use sortChanges to begin an 0.3.4.1-alpha changelog

ChangeLog

@@ -1,3 +1,501 @@
+Changes in version 0.3.4.1-alpha - 2018-05-1?
+  XXX BLURB
+
+
+  o Major feature (directory authority, modularization):
+    - The directory authority subsystem has been modularized. The code is now
+      located in src/or/dirauth/ which is compiled in by default. To disable the
+      module, the configure option --disable-module-dirauth has been added.
+      Closes ticket 25610;
+
+  o Major feature (main loop, CPU usage):
+    - Previously, tor would enable at startup all possible main loop event
+      regardless if it needed them. For instance, directory authorities
+      callbacks were fired up even for client only. We have now refactored this
+      whole interface to only enable the appropriate callbacks depending on what
+      are tor roles (client only, relay, hidden service, etc.). Furthermore,
+      these events now depend on DisableNetwork or the hibernation state in
+      order to enable them. This is a big step towards reducing client CPU usage
+      by reducing the amount of wake ups the daemon does. Closes ticket 25376
+      and 25762.
+
+  o Major features (CPU usage, mobile):
+    - When Tor is disabled (via DisableNetwork or via hibernation), it
+      no longer needs to run any per-second events.  This change should
+      make it easier for mobile applications to disable Tor while the
+      device is sleeping, or Tor is not running.  Closes ticket 26063.
+
+  o Major features (main loop, CPU wakeup):
+    - The bandwidth-limitation logic has been refactored so that
+      bandwidth calculations are performed on-demand, rather than
+      every TokenBucketRefillInterval milliseconds.
+      This change should improve the granularity of our bandwidth
+      calculations, and limit the number of times that the Tor process needs
+      to wake up when it is idle. Closes ticket 25373.
+
+  o Major bugfixes (directory authorities, security):
+    - When directory authorities read a zero-byte bandwidth file, they log
+      a warning with the contents of an uninitialised buffer. Log a warning
+      about the empty file instead.
+      Fixes bug 26007; bugfix on 0.2.2.1-alpha.
+
+  o Major bugfixes (directory authority):
+    - Avoid a crash when testing router reachability on a router that could
+      have an ed25519 ID, but which does not. Fixes bug 25415; bugfix on
+      0.3.3.2-alpha.
+
+  o Major bugfixes (onion service):
+    - Correctly detect when onion services get disabled after HUP.
+      Fixes bug 25761; bugfix on 0.3.2.1.
+
+  o Major bugfixes (protover, voting):
+    - Revise Rust implementation of protover to use a more memory-efficient
+      voting algorithm and corresponding data structures, thus avoiding a
+      potential (but small impact) DoS attack where specially crafted protocol
+      strings would expand to several potential megabytes in memory.  In the
+      process, several portions of code were revised to be methods on new,
+      custom types, rather than functions taking interchangeable types, thus
+      increasing type safety of the module.  Custom error types and handling
+      were added as well, in order to facilitate better error dismissal/handling
+      in outside crates and avoid mistakenly passing an internal error string to
+      C over the FFI boundary.  Many tests were added, and some previous
+      differences between the C and Rust implementations have been
+      remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha.
+
+  o Major bugfixes (relay, denial of service):
+    - Impose a limit on circuit cell queue size. The limit can be controlled by
+      a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha.
+
+  o Minor feature (entry guards):
+    - Introduce torrc option NumPrimaryGuards for controlling the number of
+      primary guards. Closes ticket 25843.
+
+  o Minor features (accounting):
+    - When we become dormant, use a scheduled event to wake up at the right
+      time.  Previously, we would use the per-second timer to check whether
+      to wake up, but we no longer have any per-second timers enabled when
+      the network is disabled. Closes ticket 26064.
+
+  o Minor features (code quality):
+    - Add optional spell-checking for the Tor codebase, using the "misspell"
+      program.  To use this feature, run "make check-typos".
+      Closes ticket 25024.
+
+  o Minor features (compatibility):
+    - Tor now detects versions of OpenSSL 1.1.0 and later compiled with the
+      no-deprecated option, and builds correctly with them. Closes
+      tickets 19429, 19981, and 25353.
+
+  o Minor features (compilation, portability):
+    - Avoid some compilation warnings with recent versions
+      of LibreSSL. Closes ticket 26006.
+
+  o Minor features (compression, zstd):
+    - When running with zstd, Tor now considers using advanced functions that
+      the zstd maintainers have labeled as potentially unstable. To
+      prevent breakage, Tor will only use this functionality when
+      the runtime version of the zstd library matches the version
+      with which it were compiled.  Closes ticket 25162.
+
+  o Minor features (configuration):
+    - The "DownloadSchedule" options have been renamed to end with
+      "DownloadInitialDelay".  The old names are still allowed, but will
+      produce a warning. Comma-separated lists are still permitted for
+      these options, but all values after the first are ignored (as they have
+      been since 0.2.9). Closes ticket 23354.
+
+  o Minor features (continuous integration):
+    - Our .travis.yml configuration now includes support for testing
+      the results of "make distcheck". (It's not uncommon for "make check" to
+      pass but "make distcheck" to fail.)  Closes ticket 25814.
+    - Our Travis CI configuration now integrates with the Coveralls coverage
+      analysis tool. Closes ticket 25818.
+
+  o Minor features (control port):
+    - Introduce GETINFO "current-time/{local,utc}" to return the local
+      and UTC times respectively in ISO format. This helps a controller
+      like Tor Browser detect a time-related error. Closes ticket 25511.
+      Patch by Neel Chauhan.
+    - Introduce new fields to the CIRC_BW event. There are two new fields in
+      each of the read and written directions. The DELIVERED fields report the
+      total valid data on the circuit, as measured by the payload sizes of
+      verified and error-checked relay command cells. The OVERHEAD fields
+      report the total unused bytes in each of these cells. Closes ticket 25903.
+
+  o Minor features (directory authority):
+    - Directory authorities now open their key-pinning files as O_SYNC,
+      to prevent themselves from accidentally writing partial lines.
+      Closes ticket 23909.
+
+  o Minor features (directory authority, forward compatibility):
+    - Make the lines of the measured bandwidth file able to contain their
+      entries in any order. Previously, the node_id entry needed to come
+      first. Closes ticket 26004.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
+      Country database. Closes ticket 26104.
+
+  o Minor features (mainloop):
+    - Move responsibility for
+      closing connections, circuits, and channels
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25932.
+    - Move responsibility for
+      consensus voting
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25937.
+    - Move responsibility for
+      flushing log callbacks
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25951.
+    - Move responsibility for
+      honoring delayed SIGNEWNYM requests
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25949.
+    - Move responsibility for
+      rescanning the consensus cache
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket:
+      25931.
+    - Move responsibility for
+      saving the state file to disk
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25948.
+    - Move responsibility for
+      warning relay operators about unreachable ports
+      from a once-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      25952.
+   - Move responsibility for
+     keeping track of Tor's uptime
