summaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
Diffstat (limited to 'changes')
-rw-r--r--changes/111506
-rw-r--r--changes/170043
-rw-r--r--changes/170753
-rw-r--r--changes/170783
-rw-r--r--changes/170823
-rw-r--r--changes/170843
-rw-r--r--changes/bug156092
-rw-r--r--changes/bug160564
-rw-r--r--changes/bug163823
-rw-r--r--changes/bug165636
-rw-r--r--changes/bug166515
-rw-r--r--changes/bug170265
-rw-r--r--changes/bug17027-reject-private-bind-port7
-rw-r--r--changes/bug171517
-rw-r--r--changes/bug171543
-rw-r--r--changes/bug17173-socket-hack-rv3
-rw-r--r--changes/bug171947
-rw-r--r--changes/bug17237_0273
-rw-r--r--changes/bug172513
-rw-r--r--changes/bug173544
-rw-r--r--changes/bug173983
-rw-r--r--changes/bug174013
-rw-r--r--changes/bug174023
-rw-r--r--changes/bug174033
-rw-r--r--changes/bug174046
-rw-r--r--changes/bug175444
-rw-r--r--changes/bug175493
-rw-r--r--changes/bug17572-fallback-by-digest5
-rw-r--r--changes/bug175897
-rw-r--r--changes/bug17632-no-ipv4-no-localhost7
-rw-r--r--changes/bug17638-ipv6-ersatz-socketpair5
-rw-r--r--changes/bug176833
-rw-r--r--changes/bug177223
-rw-r--r--changes/bug177244
-rw-r--r--changes/bug177534
-rw-r--r--changes/bug177635
-rw-r--r--changes/bug177727
-rw-r--r--changes/bug177766
-rw-r--r--changes/bug177783
-rw-r--r--changes/bug177813
-rw-r--r--changes/bug177914
-rw-r--r--changes/check-crypto-errors5
-rw-r--r--changes/cleanup_175873
-rw-r--r--changes/decouple_circuit_mark6
-rw-r--r--changes/decouple_conn_attach6
-rw-r--r--changes/doc173924
-rw-r--r--changes/feature136963
-rw-r--r--changes/feature148464
-rw-r--r--changes/feature176084
-rw-r--r--changes/feature176633
-rw-r--r--changes/feature8961-replaycache-sha2564
-rw-r--r--changes/first-hop-no-private8
-rw-r--r--changes/geoip-december20154
-rw-r--r--changes/geoip-october20153
-rw-r--r--changes/getinfo-private-exitpolicy6
-rw-r--r--changes/ifaddrs-tests-network-configs5
-rw-r--r--changes/laplace-edge-cases8
-rw-r--r--changes/rand-failure-modes5
-rw-r--r--changes/routerset-parse-IPv6-literals5
-rw-r--r--changes/sha-unit-tests5
-rw-r--r--changes/test168313
-rw-r--r--changes/warn-when-time-goes-backwards5
62 files changed, 222 insertions, 51 deletions
diff --git a/changes/11150 b/changes/11150
new file mode 100644
index 0000000000..b4d40ed07c
--- /dev/null
+++ b/changes/11150
@@ -0,0 +1,6 @@
+ o Removed features:
+ - Remove client-side support for connecting to Tor servers running
+ versions of Tor before 0.2.3.6-alpha. These servers didn't
+ support the v3 TLS handshake protocol, and are no longer allowed
+ on the Tor network. Implements the client side of ticket
+ 11150. Based on patches by Tom van der Woerdt.
diff --git a/changes/17004 b/changes/17004
new file mode 100644
index 0000000000..1dc9a237d4
--- /dev/null
+++ b/changes/17004
@@ -0,0 +1,3 @@
+ o Testing:
+ - Unit tests for directory_handle_command_get. Closes ticket 17004.
+ Patch from Reinaldo de Souza Jr.
diff --git a/changes/17075 b/changes/17075
new file mode 100644
index 0000000000..a91ac673e6
--- /dev/null
+++ b/changes/17075
@@ -0,0 +1,3 @@
+ o Testing:
+ - More unit tests for compat_libevent.c. Closes ticket 17075.
