maint-0.2.9: remove changes files that are merged in 0.2.9 releases

Many of these files cause check-changes to fail, which will be a
long-term problem as we continue to support 0.2.9.

changes/19974

@@ -1,5 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Fix tolerances in unit tests for monotonic time comparisons between
-      nanoseconds and microseconds. Previously, we accepted a 10 us
-      difference only, which is not realistic on every platform's
-      clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha.

changes/20460

@@ -1,4 +0,0 @@
-  o Minor bugfixes (testing):
-    - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
-      removed the ECDH ciphers which caused the tests to fail on
-      platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha.

changes/20492

@@ -1,4 +0,0 @@
-  o Minor bugfix (build):
-    - The current Git revision when building from a local repository is now
-      detected correctly when using git worktrees.  Fixes bug 20492; bugfix on
-      0.2.3.9-alpha.

changes/21359

@@ -1,8 +0,0 @@
-
-  o Minor features (portability, compilationc)
-    - Support building with recent LibreSSL code that uses opaque
-      structures. Closes ticket 21359.
-    - Autoconf now check to determine if OpenSSL
-      structures are opaque, instead of explicitly checking for
-      OpenSSL version numbers. 
-      Part of ticket 21359.

changes/bastet_v6

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Add an IPv6 address for the "bastet" directory authority.
-      Closes ticket 24394.
-

changes/bug15582

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Avoid compiler warnings in the unit tests for running tor_sscanf()
-      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
-

changes/bug18100

@@ -1,5 +0,0 @@
-  o Major bugfixes (linux TPROXY support):
-    - Fix a typo that had prevented TPROXY-based transparent proxying from
-      working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
-      Patch from "d4fq0fQAgoJ".
-

changes/bug18329-minimal

@@ -1,6 +0,0 @@
-  o Minor features (bridge):
-    - Bridges now include notice in their descriptors that they are bridges,
-      and notice of their distribution status, based on their publication
-      settings.  Implements ticket 18329.  For more fine-grained control of
-      how a bridge is distributed, upgrade to 0.3.2.x or later.
-

changes/bug19025

@@ -1,4 +0,0 @@
-  o Major bugfixes (DNS):
-    - Fix a bug that prevented exit nodes from caching DNS records for more
-      than 60 seconds.
-      Fixes bug 19025; bugfix on 0.2.4.7-alpha.

changes/bug19869

@@ -1,4 +0,0 @@
-  o Minor bugfixes (DNSPort):
-    - On DNSPort, stop logging a BUG warning on a failed hostname lookup.
-      Fixes bug 19869; bugfix on 0.2.9.1-alpha.
-

changes/bug19926_029_info

@@ -1,3 +0,0 @@
-  o Minor bugfixes (logging):
-    - Downgrade a harmless log message about the pending_entry_connections
-      list from "warn" to "info". Mitigates bug 19926.

changes/bug19960

@@ -1,4 +0,0 @@
-  o Minor bugfixes (netbsd, unit tests):
-    - Stop expecting NetBSD unit tests to report success for ipfw;
-      on NetBSD, it's only pf that's supported.
-      Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha.

changes/bug19968

@@ -1,11 +0,0 @@
-  o Minor bugfixes (relay):
-    - Do not try to parallelize workers more than 16x without the
-      user explicitly configuring us to do so, even if we do detect more than
-      16 CPU cores. Fixes bug 19968; bugfix on
-      0.2.3.1-alpha.
-
-
-  o Minor bugfixes (testing):
-    - Avoid a unit test failure on systems with over 16 detectable
-      CPU cores. Fixes bug 19968; bugfix on
-      0.2.3.1-alpha.

changes/bug19969

@@ -1,10 +0,0 @@
-  o Major bugfixes (client performance):
-    - Clients now respond to new application stream requests when
-      they arrive, rather than waiting up to one second before starting
-      to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
-
-  o Major bugfixes (clients on flaky network connections):
-    - When Tor leaves standby because of a new application request, open
-      circuits as needed to serve that request. Previously, we would
-      potentially wait a very long time. Fixes part of bug 19969; bugfix
-      on 0.2.8.1-alpha.