+      from a nce-per-second callback to a callback that is only scheduled as
+      needed.  Once enough items are removed from our once-per-second
+      callback, we can eliminate it entirely to conserve CPU when idle.
+      Closes ticket
+      26009.
+
+  o Minor features (performance):
+    - Avoid a needless call to malloc() when processing an incoming
+      relay cell.  Closes ticket 24914.
+
+  o Minor features (performance, 32-bit):
+    - Make our timing-wheel code run a tiny bit faster on 32-bit platforms,
+      by preferring 32-bit math to 64-bit. Closes ticket 24688.
+
+  o Minor features (performance, allocation):
+    - Avoid a needless malloc()/free() pair every time we handle an ntor
+      handshake. Closes ticket 25150.
+
+  o Minor features (Testing):
+    - Add a unit test for voting_schedule_get_start_of_next_interval().
+      Closes ticket 26014, and helps make unit test coverage more
+      deterministic.
+    - A new unittests module specifically for testing the functions in the
+      (new-ish) bridges.c module has been created with new unittests, raising
+      the code coverage percentages.  Closes 25425.
+    - We now have improved testing for addressmap_get_virtual_address()
+      function.  This should improve our test coverage, and make our test
+      coverage more deterministic. Closes ticket 25993.
+
+  o Minor features (timekeeping, circuit scheduling):
+    - When keeping track of how busy each circuit have been recently on
+      a given connection, use coarse-grained monotonic timers rather than
+      gettimeofday(). This change should marginally increase accuracy
+      and performance.  Implements part of ticket 25927.
+
+  o Minor bugfix (controler):
+    - Make CIRC_BW event reflect the total of all data sent on a circuit,
+      including padding and dropped cells. Also fix a mis-counting bug
+      when STREAM_BW events were enabled. Fixes bug 25400; bugfix on
+      0.2.5.2-alpha.
+
+  o Minor bugfix (Multiple includes):
+    - Fixed multiple includes of trasports.h in src/or/connection.c
+      Fixes bug 25261; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (Assert crash):
+    - Avoid an assert in the circuit build timeout code if we fail to
+      allow any circuits to actually complete. Fixes bug 25733;
+      bugfix on 0.2.2.2-alpha.
+
+  o Minor bugfixes (bandwidth management):
+    - Consider ourselves "low on write bandwidth" if we have exhausted our
+      write bandwidth some time in the last second. This was the
+      documented behavior before, but the actual behavior was to change
+      this value every TokenBucketRefillInterval. Fixes bug 25828; bugfix on
+      0.2.3.5-alpha.
+
+  o Minor bugfixes (C correctness):
+    - Add a missing lock acquisition in the shutdown code of the
+      control subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found
+      by Coverity; this is CID 1433643.
+
+  o Minor bugfixes (channel_get_for_extend()):
+    - Remove the unused variable n_possible from the function
+      Fixes bug 25645; bugfix on 0.2.4.4-alpha
+
+  o Minor bugfixes (circuit path selection):
+    - Don't count path selection failures as circuit build failures. This
+      should eliminate cases where Tor blames its guard or the network
+      for situations like insufficient microdescriptors and/or overly
+      restrictive torrc settings. Fixes bug 25705; bugfix on 0.3.3.1-alpha.
+
+  o Minor bugfixes (client):
+    - Don't consider Tor running as a client if the ControlPort is open. Fixes
+      bug 26062; bugfix on 0.2.9.4-alpha.
+
+  o Minor bugfixes (control interface):
+    - Respond with more human readable error messages to GETINFO
+      exit-policy/* requests. Also, let controller know if error
+      is transient (response code 551) or not (response code 552).
+      Fixes bug 25852; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (directory client):
+    - When unverified-consensus is verified, rename it to cached-consenus.
+      Fixes bug 4187; bugfix on 0.2.0.3-alpha.
+
+  o Minor bugfixes (directory server cert fetch):
+    - Fixed launching a certificate fetch always during the scheduled
+      periodic consensus fetch by fetching only in those cases when
+      consensus are waiting for certs.
+      Fixes bug 24740; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (documentation):
+    - Stop saying in the manual that clients cache ipv4 dns answers
+      from exit relays. We haven't used them since 0.2.6.3-alpha, and
+      in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha,
+      but we forgot to say so in the man page. Fixes bug 26052; bugfix
+      on 0.3.2.6-alpha.
+
+  o Minor bugfixes (Duplicate code):
+    - Remove duplicate code in parse_{c,s}method_line and bootstrap
+      their functionalities into a single function. Fixes
+      bug 6236; bugfix on 0.2.3.6-alpha.
+
+  o Minor bugfixes (error reporting):
+    - Improve tolerance for directory authorities with skewed clocks.
+      Previously, an authority with a clock more than 60 seconds ahead
+      could cause a client with a correct clock to warn that the
+      client's clock was behind.  Now the clocks of a majority of
+      directory authorities have to be ahead of the client before this
+      warning will occur.  Fixes bug 25756; bugfix on 0.2.2.25-alpha.
+
+  o Minor bugfixes (freebsd):
+    - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
+      does not stringify on FreeBSD, so we switch to tor_asprintf(). Fixes
+      bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.
+
+  o Minor bugfixes (hidden service v3):
+    - Fix a memory leak when an hidden service v3 is configured and gets a
+      SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
+    - When parsing the descriptor signature, look for the token plus an extra
+      white-space at the end. This is more correct but also will allow us to
+      support new fields that might start with "signature". Fixes bug 26069;
+      bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow the nanosleep() system call, which glibc uses to implement
+      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (path selection):
+    - Only select relays when they have the descriptors we prefer to
+      use for them. This change fixes a bug where we could select
+      a relay because it had _some_ descriptor, but reject it later with
+      a nonfatal assertion error because it didn't have the exact one we
+      wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.
+
+  o Minor bugfixes (portability):
+    - Do not align mmap length, as it is not required by POSIX, and the
+      getpagesize function is deprecated. Fixes bug 25399; bugfix on
+      0.1.1.23.
+
+  o Minor bugfixes (relay statistics):
+    - When a relay is collecting internal statistics about how many
+      create cell requests it has seen of each type, accurately count the
+      requests from relays that temporarily fall out of the consensus. (To
+      be extra conservative, we were already ignoring requests from
+      clients in our counts, and we continue ignoring them here.) Fixes
+      bug 24910; bugfix on 0.2.4.17-rc.
+
+  o Minor bugfixes (relay, crash):
+    - Avoid a crash when running with DirPort set but ORPort tuned off.
+      Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (restart-in-process):
+    - When shutting down, Tor now clears all the flags in the control.c
+      module. This should prevent a bug where authentication cookies
+      are not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
+
+  o Minor bugfixes (test):
+    - When testing workqueue event-cancellation, make sure that we actually
+      cancel an event, and that cancel each event with equal probability.
+      (It was previously possible, though extremely unlikely, for our
+      event-canceling test not to cancel any events.) Fixes bug 26008;
+      bugfix on 0.2.6.3-alpha.
+
+  o Minor bugfixes (testing):
+    - Repeat part of the test in test_client_pick_intro() a number of times,
+      to give it consistent coverage. Fixes bug 25996; bugfix on
+      0.3.2.1-alpha.
+
+  o Minor bugfixes (testing, coverage):
+    - Remove randomness from the hs_common/responsible_hsdirs test,
