugfix on every released version of
- Tor. Reported by "oftc_must_be_destroyed".
-
diff --git a/changes/bug7902 b/changes/bug7902
new file mode 100644
index 0000000000..051759dc0a
--- /dev/null
+++ b/changes/bug7902
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+ - When we receive a RELAY_END cell with the reason DONE, or with no
+ reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
+ status as "connection refused." Previously we reporting these
+ cases as success but then immediately closing the connection.
+ Fixes bug 7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_
+ be_destroyed."
diff --git a/changes/bug7947 b/changes/bug7947
new file mode 100644
index 0000000000..6200ba2d8a
--- /dev/null
+++ b/changes/bug7947
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix the handling of a TRUNCATE cell when it arrives while the circuit
+ extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
+
diff --git a/changes/bug7950 b/changes/bug7950
new file mode 100644
index 0000000000..e62cca07a1
--- /dev/null
+++ b/changes/bug7950
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - When rejecting a configuration because we were unable to parse a
+ quoted string, log an actual error message. Fix for bug 7950;
+ bugfix on 0.2.0.16-alpha.
diff --git a/changes/bug8002 b/changes/bug8002
new file mode 100644
index 0000000000..d6e2ff2492
--- /dev/null
+++ b/changes/bug8002
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - When autodetecting the number of CPUs, use the number of available
+ CPUs in preferernce to the number of configured CPUs. Inform the
+ user if this reduces the number of avialable CPUs. Fix for bug 8002.
+ Bugfix on 0.2.3.1-alpha.
diff --git a/changes/bug8014 b/changes/bug8014
new file mode 100644
index 0000000000..c09a86098c
--- /dev/null
+++ b/changes/bug8014
@@ -0,0 +1,5 @@
+ o Minor usability improvements (build):
+ - Clarify that when autconf is checking for nacl, it is checking
+ specifically for nacl with a fast curve25519 implementation.
+ Fixes bug 8014.
+
diff --git a/changes/bug8031 b/changes/bug8031
new file mode 100644
index 0000000000..17329ec5b5
--- /dev/null
+++ b/changes/bug8031
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+ - Use direct writes rather than stdio when building microdescriptor
+ caches, in an attempt to mitigate bug 8031, or at least make it
+ less common.
+ - Warn more aggressively when flushing microdescriptors to a
+ microdescriptor cache fails, in an attempt to mitegate bug 8031,
+ or at least make it more diagnosable.
diff --git a/changes/bug8059 b/changes/bug8059
new file mode 100644
index 0000000000..47273ed0ac
--- /dev/null
+++ b/changes/bug8059
@@ -0,0 +1,6 @@
+ o Minor bugfixes (protocol conformance):
+ - Fix a misframing issue when reading the version numbers in a
+ VERSIONS cell. Previously we would recognize [00 01 00 02] as
+ 'version 1, version 2, and version 0x100', when it should have
+ only included versions 1 and 2. Fixes bug 8059; bugfix on
+ 0.2.0.10-alpha. Reported pseudonymously.
diff --git a/changes/bug8062 b/changes/bug8062
new file mode 100644
index 0000000000..805e51ed41
--- /dev/null
+++ b/changes/bug8062
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Increase the width of the field used to remember a connection's
+ link protocol version to two bytes. Harmless for now, since the
+ only currently recognized versions are one byte long. Reported
+ pseudynmously. Fixes bug 8062, bugfix on 0.2.0.10-alpha.
diff --git a/changes/bug8065 b/changes/bug8065
new file mode 100644
index 0000000000..06dbae8cd7
--- /dev/null
+++ b/changes/bug8065
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Downgrade an assertion in connection_ap_expire_beginning to
+ an LD_BUG message. The fix for bug 8024 should prevent this
+ message from displaying, but just in case a warn that we can
+ diagnose is better than more assert crashes. Fix for bug 8065;
+ bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8121 b/changes/bug8121
new file mode 100644
index 0000000000..60cba72848
--- /dev/null
+++ b/changes/bug8121
@@ -0,0 +1,7 @@
+ o Minor features:
+ - Clear the high bit on curve25519 public keys before passing them to
+ our backend, in case we ever wind up using a backend that doesn't do
+ so itself. If we used such a backend, and *didn't* clear the high bit,
+ we could wind up in a situation where users with such backends would
+ be distinguishable from users without. Fix for bug 8121; bugfix on
+ 0.2.4.8-alpha.