changes/bug20059

@@ -1,3 +0,0 @@
-  o Minor bugfixes (relay):
-    - Avoid a double-marked-circuit warning that can happen when we receive
-      DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc.

changes/bug20085

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Correct the minimum bandwidth value in torrc.sample, and queue a
-      corresponding change for torrc.minimal. Closes ticket 20085.
-

changes/bug20235

@@ -1,4 +0,0 @@
-  o Minor features (compatibility):
-    - Work around a bug in the OSX 10.12 SDK that would prevent us
-      from successfully targetting earlier versions of OSX.
-      Resolves ticket 20235.

changes/bug20247

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Avoid a sandbox failure when trying to re-bind to a socket and mark
-      it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
-

changes/bug20306_029

@@ -1,4 +0,0 @@
-  o Minor bugfixes (fascistfirewall):
-    - Avoid spurious warnings when ReachableAddresses or FascistFirewall
-      is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
-

changes/bug20307

@@ -1,7 +0,0 @@
-  o Minor bugfixes (circuit, hidden service)
-    - When closing a circuit, the reason for doing so was assigned from an int
-      value to a uint16_t which is quite a problem for negative values that are
-      our internal reasons (ex: END_CIRC_REASON_IP_NOW_REDUNDANT). On the HS
-      side, this was causing introduction points to be flagged as unusable
-      because the reason wasn't the right one due to the bad conversion.
-      Partially fixes bug 21056 and fixes bug 20307; Bugfix on 0.2.8.1-alpha.

changes/bug20401

@@ -1,4 +0,0 @@
-  o Minor bugfixes (relay):
-    - Avoid a small memory leak when informing worker threads about rotated
-      onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha.
-

changes/bug20423

@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - For relays that don't know their own address, avoid attempting
-      a local hostname resolve for each descriptor we download. Also cut
-      down on the number of "Success: chose address 'x.x.x.x'" log lines.
-      Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
-

changes/bug20424_029_minimal

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, tell
-      the compiler not to include the system malloc implementation. Fixes bug
-      20424; bugfix on 0.2.0.20-rc.

changes/bug20472

@@ -1,5 +0,0 @@
-  o Minor bugfixes (circuits):
-    - Remove a BUG warning in circuit_pick_extend_handshake. Instead, assume
-      all nodes support EXTEND2. Use ntor whenever a key is available.
-      Fixes bug 20472; bugfix on 0.2.9.3-alpha.
-

changes/bug20484

@@ -1,5 +0,0 @@
-  o Minor bugfixes (single onion services):
-    - Start correctly when creating a single onion service in a
-      directory that did not previously exist. Fixes bug 20484; bugfix on
-      0.2.9.3-alpha.
-

changes/bug20487

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Clarify that setting HiddenServiceNonAnonymousMode requires
-      you to also set "SOCKSPort 0". Fixes bug 20487; bugfix on
-      0.2.9.3-alpha.

changes/bug20509

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Directory authorities now reject relays running versions
-      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
-      suffer from bug 20499 and don't keep their consensus cache
-      up-to-date. Resolves ticket 20509.

changes/bug20529

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - When configuring hidden services, check every hidden service directory's
-      permissions. Previously, we only checked the last hidden service.
-      Fixes bug 20529; bugfix on 13942 commit 85bfad1 in 0.2.6.2-alpha.

changes/bug20533

@@ -1,7 +0,0 @@
-  o Minor bugfixes (consensus downloads):
-    - If a consensus expires while we are waiting for certificates to download,
-      stop waiting for certificates.
-    - If we stop waiting for certificates less than a minute after we started
-      downloading them, do not consider the certificate download failure a
-      separate failure.
-      Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.

changes/bug20534

@@ -1,8 +0,0 @@
-  o Minor bugfixes (directory download scheduling):
-    - Remove the maximum delay on exponential-backoff scheduling.
-      Since we now allow an infinite number of failures (see ticket
-      20536), we must now allow the time to grow longer on each failure.
-      Fixes part of bug 20534; bugfix on 0.2.9.1-alpha.
-    - Use initial delays and decrements in download scheduling closer to
-      those from 0.2.8. Fixes another part of bug 20534; bugfix on
-      0.2.9.1-alpha.