+      so that it always takes the same path through the function it tests.
+      Fixes bug 25997; bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (tests):
+    - Change the behavior of the "channel/outbound" test so that it never
+      causes a 10-second rollover for the EWMA circuitmux code. Previously,
+      this behavior would happen randomly, and result in fluctuating test
+      coverage. Fixes bug 25994; bugfix on 0.3.3.1-alpha.
+    - Use X509_new() to allocate certificates that will be freed later
+      with X509_free(). Previously, some parts of the unit tests had
+      used tor_malloc_zero(), which is incorrect, and which caused
+      test failures on Windows when they were built with extra hardening.
+      Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha.
+      Patch by Marcin Cieślak.
+    - While running the circuit_timeout test, fix the PRNG to a deterministic
+      AES stream, so that the test coverage from this test will itself be
+      deterministic.  Fixes bug 25995; bugfix on 0.2.2.2-alpha.
+
+  o Minor bugfixes (vanguards):
+    - Allow the last hop in a vanguard circuit to be the same as our first,
+      to prevent the adversary from influencing guard node choice by choice
+      of last hop. Also prevent the creation of A - B - A paths, or A - A
+      paths, which are forbidden by relays. Fixes bug 25870; bugfix on
+      0.3.3.1-alpha.
+
+  o Code simplification and refactoring:
+      We remove the PortForwsrding and PortForwardingHelper options, related
+      functions, and the port_forwarding tests. These options were used by
+      the now-deprecated Vidalia to help ordinary users become Tor relays or
+      bridges. Closes ticket 25409. Patch by Neel Chauhan.
+    - In order to make the OR and dir checking function in router.c less
+      confusing we renamed some functions and consider_testing_reachability()
+      has been splitted into router_should_check_reachability() and
+      router_do_reachability_checks(). Also we improved the documentation in
+      some functions. Closes ticket 18918.
+    - Initial work to isolate Libevent usage to a handful of modules in our
+      codebase, to simplify our call structure, and so that we can more
+      easily change event loops in the future if needed. Closes ticket
+      23750.
+    - Introduce a function to call getsockname() and return
+      tor_addr_t, to save a little complexity throughout the codebase.
+      Closes ticket 18105.
+    - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
+      as hsdir_index is always present. Also, we move hsdir_index_t into
+      or.h. Closes ticket 23094. Patch by Neel Chauhan.
+    - Merge functions used for describing nodes and suppress the functions
+      that do not allocate memory for the output buffer string.
+      NODE_DESC_BUF_LEN constant and format_node_description() function
+      cannot be used externally from router.c module anymore.
+      Closes ticket 25432. Patch by valentecaio.
+    - Our main loop has been simplified so that all important operations
+      happen inside events. Previously, some operations had to happen
+      outside the event loop, to prevent infinite sequences of event
+      activations. Closes ticket 25374.
+    - Put a SHA1 public key digest in hs_service_intro_point_t, and use it in
+      register_intro_circ() and service_intro_point_new(). This prevents the
+      digest from being re-calculated each time. Closes ticket 23107. Patch by
+      Neel Chauhan.
+    - Refactor token-bucket implementations to use a common backend.
+      Closes ticket 25766.
+    - Remove extern declaration of stats_n_seconds_working variable from main,
+      protecting its accesses with get_uptime() and reset_uptime() functions.
+      Closes ticket 25081, patch by “valentecaio”.
+    - Remove our previous logic for "cached gettimeofday()" -- our coarse
+      monotonic timers are fast enough for this purpose, and far less
+      error-prone. Implements part of ticket 25927.
+    - Remove the return value for fascist_firewall_choose_address_base(),
+      and sister functions such as fascist_firewall_choose_address_node()
+      and fascist_firewall_choose_address_rs(). Also, while we're here,
+      initialize the ap argument as leaving it uninitialized can pose a
+      security hazard. Closes ticket 24734. Patch by Neel Chauhan.
+    - Rename two fields of connection_t struct.
+      timestamp_lastwritten is renamed to timestamp_last_write_allowed and
+      timestamp_lastread is renamed to timestamp_last_read_allowed.
+      Closes ticket 24714, patch by "valentecaio".
+    - Since Tor requires C99, remove our old workaround code for libc
+      implementations where free(NULL) doesn't work. Closes ticket 24484.
+    - Use our standard rate-limiting code to deal with excessive libevent
+      failures, rather than the hand-rolled logic we had before.
+      Closes ticket 26016.
+    - We remove the return value of node_get_prim_orport() and
+      node_get_prim_dirport(), and introduce node_get_prim_orport()
+      in node_ipv6_or_preferred() and node_ipv6_dir_preferred() in
+      order to check for a null address. Closes ticket 23873. Patch
+      by Neel Chauhan.
+    - We switch to should_record_bridge_info() in geoip_note_client_seen() and
+      options_need_geoip_info() instead of accessing the configuration values
+      directly. Fixes bug 25290; bugfix on 0.2.1.6-alpha. Patch by Neel
+      Chauhan.
+
+  o Deprecated features:
+    - As we are not recommending 0.2.5 anymore we require relays that once had
+      an ed25519 key associated with their RSA key to always have that key
+      instead of allowing them to drop back to a version that didn't support
+      ed25519. This means they need to use a new RSA key if the want to
+      downgrade to an older version of tor without ed25519. Closes ticket 20522.
+
+  o Documentation:
+    - Correct an IPv6 error in the documentation for ExitPolicy.
+      Closes ticket 25857.  Patch from "CTassisF".
+
+  o New system requirements:
+    - Tor no longer tries to support systems without mmap() or some local
+      equivalent. Apparently, compilation on such systems has been broken for
+      some time, without anybody noticing or complaining. Closes ticket
+      25398.
+
+  o Removed features:
+    - Directory authorities will no longer support voting according to any
+      consensus method before consensus method 25. This keeps authorities
+      compatible with all authorities running 0.2.9.8 and later, and does
+      not break any clients or relays. Implements ticket 24378 and
+      proposal 290.
+    - The PortForwarding and PortForwardingHelper features have been
+      removed. The reasoning is, given that implementations of NAT traversal
+      protocols within common consumer grade routers are frequently buggy, and
+      that the target audience for a NAT punching feature is a perhaps
+      less-technically-inclined relay operator, when the helper fails to setup
+      traversal the problems are usually deep, ugly, and very router specific,
+      making them horrendously impossible for technical support to reliable
+      assist with, and thus resulting in frustration all around.  Unfortunately,
+      relay operators who would like to run relays behind NATs will need to
+      become more familiar with the port forwarding configurations on their
+      local router.  Closes 25409.
+    - The TestingEnableTbEmptyEvent option has been removed.  It was used
+      in testing simulations to measure how often connection buckets were
+      emptied, in order to improve our scheduling, but it has not
+      been actively used in years. Closes ticket 25760.
+    - The old "round-robin" circuit multiplexer (circuitmux)
+      implementation has been removed, along with a fairly large set of
+      code that existed to support it.  It has not been the default
+      circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
+      but it still required an unreasonable amount of memory and CPU.
+      Closes ticket 25268.
+
+
 Changes in version 0.3.3.5-rc - 2018-04-15
   Tor 0.3.3.5-rc fixes various bugs in earlier versions of Tor,
   including some that could affect reliability or correctness.