diff --git a/changes/bug8151 b/changes/bug8151
new file mode 100644
index 0000000000..e20fa3c31a
--- /dev/null
+++ b/changes/bug8151
@@ -0,0 +1,5 @@
+ o Minor features (directory authority):
+ - Include inside each vote a statement of the performance
+ thresholds that made the authority vote for its flags. Implements
+ ticket 8151.
+ \ No newline at end of file
diff --git a/changes/bug8158 b/changes/bug8158
new file mode 100644
index 0000000000..65b21c2a26
--- /dev/null
+++ b/changes/bug8158
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Use less space when formatting identical microdescriptor lines in
+ directory votes. Fixes bug 8158; bugfix on 0.2.4.1-alpha.
diff --git a/changes/bug8161 b/changes/bug8161
new file mode 100644
index 0000000000..ab7b9c0cad
--- /dev/null
+++ b/changes/bug8161
@@ -0,0 +1,6 @@
+ o Minor changes:
+ - Lower path use bias thresholds to .80 for notice and .60 for warn.
+ Fixes bug #8161; bugfix on 0.2.4.10-alpa.
+ - Make the rate limiting flags for the path use bias log messages
+ independent from the original path bias flags. Fixes bug #8161;
+ bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug8180 b/changes/bug8180
new file mode 100644
index 0000000000..39e6ce7f9a
--- /dev/null
+++ b/changes/bug8180
@@ -0,0 +1,7 @@
+ o Minor bugfixes (security usability):
+ - Elevate the severity of the warning message when setting
+ EntryNodes but disabling UseGuardNodes to an error. The outcome
+ of letting Tor procede with those options enabled (which causes
+ EntryNodes to get ignored) is sufficiently different from what
+ was expected that it's best to just refuse to proceed. Fixes bug
+ 8180; bugfix on 0.2.3.11-alpha.
diff --git a/changes/bug8200 b/changes/bug8200
new file mode 100644
index 0000000000..65fc9dd03a
--- /dev/null
+++ b/changes/bug8200
@@ -0,0 +1,5 @@
+ o Minor bugfix:
+ - Stop sending a stray "(null)" in some cases for the server status
+ "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
+ on 0.1.2.6-alpha.
+
diff --git a/changes/bug8203 b/changes/bug8203
new file mode 100644
index 0000000000..d26dc0fccf
--- /dev/null
+++ b/changes/bug8203
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Make the format and order of STREAM events for DNS lookups consistent
+ among the various ways to launch DNS lookups. Fix for bug 8203;
+ bugfix on 0.2.0.24-rc. Patch by "Desoxy."
diff --git a/changes/bug8207 b/changes/bug8207
new file mode 100644
index 0000000000..0028d3380f
--- /dev/null
+++ b/changes/bug8207
@@ -0,0 +1,7 @@
+ o Major bugfixes (hidden services):
+ - Allow hidden service authentication to succeed again. When we
+ refactored the hidden service introduction code back in 0.2.4.1-alpha,
+ we didn't update the code that checks whether authentication
+ information is present, causing all authentication checks to
+ return "false". Fix for bug 8207; bugfix on 0.2.4.1-alpha. Found by
+ Coverity; this is CID 718615.
diff --git a/changes/bug8209 b/changes/bug8209
new file mode 100644
index 0000000000..c58923540b
--- /dev/null
+++ b/changes/bug8209
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - When detecting the largest possible file descriptor (in order to close
+ all file descriptors when launching a new program), actually use
+ _SC_OPEN_MAX. The old code for doing this was very, very broken.