+ Patch from Ola Bini.
diff --git a/changes/17078 b/changes/17078
new file mode 100644
index 0000000000..af02877898
--- /dev/null
+++ b/changes/17078
@@ -0,0 +1,3 @@
+ o Testing:
+ - More unit tests for procmon.c. Closes ticket 17078.
+ Patch from Ola Bini.
diff --git a/changes/17082 b/changes/17082
new file mode 100644
index 0000000000..30ed01473e
--- /dev/null
+++ b/changes/17082
@@ -0,0 +1,3 @@
+ o Testing:
+ - More unit tests for tortls.c. Closes ticket 17082.
+ Patch from Ola Bini.
diff --git a/changes/17084 b/changes/17084
new file mode 100644
index 0000000000..361e26f264
--- /dev/null
+++ b/changes/17084
@@ -0,0 +1,3 @@
+ o Testing:
+ - More unit tests for util_format.c. Closes ticket 17084.
+ Patch from Ola Bini.
diff --git a/changes/bug15609 b/changes/bug15609
deleted file mode 100644
index efaccdeaae..0000000000
--- a/changes/bug15609
+++ /dev/null
@@ -1,2 +0,0 @@
- o Documentation:
- - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
diff --git a/changes/bug16056 b/changes/bug16056
new file mode 100644
index 0000000000..e3311c0f93
--- /dev/null
+++ b/changes/bug16056
@@ -0,0 +1,4 @@
+ o Minor bugfixes (relay, IPv6):
+ - When displaying an IPv6 exit policy, include the mask bits correctly
+ even when the number is greater than 31. Fixes bug 16056; bugfix on
+ 0.2.4.7-alpha. Patch from "gturner". \ No newline at end of file
diff --git a/changes/bug16382 b/changes/bug16382
new file mode 100644
index 0000000000..8faee98ad8
--- /dev/null
+++ b/changes/bug16382
@@ -0,0 +1,3 @@
+ o Documentation:
+ - Explain actual minima for BandwidthRate. Closes ticket 16382.
+
diff --git a/changes/bug16563 b/changes/bug16563
new file mode 100644
index 0000000000..19e59b3821
--- /dev/null
+++ b/changes/bug16563
@@ -0,0 +1,6 @@
+ o Minor bugfixes (logging):
+ - In log messages that include a function name, use __FUNCTION__ instead
+ of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang
+ __PRETTY_FUNCTION__ has extra information we don't need.
+ Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt.
+ \ No newline at end of file
diff --git a/changes/bug16651 b/changes/bug16651
new file mode 100644
index 0000000000..096daeaf70
--- /dev/null
+++ b/changes/bug16651
@@ -0,0 +1,5 @@
+ o Minor bugfixes (compilation):
+
+ - Fix search for libevent libraries on OpenBSD (and similar systems
+ which install libevent 1 and libevent 2 in parallel). Resolves
+ ticket 16651. Patch from "rubiate".
diff --git a/changes/bug17026 b/changes/bug17026
new file mode 100644
index 0000000000..8b1ce3c61b
--- /dev/null
+++ b/changes/bug17026
@@ -0,0 +1,5 @@
+ o Minor features:
+ - Set unused entires in a smartlist to NULL. This helped catch a
+ (harmless) bug, and shouldn't affect performance too much.
+ Implements ticket 17026.
+
diff --git a/changes/bug17027-reject-private-bind-port b/changes/bug17027-reject-private-bind-port
new file mode 100644
index 0000000000..abc1431c9a
--- /dev/null
+++ b/changes/bug17027-reject-private-bind-port
@@ -0,0 +1,7 @@
+ o Minor bug fixes (security, exit policies):
+ - ExitPolicyRejectPrivate rejects more private addresses by default:
+ * the relay's outbound bind addresses (if configured), and
+ * the relay's configured port addresses (such as ORPort and DirPort).
+ Resolves ticket 17027. Patch by "teor".
+ Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha,
+ and on 0.2.7.3-rc.
diff --git a/changes/bug17151 b/changes/bug17151
deleted file mode 100644
index 0993b90eac..0000000000
--- a/changes/bug17151
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (portability):
- - Use libexecinfo on FreeBSD, to enable backtrace support. Fixes part of
- bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak.
