diff --git a/.travis.yml b/.travis.yml
index 2073b853ce..c65923d2c4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,14 +12,12 @@ cache:
 
 compiler:
   - gcc
-  - clang
 
 os:
   - linux
-  - osx
 
-## The build matrix in the following stanza expands into builds for each
-## OS and compiler.
+## We don't use the build matrix cross-product, because it makes too many jobs
+## Instead, we list each job under matrix: include:
 env:
   global:
     ## The Travis CI environment allows us two cores, so let's use both.  Also,
@@ -34,69 +32,58 @@ env:
     ## Our default rust version is the minimum supported version
     - RUST_VERSION="1.31.0"
   matrix:
-    ## We want to use each build option at least once
-    ##
-    ## We don't list default variable values, because we set the defaults
-    ## in global (or the default is unset)
+    ## This matrix entry is required, but it doesn't actually create any jobs
     -
-    ## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
-    - RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
 
 matrix:
-  ## include creates builds with gcc, linux
+  ## include creates builds with gcc, linux, unless we override those defaults
   include:
+    ## We run basic tests on macOS
+    - compiler: clang
+      os: osx
+    ## We check NSS
+    ## NSS is a fast job, clang is slower on Linux, so we do NSS clang
+    - env: NSS_OPTIONS="--enable-nss"
+      compiler: clang
+    ## We run chutney on Linux, because it's faster than chutney on macOS
+    - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
     ## We include a single coverage build with the best options for coverage
     - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
-    ## We only want to check these build option combinations once
-    ## (they shouldn't vary by compiler or OS)
-    ## We run rust and coverage with hardening off, which seems like enough
-    # - env: HARDENING_OPTIONS=""
+    ## We run rust on Linux, because it's faster than rust on macOS
+    ## We check rust offline
+    - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
     ## We check asciidoc with distcheck, to make sure we remove doc products
     - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"
-    # We also try running a hardened clang build with chutney on Linux.
-    - env: CHUTNEY="yes" SKIP_MAKE_CHECK="yes" CHUTNEY_ALLOW_FAILURES="2"
-      compiler: clang
-    # We clone our stem repo and run `make test-stem`
-    - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
-    ## Check rust online with distcheck, to make sure we remove rust products
-    - env: DISTCHECK="yes" RUST_VERSION="beta" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
-    ## Check disable module dirauth with and without rust
-    - env: MODULES_OPTIONS="--disable-module-dirauth" RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
+    ## We check disable module dirauth
     - env: MODULES_OPTIONS="--disable-module-dirauth"
-    ## Check NSS
-    - env: NSS_OPTIONS="--enable-nss"
+    ## We run rust on macOS, because we have seen macOS rust failures before
+    - env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
+      compiler: clang
+      os: osx
+    ## We run chutney on macOS, because macOS Travis has IPv6
+    - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
+      os: osx
+    ## We clone our stem repo and run `make test-stem`
+    - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
 
-  ## Uncomment to allow the build to report success (with non-required
-  ## sub-builds continuing to run) if all required sub-builds have
-  ## succeeded.  This is somewhat buggy currently: it can cause
-  ## duplicate notifications and prematurely report success if a
-  ## single sub-build has succeeded.  See
-  ## https://github.com/travis-ci/travis-ci/issues/1696
-  # fast_finish: true
+  ## Allow the build to report success (with non-required sub-builds
+  ## continuing to run) if all required sub-builds have succeeded.
+  fast_finish: true
 
-  ## Careful! We use global envs, which makes it hard to exclude or
-  ## allow failures by env:
+  ## Careful! We use global envs, which makes it hard to allow failures by env:
   ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
   allow_failures:
+    ## macOS rust and chutney are very slow, so we let the build finish before
+    ## they are done.  We'd like to fast finish, but still eventually show
+    ## any failures in the build status. But Travis doesn't have that ability.
+    - env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
+      compiler: clang
+      os: osx
+    - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
+      os: osx
     ## test-stem sometimes hangs on Travis
     - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
 
-  exclude:
-    ## gcc on OSX is less useful, because the default compiler is clang.
-    - compiler: gcc
-      os: osx
-    ## gcc on Linux with no env is redundant, because all the custom builds use
-    ## gcc on Linux
-    - compiler: gcc
-      os: linux
-      env:
-    ## offline rust builds for gcc on Linux are redundant, because we do an
-    ## online rust build for gcc on Linux
-    - compiler: gcc
-      os: linux
-      ## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
-      env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
-
 ## (Linux only) Use the latest Linux image (Ubuntu Trusty)
 dist: trusty
 
diff --git a/changes/ticket30860 b/changes/ticket30860
new file mode 100644
index 0000000000..b946f735c4
--- /dev/null
+++ b/changes/ticket30860
@@ -0,0 +1,3 @@
+  o Testing:
+    - Run the chutney IPv6 networks as part of Travis CI.
+      Closes ticket 30860.
diff --git a/changes/ticket31859 b/changes/ticket31859
new file mode 100644
index 0000000000..dbc591e00b
--- /dev/null
+++ b/changes/ticket31859
@@ -0,0 +1,3 @@
+  o Testing:
+    - Simplify the Travis CI build matrix, and optimise for build time.
+      Closes ticket 31859.
diff --git a/changes/ticket32063 b/changes/ticket32063
new file mode 100644
index 0000000000..2c0246917c
--- /dev/null
+++ b/changes/ticket32063
@@ -0,0 +1,3 @@
+  o Minor bugfixes (hs-v3, memory leak):
+    - Fix memory leak in unlikely error code path when encoding HS DoS establish
+      intro extension cell. Fixes bug 32063; bugfix on 0.4.2.1-alpha.
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index d691a1b007..df59f73c1b 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -503,8 +503,8 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config,
   ssize_t ret;
   size_t dos_ext_encoded_len;
   uint8_t *field_array;
-  trn_cell_extension_field_t *field;
-  trn_cell_extension_dos_t *dos_ext;
+  trn_cell_extension_field_t *field = NULL;
+  trn_cell_extension_dos_t *dos_ext = NULL;
 
   tor_assert(service_config);
   tor_assert(extensions);
@@ -530,7 +530,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config,
   /* Set the field with the encoded DoS extension. */
   ret = trn_cell_extension_dos_encoded_len(dos_ext);
   if (BUG(ret <= 0)) {
-    return -1;
+    goto err;
   }
   dos_ext_encoded_len = ret;
   /* Set length field and the field array size length. */
@@ -541,7 +541,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config,
   ret = trn_cell_extension_dos_encode(field_array,
                  trn_cell_extension_field_getlen_field(field), dos_ext);
   if (BUG(ret <= 0)) {
-    return -1;
+    goto err;
   }
   tor_assert(ret == (ssize_t) dos_ext_encoded_len);
 
@@ -557,6 +557,11 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config,
   trn_cell_extension_dos_free(dos_ext);
 
   return 0;
+
+ err:
+  trn_cell_extension_field_free(field);
+  trn_cell_extension_dos_free(dos_ext);
+  return -1;
 }
 
 /* ========== */