changes/18105

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Introduce a function to call getsockname() and return
-      tor_addr_t, to save a little complexity throughout the codebase.
-      Closes ticket 18105.

changes/24378

@@ -1,8 +0,0 @@
-  o Removed features:
-
-    - Directory authorities will no longer support voting according to any
-      consensus method before consensus method 25. This keeps authorities
-      compatible with all authorities running 0.2.9.8 and later, and does
-      not break any clients or relays. Implements ticket 24378 and
-      proposal 290.
-

changes/25857

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Correct an IPv6 error in the documentation for ExitPolicy.
-      Closes ticket 25857.  Patch from "CTassisF".

changes/bug18918

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - In order to make the OR and dir checking function in router.c less
-      confusing we renamed some functions and consider_testing_reachability()
-      has been splitted into router_should_check_reachability() and
-      router_do_reachability_checks(). Also we improved the documentation in
-      some functions. Closes ticket 18918.

changes/bug20887

@@ -1,4 +0,0 @@
-  o Minor bugfixes (freebsd):
-    - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
-      does not stringify on FreeBSD, so we switch to tor_asprintf(). Fixes
-      bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.

changes/bug23094

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
-      as hsdir_index is always present. Also, we move hsdir_index_t into
-      or.h. Closes ticket 23094. Patch by Neel Chauhan.

changes/bug23107

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Put a SHA1 public key digest in hs_service_intro_point_t, and use it in
-      register_intro_circ() and service_intro_point_new(). This prevents the
-      digest from being re-calculated each time. Closes ticket 23107. Patch by
-      Neel Chauhan.
-

changes/bug23693.1

@@ -1,4 +0,0 @@
-  o Minor bugfixes (relay, crash):
-    - Avoid a crash when running with DirPort set but ORPort tuned off.
-      Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.
-

changes/bug23909

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Directory authorities now open their key-pinning files as O_SYNC,
-      to prevent themselves from accidentally writing partial lines.
-      Closes ticket 23909.