changes/bug20536

@@ -1,6 +0,0 @@
-  o Major bugfixes (download scheduling):
-    - When using an exponential backoff schedule, do not give up on
-      dowloading just because we have failed a bunch of times.  Since
-      each delay is longer than the last, retrying indefinitely won't
-      hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha.
-

changes/bug20551

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix implicit conversion warnings under OpenSSL 1.1.
-      Fixes bug 20551; bugfix on 0.2.1.1-alpha.

changes/bug20553

@@ -1,3 +0,0 @@
-  o Minor bugfixes (memory leak):
-    - Work around a memory leak in OpenSSL 1.1 when encoding public keys.
-      Fixes bug 20553; bugfix on 0.0.2pre8.

changes/bug20560

@@ -1,4 +0,0 @@
-  o Minor bugfixes (portability):
-    - Run correctly when built on Windows build environments that require
-      _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
-

changes/bug20587

@@ -1,5 +0,0 @@
-  o Minor bugfixes (download timing):
-    - When determining when to download a directory object, handle times
-      after 2038 if the operating system supports that.  (Someday this will be
-      important!)  Fixes bug 20587; bugfix on 0.2.8.1-alpha.
-

changes/bug20588

@@ -1,3 +0,0 @@
-  o Minor features (portability):
-    - Fix compilation with OpenSSL 1.1 and less commonly-used
-      CPU architectures. Closes ticket 20588.

changes/bug20591

@@ -1,3 +0,0 @@
-  o Minor bugfixes (relay bootstrap):
-    - Ensure relays don't make multiple connections during bootstrap.
-      Fixes bug 20591; bugfix on 0.2.8.1-alpha.

changes/bug20593

@@ -1,6 +0,0 @@
-  o Minor bugfixes (client directory scheduling):
-    - Treat "relay too busy to answer request" as a failed request and a
-      reason to back off on our retry frequency. This is safe now that
-      exponential backups retry indefinitely, and avoids a bug where we would
-      reset our download schedule erroneously.
-      Fixes bug 20593; bugfix on 0.2.9.1-alpha.

changes/bug20597

@@ -1,5 +0,0 @@
-  o Minor bugfixes (test networks, exponential backoff):
-    - When using exponential backoff in test networks, use a lower exponent,
-      so the delays do not vary as much. This helps test networks bootstrap
-      consistently. Fixes bug 20597; bugfix on 20499; not in any released
-      version of tor.

changes/bug20613

@@ -1,6 +0,0 @@
-  o Minor bugfixes (single onion services, Tor2web):
-    - Stop logging long-term one-hop circuits deliberately created by single
-      onion services and Tor2web. These log messages are intended to diagnose
-      issue 8387, which relates to circuits hanging around forever for no
-      reason.
-      Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".

changes/bug20634

@@ -1,3 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Stop spurious failures in the local interface address discovery unit
-      tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan.

changes/bug20638

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Stop ignoring hidden service key anonymity when first starting tor.
-      Instead, refuse to start tor if any hidden service key has been used in
-      a different hidden service anonymity mode.
-      Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

changes/bug20710_025

@@ -1,4 +0,0 @@
-  o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox):
-    - Fix a memory leak and use-after-free error when removing entries
-      from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on
-      0.2.5.5-alpha. Patch from "cypherpunks".

changes/bug20715

@@ -1,4 +0,0 @@
-  o Minor bugfixes (memory leak)
-    - When moving a signed descriptor object from a source to an existing
-      destination, free the allocated memory inside that destination object.
-      Bugfix on tor-0.2.8.3-alpha; Closes #20715.

changes/bug20716

@@ -1,3 +0,0 @@
-  o Minor bugfixes (client, memory leak):
-    - Fix a small memory leak when receiving AF_UNIX connections on
-      a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.

changes/bug20810

@@ -1,4 +0,0 @@
-  o Minor bugfixes (relay)
-    - When computing old Tor protocol line version in protover, we were
-      looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha.
-      Bugfix on tor-0.2.9.4-alpha.

changes/bug20864

@@ -1,4 +0,0 @@
-  o Minor bugfixes (unit tests, hidden services):
-    - Remove a double-free in the single onion service unit test. Stop
-      ignoring a return value. Make future changes less error-prone.
-      Fixes bug 20864; bugfix on 0.2.9.6-rc.

