Start working on an 0.2.3 changelog

This is just sorting the entries and lightly editing a couple of problems I found.
2024-11-24 04:13:28 +01:00 · 2015-02-05 14:01:56 -05:00 · 2015-02-05 14:01:56 -05:00 · f8ecdd7031
commit f8ecdd7031
parent 2274221557
70 changed files with 356 additions and 367 deletions
--- a/356
+++ b/356
@ -1,3 +1,359 @@
 Changes in version 0.2.6.3-alpha - 2015-02-??
  blah blah blah
  o Major features (changed defaults):
    - Prevent relay operators from unintentionally running exits: When
      a relay is configured as an exit node, we now warn the user
      unless the 'ExitRelay' option is set to 1. We warn even more
      loudly if the relay is configured with the default exit policy,
      since this tends to indicate accidental misconfiguration.
      Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
      Closes ticket 10067.
  o Major features (security)
    - Implementation of an AF_UNIX socket  option to implement a SOCKS
      proxy reachable by Unix Domain Socket. This allows client applications to
      communicate with Tor without having the ability to create AF_INET or
      AF_INET6 family sockets. If an application has permission to create a socket
      with AF_UNIX, it may directly communicate with Tor as if it were an other
      SOCKS proxy. This should allow high risk applications to be entirely prevented
      from connecting directly with TCP/IP, they will be able to only connect to the
      internet through AF_UNIX and only through Tor.
      To create a socket of this type, use the syntax "unix:/path/to/socket".
      Closes ticket 12585.
  o Major features (hidden services):
    - Support mapping hidden service virtual ports to AF_UNIX sockets on
      suitable platforms.  Resolves ticket #11485.
  o Major features (performance):
    - Refactor the CPU worker implementation for better performance by
      avoiding the kernel and lengthening pipelines. The original
      implementation used sockets to transfer data from the main thread
      to the worker threads, and didn't allow any thread to be assigned
      more than a single piece of work at once. The new implementation
      avoids communications overhead by making requests in shared
      memory, avoiding kernel IO where possible, and keeping more
      request in flight at once. Resolves issue #9682.
  o Removed features:
    - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
      longer silently accepted as an alias for 'ExitNodes'.
  o Major bugfixes (client):
    - Allow MapAddress and AutomapHostsOnResolve to work together when an
      address is mapped into another address type that must be
      automapped at resolve time.  Fixes bug 7555; bugfix on
      0.2.0.1-alpha.
  o Major bugfixes (exit node stability):
    - Fix an assertion failure that could occur under high DNS load.  Fixes
      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
      by "cypherpunks".
  o Major bugfixes (mixed relay-client operation):
    - When running as a relay and a client at the same time (not
      recommended), if we decide not to use a new guard because we
      want to retry older guards, only close the locally-originating
      circuits passing through that guard. Previously we would close
      all the circuits. Fixes bug 9819; bugfix on
      0.2.1.1-alpha. Reported by "skruffy".
  o Minor features (authorities, testing):
    - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard.
      Ensures that authorities vote the HSDir flag for the listed
      relays regardless of uptime or ORPort connectivity.
      Respects the value of VoteOnHidServDirectoriesV2.
      Partial implementation for ticket 14067. Patch by "teor".
  o Minor features (build):
    - New --disable-system-torrc compile-time option to prevent Tor from
      looking for a system-wide torrc or torrc-defaults tile. Resolves
      ticket 13037.
  o Minor features (controller):
    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
      events to let controllers observe circuit isolation inputs.
      Closes ticket 8405.
    - ControlPort now supports the unix:/path/to/dir syntax as an alternative
      to the ControlSocket option, for consistency with SocksPort and
      hidden services.  Closes ticket 14451.
    - New "GETINFO bw-event-cache" to get information about recent bandwidth
      events. Closes ticket 14128. Useful for controllers to get recent
      bandwidth history after the fix for 13988.
  o Minor features (directory client):
    - When downloading server- or microdescriptors from a directory server,
      we no longer launch multiple simultaneous requests to the same server.
      This reduces load on the directory servers, especially when directory
      guards are in use.  Closes ticket 9969.
    - When downloading server- or microdescriptors over a tunneled
      connection, do not limit the length of our request to what the Squid
      proxy is willing to handle.  Part of ticket 9969.
  o Minor features (directory system):
    - Authorities can now vote on the correct digests and latest versions for
      different software packages. This allows packages that include Tor to use
      the Tor authority system as a way to get notified of updates and their
      correct digests. Implements proposal 227. Closes ticket 10395.
  o Minor features (directory, memory usage):
    - When we have recently been under memory pressure (over 3/4 of
      MaxMemInQueues is allocated), then allocate smaller zlib objects for
      small requests. Closes ticket 11791.
  o Minor features (DOS resistance):
    - Count the total number of bytes used storing hidden service descriptors
      against the value of MaxMemInQueues. If we're low on memory, and more
      than 20% of our memory is used holding hidden service descriptors, free
      them until no more than 10% of our memory holds hidden service
      descriptors. Free the least recently fetched descriptors first.