changes/bug24031

@@ -1,13 +0,0 @@
-  o Major bugfixes (protover, voting):
-    - Revise Rust implementation of protover to use a more memory-efficient
-      voting algorithm and corresponding data structures, thus avoiding a
-      potential (but small impact) DoS attack where specially crafted protocol
-      strings would expand to several potential megabytes in memory.  In the
-      process, several portions of code were revised to be methods on new,
-      custom types, rather than functions taking interchangeable types, thus
-      increasing type safety of the module.  Custom error types and handling
-      were added as well, in order to facilitate better error dismissal/handling
-      in outside crates and avoid mistakenly passing an internal error string to
-      C over the FFI boundary.  Many tests were added, and some previous
-      differences between the C and Rust implementations have been
-      remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha.

changes/bug24484

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Since Tor requires C99, remove our old workaround code for libc
-      implementations where free(NULL) doesn't work. Closes ticket 24484.
-

changes/bug24688

@@ -1,3 +0,0 @@
-  o Minor features (performance, 32-bit):
-    - Make our timing-wheel code run a tiny bit faster on 32-bit platforms,
-      by preferring 32-bit math to 64-bit. Closes ticket 24688.

changes/bug24910

@@ -1,7 +0,0 @@
-  o Minor bugfixes (relay statistics):
-    - When a relay is collecting internal statistics about how many
-      create cell requests it has seen of each type, accurately count the
-      requests from relays that temporarily fall out of the consensus. (To
-      be extra conservative, we were already ignoring requests from
-      clients in our counts, and we continue ignoring them here.) Fixes
-      bug 24910; bugfix on 0.2.4.17-rc.

changes/bug24914

@@ -1,3 +0,0 @@
-  o Minor features (performance):
-    - Avoid a needless call to malloc() when processing an incoming
-      relay cell.  Closes ticket 24914.

changes/bug24969

@@ -1,3 +0,0 @@
-  o Minor bugfixes (Linux seccomp2 sandbox):
-    - Allow the nanosleep() system call, which glibc uses to implement
-      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.

changes/bug25226

@@ -1,4 +0,0 @@
-  o Major bugfixes (relay, denial of service):
-    - Impose a limit on circuit cell queue size. The limit can be controlled by
-      a consensus parameter. Fixes bug 25226; bugfix on 0.2.4.14-alpha.
-

changes/bug25373

@@ -1,7 +0,0 @@
-  o Major features (main loop, CPU wakeup):
-    - The bandwidth-limitation logic has been refactored so that
-      bandwidth calculations are performed on-demand, rather than
-      every TokenBucketRefillInterval milliseconds.
-      This change should improve the granularity of our bandwidth
-      calculations, and limit the number of times that the Tor process needs
-      to wake up when it is idle. Closes ticket 25373.

changes/bug25398

@@ -1,5 +0,0 @@
-  o New system requirements:
-    - Tor no longer tries to support systems without mmap() or some local
-      equivalent. Apparently, compilation on such systems has been broken for
-      some time, without anybody noticing or complaining. Closes ticket
-      25398.

changes/bug25399

@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability):
-    - Do not align mmap length, as it is not required by POSIX, and the
-      getpagesize function is deprecated. Fixes bug 25399; bugfix on
-      0.1.1.23.
-

changes/bug25400

@@ -1,5 +0,0 @@
-  o Minor bugfix (controler):
-    - Make CIRC_BW event reflect the total of all data sent on a circuit,
-      including padding and dropped cells. Also fix a mis-counting bug
-      when STREAM_BW events were enabled. Fixes bug 25400; bugfix on
-      0.2.5.2-alpha.

changes/bug25409

@@ -1,12 +0,0 @@
-  o Removed features:
-    - The PortForwarding and PortForwardingHelper features have been
-      removed. The reasoning is, given that implementations of NAT traversal
-      protocols within common consumer grade routers are frequently buggy, and
-      that the target audience for a NAT punching feature is a perhaps
-      less-technically-inclined relay operator, when the helper fails to setup
-      traversal the problems are usually deep, ugly, and very router specific,
-      making them horrendously impossible for technical support to reliable
-      assist with, and thus resulting in frustration all around.  Unfortunately,
-      relay operators who would like to run relays behind NATs will need to
-      become more familiar with the port forwarding configurations on their
-      local router.  Closes 25409.

changes/bug25415

@@ -1,4 +0,0 @@
-  o Major bugfixes (directory authority):
-    - Avoid a crash when testing router reachability on a router that could
-      have an ed25519 ID, but which does not. Fixes bug 25415; bugfix on
-      0.3.3.2-alpha.

changes/bug25425

@@ -1,4 +0,0 @@
-  o Minor features (testing):
-    - A new unittests module specifically for testing the functions in the
-      (new-ish) bridges.c module has been created with new unittests, raising
-      the code coverage percentages.  Closes 25425.

changes/bug25512

@@ -1,5 +0,0 @@
-  o Minor bugfixes (restart-in-process):
-    - When shutting down, Tor now clears all the flags in the control.c
-      module. This should prevent a bug where authentication cookies
-      are not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.
-

changes/bug25675

@@ -1,4 +0,0 @@
-  o Minor bugfixes (C correctness):
-    - Add a missing lock acquisition in the shutdown code of the
-      control subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found
-      by Coverity; this is CID 1433643.

changes/bug25691_again

@@ -1,6 +0,0 @@
-  o Minor bugfixes (path selection):
-    - Only select relays when they have the descriptors we prefer to
-      use for them. This change fixes a bug where we could select
-      a relay because it had _some_ descriptor, but reject it later with
-      a nonfatal assertion error because it didn't have the exact one we
-      wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.

changes/bug25705

@@ -1,5 +0,0 @@
-  o Minor bugfixes (circuit path selection):
-    - Don't count path selection failures as circuit build failures. This
-      should eliminate cases where Tor blames its guard or the network
-      for situations like insufficient microdescriptors and/or overly
-      restrictive torrc settings. Fixes bug 25705; bugfix on 0.3.3.1-alpha.

changes/bug25733

@@ -1,4 +0,0 @@
-  o Minor bugfixes (Assert crash):
-    - Avoid an assert in the circuit build timeout code if we fail to
-      allow any circuits to actually complete. Fixes bug 25733;
-      bugfix on 0.2.2.2-alpha.

