Add a blurb, edit the changelog

ChangeLog

@@ -1,5 +1,14 @@
 Changes in version 0.3.0.3-alpha - 2017-02-03
-  BLURB BLURB BLURB.
+  Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the
+  0.3.0.x development series, including some that could cause
+  authorities to behave badly. There is also a fix for a longstanding
+  bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also
+  includes some smaller features and bugfixes.
+
+  The Tor 0.3.0.x release series is now in patch-freeze: no additional
+  features will be considered for inclusion in 0.3.0.x. We suspect that
+  some bugs will probably remain, however, and we encourage people to
+  test this release.
 
   o Major bugfixes (directory authority):
     - During voting, when marking a node as a probable sybil, do not
@@ -14,20 +23,20 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
 
   o Major bugfixes (entry guards):
     - Stop trying to build circuits through entry guards for which we
-      have no descriptor yet. Also, stop crashing if we *do*
+      have no descriptor. Also, stop crashing in the case that we *do*
       accidentally try to build a circuit in such a state. Fixes bug
       21242; bugfix on 0.3.0.1-alpha.
 
   o Major bugfixes (IPv6 Exits):
     - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
-      IPv6 addresses. Instead, only reject a port over IPv6 if the exit
-      policy rejects that port on more than an IPv6 /16 of addresses.
-      This bug was made worse by 17027 in 0.2.8.1-alpha, which rejects a
-      relay's own IPv6 address by default. Fixes bug 21357; bugfix on
-      commit 004f3f4e53 in 0.2.4.7-alpha.
+      any IPv6 addresses. Instead, only reject a port over IPv6 if the
+      exit policy rejects that port on more than an IPv6 /16 of
+      addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
+      which rejected a relay's own IPv6 address by default. Fixes bug
+      21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
 
   o Minor feature (client):
-    - Enable IPv6 traffic by default on the SocksPort. To disable this,
+    - Enable IPv6 traffic on the SocksPort by default. To disable this,
       a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
 
   o Minor feature (fallback scripts):
@@ -36,10 +45,10 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
       20174. Patch by haxxpop.
 
   o Minor features (ciphersuite selection):
+    - Clients now advertise a list of ciphersuites closer to the ones
+      preferred by Firefox. Closes part of ticket 15426.
     - Allow servers to accept a wider range of ciphersuites, including
       chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
-    - Clients now advertise a list of ciphersuites closer to the ones
-      preferred by Firefox. Closes ticket 15426.
 
   o Minor features (controller, configuration):
     - Each of the *Port options, such as SocksPort, ORPort, ControlPort,
@@ -53,23 +62,24 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
       in feature 20956. Implements ticket 21300.
 
   o Minor features (portability, compilation):
-    - Autoconf now check to determine if OpenSSL structures are opaque,
+    - Autoconf now checks to determine if OpenSSL structures are opaque,
       instead of explicitly checking for OpenSSL version numbers. Part
       of ticket 21359.
     - Support building with recent LibreSSL code that uses opaque
       structures. Closes ticket 21359.
 
   o Minor features (relay):
-    - Allow separation of exit and relay traffic to different source IP
-      addresses. Closes ticket 17975. Written by Michael Sonntag.
+    - We now allow separation of exit and relay traffic to different
+      source IP addresses, using the OutboundBindAddressExit and
+      OutboundBindAddressOR options respectively. Closes ticket 17975.
+      Written by Michael Sonntag.
 
   o Minor bugfix (logging):
-    - Don't recommend the use of Tor2web in non anonymous mode. In that
-      mode, we disable client functionalities and recommending Tor2web
-      as a solution is a bad idea because in that case client loses all
-      anonymity. Tor2web should really only be used in very specific
-      cases and with users *knowing* what they do. Fixes bug 21294;
-      bugfix on 0.2.9.3-alpha.
+    - Don't recommend the use of Tor2web in non-anonymous mode.
+      Recommending Tor2web is a bad idea because the client loses all
+      anonymity. Tor2web shouldy only be used in specific cases by users
+      who *know* and understand the issues. Fixes bug 21294; bugfix
+      on 0.2.9.3-alpha.
 
   o Minor bugfixes (client):
     - Always recover from failures in extend_info_from_node(), in an
@@ -90,38 +100,39 @@ Changes in version 0.3.0.3-alpha - 2017-02-03
 
   o Minor bugfixes (configure, autoconf):
     - Rename the configure option --enable-expensive-hardening to
-      --enable-fragile-hardening. TROVE-2017-001 was triggerable only
-      through the expensive hardening which is making the tor daemon
-      abort when the issue is detected. Thus, it makes tor more at risk
-      of remote crashes but safer against RCE or heartbleed bug
-      category. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
+      --enable-fragile-hardening. Expensive hardening makes the tor
+      daemon abort when some kinds of issues are detected. Thus, it
+      makes tor more at risk of remote crashes but safer against RCE or
+      heartbleed bug category. We now try to explain this issue in a
+      message from the configure script. Fixes bug 21290; bugfix
+      on 0.2.5.4-alpha.
 
   o Minor bugfixes (controller):
     - Restore the (deprecated) DROPGUARDS controller command. Fixes bug
       20824; bugfix on 0.3.0.1-alpha.
 
   o Minor bugfixes (hidden service):
-    - Cleanup expiring intro point nodes if no circuit is associated to
-      it anymore. It was causing, rarely, the service to not open enough
-      introduction points circuit in the case we had dead expiring
-      nodes.; bugfix on 0.2.7.2-alpha.
-    - Stop modifying the value of our torrc option
-      HiddenServiceStatistics just because we're not a bridge or relay.
-      Use an internal value for what tor should use and keep the torrc
-      option intact. Fixes bug 21150; bugfix on 0.2.6.2-alpha.
+    - Clean up the code for expiring intro points with no associated
+      circuits. It was causing, rarely, a service with some expiring
+      nodes to not open enough introduction points. Fixes part of bug
+      21302; bugfix on 0.2.7.2-alpha.
+    - Stop setting the torrc option HiddenServiceStatistics to "0" just
+      because we're not a bridge or relay. Instead, we preserve whatever
+      value the user set (or didn't set). Fixes bug 21150; bugfix
+      on 0.2.6.2-alpha.
     - Two possible underflow which would ultimately lead to creating a
       lot of introduction points circuits and closing them in a non stop
       loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
 
   o Minor bugfixes (portability):
-    - Use "OpenBSD" pre-defined compiler macro instead of "OPENBSD" or
-      "__OpenBSD__". It is supported by OpenBSD itself and also most
-      OpenBSD variants like Bitrig. Fixes bug 20980; bugfix
+    - Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__".
+      It is supported by OpenBSD itself, and also by most OpenBSD
+      variants (such as Bitrig). Fixes bug 20980; bugfix
       on 0.1.2.1-alpha.
-    - Do not silently truncate content of files if they are larger than
-      SIZE_MAX bytes. This issue could occur on 32 bit systems with
-      large file support and files which are larger than 4 GB. Fixes bug
-      21134; bugfix on 0.3.0.1-alpha.
+    - When mapping a file of length greater than SIZE_MAX, do not
+      silently its contents. This issue could occur on 32 bit systems
+      with large file support and files which are larger than 4 GB.
+      Fixes bug 21134; bugfix on 0.3.0.1-alpha.
 
   o Minor bugfixes (tor-resolve):
     - The tor-resolve command line tool now rejects hostnames over 255