      Resolves ticket 13806.
  o Minor features (geoip):
    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.
  o Minor features (Guard nodes):
    - Reduce the time delay before saving guard status to disk from 10
      minute to 30 seconds (or from one hour to 10 minutes if
      AvoidDiskWrites is set).  Closes ticket 12485.
  o Minor features (hidden service):
    - Make hidden service Sybil attacks harder by changing the minimum
      time required to become an HSDir from 25 hours up to 96 hours.
      Addresses ticket #14149.
    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
      services to disable the anti-scanning feature introduced in
      0.2.6.2-alpha. With this option not set, a connection to an
      unlisted port closes the circuit.  With this option set, only a
      RELAY_DONE cell is sent.  Closes ticket #14084.
  o Minor features (interface):
    - Implement '-f -' CLI suboption to allow torrc to be read
      from standard input, thus not requiring to store torrc in file
      system. Implements feature 13865.
  o Minor features (logging):
    - Add a count of unique clients to the bridge heartbeat message. Resolves
      ticket 6852.
    - Suppress "router info incompatible with extra info" message when
      reading extrainfo documents from cache. (This message got loud
      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket
      13762.
    - Elevate authorized-client message from DEBUG to INFO. Closes
      ticket 14015.
  o Minor features (systemd):
    - Various improvements and modernizations in systemd hardening support.
      Closes ticket 13805. Patch from Craig Andrews.
  o Minor features (stability):
    - Prevent bugs from causing infinite loops in our hash-table
      iteration code by adding assertions that cached hash values have
      not been corrupted. Closes ticket 11737.
  o Minor features (testing networks):
    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
      and the default to 2 minutes. Closes ticket 13401. Patch by "nickm".
    - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
      but keep the default at 30 seconds. This reduces HS bootstrap time to
      around 25 seconds. Change src/test/test-network.sh default time to match.
      Closes ticket 13401. Patch by "teor".
  o Minor bugfixes (automapping):
    - Prevent changes to other options from removing the wildcard value "."
      from "AutomapHostsSuffixes".
      Fixes bug 12509; bugfix on 0.2.0.1-alpha.
  o Minor bugfixes (build):
    - Avoid warnings when building with systemd 209 or later.
      Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
  o Minor bugfixes (client DNS):
    - Report the correct cached DNS expiration times. Previously, we
      would report everything as "never expires."  Fixes bug 14193;
      bugfix on 0.2.3.17-beta.
    - Avoid a small memory leak when we find a cached answer for a reverse
      DNS lookup in a client-side DNS cache. (Remember, client-side DNS
      caching is off by default, and is not recommended.) Fixes bug 14259;
      bugfix on 0.2.0.1-alpha.
  o Minor bugfixes (client, automapping):
    - Check for a missing option value in parse_virtual_addr_network
      before asserting on the NULL in tor_addr_parse_mask_ports.
      This avoids crashing on torrc lines like
      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
      Fixes bug 14142; bugfix on 0.2.4.7-alpha.
      Patch by "teor".
    - Fix a memory leak when using AutomapHostsOnResolve.
      Fixes bug 14195; bugfix on 0.1.0.1-rc.
  o Minor bugfixes (client, IPV6):
    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
      flag is not set; and not because the NoIPv4Traffic flag was set.
      Previously we'd looked at the NoIPv4Traffic flag for both types
      of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
  o Minor bugfixes (client, bridges):
    - When we are using bridges and we had a network connectivity problem, only
      retry connecting to our currently configured bridges, not all bridges we
      know about and remember using.
      Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma.
  o Minor bugfixes (compilation):
    - Build without warnings with the stock OpenSSL srtp.h header,
      which has a duplicate declaration of SSL_get_selected_srtp_profile().
      Fixes bug 14220; this is OpenSSL's bug, not ours.
    - The address of an array in the middle of a structure will
      always be non-NULL. clang recognises this and complains.
      Disable the tautologous and redundant check to silence
      this warning.
      Fixes bug 14001; bugfix on 0.2.1.2-alpha.
    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
      Addresses ticket 14188.
  o Minor bugfixes (controller):
    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
      reason.  Fixes bug 14207; bugfix on 0.2.6.2-alpha.