changes/bug20875

@@ -1,4 +0,0 @@
-  o Minor bugfixes (download scheduling)
-    - Resolve a "bug" warning when considering a download schedule whose
-      delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha.
-

changes/bug20935

@@ -1,3 +0,0 @@
-  o Minor bugfixes (portability):
-    - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac
-      Fixes bug 20935; bugfix on 0.2.9.6-rc.

changes/bug21018

@@ -1,11 +0,0 @@
-  o Major bugfixes (parsing, security):
-
-    - Fix a bug in parsing that could cause clients to read a single
-      byte past the end of an allocated region. This bug could be
-      used to cause hardened clients (built with
-      --enable-expensive-hardening) to crash if they tried to visit
-      a hostile hidden service.  Non-hardened clients are only
-      affected depending on the details of their platform's memory
-      allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
-      using libFuzzer. Also tracked as TROVE-2016-12-002 and as
-      CVE-2016-1254.

changes/bug21035

@@ -1,6 +0,0 @@
-  o Minor bugfixes (portability):
-    - Avoid crashing when Tor is built using headers that contain
-      CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
-      without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on
-      0.2.9.1-alpha.
-

changes/bug21051

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix Libevent detection on platforms without Libevent 1 headers
-      installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.

changes/bug21074_downgrade

@@ -1,4 +0,0 @@
-  o Minor bugfixes (portability):
-    - Don't exit the Tor process if setrlimit() fails to change the file
-      limit (which can happen sometimes on some versions of OSX). Fixes
-      bug 21074; bugfix on 0.0.9pre5.

changes/bug21108_029

@@ -1,6 +0,0 @@
-  o Major bugfixes (directory authority):
-    - During voting, when marking a node as a probable sybil, do not
-      clear its BadExit flag: sybils can still be bad in other ways
-      too. (We still clear the other flags.) Fixes bug 21108; bugfix
-      on 0.2.0.13-alpha.
-

changes/bug21278_extras

@@ -1,3 +0,0 @@
-  o Minor bugfixes (code correctness):
-    - Repair a couple of (unreachable or harmless) cases of the risky
-      comparison-by-subtraction pattern that caused bug 21278.

changes/bug21278_prevention

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Directory authorities now reject descriptors that claim to be
-      malformed versions of Tor. Helps prevent exploitation of bug 21278.
-      

changes/bug21280

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tor-resolve):
-    - The tor-resolve command line tool now rejects hostnames over 255
-      characters in length. Previously, it would silently truncate
-      them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
-      Patch by "junglefowl".

changes/bug21357

@@ -1,7 +0,0 @@
-  o Major bugfixes (IPv6 Exits):
-    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6
-      addresses. Instead, only reject a port over IPv6 if the exit policy
-      rejects that port on more than an IPv6 /16 of addresses. This bug was
-      made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6
-      address by default.
-      Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.

changes/bug21394

@@ -1,9 +0,0 @@
-  o Major bugfixes (Exit nodes):
-    - Fix an issue causing high-bandwidth exit nodes to fail a majority
-      or all of their DNS requests, making them basically unsuitable for
-      regular usage in Tor circuits. The problem is related to
-      libevent's DNS handling, but we can work around it in Tor. Fixes
-      bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
-      eventdns. Credit goes to Dhalgren for identifying and finding a
-      workaround to this bug and to gamambel, arthuredelstein and
-      arma in helping to track it down and analyze it.

changes/bug21450

@@ -1,4 +0,0 @@
-  o Minor bugfixes (voting consistency):
-    - Reject version numbers with components that exceed INT32_MAX.
-      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
-      Fixes bug 21450; bugfix on 0.0.8pre1.

changes/bug21507

@@ -1,5 +0,0 @@
-  o Minor bugfixes (voting consistency):
-    - Reject version numbers with non-numeric prefixes (such as +, -, and
-      whitespace). Disallowing whitespace prevents differential version
-      parsing between POSIX-based and Windows platforms.
-      Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.