changes/bug25756

@@ -1,7 +0,0 @@
-  o Minor bugfixes (error reporting):
-    - Improve tolerance for directory authorities with skewed clocks.
-      Previously, an authority with a clock more than 60 seconds ahead
-      could cause a client with a correct clock to warn that the
-      client's clock was behind.  Now the clocks of a majority of
-      directory authorities have to be ahead of the client before this
-      warning will occur.  Fixes bug 25756; bugfix on 0.2.2.25-alpha.

changes/bug25761

@@ -1,3 +0,0 @@
-  o Major bugfixes (onion service):
-    - Correctly detect when onion services get disabled after HUP.
-      Fixes bug 25761; bugfix on 0.3.2.1.

changes/bug25828

@@ -1,7 +0,0 @@
-  o Minor bugfixes (bandwidth management):
-    - Consider ourselves "low on write bandwidth" if we have exhausted our
-      write bandwidth some time in the last second. This was the
-      documented behavior before, but the actual behavior was to change
-      this value every TokenBucketRefillInterval. Fixes bug 25828; bugfix on
-      0.2.3.5-alpha.
-

changes/bug25843

@@ -1,3 +0,0 @@
-  o Minor feature (entry guards):
-    - Introduce torrc option NumPrimaryGuards for controlling the number of
-      primary guards. Closes ticket 25843.

changes/bug25852

@@ -1,5 +0,0 @@
-  o Minor bugfixes (control interface):
-    - Respond with more human readable error messages to GETINFO
-      exit-policy/* requests. Also, let controller know if error
-      is transient (response code 551) or not (response code 552).
-      Fixes bug 25852; bugfix on 0.2.8.1-alpha.

changes/bug25870

@@ -1,6 +0,0 @@
-  o Minor bugfixes (vanguards):
-    - Allow the last hop in a vanguard circuit to be the same as our first,
-      to prevent the adversary from influencing guard node choice by choice
-      of last hop. Also prevent the creation of A - B - A paths, or A - A
-      paths, which are forbidden by relays. Fixes bug 25870; bugfix on
-      0.3.3.1-alpha.

changes/bug25901

@@ -1,3 +0,0 @@
-  o Minor bugfixes (hidden service v3):
-    - Fix a memory leak when an hidden service v3 is configured and gets a
-      SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.

changes/bug25943

@@ -1,7 +0,0 @@
-  o Minor bugfixes (tests):
-    - Use X509_new() to allocate certificates that will be freed later
-      with X509_free(). Previously, some parts of the unit tests had
-      used tor_malloc_zero(), which is incorrect, and which caused
-      test failures on Windows when they were built with extra hardening.
-      Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha.
-      Patch by Marcin Cieślak.

changes/bug26007

@@ -1,5 +0,0 @@
-  o Major bugfixes (directory authorities, security):
-    - When directory authorities read a zero-byte bandwidth file, they log
-      a warning with the contents of an uninitialised buffer. Log a warning
-      about the empty file instead.
-      Fixes bug 26007; bugfix on 0.2.2.1-alpha.

changes/bug26052

@@ -1,6 +0,0 @@
-  o Minor bugfixes (documentation):
-    - Stop saying in the manual that clients cache ipv4 dns answers
-      from exit relays. We haven't used them since 0.2.6.3-alpha, and
-      in ticket 24050 we stopped even caching them as of 0.3.2.6-alpha,
-      but we forgot to say so in the man page. Fixes bug 26052; bugfix
-      on 0.3.2.6-alpha.

changes/bug26069

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden service v3):
-    - When parsing the descriptor signature, look for the token plus an extra
-      white-space at the end. This is more correct but also will allow us to
-      support new fields that might start with "signature". Fixes bug 26069;
-      bugfix on 0.3.0.1-alpha.

changes/coveralls

@@ -1,3 +0,0 @@
-  o Minor features (continuous integration):
-    - Our Travis CI configuration now integrates with the Coveralls coverage
-      analysis tool. Closes ticket 25818.

changes/feature19429

@@ -1,5 +0,0 @@
-  o Minor features (compatibility):
-    - Tor now detects versions of OpenSSL 1.1.0 and later compiled with the
-      no-deprecated option, and builds correctly with them. Closes
-      tickets 19429, 19981, and 25353.
-

changes/feature25150

@@ -1,4 +0,0 @@
-  o Minor features (performance, allocation):
-    - Avoid a needless malloc()/free() pair every time we handle an ntor
-      handshake. Closes ticket 25150.
-

changes/geoip-2018-05-01

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2
-      Country database. Closes ticket 26104.
-

changes/isolate_libevent

@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Initial work to isolate Libevent usage to a handful of modules in our
-      codebase, to simplify our call structure, and so that we can more
-      easily change event loops in the future if needed. Closes ticket
-      23750.

changes/ticket20522

@@ -1,6 +0,0 @@
-  o Deprecated features:
-    - As we are not recommending 0.2.5 anymore we require relays that once had
-      an ed25519 key associated with their RSA key to always have that key
-      instead of allowing them to drop back to a version that didn't support
-      ed25519. This means they need to use a new RSA key if the want to
-      downgrade to an older version of tor without ed25519. Closes ticket 20522.

changes/ticket23354

@@ -1,6 +0,0 @@
-  o Minor features (configuration):
-    - The "DownloadSchedule" options have been renamed to end with
-      "DownloadInitialDelay".  The old names are still allowed, but will
-      produce a warning. Comma-separated lists are still permitted for
-      these options, but all values after the first are ignored (as they have
-      been since 0.2.9). Closes ticket 23354.

changes/ticket23873

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - We remove the return value of node_get_prim_orport() and
-      node_get_prim_dirport(), and introduce node_get_prim_orport()
-      in node_ipv6_or_preferred() and node_ipv6_dir_preferred() in
-      order to check for a null address. Closes ticket 23873. Patch
-      by Neel Chauhan.