    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
      bugfix on 0.2.2.9-alpha.
  o Minor bugfixes (directory authority):
    - Allow directory authorities to fetch more data from one
      another if they find themselves missing lots of votes.
      Previously, they had been bumping against the 10 MB queued
      data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha.
    - Enlarge the buffer to read bw-auth generated files to avoid an
      issue when parsing the file in dirserv_read_measured_bandwidths().
      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
  o Minor bugfixes (file handling):
    - Stop failing when key files are zero-length. Instead, generate new
      keys, and overwrite the empty key files.
      Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor".
    - Stop generating a fresh .old RSA key file when the .old file is
      missing. Fixes part of 13111; bugfix on 0.0.6rc1.
    - Avoid overwriting .old key files with empty key files.
    - Skip loading zero-length extra info store, router store, stats, state,
      and key files.
    - Avoid crashing when trying to reload a torrc specified as a relative
      path with RunAsDaemon turned on.  Fixes bug 13397; bugfix on
      0.2.3.11-alpha.
  o Minor bugfixes (hidden services):
    - Close the intro circuit once we don't have any more usable intro
      points instead of making it timeout at some point. This also make sure
      no extra HS descriptor fetch is triggered.
      Fixes bug 14224; bugfix on 0.0.6.
    - When fetching a hidden service descriptor for a down service that we
      recently up, do not keep refetching until we try the same replica twice
      in a row.  Fixes bug 14219; bugfix on 0.2.0.10-alpha.
    - Successfully launch Tor with a nonexistent hidden service directory.
      Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
      bugfix on 0.2.6.2-alpha.
  o Minor bugfixes (logging):
    - Avoid crashing when there are more log domains than entries in
      domain_list.  Bugfix on 0.2.3.1-alpha.
    - Add a string representation for LD_SCHED.  Fixes bug 14740;
      bugfix on 0.2.6.1-alpha.
  o Minor bugfixes (parsing):
    - Stop accepting milliseconds (or other junk) at the end of
      descriptor publication times. Fixes bug 9286; bugfix on
      0.0.2pre25.
    - Support two-number and three-number version numbers correctly, in
      case we change the Tor versioning system in the future.  Fixes bug
      13661; bugfix on 0.0.8pre1.
  o Minor bugfixes (portability):
    - Fix the ioctl()-based network interface lookup code so that it will
      work on systems that have variable-length struct ifreq, for example
      Mac OS X.
  o Minor bugfixes (shutdown):
    - When shutting down, always call event_del() on lingering read or
      write events before freeing them. Otherwise, we risk double-frees
      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
      0.1.0.2-rc.
  o Minor bugfixes (small memory leaks):
    - Avoid leaking memory when using IPv6 virtual address mappings.
      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
      Woerdt.
  o Minor bugfixes (statistics):
    - Increase period over which bandwidth observations are aggregated
      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
  o Minor bugfixes (systemd support):
    - Fix detection and operation of systemd watchdog. Fixes part of
      bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
    - Run correctly under systemd with the RunAsDaemon option set.
      Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz
      Torcz.
    - Inform the systemd supervisor about more changes in the Tor process
      status. Implements part of ticket 14141. Patch from Tomasz Torcz.
    - Cause the "--disable-systemd" option to actually disable systemd
      support.  Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from
      "blueness".
  o Minor bugfixes (TLS):
    - Check more thoroughly throughout the TLS code for possible unlogged
      TLS errors. Possible diagnostic or fix for bug 13319.
  o Code simplification and refactoring:
    - Move fields related to isolating and configuring client ports
      into a shared structure. Previously, they were duplicated across
      port_cfg_t, listener_connection_t, and edge_connection_t.
      Failure to copy one of them correctly had been the cause of at
      least one bug in the past.  Closes ticket 8546.
    - Refactor the get_interface_addresses_raw() Doom-function into
      multiple smaller and easier to understand subfunctions. Cover the
      resulting subfunctions with unit-tests. Fixes a significant portion 
      of issue 12376.
    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only
      for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202.
    - Remove a test for a long-defunct broken version-one directory server.
  o Documentation:
    - Adding section on OpenBSD to our TUNING document. Thanks to
      mmcc for writing the OpenBSD-specific tips. Resolves ticket
      13702.
    - Make the tor-resolve documentation match its help string and its
      options. Resolves part of ticket 14325.
    - Log a more useful error message from tor-resolve when failing to
      look up a hidden service address. Resolves part of ticket 14325.
  o Downgraded warnings:
    - Don't warn when we've attempted to contact a relay using the wrong
      ntor onion key. Closes ticket 9635.
  o Testing:
    - Make the checkdir/perms test complete successfully even if the
      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
    - Test that tor does not fail when key files are zero-length.