+ Fix for bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
+ is CID 743383.
diff --git a/changes/bug8210 b/changes/bug8210
new file mode 100644
index 0000000000..85d41b844a
--- /dev/null
+++ b/changes/bug8210
@@ -0,0 +1,6 @@
+ o Minor bugfixes:
+ - Fix an impossible-to-trigger integer overflow when
+ estimating how long out onionskin queue would take. (This overflow
+ would require us to accept 4 million onionskins before processing
+ 100 of them.) Fixes bug 8210; bugfix on 0.2.4.10-alpha.
+
diff --git a/changes/bug8218 b/changes/bug8218
new file mode 100644
index 0000000000..ce8d53ba62
--- /dev/null
+++ b/changes/bug8218
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - Stop marking every relay as having been down for one hour every
+ time we restart a directory authority. These artificial downtimes
+ were messing with our Stable and Guard flag calculations. Fixes
+ bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
+
diff --git a/changes/bug8231 b/changes/bug8231
new file mode 100644
index 0000000000..fd87a1daec
--- /dev/null
+++ b/changes/bug8231
@@ -0,0 +1,5 @@
+ o Major bugfixes:
+ - When unable to find any working directory nodes to use as a
+ directory guard, give up rather than adding the same non-working
+ nodes to the list over and over. Fixes bug 8231; bugfix on
+ 0.2.4.8-alpha.
diff --git a/changes/bug8235-diagnosing b/changes/bug8235-diagnosing
new file mode 100644
index 0000000000..b760035cfc
--- /dev/null
+++ b/changes/bug8235-diagnosing
@@ -0,0 +1,5 @@
+ o Minor features (diagnostic)
+ - If the state file's path bias counts are invalid (presumably from a
+ buggy tor prior to 0.2.4.10-alpha), make them correct.
+ - Add additional checks and log messages to the scaling of Path Bias
+ counts, in case there still are remaining issues with scaling.
diff --git a/changes/bug8273 b/changes/bug8273
new file mode 100644
index 0000000000..257f57e7ab
--- /dev/null
+++ b/changes/bug8273
@@ -0,0 +1,3 @@
+ o Critical bugfixes:
+ - When dirserv.c computes flags and thresholds, use measured bandwidths
+ in preference to advertised ones.
diff --git a/changes/bug8290 b/changes/bug8290
new file mode 100644
index 0000000000..d1fce7d8b5
--- /dev/null
+++ b/changes/bug8290
@@ -0,0 +1,9 @@
+ o Removed files:
+ - The tor-tsocks.conf is no longer distributed or installed. We
+ recommend that tsocks users use torsocks instead. Resolves
+ ticket 8290.
+
+ o Documentation fixes:
+ - The torify manpage no longer refers to tsocks; torify hasn't
+ supported tsocks since 0.2.3.14-alpha.
+ - The manpages no longer reference tsocks.
diff --git a/changes/bug8408 b/changes/bug8408
new file mode 100644
index 0000000000..ae9cf172e1
--- /dev/null
+++ b/changes/bug8408
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Allow TestingTorNetworks to override the 4096-byte minimum for the Fast
+ threshold. Otherwise they can't bootstrap until they've observed more
+ traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug8427 b/changes/bug8427
new file mode 100644
index 0000000000..22b003fc38
--- /dev/null
+++ b/changes/bug8427
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - If we encounter a write failure on a SOCKS connection before we
+ finish our SOCKS handshake, don't warn that we closed the
+ connection before we could send a SOCKS reply. Fixes bug 8427;
+ bugfix on 0.1.0.1-rc.
diff --git a/changes/bug8435 b/changes/bug8435
new file mode 100644
index 0000000000..da7ca7c1f8
--- /dev/null
+++ b/changes/bug8435
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - When dirserv.c computes flags and thresholds, ignore advertised
+ bandwidths if we have more than a threshold number of routers with
+ measured bandwidths.
diff --git a/changes/bug8464 b/changes/bug8464
new file mode 100644
index 0000000000..74ff2e39ff
--- /dev/null
+++ b/changes/bug8464
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Correct our check for which versions of Tor support the EXTEND2
+ cell. We had been willing to send it to Tor 0.2.4.7-alpha and
+ later, when support was really added in version 0.2.4.8-alpha.