changes/bug21576

@@ -1,4 +0,0 @@
-  o Major bugfixes (crash, directory connections):
-    - Fix a rare crash when sending a begin cell on a circuit whose linked
-      directory connection has already been closed. Fixes bug 21576;
-      bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett.

changes/bug21943

@@ -1,6 +0,0 @@
-  o Minor bugfixes (Linux seccomp2 sandbox):
-    - The getpid() system call is now permitted under the Linux seccomp2
-      sandbox, to avoid crashing with versions of OpenSSL (and other
-      libraries) that attempt to learn the process's PID by using the
-      syscall rather than the VDSO code. Fixes bug 21943; bugfix on
-      0.2.5.1-alpha.

changes/bug22034

@@ -1,4 +0,0 @@
-  o Minor bugfixes (control port, regression):
-    - The GETINFO extra-info/digest/<digest> command was broken because of a
-      wrong base16 decode return value check. In was introduced in a refactor
-      of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha.

changes/bug22245

@@ -1,5 +0,0 @@
-  o Minor bugfixes (bandwidth accounting):
-    - Roll over monthly accounting at the configured hour and minute,
-      rather than always at 00:00.
-      Fixes bug 22245; bugfix on 0.0.9rc1.
-      Found by Andrey Karpov with PVS-Studio.

changes/bug22349

@@ -1,9 +0,0 @@
-  o Minor bugfixes (directory authority):
-    - When a directory authority rejects a descriptor or extrainfo with
-      a given digest, mark that digest as undownloadable, so that we
-      do not attempt to download it again over and over. We previously
-      tried to avoid downloading such descriptors by other means, but
-      we didn't notice if we accidentally downloaded one anyway. This
-      behavior became problematic in 0.2.7.2-alpha, when authorities
-      began pinning Ed25519 keys. Fixes ticket
-      22349; bugfix on 0.2.1.19-alpha.

changes/bug22370

@@ -1,4 +0,0 @@
-  o Minor bugfixes (memory handling):
-    - When directory authorities reject a router descriptor due to keypinning,
-      free the router descriptor rather than leaking the memory.
-      Fixes bug 22370; bugfix on 0.2.7.2-alpha.

changes/bug22446

@@ -1,4 +0,0 @@
-  o Minor features (code style, backport from 0.3.1.3-alpha):
-    - Add "Falls through" comments to our codebase, in order to silence
-      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
-      Stieger. Closes ticket 22446.

changes/bug22460_case2

@@ -1,8 +0,0 @@
-  o Major bugfixes (relay, link handshake):
-
-    - When performing the v3 link handshake on a TLS connection, report that
-      we have the x509 certificate that we actually used on that connection,
-      even if we have changed certificates since that connection was first
-      opened. Previously, we would claim to have used our most recent x509
-      link certificate, which would sometimes make the link handshake fail.
-      Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.

changes/bug22490

@@ -1,3 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
-      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

changes/bug22516

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Permit the fchmod system call, to avoid crashing on startup when
-      starting with the seccomp2 sandbox and an unexpected set of permissions
-      on the data directory or its contents. Fixes bug 22516; bugfix on
-      0.2.5.4-alpha.

changes/bug22636

@@ -1,8 +0,0 @@
- o Build features:
-   - Tor's repository now includes a Travis Continuous Integration (CI)
-     configuration file (.travis.yml). This is meant to help new developers and
-     contributors who fork Tor to a Github repository be better able to test
-     their changes, and understand what we expect to pass. To use this new build
-     feature, you must fork Tor to your Github account, then go into the
-     "Integrations" menu in the repository settings for your fork and enable
-     Travis, then push your changes.

changes/bug22644

@@ -1,5 +0,0 @@
-  o Minor bugfixes (controller):
-    - Do not crash when receiving a POSTDESCRIPTOR command with an
-      empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
-    - Do not crash when receiving a HSPOST command with an empty body.
-      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.