      Check that tor generates new keys, and overwrites the empty key files.
    - Test that tor generates new keys when keys are missing (existing
      behaviour).
    - Test that tor does not overwrite key files that already contain data
      (existing behaviour).
      Tests bug 13111. Patch by "teor".
    - New "make test-stem" target to run stem integration tests.
      Requires that the "STEM_SOURCE_DIR" environment variable be set.
      Closes ticket 14107.
    - Make the test_cmdline_args.py script work correctly on Windows.
      Patch from Gisle Vanem.
    - Move the slower unit tests into a new "./src/test/test-slow" binary
      that can be run independently of the other tests. Closes ticket 13243.
    - Avoid undefined behavior when sampling huge values from the
      Laplace distribution. This made unittests fail on Raspberry Pi.
      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
 Changes in version 0.2.6.2-alpha - 2014-12-31
  Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
  It introduces a major new backend for deciding when to send cells on
--- a/changes/better_workqueues
+++ b/changes/better_workqueues
@ -1,10 +0,0 @@
  o Major features:
    - Refactor the CPU worker implementation for better performance by
      avoiding the kernel and lengthening pipelines. The original
      implementation used sockets to transfer data from the main thread
      to the worker threads, and didn't allow any thread to be assigned
      more than a single piece of work at once. The new implementation
      avoids communications overhead by making requests in shared
      memory, avoiding kernel IO where possible, and keeping more
      request in flight at once. Resolves issue #9682.
--- a/changes/bug11791
+++ b/changes/bug11791
@ -1,4 +0,0 @@
  o Minor features (directory, memory usage):
    - When we have recently been under memory pressure (over 3/4 of
      MaxMemInQueues is allocated), then allocate smaller zlib objects for
      small requests. Closes ticket 11791.
--- a/changes/bug12485
+++ b/changes/bug12485
@ -1,4 +0,0 @@
  o Minor features (Guard nodes):
    - Reduce the time delay before saving guard status to disk from 10
      minute to 30 seconds (or from one hour to 10 minutes if
      AvoidDiskWrites is set).  Closes ticket 12485.
--- a/changes/bug12509
+++ b/changes/bug12509
@ -1,4 +0,0 @@
  o Minor bugfixes (automapping):
    - Prevent changes to other options from removing the wildcard value "."
      from "AutomapHostsSuffixes".
      Fixes bug 12509; bugfix on 0.2.0.1-alpha.
--- a/changes/bug12585
+++ b/changes/bug12585
@ -1,12 +0,0 @@
  o Major features (security)
    - Implementation of an AF_UNIX socket  option to implement a SOCKS
      proxy reachable by Unix Domain Socket. This allows client applications to
      communicate with Tor without having the ability to create AF_INET or
      AF_INET6 family sockets. If an application has permission to create a socket
      with AF_UNIX, it may directly communicate with Tor as if it were an other
      SOCKS proxy. This should allow high risk applications to be entirely prevented
      from connecting directly with TCP/IP, they will be able to only connect to the
      internet through AF_UNIX and only through Tor.
      To create a socket of this type, use the syntax "unix:/path/to/socket".
      Closes ticket 12585.
--- a/changes/bug12985
+++ b/changes/bug12985
@ -1,5 +0,0 @@
  o Minor bugfixes (shutdown):
    - When shutting down, always call event_del() on lingering read or
      write events before freeing them. Otherwise, we risk double-frees
      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
      0.1.0.2-rc.
--- a/changes/bug13111-generate-keys-on-empty-file
+++ b/changes/bug13111-generate-keys-on-empty-file
@ -1,20 +0,0 @@
  o Minor bugfixes (file handling):
    - Stop failing when key files are zero-length. Instead, generate new
      keys, and overwrite the empty key files.
      Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor".
    - Stop generating a fresh .old RSA key file when the .old file is
      missing. Fixes part of 13111; bugfix on 0.0.6rc1.
    - Avoid overwriting .old key files with empty key files.
  o Minor enhancements (file handling):
    - Skip loading zero-length extra info store, router store, stats, state,
      and key files.
  o Minor enhancements (testing):
    - Test that tor does not fail when key files are zero-length.
      Check that tor generates new keys, and overwrites the empty key files.
    - Test that tor generates new keys when keys are missing (existing
      behaviour).
    - Test that tor does not overwrite key files that already contain data
      (existing behaviour).
      Tests bug 13111. Patch by "teor".
--- a/changes/bug13319
+++ b/changes/bug13319
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Check more thoroughly throughout the TLS code for possible unlogged
      TLS errors. Possible diagnostic or fix for bug 13319.