-
- o Minor bugfixes (testing):
- - Skip backtrace tests when backtrace support is not compiled in. Fixes
- part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from Marcin Cieślak.
diff --git a/changes/bug17154 b/changes/bug17154
deleted file mode 100644
index 6ad7b74468..0000000000
--- a/changes/bug17154
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (testing):
- - Fix breakage when running 'make check' with BSD make. Fixes bug
- 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
diff --git a/changes/bug17173-socket-hack-rv b/changes/bug17173-socket-hack-rv
deleted file mode 100644
index d5132114b4..0000000000
--- a/changes/bug17173-socket-hack-rv
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bug fixes (addresses, testing):
- - Add unit tests for get_interface_address* failure cases.
- Fixes bug 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
diff --git a/changes/bug17194 b/changes/bug17194
new file mode 100644
index 0000000000..26549b307f
--- /dev/null
+++ b/changes/bug17194
@@ -0,0 +1,7 @@
+ o Minor feature:
+ - When logging to syslog, allow a tag to be added to the syslog
+ identity ("Tor"), i.e. the string prepended to every log message.
+ The tag can be configured by setting SyslogIdentityTag and defaults
+ to none. Setting it to "foo" will cause logs to be tagged as
+ "Tor-foo".
+
diff --git a/changes/bug17237_027 b/changes/bug17237_027
deleted file mode 100644
index e5978d0ec8..0000000000
--- a/changes/bug17237_027
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (compilation):
- - Repair compilation with the most recent (unreleased, alpha)
- vesions of OpenSSL 1.1. Fixes part of ticket 17237.
diff --git a/changes/bug17251 b/changes/bug17251
deleted file mode 100644
index edd7739d2f..0000000000
--- a/changes/bug17251
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix an integer overflow warning in test_crypto_slow.c.
- Fixes bug 17251; bugfix on 0.2.7.2-alpha.
diff --git a/changes/bug17354 b/changes/bug17354
deleted file mode 100644
index 53da007fbb..0000000000
--- a/changes/bug17354
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (sandbox):
- - Add the "hidserv-stats" filename to our sandbox filter for the
- HiddenServiceStatistics option to work properly. Fixes bug 17354;
- bugfix on tor-0.2.6.2-alpha~54^2~1. Patch from David Goulet.
diff --git a/changes/bug17398 b/changes/bug17398
deleted file mode 100644
index 66e27a6966..0000000000
--- a/changes/bug17398
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (memory leaks):
- - Fix a memory leak in ed25519 batch signature checking.
- Fixes bug 17398; bugfix on 0.2.6.1-alpha.
diff --git a/changes/bug17401 b/changes/bug17401
deleted file mode 100644
index a22f79c431..0000000000
--- a/changes/bug17401
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (correctness):
- - Fix a use-after-free bug in validate_intro_point_failure().
- Fixes bug 17401; bugfix on 0.2.7.3-rc.
diff --git a/changes/bug17402 b/changes/bug17402
deleted file mode 100644
index 4760e00b04..0000000000
--- a/changes/bug17402
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (memory leak):
- - Fix a memory leak in rend_cache_failure_entry_free().
- Fixes bug 17402; bugfix on 0.2.7.3-rc.
diff --git a/changes/bug17403 b/changes/bug17403
deleted file mode 100644
index e83a4a247b..0000000000
--- a/changes/bug17403
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (memory leaks):
- - Fix a memory leak when reading an expired signing key from disk.
- Fixes bug 17403; bugfix on 0.2.7.2-rc.
diff --git a/changes/bug17404 b/changes/bug17404
deleted file mode 100644
index d524f6662d..0000000000
--- a/changes/bug17404
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (security, correctness):
- - Fix a programming error that could cause us to read 4 bytes before
- the beginning of an openssl string. This could be used to provoke
- a crash on systems with an unusual malloc implementation, or
- systems with unsual hardening installed. Fixes bug 17404; bugfix
- on 0.2.3.6-alpha.
diff --git a/changes/bug17544 b/changes/bug17544
new file mode 100644
index 0000000000..4316d0709c
--- /dev/null
+++ b/changes/bug17544
@@ -0,0 +1,4 @@
+ o Minor bugfix (SipHash-2-4 performance):
+ - Improve performance when hashing non-multiple of 8 sized buffers,
+ based on Andrew Moon's Public Domain SipHash-2-4 implementation.