changes/ticket24714

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Rename two fields of connection_t struct.
-      timestamp_lastwritten is renamed to timestamp_last_write_allowed and
-      timestamp_lastread is renamed to timestamp_last_read_allowed.
-      Closes ticket 24714, patch by "valentecaio".
-

changes/ticket24734

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove the return value for fascist_firewall_choose_address_base(),
-      and sister functions such as fascist_firewall_choose_address_node()
-      and fascist_firewall_choose_address_rs(). Also, while we're here,
-      initialize the ap argument as leaving it uninitialized can pose a
-      security hazard. Closes ticket 24734. Patch by Neel Chauhan.

changes/ticket24740

@@ -1,5 +0,0 @@
-  o Minor bugfixes (directory server cert fetch):
-    - Fixed launching a certificate fetch always during the scheduled
-      periodic consensus fetch by fetching only in those cases when
-      consensus are waiting for certs.
-      Fixes bug 24740; bugfix on 0.2.9.1-alpha.

changes/ticket25024

@@ -1,4 +0,0 @@
-  o Minor features (code quality):
-    - Add optional spell-checking for the Tor codebase, using the "misspell"
-      program.  To use this feature, run "make check-typos".
-      Closes ticket 25024.

changes/ticket25081

@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove extern declaration of stats_n_seconds_working variable from main,
-      protecting its accesses with get_uptime() and reset_uptime() functions.
-      Closes ticket 25081, patch by “valentecaio”.
-

changes/ticket25162

@@ -1,6 +0,0 @@
-  o Minor features (compression, zstd):
-    - When running with zstd, Tor now considers using advanced functions that
-      the zstd maintainers have labeled as potentially unstable. To
-      prevent breakage, Tor will only use this functionality when
-      the runtime version of the zstd library matches the version
-      with which it were compiled.  Closes ticket 25162.

changes/ticket25261

@@ -1,3 +0,0 @@
-  o Minor bugfix (Multiple includes):
-    - Fixed multiple includes of trasports.h in src/or/connection.c
-      Fixes bug 25261; bugfix on 0.2.5.1-alpha.

changes/ticket25268

@@ -1,7 +0,0 @@
-  o Removed features:
-    - The old "round-robin" circuit multiplexer (circuitmux)
-      implementation has been removed, along with a fairly large set of
-      code that existed to support it.  It has not been the default
-      circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
-      but it still required an unreasonable amount of memory and CPU.
-      Closes ticket 25268.

changes/ticket25290

@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - We switch to should_record_bridge_info() in geoip_note_client_seen() and
-      options_need_geoip_info() instead of accessing the configuration values
-      directly. Fixes bug 25290; bugfix on 0.2.1.6-alpha. Patch by Neel
-      Chauhan.

changes/ticket25374

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Our main loop has been simplified so that all important operations
-      happen inside events. Previously, some operations had to happen
-      outside the event loop, to prevent infinite sequences of event
-      activations. Closes ticket 25374.
-

changes/ticket25376_25762

@@ -1,10 +0,0 @@
-  o Major feature (main loop, CPU usage):
-    - Previously, tor would enable at startup all possible main loop event
-      regardless if it needed them. For instance, directory authorities
-      callbacks were fired up even for client only. We have now refactored this
-      whole interface to only enable the appropriate callbacks depending on what
-      are tor roles (client only, relay, hidden service, etc.). Furthermore,
-      these events now depend on DisableNetwork or the hibernation state in
-      order to enable them. This is a big step towards reducing client CPU usage
-      by reducing the amount of wake ups the daemon does. Closes ticket 25376
-      and 25762.

changes/ticket25409

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-      We remove the PortForwsrding and PortForwardingHelper options, related
-      functions, and the port_forwarding tests. These options were used by
-      the now-deprecated Vidalia to help ordinary users become Tor relays or
-      bridges. Closes ticket 25409. Patch by Neel Chauhan.
-

changes/ticket25432

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Merge functions used for describing nodes and suppress the functions
-      that do not allocate memory for the output buffer string.
-      NODE_DESC_BUF_LEN constant and format_node_description() function
-      cannot be used externally from router.c module anymore.
-      Closes ticket 25432. Patch by valentecaio.

changes/ticket25511

@@ -1,5 +0,0 @@
-  o Minor features (control port):
-    - Introduce GETINFO "current-time/{local,utc}" to return the local
-      and UTC times respectively in ISO format. This helps a controller
-      like Tor Browser detect a time-related error. Closes ticket 25511.
-      Patch by Neel Chauhan.

changes/ticket25610

@@ -1,5 +0,0 @@
-  o Major feature (directory authority, modularization):
-    - The directory authority subsystem has been modularized. The code is now
-      located in src/or/dirauth/ which is compiled in by default. To disable the
-      module, the configure option --disable-module-dirauth has been added.
-      Closes ticket 25610;

changes/ticket25645

@@ -1,4 +0,0 @@
-  o Minor bugfixes (channel_get_for_extend()):
-    - Remove the unused variable n_possible from the function
-      Fixes bug 25645; bugfix on 0.2.4.4-alpha
-

changes/ticket25760

@@ -1,5 +0,0 @@
-  o Removed features:
-    - The TestingEnableTbEmptyEvent option has been removed.  It was used
-      in testing simulations to measure how often connection buckets were
-      emptied, in order to improve our scheduling, but it has not
-      been actively used in years. Closes ticket 25760.

changes/ticket25766

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring:
-    - Refactor token-bucket implementations to use a common backend.
-      Closes ticket 25766.

changes/ticket25903

@@ -1,6 +0,0 @@
-  o Minor features (control port):
-    - Introduce new fields to the CIRC_BW event. There are two new fields in
-      each of the read and written directions. The DELIVERED fields report the
-      total valid data on the circuit, as measured by the payload sizes of
-      verified and error-checked relay command cells. The OVERHEAD fields
-      report the total unused bytes in each of these cells. Closes ticket 25903.