--- a/changes/bug13397
+++ b/changes/bug13397
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Avoid crashing when trying to reload a torrc specified as a relative
      path with RunAsDaemon turned on.  Fixes bug 13397; bugfix on
      0.2.3.11-alpha.
--- a/changes/bug13401
+++ b/changes/bug13401
@ -1,7 +0,0 @@
  o Minor features (testing networks):
    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
      and the default to 2 minutes. Closes ticket 13401. Patch by "nickm".
    - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
      but keep the default at 30 seconds. This reduces HS bootstrap time to
      around 25 seconds. Change src/test/test-network.sh default time to match.
      Closes ticket 13401. Patch by "teor".
--- a/changes/bug13661
+++ b/changes/bug13661
@ -1,6 +0,0 @@
  o Minor bugfixes:
    - Support two-number and three-number version numbers correctly, in
      case we change the Tor versioning system in the future.  Fixes bug
      13661; bugfix on 0.0.8pre1.
--- a/changes/bug13805
+++ b/changes/bug13805
@ -1,3 +0,0 @@
  o Minor features (systemd):
    - Various improvements and modernizations in systemd hardening support.
      Closes ticket 13805. Patch from Craig Andrews.
--- a/changes/bug13806
+++ b/changes/bug13806
@ -1,8 +0,0 @@
  o Minor features (DOS resistance):
    - Count the total number of bytes used storing hidden service descriptors
      against the value of MaxMemInQueues. If we're low on memory, and more
      than 20% of our memory is used holding hidden service descriptors, free
      them until no more than 10% of our memory holds hidden service
      descriptors. Free the least recently fetched descriptors first.
      Resolves ticket 13806.
--- a/changes/bug13988
+++ b/changes/bug13988
@ -1,3 +0,0 @@
  o Minor bugfixes (statistics):
    - Increase period over which bandwidth observations are aggregated
      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
--- a/changes/bug14001-clang-warning
+++ b/changes/bug14001-clang-warning
@ -1,7 +0,0 @@
  o Minor bugfixes:
    - The address of an array in the middle of a structure will
      always be non-NULL. clang recognises this and complains.
      Disable the tautologous and redundant check to silence
      this warning.
      Fixes bug 14001; bugfix on 0.2.1.2-alpha.
--- a/changes/bug14067-TestingDirAuthVoteHSDir
+++ b/changes/bug14067-TestingDirAuthVoteHSDir
@ -1,6 +0,0 @@
  o Minor features (authorities, testing):
    - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard.
      Ensures that authorities vote the HSDir flag for the listed
      relays regardless of uptime or ORPort connectivity.
      Respects the value of VoteOnHidServDirectoriesV2.
      Partial implementation for ticket 14067. Patch by "teor".
--- a/changes/bug14072
+++ b/changes/bug14072
@ -1,3 +0,0 @@
  o Minor bugfixes (build):
    - Avoid warnings when building with systemd 209 or later.
      Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
--- a/changes/bug14084
+++ b/changes/bug14084
@ -1,6 +0,0 @@
  o Minor features:
    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
      services to disable the anti-scanning feature introduced in
      0.2.6.2-alpha. With this option not set, a connection to an
      unlisted port closes the circuit.  With this option set, only a
      RELAY_DONE cell is sent.  Closes ticket #14084.
--- a/changes/bug14090
+++ b/changes/bug14090
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Avoid undefined behavior when sampling huge values from the
      Laplace distribution. This made unittests fail on Raspberry Pi.
      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
--- a/changes/bug14106
+++ b/changes/bug14106
@ -1,4 +0,0 @@
  o Minor bugfixes (hidden services):
    - Successfully launch Tor with a nonexistent hidden service directory.
      Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
      bugfix on 0.2.6.2-alpha.
--- a/changes/bug14116_025
+++ b/changes/bug14116_025
@ -1,3 +0,0 @@
  o Minor bugfixes (controller):
    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
      bugfix on 0.2.2.9-alpha.
--- a/changes/bug14123
+++ b/changes/bug14123
@ -1,4 +0,0 @@
  o Minor bugfixes (small memory leaks):
    - Avoid leaking memory when using IPv6 virtual address mappings.
      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
      Woerdt.
--- a/changes/bug14125
+++ b/changes/bug14125
@ -1,5 +0,0 @@
  o Minor bugfixes (dirauth):
    - Enlarge the buffer to read bw-auth generated files to avoid an
      issue when parsing the file in dirserv_read_measured_bandwidths().
      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
--- a/changes/bug14129
+++ b/changes/bug14129
@ -1,7 +0,0 @@
  o Major bugfixes (exit node stability):
    - Fix an assertion failure that could occur under high DNS load.  Fixes
      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
      by "cypherpunks".