changes/bug22737

@@ -1,12 +0,0 @@
-  o Minor bugfixes (defensive programming, undefined behavior):
-
-    - Fix a memset() off the end of an array when packing cells.  This
-      bug should be harmless in practice, since the corrupted bytes
-      are still in the same structure, and are always padding bytes,
-      ignored, or immediately overwritten, depending on compiler
-      behavior. Nevertheless, because the memset()'s purpose is to
-      make sure that any other cell-handling bugs can't expose bytes
-      to the network, we need to fix it. Fixes bug 22737; bugfix on
-      0.2.4.11-alpha. Fixes CID 1401591.
-
-

changes/bug22789

@@ -1,7 +0,0 @@
-  o Major bugfixes (openbsd, denial-of-service):
-    - Avoid an assertion failure bug affecting our implementation of
-      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
-      handling of "0xfoo" differs from what we had expected.
-      Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
-      TROVE-2017-007.
-

changes/bug22797

@@ -1,4 +0,0 @@
-  o Minor bugfixes (file limits):
-    - When setting the maximum number of connections allowed by the OS,
-      always allow some extra file descriptors for other files.
-      Fixes bug 22797; bugfix on 0.2.0.10-alpha.

changes/bug22801

@@ -1,5 +0,0 @@
-  o Minor bugfixes (compilation):
-    - When building with certain versions the mingw C header files, avoid
-      float-conversion warnings when calling the C functions isfinite(),
-      isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
-

changes/bug22838_028

@@ -1,5 +0,0 @@
-  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
-    - Backport a fix for an "unused variable" warning that appeared
-      in some versions of mingw. Fixes bug 22838; bugfix on
-      0.2.8.1-alpha.
-

changes/bug22915

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation warnings):
-    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
-      bugfix on 0.2.8.1-alpha.

changes/bug22916_027

@@ -1,3 +0,0 @@
-  o Minor bugfixes (Compilation):
-    - Fix warnings when building with libscrypt and openssl scrypt support
-      on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.

changes/bug23030_029

@@ -1,7 +0,0 @@
-  o Minor bugfixes (coverity builds):
-    - Avoid Coverity build warnings related to our BUG() macro. By
-      default, Coverity treats BUG() as the Linux kernel does: an
-      instant abort(). We need to override that so our BUG() macro
-      doesn't prevent Coverity from analyzing functions that use it.
-      Fixes bug 23030; bugfix on 0.2.9.1-alpha.
-

changes/bug23081

@@ -1,8 +0,0 @@
-  o Minor bugfixes (Windows service):
-    - When running as a Windows service, set the ID of the main thread
-      correctly. Failure to do so made us fail to send log messages
-      to the controller in 0.2.1.16-rc, slowed down controller
-      event delivery in 0.2.7.3-rc and later, and crash with an assertion
-      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
-      Patch and diagnosis from "Vort".
-

changes/bug23291

@@ -1,3 +0,0 @@
-  o Minor bugfixes (testing):
-    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
-      0.2.7.2-alpha. Found and patched by Ties Stuij.

changes/bug23318

@@ -1,11 +0,0 @@
-  o Minor bugfixes (path selection):
-    - When selecting relays by bandwidth, avoid a rounding error that
-      could sometimes cause load to be imbalanced incorrectly. Previously,
-      we would always round upwards; now, we round towards the nearest
-      integer.  This had the biggest effect when a relay's weight adjustments
-      should have given it weight 0, but it got weight 1 instead.
-      Fixes bug 23318; bugfix on 0.2.4.3-alpha.
-    - When calculating the fraction of nodes that have descriptors, and all
-      all nodes in the network have zero bandwidths, count the number of nodes
-      instead.
-      Fixes bug 23318; bugfix on 0.2.4.10-alpha.

changes/bug23470

@@ -1,6 +0,0 @@
-  o Minor bugfix (relay address resolution):
-    - Avoid unnecessary calls to directory_fetches_from_authorities()
-      on relays. This avoids spurious address resolutions and
-      descriptor rebuilds. This is a mitigation for 21789. The original
-      bug was introduced in commit 35bbf2e as part of prop210.
-      Fixes 23470 in 0.2.8.1-alpha.