+ Fixes bug 17544; bugfix on 0.2.5.3-alpha.
diff --git a/changes/bug17549 b/changes/bug17549
new file mode 100644
index 0000000000..3650608141
--- /dev/null
+++ b/changes/bug17549
@@ -0,0 +1,3 @@
+ o Minor bugfixes (compilation):
+ - Repair compilation with the most recent (unreleased, alpha)
+ vesions of OpenSSL 1.1. Fixes bug 17549.
diff --git a/changes/bug17572-fallback-by-digest b/changes/bug17572-fallback-by-digest
new file mode 100644
index 0000000000..3fba123360
--- /dev/null
+++ b/changes/bug17572-fallback-by-digest
@@ -0,0 +1,5 @@
+ o Minor bugfix (fallback directories):
+ - Mark fallbacks as "too busy" when they return a 503 response,
+ rather than just marking authorities.
+ Fixes bug 17572; bugfix on 5c51b3f1f0d4 released in 0.2.4.7-alpha.
+ Patch by "teor".
diff --git a/changes/bug17589 b/changes/bug17589
new file mode 100644
index 0000000000..91103276df
--- /dev/null
+++ b/changes/bug17589
@@ -0,0 +1,7 @@
+ o Code simplificiation and refactoring:
+ - When a direct directory request fails immediately on launch,
+ instead of relaunching that request from inside the code that
+ launches it, instead mark the connection for teardown. This
+ change simplifies Tor's callback and prevents the directory-
+ request launching code from invoking itself recursively.
+ Closes ticket 17589. \ No newline at end of file
diff --git a/changes/bug17632-no-ipv4-no-localhost b/changes/bug17632-no-ipv4-no-localhost
new file mode 100644
index 0000000000..04622079d3
--- /dev/null
+++ b/changes/bug17632-no-ipv4-no-localhost
@@ -0,0 +1,7 @@
+ o Minor bugfix (unit tests):
+ - Make unit tests pass on IPv6-only systems, and systems without
+ localhost addresses (like some FreeBSD jails).
+ Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
+ c464a367728d was a partial fix for this issue in #17255;
+ it was released in unit tests in 0.2.7.4-rc.
+ Patch by "teor".
diff --git a/changes/bug17638-ipv6-ersatz-socketpair b/changes/bug17638-ipv6-ersatz-socketpair
new file mode 100644
index 0000000000..6193065ff3
--- /dev/null
+++ b/changes/bug17638-ipv6-ersatz-socketpair
@@ -0,0 +1,5 @@
+ o Minor bugfix (IPv6 compatibility, unit tests):
+ - Make tor_ersatz_socketpair work on IPv6-only systems.
+ Fixes bug #17638; bugfix on a very early tor version,
+ earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943.
+ Patch by "teor".
diff --git a/changes/bug17683 b/changes/bug17683
new file mode 100644
index 0000000000..e9d47513ab
--- /dev/null
+++ b/changes/bug17683
@@ -0,0 +1,3 @@
+ o Minor bugfixes (TLS context):
+ - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
+ bugfix on 0.0.6.
diff --git a/changes/bug17722 b/changes/bug17722
new file mode 100644
index 0000000000..1b18d4af2b
--- /dev/null
+++ b/changes/bug17722
@@ -0,0 +1,3 @@
+ o Minor bugfixes (code correctness)
+ - Fix undefined behavior in the tor_cert_checksig function. Fixes bug
+ 17722; bugfix on tor-0.2.7.2-alpha.
diff --git a/changes/bug17724 b/changes/bug17724
new file mode 100644
index 0000000000..7ace99eece
--- /dev/null
+++ b/changes/bug17724
@@ -0,0 +1,4 @@
+ o Minor bug fixes (unit tests, hidden services):
+ - Avoid relying on malloc internals in test_rend_cache_purge.