--- a/changes/bug14141
+++ b/changes/bug14141
@ -1,11 +0,0 @@
  o Minor bugfixes (systemd support):
    - Fix detection and operation of systemd watchdog. Fixes part of
      bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
    - Run correctly under systemd with the RunAsDaemon option set.
      Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz
      Torcz.
  o Minor featurs (systemd support):
    - Inform the systemd supervisor about more changes in the Tor process
      status. Implements part of ticket 14141. Patch from Tomasz Torcz.
--- a/changes/bug14142-parse-virtual-addr
+++ b/changes/bug14142-parse-virtual-addr
@ -1,7 +0,0 @@
  o Minor bugfixes (client):
    - Check for a missing option value in parse_virtual_addr_network
      before asserting on the NULL in tor_addr_parse_mask_ports.
      This avoids crashing on torrc lines like
      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
      Fixes bug 14142; bugfix on 0.2.4.7-alpha.
      Patch by "teor".
--- a/changes/bug14149
+++ b/changes/bug14149
@ -1,4 +0,0 @@
  o Minor features (hidden service parameters):
    - Make hidden service Sybil attacks harder by changing the minimum
      time required to become an HSDir from 25 hours up to 96 hours.
      Addresses ticket #14149.
--- a/changes/bug14193
+++ b/changes/bug14193
@ -1,4 +0,0 @@
  o Minor bugfixes (client DNS):
    - Report the correct cached DNS expiration times. Previously, we
      would report everything as "never expires."  Fixes bug 14193;
      bugfix on 0.2.3.17-beta.
--- a/changes/bug14195
+++ b/changes/bug14195
@ -1,3 +0,0 @@
  o Minor bugfixes (client):
    - Fix a memory leak when using AutomapHostsOnResolve.
      Fixes bug 14195; bugfix on 0.1.0.1-rc.
--- a/changes/bug14202
+++ b/changes/bug14202
@ -1,3 +0,0 @@
  o Minor cleanup:
    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only
      for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202.
--- a/changes/bug14207
+++ b/changes/bug14207
@ -1,3 +0,0 @@
  o Minor bugfixes (controller):
    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
      reason.  Fixes bug 14207; bugfix on 0.2.6.2-alpha.
--- a/changes/bug14215
+++ b/changes/bug14215
@ -1,5 +0,0 @@
  o Minor bugfixes (tests):
    - Make the checkdir/perms test complete successfully even if the
      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
--- a/changes/bug14216
+++ b/changes/bug14216
@ -1,5 +0,0 @@
  o Minor bugfixes:
    - When we are using bridges and we had a network connectivity problem, only
      retry connecting to our currently configured bridges, not all bridges we
      know about and remember using.
      Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma.
--- a/changes/bug14219
+++ b/changes/bug14219
@ -1,6 +0,0 @@
  o Minor bugfixes (hidden services):
    - When fetching a hidden service descriptor for a down service that we
      recently up, do not keep refetching until we try the same replica twice
      in a row.  Fixes bug 14219; bugfix on 0.2.0.10-alpha.
--- a/changes/bug14220
+++ b/changes/bug14220
@ -1,4 +0,0 @@
  o Minor bugfixes (compilation):
    - Build without warnings with the stock OpenSSL srtp.h header,
      which has a duplicate declaration of SSL_get_selected_srtp_profile().
      Fixes bug 14220; this is OpenSSL's bug, not ours.
--- a/changes/bug14224
+++ b/changes/bug14224
@ -1,7 +0,0 @@
  o Minor Bugfix
    - Close the intro circuit once we don't have any more usable intro
      points instead of making it timeout at some point. This also make sure
      no extra HS descriptor fetch is triggered.
      Fixes bug 14224; bugfix on 0.0.6.
--- a/changes/bug14259
+++ b/changes/bug14259
@ -1,6 +0,0 @@
  o Minor bugfixes (client):
    - Avoid a small memory leak when we find a cached answer for a reverse
      DNS lookup in a client-side DNS cache. (Remember, client-side DNS
      caching is off by default, and is not recommended.) Fixes bug 14259;
      bugfix on 0.2.0.1-alpha.
--- a/changes/bug14261
+++ b/changes/bug14261
@ -1,5 +0,0 @@
  o Minor bugfixes (directory authority):
    - Allow directory authorities to fetch more data from one
      another if they find themselves missing lots of votes.
      Previously, they had been bumping against the 10 MB queued
      data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha.
--- a/changes/bug14280
+++ b/changes/bug14280
@ -1,5 +0,0 @@
  o Minor bugfixes:
    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
      flag is not set; and not because the NoIPv4Traffic flag was set.