+ Fixes bug 8464; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8475 b/changes/bug8475
new file mode 100644
index 0000000000..eb8debedba
--- /dev/null
+++ b/changes/bug8475
@@ -0,0 +1,4 @@
+ o Major bugfixes:
+ - If configured via ClientDNSRejectInternalAddresses not to report
+ DNS queries which have resolved to internal addresses, apply that
+ rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
diff --git a/changes/bug8477-easypart b/changes/bug8477-easypart
new file mode 100644
index 0000000000..0f8f1031c5
--- /dev/null
+++ b/changes/bug8477-easypart
@@ -0,0 +1,3 @@
+ o Minor bugfixes:
+ - Log the purpose of a path-bias testing circuit correctly.
+ Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha.
diff --git a/changes/bug8596 b/changes/bug8596
new file mode 100644
index 0000000000..dd36bad855
--- /dev/null
+++ b/changes/bug8596
@@ -0,0 +1,3 @@
+ o Minor features:
+ - Add CACHED keyword to ADDRMAP events in the control protocol to indicate
+ whether a DNS result will be cached or not.
diff --git a/changes/bug8598 b/changes/bug8598
new file mode 100644
index 0000000000..e31c8f3c74
--- /dev/null
+++ b/changes/bug8598
@@ -0,0 +1,6 @@
+ o Bugfixes:
+ - Fix compilation warning with some versions of clang that would prefer
+ the -Wswitch-enum compiler flag to warn about switch statements with
+ missing enum values, even if those switch statements have a default:
+ statement. Fixes bug 8598; bugfix on 0.2.4.10-alpha.
+
diff --git a/changes/bug8599 b/changes/bug8599
new file mode 100644
index 0000000000..204ef58c3f
--- /dev/null
+++ b/changes/bug8599
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix some logic errors when the user manually overrides the
+ PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix
+ on 0.2.4.10-alpha.
diff --git a/changes/bug8638 b/changes/bug8638
new file mode 100644
index 0000000000..3a790e567d
--- /dev/null
+++ b/changes/bug8638
@@ -0,0 +1,3 @@
+ o Minor features
+ In our testsuite, create temporary directories with a bit more entropy
+ in their name to make name collissions less likely. Fixes bug 8638.
diff --git a/changes/cov709056 b/changes/cov709056
deleted file mode 100644
index 64a75ad8a2..0000000000
--- a/changes/cov709056
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Check return value of fputs() when writing authority certificate
- file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha.
-
diff --git a/changes/cov980650 b/changes/cov980650
new file mode 100644
index 0000000000..cbbada2e66
--- /dev/null
+++ b/changes/cov980650
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a copy-and-paste error when adding a missing A1 to a routerset
+ because of GeoIPExcludeUnknown. Fix for coverity CID 980650.
+ Bugfix on 0.2.4.10-alpha.
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
deleted file mode 100644
index 625bfa2f58..0000000000
--- a/changes/cve-2012-2249
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security):
- - Discard extraneous renegotiation attempts once the V3 link
- protocol has been initiated. Failure to do so left us open to
- a remotely triggerable assertion failure. Fixes CVE-2012-2249;
- bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
deleted file mode 100644
index 35b492a2d7..0000000000
--- a/changes/dirserv-BUGGY-a
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
-
- - Don't serve or accept v2 hidden service descriptors over a
- relay's DirPort. It's never correct to do so, and disabling it
- might make it more annoying to exploit any bugs that turn up in the
- descriptor-parsing code. Fixes bug 7149.