changes/ticket25927.1

@@ -1,6 +0,0 @@
-  o Minor features (timekeeping, circuit scheduling):
-    - When keeping track of how busy each circuit have been recently on
-      a given connection, use coarse-grained monotonic timers rather than
-      gettimeofday(). This change should marginally increase accuracy
-      and performance.  Implements part of ticket 25927.
-

changes/ticket25927.2

@@ -1,5 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove our previous logic for "cached gettimeofday()" -- our coarse
-      monotonic timers are fast enough for this purpose, and far less
-      error-prone. Implements part of ticket 25927.
-

changes/ticket25931

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      rescanning the consensus cache
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket:
-      25931.
-

changes/ticket25932

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      closing connections, circuits, and channels
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25932.
-

changes/ticket25937

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      consensus voting
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25937.
-

changes/ticket25948

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      saving the state file to disk
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25948.
-

changes/ticket25949

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      honoring delayed SIGNEWNYM requests
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25949.
-

changes/ticket25951

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      flushing log callbacks
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25951.
-

changes/ticket25952

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-    - Move responsibility for
-      warning relay operators about unreachable ports
-      from a once-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      25952.
-

changes/ticket25993

@@ -1,4 +0,0 @@
-  o Minor features (testing):
-    - We now have improved testing for addressmap_get_virtual_address()
-      function.  This should improve our test coverage, and make our test
-      coverage more deterministic. Closes ticket 25993.

changes/ticket25994

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tests):
-    - Change the behavior of the "channel/outbound" test so that it never
-      causes a 10-second rollover for the EWMA circuitmux code. Previously,
-      this behavior would happen randomly, and result in fluctuating test
-      coverage. Fixes bug 25994; bugfix on 0.3.3.1-alpha.

changes/ticket25995

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tests):
-    - While running the circuit_timeout test, fix the PRNG to a deterministic
-      AES stream, so that the test coverage from this test will itself be
-      deterministic.  Fixes bug 25995; bugfix on 0.2.2.2-alpha.
-

changes/ticket25996

@@ -1,5 +0,0 @@
-  o Minor bugfixes (testing):
-    - Repeat part of the test in test_client_pick_intro() a number of times,
-      to give it consistent coverage. Fixes bug 25996; bugfix on
-      0.3.2.1-alpha.
-

changes/ticket25997

@@ -1,5 +0,0 @@
-  o Minor bugfixes (testing, coverage):
-    - Remove randomness from the hs_common/responsible_hsdirs test,
-      so that it always takes the same path through the function it tests.
-      Fixes bug 25997; bugfix on 0.3.2.1-alpha.
-

changes/ticket26004

@@ -1,5 +0,0 @@
-  o Minor features (directory authority, forward compatibility):
-    - Make the lines of the measured bandwidth file able to contain their
-      entries in any order. Previously, the node_id entry needed to come
-      first. Closes ticket 26004.
-

changes/ticket26006

@@ -1,4 +0,0 @@
-  o Minor features (compilation, portability):
-    - Avoid some compilation warnings with recent versions
-      of LibreSSL. Closes ticket 26006.
-

changes/ticket26008

@@ -1,7 +0,0 @@
-  o Minor bugfixes (test):
-    - When testing workqueue event-cancellation, make sure that we actually
-      cancel an event, and that cancel each event with equal probability.
-      (It was previously possible, though extremely unlikely, for our
-      event-canceling test not to cancel any events.) Fixes bug 26008;
-      bugfix on 0.2.6.3-alpha.  
-

changes/ticket26009

@@ -1,9 +0,0 @@
-  o Minor features (mainloop):
-   - Move responsibility for
-     keeping track of Tor's uptime
-      from a nce-per-second callback to a callback that is only scheduled as
-      needed.  Once enough items are removed from our once-per-second
-      callback, we can eliminate it entirely to conserve CPU when idle.
-      Closes ticket
-      26009.
-

changes/ticket26014

@@ -1,4 +0,0 @@
-  o Minor features (Testing):
-    - Add a unit test for voting_schedule_get_start_of_next_interval().
-      Closes ticket 26014, and helps make unit test coverage more
-      deterministic.

changes/ticket26016

@@ -1,4 +0,0 @@
-  o Code simplification and refactoring:
-    - Use our standard rate-limiting code to deal with excessive libevent
-      failures, rather than the hand-rolled logic we had before.
-      Closes ticket 26016.

changes/ticket26062

@@ -1,4 +0,0 @@
-  o Minor bugfixes (client):
-    - Don't consider Tor running as a client if the ControlPort is open. Fixes
-      bug 26062; bugfix on 0.2.9.4-alpha.
-

changes/ticket26063

@@ -1,5 +0,0 @@
-  o Major features (CPU usage, mobile):
-    - When Tor is disabled (via DisableNetwork or via hibernation), it
-      no longer needs to run any per-second events.  This change should
-      make it easier for mobile applications to disable Tor while the
-      device is sleeping, or Tor is not running.  Closes ticket 26063.

changes/ticket26064

@@ -1,5 +0,0 @@
-  o Minor features (accounting):
-    - When we become dormant, use a scheduled event to wake up at the right
-      time.  Previously, we would use the per-second timer to check whether
-      to wake up, but we no longer have any per-second timers enabled when
-      the network is disabled. Closes ticket 26064.

changes/ticket4187

@@ -1,3 +0,0 @@
-  o Minor bugfixes (directory client):
-    - When unverified-consensus is verified, rename it to cached-consenus.
-      Fixes bug 4187; bugfix on 0.2.0.3-alpha.

changes/ticket6236

@@ -1,4 +0,0 @@
-  o Minor bugfixes (Duplicate code):
-    - Remove duplicate code in parse_{c,s}method_line and bootstrap
-      their functionalities into a single function. Fixes
-      bug 6236; bugfix on 0.2.3.6-alpha.

changes/travis_distcheck

@@ -1,4 +0,0 @@
-  o Minor features (continuous integration):
-    - Our .travis.yml configuration now includes support for testing
-      the results of "make distcheck". (It's not uncommon for "make check" to
-      pass but "make distcheck" to fail.)  Closes ticket 25814.