      Previously we'd looked at the NoIPv4Traffic flag for both types
      of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
--- a/changes/bug14350
+++ b/changes/bug14350
@ -1,4 +0,0 @@
  o Minor bugfixes:
    - Cause the "--disable-systemd" option to actually disable systemd
      support.  Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from
      "blueness".
--- a/changes/bug14451
+++ b/changes/bug14451
@ -1,5 +0,0 @@
  o Minor features:
    - ControlPort now supports the unix:/path/to/dir syntax as an alternative
      to the ControlSocket option, for consistency with SocksPort and
      hidden services.  Closes ticket 14451.
--- a/changes/bug14740
+++ b/changes/bug14740
@ -1,5 +0,0 @@
  o Minor bugfixes:
    - Avoid crashing when there are more log domains than entries in
      domain_list.  Bugfix on 0.2.3.1-alpha.
    - Add a string representation for LD_SCHED.  Fixes bug 14740;
      bugfix on 0.2.6.1-alpha.
--- a/changes/bug6852
+++ b/changes/bug6852
@ -1,3 +0,0 @@
  o Minor features:
    - Add a unique client counter to the heartbeat message. Resolves
      ticket 6852.
--- a/changes/bug7555
+++ b/changes/bug7555
@ -1,5 +0,0 @@
  o Major bugfixes (client):
    - Allow MapAddress and AutomapHostsOnResolve to work together when an
      address is mapped into another address type that must be
      automapped at resolve time.  Fixes bug 7555; bugfix on
      0.2.0.1-alpha.
--- a/changes/bug8546
+++ b/changes/bug8546
@ -1,6 +0,0 @@
  o Code simplification and refactoring:
    - Move fields related to isolating and configuring client ports
      into a shared structure. Previously, they were duplicated across
      port_cfg_t, listener_connection_t, and edge_connection_t.
      Failure to copy one of them correctly had been the cause of at
      least one bug in the past.  Closes ticket 8546.
--- a/changes/bug9286
+++ b/changes/bug9286
@ -1,4 +0,0 @@
  o Minor bugfixes (parsing):
    - Stop accepting milliseconds (or other junk) at the end of
      descriptor publication times. Fixes bug 9286; bugfix on
      0.0.2pre25.
--- a/changes/bug9635
+++ b/changes/bug9635
@ -1,3 +0,0 @@
  o Downgraded warnings:
    - Don't warn when we've attempted to contact a relay using the wrong
      ntor onion key. Closes ticket 9635.
--- a/changes/bug9819
+++ b/changes/bug9819
@ -1,8 +0,0 @@
  o Major bugfixes (mixed relay-client operation):
    - When running as a relay and a client at the same time (not
      recommended), if we decide not to use a new guard because we
      want to retry older guards, only close the locally-originating
      circuits passing through that guard. Previously we would close
      all the circuits. Fixes bug 9819; bugfix on
      0.2.1.1-alpha. Reported by "skruffy".
--- a/changes/doc13702
+++ b/changes/doc13702
@ -1,4 +0,0 @@
  o Documentation:
    - Adding section on OpenBSD to our TUNING document. Thanks to
      mmcc for writing the OpenBSD-specific tips. Resolves ticket
      13702.
--- a/changes/feature10067
+++ b/changes/feature10067
@ -1,12 +0,0 @@
  o Major features (changed defaults):
    - Prevent relay operators from unintentionally running exits: When
      a relay is configured as an exit node, we now warn the user
      unless the 'ExitRelay' option is set to 1. We warn even more
      loudly if the relay is configured with the default exit policy,
      since this tends to indicate accidental misconfiguration.
      Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
      Closes ticket 10067.
  o Removed features:
    - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
      longer silently accepted as an alias for 'ExitNodes'.
--- a/changes/feature13865
+++ b/changes/feature13865
@ -1,5 +0,0 @@
  o Minor features:
    - Implement '-f -' CLI suboption to allow torrc to be read 
      from standard input, thus not requiring to store torrc in file
      system. Implements feature 13865.
--- a/changes/feature14015
+++ b/changes/feature14015
@ -1,3 +0,0 @@
  o Minor features (logging, hidden services):
    - Elevate authorized-client message from DEBUG to INFO. Closes
      ticket 14015.
--- a/changes/feature8405
+++ b/changes/feature8405
@ -1,4 +0,0 @@
  o Minor features (controller):
    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
      events to let controllers observe circuit isolation inputs.
      Closes ticket 8405.
--- a/changes/fix-test-cmdline-args
+++ b/changes/fix-test-cmdline-args
@ -1,4 +0,0 @@
  o Testing:
    - Make the test_cmdline_args.py script work correctly on Windows.
      Patch from Gisle Vanem.