+ Closes ticket 17724. Bug fix on ade5005853c1 and 5e9f2384cf0f,
+ not in any released version of Tor. Patch by "teor".
diff --git a/changes/bug17753 b/changes/bug17753
new file mode 100644
index 0000000000..7d227d856c
--- /dev/null
+++ b/changes/bug17753
@@ -0,0 +1,4 @@
+ o Minor bugfixes (code correctness)
+ - Assert that allocated memory held by the reputation code is freed
+ according to its internal counters. Fixes bug 17753; bugfix on
+ tor-0.1.1.1-alpha.
diff --git a/changes/bug17763 b/changes/bug17763
new file mode 100644
index 0000000000..d565d13a7d
--- /dev/null
+++ b/changes/bug17763
@@ -0,0 +1,5 @@
+ o Minor bug fixes (exit policies):
+ - Consistently ignore multicast addresses when automatically
+ generating reject private exit policies.
+ Closes ticket 17763. Bug fix on 10a6390deb3c9,
+ not in any released version of Tor. Patch by "teor".
diff --git a/changes/bug17772 b/changes/bug17772
new file mode 100644
index 0000000000..54d457c601
--- /dev/null
+++ b/changes/bug17772
@@ -0,0 +1,7 @@
+ o Major bugfixes (guard selection):
+ - Actually look at the Guard flag when selecting a new directory
+ guard. When we implemented the directory guard design, we
+ accidentally started treating all relays as if they have the Guard
+ flag during guard selection, leading to weaker anonymity and worse
+ performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
+ by Mohsen Imani.
diff --git a/changes/bug17776 b/changes/bug17776
new file mode 100644
index 0000000000..a949625baa
--- /dev/null
+++ b/changes/bug17776
@@ -0,0 +1,6 @@
+ o Minor bugfixes (tests):
+ - Fix buffer over-reads in the directory tests. Fixes bug 17776; not in any
+ released version of Tor.
+ - Fix buffer over-reads in the rendcache tests. Fixes bug 17776; not in any
+ released version of Tor.
+
diff --git a/changes/bug17778 b/changes/bug17778
new file mode 100644
index 0000000000..9844969a3b
--- /dev/null
+++ b/changes/bug17778
@@ -0,0 +1,3 @@
+ o Minor bugfixes (tests):
+ - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix on
+ 0.2.4.8-alpha.
diff --git a/changes/bug17781 b/changes/bug17781
new file mode 100644
index 0000000000..01ed231b0a
--- /dev/null
+++ b/changes/bug17781
@@ -0,0 +1,3 @@
+ o Compilation fixes:
+ - Fix a compilation warning with Clang 3.6: Do not check the
+ presence of an address which can never be NULL. Fixes bug 17781.
diff --git a/changes/bug17791 b/changes/bug17791
new file mode 100644
index 0000000000..f191012cd4
--- /dev/null
+++ b/changes/bug17791
@@ -0,0 +1,4 @@
+ o Documentation:
+ - Fix a minor formatting typo in the manpage. Closes ticket
+ 17791.
+
diff --git a/changes/check-crypto-errors b/changes/check-crypto-errors
new file mode 100644
index 0000000000..e41862ca13
--- /dev/null
+++ b/changes/check-crypto-errors
@@ -0,0 +1,5 @@
+ o Minor bugfix (crypto):
+ - Check the return value of HMAC and assert on failure.
+ Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
+ in tor version 0.2.3.5-alpha-dev.
+ Patch by "teor".
diff --git a/changes/cleanup_17587 b/changes/cleanup_17587
new file mode 100644
index 0000000000..05e00fd9e5
--- /dev/null
+++ b/changes/cleanup_17587
@@ -0,0 +1,3 @@
+ o Code simplifications and refactorings:
+ - Clean up a little duplicated code in crypto_expand_key_material_TAP.