-
diff --git a/changes/disable_pathbias_messages b/changes/disable_pathbias_messages
deleted file mode 100644
index 3bc996347b..0000000000
--- a/changes/disable_pathbias_messages
+++ /dev/null
@@ -1,3 +0,0 @@
- o Disabeled features
- - Downgrade path-bias warning messages to INFO. We'll try to get them
- working better in 0.2.4. Fixes bug 6475; bugfix on 0.2.3.17-beta.
diff --git a/changes/easy.ratelim b/changes/easy.ratelim
new file mode 100644
index 0000000000..cadd1e4f5e
--- /dev/null
+++ b/changes/easy.ratelim
@@ -0,0 +1,3 @@
+ o Code simplification and refactoring:
+ - Add a wrapper function for the common "log a message with a rate-limit"
+ case.
diff --git a/changes/feature4994 b/changes/feature4994
new file mode 100644
index 0000000000..4fa0e037b7
--- /dev/null
+++ b/changes/feature4994
@@ -0,0 +1,7 @@
+ o Minor features:
+ - Teach bridge-using clients to avoid 0.2.2 bridges when making
+ microdescriptor-related dir requests, and only fall back to normal
+ descriptors if none of their bridges can handle microdescriptors
+ (as opposed to the fix in ticket 4013, which caused them to fall
+ back to normal descriptors if *any* of their bridges preferred
+ them). Resolves ticket 4994.
diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012
deleted file mode 100644
index 26431c2e8a..0000000000
--- a/changes/geoip-dec2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the December 5 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-jan2013 b/changes/geoip-jan2013
deleted file mode 100644
index 45e5a150cc..0000000000
--- a/changes/geoip-jan2013
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 2 2013 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012
deleted file mode 100644
index 22e7bace58..0000000000
--- a/changes/geoip-nov2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the November 7 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/integers_donna b/changes/integers_donna
new file mode 100644
index 0000000000..e9c69e8e1c
--- /dev/null
+++ b/changes/integers_donna
@@ -0,0 +1,3 @@
+ o Minor bugfixes (portability)
+ - Tweak the curve25519-donna*.c implementations to tolerate systems
+ that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert
deleted file mode 100644
index 398a545573..0000000000
--- a/changes/link_negotiation_assert
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixs (security):
- - Fix a group of remotely triggerable assertion failures related to
- incorrect link protocol negotiation. Found, diagnosed, and fixed
- by "some guy from France." Fix for CVE-2012-2250; bugfix on
- 0.2.3.6-alpha.
-
diff --git a/changes/log-noise b/changes/log-noise
new file mode 100644
index 0000000000..bbbf0d2c0c
--- /dev/null
+++ b/changes/log-noise
@@ -0,0 +1,11 @@
+ o Minor bugfixes (log message reduction)
+ - Fix a path state issue that triggered a notice during relay startup.
+ Fixes bug #8320; bugfix on 0.2.4.10-alpha.
+ - Reduce occurrences of warns about circuit purpose in
+ connection_ap_expire_building(). Fixes bug #8477; bugfix on
+ 0.2.4.11-alpha.
+ - Fix a directory authority warn caused when we have a large amount
+ of badexit bandwidth. Fixes bug #8419; bugfix on 0.2.2.10-alpha.
+ - Reduce a path bias length check notice log to info. The notice
+ is triggered when creating controller circuits. Fixes bug #8196;
+ bugfix on 0.2.4.8-alpha.
diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a
deleted file mode 100644
index 2e642c7953..0000000000
--- a/changes/pathsel-BUGGY-a
+++ /dev/null
@@ -1,14 +0,0 @@
- o Security fixes:
-
- - Try to leak less information about what relays a client is
- choosing to a side-channel attacker. Previously, a Tor client
- would stop iterating through the list of available relays as
- soon as it had chosen one, thus finishing a little earlier
- when it picked a router earlier in the list. If an attacker
- can recover this timing information (nontrivial but not
- proven to be impossible), they could learn some coarse-
- grained information about which relays a client was picking
- (middle nodes in particular are likelier to be affected than
- exits). The timing attack might be mitigated by other factors
- (see bug #6537 for some discussion), but it's best not to
- take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
diff --git a/changes/port_doc b/changes/port_doc
deleted file mode 100644
index 0e8662f0ab..0000000000
--- a/changes/port_doc
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (usability):
- - Try to make the warning when giving an obsolete SOCKSListenAddress
- a littel more useful.