--- a/changes/geoip-january2015
+++ b/changes/geoip-january2015
@ -1,3 +0,0 @@
  o Minor features:
    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
--- a/changes/geoip6-january2015
+++ b/changes/geoip6-january2015
@ -1,2 +0,0 @@
  o Minor features:
    - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.
--- a/changes/prop227
+++ b/changes/prop227
@ -1,5 +0,0 @@
  o Minor features (directory system):
    - Authorities can now vote on the correct digests and latest versions for
      different software packages. This allows packages that include Tor to use
      the Tor authority system as a way to get notified of updates and their
      correct digests. Implements proposal 227. Closes ticket 10395.
--- a/changes/remove-bad-fp
+++ b/changes/remove-bad-fp
@ -1,3 +0,0 @@
  o Removed features:
    - Remove a test for a long-defunct broken version-one directory server.
--- a/changes/ticket11485
+++ b/changes/ticket11485
@ -1,3 +0,0 @@
  o Features (hidden services):
    - Support mapping hidden service virtual ports to AF_UNIX sockets on
      suitable platforms.  Resolves ticket #11485.
--- a/changes/ticket11737
+++ b/changes/ticket11737
@ -1,4 +0,0 @@
  o Minor features:
    - Prevent bugs from causing infinite loops in our hash-table
      iteration code by adding assertions that cached hash values have
      not been corrupted. Closes ticket 11737.
--- a/changes/ticket12376_part2
+++ b/changes/ticket12376_part2
@ -1,11 +0,0 @@
  o Major refactoring:
    - Refactor the get_interface_addresses_raw() Doom-function into
      multiple smaller and easier to understand subfunctions. Cover the
      resulting subfunctions with unit-tests. Fixes a significant portion 
      of issue 12376.
  o Minor bugfixes:
    - Fix the ioctl()-based network interface lookup code so that it will
      work on systems that have variable-length struct ifreq, for example
      Mac OS X.
--- a/changes/ticket13037
+++ b/changes/ticket13037
@ -1,4 +0,0 @@
  o Minor features (build):
    - New --disable-system-torrc compile-time option to prevent Tor from
      looking for a system-wide torrc or torrc-defaults tile. Resolves
      ticket 13037.
--- a/changes/ticket13243
+++ b/changes/ticket13243
@ -1,3 +0,0 @@
  o Testing:
    - Move the slower unit tests into a new "./src/test/test-slow" binary
      that can be run independently of the other tests. Closes ticket 13243.
--- a/changes/ticket13762
+++ b/changes/ticket13762
@ -1,5 +0,0 @@
  o Minor features:
    - Suppress "router info incompatible with extra info" message when
      reading extrainfo documents from cache. (This message got loud
      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket
      13762.
--- a/changes/ticket14107
+++ b/changes/ticket14107
@ -1,6 +0,0 @@
  o Testing:
    - New "make test-stem" target to run stem integration tests.
      Requires that the "STEM_SOURCE_DIR" environment variable be set.
      Closes ticket 14107.
--- a/changes/ticket14128
+++ b/changes/ticket14128
@ -1,5 +0,0 @@
  o Minor features (controller):
    - New "GETINFO bw-event-cache" to get information about recent bandwidth
      events. Closes ticket 14128. Useful for controllers to get recent
      bandwidth history after the fix for 13988.
--- a/changes/ticket14188_part1
+++ b/changes/ticket14188_part1
@ -1,4 +0,0 @@
  o Compilation fixes:
    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
      Addresses ticket 14188.
--- a/changes/ticket14325
+++ b/changes/ticket14325
@ -1,5 +0,0 @@
  o Documentation:
    - Make the tor-resolve documentation match its help string and its
      options. Resolves part of ticket 14325.
    - Log a more useful error message from tor-resolve when failing to
      look up a hidden service address. Resolves part of ticket 14325.
--- a/changes/ticket9969
+++ b/changes/ticket9969
@ -1,8 +0,0 @@
  o Minor features (directory client):
    - When downloading server- or microdescriptors from a directory server,
      we no longer launch multiple simultaneous requests to the same server.
      This reduces load on the directory servers, especially when directory
      guards are in use.  Closes ticket 9969.
    - When downloading server- or microdescriptors over a tunneled
      connection, do not limit the length of our request to what the Squid
      proxy is willing to handle.  Part of ticket 9969.
		`@ -1,3 +0,0 @@`
			`o Minor features:`
			`- Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.`
		`@ -1,2 +0,0 @@`
			`o Minor features:`
			`- Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.`
		`@ -1,3 +0,0 @@`
			`o Removed features:`
			`- Remove a test for a long-defunct broken version-one directory server.`