+ Closes ticket 17587; patch from "pfrankw".
diff --git a/changes/decouple_circuit_mark b/changes/decouple_circuit_mark
new file mode 100644
index 0000000000..4b7ed778a2
--- /dev/null
+++ b/changes/decouple_circuit_mark
@@ -0,0 +1,6 @@
+ o Code simplification and refactoring:
+ - Extract the more complicated parts of circuit_mark_for_close into
+ a new function run periodically before connections are freed.
+ This change removes more than half of the functions currently
+ in the "blob".
+ Closes ticket #17218.
diff --git a/changes/decouple_conn_attach b/changes/decouple_conn_attach
new file mode 100644
index 0000000000..6167b4e932
--- /dev/null
+++ b/changes/decouple_conn_attach
@@ -0,0 +1,6 @@
+ o Code simplification and refactorings:
+ - Decouple the list of streams needing to be attached to circuits
+ from the overall connection list. This change makes it possible to
+ attach streams quickly while both simplifying Tor's callgraph and
+ avoiding O(N) scans of the entire connection list. Closes ticket
+ 17590.
diff --git a/changes/doc17392 b/changes/doc17392
new file mode 100644
index 0000000000..3c93497b00
--- /dev/null
+++ b/changes/doc17392
@@ -0,0 +1,4 @@
+ o Documentation:
+ - Mention torspec URL in the manpage and point the reader to it
+ whenever we mention a document that belongs in torspce.
+ Fixes issue 17392.
diff --git a/changes/feature13696 b/changes/feature13696
new file mode 100644
index 0000000000..21c2188d12
--- /dev/null
+++ b/changes/feature13696
@@ -0,0 +1,3 @@
+ o Minor features (security, cryptography):
+ - Use modern system calls to generate strong entropy on platforms that
+ provide them. Closes ticket 13696.
diff --git a/changes/feature14846 b/changes/feature14846
new file mode 100644
index 0000000000..4668761f22
--- /dev/null
+++ b/changes/feature14846
@@ -0,0 +1,4 @@
+ o Major features (controller):
+ - New "GETINFO hs/service/desc/id/" command to retrieve a hidden service
+ descriptor from a service's local hidden service descriptor cache.
+ Closes ticket 14846.
diff --git a/changes/feature17608 b/changes/feature17608
new file mode 100644
index 0000000000..d56bb7d4a7
--- /dev/null
+++ b/changes/feature17608
@@ -0,0 +1,4 @@
+ o Minor feature (refactoring):
+ - Move logging of redundant policy entries in
+ policies_parse_exit_policy_internal into its own function.
+ Closes ticket 17608; patch from "juce".
diff --git a/changes/feature17663 b/changes/feature17663
new file mode 100644
index 0000000000..baad9436fc
--- /dev/null
+++ b/changes/feature17663
@@ -0,0 +1,3 @@
+ o Minor feature (crypto):
+ - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
+ George Tankersley.
diff --git a/changes/feature8961-replaycache-sha256 b/changes/feature8961-replaycache-sha256
new file mode 100644
index 0000000000..c5b5c857db
--- /dev/null
+++ b/changes/feature8961-replaycache-sha256
@@ -0,0 +1,4 @@
+ o Minor enhancement (replaycache):
+ - The replay cache now uses SHA256 instead of SHA1.
+ Implements feature #8961.
+ Patch by "teor", issue reported by "rransom".
diff --git a/changes/first-hop-no-private b/changes/first-hop-no-private
new file mode 100644
index 0000000000..e8d0684061
--- /dev/null
+++ b/changes/first-hop-no-private
@@ -0,0 +1,8 @@
+ o Minor bugfix (relays, hidden services):
+ - Refuse connection requests to private OR addresses unless
+ ExtendAllowPrivateAddresses is set. Previously, tor would
+ connect, then refuse to send any cells to a private address.
+ Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012)
+ Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
+ release.
+ Patch by "teor".
diff --git a/changes/geoip-december2015 b/changes/geoip-december2015
new file mode 100644
index 0000000000..597bcc92f8
--- /dev/null
+++ b/changes/geoip-december2015
@@ -0,0 +1,4 @@
+ o Minor features:
+ - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+ Country database.