diff --git a/changes/revert-geoip-may2012 b/changes/revert-geoip-may2012
deleted file mode 100644
index e420947a34..0000000000
--- a/changes/revert-geoip-may2012
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - Revert to the May 1 2012 Maxmind GeoLite Country database. In the
- June 2012 database, Maxmind marked many Tor relays as country "A1",
- which will cause risky behavior for clients that set EntryNodes
- or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta.
-
diff --git a/changes/signof_enum b/changes/signof_enum
new file mode 100644
index 0000000000..ba4fb597d7
--- /dev/null
+++ b/changes/signof_enum
@@ -0,0 +1,7 @@
+ o Code simplifications and refactoring:
+ - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
+ the signs of types during autoconf. This is better than our old
+ approach, which didn't work when cross-compiling.
+ - Detect the sign of enum values, rather than assuming that MSC is the
+ only compiler where enum types are all signed. Fix for bug 7727;
+ bugfix on 0.2.4.10-alpha.
diff --git a/changes/smartlist_foreach b/changes/smartlist_foreach
deleted file mode 100644
index 2fd3a1a85c..0000000000
--- a/changes/smartlist_foreach
+++ /dev/null
@@ -1,8 +0,0 @@
- o Code simplification and refactoring:
- - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
- 10 lines. Doing so in the past has led to hard-to-debug code.
- The new style is to use the SMARTLIST_FOREACH_{BEGIN,END} pair.
- Issue 6400.
- - Do not nest SMARTLIST_FOREACH blocks within one another. Any
- nested block ought to be using SMARTLIST_FOREACH_{BEGIN,END}.
- Issue 6400.
diff --git a/changes/ticket2267 b/changes/ticket2267
new file mode 100644
index 0000000000..b589b5721f
--- /dev/null
+++ b/changes/ticket2267
@@ -0,0 +1,8 @@
+ o Minor features:
+ - Refactor resolve_my_address() so it returns the method by which we
+ decided our public IP address (explicitly configured, resolved from
+ explicit hostname, guessed from interfaces, learned by gethostname).
+ Now we can provide more helpful log messages when a relay guesses
+ its IP address incorrectly (e.g. due to unexpected lines in
+ /etc/hosts). Resolves ticket 2267.
+
diff --git a/changes/ticket5749 b/changes/ticket5749
deleted file mode 100644
index 0237241981..0000000000
--- a/changes/ticket5749
+++ /dev/null
@@ -1,3 +0,0 @@
- o New directory authorities:
- - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
- authority. Closes ticket 5749.
diff --git a/changes/ticket8240 b/changes/ticket8240
new file mode 100644
index 0000000000..91e6f8c14a
--- /dev/null
+++ b/changes/ticket8240
@@ -0,0 +1,4 @@
+ o Major security fixes:
+ - Make the default guard lifetime controllable via a new
+ GuardLifetime torrc option and a GuardLifetime consensus
+ parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
diff --git a/changes/ticket8443 b/changes/ticket8443
new file mode 100644
index 0000000000..ca6fb2f471
--- /dev/null
+++ b/changes/ticket8443
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Randomize the lifetime of our SSL link certificate, so censors can't
+ use the static value for filtering Tor flows. Resolves ticket 8443;
+ related to ticket 4014 which was included in 0.2.2.33.
diff --git a/changes/warn-unsigned-time_t b/changes/warn-unsigned-time_t
new file mode 100644
index 0000000000..5f0c36d099
--- /dev/null
+++ b/changes/warn-unsigned-time_t
@@ -0,0 +1,5 @@
+ o Build improvements:
+ - Warn if building on a platform with an unsigned time_t: there
+ are too many places where Tor currently assumes that time_t can
+ hold negative values. We'd like to fix them all, but probably
+ some will remain.