changes/bug23690

@@ -1,5 +0,0 @@
-  o Major bugfixes (relay, crash, assertion failure):
-    - Fix a timing-based assertion failure that could occur when the
-      circuit out-of-memory handler freed a connection's output buffer.
-      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
-

changes/bug23693

@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay, crash):
-    - Avoid a crash when transitioning from client mode to bridge mode.
-      Previously, we would launch the worker threads whenever our "public
-      server" mode changed, but not when our "server" mode changed.
-      Fixes bug 23693; bugfix on 0.2.6.3-alpha.
-

changes/bug23874

@@ -1,3 +0,0 @@
-  o Minor bugfixes (memory safety):
-    - Clear the address when node_get_prim_orport() returns early.
-      Fixes bug 23874; bugfix on 0.2.8.2-alpha.

changes/bug23985

@@ -1,9 +0,0 @@
-  o Minor bugfixes (bootstrapping):
-    - Fetch descriptors aggressively whenever we lack enough
-      to build circuits, regardless of how many descriptors we are missing.
-      Previously, we would delay launching the fetch when we had fewer than
-      15 missing descriptors, even if some of those descriptors were
-      blocking circuits from building. Fixes bug 23985; bugfix on
-      0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha,
-      when we began treating missing descriptors from our primary guards
-      as a reason to delay circuits.

changes/bug24167

@@ -1,7 +0,0 @@
-  o Minor bugfixes (network layer):
-    - When closing a connection via close_connection_immediately(), we
-      mark it as "not blocked on bandwidth", to prevent later calls
-      from trying to unblock it, and give it permission to read. This
-      fixes a backtrace warning that can happen on relays under various
-      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
-

changes/bug24170

@@ -1,3 +0,0 @@
-  o Minor bugfixes (path selection):
-    - Actually log the total bandwidth in compute_weighted_bandwidths().
-      Fixes bug 24170; bugfix on 0.2.4.3-alpha.

changes/bug24198

@@ -1,4 +0,0 @@
-  o Minor bugfixes (controller, linux seccomp2 sandbox):
-    - Avoid a crash when attempting to use the seccomp2 sandbox
-      together with the OwningControllerProcess feature.
-      Fixes bug 24198; bugfix on 0.2.5.1-alpha.

changes/bug24313

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service v2):
-    - Fix a use-after-free error that could crash v2 Tor hidden services
-      when it failed to open circuits while expiring introductions
-      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha.  This
-      issue is also tracked as TROVE-2017-013 and CVE-2017-8823.

changes/bug24480

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix a signed/unsigned comparison warning introduced by our
-      fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.

changes/bug24633

@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability, msvc):
-    - Fix a bug in the bit-counting parts of our timing-wheel code on
-      MSVC. (Note that MSVC is still not a supported build platform,
-      due to cyptographic timing channel risks.) Fixes bug 24633;
-      bugfix on 0.2.9.1-alpha.

changes/bug24666

@@ -1,7 +0,0 @@
-  o Minor bugfixes (memory usage):
-
-    - When queuing DESTROY cells on a channel, only queue the
-      circuit-id and reason fields: not the entire 514-byte
-      cell. This fix should help mitigate any bugs or attacks that
-      fill up these queues, and free more RAM for other uses. Fixes
-      bug 24666; bugfix on 0.2.5.1-alpha.

changes/bug24736

@@ -1,6 +0,0 @@
-  o Minor bugfixes (address selection):
-    - When the fascist_firewall_choose_address_ functions don't find a
-      reachable address, set the returned address to the null address and port.
-      This is a precautionary measure, because some callers do not check the
-      return value.
-      Fixes bug 24736; bugfix on 0.2.8.2-alpha.

changes/bug24854

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Move the list of default directory authorities to their own file for
-      inclusion using the C preprocessor. Closes ticket 24854. Patch by "beastr0".

changes/bug24895

@@ -1,8 +0,0 @@
-  o Major bugfixes (onion services):
-    - Fix an "off by 2" error in counting rendezvous failures on the onion
-      service side. While we thought we would stop the rendezvous attempt
-      after one failed circuit, we were actually making three circuit attempts
-      before giving up. Now switch to a default of 2, and allow the consensus
-      parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895;
-      bugfix on 0.0.6.
-

changes/bug24898-029

@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay):
-    - Make the internal channel_is_client() function look at what sort
-      of connection handshake the other side used, rather than whether
-      the other side ever sent a create_fast cell to us. Backports part
-      of the fixes from bugs 22805 and 24898.
-