+
diff --git a/changes/geoip-october2015 b/changes/geoip-october2015
deleted file mode 100644
index f20febec5a..0000000000
--- a/changes/geoip-october2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/getinfo-private-exitpolicy b/changes/getinfo-private-exitpolicy
new file mode 100644
index 0000000000..e8345167e9
--- /dev/null
+++ b/changes/getinfo-private-exitpolicy
@@ -0,0 +1,6 @@
+ o Minor features (exit policies, controllers):
+ - Add controller getinfo exit-policy/reject-private/[default,relay]
+ for the reject rules added by ExitPolicyRejectPrivate. This makes
+ it easier for stem to display exit policies.
+ - Add unit tests for getinfo exit-policy/*.
+ Completes ticket #17183. Patch by "teor".
diff --git a/changes/ifaddrs-tests-network-configs b/changes/ifaddrs-tests-network-configs
deleted file mode 100644
index 6b5ed4d484..0000000000
--- a/changes/ifaddrs-tests-network-configs
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (testing):
- - Make the get_ifaddrs_* unit tests more tolerant of different network
- configurations. (Don't assume every test box has an IPv4 address, and
- Don't assume every test box has a non-localhost address.
- Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
diff --git a/changes/laplace-edge-cases b/changes/laplace-edge-cases
new file mode 100644
index 0000000000..6c8c77b040
--- /dev/null
+++ b/changes/laplace-edge-cases
@@ -0,0 +1,8 @@
+ o Code simplifications and unit tests:
+ - Handle edge cases in the laplace functions: avoid division by zero,
+ avoid taking the log of zero, and silence clang type conversion
+ warnings using round and trunc. Add unit tests for edge cases with
+ maximal values.
+ - Consistently check for overflow in round_*_to_next_multiple_of
+ functions, and add unit tests with additional and maximal values.
+
diff --git a/changes/rand-failure-modes b/changes/rand-failure-modes
new file mode 100644
index 0000000000..cc6ef4744e
--- /dev/null
+++ b/changes/rand-failure-modes
@@ -0,0 +1,5 @@
+ o Minor features (unit tests, random number generation):
+ - Add unit tests that check for common RNG failure modes, such as
+ returning all zeroes, identical values, or incrementing values
+ (OpenSSL's rand_predictable feature).
+ Patch by "teor".
diff --git a/changes/routerset-parse-IPv6-literals b/changes/routerset-parse-IPv6-literals
new file mode 100644
index 0000000000..c80c82c229
--- /dev/null
+++ b/changes/routerset-parse-IPv6-literals
@@ -0,0 +1,5 @@
+ o Minor bug fixes (routersets, IPv6):
+ - routerset_parse now accepts IPv6 literal addresses.
+ Fix for ticket 17060. Patch by "teor".
+ Patch on 3ce6e2fba290 (24 Jul 2008), and related commits,
+ released in 0.2.1.3-alpha.
diff --git a/changes/sha-unit-tests b/changes/sha-unit-tests
new file mode 100644
index 0000000000..457578d337
--- /dev/null
+++ b/changes/sha-unit-tests
@@ -0,0 +1,5 @@
+ o Minor bugfixes (unit tests):
+ - Check the full results of SHA256 and SHA512 digests in the
+ unit tests.
+ Bugfix on a tor version before the refactoring in git commit
+ cea12251995d (23 Sep 2009). Patch by "teor".
diff --git a/changes/test16831 b/changes/test16831
new file mode 100644
index 0000000000..7db2d14df5
--- /dev/null
+++ b/changes/test16831
@@ -0,0 +1,3 @@
+ o Testing:
+ - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
+ portion of ticket 16831.
diff --git a/changes/warn-when-time-goes-backwards b/changes/warn-when-time-goes-backwards
new file mode 100644
index 0000000000..d7e584d9ff
--- /dev/null
+++ b/changes/warn-when-time-goes-backwards
@@ -0,0 +1,5 @@
+ o Minor features (security, clock):
+ - Warn when the system clock is set back in time (when the
+ state file was last written in the future). Tor doesn't know
+ that consensuses have expired if the clock is in the past.
+ Patch by "teor". Implements ticket #17188.